Oracle Errata System Oracle Linux 5.11 2024-11-17T02:49:08 Oracle Linux 9 [115.6.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Update to 115.6.0 build2 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-6858 CVE-2023-6859 CVE-2023-50762 CVE-2023-6861 CVE-2023-6864 CVE-2023-6857 CVE-2023-6860 CVE-2023-6856 CVE-2023-6863 CVE-2023-6862 CVE-2023-50761 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 [115.6.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [115.6.0-1] - Update to 115.6.0 build2 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-6857 CVE-2023-6863 CVE-2023-6864 CVE-2023-6860 CVE-2023-50762 CVE-2023-6858 CVE-2023-6861 CVE-2023-50761 CVE-2023-6856 CVE-2023-6859 CVE-2023-6862 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [1.8.0-28.0.1] - Dropped xorg-CVE-2023-5367.patch, xorg-CVE-2023-6377.patch, and xorg-CVE-2023-6478.patch [1.8.0-28] - Updated fix for CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions Resolves: RHEL-18415 [1.8.0-27] - Fix CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions Resolves: RHEL-18415 - CVE-2023-6478 tigervnc: xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty Resolves: RHEL-18427 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-6377 CVE-2023-6478 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [1.20.4-25] - CVE fix for: CVE-2023-6377, CVE-2023-6478 Resolves: https://issues.redhat.com/browse/RHEL-18416 Resolves: https://issues.redhat.com/browse/RHEL-18428 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-6478 CVE-2023-6377 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 9 [1.13.1-3.3] - xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty (CVE-2023-5367) - xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions (CVE-2023-6377) - xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty (CVE-2023-6478) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-5367 CVE-2023-6377 CVE-2023-6478 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 [115.6.0-1.0.1] - Update to 115.6.0 build1 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-6863 CVE-2023-6857 CVE-2023-6856 CVE-2023-6864 CVE-2023-6865 CVE-2023-6867 CVE-2023-6860 CVE-2023-6862 CVE-2023-6858 CVE-2023-6859 CVE-2023-6861 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [1.10.4-4] - Patch CVE-2023-44446: MXF demuxer use-after-free - Disable gtk-doc to fix build - Resolves: RHEL-16793 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-44446 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [1.13.1-2.4] - xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty (CVE-2023-5367) - xorg-x11-server: Use-after-free bug in DestroyWindow (CVE-2023-5380) - xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions (CVE-2023-6377) - xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty (CVE-2023-6478) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-6377 CVE-2023-6478 cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [115.6.0-1.0.1] - Udate to 115.6.0 build1 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-6858 CVE-2023-6859 CVE-2023-6861 CVE-2023-6867 CVE-2023-6865 CVE-2023-6860 CVE-2023-6862 CVE-2023-6864 CVE-2023-6856 CVE-2023-6857 CVE-2023-6863 cpe:/a:oracle:linux:9::appstream Oracle Linux 7 [115.6.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [115.6.0-1] - Update to 115.6.0 build1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-6867 CVE-2023-6860 CVE-2023-6865 CVE-2023-6863 CVE-2023-6864 CVE-2023-6856 CVE-2023-6861 CVE-2023-6862 CVE-2023-6858 CVE-2023-6857 CVE-2023-6859 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [115.6.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [115.6.0-1] - Update to 115.6.0 build2 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-50762 CVE-2023-6860 CVE-2023-6863 CVE-2023-6861 CVE-2023-6864 CVE-2023-6857 CVE-2023-6859 CVE-2023-6862 CVE-2023-50761 CVE-2023-6858 CVE-2023-6856 cpe:/a:oracle:linux:7::optional_latest Oracle Linux 8 libecap squid [7:4.15-7.5] - Fix squid: Denial of Service in SSL Certificate validation (CVE-2023-46724) - Fix squid: NULL pointer dereference in the gopher protocol code (CVE-2023-46728) - Fix squid: Buffer over-read in the HTTP Message processing feature (CVE-2023-49285) - Fix squid: Incorrect Check of Function Return Value In Helper Process management(CVE-2023-49286) [7:4.15-7.3] - Fix squid: DoS against HTTP and HTTPS (CVE-2023-5824) [7:4.15-7.1] - Resolves: RHEL-14801 - squid: squid: Denial of Service in HTTP Digest Authentication - Resolves: RHEL-14776 - squid: squid: Request/Response smuggling in HTTP/1.1 and ICAP IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-49286 CVE-2023-46728 CVE-2023-49285 CVE-2023-46724 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [7:5.5-6.0.1.el9_3.5] - squid: Denial of Service in SSL Certificate validation (CVE-2023-46724) - squid: NULL pointer dereference in the gopher protocol code (CVE-2023-46728) - squid: Buffer over-read in the HTTP Message processing feature (CVE-2023-49285) - squid: Incorrect Check of Function Return Value In Helper Process management (CVE-2023-49286) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-46724 CVE-2023-49285 CVE-2023-46728 CVE-2023-49286 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 [3.90.0-4] - Fix expired certs in tests - Fix CVE-2023-5388 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-5388 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ol8 Oracle Linux 9 [3.90.0-4] - CVE-2023-5388 nss: timing attack against RSA decryption. Make the final blinding multmod constant time. MODERATE Copyright 2024 Oracle, Inc. CVE-2023-5388 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 [3.6.8-56.0.1.2] - Add Oracle Linux distribution in platform.py [Orabug: 20812544] [3.6.8-56.2] - Security fix for CVE-2022-48560 Resolves: rhbz#2249755 - Security fix for CVE-2022-48564 Resolves: rhbz#2249750 MODERATE Copyright 2024 Oracle, Inc. CVE-2022-48560 CVE-2022-48564 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 cpe:/a:oracle:linux:8::appstream cpe:/o:oracle:linux:8:9:baseos_patch Oracle Linux 8 [1.24.2-5.0.1.2] - set RECENT_DATE to 01/30/2019 to make checks happy [Orabug: 30228991] [1.24.2-5.2] - Security fix for CVE-2023-45803 Resolves: rhbz#2246840 - Security fix for CVE-2023-43804 Resolves: rhbz#2242493 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-43804 CVE-2023-45803 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 cpe:/o:oracle:linux:8:9:baseos_patch cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 Oracle Linux 8 [2.9.7-18] - Fix CVE-2023-39615 (RHEL-5179) [2.9.7-17] - Fix CVE-2023-28484 (#2186692) - Fix CVE-2023-29469 (#2186692) MODERATE Copyright 2024 Oracle, Inc. CVE-2023-39615 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:linux:8:10:appstream_base cpe:/o:oracle:linux:8:9:baseos_patch cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 cpe:/o:oracle:linux:8:10:baseos_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 Oracle Linux 8 buildah [1:1.24.6-7] - rebuild for CVE-2023-29406 - Related: #2176055 cockpit-podman [46-1] - update to https://github.com/cockpit-project/cockpit-podman/releases/tag/46 - Related: #2061390 conmon [2:2.1.4-2] - update to https://github.com/containers/conmon/releases/tag/v2.1.4 - Related: #2176055 containernetworking-plugins [1:1.1.1-6] - Rebuild with golang 1.20.6 or higher - Related: Jira:RHEL-4507 - Related: Jira:RHEL-7442 containers-common [1-38.0.1] - Updated removed references [Orabug: 33473101] (Alex Burmashev) - Adjust registries.conf (Nikita Gerasimov) - remove references to RedHat registry (Nikita Gerasimov) container-selinux [2:2.205.0-3] - fix build for stable module - Related: #2176055 criu [3.15-3] - add Requires: criu-libs = %{version}-%{release} in criu-devel - add gating tests - Related: #1934415 crun fuse-overlayfs [1.9-2] - update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.9 - Related: #2176055 libslirp oci-seccomp-bpf-hook [1.2.5-2] - fix compatibility with the new bcc - Related: #2176055 podman [2:4.0.2-25] - rebuild with golang 1.20.6+ for CVE-2023-39321 CVE-2023-29409 - Related: Jira:RHEL-4508 - Related: Jira:RHEL-7443 python-podman [4.0.0-2] - bump to v4.0.0 - Related: #2176055 runc [1:1.1.5-2] - rebuild for following CVEs: CVE-2022-41724 - Resolves: #2179971 skopeo [2:1.6.2-9] - rebuild because of CVE-2023-29406 - Resolves: #2236831 slirp4netns [1.1.8-3] - fix gating - don't use insecure functions - thanks to Marc-Andre Lureau - Related: #2176055 udica [0.2.6-4] - sync with stream-container-tools-4.0-rhel-8.8.0 - Related: #2176055 MODERATE Copyright 2024 Oracle, Inc. CVE-2022-27664 CVE-2023-39322 CVE-2023-29409 CVE-2022-2879 CVE-2023-39318 CVE-2023-39321 CVE-2022-2880 CVE-2022-41715 CVE-2023-39319 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [1:9.0.62-27.2] - Open Redirect vulnerability in FORM authentication (CVE-2023-41080) - FileUpload: DoS due to accumulation of temporary files on Windows (CVE-2023-42794) - improper cleaning of recycled objects could lead to information leak (CVE-2023-42795) - incorrectly parsed http trailer headers can cause request smuggling (CVE-2023-45648) MODERATE Copyright 2024 Oracle, Inc. CVE-2023-45648 CVE-2023-41080 CVE-2023-42795 CVE-2023-42794 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [7.5.1-13.3] - Resolves: RHEL-15916 - Flowspec overflow in bgpd/bgp_flowspec.c - Resolves: RHEL-15919 - Out of bounds read in bgpd/bgp_label.c - Resolves: RHEL-15869 - crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message - Resolves: RHEL-15868 - crash from malformed EOR-containing BGP UPDATE message MODERATE Copyright 2024 Oracle, Inc. CVE-2023-38407 CVE-2023-47234 CVE-2023-47235 CVE-2023-38406 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [0.38.4-3] - Security fix for CVE-2022-44638 MODERATE Copyright 2024 Oracle, Inc. CVE-2022-44638 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 Oracle Linux 8 [4.2.1-121.2] - bundled urllib3: fix CVE-2023-43804 Resolves: RHEL-11988 - bundled certifi: fix CVE-2023-37920 Resolves: RHEL-6972 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-43804 CVE-2023-37920 cpe:/a:oracle:linux:8::addons cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::developer Oracle Linux 8 hivex libguestfs libguestfs-winsupport libiscsi libnbd libtpms libvirt libvirt-dbus libvirt-python nbdkit netcf perl-Sys-Virt qemu-kvm [6.2.0-40.el8_9.2] - Resolves: RHEL-7309 (CVE-2023-3019 virt:rhel/qemu-kvm: QEMU: e1000e: heap use-after-free in e1000e_write_packet_to_guest() [rhel-8]) seabios sgabios supermin swtpm virt-v2v MODERATE Copyright 2024 Oracle, Inc. CVE-2023-3019 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 9 [4.10.2-5.0.1] - Resolves: 2242828 Invalid CSRF protection (CVE-2023-5455) MODERATE Copyright 2024 Oracle, Inc. CVE-2023-5455 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 8 bind-dyndb-ldap custodia ipa [4.9.12-11.0.1] - Resolves: 2242828 Invalid CSRF protection (CVE-2023-5455) ipa-healthcheck opendnssec python-jwcrypto python-kdcproxy [0.4-5] - Always buffer TCP data in __handle_recv() - Resolves: #1747144 [0.4-4] - Correct addrs sorting to be by TCP/UDP - Resolves: #1732898 python-qrcode python-yubico pyusb slapi-nis softhsm MODERATE Copyright 2024 Oracle, Inc. CVE-2023-5455 CVE-2020-17049 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [4.6.8-5.0.1] - Blank out header-logo.png product-name.png - Replace login-screen-logo.png [Orabug: 20362818] [4.6.8-5.el7_9.16] - Resolves: RHEL-12570 ipa: Invalid CSRF protection MODERATE Copyright 2024 Oracle, Inc. CVE-2023-5455 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [8.0.101-1.0.1] - Add support for Oracle Linux - Update to .NET SDK 8.0.101 and Runtime 8.0.1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-21319 CVE-2024-0057 CVE-2024-0056 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 9 [7.0.115-1.0.1] - Update to .NET SDK 7.0.115 and Runtime 7.0.15 [7.0.114-1.0.1] - Update to .NET SDK 7.0.114 and Runtime 7.0.14 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-0056 CVE-2024-0057 CVE-2024-21319 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [8.0.101-1.0.1] - Update to .NET SDK 8.0.101 and Runtime 8.0.1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-21319 CVE-2024-0056 CVE-2024-0057 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 8 [3.6.16-8] - timing side-channel in the RSA-PSK authentication (CVE-2023-5981) MODERATE Copyright 2024 Oracle, Inc. CVE-2023-5981 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream cpe:/o:oracle:linux:8:9:baseos_patch cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ol8 Oracle Linux 9 [6.0.126-1.0.1] - Add support for Oracle Linux [6.0.126-1] - Update to .NET SDK 6.0.126 and Runtime 6.0.26 [6.0.125-1] - Update to .NET SDK 6.0.125 and Runtime 6.0.25 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-0056 CVE-2024-0057 CVE-2024-21319 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 8 [7.0.115-1.0.1] - Add support for Oracle Linux - Update to .NET SDK 7.0.115 and Runtime 7.0.15 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-21319 CVE-2024-0056 CVE-2024-0057 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [6.0.126-1.0.1] - Add support for Oracle Linux [6.0.126-1] - Update to .NET SDK 6.0.126 and Runtime 6.0.26 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-0057 CVE-2024-0056 CVE-2024-21319 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 7 [1:1.8.0.402.b06-0.1.ea] - Update to shenandoah-jdk8u402-b06 (GA) - Update release notes for shenandoah-8u402-b06. - Drop local copy of JDK-8312489 which is now included upstream - Switch to GA mode. - ** This tarball is embargoed until 2024-01-16 @ 1pm PT. ** - Resolves: RHEL-17914 - Resolves: RHEL-20965 [1:1.8.0.402.b01-0.1.ea] - Update to shenandoah-jdk8u402-b01 (EA) - Update release notes for shenandoah-8u402-b01. - Switch to EA mode. - Sync NEWS with vanilla branch version. - Related: RHEL-17914 [1:1.8.0.392.b08-3] - Restore %{epoch}:%{javaver} versioning to jre, java, jre-headless, java-headless, java-devel & java-sdk - Resolves: RHEL-19630 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-20921 CVE-2024-20952 CVE-2024-20926 CVE-2024-20918 CVE-2024-20919 CVE-2024-20945 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [1:11.0.22.0.7-1.0.1] - link atomic for ix86 build [1:11.0.22.0.7-1] - Update to jdk-11.0.22+7 (GA) - Update release notes to 11.0.22+7 - Switch to GA mode for release - ** This tarball is embargoed until 2024-01-16 @ 1pm PT. ** - Resolves: RHEL-20966 [1:11.0.22.0.6-0.1.ea] - Update to jdk-11.0.22+6 (EA) - Update release notes to 11.0.22+6 - Switch to EA mode - Drop local copy of JDK-8312489 which is now included upstream - Resolves: RHEL-21031 [1:11.0.21.0.9-2] - Restore %{epoch}:%{javaver} versioning to jre, java, jre-headless, java-headless, java-devel & java-sdk - Resolves: RHEL-19642 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-20921 CVE-2024-20945 CVE-2024-20926 CVE-2024-20919 CVE-2024-20918 CVE-2024-20952 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [1:21.0.2.0.13-1.0.1] - Add Oracle vendor bug URL [1:21.0.2.0.13-1] - Rebase to 21.0.2.0.13 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-20919 CVE-2024-20945 CVE-2024-20921 CVE-2024-20952 CVE-2024-20918 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 9 [1:21.0.2.0.13-1.0.1] - Add Oracle vendor bug URL [1:21.0.2.0.13-1] - Rebase to 21.0.2.0.13 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-20952 CVE-2024-20945 CVE-2024-20918 CVE-2024-20919 CVE-2024-20921 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 8 [3.26.0-19.0.1] - Fixed CVE-2023-7104 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-7104 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/o:oracle:linux:8:10:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/o:oracle:linux:8:9:baseos_patch cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 Oracle Linux 8 [3.6.8-56.0.1.3] - Security fix for CVE-2023-27043 Resolves: rhbz#2196183 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-27043 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 cpe:/o:oracle:linux:8:9:baseos_patch cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 Oracle Linux 8 Oracle Linux 9 [1:1.8.0.402.b06-0.2.0.1] - Update to shenandoah-jdk8u402-b06 (GA) - Update release notes for shenandoah-8u402-b06. - Add Oracle vendor bug URL [Orabug: 34340155] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-20945 CVE-2024-20918 CVE-2024-20921 CVE-2024-20926 CVE-2024-20952 CVE-2024-20919 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 Oracle Linux 9 [1:11.0.22.0.7-2.0.1] - Update to openjdk-11.0.22+7 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-20918 CVE-2024-20921 CVE-2024-20919 CVE-2024-20926 CVE-2024-20945 CVE-2024-20952 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 Oracle Linux 9 [1:17.0.10.0.7-2.0.1] - Rebase to 17.0.10.0.7 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-20932 CVE-2024-20952 CVE-2024-20945 CVE-2024-20918 CVE-2024-20921 CVE-2024-20919 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 7 [0.10.23-24] - Patch CVE-2023-44446: MXF demuxer use-after-free - Disable gtk-doc to fix the build - Resolves: RHEL-16792 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-44446 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 9 [1:3.0.7-25.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.7-25] - Provide relevant diagnostics when FIPS checksum is corrupted Resolves: RHEL-5317 - Don't limit using SHA1 in KDFs in non-FIPS mode. Resolves: RHEL-5295 - Provide empty evp_properties section in main OpenSSL configuration file Resolves: RHEL-11439 - Avoid implicit function declaration when building openssl Resolves: RHEL-1780 - Forbid explicit curves when created via EVP_PKEY_fromdata Resolves: RHEL-5304 - AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries (CVE-2023-2975) Resolves: RHEL-5302 - Excessive time spent checking DH keys and parameters (CVE-2023-3446) Resolves: RHEL-5306 - Excessive time spent checking DH q parameter value (CVE-2023-3817) Resolves: RHEL-5308 - Fix incorrect cipher key and IV length processing (CVE-2023-5363) Resolves: RHEL-13251 - Switch explicit FIPS indicator for RSA-OAEP to approved following clarification with CMVP Resolves: RHEL-14083 - Backport the check required by SP800-56Br2 6.4.1.2.1 (3.c) Resolves: RHEL-14083 - Add missing ECDH Public Key Check in FIPS mode Resolves: RHEL-15990 - Excessive time spent in DH check/generation with large Q parameter value (CVE-2023-5678) Resolves: RHEL-15954 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-5363 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 7 [1.20.4-27] - Fix use after free related to CVE-2024-21886 [1.20.4-26] - CVE fix for: CVE-2023-6816, CVE-2024-0229, CVE-2024-21885, CVE-2024-21886, CVE-2024-0408 and CVE-2024-0409 Resolves: https://issues.redhat.com/browse/RHEL-21205 Resolves: https://issues.redhat.com/browse/RHEL-20578 Resolves: https://issues.redhat.com/browse/RHEL-20426 Resolves: https://issues.redhat.com/browse/RHEL-20437 Resolves: https://issues.redhat.com/browse/RHEL-21192 Resolves: https://issues.redhat.com/browse/RHEL-21201 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-6816 CVE-2024-21886 CVE-2024-0408 CVE-2024-21885 CVE-2024-0229 CVE-2024-0409 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [0.19.4-2] - Fix CVE-2021-32142 - Resolves: RHEL-9524 MODERATE Copyright 2024 Oracle, Inc. CVE-2021-32142 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [2.0.0-24gitd1c6db8] - Security fix for CVE-2023-44271 Resolves: RHEL-15459 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-44271 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [3.10.0-1160.108.1.0.1.OL7] - debug: lock down kgdb [Orabug: 34270798] {CVE-2022-21499} [3.10.0-1160.108.1.OL7] - Update Oracle Linux certificates (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-2.0.9 - Update oracle(kernel-sig-key) value to match new certificate (Ilya Okomin) [3.10.0-1160.108.1] - net: usb: ax88179_178a: fix failed operations during ax88179_reset (Jose Ignacio Tornos Martinez) [RHEL-6302] [3.10.0-1160.107.1] - netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c (Phil Sutter) [RHEL-8433] {CVE-2023-42753} [3.10.0-1160.106.1] - gfs2: Fix quota=quiet oversight (Bob Peterson) [2196280] - gfs2: Free quota data objects synchronously (Andreas Gruenbacher) [2196280] - gfs2: Fix initial quota data refcount (Andreas Gruenbacher) [2196280] - gfs2: Factor out duplicate quota data disposal code (Andreas Gruenbacher) [2196280] - gfs2: Use gfs2_qd_dispose in gfs2_quota_cleanup (Andreas Gruenbacher) [2196280] - gfs2: Fix wrong quota shrinker return value (Andreas Gruenbacher) [2196280] - gfs2: ignore negated quota changes (Bob Peterson) [2196280] - gfs2: Introduce new quota=quiet mount option (Bob Peterson) [2196280] - gfs2: Add quota_change type (Bob Peterson) [2196280] - gfs2: Rename sd_{ glock => kill }_wait (Andreas Gruenbacher) [2196280] - gfs2: Wake up when sd_glock_disposal becomes zero (Alexander Aring) [2196280] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-42753 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 9 php [8.1.27-1] - rebase to 8.1.27 RHEL-19093 [8.1.14-1] - rebase to 8.1.14 [8.1.8-1] - update to 8.1.8 #2070040 [8.1.7-2] - clean unneeded dependency on useradd command [8.1.7-1] - update to 8.1.7 #2070040 [8.1.6-2] - add upstream patch to initialize pcre before mbstring - add upstream patch to use more sha256 in openssl tests [8.1.6-1] - update to 8.1.6 #2070040 php-pecl-apcu [5.1.21-1] - update to 5.1.21 for PHP 8.1 #2070040 php-pecl-rrd [2.0.3-4] - build for PHP 8.1 #2070040 php-pecl-xdebug3 [3.1.4-1] - update to 3.1.4 for PHP 8.1 #2070040 php-pecl-zip [1.20.1-1] - update to 1.20.1 for PHP 8.1 #2070040 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-0568 CVE-2023-0567 CVE-2023-3824 CVE-2023-3823 CVE-2023-3247 CVE-2023-0662 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [5.14.0-362.18.1.el9_3.OL9] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5.el9 - Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944] - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Disable unified kernel image package build - Add Oracle Linux IMA certificates [5.14.0] - Debranding patches copied from Rocky Linux (Louis Abel and Sherif Nagy from RESF) [5.14.0-362.18.1.el9_3] - nfp: fix use-after-free in area_cache_get() (Ricardo Robaina) [RHEL-19456 RHEL-19536 RHEL-6566 RHEL-7241] {CVE-2022-3545} - rtla: Fix uninitialized variable found (John Kacur) [RHEL-18360 RHEL-10079] - rtla/timerlat: Do not stop user-space if a cpu is offline (John Kacur) [RHEL-18360 RHEL-10079] - rtla/timerlat_aa: Fix previous IRQ delay for IRQs that happens after thread sample (John Kacur) [RHEL-18360 RHEL-10079] - rtla/timerlat_aa: Fix negative IRQ delay (John Kacur) [RHEL-18360 RHEL-10079] - rtla/timerlat_aa: Zero thread sum after every sample analysis (John Kacur) [RHEL-18360 RHEL-10079] - rtla/timerlat_hist: Add timerlat user-space support (John Kacur) [RHEL-18360 RHEL-10079] - rtla/timerlat_top: Add timerlat user-space support (John Kacur) [RHEL-18360 RHEL-10079] - rtla/hwnoise: Reduce runtime to 75% (John Kacur) [RHEL-18360 RHEL-10079] - rtla: Start the tracers after creating all instances (John Kacur) [RHEL-18360 RHEL-10079] - rtla/timerlat_hist: Add auto-analysis support (John Kacur) [RHEL-18360 RHEL-10079] - rtla/timerlat: Give timerlat auto analysis its own instance (John Kacur) [RHEL-18360 RHEL-10079] - rtla: Automatically move rtla to a house-keeping cpu (John Kacur) [RHEL-18360 RHEL-10079] - rtla: Change monitored_cpus from char * to cpu_set_t (John Kacur) [RHEL-18360 RHEL-10079] - rtla: Add --house-keeping option (John Kacur) [RHEL-18360 RHEL-10079] - rtla: Add -C cgroup support (John Kacur) [RHEL-18360 RHEL-10079] - ata: ahci: Add Intel Alder Lake-P AHCI controller to low power chipsets list (Tomas Henzl) [RHEL-19394 RHEL-10941] - fbcon: set_con2fb_map needs to set con2fb_map! (Jocelyn Falempe) [RHEL-1106 RHEL-1109 RHEL-12930 RHEL-13899] {CVE-2023-38409} - fbcon: Fix error paths in set_con2fb_map (Jocelyn Falempe) [RHEL-1106 RHEL-1109 RHEL-12930 RHEL-13899] {CVE-2023-38409} - net: tun: fix bugs for oversize packet when napi frags enabled (Ricardo Robaina) [RHEL-12495 RHEL-12496 RHEL-7186 RHEL-7264] {CVE-2023-3812} - netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR (Florian Westphal) [RHEL-10536 RHEL-10538 RHEL-10537 RHEL-10539] {CVE-2023-4015} - md: Put the right device in md_seq_next (Nigel Croxon) [RHEL-16363 RHEL-12455] - dpll: sanitize possible null pointer dereference in dpll_pin_parent_pin_set() (Michal Schmidt) [RHEL-19677 RHEL-19095] {CVE-2023-6679} - dpll: Fix potential msg memleak when genlmsg_put_reply failed (Michal Schmidt) [RHEL-19677 RHEL-19095] {CVE-2023-6679} - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (Bastien Nocera) [RHEL-19003 RHEL-2717] {CVE-2023-40283} - tcp: enforce receive buffer memory limits by allowing the tcp window to shrink (Felix Maurer) [RHEL-16129 RHEL-11592] - tcp: adjust rcv_ssthresh according to sk_reserved_mem (Felix Maurer) [RHEL-16129 RHEL-11592] - md: raid0: account for split bio in iostat accounting (Nigel Croxon) [RHEL-4082 RHEL-2718] - can: af_can: fix NULL pointer dereference in can_rcv_filter (Ricardo Robaina) [RHEL-19465 RHEL-19526 RHEL-6428 RHEL-7052] {CVE-2023-2166} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-2166 CVE-2023-5633 CVE-2023-3777 CVE-2023-6679 CVE-2023-46813 CVE-2023-4622 CVE-2023-4623 CVE-2023-40283 CVE-2023-42753 CVE-2022-3545 CVE-2023-2176 CVE-2023-3812 CVE-2023-5178 CVE-2023-4015 CVE-2022-41858 CVE-2023-38409 CVE-2022-36402 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [4.16.1.3-27] - TOCTOU race in checks for unsafe symlinks (CVE-2021-35937) - races with chown/chmod/capabilities calls during installation (CVE-2021-35938) - checks for unsafe symlinks are not performed for intermediary directories (CVE-2021-35939) MODERATE Copyright 2024 Oracle, Inc. CVE-2021-35937 CVE-2021-35939 CVE-2021-35938 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [1.26.5-3.0.1.1] - Security fix for CVE-2023-45803 Resolves: RHEL-16874 - Security fix for CVE-2023-43804 Resolves: RHEL-12001 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-45803 CVE-2023-43804 cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [3.34.1-7] - Fixes CVE-2023-7104 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-7104 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9:4:baseos_base cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [3.9.18-1.1] - Security fix for CVE-2023-27043 Resolves: RHEL-20613 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-27043 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [2.06-70.0.2.2] - search command: add flag to only search root dev - Resolves: #CVE-2023-4001 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-4001 cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [1:9.0.62-37.el9_3.1] - Resolves: #2235370 CVE-2023-41080 tomcat: Open Redirect vulnerability in FORM authentication - Resolves: #2243749 CVE-2023-45648 tomcat: incorrectly parsed http trailer headers can cause request smuggling - Resolves: #2243751 CVE-2023-42794 tomcat: FileUpload: DoS due to accumulation of temporary files on Windows - Resolves: #2243752 CVE-2023-42795 tomcat: improper cleaning of recycled objects could lead to information leak MODERATE Copyright 2024 Oracle, Inc. CVE-2023-45648 CVE-2023-41080 CVE-2023-42795 CVE-2023-42794 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [8.3.1-11.2] - Add patches for CVE-2023-47235, CVE-2023-47234, CVE-2023-38406, CVE-2023-38407 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-47235 CVE-2023-38407 CVE-2023-47234 CVE-2023-38406 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [3.7.6-23.3] - Fixes for CVE-2023-5981, CVE-2024-0553, CVE-2024-0567 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-0553 CVE-2024-0567 CVE-2023-5981 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 8 [1:9.0.62-27.3] - tomcat: HTTP request smuggling via malformed trailer headers (CVE-2023-46589) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-46589 cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [1.13.1-3.6] - Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer overflow in DisableDevice Resolves: RHEL-20389 - Fix CVE-2024-21885 tigervnc: xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent Resolves: RHEL-20383 - Fix CVE-2024-0229 tigervnc: xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access Resolves: RHEL-20533 - Fix CVE-2023-6816 tigervnc: xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer Resolves: RHEL-21213 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-21885 CVE-2023-6816 CVE-2024-21886 CVE-2024-0229 cpe:/a:oracle:linux:9::appstream Oracle Linux 7 [115.7.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [115.7.0-1] - Update to 115.7.0 build1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-0747 CVE-2024-0755 CVE-2024-0750 CVE-2024-0753 CVE-2024-0749 CVE-2024-0741 CVE-2024-0746 CVE-2024-0751 CVE-2024-0742 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [115.7.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [115.7.0-1] - Update to 115.7.0 build1 [115.6.0-1] - Update to 115.6.0 build2 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-0742 CVE-2024-0746 CVE-2024-0749 CVE-2024-0755 CVE-2024-0750 CVE-2024-0741 CVE-2024-0747 CVE-2024-0753 CVE-2024-0751 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 9 [115.7.0-1.0.1] - Update to 115.7.0 build1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-0742 CVE-2024-0749 CVE-2024-0747 CVE-2024-0750 CVE-2024-0755 CVE-2024-0751 CVE-2024-0741 CVE-2024-0746 CVE-2024-0753 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [115.7.0.1.0.1] - Update to 115.7.0 build 1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-0747 CVE-2024-0746 CVE-2024-0751 CVE-2024-0742 CVE-2024-0755 CVE-2024-0741 CVE-2024-0753 CVE-2024-0750 CVE-2024-0749 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 [1.13.1-2.7] - Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer overflow in DisableDevice Resolves: RHEL-20388 - Fix CVE-2024-21885 tigervnc: xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent Resolves: RHEL-20382 - Fix CVE-2024-0229 tigervnc: xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access Resolves: RHEL-20530 - Fix CVE-2023-6816 tigervnc: xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer Resolves: RHEL-21214 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-21885 CVE-2024-0229 CVE-2023-6816 CVE-2024-21886 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [115.7.0.1.0.1] - Update to 115.7.0 build 1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-0747 CVE-2024-0750 CVE-2024-0753 CVE-2024-0741 CVE-2024-0742 CVE-2024-0746 CVE-2024-0751 CVE-2024-0749 CVE-2024-0755 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [115.7.0-1.0.1] - Update to 115.7.0 build1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-0742 CVE-2024-0750 CVE-2024-0751 CVE-2024-0741 CVE-2024-0747 CVE-2024-0749 CVE-2024-0746 CVE-2024-0753 CVE-2024-0755 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [3.6.16-8.1] - auth/rsa-psk: minimize branching after decryption (RHEL-21550) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-0553 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/o:oracle:linux:8:9:baseos_patch cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest Oracle Linux 8 [0.9.6-13] - Client and Server side mitigations (CVE-2023-48795) - Strip extensions from both kex lists for matching (CVE-2023-48795) - tests: Adjust calculation to strict kex (CVE-2023-48795) MODERATE Copyright 2024 Oracle, Inc. CVE-2023-48795 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 cpe:/o:oracle:linux:8:9:baseos_patch cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 Oracle Linux 7 [1.8.0-31.0.1] - Dropped xorg-CVE-2023-5367.patch, xorg-CVE-2023-6816.patch, xorg-CVE-2023-6377.patch, xorg-CVE-2023-6478.patch, xorg-CVE-2024-0229-1.patch, xorg-CVE-2024-0229-2.patch, xorg-CVE-2024-0229-3.patch, xorg-CVE-2024-21885.patch, xorg-CVE-2024-21886-1.patch, xorg-CVE-2024-21886-2.patch, xorg-dix-fix-use-after-free-in-input-device-shutdown.patch [1.8.0-31] - Fix use after free related to CVE-2024-21886 Resolves: RHEL-20436 - Fix copy/paste error in the DeviceStateNotify Resolves: RHEL-20587 [1.8.0-30] - Don't try to get pointer position when the pointer becomes a floating device Resolves: RHEL-20436 [1.8.0-29] - Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer overflow in DisableDevice Resolves: RHEL-20436 - Fix CVE-2024-21885 tigervnc: xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent Resolves: RHEL-20427 - Fix CVE-2024-0229 tigervnc: xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access Resolves: RHEL-20587 - Fix CVE-2023-6816 tigervnc: xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer Resolves: RHEL-21212 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-0229 CVE-2023-6816 CVE-2024-21886 CVE-2024-21885 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [4.14.3-28.0.2] - Import additional patches to fix regressions with CVE-2021-35937, CVE-2021-35938 and CVE-2021-35939 patchset [Orabug: 36256318] [4.14.3-28.0.1] - Fixed infinte loop for db_create with error check [Orabug: 36202920] [4.14.3-28] - Backport file handling code from rpm-4.19 to fix CVE-2021-35937, CVE-2021-35938 and CVE-2021-35939 [4.14.3-27] - Make brp-python-bytecompile script compatible with Python 3.10+ Resolves: RHEL-6423 MODERATE Copyright 2024 Oracle, Inc. CVE-2021-35937 CVE-2021-35939 CVE-2021-35938 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 cpe:/o:oracle:linux:8:9:baseos_patch cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 Oracle Linux 9 [4:1.1.12-1] - update to https://github.com/opencontainers/runc/releases/tag/v1.1.12 - Related: RHEL-2112 [4:1.1.11-1] - update to https://github.com/opencontainers/runc/releases/tag/v1.1.11 - Related: RHEL-2112 [4:1.1.10-3] - Rebuild for CVEs: CVE-2023-39321 CVE-2023-39322 CVE-2023-29409 - Related: Jira:RHEL-2792 - Related: Jira:RHEL-7454 [4:1.1.10-2] - require container-selinux >= 2.224.0 for dmz feature - Related: Jira:RHEL-2112 [4:1.1.10-1] - update to https://github.com/opencontainers/runc/releases/tag/v1.1.10 - Related: RHEL-2112 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-21626 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [2:2.99.8-4] - fix CVE-2023-44441 - fix CVE-2023-44442 - fix CVE-2023-44443 - fix CVE-2023-44444 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-44442 CVE-2023-44441 CVE-2023-44443 CVE-2023-44444 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 8 buildah cockpit-podman conmon containernetworking-plugins containers-common container-selinux criu crun fuse-overlayfs libslirp oci-seccomp-bpf-hook podman [2:4.0.2-25.0.1] - update to the latest content of https://github.com/containers/podman/tree/v4.0-rhel (https://github.com/containers/podman/commit/427a15f) - Resolves: RHEL-17145 running containers python-podman runc [1:1.1.12-1] - update to https://github.com/opencontainers/runc/releases/tag/v1.1.12 - Resolves: RHEL-21863 skopeo slirp4netns udica IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-21626 CVE-2023-45287 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 aardvark-dns buildah [1:1.31.3-3.0.1] - Rebuild with newer dependencies cockpit-podman conmon containernetworking-plugins [1:1.3.0-8.0.1] - Rebuild with newer dependencies containers-common [2:1-70.0.2] - Rebuild with newer dependencies container-selinux criu crun fuse-overlayfs libslirp netavark [2:1.7.0-2] - update to https://github.com/containers/netavark/releases/tag/v1.7.0-rhel oci-seccomp-bpf-hook podman [3:4.6.1-8.0.1] - update to the latest content of https://github.com/containers/podman/tree/v4.6.1-rhel python-podman [4.6.0-2.0.1] - Rebuild with newer dependencies runc [1:1.1.12-1] - update to https://github.com/opencontainers/runc/releases/tag/v1.1.12 - Related: Jira:RHEL-2110 [1:1.1.11-1] - update to https://github.com/opencontainers/runc/releases/tag/v1.1.11 - Related: Jira:RHEL-2110 [1:1.1.10-1] - update to https://github.com/opencontainers/runc/releases/tag/v1.1.10 - require container-selinux >= 2.224.0 for dmz feature - Related: Jira:RHEL-2110 skopeo [2:1.13.3-3.0.1] - Rebuild with newer dependencies slirp4netns udica IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-21626 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 Oracle Linux 8 [1.2.0-10.1] - Resolves: RHEL-20594 - improper initialization in dump_entry_data_list() in maxminddb.c MODERATE Copyright 2024 Oracle, Inc. CVE-2020-28241 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 Oracle Linux 8 [14:4.9.3-3.1] - tcpslice: use-after-free in extract_slice() (CVE-2021-41043) MODERATE Copyright 2024 Oracle, Inc. CVE-2021-41043 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 Oracle Linux 8 [3.90.0-6] - Fix ecc DER wrapping. [3.90.0-5] - Pick up validated constant time implementations of p256, p384, and p521 from upsream - More Fips indicator changes MODERATE Copyright 2024 Oracle, Inc. CVE-2023-6135 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 Oracle Linux 9 [3.90.0-6] - Fix ecc DER wrapping. [3.90.0-5] - Pick up validated constant time implementations of p256, p384, and p521 from upsream - More Fips indicator changes MODERATE Copyright 2024 Oracle, Inc. CVE-2023-6135 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [7.0.116-1.0.1] - Update to .NET SDK 7.0.116 and Runtime 7.0.16 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-21404 CVE-2024-21386 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 8 [7.0.116-1.0.1] - Update to .NET SDK 7.0.116 and Runtime 7.0.16 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-21386 CVE-2024-21404 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 9 [6.0.127-1.0.1] - Update to .NET SDK 6.0.127 and Runtime 6.0.27 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-21404 CVE-2024-21386 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 8 [6.0.127-1.0.1] - Update to .NET SDK 6.0.127 and Runtime 6.0.27 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-21386 CVE-2024-21404 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 Oracle Linux 9 RHEL 9.3.0.Z ERRATUM [1.9.5p2-10] - CVE-2023-28487 sudo: Sudo does not escape control characters in sudoreplay output Resolves: RHEL-21834 - CVE-2023-28486 sudo: Sudo does not escape control characters in log messages Resolves: RHEL-21828 - CVE-2023-42465 sudo: Targeted Corruption of Register and Stack Variables Resolves: RHEL-21821 RHEL 8.9.0.Z ERRATUM [1.9.5p2-1] - Rebase to 1.9.5p2 - CVE-2023-28486 sudo: Sudo does not escape control characters in log messages Resolves: RHEL-21825 - CVE-2023-28487 sudo: Sudo does not escape control characters in sudoreplay output Resolves: RHEL-21831 - CVE-2023-42465 sudo: Targeted Corruption of Register and Stack Variables Resolves: RHEL-21820 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-28487 CVE-2023-28486 CVE-2023-42465 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:8:10:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/o:oracle:linux:8:9:baseos_patch cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/o:oracle:linux:9:4:baseos_base cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/a:oracle:linux:9:4:appstream_base cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 Oracle Linux 8 [8.0.102-2.0.1] - Update to .NET SDK 8.0.102 and Runtime 8.0.2 - Add -dbg subpackages for symbol files - Resolves: RHEL-23070 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-21404 CVE-2024-21386 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 9 [8.0.102-2.0.1] - Update to .NET SDK 8.0.102 and Runtime 8.0.2 - Add -dbg subpackages for symbol files - Resolves: RHEL-23070 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-21386 CVE-2024-21404 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 7 [2.0.0-25gitd1c6db8] - Security fix for CVE-2023-50447 Resolves: RHEL-22239 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-50447 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 gimp [2:2.8.22-25] - fix CVE-2023-44442 - fix CVE-2023-44444 pygobject2 pygtk2 [2.24.0-25] - Fix shebang mangling for _prefix=app (#1907579) - disable numpy for flatpak (#1907579) python2-pycairo IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-44442 CVE-2023-44444 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 8 delve [1.20.2-1.0.1] - Disable DWARF compression which has issues (Alex Burmashev) [1.20.2-1] - Rebase to 1.20.2 - Resolves: rhbz#2186495 golang [1.20.12-1] - Update to Go 1.20.12 - Fix CVE-2023-39326 CVE-2023-45285 go-toolset [1.20.12-1] - Update to Go 1.20.12 - CVE-2023-39326 golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP request (rhbz 2253330) MODERATE Copyright 2024 Oracle, Inc. CVE-2023-39326 CVE-2023-45285 cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [20220126gitbb1bba3d77-6.el8_9.3] - edk2-Bumped-openssl-submodule-version-to-cf317b2bb227.patch [RHEL-7560] - Resolves: RHEL-7560 (CVE-2023-3446 edk2: openssl: Excessive time spent checking DH keys and parameters [rhel-8]) LOW Copyright 2024 Oracle, Inc. CVE-2023-3446 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [6.8.2-2.1] - Fix CVE-2019-13224 Resolves: RHEL-6970 - Fix CVE-2019-16163 Resolves: RHEL-9506 - Fix CVE-2019-19012 Resolves: RHEL-9511 - Fix CVE-2019-19203 Resolves: RHEL-9510 - Fix CVE-2019-19204 Resolves: RHEL-9509 MODERATE Copyright 2024 Oracle, Inc. CVE-2019-19203 CVE-2019-13224 CVE-2019-16163 CVE-2019-19204 CVE-2019-19012 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [5.1.1-18.1] - Security fix for CVE-2023-50447 Resolves: RHEL-22240 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-50447 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 mecab mecab-ipadic mysql [8.0.36-1] - Update to MySQL 8.0.36 [8.0.35-2] - Fix int-conversion type error in memcached [8.0.35-1] - Update to MySQL 8.0.35 - Remove patches now upstream [8.0.34-1] - Update to MySQL 8.0.34 - Add patch from upstream bug#110569 - Add patch to fix binlog format issue - Use --skip-combinations over --binlog-format=mixed - Add alignment patch upstream bug#110752 [8.0.33-1] - Update to MySQL 8.0.33 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-21946 CVE-2023-22104 CVE-2023-22111 CVE-2024-20962 CVE-2023-21940 CVE-2023-22053 CVE-2023-22058 CVE-2023-22078 CVE-2023-22084 CVE-2022-4899 CVE-2023-22048 CVE-2024-20967 CVE-2023-22046 CVE-2023-22103 CVE-2024-20963 CVE-2024-20971 CVE-2024-20977 CVE-2024-20969 CVE-2024-20985 CVE-2023-21920 CVE-2023-22054 CVE-2023-22056 CVE-2024-20968 CVE-2024-20970 CVE-2023-21919 CVE-2023-21933 CVE-2023-21953 CVE-2023-21955 CVE-2023-21972 CVE-2023-21977 CVE-2023-21980 CVE-2023-22066 CVE-2023-22070 CVE-2023-22113 CVE-2023-21947 CVE-2023-22033 CVE-2023-22059 CVE-2023-22064 CVE-2023-22092 CVE-2023-22114 CVE-2024-20982 CVE-2023-21929 CVE-2024-20964 CVE-2023-22007 CVE-2023-22079 CVE-2023-22115 CVE-2024-20981 CVE-2023-21976 CVE-2023-22057 CVE-2023-22068 CVE-2023-22110 CVE-2024-20966 CVE-2023-22005 CVE-2023-22065 CVE-2024-20976 CVE-2024-20978 CVE-2023-22038 CVE-2023-21982 CVE-2023-22008 CVE-2023-21945 CVE-2023-22112 CVE-2024-20960 CVE-2024-20961 CVE-2024-20972 CVE-2024-20973 CVE-2023-21966 CVE-2024-20983 CVE-2024-20984 CVE-2023-21935 CVE-2023-22097 CVE-2023-21911 CVE-2023-21962 CVE-2023-22032 CVE-2024-20965 CVE-2024-20974 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [4.18.0-513.18.1.el8_9.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652] - Drop not needed patch [4.18.0-513.18.1.el8_9] - net: tls, update curr on splice as well (Sabrina Dubroca) [RHEL-22091 RHEL-19065] {CVE-2024-0646} - smb: client: fix potential OOB in smb2_dump_detail() (Scott Mayhew) [RHEL-21672 RHEL-19144] {CVE-2023-6610} - smb: client: fix potential OOB in cifs_dump_detail() (Scott Mayhew) [RHEL-21672 RHEL-19144] {CVE-2023-6610} - nvmet-tcp: Fix the H2C expected PDU len calculation (Maurizio Lombardi) [RHEL-22299 RHEL-22637 RHEL-22641 RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6535 CVE-2023-6356 CVE-2023-6536} - nvmet-tcp: remove boilerplate code (Maurizio Lombardi) [RHEL-22299 RHEL-22637 RHEL-22641 RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6535 CVE-2023-6356 CVE-2023-6536} - nvmet-tcp: fix a crash in nvmet_req_complete() (Maurizio Lombardi) [RHEL-22299 RHEL-22637 RHEL-22641 RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6535 CVE-2023-6356 CVE-2023-6536} - nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length (Maurizio Lombardi) [RHEL-22299 RHEL-22637 RHEL-22641 RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6535 CVE-2023-6356 CVE-2023-6536} - net-sysfs: add check for netdevice being present to speed_show (Michal Schmidt) [RHEL-20924 RHEL-16007] - netfilter: nft_set_pipapo: skip inactive elements during set walk (Florian Westphal) [RHEL-20698 RHEL-19721] {CVE-2023-6817} [4.18.0-513.17.1.el8_9] - redhat: rewrite genlog and support Y- tags (Jan Stancek) - smb: client: fix OOB in smbCalcSize() (Scott Mayhew) [RHEL-21662 RHEL-18990] {CVE-2023-6606} - s390/qeth: Don't call dev_close/dev_open (DOWN/UP) (Tobias Huschle) [RHEL-17884 RHEL-2410] - blk-mq: use quiesced elevator switch when reinitializing queues (Ming Lei) [RHEL-21785 RHEL-19944] - lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (Ming Lei) [RHEL-20232 RHEL-8128] [4.18.0-513.16.1.el8_9] - tracing/timerlat: Add user-space interface (Chris White) [RHEL-20362 RHEL-15142] - tracing/osnoise: Skip running osnoise if all instances are off (Chris White) [RHEL-20362 RHEL-15142] - tracing/osnoise: Switch from PF_NO_SETAFFINITY to migrate_disable (Chris White) [RHEL-20362 RHEL-15142] - tracing/timerlat: Always wakeup the timerlat thread (Chris White) [RHEL-20362 RHEL-15142] - tracing/osnoise: Fix notify new tracing_max_latency (Chris White) [RHEL-20362 RHEL-15142] - tracing/timerlat: Notify new max thread latency (Chris White) [RHEL-20362 RHEL-15142] - trace/osnoise: make use of the helper function kthread_run_on_cpu() (Chris White) [RHEL-20362 RHEL-15142] - kthread: add the helper function kthread_run_on_cpu() (Chris White) [RHEL-20362 RHEL-15142] - x86/apic: Mark _all_ legacy interrupts when IO/APIC is missing (Prarit Bhargava) [RHEL-7238 RHEL-4244] - HID: check empty report_list in hid_validate_values() (Desnes Nunes) [RHEL-19274 RHEL-19237] {CVE-2023-1073} - s390/dasd: print copy pair message only for the correct error (Tobias Huschle) [RHEL-9444 RHEL-2831] - blk-mq: don't count completed flush data request as inflight in case of quiesce (Ming Lei) [RHEL-19111 RHEL-18055] [4.18.0-513.15.1.el8_9] - IB/ipoib: Fix mcast list locking (Daniel Vacek) [RHEL-19699 RHEL-19244] - RDMA/IPoIB: Fix error code return in ipoib_mcast_join (Daniel Vacek) [RHEL-19699 RHEL-19244] - x86/sev: Check for user-space IOIO pointing to kernel space (Wander Lairson Costa) [RHEL-18014 RHEL-14978] {CVE-2023-46813} - x86/sev: Check IOBM for IOIO exceptions from user-space (Wander Lairson Costa) [RHEL-18014 RHEL-14978] {CVE-2023-46813} - x86/sev: Disable MMIO emulation from user mode (Wander Lairson Costa) [RHEL-18014 RHEL-14978] {CVE-2023-46813} - x86/sev-es: Fix SEV-ES OUT/IN immediate opcode vc handling (Wander Lairson Costa) [RHEL-18014 RHEL-14978] {CVE-2023-46813} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2022-41858 CVE-2023-1838 CVE-2023-6535 CVE-2023-4623 CVE-2023-6606 CVE-2024-0646 CVE-2023-6356 CVE-2023-2166 CVE-2023-4921 CVE-2023-5717 CVE-2023-40283 CVE-2023-6610 CVE-2023-6817 CVE-2023-46813 CVE-2022-3545 CVE-2023-2176 CVE-2023-1073 CVE-2023-6536 CVE-2023-45871 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:9:baseos_patch cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 9 pgaudit pg_repack postgres-decoderbufs postgresql [15.6-1] - update to 15.6 - Fixes CVE-2024-0985 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-0985 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [13.14-1.0.1] - Update to 13.14 - Fixes CVE-2024-0985 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-0985 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::distro_builder cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [115.8.0-1.0.1] - Update to 115.8.0 build 1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1548 CVE-2024-1550 CVE-2024-1552 CVE-2024-1549 CVE-2024-1553 CVE-2024-1546 CVE-2024-1547 CVE-2024-1551 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 [115.8.0-1.0.1] - Update to 115.8.0 build 1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1552 CVE-2024-1549 CVE-2024-1550 CVE-2024-1553 CVE-2024-1546 CVE-2024-1548 CVE-2024-1547 CVE-2024-1551 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [10.23-4.0.1] - Resolves: CVE-2024-0985 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-0985 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [115.8.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [115.8.0-1] - Update to 115.8.0 build1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1548 CVE-2024-1551 CVE-2024-1547 CVE-2024-1552 CVE-2024-1546 CVE-2024-1550 CVE-2024-1549 CVE-2024-1553 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 9 [115.8.0-1.0.1] - Add Oracle modifications [115.8.0-1] - Update to 115.8.0 build1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1549 CVE-2024-1552 CVE-2024-1548 CVE-2024-1553 CVE-2024-1546 CVE-2024-1550 CVE-2024-1547 CVE-2024-1551 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 [115.8.0-1.0.1] - Add Oracle modifications [115.8.0-1] - Update to 115.8.0 build1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1551 CVE-2024-1548 CVE-2024-1546 CVE-2024-1552 CVE-2024-1547 CVE-2024-1549 CVE-2024-1550 CVE-2024-1553 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [1.16.2-5.2] - bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387) - bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-50387 CVE-2023-50868 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 Oracle Linux 9 [0.23.0-4] - Fix CVE-2023-5992: Side-channel leaks while stripping encryption PKCS#1.5 padding MODERATE Copyright 2024 Oracle, Inc. CVE-2023-5992 cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9:4:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 8 [0.20.0-8] - Fix CVE-2023-5992: Side-channel leaks while stripping encryption PKCS#1.5 padding MODERATE Copyright 2024 Oracle, Inc. CVE-2023-5992 cpe:/o:oracle:linux:8:10:baseos_base cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:9:baseos_patch Oracle Linux 8 pgaudit pg_repack postgres-decoderbufs postgresql [15.6-1] - update to 15.6 - Fixes CVE-2024-0985 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-0985 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 8 pgaudit [1.4.0-7] - Release bump to avoid regression in nvrs - Resolves: RHEL-24969 pg_repack postgres-decoderbufs postgresql [12.18-1.0.1] - Update to version 12.18 - Fixes CVE-2024-0985 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-0985 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 8 pgaudit pg_repack postgres-decoderbufs postgresql [13.14-1.0.1] - update to 13.14 - Fixes CVE-2024-0985 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-0985 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [115.8.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [115.8.0-1] - Update to 115.8.0 build1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1547 CVE-2024-1546 CVE-2024-1551 CVE-2024-1548 CVE-2024-1553 CVE-2024-1549 CVE-2024-1552 CVE-2024-1550 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 9 [1.16.2-3.1] - Fix DNSSEC validation vulnerabilities which can lead to DoS in trivially orchestrated attacks (CVE-2023-50387 and CVE-2023-50868) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-50868 CVE-2023-50387 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 8 [20220126gitbb1bba3d77-6.el8_9.6] - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Pa.patch [RHEL-21840 RHEL-21842] - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Un.patch [RHEL-21840 RHEL-21842] - Resolves: RHEL-21842 (CVE-2023-45230 edk2: Buffer overflow in the DHCPv6 client via a long Server ID option [rhel-8]) - Resolves: RHEL-21850 (CVE-2023-45234 edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message [rhel-8]) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-45234 CVE-2023-45230 cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [20230524-4.el9_3.2] - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Pa.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Add-Unit-tests-to-CI-and-create-Host-Test.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Un.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Pa.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Un.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Patc.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Unit.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Patc.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Unit.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p2.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p3.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p4.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Adds-a-SecurityFix.yaml-file.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Re.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Dhcp6Dxe-Removes-duplicate-check-and-repl.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Dhcp6Dxe-Packet-Length-is-not-updated-bef.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Updating-SecurityFixes.yaml.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - Resolves: RHEL-21841 (CVE-2023-45229 edk2: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message [rhel-9]) - Resolves: RHEL-21843 (CVE-2023-45230 edk2: Buffer overflow in the DHCPv6 client via a long Server ID option [rhel-9]) - Resolves: RHEL-21845 (CVE-2023-45231 edk2: Out of Bounds read when handling a ND Redirect message with truncated options [rhel-9]) - Resolves: RHEL-21847 (CVE-2023-45232 edk2: Infinite loop when parsing unknown options in the Destination Options header [rhel-9]) - Resolves: RHEL-21849 (TRIAGE CVE-2023-45233 edk2: Infinite loop when parsing a PadN option in the Destination Options header [rhel-9]) - Resolves: RHEL-21851 (CVE-2023-45234 edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message [rhel-9]) - Resolves: RHEL-21853 (TRIAGE CVE-2023-45235 edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message [rhel-9]) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-45230 CVE-2023-45234 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [7.76.1-26.el9_3.3] - cap SFTP packet size sent (RHEL-14697) - lowercase the domain names before PSL checks (CVE-2023-46218) MODERATE Copyright 2024 Oracle, Inc. CVE-2023-46218 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [8.7p1-34.3] - Fix Terrapin attack (CVE-2023-48795) Resolves: RHEL-19764 - Forbid shell metasymbols in username/hostname (CVE-2023-51385) Resolves: RHEL-19822 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-48795 CVE-2023-51385 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [1.20.12-1] - Rebase to 1.20.12 - Fix CVE-2023-45285 CVE-2023-39326 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-39326 CVE-2023-45285 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1:9.0.62-37.el9_3.2] - Resolves: #2252050 HTTP request smuggling via malformed trailer headers (CVE-2023-46589) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-46589 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [7.3.0-13] - Backport fix for CVE-2023-3674 Resolves: RHEL-21013 LOW Copyright 2024 Oracle, Inc. CVE-2023-3674 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [8.0.36-1] - Update to MySQL 8.0.36 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-22048 CVE-2023-22092 CVE-2023-22097 CVE-2023-21962 CVE-2023-21929 CVE-2024-20969 CVE-2024-20983 CVE-2024-20962 CVE-2024-20974 CVE-2024-20981 CVE-2024-20968 CVE-2023-21935 CVE-2023-22064 CVE-2023-22115 CVE-2023-21955 CVE-2023-22056 CVE-2024-20960 CVE-2023-22053 CVE-2023-22068 CVE-2024-20964 CVE-2023-21911 CVE-2023-21946 CVE-2023-21972 CVE-2023-22005 CVE-2023-22038 CVE-2023-22070 CVE-2023-22110 CVE-2023-22111 CVE-2024-20971 CVE-2024-20972 CVE-2024-20973 CVE-2024-20982 CVE-2023-21947 CVE-2023-21980 CVE-2023-21982 CVE-2023-22054 CVE-2023-22078 CVE-2024-20984 CVE-2024-20985 CVE-2023-21920 CVE-2023-21933 CVE-2023-22008 CVE-2023-22033 CVE-2023-22065 CVE-2024-20977 CVE-2024-20978 CVE-2023-21953 CVE-2023-21940 CVE-2023-21966 CVE-2023-21976 CVE-2023-21977 CVE-2023-22066 CVE-2023-22079 CVE-2023-22103 CVE-2024-20961 CVE-2024-20965 CVE-2024-20966 CVE-2024-20967 CVE-2024-20976 CVE-2023-22007 CVE-2023-22059 CVE-2023-22113 CVE-2023-21919 CVE-2023-21945 CVE-2023-22032 CVE-2023-22046 CVE-2023-22058 CVE-2023-22084 CVE-2024-20963 CVE-2022-4899 CVE-2023-22057 CVE-2023-22104 CVE-2023-22112 CVE-2023-22114 CVE-2024-20970 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [2.4.22-3] - Reject '#' as part of URI path component (CVE-2023-45539, RHEL-18169) [2.4.22-2] - Reject any empty content-length header value (CVE-2023-40225, RHEL-7736) MODERATE Copyright 2024 Oracle, Inc. CVE-2023-40225 CVE-2023-45539 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [2.6-21.0.1] - rear: creates a world-readable initrd (CVE-2024-23301) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-23301 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [2:1.13.3-4] - Rebuild with golang 1.20.12: golang:net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326) MODERATE Copyright 2024 Oracle, Inc. CVE-2023-39326 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1.31.4-1.0.1] - update to https://github.com/containers/buildah/releases/tag/v1.31 - https://github.com/containers/buildah/commit/11bbf33 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-48795 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 [1:1.1.1k-12] - Backport implicit rejection mechanism for RSA PKCS#1 v1.5 to RHEL-8 series (a proper fix for CVE-2020-25659) Resolves: RHEL-17696 [1:1.1.1k-11] - Fix CVE-2023-5678: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow Resolves: RHEL-16538 [1:1.1.1k-10] - Fix CVE-2023-3446: Excessive time spent checking DH keys and parameters Resolves: RHEL-14245 - Fix CVE-2023-3817: Excessive time spent checking DH q parameter value Resolves: RHEL-14239 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-5678 CVE-2023-3446 CVE-2023-3817 cpe:/a:oracle:linux:8::userspace_ksplice Oracle Linux 8 [4.18.0-513.11.1.0.1_9.OL8] - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress {CVE-2023-2162} - af_unix: Fix null-ptr-deref in unix_stream_sendpage() {CVE-2023-4622} - netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet {CVE-2023-42753} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-2162 CVE-2023-4622 CVE-2023-42753 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:9:baseos_patch cpe:/a:oracle:linux:8::codeready_builder cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 Oracle Linux 8 Oracle Linux 9 [37.0.2-5.0.1] - Fix CVE-2023-49083: NULL-dereference when loading PKCS7 certificates [Orabug: 36143834] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-49083 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:8::appstream Oracle Linux 8 Oracle Linux 9 [36.0.1-4.0.1] - Fix CVE-2023-49083: NULL-dereference when loading PKCS7 certificates [Orabug: 36119159] [36.0.1-4] - Fix FTBFS caused by rsa_pkcs1_implicit_rejection OpenSSL feature, resolves rhbz#2203840 [36.0.1-3] - Fix CVE-2023-23931: Don't allow update_into to mutate immutable objects, resolves rhbz#2172399 - Fix FTBFS due to failing test_load_invalid_ec_key_from_pem and test_decrypt_invalid_decrypt IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-49083 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/o:oracle:linux:8:9:baseos_patch cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/o:oracle:linux:9:4:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 Oracle Linux 9 [1:3.0.7-25.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.7-25] - Provide relevant diagnostics when FIPS checksum is corrupted Resolves: RHEL-5317 - Don't limit using SHA1 in KDFs in non-FIPS mode. Resolves: RHEL-5295 - Provide empty evp_properties section in main OpenSSL configuration file Resolves: RHEL-11439 - Avoid implicit function declaration when building openssl Resolves: RHEL-1780 - Forbid explicit curves when created via EVP_PKEY_fromdata Resolves: RHEL-5304 - AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries (CVE-2023-2975) Resolves: RHEL-5302 - Excessive time spent checking DH keys and parameters (CVE-2023-3446) Resolves: RHEL-5306 - Excessive time spent checking DH q parameter value (CVE-2023-3817) Resolves: RHEL-5308 - Fix incorrect cipher key and IV length processing (CVE-2023-5363) Resolves: RHEL-13251 - Switch explicit FIPS indicator for RSA-OAEP to approved following clarification with CMVP Resolves: RHEL-14083 - Backport the check required by SP800-56Br2 6.4.1.2.1 (3.c) Resolves: RHEL-14083 - Add missing ECDH Public Key Check in FIPS mode Resolves: RHEL-15990 - Excessive time spent in DH check/generation with large Q parameter value (CVE-2023-5678) Resolves: RHEL-15954 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-5363 cpe:/a:oracle:linux:9::userspace_ksplice Oracle Linux 9 - [5.14.0-362.18.0.1_3.OL9] - nfp: fix use-after-free in area_cache_get() (Jialiang Wang) {CVE-2022-3545} - drivers: net: slip: fix NPD bug in sl_tx_timeout() (Duoming Zhou) {CVE-2022-41858} - can: af_can: fix NULL pointer dereference in can_rcv_filter (Oliver Hartkopp) {CVE-2023-2166} - RDMA/core: Fix resolve_prepare_src error cleanup (Patrisious Haddad) {CVE-2023-2176} - netfilter: nf_tables: skip bound chain on rule flush (Pablo Neira Ayuso} {CVE-2023-3777} - net: tun: fix bugs for oversize packet when napi frags enabled (Ziyang Xuan) {CVE-2023-3812} - netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR (Pablo Neira Ayuso) {CVE-2023-4015} - af_unix: Fix null-ptr-deref in unix_stream_sendpage(). (Kuniyuki Iwashima) {CVE-2023-4622} - nvmet-tcp: Fix a possible UAF in queue intialization setup (Sagi Grimberg) {CVE-2023-5178} - fbcon: set_con2fb_map needs to set con2fb_map! (Daniel Vetter) {CVE-2023-38409} - fbcon: Fix error paths in set_con2fb_map (Daniel Vetter) {CVE-2023-38409} - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (Sungwoo Kim) {CVE-2023-40283) - netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c (Kyle Zeng) {CVE-2023-42753} - x86/sev: Check IOBM for IOIO exceptions from user-space (Joerg Roedel) {CVE-2023-46813} - x86/sev: Disable MMIO emulation from user mode (Borislav Petkov) {CVE-2023-46813} - x86/sev: Check for user-space IOIO pointing to kernel space (Joerg Roedel) {CVE-2023-46813} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-40283 CVE-2023-4015 CVE-2023-3812 CVE-2023-5178 CVE-2022-3545 CVE-2023-2176 CVE-2023-3777 CVE-2022-41858 CVE-2023-2166 CVE-2023-4622 CVE-2023-42753 CVE-2023-46813 CVE-2023-38409 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 6 Oracle Linux 7 [4.1.12-124.82.2] - Bluetooth: Reject connection with the device which has same BD_ADDR (Lee, Chun-Yi) [Orabug: 35959598] {CVE-2020-26555} - sched/rt: pick_next_rt_entity(): check list_entry (Pietro Borrello) [Orabug: 35181560] {CVE-2023-1077} - sched/debug: Fix SCHED_WARN_ON() to return a value on !CONFIG_SCHED_DEBUG as well (Ingo Molnar) [Orabug: 35181560] - sched/debug: Add SCHED_WARN_ON() (Peter Zijlstra) [Orabug: 35181560] [4.1.12-124.82.1] - igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU (Eric Dumazet) [Orabug: 35924002] {CVE-2023-42752} - net: sched: sch_qfq: Fix UAF in qfq_dequeue() (valis) [Orabug: 35814457] {CVE-2023-4921} - ixgbe: fix large MTU request from VF (Samasth Norway Ananda) [Orabug: 33752821] {CVE-2021-33098} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-42752 CVE-2021-33098 CVE-2023-1077 CVE-2020-26555 CVE-2023-4921 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 8 [3.6.16-8.1_fips] - Allow RSA keygen with modulus sizes bigger than 3072 bits and validate the seed length as defined in FIPS 186-4 section B.3.2 [Orabug: 33200526] - Allow bigger known RSA modulus sizes when calling rsa_generate_fips186_4_keypair directly [Orabug: 33200526] - Change Epoch from 1 to 10 [3.6.16-8.1] - auth/rsa-psk: minimize branching after decryption (RHEL-21550) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-0553 cpe:/a:oracle:linux:8::u4_security_validation Oracle Linux 7 [1.1.12-1] - Update runc to 1.1.12 [JIRA: OLDIS-30530] [1.1.10-1] - Update runc to 1.1.10 [JIRA: OLDIS-30530] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-21626 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ol7 cpe:/a:oracle:linux:7::addons cpe:/a:oracle:linux:7::developer cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ol7 Oracle Linux 9 [5.14.0-362.18.0.2] - net/sched: sch_hfsc: Ensure inner classes have fsc curve {CVE-2023-4623} - net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve {CVE-2023-4623} - dpll: core: Add DPLL framework base functions {CVE-2023-6679} - dpll: spec: Add Netlink spec in YAML {CVE-2023-6679} - dpll: netlink: Add DPLL framework base functions {CVE-2023-6679} - netdev: expose DPLL pin handle for netdevice {CVE-2023-6679} - netdev: Remove unneeded semicolon {CVE-2023-6679} - dpll: netlink/core: add support for pin-dpll signal phase offset/adjust {CVE-2023-6679} - dpll: netlink/core: change pin frequency set behavior {CVE-2023-6679} - dpll: Fix potential msg memleak when genlmsg_put_reply failed {CVE-2023-6679} - dpll: sanitize possible null pointer dereference in dpll_pin_parent_pin_set() {CVE-2023-6679} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-6679 CVE-2023-4623 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 7 [4.14.35-2047.533.3] - net: rfkill: gpio: set GPIO direction (Rouven Czerwinski) - sched/fair: Fix tg->load when offlining a CPU (Vincent Guittot) [Orabug: 36185208] - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (Mark Zhang) [Orabug: 36143229] - sched/rt: pick_next_rt_entity(): check list_entry (Pietro Borrello) [Orabug: 35181559] {CVE-2023-1077} [4.14.35-2047.533.2] - LTS version: 4.14.334 (Yifei Liu) - powerpc/ftrace: Fix stack teardown in ftrace_no_trace (Naveen N Rao) - powerpc/ftrace: Create a dummy stackframe to fix stack unwind (Naveen N Rao) - ring-buffer: Fix memory leak of free page (Steven Rostedt (Google)) - team: Fix use-after-free when an option instance allocation fails (Florent Revest) - ext4: prevent the normalized size from exceeding EXT_MAX_BLOCKS (Baokun Li) - HID: hid-asus: add const to read-only outgoing usb buffer (Denis Benato) - net: usb: qmi_wwan: claim interface 4 for ZTE MF290 (Lech Perczak) - asm-generic: qspinlock: fix queued_spin_value_unlocked() implementation (Linus Torvalds) - HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad (Aoba K) - HID: hid-asus: reset the backlight brightness level on resume (Denis Benato) - platform/x86: intel_telemetry: Fix kernel doc descriptions (Andy Shevchenko) - bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() (Coly Li) - blk-throttle: fix lockdep warning of 'cgroup_mutex or RCU read lock required!' (Ming Lei) - appletalk: Fix Use-After-Free in atalk_ioctl (Hyunwoo Kim) - vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space() (Nikolay Kuratov) - sign-file: Fix incorrect return values check (Yusong Gao) - net: Remove acked SYN flag from packet in the transmit queue correctly (Dong Chenchen) - qed: Fix a potential use-after-free in qed_cxt_tables_alloc (Dinghao Liu) - net/rose: Fix Use-After-Free in rose_ioctl (Hyunwoo Kim) - atm: Fix Use-After-Free in do_vcc_ioctl (Hyunwoo Kim) - atm: solos-pci: Fix potential deadlock on &tx_queue_lock (Chengfeng Ye) - atm: solos-pci: Fix potential deadlock on &cli_queue_lock (Chengfeng Ye) - qca_spi: Fix reset behavior (Stefan Wahren) - qca_debug: Fix ethtool -G iface tx behavior (Stefan Wahren) - qca_debug: Prevent crash on TX ring changes (Stefan Wahren) - LTS version: 4.14.333 (Yifei Liu) - drop_monitor: Require 'CAP_SYS_ADMIN' when joining 'events' group (Ido Schimmel) - psample: Require 'CAP_NET_ADMIN' when joining 'packets' group (Ido Schimmel) - genetlink: add CAP_NET_ADMIN test for multicast bind (Ido Schimmel) - netlink: don't call ->netlink_bind with table lock held (Ido Schimmel) - nilfs2: fix missing error check for sb_set_blocksize call (Ryusuke Konishi) - KVM: s390/mm: Properly reset no-dat (Claudio Imbrenda) - serial: 8250_omap: Add earlycon support for the AM654 UART controller (Ronald Wahl) - serial: sc16is7xx: address RX timeout interrupt errata (Daniel Mack) - parport: Add support for Brainboxes IX/UC/PX parallel cards (Cameron Williams) - packet: Move reference count in packet_sock to atomic_long_t (Daniel Borkmann) - tracing: Fix a possible race when disabling buffered events (Petr Pavlu) - tracing: Fix incomplete locking when disabling buffered events (Petr Pavlu) - tracing: Always update snapshot buffer size (Steven Rostedt (Google)) - nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage() (Ryusuke Konishi) - ALSA: pcm: fix out-of-bounds in snd_pcm_state_names (Jason Zhang) - scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() (Dinghao Liu) - tracing: Fix a warning when allocating buffered events fails (Petr Pavlu) - hwmon: (acpi_power_meter) Fix 4.29 MW bug (Armin Wolf) - RDMA/bnxt_re: Correct module description string (Kalesh AP) - tcp: do not accept ACK of bytes we never sent (Eric Dumazet) - net: hns: fix fake link up on xge port (Yonglong Liu) - drm/amdgpu: correct chunk_ptr to a pointer to chunk. (YuanShang) - tg3: Increment tx_dropped in tg3_tso_bug() (Alex Pakhunov) - tg3: Move the [rt]x_dropped counters to tg3_napi (Alex Pakhunov) - LTS version: 4.14.332 (Yifei Liu) - driver core: Release all resources during unbind before updating device links (Saravana Kannan) - net: ravb: Start TX queues after HW initialization succeeded (Claudiu Beznea) - ravb: Fix races between ravb_tx_timeout_work() and net related ops (Yoshihiro Shimoda) - ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet (Zhengchao Shao) - btrfs: send: ensure send_fd is writable (Jann Horn) - btrfs: fix off-by-one when checking chunk map includes logical address (Filipe Manana) - powerpc: Don't clobber f0/vs0 during fp|altivec register save (Timothy Pearson) - dm verity: don't perform FEC for failed readahead IO (Wu Bo) - dm-verity: align struct dm_verity_fec_io properly (Mikulas Patocka) - firewire: core: fix possible memory leak in create_units() (Yang Yingliang) - pinctrl: avoid reload of p state in list iteration (Maria Yu) - usb: dwc3: set the dma max_seg_size (Ricardo Ribalda) - USB: serial: option: don't claim interface 4 for ZTE MF290 (Lech Perczak) - USB: serial: option: fix FM101R-GL defines (Puliang Lu) - USB: serial: option: add Fibocom L7xx modules (Victor Fragoso) - bcache: prevent potential division by zero error (Rand Deeb) - bcache: check return value from btree_node_alloc_replacement() (Coly Li) - USB: serial: option: add Luat Air72*U series products (Asuna Yang) - s390/dasd: protect device queue against concurrent access (Jan Hoppner) - mtd: rawnand: brcmnand: Fix ecc chunk calculation for erased page bitfips (Claire Lin) - net: axienet: Fix check for partial TX checksum (Samuel Holland) - amd-xgbe: propagate the correct speed and duplex status (Raju Rangoju) - amd-xgbe: handle corner-case during sfp hotplug (Raju Rangoju) - arm/xen: fix xen_vcpu_info allocation alignment (Stefano Stabellini) - net: usb: ax88179_178a: fix failed operations during ax88179_reset (Jose Ignacio Tornos Martinez) - ipv4: Correct/silence an endian warning in __ip_do_redirect (Kunwu Chan) - drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full (Jonas Karlman) - ata: pata_isapnp: Add missing error check for devm_ioport_map() (Chen Ni) - drm/panel: simple: Fix Innolux G101ICE-L01 timings (Marek Vasut) - RDMA/irdma: Prevent zero-length STAG registration (Christopher Bednarz) - LTS version: 4.14.331 (Yifei Liu) - net: sched: fix race condition in qdisc_graft() (Eric Dumazet) - scsi: virtio_scsi: limit number of hw queues by nr_cpu_ids (Dongli Zhang) - ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks (Kemeng Shi) - ext4: correct return value of ext4_convert_meta_bg (Kemeng Shi) - ext4: correct offset of gdb backup in non meta_bg group to update_backups (Kemeng Shi) - ext4: apply umask if ACL support is disabled (Max Kellermann) - media: venus: hfi: fix the check to handle session buffer requirement (Vikash Garodia) - media: sharp: fix sharp encoding (Sean Young) - i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (Heiner Kallweit) - net: dsa: lan9303: consequently nested-lock physical MDIO (Alexander Sverdlin) - ALSA: info: Fix potential deadlock at disconnection (Takashi Iwai) - parisc/pgtable: Do not drop upper 5 address bits of physical address (Helge Deller) - parisc: Prevent booting 64-bit kernels on PA1.x machines (Helge Deller) - mcb: fix error handling for different scenarios when parsing (Sanjuan Garcia, Jorge) - jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev (Zhihao Cheng) - genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware (Herve Codina) - mmc: meson-gx: Remove setting of CMD_CFG_ERROR (Rong Chen) - PM: hibernate: Clean up sync_read handling in snapshot_write_next() (Brian Geffon) - PM: hibernate: Use __get_safe_page() rather than touching the list (Brian Geffon) - mmc: vub300: fix an error code (Dan Carpenter) - PCI/sysfs: Protect driver's D3cold preference from user space (Lukas Wunner) - hvc/xen: fix error path in xen_hvc_init() to always register frontend driver (David Woodhouse) - audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare() (Paul Moore) - audit: don't take task_lock() in audit_exe_compare() code path (Paul Moore) - KVM: x86: Ignore MSR_AMD64_TW_CFG access (Maciej S. Szmigiero) - randstruct: Fix gcc-plugin performance mode to stay in group (Kees Cook) - media: venus: hfi: add checks to perform sanity on queue pointers (Vikash Garodia) - pwm: Fix double shift bug (Dan Carpenter) - gfs2: ignore negated quota changes (Bob Peterson) - media: vivid: avoid integer overflow (Hans Verkuil) - media: gspca: cpia1: shift-out-of-bounds in set_flicker (Rajeshwar R Shinde) - i2c: sun6i-p2wi: Prevent potential division by zero (Axel Lin) - tty: vcc: Add check for kstrdup() in vcc_probe() (Yi Yang) - scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (Wenchao Hao) - atm: iphase: Do PCI error checks on own line (Ilpo Jarvinen) - ALSA: hda: Fix possible null-ptr-deref when assigning a stream (Cezary Rojewski) - jfs: fix array-index-out-of-bounds in diAlloc (Manas Ghandat) - jfs: fix array-index-out-of-bounds in dbFindLeaf (Manas Ghandat) - fs/jfs: Add validity check for db_maxag and db_agpref (Juntong Deng) - fs/jfs: Add check for negative db_l2nbperpage (Juntong Deng) - RDMA/hfi1: Use FIELD_GET() to extract Link Width (Ilpo Jarvinen) - crypto: pcrypt - Fix hungtask for PADATA_RESET (Lu Jialin) - selftests/efivarfs: create-read: fix a resource leak (zhujun2) - drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (Mario Limonciello) - drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (Mario Limonciello) - net: annotate data-races around sk->sk_dst_pending_confirm (Eric Dumazet) - wifi: ath10k: fix clang-specific fortify warning (Dmitry Antipov) - wifi: ath9k: fix clang-specific fortify warnings (Dmitry Antipov) - wifi: mac80211: don't return unset power in ieee80211_get_tx_power() (Ping-Ke Shih) - x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size (Mike Rapoport (IBM)) - clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware (Ronald Wahl) - clocksource/drivers/timer-imx-gpt: Fix potential memory leak (Jacky Bai) - locking/ww_mutex/test: Fix potential workqueue corruption (John Stultz) - LTS version: 4.14.330 (Yifei Liu) - btrfs: use u64 for buffer sizes in the tree search ioctls (Filipe Manana) - fbdev: fsl-diu-fb: mark wr_reg_wa() static (Arnd Bergmann) - netfilter: xt_recent: fix (increase) ipv6 literal buffer length (Maciej Zenczykowski) - tg3: power down device only on SYSTEM_POWER_OFF (George Shuklin) - dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses. (Kuniyuki Iwashima) - dccp: Call security_inet_conn_request() after setting IPv4 addresses. (Kuniyuki Iwashima) - tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (Shigeru Yoshida) - llc: verify mac len before reading mac header (Willem de Bruijn) - pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume (Florian Fainelli) - media: s3c-camif: Avoid inappropriate kfree() (Katya Orlova) - pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() (Yang Yingliang) - pcmcia: ds: fix refcount leak in pcmcia_device_add() (Yang Yingliang) - pcmcia: cs: fix possible hung task and memory leak pccardd() (Yang Yingliang) - dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() (Christophe JAILLET) - USB: usbip: fix stub_dev hub disconnect (Jonas Blixt) - misc: st_core: Do not call kfree_skb() under spin_lock_irqsave() (Jinjie Ruan) - dmaengine: ti: edma: handle irq_of_parse_and_map() errors (Dan Carpenter) - usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency (Jia-Ju Bai) - tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (Yi Yang) - mfd: dln2: Fix double put in dln2_probe (Dinghao Liu) - ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails (Cezary Rojewski) - sh: bios: Revive earlyprintk support (Geert Uytterhoeven) - RDMA/hfi1: Workaround truncation compilation error (Leon Romanovsky) - ext4: move 'ix' sanity check to corrent position (Gou Hao) - ARM: 9321/1: memset: cast the constant byte to unsigned char (Kursad Oney) - hwrng: geode - fix accessing registers (Jonas Gorski) - firmware: ti_sci: Mark driver as non removable (Dhruva Gole) - ARM: dts: qcom: mdm9615: populate vsdcc fixed regulator (Krzysztof Kozlowski) - drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() (Christophe JAILLET) - drm/radeon: possible buffer overflow (Konstantin Meskhidze) - drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs (Jonas Karlman) - platform/x86: wmi: Fix probe failure when failing to register WMI devices (Armin Wolf) - clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data (Jiasheng Jiang) - clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data (Jiasheng Jiang) - clk: keystone: pll: fix a couple NULL vs IS_ERR() checks (Dan Carpenter) - clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies (Devi Priya) - ipv6: avoid atomic fragment on GSO packets (Yan Zhai) - ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() (Christophe JAILLET) - thermal: core: prevent potential string overflow (Dan Carpenter) - wifi: rtlwifi: fix EDCA limit set by BT coexistence (Dmitry Antipov) - tcp_metrics: do not create an entry from tcp_init_metrics() (Eric Dumazet) - tcp_metrics: properly set tp->snd_ssthresh in tcp_init_metrics() (Eric Dumazet) - i40e: fix potential memory leaks in i40e_remove() (Andrii Staikov) - LTS version: 4.14.329 (Yifei Liu) - tty: 8250: Add support for Intashield IS-100 (Cameron Williams) - tty: 8250: Add support for Brainboxes UP cards (Cameron Williams) - tty: 8250: Add support for additional Brainboxes UC cards (Cameron Williams) - tty: 8250: Remove UC-257 and UC-431 (Cameron Williams) - usb: storage: set 1.50 as the lower bcdDevice for older 'Super Top' compatibility (LihaSika) - PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device (Vicki Pfau) - remove the sx8 block driver (Christoph Hellwig) - ata: ahci: fix enum constants for gcc-13 (Arnd Bergmann) - net: chelsio: cxgb4: add an error code check in t4_load_phy_fw (Su Hui) - platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (Hans de Goede) - scsi: mpt3sas: Fix in error path (Tomas Henzl) - fbdev: uvesafb: Call cn_del_callback() at the end of uvesafb_exit() (Jorge Maidana) - ASoC: rt5650: fix the wrong result of key button (Shuming Fan) - netfilter: nfnetlink_log: silence bogus compiler warning (Florian Westphal) - fbdev: atyfb: only use ioremap_uc() on i386 and ia64 (Arnd Bergmann) - Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport (Dmitry Torokhov) - dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe (Zhang Shurong) - irqchip/stm32-exti: add missing DT IRQ flag translation (Ben Wolsieffer) - ASoC: simple-card: fixup asoc_simple_probe() error handling (Kuninori Morimoto) - x86: Fix .brk attribute in linker script (Juergen Gross) - rpmsg: Fix possible refcount leak in rpmsg_register_device_override() (Hangyu Hua) - rpmsg: glink: Release driver_override (Bjorn Andersson) - rpmsg: Fix calling device_lock() on non-initialized device (Krzysztof Kozlowski) - rpmsg: Fix kfree() of static memory on setting driver_override (Krzysztof Kozlowski) - driver: platform: Add helper for safer setting of driver_override (Krzysztof Kozlowski) - x86/mm: Fix RESERVE_BRK() for older binutils (Josh Poimboeuf) - x86/mm: Simplify RESERVE_BRK() (Josh Poimboeuf) - x86/i8259: Skip probing when ACPI/MADT advertises PCAT compatibility (Thomas Gleixner) - nfsd: lock_rename() needs both directories to live on the same fs (Al Viro) - f2fs: fix to do sanity check on inode type during garbage collection (Chao Yu) - kobject: Fix slab-out-of-bounds in fill_kobj_path() (Wang Hai) - drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper() (Lukasz Majczak) - ARM: 8933/1: replace Sun/Solaris style flag on section directive (Nick Desaulniers) - i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() (Herve Codina) - i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() (Herve Codina) - i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() (Herve Codina) - i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR (Ivan Vecera) - gtp: uapi: fix GTPA_MAX (Pablo Neira Ayuso) - tcp: fix wrong RTO timeout when received SACK reneging (Fred Chen) - r8152: Increase USB control msg timeout to 5000ms as per spec (Douglas Anderson) - igb: Fix potential memory leak in igb_add_ethtool_nfc_entry (Mateusz Palczewski) - treewide: Spelling fix in comment (Kunwu Chan) - virtio_balloon: Fix endless deflation and inflation on arm64 (Gavin Shan) - mcb-lpc: Reallocate memory region to avoid memory overlapping (Rodriguez Barbarin, Jose Javier) - mcb: Return actual parsed size when reading chameleon table (Rodriguez Barbarin, Jose Javier) [4.14.35-2047.533.1] - vhost-scsi: fix vqs allocation memory corruption (Dongli Zhang) [Orabug: 36110885] - xfs: try to avoid allocation blocking on busy extents (Mark Tinguely) [Orabug: 35960820] - KVM: x86: Don't unnecessarily force masterclock update on vCPU hotplug (Sean Christopherson) [Orabug: 35910097] [4.14.35-2047.532.3] - Revert 'mmc: core: Capture correct oemid-bits for eMMC cards' (Dominique Martinet) - media: dvb-usb-v2: af9035: fix missing unlock (Hans Verkuil) - perf/core: Fix potential NULL deref (Peter Zijlstra) [4.14.35-2047.532.2] - x86: change default to spec_store_bypass_disable=prctl spectre_v2_user=prctl (Andrea Arcangeli) [Orabug: 35905888] - LTS version: 4.14.328 (Saeed Mirzamohammadi) - Bluetooth: hci_event: Fix using memcmp when comparing keys (Luiz Augusto von Dentz) - Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (Kees Cook) - Bluetooth: hci_sock: fix slab oob read in create_monitor_event (Edward AD) - gpio: vf610: set value before the direction to avoid a glitch (Haibo Chen) - s390/pci: fix iommu bitmap allocation (Niklas Schnelle) - perf: Disallow mis-matched inherited group reads (Saeed Mirzamohammadi) - USB: serial: option: add Fibocom to DELL custom modem FM101R-GL (Puliang Lu) - USB: serial: option: add entry for Sierra EM9191 with new firmware (Benoit Monin) - USB: serial: option: add Telit LE910C4-WWX 0x1035 composition (Fabio Porcedda) - ACPI: irq: Fix incorrect return value in acpi_register_gsi() (Sunil V L) - Revert 'pinctrl: avoid unsafe code pattern in find_pinctrl()' (Andy Shevchenko) - mmc: core: Capture correct oemid-bits for eMMC cards (Avri Altman) - sky2: Make sure there is at least one frag_addr available (Kees Cook) - wifi: cfg80211: avoid leaking stack data into trace (Benjamin Berg) - wifi: mac80211: allow transmitting EAPOL frames with tainted key (Wen Gong) - Bluetooth: hci_core: Fix build warnings (Luiz Augusto von Dentz) - Bluetooth: Avoid redundant authentication (Ying Hsu) - HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (Ma Ke) - tracing: relax trace_event_eval_update() execution with cond_resched() (Clement Leger) - ata: libata-eh: Fix compilation warning in ata_eh_link_report() (Damien Le Moal) - gpio: timberdale: Fix potential deadlock on &tgpio->lock (Chengfeng Ye) - overlayfs: set ctime when setting mtime and atime (Jeff Layton) - i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (Heiner Kallweit) - btrfs: initialize start_slot in btrfs_log_prealloc_extents (Josef Bacik) - ARM: dts: ti: omap: Fix noisy serial with overrun-throttle-ms for mapphone (Tony Lindgren) - i40e: prevent crash on probe if hw registers have invalid values (Michal Schmidt) - net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (Dan Carpenter) - net: rfkill: gpio: prevent value glitch during probe (Josua Mayer) - net: ipv6: fix return value check in esp_remove_trailer (Ma Ke) - net: ipv4: fix return value check in esp_remove_trailer (Ma Ke) - xfrm: fix a data-race in xfrm_gen_index() (Saeed Mirzamohammadi) - netfilter: nft_payload: fix wrong mac header matching (Florian Westphal) - KVM: x86: Mask LVTPC when handling a PMI (Jim Mattson) - regmap: fix NULL deref on lookup (Johan Hovold) - nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (Krzysztof Kozlowski) - Bluetooth: avoid memcmp() out of bounds warning (Arnd Bergmann) - Bluetooth: hci_event: Fix coding style (Luiz Augusto von Dentz) - Bluetooth: vhci: Fix race when opening vhci device (Arkadiusz Bokowy) - Bluetooth: Fix a refcnt underflow problem for hci_conn (Ziyang Xuan) - Bluetooth: Reject connection with the device which has same BD_ADDR (Lee, Chun-Yi) - Bluetooth: hci_event: Ignore NULL link key (Lee, Chun-Yi) - usb: hub: Guard against accesses to uninitialized BOS descriptors (Ricardo Canuelo) - x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (Borislav Petkov (AMD)) - usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (Krishna Kurapati) - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (Piyush Mehta) - pinctrl: avoid unsafe code pattern in find_pinctrl() (Dmitry Torokhov) - cgroup: Remove duplicates in cgroup v1 tasks file (Michal Koutny) - Input: xpad - add PXN V900 support (Matthias Berndt) - Input: powermate - fix use-after-free in powermate_config_complete (Javier Carrasco) - ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (Xiubo Li) - mcb: remove is_added flag from mcb_device struct (Jorge Sanjuan Garcia) - iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (Alexander Zangerl) - iio: pressure: bmp280: Fix NULL pointer exception (Phil Elwell) - usb: musb: Modify the 'HWVers' register address (Xingxing Luo) - usb: musb: Get the musb_qh poniter after musb_giveback (Xingxing Luo) - net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (Javier Carrasco) - usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (Wesley Cheng) - workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask() (Waiman Long) - nfc: nci: assert requested protocol is valid (Jeremy Cline) - ixgbe: fix crash with empty VF macvlan list (Dan Carpenter) - drm/vmwgfx: fix typo of sizeof argument (Konstantin Meskhidze) - ieee802154: ca8210: Fix a potential UAF in ca8210_probe (Dinghao Liu) - drm: etvnaviv: fix bad backport leading to warning (Martin Fuzzey) - HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (Hans de Goede) - RDMA/cxgb4: Check skb value for failure to allocate (Artem Chernyshev) - LTS version: 4.14.327 (Saeed Mirzamohammadi) - parisc: Restore __ldcw_align for PA-RISC 2.0 processors (John David Anglin) - RDMA/mlx5: Fix NULL string error (Shay Drory) - RDMA/cma: Fix truncation compilation warning in make_cma_ports (Leon Romanovsky) - gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (Bartosz Golaszewski) - IB/mlx4: Fix the size of a buffer in add_port_entries() (Christophe JAILLET) - cpupower: add Makefile dependencies for install targets (Ivan Babrou) - sctp: update hb timer immediately after users change hb_interval (Xin Long) - sctp: update transport state when processing a dupcook packet (Xin Long) - tcp: fix delayed ACKs for MSS boundary condition (Neal Cardwell) - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (Shigeru Yoshida) - ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() (David Howells) - modpost: add missing else to the 'of' check (Mauricio Faria de Oliveira) - scsi: target: core: Fix deadlock due to recursive locking (Junxiao Bi) - regmap: rbtree: Fix wrong register marked as in-cache when creating new node (Richard Fitzgerald) - drivers/net: process the result of hdlc_open() and add call of hdlc_close() in uhdlc_close() (Alexandra Diupina) - ubi: Refuse attaching if mtd's erasesize is 0 (Zhihao Cheng) - wifi: mwifiex: Fix tlv_buf_left calculation (Gustavo A. R. Silva) - scsi: zfcp: Fix a double put in zfcp_port_enqueue() (Dinghao Liu) - media: dvb: symbol fixup for dvb_attach() - again (Greg Kroah-Hartman) - ata: libata: disallow dev-initiated LPM transitions to unsupported states (Niklas Cassel) - net/sched: sch_hfsc: Ensure inner classes have fsc curve (Budimir Markovic) [Orabug: 35810543] {CVE-2023-4623} - ext4: fix rec_len verify error (Shida Zhang) - vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF (George Kennedy) - fs: binfmt_elf_efpic: fix personality for ELF-FDPIC (Greg Ungerer) - ata: libata-sata: increase PMP SRST timeout to 10s (Matthias Schiffer) - ata: libata-core: Fix port and device removal (Damien Le Moal) - ata: libata-core: Fix ata_port_request_pm() locking (Damien Le Moal) - btrfs: properly report 0 avail for very full file systems (Josef Bacik) - i2c: i801: unregister tco_pdev in i801_probe() error path (Heiner Kallweit) - ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (Niklas Cassel) - nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (Pan Bian) - serial: 8250_port: Check IRQ data before use (Andy Shevchenko) - watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (Mika Westerberg) - watchdog: iTCO_wdt: No need to stop the timer in probe (Mika Westerberg) - ata: libahci: clear pending interrupt status (Szuying Chen) - ata: ahci: Drop pointless VPRINTK() calls and convert the remaining ones (Hannes Reinecke) - fbdev/sh7760fb: Depend on FB=y (Thomas Zimmermann) - ata: libata-eh: do not clear ATA_PFLAG_EH_PENDING in ata_eh_reset() (Niklas Cassel) - ring-buffer: Avoid softlockup in ring_buffer_resize() (Zheng Yejian) - selftests/ftrace: Correctly enable event in instance-event.tc (Zheng Yejian) - parisc: irq: Make irq_stack_union static to avoid sparse warning (Helge Deller) - parisc: iosapic.c: Fix sparse warnings (Helge Deller) - parisc: sba: Fix compile warning wrt list of SBA devices (Helge Deller) - xtensa: boot/lib: fix function prototypes (Max Filippov) - xtensa: boot: don't add include-dirs (Randy Dunlap) - clk: tegra: fix error return case for recalc_rate (Timo Alho) - i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (Xiaoke Wang) - gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (Christophe JAILLET) - team: fix null-ptr-deref when team device type is changed (Ziyang Xuan) - powerpc/perf/hv-24x7: Update domain value check (Kajol Jain) - ipv4: fix null-deref in ipv4_link_failure (Kyle Zeng) - NFS/pNFS: Report EINVAL errors from connect() to the server (Trond Myklebust) [4.14.35-2047.532.1] - rds/ib: Preserve dest qp num in the connect request (Arumugam Kolappan) [Orabug: 35649849] - rds: Provision to allow all trace points at module load time (Arumugam Kolappan) [Orabug: 35355776] [4.14.35-2047.531.2] - rtnetlink: Reject negative ifindexes in RTM_NEWLINK (Ido Schimmel) [Orabug: 35867429] - Revert 'rtnetlink: Reject negative ifindexes in RTM_NEWLINK' (Boris Ostrovsky) [Orabug: 35867429] - rds: Add proper refcnt when an RDS MR references an RDS Socket (Hakon Bugge) [Orabug: 35836950] - rds: Check for UAF in rds_destroy_mr (Hakon Bugge) [Orabug: 35836950] - xfs: reserve less log space when recovering log intent items (Darrick J. Wong) [Orabug: 35587163] - xfs: reserve blocks for refcount / rmap log item recovery (Darrick J. Wong) [Orabug: 35587163] - wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (Pin-yen Lin) - dccp: fix dccp_v4_err()/dccp_v6_err() again (Eric Dumazet) [4.14.35-2047.531.1] - ocfs2: ocfs2 crash due to invalid h_next_leaf_blk value in extent block (Gautham Ananthakrishna) [Orabug: 35859332] - bnxt_en: fix NULL dereference in bnxt_flash_package_from_file() (Samasth Norway Ananda) [Orabug: 35848949] - LTS version: v4.14.326 (Saeed Mirzamohammadi) - net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free (valis) [Orabug: 35814287] {CVE-2023-4207} - mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write (William Zhang) - mtd: rawnand: brcmnand: Fix ECC level field setting for v7.2 controller (William Zhang) - mtd: rawnand: brcmnand: Fix potential false time out warning (William Zhang) - mtd: rawnand: brcmnand: Fix crash during the panic_write (William Zhang) - nfsd: fix change_info in NFSv4 RENAME replies (Jeff Layton) - btrfs: fix lockdep splat and potential deadlock after failure running delayed items (Filipe Manana) - attr: block mode changes of symlinks (Christian Brauner) - md/raid1: fix error: ISO C90 forbids mixed declarations (Nigel Croxon) - kobject: Add sanity check for kset->kobj.ktype in kset_register() (Zhen Lei) - serial: cpm_uart: Avoid suspicious locking (Christophe Leroy) - scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (Konstantin Shelekhin) - usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc (Ma Ke) - media: pci: cx23885: replace BUG with error return (Hans Verkuil) - media: tuners: qt1010: replace BUG_ON with a regular error (Hans Verkuil) - iio: core: Use min() instead of min_t() to make code more robust (Andy Shevchenko) - media: az6007: Fix null-ptr-deref in az6007_i2c_xfer() (Zhang Shurong) - media: anysee: fix null-ptr-deref in anysee_master_xfer (Zhang Shurong) - media: af9005: Fix null-ptr-deref in af9005_i2c_xfer (Zhang Shurong) - media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer() (Zhang Shurong) - media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer (Zhang Shurong) - powerpc/pseries: fix possible memory leak in ibmebus_bus_init() (ruanjinjie) - jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount (Liu Shixin via Jfs-discussion) - fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount() (Andrew Kanner) - ext2: fix datatype of block number in ext2_xattr_set2() (Georg Ottinger) - md: raid1: fix potential OOB in raid1_remove_disk() (Zhang Shurong) - drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable() (Tuo Li) - alx: fix OOB-read compiler warning (GONG, Ruiqi) - tpm_tis: Resend command to recover from data transfer errors (Alexander Steffen) - crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui() (Mark O'Donovan) - wifi: mwifiex: fix fortify warning (Dmitry Antipov) - wifi: ath9k: fix printk specifier (Dongliang Mu) - hw_breakpoint: fix single-stepping when using bpf_overflow_handler (Tomislav Novak) - ACPI: video: Add backlight=native DMI quirk for Lenovo Ideapad Z470 (Jiri Slaby (SUSE)) - ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer (Abhishek Mainkar) - btrfs: output extra debug info if we failed to find an inline backref (Qu Wenruo) - autofs: fix memory leak of waitqueues in autofs_catatonic_mode (Fedor Pchelkin) - parisc: Drop loops_per_jiffy from per_cpu struct (Helge Deller) - kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg(). (Kuniyuki Iwashima) - ixgbe: fix timestamp configuration code (Vadim Fedorenko) - kcm: Fix memory leak in error path of kcm_sendmsg() (Shigeru Yoshida) - net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_get_fdir_all() (Hangyu Hua) - ata: pata_ftide010: Add missing MODULE_DESCRIPTION (Damien Le Moal) - ata: sata_gemini: Add missing MODULE_DESCRIPTION (Damien Le Moal) - igb: Change IGB_MIN to allow set rx/tx value between 64 and 80 (Olga Zaborska) - igbvf: Change IGBVF_MIN to allow set rx/tx value between 64 and 80 (Olga Zaborska) - kcm: Destroy mutex in kcm_exit_net() (Shigeru Yoshida) - net: sched: sch_qfq: Fix UAF in qfq_dequeue() (valis) [Orabug: 35814456] {CVE-2023-4921} - af_unix: Fix data race around sk->sk_err. (Kuniyuki Iwashima) - af_unix: Fix data-races around sk->sk_shutdown. (Kuniyuki Iwashima) - af_unix: Fix data-race around unix_tot_inflight. (Kuniyuki Iwashima) - af_unix: Fix data-races around user->unix_inflight. (Kuniyuki Iwashima) - net: ipv6/addrconf: avoid integer underflow in ipv6_create_tempaddr (Alex Henrie) - igb: disable virtualization features on 82580 (Corinna Vinschen) - net: read sk->sk_family once in sk_mc_loop() (Eric Dumazet) - pwm: lpc32xx: Remove handling of PWM channels (Vladimir Zapolskiy) - watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (Raag Jadav) - x86/virt: Drop unnecessary check on extended CPUID level in cpu_has_svm() (Sean Christopherson) - NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (Fedor Pchelkin) - clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (Dmitry Baryshkov) - parisc: led: Reduce CPU overhead for disk & lan LED computation (Helge Deller) - parisc: led: Fix LAN receive and transmit LEDs (Helge Deller) - drm/ast: Fix DRAM init on AST2200 (Thomas Zimmermann) - fbdev/ep93xx-fb: Do not assign to struct fb_info.dev (Thomas Zimmermann) - scsi: qla2xxx: Turn off noisy message log (Quinn Tran) - scsi: qla2xxx: fix inconsistent TMF timeout (Quinn Tran) - crypto: stm32 - fix loop iterating through scatterlist for DMA (Thomas Bourgoin) - pstore/ram: Check start of empty przs during init (Enlin Mu) - net: handle ARPHRD_PPP in dev_is_mac_header_xmit() (Nicolas Dichtel) - X.509: if signature is unsupported skip validation (Thore Sommer) - dccp: Fix out of bounds access in DCCP error handler (Jann Horn) - parisc: Fix /proc/cpuinfo output for lscpu (Helge Deller) - procfs: block chmod on /proc/thread-self/comm (Aleksa Sarai) - Revert 'PCI: Mark NVIDIA T4 GPUs to avoid bus reset' (Bjorn Helgaas) - ntb: Fix calculation ntb_transport_tx_free_entry() (Dave Jiang) - ntb: Clean up tx tail index on link down (Dave Jiang) - ntb: Drop packets when qp link is down (Dave Jiang) - media: dvb: symbol fixup for dvb_attach() (Greg Kroah-Hartman) - backlight/lv5207lp: Compare against struct fb_info.device (Thomas Zimmermann) - backlight/bd6107: Compare against struct fb_info.device (Thomas Zimmermann) - backlight/gpio_backlight: Compare against struct fb_info.device (Thomas Zimmermann) - ARM: OMAP2+: Fix -Warray-bounds warning in _pwrdm_state_switch() (Gustavo A. R. Silva) - ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl (Takashi Iwai) - PM / devfreq: Fix leak in devfreq_dev_release() (Boris Brezillon) - igb: set max size RX buffer when store bad packet is enabled (Radoslaw Tyl) [Orabug: 35924097] {CVE-2023-45871} - igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU (Eric Dumazet) [Orabug: 35924001] {CVE-2023-42752} - dmaengine: ste_dma40: Add missing IRQ check in d40_probe (ruanjinjie) - rpmsg: glink: Add check for kstrdup (Jiasheng Jiang) - HID: multitouch: Correct devm device reference for hidinput input_dev name (Rahul Rameshbabu) - Revert 'IB/isert: Fix incorrect release of isert connection' (Leon Romanovsky) - amba: bus: fix refcount leak (Peng Fan) - serial: tegra: handle clk prepare error in tegra_uart_hw_init() (Yi Yang) - scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock (Chengfeng Ye) - scsi: core: Use 32-bit hostnum in scsi_host_lookup() (Tony Battersby) - cgroup:namespace: Remove unused cgroup_namespaces_init() (Lu Jialin) - USB: gadget: f_mass_storage: Fix unused variable warning (Alan Stern) - media: go7007: Remove redundant if statement (Colin Ian King) - dma-buf/sync_file: Fix docs syntax (Rob Clark) - scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly (Oleksandr Natalenko) - scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly (Oleksandr Natalenko) - x86/APM: drop the duplicate APM_MINOR_DEV macro (Randy Dunlap) - scsi: qla4xxx: Add length check when parsing nlattrs (Lin Ma) - scsi: be2iscsi: Add length check when parsing nlattrs (Lin Ma) - scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() (Lin Ma) - usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (Xu Yang) - media: mediatek: vcodec: Return NULL if no vdec_fb is found (Irui Wang) - media: cx24120: Add retval check for cx24120_message_send() (Daniil Dulov) - media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() (Christophe JAILLET) - media: dib7000p: Fix potential division by zero (Daniil Dulov) - drivers: usb: smsusb: fix error handling code in smsusb_init_device (Dongliang Mu) - NFSD: da_addr_body field missing in some GETDEVICEINFO replies (Chuck Lever) - fs: lockd: avoid possible wrong NULL parameter (Su Hui) - jfs: validate max amount of blocks before allocation. (Alexei Filippov) - powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (Russell Currey) - nfs/blocklayout: Use the passed in gfp flags (Dan Carpenter) - wifi: ath10k: Use RMW accessors for changing LNKCTL (Ilpo Jarvinen) - PCI: pciehp: Use RMW accessors for changing LNKCTL (Ilpo Jarvinen) - PCI: Mark NVIDIA T4 GPUs to avoid bus reset (Wu Zongyong) - clk: sunxi-ng: Modify mismatched function name (Zhang Jianhua) - drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init() (Minjie Du) - ALSA: ac97: Fix possible error value of *rac97 (Su Hui) - audit: fix possible soft lockup in __audit_inode_child() (Gaosheng Cui) - smackfs: Prevent underflow in smk_set_cipso() (Dan Carpenter) - of: unittest: fix null pointer dereferencing in of_unittest_find_node_by_name() (Ruan Jinjie) - drm: adv7511: Fix low refresh rate register for ADV7533/5 (Bogdan Togorean) - ARM: dts: samsung: s5pv210-smdkv210: correct ethernet reg addresses (split) (Krzysztof Kozlowski) - ARM: dts: samsung: s3c6410-mini6410: correct ethernet reg addresses (split) (Krzysztof Kozlowski) - ARM: dts: BCM53573: Add cells sizes to PCIe node (Rafal Milecki) - netrom: Deny concurrent connect(). (Kuniyuki Iwashima) - net: arcnet: Do not call kfree_skb() under local_irq_disable() (Jinjie Ruan) - wifi: ath9k: use IS_ERR() with debugfs_create_dir() (Wang Ming) - wifi: mwifiex: avoid possible NULL skb pointer dereference (Dmitry Antipov) - wifi: ath9k: protect WMI command response buffer replacement with a lock (Fedor Pchelkin) - wifi: mwifiex: Fix missed return in oob checks failed path (Polaris Pi) - wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (Dmitry Antipov) - fs: ocfs2: namei: check return value of ocfs2_add_entry() (Artem Chernyshev) - lwt: Check LWTUNNEL_XMIT_CONTINUE strictly (Yan Zhai) - crypto: caam - fix unchecked return value error (Gaurav Jain) - net: tcp: fix unexcepted socket die when snd_wnd is 0 (Menglong Dong) - Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (Yuanjun Gong) - wifi: mwifiex: Fix OOB and integer underflow when rx packets (Polaris Pi) - can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM (Marc Kleine-Budde) - spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (Zhang Shurong) - regmap: rbtree: Use alloc_flags for memory allocations (Dan Carpenter) - cpufreq: powernow-k8: Use related_cpus instead of cpus in driver.exit() (Liao Chang) - fs: Fix error checking for d_hash_and_lookup() (Wang Ming) - reiserfs: Check the return value from __getblk() (Matthew Wilcox) - Revert 'net: macsec: preserve ingress frame ordering' (Sabrina Dubroca) - udf: Handle error when adding extent to a file (Jan Kara) - udf: Check consistency of Space Bitmap Descriptor (Vladislav Efanov) - powerpc/32s: Fix assembler warning about r0 (Christophe Leroy) - powerpc/32: Include .branch_lt in data section (Joel Stanley) - ALSA: seq: oss: Fix racy open/close of MIDI devices (Takashi Iwai) - cifs: add a warning when the in-flight count goes negative (Shyam Prasad N) - sctp: handle invalid error codes without calling BUG() (Dan Carpenter) - bnx2x: fix page fault following EEH recovery (David Christensen) - netlabel: fix shift wrapping bug in netlbl_catmap_setlong() (Dmitry Mastykin) - scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (Chengfeng Ye) - idmaengine: make FSL_EDMA and INTEL_IDMA64 depends on HAS_IOMEM (Baoquan He) - net: usb: qmi_wwan: add Quectel EM05GV2 (Martin Kohn) - security: keys: perform capable check only on privileged operations (Christian Gottsche) - ASoc: codecs: ES8316: Fix DMIC config (Edgar) - fs/nls: make load_nls() take a const parameter (Saeed Mirzamohammadi) - s390/dasd: use correct number of retries for ERP requests (Stefan Haberland) - m68k: Fix invalid .section syntax (Ben Hutchings) - ethernet: atheros: fix return value check in atl1c_tso_csum() (Yuanjun Gong) - ASoC: da7219: Flush pending AAD IRQ when suspending (Dmytro Maluka) - 9p: virtio: make sure 'offs' is initialized in zc_request (Dominique Martinet) - lib/ubsan: remove returns-nonnull-attribute checks (Andrey Ryabinin) - pinctrl: amd: Don't show Invalid config param errors (Mario Limonciello) - nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse (Ryusuke Konishi) - nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers() (Ryusuke Konishi) - serial: sc16is7xx: fix bug when first setting GPIO direction (Hugo Villeneuve) - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (Zheng Wang) [Orabug: 35282808] {CVE-2023-1989} - HID: wacom: remove the battery when the EKR is off (Aaron Armstrong Skomra) - USB: serial: option: add FOXCONN T99W368/T99W373 product (Slark Xiao) - USB: serial: option: add Quectel EM05G variant (0x030e) (Martin Kohn) - modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules (Christoph Hellwig) - rtc: ds1685: use EXPORT_SYMBOL_GPL for ds1685_rtc_poweroff (Christoph Hellwig) - mmc: au1xmmc: force non-modular build and remove symbol_get usage (Christoph Hellwig) - ARM: pxa: remove use of symbol_get() (Arnd Bergmann) [4.14.35-2047.530.5] - netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c (Kyle Zeng) [Orabug: 35824288] {CVE-2023-42753} - netfilter: xt_u32: validate user space input (Wander Lairson Costa) [Orabug: 35923468] {CVE-2023-39192} - netfilter: xt_sctp: validate the flag_info count (Wander Lairson Costa) [Orabug: 35923499] {CVE-2023-39193} [4.14.35-2047.530.4] - rds: Fix lack of reentrancy for connection reset with dst addr zero (Hakon Bugge) [Orabug: 35819110] {CVE-2023-22024} - kernfs: fix missing kernfs_iattr_rwsem locking (Ian Kent) [Orabug: 35796772] - uek-rpm: Removing pre scriptlet to not allow firmware downgrade (Samasth Norway Ananda) [Orabug: 35756463] - scsi: megaraid_sas: Fix deadlock on firmware crashdump (Junxiao Bi) [Orabug: 35702793] [4.14.35-2047.530.3] - Add the new PCI Device IDs to support new generation of AMD 19h processors. (Partha Sarathi Satapathy) [Orabug: 35773822] - hwmon: (k10temp) Add support for AMD Family 19h Models 10h-1Fh and A0h-AFh (Babu Moger) [Orabug: 35773822] [4.14.35-2047.530.2] - LTS version: v4.14.325 (Saeed Mirzamohammadi) - Revert 'ARM: ep93xx: fix missing-prototype warnings' (Greg Kroah-Hartman) - Revert 'MIPS: Alchemy: fix dbdma2' (Greg Kroah-Hartman) - LTS version: v4.14.324 (Saeed Mirzamohammadi) - dma-buf/sw_sync: Avoid recursive lock during fence signal (Rob Clark) - scsi: core: raid_class: Remove raid_component_add() (Zhu Wang) - scsi: snic: Fix double free in snic_tgt_create() (Zhu Wang) - rtnetlink: Reject negative ifindexes in RTM_NEWLINK (Ido Schimmel) - x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 (Feng Tang) - media: vcodec: Fix potential array out-of-bounds in encoder queue_setup (Wei Chen) - lib/clz_ctz.c: Fix __clzdi2() and __ctzdi2() for 32-bit kernels (Helge Deller) - batman-adv: Fix batadv_v_ogm_aggr_send memory leak (Remi Pommarel) - batman-adv: Fix TT global entry leak when client roamed back (Remi Pommarel) - batman-adv: Do not get eth header before batadv_check_management_packet (Remi Pommarel) - batman-adv: Trigger events for auto adjusted MTU (Sven Eckelmann) - ibmveth: Use dcbf rather than dcbfl (Michael Ellerman) - ipvs: fix racy memcpy in proc_do_sync_threshold (Sishuai Gong) - ipvs: Improve robustness to the ipvs sysctl (Junwei Hu) - igb: Avoid starting unnecessary workqueues (Alessio Igor Bogani) - sock: annotate data-races around prot->memory_pressure (Eric Dumazet) - tracing: Fix memleak due to race between current_tracer and trace (Zheng Yejian) - net: phy: broadcom: stub c45 read/write for 54810 (Justin Chen) - net: xfrm: Amend XFRMA_SEC_CTX nla_policy structure (Lin Ma) - net: fix the RTO timer retransmitting skb every 1ms if linear option is enabled (Jason Xing) - af_unix: Fix null-ptr-deref in unix_stream_sendpage(). (Kuniyuki Iwashima) [Orabug: 35814409] {CVE-2023-4622} - ASoC: rt5665: add missed regulator_bulk_disable (Zhang Shurong) - netfilter: set default timeout to 3 secs for sctp shutdown send and recv state (Xin Long) - test_firmware: prevent race conditions by a correct implementation of locking (Mirsad Goran Todorovac) - binder: fix memory leak in binder_init() (Qi Zheng) - serial: 8250: Fix oops for port->pm on uart_change_pm() (Tony Lindgren) - mmc: wbsd: fix double mmc_free_host() in wbsd_init() (Yang Yingliang) - cifs: Release folio lock on fscache read hit. (Russell Harmon via samba-technical) - ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces. (dengxiang) - net: do not allow gso_size to be set to GSO_BY_FRAGS (Eric Dumazet) - sock: Fix misuse of sk_under_memory_pressure() (Abel Wu) - i40e: fix misleading debug logs (Andrii Staikov) - team: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves (Ziyang Xuan) - netfilter: nft_dynset: disallow object maps (Pablo Neira Ayuso) - xfrm: add NULL check in xfrm_update_ae_params (Lin Ma) [Orabug: 35754508] {CVE-2023-3772} - ip_vti: fix potential slab-use-after-free in decode_session6 (Zhengchao Shao) - ip6_vti: fix slab-use-after-free in decode_session6 (Zhengchao Shao) - net: af_key: fix sadb_x_filter validation (Lin Ma) - net: xfrm: Fix xfrm_address_filter OOB read (Lin Ma) [Orabug: 35923516] {CVE-2023-39194} - fbdev: mmp: fix value check in mmphw_probe() (Yuanjun Gong) - drm/amdgpu: Fix potential fence use-after-free v2 (shanzhulig) - Bluetooth: L2CAP: Fix use-after-free (Zhengping Jiang) - pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() (Armin Wolf) - gfs2: Fix possible data races in gfs2_show_options() (Tuo Li) - media: platform: mediatek: vpu: fix NULL ptr dereference (Hans Verkuil) - media: v4l2-mem2mem: add lock to protect parameter num_rdy (Yunfei Dong) - FS: JFS: Check for read-only mounted filesystem in txBegin (Immad Mir) - FS: JFS: Fix null-ptr-deref Read in txBegin (Immad Mir) - MIPS: dec: prom: Address -Warray-bounds warning (Gustavo A. R. Silva) - fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev (Yogesh) - udf: Fix uninitialized array access for some pathnames (Jan Kara) - quota: fix warning in dqgrab() (Ye Bin) - quota: Properly disable quotas when add_dquot_ref() fails (Jan Kara) - ALSA: emu10k1: roll up loops in DSP setup code for Audigy (Oswald Buddenhagen) - drm/radeon: Fix integer overflow in radeon_cs_parser_init (hackyzh002) - lib/mpi: Eliminate unused umul_ppmm definitions for MIPS (Nathan Chancellor) - LTS version: v4.14.323 (Saeed Mirzamohammadi) - alpha: remove __init annotation from exported page_is_ram() (Masahiro Yamada) - scsi: core: Fix possible memory leak if device_add() fails (Zhu Wang) - scsi: snic: Fix possible memory leak if device_add() fails (Zhu Wang) - scsi: 53c700: Check that command slot is not NULL (Alexandra Diupina) - scsi: storvsc: Fix handling of virtual Fibre Channel timeouts (Michael Kelley) - scsi: core: Fix legacy /proc parsing buffer overflow (Tony Battersby) - netfilter: nf_tables: report use refcount overflow (Pablo Neira Ayuso) - btrfs: don't stop integrity writeback too early (Christoph Hellwig) - IB/hfi1: Fix possible panic during hotplug remove (Douglas Miller) - drivers: net: prevent tun_build_skb() to exceed the packet size limit (Andrew Kanner) - dccp: fix data-race around dp->dccps_mss_cache (Eric Dumazet) - bonding: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves (Ziyang Xuan) - net/packet: annotate data-races around tp->status (Eric Dumazet) - drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes (Karol Herbst) - x86/mm: Fix VDSO and VVAR placement on 5-level paging machines (Kirill A. Shutemov) - usb: dwc3: Properly handle processing of pending events (Elson Roy Serrao) - usb-storage: alauda: Fix uninit-value in alauda_check_media() (Alan Stern) - iio: cros_ec: Fix the allocation size for cros_ec_command (Yiyuan Guo) - test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation (Mirsad Goran Todorovac) - nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (Ryusuke Konishi) - radix tree test suite: fix incorrect allocation size for pthreads (Colin Ian King) - dmaengine: pl330: Return DMA_PAUSED when transaction is paused (Ilpo Jarvinen) - ipv6: adjust ndisc_is_useropt() to also return true for PIO (Maciej Zenczykowski) - mmc: moxart: read scr register without changing byte order (Sergei Antonov) - sparc: fix up arch_cpu_finalize_init() build breakage. (Greg Kroah-Hartman) [4.14.35-2047.530.1] - rds: Remove gratuitous include of time.h from rds.h (Mark Haywood) [Orabug: 35742762] - smp: Reduce NMI traffic from CSD waiters to CSD destination (Imran Khan) [Orabug: 35236407] - smp: Reduce logging due to dump_stack of CSD waiters (Imran Khan) [Orabug: 35236407] [4.14.35-2047.529.3] - uek-rpm: Update kernel linux-firmware dependency to 20230516-999.26.git6c9e0ed5. (Somasundaram Krishnasamy) [Orabug: 35724203] - LTS version: v4.14.322 (Saeed Mirzamohammadi) - drm/edid: fix objtool warning in drm_cvt_modes() (Linus Torvalds) - mtd: rawnand: omap_elm: Fix incorrect type in assignment (Roger Quadros) - test_firmware: fix a memory leak with reqs buffer (Mirsad Goran Todorovac) - ext2: Drop fragment support (Jan Kara) - net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb (Alan Stern) - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (Sungwoo Kim) [Orabug: 35814477] {CVE-2023-40283} - fs/sysv: Null check to prevent null-ptr-deref bug (Prince Kumar Maurya) - USB: zaurus: Add ID for A-300/B-500/C-700 (Ross Maynard) - libceph: fix potential hang in ceph_osdc_notify() (Ilya Dryomov) - loop: Select I/O scheduler 'none' from inside add_disk() (Bart Van Assche) - tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen (Eric Dumazet) - tcp_metrics: annotate data-races around tm->tcpm_net (Eric Dumazet) - tcp_metrics: annotate data-races around tm->tcpm_vals[] (Eric Dumazet) - tcp_metrics: annotate data-races around tm->tcpm_lock (Eric Dumazet) - tcp_metrics: annotate data-races around tm->tcpm_stamp (Eric Dumazet) - tcp_metrics: fix addr_same() helper (Eric Dumazet) - ip6mr: Fix skb_under_panic in ip6mr_cache_report() (Yue Haibing) - net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free (valis) [Orabug: 35707465] {CVE-2023-4206} - net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free (valis) [Orabug: 35814296] {CVE-2023-4208} - net: add missing data-race annotation for sk_ll_usec (Eric Dumazet) - net: add missing data-race annotations around sk->sk_peek_off (Eric Dumazet) - perf test uprobe_from_different_cu: Skip if there is no gcc (Georg Muller) - net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer() (Yuanjun Gong) - word-at-a-time: use the same return type for has_zero regardless of endianness (ndesaulniers@google.com) - perf: Fix function pointer case (Peter Zijlstra) - net/sched: cls_u32: Fix reference counter leak leading to overflow (Lee Jones) [Orabug: 35635632] {CVE-2023-3609} - net/sched: sch_qfq: account for stab overhead in qfq_enqueue (Pedro Tammela) [Orabug: 35636290] {CVE-2023-3611} - net/sched: cls_fw: Fix improper refcount update leads to use-after-free (M A Ramdhan) [Orabug: 35636312] {CVE-2023-3776} - drm/client: Fix memory leak in drm_client_target_cloned (Jocelyn Falempe) - dm cache policy smq: ensure IO doesn't prevent cleaner policy progress (Joe Thornber) - ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register (Mark Brown) - s390/dasd: fix hanging device after quiesce/resume (Stefan Haberland) - irq-bcm6345-l1: Do not assume a fixed block to cpu mapping (Jonas Gorski) - tpm_tis: Explicitly check for error code (Alexander Steffen) - hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled (Gilles Buloz) - staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() (Zhang Shurong) - Documentation: security-bugs.rst: update preferences when dealing with the linux-distros group (Greg Kroah-Hartman) - usb: xhci-mtk: set the dma max_seg_size (Ricardo Ribalda) - usb: ohci-at91: Fix the unhandle interrupt when resume (Guiting Shen) - can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED (Marc Kleine-Budde) - USB: serial: simple: sort driver entries (Johan Hovold) - USB: serial: simple: add Kaufmann RKS+CAN VCP (Oliver Neukum) - USB: serial: option: add Quectel EC200A module support (Mohsen Tahmasebi) - USB: serial: option: support Quectel EM060K_128 (Jerry Meng) - tracing: Fix warning in trace_buffered_event_disable() (Zheng Yejian) - ring-buffer: Fix wrong stat of cpu_buffer->read (Zheng Yejian) - ata: pata_ns87415: mark ns87560_tf_read static (Arnd Bergmann) - dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths (Yu Kuai) - block: Fix a source code comment in include/uapi/linux/blkzoned.h (Bart Van Assche) - ASoC: fsl_spdif: Silence output on stop (Matus Gajdos) - benet: fix return value check in be_lancer_xmit_workarounds() (Yuanjun Gong) - platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100 (Maxim Mikityanskiy) - team: reset team's flags when down link is P2P device (Hangbin Liu) - bonding: reset bond's flags when down link is P2P device (Hangbin Liu) - tcp: Reduce chance of collisions in inet6_hashfn(). (Stewart Smith) [Orabug: 35754476] {CVE-2023-1206} - ipv6 addrconf: fix bug where deleting a mngtmpaddr can create a new temporary address (Maciej Zenczykowski) - ethernet: atheros: fix return value check in atl1e_tso_csum() (Yuanjun Gong) - i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir() (Wang Ming) - gpio: tps68470: Make tps68470_gpio_output() always set the initial value (Hans de Goede) - tcp: annotate data-races around fastopenq.max_qlen (Eric Dumazet) - tcp: annotate data-races around tp->notsent_lowat (Eric Dumazet) - tcp: annotate data-races around rskq_defer_accept (Eric Dumazet) - netfilter: nf_tables: fix spurious set element insertion failure (Florian Westphal) - llc: Don't drop packet from non-root netns. (Kuniyuki Iwashima) - fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe (Zhang Shurong) - net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/cpsw_ale_set_field() (Tanmay Patil) - pinctrl: amd: Use amd_pinconf_set() for all config options (Mario Limonciello) - fbdev: imxfb: warn about invalid left/right margin (Martin Kaiser) - spi: bcm63xx: fix max prepend length (Jonas Gorski) - igb: Fix igb_down hung on surprise removal (Ying Hsu) - wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point() (Gustavo A. R. Silva) - bpf: Address KCSAN report on bpf_lru_list (Martin KaFai Lau) - sched/fair: Don't balance task to its current running CPU (Yicong Yang) - posix-timers: Ensure timer ID search-loop limit is valid (Saeed Mirzamohammadi) - md/raid10: prevent soft lockup while flush writes (Yu Kuai) - md: fix data corruption for raid456 when reshape restart while grow up (Yu Kuai) - nbd: Add the maximum limit of allocated index in nbd_dev_add (Zhong Jinghua) - debugobjects: Recheck debug_objects_enabled before reporting (Tetsuo Handa) - ext4: correct inline offset when handling xattrs in inode body (Eric Whitney) - can: bcm: Fix UAF in bcm_proc_show() (YueHaibing) - fuse: revalidate: don't invalidate if interrupted (Miklos Szeredi) - perf probe: Add test for regression introduced by switch to die_get_decl_file() (Georg Muller) - serial: atmel: don't enable IRQs prematurely (Dan Carpenter) - scsi: qla2xxx: Pointer may be dereferenced (Shreyas Deodhar) - scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() (Nilesh Javali) - scsi: qla2xxx: Fix potential NULL pointer dereference (Bikash Hazarika) - scsi: qla2xxx: Wait for io return on terminate rport (Quinn Tran) - xtensa: ISS: fix call to split_if_spec (Max Filippov) - ring-buffer: Fix deadloop issue on reading trace_pipe (Zheng Yejian) - tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk (Christophe JAILLET) - tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error (Christophe JAILLET) - Revert '8250: add support for ASIX devices with a FIFO bug' (Jiaqing Zhao) - meson saradc: fix clock divider mask length (George Stark) - hwrng: imx-rngc - fix the timeout for init and self check (Martin Kaiser) - fs: dlm: return positive pid value for F_GETLK (Alexander Aring) - md/raid0: add discard support for the 'original' layout (Jason Baron) - misc: pci_endpoint_test: Re-init completion for every test (Damien Le Moal) - PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 (Robin Murphy) - jfs: jfs_dmap: Validate db_l2nbperpage while mounting (Siddh Raman Pant) - ext4: only update i_reserved_data_blocks on successful block allocation (Baokun Li) - ext4: fix wrong unit use in ext4_mb_clear_bb (Kemeng Shi) - perf intel-pt: Fix CYC timestamps after standalone CBR (Adrian Hunter) - SUNRPC: Fix UAF in svc_tcp_listen_data_ready() (Ding Hui) - tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (Jarkko Sakkinen) - net/sched: make psched_mtu() RTNL-less safe (Pedro Tammela) - wifi: airo: avoid uninitialized warning in airo_get_rate() (Randy Dunlap) - ipv6/addrconf: fix a potential refcount underflow for idev (Ziyang Xuan) - NTB: ntb_transport: fix possible memory leak while device_register() fails (Yang Yingliang) - ntb: intel: Fix error handling in intel_ntb_pci_driver_init() (Yuan Can) - NTB: amd: Fix error handling in amd_ntb_pci_driver_init() (Yuan Can) - ntb: idt: Fix error handling in idt_pci_driver_init() (Yuan Can) - udp6: fix udp6_ehashfn() typo (Eric Dumazet) - net: mvneta: fix txq_map in case of txq_number==1 (Klaus Kudielka) - workqueue: clean up WORK_* constant types, clarify masking (Linus Torvalds) - netfilter: nf_tables: prevent OOB access in nft_byteorder_eval (Thadeu Lima de Souza Cascardo) [Orabug: 35609785] {CVE-2023-35001} - netfilter: conntrack: Avoid nf_ct_helper_hash uses after free (Florent Revest) - netfilter: nf_tables: unbind non-anonymous set if rule construction fails (Pablo Neira Ayuso) - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (Pablo Neira Ayuso) [Orabug: 35550219] {CVE-2023-3390} - netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE (Pablo Neira Ayuso) [Orabug: 35560845] {CVE-2023-3117} {CVE-2023-3390} - spi: spi-fsl-spi: allow changing bits_per_word while CS is still active (Rasmus Villemoes) - spi: spi-fsl-spi: relax message sanity checking a little (Rasmus Villemoes) - spi: spi-fsl-spi: remove always-true conditional in fsl_spi_do_one_msg (Rasmus Villemoes) - ARM: orion5x: fix d2net gpio initialization (Arnd Bergmann) - btrfs: fix race when deleting quota root from the dirty cow roots list (Filipe Manana) - jffs2: reduce stack usage in jffs2_build_xattr_subsystem() (Fabian Frederick) - integrity: Fix possible multiple allocation in integrity_inode_get() (Tianjia Zhang) - mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M (Robert Marko) - mmc: core: disable TRIM on Kingston EMMC04G-M627 (Robert Marko) - NFSD: add encoding of op_recall flag for write delegation (Dai Ngo) - sh: dma: Fix DMA channel offset calculation (Artur Rojek) - net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX (Lin Ma) - tcp: annotate data races in __tcp_oow_rate_limited() (Eric Dumazet) - net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode (Vladimir Oltean) - powerpc: allow PPC_EARLY_DEBUG_CPM only when SERIAL_CPM=y (Randy Dunlap) - mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 (Nishanth Menon) - spi: bcm-qspi: return error if neither hif_mspi nor mspi is available (Jonas Gorski) - Add MODULE_FIRMWARE() for FIRMWARE_TG357766. (Tobias Heider) - sctp: fix potential deadlock on &net->sctp.addr_wq_lock (Chengfeng Ye) - rtc: st-lpc: Release some resources in st_rtc_probe() in case of error (Christophe JAILLET) - mfd: stmpe: Only disable the regulators if they are enabled (Christophe JAILLET) - mfd: intel-lpss: Add missing check for platform_get_resource (Jiasheng Jiang) - mfd: rt5033: Drop rt5033-battery sub-device (Stephan Gerhold) - usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() (Li Yang) - extcon: Fix kernel doc of property capability fields to avoid warnings (Andy Shevchenko) - extcon: Fix kernel doc of property fields to avoid warnings (Andy Shevchenko) - media: usb: siano: Fix warning due to null work_func_t function pointer (Duoming Zhou) [Orabug: 35686150] {CVE-2023-4132} - media: videodev2.h: Fix struct v4l2_input tuner index comment (Marek Vasut) - media: usb: Check az6007_read() return value (Daniil Dulov) - sh: j2: Use ioremap() to translate device tree address into kernel memory (John Paul Adrian Glaubitz) - w1: fix loop in w1_fini() (Dan Carpenter) - block: change all __u32 annotations to __be32 in affs_hardblocks.h (Michael Schmitz) - USB: serial: option: add LARA-R6 01B PIDs (Davide Tronchin) - modpost: fix off by one in is_executable_section() (Dan Carpenter) - modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24} (Masahiro Yamada) - modpost: fix section mismatch message for R_ARM_ABS32 (Masahiro Yamada) - crypto: nx - fix build warnings when DEBUG_FS is not enabled (Randy Dunlap) - pinctrl: at91-pio4: check return value of devm_kasprintf() (Claudiu Beznea) - perf dwarf-aux: Fix off-by-one in die_get_varname() (Namhyung Kim) - pinctrl: cherryview: Return correct value if pin in push-pull mode (Andy Shevchenko) - PCI: Add pci_clear_master() stub for non-CONFIG_PCI (Sui Jingfeng) - scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (Yuchen Yang) - ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer (Su Hui) - drm/radeon: fix possible division-by-zero errors (Nikita Zhandarovich) - fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() (Christophe JAILLET) - soc/fsl/qe: fix usb.c build errors (Randy Dunlap) - ASoC: es8316: Increment max value for ALC Capture Target Volume control (Cristian Ciocaltea) - ARM: ep93xx: fix missing-prototype warnings (Arnd Bergmann) - drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H (Dario Binacchi) - Input: adxl34x - do not hardcode interrupt trigger type (Marek Vasut) - ARM: dts: BCM5301X: Drop 'clock-names' from the SPI node (Rafal Milecki) - Input: drv260x - sleep between polling GO bit (Luca Weiss) - radeon: avoid double free in ci_dpm_init() (Nikita Zhandarovich) - netlink: Add __sock_i_ino() for __netlink_diag_dump(). (Kuniyuki Iwashima) - netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value. (Ilia.Gavrilov) - lib/ts_bm: reset initial match offset for every block of text (Jeremy Sowden) - gtp: Fix use-after-free in __gtp_encap_destroy(). (Kuniyuki Iwashima) - netlink: do not hard code device address lenth in fdb dumps (Eric Dumazet) - netlink: fix potential deadlock in netlink_set_err() (Eric Dumazet) - wifi: ath9k: convert msecs to jiffies where needed (Dmitry Antipov) - wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() (Remi Pommarel) - memstick r592: make memstick_debug_get_tpc_name() static (Arnd Bergmann) - kexec: fix a memory leak in crash_shrink_memory() (Zhen Lei) - watchdog/perf: more properly prevent false positives with turbo modes (Douglas Anderson) - watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct config (Douglas Anderson) - wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes (Fedor Pchelkin) - wifi: ray_cs: Fix an error handling path in ray_probe() (Christophe JAILLET) - wifi: wl3501_cs: Fix an error handling path in wl3501_probe() (Christophe JAILLET) - wifi: atmel: Fix an error handling path in atmel_probe() (Christophe JAILLET) - wifi: orinoco: Fix an error handling path in orinoco_cs_probe() (Christophe JAILLET) - wifi: orinoco: Fix an error handling path in spectrum_cs_probe() (Christophe JAILLET) - wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx (Fedor Pchelkin) - wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation (Peter Seiderer) - evm: Complete description of evm_inode_setattr() (Roberto Sassu) - PM: domains: fix integer overflow issues in genpd_parse_state() (Nikita Zhandarovich) - md/raid10: fix io loss while replacement replace rdev (Li Nan) - md/raid10: fix wrong setting of max_corr_read_errors (Li Nan) - md/raid10: fix overflow of md/safe_mode_delay (Li Nan) - treewide: Remove uninitialized_var() usage (Kees Cook) - drm/amdgpu: Validate VM ioctl flags. (Bas Nieuwenhuizen) - scripts/tags.sh: Resolve gtags empty index generation (Ahmed S. Darwish) - drm/edid: Fix uninitialized variable in drm_cvt_modes() (Lyude Paul) - fbdev: imsttfb: Fix use after free bug in imsttfb_probe (Zheng Wang) - x86/smp: Use dedicated cache-line for mwait_play_dead() (Thomas Gleixner) - x86/microcode/AMD: Load late on both threads too (Borislav Petkov (AMD)) - gfs2: Don't deref jdesc in evict (Bob Peterson) - LTS version: v4.14.321 (Saeed Mirzamohammadi) [4.14.35-2047.529.2] - x86/cpu: persist X86_FEATURE_NT_GOOD for late reload (Ankur Arora) [Orabug: 35693947] - uek-rpm: Disable cls_tcindex in file tcindex-disable.conf (Sherry Yang) [Orabug: 35678739] - uek-rpm: Update kernel's linux-firmware dependency. (Somasundaram Krishnasamy) [Orabug: 35678693] - Revert 'sched/fair: sanitize vruntime of entity being placed' (Saeed Mirzamohammadi) [Orabug: 35651310] - Revert 'sched/fair: Sanitize vruntime of entity being migrated' (Saeed Mirzamohammadi) [Orabug: 35651310] - x86/microcode/AMD: Clean up per-family patch size checks (Borislav Petkov) [Orabug: 35643967] [4.14.35-2047.529.1] - vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (George Kennedy) [Orabug: 35649492] {CVE-2023-3567} - ocfs2: always read both high and low parts of dinode link count (Alexey Asemov) [Orabug: 35643004] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-1077 CVE-2023-25775 CVE-2023-0590 CVE-2022-29900 CVE-2023-45863 CVE-2022-29901 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::developer_UEKR5 cpe:/a:oracle:linux:7::UEKR5 cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.328.3] - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (Mark Zhang) [Orabug: 36143228] - KSPLICE: make sure the stack is zeroed. (Gregory Herrero) [Orabug: 36154654] - sched/fair: Fix tg->load when offlining a CPU (Vincent Guittot) [Orabug: 36185207] - i2c: core: Fix atomic xfer check for non-preempt config (Benjamin Bara) - net: Save and restore msg_namelen in sock_sendmsg (Marc Dionne) [5.4.17-2136.328.2] - LTS tag: v5.4.266 (Sherry Yang) - block: Don't invalidate pagecache for invalid falloc modes (Sarthak Kukreti) - smb: client: fix OOB in smbCalcSize() (Paulo Alcantara) - usb: fotg210-hcd: delete an incorrect bounds test (Dan Carpenter) - x86/alternatives: Sync core before enabling interrupts (Thomas Gleixner) - net: rfkill: gpio: set GPIO direction (Rouven Czerwinski) - net: 9p: avoid freeing uninit memory in p9pdu_vreadf (Fedor Pchelkin) - Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent (Luiz Augusto von Dentz) - USB: serial: option: add Quectel RM500Q R13 firmware support (Reinhard Speyerer) - USB: serial: option: add Foxconn T99W265 with new baseline (Slark Xiao) - USB: serial: option: add Quectel EG912Y module support (Alper Ak) - USB: serial: ftdi_sio: update Actisense PIDs constant names (Mark Glover) - wifi: cfg80211: fix certs build to not depend on file order (Johannes Berg) - wifi: cfg80211: Add my certificate (Chen-Yu Tsai) - iio: adc: ti_am335x_adc: Fix return value check of tiadc_request_dma() (Wadim Egorov) - iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table (Javier Carrasco) - scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() (Wei Yongjun) - Input: ipaq-micro-keys - add error handling for devm_kmemdup (Haoran Liu) - iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw (Su Hui) - interconnect: Treat xlate() returning NULL node as an error (Mike Tipton) - btrfs: do not allow non subvolume root targets for snapshot (Josef Bacik) - smb: client: fix NULL deref in asn1_ber_decoder() (Paulo Alcantara) - ALSA: hda/hdmi: add force-connect quirk for NUC5CPYB (Kai Vehmanen) - ALSA: hda/hdmi: Add quirk to force pin connectivity on NUC10 (Kai Vehmanen) - pinctrl: at91-pio4: use dedicated lock class for IRQ (Alexis Lothore) - i2c: aspeed: Handle the coalesced stop conditions with the start conditions. (Quan Nguyen) - afs: Fix overwriting of result of DNS query (David Howells) - net: check dev->gso_max_size in gso_features_check() (Eric Dumazet) - net: warn if gso_type isn't set for a GSO SKB (Heiner Kallweit) - afs: Fix dynamic root lookup DNS check (David Howells) - afs: Fix the dynamic root's d_delete to always delete unused dentries (David Howells) - net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev() (Liu Jian) - net/rose: fix races in rose_kill_by_device() (Eric Dumazet) - ethernet: atheros: fix a memleak in atl1e_setup_ring_resources (Zhipeng Lu) - net: sched: ife: fix potential use-after-free (Eric Dumazet) - net/mlx5e: Correct snprintf truncation handling for fw_version buffer used by representors (Rahul Rameshbabu) - net/mlx5: Fix fw tracer first block check (Moshe Shemesh) - net/mlx5: improve some comments (Hu Haowen) - Revert 'net/mlx5e: fix double free of encap_header' (Vlad Buslov) - wifi: mac80211: mesh_plink: fix matches_local logic (Johannes Berg) - s390/vx: fix save/restore of fpu kernel context (Heiko Carstens) - reset: Fix crash when freeing non-existent optional resets (Geert Uytterhoeven) - ARM: OMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init (Kunwu Chan) - ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE (Namjae Jeon) - ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5 (Bin Li) - LTS tag: v5.4.265 (Sherry Yang) - powerpc/ftrace: Fix stack teardown in ftrace_no_trace (Naveen N Rao) - powerpc/ftrace: Create a dummy stackframe to fix stack unwind (Naveen N Rao) - mmc: block: Be sure to wait while busy in CQE error recovery (Adrian Hunter) - ring-buffer: Fix memory leak of free page (Steven Rostedt (Google)) - team: Fix use-after-free when an option instance allocation fails (Florent Revest) - arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify (James Houghton) - ext4: prevent the normalized size from exceeding EXT_MAX_BLOCKS (Baokun Li) - soundwire: stream: fix NULL pointer dereference for multi_link (Krzysztof Kozlowski) - HID: hid-asus: add const to read-only outgoing usb buffer (Denis Benato) - net: usb: qmi_wwan: claim interface 4 for ZTE MF290 (Lech Perczak) - asm-generic: qspinlock: fix queued_spin_value_unlocked() implementation (Linus Torvalds) - HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad (Aoba K) - HID: hid-asus: reset the backlight brightness level on resume (Denis Benato) - HID: add ALWAYS_POLL quirk for Apple kb (Oliver Neukum) - platform/x86: intel_telemetry: Fix kernel doc descriptions (Andy Shevchenko) - bcache: avoid NULL checking to c->root in run_cache_set() (Coly Li) - bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() (Coly Li) - bcache: avoid oversize memory allocation by small stripe_size (Coly Li) - blk-throttle: fix lockdep warning of 'cgroup_mutex or RCU read lock required!' (Ming Lei) - usb: aqc111: check packet for fixup for true limit (Oliver Neukum) - ALSA: hda/hdmi: add force-connect quirks for ASUSTeK Z170 variants (Kai Vehmanen) - appletalk: Fix Use-After-Free in atalk_ioctl (Hyunwoo Kim) - net: stmmac: Handle disabled MDIO busses from devicetree (Andrew Halaney) - net: stmmac: use dev_err_probe() for reporting mdio bus registration failure (Rasmus Villemoes) - vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space() (Nikolay Kuratov) - sign-file: Fix incorrect return values check (Yusong Gao) - net: Remove acked SYN flag from packet in the transmit queue correctly (Dong Chenchen) - qed: Fix a potential use-after-free in qed_cxt_tables_alloc (Dinghao Liu) - net/rose: Fix Use-After-Free in rose_ioctl (Hyunwoo Kim) - atm: Fix Use-After-Free in do_vcc_ioctl (Hyunwoo Kim) - atm: solos-pci: Fix potential deadlock on &tx_queue_lock (Chengfeng Ye) - atm: solos-pci: Fix potential deadlock on &cli_queue_lock (Chengfeng Ye) - qca_spi: Fix reset behavior (Stefan Wahren) - qca_debug: Fix ethtool -G iface tx behavior (Stefan Wahren) - qca_debug: Prevent crash on TX ring changes (Stefan Wahren) - net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (Maciej Zenczykowski) - afs: Fix refcount underflow from error handling race (David Howells) - LTS tag: v5.4.264 (Sherry Yang) - devcoredump: Send uevent once devcd is ready (Mukesh Ojha) - devcoredump : Serialize devcd_del work (Mukesh Ojha) - smb: client: fix potential NULL deref in parse_dfs_referrals() (Paulo Alcantara) - cifs: Fix non-availability of dedup breaking generic/304 (David Howells) - Revert 'btrfs: add dmesg output for first mount and last unmount of a filesystem' (Greg Kroah-Hartman) - drop_monitor: Require 'CAP_SYS_ADMIN' when joining 'events' group (Ido Schimmel) - psample: Require 'CAP_NET_ADMIN' when joining 'packets' group (Ido Schimmel) - genetlink: add CAP_NET_ADMIN test for multicast bind (Ido Schimmel) - netlink: don't call ->netlink_bind with table lock held (Ido Schimmel) - io_uring/af_unix: disable sending io_uring over sockets (Pavel Begunkov) - nilfs2: fix missing error check for sb_set_blocksize call (Ryusuke Konishi) - KVM: s390/mm: Properly reset no-dat (Claudio Imbrenda) - x86/CPU/AMD: Check vendor in the AMD microcode callback (Borislav Petkov (AMD)) - serial: 8250_omap: Add earlycon support for the AM654 UART controller (Ronald Wahl) - serial: sc16is7xx: address RX timeout interrupt errata (Daniel Mack) - ARM: PL011: Fix DMA support (Arnd Bergmann) - usb: typec: class: fix typec_altmode_put_partner to put plugs (RD Babiera) - parport: Add support for Brainboxes IX/UC/PX parallel cards (Cameron Williams) - usb: gadget: f_hid: fix report descriptor allocation (Konstantin Aladyshev) - mmc: sdhci-sprd: Fix vqmmc not shutting down after the card was pulled (Wenchao Chen) - mmc: core: add helpers mmc_regulator_enable/disable_vqmmc (Heiner Kallweit) - gpiolib: sysfs: Fix error handling on failed export (Boerge Struempfel) - arm64: dts: mediatek: mt8173-evb: Fix regulator-fixed node names (AngeloGioacchino Del Regno) - arm64: dts: mediatek: mt7622: fix memory node warning check (Eugen Hristev) - packet: Move reference count in packet_sock to atomic_long_t (Daniel Borkmann) - tracing: Fix a possible race when disabling buffered events (Petr Pavlu) - tracing: Fix incomplete locking when disabling buffered events (Petr Pavlu) - tracing: Always update snapshot buffer size (Steven Rostedt (Google)) - nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage() (Ryusuke Konishi) - ALSA: pcm: fix out-of-bounds in snd_pcm_state_names (Jason Zhang) - ARM: dts: imx7: Declare timers compatible with fsl,imx6dl-gpt (Philipp Zabel) - ARM: dts: imx: make gpt node name generic (Anson Huang) - ARM: imx: Check return value of devm_kasprintf in imx_mmdc_perf_init (Kunwu Chan) - scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() (Dinghao Liu) - tracing: Fix a warning when allocating buffered events fails (Petr Pavlu) - ASoC: wm_adsp: fix memleak in wm_adsp_buffer_populate (Dinghao Liu) - hwmon: (acpi_power_meter) Fix 4.29 MW bug (Armin Wolf) - RDMA/bnxt_re: Correct module description string (Kalesh AP) - bpf: sockmap, updating the sg structure should also update curr (John Fastabend) - tcp: do not accept ACK of bytes we never sent (Eric Dumazet) - netfilter: xt_owner: Fix for unsafe access of sk->sk_socket (Phil Sutter) - net: hns: fix fake link up on xge port (Yonglong Liu) - ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit() (Shigeru Yoshida) - arcnet: restoring support for multiple Sohard Arcnet cards (Thomas Reichinger) - net: arcnet: com20020 fix error handling (Tong Zhang) - net: arcnet: Fix RESET flag handling (Ahmed S. Darwish) - hv_netvsc: rndis_filter needs to select NLS (Randy Dunlap) - ipv6: fix potential NULL deref in fib6_add() (Eric Dumazet) - of: dynamic: Fix of_reconfig_get_state_change() return value documentation (Luca Ceresoli) - of: Add missing 'Return' section in kerneldoc comments (Rob Herring) - of: Fix kerneldoc output formatting (Rob Herring) - of: base: Fix some formatting issues and provide missing descriptions (Lee Jones) - of/irq: Make of_msi_map_rid() PCI bus agnostic (Lorenzo Pieralisi) - of/irq: make of_msi_map_get_device_domain() bus agnostic (Diana Craciun) - of/iommu: Make of_map_rid() PCI agnostic (Lorenzo Pieralisi) - ACPI/IORT: Make iort_msi_map_rid() PCI agnostic (Lorenzo Pieralisi) - ACPI/IORT: Make iort_get_device_domain IRQ domain agnostic (Lorenzo Pieralisi) - of: base: Add of_get_cpu_state_node() to get idle states for a CPU node (Ulf Hansson) - drm/amdgpu: correct chunk_ptr to a pointer to chunk. (YuanShang) - kconfig: fix memory leak from range properties (Masahiro Yamada) - tg3: Increment tx_dropped in tg3_tso_bug() (Alex Pakhunov) - tg3: Move the [rt]x_dropped counters to tg3_napi (Alex Pakhunov) - netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test (Jozsef Kadlecsik) - LTS tag: v5.4.263 (Sherry Yang) - mmc: block: Retry commands in CQE error recovery (Adrian Hunter) - mmc: core: convert comma to semicolon (Zheng Yongjun) - mmc: cqhci: Fix task clearing in CQE error recovery (Adrian Hunter) - mmc: cqhci: Warn of halt or task clear failure (Adrian Hunter) - mmc: cqhci: Increase recovery halt timeout (Adrian Hunter) - cpufreq: imx6q: Don't disable 792 Mhz OPP unnecessarily (Christoph Niedermaier) - cpufreq: imx6q: don't warn for disabling a non-existing frequency (Christoph Niedermaier) - scsi: qla2xxx: Fix system crash due to bad pointer access (Quinn Tran) - scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (Bart Van Assche) - scsi: core: Introduce the scsi_cmd_to_rq() function (Bart Van Assche) - ima: detect changes to the backing overlay file (Mimi Zohar) - ovl: skip overlayfs superblocks at global sync (Konstantin Khlebnikov) - ima: annotate iint mutex to avoid lockdep false positive warnings (Amir Goldstein) - fbdev: stifb: Make the STI next font pointer a 32-bit signed offset (Helge Deller) - mtd: cfi_cmdset_0001: Byte swap OTP info (Linus Walleij) - mtd: cfi_cmdset_0001: Support the absence of protection registers (Jean-Philippe Brucker) - s390/cmma: fix detection of DAT pages (Heiko Carstens) - s390/mm: fix phys vs virt confusion in mark_kernel_pXd() functions family (Alexander Gordeev) - smb3: fix touch -h of symlink (Steve French) - net: ravb: Start TX queues after HW initialization succeeded (Claudiu Beznea) - net: ravb: Use pm_runtime_resume_and_get() (Claudiu Beznea) - ravb: Fix races between ravb_tx_timeout_work() and net related ops (Yoshihiro Shimoda) - net: stmmac: xgmac: Disable FPE MMC interrupts (Furong Xu) - ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet (Zhengchao Shao) - Input: xpad - add HyperX Clutch Gladiate Support (Max Nguyen) - btrfs: make error messages more clear when getting a chunk map (Filipe Manana) - btrfs: send: ensure send_fd is writable (Jann Horn) - btrfs: fix off-by-one when checking chunk map includes logical address (Filipe Manana) - btrfs: add dmesg output for first mount and last unmount of a filesystem (Qu Wenruo) - powerpc: Don't clobber f0/vs0 during fp|altivec register save (Timothy Pearson) - bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (Markus Weippert) - dm verity: don't perform FEC for failed readahead IO (Wu Bo) - dm-verity: align struct dm_verity_fec_io properly (Mikulas Patocka) - ALSA: hda/realtek: Add supported ALC257 for ChromeOS (Kailang Yang) - ALSA: hda/realtek: Headset Mic VREF to 100% (Kailang Yang) - ALSA: hda: Disable power-save on KONTRON SinglePC (Takashi Iwai) - mmc: block: Do not lose cache flush during CQE error recovery (Adrian Hunter) - firewire: core: fix possible memory leak in create_units() (Yang Yingliang) - pinctrl: avoid reload of p state in list iteration (Maria Yu) - io_uring: fix off-by one bvec index (Keith Busch) - USB: dwc3: qcom: fix wakeup after probe deferral (Johan Hovold) - USB: dwc3: qcom: fix resource leaks on probe deferral (Johan Hovold) - usb: dwc3: set the dma max_seg_size (Ricardo Ribalda) - USB: dwc2: write HCINT with INTMASK applied (Oliver Neukum) - USB: serial: option: don't claim interface 4 for ZTE MF290 (Lech Perczak) - USB: serial: option: fix FM101R-GL defines (Puliang Lu) - USB: serial: option: add Fibocom L7xx modules (Victor Fragoso) - bcache: prevent potential division by zero error (Rand Deeb) - bcache: check return value from btree_node_alloc_replacement() (Coly Li) - dm-delay: fix a race between delay_presuspend and delay_bio (Mikulas Patocka) - hv_netvsc: Mark VF as slave before exposing it to user-mode (Long Li) - hv_netvsc: Fix race of register_netdevice_notifier and VF register (Haiyang Zhang) - USB: serial: option: add Luat Air72*U series products (Asuna Yang) - s390/dasd: protect device queue against concurrent access (Jan Hoppner) - bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() (Coly Li) - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA (Hans de Goede) - ext4: make sure allocate pending entry not fail (Zhang Yi) - ext4: fix slab-use-after-free in ext4_es_insert_extent() (Baokun Li) - ext4: using nofail preallocation in ext4_es_insert_extent() (Baokun Li) - ext4: using nofail preallocation in ext4_es_insert_delayed_block() (Baokun Li) - ext4: using nofail preallocation in ext4_es_remove_extent() (Baokun Li) - ext4: use pre-allocated es in __es_remove_extent() (Baokun Li) - ext4: use pre-allocated es in __es_insert_extent() (Baokun Li) - ext4: factor out __es_alloc_extent() and __es_free_extent() (Baokun Li) - ext4: add a new helper to check if es must be kept (Baokun Li) - MIPS: KVM: Fix a build warning about variable set but not used (Huacai Chen) - nvmet: nul-terminate the NQNs passed in the connect command (Christoph Hellwig) - nvmet: remove unnecessary ctrl parameter (Chaitanya Kulkarni) - afs: Fix file locking on R/O volumes to operate in local mode (David Howells) - afs: Return ENOENT if no cell DNS record can be found (David Howells) - net: axienet: Fix check for partial TX checksum (Samuel Holland) - amd-xgbe: propagate the correct speed and duplex status (Raju Rangoju) - amd-xgbe: handle the corner-case during tx completion (Raju Rangoju) - amd-xgbe: handle corner-case during sfp hotplug (Raju Rangoju) - arm/xen: fix xen_vcpu_info allocation alignment (Stefano Stabellini) - net: usb: ax88179_178a: fix failed operations during ax88179_reset (Jose Ignacio Tornos Martinez) - ipv4: Correct/silence an endian warning in __ip_do_redirect (Kunwu Chan) - HID: fix HID device resource race between HID core and debugging support (Charles Yi) - HID: core: store the unique system identifier in hid_device (Benjamin Tissoires) - drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full (Jonas Karlman) - ata: pata_isapnp: Add missing error check for devm_ioport_map() (Chen Ni) - drm/panel: simple: Fix Innolux G101ICE-L01 timings (Marek Vasut) - drm/panel: simple: Fix Innolux G101ICE-L01 bus flags (Marek Vasut) - afs: Make error on cell lookup failure consistent with OpenAFS (David Howells) - PCI: keystone: Drop __init from ks_pcie_add_pcie_{ep,port}() (Nathan Chancellor) - RDMA/irdma: Prevent zero-length STAG registration (Christopher Bednarz) - driver core: Release all resources during unbind before updating device links (Saravana Kannan) - LTS tag: v5.4.262 (Sherry Yang) - netfilter: nf_tables: bogus EBUSY when deleting flowtable after flush (for 5.4) (Pablo Neira Ayuso) - netfilter: nf_tables: disable toggling dormant table state more than once (Pablo Neira Ayuso) - netfilter: nf_tables: fix table flag updates (Pablo Neira Ayuso) - netfilter: nftables: update table flags from the commit phase (Pablo Neira Ayuso) - netfilter: nf_tables: double hook unregistration in netns path (Pablo Neira Ayuso) - netfilter: nf_tables: unregister flowtable hooks on netns exit (Pablo Neira Ayuso) - netfilter: nf_tables: fix memleak when more than 255 elements expired (Pablo Neira Ayuso) - netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (Pablo Neira Ayuso) - netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention (Pablo Neira Ayuso) - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction (Pablo Neira Ayuso) - netfilter: nf_tables: defer gc run if previous batch is still pending (Florian Westphal) - netfilter: nf_tables: use correct lock to protect gc_list (Pablo Neira Ayuso) - netfilter: nf_tables: GC transaction race with abort path (Pablo Neira Ayuso) - netfilter: nf_tables: GC transaction race with netns dismantle (Pablo Neira Ayuso) - netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path (Pablo Neira Ayuso) - netfilter: nf_tables: remove busy mark and gc batch API (Pablo Neira Ayuso) - netfilter: nft_set_hash: mark set element as dead when deleting from packet path (Pablo Neira Ayuso) - netfilter: nf_tables: adapt set backend to use GC transaction API (Pablo Neira Ayuso) - netfilter: nf_tables: GC transaction API to avoid race with control plane (Pablo Neira Ayuso) - netfilter: nf_tables: don't skip expired elements during walk (Florian Westphal) - netfilter: nft_set_rbtree: fix overlap expiration walk (Florian Westphal) - netfilter: nft_set_rbtree: fix null deref on element insertion (Florian Westphal) - netfilter: nft_set_rbtree: Switch to node list walk for overlap detection (Pablo Neira Ayuso) - netfilter: nf_tables: drop map element references from preparation phase (Pablo Neira Ayuso) - netfilter: nftables: rename set element data activation/deactivation functions (Pablo Neira Ayuso) - netfilter: nf_tables: pass context to nft_set_destroy() (Pablo Neira Ayuso) - drm/amdgpu: fix error handling in amdgpu_bo_list_get() (Christian Konig) - ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks (Kemeng Shi) - ext4: correct the start block of counting reserved clusters (Zhang Yi) - ext4: correct return value of ext4_convert_meta_bg (Kemeng Shi) - ext4: correct offset of gdb backup in non meta_bg group to update_backups (Kemeng Shi) - ext4: apply umask if ACL support is disabled (Max Kellermann) - Revert 'net: r8169: Disable multicast filter for RTL8168H and RTL8107E' (Heiner Kallweit) - nfsd: fix file memleak on client_opens_release (Mahmoud Adam) - media: venus: hfi: add checks to handle capabilities from firmware (Vikash Garodia) - media: venus: hfi: fix the check to handle session buffer requirement (Vikash Garodia) - media: venus: hfi_parser: Add check to keep the number of codecs within range (Vikash Garodia) - media: sharp: fix sharp encoding (Sean Young) - media: lirc: drop trailing space from scancode transmit (Sean Young) - i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (Heiner Kallweit) - net: dsa: lan9303: consequently nested-lock physical MDIO (Alexander Sverdlin) - Revert ncsi: Propagate carrier gain/loss events to the NCSI controller (Johnathan Mantey) - Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE (Guan Wentao) - Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables (Masum Reza) - bluetooth: Add device 13d3:3571 to device tables (Larry Finger) - bluetooth: Add device 0bda:887b to device tables (Larry Finger) - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559 (Artem Lukyanov) - Bluetooth: btusb: add Realtek 8822CE to usb_device_id table (Joseph Hwang) - Bluetooth: btusb: Add flag to define wideband speech capability (Alain Michaud) - tty: serial: meson: fix hard LOCKUP on crtscts mode (Pavel Krasavin) - serial: meson: Use platform_get_irq() to get the interrupt (Lad Prabhakar) - tty: serial: meson: retrieve port FIFO size from DT (Neil Armstrong) - serial: meson: remove redundant initialization of variable id (Colin Ian King) - ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC (Chandradeep Dey) - ALSA: info: Fix potential deadlock at disconnection (Takashi Iwai) - parisc/pgtable: Do not drop upper 5 address bits of physical address (Helge Deller) - parisc: Prevent booting 64-bit kernels on PA1.x machines (Helge Deller) - i3c: master: cdns: Fix reading status register (Joshua Yeong) - mm/cma: use nth_page() in place of direct struct page manipulation (Zi Yan) - dmaengine: stm32-mdma: correct desc prep when channel running (Alain Volmat) - mcb: fix error handling for different scenarios when parsing (Sanjuan Garcia, Jorge) - i2c: core: Run atomic i2c xfer when !preemptible (Benjamin Bara) - kernel/reboot: emergency_restart: Set correct system_state (Benjamin Bara) - quota: explicitly forbid quota files from being encrypted (Eric Biggers) - jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev (Zhihao Cheng) - btrfs: don't arbitrarily slow down delalloc if we're committing (Josef Bacik) - PM: hibernate: Clean up sync_read handling in snapshot_write_next() (Brian Geffon) - PM: hibernate: Use __get_safe_page() rather than touching the list (Brian Geffon) - mmc: vub300: fix an error code (Dan Carpenter) - clk: qcom: ipq8074: drop the CLK_SET_RATE_PARENT flag from PLL clocks (Kathiravan Thirumoorthy) - parisc/pdc: Add width field to struct pdc_model (Helge Deller) - PCI: keystone: Don't discard .probe() callback (Uwe Kleine-Konig) - PCI: keystone: Don't discard .remove() callback (Uwe Kleine-Konig) - genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware (Herve Codina) - mmc: meson-gx: Remove setting of CMD_CFG_ERROR (Rong Chen) - ACPI: resource: Do IRQ override on TongFang GMxXGxx (Werner Sembach) - PCI/sysfs: Protect driver's D3cold preference from user space (Lukas Wunner) - hvc/xen: fix error path in xen_hvc_init() to always register frontend driver (David Woodhouse) - audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare() (Paul Moore) - audit: don't take task_lock() in audit_exe_compare() code path (Paul Moore) - KVM: x86: Ignore MSR_AMD64_TW_CFG access (Maciej S. Szmigiero) - KVM: x86: hyper-v: Don't auto-enable stimer on write from user-space (Nicolas Saenz Julienne) - x86/cpu/hygon: Fix the CPU topology evaluation for real (Pu Wen) - scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for selected registers (Chandrakanth patil) - bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END (Shung-Hsi Yu) - randstruct: Fix gcc-plugin performance mode to stay in group (Kees Cook) - media: venus: hfi: add checks to perform sanity on queue pointers (Vikash Garodia) - cifs: spnego: add ';' in HOST_KEY_LEN (Anastasia Belova) - tools/power/turbostat: Fix a knl bug (Zhang Rui) - macvlan: Don't propagate promisc change to lower dev in passthru (Vlad Buslov) - net/mlx5e: Check return value of snprintf writing to fw_version buffer for representors (Rahul Rameshbabu) - net/mlx5e: fix double free of encap_header (Dust Li) - net: stmmac: fix rx budget limit check (Baruch Siach) - net: stmmac: Rework stmmac_rx() (Jose Abreu) - netfilter: nf_conntrack_bridge: initialize err to 0 (Linkui Xiao) - net: ethernet: cortina: Fix MTU max setting (Linus Walleij) - net: ethernet: cortina: Handle large frames (Linus Walleij) - net: ethernet: cortina: Fix max RX frame define (Linus Walleij) - bonding: stop the device in bond_setup_by_slave() (Eric Dumazet) - ptp: annotate data-race around q->head and q->tail (Eric Dumazet) - xen/events: fix delayed eoi list handling (Juergen Gross) - ppp: limit MRU to 64K (Willem de Bruijn) - tipc: Fix kernel-infoleak due to uninitialized TLV value (Shigeru Yoshida) - net: hns3: fix variable may not initialized problem in hns3_init_mac_addr() (Yonglong Liu) - tty: Fix uninit-value access in ppp_sync_receive() (Shigeru Yoshida) - ipvlan: add ipvlan_route_v6_outbound() helper (Eric Dumazet) - NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO (Olga Kornievskaia) - wifi: iwlwifi: Use FW rate for non-data frames (Miri Korenblit) - pwm: Fix double shift bug (Dan Carpenter) - ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings (Tony Lindgren) - kgdb: Flush console before entering kgdb on panic (Douglas Anderson) - drm/amd/display: Avoid NULL dereference of timing generator (Wayne Lin) - media: cobalt: Use FIELD_GET() to extract Link Width (Ilpo Jarvinen) - gfs2: ignore negated quota changes (Bob Peterson) - media: vivid: avoid integer overflow (Hans Verkuil) - media: gspca: cpia1: shift-out-of-bounds in set_flicker (Rajeshwar R Shinde) - i2c: sun6i-p2wi: Prevent potential division by zero (Axel Lin) - usb: gadget: f_ncm: Always set current gadget in ncm_bind() (Hardik Gajjar) - tty: vcc: Add check for kstrdup() in vcc_probe() (Yi Yang) - HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W (Jiri Kosina) - scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (Wenchao Hao) - atm: iphase: Do PCI error checks on own line (Ilpo Jarvinen) - PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields (Ilpo Jarvinen) - ALSA: hda: Fix possible null-ptr-deref when assigning a stream (Cezary Rojewski) - ARM: 9320/1: fix stack depot IRQ stack filter (Vincent Whitchurch) - jfs: fix array-index-out-of-bounds in diAlloc (Manas Ghandat) - jfs: fix array-index-out-of-bounds in dbFindLeaf (Manas Ghandat) - fs/jfs: Add validity check for db_maxag and db_agpref (Juntong Deng) - fs/jfs: Add check for negative db_l2nbperpage (Juntong Deng) - RDMA/hfi1: Use FIELD_GET() to extract Link Width (Ilpo Jarvinen) - crypto: pcrypt - Fix hungtask for PADATA_RESET (Lu Jialin) - selftests/efivarfs: create-read: fix a resource leak (zhujun2) - drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL (Qu Huang) - drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (Mario Limonciello) - drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (Mario Limonciello) - drm/komeda: drop all currently held locks if deadlock happens (baozhu.liu) - platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e (Olli Asikainen) - Bluetooth: Fix double free in hci_conn_cleanup (ZhengHan Wang) - wifi: ath10k: Don't touch the CE interrupt registers after power up (Douglas Anderson) - net: annotate data-races around sk->sk_dst_pending_confirm (Eric Dumazet) - net: annotate data-races around sk->sk_tx_queue_mapping (Eric Dumazet) - wifi: ath10k: fix clang-specific fortify warning (Dmitry Antipov) - wifi: ath9k: fix clang-specific fortify warnings (Dmitry Antipov) - wifi: mac80211: don't return unset power in ieee80211_get_tx_power() (Ping-Ke Shih) - wifi: mac80211_hwsim: fix clang-specific fortify warning (Dmitry Antipov) - x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size (Mike Rapoport (IBM)) - clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware (Ronald Wahl) - clocksource/drivers/timer-imx-gpt: Fix potential memory leak (Jacky Bai) - perf/core: Bail out early if the request AUX area is out of bound (Shuai Xue) - locking/ww_mutex/test: Fix potential workqueue corruption (John Stultz) - LTS tag: v5.4.261 (Sherry Yang) - btrfs: use u64 for buffer sizes in the tree search ioctls (Filipe Manana) - fbdev: fsl-diu-fb: mark wr_reg_wa() static (Arnd Bergmann) - fbdev: imsttfb: fix a resource leak in probe (Dan Carpenter) - fbdev: imsttfb: Fix error path of imsttfb_probe() (Helge Deller) - spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (Amit Kumar Mahapatra) - drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE (Erik Kurzinger) - netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses (Florian Westphal) - netfilter: nft_redir: use struct nf_nat_range2 throughout and deduplicate eval call-backs (Jeremy Sowden) - netfilter: xt_recent: fix (increase) ipv6 literal buffer length (Maciej Zenczykowski) - r8169: respect userspace disabling IFF_MULTICAST (Heiner Kallweit) - tg3: power down device only on SYSTEM_POWER_OFF (George Shuklin) - net/smc: fix dangling sock under state SMC_APPFINCLOSEWAIT (D. Wythe) - net: stmmac: xgmac: Enable support for multiple Flexible PPS outputs (Furong Xu) - Fix termination state for idr_for_each_entry_ul() (NeilBrown) - net: r8169: Disable multicast filter for RTL8168H and RTL8107E (Patrick Thompson) - dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses. (Kuniyuki Iwashima) - dccp: Call security_inet_conn_request() after setting IPv4 addresses. (Kuniyuki Iwashima) - tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (Shigeru Yoshida) - llc: verify mac len before reading mac header (Willem de Bruijn) - Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (Dan Carpenter) - pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume (Florian Fainelli) - pwm: sti: Reduce number of allocations and drop usage of chip_data (Uwe Kleine-Konig) - pwm: sti: Avoid conditional gotos (Thierry Reding) - regmap: prevent noinc writes from clobbering cache (Ben Wolsieffer) - media: s3c-camif: Avoid inappropriate kfree() (Katya Orlova) - media: bttv: fix use after free error due to btv->timeout timer (Zheng Wang) - pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() (Yang Yingliang) - pcmcia: ds: fix refcount leak in pcmcia_device_add() (Yang Yingliang) - pcmcia: cs: fix possible hung task and memory leak pccardd() (Yang Yingliang) - rtc: pcf85363: fix wrong mask/val parameters in regmap_update_bits call (Javier Carrasco) - i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs (Dinghao Liu) - powerpc/pseries: fix potential memory leak in init_cpu_associativity() (Wang Yufen) - powerpc/imc-pmu: Use the correct spinlock initializer. (Sebastian Andrzej Siewior) - powerpc/xive: Fix endian conversion size (Benjamin Gray) - modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host (Masahiro Yamada) - f2fs: fix to initialize map.m_pblk in f2fs_precache_extents() (Chao Yu) - dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() (Christophe JAILLET) - USB: usbip: fix stub_dev hub disconnect (Jonas Blixt) - tools: iio: iio_generic_buffer ensure alignment (Matti Vaittinen) - tools: iio: iio_generic_buffer: Fix some integer type and calculation (Chenyuan Mi) - tools: iio: privatize globals and functions in iio_generic_buffer.c file (Alexandru Ardelean) - misc: st_core: Do not call kfree_skb() under spin_lock_irqsave() (Jinjie Ruan) - dmaengine: ti: edma: handle irq_of_parse_and_map() errors (Dan Carpenter) - usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency (Jia-Ju Bai) - tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (Yi Yang) - leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu' (Christophe JAILLET) - ledtrig-cpu: Limit to 8 CPUs (Pavel Machek) - leds: pwm: Don't disable the PWM when the LED should be off (Uwe Kleine-Konig) - leds: pwm: convert to atomic PWM API (Uwe Kleine-Konig) - leds: pwm: simplify if condition (Uwe Kleine-Konig) - mfd: dln2: Fix double put in dln2_probe (Dinghao Liu) - ASoC: ams-delta.c: use component after check (Kuninori Morimoto) - ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails (Cezary Rojewski) - sh: bios: Revive earlyprintk support (Geert Uytterhoeven) - RDMA/hfi1: Workaround truncation compilation error (Leon Romanovsky) - scsi: ufs: core: Leave space for '- ext4: move 'ix' sanity check to corrent position (Gou Hao) - ARM: 9321/1: memset: cast the constant byte to unsigned char (Kursad Oney) - hid: cp2112: Fix duplicate workqueue initialization (Danny Kaehn) - HID: cp2112: Use irqchip template (Linus Walleij) - crypto: caam/jr - fix Chacha20 + Poly1305 self test failure (Gaurav Jain) - crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure (Gaurav Jain) - nd_btt: Make BTT lanes preemptible (Tomas Glozar) - sched/rt: Provide migrate_disable/enable() inlines (Thomas Gleixner) - libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and check its return value (Chen Ni) - hwrng: geode - fix accessing registers (Jonas Gorski) - clk: scmi: Free scmi_clk allocated when the clocks with invalid info are skipped (Sudeep Holla) - firmware: ti_sci: Mark driver as non removable (Dhruva Gole) - firmware: ti_sci: Replace HTTP links with HTTPS ones (Alexander A. Klimov) - soc: qcom: llcc: Handle a second device without data corruption (Uwe Kleine-Konig) - soc: qcom: Rename llcc-slice to llcc-qcom (Vivek Gautam) - soc: qcom: llcc cleanup to get rid of sdm845 specific driver file (Vivek Gautam) - ARM: dts: qcom: mdm9615: populate vsdcc fixed regulator (Krzysztof Kozlowski) - arm64: dts: qcom: sdm845-mtp: fix WiFi configuration (Dmitry Baryshkov) - drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() (Christophe JAILLET) - drm/radeon: possible buffer overflow (Konstantin Meskhidze) - drm/rockchip: vop: Fix call to crtc reset helper (Jonas Karlman) - drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs (Jonas Karlman) - hwmon: (coretemp) Fix potentially truncated sysfs attribute name (Zhang Rui) - platform/x86: wmi: Fix opening of char device (Armin Wolf) - platform/x86: wmi: remove unnecessary initializations (Barnabas Pocze) - platform/x86: wmi: Fix probe failure when failing to register WMI devices (Armin Wolf) - clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data (Jiasheng Jiang) - clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data (Jiasheng Jiang) - clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data (Jiasheng Jiang) - clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data (Jiasheng Jiang) - clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data (Jiasheng Jiang) - clk: npcm7xx: Fix incorrect kfree (Jonathan Neuschafer) - clk: keystone: pll: fix a couple NULL vs IS_ERR() checks (Dan Carpenter) - clk: imx: Select MXC_CLK for CLK_IMX8QXP (Abel Vesa) - clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src (Danila Tikhonov) - clk: qcom: gcc-sm8150: use ARRAY_SIZE instead of specifying num_parents (Dmitry Baryshkov) - clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies (Devi Priya) - regmap: debugfs: Fix a erroneous check after snprintf() (Christophe JAILLET) - ipvlan: properly track tx_errors (Eric Dumazet) - net: add DEV_STATS_READ() helper (Eric Dumazet) - ipv6: avoid atomic fragment on GSO packets (Yan Zhai) - ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() (Christophe JAILLET) - tcp: fix cookie_init_timestamp() overflows (Eric Dumazet) - tcp: Remove one extra ktime_get_ns() from cookie_init_timestamp (Eric Dumazet) - chtls: fix tp->rcv_tstamp initialization (Eric Dumazet) - r8169: fix rare issue with broken rx after link-down on RTL8125 (Heiner Kallweit) - r8169: use tp_to_dev instead of open code (Juhee Kang) - thermal: core: prevent potential string overflow (Dan Carpenter) - can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() (Marc Kleine-Budde) - can: dev: can_restart(): don't crash kernel if carrier is OK (Marc Kleine-Budde) - wifi: rtlwifi: fix EDCA limit set by BT coexistence (Dmitry Antipov) - tcp_metrics: do not create an entry from tcp_init_metrics() (Eric Dumazet) - tcp_metrics: properly set tp->snd_ssthresh in tcp_init_metrics() (Eric Dumazet) - tcp_metrics: add missing barriers on delete (Eric Dumazet) - wifi: mt76: mt7603: rework/fix rx pse hang check (Felix Fietkau) - wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (Jinjie Ruan) - tcp: call tcp_try_undo_recovery when an RTOd TFO SYNACK is ACKed (Aananth V) - i40e: fix potential memory leaks in i40e_remove() (Andrii Staikov) - genirq/matrix: Exclude managed interrupts in irq_matrix_allocated() (Chen Yu) - vfs: fix readahead(2) on block devices (Reuben Hawkins) - LTS tag: v5.4.260 (Sherry Yang) - tty: 8250: Add support for Intashield IS-100 (Cameron Williams) - tty: 8250: Add support for Brainboxes UP cards (Cameron Williams) - tty: 8250: Add support for additional Brainboxes UC cards (Cameron Williams) - tty: 8250: Remove UC-257 and UC-431 (Cameron Williams) - usb: storage: set 1.50 as the lower bcdDevice for older 'Super Top' compatibility (LihaSika) - PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device (Vicki Pfau) - Revert 'ARM: dts: Move am33xx and am43xx mmc nodes to sdhci-omap driver' (Matthias Schiffer) - remove the sx8 block driver (Christoph Hellwig) - ata: ahci: fix enum constants for gcc-13 (Arnd Bergmann) - net: chelsio: cxgb4: add an error code check in t4_load_phy_fw (Su Hui) - platform/mellanox: mlxbf-tmfifo: Fix a warning message (Liming Sun) - platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (Hans de Goede) - scsi: mpt3sas: Fix in error path (Tomas Henzl) - fbdev: uvesafb: Call cn_del_callback() at the end of uvesafb_exit() (Jorge Maidana) - ASoC: rt5650: fix the wrong result of key button (Shuming Fan) - netfilter: nfnetlink_log: silence bogus compiler warning (Florian Westphal) - spi: npcm-fiu: Fix UMA reads when dummy.nbytes == 0 (William A. Kennington III) - fbdev: atyfb: only use ioremap_uc() on i386 and ia64 (Arnd Bergmann) - Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport (Dmitry Torokhov) - dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe (Zhang Shurong) - irqchip/stm32-exti: add missing DT IRQ flag translation (Ben Wolsieffer) - Input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table (Szilard Fabian) - x86: Fix .brk attribute in linker script (Juergen Gross) - rpmsg: Fix possible refcount leak in rpmsg_register_device_override() (Hangyu Hua) - rpmsg: glink: Release driver_override (Bjorn Andersson) - rpmsg: Fix calling device_lock() on non-initialized device (Krzysztof Kozlowski) - rpmsg: Fix kfree() of static memory on setting driver_override (Krzysztof Kozlowski) - rpmsg: Constify local variable in field store macro (Krzysztof Kozlowski) - driver: platform: Add helper for safer setting of driver_override (Krzysztof Kozlowski) - ext4: fix BUG in ext4_mb_new_inode_pa() due to overflow (Baokun Li) - ext4: avoid overlapping preallocations due to overflow (Baokun Li) - ext4: add two helper functions extent_logical_end() and pa_logical_end() (Baokun Li) - x86/mm: Fix RESERVE_BRK() for older binutils (Josh Poimboeuf) - x86/mm: Simplify RESERVE_BRK() (Josh Poimboeuf) - nfsd: lock_rename() needs both directories to live on the same fs (Al Viro) - f2fs: fix to do sanity check on inode type during garbage collection (Chao Yu) - smbdirect: missing rc checks while waiting for rdma events (Steve French) - kobject: Fix slab-out-of-bounds in fill_kobj_path() (Wang Hai) - arm64: fix a concurrency issue in emulation_proc_handler() (Jinjie Ruan) - drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper() (Lukasz Majczak) - x86/i8259: Skip probing when ACPI/MADT advertises PCAT compatibility (Thomas Gleixner) - i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR (Ivan Vecera) - clk: Sanitize possible_parent_show to Handle Return Value of of_clk_get_parent_name (Alessandro Carminati) - nvmem: imx: correct nregs for i.MX6UL (Peng Fan) - nvmem: imx: correct nregs for i.MX6SLL (Peng Fan) - nvmem: imx: correct nregs for i.MX6ULL (Peng Fan) - i2c: stm32f7: Fix PEC handling in case of SMBUS transfers (Alain Volmat) - i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() (Herve Codina) - i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() (Herve Codina) - i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() (Herve Codina) - iio: exynos-adc: request second interupt only when touchscreen mode is used (Marek Szyprowski) - gtp: fix fragmentation needed check with gso (Pablo Neira Ayuso) - gtp: uapi: fix GTPA_MAX (Pablo Neira Ayuso) - tcp: fix wrong RTO timeout when received SACK reneging (Fred Chen) - r8152: Cancel hw_phy_work if we have an error in probe (Douglas Anderson) - r8152: Run the unload routine if we have errors during probe (Douglas Anderson) - r8152: Increase USB control msg timeout to 5000ms as per spec (Douglas Anderson) - net: ieee802154: adf7242: Fix some potential buffer overflow in adf7242_stats_show() (Christophe JAILLET) - igc: Fix ambiguity in the ethtool advertising (Sasha Neftin) - neighbour: fix various data-races (Eric Dumazet) - igb: Fix potential memory leak in igb_add_ethtool_nfc_entry (Mateusz Palczewski) - treewide: Spelling fix in comment (Kunwu Chan) - r8169: fix the KCSAN reported data race in rtl_rx while reading desc->opts1 (Mirsad Goran Todorovac) - r8169: fix the KCSAN reported data-race in rtl_tx while reading TxDescArray[entry].opts1 (Mirsad Goran Todorovac) - virtio_balloon: Fix endless deflation and inflation on arm64 (Gavin Shan) - mcb-lpc: Reallocate memory region to avoid memory overlapping (Rodriguez Barbarin, Jose Javier) - mcb: Return actual parsed size when reading chameleon table (Rodriguez Barbarin, Jose Javier) - selftests/ftrace: Add new test case which checks non unique symbol (Francis Laniel) - mtd: rawnand: marvell: Ensure program page operations are successful (Miquel Raynal) [5.4.17-2136.328.1] - net/mlx5e: Check for NOT_READY flag state after locking (Vlad Buslov) [Orabug: 36014945] - net/mlx5e: fix memory leak in mlx5e_ptp_open (Zhengchao Shao) [Orabug: 36014945] - net/mlx5e: Fix error handling in mlx5e_refresh_tirs (Saeed Mahameed) [Orabug: 36014945] - net/mlx5e: Don't attach netdev profile while handling internal error (Dmytro Linkin) [Orabug: 36014945] - net/mlx5e: Do not update SBCM when prio2buffer command is invalid (Maher Sanalla) [Orabug: 36014945] - mlxsw: pci: Fix possible crash during initialization (Ido Schimmel) [Orabug: 36014945] - net/mlx5: E-Switch, Fix an Oops in error handling code (Dan Carpenter) [Orabug: 36014945] - net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port (Maor Dickman) [Orabug: 36014945] - net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (Shay Drory) [Orabug: 36014945] - net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (Shay Drory) [Orabug: 36014945] - net/mlx5: SF: Fix probing active SFs during driver probe phase (Shay Drory) [Orabug: 36014945] - net/mlx5e: Remove WARN_ON when trying to offload an unsupported TLS cipher/version (Gal Pressman) [Orabug: 36014945] - net/mlx5: Fix mlx5_get_next_dev() peer device matching (Saeed Mahameed) [Orabug: 36014945] - net/mlx5: Drain fw_reset when removing device (Shay Drory) [Orabug: 36014945] - net/mlx5: Lag, filter non compatible devices (Mark Bloch) [Orabug: 36014945] - net/mlx5: Disable SRIOV before PF removal (Yishai Hadas) [Orabug: 36014945] - net/mlx5: Lag, Make mlx5_lag_is_multipath() be static inline (Maor Dickman) [Orabug: 36014945] - net/mlx5: Lag, change multipath and bonding to be mutually exclusive (Maor Dickman) [Orabug: 36014945] - net/mlx5e: Destroy page pool after XDP SQ to fix use-after-free (Maxim Mikityanskiy) [Orabug: 36014945] - net/mlx5: Lag, move lag destruction to a workqueue (Mark Bloch) [Orabug: 36014945] - net/mlx5: Unload device upon firmware fatal error (Aya Levin) [Orabug: 36014945] - net/mlx5: Remove unnecessary spin lock protection (Eli Cohen) [Orabug: 36014945] - net/mlx5e: When changing XDP program without reset, take refs for XSK RQs (Maxim Mikityanskiy) [Orabug: 36014945] - net/mlx5e: Check tunnel offload is required before setting SWP (Moshe Shemesh) [Orabug: 36014945] - net/mlx5e: Remove unused mlx5e_xsk_first_unused_channel (Maxim Mikityanskiy) [Orabug: 36014945] - net/mlx5e: Fix stats update for matchall classifier (Roi Dayan) [Orabug: 36014945] - net/mlx5e: Set of completion request bit should not clear other adjacent bits (Tariq Toukan) [Orabug: 36014945] - mlxsw: pci: Wait longer before accessing the device after reset (Amit Cohen) [Orabug: 36014945] - mlxsw: pci: Remove unused values (Ido Schimmel) [Orabug: 36014945] - mlxsw: core: Add validation of hardware device types for MGPIR register (Vadim Pasternak) [Orabug: 36014945] - netdevsim: fix using uninitialized resources (Taehee Yoo) [Orabug: 36014945] - net/mlx5: Read num_vfs before disabling SR-IOV (Parav Pandit) [Orabug: 36014945] - net/mlx5: DR, Replace CRC32 implementation to use kernel lib (Hamdan Igbaria) [Orabug: 36014945] - mlxsw: pci: Increase PCI reset timeout for SN3800 systems (Ido Schimmel) [Orabug: 36014945] - mlxsw: hwmon: Provide optimization for QSFP modules number detection (Vadim Pasternak) [Orabug: 36014945] - mlxsw: reg: Extend MGPIR register with new field exposing the number of QSFP modules (Vadim Pasternak) [Orabug: 36014945] - vhost-scsi: add parentheses to macro of VHOST_SCSI_MAX_VQ (Dongli Zhang) [Orabug: 36119643] - iommu/amd: Do not flush IRTE when only updating isRun and destination fields (Suravee Suthikulpanit) [Orabug: 36101189] - xfs: try to avoid allocation blocking on busy extents (Mark Tinguely) [Orabug: 36096908] - EDAC/amd64: Add support for AMD family 1Ah models 00h-1Fh and 40h-4Fh (Avadhut Naik) [Orabug: 36092305] - EDAC/amd64: Add get_err_info() to pvt->ops (Muralidhara M K) [Orabug: 36092305] - EDAC/amd64: Split dump_misc_regs() into dct/umc functions (Muralidhara M K) [Orabug: 36092305] - EDAC/amd64: Split init_csrows() into dct/umc functions (Muralidhara M K) [Orabug: 36092305] - EDAC/amd64: Split determine_edac_cap() into dct/umc functions (Muralidhara M K) [Orabug: 36092305] - EDAC/amd64: Rename f17h_determine_edac_ctl_cap() (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Split setup_mci_misc_attrs() into dct/umc functions (Muralidhara M K) [Orabug: 36092305] - EDAC/amd64: Split ecc_enabled() into dct/umc functions (Muralidhara M K) [Orabug: 36092305] - EDAC/amd64: Split read_mc_regs() into dct/umc functions (Muralidhara M K) [Orabug: 36092305] - EDAC/amd64: Split determine_memory_type() into dct/umc functions (Muralidhara M K) [Orabug: 36092305] - EDAC/amd64: Split read_base_mask() into dct/umc functions (Muralidhara M K) [Orabug: 36092305] - EDAC/amd64: Split prep_chip_selects() into dct/umc functions (Muralidhara M K) [Orabug: 36092305] - EDAC/amd64: Rework hw_info_{get,put} (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Merge struct amd64_family_type into struct amd64_pvt (Muralidhara M K) [Orabug: 36092305] - EDAC/amd64: Do not discover ECC symbol size for Family 17h and later (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Drop dbam_to_cs() for Family 17h and later (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Split get_csrow_nr_pages() into dct/umc functions (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Rename debug_display_dimm_sizes() (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Shut up an -Werror,-Wsometimes-uninitialized clang false positive (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Remove early_channel_count() (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Remove PCI Function 0 (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Remove PCI Function 6 (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Remove scrub rate control for Family 17h and later (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Don't set up EDAC PCI control on Family 17h+ (Yazen Ghannam) [Orabug: 36092305] - x86/amd_nb: Unexport amd_cache_northbridges() (Muralidhara M K) [Orabug: 36092305] - EDAC/amd64: Add new register offset support and related changes (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Set memory type per DIMM (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Add support for family 19h, models 50h-5fh (Marc Bevand) [Orabug: 36092305] - EDAC/amd64: Add context struct (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Allow for DF Indirect Broadcast reads (Yazen Ghannam) [Orabug: 36092305] - x86/amd_nb, EDAC/amd64: Move DF Indirect Read to AMD64 EDAC (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Issue probing messages only on properly detected hardware (Borislav Petkov) [Orabug: 36092305] - EDAC/amd64: Tone down messages about missing PCI IDs (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Do not load on family 0x15, model 0x13 (Borislav Petkov) [Orabug: 36092305] - EDAC/amd64: Remove redundant assignment to variable ret in hw_info_get() (Colin Ian King) [Orabug: 36092305] - crypto: ccp - Add support for PCI device 0x156E (John Allen) [Orabug: 36092305] - crypto: ccp - Add support for PCI device 0x17E0 (Mario Limonciello) [Orabug: 36092305] - crypto: ccp - Provide MMIO register naming for documenation (Tom Lendacky) [Orabug: 36092305] - crypto: ccp - Add support for TEE for PCI ID 0x14CA (Mario Limonciello) [Orabug: 36092305] - crypto: ccp - Add support for new CCP/PSP device ID (Mario Limonciello) [Orabug: 36092305] - x86/amd_nb: Add PCI IDs for AMD Family 1Ah-based models (Avadhut Naik) [Orabug: 36092305] - x86/amd_nb: Re-sort and re-indent PCI defines (Borislav Petkov (AMD)) [Orabug: 36092305] - x86/amd_nb: Add MI200 PCI IDs (Yazen Ghannam) [Orabug: 36092305] - x86/amd_nb: Add PCI ID for family 19h model 78h (Mario Limonciello) [Orabug: 36092305] - x86/amd_nb: Add AMD PCI IDs for SMN communication (Mario Limonciello) [Orabug: 36092305] - hwmon: (k10temp) Add thermal support for AMD Family 1Ah-based models (Avadhut Naik) [Orabug: 36092305] - hwmon: (k10temp) Add PCI ID for family 19, model 78h (Mario Limonciello) [Orabug: 36092305] - hwmon: (k10temp): Add support for new family 17h and 19h models (Mario Limonciello) [Orabug: 36092305] - uek-rpm: Update the x86 kABI files for new symbol (Yifei Liu) [Orabug: 36090182] - audit: Apply special optimizations (Hakon Bugge) [Orabug: 36089817] - audit: Vary struct audit_entry alignment (Hakon Bugge) [Orabug: 36089817] - eth: bnxt: handle invalid Tx completions more gracefully (Jakub Kicinski) [Orabug: 36075755] - tcp: Tunables for TCP delayed ack (min and max) timers (Venkat Venkatsubra) [Orabug: 35875891] - tcp: fix ambiguity for SACKed TLP retransmits with RTT < min_rtt (Neal Cardwell) [Orabug: 35875891] - Add basic Emerald Rapids support to UEK6 (Henry Willard) [Orabug: 35063919] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2022-29900 CVE-2023-25775 CVE-2023-45863 CVE-2023-4244 CVE-2022-29901 cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:8::developer_UEKR6 cpe:/a:oracle:linux:7::developer_UEKR6 cpe:/o:oracle:linux:8:9:baseos_patch cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 8 hivex libguestfs libguestfs-winsupport libiscsi libnbd libvirt [5.7.0-41] - qemu_monitor: Add defensive protection on mon->msg (Wim ten Have) [Orabug: 35699260] - vircpi: Add PCIe 5.0 and 6.0 link speeds (Michal Privoznik) [Orabug: 35496776] - qemuProcessSetupVcpusVnuma: add NULL check for def->cpu (Shaleen Bathla) [Orabug: 35332038] libvirt-dbus libvirt-python [5.7.0-41] - Bump version number to 5.7.0-41 to match libvirt (Karl Heubaum) nbdkit netcf perl-Sys-Virt qemu-kvm [4.2.1-28] - virtio-crypto: verify src&dst buffer length for sym request (zhenwei pi) [Orabug: 35724113] {CVE-2023-3180} - hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330) (Thomas Huth) [Orabug: 35724112] {CVE-2023-0330} - kvm: Atomic memslot updates (David Hildenbrand) [Orabug: 35719844] - KVM: keep track of running ioctls (Emanuele Giuseppe Esposito) [Orabug: 35719844] - accel: introduce accelerator blocker API (Emanuele Giuseppe Esposito) [Orabug: 35719844] - KVM: Use a big lock to replace per-kml slots_lock (Peter Xu) [Orabug: 35719844] - pcie: don't set link state active if the slot is empty (Laurent Vivier) [Orabug: 35707933] - vhost-vdpa: do not cleanup the vdpa/vhost-net structures if peer nic is present (Ani Sinha) [Orabug: 35662850] {CVE-2023-3301} seabios sgabios supermin MODERATE Copyright 2024 Oracle, Inc. CVE-2023-0330 CVE-2023-3301 CVE-2023-3180 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:linux:8::kvm_appstream cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 Oracle Linux 7 [5.4.17-2136.328.3.el7] - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (Mark Zhang) [Orabug: 36143228] - KSPLICE: make sure the stack is zeroed. (Gregory Herrero) [Orabug: 36154654] - sched/fair: Fix tg->load when offlining a CPU (Vincent Guittot) [Orabug: 36185207] - i2c: core: Fix atomic xfer check for non-preempt config (Benjamin Bara) - net: Save and restore msg_namelen in sock_sendmsg (Marc Dionne) [5.4.17-2136.328.2.el7] - LTS tag: v5.4.266 (Sherry Yang) - block: Don't invalidate pagecache for invalid falloc modes (Sarthak Kukreti) - smb: client: fix OOB in smbCalcSize() (Paulo Alcantara) {CVE-2023-6606} - usb: fotg210-hcd: delete an incorrect bounds test (Dan Carpenter) - x86/alternatives: Sync core before enabling interrupts (Thomas Gleixner) - net: rfkill: gpio: set GPIO direction (Rouven Czerwinski) - net: 9p: avoid freeing uninit memory in p9pdu_vreadf (Fedor Pchelkin) - Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent (Luiz Augusto von Dentz) - USB: serial: option: add Quectel RM500Q R13 firmware support (Reinhard Speyerer) - USB: serial: option: add Foxconn T99W265 with new baseline (Slark Xiao) - USB: serial: option: add Quectel EG912Y module support (Alper Ak) - USB: serial: ftdi_sio: update Actisense PIDs constant names (Mark Glover) - wifi: cfg80211: fix certs build to not depend on file order (Johannes Berg) - wifi: cfg80211: Add my certificate (Chen-Yu Tsai) - iio: adc: ti_am335x_adc: Fix return value check of tiadc_request_dma() (Wadim Egorov) - iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table (Javier Carrasco) - scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() (Wei Yongjun) - Input: ipaq-micro-keys - add error handling for devm_kmemdup (Haoran Liu) - iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw (Su Hui) - interconnect: Treat xlate() returning NULL node as an error (Mike Tipton) - btrfs: do not allow non subvolume root targets for snapshot (Josef Bacik) - smb: client: fix NULL deref in asn1_ber_decoder() (Paulo Alcantara) - ALSA: hda/hdmi: add force-connect quirk for NUC5CPYB (Kai Vehmanen) - ALSA: hda/hdmi: Add quirk to force pin connectivity on NUC10 (Kai Vehmanen) - pinctrl: at91-pio4: use dedicated lock class for IRQ (Alexis Lothore) - i2c: aspeed: Handle the coalesced stop conditions with the start conditions. (Quan Nguyen) - afs: Fix overwriting of result of DNS query (David Howells) - net: check dev->gso_max_size in gso_features_check() (Eric Dumazet) - net: warn if gso_type isn't set for a GSO SKB (Heiner Kallweit) - afs: Fix dynamic root lookup DNS check (David Howells) - afs: Fix the dynamic root's d_delete to always delete unused dentries (David Howells) - net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev() (Liu Jian) - net/rose: fix races in rose_kill_by_device() (Eric Dumazet) - ethernet: atheros: fix a memleak in atl1e_setup_ring_resources (Zhipeng Lu) - net: sched: ife: fix potential use-after-free (Eric Dumazet) - net/mlx5e: Correct snprintf truncation handling for fw_version buffer used by representors (Rahul Rameshbabu) - net/mlx5: Fix fw tracer first block check (Moshe Shemesh) - net/mlx5: improve some comments (Hu Haowen) - Revert 'net/mlx5e: fix double free of encap_header' (Vlad Buslov) - wifi: mac80211: mesh_plink: fix matches_local logic (Johannes Berg) - s390/vx: fix save/restore of fpu kernel context (Heiko Carstens) - reset: Fix crash when freeing non-existent optional resets (Geert Uytterhoeven) - ARM: OMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init (Kunwu Chan) - ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE (Namjae Jeon) - ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5 (Bin Li) - LTS tag: v5.4.265 (Sherry Yang) - powerpc/ftrace: Fix stack teardown in ftrace_no_trace (Naveen N Rao) - powerpc/ftrace: Create a dummy stackframe to fix stack unwind (Naveen N Rao) - mmc: block: Be sure to wait while busy in CQE error recovery (Adrian Hunter) - ring-buffer: Fix memory leak of free page (Steven Rostedt (Google)) - team: Fix use-after-free when an option instance allocation fails (Florent Revest) - arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify (James Houghton) - ext4: prevent the normalized size from exceeding EXT_MAX_BLOCKS (Baokun Li) - soundwire: stream: fix NULL pointer dereference for multi_link (Krzysztof Kozlowski) - HID: hid-asus: add const to read-only outgoing usb buffer (Denis Benato) - net: usb: qmi_wwan: claim interface 4 for ZTE MF290 (Lech Perczak) - asm-generic: qspinlock: fix queued_spin_value_unlocked() implementation (Linus Torvalds) - HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad (Aoba K) - HID: hid-asus: reset the backlight brightness level on resume (Denis Benato) - HID: add ALWAYS_POLL quirk for Apple kb (Oliver Neukum) - platform/x86: intel_telemetry: Fix kernel doc descriptions (Andy Shevchenko) - bcache: avoid NULL checking to c->root in run_cache_set() (Coly Li) - bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() (Coly Li) - bcache: avoid oversize memory allocation by small stripe_size (Coly Li) - blk-throttle: fix lockdep warning of 'cgroup_mutex or RCU read lock required!' (Ming Lei) - usb: aqc111: check packet for fixup for true limit (Oliver Neukum) - ALSA: hda/hdmi: add force-connect quirks for ASUSTeK Z170 variants (Kai Vehmanen) - appletalk: Fix Use-After-Free in atalk_ioctl (Hyunwoo Kim) - net: stmmac: Handle disabled MDIO busses from devicetree (Andrew Halaney) - net: stmmac: use dev_err_probe() for reporting mdio bus registration failure (Rasmus Villemoes) - vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space() (Nikolay Kuratov) - sign-file: Fix incorrect return values check (Yusong Gao) - net: Remove acked SYN flag from packet in the transmit queue correctly (Dong Chenchen) - qed: Fix a potential use-after-free in qed_cxt_tables_alloc (Dinghao Liu) - net/rose: Fix Use-After-Free in rose_ioctl (Hyunwoo Kim) - atm: Fix Use-After-Free in do_vcc_ioctl (Hyunwoo Kim) - atm: solos-pci: Fix potential deadlock on &tx_queue_lock (Chengfeng Ye) - atm: solos-pci: Fix potential deadlock on &cli_queue_lock (Chengfeng Ye) - qca_spi: Fix reset behavior (Stefan Wahren) - qca_debug: Fix ethtool -G iface tx behavior (Stefan Wahren) - qca_debug: Prevent crash on TX ring changes (Stefan Wahren) - net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (Maciej Zenczykowski) - afs: Fix refcount underflow from error handling race (David Howells) - LTS tag: v5.4.264 (Sherry Yang) - devcoredump: Send uevent once devcd is ready (Mukesh Ojha) - devcoredump : Serialize devcd_del work (Mukesh Ojha) - smb: client: fix potential NULL deref in parse_dfs_referrals() (Paulo Alcantara) - cifs: Fix non-availability of dedup breaking generic/304 (David Howells) - Revert 'btrfs: add dmesg output for first mount and last unmount of a filesystem' (Greg Kroah-Hartman) - drop_monitor: Require 'CAP_SYS_ADMIN' when joining 'events' group (Ido Schimmel) - psample: Require 'CAP_NET_ADMIN' when joining 'packets' group (Ido Schimmel) - genetlink: add CAP_NET_ADMIN test for multicast bind (Ido Schimmel) - netlink: don't call ->netlink_bind with table lock held (Ido Schimmel) - io_uring/af_unix: disable sending io_uring over sockets (Pavel Begunkov) - nilfs2: fix missing error check for sb_set_blocksize call (Ryusuke Konishi) - KVM: s390/mm: Properly reset no-dat (Claudio Imbrenda) - x86/CPU/AMD: Check vendor in the AMD microcode callback (Borislav Petkov (AMD)) - serial: 8250_omap: Add earlycon support for the AM654 UART controller (Ronald Wahl) - serial: sc16is7xx: address RX timeout interrupt errata (Daniel Mack) - ARM: PL011: Fix DMA support (Arnd Bergmann) - usb: typec: class: fix typec_altmode_put_partner to put plugs (RD Babiera) - parport: Add support for Brainboxes IX/UC/PX parallel cards (Cameron Williams) - usb: gadget: f_hid: fix report descriptor allocation (Konstantin Aladyshev) - mmc: sdhci-sprd: Fix vqmmc not shutting down after the card was pulled (Wenchao Chen) - mmc: core: add helpers mmc_regulator_enable/disable_vqmmc (Heiner Kallweit) - gpiolib: sysfs: Fix error handling on failed export (Boerge Struempfel) - arm64: dts: mediatek: mt8173-evb: Fix regulator-fixed node names (AngeloGioacchino Del Regno) - arm64: dts: mediatek: mt7622: fix memory node warning check (Eugen Hristev) - packet: Move reference count in packet_sock to atomic_long_t (Daniel Borkmann) - tracing: Fix a possible race when disabling buffered events (Petr Pavlu) - tracing: Fix incomplete locking when disabling buffered events (Petr Pavlu) - tracing: Always update snapshot buffer size (Steven Rostedt (Google)) - nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage() (Ryusuke Konishi) - ALSA: pcm: fix out-of-bounds in snd_pcm_state_names (Jason Zhang) - ARM: dts: imx7: Declare timers compatible with fsl,imx6dl-gpt (Philipp Zabel) - ARM: dts: imx: make gpt node name generic (Anson Huang) - ARM: imx: Check return value of devm_kasprintf in imx_mmdc_perf_init (Kunwu Chan) - scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() (Dinghao Liu) - tracing: Fix a warning when allocating buffered events fails (Petr Pavlu) - ASoC: wm_adsp: fix memleak in wm_adsp_buffer_populate (Dinghao Liu) - hwmon: (acpi_power_meter) Fix 4.29 MW bug (Armin Wolf) - RDMA/bnxt_re: Correct module description string (Kalesh AP) - bpf: sockmap, updating the sg structure should also update curr (John Fastabend) - tcp: do not accept ACK of bytes we never sent (Eric Dumazet) - netfilter: xt_owner: Fix for unsafe access of sk->sk_socket (Phil Sutter) - net: hns: fix fake link up on xge port (Yonglong Liu) - ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit() (Shigeru Yoshida) - arcnet: restoring support for multiple Sohard Arcnet cards (Thomas Reichinger) - net: arcnet: com20020 fix error handling (Tong Zhang) - net: arcnet: Fix RESET flag handling (Ahmed S. Darwish) - hv_netvsc: rndis_filter needs to select NLS (Randy Dunlap) - ipv6: fix potential NULL deref in fib6_add() (Eric Dumazet) - of: dynamic: Fix of_reconfig_get_state_change() return value documentation (Luca Ceresoli) - of: Add missing 'Return' section in kerneldoc comments (Rob Herring) - of: Fix kerneldoc output formatting (Rob Herring) - of: base: Fix some formatting issues and provide missing descriptions (Lee Jones) - of/irq: Make of_msi_map_rid() PCI bus agnostic (Lorenzo Pieralisi) - of/irq: make of_msi_map_get_device_domain() bus agnostic (Diana Craciun) - of/iommu: Make of_map_rid() PCI agnostic (Lorenzo Pieralisi) - ACPI/IORT: Make iort_msi_map_rid() PCI agnostic (Lorenzo Pieralisi) - ACPI/IORT: Make iort_get_device_domain IRQ domain agnostic (Lorenzo Pieralisi) - of: base: Add of_get_cpu_state_node() to get idle states for a CPU node (Ulf Hansson) - drm/amdgpu: correct chunk_ptr to a pointer to chunk. (YuanShang) - kconfig: fix memory leak from range properties (Masahiro Yamada) - tg3: Increment tx_dropped in tg3_tso_bug() (Alex Pakhunov) - tg3: Move the [rt]x_dropped counters to tg3_napi (Alex Pakhunov) - netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test (Jozsef Kadlecsik) - LTS tag: v5.4.263 (Sherry Yang) - mmc: block: Retry commands in CQE error recovery (Adrian Hunter) - mmc: core: convert comma to semicolon (Zheng Yongjun) - mmc: cqhci: Fix task clearing in CQE error recovery (Adrian Hunter) - mmc: cqhci: Warn of halt or task clear failure (Adrian Hunter) - mmc: cqhci: Increase recovery halt timeout (Adrian Hunter) - cpufreq: imx6q: Don't disable 792 Mhz OPP unnecessarily (Christoph Niedermaier) - cpufreq: imx6q: don't warn for disabling a non-existing frequency (Christoph Niedermaier) - scsi: qla2xxx: Fix system crash due to bad pointer access (Quinn Tran) - scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (Bart Van Assche) - scsi: core: Introduce the scsi_cmd_to_rq() function (Bart Van Assche) - ima: detect changes to the backing overlay file (Mimi Zohar) - ovl: skip overlayfs superblocks at global sync (Konstantin Khlebnikov) - ima: annotate iint mutex to avoid lockdep false positive warnings (Amir Goldstein) - fbdev: stifb: Make the STI next font pointer a 32-bit signed offset (Helge Deller) - mtd: cfi_cmdset_0001: Byte swap OTP info (Linus Walleij) - mtd: cfi_cmdset_0001: Support the absence of protection registers (Jean-Philippe Brucker) - s390/cmma: fix detection of DAT pages (Heiko Carstens) - s390/mm: fix phys vs virt confusion in mark_kernel_pXd() functions family (Alexander Gordeev) - smb3: fix touch -h of symlink (Steve French) - net: ravb: Start TX queues after HW initialization succeeded (Claudiu Beznea) - net: ravb: Use pm_runtime_resume_and_get() (Claudiu Beznea) - ravb: Fix races between ravb_tx_timeout_work() and net related ops (Yoshihiro Shimoda) - net: stmmac: xgmac: Disable FPE MMC interrupts (Furong Xu) - ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet (Zhengchao Shao) - Input: xpad - add HyperX Clutch Gladiate Support (Max Nguyen) - btrfs: make error messages more clear when getting a chunk map (Filipe Manana) - btrfs: send: ensure send_fd is writable (Jann Horn) - btrfs: fix off-by-one when checking chunk map includes logical address (Filipe Manana) - powerpc: Don't clobber f0/vs0 during fp|altivec register save (Timothy Pearson) - bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (Markus Weippert) - dm verity: don't perform FEC for failed readahead IO (Wu Bo) - dm-verity: align struct dm_verity_fec_io properly (Mikulas Patocka) - ALSA: hda/realtek: Add supported ALC257 for ChromeOS (Kailang Yang) - ALSA: hda/realtek: Headset Mic VREF to 100% (Kailang Yang) - ALSA: hda: Disable power-save on KONTRON SinglePC (Takashi Iwai) - mmc: block: Do not lose cache flush during CQE error recovery (Adrian Hunter) - firewire: core: fix possible memory leak in create_units() (Yang Yingliang) - pinctrl: avoid reload of p state in list iteration (Maria Yu) - io_uring: fix off-by one bvec index (Keith Busch) - USB: dwc3: qcom: fix wakeup after probe deferral (Johan Hovold) - USB: dwc3: qcom: fix resource leaks on probe deferral (Johan Hovold) - usb: dwc3: set the dma max_seg_size (Ricardo Ribalda) - USB: dwc2: write HCINT with INTMASK applied (Oliver Neukum) - USB: serial: option: don't claim interface 4 for ZTE MF290 (Lech Perczak) - USB: serial: option: fix FM101R-GL defines (Puliang Lu) - USB: serial: option: add Fibocom L7xx modules (Victor Fragoso) - bcache: prevent potential division by zero error (Rand Deeb) - bcache: check return value from btree_node_alloc_replacement() (Coly Li) - dm-delay: fix a race between delay_presuspend and delay_bio (Mikulas Patocka) - hv_netvsc: Mark VF as slave before exposing it to user-mode (Long Li) - hv_netvsc: Fix race of register_netdevice_notifier and VF register (Haiyang Zhang) - USB: serial: option: add Luat Air72*U series products (Asuna Yang) - s390/dasd: protect device queue against concurrent access (Jan Hoppner) - bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() (Coly Li) - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA (Hans de Goede) - ext4: make sure allocate pending entry not fail (Zhang Yi) - ext4: fix slab-use-after-free in ext4_es_insert_extent() (Baokun Li) - ext4: using nofail preallocation in ext4_es_insert_extent() (Baokun Li) - ext4: using nofail preallocation in ext4_es_insert_delayed_block() (Baokun Li) - ext4: using nofail preallocation in ext4_es_remove_extent() (Baokun Li) - ext4: use pre-allocated es in __es_remove_extent() (Baokun Li) - ext4: use pre-allocated es in __es_insert_extent() (Baokun Li) - ext4: factor out __es_alloc_extent() and __es_free_extent() (Baokun Li) - ext4: add a new helper to check if es must be kept (Baokun Li) - MIPS: KVM: Fix a build warning about variable set but not used (Huacai Chen) - nvmet: nul-terminate the NQNs passed in the connect command (Christoph Hellwig) - nvmet: remove unnecessary ctrl parameter (Chaitanya Kulkarni) - afs: Fix file locking on R/O volumes to operate in local mode (David Howells) - afs: Return ENOENT if no cell DNS record can be found (David Howells) - net: axienet: Fix check for partial TX checksum (Samuel Holland) - amd-xgbe: propagate the correct speed and duplex status (Raju Rangoju) - amd-xgbe: handle the corner-case during tx completion (Raju Rangoju) - amd-xgbe: handle corner-case during sfp hotplug (Raju Rangoju) - arm/xen: fix xen_vcpu_info allocation alignment (Stefano Stabellini) - net: usb: ax88179_178a: fix failed operations during ax88179_reset (Jose Ignacio Tornos Martinez) - ipv4: Correct/silence an endian warning in __ip_do_redirect (Kunwu Chan) - HID: fix HID device resource race between HID core and debugging support (Charles Yi) - HID: core: store the unique system identifier in hid_device (Benjamin Tissoires) - drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full (Jonas Karlman) - ata: pata_isapnp: Add missing error check for devm_ioport_map() (Chen Ni) - drm/panel: simple: Fix Innolux G101ICE-L01 timings (Marek Vasut) - drm/panel: simple: Fix Innolux G101ICE-L01 bus flags (Marek Vasut) - afs: Make error on cell lookup failure consistent with OpenAFS (David Howells) - PCI: keystone: Drop __init from ks_pcie_add_pcie_{ep,port}() (Nathan Chancellor) - RDMA/irdma: Prevent zero-length STAG registration (Christopher Bednarz) {CVE-2023-25775} - driver core: Release all resources during unbind before updating device links (Saravana Kannan) - LTS tag: v5.4.262 (Sherry Yang) - netfilter: nf_tables: bogus EBUSY when deleting flowtable after flush (for 5.4) (Pablo Neira Ayuso) - netfilter: nf_tables: disable toggling dormant table state more than once (Pablo Neira Ayuso) - netfilter: nf_tables: fix table flag updates (Pablo Neira Ayuso) - netfilter: nftables: update table flags from the commit phase (Pablo Neira Ayuso) - netfilter: nf_tables: double hook unregistration in netns path (Pablo Neira Ayuso) - netfilter: nf_tables: unregister flowtable hooks on netns exit (Pablo Neira Ayuso) - netfilter: nf_tables: fix memleak when more than 255 elements expired (Pablo Neira Ayuso) - netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (Pablo Neira Ayuso) - netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention (Pablo Neira Ayuso) - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction (Pablo Neira Ayuso) - netfilter: nf_tables: defer gc run if previous batch is still pending (Florian Westphal) - netfilter: nf_tables: use correct lock to protect gc_list (Pablo Neira Ayuso) - netfilter: nf_tables: GC transaction race with abort path (Pablo Neira Ayuso) - netfilter: nf_tables: GC transaction race with netns dismantle (Pablo Neira Ayuso) - netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path (Pablo Neira Ayuso) - netfilter: nf_tables: remove busy mark and gc batch API (Pablo Neira Ayuso) - netfilter: nft_set_hash: mark set element as dead when deleting from packet path (Pablo Neira Ayuso) - netfilter: nf_tables: adapt set backend to use GC transaction API (Pablo Neira Ayuso) - netfilter: nf_tables: GC transaction API to avoid race with control plane (Pablo Neira Ayuso) - netfilter: nf_tables: don't skip expired elements during walk (Florian Westphal) - netfilter: nft_set_rbtree: fix overlap expiration walk (Florian Westphal) - netfilter: nft_set_rbtree: fix null deref on element insertion (Florian Westphal) - netfilter: nft_set_rbtree: Switch to node list walk for overlap detection (Pablo Neira Ayuso) - netfilter: nf_tables: drop map element references from preparation phase (Pablo Neira Ayuso) - netfilter: nftables: rename set element data activation/deactivation functions (Pablo Neira Ayuso) - netfilter: nf_tables: pass context to nft_set_destroy() (Pablo Neira Ayuso) - drm/amdgpu: fix error handling in amdgpu_bo_list_get() (Christian Konig) - ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks (Kemeng Shi) - ext4: correct the start block of counting reserved clusters (Zhang Yi) - ext4: correct return value of ext4_convert_meta_bg (Kemeng Shi) - ext4: correct offset of gdb backup in non meta_bg group to update_backups (Kemeng Shi) - ext4: apply umask if ACL support is disabled (Max Kellermann) - Revert 'net: r8169: Disable multicast filter for RTL8168H and RTL8107E' (Heiner Kallweit) - nfsd: fix file memleak on client_opens_release (Mahmoud Adam) - media: venus: hfi: add checks to handle capabilities from firmware (Vikash Garodia) - media: venus: hfi: fix the check to handle session buffer requirement (Vikash Garodia) - media: venus: hfi_parser: Add check to keep the number of codecs within range (Vikash Garodia) - media: sharp: fix sharp encoding (Sean Young) - media: lirc: drop trailing space from scancode transmit (Sean Young) - i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (Heiner Kallweit) - net: dsa: lan9303: consequently nested-lock physical MDIO (Alexander Sverdlin) - Revert ncsi: Propagate carrier gain/loss events to the NCSI controller (Johnathan Mantey) - Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE (Guan Wentao) - Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables (Masum Reza) - bluetooth: Add device 13d3:3571 to device tables (Larry Finger) - bluetooth: Add device 0bda:887b to device tables (Larry Finger) - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559 (Artem Lukyanov) - Bluetooth: btusb: add Realtek 8822CE to usb_device_id table (Joseph Hwang) - Bluetooth: btusb: Add flag to define wideband speech capability (Alain Michaud) - tty: serial: meson: fix hard LOCKUP on crtscts mode (Pavel Krasavin) - serial: meson: Use platform_get_irq() to get the interrupt (Lad Prabhakar) - tty: serial: meson: retrieve port FIFO size from DT (Neil Armstrong) - serial: meson: remove redundant initialization of variable id (Colin Ian King) - ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC (Chandradeep Dey) - ALSA: info: Fix potential deadlock at disconnection (Takashi Iwai) - parisc/pgtable: Do not drop upper 5 address bits of physical address (Helge Deller) - parisc: Prevent booting 64-bit kernels on PA1.x machines (Helge Deller) - i3c: master: cdns: Fix reading status register (Joshua Yeong) - mm/cma: use nth_page() in place of direct struct page manipulation (Zi Yan) - dmaengine: stm32-mdma: correct desc prep when channel running (Alain Volmat) - mcb: fix error handling for different scenarios when parsing (Sanjuan Garcia, Jorge) - i2c: core: Run atomic i2c xfer when !preemptible (Benjamin Bara) - kernel/reboot: emergency_restart: Set correct system_state (Benjamin Bara) - quota: explicitly forbid quota files from being encrypted (Eric Biggers) - jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev (Zhihao Cheng) - btrfs: don't arbitrarily slow down delalloc if we're committing (Josef Bacik) - PM: hibernate: Clean up sync_read handling in snapshot_write_next() (Brian Geffon) - PM: hibernate: Use __get_safe_page() rather than touching the list (Brian Geffon) - mmc: vub300: fix an error code (Dan Carpenter) - clk: qcom: ipq8074: drop the CLK_SET_RATE_PARENT flag from PLL clocks (Kathiravan Thirumoorthy) - parisc/pdc: Add width field to struct pdc_model (Helge Deller) - PCI: keystone: Don't discard .probe() callback (Uwe Kleine-Konig) - PCI: keystone: Don't discard .remove() callback (Uwe Kleine-Konig) - genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware (Herve Codina) - mmc: meson-gx: Remove setting of CMD_CFG_ERROR (Rong Chen) - ACPI: resource: Do IRQ override on TongFang GMxXGxx (Werner Sembach) - PCI/sysfs: Protect driver's D3cold preference from user space (Lukas Wunner) - hvc/xen: fix error path in xen_hvc_init() to always register frontend driver (David Woodhouse) - audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare() (Paul Moore) - audit: don't take task_lock() in audit_exe_compare() code path (Paul Moore) - KVM: x86: Ignore MSR_AMD64_TW_CFG access (Maciej S. Szmigiero) - KVM: x86: hyper-v: Don't auto-enable stimer on write from user-space (Nicolas Saenz Julienne) - x86/cpu/hygon: Fix the CPU topology evaluation for real (Pu Wen) - scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for selected registers (Chandrakanth patil) - bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END (Shung-Hsi Yu) - randstruct: Fix gcc-plugin performance mode to stay in group (Kees Cook) - media: venus: hfi: add checks to perform sanity on queue pointers (Vikash Garodia) - cifs: spnego: add ';' in HOST_KEY_LEN (Anastasia Belova) - tools/power/turbostat: Fix a knl bug (Zhang Rui) - macvlan: Don't propagate promisc change to lower dev in passthru (Vlad Buslov) - net/mlx5e: Check return value of snprintf writing to fw_version buffer for representors (Rahul Rameshbabu) - net: stmmac: fix rx budget limit check (Baruch Siach) - net: stmmac: Rework stmmac_rx() (Jose Abreu) - netfilter: nf_conntrack_bridge: initialize err to 0 (Linkui Xiao) - net: ethernet: cortina: Fix MTU max setting (Linus Walleij) - net: ethernet: cortina: Handle large frames (Linus Walleij) - net: ethernet: cortina: Fix max RX frame define (Linus Walleij) - bonding: stop the device in bond_setup_by_slave() (Eric Dumazet) - ptp: annotate data-race around q->head and q->tail (Eric Dumazet) - xen/events: fix delayed eoi list handling (Juergen Gross) - ppp: limit MRU to 64K (Willem de Bruijn) - tipc: Fix kernel-infoleak due to uninitialized TLV value (Shigeru Yoshida) - net: hns3: fix variable may not initialized problem in hns3_init_mac_addr() (Yonglong Liu) - tty: Fix uninit-value access in ppp_sync_receive() (Shigeru Yoshida) - ipvlan: add ipvlan_route_v6_outbound() helper (Eric Dumazet) - NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO (Olga Kornievskaia) - wifi: iwlwifi: Use FW rate for non-data frames (Miri Korenblit) - pwm: Fix double shift bug (Dan Carpenter) - ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings (Tony Lindgren) - kgdb: Flush console before entering kgdb on panic (Douglas Anderson) - drm/amd/display: Avoid NULL dereference of timing generator (Wayne Lin) - media: cobalt: Use FIELD_GET() to extract Link Width (Ilpo Jarvinen) - gfs2: ignore negated quota changes (Bob Peterson) - media: vivid: avoid integer overflow (Hans Verkuil) - media: gspca: cpia1: shift-out-of-bounds in set_flicker (Rajeshwar R Shinde) - i2c: sun6i-p2wi: Prevent potential division by zero (Axel Lin) - usb: gadget: f_ncm: Always set current gadget in ncm_bind() (Hardik Gajjar) - tty: vcc: Add check for kstrdup() in vcc_probe() (Yi Yang) - HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W (Jiri Kosina) - scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (Wenchao Hao) - atm: iphase: Do PCI error checks on own line (Ilpo Jarvinen) - PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields (Ilpo Jarvinen) - ALSA: hda: Fix possible null-ptr-deref when assigning a stream (Cezary Rojewski) - ARM: 9320/1: fix stack depot IRQ stack filter (Vincent Whitchurch) - jfs: fix array-index-out-of-bounds in diAlloc (Manas Ghandat) - jfs: fix array-index-out-of-bounds in dbFindLeaf (Manas Ghandat) - fs/jfs: Add validity check for db_maxag and db_agpref (Juntong Deng) - fs/jfs: Add check for negative db_l2nbperpage (Juntong Deng) - RDMA/hfi1: Use FIELD_GET() to extract Link Width (Ilpo Jarvinen) - crypto: pcrypt - Fix hungtask for PADATA_RESET (Lu Jialin) - selftests/efivarfs: create-read: fix a resource leak (zhujun2) - drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL (Qu Huang) - drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (Mario Limonciello) - drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (Mario Limonciello) - drm/komeda: drop all currently held locks if deadlock happens (baozhu.liu) - platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e (Olli Asikainen) - Bluetooth: Fix double free in hci_conn_cleanup (ZhengHan Wang) {CVE-2023-28464} - wifi: ath10k: Don't touch the CE interrupt registers after power up (Douglas Anderson) - net: annotate data-races around sk->sk_dst_pending_confirm (Eric Dumazet) - net: annotate data-races around sk->sk_tx_queue_mapping (Eric Dumazet) - wifi: ath10k: fix clang-specific fortify warning (Dmitry Antipov) - wifi: ath9k: fix clang-specific fortify warnings (Dmitry Antipov) - wifi: mac80211: don't return unset power in ieee80211_get_tx_power() (Ping-Ke Shih) - wifi: mac80211_hwsim: fix clang-specific fortify warning (Dmitry Antipov) - x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size (Mike Rapoport (IBM)) - clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware (Ronald Wahl) - clocksource/drivers/timer-imx-gpt: Fix potential memory leak (Jacky Bai) - perf/core: Bail out early if the request AUX area is out of bound (Shuai Xue) - locking/ww_mutex/test: Fix potential workqueue corruption (John Stultz) - LTS tag: v5.4.261 (Sherry Yang) - btrfs: use u64 for buffer sizes in the tree search ioctls (Filipe Manana) - fbdev: fsl-diu-fb: mark wr_reg_wa() static (Arnd Bergmann) - fbdev: imsttfb: fix a resource leak in probe (Dan Carpenter) - fbdev: imsttfb: Fix error path of imsttfb_probe() (Helge Deller) - spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (Amit Kumar Mahapatra) - drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE (Erik Kurzinger) - netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses (Florian Westphal) - netfilter: nft_redir: use struct nf_nat_range2 throughout and deduplicate eval call-backs (Jeremy Sowden) - netfilter: xt_recent: fix (increase) ipv6 literal buffer length (Maciej Zenczykowski) - r8169: respect userspace disabling IFF_MULTICAST (Heiner Kallweit) - tg3: power down device only on SYSTEM_POWER_OFF (George Shuklin) - net/smc: fix dangling sock under state SMC_APPFINCLOSEWAIT (D. Wythe) - net: stmmac: xgmac: Enable support for multiple Flexible PPS outputs (Furong Xu) - Fix termination state for idr_for_each_entry_ul() (NeilBrown) - dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses. (Kuniyuki Iwashima) - dccp: Call security_inet_conn_request() after setting IPv4 addresses. (Kuniyuki Iwashima) - tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (Shigeru Yoshida) - llc: verify mac len before reading mac header (Willem de Bruijn) - Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (Dan Carpenter) - pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume (Florian Fainelli) - pwm: sti: Reduce number of allocations and drop usage of chip_data (Uwe Kleine-Konig) - pwm: sti: Avoid conditional gotos (Thierry Reding) - regmap: prevent noinc writes from clobbering cache (Ben Wolsieffer) - media: s3c-camif: Avoid inappropriate kfree() (Katya Orlova) - media: bttv: fix use after free error due to btv->timeout timer (Zheng Wang) - pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() (Yang Yingliang) - pcmcia: ds: fix refcount leak in pcmcia_device_add() (Yang Yingliang) - pcmcia: cs: fix possible hung task and memory leak pccardd() (Yang Yingliang) - rtc: pcf85363: fix wrong mask/val parameters in regmap_update_bits call (Javier Carrasco) - i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs (Dinghao Liu) - powerpc/pseries: fix potential memory leak in init_cpu_associativity() (Wang Yufen) - powerpc/imc-pmu: Use the correct spinlock initializer. (Sebastian Andrzej Siewior) - powerpc/xive: Fix endian conversion size (Benjamin Gray) - modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host (Masahiro Yamada) - f2fs: fix to initialize map.m_pblk in f2fs_precache_extents() (Chao Yu) - dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() (Christophe JAILLET) - USB: usbip: fix stub_dev hub disconnect (Jonas Blixt) - tools: iio: iio_generic_buffer ensure alignment (Matti Vaittinen) - tools: iio: iio_generic_buffer: Fix some integer type and calculation (Chenyuan Mi) - tools: iio: privatize globals and functions in iio_generic_buffer.c file (Alexandru Ardelean) - misc: st_core: Do not call kfree_skb() under spin_lock_irqsave() (Jinjie Ruan) - dmaengine: ti: edma: handle irq_of_parse_and_map() errors (Dan Carpenter) - usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency (Jia-Ju Bai) - tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (Yi Yang) - leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu' (Christophe JAILLET) - ledtrig-cpu: Limit to 8 CPUs (Pavel Machek) - leds: pwm: Don't disable the PWM when the LED should be off (Uwe Kleine-Konig) - leds: pwm: convert to atomic PWM API (Uwe Kleine-Konig) - leds: pwm: simplify if condition (Uwe Kleine-Konig) - mfd: dln2: Fix double put in dln2_probe (Dinghao Liu) - ASoC: ams-delta.c: use component after check (Kuninori Morimoto) - ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails (Cezary Rojewski) - sh: bios: Revive earlyprintk support (Geert Uytterhoeven) - RDMA/hfi1: Workaround truncation compilation error (Leon Romanovsky) - scsi: ufs: core: Leave space for '\0' in utf8 desc string (Daniel Mentz) - ext4: move 'ix' sanity check to corrent position (Gou Hao) - ARM: 9321/1: memset: cast the constant byte to unsigned char (Kursad Oney) - hid: cp2112: Fix duplicate workqueue initialization (Danny Kaehn) - HID: cp2112: Use irqchip template (Linus Walleij) - crypto: caam/jr - fix Chacha20 + Poly1305 self test failure (Gaurav Jain) - crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure (Gaurav Jain) - nd_btt: Make BTT lanes preemptible (Tomas Glozar) - sched/rt: Provide migrate_disable/enable() inlines (Thomas Gleixner) - libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and check its return value (Chen Ni) - hwrng: geode - fix accessing registers (Jonas Gorski) - clk: scmi: Free scmi_clk allocated when the clocks with invalid info are skipped (Sudeep Holla) - firmware: ti_sci: Mark driver as non removable (Dhruva Gole) - firmware: ti_sci: Replace HTTP links with HTTPS ones (Alexander A. Klimov) - soc: qcom: llcc: Handle a second device without data corruption (Uwe Kleine-Konig) - soc: qcom: Rename llcc-slice to llcc-qcom (Vivek Gautam) - soc: qcom: llcc cleanup to get rid of sdm845 specific driver file (Vivek Gautam) - ARM: dts: qcom: mdm9615: populate vsdcc fixed regulator (Krzysztof Kozlowski) - arm64: dts: qcom: sdm845-mtp: fix WiFi configuration (Dmitry Baryshkov) - drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() (Christophe JAILLET) - drm/radeon: possible buffer overflow (Konstantin Meskhidze) - drm/rockchip: vop: Fix call to crtc reset helper (Jonas Karlman) - drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs (Jonas Karlman) - hwmon: (coretemp) Fix potentially truncated sysfs attribute name (Zhang Rui) - platform/x86: wmi: Fix opening of char device (Armin Wolf) - platform/x86: wmi: remove unnecessary initializations (Barnabas Pocze) - platform/x86: wmi: Fix probe failure when failing to register WMI devices (Armin Wolf) - clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data (Jiasheng Jiang) - clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data (Jiasheng Jiang) - clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data (Jiasheng Jiang) - clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data (Jiasheng Jiang) - clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data (Jiasheng Jiang) - clk: npcm7xx: Fix incorrect kfree (Jonathan Neuschafer) - clk: keystone: pll: fix a couple NULL vs IS_ERR() checks (Dan Carpenter) - clk: imx: Select MXC_CLK for CLK_IMX8QXP (Abel Vesa) - clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src (Danila Tikhonov) - clk: qcom: gcc-sm8150: use ARRAY_SIZE instead of specifying num_parents (Dmitry Baryshkov) - clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies (Devi Priya) - regmap: debugfs: Fix a erroneous check after snprintf() (Christophe JAILLET) - ipvlan: properly track tx_errors (Eric Dumazet) - net: add DEV_STATS_READ() helper (Eric Dumazet) - ipv6: avoid atomic fragment on GSO packets (Yan Zhai) - ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() (Christophe JAILLET) - tcp: fix cookie_init_timestamp() overflows (Eric Dumazet) - tcp: Remove one extra ktime_get_ns() from cookie_init_timestamp (Eric Dumazet) - chtls: fix tp->rcv_tstamp initialization (Eric Dumazet) - r8169: fix rare issue with broken rx after link-down on RTL8125 (Heiner Kallweit) - r8169: use tp_to_dev instead of open code (Juhee Kang) - thermal: core: prevent potential string overflow (Dan Carpenter) - can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() (Marc Kleine-Budde) - can: dev: can_restart(): don't crash kernel if carrier is OK (Marc Kleine-Budde) - wifi: rtlwifi: fix EDCA limit set by BT coexistence (Dmitry Antipov) - tcp_metrics: do not create an entry from tcp_init_metrics() (Eric Dumazet) - tcp_metrics: properly set tp->snd_ssthresh in tcp_init_metrics() (Eric Dumazet) - tcp_metrics: add missing barriers on delete (Eric Dumazet) - wifi: mt76: mt7603: rework/fix rx pse hang check (Felix Fietkau) - wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (Jinjie Ruan) - tcp: call tcp_try_undo_recovery when an RTOd TFO SYNACK is ACKed (Aananth V) - i40e: fix potential memory leaks in i40e_remove() (Andrii Staikov) - genirq/matrix: Exclude managed interrupts in irq_matrix_allocated() (Chen Yu) - vfs: fix readahead(2) on block devices (Reuben Hawkins) - LTS tag: v5.4.260 (Sherry Yang) - tty: 8250: Add support for Intashield IS-100 (Cameron Williams) - tty: 8250: Add support for Brainboxes UP cards (Cameron Williams) - tty: 8250: Add support for additional Brainboxes UC cards (Cameron Williams) - tty: 8250: Remove UC-257 and UC-431 (Cameron Williams) - usb: storage: set 1.50 as the lower bcdDevice for older 'Super Top' compatibility (LihaSika) - PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device (Vicki Pfau) - Revert 'ARM: dts: Move am33xx and am43xx mmc nodes to sdhci-omap driver' (Matthias Schiffer) - remove the sx8 block driver (Christoph Hellwig) [5.4.17-2136.328.1.el7] - net/mlx5e: Check for NOT_READY flag state after locking (Vlad Buslov) [Orabug: 36014945] - net/mlx5e: fix memory leak in mlx5e_ptp_open (Zhengchao Shao) [Orabug: 36014945] - net/mlx5e: Fix error handling in mlx5e_refresh_tirs (Saeed Mahameed) [Orabug: 36014945] - net/mlx5e: Don't attach netdev profile while handling internal error (Dmytro Linkin) [Orabug: 36014945] - net/mlx5e: Do not update SBCM when prio2buffer command is invalid (Maher Sanalla) [Orabug: 36014945] - mlxsw: pci: Fix possible crash during initialization (Ido Schimmel) [Orabug: 36014945] - net/mlx5: E-Switch, Fix an Oops in error handling code (Dan Carpenter) [Orabug: 36014945] - net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port (Maor Dickman) [Orabug: 36014945] - net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (Shay Drory) [Orabug: 36014945] - net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (Shay Drory) [Orabug: 36014945] - net/mlx5: SF: Fix probing active SFs during driver probe phase (Shay Drory) [Orabug: 36014945] - net/mlx5e: Remove WARN_ON when trying to offload an unsupported TLS cipher/version (Gal Pressman) [Orabug: 36014945] - net/mlx5: Fix mlx5_get_next_dev() peer device matching (Saeed Mahameed) [Orabug: 36014945] - net/mlx5: Drain fw_reset when removing device (Shay Drory) [Orabug: 36014945] - net/mlx5: Lag, filter non compatible devices (Mark Bloch) [Orabug: 36014945] - net/mlx5: Disable SRIOV before PF removal (Yishai Hadas) [Orabug: 36014945] - net/mlx5: Lag, Make mlx5_lag_is_multipath() be static inline (Maor Dickman) [Orabug: 36014945] - net/mlx5: Lag, change multipath and bonding to be mutually exclusive (Maor Dickman) [Orabug: 36014945] - net/mlx5e: Destroy page pool after XDP SQ to fix use-after-free (Maxim Mikityanskiy) [Orabug: 36014945] - net/mlx5: Lag, move lag destruction to a workqueue (Mark Bloch) [Orabug: 36014945] - net/mlx5: Unload device upon firmware fatal error (Aya Levin) [Orabug: 36014945] - net/mlx5: Remove unnecessary spin lock protection (Eli Cohen) [Orabug: 36014945] - net/mlx5e: When changing XDP program without reset, take refs for XSK RQs (Maxim Mikityanskiy) [Orabug: 36014945] - net/mlx5e: Check tunnel offload is required before setting SWP (Moshe Shemesh) [Orabug: 36014945] - net/mlx5e: Remove unused mlx5e_xsk_first_unused_channel (Maxim Mikityanskiy) [Orabug: 36014945] - net/mlx5e: Fix stats update for matchall classifier (Roi Dayan) [Orabug: 36014945] - net/mlx5e: Set of completion request bit should not clear other adjacent bits (Tariq Toukan) [Orabug: 36014945] - mlxsw: pci: Wait longer before accessing the device after reset (Amit Cohen) [Orabug: 36014945] - mlxsw: pci: Remove unused values (Ido Schimmel) [Orabug: 36014945] - mlxsw: core: Add validation of hardware device types for MGPIR register (Vadim Pasternak) [Orabug: 36014945] - netdevsim: fix using uninitialized resources (Taehee Yoo) [Orabug: 36014945] - net/mlx5: Read num_vfs before disabling SR-IOV (Parav Pandit) [Orabug: 36014945] - net/mlx5: DR, Replace CRC32 implementation to use kernel lib (Hamdan Igbaria) [Orabug: 36014945] - mlxsw: pci: Increase PCI reset timeout for SN3800 systems (Ido Schimmel) [Orabug: 36014945] - mlxsw: hwmon: Provide optimization for QSFP modules number detection (Vadim Pasternak) [Orabug: 36014945] - mlxsw: reg: Extend MGPIR register with new field exposing the number of QSFP modules (Vadim Pasternak) [Orabug: 36014945] - vhost-scsi: add parentheses to macro of VHOST_SCSI_MAX_VQ (Dongli Zhang) [Orabug: 36119643] - iommu/amd: Do not flush IRTE when only updating isRun and destination fields (Suravee Suthikulpanit) [Orabug: 36101189] - xfs: try to avoid allocation blocking on busy extents (Mark Tinguely) [Orabug: 36096908] - EDAC/amd64: Add support for AMD family 1Ah models 00h-1Fh and 40h-4Fh (Avadhut Naik) [Orabug: 36092305] - EDAC/amd64: Add get_err_info() to pvt->ops (Muralidhara M K) [Orabug: 36092305] - EDAC/amd64: Split dump_misc_regs() into dct/umc functions (Muralidhara M K) [Orabug: 36092305] - EDAC/amd64: Split init_csrows() into dct/umc functions (Muralidhara M K) [Orabug: 36092305] - EDAC/amd64: Split determine_edac_cap() into dct/umc functions (Muralidhara M K) [Orabug: 36092305] - EDAC/amd64: Rename f17h_determine_edac_ctl_cap() (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Split setup_mci_misc_attrs() into dct/umc functions (Muralidhara M K) [Orabug: 36092305] - EDAC/amd64: Split ecc_enabled() into dct/umc functions (Muralidhara M K) [Orabug: 36092305] - EDAC/amd64: Split read_mc_regs() into dct/umc functions (Muralidhara M K) [Orabug: 36092305] - EDAC/amd64: Split determine_memory_type() into dct/umc functions (Muralidhara M K) [Orabug: 36092305] - EDAC/amd64: Split read_base_mask() into dct/umc functions (Muralidhara M K) [Orabug: 36092305] - EDAC/amd64: Split prep_chip_selects() into dct/umc functions (Muralidhara M K) [Orabug: 36092305] - EDAC/amd64: Rework hw_info_{get,put} (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Merge struct amd64_family_type into struct amd64_pvt (Muralidhara M K) [Orabug: 36092305] - EDAC/amd64: Do not discover ECC symbol size for Family 17h and later (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Drop dbam_to_cs() for Family 17h and later (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Split get_csrow_nr_pages() into dct/umc functions (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Rename debug_display_dimm_sizes() (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Shut up an -Werror,-Wsometimes-uninitialized clang false positive (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Remove early_channel_count() (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Remove PCI Function 0 (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Remove PCI Function 6 (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Remove scrub rate control for Family 17h and later (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Don't set up EDAC PCI control on Family 17h+ (Yazen Ghannam) [Orabug: 36092305] - x86/amd_nb: Unexport amd_cache_northbridges() (Muralidhara M K) [Orabug: 36092305] - EDAC/amd64: Add new register offset support and related changes (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Set memory type per DIMM (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Add support for family 19h, models 50h-5fh (Marc Bevand) [Orabug: 36092305] - EDAC/amd64: Add context struct (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Allow for DF Indirect Broadcast reads (Yazen Ghannam) [Orabug: 36092305] - x86/amd_nb, EDAC/amd64: Move DF Indirect Read to AMD64 EDAC (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Issue probing messages only on properly detected hardware (Borislav Petkov) [Orabug: 36092305] - EDAC/amd64: Tone down messages about missing PCI IDs (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Do not load on family 0x15, model 0x13 (Borislav Petkov) [Orabug: 36092305] - EDAC/amd64: Remove redundant assignment to variable ret in hw_info_get() (Colin Ian King) [Orabug: 36092305] - crypto: ccp - Add support for PCI device 0x156E (John Allen) [Orabug: 36092305] - crypto: ccp - Add support for PCI device 0x17E0 (Mario Limonciello) [Orabug: 36092305] - crypto: ccp - Provide MMIO register naming for documenation (Tom Lendacky) [Orabug: 36092305] - crypto: ccp - Add support for TEE for PCI ID 0x14CA (Mario Limonciello) [Orabug: 36092305] - x86/amd_nb: Add PCI IDs for AMD Family 1Ah-based models (Avadhut Naik) [Orabug: 36092305] - x86/amd_nb: Re-sort and re-indent PCI defines (Borislav Petkov (AMD)) [Orabug: 36092305] - x86/amd_nb: Add MI200 PCI IDs (Yazen Ghannam) [Orabug: 36092305] - x86/amd_nb: Add PCI ID for family 19h model 78h (Mario Limonciello) [Orabug: 36092305] - x86/amd_nb: Add AMD PCI IDs for SMN communication (Mario Limonciello) [Orabug: 36092305] - hwmon: (k10temp) Add thermal support for AMD Family 1Ah-based models (Avadhut Naik) [Orabug: 36092305] - hwmon: (k10temp) Add PCI ID for family 19, model 78h (Mario Limonciello) [Orabug: 36092305] - hwmon: (k10temp): Add support for new family 17h and 19h models (Mario Limonciello) [Orabug: 36092305] - uek-rpm: Update the x86 kABI files for new symbol (Yifei Liu) [Orabug: 36090182] - audit: Apply special optimizations (Hakon Bugge) [Orabug: 36089817] - audit: Vary struct audit_entry alignment (Hakon Bugge) [Orabug: 36089817] - eth: bnxt: handle invalid Tx completions more gracefully (Jakub Kicinski) [Orabug: 36075755] - tcp: Tunables for TCP delayed ack (min and max) timers (Venkat Venkatsubra) [Orabug: 35875891] - tcp: fix ambiguity for SACKed TLP retransmits with RTT < min_rtt (Neal Cardwell) [Orabug: 35875891] - Add basic Emerald Rapids support to UEK6 (Henry Willard) [Orabug: 35063919] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2022-29901 CVE-2023-4244 CVE-2023-25775 CVE-2023-45863 CVE-2022-29900 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 8 [5.4.17-2136.328.3.el8] - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (Mark Zhang) [Orabug: 36143228] - KSPLICE: make sure the stack is zeroed. (Gregory Herrero) [Orabug: 36154654] - sched/fair: Fix tg->load when offlining a CPU (Vincent Guittot) [Orabug: 36185207] - i2c: core: Fix atomic xfer check for non-preempt config (Benjamin Bara) - net: Save and restore msg_namelen in sock_sendmsg (Marc Dionne) [5.4.17-2136.328.2.el8] - LTS tag: v5.4.266 (Sherry Yang) - block: Don't invalidate pagecache for invalid falloc modes (Sarthak Kukreti) - smb: client: fix OOB in smbCalcSize() (Paulo Alcantara) {CVE-2023-6606} - usb: fotg210-hcd: delete an incorrect bounds test (Dan Carpenter) - x86/alternatives: Sync core before enabling interrupts (Thomas Gleixner) - net: rfkill: gpio: set GPIO direction (Rouven Czerwinski) - net: 9p: avoid freeing uninit memory in p9pdu_vreadf (Fedor Pchelkin) - Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent (Luiz Augusto von Dentz) - USB: serial: option: add Quectel RM500Q R13 firmware support (Reinhard Speyerer) - USB: serial: option: add Foxconn T99W265 with new baseline (Slark Xiao) - USB: serial: option: add Quectel EG912Y module support (Alper Ak) - USB: serial: ftdi_sio: update Actisense PIDs constant names (Mark Glover) - wifi: cfg80211: fix certs build to not depend on file order (Johannes Berg) - wifi: cfg80211: Add my certificate (Chen-Yu Tsai) - iio: adc: ti_am335x_adc: Fix return value check of tiadc_request_dma() (Wadim Egorov) - iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table (Javier Carrasco) - scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() (Wei Yongjun) - Input: ipaq-micro-keys - add error handling for devm_kmemdup (Haoran Liu) - iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw (Su Hui) - interconnect: Treat xlate() returning NULL node as an error (Mike Tipton) - btrfs: do not allow non subvolume root targets for snapshot (Josef Bacik) - smb: client: fix NULL deref in asn1_ber_decoder() (Paulo Alcantara) - ALSA: hda/hdmi: add force-connect quirk for NUC5CPYB (Kai Vehmanen) - ALSA: hda/hdmi: Add quirk to force pin connectivity on NUC10 (Kai Vehmanen) - pinctrl: at91-pio4: use dedicated lock class for IRQ (Alexis Lothore) - i2c: aspeed: Handle the coalesced stop conditions with the start conditions. (Quan Nguyen) - afs: Fix overwriting of result of DNS query (David Howells) - net: check dev->gso_max_size in gso_features_check() (Eric Dumazet) - net: warn if gso_type isn't set for a GSO SKB (Heiner Kallweit) - afs: Fix dynamic root lookup DNS check (David Howells) - afs: Fix the dynamic root's d_delete to always delete unused dentries (David Howells) - net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev() (Liu Jian) - net/rose: fix races in rose_kill_by_device() (Eric Dumazet) - ethernet: atheros: fix a memleak in atl1e_setup_ring_resources (Zhipeng Lu) - net: sched: ife: fix potential use-after-free (Eric Dumazet) - net/mlx5e: Correct snprintf truncation handling for fw_version buffer used by representors (Rahul Rameshbabu) - net/mlx5: Fix fw tracer first block check (Moshe Shemesh) - net/mlx5: improve some comments (Hu Haowen) - Revert 'net/mlx5e: fix double free of encap_header' (Vlad Buslov) - wifi: mac80211: mesh_plink: fix matches_local logic (Johannes Berg) - s390/vx: fix save/restore of fpu kernel context (Heiko Carstens) - reset: Fix crash when freeing non-existent optional resets (Geert Uytterhoeven) - ARM: OMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init (Kunwu Chan) - ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE (Namjae Jeon) - ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5 (Bin Li) - LTS tag: v5.4.265 (Sherry Yang) - powerpc/ftrace: Fix stack teardown in ftrace_no_trace (Naveen N Rao) - powerpc/ftrace: Create a dummy stackframe to fix stack unwind (Naveen N Rao) - mmc: block: Be sure to wait while busy in CQE error recovery (Adrian Hunter) - ring-buffer: Fix memory leak of free page (Steven Rostedt (Google)) - team: Fix use-after-free when an option instance allocation fails (Florent Revest) - arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify (James Houghton) - ext4: prevent the normalized size from exceeding EXT_MAX_BLOCKS (Baokun Li) - soundwire: stream: fix NULL pointer dereference for multi_link (Krzysztof Kozlowski) - HID: hid-asus: add const to read-only outgoing usb buffer (Denis Benato) - net: usb: qmi_wwan: claim interface 4 for ZTE MF290 (Lech Perczak) - asm-generic: qspinlock: fix queued_spin_value_unlocked() implementation (Linus Torvalds) - HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad (Aoba K) - HID: hid-asus: reset the backlight brightness level on resume (Denis Benato) - HID: add ALWAYS_POLL quirk for Apple kb (Oliver Neukum) - platform/x86: intel_telemetry: Fix kernel doc descriptions (Andy Shevchenko) - bcache: avoid NULL checking to c->root in run_cache_set() (Coly Li) - bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() (Coly Li) - bcache: avoid oversize memory allocation by small stripe_size (Coly Li) - blk-throttle: fix lockdep warning of 'cgroup_mutex or RCU read lock required!' (Ming Lei) - usb: aqc111: check packet for fixup for true limit (Oliver Neukum) - ALSA: hda/hdmi: add force-connect quirks for ASUSTeK Z170 variants (Kai Vehmanen) - appletalk: Fix Use-After-Free in atalk_ioctl (Hyunwoo Kim) - net: stmmac: Handle disabled MDIO busses from devicetree (Andrew Halaney) - net: stmmac: use dev_err_probe() for reporting mdio bus registration failure (Rasmus Villemoes) - vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space() (Nikolay Kuratov) - sign-file: Fix incorrect return values check (Yusong Gao) - net: Remove acked SYN flag from packet in the transmit queue correctly (Dong Chenchen) - qed: Fix a potential use-after-free in qed_cxt_tables_alloc (Dinghao Liu) - net/rose: Fix Use-After-Free in rose_ioctl (Hyunwoo Kim) - atm: Fix Use-After-Free in do_vcc_ioctl (Hyunwoo Kim) - atm: solos-pci: Fix potential deadlock on &tx_queue_lock (Chengfeng Ye) - atm: solos-pci: Fix potential deadlock on &cli_queue_lock (Chengfeng Ye) - qca_spi: Fix reset behavior (Stefan Wahren) - qca_debug: Fix ethtool -G iface tx behavior (Stefan Wahren) - qca_debug: Prevent crash on TX ring changes (Stefan Wahren) - net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (Maciej Zenczykowski) - afs: Fix refcount underflow from error handling race (David Howells) - LTS tag: v5.4.264 (Sherry Yang) - devcoredump: Send uevent once devcd is ready (Mukesh Ojha) - devcoredump : Serialize devcd_del work (Mukesh Ojha) - smb: client: fix potential NULL deref in parse_dfs_referrals() (Paulo Alcantara) - cifs: Fix non-availability of dedup breaking generic/304 (David Howells) - Revert 'btrfs: add dmesg output for first mount and last unmount of a filesystem' (Greg Kroah-Hartman) - drop_monitor: Require 'CAP_SYS_ADMIN' when joining 'events' group (Ido Schimmel) - psample: Require 'CAP_NET_ADMIN' when joining 'packets' group (Ido Schimmel) - genetlink: add CAP_NET_ADMIN test for multicast bind (Ido Schimmel) - netlink: don't call ->netlink_bind with table lock held (Ido Schimmel) - io_uring/af_unix: disable sending io_uring over sockets (Pavel Begunkov) - nilfs2: fix missing error check for sb_set_blocksize call (Ryusuke Konishi) - KVM: s390/mm: Properly reset no-dat (Claudio Imbrenda) - x86/CPU/AMD: Check vendor in the AMD microcode callback (Borislav Petkov (AMD)) - serial: 8250_omap: Add earlycon support for the AM654 UART controller (Ronald Wahl) - serial: sc16is7xx: address RX timeout interrupt errata (Daniel Mack) - ARM: PL011: Fix DMA support (Arnd Bergmann) - usb: typec: class: fix typec_altmode_put_partner to put plugs (RD Babiera) - parport: Add support for Brainboxes IX/UC/PX parallel cards (Cameron Williams) - usb: gadget: f_hid: fix report descriptor allocation (Konstantin Aladyshev) - mmc: sdhci-sprd: Fix vqmmc not shutting down after the card was pulled (Wenchao Chen) - mmc: core: add helpers mmc_regulator_enable/disable_vqmmc (Heiner Kallweit) - gpiolib: sysfs: Fix error handling on failed export (Boerge Struempfel) - arm64: dts: mediatek: mt8173-evb: Fix regulator-fixed node names (AngeloGioacchino Del Regno) - arm64: dts: mediatek: mt7622: fix memory node warning check (Eugen Hristev) - packet: Move reference count in packet_sock to atomic_long_t (Daniel Borkmann) - tracing: Fix a possible race when disabling buffered events (Petr Pavlu) - tracing: Fix incomplete locking when disabling buffered events (Petr Pavlu) - tracing: Always update snapshot buffer size (Steven Rostedt (Google)) - nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage() (Ryusuke Konishi) - ALSA: pcm: fix out-of-bounds in snd_pcm_state_names (Jason Zhang) - ARM: dts: imx7: Declare timers compatible with fsl,imx6dl-gpt (Philipp Zabel) - ARM: dts: imx: make gpt node name generic (Anson Huang) - ARM: imx: Check return value of devm_kasprintf in imx_mmdc_perf_init (Kunwu Chan) - scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() (Dinghao Liu) - tracing: Fix a warning when allocating buffered events fails (Petr Pavlu) - ASoC: wm_adsp: fix memleak in wm_adsp_buffer_populate (Dinghao Liu) - hwmon: (acpi_power_meter) Fix 4.29 MW bug (Armin Wolf) - RDMA/bnxt_re: Correct module description string (Kalesh AP) - bpf: sockmap, updating the sg structure should also update curr (John Fastabend) - tcp: do not accept ACK of bytes we never sent (Eric Dumazet) - netfilter: xt_owner: Fix for unsafe access of sk->sk_socket (Phil Sutter) - net: hns: fix fake link up on xge port (Yonglong Liu) - ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit() (Shigeru Yoshida) - arcnet: restoring support for multiple Sohard Arcnet cards (Thomas Reichinger) - net: arcnet: com20020 fix error handling (Tong Zhang) - net: arcnet: Fix RESET flag handling (Ahmed S. Darwish) - hv_netvsc: rndis_filter needs to select NLS (Randy Dunlap) - ipv6: fix potential NULL deref in fib6_add() (Eric Dumazet) - of: dynamic: Fix of_reconfig_get_state_change() return value documentation (Luca Ceresoli) - of: Add missing 'Return' section in kerneldoc comments (Rob Herring) - of: Fix kerneldoc output formatting (Rob Herring) - of: base: Fix some formatting issues and provide missing descriptions (Lee Jones) - of/irq: Make of_msi_map_rid() PCI bus agnostic (Lorenzo Pieralisi) - of/irq: make of_msi_map_get_device_domain() bus agnostic (Diana Craciun) - of/iommu: Make of_map_rid() PCI agnostic (Lorenzo Pieralisi) - ACPI/IORT: Make iort_msi_map_rid() PCI agnostic (Lorenzo Pieralisi) - ACPI/IORT: Make iort_get_device_domain IRQ domain agnostic (Lorenzo Pieralisi) - of: base: Add of_get_cpu_state_node() to get idle states for a CPU node (Ulf Hansson) - drm/amdgpu: correct chunk_ptr to a pointer to chunk. (YuanShang) - kconfig: fix memory leak from range properties (Masahiro Yamada) - tg3: Increment tx_dropped in tg3_tso_bug() (Alex Pakhunov) - tg3: Move the [rt]x_dropped counters to tg3_napi (Alex Pakhunov) - netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test (Jozsef Kadlecsik) - LTS tag: v5.4.263 (Sherry Yang) - mmc: block: Retry commands in CQE error recovery (Adrian Hunter) - mmc: core: convert comma to semicolon (Zheng Yongjun) - mmc: cqhci: Fix task clearing in CQE error recovery (Adrian Hunter) - mmc: cqhci: Warn of halt or task clear failure (Adrian Hunter) - mmc: cqhci: Increase recovery halt timeout (Adrian Hunter) - cpufreq: imx6q: Don't disable 792 Mhz OPP unnecessarily (Christoph Niedermaier) - cpufreq: imx6q: don't warn for disabling a non-existing frequency (Christoph Niedermaier) - scsi: qla2xxx: Fix system crash due to bad pointer access (Quinn Tran) - scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (Bart Van Assche) - scsi: core: Introduce the scsi_cmd_to_rq() function (Bart Van Assche) - ima: detect changes to the backing overlay file (Mimi Zohar) - ovl: skip overlayfs superblocks at global sync (Konstantin Khlebnikov) - ima: annotate iint mutex to avoid lockdep false positive warnings (Amir Goldstein) - fbdev: stifb: Make the STI next font pointer a 32-bit signed offset (Helge Deller) - mtd: cfi_cmdset_0001: Byte swap OTP info (Linus Walleij) - mtd: cfi_cmdset_0001: Support the absence of protection registers (Jean-Philippe Brucker) - s390/cmma: fix detection of DAT pages (Heiko Carstens) - s390/mm: fix phys vs virt confusion in mark_kernel_pXd() functions family (Alexander Gordeev) - smb3: fix touch -h of symlink (Steve French) - net: ravb: Start TX queues after HW initialization succeeded (Claudiu Beznea) - net: ravb: Use pm_runtime_resume_and_get() (Claudiu Beznea) - ravb: Fix races between ravb_tx_timeout_work() and net related ops (Yoshihiro Shimoda) - net: stmmac: xgmac: Disable FPE MMC interrupts (Furong Xu) - ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet (Zhengchao Shao) - Input: xpad - add HyperX Clutch Gladiate Support (Max Nguyen) - btrfs: make error messages more clear when getting a chunk map (Filipe Manana) - btrfs: send: ensure send_fd is writable (Jann Horn) - btrfs: fix off-by-one when checking chunk map includes logical address (Filipe Manana) - powerpc: Don't clobber f0/vs0 during fp|altivec register save (Timothy Pearson) - bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (Markus Weippert) - dm verity: don't perform FEC for failed readahead IO (Wu Bo) - dm-verity: align struct dm_verity_fec_io properly (Mikulas Patocka) - ALSA: hda/realtek: Add supported ALC257 for ChromeOS (Kailang Yang) - ALSA: hda/realtek: Headset Mic VREF to 100% (Kailang Yang) - ALSA: hda: Disable power-save on KONTRON SinglePC (Takashi Iwai) - mmc: block: Do not lose cache flush during CQE error recovery (Adrian Hunter) - firewire: core: fix possible memory leak in create_units() (Yang Yingliang) - pinctrl: avoid reload of p state in list iteration (Maria Yu) - io_uring: fix off-by one bvec index (Keith Busch) - USB: dwc3: qcom: fix wakeup after probe deferral (Johan Hovold) - USB: dwc3: qcom: fix resource leaks on probe deferral (Johan Hovold) - usb: dwc3: set the dma max_seg_size (Ricardo Ribalda) - USB: dwc2: write HCINT with INTMASK applied (Oliver Neukum) - USB: serial: option: don't claim interface 4 for ZTE MF290 (Lech Perczak) - USB: serial: option: fix FM101R-GL defines (Puliang Lu) - USB: serial: option: add Fibocom L7xx modules (Victor Fragoso) - bcache: prevent potential division by zero error (Rand Deeb) - bcache: check return value from btree_node_alloc_replacement() (Coly Li) - dm-delay: fix a race between delay_presuspend and delay_bio (Mikulas Patocka) - hv_netvsc: Mark VF as slave before exposing it to user-mode (Long Li) - hv_netvsc: Fix race of register_netdevice_notifier and VF register (Haiyang Zhang) - USB: serial: option: add Luat Air72*U series products (Asuna Yang) - s390/dasd: protect device queue against concurrent access (Jan Hoppner) - bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() (Coly Li) - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA (Hans de Goede) - ext4: make sure allocate pending entry not fail (Zhang Yi) - ext4: fix slab-use-after-free in ext4_es_insert_extent() (Baokun Li) - ext4: using nofail preallocation in ext4_es_insert_extent() (Baokun Li) - ext4: using nofail preallocation in ext4_es_insert_delayed_block() (Baokun Li) - ext4: using nofail preallocation in ext4_es_remove_extent() (Baokun Li) - ext4: use pre-allocated es in __es_remove_extent() (Baokun Li) - ext4: use pre-allocated es in __es_insert_extent() (Baokun Li) - ext4: factor out __es_alloc_extent() and __es_free_extent() (Baokun Li) - ext4: add a new helper to check if es must be kept (Baokun Li) - MIPS: KVM: Fix a build warning about variable set but not used (Huacai Chen) - nvmet: nul-terminate the NQNs passed in the connect command (Christoph Hellwig) - nvmet: remove unnecessary ctrl parameter (Chaitanya Kulkarni) - afs: Fix file locking on R/O volumes to operate in local mode (David Howells) - afs: Return ENOENT if no cell DNS record can be found (David Howells) - net: axienet: Fix check for partial TX checksum (Samuel Holland) - amd-xgbe: propagate the correct speed and duplex status (Raju Rangoju) - amd-xgbe: handle the corner-case during tx completion (Raju Rangoju) - amd-xgbe: handle corner-case during sfp hotplug (Raju Rangoju) - arm/xen: fix xen_vcpu_info allocation alignment (Stefano Stabellini) - net: usb: ax88179_178a: fix failed operations during ax88179_reset (Jose Ignacio Tornos Martinez) - ipv4: Correct/silence an endian warning in __ip_do_redirect (Kunwu Chan) - HID: fix HID device resource race between HID core and debugging support (Charles Yi) - HID: core: store the unique system identifier in hid_device (Benjamin Tissoires) - drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full (Jonas Karlman) - ata: pata_isapnp: Add missing error check for devm_ioport_map() (Chen Ni) - drm/panel: simple: Fix Innolux G101ICE-L01 timings (Marek Vasut) - drm/panel: simple: Fix Innolux G101ICE-L01 bus flags (Marek Vasut) - afs: Make error on cell lookup failure consistent with OpenAFS (David Howells) - PCI: keystone: Drop __init from ks_pcie_add_pcie_{ep,port}() (Nathan Chancellor) - RDMA/irdma: Prevent zero-length STAG registration (Christopher Bednarz) {CVE-2023-25775} - driver core: Release all resources during unbind before updating device links (Saravana Kannan) - LTS tag: v5.4.262 (Sherry Yang) - netfilter: nf_tables: bogus EBUSY when deleting flowtable after flush (for 5.4) (Pablo Neira Ayuso) - netfilter: nf_tables: disable toggling dormant table state more than once (Pablo Neira Ayuso) - netfilter: nf_tables: fix table flag updates (Pablo Neira Ayuso) - netfilter: nftables: update table flags from the commit phase (Pablo Neira Ayuso) - netfilter: nf_tables: double hook unregistration in netns path (Pablo Neira Ayuso) - netfilter: nf_tables: unregister flowtable hooks on netns exit (Pablo Neira Ayuso) - netfilter: nf_tables: fix memleak when more than 255 elements expired (Pablo Neira Ayuso) - netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (Pablo Neira Ayuso) - netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention (Pablo Neira Ayuso) - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction (Pablo Neira Ayuso) - netfilter: nf_tables: defer gc run if previous batch is still pending (Florian Westphal) - netfilter: nf_tables: use correct lock to protect gc_list (Pablo Neira Ayuso) - netfilter: nf_tables: GC transaction race with abort path (Pablo Neira Ayuso) - netfilter: nf_tables: GC transaction race with netns dismantle (Pablo Neira Ayuso) - netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path (Pablo Neira Ayuso) - netfilter: nf_tables: remove busy mark and gc batch API (Pablo Neira Ayuso) - netfilter: nft_set_hash: mark set element as dead when deleting from packet path (Pablo Neira Ayuso) - netfilter: nf_tables: adapt set backend to use GC transaction API (Pablo Neira Ayuso) - netfilter: nf_tables: GC transaction API to avoid race with control plane (Pablo Neira Ayuso) - netfilter: nf_tables: don't skip expired elements during walk (Florian Westphal) - netfilter: nft_set_rbtree: fix overlap expiration walk (Florian Westphal) - netfilter: nft_set_rbtree: fix null deref on element insertion (Florian Westphal) - netfilter: nft_set_rbtree: Switch to node list walk for overlap detection (Pablo Neira Ayuso) - netfilter: nf_tables: drop map element references from preparation phase (Pablo Neira Ayuso) - netfilter: nftables: rename set element data activation/deactivation functions (Pablo Neira Ayuso) - netfilter: nf_tables: pass context to nft_set_destroy() (Pablo Neira Ayuso) - drm/amdgpu: fix error handling in amdgpu_bo_list_get() (Christian Konig) - ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks (Kemeng Shi) - ext4: correct the start block of counting reserved clusters (Zhang Yi) - ext4: correct return value of ext4_convert_meta_bg (Kemeng Shi) - ext4: correct offset of gdb backup in non meta_bg group to update_backups (Kemeng Shi) - ext4: apply umask if ACL support is disabled (Max Kellermann) - Revert 'net: r8169: Disable multicast filter for RTL8168H and RTL8107E' (Heiner Kallweit) - nfsd: fix file memleak on client_opens_release (Mahmoud Adam) - media: venus: hfi: add checks to handle capabilities from firmware (Vikash Garodia) - media: venus: hfi: fix the check to handle session buffer requirement (Vikash Garodia) - media: venus: hfi_parser: Add check to keep the number of codecs within range (Vikash Garodia) - media: sharp: fix sharp encoding (Sean Young) - media: lirc: drop trailing space from scancode transmit (Sean Young) - i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (Heiner Kallweit) - net: dsa: lan9303: consequently nested-lock physical MDIO (Alexander Sverdlin) - Revert ncsi: Propagate carrier gain/loss events to the NCSI controller (Johnathan Mantey) - Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE (Guan Wentao) - Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables (Masum Reza) - bluetooth: Add device 13d3:3571 to device tables (Larry Finger) - bluetooth: Add device 0bda:887b to device tables (Larry Finger) - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559 (Artem Lukyanov) - Bluetooth: btusb: add Realtek 8822CE to usb_device_id table (Joseph Hwang) - Bluetooth: btusb: Add flag to define wideband speech capability (Alain Michaud) - tty: serial: meson: fix hard LOCKUP on crtscts mode (Pavel Krasavin) - serial: meson: Use platform_get_irq() to get the interrupt (Lad Prabhakar) - tty: serial: meson: retrieve port FIFO size from DT (Neil Armstrong) - serial: meson: remove redundant initialization of variable id (Colin Ian King) - ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC (Chandradeep Dey) - ALSA: info: Fix potential deadlock at disconnection (Takashi Iwai) - parisc/pgtable: Do not drop upper 5 address bits of physical address (Helge Deller) - parisc: Prevent booting 64-bit kernels on PA1.x machines (Helge Deller) - i3c: master: cdns: Fix reading status register (Joshua Yeong) - mm/cma: use nth_page() in place of direct struct page manipulation (Zi Yan) - dmaengine: stm32-mdma: correct desc prep when channel running (Alain Volmat) - mcb: fix error handling for different scenarios when parsing (Sanjuan Garcia, Jorge) - i2c: core: Run atomic i2c xfer when !preemptible (Benjamin Bara) - kernel/reboot: emergency_restart: Set correct system_state (Benjamin Bara) - quota: explicitly forbid quota files from being encrypted (Eric Biggers) - jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev (Zhihao Cheng) - btrfs: don't arbitrarily slow down delalloc if we're committing (Josef Bacik) - PM: hibernate: Clean up sync_read handling in snapshot_write_next() (Brian Geffon) - PM: hibernate: Use __get_safe_page() rather than touching the list (Brian Geffon) - mmc: vub300: fix an error code (Dan Carpenter) - clk: qcom: ipq8074: drop the CLK_SET_RATE_PARENT flag from PLL clocks (Kathiravan Thirumoorthy) - parisc/pdc: Add width field to struct pdc_model (Helge Deller) - PCI: keystone: Don't discard .probe() callback (Uwe Kleine-Konig) - PCI: keystone: Don't discard .remove() callback (Uwe Kleine-Konig) - genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware (Herve Codina) - mmc: meson-gx: Remove setting of CMD_CFG_ERROR (Rong Chen) - ACPI: resource: Do IRQ override on TongFang GMxXGxx (Werner Sembach) - PCI/sysfs: Protect driver's D3cold preference from user space (Lukas Wunner) - hvc/xen: fix error path in xen_hvc_init() to always register frontend driver (David Woodhouse) - audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare() (Paul Moore) - audit: don't take task_lock() in audit_exe_compare() code path (Paul Moore) - KVM: x86: Ignore MSR_AMD64_TW_CFG access (Maciej S. Szmigiero) - KVM: x86: hyper-v: Don't auto-enable stimer on write from user-space (Nicolas Saenz Julienne) - x86/cpu/hygon: Fix the CPU topology evaluation for real (Pu Wen) - scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for selected registers (Chandrakanth patil) - bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END (Shung-Hsi Yu) - randstruct: Fix gcc-plugin performance mode to stay in group (Kees Cook) - media: venus: hfi: add checks to perform sanity on queue pointers (Vikash Garodia) - cifs: spnego: add ';' in HOST_KEY_LEN (Anastasia Belova) - tools/power/turbostat: Fix a knl bug (Zhang Rui) - macvlan: Don't propagate promisc change to lower dev in passthru (Vlad Buslov) - net/mlx5e: Check return value of snprintf writing to fw_version buffer for representors (Rahul Rameshbabu) - net: stmmac: fix rx budget limit check (Baruch Siach) - net: stmmac: Rework stmmac_rx() (Jose Abreu) - netfilter: nf_conntrack_bridge: initialize err to 0 (Linkui Xiao) - net: ethernet: cortina: Fix MTU max setting (Linus Walleij) - net: ethernet: cortina: Handle large frames (Linus Walleij) - net: ethernet: cortina: Fix max RX frame define (Linus Walleij) - bonding: stop the device in bond_setup_by_slave() (Eric Dumazet) - ptp: annotate data-race around q->head and q->tail (Eric Dumazet) - xen/events: fix delayed eoi list handling (Juergen Gross) - ppp: limit MRU to 64K (Willem de Bruijn) - tipc: Fix kernel-infoleak due to uninitialized TLV value (Shigeru Yoshida) - net: hns3: fix variable may not initialized problem in hns3_init_mac_addr() (Yonglong Liu) - tty: Fix uninit-value access in ppp_sync_receive() (Shigeru Yoshida) - ipvlan: add ipvlan_route_v6_outbound() helper (Eric Dumazet) - NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO (Olga Kornievskaia) - wifi: iwlwifi: Use FW rate for non-data frames (Miri Korenblit) - pwm: Fix double shift bug (Dan Carpenter) - ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings (Tony Lindgren) - kgdb: Flush console before entering kgdb on panic (Douglas Anderson) - drm/amd/display: Avoid NULL dereference of timing generator (Wayne Lin) - media: cobalt: Use FIELD_GET() to extract Link Width (Ilpo Jarvinen) - gfs2: ignore negated quota changes (Bob Peterson) - media: vivid: avoid integer overflow (Hans Verkuil) - media: gspca: cpia1: shift-out-of-bounds in set_flicker (Rajeshwar R Shinde) - i2c: sun6i-p2wi: Prevent potential division by zero (Axel Lin) - usb: gadget: f_ncm: Always set current gadget in ncm_bind() (Hardik Gajjar) - tty: vcc: Add check for kstrdup() in vcc_probe() (Yi Yang) - HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W (Jiri Kosina) - scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (Wenchao Hao) - atm: iphase: Do PCI error checks on own line (Ilpo Jarvinen) - PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields (Ilpo Jarvinen) - ALSA: hda: Fix possible null-ptr-deref when assigning a stream (Cezary Rojewski) - ARM: 9320/1: fix stack depot IRQ stack filter (Vincent Whitchurch) - jfs: fix array-index-out-of-bounds in diAlloc (Manas Ghandat) - jfs: fix array-index-out-of-bounds in dbFindLeaf (Manas Ghandat) - fs/jfs: Add validity check for db_maxag and db_agpref (Juntong Deng) - fs/jfs: Add check for negative db_l2nbperpage (Juntong Deng) - RDMA/hfi1: Use FIELD_GET() to extract Link Width (Ilpo Jarvinen) - crypto: pcrypt - Fix hungtask for PADATA_RESET (Lu Jialin) - selftests/efivarfs: create-read: fix a resource leak (zhujun2) - drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL (Qu Huang) - drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (Mario Limonciello) - drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (Mario Limonciello) - drm/komeda: drop all currently held locks if deadlock happens (baozhu.liu) - platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e (Olli Asikainen) - Bluetooth: Fix double free in hci_conn_cleanup (ZhengHan Wang) {CVE-2023-28464} - wifi: ath10k: Don't touch the CE interrupt registers after power up (Douglas Anderson) - net: annotate data-races around sk->sk_dst_pending_confirm (Eric Dumazet) - net: annotate data-races around sk->sk_tx_queue_mapping (Eric Dumazet) - wifi: ath10k: fix clang-specific fortify warning (Dmitry Antipov) - wifi: ath9k: fix clang-specific fortify warnings (Dmitry Antipov) - wifi: mac80211: don't return unset power in ieee80211_get_tx_power() (Ping-Ke Shih) - wifi: mac80211_hwsim: fix clang-specific fortify warning (Dmitry Antipov) - x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size (Mike Rapoport (IBM)) - clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware (Ronald Wahl) - clocksource/drivers/timer-imx-gpt: Fix potential memory leak (Jacky Bai) - perf/core: Bail out early if the request AUX area is out of bound (Shuai Xue) - locking/ww_mutex/test: Fix potential workqueue corruption (John Stultz) - LTS tag: v5.4.261 (Sherry Yang) - btrfs: use u64 for buffer sizes in the tree search ioctls (Filipe Manana) - fbdev: fsl-diu-fb: mark wr_reg_wa() static (Arnd Bergmann) - fbdev: imsttfb: fix a resource leak in probe (Dan Carpenter) - fbdev: imsttfb: Fix error path of imsttfb_probe() (Helge Deller) - spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (Amit Kumar Mahapatra) - drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE (Erik Kurzinger) - netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses (Florian Westphal) - netfilter: nft_redir: use struct nf_nat_range2 throughout and deduplicate eval call-backs (Jeremy Sowden) - netfilter: xt_recent: fix (increase) ipv6 literal buffer length (Maciej Zenczykowski) - r8169: respect userspace disabling IFF_MULTICAST (Heiner Kallweit) - tg3: power down device only on SYSTEM_POWER_OFF (George Shuklin) - net/smc: fix dangling sock under state SMC_APPFINCLOSEWAIT (D. Wythe) - net: stmmac: xgmac: Enable support for multiple Flexible PPS outputs (Furong Xu) - Fix termination state for idr_for_each_entry_ul() (NeilBrown) - dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses. (Kuniyuki Iwashima) - dccp: Call security_inet_conn_request() after setting IPv4 addresses. (Kuniyuki Iwashima) - tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (Shigeru Yoshida) - llc: verify mac len before reading mac header (Willem de Bruijn) - Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (Dan Carpenter) - pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume (Florian Fainelli) - pwm: sti: Reduce number of allocations and drop usage of chip_data (Uwe Kleine-Konig) - pwm: sti: Avoid conditional gotos (Thierry Reding) - regmap: prevent noinc writes from clobbering cache (Ben Wolsieffer) - media: s3c-camif: Avoid inappropriate kfree() (Katya Orlova) - media: bttv: fix use after free error due to btv->timeout timer (Zheng Wang) - pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() (Yang Yingliang) - pcmcia: ds: fix refcount leak in pcmcia_device_add() (Yang Yingliang) - pcmcia: cs: fix possible hung task and memory leak pccardd() (Yang Yingliang) - rtc: pcf85363: fix wrong mask/val parameters in regmap_update_bits call (Javier Carrasco) - i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs (Dinghao Liu) - powerpc/pseries: fix potential memory leak in init_cpu_associativity() (Wang Yufen) - powerpc/imc-pmu: Use the correct spinlock initializer. (Sebastian Andrzej Siewior) - powerpc/xive: Fix endian conversion size (Benjamin Gray) - modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host (Masahiro Yamada) - f2fs: fix to initialize map.m_pblk in f2fs_precache_extents() (Chao Yu) - dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() (Christophe JAILLET) - USB: usbip: fix stub_dev hub disconnect (Jonas Blixt) - tools: iio: iio_generic_buffer ensure alignment (Matti Vaittinen) - tools: iio: iio_generic_buffer: Fix some integer type and calculation (Chenyuan Mi) - tools: iio: privatize globals and functions in iio_generic_buffer.c file (Alexandru Ardelean) - misc: st_core: Do not call kfree_skb() under spin_lock_irqsave() (Jinjie Ruan) - dmaengine: ti: edma: handle irq_of_parse_and_map() errors (Dan Carpenter) - usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency (Jia-Ju Bai) - tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (Yi Yang) - leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu' (Christophe JAILLET) - ledtrig-cpu: Limit to 8 CPUs (Pavel Machek) - leds: pwm: Don't disable the PWM when the LED should be off (Uwe Kleine-Konig) - leds: pwm: convert to atomic PWM API (Uwe Kleine-Konig) - leds: pwm: simplify if condition (Uwe Kleine-Konig) - mfd: dln2: Fix double put in dln2_probe (Dinghao Liu) - ASoC: ams-delta.c: use component after check (Kuninori Morimoto) - ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails (Cezary Rojewski) - sh: bios: Revive earlyprintk support (Geert Uytterhoeven) - RDMA/hfi1: Workaround truncation compilation error (Leon Romanovsky) - scsi: ufs: core: Leave space for '\0' in utf8 desc string (Daniel Mentz) - ext4: move 'ix' sanity check to corrent position (Gou Hao) - ARM: 9321/1: memset: cast the constant byte to unsigned char (Kursad Oney) - hid: cp2112: Fix duplicate workqueue initialization (Danny Kaehn) - HID: cp2112: Use irqchip template (Linus Walleij) - crypto: caam/jr - fix Chacha20 + Poly1305 self test failure (Gaurav Jain) - crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure (Gaurav Jain) - nd_btt: Make BTT lanes preemptible (Tomas Glozar) - sched/rt: Provide migrate_disable/enable() inlines (Thomas Gleixner) - libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and check its return value (Chen Ni) - hwrng: geode - fix accessing registers (Jonas Gorski) - clk: scmi: Free scmi_clk allocated when the clocks with invalid info are skipped (Sudeep Holla) - firmware: ti_sci: Mark driver as non removable (Dhruva Gole) - firmware: ti_sci: Replace HTTP links with HTTPS ones (Alexander A. Klimov) - soc: qcom: llcc: Handle a second device without data corruption (Uwe Kleine-Konig) - soc: qcom: Rename llcc-slice to llcc-qcom (Vivek Gautam) - soc: qcom: llcc cleanup to get rid of sdm845 specific driver file (Vivek Gautam) - ARM: dts: qcom: mdm9615: populate vsdcc fixed regulator (Krzysztof Kozlowski) - arm64: dts: qcom: sdm845-mtp: fix WiFi configuration (Dmitry Baryshkov) - drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() (Christophe JAILLET) - drm/radeon: possible buffer overflow (Konstantin Meskhidze) - drm/rockchip: vop: Fix call to crtc reset helper (Jonas Karlman) - drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs (Jonas Karlman) - hwmon: (coretemp) Fix potentially truncated sysfs attribute name (Zhang Rui) - platform/x86: wmi: Fix opening of char device (Armin Wolf) - platform/x86: wmi: remove unnecessary initializations (Barnabas Pocze) - platform/x86: wmi: Fix probe failure when failing to register WMI devices (Armin Wolf) - clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data (Jiasheng Jiang) - clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data (Jiasheng Jiang) - clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data (Jiasheng Jiang) - clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data (Jiasheng Jiang) - clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data (Jiasheng Jiang) - clk: npcm7xx: Fix incorrect kfree (Jonathan Neuschafer) - clk: keystone: pll: fix a couple NULL vs IS_ERR() checks (Dan Carpenter) - clk: imx: Select MXC_CLK for CLK_IMX8QXP (Abel Vesa) - clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src (Danila Tikhonov) - clk: qcom: gcc-sm8150: use ARRAY_SIZE instead of specifying num_parents (Dmitry Baryshkov) - clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies (Devi Priya) - regmap: debugfs: Fix a erroneous check after snprintf() (Christophe JAILLET) - ipvlan: properly track tx_errors (Eric Dumazet) - net: add DEV_STATS_READ() helper (Eric Dumazet) - ipv6: avoid atomic fragment on GSO packets (Yan Zhai) - ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() (Christophe JAILLET) - tcp: fix cookie_init_timestamp() overflows (Eric Dumazet) - tcp: Remove one extra ktime_get_ns() from cookie_init_timestamp (Eric Dumazet) - chtls: fix tp->rcv_tstamp initialization (Eric Dumazet) - r8169: fix rare issue with broken rx after link-down on RTL8125 (Heiner Kallweit) - r8169: use tp_to_dev instead of open code (Juhee Kang) - thermal: core: prevent potential string overflow (Dan Carpenter) - can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() (Marc Kleine-Budde) - can: dev: can_restart(): don't crash kernel if carrier is OK (Marc Kleine-Budde) - wifi: rtlwifi: fix EDCA limit set by BT coexistence (Dmitry Antipov) - tcp_metrics: do not create an entry from tcp_init_metrics() (Eric Dumazet) - tcp_metrics: properly set tp->snd_ssthresh in tcp_init_metrics() (Eric Dumazet) - tcp_metrics: add missing barriers on delete (Eric Dumazet) - wifi: mt76: mt7603: rework/fix rx pse hang check (Felix Fietkau) - wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (Jinjie Ruan) - tcp: call tcp_try_undo_recovery when an RTOd TFO SYNACK is ACKed (Aananth V) - i40e: fix potential memory leaks in i40e_remove() (Andrii Staikov) - genirq/matrix: Exclude managed interrupts in irq_matrix_allocated() (Chen Yu) - vfs: fix readahead(2) on block devices (Reuben Hawkins) - LTS tag: v5.4.260 (Sherry Yang) - tty: 8250: Add support for Intashield IS-100 (Cameron Williams) - tty: 8250: Add support for Brainboxes UP cards (Cameron Williams) - tty: 8250: Add support for additional Brainboxes UC cards (Cameron Williams) - tty: 8250: Remove UC-257 and UC-431 (Cameron Williams) - usb: storage: set 1.50 as the lower bcdDevice for older 'Super Top' compatibility (LihaSika) - PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device (Vicki Pfau) - Revert 'ARM: dts: Move am33xx and am43xx mmc nodes to sdhci-omap driver' (Matthias Schiffer) - remove the sx8 block driver (Christoph Hellwig) [5.4.17-2136.328.1.el8] - net/mlx5e: Check for NOT_READY flag state after locking (Vlad Buslov) [Orabug: 36014945] - net/mlx5e: fix memory leak in mlx5e_ptp_open (Zhengchao Shao) [Orabug: 36014945] - net/mlx5e: Fix error handling in mlx5e_refresh_tirs (Saeed Mahameed) [Orabug: 36014945] - net/mlx5e: Don't attach netdev profile while handling internal error (Dmytro Linkin) [Orabug: 36014945] - net/mlx5e: Do not update SBCM when prio2buffer command is invalid (Maher Sanalla) [Orabug: 36014945] - mlxsw: pci: Fix possible crash during initialization (Ido Schimmel) [Orabug: 36014945] - net/mlx5: E-Switch, Fix an Oops in error handling code (Dan Carpenter) [Orabug: 36014945] - net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port (Maor Dickman) [Orabug: 36014945] - net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (Shay Drory) [Orabug: 36014945] - net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (Shay Drory) [Orabug: 36014945] - net/mlx5: SF: Fix probing active SFs during driver probe phase (Shay Drory) [Orabug: 36014945] - net/mlx5e: Remove WARN_ON when trying to offload an unsupported TLS cipher/version (Gal Pressman) [Orabug: 36014945] - net/mlx5: Fix mlx5_get_next_dev() peer device matching (Saeed Mahameed) [Orabug: 36014945] - net/mlx5: Drain fw_reset when removing device (Shay Drory) [Orabug: 36014945] - net/mlx5: Lag, filter non compatible devices (Mark Bloch) [Orabug: 36014945] - net/mlx5: Disable SRIOV before PF removal (Yishai Hadas) [Orabug: 36014945] - net/mlx5: Lag, Make mlx5_lag_is_multipath() be static inline (Maor Dickman) [Orabug: 36014945] - net/mlx5: Lag, change multipath and bonding to be mutually exclusive (Maor Dickman) [Orabug: 36014945] - net/mlx5e: Destroy page pool after XDP SQ to fix use-after-free (Maxim Mikityanskiy) [Orabug: 36014945] - net/mlx5: Lag, move lag destruction to a workqueue (Mark Bloch) [Orabug: 36014945] - net/mlx5: Unload device upon firmware fatal error (Aya Levin) [Orabug: 36014945] - net/mlx5: Remove unnecessary spin lock protection (Eli Cohen) [Orabug: 36014945] - net/mlx5e: When changing XDP program without reset, take refs for XSK RQs (Maxim Mikityanskiy) [Orabug: 36014945] - net/mlx5e: Check tunnel offload is required before setting SWP (Moshe Shemesh) [Orabug: 36014945] - net/mlx5e: Remove unused mlx5e_xsk_first_unused_channel (Maxim Mikityanskiy) [Orabug: 36014945] - net/mlx5e: Fix stats update for matchall classifier (Roi Dayan) [Orabug: 36014945] - net/mlx5e: Set of completion request bit should not clear other adjacent bits (Tariq Toukan) [Orabug: 36014945] - mlxsw: pci: Wait longer before accessing the device after reset (Amit Cohen) [Orabug: 36014945] - mlxsw: pci: Remove unused values (Ido Schimmel) [Orabug: 36014945] - mlxsw: core: Add validation of hardware device types for MGPIR register (Vadim Pasternak) [Orabug: 36014945] - netdevsim: fix using uninitialized resources (Taehee Yoo) [Orabug: 36014945] - net/mlx5: Read num_vfs before disabling SR-IOV (Parav Pandit) [Orabug: 36014945] - net/mlx5: DR, Replace CRC32 implementation to use kernel lib (Hamdan Igbaria) [Orabug: 36014945] - mlxsw: pci: Increase PCI reset timeout for SN3800 systems (Ido Schimmel) [Orabug: 36014945] - mlxsw: hwmon: Provide optimization for QSFP modules number detection (Vadim Pasternak) [Orabug: 36014945] - mlxsw: reg: Extend MGPIR register with new field exposing the number of QSFP modules (Vadim Pasternak) [Orabug: 36014945] - vhost-scsi: add parentheses to macro of VHOST_SCSI_MAX_VQ (Dongli Zhang) [Orabug: 36119643] - iommu/amd: Do not flush IRTE when only updating isRun and destination fields (Suravee Suthikulpanit) [Orabug: 36101189] - xfs: try to avoid allocation blocking on busy extents (Mark Tinguely) [Orabug: 36096908] - EDAC/amd64: Add support for AMD family 1Ah models 00h-1Fh and 40h-4Fh (Avadhut Naik) [Orabug: 36092305] - EDAC/amd64: Add get_err_info() to pvt->ops (Muralidhara M K) [Orabug: 36092305] - EDAC/amd64: Split dump_misc_regs() into dct/umc functions (Muralidhara M K) [Orabug: 36092305] - EDAC/amd64: Split init_csrows() into dct/umc functions (Muralidhara M K) [Orabug: 36092305] - EDAC/amd64: Split determine_edac_cap() into dct/umc functions (Muralidhara M K) [Orabug: 36092305] - EDAC/amd64: Rename f17h_determine_edac_ctl_cap() (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Split setup_mci_misc_attrs() into dct/umc functions (Muralidhara M K) [Orabug: 36092305] - EDAC/amd64: Split ecc_enabled() into dct/umc functions (Muralidhara M K) [Orabug: 36092305] - EDAC/amd64: Split read_mc_regs() into dct/umc functions (Muralidhara M K) [Orabug: 36092305] - EDAC/amd64: Split determine_memory_type() into dct/umc functions (Muralidhara M K) [Orabug: 36092305] - EDAC/amd64: Split read_base_mask() into dct/umc functions (Muralidhara M K) [Orabug: 36092305] - EDAC/amd64: Split prep_chip_selects() into dct/umc functions (Muralidhara M K) [Orabug: 36092305] - EDAC/amd64: Rework hw_info_{get,put} (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Merge struct amd64_family_type into struct amd64_pvt (Muralidhara M K) [Orabug: 36092305] - EDAC/amd64: Do not discover ECC symbol size for Family 17h and later (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Drop dbam_to_cs() for Family 17h and later (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Split get_csrow_nr_pages() into dct/umc functions (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Rename debug_display_dimm_sizes() (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Shut up an -Werror,-Wsometimes-uninitialized clang false positive (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Remove early_channel_count() (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Remove PCI Function 0 (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Remove PCI Function 6 (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Remove scrub rate control for Family 17h and later (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Don't set up EDAC PCI control on Family 17h+ (Yazen Ghannam) [Orabug: 36092305] - x86/amd_nb: Unexport amd_cache_northbridges() (Muralidhara M K) [Orabug: 36092305] - EDAC/amd64: Add new register offset support and related changes (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Set memory type per DIMM (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Add support for family 19h, models 50h-5fh (Marc Bevand) [Orabug: 36092305] - EDAC/amd64: Add context struct (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Allow for DF Indirect Broadcast reads (Yazen Ghannam) [Orabug: 36092305] - x86/amd_nb, EDAC/amd64: Move DF Indirect Read to AMD64 EDAC (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Issue probing messages only on properly detected hardware (Borislav Petkov) [Orabug: 36092305] - EDAC/amd64: Tone down messages about missing PCI IDs (Yazen Ghannam) [Orabug: 36092305] - EDAC/amd64: Do not load on family 0x15, model 0x13 (Borislav Petkov) [Orabug: 36092305] - EDAC/amd64: Remove redundant assignment to variable ret in hw_info_get() (Colin Ian King) [Orabug: 36092305] - crypto: ccp - Add support for PCI device 0x156E (John Allen) [Orabug: 36092305] - crypto: ccp - Add support for PCI device 0x17E0 (Mario Limonciello) [Orabug: 36092305] - crypto: ccp - Provide MMIO register naming for documenation (Tom Lendacky) [Orabug: 36092305] - crypto: ccp - Add support for TEE for PCI ID 0x14CA (Mario Limonciello) [Orabug: 36092305] - x86/amd_nb: Add PCI IDs for AMD Family 1Ah-based models (Avadhut Naik) [Orabug: 36092305] - x86/amd_nb: Re-sort and re-indent PCI defines (Borislav Petkov (AMD)) [Orabug: 36092305] - x86/amd_nb: Add MI200 PCI IDs (Yazen Ghannam) [Orabug: 36092305] - x86/amd_nb: Add PCI ID for family 19h model 78h (Mario Limonciello) [Orabug: 36092305] - x86/amd_nb: Add AMD PCI IDs for SMN communication (Mario Limonciello) [Orabug: 36092305] - hwmon: (k10temp) Add thermal support for AMD Family 1Ah-based models (Avadhut Naik) [Orabug: 36092305] - hwmon: (k10temp) Add PCI ID for family 19, model 78h (Mario Limonciello) [Orabug: 36092305] - hwmon: (k10temp): Add support for new family 17h and 19h models (Mario Limonciello) [Orabug: 36092305] - uek-rpm: Update the x86 kABI files for new symbol (Yifei Liu) [Orabug: 36090182] - audit: Apply special optimizations (Hakon Bugge) [Orabug: 36089817] - audit: Vary struct audit_entry alignment (Hakon Bugge) [Orabug: 36089817] - eth: bnxt: handle invalid Tx completions more gracefully (Jakub Kicinski) [Orabug: 36075755] - tcp: Tunables for TCP delayed ack (min and max) timers (Venkat Venkatsubra) [Orabug: 35875891] - tcp: fix ambiguity for SACKed TLP retransmits with RTT < min_rtt (Neal Cardwell) [Orabug: 35875891] - Add basic Emerald Rapids support to UEK6 (Henry Willard) [Orabug: 35063919] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-4244 CVE-2023-45863 CVE-2023-25775 CVE-2022-29900 CVE-2022-29901 cpe:/a:oracle:linux:8::UEKR6 Oracle Linux 7 [7.4p1-23.0.3] - add KEX_INITIAL flag [Orabug: 36160445] - implement 'strict key exchange' [CVE-2023-48795][Orabug: 36160445] MODERATE Copyright 2024 Oracle, Inc. CVE-2023-48795 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ovs3 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ovs3 cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ovs3 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ol7 Oracle Linux 7 [7.4p1-23.0.3] - add KEX_INITIAL flag [Orabug: 36160445] - implement 'strict key exchange' [CVE-2023-48795][Orabug: 36160445] MODERATE Copyright 2024 Oracle, Inc. CVE-2023-48795 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ovs3 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ovs3 cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ovs3 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ol7 Oracle Linux 8 Oracle Linux 9 [5.15.0-203.146.5.1] - Revert 'selftests/bpf: Test tail call counting with bpf2bpf and data on stack' (Samasth Norway Ananda) [Orabug: 36277693] - Revert 'tcp: fix excessive TLP and RACK timeouts from HZ rounding' (Sherry Yang) [Orabug: 36277684] [5.15.0-203.146.5] - i2c: core: Fix atomic xfer check for non-preempt config (Benjamin Bara) - keys, dns: Fix missing size check of V1 server-list header (Edward Adam Davis) - wifi: iwlwifi: pcie: don't synchronize IRQs from IRQ (Johannes Berg) - tracing/kprobes: Fix symbol counting logic by looking at modules as well (Andrii Nakryiko) [5.15.0-203.146.4] - rds: Handle pages in use when purging an RDS Message (Hakon Bugge) [Orabug: 36054361] - rds: ib: Consolidate per-cpu free list for siblings (Hakon Bugge) [Orabug: 35904643] - rds: ib: Make sure per-cpu recv cache structure is cache-line aligned (Hakon Bugge) [Orabug: 35904643] - sched/fair: Fix tg->load when offlining a CPU (Vincent Guittot) [Orabug: 36185206] [5.15.0-203.146.3] - thermal/of: Initialize trip points separately (Daniel Lezcano) [Orabug: 36178522] - thermal/of: Use thermal trips stored in the thermal zone (Daniel Lezcano) [Orabug: 36178522] - uek-container: strip symbols from vmlinux (Boris Ostrovsky) [Orabug: 36170888] - KSPLICE: make sure the stack is zeroed. (Gregory Herrero) [Orabug: 36155235] - nvme-tcp: don't access released socket during error recovery (Akinobu Mita) [Orabug: 36127728] - vhost-vdpa: fix use after free in vhost_vdpa_probe() (Dan Carpenter) [Orabug: 36072714] - vdpa_sim_blk: allocate the buffer zeroed (Stefano Garzarella) [Orabug: 36072714] - vdpa_sim: implement .reset_map support (Si-Wei Liu) [Orabug: 36072714] - vdpa/mlx5: implement .reset_map driver op (Si-Wei Liu) [Orabug: 36072714] - vhost-vdpa: clean iotlb map during reset for older userspace (Si-Wei Liu) [Orabug: 36072714] - vdpa: introduce .compat_reset operation callback (Si-Wei Liu) [Orabug: 36072714] - vhost-vdpa: introduce IOTLB_PERSIST backend feature bit (Si-Wei Liu) [Orabug: 36072714] - vhost-vdpa: reset vendor specific mapping to initial state in .release (Si-Wei Liu) [Orabug: 36072714] - vdpa: introduce .reset_map operation callback (Si-Wei Liu) [Orabug: 36072714] - vdpa: Update sysfs ABI documentation (Shawn.Shao) [Orabug: 36072714] - mlx5_vdpa: offer VHOST_BACKEND_F_ENABLE_AFTER_DRIVER_OK (Eugenio Perez) [Orabug: 36072714] - vdpa/mlx5: Update cvq iotlb mapping on ASID change (Dragos Tatulea) [Orabug: 36072714] - vdpa/mlx5: Make iotlb helper functions more generic (Dragos Tatulea) [Orabug: 36072714] - vdpa/mlx5: Enable hw support for vq descriptor mapping (Dragos Tatulea) [Orabug: 36072714] - vdpa/mlx5: Expose descriptor group mkey hw capability (Dragos Tatulea) [Orabug: 36072714] - vdpa/mlx5: Introduce mr for vq descriptor (Dragos Tatulea) [Orabug: 36072714] - vdpa/mlx5: Improve mr update flow (Dragos Tatulea) [Orabug: 36072714] - vdpa/mlx5: Move mr mutex out of mr struct (Dragos Tatulea) [Orabug: 36072714] - vdpa/mlx5: Allow creation/deletion of any given mr struct (Dragos Tatulea) [Orabug: 36072714] - vdpa/mlx5: Rename mr destroy functions (Dragos Tatulea) [Orabug: 36072714] - vdpa/mlx5: Collapse 'dvq' mr add/delete functions (Dragos Tatulea) [Orabug: 36072714] - vdpa/mlx5: Take cvq iotlb lock during refresh (Dragos Tatulea) [Orabug: 36072714] - vdpa/mlx5: Decouple cvq iotlb handling from hw mapping code (Dragos Tatulea) [Orabug: 36072714] - vdpa/mlx5: Create helper function for dma mappings (Dragos Tatulea) [Orabug: 36072714] - vhost-vdpa: uAPI to get dedicated descriptor group id (Si-Wei Liu) [Orabug: 36072714] - vhost-vdpa: introduce descriptor group backend feature (Si-Wei Liu) [Orabug: 36072714] - vdpa: introduce dedicated descriptor group for virtqueue (Si-Wei Liu) [Orabug: 36072714] - vdpa/mlx5: Fix firmware error on creation of 1k VQs (Dragos Tatulea) [Orabug: 36072714] - vdpa/mlx5: Fix double release of debugfs entry (Dragos Tatulea) [Orabug: 36072714] - vdpa_sim: offer VHOST_BACKEND_F_ENABLE_AFTER_DRIVER_OK (Eugenio Perez) [Orabug: 36072714] - vdpa: add get_backend_features vdpa operation (Eugenio Perez) [Orabug: 36072714] - vdpa: accept VHOST_BACKEND_F_ENABLE_AFTER_DRIVER_OK backend feature (Eugenio Perez) [Orabug: 36072714] - vdpa: add VHOST_BACKEND_F_ENABLE_AFTER_DRIVER_OK flag (Eugenio Perez) [Orabug: 36072714] - vdpa/mlx5: Remove unused function declarations (Yue Haibing) [Orabug: 36072714] - vdpa/mlx5: Delete control vq iotlb in destroy_mr only when necessary (Eugenio Perez) [Orabug: 36072714] - vdpa/mlx5: Fix mr->initialized semantics (Dragos Tatulea) [Orabug: 36072714] - vdpa/mlx5: Correct default number of queues when MQ is on (Dragos Tatulea) [Orabug: 36072714] - virtio-vdpa: Fix cpumask memory leak in virtio_vdpa_find_vqs() (Gal Pressman) [Orabug: 36072714] - vdpa: Enable strict validation for netlinks ops (Dragos Tatulea) [Orabug: 36072714] - vdpa: Add max vqp attr to vdpa_nl_policy for nlattr length check (Lin Ma) [Orabug: 36072714] - vdpa: Add queue index attr to vdpa_nl_policy for nlattr length check (Lin Ma) [Orabug: 36072714] - vdpa: Add features attr to vdpa_nl_policy for nlattr length check (Lin Ma) [Orabug: 36072714] - virtio-vdpa: Fix unchecked call to NULL set_vq_affinity (Dragos Tatulea) [Orabug: 36072714] - vhost_vdpa: tell vqs about the negotiated (Shannon Nelson) [Orabug: 36072714] - vdpa/mlx5: Fix hang when cvq commands are triggered during device unregister (Dragos Tatulea) [Orabug: 36072714] - vhost: use kzalloc() instead of kmalloc() followed by memset() (Prathu Baronia) [Orabug: 36072714] - vhost_vdpa: fix unmap process in no-batch mode (Cindy Lu) [Orabug: 36072714] - vdpa_sim: move buffer allocation in the devices (Stefano Garzarella) [Orabug: 36072714] - vdpa_sim_blk: add support for discard and write-zeroes (Stefano Garzarella) [Orabug: 36072714] - vdpa_sim_blk: use dev_dbg() to print errors (Stefano Garzarella) [Orabug: 36072714] - vringh: address kdoc warnings (Simon Horman) [Orabug: 36072714] - vdpa: address kdoc warnings (Simon Horman) [Orabug: 36072714] - vdpa_sim: add support for user VA (Stefano Garzarella) [Orabug: 36072714] - vdpa_sim: replace the spinlock with a mutex to protect the state (Stefano Garzarella) [Orabug: 36072714] - vdpa_sim: use kthread worker (Stefano Garzarella) [Orabug: 36072714] - vdpa_sim: make devices agnostic for work management (Stefano Garzarella) [Orabug: 36072714] - vringh: support VA with iotlb (Stefano Garzarella) [Orabug: 36072714] - fix 'direction' argument of iov_iter_{init,bvec}() (Al Viro) [Orabug: 36072714] - vringh: define the stride used for translation (Stefano Garzarella) [Orabug: 36072714] - vringh: replace kmap_atomic() with kmap_local_page() (Stefano Garzarella) [Orabug: 36072714] - vhost-vdpa: use bind_mm/unbind_mm device callbacks (Stefano Garzarella) [Orabug: 36072714] - vdpa: add bind_mm/unbind_mm callbacks (Stefano Garzarella) [Orabug: 36072714] - vringh: fix typos in the vringh_init_* documentation (Stefano Garzarella) [Orabug: 36072714] - virtio-vdpa: Support interrupt affinity spreading mechanism (Xie Yongji) [Orabug: 36072714] - vdpa: Add set/get_vq_affinity callbacks in vdpa_config_ops (Xie Yongji) [Orabug: 36072714] - vdpa/mlx5: Avoid losing link state updates (Eli Cohen) [Orabug: 36072714] - vdpa_sim_net: complete the initialization before register the device (Stefano Garzarella) [Orabug: 36072714] - vdpa/mlx5: Add and remove debugfs in setup/teardown driver (Eli Cohen) [Orabug: 36072714] - vdpa/mlx5: Add RX counters to debugfs (Eli Cohen) [Orabug: 36072714] - vdpa/mlx5: Add debugfs subtree (Eli Cohen) [Orabug: 36072714] - rds: Remove RDS FMR Code (William Kucharski) [Orabug: 35445338] [5.15.0-203.146.2] - LTS version: v5.15.146 (Vijayendra Suman) - bpf: Fix prog_array_map_poke_run map poke update (Jiri Olsa) - device property: Allow const parameter to dev_fwnode() (Andy Shevchenko) - dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata() (Mikulas Patocka) - ring-buffer: Fix slowpath of interrupted event (Steven Rostedt (Google)) - netfilter: nf_tables: skip set commit for deleted/destroyed sets (Pablo Neira Ayuso) - ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() (Namjae Jeon) - ring-buffer: Remove useless update to write_stamp in rb_try_to_discard() (Steven Rostedt (Google)) - tracing: Fix blocked reader of snapshot buffer (Steven Rostedt (Google)) - ring-buffer: Fix wake ups when buffer_percent is set to 100 (Steven Rostedt (Google)) - mm/filemap: avoid buffered read/write race to read inconsistent data (Baokun Li) - Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg (Hyunwoo Kim) - smb: client: fix OOB in smbCalcSize() (Paulo Alcantara) - smb: client: fix OOB in SMB2_query_info_init() (Paulo Alcantara) - iio: imu: adis16475: add spi_device_id table (Nuno Sa) - spi: Introduce spi_get_device_match_data() helper (Andy Shevchenko) - device property: Add const qualifier to device_get_match_data() parameter (Andy Shevchenko) - net: usb: ax88179_178a: avoid failed operations when device is disconnected (Jose Ignacio Tornos Martinez) - net: usb: ax88179_178a: wol optimizations (Justin Chen) - net: usb: ax88179_178a: clean up pm calls (Justin Chen) - usb: fotg210-hcd: delete an incorrect bounds test (Dan Carpenter) - ARM: dts: Fix occasional boot hang for am3 usb (Tony Lindgren) - ksmbd: fix wrong allocation size update in smb2_open() (Namjae Jeon) - ksmbd: avoid duplicate opinfo_put() call on error of smb21_lease_break_ack() (Namjae Jeon) - ksmbd: lazy v2 lease break on smb2_write() (Namjae Jeon) - ksmbd: send v2 lease break notification for directory (Namjae Jeon) - ksmbd: downgrade RWH lease caching state to RH for directory (Namjae Jeon) - ksmbd: set v2 lease capability (Namjae Jeon) - ksmbd: set epoch in create context v2 lease (Namjae Jeon) - ksmbd: have a dependency on cifs ARC4 (Namjae Jeon) - fuse: share lookup state between submount and its parent (Krister Johansen) - x86/alternatives: Sync core before enabling interrupts (Thomas Gleixner) - KVM: arm64: vgic: Force vcpu vgic teardown on vcpu destroy (Marc Zyngier) - lib/vsprintf: Fix %pfwf when current node refcount == 0 (Herve Codina) - gpio: dwapb: mask/unmask IRQ when disable/enale it (xiongxin) - bus: ti-sysc: Flush posted write only after srst_udelay (Tony Lindgren) - tracing / synthetic: Disable events after testing in synth_event_gen_test_init() (Steven Rostedt (Google)) - scsi: core: Always send batch on reset or error handling command (Alexander Atanasov) - dt-bindings: nvmem: mxs-ocotp: Document fsl,ocotp (Fabio Estevam) - net: ks8851: Fix TX stall caused by TX buffer overrun (Ronald Wahl) - net: rfkill: gpio: set GPIO direction (Rouven Czerwinski) - net: 9p: avoid freeing uninit memory in p9pdu_vreadf (Fedor Pchelkin) - Input: soc_button_array - add mapping for airplane mode button (Christoffer Sandberg) - Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE (Xiao Yao) - Bluetooth: L2CAP: Send reject on command corrupted request (Frederic Danis) - Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent (Luiz Augusto von Dentz) - USB: serial: option: add Quectel RM500Q R13 firmware support (Reinhard Speyerer) - USB: serial: option: add Foxconn T99W265 with new baseline (Slark Xiao) - USB: serial: option: add Quectel EG912Y module support (Alper Ak) - USB: serial: ftdi_sio: update Actisense PIDs constant names (Mark Glover) - wifi: cfg80211: fix certs build to not depend on file order (Johannes Berg) - wifi: cfg80211: Add my certificate (Chen-Yu Tsai) - ALSA: usb-audio: Increase delay in MOTU M quirk (Jeremie Knuesel) - iio: triggered-buffer: prevent possible freeing of wrong buffer (David Lechner) - iio: adc: ti_am335x_adc: Fix return value check of tiadc_request_dma() (Wadim Egorov) - iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table (Javier Carrasco) - scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() (Wei Yongjun) - Input: ipaq-micro-keys - add error handling for devm_kmemdup (Haoran Liu) - iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw (Su Hui) - interconnect: Treat xlate() returning NULL node as an error (Mike Tipton) - smb: client: fix OOB in smb2_query_reparse_point() (Paulo Alcantara) - smb: client: fix NULL deref in asn1_ber_decoder() (Paulo Alcantara) - drm/i915: Fix intel_atomic_setup_scalers() plane_state handling (Ville Syrjala) - drm/i915: Relocate intel_atomic_setup_scalers() (Ville Syrjala) - drm/i915/mtl: limit second scaler vertical scaling in ver >= 14 (Luca Coelho) - ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE (Namjae Jeon) - gpiolib: cdev: add gpio_device locking wrapper around gpio_ioctl() (Kent Gibson) - pinctrl: at91-pio4: use dedicated lock class for IRQ (Alexis Lothore) - i2c: aspeed: Handle the coalesced stop conditions with the start conditions. (Quan Nguyen) - ASoC: hdmi-codec: fix missing report for jack initial status (Jerome Brunet) - afs: Fix use-after-free due to get/remove race in volume tree (David Howells) - afs: Use refcount_t rather than atomic_t (David Howells) - afs: Fix overwriting of result of DNS query (David Howells) - keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry (David Howells) - net: check dev->gso_max_size in gso_features_check() (Eric Dumazet) - afs: Fix dynamic root lookup DNS check (David Howells) - afs: Fix the dynamic root's d_delete to always delete unused dentries (David Howells) - net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev() (Liu Jian) - net: mana: select PAGE_POOL (Yury Norov) - net/rose: fix races in rose_kill_by_device() (Eric Dumazet) - ethernet: atheros: fix a memleak in atl1e_setup_ring_resources (Zhipeng Lu) - net: sched: ife: fix potential use-after-free (Eric Dumazet) - net/mlx5e: Correct snprintf truncation handling for fw_version buffer used by representors (Rahul Rameshbabu) - net/mlx5: Fix fw tracer first block check (Moshe Shemesh) - net/mlx5e: fix a potential double-free in fs_udp_create_groups (Dinghao Liu) - net/mlx5e: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list() (Shifeng Li) - Revert 'net/mlx5e: fix double free of encap_header' (Vlad Buslov) - Revert 'net/mlx5e: fix double free of encap_header in update funcs' (Vlad Buslov) - wifi: mac80211: mesh_plink: fix matches_local logic (Johannes Berg) - wifi: iwlwifi: pcie: add another missing bh-disable for rxq->lock (Johannes Berg) - s390/vx: fix save/restore of fpu kernel context (Heiko Carstens) - reset: Fix crash when freeing non-existent optional resets (Geert Uytterhoeven) - ARM: OMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init (Kunwu Chan) - LTS version: v5.15.145 (Vijayendra Suman) - kasan: disable kasan_non_canonical_hook() for HW tags (Arnd Bergmann) - tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols (Francis Laniel) - Revert 'drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers' (Amit Pundir) - Revert 'drm/bridge: lt9611uxc: Register and attach our DSI device at probe' (Amit Pundir) - Revert 'drm/bridge: lt9611uxc: fix the race in the error path' (Amit Pundir) - ksmbd: don't update ->op_state as OPLOCK_STATE_NONE on error (Namjae Jeon) - ksmbd: move setting SMB2_FLAGS_ASYNC_COMMAND and AsyncId (Namjae Jeon) - ksmbd: release interim response after sending status pending response (Namjae Jeon) - ksmbd: move oplock handling after unlock parent dir (Namjae Jeon) - ksmbd: separately allocate ci per dentry (Namjae Jeon) - ksmbd: fix possible deadlock in smb2_open (Namjae Jeon) - ksmbd: prevent memory leak on error return (Zongmin Zhou) - ksmbd: handle malformed smb1 message (Namjae Jeon) - ksmbd: fix kernel-doc comment of ksmbd_vfs_kern_path_locked() (Namjae Jeon) - ksmbd: no need to wait for binded connection termination at logoff (Namjae Jeon) - ksmbd: add support for surrogate pair conversion (Namjae Jeon) - ksmbd: fix missing RDMA-capable flag for IPoIB device in ksmbd_rdma_capable_netdev() (Kangjing Huang) - ksmbd: fix recursive locking in vfs helpers (Marios Makassikis) - ksmbd: fix kernel-doc comment of ksmbd_vfs_setxattr() (Namjae Jeon) - ksmbd: reorganize ksmbd_iov_pin_rsp() (Namjae Jeon) - ksmbd: Remove unused field in ksmbd_user struct (Cheng-Han Wu) - ksmbd: fix potential double free on smb2_read_pipe() error path (Namjae Jeon) - ksmbd: fix Null pointer dereferences in ksmbd_update_fstate() (Namjae Jeon) - ksmbd: fix wrong error response status by using set_smb2_rsp_status() (Namjae Jeon) - ksmbd: fix race condition between tree conn lookup and disconnect (Namjae Jeon) - ksmbd: fix race condition from parallel smb2 lock requests (Namjae Jeon) - ksmbd: fix race condition from parallel smb2 logoff requests (Namjae Jeon) - ksmbd: fix race condition with fp (Namjae Jeon) - ksmbd: fix race condition between session lookup and expire (Namjae Jeon) - ksmbd: check iov vector index in ksmbd_conn_write() (Namjae Jeon) - ksmbd: return invalid parameter error response if smb2 request is invalid (Namjae Jeon) - ksmbd: fix passing freed memory 'aux_payload_buf' (Namjae Jeon) - ksmbd: remove unneeded mark_inode_dirty in set_info_sec() (Namjae Jeon) - ksmbd: remove experimental warning (Steve French) - ksmbd: add missing calling smb2_set_err_rsp() on error (Namjae Jeon) - ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob() (Namjae Jeon) - ksmbd: Fix one kernel-doc comment (Yang Li) - ksmbd: reduce descriptor size if remaining bytes is less than request size (Namjae Jeon) - ksmbd: fix force create mode' and force directory mode' (Atte Heikkila) - ksmbd: fix wrong interim response on compound (Namjae Jeon) - ksmbd: add support for read compound (Namjae Jeon) - ksmbd: switch to use kmemdup_nul() helper (Yang Yingliang) - ksmbd: fix out of bounds in init_smb2_rsp_hdr() (Namjae Jeon) - ksmbd: validate session id and tree id in compound request (Namjae Jeon) - ksmbd: check if a mount point is crossed during path lookup (Namjae Jeon) - ksmbd: Fix unsigned expression compared with zero (Wang Ming) - ksmbd: Replace one-element array with flexible-array member (Gustavo A. R. Silva) - ksmbd: Use struct_size() helper in ksmbd_negotiate_smb_dialect() (Gustavo A. R. Silva) - ksmbd: add missing compound request handing in some commands (Namjae Jeon) - ksmbd: fix out of bounds read in smb2_sess_setup (Namjae Jeon) - ksmbd: Replace the ternary conditional operator with min() (Lu Hongfei) - ksmbd: use kvzalloc instead of kvmalloc (Namjae Jeon) - ksmbd: Change the return value of ksmbd_vfs_query_maximal_access to void (Lu Hongfei) - ksmbd: return a literal instead of 'err' in ksmbd_vfs_kern_path_locked() (Namjae Jeon) - ksmbd: use kzalloc() instead of __GFP_ZERO (Namjae Jeon) - ksmbd: remove unused ksmbd_tree_conn_share function (Namjae Jeon) - ksmbd: add mnt_want_write to ksmbd vfs functions (Namjae Jeon) - ksmbd: validate smb request protocol id (Namjae Jeon) - ksmbd: check the validation of pdu_size in ksmbd_conn_handler_loop (Namjae Jeon) - ksmbd: fix posix_acls and acls dereferencing possible ERR_PTR() (Namjae Jeon) - ksmbd: fix out-of-bound read in parse_lease_state() (Namjae Jeon) - ksmbd: fix out-of-bound read in deassemble_neg_contexts() (Namjae Jeon) - ksmbd: call putname after using the last component (Namjae Jeon) - ksmbd: fix UAF issue from opinfo->conn (Namjae Jeon) - ksmbd: fix multiple out-of-bounds read during context decoding (Kuan-Ting Chen) - ksmbd: fix uninitialized pointer read in smb2_create_link() (Namjae Jeon) - ksmbd: fix uninitialized pointer read in ksmbd_vfs_rename() (Namjae Jeon) - ksmbd: fix racy issue under cocurrent smb2 tree disconnect (Namjae Jeon) - ksmbd: fix racy issue from smb2 close and logoff with multichannel (Namjae Jeon) - ksmbd: block asynchronous requests when making a delay on session setup (Namjae Jeon) - ksmbd: destroy expired sessions (Namjae Jeon) - ksmbd: fix racy issue from session setup and logoff (Namjae Jeon) - ksmbd: fix racy issue from using ->d_parent and ->d_name (Namjae Jeon) - fs: introduce lock_rename_child() helper (Al Viro) - ksmbd: remove unused compression negotiate ctx packing (David Disseldorp) - ksmbd: avoid duplicate negotiate ctx offset increments (David Disseldorp) - ksmbd: set NegotiateContextCount once instead of every inc (David Disseldorp) - ksmbd: avoid out of bounds access in decode_preauth_ctxt() (David Disseldorp) - ksmbd: fix slab-out-of-bounds in init_smb2_rsp_hdr (Namjae Jeon) - ksmbd: delete asynchronous work from list (Namjae Jeon) - ksmbd: remove unused is_char_allowed function (Tom Rix) - ksmbd: fix wrong signingkey creation when encryption is AES256 (Namjae Jeon) - ksmbd: fix possible memory leak in smb2_lock() (Hangyu Hua) - ksmbd: Fix parameter name and comment mismatch (Jiapeng Chong) - ksmbd: Fix spelling mistake 'excceed' -> 'exceeded' (Colin Ian King) - ksmbd: update Kconfig to note Kerberos support and fix indentation (Steve French) - ksmbd: Remove duplicated codes (Dawei Li) - ksmbd: fix typo, syncronous->synchronous (Dawei Li) - ksmbd: Implements sess->rpc_handle_list as xarray (Dawei Li) - ksmbd: Implements sess->ksmbd_chann_list as xarray (Dawei Li) - ksmbd: send proper error response in smb2_tree_connect() (Marios Makassikis) - ksmbd: Convert to use sysfs_emit()/sysfs_emit_at() APIs (ye xingchen) - ksmbd: Fix resource leak in smb2_lock() (Marios Makassikis) - ksmbd: use F_SETLK when unlocking a file (Jeff Layton) - ksmbd: set SMB2_SESSION_FLAG_ENCRYPT_DATA when enforcing data encryption for this share (Namjae Jeon) - ksmbd: replace one-element arrays with flexible-array members (Gustavo A. R. Silva) - ksmbd: validate share name from share config response (Atte Heikkila) - ksmbd: call ib_drain_qp when disconnected (Namjae Jeon) - ksmbd: make utf-8 file name comparison work in __caseless_lookup() (Atte Heikkila) - ksmbd: hide socket error message when ipv6 config is disable (Namjae Jeon) - ksmbd: reduce server smbdirect max send/receive segment sizes (Tom Talpey) - ksmbd: decrease the number of SMB3 smbdirect server SGEs (Tom Talpey) - ksmbd: set NTLMSSP_NEGOTIATE_SEAL flag to challenge blob (Namjae Jeon) - ksmbd: fix encryption failure issue for session logoff response (Namjae Jeon) - ksmbd: fill sids in SMB_FIND_FILE_POSIX_INFO response (Namjae Jeon) - ksmbd: set file permission mode to match Samba server posix extension behavior (Namjae Jeon) - ksmbd: change security id to the one samba used for posix extension (Namjae Jeon) - ksmbd: casefold utf-8 share names and fix ascii lowercase conversion (Atte Heikkila) - ksmbd: remove generic_fillattr use in smb2_open() (Namjae Jeon) - ksmbd: constify struct path (Al Viro) - ksmbd: don't open-code %pD (Al Viro) - ksmbd: don't open-code file_path() (Al Viro) - ksmbd: remove unnecessary generic_fillattr in smb2_open (Hyunchul Lee) - ksmbd: request update to stale share config (Atte Heikkila) - ksmbd: use wait_event instead of schedule_timeout() (Namjae Jeon) - ksmbd: remove unused ksmbd_share_configs_cleanup function (Namjae Jeon) - ksmbd: remove duplicate flag set in smb2_write (Hyunchul Lee) - ksmbd: smbd: Remove useless license text when SPDX-License-Identifier is already used (Christophe JAILLET) - ksmbd: smbd: relax the count of sges required (Hyunchul Lee) - ksmbd: smbd: fix connection dropped issue (Hyunchul Lee) - ksmbd: Fix some kernel-doc comments (Yang Li) - ksmbd: fix wrong smbd max read/write size check (Namjae Jeon) - ksmbd: smbd: handle multiple Buffer descriptors (Hyunchul Lee) - ksmbd: smbd: change the return value of get_sg_list (Hyunchul Lee) - ksmbd: smbd: simplify tracking pending packets (Hyunchul Lee) - ksmbd: smbd: introduce read/write credits for RDMA read/write (Hyunchul Lee) - ksmbd: smbd: change prototypes of RDMA read/write related functions (Hyunchul Lee) - ksmbd: validate length in smb2_write() (Namjae Jeon) - ksmbd: remove filename in ksmbd_file (Namjae Jeon) - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common (Steve French) - ksmbd: replace usage of found with dedicated list iterator variable (Jakob Koschel) - ksmbd: Remove a redundant zeroing of memory (Christophe JAILLET) - ksmbd: shorten experimental warning on loading the module (Steve French) - ksmbd: store fids as opaque u64 integers (Paulo Alcantara (SUSE)) - ksmbd: use netif_is_bridge_port (Tobias Klauser) - ksmbd: add support for key exchange (Namjae Jeon) - ksmbd: smbd: validate buffer descriptor structures (Hyunchul Lee) - ksmbd: smbd: fix missing client's memory region invalidation (Hyunchul Lee) - ksmbd: add smb-direct shutdown (Namjae Jeon) - ksmbd: smbd: change the default maximum read/write, receive size (Hyunchul Lee) - ksmbd: smbd: create MR pool (Hyunchul Lee) - ksmbd: smbd: call rdma_accept() under CM handler (Hyunchul Lee) - ksmbd: set 445 port to smbdirect port by default (Namjae Jeon) - ksmbd: register ksmbd ib client with ib_register_client() (Hyunchul Lee) - ksmbd: Fix smb2_get_name() kernel-doc comment (Yang Li) - ksmbd: Delete an invalid argument description in smb2_populate_readdir_entry() (Yang Li) - ksmbd: Fix smb2_set_info_file() kernel-doc comment (Yang Li) - ksmbd: Fix buffer_check_err() kernel-doc comment (Yang Li) - ksmbd: set both ipv4 and ipv6 in FSCTL_QUERY_NETWORK_INTERFACE_INFO (Namjae Jeon) - ksmbd: Remove unused fields from ksmbd_file struct definition (Marios Makassikis) - ksmbd: Remove unused parameter from smb2_get_name() (Marios Makassikis) - ksmbd: use oid registry functions to decode OIDs (Hyunchul Lee) - ksmbd: change LeaseKey data type to u8 array (Namjae Jeon) - ksmbd: remove smb2_buf_length in smb2_transform_hdr (Namjae Jeon) - ksmbd: remove smb2_buf_length in smb2_hdr (Namjae Jeon) - ksmbd: remove md4 leftovers (Namjae Jeon) - ksmbd: Remove redundant 'flush_workqueue()' calls (Christophe JAILLET) - ksmdb: use cmd helper variable in smb2_get_ksmbd_tcon() (Ralph Boehme) - LTS version: v5.15.144 (Vijayendra Suman) - r8152: fix the autosuspend doesn't work (Hayes Wang) - r8152: remove rtl_vendor_mode function (Hayes Wang) - r8152: avoid to change cfg for all devices (Hayes Wang) - powerpc/ftrace: Fix stack teardown in ftrace_no_trace (Naveen N Rao) - powerpc/ftrace: Create a dummy stackframe to fix stack unwind (Naveen N Rao) - RDMA/irdma: Prevent zero-length STAG registration (Christopher Bednarz) [Orabug: 36155612] {CVE-2023-25775} - USB: gadget: core: adjust uevent timing on gadget unbind (Roy Luo) - ring-buffer: Do not try to put back write_stamp (Steven Rostedt (Google)) - ring-buffer: Fix a race in rb_time_cmpxchg() for 32 bit archs (Steven Rostedt (Google)) - ring-buffer: Fix writing to the buffer with max_data_size (Steven Rostedt (Google)) - ring-buffer: Have saved event hold the entire event (Steven Rostedt (Google)) - ring-buffer: Do not update before stamp when switching sub-buffers (Steven Rostedt (Google)) - tracing: Update snapshot buffer on resize if it is allocated (Steven Rostedt (Google)) - ring-buffer: Fix memory leak of free page (Steven Rostedt (Google)) - drm/amdgpu/sdma5.2: add begin/end_use ring callbacks (Alex Deucher) - team: Fix use-after-free when an option instance allocation fails (Florent Revest) - arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify (James Houghton) - ext4: prevent the normalized size from exceeding EXT_MAX_BLOCKS (Baokun Li) - soundwire: stream: fix NULL pointer dereference for multi_link (Krzysztof Kozlowski) - btrfs: do not allow non subvolume root targets for snapshot (Josef Bacik) - HID: hid-asus: add const to read-only outgoing usb buffer (Denis Benato) - net: usb: qmi_wwan: claim interface 4 for ZTE MF290 (Lech Perczak) - asm-generic: qspinlock: fix queued_spin_value_unlocked() implementation (Linus Torvalds) - HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad (Aoba K) - HID: hid-asus: reset the backlight brightness level on resume (Denis Benato) - HID: add ALWAYS_POLL quirk for Apple kb (Oliver Neukum) - HID: glorious: fix Glorious Model I HID report (Brett Raye) - platform/x86: intel_telemetry: Fix kernel doc descriptions (Andy Shevchenko) - bcache: avoid NULL checking to c->root in run_cache_set() (Coly Li) - bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() (Coly Li) - bcache: remove redundant assignment to variable cur_idx (Colin Ian King) - bcache: avoid oversize memory allocation by small stripe_size (Coly Li) - blk-cgroup: bypass blkcg_deactivate_policy after destroying (Ming Lei) - blk-throttle: fix lockdep warning of 'cgroup_mutex or RCU read lock required!' (Ming Lei) - stmmac: dwmac-loongson: Add architecture dependency (Jean Delvare) - usb: aqc111: check packet for fixup for true limit (Oliver Neukum) - drm/mediatek: Add spinlock for setting vblank event in atomic_begin (Jason-JH.Lin) - PCI: loongson: Limit MRRS to 256 (Jiaxun Yang) - ALSA: hda/realtek: Apply mute LED quirk for HP15-db (Hartmut Knaack) - ALSA: hda/hdmi: add force-connect quirks for ASUSTeK Z170 variants (Kai Vehmanen) - ALSA: hda/hdmi: add force-connect quirk for NUC5CPYB (Kai Vehmanen) - fuse: dax: set fc->dax to NULL in fuse_dax_conn_free() (Hangyu Hua) - net: atlantic: fix double free in ring reinit logic (Igor Russkikh) - appletalk: Fix Use-After-Free in atalk_ioctl (Hyunwoo Kim) - net: stmmac: Handle disabled MDIO busses from devicetree (Andrew Halaney) - net: stmmac: use dev_err_probe() for reporting mdio bus registration failure (Rasmus Villemoes) - dpaa2-switch: fix size of the dma_unmap (Ioana Ciornei) - vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space() (Nikolay Kuratov) - sign-file: Fix incorrect return values check (Yusong Gao) - stmmac: dwmac-loongson: Make sure MDIO is initialized before use (Yanteng Si) - net: ena: Fix XDP redirection error (David Arinzon) - net: ena: Fix xdp drops handling due to multibuf packets (David Arinzon) - net: ena: Destroy correct number of xdp queues upon failure (David Arinzon) - net: Remove acked SYN flag from packet in the transmit queue correctly (Dong Chenchen) - qed: Fix a potential use-after-free in qed_cxt_tables_alloc (Dinghao Liu) - net/rose: Fix Use-After-Free in rose_ioctl (Hyunwoo Kim) - atm: Fix Use-After-Free in do_vcc_ioctl (Hyunwoo Kim) - octeontx2-af: Update RSS algorithm index (Hariprasad Kelam) - octeontx2-pf: Fix promisc mcam entry action (Hariprasad Kelam) - octeontx2-af: fix a use-after-free in rvu_nix_register_reporters (Zhipeng Lu) - net: fec: correct queue selection (Radu Bulie) - net: vlan: introduce skb_vlan_eth_hdr() (Vladimir Oltean) - atm: solos-pci: Fix potential deadlock on &tx_queue_lock (Chengfeng Ye) - atm: solos-pci: Fix potential deadlock on &cli_queue_lock (Chengfeng Ye) - qca_spi: Fix reset behavior (Stefan Wahren) - qca_debug: Fix ethtool -G iface tx behavior (Stefan Wahren) - qca_debug: Prevent crash on TX ring changes (Stefan Wahren) - HID: lenovo: Restrict detection of patched firmware only to USB cptkbd (Mikhail Khvainitski) - afs: Fix refcount underflow from error handling race (David Howells) - ksmbd: fix memory leak in smb2_lock() (Zizhi Wo) - MIPS: Loongson64: Handle more memory types passed from firmware (Jiaxun Yang) - memblock: allow to specify flags with memblock_add_node() (David Hildenbrand) - mm/memory_hotplug: handle memblock_add_node() failures in add_memory_resource() (David Hildenbrand) - netfilter: nf_tables: fix 'exist' matching on bigendian arches (Florian Westphal) - r8152: add vendor/device ID pair for ASUS USB-C2500 (Kelly Kane) - r8152: add vendor/device ID pair for D-Link DUB-E250 (Antonio Napolitano) - r8152: add USB device driver for config selection (Bjorn Mork) - LTS version: v5.15.143 (Jack Vogel) - devcoredump: Send uevent once devcd is ready (Mukesh Ojha) - devcoredump : Serialize devcd_del work (Mukesh Ojha) - smb: client: fix potential NULL deref in parse_dfs_referrals() (Paulo Alcantara) - cifs: Fix non-availability of dedup breaking generic/304 (David Howells) - Revert 'btrfs: add dmesg output for first mount and last unmount of a filesystem' (Greg Kroah-Hartman) - MIPS: Loongson64: Enable DMA noncoherent support (Jiaxun Yang) - MIPS: Loongson64: Reserve vgabios memory on boot (Jiaxun Yang) - KVM: SVM: Update EFER software model on CR0 trap for SEV-ES (Sean Christopherson) - KVM: s390/mm: Properly reset no-dat (Claudio Imbrenda) - x86/CPU/AMD: Check vendor in the AMD microcode callback (Borislav Petkov (AMD)) - serial: 8250_omap: Add earlycon support for the AM654 UART controller (Ronald Wahl) - serial: 8250: 8250_omap: Do not start RX DMA on THRI interrupt (Ronald Wahl) - serial: 8250: 8250_omap: Clear UART_HAS_RHR_IT_DIS bit (Ronald Wahl) - serial: sc16is7xx: address RX timeout interrupt errata (Daniel Mack) - ARM: PL011: Fix DMA support (Arnd Bergmann) - usb: typec: class: fix typec_altmode_put_partner to put plugs (RD Babiera) - Revert 'xhci: Loosen RPM as default policy to cover for AMD xHC 1.1' (Mathias Nyman) - parport: Add support for Brainboxes IX/UC/PX parallel cards (Cameron Williams) - usb: gadget: f_hid: fix report descriptor allocation (Konstantin Aladyshev) - drm/amdgpu: correct the amdgpu runtime dereference usage count (Prike Liang) - drm/amd/amdgpu: Fix warnings in amdgpu/amdgpu_display.c (Srinivasan Shanmugam) - gpiolib: sysfs: Fix error handling on failed export (Boerge Struempfel) - arm64: dts: mt8183: kukui: Fix underscores in node names (Hsin-Yi Wang) - arm64: dts: mediatek: add missing space before { (Krzysztof Kozlowski) - arm64: dts: mediatek: mt8183: Move thermal-zones to the root node (AngeloGioacchino Del Regno) - arm64: dts: mediatek: align thermal zone node names with dtschema (Krzysztof Kozlowski) - tools headers UAPI: Sync linux/perf_event.h with the kernel sources (Namhyung Kim) - docs/process/howto: Replace C89 with C11 (Akira Yokosawa) - platform/x86: asus-wmi: Fix kbd_dock_devid tablet-switch reporting (Hans de Goede) - netfilter: nft_set_pipapo: skip inactive elements during set walk (Florian Westphal) - io_uring/af_unix: disable sending io_uring over sockets (Pavel Begunkov) - mm: fix oops when filemap_map_pmd() without prealloc_pte (Hugh Dickins) - r8169: fix rtl8125b PAUSE frames blasting when suspended (ChunHao Lin) - tracing: Stop current tracer when resizing buffer (Steven Rostedt (Google)) - tracing: Set actual size after ring buffer resize (Zheng Yejian) - ring-buffer: Force absolute timestamp on discard of event (Steven Rostedt (Google)) - misc: mei: client.c: fix problem of return '-EOVERFLOW' in mei_cl_write (Su Hui) - misc: mei: client.c: return negative error code in mei_cl_write (Su Hui) - coresight: etm4x: Remove bogous __exit annotation for some functions (Uwe Kleine-Konig) - coresight: etm4x: Make etm4_remove_dev() return void (Uwe Kleine-Konig) - kallsyms: Make kallsyms_on_each_symbol generally available (Jiri Olsa) - binder: fix memory leaks of spam and pending work (Carlos Llamas) - arm64: dts: mediatek: mt8183: Fix unit address for scp reserved memory (AngeloGioacchino Del Regno) - arm64: dts: mediatek: mt8173-evb: Fix regulator-fixed node names (AngeloGioacchino Del Regno) - arm64: dts: mediatek: mt8183-kukui-jacuzzi: fix dsi unnecessary cells properties (Eugen Hristev) - arm64: dts: mediatek: mt7622: fix memory node warning check (Eugen Hristev) - platform/surface: aggregator: fix recv_buf() return value (Francesco Dolcini) - regmap: fix bogus error on regcache_sync success (Matthias Reichl) - packet: Move reference count in packet_sock to atomic_long_t (Daniel Borkmann) - tracing: Fix a possible race when disabling buffered events (Petr Pavlu) - tracing: Fix incomplete locking when disabling buffered events (Petr Pavlu) - tracing: Disable snapshot buffer when stopping instance tracers (Steven Rostedt (Google)) - tracing: Always update snapshot buffer size (Steven Rostedt (Google)) - checkstack: fix printed address (Heiko Carstens) - nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage() (Ryusuke Konishi) - nilfs2: fix missing error check for sb_set_blocksize call (Ryusuke Konishi) - ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5 (Bin Li) - ALSA: pcm: fix out-of-bounds in snd_pcm_state_names (Jason Zhang) - ALSA: usb-audio: Add Pioneer DJM-450 mixer controls (Sarah Grant) - io_uring: fix mutex_unlock with unreferenced ctx (Pavel Begunkov) - nvme-pci: Add sleep quirk for Kingston drives (Georg Gottleuber) - kprobes: consistent rcu api usage for kretprobe holder (JP Kobryn) - md: don't leave 'MD_RECOVERY_FROZEN' in error path of md_set_readonly() (Yu Kuai) - md: introduce md_ro_state (Ye Bin) - riscv: fix misaligned access handling of C.SWSP and C.SDSP (Clement Leger) - ARM: dts: imx28-xea: Pass the 'model' property (Fabio Estevam) - ARM: dts: imx7: Declare timers compatible with fsl,imx6dl-gpt (Philipp Zabel) - ARM: imx: Check return value of devm_kasprintf in imx_mmdc_perf_init (Kunwu Chan) - scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() (Dinghao Liu) - tracing: Fix a warning when allocating buffered events fails (Petr Pavlu) - ARM: dts: imx6ul-pico: Describe the Ethernet PHY clock (Fabio Estevam) - arm64: dts: imx8mp: imx8mq: Add parkmode-disable-ss-quirk on DWC3 (Nathan Rossi) - arm64: dts: imx8mq: drop usb3-resume-missing-cas from usb (Peng Fan) - RDMA/irdma: Avoid free the non-cqp_request scratch (Shifeng Li) - RDMA/core: Fix umem iterator when PAGE_SIZE is greater then HCA pgsz (Mike Marciniszyn) - ASoC: wm_adsp: fix memleak in wm_adsp_buffer_populate (Dinghao Liu) - hwmon: (nzxt-kraken2) Fix error handling path in kraken2_probe() (Christophe JAILLET) - hwmon: (acpi_power_meter) Fix 4.29 MW bug (Armin Wolf) - RDMA/bnxt_re: Correct module description string (Kalesh AP) - RDMA/rtrs-clt: Remove the warnings for req in_use check (Jack Wang) - RDMA/rtrs-clt: Fix the max_send_wr setting (Jack Wang) - RDMA/rtrs-srv: Destroy path files after making sure no IOs in-flight (Md Haris Iqbal) - RDMA/rtrs-srv: Free srv_mr iu only when always_invalidate is true (Md Haris Iqbal) - RDMA/rtrs-srv: Check return values while processing info request (Md Haris Iqbal) - RDMA/rtrs-clt: Start hb after path_up (Jack Wang) - RDMA/rtrs-srv: Do not unconditionally enable irq (Jack Wang) - arm64: dts: rockchip: Expand reg size of vdec node for RK3399 (Alex Bee) - RDMA/irdma: Add wait for suspend on SQD (Mustafa Ismail) - RDMA/irdma: Do not modify to SQD on error (Mustafa Ismail) - RDMA/hns: Fix unnecessary err return when using invalid congest control algorithm (Junxian Huang) - tee: optee: Fix supplicant based device enumeration (Sumit Garg) - drop_monitor: Require 'CAP_SYS_ADMIN' when joining 'events' group (Ido Schimmel) - net: add missing kdoc for struct genl_multicast_group::flags (Jakub Kicinski) - psample: Require 'CAP_NET_ADMIN' when joining 'packets' group (Ido Schimmel) - bpf: sockmap, updating the sg structure should also update curr (John Fastabend) - tcp: do not accept ACK of bytes we never sent (Eric Dumazet) - netfilter: xt_owner: Fix for unsafe access of sk->sk_socket (Phil Sutter) - netfilter: nf_tables: validate family when identifying table via handle (Pablo Neira Ayuso) - netfilter: nf_tables: bail out on mismatching dynset and set expressions (Pablo Neira Ayuso) [Orabug: 36155544] {CVE-2023-6622} - octeontx2-af: Update Tx link register range (Rahul Bhansali) - net: hns: fix fake link up on xge port (Yonglong Liu) - ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit() (Shigeru Yoshida) - ionic: Fix dim work handling in split interrupt mode (Brett Creeley) - ionic: fix snprintf format length warning (Shannon Nelson) - net: bnxt: fix a potential use-after-free in bnxt_init_tc (Dinghao Liu) - i40e: Fix unexpected MFS warning message (Ivan Vecera) - octeontx2-af: fix a use-after-free in rvu_npa_register_reporters (Zhipeng Lu) - net: stmmac: fix FPE events losing (Jianheng Zhang) - arcnet: restoring support for multiple Sohard Arcnet cards (Thomas Reichinger) - platform/mellanox: Check devm_hwmon_device_register_with_groups() return value (Kunwu Chan) - platform/mellanox: Add null pointer checks for devm_kasprintf() (Kunwu Chan) - mlxbf-bootctl: correctly identify secure boot with development keys (David Thompson) - r8152: Add RTL8152_INACCESSIBLE to r8153_aldps_en() (Douglas Anderson) - r8152: Add RTL8152_INACCESSIBLE to r8153_pre_firmware_1() (Douglas Anderson) - r8152: Add RTL8152_INACCESSIBLE to r8156b_wait_loading_flash() (Douglas Anderson) - r8152: Add RTL8152_INACCESSIBLE checks to more loops (Douglas Anderson) - r8152: Rename RTL8152_UNPLUG to RTL8152_INACCESSIBLE (Douglas Anderson) - hv_netvsc: rndis_filter needs to select NLS (Randy Dunlap) - octeontx2-af: Check return value of nix_get_nixlf before using nixlf (Subbaraya Sundeep) - octeontx2-pf: Add missing mutex lock in otx2_get_pauseparam (Subbaraya Sundeep) - ipv6: fix potential NULL deref in fib6_add() (Eric Dumazet) - platform/x86: wmi: Skip blocks with zero instances (Armin Wolf) - platform/x86: wmi: Allow duplicate GUIDs for drivers that use struct wmi_driver (Mario Limonciello) - of: dynamic: Fix of_reconfig_get_state_change() return value documentation (Luca Ceresoli) - platform/x86: asus-wmi: Move i8042 filter install to shared asus-wmi code (Hans de Goede) - platform/x86: asus-wmi: Simplify tablet-mode-switch handling (Hans de Goede) - platform/x86: asus-wmi: Simplify tablet-mode-switch probing (Hans de Goede) - platform/x86: asus-wmi: Add support for ROG X13 tablet mode (Luke D. Jones) - platform/x86: asus-wmi: Adjust tablet/lidflip handling to use enum (Luke D. Jones) - drm/amdgpu: correct chunk_ptr to a pointer to chunk. (YuanShang) - kconfig: fix memory leak from range properties (Masahiro Yamada) - tg3: Increment tx_dropped in tg3_tso_bug() (Alex Pakhunov) - tg3: Move the [rt]x_dropped counters to tg3_napi (Alex Pakhunov) - netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test (Jozsef Kadlecsik) - i2c: designware: Fix corrupted memory seen in the ISR (Jan Bottorff) - vdpa/mlx5: preserve CVQ vringh index (Steve Sistare) - LTS version: v5.15.142 (Jack Vogel) - iomap: update ki_pos a little later in iomap_dio_complete (Christoph Hellwig) - r8169: fix deadlock on RTL8125 in jumbo mtu mode (Heiner Kallweit) - r8169: disable ASPM in case of tx timeout (Heiner Kallweit) - mmc: sdhci-sprd: Fix vqmmc not shutting down after the card was pulled (Wenchao Chen) - mmc: core: add helpers mmc_regulator_enable/disable_vqmmc (Heiner Kallweit) - iommu/vt-d: Make context clearing consistent with context mapping (Lu Baolu) - iommu/vt-d: Omit devTLB invalidation requests when TES=0 (Lu Baolu) - cpufreq: imx6q: Don't disable 792 Mhz OPP unnecessarily (Christoph Niedermaier) - cpufreq: imx6q: don't warn for disabling a non-existing frequency (Christoph Niedermaier) - smb3: fix caching of ctime on setxattr (Steve French) - fs: add ctime accessors infrastructure (Jeff Layton) - fbdev: stifb: Make the STI next font pointer a 32-bit signed offset (Helge Deller) - ASoC: SOF: sof-pci-dev: Fix community key quirk detection (Mark Hasemeyer) - ASoC: SOF: sof-pci-dev: don't use the community key on APL Chromebooks (Pierre-Louis Bossart) - ASoC: SOF: sof-pci-dev: add parameter to override topology filename (Pierre-Louis Bossart) - ASoC: SOF: sof-pci-dev: use community key on all Up boards (Pierre-Louis Bossart) - ASoC: Intel: Move soc_intel_is_foo() helpers to a generic header (Hans de Goede) - smb3: fix touch -h of symlink (Steve French) - selftests/resctrl: Move _GNU_SOURCE define into Makefile (Ilpo Jarvinen) - selftests/resctrl: Add missing SPDX license to Makefile (Shaopeng Tan) - perf intel-pt: Fix async branch flags (Adrian Hunter) - net: ravb: Stop DMA in case of failures on ravb_open() (Claudiu Beznea) - net: ravb: Start TX queues after HW initialization succeeded (Claudiu Beznea) - net: ravb: Use pm_runtime_resume_and_get() (Claudiu Beznea) - net: ravb: Check return value of reset_control_deassert() (Claudiu Beznea) - ravb: Fix races between ravb_tx_timeout_work() and net related ops (Yoshihiro Shimoda) - r8169: prevent potential deadlock in rtl8169_close (Heiner Kallweit) - octeontx2-pf: Fix adding mbox work queue entry when num_vfs > 64 (Geetha sowjanya) - net: stmmac: xgmac: Disable FPE MMC interrupts (Furong Xu) - octeontx2-af: Fix possible buffer overflow (Elena Salomatkina) - selftests/net: ipsec: fix constant out of range (Willem de Bruijn) - uapi: propagate __struct_group() attributes to the container union (Dmitry Antipov) - dpaa2-eth: increase the needed headroom to account for alignment (Ioana Ciornei) - ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet (Zhengchao Shao) - usb: config: fix iteration issue in 'usb_get_bos_descriptor()' (Niklas Neronin) - USB: core: Change configuration warnings to notices (Alan Stern) - hv_netvsc: fix race of netvsc and VF register_netdevice (Haiyang Zhang) - rcu: Avoid tracing a few functions executed in stop machine (Patrick Wang) - vlan: move dev_put into vlan_dev_uninit (Xin Long) - vlan: introduce vlan_dev_free_egress_priority (Xin Long) - Input: xpad - add HyperX Clutch Gladiate Support (Max Nguyen) - btrfs: make error messages more clear when getting a chunk map (Filipe Manana) - btrfs: send: ensure send_fd is writable (Jann Horn) - btrfs: fix off-by-one when checking chunk map includes logical address (Filipe Manana) - btrfs: ref-verify: fix memory leaks in btrfs_ref_tree_mod() (Bragatheswaran Manickavel) - btrfs: add dmesg output for first mount and last unmount of a filesystem (Qu Wenruo) - parisc: Drop the HP-UX ENOSYM and EREMOTERELEASE error codes (Helge Deller) - powerpc: Don't clobber f0/vs0 during fp|altivec register save (Timothy Pearson) - iommu/vt-d: Add MTL to quirk list to skip TE disabling (Abdul Halim, Mohd Syazwan) - bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (Markus Weippert) - dm verity: don't perform FEC for failed readahead IO (Wu Bo) - dm-verity: align struct dm_verity_fec_io properly (Mikulas Patocka) - ALSA: hda/realtek: Add supported ALC257 for ChromeOS (Kailang Yang) - ALSA: hda/realtek: Headset Mic VREF to 100% (Kailang Yang) - ALSA: hda: Disable power-save on KONTRON SinglePC (Takashi Iwai) - mmc: block: Be sure to wait while busy in CQE error recovery (Adrian Hunter) - mmc: block: Do not lose cache flush during CQE error recovery (Adrian Hunter) - mmc: block: Retry commands in CQE error recovery (Adrian Hunter) - mmc: cqhci: Fix task clearing in CQE error recovery (Adrian Hunter) - mmc: cqhci: Warn of halt or task clear failure (Adrian Hunter) - mmc: cqhci: Increase recovery halt timeout (Adrian Hunter) - firewire: core: fix possible memory leak in create_units() (Yang Yingliang) - pinctrl: avoid reload of p state in list iteration (Maria Yu) - LTS version: v5.15.141 (Jack Vogel) - io_uring: fix off-by one bvec index (Keith Busch) - USB: dwc3: qcom: fix wakeup after probe deferral (Johan Hovold) - USB: dwc3: qcom: fix software node leak on probe errors (Johan Hovold) - usb: dwc3: set the dma max_seg_size (Ricardo Ribalda) - usb: dwc3: Fix default mode initialization (Alexander Stein) - USB: dwc2: write HCINT with INTMASK applied (Oliver Neukum) - usb: typec: tcpm: Skip hard reset when in error recovery (Badhri Jagan Sridharan) - USB: serial: option: don't claim interface 4 for ZTE MF290 (Lech Perczak) - USB: serial: option: fix FM101R-GL defines (Puliang Lu) - USB: serial: option: add Fibocom L7xx modules (Victor Fragoso) - usb: cdnsp: Fix deadlock issue during using NCM gadget (Pawel Laszczak) - bcache: fixup lock c->root error (Mingzhe Zou) - bcache: fixup init dirty data errors (Mingzhe Zou) - bcache: prevent potential division by zero error (Rand Deeb) - bcache: check return value from btree_node_alloc_replacement() (Coly Li) - dm-delay: fix a race between delay_presuspend and delay_bio (Mikulas Patocka) - hv_netvsc: Mark VF as slave before exposing it to user-mode (Long Li) - hv_netvsc: Fix race of register_netdevice_notifier and VF register (Haiyang Zhang) - USB: serial: option: add Luat Air72*U series products (Asuna Yang) - s390/dasd: protect device queue against concurrent access (Jan Hoppner) - io_uring/fs: consider link->flags when getting path for LINKAT (Charles Mirabile) - bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race (Mingzhe Zou) - md: fix bi_status reporting in md_end_clone_io (Song Liu) - bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() (Coly Li) - swiotlb-xen: provide the 'max_mapping_size' method (Keith Busch) - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA (Hans de Goede) - proc: sysctl: prevent aliased sysctls from getting passed to init (Krister Johansen) - ext4: make sure allocate pending entry not fail (Zhang Yi) - ext4: fix slab-use-after-free in ext4_es_insert_extent() (Baokun Li) - ext4: using nofail preallocation in ext4_es_insert_extent() (Baokun Li) - ext4: using nofail preallocation in ext4_es_insert_delayed_block() (Baokun Li) - ext4: using nofail preallocation in ext4_es_remove_extent() (Baokun Li) - ext4: use pre-allocated es in __es_remove_extent() (Baokun Li) - ext4: use pre-allocated es in __es_insert_extent() (Baokun Li) - ext4: factor out __es_alloc_extent() and __es_free_extent() (Baokun Li) - ext4: add a new helper to check if es must be kept (Baokun Li) - media: qcom: camss: Fix csid-gen2 for test pattern generator (Andrey Konovalov) - media: qcom: camss: Fix set CSI2_RX_CFG1_VC_MODE when VC is greater than 3 (Bryan O'Donoghue) - media: camss: sm8250: Virtual channels for CSID (Milen Mitkov) - media: camss: Replace hard coded value with parameter (Souptick Joarder (HPE)) - MIPS: KVM: Fix a build warning about variable set but not used (Huacai Chen) - lockdep: Fix block chain corruption (Peter Zijlstra) - USB: dwc3: qcom: fix ACPI platform device leak (Johan Hovold) - USB: dwc3: qcom: fix resource leaks on probe deferral (Johan Hovold) - nvmet: nul-terminate the NQNs passed in the connect command (Christoph Hellwig) - afs: Fix file locking on R/O volumes to operate in local mode (David Howells) - afs: Return ENOENT if no cell DNS record can be found (David Howells) - net: axienet: Fix check for partial TX checksum (Samuel Holland) - amd-xgbe: propagate the correct speed and duplex status (Raju Rangoju) - amd-xgbe: handle the corner-case during tx completion (Raju Rangoju) - amd-xgbe: handle corner-case during sfp hotplug (Raju Rangoju) - octeontx2-pf: Fix ntuple rule creation to direct packet to VF with higher Rx queue than its PF (Suman Ghosh) - arm/xen: fix xen_vcpu_info allocation alignment (Stefano Stabellini) - net/smc: avoid data corruption caused by decline (D. Wythe) - net: usb: ax88179_178a: fix failed operations during ax88179_reset (Jose Ignacio Tornos Martinez) - ipv4: Correct/silence an endian warning in __ip_do_redirect (Kunwu Chan) - HID: fix HID device resource race between HID core and debugging support (Charles Yi) - HID: core: store the unique system identifier in hid_device (Benjamin Tissoires) - drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full (Jonas Karlman) - ata: pata_isapnp: Add missing error check for devm_ioport_map() (Chen Ni) - octeontx2-pf: Fix memory leak during interface down (Suman Ghosh) - wireguard: use DEV_STATS_INC() (Eric Dumazet) - drm/panel: simple: Fix Innolux G101ICE-L01 timings (Marek Vasut) - drm/panel: simple: Fix Innolux G101ICE-L01 bus flags (Marek Vasut) - drm/panel: auo,b101uan08.3: Fine tune the panel power sequence (Xuxin Xiong) - drm/panel: boe-tv101wum-nl6: Fine tune the panel power sequence (Shuijing Li) - afs: Make error on cell lookup failure consistent with OpenAFS (David Howells) - afs: Fix afs_server_list to be cleaned up with RCU (David Howells) - LTS version: v5.15.140 (Jack Vogel) - driver core: Release all resources during unbind before updating device links (Saravana Kannan) - Input: xpad - add VID for Turtle Beach controllers (Vicki Pfau) - powerpc/powernv: Fix fortify source warnings in opal-prd.c (Michael Ellerman) - io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid (Jens Axboe) - drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox (Lewis Huang) - drm/amdgpu: fix error handling in amdgpu_bo_list_get() (Christian Konig) - drm/amdgpu: don't use ATRM for external devices (Alex Deucher) - drm/i915: Fix potential spectre vulnerability (Kunwu Chan) - drm/amd/pm: Handle non-terminated overdrive commands. (Bas Nieuwenhuizen) - ext4: add missed brelse in update_backups (Kemeng Shi) - ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks (Kemeng Shi) - ext4: correct the start block of counting reserved clusters (Zhang Yi) - ext4: correct return value of ext4_convert_meta_bg (Kemeng Shi) - ext4: correct offset of gdb backup in non meta_bg group to update_backups (Kemeng Shi) - ext4: apply umask if ACL support is disabled (Max Kellermann) - Revert 'net: r8169: Disable multicast filter for RTL8168H and RTL8107E' (Heiner Kallweit) - media: qcom: camss: Fix missing vfe_lite clocks check (Bryan O'Donoghue) - media: qcom: camss: Fix VFE-17x vfe_disable_output() (Bryan O'Donoghue) - media: qcom: camss: Fix vfe_get() error jump (Bryan O'Donoghue) - media: qcom: camss: Fix pm_domain_on sequence in probe (Bryan O'Donoghue) - mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of AER (Victor Shih) - r8169: fix network lost after resume on DASH systems (ChunHao Lin) - mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors (Roman Gushchin) - mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM L1.2 (Victor Shih) - riscv: kprobes: allow writing to x0 (Nam Cao) - nfsd: fix file memleak on client_opens_release (Mahmoud Adam) - media: ccs: Correctly initialise try compose rectangle (Sakari Ailus) - media: venus: hfi: add checks to handle capabilities from firmware (Vikash Garodia) - media: venus: hfi: fix the check to handle session buffer requirement (Vikash Garodia) - media: venus: hfi_parser: Add check to keep the number of codecs within range (Vikash Garodia) - media: sharp: fix sharp encoding (Sean Young) - media: lirc: drop trailing space from scancode transmit (Sean Young) - f2fs: avoid format-overflow warning (Su Hui) - i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (Heiner Kallweit) - net: phylink: initialize carrier state at creation (Klaus Kudielka) - net: dsa: lan9303: consequently nested-lock physical MDIO (Alexander Sverdlin) - net: ethtool: Fix documentation of ethtool_sprintf() (Andrew Lunn) - s390/ap: fix AP bus crash on early config change callback invocation (Harald Freudenberger) - i2c: designware: Disable TX_EMPTY irq while waiting for block length byte (Tam Nguyen) - lsm: fix default return value for inode_getsecctx (Ondrej Mosnacek) - lsm: fix default return value for vm_enough_memory (Ondrej Mosnacek) - Revert 'i2c: pxa: move to generic GPIO recovery' (Robert Marko) - powerpc/pseries/ddw: simplify enable_ddw() (Alexey Kardashevskiy) - arm64: dts: qcom: ipq6018: Fix tcsr_mutex register size (Vignesh Viswanathan) - arm64: dts: qcom: ipq6018: switch TCSR mutex to MMIO (Krzysztof Kozlowski) - ksmbd: fix slab out of bounds write in smb_inherit_dacl() (Namjae Jeon) - Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE (Guan Wentao) - Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables (Masum Reza) - bluetooth: Add device 13d3:3571 to device tables (Larry Finger) - bluetooth: Add device 0bda:887b to device tables (Larry Finger) - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559 (Artem Lukyanov) - cpufreq: stats: Fix buffer overflow detection in trans_stats() (Christian Marangi) - regmap: Ensure range selector registers are updated after cache sync (Mark Brown) - tty: serial: meson: fix hard LOCKUP on crtscts mode (Pavel Krasavin) - serial: meson: Use platform_get_irq() to get the interrupt (Lad Prabhakar) - ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC (Chandradeep Dey) - ALSA: hda/realtek - Add Dell ALC295 to pin fall back table (Kailang Yang) - ALSA: info: Fix potential deadlock at disconnection (Takashi Iwai) - xhci: Enable RPM on controllers that support low-power states (Basavaraj Natikar) - parisc/pgtable: Do not drop upper 5 address bits of physical address (Helge Deller) - parisc: Prevent booting 64-bit kernels on PA1.x machines (Helge Deller) - i3c: master: svc: fix SDA keep low when polling IBIWON timeout happen (Frank Li) - i3c: master: svc: fix check wrong status register in irq handler (Frank Li) - i3c: master: svc: fix ibi may not return mandatory data byte (Frank Li) - i3c: master: svc: fix wrong data return when IBI happen during start frame (Frank Li) - i3c: master: svc: fix race condition in ibi work thread (Frank Li) - i3c: master: cdns: Fix reading status register (Joshua Yeong) - mtd: cfi_cmdset_0001: Byte swap OTP info (Linus Walleij) - mm/memory_hotplug: use pfn math in place of direct struct page manipulation (Zi Yan) - mm/cma: use nth_page() in place of direct struct page manipulation (Zi Yan) - s390/cmma: fix detection of DAT pages (Heiko Carstens) - dmaengine: stm32-mdma: correct desc prep when channel running (Alain Volmat) - mcb: fix error handling for different scenarios when parsing (Sanjuan Garcia, Jorge) - tracing: Have the user copy of synthetic event address use correct context (Steven Rostedt (Google)) - i2c: core: Run atomic i2c xfer when !preemptible (Benjamin Bara) - kernel/reboot: emergency_restart: Set correct system_state (Benjamin Bara) - quota: explicitly forbid quota files from being encrypted (Eric Biggers) - jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev (Zhihao Cheng) - ASoC: codecs: wsa-macro: fix uninitialized stack variables with name prefix (Krzysztof Kozlowski) - selftests/resctrl: Reduce failures due to outliers in MBA/MBM tests (Ilpo Jarvinen) - selftests/resctrl: Remove duplicate feature check from CMT test (Ilpo Jarvinen) - netfilter: nf_tables: split async and sync catchall in two functions (Pablo Neira Ayuso) - netfilter: nf_tables: remove catchall element in GC sync path (Pablo Neira Ayuso) [Orabug: 36028059] {CVE-2023-6111} - PCI: keystone: Don't discard .probe() callback (Uwe Kleine-Konig) - PCI: keystone: Don't discard .remove() callback (Uwe Kleine-Konig) - KEYS: trusted: Rollback init_trusted() consistently (Jarkko Sakkinen) - genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware (Herve Codina) - mmc: meson-gx: Remove setting of CMD_CFG_ERROR (Rong Chen) - wifi: ath11k: fix htt pktlog locking (Johan Hovold) - wifi: ath11k: fix dfs radar event locking (Johan Hovold) - wifi: ath11k: fix temperature event locking (Johan Hovold) - ima: detect changes to the backing overlay file (Mimi Zohar) - ima: annotate iint mutex to avoid lockdep false positive warnings (Amir Goldstein) - ACPI: FPDT: properly handle invalid FPDT subtables (Vasily Khoruzhick) - firmware: qcom_scm: use 64-bit calling convention only when client is 64-bit (Kathiravan Thirumoorthy) - btrfs: don't arbitrarily slow down delalloc if we're committing (Josef Bacik) - rcu: kmemleak: Ignore kmemleak false positives when RCU-freeing objects (Catalin Marinas) - PM: hibernate: Clean up sync_read handling in snapshot_write_next() (Brian Geffon) - PM: hibernate: Use __get_safe_page() rather than touching the list (Brian Geffon) - arm64: dts: qcom: ipq6018: Fix hwlock index for SMEM (Vignesh Viswanathan) - rcu/tree: Defer setting of jiffies during stall reset (Joel Fernandes (Google)) - svcrdma: Drop connection after an RDMA Read error (Chuck Lever) - wifi: wilc1000: use vmm_table as array in wilc struct (Ajay Singh) - PCI: exynos: Don't discard .remove() callback (Uwe Kleine-Konig) - PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common() (Heiner Kallweit) - mmc: sdhci_am654: fix start loop index for TAP value parsing (Nitin Yadav) - mmc: vub300: fix an error code (Dan Carpenter) - clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks (Kathiravan Thirumoorthy) - clk: qcom: ipq8074: drop the CLK_SET_RATE_PARENT flag from PLL clocks (Kathiravan Thirumoorthy) - clk: socfpga: Fix undefined behavior bug in struct stratix10_clock_data (Gustavo A. R. Silva) - parisc/pdc: Add width field to struct pdc_model (Helge Deller) - arm64: Restrict CPU_BIG_ENDIAN to GNU as or LLVM IAS 15.x or newer (Nathan Chancellor) - ACPI: resource: Do IRQ override on TongFang GMxXGxx (Werner Sembach) - watchdog: move softlockup_panic back to early_param (Krister Johansen) - PCI/sysfs: Protect driver's D3cold preference from user space (Lukas Wunner) - hvc/xen: fix event channel handling for secondary consoles (David Woodhouse) - hvc/xen: fix error path in xen_hvc_init() to always register frontend driver (David Woodhouse) - hvc/xen: fix console unplug (David Woodhouse) - tty/sysrq: replace smp_processor_id() with get_cpu() (Muhammad Usama Anjum) - audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare() (Paul Moore) - audit: don't take task_lock() in audit_exe_compare() code path (Paul Moore) - KVM: x86: Ignore MSR_AMD64_TW_CFG access (Maciej S. Szmigiero) - KVM: x86: hyper-v: Don't auto-enable stimer on write from user-space (Nicolas Saenz Julienne) - x86/cpu/hygon: Fix the CPU topology evaluation for real (Pu Wen) - crypto: x86/sha - load modules based on CPU features (Roxana Nicolescu) - scsi: qla2xxx: Fix system crash due to bad pointer access (Quinn Tran) - scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for selected registers (Chandrakanth patil) - bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END (Shung-Hsi Yu) - bpf: Fix check_stack_write_fixed_off() to correctly spill imm (Hao Sun) - randstruct: Fix gcc-plugin performance mode to stay in group (Kees Cook) - powerpc/perf: Fix disabling BHRB and instruction sampling (Nicholas Piggin) - media: venus: hfi: add checks to perform sanity on queue pointers (Vikash Garodia) - i915/perf: Fix NULL deref bugs with drm_dbg() calls (Harshit Mogalapalli) - xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init() (Li Zetao) - xfs: fix memory leak in xfs_errortag_init (Zeng Heng) - xfs: fix exception caused by unexpected illegal bestcount in leaf dir (Guo Xuenan) - xfs: avoid a UAF when log intent item recovery fails (Darrick J. Wong) - xfs: fix inode reservation space for removing transaction (hexiaole) - xfs: Fix false ENOSPC when performing direct write on a delalloc extent in cow fork (Chandan Babu R) - xfs: fix intermittent hang during quotacheck (Darrick J. Wong) - xfs: don't leak memory when attr fork loading fails (Darrick J. Wong) - xfs: fix use-after-free in xattr node block inactivation (Darrick J. Wong) - xfs: flush inode gc workqueue before clearing agi bucket (Zhang Yi) - xfs: prevent a UAF when log IO errors race with unmount (Darrick J. Wong) - xfs: use invalidate_lock to check the state of mmap_lock (Kaixu Xia) - xfs: convert buf_cancel_table allocation to kmalloc_array (Darrick J. Wong) - xfs: don't leak xfs_buf_cancel structures when recovery fails (Darrick J. Wong) - xfs: refactor buffer cancellation table allocation (Darrick J. Wong) - cifs: fix check of rc in function generate_smb3signingkey (Ekaterina Esina) - cifs: spnego: add ';' in HOST_KEY_LEN (Anastasia Belova) - tools/power/turbostat: Enable the C-state Pre-wake printing (Chen Yu) - tools/power/turbostat: Fix a knl bug (Zhang Rui) - macvlan: Don't propagate promisc change to lower dev in passthru (Vlad Buslov) - net/mlx5e: Check return value of snprintf writing to fw_version buffer for representors (Rahul Rameshbabu) - net/mlx5e: Reduce the size of icosq_str (Saeed Mahameed) - net/mlx5e: Fix pedit endianness (Vlad Buslov) - net/mlx5e: fix double free of encap_header in update funcs (Gavin Li) - net/mlx5e: fix double free of encap_header (Dust Li) - net: stmmac: fix rx budget limit check (Baruch Siach) - netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() (Dan Carpenter) - netfilter: nf_tables: add and use BE register load-store helpers (Florian Westphal) - netfilter: nf_tables: use the correct get/put helpers (Florian Westphal) - netfilter: nf_conntrack_bridge: initialize err to 0 (Linkui Xiao) - af_unix: fix use-after-free in unix_stream_read_actor() (Eric Dumazet) - net: ethernet: cortina: Fix MTU max setting (Linus Walleij) - net: ethernet: cortina: Handle large frames (Linus Walleij) - net: ethernet: cortina: Fix max RX frame define (Linus Walleij) - bonding: stop the device in bond_setup_by_slave() (Eric Dumazet) - ptp: annotate data-race around q->head and q->tail (Eric Dumazet) - xen/events: fix delayed eoi list handling (Juergen Gross) - ppp: limit MRU to 64K (Willem de Bruijn) - tipc: Fix kernel-infoleak due to uninitialized TLV value (Shigeru Yoshida) - net: hns3: fix VF wrong speed and duplex issue (Jijie Shao) - net: hns3: fix VF reset fail issue (Jijie Shao) - net: hns3: fix variable may not initialized problem in hns3_init_mac_addr() (Yonglong Liu) - net: hns3: fix incorrect capability bit display for copper port (Jian Shen) - net: hns3: add barrier in vf mailbox reply process (Yonglong Liu) - net: hns3: add byte order conversion for PF to VF mailbox message (Jie Wang) - net: hns3: refine the definition for struct hclge_pf_to_vf_msg (Jian Shen) - net: hns3: fix add VLAN fail issue (Jian Shen) - tty: Fix uninit-value access in ppp_sync_receive() (Shigeru Yoshida) - ipvlan: add ipvlan_route_v6_outbound() helper (Eric Dumazet) - net: set SOCK_RCU_FREE before inserting socket into hashtable (Stanislav Fomichev) - gfs2: Silence 'suspicious RCU usage in gfs2_permission' warning (Andreas Gruenbacher) - SUNRPC: Fix RPC client cleaned up the freed pipefs dentries (felix) - NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO (Olga Kornievskaia) - SUNRPC: Add an IS_ERR() check back to where it was (Dan Carpenter) - SUNRPC: ECONNRESET might require a rebind (Trond Myklebust) - media: cec: meson: always include meson sub-directory in Makefile (Marek Szyprowski) - media: cadence: csi2rx: Unregister v4l2 async notifier (Pratyush Yadav) - sched/core: Optimize in_task() and in_interrupt() a bit (Finn Thain) - tracing/perf: Add interrupt_context_level() helper (Steven Rostedt (VMware)) - tracing: Reuse logic from perf's get_recursion_context() (Steven Rostedt (VMware)) - wifi: iwlwifi: Use FW rate for non-data frames (Miri Korenblit) - pwm: Fix double shift bug (Dan Carpenter) - drm/amdgpu: fix software pci_unplug on some chips (Vitaly Prosyak) - drm/qxl: prevent memory leak (Zongmin Zhou) - ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings (Tony Lindgren) - i2c: dev: copy userspace array safely (Philipp Stanner) - kgdb: Flush console before entering kgdb on panic (Douglas Anderson) - drm/amd/display: Avoid NULL dereference of timing generator (Wayne Lin) - media: imon: fix access to invalid resource for the second interface (Takashi Iwai) - media: ccs: Fix driver quirk struct documentation (Sakari Ailus) - media: cobalt: Use FIELD_GET() to extract Link Width (Ilpo Jarvinen) - gfs2: fix an oops in gfs2_permission (Al Viro) - gfs2: ignore negated quota changes (Bob Peterson) - media: vivid: avoid integer overflow (Hans Verkuil) - media: gspca: cpia1: shift-out-of-bounds in set_flicker (Rajeshwar R Shinde) - i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data. (Billy Tsai) - virtio-blk: fix implicit overflow on virtio_max_dma_size (zhenwei pi) - i2c: sun6i-p2wi: Prevent potential division by zero (Axel Lin) - i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler (Jarkko Nikula) - 9p: v9fs_listxattr: fix %s null argument warning (Dominique Martinet) - 9p/trans_fd: Annotate data-racy writes to file::f_flags (Marco Elver) - usb: gadget: f_ncm: Always set current gadget in ncm_bind() (Hardik Gajjar) - tty: vcc: Add check for kstrdup() in vcc_probe() (Yi Yang) - exfat: support handle zero-size directory (Yuezhang Mo) - HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W (Jiri Kosina) - PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk (Bjorn Helgaas) - misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller (Yoshihiro Shimoda) - PCI: Disable ATS for specific Intel IPU E2000 devices (Bartosz Pawlowski) - PCI: Extract ATS disabling to a helper function (Bartosz Pawlowski) - PCI: Use FIELD_GET() to extract Link Width (Ilpo Jarvinen) - scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (Wenchao Hao) - atm: iphase: Do PCI error checks on own line (Ilpo Jarvinen) - PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields (Ilpo Jarvinen) - ALSA: hda: Fix possible null-ptr-deref when assigning a stream (Cezary Rojewski) - ARM: 9320/1: fix stack depot IRQ stack filter (Vincent Whitchurch) - HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround (Mikhail Khvainitski) - jfs: fix array-index-out-of-bounds in diAlloc (Manas Ghandat) - jfs: fix array-index-out-of-bounds in dbFindLeaf (Manas Ghandat) - fs/jfs: Add validity check for db_maxag and db_agpref (Juntong Deng) - fs/jfs: Add check for negative db_l2nbperpage (Juntong Deng) - scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (Tyrel Datwyler) - scsi: hisi_sas: Set debugfs_dir pointer to NULL after removing debugfs (Yihang Li) - RDMA/hfi1: Use FIELD_GET() to extract Link Width (Ilpo Jarvinen) - crypto: pcrypt - Fix hungtask for PADATA_RESET (Lu Jialin) - ASoC: soc-card: Add storage for PCI SSID (Richard Fitzgerald) - selftests/efivarfs: create-read: fix a resource leak (zhujun2) - arm64: dts: ls208xa: use a pseudo-bus to constrain usb dma size (Laurentiu Tudor) - drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL (Qu Huang) - drm/amdkfd: Fix shift out-of-bounds issue (Jesse Zhang) - drm/panel: st7703: Pick different reset sequence (Ondrej Jirman) - drm/amdgpu/vkms: fix a possible null pointer dereference (Ma Ke) - drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (Ma Ke) - drm/panel: fix a possible null pointer dereference (Ma Ke) - drm/amdgpu: Fix potential null pointer derefernce (Stanley.Yang) - drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (Mario Limonciello) - drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (Mario Limonciello) - drm/msm/dp: skip validity check for DP CTS EDID checksum (Jani Nikula) - drm: vmwgfx_surface.c: copy user-array safely (Philipp Stanner) - kernel: watch_queue: copy user-array safely (Philipp Stanner) - kernel: kexec: copy user-array safely (Philipp Stanner) - string.h: add array-wrappers for (v)memdup_user() (Philipp Stanner) - drm/amd/display: use full update for clip size increase of large plane source (Wenjing Liu) - drm/amdkfd: Fix a race condition of vram buffer unref in svm code (Xiaogang Chen) - drm/komeda: drop all currently held locks if deadlock happens (baozhu.liu) - platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e (Olli Asikainen) - Bluetooth: Fix double free in hci_conn_cleanup (ZhengHan Wang) - Bluetooth: btusb: Add date->evt_skb is NULL check (youwan Wang) - wifi: ath10k: Don't touch the CE interrupt registers after power up (Douglas Anderson) - net: annotate data-races around sk->sk_dst_pending_confirm (Eric Dumazet) - net: annotate data-races around sk->sk_tx_queue_mapping (Eric Dumazet) - wifi: ath10k: fix clang-specific fortify warning (Dmitry Antipov) - wifi: ath9k: fix clang-specific fortify warnings (Dmitry Antipov) - bpf: Detect IP == ksym.end as part of BPF program (Kumar Kartikeya Dwivedi) - atl1c: Work around the DMA RX overflow issue (Sieng-Piaw Liew) - wifi: mac80211: don't return unset power in ieee80211_get_tx_power() (Ping-Ke Shih) - wifi: mac80211_hwsim: fix clang-specific fortify warning (Dmitry Antipov) - x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size (Mike Rapoport (IBM)) - workqueue: Provide one lock class key per work_on_cpu() callsite (Frederic Weisbecker) - clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware (Ronald Wahl) - clocksource/drivers/timer-imx-gpt: Fix potential memory leak (Jacky Bai) - perf/core: Bail out early if the request AUX area is out of bound (Shuai Xue) - locking/ww_mutex/test: Fix potential workqueue corruption (John Stultz) - LTS version: v5.15.139 (Jack Vogel) - btrfs: use u64 for buffer sizes in the tree search ioctls (Filipe Manana) - Revert 'mmc: core: Capture correct oemid-bits for eMMC cards' (Dominique Martinet) - tracing/kprobes: Fix the order of argument descriptions (Yujie Liu) - fbdev: fsl-diu-fb: mark wr_reg_wa() static (Arnd Bergmann) - fbdev: imsttfb: fix a resource leak in probe (Dan Carpenter) - fbdev: imsttfb: Fix error path of imsttfb_probe() (Helge Deller) - spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (Amit Kumar Mahapatra) - ASoC: hdmi-codec: register hpd callback on component probe (Jerome Brunet) - drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE (Erik Kurzinger) - netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses (Florian Westphal) - netfilter: nft_redir: use struct nf_nat_range2 throughout and deduplicate eval call-backs (Jeremy Sowden) - netfilter: xt_recent: fix (increase) ipv6 literal buffer length (Maciej Zenczykowski) - i2c: iproc: handle invalid slave state (Roman Bacik) - r8169: respect userspace disabling IFF_MULTICAST (Heiner Kallweit) - blk-core: use pr_warn_ratelimited() in bio_check_ro() (Yu Kuai) - block: remove unneeded return value of bio_check_ro() (Miaohe Lin) - tg3: power down device only on SYSTEM_POWER_OFF (George Shuklin) - net/smc: put sk reference if close work was canceled (D. Wythe) - net/smc: allow cdc msg send rather than drop it with NULL sndbuf_desc (D. Wythe) - net/smc: fix dangling sock under state SMC_APPFINCLOSEWAIT (D. Wythe) - selftests: pmtu.sh: fix result checking (Hangbin Liu) - net: stmmac: xgmac: Enable support for multiple Flexible PPS outputs (Furong Xu) - Fix termination state for idr_for_each_entry_ul() (NeilBrown) - net: r8169: Disable multicast filter for RTL8168H and RTL8107E (Patrick Thompson) - dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses. (Kuniyuki Iwashima) - dccp: Call security_inet_conn_request() after setting IPv4 addresses. (Kuniyuki Iwashima) - octeontx2-pf: Fix holes in error code (Ratheesh Kannoth) - octeontx2-pf: Fix error codes (Ratheesh Kannoth) - bpf: Check map->usercnt after timer->timer is assigned (Hou Tao) - tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (Shigeru Yoshida) - hsr: Prevent use after free in prp_create_tagged_frame() (Dan Carpenter) - llc: verify mac len before reading mac header (Willem de Bruijn) - Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (Dan Carpenter) - pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume (Florian Fainelli) - pwm: sti: Reduce number of allocations and drop usage of chip_data (Uwe Kleine-Konig) - regmap: prevent noinc writes from clobbering cache (Ben Wolsieffer) - media: cedrus: Fix clock/reset sequence (Jernej Skrabec) - media: vidtv: mux: Add check and kfree for kstrdup (Jiasheng Jiang) - media: vidtv: psi: Add check for kstrdup (Jiasheng Jiang) - media: s3c-camif: Avoid inappropriate kfree() (Katya Orlova) - media: bttv: fix use after free error due to btv->timeout timer (Zheng Wang) - media: i2c: max9286: Fix some redundant of_node_put() calls (Christophe JAILLET) - pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() (Yang Yingliang) - pcmcia: ds: fix refcount leak in pcmcia_device_add() (Yang Yingliang) - pcmcia: cs: fix possible hung task and memory leak pccardd() (Yang Yingliang) - rtc: pcf85363: fix wrong mask/val parameters in regmap_update_bits call (Javier Carrasco) - cxl/mem: Fix shutdown order (Dan Williams) - i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs (Dinghao Liu) - 9p/net: fix possible memory leak in p9_check_errors() (Hangyu Hua) - perf hist: Add missing puts to hist__account_cycles (Ian Rogers) - perf machine: Avoid out of bounds LBR memory read (Ian Rogers) - usb: host: xhci-plat: fix possible kernel oops while resuming (Sergey Shtylyov) - xhci: Loosen RPM as default policy to cover for AMD xHC 1.1 (Basavaraj Natikar) - powerpc/pseries: fix potential memory leak in init_cpu_associativity() (Wang Yufen) - powerpc/imc-pmu: Use the correct spinlock initializer. (Sebastian Andrzej Siewior) - powerpc/xive: Fix endian conversion size (Benjamin Gray) - powerpc/40x: Remove stale PTE_ATOMIC_UPDATES macro (Christophe Leroy) - modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host (Masahiro Yamada) - powerpc: Only define __parse_fpscr() when required (Christophe Leroy) - f2fs: fix to initialize map.m_pblk in f2fs_precache_extents() (Chao Yu) - dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() (Christophe JAILLET) - USB: usbip: fix stub_dev hub disconnect (Jonas Blixt) - tools: iio: iio_generic_buffer ensure alignment (Matti Vaittinen) - misc: st_core: Do not call kfree_skb() under spin_lock_irqsave() (Jinjie Ruan) - dmaengine: ti: edma: handle irq_of_parse_and_map() errors (Dan Carpenter) - usb: chipidea: Simplify Tegra DMA alignment code (Michal Miroslaw) - usb: chipidea: Fix DMA overwrite for Tegra (Michal Miroslaw) - usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency (Jia-Ju Bai) - dmaengine: idxd: Register dsa_bus_type before registering idxd sub-drivers (Fenghua Yu) - livepatch: Fix missing newline character in klp_resolve_symbols() (Zheng Yejian) - tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (Yi Yang) - f2fs: compress: fix to avoid redundant compress extension (Chao Yu) - f2fs: compress: fix to avoid use-after-free on dic (Chao Yu) - leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu' (Christophe JAILLET) - leds: pwm: Don't disable the PWM when the LED should be off (Uwe Kleine-Konig) - leds: turris-omnia: Do not use SMBUS calls (Marek Behun) - leds: turris-omnia: Drop unnecessary mutex locking (Marek Behun) - mfd: arizona-spi: Set pdata.hpdet_channel for ACPI enumerated devs (Hans de Goede) - mfd: dln2: Fix double put in dln2_probe (Dinghao Liu) - mfd: core: Ensure disabled devices are skipped without aborting (Herve Codina) - mfd: core: Un-constify mfd_cell.of_reg (Michal Miroslaw) - ASoC: ams-delta.c: use component after check (Kuninori Morimoto) - crypto: qat - fix deadlock in backlog processing (Giovanni Cabiddu) - padata: Fix refcnt handling in padata_free_shell() (WangJinchao) - ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails (Cezary Rojewski) - HID: logitech-hidpp: Move get_wireless_feature_index() check to hidpp_connect_event() (Hans de Goede) - HID: logitech-hidpp: Revert 'Don't restart communication if not necessary' (Hans de Goede) - HID: logitech-hidpp: Don't restart IO, instead defer hid_connect() only (Hans de Goede) - HID: logitech-hidpp: Remove HIDPP_QUIRK_NO_HIDINPUT quirk (Bastien Nocera) - Revert 'HID: logitech-hidpp: add a module parameter to keep firmware gestures' (Bastien Nocera) - sh: bios: Revive earlyprintk support (Geert Uytterhoeven) - hid: cp2112: Fix IRQ shutdown stopping polling for all IRQs on chip (Danny Kaehn) - RDMA/hfi1: Workaround truncation compilation error (Leon Romanovsky) - scsi: ufs: core: Leave space for '- ASoC: fsl: Fix PM disable depth imbalance in fsl_easrc_probe (Zhang Shurong) - RDMA/hns: The UD mode can only be configured with DCQCN (Luoyouming) - RDMA/hns: Fix signed-unsigned mixed comparisons (Chengchang Tang) - RDMA/hns: Fix uninitialized ucmd in hns_roce_create_qp_common() (Chengchang Tang) - IB/mlx5: Fix rdma counter binding for RAW QP (Patrisious Haddad) - ASoC: fsl: mpc5200_dma.c: Fix warning of Function parameter or member not described (Kuninori Morimoto) - ext4: move 'ix' sanity check to corrent position (Gou Hao) - ARM: 9321/1: memset: cast the constant byte to unsigned char (Kursad Oney) - hid: cp2112: Fix duplicate workqueue initialization (Danny Kaehn) - crypto: qat - increase size of buffers (Giovanni Cabiddu) - crypto: caam/jr - fix Chacha20 + Poly1305 self test failure (Gaurav Jain) - crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure (Gaurav Jain) - nd_btt: Make BTT lanes preemptible (Tomas Glozar) - libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and check its return value (Chen Ni) - scsi: ibmvfc: Fix erroneous use of rtas_busy_delay with hcall return code (Tyrel Datwyler) - RDMA/core: Use size_{add,sub,mul}() in calls to struct_size() (Gustavo A. R. Silva) - hwrng: geode - fix accessing registers (Jonas Gorski) - crypto: hisilicon/hpre - Fix a erroneous check after snprintf() (Christophe JAILLET) - selftests/resctrl: Ensure the benchmark commands fits to its array (Ilpo Jarvinen) - selftests/pidfd: Fix ksft print formats (Maciej Wieczor-Retman) - arm64: dts: imx8mn: Add sound-dai-cells to micfil node (Adam Ford) - arm64: dts: imx8mm: Add sound-dai-cells to micfil node (Adam Ford) - arm64: dts: imx8qm-ss-img: Fix jpegenc compatible entry (Fabio Estevam) - clk: scmi: Free scmi_clk allocated when the clocks with invalid info are skipped (Sudeep Holla) - firmware: arm_ffa: Assign the missing IDR allocation ID to the FFA device (Sudeep Holla) - firmware: ti_sci: Mark driver as non removable (Dhruva Gole) - soc: qcom: llcc: Handle a second device without data corruption (Uwe Kleine-Konig) - ARM: dts: qcom: mdm9615: populate vsdcc fixed regulator (Krzysztof Kozlowski) - arm64: dts: qcom: apq8016-sbc: Add missing ADV7533 regulators (Stephan Gerhold) - ARM64: dts: marvell: cn9310: Use appropriate label for spi1 pins (Chris Packham) - arm64: dts: qcom: sdm845-mtp: fix WiFi configuration (Dmitry Baryshkov) - arm64: dts: qcom: sc7280: Add missing LMH interrupts (Konrad Dybcio) - arm64: dts: qcom: msm8992-libra: drop duplicated reserved memory (Krzysztof Kozlowski) - arm64: dts: qcom: msm8916: Fix iommu local address range (Gaurav Kohli) - ARM: dts: renesas: blanche: Fix typo in GP_11_2 pin name (Geert Uytterhoeven) - perf: hisi: Fix use-after-free when register pmu fails (Junhao He) - drm: mediatek: mtk_dsi: Fix NO_EOT_PACKET settings/handling (AngeloGioacchino Del Regno) - drm/msm/dsi: use msm_gem_kernel_put to free TX buffer (Dmitry Baryshkov) - xen-pciback: Consider INTx disabled when MSI/MSI-X is enabled (Marek Marczykowski-Gorecki) - drm/rockchip: Fix type promotion bug in rockchip_gem_iommu_map() (Dan Carpenter) - drm/bridge: lt9611uxc: fix the race in the error path (Dmitry Baryshkov) - drm/bridge: lt9611uxc: Register and attach our DSI device at probe (Maxime Ripard) - drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers (Maxime Ripard) - drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() (Christophe JAILLET) - drm/mediatek: Fix iommu fault during crtc enabling (Jason-JH.Lin) - drm/mediatek: Fix iommu fault by swapping FBs after updating plane state (Jason-JH.Lin) - drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code (Xiaogang Chen) - drm/bridge: tc358768: Fix bit updates (Tomi Valkeinen) - drm/bridge: tc358768: Disable non-continuous clock mode (Dmitry Osipenko) - drm/bridge: tc358768: Fix use of uninitialized variable (Tomi Valkeinen) - drm/bridge: lt8912b: Add missing drm_bridge_attach call (Tomi Valkeinen) - drm/bridge: lt8912b: Manually disable HPD only if it was enabled (Tomi Valkeinen) - drm/bridge: lt8912b: Fix crash on bridge detach (Tomi Valkeinen) - drm/bridge: lt8912b: Fix bridge_detach (Tomi Valkeinen) - drm/bridge: lt8912b: Add hot plug detection (Stefan Eichenberger) - drm/bridge: lt8912b: Register and attach our DSI device at probe (Maxime Ripard) - drm/bridge: lt8912b: Switch to devm MIPI-DSI helpers (Maxime Ripard) - drm/mipi-dsi: Create devm device attachment (Maxime Ripard) - drm/mipi-dsi: Create devm device registration (Maxime Ripard) - drm/radeon: possible buffer overflow (Konstantin Meskhidze) - drm/rockchip: vop: Fix call to crtc reset helper (Jonas Karlman) - drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs (Jonas Karlman) - hwmon: (coretemp) Fix potentially truncated sysfs attribute name (Zhang Rui) - hwmon: (axi-fan-control) Fix possible NULL pointer dereference (Dragos Bogdan) - platform/x86: wmi: Fix opening of char device (Armin Wolf) - platform/x86: wmi: remove unnecessary initializations (Barnabas Pocze) - platform/x86: wmi: Fix probe failure when failing to register WMI devices (Armin Wolf) - clk: qcom: config IPQ_APSS_6018 should depend on QCOM_SMEM (Varadarajan Narayanan) - clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data (Jiasheng Jiang) - clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data (Jiasheng Jiang) - clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data (Jiasheng Jiang) - clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data (Jiasheng Jiang) - clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data (Jiasheng Jiang) - clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data (Jiasheng Jiang) - clk: npcm7xx: Fix incorrect kfree (Jonathan Neuschafer) - clk: ti: fix double free in of_ti_divider_clk_setup() (Dan Carpenter) - clk: ti: change ti_clk_register[_omap_hw]() API (Dario Binacchi) - clk: ti: Update component clocks to use ti_dt_clk_name() (Tony Lindgren) - clk: ti: Update pll and clockdomain clocks to use ti_dt_clk_name() (Tony Lindgren) - clk: ti: Add ti_dt_clk_name() helper to use clock-output-names (Tony Lindgren) - clk: keystone: pll: fix a couple NULL vs IS_ERR() checks (Dan Carpenter) - spi: nxp-fspi: use the correct ioremap function (Han Xu) - clk: renesas: rzg2l: Fix computation formula (Claudiu Beznea) - clk: renesas: rzg2l: Use FIELD_GET() for PLL register fields (Claudiu Beznea) - clk: renesas: rzg2l: Simplify multiplication/shift logic (Geert Uytterhoeven) - clk: imx: imx8qxp: Fix elcdif_pll clock (Robert Chiras) - clk: imx: imx8mq: correct error handling path (Peng Fan) - clk: imx: Select MXC_CLK for CLK_IMX8QXP (Abel Vesa) - clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src (Danila Tikhonov) - clk: qcom: mmcc-msm8998: Fix the SMMU GDSC (Konrad Dybcio) - clk: qcom: mmcc-msm8998: Don't check halt bit on some branch clks (Konrad Dybcio) - clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies (Devi Priya) - spi: tegra: Fix missing IRQ check in tegra_slink_probe() (Zhang Shurong) - regmap: debugfs: Fix a erroneous check after snprintf() (Christophe JAILLET) - ipvlan: properly track tx_errors (Eric Dumazet) - net: add DEV_STATS_READ() helper (Eric Dumazet) - ipv6: avoid atomic fragment on GSO packets (Yan Zhai) - ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() (Christophe JAILLET) - wifi: iwlwifi: empty overflow queue during flush (Miri Korenblit) - wifi: iwlwifi: pcie: synchronize IRQs before NAPI (Johannes Berg) - wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (Gregory Greenman) - iwlwifi: pcie: adjust to Bz completion descriptor (Johannes Berg) - tcp: fix cookie_init_timestamp() overflows (Eric Dumazet) - chtls: fix tp->rcv_tstamp initialization (Eric Dumazet) - r8169: fix rare issue with broken rx after link-down on RTL8125 (Heiner Kallweit) - r8169: use tp_to_dev instead of open code (Juhee Kang) - thermal: core: prevent potential string overflow (Dan Carpenter) - netfilter: nf_tables: Drop pointless memset when dumping rules (Phil Sutter) - PM / devfreq: rockchip-dfi: Make pmu regmap mandatory (Sascha Hauer) - can: dev: can_put_echo_skb(): don't crash kernel if can_priv::echo_skb is accessed out of bounds (Marc Kleine-Budde) - can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() (Marc Kleine-Budde) - can: dev: can_restart(): don't crash kernel if carrier is OK (Marc Kleine-Budde) - wifi: rtlwifi: fix EDCA limit set by BT coexistence (Dmitry Antipov) - tcp_metrics: do not create an entry from tcp_init_metrics() (Eric Dumazet) - tcp_metrics: properly set tp->snd_ssthresh in tcp_init_metrics() (Eric Dumazet) - tcp_metrics: add missing barriers on delete (Eric Dumazet) - wifi: mt76: mt7603: improve stuck beacon handling (Felix Fietkau) - mt76: pass original queue id from __mt76_tx_queue_skb to the driver (Felix Fietkau) - mt76: add support for overriding the device used for DMA mapping (Felix Fietkau) - mt76: dma: use kzalloc instead of devm_kzalloc for txwi (Felix Fietkau) - wifi: mt76: mt7603: rework/fix rx pse hang check (Felix Fietkau) - wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (Jinjie Ruan) - net: spider_net: Use size_add() in call to struct_size() (Gustavo A. R. Silva) - tipc: Use size_add() in calls to struct_size() (Gustavo A. R. Silva) - mlxsw: Use size_mul() in call to struct_size() (Gustavo A. R. Silva) - gve: Use size_add() in call to struct_size() (Gustavo A. R. Silva) - tcp: call tcp_try_undo_recovery when an RTOd TFO SYNACK is ACKed (Aananth V) - udp: add missing WRITE_ONCE() around up->encap_rcv (Eric Dumazet) - selftests/bpf: Correct map_fd to data_fd in tailcalls (Leon Hwang) - selftests/bpf: Test tail call counting with bpf2bpf and data on stack (Jakub Sitnicki) - i40e: fix potential memory leaks in i40e_remove() (Andrii Staikov) - genirq/matrix: Exclude managed interrupts in irq_matrix_allocated() (Chen Yu) - pstore/platform: Add check for kstrdup (Jiasheng Jiang) - x86/boot: Fix incorrect startup_gdt_descr.size (Yuntao Wang) - x86/sev-es: Allow copy_from_kernel_nofault() in earlier boot (Adam Dunlap) - x86: Share definition of __is_canonical_address() (Adrian Hunter) - futex: Don't include process MM in futex key on no-MMU (Ben Wolsieffer) - x86/srso: Fix SBPB enablement for (possible) future fixed HW (Josh Poimboeuf) - writeback, cgroup: switch inodes with dirty timestamps to release dying cgwbs (Jingbo Xu) - vfs: fix readahead(2) on block devices (Reuben Hawkins) - sched: Fix stop_one_cpu_nowait() vs hotplug (Peter Zijlstra) - sched/uclamp: Ignore (util == 0) optimization in feec() when p_util_max = 0 (Qais Yousef) - iov_iter, x86: Be consistent about the __user tag on copy_mc_to_user() (David Howells) - LTS version: v5.15.138 (Jack Vogel) - ALSA: hda: intel-dsp-config: Fix JSL Chromebook quirk detection (Mark Hasemeyer) - misc: pci_endpoint_test: Add deviceID for J721S2 PCIe EP device support (Siddharth Vadapalli) - tty: 8250: Add Brainboxes Oxford Semiconductor-based quirks (Cameron Williams) - tty: 8250: Add support for Intashield IX cards (Cameron Williams) - tty: 8250: Add support for additional Brainboxes PX cards (Cameron Williams) - tty: 8250: Fix up PX-803/PX-857 (Cameron Williams) - tty: 8250: Fix port count of PX-257 (Cameron Williams) - tty: 8250: Add support for Intashield IS-100 (Cameron Williams) - tty: 8250: Add support for Brainboxes UP cards (Cameron Williams) - tty: 8250: Add support for additional Brainboxes UC cards (Cameron Williams) - tty: 8250: Remove UC-257 and UC-431 (Cameron Williams) - tty: n_gsm: fix race condition in status line change on dead connections (Daniel Starke) - usb: raw-gadget: properly handle interrupted requests (Andrey Konovalov) - usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() (Jimmy Hu) - usb: storage: set 1.50 as the lower bcdDevice for older 'Super Top' compatibility (LihaSika) - PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device (Vicki Pfau) - drm/amd: Disable ASPM for VI w/ all Intel systems (Mario Limonciello) - drm/amd: Move helper for dynamic speed switch check out of smu13 (Mario Limonciello) - can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior (Oliver Hartkopp) - can: isotp: isotp_bind(): do not validate unused address information (Oliver Hartkopp) - can: isotp: add local echo tx processing and tx without FC (Oliver Hartkopp) - can: isotp: handle wait_event_interruptible() return values (Oliver Hartkopp) - can: isotp: check CAN address family in isotp_bind() (Oliver Hartkopp) - can: isotp: isotp_bind(): return -EINVAL on incorrect CAN ID formatting (Oliver Hartkopp) - can: isotp: set max PDU size to 64 kByte (Oliver Hartkopp) - powerpc/mm: Fix boot crash with FLATMEM (Michael Ellerman) - r8152: Check for unplug in r8153b_ups_en() / r8153c_ups_en() (Douglas Anderson) - r8152: Check for unplug in rtl_phy_patch_request() (Douglas Anderson) - net: chelsio: cxgb4: add an error code check in t4_load_phy_fw (Su Hui) - platform/mellanox: mlxbf-tmfifo: Fix a warning message (Liming Sun) - scsi: mpt3sas: Fix in error path (Tomas Henzl) - fbdev: uvesafb: Call cn_del_callback() at the end of uvesafb_exit() (Jorge Maidana) - drm/ttm: Reorder sys manager cleanup step (Karolina Stolarek) - ASoC: rt5650: fix the wrong result of key button (Shuming Fan) - netfilter: nfnetlink_log: silence bogus compiler warning (Florian Westphal) - spi: npcm-fiu: Fix UMA reads when dummy.nbytes == 0 (William A. Kennington III) - fs/ntfs3: Avoid possible memory leak (Su Hui) - fs/ntfs3: Fix directory element type detection (Gabriel Marcano) - fs/ntfs3: Fix NULL pointer dereference on error in attr_allocate_frame() (Konstantin Komarov) - fs/ntfs3: Fix possible NULL-ptr-deref in ni_readpage_cmpr() (Konstantin Komarov) - fs/ntfs3: Use kvmalloc instead of kmalloc(... __GFP_NOWARN) (Konstantin Komarov) - fs/ntfs3: Write immediately updated ntfs state (Konstantin Komarov) - fs/ntfs3: Add ckeck in ni_update_parent() (Konstantin Komarov) - fbdev: atyfb: only use ioremap_uc() on i386 and ia64 (Arnd Bergmann) - Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport (Dmitry Torokhov) - powerpc/85xx: Fix math emulation exception (Christophe Leroy) - dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe (Zhang Shurong) - irqchip/stm32-exti: add missing DT IRQ flag translation (Ben Wolsieffer) - irqchip/riscv-intc: Mark all INTC nodes as initialized (Anup Patel) - net: sched: cls_u32: Fix allocation size in u32_init() (Gustavo A. R. Silva) - ASoC: simple-card: fixup asoc_simple_probe() error handling (Kuninori Morimoto) - x86: Fix .brk attribute in linker script (Juergen Gross) - rpmsg: Fix possible refcount leak in rpmsg_register_device_override() (Hangyu Hua) - rpmsg: glink: Release driver_override (Bjorn Andersson) - rpmsg: Fix calling device_lock() on non-initialized device (Krzysztof Kozlowski) - rpmsg: Fix kfree() of static memory on setting driver_override (Krzysztof Kozlowski) - rpmsg: Constify local variable in field store macro (Krzysztof Kozlowski) - driver: platform: Add helper for safer setting of driver_override (Krzysztof Kozlowski) - objtool/x86: add missing embedded_insn check (John Sperbeck) - ext4: avoid overlapping preallocations due to overflow (Baokun Li) - ext4: fix BUG in ext4_mb_new_inode_pa() due to overflow (Baokun Li) - ext4: add two helper functions extent_logical_end() and pa_logical_end() (Baokun Li) - x86/mm: Fix RESERVE_BRK() for older binutils (Josh Poimboeuf) - x86/i8259: Skip probing when ACPI/MADT advertises PCAT compatibility (Thomas Gleixner) - gve: Fix GFP flags when allocing pages (Shailend Chand) - iio: afe: rescale: Accept only offset channels (Linus Walleij) - iio: afe: rescale: add offset support (Liam Beguin) - iio: afe: rescale: expose scale processing function (Liam Beguin) - iio: afe: rescale: reorder includes (Liam Beguin) - clk: Sanitize possible_parent_show to Handle Return Value of of_clk_get_parent_name (Alessandro Carminati) - sparc32: fix a braino in fault handling in csum_and_copy_..._user() (Al Viro) - perf/core: Fix potential NULL deref (Peter Zijlstra) - nvmem: imx: correct nregs for i.MX6UL (Peng Fan) - nvmem: imx: correct nregs for i.MX6SLL (Peng Fan) - nvmem: imx: correct nregs for i.MX6ULL (Peng Fan) - misc: fastrpc: Clean buffers on remote invocation failures (Ekansh Gupta) - tracing/kprobes: Fix the description of variable length arguments (Yujie Liu) - i2c: stm32f7: Fix PEC handling in case of SMBUS transfers (Alain Volmat) - i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() (Herve Codina) - i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() (Herve Codina) - i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() (Herve Codina) - iio: adc: xilinx-xadc: Correct temperature offset/scale for UltraScale (Robert Hancock) - iio: adc: xilinx-xadc: Don't clobber preset voltage/temperature thresholds (Robert Hancock) - iio: exynos-adc: request second interupt only when touchscreen mode is used (Marek Szyprowski) - kasan: print the original fault addr when access invalid shadow (Haibo Li) - i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR (Ivan Vecera) - gtp: fix fragmentation needed check with gso (Pablo Neira Ayuso) - gtp: uapi: fix GTPA_MAX (Pablo Neira Ayuso) - tcp: fix wrong RTO timeout when received SACK reneging (Fred Chen) - r8152: Release firmware if we have an error in probe (Douglas Anderson) - r8152: Cancel hw_phy_work if we have an error in probe (Douglas Anderson) - r8152: Run the unload routine if we have errors during probe (Douglas Anderson) - r8152: Increase USB control msg timeout to 5000ms as per spec (Douglas Anderson) - net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg (Shigeru Yoshida) - net: ieee802154: adf7242: Fix some potential buffer overflow in adf7242_stats_show() (Christophe JAILLET) - igc: Fix ambiguity in the ethtool advertising (Sasha Neftin) - neighbour: fix various data-races (Eric Dumazet) - igb: Fix potential memory leak in igb_add_ethtool_nfc_entry (Mateusz Palczewski) - treewide: Spelling fix in comment (Kunwu Chan) - r8169: fix the KCSAN reported data race in rtl_rx while reading desc->opts1 (Mirsad Goran Todorovac) - r8169: fix the KCSAN reported data-race in rtl_tx while reading TxDescArray[entry].opts1 (Mirsad Goran Todorovac) - r8169: fix the KCSAN reported data-race in rtl_tx() while reading tp->cur_tx (Mirsad Goran Todorovac) - drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper() (Lukasz Majczak) - vsock/virtio: initialize the_virtio_vsock before using VQs (Alexandru Matei) - vsock/virtio: add support for device suspend/resume (Stefano Garzarella) - vsock/virtio: factor our the code to initialize and delete VQs (Stefano Garzarella) - drm/i915/pmu: Check if pmu is closed before stopping event (Umesh Nerlige Ramappa) - nfsd: lock_rename() needs both directories to live on the same fs (Al Viro) - mm/migrate: fix do_pages_move for compat pointers (Gregory Price) - mm/page_alloc: correct start page when guard page debug is enabled (Kemeng Shi) - vhost: Allow null msg.size on VHOST_IOTLB_INVALIDATE (Eric Auger) - virtio_balloon: Fix endless deflation and inflation on arm64 (Gavin Shan) - mcb-lpc: Reallocate memory region to avoid memory overlapping (Rodriguez Barbarin, Jose Javier) - mcb: Return actual parsed size when reading chameleon table (Rodriguez Barbarin, Jose Javier) - mptcp: more conservative check for zero probes (Paolo Abeni) - tcp: cleanup tcp_remove_empty_skb() use (Eric Dumazet) - tcp: remove dead code from tcp_sendmsg_locked() (Eric Dumazet) - pinctrl: qcom: lpass-lpi: fix concurrent register updates (Krzysztof Kozlowski) - ASoC: codecs: wcd938x: fix runtime PM imbalance on remove (Johan Hovold) - ASoC: codecs: wcd938x: fix resource leaks on bind errors (Johan Hovold) - LTS version: v5.15.137 (Jack Vogel) - xfrm6: fix inet6_dev refcount underflow problem (Zhang Changzhong) - Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (Kees Cook) - Bluetooth: hci_sock: fix slab oob read in create_monitor_event (Edward AD) - phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (Tony Lindgren) - phy: mapphone-mdm6600: Fix runtime PM for remove (Tony Lindgren) - phy: mapphone-mdm6600: Fix runtime disable on probe (Tony Lindgren) - serial: 8250: omap: Move uart_write() inside PM section (Geert Uytterhoeven) - ASoC: pxa: fix a memory leak in probe() (Dan Carpenter) - gpio: vf610: set value before the direction to avoid a glitch (Haibo Chen) - platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (Hans de Goede) - platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (Hans de Goede) - platform/surface: platform_profile: Propagate error if profile registration fails (Armin Wolf) - s390/cio: fix a memleak in css_alloc_subchannel (Dinghao Liu) - selftests/ftrace: Add new test case which checks non unique symbol (Francis Laniel) - s390/pci: fix iommu bitmap allocation (Niklas Schnelle) - perf: Disallow mis-matched inherited group reads (Peter Zijlstra) - USB: serial: option: add Fibocom to DELL custom modem FM101R-GL (Puliang Lu) - USB: serial: option: add entry for Sierra EM9191 with new firmware (Benoit Monin) - USB: serial: option: add Telit LE910C4-WWX 0x1035 composition (Fabio Porcedda) - nvme-rdma: do not try to stop unallocated queues (Maurizio Lombardi) - nvme-pci: add BOGUS_NID for Intel 0a54 device (Keith Busch) - ACPI: irq: Fix incorrect return value in acpi_register_gsi() (Sunil V L) - pNFS: Fix a hang in nfs4_evict_inode() (Trond Myklebust) - Revert 'pinctrl: avoid unsafe code pattern in find_pinctrl()' (Andy Shevchenko) - mmc: core: Capture correct oemid-bits for eMMC cards (Avri Altman) - mmc: core: sdio: hold retuning if sdio in 1-bit mode (Haibo Chen) - mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (Pablo Sun) - mtd: physmap-core: Restore map_rom fallback (Geert Uytterhoeven) - mtd: spinand: micron: correct bitmask for ecc status (Martin Kurbanov) - mtd: rawnand: arasan: Ensure program page operations are successful (Miquel Raynal) - mtd: rawnand: marvell: Ensure program page operations are successful (Miquel Raynal) - mtd: rawnand: pl353: Ensure program page operations are successful (Miquel Raynal) - mtd: rawnand: qcom: Unmap the right resource upon probe failure (Bibek Kumar Patro) - net: fix ifname in netlink ntf during netns move (Jakub Kicinski) - net: move from strlcpy with unused retval to strscpy (Wolfram Sang) - net: introduce a function to check if a netdev name is in use (Antoine Tenart) - Bluetooth: hci_event: Fix using memcmp when comparing keys (Luiz Augusto von Dentz) - net/mlx5: Handle fw tracer change ownership event based on MTRC (Maher Sanalla) - platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (Renan Guilherme Lebre Ramos) - HID: multitouch: Add required quirk for Synaptics 0xcd7e device (Rahul Rameshbabu) - btrfs: error out when reallocating block for defrag using a stale transaction (Filipe Manana) - btrfs: error when COWing block from a root that is being deleted (Filipe Manana) - btrfs: error out when COWing block using a stale transaction (Filipe Manana) - btrfs: fix some -Wmaybe-uninitialized warnings in ioctl.c (Josef Bacik) - drm: panel-orientation-quirks: Add quirk for One Mix 2S (Kai Uwe Broulik) - ipv4/fib: send notify when delete source address routes (Hangbin Liu) - sky2: Make sure there is at least one frag_addr available (Kees Cook) - regulator/core: Revert 'fix kobject release warning and memory leak in regulator_register()' (Michal Miroslaw) - wifi: cfg80211: avoid leaking stack data into trace (Benjamin Berg) - wifi: mac80211: allow transmitting EAPOL frames with tainted key (Wen Gong) - wifi: cfg80211: Fix 6GHz scan configuration (Ilan Peer) - Bluetooth: hci_core: Fix build warnings (Luiz Augusto von Dentz) - Bluetooth: Avoid redundant authentication (Ying Hsu) - Bluetooth: btusb: add shutdown function for QCA6174 (Rocky Liao) - HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (Ma Ke) - wifi: iwlwifi: Ensure ack flag is properly cleared. (Ben Greear) - wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (Gustavo A. R. Silva) - tracing: relax trace_event_eval_update() execution with cond_resched() (Clement Leger) - ata: libata-eh: Fix compilation warning in ata_eh_link_report() (Damien Le Moal) - ata: libata-core: Fix compilation warning in ata_dev_config_ncq() (Damien Le Moal) - gpio: timberdale: Fix potential deadlock on &tgpio->lock (Chengfeng Ye) - overlayfs: set ctime when setting mtime and atime (Jeff Layton) - i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (Heiner Kallweit) - btrfs: initialize start_slot in btrfs_log_prealloc_extents (Josef Bacik) - btrfs: return -EUCLEAN for delayed tree ref with a ref count not equals to 1 (Filipe Manana) - fs-writeback: do not requeue a clean inode having skipped pages (Chunhai Guo) - ARM: dts: ti: omap: Fix noisy serial with overrun-throttle-ms for mapphone (Tony Lindgren) - ksmbd: not allow to open file if delelete on close bit is set (Namjae Jeon) - nfp: flower: avoid rmmod nfp crash issues (Yanguo Li) - mctp: perform route lookups under a RCU read-side lock (Jeremy Kerr) - mctp: Allow local delivery to the null EID (Jeremy Kerr) - powerpc/47x: Fix 47x syscall return crash (Michael Ellerman) - powerpc/32s: Do kuep_lock() and kuep_unlock() in assembly (Christophe Leroy) - powerpc/32s: Remove capability to disable KUEP at boottime (Christophe Leroy) - drm/atomic-helper: relax unregistered connector check (Simon Ser) - perf/x86/lbr: Filter vsyscall addresses (JP Kobryn) - iio: adc: ad7192: Correct reference voltage (Alisa-Dariana Roman) - iio: cros_ec: fix an use-after-free in cros_ec_sensors_push_data() (Tzung-Bi Shih) - iio: core: introduce iio_device_{claim|release}_buffer_mode() APIs (Nuno Sa) - iio: core: Hide read accesses to iio_dev->currentmode (Miquel Raynal) - iio: Un-inline iio_buffer_enabled() (Miquel Raynal) - serial: 8250_omap: Fix errors with no_console_suspend (Tony Lindgren) - serial: 8250: omap: Fix imprecise external abort for omap_8250_pm() (Tony Lindgren) - selftests/mm: fix awk usage in charge_reserved_hugetlb.sh and hugetlb_reparenting_test.sh that may cause error (Juntong Deng) - net: pktgen: Fix interface flags printing (Gavrilov Ilia) - netfilter: nf_tables: revert do not remove elements if set backend implements .abort (Pablo Neira Ayuso) - netfilter: nf_tables: do not remove elements if set backend implements .abort (Pablo Neira Ayuso) - netfilter: nft_set_rbtree: .deactivate fails if element has expired (Pablo Neira Ayuso) - neighbor: tracing: Move pin6 inside CONFIG_IPV6=y section (Geert Uytterhoeven) - bonding: Return pointer to data after pull on skb (Jiri Wiesner) - net: dsa: bcm_sf2: Fix possible memory leak in bcm_sf2_mdio_register() (Jinjie Ruan) - i40e: prevent crash on probe if hw registers have invalid values (Michal Schmidt) - net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (Dan Carpenter) - ipv4: fib: annotate races around nh->nh_saddr_genid and nh->nh_saddr (Eric Dumazet) - tun: prevent negative ifindex (Eric Dumazet) - tcp: tsq: relax tcp_small_queue_check() when rtx queue contains a single skb (Eric Dumazet) - tcp: fix excessive TLP and RACK timeouts from HZ rounding (Neal Cardwell) - net: rfkill: gpio: prevent value glitch during probe (Josua Mayer) - net: ipv6: fix return value check in esp_remove_trailer (Ma Ke) - net: ipv4: fix return value check in esp_remove_trailer (Ma Ke) - xfrm: interface: use DEV_STATS_INC() (Eric Dumazet) - xfrm: fix a data-race in xfrm_gen_index() (Eric Dumazet) - qed: fix LL2 RX buffer allocation (Manish Chopra) - ASoC: codecs: wcd938x: fix unbind tear down order (Johan Hovold) - ASoC: codecs: wcd938x: drop bogus bind error handling (Johan Hovold) - ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (Johan Hovold) - ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (Johan Hovold) - drm/i915: Retry gtt fault when out of fence registers (Ville Syrjala) - netfilter: nft_payload: fix wrong mac header matching (Florian Westphal) - fs/ntfs3: fix deadlock in mark_as_free_ex (Konstantin Komarov) - fs/ntfs3: fix panic about slab-out-of-bounds caused by ntfs_list_ea() (Zeng Heng) - fs/ntfs3: Fix possible null-pointer dereference in hdr_find_e() (Ziqi Zhao) - tcp: check mptcp-level constraints for backlog coalescing (Paolo Abeni) - x86/sev: Check for user-space IOIO pointing to kernel space (Joerg Roedel) [Orabug: 35959905] {CVE-2023-46813} - x86/sev: Check IOBM for IOIO exceptions from user-space (Joerg Roedel) [Orabug: 35959905] {CVE-2023-46813} - x86/sev: Disable MMIO emulation from user mode (Borislav Petkov (AMD)) - KVM: x86: Mask LVTPC when handling a PMI (Jim Mattson) - regmap: fix NULL deref on lookup (Johan Hovold) - nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (Krzysztof Kozlowski) - ice: reset first in crash dump kernels (Jesse Brandeburg) - ice: fix over-shifted variable (Jesse Brandeburg) - Bluetooth: avoid memcmp() out of bounds warning (Arnd Bergmann) - Bluetooth: hci_event: Fix coding style (Luiz Augusto von Dentz) - Bluetooth: vhci: Fix race when opening vhci device (Arkadiusz Bokowy) - Bluetooth: Fix a refcnt underflow problem for hci_conn (Ziyang Xuan) - Bluetooth: Reject connection with the device which has same BD_ADDR (Lee, Chun-Yi) [Orabug: 35959595] {CVE-2020-26555} - Bluetooth: hci_event: Ignore NULL link key (Lee, Chun-Yi) - xfs: don't expose internal symlink metadata buffers to the vfs (Darrick J. Wong) - Documentation: sysctl: align cells in second content column (Bagas Sanjaya) - lib/Kconfig.debug: do not enable DEBUG_PREEMPT by default (Hyeonggon Yoo) - LTS version: v5.15.136 (Jack Vogel) - eth: remove remaining copies of the NAPI_POLL_WEIGHT define (Jakub Kicinski) - usb: hub: Guard against accesses to uninitialized BOS descriptors (Ricardo Canuelo) - arm64: armv8_deprecated: fix unused-function error (Ren Zhijie) - arm64: armv8_deprecated: rework deprected instruction handling (Mark Rutland) - arm64: armv8_deprecated: move aarch32 helper earlier (Mark Rutland) - arm64: armv8_deprecated move emulation functions (Mark Rutland) - arm64: armv8_deprecated: fold ops into insn_emulation (Mark Rutland) - arm64: rework EL0 MRS emulation (Mark Rutland) - arm64: factor insn read out of call_undef_hook() (Mark Rutland) - arm64: factor out EL1 SSBS emulation hook (Mark Rutland) - arm64: split EL0/EL1 UNDEF handlers (Mark Rutland) - arm64: allow kprobes on EL0 handlers (Mark Rutland) - arm64: rework BTI exception handling (Mark Rutland) - arm64: rework FPAC exception handling (Mark Rutland) - arm64: consistently pass ESR_ELx to die() (Mark Rutland) - arm64: die(): pass 'err' as long (Mark Rutland) - arm64: report EL1 UNDEFs better (Mark Rutland) - powerpc/64e: Fix wrong test in __ptep_test_and_clear_young() (Christophe Leroy) - powerpc/8xx: Fix pte_access_permitted() for PAGE_NONE (Christophe Leroy) - dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (Duoming Zhou) - dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (Rex Zhang) - x86/alternatives: Disable KASAN in apply_alternatives() (Kirill A. Shutemov) - usb: cdnsp: Fixes issue with dequeuing not queued requests (Pawel Laszczak) - usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (Krishna Kurapati) - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (Piyush Mehta) - counter: microchip-tcb-capture: Fix the use of internal GCLK logic (Dharma Balasubiramani) - pinctrl: avoid unsafe code pattern in find_pinctrl() (Dmitry Torokhov) - cgroup: Remove duplicates in cgroup v1 tasks file (Michal Koutny) - tee: amdtee: fix use-after-free vulnerability in amdtee_close_session (Rijo Thomas) - Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case (Hans de Goede) - Input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table (Szilard Fabian) - Input: xpad - add PXN V900 support (Matthias Berndt) - Input: psmouse - fix fast_reconnect function for PS/2 mode (Jeffery Miller) - Input: powermate - fix use-after-free in powermate_config_complete (Javier Carrasco) - ceph: fix type promotion bug on 32bit systems (Dan Carpenter) - ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (Xiubo Li) - libceph: use kernel_connect() (Jordan Rife) - thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (Mika Westerberg) - thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge (Mika Westerberg) - mcb: remove is_added flag from mcb_device struct (Jorge Sanjuan Garcia) - x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (Borislav Petkov (AMD)) - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (Hans de Goede) - drm/amd/display: Don't set dpms_off for seamless boot (Daniel Miess) - drm/amdgpu: add missing NULL check (Christian Konig) - iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (Alexander Zangerl) - iio: pressure: dps310: Adjust Timeout Settings (Lakshmi Yadlapati) - iio: pressure: bmp280: Fix NULL pointer exception (Phil Elwell) - usb: musb: Modify the 'HWVers' register address (Xingxing Luo) - usb: musb: Get the musb_qh poniter after musb_giveback (Xingxing Luo) - usb: dwc3: Soft reset phy on probe for host (Thinh Nguyen) - net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (Javier Carrasco) - usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (Wesley Cheng) - xhci: Keep interrupt disabled in initialization until host is running. (Hongyu Xie) - dmaengine: stm32-mdma: abort resume if no ongoing transfer (Amelie Delaunay) - media: mtk-jpeg: Fix use after free bug due to uncanceled work (Zheng Wang) - workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask() (Waiman Long) - nfc: nci: assert requested protocol is valid (Jeremy Cline) - pinctrl: renesas: rzn1: Enable missing PINMUX (Ralph Siemsen) - net/smc: Fix pos miscalculation in statistics (Nils Hoppmann) - net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (Eric Dumazet) - net/mlx5e: Again mutually exclude RX-FCS and RX-port-timestamp (Will Mortensen) - ixgbe: fix crash with empty VF macvlan list (Dan Carpenter) - net: phy: mscc: macsec: reject PN update requests (Radu Pirea (NXP OSS)) - net: macsec: indicate next pn update when offloading (Radu Pirea (NXP OSS)) - bpf: Fix verifier log for async callback return values (David Vernet) - drm/vmwgfx: fix typo of sizeof argument (Konstantin Meskhidze) - riscv, bpf: Sign-extend return values (Bjorn Topel) - riscv, bpf: Factor out emit_call for kernel and bpf context (Pu Lehui) - xen-netback: use default TX queue size for vifs (Roger Pau Monne) - eth: remove copies of the NAPI_POLL_WEIGHT define (Jakub Kicinski) - mlxsw: fix mlxsw_sp2_nve_vxlan_learning_set() return type (Dan Carpenter) - ieee802154: ca8210: Fix a potential UAF in ca8210_probe (Dinghao Liu) - ravb: Fix use-after-free issue in ravb_tx_timeout_work() (Yoshihiro Shimoda) [Orabug: 35959875] {CVE-2023-35827} - ravb: Fix up dma_free_coherent() call in ravb_remove() (Yoshihiro Shimoda) - drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (Abhinav Kumar) - drm/msm/dsi: fix irq_of_parse_and_map() error checking (Dan Carpenter) - drm/msm/dsi: skip the wait for video mode done if not applicable (Abhinav Kumar) - drm/msm/dp: do not reinitialize phy unless retry during link training (Kuogee Hsieh) - KEYS: trusted: Remove redundant static calls usage (Sumit Garg) - KEYS: trusted: allow use of kernel RNG for key material (Ahmad Fatoum) - ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (WhaleChang) - HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (Hans de Goede) - platform/x86: hp-wmi:: Mark driver struct with __refdata to prevent section mismatch warning (Uwe Kleine-Konig) - platform/x86: think-lmi: Fix reference leak (Armin Wolf) - of: overlay: Reorder struct fragment fields kerneldoc (Geert Uytterhoeven) - perf/arm-cmn: Fix the unhandled overflow status of counter 4 to 7 (Jing Zhang) - RDMA/cxgb4: Check skb value for failure to allocate (Artem Chernyshev) - RDMA/srp: Do not call scsi_done() from srp_abort() (Bart Van Assche) - scsi: ib_srp: Call scsi_done() directly (Bart Van Assche) - scsi: core: Rename scsi_mq_done() into scsi_done() and export it (Bart Van Assche) - iommu/vt-d: Avoid memory allocation in iommu_suspend() (Zhang Rui) [5.15.0-203.135.1] - uek-rpm: Enable CONFIG_IPV6_SEG6_BPF in UEK7U2 (Harshit Mogalapalli) [Orabug: 35972825] - rds: ib: Make changes to fr_state global visible (Hakon Bugge) [Orabug: 35739203] - x86/cpu: Add Xeon Emerald Rapids to list of CPUs that support PPIN (Tony Luck) [Orabug: 35853636] - EDAC/i10nm: Add Intel Emerald Rapids server support (Qiuxu Zhuo) [Orabug: 35853636] - intel_idle: add Emerald Rapids Xeon support (Artem Bityutskiy) [Orabug: 35853636] - powercap: intel_rapl: add support for Emerald Rapids (Zhang Rui) [Orabug: 35853636] - perf/x86/intel/cstate: Add Emerald Rapids (Kan Liang) [Orabug: 35853636] - perf/x86/cstate: Add SAPPHIRERAPIDS_X CPU support (Zhang Rui) [Orabug: 35853636] - perf/x86/cstate: Add Raptor Lake support (Kan Liang) [Orabug: 35853636] - perf/x86/rapl: Add support for Intel Emerald Rapids (Zhang Rui) [Orabug: 35853636] - perf/x86/rapl: Add support for Intel Meteor Lake (Zhang Rui) [Orabug: 35853636] - perf/x86/rapl: Add support for Intel Raptor Lake (Zhang Rui) [Orabug: 35853636] - perf/x86/rapl: Add support for Intel AlderLake-N (Zhang Rui) [Orabug: 35853636] - platform/x86: intel-uncore-freq: add Emerald Rapids support (Artem Bityutskiy) [Orabug: 35853636] - platform/x86/intel/uncore-freq: Move to uncore-frequency folder (Srinivas Pandruvada) [Orabug: 35853636] - x86/cpu: Add CPU model numbers for Meteor Lake (Tony Luck) [Orabug: 35853636] - x86/cpu: Add new Raptor Lake CPU model number (Tony Luck) [Orabug: 35853636] - x86/cpu: Add new Alderlake and Raptorlake CPU model numbers (Tony Luck) [Orabug: 35853636] - x86/cpu: Drop spurious underscore from RAPTOR_LAKE #define (Tony Luck) [Orabug: 35853636] - x86/cpu: Add Raptor Lake to Intel family (Tony Luck) [Orabug: 35853636] - eth: bnxt: handle invalid Tx completions more gracefully (Jakub Kicinski) [Orabug: 36075753] - bonding: move IFLA_ARP_ALLSLAVES to the end of the enum list (Venkat Venkatsubra) [Orabug: 36083015] - bonding: add new option ns_ip6_target (Hangbin Liu) [Orabug: 36083015] - bonding: add new parameter ns_targets (Hangbin Liu) [Orabug: 36083015] - bonding: add extra field for bond_opt_value (Hangbin Liu) [Orabug: 36083015] - Bonding: split bond_handle_vlan from bond_arp_send (Hangbin Liu) [Orabug: 36083015] - ipv6: separate ndisc_ns_create() from ndisc_send_ns() (Hangbin Liu) [Orabug: 36083015] - uek-rpm: update all arch and OL kABI files for new symbols (Yifei Liu) [Orabug: 36090167] - xfs: try to avoid allocation blocking on busy extents (Mark Tinguely) [Orabug: 36096907] - iommu/amd: Do not flush IRTE when only updating isRun and destination fields (Suravee Suthikulpanit) [Orabug: 36101188] - tcp: Tunables for TCP delayed ack (min and max) timers (Venkat Venkatsubra) [Orabug: 36114420] - tcp: fix ambiguity for SACKed TLP retransmits with RTT < min_rtt (Neal Cardwell) [Orabug: 36114420] - vhost-scsi: add parentheses to macro of VHOST_SCSI_MAX_VQ (Dongli Zhang) [Orabug: 36119640] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2020-26555 CVE-2023-6111 CVE-2023-35827 CVE-2023-25775 CVE-2023-46813 CVE-2023-6622 cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:linux:8::UEKR7 cpe:/a:oracle:linux:9::UEKR7 cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 8 [8.0p1-19.0.1.2] - Update patches for CVE-2023-51385, CVE-2023-48795 [Orabug: 36256632] [8.0p1-19.2] - Forbid shell metasymbols in username/hostname Resolves: CVE-2023-51385 - Fix Terrapin attack Resolves: CVE-2023-48795 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-48795 CVE-2023-51385 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 cpe:/o:oracle:linux:8:9:baseos_patch cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 Oracle Linux 8 [4.18.0-513.18.0.1_9.OL8] - drivers: net: slip: fix NPD bug in sl_tx_timeout() {CVE-2022-41858} - nfp: fix use-after-free in area_cache_get() {CVE-2022-3545} - HID: check empty report_list in hid_validate_values() {CVE-2023-1073} - Fix double fget() in vhost_net_set_backend() {CVE-2023-1838} - can: af_can: fix NULL pointer dereference in can_rcv_filter {CVE-2023-2166} - net: sched: sch_qfq: Fix UAF in qfq_dequeue() {CVE-2023-4921} - perf: Disallow mis-matched inherited group reads {CVE-2023-5717} - perf/core: Fix potential NULL deref {CVE-2023-5717} - nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length {CVE-2023-6536 CVE-2023-6535 CVE-2023-6356} - nvmet-tcp: fix a crash in nvmet_req_complete() {CVE-2023-6536 CVE-2023-6535 CVE-2023-6356} - nvmet-tcp: remove boilerplate code {CVE-2023-6536 CVE-2023-6535 CVE-2023-6356} - nvmet-tcp: Fix the H2C expected PDU len calculation {CVE-2023-6536 CVE-2023-6535 CVE-2023-6356} - smb: client: fix potential OOB in cifs_dump_detail() {CVE-2023-6610} - smb: client: fix potential OOB in smb2_dump_detail() {CVE-2023-6610} - smb: client: fix OOB in smbCalcSize() {CVE-2023-6606} - net: tls, update curr on splice as well {CVE-2024-0646} - netfilter: nft_set_pipapo: skip inactive elements during set walk {CVE-2023-6817} - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb {CVE-2023-40283} - igb: set max size RX buffer when store bad packet is enabled {CVE-2023-45871} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-6536 CVE-2023-40283 CVE-2023-1073 CVE-2023-4921 CVE-2023-1838 CVE-2022-3545 CVE-2023-6606 CVE-2023-6817 CVE-2024-0646 CVE-2022-41858 CVE-2023-6356 CVE-2023-45871 CVE-2023-5717 CVE-2023-6535 CVE-2023-6610 CVE-2023-2166 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:9:baseos_patch cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [4.18.0-513.18.0.2.el8_9] - net/sched: sch_hfsc: Ensure inner classes have fsc curve {CVE-2023-4623} - net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve {CVE-2023-4623} - x86/sev: Check for user-space IOIO pointing to kernel space {CVE-2023-46813} - x86/sev: Check IOBM for IOIO exceptions from user-space {CVE-2023-46813} - x86/sev: Disable MMIO emulation from user mode {CVE-2023-46813} - RDMA/core: Fix resolve_prepare_src error cleanup {CVE-2023-2176} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-46813 CVE-2023-2176 CVE-2023-4623 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:9:baseos_patch cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 7 conmon [2.1.3-8] - address CVE-2023-39326 [2.1.3-7] - Resolve CVE-2023-39325 [2.1.3-6] - Add ol8_baseos_latest, and ol9_baseos_latest, to Jenkinsfile [2.1.3-5] - Add systemd-devel as build requirement [2.1.3-4] - Add support ARM build [2.1.3.3] - Add OL9 support [2.1.3.2] - Update inline with Linux team building conmon for all but OL7. [2.1.3-1] - Added build scripts cri-o [1.25.5-1] - Added Oracle Specifile Files for cri-o cri-tools [1.25.0-3] - Resolve CVE-2023-39326 [1.25.0-2] - Resolve CVE-2023-39325 [1.25.0-1] - Added Oracle Specific Build Files for cri-tools flannel-cni-plugin [1.0.1-4] - Resolve CVE-2023-39326 [1.0.1-3] - Resolve CVE-2023-44487 and CVE-2023-39325 [1.0.1-2] - Add support for Oracle Linux 9 [1.0.1-1] - Added Oracle specific build files for Flannel CNI Plugins helm [3.11.1-3] - address CVE-2023-39326 [3.11.1-2] - address CVE-2023-44487 and CVE-2023-39325 [3.11.1-1] - Added Oracle Specific build Files istio [1.16.7-3] - Updated Golang to 1.20.12 to address CVE CVE-2023-39326 [1.16.7-1] - Addresses CVE CVE-2023-35941, CVE-2023-35942, CVE-2023-35943, CVE-2023-35944. kata [1.12.1-17] - Include OL9 for kernel-uek-container (currently in UEKR7_developer_preview) [1.12.1-16] - Rebuild with golang 1.20.12 [1.12.1-15] - Updated for kubernetes 1.27 and 1.28 [1.12.1-14] - Updated to address CVE-2023-44487 and CVE-2023-39325 [1.12.1-13] - Rebuild kata to fix timestamp issue [1.12.1-12] - Add support for ARM build [1.12.1-11] - Add OL9 support [1.12.1-10] - Updated kata-runtime version to work with more versions of kvm_utils [1.21.1-9] - updated cri-o and cri-tools versions to support olcne-1.6.0 [1.12.1-7] - Updated kernel_uek_max and kernel_uek_container_max to 5.16 to support UEKR7 host and guest kernel. Note: installed kernel < 5.16. [1.12.1-6] - updated cri-o and cri-tools versions to support olcne-1.5.0 [1.12.1-5] - updated cri-o and cri-tools versions to support kubernetes-1.23 [1.12.1-4] - update kata-image versions - update kernel-uek-container version to kernel-uek-container-5.4.17-2136.306.1.3 [1.21.1-3] - Support k8s 1.21.6 - updated kernel-uek-container version - updated kata-image versions - added buildhost variable [1.12.1-2] - Golang 1.15.9 [1.12.1-1] - Updated to kata 1.12.1 - Updated guest kernel (kernel-uek-container) minimum version to UEK6U2 (5.4.17-2102.200.7) kata-agent [1.12.1-11] - Rebuild with -11 tag [1.12.1-10] - Updated Golang to 1.20.12 to address CVE CVE-2023-39326 [1.12.1-9] - Updated to address CVE-2023-44487 and CVE-2023-39325 [1.12.1-8] - Remove build_date global variable in kata-image specfile [1.12.1-7] - Add support for ARM build [1.12.1-6] - Add OL9 support [1.12.1-4] - Updated THIRD_PARTY_LICENSES.txt generated using pls attribution-helper [1.12.1-3] - updated golang version - added buildhost variable [1.12.1-2] - Golang 1.15.9 [1.12.1-1] - Added Oracle Specific Build Files for kata-agent kata-image [1.12.1-11] - Rebuild with -11 tag [1.12.1-10] - Updated Golang to 1.20.12 to address CVE CVE-2023-39326 [1.12.1-9] - Updated to address CVE-2023-44487 and CVE-2023-39325 [1.12.1-8] - Remove build_date global variable in specfile [1.12.1-7] - Add support for ARM build [1.12.1-6] - Restore OL7 and bump release [1.12.1-5] - Add support for Oracle Linux 9 [1.12.1-4] - build for kata-agent-1.12.1-4 [1.12.1-3] - updated golang version - added buildhost variable [1.12.1-2] - Golang 1.15.9 [1.12.1-1] - Added Oracle Specific Build Files for kata-image kata-ksm-throttler [1.12.1-11] - Rebuild with -11 tag [1.12.1-10] - Updated Golang to 1.20.12 to address CVE CVE-2023-39326 [1.12.1-9] - Updated to address CVE-2023-44487 and CVE-2023-39325 [1.12.1-8] - Bump release inline with other kata packages for fixing timestamp issue [1.12.1-7] - Add support for ARM build [1.12.1-6] - Bump releaase inline with others for reversion of removal of OL7. [1.12.1-5] - Add support for Oracle Linux 9 [1.12.1-4] - Updated THIRD_PARTY_LICENSES.txt generated using pls attribution-helper [1.12.1-3] - updated golang version - added buildhost variable [1.12.1-2] - Golang 1.15.9 [1.12.1-1] - Added Oracle Specific Build Files for kata-ksm-throttler kata-proxy [1.12.1-11] - Rebuild with -11 tag [1.12.1-10] - Updated Golang to 1.20.12 to address CVE CVE-2023-39326 [1.12.1-9] - Updated to address CVE-2023-44487 and CVE-2023-39325 [1.12.1-8] - Bump release inline with other kata packages for fixing timestamp issue [1.12.1-7] - Add support for ARM build [1.12.1-6] - Revert OL7 removal [1.12.1-5] - Add support for Oracle Linux 9 [1.12.1-4] - Updated THIRD_PARTY_LICENSES.txt generated using pls attribution-helper [1.12.1-3] - updated golang version - added buildhost variable [1.12.1-2] - Golang 1.15.9 [1.12.1-1] - Added Oracle Specific Build Files for kata-proxy kata-runtime [1.12.1-11] - Rebuild with -11 tag [1.12.1-10] - Updated Golang to 1.20.12 to address CVE CVE-2023-39326 [1.12.1-9] - Updated to address CVE-2023-44487 and CVE-2023-39325 [1.12.1-8] - Bump release inline with other kata packages for fixing timestamp issue [1.12.1-7] - Add support for ARM build [1.12.1-6] - Add OL9 support [1.12.1-5] - Updated qemu-kvm machine options to work with more versions of kvm_utils [1.12.1-4] - Updated THIRD_PARTY_LICENSES.txt generated using pls attribution-helper [1.12.1-3] - updated golang version - added buildhost variable [1.12.1-2] - Golang 1.15.9 [1.12.1-1] - Added Oracle Specific Files For kata-runtime kata-shim [1.12.1-11] - Rebuild with -11 tag [1.12.1-10] - Updated Golang to 1.20.12 to address CVE CVE-2023-39326 [1.12.1-9] - Updated to address CVE-2023-44487 and CVE-2023-39325 [1.12.1-8] - Bump release inline with other kata packages for fixing timestamp issue [1.12.1-7] - Add support for ARM build [1.12.1-6] - Bump releaase inline with others for reversion of removal of OL7. [1.12.1-5] - Add support for Oracle Linux 9 [1.12.1-4] - Updated THIRD_PARTY_LICENSES.txt generated using pls attribution-helper [1.12.1-3] - updated golang version - added buildhost variable [1.12.1-2] - Golang 1.15.9 [1.12.1-1] - Added Oracle Specific Build Files for kata-shim kubernetes [1.25.15-2] - Address CVE-2023-39326 by upgrading golang to 1.20.12 [1.25.15-1] - Added Oracle specific build files for Kubernetes kubernetes-cni [1.0.1-4] - address CVE-2023-39326 [1.0.1-3] - Resolve CVE-2023-44487 and CVE-2023-39325 [1.0.1-2] - Updated THIRD_PARTY_LICENSES.txt generated using pls attribution-helper [1.0.1-1] - Added Oracle specific build files for Kubernetes CNI kubernetes-cni-plugins [1.0.1-5] - address CVE-2023-39326 [1.0.1-3] - Resolve CVE-2023-44487 and CVE-2023-39325 [1.0.1-3] - Updated THIRD_PARTY_LICENSES.txt generated using pls attribution-helper [1.0.1-2] - Add flannel-cni-plugins as a dependency [1.0.1-1] - Added Oracle specific build files for Kubernetes CNI Plugins olcne [1.6.6-3] - Fixed pod-network:calico update [1.6.6-2] - Added conmon resource to kubernetes module [1.6.6-1] - Rebuilt modules, and components, with golang 1.20.12 to address CVE-2023-39326 - Updated CRI-O to v1.25.5 [1.6.5-9] - Mark container-registry as updatable [1.6.5-9] - update metallb 0.12.1 to address CVE-2023-44487 and CVE-2023-39325 [1.6.5-8] - Update externalip-webhook 1.0.0-3 to address CVE-2023-44487, CVE-2023-39325 [1.6.5-7] - Update multus-cni 3.9.3 to address CVE-2023-44487 and CVE-2023-39325 [ - 1.6.5-6] - Update rook-1.10.9 to address CVE-2023-44487, CVE-2023-39325 [1.6.5-5] - Update Istio, Grafana, Prometheus, and Kubernetes-dashboard to address CVE's - CVE-2023-44487 - CVE-2023-39325 [1.6.5-4] - Update kubernetes and components to address golang CVE-2023-44487, CVE-2023-39325 [1.6.5-3] - update configmap-registry to 1.28.0 to address CVE-2023-44487 and CVE-2023-39325 [1.6.5-2] - Update kubevirt 0.58.0 to address CVE-2023-44487 and CVE-2023-39325 [1.6.5-1] - Update calico image versions to address golang CVE-2023-44487, CVE-2023-39325 [1.6.4-1] - Fix GetNodeByAddr string comparison - hostnames case insensitve comparison [1.6.3-1] - Add Istio-1.16.7 to address CVE's - CVE-2023-35941 - CVE-2023-35942 - CVE-2023-35943 - CVE-2023-35944 [1.6.2-1] - CVE-2023-2727, CVE-2023-2728 Kubernetes upgraded to 1.25.11 - Add all modules to registry-image-helper - update yq to 4.x [1.6.1-9] - Updated the CVE ID's in Istio-1.16.4 changelog entry [1.6.1-8] - Update Istio config to include 1.15.7 to support upgrade from 1.5.x to 1.6.x [1.6.1-7] - Bugfix:Append a slash in oci-instance-metada query url [1.6.1-6] - Fixed helm installation in OLCNE upgrade [1.6.1-5] - Deprecate oci-private-key <path-on-control-plane-nodes> in favour of oci-private-key-file <path-on-operatpr-node> - Updated olcne_version argument in olcnectl provision to support <major.minor.patch> [1.6.1-4] - Update Istio version to 1.16.4 to address CVE's - CVE-2023-27496 - CVE-2023-27488 - CVE-2023-27493 - CVE-2023-27492 - CVE-2023-27491 - CVE-2023-27487 [1.6.1-3] - Resolved the issue to install multiple network cards using multus [1.6.1-2] - Update kubelet for upstream runc misc cgroups patch [1.6.1-1] - Fix the bug olcnectl provision fails if ol8_developer does not exist [1.6.0-4] - Removed PodSecurityPolicy from the Grafana Helm chart due to the removal of the API in Kubernetes 1.25 - Fixed an issue where creating an instance of the Istio module without Helm already installed would fail [1.6.0-3] - Move template to olcne-api-server and provide default calico config [1.6.0-2] - Update KubeVirt version to 0.58.0 [1.6.0-1] - Update Kubernetes version to 1.25.7 - Update Helm version to 3.11.1 - Update Istio version to 1.16.2 - Add Calico CNI 3.25 - Add Multus CNI 3.9.3 - Technical preview for KubeVirt 0.52.0 - Technical preview for Rook 1.10.9 - Add subcommand to olcnectl that lists version information for modules - Add support for --control-plane-nodes argument to the Kubernetes module for specifying control plane nodes - olcnectl provision can now update existing module instances - Deprecate Helm module in favor of automatically installing Helm with Kubernetes - Deprecate --master-nodes argument to the Kubernetes module - Deprecate Kata container runtime - Deprecate Flannel CNI - Deprecate GlusterFS CSI Driver [1.5.11-1] - Expose metrics endpoints for kube-system services - Support installation with or without firewalld running - Open port 9100 on nodes when installing Kubernetes module - Make disable swap persist after reboot of control plane node [1.5.10-2] - Update istio to 1.15.3 to address Istio CVE-2022-392787 [1.5.9-1] - Fix a regression during provisioning where arguments for the externalip restriction webhook are handled incorrectly [1.5.8-4] - Fix 1.21 kubernetes version to align with last upstream release [1.5.8-3] - Increase timeout value for update module [1.5.8-2] - Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.24 - Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.23 - Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.22 - Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.21 [1.5.8-1] - Improve error reporting and logging when using olcnectl provision - Environment creation is now idempotent [1.5.7-6] - Unpinned podman for OL7 [1.5.7-5] - Updated the kubernetes-dashboard version to v2.5.1 in the registry-image-helper.sh script for kubernetes-1.24.5 [1.5.7-4] - Upgraded helm-3.7.1 to 3.9.4 [1.5.7-3] - Resolved kubernetes-1.22.14 upgrade issue [1.5.7-1] - Upgrade Kubernetes to 1.24.5 - Upgrade Istio to 1.14.3 - Update OCI-CCM to 1.24.0 for kubernetes 1.24 - Update kubernetes-dashboard to v2.5.1 - Added support for custom profiles to the Istio module - Added support for multiple instances of the Istio module with independent profiles - Implemented automation within olcnectl for provisioning of Platform components and modules for existing compute resources [1.5.6-1] - Upgraded kubernetes-1.23.7 to 1.23.11, 1.22.8 to 1.22.14 and 1.21.6 to 1.21.14 - Resolve Kubernetes CVE-2022-3172 for version 1.21 - Resolve Kubernetes CVE-2022-3172 for version 1.22 - Resolve Kubernetes CVE-2022-3172 for version 1.23 [1.5.5-1] - Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045 [1.5.4-3] - Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over [1.5.4-2] - Istio CVE-2022-31045, CVE-2022-29225, CVE-2022-29224,CVE-2022-29226,CVE-2022-29228,CVE-2022-29227 [1.5.4-1] - Upgrade Kubernetes to 1.23.7 [1.5.3-1] - Address qemu CVE-2022-26353, CVE-2021-3748 [1.5.2-1] - Excluded unnecessary directories from k8s backup files [1.5.1-1] - Fixed the bug in fetching node metadata for non-cloud nodes [1.5.0-2] - Upgrade Helm to 3.7.1-2 [1.5.0-2] - fix null pointer exception in systemd service state validation [1.5.0-1] - Introduce support for compact Kubernetes clusters - Introduce MetalLB - Introduce Oracle Cloud Infrastructure Cloud Controller Manager - Improved log messages in Platform API Server and Platform Agent - Upgrade Kubernetes to 1.22.8 - Upgrade Istio to 1.13.2 - Renamed the oci-csi module to oci-ccm [1.5.0-20.alpha] - Update istio-1.13.2 grafana to 7.5.15 [1.5.0-14.alpha] - Metallb fix [1.5.0-11.alpha] - Remove module directories when olcne rpm is uninstalled [1.5.0-10.alpha] - OCI CCM 0.13.0 [1.5.0-9.alpha] - Reworked log messages [1.5.0-8.alpha] - Update Istio to 1.13.2(prometheus-2.31.1, grafana-8.4.6) [1.5.0-7.alpha] - Update Istio to 1.12.6(prometheus-2.30.1, grafana-7.5.15) [1.5.0-6.alpha] - Update to k8s 1.22 with golang 1.17 [1.5.0-5.alpha] - Update internal docs for oci-ccm module [1.5.0-4.alpha] - Extend oci-ccm module to support load balancer [1.5.0-3.alpha] - Firewall pre-req [1.5.0-2.alpha] - Ensure that config map settings needed by metallb is preserved during k8s upgrade [1.5.0-1.alpha] - Metallb module [1.4.1-14] - Added 1.4 extra images to registry-image-helper.sh script [1.4.1-13] - Update sudoers file and changed its permissions to '0440' [1.4.1-12] - Update olcne-kubernetes.md file for 'compact' flag [1.4.1-11] - Ensure that the order of items in an upgraded config file is stable with respect to the original file [1.4.1-10] - Ensure that old olcnectl config files are upgraded [1.4.1-9] - Rename oci-csi module to oci-ccm and add support for oci-ccm loadbalancer creation [1.4.1-8] - Make 'compact' flag updatable [1.4.1-7] - Introduce 'compact' that enables control-plane nodes to run any workloads [1.4.1-6] - Ability to label 1 or more kubernetes nodes [1.4.1-5] - Fixed a bug where specifying a port in the container-registry argument to the Kubernetes module would result in pods not being able to start. [1.4.1-4] - Update helm to 3.7.1 [1.4.1-3] - Update versions to Istio-1.12.2, prometheus-2.31.1 and grafana-7.5.11 [1.4.1-2] - Allow loadbalancer to be configured regardless of security list mode [1.4.0-4] - Fix bug in initialising certs manager when environment name not mentioned [1.4.0-3] - Fix bug in fetching report for multi-environment [1.4.0-2] - Pause image is 3.4.1 [1.4.0-1] - CSI plugin - Reports feature - Kubernetes-1.20.6 to Kubernetes-1.21.6 upgrade - Istio-1.9.4 to Istio-1.11.4 upgrade - Component upgrades - Config file feature [1.3.0-13] - Fix iptables issue when running on OL7 host using OL8 image [1.3.0-12] - Address CVE's ISTIO-SECURITY-2021-003, ISTIO-SECURITY-2021-005, ISTIO-SECURITY-2021-006, ISTIO-SECURITY-2021-007 [1.3.0-11] - Fixed yaml file to stop olcne-nginx and keepalived services at uninstall [Orabug: 32296282] [1.3.0-10] - Fixed missing double semicolon in registry image helper [1.3.0-9] yq [4.34.1-4] - Update Golang to 1.20.12 to address CVE-2023-39326 [4.34.1-3] - address CVE-2023-44487 and CVE-2023-3932A [4.34.1-2] - Add support for ARM build [4.34.1-1] - Added Oracle specific build files IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-39326 cpe:/a:oracle:linux:7::olcne16 Oracle Linux 8 conmon [2.1.3-8] - address CVE-2023-39326 cri-o [1.25.5-1] - Added Oracle Specifile Files for cri-o cri-tools [1.25.0-3] - Resolve CVE-2023-39326 flannel-cni-plugin [1.0.1-4] - Resolve CVE-2023-39326 helm [3.11.1-3] - address CVE-2023-39326 istio [1.16.7-3] - Updated Golang to 1.20.12 to address CVE CVE-2023-39326 kata [1.12.1-17] - Include OL9 for kernel-uek-container (currently in UEKR7_developer_preview) kata-agent [1.12.1-11] - Rebuild with -11 tag [1.12.1-10] - Updated Golang to 1.20.12 to address CVE CVE-2023-39326 kata-image [1.12.1-11] - Rebuild with -11 tag [1.12.1-10] - Updated Golang to 1.20.12 to address CVE CVE-2023-39326 kata-ksm-throttler [1.12.1-11] - Rebuild with -11 tag [1.12.1-10] - Updated Golang to 1.20.12 to address CVE CVE-2023-39326 kata-proxy [1.12.1-11] - Rebuild with -11 tag [1.12.1-10] - Updated Golang to 1.20.12 to address CVE CVE-2023-39326 kata-runtime [1.12.1-11] - Rebuild with -11 tag [1.12.1-10] - Updated Golang to 1.20.12 to address CVE CVE-2023-39326 kata-shim [1.12.1-11] - Rebuild with -11 tag [1.12.1-10] - Updated Golang to 1.20.12 to address CVE CVE-2023-39326 kubernetes [1.25.15-2] - Address CVE-2023-39326 by upgrading golang to 1.20.12 kubernetes-cni [1.0.1-4] - address CVE-2023-39326 kubernetes-cni-plugins [1.0.1-5] - address CVE-2023-39326 olcne [1.6.6-3] - Fixed pod-network:calico update yq [4.34.1-4] - Update Golang to 1.20.12 to address CVE-2023-39326 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-39326 cpe:/a:oracle:linux:8::ocne cpe:/a:oracle:linux:8::olcne16 cpe:/a:oracle:linux:8::olcne17 cpe:/a:oracle:linux:8::olcne18 cpe:/a:oracle:linux:8::olcne19 Oracle Linux 8 buildah cockpit-podman conmon containernetworking-plugins containers-common container-selinux criu crun fuse-overlayfs libslirp oci-seccomp-bpf-hook podman [2:4.0.2-26] - rebuild with golang 1.20.12 for CVE-2023-39326 python-podman runc [1:1.1.12-1.0.1] - rebuild with golang 1.20.12 for CVE-2023-39326 skopeo slirp4netns udica MODERATE Copyright 2024 Oracle, Inc. CVE-2023-39326 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 6 Oracle Linux 7 [4.1.12-124.83.2] - Input: add bounds checking to input_set_capability() (Jeff LaBundy) [Orabug: 36192120] {CVE-2022-48619} - netfilter: ctnetlink: fix possible refcount leak in ctnetlink_create_conntrack() (Hangyu Hua) [Orabug: 36155598] {CVE-2023-7192} [4.1.12-124.83.1] - ext4: improve error recovery code paths in __ext4_remount() (Theodore Ts'o) [Orabug: 36229451] {CVE-2024-0775} - atm: Fix Use-After-Free in do_vcc_ioctl (Hyunwoo Kim) [Orabug: 36229396] {CVE-2023-51780} - Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails (Thadeu Lima de Souza Cascardo) [Orabug: 36229182] {CVE-2021-34981} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-51780 CVE-2024-0775 CVE-2023-7192 CVE-2022-48619 CVE-2021-34981 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 8 Oracle Linux 9 [5.15.0-204.147.6.2] - smb3: Replace smb2pdu 1-element arrays with flex-arrays (Kees Cook) [Orabug: 36353543] - hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed (Shradha Gupta) [Orabug: 36358874] - hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove (Souradeep Chakrabarti) - hv_netvsc: Calculate correct ring size when PAGE_SIZE is not 4 Kbytes (Michael Kelley) - netfilter: ipset: Missing gc cancellations fixed (Jozsef Kadlecsik) - netfilter: ipset: fix performance regression in swap operation (Jozsef Kadlecsik) - netfilter: nft_set_rbtree: skip end interval element from gc (Pablo Neira Ayuso) - netfilter: nf_tables: set dormant flag on hook register failure (Florian Westphal) [5.15.0-204.147.6.1] - arm64: Minimize tlb flush due to vttbr writes on AmpereOne (Ganapatrao Kulkarni) [Orabug: 36359078] [5.15.0-204.147.6] - keys, dns: Fix size check of V1 server-list header (David Howells) - net/rds: Supporting SIOCOUTQ to read pending sends (Devesh Sharma) [Orabug: 34460809] - KVM: x86: smm: preserve interrupt shadow in SMRAM (Maxim Levitsky) [Orabug: 36171472] [5.15.0-204.147.5] - tcp: fix excessive TLP and RACK timeouts from HZ rounding (Neal Cardwell) [Orabug: 36289786] - uek-rpm: Make few builtin options to modules back -- hardening (Harshit Mogalapalli) [Orabug: 36196579] - iommufd/iova_bitmap: Consider page offset for the pages to be pinned (Joao Martins) [Orabug: 36197723] - iommufd/iova_bitmap: Handle recording beyond the mapped pages (Joao Martins) [Orabug: 36197723] - iommufd/iova_bitmap: Switch iova_bitmap::bitmap to an u8 array (Joao Martins) [Orabug: 36197723] - iommufd/iova_bitmap: Bounds check mapped::pages access (Joao Martins) [Orabug: 36197723] - Revert 'iommu/amd: Improve dirty read io-pgtable walker' (Joao Martins) [Orabug: 36197723] [5.15.0-204.147.4] - uek-rpm: Disable MCORE2 in container kernel configs (Harshit Mogalapalli) [Orabug: 36267828] - md: fix regression for null-ptr-deference in __md_stop() (Yu Kuai) [Orabug: 36230125] - md: Free resources in __md_stop (Xiao Ni) [Orabug: 36230125] - md: Change active_io to percpu (Xiao Ni) [Orabug: 36230125] - md: Factor out is_md_suspended helper (Xiao Ni) [Orabug: 36230125] - hwmon: (opbmc) E6/AST2600 platform enabled (Jan Zdarek) [Orabug: 36222931] [5.15.0-204.147.3] - Revert 'tcp: fix excessive TLP and RACK timeouts from HZ rounding' (Sherry Yang) [Orabug: 36241828] - mm: avoid heavy swap lock contention when unmapping with padata (Anthony Yznaga) [Orabug: 36073084] - mm: use less threads when unmapping some large VMAs (Anthony Yznaga) [Orabug: 36073084] - crypto: qat - add NULL pointer check (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - fix mutex ordering in adf_rl (Damian Muszynski) [Orabug: 36156923] - crypto: qat - fix error path in add_update_sla() (Damian Muszynski) [Orabug: 36156923] - crypto: qat - add sysfs_added flag for rate limiting (Damian Muszynski) [Orabug: 36156923] - crypto: qat - add sysfs_added flag for ras (Damian Muszynski) [Orabug: 36156923] - crypto: qat - prevent underflow in rp2srv_store() (Dan Carpenter) [Orabug: 36156923] - Documentation: ABI: debugfs-driver-qat: fix fw_counters path (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - move adf_cfg_services (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - add num_rps sysfs attribute (Ciunas Bennett) [Orabug: 36156923] - crypto: qat - add rp2svc sysfs attribute (Ciunas Bennett) [Orabug: 36156923] - crypto: qat - add rate limiting sysfs interface (Ciunas Bennett) [Orabug: 36156923] - crypto: qat - add rate limiting feature to qat_4xxx (Damian Muszynski) [Orabug: 36156923] - units: add missing header (Andy Shevchenko) [Orabug: 36156923] - units: Add BYTES_PER_*BIT (Damian Muszynski) [Orabug: 36156923] - crypto: qat - add retrieval of fw capabilities (Damian Muszynski) [Orabug: 36156923] - crypto: qat - add bits.h to icp_qat_hw.h (Damian Muszynski) [Orabug: 36156923] - crypto: qat - move admin api (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - fix ring to service map for QAT GEN4 (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - use masks for AE groups (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - refactor fw config related functions (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - count QAT GEN4 errors (Shashank Gupta) [Orabug: 36156923] - crypto: qat - add error counters (Shashank Gupta) [Orabug: 36156923] - crypto: qat - add handling of errors from ERRSOU3 for QAT GEN4 (Shashank Gupta) [Orabug: 36156923] - crypto: qat - add adf_get_aram_base() helper function (Shashank Gupta) [Orabug: 36156923] - crypto: qat - add handling of compression related errors for QAT GEN4 (Shashank Gupta) [Orabug: 36156923] - crypto: qat - add handling of errors from ERRSOU2 for QAT GEN4 (Shashank Gupta) [Orabug: 36156923] - crypto: qat - add reporting of errors from ERRSOU1 for QAT GEN4 (Shashank Gupta) [Orabug: 36156923] - crypto: qat - add reporting of correctable errors for QAT GEN4 (Shashank Gupta) [Orabug: 36156923] - crypto: qat - add infrastructure for error reporting (Shashank Gupta) [Orabug: 36156923] - crypto: qat - fix double free during reset (Svyatoslav Pankratov) [Orabug: 36156923] - crypto: qat - add cnv_errors debugfs file (Lucas Segarra Fernandez) [Orabug: 36156923] - crypto: qat - add pm_status debugfs file (Lucas Segarra Fernandez) [Orabug: 36156923] - crypto: qat - refactor included headers (Lucas Segarra Fernandez) [Orabug: 36156923] - crypto: qat - add namespace to driver (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - Remove zlib-deflate (Herbert Xu) [Orabug: 36156923] - crypto: qat - enable dc chaining service (Adam Guerin) [Orabug: 36156923] - crypto: qat - consolidate services structure (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - fix unregistration of compression algorithms (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - fix unregistration of crypto algorithms (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - ignore subsequent state up commands (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - do not shadow error code (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - fix state machines cleanup paths (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - refactor deprecated strncpy (Justin Stitt) [Orabug: 36156923] - crypto: qat - Use list_for_each_entry() helper (Jinjie Ruan) [Orabug: 36156923] - crypto: qat - fix crypto capability detection for 4xxx (Adam Guerin) [Orabug: 36156923] - crypto: qat - Remove unused function declarations (Yue Haibing) [Orabug: 36156923] - crypto: qat - use kfree_sensitive instead of memset/kfree() (Yang Yingliang) [Orabug: 36156923] - crypto: qat - replace the if statement with min() (You Kangren) [Orabug: 36156923] - crypto: qat - add heartbeat counters check (Damian Muszynski) [Orabug: 36156923] - crypto: qat - add heartbeat feature (Damian Muszynski) [Orabug: 36156923] - crypto: qat - add measure clock frequency (Damian Muszynski) [Orabug: 36156923] - crypto: qat - drop obsolete heartbeat interface (Damian Muszynski) [Orabug: 36156923] - crypto: qat - add internal timer for qat 4xxx (Damian Muszynski) [Orabug: 36156923] - crypto: qat - add fw_counters debugfs file (Lucas Segarra Fernandez) [Orabug: 36156923] - crypto: qat - change value of default idle filter (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - do not export adf_init_admin_pm() (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - expose pm_idle_enabled through sysfs (Lucas Segarra Fernandez) [Orabug: 36156923] - crypto: qat - extend configuration for 4xxx (Adam Guerin) [Orabug: 36156923] - Documentation: qat: change kernel version (Meadhbh) [Orabug: 36156923] - Documentation: qat: rewrite description (Bagas Sanjaya) [Orabug: 36156923] - Documentation: qat: Use code block for qat sysfs example (Bagas Sanjaya) [Orabug: 36156923] - crypto: qat - refactor fw config logic for 4xxx (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - make fw images name constant (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - move returns to default case (Adam Guerin) [Orabug: 36156923] - crypto: qat - update slice mask for 4xxx devices (Karthikeyan Gopal) [Orabug: 36156923] - crypto: qat - set deprecated capabilities as reserved (Karthikeyan Gopal) [Orabug: 36156923] - crypto: qat - add missing function declaration in adf_dbgfs.h (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - move dbgfs init to separate file (Damian Muszynski) [Orabug: 36156923] - crypto: qat - Move driver to drivers/crypto/intel/qat (Tom Zanussi) [Orabug: 36156923] - crypto: qat - drop redundant adf_enable_aer() (Bjorn Helgaas) [Orabug: 36156923] - crypto: qat - simplify adf_enable_aer() (Uwe Kleine-Konig) [Orabug: 36156923] - crypto: qat - fix apply custom thread-service mapping for dc service (Shashank Gupta) [Orabug: 36156923] - crypto: qat - add support for 402xx devices (Damian Muszynski) [Orabug: 36156923] - crypto: qat - make state machine functions static (Shashank Gupta) [Orabug: 36156923] - crypto: qat - refactor device restart logic (Shashank Gupta) [Orabug: 36156923] - crypto: qat - replace state machine calls (Shashank Gupta) [Orabug: 36156923] - crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (Shashank Gupta) [Orabug: 36156923] - crypto: qat - fix concurrency issue when device state changes (Shashank Gupta) [Orabug: 36156923] - crypto: qat - expose device config through sysfs for 4xxx (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - delay sysfs initialization (Shashank Gupta) [Orabug: 36156923] - crypto: qat - Include algapi.h for low-level Crypto API (Herbert Xu) [Orabug: 36156923] - crypto: qat - Use request_complete helpers (Herbert Xu) [Orabug: 36156923] - crypto: qat - add qat_zlib_deflate (Lucas Segarra Fernandez) [Orabug: 36156923] - crypto: qat - extend buffer list logic interface (Lucas Segarra Fernandez) [Orabug: 36156923] - crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (Meadhbh Fitzpatrick) [Orabug: 36156923] - crypto: qat - add limit to linked list parsing (Adam Guerin) [Orabug: 36156923] - crypto: qat - add check to validate firmware images (Srinivas Kerekare) [Orabug: 36156923] - crypto: qat - relocate and rename adf_sriov_prepare_restart() (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - change behaviour of adf_cfg_add_key_value_param() (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - Removes the x86 dependency on the QAT drivers (Yoan Picchi) [Orabug: 36156923] - crypto: qat - Fix unsigned function returning negative constant (Haowen Bai) [Orabug: 36156923] - crypto: qat - remove line wrapping for pfvf_ops functions (Marco Chiappero) [Orabug: 36156923] - crypto: qat - use u32 variables in all GEN4 pfvf_ops (Marco Chiappero) [Orabug: 36156923] - crypto: qat - replace disable_vf2pf_interrupts() (Marco Chiappero) [Orabug: 36156923] - crypto: qat - leverage the GEN2 VF mask definiton (Marco Chiappero) [Orabug: 36156923] - crypto: qat - rework the VF2PF interrupt handling logic (Marco Chiappero) [Orabug: 36156923] - crypto: qat - fix off-by-one error in PFVF debug print (Marco Chiappero) [Orabug: 36156923] - crypto: qat - fix wording and formatting in code comment (Marco Chiappero) [Orabug: 36156923] - crypto: qat - test PFVF registers for spurious interrupts on GEN4 (Marco Chiappero) [Orabug: 36156923] - crypto: qat - add check for invalid PFVF protocol version 0 (Wojciech Ziemba) [Orabug: 36156923] - crypto: qat - add missing restarting event notification in VFs (Marco Chiappero) [Orabug: 36156923] - crypto: qat - remove unnecessary tests to detect PFVF support (Marco Chiappero) [Orabug: 36156923] - crypto: qat - remove unused PFVF stubs (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - remove unneeded braces (Marco Chiappero) [Orabug: 36156923] - crypto: qat - fix ETR sources enabled by default on GEN2 devices (Marco Chiappero) [Orabug: 36156923] - crypto: qat - stop using iommu_present() (Robin Murphy) [Orabug: 36156923] - crypto: qat - remove unneeded assignment (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - don't cast parameter in bit operations (Andy Shevchenko) [Orabug: 36156923] - Revert 'selftests/bpf: Test tail call counting with bpf2bpf and data on stack' (Samasth Norway Ananda) [Orabug: 36204961] - netfilter: nf_tables: check if catch-all set element is active in next generation (Pablo Neira Ayuso) [Orabug: 36250951] {CVE-2024-1085} [5.15.0-204.147.2] - LTS version: v5.15.147 (Vijayendra Suman) - net: usb: ax88179_178a: move priv to driver_priv (Justin Chen) - net: usb: ax88179_178a: remove redundant init code (Justin Chen) - tracing/kprobes: Fix symbol counting logic by looking at modules as well (Andrii Nakryiko) - kallsyms: Make module_kallsyms_on_each_symbol generally available (Jiri Olsa) - netfilter: nf_tables: Reject tables of unsupported family (Phil Sutter) - perf inject: Fix GEN_ELF_TEXT_OFFSET for jit (Adrian Hunter) - ipv6: remove max_size check inline with ipv4 (Jon Maxwell) - net: tls, update curr on splice as well (John Fastabend) - mmc: sdhci-sprd: Fix eMMC init failure after hw reset (Wenchao Chen) - mmc: core: Cancel delayed work before releasing host (Geert Uytterhoeven) - mmc: rpmb: fixes pause retune on all RPMB partitions. (Jorge Ramirez-Ortiz) - mmc: meson-mx-sdhc: Fix initialization frozen issue (Ziyang Huang) - mm: fix unmap_mapping_range high bits shift bug (Jiajun Xie) - x86/kprobes: fix incorrect return address calculation in kprobe_emulate_call_indirect (Jinghao Jia) - firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards (Takashi Sakamoto) - mm/memory-failure: check the mapcount of the precise page (Matthew Wilcox (Oracle)) - selftests: secretmem: floor the memory size to the multiple of page_size (Muhammad Usama Anjum) - net: Implement missing SO_TIMESTAMPING_NEW cmsg support (Thomas Lange) - bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters() (Michael Chan) - asix: Add check for usbnet_get_endpoints (Chen Ni) - octeontx2-af: Re-enable MAC TX in otx2_stop processing (Naveen Mamindlapalli) - octeontx2-af: Always configure NIX TX link credits based on max frame size (Naveen Mamindlapalli) - octeontx2-af: Set NIX link credits based on max LMAC (Sunil Goutham) - octeontx2-af: Don't enable Pause frames by default (Hariprasad Kelam) - net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues (Dinghao Liu) - igc: Fix hicredit calculation (Rodrigo Cataldo) - i40e: Restore VF MSI-X state during PCI reset (Andrii Staikov) - ASoC: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux (Mark Brown) - ASoC: meson: g12a-toacodec: Fix event generation (Mark Brown) - ASoC: meson: g12a-tohdmitx: Validate written enum values (Mark Brown) - ASoC: meson: g12a-toacodec: Validate written enum values (Mark Brown) - i40e: fix use-after-free in i40e_aqc_add_filters() (Ke Xiao) - net: Save and restore msg_namelen in sock_sendmsg (Marc Dionne) - netfilter: nft_immediate: drop chain reference counter on error (Pablo Neira Ayuso) - net: bcmgenet: Fix FCS generation for fragmented skbuffs (Adrian Cinal) - sfc: fix a double-free bug in efx_probe_filters (Zhipeng Lu) - ARM: sun9i: smp: Fix array-index-out-of-bounds read in sunxi_mc_smp_init (Stefan Wahren) - net-timestamp: extend SOF_TIMESTAMPING_OPT_ID to HW timestamps (Vadim Fedorenko) - can: raw: add support for SO_MARK (Marc Kleine-Budde) - can: raw: add support for SO_TXTIME/SCM_TXTIME (Marc Kleine-Budde) - net: Implement missing getsockopt(SO_TIMESTAMPING_NEW) (Jorn-Thorben Hinz) - r8169: Fix PCI error on system resume (Kai-Heng Feng) - net: sched: em_text: fix possible memory leak in em_text_destroy() (Hangyu Hua) - mlxbf_gige: fix receive packet race condition (David Thompson) - ASoC: fsl_rpmsg: Fix error handler with pm_runtime_enable (Chancel Liu) - igc: Check VLAN EtherType mask (Kurt Kanzenbach) - igc: Check VLAN TCI mask (Kurt Kanzenbach) - igc: Report VLAN EtherType matching back to user (Kurt Kanzenbach) - i40e: Fix filter input checks to prevent config with invalid values (Sudheer Mogilappagari) - drm/i915/dp: Fix passing the correct DPCD_REV for drm_dp_set_phy_test_pattern (Khaled Almahallawy) - octeontx2-af: Fix marking couple of structure as __packed (Suman Ghosh) - nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local (Siddh Raman Pant) - drm/bridge: ti-sn65dsi86: Never store more than msg->size bytes in AUX xfer (Douglas Anderson) - Revert 'PCI/ASPM: Remove pcie_aspm_pm_state_change()' (Bjorn Helgaas) - ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP ProBook 440 G6 (Siddhesh Dharme) - block: Don't invalidate pagecache for invalid falloc modes (Sarthak Kukreti) [5.15.0-204.146.1] - uek-rpm: Update the kABI files for new symbol (Yifei Liu) [Orabug: 36183477] - x86: KVM: SVM: refresh AVIC inhibition in svm_leave_nested() (Maxim Levitsky) [Orabug: 36183624] - KVM: x86: SVM: allow AVIC to co-exist with a nested guest running (Maxim Levitsky) [Orabug: 36183624] - KVM: x86: allow per cpu apicv inhibit reasons (Maxim Levitsky) [Orabug: 36183624] - rds: Add count for ready receive cache (Hans Westgaard Ry) [Orabug: 36186035] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1085 cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:linux:8::UEKR7 cpe:/a:oracle:linux:9::UEKR7 cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 conmon [2.1.3-8] - address CVE-2023-39326 cri-o [1.26.4-1] - Added Oracle Specific Files for cri-o - Cherry-picked upstream commits for OCPBUGS-17150: oci: simplify stopping code https://github.com/cri-o/cri-o/pull/7185 - Fixed CVE-2023-39325: bump golang.org/x/net to v0.17.0 cri-tools [1.26.1-4] - Address CVE-2023-39326 etcd [3.5.9-3] - Address CVE-2023-39326 by upgrading golang to version 1.20.12 flannel-cni-plugin [1.2.0-3] - Build for aarch64 [1.2.0-2] - Rebuild with golang 1.20.12 [1.2.0-1] - Added Oracle specific build files for Flannel CNI Plugins - Address CVE-2023-44487 and CVE-2023-39325 helm [3.12.0-4] - address CVE-2023-39326 by updating golang version to 1.20.12 istio [1.17.8-2] - Address CVE-2023-39326 kata [1.12.1-17] - Include OL9 for kernel-uek-container (currently in UEKR7_developer_preview) [1.12.1-16] - Rebuild with golang 1.20.12 [1.12.1-15] - Updated for kubernetes 1.27 and 1.28 kata-agent [1.12.1-11] - Rebuild with -11 tag [1.12.1-10] - Updated Golang to 1.20.12 to address CVE CVE-2023-39326 kata-image [1.12.1-11] - Rebuild with -11 tag [1.12.1-10] - Updated Golang to 1.20.12 to address CVE CVE-2023-39326 kata-ksm-throttler [1.12.1-11] - Rebuild with -11 tag [1.12.1-10] - Updated Golang to 1.20.12 to address CVE CVE-2023-39326 kata-proxy [1.12.1-11] - Rebuild with -11 tag [1.12.1-10] - Updated Golang to 1.20.12 to address CVE CVE-2023-39326 kata-runtime [1.12.1-11] - Rebuild with -11 tag [1.12.1-10] - Updated Golang to 1.20.12 to address CVE CVE-2023-39326 kata-shim [1.12.1-11] - Rebuild with -11 tag [1.12.1-10] - Updated Golang to 1.20.12 to address CVE CVE-2023-39326 kubernetes [1.26.10-3] - Build with golang 1.20.12 kubernetes-cni [1.1.2-4] - Address CVE-2023-39326, update golang version to 1.20.12 kubernetes-cni-plugins [1.2.0-6] - Rebuild with golang 1.20.12 [1.2.0-5] - update flannel-cni-plugin to 1.2.0 kubevirt [0.58.0-5] - Updated to address CVE-2023-39326 olcne [1.7.6-5] - Fix OLM upgrade failure [1.7.6-4] - Fixed unable to deploy new module(s) using config file containing already existing modules [1.7.6-2] - Corrected olcne repo version in the prompt text of the 'olcnectl provision' command [1.7.6-1] - Update kubernetes and components to address golang CVE-2023-39326 - Update istio and components to address golang CVE-2023-39326 - Update metallb, multus-cni, kubevirt, module-operator, calico, rook to address golang CVE-2023-39326 - Update cri-o to 1.26-4 patched - add conmon resource to kubernetes module [1.7.5-22] - Fix OLM upgrade failure - same version upgrade [1.7.5-21] - Migrate ModuleOperator from verrazzano-install to ocne-modules namespace [1.7.5-20] - Update module-operator to address CVE-2023-39326 [1.7.5-19] - Updated kubevirt 0.58.0 to address CVE-2023-39326 [1.7.5-18] - Back port rebuild of calico 3.25.1 yq [4.34.1-4] - Update Golang to 1.20.12 to address CVE-2023-39326 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-39326 cpe:/a:oracle:linux:9::olcne19 cpe:/a:oracle:linux:9::olcne18 cpe:/a:oracle:linux:9::olcne17 Oracle Linux 8 conmon [2.1.3-8] - address CVE-2023-39326 cri-o [1.26.4-1] - Added Oracle Specific Files for cri-o - Cherry-picked upstream commits for OCPBUGS-17150: oci: simplify stopping code https://github.com/cri-o/cri-o/pull/7185 - Fixed CVE-2023-39325: bump golang.org/x/net to v0.17.0 cri-tools [1.26.1-4] - Address CVE-2023-39326 etcd [3.5.9-3] - Address CVE-2023-39326 by upgrading golang to version 1.20.12 flannel-cni-plugin [1.2.0-3] - Build for aarch64 [1.2.0-2] - Rebuild with golang 1.20.12 [1.2.0-1] - Added Oracle specific build files for Flannel CNI Plugins - Address CVE-2023-44487 and CVE-2023-39325 helm [3.12.0-4] - address CVE-2023-39326 by updating golang version to 1.20.12 istio [1.17.8-2] - Address CVE-2023-39326 kata [1.12.1-17] - Include OL9 for kernel-uek-container (currently in UEKR7_developer_preview) [1.12.1-16] - Rebuild with golang 1.20.12 [1.12.1-15] - Updated for kubernetes 1.27 and 1.28 kata-agent [1.12.1-11] - Rebuild with -11 tag [1.12.1-10] - Updated Golang to 1.20.12 to address CVE CVE-2023-39326 kata-image [1.12.1-11] - Rebuild with -11 tag [1.12.1-10] - Updated Golang to 1.20.12 to address CVE CVE-2023-39326 kata-ksm-throttler [1.12.1-11] - Rebuild with -11 tag [1.12.1-10] - Updated Golang to 1.20.12 to address CVE CVE-2023-39326 kata-proxy [1.12.1-11] - Rebuild with -11 tag [1.12.1-10] - Updated Golang to 1.20.12 to address CVE CVE-2023-39326 kata-runtime [1.12.1-11] - Rebuild with -11 tag [1.12.1-10] - Updated Golang to 1.20.12 to address CVE CVE-2023-39326 kata-shim [1.12.1-11] - Rebuild with -11 tag [1.12.1-10] - Updated Golang to 1.20.12 to address CVE CVE-2023-39326 kubernetes [1.26.10-3] - Build with golang 1.20.12 kubernetes-cni [1.1.2-4] - Address CVE-2023-39326, update golang version to 1.20.12 kubernetes-cni-plugins [1.2.0-6] - Rebuild with golang 1.20.12 [1.2.0-5] - update flannel-cni-plugin to 1.2.0 kubevirt [0.58.0-5] - Updated to address CVE-2023-39326 olcne [1.7.6-5] - Fix OLM upgrade failure [1.7.6-4] - Fixed unable to deploy new module(s) using config file containing already existing modules [1.7.6-2] - Corrected olcne repo version in the prompt text of the 'olcnectl provision' command [1.7.6-1] - Update kubernetes and components to address golang CVE-2023-39326 - Update istio and components to address golang CVE-2023-39326 - Update metallb, multus-cni, kubevirt, module-operator, calico, rook to address golang CVE-2023-39326 - Update cri-o to 1.26-4 patched - add conmon resource to kubernetes module [1.7.5-22] - Fix OLM upgrade failure - same version upgrade [1.7.5-21] - Migrate ModuleOperator from verrazzano-install to ocne-modules namespace [1.7.5-20] - Update module-operator to address CVE-2023-39326 [1.7.5-19] - Updated kubevirt 0.58.0 to address CVE-2023-39326 [1.7.5-18] - Back port rebuild of calico 3.25.1 yq [4.34.1-4] - Update Golang to 1.20.12 to address CVE-2023-39326 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-39326 cpe:/a:oracle:linux:8::olcne18 cpe:/a:oracle:linux:8::olcne19 cpe:/a:oracle:linux:8::ocne cpe:/a:oracle:linux:8::olcne16 cpe:/a:oracle:linux:8::olcne17 cpe:/a:oracle:linux:8::developer_olcne Oracle Linux 7 [7.4p1-23.0.3_fips] - Change Epoch from 1 to 10 - Enable fips KDF POST [Orabug: 32461750] - Disable diffie-hellman-group-exchange-sha256 KEX FIPS method [Orabug: 32461739] [7.4p1-23.0.3] - add KEX_INITIAL flag [Orabug: 36160445] - implement 'strict key exchange' [CVE-2023-48795][Orabug: 36160445] MODERATE Copyright 2024 Oracle, Inc. CVE-2023-48795 cpe:/a:oracle:linux:7::u8_security_validation Oracle Linux 7 [7.4p1-23.0.3_fips] - Change Epoch from 1 to 10 - Enable fips KDF POST [Orabug: 32461750] - Disable diffie-hellman-group-exchange-sha256 KEX FIPS method [Orabug: 32461739] [7.4p1-23.0.3] - add KEX_INITIAL flag [Orabug: 36160445] - implement 'strict key exchange' [CVE-2023-48795][Orabug: 36160445] MODERATE Copyright 2024 Oracle, Inc. CVE-2023-48795 cpe:/a:oracle:linux:7::u8_security_validation Oracle Linux 7 [3.2.1-1.0.1] - Fix CVE-2023-49083: NULL-dereference when loading PKCS7 certificates [Orabug: 36143838] MODERATE Copyright 2024 Oracle, Inc. CVE-2023-49083 cpe:/a:oracle:linux:7::developer cpe:/a:oracle:linux:7::addons Oracle Linux 8 Oracle Linux 9 [5.15.0-204.147.6.3] - netfilter: nf_tables: reject QUEUE/DROP verdict parameters (Florian Westphal) [Orabug: 36464807] {CVE-2024-1086} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1086 cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:linux:8::UEKR7 cpe:/a:oracle:linux:9::UEKR7 cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.329.3.2] - netfilter: nf_tables: reject QUEUE/DROP verdict parameters (Florian Westphal) [Orabug: 36465920] {CVE-2024-1086} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1086 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::UEKR6 cpe:/o:oracle:linux:8:9:baseos_patch cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 7 [4.14.35-2047.534.3.1] - netfilter: nf_tables: reject QUEUE/DROP verdict parameters (Florian Westphal) [Orabug: 36251145] {CVE-2024-1086} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1086 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:linux:7::UEKR5 cpe:/a:oracle:linux:7::optional_latest Oracle Linux 6 Oracle Linux 7 [4.1.12-124.84.2] - netfilter: nf_tables: reject QUEUE/DROP verdict parameters (Florian Westphal) [Orabug: 36251327] {CVE-2024-1086} [4.1.12-124.84.1] - mm: avoid conflict between MADV_DOEXEC and upstream advice values (Anthony Yznaga) [Orabug: 36334311] - kobject: Fix slab-out-of-bounds in fill_kobj_path() (Wang Hai) [Orabug: 35924076] {CVE-2023-45863} - kobject: Replace strncpy with memcpy (Guenter Roeck) [Orabug: 35924076] - net: xfrm: Fix xfrm_address_filter OOB read (Lin Ma) [Orabug: 35923517] {CVE-2023-39194} - net/xfrm: use kmemdup rather than duplicating its implementation (Andrzej Hajda) [Orabug: 35923517] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-39194 CVE-2023-45863 CVE-2024-1086 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 7 [5.4.17-2136.329.3.2.el7] - netfilter: nf_tables: reject QUEUE/DROP verdict parameters (Florian Westphal) [Orabug: 36465920] {CVE-2024-1086} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1086 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 8 [5.4.17-2136.329.3.2.el8] - netfilter: nf_tables: reject QUEUE/DROP verdict parameters (Florian Westphal) [Orabug: 36465920] {CVE-2024-1086} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1086 cpe:/a:oracle:linux:8::UEKR6 Oracle Linux 9 [1.8.1-2] - Cleanup spec file [1.8.1-1] - Fix OLM upgrade failure - upgrade from 0.17.0 to 0.23.1 failed due to a couple of crds missing - Add hostpathRequiresPrivilged value to rook template cr to be passed to module operator - Fixed Istio-1.18 and Istio-1.19 installation on aarch64 architecture - Fixed unable to deploy new module(s) using config file containing already existing modules - Corrected olcne repo version in the prompt text of the 'olcnectl provision' command - Update modules and components built with golang 1.20.12 to address CVE-2023-39326 - add conmon resource to kubernetes module - Fix OLM upgrade failure - same version upgrade failure - Migrate ModuleOperator from verrazzano-install to ocne-modules namespace - Fix multiple install during provision IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-39326 cpe:/a:oracle:linux:9::olcne18 Oracle Linux 9 [1.8.1-2] - Cleanup spec file [1.8.1-1] - Fix OLM upgrade failure - upgrade from 0.17.0 to 0.23.1 failed due to a couple of crds missing - Add hostpathRequiresPrivilged value to rook template cr to be passed to module operator - Fixed Istio-1.18 and Istio-1.19 installation on aarch64 architecture - Fixed unable to deploy new module(s) using config file containing already existing modules - Corrected olcne repo version in the prompt text of the 'olcnectl provision' command - Update modules and components built with golang 1.20.12 to address CVE-2023-39326 - add conmon resource to kubernetes module - Fix OLM upgrade failure - same version upgrade failure - Migrate ModuleOperator from verrazzano-install to ocne-modules namespace - Fix multiple install during provision IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-39326 cpe:/a:oracle:linux:9::olcne18 Oracle Linux 8 [1.8.1-2] - Cleanup spec file [1.8.1-1] - Fix OLM upgrade failure - upgrade from 0.17.0 to 0.23.1 failed due to a couple of crds missing - Add hostpathRequiresPrivilged value to rook template cr to be passed to module operator - Fixed Istio-1.18 and Istio-1.19 installation on aarch64 architecture - Fixed unable to deploy new module(s) using config file containing already existing modules - Corrected olcne repo version in the prompt text of the 'olcnectl provision' command - Update modules and components built with golang 1.20.12 to address CVE-2023-39326 - add conmon resource to kubernetes module - Fix OLM upgrade failure - same version upgrade failure - Migrate ModuleOperator from verrazzano-install to ocne-modules namespace - Fix multiple install during provision IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-39326 cpe:/a:oracle:linux:8::olcne18 Oracle Linux 8 [1.8.1-2] - Cleanup spec file [1.8.1-1] - Fix OLM upgrade failure - upgrade from 0.17.0 to 0.23.1 failed due to a couple of crds missing - Add hostpathRequiresPrivilged value to rook template cr to be passed to module operator - Fixed Istio-1.18 and Istio-1.19 installation on aarch64 architecture - Fixed unable to deploy new module(s) using config file containing already existing modules - Corrected olcne repo version in the prompt text of the 'olcnectl provision' command - Update modules and components built with golang 1.20.12 to address CVE-2023-39326 - add conmon resource to kubernetes module - Fix OLM upgrade failure - same version upgrade failure - Migrate ModuleOperator from verrazzano-install to ocne-modules namespace - Fix multiple install during provision IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-39326 cpe:/a:oracle:linux:8::olcne18 Oracle Linux 9 - [5.14.0-362.24.1.0.1_3.OL9] - netfilter: nf_tables: reject QUEUE/DROP verdict parameters [Orabug: 36461940 ] {CVE-2024-1086} - [5.14.0-362.24.1_3.OL9] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944] - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Disable unified kernel image package build - Add Oracle Linux IMA certificates IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1086 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 8 [4.18.0-513.18.1.0.1_9.OL8] - netfilter: nf_tables: reject QUEUE/DROP verdict parameters [Orabug: 36461932] {CVE-2024-1086} [4.18.0-513.18.1_9.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652] - Drop not needed patch IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1086 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:9:baseos_patch cpe:/a:oracle:linux:8::codeready_builder cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 Oracle Linux 7 [4.14.35-2047.535.2.1] - netfilter: nf_tables: reject QUEUE/DROP verdict parameters (Florian Westphal) [Orabug: 36467681] {CVE-2024-1086} [4.14.35-2047.535.2] - Fix null ptr in rds_tcp_recv_path (Allison Henderson) [Orabug: 33499812] - LTS version: v4.14.338 (Saeed Mirzamohammadi) - crypto: scompress - initialize per-CPU variables on each CPU (Sebastian Andrzej Siewior) - Revert 'NFSD: Fix possible sleep during nfsd4_release_lockowner()' (Greg Kroah-Hartman) - i2c: s3c24xx: fix transferring more than one message in polling mode (Marek Szyprowski) - i2c: s3c24xx: fix read transfers in polling mode (Marek Szyprowski) - kdb: Fix a potential buffer overflow in kdb_local() (Christophe JAILLET) - kdb: Censor attempts to set PROMPT without ENABLE_MEM_READ (Daniel Thompson) - ipvs: avoid stat macros calls from preemptible context (Fedor Pchelkin) - net: ravb: Fix dma_addr_t truncation in error case (Nikita Yushchenko) - serial: imx: Correct clock error message in function probe() (Christoph Niedermaier) - apparmor: avoid crash when parsed profile name is empty (Fedor Pchelkin) - MIPS: Alchemy: Fix an out-of-bound access in db1550_dev_setup() (Christophe JAILLET) - MIPS: Alchemy: Fix an out-of-bound access in db1200_dev_setup() (Christophe JAILLET) - HID: wacom: Correct behavior when processing some confidence == false touches (Jason Gerecke) - wifi: mwifiex: configure BSSID consistently when starting AP (David Lin) - wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors (Ilpo Jarvinen) - wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable code (Ilpo Jarvinen) - fbdev: flush deferred work in fb_deferred_io_fsync() (Nam Cao) - ALSA: oxygen: Fix right channel of capture volume mixer (Takashi Iwai) - usb: mon: Fix atomicity violation in mon_bin_vma_fault (Gui-Dong Han) - usb: chipidea: wait controller resume finished for wakeup irq (Xu Yang) - usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart (Uttkarsh Aggarwal) - usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host() (Xu Yang) - tick-sched: Fix idle and iowait sleeptime accounting vs CPU hotplug (Heiko Carstens) - binder: fix unused alloc->free_async_space (Carlos Llamas) - binder: fix race between mmput() and do_exit() (Carlos Llamas) - Input: atkbd - use ab83 as id when skipping the getid command (Hans de Goede) - binder: fix async space check for 0-sized buffers (Carlos Llamas) - watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling (Stefan Wahren) - watchdog: set cdev owner before adding (Curtis Klein) - gpu/drm/radeon: fix two memleaks in radeon_vm_init (Zhipeng Lu) - drivers/amd/pm: fix a use-after-free in kv_parse_power_table (Zhipeng Lu) - drm/amd/pm: fix a double-free in si_dpm_init (Zhipeng Lu) - media: dvbdev: drop refcount on error path in dvb_device_open() (Dan Carpenter) - media: cx231xx: fix a memleak in cx231xx_init_isoc (Zhipeng Lu) - drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table (Zhipeng Lu) - drm/radeon/dpm: fix a memleak in sumo_parse_power_table (Zhipeng Lu) - drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() (Yang Yingliang) - drm/drv: propagate errors from drm_modeset_register_all() (Dmitry Baryshkov) - drm/msm/mdp4: flush vblank event on disable (Dmitry Baryshkov) - ASoC: cs35l34: Fix GPIO name and drop legacy include (Linus Walleij) - ASoC: cs35l33: Fix GPIO name and drop legacy include (Linus Walleij) - drm/radeon: check return value of radeon_ring_lock() (Nikita Zhandarovich) - drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check() (Nikita Zhandarovich) - drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg() (Nikita Zhandarovich) - f2fs: fix to avoid dirent corruption (Chao Yu) - drm/bridge: Fix typo in post_disable() description (Dario Binacchi) - media: pvrusb2: fix use after free on context disconnection (Ricardo B. Marliere) - RDMA/usnic: Silence uninitialized symbol smatch warnings (Leon Romanovsky) - ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (Eric Dumazet) - Bluetooth: Fix bogus check for re-auth no supported with non-ssp (Luiz Augusto von Dentz) - wifi: rtlwifi: rtl8192se: using calculate_bit_shift() (Su Hui) - wifi: rtlwifi: rtl8192ee: using calculate_bit_shift() (Su Hui) - wifi: rtlwifi: rtl8192de: using calculate_bit_shift() (Su Hui) - rtlwifi: rtl8192de: make arrays static const, makes object smaller (Colin Ian King) - wifi: rtlwifi: rtl8192ce: using calculate_bit_shift() (Su Hui) - wifi: rtlwifi: rtl8192cu: using calculate_bit_shift() (Su Hui) - wifi: rtlwifi: rtl8192c: using calculate_bit_shift() (Su Hui) - wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift() (Su Hui) - wifi: rtlwifi: add calculate_bit_shift() (Su Hui) - wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift behavior (Su Hui) - rtlwifi: Use ffs in <foo>_phy_calculate_bit_shift (Joe Perches) - firmware: ti_sci: Fix an off-by-one in ti_sci_debugfs_create() (Christophe JAILLET) - net/ncsi: Fix netlink major/minor version numbers (Peter Delevoryas) - ncsi: internal.h: Fix a spello (Bhaskar Chowdhury) - wifi: libertas: stop selecting wext (Arnd Bergmann) - bpf, lpm: Fix check prefixlen before walking trie (Florian Lehner) - NFSv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT (Trond Myklebust) - crypto: scomp - fix req->dst buffer overflow (Chengming Zhou) - crypto: scompress - Use per-CPU struct instead multiple variables (Sebastian Andrzej Siewior) - crypto: scompress - return proper error code for allocation failure (Sebastian Andrzej Siewior) - crypto: sahara - do not resize req->src when doing hash operations (Ovidiu Panait) - crypto: sahara - fix processing hash requests with req->nbytes < sg->length (Ovidiu Panait) - crypto: sahara - improve error handling in sahara_sha_process() (Ovidiu Panait) - crypto: sahara - fix wait_for_completion_timeout() error handling (Ovidiu Panait) - crypto: sahara - fix ahash reqsize (Ovidiu Panait) - crypto: virtio - Wait for tasklet to complete on device remove (wangyangxin) - pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() (Sergey Shtylyov) - crypto: sahara - fix error handling in sahara_hw_descriptor_create() (Ovidiu Panait) - crypto: sahara - fix processing requests with cryptlen < sg->length (Ovidiu Panait) - crypto: sahara - fix ahash selftest failure (Ovidiu Panait) - crypto: sahara - remove FLAGS_NEW_KEY logic (Ovidiu Panait) - crypto: af_alg - Disallow multiple in-flight AIO requests (Herbert Xu) - crypto: ccp - fix memleak in ccp_init_dm_workarea (Dinghao Liu) - crypto: virtio - Handle dataq logic with tasklet (Gonglei (Arei)) - mtd: Fix gluebi NULL pointer dereference caused by ftl notifier (ZhaoLong Wang) - calipso: fix memory leak in netlbl_calipso_add_pass() (Gavrilov Ilia) - netlabel: remove unused parameter in netlbl_netlink_auditinfo() (Zheng Yejian) - net: netlabel: Fix kerneldoc warnings (Andrew Lunn) - ACPI: video: check for error while searching for backlight device parent (Nikita Kiryushin) - mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller response (Ronald Monthero) - powerpc/imc-pmu: Add a null pointer check in update_events_in_group() (Kunwu Chan) - powerpc/powernv: Add a null pointer check in opal_event_init() (Kunwu Chan) - selftests/powerpc: Fix error handling in FPU/VMX preemption tests (Michael Ellerman) - powerpc/pseries/memhp: Fix access beyond end of drmem array (Nathan Lynch) - powerpc/pseries/memhotplug: Quieten some DLPAR operations (Laurent Dufour) - powerpc/44x: select I2C for CURRITUCK (Randy Dunlap) - powerpc: remove redundant 'default n' from Kconfig-s (Bartlomiej Zolnierkiewicz) - powerpc: add crtsavres.o to always-y instead of extra-y (Masahiro Yamada) - EDAC/thunderx: Fix possible out-of-bounds string access (Arnd Bergmann) - x86/lib: Fix overflow when counting digits (Colin Ian King) - coresight: etm4x: Fix width of CCITMIN field (James Clark) - uio: Fix use-after-free in uio_open (Guanghui Feng) - binder: fix comment on binder_alloc_new_buf() return value (Carlos Llamas) - drm/crtc: fix uninitialized variable use (Jani Nikula) - Input: xpad - add Razer Wolverine V2 support (Luca Weiss) - ARC: fix spare error (Vineet Gupta) - s390/scm: fix virtual vs physical address confusion (Vineeth Vijayan) - Input: atkbd - skip ATKBD_CMD_GETID in translated mode (Hans de Goede) - reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning (Krzysztof Kozlowski) - ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI (Steven Rostedt (Google)) - tracing: Add size check when printing trace_marker output (Steven Rostedt (Google)) - tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing (Steven Rostedt (Google)) - drm/crtc: Fix uninit-value bug in drm_mode_setcrtc (Ziqi Zhao) - jbd2: correct the printing of write_flags in jbd2_write_superblock() (Zhang Yi) - clk: rockchip: rk3128: Fix HCLK_OTG gate register (Weihao Li) - drm/exynos: fix a potential error pointer dereference (Xiang Yang) - ASoC: da7219: Support low DC impedance headset (David Rau) - net/tg3: fix race condition in tg3_reset_task() (Thinh Tran) - ASoC: rt5650: add mutex to avoid the jack detection failure (Shuming Fan) - ASoC: cs43130: Fix incorrect frame delay configuration (Maciej Strozek) - ASoC: cs43130: Fix the position of const qualifier (Maciej Strozek) - f2fs: explicitly null-terminate the xattr list (Eric Biggers) - LTS version: v4.14.337 (Saeed Mirzamohammadi) - ipv6: remove max_size check inline with ipv4 (Saeed Mirzamohammadi) - ipv6: make ip6_rt_gc_expire an atomic_t (Saeed Mirzamohammadi) - net/dst: use a smaller percpu_counter batch for dst entries accounting (Eric Dumazet) - net: add a route cache full diagnostic message (Peter Oskolkov) - netfilter: nf_tables: Reject tables of unsupported family (Phil Sutter) [Orabug: 36192153] {CVE-2023-6040} - fuse: nlookup missing decrement in fuse_direntplus_link (ruanmeisi) - mm: fix unmap_mapping_range high bits shift bug (Jiajun Xie) - mm/memory-failure: check the mapcount of the precise page (Matthew Wilcox (Oracle)) - bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters() (Michael Chan) - asix: Add check for usbnet_get_endpoints (Chen Ni) - net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues (Dinghao Liu) - net/qla3xxx: switch from 'pci_' to 'dma_' API (Christophe JAILLET) [4.14.35-2047.535.1] - mm: avoid conflict between MADV_DOEXEC and upstream advice values (Anthony Yznaga) [Orabug: 36334310] - net/rds: print PPID/COMM of process doing user reset on RDS connection (Juan Garcia) [Orabug: 36248431] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-6040 CVE-2024-1086 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::UEKR5 cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.330.7.1] - KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Add BHI mitigation knob (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Enumerate Branch History Injection (BHI) bug (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Define SPEC_CTRL_BHI_DIS_S (Daniel Sneddon) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Add support for clearing branch history at syscall entry (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201} - x86/cpufeature: Add missing leaf enumeration (Daniel Sneddon) [Orabug: 36384803] {CVE-2024-2201} - KVM: x86: Use a switch statement and macros in __feature_translate() (Jim Mattson) [Orabug: 36384803] {CVE-2024-2201} - KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace (Jim Mattson) [Orabug: 36384803] {CVE-2024-2201} - KVM: x86: Update KVM-only leaf handling to allow for 100% KVM-only leafs (Sean Christopherson) [Orabug: 36384803] {CVE-2024-2201} - x86/bugs: Use sysfs_emit() (Borislav Petkov) [Orabug: 36384803] {CVE-2024-2201} - Documentation/hw-vuln: Update spectre doc (Lin Yujun) [Orabug: 36384803] {CVE-2024-2201} - x86/speculation: Reorder SRSO and GDS functions (Alexandre Chartre) [Orabug: 36384803] {CVE-2024-2201} - KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (Jim Mattson) [Orabug: 36384803] {CVE-2024-2201} - KVM: x86: Move reverse CPUID helpers to separate header file (Ricardo Koller) [Orabug: 36384803] {CVE-2024-2201} - KVM: x86: Fix implicit enum conversion goof in scattered reverse CPUID code (Sean Christopherson) [Orabug: 36384803] {CVE-2024-2201} - KVM: x86: Add support for reverse CPUID lookup of scattered features (Sean Christopherson) [Orabug: 36384803] {CVE-2024-2201} - x86/msr: Define new bits in TSX_FORCE_ABORT MSR (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201} - objtool: Add asm version of STACK_FRAME_NON_STANDARD (Josh Poimboeuf) [Orabug: 36384803] {CVE-2024-2201} - objtool: Only include valid definitions depending on source file type (Julien Thierry) [Orabug: 36384803] {CVE-2024-2201} [5.4.17-2136.330.7] - Revert 'x86/mm/ident_map: Use gbpages only where full GB page should be mapped.' (Sherry Yang) [Orabug: 36409910] - arm64: dts: qcom: sdm845: fix USB DP/DM HS PHY interrupts (Johan Hovold) - arm64: dts: qcom: add PDC interrupt controller for SDM845 (Lina Iyer) - hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed (Shradha Gupta) - hv_netvsc: use netif_is_bond_master() instead of open code (Juhee Kang) - netfilter: nft_ct: fix l3num expectations with inet pseudo family (Florian Westphal) [5.4.17-2136.330.6] - eVM: x86: Drop kvm SRCU lock in kvm_vcpu_update_apicv (Alejandro Jimenez) [Orabug: 36329600] - KVM: x86: Handle APICv updates for APIC 'mode' changes via request (Sean Christopherson) [Orabug: 36329600] - blk-mq: fix system hang while doing cpu offline on domU (Shminderjit Singh) [Orabug: 36366420] [5.4.17-2136.330.5] - afs: Fix endless loop in directory parsing (David Howells) - netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() (Ignat Korchagin) - netfilter: nf_tables: set dormant flag on hook register failure (Florian Westphal) - scsi: megaraid_sas: Correct value passed to scsi_device_lookup() (Guixin Liu) [Orabug: 36345168] [5.4.17-2136.330.4] - Revert 'crypto: api - Disallow identical driver names' (Saeed Mirzamohammadi) [Orabug: 36361379] - Fix null ptr in rds_tcp_recv_path (Allison Henderson) [Orabug: 35587415] - net/rds: print PPID/COMM of process doing user reset on RDS connection (Juan Garcia) [Orabug: 36248461] [5.4.17-2136.330.3] - uek: kabi: Add two new exported kABI symbols for ACFS and EDV (Saeed Mirzamohammadi) [Orabug: 36251861] - mm: avoid conflict between MADV_DOEXEC and upstream advice values (Anthony Yznaga) [Orabug: 36334309] [5.4.17-2136.330.2] - LTS tag: v5.4.269 (Alok Tiwari) - bpf: Add map and need_defer parameters to .map_fd_put_ptr() (Hou Tao) - of: gpio unittest kfree() wrong object (Frank Rowand) - of: unittest: fix EXPECT text for gpio hog errors (Frank Rowand) - net: bcmgenet: Fix EEE implementation (Florian Fainelli) - Revert 'Revert 'mtd: rawnand: gpmi: Fix setting busy timeout setting'' (Max Krummenacher) - netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() (Dan Carpenter) [Orabug: 36229438] {CVE-2024-0607} - lsm: new security_file_ioctl_compat() hook (Alfred Piccioni) - drm/msm/dsi: Enable runtime PM (Konrad Dybcio) - PM: runtime: Have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend() (Douglas Anderson) - PM: runtime: add devm_pm_runtime_enable helper (Dmitry Baryshkov) - nilfs2: fix potential bug in end_buffer_async_write (Ryusuke Konishi) - sched/membarrier: reduce the ability to hammer on sys_membarrier (Linus Torvalds) - net: prevent mss overflow in skb_segment() (Eric Dumazet) - netfilter: ipset: Missing gc cancellations fixed (Jozsef Kadlecsik) - netfilter: ipset: fix performance regression in swap operation (Jozsef Kadlecsik) - KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache (Oliver Upton) - mips: Fix max_mapnr being uninitialized on early stages (Serge Semin) - arch, mm: remove stale mentions of DISCONIGMEM (Mike Rapoport) - bus: moxtet: Add spi device table (Sjoerd Simons) - tracing: Inform kmemleak of saved_cmdlines allocation (Steven Rostedt (Google)) - pmdomain: core: Move the unused cleanup to a _sync initcall (Konrad Dybcio) - can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) (Oleksij Rempel) - irqchip/irq-brcmstb-l2: Add write memory barrier before exit (Doug Berger) - nfp: flower: prevent re-adding mac index for bonded port (Daniel de Villiers) - nfp: use correct macro for LengthSelect in BAR config (Daniel Basilio) - nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() (Ryusuke Konishi) - nilfs2: fix data corruption in dsync block recovery for small block sizes (Ryusuke Konishi) - ALSA: hda/conexant: Add quirk for SWS JS201D (bo liu) - mmc: slot-gpio: Allow non-sleeping GPIO ro (Alexander Stein) - x86/mm/ident_map: Use gbpages only where full GB page should be mapped. (Steve Wahl) - x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 (Aleksander Mazur) - serial: max310x: improve crystal stable clock detection (Hugo Villeneuve) - serial: max310x: set default value when reading clock ready bit (Hugo Villeneuve) - ring-buffer: Clean ring_buffer_poll_wait() error return (Vincent Donnefort) - iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC (zhili.liu) - staging: iio: ad5933: fix type mismatch regression (David Schiller) - tracing: Fix wasted memory in saved_cmdlines logic (Steven Rostedt (Google)) - ext4: fix double-free of blocks due to wrong extents moved_len (Baokun Li) - misc: fastrpc: Mark all sessions as invalid in cb_remove (Ekansh Gupta) - binder: signal epoll threads of self-work (Carlos Llamas) - ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL (Edson Juliano Drosdeck) - xen-netback: properly sync TX responses (Jan Beulich) - nfc: nci: free rx_data_reassembly skb on NCI device cleanup (Fedor Pchelkin) - kbuild: Fix changing ELF file type for output of gen_btf for big endian (Nathan Chancellor) - firewire: core: correct documentation of fw_csr_string() kernel API (Takashi Sakamoto) - scsi: Revert 'scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock' (Lee Duncan) - i2c: i801: Fix block process call transactions (Jean Delvare) - i2c: i801: Remove i801_set_block_buffer_mode (Heiner Kallweit) - usb: f_mass_storage: forbid async queue when shutdown happen (yuan linyu) - USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT (Oliver Neukum) - HID: wacom: Do not register input devices until after hid_hw_start (Jason Gerecke) - HID: wacom: generic: Avoid reporting a serial of '0' to userspace (Tatsunosuke Tobita) - mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again (Zach O'Keefe) - tracing/trigger: Fix to return error if failed to alloc snapshot (Masami Hiramatsu (Google)) - i40e: Fix waiting for queues of all VSIs to be disabled (Ivan Vecera) - MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler (Guenter Roeck) - ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() (Alexey Khoroshilov) - spi: ppc4xx: Drop write-only variable (Uwe Kleine-Konig) - of: unittest: Fix compile in the non-dynamic case (Christian A. Ehrhardt) - of: unittest: add overlay gpio test to catch gpio hog problem (Frank Rowand) - btrfs: send: return EOPNOTSUPP on unknown flags (David Sterba) - btrfs: forbid deleting live subvol qgroup (Boris Burkov) - btrfs: forbid creating subvol qgroups (Boris Burkov) - netfilter: nft_set_rbtree: skip end interval element from gc (Pablo Neira Ayuso) - net: stmmac: xgmac: fix a typo of register name in DPP safety handling (Furong Xu) - net: stmmac: xgmac: use #define for string constants (Simon Horman) - vhost: use kzalloc() instead of kmalloc() followed by memset() (Prathu Baronia) [Orabug: 36192400] {CVE-2024-0340} - Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID (Hans de Goede) - USB: serial: cp210x: add ID for IMST iM871A-USB (Leonard Dallmayr) - USB: serial: option: add Fibocom FM101-GL variant (Puliang Lu) - USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e (JackBB Wu) - net/af_iucv: clean up a try_then_request_module() (Julian Wiedmann) - netfilter: nft_ct: reject direction for ct id (Pablo Neira Ayuso) - netfilter: nft_compat: restrict match/target protocol to u16 (Pablo Neira Ayuso) - netfilter: nft_compat: reject unused compat flag (Pablo Neira Ayuso) - ppp_async: limit MRU to 64K (Eric Dumazet) - tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (Shigeru Yoshida) - rxrpc: Fix response to PING RESPONSE ACKs to a dead call (David Howells) - inet: read sk->sk_family once in inet_recv_error() (Eric Dumazet) - hwmon: (coretemp) Fix bogus core_id to attr name mapping (Zhang Rui) - hwmon: (coretemp) Fix out-of-bounds memory access (Zhang Rui) - hwmon: (aspeed-pwm-tacho) mutex for tach reading (Loic Prylli) - atm: idt77252: fix a memleak in open_card_ubr0 (Zhipeng Lu) - selftests: net: avoid just another constant wait (Paolo Abeni) - net: stmmac: xgmac: fix handling of DPP safety error for DMA channels (Furong Xu) - phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (Tony Lindgren) - dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV (Frank Li) - phy: renesas: rcar-gen3-usb2: Fix returning wrong error code (Yoshihiro Shimoda) - dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA (Christophe JAILLET) - dmaengine: fsl-qdma: Fix a memory leak related to the status queue DMA (Christophe JAILLET) - bonding: remove print in bond_verify_device_path (Zhengchao Shao) - HID: apple: Add 2021 magic keyboard FN key mapping (Benjamin Berg) - HID: apple: Swap the Fn and Left Control keys on Apple keyboards (free5lot) - HID: apple: Add support for the 2021 Magic Keyboard (Alex Henrie) path (Breno Leitao) - af_unix: fix lockdep positive in sk_diag_dump_icons() (Eric Dumazet) - net: ipv4: fix a memleak in ip_setup_cork (Zhipeng Lu) - netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations (Pablo Neira Ayuso) - netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger (Pablo Neira Ayuso) - llc: call sock_orphan() at release time (Eric Dumazet) - ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (Helge Deller) - ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550() (Christophe JAILLET) - ixgbe: Refactor overtemp event handling (Jedrzej Jagielski) - ixgbe: Refactor returning internal error codes (Jedrzej Jagielski) - ixgbe: Remove non-inclusive language (Piotr Skajewski) - net: remove unneeded break (Tom Rix) - scsi: isci: Fix an error code problem in isci_io_request_build() (Su Hui) - wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update (Edward Adam Davis) - perf: Fix the nr_addr_filters fix (Peter Zijlstra) - drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()' (Srinivasan Shanmugam) - ceph: fix deadlock or deadcode of misusing dget() (Xiubo Li) - blk-mq: fix IO hang from sbitmap wakeup race (Ming Lei) - virtio_net: Fix ''%d' directive writing between 1 and 11 bytes into a region of size 10' warnings (Zhu Yanjun) - libsubcmd: Fix memory leak in uniq() (Ian Rogers) - PCI/AER: Decode Requester ID when no error info found (Bjorn Helgaas) - fs/kernfs/dir: obey S_ISGID (Max Kellermann) - usb: hub: Replace hardcoded quirk value with BIT() macro (Hardik Gajjar) - PCI: switchtec: Fix stdev_release() crash after surprise hot remove (Daniel Stodden) - PCI: Only override AMD USB controller if required (Guilherme G. Piccoli) - mfd: ti_am335x_tscadc: Fix TI SoC dependencies (Peter Robinson) - i3c: master: cdns: Update maximum prescaler value for i2c clock (Harshit Shah) - um: net: Fix return type of uml_net_start_xmit() (Nathan Chancellor) - um: Don't use vfprintf() for os_info() (Benjamin Berg) - um: Fix naming clash between UML and scheduler (Anton Ivanov) - leds: trigger: panic: Don't register panic notifier if creating the trigger failed (Heiner Kallweit) - drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' (Srinivasan Shanmugam) - drm/amdgpu: Let KFD sync with VM fences (Felix Kuehling) - clk: mmp: pxa168: Fix memory leak in pxa168_clk_init() (Kuan-Wei Chiu) - clk: hi3620: Fix memory leak in hi3620_mmc_clk_init() (Kuan-Wei Chiu) - drm/msm/dpu: Ratelimit framedone timeout msgs (Rob Clark) - media: ddbridge: fix an error code problem in ddb_probe (Su Hui) - IB/ipoib: Fix mcast list locking (Daniel Vacek) - drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time (Douglas Anderson) - ALSA: hda: Intel: add HDA_ARL PCI ID support (Pierre-Louis Bossart) - PCI: add INTEL_HDA_ARL to pci_ids.h (Pierre-Louis Bossart) - media: rockchip: rga: fix swizzling for RGB formats (Michael Tretter) - media: stk1160: Fixed high volume of stk1160_dbg messages (Ghanshyam Agrawal) - drm/mipi-dsi: Fix detach call without attach (Tomi Valkeinen) - drm/framebuffer: Fix use of uninitialized variable (Tomi Valkeinen) - drm/drm_file: fix use of uninitialized variable (Tomi Valkeinen) - RDMA/IPoIB: Fix error code return in ipoib_mcast_join (Jack Wang) - fast_dput(): handle underflows gracefully (Al Viro) - ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument (Cristian Ciocaltea) - f2fs: fix to check return value of f2fs_reserve_new_block() (Chao Yu) - wifi: cfg80211: free beacon_ies when overridden from hidden BSS (Benjamin Berg) - wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() (Su Hui) - wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices (Zenm Chen) - arm64: dts: qcom: msm8998: Fix 'out-ports' is a required property (Mao Jinlong) - arm64: dts: qcom: msm8996: Fix 'in-ports' is a required property (Mao Jinlong) - md: Whenassemble the array, consult the superblock of the freshest device (Alex Lyakas) - block: prevent an integer overflow in bvec_try_merge_hw_page (Christoph Hellwig) - ARM: dts: imx23/28: Fix the DMA controller node name (Fabio Estevam) - ARM: dts: imx23-sansa: Use preferred i2c-gpios properties (Fabio Estevam) - ARM: dts: imx27-apf27dev: Fix LED name (Fabio Estevam) - ARM: dts: imx25/27: Pass timing0 (Fabio Estevam) - ARM: dts: imx1: Fix sram node (Fabio Estevam) - ARM: dts: imx27: Fix sram node (Fabio Estevam) - ARM: dts: imx: Use flash@0,0 pattern (Fabio Estevam) - ARM: dts: imx25/27-eukrea: Fix RTC node name (Fabio Estevam) - ARM: dts: rockchip: fix rk3036 hdmi ports node (Johan Jonker) - scsi: libfc: Fix up timeout error in fc_fcp_rec_error() (Hannes Reinecke) - scsi: libfc: Don't schedule abort twice (Hannes Reinecke) - wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (Minsuk Kang) - ARM: dts: imx7s: Fix nand-controller #size-cells (Alexander Stein) - ARM: dts: imx7s: Fix lcdif compatible (Alexander Stein) - ARM: dts: imx7d: Fix coresight funnel ports (Alexander Stein) - bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk (Zhengchao Shao) - PCI: Add no PM reset quirk for NVIDIA Spectrum devices (Ido Schimmel) - scsi: lpfc: Fix possible file string name overflow when updating firmware (Justin Tee) - selftests/bpf: Fix pyperf180 compilation failure with clang18 (Yonghong Song) - selftests/bpf: satisfy compiler by having explicit return in btf test (Andrii Nakryiko) - wifi: rt2x00: restart beacon queue when hardware reset (Shiji Yang) - ext4: avoid online resizing failures due to oversized flex bg (Baokun Li) - ext4: remove unnecessary check from alloc_flex_gd() (Baokun Li) - ext4: unify the type of flexbg_size to unsigned int (Baokun Li) - ext4: fix inconsistent between segment fstrim and full fstrim (Ye Bin) - ecryptfs: Reject casefold directory inodes (Gabriel Krisman Bertazi) - SUNRPC: Fix a suspicious RCU usage warning (Anna Schumaker) - KVM: s390: fix setting of fpc register (Heiko Carstens) - s390/ptrace: handle setting of fpc register correctly (Heiko Carstens) - jfs: fix array-index-out-of-bounds in diNewExt (Edward Adam Davis) - rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock() (Oleg Nesterov) - afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() (Oleg Nesterov) - crypto: stm32/crc32 - fix parsing list of devices (Thomas Bourgoin) - pstore/ram: Fix crash when setting number of cpus to an odd number (Weichen Chen) - jfs: fix uaf in jfs_evict_inode (Edward Adam Davis) - jfs: fix array-index-out-of-bounds in dbAdjTree (Manas Ghandat) - jfs: fix slab-out-of-bounds Read in dtSearch (Manas Ghandat) - UBSAN: array-index-out-of-bounds in dtSplitRoot (Osama Muhammad) - FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree (Osama Muhammad) - ACPI: extlog: fix NULL pointer dereference check (Prarit Bhargava) - PNP: ACPI: fix fortify warning (Dmitry Antipov) - ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop (Yuluo Qiu) - audit: Send netlink ACK before setting connection in auditd_set (Chris Riches) - regulator: core: Only increment use_count when enable_count changes (Rui Zhang) - perf/core: Fix narrow startup race when creating the perf nr_addr_filters sysfs file (Greg KH) - x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel (Zhiquan Li) - powerpc/lib: Validate size for vector operations (Naveen N Rao) - powerpc: pmd_move_must_withdraw() is only needed for CONFIG_TRANSPARENT_HUGEPAGE (Stephen Rothwell) - powerpc/mm: Fix build failures due to arch_reserved_kernel_pages() (Michael Ellerman) - powerpc: Fix build error due to is_valid_bugaddr() (Michael Ellerman) - powerpc/mm: Fix null-pointer dereference in pgtable_cache_add (Kunwu Chan) - x86/entry/ia32: Ensure s32 is sign extended to s64 (Richard Palethorpe) - tick/sched: Preserve number of idle sleeps across CPU hotplug events (Tim Chen) - mips: Call lose_fpu(0) before initializing fcr31 in mips_set_personality_nan (Xi Ruoyao) - spi: bcm-qspi: fix SFDP BFPT read by usig mspi read (Kamal Dasu) - gpio: eic-sprd: Clear interrupt after set the interrupt type (Wenhua Lin) - drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume (Fedor Pchelkin) - drm/exynos: fix accidental on-stack copy of exynos_drm_plane (Arnd Bergmann) - drm/bridge: nxp-ptn3460: simplify some error checking (Dan Carpenter) - drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking (Dan Carpenter) - drm: Don't unref the same fb many times by mistake due to deadlock handling (Ville Syrjala) - gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04 (Mario Limonciello) - netfilter: nf_tables: reject QUEUE/DROP verdict parameters (Florian Westphal) [Orabug: 36251144] {CVE-2024-1086} - rbd: don't move requests to the running list on errors (Ilya Dryomov) - btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args (Qu Wenruo) - btrfs: don't warn if discard range is not aligned to sector (David Sterba) - btrfs: tree-checker: fix inline ref size in error messages (Chung-Chiang Cheng) - btrfs: ref-verify: free ref cache before clearing mount opt (Fedor Pchelkin) - net: fec: fix the unhandled context fault from smmu (Shenwei Wang) - fjes: fix memleaks in fjes_hw_setup (Zhipeng Lu) - netfilter: nf_tables: validate NFPROTO_* family (Pablo Neira Ayuso) - netfilter: nf_tables: restrict anonymous set and map names to 16 bytes (Florian Westphal) - net/mlx5e: fix a double-free in arfs_create_groups (Zhipeng Lu) - net/mlx5: Use kfree(ft->g) in arfs_create_groups() (Denis Efremov) - net/mlx5: DR, Use the right GVMI number for drop action (Yevgeny Kliteynik) - netlink: fix potential sleeping issue in mqueue_flush_file (Zhengchao Shao) - tcp: Add memory barrier to tcp_push() (Salvatore Dipietro) - afs: Hide silly-rename files from userspace (David Howells) - tracing: Ensure visibility when inserting an element into tracing_map (Petr Pavlu) - net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv (Sharath Srinivasan) - llc: Drop support for ETH_P_TR_802_2. (Kuniyuki Iwashima) - llc: make llc_ui_sendmsg() more robust against bonding changes (Eric Dumazet) - vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING (Lin Ma) - net/smc: fix illegal rmb_desc access in SMC-D connection dump (Wen Gu) - x86/CPU/AMD: Fix disabling XSAVES on AMD family 0x17 due to erratum (Maciej S. Szmigiero) - powerpc: Use always instead of always-y in for crtsavres.o (Nathan Chancellor) - fs: move S_ISGID stripping into the vfs_*() helpers (Yang Xu) - fs: add mode_strip_sgid() helper (Yang Xu) - mtd: spinand: macronix: Fix MX35LFxGE4AD page size (JaimeLiao) - block: Remove special-casing of compound pages (Matthew Wilcox (Oracle)) - rename(): fix the locking of subdirectories (Al Viro) - ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path (Zhihao Cheng) - nouveau/vmm: don't set addr on the fail path to avoid warning (Dave Airlie) - mmc: core: Use mrq.sbc in close-ended ffu (Avri Altman) - arm64: dts: qcom: sdm845: fix USB wakeup interrupt types (Johan Hovold) - parisc/firmware: Fix F-extend for PDC addresses (Helge Deller) - rpmsg: virtio: Free driver_override when rpmsg_remove() (Xiaolei Wang) - hwrng: core - Fix page fault dead lock on mmap-ed hwrng (Herbert Xu) - PM: hibernate: Enforce ordering during image compression/decompression (Hongchen Zhang) - crypto: api - Disallow identical driver names (Herbert Xu) - ext4: allow for the last group to be marked as trimmed (Suraj Jitindar Singh) - serial: sc16is7xx: add check for unsupported SPI modes during probe (Hugo Villeneuve) - spi: introduce SPI_MODE_X_MASK macro (Oleksij Rempel) - serial: sc16is7xx: set safe default SPI clock frequency (Hugo Villeneuve) - units: add the HZ macros (Daniel Lezcano) - units: change from 'L' to 'UL' (Daniel Lezcano) - units: Add Watt units (Daniel Lezcano) - PCI: mediatek: Clear interrupt status before dispatching handler (qizhong cheng) [5.4.17-2136.330.1] - mm: hwpoison: handle non-anonymous THP correctly (Yang Shi) [Orabug: 36223690] - mm,hwpoison: unify THP handling for hard and soft offline (Oscar Salvador) [Orabug: 36223690] - mm: hwpoison: remove the unnecessary THP check (Yang Shi) [Orabug: 36223690] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-0607 CVE-2024-2201 CVE-2024-26679 CVE-2024-0340 CVE-2024-1086 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::UEKR6 cpe:/o:oracle:linux:8:9:baseos_patch cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 8 Oracle Linux 9 [5.15.0-205.149.5.1] - KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Pawan Gupta) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Add BHI mitigation knob (Pawan Gupta) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Enumerate Branch History Injection (BHI) bug (Pawan Gupta) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Define SPEC_CTRL_BHI_DIS_S (Daniel Sneddon) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Add support for clearing branch history at syscall entry (Pawan Gupta) [Orabug: 36384802] {CVE-2024-2201} - x86/cpufeature: Add missing leaf enumeration (Daniel Sneddon) [Orabug: 36384802] {CVE-2024-2201} - KVM: x86: Use a switch statement and macros in __feature_translate() (Jim Mattson) [Orabug: 36384802] {CVE-2024-2201} - KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace (Jim Mattson) [Orabug: 36384802] {CVE-2024-2201} - KVM: x86: Update KVM-only leaf handling to allow for 100% KVM-only leafs (Sean Christopherson) [Orabug: 36384802] {CVE-2024-2201} - x86/bugs: Use sysfs_emit() (Borislav Petkov) [Orabug: 36384802] {CVE-2024-2201} - x86/cpu: Support AMD Automatic IBRS (Kim Phillips) [Orabug: 36384802] {CVE-2024-2201} - Documentation/hw-vuln: Update spectre doc (Lin Yujun) [Orabug: 36384802] {CVE-2024-2201} - x86/speculation: Reorder SRSO and GDS functions (Alexandre Chartre) [Orabug: 36384802] {CVE-2024-2201} [5.15.0-205.149.5] - uek-rpm: Bluefield 3: enable lockdown mode for secure boot (Dave Kleikamp) [Orabug: 36318788] - Documentation/x86: Update split lock documentation (Tony Luck) [Orabug: 36298291] - x86/split_lock: Add sysctl to control the misery mode (Guilherme G. Piccoli) [Orabug: 36298291] - x86/split-lock: Remove unused TIF_SLD bit (Tony Luck) [Orabug: 36298291] - x86/split_lock: Make life miserable for split lockers (Tony Luck) [Orabug: 36298291] [5.15.0-205.149.4] - Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST (Luiz Augusto von Dentz) - netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() (Ignat Korchagin) - ksmbd: free aux buffer if ksmbd_iov_pin_rsp_read fails (Fedor Pchelkin) - afs: Fix endless loop in directory parsing (David Howells) - PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() (Dan Carpenter) - Revert 'drm/bridge: lt8912b: Register and attach our DSI device at probe' (Max Krummenacher) - net: usb: dm9601: fix wrong return value in dm9601_mdio_read (Javier Carrasco) - usb: dwc3: gadget: Don't disconnect if not started (Thinh Nguyen) - platform/x86: intel-vbtn: Stop calling 'VBDL' from notify_handler (Hans de Goede) - Fix null ptr in rds_tcp_recv_path (Allison Henderson) [Orabug: 35587408] - cifs: fix mid leak during reconnection after timeout threshold (Shyam Prasad N) [Orabug: 36123597] - vfio/mlx5: Activate the chunk mode functionality (Yishai Hadas) [Orabug: 36298327] - vfio/mlx5: Add support for READING in chunk mode (Yishai Hadas) [Orabug: 36298327] - vfio/mlx5: Add support for SAVING in chunk mode (Yishai Hadas) [Orabug: 36298327] - vfio/mlx5: Pre-allocate chunks for the STOP_COPY phase (Yishai Hadas) [Orabug: 36298327] - vfio/mlx5: Rename some stuff to match chunk mode (Yishai Hadas) [Orabug: 36298327] - vfio/mlx5: Enable querying state size which is > 4GB (Yishai Hadas) [Orabug: 36298327] - vfio/mlx5: Refactor the SAVE callback to activate a work only upon an error (Yishai Hadas) [Orabug: 36298327] - vfio/mlx5: Wake up the reader post of disabling the SAVING migration file (Yishai Hadas) [Orabug: 36298327] - net/mlx5: Introduce ifc bits for migration in a chunk mode (Yishai Hadas) [Orabug: 36298327] - af_unix: Drop oob_skb ref before purging queue in GC. (Kuniyuki Iwashima) [Orabug: 36375407] - hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed (Shradha Gupta) [Orabug: 36379479] [5.15.0-205.149.3] - net/rds: print PPID/COMM of process doing user reset on RDS connection (Juan Garcia) [Orabug: 36248460] - platform/mellanox: mlxbf-pmc: Fix offset calculation for crspace events (Shravan Kumar Ramani) [Orabug: 36299543] - platform/mellanox: mlxbf-tmfifo: Drop Tx network packet when Tx TmFIFO is full (Liming Sun) [Orabug: 36299543] - platform/mellanox: mlxbf-tmfifo: Remove unnecessary bool conversion (Jules Irenge) [Orabug: 36299543] - power: reset: pwr-mlxbf: support graceful reboot instead of emergency reset (Asmaa Mnebhi) [Orabug: 36299543] - platform/mellanox: tmfifo: fix kernel-doc warnings (Randy Dunlap) [Orabug: 36299543] - platform/mellanox: mlxbf-tmfifo: Convert to platform remove callback returning void (Uwe Kleine-Konig) [Orabug: 36299543] - platform/mellanox: mlxbf-pmc: Add support for BlueField-3 (Shravan Kumar Ramani) [Orabug: 36299543] - pwr-mlxbf: extend Kconfig to include gpio-mlxbf3 dependency (David Thompson) [Orabug: 36299543] - pinctrl: mlxbf3: Remove gpio_disable_free() (Asmaa Mnebhi) [Orabug: 36299543] - gpio: mlxbf3: use capital 'OR' for multiple licenses in SPDX (Krzysztof Kozlowski) [Orabug: 36299543] - pinctrl: use capital 'OR' for multiple licenses in SPDX (Krzysztof Kozlowski) [Orabug: 36299543] - gpio: mlxbf3: Support add_pin_ranges() (Asmaa Mnebhi) [Orabug: 36299543] - uek: kabi: Add two new exported kABI symbols for ACFS and EDV (Saeed Mirzamohammadi) [Orabug: 36303821] - uek-rpm: Update the aarch64 kABI files for new symbol (Yifei Liu) [Orabug: 36323808] - arm64: Minimize tlb flush due to vttbr writes on AmpereOne (Ganapatrao Kulkarni) [Orabug: 36349790] [5.15.0-205.149.2] - LTS version: v5.15.149 (Vijayendra Suman) - usb: dwc3: gadget: Ignore End Transfer delay on teardown (Thinh Nguyen) - media: Revert 'media: rkisp1: Drop IRQF_SHARED' (Tomi Valkeinen) - usb: dwc3: gadget: Execute gadget stop after halting the controller (Wesley Cheng) - usb: dwc3: gadget: Don't delay End Transfer on delayed_status (Thinh Nguyen) - staging: fbtft: core: set smem_len before fb_deferred_io_init call (Peter Suti) - smb3: Replace smb2pdu 1-element arrays with flex-arrays (Kees Cook) - fs/ntfs3: Add null pointer checks (Konstantin Komarov) - net: bcmgenet: Fix EEE implementation (Florian Fainelli) - drm/msm/dsi: Enable runtime PM (Konrad Dybcio) - PM: runtime: Have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend() (Douglas Anderson) - dm: limit the number of targets and parameter size area (Mikulas Patocka) - nilfs2: replace WARN_ONs for invalid DAT metadata block requests (Ryusuke Konishi) - nilfs2: fix potential bug in end_buffer_async_write (Ryusuke Konishi) - sched/membarrier: reduce the ability to hammer on sys_membarrier (Linus Torvalds) - netfilter: ipset: Missing gc cancellations fixed (Jozsef Kadlecsik) - net: prevent mss overflow in skb_segment() (Eric Dumazet) - hrtimer: Ignore slack time for RT tasks in schedule_hrtimeout_range() (Davidlohr Bueso) - netfilter: ipset: fix performance regression in swap operation (Jozsef Kadlecsik) - scripts/decode_stacktrace.sh: optionally use LLVM utilities (Carlos Llamas) - scripts: decode_stacktrace: demangle Rust symbols (Miguel Ojeda) - scripts/decode_stacktrace.sh: support old bash version (Schspa Shi) - fbdev: flush deferred IO before closing (Nam Cao) - fbdev: Fix incorrect page mapping clearance at fb_deferred_io_release() (Takashi Iwai) - fbdev: Fix invalid page access after closing deferred I/O devices (Takashi Iwai) - fbdev: Rename pagelist to pagereflist for deferred I/O (Thomas Zimmermann) - fbdev: Track deferred-I/O pages in pageref struct (Thomas Zimmermann) - fbdev: defio: fix the pagelist corruption (Chuansheng Liu) - fbdev: Don't sort deferred-I/O pages by default (Thomas Zimmermann) - fbdev/defio: Early-out if page is already enlisted (Thomas Zimmermann) - serial: 8250_exar: Set missing rs485_supported flag (Lino Sanfilippo) - serial: 8250_exar: Fill in rs485_supported (Ilpo Jarvinen) - usb: dwc3: gadget: Queue PM runtime idle on disconnect event (Wesley Cheng) - usb: dwc3: gadget: Handle EP0 request dequeuing properly (Wesley Cheng) - usb: dwc3: gadget: Refactor EP0 forced stall/restart into a separate API (Wesley Cheng) - usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive (Wesley Cheng) - usb: dwc3: gadget: Submit endxfer command if delayed during disconnect (Wesley Cheng) - usb: dwc3: gadget: Force sending delayed status during soft disconnect (Wesley Cheng) - usb: dwc3: Fix ep0 handling when getting reset while doing control transfer (Mayank Rana) - usb: dwc3: gadget: Delay issuing End Transfer (Thinh Nguyen) - usb: dwc3: gadget: Only End Transfer for ep0 data phase (Thinh Nguyen) - usb: dwc3: ep0: Don't prepare beyond Setup stage (Thinh Nguyen) - usb: dwc3: gadget: Wait for ep0 xfers to complete during dequeue (Thinh Nguyen) - crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init (Tianjia Zhang) - bus: moxtet: Add spi device table (Sjoerd Simons) - dma-buf: add dma_fence_timestamp helper (Christian Konig) - af_unix: Fix task hung while purging oob_skb in GC. (Kuniyuki Iwashima) - tracing: Inform kmemleak of saved_cmdlines allocation (Steven Rostedt (Google)) - pmdomain: core: Move the unused cleanup to a _sync initcall (Konrad Dybcio) - can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) (Oleksij Rempel) - can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock (Ziqi Zhao) - of: property: fix typo in io-channels (Nuno Sa) - mm: hugetlb pages should not be reserved by shmat() if SHM_NORESERVE (Prakash Sangappa) - ceph: prevent use-after-free in encode_cap_msg() (Rishabh Dave) - net: ethernet: ti: cpsw_new: enable mac_managed_pm to fix mdio (Sinthu Raja) - s390/qeth: Fix potential loss of L3-IP@ in case of network issues (Alexandra Winter) - net: ethernet: ti: cpsw: enable mac_managed_pm to fix mdio (Sinthu Raja) - irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update (Marc Zyngier) - irqchip/irq-brcmstb-l2: Add write memory barrier before exit (Doug Berger) - wifi: mac80211: reload info pointer in ieee80211_tx_dequeue() (Johannes Berg) - nfp: flower: prevent re-adding mac index for bonded port (Daniel de Villiers) - nfp: use correct macro for LengthSelect in BAR config (Daniel Basilio) - crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked (Kim Phillips) - nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() (Ryusuke Konishi) - nilfs2: fix data corruption in dsync block recovery for small block sizes (Ryusuke Konishi) - ALSA: hda/conexant: Add quirk for SWS JS201D (bo liu) - mmc: slot-gpio: Allow non-sleeping GPIO ro (Alexander Stein) - x86/mm/ident_map: Use gbpages only where full GB page should be mapped. (Steve Wahl) - x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 (Aleksander Mazur) - powerpc/64: Set task pt_regs->link to the LR value on scv entry (Naveen N Rao) - serial: max310x: fail probe if clock crystal is unstable (Hugo Villeneuve) - serial: max310x: improve crystal stable clock detection (Hugo Villeneuve) - serial: max310x: set default value when reading clock ready bit (Hugo Villeneuve) - ring-buffer: Clean ring_buffer_poll_wait() error return (Vincent Donnefort) - hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove (Souradeep Chakrabarti) - drm/prime: Support page array >= 4GB (Philip Yang) - media: rc: bpf attach/detach requires write permission (Sean Young) - iio: accel: bma400: Fix a compilation problem (Mario Limonciello) - iio: core: fix memleak in iio_device_register_sysfs (Dinghao Liu) - iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC (zhili.liu) - staging: iio: ad5933: fix type mismatch regression (David Schiller) - tracing: Fix wasted memory in saved_cmdlines logic (Steven Rostedt (Google)) - ext4: fix double-free of blocks due to wrong extents moved_len (Baokun Li) - misc: fastrpc: Mark all sessions as invalid in cb_remove (Ekansh Gupta) - binder: signal epoll threads of self-work (Carlos Llamas) - ALSA: hda/cs8409: Suppress vmaster control for Dolphin models (Vitaly Rodionov) - ASoC: codecs: wcd938x: handle deferred probe (Krzysztof Kozlowski) - ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL (Edson Juliano Drosdeck) - xen-netback: properly sync TX responses (Jan Beulich) - net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame() (Nikita Zhandarovich) - nfc: nci: free rx_data_reassembly skb on NCI device cleanup (Fedor Pchelkin) - kbuild: Fix changing ELF file type for output of gen_btf for big endian (Nathan Chancellor) - firewire: core: correct documentation of fw_csr_string() kernel API (Takashi Sakamoto) - lsm: fix the logic in security_inode_getsecctx() (Ondrej Mosnacek) - Revert 'drm/amd: flush any delayed gfxoff on suspend entry' (Mario Limonciello) - scsi: Revert 'scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock' (Lee Duncan) - mptcp: fix data re-injection from stale subflow (Paolo Abeni) - modpost: trim leading spaces when processing source files list (Radek Krejci) - i2c: i801: Fix block process call transactions (Jean Delvare) - i2c: i801: Remove i801_set_block_buffer_mode (Heiner Kallweit) - powerpc/kasan: Fix addr error caused by page alignment (Jiangfeng Xiao) - media: ir_toy: fix a memleak in irtoy_tx (Zhipeng Lu) - usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend (Uttkarsh Aggarwal) - usb: f_mass_storage: forbid async queue when shutdown happen (yuan linyu) - USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT (Oliver Neukum) - usb: ucsi_acpi: Fix command completion handling (Christian A. Ehrhardt) - iio: hid-sensor-als: Return 0 for HID_USAGE_SENSOR_TIME_TIMESTAMP (Srinivas Pandruvada) - HID: wacom: Do not register input devices until after hid_hw_start (Jason Gerecke) - HID: wacom: generic: Avoid reporting a serial of '0' to userspace (Tatsunosuke Tobita) - HID: i2c-hid-of: fix NULL-deref on failed power up (Johan Hovold) - ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx (Luka Guzenko) - ALSA: hda/realtek: Fix the external mic not being recognised for Acer Swift 1 SF114-32 (David Senoner) - scsi: storvsc: Fix ring buffer size calculation (Michael Kelley) - mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again (Zach O'Keefe) - tracing/trigger: Fix to return error if failed to alloc snapshot (Masami Hiramatsu (Google)) - scs: add CONFIG_MMU dependency for vfree_atomic() (Samuel Holland) - i40e: Fix waiting for queues of all VSIs to be disabled (Ivan Vecera) - MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler (Guenter Roeck) path for statistics (Breno Leitao) - ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() (Alexey Khoroshilov) - spi: ppc4xx: Drop write-only variable (Uwe Kleine-Konig) - net: openvswitch: limit the number of recursions from action sets (Aaron Conole) - wifi: iwlwifi: Fix some error codes (Dan Carpenter) - of: unittest: Fix compile in the non-dynamic case (Christian A. Ehrhardt) - btrfs: send: return EOPNOTSUPP on unknown flags (David Sterba) - btrfs: forbid deleting live subvol qgroup (Boris Burkov) - btrfs: do not ASSERT() if the newly created subvolume already got read (Qu Wenruo) - btrfs: forbid creating subvol qgroups (Boris Burkov) - netfilter: nft_set_rbtree: skip end interval element from gc (Pablo Neira Ayuso) - net: stmmac: xgmac: fix a typo of register name in DPP safety handling (Furong Xu) - net: stmmac: xgmac: use #define for string constants (Simon Horman) - clocksource: Skip watchdog check for large watchdog intervals (Jiri Wiesner) - Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID (Hans de Goede) - Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU (Werner Sembach) - usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK (Prashanth K) - usb: dwc3: host: Set XHCI_SG_TRB_CACHE_SIZE_QUIRK (Prashanth K) - USB: serial: cp210x: add ID for IMST iM871A-USB (Leonard Dallmayr) - USB: serial: option: add Fibocom FM101-GL variant (Puliang Lu) - USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e (JackBB Wu) - ALSA: usb-audio: Add a quirk for Yamaha YIT-W12TX transmitter (Julian Sikorski) - drivers: lkdtm: fix clang -Wformat warning (Justin Stitt) - blk-iocost: Fix an UBSAN shift-out-of-bounds warning (Tejun Heo) - scsi: core: Move scsi_host_busy() out of host lock if it is for per-command (Ming Lei) - fs/ntfs3: Fix an NULL dereference bug (Dan Carpenter) - netfilter: nft_set_pipapo: remove scratch_aligned pointer (Florian Westphal) - netfilter: nft_set_pipapo: add helper to release pcpu scratch area (Florian Westphal) - netfilter: nft_set_pipapo: store index in scratch maps (Florian Westphal) - netfilter: nft_ct: reject direction for ct id (Pablo Neira Ayuso) - drm/amd/display: Implement bounds check for stream encoder creation in DCN301 (Srinivasan Shanmugam) - drm/amd/display: Fix multiple memory leaks reported by coverity (Anson Jacob) - netfilter: nft_compat: restrict match/target protocol to u16 (Pablo Neira Ayuso) - netfilter: nft_compat: reject unused compat flag (Pablo Neira Ayuso) - ppp_async: limit MRU to 64K (Eric Dumazet) - af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC. (Kuniyuki Iwashima) - tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (Shigeru Yoshida) - rxrpc: Fix response to PING RESPONSE ACKs to a dead call (David Howells) - inet: read sk->sk_family once in inet_recv_error() (Eric Dumazet) - hwmon: (coretemp) Fix bogus core_id to attr name mapping (Zhang Rui) - hwmon: (coretemp) Fix out-of-bounds memory access (Zhang Rui) - hwmon: (aspeed-pwm-tacho) mutex for tach reading (Loic Prylli) - octeontx2-pf: Fix a memleak otx2_sq_init (Zhipeng Lu) - atm: idt77252: fix a memleak in open_card_ubr0 (Zhipeng Lu) - tunnels: fix out of bounds access when building IPv6 PMTU error (Antoine Tenart) - selftests: net: avoid just another constant wait (Paolo Abeni) - selftests: net: cut more slack for gro fwd tests. (Paolo Abeni) - net: stmmac: xgmac: fix handling of DPP safety error for DMA channels (Furong Xu) - drm/msm/dp: return correct Colorimetry for DP_TEST_DYNAMIC_RANGE_CEA case (Kuogee Hsieh) - phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (Tony Lindgren) - dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV (Frank Li) - phy: renesas: rcar-gen3-usb2: Fix returning wrong error code (Yoshihiro Shimoda) - dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA (Christophe JAILLET) - dmaengine: fsl-qdma: Fix a memory leak related to the status queue DMA (Christophe JAILLET) - dmaengine: ti: k3-udma: Report short packet errors (Jai Luthra) - dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools (Guanhua Gao) - ASoC: codecs: lpass-wsa-macro: fix compander volume hack (Johan Hovold) - bonding: remove print in bond_verify_device_path (Zhengchao Shao) - HID: apple: Add 2021 magic keyboard FN key mapping (Benjamin Berg) - HID: apple: Add support for the 2021 Magic Keyboard (Alex Henrie) - gve: Fix use-after-free vulnerability (Praveen Kaligineedi) - arm64: irq: set the correct node for shadow call stack (Huang Shijie) path (Breno Leitao) - selftests: net: fix available tunnels detection (Paolo Abeni) - af_unix: fix lockdep positive in sk_diag_dump_icons() (Eric Dumazet) - net: ipv4: fix a memleak in ip_setup_cork (Zhipeng Lu) - netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations (Pablo Neira Ayuso) - netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger (Pablo Neira Ayuso) - netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV (Pablo Neira Ayuso) - bridge: mcast: fix disabled snooping after long uptime (Linus Lussing) - llc: call sock_orphan() at release time (Eric Dumazet) - ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (Helge Deller) - ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550() (Christophe JAILLET) - ixgbe: Refactor overtemp event handling (Jedrzej Jagielski) - ixgbe: Refactor returning internal error codes (Jedrzej Jagielski) - ixgbe: Remove non-inclusive language (Piotr Skajewski) - tcp: add sanity checks to rx zerocopy (Eric Dumazet) - ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() (Eric Dumazet) - ip6_tunnel: use dev_sw_netstats_rx_add() (Eric Dumazet) - selftests: net: give more time for GRO aggregation (Paolo Abeni) - scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler (Ming Lei) - scsi: isci: Fix an error code problem in isci_io_request_build() (Su Hui) - drm: using mul_u32_u32() requires linux/math64.h (Stephen Rothwell) - wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update (Edward Adam Davis) - perf: Fix the nr_addr_filters fix (Peter Zijlstra) - drm/amdkfd: Fix 'node' NULL check in 'svm_range_get_range_boundaries()' (Srinivasan Shanmugam) - drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()' (Srinivasan Shanmugam) - drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in 'get_platform_power_management_table()' (Srinivasan Shanmugam) - ceph: fix deadlock or deadcode of misusing dget() (Xiubo Li) - blk-mq: fix IO hang from sbitmap wakeup race (Ming Lei) - virtio_net: Fix ''%d' directive writing between 1 and 11 bytes into a region of size 10' warnings (Zhu Yanjun) - drm/amdkfd: Fix lock dependency warning (Felix Kuehling) - libsubcmd: Fix memory leak in uniq() (Ian Rogers) - PCI/AER: Decode Requester ID when no error info found (Bjorn Helgaas) - PCI: Fix 64GT/s effective data rate calculation (Ilpo Jarvinen) - fs/kernfs/dir: obey S_ISGID (Max Kellermann) - tty: allow TIOCSLCKTRMIOS with CAP_CHECKPOINT_RESTORE (Adrian Reber) - selftests/sgx: Fix linker script asserts (Jo Van Bulck) - usb: hub: Replace hardcoded quirk value with BIT() macro (Hardik Gajjar) - perf cs-etm: Bump minimum OpenCSD version to ensure a bugfix is present (James Clark) - PCI: switchtec: Fix stdev_release() crash after surprise hot remove (Daniel Stodden) - PCI: Only override AMD USB controller if required (Guilherme G. Piccoli) - mailbox: arm_mhuv2: Fix a bug for mhuv2_sender_interrupt (Xiaowu.ding) - mfd: ti_am335x_tscadc: Fix TI SoC dependencies (Peter Robinson) - xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import (Oleksandr Tyshchenko) - i3c: master: cdns: Update maximum prescaler value for i2c clock (Harshit Shah) - um: time-travel: fix time corruption (Johannes Berg) - um: net: Fix return type of uml_net_start_xmit() (Nathan Chancellor) - um: Don't use vfprintf() for os_info() (Benjamin Berg) - um: Fix naming clash between UML and scheduler (Anton Ivanov) - leds: trigger: panic: Don't register panic notifier if creating the trigger failed (Heiner Kallweit) - ALSA: hda/conexant: Fix headset auto detect fail in cx8070 and SN6140 (bo liu) - drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' (Srinivasan Shanmugam) - drm/amdgpu: Let KFD sync with VM fences (Felix Kuehling) - clk: imx: clk-imx8qxp: fix LVDS bypass, pixel and phy clocks (Alexander Stein) - clk: imx: scu: Fix memory leak in __imx_clk_gpr_scu() (Kuan-Wei Chiu) - watchdog: it87_wdt: Keep WDTCTRL bit 3 unmodified for IT8784/IT8786 (Werner Fischer) - clk: mmp: pxa168: Fix memory leak in pxa168_clk_init() (Kuan-Wei Chiu) - clk: hi3620: Fix memory leak in hi3620_mmc_clk_init() (Kuan-Wei Chiu) - drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap (Wang, Beyond) - drm/msm/dpu: Ratelimit framedone timeout msgs (Rob Clark) - media: i2c: imx335: Fix hblank min/max values (Kieran Bingham) - media: ddbridge: fix an error code problem in ddb_probe (Su Hui) - IB/ipoib: Fix mcast list locking (Daniel Vacek) - drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time (Douglas Anderson) - f2fs: fix to tag gcing flag on page during block migration (Chao Yu) - media: rkisp1: Drop IRQF_SHARED (Tomi Valkeinen) - ALSA: hda: intel-dspcfg: add filters for ARL-S and ARL (Pierre-Louis Bossart) - ALSA: hda: Intel: add HDA_ARL PCI ID support (Pierre-Louis Bossart) - PCI: add INTEL_HDA_ARL to pci_ids.h (Pierre-Louis Bossart) - media: rockchip: rga: fix swizzling for RGB formats (Michael Tretter) - media: stk1160: Fixed high volume of stk1160_dbg messages (Ghanshyam Agrawal) - drm/mipi-dsi: Fix detach call without attach (Tomi Valkeinen) - drm/framebuffer: Fix use of uninitialized variable (Tomi Valkeinen) - drm/drm_file: fix use of uninitialized variable (Tomi Valkeinen) - f2fs: fix write pointers on zoned device after roll forward (Jaegeuk Kim) - drm/amd/display: Fix tiled display misalignment (Meenakshikumar Somasundaram) - RDMA/IPoIB: Fix error code return in ipoib_mcast_join (Jack Wang) - fast_dput(): handle underflows gracefully (Al Viro) - ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument (Cristian Ciocaltea) - ALSA: hda: Refer to correct stream index at loops (Takashi Iwai) - f2fs: fix to check return value of f2fs_reserve_new_block() (Chao Yu) - octeontx2-af: Fix max NPC MCAM entry check while validating ref_entry (Suman Ghosh) - i40e: Fix VF disable behavior to block all traffic (Andrii Staikov) - bridge: cfm: fix enum typo in br_cc_ccm_tx_parse (Lin Ma) - Bluetooth: L2CAP: Fix possible multiple reject send (Frederic Danis) - Bluetooth: qca: Set both WIDEBAND_SPEECH and LE_STATES quirks for QCA2066 (Zijun Hu) - wifi: cfg80211: free beacon_ies when overridden from hidden BSS (Benjamin Berg) - wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() (Su Hui) - ALSA: usb-audio: Add delay quirk for MOTU M Series 2nd revision (Alexander Tsoy) - libbpf: Fix NULL pointer dereference in bpf_object__collect_prog_relos (Mingyi Zhang) - wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices (Zenm Chen) - arm64: dts: qcom: msm8998: Fix 'out-ports' is a required property (Mao Jinlong) - arm64: dts: qcom: msm8996: Fix 'in-ports' is a required property (Mao Jinlong) - md: Whenassemble the array, consult the superblock of the freshest device (Alex Lyakas) - block: prevent an integer overflow in bvec_try_merge_hw_page (Christoph Hellwig) - net: dsa: mv88e6xxx: Fix mv88e6352_serdes_get_stats error path (Tobias Waldekranz) - ARM: dts: imx23/28: Fix the DMA controller node name (Fabio Estevam) - ARM: dts: imx23-sansa: Use preferred i2c-gpios properties (Fabio Estevam) - ARM: dts: imx27-apf27dev: Fix LED name (Fabio Estevam) - ARM: dts: imx25/27: Pass timing0 (Fabio Estevam) - ARM: dts: imx25: Fix the iim compatible string (Fabio Estevam) - block/rnbd-srv: Check for unlikely string overflow (Kees Cook) - ionic: pass opcode to devcmd_wait (Shannon Nelson) - ARM: dts: imx1: Fix sram node (Fabio Estevam) - ARM: dts: imx27: Fix sram node (Fabio Estevam) - ARM: dts: imx: Use flash@0,0 pattern (Fabio Estevam) - ARM: dts: imx25/27-eukrea: Fix RTC node name (Fabio Estevam) - ARM: dts: rockchip: fix rk3036 hdmi ports node (Johan Jonker) - bpf: Set uattr->batch.count as zero before batched update or deletion (Hou Tao) - scsi: libfc: Fix up timeout error in fc_fcp_rec_error() (Hannes Reinecke) - scsi: libfc: Don't schedule abort twice (Hannes Reinecke) - bpf: Add map and need_defer parameters to .map_fd_put_ptr() (Hou Tao) - wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (Minsuk Kang) - ARM: dts: imx7s: Fix nand-controller #size-cells (Alexander Stein) - ARM: dts: imx7s: Fix lcdif compatible (Alexander Stein) - ARM: dts: imx7d: Fix coresight funnel ports (Alexander Stein) - scsi: arcmsr: Support new PCI device IDs 1883 and 1886 (ching Huang) - bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk (Zhengchao Shao) - PCI: Add no PM reset quirk for NVIDIA Spectrum devices (Ido Schimmel) - scsi: lpfc: Fix possible file string name overflow when updating firmware (Justin Tee) - selftests/bpf: Fix issues in setup_classid_environment() (Yafang Shao) - selftests/bpf: Fix pyperf180 compilation failure with clang18 (Yonghong Song) - selftests/bpf: satisfy compiler by having explicit return in btf test (Andrii Nakryiko) - wifi: rt2x00: restart beacon queue when hardware reset (Shiji Yang) - ext4: avoid online resizing failures due to oversized flex bg (Baokun Li) - ext4: remove unnecessary check from alloc_flex_gd() (Baokun Li) - ext4: unify the type of flexbg_size to unsigned int (Baokun Li) - ext4: fix inconsistent between segment fstrim and full fstrim (Ye Bin) - ecryptfs: Reject casefold directory inodes (Gabriel Krisman Bertazi) - SUNRPC: Fix a suspicious RCU usage warning (Anna Schumaker) - KVM: s390: fix setting of fpc register (Heiko Carstens) - s390/ptrace: handle setting of fpc register correctly (Heiko Carstens) - arch: consolidate arch_irq_work_raise prototypes (Arnd Bergmann) - jfs: fix array-index-out-of-bounds in diNewExt (Edward Adam Davis) - rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock() (Oleg Nesterov) - afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() (Oleg Nesterov) - afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu() (Oleg Nesterov) - crypto: stm32/crc32 - fix parsing list of devices (Thomas Bourgoin) - crypto: octeontx2 - Fix cptvf driver cleanup (Bharat Bhushan) - pstore/ram: Fix crash when setting number of cpus to an odd number (Weichen Chen) - jfs: fix uaf in jfs_evict_inode (Edward Adam Davis) - jfs: fix array-index-out-of-bounds in dbAdjTree (Manas Ghandat) - jfs: fix slab-out-of-bounds Read in dtSearch (Manas Ghandat) - UBSAN: array-index-out-of-bounds in dtSplitRoot (Osama Muhammad) - FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree (Osama Muhammad) - ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous events (Shuai Xue) - PM / devfreq: Synchronize devfreq_monitor_[start/stop] (Mukesh Ojha) - ACPI: extlog: fix NULL pointer dereference check (Prarit Bhargava) - PNP: ACPI: fix fortify warning (Dmitry Antipov) - ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop (Yuluo Qiu) - audit: Send netlink ACK before setting connection in auditd_set (Chris Riches) - regulator: core: Only increment use_count when enable_count changes (Rui Zhang) - debugobjects: Stop accessing objects after releasing hash bucket lock (Andrzej Hajda) - perf/core: Fix narrow startup race when creating the perf nr_addr_filters sysfs file (Greg KH) - x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel (Zhiquan Li) - powerpc/lib: Validate size for vector operations (Naveen N Rao) - powerpc: pmd_move_must_withdraw() is only needed for CONFIG_TRANSPARENT_HUGEPAGE (Stephen Rothwell) - x86/boot: Ignore NMIs during very early boot (Jun'ichi Nomura) - powerpc/64s: Fix CONFIG_NUMA=n build due to create_section_mapping() (Michael Ellerman) - powerpc/mm: Fix build failures due to arch_reserved_kernel_pages() (Michael Ellerman) - powerpc: Fix build error due to is_valid_bugaddr() (Michael Ellerman) - drivers/perf: pmuv3: don't expose SW_INCR event in sysfs (Mark Rutland) - arm64: irq: set the correct node for VMAP stack (Huang Shijie) - powerpc/mm: Fix null-pointer dereference in pgtable_cache_add (Kunwu Chan) - x86/entry/ia32: Ensure s32 is sign extended to s64 (Richard Palethorpe) - tick/sched: Preserve number of idle sleeps across CPU hotplug events (Tim Chen) - mips: Call lose_fpu(0) before initializing fcr31 in mips_set_personality_nan (Xi Ruoyao) - mtd: cfi: allow building spi-intel standalone (Arnd Bergmann) - spi: bcm-qspi: fix SFDP BFPT read by usig mspi read (Kamal Dasu) - block: Move checking GENHD_FL_NO_PART to bdev_add_partition() (Li Lingfeng) - gpio: eic-sprd: Clear interrupt after set the interrupt type (Wenhua Lin) - drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume (Fedor Pchelkin) - drm/exynos: fix accidental on-stack copy of exynos_drm_plane (Arnd Bergmann) - drm: panel-simple: add missing bus flags for Tianma tm070jvhg[30/33] (Markus Niebel) - cpufreq: intel_pstate: Refine computation of P-state for given frequency (Rafael J. Wysocki) - cpufreq: intel_pstate: Drop redundant intel_pstate_get_hwp_cap() call (Rafael J. Wysocki) - ksmbd: fix global oob in ksmbd_nl_policy (Lin Ma) - btrfs: add definition for EXTENT_TREE_V2 (Josef Bacik) - PM / devfreq: Fix buffer overflow in trans_stat_show (Christian Marangi) - mm/sparsemem: fix race in accessing memory_section->usage (Charan Teja Kalla) - mm: use __pfn_to_section() instead of open coding it (Rolf Eike Beer) - media: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run (Zheng Wang) - ARM: dts: qcom: sdx55: fix USB SS wakeup (Johan Hovold) - ARM: dts: qcom: sdx55: fix USB DP/DM HS PHY interrupts (Johan Hovold) - ARM: dts: qcom: sdx55: fix pdc '#interrupt-cells' (Johan Hovold) - ARM: dts: samsung: exynos4210-i9100: Unconditionally enable LDO12 (Paul Cercueil) - ARM: dts: qcom: sdx55: fix USB wakeup interrupt types (Johan Hovold) - pipe: wakeup wr_wait after setting max_usage (Lukas Schauer) - fs/pipe: move check to pipe_has_watch_queue() (Max Kellermann) - bus: mhi: host: Add alignment check for event ring read pointer (Krishna chaitanya chundru) - bus: mhi: host: Rename 'struct mhi_tre' to 'struct mhi_ring_element' (Manivannan Sadhasivam) - PM: sleep: Fix possible deadlocks in core system-wide PM code (Rafael J. Wysocki) - PM: core: Remove unnecessary (void *) conversions (Li zeming) - drm/bridge: nxp-ptn3460: simplify some error checking (Dan Carpenter) - drm/tidss: Fix atomic_flush check (Tomi Valkeinen) - drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking (Dan Carpenter) - drm: Don't unref the same fb many times by mistake due to deadlock handling (Ville Syrjala) - gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04 (Mario Limonciello) - xfs: read only mounts with fsopen mount API are busted (Dave Chinner) - firmware: arm_scmi: Check mailbox/SMT channel for consistency (Cristian Marussi) - netfilter: nf_tables: reject QUEUE/DROP verdict parameters (Florian Westphal) - netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain (Pablo Neira Ayuso) - hv_netvsc: Calculate correct ring size when PAGE_SIZE is not 4 Kbytes (Michael Kelley) - wifi: iwlwifi: fix a memory corruption (Emmanuel Grumbach) - exec: Fix error handling in begin_new_exec() (Bernd Edlinger) - rbd: don't move requests to the running list on errors (Ilya Dryomov) - btrfs: don't abort filesystem when attempting to snapshot deleted subvolume (Omar Sandoval) - btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args (Qu Wenruo) - btrfs: don't warn if discard range is not aligned to sector (David Sterba) - btrfs: tree-checker: fix inline ref size in error messages (Chung-Chiang Cheng) - btrfs: ref-verify: free ref cache before clearing mount opt (Fedor Pchelkin) - btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot of subvolume being deleted (Omar Sandoval) - btrfs: fix race between reading a directory and adding entries to it (Filipe Manana) - btrfs: refresh dir last index during a rewinddir(3) call (Filipe Manana) - btrfs: set last dir index to the current last index when opening dir (Filipe Manana) - btrfs: fix infinite directory reads (Filipe Manana) - net: fec: fix the unhandled context fault from smmu (Shenwei Wang) - fjes: fix memleaks in fjes_hw_setup (Zhipeng Lu) - selftests: netdevsim: fix the udp_tunnel_nic test (Jakub Kicinski) - net: mvpp2: clear BM pool before initialization (Jenishkumar Maheshbhai Patel) - net: stmmac: Wait a bit for the reset to take effect (Bernd Edlinger) - netfilter: nf_tables: validate NFPROTO_* family (Pablo Neira Ayuso) - netfilter: nf_tables: restrict anonymous set and map names to 16 bytes (Florian Westphal) - netfilter: nft_limit: reject configurations that cause integer overflow (Florian Westphal) - overflow: Allow mixed type arguments (Kees Cook) - net/mlx5e: fix a potential double-free in fs_any_create_groups (Dinghao Liu) - net/mlx5e: fix a double-free in arfs_create_groups (Zhipeng Lu) - net/mlx5: DR, Can't go to uplink vport on RX rule (Yevgeny Kliteynik) - net/mlx5: DR, Use the right GVMI number for drop action (Yevgeny Kliteynik) - ipv6: init the accept_queue's spinlocks in inet6_create (Zhengchao Shao) - netlink: fix potential sleeping issue in mqueue_flush_file (Zhengchao Shao) - tcp: Add memory barrier to tcp_push() (Salvatore Dipietro) - afs: Hide silly-rename files from userspace (David Howells) - tracing: Ensure visibility when inserting an element into tracing_map (Petr Pavlu) - net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv (Sharath Srinivasan) - llc: Drop support for ETH_P_TR_802_2. (Kuniyuki Iwashima) - llc: make llc_ui_sendmsg() more robust against bonding changes (Eric Dumazet) - vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING (Lin Ma) - bnxt_en: Wait for FLR to complete during probe (Michael Chan) - tcp: make sure init the accept_queue's spinlocks once (Zhengchao Shao) - net/smc: fix illegal rmb_desc access in SMC-D connection dump (Wen Gu) - ksmbd: Add missing set_freezable() for freezable kthread (Namjae Jeon) - ksmbd: send lease break notification on FILE_RENAME_INFORMATION (Namjae Jeon) - ksmbd: don't increment epoch if current state and request state are same (Namjae Jeon) - ksmbd: fix potential circular locking issue in smb2_set_ea() (Namjae Jeon) - ksmbd: set v2 lease version on lease upgrade (Namjae Jeon) - rename(): fix the locking of subdirectories (Al Viro) - ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path (Zhihao Cheng) - nouveau/vmm: don't set addr on the fail path to avoid warning (Dave Airlie) - rtc: Adjust failure return code for cmos_set_alarm() (Mario Limonciello) - mmc: mmc_spi: remove custom DMA mapped buffers (Andy Shevchenko) - mmc: core: Use mrq.sbc in close-ended ffu (Avri Altman) - scripts/get_abi: fix source path leak (Vegard Nossum) - lsm: new security_file_ioctl_compat() hook (Alfred Piccioni) - arm64: dts: qcom: sdm845: fix USB DP/DM HS PHY interrupts (Johan Hovold) - arm64: dts: qcom: sm8150: fix USB wakeup interrupt types (Johan Hovold) - arm64: dts: qcom: sdm845: fix USB wakeup interrupt types (Johan Hovold) - arm64: dts: qcom: sc7180: fix USB wakeup interrupt types (Johan Hovold) - async: Introduce async_schedule_dev_nocall() (Rafael J. Wysocki) - async: Split async_schedule_node_domain() (Rafael J. Wysocki) - parisc/firmware: Fix F-extend for PDC addresses (Helge Deller) - bus: mhi: host: Add spinlock to protect WP access when queueing TREs (Bhaumik Bhatt) - bus: mhi: host: Drop chan lock before queuing buffers (Qiang Yu) - mips: Fix max_mapnr being uninitialized on early stages (Serge Semin) - media: ov9734: Enable runtime PM before registering async sub-device (Bingbu Cao) - rpmsg: virtio: Free driver_override when rpmsg_remove() (Xiaolei Wang) - media: imx355: Enable runtime PM before registering async sub-device (Bingbu Cao) - crypto: s390/aes - Fix buffer overread in CTR mode (Herbert Xu) - hwrng: core - Fix page fault dead lock on mmap-ed hwrng (Herbert Xu) - PM: hibernate: Enforce ordering during image compression/decompression (Hongchen Zhang) - crypto: api - Disallow identical driver names (Herbert Xu) - btrfs: sysfs: validate scrub_speed_max value (David Disseldorp) - ext4: allow for the last group to be marked as trimmed (Suraj Jitindar Singh) - iio:adc:ad7091r: Move exports into IIO_AD7091R namespace. (Jonathan Cameron) - scsi: ufs: core: Remove the ufshcd_hba_exit() call from ufshcd_async_scan() (Bart Van Assche) - scsi: ufs: core: Simplify power management during async scan (Bart Van Assche) - dmaengine: fix NULL pointer in channel unregistration function (Amelie Delaunay) - iio: adc: ad7091r: Enable internal vref if external vref is not supplied (Marcelo Schmitt) - iio: adc: ad7091r: Allow users to configure device events (Marcelo Schmitt) - iio: adc: ad7091r: Set alert bit in config register (Marcelo Schmitt) - ksmbd: only v2 leases handle the directory (Namjae Jeon) - ksmbd: fix UAF issue in ksmbd_tcp_new_connection() (Namjae Jeon) - ksmbd: validate mech token in session setup (Namjae Jeon) - ksmbd: don't allow O_TRUNC open on read-only share (Namjae Jeon) - ksmbd: free ppace array on error in parse_dacl (Fedor Pchelkin) - LTS version: v5.15.148 (Vijayendra Suman) - Revert 'Revert 'md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d'' (Song Liu) - arm64: dts: armada-3720-turris-mox: set irq type for RTC (Sjoerd Simons) - netfilter: nft_quota: copy content when cloning expression (Pablo Neira Ayuso) - netfilter: nft_last: copy content when cloning expression (Pablo Neira Ayuso) - netfilter: nft_limit: Clone packet limits' cost value (Phil Sutter) - netfilter: nft_limit: fix stateful object memory leak (Florian Westphal) - netfilter: nft_connlimit: memleak if nf_ct_netns_get() fails (Pablo Neira Ayuso) - netfilter: nf_tables: typo NULL check in _clone() function (Pablo Neira Ayuso) - block: Remove special-casing of compound pages (Matthew Wilcox (Oracle)) - i2c: s3c24xx: fix transferring more than one message in polling mode (Marek Szyprowski) - i2c: s3c24xx: fix read transfers in polling mode (Marek Szyprowski) - ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work (Nikita Zhandarovich) - selftests: mlxsw: qos_pfc: Adjust the test to support 8 lanes (Amit Cohen) - mlxsw: spectrum_acl_tcam: Fix stack corruption (Ido Schimmel) - mlxsw: spectrum_acl_erp: Fix error flow of pool allocation failure (Amit Cohen) - ethtool: netlink: Add missing ethnl_ops_begin/complete (Ludvig Parsson) - kdb: Fix a potential buffer overflow in kdb_local() (Christophe JAILLET) - ipvs: avoid stat macros calls from preemptible context (Fedor Pchelkin) - netfilter: nf_tables: reject NFT_SET_CONCAT with not field length description (Pablo Neira Ayuso) - netfilter: nf_tables: skip dead set elements in netlink dump (Pablo Neira Ayuso) - netfilter: nf_tables: do not allow mismatch field size and set key length (Pablo Neira Ayuso) - netfilter: nft_limit: do not ignore unsupported flags (Pablo Neira Ayuso) - netfilter: nf_tables: memcg accounting for dynamically allocated objects (Vasily Averin) - netfilter: nft_limit: move stateful fields out of expression data (Pablo Neira Ayuso) - netfilter: nft_limit: rename stateful structure (Pablo Neira Ayuso) - netfilter: nft_quota: move stateful fields out of expression data (Pablo Neira Ayuso) - netfilter: nft_last: move stateful fields out of expression data (Pablo Neira Ayuso) - netfilter: nft_connlimit: move stateful fields out of expression data (Pablo Neira Ayuso) - netfilter: nf_tables: reject invalid set policy (Pablo Neira Ayuso) - net: dsa: vsc73xx: Add null pointer check to vsc73xx_gpio_probe (Kunwu Chan) - bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS (Hao Sun) - net: stmmac: ethtool: Fixed calltrace caused by unbalanced disable_irq_wake calls (Qiang Ma) - net: ravb: Fix dma_addr_t truncation in error case (Nikita Yushchenko) - mptcp: use OPTION_MPTCP_MPJ_SYN in subflow_check_req() (Eric Dumazet) - mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() (Eric Dumazet) - mptcp: strict validation before using mp_opt->hmac (Eric Dumazet) - mptcp: drop unused sk in mptcp_get_options (Geliang Tang) - mptcp: mptcp_parse_option() fix for MPTCPOPT_MP_JOIN (Eric Dumazet) - net: phy: micrel: populate .soft_reset for KSZ9131 (Claudiu Beznea) - net: ethernet: ti: am65-cpsw: Fix max mtu to fit ethernet frames (Sanjuan Garcia, Jorge) - net: qualcomm: rmnet: fix global oob in rmnet_policy (Lin Ma) - s390/pci: fix max size calculation in zpci_memcpy_toio() (Niklas Schnelle) - PCI: keystone: Fix race condition when initializing PHYs (Siddharth Vadapalli) - nvmet-tcp: Fix the H2C expected PDU len calculation (Maurizio Lombardi) - nvmet: re-fix tracing strncpy() warning (Arnd Bergmann) - serial: imx: Correct clock error message in function probe() (Christoph Niedermaier) - usb: xhci-mtk: fix a short packet issue of gen1 isoc-in transfer (Chunfeng Yun) - apparmor: avoid crash when parsed profile name is empty (Fedor Pchelkin) - perf env: Avoid recursively taking env->bpf_progs.lock (Ian Rogers) - nvmet-tcp: fix a crash in nvmet_req_complete() (Maurizio Lombardi) - nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length (Maurizio Lombardi) - usb: cdc-acm: return correct error code on unsupported break (Oliver Neukum) - tty: use 'if' in send_break() instead of 'goto' (Jiri Slaby (SUSE)) - tty: don't check for signal_pending() in send_break() (Jiri Slaby (SUSE)) - tty: early return from send_break() on TTY_DRIVER_HARDWARE_BREAK (Jiri Slaby (SUSE)) - tty: change tty_write_lock()'s ndelay parameter to bool (Jiri Slaby (SUSE)) - perf genelf: Set ELF program header addresses properly (Namhyung Kim) - iio: adc: ad9467: fix scale setting (Nuno Sa) - iio: adc: ad9467: don't ignore error codes (Nuno Sa) - iio: adc: ad9467: fix reset gpio handling (Nuno Sa) - iio: adc: ad9467: Benefit from devm_clk_get_enabled() to simplify (Uwe Kleine-Konig) - selftests/sgx: Skip non X86_64 platform (Zhao Mengmeng) - selftests/sgx: Fix uninitialized pointer dereference in error path (Jo Van Bulck) - serial: imx: fix tx statemachine deadlock (Paul Geurts) - software node: Let args be NULL in software_node_get_reference_args (Sakari Ailus) - libapi: Add missing linux/types.h header to get the __u64 type on io.h (Arnaldo Carvalho de Melo) - serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed (Uwe Kleine-Konig) - power: supply: bq256xx: fix some problem in bq256xx_hw_init (Su Hui) - power: supply: cw2015: correct time_to_empty units in sysfs (Jan Palus) - MIPS: Alchemy: Fix an out-of-bound access in db1550_dev_setup() (Christophe JAILLET) - MIPS: Alchemy: Fix an out-of-bound access in db1200_dev_setup() (Christophe JAILLET) - riscv: Fix module_alloc() that did not reset the linear mapping permissions (Alexandre Ghiti) - riscv: Check if the code to patch lies in the exit section (Alexandre Ghiti) - mips: Fix incorrect max_low_pfn adjustment (Serge Semin) - mips: dmi: Fix early remap on MIPS32 (Serge Semin) - mfd: intel-lpss: Fix the fractional clock divider flags (Andy Shevchenko) - leds: aw2013: Select missing dependency REGMAP_I2C (Dang Huynh) - mfd: syscon: Fix null pointer dereference in of_syscon_register() (Kunwu Chan) - ARM: 9330/1: davinci: also select PINCTRL (Randy Dunlap) - iommu/dma: Trace bounce buffer usage when mapping buffers (Isaac J. Manjarres) - serial: sc16is7xx: set safe default SPI clock frequency (Hugo Villeneuve) - serial: sc16is7xx: add check for unsupported SPI modes during probe (Hugo Villeneuve) - HID: wacom: Correct behavior when processing some confidence == false touches (Jason Gerecke) - iio: adc: ad7091r: Pass iio_dev to event handler (Marcelo Schmitt) - KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache (Oliver Upton) - KVM: arm64: vgic-v4: Restore pending state on host userspace write (Marc Zyngier) - x86/kvm: Do not try to disable kvmclock if it was not enabled (Kirill A. Shutemov) - PCI: mediatek: Clear interrupt status before dispatching handler (qizhong cheng) - PCI: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support (Niklas Cassel) - wifi: mwifiex: configure BSSID consistently when starting AP (David Lin) - wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors (Ilpo Jarvinen) - wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable code (Ilpo Jarvinen) - wifi: mt76: fix broken precal loading from MTD for mt7915 (Christian Marangi) - iommu/arm-smmu-qcom: Add missing GMU entry to match table (Rob Clark) - bpf: Fix re-attachment branch in bpf_tracing_prog_attach (Jiri Olsa) - Bluetooth: Fix atomicity violation in {min,max}_key_size_set (Gui-Dong Han) - rootfs: Fix support for rootfstype= when root= is given (Stefan Berger) - io_uring/rw: ensure io->bytes_done is always initialized (Jens Axboe) - pwm: jz4740: Don't use dev_err_probe() in .request() (Uwe Kleine-Konig) - block: add check that partition length needs to be aligned with block size (Min Li) - scsi: mpi3mr: Refresh sdev queue depth after controller reset (Chandrakanth patil) - fbdev: flush deferred work in fb_deferred_io_fsync() (Nam Cao) - ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq2xxx (Caghan Demir) - ALSA: oxygen: Fix right channel of capture volume mixer (Takashi Iwai) - serial: imx: Ensure that imx_uart_rs485_config() is called with enabled clock (Christoph Niedermaier) - usb: mon: Fix atomicity violation in mon_bin_vma_fault (Gui-Dong Han) - usb: typec: class: fix typec_altmode_put_partner to put plugs (RD Babiera) - Revert 'usb: typec: class: fix typec_altmode_put_partner to put plugs' (Heikki Krogerus) - usb: cdns3: Fix uvc fail when DMA cross 4k boundery since sg enabled (Frank Li) - usb: cdns3: fix iso transfer error when mult is not zero (Frank Li) - usb: cdns3: fix uvc failure work since sg support enabled (Frank Li) - usb: chipidea: wait controller resume finished for wakeup irq (Xu Yang) - Revert 'usb: dwc3: don't reset device side if dwc3 was configured as host-only' (Thinh Nguyen) - Revert 'usb: dwc3: Soft reset phy on probe for host' (Thinh Nguyen) - usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart (Uttkarsh Aggarwal) - usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host() (Xu Yang) - tick-sched: Fix idle and iowait sleeptime accounting vs CPU hotplug (Heiko Carstens) - binder: fix race between mmput() and do_exit() (Carlos Llamas) - xen-netback: don't produce zero-size SKB frags (Jan Beulich) - virtio-crypto: fix memory leak in virtio_crypto_alg_skcipher_close_session() (Wei Yongjun) - dma-mapping: Fix build error unused-value (Ren Zhijie) - Input: atkbd - use ab83 as id when skipping the getid command (Hans de Goede) - binder: fix unused alloc->free_async_space (Carlos Llamas) - binder: fix async space check for 0-sized buffers (Carlos Llamas) - selftests/bpf: Add assert for user stacks in test_task_stack (Jordan Rome) - of: unittest: Fix of_count_phandle_with_args() expected value message (Geert Uytterhoeven) - of: Fix double free in of_parse_phandle_with_args_map (Christian A. Ehrhardt) - ksmbd: validate the zero field of packet header (Li Nan) - drm/amd/pm/smu7: fix a memleak in smu7_hwmgr_backend_init (Zhipeng Lu) - IB/iser: Prevent invalidating wrong MR (Sergey Gorenko) - mmc: sdhci_omap: Fix TI SoC dependencies (Peter Robinson) - mmc: sdhci_am654: Fix TI SoC dependencies (Peter Robinson) - ALSA: scarlett2: Add clamp() in scarlett2_mixer_ctl_put() (Geoffrey D. Bennett) - ALSA: scarlett2: Add missing error checks to *_ctl_get() (Geoffrey D. Bennett) - ALSA: scarlett2: Allow passing any output to line_out_remap() (Geoffrey D. Bennett) - ALSA: scarlett2: Add missing error check to scarlett2_usb_set_config() (Geoffrey D. Bennett) - ALSA: scarlett2: Add missing error check to scarlett2_config_save() (Geoffrey D. Bennett) - ASoC: rt5645: Drop double EF20 entry from dmi_platform_data[] (Hans de Goede) - pwm: stm32: Fix enable count for clk in .probe() (Philipp Zabel) - pwm: stm32: Use hweight32 in stm32_pwm_detect_channels (Philipp Zabel) - pwm: stm32: Use regmap_clear_bits and regmap_set_bits where applicable (Uwe Kleine-Konig) - clk: fixed-rate: fix clk_hw_register_fixed_rate_with_accuracy_parent_hw (Theo Lebrun) - clk: fixed-rate: add devm_clk_hw_register_fixed_rate (Dmitry Baryshkov) - clk: asm9260: use parent index to link the reference clock (Dmitry Baryshkov) - clk: si5341: fix an error code problem in si5341_output_clk_set_rate (Su Hui) - watchdog: rti_wdt: Drop runtime pm reference count when watchdog is unused (Vignesh Raghavendra) - watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling (Stefan Wahren) - watchdog/hpwdt: Only claim UNKNOWN NMI if from iLO (Jerry Hoemann) - watchdog: set cdev owner before adding (Curtis Klein) - drivers: clk: zynqmp: update divider round rate logic (Jay Buddhabhatti) - clk: zynqmp: Add a check for NULL pointer (Shubhrajyoti Datta) - clk: zynqmp: make bestdiv unsigned (Shubhrajyoti Datta) - drivers: clk: zynqmp: calculate closest mux rate (Jay Buddhabhatti) - clk: qcom: videocc-sm8150: Add missing PLL config property (Satya Priya Kakitapalli) - clk: qcom: videocc-sm8150: Update the videocc resets (Satya Priya Kakitapalli) - dt-bindings: clock: Update the videocc resets for sm8150 (Satya Priya Kakitapalli) - gpu/drm/radeon: fix two memleaks in radeon_vm_init (Zhipeng Lu) - drivers/amd/pm: fix a use-after-free in kv_parse_power_table (Zhipeng Lu) - drm/amd/pm: fix a double-free in si_dpm_init (Zhipeng Lu) - drm/amdgpu/debugfs: fix error code when smc register accessors are NULL (Alex Deucher) - media: dvb-frontends: m88ds3103: Fix a memory leak in an error handling path of m88ds3103_probe() (Christophe JAILLET) - media: dvbdev: drop refcount on error path in dvb_device_open() (Dan Carpenter) - f2fs: fix the f2fs_file_write_iter tracepoint (Eric Biggers) - f2fs: fix to update iostat correctly in f2fs_filemap_fault() (Chao Yu) - f2fs: fix to check compress file in f2fs_move_file_range() (Chao Yu) - media: rkisp1: Disable runtime PM in probe error path (Laurent Pinchart) - clk: qcom: gpucc-sm8150: Update the gpu_cc_pll1 config (Satya Priya Kakitapalli) - media: cx231xx: fix a memleak in cx231xx_init_isoc (Zhipeng Lu) - drm/bridge: tc358767: Fix return value on error case (Tomi Valkeinen) - drm/bridge: cdns-mhdp8546: Fix use of uninitialized variable (Tomi Valkeinen) - drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table (Zhipeng Lu) - drm/radeon/dpm: fix a memleak in sumo_parse_power_table (Zhipeng Lu) - drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() (Yang Yingliang) - drm/drv: propagate errors from drm_modeset_register_all() (Dmitry Baryshkov) - drm/msm/dsi: Use pm_runtime_resume_and_get to prevent refcnt leaks (Konrad Dybcio) - drm/msm/mdp4: flush vblank event on disable (Dmitry Baryshkov) - ASoC: cs35l34: Fix GPIO name and drop legacy include (Linus Walleij) - ASoC: cs35l33: Fix GPIO name and drop legacy include (Linus Walleij) - drm/radeon: check return value of radeon_ring_lock() (Nikita Zhandarovich) - drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check() (Nikita Zhandarovich) - drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg() (Nikita Zhandarovich) - f2fs: fix to avoid dirent corruption (Chao Yu) - drm/bridge: Fix typo in post_disable() description (Dario Binacchi) - media: pvrusb2: fix use after free on context disconnection (Ricardo B. Marliere) - drm/tilcdc: Fix irq free on unload (Tomi Valkeinen) - drm/bridge: tpd12s015: Drop buggy __exit annotation for remove function (Uwe Kleine-Konig) - drm/nouveau/fence:: fix warning directly dereferencing a rcu pointer (Abhinav Singh) - drm/panel-elida-kd35t133: hold panel in reset for unprepare (Chris Morgan) - RDMA/hns: Fix inappropriate err code for unsupported operations (Junxian Huang) - RDMA/usnic: Silence uninitialized symbol smatch warnings (Leon Romanovsky) - Revert 'drm/omapdrm: Annotate dma-fence critical section in commit path' (Tomi Valkeinen) - Revert 'drm/tidss: Annotate dma-fence critical section in commit path' (Tomi Valkeinen) - ARM: davinci: always select CONFIG_CPU_ARM926T (Arnd Bergmann) - ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (Eric Dumazet) - mlxbf_gige: Enable the GigE port in mlxbf_gige_open (Asmaa Mnebhi) - mlxbf_gige: Fix intermittent no ip issue (Asmaa Mnebhi) - net/sched: act_ct: fix skb leak and crash on ooo frags (Tao Liu) - null_blk: don't cap max_hw_sectors to BLK_DEF_MAX_SECTORS (Christoph Hellwig) - block: make BLK_DEF_MAX_SECTORS unsigned (Keith Busch) - Bluetooth: btmtkuart: fix recv_buf() return value (Francesco Dolcini) - Bluetooth: Fix bogus check for re-auth no supported with non-ssp (Luiz Augusto von Dentz) - netfilter: nf_tables: mark newset as dead on transaction abort (Florian Westphal) - wifi: iwlwifi: mvm: send TX path flush in rfkill (Johannes Berg) - wifi: iwlwifi: mvm: set siso/mimo chains to 1 in FW SMPS request (Johannes Berg) - wifi: rtlwifi: rtl8192se: using calculate_bit_shift() (Su Hui) - wifi: rtlwifi: rtl8192ee: using calculate_bit_shift() (Su Hui) - wifi: rtlwifi: rtl8192de: using calculate_bit_shift() (Su Hui) - wifi: rtlwifi: rtl8192ce: using calculate_bit_shift() (Su Hui) - wifi: rtlwifi: rtl8192cu: using calculate_bit_shift() (Su Hui) - wifi: rtlwifi: rtl8192c: using calculate_bit_shift() (Su Hui) - wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift() (Su Hui) - wifi: rtlwifi: add calculate_bit_shift() (Su Hui) - arm64: dts: qcom: sc7280: Mark SDHCI hosts as cache-coherent (Konrad Dybcio) - block: add check of 'minors' and 'first_minor' in device_add_disk() (Li Nan) - arm64: dts: qcom: sm8150-hdk: fix SS USB regulators (Dmitry Baryshkov) - soc: qcom: llcc: Fix dis_cap_alloc and retain_on_pc configuration (Atul Dhudase) - dma-mapping: clear dev->dma_mem to NULL after freeing it (Joakim Zhang) - dma-mapping: Add dma_release_coherent_memory to DMA API (Mark-PK Tsai) - virtio/vsock: fix logic which reduces credit update messages (Arseniy Krasnov) - selftests/net: fix grep checking for fib_nexthop_multiprefix (Hangbin Liu) - scsi: hisi_sas: Correct the number of global debugfs registers (Yihang Li) - scsi: hisi_sas: Rollback some operations if FLR failed (Yihang Li) - scsi: hisi_sas: Replace with standard error code return value (Yihang Li) - scsi: hisi_sas: Prevent parallel FLR and controller reset (Qi Liu) - scsi: hisi_sas: Rename HISI_SAS_{RESET -> RESETTING}_BIT (Luo Jiaxing) - block: Set memalloc_noio to false on device_add_disk() error path (Li Nan) - bpf: Fix verification of indirect var-off stack access (Andrei Matei) - arm64: dts: qcom: sc7280: fix usb_2 wakeup interrupt types (Johan Hovold) - arm64: dts: qcom: sdm845-db845c: correct LED panic indicator (Krzysztof Kozlowski) - arm64: dts: qcom: qrb5165-rb5: correct LED panic indicator (Krzysztof Kozlowski) - scsi: fnic: Return error if vmalloc() failed (Artem Chernyshev) - bpf: fix check for attempt to corrupt spilled pointer (Andrii Nakryiko) - arm64: dts: qcom: sm8250: Make watchdog bark interrupt edge triggered (Douglas Anderson) - arm64: dts: qcom: sm8150: Make watchdog bark interrupt edge triggered (Douglas Anderson) - arm64: dts: qcom: sdm845: Make watchdog bark interrupt edge triggered (Douglas Anderson) - arm64: dts: qcom: sc7280: Make watchdog bark interrupt edge triggered (Douglas Anderson) - arm64: dts: qcom: sc7180: Make watchdog bark interrupt edge triggered (Douglas Anderson) - ARM: dts: qcom: sdx65: correct SPMI node name (Krzysztof Kozlowski) - bpf: enforce precision of R0 on callback return (Andrii Nakryiko) - arm64: dts: ti: k3-am65-main: Fix DSS irq trigger type (Tomi Valkeinen) - wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift behavior (Su Hui) - firmware: meson_sm: populate platform devices from sm device tree data (Dmitry Rokosov) - firmware: ti_sci: Fix an off-by-one in ti_sci_debugfs_create() (Christophe JAILLET) - net/ncsi: Fix netlink major/minor version numbers (Peter Delevoryas) - ARM: dts: qcom: apq8064: correct XOADC register address (Dmitry Baryshkov) - wifi: libertas: stop selecting wext (Arnd Bergmann) - wifi: ath11k: Defer on rproc_get failure (Luca Weiss) - bpf: Add crosstask check to __bpf_get_stack (Jordan Rome) - bpf, lpm: Fix check prefixlen before walking trie (Florian Lehner) - wifi: rtw88: fix RX filter in FIF_ALLMULTI flag (Chih-Kang Chang) - NFSv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT (Trond Myklebust) - blocklayoutdriver: Fix reference leak of pnfs_device_node (Benjamin Coddington) - crypto: scomp - fix req->dst buffer overflow (Chengming Zhou) - crypto: sahara - do not resize req->src when doing hash operations (Ovidiu Panait) - crypto: sahara - fix processing hash requests with req->nbytes < sg->length (Ovidiu Panait) - crypto: sahara - improve error handling in sahara_sha_process() (Ovidiu Panait) - crypto: sahara - fix wait_for_completion_timeout() error handling (Ovidiu Panait) - crypto: sahara - fix ahash reqsize (Ovidiu Panait) - crypto: sahara - handle zero-length aes requests (Ovidiu Panait) - crypto: sahara - avoid skcipher fallback code duplication (Ovidiu Panait) - crypto: virtio - Wait for tasklet to complete on device remove (wangyangxin) - gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump (Osama Muhammad) - fs: indicate request originates from old mount API (Christian Brauner) - pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() (Sergey Shtylyov) - crypto: sahara - fix error handling in sahara_hw_descriptor_create() (Ovidiu Panait) - crypto: sahara - fix processing requests with cryptlen < sg->length (Ovidiu Panait) - crypto: sahara - fix ahash selftest failure (Ovidiu Panait) - crypto: sahara - fix cbc selftest failure (Ovidiu Panait) - crypto: sahara - remove FLAGS_NEW_KEY logic (Ovidiu Panait) - crypto: af_alg - Disallow multiple in-flight AIO requests (Herbert Xu) - crypto: ccp - fix memleak in ccp_init_dm_workarea (Dinghao Liu) - crypto: sa2ul - Return crypto_aead_setkey to transfer the error (Chen Ni) - crypto: virtio - Handle dataq logic with tasklet (Gonglei (Arei)) - selinux: Fix error priority for bind with AF_UNSPEC on PF_INET6 socket (Mickael Salaun) - mtd: Fix gluebi NULL pointer dereference caused by ftl notifier (ZhaoLong Wang) - kunit: debugfs: Fix unchecked dereference in debugfs_print_results() (Richard Fitzgerald) - ACPI: extlog: Clear Extended Error Log status when RAS_CEC handled the error (Tony Luck) - ACPI: LPSS: Fix the fractional clock divider flags (Andy Shevchenko) - spi: sh-msiof: Enforce fixed DTDL for R-Car H3 (Wolfram Sang) - efivarfs: force RO when remounting if SetVariable is not supported (Ilias Apalodimas) - calipso: fix memory leak in netlbl_calipso_add_pass() (Gavrilov Ilia) - cpufreq: scmi: process the result of devm_of_clk_add_hw_provider() (Alexandra Diupina) - cpufreq: Use of_property_present() for testing DT property presence (Rob Herring) - of: Add of_property_present() helper (Rob Herring) - of: property: define of_property_read_u{8,16,32,64}_array() unconditionally (Michael Walle) - ACPI: LPIT: Avoid u32 multiplication overflow (Nikita Kiryushin) - ACPI: video: check for error while searching for backlight device parent (Nikita Kiryushin) - mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller response (Ronald Monthero) - spi: spi-zynqmp-gqspi: fix driver kconfig dependencies (Amit Kumar Mahapatra) - powerpc/imc-pmu: Add a null pointer check in update_events_in_group() (Kunwu Chan) - powerpc/powernv: Add a null pointer check in opal_powercap_init() (Kunwu Chan) - powerpc/powernv: Add a null pointer check in opal_event_init() (Kunwu Chan) - powerpc/powernv: Add a null pointer check to scom_debug_init_one() (Kunwu Chan) - selftests/powerpc: Fix error handling in FPU/VMX preemption tests (Michael Ellerman) - powerpc/pseries/memhp: Fix access beyond end of drmem array (Nathan Lynch) - powerpc/44x: select I2C for CURRITUCK (Randy Dunlap) - powerpc: add crtsavres.o to always-y instead of extra-y (Masahiro Yamada) - powerpc: remove checks for binutils older than 2.25 (Masahiro Yamada) - powerpc/toc: Future proof kernel toc (Alan Modra) - powerpc: Mark .opd section read-only (Christophe Leroy) - EDAC/thunderx: Fix possible out-of-bounds string access (Arnd Bergmann) - x86/lib: Fix overflow when counting digits (Colin Ian King) - coresight: etm4x: Fix width of CCITMIN field (James Clark) - PCI: Add ACS quirk for more Zhaoxin Root Ports (LeoLiuoc) - leds: ledtrig-tty: Free allocated ttyname buffer on deactivate (Florian Eckert) - parport: parport_serial: Add Brainboxes device IDs and geometry (Cameron Williams) - parport: parport_serial: Add Brainboxes BAR details (Cameron Williams) - uio: Fix use-after-free in uio_open (Guanghui Feng) - binder: fix comment on binder_alloc_new_buf() return value (Carlos Llamas) - binder: fix trivial typo of binder_free_buf_locked() (Carlos Llamas) - binder: fix use-after-free in shinker's callback (Carlos Llamas) - binder: use EPOLLERR from eventpoll.h (Carlos Llamas) - kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list (Masami Hiramatsu (Google)) - bpf: Add --skip_encoding_btf_inconsistent_proto, --btf_gen_optimized to pahole flags for v1.25 (Alan Maguire) - Revert 'ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek' (Greg Kroah-Hartman) - ACPI: resource: Add another DMI match for the TongFang GMxXGxx (Hans de Goede) - drm/crtc: fix uninitialized variable use (Jani Nikula) - ARM: sun9i: smp: fix return code check of of_property_match_string (Stefan Wahren) - net: qrtr: ns: Return 0 if server port is not present (Sarannya S) - ida: Fix crash in ida_free when the bitmap is empty (Matthew Wilcox (Oracle)) - i2c: rk3x: fix potential spinlock recursion on poll (Jensen Huang) - ASoC: Intel: bytcr_rt5640: Add quirk for the Medion Lifetab S10346 (Hans de Goede) - Input: xpad - add Razer Wolverine V2 support (Luca Weiss) - wifi: iwlwifi: pcie: avoid a NULL pointer dereference (Avraham Stern) - ARC: fix spare error (Vineet Gupta) - s390/scm: fix virtual vs physical address confusion (Vineeth Vijayan) - Input: i8042 - add nomux quirk for Acer P459-G2-M (Esther Shimanovich) - Input: atkbd - skip ATKBD_CMD_GETID in translated mode (Hans de Goede) - reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning (Krzysztof Kozlowski) - ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI (Steven Rostedt (Google)) - tracing: Fix uaf issue when open the hist or hist_debug file (Zheng Yejian) - MIPS: dts: loongson: drop incorrect dwmac fallback compatible (Krzysztof Kozlowski) - stmmac: dwmac-loongson: drop useless check for compatible fallback (Krzysztof Kozlowski) - tracing: Add size check when printing trace_marker output (Steven Rostedt (Google)) - tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing (Steven Rostedt (Google)) - jbd2: fix soft lockup in journal_finish_inode_data_buffers() (Ye Bin) - platform/x86: intel-vbtn: Fix missing tablet-mode-switch events (Hans de Goede) - neighbour: Don't let neigh_forced_gc() disable preemption for long (Judy Hsiao) - drm/crtc: Fix uninit-value bug in drm_mode_setcrtc (Ziqi Zhao) - jbd2: correct the printing of write_flags in jbd2_write_superblock() (Zhang Yi) - clk: rockchip: rk3128: Fix HCLK_OTG gate register (Weihao Li) - hwmon: (corsair-psu) Fix probe when built-in (Armin Wolf) - drm/exynos: fix a wrong error checking (Inki Dae) - drm/exynos: fix a potential error pointer dereference (Xiang Yang) - drm/amdgpu: Add NULL checks for function pointers (Lijo Lazar) - nvme: introduce helper function to get ctrl state (Keith Busch) - ASoC: ops: add correct range check for limiting volume (Srinivas Kandagatla) - ASoC: da7219: Support low DC impedance headset (David Rau) - net/tg3: fix race condition in tg3_reset_task() (Thinh Tran) - nouveau/tu102: flush all pdbs on vmm flush (Dave Airlie) - ASoC: rt5650: add mutex to avoid the jack detection failure (Shuming Fan) - ASoC: cs43130: Fix incorrect frame delay configuration (Maciej Strozek) - ASoC: cs43130: Fix the position of const qualifier (Maciej Strozek) - ASoC: Intel: Skylake: mem leak in skl register function (Kamil Duljas) - ASoC: nau8822: Fix incorrect type in assignment and cast to restricted __be16 (David Lin) - ASoC: Intel: Skylake: Fix mem leak in few functions (Kamil Duljas) - ASoC: wm8974: Correct boost mixer inputs (Charles Keepax) - nvme-core: check for too small lba shift (Keith Busch) - drm/amdgpu: Fix cat debugfs amdgpu_regs_didt causes kernel null pointer (Lu Yao) - debugfs: fix automount d_fsdata usage (Johannes Berg) - wifi: cfg80211: lock wiphy mutex for rfkill poll (Johannes Berg) - mptcp: fix uninit-value in mptcp_incoming_options (Edward Adam Davis) - ALSA: hda - Fix speaker and headset mic pin config for CHUWI CoreBook XPro (Vasiliy Kovalev) - pinctrl: lochnagar: Don't build on MIPS (Charles Keepax) - f2fs: explicitly null-terminate the xattr list (Eric Biggers) [5.15.0-205.147.1] - mm: avoid conflict between MADV_DOEXEC and upstream advice values (Anthony Yznaga) [Orabug: 36334308] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-26679 CVE-2024-2201 cpe:/a:oracle:linux:8::UEKR7 cpe:/a:oracle:linux:9::distro_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:linux:9::UEKR7 cpe:/o:oracle:linux:9:4:baseos_base Oracle Linux 7 [5.4.17-2136.330.7.1.el7] - KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Add BHI mitigation knob (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Enumerate Branch History Injection (BHI) bug (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Define SPEC_CTRL_BHI_DIS_S (Daniel Sneddon) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Add support for clearing branch history at syscall entry (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201} - x86/cpufeature: Add missing leaf enumeration (Daniel Sneddon) [Orabug: 36384803] {CVE-2024-2201} - KVM: x86: Use a switch statement and macros in __feature_translate() (Jim Mattson) [Orabug: 36384803] {CVE-2024-2201} - KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace (Jim Mattson) [Orabug: 36384803] {CVE-2024-2201} - KVM: x86: Update KVM-only leaf handling to allow for 100% KVM-only leafs (Sean Christopherson) [Orabug: 36384803] {CVE-2024-2201} - x86/bugs: Use sysfs_emit() (Borislav Petkov) [Orabug: 36384803] {CVE-2024-2201} - x86/speculation: Reorder SRSO and GDS functions (Alexandre Chartre) [Orabug: 36384803] {CVE-2024-2201} - KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (Jim Mattson) [Orabug: 36384803] {CVE-2024-2201} - KVM: x86: Move reverse CPUID helpers to separate header file (Ricardo Koller) [Orabug: 36384803] {CVE-2024-2201} - KVM: x86: Fix implicit enum conversion goof in scattered reverse CPUID code (Sean Christopherson) [Orabug: 36384803] {CVE-2024-2201} - KVM: x86: Add support for reverse CPUID lookup of scattered features (Sean Christopherson) [Orabug: 36384803] {CVE-2024-2201} - x86/msr: Define new bits in TSX_FORCE_ABORT MSR (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201} - objtool: Add asm version of STACK_FRAME_NON_STANDARD (Josh Poimboeuf) [Orabug: 36384803] {CVE-2024-2201} - objtool: Only include valid definitions depending on source file type (Julien Thierry) [Orabug: 36384803] {CVE-2024-2201} [5.4.17-2136.330.7.el7] - Revert 'x86/mm/ident_map: Use gbpages only where full GB page should be mapped.' (Sherry Yang) [Orabug: 36409910] - arm64: dts: qcom: sdm845: fix USB DP/DM HS PHY interrupts (Johan Hovold) - arm64: dts: qcom: add PDC interrupt controller for SDM845 (Lina Iyer) - hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed (Shradha Gupta) - hv_netvsc: use netif_is_bond_master() instead of open code (Juhee Kang) - netfilter: nft_ct: fix l3num expectations with inet pseudo family (Florian Westphal) [5.4.17-2136.330.6.el7] - eVM: x86: Drop kvm SRCU lock in kvm_vcpu_update_apicv (Alejandro Jimenez) [Orabug: 36329600] - KVM: x86: Handle APICv updates for APIC 'mode' changes via request (Sean Christopherson) [Orabug: 36329600] - blk-mq: fix system hang while doing cpu offline on domU (Shminderjit Singh) [Orabug: 36366420] [5.4.17-2136.330.5.el7] - afs: Fix endless loop in directory parsing (David Howells) - netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() (Ignat Korchagin) - netfilter: nf_tables: set dormant flag on hook register failure (Florian Westphal) - scsi: megaraid_sas: Correct value passed to scsi_device_lookup() (Guixin Liu) [Orabug: 36345168] [5.4.17-2136.330.4.el7] - Revert 'crypto: api - Disallow identical driver names' (Saeed Mirzamohammadi) [Orabug: 36361379] - Fix null ptr in rds_tcp_recv_path (Allison Henderson) [Orabug: 35587415] - net/rds: print PPID/COMM of process doing user reset on RDS connection (Juan Garcia) [Orabug: 36248461] [5.4.17-2136.330.3.el7] - uek: kabi: Add two new exported kABI symbols for ACFS and EDV (Saeed Mirzamohammadi) [Orabug: 36251861] - mm: avoid conflict between MADV_DOEXEC and upstream advice values (Anthony Yznaga) [Orabug: 36334309] [5.4.17-2136.330.2.el7] - LTS tag: v5.4.269 (Alok Tiwari) - bpf: Add map and need_defer parameters to .map_fd_put_ptr() (Hou Tao) - of: gpio unittest kfree() wrong object (Frank Rowand) - of: unittest: fix EXPECT text for gpio hog errors (Frank Rowand) - net: bcmgenet: Fix EEE implementation (Florian Fainelli) - Revert 'Revert 'mtd: rawnand: gpmi: Fix setting busy timeout setting'' (Max Krummenacher) - netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() (Dan Carpenter) - lsm: new security_file_ioctl_compat() hook (Alfred Piccioni) - drm/msm/dsi: Enable runtime PM (Konrad Dybcio) - PM: runtime: Have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend() (Douglas Anderson) - PM: runtime: add devm_pm_runtime_enable helper (Dmitry Baryshkov) - nilfs2: fix potential bug in end_buffer_async_write (Ryusuke Konishi) - sched/membarrier: reduce the ability to hammer on sys_membarrier (Linus Torvalds) - net: prevent mss overflow in skb_segment() (Eric Dumazet) - netfilter: ipset: Missing gc cancellations fixed (Jozsef Kadlecsik) - netfilter: ipset: fix performance regression in swap operation (Jozsef Kadlecsik) - KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache (Oliver Upton) - mips: Fix max_mapnr being uninitialized on early stages (Serge Semin) - arch, mm: remove stale mentions of DISCONIGMEM (Mike Rapoport) - bus: moxtet: Add spi device table (Sjoerd Simons) - tracing: Inform kmemleak of saved_cmdlines allocation (Steven Rostedt (Google)) - pmdomain: core: Move the unused cleanup to a _sync initcall (Konrad Dybcio) - can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) (Oleksij Rempel) - irqchip/irq-brcmstb-l2: Add write memory barrier before exit (Doug Berger) - nfp: flower: prevent re-adding mac index for bonded port (Daniel de Villiers) - nfp: use correct macro for LengthSelect in BAR config (Daniel Basilio) - nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() (Ryusuke Konishi) - nilfs2: fix data corruption in dsync block recovery for small block sizes (Ryusuke Konishi) - ALSA: hda/conexant: Add quirk for SWS JS201D (bo liu) - mmc: slot-gpio: Allow non-sleeping GPIO ro (Alexander Stein) - x86/mm/ident_map: Use gbpages only where full GB page should be mapped. (Steve Wahl) - x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 (Aleksander Mazur) - serial: max310x: improve crystal stable clock detection (Hugo Villeneuve) - serial: max310x: set default value when reading clock ready bit (Hugo Villeneuve) - ring-buffer: Clean ring_buffer_poll_wait() error return (Vincent Donnefort) - iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC (zhili.liu) - staging: iio: ad5933: fix type mismatch regression (David Schiller) - tracing: Fix wasted memory in saved_cmdlines logic (Steven Rostedt (Google)) - ext4: fix double-free of blocks due to wrong extents moved_len (Baokun Li) - misc: fastrpc: Mark all sessions as invalid in cb_remove (Ekansh Gupta) - binder: signal epoll threads of self-work (Carlos Llamas) - ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL (Edson Juliano Drosdeck) - xen-netback: properly sync TX responses (Jan Beulich) - nfc: nci: free rx_data_reassembly skb on NCI device cleanup (Fedor Pchelkin) - kbuild: Fix changing ELF file type for output of gen_btf for big endian (Nathan Chancellor) - firewire: core: correct documentation of fw_csr_string() kernel API (Takashi Sakamoto) - scsi: Revert 'scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock' (Lee Duncan) - i2c: i801: Fix block process call transactions (Jean Delvare) - i2c: i801: Remove i801_set_block_buffer_mode (Heiner Kallweit) - usb: f_mass_storage: forbid async queue when shutdown happen (yuan linyu) - USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT (Oliver Neukum) - HID: wacom: Do not register input devices until after hid_hw_start (Jason Gerecke) - HID: wacom: generic: Avoid reporting a serial of '0' to userspace (Tatsunosuke Tobita) - mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again (Zach O'Keefe) - tracing/trigger: Fix to return error if failed to alloc snapshot (Masami Hiramatsu (Google)) - i40e: Fix waiting for queues of all VSIs to be disabled (Ivan Vecera) - MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler (Guenter Roeck) - ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() (Alexey Khoroshilov) - spi: ppc4xx: Drop write-only variable (Uwe Kleine-Konig) - of: unittest: Fix compile in the non-dynamic case (Christian A. Ehrhardt) - of: unittest: add overlay gpio test to catch gpio hog problem (Frank Rowand) - btrfs: send: return EOPNOTSUPP on unknown flags (David Sterba) - btrfs: forbid deleting live subvol qgroup (Boris Burkov) - btrfs: forbid creating subvol qgroups (Boris Burkov) - netfilter: nft_set_rbtree: skip end interval element from gc (Pablo Neira Ayuso) - net: stmmac: xgmac: fix a typo of register name in DPP safety handling (Furong Xu) - net: stmmac: xgmac: use #define for string constants (Simon Horman) - vhost: use kzalloc() instead of kmalloc() followed by memset() (Prathu Baronia) - Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID (Hans de Goede) - USB: serial: cp210x: add ID for IMST iM871A-USB (Leonard Dallmayr) - USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e (JackBB Wu) - net/af_iucv: clean up a try_then_request_module() (Julian Wiedmann) - netfilter: nft_ct: reject direction for ct id (Pablo Neira Ayuso) - netfilter: nft_compat: restrict match/target protocol to u16 (Pablo Neira Ayuso) - netfilter: nft_compat: reject unused compat flag (Pablo Neira Ayuso) - ppp_async: limit MRU to 64K (Eric Dumazet) - tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (Shigeru Yoshida) - rxrpc: Fix response to PING RESPONSE ACKs to a dead call (David Howells) - inet: read sk->sk_family once in inet_recv_error() (Eric Dumazet) - hwmon: (coretemp) Fix bogus core_id to attr name mapping (Zhang Rui) - hwmon: (coretemp) Fix out-of-bounds memory access (Zhang Rui) - hwmon: (aspeed-pwm-tacho) mutex for tach reading (Loic Prylli) - atm: idt77252: fix a memleak in open_card_ubr0 (Zhipeng Lu) - selftests: net: avoid just another constant wait (Paolo Abeni) - net: stmmac: xgmac: fix handling of DPP safety error for DMA channels (Furong Xu) - phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (Tony Lindgren) - dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV (Frank Li) - phy: renesas: rcar-gen3-usb2: Fix returning wrong error code (Yoshihiro Shimoda) - dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA (Christophe JAILLET) - dmaengine: fsl-qdma: Fix a memory leak related to the status queue DMA (Christophe JAILLET) - bonding: remove print in bond_verify_device_path (Zhengchao Shao) - HID: apple: Add 2021 magic keyboard FN key mapping (Benjamin Berg) - HID: apple: Swap the Fn and Left Control keys on Apple keyboards (free5lot) - HID: apple: Add support for the 2021 Magic Keyboard (Alex Henrie) - net: sysfs: Fix /sys/class/net/<iface> path (Breno Leitao) - af_unix: fix lockdep positive in sk_diag_dump_icons() (Eric Dumazet) - net: ipv4: fix a memleak in ip_setup_cork (Zhipeng Lu) - netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations (Pablo Neira Ayuso) - netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger (Pablo Neira Ayuso) - llc: call sock_orphan() at release time (Eric Dumazet) - ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (Helge Deller) - ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550() (Christophe JAILLET) - ixgbe: Refactor overtemp event handling (Jedrzej Jagielski) - ixgbe: Refactor returning internal error codes (Jedrzej Jagielski) - ixgbe: Remove non-inclusive language (Piotr Skajewski) - net: remove unneeded break (Tom Rix) - scsi: isci: Fix an error code problem in isci_io_request_build() (Su Hui) - wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update (Edward Adam Davis) - perf: Fix the nr_addr_filters fix (Peter Zijlstra) - drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()' (Srinivasan Shanmugam) - ceph: fix deadlock or deadcode of misusing dget() (Xiubo Li) - blk-mq: fix IO hang from sbitmap wakeup race (Ming Lei) - virtio_net: Fix ''%d' directive writing between 1 and 11 bytes into a region of size 10' warnings (Zhu Yanjun) - libsubcmd: Fix memory leak in uniq() (Ian Rogers) - PCI/AER: Decode Requester ID when no error info found (Bjorn Helgaas) - fs/kernfs/dir: obey S_ISGID (Max Kellermann) - usb: hub: Replace hardcoded quirk value with BIT() macro (Hardik Gajjar) - PCI: switchtec: Fix stdev_release() crash after surprise hot remove (Daniel Stodden) - PCI: Only override AMD USB controller if required (Guilherme G. Piccoli) - mfd: ti_am335x_tscadc: Fix TI SoC dependencies (Peter Robinson) - i3c: master: cdns: Update maximum prescaler value for i2c clock (Harshit Shah) - um: net: Fix return type of uml_net_start_xmit() (Nathan Chancellor) - um: Don't use vfprintf() for os_info() (Benjamin Berg) - um: Fix naming clash between UML and scheduler (Anton Ivanov) - leds: trigger: panic: Don't register panic notifier if creating the trigger failed (Heiner Kallweit) - drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' (Srinivasan Shanmugam) - drm/amdgpu: Let KFD sync with VM fences (Felix Kuehling) - clk: mmp: pxa168: Fix memory leak in pxa168_clk_init() (Kuan-Wei Chiu) - clk: hi3620: Fix memory leak in hi3620_mmc_clk_init() (Kuan-Wei Chiu) - drm/msm/dpu: Ratelimit framedone timeout msgs (Rob Clark) - media: ddbridge: fix an error code problem in ddb_probe (Su Hui) - IB/ipoib: Fix mcast list locking (Daniel Vacek) - drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time (Douglas Anderson) - ALSA: hda: Intel: add HDA_ARL PCI ID support (Pierre-Louis Bossart) - PCI: add INTEL_HDA_ARL to pci_ids.h (Pierre-Louis Bossart) - media: rockchip: rga: fix swizzling for RGB formats (Michael Tretter) - media: stk1160: Fixed high volume of stk1160_dbg messages (Ghanshyam Agrawal) - drm/mipi-dsi: Fix detach call without attach (Tomi Valkeinen) - drm/framebuffer: Fix use of uninitialized variable (Tomi Valkeinen) - drm/drm_file: fix use of uninitialized variable (Tomi Valkeinen) - RDMA/IPoIB: Fix error code return in ipoib_mcast_join (Jack Wang) - fast_dput(): handle underflows gracefully (Al Viro) - ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument (Cristian Ciocaltea) - f2fs: fix to check return value of f2fs_reserve_new_block() (Chao Yu) - wifi: cfg80211: free beacon_ies when overridden from hidden BSS (Benjamin Berg) - wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() (Su Hui) - wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices (Zenm Chen) - arm64: dts: qcom: msm8998: Fix 'out-ports' is a required property (Mao Jinlong) - arm64: dts: qcom: msm8996: Fix 'in-ports' is a required property (Mao Jinlong) - md: Whenassemble the array, consult the superblock of the freshest device (Alex Lyakas) - block: prevent an integer overflow in bvec_try_merge_hw_page (Christoph Hellwig) - ARM: dts: imx23/28: Fix the DMA controller node name (Fabio Estevam) - ARM: dts: imx23-sansa: Use preferred i2c-gpios properties (Fabio Estevam) - ARM: dts: imx27-apf27dev: Fix LED name (Fabio Estevam) - ARM: dts: imx25/27: Pass timing0 (Fabio Estevam) - ARM: dts: imx1: Fix sram node (Fabio Estevam) - ARM: dts: imx27: Fix sram node (Fabio Estevam) - ARM: dts: imx: Use flash@0,0 pattern (Fabio Estevam) - ARM: dts: imx25/27-eukrea: Fix RTC node name (Fabio Estevam) - ARM: dts: rockchip: fix rk3036 hdmi ports node (Johan Jonker) - scsi: libfc: Fix up timeout error in fc_fcp_rec_error() (Hannes Reinecke) - scsi: libfc: Don't schedule abort twice (Hannes Reinecke) - wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (Minsuk Kang) - ARM: dts: imx7s: Fix nand-controller #size-cells (Alexander Stein) - ARM: dts: imx7s: Fix lcdif compatible (Alexander Stein) - ARM: dts: imx7d: Fix coresight funnel ports (Alexander Stein) - bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk (Zhengchao Shao) - PCI: Add no PM reset quirk for NVIDIA Spectrum devices (Ido Schimmel) - scsi: lpfc: Fix possible file string name overflow when updating firmware (Justin Tee) - selftests/bpf: Fix pyperf180 compilation failure with clang18 (Yonghong Song) - selftests/bpf: satisfy compiler by having explicit return in btf test (Andrii Nakryiko) - wifi: rt2x00: restart beacon queue when hardware reset (Shiji Yang) - ext4: avoid online resizing failures due to oversized flex bg (Baokun Li) - ext4: remove unnecessary check from alloc_flex_gd() (Baokun Li) - ext4: unify the type of flexbg_size to unsigned int (Baokun Li) - ext4: fix inconsistent between segment fstrim and full fstrim (Ye Bin) - ecryptfs: Reject casefold directory inodes (Gabriel Krisman Bertazi) - SUNRPC: Fix a suspicious RCU usage warning (Anna Schumaker) - KVM: s390: fix setting of fpc register (Heiko Carstens) - s390/ptrace: handle setting of fpc register correctly (Heiko Carstens) - jfs: fix array-index-out-of-bounds in diNewExt (Edward Adam Davis) - rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock() (Oleg Nesterov) - afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() (Oleg Nesterov) - crypto: stm32/crc32 - fix parsing list of devices (Thomas Bourgoin) - pstore/ram: Fix crash when setting number of cpus to an odd number (Weichen Chen) - jfs: fix uaf in jfs_evict_inode (Edward Adam Davis) - jfs: fix array-index-out-of-bounds in dbAdjTree (Manas Ghandat) - jfs: fix slab-out-of-bounds Read in dtSearch (Manas Ghandat) - UBSAN: array-index-out-of-bounds in dtSplitRoot (Osama Muhammad) - FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree (Osama Muhammad) - ACPI: extlog: fix NULL pointer dereference check (Prarit Bhargava) - PNP: ACPI: fix fortify warning (Dmitry Antipov) - ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop (Yuluo Qiu) - audit: Send netlink ACK before setting connection in auditd_set (Chris Riches) - regulator: core: Only increment use_count when enable_count changes (Rui Zhang) - perf/core: Fix narrow startup race when creating the perf nr_addr_filters sysfs file (Greg KH) - x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel (Zhiquan Li) - powerpc/lib: Validate size for vector operations (Naveen N Rao) - powerpc: pmd_move_must_withdraw() is only needed for CONFIG_TRANSPARENT_HUGEPAGE (Stephen Rothwell) - powerpc/mm: Fix build failures due to arch_reserved_kernel_pages() (Michael Ellerman) - powerpc: Fix build error due to is_valid_bugaddr() (Michael Ellerman) - powerpc/mm: Fix null-pointer dereference in pgtable_cache_add (Kunwu Chan) - x86/entry/ia32: Ensure s32 is sign extended to s64 (Richard Palethorpe) - tick/sched: Preserve number of idle sleeps across CPU hotplug events (Tim Chen) - mips: Call lose_fpu(0) before initializing fcr31 in mips_set_personality_nan (Xi Ruoyao) - spi: bcm-qspi: fix SFDP BFPT read by usig mspi read (Kamal Dasu) - gpio: eic-sprd: Clear interrupt after set the interrupt type (Wenhua Lin) - drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume (Fedor Pchelkin) - drm/exynos: fix accidental on-stack copy of exynos_drm_plane (Arnd Bergmann) - drm/bridge: nxp-ptn3460: simplify some error checking (Dan Carpenter) - drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking (Dan Carpenter) - drm: Don't unref the same fb many times by mistake due to deadlock handling (Ville Syrjala) - gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04 (Mario Limonciello) - netfilter: nf_tables: reject QUEUE/DROP verdict parameters (Florian Westphal) - rbd: don't move requests to the running list on errors (Ilya Dryomov) - btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args (Qu Wenruo) - btrfs: don't warn if discard range is not aligned to sector (David Sterba) - btrfs: tree-checker: fix inline ref size in error messages (Chung-Chiang Cheng) - btrfs: ref-verify: free ref cache before clearing mount opt (Fedor Pchelkin) - net: fec: fix the unhandled context fault from smmu (Shenwei Wang) - fjes: fix memleaks in fjes_hw_setup (Zhipeng Lu) - netfilter: nf_tables: validate NFPROTO_* family (Pablo Neira Ayuso) - netfilter: nf_tables: restrict anonymous set and map names to 16 bytes (Florian Westphal) - net/mlx5e: fix a double-free in arfs_create_groups (Zhipeng Lu) - net/mlx5: Use kfree(ft->g) in arfs_create_groups() (Denis Efremov) - net/mlx5: DR, Use the right GVMI number for drop action (Yevgeny Kliteynik) - netlink: fix potential sleeping issue in mqueue_flush_file (Zhengchao Shao) - tcp: Add memory barrier to tcp_push() (Salvatore Dipietro) - afs: Hide silly-rename files from userspace (David Howells) - tracing: Ensure visibility when inserting an element into tracing_map (Petr Pavlu) - net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv (Sharath Srinivasan) - llc: Drop support for ETH_P_TR_802_2. (Kuniyuki Iwashima) - llc: make llc_ui_sendmsg() more robust against bonding changes (Eric Dumazet) - vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING (Lin Ma) - net/smc: fix illegal rmb_desc access in SMC-D connection dump (Wen Gu) - x86/CPU/AMD: Fix disabling XSAVES on AMD family 0x17 due to erratum (Maciej S. Szmigiero) - powerpc: Use always instead of always-y in for crtsavres.o (Nathan Chancellor) - fs: move S_ISGID stripping into the vfs_*() helpers (Yang Xu) - fs: add mode_strip_sgid() helper (Yang Xu) - mtd: spinand: macronix: Fix MX35LFxGE4AD page size (JaimeLiao) - block: Remove special-casing of compound pages (Matthew Wilcox (Oracle)) - rename(): fix the locking of subdirectories (Al Viro) - ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path (Zhihao Cheng) - nouveau/vmm: don't set addr on the fail path to avoid warning (Dave Airlie) - mmc: core: Use mrq.sbc in close-ended ffu (Avri Altman) - arm64: dts: qcom: sdm845: fix USB wakeup interrupt types (Johan Hovold) - parisc/firmware: Fix F-extend for PDC addresses (Helge Deller) - rpmsg: virtio: Free driver_override when rpmsg_remove() (Xiaolei Wang) - hwrng: core - Fix page fault dead lock on mmap-ed hwrng (Herbert Xu) - PM: hibernate: Enforce ordering during image compression/decompression (Hongchen Zhang) - crypto: api - Disallow identical driver names (Herbert Xu) - ext4: allow for the last group to be marked as trimmed (Suraj Jitindar Singh) - serial: sc16is7xx: add check for unsupported SPI modes during probe (Hugo Villeneuve) - spi: introduce SPI_MODE_X_MASK macro (Oleksij Rempel) - serial: sc16is7xx: set safe default SPI clock frequency (Hugo Villeneuve) - units: add the HZ macros (Daniel Lezcano) - units: change from 'L' to 'UL' (Daniel Lezcano) - units: Add Watt units (Daniel Lezcano) - PCI: mediatek: Clear interrupt status before dispatching handler (qizhong cheng) [5.4.17-2136.330.1.el7] - mm: hwpoison: handle non-anonymous THP correctly (Yang Shi) [Orabug: 36223690] - mm,hwpoison: unify THP handling for hard and soft offline (Oscar Salvador) [Orabug: 36223690] - mm: hwpoison: remove the unnecessary THP check (Yang Shi) [Orabug: 36223690] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-0340 CVE-2024-1086 CVE-2024-0607 CVE-2024-2201 CVE-2024-26679 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 8 [5.4.17-2136.330.7.1.el8] - KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Add BHI mitigation knob (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Enumerate Branch History Injection (BHI) bug (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Define SPEC_CTRL_BHI_DIS_S (Daniel Sneddon) [Orabug: 36384803] {CVE-2024-2201} - x86/bhi: Add support for clearing branch history at syscall entry (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201} - x86/cpufeature: Add missing leaf enumeration (Daniel Sneddon) [Orabug: 36384803] {CVE-2024-2201} - KVM: x86: Use a switch statement and macros in __feature_translate() (Jim Mattson) [Orabug: 36384803] {CVE-2024-2201} - KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace (Jim Mattson) [Orabug: 36384803] {CVE-2024-2201} - KVM: x86: Update KVM-only leaf handling to allow for 100% KVM-only leafs (Sean Christopherson) [Orabug: 36384803] {CVE-2024-2201} - x86/bugs: Use sysfs_emit() (Borislav Petkov) [Orabug: 36384803] {CVE-2024-2201} - x86/speculation: Reorder SRSO and GDS functions (Alexandre Chartre) [Orabug: 36384803] {CVE-2024-2201} - KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (Jim Mattson) [Orabug: 36384803] {CVE-2024-2201} - KVM: x86: Move reverse CPUID helpers to separate header file (Ricardo Koller) [Orabug: 36384803] {CVE-2024-2201} - KVM: x86: Fix implicit enum conversion goof in scattered reverse CPUID code (Sean Christopherson) [Orabug: 36384803] {CVE-2024-2201} - KVM: x86: Add support for reverse CPUID lookup of scattered features (Sean Christopherson) [Orabug: 36384803] {CVE-2024-2201} - x86/msr: Define new bits in TSX_FORCE_ABORT MSR (Pawan Gupta) [Orabug: 36384803] {CVE-2024-2201} - objtool: Add asm version of STACK_FRAME_NON_STANDARD (Josh Poimboeuf) [Orabug: 36384803] {CVE-2024-2201} - objtool: Only include valid definitions depending on source file type (Julien Thierry) [Orabug: 36384803] {CVE-2024-2201} [5.4.17-2136.330.7.el8] - Revert 'x86/mm/ident_map: Use gbpages only where full GB page should be mapped.' (Sherry Yang) [Orabug: 36409910] - arm64: dts: qcom: sdm845: fix USB DP/DM HS PHY interrupts (Johan Hovold) - arm64: dts: qcom: add PDC interrupt controller for SDM845 (Lina Iyer) - hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed (Shradha Gupta) - hv_netvsc: use netif_is_bond_master() instead of open code (Juhee Kang) - netfilter: nft_ct: fix l3num expectations with inet pseudo family (Florian Westphal) [5.4.17-2136.330.6.el8] - eVM: x86: Drop kvm SRCU lock in kvm_vcpu_update_apicv (Alejandro Jimenez) [Orabug: 36329600] - KVM: x86: Handle APICv updates for APIC 'mode' changes via request (Sean Christopherson) [Orabug: 36329600] - blk-mq: fix system hang while doing cpu offline on domU (Shminderjit Singh) [Orabug: 36366420] [5.4.17-2136.330.5.el8] - afs: Fix endless loop in directory parsing (David Howells) - netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() (Ignat Korchagin) - netfilter: nf_tables: set dormant flag on hook register failure (Florian Westphal) - scsi: megaraid_sas: Correct value passed to scsi_device_lookup() (Guixin Liu) [Orabug: 36345168] [5.4.17-2136.330.4.el8] - Revert 'crypto: api - Disallow identical driver names' (Saeed Mirzamohammadi) [Orabug: 36361379] - Fix null ptr in rds_tcp_recv_path (Allison Henderson) [Orabug: 35587415] - net/rds: print PPID/COMM of process doing user reset on RDS connection (Juan Garcia) [Orabug: 36248461] [5.4.17-2136.330.3.el8] - uek: kabi: Add two new exported kABI symbols for ACFS and EDV (Saeed Mirzamohammadi) [Orabug: 36251861] - mm: avoid conflict between MADV_DOEXEC and upstream advice values (Anthony Yznaga) [Orabug: 36334309] [5.4.17-2136.330.2.el8] - LTS tag: v5.4.269 (Alok Tiwari) - bpf: Add map and need_defer parameters to .map_fd_put_ptr() (Hou Tao) - of: gpio unittest kfree() wrong object (Frank Rowand) - of: unittest: fix EXPECT text for gpio hog errors (Frank Rowand) - net: bcmgenet: Fix EEE implementation (Florian Fainelli) - Revert 'Revert 'mtd: rawnand: gpmi: Fix setting busy timeout setting'' (Max Krummenacher) - netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() (Dan Carpenter) - lsm: new security_file_ioctl_compat() hook (Alfred Piccioni) - drm/msm/dsi: Enable runtime PM (Konrad Dybcio) - PM: runtime: Have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend() (Douglas Anderson) - PM: runtime: add devm_pm_runtime_enable helper (Dmitry Baryshkov) - nilfs2: fix potential bug in end_buffer_async_write (Ryusuke Konishi) - sched/membarrier: reduce the ability to hammer on sys_membarrier (Linus Torvalds) - net: prevent mss overflow in skb_segment() (Eric Dumazet) - netfilter: ipset: Missing gc cancellations fixed (Jozsef Kadlecsik) - netfilter: ipset: fix performance regression in swap operation (Jozsef Kadlecsik) - KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache (Oliver Upton) - mips: Fix max_mapnr being uninitialized on early stages (Serge Semin) - arch, mm: remove stale mentions of DISCONIGMEM (Mike Rapoport) - bus: moxtet: Add spi device table (Sjoerd Simons) - tracing: Inform kmemleak of saved_cmdlines allocation (Steven Rostedt (Google)) - pmdomain: core: Move the unused cleanup to a _sync initcall (Konrad Dybcio) - can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) (Oleksij Rempel) - irqchip/irq-brcmstb-l2: Add write memory barrier before exit (Doug Berger) - nfp: flower: prevent re-adding mac index for bonded port (Daniel de Villiers) - nfp: use correct macro for LengthSelect in BAR config (Daniel Basilio) - nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() (Ryusuke Konishi) - nilfs2: fix data corruption in dsync block recovery for small block sizes (Ryusuke Konishi) - ALSA: hda/conexant: Add quirk for SWS JS201D (bo liu) - mmc: slot-gpio: Allow non-sleeping GPIO ro (Alexander Stein) - x86/mm/ident_map: Use gbpages only where full GB page should be mapped. (Steve Wahl) - x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 (Aleksander Mazur) - serial: max310x: improve crystal stable clock detection (Hugo Villeneuve) - serial: max310x: set default value when reading clock ready bit (Hugo Villeneuve) - ring-buffer: Clean ring_buffer_poll_wait() error return (Vincent Donnefort) - iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC (zhili.liu) - staging: iio: ad5933: fix type mismatch regression (David Schiller) - tracing: Fix wasted memory in saved_cmdlines logic (Steven Rostedt (Google)) - ext4: fix double-free of blocks due to wrong extents moved_len (Baokun Li) - misc: fastrpc: Mark all sessions as invalid in cb_remove (Ekansh Gupta) - binder: signal epoll threads of self-work (Carlos Llamas) - ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL (Edson Juliano Drosdeck) - xen-netback: properly sync TX responses (Jan Beulich) - nfc: nci: free rx_data_reassembly skb on NCI device cleanup (Fedor Pchelkin) - kbuild: Fix changing ELF file type for output of gen_btf for big endian (Nathan Chancellor) - firewire: core: correct documentation of fw_csr_string() kernel API (Takashi Sakamoto) - scsi: Revert 'scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock' (Lee Duncan) - i2c: i801: Fix block process call transactions (Jean Delvare) - i2c: i801: Remove i801_set_block_buffer_mode (Heiner Kallweit) - usb: f_mass_storage: forbid async queue when shutdown happen (yuan linyu) - USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT (Oliver Neukum) - HID: wacom: Do not register input devices until after hid_hw_start (Jason Gerecke) - HID: wacom: generic: Avoid reporting a serial of '0' to userspace (Tatsunosuke Tobita) - mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again (Zach O'Keefe) - tracing/trigger: Fix to return error if failed to alloc snapshot (Masami Hiramatsu (Google)) - i40e: Fix waiting for queues of all VSIs to be disabled (Ivan Vecera) - MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler (Guenter Roeck) - ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() (Alexey Khoroshilov) - spi: ppc4xx: Drop write-only variable (Uwe Kleine-Konig) - of: unittest: Fix compile in the non-dynamic case (Christian A. Ehrhardt) - of: unittest: add overlay gpio test to catch gpio hog problem (Frank Rowand) - btrfs: send: return EOPNOTSUPP on unknown flags (David Sterba) - btrfs: forbid deleting live subvol qgroup (Boris Burkov) - btrfs: forbid creating subvol qgroups (Boris Burkov) - netfilter: nft_set_rbtree: skip end interval element from gc (Pablo Neira Ayuso) - net: stmmac: xgmac: fix a typo of register name in DPP safety handling (Furong Xu) - net: stmmac: xgmac: use #define for string constants (Simon Horman) - vhost: use kzalloc() instead of kmalloc() followed by memset() (Prathu Baronia) - Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID (Hans de Goede) - USB: serial: cp210x: add ID for IMST iM871A-USB (Leonard Dallmayr) - USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e (JackBB Wu) - net/af_iucv: clean up a try_then_request_module() (Julian Wiedmann) - netfilter: nft_ct: reject direction for ct id (Pablo Neira Ayuso) - netfilter: nft_compat: restrict match/target protocol to u16 (Pablo Neira Ayuso) - netfilter: nft_compat: reject unused compat flag (Pablo Neira Ayuso) - ppp_async: limit MRU to 64K (Eric Dumazet) - tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (Shigeru Yoshida) - rxrpc: Fix response to PING RESPONSE ACKs to a dead call (David Howells) - inet: read sk->sk_family once in inet_recv_error() (Eric Dumazet) - hwmon: (coretemp) Fix bogus core_id to attr name mapping (Zhang Rui) - hwmon: (coretemp) Fix out-of-bounds memory access (Zhang Rui) - hwmon: (aspeed-pwm-tacho) mutex for tach reading (Loic Prylli) - atm: idt77252: fix a memleak in open_card_ubr0 (Zhipeng Lu) - selftests: net: avoid just another constant wait (Paolo Abeni) - net: stmmac: xgmac: fix handling of DPP safety error for DMA channels (Furong Xu) - phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (Tony Lindgren) - dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV (Frank Li) - phy: renesas: rcar-gen3-usb2: Fix returning wrong error code (Yoshihiro Shimoda) - dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA (Christophe JAILLET) - dmaengine: fsl-qdma: Fix a memory leak related to the status queue DMA (Christophe JAILLET) - bonding: remove print in bond_verify_device_path (Zhengchao Shao) - HID: apple: Add 2021 magic keyboard FN key mapping (Benjamin Berg) - HID: apple: Swap the Fn and Left Control keys on Apple keyboards (free5lot) - HID: apple: Add support for the 2021 Magic Keyboard (Alex Henrie) - net: sysfs: Fix /sys/class/net/<iface> path (Breno Leitao) - af_unix: fix lockdep positive in sk_diag_dump_icons() (Eric Dumazet) - net: ipv4: fix a memleak in ip_setup_cork (Zhipeng Lu) - netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations (Pablo Neira Ayuso) - netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger (Pablo Neira Ayuso) - llc: call sock_orphan() at release time (Eric Dumazet) - ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (Helge Deller) - ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550() (Christophe JAILLET) - ixgbe: Refactor overtemp event handling (Jedrzej Jagielski) - ixgbe: Refactor returning internal error codes (Jedrzej Jagielski) - ixgbe: Remove non-inclusive language (Piotr Skajewski) - net: remove unneeded break (Tom Rix) - scsi: isci: Fix an error code problem in isci_io_request_build() (Su Hui) - wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update (Edward Adam Davis) - perf: Fix the nr_addr_filters fix (Peter Zijlstra) - drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()' (Srinivasan Shanmugam) - ceph: fix deadlock or deadcode of misusing dget() (Xiubo Li) - blk-mq: fix IO hang from sbitmap wakeup race (Ming Lei) - virtio_net: Fix ''%d' directive writing between 1 and 11 bytes into a region of size 10' warnings (Zhu Yanjun) - libsubcmd: Fix memory leak in uniq() (Ian Rogers) - PCI/AER: Decode Requester ID when no error info found (Bjorn Helgaas) - fs/kernfs/dir: obey S_ISGID (Max Kellermann) - usb: hub: Replace hardcoded quirk value with BIT() macro (Hardik Gajjar) - PCI: switchtec: Fix stdev_release() crash after surprise hot remove (Daniel Stodden) - PCI: Only override AMD USB controller if required (Guilherme G. Piccoli) - mfd: ti_am335x_tscadc: Fix TI SoC dependencies (Peter Robinson) - i3c: master: cdns: Update maximum prescaler value for i2c clock (Harshit Shah) - um: net: Fix return type of uml_net_start_xmit() (Nathan Chancellor) - um: Don't use vfprintf() for os_info() (Benjamin Berg) - um: Fix naming clash between UML and scheduler (Anton Ivanov) - leds: trigger: panic: Don't register panic notifier if creating the trigger failed (Heiner Kallweit) - drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' (Srinivasan Shanmugam) - drm/amdgpu: Let KFD sync with VM fences (Felix Kuehling) - clk: mmp: pxa168: Fix memory leak in pxa168_clk_init() (Kuan-Wei Chiu) - clk: hi3620: Fix memory leak in hi3620_mmc_clk_init() (Kuan-Wei Chiu) - drm/msm/dpu: Ratelimit framedone timeout msgs (Rob Clark) - media: ddbridge: fix an error code problem in ddb_probe (Su Hui) - IB/ipoib: Fix mcast list locking (Daniel Vacek) - drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time (Douglas Anderson) - ALSA: hda: Intel: add HDA_ARL PCI ID support (Pierre-Louis Bossart) - PCI: add INTEL_HDA_ARL to pci_ids.h (Pierre-Louis Bossart) - media: rockchip: rga: fix swizzling for RGB formats (Michael Tretter) - media: stk1160: Fixed high volume of stk1160_dbg messages (Ghanshyam Agrawal) - drm/mipi-dsi: Fix detach call without attach (Tomi Valkeinen) - drm/framebuffer: Fix use of uninitialized variable (Tomi Valkeinen) - drm/drm_file: fix use of uninitialized variable (Tomi Valkeinen) - RDMA/IPoIB: Fix error code return in ipoib_mcast_join (Jack Wang) - fast_dput(): handle underflows gracefully (Al Viro) - ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument (Cristian Ciocaltea) - f2fs: fix to check return value of f2fs_reserve_new_block() (Chao Yu) - wifi: cfg80211: free beacon_ies when overridden from hidden BSS (Benjamin Berg) - wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() (Su Hui) - wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices (Zenm Chen) - arm64: dts: qcom: msm8998: Fix 'out-ports' is a required property (Mao Jinlong) - arm64: dts: qcom: msm8996: Fix 'in-ports' is a required property (Mao Jinlong) - md: Whenassemble the array, consult the superblock of the freshest device (Alex Lyakas) - block: prevent an integer overflow in bvec_try_merge_hw_page (Christoph Hellwig) - ARM: dts: imx23/28: Fix the DMA controller node name (Fabio Estevam) - ARM: dts: imx23-sansa: Use preferred i2c-gpios properties (Fabio Estevam) - ARM: dts: imx27-apf27dev: Fix LED name (Fabio Estevam) - ARM: dts: imx25/27: Pass timing0 (Fabio Estevam) - ARM: dts: imx1: Fix sram node (Fabio Estevam) - ARM: dts: imx27: Fix sram node (Fabio Estevam) - ARM: dts: imx: Use flash@0,0 pattern (Fabio Estevam) - ARM: dts: imx25/27-eukrea: Fix RTC node name (Fabio Estevam) - ARM: dts: rockchip: fix rk3036 hdmi ports node (Johan Jonker) - scsi: libfc: Fix up timeout error in fc_fcp_rec_error() (Hannes Reinecke) - scsi: libfc: Don't schedule abort twice (Hannes Reinecke) - wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (Minsuk Kang) - ARM: dts: imx7s: Fix nand-controller #size-cells (Alexander Stein) - ARM: dts: imx7s: Fix lcdif compatible (Alexander Stein) - ARM: dts: imx7d: Fix coresight funnel ports (Alexander Stein) - bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk (Zhengchao Shao) - PCI: Add no PM reset quirk for NVIDIA Spectrum devices (Ido Schimmel) - scsi: lpfc: Fix possible file string name overflow when updating firmware (Justin Tee) - selftests/bpf: Fix pyperf180 compilation failure with clang18 (Yonghong Song) - selftests/bpf: satisfy compiler by having explicit return in btf test (Andrii Nakryiko) - wifi: rt2x00: restart beacon queue when hardware reset (Shiji Yang) - ext4: avoid online resizing failures due to oversized flex bg (Baokun Li) - ext4: remove unnecessary check from alloc_flex_gd() (Baokun Li) - ext4: unify the type of flexbg_size to unsigned int (Baokun Li) - ext4: fix inconsistent between segment fstrim and full fstrim (Ye Bin) - ecryptfs: Reject casefold directory inodes (Gabriel Krisman Bertazi) - SUNRPC: Fix a suspicious RCU usage warning (Anna Schumaker) - KVM: s390: fix setting of fpc register (Heiko Carstens) - s390/ptrace: handle setting of fpc register correctly (Heiko Carstens) - jfs: fix array-index-out-of-bounds in diNewExt (Edward Adam Davis) - rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock() (Oleg Nesterov) - afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() (Oleg Nesterov) - crypto: stm32/crc32 - fix parsing list of devices (Thomas Bourgoin) - pstore/ram: Fix crash when setting number of cpus to an odd number (Weichen Chen) - jfs: fix uaf in jfs_evict_inode (Edward Adam Davis) - jfs: fix array-index-out-of-bounds in dbAdjTree (Manas Ghandat) - jfs: fix slab-out-of-bounds Read in dtSearch (Manas Ghandat) - UBSAN: array-index-out-of-bounds in dtSplitRoot (Osama Muhammad) - FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree (Osama Muhammad) - ACPI: extlog: fix NULL pointer dereference check (Prarit Bhargava) - PNP: ACPI: fix fortify warning (Dmitry Antipov) - ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop (Yuluo Qiu) - audit: Send netlink ACK before setting connection in auditd_set (Chris Riches) - regulator: core: Only increment use_count when enable_count changes (Rui Zhang) - perf/core: Fix narrow startup race when creating the perf nr_addr_filters sysfs file (Greg KH) - x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel (Zhiquan Li) - powerpc/lib: Validate size for vector operations (Naveen N Rao) - powerpc: pmd_move_must_withdraw() is only needed for CONFIG_TRANSPARENT_HUGEPAGE (Stephen Rothwell) - powerpc/mm: Fix build failures due to arch_reserved_kernel_pages() (Michael Ellerman) - powerpc: Fix build error due to is_valid_bugaddr() (Michael Ellerman) - powerpc/mm: Fix null-pointer dereference in pgtable_cache_add (Kunwu Chan) - x86/entry/ia32: Ensure s32 is sign extended to s64 (Richard Palethorpe) - tick/sched: Preserve number of idle sleeps across CPU hotplug events (Tim Chen) - mips: Call lose_fpu(0) before initializing fcr31 in mips_set_personality_nan (Xi Ruoyao) - spi: bcm-qspi: fix SFDP BFPT read by usig mspi read (Kamal Dasu) - gpio: eic-sprd: Clear interrupt after set the interrupt type (Wenhua Lin) - drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume (Fedor Pchelkin) - drm/exynos: fix accidental on-stack copy of exynos_drm_plane (Arnd Bergmann) - drm/bridge: nxp-ptn3460: simplify some error checking (Dan Carpenter) - drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking (Dan Carpenter) - drm: Don't unref the same fb many times by mistake due to deadlock handling (Ville Syrjala) - gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04 (Mario Limonciello) - netfilter: nf_tables: reject QUEUE/DROP verdict parameters (Florian Westphal) - rbd: don't move requests to the running list on errors (Ilya Dryomov) - btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args (Qu Wenruo) - btrfs: don't warn if discard range is not aligned to sector (David Sterba) - btrfs: tree-checker: fix inline ref size in error messages (Chung-Chiang Cheng) - btrfs: ref-verify: free ref cache before clearing mount opt (Fedor Pchelkin) - net: fec: fix the unhandled context fault from smmu (Shenwei Wang) - fjes: fix memleaks in fjes_hw_setup (Zhipeng Lu) - netfilter: nf_tables: validate NFPROTO_* family (Pablo Neira Ayuso) - netfilter: nf_tables: restrict anonymous set and map names to 16 bytes (Florian Westphal) - net/mlx5e: fix a double-free in arfs_create_groups (Zhipeng Lu) - net/mlx5: Use kfree(ft->g) in arfs_create_groups() (Denis Efremov) - net/mlx5: DR, Use the right GVMI number for drop action (Yevgeny Kliteynik) - netlink: fix potential sleeping issue in mqueue_flush_file (Zhengchao Shao) - tcp: Add memory barrier to tcp_push() (Salvatore Dipietro) - afs: Hide silly-rename files from userspace (David Howells) - tracing: Ensure visibility when inserting an element into tracing_map (Petr Pavlu) - net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv (Sharath Srinivasan) - llc: Drop support for ETH_P_TR_802_2. (Kuniyuki Iwashima) - llc: make llc_ui_sendmsg() more robust against bonding changes (Eric Dumazet) - vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING (Lin Ma) - net/smc: fix illegal rmb_desc access in SMC-D connection dump (Wen Gu) - x86/CPU/AMD: Fix disabling XSAVES on AMD family 0x17 due to erratum (Maciej S. Szmigiero) - powerpc: Use always instead of always-y in for crtsavres.o (Nathan Chancellor) - fs: move S_ISGID stripping into the vfs_*() helpers (Yang Xu) - fs: add mode_strip_sgid() helper (Yang Xu) - mtd: spinand: macronix: Fix MX35LFxGE4AD page size (JaimeLiao) - block: Remove special-casing of compound pages (Matthew Wilcox (Oracle)) - rename(): fix the locking of subdirectories (Al Viro) - ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path (Zhihao Cheng) - nouveau/vmm: don't set addr on the fail path to avoid warning (Dave Airlie) - mmc: core: Use mrq.sbc in close-ended ffu (Avri Altman) - arm64: dts: qcom: sdm845: fix USB wakeup interrupt types (Johan Hovold) - parisc/firmware: Fix F-extend for PDC addresses (Helge Deller) - rpmsg: virtio: Free driver_override when rpmsg_remove() (Xiaolei Wang) - hwrng: core - Fix page fault dead lock on mmap-ed hwrng (Herbert Xu) - PM: hibernate: Enforce ordering during image compression/decompression (Hongchen Zhang) - crypto: api - Disallow identical driver names (Herbert Xu) - ext4: allow for the last group to be marked as trimmed (Suraj Jitindar Singh) - serial: sc16is7xx: add check for unsupported SPI modes during probe (Hugo Villeneuve) - spi: introduce SPI_MODE_X_MASK macro (Oleksij Rempel) - serial: sc16is7xx: set safe default SPI clock frequency (Hugo Villeneuve) - units: add the HZ macros (Daniel Lezcano) - units: change from 'L' to 'UL' (Daniel Lezcano) - units: Add Watt units (Daniel Lezcano) - PCI: mediatek: Clear interrupt status before dispatching handler (qizhong cheng) [5.4.17-2136.330.1.el8] - mm: hwpoison: handle non-anonymous THP correctly (Yang Shi) [Orabug: 36223690] - mm,hwpoison: unify THP handling for hard and soft offline (Oscar Salvador) [Orabug: 36223690] - mm: hwpoison: remove the unnecessary THP check (Yang Shi) [Orabug: 36223690] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-2201 CVE-2024-1086 CVE-2024-26679 CVE-2024-0607 CVE-2024-0340 cpe:/a:oracle:linux:8::UEKR6 Oracle Linux 8 hivex libguestfs libguestfs-winsupport [8.9-1] - Rebase to ntfs-3g 2022.10.3 - Fixes: CVE-2022-40284 - resolves: rhbz#2236372 libiscsi libnbd libtpms libvirt [9.0.0-5] - Fix off-by-one error in udevListInterfacesByStatus (Martin Kletzander) [Orabug: 36364464] {CVE-2024-1441} libvirt-dbus libvirt-python [9.0.0-5] - Update to libvirt 9.0.0-5 (Karl Heubaum) nbdkit netcf perl-Sys-Virt qemu-kvm [7.2.0-11] - vfio/migration: Add a note about migration rate limiting (Avihai Horon) [Orabug: 36329758] - vfio/migration: Refactor vfio_save_state() return value (Avihai Horon) [Orabug: 36329758] - migration: Don't serialize devices in qemu_savevm_state_iterate() (Avihai Horon) [Orabug: 36329758] - ui/clipboard: add asserts for update and request (Fiona Ebner) [Orabug: 36323175] {CVE-2023-6683} - ui/clipboard: mark type as not available when there is no data (Fiona Ebner) [Orabug: 36323175] {CVE-2023-6683} - virtio-net: correctly copy vnet header when flushing TX (Jason Wang) [Orabug: 36154459] {CVE-2023-6693} - esp: restrict non-DMA transfer length to that of available data (Mark Cave-Ayland) [Orabug: 36322141] {CVE-2024-24474} - vhost: Perform memory section dirty scans once per iteration (Si-Wei Liu) - vhost: dirty log should be per backend type (Si-Wei Liu) - net: Update MemReentrancyGuard for NIC (Akihiko Odaki) [Orabug: 35644197] {CVE-2023-3019} - net: Provide MemReentrancyGuard * to qemu_new_nic() (Akihiko Odaki) [Orabug: 35644197] {CVE-2023-3019} - lsi53c895a: disable reentrancy detection for MMIO region, too (Thomas Huth) [Orabug: 33774027] {CVE-2021-3750} - memory: stricter checks prior to unsetting engaged_in_io (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - async: avoid use-after-free on re-entrancy guard (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - apic: disable reentrancy detection for apic-msi (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - raven: disable reentrancy detection for iomem (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - bcm2835_property: disable reentrancy detection for iomem (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - lsi53c895a: disable reentrancy detection for script RAM (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - hw: replace most qemu_bh_new calls with qemu_bh_new_guarded (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - checkpatch: add qemu_bh_new/aio_bh_new checks (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - async: Add an optional reentrancy guard to the BH API (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - memory: prevent dma-reentracy issues (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - hw/acpi: propagate vcpu hotplug after switch to modern interface (Aaron Young) - migration: Fix use-after-free of migration state object (Fabiano Rosas) [Orabug: 36242218] - kvm: Fix crash due to access uninitialized kvm_state (Gavin Shan) [Orabug: 36269244] - migration: Avoid usage of static variable inside tracepoint (Joao Martins) - migration: Add tracepoints for downtime checkpoints (Peter Xu) - migration: migration_stop_vm() helper (Peter Xu) - migration: Add per vmstate downtime tracepoints (Peter Xu) - migration: Add migration_downtime_start|end() helpers (Peter Xu) - migration: Set downtime_start even for postcopy (Peter Xu) - hv-balloon: implement pre-Glib 2.68 compatibility (Maciej S. Szmigiero) - hw/i386/pc: Support hv-balloon (Maciej S. Szmigiero) - qapi: Add HV_BALLOON_STATUS_REPORT event and its QMP query command (Maciej S. Szmigiero) - qapi: Add query-memory-devices support to hv-balloon (Maciej S. Szmigiero) - Add Hyper-V Dynamic Memory Protocol driver (hv-balloon) hot-add support (Maciej S. Szmigiero) - Add Hyper-V Dynamic Memory Protocol driver (hv-balloon) base (Maciej S. Szmigiero) - Add Hyper-V Dynamic Memory Protocol definitions (Maciej S. Szmigiero) - memory-device: Drop size alignment check (David Hildenbrand) - memory-device: Support empty memory devices (David Hildenbrand) - memory,vhost: Allow for marking memory device memory regions unmergeable (David Hildenbrand) - memory: Clarify mapping requirements for RamDiscardManager (David Hildenbrand) - memory-device,vhost: Support automatic decision on the number of memslots (David Hildenbrand) - vhost: Add vhost_get_max_memslots() (David Hildenbrand) - kvm: Add stub for kvm_get_max_memslots() (David Hildenbrand) - memory-device,vhost: Support memory devices that dynamically consume memslots (David Hildenbrand) - memory-device: Track required and actually used memslots in DeviceMemoryState (David Hildenbrand) - stubs: Rename qmp_memory_device.c to memory_device.c (David Hildenbrand) - memory-device: Support memory devices with multiple memslots (David Hildenbrand) - vhost: Return number of free memslots (David Hildenbrand) - kvm: Return number of free memslots (David Hildenbrand) - vhost: Remove vhost_backend_can_merge() callback (David Hildenbrand) - vhost: Rework memslot filtering and fix 'used_memslot' tracking (David Hildenbrand) - virtio-md-pci: New parent type for virtio-mem-pci and virtio-pmem-pci (David Hildenbrand) - migration/ram: Expose ramblock_is_ignored() as migrate_ram_is_ignored() (David Hildenbrand) - virtio-mem: Skip most of virtio_mem_unplug_all() without plugged memory (David Hildenbrand) - softmmu/physmem: Warn with ram_block_discard_range() on MAP_PRIVATE file mapping (David Hildenbrand) - memory-device: Track used region size in DeviceMemoryState (David Hildenbrand) - memory-device: Refactor memory_device_pre_plug() (David Hildenbrand) - hw/i386/pc: Remove PC_MACHINE_DEVMEM_REGION_SIZE (David Hildenbrand) - hw/i386/acpi-build: Rely on machine->device_memory when building SRAT (David Hildenbrand) - hw/i386/pc: Use machine_memory_devices_init() (David Hildenbrand) - hw/loongarch/virt: Use machine_memory_devices_init() (David Hildenbrand) - hw/ppc/spapr: Use machine_memory_devices_init() (David Hildenbrand) - hw/arm/virt: Use machine_memory_devices_init() (David Hildenbrand) - memory-device: Introduce machine_memory_devices_init() (David Hildenbrand) - memory-device: Unify enabled vs. supported error messages (David Hildenbrand) - hw/scsi/scsi-disk: Disallow block sizes smaller than 512 [CVE-2023-42467] (Thomas Huth) [Orabug: 35808564] {CVE-2023-42467} - tests/qtest: ahci-test: add test exposing reset issue with pending callback (Fiona Ebner) [Orabug: 35977245] {CVE-2023-5088} - hw/ide: reset: cancel async DMA operation before resetting state (Fiona Ebner) [Orabug: 35977245] {CVE-2023-5088} seabios sgabios supermin swtpm virt-v2v MODERATE Copyright 2024 Oracle, Inc. CVE-2023-6693 CVE-2024-1441 CVE-2023-6683 CVE-2023-42467 CVE-2023-5088 CVE-2021-3750 CVE-2023-3019 CVE-2024-24474 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:linux:8::kvm_appstream Oracle Linux 8 cri-o [1.25.5-2] - Address CVE-2024-24786 cri-tools [1.25.0-4] - Address CVE-2024-24786 etcd [3.5.9-4] - Address protobuf [CVE-2024-24786] [3.5.9-3] - Address CVE-2023-39326 by upgrading golang to version 1.20.12 istio [1.16.7-4] - Address protobuf [CVE-2024-24786] - Backport from 1.19.7 to address CVE-2024-23322, CVE-2024-23323, CVE-2024-23324, CVE-2024-23325, CVE-2024-23327 kubernetes [1.25.16-2] - Fixed CoreDNS version check [1.25.16-1] - Added Oracle specific build files for Kubernetes olcne [1.6.7-3] - Fixed unable to deploy new module(s) using config file containing already existing modules - Update Istio-1.16.7 to address CVE-2024-24786, CVE-2024-23322, CVE-2024-23323, CVE-2024-23324, CVE-2024-23325, CVE-2024-23327 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-24786 CVE-2024-23327 cpe:/a:oracle:linux:8::olcne16 Oracle Linux 7 cri-o [1.25.5-2] - Address CVE-2024-24786 cri-tools [1.25.0-4] - Address CVE-2024-24786 etcd [3.5.9-4] - Address protobuf [CVE-2024-24786] [3.5.9-3] - Address CVE-2023-39326 by upgrading golang to version 1.20.12 istio [1.16.7-4] - Address protobuf [CVE-2024-24786] - Backport from 1.19.7 to address CVE-2024-23322, CVE-2024-23323, CVE-2024-23324, CVE-2024-23325, CVE-2024-23327 kubernetes [1.25.16-2] - Fixed CoreDNS version check olcne [1.6.7-3] - Fixed unable to deploy new module(s) using config file containing already existing modules - Update Istio-1.16.7 to address CVE-2024-24786, CVE-2024-23322, CVE-2024-23323, CVE-2024-23324, CVE-2024-23325, CVE-2024-23327 - Update Kubernetes-1.25.16 and components to address CVE-2024-24786 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-23327 CVE-2024-24786 cpe:/a:oracle:linux:7::olcne16 Oracle Linux 9 [3.7.6-23.4_fips] - Add FIPS package change: add fips suffix to Release and set Epoch to 10 [Orabug: 35925409] - Update FIPS module name for Oracle Linux [Orabug: 35925409] - Verify salt length and iteration count for PBKDF [Orabug: 35925409] [3.7.6-23.4] - Fix timing side-channel in deterministic ECDSA (RHEL-28958) - Fix potential crash during chain building/verification (RHEL-28953) [3.7.6-23.3] - x509: detect loop in certificate chain (RHEL-21759) - fips: Zeroize temporary values in integrity check (RHEL-21870) [3.7.6-23.2] - auth/rsa_psk: minimize branching after decryption [3.7.6-23.1] - auth/rsa_psk: side-step potential side-channel (RHEL-16755) [3.7.6-23] - Mark SHA-1 signature verification non-approved in FIPS (#2102751) [3.7.6-22] - Skip KTLS test on old kernel if host and target arches are different MODERATE Copyright 2024 Oracle, Inc. CVE-2024-0553 CVE-2024-28835 CVE-2024-0567 CVE-2024-28834 CVE-2023-5981 cpe:/a:oracle:linux:9::u3_security_validation Oracle Linux 9 [3.90.0-6_fips] - Add FIPS package change: add fips suffix to Release and set Epoch to 10 [Orabug: 35862190] - Update FIPS module name for Oracle Linux [Orabug: 35862190] [3.90.0-6] - Fix ecc DER wrapping. [3.90.0-5] - Pick up validated constant time implementations of p256, p384, and p521 from upsream - More Fips indicator changes [3.90.0-4] - FIPS review changes - add PORT_SafeZero to avoid compiler optimizing a way zeroing memory. - update the indicators for this release - allow hashing of longer than int32 values in a single PKCS #11 call. [3.90.0-3.3] - Fix expired certs in tests - Fix CVE-2023-5388 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-6135 cpe:/a:oracle:linux:9::u3_security_validation Oracle Linux 8 * Tue Feb 27 2024 Aaron Young - Create new 20240227 release for OL8 which includes the following fixed CVEs: {CVE-2023-45229} {CVE-2023-45230} {CVE-2023-45231} {CVE-2023-45232} {CVE-2023-45233} {CVE-2023-45234} {CVE-2023-45235} {CVE-2022-36763} {CVE-2022-36764} {CVE-2022-36765} - Update to OpenSSL 3.0.10 which includes the following fixed CVEs: {CVE-2023-2975} {CVE-2023-1255} {CVE-2023-0401} {CVE-2023-0217} {CVE-2023-0216} {CVE-2023-0215} {CVE-2022-4203} {CVE-2022-3996} {CVE-2022-3602} {CVE-2022-3786} {CVE-2022-3358} {CVE-2022-2274} {CVE-2022-1473} {CVE-2022-1434} {CVE-2022-1343} {CVE-2021-4044} {CVE-2021-23839} * Tue Aug 22 2023 Aaron Young - Create new 20230822.cvm release for OL8 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-45230 CVE-2023-45231 CVE-2022-36764 CVE-2022-36765 CVE-2023-45229 CVE-2023-45232 CVE-2023-45233 CVE-2023-45235 CVE-2023-45234 CVE-2022-36763 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:linux:8::kvm_appstream cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 cpe:/a:oracle:linux:8::distro_builder Oracle Linux 9 cri-o [1.26.4-2] - Address CVE-2024-24786 cri-tools [1.26.1-5] - Address CVE-2024-24786 etcd [3.5.10-3] - Address protobuf [CVE-2024-24786] [3.5.10-1] - Added Oracle specific build files istio [1.17.8-3] - Address protobuf [CVE-2024-24786] - Backport from 1.19.7 to address CVE-2024-23322, CVE-2024-23323, CVE-2024-23324, CVE-2024-23325, CVE-2024-23327 kubernetes [1.26.15-1] - Added Oracle specific build files for Kubernetes olcne [1.7.7-2] - Fixed unable to deploy new module(s) using config file containing already existing modules - Update Istio-1.17.8 to address CVE-2024-24786, CVE-2024-23322, CVE-2024-23323, CVE-2024-23324, CVE-2024-23325, CVE-2024-23327 - Update Kubernetes-1.26.15 and components to address CVE-2024-24786 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-23327 CVE-2024-24786 cpe:/a:oracle:linux:9::olcne19 cpe:/a:oracle:linux:9::olcne18 cpe:/a:oracle:linux:9::olcne17 Oracle Linux 8 cri-o [1.26.4-2] - Address CVE-2024-24786 cri-tools [1.26.1-5] - Address CVE-2024-24786 etcd [3.5.10-3] - Address protobuf [CVE-2024-24786] [3.5.10-1] - Added Oracle specific build files istio [1.17.8-3] - Address protobuf [CVE-2024-24786] - Backport from 1.19.7 to address CVE-2024-23322, CVE-2024-23323, CVE-2024-23324, CVE-2024-23325, CVE-2024-23327 kubernetes [1.26.15-1] - Added Oracle specific build files for Kubernetes olcne [1.7.7-2] - Fixed unable to deploy new module(s) using config file containing already existing modules - Update Istio-1.17.8 to address CVE-2024-24786, CVE-2024-23322, CVE-2024-23323, CVE-2024-23324, CVE-2024-23325, CVE-2024-23327 - Update Kubernetes-1.26.15 and components to address CVE-2024-24786 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-23327 CVE-2024-24786 cpe:/a:oracle:linux:8::olcne16 cpe:/a:oracle:linux:8::olcne17 cpe:/a:oracle:linux:8::olcne18 cpe:/a:oracle:linux:8::olcne19 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.85.1] - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (Zheng Wang) [Orabug: 35282809] {CVE-2023-1989} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-1989 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 9 [3.8.3-4_fips] - Add FIPS package change: add fips suffix to Release and set Epoch to 10 [Orabug: 35925409] - Update FIPS module name for Oracle Linux [Orabug: 35925409] [3.8.3-4] - Bump release to ensure el9 package is greater than el9_* packages [3.8.3-3] - Bump release to ensure el9 package is greater than el9_* packages [3.8.3-2] - Fix timing side-channel in deterministic ECDSA (RHEL-28959) - Fix potential crash during chain building/verification (RHEL-28954) [3.8.3-1] - Update to gnutls 3.8.3 (RHEL-14891) [3.8.2-3] - Skip KTLS test exercising ChaCha20-Poly1305 in TLS 1.3 as well (RHEL-18498) [3.8.2-2] - Bump nettle dependency to 3.9.1 - Skip KTLS test exercising ChaCha20-Poly1305 in TLS 1.2 (RHEL-18498) [3.8.2-1] - Update to gnutls 3.8.2 (RHEL-14891) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-28834 CVE-2024-28835 cpe:/a:oracle:linux:9::u3_security_validation Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.331.7] - Revert 'tracing/trigger: Fix to return error if failed to alloc snapshot' (Siddh Raman Pant) - Revert 'selftests: mm: fix map_hugetlb failure on 64K page size systems' (Harshit Mogalapalli) [Orabug: 36584568] - Revert 'net/mlx5: Enable SW-defined RoCEv2 UDP source port' (Arumugam Kolappan) [Orabug: 36530159] - PCI: boot time optimization (Harman Kalra) [Orabug: 36553666] [5.4.17-2136.331.6] - mm/memory-failure: fix an incorrect use of tail pages (Liu Shixin) - fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion (Bart Van Assche) - ahci: asm1064: asm1166: don't limit reported ports (Conrad Kostecki) - ahci: asm1064: correct count of reported ports (Andrey Jr. Melnikov) - mmc: core: Fix switch on gp3 partition (Dominique Martinet) - Revert 'Revert 'md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d'' (Song Liu) - serial: max310x: fix NULL pointer dereference in I2C instantiation (Hugo Villeneuve) - bonding: rate-limit bonding driver inspect messages (Praveen Kumar Kannoju) [Orabug: 36250568] - rds/rdma: Fix congestion value for userspace consumption (Juan Garcia) [Orabug: 36264652] - rds: Include transport protocol name in rds-info -k output (Juan Garcia) [Orabug: 36264652] [5.4.17-2136.331.5] - hwmon: (opbmc) E6/AST2600 platform enabled (Jan Zdarek) [Orabug: 36485646] - rds/ib: Disable WARN_ON() when system is going down (Hans Westgaard Ry) [Orabug: 36394488] - rds/rdma: print connection up/down time while dropping/connecting (Juan Garcia) [Orabug: 36264675] - rds: ib: Use fastreg QP if conn is down and handle FRWR CQE timeout (Hakon Bugge) [Orabug: 36236541] - rds: ib: Tear down QP when FRWR WRs fails (Hakon Bugge) [Orabug: 36236541] - rds: ib: Poll fastreg CQ before destroying (Hakon Bugge) [Orabug: 36236541] [5.4.17-2136.331.4] - net/mlx5: Brute force GFP_NOIO (Hakon Bugge) [Orabug: 35436312] - RDMA/mlx5: Brute force GFP_NOIO (Hakon Bugge) [Orabug: 35436312] - RDMA/cm: Brute force GFP_NOIO (Hakon Bugge) [Orabug: 35436312] - RDMA/cma: Brute force GFP_NOIO (Hakon Bugge) [Orabug: 35436312] - rds: Brute force GFP_NOIO (Hakon Bugge) [Orabug: 35436312] - workqueue: Inherit NOIO and NOFS alloc flags (Hakon Bugge) [Orabug: 35436312] - KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36496846] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Pawan Gupta) [Orabug: 36496846] {CVE-2024-2201} - x86/bhi: Add BHI mitigation knob (Pawan Gupta) [Orabug: 36496846] {CVE-2024-2201} - x86/bhi: Enumerate Branch History Injection (BHI) bug (Pawan Gupta) [Orabug: 36496846] {CVE-2024-2201} - x86/bhi: Define SPEC_CTRL_BHI_DIS_S (Daniel Sneddon) [Orabug: 36496846] {CVE-2024-2201} - x86/bhi: Add support for clearing branch history at syscall entry (Pawan Gupta) [Orabug: 36496846] {CVE-2024-2201} - x86/cpufeature: Add missing leaf enumeration (Daniel Sneddon) [Orabug: 36496846] {CVE-2024-2201} - KVM: x86: Use a switch statement and macros in __feature_translate() (Jim Mattson) [Orabug: 36496846] {CVE-2024-2201} - KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace (Jim Mattson) [Orabug: 36496846] {CVE-2024-2201} - KVM: x86: Update KVM-only leaf handling to allow for 100% KVM-only leafs (Sean Christopherson) [Orabug: 36496846] {CVE-2024-2201} - x86/bugs: Use sysfs_emit() (Borislav Petkov) [Orabug: 36496846] {CVE-2024-2201} - Documentation/hw-vuln: Update spectre doc (Lin Yujun) [Orabug: 36496846] {CVE-2024-2201} - x86/speculation: Reorder SRSO and GDS functions (Alexandre Chartre) [Orabug: 36496846] {CVE-2024-2201} - KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (Jim Mattson) [Orabug: 36496846] {CVE-2024-2201} - KVM: x86: Move reverse CPUID helpers to separate header file (Ricardo Koller) [Orabug: 36496846] {CVE-2024-2201} - KVM: x86: Fix implicit enum conversion goof in scattered reverse CPUID code (Sean Christopherson) [Orabug: 36496846] {CVE-2024-2201} - KVM: x86: Add support for reverse CPUID lookup of scattered features (Sean Christopherson) [Orabug: 36496846] {CVE-2024-2201} - x86/msr: Define new bits in TSX_FORCE_ABORT MSR (Pawan Gupta) [Orabug: 36496846] {CVE-2024-2201} - objtool: Add asm version of STACK_FRAME_NON_STANDARD (Josh Poimboeuf) [Orabug: 36496846] {CVE-2024-2201} - objtool: Only include valid definitions depending on source file type (Julien Thierry) [Orabug: 36496846] {CVE-2024-2201} [5.4.17-2136.331.3] - LTS tag: v5.4.273 (Sherry Yang) - regmap: Add missing map->bus check (Marek Vasut) - spi: spi-mt65xx: Fix NULL pointer access in interrupt handler (Fei Shao) - bpf: report RCU QS in cpumap kthread (Yan Zhai) - rcu: add a helper to report consolidated flavor QS (Yan Zhai) - netfilter: nf_tables: do not compare internal table flags on updates (Pablo Neira Ayuso) - ARM: dts: sun8i-h2-plus-bananapi-m2-zero: add regulator nodes vcc-dram and vcc1v2 (Michael Klein) - octeontx2-af: Use separate handlers for interrupts (Subbaraya Sundeep) - net/bnx2x: Prevent access to a freed page in page_pool (Thinh Tran) - hsr: Handle failures in module init (Felix Maurer) - packet: annotate data-races around ignore_outgoing (Eric Dumazet) - hsr: Fix uninit-value access in hsr_get_node() (Shigeru Yoshida) - s390/vtime: fix average steal time calculation (Mete Durlu) - usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin (Colin Ian King) - staging: greybus: fix get_channel_from_mode() failure path (Dan Carpenter) - serial: 8250_exar: Don't remove GPIO device on suspend (Andy Shevchenko) - rtc: mt6397: select IRQ_DOMAIN instead of depending on it (Randy Dunlap) - kconfig: fix infinite loop when expanding a macro at the end of file (Masahiro Yamada) - tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT (Tudor Ambarus) - serial: max310x: fix syntax error in IRQ error message (Hugo Villeneuve) - tty: vt: fix 20 vs 0x20 typo in EScsiignore (Jiri Slaby (SUSE)) - afs: Revert 'afs: Hide silly-rename files from userspace' (David Howells) - NFS: Fix an off by one in root_nfs_cat() (Christophe JAILLET) - watchdog: stm32_iwdg: initialize default timeout (Ben Wolsieffer) - net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr() (Christophe JAILLET) - scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn (Arnd Bergmann) - RDMA/device: Fix a race between mad_client and cm_client init (Shifeng Li) - scsi: csiostor: Avoid function pointer casts (Arnd Bergmann) - ALSA: usb-audio: Stop parsing channels bits when all channels are found. (Johan Carlsson) - clk: Fix clk_core_get NULL dereference (Bryan O'Donoghue) - sparc32: Fix section mismatch in leon_pci_grpci (Sam Ravnborg) - backlight: lp8788: Fully initialize backlight_properties during probe (Daniel Thompson) - backlight: lm3639: Fully initialize backlight_properties during probe (Daniel Thompson) - backlight: da9052: Fully initialize backlight_properties during probe (Daniel Thompson) - backlight: lm3630a: Don't set bl->props.brightness in get_brightness (Luca Weiss) - backlight: lm3630a: Initialize backlight_properties on init (Luca Weiss) - powerpc/embedded6xx: Fix no previous prototype for avr_uart_send() etc. (Michael Ellerman) - drm/msm/dpu: add division of drm_display_mode's hskew parameter (Paloma Arellano) - powerpc/hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value checks (Kajol Jain) - drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip (Hsin-Yi Wang) - media: ttpci: fix two memleaks in budget_av_attach (Zhipeng Lu) - media: media/pci: rename VFL_TYPE_GRABBER to _VIDEO (Hans Verkuil) - media: go7007: fix a memleak in go7007_load_encoder (Zhipeng Lu) - media: dvb-frontends: avoid stack overflow warnings with clang (Arnd Bergmann) - media: pvrusb2: fix uaf in pvr2_context_set_notify (Edward Adam Davis) - drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int() (Srinivasan Shanmugam) - ASoC: meson: axg-tdm-interface: fix mclk setup without mclk-fs (Jerome Brunet) - mtd: rawnand: lpc32xx_mlc: fix irq handler prototype (Arnd Bergmann) - mtd: maps: physmap-core: fix flash size larger than 32-bit (Baruch Siach) - crypto: arm/sha - fix function cast warnings (Arnd Bergmann) - mfd: altera-sysmgr: Call of_node_put() only when of_parse_phandle() takes a ref (Peter Griffin) - mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref (Peter Griffin) - drm/tegra: put drm_gem_object ref on error in tegra_fb_create (Fedor Pchelkin) - clk: hisilicon: hi3519: Release the correct number of gates in hi3519_clk_unregister() (Christophe JAILLET) - PCI: Mark 3ware-9650SE Root Port Extended Tags as broken (Jorg Wedekind) - drm/mediatek: dsi: Fix DSI RGB666 formats and definitions (AngeloGioacchino Del Regno) - clk: qcom: dispcc-sdm845: Adjust internal GDSC wait times (Konrad Dybcio) - media: pvrusb2: fix pvr2_stream_callback casts (Arnd Bergmann) - media: pvrusb2: remove redundant NULL check (Daniil Dulov) - media: go7007: add check of return value of go7007_read_addr() (Daniil Dulov) - media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak (Lucas Stach) - perf stat: Avoid metric-only segv (Ian Rogers) - ALSA: seq: fix function cast warnings (Takashi Iwai) - drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode() (Nikita Zhandarovich) - perf thread_map: Free strlist on normal path in thread_map__new_by_tid_str() (Yang Jihong) - PCI: switchtec: Fix an error handling path in switchtec_pci_probe() (Christophe JAILLET) - quota: Fix rcu annotations of inode dquot pointers (Jan Kara) - quota: Fix potential NULL pointer dereference (Wang Jianjian) - quota: simplify drop_dquot_ref() (Baokun Li) - clk: qcom: reset: Ensure write completion on reset de/assertion (Konrad Dybcio) - clk: qcom: reset: Commonize the de/assert functions (Konrad Dybcio) - clk: qcom: reset: support resetting multiple bits (Robert Marko) - clk: qcom: reset: Allow specifying custom reset delay (Stephan Gerhold) - media: edia: dvbdev: fix a use-after-free (Zhipeng Lu) - media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity (Zhipeng Lu) - media: v4l2-tpg: fix some memleaks in tpg_alloc (Zhipeng Lu) - media: em28xx: annotate unchecked call to media_device_register() (Nikita Zhandarovich) - perf evsel: Fix duplicate initialization of data->id in evsel__parse_sample() (Yang Jihong) - drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()' (Srinivasan Shanmugam) - perf record: Fix possible incorrect free in record__switch_output() (Yang Jihong) - PCI/DPC: Print all TLP Prefixes, not just the first (Ilpo Jarvinen) - media: tc358743: register v4l2 async device only after successful setup (Alexander Stein) - dmaengine: tegra210-adma: Update dependency to ARCH_TEGRA (Peter Robinson) - drm/rockchip: lvds: do not overwrite error code (Quentin Schulz) - drm: Don't treat 0 as -1 in drm_fixp2int_ceil (Harry Wentland) - drm/rockchip: inno_hdmi: Fix video timing (Alex Bee) - drm/tegra: output: Fix missing i2c_put_adapter() in the error handling paths of tegra_output_probe() (Christophe JAILLET) - drm/tegra: dsi: Fix missing pm_runtime_disable() in the error handling path of tegra_dsi_probe() (Christophe JAILLET) - drm/tegra: dsi: Fix some error handling paths in tegra_dsi_probe() (Christophe JAILLET) - drm/tegra: dsi: Make use of the helper function dev_err_probe() (Cai Huoqing) - gpu: host1x: mipi: Update tegra_mipi_request() to be node based (Sowjanya Komatineni) - drm/tegra: dsi: Add missing check for of_find_device_by_node (Chen Ni) - dm: call the resume method on internal suspend (Mikulas Patocka) - dm raid: fix false positive for requeue needed during reshape (Ming Lei) - nfp: flower: handle acti_netdevs allocation failure (Duoming Zhou) - net/x25: fix incorrect parameter validation in the x25_getsockopt() function (Gavrilov Ilia) - net: kcm: fix incorrect parameter validation in the kcm_getsockopt) function (Gavrilov Ilia) - udp: fix incorrect parameter validation in the udp_lib_getsockopt() function (Gavrilov Ilia) - l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (Gavrilov Ilia) - tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (Gavrilov Ilia) - net: hns3: fix port duplex configure error in IMP reset (Jie Wang) - net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv() (Eric Dumazet) - ipv6: fib6_rules: flush route cache when rule is changed (Shiming Cheng) - bpf: Fix stackmap overflow check on 32-bit arches (Toke Hoiland-Jorgensen) - bpf: Fix hashtab overflow check on 32-bit arches (Toke Hoiland-Jorgensen) - sr9800: Add check for usbnet_get_endpoints (Chen Ni) - Bluetooth: hci_core: Fix possible buffer overflow (Luiz Augusto von Dentz) - Bluetooth: Remove superfluous call to hci_conn_check_pending() (Jonas Dressler) - igb: Fix missing time sync events (Vinicius Costa Gomes) - igb: move PEROUT and EXTTS isr logic to separate functions (Ruud Bos) - mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function (Christophe JAILLET) - SUNRPC: fix some memleaks in gssx_dec_option_array (Zhipeng Lu) - x86, relocs: Ignore relocations in .notes section (Kees Cook) - ACPI: scan: Fix device check notification handling (Rafael J. Wysocki) - ARM: dts: imx6dl-yapp4: Move the internal switch PHYs under the switch node (Michal Vokac) - ARM: dts: imx6dl-yapp4: Fix typo in the QCA switch register address (Michal Vokac) - ARM: dts: imx6dl-yapp4: Move phy reset into switch node (Michal Vokac) - ARM: dts: arm: realview: Fix development chip ROM compatible value (Geert Uytterhoeven) - net: ena: Remove ena_select_queue (Kamal Heib) - net: ena: cosmetic: fix line break issues (Arthur Kiyanovski) - wifi: brcmsmac: avoid function pointer casts (Arnd Bergmann) - iommu/amd: Mark interrupt as managed (Mario Limonciello) - bus: tegra-aconnect: Update dependency to ARCH_TEGRA (Peter Robinson) - ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() (Armin Wolf) - arm64: dts: qcom: msm8996: Pad addresses (Bjorn Andersson) - arm64: dts: qcom: msm8996: Move regulator consumers to db820c (Bjorn Andersson) - arm64: dts: qcom: msm8996: Use node references in db820c (Bjorn Andersson) - arm64: dts: qcom: db820c: Move non-soc entries out of /soc (Bjorn Andersson) - bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly (Yonghong Song) - bpf: Factor out bpf_spin_lock into helpers. (Alexei Starovoitov) - arm64: dts: mediatek: mt7622: add missing 'device_type' to memory nodes (Rafal Milecki) - wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() (Zhipeng Lu) - net: blackhole_dev: fix build warning for ethh set but not used (Breno Leitao) - af_unix: Annotate data-race of gc_in_progress in wait_for_unix_gc(). (Kuniyuki Iwashima) - sock_diag: annotate data-races around sock_diag_handlers[family] (Eric Dumazet) - wifi: mwifiex: debugfs: Drop unnecessary error check for debugfs_create_dir() (Jinjie Ruan) - wifi: wilc1000: fix RCU usage in connect path (Alexis Lothore) - wifi: wilc1000: fix declarations ordering (Alexis Lothore) - wifi: b43: Disable QoS for bcm4331 (Rahul Rameshbabu) - wifi: b43: Stop correct queue in DMA worker when QoS is disabled (Rahul Rameshbabu) - b43: main: Fix use true/false for bool type (Saurav Girepunje) - wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled (Rahul Rameshbabu) - wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled (Rahul Rameshbabu) - b43: dma: Fix use true/false for bool type variable (Saurav Girepunje) - wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (Xingyuan Mo) - timekeeping: Fix cross-timestamp interpolation for non-x86 (Peter Hilber) - timekeeping: Fix cross-timestamp interpolation corner case decision (Peter Hilber) - timekeeping: Fix cross-timestamp interpolation on counter wrap (Peter Hilber) - aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts (Chun-Yi Lee) - fs/select: rework stack allocation hack for clang (Arnd Bergmann) - do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak (Nikita Zhandarovich) - ASoC: wm8962: Fix up incorrect error message in wm8962_set_fll (Stuart Henderson) - ASoC: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode (Stuart Henderson) - ASoC: wm8962: Enable oscillator if selecting WM8962_FLL_OSC (Stuart Henderson) - Input: gpio_keys_polled - suppress deferred probe error for gpio (Uwe Kleine-Konig) - ASoC: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet (Alban Boye) - firewire: core: use long bus reset on gap count error (Takashi Sakamoto) - Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security (Yuxuan Hu) - scsi: mpt3sas: Prevent sending diag_reset when the controller is ready (Ranjan Kumar) - btrfs: fix data race at btrfs_use_block_rsv() when accessing block reserve (Filipe Manana) - dm-verity, dm-crypt: align 'struct bvec_iter' correctly (Mikulas Patocka) - block: sed-opal: handle empty atoms when parsing response (Greg Joyce) - parisc/ftrace: add missing CONFIG_DYNAMIC_FTRACE check (Max Kellermann) - net/iucv: fix the allocation size of iucv_path_table array (Alexander Gordeev) - RDMA/mlx5: Relax DEVX access upon modify commands (Yishai Hadas) - HID: multitouch: Add required quirk for Synaptics 0xcddc device (Manuel Fombuena) - MIPS: Clear Cause.BD in instruction_pointer_set (Jiaxun Yang) - x86/xen: Add some null pointer checking to smp.c (Kunwu Chan) - ASoC: rt5645: Make LattePanda board DMI match more precise (Hans de Goede) - selftests: tls: use exact comparison in recv_partial (Jakub Kicinski) - LTS tag: v5.4.272 (Sherry Yang) - serial: max310x: fix IO data corruption in batched operations (Jan Kundrat) - serial: max310x: implement I2C support (Cosmin Tanislav) - serial: max310x: make accessing revision id interface-agnostic (Cosmin Tanislav) - regmap: Add bulk read/write callbacks into regmap_config (Marek Vasut) - regmap: allow to define reg_update_bits for no bus configuration (Ansuel Smith) - serial: max310x: Unprepare and disable clock in error path (Andy Shevchenko) - getrusage: use sig->stats_lock rather than lock_task_sighand() (Oleg Nesterov) - getrusage: use __for_each_thread() (Oleg Nesterov) - getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand() (Oleg Nesterov) - getrusage: add the 'signal_struct *sig' local variable (Oleg Nesterov) - y2038: rusage: use __kernel_old_timeval (Arnd Bergmann) - Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU (Werner Sembach) - serial: max310x: prevent infinite while() loop in port startup (Hugo Villeneuve) - serial: max310x: use a separate regmap for each port (Cosmin Tanislav) - serial: max310x: use regmap methods for SPI batch operations (Cosmin Tanislav) - serial: max310x: Make use of device properties (Andy Shevchenko) - serial: max310x: fail probe if clock crystal is unstable (Hugo Villeneuve) - serial: max310x: Try to get crystal clock rate from property (Andy Shevchenko) - serial: max310x: Use devm_clk_get_optional() to get the input clock (Andy Shevchenko) - um: allow not setting extra rpaths in the linux binary (Johannes Berg) - selftests: mm: fix map_hugetlb failure on 64K page size systems (Nico Pache) - netrom: Fix data-races around sysctl_net_busy_read (Jason Xing) - netrom: Fix a data-race around sysctl_netrom_link_fails_count (Jason Xing) - netrom: Fix a data-race around sysctl_netrom_routing_control (Jason Xing) - netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout (Jason Xing) - netrom: Fix a data-race around sysctl_netrom_transport_requested_window_size (Jason Xing) - netrom: Fix a data-race around sysctl_netrom_transport_busy_delay (Jason Xing) - netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay (Jason Xing) - netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries (Jason Xing) - netrom: Fix a data-race around sysctl_netrom_transport_timeout (Jason Xing) - netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser (Jason Xing) - netrom: Fix a data-race around sysctl_netrom_obsolescence_count_initialiser (Jason Xing) - netrom: Fix a data-race around sysctl_netrom_default_path_quality (Jason Xing) - netfilter: nf_conntrack_h323: Add protection for bmp length out of range (Lena Wang) - net/ipv6: avoid possible UAF in ip6_route_mpath_notify() (Eric Dumazet) - net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() (Rand Deeb) - geneve: make sure to pull inner header in geneve_rx() (Eric Dumazet) - ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able (Maciej Fijalkowski) - net: lan78xx: fix runtime PM count underflow on link stop (Oleksij Rempel) - lan78xx: Fix race conditions in suspend/resume handling (John Efstathiades) - lan78xx: Fix partial packet errors on suspend/resume (John Efstathiades) - lan78xx: Add missing return code checks (John Efstathiades) - lan78xx: Fix white space and style issues (John Efstathiades) - LTS tag: v5.4.271 (Sherry Yang) - gpio: 74x164: Enable output pins after registers are reset (Arturas Moskvinas) - fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super (Oscar Salvador) - cachefiles: fix memory leak in cachefiles_add_cache() (Baokun Li) - x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (Paolo Bonzini) - mmc: core: Fix eMMC initialization with 1-bit bus connection (Ivan Semenov) - dmaengine: fsl-qdma: init irq after reg initialization (Curtis Klein) - dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read (Peng Ma) - btrfs: dev-replace: properly validate device names (David Sterba) - wifi: nl80211: reject iftype change with mesh ID change (Johannes Berg) - gtp: fix use-after-free and null-ptr-deref in gtp_newlink() (Alexander Ofitserov) - ALSA: Drop leftover snd-rtctimer stuff from Makefile (Takashi Iwai) - power: supply: bq27xxx-i2c: Do not free non existing IRQ (Hans de Goede) - efi/capsule-loader: fix incorrect allocation size (Arnd Bergmann) - rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back (Lin Ma) - Bluetooth: Enforce validation on max value of connection interval (Kai-Heng Feng) - Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST (Luiz Augusto von Dentz) - Bluetooth: Avoid potential use-after-free in hci_error_reset (Ying Hsu) - net: usb: dm9601: fix wrong return value in dm9601_mdio_read (Javier Carrasco) - lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected (Oleksij Rempel) - ipv6: fix potential 'struct net' leak in inet6_rtm_getaddr() (Eric Dumazet) - tun: Fix xdp_rxq_info's queue_index when detaching (Yunjian Wang) - net: ip_tunnel: prevent perpetual headroom growth (Florian Westphal) - netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter (Ryosuke Yasuoka) - LTS tag: v5.4.270 (Sherry Yang) - fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio (Bart Van Assche) - drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set (Erik Kurzinger) - drm/syncobj: make lockdep complain on WAIT_FOR_SUBMIT v3 (Christian Konig) - tls: stop recv() if initial process_rx_list gave us non-DATA (Sabrina Dubroca) - tls: rx: drop pointless else after goto (Jakub Kicinski) - tls: rx: jump to a more appropriate label (Jakub Kicinski) - s390: use the correct count for __iowrite64_copy() (Jason Gunthorpe) - packet: move from strlcpy with unused retval to strscpy (Wolfram Sang) - ipv6: sr: fix possible use-after-free and null-ptr-deref (Vasiliy Kovalev) - afs: Increase buffer size in afs_update_volume_status() (Daniil Dulov) - ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (Eric Dumazet) - ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid (Eric Dumazet) - nouveau: fix function cast warnings (Arnd Bergmann) - scsi: jazz_esp: Only build if SCSI core is builtin (Randy Dunlap) - bpf, scripts: Correct GPL license name (Gianmarco Lusvardi) - scripts/bpf: teach bpf_helpers_doc.py to dump BPF helper definitions (Andrii Nakryiko) - RDMA/srpt: fix function pointer cast warnings (Arnd Bergmann) - RDMA/srpt: Make debug output more detailed (Bart Van Assche) - RDMA/bnxt_re: Return error for SRQ resize (Kalesh AP) - IB/hfi1: Fix a memleak in init_credit_return (Zhipeng Lu) - usb: roles: don't get/set_role() when usb_role_switch is unregistered (Xu Yang) - usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs (Krishna Kurapati) - usb: cdns3: fix memory double free when handle zero packet (Frank Li) - usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() (Frank Li) - ARM: ep93xx: Add terminator to gpiod_lookup_table (Nikita Shubin) - l2tp: pass correct message length to ip6_append_data (Tom Parkin) - PCI/MSI: Prevent MSI hardware interrupt number truncation (Vidya Sagar) - gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() (Vasiliy Kovalev) - dm-crypt: don't modify the data when using authenticated encryption (Mikulas Patocka) - IB/hfi1: Fix sdma.h tx->num_descs off-by-one error (Daniel Vacek) - PCI: tegra: Fix OF node reference leak (Christophe JAILLET) - PCI: tegra: Fix reporting GPIO error value (Pali Rohar) - arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node (Sireesh Kodali) - drm/amdgpu: Fix type of second parameter in trans_msg() callback (Nathan Chancellor) - iomap: Set all uptodate bits for an Uptodate page (Matthew Wilcox (Oracle)) - dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata() (Mikulas Patocka) - x86/alternatives: Disable KASAN in apply_alternatives() (Kirill A. Shutemov) - drm/amdgpu: Check for valid number of registers to read (Trek) - Revert 'drm/sun4i: dsi: Change the start delay calculation' (Icenowy Zheng) - ALSA: hda/realtek - Enable micmute LED on and HP system (Kai-Heng Feng) - selftests/bpf: Avoid running unprivileged tests with alignment requirements (Bjorn Topel) - net: bridge: clear bridge's private skb space on xmit (Nikolay Aleksandrov) - spi: mt7621: Fix an error message in mt7621_spi_probe() (Christophe JAILLET) - pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups (Miaoqian Lin) - pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc misdemeanours (Lee Jones) - tcp: add annotations around sk->sk_shutdown accesses (Eric Dumazet) - tcp: return EPOLLOUT from tcp_poll only when notsent_bytes is half the limit (Soheil Hassas Yeganeh) - tcp: factor out __tcp_close() helper (Paolo Abeni) - pmdomain: renesas: r8a77980-sysc: CR7 must be always on (Geert Uytterhoeven) - s390/qeth: Fix potential loss of L3-IP@ in case of network issues (Alexandra Winter) - virtio-blk: Ensure no requests in virtqueues before deleting vqs. (Yi Sun) - firewire: core: send bus reset promptly on gap count error (Takashi Sakamoto) - scsi: lpfc: Use unsigned type for num_sge (Hannes Reinecke) - hwmon: (coretemp) Enlarge per package core count limit (Zhang Rui) - nvmet-fc: abort command when there is no binding (Daniel Wagner) - netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new (Xin Long) - ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 (Chen-Yu Tsai) - nvmet-tcp: fix nvme tcp ida memory leak (Guixin Liu) - regulator: pwm-regulator: Add validity checks in continuous .get_voltage (Martin Blumenstingl) - ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (Baokun Li) - ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() (Baokun Li) - ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers (Lennert Buytenhek) - ahci: asm1166: correct count of reported ports (Conrad Kostecki) - fbdev: sis: Error out if pixclock equals zero (Fullway Wang) - fbdev: savage: Error out if pixclock equals zero (Fullway Wang) - wifi: mac80211: fix race condition on enabling fast-xmit (Felix Fietkau) - wifi: cfg80211: fix missing interfaces when dumping (Michal Kazior) - dmaengine: fsl-qdma: increase size of 'irq_name' (Vinod Koul) - dmaengine: shdma: increase size of 'dev_id' (Vinod Koul) - scsi: target: core: Add TMF to tmr_list handling (Dmitry Bogdanov) - sched/rt: Disallow writing invalid values to sched_rt_period_us (Cyril Hrubis) - sched/rt: Fix sysctl_sched_rr_timeslice intial value (Cyril Hrubis) - userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb (Lokesh Gidra) - nilfs2: replace WARN_ONs for invalid DAT metadata block requests (Ryusuke Konishi) - sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset (Cyril Hrubis) - KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler (Oliver Upton) - KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() (Oliver Upton) [5.4.17-2136.331.2] - uek-rpm: ol7, ol8: add vmlinux-nano.ctfa building (Nick Alcock) [Orabug: 35266053] - ctf: add ctf-nano, ctf containing only some modules' CTF (Nick Alcock) [Orabug: 35266053] - RDMA/cm: add timeout to cm_destroy_id wait (Manjunath Patil) [Orabug: 36280586] - rds: Add count for ready receive cache (Hans Westgaard Ry) [Orabug: 36360482] - mm/hwpoison: fix error page recovered but reported 'not recovered' (Naoya Horiguchi) [Orabug: 36436639] - mm,hwpoison: check mm when killing accessing process (Shuai Xue) [Orabug: 36436639] - mm,hwpoison: send SIGBUS with error virutal address (Naoya Horiguchi) [Orabug: 36436639] - mm,hwpoison: return -EHWPOISON to denote that the page has already been poisoned (Aili Yao) [Orabug: 36436639] - mm/memory-failure: use a mutex to avoid memory_failure() races (Tony Luck) [Orabug: 36436639] [5.4.17-2136.331.1] - Revert 'mmc: core: Use mrq.sbc in close-ended ffu' (Thomas Tai) [Orabug: 36446450] - ext4: fix corruption during on-line resize (Maximilian Heyne) [Orabug: 36342902] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-2201 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::UEKR6 cpe:/o:oracle:linux:8:9:baseos_patch cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 7 [4.14.35-2047.536.5] - mmc: core: Fix switch on gp3 partition (Dominique Martinet) - Revert 'Revert 'md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d'' (Song Liu) - mm/memory-failure: fix an incorrect use of tail pages (Liu Shixin) - Revert 'x86/mm/ident_map: Use gbpages only where full GB page should be mapped.' (Ingo Molnar) - sched/fair: More accurate reweight_entity() (Peter Zijlstra) [Orabug: 36468903] - sched/fair: Introduce {en,de}queue_load_avg() (Peter Zijlstra) [Orabug: 36468903] - sched/fair: Rename {en,de}queue_entity_load_avg() (Peter Zijlstra) [Orabug: 36468903] - sched/fair: Move enqueue migrate handling (Peter Zijlstra) [Orabug: 36468903] - sched/fair: Change update_load_avg() arguments (Peter Zijlstra) [Orabug: 36468903] - sched/fair: Remove se->load.weight from se->avg.load_sum (Peter Zijlstra) [Orabug: 36468903] - sched/fair: Cure calc_cfs_shares() vs. reweight_entity() (Peter Zijlstra) [Orabug: 36468903] - sched/fair: Add comment to calc_cfs_shares() (Peter Zijlstra) [Orabug: 36468903] - sched/fair: Clean up calc_cfs_shares() (Peter Zijlstra) [Orabug: 36468903] - rds/rdma: Fix congestion value for userspace consumption (Juan Garcia) [Orabug: 36264644] - rds: Include transport protocol name in rds-info -k output (Juan Garcia) [Orabug: 36264644] [4.14.35-2047.536.4] - rds/rdma: print connection up/down time while dropping/connecting (Juan Garcia) [Orabug: 36264661] - bonding: rate-limit bonding driver inspect messages (Praveen Kumar Kannoju) [Orabug: 36223525] [4.14.35-2047.536.3] - Revert 'net/sched: Retire CBQ qdisc' (Saeed Mirzamohammadi) - Revert 'net/sched: Retire ATM qdisc' (Saeed Mirzamohammadi) - Revert 'net/sched: Retire dsmark qdisc' (Saeed Mirzamohammadi) [4.14.35-2047.536.2] - netfilter: nf_tables: reject QUEUE/DROP verdict parameters (Florian Westphal) [Orabug: 36466544] {CVE-2024-1086} - RDMA/cm: add timeout to cm_destroy_id wait (Manjunath Patil) [Orabug: 36280065] - mm: avoid heavy swap lock contention when unmapping with ktask (Anthony Yznaga) [Orabug: 36201622] - mm: use less threads when unmapping some large VMAs (Anthony Yznaga) [Orabug: 36201622] - LTS version: v4.14.341 (Yifei Liu) - gpio: 74x164: Enable output pins after registers are reset (Arturas Moskvinas) - cachefiles: fix memory leak in cachefiles_add_cache() (Baokun Li) - mmc: core: Fix eMMC initialization with 1-bit bus connection (Ivan Semenov) - btrfs: dev-replace: properly validate device names (David Sterba) - wifi: nl80211: reject iftype change with mesh ID change (Johannes Berg) - gtp: fix use-after-free and null-ptr-deref in gtp_newlink() (Alexander Ofitserov) - ALSA: Drop leftover snd-rtctimer stuff from Makefile (Takashi Iwai) - power: supply: bq27xxx-i2c: Do not free non existing IRQ (Hans de Goede) - efi/capsule-loader: fix incorrect allocation size (Arnd Bergmann) - Bluetooth: Enforce validation on max value of connection interval (Kai-Heng Feng) - Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST (Luiz Augusto von Dentz) - Bluetooth: Avoid potential use-after-free in hci_error_reset (Ying Hsu) - net: usb: dm9601: fix wrong return value in dm9601_mdio_read (Javier Carrasco) - lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected (Oleksij Rempel) - netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter (Ryosuke Yasuoka) - LTS version: v4.14.340 (Yifei Liu) - fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio (Bart Van Assche) - KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() (Oliver Upton) - PCI/MSI: Prevent MSI hardware interrupt number truncation (Vidya Sagar) - s390: use the correct count for __iowrite64_copy() (Jason Gunthorpe) - packet: move from strlcpy with unused retval to strscpy (Wolfram Sang) - ipv6: sr: fix possible use-after-free and null-ptr-deref (Vasiliy Kovalev) - nouveau: fix function cast warnings (Arnd Bergmann) - scsi: jazz_esp: Only build if SCSI core is builtin (Randy Dunlap) - RDMA/srpt: fix function pointer cast warnings (Arnd Bergmann) - RDMA/srpt: Support specifying the srpt_service_guid parameter (Bart Van Assche) - IB/hfi1: Fix a memleak in init_credit_return (Zhipeng Lu) - usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs (Krishna Kurapati) - l2tp: pass correct message length to ip6_append_data (Tom Parkin) - gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() (Vasiliy Kovalev) - dm-crypt: don't modify the data when using authenticated encryption (Mikulas Patocka) - mm: memcontrol: switch to rcu protection in drain_all_stock() (Roman Gushchin) - s390/qeth: Fix potential loss of L3-IP@ in case of network issues (Alexandra Winter) - virtio-blk: Ensure no requests in virtqueues before deleting vqs. (Yi Sun) - firewire: core: send bus reset promptly on gap count error (Takashi Sakamoto) - hwmon: (coretemp) Enlarge per package core count limit (Zhang Rui) - regulator: pwm-regulator: Add validity checks in continuous .get_voltage (Martin Blumenstingl) - ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (Baokun Li) - ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() (Baokun Li) - ahci: asm1166: correct count of reported ports (Conrad Kostecki) - fbdev: sis: Error out if pixclock equals zero (Fullway Wang) - fbdev: savage: Error out if pixclock equals zero (Fullway Wang) - wifi: mac80211: fix race condition on enabling fast-xmit (Felix Fietkau) - wifi: cfg80211: fix missing interfaces when dumping (Michal Kazior) - dmaengine: shdma: increase size of 'dev_id' (Vinod Koul) - scsi: target: core: Add TMF to tmr_list handling (Dmitry Bogdanov) - sched/rt: Disallow writing invalid values to sched_rt_period_us (Cyril Hrubis) - sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset (Cyril Hrubis) - sched/rt: Fix sysctl_sched_rr_timeslice intial value (Cyril Hrubis) - nilfs2: replace WARN_ONs for invalid DAT metadata block requests (Ryusuke Konishi) - memcg: add refcnt for pcpu stock to avoid UAF problem in drain_all_stock() (GONG, Ruiqi) - net/sched: Retire dsmark qdisc (Jamal Hadi Salim) - net/sched: Retire ATM qdisc (Jamal Hadi Salim) - net/sched: Retire CBQ qdisc (Jamal Hadi Salim) - LTS version: v4.14.339 (Yifei Liu) - PCI: Only override AMD USB controller if required (Guilherme G. Piccoli) - netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() (Dan Carpenter) - lsm: new security_file_ioctl_compat() hook (Alfred Piccioni) - nilfs2: fix potential bug in end_buffer_async_write (Ryusuke Konishi) - sched/membarrier: reduce the ability to hammer on sys_membarrier (Linus Torvalds) - Revert 'md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d' (Junxiao Bi) - pmdomain: core: Move the unused cleanup to a _sync initcall (Konrad Dybcio) - irqchip/irq-brcmstb-l2: Add write memory barrier before exit (Doug Berger) - nfp: use correct macro for LengthSelect in BAR config (Daniel Basilio) - nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() (Ryusuke Konishi) - nilfs2: fix data corruption in dsync block recovery for small block sizes (Ryusuke Konishi) - ALSA: hda/conexant: Add quirk for SWS JS201D (bo liu) - x86/mm/ident_map: Use gbpages only where full GB page should be mapped. (Steve Wahl) - staging: iio: ad5933: fix type mismatch regression (David Schiller) - ext4: fix double-free of blocks due to wrong extents moved_len (Baokun Li) - nfc: nci: free rx_data_reassembly skb on NCI device cleanup (Fedor Pchelkin) - firewire: core: correct documentation of fw_csr_string() kernel API (Takashi Sakamoto) - scsi: Revert 'scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock' (Lee Duncan) - usb: f_mass_storage: forbid async queue when shutdown happen (yuan linyu) - USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT (Oliver Neukum) - HID: wacom: Do not register input devices until after hid_hw_start (Jason Gerecke) - HID: wacom: generic: Avoid reporting a serial of '0' to userspace (Tatsunosuke Tobita) - mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again (Zach O'Keefe) - tracing/trigger: Fix to return error if failed to alloc snapshot (Masami Hiramatsu (Google)) - i40e: Fix waiting for queues of all VSIs to be disabled (Ivan Vecera) - MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler (Guenter Roeck) path for statistics (Breno Leitao) - Documentation: net-sysfs: describe missing statistics (Julian Wiedmann) - ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() (Alexey Khoroshilov) - spi: ppc4xx: Drop write-only variable (Uwe Kleine-Konig) - btrfs: send: return EOPNOTSUPP on unknown flags (David Sterba) - vhost: use kzalloc() instead of kmalloc() followed by memset() (Prathu Baronia) - Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID (Hans de Goede) - USB: serial: cp210x: add ID for IMST iM871A-USB (Leonard Dallmayr) - USB: serial: option: add Fibocom FM101-GL variant (Puliang Lu) - USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e (JackBB Wu) - net/af_iucv: clean up a try_then_request_module() (Julian Wiedmann) - netfilter: nft_compat: restrict match/target protocol to u16 (Pablo Neira Ayuso) - netfilter: nft_compat: reject unused compat flag (Pablo Neira Ayuso) - ppp_async: limit MRU to 64K (Eric Dumazet) - tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (Shigeru Yoshida) - rxrpc: Fix response to PING RESPONSE ACKs to a dead call (David Howells) - inet: read sk->sk_family once in inet_recv_error() (Eric Dumazet) - hwmon: (aspeed-pwm-tacho) mutex for tach reading (Loic Prylli) - atm: idt77252: fix a memleak in open_card_ubr0 (Zhipeng Lu) - phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (Tony Lindgren) - dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV (Frank Li) - bonding: remove print in bond_verify_device_path (Zhengchao Shao) - HID: apple: Add 2021 magic keyboard FN key mapping (Benjamin Berg) - HID: apple: Add support for the 2021 Magic Keyboard (Alex Henrie) - HID: apple: Swap the Fn and Left Control keys on Apple keyboards (free5lot) path (Breno Leitao) - af_unix: fix lockdep positive in sk_diag_dump_icons() (Eric Dumazet) - net: ipv4: fix a memleak in ip_setup_cork (Zhipeng Lu) - net: Fix one possible memleak in ip_setup_cork (Gao Feng) - netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger (Pablo Neira Ayuso) - llc: call sock_orphan() at release time (Eric Dumazet) - ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (Helge Deller) - ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550() (Christophe JAILLET) - ixgbe: Refactor overtemp event handling (Jedrzej Jagielski) - ixgbe: Remove non-inclusive language (Piotr Skajewski) - net: remove unneeded break (Tom Rix) - scsi: isci: Fix an error code problem in isci_io_request_build() (Su Hui) - wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update (Edward Adam Davis) - drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()' (Srinivasan Shanmugam) - ceph: fix deadlock or deadcode of misusing dget() (Xiubo Li) - virtio_net: Fix ''%d' directive writing between 1 and 11 bytes into a region of size 10' warnings (Zhu Yanjun) - libsubcmd: Fix memory leak in uniq() (Ian Rogers) - usb: hub: Replace hardcoded quirk value with BIT() macro (Hardik Gajjar) - mfd: ti_am335x_tscadc: Fix TI SoC dependencies (Peter Robinson) - um: net: Fix return type of uml_net_start_xmit() (Nathan Chancellor) - um: Don't use vfprintf() for os_info() (Benjamin Berg) - um: Fix naming clash between UML and scheduler (Anton Ivanov) - leds: trigger: panic: Don't register panic notifier if creating the trigger failed (Heiner Kallweit) - clk: mmp: pxa168: Fix memory leak in pxa168_clk_init() (Kuan-Wei Chiu) - clk: hi3620: Fix memory leak in hi3620_mmc_clk_init() (Kuan-Wei Chiu) - media: ddbridge: fix an error code problem in ddb_probe (Su Hui) - IB/ipoib: Fix mcast list locking (Daniel Vacek) - drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time (Douglas Anderson) - ALSA: hda: Intel: add HDA_ARL PCI ID support (Pierre-Louis Bossart) - ALSA: hda: Add Icelake PCI ID (Guneshwor Singh) - PCI: add INTEL_HDA_ARL to pci_ids.h (Pierre-Louis Bossart) - media: stk1160: Fixed high volume of stk1160_dbg messages (Ghanshyam Agrawal) - drm/mipi-dsi: Fix detach call without attach (Tomi Valkeinen) - drm/framebuffer: Fix use of uninitialized variable (Tomi Valkeinen) - drm/drm_file: fix use of uninitialized variable (Tomi Valkeinen) - RDMA/IPoIB: Fix error code return in ipoib_mcast_join (Jack Wang) - fast_dput(): handle underflows gracefully (Al Viro) - ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument (Cristian Ciocaltea) - wifi: cfg80211: free beacon_ies when overridden from hidden BSS (Benjamin Berg) - wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() (Su Hui) - wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices (Zenm Chen) - md: Whenassemble the array, consult the superblock of the freshest device (Alex Lyakas) - ARM: dts: imx23/28: Fix the DMA controller node name (Fabio Estevam) - ARM: dts: imx23-sansa: Use preferred i2c-gpios properties (Fabio Estevam) - ARM: dts: imx27-apf27dev: Fix LED name (Fabio Estevam) - ARM: dts: imx1: Fix sram node (Fabio Estevam) - ARM: dts: imx27: Fix sram node (Fabio Estevam) - ARM: dts: imx: Use flash@0,0 pattern (Fabio Estevam) - ARM: dts: imx25/27-eukrea: Fix RTC node name (Fabio Estevam) - ARM: dts: rockchip: fix rk3036 hdmi ports node (Johan Jonker) - scsi: libfc: Fix up timeout error in fc_fcp_rec_error() (Hannes Reinecke) - scsi: libfc: Don't schedule abort twice (Hannes Reinecke) - bpf: Add map and need_defer parameters to .map_fd_put_ptr() (Hou Tao) - wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (Minsuk Kang) - ARM: dts: imx7s: Fix nand-controller #size-cells (Alexander Stein) - ARM: dts: imx7s: Fix lcdif compatible (Alexander Stein) - bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk (Zhengchao Shao) - PCI: Add no PM reset quirk for NVIDIA Spectrum devices (Ido Schimmel) - scsi: lpfc: Fix possible file string name overflow when updating firmware (Justin Tee) - ext4: unify the type of flexbg_size to unsigned int (Baokun Li) - SUNRPC: Fix a suspicious RCU usage warning (Anna Schumaker) - KVM: s390: fix setting of fpc register (Heiko Carstens) - s390/ptrace: handle setting of fpc register correctly (Heiko Carstens) - jfs: fix array-index-out-of-bounds in diNewExt (Edward Adam Davis) - rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock() (Oleg Nesterov) - pstore/ram: Fix crash when setting number of cpus to an odd number (Weichen Chen) - jfs: fix uaf in jfs_evict_inode (Edward Adam Davis) - jfs: fix array-index-out-of-bounds in dbAdjTree (Manas Ghandat) - jfs: fix slab-out-of-bounds Read in dtSearch (Manas Ghandat) - UBSAN: array-index-out-of-bounds in dtSplitRoot (Osama Muhammad) - FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree (Osama Muhammad) - ACPI: extlog: fix NULL pointer dereference check (Prarit Bhargava) - PNP: ACPI: fix fortify warning (Dmitry Antipov) - ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop (Yuluo Qiu) - audit: Send netlink ACK before setting connection in auditd_set (Chris Riches) - powerpc/lib: Validate size for vector operations (Naveen N Rao) - powerpc/mm: Fix build failures due to arch_reserved_kernel_pages() (Michael Ellerman) - powerpc: Fix build error due to is_valid_bugaddr() (Michael Ellerman) - powerpc/mm: Fix null-pointer dereference in pgtable_cache_add (Kunwu Chan) - tick/sched: Preserve number of idle sleeps across CPU hotplug events (Tim Chen) - mips: Call lose_fpu(0) before initializing fcr31 in mips_set_personality_nan (Xi Ruoyao) - drm/bridge: nxp-ptn3460: simplify some error checking (Dan Carpenter) - drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking (Dan Carpenter) - drm: Don't unref the same fb many times by mistake due to deadlock handling (Ville Syrjala) - gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04 (Mario Limonciello) - btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args (Qu Wenruo) - btrfs: don't warn if discard range is not aligned to sector (David Sterba) - net: fec: fix the unhandled context fault from smmu (Shenwei Wang) - fjes: fix memleaks in fjes_hw_setup (Zhipeng Lu) - netfilter: nf_tables: restrict anonymous set and map names to 16 bytes (Florian Westphal) - net/mlx5e: fix a double-free in arfs_create_groups (Zhipeng Lu) - net/mlx5: Use kfree(ft->g) in arfs_create_groups() (Denis Efremov) - netlink: fix potential sleeping issue in mqueue_flush_file (Zhengchao Shao) - tcp: Add memory barrier to tcp_push() (Salvatore Dipietro) - net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv (Sharath Srinivasan) - llc: Drop support for ETH_P_TR_802_2. (Kuniyuki Iwashima) - llc: make llc_ui_sendmsg() more robust against bonding changes (Eric Dumazet) - vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING (Lin Ma) - drivers: core: fix kernel-doc markup for dev_err_probe() (Mauro Carvalho Chehab) - driver code: print symbolic error code (Michal Miroslaw) - Revert 'driver core: Annotate dev_err_probe() with __must_check' (Greg Kroah-Hartman) - driver core: Annotate dev_err_probe() with __must_check (Andy Shevchenko) - x86/CPU/AMD: Fix disabling XSAVES on AMD family 0x17 due to erratum (Maciej S. Szmigiero) - powerpc: Use always instead of always-y in for crtsavres.o (Nathan Chancellor) - block: Remove special-casing of compound pages (Matthew Wilcox (Oracle)) - parisc/firmware: Fix F-extend for PDC addresses (Helge Deller) - rpmsg: virtio: Free driver_override when rpmsg_remove() (Xiaolei Wang) - hwrng: core - Fix page fault dead lock on mmap-ed hwrng (Herbert Xu) - PM: hibernate: Enforce ordering during image compression/decompression (Hongchen Zhang) - crypto: api - Disallow identical driver names (Herbert Xu) - serial: sc16is7xx: add check for unsupported SPI modes during probe (Hugo Villeneuve) - spi: introduce SPI_MODE_X_MASK macro (Oleksij Rempel) - driver core: add device probe log helper (Andrzej Hajda) - serial: sc16is7xx: set safe default SPI clock frequency (Hugo Villeneuve) - units: add the HZ macros (Daniel Lezcano) - units: change from 'L' to 'UL' (Daniel Lezcano) - units: Add Watt units (Daniel Lezcano) - include/linux/units.h: add helpers for kelvin to/from Celsius conversion (Akinobu Mita) - PCI: mediatek: Clear interrupt status before dispatching handler (qizhong cheng) [4.14.35-2047.536.1] - ext4: fix corruption during on-line resize (Maximilian Heyne) [Orabug: 36242427] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1086 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::developer_UEKR5 cpe:/a:oracle:linux:7::UEKR5 cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.331.7.el7] - Revert 'tracing/trigger: Fix to return error if failed to alloc snapshot' (Siddh Raman Pant) - Revert 'selftests: mm: fix map_hugetlb failure on 64K page size systems' (Harshit Mogalapalli) [Orabug: 36584568] - Revert 'net/mlx5: Enable SW-defined RoCEv2 UDP source port' (Arumugam Kolappan) [Orabug: 36530159] - PCI: boot time optimization (Harman Kalra) [Orabug: 36553666] [5.4.17-2136.331.6.el7] - mm/memory-failure: fix an incorrect use of tail pages (Liu Shixin) - fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion (Bart Van Assche) - ahci: asm1064: asm1166: don't limit reported ports (Conrad Kostecki) - ahci: asm1064: correct count of reported ports (Andrey Jr. Melnikov) - mmc: core: Fix switch on gp3 partition (Dominique Martinet) - Revert 'Revert 'md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d'' (Song Liu) - serial: max310x: fix NULL pointer dereference in I2C instantiation (Hugo Villeneuve) - bonding: rate-limit bonding driver inspect messages (Praveen Kumar Kannoju) [Orabug: 36250568] - rds/rdma: Fix congestion value for userspace consumption (Juan Garcia) [Orabug: 36264652] - rds: Include transport protocol name in rds-info -k output (Juan Garcia) [Orabug: 36264652] [5.4.17-2136.331.5.el7] - hwmon: (opbmc) E6/AST2600 platform enabled (Jan Zdarek) [Orabug: 36485646] - rds/ib: Disable WARN_ON() when system is going down (Hans Westgaard Ry) [Orabug: 36394488] - rds/rdma: print connection up/down time while dropping/connecting (Juan Garcia) [Orabug: 36264675] - rds: ib: Use fastreg QP if conn is down and handle FRWR CQE timeout (Hakon Bugge) [Orabug: 36236541] - rds: ib: Tear down QP when FRWR WRs fails (Hakon Bugge) [Orabug: 36236541] - rds: ib: Poll fastreg CQ before destroying (Hakon Bugge) [Orabug: 36236541] [5.4.17-2136.331.4.el7] - net/mlx5: Brute force GFP_NOIO (Hakon Bugge) [Orabug: 35436312] - RDMA/mlx5: Brute force GFP_NOIO (Hakon Bugge) [Orabug: 35436312] - RDMA/cm: Brute force GFP_NOIO (Hakon Bugge) [Orabug: 35436312] - RDMA/cma: Brute force GFP_NOIO (Hakon Bugge) [Orabug: 35436312] - rds: Brute force GFP_NOIO (Hakon Bugge) [Orabug: 35436312] - workqueue: Inherit NOIO and NOFS alloc flags (Hakon Bugge) [Orabug: 35436312] - KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36496846] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Pawan Gupta) [Orabug: 36496846] {CVE-2024-2201} - x86/bhi: Add BHI mitigation knob (Pawan Gupta) [Orabug: 36496846] {CVE-2024-2201} - x86/bhi: Enumerate Branch History Injection (BHI) bug (Pawan Gupta) [Orabug: 36496846] {CVE-2024-2201} - x86/bhi: Define SPEC_CTRL_BHI_DIS_S (Daniel Sneddon) [Orabug: 36496846] {CVE-2024-2201} - x86/bhi: Add support for clearing branch history at syscall entry (Pawan Gupta) [Orabug: 36496846] {CVE-2024-2201} - x86/cpufeature: Add missing leaf enumeration (Daniel Sneddon) [Orabug: 36496846] {CVE-2024-2201} - KVM: x86: Use a switch statement and macros in __feature_translate() (Jim Mattson) [Orabug: 36496846] {CVE-2024-2201} - KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace (Jim Mattson) [Orabug: 36496846] {CVE-2024-2201} - KVM: x86: Update KVM-only leaf handling to allow for 100% KVM-only leafs (Sean Christopherson) [Orabug: 36496846] {CVE-2024-2201} - x86/bugs: Use sysfs_emit() (Borislav Petkov) [Orabug: 36496846] {CVE-2024-2201} - x86/speculation: Reorder SRSO and GDS functions (Alexandre Chartre) [Orabug: 36496846] {CVE-2024-2201} - KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (Jim Mattson) [Orabug: 36496846] {CVE-2024-2201} - KVM: x86: Move reverse CPUID helpers to separate header file (Ricardo Koller) [Orabug: 36496846] {CVE-2024-2201} - KVM: x86: Fix implicit enum conversion goof in scattered reverse CPUID code (Sean Christopherson) [Orabug: 36496846] {CVE-2024-2201} - KVM: x86: Add support for reverse CPUID lookup of scattered features (Sean Christopherson) [Orabug: 36496846] {CVE-2024-2201} - x86/msr: Define new bits in TSX_FORCE_ABORT MSR (Pawan Gupta) [Orabug: 36496846] {CVE-2024-2201} - objtool: Add asm version of STACK_FRAME_NON_STANDARD (Josh Poimboeuf) [Orabug: 36496846] {CVE-2024-2201} - objtool: Only include valid definitions depending on source file type (Julien Thierry) [Orabug: 36496846] {CVE-2024-2201} [5.4.17-2136.331.3.el7] - LTS tag: v5.4.273 (Sherry Yang) - regmap: Add missing map->bus check (Marek Vasut) - spi: spi-mt65xx: Fix NULL pointer access in interrupt handler (Fei Shao) - bpf: report RCU QS in cpumap kthread (Yan Zhai) - rcu: add a helper to report consolidated flavor QS (Yan Zhai) - netfilter: nf_tables: do not compare internal table flags on updates (Pablo Neira Ayuso) - ARM: dts: sun8i-h2-plus-bananapi-m2-zero: add regulator nodes vcc-dram and vcc1v2 (Michael Klein) - octeontx2-af: Use separate handlers for interrupts (Subbaraya Sundeep) - net/bnx2x: Prevent access to a freed page in page_pool (Thinh Tran) - hsr: Handle failures in module init (Felix Maurer) - packet: annotate data-races around ignore_outgoing (Eric Dumazet) - hsr: Fix uninit-value access in hsr_get_node() (Shigeru Yoshida) - s390/vtime: fix average steal time calculation (Mete Durlu) - usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin (Colin Ian King) - staging: greybus: fix get_channel_from_mode() failure path (Dan Carpenter) - serial: 8250_exar: Don't remove GPIO device on suspend (Andy Shevchenko) - rtc: mt6397: select IRQ_DOMAIN instead of depending on it (Randy Dunlap) - kconfig: fix infinite loop when expanding a macro at the end of file (Masahiro Yamada) - tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT (Tudor Ambarus) - serial: max310x: fix syntax error in IRQ error message (Hugo Villeneuve) - tty: vt: fix 20 vs 0x20 typo in EScsiignore (Jiri Slaby (SUSE)) - afs: Revert 'afs: Hide silly-rename files from userspace' (David Howells) - NFS: Fix an off by one in root_nfs_cat() (Christophe JAILLET) - watchdog: stm32_iwdg: initialize default timeout (Ben Wolsieffer) - net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr() (Christophe JAILLET) - scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn (Arnd Bergmann) - RDMA/device: Fix a race between mad_client and cm_client init (Shifeng Li) - scsi: csiostor: Avoid function pointer casts (Arnd Bergmann) - ALSA: usb-audio: Stop parsing channels bits when all channels are found. (Johan Carlsson) - clk: Fix clk_core_get NULL dereference (Bryan O'Donoghue) - sparc32: Fix section mismatch in leon_pci_grpci (Sam Ravnborg) - backlight: lp8788: Fully initialize backlight_properties during probe (Daniel Thompson) - backlight: lm3639: Fully initialize backlight_properties during probe (Daniel Thompson) - backlight: da9052: Fully initialize backlight_properties during probe (Daniel Thompson) - backlight: lm3630a: Don't set bl->props.brightness in get_brightness (Luca Weiss) - backlight: lm3630a: Initialize backlight_properties on init (Luca Weiss) - powerpc/embedded6xx: Fix no previous prototype for avr_uart_send() etc. (Michael Ellerman) - drm/msm/dpu: add division of drm_display_mode's hskew parameter (Paloma Arellano) - powerpc/hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value checks (Kajol Jain) - drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip (Hsin-Yi Wang) - media: ttpci: fix two memleaks in budget_av_attach (Zhipeng Lu) - media: media/pci: rename VFL_TYPE_GRABBER to _VIDEO (Hans Verkuil) - media: go7007: fix a memleak in go7007_load_encoder (Zhipeng Lu) - media: dvb-frontends: avoid stack overflow warnings with clang (Arnd Bergmann) - media: pvrusb2: fix uaf in pvr2_context_set_notify (Edward Adam Davis) - drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int() (Srinivasan Shanmugam) - ASoC: meson: axg-tdm-interface: fix mclk setup without mclk-fs (Jerome Brunet) - mtd: rawnand: lpc32xx_mlc: fix irq handler prototype (Arnd Bergmann) - mtd: maps: physmap-core: fix flash size larger than 32-bit (Baruch Siach) - crypto: arm/sha - fix function cast warnings (Arnd Bergmann) - mfd: altera-sysmgr: Call of_node_put() only when of_parse_phandle() takes a ref (Peter Griffin) - mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref (Peter Griffin) - drm/tegra: put drm_gem_object ref on error in tegra_fb_create (Fedor Pchelkin) - clk: hisilicon: hi3519: Release the correct number of gates in hi3519_clk_unregister() (Christophe JAILLET) - PCI: Mark 3ware-9650SE Root Port Extended Tags as broken (Jorg Wedekind) - drm/mediatek: dsi: Fix DSI RGB666 formats and definitions (AngeloGioacchino Del Regno) - clk: qcom: dispcc-sdm845: Adjust internal GDSC wait times (Konrad Dybcio) - media: pvrusb2: fix pvr2_stream_callback casts (Arnd Bergmann) - media: pvrusb2: remove redundant NULL check (Daniil Dulov) - media: go7007: add check of return value of go7007_read_addr() (Daniil Dulov) - media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak (Lucas Stach) - perf stat: Avoid metric-only segv (Ian Rogers) - ALSA: seq: fix function cast warnings (Takashi Iwai) - drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode() (Nikita Zhandarovich) - perf thread_map: Free strlist on normal path in thread_map__new_by_tid_str() (Yang Jihong) - PCI: switchtec: Fix an error handling path in switchtec_pci_probe() (Christophe JAILLET) - quota: Fix rcu annotations of inode dquot pointers (Jan Kara) - quota: Fix potential NULL pointer dereference (Wang Jianjian) - quota: simplify drop_dquot_ref() (Baokun Li) - clk: qcom: reset: Ensure write completion on reset de/assertion (Konrad Dybcio) - clk: qcom: reset: Commonize the de/assert functions (Konrad Dybcio) - clk: qcom: reset: support resetting multiple bits (Robert Marko) - clk: qcom: reset: Allow specifying custom reset delay (Stephan Gerhold) - media: edia: dvbdev: fix a use-after-free (Zhipeng Lu) - media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity (Zhipeng Lu) - media: v4l2-tpg: fix some memleaks in tpg_alloc (Zhipeng Lu) - media: em28xx: annotate unchecked call to media_device_register() (Nikita Zhandarovich) - perf evsel: Fix duplicate initialization of data->id in evsel__parse_sample() (Yang Jihong) - drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()' (Srinivasan Shanmugam) - perf record: Fix possible incorrect free in record__switch_output() (Yang Jihong) - PCI/DPC: Print all TLP Prefixes, not just the first (Ilpo Jarvinen) - media: tc358743: register v4l2 async device only after successful setup (Alexander Stein) - dmaengine: tegra210-adma: Update dependency to ARCH_TEGRA (Peter Robinson) - drm/rockchip: lvds: do not overwrite error code (Quentin Schulz) - drm: Don't treat 0 as -1 in drm_fixp2int_ceil (Harry Wentland) - drm/rockchip: inno_hdmi: Fix video timing (Alex Bee) - drm/tegra: output: Fix missing i2c_put_adapter() in the error handling paths of tegra_output_probe() (Christophe JAILLET) - drm/tegra: dsi: Fix missing pm_runtime_disable() in the error handling path of tegra_dsi_probe() (Christophe JAILLET) - drm/tegra: dsi: Fix some error handling paths in tegra_dsi_probe() (Christophe JAILLET) - drm/tegra: dsi: Make use of the helper function dev_err_probe() (Cai Huoqing) - gpu: host1x: mipi: Update tegra_mipi_request() to be node based (Sowjanya Komatineni) - drm/tegra: dsi: Add missing check for of_find_device_by_node (Chen Ni) - dm: call the resume method on internal suspend (Mikulas Patocka) - dm raid: fix false positive for requeue needed during reshape (Ming Lei) - nfp: flower: handle acti_netdevs allocation failure (Duoming Zhou) - net/x25: fix incorrect parameter validation in the x25_getsockopt() function (Gavrilov Ilia) - net: kcm: fix incorrect parameter validation in the kcm_getsockopt) function (Gavrilov Ilia) - udp: fix incorrect parameter validation in the udp_lib_getsockopt() function (Gavrilov Ilia) - l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (Gavrilov Ilia) - tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (Gavrilov Ilia) - net: hns3: fix port duplex configure error in IMP reset (Jie Wang) - net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv() (Eric Dumazet) - ipv6: fib6_rules: flush route cache when rule is changed (Shiming Cheng) - bpf: Fix stackmap overflow check on 32-bit arches (Toke Hoiland-Jorgensen) - bpf: Fix hashtab overflow check on 32-bit arches (Toke Hoiland-Jorgensen) - sr9800: Add check for usbnet_get_endpoints (Chen Ni) - Bluetooth: hci_core: Fix possible buffer overflow (Luiz Augusto von Dentz) - Bluetooth: Remove superfluous call to hci_conn_check_pending() (Jonas Dressler) - igb: Fix missing time sync events (Vinicius Costa Gomes) - igb: move PEROUT and EXTTS isr logic to separate functions (Ruud Bos) - mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function (Christophe JAILLET) - SUNRPC: fix some memleaks in gssx_dec_option_array (Zhipeng Lu) - x86, relocs: Ignore relocations in .notes section (Kees Cook) - ACPI: scan: Fix device check notification handling (Rafael J. Wysocki) - ARM: dts: imx6dl-yapp4: Move the internal switch PHYs under the switch node (Michal Vokac) - ARM: dts: imx6dl-yapp4: Fix typo in the QCA switch register address (Michal Vokac) - ARM: dts: imx6dl-yapp4: Move phy reset into switch node (Michal Vokac) - ARM: dts: arm: realview: Fix development chip ROM compatible value (Geert Uytterhoeven) - net: ena: Remove ena_select_queue (Kamal Heib) - net: ena: cosmetic: fix line break issues (Arthur Kiyanovski) - wifi: brcmsmac: avoid function pointer casts (Arnd Bergmann) - iommu/amd: Mark interrupt as managed (Mario Limonciello) - bus: tegra-aconnect: Update dependency to ARCH_TEGRA (Peter Robinson) - ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() (Armin Wolf) - arm64: dts: qcom: msm8996: Pad addresses (Bjorn Andersson) - arm64: dts: qcom: msm8996: Move regulator consumers to db820c (Bjorn Andersson) - arm64: dts: qcom: msm8996: Use node references in db820c (Bjorn Andersson) - arm64: dts: qcom: db820c: Move non-soc entries out of /soc (Bjorn Andersson) - bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly (Yonghong Song) - bpf: Factor out bpf_spin_lock into helpers. (Alexei Starovoitov) - arm64: dts: mediatek: mt7622: add missing 'device_type' to memory nodes (Rafal Milecki) - wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() (Zhipeng Lu) - net: blackhole_dev: fix build warning for ethh set but not used (Breno Leitao) - af_unix: Annotate data-race of gc_in_progress in wait_for_unix_gc(). (Kuniyuki Iwashima) - sock_diag: annotate data-races around sock_diag_handlers[family] (Eric Dumazet) - wifi: mwifiex: debugfs: Drop unnecessary error check for debugfs_create_dir() (Jinjie Ruan) - wifi: wilc1000: fix RCU usage in connect path (Alexis Lothore) - wifi: wilc1000: fix declarations ordering (Alexis Lothore) - wifi: b43: Disable QoS for bcm4331 (Rahul Rameshbabu) - wifi: b43: Stop correct queue in DMA worker when QoS is disabled (Rahul Rameshbabu) - b43: main: Fix use true/false for bool type (Saurav Girepunje) - wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled (Rahul Rameshbabu) - wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled (Rahul Rameshbabu) - b43: dma: Fix use true/false for bool type variable (Saurav Girepunje) - wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (Xingyuan Mo) - timekeeping: Fix cross-timestamp interpolation for non-x86 (Peter Hilber) - timekeeping: Fix cross-timestamp interpolation corner case decision (Peter Hilber) - timekeeping: Fix cross-timestamp interpolation on counter wrap (Peter Hilber) - aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts (Chun-Yi Lee) {CVE-2023-6270} - fs/select: rework stack allocation hack for clang (Arnd Bergmann) - do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak (Nikita Zhandarovich) - ASoC: wm8962: Fix up incorrect error message in wm8962_set_fll (Stuart Henderson) - ASoC: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode (Stuart Henderson) - ASoC: wm8962: Enable oscillator if selecting WM8962_FLL_OSC (Stuart Henderson) - Input: gpio_keys_polled - suppress deferred probe error for gpio (Uwe Kleine-Konig) - ASoC: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet (Alban Boye) - firewire: core: use long bus reset on gap count error (Takashi Sakamoto) - Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security (Yuxuan Hu) - scsi: mpt3sas: Prevent sending diag_reset when the controller is ready (Ranjan Kumar) - btrfs: fix data race at btrfs_use_block_rsv() when accessing block reserve (Filipe Manana) - dm-verity, dm-crypt: align 'struct bvec_iter' correctly (Mikulas Patocka) - block: sed-opal: handle empty atoms when parsing response (Greg Joyce) - parisc/ftrace: add missing CONFIG_DYNAMIC_FTRACE check (Max Kellermann) - net/iucv: fix the allocation size of iucv_path_table array (Alexander Gordeev) - RDMA/mlx5: Relax DEVX access upon modify commands (Yishai Hadas) - HID: multitouch: Add required quirk for Synaptics 0xcddc device (Manuel Fombuena) - MIPS: Clear Cause.BD in instruction_pointer_set (Jiaxun Yang) - x86/xen: Add some null pointer checking to smp.c (Kunwu Chan) - ASoC: rt5645: Make LattePanda board DMI match more precise (Hans de Goede) - selftests: tls: use exact comparison in recv_partial (Jakub Kicinski) - LTS tag: v5.4.272 (Sherry Yang) - serial: max310x: fix IO data corruption in batched operations (Jan Kundrat) - serial: max310x: implement I2C support (Cosmin Tanislav) - serial: max310x: make accessing revision id interface-agnostic (Cosmin Tanislav) - regmap: Add bulk read/write callbacks into regmap_config (Marek Vasut) - regmap: allow to define reg_update_bits for no bus configuration (Ansuel Smith) - serial: max310x: Unprepare and disable clock in error path (Andy Shevchenko) - getrusage: use sig->stats_lock rather than lock_task_sighand() (Oleg Nesterov) - getrusage: use __for_each_thread() (Oleg Nesterov) - getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand() (Oleg Nesterov) - getrusage: add the 'signal_struct *sig' local variable (Oleg Nesterov) - y2038: rusage: use __kernel_old_timeval (Arnd Bergmann) - Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU (Werner Sembach) - serial: max310x: prevent infinite while() loop in port startup (Hugo Villeneuve) - serial: max310x: use a separate regmap for each port (Cosmin Tanislav) - serial: max310x: use regmap methods for SPI batch operations (Cosmin Tanislav) - serial: max310x: Make use of device properties (Andy Shevchenko) - serial: max310x: fail probe if clock crystal is unstable (Hugo Villeneuve) - serial: max310x: Try to get crystal clock rate from property (Andy Shevchenko) - serial: max310x: Use devm_clk_get_optional() to get the input clock (Andy Shevchenko) - um: allow not setting extra rpaths in the linux binary (Johannes Berg) - selftests: mm: fix map_hugetlb failure on 64K page size systems (Nico Pache) - netrom: Fix data-races around sysctl_net_busy_read (Jason Xing) - netrom: Fix a data-race around sysctl_netrom_link_fails_count (Jason Xing) - netrom: Fix a data-race around sysctl_netrom_routing_control (Jason Xing) - netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout (Jason Xing) - netrom: Fix a data-race around sysctl_netrom_transport_requested_window_size (Jason Xing) - netrom: Fix a data-race around sysctl_netrom_transport_busy_delay (Jason Xing) - netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay (Jason Xing) - netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries (Jason Xing) - netrom: Fix a data-race around sysctl_netrom_transport_timeout (Jason Xing) - netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser (Jason Xing) - netrom: Fix a data-race around sysctl_netrom_obsolescence_count_initialiser (Jason Xing) - netrom: Fix a data-race around sysctl_netrom_default_path_quality (Jason Xing) - netfilter: nf_conntrack_h323: Add protection for bmp length out of range (Lena Wang) - net/ipv6: avoid possible UAF in ip6_route_mpath_notify() (Eric Dumazet) - net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() (Rand Deeb) - geneve: make sure to pull inner header in geneve_rx() (Eric Dumazet) - ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able (Maciej Fijalkowski) - net: lan78xx: fix runtime PM count underflow on link stop (Oleksij Rempel) - lan78xx: Fix race conditions in suspend/resume handling (John Efstathiades) - lan78xx: Fix partial packet errors on suspend/resume (John Efstathiades) - lan78xx: Add missing return code checks (John Efstathiades) - lan78xx: Fix white space and style issues (John Efstathiades) - LTS tag: v5.4.271 (Sherry Yang) - gpio: 74x164: Enable output pins after registers are reset (Arturas Moskvinas) - fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super (Oscar Salvador) - cachefiles: fix memory leak in cachefiles_add_cache() (Baokun Li) - x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (Paolo Bonzini) - mmc: core: Fix eMMC initialization with 1-bit bus connection (Ivan Semenov) - dmaengine: fsl-qdma: init irq after reg initialization (Curtis Klein) - dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read (Peng Ma) - btrfs: dev-replace: properly validate device names (David Sterba) - wifi: nl80211: reject iftype change with mesh ID change (Johannes Berg) - gtp: fix use-after-free and null-ptr-deref in gtp_newlink() (Alexander Ofitserov) - ALSA: Drop leftover snd-rtctimer stuff from Makefile (Takashi Iwai) - power: supply: bq27xxx-i2c: Do not free non existing IRQ (Hans de Goede) - efi/capsule-loader: fix incorrect allocation size (Arnd Bergmann) - rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back (Lin Ma) - Bluetooth: Enforce validation on max value of connection interval (Kai-Heng Feng) - Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST (Luiz Augusto von Dentz) - Bluetooth: Avoid potential use-after-free in hci_error_reset (Ying Hsu) - net: usb: dm9601: fix wrong return value in dm9601_mdio_read (Javier Carrasco) - lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected (Oleksij Rempel) - ipv6: fix potential 'struct net' leak in inet6_rtm_getaddr() (Eric Dumazet) - tun: Fix xdp_rxq_info's queue_index when detaching (Yunjian Wang) - net: ip_tunnel: prevent perpetual headroom growth (Florian Westphal) - netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter (Ryosuke Yasuoka) - LTS tag: v5.4.270 (Sherry Yang) - fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio (Bart Van Assche) - drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set (Erik Kurzinger) - drm/syncobj: make lockdep complain on WAIT_FOR_SUBMIT v3 (Christian Konig) - tls: stop recv() if initial process_rx_list gave us non-DATA (Sabrina Dubroca) - tls: rx: drop pointless else after goto (Jakub Kicinski) - tls: rx: jump to a more appropriate label (Jakub Kicinski) - s390: use the correct count for __iowrite64_copy() (Jason Gunthorpe) - packet: move from strlcpy with unused retval to strscpy (Wolfram Sang) - ipv6: sr: fix possible use-after-free and null-ptr-deref (Vasiliy Kovalev) - afs: Increase buffer size in afs_update_volume_status() (Daniil Dulov) - ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (Eric Dumazet) - ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid (Eric Dumazet) - nouveau: fix function cast warnings (Arnd Bergmann) - scsi: jazz_esp: Only build if SCSI core is builtin (Randy Dunlap) - bpf, scripts: Correct GPL license name (Gianmarco Lusvardi) - scripts/bpf: teach bpf_helpers_doc.py to dump BPF helper definitions (Andrii Nakryiko) - RDMA/srpt: fix function pointer cast warnings (Arnd Bergmann) - RDMA/srpt: Make debug output more detailed (Bart Van Assche) - RDMA/bnxt_re: Return error for SRQ resize (Kalesh AP) - IB/hfi1: Fix a memleak in init_credit_return (Zhipeng Lu) - usb: roles: don't get/set_role() when usb_role_switch is unregistered (Xu Yang) - usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs (Krishna Kurapati) - usb: cdns3: fix memory double free when handle zero packet (Frank Li) - usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() (Frank Li) - ARM: ep93xx: Add terminator to gpiod_lookup_table (Nikita Shubin) - l2tp: pass correct message length to ip6_append_data (Tom Parkin) - PCI/MSI: Prevent MSI hardware interrupt number truncation (Vidya Sagar) - gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() (Vasiliy Kovalev) - dm-crypt: don't modify the data when using authenticated encryption (Mikulas Patocka) - PCI: tegra: Fix OF node reference leak (Christophe JAILLET) - PCI: tegra: Fix reporting GPIO error value (Pali Rohar) - arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node (Sireesh Kodali) - drm/amdgpu: Fix type of second parameter in trans_msg() callback (Nathan Chancellor) - iomap: Set all uptodate bits for an Uptodate page (Matthew Wilcox (Oracle)) - dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata() (Mikulas Patocka) - x86/alternatives: Disable KASAN in apply_alternatives() (Kirill A. Shutemov) - drm/amdgpu: Check for valid number of registers to read (Trek) - Revert 'drm/sun4i: dsi: Change the start delay calculation' (Icenowy Zheng) - ALSA: hda/realtek - Enable micmute LED on and HP system (Kai-Heng Feng) - selftests/bpf: Avoid running unprivileged tests with alignment requirements (Bjorn Topel) - net: bridge: clear bridge's private skb space on xmit (Nikolay Aleksandrov) - spi: mt7621: Fix an error message in mt7621_spi_probe() (Christophe JAILLET) - pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups (Miaoqian Lin) - pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc misdemeanours (Lee Jones) - tcp: add annotations around sk->sk_shutdown accesses (Eric Dumazet) - tcp: return EPOLLOUT from tcp_poll only when notsent_bytes is half the limit (Soheil Hassas Yeganeh) - tcp: factor out __tcp_close() helper (Paolo Abeni) - pmdomain: renesas: r8a77980-sysc: CR7 must be always on (Geert Uytterhoeven) - s390/qeth: Fix potential loss of L3-IP@ in case of network issues (Alexandra Winter) - virtio-blk: Ensure no requests in virtqueues before deleting vqs. (Yi Sun) - firewire: core: send bus reset promptly on gap count error (Takashi Sakamoto) - scsi: lpfc: Use unsigned type for num_sge (Hannes Reinecke) - hwmon: (coretemp) Enlarge per package core count limit (Zhang Rui) - nvmet-fc: abort command when there is no binding (Daniel Wagner) - netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new (Xin Long) - ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 (Chen-Yu Tsai) - nvmet-tcp: fix nvme tcp ida memory leak (Guixin Liu) - regulator: pwm-regulator: Add validity checks in continuous .get_voltage (Martin Blumenstingl) - ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (Baokun Li) - ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() (Baokun Li) - ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers (Lennert Buytenhek) - ahci: asm1166: correct count of reported ports (Conrad Kostecki) - fbdev: sis: Error out if pixclock equals zero (Fullway Wang) {CVE-2022-3061} - fbdev: savage: Error out if pixclock equals zero (Fullway Wang) {CVE-2022-3061} - wifi: mac80211: fix race condition on enabling fast-xmit (Felix Fietkau) - wifi: cfg80211: fix missing interfaces when dumping (Michal Kazior) - dmaengine: fsl-qdma: increase size of 'irq_name' (Vinod Koul) - dmaengine: shdma: increase size of 'dev_id' (Vinod Koul) - scsi: target: core: Add TMF to tmr_list handling (Dmitry Bogdanov) - sched/rt: Disallow writing invalid values to sched_rt_period_us (Cyril Hrubis) - sched/rt: Fix sysctl_sched_rr_timeslice intial value (Cyril Hrubis) - userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb (Lokesh Gidra) - nilfs2: replace WARN_ONs for invalid DAT metadata block requests (Ryusuke Konishi) - sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset (Cyril Hrubis) - KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler (Oliver Upton) - KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() (Oliver Upton) [5.4.17-2136.331.2.el7] - uek-rpm: ol7, ol8: add vmlinux-nano.ctfa building (Nick Alcock) [Orabug: 35266053] - ctf: add ctf-nano, ctf containing only some modules' CTF (Nick Alcock) [Orabug: 35266053] - RDMA/cm: add timeout to cm_destroy_id wait (Manjunath Patil) [Orabug: 36280586] - rds: Add count for ready receive cache (Hans Westgaard Ry) [Orabug: 36360482] - mm/hwpoison: fix error page recovered but reported 'not recovered' (Naoya Horiguchi) [Orabug: 36436639] - mm,hwpoison: check mm when killing accessing process (Shuai Xue) [Orabug: 36436639] - mm,hwpoison: send SIGBUS with error virutal address (Naoya Horiguchi) [Orabug: 36436639] - mm,hwpoison: return -EHWPOISON to denote that the page has already been poisoned (Aili Yao) [Orabug: 36436639] - mm/memory-failure: use a mutex to avoid memory_failure() races (Tony Luck) [Orabug: 36436639] [5.4.17-2136.331.1.el7] - Revert 'mmc: core: Use mrq.sbc in close-ended ffu' (Thomas Tai) [Orabug: 36446450] - ext4: fix corruption during on-line resize (Maximilian Heyne) [Orabug: 36342902] MODERATE Copyright 2024 Oracle, Inc. CVE-2024-2201 cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 8 Oracle Linux 9 [5.15.0-206.153.7] - mmc: core: Initialize mmc_blk_ioc_data (Mikko Rapeli) - ahci: asm1064: asm1166: don't limit reported ports (Conrad Kostecki) - mmc: core: Fix switch on gp3 partition (Dominique Martinet) - Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory (Michael Kelley) - bpf: Protect against int overflow for stack access size (Andrei Matei) - fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion (Bart Van Assche) - module: fix init_module_from_file() error handling (Linus Torvalds) [Orabug: 36381490] - modules: catch concurrent module loads, treat them as idempotent (Linus Torvalds) [Orabug: 36381490] - module: split up 'finit_module()' into init_module_from_file() helper (Linus Torvalds) [Orabug: 36381490] - module: avoid allocation if module is already present and ready (Luis Chamberlain) [Orabug: 36381490] - module: extract patient module check into helper (Luis Chamberlain) [Orabug: 36381490] - module: move early sanity checks into a helper (Luis Chamberlain) [Orabug: 36381490] - module: Move all into module/ (Aaron Tomlin) [Orabug: 36381490] - fbdev: fix incorrect address computation in deferred IO (Nam Cao) [Orabug: 36427407] - io_uring: ensure '0' is returned on file registration success (Jens Axboe) [Orabug: 36544518] - io_uring: don't save/restore iowait state (Jens Axboe) [Orabug: 36544518] - io_uring: drop any code related to SCM_RIGHTS (Jens Axboe) [Orabug: 36544518] - io_uring/unix: drop usage of io_uring socket (Jens Axboe) [Orabug: 36544518] - Revert 'selftests: mm: fix map_hugetlb failure on 64K page size systems' (Harshit Mogalapalli) [Orabug: 36585256] - genirq/cpuhotplug: Retry with cpu_online_mask when migration fails (Dongli Zhang) [Orabug: 36591489] - rds: Add garbage collection for receive ready cache (Hans Westgaard Ry) [Orabug: 36382723] - exec, elf: ignore malformed note segments (Anthony Yznaga) [Orabug: 36524976] - vfio/pds: Refactor/simplify reset logic (Brett Creeley) [Orabug: 36525705] - vfio/pds: Make sure migration file isn't accessed after reset (Brett Creeley) [Orabug: 36525705] - vfio/pds: Always clear the save/restore FDs on reset (Brett Creeley) [Orabug: 36525705] - vfio/pds: Move seq/ack bitmaps into region struct (Brett Creeley) [Orabug: 36525705] - vfio/pds: Pass region info to relevant functions (Brett Creeley) [Orabug: 36525705] - vfio/pds: Move and rename region specific info (Brett Creeley) [Orabug: 36525705] - vfio/pds: Only use a single SGL for both seq and ack (Brett Creeley) [Orabug: 36525705] - vfio/pds: Fix calculations in pds_vfio_dirty_sync (Brett Creeley) [Orabug: 36525705] - vfio/pds: Fix possible sleep while in atomic context (Brett Creeley) [Orabug: 36525705] - vfio/pds: Fix mutex lock->magic != lock warning (Brett Creeley) [Orabug: 36525705] - RDMA/cm: Print the old state when cm_destroy_id gets timeout (Mark Zhang) [Orabug: 36546711] - igb: free up irq resources in device shutdown path. (Imran Khan) [Orabug: 36547249] - net: rds: use maybe_get_net() when acquiring refcount on TCP sockets (Tetsuo Handa) [Orabug: 34695506] - net: rds: acquire refcount on TCP sockets (Tetsuo Handa) [Orabug: 34695506] - net: make sock_inuse_add() available (Eric Dumazet) [Orabug: 34695506] - rds: Optimize rds_cfu_cache_do_gc (Hans Westgaard Ry) [Orabug: 36195145] - rds: Optimize rds_percpu_caches garbage-collection (Hans Westgaard Ry) [Orabug: 36195145] - rds: Add lfstack_pop_all (Hans Westgaard Ry) [Orabug: 36195145] - KVM: arm64: Avoid soft lockups due to I-cache maintenance (Oliver Upton) [Orabug: 36227024] - KVM: arm64: Drop is_kernel_in_hyp_mode() from __invalidate_icache_guest_page() (Marc Zyngier) [Orabug: 36227024] - arm64: tlbflush: Rename MAX_TLBI_OPS (Oliver Upton) [Orabug: 36227024] - uek-rpm: aarch64: Build the ampere-cspmu driver (Dave Kleikamp) [Orabug: 36227024] - perf: arm_cspmu: Reject events meant for other PMUs (Ilkka Koskinen) [Orabug: 36227024] - docs/perf: Add ampere_cspmu to toctree to fix a build warning (Ilkka Koskinen) [Orabug: 36227024] - perf: arm_cspmu: ampere_cspmu: Add support for Ampere SoC PMU (Ilkka Koskinen) [Orabug: 36227024] - perf: arm_cspmu: Support implementation specific validation (Ilkka Koskinen) [Orabug: 36227024] - perf: arm_cspmu: Support implementation specific filters (Ilkka Koskinen) [Orabug: 36227024] - perf: arm_cspmu: Split 64-bit write to 32-bit writes (Ilkka Koskinen) [Orabug: 36227024] - perf: arm_cspmu: Separate Arm and vendor module (Besar Wicaksono) [Orabug: 36227024] - perf/arm_cspmu: Decouple APMT dependency (Robin Murphy) [Orabug: 36227024] - ACPI/APMT: Don't register invalid resource (Robin Murphy) [Orabug: 36227024] - perf: arm_cspmu: Add missing MODULE_DEVICE_TABLE (Ilkka Koskinen) [Orabug: 36227024] - perf/arm_cspmu: Fix event attribute type (Robin Murphy) [Orabug: 36227024] - perf: arm_cspmu: Set irq affinitiy only if overflow interrupt is used (Ilkka Koskinen) [Orabug: 36227024] - perf: arm_cspmu: Fix variable dereference warning (Besar Wicaksono) [Orabug: 36227024] - perf: arm_cspmu: Fix module cyclic dependency (Besar Wicaksono) [Orabug: 36227024] - perf: arm_cspmu: Fix build failure on x86_64 (Besar Wicaksono) [Orabug: 36227024] - perf: arm_cspmu: Fix modular builds due to missing MODULE_LICENSE()s (Will Deacon) [Orabug: 36227024] - ACPI: APMT: Fix kerneldoc and indentation (Besar Wicaksono) [Orabug: 36227024] - perf: arm_cspmu: Add support for NVIDIA SCF and MCF attribute (Besar Wicaksono) [Orabug: 36227024] - perf: arm_cspmu: Add support for ARM CoreSight PMU driver (Besar Wicaksono) [Orabug: 36227024] - ACPI: ARM Performance Monitoring Unit Table (APMT) initial support (Besar Wicaksono) [Orabug: 36227024] - ACPICA: Add support for ARM Performance Monitoring Unit Table. (Besar Wicaksono) [Orabug: 36227024] - cpufreq: CPPC: Add per_cpu efficiency_class (Pierre Gondois) [Orabug: 36227024] - bonding: rate-limit bonding driver inspect messages (Praveen Kumar Kannoju) [Orabug: 36250567] - mlxbf_gige: stop interface during shutdown (David Thompson) [Orabug: 36525636] - mlxbf_gige: call request_irq() after NAPI initialized (David Thompson) [Orabug: 36525636] - mlxbf_gige: stop PHY during open() error paths (David Thompson) [Orabug: 36525636] - mlxbf_gige: add support to display pause frame counters (David Thompson) [Orabug: 36525636] - uek-rpm: Bluefield 3: Add missing mtd_blkdev module (Thomas Tai) [Orabug: 36530434] [5.15.0-206.153.6] - rds/rdma: Fix congestion value for userspace consumption (Juan Garcia) [Orabug: 36264651] - rds: Include transport protocol name in rds-info -k output (Juan Garcia) [Orabug: 36264651] - rds/ib: Disable WARN_ON() when system is going down (Hans Westgaard Ry) [Orabug: 36394501] - ipvlan: handle NETDEV_DOWN event (Venkat Venkatsubra) [Orabug: 36500076] [5.15.0-206.153.5] - KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36509092] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Pawan Gupta) [Orabug: 36509092] {CVE-2024-2201} - x86/bhi: Add BHI mitigation knob (Pawan Gupta) [Orabug: 36509092] {CVE-2024-2201} - x86/bhi: Enumerate Branch History Injection (BHI) bug (Pawan Gupta) [Orabug: 36509092] {CVE-2024-2201} - x86/bhi: Define SPEC_CTRL_BHI_DIS_S (Daniel Sneddon) [Orabug: 36509092] {CVE-2024-2201} - x86/bhi: Add support for clearing branch history at syscall entry (Pawan Gupta) [Orabug: 36509092] {CVE-2024-2201} - x86/cpufeature: Add missing leaf enumeration (Daniel Sneddon) [Orabug: 36509092] {CVE-2024-2201} - KVM: x86: Use a switch statement and macros in __feature_translate() (Jim Mattson) [Orabug: 36509092] {CVE-2024-2201} - KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace (Jim Mattson) [Orabug: 36509092] {CVE-2024-2201} - KVM: x86: Update KVM-only leaf handling to allow for 100% KVM-only leafs (Sean Christopherson) [Orabug: 36509092] {CVE-2024-2201} - x86/bugs: Use sysfs_emit() (Borislav Petkov) [Orabug: 36509092] {CVE-2024-2201} - x86/cpu: Support AMD Automatic IBRS (Kim Phillips) [Orabug: 36509092] {CVE-2024-2201} - Documentation/hw-vuln: Update spectre doc (Lin Yujun) [Orabug: 36509092] {CVE-2024-2201} - x86/speculation: Reorder SRSO and GDS functions (Alexandre Chartre) [Orabug: 36509092] {CVE-2024-2201} - rds/rdma: print connection up/down time while dropping/connecting (Juan Garcia) [Orabug: 36264673] [5.15.0-206.153.4] - LTS version: v5.15.153 (Vijayendra Suman) - remoteproc: stm32: fix incorrect optional pointers (Arnd Bergmann) - regmap: Add missing map->bus check (Marek Vasut) - spi: spi-mt65xx: Fix NULL pointer access in interrupt handler (Fei Shao) - net: dsa: mt7530: fix handling of all link-local frames (Arinc UNAL) - net: dsa: mt7530: fix link-local frames that ingress vlan filtering ports (Arinc UNAL) - net: dsa: mt7530: fix handling of 802.1X PAE frames (Arinc UNAL) - net: dsa: mt7530: fix handling of LLDP frames (Arinc UNAL) - bpf: report RCU QS in cpumap kthread (Yan Zhai) - net: report RCU QS on threaded NAPI repolling (Yan Zhai) - rcu: add a helper to report consolidated flavor QS (Yan Zhai) - netfilter: nf_tables: do not compare internal table flags on updates (Pablo Neira Ayuso) - netfilter: nft_set_pipapo: release elements in clone only from destroy path (Pablo Neira Ayuso) - octeontx2-af: Use separate handlers for interrupts (Subbaraya Sundeep) - net/bnx2x: Prevent access to a freed page in page_pool (Thinh Tran) - net: phy: fix phy_read_poll_timeout argument type in genphy_loopback (Nikita Kiryushin) - hsr: Handle failures in module init (Felix Maurer) - wireguard: receive: annotate data-race around receiving_counter.counter (Nikita Zhandarovich) - vdpa/mlx5: Allow CVQ size changes (Jonah Palmer) - net: dsa: mt7530: prevent possible incorrect XTAL frequency selection (Arinc UNAL) - net: veth: do not manipulate GRO when using XDP (Ignat Korchagin) - packet: annotate data-races around ignore_outgoing (Eric Dumazet) - net: ethernet: mtk_eth_soc: fix PPE hanging issue (Daniel Golle) - net: mediatek: mtk_eth_soc: clear MAC_MCR_FORCE_LINK only when MAC is up (Daniel Golle) - net: mtk_eth_soc: move MAC_MCR setting to mac_finish() (Russell King (Oracle)) - hsr: Fix uninit-value access in hsr_get_node() (Shigeru Yoshida) - soc: fsl: dpio: fix kcalloc() argument order (Arnd Bergmann) - s390/vtime: fix average steal time calculation (Mete Durlu) - octeontx2-af: Use matching wake_up API variant in CGX command interface (Linu Cherian) - nouveau: reset the bo resource bus info after an eviction (Dave Airlie) - usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin (Colin Ian King) - staging: greybus: fix get_channel_from_mode() failure path (Dan Carpenter) - serial: 8250_exar: Don't remove GPIO device on suspend (Andy Shevchenko) - rtc: mt6397: select IRQ_DOMAIN instead of depending on it (Randy Dunlap) - kconfig: fix infinite loop when expanding a macro at the end of file (Masahiro Yamada) - arm64: dts: broadcom: bcmbca: bcm4908: drop invalid switch cells (Rafal Milecki) - tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT (Tudor Ambarus) - serial: max310x: fix syntax error in IRQ error message (Hugo Villeneuve) - tty: vt: fix 20 vs 0x20 typo in EScsiignore (Jiri Slaby (SUSE)) - remoteproc: stm32: Fix incorrect type assignment returned by stm32_rproc_get_loaded_rsc_tablef (Arnaud Pouliquen) - remoteproc: stm32: Fix incorrect type in assignment for va (Arnaud Pouliquen) - remoteproc: stm32: use correct format strings on 64-bit (Arnd Bergmann) - comedi: comedi_test: Prevent timers rescheduling during deletion (Ian Abbott) - afs: Revert 'afs: Hide silly-rename files from userspace' (David Howells) - f2fs: compress: fix reserve_cblocks counting error when out of space (Xiuhong Wang) - NFS: Fix an off by one in root_nfs_cat() (Christophe JAILLET) - watchdog: stm32_iwdg: initialize default timeout (Ben Wolsieffer) - NFSv4.2: fix listxattr maximum XDR buffer size (Jorge Mora) - NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 (Jorge Mora) - net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr() (Christophe JAILLET) - scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn (Arnd Bergmann) - RDMA/rtrs-clt: Check strnlen return len in sysfs mpath_policy_store() (Alexey Kodanev) - RDMA/device: Fix a race between mad_client and cm_client init (Shifeng Li) - scsi: csiostor: Avoid function pointer casts (Arnd Bergmann) - f2fs: compress: fix to check unreleased compressed cluster (Sheng Yong) - f2fs: compress: fix to cover normal cluster write with cp_rwsem (Chao Yu) - f2fs: reduce stack memory cost by using bitfield in struct f2fs_io_info (Chao Yu) - f2fs: invalidate meta pages only for post_read required inode (Chao Yu) - f2fs: fix to invalidate META_MAPPING before DIO write (Chao Yu) - f2fs: replace congestion_wait() calls with io_schedule_timeout() (NeilBrown) - f2fs: invalidate META_MAPPING before IPU/DIO write (Hyeong-Jun Kim) - f2fs: multidevice: support direct IO (Chao Yu) - RDMA/srpt: Do not register event handler until srpt device is fully setup (William Kucharski) - ALSA: usb-audio: Stop parsing channels bits when all channels are found. (Johan Carlsson) - ALSA: hda/realtek: fix ALC285 issues on HP Envy x360 laptops (Athaariq Ardhiansyah) - clk: zynq: Prevent null pointer dereference caused by kmalloc failure (Duoming Zhou) - clk: Fix clk_core_get NULL dereference (Bryan O'Donoghue) - sparc32: Fix section mismatch in leon_pci_grpci (Sam Ravnborg) - backlight: lp8788: Fully initialize backlight_properties during probe (Daniel Thompson) - backlight: lm3639: Fully initialize backlight_properties during probe (Daniel Thompson) - backlight: da9052: Fully initialize backlight_properties during probe (Daniel Thompson) - backlight: lm3630a: Don't set bl->props.brightness in get_brightness (Luca Weiss) - backlight: lm3630a: Initialize backlight_properties on init (Luca Weiss) - leds: sgm3140: Add missing timer cleanup and flash gpio control (Ondrej Jirman) - leds: aw2013: Unlock mutex before destroying it (George Stark) - powerpc/embedded6xx: Fix no previous prototype for avr_uart_send() etc. (Michael Ellerman) - modules: wait do_free_init correctly (Changbin Du) - module: Add support for default value for module async_probe (Saravana Kannan) - drm/msm/dpu: add division of drm_display_mode's hskew parameter (Paloma Arellano) - powerpc/hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value checks (Kajol Jain) - drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip (Hsin-Yi Wang) - media: mediatek: vcodec: avoid -Wcast-function-type-strict warning (Arnd Bergmann) - media: ttpci: fix two memleaks in budget_av_attach (Zhipeng Lu) - media: go7007: fix a memleak in go7007_load_encoder (Zhipeng Lu) - media: dvb-frontends: avoid stack overflow warnings with clang (Arnd Bergmann) - media: pvrusb2: fix uaf in pvr2_context_set_notify (Edward Adam Davis) - drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int() (Srinivasan Shanmugam) - HID: amd_sfh: Update HPD sensor structure elements (Basavaraj Natikar) - ASoC: meson: axg-tdm-interface: add frame rate constraint (Jerome Brunet) - ASoC: meson: axg-tdm-interface: fix mclk setup without mclk-fs (Jerome Brunet) - mtd: rawnand: lpc32xx_mlc: fix irq handler prototype (Arnd Bergmann) - mtd: maps: physmap-core: fix flash size larger than 32-bit (Baruch Siach) - drm/tidss: Fix initial plane zpos values (Tomi Valkeinen) - crypto: arm/sha - fix function cast warnings (Arnd Bergmann) - mfd: altera-sysmgr: Call of_node_put() only when of_parse_phandle() takes a ref (Peter Griffin) - mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref (Peter Griffin) - drm/tegra: put drm_gem_object ref on error in tegra_fb_create (Fedor Pchelkin) - clk: hisilicon: hi3559a: Fix an erroneous devm_kfree() (Christophe JAILLET) - clk: hisilicon: hi3519: Release the correct number of gates in hi3519_clk_unregister() (Christophe JAILLET) - PCI: Mark 3ware-9650SE Root Port Extended Tags as broken (Jorg Wedekind) - drm/mediatek: dsi: Fix DSI RGB666 formats and definitions (AngeloGioacchino Del Regno) - clk: qcom: dispcc-sdm845: Adjust internal GDSC wait times (Konrad Dybcio) - media: pvrusb2: fix pvr2_stream_callback casts (Arnd Bergmann) - media: pvrusb2: remove redundant NULL check (Daniil Dulov) - media: go7007: add check of return value of go7007_read_addr() (Daniil Dulov) - media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak (Lucas Stach) - media: sun8i-di: Fix chroma difference threshold (Jernej Skrabec) - media: sun8i-di: Fix power on/off sequences (Jernej Skrabec) - media: sun8i-di: Fix coefficient writes (Jernej Skrabec) - NTB: fix possible name leak in ntb_register_device() (Yang Yingliang) - NTB: EPF: fix possible memory leak in pci_vntb_probe() (ruanjinjie) - PCI: endpoint: Support NTB transfer between RC and EP (Frank Li) - powerpc: Force inlining of arch_vmap_p{u/m}d_supported() (Christophe Leroy) - ASoC: meson: t9015: fix function pointer type mismatch (Jerome Brunet) - ASoC: meson: aiu: fix function pointer type mismatch (Jerome Brunet) - ASoC: meson: Use dev_err_probe() helper (Kuninori Morimoto) - perf stat: Avoid metric-only segv (Ian Rogers) - ALSA: seq: fix function cast warnings (Takashi Iwai) - drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode() (Nikita Zhandarovich) - perf thread_map: Free strlist on normal path in thread_map__new_by_tid_str() (Yang Jihong) - crypto: xilinx - call finalize with bh disabled (Quanyang Wang) - PCI: switchtec: Fix an error handling path in switchtec_pci_probe() (Christophe JAILLET) - PCI/P2PDMA: Fix a sleeping issue in a RCU read section (Christophe JAILLET) - quota: Fix rcu annotations of inode dquot pointers (Jan Kara) - quota: Fix potential NULL pointer dereference (Wang Jianjian) - quota: simplify drop_dquot_ref() (Baokun Li) - clk: qcom: reset: Ensure write completion on reset de/assertion (Konrad Dybcio) - clk: qcom: reset: Commonize the de/assert functions (Konrad Dybcio) - pinctrl: mediatek: Drop bogus slew rate register range for MT8192 (Chen-Yu Tsai) - media: edia: dvbdev: fix a use-after-free (Zhipeng Lu) - media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity (Zhipeng Lu) - media: v4l2-tpg: fix some memleaks in tpg_alloc (Zhipeng Lu) - media: em28xx: annotate unchecked call to media_device_register() (Nikita Zhandarovich) - clk: meson: Add missing clocks to axg_clk_regmaps (Igor Prusov) - perf evsel: Fix duplicate initialization of data->id in evsel__parse_sample() (Yang Jihong) - drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()' (Srinivasan Shanmugam) - drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()' (Srinivasan Shanmugam) - HID: lenovo: Add middleclick_workaround sysfs knob for cptkbd (Mikhail Khvainitski) - perf record: Fix possible incorrect free in record__switch_output() (Yang Jihong) - PCI/DPC: Print all TLP Prefixes, not just the first (Ilpo Jarvinen) - media: tc358743: register v4l2 async device only after successful setup (Alexander Stein) - dmaengine: tegra210-adma: Update dependency to ARCH_TEGRA (Peter Robinson) - drm/lima: fix a memleak in lima_heap_alloc (Zhipeng Lu) - drm/rockchip: lvds: do not print scary message when probing defer (Quentin Schulz) - drm/rockchip: lvds: do not overwrite error code (Quentin Schulz) - drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node (Zhipeng Lu) - drm/ttm: add ttm_resource_fini v2 (Christian Konig) - drm: Don't treat 0 as -1 in drm_fixp2int_ceil (Harry Wentland) - drm/rockchip: inno_hdmi: Fix video timing (Alex Bee) - drm/tegra: output: Fix missing i2c_put_adapter() in the error handling paths of tegra_output_probe() (Christophe JAILLET) - drm/tegra: rgb: Fix missing clk_put() in the error handling paths of tegra_dc_rgb_probe() (Christophe JAILLET) - drm/tegra: rgb: Fix some error handling paths in tegra_dc_rgb_probe() (Christophe JAILLET) - drm/tegra: dc: rgb: Allow changing PLLD rate on Tegra30+ (Dmitry Osipenko) - drm/tegra: dsi: Fix missing pm_runtime_disable() in the error handling path of tegra_dsi_probe() (Christophe JAILLET) - drm/tegra: dsi: Fix some error handling paths in tegra_dsi_probe() (Christophe JAILLET) - drm/tegra: dsi: Make use of the helper function dev_err_probe() (Cai Huoqing) - drm/tegra: dpaux: Fix PM disable depth imbalance in tegra_dpaux_probe (Zhang Shurong) - drm/tegra: dpaux: Populate AUX bus (Thierry Reding) - drm/tegra: dsi: Add missing check for of_find_device_by_node (Chen Ni) - dm: call the resume method on internal suspend (Mikulas Patocka) - dm raid: fix false positive for requeue needed during reshape (Ming Lei) - nfp: flower: handle acti_netdevs allocation failure (Duoming Zhou) - net/x25: fix incorrect parameter validation in the x25_getsockopt() function (Gavrilov Ilia) - net: kcm: fix incorrect parameter validation in the kcm_getsockopt) function (Gavrilov Ilia) - udp: fix incorrect parameter validation in the udp_lib_getsockopt() function (Gavrilov Ilia) - l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (Gavrilov Ilia) - ipmr: fix incorrect parameter validation in the ip_mroute_getsockopt() function (Gavrilov Ilia) - bpf: net: Change do_ip_getsockopt() to take the sockptr_t argument (Martin KaFai Lau) - bpf: net: Change sk_getsockopt() to take the sockptr_t argument (Martin KaFai Lau) - net: Change sock_getsockopt() to take the sk ptr instead of the sock ptr (Martin KaFai Lau) - tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (Gavrilov Ilia) - OPP: debugfs: Fix warning around icc_get_name() (Viresh Kumar) - net: phy: dp83822: Fix RGMII TX delay configuration (Tim Pambor) - net: phy: DP83822: enable rgmii mode if phy_interface_is_rgmii (Tommaso Merciai) - net: hns3: fix port duplex configure error in IMP reset (Jie Wang) - net: hns3: fix kernel crash when 1588 is received on HIP08 devices (Yonglong Liu) - net: phy: fix phy_get_internal_delay accessing an empty array (Kevin L'hopital) - net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv() (Eric Dumazet) - ipv6: fib6_rules: flush route cache when rule is changed (Shiming Cheng) - bpf: Fix stackmap overflow check on 32-bit arches (Toke Hoiland-Jorgensen) - bpf: Fix hashtab overflow check on 32-bit arches (Toke Hoiland-Jorgensen) - bpf: Fix DEVMAP_HASH overflow check on 32-bit arches (Toke Hoiland-Jorgensen) - sr9800: Add check for usbnet_get_endpoints (Chen Ni) - Bluetooth: hci_core: Fix possible buffer overflow (Luiz Augusto von Dentz) - Bluetooth: hci_qca: don't use IS_ERR_OR_NULL() with gpiod_get_optional() (Bartosz Golaszewski) - Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6855 (Steev Klimaszewski) - Bluetooth: Remove superfluous call to hci_conn_check_pending() (Jonas Dressler) - igb: Fix missing time sync events (Vinicius Costa Gomes) - igb: move PEROUT and EXTTS isr logic to separate functions (Ruud Bos) - iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected (Ethan Zhao) - PCI: Make pci_dev_is_disconnected() helper public for other drivers (Ethan Zhao) - wifi: rtw88: 8821c: Fix false alarm count (Bitterblue Smith) - mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function (Christophe JAILLET) - SUNRPC: fix some memleaks in gssx_dec_option_array (Zhipeng Lu) - x86, relocs: Ignore relocations in .notes section (Kees Cook) - ACPI: scan: Fix device check notification handling (Rafael J. Wysocki) - ACPI: resource: Add MAIBENBEN X577 to irq1_edge_low_force_override (Maxim Kudinov) - ACPI: resource: Do IRQ override on Lunnen Ground laptops (Alexey I. Froloff) - ACPI: resource: Add Infinity laptops to irq1_edge_low_force_override (David McFarland) - arm64: dts: marvell: reorder crypto interrupts on Armada SoCs (Rafal Milecki) - ARM: dts: imx6dl-yapp4: Move the internal switch PHYs under the switch node (Michal Vokac) - ARM: dts: imx6dl-yapp4: Fix typo in the QCA switch register address (Michal Vokac) - ARM: dts: imx6dl-yapp4: Move phy reset into switch node (Michal Vokac) - arm64: dts: renesas: r8a779a0: Correct avb[01] reg sizes (Geert Uytterhoeven) - arm64: dts: renesas: r8a779a0: Update to R-Car Gen4 compatible values (Geert Uytterhoeven) - ARM: dts: arm: realview: Fix development chip ROM compatible value (Geert Uytterhoeven) - net: ena: Remove ena_select_queue (Kamal Heib) - wifi: brcmsmac: avoid function pointer casts (Arnd Bergmann) - iommu/amd: Mark interrupt as managed (Mario Limonciello) - bus: tegra-aconnect: Update dependency to ARCH_TEGRA (Peter Robinson) - ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() (Armin Wolf) - wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces (Alexis Lothore) - wireless: Remove redundant 'flush_workqueue()' calls (Christophe JAILLET) - bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly (Yonghong Song) - arm64: dts: mediatek: mt7622: add missing 'device_type' to memory nodes (Rafal Milecki) - arm64: dts: mt8183: Move CrosEC base detection node to kukui-based DTs (Nicolas F. R. A. Prado) - arm64: dts: mt8183: kukui: Split out keyboard node and describe detachables (Hsin-Yi Wang) - arm64: dts: mt8183: kukui: Add Type C node (Prashant Malani) - ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down() (Eric Dumazet) - s390/vdso: drop '-fPIC' from LDFLAGS (Nathan Chancellor) - wifi: iwlwifi: mvm: don't set replay counters to 0xff (Johannes Berg) - pwm: sti: Fix capture for st,pwm-num-chan < st,capture-num-chan (Uwe Kleine-Konig) - pwm: sti: Implement .apply() callback (Uwe Kleine-Konig) - wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() (Zhipeng Lu) - net: blackhole_dev: fix build warning for ethh set but not used (Breno Leitao) - pwm: atmel-hlcdc: Fix clock imbalance related to suspend support (Uwe Kleine-Konig) - pwm: atmel-hlcdc: Use consistent variable naming (Uwe Kleine-Konig) - pwm: atmel-hlcdc: Convert to platform remove callback returning void (Uwe Kleine-Konig) - arm64: dts: imx8mm-venice-gw71xx: fix USB OTG VBUS (Tim Harvey) - wifi: iwlwifi: fix EWRD table validity check (Miri Korenblit) - wifi: iwlwifi: dbg-tlv: ensure NUL termination (Johannes Berg) - wifi: iwlwifi: mvm: report beacon protection failures (Johannes Berg) - wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete (Toke Hoiland-Jorgensen) - arm64: dts: imx8mm-kontron: Disable pull resistors for SD card signals on BL board (Frieder Schrempf) - arm64: dts: imx8mm-kontron: Use the VSELECT signal to switch SD card IO voltage (Frieder Schrempf) - arm64: dts: imx8mm-kontron: Add support for ultra high speed modes on SD card (Frieder Schrempf) - arm64: dts: imx8mm-kontron: Disable pullups for onboard UART signals on BL board (Frieder Schrempf) - arm64: dts: imx8mm-kontron: Disable pullups for I2C signals on SL/BL i.MX8MM (Frieder Schrempf) - cpufreq: mediatek-hw: Don't error out if supply is not found (Nicolas F. R. A. Prado) - af_unix: Annotate data-race of gc_in_progress in wait_for_unix_gc(). (Kuniyuki Iwashima) - bpftool: Silence build warning about calloc() (Tiezhu Yang) - inet_diag: annotate data-races around inet_diag_table[] (Eric Dumazet) - sock_diag: annotate data-races around sock_diag_handlers[family] (Eric Dumazet) - cpufreq: mediatek-hw: Wait for CPU supplies before probing (Nicolas F. R. A. Prado) - cpufreq: Explicitly include correct DT includes (Rob Herring) - wifi: mwifiex: debugfs: Drop unnecessary error check for debugfs_create_dir() (Jinjie Ruan) - wifi: wilc1000: fix multi-vif management when deleting a vif (Ajay Singh) - wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work (Martin Kaistra) - wifi: wilc1000: fix RCU usage in connect path (Alexis Lothore) - wifi: wilc1000: fix declarations ordering (Alexis Lothore) - wifi: b43: Disable QoS for bcm4331 (Rahul Rameshbabu) - wifi: b43: Stop correct queue in DMA worker when QoS is disabled (Rahul Rameshbabu) - wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled (Rahul Rameshbabu) - wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled (Rahul Rameshbabu) - wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (Xingyuan Mo) - sched/fair: Take the scheduling domain into account in select_idle_core() (Keisuke Nishimura) - timekeeping: Fix cross-timestamp interpolation for non-x86 (Peter Hilber) - timekeeping: Fix cross-timestamp interpolation corner case decision (Peter Hilber) - timekeeping: Fix cross-timestamp interpolation on counter wrap (Peter Hilber) - aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts (Chun-Yi Lee) - rtc: test: Fix invalid format specifier. (David Gow) - time: test: Fix incorrect format specifier (David Gow) - lib/cmdline: Fix an invalid format specifier in an assertion msg (David Gow) - md: Don't clear MD_CLOSING when the raid is about to stop (Li Nan) - fs/select: rework stack allocation hack for clang (Arnd Bergmann) - s390/dasd: fix double module refcount decrement (Miroslav Franc) - s390/dasd: Use dev_*() for device log messages (Jan Hoppner) - s390/dasd: add autoquiesce feature (Stefan Haberland) - s390/dasd: add copy pair setup (Stefan Haberland) - s390/dasd: add query PPRC function (Stefan Haberland) - s390/dasd: put block allocation in separate function (Stefan Haberland) - do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak (Nikita Zhandarovich) - ASoC: wm8962: Fix up incorrect error message in wm8962_set_fll (Stuart Henderson) - ASoC: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode (Stuart Henderson) - ASoC: wm8962: Enable oscillator if selecting WM8962_FLL_OSC (Stuart Henderson) - Input: gpio_keys_polled - suppress deferred probe error for gpio (Uwe Kleine-Konig) - ASoC: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet (Alban Boye) - firewire: core: use long bus reset on gap count error (Takashi Sakamoto) - Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security (Yuxuan Hu) - drm/amdgpu: Enable gpu reset for S3 abort cases on Raven series (Prike Liang) - ALSA: hda/realtek - ALC285 reduce pop noise from Headphone port (Kailang Yang) - scsi: mpt3sas: Prevent sending diag_reset when the controller is ready (Ranjan Kumar) - dm-verity, dm-crypt: align 'struct bvec_iter' correctly (Mikulas Patocka) - block: sed-opal: handle empty atoms when parsing response (Greg Joyce) - parisc/ftrace: add missing CONFIG_DYNAMIC_FTRACE check (Max Kellermann) - net/iucv: fix the allocation size of iucv_path_table array (Alexander Gordeev) - x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() (Hou Tao) - x86/mm: Move is_vsyscall_vaddr() into asm/vsyscall.h (Hou Tao) - riscv: dts: sifive: add missing #interrupt-cells to pmic (Conor Dooley) - RDMA/mlx5: Relax DEVX access upon modify commands (Yishai Hadas) - RDMA/mlx5: Fix fortify source warning while accessing Eth segment (Leon Romanovsky) - gen_compile_commands: fix invalid escape sequence warning (Andrew Ballance) - HID: multitouch: Add required quirk for Synaptics 0xcddc device (Manuel Fombuena) - MIPS: Clear Cause.BD in instruction_pointer_set (Jiaxun Yang) - x86/xen: Add some null pointer checking to smp.c (Kunwu Chan) - ASoC: rt5645: Make LattePanda board DMI match more precise (Hans de Goede) - selftests: tls: use exact comparison in recv_partial (Jakub Kicinski) - rcu-tasks: Provide rcu_trace_implies_rcu_gp() (Paul E. McKenney) - LTS version: v5.15.152 (Vijayendra Suman) - serial: max310x: fix IO data corruption in batched operations (Jan Kundrat) - serial: max310x: make accessing revision id interface-agnostic (Cosmin Tanislav) - regmap: Add bulk read/write callbacks into regmap_config (Marek Vasut) - regmap: allow to define reg_update_bits for no bus configuration (Ansuel Smith) - ALSA: usb-audio: Sort quirk table entries (Takashi Iwai) - ALSA: usb-audio: Add FIXED_RATE quirk for JBL Quantum610 Wireless (Takashi Iwai) - ALSA: usb-audio: Always initialize fixed_rate in snd_usb_find_implicit_fb_sync_format() (Jaroslav Kysela) - ALSA: usb-audio: Fix wrong kfree issue in snd_usb_endpoint_free_all (Wan Jiabing) - fs/proc: do_task_stat: move thread_group_cputime_adjusted() outside of lock_task_sighand() (Oleg Nesterov) - proc: Use task_is_running() for wchan in /proc//stat (Kees Cook) - getrusage: use sig->stats_lock rather than lock_task_sighand() (Oleg Nesterov) - getrusage: use __for_each_thread() (Oleg Nesterov) - getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand() (Oleg Nesterov) - getrusage: add the 'signal_struct *sig' local variable (Oleg Nesterov) - drm/amd/display: Increase frame-larger-than for all display_mode_vba files (Nathan Chancellor) - drm/amd/display: remove DML Makefile duplicate lines (Magali Lemes) - drm/amd/display: move calcs folder into DML (Isabella Basso) - drm/amd/display: Re-arrange FPU code structure for dcn2x (Qingqing Zhuo) - selftests: mptcp: decrease BW in simult flows (Matthieu Baerts (NGI0)) - drm/amdgpu: Reset IH OVERFLOW_CLEAR bit (Friedrich Vock) - drm/amd/pm: do not expose the API used internally only in kv_dpm.c (Evan Quan) - serial: max310x: prevent infinite while() loop in port startup (Hugo Villeneuve) - serial: max310x: use a separate regmap for each port (Cosmin Tanislav) - serial: max310x: use regmap methods for SPI batch operations (Cosmin Tanislav) - xhci: handle isoc Babble and Buffer Overrun events properly (Michal Pecio) - xhci: process isoc TD properly when there was a transaction error mid TD. (Mathias Nyman) - selftests: mm: fix map_hugetlb failure on 64K page size systems (Nico Pache) - selftests/mm: switch to bash from sh (Muhammad Usama Anjum) - nfp: flower: add hardware offload check for post ct entry (Hui Zhou) - nfp: flower: add goto_chain_index for ct entry (Wentao Jia) - drm/amd/display: Fix uninitialized variable usage in core_link_ 'read_dpcd() & write_dpcd()' functions (Srinivasan Shanmugam) - ALSA: usb-audio: add quirk for RODE NT-USB+ (Sean Young) - ALSA: usb-audio: Fix microphone sound on Nexigo webcam. (Christos Skevis) - ALSA: usb-audio: Add new quirk FIXED_RATE for JBL Quantum810 Wireless (Jaroslav Kysela) - ALSA: usb-audio: Add quirk for Tascam Model 12 (John Keeping) - ALSA: usb-audio: Avoid superfluous endpoint setup (Takashi Iwai) - ALSA: usb-audio: Correct the return code from snd_usb_endpoint_set_params() (Takashi Iwai) - ALSA: usb-audio: Apply mutex around snd_usb_endpoint_set_params() (Takashi Iwai) - ALSA: usb-audio: Properly refcounting clock rate (Takashi Iwai) - ALSA: usb-audio: Split endpoint setups for hw_params and prepare (take#2) (Takashi Iwai) - ALSA: usb-audio: Clear fixed clock rate at closing EP (Takashi Iwai) - ALSA: usb-audio: Refcount multiple accesses on the single clock (Takashi Iwai) - netrom: Fix data-races around sysctl_net_busy_read (Jason Xing) - netrom: Fix a data-race around sysctl_netrom_link_fails_count (Jason Xing) - netrom: Fix a data-race around sysctl_netrom_routing_control (Jason Xing) - netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout (Jason Xing) - netrom: Fix a data-race around sysctl_netrom_transport_requested_window_size (Jason Xing) - netrom: Fix a data-race around sysctl_netrom_transport_busy_delay (Jason Xing) - netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay (Jason Xing) - netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries (Jason Xing) - netrom: Fix a data-race around sysctl_netrom_transport_timeout (Jason Xing) - netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser (Jason Xing) - netrom: Fix a data-race around sysctl_netrom_obsolescence_count_initialiser (Jason Xing) - netrom: Fix a data-race around sysctl_netrom_default_path_quality (Jason Xing) - erofs: apply proper VMA alignment for memory mapped files on THP (Gao Xiang) - netfilter: nf_conntrack_h323: Add protection for bmp length out of range (Lena Wang) - netfilter: nft_ct: fix l3num expectations with inet pseudo family (Florian Westphal) - cpumap: Zero-initialise xdp_rxq_info struct before running XDP program (Toke Hoiland-Jorgensen) - net/ipv6: avoid possible UAF in ip6_route_mpath_notify() (Eric Dumazet) - net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() (Rand Deeb) - net: sparx5: Fix use after free inside sparx5_del_mact_entry (Horatiu Vultur) - geneve: make sure to pull inner header in geneve_rx() (Eric Dumazet) - tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string (Steven Rostedt (Google)) - i40e: disable NAPI right after disabling irqs when handling xsk_pool (Maciej Fijalkowski) - ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able (Maciej Fijalkowski) - net: lan78xx: fix runtime PM count underflow on link stop (Oleksij Rempel) - mmc: mmci: stm32: fix DMA API overlapping mappings warning (Christophe Kerello) - mmc: mmci: stm32: use a buffer for unaligned DMA requests (Yann Gautier) - LTS version: v5.15.151 (Vijayendra Suman) - mptcp: fix double-free on socket dismantle (Davide Caratti) - Revert 'tls: rx: move counting TlsDecryptErrors for sync' (Gal Pressman) - net: tls: fix async vs NIC crypto offload (Jakub Kicinski) - bpf: Derive source IP addr via bpf_*_fib_lookup() (Martynas Pumputis) - bpf: Add table ID to bpf_fib_lookup BPF helper (Louis DeLosSantos) - bpf: Add BPF_FIB_LOOKUP_SKIP_NEIGH for bpf_fib_lookup (Martin KaFai Lau) - Revert 'interconnect: Teach lockdep about icc_bw_lock order' (Greg Kroah-Hartman) - Revert 'interconnect: Fix locking for runpm vs reclaim' (Greg Kroah-Hartman) - gpio: fix resource unwinding order in error path (Bartosz Golaszewski) - gpiolib: Fix the error path order in gpiochip_add_data_with_key() (Andy Shevchenko) - gpio: 74x164: Enable output pins after registers are reset (Arturas Moskvinas) - fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super (Oscar Salvador) - cachefiles: fix memory leak in cachefiles_add_cache() (Baokun Li) - mptcp: fix possible deadlock in subflow diag (Paolo Abeni) - mptcp: push at DSS boundaries (Paolo Abeni) - mptcp: add needs_id for netlink appending addr (Geliang Tang) - mptcp: clean up harmless false expressions (Jean Sacren) - selftests: mptcp: add missing kconfig for NF Filter in v6 (Matthieu Baerts (NGI0)) - selftests: mptcp: add missing kconfig for NF Filter (Matthieu Baerts (NGI0)) - mptcp: rename timer related helper to less confusing names (Paolo Abeni) - mptcp: process pending subflow error on close (Paolo Abeni) - mptcp: move __mptcp_error_report in protocol.c (Paolo Abeni) - x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (Paolo Bonzini) - pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation (Bjorn Andersson) - mmc: sdhci-xenon: fix PHY init clock stability (Elad Nachman) - mmc: sdhci-xenon: add timeout for PHY init complete (Elad Nachman) - mmc: core: Fix eMMC initialization with 1-bit bus connection (Ivan Semenov) - dmaengine: fsl-qdma: init irq after reg initialization (Curtis Klein) - dmaengine: ptdma: use consistent DMA masks (Tadeusz Struk) - dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read (Peng Ma) - btrfs: dev-replace: properly validate device names (David Sterba) - wifi: nl80211: reject iftype change with mesh ID change (Johannes Berg) - gtp: fix use-after-free and null-ptr-deref in gtp_newlink() (Alexander Ofitserov) - ALSA: firewire-lib: fix to check cycle continuity (Takashi Sakamoto) - tomoyo: fix UAF write bug in tomoyo_write_control() (Tetsuo Handa) - riscv: Sparse-Memory/vmemmap out-of-bounds fix (Dimitris Vlachos) - fbcon: always restore the old font data in fbcon_do_set_font() (Jiri Slaby (SUSE)) - ALSA: Drop leftover snd-rtctimer stuff from Makefile (Takashi Iwai) - power: supply: bq27xxx-i2c: Do not free non existing IRQ (Hans de Goede) - efi/capsule-loader: fix incorrect allocation size (Arnd Bergmann) - tls: decrement decrypt_pending if no async completion will be called (Sabrina Dubroca) - tls: rx: use async as an in-out argument (Jakub Kicinski) - tls: rx: assume crypto always calls our callback (Jakub Kicinski) - tls: rx: move counting TlsDecryptErrors for sync (Jakub Kicinski) - tls: rx: don't track the async count (Jakub Kicinski) - tls: rx: factor out writing ContentType to cmsg (Jakub Kicinski) - tls: rx: wrap decryption arguments in a structure (Jakub Kicinski) - tls: rx: don't report text length from the bowels of decrypt (Jakub Kicinski) - tls: rx: drop unnecessary arguments from tls_setup_from_iter() (Jakub Kicinski) - tls: hw: rx: use return value of tls_device_decrypted() to carry status (Jakub Kicinski) - tls: rx: refactor decrypt_skb_update() (Jakub Kicinski) - tls: rx: don't issue wake ups when data is decrypted (Jakub Kicinski) - tls: rx: don't store the decryption status in socket context (Jakub Kicinski) - tls: rx: don't store the record type in socket context (Jakub Kicinski) - igb: extend PTP timestamp adjustments to i211 (Oleksij Rempel) - rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back (Lin Ma) - netfilter: bridge: confirm multicast packets before passing them up the stack (Florian Westphal) - netfilter: let reset rules clean out conntrack entries (Florian Westphal) - netfilter: make function op structures const (Florian Westphal) - netfilter: core: move ip_ct_attach indirection to struct nf_ct_hook (Florian Westphal) - netfilter: nfnetlink_queue: silence bogus compiler warning (Florian Westphal) - Bluetooth: Enforce validation on max value of connection interval (Kai-Heng Feng) - Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR (Zijun Hu) - Bluetooth: Avoid potential use-after-free in hci_error_reset (Ying Hsu) - stmmac: Clear variable when destroying workqueue (Jakub Raczynski) - uapi: in6: replace temporary label with rfc9486 (Justin Iurman) - veth: try harder when allocating queue memory (Jakub Kicinski) - net: enable memcg accounting for veth queues (Vasily Averin) - lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected (Oleksij Rempel) - ipv6: fix potential 'struct net' leak in inet6_rtm_getaddr() (Eric Dumazet) - net: veth: clear GRO when clearing XDP even when down (Jakub Kicinski) - cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call back (Doug Smythies) - tun: Fix xdp_rxq_info's queue_index when detaching (Yunjian Wang) - net: ip_tunnel: prevent perpetual headroom growth (Florian Westphal) - netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter (Ryosuke Yasuoka) - mtd: spinand: gigadevice: Fix the get ecc status issue (Han Xu) - netfilter: nf_tables: disallow timeout for anonymous sets (Pablo Neira Ayuso) - LTS version: v5.15.150 (Vijayendra Suman) - r8169: use new PM macros (Heiner Kallweit) - netfilter: nf_tables: can't schedule in nft_chain_validate (Florian Westphal) - ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks() (Baokun Li) - ext4: regenerate buddy after block freeing failed if under fc replay (Baokun Li) - netfilter: nf_tables: fix scheduling-while-atomic splat (Florian Westphal) - fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio (Bart Van Assche) - i2c: imx: when being a target, mark the last read as processed (Corey Minyard) - i2c: imx: Add timer for handling the stop condition (Corey Minyard) - drm/amd/display: Fix memory leak in dm_sw_fini() (Armin Wolf) - drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set (Erik Kurzinger) - netfilter: nft_flow_offload: release dst in case direct xmit path is used (Pablo Neira Ayuso) - netfilter: nft_flow_offload: reset dst in route object after setting up flow (Pablo Neira Ayuso) - netfilter: flowtable: simplify route logic (Pablo Neira Ayuso) - netfilter: nf_tables: set dormant flag on hook register failure (Florian Westphal) - tls: stop recv() if initial process_rx_list gave us non-DATA (Sabrina Dubroca) - tls: rx: drop pointless else after goto (Jakub Kicinski) - tls: rx: jump to a more appropriate label (Jakub Kicinski) - s390: use the correct count for __iowrite64_copy() (Jason Gunthorpe) - octeontx2-af: Consider the action set by PF (Subbaraya Sundeep) - drm/nouveau/instmem: fix uninitialized_var.cocci warning (Guo Zhengkui) - packet: move from strlcpy with unused retval to strscpy (Wolfram Sang) - ipv6: sr: fix possible use-after-free and null-ptr-deref (Vasiliy Kovalev) - afs: Increase buffer size in afs_update_volume_status() (Daniil Dulov) - bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel (Martin KaFai Lau) - ata: ahci_ceva: fix error handling for Xilinx GT PHY support (Radhey Shyam Pandey) - ata: libahci_platform: Introduce reset assertion/deassertion methods (Serge Semin) - ata: libahci_platform: Convert to using devm bulk clocks API (Serge Semin) - ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (Eric Dumazet) - ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid (Eric Dumazet) - net: stmmac: Fix incorrect dereference in interrupt handlers (Pavel Sakharov) - nouveau: fix function cast warnings (Arnd Bergmann) - scsi: jazz_esp: Only build if SCSI core is builtin (Randy Dunlap) - bpf, scripts: Correct GPL license name (Gianmarco Lusvardi) - RDMA/srpt: fix function pointer cast warnings (Arnd Bergmann) - arm64: dts: rockchip: set num-cs property for spi on px30 (Heiko Stuebner) - RDMA/qedr: Fix qedr_create_user_qp error flow (Kamal Heib) - RDMA/srpt: Support specifying the srpt_service_guid parameter (Bart Van Assche) - RDMA/irdma: Add AE for too many RNRS (Mustafa Ismail) - RDMA/irdma: Set the CQ read threshold for GEN 1 (Mustafa Ismail) - RDMA/irdma: Validate max_send_wr and max_recv_wr (Shiraz Saleem) - RDMA/irdma: Fix KASAN issue with tasklet (Mike Marciniszyn) - RDMA/bnxt_re: Return error for SRQ resize (Kalesh AP) - IB/hfi1: Fix a memleak in init_credit_return (Zhipeng Lu) - cifs: add a warning when the in-flight count goes negative (Shyam Prasad N) - xhci: track port suspend state correctly in unsuccessful resume cases (Mathias Nyman) - xhci: decouple usb2 port resume and get_port_status request handling (Mathias Nyman) - xhci: clear usb2 resume related variables in one place. (Mathias Nyman) - xhci: rename resume_done to resume_timestamp (Mathias Nyman) - xhci: move port specific items such as state completions to port structure (Mathias Nyman) - xhci: cleanup xhci_hub_control port references (Mathias Nyman) - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1502CBA (Paul Menzel) - ACPI: resource: Skip IRQ override on Asus Expertbook B2402CBA (Tamim Khan) - ACPI: resource: Add Asus ExpertBook B2502 to Asus quirks (Hans de Goede) - ACPI: resource: Skip IRQ override on Asus Vivobook S5602ZA (Tamim Khan) - ACPI: resource: Add ASUS model S5402ZA to quirks (Kellen Renshaw) - ACPI: video: Add backlight=native DMI quirk for Apple iMac12,1 and iMac12,2 (Hans de Goede) - ARM: dts: BCM53573: Describe on-SoC BCM53125 rev 4 switch (Rafal Milecki) - arm64: dts: rockchip: add SPDIF node for ROCK Pi 4 (Alex Bee) - arm64: dts: rockchip: add ES8316 codec for ROCK Pi 4 (Alex Bee) - arm64: dts: rockchip: fix regulator name on rk3399-rock-4 (FUKAUMI Naoki) - exfat: support dynamic allocate bh for exfat_entry_set_cache (Yuezhang Mo) - wifi: iwlwifi: mvm: avoid baid size integer overflow (Johannes Berg) - igb: Fix igb_down hung on surprise removal (Ying Hsu) - wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point() (Gustavo A. R. Silva) - bpf: Address KCSAN report on bpf_lru_list (Martin KaFai Lau) - wifi: ath11k: fix registration of 6Ghz-only phy without the full channel range (Maxime Bizon) - sched/fair: Don't balance task to its current running CPU (Yicong Yang) - arm64: mm: fix VA-range sanity check (Mark Rutland) - arm64: set __exception_irq_entry with __irq_entry as a default (Youngmin Nam) - ACPI: video: Add backlight=native DMI quirk for Lenovo ThinkPad X131e (3371 AMD version) (Hans de Goede) - ACPI: video: Add backlight=native DMI quirk for Apple iMac11,3 (Hans de Goede) - ACPI: button: Add lid disable DMI quirk for Nextbook Ares 8A (Hans de Goede) - btrfs: add xxhash to fast checksum implementations (David Sterba) - posix-timers: Ensure timer ID search-loop limit is valid (Thomas Gleixner) - md/raid10: prevent soft lockup while flush writes (Yu Kuai) - md: fix data corruption for raid456 when reshape restart while grow up (Yu Kuai) - nbd: Add the maximum limit of allocated index in nbd_dev_add (Zhong Jinghua) - debugobjects: Recheck debug_objects_enabled before reporting (Tetsuo Handa) - netfilter: nf_tables: add rescheduling points during loop detection walks (Florian Westphal) - net/sched: Refactor qdisc_graft() for ingress and clsact Qdiscs (Peilin Ye) - Input: iqs269a - do not poll during ATI (Jeff LaBundy) - Input: iqs269a - do not poll during suspend or resume (Jeff LaBundy) - Input: iqs269a - switch to DEFINE_SIMPLE_DEV_PM_OPS() and pm_sleep_ptr() (Jonathan Cameron) - PM: core: Remove static qualifier in DEFINE_SIMPLE_DEV_PM_OPS macro (Paul Cercueil) - mmc: mxc: Use the new PM macros (Paul Cercueil) - mmc: jz4740: Use the new PM macros (Paul Cercueil) - PM: core: Add new *_PM_OPS macros, deprecate old ones (Paul Cercueil) - PM: core: Redefine pm_ptr() macro (Paul Cercueil) - powerpc/eeh: Set channel state after notifying the drivers (Ganesh Goudar) - powerpc/eeh: Small refactor of eeh_handle_normal_event() (Daniel Axtens) - powerpc/rtas: ensure 4KB alignment for rtas_data_buf (Nathan Lynch) - powerpc/rtas: make all exports GPL (Nathan Lynch) - net: ethernet: ti: add missing of_node_put before return (Wang Qing) - dt-bindings: clocks: imx8mp: Add ID for usb suspend clock (Li Jun) - clk: imx8mp: add clkout1/2 support (Lucas Stach) - clk: imx8mp: Add DISP2 pixel clock (Marek Vasut) - serial: 8250: Remove serial_rs485 sanitization from em485 (Ilpo Jarvinen) - cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl() (Enzo Matsumiya) - kernel/sched: Remove dl_boosted flag comment (Hui Su) - drm/i915/dg1: Update DMC_DEBUG3 register (Chuansheng Liu) - f2fs: write checkpoint during FG_GC (Byungki Lee) - f2fs: don't set GC_FAILURE_PIN for background GC (Chao Yu) - drm/amdgpu: init iommu after amdkfd device init (Yifan Zhang) - tools/virtio: fix build (Stefano Garzarella) - perf beauty: Update copy of linux/socket.h with the kernel sources (Arnaldo Carvalho de Melo) - tools headers UAPI: Sync linux/fscrypt.h with the kernel sources (Arnaldo Carvalho de Melo) - ARM: dts: BCM53573: Drop nonexistent 'default-off' LED trigger (Rafal Milecki) - acpi: property: Let args be NULL in __acpi_node_get_property_reference (Sakari Ailus) - platform/x86: asus-wmi: Document the dgpu_disable sysfs attribute (Luke D. Jones) - clk: linux/clk-provider.h: fix kernel-doc warnings and typos (Randy Dunlap) - RDMA/siw: Correct wrong debug message (Guoqing Jiang) - RDMA/siw: Balance the reference of cep->kref in the error path (Guoqing Jiang) - ARM: dts: BCM53573: Drop nonexistent #usb-cells (Rafal Milecki) - selftests: net: vrf-xfrm-tests: change authentication and encryption algos (Magali Lemes) - MIPS: vpe-mt: drop physical_memsize (Randy Dunlap) - MIPS: SMP-CPS: fix build error when HOTPLUG_CPU not set (Randy Dunlap) - powerpc/pseries/lpar: add missing RTAS retry status handling (Nathan Lynch) - powerpc/perf/hv-24x7: add missing RTAS retry status handling (Nathan Lynch) - powerpc/pseries/lparcfg: add missing RTAS retry status handling (Nathan Lynch) - clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() (Chen-Yu Tsai) - clk: qcom: gpucc-sdm845: fix clk_dis_wait being programmed for CX GDSC (Dmitry Baryshkov) - clk: qcom: gpucc-sc7180: fix clk_dis_wait being programmed for CX GDSC (Dmitry Baryshkov) - powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (Frederic Barrat) - Input: ads7846 - don't check penirq immediately for 7845 (Luca Ellero) - Input: ads7846 - always set last command to PWRDOWN (Luca Ellero) - clk: imx: avoid memory leak (Peng Fan) - clk: renesas: cpg-mssr: Remove superfluous check in resume code (Geert Uytterhoeven) - Input: ads7846 - don't report pressure for ads7845 (Luca Ellero) - clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed (Alexey Khoroshilov) - Input: iqs269a - increase interrupt handler return delay (Jeff LaBundy) - Input: iqs269a - configure device with a single block write (Jeff LaBundy) - Input: iqs269a - drop unused device node references (Jeff LaBundy) - RISC-V: fix funct4 definition for c.jalr in parse_asm.h (Heiko Stuebner) - mtd: rawnand: sunxi: Fix the size of the last OOB region (Samuel Holland) - clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents (Dmitry Baryshkov) - clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents (Dmitry Baryshkov) - clk: imx: imx8mp: add shared clk gate for usb suspend clk (Li Jun) - mptcp: fix lockless access in subflow ULP diag (Paolo Abeni) - usb: roles: don't get/set_role() when usb_role_switch is unregistered (Xu Yang) - usb: roles: fix NULL pointer issue when put module's reference (Xu Yang) - usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs (Krishna Kurapati) - usb: cdns3: fix memory double free when handle zero packet (Frank Li) - usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() (Frank Li) - usb: cdnsp: fixed issue with incorrect detecting CDNSP family controllers (Pawel Laszczak) - usb: cdnsp: blocked some cdns3 specific code (Pawel Laszczak) - serial: amba-pl011: Fix DMA transmission in RS485 mode (Lino Sanfilippo) - x86/alternative: Make custom return thunk unconditional (Peter Zijlstra) - Revert 'x86/alternative: Make custom return thunk unconditional' (Borislav Petkov (AMD)) - x86/returnthunk: Allow different return thunks (Peter Zijlstra) - x86/ftrace: Use alternative RET encoding (Peter Zijlstra) - x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() (Peter Zijlstra) - x86/text-patching: Make text_gen_insn() play nice with ANNOTATE_NOENDBR (Peter Zijlstra) - Revert 'x86/ftrace: Use alternative RET encoding' (Borislav Petkov (AMD)) - ARM: ep93xx: Add terminator to gpiod_lookup_table (Nikita Shubin) - l2tp: pass correct message length to ip6_append_data (Tom Parkin) - PCI/MSI: Prevent MSI hardware interrupt number truncation (Vidya Sagar) - gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() (Vasiliy Kovalev) - KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() (Oliver Upton) - KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler (Oliver Upton) - platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names (Hans de Goede) - dm-crypt: don't modify the data when using authenticated encryption (Mikulas Patocka) - drm/ttm: Fix an invalid freeing on already freed page in error path (Thomas Hellstrom) - IB/hfi1: Fix sdma.h tx->num_descs off-by-one error (Daniel Vacek) - erofs: fix lz4 inplace decompression (Gao Xiang) - pmdomain: renesas: r8a77980-sysc: CR7 must be always on (Geert Uytterhoeven) - pmdomain: mediatek: fix race conditions with genpd (Eugen Hristev) - virtio-blk: Ensure no requests in virtqueues before deleting vqs. (Yi Sun) - drm/amdgpu: reset gpu for s3 suspend abort case (Prike Liang) - drm/amdgpu: skip to program GFXDEC registers for suspend abort (Prike Liang) - firewire: core: send bus reset promptly on gap count error (Takashi Sakamoto) - scsi: lpfc: Use unsigned type for num_sge (Hannes Reinecke) - hwmon: (coretemp) Enlarge per package core count limit (Zhang Rui) - efi: Don't add memblocks for soft-reserved memory (Andrew Bresticker) - efi: runtime: Fix potential overflow of soft-reserved region size (Andrew Bresticker) - wifi: mac80211: adding missing drv_mgd_complete_tx() call (Johannes Berg) - fs/ntfs3: Fix oob in ntfs_listxattr (Edward Adam Davis) - fs/ntfs3: Update inode->i_size after success write into compressed file (Konstantin Komarov) - fs/ntfs3: Correct function is_rst_area_valid (Konstantin Komarov) - fs/ntfs3: Prevent generic message 'attempt to access beyond end of device' (Konstantin Komarov) - fs/ntfs3: use non-movable memory for ntfs3 MFT buffer cache (Ism Hong) - fs/ntfs3: Disable ATTR_LIST_ENTRY size check (Konstantin Komarov) - fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame() (Konstantin Komarov) - fs/ntfs3: Fix detected field-spanning write (size 8) of single field 'le->name' (Konstantin Komarov) - fs/ntfs3: Print warning while fixing hard links count (Konstantin Komarov) - fs/ntfs3: Correct hard links updating when dealing with DOS names (Konstantin Komarov) - fs/ntfs3: Improve ntfs_dir_count (Konstantin Komarov) - fs/ntfs3: Modified fix directory element type detection (Konstantin Komarov) - Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table (Szilard Fabian) - ext4: correct the hole length returned by ext4_map_blocks() (Zhang Yi) - nvmet-fc: take ref count on tgtport before delete assoc (Daniel Wagner) - nvmet-fc: avoid deadlock on delete association path (Daniel Wagner) - nvmet-fc: abort command when there is no binding (Daniel Wagner) - nvmet-fc: hold reference on hostport match (Daniel Wagner) - nvmet-fc: defer cleanup using RCU properly (Daniel Wagner) - nvmet-fc: release reference on target port (Daniel Wagner) - nvmet-fcloop: swap the list_add_tail arguments (Daniel Wagner) - nvme-fc: do not wait in vain when unloading module (Daniel Wagner) - ALSA: usb-audio: Ignore clock selector errors for single connection (Alexander Tsoy) - netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new (Xin Long) - Input: xpad - add Lenovo Legion Go controllers (Brenton Simpson) - spi: sh-msiof: avoid integer overflow in constants (Wolfram Sang) - ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 (Chen-Yu Tsai) - ALSA: usb-audio: Check presence of valid altsetting control (Alexander Tsoy) - nvmet-tcp: fix nvme tcp ida memory leak (Guixin Liu) - regulator: pwm-regulator: Add validity checks in continuous .get_voltage (Martin Blumenstingl) - dmaengine: ti: edma: Add some null pointer checks to the edma_probe (Kunwu Chan) - ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (Baokun Li) - ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() (Baokun Li) - ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt (Baokun Li) - platform/x86: touchscreen_dmi: Add info for the TECLAST X16 Plus tablet (Phoenix Chen) - MIPS: reserve exception vector space ONLY ONCE (Huang Pei) - ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers (Lennert Buytenhek) - ahci: asm1166: correct count of reported ports (Conrad Kostecki) - spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected (Devyn Liu) - fbdev: sis: Error out if pixclock equals zero (Fullway Wang) - fbdev: savage: Error out if pixclock equals zero (Fullway Wang) - wifi: mac80211: fix race condition on enabling fast-xmit (Felix Fietkau) - wifi: cfg80211: fix missing interfaces when dumping (Michal Kazior) - dmaengine: fsl-qdma: increase size of 'irq_name' (Vinod Koul) - dmaengine: shdma: increase size of 'dev_id' (Vinod Koul) - scsi: target: core: Add TMF to tmr_list handling (Dmitry Bogdanov) - sched/rt: Disallow writing invalid values to sched_rt_period_us (Cyril Hrubis) - sched/rt: Fix sysctl_sched_rr_timeslice intial value (Cyril Hrubis) - userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb (Lokesh Gidra) - bpf: Remove trace_printk_lock (Jiri Olsa) - bpf: Do cleanup in bpf_bprintf_cleanup only when needed (Jiri Olsa) - bpf: Add struct for bin_args arg in bpf_bprintf_prepare (Jiri Olsa) - bpf: Merge printk and seq_printf VARARG max macros (Dave Marchevsky) - sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset (Cyril Hrubis) - smb: client: fix parsing of SMB3.1.1 POSIX create context (Paulo Alcantara) - smb: client: fix potential OOBs in smb2_parse_contexts() (Paulo Alcantara) - smb: client: fix OOB in receive_encrypted_standard() (Paulo Alcantara) [5.15.0-206.149.3] - RDMA/cm: add timeout to cm_destroy_id wait (Manjunath Patil) [Orabug: 36280585] - net/mlx5: Query hca_cap_2 only when supported (Maher Sanalla) [Orabug: 36466318] [5.15.0-206.149.2] - tracing/kprobes: Remove CONFIG_LIVEPATCH for module symbol counting logic (Vijayendra Suman) [Orabug: 36395538] [5.15.0-206.149.1] - rds: ib: Use fastreg QP if conn is down and handle FRWR CQE timeout (Hakon Bugge) [Orabug: 36236371] - rds: ib: Tear down QP when FRWR WRs fails (Hakon Bugge) [Orabug: 36236371] - rds: ib: Poll fastreg CQ before destroying (Hakon Bugge) [Orabug: 36236371] - rds: Fix WARN_ON in rds_ib_destroy_mr_pool() (Hans Westgaard Ry) [Orabug: 36332964] - ext4: fix corruption during on-line resize (Maximilian Heyne) [Orabug: 36342901] - Revert 'x86/mm/ident_map: Use gbpages only where full GB page should be mapped.' (Sherry Yang) [Orabug: 36442401] - dmapool: create/destroy cleanup (Keith Busch) [Orabug: 36095510] - dmapool: link blocks across pages (Keith Busch) [Orabug: 36095510] - dmapool: don't memset on free twice (Keith Busch) [Orabug: 36095510] - dmapool: simplify freeing (Keith Busch) [Orabug: 36095510] - dmapool: consolidate page initialization (Keith Busch) [Orabug: 36095510] - dmapool: rearrange page alloc failure handling (Keith Busch) [Orabug: 36095510] - dmapool: move debug code to own functions (Keith Busch) [Orabug: 36095510] - dmapool: speedup DMAPOOL_DEBUG with init_on_alloc (Tony Battersby) [Orabug: 36095510] - dmapool: cleanup integer types (Tony Battersby) [Orabug: 36095510] - dmapool: use sysfs_emit() instead of scnprintf() (Tony Battersby) [Orabug: 36095510] - dmapool: remove checks for dev == NULL (Tony Battersby) [Orabug: 36095510] - mm/dmapool.c: revert 'make dma pool to use kmalloc_node' (Christian Konig) [Orabug: 36095510] - ice: Don't dereference NULL in ice_gnss_read error path (Simon Horman) [Orabug: 36390519] - ice: make writes to /dev/gnssX synchronous (Michal Schmidt) [Orabug: 36390519] - ice: do not busy-wait to read GNSS data (Michal Schmidt) [Orabug: 36390519] - ice: use GNSS subsystem instead of TTY (Arkadiusz Kubalewski) [Orabug: 36390519] - ice: Add check for kzalloc (Jiasheng Jiang) [Orabug: 36390519] - ice: Fix potential memory leak in ice_gnss_tty_write() (Yuan Can) [Orabug: 36390519] - uek-rpm: Bluefield 3: Enable KASAN runtime memory debugger in the debug config (Thomas Tai) [Orabug: 36441787] - Revert 'mmc: core: Use mrq.sbc in close-ended ffu' (Thomas Tai) [Orabug: 36441787] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-2201 cpe:/a:oracle:linux:8::UEKR7 cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:8::developer_UEKR7 cpe:/a:oracle:linux:9::UEKR7 cpe:/o:oracle:linux:9:4:baseos_patch cpe:/a:oracle:linux:9::developer_UEKR7 Oracle Linux 9 [3.21.0-9] - timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin) Resolves: RHEL-22792 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-0914 cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 libvirt [9.0.0-5.el9] - Fix off-by-one error in udevListInterfacesByStatus (Martin Kletzander) [Orabug: 36364464] {CVE-2024-1441} libvirt-python [9.0.0-5.el9] - Update to libvirt 9.0.0-5 (Karl Heubaum) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-1441 cpe:/a:oracle:linux:9::kvm_utils Oracle Linux 9 [7.2.0-11.el9] - vfio/migration: Add a note about migration rate limiting (Avihai Horon) [Orabug: 36329758] - vfio/migration: Refactor vfio_save_state() return value (Avihai Horon) [Orabug: 36329758] - migration: Don't serialize devices in qemu_savevm_state_iterate() (Avihai Horon) [Orabug: 36329758] - ui/clipboard: add asserts for update and request (Fiona Ebner) [Orabug: 36323175] {CVE-2023-6683} - ui/clipboard: mark type as not available when there is no data (Fiona Ebner) [Orabug: 36323175] {CVE-2023-6683} - virtio-net: correctly copy vnet header when flushing TX (Jason Wang) [Orabug: 36154459] {CVE-2023-6693} - esp: restrict non-DMA transfer length to that of available data (Mark Cave-Ayland) [Orabug: 36322141] {CVE-2024-24474} - vhost: Perform memory section dirty scans once per iteration (Si-Wei Liu) - vhost: dirty log should be per backend type (Si-Wei Liu) - net: Update MemReentrancyGuard for NIC (Akihiko Odaki) [Orabug: 35644197] {CVE-2023-3019} - net: Provide MemReentrancyGuard * to qemu_new_nic() (Akihiko Odaki) [Orabug: 35644197] {CVE-2023-3019} - lsi53c895a: disable reentrancy detection for MMIO region, too (Thomas Huth) [Orabug: 33774027] {CVE-2021-3750} - memory: stricter checks prior to unsetting engaged_in_io (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - async: avoid use-after-free on re-entrancy guard (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - apic: disable reentrancy detection for apic-msi (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - raven: disable reentrancy detection for iomem (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - bcm2835_property: disable reentrancy detection for iomem (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - lsi53c895a: disable reentrancy detection for script RAM (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - hw: replace most qemu_bh_new calls with qemu_bh_new_guarded (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - checkpatch: add qemu_bh_new/aio_bh_new checks (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - async: Add an optional reentrancy guard to the BH API (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - memory: prevent dma-reentracy issues (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - hw/acpi: propagate vcpu hotplug after switch to modern interface (Aaron Young) - migration: Fix use-after-free of migration state object (Fabiano Rosas) [Orabug: 36242218] - kvm: Fix crash due to access uninitialized kvm_state (Gavin Shan) [Orabug: 36269244] - migration: Avoid usage of static variable inside tracepoint (Joao Martins) - migration: Add tracepoints for downtime checkpoints (Peter Xu) - migration: migration_stop_vm() helper (Peter Xu) - migration: Add per vmstate downtime tracepoints (Peter Xu) - migration: Add migration_downtime_start|end() helpers (Peter Xu) - migration: Set downtime_start even for postcopy (Peter Xu) - hv-balloon: implement pre-Glib 2.68 compatibility (Maciej S. Szmigiero) - hw/i386/pc: Support hv-balloon (Maciej S. Szmigiero) - qapi: Add HV_BALLOON_STATUS_REPORT event and its QMP query command (Maciej S. Szmigiero) - qapi: Add query-memory-devices support to hv-balloon (Maciej S. Szmigiero) - Add Hyper-V Dynamic Memory Protocol driver (hv-balloon) hot-add support (Maciej S. Szmigiero) - Add Hyper-V Dynamic Memory Protocol driver (hv-balloon) base (Maciej S. Szmigiero) - Add Hyper-V Dynamic Memory Protocol definitions (Maciej S. Szmigiero) - memory-device: Drop size alignment check (David Hildenbrand) - memory-device: Support empty memory devices (David Hildenbrand) - memory,vhost: Allow for marking memory device memory regions unmergeable (David Hildenbrand) - memory: Clarify mapping requirements for RamDiscardManager (David Hildenbrand) - memory-device,vhost: Support automatic decision on the number of memslots (David Hildenbrand) - vhost: Add vhost_get_max_memslots() (David Hildenbrand) - kvm: Add stub for kvm_get_max_memslots() (David Hildenbrand) - memory-device,vhost: Support memory devices that dynamically consume memslots (David Hildenbrand) - memory-device: Track required and actually used memslots in DeviceMemoryState (David Hildenbrand) - stubs: Rename qmp_memory_device.c to memory_device.c (David Hildenbrand) - memory-device: Support memory devices with multiple memslots (David Hildenbrand) - vhost: Return number of free memslots (David Hildenbrand) - kvm: Return number of free memslots (David Hildenbrand) - vhost: Remove vhost_backend_can_merge() callback (David Hildenbrand) - vhost: Rework memslot filtering and fix 'used_memslot' tracking (David Hildenbrand) - virtio-md-pci: New parent type for virtio-mem-pci and virtio-pmem-pci (David Hildenbrand) - migration/ram: Expose ramblock_is_ignored() as migrate_ram_is_ignored() (David Hildenbrand) - virtio-mem: Skip most of virtio_mem_unplug_all() without plugged memory (David Hildenbrand) - softmmu/physmem: Warn with ram_block_discard_range() on MAP_PRIVATE file mapping (David Hildenbrand) - memory-device: Track used region size in DeviceMemoryState (David Hildenbrand) - memory-device: Refactor memory_device_pre_plug() (David Hildenbrand) - hw/i386/pc: Remove PC_MACHINE_DEVMEM_REGION_SIZE (David Hildenbrand) - hw/i386/acpi-build: Rely on machine->device_memory when building SRAT (David Hildenbrand) - hw/i386/pc: Use machine_memory_devices_init() (David Hildenbrand) - hw/loongarch/virt: Use machine_memory_devices_init() (David Hildenbrand) - hw/ppc/spapr: Use machine_memory_devices_init() (David Hildenbrand) - hw/arm/virt: Use machine_memory_devices_init() (David Hildenbrand) - memory-device: Introduce machine_memory_devices_init() (David Hildenbrand) - memory-device: Unify enabled vs. supported error messages (David Hildenbrand) - hw/scsi/scsi-disk: Disallow block sizes smaller than 512 [CVE-2023-42467] (Thomas Huth) [Orabug: 35808564] {CVE-2023-42467} - tests/qtest: ahci-test: add test exposing reset issue with pending callback (Fiona Ebner) [Orabug: 35977245] {CVE-2023-5088} - hw/ide: reset: cancel async DMA operation before resetting state (Fiona Ebner) [Orabug: 35977245] {CVE-2023-5088} [7.2.0-7.el9] - vfio/common: Probe type1 iommu dirty tracking support (Joao Martins) [Orabug: 36024839] - vfio/common: Allow disabling device dirty page tracking (Joao Martins) [Orabug: 36024839] MODERATE Copyright 2024 Oracle, Inc. CVE-2023-6693 CVE-2023-5088 CVE-2024-24474 CVE-2023-3019 CVE-2023-42467 CVE-2021-3750 CVE-2023-6683 cpe:/a:oracle:linux:9::kvm_utils Oracle Linux 7 * Tue Feb 27 2024 Aaron Young <aaron.young@oracle.com> - Create new 1.7.0 release for OL7 which includes the following fixed CVEs: {CVE-2023-45229} {CVE-2023-45230} {CVE-2023-45231} {CVE-2023-45232} {CVE-2023-45233} {CVE-2023-45234} {CVE-2023-45235} {CVE-2022-36763} {CVE-2022-36764} {CVE-2022-36765} - Update to OpenSSL 3.0.10 which includes the following fixed CVEs: {CVE-2023-2975} {CVE-2023-1255} {CVE-2023-0401} {CVE-2023-0217} {CVE-2023-0216} {CVE-2023-0215} {CVE-2022-4203} {CVE-2022-3996} {CVE-2022-3602} {CVE-2022-3786} {CVE-2022-3358} {CVE-2022-2274} {CVE-2022-1473} {CVE-2022-1434} {CVE-2022-1343} {CVE-2021-4044} {CVE-2021-23839} * Tue Aug 22 2023 Aaron Young <aaron.young@oracle.com> - Create new 1.6.6.cvm release for OL7 * Mon Aug 21 2023 Aaron Young <aaron.young@oracle.com> - Create new 1.6.6 release for OL7 which includes the following fixed CVEs: {CVE-2019-14560} - Update to OpenSSL 1.1.1v which includes the following fixed CVEs: {CVE-2023-3817} {CVE-2023-3446} {CVE-2023-2650} {CVE-2023-0465} {CVE-2023-0466} {CVE-2023-0464} {CVE-2023-0286} {CVE-2023-0215} {CVE-2022-4450} {CVE-2022-4304} {CVE-2022-2097} {CVE-2022-2068} {CVE-2022-1292} {CVE-2022-0778} {CVE-2021-4160} {CVE-2021-3712} {CVE-2021-3711} {CVE-2021-3450} {CVE-2021-3449} {CVE-2021-23841} {CVE-2021-23840} {CVE-2020-1971} {CVE-2020-1967} {CVE-2019-1551} {CVE-2019-1563} {CVE-2019-1549} {CVE-2019-1547} {CVE-2019-1552} {CVE-2019-1543} {CVE-2018-0734} {CVE-2018-0735} * Tue Jun 13 2023 Aaron Young <aaron.young@oracle.com> - Create new 1.6.5.cvm release for OL7 * Mon Feb 27 2023 Aaron Young <aaron.young@oracle.com> - Create new 1.6.4.cvm release for OL7 which includes the following fixed CVEs: {CVE-2021-38578} * Tue Jun 28 2022 Aaron Young <aaron.young@oracle.com> - Create new 1.6.3 release for OL7 * Wed Jun 01 2022 Aaron Young <aaron.young@oracle.com> - Create new 1.6.2 release for OL7 * Wed May 11 2022 Aaron Young <aaron.young@oracle.com> - Create new 1.6.1 release for OL7 * Wed Apr 06 2022 Aaron Young <aaron.young@oracle.com> - Create new 1.6.0 release for OL7 which includes the following fixed CVEs: {CVE-2022-0778} * Tue Nov 23 2021 Aaron Young <aaron.young@oracle.com> - Create new 1.5.1 release for OL7 * Wed Jun 16 2021 Aaron Young <aaron.young@oracle.com> - Create new 1.5.0 release for OL7 which includes the following fixed CVEs: {CVE-2021-23840} {CVE-2021-23841} {CVE-2021-38575} * Thu Feb 18 2021 Aaron Young <aaron.young@oracle.com> - Create new 1.4.3 release for OL7 * Wed Jan 20 2021 Aaron Young <aaron.young@oracle.com> - Create new 1.4.2 release for OL7 * Thu Dec 03 2020 Aaron Young <aaron.young@oracle.com> - Create new 1.4.1 release for OL7 * Wed Nov 18 2020 Aaron Young <aaron.young@oracle.com> - Create new 1.4.0 release for OL7 which includes the following fixed CVEs: {CVE-2019-14584} {CVE-2019-14562} {CVE-2019-11098} {CVE-2019-14559} {CVE-2019-14575} {CVE-2019-14559} {CVE-2019-14587} {CVE-2019-14558} {CVE-2019-14586} {CVE-2019-14563} * Sat Oct 10 2020 Aaron Young <aaron.young@oracle.com> - Create new 1.3.4 release for OL7 * Wed Oct 07 2020 Aaron Young <aaron.young@oracle.com> - Create new 1.3.3 release for OL7 * Fri Jul 31 2020 Aaron Young <aaron.young@oracle.com> - Create new 1.3.2 release for OL7 * Fri May 01 2020 Aaron Young <aaron.young@oracle.com> - Create new 1.3.1 release for OL7 * Wed Feb 05 2020 Aaron Young <aaron.young@oracle.com> - Create new 1.3 release for OL7 which includes the following fixed CVEs: {CVE-2018-12182} {CVE-2019-13224} {CVE-2019-13225} {CVE-2019-14553} * Fri May 17 2019 Aaron Young <aaron.young@oracle.com> - Create new 1.2 release for OL7 which includes the following fixed CVEs: {CVE-2017-5715} {CVE-2017-5731} {CVE-2017-5732} {CVE-2017-5733} {CVE-2017-5734} {CVE-2017-5735} {CVE-2017-5753} {CVE-2018-12178} {CVE-2018-12180} {CVE-2018-12181} {CVE-2018-3630} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2022-36763 CVE-2023-45230 CVE-2023-45234 CVE-2022-36764 CVE-2023-45232 CVE-2023-45235 CVE-2022-36765 CVE-2023-45231 CVE-2023-45233 CVE-2023-45229 cpe:/a:oracle:linux:7::developer_kvm_utils cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::kvm_utils cpe:/a:oracle:linux:7:9:patch Oracle Linux 9 * Tue Feb 27 2024 Aaron Young <aaron.young@oracle.com> - Create new 20240227 release for OL9 which includes the following fixed CVEs: {CVE-2023-45229} {CVE-2023-45230} {CVE-2023-45231} {CVE-2023-45232} {CVE-2023-45233} {CVE-2023-45234} {CVE-2023-45235} {CVE-2022-36763} {CVE-2022-36764} {CVE-2022-36765} - Update to OpenSSL 3.0.10 which includes the following fixed CVEs: {CVE-2023-2975} {CVE-2023-1255} {CVE-2023-0401} {CVE-2023-0217} {CVE-2023-0216} {CVE-2023-0215} {CVE-2022-4203} {CVE-2022-3996} {CVE-2022-3602} {CVE-2022-3786} {CVE-2022-3358} {CVE-2022-2274} {CVE-2022-1473} {CVE-2022-1434} {CVE-2022-1343} {CVE-2021-4044} {CVE-2021-23839} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-45229 CVE-2023-45235 CVE-2022-36763 CVE-2022-36765 CVE-2023-45230 CVE-2023-45231 CVE-2023-45232 CVE-2023-45233 CVE-2022-36764 CVE-2023-45234 cpe:/a:oracle:linux:9::developer_kvm_utils cpe:/a:oracle:linux:9::kvm_utils Oracle Linux 8 Oracle Linux 9 [5.15.0-207.156.6] - uek-container: Add advanced routing options (Boris Ostrovsky) [Orabug: 36691279] - slub: use count_partial_free_approx() in slab_out_of_memory() (Jianfeng Wang) [Orabug: 36655468] - slub: introduce count_partial_free_approx() (Jianfeng Wang) [Orabug: 36655468] - Revert 'lockd: introduce safe async lock op' (Chuck Lever) - Revert 'tracing/trigger: Fix to return error if failed to alloc snapshot' (Siddh Raman Pant) - x86/bugs: Fix BHI retpoline check (Josh Poimboeuf) - keys: Fix overwrite of key expiration on instantiation (Silvio Gissi) - af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc(). (Kuniyuki Iwashima) - Revert 'usb: cdc-wdm: close race between read and workqueue' (Greg Kroah-Hartman) - Revert 'crypto: api - Disallow identical driver names' (Greg Kroah-Hartman) - netfilter: br_netfilter: skip conntrack input hook for promisc packets (Pablo Neira Ayuso) - Revert 'Revert 'ACPI: CPPC: Use access_width over bit_width for system memory accesses'' (Easwar Hariharan) - btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() (Dominique Martinet) - usb: dwc2: host: Fix dereference issue in DDMA completion flow. (Minas Harutyunyan) - Reapply 'drm/qxl: simplify qxl_fence_wait' (Linus Torvalds) - bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS (Matthew Wilcox (Oracle)) [5.15.0-207.156.5] - cpu: Re-enable CPU mitigations by default for !X86 architectures (Sean Christopherson) [Orabug: 36682142] [5.15.0-207.156.4] - net/rds: mod reconnect delay on sendmsg() (Sharath Srinivasan) [Orabug: 36531127] - net/rds: Extend exponential backoff for rds reconnects (Sharath Srinivasan) [Orabug: 36531127] - genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline (Dongli Zhang) [Orabug: 36674308] - uek-rpm: re-enable HP_WMI and HP_ACCEL (Stephen Brennan) [Orabug: 36632743] - mmc: core: Avoid negative index with array access (Mikko Rapeli) [Orabug: 36554507] - Revert 'Revert 'mmc: core: Use mrq.sbc in close-ended ffu'' (Thomas Tai) [Orabug: 36554507] - uek-rpm: Enable FUNCTION_GRAPH_RETVAL in UEK7 (Jianfeng Wang) [Orabug: 36460674] - fgraph: Add declaration of 'struct fgraph_ret_regs' (Steven Rostedt (Google)) [Orabug: 36460674] - x86/ftrace: Enable HAVE_FUNCTION_GRAPH_RETVAL (Donglin Peng) [Orabug: 36460674] - arm64: ftrace: Enable HAVE_FUNCTION_GRAPH_RETVAL (Donglin Peng) [Orabug: 36460674] - tracing: Add documentation for funcgraph-retval and funcgraph-retval-hex (Donglin Peng) [Orabug: 36460674] - function_graph: Support recording and printing the return value of function (Donglin Peng) [Orabug: 36460674] - net/rds: Get RDS statistics for each possible CPU (Anand Khoje) [Orabug: 35830448] [5.15.0-207.156.3] - scripts/gdb: Fix gdb 'lx-symbols' command (Khalid Masum) [Orabug: 36651773] - module: Fix prefix for module.sig_enforce module param (Saravana Kannan) [Orabug: 36651773] [5.15.0-207.156.2] - LTS version: v5.15.156 (Vijayendra Suman) - drm/i915/cdclk: Fix CDCLK programming order when pipes are active (Ville Syrjala) - irqflags: Explicitly ignore lockdep_hrtimer_exit() argument (Arnd Bergmann) - x86/apic: Force native_apic_mem_read() to use the MOV instruction (Adam Dunlap) - selftests: timers: Fix abs() warning in posix_timers test (John Stultz) - x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n (Sean Christopherson) - perf/x86: Fix out of range data (Namhyung Kim) - vhost: Add smp_rmb() in vhost_vq_avail_empty() (Gavin Shan) - drm/client: Fully protect modes[] with dev->mode_config.mutex (Ville Syrjala) - btrfs: qgroup: correctly model root qgroup rsv in convert (Boris Burkov) - iommu/vt-d: Allocate local memory for page request queue (Jacob Pan) - tracing: hide unused ftrace_event_id_fops (Arnd Bergmann) - net: ena: Fix incorrect descriptor free behavior (David Arinzon) - net: ena: Wrong missing IO completions check order (David Arinzon) - net: ena: Fix potential sign extension issue (David Arinzon) - af_unix: Fix garbage collector racing against connect() (Michal Luczaj) - af_unix: Do not use atomic ops for unix_sk(sk)->inflight. (Kuniyuki Iwashima) - net: dsa: mt7530: trap link-local frames regardless of ST Port State (Arinc UNAL) - net: sparx5: fix wrong config being used when reconfiguring PCS (Daniel Machon) - net/mlx5: Properly link new fs rules into the tree (Cosmin Ratiu) - netfilter: complete validation of user input (Eric Dumazet) - ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr (Jiri Benc) - ipv4/route: avoid unused-but-set-variable warning (Arnd Bergmann) - ipv6: fib: hide unused 'pn' variable (Arnd Bergmann) - octeontx2-af: Fix NIX SQ mode and BP config (Geetha sowjanya) - af_unix: Clear stale u->oob_skb. (Kuniyuki Iwashima) - geneve: fix header validation in geneve[6]_xmit_skb (Eric Dumazet) - xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (Eric Dumazet) - u64_stats: Disable preemption on 32bit UP+SMP PREEMPT_RT during updates. (Sebastian Andrzej Siewior) - net: openvswitch: fix unwanted error log on timeout policy probing (Ilya Maximets) - scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() (Dan Carpenter) - nouveau: fix function cast warning (Arnd Bergmann) - Revert 'drm/qxl: simplify qxl_fence_wait' (Alex Constantino) - arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order (Frank Li) - media: cec: core: remove length check of Timer Status (Nini Song) - Bluetooth: Fix memory leak in hci_req_sync_complete() (Dmitry Antipov) - ring-buffer: Only update pages_touched when a new page is touched (Steven Rostedt (Google)) - batman-adv: Avoid infinite loop trying to resize local TT (Sven Eckelmann) - LTS version: v5.15.155 (Vijayendra Suman) - Revert 'ACPI: CPPC: Use access_width over bit_width for system memory accesses' (Greg Kroah-Hartman) - VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() (Vasiliy Kovalev) - Bluetooth: btintel: Fixe build regression (Luiz Augusto von Dentz) - platform/x86: intel-vbtn: Update tablet mode switch at end of probe (Gwendal Grignou) - randomize_kstack: Improve entropy diffusion (Kees Cook) - x86/mm/pat: fix VM_PAT handling in COW mappings (David Hildenbrand) - virtio: reenable config if freezing device failed (David Hildenbrand) - gcc-plugins/stackleak: Avoid .head.text section (Ard Biesheuvel) - gcc-plugins/stackleak: Ignore .noinstr.text and .entry.text (Kees Cook) - tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (Thadeu Lima de Souza Cascardo) - netfilter: nf_tables: discard table flag update with pending basechain deletion (Pablo Neira Ayuso) - netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path (Pablo Neira Ayuso) - netfilter: nf_tables: release batch on table validation from abort path (Pablo Neira Ayuso) - fbmon: prevent division by zero in fb_videomode_from_videomode() (Roman Smirnov) - drivers/nvme: Add quirks for device 126f:2262 (Jiawei Fu (iBug)) - fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 (Aleksandr Burakov) - ASoC: soc-core.c: Skip dummy codec when adding platforms (Chancel Liu) - usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined (Colin Ian King) - usb: typec: tcpci: add generic tcpci fallback compatible (Marco Felsch) - tools: iio: replace seekdir() in iio_generic_buffer (Petre Rodan) - ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment (linke li) - ktest: force = 1 for 'make_warnings_file' test type (Ricardo B. Marliere) - platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet (Alban Boye) - Input: allocate keycode for Display refresh rate toggle (Gergo Koteles) - block: prevent division by zero in blk_rq_stat_sum() (Roman Smirnov) - libperf evlist: Avoid out-of-bounds access (Ian Rogers) - Revert 'ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default' (Daniel Drake) - SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int (Dai Ngo) - drm/amd/display: Fix nanosec stat overflow (Aric Cyr) - ext4: forbid commit inconsistent quota data when errors=remount-ro (Ye Bin) - ext4: add a hint for block bitmap corrupt state in mb_groups (Zhang Yi) - ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter (Takashi Sakamoto) - media: sta2x11: fix irq handler cast (Arnd Bergmann) - isofs: handle CDs with bad root inode but good Joliet root directory (Alex Henrie) - scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() (Justin Tee) - sysv: don't call sb_bread() with pointers_lock held (Tetsuo Handa) - pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs (Geert Uytterhoeven) - Input: synaptics-rmi4 - fail probing if memory allocation for 'phys' fails (Kunwu Chan) - Bluetooth: btintel: Fix null ptr deref in btintel_read_version (Edward Adam Davis) - net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() (Eric Dumazet) - btrfs: send: handle path ref underflow in header iterate_inode_ref() (David Sterba) - btrfs: export: handle invalid inode or root reference in btrfs_get_parent() (David Sterba) - btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() (David Sterba) - wifi: ath11k: decrease MHI channel buffer length to 8KB (Baochen Qiang) - net: pcs: xpcs: Return EINVAL in the internal methods (Serge Semin) - tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() (Samasth Norway Ananda) - pstore/zone: Add a null pointer check to the psz_kmsg_read (Kunwu Chan) - ionic: set adminq irq affinity (Shannon Nelson) - arm64: dts: rockchip: fix rk3399 hdmi ports node (Johan Jonker) - arm64: dts: rockchip: fix rk3328 hdmi ports node (Johan Jonker) - cpuidle: Avoid potential overflow in integer multiplication (C Cheng) - panic: Flush kernel log buffer at the end (John Ogness) - VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() (Harshit Mogalapalli) - wifi: ath9k: fix LNA selection in ath_ant_try_scan() (Dmitry Antipov) - net: dsa: fix panic when DSA master device unbinds on shutdown (Vladimir Oltean) - amdkfd: use calloc instead of kzalloc to avoid integer overflow (Dave Airlie) - LTS version: v5.15.154 (Vijayendra Suman) - gro: fix ownership transfer (Antoine Tenart) - mm/secretmem: fix GUP-fast succeeding on secretmem folios (David Hildenbrand) - mptcp: don't account accept() of non-MPC client as fallback to TCP (Davide Caratti) - x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO (Borislav Petkov (AMD)) - x86/bugs: Fix the SRSO mitigation on Zen3/4 (Borislav Petkov (AMD)) - riscv: process: Fix kernel gp leakage (Stefan O'Rear) - riscv: Fix spurious errors from __get/put_kernel_nofault (Samuel Holland) - s390/entry: align system call table on 8 bytes (Sumanth Korikkar) - x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (Borislav Petkov (AMD)) - of: dynamic: Synchronize of_changeset_destroy() with the devlink removals (Herve Codina) - driver core: Introduce device_link_wait_removal() (Herve Codina) - ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone (I Gede Agastya Darma Laksana) - fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() (Jann Horn) - openrisc: Fix pagewalk usage in arch_dma_{clear, set}_uncached (Jann Horn) - HID: uhid: Use READ_ONCE()/WRITE_ONCE() for ->running (Jann Horn) - nfsd: hold a lighter-weight client reference over CB_RECALL_ANY (Jeff Layton) - ata: sata_mv: Fix PCI device ID table declaration compilation warning (Arnd Bergmann) - scsi: mylex: Fix sysfs buffer lengths (Arnd Bergmann) - ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit (Arnd Bergmann) - ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw (Stephen Lee) - ASoC: rt711-sdw: fix locking sequence (Pierre-Louis Bossart) - ASoC: rt711-sdca: fix locking sequence (Pierre-Louis Bossart) - ASoC: rt5682-sdw: fix locking sequence (Pierre-Louis Bossart) - net: ravb: Always process TX descriptor ring (Paul Barker) - net: fec: Set mac_managed_pm during probe (Wei Fang) - drivers: net: convert to boolean for the mac_managed_pm flag (Denis Kirjanov) - net: usb: asix: suspend embedded PHY if external is used (Oleksij Rempel) - i40e: Enforce software interrupt during busy-poll exit (Ivan Vecera) - i40e: Remove _t suffix from enum type names (Ivan Vecera) - i40e: Store the irq number in i40e_q_vector (Joe Damato) - Revert 'usb: phy: generic: Get the vbus supply' (Alexander Stein) - scsi: qla2xxx: Update manufacturer detail (Bikash Hazarika) - i40e: fix vf may be used uninitialized in this function warning (Aleksandr Loktionov) - i40e: fix i40e_count_filters() to count only active/new filters (Aleksandr Loktionov) - octeontx2-pf: check negative error code in otx2_open() (Su Hui) - octeontx2-af: Fix issue with loading coalesced KPU profiles (Hariprasad Kelam) - udp: prevent local UDP tunnel packets from being GROed (Antoine Tenart) - udp: do not transition UDP GRO fraglist partial checksums to unnecessary (Antoine Tenart) - udp: do not accept non-tunnel GSO skbs landing in a tunnel (Antoine Tenart) - ipv6: Fix infinite recursion in fib6_dump_done(). (Kuniyuki Iwashima) - selftests: reuseaddr_conflict: add missing new line at the end of the output (Jakub Kicinski) - erspan: make sure erspan_base_hdr is present in skb->head (Eric Dumazet) - selftests: net: gro fwd: update vxlan GRO test expectations (Antoine Tenart) - net: stmmac: fix rx queue priority assignment (Piotr Wejman) - net/sched: act_skbmod: prevent kernel-infoleak (Eric Dumazet) - bpf, sockmap: Prevent lock inversion deadlock in map delete elem (Jakub Sitnicki) - vboxsf: Avoid an spurious warning if load_nls_xxx() fails (Christophe JAILLET) - netfilter: validate user input for expected length (Eric Dumazet) - netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (Ziyang Xuan) - netfilter: nf_tables: flush pending destroy work before exit_net release (Pablo Neira Ayuso) - netfilter: nf_tables: reject new basechain after table flag update (Pablo Neira Ayuso) - KVM: x86: Mark target gfn of emulated atomic instruction as dirty (Sean Christopherson) - KVM: x86: Bail to userspace if emulation of atomic user access faults (Sean Christopherson) - thermal: devfreq_cooling: Fix perf state when calculate dfc res_util (Ye Zhang) - mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations (Vlastimil Babka) - locking/rwsem: Disable preemption while trying for rwsem lock (Gokul krishna Krishnakumar) - xen-netfront: Add missing skb_mark_for_recycle (Jesper Dangaard Brouer) - Bluetooth: Fix TOCTOU in HCI debugfs implementation (Bastien Nocera) - Bluetooth: hci_event: set the conn encrypted before conn establishes (Hui Wang) - arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken (Johan Hovold) - x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word (Sean Christopherson) - r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d (Heiner Kallweit) - dm integrity: fix out-of-range warning (Arnd Bergmann) - Octeontx2-af: fix pause frame configuration in GMP mode (Hariprasad Kelam) - ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() (Nikita Kiryushin) - tcp: properly terminate timers for kernel sockets (Eric Dumazet) - s390/qeth: handle deferred cc1 (Alexandra Winter) - ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() (Przemek Kitszel) - wifi: iwlwifi: mvm: rfi: fix potential response leaks (Johannes Berg) - iwlwifi: mvm: rfi: use kmemdup() to replace kzalloc + memcpy (Bixuan Cui) - nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet (Ryosuke Yasuoka) - USB: UAS: return ENODEV when submit urbs fail with device not attached (Weitao Wang) - scsi: usb: Stop using the SCSI pointer (Bart Van Assche) - scsi: usb: Call scsi_done() directly (Bart Van Assche) - USB: core: Fix deadlock in usb_deauthorize_interface() (Alan Stern) - scsi: lpfc: Correct size for wqe for memset() (Muhammad Usama Anjum) - PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports (Mika Westerberg) - x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (Kim Phillips) - scsi: qla2xxx: Delay I/O Abort on PCI error (Quinn Tran) - scsi: qla2xxx: Change debug message during driver unload (Saurav Kashyap) - scsi: qla2xxx: Fix double free of fcport (Saurav Kashyap) - scsi: qla2xxx: Fix command flush on cable pull (Quinn Tran) - scsi: qla2xxx: NVME|FCP prefer flag not being honored (Quinn Tran) - scsi: qla2xxx: Split FCE|EFT trace control (Quinn Tran) - scsi: qla2xxx: Fix N2N stuck connection (Quinn Tran) - scsi: qla2xxx: Prevent command send on chip reset (Quinn Tran) - usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset (Christian A. Ehrhardt) - usb: typec: ucsi: Ack unsupported commands (Christian A. Ehrhardt) - usb: udc: remove warning when queue disabled ep (yuan linyu) - usb: dwc2: gadget: LPM flow fix (Minas Harutyunyan) - usb: dwc2: gadget: Fix exiting from clock gating (Minas Harutyunyan) - usb: dwc2: host: Fix ISOC flow in DDMA mode (Minas Harutyunyan) - usb: dwc2: host: Fix hibernation flow (Minas Harutyunyan) - usb: dwc2: host: Fix remote wakeup from hibernation (Minas Harutyunyan) - USB: core: Add hub_get() and hub_put() routines (Alan Stern) - staging: vc04_services: fix information leak in create_component() (Dan Carpenter) - staging: vc04_services: changen strncpy() to strscpy_pad() (Arnd Bergmann) - scsi: core: Fix unremoved procfs host directory regression (Guilherme G. Piccoli) - ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs (Duoming Zhou) - drm/amd/display: Preserve original aspect ratio in create stream (Tom Chung) - drm/amdgpu: Use drm_mode_copy() (Ville Syrjala) - usb: cdc-wdm: close race between read and workqueue (Oliver Neukum) - drm/i915/gt: Reset queue_priority_hint on parking (Chris Wilson) - net: ll_temac: platform_get_resource replaced by wrong function (Claus Hansen Ries) - hexagon: vmlinux.lds.S: handle attributes section (Nathan Chancellor) - exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() (Max Filippov) - wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes (Felix Fietkau) - btrfs: zoned: use zone aware sb location for scrub (Johannes Thumshirn) - init: open /initrd.image with O_LARGEFILE (John Sperbeck) - mm/migrate: set swap entry values of THP tail pages properly. (Zi Yan) - serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO (Hugo Villeneuve) - vfio/fsl-mc: Block calling interrupt handler without trigger (Alex Williamson) - vfio/platform: Create persistent IRQ handlers (Alex Williamson) - vfio/pci: Create persistent INTx handler (Alex Williamson) - vfio: Introduce interface to flush virqfd inject workqueue (Alex Williamson) - vfio/pci: Lock external INTx masking ops (Alex Williamson) - vfio/pci: Disable auto-enable of exclusive INTx IRQ (Alex Williamson) - selftests: mptcp: diag: return KSFT_FAIL not test_cnt (Geliang Tang) - powerpc: xor_vmx: Add '-mhard-float' to CFLAGS (Nathan Chancellor) - efivarfs: Request at most 512 bytes for variable names (Tim Schumacher) - perf/core: Fix reentry problem in perf_output_read_group() (Yang Jihong) - nfsd: Fix a regression in nfsd_setattr() (Trond Myklebust) - nfsd: don't call locks_release_private() twice concurrently (NeilBrown) - nfsd: don't take fi_lock in nfsd_break_deleg_cb() (NeilBrown) - nfsd: fix RELEASE_LOCKOWNER (NeilBrown) - nfsd: drop the nfsd_put helper (Jeff Layton) - nfsd: call nfsd_last_thread() before final nfsd_put() (NeilBrown) - lockd: introduce safe async lock op (Alexander Aring) - NFSD: fix possible oops when nfsd/pool_stats is closed. (NeilBrown) - Documentation: Add missing documentation for EXPORT_OP flags (Chuck Lever) - nfsd: separate nfsd_last_thread() from nfsd_put() (NeilBrown) - nfsd: Simplify code around svc_exit_thread() call in nfsd() (NeilBrown) - nfsd: Fix creation time serialization order (Tavian Barnes) - NFSD: Add an nfsd4_encode_nfstime4() helper (Chuck Lever) - lockd: drop inappropriate svc_get() from locked_get() (NeilBrown) - nfsd: fix double fget() bug in __write_ports_addfd() (Dan Carpenter) - nfsd: make a copy of struct iattr before calling notify_change (Jeff Layton) - NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop (Dai Ngo) - nfsd: simplify the delayed disposal list code (Jeff Layton) - NFSD: Convert filecache to rhltable (Chuck Lever) - nfsd: allow reaping files still under writeback (Jeff Layton) - nfsd: update comment over __nfsd_file_cache_purge (Jeff Layton) - nfsd: don't take/put an extra reference when putting a file (Jeff Layton) - nfsd: add some comments to nfsd_file_do_acquire (Jeff Layton) - nfsd: don't kill nfsd_files because of lease break error (Jeff Layton) - nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator (Jeff Layton) - nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries (Jeff Layton) - nfsd: don't open-code clear_and_wake_up_bit (Jeff Layton) - nfsd: call op_release, even when op_func returns an error (Jeff Layton) - nfsd: don't replace page in rq_pages if it's a continuation of last page (Jeff Layton) - NFSD: Protect against filesystem freezing (Chuck Lever) - NFSD: copy the whole verifier in nfsd_copy_write_verifier (Chuck Lever) - nfsd: don't fsync nfsd_files on last close (Jeff Layton) - nfsd: fix courtesy client with deny mode handling in nfs4_upgrade_open (Jeff Layton) - NFSD: fix problems with cleanup on errors in nfsd4_copy (Dai Ngo) - nfsd: don't hand out delegation on setuid files being opened for write (Jeff Layton) - NFSD: fix leaked reference count of nfsd4_ssc_umount_item (Dai Ngo) - nfsd: clean up potential nfsd_file refcount leaks in COPY codepath (Jeff Layton) - nfsd: allow nfsd_file_get to sanely handle a NULL pointer (Jeff Layton) - NFSD: enhance inter-server copy cleanup (Dai Ngo) - nfsd: don't destroy global nfs4_file table in per-net shutdown (Jeff Layton) - nfsd: don't free files unconditionally in __nfsd_file_cache_purge (Jeff Layton) - NFSD: replace delayed_work with work_struct for nfsd_client_shrinker (Dai Ngo) - NFSD: register/unregister of nfsd-client shrinker at nfsd startup/shutdown time (Dai Ngo) - NFSD: Use set_bit(RQ_DROPME) (Chuck Lever) - Revert 'SUNRPC: Use RMW bitops in single-threaded hot paths' (Chuck Lever) - nfsd: fix handling of cached open files in nfsd4_open codepath (Jeff Layton) - nfsd: rework refcounting in filecache (Jeff Layton) - NFSD: Avoid clashing function prototypes (Kees Cook) - NFSD: Use only RQ_DROPME to signal the need to drop a reply (Chuck Lever) - NFSD: add CB_RECALL_ANY tracepoints (Dai Ngo) - NFSD: add delegation reaper to react to low memory condition (Dai Ngo) - NFSD: add support for sending CB_RECALL_ANY (Dai Ngo) - NFSD: refactoring courtesy_client_reaper to a generic low memory shrinker (Dai Ngo) - trace: Relocate event helper files (Chuck Lever) - lockd: fix file selection in nlmsvc_cancel_blocked (Jeff Layton) - lockd: ensure we use the correct file descriptor when unlocking (Jeff Layton) - lockd: set missing fl_flags field when retrieving args (Jeff Layton) - NFSD: Use struct_size() helper in alloc_session() (Xiu Jianfeng) - nfsd: return error if nfs4_setacl fails (Jeff Layton) - NFSD: Add an nfsd_file_fsync tracepoint (Chuck Lever) - nfsd: fix up the filecache laundrette scheduling (Jeff Layton) - filelock: add a new locks_inode_context accessor function (Jeff Layton) - nfsd: reorganize filecache.c (Jeff Layton) - nfsd: remove the pages_flushed statistic from filecache (Jeff Layton) - NFSD: Fix licensing header in filecache.c (Chuck Lever) - NFSD: Use rhashtable for managing nfs4_file objects (Chuck Lever) - NFSD: Refactor find_file() (Chuck Lever) - NFSD: Clean up find_or_add_file() (Chuck Lever) - NFSD: Add a nfsd4_file_hash_remove() helper (Chuck Lever) - NFSD: Clean up nfsd4_init_file() (Chuck Lever) - NFSD: Update file_hashtbl() helpers (Chuck Lever) - NFSD: Use const pointers as parameters to fh_ helpers (Chuck Lever) - NFSD: Trace delegation revocations (Chuck Lever) - NFSD: Trace stateids returned via DELEGRETURN (Chuck Lever) - NFSD: Clean up nfs4_preprocess_stateid_op() call sites (Chuck Lever) - NFSD: Flesh out a documenting comment for filecache.c (Chuck Lever) - NFSD: Add an NFSD_FILE_GC flag to enable nfsd_file garbage collection (Chuck Lever) - NFSD: Revert 'NFSD: NFSv4 CLOSE should release an nfsd_file immediately' (Chuck Lever) - NFSD: Pass the target nfsd_file to nfsd_commit() (Chuck Lever) - exportfs: use pr_debug for unreachable debug statements (David Disseldorp) - nfsd: allow disabling NFSv2 at compile time (Jeff Layton) - nfsd: move nfserrno() to vfs.c (Jeff Layton) - nfsd: ignore requests to disable unsupported versions (Jeff Layton) - NFSD: Finish converting the NFSv3 GETACL result encoder (Chuck Lever) - NFSD: Remove redundant assignment to variable host_err (Colin Ian King) - NFSD: Simplify READ_PLUS (Anna Schumaker) - nfsd: use locks_inode_context helper (Jeff Layton) - lockd: use locks_inode_context helper (Jeff Layton) - NFSD: Fix reads with a non-zero offset that don't end on a page boundary (Chuck Lever) - NFSD: Fix trace_nfsd_fh_verify_err() crasher (Chuck Lever) - nfsd: put the export reference in nfsd4_verify_deleg_dentry (Jeff Layton) - nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint (Jeff Layton) - nfsd: fix net-namespace logic in __nfsd_file_cache_purge (Jeff Layton) - nfsd: ensure we always call fh_verify_error tracepoint (Jeff Layton) - NFSD: unregister shrinker when nfsd_init_net() fails (Tetsuo Handa) - nfsd: rework hashtable handling in nfsd_do_file_acquire (Jeff Layton) - nfsd: fix nfsd_file_unhash_and_dispose (Jeff Layton) - fanotify: Remove obsoleted fanotify_event_has_path() (Gaosheng Cui) - fsnotify: remove unused declaration (Gaosheng Cui) - fs/notify: constify path (Al Viro) - nfsd: extra checks when freeing delegation stateids (Jeff Layton) - nfsd: make nfsd4_run_cb a bool return function (Jeff Layton) - nfsd: fix comments about spinlock handling with delegations (Jeff Layton) - nfsd: only fill out return pointer on success in nfsd4_lookup_stateid (Jeff Layton) - NFSD: Cap rsize_bop result based on send buffer size (Chuck Lever) - NFSD: Rename the fields in copy_stateid_t (Chuck Lever) - nfsd: use DEFINE_SHOW_ATTRIBUTE to define nfsd_file_cache_stats_fops (ChenXiaoSong) - nfsd: use DEFINE_SHOW_ATTRIBUTE to define nfsd_reply_cache_stats_fops (ChenXiaoSong) - nfsd: use DEFINE_SHOW_ATTRIBUTE to define client_info_fops (ChenXiaoSong) - nfsd: use DEFINE_SHOW_ATTRIBUTE to define export_features_fops and supported_enctypes_fops (ChenXiaoSong) - nfsd: use DEFINE_PROC_SHOW_ATTRIBUTE to define nfsd_proc_ops (ChenXiaoSong) - NFSD: Pack struct nfsd4_compoundres (Chuck Lever) - NFSD: Remove unused nfsd4_compoundargs::cachetype field (Chuck Lever) - NFSD: Remove 'inline' directives on op_rsize_bop helpers (Chuck Lever) - NFSD: Clean up nfs4svc_encode_compoundres() (Chuck Lever) - NFSD: Clean up WRITE arg decoders (Chuck Lever) - NFSD: Use xdr_inline_decode() to decode NFSv3 symlinks (Chuck Lever) - NFSD: Refactor common code out of dirlist helpers (Chuck Lever) - NFSD: Reduce amount of struct nfsd4_compoundargs that needs clearing (Chuck Lever) - SUNRPC: Parametrize how much of argsize should be zeroed (Chuck Lever) - NFSD: add shrinker to reap courtesy clients on low memory condition (Dai Ngo) - NFSD: keep track of the number of courtesy clients in the system (Dai Ngo) - NFSD: Make nfsd4_remove() wait before returning NFS4ERR_DELAY (Chuck Lever) - NFSD: Make nfsd4_rename() wait before returning NFS4ERR_DELAY (Chuck Lever) - NFSD: Make nfsd4_setattr() wait before returning NFS4ERR_DELAY (Chuck Lever) - NFSD: Refactor nfsd_setattr() (Chuck Lever) - NFSD: Add a mechanism to wait for a DELEGRETURN (Chuck Lever) - NFSD: Add tracepoints to report NFSv4 callback completions (Chuck Lever) - NFSD: Trace NFSv4 COMPOUND tags (Chuck Lever) - NFSD: Replace dprintk() call site in fh_verify() (Chuck Lever) - nfsd: remove nfsd4_prepare_cb_recall() declaration (Gaosheng Cui) - nfsd: clean up mounted_on_fileid handling (Jeff Layton) - NFSD: drop fname and flen args from nfsd_create_locked() (NeilBrown) - NFSD: Increase NFSD_MAX_OPS_PER_COMPOUND (Chuck Lever) - nfsd: Propagate some error code returned by memdup_user() (Christophe JAILLET) - nfsd: Avoid some useless tests (Christophe JAILLET) - NFSD: remove redundant variable status (Jinpeng Cui) - NFSD enforce filehandle check for source file in COPY (Olga Kornievskaia) - lockd: move from strlcpy with unused retval to strscpy (Wolfram Sang) - NFSD: move from strlcpy with unused retval to strscpy (Wolfram Sang) - nfsd_splice_actor(): handle compound pages (Al Viro) - NFSD: fix regression with setting ACLs. (NeilBrown) - NFSD: discard fh_locked flag and fh_lock/fh_unlock (NeilBrown) - NFSD: use (un)lock_inode instead of fh_(un)lock for file operations (NeilBrown) - NFSD: use explicit lock/unlock for directory ops (NeilBrown) - NFSD: reduce locking in nfsd_lookup() (NeilBrown) - NFSD: only call fh_unlock() once in nfsd_link() (NeilBrown) - NFSD: always drop directory lock in nfsd_unlink() (NeilBrown) - NFSD: change nfsd_create()/nfsd_symlink() to unlock directory before returning. (NeilBrown) - NFSD: add posix ACLs to struct nfsd_attrs (NeilBrown) - NFSD: add security label to struct nfsd_attrs (NeilBrown) - NFSD: set attributes when creating symlinks (NeilBrown) - NFSD: introduce struct nfsd_attrs (NeilBrown) - NFSD: verify the opened dentry after setting a delegation (Jeff Layton) - NFSD: drop fh argument from alloc_init_deleg (Jeff Layton) - NFSD: Move copy offload callback arguments into a separate structure (Chuck Lever) - NFSD: Add nfsd4_send_cb_offload() (Chuck Lever) - NFSD: Remove kmalloc from nfsd4_do_async_copy() (Chuck Lever) - NFSD: Refactor nfsd4_do_copy() (Chuck Lever) - NFSD: Refactor nfsd4_cleanup_inter_ssc() (2/2) (Chuck Lever) - NFSD: Refactor nfsd4_cleanup_inter_ssc() (1/2) (Chuck Lever) - NFSD: Replace boolean fields in struct nfsd4_copy (Chuck Lever) - NFSD: Make nfs4_put_copy() static (Chuck Lever) - NFSD: Reorder the fields in struct nfsd4_op (Chuck Lever) - NFSD: Shrink size of struct nfsd4_copy (Chuck Lever) - NFSD: Shrink size of struct nfsd4_copy_notify (Chuck Lever) - NFSD: nfserrno(-ENOMEM) is nfserr_jukebox (Chuck Lever) - NFSD: Fix strncpy() fortify warning (Chuck Lever) - NFSD: Clean up nfsd4_encode_readlink() (Chuck Lever) - NFSD: Use xdr_pad_size() (Chuck Lever) - NFSD: Simplify starting_len (Chuck Lever) - NFSD: Optimize nfsd4_encode_readv() (Chuck Lever) - NFSD: Add an nfsd4_read::rd_eof field (Chuck Lever) - NFSD: Clean up SPLICE_OK in nfsd4_encode_read() (Chuck Lever) - NFSD: Optimize nfsd4_encode_fattr() (Chuck Lever) - NFSD: Optimize nfsd4_encode_operation() (Chuck Lever) - nfsd: silence extraneous printk on nfsd.ko insertion (Jeff Layton) - NFSD: limit the number of v4 clients to 1024 per 1GB of system memory (Dai Ngo) - NFSD: keep track of the number of v4 clients in the system (Dai Ngo) - NFSD: refactoring v4 specific code to a helper in nfs4state.c (Dai Ngo) - NFSD: Ensure nf_inode is never dereferenced (Chuck Lever) - NFSD: NFSv4 CLOSE should release an nfsd_file immediately (Chuck Lever) - NFSD: Move nfsd_file_trace_alloc() tracepoint (Chuck Lever) - NFSD: Separate tracepoints for acquire and create (Chuck Lever) - NFSD: Clean up unused code after rhashtable conversion (Chuck Lever) - NFSD: Convert the filecache to use rhashtable (Chuck Lever) - NFSD: Set up an rhashtable for the filecache (Chuck Lever) - NFSD: Replace the 'init once' mechanism (Chuck Lever) - NFSD: Remove nfsd_file::nf_hashval (Chuck Lever) - NFSD: nfsd_file_hash_remove can compute hashval (Chuck Lever) - NFSD: Refactor __nfsd_file_close_inode() (Chuck Lever) - NFSD: nfsd_file_unhash can compute hashval from nf->nf_inode (Chuck Lever) - NFSD: Remove lockdep assertion from unhash_and_release_locked() (Chuck Lever) - NFSD: No longer record nf_hashval in the trace log (Chuck Lever) - NFSD: Never call nfsd_file_gc() in foreground paths (Chuck Lever) - NFSD: Fix the filecache LRU shrinker (Chuck Lever) - NFSD: Leave open files out of the filecache LRU (Chuck Lever) - NFSD: Trace filecache LRU activity (Chuck Lever) - NFSD: WARN when freeing an item still linked via nf_lru (Chuck Lever) - NFSD: Hook up the filecache stat file (Chuck Lever) - NFSD: Zero counters when the filecache is re-initialized (Chuck Lever) - NFSD: Record number of flush calls (Chuck Lever) - NFSD: Report the number of items evicted by the LRU walk (Chuck Lever) - NFSD: Refactor nfsd_file_lru_scan() (Chuck Lever) - NFSD: Refactor nfsd_file_gc() (Chuck Lever) - NFSD: Add nfsd_file_lru_dispose_list() helper (Chuck Lever) - NFSD: Report average age of filecache items (Chuck Lever) - NFSD: Report count of freed filecache items (Chuck Lever) - NFSD: Report count of calls to nfsd_file_acquire() (Chuck Lever) - NFSD: Report filecache LRU size (Chuck Lever) - NFSD: Demote a WARN to a pr_warn() (Chuck Lever) - nfsd: remove redundant assignment to variable len (Colin Ian King) - NFSD: Fix space and spelling mistake (Zhang Jiaming) - NFSD: Instrument fh_verify() (Chuck Lever) - NLM: Defend against file_lock changes after vfs_test_lock() (Benjamin Coddington) - fsnotify: Fix comment typo (Xin Gao) - fanotify: introduce FAN_MARK_IGNORE (Amir Goldstein) - fanotify: cleanups for fanotify_mark() input validations (Amir Goldstein) - fanotify: prepare for setting event flags in ignore mask (Amir Goldstein) - fs: inotify: Fix typo in inotify comment (Oliver Ford) - NFSD: Decode NFSv4 birth time attribute (Chuck Lever) - fanotify: refine the validation checks on non-dir inode mask (Amir Goldstein) - NFS: restore module put when manager exits. (NeilBrown) - NFSD: Fix potential use-after-free in nfsd_file_put() (Chuck Lever) - NFSD: nfsd_file_put() can sleep (Chuck Lever) - NFSD: Add documenting comment for nfsd4_release_lockowner() (Chuck Lever) - NFSD: Modernize nfsd4_release_lockowner() (Chuck Lever) - nfsd: Fix null-ptr-deref in nfsd_fill_super() (Zhang Xiaoxu) - nfsd: Unregister the cld notifier when laundry_wq create failed (Zhang Xiaoxu) - SUNRPC: Use RMW bitops in single-threaded hot paths (Chuck Lever) - NFSD: Trace filecache opens (Chuck Lever) - NFSD: Move documenting comment for nfsd4_process_open2() (Chuck Lever) - NFSD: Fix whitespace (Chuck Lever) - NFSD: Remove dprintk call sites from tail of nfsd4_open() (Chuck Lever) - NFSD: Instantiate a struct file when creating a regular NFSv4 file (Chuck Lever) - NFSD: Clean up nfsd_open_verified() (Chuck Lever) - NFSD: Remove do_nfsd_create() (Chuck Lever) - NFSD: Refactor NFSv4 OPEN(CREATE) (Chuck Lever) - NFSD: Refactor NFSv3 CREATE (Chuck Lever) - NFSD: Refactor nfsd_create_setattr() (Chuck Lever) - NFSD: Avoid calling fh_drop_write() twice in do_nfsd_create() (Chuck Lever) - NFSD: Clean up nfsd3_proc_create() (Chuck Lever) - NFSD: Show state of courtesy client in client info (Dai Ngo) - NFSD: add support for lock conflict to courteous server (Dai Ngo) - fs/lock: add 2 callbacks to lock_manager_operations to resolve conflict (Dai Ngo) - fs/lock: add helper locks_owner_has_blockers to check for blockers (Dai Ngo) - NFSD: move create/destroy of laundry_wq to init_nfsd and exit_nfsd (Dai Ngo) - NFSD: add support for share reservation conflict to courteous server (Dai Ngo) - NFSD: add courteous server support for thread with only delegation (Dai Ngo) - NFSD: Clean up nfsd_splice_actor() (Chuck Lever) - fanotify: fix incorrect fmode_t casts (Vasily Averin) - fsnotify: consistent behavior for parent not watching children (Amir Goldstein) - fsnotify: introduce mark type iterator (Amir Goldstein) - fanotify: enable 'evictable' inode marks (Amir Goldstein) - fanotify: use fsnotify group lock helpers (Amir Goldstein) - fanotify: implement 'evictable' inode marks (Amir Goldstein) - fanotify: factor out helper fanotify_mark_update_flags() (Amir Goldstein) - fanotify: create helper fanotify_mark_user_flags() (Amir Goldstein) - fsnotify: allow adding an inode mark without pinning inode (Amir Goldstein) - dnotify: use fsnotify group lock helpers (Amir Goldstein) - nfsd: use fsnotify group lock helpers (Amir Goldstein) - inotify: use fsnotify group lock helpers (Amir Goldstein) - fsnotify: create helpers for group mark_mutex lock (Amir Goldstein) - fsnotify: make allow_dups a property of the group (Amir Goldstein) - fsnotify: pass flags argument to fsnotify_alloc_group() (Amir Goldstein) - inotify: move control flags from mask to mark flags (Amir Goldstein) - fs/lock: documentation cleanup. Replace inode->i_lock with flc_lock. (Dai Ngo) - fanotify: do not allow setting dirent events in mask of non-dir (Amir Goldstein) - nfsd: Clean up nfsd_file_put() (Trond Myklebust) - nfsd: Fix a write performance regression (Trond Myklebust) - fsnotify: remove redundant parameter judgment (Bang Li) - fsnotify: optimize FS_MODIFY events with no ignored masks (Amir Goldstein) - fsnotify: fix merge with parent's ignored mask (Amir Goldstein) - nfsd: fix using the correct variable for sizeof() (Jakob Koschel) - NFSD: Clean up _lm_ operation names (Chuck Lever) - NFSD: Remove CONFIG_NFSD_V3 (Chuck Lever) - NFSD: Move svc_serv_ops::svo_function into struct svc_serv (Chuck Lever) - NFSD: Remove svc_serv_ops::svo_module (Chuck Lever) - SUNRPC: Remove svc_shutdown_net() (Chuck Lever) - SUNRPC: Rename svc_close_xprt() (Chuck Lever) - SUNRPC: Rename svc_create_xprt() (Chuck Lever) - SUNRPC: Remove svo_shutdown method (Chuck Lever) - SUNRPC: Merge svc_do_enqueue_xprt() into svc_enqueue_xprt() (Chuck Lever) - SUNRPC: Remove the .svo_enqueue_xprt method (Chuck Lever) - NFSD: Remove NFSD_PROC_ARGS_* macros (Chuck Lever) - NFSD: Streamline the rare 'found' case (Chuck Lever) - NFSD: Skip extra computation for RC_NOCACHE case (Chuck Lever) - orDate: Thu Sep 30 19:19:57 2021 -0400 (Chuck Lever) - nfsd: Add support for the birth time attribute (Ondrej Valousek) - NFSD: Deprecate NFS_OFFSET_MAX (Chuck Lever) - fsnotify: invalidate dcache before IN_DELETE event (Amir Goldstein) - NFSD: Move fill_pre_wcc() and fill_post_wcc() (Chuck Lever) - NFSD: Trace boot verifier resets (Chuck Lever) - NFSD: Rename boot verifier functions (Chuck Lever) - NFSD: Clean up the nfsd_net::nfssvc_boot field (Chuck Lever) - NFSD: Write verifier might go backwards (Chuck Lever) - nfsd: Add a tracepoint for errors in nfsd4_clone_file_range() (Trond Myklebust) - NFSD: De-duplicate net_generic(SVC_NET(rqstp), nfsd_net_id) (Chuck Lever) - NFSD: Clean up nfsd_vfs_write() (Chuck Lever) - nfsd: Retry once in nfsd_open on an -EOPENSTALE return (Jeff Layton) - nfsd: Add errno mapping for EREMOTEIO (Jeff Layton) - nfsd: map EBADF (Peng Tao) - nfsd4: add refcount for nfsd4_blocked_lock (Vasily Averin) - nfs: block notification on fs with its own ->lock (J. Bruce Fields) - NFSD: De-duplicate nfsd4_decode_bitmap4() (Chuck Lever) - nfsd: improve stateid access bitmask documentation (J. Bruce Fields) - NFSD: Combine XDR error tracepoints (Chuck Lever) - NFSD: simplify per-net file cache management (NeilBrown) - NFSD: Fix inconsistent indenting (Jiapeng Chong) - NFSD: Remove be32_to_cpu() from DRC hash function (Chuck Lever) - NFS: switch the callback service back to non-pooled. (NeilBrown) - lockd: use svc_set_num_threads() for thread start and stop (NeilBrown) - SUNRPC: always treat sv_nrpools==1 as 'not pooled' (NeilBrown) - SUNRPC: move the pool_map definitions (back) into svc.c (NeilBrown) - lockd: rename lockd_create_svc() to lockd_get() (NeilBrown) - lockd: introduce lockd_put() (NeilBrown) - lockd: move svc_exit_thread() into the thread (NeilBrown) - lockd: move lockd_start_svc() call into lockd_create_svc() (NeilBrown) - lockd: simplify management of network status notifiers (NeilBrown) - lockd: introduce nlmsvc_serv (NeilBrown) - NFSD: simplify locking for network notifier. (NeilBrown) - SUNRPC: discard svo_setup and rename svc_set_num_threads_sync() (NeilBrown) - NFSD: Make it possible to use svc_set_num_threads_sync (NeilBrown) - NFSD: narrow nfsd_mutex protection in nfsd thread (NeilBrown) - SUNRPC: use sv_lock to protect updates to sv_nrthreads. (NeilBrown) - nfsd: make nfsd_stats.th_cnt atomic_t (NeilBrown) - SUNRPC: stop using ->sv_nrthreads as a refcount (NeilBrown) - SUNRPC/NFSD: clean up get/put functions. (NeilBrown) - SUNRPC: change svc_get() to return the svc. (NeilBrown) - NFSD: handle errors better in write_ports_addfd() (NeilBrown) - exit: Rename module_put_and_exit to module_put_and_kthread_exit (Eric W. Biederman) - exit: Implement kthread_exit (Eric W. Biederman) - fanotify: wire up FAN_RENAME event (Amir Goldstein) - fanotify: report old and/or new parent+name in FAN_RENAME event (Amir Goldstein) - fanotify: record either old name new name or both for FAN_RENAME (Amir Goldstein) - fanotify: record old and new parent and name in FAN_RENAME event (Amir Goldstein) - fanotify: support secondary dir fh and name in fanotify_info (Amir Goldstein) - fanotify: use helpers to parcel fanotify_info buffer (Amir Goldstein) - fanotify: use macros to get the offset to fanotify_info buffer (Amir Goldstein) - fsnotify: generate FS_RENAME event with rich information (Amir Goldstein) - fanotify: introduce group flag FAN_REPORT_TARGET_FID (Amir Goldstein) - fsnotify: separate mark iterator type from object type enum (Amir Goldstein) - fsnotify: clarify object type argument (Amir Goldstein) - ext4: fix error code saved on super block during file system abort (Gabriel Krisman Bertazi) - nfsd4: remove obselete comment (J. Bruce Fields) - NFSD:fix boolreturn.cocci warning (Changcheng Deng) - nfsd: update create verifier comment (J. Bruce Fields) - SUNRPC: Change return value type of .pc_encode (Chuck Lever) - SUNRPC: Replace the '__be32 *p' parameter to .pc_encode (Chuck Lever) - NFSD: Save location of NFSv4 COMPOUND status (Chuck Lever) - SUNRPC: Change return value type of .pc_decode (Chuck Lever) - SUNRPC: Replace the '__be32 *p' parameter to .pc_decode (Chuck Lever) - NFSD: Initialize pointer ni with NULL and not plain integer 0 (Colin Ian King) - NFSD: simplify struct nfsfh (NeilBrown) - NFSD: drop support for ancient filehandles (NeilBrown) - NFSD: move filehandle format declarations out of 'uapi'. (NeilBrown) - NFSD: Optimize DRC bucket pruning (Chuck Lever) - NFS: Move NFS protocol display macros to global header (Chuck Lever) - NFS: Move generic FS show macros to global header (Chuck Lever) - SUNRPC: Tracepoints should display tk_pid and cl_clid as a fixed-size field (Chuck Lever) - NFS: Remove unnecessary TRACE_DEFINE_ENUM()s (Chuck Lever) - docs: Document the FAN_FS_ERROR event (Gabriel Krisman Bertazi) - ext4: Send notifications on error (Gabriel Krisman Bertazi) - fanotify: Allow users to request FAN_FS_ERROR events (Gabriel Krisman Bertazi) - fanotify: Emit generic error info for error event (Gabriel Krisman Bertazi) - fanotify: Report fid info for file related file system errors (Gabriel Krisman Bertazi) - fanotify: WARN_ON against too large file handles (Gabriel Krisman Bertazi) - fanotify: Add helpers to decide whether to report FID/DFID (Gabriel Krisman Bertazi) - fanotify: Wrap object_fh inline space in a creator macro (Gabriel Krisman Bertazi) - fanotify: Support merging of error events (Gabriel Krisman Bertazi) - fanotify: Support enqueueing of error events (Gabriel Krisman Bertazi) - fanotify: Pre-allocate pool of error events (Gabriel Krisman Bertazi) - fanotify: Reserve UAPI bits for FAN_FS_ERROR (Gabriel Krisman Bertazi) - fsnotify: Support FS_ERROR event type (Gabriel Krisman Bertazi) - fanotify: Require fid_mode for any non-fd event (Gabriel Krisman Bertazi) - fanotify: Encode empty file handle when no inode is provided (Gabriel Krisman Bertazi) - fanotify: Allow file handle encoding for unhashed events (Gabriel Krisman Bertazi) - fanotify: Support null inode event in fanotify_dfid_inode (Gabriel Krisman Bertazi) - fsnotify: Pass group argument to free_event (Gabriel Krisman Bertazi) - fsnotify: Protect fsnotify_handle_inode_event from no-inode events (Gabriel Krisman Bertazi) - fsnotify: Retrieve super block from the data field (Gabriel Krisman Bertazi) - fsnotify: Add wrapper around fsnotify_add_event (Gabriel Krisman Bertazi) - fsnotify: Add helper to detect overflow_event (Gabriel Krisman Bertazi) - inotify: Don't force FS_IN_IGNORED (Gabriel Krisman Bertazi) - fanotify: Split fsid check from other fid mode checks (Gabriel Krisman Bertazi) - fanotify: Fold event size calculation to its own function (Gabriel Krisman Bertazi) - fsnotify: Don't insert unmergeable events in hashtable (Gabriel Krisman Bertazi) - fsnotify: clarify contract for create event hooks (Amir Goldstein) - fsnotify: pass dentry instead of inode data (Amir Goldstein) - fsnotify: pass data_type to fsnotify_name() (Amir Goldstein) - x86/static_call: Add support for Jcc tail-calls (Peter Zijlstra) {CVE-2022-29901} {CVE-2022-23816} - x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 instructions (Peter Zijlstra) - x86/alternatives: Introduce int3_emulate_jcc() (Peter Zijlstra) - x86/asm: Differentiate between code and function alignment (Thomas Gleixner) - arch: Introduce CONFIG_FUNCTION_ALIGNMENT (Peter Zijlstra) - KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests (Pawan Gupta) - x86/rfds: Mitigate Register File Data Sampling (RFDS) (Pawan Gupta) - Documentation/hw-vuln: Add documentation for RFDS (Pawan Gupta) - x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set (Pawan Gupta) - KVM/VMX: Move VERW closer to VMentry for MDS mitigation (Pawan Gupta) - KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (Sean Christopherson) - x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (Pawan Gupta) - x86/entry_32: Add VERW just before userspace transition (Pawan Gupta) - x86/entry_64: Add VERW just before userspace transition (Pawan Gupta) - x86/bugs: Add asm helpers for executing VERW (Pawan Gupta) - x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (H. Peter Anvin (Intel)) - KVM: arm64: Limit stage2_apply_range() batch size to largest block (Oliver Upton) - KVM: arm64: Work out supported block level at compile time (Oliver Upton) - tty: serial: imx: Fix broken RS485 (Rickard x Andersson) - printk: Update @console_may_schedule in console_trylock_spinning() (John Ogness) - iommu/dma: Force swiotlb_max_mapping_size on an untrusted device (Nicolin Chen) - dma-iommu: add iommu_dma_opt_mapping_size() (John Garry) - dma-mapping: add dma_opt_mapping_size() (John Garry) - swiotlb: Fix alignment checks when both allocation and DMA masks are present (Will Deacon) - minmax: add umin(a, b) and umax(a, b) (David Laight) - entry: Respect changes to system call number by trace_sys_enter() (Andre Rosti) - clocksource/drivers/arm_global_timer: Fix maximum prescaler value (Martin Blumenstingl) - ACPI: CPPC: Use access_width over bit_width for system memory accesses (Jarred White) - xen/events: close evtchn after mapping cleanup (Maximilian Heyne) - i2c: i801: Avoid potential double call to gpiod_remove_lookup_table (Heiner Kallweit) - tee: optee: Fix kernel panic caused by incorrect error handling (Sumit Garg) - vt: fix unicode buffer corruption when deleting characters (Nicolas Pitre) - mei: me: add arrow lake point H DID (Alexander Usyskin) - mei: me: add arrow lake point S DID (Alexander Usyskin) - tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled (Sherry Sun) - usb: port: Don't try to peer unused USB ports based on location (Mathias Nyman) - usb: gadget: ncm: Fix handling of zero block length packets (Krishna Kurapati) - USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command (Alan Stern) - ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform (Kailang Yang) - drm/i915: Check before removing mm notifier (Nirmoy Das) - tracing: Use .flush() call to wake up readers (Steven Rostedt (Google)) - KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() (Sean Christopherson) - xfrm: Avoid clang fortify warning in copy_to_user_tmpl() (Nathan Chancellor) - netfilter: nf_tables: reject constant set with timeout (Pablo Neira Ayuso) - netfilter: nf_tables: disallow anonymous set with timeout flag (Pablo Neira Ayuso) - netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (Pablo Neira Ayuso) - cpufreq: brcmstb-avs-cpufreq: fix up 'add check for cpufreq_cpu_get's return value' (Greg Kroah-Hartman) - net: ravb: Add R-Car Gen4 support (Geert Uytterhoeven) - x86/pm: Work around false positive kmemleak report in msr_build_context() (Anton Altaparmakov) - dm snapshot: fix lockup in dm_exception_table_exit (Mikulas Patocka) - drm/amd/display: Fix noise issue on HDMI AV mute (Leo Ma) - drm/amd/display: Return the correct HDCP error code (Rodrigo Siqueira) - drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag (Philip Yang) - ahci: asm1064: asm1166: don't limit reported ports (Conrad Kostecki) - ahci: asm1064: correct count of reported ports (Andrey Jr. Melnikov) - wireguard: netlink: access device through ctx instead of peer (Jason A. Donenfeld) - wireguard: netlink: check for dangling peer via is_dead instead of empty list (Jason A. Donenfeld) - net: hns3: tracing: fix hclgevf trace event strings (Steven Rostedt (Google)) - NFSD: Fix nfsd_clid_class use of __string_len() macro (Steven Rostedt (Google)) - x86/CPU/AMD: Update the Zenbleed microcode revisions (Borislav Petkov (AMD)) - cpufreq: dt: always allocate zeroed cpumask (Marek Szyprowski) - nilfs2: prevent kernel bug at submit_bh_wbc() (Ryusuke Konishi) - nilfs2: fix failure to detect DAT corruption in btree and direct mappings (Ryusuke Konishi) - memtest: use {READ,WRITE}_ONCE in memory scanning (Qiang Zhang) - drm/vc4: hdmi: do not return negative values from .get_modes() (Jani Nikula) - drm/imx/ipuv3: do not return negative values from .get_modes() (Jani Nikula) - drm/exynos: do not return negative values from .get_modes() (Jani Nikula) - drm/panel: do not return negative error codes from drm_panel_get_modes() (Jani Nikula) - s390/zcrypt: fix reference counting on zcrypt card objects (Harald Freudenberger) - soc: fsl: qbman: Use raw spinlock for cgr_lock (Sean Anderson) - soc: fsl: qbman: Add CGR update function (Sean Anderson) - soc: fsl: qbman: Add helper for sanity checking cgr ops (Sean Anderson) - soc: fsl: qbman: Always disable interrupts when taking cgr_lock (Sean Anderson) - ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() (Steven Rostedt (Google)) - ring-buffer: Fix full_waiters_pending in poll (Steven Rostedt (Google)) - ring-buffer: Fix resetting of shortest_full (Steven Rostedt (Google)) - ring-buffer: Do not set shortest_full when full target is hit (Steven Rostedt (Google)) - ring-buffer: Fix waking up ring buffer readers (Steven Rostedt (Google)) - ring-buffer: Update 'shortest_full' in polling (Steven Rostedt (Google)) - tracing/ring-buffer: Have polling block on watermark (Steven Rostedt (Google)) - ksmbd: retrieve number of blocks using vfs_getattr in set_file_allocation_info (Marios Makassikis) - vfio/platform: Disable virqfds on cleanup (Alex Williamson) - PCI: dwc: endpoint: Fix advertised resizable BAR size (Niklas Cassel) - kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 (Nathan Chancellor) - nfs: fix UAF in direct writes (Josef Bacik) - PCI/AER: Block runtime suspend when handling errors (Stanislaw Gruszka) - speakup: Fix 8bit characters from direct synth (Samuel Thibault) - usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic (Wayne Chang) - phy: tegra: xusb: Add API to retrieve the port number of phy (Wayne Chang) - slimbus: core: Remove usage of the deprecated ida_simple_xx() API (Christophe JAILLET) - nvmem: meson-efuse: fix function pointer type mismatch (Jerome Brunet) - hwmon: (amc6821) add of_match table (Josua Mayer) - landlock: Warn once if a Landlock action is requested while disabled (Mickael Salaun) - drm/etnaviv: Restore some id values (Christian Gmeiner) - mm: swap: fix race between free_swap_and_cache() and swapoff() (Ryan Roberts) - swap: comments get_swap_device() with usage rule (Huang Ying) - mac802154: fix llsec key resources release in mac802154_llsec_key_del (Fedor Pchelkin) - dm-raid: fix lockdep waring in 'pers->hot_add_disk' (Yu Kuai) - PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports (Paul Menzel) - PCI/DPC: Quirk PIO log size for certain Intel Root Ports (Mika Westerberg) - PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited (Mika Westerberg) - PCI/PM: Drain runtime-idle callbacks before driver removal (Rafael J. Wysocki) - PCI: Drop pci_device_remove() test of pci_dev->driver (Uwe Kleine-Konig) - btrfs: fix off-by-one chunk length calculation at contains_pending_extent() (Filipe Manana) - serial: Lock console when calling into driver before registration (Peter Collingbourne) - printk/console: Split out code that enables default console (Petr Mladek) - usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros (Jameson Thies) - fuse: don't unhash root (Miklos Szeredi) - fuse: fix root lookup with nonzero generation (Miklos Szeredi) - mmc: tmio: avoid concurrent runs of mmc_request_done() (Wolfram Sang) - PM: sleep: wakeirq: fix wake irq warning in system suspend (Qingliang Li) - USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M (Toru Katagiri) - USB: serial: option: add MeiG Smart SLM320 product (Aurelien Jacobs) - USB: serial: cp210x: add ID for MGP Instruments PDS100 (Christian Haggstrom) - USB: serial: add device ID for VeriFone adapter (Cameron Williams) - USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB (Daniel Vogelbacher) - powerpc/fsl: Fix mfpmr build errors with newer binutils (Michael Ellerman) - usb: xhci: Add error handling in xhci_map_urb_for_dma (Prashanth K) - clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays (Gabor Juhos) - clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays (Gabor Juhos) - clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays (Gabor Juhos) - clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays (Gabor Juhos) - PM: suspend: Set mem_sleep_current during kernel command line setup (Maulik Shah) - parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds (Guenter Roeck) - parisc: Fix csum_ipv6_magic on 64-bit systems (Guenter Roeck) - parisc: Fix csum_ipv6_magic on 32-bit systems (Guenter Roeck) - parisc: Fix ip_fast_csum (Guenter Roeck) - parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros (John David Anglin) - mtd: rawnand: meson: fix scrambling mode value in command macro (Arseniy Krasnov) - ubi: correct the calculation of fastmap size (Zhang Yi) - ubi: Check for too small LEB size in VTBL code (Richard Weinberger) - ubifs: Set page uptodate in the correct place (Matthew Wilcox (Oracle)) - fat: fix uninitialized field in nostale filehandles (Jan Kara) - bounds: support non-power-of-two CONFIG_NR_CPUS (Matthew Wilcox (Oracle)) - kasan/test: avoid gcc warning for intentional overflow (Arnd Bergmann) - kasan: test: add memcpy test that avoids out-of-bounds write (Peter Collingbourne) - block: Clear zone limits for a non-zoned stacked queue (Damien Le Moal) - ext4: correct best extent lstart adjustment logic (Baokun Li) - selftests/mqueue: Set timeout to 180 seconds (SeongJae Park) - crypto: qat - resolve race condition during AER recovery (Damian Muszynski) - sparc: vDSO: fix return value of __setup handler (Randy Dunlap) - sparc64: NMI watchdog: fix return value of __setup handler (Randy Dunlap) - KVM: Always flush async #PF workqueue when vCPU is being destroyed (Sean Christopherson) - media: xc4000: Fix atomicity violation in xc4000_get_frequency (Gui-Dong Han) - pci_iounmap(): Fix MMIO mapping leak (Philipp Stanner) - drm/vmwgfx: Fix possible null pointer derefence with invalid contexts (Zack Rusin) - arm: dts: marvell: Fix maxium->maxim typo in brownstone dts (Duje Mihanovic) - smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() (Roberto Sassu) - smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() (Roberto Sassu) - clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd (Amit Pundir) - media: staging: ipu3-imgu: Set fields before media_entity_pads_init() (Hidenori Kobayashi) - wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach (Zheng Wang) - timers: Use del_timer_sync() even on UP (Thomas Gleixner) - timers: Update kernel-doc for various functions (Thomas Gleixner) - Revert 'NFSD: add courteous server support for thread with only delegation' (Vijayendra Suman) - Revert 'NFSD: add support for share reservation conflict to courteous server' (Vijayendra Suman) - Revert 'NFSD: move create/destroy of laundry_wq to init_nfsd and exit_nfsd' (Vijayendra Suman) - Revert 'fs/lock: add helper locks_owner_has_blockers to check for blockers' (Vijayendra Suman) - Revert 'fs/lock: add 2 callbacks to lock_manager_operations to resolve conflict' (Vijayendra Suman) - Revert 'NFSD: Clean up _lm_ operation names' (Vijayendra Suman) - Revert 'NFSD: add support for lock conflict to courteous server' (Vijayendra Suman) - Revert 'NFSD: Show state of courtesy client in client info' (Vijayendra Suman) - Revert 'NFSD: refactoring v4 specific code to a helper in nfs4state.c' (Vijayendra Suman) - Revert 'NFSD: keep track of the number of v4 clients in the system' (Vijayendra Suman) - Revert 'NFSD: limit the number of v4 clients to 1024 per 1GB of system memory' (Vijayendra Suman) - Revert 'NFSD: keep track of the number of courtesy clients in the system' (Vijayendra Suman) - Revert 'NFSD: add shrinker to reap courtesy clients on low memory condition' (Vijayendra Suman) - Revert 'NFSD: unregister shrinker when nfsd_init_net() fails' (Vijayendra Suman) - Revert 'NFSD: refactoring courtesy_client_reaper to a generic low memory shrinker' (Vijayendra Suman) - Revert 'NFSD: register/unregister of nfsd-client shrinker at nfsd startup/shutdown time' (Vijayendra Suman) - igb: fix __free_irq warnings seen during module unload. (Imran Khan) [Orabug: 36612014] - RDS/IB: Remove incorrect clearing of RDS_IB_CQ_ERR in rds_ib_conn_path_shutdown_final() (Hans Westgaard Ry) [Orabug: 36610478] - block: fix io util% for exadata disk with 1 hw queue (Gulam Mohamed) [Orabug: 36589636] - Revert 'Consider inflight IO in io accounting for high latency devices' (Gulam Mohamed) [Orabug: 36589636] - kprobe/ftrace: bail out if ftrace was killed (Stephen Brennan) [Orabug: 36557721] - uek: kabi: Enable the size checks and fix broken APIs (Saeed Mirzamohammadi) [Orabug: 36545482] - uek: kabi: Introduce new APIs to check for size (Saeed Mirzamohammadi) [Orabug: 36545482] [5.15.0-207.153.1] - kallsyms: add kallsyms_seqs_of_names to list of special symbols (Arnd Bergmann) [Orabug: 36475635] - kallsyms: Reduce the memory occupied by kallsyms_seqs_of_names[] (Zhen Lei) [Orabug: 36475635] - kallsyms: Improve the performance of kallsyms_lookup_name() (Zhen Lei) [Orabug: 36475635] - RDMA/mlx5: Fix port number for counter query in multi-port configuration (Michael Guralnik) [Orabug: 36546028] - x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI (Josh Poimboeuf) [Orabug: 36584722] - x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (Josh Poimboeuf) [Orabug: 36584722] - x86/bugs: Clarify that syscall hardening isn't a BHI mitigation (Josh Poimboeuf) [Orabug: 36584722] - x86/bugs: Fix BHI handling of RRSBA (Josh Poimboeuf) [Orabug: 36584722] - x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' (Ingo Molnar) [Orabug: 36584722] - x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES (Josh Poimboeuf) [Orabug: 36584722] - x86/bugs: Fix BHI documentation (Josh Poimboeuf) [Orabug: 36584722] - x86/bugs: Fix return type of spectre_bhi_state() (Daniel Sneddon) [Orabug: 36584722] - x86/bhi: Update BHI mitigation (Alexandre Chartre) [Orabug: 36584722] - x86/syscall: Don't force use of indirect calls for system calls (Linus Torvalds) [Orabug: 36584722] - x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file (Josh Poimboeuf) [Orabug: 36584722] - cpufreq: intel_pstate: Add Emerald Rapids support in no-HWP mode (Zhenguo Yao) [Orabug: 36588243] - cpufreq: intel_pstate: Add Sapphire Rapids support in no-HWP mode (Giovanni Gherdovich) [Orabug: 36588243] - tools/power turbostat: Introduce support for EMR (Zhang Rui) [Orabug: 36588243] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2022-23816 CVE-2022-29901 cpe:/a:oracle:linux:8::UEKR7 cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:8::developer_UEKR7 cpe:/a:oracle:linux:9::UEKR7 cpe:/o:oracle:linux:9:4:baseos_patch cpe:/a:oracle:linux:9::developer_UEKR7 Oracle Linux 8 hivex libguestfs libguestfs-winsupport libiscsi libnbd libvirt [5.7.0-42] - Document CVEs as fixed (Karl Heubaum) {CVE-2023-2700} - Fix off-by-one error in udevListInterfacesByStatus (Martin Kletzander) [Orabug: 36364474] {CVE-2024-1441} - libvirt-<module>: Check caller-provided buffers to be NULL with size > 0 (Erik Skultety) [Orabug: 36364474] libvirt-dbus libvirt-python [5.7.0-42] - Bump version number to 5.7.0-42 to match libvirt (Karl Heubaum) nbdkit netcf perl-Sys-Virt qemu-kvm [4.2.1-34] - multifd: fix the multifd initialization (Elena Ufimtseva) [Orabug: 36598610] - hw/scsi/scsi-generic: Fix io_timeout property not applying (Lorenz Brun) [Orabug: 36604206] - scsi: make io_timeout configurable (Hannes Reinecke) [Orabug: 36604206] - target/i386/monitor: synchronize cpu state for lapic info (Dongli Zhang) [Orabug: 36607762] [4.2.1-32] - Document CVEs as fixed (Mark Kanda) [Orabug: 36455470] [Orabug: 36455480] [Orabug: 36455529] [Orabug: 36455489] [Orabug: 36455500] [Orabug: 36455512] [Orabug: 36455520] {CVE-2023-4135} {CVE-2023-3255} {CVE-2023-6683} {CVE-2023-40360} {CVE-2023-42467} {CVE-2024-26327} {CVE-2024-24474} - hw/pvrdma: Protect against buggy or malicious guest driver (Yuval Shaia) [Orabug: 35250119] {CVE-2023-1544} - hw/pflash_cfi01: allow smaller backing devices in postload_update_cb() (Mark Kanda) [Orabug: 36378764] - hw/block/pflash: Check return value of blk_pwrite() (Mansour Ahmadi) [Orabug: 36378764] - net: Update MemReentrancyGuard for NIC (Akihiko Odaki) [Orabug: 36421467] {CVE-2023-3019} - net: Provide MemReentrancyGuard * to qemu_new_nic() (Akihiko Odaki) [Orabug: 36421467] {CVE-2023-3019} - lsi53c895a: disable reentrancy detection for MMIO region, too (Thomas Huth) [Orabug: 36425307] {CVE-2021-3750} - memory: stricter checks prior to unsetting engaged_in_io (Alexander Bulekov) [Orabug: 36425307] {CVE-2021-3750} - async: avoid use-after-free on re-entrancy guard (Alexander Bulekov) [Orabug: 36425307] {CVE-2021-3750} - apic: disable reentrancy detection for apic-msi (Alexander Bulekov) [Orabug: 36425307] {CVE-2021-3750} - raven: disable reentrancy detection for iomem (Alexander Bulekov) [Orabug: 36425307] {CVE-2021-3750} - bcm2835_property: disable reentrancy detection for iomem (Alexander Bulekov) [Orabug: 36425307] {CVE-2021-3750} - lsi53c895a: disable reentrancy detection for script RAM (Alexander Bulekov) [Orabug: 36425307] {CVE-2021-3750} - hw: replace most qemu_bh_new calls with qemu_bh_new_guarded (Alexander Bulekov) [Orabug: 36425307] {CVE-2021-3750} - checkpatch: add qemu_bh_new/aio_bh_new checks (Alexander Bulekov) [Orabug: 36425307] {CVE-2021-3750} - async: Add an optional reentrancy guard to the BH API (Alexander Bulekov) [Orabug: 36425307] {CVE-2021-3750} - memory: prevent dma-reentracy issues (Alexander Bulekov) [Orabug: 36425307] {CVE-2021-3750} - util/async: add a human-readable name to BHs for debugging (Stefan Hajnoczi) [Orabug: 36425307] {CVE-2021-3750} - io: remove io watch if TLS channel is closed during handshake (Daniel Berrange) [Orabug: 35595204] {CVE-2023-3354} - tests/qtest: ahci-test: add test exposing reset issue with pending callback (Fiona Ebner) [Orabug: 36327659] {CVE-2023-5088} - hw/ide: reset: cancel async DMA operation before resetting state (Fiona Ebner) [Orabug: 36327659] {CVE-2023-5088} - accel/tcg: fix race in cpu_exec_step_atomic (bug 1863025) (Alex Bennee) [Orabug: 36327651] {CVE-2020-24165} - physmem: add missing memory barrier (Paolo Bonzini) [Orabug: 35886091] - qemu-coroutine-lock: add smp_mb__after_rmw() (Paolo Bonzini) [Orabug: 35886091] - aio-wait: switch to smp_mb__after_rmw() (Paolo Bonzini) [Orabug: 35886091] - edu: add smp_mb__after_rmw() (Paolo Bonzini) [Orabug: 35886091] - qemu-thread-win32: cleanup, fix, document QemuEvent (Paolo Bonzini) [Orabug: 35886091] - qemu-thread-posix: cleanup, fix, document QemuEvent (Paolo Bonzini) [Orabug: 35886091] - qatomic: add smp_mb__before/after_rmw() (Paolo Bonzini) [Orabug: 35886091] - aio_wait_kick: add missing memory barrier (Emanuele Giuseppe Esposito) [Orabug: 35886091] - hw/smbios: Fix core count in type4 (Zhao Liu) [Orabug: 35876036] - hw/smbios: Fix thread count in type4 (Zhao Liu) [Orabug: 35876036] - hw/smbios: Fix smbios_smp_sockets caculation (Zhao Liu) [Orabug: 35876036] - machine: Add helpers to get cores/threads per socket (Zhao Liu) [Orabug: 35876036] - machine: move dies from X86MachineState to CpuTopology (Paolo Bonzini) [Orabug: 35876036] - machine: move SMP initialization from vl.c (Paolo Bonzini) [Orabug: 35876036] - machine: move UP defaults to class_base_init (Paolo Bonzini) [Orabug: 35876036] - virtio-crypto: verify src&dst buffer length for sym request (zhenwei pi) [Orabug: 35724113] {CVE-2023-3180} - hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330) (Thomas Huth) [Orabug: 35724112] {CVE-2023-0330} seabios sgabios supermin MODERATE Copyright 2024 Oracle, Inc. CVE-2023-2700 CVE-2024-1441 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:linux:8::kvm_appstream cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 Oracle Linux 8 [2.28-251.0.2.2] - Forward port of Oracle patches over 2.28-251.2 Reviewed-by: Jose E. Marchesi Oracle history: May-23-2024 Cupertino Miranda - 2.28-251.0.2.1 - Forward port of Oracle patches over 2.28-251.1 Reviewed-by: Jose E. Marchesi May-22-2024 Cupertino Miranda - 2.28-251.0.2 - Forward port of Oracle patches for ol8-u10 Reviewed-by: Jose E. Marchesi March-28-2024 Cupertino Miranda - 2.28-251.0.1 - Forward port of Oracle patches for ol8-u10-beta Reviewed-by: Jose E. Marchesi March-5-2024 Cupertino Miranda - 2.28-236.0.1.12 - Forward port of Oracle patches. Reviewed-by: Jose E. Marchesi November-14-2023 Cupertino Miranda - 2.28-236.0.1.7 - Forward port of Oracle patches. Reviewed-by: Jose E. Marchesi October-4-2023 Cupertino Miranda - 2.28-236.0.1.6 - Forward port of Oracle patches. Reviewed-by: Jose E. Marchesi April-21-2023 Cupertino Miranda - 2.28-225.0.3 - OraBug 35317410 Glibc tunable to disable huge pages on pthread_create stacks - Created tunable glibc.pthread.stack_hugetlb to control when hugepages can be used for stack allocation. - In case THP are enabled and glibc.pthread.stack_hugetlb is set to 0, glibc will madvise the kernel not to use allow hugepages for stack allocations. Reviewed-by: Jose E. Marchesi April-11-2023 Cupertino Miranda - 2.28-225.0.2 - OraBug: 35268809 Fixed initialization of VDSO for tcache_key_initialize Reviewed-by: Jose E. Marchesi March-28-2023 Cupertino Miranda - 2.28-225.0.1 - Merge of Oracle patches for ol8u8 beta Reviewed-by: Jose E. Marchesi September-28-2022 Patrick McGehearty - 2.28-211.0.1 - Merge of Oracle patches for ol8u7 beta Reviewed-by: Jose E. Marchesi August-8-2022 Patrick McGehearty - 2.28-189.5.0.2 - Enable VDSO on x86_64, aarch64, i386, arm, and mips statically linked programs. - These changes enable reading the realtime clock without a kernel syscall. OraBug: 30478315 Reviewed-by: Jose E. Marchesi May-2-2022 Patrick McGehearty - 2.28-199.0.1 - Merge of patches from c8s 199 with ol8u6 beta Reviewed-by: Jose E. Marchesi - Update siginfo constants from linux kernel (OraBug: 33734528) - Remove limit on MALLOC_MMAP_THRESHOLD tunable (Orabug: 29630826) - Provide glibc.pthread.mutex_spin_count tunable for pthread adaptive - spin mutex (Orabug: 27982358) Reviewed-by: Qing Zhao - add Ampere emag to tunable cpu list (Patrick McGehearty) - add optimized memset for emag - add an ASIMD variant of strlen for falkor Orabug: 2700101. - Modify glibc-ora28849085.patch so it works with RHCK kernels. (Orabug: 28849085) - Make _IO_funlockfile match __funlockfile and _IO_flockfile match __flockfile Both should test if (stream->_flags & _IO_USER_LOCK) == 0) _IO_lock_lock (*stream->_lock); OraBug: 28481550. Reviewed-by: Qing Zhao [2.28-251.2] - CVE-2024-33599: nscd: buffer overflow in netgroup cache (RHEL-34264) - CVE-2024-33600: nscd: null pointer dereferences in netgroup cache (RHEL-34267) - CVE-2024-33601: nscd: crash on out-of-memory condition (RHEL-34271) - CVE-2024-33602: nscd: memory corruption with NSS netgroup modules (RHEL-34273) [2.28-251.1] - CVE-2024-2961: Out of bounds write in iconv conversion to ISO-2022-CN-EXT (RHEL-31804) [2.28-251] - Cache information in x86_64 ld.so --list-diagnostics output (RHEL-21997) [2.28-250] - getaddrinfo: Return correct error EAI_MEMORY when out-of-memory (RHEL-19445) [2.28-249] - Updates for AMD cache size computation (RHEL-3010) [2.28-248] - Re-enable output buffering for wide stdio streams (RHEL-19824) [2.28-247] - Fix TLS corruption during dlopen()/dlclose() sequences (RHEL-17468) [2.28-246] - Include CentOS Hyperscaler SIG patches backported by Intel (RHEL-15696) [2.28-245] - Improve compatibility between underlinking and IFUNC resolvers (RHEL-16825) [2.28-244] - Restore <sys/cdefs.h> compatibility with C90 compilers (RHEL-15867) [2.28-243] - ldconfig should skip temporary files created by RPM (RHEL-13720) [2.28-242] - Fix force-first handling in dlclose (RHEL-10481) [2.28-241] - Avoid lazy binding failures during dlclose (RHEL-3639) [2.28-240] - Add /usr/share/doc/glibc/gai.conf to glibc-doc (RHEL-12894) [2.28-239] - nscd: Skip unusable entries in first pass in prune_cache (RHEL-1192) [2.28-238] - Fix slow tls access after dlopen (RHEL-2122) [2.28-237] - Enable running a single test from the testsuite (RHEL-3757) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-33600 CVE-2024-33602 CVE-2024-33599 CVE-2024-33601 cpe:/a:oracle:linux:8::userspace_ksplice Oracle Linux 7 [2.17-326.0.6.3] - Forward-port Oracle patches to 2.17-326.3 Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> Oracle history: April-28-2023 Cupertino Miranda <cupertino.miranda@oracle.com> - 2.17-326.0.6 - OraBug 35338741 Glibc tunable to disable huge pages on pthread_create stacks Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> February-22-2023 Cupertino Miranda <cupertino.miranda@oracle.com> - 2.17-326.0.4 - OraBug 35107754 Fix range check in do_tunable_update_val Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> May-18-2022 Patrick McGehearty <patrick.mcgehearty@oracle.com> - 2.17-326.0.2 - Forward-port Oracle patches to 2.17-326. Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> April-27-2022 Patrick McGehearty <patrick.mcgehearty@oracle.com> - 2.17-325.0.6 - OraBug 33968985 Security Patches - This release fixes CVE-2022-23219, CVE-2022-23218, and CVE-2021-3999 Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> January-7-2022 Patrick McGehearty <patrick.mcgehearty@oracle.com> - 2.17-325.0.4 - add upstream patch for CR33459693 Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> October-12-2021 Patrick McGehearty <patrick.mcgehearty@oracle.com> - 2.17-325.0.2 - merge el7 u9 errata4 patch with Oracle patches Review-exception: Simple merge - merge el7 u9 errata patch with Oracle patches Review-exception: Simple merge - merge el7 u9 errata patches with Oracle patches Review-exception: Simple merge - merge el7 u9 patches with Oracle patches Review-exception: Simple merge - Four patches to match 3rd patch bundle from Marvell - modify MIPS values in elf/elf.h - add sysdeps/aarch64/sys/ifunc.h - consolidate Linux mmap [BZ-21270] - fix mmap for really large offsets - [Orabug 30778222] Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> - [Orabug 28481550/29851177] Make funlockfile/flockfile match tests with _IO_funlockfile and _IO_flockfile. - aarch64 Optimize memcpy for octeonx - aarch64 Add Atomics HWCAP_IMPORTANT - implement allocate_once - Adding Mike Fabian's C.utf-8 patch (C.utf-8 is a unicode-aware version of the C locale) - Marvell Patches to support mips/aarch64 - mips support _ABI64 and STRING_INLINE_unaligned - mips Use HAVE_SA_RESTORER for declaration of restore_rt. - Do not redefine MEMCPY_OK_FOR_FWD_MEMMOVE - mips pread.c remove typo. - mips remove mips64/n32/fallocate.c - add uint64_t for SEM_NWAITERS_SHIFT - Replace sysdeps/mips/preconfigure with current version. - change !_MIPS_ARCH_OCTEON to !defined _MIPS_ARCH_OCTEON - Check for /usr/bin/sh before invoking bash specific cmds - Backport to fix ltp set{re,res}{g,u}id.c tests. - mips Octeon add syncw in atomic.h asm.h - Make mmap64() 64-bit file offsets for n32 - mips Use 'k0' for Octeon1 - Bug 1591 mips/mips64/pthread_spin_unlock.c - mips Bug 1552 fadvise changes - mips user.h delete PAGE_SIZE PAGE_MASK NBPG HOST_STACK_END_ADDR - mips bug 1633 modify debug/Makefile - mips octeon2 optimize atomic compare and exchange - mips Append octeon3 to the machine variable. - ifaddrs netlink request increase buffer size for large messages - mips clean up memcpy.S syntax (no change in prefetching) - Include sysdep.h in sysdeps/aarch64/crti.S - aarch64 rename R_AARCH64 fields based on new ABI - aarch64 Support variable pagesize - mips bug 4380 static glibc syscalls to support cancellation - aarch64 add funwind tables to backtrace - aarch64 define typesizes - mips sqrt code added - Cleanup strcoll_l to match upstream - Add test to check for cache size int overflow - mips correct reserved FCSR bits - mips fpu_control.h standardize capitalization - mips fpu_control.h add FPU_RC_MASK - mips use FPU_RC_MASK in fegetround fesetround - mips inline math lib support functions - mips add strcmp.c - mips revise memset again for Octeon 128byte cache lines - aarch64 define FUTEX_WAIT_REQUEUE_PI - aarch64 Define ABORT_INSTRUCTION - aarch64 fix first cfi_adjust_cfa_offset - mips add section GNU-stack for executable stack - aarch64 Make SSIZE_T_TYPE always signed long - aarch64 define OFF_T_TYPE to be SYSCALL_SLONG_TYPE - aarch64 Handle various MATCHES cases - Change shm_segsz to be __syscall_ulong_t - convert elf/sotruss.ksh to standard Bourne function syntax - aarch64 remove inaccurate comment from sysdep.h - aarch64 Prevent warning in sigcontextinfo.h - aarch64 Prevent warning in jmpbuf-unwind.h - check signal stack before and after swapcontext - aarch64 Add SystemTap probe longjmp and setjmp - aarch64 count_leading_zeros defined - mips improved newlib strcmp.c - fix initial condition for get_nprocs - aarch64: remove asm/ptrace.h in sys includes - elf/pldd.c use scratch_buffer instead of extend_alloca - grp Rewrite to use scratch_buffer - add scratch_buffer to initgroups - add scratch_buffer to getnameinfo - nscd_getgr_r add scratch_buffer - mips Define DT_MIPS_RLD_MAP_REL macro - mips Add ENTRY and END to assembly routines - Makeconfig changes to support include subdirs - mips assembly changes for GP64_REG and GP64_STACK - sunrpc: Do not use alloca in clntudp_call - Improve wide char support - Provide cache/non-cache versions for localedata - CR29749550 [armv5] build failure - Add 3 arm patches to aarch64 tree to avoid future build/merge failures. - Rebase aarch64 patches at 30000 to avoid future conflicts. - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> - EL Errata <el-errata_ww@oracle.com> - Add BUS_MCEERR_AR, BUS_MCEERR_AO to sysdeps/unix/sysv/linux/bits/siginfo.h - Add MAP_SHARED_VALIDATE to sysdeps/unix/sysv/linux/bits/mman-linux.h and - sysdeps/unix/sysv/linux/aarch64/bits/mman-linux.h - Add MAP_SYNC to sysdeps/unix/sysv/linux/aarch64/bits/mman.h - Add RTEXT_FILTER_SKIP_STATS - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> Orabug: <29495283> - add Ampere emag to tunable cpu list - add optimized memset for emag - add an ASIMD variant of strlen for falkor - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> Orabug: <2700101> - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> - bundle of 71 upstream commits to improve malloc correctness and performance - upstream commit 4b5b548c9fedd5e6d920639e42ea8e5f473c4de3 - Fix BZ #15089: malloc_trim always trim for large padding. - upstream commit 51a7380b8968251a49a4c5b0bc7ed1af5b0512c6 - malloc/malloc.c: Avoid calling sbrk unnecessarily with zero - upstream commit 8a35c3fe122d49ba76dff815b3537affb5a50b45 - Use alignment macros, pagesize and powerof2. - upstream commit eab55bfb14f5e1ea6f522d81632ce5a1b8a8c942 - Add missing includes to sysdeps/generic/malloc-sysdep.h. - upstream commit 987c02692a88b8c9024cb99187434aad02c3c047 - malloc: fix comment typo - upstream commit c52ff39e8ee052e4a57676d65a27f09bd0a859ad - * malloc/malloc.c: Fix powerof2 check. - upstream commit af102d9529faee5810fde80dac6337b6148789ad - Remove explicit inline on malloc perturb functions. - upstream commit ca6be1655bd357bf6ac8857fba9b9dce928edbdc - Use ALIGN_DOWN in systrim. - upstream commit 8ba14398e629c1f63b9c91a59a47a713b3cce8bc - Do not macro-expand failed assertion expression [BZ #18604] - upstream commit 400e12265d99964f8445bb6d717321eb73152cc5 - Replace MUTEX_INITIALIZER with _LIBC_LOCK_INITIALIZER in generic code - upstream commit 00d4e2ea3503e6de0f198cd65343f287a51f04db - malloc: Remove arena_mem variable - upstream commit ca135f824b1dbaf43e4a673de7725db76a51b714 - malloc: Remove max_total_mem member from struct malloc_par - upstream commit 59eda029a8a35e5f4e5cd7be0f84c6629e48ec6e - malloc: Remove NO_THREADS - upstream commit b43f552a8a23c0e405ab13a268bee12ada3b7841 - Fix type of parameter passed by malloc_consolidate - upstream commit 8a727af925be63aa6ea0f5f90e16751fd541626b - malloc: Remove malloc hooks from fork handler - upstream commit 4cf6c72fd2a482e7499c29162349810029632c3f - malloc: Rewrite dumped heap for compatibility in __malloc_set_state - upstream commit dea39b13e2958a7f0e75b5594a06d97d61cc439f - malloc: Correct malloc alignment on 32-bit architectures [BZ #6527] - upstream commit 1e8a8875d69e36d2890b223ffe8853a8ff0c9512 - malloc: Correct size computation in realloc for dumped fake mmapped chunks - upstream commit 073f82140c7dbd7af387153c29ac7ac3e882c4ef - malloc_usable_size: Use correct size for dumped fake mapped chunks - upstream commit f88aab5d508c13ae4a88124e65773d7d827cd47b - malloc: Preserve arena free list/thread count invariant [BZ #20370] - upstream commit 5bc17330eb7667b96fee8baf3729c3310fa28b40 - elf: dl-minimal malloc needs to respect fundamental alignment - upstream commit 4bf5f2224baa1590f92f7a26930928fe9f7e4b57 - malloc: Automated part of conversion to __libc_lock - upstream commit c1234e60f975da09764683cddff4ef7e2a21ce78 - Document the M_ARENA_* mallopt parameters - upstream commit 68fc2ccc1aebc15b92e596b2bdc5605da1e25f3c - Remove redundant definitions of M_ARENA_* macros - upstream commit aceb22c1f59231909777f7d0a6b955adbf7096a2 - Remove references to sbrk to grow/shrink arenas - upstream commit e863cce57bff6cb795e6aad745ddf6235bca21ce - malloc: Remove malloc_get_state, malloc_set_state [BZ #19473] - upstream commit 681421f3cac665a82d000d854ae6df1fb3b561a5 - sysmalloc: Initialize previous size field of mmaped chunks - upstream commit e9c4fe93b3855239752819303ca377dff0ed0553 - malloc: Use accessors for chunk metadata access - upstream commit ae9166f2b8936304ea347a98519372804963447f - malloc: Update comments about chunk layout - upstream commit 3d7229c2507be1daf0c3e15e1f134076fa8b9025 - Fix malloc/ tests for GCC 7 -Walloc-size-larger-than=. - upstream commit 17f487b7afa7cd6c316040f3e6c86dc96b2eec30 - Further harden glibc malloc metadata against 1-byte overflows. - upstream commit e4e26210c3bdb5dcdce7a3def3b90fa45d3e2c89 - Fix failing test malloc/tst-interpose-nothread with GCC 7. - upstream commit 622222846a2e6ffbcd02cb46cb5f29c48fe4a466 - Call the right helper function when setting mallopt M_ARENA_MAX (BZ #21338) - upstream commit 44e4b889ab0e0497567c8983ad25a78798a3ab51 - manual: Document replacing malloc [BZ #20424 - upstream commit 3b5f801ddb838311b5b05c218caac3bdb00d7c95 - Tweak realloc/MREMAP comment to be more accurate. - upstream commit 4e61a6be446026c327aa70cef221c9082bf0085d - i386: Increase MALLOC_ALIGNMENT to 16 [BZ #21120] - upstream commit d5c3fafc4307c9b7a4c7d5cb381fcdbfad340bcc - Add per-thread cache to malloc - upstream commit be8aa923a70da16ebabe85e912abc6b815bbdcb4 - * manual/tunables.texi: Add missing @end deftp. - upstream commit ed421fca42fd9b4cab7c66e77894b8dd7ca57ed0 - Avoid backtrace from __stack_chk_fail [BZ #12189] - upstream commit eac43cbb8d808a40004aa0a4a286f5c5155beccb - malloc: Avoid optimizer warning with GCC 7 and -O3 - upstream commit ec2c1fcefb200c6cb7e09553f3c6af8815013d83 - malloc: Abort on heap corruption, without a backtrace [BZ #21754] - upstream commit ac3ed168d0c0b2b702319ac0db72c9b475a8c72e - malloc: Remove check_action variable [BZ #21754] - upstream commit a9da0bb2667ab20f1dbcd0a9ae6846db02fbc96a - malloc: Remove corrupt arena flag - upstream commit 5129873a8e913e207e5f7b4b521c72f41a1bbf6d - malloc: Change top_check return type to void - upstream commit 24cffce7366c4070d8f823702a4fcec2cb732595 - malloc: Resolve compilation failure in NDEBUG mode - upstream commit 0c71122c0cee483a4e6abcdbe78a1595eefe86e2 - malloc: Remove the internal_function attribute - upstream commit 1e26d35193efbb29239c710a4c46a64708643320 - malloc: Fix tcache leak after thread destruction [BZ #22111] - upstream Oct 15, 2017 commit 8e57c9432a2b68c8a1e7f4df28f0e8c7acc04753 - Silence -O3 -Wall warning in malloc/hooks.c with GCC 7 [BZ #22052] - upstream Oct 17, 2017 commit e4dd4ace56880d2f1064cd787e2bdb96ddacc3c4 - Inline tcache functions - upstream Oct 17, 2017 commit e956075a5a2044d05ce48b905b10270ed4a63e87 - Use relaxed atomics for malloc have_fastchunks - upstream Oct 17, 2017 commit 3381be5cdef2e43949db12f66a5a3ec23b2c4c90 - Improve malloc initialization sequence - upstream Oct 18, 2017 commit 2c2245b92ccf6344b324d17d8f94ccd3b8c559c6 - Fix build failure on tilepro due to unsupported atomics - upstream Oct 19, 2017 commit d74e6f6c0de55fc588b1ac09c88eb0fb8b8600af - Fix deadlock in _int_free consistency check - upstream Oct 20, 2017 commit a15d53e2de4c7d83bda251469d92a3c7b49a90db - Add single-threaded path to _int_free - upstream Oct 20, 2017 commit 6d43de4b85b11d26a19bebe4f55f31be16e3d419 - Fix build issue with SINGLE_THREAD_P - upstream Oct 24, 2017 commit 3f6bb8a32e5f5efd78ac08c41e623651cc242a89 - Add single-threaded path to malloc/realloc/calloc/memalloc - upstream Oct 24, 2017 commit 905a7725e9157ea522d8ab97b4c8b96aeb23df54 - Add single-threaded path to _int_malloc - upstream Nov 15, 2017 commit 7a9368a1174cb15b9f1d6342e0e10dd90dae238d - malloc: Account for all heaps in an arena in malloc_info [BZ #22439] - upstream Nov 23, 2017 commit 0a947e061d47c9710838f210506215bd9533324b - malloc: Call tcache destructor in arena_thread_freeres - upstream Nov 30, 2017 commit 34697694e8a93b325b18f25f7dcded55d6baeaf6 - Fix integer overflow in malloc when tcache is enabled [BZ #22375] - upstream Jan 12, 2018 commit 249a5895f120b13290a372a49bb4b499e749806f - malloc: Ensure that the consolidated fast chunk has a sane size. - upstream Jan 29, 2018 commit 406e7a0a47110adbf79326c8a0bda5ffac3e0f10 - malloc: Use assert.h assert macro - upstream Feb 10, 2018 commit 402ecba487804e9196769f39a8d157847d3b3104 - [BZ #22830] malloc_stats: restore cancellation for stderr correctly. - upstream Mar 9, 2018 commit 229855e5983881812b21b215346cb990722c6023 - malloc: Revert sense of prev_inuse in comments - upstream Mar 14, 2018 commit bdc3009b8ff0effdbbfb05eb6b10966753cbf9b8 - malloc: harden removal from unsorted list - malloc: fix merge regressions in previous bundle of patches. Orabug: <29139332> - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> - Modified patches to avoid duplication of patch2754 (added in 2.17-260.0.16) - and patch10134. OraBug 29319671. - Reviewed-by: Egeyar Bagcioglu <egeyar.bagcioglu@oracle.com> - Regenerate intl/plural.c OraBug 28806294. - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> - intl: Port to Bison 3.0 - Backport of upstream gettext commit 19f23e290a5e4a82b9edf9f5a4f8ab6192871be9 OraBug 28806294. - Reviewed-by: Patrick McGehearty <patrick.mcgehearty@oracle.com> - Fix dbl-64/wordsize-64 remquo (bug 17569). - Backport of upstream d9afe48d55a412e76b0dcb28335fd4b390fe07ae OraBug 19570749. - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> - libio: Disable vtable validation in case of interposition. - Backport of upstream c402355dfa7807b8e0adb27c009135a7e2b9f1b0. OraBug 28641867. - Reviewed-by: Egeyar Bagcioglu <egeyar.bagcioglu@oracle.com> - merged bundle of 142 upstream commits for aarch64 support with glibc rhel7 update 6. - upstream commit 75eff3fe90f96783f31f58fa84af1b77e57d1ae4 - trimmed to only add bzero.S, memcmp.S memcpy.S, memmove.S, memset.S, - strcmp.S, strlen.S, strncmp.S and strnlen.S into sysdeps/aarch64. Orabug: <28003847> - upstream commit 08325735c2efb0257b8c07ac0ff91e44c27ecbf8 - Lazy TLSDESC relocation data race fix - upstream commit c71c89e5c72baf43fd44d08dda8ab846eec5b1d6 - fix cfi annotations which used incorrect sign. - upstream commit f008c71455a8f23c2a24c451e61b12ddfca9a54f - fix uninitialized warning for math_private.h - upstream commit d2e4346a30683cc42c57bd1bfd457897d78c6d7e - fix internal asm profiling code - upstream commit efbe665c3a2d344b0d64456cf29499ba53c2965a - add ifunc support for aarch64 - upstream commit d6fc3f6516cd20f195758086fbbbe3f17a8a6d95 - add ChangeLog for ifunc support patch - upstream commit 6cd380dd366d728da9f579eeb9f7f4c47f48e474 - avoid-literals-in-start.S - upstream commit f124cb381116b5809de198327690ad0bd8d1478e - Fix nearbyint arithmetic moved before feholdexcept (bug 22225). - upstream commit db4f87bad48ed93ae14f61121367a7cb94fa46ed - do not use MIN for dl-machine.h - upstream commit a2e0a7f12ba57a49d1380c7ba1ff4b1f51d67347 - Guess L1 cache linesize - upstream commit 58a813bf6e732211af53e690c92c14a50bb06e0e - fix f-max-min for gcc - upstream commit e7df6c5c79458dc042a8c967bafa6e8eca88ae0d - HWCAP additions - upstream commit 14d886edbd3d80b771e1c42fbd9217f9074de9c6 - fix start code for static pie - upstream commit afce1991f6f61514172696ec3edf93331cb0e04f - clean up HWCAP updates - upstream commit 953c49cc3bb1041090281042148197ad3537c551 - more HWCAP additions - upstream commit 3f8d9d58c59fdbe27301d0e18bfd426a5f2edf19 - use builtins for fpcr/fpsr - upstream commit 4f5b921eb9b775aa3549a9bcd684c3013132f04b - add include for fpcr/fpsr fix - upstream commit 0c8a67a5737b4b6dd74bd24219fc642c8d244bee - fix include for fpcr/fpsr fix Orabug: <28036322> - upstream commit 2fee269248c6ef303569d9ac8fec3a27676520e0 - Enable _STRING_ARCH_unaligned on AArch64. - upstream commit 16396c41deab45f715ffd813280d9d685b3b281e - Add _STRING_INLINE_unaligned and string_private.h - upstream commit a8c5a2a9521e105da6e96eaf4029b8e4d595e4f5 - This is an optimized memset for AArch64. - upstream commit b998e16e71c8617746b7c39500e925d28ff22ed8 - This is an optimized memcpy/memmove for AArch64. - upstream commit c435989f52204703d524f467c830dc363439e532 - Optimize the strlen implementation. - upstream commit 58ec4fb881719d0b69989f9a4955290fca531831 - Add a simple rawmemchr implementation. - upstream commit a024b39a4e31a049391b459234f6b3575c9fc107 - This patch further tunes memcpy - upstream commit 95e431cc73c2df3bc606107d6f79c4683bd61102 - An optimized memchr was missing for AArch64. - upstream commit 922369032c604b4dcfd535e1bcddd4687e7126a5 - [AArch64] Optimized memcmp. - upstream commit 4c1d801a5956f049126ef6cbe22ed23693e77a8c - aarch64: Avoid hidden symbols for memcpy/memmove into static binaries - upstream commit 2bce01ebbaf8db52ba4a5635eb5744f989cdbf69 - aarch64: Improve strcmp unaligned performance - upstream commit 84c94d2fd90d84ae7e67657ee8e22c2d1b796f63 - aarch64: Use the L() macro for labels in memcmp - upstream commit 6ca24c43481e2c93a6eec362b04c3e77a35b28e3 - aarch64/strcmp: fix misaligned loop jump target - upstream commit 30a81dae5b752f8aa5f96e7f7c341ec57cba3585 - aarch64: Optimized memcmp for medium to large sizes - upstream commit 4e54d918630ea53e29dd70d3bdffcb00d29ed3d4 - aarch64: Fix branch target to loop16 - upstream commit 7108f1f944792ac68332967015d5e6418c5ccc88 - aarch64: Improve strncmp for mutually misaligned inputs - upstream commit d46f84de745db8f3f06a37048261f4e5ceacf0a3 - aarch64/strncmp: Unbreak builds with old binutils - upstream commit b47c3e7637efb77818cbef55dcd0ed1f0ea0ddf1 - aarch64/strncmp: Use lsr instead of mov+lsr Orabug: <28077661> - upstream commit 3a7ac8a0f596bb73093212cd1109c1413777e1f8 - Remove bp-start.h and INIT_ARGV_and_ENVIRON. - upstream commit 10ad46bc6526edc5c7afcc57112da96917ff3629 - Consolidate valloc/pvalloc code. - upstream commit 520d437b9455560d099fe6bd9664be1f9f76868b - Fix build warnings from systemtap probes in non-systemtap configurations - upstream commit f3eeb3fc560ccc4ce51dc605e4703c5016b07244 - Replace malloc force_reg by atomic_forced_read. - upstream commit 6c8dbf00f536d78b1937b5af6f57be47fd376344 - Reformat malloc to gnu style. - upstream commit bdfe308a166b433a841d5c9ae256560c18bce640 - Remove THREAD_STATS. - upstream commit e0db65176fa88b9497cbd6362b24e3225382bfb6 - Clean up __exit_thread. - upstream commit 79520f4bd611602f5bdb2b50979cf75bb5ac2968 - Use existing makefile variables for dependencies on - upstream commit 75f11331f98ebf3873e887a683add944a1aec0fd - correct alignment of TLS_TCB_ALIGN (BZ #16796) - upstream commit 94c5a52a841f807a23dbdd19a5ddeb505cc1d543 - Consolidate arena_lookup and arena_lock into a single arena_get - upstream commit c26efef9798914e208329c0e8c3c73bb1135d9e3 - malloc: Consistently apply trim_threshold to all heaps [BZ #17195] - upstream commit 92a9b22d70b85b7edd0484db8bf2465a969fb09e - Drop unused first argument from arena_get2 - upstream commit c3b9ef8dfc83e9d17da5adc73709d2f7dfbbaf13 - Do not use the main arena in retry path if it is corrupt - upstream commit 90b2517115a56ca9f5625f3e16c2629deeac55a9 - include/stap-probe.h: Fix formatting. - upstream commit 6782806d8f6664d87d17bb30f8ce4e0c7c931e17 - malloc: Rewrite with explicit TLS access using __thread - upstream commit a62719ba90e2fa1728890ae7dc8df9e32a622e7b - malloc: Prevent arena free_list from turning cyclic [BZ #19048] - upstream commit 730bbab2c39dd615c31c924041b4d16d7f107ae0 - Mark internal unistd functions hidden in ld.so - upstream commit cbb47fa1c6476af73f393a81cd62fc926e1b8f6e - malloc: Manual part of conversion to __libc_lock - upstream commit e33a23fbe8c2dba04fe05678c584d3efcb6c9951 - Add INTERNAL_SYSCALL_CALL - upstream commit be7991c0705e35b4d70a419d117addcd6c627319 - Static inline functions for mallopt helpers - upstream commit afcf3cd8ebff8fed79238a2d1b95338c4606b1ee - New internal function __access_noerrno - upstream commit 67e58f39412ecd4467034761f3f074283c90f3c8 - Add framework for tunables - upstream commit 3c589b1a8a4401e258ba23a03fcbcc79b82393ab - tunables: Use correct unused attribute (fixed build error in 67e58f) - upstream commit 9dd409a5f4a7a053cc962f8371dad0fe5cc22597 - Initialize tunable list with the GLIBC_TUNABLES environment variable - upstream commit 6765d5d34d126b26d55e2d73dac4dfec5e6d6241 - Enhance --enable-tunables to select tunables frontend at build time - upstream commit b31b4d6ae50b0d332207754327598fdce5b51015 - User manual documentation for tunables - upstream commit 34a63b097335d3411080b5b6e5b164ab36563847 - malloc: Run tunables tests only if tunables are enabled - upstream commit d054a81ab3a2515a45d28e6c26d2b190ff74e8ec - tunables: Avoid getenv calls and disable glibc.malloc.check by default - upstream commit 41389c40499a083c59e68ba281ec87be567f2871 - Fix environment traversal when an envvar value is empty - upstream commit f3bef6a748097d02d196df247f7b292c7b83744c - * elf/dl-tunables.c (tunable_set_val_if_valid_range): Split into ... - upstream commit 8b9e9c3c0bae497ad5e2d0ae2f333f62feddcc12 - tunables: Fix environment variable processing for setuid binaries (bz #21073) - upstream commit ed8d5ffd0a14e84298a15ae2ec9b799010166b28 - Drop GLIBC_TUNABLES for setxid programs when tunables is disabled (bz #21073) - upstream commit 53aa04a86c10f49b7481e73d2ca045ecd6ed2df7 - tunables: Fail tests correctly when setgid does not work - upstream commit 43ce02c6ec27d4e2d8f0ae327bbbeaba84060964 - Fix typo in manual - upstream commit 8cbc826c37c0221ada65a7a622fe079b4e89a4b0 - Fix getting tunable values on big-endian (BZ #21109 - upstream commit 1c1243b6fc33c029488add276e56570a07803bfd - Ignore and remove LD_HWCAP_MASK for AT_SECURE programs (bug #21209) - upstream commit 65eff7fbdbddad8c1f9af7cb48cd3b5dca3c5c9d - Update old tunables framework document/script. - upstream commit 17284d650ebe5c736c9730ee16401008f26128c3 - tunables: Make tunable_list relro - upstream commit d13103074ab5c7614eeb94f88a61803ed8f3e878 - tunables: Specify a default value for tunables - upstream commit ad2f35cb396d24391150675fb55311c98d1e1592 - tunables: Add support for tunables of uint64_t type - upstream commit ce79740bdbccea312df6cfcf70689efb57792fc9 - Reduce value of LD_HWCAP_MASK for tst-env-setuid test case - upstream commit ee8015b9ea084d5727ce477fdd8d935f1de7f7f6 - Support dl-tunables.list in subdirectories - upstream commit 81efada5287c3215307623e57d3bbbeefa0c1250 - Make __tunables_init hidden and avoid PLT - upstream commit 4158ba082c641f407009363b186b4c85f8a01a35 - Delay initialization of CPU features struct in static binaries - upstream commit 44330b6d32904fdc8b6835a112e0ba0aee9f4ef3 - tunables: Clean up hooks to get and set tunables - upstream commit ea9b0ecbf0e7b6e8281047624efbe1b2cbb6d487 - tunables: Add LD_HWCAP_MASK to tunables - upstream commit ff08fc59e36e02074eba8ab39b0d9001363970f0 - tunables: Use glibc.tune.hwcap_mask tunable instead of _dl_hwcap_mask - upstream commit f82e9672ad89ea1ef40bbe1af71478e255e87c5e - aarch64: Allow overriding HWCAP_CPUID feature check using HWCAP_MASK - upstream commit 511c5a1087991108118c6e9c9546e83e992bf39c - Make LD_HWCAP_MASK usable for static binaries - upstream commit ea01a4da219011f4a4db97eef3c5bfc2f6e8fc6b - aarch64: Add hwcap string routines - upstream commit 6c85cc2852367ea2db91ff6a1fc0f6fc0653788d - aarch64: Fix undefined behavior in _dl_procinfo - upstream commit 2c0b90ab443abc967cbf75add4f7fde84978cb95 - Enable tunables by default - upstream commit 95a73392580761abc62fc9b1386d232cd55878e9 - tunables: Use direct syscall for access (BZ#21744) - upstream commit a4de0a9008d6f15e1509c9818ba6e50d78bb83f3 - Fix gen-tunables.awk to work with older awk Orabug: <28121777> - upstream commit ddcf6798d35beca3c4eec80ea448b57fd45558f4 - Replace C implementation of bzero with direct call to memset. - upstream commit af96be34825586536ebcfbf5c675e795ddd3c8fa - Replace C implementation of bcopy with a direct call to memmove. - upstream commit 6a2c695266fab34cc057256d1b33d2268183f00e - aarch64: Thunderx specific memcpy and memmove - upstream commit 512d245bc30cca893db6979f42f058e734f345c3 - Add HWCAP_ macros from Linux 4.12 to AArch64 bits/hwcap.h. - upstream commit 738a9914a066a31750925543a8c6d2661bd61345 - benchtests: Print string array elements, int and uint in json - upstream commit 5ee1e3cebc47495a36d17a0066c241978ca6f502 - benchtests: Make memcpy benchmarks print results in json - upstream commit 25d5247277760e669a69618ce99ce6065e92362c - benchtests: New script to parse memcpy results - upstream commit ab85da15301c552e3ea4577a6432aa028bee9295 - aarch64: Call all string function implementations in tests - upstream commit 28cfa3a48e59f9c6b9bc25a003a4ede435841382 - tunables, aarch64: New tunable to override cpu - upstream commit 47ea614b9afcdaef80e09d58afcdad4f96ba3f15 - fix typo - upstream commit 82e06600505cc26810d263a964d9eca6f3cdfe91 - [AArch64] Update dl-procinfo for new HWCAP flags in Linux 4.12 - upstream commit 36ada5f681d86d4abe7b3b47d653d69e5ab2a6fd - aarch64: Optimized memcpy for Qualcomm Falkor processor - upstream commit 61c982910da9b60f7ac48eb1caaac1f4b013dbb1 - benchtests: Remove verification runs from benchmark tests - upstream commit 86c6519ee77d241575653206f33dbe1d4c8436cf - benchtests: Print json in memmove benchmark - upstream 9eee633b68649c94b2404f65d5c9a00c3ed1f068 - Change argument type passed to ifunc resolvers - upstream commit 9c9ec58197d1e18db6f7b39f7dc08b0f5f61df4e - Add thunderx2t99 and thunderx2t99p1 CPU names to tunables list - upstream commit f00bce744e12996a30b7ac5851b001b1dd7beaa9 - Fix glibc.tune.cpu tunable handling - upstream commit 29c933fb35b7bf872f57dc6977c879832983ab6c - benchtests: Make memset benchmarks print json - upstream commit 503c92c37a95f769762e65aff9383b302178c2bc - benchtests: Reallocate buffers for memset - upstream commit dd5bc7f1b385b29d0f90aefe4d9756b35011709b - aarch64: Optimized implementation of memmove for Qualcomm Falkor - upstream commit edbbc86c3a6624dcc0316a4cd78fe1adfb383405 - * sysdeps/aarch64/bzero.S (__bzero): Remove. - upstream commit 4d7632ff687dc60fb9ed38bae682d395017b61a8 - benchtests: Fix walking sizes and directions for *-walk benchmarks - upstream commit eb332f9feb7637eeefed037a683d2a6130d058b1 - benchtests: Bump start size since smaller sizes are noisy - upstream commit 5a67c4fa010abb27e704aa4ea3896f3aa2b39ed7 - aarch64: Optimized memset for falkor - upstream commit 5f1603c331d9e2194170762b7e5e80a5571e4b4e - Convert strcmp benchmark output to json format - upstream commit 4e00196912e63bd44f9a62a88a0f5c5fde25ad86 - aarch64: fix memset with --disable-multi-arch - upstream commit 3dfcbfa1a4bfa39344e8d945ed1bd697c4c9fe96 - benchtests: Reallocate buffers for every test run - upstream commit 96e6a7167e127d5e65000f2724e074f1c026e1f1 - benchtests: Make bench-memcmp print json - upstream commit e9537dddc7c7c7b60b55ed845542c8d586164488 Orabug: <28121801> - upstream commit 9dbebe1a67bbedfcb39c6b739f15bc639e8d40a2 - [AArch64] Save and restore q0-q7 on entry to dynamic linker. - upstream commit 1670e207c57513da84462c2a018f01653e7d1cc6 - aarch64: Rely on syscalls preserving registers - upstream commit f940b96522d6ac67915186dfaa71b43f3e7f5404 - [AArch64] Add optimized strchr. - upstream commit be9d4ccc7fe62751db1a5fdcb31958561dbbda9a - [AArch64] Add optimized strchrnul. - upstream commit 80085defb83e4f2ce098c8bc00c82d1e14998c71 - [AArch64] End frame record chain correctly. [??Bug 17522], release 2.21 - upstream commit aa76a5c7010e98c737d79f37aa6ae668f60f7a00 - [AArch64] Fix strchrnul clobbering v15 - upstream commit ec582ca0f30c963a1c27f405b6732ca8507271d5 - AArch64 optimized implementation of strrchr. - upstream commit dc400d7b735c47086a001ed051723e376230cf01 - AArch64: Optimized implementations of strcpy and stpcpy. - upstream commit d3496c9f4f27d3009b71be87f6108b4fed7314bd - Improve generic strcspn performance - upstream commit 91f3b75f47c9eca3299098c3dcc2f5d9dad320b1 - Improve generic strspn performance - upstream commit 282b71f07eb5e24ddf1308f92c37cb42f7c7d86b - Improve generic strpbrk performance - upstream commit 2e51bc3813ca3fe72fd197d08d79496e46669f43 - Use PTR_ALIGN_DOWN on strcspn and strspn - upstream commit f6a191a6ee0313d61dffa70d86b033c5a598f907 - Consolidate Linux read syscall - Fixes BZ#21428 - upstream commit ed0257f7d3378ec4a72e297f0dcba5159f2dd138 - [AArch64] Adjust elf_machine_dynamic to use _GLOBAL_OFFSET_TABLE_ - upstream commit e535ce250143b9c1600b306911710c0de73e2a5e - [ARM] add missing -funwind-tables to test case (bug 19529) - upstream commit a68ba2f3cd3cbe32c1f31e13c20ed13487727b32 - [AARCH64] Rewrite elf_machine_load_address using _DYNAMIC symbol - upstream commit db9bab09a51188bf57afeb47040ce6837b878367 - Document cache information sysconf variables - upstream commit a2e0a7f12ba57a49d1380c7ba1ff4b1f51d67347 - aarch64: Document _SC_LEVEL1_DCACHE_LINESIZE caveat - upstream commit 659ca267360e1c1f64eea9205bb81cb5e9049908 - aarch64: optimize _dl_tlsdesc_dynamic fast path - upstream commit 3d1d79283e6de4f7c434cb67fb53a4fd28359669 - aarch64: fix static pie enabled libc when main is in a shared library - upstream commit c9e613a728b9eaf0713b5a5970bb9ad4984fc688 - Add NT_ARM_SVE to elf.h Orabug: <28336148> - Rebase of the aarch64 OL 7.4 patches. - Enable ifunc support. (Egeyar Bagcioglu 2.17-196.0.2.el7_4.2) Orabug: <26894372> [2.17-326.3] - nscd: Fix timeout type in netgroup cache (RHEL-34263) [2.17-326.2] - nscd: Do not use sendfile for the netgroup cache - nscd: Use-after-free in netgroup cache - CVE-2021-27645: nscd: double-free in netgroup cache - CVE-2024-33599: nscd: buffer overflow in netgroup cache (RHEL-34263) - CVE-2024-33600: nscd: null pointer dereferences in netgroup cache - CVE-2024-33601: nscd: crash on out-of-memory condition - CVE-2024-33602: nscd: memory corruption with NSS netgroup modules [2.17-326.1] - CVE-2024-2961: Out of bounds write in iconv conversion to ISO-2022-CN-EXT (RHEL-31803) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-33599 CVE-2024-33601 CVE-2024-2961 CVE-2024-33602 CVE-2024-33600 cpe:/a:oracle:linux:7::userspace_ksplice Oracle Linux 7 [2.17-326.0.9.3] - Forward-port Oracle patches to 2.17-326.3 Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> Oracle history: June-22-2023 Cupertino Miranda <cupertino.miranda@oracle.com> - 2.17-326.0.9 - OraBug 35517820 Reworked previous patch for OraBug 35318841 and removed free() of stack allocations. Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> June-20-2023 Cupertino Miranda <cupertino.miranda@oracle.com> - 2.17-326.0.7 - OraBug 35517820 Do not allocate heap memory in __nptl_tunables_init. - This issue was introduced and fixed in patch related to OraBug 35318841. Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> April-21-2023 Cupertino Miranda <cupertino.miranda@oracle.com> - 2.17-326.0.5 - OraBug 35318841 Glibc tunable to disable huge pages on pthread_create stacks Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> December-19-2022 Cupertino Miranda <cupertino.miranda@oracle.com> - 2.17-326.0.3 - OraBug 34909902 vDSO timer functions support on i686 Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> May-18-2022 Patrick McGehearty <patrick.mcgehearty@oracle.com> - 2.17-326.0.1 - Forward-port Oracle patches to 2.17-326. Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> April-26-2022 Patrick McGehearty <patrick.mcgehearty@oracle.com> - 2.17-325.0.3 - OraBug 33968985 Security Patches This release fixes CVE-2022-23219, CVE-2022-23218, and CVE-2021-3999 Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> October-12-2021 Patrick McGehearty <patrick.mcgehearty@oracle.com> - 2.17-325.0.1 - Merge el7 u9 errata4 patch with Oracle patches Review-exception: Simple merge - Merge el7 u9 errata patches with Oracle patches Review-exception: Simple merge - Adding three arm specific patches to allow glibc x86 tree to be used for - ILOM and other arm builds Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> - Merge el7 u8 patches with Oracle patches Review-exception: Simple merge - Adding Mike Fabian's C.utf-8 patch (C.utf-8 is a unicode-aware version of the C locale) Orabug 29784239. Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> - Remove glibc-ora28641867.patch as duplicate of glibc-rh1705899-4.patch - Make _IO_funlockfile match __funlockfile and _IO_flockfile match __flockfile Both should test if ((stream->_flags & _IO_USER_LOCK) == 0) _IO_lock_lock (*stream->_lock); OraBug 28481550. Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> - Modify glibc-ora28849085.patch so it works with RHCK kernels. Orabug 28849085. - Reviewed-by: Egeyar Bagcioglu <egeyar.bagcioglu@oracle.com> - Use NLM_F_SKIP_STATS in uek2 and RTEXT_FILTER_SKIP_STATS in uek4 in getifaddrs. - Orabug 28849085 - Reviewed-by: Patrick McGehearty <patrick.mcgehearty@oracle.com> - Mention CVE numbers in the .spec file for CVE-2015-8983 and CVE-2015-8984. - Orabug 25558067. - Reviewed-by: Egeyar Bagcioglu <egeyar.bagcioglu@oracle.com> - Regenerate plural.c - OraBug 28806294. - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> - intl: Port to Bison 3.0 - Backport of upstream gettext commit 19f23e290a5e4a82b9edf9f5a4f8ab6192871be9 - OraBug 28806294. - Reviewed-by: Patrick McGehearty <patrick.mcgehearty@oracle.com> - Fix dbl-64/wordsize-64 remquo (bug 17569). - Backport of upstream d9afe48d55a412e76b0dcb28335fd4b390fe07ae - OraBug 19570749. - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> - libio: Disable vtable validation in case of interposition. - Backport of upstream c402355dfa7807b8e0adb27c009135a7e2b9f1b0. - OraBug 28641867. - Reviewed-by: Egeyar Bagcioglu <egeyar.bagcioglu@oracle.com> - Include-linux-falloc.h-in-bits-fcntl-linux.h - Defines FALLOC_FL_PUNSH_HOLE, FALLOC_FL_KEEP_SIZE, FALLOC_FL_COLLAPSE_RANGE, and FALLOC_FL_ZERO_RANGE - OraBug 28483336 - Add MAP_SHARED_VALIDATE and MAP_SYNC flags to - sysdeps/unix/sysv/linux/x86/bits/mman.h - OraBug 28389572 - Update bits/siginfo.h with Linux hwpoison SIGBUS changes. - Adds new SIGBUS error codes for hardware poison signals, syncing with the current kernel headers (v3.9). - It also adds si_trapno field for alpha. - New values: BUS_MCEERR_AR, BUS_MCEERR_AO - OraBug 28124569 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-2961 CVE-2024-33599 CVE-2024-33601 CVE-2024-33602 CVE-2024-33600 cpe:/a:oracle:linux:7::userspace_ksplice Oracle Linux 9 [8.7p1-38.0.2] - Restore dropped earlier ifdef condition for safe _exit(1) call in sshsigdie() [Orabug: 36783468] Resolves CVE-2024-6387 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-6387 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [2.34-100.0.1.2] - Forward-port Oracle patches for ol9-u4 Reviewed by: Jose E. Marchesi <jose.marchesi@oracle.com> Oracle history: April-30-2024 Cupertino Miranda <cupertino.miranda@oracle.com> - 2.34-100.0.1 - Forward-port Oracle patches for ol9-u4 Reviewed by: Indu Bhagat <indu.bhagat@oracle.com> March-28-2024 Cupertino Miranda <cupertino.miranda@oracle.com> - 2.34-100.0.1 - Forward-port Oracle patches for ol9-u4-beta Reviewed by: Jose E. Marchesi <jose.marchesi@oracle.com> March 15 2024 Cupertino Miranda <cupertino.miranda@oracle.com> - 2.34-83.0.2.12 - Forward-port Oracle patches for ol9 Reviewed by: Jose E. Marchesi <jose.marchesi@oracle.com> February-26-2024 Cupertino Miranda <cupertino.miranda@oracle.com> - 2.34-83.0.2.7 - OraBug 36322437 getaddrinfo does not return correct ipv6 address and family Reviewed by: Jose E. Marchesi <jose.marchesi@oracle.com> October-24-2023 Cupertino Miranda <cupertino.miranda@oracle.com> - 2.34-83.0.1.7 - Forward-port Oracle patches for ol9 Reviewed by: Jose E. Marchesi <jose.marchesi@oracle.com> October-4-2023 Cupertino Miranda <cupertino.miranda@oracle.com> - 2.34-82.0.1 - Forward-port Oracle patches for ol9 Reviewed by: Jose E. Marchesi <jose.marchesi@oracle.com> April-18-2023 Cupertino Miranda <cupertino.miranda@oracle.com> - 2.34-60.0.2 - OraBug 35305078 Glibc tunable to disable huge pages on pthread_create stacks - Created tunable glibc.pthread.stack_hugetlb to control when hugepages can be used for stack allocation. - In case THP are enabled and glibc.pthread.stack_hugetlb is set to 0, glibc will madvise the kernel not to use allow hugepages for stack allocations. Reviewed by: Jose E. Marchesi <jose.marchesi@oracle.com> March-28-2023 Cupertino Miranda <cupertino.miranda@oracle.com> - 2.34-60.0.1 - Merge Oracle patches for ol9-u2 beta Reviewed by: Jose E. Marchesi <jose.marchesi@oracle.com> September-28-2022 Patrick McGehearty <patrick.mcgehearty@oracle.com> - 2.34-40.0.1 - Merge Oracle patches for ol9-u1 beta Reviewed by: Jose E. Marchesi <jose.marchesi@oracle.com> April-25-2022 Patrick McGehearty <patrick.mcgehearty@oracle.com> - 2.34-28.0.1 - Merge Oracle patches with ol9 beta - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> [2.34-100.2] - CVE-2024-33599: nscd: buffer overflow in netgroup cache (RHEL-34318) - CVE-2024-33600: nscd: null pointer dereferences in netgroup cache - CVE-2024-33601: nscd: crash on out-of-memory condition - CVE-2024-33602: nscd: memory corruption with NSS netgroup modules [2.34-100.1] - CVE-2024-2961: Out of bounds write in iconv conversion to ISO-2022-CN-EXT (RHEL-32480) [2.34-100] - manual: fix order of arguments of memalign and aligned_alloc (RHEL-21556) [2.34-99] - getaddrinfo: Return correct error EAI_MEMORY when out-of-memory (RHEL-19444) [2.34-98] - getaddrinfo: Fix occasionally empty result due to nscd cache order (RHEL-16643) [2.34-97] - Re-enable output buffering for wide stdio streams (RHEL-19862) [2.34-96] - Fix TLS corruption during dlopen()/dlclose() sequences (RHEL-17465) [2.34-95] - Improve compatibility between underlinking and IFUNC resolvers (RHEL-17319) [2.34-94] - Update syscall-names.list for Linux 6.6. (RHEL-16016) [2.34-93] - malloc: Use __get_nprocs on arena_get2. (RHEL-17157) [2.34-92] - Improve test coverage for wcsdup, strdup and strndup. (RHEL-15343) [2.34-91] - fstat performance enhancement (RHEL-2338) [2.34-90] - ldconfig should skip temporary files created by RPM (RHEL-14383) [2.34-89] - Fix force-first handling in dlclose (RHEL-2491) [2.34-88] - nscd: Refer to /run instead of /var/run in systemd socket file (RHEL-16275) [2.34-87] - Fix slow tls access after dlopen (RHEL-2123) [2.34-86] - Add /usr/share/doc/glibc/gai.conf to glibc-doc (RHEL-14545) [2.34-85] - nscd: Skip unusable entries in first pass in prune_cache (RHEL-3397) [2.34-84] - x86-64: Report non-zero cache sizes under TDX hypervisors (RHEL-1191) [2.34-83.7] - Fix memory leak regression in getaddrinfo (RHEL-2426) [2.34-83.6] - CVE-2023-4911 glibc: buffer overflow in ld.so leading to privilege escalation (RHEL-3000) [2.34-83.5] - Revert: Always call destructors in reverse constructor order (RHEL-2491) [2.34-83.4] - CVE-2023-4806 glibc: potential use-after-free in getaddrinfo (RHEL-2426) [2.34-83.3] - CVE-2023-4813: potential use-after-free in gaih_inet (RHEL-2438) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-2961 CVE-2024-33601 CVE-2024-33602 CVE-2024-33599 CVE-2024-33600 cpe:/a:oracle:linux:9::userspace_ksplice Oracle Linux 9 - [5.14.0-362.24.1_3.OL9] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944] - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Disable unified kernel image package build - Add Oracle Linux IMA certificates [5.14.0-362.24.1_3] - RDMA/mlx5: Fix assigning access flags to cache mkeys (Mohammad Kabat) [RHEL-25242 RHEL-882] - drm/amdgpu: Fix potential fence use-after-free v2 (Jan Stancek) [RHEL-24501 RHEL-24504 RHEL-22506 RHEL-22507] {CVE-2023-51042} - ceph: defer stopping mdsc delayed_work (Xiubo Li) [RHEL-22256 RHEL-16415] - ceph: never send metrics if disable_send_metrics is set (Xiubo Li) [RHEL-22256 RHEL-16415] - ceph: don't let check_caps skip sending responses for revoke msgs (Xiubo Li) [RHEL-22256 RHEL-16415] - ceph: issue a cap release immediately if no cap exists (Xiubo Li) [RHEL-22256 RHEL-16415] - ceph: trigger to flush the buffer when making snapshot (Xiubo Li) [RHEL-22256 RHEL-16415] - ceph: fix blindly expanding the readahead windows (Xiubo Li) [RHEL-22256 RHEL-16415] - ceph: add a dedicated private data for netfs rreq (Xiubo Li) [RHEL-22256 RHEL-16415] - ceph: voluntarily drop Xx caps for requests those touch parent mtime (Xiubo Li) [RHEL-22256 RHEL-16415] - ceph: try to dump the msgs when decoding fails (Xiubo Li) [RHEL-22256 RHEL-16415] - ceph: only send metrics when the MDS rank is ready (Xiubo Li) [RHEL-22256 RHEL-16415] - x86/boot: Ignore NMIs during very early boot (Derek Barbosa) [RHEL-24449 RHEL-9380] - Documentation, mm/unaccepted: document accept_memory kernel parameter (Paolo Bonzini) [RHEL-20808 RHEL-10059] - proc/kcore: do not try to access unaccepted memory (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi/unaccepted: do not let /proc/vmcore try to access unaccepted memory (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/traps: Fix load_unaligned_zeropad() handling for shared TDX memory (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi/unaccepted: Fix off-by-one when checking for overlapping ranges (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/tdx: Zero out the missing RSI in TDX_HYPERCALL macro (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/kvm: Do not try to disable kvmclock if it was not enabled (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/tdx: Mark TSC reliable (Paolo Bonzini) [RHEL-20808 RHEL-10059] - RHEL: kABI fixup for struct zone (Paolo Bonzini) [RHEL-20808 RHEL-10059] - RHEL: introduce NR_VM_ZONE_STAT_ITEMS_ACTUAL for kABI-preserving zone stats (Paolo Bonzini) [RHEL-20808 RHEL-10059] - RHEL: 9.3 kABI fixup for struct efi (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/mm: Fix enc_status_change_finish_noop() (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/tdx: Fix race between set_memory_encrypted() and load_unaligned_zeropad() (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/mm: Allow guest.enc_status_change_prepare() to fail (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/coco: Mark cc_platform_has() and descendants noinstr (Paolo Bonzini) [RHEL-20808 RHEL-10059] - virt: sevguest: Add CONFIG_CRYPTO dependency (Paolo Bonzini) [RHEL-20808 RHEL-10059] - mm/page_alloc: make deferred page init free pages in MAX_ORDER blocks (Paolo Bonzini) [RHEL-20808 RHEL-10059] - mm/page_alloc: fix obsolete comment in deferred_pfn_valid() (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/sev: Change npages to unsigned long in snp_accept_memory() (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi/unaccepted: Fix soft lockups caused by parallel memory acceptance (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi/unaccepted: Make sure unaccepted table is mapped (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/efi: Safely enable unaccepted memory in UEFI (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/sev: Add SNP-specific unaccepted memory support (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/sev: Use large PSC requests if applicable (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/sev: Allow for use of the early boot GHCB for PSC requests (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/sev: Put PSC struct on the stack in prep for unaccepted memory support (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/sev: Fix calculation of end address based on number of pages (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/tdx: Wrap exit reason with hcall_func() (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/tdx: Add unaccepted memory support (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/tdx: Refactor try_accept_one() (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi/unaccepted: Avoid load_unaligned_zeropad() stepping into unaccepted memory (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi: Add unaccepted memory support (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/boot/compressed: Handle unaccepted memory (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi/unaccepted: Use ACPI reclaim memory for unaccepted memory table (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi/libstub: Implement support for unaccepted memory (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi/x86: Get full memory map in allocate_e820() (Paolo Bonzini) [RHEL-20808 RHEL-10059] - memblock tests: Fix compilation errors. (Paolo Bonzini) [RHEL-20808 RHEL-10059] - mm: Add support for unaccepted memory (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/boot: Centralize __pa()/__va() definitions (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/boot: Add an efi.h header for the decompressor (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/tdx: Make _tdx_hypercall() and __tdx_module_call() available in boot stub (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/tdx: Drop flags from __tdx_hypercall() (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/tdx: Disable NOTIFY_ENABLES (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/tdx: Relax SEPT_VE_DISABLE check for debug TD (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/tdx: Use ReportFatalError to report missing SEPT_VE_DISABLE (Paolo Bonzini) [RHEL-20808 RHEL-10059] - cpuidle, tdx: Make TDX code noinstr clean (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/tdx: Remove TDX_HCALL_ISSUE_STI (Paolo Bonzini) [RHEL-20808 RHEL-10059] - mm: add pageblock_aligned() macro (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi: memmap: Disregard bogus entries instead of returning them (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi: memmap: Move manipulation routines into x86 arch tree (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi: memmap: Move EFI fake memmap support into x86 arch tree (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi: libstub: install boot-time memory map as config table (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi: libstub: remove DT dependency from generic stub (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi: libstub: unify initrd loading between architectures (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi: libstub: remove pointless goto kludge (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi: libstub: simplify efi_get_memory_map() and struct efi_boot_memmap (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi: libstub: avoid efi_get_memory_map() for allocating the virt map (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi: libstub: drop pointless get_memory_map() call (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi/libstub: move efi_system_table global var into separate object (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi/x86: libstub: remove unused variable (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi: Correct comment on efi_memmap_alloc (Paolo Bonzini) [RHEL-20808 RHEL-10059] - drivers: fix typo in firmware/efi/memmap.c (Paolo Bonzini) [RHEL-20808 RHEL-10059] - netfilter: nf_tables: skip set commit for deleted/destroyed sets (Phil Sutter) [RHEL-20683 RHEL-20686 RHEL-20214 RHEL-20217] {CVE-2024-0193} - redhat: add missing -rt JIRAs (Jan Stancek) [5.14.0-362.23.1_3] - iommu/arm-smmu-v3: Fix soft lockup triggered by arm_smmu_mm_invalidate_range (Jerry Snitselaar) [RHEL-19382 RHEL-11590] - arm64/smmu: use TLBI ASID when invalidating entire range (Jerry Snitselaar) [RHEL-19382 RHEL-11590] - netfilter: nft_set_pipapo: skip inactive elements during set walk (Florian Westphal) [RHEL-20701 RHEL-20709 RHEL-19722 RHEL-19961] {CVE-2023-6817} - netfilter: nf_tables: split async and sync catchall in two functions (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: remove catchall element in GC sync path (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: expose opaque set element as struct nft_elem_priv (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: set backend .flush always succeeds (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nft_set_pipapo: no need to call pipapo_deactivate() from flush (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: work around newrule after chain binding (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: fix memleak when more than 255 elements expired (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: disable toggling dormant table state more than once (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: disallow element removal on anonymous sets (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: disallow rule removal from chain binding (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: defer gc run if previous batch is still pending (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: fix out of memory error handling (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: use correct lock to protect gc_list (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: GC transaction race with abort path (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: flush pending destroy work before netlink notifier (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nft_dynset: disallow object maps (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: GC transaction race with netns dismantle (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: don't fail inserts if duplicate has expired (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: deactivate catchall elements in next generation (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: fix kdoc warnings after gc rework (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: fix false-positive lockdep splat (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: remove busy mark and gc batch API (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nft_set_hash: mark set element as dead when deleting from packet path (Florian Westphal) [RHEL-22131 RHEL-22134 RHEL-1720 RHEL-1721] {CVE-2023-4244} - netfilter: nf_tables: adapt set backend to use GC transaction API (Florian Westphal) [RHEL-22131 RHEL-22134 RHEL-1720 RHEL-1721] {CVE-2023-4244} - netfilter: nft_set_rbtree: fix overlap expiration walk (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: GC transaction API to avoid race with control plane (Florian Westphal) [RHEL-22131 RHEL-22134 RHEL-1720 RHEL-1721] {CVE-2023-4244} - netfilter: nf_tables: don't skip expired elements during walk (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: skip bound chain in netns release path (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: fix spurious set element insertion failure (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: report use refcount overflow (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: fix underflow in chain reference counter (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: disallow timeout for anonymous sets (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: disallow updates of anonymous sets (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: reject unbound chain set before commit phase (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: reject unbound anonymous set before commit phase (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: disallow element updates of bound anonymous sets (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: fix underflow in object reference counter (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: drop map element references from preparation phase (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: validate variable length element extension (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nft_set_pipapo: .walk does not deal with generations (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: relax set/map validation checks (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: integrate pipapo into commit protocol (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: upfront validation of data via nft_data_init() (Florian Westphal) [RHEL-22131 RHEL-1720] - rbd: don't move requests to the running list on errors (Ilya Dryomov) [RHEL-23863 RHEL-21939] - ASoC: SOF: intel: hda: Clean up link DMA for IPC3 during stop (Jaroslav Kysela) [RHEL-24033 RHEL-13724] - platform/x86/intel-uncore-freq: Return error on write frequency (David Arcari) [RHEL-15751 2177013] - platform/x86: intel-uncore-freq: Add client processors (David Arcari) [RHEL-15751 2177013] - platform/x86: intel-uncore-freq: add Emerald Rapids support (David Arcari) [RHEL-15751 2177013] - platform/x86: intel-uncore-freq: Use sysfs_emit() to instead of scnprintf() (David Arcari) [RHEL-15751 2177013] - platform/x86: intel-uncore-freq: Prevent driver loading in guests (David Arcari) [RHEL-15751 2177013] - platform/x86: intel-uncore-freq: fix uncore_freq_common_init() error codes (David Arcari) [RHEL-15751 2177013] - Documentation: admin-guide: pm: Document uncore frequency scaling (David Arcari) [RHEL-15751 2177013] - platform/x86/intel-uncore-freq: Split common and enumeration part (David Arcari) [RHEL-15751 2177013] - platform/x86/intel/uncore-freq: Display uncore current frequency (David Arcari) [RHEL-15751 2177013] - platform/x86/intel/uncore-freq: Use sysfs API to create attributes (David Arcari) [RHEL-15751 2177013] - platform/x86/intel/uncore-freq: Move to uncore-frequency folder (David Arcari) [RHEL-15751 2177013] - platform/x86: intel-uncore-frequency: use default_groups in kobj_type (David Arcari) [RHEL-15751 2177013] - platform/x86: intel-uncore-frequency: Move to intel sub-directory (David Arcari) [RHEL-15751 2177013] - Revert 'platform/x86: intel-uncore-freq: add Emerald Rapids support' (David Arcari) [RHEL-15751 2177013] - iommu/iova: Manage the depot list size (Jay Shin) [RHEL-21517 RHEL-11148] - iommu/iova: Make the rcache depot scale better (Jay Shin) [RHEL-21517 RHEL-11148] - drm/amd/pm: Fix error of MACO flag setting code (Michel Danzer) [RHEL-16741 RHEL-16742 RHEL-14571 RHEL-15927] - drm/amd: Fix detection of _PR3 on the PCIe root port (Michel Danzer) [RHEL-16741 RHEL-16742 RHEL-14571 RHEL-15927] [5.14.0-362.22.1_3] - usb: typec: ucsi: Use GET_CAPABILITY attributes data to set power supply scope (Desnes Nunes) [RHEL-21838 RHEL-14573] - KVM: SVM: Do not use user return MSR support for virtualized TSC_AUX (Paolo Bonzini) [RHEL-20415 RHEL-16384] - KVM: SVM: Fix TSC_AUX virtualization setup (Paolo Bonzini) [RHEL-20415 RHEL-16384] - KVM: SVM: INTERCEPT_RDTSCP is never intercepted anyway (Paolo Bonzini) [RHEL-20415 RHEL-16384] - net: tls, update curr on splice as well (Sabrina Dubroca) [RHEL-22094 RHEL-22097 RHEL-19066 RHEL-19067] {CVE-2024-0646} - smb: client: fix OOB in smbCalcSize() (Scott Mayhew) [RHEL-21664 RHEL-21669 RHEL-18992 RHEL-18993] {CVE-2023-6606} - NFSv4.1: fixup use EXCHGID4_FLAG_USE_PNFS_DS for DS server (Jeffrey Layton) [RHEL-22284 RHEL-7936] - NFSv4.1: fix zero value filehandle in post open getattr (Jeffrey Layton) [RHEL-22284 RHEL-7936] - NFSv4.1: fix pnfs MDS=DS session trunking (Jeffrey Layton) [RHEL-22284 RHEL-7936] - NFSv4.1: use EXCHGID4_FLAG_USE_PNFS_DS for DS server (Jeffrey Layton) [RHEL-22284 RHEL-7936] - nvmet-tcp: Fix the H2C expected PDU len calculation (Maurizio Lombardi) [RHEL-22290 RHEL-22292 RHEL-22627 RHEL-22629 RHEL-22632 RHEL-22636 RHEL-19150 RHEL-19153 RHEL-19156 RHEL-19159 RHEL-19162 RHEL-19165] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536} - nvmet-tcp: remove boilerplate code (Maurizio Lombardi) [RHEL-22290 RHEL-22292 RHEL-22627 RHEL-22629 RHEL-22632 RHEL-22636 RHEL-19150 RHEL-19153 RHEL-19156 RHEL-19159 RHEL-19162 RHEL-19165] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536} - nvmet-tcp: fix a crash in nvmet_req_complete() (Maurizio Lombardi) [RHEL-22290 RHEL-22292 RHEL-22627 RHEL-22629 RHEL-22632 RHEL-22636 RHEL-19150 RHEL-19153 RHEL-19156 RHEL-19159 RHEL-19162 RHEL-19165] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536} - nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length (Maurizio Lombardi) [RHEL-22290 RHEL-22292 RHEL-22627 RHEL-22629 RHEL-22632 RHEL-22636 RHEL-19150 RHEL-19153 RHEL-19156 RHEL-19159 RHEL-19162 RHEL-19165] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536} - ice: dpll: fix phase offset value (Petr Oros) [RHEL-17652 RHEL-15789] - dpll: netlink/core: change pin frequency set behavior (Petr Oros) [RHEL-17652 RHEL-15789] - ice: dpll: implement phase related callbacks (Petr Oros) [RHEL-17652 RHEL-15789] - dpll: netlink/core: add support for pin-dpll signal phase offset/adjust (Petr Oros) [RHEL-17652 RHEL-15789] - dpll: spec: add support for pin-dpll signal phase offset/adjust (Petr Oros) [RHEL-17652 RHEL-15789] - dpll: docs: add support for pin signal phase offset/adjust (Petr Oros) [RHEL-17652 RHEL-15789] - netlink: specs: remove redundant type keys from attributes in subsets (Petr Oros) [RHEL-17652 RHEL-15789] - md/raid6: use valid sector values to determine if an I/O should wait on the reshape (Nigel Croxon) [RHEL-20933 RHEL-17276] [5.14.0-362.21.1_3] - x86/microcode: do not cache microcode if it will not be used (Paolo Bonzini) [RHEL-21567 RHEL-16225] - x86/hyperv: Move the code in ivm.c around to avoid unnecessary ifdef's (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Remove hv_isolation_type_en_snp (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Use TDX GHCI to access some MSRs in a TDX VM with the paravisor (Vitaly Kuznetsov) [RHEL-21441 2176350] - Drivers: hv: vmbus: Bring the post_msg_page back for TDX VMs with the paravisor (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Introduce a global variable hyperv_paravisor_present (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Add missing 'inline' to hv_snp_boot_ap() stub (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Mark hv_ghcb_terminate() as noreturn (Vitaly Kuznetsov) [RHEL-21441 2176350] - Drivers: hv: vmbus: Support >64 VPs for a fully enlightened TDX/SNP VM (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Fix serial console interrupts for fully enlightened TDX guests (Vitaly Kuznetsov) [RHEL-21441 2176350] - Drivers: hv: vmbus: Support fully enlightened TDX guests (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Support hypercalls for fully enlightened TDX guests (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Add hv_isolation_type_tdx() to detect TDX guests (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Fix undefined reference to isolation_type_en_snp without CONFIG_HYPERV (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Add hyperv-specific handling for VMMCALL under SEV-ES (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Add smp support for SEV-SNP guest (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Add VTL specific structs and hypercalls (Vitaly Kuznetsov) [RHEL-21441 2176350] - clocksource: hyper-v: Mark hyperv tsc page unencrypted in sev-snp enlightened guest (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Use vmmcall to implement Hyper-V hypercall in sev-snp enlightened guest (Vitaly Kuznetsov) [RHEL-21441 2176350] - drivers: hv: Mark percpu hvcall input arg page unencrypted in SEV-SNP enlightened guest (Vitaly Kuznetsov) [RHEL-21441 2176350] - Drivers: hv: vmbus: Remove the per-CPU post_msg_page (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Mark Hyper-V vp assist page unencrypted in SEV-SNP enlightened guest (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Set Virtual Trust Level in VMBus init message (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Add sev-snp enlightened guest static key (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/tdx: Do not corrupt frame-pointer in __tdx_hypercall() (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/tdx: Expand __tdx_hypercall() to handle more arguments (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/tdx: Refactor __tdx_hypercall() to allow pass down more arguments (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/tdx: Add more registers to struct tdx_hypercall_args (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/tdx: Fix typo in comment in __tdx_hypercall() (Vitaly Kuznetsov) [RHEL-21441 2176350] - blk-mq: don't count completed flush data request as inflight in case of quiesce (Ming Lei) [RHEL-19105 RHEL-18054] - NFS: Use parent's objective cred in nfs_access_login_time() (Jay Shin) [RHEL-22147 RHEL-16024] - s390/qeth: Don't call dev_close/dev_open (DOWN/UP) (Tobias Huschle) [RHEL-17887 RHEL-2412] - smb: client: fix potential OOB in smb2_dump_detail() (Scott Mayhew) [RHEL-19146 RHEL-21679 RHEL-19147 RHEL-21677] {CVE-2023-6610} - smb: client: fix potential OOB in cifs_dump_detail() (Scott Mayhew) [RHEL-19146 RHEL-21679 RHEL-19147 RHEL-21677] {CVE-2023-6610} - x86/sev: Do not handle #VC for DR7 read/write (Paolo Bonzini) [RHEL-21885 RHEL-15069] - x86/sev: Use the GHCB protocol when available for SNP CPUID requests (Paolo Bonzini) [RHEL-21885 RHEL-15069] [5.14.0-362.20.1_3] - s390/dasd: print copy pair message only for the correct error (Tobias Huschle) [RHEL-11980 RHEL-2833] - x86/microcode/AMD: Rip out static buffers (David Arcari) [RHEL-14590 RHEL-10030] - x86/microcode/AMD: Load late on both threads too (David Arcari) [RHEL-14590 RHEL-10030] - x86/microcode/amd: Remove unneeded pointer arithmetic (David Arcari) [RHEL-14590 RHEL-10030] - x86/microcode/AMD: Get rid of __find_equiv_id() (David Arcari) [RHEL-14590 RHEL-10030] - docs: move x86 documentation into Documentation/arch/ (David Arcari) [RHEL-14590 RHEL-10030] - x86/microcode/AMD: Handle multiple glued containers properly (David Arcari) [RHEL-14590 RHEL-10030] - mm: Fix copy_from_user_nofault(). (Waiman Long) [RHEL-18946 RHEL-18440] - redhat: rewrite genlog and support Y- tags (Jan Stancek) [5.14.0-362.19.1_3] - redhat: fix kernel changelog entry for RHEL-16560 (Jan Stancek) - perf/core: Fix potential NULL deref (Wander Lairson Costa) [RHEL-18087 RHEL-18088 RHEL-14984 RHEL-14985] {CVE-2023-5717} - perf: Disallow mis-matched inherited group reads (Wander Lairson Costa) [RHEL-18087 RHEL-18088 RHEL-14984 RHEL-14985] {CVE-2023-5717} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-0646 CVE-2023-6356 CVE-2023-6606 CVE-2023-6610 CVE-2024-0193 CVE-2023-5717 CVE-2023-6817 CVE-2023-4244 CVE-2023-6535 CVE-2023-6536 CVE-2023-51042 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 7 [3.10.0-1160.114.2.0.1.OL7] - debug: lock down kgdb [Orabug: 34270798] {CVE-2022-21499} [3.10.0-1160.114.2.OL7] - Update Oracle Linux certificates (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-2.0.9 - Update oracle(kernel-sig-key) value to match new certificate (Ilya Okomin) [3.10.0-1160.114.2] - sched/membarrier: reduce the ability to hammer on sys_membarrier (Wander Lairson Costa) [RHEL-26402] {CVE-2024-26602} [3.10.0-1160.114.1] - netfilter: nf_tables: reject QUEUE/DROP verdict parameters (Florian Westphal) [RHEL-23500] {CVE-2024-1086} [3.10.0-1160.113.1] - igb: set max size RX buffer when store bad packet is enabled (Wander Lairson Costa) [RHEL-15181] {CVE-2023-45871} - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (David Marlin) [RHEL-2742] {CVE-2022-42896} - Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (David Marlin) [RHEL-2742] {CVE-2022-42896} - Bluetooth: Use separate L2CAP LE credit based connection result values (David Marlin) [RHEL-2742] {CVE-2022-42896} - Bluetooth: L2CAP: Fix L2CAP_CR_SCID_IN_USE value (David Marlin) [RHEL-2742] {CVE-2022-42896} [3.10.0-1160.112.1] - net: sched: sch_qfq: Use non-work-conserving warning handler (Davide Caratti) [RHEL-14397] - net: sched: sch_qfq: Fix UAF in qfq_dequeue() (Davide Caratti) [RHEL-14397] {CVE-2023-4921} - cpufreq: Initialize policy->kobj while allocating policy (Waiman Long) [2161654] - net: bonding: fix possible NULL deref in rlb code (Hangbin Liu) [RHEL-17227] - net: bonding: fix use-after-free after 802.3ad slave unbind (Hangbin Liu) [RHEL-17227] [3.10.0-1160.111.1] - redhat: rewrite genlog and support Y- tags (Jan Stancek) - scsi: zfcp: Fix double free of FSF request when qdio send fails (Tobias Huschle) [RHEL-16335] - fbcon: set_con2fb_map needs to set con2fb_map! (Jocelyn Falempe) [RHEL-1204] {CVE-2023-38409} [3.10.0-1160.110.1] - gfs2: Fix glock recursion on withdraw during recovery (Andreas Gruenbacher) [RHEL-17223] [3.10.0-1160.109.1] - x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (Waiman Long) [RHEL-17703] - scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly (Oleksandr Natalenko) [2224973] - scsi: qedf: Do not touch __user pointer in qedf_dbg_debug_cmd_read() directly (Oleksandr Natalenko) [2224973] - scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly (Oleksandr Natalenko) [2224973] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-38409 CVE-2023-4921 CVE-2023-45871 CVE-2024-1086 CVE-2022-42896 CVE-2024-26602 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ol7 cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 8 hivex libguestfs libguestfs-winsupport libiscsi libnbd libtpms libvirt [9.0.0-5.el8] - Fix off-by-one error in udevListInterfacesByStatus (Martin Kletzander) [Orabug: 36364464] {CVE-2024-1441} libvirt-dbus libvirt-python nbdkit netcf perl-Sys-Virt qemu-kvm [7.2.0-13] - vfio/migration: Enhance VFIO migration state tracing (Avihai Horon) - vfio/migration: Don't emit STOP_COPY VFIO migration QAPI event twice (Avihai Horon) - vfio/migration: Emit VFIO migration QAPI event (Avihai Horon) - qapi/vfio: Add VFIO migration QAPI event (Avihai Horon) - migration/multifd: solve zero page causing multiple page faults (Yuan Liu) [Orabug: 36727051] - multifd: Add the ramblock to MultiFDRecvParams (Lukas Straub) [Orabug: 36727051] - migration: Fix qmp_query_migrate mbps value (Fabiano Rosas) [Orabug: 36727104] - migration: Allow user to specify available switchover bandwidth (Peter Xu) [Orabug: 35636284] - migration/dirtyrate: Fix precision losses and g_usleep overshoot (Andrei Gudkov) [Orabug: 36727091] - Use new created qemu_target_pages_to_MiB() (Juan Quintela) [Orabug: 36727091] - softmmu: Create qemu_target_pages_to_MiB() (Juan Quintela) [Orabug: 36727091] - migration/calc-dirty-rate: replaced CRC32 with xxHash (Andrei Gudkov) [Orabug: 36727063] - migration/multifd: Enable multifd zero page checking by default. (Hao Xiang) [Orabug: 34131170] - migration/multifd: Implement ram_save_target_page_multifd to handle multifd version of MigrationOps::ram_save_target_page. (Hao Xiang) [Orabug: 34131170] - migration/multifd: Implement zero page transmission on the multifd thread. (Hao Xiang) [Orabug: 34131170] - migration/multifd: Add new migration option zero-page-detection. (Hao Xiang) [Orabug: 34131170] - migration: Make ram_save_target_page() a pointer (Juan Quintela) [Orabug: 34131170] - migration: Yield bitmap_mutex properly when sending/sleeping (Peter Xu) [Orabug: 34131170] - migration/multifd: Add a synchronization point for channel creation (Fabiano Rosas) [Orabug: 34131170] - migration/multifd: Unify multifd and TLS connection paths (Fabiano Rosas) [Orabug: 34131170] - migration/multifd: Move multifd_send_setup into migration thread (Fabiano Rosas) [Orabug: 34131170] - migration/multifd: Move multifd_send_setup error handling in to the function (Fabiano Rosas) [Orabug: 34131170] - migration/multifd: Remove p->running (Fabiano Rosas) [Orabug: 34131170] - migration/multifd: Optimize sender side to be lockless (Peter Xu) [Orabug: 34131170] - migration/multifd: Join the TLS thread (Fabiano Rosas) [Orabug: 34131170] - migration/multifd: Fix MultiFDSendParams.packet_num race (Peter Xu) [Orabug: 34131170] - migration/multifd: Stick with send/recv on function names (Peter Xu) [Orabug: 34131170] - migration/multifd: Cleanup multifd_load_cleanup() (Peter Xu) [Orabug: 34131170] - migration/multifd: Cleanup multifd_save_cleanup() (Peter Xu) [Orabug: 34131170] - migration/multifd: Rewrite multifd_queue_page() (Peter Xu) [Orabug: 34131170] - migration/multifd: Change retval of multifd_send_pages() (Peter Xu) [Orabug: 34131170] - migration/multifd: Change retval of multifd_queue_page() (Peter Xu) [Orabug: 34131170] - migration/multifd: Split multifd_send_terminate_threads() (Peter Xu) [Orabug: 34131170] - migration/multifd: Forbid spurious wakeups (Peter Xu) [Orabug: 34131170] - migration/multifd: Move header prepare/fill into send_prepare() (Peter Xu) [Orabug: 34131170] - migration/multifd: multifd_send_prepare_header() (Peter Xu) [Orabug: 34131170] - migration/multifd: Move trace_multifd_send|recv() (Peter Xu) [Orabug: 34131170] - migration/multifd: Move total_normal_pages accounting (Peter Xu) [Orabug: 34131170] - migration/multifd: Rename p->num_packets and clean it up (Peter Xu) [Orabug: 34131170] - migration/multifd: Drop pages->num check in sender thread (Peter Xu) [Orabug: 34131170] - migration/multifd: Simplify locking in sender thread (Peter Xu) [Orabug: 34131170] - migration/multifd: Separate SYNC request with normal jobs (Peter Xu) [Orabug: 34131170] - migration/multifd: Drop MultiFDSendParams.normal[] array (Peter Xu) [Orabug: 34131170] - migration/multifd: Postpone reset of MultiFDPages_t (Peter Xu) [Orabug: 34131170] - migration/multifd: Remove MultiFDPages_t::packet_num (Fabiano Rosas) [Orabug: 34131170] - migration/multifd: Drop MultiFDSendParams.quit, cleanup error paths (Peter Xu) [Orabug: 34131170] - migration/multifd: multifd_send_kick_main() (Peter Xu) [Orabug: 34131170] - migration/multifd: Fix leaking of Error in TLS error flow (Avihai Horon) [Orabug: 34131170] - migration/ram: Merge save_zero_page functions (Fabiano Rosas) [Orabug: 34131170] - migration/ram: Move xbzrle zero page handling into save_zero_page (Fabiano Rosas) [Orabug: 34131170] - migration/multifd: Stop setting p->ioc before connecting (Fabiano Rosas) [Orabug: 34131170] - migration: Centralize BH creation and dispatch (Fabiano Rosas) [Orabug: 34131170] - migration: Add a wrapper to qemu_bh_schedule (Fabiano Rosas) [Orabug: 34131170] - migration: Remove transferred atomic counter (Juan Quintela) [Orabug: 35636284] - migration: Use migration_transferred_bytes() (Juan Quintela) [Orabug: 35636284] - migration: migration_rate_limit_reset() don't need the QEMUFile (Juan Quintela) [Orabug: 35636284] - migration: migration_transferred_bytes() don't need the QEMUFile (Juan Quintela) [Orabug: 35636284] - multifd: reset next_packet_len after sending pages (Elena Ufimtseva) [Orabug: 35636284] - multifd: fix counters in multifd_send_thread (Elena Ufimtseva) [Orabug: 35636284] - migration/multifd: Compute transferred bytes correctly (Juan Quintela) [Orabug: 35636284] - migration: check for rate_limit_max for RATE_LIMIT_DISABLED (Elena Ufimtseva) [Orabug: 35636284] - migration: Use the number of transferred bytes directly (Juan Quintela) [Orabug: 35636284] - qemu_file: Use a stat64 for qemu_file_transferred (Juan Quintela) [Orabug: 35636284] - migration: set file error on subsection loading (Marc-Andre Lureau) [Orabug: 35636284] - migration: Receiving a zero page non zero is an error (Juan Quintela) [Orabug: 35636284] - migration/multifd: Stop checking p->quit in multifd_send_thread (Fabiano Rosas) [Orabug: 35636284] - migration/multifd: Clarify Error usage in multifd_channel_connect (Fabiano Rosas) [Orabug: 35636284] - multifd: cleanup the function multifd_channel_connect (Li Zhang) [Orabug: 35636284] - migration/multifd: Unify multifd_send_thread error paths (Fabiano Rosas) [Orabug: 35636284] - migration: Non multifd migration don't care about multifd flushes (Juan Quintela) [Orabug: 35636284] - migration: fix RAMBlock add NULL check (Dmitry Frolov) [Orabug: 35829153] - migration: We don't need the field rate_limit_used anymore (Juan Quintela) [Orabug: 35636284] - migration: Use migration_transferred_bytes() to calculate rate_limit (Juan Quintela) [Orabug: 35636284] - migration: Add a trace for migration_transferred_bytes (Juan Quintela) [Orabug: 35636284] - migration: Move migration_total_bytes() to migration-stats.c (Juan Quintela) [Orabug: 35636284] - qemu-file: Remove total from qemu_file_total_transferred_*() (Juan Quintela) [Orabug: 35636284] - migration: Move rate_limit_max and rate_limit_used to migration_stats (Juan Quintela) [Orabug: 35636284] - qemu-file: Account for rate_limit usage on qemu_fflush() (Juan Quintela) [Orabug: 35636284] - migration: Don't use INT64_MAX for unlimited rate (Juan Quintela) [Orabug: 35636284] - qemu-file: Make rate_limit_used an uint64_t (Juan Quintela) [Orabug: 35636284] - qemu-file: make qemu_file_[sg]et_rate_limit() use an uint64_t (Juan Quintela) [Orabug: 35636284] - migration: We set the rate_limit by a second (Juan Quintela) [Orabug: 35829153] - migration: A rate limit value of 0 is valid (Juan Quintela) [Orabug: 35636284] - qemu-file: Make ram_control_save_page() use accessors for rate_limit (Juan Quintela) [Orabug: 35636284] - qemu-file: Make total_transferred an uint64_t (Juan Quintela) [Orabug: 35636284] - qemu-file: No need to check for shutdown in qemu_file_rate_limit (Juan Quintela) [Orabug: 35636284] - migration: Document all migration_stats (Juan Quintela) [Orabug: 35636284] - multifd: We already account for this packet on the multifd thread (Juan Quintela) [Orabug: 35636284] - migration: Make dirty_bytes_last_sync atomic (Juan Quintela) [Orabug: 35636284] - migration: Make dirty_pages_rate atomic (Juan Quintela) [Orabug: 35636284] - stat64: Add stat64_set() operation (Paolo Bonzini) [Orabug: 35636284] - multifd: Only flush once each full round of memory (Juan Quintela) [Orabug: 35636284] - migration: Make find_dirty_block() return a single parameter (Juan Quintela) [Orabug: 35636284] - migration: Simplify ram_find_and_save_block() (Juan Quintela) [Orabug: 35636284] - multifd: Protect multifd_send_sync_main() calls (Juan Quintela) [Orabug: 35636284] - multifd: Create property multifd-flush-after-each-section (Juan Quintela) [Orabug: 35636284] - multifd: Fix the number of channels ready (Juan Quintela) [Orabug: 35636284] - migration: Rename normal to normal_pages (Juan Quintela) [Orabug: 35636284] - migration: Rename duplicate to zero_pages (Juan Quintela) [Orabug: 35636284] - migration: Make dirty_sync_count atomic (Juan Quintela) [Orabug: 35636284] - migration: Make downtime_bytes atomic (Juan Quintela) [Orabug: 35636284] - migration: Make precopy_bytes atomic (Juan Quintela) [Orabug: 35636284] - migration: Make dirty_sync_missed_zero_copy atomic (Juan Quintela) [Orabug: 35636284] - migration: Make multifd_bytes atomic (Juan Quintela) [Orabug: 35636284] - migration: Update atomic stats out of the mutex (Juan Quintela) [Orabug: 35636284] - migration: Merge ram_counters and ram_atomic_counters (Juan Quintela) [Orabug: 35636284] - migration/multifd: correct multifd_send_thread to trace the flags (Wei Wang) [Orabug: 35636284] - ram: Document migration ram flags (Juan Quintela) [Orabug: 35636284] - migration: Calculate ram size once (Juan Quintela) [Orabug: 35636284] - multifd: Fix a race on reading MultiFDPages_t.block (Zhenzhong Duan) [Orabug: 35636284] - migration: Use atomic ops properly for page accountings (Peter Xu) [Orabug: 35636284] - migration: Export ram_release_page() (Juan Quintela) [Orabug: 35636284] - migration: Export ram_transferred_ram() (Juan Quintela) [Orabug: 35636284] - multifd: Create page_count fields into both MultiFD{Recv,Send}Params (Juan Quintela) [Orabug: 35636284] - multifd: Create page_size fields into both MultiFD{Recv,Send}Params (Juan Quintela) [Orabug: 35636284] - migration: Fix migration_channel_read_peek() error path () (Avihai Horon) [Orabug: 36726827] - migration/multifd: Remove error_setg() in migration_ioc_process_incoming() (Avihai Horon) [Orabug: 36726827] - migration: Refactor migration_incoming_setup() (Avihai Horon) [Orabug: 36726827] - migration: check magic value for deciding the mapping of channels (manish.mishra) [Orabug: 36726827] - io: Add support for MSG_PEEK for socket channel (manish.mishra) [Orabug: 36726827] - hw/sd/sdhci: Do not update TRNMOD when Command Inhibit (DAT) is set (hilippe Mathieu-Daude) [Orabug: 36575206] {CVE-2024-3447} - block: lock AioContext in bdrv_replace_child_noperm() when in non-coroutine context (Mark Kanda) [Orabug: 36514180] - hw/scsi/scsi-generic: Fix io_timeout property not applying (Lorenz Brun) [Orabug: 36637684] - target/i386/monitor: synchronize cpu state for lapic info (Dongli Zhang) [Orabug: 36607747] - qemu_init: increase NOFILE soft limit on POSIX (Fiona Ebner) [Orabug: 36416389] seabios sgabios supermin swtpm virt-v2v MODERATE Copyright 2024 Oracle, Inc. CVE-2024-1441 CVE-2024-3447 cpe:/a:oracle:linux:8::kvm_appstream Oracle Linux 8 Oracle Linux 9 [5.15.0-208.159.3.2] - net/mlx5e: drop shorter ethernet frames (Manjunath Patil) [Orabug: 36660755] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-41090 CVE-2024-41091 cpe:/a:oracle:linux:8::UEKR7 cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9::UEKR7 Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.333.5.1] - net/mlx5e: drop shorter ethernet frames (Manjunath Patil) [Orabug: 36660755] - pci: add hotplug patch support for SOLIDIGM Aura10 AIC 0x025e:0x0b60 (Alan Adamson) [Orabug: 36836653] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-41090 CVE-2024-41091 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:10:baseos_patch cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 7 [4.14.35-2047.538.5.1] - net/mlx5e: drop shorter ethernet frames (Manjunath Patil) [Orabug: 36660755] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-41090 CVE-2024-41091 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:linux:7::UEKR5 cpe:/a:oracle:linux:7::optional_latest Oracle Linux 6 Oracle Linux 7 [4.1.12-124.87.2.2] - net/mlx5e: drop shorter ethernet frames (Manjunath Patil) [Orabug: 36660755] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-41090 CVE-2024-41091 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 7 [5.4.17-2136.333.5.1.el7] - net/mlx5e: drop shorter ethernet frames (Manjunath Patil) [Orabug: 36660755] - pci: add hotplug patch support for SOLIDIGM Aura10 AIC 0x025e:0x0b60 (Alan Adamson) [Orabug: 36836653] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-41090 CVE-2024-41091 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 8 [5.4.17-2136.333.5.1.el8] - net/mlx5e: drop shorter ethernet frames (Manjunath Patil) [Orabug: 36660755] - pci: add hotplug patch support for SOLIDIGM Aura10 AIC 0x025e:0x0b60 (Alan Adamson) [Orabug: 36836653] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-41091 CVE-2024-41090 cpe:/a:oracle:linux:8::UEKR6 Oracle Linux 6 [4.1.12-124.88.3] - crypto: pcrypt - Fix hungtask for PADATA_RESET (Lu Jialin) [Orabug: 36806710] {CVE-2023-52813} - usbnet: sanity check for maxpacket (Oliver Neukum) [Orabug: 36806658] {CVE-2021-47495} - phonet: fix rtm_phonet_notify() skb allocation (Eric Dumazet) [Orabug: 36683487] {CVE-2024-36946} - wifi: nl80211: don't free NULL coalescing rule (Johannes Berg) [Orabug: 36683466] {CVE-2024-36941} - bna: ensure the copied buf is NUL terminated (Bui Quang Minh) [Orabug: 36683433] {CVE-2024-36934} - bna: use memdup_user to copy userspace buffers (Ivan Vecera) [Orabug: 36683433] {CVE-2024-36934} - new helper: memdup_user_nul() (Al Viro) [Orabug: 36683433] {CVE-2024-36934} - netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (Ziyang Xuan) [Orabug: 36598047] {CVE-2024-27020} - netfilter: nf_tables: __nft_expr_type_get() selects specific family type (Pablo Neira Ayuso) [Orabug: 36598047] {CVE-2024-27020} - net/mlx5e: drop shorter ethernet frames (Manjunath Patil) [Orabug: 36879159] {CVE-2024-41090} {CVE-2024-41091} [4.1.12-124.88.2] - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (Shigeru Yoshida) [Orabug: 36802310] {CVE-2023-52528} - usbnet/smsc75xx: silence uninitialized variable warning (Dan Carpenter) {CVE-2023-52528} - tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (Thadeu Lima de Souza Cascardo) [Orabug: 36685663] {CVE-2023-52880} - netfilter: nf_tables: disallow anonymous set with timeout flag (Pablo Neira Ayuso) [Orabug: 36530112] {CVE-2024-26642} - ubi: Check for too small LEB size in VTBL code (Richard Weinberger) [Orabug: 36356637] {CVE-2024-25739} [4.1.12-124.88.1] - NFS: LOOKUP_DIRECTORY is also ok with symlinks (Trond Myklebust) [Orabug: 33958156] {CVE-2022-24448} - NFSv4: Handle case where the lookup of a directory fails (Trond Myklebust) [Orabug: 33958156] {CVE-2022-24448} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-36941 CVE-2024-36934 CVE-2024-41091 CVE-2024-26642 CVE-2021-47495 CVE-2024-27020 CVE-2023-52880 CVE-2022-24448 CVE-2024-41090 CVE-2024-25739 CVE-2023-52528 CVE-2023-52813 CVE-2024-36946 cpe:/a:oracle:linux:6:10:UEKR4_ELS Oracle Linux 7 [4.1.12-124.88.3] - crypto: pcrypt - Fix hungtask for PADATA_RESET (Lu Jialin) [Orabug: 36806710] {CVE-2023-52813} - usbnet: sanity check for maxpacket (Oliver Neukum) [Orabug: 36806658] {CVE-2021-47495} - phonet: fix rtm_phonet_notify() skb allocation (Eric Dumazet) [Orabug: 36683487] {CVE-2024-36946} - wifi: nl80211: don't free NULL coalescing rule (Johannes Berg) [Orabug: 36683466] {CVE-2024-36941} - bna: ensure the copied buf is NUL terminated (Bui Quang Minh) [Orabug: 36683433] {CVE-2024-36934} - bna: use memdup_user to copy userspace buffers (Ivan Vecera) [Orabug: 36683433] {CVE-2024-36934} - new helper: memdup_user_nul() (Al Viro) [Orabug: 36683433] {CVE-2024-36934} - netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (Ziyang Xuan) [Orabug: 36598047] {CVE-2024-27020} - netfilter: nf_tables: __nft_expr_type_get() selects specific family type (Pablo Neira Ayuso) [Orabug: 36598047] {CVE-2024-27020} - net/mlx5e: drop shorter ethernet frames (Manjunath Patil) [Orabug: 36879159] {CVE-2024-41090} {CVE-2024-41091} [4.1.12-124.88.2] - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (Shigeru Yoshida) [Orabug: 36802310] {CVE-2023-52528} - usbnet/smsc75xx: silence uninitialized variable warning (Dan Carpenter) {CVE-2023-52528} - tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (Thadeu Lima de Souza Cascardo) [Orabug: 36685663] {CVE-2023-52880} - netfilter: nf_tables: disallow anonymous set with timeout flag (Pablo Neira Ayuso) [Orabug: 36530112] {CVE-2024-26642} - ubi: Check for too small LEB size in VTBL code (Richard Weinberger) [Orabug: 36356637] {CVE-2024-25739} [4.1.12-124.88.1] - NFS: LOOKUP_DIRECTORY is also ok with symlinks (Trond Myklebust) [Orabug: 33958156] {CVE-2022-24448} - NFSv4: Handle case where the lookup of a directory fails (Trond Myklebust) [Orabug: 33958156] {CVE-2022-24448} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-36946 CVE-2024-41091 CVE-2023-52813 CVE-2024-36941 CVE-2024-36934 CVE-2024-41090 CVE-2023-52880 CVE-2024-27020 CVE-2022-24448 CVE-2023-52528 CVE-2024-25739 CVE-2021-47495 CVE-2024-26642 cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 9 [7.2.0-13.el9] - vfio/migration: Enhance VFIO migration state tracing (Avihai Horon) - vfio/migration: Don't emit STOP_COPY VFIO migration QAPI event twice (Avihai Horon) - vfio/migration: Emit VFIO migration QAPI event (Avihai Horon) - qapi/vfio: Add VFIO migration QAPI event (Avihai Horon) - migration/multifd: solve zero page causing multiple page faults (Yuan Liu) [Orabug: 36727051] - multifd: Add the ramblock to MultiFDRecvParams (Lukas Straub) [Orabug: 36727051] - migration: Fix qmp_query_migrate mbps value (Fabiano Rosas) [Orabug: 36727104] - migration: Allow user to specify available switchover bandwidth (Peter Xu) [Orabug: 35636284] - migration/dirtyrate: Fix precision losses and g_usleep overshoot (Andrei Gudkov) [Orabug: 36727091] - Use new created qemu_target_pages_to_MiB() (Juan Quintela) [Orabug: 36727091] - softmmu: Create qemu_target_pages_to_MiB() (Juan Quintela) [Orabug: 36727091] - migration/calc-dirty-rate: replaced CRC32 with xxHash (Andrei Gudkov) [Orabug: 36727063] - migration/multifd: Enable multifd zero page checking by default. (Hao Xiang) [Orabug: 34131170] - migration/multifd: Implement ram_save_target_page_multifd to handle multifd version of MigrationOps::ram_save_target_page. (Hao Xiang) [Orabug: 34131170] - migration/multifd: Implement zero page transmission on the multifd thread. (Hao Xiang) [Orabug: 34131170] - migration/multifd: Add new migration option zero-page-detection. (Hao Xiang) [Orabug: 34131170] - migration: Make ram_save_target_page() a pointer (Juan Quintela) [Orabug: 34131170] - migration: Yield bitmap_mutex properly when sending/sleeping (Peter Xu) [Orabug: 34131170] - migration/multifd: Add a synchronization point for channel creation (Fabiano Rosas) [Orabug: 34131170] - migration/multifd: Unify multifd and TLS connection paths (Fabiano Rosas) [Orabug: 34131170] - migration/multifd: Move multifd_send_setup into migration thread (Fabiano Rosas) [Orabug: 34131170] - migration/multifd: Move multifd_send_setup error handling in to the function (Fabiano Rosas) [Orabug: 34131170] - migration/multifd: Remove p->running (Fabiano Rosas) [Orabug: 34131170] - migration/multifd: Optimize sender side to be lockless (Peter Xu) [Orabug: 34131170] - migration/multifd: Join the TLS thread (Fabiano Rosas) [Orabug: 34131170] - migration/multifd: Fix MultiFDSendParams.packet_num race (Peter Xu) [Orabug: 34131170] - migration/multifd: Stick with send/recv on function names (Peter Xu) [Orabug: 34131170] - migration/multifd: Cleanup multifd_load_cleanup() (Peter Xu) [Orabug: 34131170] - migration/multifd: Cleanup multifd_save_cleanup() (Peter Xu) [Orabug: 34131170] - migration/multifd: Rewrite multifd_queue_page() (Peter Xu) [Orabug: 34131170] - migration/multifd: Change retval of multifd_send_pages() (Peter Xu) [Orabug: 34131170] - migration/multifd: Change retval of multifd_queue_page() (Peter Xu) [Orabug: 34131170] - migration/multifd: Split multifd_send_terminate_threads() (Peter Xu) [Orabug: 34131170] - migration/multifd: Forbid spurious wakeups (Peter Xu) [Orabug: 34131170] - migration/multifd: Move header prepare/fill into send_prepare() (Peter Xu) [Orabug: 34131170] - migration/multifd: multifd_send_prepare_header() (Peter Xu) [Orabug: 34131170] - migration/multifd: Move trace_multifd_send|recv() (Peter Xu) [Orabug: 34131170] - migration/multifd: Move total_normal_pages accounting (Peter Xu) [Orabug: 34131170] - migration/multifd: Rename p->num_packets and clean it up (Peter Xu) [Orabug: 34131170] - migration/multifd: Drop pages->num check in sender thread (Peter Xu) [Orabug: 34131170] - migration/multifd: Simplify locking in sender thread (Peter Xu) [Orabug: 34131170] - migration/multifd: Separate SYNC request with normal jobs (Peter Xu) [Orabug: 34131170] - migration/multifd: Drop MultiFDSendParams.normal[] array (Peter Xu) [Orabug: 34131170] - migration/multifd: Postpone reset of MultiFDPages_t (Peter Xu) [Orabug: 34131170] - migration/multifd: Remove MultiFDPages_t::packet_num (Fabiano Rosas) [Orabug: 34131170] - migration/multifd: Drop MultiFDSendParams.quit, cleanup error paths (Peter Xu) [Orabug: 34131170] - migration/multifd: multifd_send_kick_main() (Peter Xu) [Orabug: 34131170] - migration/multifd: Fix leaking of Error in TLS error flow (Avihai Horon) [Orabug: 34131170] - migration/ram: Merge save_zero_page functions (Fabiano Rosas) [Orabug: 34131170] - migration/ram: Move xbzrle zero page handling into save_zero_page (Fabiano Rosas) [Orabug: 34131170] - migration/multifd: Stop setting p->ioc before connecting (Fabiano Rosas) [Orabug: 34131170] - migration: Centralize BH creation and dispatch (Fabiano Rosas) [Orabug: 34131170] - migration: Add a wrapper to qemu_bh_schedule (Fabiano Rosas) [Orabug: 34131170] - migration: Remove transferred atomic counter (Juan Quintela) [Orabug: 35636284] - migration: Use migration_transferred_bytes() (Juan Quintela) [Orabug: 35636284] - migration: migration_rate_limit_reset() don't need the QEMUFile (Juan Quintela) [Orabug: 35636284] - migration: migration_transferred_bytes() don't need the QEMUFile (Juan Quintela) [Orabug: 35636284] - multifd: reset next_packet_len after sending pages (Elena Ufimtseva) [Orabug: 35636284] - multifd: fix counters in multifd_send_thread (Elena Ufimtseva) [Orabug: 35636284] - migration/multifd: Compute transferred bytes correctly (Juan Quintela) [Orabug: 35636284] - migration: check for rate_limit_max for RATE_LIMIT_DISABLED (Elena Ufimtseva) [Orabug: 35636284] - migration: Use the number of transferred bytes directly (Juan Quintela) [Orabug: 35636284] - qemu_file: Use a stat64 for qemu_file_transferred (Juan Quintela) [Orabug: 35636284] - migration: set file error on subsection loading (Marc-Andre Lureau) [Orabug: 35636284] - migration: Receiving a zero page non zero is an error (Juan Quintela) [Orabug: 35636284] - migration/multifd: Stop checking p->quit in multifd_send_thread (Fabiano Rosas) [Orabug: 35636284] - migration/multifd: Clarify Error usage in multifd_channel_connect (Fabiano Rosas) [Orabug: 35636284] - multifd: cleanup the function multifd_channel_connect (Li Zhang) [Orabug: 35636284] - migration/multifd: Unify multifd_send_thread error paths (Fabiano Rosas) [Orabug: 35636284] - migration: Non multifd migration don't care about multifd flushes (Juan Quintela) [Orabug: 35636284] - migration: fix RAMBlock add NULL check (Dmitry Frolov) [Orabug: 35829153] - migration: We don't need the field rate_limit_used anymore (Juan Quintela) [Orabug: 35636284] - migration: Use migration_transferred_bytes() to calculate rate_limit (Juan Quintela) [Orabug: 35636284] - migration: Add a trace for migration_transferred_bytes (Juan Quintela) [Orabug: 35636284] - migration: Move migration_total_bytes() to migration-stats.c (Juan Quintela) [Orabug: 35636284] - qemu-file: Remove total from qemu_file_total_transferred_*() (Juan Quintela) [Orabug: 35636284] - migration: Move rate_limit_max and rate_limit_used to migration_stats (Juan Quintela) [Orabug: 35636284] - qemu-file: Account for rate_limit usage on qemu_fflush() (Juan Quintela) [Orabug: 35636284] - migration: Don't use INT64_MAX for unlimited rate (Juan Quintela) [Orabug: 35636284] - qemu-file: Make rate_limit_used an uint64_t (Juan Quintela) [Orabug: 35636284] - qemu-file: make qemu_file_[sg]et_rate_limit() use an uint64_t (Juan Quintela) [Orabug: 35636284] - migration: We set the rate_limit by a second (Juan Quintela) [Orabug: 35829153] - migration: A rate limit value of 0 is valid (Juan Quintela) [Orabug: 35636284] - qemu-file: Make ram_control_save_page() use accessors for rate_limit (Juan Quintela) [Orabug: 35636284] - qemu-file: Make total_transferred an uint64_t (Juan Quintela) [Orabug: 35636284] - qemu-file: No need to check for shutdown in qemu_file_rate_limit (Juan Quintela) [Orabug: 35636284] - migration: Document all migration_stats (Juan Quintela) [Orabug: 35636284] - multifd: We already account for this packet on the multifd thread (Juan Quintela) [Orabug: 35636284] - migration: Make dirty_bytes_last_sync atomic (Juan Quintela) [Orabug: 35636284] - migration: Make dirty_pages_rate atomic (Juan Quintela) [Orabug: 35636284] - stat64: Add stat64_set() operation (Paolo Bonzini) [Orabug: 35636284] - multifd: Only flush once each full round of memory (Juan Quintela) [Orabug: 35636284] - migration: Make find_dirty_block() return a single parameter (Juan Quintela) [Orabug: 35636284] - migration: Simplify ram_find_and_save_block() (Juan Quintela) [Orabug: 35636284] - multifd: Protect multifd_send_sync_main() calls (Juan Quintela) [Orabug: 35636284] - multifd: Create property multifd-flush-after-each-section (Juan Quintela) [Orabug: 35636284] - multifd: Fix the number of channels ready (Juan Quintela) [Orabug: 35636284] - migration: Rename normal to normal_pages (Juan Quintela) [Orabug: 35636284] - migration: Rename duplicate to zero_pages (Juan Quintela) [Orabug: 35636284] - migration: Make dirty_sync_count atomic (Juan Quintela) [Orabug: 35636284] - migration: Make downtime_bytes atomic (Juan Quintela) [Orabug: 35636284] - migration: Make precopy_bytes atomic (Juan Quintela) [Orabug: 35636284] - migration: Make dirty_sync_missed_zero_copy atomic (Juan Quintela) [Orabug: 35636284] - migration: Make multifd_bytes atomic (Juan Quintela) [Orabug: 35636284] - migration: Update atomic stats out of the mutex (Juan Quintela) [Orabug: 35636284] - migration: Merge ram_counters and ram_atomic_counters (Juan Quintela) [Orabug: 35636284] - migration/multifd: correct multifd_send_thread to trace the flags (Wei Wang) [Orabug: 35636284] - ram: Document migration ram flags (Juan Quintela) [Orabug: 35636284] - migration: Calculate ram size once (Juan Quintela) [Orabug: 35636284] - multifd: Fix a race on reading MultiFDPages_t.block (Zhenzhong Duan) [Orabug: 35636284] - migration: Use atomic ops properly for page accountings (Peter Xu) [Orabug: 35636284] - migration: Export ram_release_page() (Juan Quintela) [Orabug: 35636284] - migration: Export ram_transferred_ram() (Juan Quintela) [Orabug: 35636284] - multifd: Create page_count fields into both MultiFD{Recv,Send}Params (Juan Quintela) [Orabug: 35636284] - multifd: Create page_size fields into both MultiFD{Recv,Send}Params (Juan Quintela) [Orabug: 35636284] - migration: Fix migration_channel_read_peek() error path () (Avihai Horon) [Orabug: 36726827] - migration/multifd: Remove error_setg() in migration_ioc_process_incoming() (Avihai Horon) [Orabug: 36726827] - migration: Refactor migration_incoming_setup() (Avihai Horon) [Orabug: 36726827] - migration: check magic value for deciding the mapping of channels (manish.mishra) [Orabug: 36726827] - io: Add support for MSG_PEEK for socket channel (manish.mishra) [Orabug: 36726827] - hw/sd/sdhci: Do not update TRNMOD when Command Inhibit (DAT) is set (hilippe Mathieu-Daude) [Orabug: 36575206] {CVE-2024-3447} - block: lock AioContext in bdrv_replace_child_noperm() when in non-coroutine context (Mark Kanda) [Orabug: 36514180] - hw/scsi/scsi-generic: Fix io_timeout property not applying (Lorenz Brun) [Orabug: 36637684] - target/i386/monitor: synchronize cpu state for lapic info (Dongli Zhang) [Orabug: 36607747] - qemu_init: increase NOFILE soft limit on POSIX (Fiona Ebner) [Orabug: 36416389] MODERATE Copyright 2024 Oracle, Inc. CVE-2024-3447 cpe:/a:oracle:linux:9::kvm_utils Oracle Linux 9 [20240715-999.34.git4c8fb21e.el9] - Rebase to latest upstream [Orabug: 36826157] MODERATE Copyright 2024 Oracle, Inc. CVE-2023-31315 cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 7 [20240715-999.34.git4c8fb21e.el7] - Rebase to latest upstream [Orabug: 36826157] MODERATE Copyright 2024 Oracle, Inc. CVE-2023-31315 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::UEKR6 cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [20240715-999.34.git4c8fb21e.el8] - Rebase to latest upstream [Orabug: 36826157] MODERATE Copyright 2024 Oracle, Inc. CVE-2023-31315 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:10:baseos_patch cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.334.6] - loop: Fix a race between loop detach and loop open (Gulam Mohamed) [Orabug: 36197800] - x86/bhi: Do not enable unnecessary BHI mitigation in OCI and Exadata VMs (Alexandre Chartre) [Orabug: 36672495] - x86/bhi: Avoid warning in #DB handler due to BHI mitigation (Alexandre Chartre) [Orabug: 36642472] - wifi: wilc1000: fix ies_len type in connect path (Jozef Hopko) - net/mlx5e: drop shorter ethernet frames (Manjunath Patil) [Orabug: 36879157] {CVE-2024-41090} {CVE-2024-41091} [5.4.17-2136.334.5] - Fix incorrect syntax in UEK6 OL8 kernel-uek.spec (Sherry Yang) [Orabug: 36847358] - rds/ib: decrement ib_rx_total_incs after releasing associated cache (Arumugam Kolappan) [Orabug: 36722026] [5.4.17-2136.334.4] - Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ (Luiz Augusto von Dentz) - netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type (Jozsef Kadlecsik) [Orabug: 36835599] {CVE-2024-39503} - drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found (Marek Szyprowski) [Orabug: 36836328] {CVE-2024-40916} - vxlan: Fix regression when dropping packets due to invalid src addresses (Daniel Borkmann) [5.4.17-2136.334.3] - rds/rdma: Send info to userspace, even if connnection is down. (Juan Garcia) [Orabug: 36529562] - pci: add hotplug patch support for SOLIDIGM Aura10 AIC 0x025e:0x0b60 (Alan Adamson) [Orabug: 36762919] [5.4.17-2136.334.2] - LTS tag: v5.4.278 (Alok Tiwari) - x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (Daniel J Blueman) - io_uring: fail NOP if non-zero op flags is passed in (Ming Lei) - nfs: fix undefined behavior in nfs_block_bits() (Sergey Shtylyov) - s390/ap: Fix crash in AP internal function modify_bitmap() (Harald Freudenberger) [Orabug: 36774592] {CVE-2024-38661} - ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (Baokun Li) [Orabug: 36774598] {CVE-2024-39276} - sparc: move struct termio to asm/termios.h (Mike Gilbert) - xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (Eric Dumazet) [Orabug: 36643449] {CVE-2024-35976} - net: fix __dst_negative_advice() race (Eric Dumazet) [Orabug: 36720417] {CVE-2024-36971} - kdb: Use format-specifiers rather than memset() for padding in kdb_read() (Daniel Thompson) - kdb: Merge identical case statements in kdb_read() (Daniel Thompson) - kdb: Fix console handling when editing and tab-completing commands (Daniel Thompson) - kdb: Use format-strings rather than '- kdb: Fix buffer overflow during tab-complete (Daniel Thompson) [Orabug: 36809288] {CVE-2024-39480} - sparc64: Fix number of online CPUs (Sam Ravnborg) - intel_th: pci: Add Meteor Lake-S CPU support (Alexander Shishkin) - net/9p: fix uninit-value in p9_client_rpc() (Nikita Zhandarovich) [Orabug: 36774612] {CVE-2024-39301} - net/ipv6: Fix route deleting failure when metric equals 0 (xu xin) - crypto: ecrdsa - Fix module auto-load on add_key (Vitaly Chikunov) - KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode (Marc Zyngier) - media: v4l2-core: hold videodev_lock until dev reg, finishes (Hans Verkuil) - media: mxl5xx: Move xpt structures off stack (Nathan Chancellor) - media: mc: mark the media devnode as registered from the, start (Hans Verkuil) - arm64: dts: hi3798cv200: fix the size of GICR (Yang Xiwen) - wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU (Bitterblue Smith) - arm64: tegra: Correct Tegra132 I2C alias (Krzysztof Kozlowski) - ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx (Christoffer Sandberg) - ata: pata_legacy: make legacy_exit() work again (Sergey Shtylyov) - drm/amdgpu: add error handle to avoid out-of-bounds (Bob Zhou) [Orabug: 36774657] {CVE-2024-39471} - media: lgdt3306a: Add a check against null-pointer-def (Zheyu Ma) - f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() (Chao Yu) [Orabug: 36774636] {CVE-2024-39467} - x86/mm: Remove broken vsyscall emulation code from the page fault code (Linus Torvalds) - nilfs2: fix use-after-free of timer for log writer thread (Ryusuke Konishi) [Orabug: 36753564] {CVE-2024-38583} - afs: Don't cross .backup mountpoint from backup volume (Marc Dionne) - mmc: core: Do not force a retune before RPMB switch (Jorge Ramirez-Ortiz) - binder: fix max_thread type inconsistency (Carlos Llamas) - SUNRPC: Fix loop termination condition in gss_free_in_token_pages() (Chuck Lever) [Orabug: 36809512] {CVE-2024-36288} - ALSA: timer: Set lower bound of start tick time (Takashi Iwai) [Orabug: 36753729] {CVE-2024-38618} - ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound (Yue Haibing) [Orabug: 36763551] {CVE-2024-33621} - spi: stm32: Don't warn about spurious interrupts (Uwe Kleine-Konig) - kconfig: fix comparison to constant symbols, 'm', 'n' (Masahiro Yamada) - netfilter: tproxy: bail out if IP has been disabled on the device (Florian Westphal) [Orabug: 36763563] {CVE-2024-36270} - net:fec: Add fec_enet_deinit() (Xiaolei Wang) - net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM (Parthiban Veerasooran) - smsc95xx: use usbnet->driver_priv (Andre Edich) - smsc95xx: remove redundant function arguments (Andre Edich) - enic: Validate length of nl attributes in enic_set_vf_port (Roded Zats) [Orabug: 36763836] {CVE-2024-38659} - dma-buf/sw-sync: don't enable IRQ from sync_print_obj() (Tetsuo Handa) [Orabug: 36763844] {CVE-2024-38780} - net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion (Carolina Jubran) - nvmet: fix ns enable/disable possible hang (Sagi Grimberg) - spi: Don't mark message DMA mapped when no transfer in it is (Andy Shevchenko) - netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (Eric Dumazet) [Orabug: 36763570] {CVE-2024-36286} - net: fec: avoid lock evasion when reading pps_enable (Wei Fang) - virtio: delete vq in vp_find_vqs_msix() when request_irq() fails (Jiri Pirko) [Orabug: 36763587] {CVE-2024-37353} - arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY (Jiangfeng Xiao) [Orabug: 36825258] {CVE-2024-39488} - openvswitch: Set the skbuff pkt_type for proper pmtud support. (Aaron Conole) - tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). (Kuniyuki Iwashima) [Orabug: 36763591] {CVE-2024-37356} - params: lift param_set_uint_minmax to common code (Sagi Grimberg) - ipv6: sr: fix memleak in seg6_hmac_init_algo (Hangbin Liu) [Orabug: 36825262] {CVE-2024-39489} - sunrpc: fix NFSACL RPC retry on soft mount (Dan Aloni) - x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y (Masahiro Yamada) - null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (Zhu Yanjun) - media: cec: cec-api: add locking in cec_release() (Hans Verkuil) - media: cec: cec-adap: always cancel work in cec_transmit_msg_fh (Hans Verkuil) - um: Fix the -Wmissing-prototypes warning for __switch_mm (Tiwei Bie) - powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp (Shrikanth Hegde) - scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (Azeem Shaikh) - media: stk1160: fix bounds checking in stk1160_copy_video() (Dan Carpenter) [Orabug: 36763602] {CVE-2024-38621} - um: Add winch to winch_handlers before registering winch IRQ (Roberto Sassu) [Orabug: 36768583] {CVE-2024-39292} - um: Fix return value in ubd_init() (Duoming Zhou) - drm/msm/dpu: Always flush the slave INTF on the CTL (Marijn Suijten) - Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation (Fenglin Wu) - Input: ims-pcu - fix printf string overflow (Arnd Bergmann) - libsubcmd: Fix parse-options memory leak (Ian Rogers) - serial: sh-sci: protect invalidating RXDMA on shutdown (Wolfram Sang) - f2fs: fix to release node block count in error path of f2fs_new_node_page() (Chao Yu) - extcon: max8997: select IRQ_DOMAIN instead of depending on it (Randy Dunlap) - ppdev: Add an error check in register_device (Huai-Yuan Liu) [Orabug: 36678064] {CVE-2024-36015} - ppdev: Remove usage of the deprecated ida_simple_xx() API (Christophe JAILLET) - stm class: Fix a double free in stm_register_device() (Dan Carpenter) [Orabug: 36763763] {CVE-2024-38627} - usb: gadget: u_audio: Clear uac pointer when freed. (Chris Wulff) - microblaze: Remove early printk call from cpuinfo-static.c (Michal Simek) - microblaze: Remove gcc flag for non existing early_printk.c file (Michal Simek) - iio: pressure: dps310: support negative temperature values (Thomas Haemmerle) - greybus: arche-ctrl: move device table to its right location (Arnd Bergmann) - serial: max3100: Fix bitwise types (Andy Shevchenko) - serial: max3100: Update uart_driver_registered on driver removal (Andy Shevchenko) [Orabug: 36763814] {CVE-2024-38633} - serial: max3100: Lock port->lock when calling uart_handle_cts_change() (Andy Shevchenko) [Orabug: 36763819] {CVE-2024-38634} - firmware: dmi-id: add a release callback function (Arnd Bergmann) - dmaengine: idma64: Add check for dma_set_max_seg_size (Chen Ni) - soundwire: cadence: fix invalid PDI offset (Pierre-Louis Bossart) [Orabug: 36763825] {CVE-2024-38635} - soundwire: cadence_master: improve PDI allocation (Bard Liao) - soundwire: intel: don't filter out PDI0/1 (Pierre-Louis Bossart) - soundwire: cadence/intel: simplify PDI/port mapping (Pierre-Louis Bossart) - greybus: lights: check return of get_channel_from_mode (Rui Miguel Silva) [Orabug: 36763832] {CVE-2024-38637} - sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level (Vitalii Bursov) - af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (Eric Dumazet) - netrom: fix possible dead-lock in nr_rt_ioctl() (Eric Dumazet) [Orabug: 36753581] {CVE-2024-38589} - RDMA/IPoIB: Fix format truncation compilation errors (Leon Romanovsky) - selftests/kcmp: remove unused open mode (Edward Liaw) - selftests/kcmp: Make the test output consistent and clear (Gautam Menghani) - SUNRPC: Fix gss_free_in_token_pages() (Chuck Lever) - sunrpc: removed redundant procp check (Aleksandr Aprelkov) - ext4: avoid excessive credit estimate in ext4_tmpfile() (Jan Kara) - x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map (Adrian Hunter) - RDMA/hns: Use complete parentheses in macros (Chengchang Tang) - drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector (Marek Vasut) - ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value (Steven Rostedt) - drm/arm/malidp: fix a possible null pointer dereference (Huai-Yuan Liu) [Orabug: 36678061] {CVE-2024-36014} - fbdev: sh7760fb: allow modular build (Randy Dunlap) - platform/x86: wmi: Make two functions static (YueHaibing) - media: radio-shark2: Avoid led_names truncations (Ricardo Ribalda) - media: ngene: Add dvb_ca_en50221_init return value check (Aleksandr Burakov) - fbdev: sisfb: hide unused variables (Arnd Bergmann) - powerpc/fsl-soc: hide unused const variable (Arnd Bergmann) - drm/mediatek: Add 0 size check to mtk_drm_gem_obj (Justin Green) [Orabug: 36753414] {CVE-2024-38549} - fbdev: shmobile: fix snprintf truncation (Arnd Bergmann) - mtd: rawnand: hynix: fixed typo (Maxim Korotkov) - drm/amd/display: Fix potential index out of bounds in color transformation function (Srinivasan Shanmugam) [Orabug: 36753424] {CVE-2024-38552} - ipv6: sr: fix invalid unregister error path (Hangbin Liu) [Orabug: 36753710] {CVE-2024-38612} - ipv6: sr: add missing seg6_local_exit (Hangbin Liu) - net: openvswitch: fix overwriting ct original tuple for ICMPv6 (Ilya Maximets) [Orabug: 36753462] {CVE-2024-38558} - net: usb: smsc95xx: stop lying about skb->truesize (Eric Dumazet) - af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (Breno Leitao) [Orabug: 36753599] {CVE-2024-38596} - net: ethernet: cortina: Locking fixes (Linus Walleij) - m68k: mac: Fix reboot hang on Mac IIci (Finn Thain) - m68k: Fix spinlock race in kernel thread creation (Michael Schmitz) [Orabug: 36753714] {CVE-2024-38613} - net: usb: sr9700: stop lying about skb->truesize (Eric Dumazet) - usb: aqc111: stop lying about skb->truesize (Eric Dumazet) - wifi: mwl8k: initialize cmd->addr[] properly (Dan Carpenter) - scsi: qedf: Ensure the copied buf is NUL terminated (Bui Quang Minh) [Orabug: 36753467] {CVE-2024-38559} - scsi: bfa: Ensure the copied buf is NUL terminated (Bui Quang Minh) [Orabug: 36753472] {CVE-2024-38560} - HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors (Chen Ni) - Revert 'sh: Handle calling csum_partial with misaligned data' (Guenter Roeck) - sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe() (Geert Uytterhoeven) - wifi: ar5523: enable proper endpoint verification (Nikita Zhandarovich) [Orabug: 36753485] {CVE-2024-38565} - wifi: carl9170: add a proper sanity check for endpoints (Nikita Zhandarovich) [Orabug: 36753508] {CVE-2024-38567} - macintosh/via-macii: Fix 'BUG: sleeping function called from invalid context' (Finn Thain) - tcp: avoid premature drops in tcp_add_backlog() (Eric Dumazet) - tcp: fix a signed-integer-overflow bug in tcp_add_backlog() (Lu Wei) - tcp: minor optimization in tcp_add_backlog() (Eric Dumazet) - wifi: ath10k: populate board data for WCN3990 (Dmitry Baryshkov) - wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() (Su Hui) - x86/purgatory: Switch to the position-independent small code model (Ard Biesheuvel) - scsi: hpsa: Fix allocation size for Scsi_Host private data (Yuri Karpov) - scsi: libsas: Fix the failure of adding phy with zero-address to port (Xingui Yang) - cpufreq: exit() callback is optional (Viresh Kumar) [Orabug: 36753721] {CVE-2024-38615} - cpufreq: Rearrange locking in cpufreq_remove_dev() (Rafael J. Wysocki) - cpufreq: Split cpufreq_offline() (Rafael J. Wysocki) - cpufreq: Reorganize checks in cpufreq_offline() (Rafael J. Wysocki) - ACPI: disable -Wstringop-truncation (Arnd Bergmann) - irqchip/alpine-msi: Fix off-by-one in allocation error path (Zenghui Yu) - scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL (Andrew Halaney) - scsi: ufs: core: Perform read back after disabling interrupts (Andrew Halaney) - scsi: ufs: cdns-pltfrm: Perform read back after writing HCLKDIV (Andrew Halaney) - scsi: ufs: qcom: Perform read back after writing reset bit (Andrew Halaney) - qed: avoid truncating work queue length (Arnd Bergmann) - wifi: ath10k: poll service ready message before failing (Baochen Qiang) - md: fix resync softlockup when bitmap size is less than array size (Yu Kuai) [Orabug: 36753648] {CVE-2024-38598} - null_blk: Fix missing mutex_destroy() at module removal (Zhu Yanjun) - jffs2: prevent xattr node from overflowing the eraseblock (Ilya Denisyev) [Orabug: 36753651] {CVE-2024-38599} - s390/cio: fix tracepoint subchannel type field (Peter Oberparleiter) - crypto: ccp - drop platform ifdef checks (Arnd Bergmann) - parisc: add missing export of __cmpxchg_u8() (Al Viro) - nilfs2: fix out-of-range warning (Arnd Bergmann) - ecryptfs: Fix buffer size for tag 66 packet (Brian Kubisiak) [Orabug: 36753536] {CVE-2024-38578} - firmware: raspberrypi: Use correct device for DMA mappings (Laurent Pinchart) - crypto: bcm - Fix pointer arithmetic (Aleksandr Mishin) [Orabug: 36753541] {CVE-2024-38579} - openpromfs: finish conversion to the new mount API (Eric Sandeen) - nvme: find numa distance only if controller has valid numa id (Nilay Shroff) - drm/amdkfd: Flush the process wq before creating a kfd_process (Lancelot SIX) - ASoC: da7219-aad: fix usage of device_get_named_child_node() (Pierre-Louis Bossart) - ASoC: dt-bindings: rt5645: add cbj sleeve gpio property (Derek Fang) - ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating (Derek Fang) - drm/amd/display: Set color_mgmt_changed to true on unsuspend (Joshua Ashton) - net: usb: qmi_wwan: add Telit FN920C04 compositions (Daniele Palmas) - wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class (Igor Artemiev) - nilfs2: fix potential hang in nilfs_detach_log_writer() (Ryusuke Konishi) [Orabug: 36753557] {CVE-2024-38582} - nilfs2: fix unexpected freezing of nilfs_segctor_sync() (Ryusuke Konishi) - net: smc91x: Fix m68k kernel compilation for ColdFire CPU (Thorsten Blum) - ring-buffer: Fix a race between readers and resize checks (Petr Pavlu) [Orabug: 36753661] {CVE-2024-38601} - tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (Daniel Starke) [Orabug: 36678068] {CVE-2024-36016} [5.4.17-2136.334.1] - rds/rdma: Track rds_message in send, retrans and recv queue (Juan Garcia) [Orabug: 36529583] - xfs: make sure sb_fdblocks is non-negative (Wengang Wang) [Orabug: 36596998] - xfs: fix sb write verify for lazysbcount (Long Li) [Orabug: 36596998] - rds/rdma: Clear rds_info_socket before use (Juan Garcia) [Orabug: 36613125] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-36015 CVE-2024-37353 CVE-2024-38582 CVE-2024-35976 CVE-2024-38618 CVE-2024-39503 CVE-2024-38596 CVE-2024-38552 CVE-2024-38637 CVE-2024-38560 CVE-2024-36014 CVE-2024-37356 CVE-2024-38579 CVE-2024-38598 CVE-2024-39480 CVE-2024-41090 CVE-2024-41091 CVE-2024-38661 CVE-2024-36286 CVE-2024-38549 CVE-2024-38567 CVE-2024-38583 CVE-2024-38599 CVE-2024-38633 CVE-2024-38659 CVE-2024-40916 CVE-2024-38589 CVE-2024-38613 CVE-2024-38615 CVE-2024-39292 CVE-2024-36016 CVE-2024-38627 CVE-2024-38780 CVE-2024-36971 CVE-2024-38621 CVE-2024-39489 CVE-2024-33621 CVE-2024-38559 CVE-2024-36288 CVE-2024-38612 CVE-2024-38635 CVE-2024-39301 CVE-2024-36270 CVE-2024-38558 CVE-2024-38565 CVE-2024-38601 CVE-2024-39276 CVE-2024-39467 CVE-2024-39471 CVE-2024-39488 CVE-2024-38578 CVE-2024-38634 cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:8::developer_UEKR6 cpe:/a:oracle:linux:7::developer_UEKR6 cpe:/o:oracle:linux:8:10:baseos_patch cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 8 Oracle Linux 9 [5.15.0-209.161.7] - loop: Fix a race between loop detach and loop open (Gulam Mohamed) [Orabug: 36865975] [5.15.0-209.161.6] - net/mlx5e: drop shorter ethernet frames (Manjunath Patil) [Orabug: 36879156] {CVE-2024-41090} {CVE-2024-41091} - x86/bhi: Do not enable unnecessary BHI mitigation in OCI and Exadata VMs (Alexandre Chartre) [Orabug: 36672479] - KVM: SVM: fix build error when CONFIG_HYPERV is unset (Simran Singh) [Orabug: 36508934] - x86/bhi: Avoid warning in #DB handler due to BHI mitigation (Alexandre Chartre) - Revert 'mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again' (Jan Kara) - mm: prevent derefencing NULL ptr in pfn_section_valid() (Waiman Long) [5.15.0-209.161.5] - rds/ib: decrement ib_rx_total_incs after releasing associated cache (Arumugam Kolappan) [Orabug: 36760266] [5.15.0-209.161.4] - rds/rdma: Send info to userspace, even if connnection is down. (Juan Garcia) [Orabug: 36529561] - KVM: x86: Advertise AVX-NE-CONVERT CPUID to user space (Jiaxi Chen) [Orabug: 36810714] - KVM: x86: Advertise AVX-VNNI-INT8 CPUID to user space (Jiaxi Chen) [Orabug: 36810714] - x86: KVM: Advertise AVX-IFMA CPUID to user space (Jiaxi Chen) [Orabug: 36810714] - x86: KVM: Advertise AMX-FP16 CPUID to user space (Chang S. Bae) [Orabug: 36810714] - x86: KVM: Advertise CMPccXADD CPUID to user space (Jiaxi Chen) [Orabug: 36810714] - x86/cpufeatures: Put the AMX macros in the word 18 block (Jim Mattson) [Orabug: 36810714] - intel_idle: add Sierra Forest SoC support (Artem Bityutskiy) [Orabug: 36810714] - intel_idle: add Grand Ridge SoC support (Artem Bityutskiy) [Orabug: 36810714] - perf/x86/intel/uncore: Support Sierra Forest and Grand Ridge (Kan Liang) [Orabug: 36810714] - perf/x86/intel/uncore: Support IIO free-running counters on GNR (Kan Liang) [Orabug: 36810714] - perf/x86/intel/uncore: Support Granite Rapids (Kan Liang) [Orabug: 36810714] - perf/x86/uncore: Use u64 to replace unsigned for the uncore offsets array (Kan Liang) [Orabug: 36810714] - perf/x86/intel/uncore: Generic uncore_get_uncores and MMIO format of SPR (Kan Liang) [Orabug: 36810714] - Documentation/x86: Document resctrl's new sparse_masks (Fenghua Yu) [Orabug: 36810714] - x86/resctrl: Add sparse_masks file in info (Fenghua Yu) [Orabug: 36810714] - x86/resctrl: Enable non-contiguous CBMs in Intel CAT (Maciej Wieczor-Retman) [Orabug: 36810714] - x86/resctrl: Rename arch_has_sparse_bitmaps (Maciej Wieczor-Retman) [Orabug: 36810714] - x86/cpu: Fix Crestmont uarch (Peter Zijlstra) [Orabug: 36810714] - x86/cpu: Fix Gracemont uarch (Peter Zijlstra) [Orabug: 36810714] - powercap: RAPL: fix invalid initialization for pl4_supported field (Sumeet Pawnikar) [Orabug: 36810714] - perf/x86/intel/uncore: Add events for Intel SPR IMC PMU (Stephane Eranian) [Orabug: 36810714] - EDAC/i10nm: Add Intel Sierra Forest server support (Qiuxu Zhuo) [Orabug: 36810714] - perf/x86/msr: Add Granite Rapids (Kan Liang) [Orabug: 36810714] - platform/x86: ISST: Add support for MSR 0x54 (Srinivas Pandruvada) [Orabug: 36810714] - powercap: RAPL: Add Power Limit4 support for Meteor Lake SoC (Sumeet Pawnikar) [Orabug: 36810714] - EDAC/i10nm: Add Intel Granite Rapids server support (Qiuxu Zhuo) [Orabug: 36810714] - EDAC/i10nm: Make more configurations CPU model specific (Qiuxu Zhuo) [Orabug: 36810714] - powercap: intel_rapl: add support for Meteor Lake (Zhang Rui) [Orabug: 36810714] - perf/x86/msr: Add Meteor Lake support (Kan Liang) [Orabug: 36810714] - perf/x86: Add Meteor Lake support (Kan Liang) [Orabug: 36810714] - perf: Add PMU_FORMAT_ATTR_SHOW (Kan Liang) [Orabug: 36810714] - platform/x86: intel/pmc: Replace all the reg_map with init functions (Gayatri Kammela) [Orabug: 36810714] - thermal: intel: intel_tcc_cooling: Add TCC cooling support for RaptorLake-S (Zhang Rui) [Orabug: 36810714] - x86/intel_epb: Set Alder Lake N and Raptor Lake P normal EPB (Srinivas Pandruvada) [Orabug: 36810714] - perf/x86/msr: Add new Raptor Lake S support (Kan Liang) [Orabug: 36810714] - perf/x86: Add new Raptor Lake S support (Kan Liang) [Orabug: 36810714] - x86/resctrl: Remove arch_has_empty_bitmaps (Babu Moger) [Orabug: 36810714] - intel_idle: Add AlderLake-N support (Zhang Rui) [Orabug: 36810714] - platform/x86/intel: pmc/core: Add Raptor Lake support to pmc core driver (Gayatri Kammela) [Orabug: 36810714] - tools/power turbostat: Add support for RPL-S (Zhang Rui) [Orabug: 36810714] - perf/x86/intel: Fix unchecked MSR access error for Alder Lake N (Kan Liang) [Orabug: 36810714] - powercap: intel_rapl: Add support for RAPTORLAKE_S (Zhang Rui) [Orabug: 36810714] - thermal: intel: Add TCC cooling support for Alder Lake-N and Raptor Lake-P (Sumeet Pawnikar) [Orabug: 36810714] - powercap: RAPL: Add Power Limit4 support for Alder Lake-N and Raptor Lake-P (Sumeet Pawnikar) [Orabug: 36810714] - EDAC/i10nm: Print an extra register set of retry_rd_err_log (Qiuxu Zhuo) [Orabug: 36810714] - EDAC/i10nm: Retrieve and print retry_rd_err_log registers for HBM (Qiuxu Zhuo) [Orabug: 36810714] - EDAC/skx_common: Add ChipSelect ADXL component (Qiuxu Zhuo) [Orabug: 36810714] - perf/x86/intel: Fix PEBS data source encoding for ADL (Kan Liang) [Orabug: 36810714] - perf/x86/intel: Fix PEBS memory access info encoding for ADL (Kan Liang) [Orabug: 36810714] - platform/x86: intel/pmc: Add Alder Lake N support to PMC core driver (Gayatri Kammela) [Orabug: 36810714] - platform/x86/intel: pmc: Support Intel Raptorlake P (George D Sworo) [Orabug: 36810714] - tools/power turbostat: Support RAPTORLAKE P (George D Sworo) [Orabug: 36810714] - powercap: intel_rapl: Add support for RAPTORLAKE_P (George D Sworo) [Orabug: 36810714] - tools/power turbostat: add support for ALDERLAKE_N (Zhang Rui) [Orabug: 36810714] - powercap: intel_rapl: add support for ALDERLAKE_N (Zhang Rui) [Orabug: 36810714] - powercap: RAPL: Add Power Limit4 support for RaptorLake (Sumeet Pawnikar) [Orabug: 36810714] - thermal: intel_tcc_cooling: Add TCC cooling support for RaptorLake (Sumeet Pawnikar) [Orabug: 36810714] - perf/x86/uncore: Add new Alder Lake and Raptor Lake support (Kan Liang) [Orabug: 36810714] - perf/x86/uncore: Clean up uncore_pci_ids[] (Kan Liang) [Orabug: 36810714] - perf/x86/msr: Add new Alder Lake and Raptor Lake support (Kan Liang) [Orabug: 36810714] - perf/x86: Add new Alder Lake and Raptor Lake support (Kan Liang) [Orabug: 36810714] - powercap: intel_rapl: add support for RaptorLake (Zhang Rui) [Orabug: 36810714] - tools/power turbostat: Introduce support for RaptorLake (Zhang Rui) [Orabug: 36810714] - perf/x86/uncore: Add Raptor Lake uncore support (Kan Liang) [Orabug: 36810714] - perf/x86/msr: Add Raptor Lake CPU support (Kan Liang) [Orabug: 36810714] - perf/x86: Add Intel Raptor Lake support (Kan Liang) [Orabug: 36810714] - perf/x86/intel/uncore: Add IMC uncore support for ADL (Kan Liang) [Orabug: 36810714] - x86: intel_epb: Allow model specific normal EPB value (Srinivas Pandruvada) [Orabug: 36810714] - drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found (Marek Szyprowski) - netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type (Jozsef Kadlecsik) - tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() (Yunseong Kim) - Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ (Luiz Augusto von Dentz) - vxlan: Fix regression when dropping packets due to invalid src addresses (Daniel Borkmann) [5.15.0-209.161.3] - pci: add hotplug patch support for SOLIDIGM Aura10 AIC 0x025e:0x0b60 (Alan Adamson) [Orabug: 36771374] - iommufd/iova_bitmap: Remove iterator logic (Joao Martins) [Orabug: 36785489] - iommufd/iova_bitmap: Dynamic pinning on iova_bitmap_set() (Joao Martins) [Orabug: 36785489] - iommufd/iova_bitmap: Consolidate iova_bitmap_set exit conditionals (Joao Martins) [Orabug: 36785489] - iommufd/iova_bitmap: Move initial pinning to iova_bitmap_for_each() (Joao Martins) [Orabug: 36785489] - iommufd/iova_bitmap: Cache mapped length in iova_bitmap_map struct (Joao Martins) [Orabug: 36785489] - iommufd/iova_bitmap: Check iova_bitmap_done() after set ahead (Joao Martins) [Orabug: 36785489] [5.15.0-209.161.2] - LTS version: v5.15.161 (Vijayendra Suman) - scsi: ufs: ufs-qcom: Clear qunipro_g4_sel for HW major version > 5 (Neil Armstrong) - NFS: Fix READ_PLUS when server doesn't support OP_READ_PLUS (Anna Schumaker) - nfs: fix undefined behavior in nfs_block_bits() (Sergey Shtylyov) - EDAC/igen6: Convert PCIBIOS_* return codes to errnos (Ilpo Jarvinen) - i3c: master: svc: fix invalidate IBI type and miss call client IBI handler (Frank Li) - s390/cpacf: Make use of invalid opcode produce a link error (Harald Freudenberger) - s390/cpacf: Split and rework cpacf query functions (Harald Freudenberger) - s390/ap: Fix crash in AP internal function modify_bitmap() (Harald Freudenberger) - ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (Baokun Li) - ext4: set type of ac_groups_linear_remaining to __u32 to avoid overflow (Baokun Li) - sparc: move struct termio to asm/termios.h (Mike Gilbert) - net: fix __dst_negative_advice() race (Eric Dumazet) - kdb: Use format-specifiers rather than memset() for padding in kdb_read() (Daniel Thompson) - kdb: Merge identical case statements in kdb_read() (Daniel Thompson) - kdb: Fix console handling when editing and tab-completing commands (Daniel Thompson) - kdb: Use format-strings rather than '- kdb: Fix buffer overflow during tab-complete (Daniel Thompson) - watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin (Judith Mendez) - sparc64: Fix number of online CPUs (Sam Ravnborg) - intel_th: pci: Add Meteor Lake-S CPU support (Alexander Shishkin) - net/9p: fix uninit-value in p9_client_rpc() (Nikita Zhandarovich) - net/ipv6: Fix route deleting failure when metric equals 0 (xu xin) - crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak (Herbert Xu) - crypto: ecrdsa - Fix module auto-load on add_key (Vitaly Chikunov) - crypto: ecdsa - Fix module auto-load on add-key (Stefan Berger) - KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode (Marc Zyngier) - KVM: arm64: Fix AArch32 register narrowing on userspace write (Marc Zyngier) - drm/amdgpu/atomfirmware: add intergrated info v2.3 table (Li Ma) - fbdev: savage: Handle err return when savagefb_check_var failed (Cai Xinchen) - mmc: sdhci-acpi: Disable write protect detection on Toshiba WT10-A (Hans de Goede) - mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot not working (Hans de Goede) - mmc: sdhci-acpi: Sort DMI quirks alphabetically (Hans de Goede) - mmc: core: Add mmc_gpiod_set_cd_config() function (Hans de Goede) - media: v4l2-core: hold videodev_lock until dev reg, finishes (Hans Verkuil) - media: mxl5xx: Move xpt structures off stack (Nathan Chancellor) - media: mc: mark the media devnode as registered from the, start (Hans Verkuil) - arm64: dts: hi3798cv200: fix the size of GICR (Yang Xiwen) - wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path (Bitterblue Smith) - wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE (Bitterblue Smith) - wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU (Bitterblue Smith) - arm64: dts: qcom: qcs404: fix bluetooth device address (Johan Hovold) - arm64: tegra: Correct Tegra132 I2C alias (Krzysztof Kozlowski) - ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx (Christoffer Sandberg) - soc: qcom: rpmh-rsc: Enhance check for VRM in-flight request (Maulik Shah) - thermal/drivers/qcom/lmh: Check for SCM availability at probe (Konrad Dybcio) - ata: pata_legacy: make legacy_exit() work again (Sergey Shtylyov) - drm/amdgpu: add error handle to avoid out-of-bounds (Bob Zhou) - media: lgdt3306a: Add a check against null-pointer-def (Zheyu Ma) - f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() (Chao Yu) - sunrpc: exclude from freezer when waiting for requests: (NeilBrown) - scripts/gdb: fix SB_* constants parsing (Florian Fainelli) - net: dsa: tag_sja1105: always prefer source port information from INCL_SRCPT (Vladimir Oltean) - net: dsa: sja1105: always enable the INCL_SRCPT option (Vladimir Oltean) - mptcp: fix full TCP keep-alive support (Matthieu Baerts (NGI0)) - nilfs2: fix use-after-free of timer for log writer thread (Ryusuke Konishi) - afs: Don't cross .backup mountpoint from backup volume (Marc Dionne) - io_uring: fail NOP if non-zero op flags is passed in (Ming Lei) - mmc: core: Do not force a retune before RPMB switch (Jorge Ramirez-Ortiz) - drm: Check polling initialized before enabling in drm_helper_probe_single_connector_modes (Shradha Gupta) - drm: Check output polling initialized before disabling (Shradha Gupta) - SUNRPC: Fix loop termination condition in gss_free_in_token_pages() (Chuck Lever) - media: cec: core: add adap_nb_transmit_canceled() callback (Hans Verkuil) - net: ena: Fix DMA syncing in XDP path when SWIOTLB is on (David Arinzon) - KVM: x86: Don't advertise guest.MAXPHYADDR as host.MAXPHYADDR in CPUID (Gerd Hoffmann) - ALSA: timer: Set lower bound of start tick time (Takashi Iwai) - hwmon: (shtc1) Fix property misspelling (Guenter Roeck) - ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound (Yue Haibing) - net: ena: Fix redundant device NUMA node override (Shay Agroskin) - net: ena: Reduce lines with longer column width boundary (David Arinzon) - net: ena: Add dynamic recycling mechanism for rx buffers (David Arinzon) - net: ena: Do not waste napi skb cache (Hyeonggon Yoo) - net: ena: Extract recurring driver reset code into a function (Arthur Kiyanovski) - net: ena: Add capabilities field with support for ENI stats capability (Arthur Kiyanovski) - spi: stm32: Don't warn about spurious interrupts (Uwe Kleine-Konig) - kconfig: fix comparison to constant symbols, 'm', 'n' (Masahiro Yamada) - netfilter: tproxy: bail out if IP has been disabled on the device (Florian Westphal) - netfilter: nft_payload: skbuff vlan metadata mangle support (Pablo Neira Ayuso) - netfilter: nft_payload: rebuild vlan header on h_proto access (Florian Westphal) - netfilter: nft_payload: rebuild vlan header when needed (Pablo Neira Ayuso) - netfilter: nft_payload: move struct nft_payload_set definition where it belongs (Pablo Neira Ayuso) - net:fec: Add fec_enet_deinit() (Xiaolei Wang) - net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM (Parthiban Veerasooran) - enic: Validate length of nl attributes in enic_set_vf_port (Roded Zats) - bpf: Fix potential integer overflow in resolve_btfids (Friedrich Vock) - dma-buf/sw-sync: don't enable IRQ from sync_print_obj() (Tetsuo Handa) - net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion (Carolina Jubran) - net/mlx5e: Fix IPsec tunnel mode offload feature check (Rahul Rameshbabu) - net: phy: micrel: set soft_reset callback to genphy_soft_reset for KSZ8061 (Mathieu Othacehe) - nvmet: fix ns enable/disable possible hang (Sagi Grimberg) - dma-mapping: benchmark: handle NUMA_NO_NODE correctly (Fedor Pchelkin) - dma-mapping: benchmark: fix node id validation (Fedor Pchelkin) - spi: Don't mark message DMA mapped when no transfer in it is (Andy Shevchenko) - netfilter: nft_payload: restore vlan q-in-q match support (Pablo Neira Ayuso) - netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (Eric Dumazet) - ice: Interpret .set_channels() input differently (Larysa Zaremba) - nfc: nci: Fix handling of zero-length payload packets in nci_rx_work() (Ryosuke Yasuoka) - nfc: nci: Fix kcov check in nci_rx_work() (Tetsuo Handa) - tls: fix missing memory barrier in tls_init (Dae R. Jeong) - net: fec: avoid lock evasion when reading pps_enable (Wei Fang) - riscv: stacktrace: fixed walk_stackframe() (Matthew Bystrin) - riscv: stacktrace: Make walk_stackframe cross pt_regs frame (Guo Ren) - virtio: delete vq in vp_find_vqs_msix() when request_irq() fails (Jiri Pirko) - arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY (Jiangfeng Xiao) - openvswitch: Set the skbuff pkt_type for proper pmtud support. (Aaron Conole) - tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). (Kuniyuki Iwashima) - ipv6: sr: fix memleak in seg6_hmac_init_algo (Hangbin Liu) - rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL (Dan Aloni) - sunrpc: fix NFSACL RPC retry on soft mount (Dan Aloni) - NFSv4: Fixup smatch warning for ambiguous return (Benjamin Coddington) - ASoC: tas2552: Add TX path for capturing AUDIO-OUT data (Shenghao Ding) - nfc: nci: Fix uninit-value in nci_rx_work (Ryosuke Yasuoka) - ipv6: sr: fix missing sk_buff release in seg6_input_core (Andrea Mayer) - net: Always descend into dsa/ folder with CONFIG_NET_DSA enabled (Florian Fainelli) - x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y (Masahiro Yamada) - regulator: bd71828: Don't overwrite runtime voltages (Matti Vaittinen) - ASoC: mediatek: mt8192: fix register configuration for tdm (Hsin-Te Yuan) - null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (Zhu Yanjun) - media: cec: core: avoid confusing 'transmit timed out' message (Hans Verkuil) - media: cec: core: avoid recursive cec_claim_log_addrs (Hans Verkuil) - media: cec-adap.c: drop activate_cnt, use state info instead (Hans Verkuil) - media: cec: use call_op and check for !unregistered (Hans Verkuil) - media: cec: correctly pass on reply results (Hans Verkuil) - media: cec: abort if the current transmit was canceled (Hans Verkuil) - media: cec: call enable_adap on s_log_addrs (Hans Verkuil) - media: cec: cec-api: add locking in cec_release() (Hans Verkuil) - media: cec: cec-adap: always cancel work in cec_transmit_msg_fh (Hans Verkuil) - um: Fix the -Wmissing-prototypes warning for __switch_mm (Tiwei Bie) - powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp (Shrikanth Hegde) - media: flexcop-usb: fix sanity check of bNumEndpoints (Dongliang Mu) - media: flexcop-usb: clean up endpoint sanity checks (Johan Hovold) - Input: cyapa - add missing input core locking to suspend/resume functions (Marek Szyprowski) - media: stk1160: fix bounds checking in stk1160_copy_video() (Dan Carpenter) - drm/bridge: tc358775: fix support for jeida-18 and jeida-24 (Michael Walle) - fs/ntfs3: Use variable length array instead of fixed size (Konstantin Komarov) - fs/ntfs3: Use 64 bit variable to avoid 32 bit overflow (Konstantin Komarov) - um: vector: fix bpfflash parameter evaluation (Johannes Berg) - um: Add winch to winch_handlers before registering winch IRQ (Roberto Sassu) - um: Fix return value in ubd_init() (Duoming Zhou) - drm/msm/dpu: Always flush the slave INTF on the CTL (Marijn Suijten) - drm/msm/dsi: Print dual-DSI-adjusted pclk instead of original mode pclk (Marijn Suijten) - Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation (Fenglin Wu) - mmc: sdhci_am654: Fix ITAPDLY for HS400 timing (Judith Mendez) - mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock (Judith Mendez) - mmc: sdhci_am654: Add OTAP/ITAP delay enable (Judith Mendez) - mmc: sdhci_am654: Drop lookup for deprecated ti,otap-del-sel (Vignesh Raghavendra) - mmc: sdhci_am654: Write ITAPDLY for DDR52 timing (Judith Mendez) - mmc: sdhci_am654: Add tuning algorithm for delay chain (Judith Mendez) - Input: ioc3kbd - add device table (Karel Balej) - Input: ioc3kbd - convert to platform remove callback returning void (Uwe Kleine-Konig) - Input: ims-pcu - fix printf string overflow (Arnd Bergmann) - s390/boot: Remove alt_stfle_fac_list from decompressor (Sven Schnelle) - s390/ipl: Fix incorrect initialization of nvme dump block (Alexander Egorenkov) - s390/ipl: Fix incorrect initialization of len fields in nvme reipl block (Alexander Egorenkov) - s390/vdso: Use standard stack frame layout (Heiko Carstens) - s390/vdso: Generate unwind information for C modules (Jens Remus) - s390/vdso64: filter out munaligned-symbols flag for vdso (Sumanth Korikkar) - s390/vdso: filter out mno-pic-data-is-text-relative cflag (Sumanth Korikkar) - libsubcmd: Fix parse-options memory leak (Ian Rogers) - serial: sh-sci: protect invalidating RXDMA on shutdown (Wolfram Sang) - f2fs: compress: don't allow unaligned truncation on released compress inode (Chao Yu) - f2fs: fix to release node block count in error path of f2fs_new_node_page() (Chao Yu) - f2fs: compress: fix to cover {reserve,release}_compress_blocks() w/ cp_rwsem lock (Chao Yu) - PCI/EDR: Align EDR_PORT_LOCATE_DSM with PCI Firmware r3.3 (Kuppuswamy Sathyanarayanan) - PCI/EDR: Align EDR_PORT_DPC_ENABLE_DSM with PCI Firmware r3.3 (Kuppuswamy Sathyanarayanan) - extcon: max8997: select IRQ_DOMAIN instead of depending on it (Randy Dunlap) - ppdev: Add an error check in register_device (Huai-Yuan Liu) - ppdev: Remove usage of the deprecated ida_simple_xx() API (Christophe JAILLET) - stm class: Fix a double free in stm_register_device() (Dan Carpenter) - usb: gadget: u_audio: Clear uac pointer when freed. (Chris Wulff) - watchdog: bd9576: Drop 'always-running' property (Matti Vaittinen) - watchdog: bd9576_wdt: switch to using devm_fwnode_gpiod_get() (Dmitry Torokhov) - dt-bindings: pinctrl: mediatek: mt7622: fix array properties (Rafal Milecki) - microblaze: Remove early printk call from cpuinfo-static.c (Michal Simek) - microblaze: Remove gcc flag for non existing early_printk.c file (Michal Simek) - fpga: region: add owner module and take its refcount (Marco Pagani) - fpga: region: Use standard dev_release for class driver (Russ Weight) - coresight: etm4x: Fix access to resource selector registers (Suzuki K Poulose) - coresight: etm4x: Safe access for TRCQCLTR (Suzuki K Poulose) - coresight: etm4x: Cleanup TRCIDR0 register accesses (James Clark) - coresight: no-op refactor to make INSTP0 check more idiomatic (James Clark) - coresight: etm4x: Do not save/restore Data trace control registers (Suzuki K Poulose) - coresight: etm4x: Do not hardcode IOMEM access for register restore (Suzuki K Poulose) - iio: pressure: dps310: support negative temperature values (Thomas Haemmerle) - coresight: etm4x: Fix unbalanced pm_runtime_enable() (Anshuman Khandual) - f2fs: fix to check pinfile flag in f2fs_move_file_range() (Chao Yu) - f2fs: fix to relocate check condition in f2fs_fallocate() (Chao Yu) - f2fs: fix typos in comments (Jinyoung CHOI) - f2fs: do not allow partial truncation on pinned file (Jaegeuk Kim) - f2fs: compress: fix to relocate check condition in f2fs_ioc_{,de}compress_file() (Chao Yu) - f2fs: convert to use sbi directly (Yangtao Li) - f2fs: compress: fix to relocate check condition in f2fs_{release,reserve}_compress_blocks() (Chao Yu) - dt-bindings: PCI: rcar-pci-host: Add missing IOMMU properties (Geert Uytterhoeven) - dt-bindings: PCI: rcar-pci-host: Add optional regulators (Wolfram Sang) - serial: sc16is7xx: add proper sched.h include for sched_set_fifo() (Hugo Villeneuve) - PCI: tegra194: Fix probe path for Endpoint mode (Vidya Sagar) - greybus: arche-ctrl: move device table to its right location (Arnd Bergmann) - serial: max3100: Fix bitwise types (Andy Shevchenko) - serial: max3100: Update uart_driver_registered on driver removal (Andy Shevchenko) - serial: max3100: Lock port->lock when calling uart_handle_cts_change() (Andy Shevchenko) - firmware: dmi-id: add a release callback function (Arnd Bergmann) - dmaengine: idma64: Add check for dma_set_max_seg_size (Chen Ni) - soundwire: cadence: fix invalid PDI offset (Pierre-Louis Bossart) - f2fs: fix to wait on page writeback in __clone_blkaddrs() (Chao Yu) - f2fs: Delete f2fs_copy_page() and replace with memcpy_page() (Fabio M. De Francesco) - greybus: lights: check return of get_channel_from_mode (Rui Miguel Silva) - sched/core: Fix incorrect initialization of the 'burst' parameter in cpu_max_write() (Cheng Yu) - sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level (Vitalii Bursov) - af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (Eric Dumazet) - netrom: fix possible dead-lock in nr_rt_ioctl() (Eric Dumazet) - net: qrtr: ns: Fix module refcnt (Chris Lew) - selftests: net: bridge: increase IGMP/MLD exclude timeout membership interval (Nikolay Aleksandrov) - RDMA/IPoIB: Fix format truncation compilation errors (Leon Romanovsky) - selftests/kcmp: remove unused open mode (Edward Liaw) - selftests/kcmp: Make the test output consistent and clear (Gautam Menghani) - SUNRPC: Fix gss_free_in_token_pages() (Chuck Lever) - ext4: fix potential unnitialized variable (Dan Carpenter) - ext4: remove unused parameter from ext4_mb_new_blocks_simple() (Kemeng Shi) - ext4: try all groups in ext4_mb_new_blocks_simple (Kemeng Shi) - ext4: fix unit mismatch in ext4_mb_new_blocks_simple (Kemeng Shi) - ext4: simplify calculation of blkoff in ext4_mb_new_blocks_simple (Kemeng Shi) - sunrpc: removed redundant procp check (Aleksandr Aprelkov) - drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() (David Hildenbrand) - virt: acrn: stop using follow_pfn (Christoph Hellwig) - virt: acrn: Prefer array_size and struct_size over open coded arithmetic (Len Baker) - ext4: avoid excessive credit estimate in ext4_tmpfile() (Jan Kara) - x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map (Adrian Hunter) - clk: qcom: mmcc-msm8998: fix venus clock issue (Marc Gonzalez) - RDMA/hns: Modify the print level of CQE error (Chengchang Tang) - RDMA/hns: Use complete parentheses in macros (Chengchang Tang) - RDMA/hns: Fix GMV table pagesize (Chengchang Tang) - RDMA/hns: Fix deadlock on SRQ async events. (Chengchang Tang) - RDMA/hns: Fix return value in hns_roce_map_mr_sg (Zhengchao Shao) - RDMA/mlx5: Adding remote atomic access flag to updatable flags (Or Har-Toov) - drm/mipi-dsi: use correct return type for the DSC functions (Dmitry Baryshkov) - drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector (Marek Vasut) - drm/bridge: tc358775: Don't log an error when DSI host can't be found (Nicolas F. R. A. Prado) - drm/bridge: lt9611: Don't log an error when DSI host can't be found (Nicolas F. R. A. Prado) - drm/bridge: lt8912b: Don't log an error when DSI host can't be found (Nicolas F. R. A. Prado) - ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value (Steven Rostedt) - drm: vc4: Fix possible null pointer dereference (Aleksandr Mishin) - drm/arm/malidp: fix a possible null pointer dereference (Huai-Yuan Liu) - media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries (Zhipeng Lu) - fbdev: sh7760fb: allow modular build (Randy Dunlap) - media: dt-bindings: ovti,ov2680: Fix the power supply names (Fabio Estevam) - media: ipu3-cio2: Request IRQ earlier (Sakari Ailus) - media: ipu3-cio2: Use temporary storage for struct device pointer (Andy Shevchenko) - drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference (Aleksandr Mishin) - media: radio-shark2: Avoid led_names truncations (Ricardo Ribalda) - media: ngene: Add dvb_ca_en50221_init return value check (Aleksandr Burakov) - fbdev: sisfb: hide unused variables (Arnd Bergmann) - powerpc/fsl-soc: hide unused const variable (Arnd Bergmann) - drm/mediatek: Add 0 size check to mtk_drm_gem_obj (Justin Green) - drm/meson: vclk: fix calculation of 59.94 fractional rates (Christian Hewitt) - ASoC: kirkwood: Fix potential NULL dereference (Aleksandr Mishin) - fbdev: shmobile: fix snprintf truncation (Arnd Bergmann) - mtd: rawnand: hynix: fixed typo (Maxim Korotkov) - mtd: core: Report error if first mtd_otp_size() call fails in mtd_otp_nvmem_add() (Aapo Vienamo) - ASoC: Intel: Disable route checks for Skylake boards (Cezary Rojewski) - drm/amd/display: Fix potential index out of bounds in color transformation function (Srinivasan Shanmugam) - dev_printk: Add and use dev_no_printk() (Geert Uytterhoeven) - printk: Let no_printk() use _printk() (Geert Uytterhoeven) - mptcp: SO_KEEPALIVE: fix getsockopt support (Matthieu Baerts (NGI0)) - s390/bpf: Emit a barrier for BPF_FETCH instructions (Ilya Leoshkevich) - net/mlx5: Discard command completions in internal error (Akiva Goldberger) - ipv6: sr: fix invalid unregister error path (Hangbin Liu) - ipv6: sr: add missing seg6_local_exit (Hangbin Liu) - net: openvswitch: fix overwriting ct original tuple for ICMPv6 (Ilya Maximets) - net: usb: smsc95xx: stop lying about skb->truesize (Eric Dumazet) - af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (Breno Leitao) - net: ethernet: cortina: Locking fixes (Linus Walleij) - eth: sungem: remove .ndo_poll_controller to avoid deadlocks (Jakub Kicinski) - net: ipv6: fix wrong start position when receive hop-by-hop fragment (gaoxingwang) - m68k: mac: Fix reboot hang on Mac IIci (Finn Thain) - m68k: Fix spinlock race in kernel thread creation (Michael Schmitz) - net: usb: sr9700: stop lying about skb->truesize (Eric Dumazet) - usb: aqc111: stop lying about skb->truesize (Eric Dumazet) - wifi: mwl8k: initialize cmd->addr[] properly (Dan Carpenter) - scsi: qla2xxx: Fix debugfs output for fw_resource_count (Himanshu Madhani) - scsi: qedf: Ensure the copied buf is NUL terminated (Bui Quang Minh) - scsi: bfa: Ensure the copied buf is NUL terminated (Bui Quang Minh) - HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors (Chen Ni) - selftests/resctrl: fix clang build failure: use LOCAL_HDRS (John Hubbard) - selftests/binderfs: use the Makefile's rules, not Make's implicit rules (John Hubbard) - Revert 'sh: Handle calling csum_partial with misaligned data' (Guenter Roeck) - sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe() (Geert Uytterhoeven) - wifi: ar5523: enable proper endpoint verification (Nikita Zhandarovich) - wifi: carl9170: add a proper sanity check for endpoints (Nikita Zhandarovich) - macintosh/via-macii: Fix 'BUG: sleeping function called from invalid context' (Finn Thain) - net: give more chances to rcu in netdev_wait_allrefs_any() (Eric Dumazet) - pwm: sti: Simplify probe function using devm functions (Uwe Kleine-Konig) - pwm: sti: Prepare removing pwm_chip from driver data (Uwe Kleine-Konig) - pwm: sti: Convert to platform remove callback returning void (Uwe Kleine-Konig) - tcp: avoid premature drops in tcp_add_backlog() (Eric Dumazet) - net: dsa: mv88e6xxx: Avoid EEPROM timeout without EEPROM on 88E6250-family switches (Matthias Schiffer) - net: dsa: mv88e6xxx: Add support for model-specific pre- and post-reset handlers (Matthias Schiffer) - wifi: ath10k: populate board data for WCN3990 (Dmitry Baryshkov) - wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() (Su Hui) - thermal/drivers/tsens: Fix null pointer dereference (Aleksandr Mishin) - x86/purgatory: Switch to the position-independent small code model (Ard Biesheuvel) - scsi: hpsa: Fix allocation size for Scsi_Host private data (Yuri Karpov) - scsi: libsas: Fix the failure of adding phy with zero-address to port (Xingui Yang) - cppc_cpufreq: Fix possible null pointer dereference (Aleksandr Mishin) - udp: Avoid call to compute_score on multiple sites (Gabriel Krisman Bertazi) - net: remove duplicate reuseport_lookup functions (Lorenz Bauer) - net: export inet_lookup_reuseport and inet6_lookup_reuseport (Lorenz Bauer) - cpufreq: exit() callback is optional (Viresh Kumar) - cpufreq: Rearrange locking in cpufreq_remove_dev() (Rafael J. Wysocki) - cpufreq: Split cpufreq_offline() (Rafael J. Wysocki) - cpufreq: Reorganize checks in cpufreq_offline() (Rafael J. Wysocki) - selftests/bpf: Fix umount cgroup2 error in test_sockmap (Geliang Tang) - gfs2: Fix 'ignore unlock failures after withdraw' (Andreas Gruenbacher) - gfs2: Don't forget to complete delayed withdraw (Andreas Gruenbacher) - ACPI: disable -Wstringop-truncation (Arnd Bergmann) - irqchip/loongson-pch-msi: Fix off-by-one on allocation error path (Zenghui Yu) - irqchip/alpine-msi: Fix off-by-one in allocation error path (Zenghui Yu) - scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL (Andrew Halaney) - scsi: ufs: core: Perform read back after disabling interrupts (Andrew Halaney) - scsi: ufs: cdns-pltfrm: Perform read back after writing HCLKDIV (Andrew Halaney) - scsi: ufs: qcom: Perform read back after writing CGC enable (Andrew Halaney) - scsi: ufs: qcom: Perform read back after writing unipro mode (Andrew Halaney) - scsi: ufs: ufs-qcom: Clear qunipro_g4_sel for HW version major 5 (Abel Vesa) - scsi: ufs: ufs-qcom: Fix the Qcom register name for offset 0xD0 (Manivannan Sadhasivam) - scsi: ufs: qcom: Perform read back after writing REG_UFS_SYS1CLK_1US (Andrew Halaney) - scsi: ufs: qcom: Perform read back after writing reset bit (Andrew Halaney) - bpf: Pack struct bpf_fib_lookup (Anton Protopopov) - qed: avoid truncating work queue length (Arnd Bergmann) - sched/fair: Add EAS checks before updating root_domain::overutilized (Shrikanth Hegde) - wifi: ath10k: poll service ready message before failing (Baochen Qiang) - md: fix resync softlockup when bitmap size is less than array size (Yu Kuai) - null_blk: Fix missing mutex_destroy() at module removal (Zhu Yanjun) - soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE (Chun-Kuang Hu) - jffs2: prevent xattr node from overflowing the eraseblock (Ilya Denisyev) - s390/cio: fix tracepoint subchannel type field (Peter Oberparleiter) - crypto: x86/sha512-avx2 - add missing vzeroupper (Eric Biggers) - crypto: x86/sha256-avx2 - add missing vzeroupper (Eric Biggers) - crypto: x86/nh-avx2 - add missing vzeroupper (Eric Biggers) - crypto: ccp - drop platform ifdef checks (Arnd Bergmann) - parisc: add missing export of __cmpxchg_u8() (Al Viro) - nilfs2: fix out-of-range warning (Arnd Bergmann) - ecryptfs: Fix buffer size for tag 66 packet (Brian Kubisiak) - firmware: raspberrypi: Use correct device for DMA mappings (Laurent Pinchart) - mm/slub, kunit: Use inverted data to corrupt kmem cache (Guenter Roeck) - crypto: bcm - Fix pointer arithmetic (Aleksandr Mishin) - openpromfs: finish conversion to the new mount API (Eric Sandeen) - epoll: be better about file lifetimes (Linus Torvalds) - nvme: find numa distance only if controller has valid numa id (Nilay Shroff) - x86/mm: Remove broken vsyscall emulation code from the page fault code (Linus Torvalds) - drm/amdkfd: Flush the process wq before creating a kfd_process (Lancelot SIX) - ASoC: da7219-aad: fix usage of device_get_named_child_node() (Pierre-Louis Bossart) - softirq: Fix suspicious RCU usage in __do_softirq() (Zqiang) - ASoC: rt715-sdca: volume step modification (Jack Yu) - ASoC: rt715: add vendor clear control register (Jack Yu) - regulator: vqmmc-ipq4019: fix module autoloading (Krzysztof Kozlowski) - ASoC: dt-bindings: rt5645: add cbj sleeve gpio property (Derek Fang) - ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating (Derek Fang) - regulator: irq_helpers: duplicate IRQ name (Matti Vaittinen) - selftests: sud_test: return correct emulated syscall value on RISC-V (Clement Leger) - drm/amd/display: Set color_mgmt_changed to true on unsuspend (Joshua Ashton) - net: usb: qmi_wwan: add Telit FN920C04 compositions (Daniele Palmas) - dt-bindings: rockchip: grf: Add missing type to 'pcie-phy' node (Rob Herring) - wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class (Igor Artemiev) - ALSA: Fix deadlocks with kctl removals at disconnection (Takashi Iwai) - ALSA: core: Fix NULL module pointer assignment at card init (Takashi Iwai) - fs/ntfs3: Break dir enumeration if directory contents error (Konstantin Komarov) - fs/ntfs3: Fix case when index is reused during tree transformation (Konstantin Komarov) - fs/ntfs3: Taking DOS names into account during link counting (Konstantin Komarov) - fs/ntfs3: Remove max link count info display during driver init (Konstantin Komarov) - nilfs2: fix potential hang in nilfs_detach_log_writer() (Ryusuke Konishi) - nilfs2: fix unexpected freezing of nilfs_segctor_sync() (Ryusuke Konishi) - net: smc91x: Fix m68k kernel compilation for ColdFire CPU (Thorsten Blum) - tools/latency-collector: Fix -Wformat-security compile warns (Shuah Khan) - ring-buffer: Fix a race between readers and resize checks (Petr Pavlu) - r8169: Fix possible ring buffer corruption on fragmented Tx packets. (Ken Milmore) - Revert 'r8169: don't try to disable interrupts if NAPI is, scheduled already' (Heiner Kallweit) - serial: 8250_bcm7271: use default_mux_rate if possible (Doug Berger) - speakup: Fix sizeof() vs ARRAY_SIZE() bug (Dan Carpenter) - tty: n_gsm: fix missing receive state reset after mode switch (Daniel Starke) - tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (Daniel Starke) - x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (Daniel J Blueman) - LTS version: v5.15.160 (Vijayendra Suman) - docs: kernel_include.py: Cope with docutils 0.21 (Akira Yokosawa) - admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET (Thomas Weissschuh) - KEYS: trusted: Do not use WARN when encode fails (Jarkko Sakkinen) - remoteproc: mediatek: Make sure IPI buffer fits in L2TCM (AngeloGioacchino Del Regno) - serial: kgdboc: Fix NMI-safety problems from keyboard reset code (Daniel Thompson) - usb: typec: ucsi: displayport: Fix potential deadlock (Heikki Krogerus) - binder: fix max_thread type inconsistency (Carlos Llamas) - drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() (Srinivasan Shanmugam) - KVM: x86: Clear 'has_error_code', not 'error_code', for RM exception injection (Sean Christopherson) - netlink: annotate data-races around sk->sk_err (Eric Dumazet) - netlink: annotate lockless accesses to nlk->max_recvmsg_len (Eric Dumazet) - net: tls: handle backlogging of crypto requests (Jakub Kicinski) - tls: fix race between async notify and socket close (Jakub Kicinski) - net: tls: factor out tls_*crypt_async_wait() (Jakub Kicinski) - tls: extract context alloc/initialization out of tls_set_sw_offload (Sabrina Dubroca) - tls: rx: simplify async wait (Jakub Kicinski) - net: bcmgenet: synchronize UMAC_CMD access (Doug Berger) - net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access (Doug Berger) - KEYS: trusted: Fix memory leak in tpm2_key_encode() (Jarkko Sakkinen) - nfsd: don't allow nfsd threads to be signalled. (NeilBrown) - pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin() (Sergey Shtylyov) - drm/amd/display: Fix division by zero in setup_dsc_config (Jose Fernandez) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-41091 CVE-2024-41090 cpe:/a:oracle:linux:8::UEKR7 cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9::UEKR7 Oracle Linux 7 [4.14.35-2047.539.5] - Revert 'mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again' (Jan Kara) - net/mlx5e: drop shorter ethernet frames (Manjunath Patil) [Orabug: 36879158] {CVE-2024-41090} {CVE-2024-41091} [4.14.35-2047.539.4] - Fix parsing error in UEK5 kernel-uek-spec (Yifei Liu) [Orabug: 36847179] [4.14.35-2047.539.3] - nfc: nci: Fix handling of zero-length payload packets in nci_rx_work() (Ryosuke Yasuoka) - nfc: nci: Fix uninit-value in nci_rx_work (Ryosuke Yasuoka) - nfc: nci: Fix kcov check in nci_rx_work() (Tetsuo Handa) - vxlan: Fix regression when dropping packets due to invalid src addresses (Daniel Borkmann) - speakup: Fix sizeof() vs ARRAY_SIZE() bug (Dan Carpenter) - rds/ib: decrement ib_rx_total_incs after releasing associated cache (Arumugam Kolappan) [Orabug: 36760267] - rds/rdma: Send info to userspace, even if connnection is down. (Juan Garcia) [Orabug: 36529474] [4.14.35-2047.539.2] - rds/rdma: Clear rds_info_socket before use (Juan Garcia) [Orabug: 36613108] [4.14.35-2047.539.1] - xfs: make sure sb_fdblocks is non-negative (Wengang Wang) [Orabug: 36759719] - xfs: fix sb write verify for lazysbcount (Wengang Wang) [Orabug: 36759719] - rds/rdma: Track rds_message in send, retrans and recv queue (Juan Garcia) [Orabug: 36529577] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-41090 CVE-2024-41091 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::developer_UEKR5 cpe:/a:oracle:linux:7::UEKR5 cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [5.4.17-2136.334.6.el8] - loop: Fix a race between loop detach and loop open (Gulam Mohamed) [Orabug: 36197800] - x86/bhi: Do not enable unnecessary BHI mitigation in OCI and Exadata VMs (Alexandre Chartre) [Orabug: 36672495] - x86/bhi: Avoid warning in #DB handler due to BHI mitigation (Alexandre Chartre) [Orabug: 36642472] - wifi: wilc1000: fix ies_len type in connect path (Jozef Hopko) - net/mlx5e: drop shorter ethernet frames (Manjunath Patil) [Orabug: 36879157] {CVE-2024-41090} {CVE-2024-41091} [5.4.17-2136.334.5.el8] - Fix incorrect syntax in UEK6 OL8 kernel-uek.spec (Sherry Yang) [Orabug: 36847358] - rds/ib: decrement ib_rx_total_incs after releasing associated cache (Arumugam Kolappan) [Orabug: 36722026] [5.4.17-2136.334.4.el8] - Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ (Luiz Augusto von Dentz) - netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type (Jozsef Kadlecsik) - drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found (Marek Szyprowski) [5.4.17-2136.334.3.el8] - rds/rdma: Send info to userspace, even if connnection is down. (Juan Garcia) [Orabug: 36529562] - pci: add hotplug patch support for SOLIDIGM Aura10 AIC 0x025e:0x0b60 (Alan Adamson) [Orabug: 36762919] [5.4.17-2136.334.2.el8] - LTS tag: v5.4.278 (Alok Tiwari) - x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (Daniel J Blueman) - io_uring: fail NOP if non-zero op flags is passed in (Ming Lei) - nfs: fix undefined behavior in nfs_block_bits() (Sergey Shtylyov) - s390/ap: Fix crash in AP internal function modify_bitmap() (Harald Freudenberger) - ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (Baokun Li) - sparc: move struct termio to asm/termios.h (Mike Gilbert) - xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (Eric Dumazet) - net: fix __dst_negative_advice() race (Eric Dumazet) - kdb: Use format-specifiers rather than memset() for padding in kdb_read() (Daniel Thompson) - kdb: Merge identical case statements in kdb_read() (Daniel Thompson) - kdb: Fix console handling when editing and tab-completing commands (Daniel Thompson) - kdb: Use format-strings rather than '\0' injection in kdb_read() (Daniel Thompson) - kdb: Fix buffer overflow during tab-complete (Daniel Thompson) - sparc64: Fix number of online CPUs (Sam Ravnborg) - intel_th: pci: Add Meteor Lake-S CPU support (Alexander Shishkin) - net/9p: fix uninit-value in p9_client_rpc() (Nikita Zhandarovich) - net/ipv6: Fix route deleting failure when metric equals 0 (xu xin) - crypto: ecrdsa - Fix module auto-load on add_key (Vitaly Chikunov) - KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode (Marc Zyngier) - media: v4l2-core: hold videodev_lock until dev reg, finishes (Hans Verkuil) - media: mxl5xx: Move xpt structures off stack (Nathan Chancellor) - media: mc: mark the media devnode as registered from the, start (Hans Verkuil) - arm64: dts: hi3798cv200: fix the size of GICR (Yang Xiwen) - wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU (Bitterblue Smith) - arm64: tegra: Correct Tegra132 I2C alias (Krzysztof Kozlowski) - ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx (Christoffer Sandberg) - ata: pata_legacy: make legacy_exit() work again (Sergey Shtylyov) - drm/amdgpu: add error handle to avoid out-of-bounds (Bob Zhou) - media: lgdt3306a: Add a check against null-pointer-def (Zheyu Ma) - f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() (Chao Yu) - x86/mm: Remove broken vsyscall emulation code from the page fault code (Linus Torvalds) - nilfs2: fix use-after-free of timer for log writer thread (Ryusuke Konishi) - afs: Don't cross .backup mountpoint from backup volume (Marc Dionne) - mmc: core: Do not force a retune before RPMB switch (Jorge Ramirez-Ortiz) - binder: fix max_thread type inconsistency (Carlos Llamas) - SUNRPC: Fix loop termination condition in gss_free_in_token_pages() (Chuck Lever) - ALSA: timer: Set lower bound of start tick time (Takashi Iwai) - ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound (Yue Haibing) - spi: stm32: Don't warn about spurious interrupts (Uwe Kleine-Konig) - kconfig: fix comparison to constant symbols, 'm', 'n' (Masahiro Yamada) - netfilter: tproxy: bail out if IP has been disabled on the device (Florian Westphal) - net:fec: Add fec_enet_deinit() (Xiaolei Wang) - net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM (Parthiban Veerasooran) - smsc95xx: use usbnet->driver_priv (Andre Edich) - smsc95xx: remove redundant function arguments (Andre Edich) - enic: Validate length of nl attributes in enic_set_vf_port (Roded Zats) - dma-buf/sw-sync: don't enable IRQ from sync_print_obj() (Tetsuo Handa) - net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion (Carolina Jubran) - nvmet: fix ns enable/disable possible hang (Sagi Grimberg) - spi: Don't mark message DMA mapped when no transfer in it is (Andy Shevchenko) - netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (Eric Dumazet) - net: fec: avoid lock evasion when reading pps_enable (Wei Fang) - virtio: delete vq in vp_find_vqs_msix() when request_irq() fails (Jiri Pirko) - arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY (Jiangfeng Xiao) - openvswitch: Set the skbuff pkt_type for proper pmtud support. (Aaron Conole) - tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). (Kuniyuki Iwashima) - params: lift param_set_uint_minmax to common code (Sagi Grimberg) - ipv6: sr: fix memleak in seg6_hmac_init_algo (Hangbin Liu) - sunrpc: fix NFSACL RPC retry on soft mount (Dan Aloni) - x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y (Masahiro Yamada) - null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (Zhu Yanjun) - media: cec: cec-api: add locking in cec_release() (Hans Verkuil) - media: cec: cec-adap: always cancel work in cec_transmit_msg_fh (Hans Verkuil) - um: Fix the -Wmissing-prototypes warning for __switch_mm (Tiwei Bie) - powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp (Shrikanth Hegde) - scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (Azeem Shaikh) - media: stk1160: fix bounds checking in stk1160_copy_video() (Dan Carpenter) - um: Add winch to winch_handlers before registering winch IRQ (Roberto Sassu) - um: Fix return value in ubd_init() (Duoming Zhou) - drm/msm/dpu: Always flush the slave INTF on the CTL (Marijn Suijten) - Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation (Fenglin Wu) - Input: ims-pcu - fix printf string overflow (Arnd Bergmann) - libsubcmd: Fix parse-options memory leak (Ian Rogers) - serial: sh-sci: protect invalidating RXDMA on shutdown (Wolfram Sang) - f2fs: fix to release node block count in error path of f2fs_new_node_page() (Chao Yu) - extcon: max8997: select IRQ_DOMAIN instead of depending on it (Randy Dunlap) - ppdev: Add an error check in register_device (Huai-Yuan Liu) - ppdev: Remove usage of the deprecated ida_simple_xx() API (Christophe JAILLET) - stm class: Fix a double free in stm_register_device() (Dan Carpenter) - usb: gadget: u_audio: Clear uac pointer when freed. (Chris Wulff) - microblaze: Remove early printk call from cpuinfo-static.c (Michal Simek) - microblaze: Remove gcc flag for non existing early_printk.c file (Michal Simek) - iio: pressure: dps310: support negative temperature values (Thomas Haemmerle) - greybus: arche-ctrl: move device table to its right location (Arnd Bergmann) - serial: max3100: Fix bitwise types (Andy Shevchenko) - serial: max3100: Update uart_driver_registered on driver removal (Andy Shevchenko) - serial: max3100: Lock port->lock when calling uart_handle_cts_change() (Andy Shevchenko) - firmware: dmi-id: add a release callback function (Arnd Bergmann) - dmaengine: idma64: Add check for dma_set_max_seg_size (Chen Ni) - soundwire: cadence: fix invalid PDI offset (Pierre-Louis Bossart) - soundwire: cadence_master: improve PDI allocation (Bard Liao) - soundwire: intel: don't filter out PDI0/1 (Pierre-Louis Bossart) - soundwire: cadence/intel: simplify PDI/port mapping (Pierre-Louis Bossart) - greybus: lights: check return of get_channel_from_mode (Rui Miguel Silva) - sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level (Vitalii Bursov) - af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (Eric Dumazet) - netrom: fix possible dead-lock in nr_rt_ioctl() (Eric Dumazet) - RDMA/IPoIB: Fix format truncation compilation errors (Leon Romanovsky) - selftests/kcmp: remove unused open mode (Edward Liaw) - selftests/kcmp: Make the test output consistent and clear (Gautam Menghani) - SUNRPC: Fix gss_free_in_token_pages() (Chuck Lever) - sunrpc: removed redundant procp check (Aleksandr Aprelkov) - ext4: avoid excessive credit estimate in ext4_tmpfile() (Jan Kara) - x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map (Adrian Hunter) - RDMA/hns: Use complete parentheses in macros (Chengchang Tang) - drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector (Marek Vasut) - ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value (Steven Rostedt) - drm/arm/malidp: fix a possible null pointer dereference (Huai-Yuan Liu) - fbdev: sh7760fb: allow modular build (Randy Dunlap) - platform/x86: wmi: Make two functions static (YueHaibing) - media: radio-shark2: Avoid led_names truncations (Ricardo Ribalda) - media: ngene: Add dvb_ca_en50221_init return value check (Aleksandr Burakov) - fbdev: sisfb: hide unused variables (Arnd Bergmann) - powerpc/fsl-soc: hide unused const variable (Arnd Bergmann) - drm/mediatek: Add 0 size check to mtk_drm_gem_obj (Justin Green) - fbdev: shmobile: fix snprintf truncation (Arnd Bergmann) - mtd: rawnand: hynix: fixed typo (Maxim Korotkov) - drm/amd/display: Fix potential index out of bounds in color transformation function (Srinivasan Shanmugam) - ipv6: sr: fix invalid unregister error path (Hangbin Liu) - ipv6: sr: add missing seg6_local_exit (Hangbin Liu) - net: openvswitch: fix overwriting ct original tuple for ICMPv6 (Ilya Maximets) - net: usb: smsc95xx: stop lying about skb->truesize (Eric Dumazet) - af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (Breno Leitao) - net: ethernet: cortina: Locking fixes (Linus Walleij) - m68k: mac: Fix reboot hang on Mac IIci (Finn Thain) - m68k: Fix spinlock race in kernel thread creation (Michael Schmitz) - net: usb: sr9700: stop lying about skb->truesize (Eric Dumazet) - usb: aqc111: stop lying about skb->truesize (Eric Dumazet) - wifi: mwl8k: initialize cmd->addr[] properly (Dan Carpenter) - scsi: qedf: Ensure the copied buf is NUL terminated (Bui Quang Minh) - scsi: bfa: Ensure the copied buf is NUL terminated (Bui Quang Minh) - HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors (Chen Ni) - Revert 'sh: Handle calling csum_partial with misaligned data' (Guenter Roeck) - sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe() (Geert Uytterhoeven) - wifi: ar5523: enable proper endpoint verification (Nikita Zhandarovich) - wifi: carl9170: add a proper sanity check for endpoints (Nikita Zhandarovich) - macintosh/via-macii: Fix 'BUG: sleeping function called from invalid context' (Finn Thain) - tcp: avoid premature drops in tcp_add_backlog() (Eric Dumazet) - tcp: fix a signed-integer-overflow bug in tcp_add_backlog() (Lu Wei) - tcp: minor optimization in tcp_add_backlog() (Eric Dumazet) - wifi: ath10k: populate board data for WCN3990 (Dmitry Baryshkov) - wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() (Su Hui) - x86/purgatory: Switch to the position-independent small code model (Ard Biesheuvel) - scsi: hpsa: Fix allocation size for Scsi_Host private data (Yuri Karpov) - scsi: libsas: Fix the failure of adding phy with zero-address to port (Xingui Yang) - cpufreq: exit() callback is optional (Viresh Kumar) - cpufreq: Rearrange locking in cpufreq_remove_dev() (Rafael J. Wysocki) - cpufreq: Split cpufreq_offline() (Rafael J. Wysocki) - cpufreq: Reorganize checks in cpufreq_offline() (Rafael J. Wysocki) - ACPI: disable -Wstringop-truncation (Arnd Bergmann) - irqchip/alpine-msi: Fix off-by-one in allocation error path (Zenghui Yu) - scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL (Andrew Halaney) - scsi: ufs: core: Perform read back after disabling interrupts (Andrew Halaney) - scsi: ufs: cdns-pltfrm: Perform read back after writing HCLKDIV (Andrew Halaney) - scsi: ufs: qcom: Perform read back after writing reset bit (Andrew Halaney) - qed: avoid truncating work queue length (Arnd Bergmann) - wifi: ath10k: poll service ready message before failing (Baochen Qiang) - md: fix resync softlockup when bitmap size is less than array size (Yu Kuai) - null_blk: Fix missing mutex_destroy() at module removal (Zhu Yanjun) - jffs2: prevent xattr node from overflowing the eraseblock (Ilya Denisyev) - s390/cio: fix tracepoint subchannel type field (Peter Oberparleiter) - crypto: ccp - drop platform ifdef checks (Arnd Bergmann) - parisc: add missing export of __cmpxchg_u8() (Al Viro) - nilfs2: fix out-of-range warning (Arnd Bergmann) - ecryptfs: Fix buffer size for tag 66 packet (Brian Kubisiak) - firmware: raspberrypi: Use correct device for DMA mappings (Laurent Pinchart) - crypto: bcm - Fix pointer arithmetic (Aleksandr Mishin) - openpromfs: finish conversion to the new mount API (Eric Sandeen) - nvme: find numa distance only if controller has valid numa id (Nilay Shroff) - drm/amdkfd: Flush the process wq before creating a kfd_process (Lancelot SIX) - ASoC: da7219-aad: fix usage of device_get_named_child_node() (Pierre-Louis Bossart) - ASoC: dt-bindings: rt5645: add cbj sleeve gpio property (Derek Fang) - ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating (Derek Fang) - drm/amd/display: Set color_mgmt_changed to true on unsuspend (Joshua Ashton) - net: usb: qmi_wwan: add Telit FN920C04 compositions (Daniele Palmas) - wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class (Igor Artemiev) - nilfs2: fix potential hang in nilfs_detach_log_writer() (Ryusuke Konishi) - nilfs2: fix unexpected freezing of nilfs_segctor_sync() (Ryusuke Konishi) - net: smc91x: Fix m68k kernel compilation for ColdFire CPU (Thorsten Blum) - ring-buffer: Fix a race between readers and resize checks (Petr Pavlu) - tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (Daniel Starke) [5.4.17-2136.334.1.el8] - rds/rdma: Track rds_message in send, retrans and recv queue (Juan Garcia) [Orabug: 36529583] - xfs: make sure sb_fdblocks is non-negative (Wengang Wang) [Orabug: 36596998] - xfs: fix sb write verify for lazysbcount (Long Li) [Orabug: 36596998] - rds/rdma: Clear rds_info_socket before use (Juan Garcia) [Orabug: 36613125] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-39276 CVE-2024-39301 CVE-2024-38567 CVE-2024-38637 CVE-2024-38558 CVE-2024-38598 CVE-2024-38578 CVE-2024-38661 CVE-2024-39471 CVE-2024-38618 CVE-2024-37353 CVE-2024-39292 CVE-2024-36015 CVE-2024-38601 CVE-2024-41090 CVE-2024-41091 CVE-2024-36270 CVE-2024-38780 CVE-2024-37356 CVE-2024-39489 CVE-2024-38549 CVE-2024-38552 CVE-2024-38599 CVE-2024-38583 CVE-2024-38659 CVE-2024-36286 CVE-2024-38582 CVE-2024-38559 CVE-2024-33621 CVE-2024-38579 CVE-2024-36971 CVE-2024-38621 CVE-2024-36288 CVE-2024-38627 CVE-2024-36014 CVE-2024-38612 CVE-2024-38633 CVE-2024-38634 CVE-2024-38635 CVE-2024-38589 CVE-2024-36016 CVE-2024-38565 CVE-2024-39467 CVE-2024-39480 CVE-2024-39503 CVE-2024-38615 CVE-2024-35976 CVE-2024-39488 CVE-2024-40916 CVE-2024-38596 CVE-2024-38560 CVE-2024-38613 cpe:/a:oracle:linux:8::UEKR6 Oracle Linux 7 [5.4.17-2136.334.6.el7] - loop: Fix a race between loop detach and loop open (Gulam Mohamed) [Orabug: 36197800] - x86/bhi: Do not enable unnecessary BHI mitigation in OCI and Exadata VMs (Alexandre Chartre) [Orabug: 36672495] - x86/bhi: Avoid warning in #DB handler due to BHI mitigation (Alexandre Chartre) [Orabug: 36642472] - wifi: wilc1000: fix ies_len type in connect path (Jozef Hopko) - net/mlx5e: drop shorter ethernet frames (Manjunath Patil) [Orabug: 36879157] {CVE-2024-41090} {CVE-2024-41091} [5.4.17-2136.334.5.el7] - Fix incorrect syntax in UEK6 OL8 kernel-uek.spec (Sherry Yang) [Orabug: 36847358] - rds/ib: decrement ib_rx_total_incs after releasing associated cache (Arumugam Kolappan) [Orabug: 36722026] [5.4.17-2136.334.4.el7] - Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ (Luiz Augusto von Dentz) - netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type (Jozsef Kadlecsik) - drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found (Marek Szyprowski) [5.4.17-2136.334.3.el7] - rds/rdma: Send info to userspace, even if connnection is down. (Juan Garcia) [Orabug: 36529562] - pci: add hotplug patch support for SOLIDIGM Aura10 AIC 0x025e:0x0b60 (Alan Adamson) [Orabug: 36762919] [5.4.17-2136.334.2.el7] - LTS tag: v5.4.278 (Alok Tiwari) - x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (Daniel J Blueman) - io_uring: fail NOP if non-zero op flags is passed in (Ming Lei) - nfs: fix undefined behavior in nfs_block_bits() (Sergey Shtylyov) - s390/ap: Fix crash in AP internal function modify_bitmap() (Harald Freudenberger) - ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (Baokun Li) - sparc: move struct termio to asm/termios.h (Mike Gilbert) - xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (Eric Dumazet) - net: fix __dst_negative_advice() race (Eric Dumazet) - kdb: Use format-specifiers rather than memset() for padding in kdb_read() (Daniel Thompson) - kdb: Merge identical case statements in kdb_read() (Daniel Thompson) - kdb: Fix console handling when editing and tab-completing commands (Daniel Thompson) - kdb: Use format-strings rather than '\0' injection in kdb_read() (Daniel Thompson) - kdb: Fix buffer overflow during tab-complete (Daniel Thompson) - sparc64: Fix number of online CPUs (Sam Ravnborg) - intel_th: pci: Add Meteor Lake-S CPU support (Alexander Shishkin) - net/9p: fix uninit-value in p9_client_rpc() (Nikita Zhandarovich) - net/ipv6: Fix route deleting failure when metric equals 0 (xu xin) - crypto: ecrdsa - Fix module auto-load on add_key (Vitaly Chikunov) - KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode (Marc Zyngier) - media: v4l2-core: hold videodev_lock until dev reg, finishes (Hans Verkuil) - media: mxl5xx: Move xpt structures off stack (Nathan Chancellor) - media: mc: mark the media devnode as registered from the, start (Hans Verkuil) - arm64: dts: hi3798cv200: fix the size of GICR (Yang Xiwen) - wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU (Bitterblue Smith) - arm64: tegra: Correct Tegra132 I2C alias (Krzysztof Kozlowski) - ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx (Christoffer Sandberg) - ata: pata_legacy: make legacy_exit() work again (Sergey Shtylyov) - drm/amdgpu: add error handle to avoid out-of-bounds (Bob Zhou) - media: lgdt3306a: Add a check against null-pointer-def (Zheyu Ma) - f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() (Chao Yu) - x86/mm: Remove broken vsyscall emulation code from the page fault code (Linus Torvalds) - nilfs2: fix use-after-free of timer for log writer thread (Ryusuke Konishi) - afs: Don't cross .backup mountpoint from backup volume (Marc Dionne) - mmc: core: Do not force a retune before RPMB switch (Jorge Ramirez-Ortiz) - binder: fix max_thread type inconsistency (Carlos Llamas) - SUNRPC: Fix loop termination condition in gss_free_in_token_pages() (Chuck Lever) - ALSA: timer: Set lower bound of start tick time (Takashi Iwai) - ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound (Yue Haibing) - spi: stm32: Don't warn about spurious interrupts (Uwe Kleine-Konig) - kconfig: fix comparison to constant symbols, 'm', 'n' (Masahiro Yamada) - netfilter: tproxy: bail out if IP has been disabled on the device (Florian Westphal) - net:fec: Add fec_enet_deinit() (Xiaolei Wang) - net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM (Parthiban Veerasooran) - smsc95xx: use usbnet->driver_priv (Andre Edich) - smsc95xx: remove redundant function arguments (Andre Edich) - enic: Validate length of nl attributes in enic_set_vf_port (Roded Zats) - dma-buf/sw-sync: don't enable IRQ from sync_print_obj() (Tetsuo Handa) - net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion (Carolina Jubran) - nvmet: fix ns enable/disable possible hang (Sagi Grimberg) - spi: Don't mark message DMA mapped when no transfer in it is (Andy Shevchenko) - netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (Eric Dumazet) - net: fec: avoid lock evasion when reading pps_enable (Wei Fang) - virtio: delete vq in vp_find_vqs_msix() when request_irq() fails (Jiri Pirko) - arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY (Jiangfeng Xiao) - openvswitch: Set the skbuff pkt_type for proper pmtud support. (Aaron Conole) - tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). (Kuniyuki Iwashima) - params: lift param_set_uint_minmax to common code (Sagi Grimberg) - ipv6: sr: fix memleak in seg6_hmac_init_algo (Hangbin Liu) - sunrpc: fix NFSACL RPC retry on soft mount (Dan Aloni) - x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y (Masahiro Yamada) - null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (Zhu Yanjun) - media: cec: cec-api: add locking in cec_release() (Hans Verkuil) - media: cec: cec-adap: always cancel work in cec_transmit_msg_fh (Hans Verkuil) - um: Fix the -Wmissing-prototypes warning for __switch_mm (Tiwei Bie) - powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp (Shrikanth Hegde) - scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (Azeem Shaikh) - media: stk1160: fix bounds checking in stk1160_copy_video() (Dan Carpenter) - um: Add winch to winch_handlers before registering winch IRQ (Roberto Sassu) - um: Fix return value in ubd_init() (Duoming Zhou) - drm/msm/dpu: Always flush the slave INTF on the CTL (Marijn Suijten) - Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation (Fenglin Wu) - Input: ims-pcu - fix printf string overflow (Arnd Bergmann) - libsubcmd: Fix parse-options memory leak (Ian Rogers) - serial: sh-sci: protect invalidating RXDMA on shutdown (Wolfram Sang) - f2fs: fix to release node block count in error path of f2fs_new_node_page() (Chao Yu) - extcon: max8997: select IRQ_DOMAIN instead of depending on it (Randy Dunlap) - ppdev: Add an error check in register_device (Huai-Yuan Liu) - ppdev: Remove usage of the deprecated ida_simple_xx() API (Christophe JAILLET) - stm class: Fix a double free in stm_register_device() (Dan Carpenter) - usb: gadget: u_audio: Clear uac pointer when freed. (Chris Wulff) - microblaze: Remove early printk call from cpuinfo-static.c (Michal Simek) - microblaze: Remove gcc flag for non existing early_printk.c file (Michal Simek) - iio: pressure: dps310: support negative temperature values (Thomas Haemmerle) - greybus: arche-ctrl: move device table to its right location (Arnd Bergmann) - serial: max3100: Fix bitwise types (Andy Shevchenko) - serial: max3100: Update uart_driver_registered on driver removal (Andy Shevchenko) - serial: max3100: Lock port->lock when calling uart_handle_cts_change() (Andy Shevchenko) - firmware: dmi-id: add a release callback function (Arnd Bergmann) - dmaengine: idma64: Add check for dma_set_max_seg_size (Chen Ni) - soundwire: cadence: fix invalid PDI offset (Pierre-Louis Bossart) - soundwire: cadence_master: improve PDI allocation (Bard Liao) - soundwire: intel: don't filter out PDI0/1 (Pierre-Louis Bossart) - soundwire: cadence/intel: simplify PDI/port mapping (Pierre-Louis Bossart) - greybus: lights: check return of get_channel_from_mode (Rui Miguel Silva) - sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level (Vitalii Bursov) - af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (Eric Dumazet) - netrom: fix possible dead-lock in nr_rt_ioctl() (Eric Dumazet) - RDMA/IPoIB: Fix format truncation compilation errors (Leon Romanovsky) - selftests/kcmp: remove unused open mode (Edward Liaw) - selftests/kcmp: Make the test output consistent and clear (Gautam Menghani) - SUNRPC: Fix gss_free_in_token_pages() (Chuck Lever) - sunrpc: removed redundant procp check (Aleksandr Aprelkov) - ext4: avoid excessive credit estimate in ext4_tmpfile() (Jan Kara) - x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map (Adrian Hunter) - RDMA/hns: Use complete parentheses in macros (Chengchang Tang) - drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector (Marek Vasut) - ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value (Steven Rostedt) - drm/arm/malidp: fix a possible null pointer dereference (Huai-Yuan Liu) - fbdev: sh7760fb: allow modular build (Randy Dunlap) - platform/x86: wmi: Make two functions static (YueHaibing) - media: radio-shark2: Avoid led_names truncations (Ricardo Ribalda) - media: ngene: Add dvb_ca_en50221_init return value check (Aleksandr Burakov) - fbdev: sisfb: hide unused variables (Arnd Bergmann) - powerpc/fsl-soc: hide unused const variable (Arnd Bergmann) - drm/mediatek: Add 0 size check to mtk_drm_gem_obj (Justin Green) - fbdev: shmobile: fix snprintf truncation (Arnd Bergmann) - mtd: rawnand: hynix: fixed typo (Maxim Korotkov) - drm/amd/display: Fix potential index out of bounds in color transformation function (Srinivasan Shanmugam) - ipv6: sr: fix invalid unregister error path (Hangbin Liu) - ipv6: sr: add missing seg6_local_exit (Hangbin Liu) - net: openvswitch: fix overwriting ct original tuple for ICMPv6 (Ilya Maximets) - net: usb: smsc95xx: stop lying about skb->truesize (Eric Dumazet) - af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (Breno Leitao) - net: ethernet: cortina: Locking fixes (Linus Walleij) - m68k: mac: Fix reboot hang on Mac IIci (Finn Thain) - m68k: Fix spinlock race in kernel thread creation (Michael Schmitz) - net: usb: sr9700: stop lying about skb->truesize (Eric Dumazet) - usb: aqc111: stop lying about skb->truesize (Eric Dumazet) - wifi: mwl8k: initialize cmd->addr[] properly (Dan Carpenter) - scsi: qedf: Ensure the copied buf is NUL terminated (Bui Quang Minh) - scsi: bfa: Ensure the copied buf is NUL terminated (Bui Quang Minh) - HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors (Chen Ni) - Revert 'sh: Handle calling csum_partial with misaligned data' (Guenter Roeck) - sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe() (Geert Uytterhoeven) - wifi: ar5523: enable proper endpoint verification (Nikita Zhandarovich) - wifi: carl9170: add a proper sanity check for endpoints (Nikita Zhandarovich) - macintosh/via-macii: Fix 'BUG: sleeping function called from invalid context' (Finn Thain) - tcp: avoid premature drops in tcp_add_backlog() (Eric Dumazet) - tcp: fix a signed-integer-overflow bug in tcp_add_backlog() (Lu Wei) - tcp: minor optimization in tcp_add_backlog() (Eric Dumazet) - wifi: ath10k: populate board data for WCN3990 (Dmitry Baryshkov) - wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() (Su Hui) - x86/purgatory: Switch to the position-independent small code model (Ard Biesheuvel) - scsi: hpsa: Fix allocation size for Scsi_Host private data (Yuri Karpov) - scsi: libsas: Fix the failure of adding phy with zero-address to port (Xingui Yang) - cpufreq: exit() callback is optional (Viresh Kumar) - cpufreq: Rearrange locking in cpufreq_remove_dev() (Rafael J. Wysocki) - cpufreq: Split cpufreq_offline() (Rafael J. Wysocki) - cpufreq: Reorganize checks in cpufreq_offline() (Rafael J. Wysocki) - ACPI: disable -Wstringop-truncation (Arnd Bergmann) - irqchip/alpine-msi: Fix off-by-one in allocation error path (Zenghui Yu) - scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL (Andrew Halaney) - scsi: ufs: core: Perform read back after disabling interrupts (Andrew Halaney) - scsi: ufs: cdns-pltfrm: Perform read back after writing HCLKDIV (Andrew Halaney) - scsi: ufs: qcom: Perform read back after writing reset bit (Andrew Halaney) - qed: avoid truncating work queue length (Arnd Bergmann) - wifi: ath10k: poll service ready message before failing (Baochen Qiang) - md: fix resync softlockup when bitmap size is less than array size (Yu Kuai) - null_blk: Fix missing mutex_destroy() at module removal (Zhu Yanjun) - jffs2: prevent xattr node from overflowing the eraseblock (Ilya Denisyev) - s390/cio: fix tracepoint subchannel type field (Peter Oberparleiter) - crypto: ccp - drop platform ifdef checks (Arnd Bergmann) - parisc: add missing export of __cmpxchg_u8() (Al Viro) - nilfs2: fix out-of-range warning (Arnd Bergmann) - ecryptfs: Fix buffer size for tag 66 packet (Brian Kubisiak) - firmware: raspberrypi: Use correct device for DMA mappings (Laurent Pinchart) - crypto: bcm - Fix pointer arithmetic (Aleksandr Mishin) - openpromfs: finish conversion to the new mount API (Eric Sandeen) - nvme: find numa distance only if controller has valid numa id (Nilay Shroff) - drm/amdkfd: Flush the process wq before creating a kfd_process (Lancelot SIX) - ASoC: da7219-aad: fix usage of device_get_named_child_node() (Pierre-Louis Bossart) - ASoC: dt-bindings: rt5645: add cbj sleeve gpio property (Derek Fang) - ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating (Derek Fang) - drm/amd/display: Set color_mgmt_changed to true on unsuspend (Joshua Ashton) - net: usb: qmi_wwan: add Telit FN920C04 compositions (Daniele Palmas) - wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class (Igor Artemiev) - nilfs2: fix potential hang in nilfs_detach_log_writer() (Ryusuke Konishi) - nilfs2: fix unexpected freezing of nilfs_segctor_sync() (Ryusuke Konishi) - net: smc91x: Fix m68k kernel compilation for ColdFire CPU (Thorsten Blum) - ring-buffer: Fix a race between readers and resize checks (Petr Pavlu) - tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (Daniel Starke) [5.4.17-2136.334.1.el7] - rds/rdma: Track rds_message in send, retrans and recv queue (Juan Garcia) [Orabug: 36529583] - xfs: make sure sb_fdblocks is non-negative (Wengang Wang) [Orabug: 36596998] - xfs: fix sb write verify for lazysbcount (Long Li) [Orabug: 36596998] - rds/rdma: Clear rds_info_socket before use (Juan Garcia) [Orabug: 36613125] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-36971 CVE-2024-36286 CVE-2024-38633 CVE-2024-38613 CVE-2024-38560 CVE-2024-36014 CVE-2024-39503 CVE-2024-35976 CVE-2024-39301 CVE-2024-37356 CVE-2024-38634 CVE-2024-38589 CVE-2024-38567 CVE-2024-38552 CVE-2024-38559 CVE-2024-38615 CVE-2024-39480 CVE-2024-38583 CVE-2024-39489 CVE-2024-38549 CVE-2024-38612 CVE-2024-38558 CVE-2024-40916 CVE-2024-39276 CVE-2024-39471 CVE-2024-36015 CVE-2024-39488 CVE-2024-38599 CVE-2024-38780 CVE-2024-38635 CVE-2024-38601 CVE-2024-38621 CVE-2024-38627 CVE-2024-41090 CVE-2024-38618 CVE-2024-39292 CVE-2024-38598 CVE-2024-38578 CVE-2024-38661 CVE-2024-38659 CVE-2024-38637 CVE-2024-38565 CVE-2024-38582 CVE-2024-41091 CVE-2024-39467 CVE-2024-38596 CVE-2024-38579 CVE-2024-36016 CVE-2024-36288 CVE-2024-33621 CVE-2024-36270 CVE-2024-37353 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 8 hivex libguestfs [1.44.0-9.0.2] - libguestfs.spec: Add btrfs-progs RPM to appliance [Orabug: 35634755] [1.44.0-9.0.1] - Replace upstream references from description tag - Config supermin to use host yum.conf in ol8 [Orabug: 29319324] - Set DISTRO_ORACLE_LINUX correspeonding to ol libguestfs-winsupport libiscsi libnbd [1.6.0-5.el8] - Fix CVE-2022-0485: Fail nbdcopy if NBD read or write fails resolves: rhbz#2045718 [1.6.0-4.el8] - Resolves: bz#2000225 (Rebase virt:rhel module:stream based on AV-8.6) [1.2.2] - Resolves: bz#1844296 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release) [1.2.2-1] - New stable release 1.2.2. [1.2.1-1] - New stable release 1.2.1. [1.2.0-1] - New stable release 1.2.0. [1.0.3-1] - New upstream version 1.0.3. - Contains fix for remote code execution vulnerability. - Add new libnbd-security(3) man page. [1.0.2-1] - New upstream version 1.0.2. - Remove patches which are upstream. - Contains fix for NBD Protocol Downgrade Attack (CVE-2019-14842). - Fix previous commit message. [1.0.1-2] - Add upstream patch to fix nbdsh (for nbdkit tests). - Fix interop tests on slow machines. [1.0.1-1] - New stable version 1.0.1. [1.0.0-1] - New upstream version 1.0.0. [0.9.9-2] - Rebuilt for Python 3.8 [0.9.9-1] - New upstream version 0.9.9. [0.9.8-4] - Fix nbdkit dependencies so we're actually running the tests. - Add glib2-devel BR so we build the glib main loop example. - Add upstream patch to fix test error: nbd_connect_unix: getlogin: No such device or address - Fix test failure on 32 bit. [0.9.8-3] - Bump and rebuild to fix releng brokenness. https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/2LIDI33G3IEIPYSCCIP6WWKNHY7XZJGQ/ [0.9.8-2] - Rebuilt for Python 3.8 [0.9.8-1] - New upstream version 0.9.8. - Package the new nbd_*(3) man pages. [0.9.7-1] - New upstream version 0.9.7. - Add libnbd-ocaml(3) man page. [0.9.6-2] - Add all upstream patches since 0.9.6 was released. - Package the ocaml bindings into a subpackage. [0.9.6-1] - New upstream verison 0.9.6. [0.1.9-1] - New upstream version 0.1.9. [0.1.8-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild [0.1.8-1] - New upstream version 0.1.8. [0.1.7-1] - New upstream version 0.1.7. [0.1.6-1] - New upstream version 0.1.6. [0.1.5-1] - New upstream version 0.1.5. [0.1.4-1] - New upstream version 0.1.4. [0.1.2-2] - Enable libxml2 for NBD URI support. [0.1.2-1] - New upstream version 0.1.2. [0.1.1-1] - Fix license in man pages and examples. - Add nbdsh(1) man page. - Include the signature and keyring even if validation is disabled. - Update devel subpackage license. - Fix old FSF address in Python tests. - Filter Python provides. - Remove executable permission on the tar.gz.sig file. - Initial release. libtpms libvirt [9.0.0-6.el8] - rpc: ensure temporary GSource is removed from client event loop (Daniel P. Berrange) [Orabug: 36821472] {CVE-2024-4418} - rpc: Don't warn about 'max_client_requests' in single-threaded daemons (Peter Krempa) [Orabug: 36422853] [9.0.0-5.el8] - Fix off-by-one error in udevListInterfacesByStatus (Martin Kletzander) [Orabug: 36364464] {CVE-2024-1441} [9.0.0-4.el8] - qemuProcessRefreshDisks: Extract update of a single disk (Peter Krempa) [Orabug: 35885348] - qemuProcessRefreshDisks: Properly compare tray status (Peter Krempa) [Orabug: 35885348] [9.0.0-3.el8] - storage: Fix returning of locked objects from 'virStoragePoolObjListSearch' (Peter Krempa) [Orabug: 35644221] {CVE-2023-3750} - virpci: Resolve leak in virPCIVirtualFunctionList cleanup (Tim Shearer) [Orabug: 35395469] {CVE-2023-2700} - qemuProcessRefreshDisks: Don't skip filling of disk information if tray state didn't change (Peter Krempa) [Orabug: 35636469] [9.0.0-2.el8] - qemu_migration: don't block migration for network hostdev (Joao Martins) - util: basic support for VFIO variant drivers (Laine Stump) [9.0.0-1.el8] - Update to libvirt 9.0.0 (Karl Heubaum) [7.10.0-2.el8] - remote: do not stop libvirtd after period of inactivity (Menno Lageman) [Orabug: 34069688] [7.10.0-1.el8] - Update to libvirt 7.10.0 (Wim ten Have) [7.9.0-1.el8] - Update to libvirt 7.9.0 (Wim ten Have) [5.7.0-31.el8] - qemu: Do not latch guestCPUs when guests hotplug with active domain groups (Wim ten Have) [Orabug: 33440015] [5.7.0-30.el8] - qemuDomainSnapshotDiskPrepareOne: Fix logic of relative backing store update (Peter Krempa) [Orabug: 33086913] - qemu: Don't set NVRAM label when creating it (Michal Privoznik) [Orabug: 33319048] - qemu: protect guestCPUs from drift under vcpu guest timeouts (Wim ten Have) [Orabug: 33368490] [5.7.0-29.el8] - qemu: vCORE distribution under vNUMA host partitioning should balance guests vCPU:pCPU pinning (Wim ten Have) [Orabug: 32355455] - qemuDomainSnapshotDiskPrepareOne: Don't load the relative path with blockdev (Peter Krempa) [Orabug: 33151464] - qemu: block: Support VIR_DOMAIN_BLOCK_COMMIT/PULL/REBASE_RELATIVE with blockdev (Peter Krempa) [Orabug: 33151464] - qemu: Tell secdrivers which images are top parent (Michal Privoznik) [Orabug: 33086913] - security: Introduce VIR_SECURITY_DOMAIN_IMAGE_PARENT_CHAIN_TOP flag (Michal Privoznik) [Orabug: 33086913] [5.7.0-28.el8] - qemu_capabilities: Rework domain caps cache (Michal Privoznik) [Orabug: 32664432] - tests: fix virArchFromHost() redefine error (Joe Jin) [Orabug: 32664432] - qemu: cache host arch separately from virCapsPtr (Daniel P. Berrange) [Orabug: 32664432] - cpu.c: Check properly for virCapabilitiesGetNodeInfo() retval (Michal Privoznik) [Orabug: 32664432] - virStorageSourceParseBackingJSONRaw: Parse 'offset' and 'size' attributes (Peter Krempa) [Orabug: 32164351] - tests: qemu: Add test data for the new <slice> element (Peter Krempa) [Orabug: 32164351] - qemu: Add support for slices of type 'storage' (Peter Krempa) [Orabug: 32164351] - tests: qemublock: Add cases for creating image overlays on top of disks with <slice> (Peter Krempa) [Orabug: 32164351] - qemu: block: Properly format storage slice into backing store strings (Peter Krempa) [Orabug: 32164351] - qemu: domain: Store nodenames of slice in status XML (Peter Krempa) [Orabug: 32164351] - conf: Implement support for <slices> of disk source (Peter Krempa) [Orabug: 32164351] - docs: Document the new <slices> sub-element of disk's <source> (Peter Krempa) [Orabug: 32164351] - qemu: block: forbid creation of storage sources with <slice> (Peter Krempa) [Orabug: 32164351] - qemuDomainValidateStorageSource: Reject unsupported slices (Peter Krempa) [Orabug: 32164351] - qemuBlockStorageSourceGetFormatRawProps: format 'offset' and 'size' for slice (Peter Krempa) [Orabug: 32164351] - util: virstoragefile: Add data structure for storing storage source slices (Peter Krempa) [Orabug: 32164351] - tests: virstorage: Add test data for json specified raw image with offset/size (Peter Krempa) [Orabug: 32164351] - docs: formatdomain: Close <source> on one of disk examples (Peter Krempa) [Orabug: 32164351] - qemu: domain: Refactor formatting of node names into status XML (Peter Krempa) [Orabug: 32164351] - tests: virstorage: Add test cases for 'json:' pseudo-URI without 'file' wrapper (Peter Krempa) [Orabug: 32164351] - virStorageSourceParseBackingJSON: Prevent arbitrary nesting with format drivers (Peter Krempa) [Orabug: 32164351] - virStorageSourceParseBackingJSON: Allow 'json:' pseudo URIs without 'file' wrapper (Peter Krempa) [Orabug: 32164351] - virStorageSourceJSONDriverParser: annotate 'format' drivers (Peter Krempa) [Orabug: 32164351] - virStorageSourceParseBackingJSON: Move deflattening of json: URIs out of recursion (Peter Krempa) [Orabug: 32164351] - virStorageSourceParseBackingJSON: Pass around original backing file string (Peter Krempa) [Orabug: 32164351] - qemu: enable blockdev support (Peter Krempa) [Orabug: 32164351] - qemu: Instantiate pflash via -machine when using blockdev (Peter Krempa) [Orabug: 32164351] - qemu: command: Build the 'pflash' drives via -machine (Peter Krempa) [Orabug: 32164351] - qemu: command: Build -blockdev-s for backing of pflash (Peter Krempa) [Orabug: 32164351] - qemu: domain: Introduce helper to convert <loader> into virStorageSource (Peter Krempa) [Orabug: 32164351] - qemu: domain: Store virStorageSources representing pflash backing (Peter Krempa) [Orabug: 32164351] - qemu: command: Extract formatting of -drive for pflash (Peter Krempa) [Orabug: 32164351] - qemu: capabilities: Add detection of the 'savevm' fix for -blockdev (Peter Krempa) [Orabug: 32164351] - qemu: qapi: Add support for command features (Peter Krempa) [Orabug: 32164351] - qemu: caps: Add capability for dynamic 'auto-read-only' support for files (Peter Krempa) [Orabug: 32164351] - tests: qemucapabilities: Refresh data for unreleased qemu-4.2 on x86_64 (Peter Krempa) [Orabug: 32164351] - qemu: caps: Base support of 'backingStoreInput' domain feature on QEMU_CAPS_BLOCKDEV (Peter Krempa) [Orabug: 32164351] - docs: Document support for obeying <backingStore> of <disk> on input (Peter Krempa) [Orabug: 32164351] - conf: domcaps: Add 'backingStoreInput' domain capability (Peter Krempa) [Orabug: 32164351] - qemu: domcaps: Simplify adding new domaincaps based on qemu caps (Peter Krempa) [Orabug: 32164351] - domaincaps: Store domain capability features in an array (Peter Krempa) [Orabug: 32164351] - qemu: domcaps: Initialize all features (Peter Krempa) [Orabug: 32164351] - domcaps: Add function for initializing domain caps as unsupported (Peter Krempa) [Orabug: 32164351] - conf: domaincaps: Use virXMLFormatElement in virDomainCapsFormatFeatures (Peter Krempa) [Orabug: 32164351] - conf: domaincaps: Extract formatting of the <features> subelement (Peter Krempa) [Orabug: 32164351] - conf: domaincaps: Replace FORMAT_SINGLE macro by a function (Peter Krempa) [Orabug: 32164351] - conf: capabilities: Modernize virCapabilitiesFormatMemoryBandwidth (Peter Krempa) [Orabug: 32164351] - conf: caps: Modernize virCapabilitiesFormatCaches (Peter Krempa) [Orabug: 32164351] - conf: turn virDomainMemtuneFormat void (Peter Krempa) [Orabug: 32164351] - conf: domain: Split up formatting of <memtune> and <memoryBacking> (Peter Krempa) [Orabug: 32164351] - conf: Rename virDomainCapsFeature to virDomainProcessCapsFeature (Peter Krempa) [Orabug: 32164351] - conf: storagecaps: Fix broken attempt at being const-correct (Peter Krempa) [Orabug: 32164351] - conf: domaincaps: Fix broken attempt at being const-correct (Peter Krempa) [Orabug: 32164351] - qemu: caps: Make capability filler functions void (Peter Krempa) [Orabug: 32164351] - util: buffer: Add init macro for automatically setting child XML indent (Peter Krempa) [Orabug: 32164351] - qemu: snapshot: Fix inactive external snapshots when backing chain is present (Peter Krempa) [Orabug: 32164351] - qemu: blockjob: Transfer 'readonly' state of images after active layer block commit (Peter Krempa) [Orabug: 32164351] - qemu: command: Use XML based disk bus convertor in error message (Peter Krempa) [Orabug: 32164351] - storagefile: Fill in meta->externalDataStore (Cole Robinson) [Orabug: 32164351] - storagefile: Add externalDataStore member (Cole Robinson) [Orabug: 32164351] - storagefile: Split out virStorageSourceNewFromChild (Cole Robinson) [Orabug: 32164351] - storagefile: Don't access backingStoreRaw directly in FromBackingRelative (Cole Robinson) [Orabug: 32164351] - storagefile: Fill in meta->externalDataStoreRaw (Cole Robinson) [Orabug: 32164351] - storagefile: Add externalDataStoreRaw member (Cole Robinson) [Orabug: 32164351] - storagefile: Fix backing format \0 check (Cole Robinson) [Orabug: 32164351] - storagefile: Rename qcow2GetExtensions 'format' argument (Cole Robinson) [Orabug: 32164351] - storagefile: Rename qcow2GetBackingStoreFormat (Cole Robinson) [Orabug: 32164351] - storagefile: Push extension_end calc to qcow2GetBackingStoreFormat (Cole Robinson) [Orabug: 32164351] - storagefile: Push 'start' into qcow2GetBackingStoreFormat (Cole Robinson) [Orabug: 32164351] - storagefile: Use qcowXGetBackingStore directly (Cole Robinson) [Orabug: 32164351] - storagefile: Drop now unused isQCow2 argument (Cole Robinson) [Orabug: 32164351] - storagefile: Check version to determine if qcow2 or not (Cole Robinson) [Orabug: 32164351] - storagefile: qcow1: Let qcowXGetBackingStore fill in format (Cole Robinson) [Orabug: 32164351] - storagefile: qcow1: Fix check for empty backing file (Cole Robinson) [Orabug: 32164351] - storagefile: qcow1: Check for BACKING_STORE_OK (Cole Robinson) [Orabug: 32164351] - qemu: snapshot: Don't update current snapshot until we're done (Peter Krempa) [Orabug: 32164351] - qemu: block: Replace snapshot transaction action generator (Peter Krempa) [Orabug: 32164351] - tests: qemumonitor: Add testing for the 'transaction' command and generators (Peter Krempa) [Orabug: 32164351] - qemu: monitor: Add transaction generators for snapshot APIs (Peter Krempa) [Orabug: 32164351] - qemu: monitor: Add transaction generators for dirty bitmap APIs (Peter Krempa) [Orabug: 32164351] - tests: qemucapabilities: fix 4.2.0 qemucapabilities (Joe Jin) [Orabug: 32164351] - qemu: checkpoint: Do ACL check prior to snapshot interlocking (Peter Krempa) [Orabug: 32164351] - qemu: driver: Remove misplaced qemuDomainObjEndJob in qemuDomainCheckpointGetXMLDesc (Peter Krempa) [Orabug: 32164351] - conf: Drop pointless 'domain' argument from virDomainSnapshotRedefinePrep (Peter Krempa) [Orabug: 32164351] - conf: Drop pointless 'domain' argument from virDomainCheckpointRedefinePrep (Peter Krempa) [Orabug: 32164351] - tests: qemucapabilities: Update caps of qemu-4.1 to released version (Peter Krempa) [Orabug: 32164351] - tests: add qemu capabilities data for qemu 4.2 (Peter Krempa) [Orabug: 32164351] - lxc: fix compile error (Joe Jin) [Orabug: 32164351] - qemu: driver: Remove QEMU_ADD_BLOCK_PARAM_LL macro (Peter Krempa) [Orabug: 32164351] - qemu: driver: Don't return anything from qemuDomainBlockStatsGatherTotals (Peter Krempa) [Orabug: 32164351] - qemu: driver: Remove pointless macro QEMU_BLOCK_STAT_TOTAL (Peter Krempa) [Orabug: 32164351] - qemu: monitor: Change fields in qemuBlockStats to 'unsigned' (Peter Krempa) [Orabug: 32164351] - qemu: monitor: Refactor cleanup in qemuMonitorJSONGetAllBlockStatsInfo (Peter Krempa) [Orabug: 32164351] - qemu: monitor: Refactor cleanup in qemuMonitorJSONGetOneBlockStatsInfo (Peter Krempa) [Orabug: 32164351] - qemu: monitor: Refactor cleanup in qemuMonitorJSONBlockStatsCollectData (Peter Krempa) [Orabug: 32164351] - qemu: Remove stale comment for qemuDomainBlockStats (Peter Krempa) [Orabug: 32164351] - qemu_blockjob: Remove secdriver metadata for whole backing chain on job completion (Michal Privoznik) [Orabug: 32164351] - qemu: hotplug: Use VIR_AUTOFREE() instead VIR_FREE for strings (Daniel Henrique Barboza) [Orabug: 32164351] - qemu: snapshot: Do ACL check prior to checkpoint interlocking (Peter Krempa) [Orabug: 32164351] - qemuCheckDiskConfigAgainstDomain: Validate disk's SCSI address iff disk is SCSI (Xu Yandong) [Orabug: 32164351] - qemuSharedDeviceEntryRemove: Free domain name before VIR_DELETE_ELEMENT (Xu Yandong) [Orabug: 32164351] - qemu_capabilities: Temporarily disable dbus-vmstate capability (Michal Privoznik) [Orabug: 32164351] - Revert 'qemu: add socket datagram capability' (Michal Privoznik) [Orabug: 32164351] - tests: qemustatusxml2xml: Fix disk target mess (Peter Krempa) [Orabug: 32164351] - snapshot: Store both config and live XML in the snapshot domain (Maxiwell S. Garcia) [Orabug: 32164351] - qemu: formatting XML from domain def choosing the root name (Maxiwell S. Garcia) [Orabug: 32164351] - qemu: Don't leak domain def when RevertToSnapshot fails (Jiri Denemark) [Orabug: 32164351] - qemu: Fix regression in snapshot-revert (Eric Blake) [Orabug: 32164351] - lib: Define and use autofree for virConfPtr (Michal Privoznik) [Orabug: 32164351] - qemu_conf: Use more of VIR_AUTOUNREF() (Michal Privoznik) [Orabug: 32164351] - qemu_conf: Use more of VIR_AUTOFREE() (Michal Privoznik) [Orabug: 32164351] - qemu_conf: Drop a pair of needless 'cleanup' labels (Michal Privoznik) [Orabug: 32164351] - virhostdev: Don't unref @pcidevs twice (Michal Privoznik) [Orabug: 32164351] - qemu_conf.c: introduce qemuAddRemoveSharedDeviceInternal (Daniel Henrique Barboza) [Orabug: 32164351] - qemu_conf.c: introduce qemuAddRemoveSharedDiskInternal (Daniel Henrique Barboza) [Orabug: 32164351] - qemu_conf.c: introduce qemuAddRemoveSharedHostdevInternal (Daniel Henrique Barboza) [Orabug: 32164351] - remote: fix UNIX socket path being incorrectly built for libvirtd (eater) [Orabug: 32164351] - lib: Grab write lock when modifying list of domains (Michal Privoznik) [Orabug: 32164351] - qemu: reset VM id after external devices stop (Marc-Andre Lureau) [Orabug: 32164351] - qemu: add dbus-vmstate capability (Marc-Andre Lureau) [Orabug: 32164351] - qemu: add socket datagram capability (Marc-Andre Lureau) [Orabug: 32164351] - tests: fix xml2xml tpm-emulator.xml test (Marc-Andre Lureau) [Orabug: 32164351] - qemu: migration: Switch to blockdev mode for non-shared storage migration (Peter Krempa) [Orabug: 32164351] - qemu: migration: Refactor cleanup in qemuMigrationSrcNBDStorageCopy (Peter Krempa) [Orabug: 32164351] - qemu: migration: Refactor cleanup in qemuMigrationSrcNBDStorageCopyBlockdev (Peter Krempa) [Orabug: 32164351] - qemu: Defer support checks for external active snapshots to blockdev code or qemu (Peter Krempa) [Orabug: 32164351] - qemu: Add -blockdev support for external snapshots (Peter Krempa) [Orabug: 32164351] - qemu: snapshot: Skip overlay file creation/interogation if unsupported (Peter Krempa) [Orabug: 32164351] - qemu: Merge use of 'reuse' flag in qemuDomainSnapshotDiskPrepareOne (Peter Krempa) [Orabug: 32164351] - qemu: Disband qemuDomainSnapshotCreateSingleDiskActive (Peter Krempa) [Orabug: 32164351] - qemu: snapshot: Rename external disk snapshot handling functions (Peter Krempa) [Orabug: 32164351] - qemu: snapshot: Move error preservation to qemuDomainSnapshotDiskDataCleanup (Peter Krempa) [Orabug: 32164351] - qemu: snapshot: Save status and config XMLs only on success (Peter Krempa) [Orabug: 32164351] - qemu: snapshot: Fix image lock handling when taking a snapshot (Peter Krempa) [Orabug: 32164351] - qemu: driver: Fix shallow non-reuse block copy (Peter Krempa) [Orabug: 32164351] - qemu: Explicitly pass backing store to qemuBuildStorageSourceChainAttachPrepareBlockdevTop (Peter Krempa) [Orabug: 32164351] - qemu: block: explicitly pass backing store to qemuBlockStorageSourceAttachPrepareBlockdev (Peter Krempa) [Orabug: 32164351] - qemu: command: Refactor qemuBuildStorageSourceChainAttachPrepareBlockdevInternal (Peter Krempa) [Orabug: 32164351] - qemu: block: Explicitly specify backingStore when creating format layer props (Peter Krempa) [Orabug: 32164351] - qemu: block: Unify conditions to format backing store of format node definition (Peter Krempa) [Orabug: 32164351] - qemu: Prevent storage causing too much nested XML (Peter Krempa) [Orabug: 32164351] - qemu: domain: Refactor cleanup in qemuDomainDetermineDiskChain (Peter Krempa) [Orabug: 32164351] - qemu: hotplug: Setup disk throttling with blockdev (Peter Krempa) [Orabug: 32164351] - qemu: hotplug: Use VIR_AUTOFREE in qemuDomainAttachDiskGeneric (Peter Krempa) [Orabug: 32164351] - qemu: hotplug: Simplify cleanup in qemuDomainChangeMediaLegacy (Peter Krempa) [Orabug: 32164351] - qemu: Fix qemuDomainObjTaint with virtlogd (Jiri Denemark) [Orabug: 32164351] - qemu: monitor: Fix formatting of 'offset' in qemuMonitorJSONSaveMemory (Peter Krempa) [Orabug: 32164351] - tests: qemublock: Use bigger numbers as dummy capacity/physical (Peter Krempa) [Orabug: 32164351] - qemu: block: Use correct type when creating image size JSON entries (Peter Krempa) [Orabug: 32164351] - Exadata: protect vNUMA/SMT from artificially injected faults (Wim ten Have) [Orabug: 32708041] - virnetserver: fix some memory leaks in virNetTLSContextReloadForServer (Jin Yan) - virt-admin: Introduce command srv-update-tls (Zhang Bo) [Orabug: 32768102] - admin: Introduce virAdmServerUpdateTlsFiles (Zhang Bo) [Orabug: 32768102] - tls: Add a mutex lock on 'tlsCtxt' (Zhang Bo) [Orabug: 32768102] - virnetserver: Introduce virNetServerUpdateTlsFiles (Zhang Bo) [Orabug: 32768102] [5.7.0-27.el8] - Exadata: protect libvirt hugepage acquisition from QEMU async init (Wim ten Have) [Orabug: 32561685] [5.7.0-26.el8] - exadata: Fix autonomous hugepage acquisition barrier hang (Wim ten Have) [Orabug: 32537538] - exadata: Fix CPU Packing when out of pCPUs (Wim ten Have) [Orabug: 32527311] [5.7.0-25.el8] - exadata: force a host CPUs reserved pCPU threshold (Wim ten Have) [Orabug: 32516090] [5.7.0-24.el8] - exadata: Add configurable libvirtd mlockall support (Wim ten Have) [Orabug: 32479237] - exadata: hint a configurable number of memory init threads to qemu (Wim ten Have) [Orabug: 32460334] - Exadata: domain group should allow for asymmetric creation (Wim ten Have) [Orabug: 32060622] [5.7.0-23.el8] - util: remove unneeded cleanup labels (Wim ten Have) [Orabug: 32399255] - virnuma: Don't work around numa_node_to_cpus() for non-existent nodes (Wim ten Have) [Orabug: 32379098] [5.7.0-22.el8] - build: add dependency to help patch tooling (Menno Lageman) [Orabug: 32284540] - Exadata: fix active guest dgroup-delete requests (Wim ten Have) [Orabug: 32095306] - Exadata: fix a rogue Domain Groups dgroup-undefine flaw (Wim ten Have) [Orabug: 31945084] [2.7.0-21.el8] - exadata: Fix the validation when defining domain groups (Wim ten Have) [Orabug: 32085856] - qemu: improve error message when guest vcpu count exceeds domain group limit (Menno Lageman) [Orabug: 31985111] - qemu: Autonomous hugepage acquisition for 2-MiB and 1-GiB guest memoryBacking (Wim ten Have) - qemu: Fix a qemuMemReleaseHostHugepages state error (Wim ten Have) [Orabug: 32069203] - qemu: avoid guest CPU process handling if exadataConfig is disabled (Wim ten Have) [Orabug: 32053696] - domain_conf: Relax SCSI addr used check (Michal Privoznik) [Orabug: 31386162] - domain_conf: Make virDomainDeviceFindSCSIController accept virDomainDeviceDriveAddress struct (Michal Privoznik) [Orabug: 31386162] - qemu: remove use of qemuDomainObjBeginJobWithAgent() (Jonathon Jongsma) [Orabug: 31990187] {CVE-2019-20485} - qemu: agent: set ifname to NULL after freeing (Jan Tomko) [Orabug: 31964426] {CVE-2020-25637} - rpc: require write acl for guest agent in virDomainInterfaceAddresses (Jan Tomko) [Orabug: 31964426] {CVE-2020-25637} - rpc: add support for filtering @acls by uint params (Jan Tomko) [Orabug: 31964426] {CVE-2020-25637} - rpc: gendispatch: handle empty flags (Jan Tomko) [Orabug: 31964426] {CVE-2020-25637} [5.7.0-19.el8] - qemu: Verify use of hugepages when releasing its acquired status (Wim ten Have) [Orabug: 31839035] - qemu: Autonomous hugepages acquisition and release (Wim ten Have) [Orabug: 31367986] [5.7.0-17.el8] - qemu: Fix cpu boundary checks when starting or configuring guest domains. (Wim ten Have) [Orabug: 31469231] - libvirt: Allocate max possible CPUs for QEMU to prepare guest memory (Wim ten Have) [Orabug: 31064560] [5.7.0-16.el8] - qemu: format 'x-aw-bits' on intel-iommu command line (Menno Lageman) - qemu: format address wdith on intel-iommu command line (Menno Lageman) - conf: add address width attribute to iommu (Menno Lageman) - tests: add tests for host-phys-bits KVM feature (Menno Lageman) [Orabug: 31354547] - qemu: support host-phys-bits KVM feature (Menno Lageman) [Orabug: 31374547] - storage: Fix daemon crash on lookup storagepool by targetpath (Yi Li) [Orabug: 31439483] {CVE-2020-10703} [5.7.0-15.el8] - qemu: Escape the qemu driver systemd DOT hoax (Wim ten Have) [Orabug: 31380815] [5.7.0-14.el8] - vmx: make 'fileName' optional for CD-ROMs (Pino Toscano) [Orabug: 31350200] - vmx: shortcut earlier few 'ignore' cases in virVMXParseDisk() (Pino Toscano) [Orabug: 31350200] - domain group: Fix a potential SEGV while restoring guest domains (Wim ten Have) [Orabug: 31285615] - cpu_map: Distinguish Cascadelake-Server from Skylake-Server (Jiri Denemark) [Orabug: 31214897] - cpu_map: Add more -noTSX x86 CPU models (Christian Ehrhardt) [Orabug: 31214897] - qemuDomainGetStatsIOThread: Don't leak array with 0 iothreads (Peter Krempa) [Orabug: 31251756] {CVE-2020-12430} [5.7.0-13.el8] - domain groups: Fix multiple Domain Group vCPU administration flaws (Wim ten Have) [Orabug: 31145304] - qemu: fix missing #if defined(ENABLE_EXADATA) (Menno Lageman) - build: Fix qemu-submodule-init syntax-check issue (Wim ten Have) - libvirt: Fix various introduced Fedora/RHEL build violations (Wim ten Have) [Orabug: 31143337] - qemu: don't hold both jobs for suspend (Jonathon Jongsma) [Orabug: 31073098] {CVE-2019-20485} - domain groups: qemu driver error refers to pCPUs instead of vCPUs (Wim ten Have) [Orabug: 31075757] - node_device_conf: Don't leak @physical_function in virNodeDeviceGetPCISRIOVCaps (Jiang Kun) [Orabug: 31070337] [5.7.0-12.el8] - libvirt: vNUMA automatic host paritioning allows erroneous vcpu settings (Wim ten Have) [Orabug: 31050313] - remote: do not stop libvirtd after period of inactivity (Menno Lageman) [Orabug: 31003707] - remote: do not use socket activation by default (Menno Lageman) [Orabug: 31003707] - qemu driver: handle targetNode under memory hot-plug operations (Wim ten Have) [Orabug: 31009716] - domain groups: refresh dgbase host capabilities prior to defining a new group (Wim ten Have) [Orabug: 31026069] - domain groups: Always cleanup system.slice controlled hugepage reservations (Wim ten Have) [Orabug: 31025853] - domain groups: Enable DGs upon fresh groups arrival (Wim ten Have) [Orabug: 31021247] - domain groups: Skip undefined domain groups when validating lists (Wim ten Have) [Orabug: 31030117] [5.7.0-11.el8] - domain groups: Add functionality to control NUMA node alignment (Wim ten Have) [Orabug: 30988105] - domain groups: A rename should always update active and config domain definitions (Wim ten Have) [Orabug: 30999730] [5.7.0-10.el8] - domain groups: refresh dgbase depending host capabilities before rendering the cpuguestmask (Wim ten Have) [Orabug: 30987361] - conf: domain group validation errors should print correct group info (Menno Lageman) [Orabug: 30988428] - qemu: reserve hugepages when memoryBacking when live attaching memory (Wim ten Have) [Orabug: 30985510] - domain groups: avoid virDomainGroupInit if exadataConfig is disabled (Wim ten Have) [Orabug: 30985907] [5.7.0-9.el8] - vNUMA: distinguish standard and vNUMA memory 'setmaxmem' operations (Wim ten Have) [Orabug: 30894536] [5.7.0-8.el8] - domain groups: End Of BETA (Wim ten Have) - domaingroups: ExaData Domain Groups POC (Wim ten Have) - domaingroup: preliminary virsh support for domain groups - drop #4 (Menno Lageman) - tests: add various tests to exercise vNUMA host partitioning (Wim ten Have) [Orabug: 29720293] - qemu: driver changes for new vNUMA Host and Nodeset partitioning (Wim ten Have) [Orabug: 29720293] - XML definitions for guest vNUMA and parsing routines (Wim ten Have) [Orabug: 29720293] - Revert 'exadata: can not configure shared memory hosted disk devices for vhostmd.service' (Menno Lageman) - qemu: Forcibly mknod() even if it exists (Michal Privoznik) [5.7.0-5.el8] - exadata: can not configure shared memory hosted disk devices for vhostmd.service (Menno Lageman) [Orabug: 30598065] [5.7.0-4.el8] - build: skip copyright check for gnulib (Menno Lageman) - Revert 'network: pull global chain init into separate method' (Menno Lageman) [Orabug: 30611188] - Revert 'network: add more debugging of firewall chain creation' (Menno Lageman) [Orabug: 30611188] - Revert 'network: delay global firewall setup if no networks are running' (Menno Lageman) [Orabug: 30611188] - qemu-submodule-init: Add Git submodule init script (Karl Heubaum) [Orabug: 30796221] [5.7.0-3.el8] - Add VMware esx support (Menno Lageman) [Orabug: 30449929] [5.7.0-2.el8] - enable VMware hypervisor driver libvirt-dbus [1.3.0-2.el8] - Resolves: bz#2000225 (Rebase virt:rhel module:stream based on AV-8.6) [1.3.0] - Resolves: bz#1810193 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release) [1.2.0-3] - Rebuild all virt packages to fix RHEL's upgrade path - Resolves: rhbz#1695587 (Ensure modular RPM upgrade path) [1.2.0-2] - util: fix virtDBusUtilDecodeUUID (rhbz#1647823) [1.2.0-1] - Rebased to libvirt-dbus-1.2.0 (rhbz#1630196) [1.0.0-1] - Rebase from Fedora libvirt-python [9.0.0-6.el8] - Update to libvirt 9.0.0-6 (Karl Heubaum) [9.0.0-5.el8] - Update to libvirt 9.0.0-5 (Karl Heubaum) [9.0.0-4.el8] - Update to libvirt 9.0.0-4 (Karl Heubaum) [9.0.0-3.el8] - Update to libvirt 9.0.0-3 (Karl Heubaum) [9.0.0-2.el8] - Update to libvirt 9.0.0-2 (Karl Heubaum) [9.0.0-1.el8] - Update to 9.0.0 release (Karl Heubaum) [7.10.0-2.el8] - Update version number to match libvirt 7.10.0-2 (Karl Heubaum) [7.10.0-1.el8] - Update to 7.10.0 release (Karl Heubaum) [7.9.0] - Update to 7.9.0 release (Karl Heubaum) nbdkit netcf perl-Sys-Virt qemu-kvm [7.2.0-15.el8] - migration: abort on destination if switchover limit exceeded (Elena Ufimtseva) - migration: introduce strict switchover SLA (Elena Ufimtseva) - migration: add error to MigrationIncomingState (Elena Ufimtseva) - migration: Set migration status early in incoming side (Fabiano Rosas) - tests/qtest: migration: Use migrate_incoming_qmp where appropriate (Fabiano Rosas) - tests/qtest: migration: Add migrate_incoming_qmp helper (Fabiano Rosas) - tests/qtest: migration: Expose migrate_set_capability (Fabiano Rosas) - vfio/migration: Multifd device state transfer support - send side (Maciej S. Szmigiero) - vfio/migration: Add x-orcl-migration-multifd-transfer VFIO property (Maciej S. Szmigiero) - vfio/migration: Multifd device state transfer support - receive side (Maciej S. Szmigiero) - migration/multifd: Add migration_has_device_state_support() (Maciej S. Szmigiero) - migration/multifd: Device state transfer support - send side (Maciej S. Szmigiero) - migration/multifd: Convert multifd_send_pages::next_channel to atomic (Maciej S. Szmigiero) - migration/multifd: Device state transfer support - receive side (Maciej S. Szmigiero) - migration: Add load_finish handler and associated functions (Maciej S. Szmigiero) - migration: Add qemu_loadvm_load_state_buffer() and its handler (Maciej S. Szmigiero) - migration: Add save_live_complete_precopy_{begin,end} handlers (Maciej S. Szmigiero) - migration/multifd: Zero p->flags before starting filling a packet (Maciej S. Szmigiero) - migration/ram: Add load start trace event (Maciej S. Szmigiero) - vfio/migration: Add save_{iterate,complete_precopy}_started trace events (Maciej S. Szmigiero) - hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs (Philippe Mathieu-Daude) [Orabug: 36869694] {CVE-2024-3446} - hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs (Philippe Mathieu-Daude) [Orabug: 36869694] {CVE-2024-3446} - hw/display/virtio-gpu: Protect from DMA re-entrancy bugs (Philippe Mathieu-Daude) [Orabug: 36869694] {CVE-2024-3446} - hw/virtio: Introduce virtio_bh_new_guarded() helper (Philippe Mathieu-Daude) [Orabug: 36869694] {CVE-2024-3446} - pcie_sriov: Validate NumVFs (Akihiko Odaki) [Orabug: 36314082] {CVE-2024-26327} - hw/nvme: Use pcie_sriov_num_vfs() (Akihiko Odaki) [Orabug: 36314111] {CVE-2024-26328} - pcie: Introduce pcie_sriov_num_vfs (Akihiko Odaki) [Orabug: 36314111] {CVE-2024-26328} - qcow2: Don't open data_file with BDRV_O_NO_IO (Kevin Wolf) [Orabug: 36801853] {CVE-2024-4467} - target/i386: drop AMD machine check bits from Intel CPUID (Paolo Bonzini) [Orabug: 36785079] - target/i386: pass X86CPU to x86_cpu_get_supported_feature_word (Paolo Bonzini) [Orabug: 36785079] - migration: prevent migration when VM has poisoned memory (William Roche) [Orabug: 35533097] - i386: Add support for overflow recovery (John Allen) [Orabug: 34691766] - i386: Add support for SUCCOR feature (John Allen) [Orabug: 34691766] - i386: Fix MCE support for AMD hosts (John Allen) [Orabug: 34691766] [7.2.0-13.el8] - vfio/migration: Enhance VFIO migration state tracing (Avihai Horon) - vfio/migration: Don't emit STOP_COPY VFIO migration QAPI event twice (Avihai Horon) - vfio/migration: Emit VFIO migration QAPI event (Avihai Horon) - qapi/vfio: Add VFIO migration QAPI event (Avihai Horon) - migration/multifd: solve zero page causing multiple page faults (Yuan Liu) [Orabug: 36727051] - multifd: Add the ramblock to MultiFDRecvParams (Lukas Straub) [Orabug: 36727051] - migration: Fix qmp_query_migrate mbps value (Fabiano Rosas) [Orabug: 36727104] - migration: Allow user to specify available switchover bandwidth (Peter Xu) [Orabug: 35636284] - migration/dirtyrate: Fix precision losses and g_usleep overshoot (Andrei Gudkov) [Orabug: 36727091] - Use new created qemu_target_pages_to_MiB() (Juan Quintela) [Orabug: 36727091] - softmmu: Create qemu_target_pages_to_MiB() (Juan Quintela) [Orabug: 36727091] - migration/calc-dirty-rate: replaced CRC32 with xxHash (Andrei Gudkov) [Orabug: 36727063] - migration/multifd: Enable multifd zero page checking by default. (Hao Xiang) [Orabug: 34131170] - migration/multifd: Implement ram_save_target_page_multifd to handle multifd version of MigrationOps::ram_save_target_page. (Hao Xiang) [Orabug: 34131170] - migration/multifd: Implement zero page transmission on the multifd thread. (Hao Xiang) [Orabug: 34131170] - migration/multifd: Add new migration option zero-page-detection. (Hao Xiang) [Orabug: 34131170] - migration: Make ram_save_target_page() a pointer (Juan Quintela) [Orabug: 34131170] - migration: Yield bitmap_mutex properly when sending/sleeping (Peter Xu) [Orabug: 34131170] - migration/multifd: Add a synchronization point for channel creation (Fabiano Rosas) [Orabug: 34131170] - migration/multifd: Unify multifd and TLS connection paths (Fabiano Rosas) [Orabug: 34131170] - migration/multifd: Move multifd_send_setup into migration thread (Fabiano Rosas) [Orabug: 34131170] - migration/multifd: Move multifd_send_setup error handling in to the function (Fabiano Rosas) [Orabug: 34131170] - migration/multifd: Remove p->running (Fabiano Rosas) [Orabug: 34131170] - migration/multifd: Optimize sender side to be lockless (Peter Xu) [Orabug: 34131170] - migration/multifd: Join the TLS thread (Fabiano Rosas) [Orabug: 34131170] - migration/multifd: Fix MultiFDSendParams.packet_num race (Peter Xu) [Orabug: 34131170] - migration/multifd: Stick with send/recv on function names (Peter Xu) [Orabug: 34131170] - migration/multifd: Cleanup multifd_load_cleanup() (Peter Xu) [Orabug: 34131170] - migration/multifd: Cleanup multifd_save_cleanup() (Peter Xu) [Orabug: 34131170] - migration/multifd: Rewrite multifd_queue_page() (Peter Xu) [Orabug: 34131170] - migration/multifd: Change retval of multifd_send_pages() (Peter Xu) [Orabug: 34131170] - migration/multifd: Change retval of multifd_queue_page() (Peter Xu) [Orabug: 34131170] - migration/multifd: Split multifd_send_terminate_threads() (Peter Xu) [Orabug: 34131170] - migration/multifd: Forbid spurious wakeups (Peter Xu) [Orabug: 34131170] - migration/multifd: Move header prepare/fill into send_prepare() (Peter Xu) [Orabug: 34131170] - migration/multifd: multifd_send_prepare_header() (Peter Xu) [Orabug: 34131170] - migration/multifd: Move trace_multifd_send|recv() (Peter Xu) [Orabug: 34131170] - migration/multifd: Move total_normal_pages accounting (Peter Xu) [Orabug: 34131170] - migration/multifd: Rename p->num_packets and clean it up (Peter Xu) [Orabug: 34131170] - migration/multifd: Drop pages->num check in sender thread (Peter Xu) [Orabug: 34131170] - migration/multifd: Simplify locking in sender thread (Peter Xu) [Orabug: 34131170] - migration/multifd: Separate SYNC request with normal jobs (Peter Xu) [Orabug: 34131170] - migration/multifd: Drop MultiFDSendParams.normal[] array (Peter Xu) [Orabug: 34131170] - migration/multifd: Postpone reset of MultiFDPages_t (Peter Xu) [Orabug: 34131170] - migration/multifd: Remove MultiFDPages_t::packet_num (Fabiano Rosas) [Orabug: 34131170] - migration/multifd: Drop MultiFDSendParams.quit, cleanup error paths (Peter Xu) [Orabug: 34131170] - migration/multifd: multifd_send_kick_main() (Peter Xu) [Orabug: 34131170] - migration/multifd: Fix leaking of Error in TLS error flow (Avihai Horon) [Orabug: 34131170] - migration/ram: Merge save_zero_page functions (Fabiano Rosas) [Orabug: 34131170] - migration/ram: Move xbzrle zero page handling into save_zero_page (Fabiano Rosas) [Orabug: 34131170] - migration/multifd: Stop setting p->ioc before connecting (Fabiano Rosas) [Orabug: 34131170] - migration: Centralize BH creation and dispatch (Fabiano Rosas) [Orabug: 34131170] - migration: Add a wrapper to qemu_bh_schedule (Fabiano Rosas) [Orabug: 34131170] - migration: Remove transferred atomic counter (Juan Quintela) [Orabug: 35636284] - migration: Use migration_transferred_bytes() (Juan Quintela) [Orabug: 35636284] - migration: migration_rate_limit_reset() don't need the QEMUFile (Juan Quintela) [Orabug: 35636284] - migration: migration_transferred_bytes() don't need the QEMUFile (Juan Quintela) [Orabug: 35636284] - multifd: reset next_packet_len after sending pages (Elena Ufimtseva) [Orabug: 35636284] - multifd: fix counters in multifd_send_thread (Elena Ufimtseva) [Orabug: 35636284] - migration/multifd: Compute transferred bytes correctly (Juan Quintela) [Orabug: 35636284] - migration: check for rate_limit_max for RATE_LIMIT_DISABLED (Elena Ufimtseva) [Orabug: 35636284] - migration: Use the number of transferred bytes directly (Juan Quintela) [Orabug: 35636284] - qemu_file: Use a stat64 for qemu_file_transferred (Juan Quintela) [Orabug: 35636284] - migration: set file error on subsection loading (Marc-Andre Lureau) [Orabug: 35636284] - migration: Receiving a zero page non zero is an error (Juan Quintela) [Orabug: 35636284] - migration/multifd: Stop checking p->quit in multifd_send_thread (Fabiano Rosas) [Orabug: 35636284] - migration/multifd: Clarify Error usage in multifd_channel_connect (Fabiano Rosas) [Orabug: 35636284] - multifd: cleanup the function multifd_channel_connect (Li Zhang) [Orabug: 35636284] - migration/multifd: Unify multifd_send_thread error paths (Fabiano Rosas) [Orabug: 35636284] - migration: Non multifd migration don't care about multifd flushes (Juan Quintela) [Orabug: 35636284] - migration: fix RAMBlock add NULL check (Dmitry Frolov) [Orabug: 35829153] - migration: We don't need the field rate_limit_used anymore (Juan Quintela) [Orabug: 35636284] - migration: Use migration_transferred_bytes() to calculate rate_limit (Juan Quintela) [Orabug: 35636284] - migration: Add a trace for migration_transferred_bytes (Juan Quintela) [Orabug: 35636284] - migration: Move migration_total_bytes() to migration-stats.c (Juan Quintela) [Orabug: 35636284] - qemu-file: Remove total from qemu_file_total_transferred_*() (Juan Quintela) [Orabug: 35636284] - migration: Move rate_limit_max and rate_limit_used to migration_stats (Juan Quintela) [Orabug: 35636284] - qemu-file: Account for rate_limit usage on qemu_fflush() (Juan Quintela) [Orabug: 35636284] - migration: Don't use INT64_MAX for unlimited rate (Juan Quintela) [Orabug: 35636284] - qemu-file: Make rate_limit_used an uint64_t (Juan Quintela) [Orabug: 35636284] - qemu-file: make qemu_file_[sg]et_rate_limit() use an uint64_t (Juan Quintela) [Orabug: 35636284] - migration: We set the rate_limit by a second (Juan Quintela) [Orabug: 35829153] - migration: A rate limit value of 0 is valid (Juan Quintela) [Orabug: 35636284] - qemu-file: Make ram_control_save_page() use accessors for rate_limit (Juan Quintela) [Orabug: 35636284] - qemu-file: Make total_transferred an uint64_t (Juan Quintela) [Orabug: 35636284] - qemu-file: No need to check for shutdown in qemu_file_rate_limit (Juan Quintela) [Orabug: 35636284] - migration: Document all migration_stats (Juan Quintela) [Orabug: 35636284] - multifd: We already account for this packet on the multifd thread (Juan Quintela) [Orabug: 35636284] - migration: Make dirty_bytes_last_sync atomic (Juan Quintela) [Orabug: 35636284] - migration: Make dirty_pages_rate atomic (Juan Quintela) [Orabug: 35636284] - stat64: Add stat64_set() operation (Paolo Bonzini) [Orabug: 35636284] - multifd: Only flush once each full round of memory (Juan Quintela) [Orabug: 35636284] - migration: Make find_dirty_block() return a single parameter (Juan Quintela) [Orabug: 35636284] - migration: Simplify ram_find_and_save_block() (Juan Quintela) [Orabug: 35636284] - multifd: Protect multifd_send_sync_main() calls (Juan Quintela) [Orabug: 35636284] - multifd: Create property multifd-flush-after-each-section (Juan Quintela) [Orabug: 35636284] - multifd: Fix the number of channels ready (Juan Quintela) [Orabug: 35636284] - migration: Rename normal to normal_pages (Juan Quintela) [Orabug: 35636284] - migration: Rename duplicate to zero_pages (Juan Quintela) [Orabug: 35636284] - migration: Make dirty_sync_count atomic (Juan Quintela) [Orabug: 35636284] - migration: Make downtime_bytes atomic (Juan Quintela) [Orabug: 35636284] - migration: Make precopy_bytes atomic (Juan Quintela) [Orabug: 35636284] - migration: Make dirty_sync_missed_zero_copy atomic (Juan Quintela) [Orabug: 35636284] - migration: Make multifd_bytes atomic (Juan Quintela) [Orabug: 35636284] - migration: Update atomic stats out of the mutex (Juan Quintela) [Orabug: 35636284] - migration: Merge ram_counters and ram_atomic_counters (Juan Quintela) [Orabug: 35636284] - migration/multifd: correct multifd_send_thread to trace the flags (Wei Wang) [Orabug: 35636284] - ram: Document migration ram flags (Juan Quintela) [Orabug: 35636284] - migration: Calculate ram size once (Juan Quintela) [Orabug: 35636284] - multifd: Fix a race on reading MultiFDPages_t.block (Zhenzhong Duan) [Orabug: 35636284] - migration: Use atomic ops properly for page accountings (Peter Xu) [Orabug: 35636284] - migration: Export ram_release_page() (Juan Quintela) [Orabug: 35636284] - migration: Export ram_transferred_ram() (Juan Quintela) [Orabug: 35636284] - multifd: Create page_count fields into both MultiFD{Recv,Send}Params (Juan Quintela) [Orabug: 35636284] - multifd: Create page_size fields into both MultiFD{Recv,Send}Params (Juan Quintela) [Orabug: 35636284] - migration: Fix migration_channel_read_peek() error path () (Avihai Horon) [Orabug: 36726827] - migration/multifd: Remove error_setg() in migration_ioc_process_incoming() (Avihai Horon) [Orabug: 36726827] - migration: Refactor migration_incoming_setup() (Avihai Horon) [Orabug: 36726827] - migration: check magic value for deciding the mapping of channels (manish.mishra) [Orabug: 36726827] - io: Add support for MSG_PEEK for socket channel (manish.mishra) [Orabug: 36726827] - hw/sd/sdhci: Do not update TRNMOD when Command Inhibit (DAT) is set (hilippe Mathieu-Daude) [Orabug: 36575206] {CVE-2024-3447} - block: lock AioContext in bdrv_replace_child_noperm() when in non-coroutine context (Mark Kanda) [Orabug: 36514180] - hw/scsi/scsi-generic: Fix io_timeout property not applying (Lorenz Brun) [Orabug: 36637684] - target/i386/monitor: synchronize cpu state for lapic info (Dongli Zhang) [Orabug: 36607747] - qemu_init: increase NOFILE soft limit on POSIX (Fiona Ebner) [Orabug: 36416389] [7.2.0-11.el8] - vfio/migration: Add a note about migration rate limiting (Avihai Horon) [Orabug: 36329758] - vfio/migration: Refactor vfio_save_state() return value (Avihai Horon) [Orabug: 36329758] - migration: Don't serialize devices in qemu_savevm_state_iterate() (Avihai Horon) [Orabug: 36329758] - ui/clipboard: add asserts for update and request (Fiona Ebner) [Orabug: 36323175] {CVE-2023-6683} - ui/clipboard: mark type as not available when there is no data (Fiona Ebner) [Orabug: 36323175] {CVE-2023-6683} - virtio-net: correctly copy vnet header when flushing TX (Jason Wang) [Orabug: 36154459] {CVE-2023-6693} - esp: restrict non-DMA transfer length to that of available data (Mark Cave-Ayland) [Orabug: 36322141] {CVE-2024-24474} - vhost: Perform memory section dirty scans once per iteration (Si-Wei Liu) - vhost: dirty log should be per backend type (Si-Wei Liu) - net: Update MemReentrancyGuard for NIC (Akihiko Odaki) [Orabug: 35644197] {CVE-2023-3019} - net: Provide MemReentrancyGuard * to qemu_new_nic() (Akihiko Odaki) [Orabug: 35644197] {CVE-2023-3019} - lsi53c895a: disable reentrancy detection for MMIO region, too (Thomas Huth) [Orabug: 33774027] {CVE-2021-3750} - memory: stricter checks prior to unsetting engaged_in_io (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - async: avoid use-after-free on re-entrancy guard (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - apic: disable reentrancy detection for apic-msi (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - raven: disable reentrancy detection for iomem (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - bcm2835_property: disable reentrancy detection for iomem (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - lsi53c895a: disable reentrancy detection for script RAM (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - hw: replace most qemu_bh_new calls with qemu_bh_new_guarded (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - checkpatch: add qemu_bh_new/aio_bh_new checks (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - async: Add an optional reentrancy guard to the BH API (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - memory: prevent dma-reentracy issues (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - hw/acpi: propagate vcpu hotplug after switch to modern interface (Aaron Young) - migration: Fix use-after-free of migration state object (Fabiano Rosas) [Orabug: 36242218] - kvm: Fix crash due to access uninitialized kvm_state (Gavin Shan) [Orabug: 36269244] - migration: Avoid usage of static variable inside tracepoint (Joao Martins) - migration: Add tracepoints for downtime checkpoints (Peter Xu) - migration: migration_stop_vm() helper (Peter Xu) - migration: Add per vmstate downtime tracepoints (Peter Xu) - migration: Add migration_downtime_start|end() helpers (Peter Xu) - migration: Set downtime_start even for postcopy (Peter Xu) - hv-balloon: implement pre-Glib 2.68 compatibility (Maciej S. Szmigiero) - hw/i386/pc: Support hv-balloon (Maciej S. Szmigiero) - qapi: Add HV_BALLOON_STATUS_REPORT event and its QMP query command (Maciej S. Szmigiero) - qapi: Add query-memory-devices support to hv-balloon (Maciej S. Szmigiero) - Add Hyper-V Dynamic Memory Protocol driver (hv-balloon) hot-add support (Maciej S. Szmigiero) - Add Hyper-V Dynamic Memory Protocol driver (hv-balloon) base (Maciej S. Szmigiero) - Add Hyper-V Dynamic Memory Protocol definitions (Maciej S. Szmigiero) - memory-device: Drop size alignment check (David Hildenbrand) - memory-device: Support empty memory devices (David Hildenbrand) - memory,vhost: Allow for marking memory device memory regions unmergeable (David Hildenbrand) - memory: Clarify mapping requirements for RamDiscardManager (David Hildenbrand) - memory-device,vhost: Support automatic decision on the number of memslots (David Hildenbrand) - vhost: Add vhost_get_max_memslots() (David Hildenbrand) - kvm: Add stub for kvm_get_max_memslots() (David Hildenbrand) - memory-device,vhost: Support memory devices that dynamically consume memslots (David Hildenbrand) - memory-device: Track required and actually used memslots in DeviceMemoryState (David Hildenbrand) - stubs: Rename qmp_memory_device.c to memory_device.c (David Hildenbrand) - memory-device: Support memory devices with multiple memslots (David Hildenbrand) - vhost: Return number of free memslots (David Hildenbrand) - kvm: Return number of free memslots (David Hildenbrand) - vhost: Remove vhost_backend_can_merge() callback (David Hildenbrand) - vhost: Rework memslot filtering and fix 'used_memslot' tracking (David Hildenbrand) - virtio-md-pci: New parent type for virtio-mem-pci and virtio-pmem-pci (David Hildenbrand) - migration/ram: Expose ramblock_is_ignored() as migrate_ram_is_ignored() (David Hildenbrand) - virtio-mem: Skip most of virtio_mem_unplug_all() without plugged memory (David Hildenbrand) - softmmu/physmem: Warn with ram_block_discard_range() on MAP_PRIVATE file mapping (David Hildenbrand) - memory-device: Track used region size in DeviceMemoryState (David Hildenbrand) - memory-device: Refactor memory_device_pre_plug() (David Hildenbrand) - hw/i386/pc: Remove PC_MACHINE_DEVMEM_REGION_SIZE (David Hildenbrand) - hw/i386/acpi-build: Rely on machine->device_memory when building SRAT (David Hildenbrand) - hw/i386/pc: Use machine_memory_devices_init() (David Hildenbrand) - hw/loongarch/virt: Use machine_memory_devices_init() (David Hildenbrand) - hw/ppc/spapr: Use machine_memory_devices_init() (David Hildenbrand) - hw/arm/virt: Use machine_memory_devices_init() (David Hildenbrand) - memory-device: Introduce machine_memory_devices_init() (David Hildenbrand) - memory-device: Unify enabled vs. supported error messages (David Hildenbrand) - hw/scsi/scsi-disk: Disallow block sizes smaller than 512 [CVE-2023-42467] (Thomas Huth) [Orabug: 35808564] {CVE-2023-42467} - tests/qtest: ahci-test: add test exposing reset issue with pending callback (Fiona Ebner) [Orabug: 35977245] {CVE-2023-5088} - hw/ide: reset: cancel async DMA operation before resetting state (Fiona Ebner) [Orabug: 35977245] {CVE-2023-5088} [7.2.0-7.el8] - vfio/common: Probe type1 iommu dirty tracking support (Joao Martins) [Orabug: 36024839] - vfio/common: Allow disabling device dirty page tracking (Joao Martins) [Orabug: 36024839] [7.2.0-6.el8] - hw/smbios: Fix core count in type4 (Zhao Liu) [Orabug: 35869694] - hw/smbios: Fix thread count in type4 (Zhao Liu) [Orabug: 35869694] - hw/smbios: Fix smbios_smp_sockets caculation (Zhao Liu) [Orabug: 35869694] - machine: Add helpers to get cores/threads per socket (Zhao Liu) [Orabug: 35869694] - migration/multifd: Move load_cleanup inside incoming_state_destroy (Leonardo Bras) [Orabug: 35829153] - migration/multifd: Join all multifd threads in order to avoid leaks (Leonardo Bras) [Orabug: 35829153] - migration/multifd: Remove unnecessary assignment on multifd_load_cleanup() (Leonardo Bras) [Orabug: 35829153] - migration/multifd: Change multifd_load_cleanup() signature and usage (Leonardo Bras) [Orabug: 35829153] - vfio/migration: Block VFIO migration with background snapshot (Avihai Horon) - vfio/migration: Block VFIO migration with postcopy migration (Avihai Horon) - migration: Add .save_prepare() handler to struct SaveVMHandlers (Avihai Horon) - migration: Move more initializations to migrate_init() (Avihai Horon) - vfio/migration: Fail adding device with enable-migration=on and existing blocker (Avihai Horon) - migration: Add migration prefix to functions in target.c (Avihai Horon) - vfio/migration: Allow migration of multiple P2P supporting devices (Avihai Horon) - vfio/migration: Add P2P support for VFIO migration (Avihai Horon) - vfio/migration: Refactor PRE_COPY and RUNNING state checks (Joao Martins) - qdev: Add qdev_add_vm_change_state_handler_full() (Avihai Horon) - sysemu: Add prepare callback to struct VMChangeStateEntry (Avihai Horon) - vfio/migration: Move from STOP_COPY to STOP in vfio_save_cleanup() (Avihai Horon) - hw/vfio: Add number of dirty pages to vfio_get_dirty_bitmap tracepoint (Joao Martins) - exec/ram_addr: Return number of dirty pages in cpu_physical_memory_set_dirty_lebitmap() (Joao Martins) - migration: fix populate_vfio_info (Steve Sistare) - vfio/migration: Revert out of tree P2P support (Joao Martins) - async: clarify usage of barriers in the polling case (Paolo Bonzini) [Orabug: 35871058] - async: update documentation of the memory barriers (Paolo Bonzini) [Orabug: 35871058] - physmem: add missing memory barrier (Paolo Bonzini) [Orabug: 35871058] - qemu-coroutine-lock: add smp_mb__after_rmw() (Paolo Bonzini) [Orabug: 35871058] - aio-wait: switch to smp_mb__after_rmw() (Paolo Bonzini) [Orabug: 35871058] - edu: add smp_mb__after_rmw() (Paolo Bonzini) [Orabug: 35871058] - qemu-thread-win32: cleanup, fix, document QemuEvent (Paolo Bonzini) [Orabug: 35871058] - qemu-thread-posix: cleanup, fix, document QemuEvent (Paolo Bonzini) [Orabug: 35871058] - qatomic: add smp_mb__before/after_rmw() (Paolo Bonzini) [Orabug: 35871058] - dump: kdump-zlib data pages not dumped with pvtime/aarch64 (Dongli Zhang) [Orabug: 35777876] - hw/smbios: fix field corruption in type 4 table (Julia Suvorova) [Orabug: 35756216] - kvm: Atomic memslot updates (David Hildenbrand) [Orabug: 35728782] - KVM: keep track of running ioctls (Emanuele Giuseppe Esposito) [Orabug: 35728782] - accel: introduce accelerator blocker API (Emanuele Giuseppe Esposito) [Orabug: 35728782] [7.2.0-5.el8] - virtio-crypto: verify src&dst buffer length for sym request (zhenwei pi) [Orabug: 35683774] {CVE-2023-3180} - io: remove io watch if TLS channel is closed during handshake (Daniel P. Berrange) [Orabug: 35683826] {CVE-2023-3354} - ui/vnc-clipboard: fix infinite loop in inflate_buffer (CVE-2023-3255) (Mauro Matteo Cascella) [Orabug: 35683770] {CVE-2023-3255} - hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330) (Thomas Huth) [Orabug: 35683817] {CVE-2023-0330} - vhost-vdpa: do not cleanup the vdpa/vhost-net structures if peer nic is present (Ani Sinha) [Orabug: 35649138] {CVE-2023-3301} - qmp-regdump: use QMP command 'query-cpus-fast' (Mark Kanda) [7.2.0-4.el8] - vfio/migration: Allow migration of multiple P2P supporting devices (Avihai Horon) - vfio/migration: Add P2P support for VFIO migration (Avihai Horon) - sysemu: Add pre VM state change callback (Avihai Horon) - vfio/migration: Refactor PRE_COPY and RUNNING state checks (Joao Martins) - vfio/common: Add an option to relax vIOMMU usage (Joao Martins) - virtio-rng-pci: fix transitional migration compat for vectors (David Alan Gilbert) [Orabug: 35595177] - virtio-rng-pci: fix migration compat for vectors (David Alan Gilbert) [Orabug: 35595177] - vfio: Fix null pointer dereference bug in vfio_bars_finalize() (Avihai Horon) - vfio/migration: Return bool type for vfio_migration_realize() (Zhenzhong Duan) - vfio/migration: Remove print of 'Migration disabled' (Zhenzhong Duan) - vfio/migration: Free resources when vfio_migration_realize fails (Zhenzhong Duan) - vfio/migration: Change vIOMMU blocker from global to per device (Zhenzhong Duan) - vfio/pci: Disable INTx in vfio_realize error path (Zhenzhong Duan) - vfio/pci: Free leaked timer in vfio_realize error path (Zhenzhong Duan) - vfio/pci: Fix a segfault in vfio_realize (Zhenzhong Duan) - vfio/migration: Make VFIO migration non-experimental (Avihai Horon) - vfio/migration: Reset bytes_transferred properly (Avihai Horon) - vfio/pci: Call vfio_prepare_kvm_msi_virq_batch() in MSI retry path (Shameer Kolothum) - vfio/migration: Add support for switchover ack capability (Avihai Horon) - vfio/migration: Add VFIO migration pre-copy support (Avihai Horon) - vfio/migration: Store VFIO migration flags in VFIOMigration (Avihai Horon) - vfio/migration: Refactor vfio_save_block() to return saved data size (Avihai Horon) - tests: Add migration switchover ack capability test (Avihai Horon) - migration: Enable switchover ack capability (Avihai Horon) - migration: Implement switchover ack logic (Avihai Horon) - migration: Add switchover ack capability (Avihai Horon) - target/i386: Add EPYC-Genoa model to support Zen 4 processor series (Babu Moger) [Orabug: 35555649] - target/i386: Add VNMI and automatic IBRS feature bits (Babu Moger) [Orabug: 35555649] - target/i386: Add missing feature bits in EPYC-Milan model (Babu Moger) [Orabug: 35555649] - target/i386: Add feature bits for CPUID_Fn80000021_EAX (Babu Moger) [Orabug: 35555649] - target/i386: Add a couple of feature bits in 8000_0008_EBX (Babu Moger) [Orabug: 35555649] - target/i386: Add new EPYC CPU versions with updated cache_info (Michael Roth) [Orabug: 35555649] - target/i386: allow versioned CPUs to specify new cache_info (Michael Roth) [Orabug: 35555649] - target/i386/kvm: get and put AMD pmu registers (Dongli Zhang) [Orabug: 35562155] - Makefile: qemu-bundle is a directory (Juan Quintela) - 9pfs: prevent opening special files (CVE-2023-2861) (Christian Schoenebeck) [Orabug: 35570017] {CVE-2023-2861} - pcie: Do not update hotplugged device power in RUN_STATE_INMIGRATE state (Annie Li) [Orabug: 33642532] - pcie: Do not set power state for some hot-plugged devices (Annie Li) [Orabug: 33642532] - pc: q35: Bump max_cpus to 1024 (Suravee Suthikulpanit) [Orabug: 35425619] [7.2.0-3.el8] - vfio/migration: Skip log_sync during migration SETUP state (Avihai Horon) - migration: fix ram_state_pending_exact() (Juan Quintela) - spec: allow have_tools 0 (Steve Sistare) - spec: allow no block device modules (Steve Sistare) - qemu-kvm.spec: fix Linux io_uring support (Mark Kanda) - hw/intc/ioapic: Update KVM routes before redelivering IRQ, on RTE update (David Woodhouse) - oslib-posix: fix uninitialized var in wait_mem_prealloc() (Mark Kanda) - vfio/migration: Rename entry points (Alex Williamson) - docs/devel: Document VFIO device dirty page tracking (Avihai Horon) - vfio/migration: Query device dirty page tracking support (Joao Martins) - vfio/migration: Block migration with vIOMMU (Joao Martins) - vfio/common: Add device dirty page bitmap sync (Joao Martins) - vfio/common: Extract code from vfio_get_dirty_bitmap() to new function (Avihai Horon) - vfio/common: Add device dirty page tracking start/stop (Joao Martins) - vfio/common: Record DMA mapped IOVA ranges (Joao Martins) - vfio/common: Add helper to consolidate iova/end calculation (Joao Martins) - vfio/common: Consolidate skip/invalid section into helper (Joao Martins) - vfio/common: Use a single tracepoint for skipped sections (Joao Martins) - vfio/common: Add helper to validate iova/end against hostwin (Joao Martins) - vfio/common: Add VFIOBitmap and alloc function (Avihai Horon) - vfio/common: Abort migration if dirty log start/stop/sync fails (Avihai Horon) - vfio/common: Fix wrong %m usages (Avihai Horon) - vfio/common: Fix error reporting in vfio_get_dirty_bitmap() (Avihai Horon) - docs/devel: Align VFIO migration docs to v2 protocol (Avihai Horon) - vfio: Alphabetize migration section of VFIO trace-events file (Avihai Horon) - vfio/migration: Remove VFIO migration protocol v1 (Avihai Horon) - vfio/migration: Implement VFIO migration protocol v2 (Avihai Horon) - vfio/migration: Rename functions/structs related to v1 protocol (Avihai Horon) - vfio/migration: Move migration v1 logic to vfio_migration_init() (Avihai Horon) - vfio/migration: Block multiple devices migration (Avihai Horon) - vfio/common: Change vfio_devices_all_running_and_saving() logic to equivalent one (Avihai Horon) - vfio/migration: Allow migration without VFIO IOMMU dirty tracking support (Avihai Horon) - vfio/migration: Fix NULL pointer dereference bug (Avihai Horon) - linux-headers: Update to v6.2-rc8 (Avihai Horon) - migration/qemu-file: Add qemu_file_get_to_fd() (Avihai Horon) - migration: Rename res_{postcopy,precopy}_only (Juan Quintela) - migration: Remove unused res_compatible (Juan Quintela) - migration: In case of postcopy, the memory ends in res_postcopy_only (Juan Quintela) - migration: I messed state_pending_exact/estimate (Juan Quintela) - linux-headers: Update to v6.1 (Peter Xu) - migration: simplify migration_iteration_run() (Juan Quintela) - migration: Remove unused threshold_size parameter (Juan Quintela) - migration: Split save_live_pending() into state_pending_* (Juan Quintela) - migration: No save_live_pending() method uses the QEMUFile parameter (Juan Quintela) - Revert 'virtio-scsi: Send 'REPORTED LUNS CHANGED' sense data upon disk hotplug events' (Karl Heubaum) [Orabug: 35161059] - oslib-posix: initialize backend memory objects in parallel (Mark Kanda) [Orabug: 32555402] - oslib-posix: refactor memory prealloc threads (Mark Kanda) [Orabug: 32555402] - qemu-kvm.spec: vhost-user is conditional (Steve Sistare) - qemu-kvm.spec: libseccomp is conditional (Steve Sistare) [7.2.0-1.el8] - vl: Add an -action option to override MCE handling (Mark Kanda) - hw/arm/virt: build SMBIOS 19 table (Mihai Carabas) - virtio-net-pci: Don't use 'efi-virtio.rom' on AArch64 (Mark Kanda) - migration: increase listening socket backlog (Elena Ufimtseva) - virtio: Set PCI subsystem vendor ID to Oracle (Karl Heubaum) - Update to QEMU 7.2.0 (Karl Heubaum) [6.1.1-4.el8] - display/qxl-render: fix race condition in qxl_cursor (CVE-2021-4207) (Mauro Matteo Cascella) [Orabug: 34591445] {CVE-2021-4207} - ui/cursor: fix integer overflow in cursor_alloc (CVE-2021-4206) (Mauro Matteo Cascella) [Orabug: 34591281] {CVE-2021-4206} - scsi/lsi53c895a: really fix use-after-free in lsi_do_msgout (CVE-2022-0216) (Mauro Matteo Cascella) [Orabug: 34590706] {CVE-2022-0216} - scsi/lsi53c895a: fix use-after-free in lsi_do_msgout (CVE-2022-0216) (Mauro Matteo Cascella) [Orabug: 34590706] {CVE-2022-0216} - tests/qtest: Add fuzz-lsi53c895a-test (Philippe Mathieu-Daude) [Orabug: 34590706] {CVE-2022-0216} - hw/scsi/lsi53c895a: Do not abort when DMA requested and no data queued (Philippe Mathieu-Daude) [Orabug: 34590706] {CVE-2022-0216} - virtio-net: fix map leaking on error during receive (Jason Wang) [Orabug: 34538375] {CVE-2022-26353} - vfio: defer to commit kvm irq routing when enable msi/msix (Mike Longpeng) [Orabug: 34528963] - Revert 'vfio: Avoid disabling and enabling vectors repeatedly in VFIO migration' (Mike Longpeng) [Orabug: 34528963] - vfio: simplify the failure path in vfio_msi_enable (Mike Longpeng) [Orabug: 34528963] - vfio: move re-enabling INTX out of the common helper (Mike Longpeng) [Orabug: 34528963] - vfio: simplify the conditional statements in vfio_msi_enable (Mike Longpeng) [Orabug: 34528963] - kvm/msi: do explicit commit when adding msi routes (Mike Longpeng) [Orabug: 34528963] - kvm-irqchip: introduce new API to support route change (Mike Longpeng) [Orabug: 34528963] - event_notifier: handle initialization failure better (Maxim Levitsky) [Orabug: 34528963] - virtio-net: don't handle mq request in userspace handler for vhost-vdpa (Si-Wei Liu) - vhost-vdpa: change name and polarity for vhost_vdpa_one_time_request() (Si-Wei Liu) - vhost-vdpa: backend feature should set only once (Si-Wei Liu) - vhost-net: fix improper cleanup in vhost_net_start (Si-Wei Liu) - vhost-vdpa: fix improper cleanup in net_init_vhost_vdpa (Si-Wei Liu) - virtio-net: align ctrl_vq index for non-mq guest for vhost_vdpa (Si-Wei Liu) - virtio-net: setup vhost_dev and notifiers for cvq only when feature is negotiated (Si-Wei Liu) - virtio: fix the condition for iommu_platform not supported (Halil Pasic) - vdpa: Make ncs autofree (Eugenio Perez) - vhost-vdpa: make notifiers _init()/_uninit() symmetric (Laurent Vivier) - hw/virtio: vdpa: Fix leak of host-notifier memory-region (Laurent Vivier) - vhost-vdpa: stick to -errno error return convention (Roman Kagan) - vdpa: Add dummy receive callback (Eugenio Perez) - vdpa: Check for existence of opts.vhostdev (Eugenio Perez) - vdpa: Replace qemu_open_old by qemu_open at (Eugenio Perez) - vhost: Fix last vq queue index of devices with no cvq (Eugenio Perez) - vhost: Rename last_index to vq_index_end (Eugenio Perez) - net/vhost-vdpa: fix memory leak in vhost_vdpa_get_max_queue_pairs() (Stefano Garzarella) - vhost-vdpa: Set discarding of RAM broken when initializing the backend (David Hildenbrand) - vhost-vdpa: multiqueue support (Jason Wang) - virtio-net: vhost control virtqueue support (Jason Wang) - vhost: record the last virtqueue index for the virtio device (Jason Wang) - virtio-net: use 'queue_pairs' instead of 'queues' when possible (Jason Wang) - vhost-net: control virtqueue support (Jason Wang) - net: introduce control client (Jason Wang) - vhost-vdpa: let net_vhost_vdpa_init() returns NetClientState * (Jason Wang) - vhost-vdpa: prepare for the multiqueue support (Jason Wang) - vhost-vdpa: classify one time request (Jason Wang) - vhost-vdpa: open device fd in net_init_vhost_vdpa() (Jason Wang) - vdpa: Check for iova range at mappings changes (Eugenio Perez) - vdpa: Add vhost_vdpa_section_end (Eugenio Perez) - net/vhost-vdpa: Fix device compatibility check (Kevin Wolf) - net/vhost-user: Fix device compatibility check (Kevin Wolf) - net: Introduce NetClientInfo.check_peer_type() (Kevin Wolf) - memory: Name all the memory listeners (Peter Xu) - vhost-vdpa: remove the unncessary queue_index assignment (Jason Wang) - vhost-vdpa: fix the wrong assertion in vhost_vdpa_init() (Jason Wang) - vhost-vdpa: tweak the error label in vhost_vdpa_add() (Jason Wang) - vhost-vdpa: fix leaking of vhost_net in vhost_vdpa_add() (Jason Wang) - vhost-vdpa: don't cleanup twice in vhost_vdpa_add() (Jason Wang) - vhost-vdpa: remove the unnecessary check in vhost_vdpa_add() (Jason Wang) - vhost_net: do not assume nvqs is always 2 (Jason Wang) - vhost: use unsigned int for nvqs (Jason Wang) - vhost_net: remove the meaningless assignment in vhost_net_start_one() (Jason Wang) - vhost-vdpa: correctly return err in vhost_vdpa_set_backend_cap() (Jason Wang) - vhost-vdpa: remove unused variable 'acked_features' (Jason Wang) - vhost: correctly detect the enabling IOMMU (Jason Wang) - virtio-pci: implement iommu_enabled() (Jason Wang) - virtio-bus: introduce iommu_enabled() (Jason Wang) - hw/virtio: Fix leak of host-notifier memory-region (Yajun Wu) - vhost-vdpa: Do not send empty IOTLB update batches (Eugenio Perez) - target/i386/kvm: Fix disabling MPX on '-cpu host' with MPX-capable host (Maciej S. Szmigiero) [Orabug: 33528615] [6.1.1-3.el8] - acpi: pcihp: pcie: set power on cap on parent slot (Igor Mammedov) [Orabug: 33984018] [Orabug: 33995665] - pcie: expire pending delete (Gerd Hoffmann) [Orabug: 33984018] [Orabug: 33995665] - pcie: fast unplug when slot power is off (Gerd Hoffmann) [Orabug: 33984018] [Orabug: 33995665] - pcie: factor out pcie_cap_slot_unplug() (Gerd Hoffmann) [Orabug: 33984018] [Orabug: 33995665] - pcie: add power indicator blink check (Gerd Hoffmann) [Orabug: 33984018] [Orabug: 33995665] - pcie: implement slot power control for pcie root ports (Gerd Hoffmann) [Orabug: 33984018] [Orabug: 33995665] - pci: implement power state (Gerd Hoffmann) [Orabug: 33984018] [Orabug: 33995665] - tests: bios-tables-test update expected blobs (Igor Mammedov) [Orabug: 33984018] [Orabug: 33995665] - hw/i386/acpi-build: Deny control on PCIe Native Hot-plug in _OSC (Julia Suvorova) [Orabug: 33984018] [Orabug: 33995665] - bios-tables-test: Allow changes in DSDT ACPI tables (Julia Suvorova) [Orabug: 33984018] [Orabug: 33995665] - hw/acpi/ich9: Add compat prop to keep HPC bit set for 6.1 machine type (Julia Suvorova) [Orabug: 33984018] [Orabug: 33995665] [6.1.1-2.el8] - vhost-vsock: detach the virqueue element in case of error (Stefano Garzarella) [Orabug: 33941752] {CVE-2022-26354} - qemu_regdump.py/qmp-regdump: Switch to Python 3 (Karl Heubaum) - block/mirror: fix NULL pointer dereference in mirror_wait_on_conflicts() (Stefano Garzarella) [Orabug: 33916572] {CVE-2021-4145} [6.1.1-1.el8] - virtio-net-pci: Don't use 'efi-virtio.rom' on AArch64 (Mark Kanda) - migration: increase listening socket backlog (Elena Ufimtseva) - virtio: Set PCI subsystem vendor ID to Oracle (Karl Heubaum) - virtiofsd: Drop membership of all supplementary groups (CVE-2022-0358) (Vivek Goyal) [Orabug: 33816690] {CVE-2022-0358} - acpi: validate hotplug selector on access (Michael S. Tsirkin) [Orabug: 33816625] {CVE-2021-4158} - Update to QEMU 6.1.1 (Karl Heubaum) [4.2.1.15.el8] - qemu-kvm.spec: Add support for reading vmdk, vhdx, vpc, https, and ssh disk image formats from qemu-kvm (Karl Heubaum) [Orabug: 33741340] - Document CVE-2021-4158 and CVE-2021-3947 as fixed (Mark Kanda) [Orabug: 33719302] [Orabug: 33754145] {CVE-2021-4158} {CVE-2021-3947} - hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196 (Philippe Mathieu-Daude) [Orabug: 32439466] {CVE-2021-20196} - hw/block/fdc: Extract blk_create_empty_drive() (Philippe Mathieu-Daude) [Orabug: 32439466] {CVE-2021-20196} - net: vmxnet3: validate configuration values during activate (CVE-2021-20203) (Prasad J Pandit) [Orabug: 32559476] {CVE-2021-20203} - lan9118: switch to use qemu_receive_packet() for loopback (Alexander Bulekov) [Orabug: 32560540] {CVE-2021-3416} - pcnet: switch to use qemu_receive_packet() for loopback (Alexander Bulekov) [Orabug: 32560540] {CVE-2021-3416} - rtl8139: switch to use qemu_receive_packet() for loopback (Alexander Bulekov) [Orabug: 32560540] {CVE-2021-3416} - tx_pkt: switch to use qemu_receive_packet_iov() for loopback (Jason Wang) [Orabug: 32560540] {CVE-2021-3416} - sungem: switch to use qemu_receive_packet() for loopback (Jason Wang) [Orabug: 32560540] {CVE-2021-3416} - dp8393x: switch to use qemu_receive_packet() for loopback packet (Jason Wang) [Orabug: 32560540] {CVE-2021-3416} - e1000: switch to use qemu_receive_packet() for loopback (Jason Wang) [Orabug: 32560540] {CVE-2021-3416} - net: introduce qemu_receive_packet() (Jason Wang) [Orabug: 32560540] {CVE-2021-3416} - target/i386: Populate x86_ext_save_areas offsets using cpuid where possible (Paolo Bonzini) - target/i386: Observe XSAVE state area offsets (Paolo Bonzini) - target/i386: Make x86_ext_save_areas visible outside cpu.c (Paolo Bonzini) - target/i386: Pass buffer and length to XSAVE helper (Paolo Bonzini) - target/i386: Clarify the padding requirements of X86XSaveArea (Paolo Bonzini) - target/i386: Consolidate the X86XSaveArea offset checks (Paolo Bonzini) - target/i386: Declare constants for XSAVE offsets (Paolo Bonzini) [4.2.1-14.el8] - scsi: fix sense code for EREMOTEIO (Paolo Bonzini) [Orabug: 33537443] - scsi: move host_status handling into SCSI drivers (Hannes Reinecke) [Orabug: 33537443] - scsi: inline sg_io_sense_from_errno() into the callers (Hannes Reinecke) [Orabug: 33537443] - scsi-generic: do not snoop the output of failed commands (Paolo Bonzini) [Orabug: 33537443] - scsi: Add mapping for generic SCSI_HOST status to sense codes (Hannes Reinecke) [Orabug: 33537443] - scsi: Rename linux-specific SG_ERR codes to generic SCSI_HOST error codes (Hannes Reinecke) [Orabug: 33537443] - scsi: drop 'result' argument from command_complete callback (Hannes Reinecke) [Orabug: 33537443] - scsi-disk: pass guest recoverable errors through even for rerror=stop (Paolo Bonzini) [Orabug: 33537443] - scsi-disk: pass SCSI status to scsi_handle_rw_error (Paolo Bonzini) [Orabug: 33537443] - scsi: introduce scsi_sense_from_errno() (Paolo Bonzini) [Orabug: 33537443] - scsi-disk: do not complete requests early for rerror/werror=ignore (Paolo Bonzini) [Orabug: 33537443] - scsi-disk: move scsi_handle_rw_error earlier (Paolo Bonzini) [Orabug: 33537443] - scsi-disk: convert more errno values back to SCSI statuses (Paolo Bonzini) [Orabug: 33537443] [4.2.1-13.el8] - pcie: Do not set power state for some hot-plugged devices (Annie Li) [Orabug: 33642532] [4.2.1-12.1.el8] - Update slirp to address various CVEs (Mark Kanda) [Orabug: 32208456] [Orabug: 33014409] [Orabug: 33014414] [Orabug: 33014417] [Orabug: 33014420] {CVE-2020-29129} {CVE-2020-29130} {CVE-2021-3592} {CVE-2021-3593} {CVE-2021-3594} {CVE-2021-3595} - hw/pflash_cfi01: Allow backing devices to be smaller than memory region (David Edmondson) - pcie: expire pending delete (Gerd Hoffmann) [Orabug: 33450706] - pcie: fast unplug when slot power is off (Gerd Hoffmann) [Orabug: 33450706] - pcie: factor out pcie_cap_slot_unplug() (Gerd Hoffmann) [Orabug: 33450706] - pcie: add power indicator blink check (Gerd Hoffmann) [Orabug: 33450706] - pcie: implement slot power control for pcie root ports (Gerd Hoffmann) [Orabug: 33450706] - pci: implement power state (Gerd Hoffmann) [Orabug: 33450706] - hw/pci/pcie: Move hot plug capability check to pre_plug callback (Julia Suvorova) [Orabug: 33450706] - hw/pci/pcie: Replace PCI_DEVICE() casts with existing variable (Julia Suvorova) [Orabug: 33450706] - hw/pci/pcie: Forbid hot-plug if it's disabled on the slot (Julia Suvorova) [Orabug: 33450706] - pcie_root_port: Add hotplug disabling option (Julia Suvorova) [Orabug: 33450706] - qdev-monitor: Forbid repeated device_del (Julia Suvorova) [Orabug: 33450706] - i386:acpi: Remove _HID from the SMBus ACPI entry (Corey Minyard) - uas: add stream number sanity checks (Gerd Hoffmann) [Orabug: 33280793] {CVE-2021-3713} - usbredir: fix free call (Gerd Hoffmann) [Orabug: 33198441] {CVE-2021-3682} - hw/scsi/scsi-disk: MODE_PAGE_ALLS not allowed in MODE SELECT commands (Mauro Matteo Cascella) [Orabug: 33548490] {CVE-2021-3930} - e1000: fix tx re-entrancy problem (Jon Maloy) [Orabug: 32560552] {CVE-2021-20257} - virtio-net-pci: Don't use 'efi-virtio.rom' on AArch64 (Mark Kanda) [Orabug: 33537594] - MAINTAINERS: Add ACPI/HEST/GHES entries (Dongjiu Geng) - target-arm: kvm64: handle SIGBUS signal from kernel or KVM (Dongjiu Geng) - ACPI: Record Generic Error Status Block(GESB) table (Dongjiu Geng) - KVM: Move hwpoison page related functions into kvm-all.c (Dongjiu Geng) - ACPI: Record the Generic Error Status Block address (Dongjiu Geng) - ACPI: Build Hardware Error Source Table (Dongjiu Geng) - ACPI: Build related register address fields via hardware error fw_cfg blob (Dongjiu Geng) - docs: APEI GHES generation and CPER record description (Dongjiu Geng) - hw/arm/virt: Introduce a RAS machine option (Dongjiu Geng) - acpi: nvdimm: change NVDIMM_UUID_LE to a common macro (Dongjiu Geng) - block/curl: HTTP header field names are case insensitive (David Edmondson) [Orabug: 33287589] - block/curl: HTTP header fields allow whitespace around values (David Edmondson) [Orabug: 33287589] [4.2.1-11.el8] - trace: use STAP_SDT_V2 to work around symbol visibility (Stefan Hajnoczi) [Orabug: 33272428] [4.2.1-11.el8] - pvrdma: Fix the ring init error flow (Marcel Apfelbaum) [Orabug: 33120142] {CVE-2021-3608} - pvrdma: Ensure correct input on ring init (Marcel Apfelbaum) [Orabug: 33120146] {CVE-2021-3607} - hw/rdma: Fix possible mremap overflow in the pvrdma device (Marcel Apfelbaum) [Orabug: 33120084] {CVE-2021-3582} - vhost-user-gpu: reorder free calls (Gerd Hoffmann) [Orabug: 32950701] {CVE-2021-3544} - vhost-user-gpu: abstract vg_cleanup_mapping_iov (Li Qiang) [Orabug: 32950716] {CVE-2021-3546} - vhost-user-gpu: fix OOB write in 'virgl_cmd_get_capset' (Li Qiang) [Orabug: 32950716] {CVE-2021-3546} - vhost-user-gpu: fix memory leak in 'virgl_resource_attach_backing' (Li Qiang) [Orabug: 32950701] {CVE-2021-3544} - vhost-user-gpu: fix memory leak in 'virgl_cmd_resource_unref' (Li Qiang) [Orabug: 32950701] {CVE-2021-3544} - vhost-user-gpu: fix memory leak while calling 'vg_resource_unref' (Li Qiang) [Orabug: 32950701] {CVE-2021-3544} - vhost-user-gpu: fix memory leak in vg_resource_attach_backing (Li Qiang) [Orabug: 32950701] {CVE-2021-3544} - vhost-user-gpu: fix resource leak in 'vg_resource_create_2d' (Li Qiang) [Orabug: 32950701] {CVE-2021-3544} - vhost-user-gpu: fix memory disclosure in virgl_cmd_get_capset_info (Li Qiang) [Orabug: 32950708] {CVE-2021-3545} - usb: limit combined packets to 1 MiB (Gerd Hoffmann) [Orabug: 32842778] {CVE-2021-3527} - usb/redir: avoid dynamic stack allocation (Gerd Hoffmann) [Orabug: 32842778] {CVE-2021-3527} - mptsas: Remove unused MPTSASState 'pending' field (Michael Tokarev) [Orabug: 32470463] {CVE-2021-3392} - oslib-posix: initialize backend memory objects in parallel (Mark Kanda) [Orabug: 32555402] - oslib-posix: refactor memory prealloc threads (Mark Kanda) [Orabug: 32555402] [4.2.1-10.el8] - e1000: fail early for evil descriptor (Jason Wang) [Orabug: 32560552] {CVE-2021-20257} - Document CVE-2020-27661 as fixed (Mark Kanda) [Orabug: 32960200] {CVE-2020-27661} - block: Avoid stale pointer dereference in blk_get_aio_context() (Greg Kurz) - block: Fix blk->in_flight during blk_wait_while_drained() (Kevin Wolf) - block: Increase BB.in_flight for coroutine and sync interfaces (Kevin Wolf) - block-backend: Reorder flush/pdiscard function definitions (Kevin Wolf) - i386/pc: let iterator handle regions below 4G (Joao Martins) - arm/virt: Add memory hot remove support (Shameer Kolothum) [Orabug: 32643506] - i386/pc: consolidate usable iova iteration (Joao Martins) - i386/acpi: fix SRAT ranges in accordance to usable IOVA (Joao Martins) - migration: increase listening socket backlog (Elena Ufimtseva) - multifd: Make multifd_save_setup() get an Error parameter (Juan Quintela) - multifd: Make multifd_load_setup() get an Error parameter (Juan Quintela) - migration: fix maybe-uninitialized warning (Marc-Andre Lureau) - migration: Fix the re-run check of the migrate-incoming command (Yury Kotov) - multifd: Initialize local variable (Juan Quintela) - multifd: Be consistent about using uint64_t (Juan Quintela) - Bug #1829242 correction. (Alexey Romko) - migration/multifd: fix destroyed mutex access in terminating multifd threads (Jiahui Cen) - migration/multifd: fix nullptr access in terminating multifd threads (Jiahui Cen) - migration/multifd: not use multifd during postcopy (Wei Yang) - migration/multifd: clean pages after filling packet (Wei Yang) - migration: Make sure that we don't call write() in case of error (Juan Quintela) - migration: fix multifd_send_pages() next channel (Laurent Vivier) - migration/multifd: bypass uuid check for initial packet (Elena Ufimtseva) [Orabug: 32610480] - migration/tls: add error handling in multifd_tls_handshake_thread (Hao Wang) - migration/tls: fix inverted semantics in multifd_channel_connect (Hao Wang) - migration/multifd: do not access uninitialized multifd_recv_state (Elena Ufimtseva) [Orabug: 32795384] - io/channel-tls.c: make qio_channel_tls_shutdown thread-safe (Lukas Straub) - qemu.spec: Enable qemu-guest-agent RPM for OL7 (Karl Heubaum) [Orabug: 32415543] - virtio-net: Set mac address to hardware if the peer is vdpa (Cindy Lu) - net: Add vhost-vdpa in show_netdevs() (Cindy Lu) - vhost-vdpa: Add qemu_close in vhost_vdpa_cleanup (Cindy Lu) - hw/virtio/vhost-vdpa: Fix Coverity CID 1432864 (Philippe Mathieu-Daude) - vhost-vdpa: negotiate VIRTIO_NET_F_STATUS with driver (Si-Wei Liu) - configure: Fix build dependencies with vhost-vdpa. (Laurent Vivier) - configure: simplify vhost condition with Kconfig (Marc-Andre Lureau) - vhost-vdpa: add trace-events (Laurent Vivier) - dma/pl330: Fix qemu_hexdump() usage in pl330.c (Mark Kanda) - util/hexdump: introduce qemu_hexdump_line() (Laurent Vivier) - util/hexdump: Reorder qemu_hexdump() arguments (Philippe Mathieu-Daude) - util/hexdump: Convert to take a void pointer argument (Philippe Mathieu-Daude) - net/colo-compare.c: Only hexdump packets if tracing is enabled (Lukas Straub) - vhost-vdpa: batch updating IOTLB mappings (Jason Wang) - vhost: switch to use IOTLB v2 format (Jason Wang) - vhost-vdpa: remove useless variable (Laurent Vivier) - virtio: vdpa: omit check return of g_malloc (Li Qiang) - vhost-vdpa: fix indentation in vdpa_ops (Stefano Garzarella) - virtio-net: check the existence of peer before accessing vDPA config (Jason Wang) - virtio-pci: fix wrong index in virtio_pci_queue_enabled (Yuri Benditovich) - virtio-pci: fix virtio_pci_queue_enabled() (Laurent Vivier) - vhost-vdpa :Fix Coverity CID 1430270 / CID 1420267 (Cindy Lu) - vhost-vdpa: fix the compile issue without kvm (Cindy Lu) - vhost-vdpa: introduce vhost-vdpa net client (Cindy Lu) - vhost-vdpa: introduce vhost-vdpa backend (Cindy Lu) - linux headers: sync to 5.9-rc4 (Jason Wang) - Linux headers: update (Cornelia Huck) - virtio-net: fix rsc_ext compat handling (Cornelia Huck) - linux-headers: update against Linux 5.7-rc3 (Cornelia Huck) - linux-headers: update (Cornelia Huck) - virtiofsd: Pull in kernel's fuse.h (Dr. David Alan Gilbert) - linux-headers: Update (Bharata B Rao) - linux-headers: Update (Greg Kurz) - vhost_net: introduce set_config & get_config (Cindy Lu) - vhost: implement vhost_force_iommu method (Cindy Lu) - vhost: introduce new VhostOps vhost_force_iommu (Cindy Lu) - vhost: implement vhost_vq_get_addr method (Cindy Lu) - vhost: introduce new VhostOps vhost_vq_get_addr (Cindy Lu) - vhost: implement vhost_dev_start method (Cindy Lu) - vhost: introduce new VhostOps vhost_dev_start (Cindy Lu) - vhost: check the existence of vhost_set_iotlb_callback (Jason Wang) - virtio-pci: implement queue_enabled method (Jason Wang) - virtio-bus: introduce queue_enabled method (Jason Wang) - vhost_net: use the function qemu_get_peer (Cindy Lu) - net: introduce qemu_get_peer (Cindy Lu) - vhost: correctly turn on VIRTIO_F_IOMMU_PLATFORM (Jason Wang) - imx7-ccm: add digprog mmio write method (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469} - tz-ppc: add dummy read/write methods (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469} - spapr_pci: add spapr msi read method (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469} - nvram: add nrf51_soc flash read method (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469} - prep: add ppc-parity write method (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469} - vfio: add quirk device write method (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469} - pci-host: designware: add pcie-msi read method (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469} - hw/pci-host: add pci-intack write method (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469} - oslib-posix: take lock before qemu_cond_broadcast (Bauerchen) [Orabug: 32555402] - oslib-posix: initialize mutex and condition variable (Paolo Bonzini) [Orabug: 32555402] - mem-prealloc: optimize large guest startup (Bauerchen) [Orabug: 32555402] - i386: Add the support for AMD EPYC 3rd generation processors (Babu Moger) - acpi: cpuhp: document CPHP_GET_CPU_ID_CMD command (Igor Mammedov) - acpi: cpuhp: add CPHP_GET_CPU_ID_CMD command (Igor Mammedov) - acpi: cpuhp: spec: add typical usecases (Igor Mammedov) - acpi: cpuhp: spec: clarify store into 'Command data' when 'Command field' == 0 (Igor Mammedov) - acpi: cpuhp: spec: fix 'Command data' description (Igor Mammedov) - acpi: cpuhp: spec: clarify 'CPU selector' register usage and endianness (Igor Mammedov) - acpi: cpuhp: introduce 'Command data 2' field (Igor Mammedov) - x86: ich9: let firmware negotiate 'CPU hot-unplug with SMI' feature (Igor Mammedov) - x86: ich9: factor out 'guest_cpu_hotplug_features' (Igor Mammedov) - x86: acpi: let the firmware handle pending 'CPU remove' events in SMM (Igor Mammedov) - x86: acpi: introduce AcpiPmInfo::smi_on_cpu_unplug (Igor Mammedov) - acpi: cpuhp: introduce 'firmware performs eject' status/control bits (Igor Mammedov) - x68: acpi: trigger SMI before sending hotplug Notify event to OSPM (Igor Mammedov) - x86: acpi: introduce the PCI0.SMI0 ACPI device (Igor Mammedov) - x86: acpi: introduce AcpiPmInfo::smi_on_cpuhp (Igor Mammedov) - x86: ich9: expose 'smi_negotiated_features' as a QOM property (Igor Mammedov) - tests: acpi: mark to be changed tables in bios-tables-test-allowed-diff (Igor Mammedov) - acpi: add aml_land() and aml_break() primitives (Igor Mammedov) - x86: cpuhp: refuse cpu hot-unplug request earlier if not supported (Igor Mammedov) - x86: cpuhp: prevent guest crash on CPU hotplug when broadcast SMI is in use (Igor Mammedov) - x86: lpc9: let firmware negotiate 'CPU hotplug with SMI' features (Igor Mammedov) - q35: implement 128K SMRAM at default SMBASE address (Igor Mammedov) - hw/intc/arm_gic: Fix interrupt ID in GICD_SGIR register (Philippe Mathieu-Daude) [Orabug: 32470471] {CVE-2021-20221} - memory: clamp cached translation in case it points to an MMIO region (Paolo Bonzini) [Orabug: 32252673] {CVE-2020-27821} - hw/sd/sdhci: Fix DMA Transfer Block Size field (Philippe Mathieu-Daude) [Orabug: 32613470] {CVE-2021-3409} [4.2.1-6.el8] - i386/pc: Keep PCI 64-bit hole within usable IOVA space (Joao Martins) - pc/cmos: Adjust CMOS above 4G memory size according to 1Tb boundary (Joao Martins) - i386/pc: Round up the hotpluggable memory within valid IOVA ranges (Joao Martins) - i386/pc: Account IOVA reserved ranges above 4G boundary (Joao Martins) [4.2.1-5.el8] - hostmem: fix default 'prealloc-threads' count (Mark Kanda) - hostmem: introduce 'prealloc-threads' property (Igor Mammedov) - qom: introduce object_register_sugar_prop (Paolo Bonzini) - migration/multifd: Do error_free after migrate_set_error to avoid memleaks (Pan Nengyuan) - multifd/tls: fix memoryleak of the QIOChannelSocket object when cancelling migration (Chuan Zheng) - migration/multifd: fix hangup with TLS-Multifd due to blocking handshake (Chuan Zheng) - migration/tls: add trace points for multifd-tls (Chuan Zheng) - migration/tls: add support for multifd tls-handshake (Chuan Zheng) - migration/tls: extract cleanup function for common-use (Chuan Zheng) - migration/multifd: fix memleaks in multifd_new_send_channel_async (Pan Nengyuan) - migration/multifd: fix nullptr access in multifd_send_terminate_threads (Zhimin Feng) - migration/tls: add tls_hostname into MultiFDSendParams (Chuan Zheng) - migration/tls: extract migration_tls_client_create for common-use (Chuan Zheng) - migration/tls: save hostname into MigrationState (Chuan Zheng) - tests/qtest: add a test case for pvpanic-pci (Mihai Carabas) - pvpanic : update pvpanic spec document (Mihai Carabas) - hw/misc/pvpanic: add PCI interface support (Mihai Carabas) - hw/misc/pvpanic: split-out generic and bus dependent code (Mihai Carabas) - qemu-img: Add --target-is-zero to convert (David Edmondson) - 9pfs: Fully restart unreclaim loop (CVE-2021-20181) (Greg Kurz) [Orabug: 32441198] {CVE-2021-20181} - ide: atapi: check logical block address and read size (CVE-2020-29443) (Prasad J Pandit) [Orabug: 32393835] {CVE-2020-29443} - Document CVE-2019-20808 as fixed (Mark Kanda) [Orabug: 32339196] {CVE-2019-20808} - block/iscsi:fix heap-buffer-overflow in iscsi_aio_ioctl_cb (Chen Qun) [Orabug: 32339207] {CVE-2020-11947} - net: remove an assert call in eth_get_gso_type (Prasad J Pandit) [Orabug: 32102583] {CVE-2020-27617} - nvdimm: honor -object memory-backend-file, readonly=on option (Stefan Hajnoczi) [Orabug: 32265408] - hostmem-file: add readonly=on|off option (Stefan Hajnoczi) [Orabug: 32265408] - memory: add readonly support to memory_region_init_ram_from_file() (Stefan Hajnoczi) [Orabug: 32265408] [4.2.1-4.el8] - Document CVE-2020-25723 as fixed (Mark Kanda) [Orabug: 32222397] {CVE-2020-25723} - hw/net/e1000e: advance desc_offset in case of null descriptor (Prasad J Pandit) [Orabug: 32217517] {CVE-2020-28916} - i386: Add 2nd Generation AMD EPYC processors (Babu Moger) [Orabug: 32217570] - libslirp: Update version to include CVE fixes (Mark Kanda) [Orabug: 32208456] [Orabug: 32208462] {CVE-2020-29129} {CVE-2020-29130} - Document CVE-2020-25624 as fixed (Mark Kanda) [Orabug: 32212527] {CVE-2020-25624} - pvpanic: Advertise the PVPANIC_CRASHLOADED event support (Paolo Bonzini) [Orabug: 32102853] - ati: check x y display parameter values (Prasad J Pandit) [Orabug: 32108251] {CVE-2020-27616} - Add AArch64 support for QMP regdump tool and sosreport plugin (Mark Kanda) [Orabug: 32080658] - Add qemu_regdump sosreport plugin support for '-mon' QMP sockets (Mark Kanda) - migration/dirtyrate: present dirty rate only when querying the rate has completed (Chuan Zheng) - migration/dirtyrate: record start_time and calc_time while at the measuring state (Chuan Zheng) - migration/dirtyrate: Add trace_calls to make it easier to debug (Chuan Zheng) - migration/dirtyrate: Implement qmp_cal_dirty_rate()/qmp_get_dirty_rate() function (Chuan Zheng) - migration/dirtyrate: Implement calculate_dirtyrate() function (Chuan Zheng) - migration/dirtyrate: Implement set_sample_page_period() and is_sample_period_valid() (Chuan Zheng) - migration/dirtyrate: skip sampling ramblock with size below MIN_RAMBLOCK_SIZE (Chuan Zheng) - migration/dirtyrate: Compare page hash results for recorded sampled page (Chuan Zheng) - migration/dirtyrate: Record hash results for each sampled page (Chuan Zheng) - migration/dirtyrate: move RAMBLOCK_FOREACH_MIGRATABLE into ram.h (Chuan Zheng) - migration/dirtyrate: Add dirtyrate statistics series functions (Chuan Zheng) - migration/dirtyrate: Add RamblockDirtyInfo to store sampled page info (Chuan Zheng) - migration/dirtyrate: add DirtyRateStatus to denote calculation status (Chuan Zheng) - migration/dirtyrate: setup up query-dirtyrate framwork (Chuan Zheng) - ram_addr: Split RAMBlock definition (Juan Quintela) [4.2.1-3.el8] - qemu-kvm.spec: Install block storage module RPMs by default (Karl Heubaum) [Orabug: 31943789] - qemu-kvm.spec: Enable block-ssh module RPM (Karl Heubaum) [Orabug: 31943763] - hw: usb: hcd-ohci: check for processed TD before retire (Prasad J Pandit) [Orabug: 31901690] {CVE-2020-25625} - hw: usb: hcd-ohci: check len and frame_number variables (Prasad J Pandit) [Orabug: 31901690] {CVE-2020-25625} - hw: ehci: check return value of 'usb_packet_map' (Li Qiang) [Orabug: 31901649] {CVE-2020-25084} - hw: xhci: check return value of 'usb_packet_map' (Li Qiang) [Orabug: 31901649] {CVE-2020-25084} - usb: fix setup_len init (CVE-2020-14364) (Gerd Hoffmann) [Orabug: 31848849] {CVE-2020-14364} - Document CVE-2020-12829 and CVE-2020-14415 as fixed (Mark Kanda) [Orabug: 31855502] [Orabug: 31855427] {CVE-2020-12829} {CVE-2020-14415} [4.2.1-2.el8] - hw/net/xgmac: Fix buffer overflow in xgmac_enet_send() (Mauro Matteo Cascella) [Orabug: 31667649] {CVE-2020-15863} - hw/net/net_tx_pkt: fix assertion failure in net_tx_pkt_add_raw_fragment() (Mauro Matteo Cascella) [Orabug: 31737809] {CVE-2020-16092} - migration: fix memory leak in qmp_migrate_set_parameters (Zheng Chuan) [Orabug: 31806256] - virtio-net: fix removal of failover device (Juan Quintela) [Orabug: 31806255] - pvpanic: introduce crashloaded for pvpanic (zhenwei pi) [Orabug: 31677154] [4.2.1-1.el8] - hw/sd/sdcard: Do not switch to ReceivingData if address is invalid (Philippe Mathieu-Daude) [Orabug: 31414336] {CVE-2020-13253} - hw/sd/sdcard: Update coding style to make checkpatch.pl happy (Philippe Mathieu-Daude) [Orabug: 31414336] - hw/sd/sdcard: Do not allow invalid SD card sizes (Philippe Mathieu-Daude) [Orabug: 31414336] {CVE-2020-13253} - hw/sd/sdcard: Simplify realize() a bit (Philippe Mathieu-Daude) [Orabug: 31414336] - hw/sd/sdcard: Restrict Class 6 commands to SCSD cards (Philippe Mathieu-Daude) [Orabug: 31414336] - libslirp: Update to v4.3.1 to fix CVE-2020-10756 (Karl Heubaum) [Orabug: 31604999] {CVE-2020-10756} - Document CVEs as fixed 2/2 (Karl Heubaum) [Orabug: 30618035] {CVE-2017-18043} {CVE-2018-10839} {CVE-2018-11806} {CVE-2018-12617} {CVE-2018-15746} {CVE-2018-16847} {CVE-2018-16867} {CVE-2018-17958} {CVE-2018-17962} {CVE-2018-17963} {CVE-2018-18849} {CVE-2018-19364} {CVE-2018-19489} {CVE-2018-3639} {CVE-2018-5683} {CVE-2018-7550} {CVE-2018-7858} {CVE-2019-12068} {CVE-2019-15034} {CVE-2019-15890} {CVE-2019-20382} {CVE-2020-10702} {CVE-2020-10761} {CVE-2020-11102} {CVE-2020-11869} {CVE-2020-13361} {CVE-2020-13765} {CVE-2020-13800} {CVE-2020-1711} {CVE-2020-1983} {CVE-2020-8608} - Document CVEs as fixed 1/2 (Karl Heubaum) [Orabug: 30618035] {CVE-2017-10806} {CVE-2017-11334} {CVE-2017-12809} {CVE-2017-13672} {CVE-2017-13673} {CVE-2017-13711} {CVE-2017-14167} {CVE-2017-15038} {CVE-2017-15119} {CVE-2017-15124} {CVE-2017-15268} {CVE-2017-15289} {CVE-2017-16845} {CVE-2017-17381} {CVE-2017-18030} {CVE-2017-2630} {CVE-2017-2633} {CVE-2017-5715} {CVE-2017-5753} {CVE-2017-5754} {CVE-2017-5931} {CVE-2017-6058} {CVE-2017-7471} {CVE-2017-7493} {CVE-2017-8112} {CVE-2017-8309} {CVE-2017-8379} {CVE-2017-8380} {CVE-2017-9503} {CVE-2017-9524} {CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2018-16872} {CVE-2018-20123} {CVE-2018-20124} {CVE-2018-20125} {CVE-2018-20126} {CVE-2018-20191} {CVE-2018-20216} {CVE-2018-20815} {CVE-2019-11091} {CVE-2019-12155} {CVE-2019-14378} {CVE-2019-3812} {CVE-2019-5008} {CVE-2019-6501} {CVE-2019-6778} {CVE-2019-8934} {CVE-2019-9824} - qemu-kvm.spec: Add .spec file for OL8 (Karl Heubaum) [Orabug: 30618035] - qemu.spec: Add .spec file for OL7 (Karl Heubaum) [Orabug: 30618035] - qemu-submodule-init: Add Git submodule init script (Karl Heubaum) [Orabug: 30618035] - vhost.conf: Initial vhost.conf (Karl Heubaum) [Orabug: 30618035] - parfait: Add buildrpm/parfait-qemu.conf (Karl Heubaum) [Orabug: 30618035] - virtio: Set PCI subsystem vendor ID to Oracle (Karl Heubaum) [Orabug: 30618035] - qemu_regdump.py: Initial qemu_regdump.py (Karl Heubaum) [Orabug: 30618035] - qmp-regdump: Initial qmp-regdump (Karl Heubaum) [Orabug: 30618035] - bridge.conf: Initial bridge.conf (Karl Heubaum) [Orabug: 30618035] - kvm.conf: Initial kvm.conf (Karl Heubaum) [Orabug: 30618035] - 80-kvm.rules: Initial 80-kvm.rules (Karl Heubaum) [Orabug: 30618035] - exec: set map length to zero when returning NULL (Prasad J Pandit) [Orabug: 31439733] {CVE-2020-13659} - megasas: use unsigned type for reply_queue_head and check index (Prasad J Pandit) [Orabug: 31414338] {CVE-2020-13362} - memory: Revert 'memory: accept mismatching sizes in memory_region_access_valid' (Michael S. Tsirkin) [Orabug: 31439736] [Orabug: 31452202] {CVE-2020-13754} {CVE-2020-13791} [4.1.1-3.el8] - buildrpm/spec files: Don't package elf2dmp (Karl Heubaum) [Orabug: 31657424] - qemu-kvm.spec: Enable the block-curl package (Karl Heubaum) [Orabug: 31657424] - qemu.spec: enable have_curl in spec (Dongli Zhang) [Orabug: 31657424] [4.1.1-2.el8] - Document CVE-2020-13765 as fixed (Karl Heubaum) [Orabug: 31463250] {CVE-2020-13765} - kvm: Reallocate dirty_bmap when we change a slot (Dr. David Alan Gilbert) [Orabug: 31076399] - kvm: split too big memory section on several memslots (Igor Mammedov) [Orabug: 31076399] - target/i386: do not set unsupported VMX secondary execution controls (Vitaly Kuznetsov) [Orabug: 31463710] - target/i386: add VMX definitions (Paolo Bonzini) [Orabug: 31463710] - ati-vga: check mm_index before recursive call (CVE-2020-13800) (Prasad J Pandit) [Orabug: 31452206] {CVE-2020-13800} - es1370: check total frame count against current frame (Prasad J Pandit) [Orabug: 31463235] {CVE-2020-13361} - ati-vga: Fix checks in ati_2d_blt() to avoid crash (BALATON Zoltan) [Orabug: 31238432] {CVE-2020-11869} - libslirp: Update to stable-4.2 to fix CVE-2020-1983 (Karl Heubaum) [Orabug: 31241227] {CVE-2020-1983} - Document CVEs as fixed (Karl Heubaum) {CVE-2019-12068} {CVE-2019-15034} - libslirp: Update to version 4.2.0 to fix CVEs (Karl Heubaum) [Orabug: 30274592] [Orabug: 30869830] {CVE-2019-15890} {CVE-2020-8608} - target/i386: add support for MSR_IA32_TSX_CTRL (Paolo Bonzini) [Orabug: 31124041] - qemu-img: Add --target-is-zero to convert (David Edmondson) - vnc: fix memory leak when vnc disconnect (Li Qiang) [Orabug: 30996427] {CVE-2019-20382} - iscsi: Cap block count from GET LBA STATUS (CVE-2020-1711) (Felipe Franciosi) [Orabug: 31124035] {CVE-2020-1711} - qemu.spec: Remove 'BuildRequires: kernel' (Karl Heubaum) [Orabug: 31124047] seabios sgabios supermin [5.2.1-2.0.1.el8] - Rebuild [Orabug: 35720304] [5.2.1-2.el8] - Supermin should ignore +debug kernels resolves: rhbz#2051332 - Add copy-patches script. [5.2.1-1.el8] - Resolves: bz#2000225 (Rebase virt:rhel module:stream based on AV-8.6) [5.1.19] - Resolves: bz#1810193 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release) [5.1.19-9] - Rebuild all virt packages to fix RHEL's upgrade path - Resolves: rhbz#1695587 (Ensure modular RPM upgrade path) [5.1.19-8] - Pass CFLAGS & LDFLAGS to final supermin link resolves: rhbz#1624175 [5.1.19-7] - Rebuild for OCaml 4.07.0. [5.1.19-6] - Drop dietlibc in RHEL 8 resolves: rhbz#1588067 [5.1.19-5] - Bump release and rebuild. [5.1.19-4] - Reenable hardened build [5.1.19-3] - Fix bytes/string problems. [5.1.19-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [5.1.19-1] - New upstream version 5.1.19. - Remove all patches, now upstream. [5.1.18-5] - Rebuilt for RPM soname bump [5.1.18-4] - Fix supermin crash with truncated vmlinuz file (RHBZ#1477758). - Include all upstream patches since 5.1.18. [5.1.18-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [5.1.18-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [5.1.18-1] - New upstream release 5.1.18. - Fixes problem with creating incorrect symlinks (RHBZ#1470157). [5.1.17-5] - Enable dietlibc on aarch64 and POWER. [5.1.17-4] - Drop dependency on hawkey and versioned dependencies on dnf. [5.1.17-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [5.1.17-2] - Rebuild for OCaml 4.04.0. [5.1.17-1] - New upstream release 5.1.17. - Check signature on the tarball before unpacking it. - Remove patches, all upstream. [5.1.16-6] - Switch to dietlibc on s390x [5.1.16-5] - Do not break the binary on interpreted builds (#1375213) [5.1.16-4] - Add all upstream patches since 5.1.16 was released. [5.1.16-3] - Add upstream patch for DAX / vNVDIMM support. [5.1.16-2] - New upstream version 5.1.16. - Drop all patches since they are upstream. - Depend on systemd-udev to work around RHBZ#1331012. [5.1.15-2] - Add all upstream patches since 5.1.15 was released. - These should improve boot performance and initrd size. [5.1.15-1] - New upstream version 5.1.15. - Remove all patches, since they are now included in this version. - Enable dietlibc, remove glibc-static, xz-static, zlib-static. [5.1.14-4] - Add more patches since 5.1.14. [5.1.14-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [5.1.14-2] - Add all patches since 5.1.14. [5.1.14-1] - New upstream version 5.1.14. - Remove all patches - now upstream. [5.1.13-4] - Pull in all upstream patches since 5.1.13. - Choose providers better (RHBZ#1266918). - Use autopatch. - Explicitly depend on pod2html. [5.1.13-3] - Bump version to rebuild against new RPM in Rawhide. [5.1.13-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [5.1.13-1] - New upstream version 5.1.13. - Remove patch, now upstream. [5.1.12-11] - Prefer 'dnf download' over 'yumdownloader' (again). - BR grubby for the tests to work. [5.1.12-9] - Revert back to yumdownloader (RHBZ#1186948). [5.1.12-8] - Prefer 'dnf download' over 'yumdownloader'. [5.1.12-7] - Disable hardened build again. See RHBZ#1202091 RHBZ#1204162. [5.1.12-6] - Enable hardening flags by building the static 'init' specially before the main build. - Use _smp_mflags. [5.1.12-4] - Add a -devel subpackage containing automated RPM dependency generator for supermin appliances. [5.1.12-2] - Disable hardened build as it breaks building the static 'init' binary. [5.1.12-1] - New upstream version 5.1.12. - Includes ARM fix: lpae kernels can now be booted (RHBZ#1199733). [5.1.11-2] - Rebuild for xz-5.2.0 in Rawhide (RHBZ#1179252). [5.1.11-1] - New upstream version 5.1.11. [5.1.10-2] - Update to upstream commit d78c898c7e2bc5f12cbebef98b95a7908d9120f1. - BR rpm-devel, since it is now used instead of invoking rpm. - BR automake and autoconf, and run autoreconf (configure.ac is modified by the patches). [5.1.10-1] - New upstream version 5.1.10. - Remove patch which is now included upstream. [5.1.9-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild [5.1.9-2] - Add upstream patch to avoid endless loop in Rawhide. [5.1.9-1] - New upstream version 5.1.9. - Remove patches which are now upstream. [5.1.8-9] - Add Requires findutils (RHBZ#1113029). [5.1.8-8] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [5.1.8-7] - Add patch to fix RPM handler when filenames may contain spaces. [5.1.8-4] - Skip execstack test on Fedora 20 (ARM only). [5.1.8-3] - BR xz-static & xz-devel packages, to support xz-compressed kernel modules. [5.1.8-1] - New upstream version 5.1.8. - Remove patches which are now upstream. [5.1.7-3] - Add upstream patch which removes need to run execstack (RHBZ#1093261). [5.1.7-2] - Add patch to fix quoting around mke2fs parameter (RHBZ#1084960). [5.1.7-1] - New upstream version 5.1.7. - Remove ppc64p7 patch which is now upstream. [5.1.6-5] - Requires tar, which is not installed in an @Core installation. [5.1.6-4] - Add upstream patch to fix supermin on ppc64p7. [5.1.6-3] - New upstream version 5.1.6. - Fix tests. [5.1.5-2] - Disable execstack on aarch64. It comes from prelink which does not exist on aarch64. [5.1.5-1] - New upstream version 5.1.5. [5.1.3-1] - New upstream version 5.1.3. [5.1.2-1] - New upstream version 5.1.2. - Fixes a serious bug in --build mode. [5.1.1-1] - New upstream version 5.1.1. - Remove patch which is now upstream. [5.1.0-3] - Add BR yum-utils (for yumdownloader). - Add upstream patch which stops duplicate packages appearing. [5.1.0-2] - New upstream version 5.1.0. - Note this is effectively a rewrite, and is not completely compatible. - There is no separate 'supermin-helper' subpackage any more. - Requires rpm instead of yum. [4.1.6-2] - New upstream version 4.1.6. - Should fix all autotools brokenness. - Man pages are now all in section 1. - Remove patch which is now upstream. - +BR /usr/bin/execstack (from prelink). [4.1.5-5] - Rerun autoreconf to fix autotools brokenness. [4.1.5-4] - Why was prelink required? Remove it. [4.1.5-3] - correct Obsoletes version for febootstrap and febootstrap-supermin-helper [4.1.5-2] - (For ARM) Don't crash if SUPERMIN_DTB is set and --dtb not specified. [4.1.5-1] - New upstream version 4.1.5. - Has (optionally) a new command line syntax. - Supports device trees for ARM. [4.1.4-1] - New upstream version 4.1.4. - Supports compressed cpio image files, experimentally. [4.1.3-1] - New upstream version 4.1.3. - Remove patch which is now upstream. - Add examples directory to documentation. [4.1.2-2] - Include upstream patch to get correct directory setgid/sticky bits in the appliance. [4.1.2-1] - New upstream version 4.1.2. - Remove patch which is now upstream. [4.1.1-2] - Add upstream patch to ignore ghost non-regular files. - This fixes builds on Fedora 20 because the filesystem package has been changed so /var/lock and /var/run are marked as ghost. [4.1.1-1] - New upstream version 4.1.1. - The program has been renamed 'supermin' from 'febootstrap'. - Obsolete, but don't Provide because supermin is not a compatible replacement. - Use '_isa' to specify architecture of supermin-helper subpackage. [1:3.21-2] - Add upstream patch to drop supplemental groups (RHBZ#902476). - Remove 'Group:' RPM headers which are no longer necessary. - Remove some commented-out requirements. [1:3.21-1] - New upstream version 3.21. [1:3.20-1] - New upstream version 3.20. [1:3.19-2] - Work around brokenness in yum (RHBZ#850913). - Remove defattr, no longer required. [1:3.19-1] - New upstream version 3.19. [3.18-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [3.18-1] - New upstream version 3.18. - This adds support for EPEL 5. [3.17-1] - New upstream version 3.17. [3.16-1] - New upstream version 3.16. [3.15-1] - New upstream version 3.15. - This version includes root=<device> support, needed for libguestfs with virtio-scsi. - Remove upstream patch. [3.14-6] - For RHEL 7 only, add ExclusiveArch x86-64. [3.14-5] - Bundled gnulib (RHBZ#821752). [3.14-4] - Add back explicit dependencies for external programs. [3.14-3] - Drop ExclusiveArch as it's supported on all primary & secondary arches - Cleanup spec and deps [3.14-2] - New upstream version 3.14. - Add upstream patch to fix RHBZ#808421. [3.13-4] - e2fsprogs moved /sbin/mke2fs to /usr/sbin (thanks Eric Sandeen). [3.13-2] - Missing BR zlib-static. [3.13-1] - New upstream version 3.13. - Remove upstream patch which is included in this version. [3.12-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [3.12-4] - Depend on latest e2fsprogs (RHBZ#771310). [3.12-2] - Include upstream patch to work around Python stupidity. [3.12-1] - New upstream version 3.12. - Remove upstream patch which is included in this version. [3.11-2] - Add upstream patch to fix febootstrap on non-Debian. [3.11-1] - New upstream version 3.11. [3.10-1] - New upstream version 3.10. [3.9-1] - New upstream version 3.9. [3.8-1] - New upstream version 3.8. [3.7-1] - New upstream version 3.7. [3.6-1] - New upstream version 3.6. - This version no longer needs external insmod.static. [3.5-1] - New upstream version 3.5. - Remove patch which is now upstream. [3.4-2] - Don't fail if objects are created in a symlinked dir (RHBZ#698089). [3.4-1] - New upstream version 3.4. - febootstrap-supermin-helper Obsoletes older versions of febootstrap. [3.3-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [3.3-4] - Split package into febootstrap (for building) and febootstrap-supermin-helper (for running). Note that febootstrap depends on febootstrap-supermin-helper, but you can install febootstrap-supermin-helper on its own. [3.3-3] - Clear executable stack flag on febootstrap-supermin-helper. [3.3-2] - add the ocaml's ExclusiveArch [3.3-1] - New upstream version 3.3. [3.2-1] - New upstream version 3.2. - Remove upstream patches. [3.1-5] - Previous fix for RHBZ#654638 didn't work, fix it correctly. [3.1-4] - Properly ignore .*.hmac files (accidental reopening of RHBZ#654638). [3.1-3] - Uses yumdownloader at runtime, so require yum-utils. [3.1-2] - New upstream version 3.1. - BR insmod.static. [3.0-2] - New upstream version 3.0 (note this is incompatible with 2.x). - Fix upstream URLs. - fakeroot, fakechroot no longer required. - insmod.static is required at runtime (missing dependency from earlier). - The only programs are 'febootstrap' and 'febootstrap-supermin-helper'. - BR ocaml, ocaml-findlib-devel. - No examples are provided with this version of febootstrap. [2.11-1] - New upstream version 2.11. - Fixes 'ext2fs_mkdir .. No free space in directory' bug which affects libguestfs on rawhide. [2.10-1] - New upstream version 2.10. - Adds -u and -g options to febootstrap-supermin-helper which are required by virt-v2v. [2.9-1] - New upstream version 2.9. - Fixes directory ordering problem in febootstrap-supermin-helper. [2.8-1] - New upstream version 2.8. [2.8-0.2] - New pre-release version of 2.8. + Note this is based on 2.7 + mailing list patches. - New BRs on mke2fs, libext2fs, glibc-static. [2.7-2] - New upstream version 2.7. - febootstrap-supermin-helper shell script rewritten in C for speed. - This package contains C code so it is no longer 'noarch'. - MAKEDEV isn't required. [2.6-1] - New upstream release 2.6. - Recheck package in rpmlint. [2.5-2] - New upstream release 2.5. - Remove BR upx (not needed by upstream). - Two more scripts / manpages. [2.4-1] - New upstream release 2.4. [2.3-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [2.3-1] - New upstream release 2.3. [2.2-1] - New upstream release 2.2. [2.0-1] - New upstream release 2.0. [1.9-1] - New upstream release 1.9. [1.8-1] - New upstream release 1.8. [1.7-1] - New upstream release 1.7. [1.5-3] - Configure script has (unnecessary) BuildRequires on fakeroot, fakechroot, yum. [1.5-2] - Initial build for Fedora. swtpm virt-v2v IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-26328 CVE-2024-26327 CVE-2024-4418 CVE-2024-4467 CVE-2024-3446 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:linux:8::kvm_appstream Oracle Linux 8 hivex libguestfs libguestfs-winsupport [8.6-1] - Rebase to ntfs-3g 2021.8.22 - Fixes: CVE-2021-33285, CVE-2021-33286, CVE-2021-33287, CVE-2021-33289, CVE-2021-35266, CVE-2021-35267, CVE-2021-35268, CVE-2021-35269, CVE-2021-39251, CVE-2021-39252, CVE-2021-39253, CVE-2021-39254 resolves: rhbz#2004490 [8.2-1.el8] - Resolves: bz#2000225 (Rebase virt:rhel module:stream based on AV-8.6) [8.2] - Resolves: bz#1810193 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release) [8.0-4] - Rebuild all virt packages to fix RHEL's upgrade path - Resolves: rhbz#1695587 (Ensure modular RPM upgrade path) [8.0-3] - Fix for CVE-2019-9755 (heap-based buffer overflow leads to local root privilege escalation) resolves: rhbz#1698503 [8.0-2] - Fix for ntfsclone crash (RHBZ#1601146). [8.0-1] - Rebase to 2017.3.23. - Remove patches which are now upstream. - Resynch with Fedora package. - Enable all architectures for RHEL 8. [7.2-2] - Fix for handling guest filenames with invalid or incomplete multibyte or wide characters resolves: rhbz#1301593 [7.2-1] - Rebase and rebuild for RHEL 7.2 resolves: rhbz#1240278 [7.1-6] - Bump version and rebuild. related: rhbz#1221583 [7.1-5] - Enable aarch64 architecture. resolves: rhbz#1221583 [7.1-4] - Enable debuginfo support and stripping. resolves: rhbz#1100319 [7.1-3] - Add patches from Fedora package which add fstrim support. resolves: rhbz#1100319 [7.1-2] - New package for RHEL 7.1 - Rebase to ntfs-3g 2014.2.15 resolves: rhbz#1100319 - Change the package so it works with supermin5. - Remove dependency on external FUSE. [7.0-2] - Resync against Rawhide package (ntfs-3g 2013.1.13). - Drop HAL file since HAL is dead. resolves: rhbz#819939 [7.0-1] - New package for RHEL 7 resolves: rhbz#819939 - Resync against Rawhide package. [1.0-7] - Disable debuginfo package. resolves: RHBZ#691555. [1.0-6] - Require libguestfs 1.7.17 (newer version in RHEL 6.1). - Require febootstrap-supermin-helper instead of febootstrap resolves: RHBZ#670299. [1.0-5] - Make sure intermediate lib* directories are created in hostfiles (RHBZ#603429) [1.0-4] - Requires fuse-libs (RHBZ#599300). [1.0-3] - ExclusiveArch x86_64. [1.0-2] - Package Windows support for libguestfs. libiscsi libnbd [1.6.0-5.el8] - Fix CVE-2022-0485: Fail nbdcopy if NBD read or write fails resolves: rhbz#2045718 [1.6.0-4.el8] - Resolves: bz#2000225 (Rebase virt:rhel module:stream based on AV-8.6) [1.2.2] - Resolves: bz#1844296 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release) [1.2.2-1] - New stable release 1.2.2. [1.2.1-1] - New stable release 1.2.1. [1.2.0-1] - New stable release 1.2.0. [1.0.3-1] - New upstream version 1.0.3. - Contains fix for remote code execution vulnerability. - Add new libnbd-security(3) man page. [1.0.2-1] - New upstream version 1.0.2. - Remove patches which are upstream. - Contains fix for NBD Protocol Downgrade Attack (CVE-2019-14842). - Fix previous commit message. [1.0.1-2] - Add upstream patch to fix nbdsh (for nbdkit tests). - Fix interop tests on slow machines. [1.0.1-1] - New stable version 1.0.1. [1.0.0-1] - New upstream version 1.0.0. [0.9.9-2] - Rebuilt for Python 3.8 [0.9.9-1] - New upstream version 0.9.9. [0.9.8-4] - Fix nbdkit dependencies so we're actually running the tests. - Add glib2-devel BR so we build the glib main loop example. - Add upstream patch to fix test error: nbd_connect_unix: getlogin: No such device or address - Fix test failure on 32 bit. [0.9.8-3] - Bump and rebuild to fix releng brokenness. https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/2LIDI33G3IEIPYSCCIP6WWKNHY7XZJGQ/ [0.9.8-2] - Rebuilt for Python 3.8 [0.9.8-1] - New upstream version 0.9.8. - Package the new nbd_*(3) man pages. [0.9.7-1] - New upstream version 0.9.7. - Add libnbd-ocaml(3) man page. [0.9.6-2] - Add all upstream patches since 0.9.6 was released. - Package the ocaml bindings into a subpackage. [0.9.6-1] - New upstream verison 0.9.6. [0.1.9-1] - New upstream version 0.1.9. [0.1.8-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild [0.1.8-1] - New upstream version 0.1.8. [0.1.7-1] - New upstream version 0.1.7. [0.1.6-1] - New upstream version 0.1.6. [0.1.5-1] - New upstream version 0.1.5. [0.1.4-1] - New upstream version 0.1.4. [0.1.2-2] - Enable libxml2 for NBD URI support. [0.1.2-1] - New upstream version 0.1.2. [0.1.1-1] - Fix license in man pages and examples. - Add nbdsh(1) man page. - Include the signature and keyring even if validation is disabled. - Update devel subpackage license. - Fix old FSF address in Python tests. - Filter Python provides. - Remove executable permission on the tar.gz.sig file. - Initial release. libtpms [0.9.1-0.20211126git1ff6fe1f43] - Rebase to 0.9.1 (sync with RHEL9) Resolves: rhbz#2029355 [0.7.4-6.20201106git2452a24dab] - Fix CVE-2021-3746 libtpms: out-of-bounds access via specially crafted TPM 2 command packets Resolves: rhbz#1999307 [0.7.4-5.20201106git2452a24dab] - Fix CVE-2021-3623: out-of-bounds access when trying to resume the state of the vTPM Fixes: rhbz#1976816 [0.7.4-4.20201106git2452a24dab] - tpm2: CryptSym: fix AES output IV Fixes: rhbz#1942904 [0.7.4-3.20201106git2452a24dab] - Add git as build dependency Related: rhbz#1858821 [0.7.4-2.20201106git2452a24dab] - tpm2: Return properly sized array for b parameter for NIST P521 (HLK) #180 Fixes: rhbz#1858821 [0.7.4-1.20201106git2452a24dab] - Follow stable-0.7.0 branch to v0.7.4 with security-related fixes. Fixes: rhbz#1893444 [0.7.3-1.20200818git1d392d466a] - Update to v0.7.3 stable, fixes rhbz#1868447 - (includes 'tpm2: fix PCRBelongsTCBGroup for PCClient') [0.7.2-1.20200527git7325acb477] - Update to v0.7.2 stable snapshot, fixes rhbz#1809676 - exclude i686 build - Following stable-0.7.0 branch for TPM 2 related fixes: RSA decryption, PSS salt length, symmetric decryption (padding) - Under certain circumstances an RSA decryption could cause a buffer overflow causing termination of the program (swtpm) - Following stable-0.7.0 branch for TPM 2 related fixes; v0.7.1 + gcc related patch - elliptic curve fixes - MANUFACTURER changed from 'IBM ' to 'IBM' - gcc 10 related fix - Following stable-0.7.0 branch for TPM 1.2 related bugfix [0.7.0-1.20191018gitdc116933b7] - RHEL8.1.1 update - Update to v0.7.0 stable snapshot [0.6.1-0.20190121git9dc915572b.2] - RHEL8.1 build [0.6.1-0.20190121git9dc915572b.1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild [0.6.1-0.20190121git9dc915572b] - Libtpms was updated to rev. 150 of TPM 2.0 code - following branch stable-0.6.0 [0.6.0-0.20181211gitba56737b93] - Following bugfixes in libtpms [0.6.0-0.20181031git0466fcf6a4] - Following improvements in libtpms * Tue Sep 18 2018 Stefan Berger <stefanb@linux.vnet.ibm.com - 0.6.0-0.20180918gite8e8633089 - Fixed changelog * Mon Sep 17 2018 Stefan Berger <stefanb@linux.vnet.ibm.com - 0.6.0-0.20180917gite8e8633089 - Build snapshot from git after libtpms fix. [0.6.0-0.20180914git4111bd1bcf] - Build snapshot from git, simplify spec [0.5.2-12] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild [0.5.2-11] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [0.5.2-10] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [0.5.2-9] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [0.5.2-8] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [0.5.2-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [0.5.2-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [0.5.2-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Aug 16 2014 Stefan Berger - 0.5.2-3 - do not include libtpms.la in rpm * Mon Jul 14 2014 Stefan Berger - 0.5.2-2 - Added patches * Mon Jun 30 2014 Stefan Berger - 0.5.2-1 - Updated to version 0.5.2 - coverity fixes - fixes for ARM64 using __aarch64__ [0.5.1-20.1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [0.5.1-19] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Mon Mar 25 2013 Stefan Berger - 0.5.1-18 - Ran autoreconf for support of aarch64 - Checking for __arm64__ in code [0.5.1-17] - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild [0.5.1-16] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [0.5.1-15] - Add dist tag as required by package guidelines * Fri Jan 27 2012 Stefan Berger - 0.5.1-14 - fix gcc-4.7 compilation problem [0.5.1-13] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [0.5.1-12] - fix build on secondary arches * Wed Nov 02 2011 Stefan Berger - 0.5.1-11 - added (lib)gmp as runtime dependency * Sat Oct 08 2011 Stefan Berger - 0.5.1-10 - internal fixes; callback fixes * Tue Aug 30 2011 Stefan Berger - 0.5.1-9 - new directory structure and build process * Tue Jul 12 2011 Stefan Berger - 0.5.1-8 - added pkgconfig as build dependency - enabling __powerpc__ build following Bz 728220 * Wed May 25 2011 Stefan Berger - 0.5.1-7 - increasing NVRAM area space to have enough room for certificates * Wed May 25 2011 Stefan Berger - 0.5.1-6 - adding libtpms.pc pkg-config file * Wed Apr 13 2011 Stefan Berger - 0.5.1-5 - adding BuildRequires for nss-softokn-freebl-static - several libtpms-internal changes around state serialization and deserialization - fixes to libtpms makefile (makefile-libtpms) - adding build_type to generate a debug or production build - need nss-devel to have nss-config * Tue Mar 08 2011 Stefan Berger - 0.5.1-4 - small fixes to libtpms makefile * Fri Feb 25 2011 Stefan Berger - 0.5.1-3 - removing release from tar ball name - Use {?_smp_mflags} for make rather than hardcoding it - Fixing post and postun scripts; removing the scripts for devel package - Fixing usage of defattr - Adding version information into the changelog headers and spaces between the changelog entries - Adding LICENSE, README and CHANGELOG file into tar ball and main rpm - Removing clean section - removed command to clean the build root - adding library version to the libries required for building and during runtime - Extended Requires in devel package with {?_isa} * Fri Feb 18 2011 Stefan Berger - 0.5.1-2 - make rpmlint happy by replacing tabs with spaces - providing a valid URL for the tgz file - release is now 2 -> 0.5.1-2 * Mon Jan 17 2011 Stefan Berger - 0.5.1-1 - Update version to 0.5.1 * Fri Jan 14 2011 Stefan Berger - 0.5.0-1 - Changes following Fedora review comments * Thu Dec 02 2010 Stefan Berger - Small tweaks after reading the FedoreCore packaging requirements * Tue Nov 16 2010 Stefan Berger - Created initial version of rpm spec files - Version of library is now 0.5.0 - Debuginfo rpm is built but empty -- seems to be a known problem Check https://bugzilla.redhat.com/show_bug.cgi?id=209316 libvirt [7.10.0-4.el8] - rpc: ensure temporary GSource is removed from client event loop (Daniel P. Berrange) [Orabug: 36821476] {CVE-2024-4418} - Fix off-by-one error in udevListInterfacesByStatus (Martin Kletzander) [Orabug: 36364471] {CVE-2024-1441} [7.10.0-3.el8] - virpci: Resolve leak in virPCIVirtualFunctionList cleanup (Tim Shearer) [Orabug: 35395469] {CVE-2023-2700} [7.10.0-2.el8] - remote: do not stop libvirtd after period of inactivity (Menno Lageman) [Orabug: 34069688] [7.10.0-1.el8] - Update to libvirt 7.10.0 (Wim ten Have) [7.9.0-1.el8] - Update to libvirt 7.9.0 (Wim ten Have) [5.7.0-31.el8] - qemu: Do not latch guestCPUs when guests hotplug with active domain groups (Wim ten Have) [Orabug: 33440015] [5.7.0-30.el8] - qemuDomainSnapshotDiskPrepareOne: Fix logic of relative backing store update (Peter Krempa) [Orabug: 33086913] - qemu: Don't set NVRAM label when creating it (Michal Privoznik) [Orabug: 33319048] - qemu: protect guestCPUs from drift under vcpu guest timeouts (Wim ten Have) [Orabug: 33368490] [5.7.0-29.el8] - qemu: vCORE distribution under vNUMA host partitioning should balance guests vCPU:pCPU pinning (Wim ten Have) [Orabug: 32355455] - qemuDomainSnapshotDiskPrepareOne: Don't load the relative path with blockdev (Peter Krempa) [Orabug: 33151464] - qemu: block: Support VIR_DOMAIN_BLOCK_COMMIT/PULL/REBASE_RELATIVE with blockdev (Peter Krempa) [Orabug: 33151464] - qemu: Tell secdrivers which images are top parent (Michal Privoznik) [Orabug: 33086913] - security: Introduce VIR_SECURITY_DOMAIN_IMAGE_PARENT_CHAIN_TOP flag (Michal Privoznik) [Orabug: 33086913] [5.7.0-28.el8] - qemu_capabilities: Rework domain caps cache (Michal Privoznik) [Orabug: 32664432] - tests: fix virArchFromHost() redefine error (Joe Jin) [Orabug: 32664432] - qemu: cache host arch separately from virCapsPtr (Daniel P. Berrange) [Orabug: 32664432] - cpu.c: Check properly for virCapabilitiesGetNodeInfo() retval (Michal Privoznik) [Orabug: 32664432] - virStorageSourceParseBackingJSONRaw: Parse 'offset' and 'size' attributes (Peter Krempa) [Orabug: 32164351] - tests: qemu: Add test data for the new <slice> element (Peter Krempa) [Orabug: 32164351] - qemu: Add support for slices of type 'storage' (Peter Krempa) [Orabug: 32164351] - tests: qemublock: Add cases for creating image overlays on top of disks with <slice> (Peter Krempa) [Orabug: 32164351] - qemu: block: Properly format storage slice into backing store strings (Peter Krempa) [Orabug: 32164351] - qemu: domain: Store nodenames of slice in status XML (Peter Krempa) [Orabug: 32164351] - conf: Implement support for <slices> of disk source (Peter Krempa) [Orabug: 32164351] - docs: Document the new <slices> sub-element of disk's <source> (Peter Krempa) [Orabug: 32164351] - qemu: block: forbid creation of storage sources with <slice> (Peter Krempa) [Orabug: 32164351] - qemuDomainValidateStorageSource: Reject unsupported slices (Peter Krempa) [Orabug: 32164351] - qemuBlockStorageSourceGetFormatRawProps: format 'offset' and 'size' for slice (Peter Krempa) [Orabug: 32164351] - util: virstoragefile: Add data structure for storing storage source slices (Peter Krempa) [Orabug: 32164351] - tests: virstorage: Add test data for json specified raw image with offset/size (Peter Krempa) [Orabug: 32164351] - docs: formatdomain: Close <source> on one of disk examples (Peter Krempa) [Orabug: 32164351] - qemu: domain: Refactor formatting of node names into status XML (Peter Krempa) [Orabug: 32164351] - tests: virstorage: Add test cases for 'json:' pseudo-URI without 'file' wrapper (Peter Krempa) [Orabug: 32164351] - virStorageSourceParseBackingJSON: Prevent arbitrary nesting with format drivers (Peter Krempa) [Orabug: 32164351] - virStorageSourceParseBackingJSON: Allow 'json:' pseudo URIs without 'file' wrapper (Peter Krempa) [Orabug: 32164351] - virStorageSourceJSONDriverParser: annotate 'format' drivers (Peter Krempa) [Orabug: 32164351] - virStorageSourceParseBackingJSON: Move deflattening of json: URIs out of recursion (Peter Krempa) [Orabug: 32164351] - virStorageSourceParseBackingJSON: Pass around original backing file string (Peter Krempa) [Orabug: 32164351] - qemu: enable blockdev support (Peter Krempa) [Orabug: 32164351] - qemu: Instantiate pflash via -machine when using blockdev (Peter Krempa) [Orabug: 32164351] - qemu: command: Build the 'pflash' drives via -machine (Peter Krempa) [Orabug: 32164351] - qemu: command: Build -blockdev-s for backing of pflash (Peter Krempa) [Orabug: 32164351] - qemu: domain: Introduce helper to convert <loader> into virStorageSource (Peter Krempa) [Orabug: 32164351] - qemu: domain: Store virStorageSources representing pflash backing (Peter Krempa) [Orabug: 32164351] - qemu: command: Extract formatting of -drive for pflash (Peter Krempa) [Orabug: 32164351] - qemu: capabilities: Add detection of the 'savevm' fix for -blockdev (Peter Krempa) [Orabug: 32164351] - qemu: qapi: Add support for command features (Peter Krempa) [Orabug: 32164351] - qemu: caps: Add capability for dynamic 'auto-read-only' support for files (Peter Krempa) [Orabug: 32164351] - tests: qemucapabilities: Refresh data for unreleased qemu-4.2 on x86_64 (Peter Krempa) [Orabug: 32164351] - qemu: caps: Base support of 'backingStoreInput' domain feature on QEMU_CAPS_BLOCKDEV (Peter Krempa) [Orabug: 32164351] - docs: Document support for obeying <backingStore> of <disk> on input (Peter Krempa) [Orabug: 32164351] - conf: domcaps: Add 'backingStoreInput' domain capability (Peter Krempa) [Orabug: 32164351] - qemu: domcaps: Simplify adding new domaincaps based on qemu caps (Peter Krempa) [Orabug: 32164351] - domaincaps: Store domain capability features in an array (Peter Krempa) [Orabug: 32164351] - qemu: domcaps: Initialize all features (Peter Krempa) [Orabug: 32164351] - domcaps: Add function for initializing domain caps as unsupported (Peter Krempa) [Orabug: 32164351] - conf: domaincaps: Use virXMLFormatElement in virDomainCapsFormatFeatures (Peter Krempa) [Orabug: 32164351] - conf: domaincaps: Extract formatting of the <features> subelement (Peter Krempa) [Orabug: 32164351] - conf: domaincaps: Replace FORMAT_SINGLE macro by a function (Peter Krempa) [Orabug: 32164351] - conf: capabilities: Modernize virCapabilitiesFormatMemoryBandwidth (Peter Krempa) [Orabug: 32164351] - conf: caps: Modernize virCapabilitiesFormatCaches (Peter Krempa) [Orabug: 32164351] - conf: turn virDomainMemtuneFormat void (Peter Krempa) [Orabug: 32164351] - conf: domain: Split up formatting of <memtune> and <memoryBacking> (Peter Krempa) [Orabug: 32164351] - conf: Rename virDomainCapsFeature to virDomainProcessCapsFeature (Peter Krempa) [Orabug: 32164351] - conf: storagecaps: Fix broken attempt at being const-correct (Peter Krempa) [Orabug: 32164351] - conf: domaincaps: Fix broken attempt at being const-correct (Peter Krempa) [Orabug: 32164351] - qemu: caps: Make capability filler functions void (Peter Krempa) [Orabug: 32164351] - util: buffer: Add init macro for automatically setting child XML indent (Peter Krempa) [Orabug: 32164351] - qemu: snapshot: Fix inactive external snapshots when backing chain is present (Peter Krempa) [Orabug: 32164351] - qemu: blockjob: Transfer 'readonly' state of images after active layer block commit (Peter Krempa) [Orabug: 32164351] - qemu: command: Use XML based disk bus convertor in error message (Peter Krempa) [Orabug: 32164351] - storagefile: Fill in meta->externalDataStore (Cole Robinson) [Orabug: 32164351] - storagefile: Add externalDataStore member (Cole Robinson) [Orabug: 32164351] - storagefile: Split out virStorageSourceNewFromChild (Cole Robinson) [Orabug: 32164351] - storagefile: Don't access backingStoreRaw directly in FromBackingRelative (Cole Robinson) [Orabug: 32164351] - storagefile: Fill in meta->externalDataStoreRaw (Cole Robinson) [Orabug: 32164351] - storagefile: Add externalDataStoreRaw member (Cole Robinson) [Orabug: 32164351] - storagefile: Fix backing format \0 check (Cole Robinson) [Orabug: 32164351] - storagefile: Rename qcow2GetExtensions 'format' argument (Cole Robinson) [Orabug: 32164351] - storagefile: Rename qcow2GetBackingStoreFormat (Cole Robinson) [Orabug: 32164351] - storagefile: Push extension_end calc to qcow2GetBackingStoreFormat (Cole Robinson) [Orabug: 32164351] - storagefile: Push 'start' into qcow2GetBackingStoreFormat (Cole Robinson) [Orabug: 32164351] - storagefile: Use qcowXGetBackingStore directly (Cole Robinson) [Orabug: 32164351] - storagefile: Drop now unused isQCow2 argument (Cole Robinson) [Orabug: 32164351] - storagefile: Check version to determine if qcow2 or not (Cole Robinson) [Orabug: 32164351] - storagefile: qcow1: Let qcowXGetBackingStore fill in format (Cole Robinson) [Orabug: 32164351] - storagefile: qcow1: Fix check for empty backing file (Cole Robinson) [Orabug: 32164351] - storagefile: qcow1: Check for BACKING_STORE_OK (Cole Robinson) [Orabug: 32164351] - qemu: snapshot: Don't update current snapshot until we're done (Peter Krempa) [Orabug: 32164351] - qemu: block: Replace snapshot transaction action generator (Peter Krempa) [Orabug: 32164351] - tests: qemumonitor: Add testing for the 'transaction' command and generators (Peter Krempa) [Orabug: 32164351] - qemu: monitor: Add transaction generators for snapshot APIs (Peter Krempa) [Orabug: 32164351] - qemu: monitor: Add transaction generators for dirty bitmap APIs (Peter Krempa) [Orabug: 32164351] - tests: qemucapabilities: fix 4.2.0 qemucapabilities (Joe Jin) [Orabug: 32164351] - qemu: checkpoint: Do ACL check prior to snapshot interlocking (Peter Krempa) [Orabug: 32164351] - qemu: driver: Remove misplaced qemuDomainObjEndJob in qemuDomainCheckpointGetXMLDesc (Peter Krempa) [Orabug: 32164351] - conf: Drop pointless 'domain' argument from virDomainSnapshotRedefinePrep (Peter Krempa) [Orabug: 32164351] - conf: Drop pointless 'domain' argument from virDomainCheckpointRedefinePrep (Peter Krempa) [Orabug: 32164351] - tests: qemucapabilities: Update caps of qemu-4.1 to released version (Peter Krempa) [Orabug: 32164351] - tests: add qemu capabilities data for qemu 4.2 (Peter Krempa) [Orabug: 32164351] - lxc: fix compile error (Joe Jin) [Orabug: 32164351] - qemu: driver: Remove QEMU_ADD_BLOCK_PARAM_LL macro (Peter Krempa) [Orabug: 32164351] - qemu: driver: Don't return anything from qemuDomainBlockStatsGatherTotals (Peter Krempa) [Orabug: 32164351] - qemu: driver: Remove pointless macro QEMU_BLOCK_STAT_TOTAL (Peter Krempa) [Orabug: 32164351] - qemu: monitor: Change fields in qemuBlockStats to 'unsigned' (Peter Krempa) [Orabug: 32164351] - qemu: monitor: Refactor cleanup in qemuMonitorJSONGetAllBlockStatsInfo (Peter Krempa) [Orabug: 32164351] - qemu: monitor: Refactor cleanup in qemuMonitorJSONGetOneBlockStatsInfo (Peter Krempa) [Orabug: 32164351] - qemu: monitor: Refactor cleanup in qemuMonitorJSONBlockStatsCollectData (Peter Krempa) [Orabug: 32164351] - qemu: Remove stale comment for qemuDomainBlockStats (Peter Krempa) [Orabug: 32164351] - qemu_blockjob: Remove secdriver metadata for whole backing chain on job completion (Michal Privoznik) [Orabug: 32164351] - qemu: hotplug: Use VIR_AUTOFREE() instead VIR_FREE for strings (Daniel Henrique Barboza) [Orabug: 32164351] - qemu: snapshot: Do ACL check prior to checkpoint interlocking (Peter Krempa) [Orabug: 32164351] - qemuCheckDiskConfigAgainstDomain: Validate disk's SCSI address iff disk is SCSI (Xu Yandong) [Orabug: 32164351] - qemuSharedDeviceEntryRemove: Free domain name before VIR_DELETE_ELEMENT (Xu Yandong) [Orabug: 32164351] - qemu_capabilities: Temporarily disable dbus-vmstate capability (Michal Privoznik) [Orabug: 32164351] - Revert 'qemu: add socket datagram capability' (Michal Privoznik) [Orabug: 32164351] - tests: qemustatusxml2xml: Fix disk target mess (Peter Krempa) [Orabug: 32164351] - snapshot: Store both config and live XML in the snapshot domain (Maxiwell S. Garcia) [Orabug: 32164351] - qemu: formatting XML from domain def choosing the root name (Maxiwell S. Garcia) [Orabug: 32164351] - qemu: Don't leak domain def when RevertToSnapshot fails (Jiri Denemark) [Orabug: 32164351] - qemu: Fix regression in snapshot-revert (Eric Blake) [Orabug: 32164351] - lib: Define and use autofree for virConfPtr (Michal Privoznik) [Orabug: 32164351] - qemu_conf: Use more of VIR_AUTOUNREF() (Michal Privoznik) [Orabug: 32164351] - qemu_conf: Use more of VIR_AUTOFREE() (Michal Privoznik) [Orabug: 32164351] - qemu_conf: Drop a pair of needless 'cleanup' labels (Michal Privoznik) [Orabug: 32164351] - virhostdev: Don't unref @pcidevs twice (Michal Privoznik) [Orabug: 32164351] - qemu_conf.c: introduce qemuAddRemoveSharedDeviceInternal (Daniel Henrique Barboza) [Orabug: 32164351] - qemu_conf.c: introduce qemuAddRemoveSharedDiskInternal (Daniel Henrique Barboza) [Orabug: 32164351] - qemu_conf.c: introduce qemuAddRemoveSharedHostdevInternal (Daniel Henrique Barboza) [Orabug: 32164351] - remote: fix UNIX socket path being incorrectly built for libvirtd (eater) [Orabug: 32164351] - lib: Grab write lock when modifying list of domains (Michal Privoznik) [Orabug: 32164351] - qemu: reset VM id after external devices stop (Marc-Andre Lureau) [Orabug: 32164351] - qemu: add dbus-vmstate capability (Marc-Andre Lureau) [Orabug: 32164351] - qemu: add socket datagram capability (Marc-Andre Lureau) [Orabug: 32164351] - tests: fix xml2xml tpm-emulator.xml test (Marc-Andre Lureau) [Orabug: 32164351] - qemu: migration: Switch to blockdev mode for non-shared storage migration (Peter Krempa) [Orabug: 32164351] - qemu: migration: Refactor cleanup in qemuMigrationSrcNBDStorageCopy (Peter Krempa) [Orabug: 32164351] - qemu: migration: Refactor cleanup in qemuMigrationSrcNBDStorageCopyBlockdev (Peter Krempa) [Orabug: 32164351] - qemu: Defer support checks for external active snapshots to blockdev code or qemu (Peter Krempa) [Orabug: 32164351] - qemu: Add -blockdev support for external snapshots (Peter Krempa) [Orabug: 32164351] - qemu: snapshot: Skip overlay file creation/interogation if unsupported (Peter Krempa) [Orabug: 32164351] - qemu: Merge use of 'reuse' flag in qemuDomainSnapshotDiskPrepareOne (Peter Krempa) [Orabug: 32164351] - qemu: Disband qemuDomainSnapshotCreateSingleDiskActive (Peter Krempa) [Orabug: 32164351] - qemu: snapshot: Rename external disk snapshot handling functions (Peter Krempa) [Orabug: 32164351] - qemu: snapshot: Move error preservation to qemuDomainSnapshotDiskDataCleanup (Peter Krempa) [Orabug: 32164351] - qemu: snapshot: Save status and config XMLs only on success (Peter Krempa) [Orabug: 32164351] - qemu: snapshot: Fix image lock handling when taking a snapshot (Peter Krempa) [Orabug: 32164351] - qemu: driver: Fix shallow non-reuse block copy (Peter Krempa) [Orabug: 32164351] - qemu: Explicitly pass backing store to qemuBuildStorageSourceChainAttachPrepareBlockdevTop (Peter Krempa) [Orabug: 32164351] - qemu: block: explicitly pass backing store to qemuBlockStorageSourceAttachPrepareBlockdev (Peter Krempa) [Orabug: 32164351] - qemu: command: Refactor qemuBuildStorageSourceChainAttachPrepareBlockdevInternal (Peter Krempa) [Orabug: 32164351] - qemu: block: Explicitly specify backingStore when creating format layer props (Peter Krempa) [Orabug: 32164351] - qemu: block: Unify conditions to format backing store of format node definition (Peter Krempa) [Orabug: 32164351] - qemu: Prevent storage causing too much nested XML (Peter Krempa) [Orabug: 32164351] - qemu: domain: Refactor cleanup in qemuDomainDetermineDiskChain (Peter Krempa) [Orabug: 32164351] - qemu: hotplug: Setup disk throttling with blockdev (Peter Krempa) [Orabug: 32164351] - qemu: hotplug: Use VIR_AUTOFREE in qemuDomainAttachDiskGeneric (Peter Krempa) [Orabug: 32164351] - qemu: hotplug: Simplify cleanup in qemuDomainChangeMediaLegacy (Peter Krempa) [Orabug: 32164351] - qemu: Fix qemuDomainObjTaint with virtlogd (Jiri Denemark) [Orabug: 32164351] - qemu: monitor: Fix formatting of 'offset' in qemuMonitorJSONSaveMemory (Peter Krempa) [Orabug: 32164351] - tests: qemublock: Use bigger numbers as dummy capacity/physical (Peter Krempa) [Orabug: 32164351] - qemu: block: Use correct type when creating image size JSON entries (Peter Krempa) [Orabug: 32164351] - Exadata: protect vNUMA/SMT from artificially injected faults (Wim ten Have) [Orabug: 32708041] - virnetserver: fix some memory leaks in virNetTLSContextReloadForServer (Jin Yan) - virt-admin: Introduce command srv-update-tls (Zhang Bo) [Orabug: 32768102] - admin: Introduce virAdmServerUpdateTlsFiles (Zhang Bo) [Orabug: 32768102] - tls: Add a mutex lock on 'tlsCtxt' (Zhang Bo) [Orabug: 32768102] - virnetserver: Introduce virNetServerUpdateTlsFiles (Zhang Bo) [Orabug: 32768102] [5.7.0-27.el8] - Exadata: protect libvirt hugepage acquisition from QEMU async init (Wim ten Have) [Orabug: 32561685] [5.7.0-26.el8] - exadata: Fix autonomous hugepage acquisition barrier hang (Wim ten Have) [Orabug: 32537538] - exadata: Fix CPU Packing when out of pCPUs (Wim ten Have) [Orabug: 32527311] [5.7.0-25.el8] - exadata: force a host CPUs reserved pCPU threshold (Wim ten Have) [Orabug: 32516090] [5.7.0-24.el8] - exadata: Add configurable libvirtd mlockall support (Wim ten Have) [Orabug: 32479237] - exadata: hint a configurable number of memory init threads to qemu (Wim ten Have) [Orabug: 32460334] - Exadata: domain group should allow for asymmetric creation (Wim ten Have) [Orabug: 32060622] [5.7.0-23.el8] - util: remove unneeded cleanup labels (Wim ten Have) [Orabug: 32399255] - virnuma: Don't work around numa_node_to_cpus() for non-existent nodes (Wim ten Have) [Orabug: 32379098] [5.7.0-22.el8] - build: add dependency to help patch tooling (Menno Lageman) [Orabug: 32284540] - Exadata: fix active guest dgroup-delete requests (Wim ten Have) [Orabug: 32095306] - Exadata: fix a rogue Domain Groups dgroup-undefine flaw (Wim ten Have) [Orabug: 31945084] [2.7.0-21.el8] - exadata: Fix the validation when defining domain groups (Wim ten Have) [Orabug: 32085856] - qemu: improve error message when guest vcpu count exceeds domain group limit (Menno Lageman) [Orabug: 31985111] - qemu: Autonomous hugepage acquisition for 2-MiB and 1-GiB guest memoryBacking (Wim ten Have) - qemu: Fix a qemuMemReleaseHostHugepages state error (Wim ten Have) [Orabug: 32069203] - qemu: avoid guest CPU process handling if exadataConfig is disabled (Wim ten Have) [Orabug: 32053696] - domain_conf: Relax SCSI addr used check (Michal Privoznik) [Orabug: 31386162] - domain_conf: Make virDomainDeviceFindSCSIController accept virDomainDeviceDriveAddress struct (Michal Privoznik) [Orabug: 31386162] - qemu: remove use of qemuDomainObjBeginJobWithAgent() (Jonathon Jongsma) [Orabug: 31990187] {CVE-2019-20485} - qemu: agent: set ifname to NULL after freeing (Jan Tomko) [Orabug: 31964426] {CVE-2020-25637} - rpc: require write acl for guest agent in virDomainInterfaceAddresses (Jan Tomko) [Orabug: 31964426] {CVE-2020-25637} - rpc: add support for filtering @acls by uint params (Jan Tomko) [Orabug: 31964426] {CVE-2020-25637} - rpc: gendispatch: handle empty flags (Jan Tomko) [Orabug: 31964426] {CVE-2020-25637} [5.7.0-19.el8] - qemu: Verify use of hugepages when releasing its acquired status (Wim ten Have) [Orabug: 31839035] - qemu: Autonomous hugepages acquisition and release (Wim ten Have) [Orabug: 31367986] [5.7.0-17.el8] - qemu: Fix cpu boundary checks when starting or configuring guest domains. (Wim ten Have) [Orabug: 31469231] - libvirt: Allocate max possible CPUs for QEMU to prepare guest memory (Wim ten Have) [Orabug: 31064560] [5.7.0-16.el8] - qemu: format 'x-aw-bits' on intel-iommu command line (Menno Lageman) - qemu: format address wdith on intel-iommu command line (Menno Lageman) - conf: add address width attribute to iommu (Menno Lageman) - tests: add tests for host-phys-bits KVM feature (Menno Lageman) [Orabug: 31354547] - qemu: support host-phys-bits KVM feature (Menno Lageman) [Orabug: 31374547] - storage: Fix daemon crash on lookup storagepool by targetpath (Yi Li) [Orabug: 31439483] {CVE-2020-10703} [5.7.0-15.el8] - qemu: Escape the qemu driver systemd DOT hoax (Wim ten Have) [Orabug: 31380815] [5.7.0-14.el8] - vmx: make 'fileName' optional for CD-ROMs (Pino Toscano) [Orabug: 31350200] - vmx: shortcut earlier few 'ignore' cases in virVMXParseDisk() (Pino Toscano) [Orabug: 31350200] - domain group: Fix a potential SEGV while restoring guest domains (Wim ten Have) [Orabug: 31285615] - cpu_map: Distinguish Cascadelake-Server from Skylake-Server (Jiri Denemark) [Orabug: 31214897] - cpu_map: Add more -noTSX x86 CPU models (Christian Ehrhardt) [Orabug: 31214897] - qemuDomainGetStatsIOThread: Don't leak array with 0 iothreads (Peter Krempa) [Orabug: 31251756] {CVE-2020-12430} [5.7.0-13.el8] - domain groups: Fix multiple Domain Group vCPU administration flaws (Wim ten Have) [Orabug: 31145304] - qemu: fix missing #if defined(ENABLE_EXADATA) (Menno Lageman) - build: Fix qemu-submodule-init syntax-check issue (Wim ten Have) - libvirt: Fix various introduced Fedora/RHEL build violations (Wim ten Have) [Orabug: 31143337] - qemu: don't hold both jobs for suspend (Jonathon Jongsma) [Orabug: 31073098] {CVE-2019-20485} - domain groups: qemu driver error refers to pCPUs instead of vCPUs (Wim ten Have) [Orabug: 31075757] - node_device_conf: Don't leak @physical_function in virNodeDeviceGetPCISRIOVCaps (Jiang Kun) [Orabug: 31070337] [5.7.0-12.el8] - libvirt: vNUMA automatic host paritioning allows erroneous vcpu settings (Wim ten Have) [Orabug: 31050313] - remote: do not stop libvirtd after period of inactivity (Menno Lageman) [Orabug: 31003707] - remote: do not use socket activation by default (Menno Lageman) [Orabug: 31003707] - qemu driver: handle targetNode under memory hot-plug operations (Wim ten Have) [Orabug: 31009716] - domain groups: refresh dgbase host capabilities prior to defining a new group (Wim ten Have) [Orabug: 31026069] - domain groups: Always cleanup system.slice controlled hugepage reservations (Wim ten Have) [Orabug: 31025853] - domain groups: Enable DGs upon fresh groups arrival (Wim ten Have) [Orabug: 31021247] - domain groups: Skip undefined domain groups when validating lists (Wim ten Have) [Orabug: 31030117] [5.7.0-11.el8] - domain groups: Add functionality to control NUMA node alignment (Wim ten Have) [Orabug: 30988105] - domain groups: A rename should always update active and config domain definitions (Wim ten Have) [Orabug: 30999730] [5.7.0-10.el8] - domain groups: refresh dgbase depending host capabilities before rendering the cpuguestmask (Wim ten Have) [Orabug: 30987361] - conf: domain group validation errors should print correct group info (Menno Lageman) [Orabug: 30988428] - qemu: reserve hugepages when memoryBacking when live attaching memory (Wim ten Have) [Orabug: 30985510] - domain groups: avoid virDomainGroupInit if exadataConfig is disabled (Wim ten Have) [Orabug: 30985907] [5.7.0-9.el8] - vNUMA: distinguish standard and vNUMA memory 'setmaxmem' operations (Wim ten Have) [Orabug: 30894536] [5.7.0-8.el8] - domain groups: End Of BETA (Wim ten Have) - domaingroups: ExaData Domain Groups POC (Wim ten Have) - domaingroup: preliminary virsh support for domain groups - drop #4 (Menno Lageman) - tests: add various tests to exercise vNUMA host partitioning (Wim ten Have) [Orabug: 29720293] - qemu: driver changes for new vNUMA Host and Nodeset partitioning (Wim ten Have) [Orabug: 29720293] - XML definitions for guest vNUMA and parsing routines (Wim ten Have) [Orabug: 29720293] - Revert 'exadata: can not configure shared memory hosted disk devices for vhostmd.service' (Menno Lageman) - qemu: Forcibly mknod() even if it exists (Michal Privoznik) [5.7.0-5.el8] - exadata: can not configure shared memory hosted disk devices for vhostmd.service (Menno Lageman) [Orabug: 30598065] [5.7.0-4.el8] - build: skip copyright check for gnulib (Menno Lageman) - Revert 'network: pull global chain init into separate method' (Menno Lageman) [Orabug: 30611188] - Revert 'network: add more debugging of firewall chain creation' (Menno Lageman) [Orabug: 30611188] - Revert 'network: delay global firewall setup if no networks are running' (Menno Lageman) [Orabug: 30611188] - qemu-submodule-init: Add Git submodule init script (Karl Heubaum) [Orabug: 30796221] [5.7.0-3.el8] - Add VMware esx support (Menno Lageman) [Orabug: 30449929] [5.7.0-2.el8] - enable VMware hypervisor driver libvirt-dbus [1.3.0-2.el8] - Resolves: bz#2000225 (Rebase virt:rhel module:stream based on AV-8.6) [1.3.0] - Resolves: bz#1810193 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release) [1.2.0-3] - Rebuild all virt packages to fix RHEL's upgrade path - Resolves: rhbz#1695587 (Ensure modular RPM upgrade path) [1.2.0-2] - util: fix virtDBusUtilDecodeUUID (rhbz#1647823) [1.2.0-1] - Rebased to libvirt-dbus-1.2.0 (rhbz#1630196) [1.0.0-1] - Rebase from Fedora libvirt-python [7.10.0-4.el8] - Update version number to match libvirt 7.10.0-4 (Karl Heubaum) [7.10.0-3.el8] - Update version number to match libvirt 7.10.0-3 (Karl Heubaum) [7.10.0-2.el8] - Update version number to match libvirt 7.10.0-2 (Karl Heubaum) [7.10.0-1.el8] - Update to 7.10.0 release (Karl Heubaum) [7.9.0] - Update to 7.9.0 release (Karl Heubaum) nbdkit [1.24.0-4] - Fix build on RHEL 8.6 with qemu >= 6.1 resolves: rhbz#2045945 [1.24.0-3] - Fix CVE-2021-3716 NBD_OPT_STRUCTURED_REPLY injection on STARTTLS resolves: rhbz#1994915 [1.24.0-2] - Fix data corruption in zero and trim on unaligned tail resolves: rhbz#1990135 [1.24.0-1.el8] - Resolves: bz#2000225 (Rebase virt:rhel module:stream based on AV-8.6) [1.16.2] - Resolves: bz#1810193 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release) [1.16.2] - Resolves: bz#1810193 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release) [1.4.2-5] - Rebuild all virt packages to fix RHEL's upgrade path - Resolves: rhbz#1695587 (Ensure modular RPM upgrade path) [1.4.2-4] - Remove misguided LDFLAGS hack which removed server hardening. https://bugzilla.redhat.com/show_bug.cgi?id=1624149#c6 resolves: rhbz#1624149 [1.4.2-3] - Use platform-python resolves: rhbz#1659159 [1.4.2-2] - Add Enhanced Python error reporting resolves: rhbz#1614750. - Use copy-patches.sh script. [1.4.2-1] - New stable version 1.4.2. [1.4.1-3] - Enable VDDK plugin on x86-64 only. [1.4.1-1] - New upstream version 1.4.1. - Small refactorings in the spec file. [1.4.0-1] - New upstream version 1.4.0. - New plugins: random, zero. - New bash tab completion subpackage. - Remove unused build dependencies. [1.2.4-3] - Add all upstream patches since 1.2.4 was released. [1.2.4-2] - Add all upstream patches since 1.2.4 was released. [1.2.4-2] - Disable plugins and filters that we do not want to ship in RHEL 8. [1.2.4-1] - New stable version 1.2.4. - Remove upstream patches. - Enable tarball signatures. - Add upstream patch to fix tests when guestfish not available. [1.2.3-1] - New stable version 1.2.3. - Add patch to work around libvirt problem with relative socket paths. - Add patch to fix the xz plugin test with recent guestfish. [1.2.2-1] - New stable version 1.2.2. [1.2.1-1] - New stable version 1.2.1. [1.2.0-1] - Move to stable branch version 1.2.0. [1.1.28-5] - Escape macros in %changelog [1.1.28-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [1.1.28-3] - Switch to %ldconfig_scriptlets [1.1.28-2] - Run a simplified test suite on all arches. [1.1.28-1] - New upstream version 1.1.28. - Add two new filters to nbdkit-basic-filters. [1.1.27-2] - Rebuilt for switch to libxcrypt [1.1.27-1] - New upstream version 1.1.27. - Add new subpackage nbdkit-basic-filters containing new filters. [1.1.26-2] - Rebuild against updated Ruby. [1.1.26-1] - New upstream version 1.1.26. - Add new pkg-config file and dependency. [1.1.25-1] - New upstream version 1.1.25. [1.1.24-1] - New upstream version 1.1.24. - Add tar plugin (new subpackage nbdkit-plugin-tar). [1.1.23-1] - New upstream version 1.1.23. - Add example4 plugin. - Python3 tests require libguestfs so disable on s390x. [1.1.22-1] - New upstream version 1.1.22. - Enable tests on Fedora. [1.1.20-1] - New upstream version 1.1.20. - Add nbdkit-split-plugin to basic plugins. [1.1.19-2] - OCaml 4.06.0 rebuild. [1.1.19-1] - New upstream version 1.1.19. - Combine all the simple plugins in %{name}-basic-plugins. - Add memory and null plugins. - Rename the example plugins subpackage. - Use %license instead of %doc for license file. - Remove patches now upstream. [1.1.18-4] - Fix Python 3 builds / RHEL macros (RHBZ#1404631). [1.1.18-3] - New upstream version 1.1.18. - Add NBD forwarding plugin. - Add libselinux-devel so that SELinux support is enabled in the daemon. - Apply all patches from upstream since 1.1.18. [1.1.16-2] - New upstream version 1.1.16. - Disable python3 plugin on RHEL/EPEL <= 7. - Only ship on x86_64 in RHEL/EPEL <= 7. [1.1.15-1] - New upstream version 1.1.15. - Enable TLS support. [1.1.14-1] - New upstream version 1.1.14. [1.1.13-1] - New upstream version 1.1.13. - Remove patches which are all upstream. - Remove grubby hack, should not be needed with modern supermin. [1.1.12-13] - Rebuild for OCaml 4.05.0. [1.1.12-12] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [1.1.12-11] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [1.1.12-10] - Rebuild for OCaml 4.04.2. [1.1.12-9] - Perl 5.26 rebuild [1.1.12-8] - Rebuild for OCaml 4.04.1. [1.1.12-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [1.1.12-6] - Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_2.4 [1.1.12-5] - Rebuild for Python 3.6 update. [1.1.12-4] - Fix python3 subpackage so it really uses python3 (RHBZ#1404631). [1.1.12-3] - Rebuild for OCaml 4.04.0. [1.1.12-2] - Compile Python 2 and Python 3 versions of the plugin. [1.1.12-1] - New upstream version 1.1.12 - Enable Ruby plugin. - Disable tests on Rawhide because libvirt is broken again (RHBZ#1344016). [1.1.11-10] - Add another upstream patch since 1.1.11. [1.1.11-9] - Add all patches upstream since 1.1.11 (fixes RHBZ#1336758). [1.1.11-7] - Perl 5.24 rebuild [1.1.11-6] - When tests fail, dump out test-suite.log so we can debug it. [1.1.11-5] - Don't run tests on x86, because kernel is broken there (https://bugzilla.redhat.com/show_bug.cgi?id=1302071) [1.1.11-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [1.1.11-3] - Add support for newstyle NBD protocol (RHBZ#1297100). [1.1.11-1] - New upstream version 1.1.11. [1.1.10-3] - OCaml 4.02.3 rebuild. [1.1.10-2] - Enable libguestfs plugin on aarch64. [1.1.10-1] - New upstream version. - Enable now working OCaml plugin (requires OCaml >= 4.02.2). [1.1.9-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [1.1.9-5] - Perl 5.22 rebuild [1.1.9-4] - Enable debugging messages when running make check. [1.1.9-3] - Perl 5.22 rebuild [1.1.9-2] - New upstream version 1.1.9. - Add the streaming plugin. - Include fix for streaming plugin in 1.1.9. [1.1.8-4] - Rebuild for updated Perl in Rawhide. - Workaround for broken libvirt (RHBZ#1138604). [1.1.8-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild [1.1.8-1] - New upstream version 1.1.8. - Add support for cURL, and new nbdkit-plugin-curl package. [1.1.7-1] - New upstream version 1.1.7. - Remove patches which are now all upstream. [1.1.6-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [1.1.6-4] - libguestfs is available only on selected arches [1.1.6-3] - Backport some upstream patches, fixing a minor bug and adding more tests. - Enable the tests since kernel bug is fixed. [1.1.6-1] - New upstream version 1.1.6. [1.1.5-2] - New upstream version 1.1.5. - Enable the new Python plugin. - Perl plugin man page moved to section 3. - Perl now requires ExtUtils::Embed. [1.1.4-1] - New upstream version 1.1.4. - Enable the new Perl plugin. [1.1.3-1] - New upstream version 1.1.3 which fixes some test problems. - Disable tests because Rawhide kernel is broken (RHBZ#991808). - Remove a single quote from description which confused emacs. - Remove patch, now upstream. [1.1.2-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild [1.1.2-3] - Fix segfault when IPv6 client is used (RHBZ#986601). [1.1.2-2] - New development version 1.1.2. - Disable the tests on Fedora <= 18. [1.1.1-1] - New development version 1.1.1. - Add libguestfs plugin. - Run the test suite. [1.0.0-4] - Initial release. netcf perl-Sys-Virt [6.0.0] - Resolves: bz#1810193 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release) [4.5.0-5] - Rebuild all virt packages to fix RHEL's upgrade path - Resolves: rhbz#1695587 (Ensure modular RPM upgrade path) [4.5.0-4] - Fix typed parameter memory handling (rhbz #1602346) - Fix missing NWFilterBinding module (rhbz #1615841) [4.5.0-3] - Included BuildRequire: git to fix a building issue [4.5.0-2] - Fix typed parameter memory handling (rhbz#1602346) [4.5.0-1] - Update to 4.5.0 release [4.4.0-2] - Perl 5.28 rebuild [4.2.0-1] - Update to 4.2.0 release [4.1.0-1] - Update to 4.1.0 release [4.0.0-3] - Add build-require gcc [4.0.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [4.0.0-1] - Update to 4.0.0 release [3.9.1-1] - Update to 3.9.1 release [3.9.0-1] - Update to 3.9.0 release [3.8.0-1] - Update to 3.8.0 release [3.7.0-1] - Update to 3.7.0 release [3.5.0-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [3.5.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [3.5.0-1] - Update to 3.5.0 release [3.4.0-2] - Perl 5.26 rebuild [3.4.0-1] - Update to 3.4.0 release [3.3.0-1] - Update to 3.3.0 release [3.2.0-1] - Update to 3.2.0 release [3.1.0-1] - Update to 3.1.0 release [3.0.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [3.0.0-1] - Update to 3.0.0 release [2.5.0-1] - Update to 2.5.0 release [2.4.0-1] - Update to 2.4.0 release [2.3.0-1] - Update to 2.3.0 release [2.2.0-1] - Update to 2.2.0 release [2.1.0-1] - Update to 2.1.0 release [2.0.0-1] - Update to 2.0.0 release [1.3.5-1] - Update to 1.3.5 release [1.3.4-2] - Perl 5.24 rebuild [1.3.4-1] - Update to 1.3.4 release [1.3.3-1] - Update to 1.3.3 release [1.3.2-1] - Update to 1.3.2 release [1.3.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [1.3.1-1] - Update to 1.3.1 release qemu-kvm [6.1.1-9.el8] - Document CVEs (Mark Kanda) {CVE-2023-4135} {CVE-2023-40360} {CVE-2024-26328} {CVE-2023-42467} {CVE-2024-26327} {CVE-2024-3567} - hw/sd/sdhci: Do not update TRNMOD when Command Inhibit (DAT) is set (Philippe Mathieu-Daude) [Orabug: 36858718] {CVE-2024-3447} - hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs (Philippe Mathieu-Daude) [Orabug: 36878301] {CVE-2024-3446} - hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs (Philippe Mathieu-Daude) [Orabug: 36878301] {CVE-2024-3446} - hw/display/virtio-gpu: Protect from DMA re-entrancy bugs (Philippe Mathieu-Daude) [Orabug: 36878301] {CVE-2024-3446} - hw/virtio: Introduce virtio_bh_new_guarded() helper (Philippe Mathieu-Daude) [Orabug: 36878301] {CVE-2024-3446} - ui/clipboard: add asserts for update and request (Fiona Ebner) [Orabug: 36858698] {CVE-2023-6683} - ui/clipboard: mark type as not available when there is no data (Fiona Ebner) [Orabug: 36858698] {CVE-2023-6683} - virtio-net: correctly copy vnet header when flushing TX (Jason Wang) [Orabug: 36858734] {CVE-2023-6693} - esp: restrict non-DMA transfer length to that of available data (Mark Cave-Ayland) [Orabug: 36858704] {CVE-2024-24474} - tests/qtest: ahci-test: add test exposing reset issue with pending callback (Fiona Ebner) [Orabug: 36858692] {CVE-2023-5088} - hw/ide: reset: cancel async DMA operation before resetting state (Fiona Ebner) [Orabug: 36858692] {CVE-2023-5088} - net: Update MemReentrancyGuard for NIC (Akihiko Odaki) [Orabug: 36858836] {CVE-2023-3019} - net: Provide MemReentrancyGuard * to qemu_new_nic() (Akihiko Odaki) [Orabug: 36858836] {CVE-2023-3019} - lsi53c895a: disable reentrancy detection for MMIO region, too (Thomas Huth) [Orabug: 36858811] {CVE-2021-3750} - memory: stricter checks prior to unsetting engaged_in_io (Alexander Bulekov) [Orabug: 36858811] {CVE-2021-3750} - async: avoid use-after-free on re-entrancy guard (Alexander Bulekov) [Orabug: 36858811] {CVE-2021-3750} - apic: disable reentrancy detection for apic-msi (Alexander Bulekov) [Orabug: 36858811] {CVE-2021-3750} - raven: disable reentrancy detection for iomem (Alexander Bulekov) [Orabug: 36858811] {CVE-2021-3750} - bcm2835_property: disable reentrancy detection for iomem (Alexander Bulekov) [Orabug: 36858811] {CVE-2021-3750} - lsi53c895a: disable reentrancy detection for script RAM (Alexander Bulekov) [Orabug: 36858811] {CVE-2021-3750} - hw: replace most qemu_bh_new calls with qemu_bh_new_guarded (Alexander Bulekov) [Orabug: 36858811] {CVE-2021-3750} - checkpatch: add qemu_bh_new/aio_bh_new checks (Alexander Bulekov) [Orabug: 36858811] {CVE-2021-3750} - async: Add an optional reentrancy guard to the BH API (Alexander Bulekov) [Orabug: 36858811] {CVE-2021-3750} - memory: prevent dma-reentracy issues (Alexander Bulekov) [Orabug: 36858811] {CVE-2021-3750} - qga/win32: Use rundll for VSS installation (Konstantin Kostiuk) [Orabug: 36858681] {CVE-2023-0664} - qga/win32: Remove change action from MSI installer (Konstantin Kostiuk) [Orabug: 36858681] {CVE-2023-0664} - hw/display/ati_2d: Fix buffer overflow in ati_2d_blt (CVE-2021-3638) (Philippe Mathieu-Daude) [Orabug: 36858674] {CVE-2021-3638} - async: clarify usage of barriers in the polling case (Paolo Bonzini) [Orabug: 35871051] - async: update documentation of the memory barriers (Paolo Bonzini) [Orabug: 35871051] - physmem: add missing memory barrier (Paolo Bonzini) [Orabug: 35871051] - qemu-coroutine-lock: add smp_mb__after_rmw() (Paolo Bonzini) [Orabug: 35871051] - aio-wait: switch to smp_mb__after_rmw() (Paolo Bonzini) [Orabug: 35871051] - edu: add smp_mb__after_rmw() (Paolo Bonzini) [Orabug: 35871051] - qemu-thread-win32: cleanup, fix, document QemuEvent (Paolo Bonzini) [Orabug: 35871051] - qemu-thread-posix: cleanup, fix, document QemuEvent (Paolo Bonzini) [Orabug: 35871051] - qatomic: add smp_mb__before/after_rmw() (Paolo Bonzini) [Orabug: 35871051] - aio_wait_kick: add missing memory barrier (Emanuele Giuseppe Esposito) [Orabug: 35871051] [6.1.1-8.el8] - kvm: Atomic memslot updates (David Hildenbrand) [Orabug: 35822587] - KVM: keep track of running ioctls (Emanuele Giuseppe Esposito) [Orabug: 35822587] - accel: introduce accelerator blocker API (Emanuele Giuseppe Esposito) [Orabug: 35822587] - dump: kdump-zlib data pages not dumped with pvtime/aarch64 (Dongli Zhang) [Orabug: 35775461] - target/i386: properly reset TSC on reset (Paolo Bonzini) [Orabug: 35767315] [6.1.1-7.el8] - CVE-2023-4135 is not applicable to Oracle QEMU 6.1.1 (Karl Heubaum) [Orabug: 35752193] {CVE-2023-4135} - virtio-crypto: verify src&dst buffer length for sym request (zhenwei pi) [Orabug: 35752194] {CVE-2023-3180} - ui/vnc-clipboard: fix infinite loop in inflate_buffer (CVE-2023-3255) (Mauro Matteo Cascella) [Orabug: 35752186] {CVE-2023-3255} - io: remove io watch if TLS channel is closed during handshake (Daniel P. Berrange) [Orabug: 35752182] {CVE-2023-3354} - 9pfs: prevent opening special files (CVE-2023-2861) (Christian Schoenebeck) [Orabug: 35752178] {CVE-2023-2861} - hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330) (Thomas Huth) [Orabug: 35752171] {CVE-2023-0330} - hw: Add compat machines for 6.2 (Yanan Wang) [Orabug: 35646490] - vhost-vdpa: do not cleanup the vdpa/vhost-net structures if peer nic is present (Ani Sinha) [Orabug: 35662843] {CVE-2023-3301} - dump: fix kdump to work over non-aligned blocks (Marc-Andre Lureau) [Orabug: 35557771] - dump: simplify a bit kdump get_next_page() (Marc-Andre Lureau) [Orabug: 35557771] - dump: Remove is_zero_page() (Juan Quintela) [Orabug: 35557771] - qmp-regdump: use QMP command 'query-cpus-fast' (Mark Kanda) [Orabug: 34510460] - i386: do kvm_put_msr_feature_control() first thing when vCPU is reset (Vitaly Kuznetsov) [Orabug: 34319512] - i386: reset KVM nested state upon CPU reset (Vitaly Kuznetsov) [Orabug: 34319512] [6.1.1-6.el8] - CVE-2023-1544 is not applicable to Oracle QEMU 6.1.1 (Karl Heubaum) [Orabug: 35305727] {CVE-2023-1544} - virtio-gpu: do not byteswap padding (Paolo Bonzini) [Orabug: 35304723] - KVM: x86: workaround invalid CPUID[0xD,9] info on some AMD processors (Paolo Bonzini) [Orabug: 35241527] - qemu-kvm.spec: fix Linux io_uring support (Mark Kanda) [Orabug: 35265200] - hw/intc/ioapic: Update KVM routes before redelivering IRQ, on RTE update (David Woodhouse) [Orabug: 35219290] [6.1.1-5.el8] - hw/pvrdma: Protect against buggy or malicious guest driver (Yuval Shaia) [Orabug: 35064352] {CVE-2022-1050} - hw/display/qxl: Assert memory slot fits in preallocated MemoryRegion (Philippe Mathieu-Daude) [Orabug: 35060182] - hw/display/qxl: Avoid buffer overrun in qxl_phys2virt (CVE-2022-4144) (Philippe Mathieu-Daude) [Orabug: 35060182] {CVE-2022-4144} - hw/display/qxl: Pass requested buffer size to qxl_phys2virt() (Philippe Mathieu-Daude) [Orabug: 35060182] - hw/display/qxl: Document qxl_phys2virt() (Philippe Mathieu-Daude) [Orabug: 35060182] - hw/display/qxl: Have qxl_log_command Return early if no log_cmd handler (Philippe Mathieu-Daude) [Orabug: 35060182] - ui/vnc-clipboard: fix integer underflow in vnc_client_cut_text_ext (Mauro Matteo Cascella) [Orabug: 35060115] {CVE-2022-3165} - hw/arm/virt: build SMBIOS 19 table (Mihai Carabas) - vl: Add an -action option to override MCE handling (Mark Kanda) [Orabug: 34779160] - hw/acpi/erst.c: Fix memory handling issues (Christian A. Ehrhardt) [Orabug: 34779541] {CVE-2022-4172} - target/i386: kvm: do not access uninitialized variable on older kernels (Paolo Bonzini) [Orabug: 34492975] - x86: Support XFD and AMX xsave data migration (Zeng Guang) [Orabug: 34492975] - x86: add support for KVM_CAP_XSAVE2 and AMX state migration (Jing Liu) [Orabug: 34492975] - x86: Add AMX CPUIDs enumeration (Jing Liu) [Orabug: 34492975] - x86: Add XFD faulting bit for state components (Jing Liu) [Orabug: 34492975] - x86: Grant AMX permission for guest (Yang Zhong) [Orabug: 34492975] - x86: Add AMX XTILECFG and XTILEDATA components (Jing Liu) [Orabug: 34492975] - x86: Fix the 64-byte boundary enumeration for extended state (Jing Liu) [Orabug: 34492975] - linux-headers: include missing changes from 5.17 (Paolo Bonzini) [Orabug: 34492975] - linux-headers: Update headers to v5.17-rc1 (Vivek Goyal) [Orabug: 34492975] - linux-headers: update to 5.16-rc1 (Paolo Bonzini) [Orabug: 34492975] - i386/pc: restrict AMD only enforcing of 1Tb hole to new machine type (Joao Martins) - i386/pc: relocate 4g start to 1T where applicable (Joao Martins) - i386/pc: bounds check phys-bits against max used GPA (Joao Martins) - i386/pc: factor out device_memory base/size to helper (Joao Martins) - i386/pc: factor out above-4g end to an helper (Joao Martins) - i386/pc: pass pci_hole64_size to pc_memory_init() (Joao Martins) - i386/pc: create pci-host qdev prior to pc_memory_init() (Joao Martins) - hw/i386: add 4g boundary start to X86MachineState (Joao Martins) - vhost-vdpa: fix assert !virtio_net_get_subqueue(nc)->async_tx.elem in virtio_net_reset (Si-Wei Liu) - net/vhost-vdpa.c: Fix clang compilation failure (Peter Maydell) - vhost-vdpa: allow passing opened vhostfd to vhost-vdpa (Si-Wei Liu) [6.1.1-4.el8] - display/qxl-render: fix race condition in qxl_cursor (CVE-2021-4207) (Mauro Matteo Cascella) [Orabug: 34591445] {CVE-2021-4207} - ui/cursor: fix integer overflow in cursor_alloc (CVE-2021-4206) (Mauro Matteo Cascella) [Orabug: 34591281] {CVE-2021-4206} - scsi/lsi53c895a: really fix use-after-free in lsi_do_msgout (CVE-2022-0216) (Mauro Matteo Cascella) [Orabug: 34590706] {CVE-2022-0216} - scsi/lsi53c895a: fix use-after-free in lsi_do_msgout (CVE-2022-0216) (Mauro Matteo Cascella) [Orabug: 34590706] {CVE-2022-0216} - tests/qtest: Add fuzz-lsi53c895a-test (Philippe Mathieu-Daude) [Orabug: 34590706] {CVE-2022-0216} - hw/scsi/lsi53c895a: Do not abort when DMA requested and no data queued (Philippe Mathieu-Daude) [Orabug: 34590706] {CVE-2022-0216} - virtio-net: fix map leaking on error during receive (Jason Wang) [Orabug: 34538375] {CVE-2022-26353} - vfio: defer to commit kvm irq routing when enable msi/msix (Mike Longpeng) [Orabug: 34528963] - Revert 'vfio: Avoid disabling and enabling vectors repeatedly in VFIO migration' (Mike Longpeng) [Orabug: 34528963] - vfio: simplify the failure path in vfio_msi_enable (Mike Longpeng) [Orabug: 34528963] - vfio: move re-enabling INTX out of the common helper (Mike Longpeng) [Orabug: 34528963] - vfio: simplify the conditional statements in vfio_msi_enable (Mike Longpeng) [Orabug: 34528963] - kvm/msi: do explicit commit when adding msi routes (Mike Longpeng) [Orabug: 34528963] - kvm-irqchip: introduce new API to support route change (Mike Longpeng) [Orabug: 34528963] - event_notifier: handle initialization failure better (Maxim Levitsky) [Orabug: 34528963] - virtio-net: don't handle mq request in userspace handler for vhost-vdpa (Si-Wei Liu) - vhost-vdpa: change name and polarity for vhost_vdpa_one_time_request() (Si-Wei Liu) - vhost-vdpa: backend feature should set only once (Si-Wei Liu) - vhost-net: fix improper cleanup in vhost_net_start (Si-Wei Liu) - vhost-vdpa: fix improper cleanup in net_init_vhost_vdpa (Si-Wei Liu) - virtio-net: align ctrl_vq index for non-mq guest for vhost_vdpa (Si-Wei Liu) - virtio-net: setup vhost_dev and notifiers for cvq only when feature is negotiated (Si-Wei Liu) - virtio: fix the condition for iommu_platform not supported (Halil Pasic) - vdpa: Make ncs autofree (Eugenio Perez) - vhost-vdpa: make notifiers _init()/_uninit() symmetric (Laurent Vivier) - hw/virtio: vdpa: Fix leak of host-notifier memory-region (Laurent Vivier) - vhost-vdpa: stick to -errno error return convention (Roman Kagan) - vdpa: Add dummy receive callback (Eugenio Perez) - vdpa: Check for existence of opts.vhostdev (Eugenio Perez) - vdpa: Replace qemu_open_old by qemu_open at (Eugenio Perez) - vhost: Fix last vq queue index of devices with no cvq (Eugenio Perez) - vhost: Rename last_index to vq_index_end (Eugenio Perez) - net/vhost-vdpa: fix memory leak in vhost_vdpa_get_max_queue_pairs() (Stefano Garzarella) - vhost-vdpa: Set discarding of RAM broken when initializing the backend (David Hildenbrand) - vhost-vdpa: multiqueue support (Jason Wang) - virtio-net: vhost control virtqueue support (Jason Wang) - vhost: record the last virtqueue index for the virtio device (Jason Wang) - virtio-net: use 'queue_pairs' instead of 'queues' when possible (Jason Wang) - vhost-net: control virtqueue support (Jason Wang) - net: introduce control client (Jason Wang) - vhost-vdpa: let net_vhost_vdpa_init() returns NetClientState * (Jason Wang) - vhost-vdpa: prepare for the multiqueue support (Jason Wang) - vhost-vdpa: classify one time request (Jason Wang) - vhost-vdpa: open device fd in net_init_vhost_vdpa() (Jason Wang) - vdpa: Check for iova range at mappings changes (Eugenio Perez) - vdpa: Add vhost_vdpa_section_end (Eugenio Perez) - net/vhost-vdpa: Fix device compatibility check (Kevin Wolf) - net/vhost-user: Fix device compatibility check (Kevin Wolf) - net: Introduce NetClientInfo.check_peer_type() (Kevin Wolf) - memory: Name all the memory listeners (Peter Xu) - vhost-vdpa: remove the unncessary queue_index assignment (Jason Wang) - vhost-vdpa: fix the wrong assertion in vhost_vdpa_init() (Jason Wang) - vhost-vdpa: tweak the error label in vhost_vdpa_add() (Jason Wang) - vhost-vdpa: fix leaking of vhost_net in vhost_vdpa_add() (Jason Wang) - vhost-vdpa: don't cleanup twice in vhost_vdpa_add() (Jason Wang) - vhost-vdpa: remove the unnecessary check in vhost_vdpa_add() (Jason Wang) - vhost_net: do not assume nvqs is always 2 (Jason Wang) - vhost: use unsigned int for nvqs (Jason Wang) - vhost_net: remove the meaningless assignment in vhost_net_start_one() (Jason Wang) - vhost-vdpa: correctly return err in vhost_vdpa_set_backend_cap() (Jason Wang) - vhost-vdpa: remove unused variable 'acked_features' (Jason Wang) - vhost: correctly detect the enabling IOMMU (Jason Wang) - virtio-pci: implement iommu_enabled() (Jason Wang) - virtio-bus: introduce iommu_enabled() (Jason Wang) - hw/virtio: Fix leak of host-notifier memory-region (Yajun Wu) - vhost-vdpa: Do not send empty IOTLB update batches (Eugenio Perez) - target/i386/kvm: Fix disabling MPX on '-cpu host' with MPX-capable host (Maciej S. Szmigiero) [Orabug: 33528615] [6.1.1-3.el8] - acpi: pcihp: pcie: set power on cap on parent slot (Igor Mammedov) [Orabug: 33984018] [Orabug: 33995665] - pcie: expire pending delete (Gerd Hoffmann) [Orabug: 33984018] [Orabug: 33995665] - pcie: fast unplug when slot power is off (Gerd Hoffmann) [Orabug: 33984018] [Orabug: 33995665] - pcie: factor out pcie_cap_slot_unplug() (Gerd Hoffmann) [Orabug: 33984018] [Orabug: 33995665] - pcie: add power indicator blink check (Gerd Hoffmann) [Orabug: 33984018] [Orabug: 33995665] - pcie: implement slot power control for pcie root ports (Gerd Hoffmann) [Orabug: 33984018] [Orabug: 33995665] - pci: implement power state (Gerd Hoffmann) [Orabug: 33984018] [Orabug: 33995665] - tests: bios-tables-test update expected blobs (Igor Mammedov) [Orabug: 33984018] [Orabug: 33995665] - hw/i386/acpi-build: Deny control on PCIe Native Hot-plug in _OSC (Julia Suvorova) [Orabug: 33984018] [Orabug: 33995665] - bios-tables-test: Allow changes in DSDT ACPI tables (Julia Suvorova) [Orabug: 33984018] [Orabug: 33995665] - hw/acpi/ich9: Add compat prop to keep HPC bit set for 6.1 machine type (Julia Suvorova) [Orabug: 33984018] [Orabug: 33995665] [6.1.1-2.el8] - vhost-vsock: detach the virqueue element in case of error (Stefano Garzarella) [Orabug: 33941752] {CVE-2022-26354} - qemu_regdump.py/qmp-regdump: Switch to Python 3 (Karl Heubaum) - block/mirror: fix NULL pointer dereference in mirror_wait_on_conflicts() (Stefano Garzarella) [Orabug: 33916572] {CVE-2021-4145} [6.1.1-1.el8] - ACPI ERST: step 6 of bios-tables-test.c (Eric DeVolder) - ACPI ERST: bios-tables-test testcase (Eric DeVolder) - ACPI ERST: qtest for ERST (Eric DeVolder) - ACPI ERST: create ACPI ERST table for pc/x86 machines (Eric DeVolder) - ACPI ERST: build the ACPI ERST table (Eric DeVolder) - ACPI ERST: support for ACPI ERST feature (Eric DeVolder) - ACPI ERST: header file for ERST (Eric DeVolder) - ACPI ERST: PCI device_id for ERST (Eric DeVolder) - hw/nvme: fix CVE-2021-3929 (Klaus Jensen) [Orabug: 33866395] {CVE-2021-3929} - oslib-posix: initialize backend memory objects in parallel (Mark Kanda) [Orabug: 32555402] - oslib-posix: refactor memory prealloc threads (Mark Kanda) [Orabug: 32555402] - tests/plugin/syscall.c: fix compiler warnings (Juro Bystricky) - virtio-net-pci: Don't use 'efi-virtio.rom' on AArch64 (Mark Kanda) - migration: increase listening socket backlog (Elena Ufimtseva) - virtio: Set PCI subsystem vendor ID to Oracle (Karl Heubaum) - virtiofsd: Drop membership of all supplementary groups (CVE-2022-0358) (Vivek Goyal) [Orabug: 33816690] {CVE-2022-0358} - acpi: validate hotplug selector on access (Michael S. Tsirkin) [Orabug: 33816625] {CVE-2021-4158} - Update to QEMU 6.1.1 (Karl Heubaum) [4.2.1.15.el8] - qemu-kvm.spec: Add support for reading vmdk, vhdx, vpc, https, and ssh disk image formats from qemu-kvm (Karl Heubaum) [Orabug: 33741340] - Document CVE-2021-4158 and CVE-2021-3947 as fixed (Mark Kanda) [Orabug: 33719302] [Orabug: 33754145] {CVE-2021-4158} {CVE-2021-3947} - hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196 (Philippe Mathieu-Daude) [Orabug: 32439466] {CVE-2021-20196} - hw/block/fdc: Extract blk_create_empty_drive() (Philippe Mathieu-Daude) [Orabug: 32439466] {CVE-2021-20196} - net: vmxnet3: validate configuration values during activate (CVE-2021-20203) (Prasad J Pandit) [Orabug: 32559476] {CVE-2021-20203} - lan9118: switch to use qemu_receive_packet() for loopback (Alexander Bulekov) [Orabug: 32560540] {CVE-2021-3416} - pcnet: switch to use qemu_receive_packet() for loopback (Alexander Bulekov) [Orabug: 32560540] {CVE-2021-3416} - rtl8139: switch to use qemu_receive_packet() for loopback (Alexander Bulekov) [Orabug: 32560540] {CVE-2021-3416} - tx_pkt: switch to use qemu_receive_packet_iov() for loopback (Jason Wang) [Orabug: 32560540] {CVE-2021-3416} - sungem: switch to use qemu_receive_packet() for loopback (Jason Wang) [Orabug: 32560540] {CVE-2021-3416} - dp8393x: switch to use qemu_receive_packet() for loopback packet (Jason Wang) [Orabug: 32560540] {CVE-2021-3416} - e1000: switch to use qemu_receive_packet() for loopback (Jason Wang) [Orabug: 32560540] {CVE-2021-3416} - net: introduce qemu_receive_packet() (Jason Wang) [Orabug: 32560540] {CVE-2021-3416} - target/i386: Populate x86_ext_save_areas offsets using cpuid where possible (Paolo Bonzini) - target/i386: Observe XSAVE state area offsets (Paolo Bonzini) - target/i386: Make x86_ext_save_areas visible outside cpu.c (Paolo Bonzini) - target/i386: Pass buffer and length to XSAVE helper (Paolo Bonzini) - target/i386: Clarify the padding requirements of X86XSaveArea (Paolo Bonzini) - target/i386: Consolidate the X86XSaveArea offset checks (Paolo Bonzini) - target/i386: Declare constants for XSAVE offsets (Paolo Bonzini) [4.2.1-14.el8] - scsi: fix sense code for EREMOTEIO (Paolo Bonzini) [Orabug: 33537443] - scsi: move host_status handling into SCSI drivers (Hannes Reinecke) [Orabug: 33537443] - scsi: inline sg_io_sense_from_errno() into the callers (Hannes Reinecke) [Orabug: 33537443] - scsi-generic: do not snoop the output of failed commands (Paolo Bonzini) [Orabug: 33537443] - scsi: Add mapping for generic SCSI_HOST status to sense codes (Hannes Reinecke) [Orabug: 33537443] - scsi: Rename linux-specific SG_ERR codes to generic SCSI_HOST error codes (Hannes Reinecke) [Orabug: 33537443] - scsi: drop 'result' argument from command_complete callback (Hannes Reinecke) [Orabug: 33537443] - scsi-disk: pass guest recoverable errors through even for rerror=stop (Paolo Bonzini) [Orabug: 33537443] - scsi-disk: pass SCSI status to scsi_handle_rw_error (Paolo Bonzini) [Orabug: 33537443] - scsi: introduce scsi_sense_from_errno() (Paolo Bonzini) [Orabug: 33537443] - scsi-disk: do not complete requests early for rerror/werror=ignore (Paolo Bonzini) [Orabug: 33537443] - scsi-disk: move scsi_handle_rw_error earlier (Paolo Bonzini) [Orabug: 33537443] - scsi-disk: convert more errno values back to SCSI statuses (Paolo Bonzini) [Orabug: 33537443] [4.2.1-13.el8] - pcie: Do not set power state for some hot-plugged devices (Annie Li) [Orabug: 33642532] [4.2.1-12.1.el8] - Update slirp to address various CVEs (Mark Kanda) [Orabug: 32208456] [Orabug: 33014409] [Orabug: 33014414] [Orabug: 33014417] [Orabug: 33014420] {CVE-2020-29129} {CVE-2020-29130} {CVE-2021-3592} {CVE-2021-3593} {CVE-2021-3594} {CVE-2021-3595} - hw/pflash_cfi01: Allow backing devices to be smaller than memory region (David Edmondson) - pcie: expire pending delete (Gerd Hoffmann) [Orabug: 33450706] - pcie: fast unplug when slot power is off (Gerd Hoffmann) [Orabug: 33450706] - pcie: factor out pcie_cap_slot_unplug() (Gerd Hoffmann) [Orabug: 33450706] - pcie: add power indicator blink check (Gerd Hoffmann) [Orabug: 33450706] - pcie: implement slot power control for pcie root ports (Gerd Hoffmann) [Orabug: 33450706] - pci: implement power state (Gerd Hoffmann) [Orabug: 33450706] - hw/pci/pcie: Move hot plug capability check to pre_plug callback (Julia Suvorova) [Orabug: 33450706] - hw/pci/pcie: Replace PCI_DEVICE() casts with existing variable (Julia Suvorova) [Orabug: 33450706] - hw/pci/pcie: Forbid hot-plug if it's disabled on the slot (Julia Suvorova) [Orabug: 33450706] - pcie_root_port: Add hotplug disabling option (Julia Suvorova) [Orabug: 33450706] - qdev-monitor: Forbid repeated device_del (Julia Suvorova) [Orabug: 33450706] - i386:acpi: Remove _HID from the SMBus ACPI entry (Corey Minyard) - uas: add stream number sanity checks (Gerd Hoffmann) [Orabug: 33280793] {CVE-2021-3713} - usbredir: fix free call (Gerd Hoffmann) [Orabug: 33198441] {CVE-2021-3682} - hw/scsi/scsi-disk: MODE_PAGE_ALLS not allowed in MODE SELECT commands (Mauro Matteo Cascella) [Orabug: 33548490] {CVE-2021-3930} - e1000: fix tx re-entrancy problem (Jon Maloy) [Orabug: 32560552] {CVE-2021-20257} - virtio-net-pci: Don't use 'efi-virtio.rom' on AArch64 (Mark Kanda) [Orabug: 33537594] - MAINTAINERS: Add ACPI/HEST/GHES entries (Dongjiu Geng) - target-arm: kvm64: handle SIGBUS signal from kernel or KVM (Dongjiu Geng) - ACPI: Record Generic Error Status Block(GESB) table (Dongjiu Geng) - KVM: Move hwpoison page related functions into kvm-all.c (Dongjiu Geng) - ACPI: Record the Generic Error Status Block address (Dongjiu Geng) - ACPI: Build Hardware Error Source Table (Dongjiu Geng) - ACPI: Build related register address fields via hardware error fw_cfg blob (Dongjiu Geng) - docs: APEI GHES generation and CPER record description (Dongjiu Geng) - hw/arm/virt: Introduce a RAS machine option (Dongjiu Geng) - acpi: nvdimm: change NVDIMM_UUID_LE to a common macro (Dongjiu Geng) - block/curl: HTTP header field names are case insensitive (David Edmondson) [Orabug: 33287589] - block/curl: HTTP header fields allow whitespace around values (David Edmondson) [Orabug: 33287589] [4.2.1-11.el8] - trace: use STAP_SDT_V2 to work around symbol visibility (Stefan Hajnoczi) [Orabug: 33272428] [4.2.1-11.el8] - pvrdma: Fix the ring init error flow (Marcel Apfelbaum) [Orabug: 33120142] {CVE-2021-3608} - pvrdma: Ensure correct input on ring init (Marcel Apfelbaum) [Orabug: 33120146] {CVE-2021-3607} - hw/rdma: Fix possible mremap overflow in the pvrdma device (Marcel Apfelbaum) [Orabug: 33120084] {CVE-2021-3582} - vhost-user-gpu: reorder free calls (Gerd Hoffmann) [Orabug: 32950701] {CVE-2021-3544} - vhost-user-gpu: abstract vg_cleanup_mapping_iov (Li Qiang) [Orabug: 32950716] {CVE-2021-3546} - vhost-user-gpu: fix OOB write in 'virgl_cmd_get_capset' (Li Qiang) [Orabug: 32950716] {CVE-2021-3546} - vhost-user-gpu: fix memory leak in 'virgl_resource_attach_backing' (Li Qiang) [Orabug: 32950701] {CVE-2021-3544} - vhost-user-gpu: fix memory leak in 'virgl_cmd_resource_unref' (Li Qiang) [Orabug: 32950701] {CVE-2021-3544} - vhost-user-gpu: fix memory leak while calling 'vg_resource_unref' (Li Qiang) [Orabug: 32950701] {CVE-2021-3544} - vhost-user-gpu: fix memory leak in vg_resource_attach_backing (Li Qiang) [Orabug: 32950701] {CVE-2021-3544} - vhost-user-gpu: fix resource leak in 'vg_resource_create_2d' (Li Qiang) [Orabug: 32950701] {CVE-2021-3544} - vhost-user-gpu: fix memory disclosure in virgl_cmd_get_capset_info (Li Qiang) [Orabug: 32950708] {CVE-2021-3545} - usb: limit combined packets to 1 MiB (Gerd Hoffmann) [Orabug: 32842778] {CVE-2021-3527} - usb/redir: avoid dynamic stack allocation (Gerd Hoffmann) [Orabug: 32842778] {CVE-2021-3527} - mptsas: Remove unused MPTSASState 'pending' field (Michael Tokarev) [Orabug: 32470463] {CVE-2021-3392} - oslib-posix: initialize backend memory objects in parallel (Mark Kanda) [Orabug: 32555402] - oslib-posix: refactor memory prealloc threads (Mark Kanda) [Orabug: 32555402] [4.2.1-10.el8] - e1000: fail early for evil descriptor (Jason Wang) [Orabug: 32560552] {CVE-2021-20257} - Document CVE-2020-27661 as fixed (Mark Kanda) [Orabug: 32960200] {CVE-2020-27661} - block: Avoid stale pointer dereference in blk_get_aio_context() (Greg Kurz) - block: Fix blk->in_flight during blk_wait_while_drained() (Kevin Wolf) - block: Increase BB.in_flight for coroutine and sync interfaces (Kevin Wolf) - block-backend: Reorder flush/pdiscard function definitions (Kevin Wolf) - i386/pc: let iterator handle regions below 4G (Joao Martins) - arm/virt: Add memory hot remove support (Shameer Kolothum) [Orabug: 32643506] - i386/pc: consolidate usable iova iteration (Joao Martins) - i386/acpi: fix SRAT ranges in accordance to usable IOVA (Joao Martins) - migration: increase listening socket backlog (Elena Ufimtseva) - multifd: Make multifd_save_setup() get an Error parameter (Juan Quintela) - multifd: Make multifd_load_setup() get an Error parameter (Juan Quintela) - migration: fix maybe-uninitialized warning (Marc-Andre Lureau) - migration: Fix the re-run check of the migrate-incoming command (Yury Kotov) - multifd: Initialize local variable (Juan Quintela) - multifd: Be consistent about using uint64_t (Juan Quintela) - Bug #1829242 correction. (Alexey Romko) - migration/multifd: fix destroyed mutex access in terminating multifd threads (Jiahui Cen) - migration/multifd: fix nullptr access in terminating multifd threads (Jiahui Cen) - migration/multifd: not use multifd during postcopy (Wei Yang) - migration/multifd: clean pages after filling packet (Wei Yang) - migration: Make sure that we don't call write() in case of error (Juan Quintela) - migration: fix multifd_send_pages() next channel (Laurent Vivier) - migration/multifd: bypass uuid check for initial packet (Elena Ufimtseva) [Orabug: 32610480] - migration/tls: add error handling in multifd_tls_handshake_thread (Hao Wang) - migration/tls: fix inverted semantics in multifd_channel_connect (Hao Wang) - migration/multifd: do not access uninitialized multifd_recv_state (Elena Ufimtseva) [Orabug: 32795384] - io/channel-tls.c: make qio_channel_tls_shutdown thread-safe (Lukas Straub) - qemu.spec: Enable qemu-guest-agent RPM for OL7 (Karl Heubaum) [Orabug: 32415543] - virtio-net: Set mac address to hardware if the peer is vdpa (Cindy Lu) - net: Add vhost-vdpa in show_netdevs() (Cindy Lu) - vhost-vdpa: Add qemu_close in vhost_vdpa_cleanup (Cindy Lu) - hw/virtio/vhost-vdpa: Fix Coverity CID 1432864 (Philippe Mathieu-Daude) - vhost-vdpa: negotiate VIRTIO_NET_F_STATUS with driver (Si-Wei Liu) - configure: Fix build dependencies with vhost-vdpa. (Laurent Vivier) - configure: simplify vhost condition with Kconfig (Marc-Andre Lureau) - vhost-vdpa: add trace-events (Laurent Vivier) - dma/pl330: Fix qemu_hexdump() usage in pl330.c (Mark Kanda) - util/hexdump: introduce qemu_hexdump_line() (Laurent Vivier) - util/hexdump: Reorder qemu_hexdump() arguments (Philippe Mathieu-Daude) - util/hexdump: Convert to take a void pointer argument (Philippe Mathieu-Daude) - net/colo-compare.c: Only hexdump packets if tracing is enabled (Lukas Straub) - vhost-vdpa: batch updating IOTLB mappings (Jason Wang) - vhost: switch to use IOTLB v2 format (Jason Wang) - vhost-vdpa: remove useless variable (Laurent Vivier) - virtio: vdpa: omit check return of g_malloc (Li Qiang) - vhost-vdpa: fix indentation in vdpa_ops (Stefano Garzarella) - virtio-net: check the existence of peer before accessing vDPA config (Jason Wang) - virtio-pci: fix wrong index in virtio_pci_queue_enabled (Yuri Benditovich) - virtio-pci: fix virtio_pci_queue_enabled() (Laurent Vivier) - vhost-vdpa :Fix Coverity CID 1430270 / CID 1420267 (Cindy Lu) - vhost-vdpa: fix the compile issue without kvm (Cindy Lu) - vhost-vdpa: introduce vhost-vdpa net client (Cindy Lu) - vhost-vdpa: introduce vhost-vdpa backend (Cindy Lu) - linux headers: sync to 5.9-rc4 (Jason Wang) - Linux headers: update (Cornelia Huck) - virtio-net: fix rsc_ext compat handling (Cornelia Huck) - linux-headers: update against Linux 5.7-rc3 (Cornelia Huck) - linux-headers: update (Cornelia Huck) - virtiofsd: Pull in kernel's fuse.h (Dr. David Alan Gilbert) - linux-headers: Update (Bharata B Rao) - linux-headers: Update (Greg Kurz) - vhost_net: introduce set_config & get_config (Cindy Lu) - vhost: implement vhost_force_iommu method (Cindy Lu) - vhost: introduce new VhostOps vhost_force_iommu (Cindy Lu) - vhost: implement vhost_vq_get_addr method (Cindy Lu) - vhost: introduce new VhostOps vhost_vq_get_addr (Cindy Lu) - vhost: implement vhost_dev_start method (Cindy Lu) - vhost: introduce new VhostOps vhost_dev_start (Cindy Lu) - vhost: check the existence of vhost_set_iotlb_callback (Jason Wang) - virtio-pci: implement queue_enabled method (Jason Wang) - virtio-bus: introduce queue_enabled method (Jason Wang) - vhost_net: use the function qemu_get_peer (Cindy Lu) - net: introduce qemu_get_peer (Cindy Lu) - vhost: correctly turn on VIRTIO_F_IOMMU_PLATFORM (Jason Wang) - imx7-ccm: add digprog mmio write method (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469} - tz-ppc: add dummy read/write methods (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469} - spapr_pci: add spapr msi read method (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469} - nvram: add nrf51_soc flash read method (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469} - prep: add ppc-parity write method (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469} - vfio: add quirk device write method (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469} - pci-host: designware: add pcie-msi read method (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469} - hw/pci-host: add pci-intack write method (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469} - oslib-posix: take lock before qemu_cond_broadcast (Bauerchen) [Orabug: 32555402] - oslib-posix: initialize mutex and condition variable (Paolo Bonzini) [Orabug: 32555402] - mem-prealloc: optimize large guest startup (Bauerchen) [Orabug: 32555402] - i386: Add the support for AMD EPYC 3rd generation processors (Babu Moger) - acpi: cpuhp: document CPHP_GET_CPU_ID_CMD command (Igor Mammedov) - acpi: cpuhp: add CPHP_GET_CPU_ID_CMD command (Igor Mammedov) - acpi: cpuhp: spec: add typical usecases (Igor Mammedov) - acpi: cpuhp: spec: clarify store into 'Command data' when 'Command field' == 0 (Igor Mammedov) - acpi: cpuhp: spec: fix 'Command data' description (Igor Mammedov) - acpi: cpuhp: spec: clarify 'CPU selector' register usage and endianness (Igor Mammedov) - acpi: cpuhp: introduce 'Command data 2' field (Igor Mammedov) - x86: ich9: let firmware negotiate 'CPU hot-unplug with SMI' feature (Igor Mammedov) - x86: ich9: factor out 'guest_cpu_hotplug_features' (Igor Mammedov) - x86: acpi: let the firmware handle pending 'CPU remove' events in SMM (Igor Mammedov) - x86: acpi: introduce AcpiPmInfo::smi_on_cpu_unplug (Igor Mammedov) - acpi: cpuhp: introduce 'firmware performs eject' status/control bits (Igor Mammedov) - x68: acpi: trigger SMI before sending hotplug Notify event to OSPM (Igor Mammedov) - x86: acpi: introduce the PCI0.SMI0 ACPI device (Igor Mammedov) - x86: acpi: introduce AcpiPmInfo::smi_on_cpuhp (Igor Mammedov) - x86: ich9: expose 'smi_negotiated_features' as a QOM property (Igor Mammedov) - tests: acpi: mark to be changed tables in bios-tables-test-allowed-diff (Igor Mammedov) - acpi: add aml_land() and aml_break() primitives (Igor Mammedov) - x86: cpuhp: refuse cpu hot-unplug request earlier if not supported (Igor Mammedov) - x86: cpuhp: prevent guest crash on CPU hotplug when broadcast SMI is in use (Igor Mammedov) - x86: lpc9: let firmware negotiate 'CPU hotplug with SMI' features (Igor Mammedov) - q35: implement 128K SMRAM at default SMBASE address (Igor Mammedov) - hw/intc/arm_gic: Fix interrupt ID in GICD_SGIR register (Philippe Mathieu-Daude) [Orabug: 32470471] {CVE-2021-20221} - memory: clamp cached translation in case it points to an MMIO region (Paolo Bonzini) [Orabug: 32252673] {CVE-2020-27821} - hw/sd/sdhci: Fix DMA Transfer Block Size field (Philippe Mathieu-Daude) [Orabug: 32613470] {CVE-2021-3409} [4.2.1-6.el8] - i386/pc: Keep PCI 64-bit hole within usable IOVA space (Joao Martins) - pc/cmos: Adjust CMOS above 4G memory size according to 1Tb boundary (Joao Martins) - i386/pc: Round up the hotpluggable memory within valid IOVA ranges (Joao Martins) - i386/pc: Account IOVA reserved ranges above 4G boundary (Joao Martins) [4.2.1-5.el8] - hostmem: fix default 'prealloc-threads' count (Mark Kanda) - hostmem: introduce 'prealloc-threads' property (Igor Mammedov) - qom: introduce object_register_sugar_prop (Paolo Bonzini) - migration/multifd: Do error_free after migrate_set_error to avoid memleaks (Pan Nengyuan) - multifd/tls: fix memoryleak of the QIOChannelSocket object when cancelling migration (Chuan Zheng) - migration/multifd: fix hangup with TLS-Multifd due to blocking handshake (Chuan Zheng) - migration/tls: add trace points for multifd-tls (Chuan Zheng) - migration/tls: add support for multifd tls-handshake (Chuan Zheng) - migration/tls: extract cleanup function for common-use (Chuan Zheng) - migration/multifd: fix memleaks in multifd_new_send_channel_async (Pan Nengyuan) - migration/multifd: fix nullptr access in multifd_send_terminate_threads (Zhimin Feng) - migration/tls: add tls_hostname into MultiFDSendParams (Chuan Zheng) - migration/tls: extract migration_tls_client_create for common-use (Chuan Zheng) - migration/tls: save hostname into MigrationState (Chuan Zheng) - tests/qtest: add a test case for pvpanic-pci (Mihai Carabas) - pvpanic : update pvpanic spec document (Mihai Carabas) - hw/misc/pvpanic: add PCI interface support (Mihai Carabas) - hw/misc/pvpanic: split-out generic and bus dependent code (Mihai Carabas) - qemu-img: Add --target-is-zero to convert (David Edmondson) - 9pfs: Fully restart unreclaim loop (CVE-2021-20181) (Greg Kurz) [Orabug: 32441198] {CVE-2021-20181} - ide: atapi: check logical block address and read size (CVE-2020-29443) (Prasad J Pandit) [Orabug: 32393835] {CVE-2020-29443} - Document CVE-2019-20808 as fixed (Mark Kanda) [Orabug: 32339196] {CVE-2019-20808} - block/iscsi:fix heap-buffer-overflow in iscsi_aio_ioctl_cb (Chen Qun) [Orabug: 32339207] {CVE-2020-11947} - net: remove an assert call in eth_get_gso_type (Prasad J Pandit) [Orabug: 32102583] {CVE-2020-27617} - nvdimm: honor -object memory-backend-file, readonly=on option (Stefan Hajnoczi) [Orabug: 32265408] - hostmem-file: add readonly=on|off option (Stefan Hajnoczi) [Orabug: 32265408] - memory: add readonly support to memory_region_init_ram_from_file() (Stefan Hajnoczi) [Orabug: 32265408] [4.2.1-4.el8] - Document CVE-2020-25723 as fixed (Mark Kanda) [Orabug: 32222397] {CVE-2020-25723} - hw/net/e1000e: advance desc_offset in case of null descriptor (Prasad J Pandit) [Orabug: 32217517] {CVE-2020-28916} - i386: Add 2nd Generation AMD EPYC processors (Babu Moger) [Orabug: 32217570] - libslirp: Update version to include CVE fixes (Mark Kanda) [Orabug: 32208456] [Orabug: 32208462] {CVE-2020-29129} {CVE-2020-29130} - Document CVE-2020-25624 as fixed (Mark Kanda) [Orabug: 32212527] {CVE-2020-25624} - pvpanic: Advertise the PVPANIC_CRASHLOADED event support (Paolo Bonzini) [Orabug: 32102853] - ati: check x y display parameter values (Prasad J Pandit) [Orabug: 32108251] {CVE-2020-27616} - Add AArch64 support for QMP regdump tool and sosreport plugin (Mark Kanda) [Orabug: 32080658] - Add qemu_regdump sosreport plugin support for '-mon' QMP sockets (Mark Kanda) - migration/dirtyrate: present dirty rate only when querying the rate has completed (Chuan Zheng) - migration/dirtyrate: record start_time and calc_time while at the measuring state (Chuan Zheng) - migration/dirtyrate: Add trace_calls to make it easier to debug (Chuan Zheng) - migration/dirtyrate: Implement qmp_cal_dirty_rate()/qmp_get_dirty_rate() function (Chuan Zheng) - migration/dirtyrate: Implement calculate_dirtyrate() function (Chuan Zheng) - migration/dirtyrate: Implement set_sample_page_period() and is_sample_period_valid() (Chuan Zheng) - migration/dirtyrate: skip sampling ramblock with size below MIN_RAMBLOCK_SIZE (Chuan Zheng) - migration/dirtyrate: Compare page hash results for recorded sampled page (Chuan Zheng) - migration/dirtyrate: Record hash results for each sampled page (Chuan Zheng) - migration/dirtyrate: move RAMBLOCK_FOREACH_MIGRATABLE into ram.h (Chuan Zheng) - migration/dirtyrate: Add dirtyrate statistics series functions (Chuan Zheng) - migration/dirtyrate: Add RamblockDirtyInfo to store sampled page info (Chuan Zheng) - migration/dirtyrate: add DirtyRateStatus to denote calculation status (Chuan Zheng) - migration/dirtyrate: setup up query-dirtyrate framwork (Chuan Zheng) - ram_addr: Split RAMBlock definition (Juan Quintela) [4.2.1-3.el8] - qemu-kvm.spec: Install block storage module RPMs by default (Karl Heubaum) [Orabug: 31943789] - qemu-kvm.spec: Enable block-ssh module RPM (Karl Heubaum) [Orabug: 31943763] - hw: usb: hcd-ohci: check for processed TD before retire (Prasad J Pandit) [Orabug: 31901690] {CVE-2020-25625} - hw: usb: hcd-ohci: check len and frame_number variables (Prasad J Pandit) [Orabug: 31901690] {CVE-2020-25625} - hw: ehci: check return value of 'usb_packet_map' (Li Qiang) [Orabug: 31901649] {CVE-2020-25084} - hw: xhci: check return value of 'usb_packet_map' (Li Qiang) [Orabug: 31901649] {CVE-2020-25084} - usb: fix setup_len init (CVE-2020-14364) (Gerd Hoffmann) [Orabug: 31848849] {CVE-2020-14364} - Document CVE-2020-12829 and CVE-2020-14415 as fixed (Mark Kanda) [Orabug: 31855502] [Orabug: 31855427] {CVE-2020-12829} {CVE-2020-14415} [4.2.1-2.el8] - hw/net/xgmac: Fix buffer overflow in xgmac_enet_send() (Mauro Matteo Cascella) [Orabug: 31667649] {CVE-2020-15863} - hw/net/net_tx_pkt: fix assertion failure in net_tx_pkt_add_raw_fragment() (Mauro Matteo Cascella) [Orabug: 31737809] {CVE-2020-16092} - migration: fix memory leak in qmp_migrate_set_parameters (Zheng Chuan) [Orabug: 31806256] - virtio-net: fix removal of failover device (Juan Quintela) [Orabug: 31806255] - pvpanic: introduce crashloaded for pvpanic (zhenwei pi) [Orabug: 31677154] [4.2.1-1.el8] - hw/sd/sdcard: Do not switch to ReceivingData if address is invalid (Philippe Mathieu-Daude) [Orabug: 31414336] {CVE-2020-13253} - hw/sd/sdcard: Update coding style to make checkpatch.pl happy (Philippe Mathieu-Daude) [Orabug: 31414336] - hw/sd/sdcard: Do not allow invalid SD card sizes (Philippe Mathieu-Daude) [Orabug: 31414336] {CVE-2020-13253} - hw/sd/sdcard: Simplify realize() a bit (Philippe Mathieu-Daude) [Orabug: 31414336] - hw/sd/sdcard: Restrict Class 6 commands to SCSD cards (Philippe Mathieu-Daude) [Orabug: 31414336] - libslirp: Update to v4.3.1 to fix CVE-2020-10756 (Karl Heubaum) [Orabug: 31604999] {CVE-2020-10756} - Document CVEs as fixed 2/2 (Karl Heubaum) [Orabug: 30618035] {CVE-2017-18043} {CVE-2018-10839} {CVE-2018-11806} {CVE-2018-12617} {CVE-2018-15746} {CVE-2018-16847} {CVE-2018-16867} {CVE-2018-17958} {CVE-2018-17962} {CVE-2018-17963} {CVE-2018-18849} {CVE-2018-19364} {CVE-2018-19489} {CVE-2018-3639} {CVE-2018-5683} {CVE-2018-7550} {CVE-2018-7858} {CVE-2019-12068} {CVE-2019-15034} {CVE-2019-15890} {CVE-2019-20382} {CVE-2020-10702} {CVE-2020-10761} {CVE-2020-11102} {CVE-2020-11869} {CVE-2020-13361} {CVE-2020-13765} {CVE-2020-13800} {CVE-2020-1711} {CVE-2020-1983} {CVE-2020-8608} - Document CVEs as fixed 1/2 (Karl Heubaum) [Orabug: 30618035] {CVE-2017-10806} {CVE-2017-11334} {CVE-2017-12809} {CVE-2017-13672} {CVE-2017-13673} {CVE-2017-13711} {CVE-2017-14167} {CVE-2017-15038} {CVE-2017-15119} {CVE-2017-15124} {CVE-2017-15268} {CVE-2017-15289} {CVE-2017-16845} {CVE-2017-17381} {CVE-2017-18030} {CVE-2017-2630} {CVE-2017-2633} {CVE-2017-5715} {CVE-2017-5753} {CVE-2017-5754} {CVE-2017-5931} {CVE-2017-6058} {CVE-2017-7471} {CVE-2017-7493} {CVE-2017-8112} {CVE-2017-8309} {CVE-2017-8379} {CVE-2017-8380} {CVE-2017-9503} {CVE-2017-9524} {CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2018-16872} {CVE-2018-20123} {CVE-2018-20124} {CVE-2018-20125} {CVE-2018-20126} {CVE-2018-20191} {CVE-2018-20216} {CVE-2018-20815} {CVE-2019-11091} {CVE-2019-12155} {CVE-2019-14378} {CVE-2019-3812} {CVE-2019-5008} {CVE-2019-6501} {CVE-2019-6778} {CVE-2019-8934} {CVE-2019-9824} - qemu-kvm.spec: Add .spec file for OL8 (Karl Heubaum) [Orabug: 30618035] - qemu.spec: Add .spec file for OL7 (Karl Heubaum) [Orabug: 30618035] - qemu-submodule-init: Add Git submodule init script (Karl Heubaum) [Orabug: 30618035] - vhost.conf: Initial vhost.conf (Karl Heubaum) [Orabug: 30618035] - parfait: Add buildrpm/parfait-qemu.conf (Karl Heubaum) [Orabug: 30618035] - virtio: Set PCI subsystem vendor ID to Oracle (Karl Heubaum) [Orabug: 30618035] - qemu_regdump.py: Initial qemu_regdump.py (Karl Heubaum) [Orabug: 30618035] - qmp-regdump: Initial qmp-regdump (Karl Heubaum) [Orabug: 30618035] - bridge.conf: Initial bridge.conf (Karl Heubaum) [Orabug: 30618035] - kvm.conf: Initial kvm.conf (Karl Heubaum) [Orabug: 30618035] - 80-kvm.rules: Initial 80-kvm.rules (Karl Heubaum) [Orabug: 30618035] - exec: set map length to zero when returning NULL (Prasad J Pandit) [Orabug: 31439733] {CVE-2020-13659} - megasas: use unsigned type for reply_queue_head and check index (Prasad J Pandit) [Orabug: 31414338] {CVE-2020-13362} - memory: Revert 'memory: accept mismatching sizes in memory_region_access_valid' (Michael S. Tsirkin) [Orabug: 31439736] [Orabug: 31452202] {CVE-2020-13754} {CVE-2020-13791} [4.1.1-3.el8] - buildrpm/spec files: Don't package elf2dmp (Karl Heubaum) [Orabug: 31657424] - qemu-kvm.spec: Enable the block-curl package (Karl Heubaum) [Orabug: 31657424] - qemu.spec: enable have_curl in spec (Dongli Zhang) [Orabug: 31657424] [4.1.1-2.el8] - Document CVE-2020-13765 as fixed (Karl Heubaum) [Orabug: 31463250] {CVE-2020-13765} - kvm: Reallocate dirty_bmap when we change a slot (Dr. David Alan Gilbert) [Orabug: 31076399] - kvm: split too big memory section on several memslots (Igor Mammedov) [Orabug: 31076399] - target/i386: do not set unsupported VMX secondary execution controls (Vitaly Kuznetsov) [Orabug: 31463710] - target/i386: add VMX definitions (Paolo Bonzini) [Orabug: 31463710] - ati-vga: check mm_index before recursive call (CVE-2020-13800) (Prasad J Pandit) [Orabug: 31452206] {CVE-2020-13800} - es1370: check total frame count against current frame (Prasad J Pandit) [Orabug: 31463235] {CVE-2020-13361} - ati-vga: Fix checks in ati_2d_blt() to avoid crash (BALATON Zoltan) [Orabug: 31238432] {CVE-2020-11869} - libslirp: Update to stable-4.2 to fix CVE-2020-1983 (Karl Heubaum) [Orabug: 31241227] {CVE-2020-1983} - Document CVEs as fixed (Karl Heubaum) {CVE-2019-12068} {CVE-2019-15034} - libslirp: Update to version 4.2.0 to fix CVEs (Karl Heubaum) [Orabug: 30274592] [Orabug: 30869830] {CVE-2019-15890} {CVE-2020-8608} - target/i386: add support for MSR_IA32_TSX_CTRL (Paolo Bonzini) [Orabug: 31124041] - qemu-img: Add --target-is-zero to convert (David Edmondson) - vnc: fix memory leak when vnc disconnect (Li Qiang) [Orabug: 30996427] {CVE-2019-20382} - iscsi: Cap block count from GET LBA STATUS (CVE-2020-1711) (Felipe Franciosi) [Orabug: 31124035] {CVE-2020-1711} - qemu.spec: Remove 'BuildRequires: kernel' (Karl Heubaum) [Orabug: 31124047] supermin [5.2.1-1.el8] - Resolves: bz#2000225 (Rebase virt:rhel module:stream based on AV-8.6) [5.1.19] - Resolves: bz#1810193 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release) [5.1.19-9] - Rebuild all virt packages to fix RHEL's upgrade path - Resolves: rhbz#1695587 (Ensure modular RPM upgrade path) [5.1.19-8] - Pass CFLAGS & LDFLAGS to final supermin link resolves: rhbz#1624175 [5.1.19-7] - Rebuild for OCaml 4.07.0. [5.1.19-6] - Drop dietlibc in RHEL 8 resolves: rhbz#1588067 [5.1.19-5] - Bump release and rebuild. [5.1.19-4] - Reenable hardened build [5.1.19-3] - Fix bytes/string problems. [5.1.19-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [5.1.19-1] - New upstream version 5.1.19. - Remove all patches, now upstream. [5.1.18-5] - Rebuilt for RPM soname bump [5.1.18-4] - Fix supermin crash with truncated vmlinuz file (RHBZ#1477758). - Include all upstream patches since 5.1.18. [5.1.18-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [5.1.18-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [5.1.18-1] - New upstream release 5.1.18. - Fixes problem with creating incorrect symlinks (RHBZ#1470157). [5.1.17-5] - Enable dietlibc on aarch64 and POWER. [5.1.17-4] - Drop dependency on hawkey and versioned dependencies on dnf. [5.1.17-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [5.1.17-2] - Rebuild for OCaml 4.04.0. [5.1.17-1] - New upstream release 5.1.17. - Check signature on the tarball before unpacking it. - Remove patches, all upstream. [5.1.16-6] - Switch to dietlibc on s390x [5.1.16-5] - Do not break the binary on interpreted builds (#1375213) [5.1.16-4] - Add all upstream patches since 5.1.16 was released. [5.1.16-3] - Add upstream patch for DAX / vNVDIMM support. [5.1.16-2] - New upstream version 5.1.16. - Drop all patches since they are upstream. - Depend on systemd-udev to work around RHBZ#1331012. [5.1.15-2] - Add all upstream patches since 5.1.15 was released. - These should improve boot performance and initrd size. [5.1.15-1] - New upstream version 5.1.15. - Remove all patches, since they are now included in this version. - Enable dietlibc, remove glibc-static, xz-static, zlib-static. [5.1.14-4] - Add more patches since 5.1.14. [5.1.14-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [5.1.14-2] - Add all patches since 5.1.14. [5.1.14-1] - New upstream version 5.1.14. - Remove all patches - now upstream. [5.1.13-4] - Pull in all upstream patches since 5.1.13. - Choose providers better (RHBZ#1266918). - Use autopatch. - Explicitly depend on pod2html. [5.1.13-3] - Bump version to rebuild against new RPM in Rawhide. [5.1.13-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [5.1.13-1] - New upstream version 5.1.13. - Remove patch, now upstream. [5.1.12-11] - Prefer 'dnf download' over 'yumdownloader' (again). - BR grubby for the tests to work. [5.1.12-9] - Revert back to yumdownloader (RHBZ#1186948). [5.1.12-8] - Prefer 'dnf download' over 'yumdownloader'. [5.1.12-7] - Disable hardened build again. See RHBZ#1202091 RHBZ#1204162. [5.1.12-6] - Enable hardening flags by building the static 'init' specially before the main build. - Use _smp_mflags. [5.1.12-4] - Add a -devel subpackage containing automated RPM dependency generator for supermin appliances. [5.1.12-2] - Disable hardened build as it breaks building the static 'init' binary. [5.1.12-1] - New upstream version 5.1.12. - Includes ARM fix: lpae kernels can now be booted (RHBZ#1199733). [5.1.11-2] - Rebuild for xz-5.2.0 in Rawhide (RHBZ#1179252). [5.1.11-1] - New upstream version 5.1.11. [5.1.10-2] - Update to upstream commit d78c898c7e2bc5f12cbebef98b95a7908d9120f1. - BR rpm-devel, since it is now used instead of invoking rpm. - BR automake and autoconf, and run autoreconf (configure.ac is modified by the patches). [5.1.10-1] - New upstream version 5.1.10. - Remove patch which is now included upstream. [5.1.9-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild [5.1.9-2] - Add upstream patch to avoid endless loop in Rawhide. [5.1.9-1] - New upstream version 5.1.9. - Remove patches which are now upstream. [5.1.8-9] - Add Requires findutils (RHBZ#1113029). [5.1.8-8] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [5.1.8-7] - Add patch to fix RPM handler when filenames may contain spaces. [5.1.8-4] - Skip execstack test on Fedora 20 (ARM only). [5.1.8-3] - BR xz-static & xz-devel packages, to support xz-compressed kernel modules. [5.1.8-1] - New upstream version 5.1.8. - Remove patches which are now upstream. [5.1.7-3] - Add upstream patch which removes need to run execstack (RHBZ#1093261). [5.1.7-2] - Add patch to fix quoting around mke2fs parameter (RHBZ#1084960). [5.1.7-1] - New upstream version 5.1.7. - Remove ppc64p7 patch which is now upstream. [5.1.6-5] - Requires tar, which is not installed in an @Core installation. [5.1.6-4] - Add upstream patch to fix supermin on ppc64p7. [5.1.6-3] - New upstream version 5.1.6. - Fix tests. [5.1.5-2] - Disable execstack on aarch64. It comes from prelink which does not exist on aarch64. [5.1.5-1] - New upstream version 5.1.5. [5.1.3-1] - New upstream version 5.1.3. [5.1.2-1] - New upstream version 5.1.2. - Fixes a serious bug in --build mode. [5.1.1-1] - New upstream version 5.1.1. - Remove patch which is now upstream. [5.1.0-3] - Add BR yum-utils (for yumdownloader). - Add upstream patch which stops duplicate packages appearing. [5.1.0-2] - New upstream version 5.1.0. - Note this is effectively a rewrite, and is not completely compatible. - There is no separate 'supermin-helper' subpackage any more. - Requires rpm instead of yum. [4.1.6-2] - New upstream version 4.1.6. - Should fix all autotools brokenness. - Man pages are now all in section 1. - Remove patch which is now upstream. - +BR /usr/bin/execstack (from prelink). [4.1.5-5] - Rerun autoreconf to fix autotools brokenness. [4.1.5-4] - Why was prelink required? Remove it. [4.1.5-3] - correct Obsoletes version for febootstrap and febootstrap-supermin-helper [4.1.5-2] - (For ARM) Don't crash if SUPERMIN_DTB is set and --dtb not specified. [4.1.5-1] - New upstream version 4.1.5. - Has (optionally) a new command line syntax. - Supports device trees for ARM. [4.1.4-1] - New upstream version 4.1.4. - Supports compressed cpio image files, experimentally. [4.1.3-1] - New upstream version 4.1.3. - Remove patch which is now upstream. - Add examples directory to documentation. [4.1.2-2] - Include upstream patch to get correct directory setgid/sticky bits in the appliance. [4.1.2-1] - New upstream version 4.1.2. - Remove patch which is now upstream. [4.1.1-2] - Add upstream patch to ignore ghost non-regular files. - This fixes builds on Fedora 20 because the filesystem package has been changed so /var/lock and /var/run are marked as ghost. [4.1.1-1] - New upstream version 4.1.1. - The program has been renamed 'supermin' from 'febootstrap'. - Obsolete, but don't Provide because supermin is not a compatible replacement. - Use '_isa' to specify architecture of supermin-helper subpackage. [1:3.21-2] - Add upstream patch to drop supplemental groups (RHBZ#902476). - Remove 'Group:' RPM headers which are no longer necessary. - Remove some commented-out requirements. [1:3.21-1] - New upstream version 3.21. [1:3.20-1] - New upstream version 3.20. [1:3.19-2] - Work around brokenness in yum (RHBZ#850913). - Remove defattr, no longer required. [1:3.19-1] - New upstream version 3.19. [3.18-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [3.18-1] - New upstream version 3.18. - This adds support for EPEL 5. [3.17-1] - New upstream version 3.17. [3.16-1] - New upstream version 3.16. [3.15-1] - New upstream version 3.15. - This version includes root=<device> support, needed for libguestfs with virtio-scsi. - Remove upstream patch. [3.14-6] - For RHEL 7 only, add ExclusiveArch x86-64. [3.14-5] - Bundled gnulib (RHBZ#821752). [3.14-4] - Add back explicit dependencies for external programs. [3.14-3] - Drop ExclusiveArch as it's supported on all primary & secondary arches - Cleanup spec and deps [3.14-2] - New upstream version 3.14. - Add upstream patch to fix RHBZ#808421. [3.13-4] - e2fsprogs moved /sbin/mke2fs to /usr/sbin (thanks Eric Sandeen). [3.13-2] - Missing BR zlib-static. [3.13-1] - New upstream version 3.13. - Remove upstream patch which is included in this version. [3.12-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [3.12-4] - Depend on latest e2fsprogs (RHBZ#771310). [3.12-2] - Include upstream patch to work around Python stupidity. [3.12-1] - New upstream version 3.12. - Remove upstream patch which is included in this version. [3.11-2] - Add upstream patch to fix febootstrap on non-Debian. [3.11-1] - New upstream version 3.11. [3.10-1] - New upstream version 3.10. [3.9-1] - New upstream version 3.9. [3.8-1] - New upstream version 3.8. [3.7-1] - New upstream version 3.7. [3.6-1] - New upstream version 3.6. - This version no longer needs external insmod.static. [3.5-1] - New upstream version 3.5. - Remove patch which is now upstream. [3.4-2] - Don't fail if objects are created in a symlinked dir (RHBZ#698089). [3.4-1] - New upstream version 3.4. - febootstrap-supermin-helper Obsoletes older versions of febootstrap. [3.3-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [3.3-4] - Split package into febootstrap (for building) and febootstrap-supermin-helper (for running). Note that febootstrap depends on febootstrap-supermin-helper, but you can install febootstrap-supermin-helper on its own. [3.3-3] - Clear executable stack flag on febootstrap-supermin-helper. [3.3-2] - add the ocaml's ExclusiveArch [3.3-1] - New upstream version 3.3. [3.2-1] - New upstream version 3.2. - Remove upstream patches. [3.1-5] - Previous fix for RHBZ#654638 didn't work, fix it correctly. [3.1-4] - Properly ignore .*.hmac files (accidental reopening of RHBZ#654638). [3.1-3] - Uses yumdownloader at runtime, so require yum-utils. [3.1-2] - New upstream version 3.1. - BR insmod.static. [3.0-2] - New upstream version 3.0 (note this is incompatible with 2.x). - Fix upstream URLs. - fakeroot, fakechroot no longer required. - insmod.static is required at runtime (missing dependency from earlier). - The only programs are 'febootstrap' and 'febootstrap-supermin-helper'. - BR ocaml, ocaml-findlib-devel. - No examples are provided with this version of febootstrap. [2.11-1] - New upstream version 2.11. - Fixes 'ext2fs_mkdir .. No free space in directory' bug which affects libguestfs on rawhide. [2.10-1] - New upstream version 2.10. - Adds -u and -g options to febootstrap-supermin-helper which are required by virt-v2v. [2.9-1] - New upstream version 2.9. - Fixes directory ordering problem in febootstrap-supermin-helper. [2.8-1] - New upstream version 2.8. [2.8-0.2] - New pre-release version of 2.8. + Note this is based on 2.7 + mailing list patches. - New BRs on mke2fs, libext2fs, glibc-static. [2.7-2] - New upstream version 2.7. - febootstrap-supermin-helper shell script rewritten in C for speed. - This package contains C code so it is no longer 'noarch'. - MAKEDEV isn't required. [2.6-1] - New upstream release 2.6. - Recheck package in rpmlint. [2.5-2] - New upstream release 2.5. - Remove BR upx (not needed by upstream). - Two more scripts / manpages. [2.4-1] - New upstream release 2.4. [2.3-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [2.3-1] - New upstream release 2.3. [2.2-1] - New upstream release 2.2. [2.0-1] - New upstream release 2.0. [1.9-1] - New upstream release 1.9. [1.8-1] - New upstream release 1.8. [1.7-1] - New upstream release 1.7. [1.5-3] - Configure script has (unnecessary) BuildRequires on fakeroot, fakechroot, yum. [1.5-2] - Initial build for Fedora. swtpm [0.7.0-3.20211109gitb79fd91] - swtpm_localca: Test for available issuercert before creating CA Resolves: rhbz#2109987 [0.7.0-2.20211109gitb79fd91] - Disable FIPS mode. Resolves: rhbz#2109568 [0.7.0-1.20211109gitb79fd91] - Rebase to 0.7.0, disable TPM 1.2. Resovles: rhbz#2029612 [0.6.0-2.20210607gitea627b3] - rebuilt with missing CFLAGS fix. [0.6.0-1.20210607gitea627b3] - Update to 0.6.0. Resolves: rhbz#1972783 [0.4.2-1.20201201git2df14e3] - Update to 0.4.2, to address potential symlink vulnerabilities (CVE-2020-28407). Resolves: rhbz#1906043 [0.4.0-3.20200828git0c238a2] - swtpm_setup: Add missing .config path when using /home/opc. Resolves: rhbz#1881418 [0.4.0-2.20200828git0c238a2] - Backport fixes from 0.4.0 stable branch. Resolves: rhbz#1868375 (fixes usage of swtpm-localca with passwords when signing keys) [0.4.0-1.20200828git0c238a2] - Update to v0.4.0. Resolves: rhbz#1868375 [0.3.0-1.20200218git74ae43b] - Update to v0.3.0. Fixes rhbz#1809778 - exclude i686 build [0.2.0-2.20200127gitff5a83b] - Update to latest 0.2-stable branch, fix random test failure. rhbz#1782451 [0.2.0-1.20191018git9227cf4] - rebuilt [0.1.0-1.20190425gitca85606.1] - Fix SELinux labels on /usr/bin/swtpm installation rhbz#1739994 [0.1.0-0.20190425gitca85606] - pick up bug fixes [0.1.0-0.20190204git2c25d13.1] - v0.1.0 release of swtpm [0.1.0-0.20181212git8b9484a.1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild [0.1.0-0.20181212git8b9484a] - Follow improvements in swtpm repo primarily related to fixes for 'ubsan' [0.1.0-0.20181106git05d8160] - Follow improvements in swtpm repo - Remove ownership change of swtpm_setup.sh; have root own the file as required [0.1.0-0.20181031gitc782a85] - Follow improvements and fixes in swtpm [0.1.0-0.20181002git0143c41] - Fixes to SELinux policy - Improvements on various other parts [0.1.0-0.20180924gitce13edf] - Initial Fedora build [0.1.0-0.20180918git67d7ea3] - Created initial version of rpm spec files - Version is now 0.1.0 - Bugzilla for this spec: https://bugzilla.redhat.com/show_bug.cgi?id=1611829 seabios [1.15.0-2] - seabios-shortcut-skip-unbootable-disks-optimitation.patch [bz#1924972] - Resolves: bz#1924972 (Guest whose os is installed multiple disks but boot partition is installed on single disk can't boot into OS on RHEL 8) [1.15.0-1.el8] - Rebase to 1.15 (bz#2018392) - Resolves: bz#2018392 [1.15.0-1.el8] - pci-reserve-resources-for-pcie-pci-bridge-to-fix-reg.patch [bz#2001921] - pci: let firmware reserve IO for pcie-pci-bridge.patch [bz#2001921] - Resolves: bz#2001921 [1.14.0-1.el8] - Rebase to 1.14 (bz#1809772) - Resolves: bz#1809772 (rebase seabios for RHEL AV-8.3.0) [1.13.0-1.el8] - Rebase to 1.13 (bz#1793377) - Resolves: bz#1793377 (rebase seabios to 1.13) [1.12.0-5.el8] - seabios-add-get_keystroke_full-helper.patch [bz#1693031] - seabios-bootmenu-add-support-for-more-than-9-entries.patch [bz#1693031] - Resolves: bz#1693031 (On systems with more than 10 available boot devices, keys are uninintuitive) [1.12.0-4.el8] - seabios-tpm-Check-for-TPM-related-ACPI-tables-before-attempt.patch [bz#1705212] - seabios-usb-ehci-Clear-pipe-token-on-pipe-reallocate.patch [bz#1705212] - Resolves: bz#1705212 (Backport 1.12.1 patches to RHEL-AV 8.1.0) [1.12.0-3.el8] - seabios-rh-add-configs-for-ramfb-and-bochs-display.patch [bz#1724098] - Resolves: bz#1724098 (enable device: bochs-display (seabios)) [1.12.0-1.el8] - Rebase to 1.12.0 [bz#1666134] - Resolves: bz#1666134 (Rebase seabios for RHEL-AV release in virt:8.0.0 stream) [1.11.1-3.el8] - Resolves: bz#1613465 (Fix seabios package) [1.11.1-2.el8] - Resolves: bz#1607349 (Serial Graphics Adapter show error seabios version) [1.11.1-1.el8] - Rebasing seabios 1.11.1 [1.11.0-2.el8] - Syncronizing exploded tree with dist-git [1.11.0-1.el8] - Creating RHEL-8.0 initial branch based on 1.11.0 - Resolves: bz#1515300 - (Prepare seabios for RHEL-8.0) [1.11.0-1] - Rebased to version 1.11.0 - Add three patches from RHEL [1.10.2-3] - Disable cross-compilation on RHEL [1.10.2-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [1.10.2-1] - Rebased to version 1.10.2 [1.10.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [1.10.1-1] - Rebased to version 1.10.1 [1.9.3-1] - Rebased to version 1.9.3 [1.9.1-3] - Include MPT Fusion driver, in preparation for QEMU 2.6 - Include XHCI and SD in 128k ROM, sacrifice bootsplash instead [1.9.1-1] - Rebased to version 1.9.1 - Fix incorrect UUID format in boot output (bz #1284259) [1.9.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [1.9.0-1] - Rebased to version 1.9.0 [1.8.2-1] - Rebased to version 1.8.2 [1.8.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [1.8.1-1] - Rebased to version 1.8.1 [1.8.0-1] - Rebased to version 1.8.0 - Initial support for USB3 hubs - Initial support for SD cards (on QEMU only) - Initial support for transitioning to 32bit mode using SMIs (on QEMU TCG only) - SeaVGABIOS improvements [1.7.5.1-1] - Update to seabios-1.7.5.1 [1.7.5-3] - Fix PCI-e hotplug (bz #1115598) [1.7.5-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [1.7.5-1] - Rebased to version 1.7.5 - Support for obtaining SMBIOS tables directly from QEMU. - XHCI USB controller fixes for real hardware - seavgabios: New driver for 'coreboot native vga' support - seavgabios: Improved detection of x86emu versions with incorrect emulation. - Several bug fixes and code cleanups [1.7.4-5] - Fix booting FreeBSD VMs in virt-manager [1.7.4-3] - Build 256k bios images for qemu 2.0 [1.7.4-2] - Fix kvm migration with empty virtio-scsi controller (bz #1032208) [1.7.4-1] - Rebased to version 1.7.4 - Support for obtaining ACPI tables directly from QEMU. - Initial support for XHCI USB controllers (initially for QEMU only). - Support for booting from 'pvscsi' devices on QEMU. - Enhanced floppy driver - improved support for real hardware. - coreboot cbmem console support. [1.7.3.2-1] - Update to 1.7.3.2 for qemu 1.7 [1.7.3.1-3] - Fix pasto in CONFIG_DEBUG_LEVEL. [1.7.3.1-2] - Compile as all three of BIOS, CSM and CoreBoot payload. [1.7.3.1-1] - Rebased to version 1.7.3.1 - Fix USB EHCI detection that was broken in hlist conversion of PCIDevices. - Fix bug in CBFS file walking with compressed files. - acpi: sync FADT flags from PIIX4 to Q35 [1.7.3-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild [1.7.3-2] - Install aml files for use by qemu [1.7.3-1] - Rebased to version 1.7.3 - Initial support for using SeaBIOS as a UEFI CSM - Support for detecting and using ACPI reboot ports. - Non-standard floppy sizes now work again with recent QEMU versions. - Several bug fixes and code cleanups - Again fix vgabios obsoletes (bz #981147) [1.7.2.2-1] - Update to seabios stable 1.7.2.2 - Obsolete vgabios (bz #967315) [1.7.2-1] - Rebased to version 1.7.2 - Support for ICH9 host chipset ('q35') on emulators - Support for booting from LSI MegaRAID SAS controllers - Support for using the ACPI PM timer on emulators - Improved Geode VGA BIOS support. - Several bug fixes [1.7.1-4] - Root seabios package is noarch too because it only contains docs [1.7.1-3] - Add seavgabios subpackage [1.7.1-2] - Build with cross compiler. Resolves: #866664. [1.7.1-1] - Rebased to version 1.7.1 - Initial support for booting from USB attached scsi (USB UAS) drives - USB EHCI 64bit controller support - USB MSC multi-LUN device support - Support for booting from LSI SCSI controllers on emulators - Support for booting from AMD PCscsi controllers on emulators [1.7.0-4] - Modernise and tidy up the RPM. - Allow debug versions of SeaBIOS to be built easily. [1.7.0-3] - Enable S3/S4 support for guests (it's an F18 feature after all) [1.7.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [1.7.0-1] - Rebased to version 1.7.0 - Support for virtio-scsi - Improved USB drive support - Several USB controller bug fixes and improvements [1.6.3-2] - Fix bugs in booting from host (or redirected) USB pen drives [1.6.3-1] - Update to 1.6.3 upstream - Add virtio-scsi [0.6.2-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [0.6.2-3] - Stop advertising S3 and S4 in DSDT (bz#741375) - incdule iasl buildreq [0.6.2-2] - Fix QXL bug in 0.6.2 [0.6.2-1] - Update to 0.6.2 upstream for a number of bugfixes [0.6.1-1] - Update to 0.6.1 upstream for a number of bugfixes [0.6.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [0.6.0-1] - Update seabios to latest stable so we can drop patches. [0.5.1-2] - Ugly hacks to make package noarch and available for arch that cannot build it. - Disable useless debuginfo [0.5.1-1] - Update to 0.5.1 stable release - Pick up patches required for current qemu [0.5.1-0.1.20100108git669c991] - Created initial package sgabios virt-v2v [1:1.42.0-19.0.1] - replaced upstream references [Orabug:34095529] [1:1.42.0-19] - If listing RPM applications fails, rebuild DB and retry resolves: rhbz#2093415 [1:1.42.0-18] - Additional fix for backing file specified without backing format related: rhbz#2025769 [1:1.42.0-17] - Correct regexps used to fix schtasks command - Fix backing file specified without backing format resolves: rhbz#2023279, rhbz#2025769 [1:1.42.0-16] - Implement cookie scripts for more reliable vCenter/HTTPS transfers resolves: rhbz#2018173 [1:1.42.0-15] - v2v: windows: Do not fix NTFS heads in Windows Vista and later resolves: rhbz#1995000 [1:1.42.0-14] - v2v: rhv-upload-plugin: Fix waiting for finalize resolves: rhbz#1976024 [1:1.42.0-13] - docs: Fix version of virt-v2v which added UEFI for OpenStack related: rhbz#1872100 - v2v: Increase Linux minimum root filesystem to 100 MB resolves: rhbz#1764569 [1:1.42.0-12] - v2v: Fix conversion of BitLocker guests resolves: rhbz#1959051 [1:1.42.0-11] - v2v: windows: Allow qxldod.inf as synonym for qxl.inf resolves: rhbz#1926102 - v2v: Increase required free space in Windows to 100 MB resolves: rhbz#1949147 - docs: Document how to remove 'Out of HTTP sessions' limit - v2v: Disable readahead for VMware curl sources too resolves: rhbz#1848862 - v2v: Allow output to block devices resolves: rhbz#1868690 - docs: -o openstack: Clarify name of file containing OpenStack auth resolves: rhbz#1871754 - docs: UEFI guest conversion to -o openstack is supported resolves: rhbz#1872100 - v2v: Turn pnp_wait.exe warning into a debug message resolves: rhbz#1903960 - v2v: windows: Fix schtasks /SD parameter resolves: rhbz#1895323 [1:1.42.0-9] - v2v: rhv-upload-plugin: Defer imageio connection resolves: rhbz#1911568 [1:1.42.0-8] - Replace broken VMware Tools uninstall command msiexec /i with /x. resolves: rhbz#1917760 [1:1.42.0-7] - Tell virt-v2v where overlay files must be placed - Allow conversion to UEFI openstack resolves: rhbz#1820282 rhbz#1872094 [1:1.42.0-6] - Improve the documentation of --keys-from-stdin resolves: rhbz#1858765 - Check that --mac :ip: parameters are sensible resolves: rhbz#1858775 - -i libvirt: read password file outside libvirt auth callback resolves: rhbz#1869454 [1:1.42.0-5] - Ship a newer version of rhev-apt.exe resolves: rhbz#1850000 - Ship the rhsrvany sources with a note for them, as requested by Red Hat Legal. - -i libvirt: ask for the password ourselves instead of letting nbdkit ask for it (and potentially time out) related: rhbz#1838425 - Fix build with libosinfo >= 1.8.0 resolves: rhbz#1850423 [1:1.42.0-4] - -i libvirt: ask again for the password when -ip is not specified resolves: rhbz#1838425 - -i libvirt: print URI without connecting resolves: rhbz#1839917 - Handle HTTP/2 replies from vCenter resolves: rhbz#1840126 - -o libvirt: remove cache=none from disks resolves: rhbz#1837453 - Fix parameters for the nbdkit rate filter resolves: rhbz#1841096 - -it vddk: do not use the nbdkit readahead filter with VDDK resolves: rhbz#1832805 [1:1.42.0-3] - Actually fix epoch dependencies. - Fix virt-v2v-man-pages-uk migration from libguestfs-man-pages-uk. [1:1.42.0-2] - Bump the libguestfs requirement to 1.42.0. - Bump the epoch to 1 to match the version virt-v2v had when built from the libguestfs source. [1.42.0-1] - New upstream stable version 1.42.0. [1.41.8-11] - Update all OCaml dependencies for RPM 4.16. [1.41.8-10] - OCaml 4.10.0 final. [1.41.8-9] - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild [1.41.8-8] - Bump release and rebuild. [1.41.8-7] - Bump release and rebuild. [1.41.8-6] - Bump release and rebuild. [1.41.8-5] - OCaml 4.10.0+beta1 rebuild. - Use nbdkit-python-plugin (now all Python 3 in Rawhide). [1.41.8-4] - Use license instead of doc for COPYING file. - Include license in all subpackages. - Use gpgverify macro. - Don't own bash-completion directory because we Require the bash-completion package which owns it already. [1.41.8-2] - Fix permissions on .sig file. - Disable -oa preallocated test since it fails in reviewers mock environment. [1.41.8-1] - Initial release of separate virt-v2v program, was part of libguestfs. IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-0664 CVE-2024-1441 CVE-2024-26328 CVE-2024-26327 CVE-2023-6693 CVE-2023-6683 CVE-2023-4135 CVE-2023-5088 CVE-2023-40360 CVE-2024-3567 CVE-2021-3638 CVE-2021-3750 CVE-2023-3019 CVE-2024-3447 CVE-2024-24474 CVE-2023-42467 CVE-2024-4418 CVE-2024-3446 cpe:/a:oracle:linux:8::kvm_appstream Oracle Linux 6 Oracle Linux 7 [4.1.12-124.89.4] - isdn: mISDN: netjet: Fix crash in nj_probe: (Zheyu Ma) [Orabug: 36940405] {CVE-2021-47284} - tracing: Restructure trace_clock_global() to never block (Steven Rostedt (VMware)) [Orabug: 36940388] {CVE-2021-46939} - udf: Fix NULL pointer dereference in udf_symlink function (Arturo Giusti) [Orabug: 36806640] {CVE-2021-47353} - media: pvrusb2: fix use after free on context disconnection (Ricardo B. Marliere) [Orabug: 36802294] {CVE-2023-52445} - vt: fix memory overlapping when deleting chars in the buffer (Yangxi Xiang) [Orabug: 36802212] {CVE-2022-48627} - tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (Daniel Starke) [Orabug: 36678070] {CVE-2024-36016} - netfilter: nftables: exthdr: fix 4-byte stack OOB write (Florian Westphal) [Orabug: 36654631] {CVE-2023-52628} - dm: call the resume method on internal suspend (Mikulas Patocka) [Orabug: 36544879] {CVE-2024-26880} - net/bnx2x: Prevent access to a freed page in page_pool (Thinh Tran) [Orabug: 36544783] {CVE-2024-26859} - x86, relocs: Ignore relocations in .notes section (Kees Cook) [Orabug: 36531115] {CVE-2024-26816} - netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter (Ryosuke Yasuoka) [Orabug: 36531057] {CVE-2024-26805} - fbdev: savage: Error out if pixclock equals zero (Fullway Wang) [Orabug: 36530913] {CVE-2024-26778} - ext4: fix double-free of blocks due to wrong extents moved_len (Baokun Li) [Orabug: 36530519] {CVE-2024-26704} - sr9800: Add check for usbnet_get_endpoints (Chen Ni) [Orabug: 36530183] {CVE-2024-26651} - llc: Drop support for ETH_P_TR_802_2. (Kuniyuki Iwashima) [Orabug: 36530047] {CVE-2024-26635} - netfilter: nf_tables: Reject tables of unsupported family (Phil Sutter) [Orabug: 36192155] {CVE-2023-6040} [4.1.12-124.89.3] - wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (Minsuk Kang) [Orabug: 36802321] {CVE-2023-52594} - batman-adv: Avoid infinite loop trying to resize local TT (Sven Eckelmann) [Orabug: 36643464] {CVE-2024-35982} - Bluetooth: Fix memory leak in hci_req_sync_complete() (Dmitry Antipov) [Orabug: 36643456] {CVE-2024-35978} - VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() (Harshit Mogalapalli) [Orabug: 36643323] {CVE-2024-35944} - fbmon: prevent division by zero in fb_videomode_from_videomode() (Roman Smirnov) [Orabug: 36643194] {CVE-2024-35922} [4.1.12-124.89.2] - scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (Wenchao Hao) [Orabug: 36901390] {CVE-2023-52809} - net: usb: fix memory leak in smsc75xx_bind (Pavel Skripkin) [Orabug: 36802200] {CVE-2021-47171} - i2c: i801: Don't generate an interrupt on bus reset (Jean Delvare) [Orabug: 36792714] {CVE-2021-47153} - pid: take a reference when initializing cad_pid (Mark Rutland) [Orabug: 36792687] {CVE-2021-47118} - drm/vmwgfx: Fix invalid reads in fence signaled events (Zack Rusin) [Orabug: 36691531] {CVE-2024-36960} - firewire: ohci: mask bus reset interrupts between ISR and bottom half (Adam Goldman) [Orabug: 36683507] {CVE-2024-36950} - scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (Saurav Kashyap) [Orabug: 36683370] {CVE-2024-36919} - net: fix out-of-bounds access in ops_init (Thadeu Lima de Souza Cascardo) [Orabug: 36683115] {CVE-2024-36883} - netfilter: nf_tables: disallow timeout for anonymous sets (Pablo Neira Ayuso) [Orabug: 36654625] {CVE-2023-52620} - team: fix null-ptr-deref when team device type is changed (Ziyang Xuan) [Orabug: 36654606] {CVE-2023-52574} [4.1.12-124.89.1] - tcp: do not accept ACK of bytes we never sent (Eric Dumazet) [Orabug: 36806731] {CVE-2023-52881} - net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path (Miko Larsson) [Orabug: 36806698] {CVE-2023-52703} - hwrng: core - Fix page fault dead lock on mmap-ed hwrng (Herbert Xu) [Orabug: 36806668] {CVE-2023-52615} - mISDN: fix possible use-after-free in HFC_cleanup() (Zou Wei) [Orabug: 36806645] {CVE-2021-47356} - net: ti: fix UAF in tlan_remove_one (Pavel Skripkin) [Orabug: 36806628] {CVE-2021-47310} - net: cdc_eem: fix tx fixup skb leak (Linyu Yuan) [Orabug: 36806622] {CVE-2021-47236} - usb: hub: Guard against accesses to uninitialized BOS descriptors (Ricardo Canuelo) [Orabug: 36802300] {CVE-2023-52477} - USB: add quirk for devices with broken LPM (Alan Stern) [Orabug: 36802300] {CVE-2023-52477} - Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security (Yuxuan Hu) [Orabug: 36544991] {CVE-2024-26903} - Bluetooth: Avoid potential use-after-free in hci_error_reset (Ying Hsu) [Orabug: 36531042] {CVE-2024-26801} - ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (Baokun Li) [Orabug: 36530881] {CVE-2024-26772} - inet: read sk->sk_family once in inet_recv_error() (Eric Dumazet) [Orabug: 36530348] {CVE-2024-26679} - ppp_async: limit MRU to 64K (Eric Dumazet) [Orabug: 36530335] {CVE-2024-26675} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2021-47284 CVE-2021-47353 CVE-2024-36950 CVE-2023-52477 CVE-2024-26651 CVE-2024-26805 CVE-2023-52615 CVE-2024-26704 CVE-2024-26880 CVE-2021-47153 CVE-2024-26635 CVE-2024-26903 CVE-2024-35978 CVE-2023-52628 CVE-2024-26816 CVE-2021-47118 CVE-2021-47310 CVE-2021-47356 CVE-2024-26801 CVE-2023-52574 CVE-2023-6040 CVE-2024-26675 CVE-2021-46939 CVE-2022-48627 CVE-2023-52703 CVE-2023-52881 CVE-2024-35944 CVE-2024-36883 CVE-2023-52594 CVE-2023-52809 CVE-2024-35982 CVE-2024-36919 CVE-2021-47236 CVE-2023-52445 CVE-2024-26679 CVE-2024-35922 CVE-2024-36016 CVE-2021-47171 CVE-2024-26772 CVE-2024-36960 CVE-2023-52620 CVE-2024-26778 CVE-2024-26859 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.335.4] caches for x86_64. (Imran Khan) [Orabug: 36951041] - printk: add kthread for long-running print (Stephen Brennan) [Orabug: 36456582] - kdb: Use the passed prompt in kdb_position_cursor() (Douglas Anderson) - driver core: Fix uevent_show() vs driver detach race (Dan Williams) - pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails (Yang Yingliang) - pinctrl: ti: ti-iodelay: Drop if block with always false condition (Uwe Kleine-Konig) - pinctrl: single: fix possible memory leak when pinctrl_enable() fails (Yang Yingliang) - pinctrl: core: fix possible memory leak when pinctrl_enable() fails (Yang Yingliang) - ipvs: Avoid unnecessary calls to skb_is_gso_sctp (Ismael Luceno) [5.4.17-2136.335.3] - MIPS: Octeon: Add PCIe link status check (Dave Kleikamp) [Orabug: 36947196] {CVE-2024-40968} [5.4.17-2136.335.2] - drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() (Dan Carpenter) [Orabug: 36898075] {CVE-2024-41022} - net: relax socket state check at accept time. (Paolo Abeni) [Orabug: 36768889] {CVE-2024-36484} - fsnotify: clear PARENT_WATCHED flags lazily (Amir Goldstein) [Orabug: 36922241] - NFSD: Increase NFSD_MAX_OPS_PER_COMPOUND (Chuck Lever) [Orabug: 36908594] - x86/cpu: Avoid cpuinfo-induced IPI pileups (Paul E. McKenney) [Orabug: 35773811] [5.4.17-2136.335.1] - LTS tag: v5.4.280 (Alok Tiwari) - i2c: rcar: bring hardware to known state when probing (Wolfram Sang) - nilfs2: fix kernel bug on rename operation of broken directory (Ryusuke Konishi) [Orabug: 36896821] {CVE-2024-41034} - tcp: avoid too many retransmit packets (Eric Dumazet) [Orabug: 36841816] {CVE-2024-41007} - tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() (Eric Dumazet) - net: tcp: fix unexcepted socket die when snd_wnd is 0 (Menglong Dong) - tcp: refactor tcp_retransmit_timer() (Eric Dumazet) - SUNRPC: Fix RPC client cleaned up the freed pipefs dentries (felix) [Orabug: 36940547] {CVE-2023-52803} - libceph: fix race between delayed_work() and ceph_monc_stop() (Ilya Dryomov) [Orabug: 36930128] {CVE-2024-42232} - ALSA: hda/realtek: Limit mic boost on VAIO PRO PX (Edson Juliano Drosdeck) - nvmem: meson-efuse: Fix return value of nvmem callbacks (Joy Chakraborty) - hpet: Support 32-bit userspace (He Zhe) - USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (Alan Stern) [Orabug: 36896826] {CVE-2024-41035} - usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() (Lee Jones) [Orabug: 36930138] {CVE-2024-42236} - USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k (WangYuli) - USB: serial: option: add Rolling RW350-GL variants (Vanillan Wang) - USB: serial: option: add Netprisma LCUK54 series modules (Mank Wang) - USB: serial: option: add support for Foxconn T99W651 (Slark Xiao) - USB: serial: option: add Fibocom FM350-GL (Bjorn Mork) - USB: serial: option: add Telit FN912 rmnet compositions (Daniele Palmas) - USB: serial: option: add Telit generic core-dump composition (Daniele Palmas) - ARM: davinci: Convert comma to semicolon (Chen Ni) - s390: Mark psw in __load_psw_mask() as __unitialized (Sven Schnelle) - udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). (Kuniyuki Iwashima) [Orabug: 36896842] {CVE-2024-41041} - ppp: reject claimed-as-LCP but actually malformed packets (Dmitry Antipov) [Orabug: 36896856] {CVE-2024-41044} - net: ethernet: lantiq_etop: fix double free in detach (Aleksander Jan Bajkowski) [Orabug: 36896863] {CVE-2024-41046} - net: lantiq_etop: add blank line after declaration (Aleksander Jan Bajkowski) - octeontx2-af: Fix incorrect value output on error path in rvu_check_rsrc_availability() (Aleksandr Mishin) - tcp: fix incorrect undo caused by DSACK of TLP retransmit (Neal Cardwell) - tcp: add TCP_INFO status for failed client TFO (Jason Baron) - vfs: don't mod negative dentry count when on shrinker list (Brian Foster) - fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading (linke li) - filelock: fix potential use-after-free in posix_lock_inode (Jeff Layton) [Orabug: 36896877] {CVE-2024-41049} - nilfs2: fix incorrect inode allocation from reserved inodes (Ryusuke Konishi) - nvme-multipath: find NUMA path only for online numa-node (Nilay Shroff) - ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 (Jian-Hong Pan) - i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr (Piotr Wojtaszczyk) [Orabug: 36897909] {CVE-2024-42153} - media: dw2102: fix a potential buffer overflow (Mauro Carvalho Chehab) - bnx2x: Fix multiple UBSAN array-index-out-of-bounds (Ghadi Elie Rahme) [Orabug: 36897886] {CVE-2024-42148} - drm/amdgpu/atomfirmware: silence UBSAN warning (Alex Deucher) - drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (Ma Ke) [Orabug: 36897640] {CVE-2024-42101} - Revert 'mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again' (Jan Kara) - fsnotify: Do not generate events for O_PATH file descriptors (Jan Kara) - can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct (Jimmy Assarsson) - mm: optimize the redundant loop of mm_update_owner_next() (Jinliang Zheng) - nilfs2: add missing check for inode numbers on directory entries (Ryusuke Konishi) [Orabug: 36897652] {CVE-2024-42104} - nilfs2: fix inode number range checks (Ryusuke Konishi) [Orabug: 36897658] {CVE-2024-42105} - inet_diag: Initialize pad field in struct inet_diag_req_v2 (Shigeru Yoshida) [Orabug: 36897666] {CVE-2024-42106} - selftests: make order checking verbose in msg_zerocopy selftest (Zijian Zhang) - selftests: fix OOM in msg_zerocopy selftest (Zijian Zhang) - bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (Sam Sun) [Orabug: 36825248] {CVE-2024-39487} - tcp_metrics: validate source addr length (Jakub Kicinski) [Orabug: 36897915] {CVE-2024-42154} - UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (Neal Cardwell) - net: tcp better handling of reordering then loss cases (Yuchung Cheng) - tcp: add ece_ack flag to reno sack functions (Yousuk Seung) - tcp: tcp_mark_head_lost is only valid for sack-tcp (zhang kai) - s390/pkey: Wipe sensitive data on failure (Holger Dengler) [Orabug: 36897934] {CVE-2024-42157} - jffs2: Fix potential illegal address access in jffs2_free_inode (Wang Yong) [Orabug: 36897696] {CVE-2024-42115} - powerpc/xmon: Check cpu id in commands 'c#', 'dp#' and 'dx#' (Greg Kurz) - orangefs: fix out-of-bounds fsid access (Mike Marshall) [Orabug: 36897837] {CVE-2024-42143} - powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n (Michael Ellerman) - i2c: i801: Annotate apanel_addr as __ro_after_init (Heiner Kallweit) - media: dvb-frontends: tda10048: Fix integer overflow (Ricardo Ribalda) [Orabug: 36897976] {CVE-2024-42223} - media: s2255: Use refcount_t instead of atomic_t for num_channels (Ricardo Ribalda) - media: dvb-frontends: tda18271c2dd: Remove casting during div (Ricardo Ribalda) - net: dsa: mv88e6xxx: Correct check for empty list (Simon Horman) [Orabug: 36897982] {CVE-2024-42224} - Input: ff-core - prefer struct_size over open coded arithmetic (Erick Archer) - firmware: dmi: Stop decoding on broken entry (Jean Delvare) - sctp: prefer struct_size over open coded arithmetic (Erick Archer) - media: dw2102: Don't translate i2c read into write (Michael Bunk) - drm/amd/display: Skip finding free audio for unknown engine_id (Alex Hung) [Orabug: 36897726] {CVE-2024-42119} - drm/amdgpu: Initialize timestamp for some legacy SOCs (Ma Jun) - scsi: qedf: Make qedf_execute_tmf() non-preemptible (John Meneghini) [Orabug: 36897761] {CVE-2024-42124} - IB/core: Implement a limit on UMAD receive List (Michael Guralnik) [Orabug: 36897847] {CVE-2024-42145} - media: dvb-usb: dib0700_devices: Add missing release_firmware() (Ricardo Ribalda) - media: dvb: as102-fe: Fix as10x_register_addr packing (Ricardo Ribalda) - drm/lima: fix shared irq handling on driver remove (Erico Nunes) [Orabug: 36897779] {CVE-2024-42127} - LTS tag: v5.4.279 (Alok Tiwari) - arm64: dts: rockchip: Add sound-dai-cells for RK3368 (Alex Bee) - ARM: dts: rockchip: rk3066a: add #sound-dai-cells to hdmi node (Johan Jonker) - tcp: Fix data races around icsk->icsk_af_ops. (Kuniyuki Iwashima) [Orabug: 34719866] {CVE-2022-3566} - ipv6: Fix data races around sk->sk_prot. (Kuniyuki Iwashima) [Orabug: 34719906] {CVE-2022-3567} - ipv6: annotate some data-races around sk->sk_prot (Eric Dumazet) - nfs: Leave pages in the pagecache if readpage failed (Matthew Wilcox (Oracle)) - pwm: stm32: Refuse too small period requests (Uwe Kleine-Konig) - mtd: spinand: macronix: Add support for serial NAND flash (Jaime Liao) - ftruncate: pass a signed offset (Arnd Bergmann) [Orabug: 36897558] {CVE-2024-42084} - ata: libata-core: Fix double free on error (Niklas Cassel) [Orabug: 36897374] {CVE-2024-41087} - batman-adv: Don't accept TT entries for out-of-spec VIDs (Sven Eckelmann) - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (Ma Ke) [Orabug: 36897380] {CVE-2024-41089} - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (Ma Ke) [Orabug: 36897444] {CVE-2024-41095} - hexagon: fix fadvise64_64 calling conventions (Arnd Bergmann) - csky, hexagon: fix broken sys_sync_file_range (Arnd Bergmann) - net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new (Oleksij Rempel) - net: can: j1939: recover socket queue on CAN bus error during BAM transmission (Oleksij Rempel) - net: can: j1939: Initialize unused data in j1939_send_one() (Shigeru Yoshida) [Orabug: 36897516] {CVE-2024-42076} - tty: mcf: MCF54418 has 10 UARTS (Jean-Michel Hautbois) - usb: atm: cxacru: fix endpoint checking in cxacru_bind() (Nikita Zhandarovich) [Orabug: 36897451] {CVE-2024-41097} - usb: musb: da8xx: fix a resource leak in probe() (Dan Carpenter) - usb: gadget: printer: SS+ support (Oliver Neukum) - net: usb: ax88179_178a: improve link status logs (Jose Ignacio Tornos Martinez) - iio: chemical: bme680: Fix sensor data read operation (Vasileios Amoiridis) - iio: chemical: bme680: Fix overflows in compensate() functions (Vasileios Amoiridis) [Orabug: 36897566] {CVE-2024-42086} - iio: chemical: bme680: Fix calibration data variable (Vasileios Amoiridis) - iio: chemical: bme680: Fix pressure value output (Vasileios Amoiridis) - iio: adc: ad7266: Fix variable checking bug (Fernando Yang) - mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() (Adrian Hunter) - mmc: sdhci: Do not invert write-protect twice (Adrian Hunter) - mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos (Ilpo Jarvinen) - x86: stop playing stack games in profile_pc() (Linus Torvalds) [Orabug: 36897616] {CVE-2024-42096} - gpio: davinci: Validate the obtained number of IRQs (Aleksandr Mishin) [Orabug: 36897599] {CVE-2024-42092} - nvme: fixup comment for nvme RDMA Provider Type (Hannes Reinecke) - soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message (Andrew Davis) - media: dvbdev: Initialize sbuf (Ricardo Ribalda) - ALSA: emux: improve patch ioctl data validation (Oswald Buddenhagen) [Orabug: 36897624] {CVE-2024-42097} - net/dpaa2: Avoid explicit cpumask var allocation on stack (Dawei Li) [Orabug: 36897602] {CVE-2024-42093} - net/iucv: Avoid explicit cpumask var allocation on stack (Dawei Li) [Orabug: 36897608] {CVE-2024-42094} - mtd: partitions: redboot: Added conversion of operands to a larger type (Denis Arefev) - drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep (Laurent Pinchart) [Orabug: 36897570] {CVE-2024-42087} - netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (Pablo Neira Ayuso) [Orabug: 36897500] {CVE-2024-42070} - parisc: use correct compat recv/recvfrom syscalls (Arnd Bergmann) - sparc: fix old compat_sys_select() (Arnd Bergmann) - net: phy: micrel: add Microchip KSZ 9477 to the device table (Enguerrand de Ribaucourt) - net: phy: mchp: Add support for LAN8814 QUAD PHY (Divya Koppera) - net: dsa: microchip: fix initial port flush problem (Tristram Ha) - ASoC: fsl-asoc-card: set priv->pdev before using it (Elinor Montmasson) [Orabug: 36897578] {CVE-2024-42089} - netfilter: nf_tables: validate family when identifying table via handle (Pablo Neira Ayuso) - drm/amdgpu: fix UBSAN warning in kv_dpm.c (Alex Deucher) [Orabug: 36835992] {CVE-2024-40987} - pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set (Huang-Huang Bao) - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins (Huang-Huang Bao) - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins (Huang-Huang Bao) - pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (Hagar Hemdan) [Orabug: 36897586] {CVE-2024-42090} - iio: dac: ad5592r: fix temperature channel scaling value (Marc Ferland) - iio: dac: ad5592r: un-indent code-block for scale read (Alexandru Ardelean) - iio: dac: ad5592r-base: Replace indio_dev->mlock with own device lock (Sergiu Cuciurean) - x86/amd_nb: Check for invalid SMN reads (Yazen Ghannam) - PCI: Add PCI_ERROR_RESPONSE and related definitions (Naveen Naidu) - perf/core: Fix missing wakeup when waiting for context reference (Haifeng Xu) - tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test (Jeff Johnson) - arm64: dts: qcom: qcs404: fix bluetooth device address (Johan Hovold) - ARM: dts: samsung: smdk4412: fix keypad no-autorepeat (Krzysztof Kozlowski) - ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat (Krzysztof Kozlowski) - ARM: dts: samsung: smdkv310: fix keypad no-autorepeat (Krzysztof Kozlowski) - i2c: ocores: set IACK bit after core is enabled (Grygorii Tertychnyi) - gcov: add support for GCC 14 (Peter Oberparleiter) - drm/radeon: fix UBSAN warning in kv_dpm.c (Alex Deucher) [Orabug: 36835997] {CVE-2024-40988} - ACPICA: Revert 'ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.' (Raju Rangoju) - dmaengine: ioatdma: Fix missing kmem_cache_destroy() (Nikita Shubin) - regulator: core: Fix modpost error 'regulator_get_regmap' undefined (Biju Das) - net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings (Oliver Neukum) - netfilter: ipset: Fix suspicious rcu_dereference_protected() (Jozsef Kadlecsik) [Orabug: 36838634] {CVE-2024-40993} - virtio_net: checksum offloading handling fix (Heng Qi) - net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (David Ruth) [Orabug: 36836019] {CVE-2024-40995} - net/sched: act_api: rely on rcu in tcf_idr_check_alloc (Pedro Tammela) - netns: Make get_net_ns() handle zero refcount net (Yue Haibing) [Orabug: 36835849] {CVE-2024-40958} - xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (Eric Dumazet) [Orabug: 36835852] {CVE-2024-40959} - ipv6: prevent possible NULL dereference in rt6_probe() (Eric Dumazet) [Orabug: 36835857] {CVE-2024-40960} - ipv6: prevent possible NULL deref in fib6_nh_init() (Eric Dumazet) [Orabug: 36835862] {CVE-2024-40961} - netrom: Fix a memory leak in nr_heartbeat_expiry() (Gavrilov Ilia) [Orabug: 36836086] {CVE-2024-41006} - cipso: fix total option length computation (Ondrej Mosnacek) - mips: bmips: BCM6358: make sure CBR is correctly set (Christian Marangi) [Orabug: 36835870] {CVE-2024-40963} - MIPS: Routerboard 532: Fix vendor retry check code (Ilpo Jarvinen) - PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (Mario Limonciello) - udf: udftime: prevent overflow in udf_disk_stamp_to_time() (Roman Smirnov) - usb: misc: uss720: check for incompatible versions of the Belkin F5U002 (Alex Henrie) - powerpc/io: Avoid clang null pointer arithmetic warnings (Michael Ellerman) - powerpc/pseries: Enforce hcall result buffer validity and size (Nathan Lynch) [Orabug: 36835926] {CVE-2024-40974} - Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl (Uri Arev) - scsi: qedi: Fix crash while reading debugfs attribute (Manish Rangankar) [Orabug: 36835947] {CVE-2024-40978} - drop_monitor: replace spin_lock by raw_spin_lock (Wander Lairson Costa) [Orabug: 36835960] {CVE-2024-40980} - batman-adv: bypass empty buckets in batadv_purge_orig_ref() (Eric Dumazet) [Orabug: 36835966] {CVE-2024-40981} - selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (Alessandro Carminati (Red Hat)) - rcutorture: Fix rcu_torture_one_read() pipe_count overflow comment (Paul E. McKenney) - i2c: at91: Fix the functionality flags of the slave-only interface (Jean Delvare) - usb-storage: alauda: Check whether the media is initialized (Shichao Lai) [Orabug: 36753734] {CVE-2024-38619} - greybus: Fix use-after-free bug in gb_interface_release due to race condition. (Sicong Huang) [Orabug: 36835564] {CVE-2024-39495} - netfilter: nftables: exthdr: fix 4-byte stack OOB write (Florian Westphal) [Orabug: 35814445] {CVE-2023-4881} {CVE-2023-52628} - hugetlb_encode.h: fix undefined behaviour (34 << 26) (Matthias Goergens) - tick/nohz_full: Don't abuse smp_call_function_single() in tick_setup_device() (Oleg Nesterov) - nilfs2: fix potential kernel bug due to lack of writeback flag waiting (Ryusuke Konishi) [Orabug: 36774571] {CVE-2024-37078} - intel_th: pci: Add Lunar Lake support (Alexander Shishkin) - intel_th: pci: Add Meteor Lake-S support (Alexander Shishkin) - intel_th: pci: Add Sapphire Rapids SOC support (Alexander Shishkin) - intel_th: pci: Add Granite Rapids SOC support (Alexander Shishkin) - intel_th: pci: Add Granite Rapids support (Alexander Shishkin) - dmaengine: axi-dmac: fix possible race in remove() (Nuno Sa) - PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id (Rick Wertenbroek) - ocfs2: fix races between hole punching and AIO+DIO (Su Yue) [Orabug: 36835817] {CVE-2024-40943} - ocfs2: use coarse time for new created files (Su Yue) - fs/proc: fix softlockup in __read_vmcore (Rik van Riel) - vmci: prevent speculation leaks by sanitizing event in event_deliver() (Hagar Gamal Halim Hemdan) [Orabug: 36835582] {CVE-2024-39499} - tracing/selftests: Fix kprobe event name test for .isra. functions (Steven Rostedt (Google)) - drm/exynos/vidi: fix memory leak in .get_modes() (Jani Nikula) [Orabug: 36835786] {CVE-2024-40932} - drivers: core: synchronize really_probe() and dev_uevent() (Dirk Behme) [Orabug: 36835589] {CVE-2024-39501} - ionic: fix use after netif_napi_del() (Taehee Yoo) [Orabug: 36835595] {CVE-2024-39502} - net/ipv6: Fix the RT cache flush via sysctl using a previous delay (Petr Pavlu) - net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets (Gal Pressman) - tcp: fix race in tcp_v6_syn_recv_sock() (Eric Dumazet) - drm/bridge/panel: Fix runtime warning on panel bridge release (Adam Miotk) - drm/komeda: check for error-valued pointer (Amjad Ouled-Ameur) [Orabug: 36835674] {CVE-2024-39505} - liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet (Aleksandr Mishin) [Orabug: 36835677] {CVE-2024-39506} - HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() (Jose Exposito) [Orabug: 36835793] {CVE-2024-40934} - iommu: Return right value in iommu_sva_bind_device() (Lu Baolu) [Orabug: 36835824] {CVE-2024-40945} - iommu/amd: Fix sysfs leak in iommu init (Kun(llfl)) - HID: core: remove unnecessary WARN_ON() in implement() (Nikita Zhandarovich) [Orabug: 36835689] {CVE-2024-39509} - gpio: tqmx86: fix typo in Kconfig label (Gregor Herburger) - SUNRPC: return proper error from gss_wrap_req_priv (Chen Hanxiao) - Input: try trimming too long modalias strings (Dmitry Torokhov) - scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (Breno Leitao) [Orabug: 36835696] {CVE-2024-40901} - xhci: Apply broken streams quirk to Etron EJ188 xHCI host (Kuangyi Chiang) - xhci: Apply reset resume quirk to Etron EJ188 xHCI host (Kuangyi Chiang) - xhci: Set correct transferred length for cancelled bulk transfers (Mathias Nyman) - jfs: xattr: fix buffer overflow for invalid xattr (Greg Kroah-Hartman) [Orabug: 36835701] {CVE-2024-40902} - mei: me: release irq in mei_me_pci_resume error path (Tomas Winkler) - USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (Alan Stern) [Orabug: 36835709] {CVE-2024-40904} - nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors (Ryusuke Konishi) [Orabug: 36774647] {CVE-2024-39469} - nilfs2: return the mapped address from nilfs_get_page() (Matthew Wilcox (Oracle)) - nilfs2: Remove check for PageError (Matthew Wilcox (Oracle)) - selftests/mm: compaction_test: fix bogus test success on Aarch64 (Dev Jain) - selftests/mm: conform test to TAP format output (Muhammad Usama Anjum) - selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages (Dev Jain) - serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler (Hugo Villeneuve) - serial: sc16is7xx: replace hardcoded divisor value with BIT() macro (Hugo Villeneuve) - drm/amd/display: Handle Y carry-over in VCP X.Y calculation (George Shen) - ASoC: ti: davinci-mcasp: Fix race condition during probe (Joao Paulo Goncalves) - ASoC: ti: davinci-mcasp: Handle missing required DT properties (Peter Ujfalusi) - ASoC: ti: davinci-mcasp: Simplify the configuration parameter handling (Peter Ujfalusi) - ASoC: ti: davinci-mcasp: Remove legacy dma_request parsing (Peter Ujfalusi) - ASoC: ti: davinci-mcasp: Use platform_get_irq_byname_optional (Peter Ujfalusi) - ASoC: ti: davinci-mcasp: remove always zero of davinci_mcasp_get_dt_params (Zhang Qilong) - ASoC: ti: davinci-mcasp: remove redundant assignment to variable ret (Colin Ian King) - usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (Wesley Cheng) [Orabug: 36683255] {CVE-2024-36894} - ipv6: fix possible race in __fib6_drop_pcpu_from() (Eric Dumazet) [Orabug: 36835716] {CVE-2024-40905} - af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill(). (Kuniyuki Iwashima) - af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen(). (Kuniyuki Iwashima) - af_unix: Use unix_recvq_full_lockless() in unix_stream_connect(). (Kuniyuki Iwashima) - af_unix: Annotate data-race of net->unx.sysctl_max_dgram_qlen. (Kuniyuki Iwashima) - af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG. (Kuniyuki Iwashima) - af_unix: Annotate data-races around sk->sk_state in sendmsg() and recvmsg(). (Kuniyuki Iwashima) - af_unix: Annotate data-races around sk->sk_state in unix_write_space() and poll(). (Kuniyuki Iwashima) - af_unix: Annotate data-race of sk->sk_state in unix_inq_len(). (Kuniyuki Iwashima) - ptp: Fix error message on failed pin verification (Karol Kolacinski) - net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (Eric Dumazet) [Orabug: 36748169] {CVE-2024-36974} - tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (Jason Xing) - net: sched: sch_multiq: fix possible OOB write in multiq_tune() (Hangyu Hua) [Orabug: 36748177] {CVE-2024-36978} - ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (Eric Dumazet) - wifi: iwlwifi: mvm: don't read past the mfuart notifcation (Emmanuel Grumbach) [Orabug: 36835808] {CVE-2024-40941} - wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef (Shahar S Matityahu) - wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 (Johannes Berg) - wifi: cfg80211: pmsr: use correct nla_get_uX functions (Lin Ma) - wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() (Remi Pommarel) [Orabug: 36835735] {CVE-2024-40912} - wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects (Nicolas Escande) [Orabug: 36835812] {CVE-2024-40942} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-39506 CVE-2024-40904 CVE-2024-40988 CVE-2024-39469 CVE-2024-39499 CVE-2024-40932 CVE-2024-40960 CVE-2024-41035 CVE-2024-41097 CVE-2022-3566 CVE-2022-3567 CVE-2024-36978 CVE-2024-40995 CVE-2024-41044 CVE-2024-42089 CVE-2024-42096 CVE-2024-39495 CVE-2024-40978 CVE-2024-39487 CVE-2024-40987 CVE-2024-42148 CVE-2024-39501 CVE-2024-41041 CVE-2024-36894 CVE-2024-39505 CVE-2024-40902 CVE-2024-40958 CVE-2024-41034 CVE-2024-40974 CVE-2024-40981 CVE-2024-42070 CVE-2023-52628 CVE-2024-40905 CVE-2024-40961 CVE-2024-40980 CVE-2024-41089 CVE-2024-42092 CVE-2024-42115 CVE-2024-36484 CVE-2024-39502 CVE-2024-41006 CVE-2024-42086 CVE-2024-42090 CVE-2024-42143 CVE-2024-42145 CVE-2024-40934 CVE-2024-40945 CVE-2024-41087 CVE-2024-42087 CVE-2024-42101 CVE-2024-38619 CVE-2024-40901 CVE-2024-40912 CVE-2024-40941 CVE-2024-41046 CVE-2024-42104 CVE-2023-52803 CVE-2024-40942 CVE-2024-40993 CVE-2024-42076 CVE-2024-40943 CVE-2023-4881 CVE-2024-41007 CVE-2024-41095 CVE-2024-42106 CVE-2024-42105 CVE-2024-36974 CVE-2024-41022 CVE-2024-42093 CVE-2024-42097 CVE-2024-41049 CVE-2024-42223 CVE-2024-40959 CVE-2024-40963 CVE-2024-42224 CVE-2024-42124 CVE-2024-42236 CVE-2024-42153 CVE-2024-42119 CVE-2024-37078 CVE-2024-39509 CVE-2024-40968 CVE-2024-42084 CVE-2024-42094 CVE-2024-42127 CVE-2024-42154 CVE-2024-42157 CVE-2024-42232 cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:8::developer_UEKR6 cpe:/a:oracle:linux:7::developer_UEKR6 cpe:/o:oracle:linux:8:10:baseos_patch cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 7 [4.14.35-2047.540.4.1] - Revert 'selftests/kcmp: Make the test output consistent and clear' (Samasth Norway Ananda) [Orabug: 37029311] [4.14.35-2047.540.4] - kdb: Use the passed prompt in kdb_position_cursor() (Douglas Anderson) - ipvs: Avoid unnecessary calls to skb_is_gso_sctp (Ismael Luceno) - printk: add kthread for long-running print (Stephen Brennan) [Orabug: 36208661] [4.14.35-2047.540.3] - MIPS: Octeon: Add PCIe link status check (Dave Kleikamp) [Orabug: 36952386] {CVE-2024-40968} [4.14.35-2047.540.2] - fsnotify: clear PARENT_WATCHED flags lazily (Amir Goldstein) [Orabug: 36922242] - cifs: fix panic in smb2_reconnect (Ronnie Sahlberg) [Orabug: 36314494] - cifs: convert cifs_put_smb_ses from static to global (Dai Ngo) [Orabug: 36314494] - net: relax socket state check at accept time. (Paolo Abeni) [Orabug: 36768890] {CVE-2024-36484} [4.14.35-2047.540.1] - x86/cpu: Avoid cpuinfo-induced IPI pileups (Paul E. McKenney) [Orabug: 35773812] - LTS version v4.14.349 (Yifei Liu) - x86/kvm: Disable all PV features on crash (Vitaly Kuznetsov) - x86/kvm: Disable kvmclock on all CPUs on shutdown (Vitaly Kuznetsov) - x86/kvm: Teardown PV features on boot CPU as well (Vitaly Kuznetsov) - nfs: fix undefined behavior in nfs_block_bits() (Sergey Shtylyov) - ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (Baokun Li) [Orabug: 36774600] {CVE-2024-39276} - sparc: move struct termio to asm/termios.h (Mike Gilbert) - kdb: Use format-specifiers rather than memset() for padding in kdb_read() (Daniel Thompson) - kdb: Merge identical case statements in kdb_read() (Daniel Thompson) - kdb: Fix console handling when editing and tab-completing commands (Daniel Thompson) - kdb: Use format-strings rather than '- kdb: Fix buffer overflow during tab-complete (Daniel Thompson) [Orabug: 36809289] {CVE-2024-39480} - sparc64: Fix number of online CPUs (Sam Ravnborg) - intel_th: pci: Add Meteor Lake-S CPU support (Alexander Shishkin) - net/9p: fix uninit-value in p9_client_rpc() (Nikita Zhandarovich) [Orabug: 36774613] {CVE-2024-39301} - KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode (Marc Zyngier) - netfilter: nft_dynset: relax superfluous check on set updates (Pablo Neira Ayuso) - netfilter: nft_dynset: report EOPNOTSUPP on missing set feature (Pablo Neira Ayuso) - netfilter: nf_tables: don't skip expired elements during walk (Pablo Neira Ayuso) - netfilter: nf_tables: drop map element references from preparation phase (Pablo Neira Ayuso) - netfilter: nf_tables: pass ctx to nf_tables_expr_destroy() (Pablo Neira Ayuso) - netfilter: nftables: rename set element data activation/deactivation functions (Pablo Neira Ayuso) - netfilter: nf_tables: pass context to nft_set_destroy() (Pablo Neira Ayuso) - netfilter: nf_tables: fix set double-free in abort path (Pablo Neira Ayuso) - netfilter: nf_tables: add nft_set_is_anonymous() helper (Pablo Neira Ayuso) - fbdev: savage: Handle err return when savagefb_check_var failed (Cai Xinchen) [Orabug: 36809265] {CVE-2024-39475} - media: v4l2-core: hold videodev_lock until dev reg, finishes (Hans Verkuil) - media: mxl5xx: Move xpt structures off stack (Nathan Chancellor) - arm64: dts: hi3798cv200: fix the size of GICR (Yang Xiwen) - arm64: tegra: Correct Tegra132 I2C alias (Krzysztof Kozlowski) - ata: pata_legacy: make legacy_exit() work again (Sergey Shtylyov) - neighbour: fix unaligned access to pneigh_entry (Qingfang DENG) - nilfs2: fix use-after-free of timer for log writer thread (Ryusuke Konishi) [Orabug: 36753565] {CVE-2024-38583} - fs/nilfs2: convert timers to use timer_setup() (Kees Cook) - mmc: core: Do not force a retune before RPMB switch (Jorge Ramirez-Ortiz) - binder: fix max_thread type inconsistency (Carlos Llamas) - ALSA: timer: Set lower bound of start tick time (Takashi Iwai) [Orabug: 36753730] {CVE-2024-38618} - ALSA: timer: Simplify timer hw resolution calls (Takashi Iwai) - ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound (Yue Haibing) [Orabug: 36763552] {CVE-2024-33621} - ipvlan: add ipvlan_route_v6_outbound() helper (Eric Dumazet) [Orabug: 36940543] {CVE-2023-52796} - ipvlan: properly track tx_errors (Eric Dumazet) - net: add DEV_STATS_READ() helper (Eric Dumazet) - kconfig: fix comparison to constant symbols, 'm', 'n' (Masahiro Yamada) - net:fec: Add fec_enet_deinit() (Xiaolei Wang) - net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM (Parthiban Veerasooran) - smsc95xx: use usbnet->driver_priv (Andre Edich) - smsc95xx: remove redundant function arguments (Andre Edich) - enic: Validate length of nl attributes in enic_set_vf_port (Roded Zats) [Orabug: 36763837] {CVE-2024-38659} - dma-buf/sw-sync: don't enable IRQ from sync_print_obj() (Tetsuo Handa) [Orabug: 36763846] {CVE-2024-38780} - net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion (Carolina Jubran) - nvmet: fix ns enable/disable possible hang (Sagi Grimberg) - spi: Don't mark message DMA mapped when no transfer in it is (Andy Shevchenko) - netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (Eric Dumazet) [Orabug: 36763571] {CVE-2024-36286} - net: fec: avoid lock evasion when reading pps_enable (Wei Fang) - net: fec: remove redundant variable 'inc' (Colin Ian King) - virtio: delete vq in vp_find_vqs_msix() when request_irq() fails (Jiri Pirko) [Orabug: 36763588] {CVE-2024-37353} - arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY (Jiangfeng Xiao) [Orabug: 36825259] {CVE-2024-39488} - openvswitch: Set the skbuff pkt_type for proper pmtud support. (Aaron Conole) - tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). (Kuniyuki Iwashima) [Orabug: 36763592] {CVE-2024-37356} - params: lift param_set_uint_minmax to common code (Sagi Grimberg) - ipv6: sr: fix memleak in seg6_hmac_init_algo (Hangbin Liu) [Orabug: 36825263] {CVE-2024-39489} - x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y (Masahiro Yamada) - null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (Zhu Yanjun) - media: cec: cec-api: add locking in cec_release() (Hans Verkuil) - um: Fix the -Wmissing-prototypes warning for __switch_mm (Tiwei Bie) - powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp (Shrikanth Hegde) - media: stk1160: fix bounds checking in stk1160_copy_video() (Dan Carpenter) [Orabug: 36763603] {CVE-2024-38621} - um: Add winch to winch_handlers before registering winch IRQ (Roberto Sassu) [Orabug: 36768584] {CVE-2024-39292} - um: Fix return value in ubd_init() (Duoming Zhou) - Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation (Fenglin Wu) - Input: ims-pcu - fix printf string overflow (Arnd Bergmann) - libsubcmd: Fix parse-options memory leak (Ian Rogers) - f2fs: add error prints for debugging mount failure (Sahitya Tummala) - extcon: max8997: select IRQ_DOMAIN instead of depending on it (Randy Dunlap) - ppdev: Add an error check in register_device (Huai-Yuan Liu) [Orabug: 36678065] {CVE-2024-36015} - stm class: Fix a double free in stm_register_device() (Dan Carpenter) [Orabug: 36763764] {CVE-2024-38627} - usb: gadget: u_audio: Clear uac pointer when freed. (Chris Wulff) - greybus: arche-ctrl: move device table to its right location (Arnd Bergmann) - serial: max3100: Fix bitwise types (Andy Shevchenko) - serial: max3100: Update uart_driver_registered on driver removal (Andy Shevchenko) [Orabug: 36763815] {CVE-2024-38633} - serial: max3100: Lock port->lock when calling uart_handle_cts_change() (Andy Shevchenko) [Orabug: 36763820] {CVE-2024-38634} - firmware: dmi-id: add a release callback function (Arnd Bergmann) - dmaengine: idma64: Add check for dma_set_max_seg_size (Chen Ni) - greybus: lights: check return of get_channel_from_mode (Rui Miguel Silva) [Orabug: 36763833] {CVE-2024-38637} - sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level (Vitalii Bursov) - sched/topology: Don't set SD_BALANCE_WAKE on cpuset domain relax (Valentin Schneider) - af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (Eric Dumazet) - netrom: fix possible dead-lock in nr_rt_ioctl() (Eric Dumazet) [Orabug: 36753582] {CVE-2024-38589} - RDMA/IPoIB: Fix format truncation compilation errors (Leon Romanovsky) - RDMA/ipoib: Fix use of sizeof() (Kamal Heib) - selftests/kcmp: remove unused open mode (Edward Liaw) - selftests/kcmp: Make the test output consistent and clear (Gautam Menghani) - ext4: avoid excessive credit estimate in ext4_tmpfile() (Jan Kara) - x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map (Adrian Hunter) - ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value (Steven Rostedt) - fbdev: sh7760fb: allow modular build (Randy Dunlap) - media: radio-shark2: Avoid led_names truncations (Ricardo Ribalda) - media: ngene: Add dvb_ca_en50221_init return value check (Aleksandr Burakov) - powerpc/fsl-soc: hide unused const variable (Arnd Bergmann) - drm/mediatek: Add 0 size check to mtk_drm_gem_obj (Justin Green) [Orabug: 36753415] {CVE-2024-38549} - fbdev: shmobile: fix snprintf truncation (Arnd Bergmann) - mtd: rawnand: hynix: fixed typo (Maxim Korotkov) - ipv6: sr: fix invalid unregister error path (Hangbin Liu) [Orabug: 36753711] {CVE-2024-38612} - ipv6: sr: fix incorrect unregister order (Hangbin Liu) - ipv6: sr: add missing seg6_local_exit (Hangbin Liu) - net: openvswitch: fix overwriting ct original tuple for ICMPv6 (Ilya Maximets) [Orabug: 36753463] {CVE-2024-38558} - net: usb: smsc95xx: stop lying about skb->truesize (Eric Dumazet) - af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (Breno Leitao) [Orabug: 36753600] {CVE-2024-38596} - m68k: mac: Fix reboot hang on Mac IIci (Finn Thain) - m68k/mac: Use '030 reset method on SE/30 (Finn Thain) - m68k: Fix spinlock race in kernel thread creation (Michael Schmitz) [Orabug: 36753715] {CVE-2024-38613} - net: usb: sr9700: stop lying about skb->truesize (Eric Dumazet) - wifi: mwl8k: initialize cmd->addr[] properly (Dan Carpenter) - scsi: qedf: Ensure the copied buf is NUL terminated (Bui Quang Minh) [Orabug: 36753468] {CVE-2024-38559} - scsi: bfa: Ensure the copied buf is NUL terminated (Bui Quang Minh) [Orabug: 36753473] {CVE-2024-38560} - Revert 'sh: Handle calling csum_partial with misaligned data' (Guenter Roeck) - sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe() (Geert Uytterhoeven) - wifi: ar5523: enable proper endpoint verification (Nikita Zhandarovich) [Orabug: 36753486] {CVE-2024-38565} - wifi: carl9170: add a proper sanity check for endpoints (Nikita Zhandarovich) [Orabug: 36753509] {CVE-2024-38567} - macintosh/via-macii: Fix 'BUG: sleeping function called from invalid context' (Finn Thain) - macintosh/via-macii, macintosh/adb-iop: Clean up whitespace (Finn Thain) - m68k/mac: Add mutual exclusion for IOP interrupt polling (Finn Thain) - macintosh/via-macii: Remove BUG_ON assertions (Finn Thain) - wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() (Su Hui) - scsi: hpsa: Fix allocation size for Scsi_Host private data (Yuri Karpov) - scsi: libsas: Fix the failure of adding phy with zero-address to port (Xingui Yang) - ACPI: disable -Wstringop-truncation (Arnd Bergmann) - irqchip/alpine-msi: Fix off-by-one in allocation error path (Zenghui Yu) - scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL (Andrew Halaney) - scsi: ufs: core: Perform read back after disabling interrupts (Andrew Halaney) - scsi: ufs: qcom: Perform read back after writing reset bit (Andrew Halaney) - wifi: ath10k: poll service ready message before failing (Baochen Qiang) - nfsd: drop st_mutex before calling move_to_close_lru() (NeilBrown) - null_blk: Fix missing mutex_destroy() at module removal (Zhu Yanjun) - jffs2: prevent xattr node from overflowing the eraseblock (Ilya Denisyev) [Orabug: 36753652] {CVE-2024-38599} - crypto: ccp - drop platform ifdef checks (Arnd Bergmann) - parisc: add missing export of __cmpxchg_u8() (Al Viro) - nilfs2: fix out-of-range warning (Arnd Bergmann) - ecryptfs: Fix buffer size for tag 66 packet (Brian Kubisiak) [Orabug: 36753537] {CVE-2024-38578} - firmware: raspberrypi: Use correct device for DMA mappings (Laurent Pinchart) - crypto: bcm - Fix pointer arithmetic (Aleksandr Mishin) [Orabug: 36753542] {CVE-2024-38579} - ASoC: da7219-aad: fix usage of device_get_named_child_node() (Pierre-Louis Bossart) - ASoC: dt-bindings: rt5645: add cbj sleeve gpio property (Derek Fang) - ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating (Derek Fang) - net: usb: qmi_wwan: add Telit FN920C04 compositions (Daniele Palmas) - wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class (Igor Artemiev) - tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (Daniel Starke) [Orabug: 36678069] {CVE-2024-36016} - nilfs2: fix potential hang in nilfs_detach_log_writer() (Ryusuke Konishi) [Orabug: 36753558] {CVE-2024-38582} - nilfs2: fix unexpected freezing of nilfs_segctor_sync() (Ryusuke Konishi) - ring-buffer: Fix a race between readers and resize checks (Petr Pavlu) [Orabug: 36753662] {CVE-2024-38601} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-38582 CVE-2024-39276 CVE-2024-38560 CVE-2024-38599 CVE-2024-38601 CVE-2023-52796 CVE-2024-38659 CVE-2024-38565 CVE-2024-38637 CVE-2024-38579 CVE-2024-33621 CVE-2024-36015 CVE-2024-39301 CVE-2024-38634 CVE-2024-39488 CVE-2024-37353 CVE-2024-38549 CVE-2024-38583 CVE-2024-39475 CVE-2024-38578 CVE-2024-38589 CVE-2024-38618 CVE-2024-38621 CVE-2024-39480 CVE-2024-39489 CVE-2024-38558 CVE-2024-40968 CVE-2024-36484 CVE-2024-38559 CVE-2024-38780 CVE-2024-36016 CVE-2024-36286 CVE-2024-37356 CVE-2024-38596 CVE-2024-38613 CVE-2024-38633 CVE-2024-39292 CVE-2024-38567 CVE-2024-38612 CVE-2024-38627 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:linux:7::UEKR5 cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.335.4.el8] - mm: memcg/slab: enable kmalloc-cg-<n> caches for x86_64. (Imran Khan) [Orabug: 36951041] - printk: add kthread for long-running print (Stephen Brennan) [Orabug: 36456582] - kdb: Use the passed prompt in kdb_position_cursor() (Douglas Anderson) - driver core: Fix uevent_show() vs driver detach race (Dan Williams) - pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails (Yang Yingliang) - pinctrl: ti: ti-iodelay: Drop if block with always false condition (Uwe Kleine-Konig) - pinctrl: single: fix possible memory leak when pinctrl_enable() fails (Yang Yingliang) - pinctrl: core: fix possible memory leak when pinctrl_enable() fails (Yang Yingliang) - ipvs: Avoid unnecessary calls to skb_is_gso_sctp (Ismael Luceno) [5.4.17-2136.335.3.el8] - MIPS: Octeon: Add PCIe link status check (Dave Kleikamp) [Orabug: 36947196] [5.4.17-2136.335.2.el8] - drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() (Dan Carpenter) - net: relax socket state check at accept time. (Paolo Abeni) - fsnotify: clear PARENT_WATCHED flags lazily (Amir Goldstein) [Orabug: 36922241] - NFSD: Increase NFSD_MAX_OPS_PER_COMPOUND (Chuck Lever) [Orabug: 36908594] - x86/cpu: Avoid cpuinfo-induced IPI pileups (Paul E. McKenney) [Orabug: 35773811] [5.4.17-2136.335.1.el8] - LTS tag: v5.4.280 (Alok Tiwari) - i2c: rcar: bring hardware to known state when probing (Wolfram Sang) - nilfs2: fix kernel bug on rename operation of broken directory (Ryusuke Konishi) - tcp: avoid too many retransmit packets (Eric Dumazet) - tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() (Eric Dumazet) - net: tcp: fix unexcepted socket die when snd_wnd is 0 (Menglong Dong) - tcp: refactor tcp_retransmit_timer() (Eric Dumazet) - SUNRPC: Fix RPC client cleaned up the freed pipefs dentries (felix) - libceph: fix race between delayed_work() and ceph_monc_stop() (Ilya Dryomov) - ALSA: hda/realtek: Limit mic boost on VAIO PRO PX (Edson Juliano Drosdeck) - nvmem: meson-efuse: Fix return value of nvmem callbacks (Joy Chakraborty) - hpet: Support 32-bit userspace (He Zhe) - USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (Alan Stern) - usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() (Lee Jones) - USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k (WangYuli) - USB: serial: option: add Rolling RW350-GL variants (Vanillan Wang) - USB: serial: option: add Netprisma LCUK54 series modules (Mank Wang) - USB: serial: option: add support for Foxconn T99W651 (Slark Xiao) - USB: serial: option: add Fibocom FM350-GL (Bjorn Mork) - USB: serial: option: add Telit FN912 rmnet compositions (Daniele Palmas) - USB: serial: option: add Telit generic core-dump composition (Daniele Palmas) - ARM: davinci: Convert comma to semicolon (Chen Ni) - s390: Mark psw in __load_psw_mask() as __unitialized (Sven Schnelle) - udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). (Kuniyuki Iwashima) - ppp: reject claimed-as-LCP but actually malformed packets (Dmitry Antipov) - net: ethernet: lantiq_etop: fix double free in detach (Aleksander Jan Bajkowski) - net: lantiq_etop: add blank line after declaration (Aleksander Jan Bajkowski) - octeontx2-af: Fix incorrect value output on error path in rvu_check_rsrc_availability() (Aleksandr Mishin) - tcp: fix incorrect undo caused by DSACK of TLP retransmit (Neal Cardwell) - tcp: add TCP_INFO status for failed client TFO (Jason Baron) - vfs: don't mod negative dentry count when on shrinker list (Brian Foster) - fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading (linke li) - filelock: fix potential use-after-free in posix_lock_inode (Jeff Layton) - nilfs2: fix incorrect inode allocation from reserved inodes (Ryusuke Konishi) - nvme-multipath: find NUMA path only for online numa-node (Nilay Shroff) - ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 (Jian-Hong Pan) - i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr (Piotr Wojtaszczyk) - media: dw2102: fix a potential buffer overflow (Mauro Carvalho Chehab) - bnx2x: Fix multiple UBSAN array-index-out-of-bounds (Ghadi Elie Rahme) - drm/amdgpu/atomfirmware: silence UBSAN warning (Alex Deucher) - drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (Ma Ke) - Revert 'mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again' (Jan Kara) - fsnotify: Do not generate events for O_PATH file descriptors (Jan Kara) - can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct (Jimmy Assarsson) - mm: optimize the redundant loop of mm_update_owner_next() (Jinliang Zheng) - nilfs2: add missing check for inode numbers on directory entries (Ryusuke Konishi) - nilfs2: fix inode number range checks (Ryusuke Konishi) - inet_diag: Initialize pad field in struct inet_diag_req_v2 (Shigeru Yoshida) - selftests: make order checking verbose in msg_zerocopy selftest (Zijian Zhang) - selftests: fix OOM in msg_zerocopy selftest (Zijian Zhang) - bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (Sam Sun) - tcp_metrics: validate source addr length (Jakub Kicinski) - UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (Neal Cardwell) - net: tcp better handling of reordering then loss cases (Yuchung Cheng) - tcp: add ece_ack flag to reno sack functions (Yousuk Seung) - tcp: tcp_mark_head_lost is only valid for sack-tcp (zhang kai) - s390/pkey: Wipe sensitive data on failure (Holger Dengler) - jffs2: Fix potential illegal address access in jffs2_free_inode (Wang Yong) - powerpc/xmon: Check cpu id in commands 'c#', 'dp#' and 'dx#' (Greg Kurz) - orangefs: fix out-of-bounds fsid access (Mike Marshall) - powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n (Michael Ellerman) - i2c: i801: Annotate apanel_addr as __ro_after_init (Heiner Kallweit) - media: dvb-frontends: tda10048: Fix integer overflow (Ricardo Ribalda) - media: s2255: Use refcount_t instead of atomic_t for num_channels (Ricardo Ribalda) - media: dvb-frontends: tda18271c2dd: Remove casting during div (Ricardo Ribalda) - net: dsa: mv88e6xxx: Correct check for empty list (Simon Horman) - Input: ff-core - prefer struct_size over open coded arithmetic (Erick Archer) - firmware: dmi: Stop decoding on broken entry (Jean Delvare) - sctp: prefer struct_size over open coded arithmetic (Erick Archer) - media: dw2102: Don't translate i2c read into write (Michael Bunk) - drm/amd/display: Skip finding free audio for unknown engine_id (Alex Hung) - drm/amdgpu: Initialize timestamp for some legacy SOCs (Ma Jun) - scsi: qedf: Make qedf_execute_tmf() non-preemptible (John Meneghini) - IB/core: Implement a limit on UMAD receive List (Michael Guralnik) - media: dvb-usb: dib0700_devices: Add missing release_firmware() (Ricardo Ribalda) - media: dvb: as102-fe: Fix as10x_register_addr packing (Ricardo Ribalda) - drm/lima: fix shared irq handling on driver remove (Erico Nunes) - LTS tag: v5.4.279 (Alok Tiwari) - arm64: dts: rockchip: Add sound-dai-cells for RK3368 (Alex Bee) - ARM: dts: rockchip: rk3066a: add #sound-dai-cells to hdmi node (Johan Jonker) - tcp: Fix data races around icsk->icsk_af_ops. (Kuniyuki Iwashima) - ipv6: Fix data races around sk->sk_prot. (Kuniyuki Iwashima) - ipv6: annotate some data-races around sk->sk_prot (Eric Dumazet) - nfs: Leave pages in the pagecache if readpage failed (Matthew Wilcox (Oracle)) - pwm: stm32: Refuse too small period requests (Uwe Kleine-Konig) - mtd: spinand: macronix: Add support for serial NAND flash (Jaime Liao) - ftruncate: pass a signed offset (Arnd Bergmann) - ata: libata-core: Fix double free on error (Niklas Cassel) - batman-adv: Don't accept TT entries for out-of-spec VIDs (Sven Eckelmann) - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (Ma Ke) - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (Ma Ke) - hexagon: fix fadvise64_64 calling conventions (Arnd Bergmann) - csky, hexagon: fix broken sys_sync_file_range (Arnd Bergmann) - net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new (Oleksij Rempel) - net: can: j1939: recover socket queue on CAN bus error during BAM transmission (Oleksij Rempel) - net: can: j1939: Initialize unused data in j1939_send_one() (Shigeru Yoshida) - tty: mcf: MCF54418 has 10 UARTS (Jean-Michel Hautbois) - usb: atm: cxacru: fix endpoint checking in cxacru_bind() (Nikita Zhandarovich) - usb: musb: da8xx: fix a resource leak in probe() (Dan Carpenter) - usb: gadget: printer: SS+ support (Oliver Neukum) - net: usb: ax88179_178a: improve link status logs (Jose Ignacio Tornos Martinez) - iio: chemical: bme680: Fix sensor data read operation (Vasileios Amoiridis) - iio: chemical: bme680: Fix overflows in compensate() functions (Vasileios Amoiridis) - iio: chemical: bme680: Fix calibration data variable (Vasileios Amoiridis) - iio: chemical: bme680: Fix pressure value output (Vasileios Amoiridis) - iio: adc: ad7266: Fix variable checking bug (Fernando Yang) - mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() (Adrian Hunter) - mmc: sdhci: Do not invert write-protect twice (Adrian Hunter) - mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos (Ilpo Jarvinen) - x86: stop playing stack games in profile_pc() (Linus Torvalds) - gpio: davinci: Validate the obtained number of IRQs (Aleksandr Mishin) - nvme: fixup comment for nvme RDMA Provider Type (Hannes Reinecke) - soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message (Andrew Davis) - media: dvbdev: Initialize sbuf (Ricardo Ribalda) - ALSA: emux: improve patch ioctl data validation (Oswald Buddenhagen) - net/dpaa2: Avoid explicit cpumask var allocation on stack (Dawei Li) - net/iucv: Avoid explicit cpumask var allocation on stack (Dawei Li) - mtd: partitions: redboot: Added conversion of operands to a larger type (Denis Arefev) - drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep (Laurent Pinchart) - netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (Pablo Neira Ayuso) - parisc: use correct compat recv/recvfrom syscalls (Arnd Bergmann) - sparc: fix old compat_sys_select() (Arnd Bergmann) - net: phy: micrel: add Microchip KSZ 9477 to the device table (Enguerrand de Ribaucourt) - net: phy: mchp: Add support for LAN8814 QUAD PHY (Divya Koppera) - net: dsa: microchip: fix initial port flush problem (Tristram Ha) - ASoC: fsl-asoc-card: set priv->pdev before using it (Elinor Montmasson) - netfilter: nf_tables: validate family when identifying table via handle (Pablo Neira Ayuso) - drm/amdgpu: fix UBSAN warning in kv_dpm.c (Alex Deucher) - pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set (Huang-Huang Bao) - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins (Huang-Huang Bao) - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins (Huang-Huang Bao) - pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (Hagar Hemdan) - iio: dac: ad5592r: fix temperature channel scaling value (Marc Ferland) - iio: dac: ad5592r: un-indent code-block for scale read (Alexandru Ardelean) - iio: dac: ad5592r-base: Replace indio_dev->mlock with own device lock (Sergiu Cuciurean) - x86/amd_nb: Check for invalid SMN reads (Yazen Ghannam) - PCI: Add PCI_ERROR_RESPONSE and related definitions (Naveen Naidu) - perf/core: Fix missing wakeup when waiting for context reference (Haifeng Xu) - tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test (Jeff Johnson) - arm64: dts: qcom: qcs404: fix bluetooth device address (Johan Hovold) - ARM: dts: samsung: smdk4412: fix keypad no-autorepeat (Krzysztof Kozlowski) - ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat (Krzysztof Kozlowski) - ARM: dts: samsung: smdkv310: fix keypad no-autorepeat (Krzysztof Kozlowski) - i2c: ocores: set IACK bit after core is enabled (Grygorii Tertychnyi) - gcov: add support for GCC 14 (Peter Oberparleiter) - drm/radeon: fix UBSAN warning in kv_dpm.c (Alex Deucher) - ACPICA: Revert 'ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.' (Raju Rangoju) - dmaengine: ioatdma: Fix missing kmem_cache_destroy() (Nikita Shubin) - regulator: core: Fix modpost error 'regulator_get_regmap' undefined (Biju Das) - net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings (Oliver Neukum) - netfilter: ipset: Fix suspicious rcu_dereference_protected() (Jozsef Kadlecsik) - virtio_net: checksum offloading handling fix (Heng Qi) - net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (David Ruth) - net/sched: act_api: rely on rcu in tcf_idr_check_alloc (Pedro Tammela) - netns: Make get_net_ns() handle zero refcount net (Yue Haibing) - xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (Eric Dumazet) - ipv6: prevent possible NULL dereference in rt6_probe() (Eric Dumazet) - ipv6: prevent possible NULL deref in fib6_nh_init() (Eric Dumazet) - netrom: Fix a memory leak in nr_heartbeat_expiry() (Gavrilov Ilia) - cipso: fix total option length computation (Ondrej Mosnacek) - mips: bmips: BCM6358: make sure CBR is correctly set (Christian Marangi) - MIPS: Routerboard 532: Fix vendor retry check code (Ilpo Jarvinen) - PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (Mario Limonciello) - udf: udftime: prevent overflow in udf_disk_stamp_to_time() (Roman Smirnov) - usb: misc: uss720: check for incompatible versions of the Belkin F5U002 (Alex Henrie) - powerpc/io: Avoid clang null pointer arithmetic warnings (Michael Ellerman) - powerpc/pseries: Enforce hcall result buffer validity and size (Nathan Lynch) - Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl (Uri Arev) - scsi: qedi: Fix crash while reading debugfs attribute (Manish Rangankar) - drop_monitor: replace spin_lock by raw_spin_lock (Wander Lairson Costa) - batman-adv: bypass empty buckets in batadv_purge_orig_ref() (Eric Dumazet) - selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (Alessandro Carminati (Red Hat)) - rcutorture: Fix rcu_torture_one_read() pipe_count overflow comment (Paul E. McKenney) - i2c: at91: Fix the functionality flags of the slave-only interface (Jean Delvare) - usb-storage: alauda: Check whether the media is initialized (Shichao Lai) - greybus: Fix use-after-free bug in gb_interface_release due to race condition. (Sicong Huang) - netfilter: nftables: exthdr: fix 4-byte stack OOB write (Florian Westphal) - hugetlb_encode.h: fix undefined behaviour (34 << 26) (Matthias Goergens) - tick/nohz_full: Don't abuse smp_call_function_single() in tick_setup_device() (Oleg Nesterov) - nilfs2: fix potential kernel bug due to lack of writeback flag waiting (Ryusuke Konishi) - intel_th: pci: Add Lunar Lake support (Alexander Shishkin) - intel_th: pci: Add Meteor Lake-S support (Alexander Shishkin) - intel_th: pci: Add Sapphire Rapids SOC support (Alexander Shishkin) - intel_th: pci: Add Granite Rapids SOC support (Alexander Shishkin) - intel_th: pci: Add Granite Rapids support (Alexander Shishkin) - dmaengine: axi-dmac: fix possible race in remove() (Nuno Sa) - PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id (Rick Wertenbroek) - ocfs2: fix races between hole punching and AIO+DIO (Su Yue) - ocfs2: use coarse time for new created files (Su Yue) - fs/proc: fix softlockup in __read_vmcore (Rik van Riel) - vmci: prevent speculation leaks by sanitizing event in event_deliver() (Hagar Gamal Halim Hemdan) - tracing/selftests: Fix kprobe event name test for .isra. functions (Steven Rostedt (Google)) - drm/exynos/vidi: fix memory leak in .get_modes() (Jani Nikula) - drivers: core: synchronize really_probe() and dev_uevent() (Dirk Behme) - ionic: fix use after netif_napi_del() (Taehee Yoo) - net/ipv6: Fix the RT cache flush via sysctl using a previous delay (Petr Pavlu) - net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets (Gal Pressman) - tcp: fix race in tcp_v6_syn_recv_sock() (Eric Dumazet) - drm/bridge/panel: Fix runtime warning on panel bridge release (Adam Miotk) - drm/komeda: check for error-valued pointer (Amjad Ouled-Ameur) - liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet (Aleksandr Mishin) - HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() (Jose Exposito) - iommu: Return right value in iommu_sva_bind_device() (Lu Baolu) - iommu/amd: Fix sysfs leak in iommu init (Kun(llfl)) - HID: core: remove unnecessary WARN_ON() in implement() (Nikita Zhandarovich) - gpio: tqmx86: fix typo in Kconfig label (Gregor Herburger) - SUNRPC: return proper error from gss_wrap_req_priv (Chen Hanxiao) - Input: try trimming too long modalias strings (Dmitry Torokhov) - scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (Breno Leitao) - xhci: Apply broken streams quirk to Etron EJ188 xHCI host (Kuangyi Chiang) - xhci: Apply reset resume quirk to Etron EJ188 xHCI host (Kuangyi Chiang) - xhci: Set correct transferred length for cancelled bulk transfers (Mathias Nyman) - jfs: xattr: fix buffer overflow for invalid xattr (Greg Kroah-Hartman) - mei: me: release irq in mei_me_pci_resume error path (Tomas Winkler) - USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (Alan Stern) - nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors (Ryusuke Konishi) - nilfs2: return the mapped address from nilfs_get_page() (Matthew Wilcox (Oracle)) - nilfs2: Remove check for PageError (Matthew Wilcox (Oracle)) - selftests/mm: compaction_test: fix bogus test success on Aarch64 (Dev Jain) - selftests/mm: conform test to TAP format output (Muhammad Usama Anjum) - selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages (Dev Jain) - serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler (Hugo Villeneuve) - serial: sc16is7xx: replace hardcoded divisor value with BIT() macro (Hugo Villeneuve) - drm/amd/display: Handle Y carry-over in VCP X.Y calculation (George Shen) - ASoC: ti: davinci-mcasp: Fix race condition during probe (Joao Paulo Goncalves) - ASoC: ti: davinci-mcasp: Handle missing required DT properties (Peter Ujfalusi) - ASoC: ti: davinci-mcasp: Simplify the configuration parameter handling (Peter Ujfalusi) - ASoC: ti: davinci-mcasp: Remove legacy dma_request parsing (Peter Ujfalusi) - ASoC: ti: davinci-mcasp: Use platform_get_irq_byname_optional (Peter Ujfalusi) - ASoC: ti: davinci-mcasp: remove always zero of davinci_mcasp_get_dt_params (Zhang Qilong) - ASoC: ti: davinci-mcasp: remove redundant assignment to variable ret (Colin Ian King) - usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (Wesley Cheng) - ipv6: fix possible race in __fib6_drop_pcpu_from() (Eric Dumazet) - af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill(). (Kuniyuki Iwashima) - af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen(). (Kuniyuki Iwashima) - af_unix: Use unix_recvq_full_lockless() in unix_stream_connect(). (Kuniyuki Iwashima) - af_unix: Annotate data-race of net->unx.sysctl_max_dgram_qlen. (Kuniyuki Iwashima) - af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG. (Kuniyuki Iwashima) - af_unix: Annotate data-races around sk->sk_state in sendmsg() and recvmsg(). (Kuniyuki Iwashima) - af_unix: Annotate data-races around sk->sk_state in unix_write_space() and poll(). (Kuniyuki Iwashima) - af_unix: Annotate data-race of sk->sk_state in unix_inq_len(). (Kuniyuki Iwashima) - ptp: Fix error message on failed pin verification (Karol Kolacinski) - net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (Eric Dumazet) - tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (Jason Xing) - net: sched: sch_multiq: fix possible OOB write in multiq_tune() (Hangyu Hua) - ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (Eric Dumazet) - wifi: iwlwifi: mvm: don't read past the mfuart notifcation (Emmanuel Grumbach) - wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef (Shahar S Matityahu) - wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 (Johannes Berg) - wifi: cfg80211: pmsr: use correct nla_get_uX functions (Lin Ma) - wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() (Remi Pommarel) - wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects (Nicolas Escande) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-41097 CVE-2024-41007 CVE-2024-42236 CVE-2022-3567 CVE-2024-42115 CVE-2024-42092 CVE-2024-42104 CVE-2024-42096 CVE-2024-42101 CVE-2024-41095 CVE-2024-40995 CVE-2024-40961 CVE-2024-40905 CVE-2022-3566 CVE-2024-39487 CVE-2024-40980 CVE-2024-41041 CVE-2024-40978 CVE-2024-41049 CVE-2024-42097 CVE-2024-42143 CVE-2024-42223 CVE-2024-42124 CVE-2024-40988 CVE-2023-52628 CVE-2024-40943 CVE-2024-42232 CVE-2024-42148 CVE-2024-42154 CVE-2024-42084 CVE-2024-40974 CVE-2024-39502 CVE-2024-39501 CVE-2024-39506 CVE-2024-40968 CVE-2023-52803 CVE-2024-41044 CVE-2024-42105 CVE-2024-42224 CVE-2024-40960 CVE-2024-40941 CVE-2024-42145 CVE-2024-42086 CVE-2024-42076 CVE-2024-41034 CVE-2024-40934 CVE-2024-41087 CVE-2024-41046 CVE-2024-42106 CVE-2024-42127 CVE-2024-36484 CVE-2024-40981 CVE-2024-40987 CVE-2024-42157 CVE-2024-42089 CVE-2024-42090 CVE-2024-40959 CVE-2024-40963 CVE-2024-40904 CVE-2024-38619 CVE-2024-37078 CVE-2024-39499 CVE-2024-40932 CVE-2024-36894 CVE-2024-39509 CVE-2024-39469 CVE-2024-40901 CVE-2024-41035 CVE-2024-42087 CVE-2024-40958 CVE-2024-41006 CVE-2024-40942 CVE-2024-39505 CVE-2024-40945 CVE-2024-40912 CVE-2024-40902 CVE-2024-42153 CVE-2024-42119 CVE-2024-42093 CVE-2024-42094 CVE-2024-39495 CVE-2024-41022 CVE-2024-36974 CVE-2024-42070 CVE-2024-40993 CVE-2023-4881 CVE-2024-36978 CVE-2024-41089 cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 8 Oracle Linux 9 [5.15.0-210.163.7] - crypto: qat - specify firmware files for 402xx (Giovanni Cabiddu) [Orabug: 37030280] [5.15.0-210.163.6] - Revert 'Fix userfaultfd_api to return EINVAL as expected' (Vijayendra Suman) [Orabug: 37004422] [5.15.0-210.163.5] - Revert 'bpf: Allow reads from uninit stack' (Vijayendra Suman) [Orabug: 36992948] - selftests/vm: Fix build issue with pkey_sighandler_tests.c (Aruna Ramakrishna) [Orabug: 36992941] [5.15.0-210.163.4] - driver core: Fix uevent_show() vs driver detach race (Dan Williams) - ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (Jerome Brunet) - kdb: Use the passed prompt in kdb_position_cursor() (Douglas Anderson) - MIPS: Octeron: remove source file executable bit (Dominique Martinet) - sched: act_ct: take care of padding in struct zones_ht_key (Eric Dumazet) - ipvs: Avoid unnecessary calls to skb_is_gso_sctp (Ismael Luceno) - drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() (Dan Carpenter) - KVM: x86: check the kvm_cpu_get_interrupt result before using it (Maxim Levitsky) [Orabug: 36893301] - KVM: x86: VMX: set irr_pending in kvm_apic_update_irr (Maxim Levitsky) [Orabug: 36893301] - KVM: x86: VMX: __kvm_apic_update_irr must update the IRR atomically (Maxim Levitsky) [Orabug: 36893301] - KVM: x86: Allow APICv APIC ID inhibit to be cleared (Greg Edwards) [Orabug: 36839768] - printk: add kthread for long-running print (Stephen Brennan) [Orabug: 36456581] [5.15.0-210.163.3] - selftests/net: remove extra argument domain for do_recv_completions() (Samasth Norway Ananda) [Orabug: 36949448] - selftests/mm: Add new testcases for pkeys (Keith Lucas) [Orabug: 36943199] - x86/pkeys: Restore altstack access in sigreturn() (Aruna Ramakrishna) [Orabug: 36943199] - x86/pkeys: Update PKRU to enable all pkeys before XSAVE (Aruna Ramakrishna) [Orabug: 36943199] - x86/pkeys: Add helper functions to update PKRU on the sigframe (Aruna Ramakrishna) [Orabug: 36943199] - x86/pkeys: Add PKRU as a parameter in signal handling functions (Aruna Ramakrishna) [Orabug: 36943199] - x86/signal/64: Move 64-bit signal code to its own file (Brian Gerst) [Orabug: 36943199] - x86/signal/32: Merge native and compat 32-bit signal code (Brian Gerst) [Orabug: 36943199] - x86/signal: Add ABI prefixes to frame setup functions (Brian Gerst) [Orabug: 36943199] - x86/signal: Merge get_sigframe() (Brian Gerst) [Orabug: 36943199] - x86: Remove __USER32_DS (Brian Gerst) [Orabug: 36943199] - signal/compat: Remove compat_sigset_t override (Brian Gerst) [Orabug: 36943199] - x86/signal: Remove sigset_t parameter from frame setup functions (Brian Gerst) [Orabug: 36943199] - x86/signal: Remove sig parameter from frame setup functions (Brian Gerst) [Orabug: 36943199] [5.15.0-210.163.2] - fsnotify: clear PARENT_WATCHED flags lazily (Amir Goldstein) [Orabug: 36922239] - net: mana: Fix possible double free in error handling path (Ma Ke) [Orabug: 36897038] {CVE-2024-42069} - x86/aperfmperf: Dont wake idle CPUs in arch_freq_get_on_cpu() (Thomas Gleixner) [Orabug: 35773810] - xfs: fix agf/agfl verification on v4 filesystems (Mark Tinguely) [Orabug: 35623655] [5.15.0-210.163.1] - net: relax socket state check at accept time. (Paolo Abeni) [Orabug: 36768888] {CVE-2024-36484} - LTS version: v5.15.163 (Vijayendra Suman) - i2c: rcar: fix error code in probe() (Dan Carpenter) - kbuild: Make ld-version.sh more robust against version string changes (Nathan Chancellor) - x86/entry/64: Remove obsolete comment on tracing vs. SYSRET (Brian Gerst) - i2c: rcar: clear NO_RXDMA flag after resetting (Wolfram Sang) - i2c: testunit: avoid re-issued work after read message (Wolfram Sang) - i2c: rcar: ensure Gen3+ reset does not disturb local targets (Wolfram Sang) - i2c: rcar: introduce Gen4 devices (Wolfram Sang) - i2c: rcar: reset controller is mandatory for Gen3+ (Wolfram Sang) - i2c: rcar: Add R-Car Gen4 support (Geert Uytterhoeven) - i2c: mark HostNotify target address as used (Wolfram Sang) - i2c: rcar: bring hardware to known state when probing (Wolfram Sang) - nilfs2: fix kernel bug on rename operation of broken directory (Ryusuke Konishi) [Orabug: 36896820] {CVE-2024-41034} - bpf: Allow reads from uninit stack (Eduard Zingerman) - ipv6: prevent NULL dereference in ip6_output() (Eric Dumazet) [Orabug: 36683273] {CVE-2024-36901} - ipv6: annotate data-races around cnf.disable_ipv6 (Eric Dumazet) - wireguard: send: annotate intentional data race in checking empty queue (Jason A. Donenfeld) - wireguard: queueing: annotate intentional data race in cpu round robin (Jason A. Donenfeld) - wireguard: allowedips: avoid unaligned 64-bit memory accesses (Helge Deller) [Orabug: 36930166] {CVE-2024-42247} - libceph: fix race between delayed_work() and ceph_monc_stop() (Ilya Dryomov) [Orabug: 36930127] {CVE-2024-42232} - Fix userfaultfd_api to return EINVAL as expected (Audra Mitchell) [Orabug: 36896804] {CVE-2024-41027} - ALSA: hda/realtek: Limit mic boost on VAIO PRO PX (Edson Juliano Drosdeck) - ALSA: hda/realtek: Enable Mute LED on HP 250 G7 (Nazar Bilinskyi) - ALSA: hda/realtek: add quirk for Clevo V5[46]0TU (Michal Kopec) - nvmem: core: only change name to fram for current attribute (Thomas Weissschuh) - nvmem: meson-efuse: Fix return value of nvmem callbacks (Joy Chakraborty) - nvmem: rmem: Fix return value of rmem_read() (Joy Chakraborty) - hpet: Support 32-bit userspace (He Zhe) - USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (Alan Stern) [Orabug: 36896825] {CVE-2024-41035} - usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() (Lee Jones) [Orabug: 36930137] {CVE-2024-42236} - USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k (WangYuli) - USB: serial: mos7840: fix crash on resume (Dmitry Smirnov) [Orabug: 36930153] {CVE-2024-42244} - USB: serial: option: add Rolling RW350-GL variants (Vanillan Wang) - USB: serial: option: add Netprisma LCUK54 series modules (Mank Wang) - USB: serial: option: add support for Foxconn T99W651 (Slark Xiao) - USB: serial: option: add Fibocom FM350-GL (Bjorn Mork) - USB: serial: option: add Telit FN912 rmnet compositions (Daniele Palmas) - USB: serial: option: add Telit generic core-dump composition (Daniele Palmas) - net: ks8851: Fix potential TX stall after interface reopen (Ronald Wahl) - tcp: avoid too many retransmit packets (Eric Dumazet) [Orabug: 36841815] {CVE-2024-41007} - tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() (Eric Dumazet) - octeontx2-af: fix issue with IPv4 match for RSS (Satheesh Paul) - octeontx2-af: fix issue with IPv6 ext match for RSS (Kiran Kumar K) - octeontx2-af: extend RSS supported offload types (Kiran Kumar K) - octeontx2-af: fix detection of IP layer (Michal Mazur) - octeontx2-af: fix a issue with cpt_lf_alloc mailbox (Srujana Challa) - octeontx2-af: update cpt lf alloc mailbox (Srujana Challa) - octeontx2-af: replace cpt slot with lf id on reg write (Nithin Dabilpuram) - ARM: davinci: Convert comma to semicolon (Chen Ni) - s390: Mark psw in __load_psw_mask() as __unitialized (Sven Schnelle) - net/sched: Fix UAF when resolving a clash (Chengen Du) [Orabug: 36896837] {CVE-2024-41040} - udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). (Kuniyuki Iwashima) [Orabug: 36896841] {CVE-2024-41041} - ethtool: netlink: do not return SQI value if link is down (Oleksij Rempel) - ppp: reject claimed-as-LCP but actually malformed packets (Dmitry Antipov) [Orabug: 36896855] {CVE-2024-41044} - net: ethernet: mtk-star-emac: set mac_managed_pm when probing (Jian Hui Lee) - net: ethernet: lantiq_etop: fix double free in detach (Aleksander Jan Bajkowski) [Orabug: 36896862] {CVE-2024-41046} - net: lantiq_etop: add blank line after declaration (Aleksander Jan Bajkowski) - i40e: Fix XDP program unloading while removing the driver (Michal Kubiak) [Orabug: 36896869] {CVE-2024-41047} - net: fix rc7's __skb_datagram_iter() (Hugh Dickins) - octeontx2-af: Fix incorrect value output on error path in rvu_check_rsrc_availability() (Aleksandr Mishin) - skmsg: Skip zero length skb in sk_msg_recvmsg (Geliang Tang) [Orabug: 36896872] {CVE-2024-41048} - tcp: fix incorrect undo caused by DSACK of TLP retransmit (Neal Cardwell) - vfs: don't mod negative dentry count when on shrinker list (Brian Foster) - fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading (linke li) - filelock: fix potential use-after-free in posix_lock_inode (Jeff Layton) [Orabug: 36896875] {CVE-2024-41049} - nilfs2: fix incorrect inode allocation from reserved inodes (Ryusuke Konishi) - null_blk: Do not allow runt zone with zone capacity smaller then zone size (Damien Le Moal) - nfc/nci: Add the inconsistency check between the input data length and count (Edward Adam Davis) [Orabug: 36897796] {CVE-2024-42130} - kbuild: fix short log for AS in link-vmlinux.sh (Masahiro Yamada) - nvmet: fix a possible leak when destroy a ctrl during qp establishment (Sagi Grimberg) [Orabug: 36897901] {CVE-2024-42152} - platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro (hmtheboy154) - platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6' tablet (hmtheboy154) - regmap-i2c: Subtract reg size from max_write (Jim Wylder) - nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset (Kundan Kumar) - dma-mapping: benchmark: avoid needless copy_to_user if benchmark fails (Fedor Pchelkin) - nvme-multipath: find NUMA path only for online numa-node (Nilay Shroff) - ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 (Jian-Hong Pan) - fs/ntfs3: Mark volume as dirty if xattr is broken (Konstantin Komarov) - i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr (Piotr Wojtaszczyk) [Orabug: 36897908] {CVE-2024-42153} - clk: qcom: gcc-sm6350: Fix gpll6* & gpll7 parents (Luca Weiss) - media: dw2102: fix a potential buffer overflow (Mauro Carvalho Chehab) - ima: Avoid blocking in RCU read-side critical section (GUO Zihua) [Orabug: 36835827] {CVE-2024-40947} - bnx2x: Fix multiple UBSAN array-index-out-of-bounds (Ghadi Elie Rahme) [Orabug: 36897884] {CVE-2024-42148} - mtd: rawnand: rockchip: ensure NVDDR timings are rejected (Val Packett) - mtd: rawnand: Bypass a couple of sanity checks during NAND identification (Miquel Raynal) - mtd: rawnand: Ensure ECC configuration is propagated to upper layers (Miquel Raynal) - drm/amdgpu/atomfirmware: silence UBSAN warning (Alex Deucher) - drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (Ma Ke) [Orabug: 36897639] {CVE-2024-42101} - fsnotify: Do not generate events for O_PATH file descriptors (Jan Kara) - can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct (Jimmy Assarsson) - Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot (Zijun Hu) [Orabug: 36897825] {CVE-2024-42137} - btrfs: fix adding block group to a reclaim list and the unused list during reclaim (Naohiro Aota) [Orabug: 36934739] {CVE-2024-42103} - mm: avoid overflows in dirty throttling logic (Jan Kara) [Orabug: 36897802] {CVE-2024-42131} - mm: optimize the redundant loop of mm_update_owner_next() (Jinliang Zheng) - nilfs2: add missing check for inode numbers on directory entries (Ryusuke Konishi) [Orabug: 36897651] {CVE-2024-42104} - nilfs2: fix inode number range checks (Ryusuke Konishi) [Orabug: 36897657] {CVE-2024-42105} - Revert 'igc: fix a log entry using uninitialized netdev' (Sasha Neftin) - gpiolib: of: add polarity quirk for TSC2005 (Dmitry Torokhov) - gpiolib: of: add a quirk for reset line polarity for Himax LCDs (Dmitry Torokhov) - gpiolib: of: factor out code overriding gpio line polarity (Dmitry Torokhov) - inet_diag: Initialize pad field in struct inet_diag_req_v2 (Shigeru Yoshida) [Orabug: 36897665] {CVE-2024-42106} - selftests: make order checking verbose in msg_zerocopy selftest (Zijian Zhang) - selftests: fix OOM in msg_zerocopy selftest (Zijian Zhang) - bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (Sam Sun) [Orabug: 36825247] {CVE-2024-39487} - netfilter: nf_tables: unconditionally flush pending work before notifier (Florian Westphal) [Orabug: 36897676] {CVE-2024-42109} - riscv: kexec: Avoid deadlock in kexec crash path (Song Shuai) [Orabug: 36897831] {CVE-2024-42140} - wifi: wilc1000: fix ies_len type in connect path (Jozef Hopko) - net: allow skb_datagram_iter to be called from any context (Sagi Grimberg) - e1000e: Fix S0ix residency on corporate systems (Dima Ruinskiy) - KVM: s390: fix LPSWEY handling (Christian Borntraeger) - tcp_metrics: validate source addr length (Jakub Kicinski) [Orabug: 36897914] {CVE-2024-42154} - UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (Neal Cardwell) - tools/power turbostat: Remember global max_die_id (Len Brown) - s390/pkey: Wipe sensitive data on failure (Holger Dengler) [Orabug: 36897933] {CVE-2024-42157} - jffs2: Fix potential illegal address access in jffs2_free_inode (Wang Yong) [Orabug: 36897693] {CVE-2024-42115} - bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD (Jose E. Marchesi) [Orabug: 36897964] {CVE-2024-42161} - igc: fix a log entry using uninitialized netdev (Corinna Vinschen) [Orabug: 36897705] {CVE-2024-42116} - powerpc/xmon: Check cpu id in commands 'c#', 'dp#' and 'dx#' (Greg Kurz) - kunit: Fix timeout message (Mickael Salaun) - orangefs: fix out-of-bounds fsid access (Mike Marshall) [Orabug: 36897836] {CVE-2024-42143} - powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n (Michael Ellerman) - i2c: i801: Annotate apanel_addr as __ro_after_init (Heiner Kallweit) - media: dvb-frontends: tda10048: Fix integer overflow (Ricardo Ribalda) [Orabug: 36897975] {CVE-2024-42223} - media: s2255: Use refcount_t instead of atomic_t for num_channels (Ricardo Ribalda) - media: dvb-frontends: tda18271c2dd: Remove casting during div (Ricardo Ribalda) - net: dsa: mv88e6xxx: Correct check for empty list (Simon Horman) [Orabug: 36897981] {CVE-2024-42224} - wifi: mt76: replace skb_put with skb_put_zero (Felix Fietkau) [Orabug: 36897988] {CVE-2024-42225} - Input: ff-core - prefer struct_size over open coded arithmetic (Erick Archer) - firmware: dmi: Stop decoding on broken entry (Jean Delvare) - sctp: prefer struct_size over open coded arithmetic (Erick Archer) - media: dw2102: Don't translate i2c read into write (Michael Bunk) - drm/amd/display: Skip finding free audio for unknown engine_id (Alex Hung) [Orabug: 36897725] {CVE-2024-42119} - drm/amd/display: Check pipe offset before setting vblank (Alex Hung) [Orabug: 36897731] {CVE-2024-42120} - drm/amd/display: Check index msg_id before read or write (Alex Hung) [Orabug: 36897738] {CVE-2024-42121} - drm/amdgpu: Initialize timestamp for some legacy SOCs (Ma Jun) - crypto: aead,cipher - zeroize key buffer after use (Hailey Mothershead) [Orabug: 36898013] {CVE-2024-42229} - scsi: qedf: Make qedf_execute_tmf() non-preemptible (John Meneghini) [Orabug: 36897759] {CVE-2024-42124} - IB/core: Implement a limit on UMAD receive List (Michael Guralnik) [Orabug: 36897846] {CVE-2024-42145} - media: dvb-usb: dib0700_devices: Add missing release_firmware() (Ricardo Ribalda) - media: dvb: as102-fe: Fix as10x_register_addr packing (Ricardo Ribalda) - drm/lima: fix shared irq handling on driver remove (Erico Nunes) [Orabug: 36897778] {CVE-2024-42127} - locking/mutex: Introduce devm_mutex_init() (George Stark) - Compiler Attributes: Add __uninitialized macro (Heiko Carstens) - LTS version: v5.15.162 (Vijayendra Suman) - serial: 8250_omap: Fix Errata i2310 with RX FIFO level check (Udit Kumar) - arm64: dts: rockchip: Add sound-dai-cells for RK3368 (Alex Bee) - arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E (FUKAUMI Naoki) - ARM: dts: rockchip: rk3066a: add #sound-dai-cells to hdmi node (Johan Jonker) - KVM: arm64: vgic-v4: Make the doorbell request robust w.r.t preemption (Marc Zyngier) - efi/x86: Free EFI memory map only when installing a new one. (Ard Biesheuvel) - efi: xen: Set EFI_PARAVIRT for Xen dom0 boot on all architectures (Ard Biesheuvel) - efi: memmap: Move manipulation routines into x86 arch tree (Ard Biesheuvel) - efi: Correct comment on efi_memmap_alloc (Liu Zixian) - drivers: fix typo in firmware/efi/memmap.c (Zheng Zhi Yuan) - tcp: Fix data races around icsk->icsk_af_ops. (Kuniyuki Iwashima) [Orabug: 34719865] {CVE-2022-3566} - ipv6: Fix data races around sk->sk_prot. (Kuniyuki Iwashima) [Orabug: 34719905] {CVE-2022-3567} - ipv6: annotate some data-races around sk->sk_prot (Eric Dumazet) - nfs: Leave pages in the pagecache if readpage failed (Matthew Wilcox (Oracle)) - pwm: stm32: Refuse too small period requests (Uwe Kleine-Konig) - syscalls: fix sys_fanotify_mark prototype (Arnd Bergmann) - syscalls: fix compat_sys_io_pgetevents_time64 usage (Arnd Bergmann) - ftruncate: pass a signed offset (Arnd Bergmann) [Orabug: 36897557] {CVE-2024-42084} - ata: libata-core: Fix double free on error (Niklas Cassel) [Orabug: 36897373] {CVE-2024-41087} - ata: ahci: Clean up sysfs file on error (Niklas Cassel) - batman-adv: Don't accept TT entries for out-of-spec VIDs (Sven Eckelmann) - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (Ma Ke) [Orabug: 36897379] {CVE-2024-41089} - drm/i915/gt: Fix potential UAF by revoke of fence registers (Janusz Krzysztofik) [Orabug: 36897385] {CVE-2024-41092} - drm/amdgpu: avoid using null object of framebuffer (Julia Zhang) [Orabug: 36897435] {CVE-2024-41093} - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (Ma Ke) [Orabug: 36897442] {CVE-2024-41095} - hexagon: fix fadvise64_64 calling conventions (Arnd Bergmann) - csky, hexagon: fix broken sys_sync_file_range (Arnd Bergmann) - sh: rework sync_file_range ABI (Arnd Bergmann) - kbuild: Install dtb files as 0644 in Makefile.dtbinst (Dragan Simic) - cpu/hotplug: Fix dynstate assignment in __cpuhp_setup_state_cpuslocked() (Yuntao Wang) - net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new (Oleksij Rempel) - net: can: j1939: recover socket queue on CAN bus error during BAM transmission (Oleksij Rempel) - net: can: j1939: Initialize unused data in j1939_send_one() (Shigeru Yoshida) [Orabug: 36897515] {CVE-2024-42076} - tty: mcf: MCF54418 has 10 UARTS (Jean-Michel Hautbois) - serial: 8250_omap: Implementation of Errata i2310 (Udit Kumar) [Orabug: 36897613] {CVE-2024-42095} - usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock (Meng Li) [Orabug: 36897563] {CVE-2024-42085} - usb: atm: cxacru: fix endpoint checking in cxacru_bind() (Nikita Zhandarovich) [Orabug: 36897450] {CVE-2024-41097} - usb: musb: da8xx: fix a resource leak in probe() (Dan Carpenter) - usb: gadget: printer: fix races against disable (Oliver Neukum) - usb: gadget: printer: SS+ support (Oliver Neukum) - net: usb: ax88179_178a: improve link status logs (Jose Ignacio Tornos Martinez) - iio: chemical: bme680: Fix sensor data read operation (Vasileios Amoiridis) - iio: chemical: bme680: Fix overflows in compensate() functions (Vasileios Amoiridis) [Orabug: 36897565] {CVE-2024-42086} - iio: chemical: bme680: Fix calibration data variable (Vasileios Amoiridis) - iio: chemical: bme680: Fix pressure value output (Vasileios Amoiridis) - iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF (Alexander Sverdlin) - iio: adc: ad7266: Fix variable checking bug (Fernando Yang) - i2c: testunit: discard write requests while old command is running (Wolfram Sang) - i2c: testunit: don't erase registers after STOP (Wolfram Sang) - mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() (Adrian Hunter) - mmc: sdhci: Do not invert write-protect twice (Adrian Hunter) - mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos (Ilpo Jarvinen) - ocfs2: fix DIO failure due to insufficient transaction credits (Jan Kara) [Orabug: 36897528] {CVE-2024-42077} - parisc: use generic sys_fanotify_mark implementation (Arnd Bergmann) - x86: stop playing stack games in profile_pc() (Linus Torvalds) [Orabug: 36897615] {CVE-2024-42096} - gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1) (Kent Gibson) - gpio: davinci: Validate the obtained number of IRQs (Aleksandr Mishin) [Orabug: 36897598] {CVE-2024-42092} - drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA (Liu Ying) - nvme: fixup comment for nvme RDMA Provider Type (Hannes Reinecke) - drm/radeon/radeon_display: Decrease the size of allocated memory (Erick Archer) - soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message (Andrew Davis) - media: dvbdev: Initialize sbuf (Ricardo Ribalda) - ALSA: emux: improve patch ioctl data validation (Oswald Buddenhagen) [Orabug: 36897623] {CVE-2024-42097} - crypto: ecdh - explicitly zeroize private_key (Joachim Vandersmissen) [Orabug: 36897630] {CVE-2024-42098} - net/dpaa2: Avoid explicit cpumask var allocation on stack (Dawei Li) [Orabug: 36897601] {CVE-2024-42093} - net/iucv: Avoid explicit cpumask var allocation on stack (Dawei Li) [Orabug: 36897607] {CVE-2024-42094} - RDMA/restrack: Fix potential invalid address access (Wenchao Hao) [Orabug: 36897540] {CVE-2024-42080} - bpf: Add a check for struct bpf_fib_lookup size (Anton Protopopov) - mtd: partitions: redboot: Added conversion of operands to a larger type (Denis Arefev) - x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup (Uros Bizjak) - vduse: Temporarily fail if control queue feature requested (Maxime Coquelin) - vduse: validate block features only with block devices (Maxime Coquelin) - drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep (Laurent Pinchart) [Orabug: 36897569] {CVE-2024-42087} - bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro() (Christophe Leroy) [Orabug: 36897491] {CVE-2024-42068} - netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (Pablo Neira Ayuso) [Orabug: 36897499] {CVE-2024-42070} - tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (Neal Cardwell) - parisc: use correct compat recv/recvfrom syscalls (Arnd Bergmann) - sparc: fix compat recv/recvfrom syscalls (Arnd Bergmann) - sparc: fix old compat_sys_select() (Arnd Bergmann) - Fix race for duplicate reqsk on identical SYN (luoxuanqiang) - xdp: Remove WARN() from __xdp_reg_mem_model() (Daniil Dulov) [Orabug: 36897553] {CVE-2024-42082} - net: phy: micrel: add Microchip KSZ 9477 to the device table (Enguerrand de Ribaucourt) - ibmvnic: Free any outstanding tx skbs during scrq reset (Nick Child) - net: dsa: microchip: fix initial port flush problem (Tristram Ha) - ASoC: fsl-asoc-card: set priv->pdev before using it (Elinor Montmasson) [Orabug: 36897577] {CVE-2024-42089} - net: stmmac: Assign configured channel value to EXTTS event (Oleksij Rempel) - net: mdio: add helpers to extract clause 45 regad and devad fields (Russell King (Oracle)) - drm/amdgpu: fix UBSAN warning in kv_dpm.c (Alex Deucher) [Orabug: 36835991] {CVE-2024-40987} - cifs: fix typo in module parameter enable_gcm_256 (Steve French) - pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set (Huang-Huang Bao) - pinctrl: rockchip: use dedicated pinctrl type for RK3328 (Huang-Huang Bao) - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins (Huang-Huang Bao) - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins (Huang-Huang Bao) - pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (Hagar Hemdan) [Orabug: 36897585] {CVE-2024-42090} - Input: ili210x - fix ili251x_read_touch_data() return value (John Keeping) - gve: Clear napi->skb before dev_kfree_skb_any() (Ziwei Xiao) [Orabug: 36835798] {CVE-2024-40937} - gve: Add RX context. (David Awogbemila) - ACPI: x86: Force StorageD3Enable on more products (Mario Limonciello) - ACPI: x86: utils: Add Picasso to the list for forcing StorageD3Enable (Mario Limonciello) - smb: client: fix deadlock in smb2_find_smb_tcon() (Enzo Matsumiya) [Orabug: 36774640] {CVE-2024-39468} - x86/amd_nb: Check for invalid SMN reads (Yazen Ghannam) - PCI: Add PCI_ERROR_RESPONSE and related definitions (Naveen Naidu) - perf/core: Fix missing wakeup when waiting for context reference (Haifeng Xu) - riscv: fix overlap of allocated page and PTR_ERR (Nam Cao) - riscv: mm: init: try best to use IS_ENABLED(CONFIG_64BIT) instead of #ifdef (Jisheng Zhang) - kheaders: explicitly define file modes for archived headers (Matthias Maennich) - Revert 'kheaders: substituting --sort in archive creation' (Masahiro Yamada) - drm/i915/gt: Disarm breadcrumbs if engines are already idle (Chris Wilson) - drm/i915/gt: Only kick the signal worker if there's been an update (Chris Wilson) - ksmbd: ignore trailing slashes in share paths (Nandor Kracser) - x86/cpu: Fix x86_match_cpu() to match just X86_VENDOR_INTEL (Tony Luck) - x86/cpu/vfm: Add new macros to work with (vendor/family/model) values (Tony Luck) - tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test (Jeff Johnson) - bcache: fix variable length array abuse in btree_iter (Matthew Mirvish) [Orabug: 36809293] {CVE-2024-39482} - pmdomain: ti-sci: Fix duplicate PD referrals (Tomi Valkeinen) - wifi: rtlwifi: rtl8192de: Fix 5 GHz TX power (Bitterblue Smith) - rtlwifi: rtl8192de: Style clean-ups (Kees Cook) - ARM: dts: samsung: smdk4412: fix keypad no-autorepeat (Krzysztof Kozlowski) - ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat (Krzysztof Kozlowski) - ARM: dts: samsung: smdkv310: fix keypad no-autorepeat (Krzysztof Kozlowski) - perf script: Show also errors for --insn-trace option (Adrian Hunter) - perf: script: add raw|disasm arguments to --insn-trace option (Changbin Du) - drm/amd/display: revert Exit idle optimizations before HDCP execution (Martin Leung) - arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc (Frank Li) - dt-bindings: i2c: google,cros-ec-i2c-tunnel: correct path to i2c-controller schema (Krzysztof Kozlowski) - i2c: ocores: set IACK bit after core is enabled (Grygorii Tertychnyi) - tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack() (Eric Dumazet) - kcov: don't lose track of remote references during softirqs (Aleksandr Nogikh) - gcov: add support for GCC 14 (Peter Oberparleiter) - drm/radeon: fix UBSAN warning in kv_dpm.c (Alex Deucher) [Orabug: 36835996] {CVE-2024-40988} - drm/i915/mso: using joiner is not possible with eDP MSO (Jani Nikula) - ALSA: hda/realtek: Limit mic boost on N14AP7 (Edson Juliano Drosdeck) - KVM: x86: Always sync PIR to IRR prior to scanning I/O APIC routes (Sean Christopherson) - btrfs: retry block group reclaim without infinite loop (Boris Burkov) - net: do not leave a dangling sk pointer, when socket creation fails (Ignat Korchagin) - serial: stm32: rework RX over DMA (Erwan Le Ray) - RDMA/mlx5: Add check for srq max_sge attribute (Patrisious Haddad) [Orabug: 36836003] {CVE-2024-40990} - ACPICA: Revert 'ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.' (Raju Rangoju) - regulator: bd71815: fix ramp values (Kalle Niemi) - dmaengine: ioatdma: Fix missing kmem_cache_destroy() (Nikita Shubin) - dmaengine: ioatdma: Fix kmemleak in ioat_pci_probe() (Nikita Shubin) - dmaengine: ioatdma: Fix error path in ioat3_dma_probe() (Nikita Shubin) - dmaengine: ioat: use PCI core macros for PCIe Capability (Bjorn Helgaas) - dmaengine: ioatdma: Fix leaking on version mismatch (Nikita Shubin) - dmaengine: ioat: Drop redundant pci_enable_pcie_error_reporting() (Bjorn Helgaas) - dmaengine: ioat: switch from 'pci_' to 'dma_' API (Qing Wang) - dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (Li RongQing) [Orabug: 36835844] {CVE-2024-40956} - regulator: core: Fix modpost error 'regulator_get_regmap' undefined (Biju Das) - net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings (Oliver Neukum) - bnxt_en: Restore PTP tx_avail count in case of skb_pad() error (Pavan Chebbi) - seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors (Jianguo Wu) [Orabug: 36835846] {CVE-2024-40957} - netfilter: ipset: Fix suspicious rcu_dereference_protected() (Jozsef Kadlecsik) [Orabug: 36836326] {CVE-2024-40993} - octeontx2-pf: Add error handling to VLAN unoffload handling (Simon Horman) - virtio_net: checksum offloading handling fix (Heng Qi) - net: stmmac: No need to calculate speed divider when offload is disabled (Xiaolei Wang) - ptp: fix integer overflow in max_vclocks_store (Dan Carpenter) [Orabug: 36836016] {CVE-2024-40994} - sched: act_ct: add netns into the key of tcf_ct_flow_table (Xin Long) - net/sched: act_ct: set 'net' pointer when creating new nf_flow_table (Vlad Buslov) - tipc: force a dst refcount before doing decryption (Xin Long) [Orabug: 36835980] {CVE-2024-40983} - net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (David Ruth) [Orabug: 36836018] {CVE-2024-40995} - net/sched: act_api: rely on rcu in tcf_idr_check_alloc (Pedro Tammela) - qca_spi: Make interrupt remembering atomic (Stefan Wahren) - netns: Make get_net_ns() handle zero refcount net (Yue Haibing) [Orabug: 36835848] {CVE-2024-40958} - xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (Eric Dumazet) [Orabug: 36835851] {CVE-2024-40959} - ipv6: prevent possible NULL dereference in rt6_probe() (Eric Dumazet) [Orabug: 36835856] {CVE-2024-40960} - ipv6: prevent possible NULL deref in fib6_nh_init() (Eric Dumazet) [Orabug: 36835861] {CVE-2024-40961} - netrom: Fix a memory leak in nr_heartbeat_expiry() (Gavrilov Ilia) [Orabug: 36836085] {CVE-2024-41006} - cipso: fix total option length computation (Ondrej Mosnacek) - tracing: Build event generation tests only as modules (Masami Hiramatsu (Google)) - mips: bmips: BCM6358: make sure CBR is correctly set (Christian Marangi) [Orabug: 36835869] {CVE-2024-40963} - MIPS: Routerboard 532: Fix vendor retry check code (Ilpo Jarvinen) - serial: exar: adding missing CTI and Exar PCI ids (Parker Newman) - serial: imx: Introduce timeout when waiting on transmitter empty (Esben Haabendal) [Orabug: 36835886] {CVE-2024-40967} - MIPS: Octeon: Add PCIe link status check (Songyang Li) [Orabug: 36835892] {CVE-2024-40968} - PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (Mario Limonciello) - udf: udftime: prevent overflow in udf_disk_stamp_to_time() (Roman Smirnov) - Avoid hw_desc array overrun in dw-axi-dmac (Joao Pinto) [Orabug: 36835903] {CVE-2024-40970} - usb: misc: uss720: check for incompatible versions of the Belkin F5U002 (Alex Henrie) - f2fs: remove clear SB_INLINECRYPT flag in default_options (Yunlei He) [Orabug: 36835908] {CVE-2024-40971} - iommu/arm-smmu-v3: Free MSIs in case of ENOMEM (Aleksandr Aprelkov) - power: supply: cros_usbpd: provide ID table for avoiding fallback match (Tzung-Bi Shih) - powerpc/io: Avoid clang null pointer arithmetic warnings (Michael Ellerman) - powerpc/pseries: Enforce hcall result buffer validity and size (Nathan Lynch) [Orabug: 36835925] {CVE-2024-40974} - drm/lima: mask irqs in timeout path before hard reset (Erico Nunes) [Orabug: 36835935] {CVE-2024-40976} - drm/lima: add mask irq callback to gp and pp (Erico Nunes) - drm/amd/display: Exit idle optimizations before HDCP execution (Nicholas Kazlauskas) - Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl (Uri Arev) - ACPI: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7 (Takashi Iwai) - HID: Add quirk for Logitech Casa touchpad (Sean O'Brien) - netpoll: Fix race condition in netpoll_owner_active (Breno Leitao) [Orabug: 36836079] {CVE-2024-41005} - kselftest: arm64: Add a null pointer check (Kunwu Chan) - scsi: qedi: Fix crash while reading debugfs attribute (Manish Rangankar) [Orabug: 36835946] {CVE-2024-40978} - drop_monitor: replace spin_lock by raw_spin_lock (Wander Lairson Costa) [Orabug: 36835959] {CVE-2024-40980} - af_packet: avoid a false positive warning in packet_setsockopt() (Eric Dumazet) - wifi: ath9k: work around memset overflow warning (Arnd Bergmann) - batman-adv: bypass empty buckets in batadv_purge_orig_ref() (Eric Dumazet) [Orabug: 36835965] {CVE-2024-40981} - selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (Yonghong Song) - selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (Alessandro Carminati (Red Hat)) - block/ioctl: prefer different overflow check (Justin Stitt) [Orabug: 36836043] {CVE-2024-41000} - rcutorture: Fix invalid context warning when enable srcu barrier testing (Zqiang) - rcutorture: Make stall-tasks directly exit when rcutorture tests end (Zqiang) - rcutorture: Fix rcu_torture_one_read() pipe_count overflow comment (Paul E. McKenney) - crypto: hisilicon/sec - Fix memory leak for sec resource release (Chenghai Huang) [Orabug: 36836053] {CVE-2024-41002} - padata: Disable BH when taking works lock on MT path (Herbert Xu) - Bluetooth: qca: fix info leak when fetching board id (Johan Hovold) [Orabug: 36934735] {CVE-2024-36033} - Bluetooth: qca: Fix error code in qca_read_fw_build_info() (Dan Carpenter) - zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING (Oleg Nesterov) - i2c: designware: Fix the functionality flags of the slave-only interface (Jean Delvare) - i2c: at91: Fix the functionality flags of the slave-only interface (Jean Delvare) - usb-storage: alauda: Check whether the media is initialized (Shichao Lai) [Orabug: 36753733] {CVE-2024-38619} - greybus: Fix use-after-free bug in gb_interface_release due to race condition. (Sicong Huang) [Orabug: 36835563] {CVE-2024-39495} - kbuild: Remove support for Clang's ThinLTO caching (Nathan Chancellor) - mptcp: pm: update add_addr counters after connect (YonglongLi) - mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (YonglongLi) - hugetlb_encode.h: fix undefined behaviour (34 << 26) (Matthias Goergens) - serial: 8250_pxa: Configure tx_loadsz to match FIFO IRQ level (Doug Brown) - mm/huge_memory: don't unpoison huge_zero_folio (Miaohe Lin) [Orabug: 36835742] {CVE-2024-40914} - scsi: mpi3mr: Fix ATA NCQ priority support (Damien Le Moal) - tick/nohz_full: Don't abuse smp_call_function_single() in tick_setup_device() (Oleg Nesterov) - nilfs2: fix potential kernel bug due to lack of writeback flag waiting (Ryusuke Konishi) [Orabug: 36774570] {CVE-2024-37078} - intel_th: pci: Add Lunar Lake support (Alexander Shishkin) - intel_th: pci: Add Meteor Lake-S support (Alexander Shishkin) - intel_th: pci: Add Sapphire Rapids SOC support (Alexander Shishkin) - intel_th: pci: Add Granite Rapids SOC support (Alexander Shishkin) - intel_th: pci: Add Granite Rapids support (Alexander Shishkin) - dmaengine: axi-dmac: fix possible race in remove() (Nuno Sa) - PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id (Rick Wertenbroek) - ocfs2: fix races between hole punching and AIO+DIO (Su Yue) [Orabug: 36835816] {CVE-2024-40943} - ocfs2: use coarse time for new created files (Su Yue) - fs/proc: fix softlockup in __read_vmcore (Rik van Riel) - knfsd: LOOKUP can return an illegal error value (Trond Myklebust) - spmi: hisi-spmi-controller: Do not override device identifier (Vamshi Gajjela) - vmci: prevent speculation leaks by sanitizing event in event_deliver() (Hagar Gamal Halim Hemdan) [Orabug: 36835581] {CVE-2024-39499} - sock_map: avoid race between sock_map_close and sk_psock_put (Thadeu Lima de Souza Cascardo) [Orabug: 36835586] {CVE-2024-39500} - null_blk: Print correct max open zones limit in null_init_zoned_dev() (Damien Le Moal) - tracing/selftests: Fix kprobe event name test for .isra. functions (Steven Rostedt (Google)) - mptcp: ensure snd_una is properly initialized on connect (Paolo Abeni) [Orabug: 36835783] {CVE-2024-40931} - drm/exynos/vidi: fix memory leak in .get_modes() (Jani Nikula) [Orabug: 36835785] {CVE-2024-40932} - drivers: core: synchronize really_probe() and dev_uevent() (Dirk Behme) [Orabug: 36835588] {CVE-2024-39501} - iio: imu: inv_icm42600: delete unneeded update watermark call (Jean-Baptiste Maneyrol) - iio: dac: ad5592r: fix temperature channel scaling value (Marc Ferland) - iio: adc: ad9467: fix scan type sign (David Lechner) - af_unix: Read with MSG_PEEK loops if the first unread byte is OOB (Rao Shoaib) - ionic: fix use after netif_napi_del() (Taehee Yoo) [Orabug: 36835594] {CVE-2024-39502} - net/ipv6: Fix the RT cache flush via sysctl using a previous delay (Petr Pavlu) - net: stmmac: replace priv->speed with the portTransmitRate from the tc-cbs parameters (Xiaolei Wang) - net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets (Gal Pressman) - tcp: fix race in tcp_v6_syn_recv_sock() (Eric Dumazet) - drm/bridge/panel: Fix runtime warning on panel bridge release (Adam Miotk) - drm/komeda: check for error-valued pointer (Amjad Ouled-Ameur) [Orabug: 36835673] {CVE-2024-39505} - liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet (Aleksandr Mishin) [Orabug: 36835676] {CVE-2024-39506} - net: hns3: add cond_resched() to hns3 ring buffer init process (Jie Wang) - net: hns3: fix kernel crash problem in concurrent scenario (Yonglong Liu) [Orabug: 36835679] {CVE-2024-39507} - net: sfp: Always call sfp_sm_mod_remove() on remove (Csokas, Bence) - drm/vmwgfx: 3D disabled should not effect STDU memory limits (Ian Forbes) - HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() (Jose Exposito) [Orabug: 36835792] {CVE-2024-40934} - iommu: Return right value in iommu_sva_bind_device() (Lu Baolu) [Orabug: 36835823] {CVE-2024-40945} - iommu/amd: Fix sysfs leak in iommu init (Kun(llfl)) - iommu/amd: Introduce pci segment structure (Vasant Hegde) - HID: core: remove unnecessary WARN_ON() in implement() (Nikita Zhandarovich) [Orabug: 36835688] {CVE-2024-39509} - gpio: tqmx86: store IRQ trigger type and unmask status separately (Matthias Schiffer) - gpio: tqmx86: fix typo in Kconfig label (Gregor Herburger) - platform/x86: dell-smbios: Fix wrong token data in sysfs (Armin Wolf) - platform/x86: dell-smbios-base: Use sysfs_emit() (ye xingchen) - SUNRPC: return proper error from gss_wrap_req_priv (Chen Hanxiao) - clk: sifive: Do not register clkdevs for PRCI clocks (Samuel Holland) - Input: try trimming too long modalias strings (Dmitry Torokhov) - powerpc/uaccess: Fix build errors seen with GCC 13/14 (Michael Ellerman) - scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (Breno Leitao) [Orabug: 36835695] {CVE-2024-40901} - xhci: Apply broken streams quirk to Etron EJ188 xHCI host (Kuangyi Chiang) - xhci: Handle TD clearing for multiple streams case (Hector Martin) [Orabug: 36835772] {CVE-2024-40927} - xhci: Apply reset resume quirk to Etron EJ188 xHCI host (Kuangyi Chiang) - xhci: Set correct transferred length for cancelled bulk transfers (Mathias Nyman) - jfs: xattr: fix buffer overflow for invalid xattr (Greg Kroah-Hartman) [Orabug: 36835700] {CVE-2024-40902} - mei: me: release irq in mei_me_pci_resume error path (Tomas Winkler) - usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state (Kyle Tso) - USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (Alan Stern) [Orabug: 36835708] {CVE-2024-40904} - nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors (Ryusuke Konishi) [Orabug: 36774645] {CVE-2024-39469} - nilfs2: return the mapped address from nilfs_get_page() (Matthew Wilcox (Oracle)) - nilfs2: Remove check for PageError (Matthew Wilcox (Oracle)) - btrfs: fix leak of qgroup extent records after transaction abort (Filipe Manana) - wifi: ath10k: fix QCOM_RPROC_COMMON dependency (Dmitry Baryshkov) - selftests/mm: compaction_test: fix bogus test success on Aarch64 (Dev Jain) - selftests/mm: conform test to TAP format output (Muhammad Usama Anjum) - selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages (Dev Jain) - mm/cma: drop incorrect alignment check in cma_init_reserved_mem (Frank van der Linden) - cma: factor out minimum alignment requirement (David Hildenbrand) - i2c: acpi: Unbind mux adapters before delete (Hamish Martin) [Orabug: 36774617] {CVE-2024-39362} - i2c: add fwnode APIs (Russell King (Oracle)) - mmc: davinci: Don't strip remove function when driver is builtin (Uwe Kleine-Konig) [Orabug: 36809300] {CVE-2024-39484} - mmc: davinci_mmc: Convert to platform remove callback returning void (Yangtao Li) - ftrace: Fix possible use-after-free issue in ftrace_location() (Zheng Yejian) [Orabug: 36753573] {CVE-2024-38588} - x86/ibt,ftrace: Search for __fentry__ location (Peter Zijlstra) - serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler (Hugo Villeneuve) - serial: sc16is7xx: replace hardcoded divisor value with BIT() macro (Hugo Villeneuve) - Bluetooth: qca: fix info leak when fetching fw build id (Johan Hovold) [Orabug: 36683103] {CVE-2024-36032} - Bluetooth: qca: add support for QCA2066 (Tim Jiang) - Bluetooth: qca: use switch case for soc type behavior (Neil Armstrong) - Bluetooth: btqca: Add WCN3988 support (Luca Weiss) - Bluetooth: btqca: use le32_to_cpu for ver.soc_id (Min-Hua Chen) - Bluetooth: hci_qca: mark OF related data as maybe unused (Krzysztof Kozlowski) - skbuff: introduce skb_pull_data (Luiz Augusto von Dentz) - misc/pvpanic-pci: register attributes via pci_driver (Thomas Weissschuh) - misc/pvpanic: deduplicate common code (Thomas Weissschuh) - pvpanic: Indentation fixes here and there (Andy Shevchenko) - pvpanic: Keep single style across modules (Andy Shevchenko) - drm/amd/display: Fix incorrect DSC instance for MST (Hersen Wu) - drm/amd/display: drop unnecessary NULL checks in debugfs (Alexey Kodanev) - drm/amd/display: Clean up some inconsistent indenting (Jiapeng Chong) - drm/amd/display: Handle Y carry-over in VCP X.Y calculation (George Shen) - iio: accel: mxc4005: Reset chip on probe() and resume() (Hans de Goede) - usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (Wesley Cheng) [Orabug: 36683254] {CVE-2024-36894} - usb: gadget: f_fs: use io_data->status consistently (John Keeping) - ipv6: fix possible race in __fib6_drop_pcpu_from() (Eric Dumazet) [Orabug: 36835713] {CVE-2024-40905} - af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill(). (Kuniyuki Iwashima) - af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen(). (Kuniyuki Iwashima) - af_unix: Use skb_queue_empty_lockless() in unix_release_sock(). (Kuniyuki Iwashima) - af_unix: annotate lockless accesses to sk->sk_err (Eric Dumazet) - af_unix: Use unix_recvq_full_lockless() in unix_stream_connect(). (Kuniyuki Iwashima) - af_unix: Annotate data-race of net->unx.sysctl_max_dgram_qlen. (Kuniyuki Iwashima) - af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG. (Kuniyuki Iwashima) - af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb(). (Kuniyuki Iwashima) - af_unix: Annotate data-races around sk->sk_state in sendmsg() and recvmsg(). (Kuniyuki Iwashima) - af_unix: Annotate data-race of sk->sk_state in unix_stream_connect(). (Kuniyuki Iwashima) - af_unix: Annotate data-races around sk->sk_state in unix_write_space() and poll(). (Kuniyuki Iwashima) - af_unix: Annotate data-race of sk->sk_state in unix_inq_len(). (Kuniyuki Iwashima) - af_unix: Annodate data-races around sk->sk_state for writers. (Kuniyuki Iwashima) - af_unix: Set sk->sk_state under unix_state_lock() for truly disconencted peer. (Kuniyuki Iwashima) - ptp: Fix error message on failed pin verification (Karol Kolacinski) - net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (Eric Dumazet) [Orabug: 36748168] {CVE-2024-36974} - tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (Jason Xing) - net: sched: sch_multiq: fix possible OOB write in multiq_tune() (Hangyu Hua) [Orabug: 36748175] {CVE-2024-36978} - octeontx2-af: Always allocate PF entries from low prioriy zone (Subbaraya Sundeep) - bpf: Set run context for rawtp test_run callback (Jiri Olsa) [Orabug: 36835722] {CVE-2024-40908} - ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (Eric Dumazet) - net/ncsi: Fix the multi thread manner of NCSI driver (DelphineCCChiu) - net/ncsi: Simplify Kconfig/dts control flow (Peter Delevoryas) - wifi: mac80211: correctly parse Spatial Reuse Parameter Set element (Lingbo Kong) - wifi: iwlwifi: mvm: don't read past the mfuart notifcation (Emmanuel Grumbach) [Orabug: 36835807] {CVE-2024-40941} - wifi: iwlwifi: mvm: check n_ssids before accessing the ssids (Miri Korenblit) [Orabug: 36835779] {CVE-2024-40929} - wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef (Shahar S Matityahu) - wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 (Johannes Berg) - wifi: cfg80211: pmsr: use correct nla_get_uX functions (Lin Ma) - wifi: cfg80211: Lock wiphy in cfg80211_get_station (Remi Pommarel) [Orabug: 36835729] {CVE-2024-40911} - wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() (Remi Pommarel) [Orabug: 36835734] {CVE-2024-40912} - wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects (Nicolas Escande) [Orabug: 36835811] {CVE-2024-40942} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-40911 CVE-2024-40947 CVE-2024-40978 CVE-2024-40981 CVE-2024-41027 CVE-2024-42070 CVE-2024-42090 CVE-2024-42153 CVE-2024-42092 CVE-2024-42095 CVE-2024-40908 CVE-2024-40942 CVE-2024-40961 CVE-2024-41041 CVE-2024-41046 CVE-2024-42247 CVE-2024-40927 CVE-2024-40974 CVE-2024-42087 CVE-2024-42093 CVE-2024-39502 CVE-2024-39507 CVE-2024-40934 CVE-2024-40968 CVE-2024-40988 CVE-2024-41002 CVE-2024-41087 CVE-2024-42068 CVE-2024-42098 CVE-2024-42131 CVE-2024-40945 CVE-2024-40904 CVE-2024-41005 CVE-2024-41034 CVE-2024-42089 CVE-2024-39362 CVE-2024-40912 CVE-2024-41097 CVE-2024-42082 CVE-2024-42244 CVE-2022-3567 CVE-2024-40958 CVE-2024-36978 CVE-2024-40987 CVE-2024-40995 CVE-2024-42096 CVE-2024-42109 CVE-2024-36974 CVE-2024-39487 CVE-2024-41006 CVE-2024-39500 CVE-2024-39505 CVE-2024-42121 CVE-2024-36894 CVE-2024-40902 CVE-2022-3566 CVE-2024-36033 CVE-2024-36484 CVE-2024-38619 CVE-2024-40937 CVE-2024-41035 CVE-2024-42094 CVE-2024-41049 CVE-2024-42097 CVE-2024-42105 CVE-2024-42143 CVE-2024-39482 CVE-2024-36032 CVE-2024-42148 CVE-2024-42161 CVE-2024-41089 CVE-2024-42103 CVE-2024-40914 CVE-2024-40990 CVE-2024-39484 CVE-2024-41093 CVE-2024-38588 CVE-2024-40905 CVE-2024-40957 CVE-2024-42152 CVE-2024-40929 CVE-2024-40971 CVE-2024-40993 CVE-2024-42225 CVE-2024-42232 CVE-2024-42236 CVE-2024-41048 CVE-2024-36901 CVE-2024-42154 CVE-2024-39509 CVE-2024-40931 CVE-2024-40959 CVE-2024-40963 CVE-2024-41040 CVE-2024-41047 CVE-2024-40941 CVE-2024-40960 CVE-2024-42069 CVE-2024-42101 CVE-2024-42104 CVE-2024-42115 CVE-2024-42106 CVE-2024-39495 CVE-2024-42119 CVE-2024-42224 CVE-2024-39468 CVE-2024-42124 CVE-2024-40901 CVE-2024-39469 CVE-2024-40943 CVE-2024-42140 CVE-2024-40970 CVE-2024-40980 CVE-2024-40994 CVE-2024-40967 CVE-2024-42116 CVE-2024-42080 CVE-2024-42157 CVE-2024-40932 CVE-2024-39499 CVE-2024-41092 CVE-2024-42076 CVE-2024-42137 CVE-2024-40976 CVE-2024-41044 CVE-2024-40983 CVE-2024-42229 CVE-2024-41007 CVE-2024-41095 CVE-2024-42120 CVE-2024-42223 CVE-2024-42086 CVE-2024-42145 CVE-2024-40956 CVE-2024-37078 CVE-2024-39506 CVE-2024-39501 CVE-2024-41000 CVE-2024-42077 CVE-2024-42085 CVE-2024-42127 CVE-2024-42130 CVE-2024-42084 cpe:/a:oracle:linux:8::UEKR7 cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:8::developer_UEKR7 cpe:/a:oracle:linux:9::UEKR7 cpe:/o:oracle:linux:9:4:baseos_patch cpe:/a:oracle:linux:9::developer_UEKR7 Oracle Linux 9 libvirt [9.0.0-6.el9] - rpc: ensure temporary GSource is removed from client event loop (Daniel P. Berrange) [Orabug: 36821472] {CVE-2024-4418} - rpc: Don't warn about 'max_client_requests' in single-threaded daemons (Peter Krempa) [Orabug: 36422853] libvirt-python [9.0.0-6.el9] - Update to libvirt 9.0.0-6 (Karl Heubaum) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-4418 cpe:/a:oracle:linux:9::kvm_utils Oracle Linux 9 [7.2.0-15.el9] - migration: abort on destination if switchover limit exceeded (Elena Ufimtseva) - migration: introduce strict switchover SLA (Elena Ufimtseva) - migration: add error to MigrationIncomingState (Elena Ufimtseva) - migration: Set migration status early in incoming side (Fabiano Rosas) - tests/qtest: migration: Use migrate_incoming_qmp where appropriate (Fabiano Rosas) - tests/qtest: migration: Add migrate_incoming_qmp helper (Fabiano Rosas) - tests/qtest: migration: Expose migrate_set_capability (Fabiano Rosas) - vfio/migration: Multifd device state transfer support - send side (Maciej S. Szmigiero) - vfio/migration: Add x-orcl-migration-multifd-transfer VFIO property (Maciej S. Szmigiero) - vfio/migration: Multifd device state transfer support - receive side (Maciej S. Szmigiero) - migration/multifd: Add migration_has_device_state_support() (Maciej S. Szmigiero) - migration/multifd: Device state transfer support - send side (Maciej S. Szmigiero) - migration/multifd: Convert multifd_send_pages::next_channel to atomic (Maciej S. Szmigiero) - migration/multifd: Device state transfer support - receive side (Maciej S. Szmigiero) - migration: Add load_finish handler and associated functions (Maciej S. Szmigiero) - migration: Add qemu_loadvm_load_state_buffer() and its handler (Maciej S. Szmigiero) - migration: Add save_live_complete_precopy_{begin,end} handlers (Maciej S. Szmigiero) - migration/multifd: Zero p->flags before starting filling a packet (Maciej S. Szmigiero) - migration/ram: Add load start trace event (Maciej S. Szmigiero) - vfio/migration: Add save_{iterate,complete_precopy}_started trace events (Maciej S. Szmigiero) - hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs (Philippe Mathieu-Daude) [Orabug: 36869694] {CVE-2024-3446} - hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs (Philippe Mathieu-Daude) [Orabug: 36869694] {CVE-2024-3446} - hw/display/virtio-gpu: Protect from DMA re-entrancy bugs (Philippe Mathieu-Daude) [Orabug: 36869694] {CVE-2024-3446} - hw/virtio: Introduce virtio_bh_new_guarded() helper (Philippe Mathieu-Daude) [Orabug: 36869694] {CVE-2024-3446} - pcie_sriov: Validate NumVFs (Akihiko Odaki) [Orabug: 36314082] {CVE-2024-26327} - hw/nvme: Use pcie_sriov_num_vfs() (Akihiko Odaki) [Orabug: 36314111] {CVE-2024-26328} - pcie: Introduce pcie_sriov_num_vfs (Akihiko Odaki) [Orabug: 36314111] {CVE-2024-26328} - qcow2: Don't open data_file with BDRV_O_NO_IO (Kevin Wolf) [Orabug: 36801853] {CVE-2024-4467} - target/i386: drop AMD machine check bits from Intel CPUID (Paolo Bonzini) [Orabug: 36785079] - target/i386: pass X86CPU to x86_cpu_get_supported_feature_word (Paolo Bonzini) [Orabug: 36785079] - migration: prevent migration when VM has poisoned memory (William Roche) [Orabug: 35533097] - i386: Add support for overflow recovery (John Allen) [Orabug: 34691766] - i386: Add support for SUCCOR feature (John Allen) [Orabug: 34691766] - i386: Fix MCE support for AMD hosts (John Allen) [Orabug: 34691766] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-26328 CVE-2024-26327 CVE-2024-3446 CVE-2024-4467 cpe:/a:oracle:linux:9::kvm_utils Oracle Linux 9 [3.0.7-28.0.1_fips] - Replace upstream references in fips man pages [Orabug: 35824276] - Add FIPS package change: add fips suffix to Release and set Epoch to 10 [Orabug: 35824276] - Update FIPS module name and remove upstream references from fips_module_indicators manpage [Orabug: 35824276] [3.0.7-28.0.1] - Drop OpenELA branding, apply Oracle branding patches - Enable openssl-fips-provider dependency [Orabug: 36504822] - Temporary disable openssl-fips-provider dependency [Orabug: 36504822] - Replace upstream references [Orabug: 34340177] [1:3.0.7-28] - Patch for CVE-2024-6119 Resolves: RHEL-55340 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-6119 cpe:/a:oracle:linux:9::u3_security_validation Oracle Linux 8 Oracle Linux 9 [5.15.0-300.163.18] - crypto: qat - specify firmware files for 402xx (Giovanni Cabiddu) [Orabug: 37044631] [5.15.0-300.163.17] - KVM/x86: Do not clear SIPI while in SMM (Boris Ostrovsky) [Orabug: 36955051] - Revert 'Fix userfaultfd_api to return EINVAL as expected' (Vijayendra Suman) [Orabug: 36992217] [5.15.0-300.163.16] - Revert 'bpf: Allow reads from uninit stack' (Vijayendra Suman) [Orabug: 36977604] - platform/x86/amd/hsmp: Check HSMP support on AMD family of processors (Suma Hegde) [Orabug: 36965024] - platform/x86/amd/hsmp: switch to use device_add_groups() (Greg Kroah-Hartman) [Orabug: 36965024] - platform/x86/amd/hsmp: Change devm_kzalloc() to devm_kcalloc() (Suma Hegde) [Orabug: 36965024] - platform/x86/amd/hsmp: Remove extra parenthesis and add a space (Suma Hegde) [Orabug: 36965024] - platform/x86/amd/hsmp: Check num_sockets against MAX_AMD_SOCKETS (Suma Hegde) [Orabug: 36965024] - platform/x86/amd/hsmp: Non-ACPI support for AMD F1A_M00~0Fh (Suma Hegde) [Orabug: 36965024] - platform/x86/amd/hsmp: Add support for ACPI based probing (Suma Hegde) [Orabug: 36965024] - platform/x86/amd/hsmp: Restructure sysfs group creation (Suma Hegde) [Orabug: 36965024] - platform/x86/amd/hsmp: Move dev from platdev to hsmp_socket (Suma Hegde) [Orabug: 36965024] - platform/x86/amd/hsmp: Define a struct to hold mailbox regs (Suma Hegde) [Orabug: 36965024] - platform/x86/amd/hsmp: Create static func to handle platdev (Suma Hegde) [Orabug: 36965024] - platform/x86/amd/hsmp: Cache pci_dev in struct hsmp_socket (Suma Hegde) [Orabug: 36965024] - platform/x86/amd/hsmp: Move hsmp_test to probe (Suma Hegde) [Orabug: 36965024] - uek-rpm/core-x86_64.list: Add amd_hsmp.ko in kernel-uek-core (Vijay Kumar) [Orabug: 36970850] - mtd: use refcount to prevent corruption (Tomas Winkler) [Orabug: 36975228] - mtd: core: clear out unregistered devices a bit more (Zev Weiss) [Orabug: 36975228] - mtd: core: Drop duplicate NULL checks around nvmem_unregister() (Andy Shevchenko) [Orabug: 36975228] - mtd: core: Fix refcount error in del_mtd_device() (Shang XiaoJing) [Orabug: 36975228] - mips: add pte_unmap() to balance pte_offset_map() (Hugh Dickins) [Orabug: 36975237] - selftests/vm: Fix build issue with pkey_sighandler_tests.c (Aruna Ramakrishna) [Orabug: 36976755] - Revert 'igb: free up irq resources in device shutdown path.' (Yifei Liu) [Orabug: 36948889] - Revert 'igb: fix __free_irq warnings seen during module unload.' (Yifei Liu) [Orabug: 36948889] - SUNRPC: Improve accuracy of socket ENOBUFS determination (Trond Myklebust) [Orabug: 36834328] - SUNRPC: Replace internal use of SOCKWQ_ASYNC_NOSPACE (Trond Myklebust) [Orabug: 36834328] - uek-rpm: mips: Disable CONFIG_CRYPTO_FIPS for kdump kernel (Dave Kleikamp) [Orabug: 36935921] - MIPS: Octeon: Add PCIe link status check (Dave Kleikamp) [Orabug: 36948261] - fwctl/mlx5: Add INTERNAL_DEV_RES uctx capability (Avihai Horon) [Orabug: 36863219] - uek-rpm: build the fwctl mlx5 driver on UEK (Qing Huang) [Orabug: 36466726] - fwctl: Adapt code for UEK7 (Mikhael Goikhman) [Orabug: 36466726] - taint: Add TAINT_FWCTL (Jason Gunthorpe) [Orabug: 36466726] - mm/slab: make __free(kfree) accept error pointers (Dan Carpenter) [Orabug: 36466726] - mlx5: Create an auxiliary device for fwctl_mlx5 (Saeed Mahameed) [Orabug: 36466726] - fwctl/mlx5: Support for communicating with mlx5 fw (Saeed Mahameed) [Orabug: 36466726] - fwctl: FWCTL_RPC to execute a Remote Procedure Call to device firmware (Jason Gunthorpe) [Orabug: 36466726] - fwctl: FWCTL_INFO to return basic information about the device (Jason Gunthorpe) [Orabug: 36466726] - fwctl: Basic ioctl dispatch for the character device (Jason Gunthorpe) [Orabug: 36466726] - fwctl: Add basic structure for a class subsystem with a cdev (Jason Gunthorpe) [Orabug: 36466726] - cleanup: Add conditional guard support (Peter Zijlstra) [Orabug: 36466726] - cleanup: Make no_free_ptr() __must_check (Peter Zijlstra) [Orabug: 36466726] - locking: Introduce __cleanup() based infrastructure (Peter Zijlstra) [Orabug: 36466726] - dmaengine: ioat: Free up __cleanup() name (Peter Zijlstra) [Orabug: 36466726] - container_of: Update header inclusions (Andy Shevchenko) [Orabug: 36466726] - container_of: add container_of_const() that preserves const-ness of the pointer (Greg Kroah-Hartman) [Orabug: 36466726] - linux/container_of.h: Warn about loss of constness (Sakari Ailus) [Orabug: 36466726] - container_of: remove container_of_safe() (Greg Kroah-Hartman) [Orabug: 36466726] - dmaengine: ioat: Fix spelling mistake 'idel' -> 'idle' (Colin Ian King) [Orabug: 36466726] - preempt: Provide preempt_[dis|en]able_nested() (Thomas Gleixner) [Orabug: 36466726] - locking: Detect includes rwlock.h outside of spinlock.h (Sebastian Andrzej Siewior) [Orabug: 36466726] - tracepoint: Allow trace events in modules with TAINT_TEST (Alison Schofield) [Orabug: 36466726] - panic: Taint kernel if tests are run (David Gow) [Orabug: 36466726] - linux/container_of.h: switch to static_assert (Rasmus Villemoes) [Orabug: 36466726] - kernel.h: split out container_of() and typeof_member() macros (Andy Shevchenko) [Orabug: 36466726] - uek-rpm: add CONFIG_NETDEVSIM=m build flag (Qing Huang) [Orabug: 36836285] - Revert 'net: netdevsim: use mock PHC driver' (Qing Huang) [Orabug: 36836285] - Revert 'net: netdevsim: mimic tc-taprio offload' (Qing Huang) [Orabug: 36836285] - Revert 'net: netdevsim: don't try to destroy PHC on VFs' (Qing Huang) [Orabug: 36836285] - xfrm: call xfrm_dev_policy_delete when kill policy (Jianbo Liu) [Orabug: 36848687] - xfrm: fix netdev reference count imbalance (Jianbo Liu) [Orabug: 36848687] - xfrm: don't skip free of empty state in acquire policy (Leon Romanovsky) [Orabug: 36848687] - xfrm: delete offloaded policy (Leon Romanovsky) [Orabug: 36848687] - Revert 'arch/arm64/boot/dts: psci support' (Joe Dobosenski) [Orabug: 36911826] - uek-rpm: mips: Config changes for fips (Dave Kleikamp) [Orabug: 36912607] - uek-rpm: Fix a missing closing parenthesis in spec file (Harshit Mogalapalli) [Orabug: 36899944] - scsi: mpt3sas: Avoid possible run-time warning with long manufacturer strings (Kees Cook) [Orabug: 36892249] - uek-rpm: Enable CONFIG_GNSS for GNSS receiver support (Harshvardhan Jha) [Orabug: 36741354] - uek-rpm: Move ieee802154.ko out of extras, it is in core already (Harshit Mogalapalli) [Orabug: 36769995] - tools/power/turbostat: Add initial support for GraniteRapids (Zhang Rui) [Orabug: 36812907] - perf/x86/cstate: Add Granite Rapids support (Artem Bityutskiy) [Orabug: 36812907] - perf/x86/intel: Add Granite Rapids (Kan Liang) [Orabug: 36812907] - ACPI: APEI: EINJ: Add CXL error types (Tony Luck) [Orabug: 36812907] - ACPI: APEI: EINJ: Refactor available_error_type_show() (Thomas Tai) [Orabug: 36812907] - KVM: x86: Advertise PREFETCHIT0/1 CPUID to user space (Jiaxi Chen) [Orabug: 36812907] - ntb: intel: add GNR support for Intel PCIe gen5 NTB (Dave Jiang) [Orabug: 36812907] - scsi: mpi3mr: Driver version update (Sumit Saxena) [Orabug: 36822033] - scsi: mpi3mr: Prevent PCI writes from driver during PCI error recovery (Sumit Saxena) [Orabug: 36822033] - scsi: mpi3mr: Support PCI Error Recovery callback handlers (Sumit Saxena) [Orabug: 36822033] - scsi: mpi3mr: Correct a test in mpi3mr_sas_port_add() (Tomas Henzl) [Orabug: 36822033] - scsi: mpi3mr: Update driver version to 8.9.1.0.50 (Ranjan Kumar) [Orabug: 36822033] - scsi: mpi3mr: Add ioctl support for HDB (Ranjan Kumar) [Orabug: 36822033] - scsi: mpi3mr: Trigger support (Ranjan Kumar) [Orabug: 36822033] - scsi: mpi3mr: HDB allocation and posting for hardware and firmware buffers (Ranjan Kumar) [Orabug: 36822033] - scsi: mpi3mr: Sanitise num_phys (Tomas Henzl) [Orabug: 36822033] - scsi: mpi3mr: Driver version update to 8.8.1.0.50 (Ranjan Kumar) [Orabug: 36822033] - scsi: mpi3mr: Update MPI Headers to revision 31 (Ranjan Kumar) [Orabug: 36822033] - scsi: mpi3mr: Debug ability improvements (Ranjan Kumar) [Orabug: 36822033] - scsi: mpi3mr: Set the WriteSame Divert Capability in the IOCInit MPI Request (Ranjan Kumar) [Orabug: 36822033] - scsi: mpi3mr: Clear ioctl blocking flag for an unresponsive controller (Ranjan Kumar) [Orabug: 36822033] - scsi: mpi3mr: Set MPI request flags appropriately (Ranjan Kumar) [Orabug: 36822033] - scsi: mpi3mr: Block devices are not removed even when VDs are offlined (Ranjan Kumar) [Orabug: 36822033] - scsi: mpi3mr: Avoid memcpy field-spanning write WARNING (Shin'ichiro Kawasaki) [Orabug: 36822033] - scsi: mpi3mr: Replace deprecated strncpy() with assignments (Justin Stitt) [Orabug: 36822033] - scsi: mpi3mr: Reduce stack usage in mpi3mr_refresh_sas_ports() (Arnd Bergmann) [Orabug: 36822033] - scsi: mpi3mr: Use ida to manage mrioc ID (Guixin Liu) [Orabug: 36822033] - scsi: mpi3mr: Fix mpi3mr_fw.c kernel-doc warnings (Randy Dunlap) [Orabug: 36822033] - scsi: mpi3mr: Fix printk() format strings (Arnd Bergmann) [Orabug: 36822033] - scsi: mpi3mr: Update driver version to 8.5.1.0.0 (Chandrakanth patil) [Orabug: 36822033] - scsi: mpi3mr: Support for preallocation of SGL BSG data buffers part-3 (Chandrakanth patil) [Orabug: 36822033] - scsi: mpi3mr: Support for preallocation of SGL BSG data buffers part-2 (Chandrakanth patil) [Orabug: 36822033] - scsi: mpi3mr: Support for preallocation of SGL BSG data buffers part-1 (Chandrakanth patil) [Orabug: 36822033] - scsi: mpi3mr: Fetch correct device dev handle for status reply descriptor (Chandrakanth patil) [Orabug: 36822033] - scsi: mpi3mr: Block PEL Enable Command on Controller Reset and Unrecoverable State (Chandrakanth patil) [Orabug: 36822033] - scsi: mpi3mr: Clean up block devices post controller reset (Chandrakanth patil) [Orabug: 36822033] - scsi: mpi3mr: driver version upgrade to 8.5.0.0.50 (Sumit Saxena) [Orabug: 36822033] - scsi: mpi3mr: Add support for status reply descriptor (Sumit Saxena) [Orabug: 36822033] - scsi: mpi3mr: Increase maximum number of PHYs to 64 from 32 (Sumit Saxena) [Orabug: 36822033] - scsi: mpi3mr: Add PCI checks where SAS5116 diverges from SAS4116 (Sumit Saxena) [Orabug: 36822033] - scsi: mpi3mr: Add support for SAS5116 PCI IDs (Sumit Saxena) [Orabug: 36822033] - scsi: mpi3mr: Split off bus_reset function from host_reset (Hannes Reinecke) [Orabug: 36822033] - bnxt_en: Make PTP timestamp HWRM more silent (Breno Leitao) [Orabug: 36826374] - bnxt_en: Fix possible crash after creating sw mqprio TCs (Michael Chan) [Orabug: 36826374] - bnxt_en: Fix RSS table entries calculation for P5_PLUS chips (Michael Chan) [Orabug: 36826374] - bnxt_en: Fix memory leak in bnxt_hwrm_get_rings() (Michael Chan) [Orabug: 36826374] - bnxt_en: Make PTP TX timestamp HWRM query silent (Pavan Chebbi) [Orabug: 36826374] - bnxt_en: Skip nic close/open when configuring tstamp filters (Pavan Chebbi) [Orabug: 36826374] - bnxt_en: add rx_filter_miss extended stats (Damodharam Ammepalli) [Orabug: 36826374] - bnxt_en: Configure UDP tunnel TPA (Michael Chan) [Orabug: 36826374] - bnxt_en: Add support for VXLAN GPE (Michael Chan) [Orabug: 36826374] - bnxt_en: Use proper TUNNEL_DST_PORT_ALLOC* commands (Michael Chan) [Orabug: 36826374] - bnxt_en: Support TX coalesced completion on 5760X chips (Michael Chan) [Orabug: 36826374] - bnxt_en: Prevent TX timeout with a very small TX ring (Michael Chan) [Orabug: 36826374] - bnxt_en: Fix TX ring indexing logic (Michael Chan) [Orabug: 36826374] - bnxt_en: Fix AGG ring check logic in bnxt_check_rings() (Somnath Kotur) [Orabug: 36826374] - bnxt_en: Fix trimming of P5 RX and TX rings (Michael Chan) [Orabug: 36826374] - bnxt_en: Fix HWTSTAMP_FILTER_ALL packet timestamp logic (Michael Chan) [Orabug: 36826374] - bnxt_en: Fix wrong return value check in bnxt_close_nic() (Kalesh AP) [Orabug: 36826374] - bnxt_en: Fix skb recycling logic in bnxt_deliver_skb() (Sreekanth Reddy) [Orabug: 36826374] - bnxt_en: Clear resource reservation during resume (Somnath Kotur) [Orabug: 36826374] - bnxt_en: Add 5760X (P7) PCI IDs (Michael Chan) [Orabug: 36826374] - bnxt_en: Report the new ethtool link modes in the new firmware interface (Michael Chan) [Orabug: 36826374] - bnxt_en: Support force speed using the new HWRM fields (Michael Chan) [Orabug: 36826374] - bnxt_en: Support new firmware link parameters (Michael Chan) [Orabug: 36826374] - bnxt_en: Refactor ethtool speeds logic (Michael Chan) [Orabug: 36826374] - bnxt_en: Add support for new RX and TPA_START completion types for P7 (Michael Chan) [Orabug: 36826374] - bnxt_en: Refactor and refine bnxt_tpa_start() and bnxt_tpa_end(). (Michael Chan) [Orabug: 36826374] - bnxt_en: Refactor RX VLAN acceleration logic. (Michael Chan) [Orabug: 36826374] - bnxt_en: Add new P7 hardware interface definitions (Michael Chan) [Orabug: 36826374] - bnxt_en: Refactor RSS capability fields (Ajit Khaparde) [Orabug: 36826374] - bnxt_en: Implement the new toggle bit doorbell mechanism on P7 chips (Michael Chan) [Orabug: 36826374] - bnxt_en: Consolidate DB offset calculation (Hongguang Gao) [Orabug: 36826374] - bnxt_en: Define basic P7 macros (Michael Chan) [Orabug: 36826374] - bnxt_en: Update firmware interface to 1.10.3.15 (Michael Chan) [Orabug: 36826374] - bnxt_en: Update HW interface headers (Chandramohan Akula) [Orabug: 36826374] - bnxt_en: Fix backing store V2 logic (Michael Chan) [Orabug: 36826374] - bnxt_en: Rename some macros for the P5 chips (Randy Schacher) [Orabug: 36826374] - bnxt_en: Modify the NAPI logic for the new P7 chips (Michael Chan) [Orabug: 36826374] - bnxt_en: Modify RX ring indexing logic. (Michael Chan) [Orabug: 36826374] - bnxt_en: Modify TX ring indexing logic. (Michael Chan) [Orabug: 36826374] - bnxt_en: Add db_ring_mask and related macro to bnxt_db_info struct. (Michael Chan) [Orabug: 36826374] - bnxt_en: Add support for HWRM_FUNC_BACKING_STORE_CFG_V2 firmware calls (Michael Chan) [Orabug: 36826374] - bnxt_en: Add support for new backing store query firmware API (Michael Chan) [Orabug: 36826374] - bnxt_en: Add bnxt_setup_ctxm_pg_tbls() helper function (Michael Chan) [Orabug: 36826374] - bnxt_en: Use the pg_info field in bnxt_ctx_mem_type struct (Michael Chan) [Orabug: 36826374] - bnxt_en: Add page info to struct bnxt_ctx_mem_type (Michael Chan) [Orabug: 36826374] - bnxt_en: Restructure context memory data structures (Michael Chan) [Orabug: 36826374] - bnxt_en: Free bp->ctx inside bnxt_free_ctx_mem() (Michael Chan) [Orabug: 36826374] - bnxt_en: The caller of bnxt_alloc_ctx_mem() should always free bp->ctx (Michael Chan) [Orabug: 36826374] - bnxt_en: Optimize xmit_more TX path (Michael Chan) [Orabug: 36826374] - bnxt_en: Use existing MSIX vectors for all mqprio TX rings (Michael Chan) [Orabug: 36826374] - bnxt_en: Add macros related to TC and TX rings (Michael Chan) [Orabug: 36826374] - bnxt_en: Add helper to get the number of CP rings required for TX rings (Michael Chan) [Orabug: 36826374] - bnxt_en: Support up to 8 TX rings per MSIX (Michael Chan) [Orabug: 36826374] - bnxt_en: Refactor bnxt_hwrm_set_coal() (Michael Chan) [Orabug: 36826374] - bnxt_en: New encoding for the TX opaque field (Michael Chan) [Orabug: 36826374] - bnxt_en: Refactor bnxt_tx_int() (Michael Chan) [Orabug: 36826374] - bnxt_en: Remove BNXT_RX_HDL and BNXT_TX_HDL (Michael Chan) [Orabug: 36826374] - bnxt_en: Add completion ring pointer in TX and RX ring structures (Michael Chan) [Orabug: 36826374] - bnxt_en: Restructure cp_ring_arr in struct bnxt_cp_ring_info (Michael Chan) [Orabug: 36826374] - bnxt_en: Add completion ring pointer in TX and RX ring structures (Michael Chan) [Orabug: 36826374] - bnxt_en: Put the TX producer information in the TX BD opaque field (Michael Chan) [Orabug: 36826374] - bnxt_en: Fix 2 stray ethtool -S counters (Michael Chan) [Orabug: 36826374] - bnxt_en: extend media types to supported and autoneg modes (Edwin Peer) [Orabug: 36826374] - bnxt_en: convert to linkmode_set_bit() API (Edwin Peer) [Orabug: 36826374] - bnxt_en: Refactor NRZ/PAM4 link speed related logic (Michael Chan) [Orabug: 36826374] - bnxt_en: refactor speed independent ethtool modes (Edwin Peer) [Orabug: 36826374] - bnxt_en: support lane configuration via ethtool (Edwin Peer) [Orabug: 36826374] - bnxt_en: add infrastructure to lookup ethtool link mode (Edwin Peer) [Orabug: 36826374] - eth: bnxt: take the bit to set as argument of bnxt_queue_sp_work() (Saeed Mirzamohammadi) [Orabug: 36826374] - eth: bnxt: move and rename reset helpers (Jakub Kicinski) [Orabug: 36826374] - bnxt_en: use dev_consume_skb_any() in bnxt_tx_int (Menglong Dong) [Orabug: 36826374] - bnxt_en: Link representors to PCI device (Ivan Vecera) [Orabug: 36826374] - bnxt_en: Prevent kernel panic when receiving unexpected PHC_UPDATE event (Pavan Chebbi) [Orabug: 36826374] - bnxt_en: Skip firmware fatal error recovery if chip is not accessible (Vikas Gupta) [Orabug: 36826374] - bnxt_en: Fix bnxt_hwrm_update_rss_hash_cfg() (Pavan Chebbi) [Orabug: 36826374] - bnxt_en: introduce initial link state of unknown (Edwin Peer) [Orabug: 36826374] - bnxt_en: Fix invoking hwmon_notify_event (Kalesh AP) [Orabug: 36826374] - bnxt_en: Do not call sleeping hwmon_notify_event() from NAPI (Kalesh AP) [Orabug: 36826374] - bnxt_en: devlink health: use retained error fmsg API (Przemek Kitszel) [Orabug: 36826374] - eth: bnxt: fix backward compatibility with older devices (Jakub Kicinski) [Orabug: 36826374] - bnxt_en: Update VNIC resource calculation for VFs (Vikas Gupta) [Orabug: 36826374] - bnxt_en: Event handler for Thermal event (Kalesh AP) [Orabug: 36826374] - bnxt_en: Use non-standard attribute to expose shutdown temperature (Kalesh AP) [Orabug: 36826374] - bnxt_en: Expose threshold temperatures through hwmon (Kalesh AP) [Orabug: 36826374] - bnxt_en: Modify the driver to use hwmon_device_register_with_info (Kalesh AP) [Orabug: 36826374] - bnxt_en: Move hwmon functions into a dedicated file (Kalesh AP) [Orabug: 36826374] - bnxt_en: Enhance hwmon temperature reporting (Kalesh AP) [Orabug: 36826374] - bnxt_en: Update firmware interface to 1.10.2.171 (Michael Chan) [Orabug: 36826374] - bnxt: use the NAPI skb allocation cache (Jakub Kicinski) [Orabug: 36826374] - bnxt_en: Add tx_resets ring counter (Michael Chan) [Orabug: 36826374] - bnxt_en: Display the ring error counters under ethtool -S (Michael Chan) [Orabug: 36826374] - bnxt_en: Save ring error counters across reset (Michael Chan) [Orabug: 36826374] - bnxt_en: Increment rx_resets counter in bnxt_disable_napi() (Michael Chan) [Orabug: 36826374] - bnxt_en: Let the page pool manage the DMA mapping (Somnath Kotur) [Orabug: 36826374] - bnxt_en: Use the unified RX page pool buffers for XDP and non-XDP (Somnath Kotur) [Orabug: 36826374] - bnxt_en: Fix W=stringop-overflow warning in bnxt_dcb.c (Michael Chan) [Orabug: 36826374] - bnxt_en: Fix W=1 warning in bnxt_dcb.c from fortify memcpy() (Michael Chan) [Orabug: 36826374] - bnxt_en: Fix max_mtu setting for multi-buf XDP (Michael Chan) [Orabug: 36826374] - bnxt_en: Fix page pool logic for page size >= 64K (Somnath Kotur) [Orabug: 36826374] - bnxt: don't handle XDP in netpoll (Jakub Kicinski) [Orabug: 36826374] - bnxt: use READ_ONCE/WRITE_ONCE for ring indexes (Jakub Kicinski) [Orabug: 36826374] - eth: bnxt: fix warning for define in struct_group (Jakub Kicinski) [Orabug: 36826374] - eth: bnxt: fix one of the W=1 warnings about fortified memcpy() (Jakub Kicinski) [Orabug: 36826374] - bnxt_en: Use struct_group_attr() for memcpy() region (Kees Cook) [Orabug: 36826374] - bnxt_en: Share the bar0 address with the RoCE driver (Chandramohan Akula) [Orabug: 36826374] - RDMA/bnxt_re: Update HW interface headers (Selvin Xavier) [Orabug: 36826374] - bnxt: Enforce PTP software freq adjustments only when in non-RTC mode (Pavan Chebbi) [Orabug: 36826374] - bnxt: Defer PTP initialization to after querying function caps (Pavan Chebbi) [Orabug: 36826374] - bnxt: Change fw_cap to u64 to accommodate more capability bits (Pavan Chebbi) [Orabug: 36826374] - bnxt_en: reset PHC frequency in free-running mode (Vadim Fedorenko) [Orabug: 36826374] - bnxt_en: Fix the double free during device removal (Selvin Xavier) [Orabug: 36826374] - bnxt_en: Remove runtime interrupt vector allocation (Ajit Khaparde) [Orabug: 36826374] - RDMA/bnxt_re: Remove the sriov config callback (Ajit Khaparde) [Orabug: 36826374] - bnxt_en: Remove struct bnxt access from RoCE driver (Hongguang Gao) [Orabug: 36826374] - bnxt_en: Use auxiliary bus calls over proprietary calls (Ajit Khaparde) [Orabug: 36826374] - bnxt_en: Use direct API instead of indirection (Ajit Khaparde) [Orabug: 36826374] - bnxt_en: Remove usage of ulp_id (Ajit Khaparde) [Orabug: 36826374] - RDMA/bnxt_re: Use auxiliary driver interface (Ajit Khaparde) [Orabug: 36826374] - bnxt_en: Add auxiliary driver support (Ajit Khaparde) [Orabug: 36826374] - RDMA/bnxt_re: Use separate response buffer for stat_ctx_free (Edwin Peer) [Orabug: 36826374] - RDMA/bnxt_re: Use GFP_KERNEL in non atomic context (Selvin Xavier) [Orabug: 36826374] - bnxt: Do not read past the end of test names (Kees Cook) [Orabug: 36826374] - bnxt: report FEC block stats via standard interface (Jakub Kicinski) [Orabug: 36826374] - bnxt_en: fix the handling of PCIE-AER (Vikas Gupta) [Orabug: 36826374] - bnxt_en: refactor bnxt_cancel_reservations() (Vikas Gupta) [Orabug: 36826374] - bnxt_en: fix memory leak in bnxt_nvm_test() (Vikas Gupta) [Orabug: 36826374] - bnxt_en: Remove duplicated include bnxt_devlink.c (Yang Li) [Orabug: 36826374] - bnxt_en: implement callbacks for devlink selftests (vikas) [Orabug: 36826374] - bnxt_en: fix livepatch query (Vikas Gupta) [Orabug: 36826374] - bnxt_en: Do not destroy health reporters during reset (Edwin Peer) [Orabug: 36826374] - bnxt_en: Fix devlink fw_activate (Kalesh AP) [Orabug: 36826374] - bnxt_en: Restore the resets_reliable flag in bnxt_open() (Kalesh AP) [Orabug: 36826374] - bnxt_en: Fix compile error regression when CONFIG_BNXT_SRIOV is not set (Michael Chan) [Orabug: 36826374] - bnxt_en: fix format specifier in live patch error message (Edwin Peer) [Orabug: 36826374] - bnxt_en: extend RTNL to VF check in devlink driver_reinit (Edwin Peer) [Orabug: 36826374] - bnxt_en: avoid newline at end of message in NL_SET_ERR_MSG_MOD (Wan Jiabing) [Orabug: 36826374] - bnxt_en: Remove not used other ULP define (Leon Romanovsky) [Orabug: 36826374] - bnxt_en: Provide stored devlink 'fw' version on older firmware (Vikas Gupta) [Orabug: 36826374] - bnxt_en: implement firmware live patching (Edwin Peer) [Orabug: 36826374] - bnxt_en: implement dump callback for fw health reporter (Edwin Peer) [Orabug: 36826374] - bnxt_en: extract coredump command line from current task (Edwin Peer) [Orabug: 36826374] - bnxt_en: Retrieve coredump and crashdump size via FW command (Vasundhara Volam) [Orabug: 36826374] - bnxt_en: Add compression flags information in coredump segment header (Vasundhara Volam) [Orabug: 36826374] - bnxt_en: improve fw diagnose devlink health messages (Edwin Peer) [Orabug: 36826374] - bnxt_en: consolidate fw devlink health reporters (Edwin Peer) [Orabug: 36826374] - bnxt_en: remove fw_reset devlink health reporter (Edwin Peer) [Orabug: 36826374] - bnxt_en: improve error recovery information messages (Edwin Peer) [Orabug: 36826374] - bnxt_en: add enable_remote_dev_reset devlink parameter (Edwin Peer) [Orabug: 36826374] - bnxt_en: implement devlink dev reload fw_activate (Edwin Peer) [Orabug: 36826374] - bnxt_en: implement devlink dev reload driver_reinit (Edwin Peer) [Orabug: 36826374] - bnxt_en: improve firmware timeout messaging (Edwin Peer) [Orabug: 36826374] - bnxt_en: improve VF error messages when PF is unavailable (Edwin Peer) [Orabug: 36826374] - bnxt_en: add dynamic debug support for HWRM messages (Edwin Peer) [Orabug: 36826374] - bnxt_en: refactor cancellation of resource reservations (Edwin Peer) [Orabug: 36826374] - scsi: smartpqi: Replace deprecated strncpy() with strscpy() (Justin Stitt) [Orabug: 36837224] - scsi: smartpqi: Fix disable_managed_interrupts (Don Brace) [Orabug: 36837224] - scsi: smartpqi: Bump driver version to 2.1.26-030 (Don Brace) [Orabug: 36837224] - scsi: smartpqi: Fix logical volume rescan race condition (Mahesh Rajashekhara) [Orabug: 36837224] - scsi: smartpqi: Add new controller PCI IDs (David Strahan) [Orabug: 36837224] - scsi: smartpqi: Change driver version to 2.1.24-046 (Don Brace) [Orabug: 36837224] - scsi: smartpqi: Enhance error messages (Mahesh Rajashekhara) [Orabug: 36837224] - scsi: smartpqi: Enhance controller offline notification (David Strahan) [Orabug: 36837224] - scsi: smartpqi: Enhance shutdown notification (David Strahan) [Orabug: 36837224] - scsi: smartpqi: Simplify lun_number assignment (David Strahan) [Orabug: 36837224] - scsi: smartpqi: Rename pciinfo to pci_info (Kevin Barnett) [Orabug: 36837224] - scsi: smartpqi: Rename MACRO to clarify purpose (Kevin Barnett) [Orabug: 36837224] - scsi: smartpqi: Add abort handler (Kevin Barnett) [Orabug: 36837224] - scsi: smartpqi: Replace one-element arrays with flexible-array members (Gustavo A. R. Silva) [Orabug: 36837224] - scsi: smartpqi: Replace all non-returning strlcpy() with strscpy() (Azeem Shaikh) [Orabug: 36837224] - scsi: smartpqi: Update version to 2.1.22-040 (Don Brace) [Orabug: 36837224] - scsi: smartpqi: Update copyright to 2023 (Don Brace) [Orabug: 36837224] - scsi: smartpqi: Add sysfs entry for NUMA node in /sys/block/sdX/device (Don Brace) [Orabug: 36837224] - scsi: smartpqi: Stop sending driver-initiated TURs (Kevin Barnett) [Orabug: 36837224] - scsi: smartpqi: Fix byte aligned writew for ARM servers (Don Brace) [Orabug: 36837224] - scsi: smartpqi: Add support for RAID NCQ priority (Gilbert Wu) [Orabug: 36837224] - scsi: smartpqi: Validate block layer host tag (Murthy Bhat) [Orabug: 36837224] - scsi: smartpqi: Remove contention for raid_bypass_cnt (Mike McGowen) [Orabug: 36837224] - scsi: smartpqi: Fix rare SAS transport memory leak (Don Brace) [Orabug: 36837224] - scsi: smartpqi: Remove NULL pointer check (Kevin Barnett) [Orabug: 36837224] - scsi: smartpqi: Add new controller PCI IDs (David Strahan) [Orabug: 36837224] - scsi: smartpqi: Map full length of PCI BAR 0 (Mike McGowen) [Orabug: 36837224] - scsi: smartpqi: Replace one-element array with flexible-array member (Gustavo A. R. Silva) [Orabug: 36837224] - scsi: smartpqi: Change version to 2.1.20-035 (Don Brace) [Orabug: 36837224] - scsi: smartpqi: Initialize feature section info (Don Brace) [Orabug: 36837224] - scsi: smartpqi: Add controller cache flush during rmmod (Gilbert Wu) [Orabug: 36837224] - scsi: smartpqi: Correct device removal for multi-actuator devices (Kumar Meiyappan) [Orabug: 36837224] - scsi: smartpqi: Change sysfs raid_level attribute to N/A for controllers (Kevin Barnett) [Orabug: 36837224] - scsi: smartpqi: Correct max LUN number (Kevin Barnett) [Orabug: 36837224] - scsi: smartpqi: Add new controller PCI IDs (Mike McGowen) [Orabug: 36837224] - scsi: smartpqi: Convert to host_tagset (Don Brace) [Orabug: 36837224] - scsi: smartpqi: Update version to 2.1.18-045 (Don Brace) [Orabug: 36837224] - scsi: smartpqi: Update copyright to current year (Don Brace) [Orabug: 36837224] - scsi: smartpqi: Add ctrl ready timeout module parameter (Kevin Barnett) [Orabug: 36837224] - scsi: smartpqi: Update deleting a LUN via sysfs (Kevin Barnett) [Orabug: 36837224] - scsi: smartpqi: Add module param to disable managed ints (Mike McGowen) [Orabug: 36837224] - scsi: smartpqi: Fix RAID map race condition (Kevin Barnett) [Orabug: 36837224] - scsi: smartpqi: Stop logging spurious PQI reset failures (Kevin Barnett) [Orabug: 36837224] - scsi: smartpqi: Add PCI IDs for Lenovo controllers (Mike McGowen) [Orabug: 36837224] - scsi: smartpqi: Add PCI ID for Adaptec SmartHBA 2100-8i (Mike McGowen) [Orabug: 36837224] - scsi: smartpqi: Fix PCI control linkdown system hang (Sagar Biradar) [Orabug: 36837224] - scsi: smartpqi: Add driver support for multi-LUN devices (Kumar Meiyappan) [Orabug: 36837224] - scsi: smartpqi: Close write read holes (Mike McGowen) [Orabug: 36837224] - scsi: smartpqi: Add PCI IDs for ramaxel controllers (Murthy Bhat) [Orabug: 36837224] - scsi: smartpqi: Add controller fw version to console log (Gilbert Wu) [Orabug: 36837224] - scsi: smartpqi: Shorten drive visibility after removal (Mike McGowen) [Orabug: 36837224] - scsi: smartpqi: Fix typo in comment (Julia Lawall) [Orabug: 36837224] - scsi: smartpqi: Stop using the SCSI pointer (Bart Van Assche) [Orabug: 36837224] - scsi: smartpqi: Fix unused variable pqi_pm_ops for clang (Don Brace) [Orabug: 36837224] - scsi: smartpqi: Update version to 2.1.14-035 (Don Brace) [Orabug: 36837224] - scsi: smartpqi: Fix lsscsi -t SAS addresses (Kevin Barnett) [Orabug: 36837224] - scsi: smartpqi: Fix hibernate and suspend (Kevin Barnett) [Orabug: 36837224] - scsi: smartpqi: Fix BUILD_BUG_ON() statements (Mike McGowen) [Orabug: 36837224] - scsi: smartpqi: Fix NUMA node not updated during init (Mike McGowen) [Orabug: 36837224] - scsi: smartpqi: Expose SAS address for SATA drives (Kevin Barnett) [Orabug: 36837224] - scsi: smartpqi: Speed up RAID 10 sequential reads (Mike McGowen) [Orabug: 36837224] - scsi: smartpqi: Update volume size after expansion (Mahesh Rajashekhara) [Orabug: 36837224] - scsi: smartpqi: Avoid drive spin-down during suspend (Sagar Biradar) [Orabug: 36837224] - scsi: smartpqi: Resolve delay issue with PQI_HZ value (Balsundar P) [Orabug: 36837224] - scsi: smartpqi: Fix a typo in func pqi_aio_submit_io() (Kevin Barnett) [Orabug: 36837224] - scsi: smartpqi: Fix a name typo and cleanup code (Kevin Barnett) [Orabug: 36837224] - scsi: smartpqi: Quickly propagate path failures to SCSI midlayer (Murthy Bhat) [Orabug: 36837224] - scsi: smartpqi: Eliminate drive spin down on warm boot (Sagar Biradar) [Orabug: 36837224] - scsi: smartpqi: Enable SATA NCQ priority in sysfs (Gilbert Wu) [Orabug: 36837224] - scsi: smartpqi: Add PCI IDs (Don Brace) [Orabug: 36837224] - scsi: smartpqi: Fix rmmod stack trace (Don Brace) [Orabug: 36837224] - scsi: smartpqi: Call scsi_done() directly (Bart Van Assche) [Orabug: 36837224] - scsi: smartpqi: Update version to 2.1.12-055 (Don Brace) [Orabug: 36837224] - scsi: smartpqi: Add 3252-8i PCI id (Mike McGowen) [Orabug: 36837224] - scsi: smartpqi: Fix duplicate device nodes for tape changers (Kevin Barnett) [Orabug: 36837224] - scsi: smartpqi: Fix boot failure during LUN rebuild (Mike McGowen) [Orabug: 36837224] - scsi: smartpqi: Add extended report physical LUNs (Mike McGowen) [Orabug: 36837224] - scsi: smartpqi: Avoid failing I/Os for offline devices (Mahesh Rajashekhara) [Orabug: 36837224] - scsi: smartpqi: Add TEST UNIT READY check for SANITIZE operation (Don Brace) [Orabug: 36837224] - scsi: smartpqi: Update LUN reset handler (Kevin Barnett) [Orabug: 36837224] - scsi: smartpqi: Capture controller reason codes (Murthy Bhat) [Orabug: 36837224] - scsi: smartpqi: Update device removal management (Don Brace) [Orabug: 36837224] - scsi: qla2xxx: Convert comma to semicolon (Chen Ni) [Orabug: 36842785] - scsi: qla2xxx: Update version to 10.02.09.300-k (Nilesh Javali) [Orabug: 36842785] - scsi: qla2xxx: Avoid possible run-time warning with long model_num (Kees Cook) [Orabug: 36842785] - scsi: qla2xxx: Indent help text (Prasad Pandit) [Orabug: 36842785] - scsi: qla2xxx: Drop driver owner assignment (Krzysztof Kozlowski) [Orabug: 36842785] - scsi: qla2xxx: Use QP lock to search for bsg (Quinn Tran) [Orabug: 36842785] - scsi: qla2xxx: Reduce fabric scan duplicate code (Quinn Tran) [Orabug: 36842785] - scsi: qla2xxx: Fix optrom version displayed in FDMI (Shreyas Deodhar) [Orabug: 36842785] - scsi: qla2xxx: During vport delete send async logout explicitly (Manish Rangankar) [Orabug: 36842785] - scsi: qla2xxx: Complete command early within lock (Shreyas Deodhar) [Orabug: 36842785] - scsi: qla2xxx: Fix flash read failure (Quinn Tran) [Orabug: 36842785] - scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds (Saurav Kashyap) [Orabug: 36842785] - scsi: qla2xxx: Fix for possible memory corruption (Shreyas Deodhar) [Orabug: 36842785] - scsi: qla2xxx: validate nvme_local_port correctly (Nilesh Javali) [Orabug: 36842785] - scsi: qla2xxx: Unable to act on RSCN for port online (Quinn Tran) [Orabug: 36842785] - string.h: Introduce memtostr() and memtostr_pad() (Kees Cook) [Orabug: 36842785] - uek-rpm/ol9: Remove linux-firmware dependency from embedded kernel (Vijay Kumar) [Orabug: 36869776] - mips/cavium-octeon: Donot disable CPU0 for Cavium Octeon (Vijay Kumar) [Orabug: 36869776] - Octeon/ethernet: Fix Random MAC address assignment (Vijay Kumar) [Orabug: 36869776] - Add Micron devices in the SPI device table (Vijay Kumar) [Orabug: 36869776] - WARNING in rds_ib_dev_free (William Kucharski) [Orabug: 36877039] - vdpa/mlx5: Fix crash on shutdown for when no ndev exists (Dragos Tatulea) [Orabug: 36622300] - vdpa/mlx5: Support interrupt bypassing (Eli Cohen) [Orabug: 36622300] - genirq: Allow irq_chip registration functions to take a const irq_chip (Marc Zyngier) [Orabug: 36725623] - net/ethernet/octeon: convert unsupported .adjfreq to .adjfine (Dave Kleikamp) [Orabug: 36725623] - uek-rpm: Clean up mips64 config files (Dave Kleikamp) [Orabug: 36725623] - uek-rpm: mips: build kdump kernel (Dave Kleikamp) [Orabug: 36725623] - Always define hugepage_scan_file and hugepage_vma_check (Dave Kleikamp) [Orabug: 36725623] - KSPLICE: mips: clear the stack before going in the freezer. (Quentin Casasnovas) [Orabug: 36725623] - KSPLICE: mips: signals the freezer when we're coming from the entry code. (Quentin Casasnovas) [Orabug: 36725623] - MIPS: octeon: shared_cpu_map cacheinfo (Henry Willard) [Orabug: 36725623] - mips64: drivers/watchdog: Add IRQF_NOBALANCING when requesting irq (Thomas Tai) [Orabug: 36725623] - MIPS: Don't clear _PAGE_SPECIAL in _PAGE_CHG_MASK (Henry Willard) [Orabug: 36725623] - netdev, octeon3-ethernet: increase num_packet_buffers to 4096 (Dave Kleikamp) [Orabug: 36725623] - mips: Octeon: PCI console code was incorrectly finding the tty port (Dave Kleikamp) [Orabug: 36725623] - mips64: Fix X.509 certificates parsing (Eric Saint-Etienne) [Orabug: 36725623] - thermal: support for Marvell Octeon TX SoC temperature sensors (Eric Saint-Etienne) [Orabug: 36725623] - netdev, octeon3-ethernet: move timecounter init to network driver probe() (Dave Aldridge) [Orabug: 36725623] - mips64/octeon: Initialize netdevice in octeon_pow struct (Vijay Kumar) [Orabug: 36725623] - MIPS: Add syscall auditing support (Ralf Baechle) [Orabug: 36725623] - net/ethernet/octeon: Add ptp_dbg_group module param in octeon-pow-ethernet (Vijay Kumar) [Orabug: 36725623] - net/ethernet/octeon: Set max/min mtu of pow equivalent to Octeon eth device (Vijay Kumar) [Orabug: 36725623] - arch/mips: Discard the contents of the PCI console if the buffer is full for more than 10 milliseconds (Victor Michel) [Orabug: 36725623] - MIPS: octeon: Suppress early_init_dt_scan_memory damage. (Henry Willard) [Orabug: 36725623] - mips: Fails to create /sys/firmware/fdt during bootup (Vijay Kumar) [Orabug: 36725623] - MIPS: probe_kernel_read() should not panic (Rob Gardner) [Orabug: 36725623] - mips/cavium-octeon: Change access permission for /proc/pcie_reset to write (Vijay Kumar) [Orabug: 36725623] - MIPS: OCTEON: OCTEON III build and configuration option (Dave Kleikamp) [Orabug: 36725623] - uek-rpm: mips: Enable T73 options (Dave Kleikamp) [Orabug: 36725623] - Removing the octeon_boot header file (Anagha K J) [Orabug: 36725623] - OCTEON watchdog to check CIU3 feature rather than CN78XX model (Anagha K J) [Orabug: 36725623] - Change OCTEON_WDT from tristate to boolean (Anagha K J) [Orabug: 36725623] - Add compatible string 'micrel,ksz9031' for Micrel PHYs driver (Anagha K J) [Orabug: 36725623] - Try harder to register mdio phy device (Anagha K J) [Orabug: 36725623] - Export skb_release_head_state and check the SKB field cvm_info (Anagha K J) [Orabug: 36725623] - Config options for builtin ethernet, OCTEON III PKI/PKO,SRIO,POW (Anagha K J) [Orabug: 36725623] - Makefile for the Cavium network device drivers (Anagha K J) [Orabug: 36725623] - Octeon POW Ethernet Driver (Anagha K J) [Orabug: 36725623] - Modified and added workarounds for Octeon MII (management) port Network Driver (Anagha K J) [Orabug: 36725623] - External interface for the Cavium Octeon ethernet driver (Anagha K J) [Orabug: 36725623] - Cavium Networks common ethernet nexus driver (Anagha K J) [Orabug: 36725623] - Common Network Driver (Anagha K J) [Orabug: 36725623] - Cavium Networks BGX Ethernet MAC driver (Anagha K J) [Orabug: 36725623] - Cavium Networks BGX MAC Nexus driver (Anagha K J) [Orabug: 36725623] - Declared function pointers for bgx port. (Anagha K J) [Orabug: 36725623] - Cavium Networks PKI/PKO Ethernet driver (Anagha K J) [Orabug: 36725623] - Enables output qos and set number of queues per PKO port to 8 (Anagha K J) [Orabug: 36725623] - OCTEON ethernet transmit functions (Anagha K J) [Orabug: 36725623] - Setup SPI network device operations (Anagha K J) [Orabug: 36725623] - Implements SGMII network device operations (Anagha K J) [Orabug: 36725623] - Octeon ethernet receiver initialization, interrupt handler, SSO initialization (Anagha K J) [Orabug: 36725623] - Implements RGMII interface operations (Anagha K J) [Orabug: 36725623] - Implements NAPI poll function (Anagha K J) [Orabug: 36725623] - Functions for allocating,releasing and filling FPA pool. (Anagha K J) [Orabug: 36725623] - Cavium Octeon ethernet tool operations (Anagha K J) [Orabug: 36725623] - Add a few defines to control the operation of ethernet driver (Anagha K J) [Orabug: 36725623] - Implements Cavium Networks Octeon ethernet driver (Anagha K J) [Orabug: 36725623] - In cvm_mmc_interrupt, exit if the interrupt has been previously handled (Anagha K J) [Orabug: 36725623] - OCTEON gpio fixes (Anagha K J) [Orabug: 36725623] - OCTEON EDAC PC fixes (Anagha K J) [Orabug: 36725623] - OCTEON EDAC LMC fixes (Anagha K J) [Orabug: 36725623] - OCTEON EDAC L2 fixes (Anagha K J) [Orabug: 36725623] - Add OCTEON hotplug attributes to cpu_root_attrs (Anagha K J) [Orabug: 36725623] - Replaced BUG_ON with WARN_ON macro (Anagha K J) [Orabug: 36725623] - Add SATA PMP quirk (Anagha K J) [Orabug: 36725623] - Documentation on Cortina CS4321 dual RXAIU/quad XAUI 10G Ethernet PHYs (Anagha K J) [Orabug: 36725623] - OCTEON MSI enhancements (Anagha K J) [Orabug: 36725623] - OCTEON TLB handling (Anagha K J) [Orabug: 36725623] - Replace flush_icache_all with local_flush_icache_all in the get new mmu context (Anagha K J) [Orabug: 36725623] - Declares local_flush_icache_all function pointer and exports it. (Anagha K J) [Orabug: 36725623] - Updates to arch/mips/kernel/vmlinux.lds.S based on PHYSADDR (Anagha K J) [Orabug: 36725623] - mips: improve unaligned pointer handling (Anagha K J) [Orabug: 36725623] - Functions for plugging/unplugging the CPU (Anagha K J) [Orabug: 36725623] - Kernel config updates for Octeon SOC (Anagha K J) [Orabug: 36725623] - Added header file for the hotplug APIs (Anagha K J) [Orabug: 36725623] - Changes the DEFINE_PER_CPU variable scope from static to global scope (Anagha K J) [Orabug: 36725623] - Modify the set/get functions for ptrace watch registers and arch_ptrace functions (Anagha K J) [Orabug: 36725623] - Updates to arch/mips/kernel/octeon_switch.S (Anagha K J) [Orabug: 36725623] - Octeon support for arch/mips/kernel/genex.S (Anagha K J) [Orabug: 36725623] - ftrace: add in_kernel_space function to use in place of core_kernel_text (Anagha K J) [Orabug: 36725623] - Crash dump improvements (Anagha K J) [Orabug: 36725623] - Add octeon_irq_core_inhibit_bit fucntion (Anagha K J) [Orabug: 36725623] - Device specific IOCTL interface for the Cavium Octeon ethernet driver. (Anagha K J) [Orabug: 36725623] - Interface to Octeon boot structure (Anagha K J) [Orabug: 36725623] - Return UCTL USB registers address based on the Octeon model (Anagha K J) [Orabug: 36725623] - Add Octeon stxx control and status registers (Anagha K J) [Orabug: 36725623] - Add Octeon srxx control and status registers (Anagha K J) [Orabug: 36725623] - Add Octeon spxx control and status registers (Anagha K J) [Orabug: 36725623] - Spinlock improvements (Anagha K J) [Orabug: 36725623] - Added comments and CSR definitions Octeon led for multiple SOCs (Anagha K J) [Orabug: 36725623] - Added L2 Tag ECC SEC/DED Errors and Interrupt Enable register. (Anagha K J) [Orabug: 36725623] - Add Octeon iob CSR definitions (Anagha K J) [Orabug: 36725623] - Removed cvmx_bootinfo structure (Anagha K J) [Orabug: 36725623] - Implement CVMX_ENABLE_CSR_ADDRESS_CHECKING in cvmx-asxx-defs.h (Anagha K J) [Orabug: 36725623] - Modified the physical address of CKSEGx / XKPHYS address (Anagha K J) [Orabug: 36725623] - Added IPI handler functions and modified other smp functions (Anagha K J) [Orabug: 36725623] - Defined and exported dump_send_ipi function if CONFIG_KEXEC is defined. (Anagha K J) [Orabug: 36725623] - Changed the Platform file based on the CAVIUM_OCTEON_SOC configuration. (Anagha K J) [Orabug: 36725623] - oct_ilm enhancements (Anagha K J) [Orabug: 36725623] - Module for injecting errors. (Anagha K J) [Orabug: 36725623] - Modified the Makefile to compile octeon specific code changes. (Anagha K J) [Orabug: 36725623] - Octeon ehnancement to kernel config (Anagha K J) [Orabug: 36725623] - mips: Improve exception handling (Anagha K J) [Orabug: 36725623] - OCTEON3 cache error handling (Anagha K J) [Orabug: 36725623] - Add instructions for insn_zcb,insn_zcbt opcodes (Anagha K J) [Orabug: 36725623] - Add octeon-cpu.o and to Makefile (Anagha K J) [Orabug: 36725623] - Initialized cnmips cu2 setup (Anagha K J) [Orabug: 36725623] - Implement octeon_i2c_cvmx2i2c, modify hardware re-initialization of i2c. (Anagha K J) [Orabug: 36725623] - Updates for Octeon error handling (Anagha K J) [Orabug: 36725623] - Performace counter access code updates for Octeon (Anagha K J) [Orabug: 36725623] - T73 support in arch/mips/mm/page.c (Anagha K J) [Orabug: 36725623] - Modified the Octeon PCIe controllers functions. (Anagha K J) [Orabug: 36725623] - Driver for the Octeon III Free Pool Unit (Anagha K J) [Orabug: 36725623] - /proc interface to PCIe reset (Anagha K J) [Orabug: 36725623] - Interface for controlling power throttling on OCTEON II based platforms (Anagha K J) [Orabug: 36725623] - Modified the CSR type definitions for Octeon lmcx (Anagha K J) [Orabug: 36725623] - /proc interface to the Octeon Performance Counters (Anagha K J) [Orabug: 36725623] - Implement PCI console (Anagha K J) [Orabug: 36725623] - Functions for accessing /proc/octeon_info file (Anagha K J) [Orabug: 36725623] - Constructing, adding and removing octeon_hw_status_roots, their trees and nodes. (Anagha K J) [Orabug: 36725623] - Set the output of the gpio pin of the corresponding octeon model (Anagha K J) [Orabug: 36725623] - Add CVMX_ENABLE_CSR_ADDRESS_CHECKING flag to check if the CSR is valid (Anagha K J) [Orabug: 36725623] - Enable,clear and disable interrupt on different cores. (Anagha K J) [Orabug: 36725623] - Platform driver for Octeon SOC. (Anagha K J) [Orabug: 36725623] - Workarounds for initializing the bootmem allocator and setting up initrd related data (Anagha K J) [Orabug: 36725623] - Updates to various mips header files (Anagha K J) [Orabug: 36725623] - Module to support operations on core such as TLB config. (Anagha K J) [Orabug: 36725623] - Implement CVMX_ENABLE_CSR_ADDRESS_CHECKING for Octeon pescx and pexp (Anagha K J) [Orabug: 36725623] - CSR definitions for different SOCS for Octeon npei and Octeon npi. (Anagha K J) [Orabug: 36725623] - Utility functions for endian swapping (Anagha K J) [Orabug: 36725623] - Octeon pcie endpoint and VF configuration and status register definitions (Anagha K J) [Orabug: 36725623] - CSR type definitions for Octeon dtx (Anagha K J) [Orabug: 36725623] - Configuration and status register type definitions for Octeon xcv (Anagha K J) [Orabug: 36725623] - Configuration and status register (CSR) type definitions for Octeon lbk (Anagha K J) [Orabug: 36725623] - Updates to cvmx-pcsxx-defs.h (Anagha K J) [Orabug: 36725623] - Updates to cvmx-pcsx-defs.h (Anagha K J) [Orabug: 36725623] - Interface to the SMI/MDIO hardware (Anagha K J) [Orabug: 36725623] - Octeon smix and Octeon spemx Configuration and status register definitions. (Anagha K J) [Orabug: 36725623] - Functions for skipping, exporting and importing the app configuration (Anagha K J) [Orabug: 36725623] - Updates to octeon.h (Anagha K J) [Orabug: 36725623] - Octeon rst CSR definitions (Anagha K J) [Orabug: 36725623] - Modified functions for reading and writing processor local scratch memory (Anagha K J) [Orabug: 36725623] - CSRs for interrupts for Octeon ciu,ciu2,ciu3 in different Octeon SOCs (Anagha K J) [Orabug: 36725623] - Comments and CSRs for different SOCs for octeon pci and pciercx. (Anagha K J) [Orabug: 36725623] - Defined the Octeon pemx CSR for different SOCs. (Anagha K J) [Orabug: 36725623] - Configuration and status register (CSR) type definitions for Octeon gserx. (Anagha K J) [Orabug: 36725623] - Check if CVMX_DBG_DATA is supported and modify the Debug Data Register. (Anagha K J) [Orabug: 36725623] - CSR definitions for Octeon sriox (Anagha K J) [Orabug: 36725623] - Octeon sriomaintx control and status register definitions (Anagha K J) [Orabug: 36725623] - Functions for AGL (RGMII) common initialization, configuration (Anagha K J) [Orabug: 36725623] - Configuration and status register (CSR) type definitions for Octeon bgxx (Anagha K J) [Orabug: 36725623] - Provides atomic operations (Anagha K J) [Orabug: 36725623] - Configuration and status register (CSR) type definitions for Octeon sso (Anagha K J) [Orabug: 36725623] - Added comments and workarounds for the arch setup (Anagha K J) [Orabug: 36725623] - Modified and added new structures for hardware scheduling unit (Anagha K J) [Orabug: 36725623] - Added Interface to the hardware Fetch and Add Unit (Anagha K J) [Orabug: 36725623] - Interface to the hardware Packet Output unit. (Anagha K J) [Orabug: 36725623] - Octeon l2d Configuration and status register (CSR) type definitions (Anagha K J) [Orabug: 36725623] - Add pki buffer pointer union (Anagha K J) [Orabug: 36725623] - New functions for hardware Packet Input Processing unit interface (Anagha K J) [Orabug: 36725623] - Add interface to the GMX hardware and SOC CSR definitions for Octeon gmxx (Anagha K J) [Orabug: 36725623] - Update the WQE Error levels, error codes and data structure (Anagha K J) [Orabug: 36725623] - Helper functions for FPA setup (Anagha K J) [Orabug: 36725623] - CSR type definitions for Octeon tim and Octeon uahcx (Anagha K J) [Orabug: 36725623] - Added Octeon rnm CSR definitions for more SOCs. (Anagha K J) [Orabug: 36725623] - Modified CSR type definitions for Octeon (Anagha K J) [Orabug: 36725623] - Header file for simple executive application initialization. (Anagha K J) [Orabug: 36725623] - Implemented fast access to the thread pointer from userspace (Anagha K J) [Orabug: 36725623] - Definitions for enumerations used with Octeon CSRs (Anagha K J) [Orabug: 36725623] - Module to support operations on bitmap of cores. (Anagha K J) [Orabug: 36725623] - Added more ASM primitives definitions for the executive (Anagha K J) [Orabug: 36725623] - Updates to octeon header files (Anagha K J) [Orabug: 36725623] - Updates to mips header files (Anagha K J) [Orabug: 36725623] - Funtions to get core number, processor ID, node number (Anagha K J) [Orabug: 36725623] - Modified the cflags based on the config options enabled (Anagha K J) [Orabug: 36725623] - Added different Octeon model IDs and macros to compare them. (Anagha K J) [Orabug: 36725623] - Modified functions for working with different Octeon models. (Anagha K J) [Orabug: 36725623] - Added and modified checks for different Octeon features. (Anagha K J) [Orabug: 36725623] - Update Makefile for cavium specific drivers (Anagha K J) [Orabug: 36725623] - Added interface to the TWSI / I2C bus (Anagha K J) [Orabug: 36725623] - Provide system/board/application information obtained by the bootloader (Anagha K J) [Orabug: 36725623] - Functions for reserving and releasing SSO resources (Anagha K J) [Orabug: 36725623] - Interface to SRIO (Anagha K J) [Orabug: 36725623] - Support library for the SPI4000 card (Anagha K J) [Orabug: 36725623] - Functions for reserving a memory range (Anagha K J) [Orabug: 36725623] - File contains the QLM JTAG structure for different SOCs (Anagha K J) [Orabug: 36725623] - Added helper utilities for qlm. (Anagha K J) [Orabug: 36725623] - Allocate and initialize PKO internal ports (Anagha K J) [Orabug: 36725623] - Workarounds for Octeon PKO (Anagha K J) [Orabug: 36725623] - Allocate and initialize PKO resources. (Anagha K J) [Orabug: 36725623] - Registering ,mapping channels and queue scheduling in PKO3 (Anagha K J) [Orabug: 36725623] - Initialization and configuration of PKO3 (Anagha K J) [Orabug: 36725623] - Adding CSR type definitions for Octeon pki (Anagha K J) [Orabug: 36725623] - Adding PKI support (Anagha K J) [Orabug: 36725623] - Added interface to PCIe as a host(RC) or target(EP) (Anagha K J) [Orabug: 36725623] - Added support library for the OSM. (Anagha K J) [Orabug: 36725623] - Add interface to the On Chip Logic Analyzer (OCLA) (Anagha K J) [Orabug: 36725623] - Support library for the LAP interface (Anagha K J) [Orabug: 36725623] - Level 2 Cache (L2C) control, measurement and debugging facilities (Anagha K J) [Orabug: 36725623] - IPD support (Anagha K J) [Orabug: 36725623] - Remove cvmx-interrupt-decodes.c and cvmx-interrupt-rsl.c (Anagha K J) [Orabug: 36725623] - Added Support library for the ILK interface. (Anagha K J) [Orabug: 36725623] - Configure the ILA-LA interface and CSR definitions for ILA interface (Anagha K J) [Orabug: 36725623] - XAUI initialization, configuration and monitoring (Anagha K J) [Orabug: 36725623] - Map interface numbers to IPD ports (Anagha K J) [Orabug: 36725623] - SRIO initialization, configuration and monitoring (Anagha K J) [Orabug: 36725623] - Modify the cvmx spi enumerate function (Anagha K J) [Orabug: 36725623] - Modify SGMII initialization, configuration and monitoring (Anagha K J) [Orabug: 36725623] - Workarounds for RGMII/GMII/MII (Anagha K J) [Orabug: 36725623] - Helper functions for PKO and PKOv3 (Anagha K J) [Orabug: 36725623] - Helper functions for PKI (Anagha K J) [Orabug: 36725623] - Workaround for probing and enabling NPI interface for different SOCs (Anagha K J) [Orabug: 36725623] - Make loop interface probing dependent on octeon model (Anagha K J) [Orabug: 36725623] - QLM JTAG improvements (Anagha K J) [Orabug: 36725623] - Added helper functions for IPD (Anagha K J) [Orabug: 36725623] - ILK initialization, configuration and monitoring (Anagha K J) [Orabug: 36725623] - Workaround for errata PKI-100 (Anagha K J) [Orabug: 36725623] - Helper Functions for the Configuration Framework (Anagha K J) [Orabug: 36725623] - Add more helper functions for common complicated tasks (Anagha K J) [Orabug: 36725623] - Add helper functions (Anagha K J) [Orabug: 36725623] - AGL (RGMII) initialization, configuration and monitoring (Anagha K J) [Orabug: 36725623] - Adding APIs for global resources (Anagha K J) [Orabug: 36725623] - Modified the interface to the hardware Free Pool Allocator (Anagha K J) [Orabug: 36725623] - Workarounds for managing command queues used for various hardware blocks. (Anagha K J) [Orabug: 36725623] - Interface to Core, IO and DDR Clock (Anagha K J) [Orabug: 36725623] - Add macros for bootmem (Anagha K J) [Orabug: 36725623] - Functions to configure the BGX MAC (Anagha K J) [Orabug: 36725623] - Functions for importing/exporting app configurations (Anagha K J) [Orabug: 36725623] - RGMII support (Anagha K J) [Orabug: 36725623] - Add additional checks for cpu type in plat_swiotlb_setup (Anagha K J) [Orabug: 36725623] - Implemented Octeon PTP clock (Anagha K J) [Orabug: 36725623] - Clean up clocksource code (Anagha K J) [Orabug: 36725623] - Replace octeon_has_crypto() with octeon_has_feature() (Anagha K J) [Orabug: 36725623] - Remove arch/mips/cavium-octeon/cpu.c (Anagha K J) [Orabug: 36725623] - Add syscall to for timer events (Anagha K J) [Orabug: 36725623] - Remove Cavium Networks Octeon ethernet driver files from drivers/staging/octeon (Anagha K J) [Orabug: 36725623] - Removed building of octeon in Makefile (Anagha K J) [Orabug: 36725623] - Removed 'drivers/staging/octeon/Kconfig' source (Anagha K J) [Orabug: 36725623] - uek-rpm: Build mips embedded kernel for ol9 (Dave Kleikamp) [Orabug: 36725623] - include/uapi: Hide kabi magic from user space (Dave Kleikamp) [Orabug: 36725623] - kbuild: linker should be called with KBUILD_LDFLAGS (Dave Kleikamp) [Orabug: 36725623] - Provide thread_info flags for KSPLICE freezer support (Rob Gardner) [Orabug: 36725623] - mips: mm: define MADV_DOEXEC and MADV_DONTEXEC (Dave Kleikamp) [Orabug: 36725623] - mips: add PROT_RESERVED (Dave Kleikamp) [Orabug: 36725623] - mips: add clear_page_uncached() (Dave Kleikamp) [Orabug: 36725623] - dmaengine: idxd: add a write() method for applications to submit work (Nikhil Rao) [Orabug: 36770955] {CVE-2024-21823} - dmaengine: idxd: add a new security check to deal with a hardware erratum (Arjan van de Ven) [Orabug: 36770955] {CVE-2024-21823} - VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist (Arjan van de Ven) [Orabug: 36770955] {CVE-2024-21823} - dmaengine: idxd: Avoid unnecessary destruction of file_ida (Fenghua Yu) [Orabug: 36747435] - dmaengine: idxd: Convert spinlock to mutex to lock evl workqueue (Rex Zhang) [Orabug: 36747435] - dmaengine: idxd: Check for driver name match before sva user feature (Jerry Snitselaar) [Orabug: 36747435] - dmaengine: idxd: constify the struct device_type usage (Ricardo B. Marliere) [Orabug: 36747435] - dmaengine: idxd: Ensure safe user copy of completion record (Fenghua Yu) [Orabug: 36747435] - dmaengine: idxd: Remove shadow Event Log head stored in idxd (Fenghua Yu) [Orabug: 36747435] - dmaengine: idxd: Move dma_free_coherent() out of spinlocked context (Rex Zhang) [Orabug: 36747435] - dmaengine: idxd: Remove usage of the deprecated ida_simple_xx() API (Christophe JAILLET) [Orabug: 36747435] - dmaengine: idxd: Add support for device/wq defaults (Tom Zanussi) [Orabug: 36747435] - dmaengine: idxd: add callback support for iaa crypto (Tom Zanussi) [Orabug: 36747435] - dmaengine: idxd: Add wq private data accessors (Tom Zanussi) [Orabug: 36747435] - dmaengine: idxd: Export wq resource management functions (Tom Zanussi) [Orabug: 36747435] - dmaengine: idxd: Export descriptor management functions (Tom Zanussi) [Orabug: 36747435] - dmaengine: idxd: Rename drv_enable/disable_wq to idxd_drv_enable/disable_wq, and export (Tom Zanussi) [Orabug: 36747435] - dmaengine: idxd: add external module driver support for dsa_bus_type (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: Fix incorrect descriptions for GRPCFG register (Guanjun) [Orabug: 36747435] - dmaengine: idxd: Protect int_handle field in hw descriptor (Guanjun) [Orabug: 36747435] - dmaengine: idxd: add wq driver name support for accel-config user tool (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: rate limit printk in misc interrupt thread (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: Fix issues with PRS disable sysfs knob (Fenghua Yu) [Orabug: 36747435] - dmaengine: idxd: Allow ATS disable update only for configurable devices (Fenghua Yu) [Orabug: 36747435] - dmaengine: idxd: Remove unused declarations (Yue Haibing) [Orabug: 36747435] - dmaengine: idxd: Clear PRS disable flag when disabling IDXD device (Fenghua Yu) [Orabug: 36747435] - dmaengine: idxd: Expose ATS disable knob only when WQ ATS is supported (Fenghua Yu) [Orabug: 36747435] - dmaengine: idxd: Simplify WQ attribute visibility checks (Fenghua Yu) [Orabug: 36747435] - dmaengine: idxd: No need to clear memory after a dma_alloc_coherent() call (Christophe JAILLET) [Orabug: 36747435] - dmaengine: idxd: Modify ABI documentation for attribute pasid_enabled (Rex Zhang) [Orabug: 36747435] - dmaengine: idxd: Modify the dependence of attribute pasid_enabled (Rex Zhang) [Orabug: 36747435] - dmaengine: idxd: Fix passing freed memory in idxd_cdev_open() (Harshit Mogalapalli) [Orabug: 36747435] - dmaengine: idxd: Add enable/disable device IOPF feature (Lu Baolu) [Orabug: 36747435] - dmaengine: idxd: add per wq PRS disable (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: add pid to exported sysfs attribute for opened file (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: expose fault counters to sysfs (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: add a device to represent the file opened (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: add per file user counters for completion record faults (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: process batch descriptor completion record faults (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: add descs_completed field for completion record (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: process user page faults for completion record (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: add idxd_copy_cr() to copy user completion record during page fault handling (Fenghua Yu) [Orabug: 36747435] - dmaengine: idxd: create kmem cache for event log fault items (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: add per DSA wq workqueue for processing cr faults (Dave Jiang) [Orabug: 36747435] - dmanegine: idxd: add debugfs for event log dump (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: add interrupt handling for event log (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: setup event log configuration (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: add event log size sysfs attribute (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: make misc interrupt one shot (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: expose IAA CAP register via sysfs knob (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: reformat swerror output to standard Linux bitmap output (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: Add descriptor definitions for translation fetch operation (Fenghua Yu) [Orabug: 36747435] - dmaengine: idxd: Add descriptor definitions for DIX generate operation (Fenghua Yu) [Orabug: 36747435] - dmaengine: idxd: Add descriptor definitions for 16 bytes of pattern in memory fill operation (Fenghua Yu) [Orabug: 36747435] - dmaengine: idxd: use const struct bus_type * (Greg Kroah-Hartman) [Orabug: 36747435] - dmaengine: idxd: Remove unnecessary aer.h include (Bjorn Helgaas) [Orabug: 36747435] - dmaengine: idxd: Fix default allowed read buffers value in group (Fenghua Yu) [Orabug: 36747435] - dmaengine: idxd: Do not call DMX TX callbacks during workqueue disable (Reinette Chatre) [Orabug: 36747435] - dmaengine: idxd: Prevent use after free on completion memory (Reinette Chatre) [Orabug: 36747435] - dmaengine: idxd: Remove the unused function set_completion_address() (Jiapeng Chong) [Orabug: 36747435] - dmaengine: idxd: Remove linux/msi.h include (Thomas Gleixner) [Orabug: 36747435] - dmaengine: idxd: fix RO device state error after been disabled/reset (Fengqian Gao) [Orabug: 36747435] - dmaengine: idxd: Fix max batch size for Intel IAA (Xiaochen Shen) [Orabug: 36747435] - dmaengine: idxd: Make read buffer sysfs attributes invisible for Intel IAA (Xiaochen Shen) [Orabug: 36747435] - dmaengine: idxd: Make max batch size attributes in sysfs invisible for Intel IAA (Xiaochen Shen) [Orabug: 36747435] - dmaengine: idxd: Do not enable user type Work Queue without Shared Virtual Addressing (Fenghua Yu) [Orabug: 36747435] - dmaengine: idxd: add configuration for concurrent batch descriptor processing (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: add configuration for concurrent work descriptor processing (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: add WQ operation cap restriction support (Dave Jiang) [Orabug: 36747435] - dmanegine: idxd: reformat opcap output to match bitmap_parse() input (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: convert ats_dis to a wq flag (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: Remove unused struct idxd_fault (Yuan Can) [Orabug: 36747435] - dmaengine: idxd: track enabled workqueues in bitmap (Jerry Snitselaar) [Orabug: 36747435] - dmaengine: idxd: Set wq state to disabled in idxd_wq_disable_cleanup() (Jerry Snitselaar) [Orabug: 36747435] - dmaengine: idxd: avoid deadlock in process_misc_interrupts() (Jerry Snitselaar) [Orabug: 36747435] - dmaengine: idxd: Correct IAX operation code names (Fenghua Yu) [Orabug: 36747435] - dmaengine: idxd: Only call idxd_enable_system_pasid() if succeeded in enabling SVA feature (Jerry Snitselaar) [Orabug: 36747435] - dmaengine: idxd: make idxd_wq_enable() return 0 if wq is already enabled (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: Remove unnecessary synchronize_irq() before free_irq() (Minghao Chi) [Orabug: 36747435] - dmaengine: idxd: skip irq free when wq type is not kernel (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: make idxd_register/unregister_dma_channel() static (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: free irq before wq type is reset (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: fix lockdep warning on device driver removal (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: Separate user and kernel pasid enabling (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: refactor wq driver enable/disable operations (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: move wq irq enabling to after device enable (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: fix retry value to be constant for duration of function call (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: match type for retries var in idxd_enqcmds() (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: set max_xfer and max_batch for RO device (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: update IAA definitions for user header (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: remove trailing white space on input str for wq name (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: don't load pasid config until needed (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: Remove useless DMA-32 fallback configuration (Christophe JAILLET) [Orabug: 36747435] - dmaengine: idxd: deprecate token sysfs attributes for read buffers (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: change MSIX allocation based on per wq activation (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: fix descriptor flushing locking (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: embed irq_entry in idxd_wq struct (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: add knob for enqcmds retries (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: set defaults for wq configs (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: handle interrupt handle revoked event (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: handle invalid interrupt handle descriptors (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: create locked version of idxd_quiesce() call (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: add helper for per interrupt handle drain (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: move interrupt handle assignment (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: int handle management refactoring (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: rework descriptor free path on failure (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: cleanup completion record allocation (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: Use list_move_tail instead of list_del/list_add_tail (Bixuan Cui) [Orabug: 36747435] - dmaengine: idxd: remove kernel wq type set when load configuration (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: remove gen cap field per spec 1.2 update (Dave Jiang) [Orabug: 36747435] - scsi: lpfc: Copyright updates for 14.4.0.2 patches (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Update lpfc version to 14.4.0.2 (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Add support for 32 byte CDBs (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Change lpfc_hba hba_flag member into a bitmask (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Introduce rrq_list_lock to protect active_rrq_list (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Clear deferred RSCN processing flag when driver is unloading (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Update logging of protection type for T10 DIF I/O (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Change default logging level for unsolicited CT MIB commands (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Copyright updates for 14.4.0.1 patches (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Update lpfc version to 14.4.0.1 (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Define types in a union for generic void *context3 ptr (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Define lpfc_dmabuf type for ctx_buf ptr (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Define lpfc_nodelist type for ctx_ndlp ptr (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Use a dedicated lock for ras_fwlog state (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Remove unnecessary log message in queuecommand path (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Correct size for cmdwqe/rspwqe for memset() (Muhammad Usama Anjum) [Orabug: 36816944] - scsi: lpfc: Replace deprecated strncpy() with strscpy() (Justin Stitt) [Orabug: 36816944] - scsi: lpfc: Copyright updates for 14.4.0.0 patches (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Update lpfc version to 14.4.0.0 (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Change lpfc_vport load_flag member into a bitmask (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Change lpfc_vport fc_flag member into a bitmask (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Protect vport fc_nodes list with an explicit spin lock (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Change nlp state statistic counters into atomic_t (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Remove shost_lock protection for fc_host_port shost APIs (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Move handling of reset congestion statistics events (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Save FPIN frequency statistics upon receipt of peer cgn notifications (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Add condition to delete ndlp object after sending BLS_RJT to an ABTS (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Fix failure to delete vports when discovery is in progress (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Remove NLP_RCV_PLOGI early return during RSCN processing for ndlps (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Allow lpfc_plogi_confirm_nport() logic to execute for Fabric nodes (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Remove D_ID swap log message from trace event logger (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Use sg_dma_len() API to get struct scatterlist's length (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Initialize status local variable in lpfc_sli4_repost_sgl_list() (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Update lpfc version to 14.2.0.17 (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Move determination of vmid_flag after VMID reinitialization completes (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Reinitialize an NPIV's VMID data structures after FDISC (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Change VMID driver load time parameters to read only (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Use PCI_HEADER_TYPE_MFD instead of literal (Ilpo Jarvinen) [Orabug: 36816944] - PCI: Add PCI_HEADER_TYPE_MFD definition (Ilpo Jarvinen) [Orabug: 36816944] - scsi: lpfc: Copyright updates for 14.2.0.16 patches (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Update lpfc version to 14.2.0.16 (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Enhance driver logging for selected discovery events (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Refactor and clean up mailbox command memory free (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Return early in lpfc_poll_eratt() when the driver is unloading (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Eliminate unnecessary relocking in lpfc_check_nlp_post_devloss() (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Fix list_entry null check warning in lpfc_cmpl_els_plogi() (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Correct maximum PCI function value for RAS fw logging (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Update lpfc version to 14.2.0.15 (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Introduce LOG_NODE_VERBOSE messaging flag (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Validate ELS LS_ACC completion payload (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Reject received PRLIs with only initiator fcn role for NPIV ports (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Treat IOERR_SLI_DOWN I/O completion status the same as pci offline (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Remove unnecessary zero return code assignment in lpfc_sli4_hba_setup (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (Andy Shevchenko) [Orabug: 36816944] - scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Copyright updates for 14.2.0.14 patches (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Update lpfc version to 14.2.0.14 (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Clean up SLI-4 sysfs resource reporting (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Refactor cpu affinity assignment paths (Justin Tee) [Orabug: 36816944] - cpumask: fix incorrect cpumask scanning result checks (Linus Torvalds) [Orabug: 36816944] - scsi: lpfc: Abort outstanding ELS cmds when mailbox timeout error is detected (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Make fabric zone discovery more robust when handling unsolicited LOGO (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Set Establish Image Pair service parameter only for Target Functions (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Revise ndlp kref handling for dev_loss_tmo_callbk and lpfc_drop_node (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Qualify ndlp discovery state when processing RSCN (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Remove extra ndlp kref decrement in FLOGI cmpl for loop topology (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Simplify fcp_abort transport callback log message (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Pull out fw diagnostic dump log message from driver's trace buffer (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan() (Tuo Li) [Orabug: 36816944] - scsi: lpfc: Fix lpfc_name struct packing (Arnd Bergmann) [Orabug: 36816944] - scsi: lpfc: Avoid -Wstringop-overflow warning (Gustavo A. R. Silva) [Orabug: 36816944] - net: mana: Add support for page sizes other than 4KB on ARM64 (Haiyang Zhang) [Orabug: 36821477] - net: mana: Fix the extra HZ in mana_hwc_send_request (Souradeep Chakrabarti) [Orabug: 36821477] - net: mana: Enable MANA driver on ARM64 with 4K page size (Haiyang Zhang) [Orabug: 36821477] - net: mana: Annotate struct hwc_dma_buf with __counted_by (Kees Cook) [Orabug: 36821477] - net: mana: Annotate struct mana_rxq with __counted_by (Kees Cook) [Orabug: 36821477] - net: mana: Avoid open coded arithmetic (Erick Archer) [Orabug: 36821477] - net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (Erick Archer) [Orabug: 36821477] - net: mana: Fix Rx DMA datasize and skb_over_panic (Haiyang Zhang) [Orabug: 36821477] - net: mana: add msix index sharing between EQs (Konstantin Taranov) [Orabug: 36821477] - net: mana: Fix spelling mistake 'enforecement' -> 'enforcement' (Colin Ian King) [Orabug: 36821477] - net :mana :Add remaining GDMA stats for MANA to ethtool (Shradha Gupta) [Orabug: 36821477] - net: mana: Use xdp_set_features_flag instead of direct assignment (Konstantin Taranov) [Orabug: 36821477] - net: mana: Fix oversized sge0 for GSO packets (Haiyang Zhang) [Orabug: 36821477] - net: mana: Fix the tso_bytes calculation (Haiyang Zhang) [Orabug: 36821477] - net: mana: Fix TX CQE error handling (Haiyang Zhang) [Orabug: 36821477] - net: mana: Add gdma stats to ethtool output for mana (Shradha Gupta) [Orabug: 36821477] - net: mana: Configure hwc timeout from hardware (Souradeep Chakrabarti) [Orabug: 36821477] - uek-rpm/config-x86_64: Add the IAA CRYPTO DEV to config (Jack Vogel) [Orabug: 36822729] - crypto: iaa - Add Intel IAA Compression Accelerator crypto driver core (Tom Zanussi) [Orabug: 36822729] - crypto: iaa - Add IAA Compression Accelerator Documentation (Tom Zanussi) [Orabug: 36822729] - tools/objtool: Check for use of the ENQCMD instruction in the kernel (Fenghua Yu) [Orabug: 36822729] - x86/cpufeatures: Re-enable ENQCMD (Fenghua Yu) [Orabug: 36822729] - uek-rpm/config-x86_64: Enable IDXD SVM config (Jack Vogel) [Orabug: 36822729] - scsi: mpt3sas: Replace deprecated strncpy() with strscpy() (Justin Stitt) [Orabug: 36826103] - scsi: mpt3sas: Update driver version to 48.100.00.00 (Ranjan Kumar) [Orabug: 36826103] - scsi: mpt3sas: Reload SBR without rebooting HBA (Ranjan Kumar) [Orabug: 36826103] - scsi: mpt3sas: Suppress a warning in debug kernel (Tomas Henzl) [Orabug: 36826103] - scsi: mpt3sas: Replace dynamic allocations with local variables (James Seo) [Orabug: 36826103] - scsi: mpt3sas: Replace a dynamic allocation with a local variable (James Seo) [Orabug: 36826103] - scsi: mpt3sas: Fix typo of 'TRIGGER' (James Seo) [Orabug: 36826103] - scsi: mpt3sas: Fix an outdated comment (James Seo) [Orabug: 36826103] - scsi: mpt3sas: Remove the iounit_pg8 member of the per-adapter struct (James Seo) [Orabug: 36826103] - scsi: mpt3sas: Use struct_size() for struct size calculations (James Seo) [Orabug: 36826103] - scsi: mpt3sas: Make MPI26_CONFIG_PAGE_PIOUNIT_1::PhyData[] a flexible array (James Seo) [Orabug: 36826103] - scsi: mpt3sas: Make MPI2_CONFIG_PAGE_SASIOUNIT_1::PhyData[] a flexible array (James Seo) [Orabug: 36826103] - scsi: mpt3sas: Make MPI2_CONFIG_PAGE_SASIOUNIT_0::PhyData[] a flexible array (James Seo) [Orabug: 36826103] - scsi: mpt3sas: Make MPI2_CONFIG_PAGE_RAID_VOL_0::PhysDisk[] a flexible array (James Seo) [Orabug: 36826103] - scsi: mpt3sas: Make MPI2_CONFIG_PAGE_IO_UNIT_8::Sensor[] a flexible array (James Seo) [Orabug: 36826103] - scsi: mpt3sas: Use flexible arrays when obviously possible (James Seo) [Orabug: 36826103] - scsi: megaraid_sas: Driver version update to 07.727.03.00-rc1 (Chandrakanth patil) [Orabug: 36807009] - scsi: megaraid_sas: Call scsi_done() directly (Bart Van Assche) [Orabug: 36807009] - scsi: megaraid_sas: Convert union megasas_sgl to flex-arrays (Kees Cook) [Orabug: 36807009] - scsi: megaraid_sas: Use pci_dev_id() to simplify the code (Jialin Zhang) [Orabug: 36807009] - scsi: megaraid_sas: Log message when controller reset is requested but not issued (Chandrakanth patil) [Orabug: 36807009] - uek-rpm: build embedded2 kernel (Joe Dobosenski) [Orabug: 36721455] - uek-rpm: pensando: create uek7 config file for elba (Joe Dobosenski) [Orabug: 36721455] - arm64: pensando: Suppress tree-loop-distribute-patterns optimization (Henry Willard) [Orabug: 36721455] - Pensando: kexec: support kexec on elba (Joe Dobosenski) [Orabug: 34091165] [Orabug: 36721455] - net/ethernet/pensando: Add out-of-tree network drivers (Joe Dobosenski) [Orabug: 36721455] - drivers/soc/pensando: kpcimgr driver. (Joe Dobosenski) [Orabug: 36721455] - arm64/configs: Add CONFIG_IP6_NF_IPTABLES for elba (David Clear) [Orabug: 36721455] - drivers/soc/pensando: penfw driver (David Clear) [Orabug: 36721455] - arch/arm64/boot/dts: psci support (David Clear) [Orabug: 36721455] - drivers/soc/pensando: boot_count to sysfs for kdump.log (David Clear) [Orabug: 36721455] - drivers/soc/pensando sbus driver (David Clear) [Orabug: 36721455] - dts/pensando: add mnet and mcrypt devices, with reserved dma memory (David Clear) [Orabug: 36721455] - soc/pensando: pcie driver (David Clear) [Orabug: 36721455] - drivers/soc/pensando: Add the Reset Cause driver (David Clear) [Orabug: 36721455] - drivers/soc/pensando: crash dump driver. (David Clear) [Orabug: 36721455] - drivers/pensando/soc: Boot State Machine (BSM) integration. (David Clear) [Orabug: 36721455] - drivers/uio: UIO drivers for Elba (David Clear) [Orabug: 36721455] - Interrupt domain controllers for Elba ASIC. (David Clear) [Orabug: 36721455] - drivers/soc/pensando: /dev/capmem driver. (David Clear) [Orabug: 36721455] - drivers/edac: Add Elba EDAC support (David Clear) [Orabug: 36721455] - dts/pensnado: Elba flash partitions (David Clear) [Orabug: 36721455] - drivers/reset: Add emmc hardware reset (David Clear) [Orabug: 36721455] - arch/arm64: Initial support for the Pensando Elba SoC (David Clear) [Orabug: 36721455] - drivers/mtd/spi-nor: Winbond w25q02nw flash support. (David Clear) [Orabug: 36721455] - spi-dw: Support Pensando Elba custom chip-select (David Clear) [Orabug: 36721455] - drivers/mmc/host: Pensando Elba support in the Cadence EMMC host controller (David Clear) [Orabug: 36721455] - drivers/spi/spi-cadence-quadspi.c: add quirks for the Pensando controller (David Clear) [Orabug: 36721455] - arm64/traps: Call platform handler for do_serror (David Clear) [Orabug: 36721455] - i2c: Add Lattice RD1173 I2C controller driver. (David Clear) [Orabug: 36721455] - i2c-designware: Support stuck SDA line recovery. (David Clear) [Orabug: 36721455] - drivers/hwmon: Adding support LTC3888 (David Clear) [Orabug: 36721455] - hwmon/pmbus: Add support for the TI TPS53659 (David Clear) [Orabug: 36721455] - uek-rpm: Run olddefconfig for UEK7 update 3 (Harshit Mogalapalli) [Orabug: 36633514] - net/mlx5: Use mlx5_ipsec_rx_status_destroy to correctly delete status rules (Rahul Rameshbabu) [Orabug: 36680931] - net/mlx5e: RSS, Block changing channels number when RXFH is configured (Carolina Jubran) [Orabug: 36680931] - net/mlx5e: Use a memory barrier to enforce PTP WQ xmit submission tracking occurs after populating the metadata_map (Rahul Rameshbabu) [Orabug: 36680931] - net/mlx5: Fix fw reporter diagnose output (Aya Levin) [Orabug: 36680931] - Revert 'net/mlx5e: Check the number of elements before walk TC rhashtable' (Saeed Mahameed) [Orabug: 36680931] - net/mlx5: DPLL, Fix possible use after free after delayed work timer triggers (Jiri Pirko) [Orabug: 36680931] - net/mlx5e: Fix inconsistent hairpin RQT sizes (Tariq Toukan) [Orabug: 36680931] - net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context (Rahul Rameshbabu) [Orabug: 36680931] - net/mlx5e: Fix error codes in alloc_branch_attr() (Dan Carpenter) [Orabug: 36680931] - net/mlx5e: Fix error code in mlx5e_tc_action_miss_mapping_get() (Dan Carpenter) [Orabug: 36680931] - net/mlx5: Refactor mlx5_flow_destination->rep pointer to vport num (Vlad Buslov) [Orabug: 36680931] - net/mlx5e: XDP, Drop fragmented packets larger than MTU size (Carolina Jubran) [Orabug: 36680931] - net/mlx5e: Decrease num_block_tc when unblock tc offload (Chris Mi) [Orabug: 36680931] - net/mlx5e: Fix a race in command alloc flow (Shifeng Li) [Orabug: 36680931] - net/mlx5e: fix double free of encap_header (Vlad Buslov) [Orabug: 36680931] - net/mlx5: Fix a NULL vs IS_ERR() check (Dan Carpenter) [Orabug: 36680931] - net/mlx5e: Check netdev pointer before checking its net ns (Gavin Li) [Orabug: 36680931] - net/mlx5e: TC, Don't offload post action rule if not supported (Chris Mi) [Orabug: 36680931] - net/mlx5e: Fix possible deadlock on mlx5e_tx_timeout_work (Moshe Shemesh) [Orabug: 36680931] - net/mlx5e: Disable IPsec offload support if not FW steering (Chris Mi) [Orabug: 36680931] - net/mlx5e: Check the number of elements before walk TC rhashtable (Jianbo Liu) [Orabug: 36680931] - net/mlx5e: Reduce eswitch mode_lock protection context (Jianbo Liu) [Orabug: 36680931] - net/mlx5e: Tidy up IPsec NAT-T SA discovery (Leon Romanovsky) [Orabug: 36680931] - net/mlx5e: Add IPsec and ASO syndromes check in HW (Patrisious Haddad) [Orabug: 36680931] - net/mlx5e: Remove exposure of IPsec RX flow steering struct (Leon Romanovsky) [Orabug: 36680931] - net/mlx5e: Unify esw and normal IPsec status table creation/destruction (Patrisious Haddad) [Orabug: 36680931] - net/mlx5e: Ensure that IPsec sequence packet number starts from 1 (Leon Romanovsky) [Orabug: 36680931] - net/mlx5e: Honor user choice of IPsec replay window size (Leon Romanovsky) [Orabug: 36680931] - netdevsim: Don't accept device bound programs (Stanislav Fomichev) [Orabug: 36680931] - net/mlx5: Increase size of irq name buffer (Rahul Rameshbabu) [Orabug: 36680931] - net/mlx5e: Update doorbell for port timestamping CQ before the software counter (Rahul Rameshbabu) [Orabug: 36680931] - net/mlx5e: Track xmit submission to PTP WQ after populating metadata map (Rahul Rameshbabu) [Orabug: 36680931] - net/mlx5e: Avoid referencing skb after free-ing in drop path of mlx5e_sq_xmit_wqe (Rahul Rameshbabu) [Orabug: 36680931] - net/mlx5e: Don't modify the peer sent-to-vport rules for IPSec offload (Jianbo Liu) [Orabug: 36680931] - net/mlx5: Decouple PHC .adjtime and .adjphase implementations (Rahul Rameshbabu) [Orabug: 36680931] - net/mlx5: DR, Allow old devices to use multi destination FTE (Erez Shitrit) [Orabug: 36680931] - Revert 'net/mlx5: DR, Supporting inline WQE when possible' (Itamar Gozlan) [Orabug: 36680931] - IB/mlx5: Fix init stage error handling to avoid double free of same QP and UAF (George Kennedy) [Orabug: 36680931] - net: fill in MODULE_DESCRIPTION()s in kuba@'s modules (Jakub Kicinski) [Orabug: 36680931] - netdevsim: Block until all devices are released (Ido Schimmel) [Orabug: 36680931] - net/mlx5: fix uninit value use (Przemek Kitszel) [Orabug: 36680931] - RDMA/mlx5: Change the key being sent for MPV device affiliation (Patrisious Haddad) [Orabug: 36680931] - mlxsw: spectrum: Set SW LAG mode on Spectrum>1 (Petr Machata) [Orabug: 36680931] - mlxsw: spectrum: Allocate LAG table when in SW LAG mode (Petr Machata) [Orabug: 36680931] - mlxsw: spectrum_pgt: Generalize PGT allocation (Petr Machata) [Orabug: 36680931] - mlxsw: spectrum_fid: Allocate PGT for the whole FID family in one go (Petr Machata) [Orabug: 36680931] - mlxsw: pci: Permit toggling LAG mode (Petr Machata) [Orabug: 36680931] - mlxsw: core, pci: Add plumbing related to LAG mode (Petr Machata) [Orabug: 36680931] - mlxsw: cmd: Add QUERY_FW.lag_mode_support (Petr Machata) [Orabug: 36680931] - mlxsw: cmd: Add CONFIG_PROFILE.{set_, }lag_mode (Petr Machata) [Orabug: 36680931] - mlxsw: cmd: Fix omissions in CONFIG_PROFILE field names in comments (Petr Machata) [Orabug: 36680931] - mlxsw: reg: Add SGCR.lag_lookup_pgt_base (Petr Machata) [Orabug: 36680931] - mlxsw: reg: Drop SGCR.llb (Petr Machata) [Orabug: 36680931] - net/mlx5: devlink health: use retained error fmsg API (Przemek Kitszel) [Orabug: 36680931] - mlxsw: core: devlink health: use retained error fmsg API (Przemek Kitszel) [Orabug: 36680931] - net/mlx5e: Allow IPsec soft/hard limits in bytes (Leon Romanovsky) [Orabug: 36680931] - net/mlx5e: Increase max supported channels number to 256 (Adham Faris) [Orabug: 36680931] - net/mlx5e: Preparations for supporting larger number of channels (Adham Faris) [Orabug: 36680931] - net/mlx5e: Refactor mlx5e_rss_init() and mlx5e_rss_free() API's (Adham Faris) [Orabug: 36680931] - net/mlx5e: Refactor mlx5e_rss_set_rxfh() and mlx5e_rss_get_rxfh() (Adham Faris) [Orabug: 36680931] - net/mlx5e: Refactor rx_res_init() and rx_res_free() APIs (Adham Faris) [Orabug: 36680931] - net/mlx5e: Use PTR_ERR_OR_ZERO() to simplify code (Yu Liao) [Orabug: 36680931] - net/mlx5: Use PTR_ERR_OR_ZERO() to simplify code (Jinjie Ruan) [Orabug: 36680931] - net/mlx5: fix config name in Kconfig parameter documentation (Lukas Bulwahn) [Orabug: 36680931] - net/mlx5: Remove unused declaration (Yue Haibing) [Orabug: 36680931] - net/mlx5: Replace global mlx5_intf_lock with HCA devcom component lock (Shay Drory) [Orabug: 36680931] - net/mlx5: Refactor LAG peer device lookout bus logic to mlx5 devcom (Shay Drory) [Orabug: 36680931] - net/mlx5: Avoid false positive lockdep warning by adding lock_class_key (Shay Drory) [Orabug: 36680931] - net/mlx5: Redesign SF active work to remove table_lock (Wei Zhang) [Orabug: 36680931] - net/mlx5: Parallelize vhca event handling (Wei Zhang) [Orabug: 36680931] - net/mlx4_core: replace deprecated strncpy with strscpy (Justin Stitt) [Orabug: 36680931] - mlxsw: pci: Allocate skbs using GFP_KERNEL during initialization (Ido Schimmel) [Orabug: 36680931] - mlxsw: spectrum_ethtool: Fix -Wformat-truncation warning (Ido Schimmel) [Orabug: 36680931] - mlxsw: core_thermal: Fix -Wformat-truncation warning (Ido Schimmel) [Orabug: 36680931] - platform: mellanox: Fix misspelling error in routine name (Vadim Pasternak) [Orabug: 36680931] - platform: mellanox: Rename some init()/exit() functions for consistent naming (Vadim Pasternak) [Orabug: 36680931] - mlxsw: core_acl_flex_keys: Fill blocks with high entropy first (Amit Cohen) [Orabug: 36680931] - mlxsw: core_acl_flex_keys: Save chosen elements in all blocks per search (Amit Cohen) [Orabug: 36680931] - mlxsw: core_acl_flex_keys: Save chosen elements per block (Amit Cohen) [Orabug: 36680931] - mlxsw: core_acl_flex_keys: Add a bitmap to save which blocks are chosen (Amit Cohen) [Orabug: 36680931] - mlxsw: Mark high entropy key blocks (Amit Cohen) [Orabug: 36680931] - mlx5: Fix type of mode parameter in mlx5_dpll_device_mode_get() (Nathan Chancellor) [Orabug: 36680931] - mlxsw: spectrum_span: Annotate struct mlxsw_sp_span with __counted_by (Kees Cook) [Orabug: 36680931] - mlxsw: spectrum_router: Annotate struct mlxsw_sp_nexthop_group_info with __counted_by (Kees Cook) [Orabug: 36680931] - mlxsw: spectrum: Annotate struct mlxsw_sp_counter_pool with __counted_by (Kees Cook) [Orabug: 36680931] - mlxsw: core: Annotate struct mlxsw_env with __counted_by (Kees Cook) [Orabug: 36680931] - mlxsw: Annotate struct mlxsw_linecards with __counted_by (Kees Cook) [Orabug: 36680931] - IB/hfi1: Annotate struct tid_rb_node with __counted_by (Kees Cook) [Orabug: 36680931] - net/mlx5: Handle IPsec steering upon master unbind/bind (Patrisious Haddad) [Orabug: 36680931] - net/mlx5: Configure IPsec steering for ingress RoCEv2 MPV traffic (Patrisious Haddad) [Orabug: 36680931] - net/mlx5: Configure IPsec steering for egress RoCEv2 MPV traffic (Patrisious Haddad) [Orabug: 36680931] - net/mlx5: Add create alias flow table function to ipsec roce (Patrisious Haddad) [Orabug: 36680931] - net/mlx5: Implement alias object allow and create functions (Patrisious Haddad) [Orabug: 36680931] - net/mlx5: Add alias flow table bits (Patrisious Haddad) [Orabug: 36680931] - net/mlx5: Store devcom pointer inside IPsec RoCE (Patrisious Haddad) [Orabug: 36680931] - net/mlx5: Register mlx5e priv to devcom in MPV mode (Patrisious Haddad) [Orabug: 36680931] - RDMA/mlx5: Send events from IB driver about device affiliation state (Patrisious Haddad) [Orabug: 36680931] - mlxsw: i2c: Utilize standard macros for dividing buffer into chunks (Vadim Pasternak) [Orabug: 36680931] - mlxsw: core: Extend allowed list of external cooling devices for thermal zone binding (Vadim Pasternak) [Orabug: 36680931] - mlxsw: reg: Limit MTBR register payload to a single data record (Vadim Pasternak) [Orabug: 36680931] - platform/x86: mlx-platform: Convert to platform remove callback returning void (Uwe Kleine-Konig) [Orabug: 36680931] - platform/mellanox: nvsw-sn2201: Convert to platform remove callback returning void (Uwe Kleine-Konig) [Orabug: 36680931] - platform/mellanox: mlxreg-lc: Convert to platform remove callback returning void (Uwe Kleine-Konig) [Orabug: 36680931] - platform/mellanox: mlxreg-io: Convert to platform remove callback returning void (Uwe Kleine-Konig) [Orabug: 36680931] - platform/mellanox: mlxreg-hotplug: Convert to platform remove callback returning void (Uwe Kleine-Konig) [Orabug: 36680931] - platform/mellanox: mlxbf-bootctl: Convert to platform remove callback returning void (Uwe Kleine-Konig) [Orabug: 36680931] - RDMA/ipoib: Add support for XDR speed in ethtool (Patrisious Haddad) [Orabug: 36680931] - IB/mlx5: Adjust mlx5 rate mapping to support 800Gb (Patrisious Haddad) [Orabug: 36680931] - IB/mlx5: Rename 400G_8X speed to comply to naming convention (Patrisious Haddad) [Orabug: 36680931] - IB/mlx5: Add support for 800G_8X lane speed (Patrisious Haddad) [Orabug: 36680931] - IB/mlx5: Expose XDR speed through MAD (Or Har-Toov) [Orabug: 36680931] - IB/core: Add support for XDR link speed (Or Har-Toov) [Orabug: 36680931] - mlxsw: Edit IPv6 key blocks to use one less block for multicast forwarding (Amit Cohen) [Orabug: 36680931] - mlxsw: spectrum_acl_flex_keys: Add 'ipv4_5b' flex key (Amit Cohen) [Orabug: 36680931] - mlxsw: Add 'ipv4_5' flex key (Amit Cohen) [Orabug: 36680931] - net: ethernet: mellanox: Convert to platform remove callback returning void (Uwe Kleine-Konig) [Orabug: 36680931] - net/mlx5: Enable 4 ports multiport E-switch (Shay Drory) [Orabug: 36680931] - net/mlx5: Add a health error syndrome for pci data poisoned (Moshe Shemesh) [Orabug: 36680931] - net/mlx5: DR, Handle multi destination action in the right order (Erez Shitrit) [Orabug: 36680931] - net/mlx5: DR, Add check for multi destination FTE (Erez Shitrit) [Orabug: 36680931] - net/mlx5: Bridge, Enable mcast in smfs steering mode (Erez Shitrit) [Orabug: 36680931] - net/mlx5e: Check police action rate for matchall filter (Jianbo Liu) [Orabug: 36680931] - net/mlx5e: Consider aggregated port speed during rate configuration (Jianbo Liu) [Orabug: 36680931] - net/mlx5: Remove redundant max_sfs check and field from struct mlx5_sf_dev_table (Jiri Pirko) [Orabug: 36680931] - net/mlx5: Remove SF table reference counting (Jiri Pirko) [Orabug: 36680931] - net/mlx5: Push common deletion code into mlx5_sf_del() (Jiri Pirko) [Orabug: 36680931] - net/mlx5: Rename mlx5_sf_deactivate_all() to mlx5_sf_del_all() (Jiri Pirko) [Orabug: 36680931] - net/mlx5: Move state lock taking into mlx5_sf_dealloc() (Jiri Pirko) [Orabug: 36680931] - net/mlx5: Convert SF port_indices xarray to function_ids xarray (Jiri Pirko) [Orabug: 36680931] - net/mlx5: Use devlink port pointer to get the pointer of container SF struct (Jiri Pirko) [Orabug: 36680931] - net/mlx5: Call mlx5_sf_id_erase() once in mlx5_sf_dealloc() (Jiri Pirko) [Orabug: 36680931] - net/mlx5e: Set en auxiliary devlink instance as nested (Jiri Pirko) [Orabug: 36680931] - net/mlx5: SF, Implement peer devlink set for SF representor devlink port (Jiri Pirko) [Orabug: 36680931] - net/mlx5: Lift reload limitation when SFs are present (Jiri Pirko) [Orabug: 36680931] - net/mlx5: Disable eswitch as the first thing in mlx5_unload() (Jiri Pirko) [Orabug: 36680931] - mlx5: Implement SyncE support using DPLL infrastructure (Jiri Pirko) [Orabug: 36680931] - uapi: stddef.h: Fix header guard location (Alexey Dobriyan) [Orabug: 36680931] - Compiler Attributes: counted_by: Adjust name and identifier expansion (Kees Cook) [Orabug: 36680931] - Compiler Attributes: Add __counted_by macro (Kees Cook) [Orabug: 36680931] - netdevsim: fix memory leak in nsim_bus_dev_new() (Zhengchao Shao) [Orabug: 36680931] - IB/mlx5: Expose NDR speed through MAD (Maher Sanalla) [Orabug: 36680931] - devlink: Fix length of eswitch inline-mode (William Tu) [Orabug: 36680931] - devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (Jiri Pirko) [Orabug: 36680931] - tools: ynl-gen: always construct struct ynl_req_state (Jakub Kicinski) [Orabug: 36680931] - tools: ynl: fix duplicate op name in devlink (Jakub Kicinski) [Orabug: 36680931] - netlink: specs: devlink: add forgotten port function caps enum values (Jiri Pirko) [Orabug: 36680931] - netlink: specs: devlink: add the remaining command to generate complete split_ops (Jiri Pirko) [Orabug: 36680931] - netlink: specs: remove redundant type keys from attributes in subsets (Jiri Pirko) [Orabug: 36680931] - devlink: remove netlink small_ops (Jiri Pirko) [Orabug: 36680931] - devlink: remove duplicated netlink callback prototypes (Jiri Pirko) [Orabug: 36680931] - devlink: rename netlink callback to be aligned with the generated ones (Jiri Pirko) [Orabug: 36680931] - devlink: make devlink_flash_overwrite enum named one (Jiri Pirko) [Orabug: 36680931] - netlink: specs: devlink: make dont-validate single line (Jiri Pirko) [Orabug: 36680931] - netlink: specs: devlink: remove reload-action from devlink-get cmd reply (Jiri Pirko) [Orabug: 36680931] - tools: ynl-gen: render rsp_parse() helpers if cmd has only dump op (Jiri Pirko) [Orabug: 36680931] - genetlink: don't merge dumpit split op for different cmds into single iter (Jiri Pirko) [Orabug: 36680931] - Revert 'tools: ynl-gen: always construct struct ynl_req_state' (Qing Huang) [Orabug: 36680931] - staging: qlge: devlink health: use retained error fmsg API (Przemek Kitszel) [Orabug: 36680931] - qed: devlink health: use retained error fmsg API (Przemek Kitszel) [Orabug: 36680931] - octeontx2-af: devlink health: use retained error fmsg API (Przemek Kitszel) [Orabug: 36680931] - hinic: devlink health: use retained error fmsg API (Przemek Kitszel) [Orabug: 36680931] - netdevsim: devlink health: use retained error fmsg API (Przemek Kitszel) [Orabug: 36680931] - devlink: retain error in struct devlink_fmsg (Przemek Kitszel) [Orabug: 36680931] - devlink: document devlink_rel_nested_in_notify() function (Jiri Pirko) [Orabug: 36680931] - Documentation: devlink: add a note about RTNL lock into locking section (Jiri Pirko) [Orabug: 36680931] - Documentation: devlink: add nested instance section (Jiri Pirko) [Orabug: 36680931] - devlink: don't take instance lock for nested handle put (Jiri Pirko) [Orabug: 36680931] - devlink: take device reference for devlink object (Jiri Pirko) [Orabug: 36680931] - devlink: call peernet2id_alloc() with net pointer under RCU read lock (Jiri Pirko) [Orabug: 36680931] - net: treat possible_net_t net pointer as an RCU one and add read_pnet_rcu() (Jiri Pirko) [Orabug: 36680931] - devlink: introduce possibility to expose info about nested devlinks (Jiri Pirko) [Orabug: 36680931] - devlink: convert linecard nested devlink to new rel infrastructure (Jiri Pirko) [Orabug: 36680931] - devlink: expose peer SF devlink instance (Jiri Pirko) [Orabug: 36680931] - devlink: introduce object and nested devlink relationship infra (Jiri Pirko) [Orabug: 36680931] - devlink: extend devlink_nl_put_nested_handle() with attrtype arg (Jiri Pirko) [Orabug: 36680931] - devlink: move devlink_nl_put_nested_handle() into netlink.c (Jiri Pirko) [Orabug: 36680931] - devlink: put netnsid to nested handle (Jiri Pirko) [Orabug: 36680931] - devlink: move linecard struct into linecard.c (Jiri Pirko) [Orabug: 36680931] - netdev: replace napi_reschedule with napi_schedule (Christian Marangi) [Orabug: 36680931] - net: macb: simplify/cleanup NAPI reschedule checking (Robert Hancock) [Orabug: 36680931] - docs: networking: document NAPI (Jakub Kicinski) [Orabug: 36680931] - ice: Fix broken link in ice NAPI doc (Michal Wilczynski) [Orabug: 36680931] - netdev: make napi_schedule return bool on NAPI successful schedule (Christian Marangi) [Orabug: 36680931] - netdev: replace simple napi_schedule_prep/__napi_schedule to napi_schedule (Christian Marangi) [Orabug: 36680931] - net: Tree wide: Replace xdp_do_flush_map() with xdp_do_flush(). (Sebastian Andrzej Siewior) [Orabug: 36680931] - leds: Convert all platform drivers to return void (Uwe Kleine-Konig) [Orabug: 36680931] - Revert 'net/mlx5e: Fix a race in command alloc flow' (Qing Huang) [Orabug: 36680931] - net/mlx5: E-switch, Change flow rule destination checking (Jianbo Liu) [Orabug: 36680940] - RDMA/mlx5: Expose register c0 for RDMA device (Mark Bloch) [Orabug: 36680940] - net/mlx5: E-Switch, expose eswitch manager vport (Mark Bloch) [Orabug: 36680940] - SUNRPC: add a missing rpc_stat for TCP TLS (Olga Kornievskaia) [Orabug: 36755424] - net/mlx5: offset comp irq index in name by one (Michael Liang) [Orabug: 36760315] - uek-rpm: Enable cluster scheduling domain level in aarch64 kconfig files (Libo Chen) [Orabug: 36473714] - arm64/uek-misc: add a new boot parameter uek=cls to turn on/off CLS sched domain at boot time (Libo Chen) [Orabug: 36473714] - topology: Remove unused cpu_cluster_mask() (Dietmar Eggemann) [Orabug: 36473714] - topology: make core_mask include at least cluster_siblings (Darren Hart) [Orabug: 36473714] - topology/sysfs: export cluster attributes only if an architectures has support (Heiko Carstens) [Orabug: 36473714] - sched: Add cluster scheduler level in core and related Kconfig for ARM64 (Barry Song) [Orabug: 36473714] - topology: Represent clusters of CPUs within a die (Jonathan Cameron) [Orabug: 36473714] - IB/core: Fix off-by-one attr index in setup_hw_port_stats (Sharath Srinivasan) [Orabug: 36722740] - genirq/msi: msi_desc::msi_index KABI fix for out-of-tree drivers (Qing Huang) [Orabug: 36727160] - mm: Incorrect argument for PAGEFLAG_FALSE (Vijay Kumar) [Orabug: 36101034] - Revert 'RDMA/mlx5: Set MR cache limit for both PF and VF' (Qing Huang) [Orabug: 36466391] - Revert 'net/mlx5: Disable mr_cache for SFs' (Qing Huang) [Orabug: 36466391] - {IB,net}/mlx5: Spread IB CQs more evenly over EQs (Parav Pandit) [Orabug: 26790181] [Orabug: 31556116] [Orabug: 31556117] [Orabug: 36385281] - rds: ib: fix non-determinism when comp_vector is zero (Hakon Bugge) [Orabug: 33679626] [Orabug: 36385281] - net/mlx4: fix non-determinism when comp_vector is zero (Hakon Bugge) [Orabug: 33679626] [Orabug: 36385281] - IB/core: Introduce IB_CQ_FORCE_ZERO_CV (Hakon Bugge) [Orabug: 33679626] [Orabug: 36385281] - net: netdevsim: don't try to destroy PHC on VFs (Jakub Kicinski) [Orabug: 36385281] - tools: ynl: don't ignore errors in NLMSG_DONE messages (Jakub Kicinski) [Orabug: 36385281] - platform/x86: mlx-platform: Add dependency on PCI to Kconfig (Vadim Pasternak) [Orabug: 36385281] - net/mlx5: Free used cpus mask when an IRQ is released (Maher Sanalla) [Orabug: 36385281] - RDMA/mlx5: Fix mkey cache WQ flush (Moshe Shemesh) [Orabug: 36385281] - net/mlx5e: Fix VF representors reporting zero counters to 'ip -s' command (Amir Tzin) [Orabug: 36385281] - net/mlx5e: Don't offload internal port if filter device is out device (Jianbo Liu) [Orabug: 36385281] - net/mlx5: Bridge, fix peer entry ageing in LAG mode (Vlad Buslov) [Orabug: 36385281] - net/mlx5: E-switch, register event handler before arming the event (Shay Drory) [Orabug: 36385281] - net/mlx5: Perform DMA operations in the right locations (Shay Drory) [Orabug: 36385281] - net/mlx5e: macsec: use update_pn flag instead of PN comparation (Radu Pirea (NXP OSS)) [Orabug: 36385281] - platform: mellanox: Fix a resource leak in an error handling path in probing flow (Vadim Pasternak) [Orabug: 36385281] - RDMA/mlx5: Remove not-used cache disable flag (Leon Romanovsky) [Orabug: 36385281] - RDMA/mlx5: Implement mkeys management via LIFO queue (Shay Drory) [Orabug: 36385281] - RDMA/mlx5: Fix mkey cache possible deadlock on cleanup (Shay Drory) [Orabug: 36385281] - RDMA/mlx5: Fix mutex unlocking on error flow for steering anchor creation (Hamdan Igbaria) [Orabug: 36385281] - power: reset: use capital 'OR' for multiple licenses in SPDX (Krzysztof Kozlowski) [Orabug: 36385281] - platform/mellanox: NVSW_SN2201 should depend on ACPI (Geert Uytterhoeven) [Orabug: 36385281] - mlx5/core: E-Switch, Create ACL FT for eswitch manager in switchdev mode (Bodong Wang) [Orabug: 36385281] - net/mlx5e: Clear mirred devices array if the rule is split (Jianbo Liu) [Orabug: 36385281] - net/mlx5: Implement devlink port function cmds to control ipsec_packet (Dima Chumak) [Orabug: 36385281] - net/mlx5: Implement devlink port function cmds to control ipsec_crypto (Dima Chumak) [Orabug: 36385281] - net/mlx5: Provide an interface to block change of IPsec capabilities (Leon Romanovsky) [Orabug: 36385281] - net/mlx5: Add IFC bits to support IPsec enable/disable (Leon Romanovsky) [Orabug: 36385281] - net/mlx5e: Rewrite IPsec vs. TC block interface (Leon Romanovsky) [Orabug: 36385281] - net/mlx5: Drop extra layer of locks in IPsec (Leon Romanovsky) [Orabug: 36385281] - i2c: mlxcpld: Add support for extended transaction length (Vadim Pasternak) [Orabug: 36385281] - mlxsw: core_hwmon: Adjust module label names based on MTCAP sensor counter (Vadim Pasternak) [Orabug: 36385281] - platform: mellanox: nvsw-sn2201: change fans i2c busses. (Michael Shych) [Orabug: 36385281] - platform: mellanox: mlxreg-hotplug: Extend condition for notification callback processing (Vadim Pasternak) [Orabug: 36385281] - platform: mellanox: Add initial support for PCIe based programming logic device (Vadim Pasternak) [Orabug: 36385281] - platform: mellanox: mlx-platform: Get interrupt line through ACPI (Vadim Pasternak) [Orabug: 36385281] - platform: mellanox: mlx-platform: Introduce ACPI init flow (Vadim Pasternak) [Orabug: 36385281] - platform: mellanox: mlx-platform: Prepare driver to allow probing through ACPI infrastructure (Vadim Pasternak) [Orabug: 36385281] - platform: mellanox: mlx-platform: Add reset callback (Vadim Pasternak) [Orabug: 36385281] - platform: mellanox: Cosmetic changes (Vadim Pasternak) [Orabug: 36385281] - platform: mellanox: mlx-platform: Modify power off callback (Vadim Pasternak) [Orabug: 36385281] - platform: mellanox: mlx-platform: add support for additional CPLD (Vadim Pasternak) [Orabug: 36385281] - platform: mellanox: mlx-platform: Add reset cause attribute (Vadim Pasternak) [Orabug: 36385281] - platform: mellanox: mlx-platform: Modify health and power hotplug action (Vadim Pasternak) [Orabug: 36385281] - platform: mellanox: Modify reset causes description (Vadim Pasternak) [Orabug: 36385281] - platform: mellanox: Add field upgrade capability register (Vadim Pasternak) [Orabug: 36385281] - platform: mellanox: Add new attributes (Vadim Pasternak) [Orabug: 36385281] - mlx4: Delete custom device management logic (Petr Pavlu) [Orabug: 36385281] - mlx4: Connect the infiniband part to the auxiliary bus (Petr Pavlu) [Orabug: 36385281] - mlx4: Connect the ethernet part to the auxiliary bus (Petr Pavlu) [Orabug: 36385281] - mlx4: Register mlx4 devices to an auxiliary virtual bus (Petr Pavlu) [Orabug: 36385281] - mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (Petr Pavlu) [Orabug: 36385281] - mlx4: Move the bond work to the core driver (Petr Pavlu) [Orabug: 36385281] - mlx4: Get rid of the mlx4_interface.activate callback (Petr Pavlu) [Orabug: 36385281] - mlx4: Replace the mlx4_interface.event callback with a notifier (Petr Pavlu) [Orabug: 36385281] - mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (Petr Pavlu) [Orabug: 36385281] - mlx4: Rename member mlx4_en_dev.nb to netdev_nb (Petr Pavlu) [Orabug: 36385281] - mlx4: Get rid of the mlx4_interface.get_dev callback (Petr Pavlu) [Orabug: 36385281] - net/mlx5e: Support IPsec upper TCP protocol selector (Leon Romanovsky) [Orabug: 36385281] - net/mlx5e: Support IPsec upper protocol selector field offload for RX (Emeel Hakim) [Orabug: 36385281] - net/mlx5: Store vport in struct mlx5_devlink_port and use it in port ops (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Check vhca_resource_manager capability in each op and add extack msg (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Relax mlx5_devlink_eswitch_get() return value checking (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Return -EOPNOTSUPP in mlx5_devlink_port_fn_migratable_set() directly (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Reduce number of vport lookups passing vport pointer instead of index (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Embed struct devlink_port into driver structure (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Don't register ops for non-PF/VF/SF port and avoid checks in ops (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Remove no longer used mlx5_esw_offloads_sf_vport_enable/disable() (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Introduce mlx5_eswitch_load/unload_sf_vport() and use it from SF code (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Allow mlx5_esw_offloads_devlink_port_register() to register SFs (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Push devlink port PF/VF init/cleanup calls out of devlink_port_register/unregister() (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Push out SF devlink port init and cleanup code to separate helpers (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Rework devlink port alloc/free into init/cleanup (Jiri Pirko) [Orabug: 36385281] - RDMA/mlx5: Fix trailing */ formatting in block comment (Rohit Chavan) [Orabug: 36385281] - net/mlx5: Convert PCI error values to generic errnos (Ilpo Jarvinen) [Orabug: 36385281] - net/mlx5: Devcom, only use devcom after NULL check in mlx5_devcom_send_event() (Li Zetao) [Orabug: 36385281] - net/mlx5: DR, Supporting inline WQE when possible (Itamar Gozlan) [Orabug: 36385281] - net/mlx5: Rename devlink port ops struct for PFs/VFs (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Remove VPORT_UPLINK handling from devlink_port.c (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Call mlx5_esw_offloads_rep_load/unload() for uplink port directly (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Update dead links in Kconfig documentation (Rahul Rameshbabu) [Orabug: 36385281] - net/mlx5: Remove health syndrome enum duplication (Gal Pressman) [Orabug: 36385281] - net/mlx5: DR, Remove unneeded local variable (Yevgeny Kliteynik) [Orabug: 36385281] - net/mlx5: DR, Fix code indentation (Yevgeny Kliteynik) [Orabug: 36385281] - net/mlx5: IRQ, consolidate irq and affinity mask allocation (Saeed Mahameed) [Orabug: 36385281] - net/mlx5e: Fix spelling mistake 'Faided' -> 'Failed' (Colin Ian King) [Orabug: 36385281] - net/mlx5e: aRFS, Introduce ethtool stats (Adham Faris) [Orabug: 36385281] - net/mlx5e: aRFS, Warn if aRFS table does not exist for aRFS rule (Adham Faris) [Orabug: 36385281] - net/mlx5e: aRFS, Prevent repeated kernel rule migrations requests (Adham Faris) [Orabug: 36385281] - RDMA/mlx5: Handles RoCE MACsec steering rules addition and deletion (Patrisious Haddad) [Orabug: 36385281] - net/mlx5: Add RoCE MACsec steering infrastructure in core (Patrisious Haddad) [Orabug: 36385281] - net/mlx5: Configure MACsec steering for ingress RoCEv2 traffic (Patrisious Haddad) [Orabug: 36385281] - net/mlx5: Configure MACsec steering for egress RoCEv2 traffic (Patrisious Haddad) [Orabug: 36385281] - net/mlx5: Add MACsec priorities in RDMA namespaces (Patrisious Haddad) [Orabug: 36385281] - RDMA/mlx5: Implement MACsec gid addition and deletion (Patrisious Haddad) [Orabug: 36385281] - net/mlx5: Maintain fs_id xarray per MACsec device inside macsec steering (Patrisious Haddad) [Orabug: 36385281] - net/mlx5: Remove netdevice from MACsec steering (Patrisious Haddad) [Orabug: 36385281] - net/mlx5e: Move MACsec flow steering and statistics database from ethernet to core (Patrisious Haddad) [Orabug: 36385281] - net/mlx5e: Rename MACsec flow steering functions/parameters to suit core naming style (Patrisious Haddad) [Orabug: 36385281] - net/mlx5: Remove dependency of macsec flow steering on ethernet (Patrisious Haddad) [Orabug: 36385281] - net/mlx5e: Move MACsec flow steering operations to be used as core library (Patrisious Haddad) [Orabug: 36385281] - RDMA/mlx4: Copy union directly (Gustavo A. R. Silva) [Orabug: 36385281] - mmc: sdhci-of-dwcmshc: Convert to platform remove callback returning void (Yangtao Li) [Orabug: 36385281] - net/mlx5: Don't query MAX caps twice (Shay Drory) [Orabug: 36385281] - net/mlx5: Remove unused MAX HCA capabilities (Shay Drory) [Orabug: 36385281] - net/mlx5: Remove unused CAPs (Shay Drory) [Orabug: 36385281] - net/mlx5: Fix error message in mlx5_sf_dev_state_change_handler() (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Remove redundant check of mlx5_vhca_event_supported() (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Use mlx5_sf_start_function_id() helper instead of directly calling MLX5_CAP_GEN() (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Remove redundant SF supported check from mlx5_sf_hw_table_init() (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Use auxiliary_device_uninit() instead of device_put() (Jiri Pirko) [Orabug: 36385281] - net/mlx5: E-switch, Add checking for flow rule destinations (Jianbo Liu) [Orabug: 36385281] - net/mlx5: Check with FW that sync reset completed successfully (Moshe Shemesh) [Orabug: 36385281] - net/mlx5: Expose max possible SFs via devlink resource (Shay Drory) [Orabug: 36385281] - net/mlx5e: Add recovery flow for tx devlink health reporter for unhealthy PTP SQ (Rahul Rameshbabu) [Orabug: 36385281] - net/mlx5e: Make tx_port_ts logic resilient to out-of-order CQEs (Rahul Rameshbabu) [Orabug: 36385281] - net/mlx5: Consolidate devlink documentation in devlink/mlx5.rst (Rahul Rameshbabu) [Orabug: 36385281] - i2c: mlxbf: Use devm_platform_get_and_ioremap_resource() (Yangtao Li) [Orabug: 36385281] - mlxsw: spectrum: Stop ignoring learning notifications from redirected traffic (Ido Schimmel) [Orabug: 36385281] - mlxsw: spectrum_flower: Disable learning and security lookup when redirecting (Ido Schimmel) [Orabug: 36385281] - mlxsw: core_acl_flex_actions: Add IGNORE_ACTION (Ido Schimmel) [Orabug: 36385281] - i2c: mlxbf: Use dev_err_probe in probe function (Liao Chang) [Orabug: 36385281] - net: netdevsim: mimic tc-taprio offload (Vladimir Oltean) [Orabug: 36385281] - net: netdevsim: use mock PHC driver (Vladimir Oltean) [Orabug: 36385281] - net/mlx5: Expose NIC temperature via hardware monitoring kernel API (Adham Faris) [Orabug: 36385281] - net/mlx5: Expose port.c/mlx5_query_module_num() function (Adham Faris) [Orabug: 36385281] - selftests: mlxsw: router_bridge_lag: Add a new selftest (Petr Machata) [Orabug: 36385281] - mlxsw: Set port STP state on bridge enslavement (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum_switchdev: Use is_zero_ether_addr() instead of ether_addr_equal() (Ruan Jinjie) [Orabug: 36385281] - mlxbf_gige: Remove two unused function declarations (Yue Haibing) [Orabug: 36385281] - rtnetlink: remove redundant checks for nlattr IFLA_BRIDGE_MODE (Lin Ma) [Orabug: 36385281] - net/mlx5: Bridge, Only handle registered netdev bridge events (Roi Dayan) [Orabug: 36385281] - net/mlx5: E-Switch, Remove redundant arg ignore_flow_lvl (Roi Dayan) [Orabug: 36385281] - net/mlx5: Fix typo reminder -> remainder (Gal Pressman) [Orabug: 36385281] - net/mlx5: remove many unnecessary NULL values (Ruan Jinjie) [Orabug: 36385281] - net/mlx5: Allocate completion EQs dynamically (Maher Sanalla) [Orabug: 36385281] - net/mlx5: Handle SF IRQ request in the absence of SF IRQ pool (Maher Sanalla) [Orabug: 36385281] - net/mlx5: Rename mlx5_comp_vectors_count() to mlx5_comp_vectors_max() (Maher Sanalla) [Orabug: 36385281] - net/mlx5: Add IRQ vector to CPU lookup function (Maher Sanalla) [Orabug: 36385281] - net/mlx5: Introduce mlx5_cpumask_default_spread (Maher Sanalla) [Orabug: 36385281] - net/mlx5: Implement single completion EQ create/destroy methods (Maher Sanalla) [Orabug: 36385281] - net/mlx5: Use xarray to store and manage completion EQs (Maher Sanalla) [Orabug: 36385281] - net/mlx5: Refactor completion IRQ request/release handlers in EQ layer (Maher Sanalla) [Orabug: 36385281] - net/mlx5: Use xarray to store and manage completion IRQs (Maher Sanalla) [Orabug: 36385281] - net/mlx5: Refactor completion IRQ request/release API (Maher Sanalla) [Orabug: 36385281] - net/mlx5: Track the current number of completion EQs (Maher Sanalla) [Orabug: 36385281] - mlxsw: spectrum: Remove unused function declarations (Yue Haibing) [Orabug: 36385281] - net/mlx4: Remove many unnecessary NULL values (Ruan Jinjie) [Orabug: 36385281] - net/mlx5e: Make TC and IPsec offloads mutually exclusive on a netdev (Jianbo Liu) [Orabug: 36385281] - net/mlx5e: Add get IPsec offload stats for uplink representor (Jianbo Liu) [Orabug: 36385281] - net/mlx5e: Modify and restore TC rules for IPSec TX rules (Jianbo Liu) [Orabug: 36385281] - net/mlx5e: Make IPsec offload work together with eswitch and TC (Jianbo Liu) [Orabug: 36385281] - net/mlx5: Compare with old_dest param to modify rule destination (Jianbo Liu) [Orabug: 36385281] - net/mlx5e: Support IPsec packet offload for TX in switchdev mode (Jianbo Liu) [Orabug: 36385281] - net/mlx5e: Refactor IPsec TX tables creation (Jianbo Liu) [Orabug: 36385281] - net/mlx5e: Handle IPsec offload for RX datapath in switchdev mode (Jianbo Liu) [Orabug: 36385281] - net/mlx5e: Support IPsec packet offload for RX in switchdev mode (Jianbo Liu) [Orabug: 36385281] - net/mlx5e: Refactor IPsec RX tables creation and destruction (Jianbo Liu) [Orabug: 36385281] - net/mlx5e: Prepare IPsec packet offload for switchdev mode (Jianbo Liu) [Orabug: 36385281] - net/mlx5e: Change the parameter of IPsec RX skb handle function (Jianbo Liu) [Orabug: 36385281] - net/mlx5e: Add function to get IPsec offload namespace (Jianbo Liu) [Orabug: 36385281] - selftests: mlxsw: rif_bridge: Add a new selftest (Petr Machata) [Orabug: 36385281] - selftests: mlxsw: rif_lag_vlan: Add a new selftest (Petr Machata) [Orabug: 36385281] - selftests: mlxsw: rif_lag: Add a new selftest (Petr Machata) [Orabug: 36385281] - IB/mlx5: Add HW counter called rx_dct_connect (Shetu Ayalew) [Orabug: 36385281] - RDMA/mlx: Remove unnecessary variable initializations (Ruan Jinjie) [Orabug: 36385281] - mlxsw: spectrum_router: IPv6 events: Use tracker helpers to hold & put netdevices (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum_router: RIF: Use tracker helpers to hold & put netdevices (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum_router: hw_stats: Use tracker helpers to hold & put netdevices (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum_router: FIB: Use tracker helpers to hold & put netdevices (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum_switchdev: Use tracker helpers to hold & put netdevices (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum_nve: Do not take reference when looking up netdevice (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum: Drop unused functions mlxsw_sp_port_lower_dev_hold/_put() (Petr Machata) [Orabug: 36385281] - leds: Explicitly include correct DT includes (Rob Herring) [Orabug: 36385281] - net/mlx5: Fix flowhash key set/get for custom RSS (Joe Damato) [Orabug: 36385281] - net/mlx5: Give esw_offloads_load/unload_rep() 'mlx5_' prefix (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Make mlx5_eswitch_load/unload_vport() static (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Make mlx5_esw_offloads_rep_load/unload() static (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Remove pointless devlink_rate checks (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Don't check vport->enabled in port ops (Jiri Pirko) [Orabug: 36385281] - net/mlx5e: Make flow classification filters static (Parav Pandit) [Orabug: 36385281] - net/mlx5e: Remove duplicate code for user flow (Parav Pandit) [Orabug: 36385281] - net/mlx5: Allocate command stats with xarray (Shay Drory) [Orabug: 36385281] - net/mlx5: split mlx5_cmd_init() to probe and reload routines (Shay Drory) [Orabug: 36385281] - net/mlx5: Remove redundant cmdif revision check (Shay Drory) [Orabug: 36385281] - net/mlx5: Re-organize mlx5_cmd struct (Shay Drory) [Orabug: 36385281] - net/mlx5e: E-Switch, Allow devcom initialization on more vports (Roi Dayan) [Orabug: 36385281] - net/mlx5e: E-Switch, Register devcom device with switch id key (Roi Dayan) [Orabug: 36385281] - net/mlx5: Devcom, Infrastructure changes (Roi Dayan) [Orabug: 36385281] - net/mlx5: Use shared code for checking lag is supported (Roi Dayan) [Orabug: 36385281] - net/mlx4: clean up a type issue (Dan Carpenter) [Orabug: 36385281] - mlxsw: core_env: Read transceiver module EEPROM in 128 bytes chunks (Ido Schimmel) [Orabug: 36385281] - mlxsw: reg: Increase Management Cable Info Access Register length (Ido Schimmel) [Orabug: 36385281] - mlxsw: reg: Remove unused function argument (Ido Schimmel) [Orabug: 36385281] - mlxsw: reg: Add Management Capabilities Mask Register (Amit Cohen) [Orabug: 36385281] - mlxsw: reg: Move 'mpsc' definition in 'mlxsw_reg_infos' (Amit Cohen) [Orabug: 36385281] - platform: Explicitly include correct DT includes (Rob Herring) [Orabug: 36385281] - net/mlx5e: Support IPsec NAT-T functionality (Leon Romanovsky) [Orabug: 36385281] - net/mlx5e: Check for IPsec NAT-T support (Leon Romanovsky) [Orabug: 36385281] - net/mlx5: Add relevant capabilities bits to support NAT-T (Leon Romanovsky) [Orabug: 36385281] - sch_htb: Allow HTB quantum parameter in offload mode (Naveen Mamindlapalli) [Orabug: 36385281] - mlxsw: spectrum: Permit enslavement to netdevices with uppers (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum_router: Replay IP NETDEV_UP on device deslavement (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum_router: Replay IP NETDEV_UP on device enslavement (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum_router: Replay neighbours when RIF is made (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum_router: Replay MACVLANs when RIF is made (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum_router: Offload ethernet nexthops when RIF is made (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum_router: Join RIFs of LAG upper VLANs (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum_switchdev: Replay switchdev objects on port join (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum: On port enslavement to a LAG, join upper's bridges (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum: Add a replay_deslavement argument to event handlers (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum: Allow event handlers to check unowned bridges (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum: Split a helper out of mlxsw_sp_netdevice_event() (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum_router: Extract a helper to schedule neighbour work (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum_router: Allow address handlers to run on bridge ports (Petr Machata) [Orabug: 36385281] - selftests: mlxsw: rtnetlink: Drop obsolete tests (Petr Machata) [Orabug: 36385281] - net: switchdev: Add a helper to replay objects on a bridge port (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum_switchdev: Manage RIFs on PVID change (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum_router: mlxsw_sp_inetaddr_bridge_event: Add an argument (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum_router: Adjust mlxsw_sp_inetaddr_vlan_event() coding style (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum_router: Take VID for VLAN FIDs from RIF params (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum_router: Pass struct mlxsw_sp_rif_params to fid_get (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum_switchdev: Pass extack to mlxsw_sp_br_ban_rif_pvid_change() (Petr Machata) [Orabug: 36385281] - netdevsim: add dummy macsec offload (Sabrina Dubroca) [Orabug: 36385281] - selftests: mlxsw: Test port range registers' occupancy (Ido Schimmel) [Orabug: 36385281] - selftests: mlxsw: Add scale test for port ranges (Ido Schimmel) [Orabug: 36385281] - mlxsw: spectrum_flower: Add ability to match on port ranges (Ido Schimmel) [Orabug: 36385281] - mlxsw: spectrum_acl: Pass main driver structure to mlxsw_sp_acl_rulei_destroy() (Ido Schimmel) [Orabug: 36385281] - mlxsw: spectrum_acl: Add port range key element (Ido Schimmel) [Orabug: 36385281] - mlxsw: spectrum_port_range: Add devlink resource support (Ido Schimmel) [Orabug: 36385281] - mlxsw: spectrum_port_range: Add port range core (Ido Schimmel) [Orabug: 36385281] - mlxsw: resource: Add resource identifier for port range registers (Ido Schimmel) [Orabug: 36385281] - mlxsw: reg: Add Policy-Engine Port Range Register (Ido Schimmel) [Orabug: 36385281] - RDMA/mlx5: align MR mem allocation size to power-of-two (Yuanyuan Zhong) [Orabug: 36385281] - RDMA/mlx5: Fix Q-counters query in LAG mode (Patrisious Haddad) [Orabug: 36385281] - RDMA/mlx5: Remove vport Q-counters dependency on normal Q-counters (Patrisious Haddad) [Orabug: 36385281] - RDMA/mlx5: Fix Q-counters per vport allocation (Patrisious Haddad) [Orabug: 36385281] - RDMA/mlx5: Expand switchdev Q-counters to expose representor statistics (Patrisious Haddad) [Orabug: 36385281] - RDMA/mlx5: Use query_special_contexts for mkeys (Or Har-Toov) [Orabug: 36385281] - platform_data/mlxreg: Add field with mapped resource address (Vadim Pasternak) [Orabug: 36385281] - RDMA/mlx4: Remove NULL check before dev_{put, hold} (zhang songyi) [Orabug: 36385281] - platform/chrome: cros_ec: sort header inclusion alphabetically (Tzung-Bi Shih) [Orabug: 36385281] - Documentation: devlink: mlx5.rst: Fix htmldoc build warning (Saeed Mahameed) [Orabug: 36385281] - RDMA/mlx5: Print wc status on CQE error and dump needed (Dust Li) [Orabug: 36385281] - RDMA/mlx4: Use bitmap_alloc() when applicable (Christophe JAILLET) [Orabug: 36385281] - RDMA/mlx5: fix build error with INFINIBAND_USER_ACCESS=n (Arnd Bergmann) [Orabug: 36385281] - RDMA/mlx5: Add optional counter support in get_hw_stats callback (Aharon Landau) [Orabug: 36385281] - RDMA/mlx5: Add modify_op_stat() support (Aharon Landau) [Orabug: 36385281] - RDMA/mlx5: Support optional counters in hw_stats initialization (Aharon Landau) [Orabug: 36385281] - tools: ynl: fix setting presence bits in simple nests (Jakub Kicinski) [Orabug: 36385281] - net: flow_dissector: Use 64bits for used_keys (Ratheesh Kannoth) [Orabug: 36385281] - netfilter: flowtable: Support GRE (Toshiaki Makita) [Orabug: 36385281] - tools: ynl: fix handling of multiple mcast groups (Jakub Kicinski) [Orabug: 36385281] - tools: ynl: don't leak mcast_groups on init error (Jakub Kicinski) [Orabug: 36385281] - tools: ynl: make sure we always pass yarg to mnl_cb_run (Jakub Kicinski) [Orabug: 36385281] - tools: ynl-gen: always construct struct ynl_req_state (Jakub Kicinski) [Orabug: 36385281] - netlink: specs: devlink: fix reply command values (Jiri Pirko) [Orabug: 36385281] - devlink: move devlink_notify_register/unregister() to dev.c (Jiri Pirko) [Orabug: 36385281] - devlink: move small_ops definition into netlink.c (Jiri Pirko) [Orabug: 36385281] - devlink: move tracepoint definitions into core.c (Jiri Pirko) [Orabug: 36385281] - devlink: push linecard related code into separate file (Jiri Pirko) [Orabug: 36385281] - devlink: push rate related code into separate file (Jiri Pirko) [Orabug: 36385281] - devlink: Allow for devlink-rate nodes parent reassignment (Michal Wilczynski) [Orabug: 36385281] - devlink: Introduce new attribute 'tx_weight' to devlink-rate (Michal Wilczynski) [Orabug: 36385281] - devlink: Introduce new attribute 'tx_priority' to devlink-rate (Michal Wilczynski) [Orabug: 36385281] - devlink: push trap related code into separate file (Jiri Pirko) [Orabug: 36385281] - devlink: use tracepoint_enabled() helper (Jiri Pirko) [Orabug: 36385281] - devlink: push region related code into separate file (Jiri Pirko) [Orabug: 36385281] - devlink: push param related code into separate file (Jiri Pirko) [Orabug: 36385281] - devlink: push resource related code into separate file (Jiri Pirko) [Orabug: 36385281] - devlink: push dpipe related code into separate file (Jiri Pirko) [Orabug: 36385281] - devlink: move and rename devlink_dpipe_send_and_alloc_skb() helper (Jiri Pirko) [Orabug: 36385281] - devlink: push shared buffer related code into separate file (Jiri Pirko) [Orabug: 36385281] - devlink: push port related code into separate file (Jiri Pirko) [Orabug: 36385281] - devlink: push object register/unregister notifications into separate helpers (Jiri Pirko) [Orabug: 36385281] - devlink: Expose port function commands to control IPsec packet offloads (Dima Chumak) [Orabug: 36385281] - devlink: Expose port function commands to control IPsec crypto offloads (Dima Chumak) [Orabug: 36385281] - genetlink: add genlmsg_iput() API (Jakub Kicinski) [Orabug: 36385281] - genetlink: add a family pointer to struct genl_info (Jakub Kicinski) [Orabug: 36385281] - genetlink: use attrs from struct genl_info (Jakub Kicinski) [Orabug: 36385281] - genetlink: add struct genl_info to struct genl_dumpit_info (Jakub Kicinski) [Orabug: 36385281] - genetlink: remove userhdr from struct genl_info (Jakub Kicinski) [Orabug: 36385281] - genetlink: make genl_info->nlhdr const (Jakub Kicinski) [Orabug: 36385281] - genetlink: push conditional locking into dumpit/done (Jakub Kicinski) [Orabug: 36385281] - net: ethtool: don't require empty header nests (Jakub Kicinski) [Orabug: 36385281] - netlink: support extack in dump ->start() (Jakub Kicinski) [Orabug: 36385281] - netlink: specs: devlink: extend health reporter dump attributes by port index (Jiri Pirko) [Orabug: 36385281] - devlink: extend health reporter dump selector by port index (Jiri Pirko) [Orabug: 36385281] - netlink: specs: devlink: extend per-instance dump commands to accept instance attributes (Jiri Pirko) [Orabug: 36385281] - devlink: allow user to narrow per-instance dumps by passing handle attrs (Jiri Pirko) [Orabug: 36385281] - devlink: remove converted commands from small ops (Jiri Pirko) [Orabug: 36385281] - devlink: remove duplicate temporary netlink callback prototypes (Jiri Pirko) [Orabug: 36385281] - netlink: specs: devlink: add commands that do per-instance dump (Jiri Pirko) [Orabug: 36385281] - devlink: pass flags as an arg of dump_one() callback (Jiri Pirko) [Orabug: 36385281] - devlink: introduce dumpit callbacks for split ops (Jiri Pirko) [Orabug: 36385281] - devlink: rename doit callbacks for per-instance dump commands (Jiri Pirko) [Orabug: 36385281] - devlink: introduce devlink_nl_pre_doit_port*() helper functions (Jiri Pirko) [Orabug: 36385281] - devlink: parse rate attrs in doit() callbacks (Jiri Pirko) [Orabug: 36385281] - devlink: parse linecard attr in doit() callbacks (Jiri Pirko) [Orabug: 36385281] - devlink: clear flag on port register error path (Jiri Pirko) [Orabug: 36385281] - devlink: Remove unused devlink_dpipe_table_resource_set() declaration (Yue Haibing) [Orabug: 36385281] - devlink: use generated split ops and remove duplicated commands from small ops (Jiri Pirko) [Orabug: 36385281] - devlink: include the generated netlink header (Jiri Pirko) [Orabug: 36385281] - devlink: add split ops generated according to spec (Jiri Pirko) [Orabug: 36385281] - netlink: specs: devlink: add info-get dump op (Jiri Pirko) [Orabug: 36385281] - devlink: un-static devlink_nl_pre/post_doit() (Jiri Pirko) [Orabug: 36385281] - devlink: introduce couple of dumpit callbacks for split ops (Jiri Pirko) [Orabug: 36385281] - devlink: rename couple of doit netlink callbacks to match generated names (Jiri Pirko) [Orabug: 36385281] - devlink: rename devlink_nl_ops to devlink_nl_small_ops (Jiri Pirko) [Orabug: 36385281] - devlink: Remove unused extern declaration devlink_port_region_destroy() (Yue Haibing) [Orabug: 36385281] - devlink: add forgotten devlink instance lock assertion to devl_param_driverinit_value_set() (Jiri Pirko) [Orabug: 36385281] - devlink: convert param list to xarray (Jiri Pirko) [Orabug: 36385281] - devlink: use xa_for_each_start() helper in devlink_nl_cmd_port_get_dump_one() (Jiri Pirko) [Orabug: 36385281] - devlink: fix the name of value arg of devl_param_driverinit_value_get() (Jiri Pirko) [Orabug: 36385281] - devlink: make sure driver does not read updated driverinit param before reload (Jiri Pirko) [Orabug: 36385281] - devlink: don't use strcpy() to copy param value (Jiri Pirko) [Orabug: 36385281] - tools: ynl-gen: fix enum index in _decode_enum(..) (Arkadiusz Kubalewski) [Orabug: 36385281] - tools: ynl-gen: support / skip pads on the way to kernel (Jakub Kicinski) [Orabug: 36385281] - tools: ynl-gen: don't pass op_name to RenderInfo (Jakub Kicinski) [Orabug: 36385281] - tools: ynl-gen: support code gen for events (Jakub Kicinski) [Orabug: 36385281] - tools: ynl-gen: sanitize notification tracking (Jakub Kicinski) [Orabug: 36385281] - tools: ynl: regen: stop generating common notification handlers (Jakub Kicinski) [Orabug: 36385281] - tools: ynl-gen: stop generating common notification handlers (Jakub Kicinski) [Orabug: 36385281] - tools: ynl: regen: regenerate the if ladders (Jakub Kicinski) [Orabug: 36385281] - tools: ynl-gen: get attr type outside of if() (Jakub Kicinski) [Orabug: 36385281] ... IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-36920 CVE-2024-36281 CVE-2024-42159 CVE-2024-26858 CVE-2024-36890 CVE-2024-36907 CVE-2023-52626 CVE-2023-52532 CVE-2024-44952 CVE-2024-42289 CVE-2024-38629 CVE-2024-21823 CVE-2024-35991 CVE-2024-41022 CVE-2024-42272 CVE-2024-42286 CVE-2024-26587 CVE-2024-36924 CVE-2024-42287 CVE-2024-26746 CVE-2024-42288 CVE-2024-26742 cpe:/a:oracle:linux:8::UEKR7 cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9::UEKR7 Oracle Linux 9 [3.0.7-28.0.1] - Drop OpenELA branding, apply Oracle branding patches - Enable openssl-fips-provider dependency [Orabug: 36504822] - Temporary disable openssl-fips-provider dependency [Orabug: 36504822] - Replace upstream references [Orabug: 34340177] [1:3.0.7-28] - Patch for CVE-2024-6119 Resolves: RHEL-55340 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-6119 cpe:/a:oracle:linux:9::userspace_ksplice Oracle Linux 7 [3.10.0-1160.119.1.0.4.el7.OL7] - fuse: fix pipe buffer lifetime for direct_io (Miklos Szeredi) [3.10.0-1160.119.1.0.4.el7.OL7] MODERATE Copyright 2024 Oracle, Inc. CVE-2022-1011 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 8 [4.5.5-1.21] - Fix external providers properties observability MODERATE Copyright 2024 Oracle, Inc. cpe:/a:oracle:linux:8::ovirt45 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.90.3] - SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int (Dai Ngo) [Orabug: 37055439] [4.1.12-124.90.2] - scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() (Justin Tee) [Orabug: 36643241] {CVE-2024-35930} - scsi: qla2xxx: Fix command flush on cable pull (Quinn Tran) [Orabug: 36596617] {CVE-2024-26931} - VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (David Fernandez Gonzalez) [Orabug: 33917166] [4.1.12-124.90.1] - i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (Sindhu Devale) [Orabug: 36643519] {CVE-2024-36004} - dyndbg: fix old BUG_ON in >control parser (Jim Cromie) [Orabug: 36643340] {CVE-2024-35947} - btrfs: send: handle path ref underflow in header iterate_inode_ref() (David Sterba) [Orabug: 36643269] {CVE-2024-35935} - ipv6: Fix infinite recursion in fib6_dump_done(). (Kuniyuki Iwashima) [Orabug: 36643095] {CVE-2024-35886} - x86/mm/pat: fix VM_PAT handling in COW mappings (David Hildenbrand) [Orabug: 36643059] {CVE-2024-35877} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-35877 CVE-2024-35947 CVE-2024-35886 CVE-2024-36004 CVE-2024-26931 CVE-2024-35930 CVE-2024-35935 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 8 [4.4.10.7-1.0.33] - Fix external providers properties observability [4.4.10.7-1.0.32] - Upgrade bundled frontend dependency of jquery-ui [4.4.10.7-1.0.31] - Allow enrolling certificates in non-responsive state and Extend the lifetime of non-web certificates [4.4.10.7-1.0.30] - Fix network exception handling and fencing flow logic. [4.4.10.7-1.0.29] - Fixing the manage events form email display [4.4.10.7-1.0.28] - Remove taa-no from Secure Skylake Server [4.4.10.7-1.0.27] - Updating the jquery to 3.6.0 [4.4.10.7-1.0.26] - Check locale for path traversal character [4.4.10.7-1.0.25] - Hide the icons directory from listable directories [4.4.10.7-1.0.24] - Fixed the packing of ova where ovf length was changed after encoding [4.4.10.7-1.0.23] - Fixed the issue of renewing vm-console-proxy and ovn certificates during engine-setup [4.4.10.7-1.0.22] - Fix the engine url for vmconsole to use https protocol [4.4.10.7-1.0.21] - Fix classpath for SecureByteArrayOutputStream after apache-sshd-2.9 update [4.4.10.7-1.0.20] - Wait for loop device to be available [4.4.10.7-1.0.19] - Clean old nvram file on vm emulator update to uefi secure boot [4.4.10.7-1.0.18] - Added support to use postgresql-jdbc-42.2.14-1 and spring framework 5.3.19 - Cleanup the spec file to remove unneeded or commented lines [4.4.10.7-1.0.17] - Stopping the ovirt-engine-dwh service and setting the DwhCurrentlyRunning to 0 when changing password encryption from md5 to scram-sha-256. [4.4.10.7-1.0.16] - Included the condition of origin as NULL while inserting the data in vm_ovf_generations table [4.4.10.7-1.0.15] - Fix to parse both uppercase and camelcase instanceID in OvfReader [4.4.10.7-1.0.14] - Back Port from upstream 4.5 - https://gerrit.ovirt.org/c/ovirt-engine/+/116317/ [4.4.10.7-1.0.13] - Remove movirt as it is deprecated upstream [4.4.10.7-1.0.12] - Changing the password ecryption type in postgres from md5 to scram-sha-256 [4.4.10.7-1.0.11] - Add NumOfPciExpressPorts as configurable attribute [4.4.10.7-1.0.10] - Forward port - Support for Windows 11 and Windows Server 2022 [4.4.10.7-1.0.9] - Forward port from 4.3.6.6-1.0.16, added Skylake-Server-noTSX-IBRS and Cascadelake-Server-noTSX CPU Types [4.4.10.7-1.0.8] - Forward Port - Fix qxl video [4.4.10.7-1.0.7] - Forward Port - Fix NPE during ova import operation [4.4.10.7-1.0.6] - Forward Port from 4.3 - Handle ova when origin is null and storage disk is block [4.4.10.7-1.0.5] - Forward Port from 4.3 - Remove unnecessary name length restriction for templates. [4.4.10.7-1.0.4] - Port forward - Add hsts response header to httpd conf [4.4.10.7-1.0.3] - Remove memory limit [4.4.10.7-1.0.2] - Fix OS detection [4.4.10.7] - Bump version to 4.4.10.7 [4.4.10.6] - Bump version to 4.4.10.6 [4.4.10.5] - Bump version to 4.4.10.5 [4.4.10.4] - Bump version to 4.4.10.4 [4.4.10.3] - Bump version to 4.4.10.3 [4.4.10.2] - Bump version to 4.4.10.2 [4.4.10.1] - Bump version to 4.4.10.1 [4.4.10] - Bump version to 4.4.10 [4.4.9.2] - Bump version to 4.4.9.2 [4.4.9.1] - Bump version to 4.4.9.1 [4.4.9] - Bump version to 4.4.9 [4.4.8.4] - Bump version to 4.4.8.4 [4.4.8.3] - Bump version to 4.4.8.3 [4.4.8.2] - Bump version to 4.4.8.2 [4.4.8.1] - Bump version to 4.4.8.1 [4.4.8] - Bump version to 4.4.8 [4.4.7.6] - Bump version to 4.4.7.6 [4.4.7.5] - Bump version to 4.4.7.5 [4.4.7.4] - Bump version to 4.4.7.4 [4.4.7.3] - Bump version to 4.4.7.3 [4.4.7.2] - Bump version to 4.4.7.2 [4.4.7.1] - Bump version to 4.4.7.1 [4.4.7] - Bump version to 4.4.7 [4.4.6.6] - Bump version to 4.4.6.6 [4.4.6.5] - Bump version to 4.4.6.5 [4.4.6.4] - Bump version to 4.4.6.4 [4.4.6.3] - Bump version to 4.4.6.3 [4.4.6.2] - Bump version to 4.4.6.2 [4.4.6.1] - Bump version to 4.4.6.1 [4.4.6] - Bump version to 4.4.6 [4.4.5.8] - Bump version to 4.4.5.8 [4.4.5.7] - Bump version to 4.4.5.7 [4.4.5.6] - Bump version to 4.4.5.6 [4.4.5.5] - Bump version to 4.4.5.5 [4.4.5.4] - Bump version to 4.4.5.4 [4.4.5.3] - Bump version to 4.4.5.3 [4.4.5.2] - Bump version to 4.4.5.2 [4.4.5.1] - Bump version to 4.4.5.1 [4.4.5] - Bump version to 4.4.5 [4.4.4.5] - Bump version to 4.4.4.5 [4.4.4.4] - Bump version to 4.4.4.4 [4.4.4.3] - Bump version to 4.4.4.3 [4.4.4.2] - Bump version to 4.4.4.2 [4.4.4.1] - Bump version to 4.4.4.1 [4.4.4] - Bump version to 4.4.4 [4.4.3.11] - Bump version to 4.4.3.11 [4.4.3.10] - Bump version to 4.4.3.10 [4.4.3.9] - Bump version to 4.4.3.9 [4.4.3.8] - Bump version to 4.4.3.8 [4.4.3.7] - Bump version to 4.4.3.7 [4.4.3.6] - Bump version to 4.4.3.6 [4.4.3.5] - Bump version to 4.4.3.5 [4.4.3.4] - Bump version to 4.4.3.4 [4.4.3.3] - Bump version to 4.4.3.3 [4.4.3.2] - Bump version to 4.4.3.2 [4.4.3.1] - Bump version to 4.4.3.1 [4.4.3] - Bump version to 4.4.3 [4.4.2.2] - Bump version to 4.4.2.2 [4.4.2.1] - Bump version to 4.4.2.1 [4.4.2] - Bump version to 4.4.2 [4.4.1.8] - Bump version to 4.4.1.8 [4.4.1.7] - Bump version to 4.4.1.7 [4.4.1.6] - Bump version to 4.4.1.6 [4.4.1.5] - Bump version to 4.4.1.5 [4.4.1.4] - Bump version to 4.4.1.4 [4.4.1.3] - Bump version to 4.4.1.3 [4.4.1.2] - Bump version to 4.4.1.2 [4.4.1.1] - Bump version to 4.4.1.1 [4.4.1] - Bump version to 4.4.1 [4.4.0.3] - Bump version to 4.4.0.3 [4.4.0.2] - Bump version to 4.4.0.2 [4.4.0.1] - Bump version to 4.4.0.1 [4.4.0] - Bump version to 4.4.0 [4.3.2.1] - Bump version to 4.3.2.1 [4.3.2] - Bump version to 4.3.2 [4.3.1.1] - Bump version to 4.3.1.1 [4.3.1] - Bump version to 4.3.1 [4.3.0.4] - Bump version to 4.3.0.4 [4.3.0.3] - Bump version to 4.3.0.3 [4.3.0.2] - Bump version to 4.3.0.2 [4.3.0.1] - Bump version to 4.3.0.1 [4.3.0] - Bump version to 4.3.0 [4.2.8.2] - Bump version to 4.2.8.2 [4.2.8.1] - Bump version to 4.2.8.1 [4.2.8] - Bump version to 4.2.8 [4.2.7.3] - Bump version to 4.2.7.3 [4.2.7.2] - Bump version to 4.2.7.2 [4.2.7.1] - Bump version to 4.2.7.1 [4.2.7] - Bump version to 4.2.7 [4.2.6.4] - Bump version to 4.2.6.4 [4.2.6.3] - Bump version to 4.2.6.3 [4.2.6.2] - Bump version to 4.2.6.2 [4.2.6.1] - Bump version to 4.2.6.1 [4.2.6] - Bump version to 4.2.6 [4.2.5.2] - Bump version to 4.2.5.2 [4.2.5.1] - Bump version to 4.2.5.1 [4.2.5] - Bump version to 4.2.5 [4.2.4.5] - Bump version to 4.2.4.5 [4.2.4.4] - Bump version to 4.2.4.4 [4.2.4.3] - Bump version to 4.2.4.3 [4.2.4.2] - Bump version to 4.2.4.2 [4.2.4.1] - Bump version to 4.2.4.1 [4.2.4] - Bump version to 4.2.4 [4.2.3.3] - Bump version to 4.2.3.3 [4.2.3.2] - Bump version to 4.2.3.2 [4.2.3.1] - Bump version to 4.2.3.1 [4.2.3] - Bump version to 4.2.3 [4.2.2.6] - Bump version to 4.2.2.6 [4.2.2.5] - Bump version to 4.2.2.5 [4.2.2.4] - Bump version to 4.2.2.4 [4.2.2.3] - Bump version to 4.2.2.3 [4.2.2.2] - Bump version to 4.2.2.2 [4.2.2.1] - Bump version to 4.2.2.1 [4.2.2] - Bump version to 4.2.2 [4.2.1.4] - Bump version to 4.2.1.4 [4.2.1.3] - Bump version to 4.2.1.3 [4.2.1.2] - Bump version to 4.2.1.2 [4.2.1.1] - Bump version to 4.2.1.1 [4.2.1] - Bump version to 4.2.1 [4.2.0.2] - Bump version to 4.2.0.2 [4.2.0.1] - Bump version to 4.2.0.1 [4.2.0] - Bump version to 4.2.0 [4.1.0] - Add dependency for ovirt-engine-dashboard. - Bump version to 4.1.0 [4.0.0] - Bump version to 4.0.0 - Dropped Fedora < 22 and EL < 7 support [3.6.0] - Update dependencies and removed legacy provides / requires [3.3.0-1] - Bump version to 3.3.0 [3.2.0-1] - Bump version to 3.2.0 [3.1.0-3] - Removed image uploader, iso uploader, and log collector from this git repo. The are now in their own respective ovirt.org git repos. BZ#803240. [3.1.0-2] - The ovirt-engine spec file did not previously contain a BuildRequires statement for the maven package. As a result in mock environments the build failed with an error when attempting to call the 'mvn' binary - BZ#807761. [3.1.0-1] - Adjust code for Jboss AS 7.1 [3.1.0-1] - Moved all hard coded paths to macros [3.1.0-1] - Initial build - Cloned from RHEVM spec file MODERATE Copyright 2024 Oracle, Inc. CVE-2024-7259 cpe:/a:oracle:linux:8::ovirt44 Oracle Linux 7 [1.45.4-3.0.7] - libext2fs: add sanity check to extent manipulation (Srivathsa Dara) [Orabug: 37095032] {CVE-2022-1304} MODERATE Copyright 2024 Oracle, Inc. CVE-2022-1304 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:linux:7::UEKR5 cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 [1.10.2-7.0.1] - CVE-2024-37891 fix [Orabug: 37085188] MODERATE Copyright 2024 Oracle, Inc. CVE-2024-37891 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 Oracle Linux 9 [5.15.0-300.163.18.1] - vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (Haoran Zhang) [Orabug: 37132350] IMPORTANT Copyright 2024 Oracle, Inc. cpe:/a:oracle:linux:8::UEKR7 cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9::UEKR7 Oracle Linux 7 [1.45.4-3.0.7.el7] - libext2fs: add sanity check to extent manipulation (Srivathsa Dara) [Orabug: 37095032] {CVE-2022-1304} [1.45.4-3.0.5.el7] - e2fsprogs: bump version to 1.45.4-3.0.5 [1.45.4-3.0.5] - Fix missing changelog entries to match the latest RHEL8 packages [1.45.4-3.0.3] - Fix build scripts to generate i386 builds - Re-integrate ext2_types.h multiarch compatibility fixes. [1.45.4-3.0.1] - Integrate patches from the 'upstream' 1.45.4 package. - Fix the version number to match Oracle standards. - Re-integrate the multiarch build kludge from RH. - Enable e2scrub package for OL8 only - Start building newer package for UEK6 [1.45.4-3] - Fix clang warning introduced in previous release (#1783777) [1.45.4-2] - Fix ABI breakage introduced in previous release (#1783777) [1.45.4-1] - Rebase to the release 1.45.4 (#1783777) - provide rhel6/7 compatible fs_type in mke2fs.conf (#1780279) - fix crafted ext4 partition leads to out-of-bounds write (#1768709) - include note about supported rhel8 features and options (#1788573) [1.44.6-3] - Backport fixes from 1.45.2 (#1714927) - Fix errors in rpmdiff (#1714923) [1.44.6-2] - Backport fixes from 1.45.1 [1.44.6-1] - Rebase to the release 1.44.6 (#1695147) - Backport fixes from 1.45.0 - Add gating.yaml (#1679654) [1.44.3-2] - Backport fixes from upstream version 1.44.4 (#1659526) [1.44.3-1] - New upstream release [1.43.8-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [1.43.8-1] - New upstream release - Fix build failure swapfs.c on big-endian [1.43.7-1] - New upstream release [1.43.6-1] - New upstream release [1.43.5-2] - Bump and rebuild for an rpm signing issue [1.43.5-1] - New upstream release [1.43.4-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [1.43.4-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [1.43.4-2] - Add missing MIT macro [1.43.4-1] - New upstream release [1.43.3-1] - New upstream release [1.43.2-1] - New upstream release (broken on i686, not built) [1.43.1-2] - Fix e2undo endian issues (#1344636) [1.43.1-1] - New upstream release [1.42.13-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [1.42.13-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [1.42.13-2] - Add -fno-strict-aliasing (#1211582) [1.42.13-1] - New upstream release [1.42.12-5] - Don't trigger full check within time fudge window (#1202024) [1.42.12-4] - Fix potential buffer overflow in closefs (#1193947, CVE-2015-1572) - Fix dumpe2fs segfault with no arguments (#1194063) - Don't require fsck prior to resize2fs -P (#1170803) [1.42.12-3] - Rebuilt for Fedora 23 Change https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code [1.42.12-2] - Fix use after free (#1192861) - Fix time-based fsck if set in superblock (e2fsck.conf, #963283) [1.42.12-1] - New upstream release [1.42.11-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild [1.42.11-2] - fix license handling [1.42.11-1] - New upstream release [1.42.10-5] - Rebuilt for buggy rpm 4.12 alpha - https://lists.fedoraproject.org/pipermail/devel/2014-June/200633.html [1.42.10-4] - Add missing dependency info for quota.c - fixes build on s390(x) [1.42.10-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [1.42.10-2] - Fix large file handling on 32-bit builds [1.42.10-1] - New upstream release - Enable userspace quota MODERATE Copyright 2024 Oracle, Inc. CVE-2022-1304 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::UEKR5 cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [1.45.4-3.0.7.el7] - libext2fs: add sanity check to extent manipulation (Srivathsa Dara) [Orabug: 37095032] {CVE-2022-1304} MODERATE Copyright 2024 Oracle, Inc. CVE-2022-1304 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::UEKR5 cpe:/a:oracle:linux:7::UEKR6 cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [4.14.35-2047.541.4.1] - vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (Haoran Zhang) [Orabug: 37137499] [4.14.35-2047.541.4] - selftests: make order checking verbose in msg_zerocopy selftest (Zijian Zhang) [Orabug: 37063821] - selftests: fix OOM in msg_zerocopy selftest (Zijian Zhang) [Orabug: 37063821] - Revert 'selftests/net: reap zerocopy completions passed up as ancillary data.' (Harshit Mogalapalli) [Orabug: 37063821] - Revert 'selftests: fix OOM in msg_zerocopy selftest' (Harshit Mogalapalli) [Orabug: 37063821] - Revert 'selftests: make order checking verbose in msg_zerocopy selftest' (Harshit Mogalapalli) [Orabug: 37063821] [4.14.35-2047.541.3] - ALSA: timer: Relax start tick time check for slave timer elements (Takashi Iwai) - driver core: Fix uevent_show() vs driver detach race (Dan Williams) [Orabug: 37029154] {CVE-2024-44952} - VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (David Fernandez Gonzalez) [Orabug: 37037206] {CVE-2024-46738} [4.14.35-2047.541.2] - Revert 'selftests/mm: conform test to TAP format output' (Samasth Norway Ananda) [Orabug: 36997529] - Revert 'selftests/kcmp: Make the test output consistent and clear' (Samasth Norway Ananda) [Orabug: 36997529] [4.14.35-2047.541.1] - LTS version v4.14.351 (Yifei Liu) - i2c: rcar: bring hardware to known state when probing (Wolfram Sang) - nilfs2: fix kernel bug on rename operation of broken directory (Ryusuke Konishi) [Orabug: 36896822] {CVE-2024-41034} - tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() (Eric Dumazet) - libceph: fix race between delayed_work() and ceph_monc_stop() (Ilya Dryomov) [Orabug: 36930130] {CVE-2024-42232} - hpet: Support 32-bit userspace (He Zhe) - USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (Alan Stern) [Orabug: 36896827] {CVE-2024-41035} - usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() (Lee Jones) [Orabug: 36930140] {CVE-2024-42236} - USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k (WangYuli) - USB: serial: option: add Rolling RW350-GL variants (Vanillan Wang) - USB: serial: option: add Netprisma LCUK54 series modules (Mank Wang) - USB: serial: option: add support for Foxconn T99W651 (Slark Xiao) - USB: serial: option: add Fibocom FM350-GL (Bjorn Mork) - USB: serial: option: add Telit FN912 rmnet compositions (Daniele Palmas) - USB: serial: option: add Telit generic core-dump composition (Daniele Palmas) - ARM: davinci: Convert comma to semicolon (Chen Ni) - ppp: reject claimed-as-LCP but actually malformed packets (Dmitry Antipov) [Orabug: 36896857] {CVE-2024-41044} - net: ethernet: lantiq_etop: fix double free in detach (Aleksander Jan Bajkowski) [Orabug: 36896864] {CVE-2024-41046} - net: lantiq_etop: add blank line after declaration (Aleksander Jan Bajkowski) - tcp: fix incorrect undo caused by DSACK of TLP retransmit (Neal Cardwell) - nilfs2: fix incorrect inode allocation from reserved inodes (Ryusuke Konishi) - i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr (Piotr Wojtaszczyk) [Orabug: 36897910] {CVE-2024-42153} - i2c/busses: Convert timers to use timer_setup() (Kees Cook) - i2c: pnx: move header into the driver (Wolfram Sang) - media: dw2102: fix a potential buffer overflow (Mauro Carvalho Chehab) - bnx2x: Fix multiple UBSAN array-index-out-of-bounds (Ghadi Elie Rahme) [Orabug: 36897887] {CVE-2024-42148} - drm/amdgpu/atomfirmware: silence UBSAN warning (Alex Deucher) - drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (Ma Ke) [Orabug: 36897641] {CVE-2024-42101} - fsnotify: Do not generate events for O_PATH file descriptors (Jan Kara) - Bluetooth: Fix incorrect pointer arithmatic in ext_adv_report_evt (Jaganath Kanakkassery) - mm: optimize the redundant loop of mm_update_owner_next() (Jinliang Zheng) - nilfs2: add missing check for inode numbers on directory entries (Ryusuke Konishi) [Orabug: 36897653] {CVE-2024-42104} - nilfs2: fix inode number range checks (Ryusuke Konishi) [Orabug: 36897659] {CVE-2024-42105} - inet_diag: Initialize pad field in struct inet_diag_req_v2 (Shigeru Yoshida) [Orabug: 36897667] {CVE-2024-42106} - selftests: make order checking verbose in msg_zerocopy selftest (Zijian Zhang) - selftests: fix OOM in msg_zerocopy selftest (Zijian Zhang) - selftests/net: reap zerocopy completions passed up as ancillary data. (Sowmini Varadhan) - bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (Sam Sun) [Orabug: 36825249] {CVE-2024-39487} - tcp_metrics: validate source addr length (Jakub Kicinski) [Orabug: 36897917] {CVE-2024-42154} - UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (Neal Cardwell) - s390/pkey: Wipe sensitive data on failure (Holger Dengler) [Orabug: 36897935] {CVE-2024-42157} - jffs2: Fix potential illegal address access in jffs2_free_inode (Wang Yong) [Orabug: 36897698] {CVE-2024-42115} - powerpc/xmon: Check cpu id in commands 'c#', 'dp#' and 'dx#' (Greg Kurz) - orangefs: fix out-of-bounds fsid access (Mike Marshall) [Orabug: 36897838] {CVE-2024-42143} - powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n (Michael Ellerman) - i2c: i801: Annotate apanel_addr as __ro_after_init (Heiner Kallweit) - media: dvb-frontends: tda10048: Fix integer overflow (Ricardo Ribalda) [Orabug: 36897977] {CVE-2024-42223} - media: s2255: Use refcount_t instead of atomic_t for num_channels (Ricardo Ribalda) - media: dvb-frontends: tda18271c2dd: Remove casting during div (Ricardo Ribalda) - net: dsa: mv88e6xxx: Correct check for empty list (Simon Horman) [Orabug: 36897983] {CVE-2024-42224} - Input: ff-core - prefer struct_size over open coded arithmetic (Erick Archer) - firmware: dmi: Stop decoding on broken entry (Jean Delvare) - sctp: prefer struct_size over open coded arithmetic (Erick Archer) - media: dw2102: Don't translate i2c read into write (Michael Bunk) - IB/core: Implement a limit on UMAD receive List (Michael Guralnik) [Orabug: 36897848] {CVE-2024-42145} - media: dvb-usb: dib0700_devices: Add missing release_firmware() (Ricardo Ribalda) - media: dvb: as102-fe: Fix as10x_register_addr packing (Ricardo Ribalda) - LTS version v4.14.350 (Yifei Liu) - SUNRPC: Fix RPC client cleaned up the freed pipefs dentries (felix) [Orabug: 36940548] {CVE-2023-52803} - arm64: dts: rockchip: Add sound-dai-cells for RK3368 (Alex Bee) - tcp: Fix data races around icsk->icsk_af_ops. (Kuniyuki Iwashima) [Orabug: 34719867] {CVE-2022-3566} - ipv6: Fix data races around sk->sk_prot. (Kuniyuki Iwashima) [Orabug: 34719907] {CVE-2022-3567} - ipv6: annotate some data-races around sk->sk_prot (Eric Dumazet) - pwm: stm32: Refuse too small period requests (Uwe Kleine-Konig) - ftruncate: pass a signed offset (Arnd Bergmann) [Orabug: 36897559] {CVE-2024-42084} - batman-adv: Don't accept TT entries for out-of-spec VIDs (Vegard Nossum) - batman-adv: include gfp.h for GFP_* defines (Sven Eckelmann) - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (Ma Ke) [Orabug: 36897381] {CVE-2024-41089} - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (Ma Ke) [Orabug: 36897446] {CVE-2024-41095} - hexagon: fix fadvise64_64 calling conventions (Arnd Bergmann) - tty: mcf: MCF54418 has 10 UARTS (Jean-Michel Hautbois) - usb: atm: cxacru: fix endpoint checking in cxacru_bind() (Nikita Zhandarovich) [Orabug: 36897452] {CVE-2024-41097} - usb: musb: da8xx: fix a resource leak in probe() (Dan Carpenter) - usb: gadget: printer: SS+ support (Oliver Neukum) - net: usb: ax88179_178a: improve link status logs (Jose Ignacio Tornos Martinez) - iio: adc: ad7266: Fix variable checking bug (Fernando Yang) - mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos (Ilpo Jarvinen) - x86: stop playing stack games in profile_pc() (Linus Torvalds) [Orabug: 36897617] {CVE-2024-42096} - i2c: ocores: set IACK bit after core is enabled (Grygorii Tertychnyi) - i2c: ocores: stop transfer on timeout (Federico Vaga) - nvme: fixup comment for nvme RDMA Provider Type (Hannes Reinecke) - soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message (Andrew Davis) - media: dvbdev: Initialize sbuf (Ricardo Ribalda) - ALSA: emux: improve patch ioctl data validation (Oswald Buddenhagen) [Orabug: 36897626] {CVE-2024-42097} - net/iucv: Avoid explicit cpumask var allocation on stack (Dawei Li) [Orabug: 36897609] {CVE-2024-42094} - netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (Pablo Neira Ayuso) [Orabug: 36897501] {CVE-2024-42070} - ASoC: fsl-asoc-card: set priv->pdev before using it (Elinor Montmasson) [Orabug: 36897579] {CVE-2024-42089} - drm/amdgpu: fix UBSAN warning in kv_dpm.c (Alex Deucher) [Orabug: 36835993] {CVE-2024-40987} - pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set (Huang-Huang Bao) - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins (Huang-Huang Bao) - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins (Huang-Huang Bao) - pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (Hagar Hemdan) [Orabug: 36897587] {CVE-2024-42090} - usb: xhci: do not perform Soft Retry for some xHCI hosts (Stanislaw Gruszka) - xhci: Set correct transferred length for cancelled bulk transfers (Mathias Nyman) - xhci: Use soft retry to recover faster from transaction errors (Mathias Nyman) - usb: xhci: Remove ep_trb from xhci_cleanup_halted_endpoint() (Lu Baolu) - scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (Breno Leitao) [Orabug: 36835697] {CVE-2024-40901} - scsi: mpt3sas: Gracefully handle online firmware update (Suganath Prabu) logging macros (Joe Perches) - iio: dac: ad5592r: fix temperature channel scaling value (Marc Ferland) - iio: dac: ad5592r: un-indent code-block for scale read (Alexandru Ardelean) - iio: dac: ad5592r-base: Replace indio_dev->mlock with own device lock (Sergiu Cuciurean) - x86/amd_nb: Check for invalid SMN reads (Yazen Ghannam) - PCI: Add PCI_ERROR_RESPONSE and related definitions (Naveen Naidu) - ARM: dts: samsung: smdk4412: fix keypad no-autorepeat (Krzysztof Kozlowski) - ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat (Krzysztof Kozlowski) - ARM: dts: samsung: smdkv310: fix keypad no-autorepeat (Krzysztof Kozlowski) - gcov: add support for GCC 14 (Peter Oberparleiter) - drm/radeon: fix UBSAN warning in kv_dpm.c (Alex Deucher) [Orabug: 36835998] {CVE-2024-40988} - ACPICA: Revert 'ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.' (Raju Rangoju) - dmaengine: ioatdma: Fix missing kmem_cache_destroy() (Nikita Shubin) - regulator: core: Fix modpost error 'regulator_get_regmap' undefined (Biju Das) - net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings (Oliver Neukum) - virtio_net: checksum offloading handling fix (Heng Qi) - xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (Eric Dumazet) [Orabug: 36835853] {CVE-2024-40959} - netrom: Fix a memory leak in nr_heartbeat_expiry() (Gavrilov Ilia) [Orabug: 36836088] {CVE-2024-41006} - cipso: fix total option length computation (Ondrej Mosnacek) - MIPS: Routerboard 532: Fix vendor retry check code (Ilpo Jarvinen) - udf: udftime: prevent overflow in udf_disk_stamp_to_time() (Roman Smirnov) - udf: Simplify calls to udf_disk_stamp_to_time (Deepa Dinamani) - udf: Sanitize nanoseconds for time stamps (Jan Kara) - usb: misc: uss720: check for incompatible versions of the Belkin F5U002 (Alex Henrie) - powerpc/io: Avoid clang null pointer arithmetic warnings (Michael Ellerman) - powerpc/pseries: Enforce hcall result buffer validity and size (Nathan Lynch) [Orabug: 36835927] {CVE-2024-40974} - scsi: qedi: Fix crash while reading debugfs attribute (Manish Rangankar) [Orabug: 36835948] {CVE-2024-40978} - batman-adv: bypass empty buckets in batadv_purge_orig_ref() (Eric Dumazet) [Orabug: 36835967] {CVE-2024-40981} - rcutorture: Fix rcu_torture_one_read() pipe_count overflow comment (Paul E. McKenney) - usb-storage: alauda: Check whether the media is initialized (Shichao Lai) [Orabug: 36753735] {CVE-2024-38619} - hugetlb_encode.h: fix undefined behaviour (34 << 26) (Matthias Goergens) - mm/hugetlb: add mmap() encodings for 32MB and 512MB page sizes (Anshuman Khandual) - nilfs2: fix potential kernel bug due to lack of writeback flag waiting (Ryusuke Konishi) [Orabug: 36774572] {CVE-2024-37078} - intel_th: pci: Add Lunar Lake support (Alexander Shishkin) - intel_th: pci: Add Meteor Lake-S support (Alexander Shishkin) - intel_th: pci: Add Sapphire Rapids SOC support (Alexander Shishkin) - intel_th: pci: Add Granite Rapids SOC support (Alexander Shishkin) - intel_th: pci: Add Granite Rapids support (Alexander Shishkin) - dmaengine: axi-dmac: fix possible race in remove() (Nuno Sa) - ocfs2: fix races between hole punching and AIO+DIO (Su Yue) [Orabug: 36835818] {CVE-2024-40943} - ocfs2: use coarse time for new created files (Su Yue) - fs/proc: fix softlockup in __read_vmcore (Rik van Riel) - vmci: prevent speculation leaks by sanitizing event in event_deliver() (Hagar Gamal Halim Hemdan) [Orabug: 36835583] {CVE-2024-39499} - drm/exynos/vidi: fix memory leak in .get_modes() (Jani Nikula) [Orabug: 36835787] {CVE-2024-40932} - drivers: core: synchronize really_probe() and dev_uevent() (Dirk Behme) [Orabug: 36835590] {CVE-2024-39501} - net/ipv6: Fix the RT cache flush via sysctl using a previous delay (Petr Pavlu) - ipv6/route: Add a missing check on proc_dointvec (Aditya Pakki) - Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ (Luiz Augusto von Dentz) - tcp: fix race in tcp_v6_syn_recv_sock() (Eric Dumazet) - drm/bridge/panel: Fix runtime warning on panel bridge release (Adam Miotk) - iommu/amd: Fix sysfs leak in iommu init (Kun(llfl)) - HID: core: remove unnecessary WARN_ON() in implement() (Nikita Zhandarovich) [Orabug: 36835690] {CVE-2024-39509} - Input: try trimming too long modalias strings (Dmitry Torokhov) - xhci: Apply broken streams quirk to Etron EJ188 xHCI host (Kuangyi Chiang) - xhci: Apply reset resume quirk to Etron EJ188 xHCI host (Kuangyi Chiang) - jfs: xattr: fix buffer overflow for invalid xattr (Greg Kroah-Hartman) [Orabug: 36835702] {CVE-2024-40902} - mei: me: release irq in mei_me_pci_resume error path (Tomas Winkler) - USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (Alan Stern) [Orabug: 36835710] {CVE-2024-40904} - nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors (Ryusuke Konishi) [Orabug: 36774648] {CVE-2024-39469} - nilfs2: return the mapped address from nilfs_get_page() (Matthew Wilcox (Oracle)) - nilfs2: Remove check for PageError (Matthew Wilcox (Oracle)) - selftests/mm: compaction_test: fix bogus test success on Aarch64 (Dev Jain) - selftests/mm: conform test to TAP format output (Muhammad Usama Anjum) - selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages (Dev Jain) - media: mc: mark the media devnode as registered from the, start (Hans Verkuil) - serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler (Hugo Villeneuve) - serial: sc16is7xx: replace hardcoded divisor value with BIT() macro (Hugo Villeneuve) - usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (Wesley Cheng) [Orabug: 36683256] {CVE-2024-36894} - af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill(). (Kuniyuki Iwashima) - af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen(). (Kuniyuki Iwashima) - af_unix: Use unix_recvq_full_lockless() in unix_stream_connect(). (Kuniyuki Iwashima) - af_unix: Annotate data-race of net->unx.sysctl_max_dgram_qlen. (Kuniyuki Iwashima) - af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG. (Kuniyuki Iwashima) - af_unix: Annotate data-races around sk->sk_state in sendmsg() and recvmsg(). (Kuniyuki Iwashima) - af_unix: Annotate data-races around sk->sk_state in unix_write_space() and poll(). (Kuniyuki Iwashima) - af_unix: Fix data races around sk->sk_shutdown. (Kuniyuki Iwashima) - af_unix: Annotate data-race of sk->sk_state in unix_inq_len(). (Kuniyuki Iwashima) - af_unix: Fix a data-race in unix_dgram_peer_wake_me(). (Kuniyuki Iwashima) - af_unix: ensure POLLOUT on remote close() for connected dgram socket (Jason Baron) - ptp: Fix error message on failed pin verification (Karol Kolacinski) - tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (Jason Xing) - ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (Eric Dumazet) - wifi: iwlwifi: mvm: don't read past the mfuart notifcation (Emmanuel Grumbach) [Orabug: 36835809] {CVE-2024-40941} - wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() (Remi Pommarel) [Orabug: 36835736] {CVE-2024-40912} - wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects (Nicolas Escande) [Orabug: 36835813] {CVE-2024-40942} - tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (Eric Dumazet) [Orabug: 36683297] {CVE-2024-36905} - Revert 'tcp: remove redundant check on tskb' (Vegard Nossum) - Revert 'tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets' (Vegard Nossum) - Revert 'scsi: target: Fix SELinux error when systemd-modules loads the target module' (Vegard Nossum) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2022-3567 CVE-2024-38619 CVE-2024-39469 CVE-2024-39509 CVE-2024-41044 CVE-2024-42157 CVE-2024-42223 CVE-2023-52803 CVE-2024-40904 CVE-2024-40978 CVE-2024-42101 CVE-2024-42106 CVE-2024-46738 CVE-2024-40941 CVE-2024-40974 CVE-2024-41095 CVE-2024-42070 CVE-2024-42089 CVE-2024-42145 CVE-2024-40902 CVE-2024-40981 CVE-2024-41035 CVE-2024-42153 CVE-2024-37078 CVE-2024-40988 CVE-2024-41046 CVE-2024-41097 CVE-2024-42096 CVE-2022-3566 CVE-2024-36905 CVE-2024-39487 CVE-2024-40932 CVE-2024-39501 CVE-2024-41034 CVE-2024-41089 CVE-2024-42104 CVE-2024-44952 CVE-2024-40901 CVE-2024-40959 CVE-2024-42097 CVE-2024-40912 CVE-2024-40943 CVE-2024-42143 CVE-2024-42148 CVE-2024-36894 CVE-2024-40942 CVE-2024-41006 CVE-2024-42084 CVE-2024-42236 CVE-2024-39499 CVE-2024-42090 CVE-2024-42105 CVE-2024-42232 CVE-2024-40987 CVE-2024-42094 CVE-2024-42115 CVE-2024-42154 CVE-2024-42224 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:linux:7::UEKR5 cpe:/a:oracle:linux:7::optional_latest Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.336.5.1] - vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (Haoran Zhang) [Orabug: 37138988] [5.4.17-2136.336.5] - uek-rpm: Add skx_edac_common.ko to nano_modules (Sherry Yang) [Orabug: 37030127] - EDAC, i10nm: make skx_common.o a separate module (Arnd Bergmann) [Orabug: 37030127] - uek-rpm: Integrating the container build in UEK6 (Jack Vogel) [Orabug: 37021061] - i40e: Change user notification of non-SFP module in i40e_get_module_info() (Andrii Staikov) [Orabug: 36988197] - xsigo: Use NAPI in UD/TX flows for xve (Alok Tiwari) [Orabug: 35180168] - xsigo: remove incorrect spin_unlock_irqrestore call in vhba_queuecommand (Alok Tiwari) [Orabug: 35180168] - xsigo: Fix slab-out-of-bounds in vhba_create (Alok Tiwari) [Orabug: 35180168] - xsigo: Fix memory free issue in dma mapping (Alok Tiwari) [Orabug: 35180168] - xsigo: Fix use-after-free n xsvbha for srb *sp (Alok Tiwari) [Orabug: 35180168] - xsigo: Fix mtu setting issue in xve netdev (Alok Tiwari) [Orabug: 35180168] - xsigo: Add struct ib_mad_send_buf to recv_handler (Alok Tiwari) [Orabug: 35180168] - xsigo: Remove tx_outstanding variable from xve xmit (Alok Tiwari) [Orabug: 35180168] - xsigo: Add extack argument to dev_change_flags() (Alok Tiwari) [Orabug: 35180168] - xsigo: Remove compare_data while calling ib_cm_listen() (Alok Tiwari) [Orabug: 35180168] - xsigo: Ignore the return value of 'ib_destroy_cq' (Alok Tiwari) [Orabug: 35180168] - xsigo: Remove sif_verbs header (Alok Tiwari) [Orabug: 35180168] - xsigo: Replace setup_timer with the timer_setup (Alok Tiwari) [Orabug: 35180168] - xsigo: Use ib_ud_wr for xve_dev_priv instread of ib_send_wr (Alok Tiwari) [Orabug: 35180168] - xsigo: Remove return from register event handler (Alok Tiwari) [Orabug: 35180168] - xsigo: Add client_data for struct ib_client remove() (Alok Tiwari) [Orabug: 35180168] - xsigo: Replace dev->trans_start update with helper netif_trans_update (Alok Tiwari) [Orabug: 35180168] - xsigo: Remove usage of net_device last_rx member from xsigo (Alok Tiwari) [Orabug: 35180168] - xsigo: Replace skb_frag page with bv_page in xve (Alok Tiwari) [Orabug: 35180168] - xsigo: Use sg_next() to get the next sg instead of SG_NEXT (Alok Tiwari) [Orabug: 35180168] - xsigo: Rename ib_init_ah_from_path to ib_init_ah_attr_from_path (Alok Tiwari) [Orabug: 35180168] - xsigo: remove pointer dereference for ib_fmr_pool_map_phys (Alok Tiwari) [Orabug: 35180168] - xsigo: ib_fmr_pool_map_phys does not need rargs (Alok Tiwari) [Orabug: 35180168] - xsigo: Remove ib_sg_dma_address() and ib_sg_dma_len() (Alok Tiwari) [Orabug: 35180168] - xsigo: Fix compiling error from xsvbha module (Alok Tiwari) [Orabug: 35180168] - xsigo: Remove sg_copy_buffer from vhba_align (Alok Tiwari) [Orabug: 35180168] - xsigo: Xve, replace .get_settings with ksettings() (Alok Tiwari) [Orabug: 35180168] - xsigo: Remove LRO code from xve module (Alok Tiwari) [Orabug: 35180168] - xsigo: Xsvnic, replace .get_settings with ksettings() (Alok Tiwari) [Orabug: 35180168] - xsigo: Remove LRO code from xsvnic module (Alok Tiwari) [Orabug: 35180168] - xsigo: Change port number from u8 to u32 (Alok Tiwari) [Orabug: 35180168] - xsigo: Use frag->bv_offset in place of page_offset (Alok Tiwari) [Orabug: 35180168] - xsigo: Rename skb_frag_t size to bv_len (Alok Tiwari) [Orabug: 35180168] - xsigo: Fix compiling error due to Constify of ib_cm_event (Alok Tiwari) [Orabug: 35180168] - xsigo: Add the / prefix to xsigo Makefile (Alok Tiwari) [Orabug: 35180168] - xsigo: Assign IB_MGMT_BASE_VERSION for ib_create_send_mad (Alok Tiwari) [Orabug: 35180168] - xsigo: Assign rdma_ctxs and port_num for struct ib_qp_init_attr (Alok Tiwari) [Orabug: 35180168] - xsigo: Use struct ib_cq_init_attr for ib_create_cq() (Alok Tiwari) [Orabug: 35180168] - xsigo: Replace max_sge with max_send_sge for xscore_create_qp (Alok Tiwari) [Orabug: 35180168] - xsigo: Remove ib_get_dma_mr and ib_dereg_mr (Alok Tiwari) [Orabug: 35180168] - xsigo: Replace ib_query_device with callback 'ops.query_device' (Alok Tiwari) [Orabug: 35180168] - xsigo: Replace ib_query_gid with rdma_query_gid (Alok Tiwari) [Orabug: 35180168] - xsigo: Replace ib_modify_cq with rdma_set_cq_moderation (Alok Tiwari) [Orabug: 35180168] - xsigo: Assign path record type rec_type for sa_path_rec (Alok Tiwari) [Orabug: 35180168] - xsigo: Rename ib_sa_path_rec to sa_path_rec (Alok Tiwari) [Orabug: 35180168] - xsigo: Use struct ib_ud_wr ud_wr instead of ib_send_wr (Alok Tiwari) [Orabug: 35180168] - xsigo: Replace struct ib_ah_attr with struct rdma_ah_attr (Alok Tiwari) [Orabug: 35180168] - xsigo: Rename ib_create_ah and ib_destroy_ah (Alok Tiwari) [Orabug: 35180168] - xsigo: Assign const argument for ib_post_send/recv() (Alok Tiwari) [Orabug: 35180168] - uek-rpm: add xsigo module in ol7 and ol8 config file (Alok Tiwari) [Orabug: 35180168] - Revert 'RDMA/core/sa_query: Remove unused function' (Alok Tiwari) [Orabug: 35180168] - xve: arm ud tx cq to generate completion interrupts (Ajaykumar Hotchandani) [Orabug: 28267050] [Orabug: 35180168] - xscore: add dma address check (Zhu Yanjun) [Orabug: 27074085] [Orabug: 35180168] - xsigo: PCA 2.3.1 Compute Node panics in xve_create_arp+430 (Pradeep Gopanapalli) [Orabug: 26474000] [Orabug: 35180168] - xsigo: UEK4-master:poor performance discovering 256 FC LUNs w/4 paths per LUN (Pradeep Gopanapalli) [Orabug: 26199177] [Orabug: 35180168] - xsigo: Compute node crash on FC failover (Pradeep Gopanapalli) [Orabug: 25981973] [Orabug: 35180168] - xsigo: Fix spinlock release in case of error (Pradeep Gopanapalli) [Orabug: 25779803] [Orabug: 35180168] - xsigo: Optimize xsvnic module parameters for UEK4 (Pradeep Gopanapalli) [Orabug: 25779865] [Orabug: 35180168] - xsigo: Fix crash in accessing xve proc l2 entries (Pradeep Gopanapalli) [Orabug: 25165085] [Orabug: 35180168] - xsigo: Fix race in freeing aged Forwarding table entry (Pradeep Gopanapalli) [Orabug: 25129729] [Orabug: 35180168] - xsigo: Schedule while uninterruptible (Pradeep Gopanapalli) [Orabug: 25097469] [Orabug: 35180168] - xsigo: supported SGE's for LSO QP (Pradeep Gopanapalli) [Orabug: 25029868] [Orabug: 35180168] - xsigo: Hardening driver in handling remote QP failures (Pradeep Gopanapalli) [Orabug: 24929076] [Orabug: 35180168] - xsigo: send nack codes (Pradeep Gopanapalli) [Orabug: 24442792] [Orabug: 35180168] - xsigo: xve driver has excessive messages (Pradeep Gopanapalli) [Orabug: 24758335] [Orabug: 35180168] - xsigo: hard LOCKUP in freeing paths (Pradeep Gopanapalli) [Orabug: 24669507] [Orabug: 35180168] - xsigo: Crash in xscore_port_num (Pradeep Gopanapalli) [Orabug: 24760465] [Orabug: 35180168] - xsigo: Resize uVNIC/PVI CQ size (Pradeep Gopanapalli) [Orabug: 24765034] [Orabug: 35180168] - xsigo: Optimizing Transmit completions (Pradeep Gopanapalli) [Orabug: 24928865] [Orabug: 35180168] - xsigo: Implementing Jumbo MTU support (Pradeep Gopanapalli) [Orabug: 24928804] [Orabug: 35180168] - xsigo: EoiB QP support (Pradeep Gopanapalli) [Orabug: 24508359] [Orabug: 35180168] - xsigo: Send Heart Beat Lost Operational state (Pradeep Gopanapalli) [Orabug: 23032392] [Orabug: 35180168] - xsigo: SKB Frag cleanup (Pradeep Gopanapalli) [Orabug: 23514725] [Orabug: 35180168] - xsigo: Tx_tail goes outof bound (Pradeep Gopanapalli) [Orabug: 23514725] [Orabug: 35180168] - xsigo: Fixed Path locking issues (Pradeep Gopanapalli) [Orabug: 23514725] [Orabug: 35180168] - Fixed vnic issue after saturn reset (Pradeep Gopanapalli) [Orabug: 22862488] [Orabug: 35180168] - uvnic issues (Pradeep Gopanapalli) [Orabug: 22862488] [Orabug: 35180168] - Fixed wrongly checked return type Added Debug print (Pradeep Gopanapalli) [Orabug: 22862488] [Orabug: 35180168] - Integrate Uvnic functionality into uek-4.1 Revision 8008 (Pradeep Gopanapalli) [Orabug: 35180168] - 1) S_IRWXU causing kernel soft crash changing to 0644 (Pradeep Gopanapalli) [Orabug: 35180168] - 1) Support vnic for EDR based platform(uVnic) 2) Supported Types now Type 0 (Pradeep Gopanapalli) [Orabug: 35180168] - Add Oracle virtual Networking Drivers for uek4 kernel (Pradeep Gopanapalli) [Orabug: 35180168] [5.4.17-2136.336.4] - igb: Fix not clearing TimeSync interrupts for 82580 (Daiwei Li) - VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (David Fernandez Gonzalez) [Orabug: 37037205] {CVE-2024-46738} - x86/speculation: Basic IBRS is enabled with AMD Automatic IBRS (Alexandre Chartre) [Orabug: 37044540] [5.4.17-2136.336.3] - Compiler Attributes: Add __uninitialized macro (Heiko Carstens) - filelock: Correct the filelock owner in fcntl_setlk/fcntl_setlk64 (Long Li) - ALSA: timer: Relax start tick time check for slave timer elements (Takashi Iwai) - ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 (Parsa Poorshikhian) - LTS tag: v5.4.282 (Sherry Yang) - media: Revert 'media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()' (Sean Young) - ARM: dts: imx6qdl-kontron-samx6i: fix phy-mode (Michael Walle) - nvme/pci: Add APST quirk for Lenovo N60z laptop (WangYuli) - exec: Fix ToCToU between perm check and set-uid/gid usage (Kees Cook) [Orabug: 36984017] {CVE-2024-43882} - media: uvcvideo: Use entity get_cur in uvc_ctrl_set (Yunke Cao) - arm64: cpufeature: Fix the visibility of compat hwcaps (Amit Daniel Kachhap) - drm/i915/gem: Fix Virtual Memory mapping boundaries calculation (Andi Shyti) [Orabug: 36953969] {CVE-2024-42259} - netfilter: nf_tables: prefer nft_chain_validate (Florian Westphal) [Orabug: 36896846] {CVE-2024-41042} - netfilter: nf_tables: use timestamp to check for set element timeout (Pablo Neira Ayuso) [Orabug: 36630432] {CVE-2024-27397} - netfilter: nf_tables: set element extended ACK reporting support (Pablo Neira Ayuso) - kbuild: Fix '-S -c' in x86 stack protector scripts (Nathan Chancellor) - Fix gcc 4.9 build issue in 5.4.y (Jari Ruusu) - drm/mgag200: Set DDC timeout in milliseconds (Thomas Zimmermann) - drm/bridge: analogix_dp: properly handle zero sized AUX transactions (Lucas Stach) - x86/mtrr: Check if fixed MTRRs exist before saving them (Andi Kleen) [Orabug: 37028936] {CVE-2024-44948} - tracing: Fix overflow in get_free_elt() (Tze-nan Wu) [Orabug: 36992998] {CVE-2024-43890} - power: supply: axp288_charger: Round constant_charge_voltage writes down (Hans de Goede) - power: supply: axp288_charger: Fix constant_charge_voltage writes (Hans de Goede) - genirq/irqdesc: Honor caller provided affinity in alloc_desc() (Shay Drory) - serial: core: check uartclk for zero to avoid divide by zero (George Kennedy) [Orabug: 36993009] {CVE-2024-43893} - scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES (Damien Le Moal) - ntp: Safeguard against time_constant overflow (Justin Stitt) - ntp: Clamp maxerror and esterror to operating range (Justin Stitt) - tick/broadcast: Move per CPU pointer access into the atomic section (Thomas Gleixner) [Orabug: 37036032] {CVE-2024-44968} - scsi: ufs: core: Fix hba->last_dme_cmd_tstamp timestamp updating logic (Vamshi Gajjela) - usb: gadget: core: Check for unset descriptor (Chris Wulff) [Orabug: 37028988] {CVE-2024-44960} - USB: serial: debug: do not echo input by default (Marek Marczykowski-Gorecki) - usb: vhci-hcd: Do not drop references before new references are gained (Oliver Neukum) [Orabug: 36992971] {CVE-2024-43883} - ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (Takashi Iwai) - ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (Steven 'Steve' Kendall) - ALSA: line6: Fix racy access to midibuf (Takashi Iwai) [Orabug: 37028957] {CVE-2024-44954} - drm/client: fix null pointer dereference in drm_client_modeset_probe (Ma Ke) [Orabug: 36993014] {CVE-2024-43894} - spi: spi-fsl-lpspi: Fix scldiv calculation (Stefan Wahren) - spi: fsl-lpspi: remove unneeded array (Oleksandr Suvorov) - bpf: kprobe: remove unused declaring of bpf_kprobe_override (Menglong Dong) - i2c: smbus: Send alert notifications to all devices if source not found (Guenter Roeck) - i2c: smbus: Improve handling of stuck alerts (Guenter Roeck) - i2c: smbus: Don't filter out duplicate alerts (Corey Minyard) - arm64: errata: Expand speculative SSBS workaround (again) (Mark Rutland) - arm64: cputype: Add Cortex-A725 definitions (Mark Rutland) - arm64: cputype: Add Cortex-X1C definitions (Mark Rutland) - arm64: errata: Expand speculative SSBS workaround (Mark Rutland) - arm64: errata: Unify speculative SSBS errata logic (Mark Rutland) - arm64: cputype: Add Cortex-X925 definitions (Mark Rutland) - arm64: cputype: Add Cortex-A720 definitions (Mark Rutland) - arm64: cputype: Add Cortex-X3 definitions (Mark Rutland) - arm64: errata: Add workaround for Arm errata 3194386 and 3312417 (Mark Rutland) - arm64: cputype: Add Neoverse-V3 definitions (Mark Rutland) - arm64: cputype: Add Cortex-X4 definitions (Mark Rutland) - arm64: Add Neoverse-V2 part (Besar Wicaksono) - arm64: cpufeature: Force HWCAP to be based on the sysreg visible to user-space (James Morse) - ext4: fix wrong unit use in ext4_mb_find_by_goal (Kemeng Shi) - SUNRPC: Fix a race to wake a sync task (Benjamin Coddington) - s390/sclp: Prevent release of buffer in I/O (Peter Oberparleiter) [Orabug: 37029020] {CVE-2024-44969} - jbd2: avoid memleak in jbd2_journal_write_metadata_buffer (Kemeng Shi) - media: uvcvideo: Fix the bandwdith quirk on USB 3.x (Michal Pecio) - media: uvcvideo: Ignore empty TS packets (Ricardo Ribalda) - drm/amdgpu: Fix the null pointer dereference to ras_manager (Ma Jun) [Orabug: 36993084] {CVE-2024-43908} - btrfs: fix bitmap leak when loading free space cache on duplicate entry (Filipe Manana) - wifi: nl80211: don't give key data to userspace (Johannes Berg) - udf: prevent integer overflow in udf_bitmap_free_blocks() (Roman Smirnov) - PCI: Add Edimax Vendor ID to pci_ids.h (FUJITA Tomonori) - selftests/bpf: Fix send_signal test with nested CONFIG_PARAVIRT (Yonghong Song) - ACPI: SBS: manage alarm sysfs attribute through psy core (Thomas Weissschuh) - ACPI: battery: create alarm sysfs attribute atomically (Thomas Weissschuh) - clocksource/drivers/sh_cmt: Address race condition for clock events (Niklas Soderlund) - md/raid5: avoid BUG_ON() while continue reshape after reassembling (Yu Kuai) [Orabug: 36993127] {CVE-2024-43914} - net: fec: Stop PPS on driver remove (Csokas, Bence) - Bluetooth: l2cap: always unlock channel in l2cap_conless_channel() (Dmitry Antipov) - net: linkwatch: use system_unbound_wq (Eric Dumazet) - net: usb: qmi_wwan: fix memory leak for not ip packets (Daniele Palmas) [Orabug: 36983959] {CVE-2024-43861} - sctp: Fix null-ptr-deref in reuseport_add_sock(). (Kuniyuki Iwashima) [Orabug: 36993147] {CVE-2024-44935} - sctp: move hlist_node and hashent out of sctp_ep_common (Xin Long) - x86/mm: Fix pti_clone_pgtable() alignment assumption (Peter Zijlstra) [Orabug: 37029012] {CVE-2024-44965} - irqchip/mbigen: Fix mbigen node address layout (Yipeng Zou) - genirq: Allow irq_chip registration functions to take a const irq_chip (Marc Zyngier) - netfilter: ipset: Add list flush to cancel_gc (Alexander Maltsev) - net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (Ma Ke) - ALSA: usb-audio: Correct surround channels in UAC1 channel map (Takashi Iwai) - protect the fetch of ->fd[fd] in do_dup2() from mispredictions (Al Viro) [Orabug: 36963808] {CVE-2024-42265} - HID: wacom: Modify pen IDs (Tatsunosuke Tobita) - ipv6: fix ndisc_is_useropt() handling for PIO (Maciej Zenczykowski) - net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys (Shahar Shitrit) - net/iucv: fix use after free in iucv_sock_close() (Alexandra Winter) [Orabug: 36964006] {CVE-2024-42271} - drm/vmwgfx: Fix overlay when using Screen Targets (Ian Forbes) - drm/nouveau: prime: fix refcount underflow (Danilo Krummrich) [Orabug: 36983979] {CVE-2024-43867} - remoteproc: imx_rproc: Skip over memory region when node value is NULL (Aleksandr Mishin) [Orabug: 36964537] {CVE-2024-43860} - remoteproc: imx_rproc: Fix ignoring mapping vdev regions (Dong Aisheng) - remoteproc: imx_rproc: ignore mapping vdev regions (Peng Fan) - irqchip/imx-irqsteer: Handle runtime power management correctly (Shenwei Wang) [Orabug: 36964085] {CVE-2024-42290} - irqchip/imx-irqsteer: Add runtime PM support (Lucas Stach) - irqchip/imx-irqsteer: Constify irq_chip struct (Lucas Stach) - genirq: Allow the PM device to originate from irq domain (Marc Zyngier) - devres: Fix memory leakage caused by driver API devm_free_percpu() (Zijun Hu) [Orabug: 36983991] {CVE-2024-43871} - driver core: Cast to (void *) with __force for __percpu pointer (Andy Shevchenko) - dev/parport: fix the array out-of-bounds risk (tuhaowen) [Orabug: 36964223] {CVE-2024-42301} - parport: Standardize use of printmode (Joe Perches) to pr_<level>( (Joe Perches) - PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio (Manivannan Sadhasivam) - PCI: rockchip: Make 'ep-gpios' DT property optional (Chen-Yu Tsai) - mm: avoid overflows in dirty throttling logic (Jan Kara) [Orabug: 36897803] {CVE-2024-42131} - nvme-pci: add missing condition check for existence of mapped data (Leon Romanovsky) [Orabug: 36964022] {CVE-2024-42276} - ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is reachable (Pierre-Louis Bossart) - ASoC: Intel: Move soc_intel_is_foo() helpers to a generic header (Hans de Goede) - ASoC: Intel: Convert to new X86 CPU match macros (Thomas Gleixner) - powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() (Al Viro) - apparmor: Fix null pointer deref when receiving skb during sock creation (Xiao Liang) - mISDN: Fix a use after free in hfcmulti_tx() (Dan Carpenter) [Orabug: 36964032] {CVE-2024-42280} - bpf: Fix a segment issue when downgrading gso_size (Fred Li) [Orabug: 36964038] {CVE-2024-42281} - net: nexthop: Initialize all fields in dumped nexthops (Petr Machata) [Orabug: 36964044] {CVE-2024-42283} - tipc: Return non-zero value from tipc_udp_addr2str() on error (Shigeru Yoshida) [Orabug: 36964047] {CVE-2024-42284} - net: bonding: correctly annotate RCU in bond_should_notify_peers() (Johannes Berg) - ipv4: Fix incorrect source address in Record Route option (Ido Schimmel) - MIPS: SMP-CPS: Fix address for GCR_ACCESS register for CM3 and later (Gregory CLEMENT) - dma: fix call order in dmam_free_coherent (Lance Richardson) [Orabug: 36964523] {CVE-2024-43856} - libbpf: Fix no-args func prototype BTF dumping syntax (Andrii Nakryiko) - um: time-travel: fix time-travel-start option (Johannes Berg) - jfs: Fix array-index-out-of-bounds in diFree (Jeongjun Park) [Orabug: 36964530] {CVE-2024-43858} - kdb: address -Wformat-security warnings (Arnd Bergmann) - nilfs2: handle inconsistent state in nilfs_btnode_create_block() (Ryusuke Konishi) [Orabug: 36964203] {CVE-2024-42295} - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 (WangYuli) - Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables (Hilda Wu) - rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings (Ilya Dryomov) - rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (Ilya Dryomov) - drm/panfrost: Mark simple_ondemand governor as softdep (Dragan Simic) - rbd: don't assume rbd_is_lock_owner() for exclusive mappings (Ilya Dryomov) - selftests/sigaltstack: Fix ppc64 GCC build (Michael Ellerman) - RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (Bart Van Assche) [Orabug: 36964054] {CVE-2024-42285} - platform: mips: cpu_hwmon: Disable driver on unsupported hardware (Jiaxun Yang) - watchdog/perf: properly initialize the turbo mode timestamp and rearm counter (Thomas Gleixner) - rtc: isl1208: Fix return value of nvmem callbacks (Joy Chakraborty) - perf/x86/intel/pt: Fix a topa_entry base address calculation (Adrian Hunter) - perf/x86/intel/pt: Fix topa_entry base length (Marco Cavenati) - scsi: qla2xxx: validate nvme_local_port correctly (Nilesh Javali) [Orabug: 36964059] {CVE-2024-42286} - scsi: qla2xxx: Complete command early within lock (Shreyas Deodhar) [Orabug: 36964065] {CVE-2024-42287} - scsi: qla2xxx: Fix for possible memory corruption (Shreyas Deodhar) [Orabug: 36964070] {CVE-2024-42288} - scsi: qla2xxx: During vport delete send async logout explicitly (Manish Rangankar) [Orabug: 36964080] {CVE-2024-42289} - rtc: cmos: Fix return value of nvmem callbacks (Joy Chakraborty) - kobject_uevent: Fix OOB access within zap_modalias_env() (Zijun Hu) [Orabug: 36964092] {CVE-2024-42292} - decompress_bunzip2: fix rare decompression failure (Ross Lagerwall) - ubi: eba: properly rollback inside self_check_eba (Fedor Pchelkin) - clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use (Bastien Curutchet) - f2fs: fix to don't dirty inode for readonly filesystem (Chao Yu) [Orabug: 36964213] {CVE-2024-42297} - scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds (Saurav Kashyap) - binder: fix hang of unregistered readers (Carlos Llamas) - PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (Wei Liu) - hwrng: amd - Convert PCIBIOS_* return codes to errnos (Ilpo Jarvinen) - tools/memory-model: Fix bug in lock.cat (Alan Stern) - leds: ss4200: Convert PCIBIOS_* return codes to errnos (Ilpo Jarvinen) - wifi: mwifiex: Fix interface type change (Rafael Beims) - ext4: make sure the first directory block is not a hole (Baokun Li) [Orabug: 36964232] {CVE-2024-42304} - ext4: check dot and dotdot of dx_root before making dir indexed (Baokun Li) [Orabug: 36964237] {CVE-2024-42305} - m68k: amiga: Turn off Warp1260 interrupts during boot (Paolo Pisati) - udf: Avoid using corrupted block bitmap buffer (Jan Kara) [Orabug: 36964242] {CVE-2024-42306} - drm/amd/display: Check for NULL pointer (Sung Joon Kim) [Orabug: 36964247] {CVE-2024-42308} - drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (Ma Ke) [Orabug: 36964253] {CVE-2024-42309} - drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (Ma Ke) [Orabug: 36964260] {CVE-2024-42310} - hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (Chao Yu) [Orabug: 36964265] {CVE-2024-42311} - media: venus: fix use after free in vdec_close (Dikshita Agarwal) [Orabug: 36964275] {CVE-2024-42313} - char: tpm: Fix possible memory leak in tpm_bios_measurements_open() (Joe Hattori) - ipv6: take care of scope when choosing the src addr (Nicolas Dichtel) - af_packet: Handle outgoing VLAN packets without hardware offloading (Chengen Du) - net: netconsole: Disable target before netpoll cleanup (Breno Leitao) - tick/broadcast: Make takeover of broadcast hrtimer reliable (Yu Liao) - rtc: interface: Add RTC offset to alarm after fix-up (Csokas, Bence) - nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro (Ryusuke Konishi) - fs/nilfs2: remove some unused macros to tame gcc (Alex Shi) - pinctrl: freescale: mxs: Fix refcount of child (Peng Fan) - netfilter: ctnetlink: use helper function to calculate expect ID (Pablo Neira Ayuso) [Orabug: 37013755] {CVE-2024-44944} - bnxt_re: Fix imm_data endianness (Jack Wang) - macintosh/therm_windtunnel: fix module unload. (Nick Bowler) - powerpc/xmon: Fix disassembly CPU feature checks (Michael Ellerman) - Input: elan_i2c - do not leave interrupt disabled on suspend failure (Dmitry Torokhov) - RDMA/device: Return error earlier if port in not valid (Leon Romanovsky) - mtd: make mtd_test.c a separate module (Arnd Bergmann) - ASoC: max98088: Check for clk_prepare_enable() error (Chen Ni) - RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs (Honggang LI) - RDMA/mlx4: Fix truncated output warning in alias_GUID.c (Leon Romanovsky) - RDMA/mlx4: Fix truncated output warning in mad.c (Leon Romanovsky) - Input: qt1050 - handle CHIP_ID reading error (Andrei Lalaev) - PCI: Fix resource double counting on remove & rescan (Ilpo Jarvinen) - SUNRPC: Fixup gss_status tracepoint error output (Benjamin Coddington) - sparc64: Fix incorrect function signature and add prototype for prom_cif_init (Andreas Larsson) - ext4: avoid writing unitialized memory to disk in EA inodes (Jan Kara) - SUNRPC: avoid soft lockup when transmitting UDP to reachable server. (NeilBrown) - mfd: omap-usb-tll: Use struct_size to allocate tll (Javier Carrasco) - drm/qxl: Add check for drm_cvt_mode (Chen Ni) [Orabug: 36964456] {CVE-2024-43829} - drm/etnaviv: fix DMA direction handling for cached RW buffers (Lucas Stach) - perf report: Fix condition in sort__sym_cmp() (Namhyung Kim) - leds: trigger: Unregister sysfs attributes before calling deactivate() (Hans de Goede) [Orabug: 36964459] {CVE-2024-43830} - media: renesas: vsp1: Store RPF partition configuration per RPF instance (Laurent Pinchart) - media: renesas: vsp1: Fix _irqsave and _irq mix (Laurent Pinchart) - media: uvcvideo: Override default flags (Daniel Schaefer) - media: uvcvideo: Allow entity-defined get_info and get_cur (Ricardo Ribalda) - saa7134: Unchecked i2c_transfer function result fixed (Aleksandr Burakov) - media: imon: Fix race getting ictx->lock (Ricardo Ribalda) - media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() (Zheng Yejian) - USB: move snd_usb_pipe_sanity_check into the USB core (Greg Kroah-Hartman) - selftests: forwarding: devlink_lib: Wait for udev events after reloading (Amit Cohen) - bna: adjust 'name' buf size of bna_tcb and bna_ccb structures (Alexey Kodanev) [Orabug: 36964480] {CVE-2024-43839} - wifi: virt_wifi: don't use strlen() in const context (Johannes Berg) - gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey (Gaosheng Cui) - wifi: virt_wifi: avoid reporting connection success with wrong SSID (En-Wei Wu) [Orabug: 36964487] {CVE-2024-43841} - qed: Improve the stack space of filter_config() (Shai Malin) - perf: Prevent passing zero nr_pages to rb_alloc_aux() (Adrian Hunter) - perf: Fix perf_aux_size() for greater-than 32-bit size (Adrian Hunter) - perf/x86/intel/pt: Fix pt_topa_entry_for_page() address calculation (Adrian Hunter) - netfilter: nf_tables: rise cap on SELinux secmark context (Pablo Neira Ayuso) - net: fec: Fix FEC_ECR_EN1588 being cleared on link-down (Csokas, Bence) - net: fec: Refactor: #define magic constants (Csokas Bence) - wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (Baochen Qiang) [Orabug: 36984010] {CVE-2024-43879} - wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() (Baochen Qiang) - mlxsw: spectrum_acl_erp: Fix object nesting warning (Ido Schimmel) [Orabug: 36984013] {CVE-2024-43880} - lib: objagg: Fix general protection fault (Ido Schimmel) [Orabug: 36964495] {CVE-2024-43846} - selftests/bpf: Check length of recv in test_sockmap (Geliang Tang) - net/smc: set rmb's SG_MAX_SINGLE_ALLOC limitation only when CONFIG_ARCH_NO_SG_CHAIN is defined (Guangguan Wang) - net/smc: Allow SMC-D 1MB DMB allocations (Stefan Raspl) - wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device (Samasth Norway Ananda) - firmware: turris-mox-rwtm: Initialize completion before mailbox (Marek Behun) - firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() (Marek Behun) - m68k: cmpxchg: Fix return value for default case in __arch_xchg() (Thorsten Blum) - x86/xen: Convert comma to semicolon (Chen Ni) - m68k: atari: Fix TT bootup freeze / unexpected (SCU) interrupt messages (Eero Tamminen) - arm64: dts: amlogic: gx: correct hdmi clocks (Jerome Brunet) - arm64: dts: mediatek: mt7622: fix 'emmc' pinctrl mux (Rafal Milecki) - ARM: dts: imx6qdl-kontron-samx6i: fix PCIe reset polarity (Michael Walle) - ARM: dts: imx6qdl-kontron-samx6i: fix board reset (Michael Walle) - ARM: dts: imx6qdl-kontron-samx6i: fix PHY reset (Michael Walle) - ARM: dts: imx6qdl-kontron-samx6i: move phy reset into phy-node (Marco Felsch) - arm64: dts: rockchip: Increase VOP clk rate on RK3328 (Jonas Karlman) - arm64: dts: qcom: msm8996: specify UFS core_clk frequencies (Dmitry Baryshkov) - arm64: dts: qcom: sdm845: add power-domain to UFS PHY (Dmitry Baryshkov) - hwmon: (max6697) Fix swapped temp{1,8} critical alarms (Guenter Roeck) - hwmon: (max6697) Fix underflow when writing limit attributes (Guenter Roeck) - pwm: stm32: Always do lazy disabling (Uwe Kleine-Konig) - hwmon: (adt7475) Fix default duty on fan is disabled (Wayne Tung) - x86/platform/iosf_mbi: Convert PCIBIOS_* return codes to errnos (Ilpo Jarvinen) - x86/pci/xen: Fix PCIBIOS_* return code handling (Ilpo Jarvinen) - x86/pci/intel_mid_pci: Fix PCIBIOS_* return code handling (Ilpo Jarvinen) - x86/of: Return consistent error type from x86_of_pci_irq_enable() (Ilpo Jarvinen) - hfsplus: fix to avoid false alarm of circular locking (Chao Yu) - platform/chrome: cros_ec_debugfs: fix wrong EC message version (Tzung-Bi Shih) - LTS tag: v5.4.281 (Sherry Yang) - tap: add missing verification for short frame (Si-Wei Liu) [Orabug: 36660755] {CVE-2024-41090} - tun: add missing verification for short frame (Dongli Zhang) [Orabug: 36660755] {CVE-2024-41091} - filelock: Fix fcntl/close race recovery compat path (Jann Horn) [Orabug: 36896789] {CVE-2024-41020} {CVE-2024-41012} - ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 (Edson Juliano Drosdeck) - jfs: don't walk off the end of ealist (lei lu) [Orabug: 36891667] {CVE-2024-41017} - ocfs2: add bounds checking to ocfs2_check_dir_entry() (lei lu) [Orabug: 36891655] {CVE-2024-41015} - ACPI: processor_idle: Fix invalid comparison with insertion sort for latency (Kuan-Wei Chiu) - ARM: 9324/1: fix get_user() broken with veneer (Masahiro Yamada) - hfsplus: fix uninit-value in copy_name (Edward Adam Davis) [Orabug: 36896969] {CVE-2024-41059} - selftests/vDSO: fix clang build errors and warnings (John Hubbard) - spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices (Uwe Kleine-Konig) - fs: better handle deep ancestor chains in is_subdir() (Christian Brauner) - Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (Tetsuo Handa) [Orabug: 36896994] {CVE-2024-41063} - scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed (Xingui Yang) - powerpc/eeh: avoid possible crash when edev->pdev changes (Ganesh Goudar) [Orabug: 36897003] {CVE-2024-41064} - powerpc/pseries: Whitelist dtl slub object for copying to userspace (Anjali K) [Orabug: 36897009] {CVE-2024-41065} - net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() (Yunshui Jiang) - net: usb: qmi_wwan: add Telit FN912 compositions (Daniele Palmas) - ALSA: dmaengine_pcm: terminate dmaengine before synchronize (Shengjiu Wang) - s390/sclp: Fix sclp_init() cleanup on failure (Heiko Carstens) [Orabug: 36897032] {CVE-2024-41068} - can: kvaser_usb: fix return value for hif_usb_send_regout (Chen Ni) - ASoC: ti: omap-hdmi: Fix too long driver name (Primoz Fiser) - ASoC: ti: davinci-mcasp: Set min period size using FIFO config (Jai Luthra) - bytcr_rt5640 : inverse jack detect for Archos 101 cesium (Thomas GENTY) - Input: elantech - fix touchpad state on resume for Lenovo N24 (Jonathan Denose) - mips: fix compat_sys_lseek syscall (Arnd Bergmann) - ALSA: hda/realtek: Add more codec ID to no shutup pins list (Kailang Yang) - KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (Michael Ellerman) [Orabug: 36897048] {CVE-2024-41070} - wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (Dmitry Antipov) [Orabug: 36897312] {CVE-2024-41072} - mei: demote client disconnect warning on suspend to debug (Alexander Usyskin) - fs/file: fix the check in find_next_fd() (Yuntao Wang) - kconfig: remove wrong expr_trans_bool() (Masahiro Yamada) - kconfig: gconf: give a proper initial state to the Save button (Masahiro Yamada) - ila: block BH in ila_output() (Eric Dumazet) [Orabug: 36897360] {CVE-2024-41081} - Input: silead - Always support 10 fingers (Hans de Goede) - wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() (Dmitry Antipov) - wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata (Nicolas Escande) - ACPI: EC: Avoid returning AE_OK on errors in address space handler (Armin Wolf) - ACPI: EC: Abort address space access upon error (Armin Wolf) - scsi: qedf: Set qed_slowpath_params to zero before use (Saurav Kashyap) - filelock: Remove locks reliably when fcntl/close race is detected (Jann Horn) [Orabug: 36874758] {CVE-2024-41012} {CVE-2024-41020} - gcc-plugins: Rename last_stmt() for GCC 14+ (Kees Cook) [5.4.17-2136.336.2] - mm: Only enable HVO under UEK6 for Exadata system (Jane Chu) [Orabug: 36990830] - mm: delete redundent old PageCompound() macro (Jane Chu) [Orabug: 36990830] [5.4.17-2136.336.1] - mm/hwpoison: put page in already hwpoisoned case with MF_COUNT_INCREASED (Naoya Horiguchi) [Orabug: 36947110] - mm/memory-failure: send SIGBUS in the event of thp split fail (Jane Chu) [Orabug: 36947110] - mm/memory-failure: move hwpoison_filter() higher up (Jane Chu) [Orabug: 36947110] - mm/memory-failure: improve memory failure action_result messages (Jane Chu) [Orabug: 36947110] - mm/madvise: add MF_ACTION_REQUIRED to madvise(MADV_HWPOISON) (Jane Chu) [Orabug: 36947110] - mm/memory-failure: try to send SIGBUS even if unmap failed (Jane Chu) [Orabug: 36947110] - mm: memory-failure: cleanup try_to_split_thp_page() (Kefeng Wang) [Orabug: 36947110] - mm,hwpoison: introduce MF_MSG_UNSPLIT_THP (Naoya Horiguchi) [Orabug: 36947110] - KVM/x86: Do not clear SIPI while in SMM (Boris Ostrovsky) [Orabug: 36401960] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-44944 CVE-2024-41012 CVE-2024-42289 CVE-2024-43880 CVE-2024-42265 CVE-2024-42280 CVE-2024-42283 CVE-2024-27397 CVE-2024-41068 CVE-2024-42284 CVE-2024-43830 CVE-2024-43839 CVE-2024-43846 CVE-2024-43871 CVE-2024-43883 CVE-2024-44935 CVE-2024-44948 CVE-2024-42288 CVE-2024-42313 CVE-2024-43829 CVE-2024-43861 CVE-2024-43914 CVE-2024-44960 CVE-2024-44965 CVE-2024-44969 CVE-2024-41072 CVE-2024-41090 CVE-2024-42292 CVE-2024-43841 CVE-2024-43867 CVE-2024-43890 CVE-2024-43894 CVE-2024-46738 CVE-2024-41070 CVE-2024-42131 CVE-2024-42271 CVE-2024-42285 CVE-2024-42297 CVE-2024-43856 CVE-2024-41065 CVE-2024-41081 CVE-2024-42259 CVE-2024-42276 CVE-2024-42290 CVE-2024-42301 CVE-2024-42311 CVE-2024-43858 CVE-2024-44954 CVE-2024-41063 CVE-2024-41064 CVE-2024-41091 CVE-2024-42287 CVE-2024-42306 CVE-2024-42308 CVE-2024-43893 CVE-2024-43908 CVE-2024-42286 CVE-2024-42309 CVE-2024-44968 CVE-2024-41015 CVE-2024-41020 CVE-2024-42305 CVE-2024-43860 CVE-2024-41059 CVE-2024-42295 CVE-2024-42304 CVE-2024-41017 CVE-2024-42310 CVE-2024-41042 CVE-2024-42281 CVE-2024-43879 CVE-2024-43882 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:10:baseos_patch cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.336.5.1] - vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (Haoran Zhang) [Orabug: 37138988] [5.4.17-2136.336.5] - uek-rpm: Add skx_edac_common.ko to nano_modules (Sherry Yang) [Orabug: 37030127] - EDAC, i10nm: make skx_common.o a separate module (Arnd Bergmann) [Orabug: 37030127] - uek-rpm: Integrating the container build in UEK6 (Jack Vogel) [Orabug: 37021061] - i40e: Change user notification of non-SFP module in i40e_get_module_info() (Andrii Staikov) [Orabug: 36988197] - xsigo: Use NAPI in UD/TX flows for xve (Alok Tiwari) [Orabug: 35180168] - xsigo: remove incorrect spin_unlock_irqrestore call in vhba_queuecommand (Alok Tiwari) [Orabug: 35180168] - xsigo: Fix slab-out-of-bounds in vhba_create (Alok Tiwari) [Orabug: 35180168] - xsigo: Fix memory free issue in dma mapping (Alok Tiwari) [Orabug: 35180168] - xsigo: Fix use-after-free n xsvbha for srb *sp (Alok Tiwari) [Orabug: 35180168] - xsigo: Fix mtu setting issue in xve netdev (Alok Tiwari) [Orabug: 35180168] - xsigo: Add struct ib_mad_send_buf to recv_handler (Alok Tiwari) [Orabug: 35180168] - xsigo: Remove tx_outstanding variable from xve xmit (Alok Tiwari) [Orabug: 35180168] - xsigo: Add extack argument to dev_change_flags() (Alok Tiwari) [Orabug: 35180168] - xsigo: Remove compare_data while calling ib_cm_listen() (Alok Tiwari) [Orabug: 35180168] - xsigo: Ignore the return value of 'ib_destroy_cq' (Alok Tiwari) [Orabug: 35180168] - xsigo: Remove sif_verbs header (Alok Tiwari) [Orabug: 35180168] - xsigo: Replace setup_timer with the timer_setup (Alok Tiwari) [Orabug: 35180168] - xsigo: Use ib_ud_wr for xve_dev_priv instread of ib_send_wr (Alok Tiwari) [Orabug: 35180168] - xsigo: Remove return from register event handler (Alok Tiwari) [Orabug: 35180168] - xsigo: Add client_data for struct ib_client remove() (Alok Tiwari) [Orabug: 35180168] - xsigo: Replace dev->trans_start update with helper netif_trans_update (Alok Tiwari) [Orabug: 35180168] - xsigo: Remove usage of net_device last_rx member from xsigo (Alok Tiwari) [Orabug: 35180168] - xsigo: Replace skb_frag page with bv_page in xve (Alok Tiwari) [Orabug: 35180168] - xsigo: Use sg_next() to get the next sg instead of SG_NEXT (Alok Tiwari) [Orabug: 35180168] - xsigo: Rename ib_init_ah_from_path to ib_init_ah_attr_from_path (Alok Tiwari) [Orabug: 35180168] - xsigo: remove pointer dereference for ib_fmr_pool_map_phys (Alok Tiwari) [Orabug: 35180168] - xsigo: ib_fmr_pool_map_phys does not need rargs (Alok Tiwari) [Orabug: 35180168] - xsigo: Remove ib_sg_dma_address() and ib_sg_dma_len() (Alok Tiwari) [Orabug: 35180168] - xsigo: Fix compiling error from xsvbha module (Alok Tiwari) [Orabug: 35180168] - xsigo: Remove sg_copy_buffer from vhba_align (Alok Tiwari) [Orabug: 35180168] - xsigo: Xve, replace .get_settings with ksettings() (Alok Tiwari) [Orabug: 35180168] - xsigo: Remove LRO code from xve module (Alok Tiwari) [Orabug: 35180168] - xsigo: Xsvnic, replace .get_settings with ksettings() (Alok Tiwari) [Orabug: 35180168] - xsigo: Remove LRO code from xsvnic module (Alok Tiwari) [Orabug: 35180168] - xsigo: Change port number from u8 to u32 (Alok Tiwari) [Orabug: 35180168] - xsigo: Use frag->bv_offset in place of page_offset (Alok Tiwari) [Orabug: 35180168] - xsigo: Rename skb_frag_t size to bv_len (Alok Tiwari) [Orabug: 35180168] - xsigo: Fix compiling error due to Constify of ib_cm_event (Alok Tiwari) [Orabug: 35180168] - xsigo: Add the / prefix to xsigo Makefile (Alok Tiwari) [Orabug: 35180168] - xsigo: Assign IB_MGMT_BASE_VERSION for ib_create_send_mad (Alok Tiwari) [Orabug: 35180168] - xsigo: Assign rdma_ctxs and port_num for struct ib_qp_init_attr (Alok Tiwari) [Orabug: 35180168] - xsigo: Use struct ib_cq_init_attr for ib_create_cq() (Alok Tiwari) [Orabug: 35180168] - xsigo: Replace max_sge with max_send_sge for xscore_create_qp (Alok Tiwari) [Orabug: 35180168] - xsigo: Remove ib_get_dma_mr and ib_dereg_mr (Alok Tiwari) [Orabug: 35180168] - xsigo: Replace ib_query_device with callback 'ops.query_device' (Alok Tiwari) [Orabug: 35180168] - xsigo: Replace ib_query_gid with rdma_query_gid (Alok Tiwari) [Orabug: 35180168] - xsigo: Replace ib_modify_cq with rdma_set_cq_moderation (Alok Tiwari) [Orabug: 35180168] - xsigo: Assign path record type rec_type for sa_path_rec (Alok Tiwari) [Orabug: 35180168] - xsigo: Rename ib_sa_path_rec to sa_path_rec (Alok Tiwari) [Orabug: 35180168] - xsigo: Use struct ib_ud_wr ud_wr instead of ib_send_wr (Alok Tiwari) [Orabug: 35180168] - xsigo: Replace struct ib_ah_attr with struct rdma_ah_attr (Alok Tiwari) [Orabug: 35180168] - xsigo: Rename ib_create_ah and ib_destroy_ah (Alok Tiwari) [Orabug: 35180168] - xsigo: Assign const argument for ib_post_send/recv() (Alok Tiwari) [Orabug: 35180168] - uek-rpm: add xsigo module in ol7 and ol8 config file (Alok Tiwari) [Orabug: 35180168] - Revert 'RDMA/core/sa_query: Remove unused function' (Alok Tiwari) [Orabug: 35180168] - xve: arm ud tx cq to generate completion interrupts (Ajaykumar Hotchandani) [Orabug: 28267050] [Orabug: 35180168] - xscore: add dma address check (Zhu Yanjun) [Orabug: 27074085] [Orabug: 35180168] - xsigo: PCA 2.3.1 Compute Node panics in xve_create_arp+430 (Pradeep Gopanapalli) [Orabug: 26474000] [Orabug: 35180168] - xsigo: UEK4-master:poor performance discovering 256 FC LUNs w/4 paths per LUN (Pradeep Gopanapalli) [Orabug: 26199177] [Orabug: 35180168] - xsigo: Compute node crash on FC failover (Pradeep Gopanapalli) [Orabug: 25981973] [Orabug: 35180168] - xsigo: Fix spinlock release in case of error (Pradeep Gopanapalli) [Orabug: 25779803] [Orabug: 35180168] - xsigo: Optimize xsvnic module parameters for UEK4 (Pradeep Gopanapalli) [Orabug: 25779865] [Orabug: 35180168] - xsigo: Fix crash in accessing xve proc l2 entries (Pradeep Gopanapalli) [Orabug: 25165085] [Orabug: 35180168] - xsigo: Fix race in freeing aged Forwarding table entry (Pradeep Gopanapalli) [Orabug: 25129729] [Orabug: 35180168] - xsigo: Schedule while uninterruptible (Pradeep Gopanapalli) [Orabug: 25097469] [Orabug: 35180168] - xsigo: supported SGE's for LSO QP (Pradeep Gopanapalli) [Orabug: 25029868] [Orabug: 35180168] - xsigo: Hardening driver in handling remote QP failures (Pradeep Gopanapalli) [Orabug: 24929076] [Orabug: 35180168] - xsigo: send nack codes (Pradeep Gopanapalli) [Orabug: 24442792] [Orabug: 35180168] - xsigo: xve driver has excessive messages (Pradeep Gopanapalli) [Orabug: 24758335] [Orabug: 35180168] - xsigo: hard LOCKUP in freeing paths (Pradeep Gopanapalli) [Orabug: 24669507] [Orabug: 35180168] - xsigo: Crash in xscore_port_num (Pradeep Gopanapalli) [Orabug: 24760465] [Orabug: 35180168] - xsigo: Resize uVNIC/PVI CQ size (Pradeep Gopanapalli) [Orabug: 24765034] [Orabug: 35180168] - xsigo: Optimizing Transmit completions (Pradeep Gopanapalli) [Orabug: 24928865] [Orabug: 35180168] - xsigo: Implementing Jumbo MTU support (Pradeep Gopanapalli) [Orabug: 24928804] [Orabug: 35180168] - xsigo: EoiB QP support (Pradeep Gopanapalli) [Orabug: 24508359] [Orabug: 35180168] - xsigo: Send Heart Beat Lost Operational state (Pradeep Gopanapalli) [Orabug: 23032392] [Orabug: 35180168] - xsigo: SKB Frag cleanup (Pradeep Gopanapalli) [Orabug: 23514725] [Orabug: 35180168] - xsigo: Tx_tail goes outof bound (Pradeep Gopanapalli) [Orabug: 23514725] [Orabug: 35180168] - xsigo: Fixed Path locking issues (Pradeep Gopanapalli) [Orabug: 23514725] [Orabug: 35180168] - Fixed vnic issue after saturn reset (Pradeep Gopanapalli) [Orabug: 22862488] [Orabug: 35180168] - uvnic issues (Pradeep Gopanapalli) [Orabug: 22862488] [Orabug: 35180168] - Fixed wrongly checked return type Added Debug print (Pradeep Gopanapalli) [Orabug: 22862488] [Orabug: 35180168] - Integrate Uvnic functionality into uek-4.1 Revision 8008 (Pradeep Gopanapalli) [Orabug: 35180168] - 1) S_IRWXU causing kernel soft crash changing to 0644 (Pradeep Gopanapalli) [Orabug: 35180168] - 1) Support vnic for EDR based platform(uVnic) 2) Supported Types now Type 0 (Pradeep Gopanapalli) [Orabug: 35180168] - Add Oracle virtual Networking Drivers for uek4 kernel (Pradeep Gopanapalli) [Orabug: 35180168] [5.4.17-2136.336.4] - igb: Fix not clearing TimeSync interrupts for 82580 (Daiwei Li) - VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (David Fernandez Gonzalez) [Orabug: 37037205] {CVE-2024-46738} - x86/speculation: Basic IBRS is enabled with AMD Automatic IBRS (Alexandre Chartre) [Orabug: 37044540] [5.4.17-2136.336.3] - Compiler Attributes: Add __uninitialized macro (Heiko Carstens) - filelock: Correct the filelock owner in fcntl_setlk/fcntl_setlk64 (Long Li) - ALSA: timer: Relax start tick time check for slave timer elements (Takashi Iwai) - ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 (Parsa Poorshikhian) - LTS tag: v5.4.282 (Sherry Yang) - media: Revert 'media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()' (Sean Young) - ARM: dts: imx6qdl-kontron-samx6i: fix phy-mode (Michael Walle) - nvme/pci: Add APST quirk for Lenovo N60z laptop (WangYuli) - exec: Fix ToCToU between perm check and set-uid/gid usage (Kees Cook) [Orabug: 36984017] {CVE-2024-43882} - media: uvcvideo: Use entity get_cur in uvc_ctrl_set (Yunke Cao) - arm64: cpufeature: Fix the visibility of compat hwcaps (Amit Daniel Kachhap) - drm/i915/gem: Fix Virtual Memory mapping boundaries calculation (Andi Shyti) [Orabug: 36953969] {CVE-2024-42259} - netfilter: nf_tables: prefer nft_chain_validate (Florian Westphal) [Orabug: 36896846] {CVE-2024-41042} - netfilter: nf_tables: use timestamp to check for set element timeout (Pablo Neira Ayuso) [Orabug: 36630432] {CVE-2024-27397} - netfilter: nf_tables: set element extended ACK reporting support (Pablo Neira Ayuso) - kbuild: Fix '-S -c' in x86 stack protector scripts (Nathan Chancellor) - Fix gcc 4.9 build issue in 5.4.y (Jari Ruusu) - drm/mgag200: Set DDC timeout in milliseconds (Thomas Zimmermann) - drm/bridge: analogix_dp: properly handle zero sized AUX transactions (Lucas Stach) - x86/mtrr: Check if fixed MTRRs exist before saving them (Andi Kleen) [Orabug: 37028936] {CVE-2024-44948} - tracing: Fix overflow in get_free_elt() (Tze-nan Wu) [Orabug: 36992998] {CVE-2024-43890} - power: supply: axp288_charger: Round constant_charge_voltage writes down (Hans de Goede) - power: supply: axp288_charger: Fix constant_charge_voltage writes (Hans de Goede) - genirq/irqdesc: Honor caller provided affinity in alloc_desc() (Shay Drory) - serial: core: check uartclk for zero to avoid divide by zero (George Kennedy) [Orabug: 36993009] {CVE-2024-43893} - scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES (Damien Le Moal) - ntp: Safeguard against time_constant overflow (Justin Stitt) - ntp: Clamp maxerror and esterror to operating range (Justin Stitt) - tick/broadcast: Move per CPU pointer access into the atomic section (Thomas Gleixner) [Orabug: 37036032] {CVE-2024-44968} - scsi: ufs: core: Fix hba->last_dme_cmd_tstamp timestamp updating logic (Vamshi Gajjela) - usb: gadget: core: Check for unset descriptor (Chris Wulff) [Orabug: 37028988] {CVE-2024-44960} - USB: serial: debug: do not echo input by default (Marek Marczykowski-Gorecki) - usb: vhci-hcd: Do not drop references before new references are gained (Oliver Neukum) [Orabug: 36992971] {CVE-2024-43883} - ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (Takashi Iwai) - ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (Steven 'Steve' Kendall) - ALSA: line6: Fix racy access to midibuf (Takashi Iwai) [Orabug: 37028957] {CVE-2024-44954} - drm/client: fix null pointer dereference in drm_client_modeset_probe (Ma Ke) [Orabug: 36993014] {CVE-2024-43894} - spi: spi-fsl-lpspi: Fix scldiv calculation (Stefan Wahren) - spi: fsl-lpspi: remove unneeded array (Oleksandr Suvorov) - bpf: kprobe: remove unused declaring of bpf_kprobe_override (Menglong Dong) - i2c: smbus: Send alert notifications to all devices if source not found (Guenter Roeck) - i2c: smbus: Improve handling of stuck alerts (Guenter Roeck) - i2c: smbus: Don't filter out duplicate alerts (Corey Minyard) - arm64: errata: Expand speculative SSBS workaround (again) (Mark Rutland) - arm64: cputype: Add Cortex-A725 definitions (Mark Rutland) - arm64: cputype: Add Cortex-X1C definitions (Mark Rutland) - arm64: errata: Expand speculative SSBS workaround (Mark Rutland) - arm64: errata: Unify speculative SSBS errata logic (Mark Rutland) - arm64: cputype: Add Cortex-X925 definitions (Mark Rutland) - arm64: cputype: Add Cortex-A720 definitions (Mark Rutland) - arm64: cputype: Add Cortex-X3 definitions (Mark Rutland) - arm64: errata: Add workaround for Arm errata 3194386 and 3312417 (Mark Rutland) - arm64: cputype: Add Neoverse-V3 definitions (Mark Rutland) - arm64: cputype: Add Cortex-X4 definitions (Mark Rutland) - arm64: Add Neoverse-V2 part (Besar Wicaksono) - arm64: cpufeature: Force HWCAP to be based on the sysreg visible to user-space (James Morse) - ext4: fix wrong unit use in ext4_mb_find_by_goal (Kemeng Shi) - SUNRPC: Fix a race to wake a sync task (Benjamin Coddington) - s390/sclp: Prevent release of buffer in I/O (Peter Oberparleiter) [Orabug: 37029020] {CVE-2024-44969} - jbd2: avoid memleak in jbd2_journal_write_metadata_buffer (Kemeng Shi) - media: uvcvideo: Fix the bandwdith quirk on USB 3.x (Michal Pecio) - media: uvcvideo: Ignore empty TS packets (Ricardo Ribalda) - drm/amdgpu: Fix the null pointer dereference to ras_manager (Ma Jun) [Orabug: 36993084] {CVE-2024-43908} - btrfs: fix bitmap leak when loading free space cache on duplicate entry (Filipe Manana) - wifi: nl80211: don't give key data to userspace (Johannes Berg) - udf: prevent integer overflow in udf_bitmap_free_blocks() (Roman Smirnov) - PCI: Add Edimax Vendor ID to pci_ids.h (FUJITA Tomonori) - selftests/bpf: Fix send_signal test with nested CONFIG_PARAVIRT (Yonghong Song) - ACPI: SBS: manage alarm sysfs attribute through psy core (Thomas Weissschuh) - ACPI: battery: create alarm sysfs attribute atomically (Thomas Weissschuh) - clocksource/drivers/sh_cmt: Address race condition for clock events (Niklas Soderlund) - md/raid5: avoid BUG_ON() while continue reshape after reassembling (Yu Kuai) [Orabug: 36993127] {CVE-2024-43914} - net: fec: Stop PPS on driver remove (Csokas, Bence) - Bluetooth: l2cap: always unlock channel in l2cap_conless_channel() (Dmitry Antipov) - net: linkwatch: use system_unbound_wq (Eric Dumazet) - net: usb: qmi_wwan: fix memory leak for not ip packets (Daniele Palmas) [Orabug: 36983959] {CVE-2024-43861} - sctp: Fix null-ptr-deref in reuseport_add_sock(). (Kuniyuki Iwashima) [Orabug: 36993147] {CVE-2024-44935} - sctp: move hlist_node and hashent out of sctp_ep_common (Xin Long) - x86/mm: Fix pti_clone_pgtable() alignment assumption (Peter Zijlstra) [Orabug: 37029012] {CVE-2024-44965} - irqchip/mbigen: Fix mbigen node address layout (Yipeng Zou) - genirq: Allow irq_chip registration functions to take a const irq_chip (Marc Zyngier) - netfilter: ipset: Add list flush to cancel_gc (Alexander Maltsev) - net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (Ma Ke) - ALSA: usb-audio: Correct surround channels in UAC1 channel map (Takashi Iwai) - protect the fetch of ->fd[fd] in do_dup2() from mispredictions (Al Viro) [Orabug: 36963808] {CVE-2024-42265} - HID: wacom: Modify pen IDs (Tatsunosuke Tobita) - ipv6: fix ndisc_is_useropt() handling for PIO (Maciej Zenczykowski) - net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys (Shahar Shitrit) - net/iucv: fix use after free in iucv_sock_close() (Alexandra Winter) [Orabug: 36964006] {CVE-2024-42271} - drm/vmwgfx: Fix overlay when using Screen Targets (Ian Forbes) - drm/nouveau: prime: fix refcount underflow (Danilo Krummrich) [Orabug: 36983979] {CVE-2024-43867} - remoteproc: imx_rproc: Skip over memory region when node value is NULL (Aleksandr Mishin) [Orabug: 36964537] {CVE-2024-43860} - remoteproc: imx_rproc: Fix ignoring mapping vdev regions (Dong Aisheng) - remoteproc: imx_rproc: ignore mapping vdev regions (Peng Fan) - irqchip/imx-irqsteer: Handle runtime power management correctly (Shenwei Wang) [Orabug: 36964085] {CVE-2024-42290} - irqchip/imx-irqsteer: Add runtime PM support (Lucas Stach) - irqchip/imx-irqsteer: Constify irq_chip struct (Lucas Stach) - genirq: Allow the PM device to originate from irq domain (Marc Zyngier) - devres: Fix memory leakage caused by driver API devm_free_percpu() (Zijun Hu) [Orabug: 36983991] {CVE-2024-43871} - driver core: Cast to (void *) with __force for __percpu pointer (Andy Shevchenko) - dev/parport: fix the array out-of-bounds risk (tuhaowen) [Orabug: 36964223] {CVE-2024-42301} - parport: Standardize use of printmode (Joe Perches) to pr_<level>( (Joe Perches) - PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio (Manivannan Sadhasivam) - PCI: rockchip: Make 'ep-gpios' DT property optional (Chen-Yu Tsai) - mm: avoid overflows in dirty throttling logic (Jan Kara) [Orabug: 36897803] {CVE-2024-42131} - nvme-pci: add missing condition check for existence of mapped data (Leon Romanovsky) [Orabug: 36964022] {CVE-2024-42276} - ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is reachable (Pierre-Louis Bossart) - ASoC: Intel: Move soc_intel_is_foo() helpers to a generic header (Hans de Goede) - ASoC: Intel: Convert to new X86 CPU match macros (Thomas Gleixner) - powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() (Al Viro) - apparmor: Fix null pointer deref when receiving skb during sock creation (Xiao Liang) - mISDN: Fix a use after free in hfcmulti_tx() (Dan Carpenter) [Orabug: 36964032] {CVE-2024-42280} - bpf: Fix a segment issue when downgrading gso_size (Fred Li) [Orabug: 36964038] {CVE-2024-42281} - net: nexthop: Initialize all fields in dumped nexthops (Petr Machata) [Orabug: 36964044] {CVE-2024-42283} - tipc: Return non-zero value from tipc_udp_addr2str() on error (Shigeru Yoshida) [Orabug: 36964047] {CVE-2024-42284} - net: bonding: correctly annotate RCU in bond_should_notify_peers() (Johannes Berg) - ipv4: Fix incorrect source address in Record Route option (Ido Schimmel) - MIPS: SMP-CPS: Fix address for GCR_ACCESS register for CM3 and later (Gregory CLEMENT) - dma: fix call order in dmam_free_coherent (Lance Richardson) [Orabug: 36964523] {CVE-2024-43856} - libbpf: Fix no-args func prototype BTF dumping syntax (Andrii Nakryiko) - um: time-travel: fix time-travel-start option (Johannes Berg) - jfs: Fix array-index-out-of-bounds in diFree (Jeongjun Park) [Orabug: 36964530] {CVE-2024-43858} - kdb: address -Wformat-security warnings (Arnd Bergmann) - nilfs2: handle inconsistent state in nilfs_btnode_create_block() (Ryusuke Konishi) [Orabug: 36964203] {CVE-2024-42295} - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 (WangYuli) - Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables (Hilda Wu) - rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings (Ilya Dryomov) - rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (Ilya Dryomov) - drm/panfrost: Mark simple_ondemand governor as softdep (Dragan Simic) - rbd: don't assume rbd_is_lock_owner() for exclusive mappings (Ilya Dryomov) - selftests/sigaltstack: Fix ppc64 GCC build (Michael Ellerman) - RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (Bart Van Assche) [Orabug: 36964054] {CVE-2024-42285} - platform: mips: cpu_hwmon: Disable driver on unsupported hardware (Jiaxun Yang) - watchdog/perf: properly initialize the turbo mode timestamp and rearm counter (Thomas Gleixner) - rtc: isl1208: Fix return value of nvmem callbacks (Joy Chakraborty) - perf/x86/intel/pt: Fix a topa_entry base address calculation (Adrian Hunter) - perf/x86/intel/pt: Fix topa_entry base length (Marco Cavenati) - scsi: qla2xxx: validate nvme_local_port correctly (Nilesh Javali) [Orabug: 36964059] {CVE-2024-42286} - scsi: qla2xxx: Complete command early within lock (Shreyas Deodhar) [Orabug: 36964065] {CVE-2024-42287} - scsi: qla2xxx: Fix for possible memory corruption (Shreyas Deodhar) [Orabug: 36964070] {CVE-2024-42288} - scsi: qla2xxx: During vport delete send async logout explicitly (Manish Rangankar) [Orabug: 36964080] {CVE-2024-42289} - rtc: cmos: Fix return value of nvmem callbacks (Joy Chakraborty) - kobject_uevent: Fix OOB access within zap_modalias_env() (Zijun Hu) [Orabug: 36964092] {CVE-2024-42292} - decompress_bunzip2: fix rare decompression failure (Ross Lagerwall) - ubi: eba: properly rollback inside self_check_eba (Fedor Pchelkin) - clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use (Bastien Curutchet) - f2fs: fix to don't dirty inode for readonly filesystem (Chao Yu) [Orabug: 36964213] {CVE-2024-42297} - scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds (Saurav Kashyap) - binder: fix hang of unregistered readers (Carlos Llamas) - PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (Wei Liu) - hwrng: amd - Convert PCIBIOS_* return codes to errnos (Ilpo Jarvinen) - tools/memory-model: Fix bug in lock.cat (Alan Stern) - leds: ss4200: Convert PCIBIOS_* return codes to errnos (Ilpo Jarvinen) - wifi: mwifiex: Fix interface type change (Rafael Beims) - ext4: make sure the first directory block is not a hole (Baokun Li) [Orabug: 36964232] {CVE-2024-42304} - ext4: check dot and dotdot of dx_root before making dir indexed (Baokun Li) [Orabug: 36964237] {CVE-2024-42305} - m68k: amiga: Turn off Warp1260 interrupts during boot (Paolo Pisati) - udf: Avoid using corrupted block bitmap buffer (Jan Kara) [Orabug: 36964242] {CVE-2024-42306} - drm/amd/display: Check for NULL pointer (Sung Joon Kim) [Orabug: 36964247] {CVE-2024-42308} - drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (Ma Ke) [Orabug: 36964253] {CVE-2024-42309} - drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (Ma Ke) [Orabug: 36964260] {CVE-2024-42310} - hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (Chao Yu) [Orabug: 36964265] {CVE-2024-42311} - media: venus: fix use after free in vdec_close (Dikshita Agarwal) [Orabug: 36964275] {CVE-2024-42313} - char: tpm: Fix possible memory leak in tpm_bios_measurements_open() (Joe Hattori) - ipv6: take care of scope when choosing the src addr (Nicolas Dichtel) - af_packet: Handle outgoing VLAN packets without hardware offloading (Chengen Du) - net: netconsole: Disable target before netpoll cleanup (Breno Leitao) - tick/broadcast: Make takeover of broadcast hrtimer reliable (Yu Liao) - rtc: interface: Add RTC offset to alarm after fix-up (Csokas, Bence) - nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro (Ryusuke Konishi) - fs/nilfs2: remove some unused macros to tame gcc (Alex Shi) - pinctrl: freescale: mxs: Fix refcount of child (Peng Fan) - netfilter: ctnetlink: use helper function to calculate expect ID (Pablo Neira Ayuso) [Orabug: 37013755] {CVE-2024-44944} - bnxt_re: Fix imm_data endianness (Jack Wang) - macintosh/therm_windtunnel: fix module unload. (Nick Bowler) - powerpc/xmon: Fix disassembly CPU feature checks (Michael Ellerman) - Input: elan_i2c - do not leave interrupt disabled on suspend failure (Dmitry Torokhov) - RDMA/device: Return error earlier if port in not valid (Leon Romanovsky) - mtd: make mtd_test.c a separate module (Arnd Bergmann) - ASoC: max98088: Check for clk_prepare_enable() error (Chen Ni) - RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs (Honggang LI) - RDMA/mlx4: Fix truncated output warning in alias_GUID.c (Leon Romanovsky) - RDMA/mlx4: Fix truncated output warning in mad.c (Leon Romanovsky) - Input: qt1050 - handle CHIP_ID reading error (Andrei Lalaev) - PCI: Fix resource double counting on remove & rescan (Ilpo Jarvinen) - SUNRPC: Fixup gss_status tracepoint error output (Benjamin Coddington) - sparc64: Fix incorrect function signature and add prototype for prom_cif_init (Andreas Larsson) - ext4: avoid writing unitialized memory to disk in EA inodes (Jan Kara) - SUNRPC: avoid soft lockup when transmitting UDP to reachable server. (NeilBrown) - mfd: omap-usb-tll: Use struct_size to allocate tll (Javier Carrasco) - drm/qxl: Add check for drm_cvt_mode (Chen Ni) [Orabug: 36964456] {CVE-2024-43829} - drm/etnaviv: fix DMA direction handling for cached RW buffers (Lucas Stach) - perf report: Fix condition in sort__sym_cmp() (Namhyung Kim) - leds: trigger: Unregister sysfs attributes before calling deactivate() (Hans de Goede) [Orabug: 36964459] {CVE-2024-43830} - media: renesas: vsp1: Store RPF partition configuration per RPF instance (Laurent Pinchart) - media: renesas: vsp1: Fix _irqsave and _irq mix (Laurent Pinchart) - media: uvcvideo: Override default flags (Daniel Schaefer) - media: uvcvideo: Allow entity-defined get_info and get_cur (Ricardo Ribalda) - saa7134: Unchecked i2c_transfer function result fixed (Aleksandr Burakov) - media: imon: Fix race getting ictx->lock (Ricardo Ribalda) - media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() (Zheng Yejian) - USB: move snd_usb_pipe_sanity_check into the USB core (Greg Kroah-Hartman) - selftests: forwarding: devlink_lib: Wait for udev events after reloading (Amit Cohen) - bna: adjust 'name' buf size of bna_tcb and bna_ccb structures (Alexey Kodanev) [Orabug: 36964480] {CVE-2024-43839} - wifi: virt_wifi: don't use strlen() in const context (Johannes Berg) - gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey (Gaosheng Cui) - wifi: virt_wifi: avoid reporting connection success with wrong SSID (En-Wei Wu) [Orabug: 36964487] {CVE-2024-43841} - qed: Improve the stack space of filter_config() (Shai Malin) - perf: Prevent passing zero nr_pages to rb_alloc_aux() (Adrian Hunter) - perf: Fix perf_aux_size() for greater-than 32-bit size (Adrian Hunter) - perf/x86/intel/pt: Fix pt_topa_entry_for_page() address calculation (Adrian Hunter) - netfilter: nf_tables: rise cap on SELinux secmark context (Pablo Neira Ayuso) - net: fec: Fix FEC_ECR_EN1588 being cleared on link-down (Csokas, Bence) - net: fec: Refactor: #define magic constants (Csokas Bence) - wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (Baochen Qiang) [Orabug: 36984010] {CVE-2024-43879} - wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() (Baochen Qiang) - mlxsw: spectrum_acl_erp: Fix object nesting warning (Ido Schimmel) [Orabug: 36984013] {CVE-2024-43880} - lib: objagg: Fix general protection fault (Ido Schimmel) [Orabug: 36964495] {CVE-2024-43846} - selftests/bpf: Check length of recv in test_sockmap (Geliang Tang) - net/smc: set rmb's SG_MAX_SINGLE_ALLOC limitation only when CONFIG_ARCH_NO_SG_CHAIN is defined (Guangguan Wang) - net/smc: Allow SMC-D 1MB DMB allocations (Stefan Raspl) - wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device (Samasth Norway Ananda) - firmware: turris-mox-rwtm: Initialize completion before mailbox (Marek Behun) - firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() (Marek Behun) - m68k: cmpxchg: Fix return value for default case in __arch_xchg() (Thorsten Blum) - x86/xen: Convert comma to semicolon (Chen Ni) - m68k: atari: Fix TT bootup freeze / unexpected (SCU) interrupt messages (Eero Tamminen) - arm64: dts: amlogic: gx: correct hdmi clocks (Jerome Brunet) - arm64: dts: mediatek: mt7622: fix 'emmc' pinctrl mux (Rafal Milecki) - ARM: dts: imx6qdl-kontron-samx6i: fix PCIe reset polarity (Michael Walle) - ARM: dts: imx6qdl-kontron-samx6i: fix board reset (Michael Walle) - ARM: dts: imx6qdl-kontron-samx6i: fix PHY reset (Michael Walle) - ARM: dts: imx6qdl-kontron-samx6i: move phy reset into phy-node (Marco Felsch) - arm64: dts: rockchip: Increase VOP clk rate on RK3328 (Jonas Karlman) - arm64: dts: qcom: msm8996: specify UFS core_clk frequencies (Dmitry Baryshkov) - arm64: dts: qcom: sdm845: add power-domain to UFS PHY (Dmitry Baryshkov) - hwmon: (max6697) Fix swapped temp{1,8} critical alarms (Guenter Roeck) - hwmon: (max6697) Fix underflow when writing limit attributes (Guenter Roeck) - pwm: stm32: Always do lazy disabling (Uwe Kleine-Konig) - hwmon: (adt7475) Fix default duty on fan is disabled (Wayne Tung) - x86/platform/iosf_mbi: Convert PCIBIOS_* return codes to errnos (Ilpo Jarvinen) - x86/pci/xen: Fix PCIBIOS_* return code handling (Ilpo Jarvinen) - x86/pci/intel_mid_pci: Fix PCIBIOS_* return code handling (Ilpo Jarvinen) - x86/of: Return consistent error type from x86_of_pci_irq_enable() (Ilpo Jarvinen) - hfsplus: fix to avoid false alarm of circular locking (Chao Yu) - platform/chrome: cros_ec_debugfs: fix wrong EC message version (Tzung-Bi Shih) - LTS tag: v5.4.281 (Sherry Yang) - tap: add missing verification for short frame (Si-Wei Liu) [Orabug: 36660755] {CVE-2024-41090} - tun: add missing verification for short frame (Dongli Zhang) [Orabug: 36660755] {CVE-2024-41091} - filelock: Fix fcntl/close race recovery compat path (Jann Horn) [Orabug: 36896789] {CVE-2024-41020} {CVE-2024-41012} - ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 (Edson Juliano Drosdeck) - jfs: don't walk off the end of ealist (lei lu) [Orabug: 36891667] {CVE-2024-41017} - ocfs2: add bounds checking to ocfs2_check_dir_entry() (lei lu) [Orabug: 36891655] {CVE-2024-41015} - ACPI: processor_idle: Fix invalid comparison with insertion sort for latency (Kuan-Wei Chiu) - ARM: 9324/1: fix get_user() broken with veneer (Masahiro Yamada) - hfsplus: fix uninit-value in copy_name (Edward Adam Davis) [Orabug: 36896969] {CVE-2024-41059} - selftests/vDSO: fix clang build errors and warnings (John Hubbard) - spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices (Uwe Kleine-Konig) - fs: better handle deep ancestor chains in is_subdir() (Christian Brauner) - Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (Tetsuo Handa) [Orabug: 36896994] {CVE-2024-41063} - scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed (Xingui Yang) - powerpc/eeh: avoid possible crash when edev->pdev changes (Ganesh Goudar) [Orabug: 36897003] {CVE-2024-41064} - powerpc/pseries: Whitelist dtl slub object for copying to userspace (Anjali K) [Orabug: 36897009] {CVE-2024-41065} - net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() (Yunshui Jiang) - net: usb: qmi_wwan: add Telit FN912 compositions (Daniele Palmas) - ALSA: dmaengine_pcm: terminate dmaengine before synchronize (Shengjiu Wang) - s390/sclp: Fix sclp_init() cleanup on failure (Heiko Carstens) [Orabug: 36897032] {CVE-2024-41068} - can: kvaser_usb: fix return value for hif_usb_send_regout (Chen Ni) - ASoC: ti: omap-hdmi: Fix too long driver name (Primoz Fiser) - ASoC: ti: davinci-mcasp: Set min period size using FIFO config (Jai Luthra) - bytcr_rt5640 : inverse jack detect for Archos 101 cesium (Thomas GENTY) - Input: elantech - fix touchpad state on resume for Lenovo N24 (Jonathan Denose) - mips: fix compat_sys_lseek syscall (Arnd Bergmann) - ALSA: hda/realtek: Add more codec ID to no shutup pins list (Kailang Yang) - KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (Michael Ellerman) [Orabug: 36897048] {CVE-2024-41070} - wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (Dmitry Antipov) [Orabug: 36897312] {CVE-2024-41072} - mei: demote client disconnect warning on suspend to debug (Alexander Usyskin) - fs/file: fix the check in find_next_fd() (Yuntao Wang) - kconfig: remove wrong expr_trans_bool() (Masahiro Yamada) - kconfig: gconf: give a proper initial state to the Save button (Masahiro Yamada) - ila: block BH in ila_output() (Eric Dumazet) [Orabug: 36897360] {CVE-2024-41081} - Input: silead - Always support 10 fingers (Hans de Goede) - wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() (Dmitry Antipov) - wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata (Nicolas Escande) - ACPI: EC: Avoid returning AE_OK on errors in address space handler (Armin Wolf) - ACPI: EC: Abort address space access upon error (Armin Wolf) - scsi: qedf: Set qed_slowpath_params to zero before use (Saurav Kashyap) - filelock: Remove locks reliably when fcntl/close race is detected (Jann Horn) [Orabug: 36874758] {CVE-2024-41012} {CVE-2024-41020} - gcc-plugins: Rename last_stmt() for GCC 14+ (Kees Cook) [5.4.17-2136.336.2] - mm: Only enable HVO under UEK6 for Exadata system (Jane Chu) [Orabug: 36990830] - mm: delete redundent old PageCompound() macro (Jane Chu) [Orabug: 36990830] [5.4.17-2136.336.1] - mm/hwpoison: put page in already hwpoisoned case with MF_COUNT_INCREASED (Naoya Horiguchi) [Orabug: 36947110] - mm/memory-failure: send SIGBUS in the event of thp split fail (Jane Chu) [Orabug: 36947110] - mm/memory-failure: move hwpoison_filter() higher up (Jane Chu) [Orabug: 36947110] - mm/memory-failure: improve memory failure action_result messages (Jane Chu) [Orabug: 36947110] - mm/madvise: add MF_ACTION_REQUIRED to madvise(MADV_HWPOISON) (Jane Chu) [Orabug: 36947110] - mm/memory-failure: try to send SIGBUS even if unmap failed (Jane Chu) [Orabug: 36947110] - mm: memory-failure: cleanup try_to_split_thp_page() (Kefeng Wang) [Orabug: 36947110] - mm,hwpoison: introduce MF_MSG_UNSPLIT_THP (Naoya Horiguchi) [Orabug: 36947110] - KVM/x86: Do not clear SIPI while in SMM (Boris Ostrovsky) [Orabug: 36401960] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-42297 CVE-2024-42305 CVE-2024-41064 CVE-2024-42308 CVE-2024-41042 CVE-2024-44969 CVE-2024-42286 CVE-2024-44935 CVE-2024-42313 CVE-2024-42283 CVE-2024-43914 CVE-2024-43894 CVE-2024-42304 CVE-2024-44944 CVE-2024-41065 CVE-2024-41070 CVE-2024-41020 CVE-2024-43867 CVE-2024-43890 CVE-2024-43839 CVE-2024-42290 CVE-2024-43871 CVE-2024-43830 CVE-2024-41072 CVE-2024-41081 CVE-2024-44954 CVE-2024-42280 CVE-2024-43829 CVE-2024-41015 CVE-2024-42284 CVE-2024-43880 CVE-2024-43846 CVE-2024-44960 CVE-2024-41012 CVE-2024-43858 CVE-2024-42281 CVE-2024-41017 CVE-2024-43893 CVE-2024-46738 CVE-2024-42131 CVE-2024-41068 CVE-2024-42288 CVE-2024-44948 CVE-2024-43882 CVE-2024-44965 CVE-2024-42310 CVE-2024-42311 CVE-2024-41063 CVE-2024-43841 CVE-2024-44968 CVE-2024-42287 CVE-2024-42259 CVE-2024-42301 CVE-2024-42285 CVE-2024-43879 CVE-2024-43856 CVE-2024-41091 CVE-2024-43883 CVE-2024-43860 CVE-2024-42295 CVE-2024-42292 CVE-2024-42309 CVE-2024-41059 CVE-2024-43861 CVE-2024-42265 CVE-2024-41090 CVE-2024-27397 CVE-2024-43908 CVE-2024-42271 CVE-2024-42276 CVE-2024-42289 CVE-2024-42306 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:10:baseos_patch cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 8 [1:1.1.1k-14] - Backport fix SSL_select_next proto from OpenSSL 3.2 Fix CVE-2024-5535 Resolves: RHEL-45654 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-5535 cpe:/a:oracle:linux:8::userspace_ksplice Oracle Linux 8 hivex [1.3.18-21] - Bounds check for block exceeding page length (CVE-2021-3504) resolves: rhbz#1950501 [1.3.18] - Resolves: bz#1810193 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release) [1.3.18] - Resolves: bz#1810193 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release) [1.3.15-7] - Rebuild all virt packages to fix RHEL's upgrade path - Resolves: rhbz#1695587 (Ensure modular RPM upgrade path) [1.3.15-6] - Drop hivex-static subpackage resolves: rhbz#1560207 [1.3.15-5] - Rebuild for OCaml 4.07.0. [1.3.15-4] - Remove python2 support resolves: rhbz#1559086 [1.3.15-3] - Add upstream patch to fix injection of LDFLAGS (RHBZ#1548536). [1.3.15-2] - Rebuild with new redhat-rpm-config/perl build flags [1.3.15-1] - New upstream version 1.3.15. [1.3.14-15] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [1.3.14-14] - Rebuilt for switch to libxcrypt [1.3.14-13] - F-28: rebuild for ruby25 [1.3.14-12] - Fix string mutability. [1.3.14-10] - OCaml 4.06.0 rebuild. [1.3.14-9] - ocaml-hivex-devel should Require hivex-devel. [1.3.14-8] - OCaml 4.05.0 rebuild. [1.3.14-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [1.3.14-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [1.3.14-5] - OCaml 4.04.2 rebuild. [1.3.14-4] - Perl 5.26 rebuild [1.3.14-3] - Create python2 and python3 subpackages (RHBZ#1453189). [1.3.14-2] - OCaml 4.04.1 rebuild. [1.3.14-1] - New upstream version 1.3.14. - Add GPG signature and mechanics for checking it. [1.3.13-12] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [1.3.13-11] - F-26: rebuild again for ruby24 [1.3.13-10] - Rebuild for readline 7.x [1.3.13-9] - Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_2.4 [1.3.13-8] - Rebuild for OCaml 4.04.0. [1.3.13-7] - https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages [1.3.13-6] - Perl 5.24 rebuild [1.3.13-5] - Explicitly BR rubygem(rdoc) RHBZ#1334753 and rubygem(json) RHBZ#1325022. [1.3.13-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [1.3.13-3] - Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_2.3 [1.3.13-2] - New upstream version 1.3.13. - Drop ancient 'Conflicts' rule. - Drop Perl patch for setting INSTALLDIRS. - Depend on pod2html, pod2man binaries explicitly. [1.3.12-1] - New upstream version 1.3.12. - Drop patches which are now upstream. - Use OCaml macros to test if OCaml native compiler is available. - Use autoreconf --force option. [1.3.11-13] - Correcting the perl build time dependency list Switching to virtual perl()-style symbols Dropping unused dependencies and adding some new to fix the FTBFS [1.3.11-12] - OCaml 4.02.3 rebuild. [1.3.11-11] - ocaml-4.02.2 final rebuild. [1.3.11-10] - ocaml-4.02.2 rebuild. [1.3.11-9] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [1.3.11-8] - Perl 5.22 rebuild [1.3.11-7] - Move hivexregedit to perl-hivex subpackage, since otherwise hivex and hence libguestfs depends on perl (RHBZ#1194158). [1.3.11-6] - ocaml-4.02.1 rebuild. [1.3.11-5] - Rebuild for https://fedoraproject.org/wiki/Changes/Ruby_2.2 [1.3.11-4] - Increase HIVEX_MAX_SUBKEYS. - Don't leak errno E2BIG to callers. [1.3.11-2] - Pull in a couple of upstream fixes: * Fix memory leak in _hivex_get_children. * Increase HIVEX_MAX_VALUE_LEN. [1.3.11-1] - New upstream version 1.3.11. - Python objects are now placed in a hivex/ subdirectory. [1.3.10-12] - Perl 5.20 rebuild [1.3.10-11] - ocaml-4.02.0 final rebuild. [1.3.10-10] - Perl 5.20 rebuild [1.3.10-9] - ocaml-4.02.0+rc1 rebuild. [1.3.10-8] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild [1.3.10-7] - ocaml-4.02.0-0.8.git10e45753.fc22 rebuild. [1.3.10-6] - OCaml 4.02.0 beta rebuild. [1.3.10-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [1.3.10-4] - Remove the ruby(release) version. It is not needed. [1.3.10-3] - Rebuild to fix Ruby dependencies problem. [1.3.10-2] - Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_2.1 [1.3.10-1] - New upstream version 1.3.10. - Fix ruby test failures (RHBZ#1090407). [1.3.9-2] - New upstream version 1.3.9. - Remove patches which are now upstream. [1.3.8-4] - OCaml 4.01.0 rebuild. [1.3.8-3] - Include various upstream patches to fix endianness problems on ppc64. [1.3.8-2] - Bump and rebuild, since ARM package still appears to depend on Perl 5.16. [1.3.8-1] - New upstream version 1.3.8. - Fixes handling of keys which use ri-records, for both reading and writing (RHBZ#717583, RHBZ#987463). - Remove upstream patch. - Rebase dirs patch against new upstream sources. - Rebase ruby patch against new upstream sources. - Modernize the RPM spec file. - Fix .gitignore. [1.3.7-8] - Perl 5.18 rebuild [1.3.7-7] - Rebuild for Ruby 2.0.0. - Change ruby(abi) to ruby(release). [1.3.7-6] - Fix for latest Ruby in Rawhide. Fixes build failure identified by mass rebuild yesterday. - Do not ignore error from running autoreconf. [1.3.7-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild [1.3.7-2] - Rebuild for OCaml 4.00.1. [1:1.3.7-1] - New upstream version 1.3.7. [1.3.6-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [1.3.6-2] - Perl 5.16 rebuild [1:1.3.6-1] - New upstream version 1.3.6. - Enable Ocaml bindings on ppc64. [1.3.5-9] - Rebuild for OCaml 4.00.0. [1.3.5-8] - Perl 5.16 rebuild [1:1.3.5-7] - 'blobs' -> 'files' in the description. [1:1.3.5-6] - Bundled gnulib (RHBZ#821763). [1:1.3.5-5] - Don't need to rerun the generator (thanks Dan Horak). [1:1.3.5-4] - New upstream version 1.3.5. - Remove upstream patch. - Depend on automake etc. for the patch. [1.3.3-8] - ruby(abi) 1.9.1. [1.3.3-7] - Bump and rebuild for Ruby update. - Add upstream patch to fix bindings for Ruby 1.9. - Add non-upstream patch to pass --vendor flag to extconf.rb [1.3.3-3] - Rebuild for OCaml 3.12.1. [1.3.3-2] - Disable OCaml on ppc64. - Ensure OCaml files are deleted when not packaged. [1.3.3-1] - New upstream version 1.3.3. - Rebased gnulib to work around RHBZ#756981. - Remove patches which are now upstream. [1.3.2-3] - New upstream version 1.3.2. - Add upstream patch to fix building of hivexsh, hivexget. [1.3.1-2] - New upstream version 1.3.1. - Remove patch, now upstream. - Don't need hack for making an unversioned Python module. [1.3.0-3] - New upstream version 1.3.0. - This version adds Ruby bindings, so there is a new subpackage 'ruby-hivex'. - Add upstream patch to fix Ruby tests. - Remove epoch macro in ruby-hivex dependency. [1.2.8-1] - New upstream version 1.2.8. - Remove 4 upstream patches. [1.2.7-9] - Add upstream patch to fix Perl CCFLAGS for Perl 5.14 on i686. - Enable 'make check'. [1.2.7-6] - i686 package is broken, experimentally rebuild it. [1.2.7-5] - Perl mass rebuild [1.2.7-4] - Perl 5.14 mass rebuild [1.2.7-3] - New upstream version 1.2.7. - Removed patch which is now upstream. - Add upstream patches to fix ocaml install rule. [1.2.6-2] - New upstream version 1.2.6. - Removed patch which is now upstream. - Add upstream patch to fix ocaml tests. [1.2.5-2] - Fix Python bindings on 32 bit arch with upstream patch. [1.2.5-1] - New upstream version 1.2.5. - This version fixes a number of important memory issues found by valgrind and upgrading to this version is recommended for all users. - Remove patch now upstream. [1.2.4-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [1.2.4-6] - Fix multilib conflicts in *.pyc and *.pyo files. - Only install unversioned *.so file for Python bindings. [1.2.4-4] - Rebuild against OCaml 3.12.0. [1.2.4-3] - Backport upstream patch to fix segfault in Hivex.value_value binding. [1.2.4-1] - New upstream version 1.2.4. - This adds Python bindings (python-hivex subpackage). - Fix Source0. [1.2.3-3] - fix built with recent perl [1.2.3-2] - conditionalize ocaml support [1.2.3-1] - New upstream version 1.2.3. [1.2.2-3] - Create a hivex-static subpackage. [1.2.2-2] - Mass rebuild with perl-5.12.0 [1.2.2-1] - New upstream version 1.2.2. [1.2.1-1] - New upstream version 1.2.1. - Includes new tool for exporting and merging in regedit format. [1.2.0-2] - New upstream version 1.2.0. - This includes OCaml and Perl bindings, so add these as subpackages. [1.1.2-3] - Missing Epoch in conflicts version fixed. [1.1.2-2] - Add Conflicts libguestfs <= 1.0.84. [1.1.2-1] - Initial Fedora RPM. libguestfs libguestfs-winsupport [8.2] - Resolves: bz#1810193 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release) [8.0-4] - Rebuild all virt packages to fix RHEL's upgrade path - Resolves: rhbz#1695587 (Ensure modular RPM upgrade path) [8.0-3] - Fix for CVE-2019-9755 (heap-based buffer overflow leads to local root privilege escalation) resolves: rhbz#1698503 [8.0-2] - Fix for ntfsclone crash (RHBZ#1601146). [8.0-1] - Rebase to 2017.3.23. - Remove patches which are now upstream. - Resynch with Fedora package. - Enable all architectures for RHEL 8. [7.2-2] - Fix for handling guest filenames with invalid or incomplete multibyte or wide characters resolves: rhbz#1301593 [7.2-1] - Rebase and rebuild for RHEL 7.2 resolves: rhbz#1240278 [7.1-6] - Bump version and rebuild. related: rhbz#1221583 [7.1-5] - Enable aarch64 architecture. resolves: rhbz#1221583 [7.1-4] - Enable debuginfo support and stripping. resolves: rhbz#1100319 [7.1-3] - Add patches from Fedora package which add fstrim support. resolves: rhbz#1100319 [7.1-2] - New package for RHEL 7.1 - Rebase to ntfs-3g 2014.2.15 resolves: rhbz#1100319 - Change the package so it works with supermin5. - Remove dependency on external FUSE. [7.0-2] - Resync against Rawhide package (ntfs-3g 2013.1.13). - Drop HAL file since HAL is dead. resolves: rhbz#819939 [7.0-1] - New package for RHEL 7 resolves: rhbz#819939 - Resync against Rawhide package. [1.0-7] - Disable debuginfo package. resolves: RHBZ#691555. [1.0-6] - Require libguestfs 1.7.17 (newer version in RHEL 6.1). - Require febootstrap-supermin-helper instead of febootstrap resolves: RHBZ#670299. [1.0-5] - Make sure intermediate lib* directories are created in hostfiles (RHBZ#603429) [1.0-4] - Requires fuse-libs (RHBZ#599300). [1.0-3] - ExclusiveArch x86_64. [1.0-2] - Package Windows support for libguestfs. libiscsi libnbd [1.2.2] - Resolves: bz#1844296 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release) [1.2.2-1] - New stable release 1.2.2. [1.2.1-1] - New stable release 1.2.1. [1.2.0-1] - New stable release 1.2.0. [1.0.3-1] - New upstream version 1.0.3. - Contains fix for remote code execution vulnerability. - Add new libnbd-security(3) man page. [1.0.2-1] - New upstream version 1.0.2. - Remove patches which are upstream. - Contains fix for NBD Protocol Downgrade Attack (CVE-2019-14842). - Fix previous commit message. [1.0.1-2] - Add upstream patch to fix nbdsh (for nbdkit tests). - Fix interop tests on slow machines. [1.0.1-1] - New stable version 1.0.1. [1.0.0-1] - New upstream version 1.0.0. [0.9.9-2] - Rebuilt for Python 3.8 [0.9.9-1] - New upstream version 0.9.9. [0.9.8-4] - Fix nbdkit dependencies so we're actually running the tests. - Add glib2-devel BR so we build the glib main loop example. - Add upstream patch to fix test error: nbd_connect_unix: getlogin: No such device or address - Fix test failure on 32 bit. [0.9.8-3] - Bump and rebuild to fix releng brokenness. https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/2LIDI33G3IEIPYSCCIP6WWKNHY7XZJGQ/ [0.9.8-2] - Rebuilt for Python 3.8 [0.9.8-1] - New upstream version 0.9.8. - Package the new nbd_*(3) man pages. [0.9.7-1] - New upstream version 0.9.7. - Add libnbd-ocaml(3) man page. [0.9.6-2] - Add all upstream patches since 0.9.6 was released. - Package the ocaml bindings into a subpackage. [0.9.6-1] - New upstream verison 0.9.6. [0.1.9-1] - New upstream version 0.1.9. [0.1.8-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild [0.1.8-1] - New upstream version 0.1.8. [0.1.7-1] - New upstream version 0.1.7. [0.1.6-1] - New upstream version 0.1.6. [0.1.5-1] - New upstream version 0.1.5. [0.1.4-1] - New upstream version 0.1.4. [0.1.2-2] - Enable libxml2 for NBD URI support. [0.1.2-1] - New upstream version 0.1.2. [0.1.1-1] - Fix license in man pages and examples. - Add nbdsh(1) man page. - Include the signature and keyring even if validation is disabled. - Update devel subpackage license. - Fix old FSF address in Python tests. - Filter Python provides. - Remove executable permission on the tar.gz.sig file. - Initial release. libvirt [5.7.0-44.el8] - qemu: conf: Add configuration to tune vcpu unplug timeout (Partha Satapathy) [Orabug: 37111373] [5.7.0-43.el8] - qemu_firmware: don't error out for unknown firmware features (Pavel Hrdina) [Orabug: 36931914] - qemu_process: Postpone vcpu re-pinning after vcpuinfo refresh from qemu (Shaleen Bathla) [Orabug: 36588995] [5.7.0-42.el8] - Document CVEs as fixed (Karl Heubaum) {CVE-2023-2700} - Fix off-by-one error in udevListInterfacesByStatus (Martin Kletzander) [Orabug: 36364474] {CVE-2024-1441} - libvirt-<module>: Check caller-provided buffers to be NULL with size > 0 (Erik Skultety) [Orabug: 36364474] [5.7.0-41.el8] - qemu_monitor: Add defensive protection on mon->msg (Wim ten Have) [Orabug: 35699260] - vircpi: Add PCIe 5.0 and 6.0 link speeds (Michal Privoznik) [Orabug: 35496776] - qemuProcessSetupVcpusVnuma: add NULL check for def->cpu (Shaleen Bathla) [Orabug: 35332038] [5.7.0-40.el8] - build: change dependency to allow post install erasing of /usr/bin/nc (Wim ten Have) [Orabug: 35289777] - util: Make virFileClose() quiet on success (Andrea Bolognani) [Orabug: 35090886] [5.7.0-39.el8] - exadata: update maxvcpus for vNUMA only (Shaleen Bathla) [Orabug: 34863357] [5.7.0-38.el8] - qemu: Don't report spurious errors from vCPU tid validation on hotunplug timeout (Shaleen Bathla) [Orabug: 34826758] - security: fix SELinux label generation logic (Daniel P. Berrange) [Orabug: 34773029] {CVE-2021-3631} - qemu: Set default qdisc before setting bandwidth (Michal Privoznik) [Orabug: 34724925] - qemu: Taint cpu host-passthrough only after migration (Cole Robinson) [Orabug: 34724925] [5.7.0-37.el8] - vNUMA: Auto adjust 'maxvcpus' for vCORE placement (Wim ten Have) [Orabug: 34670399] - qemu: support kvm-poll-control performance hint (Tim Wiederhake) [Orabug: 34695476] - qemu: fix EFI nvram removal on domain undefine (Pavel Mores) [Orabug: 34543837] - util: keep the pidfile locked (Marc-Andre Lureau) [Orabug: 34500172] - qemuProcessStartManagedPRDaemon: Don't pass -f pidfile to the daemon (Michal Privoznik) [Orbug: 34500172] - virCommand: Actually acquire pidfile instead of just writing it (Michal Privoznik) [Orbug: 34500172] - qemu: Don't explicitly remove pidfile after virPidFileForceCleanupPath() (Michal Privoznik) [Orbug: 34500172] - virPipeImpl: Don't overwrite error (Peter Krempa) [Orbug: 34500172] - src: introduce a wrapper for the pipe2() system call (Daniel P. Berrange) [Orbug: 34500172] [5.7.0-36.el8] - util: Netdev fixes for phys_port_id to get the ifname of a VF (Wim ten Have) [Orabug: 34417160] - qemuProcessStop: Don't try to remove QoS on already removed TAP (Michal Privoznik) [Orabug: 34206752] - virnetdevopenvswitch: Fix 'burst' value passed to ovs-vsctl (Michal Privoznik) [Orabug: 34206752] - util: Avoid null pointer dereference when setting QoS on OVS (Jiri Denemark) [Orabug: 34206752] - virnetdevopenvswitch: unify calculation of ovs and tc (Jinsheng Zhang) [Orabug: 34206752] - virnetdevopenvswitch: Fix qos cleaning residual on multi interfaces (Jinsheng Zhang) [Orabug: 34206752] - virnetdevopenvswitch: Introduce virNetDevOpenvswitchInterfaceClearTxQos and virNetDevOpenvswitchInterfaceClearRxQos (Jinsheng Zhang) [Orabug: 34206752] - virnetdevopenvswitch: Extract common code block to a single function (Jinsheng Zhang) [Orabug: 34206752] - virnetdevopenvswitch: Extract conversion parameters between virNetDevBandwidth and ovs (Jinsheng Zhang) [Orabug: 34206752] - virnetdevopenvswitch: Add vmuuid notes on virNetDevOpenvswitchInterfaceSetQos (Jinsheng Zhang) [Orabug: 34206752] - qemu: interface: check and use ovs command to set qos of ovs managed port (Jinsheng Zhang) [Orabug: 34206752] - qemu: interface: remove setting noqueue for ovs port (Jinsheng Zhang) [Orabug: 34206752] - virDomain: interface: add virNetDevOpenvswitchInterfaceSetQos and virNetDevOpenvswitchInterfaceClearQos (Jinsheng Zhang) [Orabug: 34206752] - virDomain: interface: add virDomainNetDefIsOvsport (Jinsheng Zhang) [Orabug: 34206752] - openvswitch: don't delete existing OVS port prior to recreating same port (Laine Stump) [Orabug: 34206752] - virnetdev: move virNetDevSetRootQDisc to virnetdevbandwidth (Pavel Hrdina) [Orabug: 34206752] - virnetdevbandwidth: Don't generate burst outside of boundaries (Michal Privoznik) [Orabug: 34206752] - qemu_hotplug: Don't dereference NULL pointer @newb in qemuDomainChangeNet() (Michal Privoznik) [Orabug: 34206752] - qemu: Restore default root qdisc when QoS is cleared out (Michal Privoznik) [Orabug: 34206752] - virnetdevopenvswitch: Simplify OVS_VSCTL cmd creation (Michal Privoznik) [Orabug: 34206752] - qemu: Set noqueue qdisc for TAP devices (Michal Privoznik) [Orabug: 34206752] - virnetdev: Introduce virNetDevSetRootQDisc() (Michal Privoznik) [Orabug: 34206752] - syntax-check: Don't forbid curly braces around single line condition body (Peter Krempa) [Orabug: 34206752] - src: util: rename some program macros (Pavel Hrdina) [Orabug: 34206752] - conf: rename virNetDevSupportBandwidth to virNetDevSupportsBandwidth (Jan Tomko) [Orabug: 34206752] - qemu: do not revert to NULL bandwidth (Jan Tomko) [Orabug: 34206752] - conf: return a const from virDomainNetGetActualVirtPortProfile (Laine Stump) [Orabug: 34206752] - qemu: move runtime netdev validation into a separate function (Laine Stump) [Orabug: 34206752] - conf: make arg to virDomainNetGetActualVirtPortProfile() a const (Laine Stump) [Orabug: 34206752] [5.7.0-35.el8] - util: add virNetDevGetPhysPortName (Moshe Levi) [Orabug: 34329649] - util: Add phys_port_name support on virPCIGetNetName (Dmytro Linkin) [Orabug: 34329649] [5.7.0-34.el8] - qemu: blockcopy: Allow late opening of the backing chain of a shallow copy (Peter Krempa) [Orabug: 33091019] - qemu: capabilities: Introduce QEMU_CAPS_BLOCKDEV_SNAPSHOT_ALLOW_WRITE_ONLY (Peter Krempa) [Orabug: 33091019] - qemuDomainBlockCopyCommon: Record updated flags to block job (Peter Krempa) [Orabug: 33091019] - qemuDomainBlockPivot: Move check prior to executing the pivot steps (Peter Krempa) [Orabug: 33091019] - qemu: Tell secdrivers which images are top parent (Michal Privoznik) [Orabug: 33091019] - qemuDomainBlockPivot: Copy bitmaps backing checkpoints for virDomainBlockCopy (Peter Krempa) [Orabug: 33091019] - qemu: block: Introduce function to calculate bitmap handling for block-copy (Peter Krempa) [Orabug: 33091019] - qemu: block: Add validator for bitmap chains accross backing chains (Peter Krempa) [Orabug: 33091019] - qemu: blockjob: Store 'flags' for all the block job types (Peter Krempa) [Orabug: 33091019] - qemu: blockjob: Store 'jobflags' with block job data (Peter Krempa) [Orabug: 33091019] - util: json: Introduce virJSONValueArrayConcat (Peter Krempa) [Orabug: 33091019] - qemu: block: Extract calls of qemuBlockGetNamedNodeData into a helper function (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: Track and relabel images for bitmap merging (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: Introduce support for deleting checkpoints accross snapshots (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: Extract calculation of bitmap merging for checkpoint deletion (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: Introduce helper to find checkpoint disk definition in parents (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: tolerate missing disks on checkpoint deletion (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: Use disk definition directly when creating checkpoint (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: rename disk->chkdisk in qemuCheckpointAddActions (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: rename disk->chkdisk in qemuCheckpointDiscardBitmaps (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: split out checkpoint deletion bitmaps (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: Store whether deleted checkpoint is current in a variable (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: Extract and export rollback of checkpoint metadata storing (Peter Krempa) [Orabug: 33091019] - qemu: block: Introduce qemuBlockNamedNodeDataGetBitmapByName (Peter Krempa) [Orabug: 33091019] - qemu: snapshot: Propagate active bitmaps through external snapshots (Peter Krempa) [Orabug: 33091019] - qemu: monitor: Add 'granularity' parameter for block-dirty-bitmap-add (Peter Krempa) [Orabug: 33091019] - qemu: snapshot: Fold formatting of snapshot transaction into prepare func (Peter Krempa) [Orabug: 33091019] - qemu: Check for explicit failure of qemuBlockSnapshotAddBlockdev (Peter Krempa) [Orabug: 33091019] - qemu: monitor: Extract internals of qemuMonitorJSONBlockGetNamedNodeData (Peter Krempa) [Orabug: 33091019] - qemu: monitor: Extract data about dirty-bimaps in qemuMonitorBlockGetNamedNodeData (Peter Krempa) [Orabug: 33091019] - qemu: block: enable the snapshot image deletion feature (Pavel Mores) [Orabug: 33091019] - qemu: block: propagate the delete flag to where it can actually be used (Pavel Mores) [Orabug: 33091019] - qemu: checkpoint: fix NULL dereference at create time (Cole Robinson) [Orabug: 33091019] - qemu: snapshot: Mark file becoming backingStore as read-only (Peter Krempa) [Orabug: 33091019] - util: consolidate on one free callback for hash data (Daniel P. Berrange) [Orabug: 33091019] - conf: stop using hash key when free'ing hash entries (Daniel P. Berrange) [Orabug: 33091019] - qemu: checkpoint: Use qemuMonitorTransactionBitmapMergeSourceAddBitmap (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: Fix rollback and access to unlocked 'vm' when deleting checkpoints (Peter Krempa) [Orabug: 33091019] - qemu: snapshot: split out preparation of a snapshot with blockdev (Peter Krempa) [Orabug: 33091019] - qemu: monitor: Add helper for generating data for block bitmap merging (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: Extract finalizing steps of checkpoint creation (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: Split out checkpoint creation code (Peter Krempa) [Orabug: 33091019] - qemu: block: Don't query monitor in qemuBlockStorageSourceCreateDetectSize (Peter Krempa) [Orabug: 33091019] - qemu: monitor: Introduce new interface to query-named-block-nodes (Peter Krempa) [Orabug: 33091019] - util: hash: Introduce virHashHasEntry (Peter Krempa) [Orabug: 33091019] - util: hash: Add new constructor 'virHashNew' (Peter Krempa) [Orabug: 33091019] - util: hash: Add possibility to use simpler data free function in virHash (Peter Krempa) [Orabug: 33091019] - conf: Introduce virDomainDiskByTarget (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: Don't update current checkpoint until we are done (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: Replace open-coded transaction action generators (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: Refactor cleanup in qemuCheckpointCreateXML (Peter Krempa) [Orabug: 33091019] - qemu: domain: Move checkpoint related code to qemu_checkpoint.c (Peter Krempa) [Orabug: 33091019] - qemu: driver: Move checkpoint-related code to qemu_checkpoint.c (Peter Krempa) [Orabug: 33091019] - qemu: Move, rename and export qemuDomObjFromDomain (Peter Krempa) [Orabug: 33091019] - qemu: checkpoint: Don't forbid checkpoint when VM is marked for autodestroy (Peter Krempa) [Orabug: 33091019] - Prepare to hotplug vNUMA targets for non-X86_64 guests (Wim ten Have) [Orabug: 34256070] - qemu: Add missing lock in qemuProcessHandleMonitorEOF (Peng Liang) [Orabug: 34210159] {CVE-2021-3975} [5.7.0-33.el8] - qemu: refresh vNUMA/SMT pinning (Wim ten Have) [Orabug: 34083505] - qemu driver: Check exadataConfig and packCPUs whenever vNUMA/SMT applies (Wim ten Have) [Orabug: 34023508] - nwfilter: fix crash when counting number of network filters (Daniel P. Berrange) [Orabug: 33973639] {CVE-2022-0897} [5.7.0-32.el8] - qemu: Validate config->exadata before reaping guests (Wim ten Have) [Orabug: 33763967] - qemu: Make vNUMA/SMT pCPU packing L3-cache aware on AMD/E4 (Wim ten Have) [Orabug: 33268059] - qemu: work exadataConfig flags directly from the QEMUdriver structure (Wim ten Have) [Orabug: 33268059] - qemu: Label restore path outside of secdriver transactions (Michal Privoznik) [Orabug: 33351242] - security: Introduce virSecurityManagerDomainSetPathLabelRO (Michal Privoznik) [Orabug: 33351242] [5.7.0-31.el8] - qemu: Do not latch guestCPUs when guests hotplug with active domain groups (Wim ten Have) [Orabug: 33440015] [5.7.0-30.el8] - qemuDomainSnapshotDiskPrepareOne: Fix logic of relative backing store update (Peter Krempa) [Orabug: 33086913] - qemu: Don't set NVRAM label when creating it (Michal Privoznik) [Orabug: 33319048] - qemu: protect guestCPUs from drift under vcpu guest timeouts (Wim ten Have) [Orabug: 33368490] [5.7.0-29.el8] - qemu: vCORE distribution under vNUMA host partitioning should balance guests vCPU:pCPU pinning (Wim ten Have) [Orabug: 32355455] - qemuDomainSnapshotDiskPrepareOne: Don't load the relative path with blockdev (Peter Krempa) [Orabug: 33151464] - qemu: block: Support VIR_DOMAIN_BLOCK_COMMIT/PULL/REBASE_RELATIVE with blockdev (Peter Krempa) [Orabug: 33151464] - qemu: Tell secdrivers which images are top parent (Michal Privoznik) [Orabug: 33086913] - security: Introduce VIR_SECURITY_DOMAIN_IMAGE_PARENT_CHAIN_TOP flag (Michal Privoznik) [Orabug: 33086913] [5.7.0-28.el8] - qemu_capabilities: Rework domain caps cache (Michal Privoznik) [Orabug: 32664432] - tests: fix virArchFromHost() redefine error (Joe Jin) [Orabug: 32664432] - qemu: cache host arch separately from virCapsPtr (Daniel P. Berrange) [Orabug: 32664432] - cpu.c: Check properly for virCapabilitiesGetNodeInfo() retval (Michal Privoznik) [Orabug: 32664432] - virStorageSourceParseBackingJSONRaw: Parse 'offset' and 'size' attributes (Peter Krempa) [Orabug: 32164351] - tests: qemu: Add test data for the new <slice> element (Peter Krempa) [Orabug: 32164351] - qemu: Add support for slices of type 'storage' (Peter Krempa) [Orabug: 32164351] - tests: qemublock: Add cases for creating image overlays on top of disks with <slice> (Peter Krempa) [Orabug: 32164351] - qemu: block: Properly format storage slice into backing store strings (Peter Krempa) [Orabug: 32164351] - qemu: domain: Store nodenames of slice in status XML (Peter Krempa) [Orabug: 32164351] - conf: Implement support for <slices> of disk source (Peter Krempa) [Orabug: 32164351] - docs: Document the new <slices> sub-element of disk's <source> (Peter Krempa) [Orabug: 32164351] - qemu: block: forbid creation of storage sources with <slice> (Peter Krempa) [Orabug: 32164351] - qemuDomainValidateStorageSource: Reject unsupported slices (Peter Krempa) [Orabug: 32164351] - qemuBlockStorageSourceGetFormatRawProps: format 'offset' and 'size' for slice (Peter Krempa) [Orabug: 32164351] - util: virstoragefile: Add data structure for storing storage source slices (Peter Krempa) [Orabug: 32164351] - tests: virstorage: Add test data for json specified raw image with offset/size (Peter Krempa) [Orabug: 32164351] - docs: formatdomain: Close <source> on one of disk examples (Peter Krempa) [Orabug: 32164351] - qemu: domain: Refactor formatting of node names into status XML (Peter Krempa) [Orabug: 32164351] - tests: virstorage: Add test cases for 'json:' pseudo-URI without 'file' wrapper (Peter Krempa) [Orabug: 32164351] - virStorageSourceParseBackingJSON: Prevent arbitrary nesting with format drivers (Peter Krempa) [Orabug: 32164351] - virStorageSourceParseBackingJSON: Allow 'json:' pseudo URIs without 'file' wrapper (Peter Krempa) [Orabug: 32164351] - virStorageSourceJSONDriverParser: annotate 'format' drivers (Peter Krempa) [Orabug: 32164351] - virStorageSourceParseBackingJSON: Move deflattening of json: URIs out of recursion (Peter Krempa) [Orabug: 32164351] - virStorageSourceParseBackingJSON: Pass around original backing file string (Peter Krempa) [Orabug: 32164351] - qemu: enable blockdev support (Peter Krempa) [Orabug: 32164351] - qemu: Instantiate pflash via -machine when using blockdev (Peter Krempa) [Orabug: 32164351] - qemu: command: Build the 'pflash' drives via -machine (Peter Krempa) [Orabug: 32164351] - qemu: command: Build -blockdev-s for backing of pflash (Peter Krempa) [Orabug: 32164351] - qemu: domain: Introduce helper to convert <loader> into virStorageSource (Peter Krempa) [Orabug: 32164351] - qemu: domain: Store virStorageSources representing pflash backing (Peter Krempa) [Orabug: 32164351] - qemu: command: Extract formatting of -drive for pflash (Peter Krempa) [Orabug: 32164351] - qemu: capabilities: Add detection of the 'savevm' fix for -blockdev (Peter Krempa) [Orabug: 32164351] - qemu: qapi: Add support for command features (Peter Krempa) [Orabug: 32164351] - qemu: caps: Add capability for dynamic 'auto-read-only' support for files (Peter Krempa) [Orabug: 32164351] - tests: qemucapabilities: Refresh data for unreleased qemu-4.2 on x86_64 (Peter Krempa) [Orabug: 32164351] - qemu: caps: Base support of 'backingStoreInput' domain feature on QEMU_CAPS_BLOCKDEV (Peter Krempa) [Orabug: 32164351] - docs: Document support for obeying <backingStore> of <disk> on input (Peter Krempa) [Orabug: 32164351] - conf: domcaps: Add 'backingStoreInput' domain capability (Peter Krempa) [Orabug: 32164351] - qemu: domcaps: Simplify adding new domaincaps based on qemu caps (Peter Krempa) [Orabug: 32164351] - domaincaps: Store domain capability features in an array (Peter Krempa) [Orabug: 32164351] - qemu: domcaps: Initialize all features (Peter Krempa) [Orabug: 32164351] - domcaps: Add function for initializing domain caps as unsupported (Peter Krempa) [Orabug: 32164351] - conf: domaincaps: Use virXMLFormatElement in virDomainCapsFormatFeatures (Peter Krempa) [Orabug: 32164351] - conf: domaincaps: Extract formatting of the <features> subelement (Peter Krempa) [Orabug: 32164351] - conf: domaincaps: Replace FORMAT_SINGLE macro by a function (Peter Krempa) [Orabug: 32164351] - conf: capabilities: Modernize virCapabilitiesFormatMemoryBandwidth (Peter Krempa) [Orabug: 32164351] - conf: caps: Modernize virCapabilitiesFormatCaches (Peter Krempa) [Orabug: 32164351] - conf: turn virDomainMemtuneFormat void (Peter Krempa) [Orabug: 32164351] - conf: domain: Split up formatting of <memtune> and <memoryBacking> (Peter Krempa) [Orabug: 32164351] - conf: Rename virDomainCapsFeature to virDomainProcessCapsFeature (Peter Krempa) [Orabug: 32164351] - conf: storagecaps: Fix broken attempt at being const-correct (Peter Krempa) [Orabug: 32164351] - conf: domaincaps: Fix broken attempt at being const-correct (Peter Krempa) [Orabug: 32164351] - qemu: caps: Make capability filler functions void (Peter Krempa) [Orabug: 32164351] - util: buffer: Add init macro for automatically setting child XML indent (Peter Krempa) [Orabug: 32164351] - qemu: snapshot: Fix inactive external snapshots when backing chain is present (Peter Krempa) [Orabug: 32164351] - qemu: blockjob: Transfer 'readonly' state of images after active layer block commit (Peter Krempa) [Orabug: 32164351] - qemu: command: Use XML based disk bus convertor in error message (Peter Krempa) [Orabug: 32164351] - storagefile: Fill in meta->externalDataStore (Cole Robinson) [Orabug: 32164351] - storagefile: Add externalDataStore member (Cole Robinson) [Orabug: 32164351] - storagefile: Split out virStorageSourceNewFromChild (Cole Robinson) [Orabug: 32164351] - storagefile: Don't access backingStoreRaw directly in FromBackingRelative (Cole Robinson) [Orabug: 32164351] - storagefile: Fill in meta->externalDataStoreRaw (Cole Robinson) [Orabug: 32164351] - storagefile: Add externalDataStoreRaw member (Cole Robinson) [Orabug: 32164351] - storagefile: Fix backing format \0 check (Cole Robinson) [Orabug: 32164351] - storagefile: Rename qcow2GetExtensions 'format' argument (Cole Robinson) [Orabug: 32164351] - storagefile: Rename qcow2GetBackingStoreFormat (Cole Robinson) [Orabug: 32164351] - storagefile: Push extension_end calc to qcow2GetBackingStoreFormat (Cole Robinson) [Orabug: 32164351] - storagefile: Push 'start' into qcow2GetBackingStoreFormat (Cole Robinson) [Orabug: 32164351] - storagefile: Use qcowXGetBackingStore directly (Cole Robinson) [Orabug: 32164351] - storagefile: Drop now unused isQCow2 argument (Cole Robinson) [Orabug: 32164351] - storagefile: Check version to determine if qcow2 or not (Cole Robinson) [Orabug: 32164351] - storagefile: qcow1: Let qcowXGetBackingStore fill in format (Cole Robinson) [Orabug: 32164351] - storagefile: qcow1: Fix check for empty backing file (Cole Robinson) [Orabug: 32164351] - storagefile: qcow1: Check for BACKING_STORE_OK (Cole Robinson) [Orabug: 32164351] - qemu: snapshot: Don't update current snapshot until we're done (Peter Krempa) [Orabug: 32164351] - qemu: block: Replace snapshot transaction action generator (Peter Krempa) [Orabug: 32164351] - tests: qemumonitor: Add testing for the 'transaction' command and generators (Peter Krempa) [Orabug: 32164351] - qemu: monitor: Add transaction generators for snapshot APIs (Peter Krempa) [Orabug: 32164351] - qemu: monitor: Add transaction generators for dirty bitmap APIs (Peter Krempa) [Orabug: 32164351] - tests: qemucapabilities: fix 4.2.0 qemucapabilities (Joe Jin) [Orabug: 32164351] - qemu: checkpoint: Do ACL check prior to snapshot interlocking (Peter Krempa) [Orabug: 32164351] - qemu: driver: Remove misplaced qemuDomainObjEndJob in qemuDomainCheckpointGetXMLDesc (Peter Krempa) [Orabug: 32164351] - conf: Drop pointless 'domain' argument from virDomainSnapshotRedefinePrep (Peter Krempa) [Orabug: 32164351] - conf: Drop pointless 'domain' argument from virDomainCheckpointRedefinePrep (Peter Krempa) [Orabug: 32164351] - tests: qemucapabilities: Update caps of qemu-4.1 to released version (Peter Krempa) [Orabug: 32164351] - tests: add qemu capabilities data for qemu 4.2 (Peter Krempa) [Orabug: 32164351] - lxc: fix compile error (Joe Jin) [Orabug: 32164351] - qemu: driver: Remove QEMU_ADD_BLOCK_PARAM_LL macro (Peter Krempa) [Orabug: 32164351] - qemu: driver: Don't return anything from qemuDomainBlockStatsGatherTotals (Peter Krempa) [Orabug: 32164351] - qemu: driver: Remove pointless macro QEMU_BLOCK_STAT_TOTAL (Peter Krempa) [Orabug: 32164351] - qemu: monitor: Change fields in qemuBlockStats to 'unsigned' (Peter Krempa) [Orabug: 32164351] - qemu: monitor: Refactor cleanup in qemuMonitorJSONGetAllBlockStatsInfo (Peter Krempa) [Orabug: 32164351] - qemu: monitor: Refactor cleanup in qemuMonitorJSONGetOneBlockStatsInfo (Peter Krempa) [Orabug: 32164351] - qemu: monitor: Refactor cleanup in qemuMonitorJSONBlockStatsCollectData (Peter Krempa) [Orabug: 32164351] - qemu: Remove stale comment for qemuDomainBlockStats (Peter Krempa) [Orabug: 32164351] - qemu_blockjob: Remove secdriver metadata for whole backing chain on job completion (Michal Privoznik) [Orabug: 32164351] - qemu: hotplug: Use VIR_AUTOFREE() instead VIR_FREE for strings (Daniel Henrique Barboza) [Orabug: 32164351] - qemu: snapshot: Do ACL check prior to checkpoint interlocking (Peter Krempa) [Orabug: 32164351] - qemuCheckDiskConfigAgainstDomain: Validate disk's SCSI address iff disk is SCSI (Xu Yandong) [Orabug: 32164351] - qemuSharedDeviceEntryRemove: Free domain name before VIR_DELETE_ELEMENT (Xu Yandong) [Orabug: 32164351] - qemu_capabilities: Temporarily disable dbus-vmstate capability (Michal Privoznik) [Orabug: 32164351] - Revert 'qemu: add socket datagram capability' (Michal Privoznik) [Orabug: 32164351] - tests: qemustatusxml2xml: Fix disk target mess (Peter Krempa) [Orabug: 32164351] - snapshot: Store both config and live XML in the snapshot domain (Maxiwell S. Garcia) [Orabug: 32164351] - qemu: formatting XML from domain def choosing the root name (Maxiwell S. Garcia) [Orabug: 32164351] - qemu: Don't leak domain def when RevertToSnapshot fails (Jiri Denemark) [Orabug: 32164351] - qemu: Fix regression in snapshot-revert (Eric Blake) [Orabug: 32164351] - lib: Define and use autofree for virConfPtr (Michal Privoznik) [Orabug: 32164351] - qemu_conf: Use more of VIR_AUTOUNREF() (Michal Privoznik) [Orabug: 32164351] - qemu_conf: Use more of VIR_AUTOFREE() (Michal Privoznik) [Orabug: 32164351] - qemu_conf: Drop a pair of needless 'cleanup' labels (Michal Privoznik) [Orabug: 32164351] - virhostdev: Don't unref @pcidevs twice (Michal Privoznik) [Orabug: 32164351] - qemu_conf.c: introduce qemuAddRemoveSharedDeviceInternal (Daniel Henrique Barboza) [Orabug: 32164351] - qemu_conf.c: introduce qemuAddRemoveSharedDiskInternal (Daniel Henrique Barboza) [Orabug: 32164351] - qemu_conf.c: introduce qemuAddRemoveSharedHostdevInternal (Daniel Henrique Barboza) [Orabug: 32164351] - remote: fix UNIX socket path being incorrectly built for libvirtd (eater) [Orabug: 32164351] - lib: Grab write lock when modifying list of domains (Michal Privoznik) [Orabug: 32164351] - qemu: reset VM id after external devices stop (Marc-Andre Lureau) [Orabug: 32164351] - qemu: add dbus-vmstate capability (Marc-Andre Lureau) [Orabug: 32164351] - qemu: add socket datagram capability (Marc-Andre Lureau) [Orabug: 32164351] - tests: fix xml2xml tpm-emulator.xml test (Marc-Andre Lureau) [Orabug: 32164351] - qemu: migration: Switch to blockdev mode for non-shared storage migration (Peter Krempa) [Orabug: 32164351] - qemu: migration: Refactor cleanup in qemuMigrationSrcNBDStorageCopy (Peter Krempa) [Orabug: 32164351] - qemu: migration: Refactor cleanup in qemuMigrationSrcNBDStorageCopyBlockdev (Peter Krempa) [Orabug: 32164351] - qemu: Defer support checks for external active snapshots to blockdev code or qemu (Peter Krempa) [Orabug: 32164351] - qemu: Add -blockdev support for external snapshots (Peter Krempa) [Orabug: 32164351] - qemu: snapshot: Skip overlay file creation/interogation if unsupported (Peter Krempa) [Orabug: 32164351] - qemu: Merge use of 'reuse' flag in qemuDomainSnapshotDiskPrepareOne (Peter Krempa) [Orabug: 32164351] - qemu: Disband qemuDomainSnapshotCreateSingleDiskActive (Peter Krempa) [Orabug: 32164351] - qemu: snapshot: Rename external disk snapshot handling functions (Peter Krempa) [Orabug: 32164351] - qemu: snapshot: Move error preservation to qemuDomainSnapshotDiskDataCleanup (Peter Krempa) [Orabug: 32164351] - qemu: snapshot: Save status and config XMLs only on success (Peter Krempa) [Orabug: 32164351] - qemu: snapshot: Fix image lock handling when taking a snapshot (Peter Krempa) [Orabug: 32164351] - qemu: driver: Fix shallow non-reuse block copy (Peter Krempa) [Orabug: 32164351] - qemu: Explicitly pass backing store to qemuBuildStorageSourceChainAttachPrepareBlockdevTop (Peter Krempa) [Orabug: 32164351] - qemu: block: explicitly pass backing store to qemuBlockStorageSourceAttachPrepareBlockdev (Peter Krempa) [Orabug: 32164351] - qemu: command: Refactor qemuBuildStorageSourceChainAttachPrepareBlockdevInternal (Peter Krempa) [Orabug: 32164351] - qemu: block: Explicitly specify backingStore when creating format layer props (Peter Krempa) [Orabug: 32164351] - qemu: block: Unify conditions to format backing store of format node definition (Peter Krempa) [Orabug: 32164351] - qemu: Prevent storage causing too much nested XML (Peter Krempa) [Orabug: 32164351] - qemu: domain: Refactor cleanup in qemuDomainDetermineDiskChain (Peter Krempa) [Orabug: 32164351] - qemu: hotplug: Setup disk throttling with blockdev (Peter Krempa) [Orabug: 32164351] - qemu: hotplug: Use VIR_AUTOFREE in qemuDomainAttachDiskGeneric (Peter Krempa) [Orabug: 32164351] - qemu: hotplug: Simplify cleanup in qemuDomainChangeMediaLegacy (Peter Krempa) [Orabug: 32164351] - qemu: Fix qemuDomainObjTaint with virtlogd (Jiri Denemark) [Orabug: 32164351] - qemu: monitor: Fix formatting of 'offset' in qemuMonitorJSONSaveMemory (Peter Krempa) [Orabug: 32164351] - tests: qemublock: Use bigger numbers as dummy capacity/physical (Peter Krempa) [Orabug: 32164351] - qemu: block: Use correct type when creating image size JSON entries (Peter Krempa) [Orabug: 32164351] - Exadata: protect vNUMA/SMT from artificially injected faults (Wim ten Have) [Orabug: 32708041] - virnetserver: fix some memory leaks in virNetTLSContextReloadForServer (Jin Yan) - virt-admin: Introduce command srv-update-tls (Zhang Bo) [Orabug: 32768102] - admin: Introduce virAdmServerUpdateTlsFiles (Zhang Bo) [Orabug: 32768102] - tls: Add a mutex lock on 'tlsCtxt' (Zhang Bo) [Orabug: 32768102] - virnetserver: Introduce virNetServerUpdateTlsFiles (Zhang Bo) [Orabug: 32768102] [5.7.0-27.el8] - Exadata: protect libvirt hugepage acquisition from QEMU async init (Wim ten Have) [Orabug: 32561685] [5.7.0-26.el8] - exadata: Fix autonomous hugepage acquisition barrier hang (Wim ten Have) [Orabug: 32537538] - exadata: Fix CPU Packing when out of pCPUs (Wim ten Have) [Orabug: 32527311] [5.7.0-25.el8] - exadata: force a host CPUs reserved pCPU threshold (Wim ten Have) [Orabug: 32516090] [5.7.0-24.el8] - exadata: Add configurable libvirtd mlockall support (Wim ten Have) [Orabug: 32479237] - exadata: hint a configurable number of memory init threads to qemu (Wim ten Have) [Orabug: 32460334] - Exadata: domain group should allow for asymmetric creation (Wim ten Have) [Orabug: 32060622] [5.7.0-23.el8] - util: remove unneeded cleanup labels (Wim ten Have) [Orabug: 32399255] - virnuma: Don't work around numa_node_to_cpus() for non-existent nodes (Wim ten Have) [Orabug: 32379098] [5.7.0-22.el8] - build: add dependency to help patch tooling (Menno Lageman) [Orabug: 32284540] - Exadata: fix active guest dgroup-delete requests (Wim ten Have) [Orabug: 32095306] - Exadata: fix a rogue Domain Groups dgroup-undefine flaw (Wim ten Have) [Orabug: 31945084] [2.7.0-21.el8] - exadata: Fix the validation when defining domain groups (Wim ten Have) [Orabug: 32085856] - qemu: improve error message when guest vcpu count exceeds domain group limit (Menno Lageman) [Orabug: 31985111] - qemu: Autonomous hugepage acquisition for 2-MiB and 1-GiB guest memoryBacking (Wim ten Have) - qemu: Fix a qemuMemReleaseHostHugepages state error (Wim ten Have) [Orabug: 32069203] - qemu: avoid guest CPU process handling if exadataConfig is disabled (Wim ten Have) [Orabug: 32053696] - domain_conf: Relax SCSI addr used check (Michal Privoznik) [Orabug: 31386162] - domain_conf: Make virDomainDeviceFindSCSIController accept virDomainDeviceDriveAddress struct (Michal Privoznik) [Orabug: 31386162] - qemu: remove use of qemuDomainObjBeginJobWithAgent() (Jonathon Jongsma) [Orabug: 31990187] {CVE-2019-20485} - qemu: agent: set ifname to NULL after freeing (Jan Tomko) [Orabug: 31964426] {CVE-2020-25637} - rpc: require write acl for guest agent in virDomainInterfaceAddresses (Jan Tomko) [Orabug: 31964426] {CVE-2020-25637} - rpc: add support for filtering @acls by uint params (Jan Tomko) [Orabug: 31964426] {CVE-2020-25637} - rpc: gendispatch: handle empty flags (Jan Tomko) [Orabug: 31964426] {CVE-2020-25637} [5.7.0-19.el8] - qemu: Verify use of hugepages when releasing its acquired status (Wim ten Have) [Orabug: 31839035] - qemu: Autonomous hugepages acquisition and release (Wim ten Have) [Orabug: 31367986] [5.7.0-17.el8] - qemu: Fix cpu boundary checks when starting or configuring guest domains. (Wim ten Have) [Orabug: 31469231] - libvirt: Allocate max possible CPUs for QEMU to prepare guest memory (Wim ten Have) [Orabug: 31064560] [5.7.0-16.el8] - qemu: format 'x-aw-bits' on intel-iommu command line (Menno Lageman) - qemu: format address wdith on intel-iommu command line (Menno Lageman) - conf: add address width attribute to iommu (Menno Lageman) - tests: add tests for host-phys-bits KVM feature (Menno Lageman) [Orabug: 31354547] - qemu: support host-phys-bits KVM feature (Menno Lageman) [Orabug: 31374547] - storage: Fix daemon crash on lookup storagepool by targetpath (Yi Li) [Orabug: 31439483] {CVE-2020-10703} [5.7.0-15.el8] - qemu: Escape the qemu driver systemd DOT hoax (Wim ten Have) [Orabug: 31380815] [5.7.0-14.el8] - vmx: make 'fileName' optional for CD-ROMs (Pino Toscano) [Orabug: 31350200] - vmx: shortcut earlier few 'ignore' cases in virVMXParseDisk() (Pino Toscano) [Orabug: 31350200] - domain group: Fix a potential SEGV while restoring guest domains (Wim ten Have) [Orabug: 31285615] - cpu_map: Distinguish Cascadelake-Server from Skylake-Server (Jiri Denemark) [Orabug: 31214897] - cpu_map: Add more -noTSX x86 CPU models (Christian Ehrhardt) [Orabug: 31214897] - qemuDomainGetStatsIOThread: Don't leak array with 0 iothreads (Peter Krempa) [Orabug: 31251756] {CVE-2020-12430} [5.7.0-13.el8] - domain groups: Fix multiple Domain Group vCPU administration flaws (Wim ten Have) [Orabug: 31145304] - qemu: fix missing #if defined(ENABLE_EXADATA) (Menno Lageman) - build: Fix qemu-submodule-init syntax-check issue (Wim ten Have) - libvirt: Fix various introduced Fedora/RHEL build violations (Wim ten Have) [Orabug: 31143337] - qemu: don't hold both jobs for suspend (Jonathon Jongsma) [Orabug: 31073098] {CVE-2019-20485} - domain groups: qemu driver error refers to pCPUs instead of vCPUs (Wim ten Have) [Orabug: 31075757] - node_device_conf: Don't leak @physical_function in virNodeDeviceGetPCISRIOVCaps (Jiang Kun) [Orabug: 31070337] [5.7.0-12.el8] - libvirt: vNUMA automatic host paritioning allows erroneous vcpu settings (Wim ten Have) [Orabug: 31050313] - remote: do not stop libvirtd after period of inactivity (Menno Lageman) [Orabug: 31003707] - remote: do not use socket activation by default (Menno Lageman) [Orabug: 31003707] - qemu driver: handle targetNode under memory hot-plug operations (Wim ten Have) [Orabug: 31009716] - domain groups: refresh dgbase host capabilities prior to defining a new group (Wim ten Have) [Orabug: 31026069] - domain groups: Always cleanup system.slice controlled hugepage reservations (Wim ten Have) [Orabug: 31025853] - domain groups: Enable DGs upon fresh groups arrival (Wim ten Have) [Orabug: 31021247] - domain groups: Skip undefined domain groups when validating lists (Wim ten Have) [Orabug: 31030117] [5.7.0-11.el8] - domain groups: Add functionality to control NUMA node alignment (Wim ten Have) [Orabug: 30988105] - domain groups: A rename should always update active and config domain definitions (Wim ten Have) [Orabug: 30999730] [5.7.0-10.el8] - domain groups: refresh dgbase depending host capabilities before rendering the cpuguestmask (Wim ten Have) [Orabug: 30987361] - conf: domain group validation errors should print correct group info (Menno Lageman) [Orabug: 30988428] - qemu: reserve hugepages when memoryBacking when live attaching memory (Wim ten Have) [Orabug: 30985510] - domain groups: avoid virDomainGroupInit if exadataConfig is disabled (Wim ten Have) [Orabug: 30985907] [5.7.0-9.el8] - vNUMA: distinguish standard and vNUMA memory 'setmaxmem' operations (Wim ten Have) [Orabug: 30894536] [5.7.0-8.el8] - domain groups: End Of BETA (Wim ten Have) - domaingroups: ExaData Domain Groups POC (Wim ten Have) - domaingroup: preliminary virsh support for domain groups - drop #4 (Menno Lageman) - tests: add various tests to exercise vNUMA host partitioning (Wim ten Have) [Orabug: 29720293] - qemu: driver changes for new vNUMA Host and Nodeset partitioning (Wim ten Have) [Orabug: 29720293] - XML definitions for guest vNUMA and parsing routines (Wim ten Have) [Orabug: 29720293] - Revert 'exadata: can not configure shared memory hosted disk devices for vhostmd.service' (Menno Lageman) - qemu: Forcibly mknod() even if it exists (Michal Privoznik) [5.7.0-5.el8] - exadata: can not configure shared memory hosted disk devices for vhostmd.service (Menno Lageman) [Orabug: 30598065] [5.7.0-4.el8] - build: skip copyright check for gnulib (Menno Lageman) - Revert 'network: pull global chain init into separate method' (Menno Lageman) [Orabug: 30611188] - Revert 'network: add more debugging of firewall chain creation' (Menno Lageman) [Orabug: 30611188] - Revert 'network: delay global firewall setup if no networks are running' (Menno Lageman) [Orabug: 30611188] - qemu-submodule-init: Add Git submodule init script (Karl Heubaum) [Orabug: 30796221] [5.7.0-3.el8] - Add VMware esx support (Menno Lageman) [Orabug: 30449929] [5.7.0-2.el8] - enable VMware hypervisor driver libvirt-dbus [1.3.0] - Resolves: bz#1810193 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release) [1.2.0-3] - Rebuild all virt packages to fix RHEL's upgrade path - Resolves: rhbz#1695587 (Ensure modular RPM upgrade path) [1.2.0-2] - util: fix virtDBusUtilDecodeUUID (rhbz#1647823) [1.2.0-1] - Rebased to libvirt-dbus-1.2.0 (rhbz#1630196) [1.0.0-1] - Rebase from Fedora libvirt-python [5.7.0-44.el8] - Bump version number to 5.7.0-44 to match libvirt (Karl Heubaum) [5.7.0-42.el8] - Bump version number to 5.7.0-42 to match libvirt (Karl Heubaum) [5.7.0-41.el8] - Bump version number to 5.7.0-41 to match libvirt (Karl Heubaum) [5.7.0-40.el8] - Bump version number to 5.7.0-40 to match libvirt (Karl Heubaum) [5.7.0-39.el8] - Bump version number to 5.7.0-39 to match libvirt (Karl Heubaum) [5.7.0-38.el8] - Bump version number to 5.7.0-38 to match libvirt (Karl Heubaum) [5.7.0-37.el8] - Bump version number to 5.7.0-37 to match libvirt (Karl Heubaum) [5.7.0-36.el8] - Bump version number to 5.7.0-36 to match libvirt (Karl Heubaum) [5.7.0-34.el8] - libvirt-python.spec: Bump 'Obsoletes' version number for libvirt-python (Karl Heubaum) [Orabug: 34185868] [5.7.0-1.el8] - libvirt-python.spec: Add a .spec file for libvirt-python nbdkit [1.16.2-4.0.1] - Replace upstream references within the description tag [1.16.2] - Resolves: bz#1810193 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release) [1.16.2] - Resolves: bz#1810193 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release) [1.4.2-5] - Rebuild all virt packages to fix RHEL's upgrade path - Resolves: rhbz#1695587 (Ensure modular RPM upgrade path) [1.4.2-4] - Remove misguided LDFLAGS hack which removed server hardening. https://bugzilla.redhat.com/show_bug.cgi?id=1624149#c6 resolves: rhbz#1624149 [1.4.2-3] - Use platform-python resolves: rhbz#1659159 [1.4.2-2] - Add Enhanced Python error reporting resolves: rhbz#1614750. - Use copy-patches.sh script. [1.4.2-1] - New stable version 1.4.2. [1.4.1-3] - Enable VDDK plugin on x86-64 only. [1.4.1-1] - New upstream version 1.4.1. - Small refactorings in the spec file. [1.4.0-1] - New upstream version 1.4.0. - New plugins: random, zero. - New bash tab completion subpackage. - Remove unused build dependencies. [1.2.4-3] - Add all upstream patches since 1.2.4 was released. [1.2.4-2] - Add all upstream patches since 1.2.4 was released. [1.2.4-2] - Disable plugins and filters that we do not want to ship in RHEL 8. [1.2.4-1] - New stable version 1.2.4. - Remove upstream patches. - Enable tarball signatures. - Add upstream patch to fix tests when guestfish not available. [1.2.3-1] - New stable version 1.2.3. - Add patch to work around libvirt problem with relative socket paths. - Add patch to fix the xz plugin test with recent guestfish. [1.2.2-1] - New stable version 1.2.2. [1.2.1-1] - New stable version 1.2.1. [1.2.0-1] - Move to stable branch version 1.2.0. [1.1.28-5] - Escape macros in %changelog [1.1.28-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [1.1.28-3] - Switch to %ldconfig_scriptlets [1.1.28-2] - Run a simplified test suite on all arches. [1.1.28-1] - New upstream version 1.1.28. - Add two new filters to nbdkit-basic-filters. [1.1.27-2] - Rebuilt for switch to libxcrypt [1.1.27-1] - New upstream version 1.1.27. - Add new subpackage nbdkit-basic-filters containing new filters. [1.1.26-2] - Rebuild against updated Ruby. [1.1.26-1] - New upstream version 1.1.26. - Add new pkg-config file and dependency. [1.1.25-1] - New upstream version 1.1.25. [1.1.24-1] - New upstream version 1.1.24. - Add tar plugin (new subpackage nbdkit-plugin-tar). [1.1.23-1] - New upstream version 1.1.23. - Add example4 plugin. - Python3 tests require libguestfs so disable on s390x. [1.1.22-1] - New upstream version 1.1.22. - Enable tests on Fedora. [1.1.20-1] - New upstream version 1.1.20. - Add nbdkit-split-plugin to basic plugins. [1.1.19-2] - OCaml 4.06.0 rebuild. [1.1.19-1] - New upstream version 1.1.19. - Combine all the simple plugins in %{name}-basic-plugins. - Add memory and null plugins. - Rename the example plugins subpackage. - Use %license instead of %doc for license file. - Remove patches now upstream. [1.1.18-4] - Fix Python 3 builds / RHEL macros (RHBZ#1404631). [1.1.18-3] - New upstream version 1.1.18. - Add NBD forwarding plugin. - Add libselinux-devel so that SELinux support is enabled in the daemon. - Apply all patches from upstream since 1.1.18. [1.1.16-2] - New upstream version 1.1.16. - Disable python3 plugin on RHEL/EPEL <= 7. - Only ship on x86_64 in RHEL/EPEL <= 7. [1.1.15-1] - New upstream version 1.1.15. - Enable TLS support. [1.1.14-1] - New upstream version 1.1.14. [1.1.13-1] - New upstream version 1.1.13. - Remove patches which are all upstream. - Remove grubby hack, should not be needed with modern supermin. [1.1.12-13] - Rebuild for OCaml 4.05.0. [1.1.12-12] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [1.1.12-11] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [1.1.12-10] - Rebuild for OCaml 4.04.2. [1.1.12-9] - Perl 5.26 rebuild [1.1.12-8] - Rebuild for OCaml 4.04.1. [1.1.12-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [1.1.12-6] - Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_2.4 [1.1.12-5] - Rebuild for Python 3.6 update. [1.1.12-4] - Fix python3 subpackage so it really uses python3 (RHBZ#1404631). [1.1.12-3] - Rebuild for OCaml 4.04.0. [1.1.12-2] - Compile Python 2 and Python 3 versions of the plugin. [1.1.12-1] - New upstream version 1.1.12 - Enable Ruby plugin. - Disable tests on Rawhide because libvirt is broken again (RHBZ#1344016). [1.1.11-10] - Add another upstream patch since 1.1.11. [1.1.11-9] - Add all patches upstream since 1.1.11 (fixes RHBZ#1336758). [1.1.11-7] - Perl 5.24 rebuild [1.1.11-6] - When tests fail, dump out test-suite.log so we can debug it. [1.1.11-5] - Don't run tests on x86, because kernel is broken there (https://bugzilla.redhat.com/show_bug.cgi?id=1302071) [1.1.11-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [1.1.11-3] - Add support for newstyle NBD protocol (RHBZ#1297100). [1.1.11-1] - New upstream version 1.1.11. [1.1.10-3] - OCaml 4.02.3 rebuild. [1.1.10-2] - Enable libguestfs plugin on aarch64. [1.1.10-1] - New upstream version. - Enable now working OCaml plugin (requires OCaml >= 4.02.2). [1.1.9-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [1.1.9-5] - Perl 5.22 rebuild [1.1.9-4] - Enable debugging messages when running make check. [1.1.9-3] - Perl 5.22 rebuild [1.1.9-2] - New upstream version 1.1.9. - Add the streaming plugin. - Include fix for streaming plugin in 1.1.9. [1.1.8-4] - Rebuild for updated Perl in Rawhide. - Workaround for broken libvirt (RHBZ#1138604). [1.1.8-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild [1.1.8-1] - New upstream version 1.1.8. - Add support for cURL, and new nbdkit-plugin-curl package. [1.1.7-1] - New upstream version 1.1.7. - Remove patches which are now all upstream. [1.1.6-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [1.1.6-4] - libguestfs is available only on selected arches [1.1.6-3] - Backport some upstream patches, fixing a minor bug and adding more tests. - Enable the tests since kernel bug is fixed. [1.1.6-1] - New upstream version 1.1.6. [1.1.5-2] - New upstream version 1.1.5. - Enable the new Python plugin. - Perl plugin man page moved to section 3. - Perl now requires ExtUtils::Embed. [1.1.4-1] - New upstream version 1.1.4. - Enable the new Perl plugin. [1.1.3-1] - New upstream version 1.1.3 which fixes some test problems. - Disable tests because Rawhide kernel is broken (RHBZ#991808). - Remove a single quote from description which confused emacs. - Remove patch, now upstream. [1.1.2-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild [1.1.2-3] - Fix segfault when IPv6 client is used (RHBZ#986601). [1.1.2-2] - New development version 1.1.2. - Disable the tests on Fedora <= 18. [1.1.1-1] - New development version 1.1.1. - Add libguestfs plugin. - Run the test suite. [1.0.0-4] - Initial release. netcf perl-Sys-Virt [4.5.0-5] - Rebuild all virt packages to fix RHEL's upgrade path - Resolves: rhbz#1695587 (Ensure modular RPM upgrade path) [4.5.0-4] - Fix typed parameter memory handling (rhbz #1602346) - Fix missing NWFilterBinding module (rhbz #1615841) [4.5.0-3] - Included BuildRequire: git to fix a building issue [4.5.0-2] - Fix typed parameter memory handling (rhbz#1602346) [4.5.0-1] - Update to 4.5.0 release [4.4.0-2] - Perl 5.28 rebuild [4.2.0-1] - Update to 4.2.0 release [4.1.0-1] - Update to 4.1.0 release [4.0.0-3] - Add build-require gcc [4.0.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [4.0.0-1] - Update to 4.0.0 release [3.9.1-1] - Update to 3.9.1 release [3.9.0-1] - Update to 3.9.0 release [3.8.0-1] - Update to 3.8.0 release [3.7.0-1] - Update to 3.7.0 release [3.5.0-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [3.5.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [3.5.0-1] - Update to 3.5.0 release [3.4.0-2] - Perl 5.26 rebuild [3.4.0-1] - Update to 3.4.0 release [3.3.0-1] - Update to 3.3.0 release [3.2.0-1] - Update to 3.2.0 release [3.1.0-1] - Update to 3.1.0 release [3.0.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [3.0.0-1] - Update to 3.0.0 release [2.5.0-1] - Update to 2.5.0 release [2.4.0-1] - Update to 2.4.0 release [2.3.0-1] - Update to 2.3.0 release [2.2.0-1] - Update to 2.2.0 release [2.1.0-1] - Update to 2.1.0 release [2.0.0-1] - Update to 2.0.0 release [1.3.5-1] - Update to 1.3.5 release [1.3.4-2] - Perl 5.24 rebuild [1.3.4-1] - Update to 1.3.4 release [1.3.3-1] - Update to 1.3.3 release [1.3.2-1] - Update to 1.3.2 release [1.3.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [1.3.1-1] - Update to 1.3.1 release qemu-kvm [4.2.1-35.el8] - hw/vfio/pci-quirks: Sanitize capability pointer (Alex Williamson) [Orabug: 37096901] - hw/vfio/pci-quirks: Support alternate offset for GPUDirect Cliques (Alex Williamson) [Orabug: 37096901] - hw/sd/sdhci: Do not update TRNMOD when Command Inhibit (DAT) is set (Philippe Mathieu-Daude) [Orabug: 36659053] {CVE-2024-3447} [4.2.1-34.el8] - multifd: fix the multifd initialization (Elena Ufimtseva) [Orabug: 36598610] - hw/scsi/scsi-generic: Fix io_timeout property not applying (Lorenz Brun) [Orabug: 36604206] - scsi: make io_timeout configurable (Hannes Reinecke) [Orabug: 36604206] - target/i386/monitor: synchronize cpu state for lapic info (Dongli Zhang) [Orabug: 36607762] [4.2.1-32.el8] - Document CVEs as fixed (Mark Kanda) [Orabug: 36455470] [Orabug: 36455480] [Orabug: 36455529] [Orabug: 36455489] [Orabug: 36455500] [Orabug: 36455512] [Orabug: 36455520] {CVE-2023-4135} {CVE-2023-3255} {CVE-2023-6683} {CVE-2023-40360} {CVE-2023-42467} {CVE-2024-26327} {CVE-2024-24474} - hw/pvrdma: Protect against buggy or malicious guest driver (Yuval Shaia) [Orabug: 35250119] {CVE-2023-1544} - hw/pflash_cfi01: allow smaller backing devices in postload_update_cb() (Mark Kanda) [Orabug: 36378764] - hw/block/pflash: Check return value of blk_pwrite() (Mansour Ahmadi) [Orabug: 36378764] - net: Update MemReentrancyGuard for NIC (Akihiko Odaki) [Orabug: 36421467] {CVE-2023-3019} - net: Provide MemReentrancyGuard * to qemu_new_nic() (Akihiko Odaki) [Orabug: 36421467] {CVE-2023-3019} - lsi53c895a: disable reentrancy detection for MMIO region, too (Thomas Huth) [Orabug: 36425307] {CVE-2021-3750} - memory: stricter checks prior to unsetting engaged_in_io (Alexander Bulekov) [Orabug: 36425307] {CVE-2021-3750} - async: avoid use-after-free on re-entrancy guard (Alexander Bulekov) [Orabug: 36425307] {CVE-2021-3750} - apic: disable reentrancy detection for apic-msi (Alexander Bulekov) [Orabug: 36425307] {CVE-2021-3750} - raven: disable reentrancy detection for iomem (Alexander Bulekov) [Orabug: 36425307] {CVE-2021-3750} - bcm2835_property: disable reentrancy detection for iomem (Alexander Bulekov) [Orabug: 36425307] {CVE-2021-3750} - lsi53c895a: disable reentrancy detection for script RAM (Alexander Bulekov) [Orabug: 36425307] {CVE-2021-3750} - hw: replace most qemu_bh_new calls with qemu_bh_new_guarded (Alexander Bulekov) [Orabug: 36425307] {CVE-2021-3750} - checkpatch: add qemu_bh_new/aio_bh_new checks (Alexander Bulekov) [Orabug: 36425307] {CVE-2021-3750} - async: Add an optional reentrancy guard to the BH API (Alexander Bulekov) [Orabug: 36425307] {CVE-2021-3750} - memory: prevent dma-reentracy issues (Alexander Bulekov) [Orabug: 36425307] {CVE-2021-3750} - util/async: add a human-readable name to BHs for debugging (Stefan Hajnoczi) [Orabug: 36425307] {CVE-2021-3750} - io: remove io watch if TLS channel is closed during handshake (Daniel Berrange) [Orabug: 35595204] {CVE-2023-3354} - tests/qtest: ahci-test: add test exposing reset issue with pending callback (Fiona Ebner) [Orabug: 36327659] {CVE-2023-5088} - hw/ide: reset: cancel async DMA operation before resetting state (Fiona Ebner) [Orabug: 36327659] {CVE-2023-5088} - accel/tcg: fix race in cpu_exec_step_atomic (bug 1863025) (Alex Bennee) [Orabug: 36327651] {CVE-2020-24165} - physmem: add missing memory barrier (Paolo Bonzini) [Orabug: 35886091] - qemu-coroutine-lock: add smp_mb__after_rmw() (Paolo Bonzini) [Orabug: 35886091] - aio-wait: switch to smp_mb__after_rmw() (Paolo Bonzini) [Orabug: 35886091] - edu: add smp_mb__after_rmw() (Paolo Bonzini) [Orabug: 35886091] - qemu-thread-win32: cleanup, fix, document QemuEvent (Paolo Bonzini) [Orabug: 35886091] - qemu-thread-posix: cleanup, fix, document QemuEvent (Paolo Bonzini) [Orabug: 35886091] - qatomic: add smp_mb__before/after_rmw() (Paolo Bonzini) [Orabug: 35886091] - aio_wait_kick: add missing memory barrier (Emanuele Giuseppe Esposito) [Orabug: 35886091] - hw/smbios: Fix core count in type4 (Zhao Liu) [Orabug: 35876036] - hw/smbios: Fix thread count in type4 (Zhao Liu) [Orabug: 35876036] - hw/smbios: Fix smbios_smp_sockets caculation (Zhao Liu) [Orabug: 35876036] - machine: Add helpers to get cores/threads per socket (Zhao Liu) [Orabug: 35876036] - machine: move dies from X86MachineState to CpuTopology (Paolo Bonzini) [Orabug: 35876036] - machine: move SMP initialization from vl.c (Paolo Bonzini) [Orabug: 35876036] - machine: move UP defaults to class_base_init (Paolo Bonzini) [Orabug: 35876036] - virtio-crypto: verify src&dst buffer length for sym request (zhenwei pi) [Orabug: 35724113] {CVE-2023-3180} - hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330) (Thomas Huth) [Orabug: 35724112] {CVE-2023-0330} [4.2.1-27.1.el8] - kvm: Atomic memslot updates (David Hildenbrand) [Orabug: 35719844] - KVM: keep track of running ioctls (Emanuele Giuseppe Esposito) [Orabug: 35719844] - accel: introduce accelerator blocker API (Emanuele Giuseppe Esposito) [Orabug: 35719844] - KVM: Use a big lock to replace per-kml slots_lock (Peter Xu) [Orabug: 35719844] [4.2.1-27.el8] - hw/arm/virt: Add nvdimm hotplug support (Shameer Kolothum) [Orabug: 35505663] - hw/arm/virt: Add nvdimm hot-plug infrastructure (Kwangwoo Lee) [Orabug: 35505663] - nvdimm: Use configurable ACPI IO base and size (Kwangwoo Lee) [Orabug: 35505663] - target/i386: define a new MSR based feature word - FEAT_PERF_CAPABILITIES (Like Xu) [Orabug: 35370615] [4.2.1-26.el8] - migration: check magic value for deciding the mapping of channels (Manish Mishra) [Orabug: 34735462] - io: Add support for MSG_PEEK for socket channel (Manish Mishra) [Orabug: 34735462] - migration: Move channel setup out of postcopy_try_recover() (Peter Xu) [Orabug: 34735462] - vdpa: commit all host notifier MRs in a single MR transaction (Mike Longpeng) [Orabug: 35252234] - vhost: configure all host notifiers in a single MR transaction (Mike Longpeng) [Orabug: 35252234] - vhost: simplify vhost_dev_enable_notifiers (Mike Longpeng) [Orabug: 35252234] - pcie: Do not update hotplugged device power in RUN_STATE_INMIGRATE state (Annie Li) [Orabug: 35055290] - qga/win32: Use rundll for VSS installation (Konstantin Kostiuk) [Orabug: 35206108] {CVE-2023-0664} - qga/win32: Remove change action from MSI installer (Konstantin Kostiuk) [Orabug: 35206108] {CVE-2023-0664} - hw/display/qxl: Assert memory slot fits in preallocated MemoryRegion (Philippe Mathieu-Daude) [Orabug: 34846087] - hw/display/qxl: Avoid buffer overrun in qxl_phys2virt (CVE-2022-4144) (Philippe Mathieu-Daude) [Orabug: 34846087] {CVE-2022-4144} - hw/display/qxl: Pass requested buffer size to qxl_phys2virt() (Philippe Mathieu-Daude) [Orabug: 34846087] - hw/display/qxl: Document qxl_phys2virt() (Philippe Mathieu-Daude) [Orabug: 34846087] - hw/display/qxl: Have qxl_log_command Return early if no log_cmd handler (Philippe Mathieu-Daude) [Orabug: 34846087] - virtio-blk: On restart, process queued requests in the proper context (Sergio Lopez) [Orabug: 35060530] - virtio-blk: Refactor the code that processes queued requests (Sergio Lopez) [Orabug: 35060530] - hw/intc/ioapic: Update KVM routes before redelivering IRQ, on RTE update (David Woodhouse) [Orabug: 35219223] - modules: load modules from /var/run/qemu/ directory firstly (Siddhi Katage) [Orabug: 34867783] - qemu.spec: Add post-install script for block storage modules (Siddhi Katage) [Orabug: 34867783] - qemu.spec: Enable '-module-upgrades' for OL7 (Siddhi Katage) [Orabug: 34867783] - module: increase dirs array size by one (Bruce Rogers) [Orabug: 34867783] - modules: load modules from versioned /var/run dir (Christian Ehrhardt) [Orabug: 34867783] - blockjob: Fix crash with IOthread when block commit after snapshot (Michael Qiu) [Orabug: 35118668] [4.2.1-25.el8] - target/i386/kvm: get and put AMD pmu registers (Dongli Zhang) [Orabug: 34641255] - i386/kvm: fix a use-after-free when vcpu plug/unplug (Pan Nengyuan) [Orabug: 34859902] - memory: batch allocate ioeventfds[] in address_space_update_ioeventfds() (Stefan Hajnoczi) [Orabug: 34538900] - virtio-blk: Fix clean up of host notifiers for single MR transaction (Mark Mielke) [Orabug: 34538900] - virtio-scsi: Configure all host notifiers in a single MR transaction (Greg Kurz) [Orabug: 34538900] - virtio-scsi: Set host notifiers and callbacks separately (Greg Kurz) [Orabug: 34538900] - virtio-blk: Configure all host notifiers in a single MR transaction (Greg Kurz) [Orabug: 34538900] - virtio-blk: Fix rollback path in virtio_blk_data_plane_start() (Greg Kurz) [Orabug: 34538900] - event_notifier: Set ->initialized earlier in event_notifier_init() (Greg Kurz) [Orabug: 34538900] - virtio-scsi: don't process IO on fenced dataplane (Maxim Levitsky) [Orabug: 34538900] - virtio-scsi: don't uninitialize queues that we didn't initialize (Maxim Levitsky) [Orabug: 34538900] - hw/arm/virt: build SMBIOS 19 table (Mihai Carabas) [4.2.1-24.el8] - hw/display/ati_2d: Fix buffer overflow in ati_2d_blt (CVE-2021-3638) (Philippe Mathieu-Daude) [Orabug: 33930374] {CVE-2021-3638} - tests/acpi: virt: update ACPI MADT and FADT binaries (Miguel Luis) - acpi: arm/virt: madt: bump to revision 4 accordingly to ACPI 6.0 Errata A (Miguel Luis) - acpi: arm/virt: madt: use build_append_int_noprefix() API to compose MADT table (Igor Mammedov) - acpi: madt: arm/x86: use acpi_table_begin()/acpi_table_end() instead of build_header() (Igor Mammedov) - hw/arm/virt-acpi-build:Remove dead assignment in build_madt() (Chen Qun) - acpi: build_fadt: adapt FADT table names (Miguel Luis) - acpi: fadt: support revision 6.0 of the ACPI specification (Miguel Luis) - tests/acpi: virt: allow acpi MADT and FADT changes (Miguel Luis) - Document CVE-2022-3165 as not applicable (Mark Kanda) [Orabug: 34713999] {CVE-2022-3165} - Document CVE-2022-1050 as not applicable (Mark Kanda) [Orabug: 34132133] {CVE-2022-1050} - hw/acpi/erst.c: Fix memory handling issues (Christian A. Ehrhardt) [Orabug: 34779472] {CVE-2022-4172} - vhost-vdpa: fix assert !virtio_net_get_subqueue(nc)->async_tx.elem in virtio_net_reset (Si-Wei Liu) - net/vhost-vdpa.c: Fix clang compilation failure (Peter Maydell) - vhost-vdpa: allow passing opened vhostfd to vhost-vdpa (Si-Wei Liu) - hw/acpi/aml-build: Improve scalability of PPTT generation (Yanan Wang) - tests/data/acpi/virt: update empty file for PPTT (Miguel Luis) - hw/arm/virt-acpi-build: Generate PPTT table (Yanan Wang) - tests/data/acpi/virt: Add an empty expected file for PPTT (Yanan Wang) - hw/acpi/aml-build: Add PPTT table (Andrew Jones) - hw/acpi/aml-build: Add Processor hierarchy node structure (Yanan Wang) - machine: Add SMP Sockets in CpuTopology (Babu Moger) - bios-tables-test: generate table for virt/DBG2 (Miguel Luis) - hw/arm/virt_acpi_build: Generate DBG2 table (Eric Auger) - tests/acpi: Add void table for virt/DBG2 bios-tables-test (Eric Auger) - tests/acpi: virt: update ACPI GTDT binaries (Miguel Luis) [Orabug: 34711916] - acpi: arm/virt: build_gtdt: fix invalid 64-bit physical addresses (Miguel Luis) [Orabug: 34711916] - tests/acpi: virt: allow acpi GTDT changes (Miguel Luis) [Orabug: 34711916] - acpi: fix OEM ID/OEM Table ID padding (Igor Mammedov) [Orabug: 34711916] - acpi: arm/virt: build_gtdt: use acpi_table_begin()/acpi_table_end() instead of build_header() (Igor Mammedov) [Orabug: 34711916] - acpi: add helper routines to initialize ACPI tables (Igor Mammedov) [Orabug: 34711916] - acpi: declare the default assignable value for the ACPI table header (Miguel Luis) [Orabug: 34711916] [4.2.1-22.el8] - Revert 'block: Set the name of BlockBackend if possible' (Joe Jin) [Orabug: 34841102] - Revert 'iotests: Adjust 186.out to account for 'null' node-name' (Joe Jin) [Orabug: 34841102] [4.2.1-21.el8] - qemu-kvm.spec: Fix the qemu-regdump sos report plugin path (Mark Kanda) [Orabug: 34680062] - qmp-regdump: Require python3 on OL8 (Mark Kanda) [Orabug: 34672256] - iotests: Adjust 186.out to account for 'null' node-name (Mark Kanda) [Orabug: 34447388] - block: Set the name of BlockBackend if possible (Annie Li) [Orabug: 34447388] - acpi: Update _DSM method in expected files (Mark Kanda) [Orabug: 34616322] - acpi/gpex: Fix cca attribute check for pxb device (Xingang Wang) [Orabug: 34616322] - acpi: Enable pxb unit-test for ARM virt machine (Jiahui Cen) [Orabug: 34616322] - Kconfig: Compile PXB for ARM_VIRT (Jiahui Cen) [Orabug: 34616322] - acpi/gpex: Exclude pxb's resources from PCI0 (Jiahui Cen) [Orabug: 34616322] - acpi/gpex: Inform os to keep firmware resource map (Jiahui Cen) [Orabug: 34616322] - acpi: Add addr offset in build_crs (Jiahui Cen) [Orabug: 34616322] - unit-test: Add testcase for pxb (Yubo Miao) [Orabug: 34616322] - acpi: Align the size to 128k (Yubo Miao) [Orabug: 34616322] - acpi/gpex: Build tables for pxb (Yubo Miao) [Orabug: 34616322] - acpi: Extract crs build form acpi_build.c (Yubo Miao) [Orabug: 34616322] - hw/arm/virt: Write extra pci roots into fw_cfg (Jiahui Cen) [Orabug: 34616322] - fw_cfg: Refactor extra pci roots addition (Jiahui Cen) [Orabug: 34616322] - acpi/gpex: Extract two APIs from acpi_dsdt_add_pci (Yubo Miao) [Orabug: 34616322] - arm: use acpi_dsdt_add_gpex (Gerd Hoffman) [Orabug: 34616322] - acpi: add acpi_dsdt_add_gpex (Gerd Hoffman) [Orabug: 34616322] - acpi: Allow DSDT acpi table changes (Jiahui Cen) [Orabug: 34616322] - move MemMapEntry (Gerd Hoffman) [Orabug: 34616322] - scsi/lsi53c895a: really fix use-after-free in lsi_do_msgout (CVE-2022-0216) (Mauro Matteo Cascella) [Orabug: 34353672] {CVE-2022-0216} - scsi/lsi53c895a: fix use-after-free in lsi_do_msgout (CVE-2022-0216) (Mauro Matteo Cascella) [Orabug: 34353672] {CVE-2022-0216} - tests/qtest: Add fuzz-lsi53c895a-test (Philippe Mathieu-Daude) [Orabug: 34353672] {CVE-2022-0216} - hw/scsi/lsi53c895a: Do not abort when DMA requested and no data queued (Philippe Mathieu-Daude) [Orabug: 34353672] {CVE-2022-0216} - vfio: defer to commit kvm irq routing when enable msi/msix (Mike Longpeng) [Orabug: 34419422] - vfio: simplify the failure path in vfio_msi_enable (Mike Longpeng) [Orabug: 34419422] - vfio: move re-enabling INTX out of the common helper (Mike Longpeng) [Orabug: 34419422] - vfio: simplify the conditional statements in vfio_msi_enable (Mike Longpeng) [Orabug: 34419422] - kvm/msi: do explicit commit when adding msi routes (Mike Longpeng) [Orabug: 34419422] - kvm-irqchip: introduce new API to support route change (Mike Longpeng) [Orabug: 34419422] - event_notifier: handle initialization failure better (Maxim Levitsky) [Orabug: 34419422] - qmp-regdump: use QMP command 'query-cpus-fast' (Mark Kanda) [Orabug: 34510460] [4.2.1-20.el8] - vl: Add an -action option to override MCE handling (Mark Kanda) [Orabug: 34538907] - vl: Add an -action option specifying response to guest events (Alejandro Jimenez) [Orabug: 34538907] - qmp: generalize watchdog-set-action to -no-reboot/-no-shutdown (Alejandro Jimenez) [Orabug: 34538907] [4.2.1-19.el8] - virtio-net: handle zero mac for a vdpa peer (Cindy Lu) [Orabug: 34137522] - virtio-net: don't handle mq request in userspace handler for vhost-vdpa (Si-Wei Liu) [Orabug: 34137522] - vhost-vdpa: change name and polarity for vhost_vdpa_one_time_request() (Si-Wei Liu) [Orabug: 34137522] - vhost-vdpa: backend feature should set only once (Si-Wei Liu) [Orabug: 34137522] - vhost-net: fix improper cleanup in vhost_net_start (Si-Wei Liu) [Orabug: 34137522] - vhost-vdpa: fix improper cleanup in net_init_vhost_vdpa (Si-Wei Liu) [Orabug: 34137522] - virtio-net: align ctrl_vq index for non-mq guest for vhost_vdpa (Si-Wei Liu) [Orabug: 34137522] - virtio-net: setup vhost_dev and notifiers for cvq only when feature is negotiated (Si-Wei Liu) [Orabug: 34137522] - virtio: fix the condition for iommu_platform not supported (Halil Pasic) [Orabug: 34137522] - vdpa: Make ncs autofree (Eugenio Perez) [Orabug: 34137522] - vhost-vdpa: make notifiers _init()/_uninit() symmetric (Laurent Vivier) [Orabug: 34137522] - hw/virtio: vdpa: Fix leak of host-notifier memory-region (Laurent Vivier) [Orabug: 34137522] - vhost-vdpa: stick to -errno error return convention (Roman Kagan) [Orabug: 34137522] - vdpa: Add dummy receive callback (Eugenio Perez) [Orabug: 34137522] - vdpa: Check for existence of opts.vhostdev (Eugenio Perez) [Orabug: 34137522] - vhost: Fix last vq queue index of devices with no cvq (Eugenio Perez) [Orabug: 34137522] - vhost: Rename last_index to vq_index_end (Eugenio Perez) [Orabug: 34137522] - net/vhost-vdpa: fix memory leak in vhost_vdpa_get_max_queue_pairs() (Stefano Garzarella) [Orabug: 34137522] - vhost-vdpa: multiqueue support (Jason Wang) [Orabug: 34137522] - virtio-net: vhost control virtqueue support (Jason Wang) [Orabug: 34137522] - vhost: record the last virtqueue index for the virtio device (Jason Wang) [Orabug: 34137522] - virtio-net: use 'queue_pairs' instead of 'queues' when possible (Jason Wang) [Orabug: 34137522] - vhost-net: control virtqueue support (Jason Wang) [Orabug: 34137522] - net: introduce control client (Jason Wang) [Orabug: 34137522] - vhost-vdpa: let net_vhost_vdpa_init() returns NetClientState * (Jason Wang) [Orabug: 34137522] - vhost-vdpa: prepare for the multiqueue support (Jason Wang) [Orabug: 34137522] - vhost-vdpa: classify one time request (Jason Wang) [Orabug: 34137522] - vhost-vdpa: open device fd in net_init_vhost_vdpa() (Jason Wang) [Orabug: 34137522] - vdpa: Check for iova range at mappings changes (Eugenio Perez) [Orabug: 34137522] - vdpa: Add vhost_vdpa_section_end (Eugenio Perez) [Orabug: 34137522] - net/vhost-vdpa: Fix device compatibility check (Kevin Wolf) [Orabug: 34137522] - net/vhost-user: Fix device compatibility check (Kevin Wolf) [Orabug: 34137522] - net: Introduce NetClientInfo.check_peer_type() (Kevin Wolf) [Orabug: 34137522] - vhost-vdpa: remove the unncessary queue_index assignment (Jason Wang) [Orabug: 34137522] - vhost-vdpa: fix the wrong assertion in vhost_vdpa_init() (Jason Wang) [Orabug: 34137522] - vhost-vdpa: tweak the error label in vhost_vdpa_add() (Jason Wang) [Orabug: 34137522] - vhost-vdpa: fix leaking of vhost_net in vhost_vdpa_add() (Jason Wang) [Orabug: 34137522] - vhost-vdpa: don't cleanup twice in vhost_vdpa_add() (Jason Wang) [Orabug: 34137522] - vhost-vdpa: remove the unnecessary check in vhost_vdpa_add() (Jason Wang) [Orabug: 34137522] - vhost_net: do not assume nvqs is always 2 (Jason Wang) [Orabug: 34137522] - vhost: use unsigned int for nvqs (Jason Wang) [Orabug: 34137522] - vhost_net: remove the meaningless assignment in vhost_net_start_one() (Jason Wang) [Orabug: 34137522] - vhost-vdpa: correctly return err in vhost_vdpa_set_backend_cap() (Jason Wang) [Orabug: 34137522] - vhost-vdpa: remove unused variable 'acked_features' (Jason Wang) [Orabug: 34137522] - vhost: correctly detect the enabling IOMMU (Jason Wang) [Orabug: 34137522] - virtio-pci: implement iommu_enabled() (Jason Wang) [Orabug: 34137522] - virtio-bus: introduce iommu_enabled() (Jason Wang) [Orabug: 34137522] - hw/virtio: Fix leak of host-notifier memory-region (Yajun Wu) [Orabug: 34137522] - vhost-vdpa: Do not send empty IOTLB update batches (Eugenio Perez) [Orabug: 34137522] - vhost-vdpa: remove the unused vhost_vdpa_get_acked_features() (Jason Wang) [Orabug: 34137522] - vhost-vdpa: don't initialize backend_features (Jason Wang) [Orabug: 34137522] - vhost-vdpa: map virtqueue notification area if possible (Jason Wang) [Orabug: 34137522] - vhost-vdpa: skip ram device from the IOTLB mapping (Jason Wang) [Orabug: 34137522] - vhost-vdpa: Remove redundant declaration of address_space_memory (Xie Yongji) [Orabug: 34137522] - virtio: Fail if iommu_platform is requested, but unsupported (Kevin Wolf) [Orabug: 34137522] - vhost-vdpa: Make vhost_vdpa_get_device_id() static (Zenghui Yu) [Orabug: 34137522] - Update linux headers to 5.11-rc2 (Eric Farman) [Orabug: 34137522] - linux-headers: update against 5.10-rc1 (Matthew Rosato) [Orabug: 34137522] - linux headers: sync to 5.9-rc7 (Andrew Jones) [Orabug: 34137522] [4.2.1-18.el8] - block: introduce max_hw_iov for use in scsi-generic (Paolo Bonzini) [Orabug: 33785156] - file-posix: try BLKSECTGET on block devices too, do not round to power of 2 (Paolo Bonzini) [Orabug: 33785156] - block: add max_hw_transfer to BlockLimits (Paolo Bonzini) [Orabug: 33785156] - block-backend: align max_transfer to request alignment (Paolo Bonzini) [Orabug: 33785156] - osdep: provide ROUND_DOWN macro (Paolo Bonzini) [Orabug: 33785156] - scsi-generic: pass max_segments via max_iov field in BlockLimits (Paolo Bonzini) [Orabug: 33785156] - file-posix: fix max_iov for /dev/sg devices (Paolo Bonzini) [Orabug: 33785156] - display/qxl-render: fix race condition in qxl_cursor (CVE-2021-4207) (Mauro Matteo Cascella) [Orabug: 34049511] {CVE-2021-4207} - ui/cursor: fix integer overflow in cursor_alloc (CVE-2021-4206) (Mauro Matteo Cascella) [Orabug: 34049509] {CVE-2021-4206} - hw/block/fdc: Prevent end-of-track overrun (CVE-2021-3507) (Philippe Mathieu-Daude) [Orabug: 32860387] {CVE-2021-3507} - pc: q35: Bump max_cpus to 512 (Suravee Suthikulpanit) [Orabug: 34314249] - tests/qtest: fix pvpanic-pci-test (Mark Kanda) [Orabug: 34284763] - libqos: pci-pc: use 32-bit write for EJ register (Paolo Bonzini) [Orabug: 34284758] - libqos: usb-hcd-ehci: use 32-bit write for config register (Paolo Bonzini) [Orabug: 34284768] - target/i386/kvm: Fix disabling MPX on '-cpu host' with MPX-capable host (Maciej S. Szmigiero) [Orabug: 33528615] - i386: Mask SVM features if nested SVM is disabled (Eduardo Habkost) [Orabug: 33860224] - ide: Cap LBA28 capacity announcement to 2^28-1 (Samuel Thibault) [Orabug: 25327652] - tests/acpi: update expected arm/virt tables (Mark Kanda) [Orabug: 34132842] [4.2.1-17.el8] - arm/acpi: fix an out of spec _UID for PCI root (Michael S. Tsirkin) - arm/acpi: fix duplicated _UID of PCI interrupt link devices (Heyi Guo) - arm/acpi: fix PCI _PRT definition (Heyi Guo) - docs: fix references to docs/devel/atomics.rst (Stefano Garzarella) [Orabug: 33659123] - rcu: do not mention atomic_mb_read/set in documentation (Paolo Bonzini) [Orabug: 33659123] - atomics: update documentation (Paolo Bonzini) [Orabug: 33659123] - atomics: convert to reStructuredText (Paolo Bonzini) [Orabug: 33659123] - async: use explicit memory barriers (Paolo Bonzini) [Orabug: 33659123] - aio-wait: delegate polling of main AioContext if BQL not held (Paolo Bonzini) [Orabug: 33659123] - qapi: Add '@allow-write-only-overlay' feature for 'blockdev-snapshot' (Peter Krempa) [Orabug: 33888021] - iotests: Add iothread cases to 155 (Kevin Wolf) [Orabug: 33888021] - block: Fix cross-AioContext blockdev-snapshot (Kevin Wolf) [Orabug: 33888021] - iotests: Test mirror with temporarily disabled target backing file (Kevin Wolf) [Orabug: 33888021] - iotests: Fix run_job() with use_log=False (Kevin Wolf) [Orabug: 33888021] - block: Relax restrictions for blockdev-snapshot (Kevin Wolf) [Orabug: 33888021] - block: Make bdrv_get_cumulative_perm() public (Kevin Wolf) [Orabug: 33888021] - iotests: Use complete_and_wait() in 155 (Max Reitz) [Orabug: 33888021] - iotests: Support job-complete in run_job() (Kevin Wolf) [Orabug: 33888021] - linux-headers: update again to 5.8 (Paolo Bonzini) [Orabug: 34022218] - virtio-net: fix map leaking on error during receive (Jason Wang) [Orabug: 33941879] {CVE-2022-26353} - vhost-vsock: detach the virqueue element in case of error (Stefano Garzarella) [Orabug: 33941844] {CVE-2022-26354} - virtio-net: fix use after unmap/free for sg (Jason Wang) [Orabug: 33972912] {CVE-2021-3748} - migration: Report the error returned when save_live_iterate fails (David Edmondson) [4.2.1-16.el8] - Document CVE-2021-4145 as fixed (Mark Kanda) [Orabug: 33791496] {CVE-2021-4145} - migration: Tally pre-copy, downtime and post-copy bytes independently (David Edmondson) - migration: Introduce ram_transferred_add() (David Edmondson) - ACPI ERST: specification for ERST support (Eric DeVolder) - ACPI ERST: step 6 of bios-tables-test.c (Eric DeVolder) - ACPI ERST: bios-tables-test testcase (Eric DeVolder) - ACPI ERST: qtest for ERST (Eric DeVolder) - ACPI ERST: create ACPI ERST table for pc/x86 machines (Eric DeVolder) - ACPI ERST: build the ACPI ERST table (Eric DeVolder) - ACPI ERST: support for ACPI ERST feature (Eric DeVolder) - ACPI ERST: header file for ERST (Eric DeVolder) - ACPI ERST: PCI device_id for ERST (Eric DeVolder) - ACPI ERST: bios-tables-test.c steps 1 and 2 (Eric DeVolder) - ACPI: cleanup bios-tables-test state (Eric DeVolder) - KVM: x86: believe what KVM says about WAITPKG (Paolo Bonzini) [Orabug: 33832295] - cputlb: destroy CPUTLB with tlb_destroy (Emilio G. Cota) [Orabug: 33428107] [4.2.1-15.el8] - qemu-kvm.spec: Add support for reading vmdk, vhdx, vpc, https, and ssh disk image formats from qemu-kvm (Karl Heubaum) [Orabug: 33741340] - Document CVE-2021-4158 and CVE-2021-3947 as fixed (Mark Kanda) [Orabug: 33719302] [Orabug: 33754145] {CVE-2021-4158} {CVE-2021-3947} - hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196 (Philippe Mathieu-Daude) [Orabug: 32439466] {CVE-2021-20196} - hw/block/fdc: Extract blk_create_empty_drive() (Philippe Mathieu-Daude) [Orabug: 32439466] {CVE-2021-20196} - net: vmxnet3: validate configuration values during activate (CVE-2021-20203) (Prasad J Pandit) [Orabug: 32559476] {CVE-2021-20203} - lan9118: switch to use qemu_receive_packet() for loopback (Alexander Bulekov) [Orabug: 32560540] {CVE-2021-3416} - pcnet: switch to use qemu_receive_packet() for loopback (Alexander Bulekov) [Orabug: 32560540] {CVE-2021-3416} - rtl8139: switch to use qemu_receive_packet() for loopback (Alexander Bulekov) [Orabug: 32560540] {CVE-2021-3416} - tx_pkt: switch to use qemu_receive_packet_iov() for loopback (Jason Wang) [Orabug: 32560540] {CVE-2021-3416} - sungem: switch to use qemu_receive_packet() for loopback (Jason Wang) [Orabug: 32560540] {CVE-2021-3416} - dp8393x: switch to use qemu_receive_packet() for loopback packet (Jason Wang) [Orabug: 32560540] {CVE-2021-3416} - e1000: switch to use qemu_receive_packet() for loopback (Jason Wang) [Orabug: 32560540] {CVE-2021-3416} - net: introduce qemu_receive_packet() (Jason Wang) [Orabug: 32560540] {CVE-2021-3416} - target/i386: Populate x86_ext_save_areas offsets using cpuid where possible (Paolo Bonzini) - target/i386: Observe XSAVE state area offsets (Paolo Bonzini) - target/i386: Make x86_ext_save_areas visible outside cpu.c (Paolo Bonzini) - target/i386: Pass buffer and length to XSAVE helper (Paolo Bonzini) - target/i386: Clarify the padding requirements of X86XSaveArea (Paolo Bonzini) - target/i386: Consolidate the X86XSaveArea offset checks (Paolo Bonzini) - target/i386: Declare constants for XSAVE offsets (Paolo Bonzini) [4.2.1-14.el8] - scsi: fix sense code for EREMOTEIO (Paolo Bonzini) [Orabug: 33537443] - scsi: move host_status handling into SCSI drivers (Hannes Reinecke) [Orabug: 33537443] - scsi: inline sg_io_sense_from_errno() into the callers (Hannes Reinecke) [Orabug: 33537443] - scsi-generic: do not snoop the output of failed commands (Paolo Bonzini) [Orabug: 33537443] - scsi: Add mapping for generic SCSI_HOST status to sense codes (Hannes Reinecke) [Orabug: 33537443] - scsi: Rename linux-specific SG_ERR codes to generic SCSI_HOST error codes (Hannes Reinecke) [Orabug: 33537443] - scsi: drop 'result' argument from command_complete callback (Hannes Reinecke) [Orabug: 33537443] - scsi-disk: pass guest recoverable errors through even for rerror=stop (Paolo Bonzini) [Orabug: 33537443] - scsi-disk: pass SCSI status to scsi_handle_rw_error (Paolo Bonzini) [Orabug: 33537443] - scsi: introduce scsi_sense_from_errno() (Paolo Bonzini) [Orabug: 33537443] - scsi-disk: do not complete requests early for rerror/werror=ignore (Paolo Bonzini) [Orabug: 33537443] - scsi-disk: move scsi_handle_rw_error earlier (Paolo Bonzini) [Orabug: 33537443] - scsi-disk: convert more errno values back to SCSI statuses (Paolo Bonzini) [Orabug: 33537443] [4.2.1-13.el8] - pcie: Do not set power state for some hot-plugged devices (Annie Li) [Orabug: 33642532] [4.2.1-12.1.el8] - Update slirp to address various CVEs (Mark Kanda) [Orabug: 32208456] [Orabug: 33014409] [Orabug: 33014414] [Orabug: 33014417] [Orabug: 33014420] {CVE-2020-29129} {CVE-2020-29130} {CVE-2021-3592} {CVE-2021-3593} {CVE-2021-3594} {CVE-2021-3595} - hw/pflash_cfi01: Allow backing devices to be smaller than memory region (David Edmondson) - pcie: expire pending delete (Gerd Hoffmann) [Orabug: 33450706] - pcie: fast unplug when slot power is off (Gerd Hoffmann) [Orabug: 33450706] - pcie: factor out pcie_cap_slot_unplug() (Gerd Hoffmann) [Orabug: 33450706] - pcie: add power indicator blink check (Gerd Hoffmann) [Orabug: 33450706] - pcie: implement slot power control for pcie root ports (Gerd Hoffmann) [Orabug: 33450706] - pci: implement power state (Gerd Hoffmann) [Orabug: 33450706] - hw/pci/pcie: Move hot plug capability check to pre_plug callback (Julia Suvorova) [Orabug: 33450706] - hw/pci/pcie: Replace PCI_DEVICE() casts with existing variable (Julia Suvorova) [Orabug: 33450706] - hw/pci/pcie: Forbid hot-plug if it's disabled on the slot (Julia Suvorova) [Orabug: 33450706] - pcie_root_port: Add hotplug disabling option (Julia Suvorova) [Orabug: 33450706] - qdev-monitor: Forbid repeated device_del (Julia Suvorova) [Orabug: 33450706] - i386:acpi: Remove _HID from the SMBus ACPI entry (Corey Minyard) - uas: add stream number sanity checks (Gerd Hoffmann) [Orabug: 33280793] {CVE-2021-3713} - usbredir: fix free call (Gerd Hoffmann) [Orabug: 33198441] {CVE-2021-3682} - hw/scsi/scsi-disk: MODE_PAGE_ALLS not allowed in MODE SELECT commands (Mauro Matteo Cascella) [Orabug: 33548490] {CVE-2021-3930} - e1000: fix tx re-entrancy problem (Jon Maloy) [Orabug: 32560552] {CVE-2021-20257} - virtio-net-pci: Don't use 'efi-virtio.rom' on AArch64 (Mark Kanda) [Orabug: 33537594] - MAINTAINERS: Add ACPI/HEST/GHES entries (Dongjiu Geng) - target-arm: kvm64: handle SIGBUS signal from kernel or KVM (Dongjiu Geng) - ACPI: Record Generic Error Status Block(GESB) table (Dongjiu Geng) - KVM: Move hwpoison page related functions into kvm-all.c (Dongjiu Geng) - ACPI: Record the Generic Error Status Block address (Dongjiu Geng) - ACPI: Build Hardware Error Source Table (Dongjiu Geng) - ACPI: Build related register address fields via hardware error fw_cfg blob (Dongjiu Geng) - docs: APEI GHES generation and CPER record description (Dongjiu Geng) - hw/arm/virt: Introduce a RAS machine option (Dongjiu Geng) - acpi: nvdimm: change NVDIMM_UUID_LE to a common macro (Dongjiu Geng) - block/curl: HTTP header field names are case insensitive (David Edmondson) [Orabug: 33287589] - block/curl: HTTP header fields allow whitespace around values (David Edmondson) [Orabug: 33287589] [4.2.1-11.el8] - trace: use STAP_SDT_V2 to work around symbol visibility (Stefan Hajnoczi) [Orabug: 33272428] [4.2.1-11.el8] - pvrdma: Fix the ring init error flow (Marcel Apfelbaum) [Orabug: 33120142] {CVE-2021-3608} - pvrdma: Ensure correct input on ring init (Marcel Apfelbaum) [Orabug: 33120146] {CVE-2021-3607} - hw/rdma: Fix possible mremap overflow in the pvrdma device (Marcel Apfelbaum) [Orabug: 33120084] {CVE-2021-3582} - vhost-user-gpu: reorder free calls (Gerd Hoffmann) [Orabug: 32950701] {CVE-2021-3544} - vhost-user-gpu: abstract vg_cleanup_mapping_iov (Li Qiang) [Orabug: 32950716] {CVE-2021-3546} - vhost-user-gpu: fix OOB write in 'virgl_cmd_get_capset' (Li Qiang) [Orabug: 32950716] {CVE-2021-3546} - vhost-user-gpu: fix memory leak in 'virgl_resource_attach_backing' (Li Qiang) [Orabug: 32950701] {CVE-2021-3544} - vhost-user-gpu: fix memory leak in 'virgl_cmd_resource_unref' (Li Qiang) [Orabug: 32950701] {CVE-2021-3544} - vhost-user-gpu: fix memory leak while calling 'vg_resource_unref' (Li Qiang) [Orabug: 32950701] {CVE-2021-3544} - vhost-user-gpu: fix memory leak in vg_resource_attach_backing (Li Qiang) [Orabug: 32950701] {CVE-2021-3544} - vhost-user-gpu: fix resource leak in 'vg_resource_create_2d' (Li Qiang) [Orabug: 32950701] {CVE-2021-3544} - vhost-user-gpu: fix memory disclosure in virgl_cmd_get_capset_info (Li Qiang) [Orabug: 32950708] {CVE-2021-3545} - usb: limit combined packets to 1 MiB (Gerd Hoffmann) [Orabug: 32842778] {CVE-2021-3527} - usb/redir: avoid dynamic stack allocation (Gerd Hoffmann) [Orabug: 32842778] {CVE-2021-3527} - mptsas: Remove unused MPTSASState 'pending' field (Michael Tokarev) [Orabug: 32470463] {CVE-2021-3392} - oslib-posix: initialize backend memory objects in parallel (Mark Kanda) [Orabug: 32555402] - oslib-posix: refactor memory prealloc threads (Mark Kanda) [Orabug: 32555402] [4.2.1-10.el8] - e1000: fail early for evil descriptor (Jason Wang) [Orabug: 32560552] {CVE-2021-20257} - Document CVE-2020-27661 as fixed (Mark Kanda) [Orabug: 32960200] {CVE-2020-27661} - block: Avoid stale pointer dereference in blk_get_aio_context() (Greg Kurz) - block: Fix blk->in_flight during blk_wait_while_drained() (Kevin Wolf) - block: Increase BB.in_flight for coroutine and sync interfaces (Kevin Wolf) - block-backend: Reorder flush/pdiscard function definitions (Kevin Wolf) - i386/pc: let iterator handle regions below 4G (Joao Martins) - arm/virt: Add memory hot remove support (Shameer Kolothum) [Orabug: 32643506] - i386/pc: consolidate usable iova iteration (Joao Martins) - i386/acpi: fix SRAT ranges in accordance to usable IOVA (Joao Martins) - migration: increase listening socket backlog (Elena Ufimtseva) - multifd: Make multifd_save_setup() get an Error parameter (Juan Quintela) - multifd: Make multifd_load_setup() get an Error parameter (Juan Quintela) - migration: fix maybe-uninitialized warning (Marc-Andre Lureau) - migration: Fix the re-run check of the migrate-incoming command (Yury Kotov) - multifd: Initialize local variable (Juan Quintela) - multifd: Be consistent about using uint64_t (Juan Quintela) - Bug #1829242 correction. (Alexey Romko) - migration/multifd: fix destroyed mutex access in terminating multifd threads (Jiahui Cen) - migration/multifd: fix nullptr access in terminating multifd threads (Jiahui Cen) - migration/multifd: not use multifd during postcopy (Wei Yang) - migration/multifd: clean pages after filling packet (Wei Yang) - migration: Make sure that we don't call write() in case of error (Juan Quintela) - migration: fix multifd_send_pages() next channel (Laurent Vivier) - migration/multifd: bypass uuid check for initial packet (Elena Ufimtseva) [Orabug: 32610480] - migration/tls: add error handling in multifd_tls_handshake_thread (Hao Wang) - migration/tls: fix inverted semantics in multifd_channel_connect (Hao Wang) - migration/multifd: do not access uninitialized multifd_recv_state (Elena Ufimtseva) [Orabug: 32795384] - io/channel-tls.c: make qio_channel_tls_shutdown thread-safe (Lukas Straub) - qemu.spec: Enable qemu-guest-agent RPM for OL7 (Karl Heubaum) [Orabug: 32415543] - virtio-net: Set mac address to hardware if the peer is vdpa (Cindy Lu) - net: Add vhost-vdpa in show_netdevs() (Cindy Lu) - vhost-vdpa: Add qemu_close in vhost_vdpa_cleanup (Cindy Lu) - hw/virtio/vhost-vdpa: Fix Coverity CID 1432864 (Philippe Mathieu-Daude) - vhost-vdpa: negotiate VIRTIO_NET_F_STATUS with driver (Si-Wei Liu) - configure: Fix build dependencies with vhost-vdpa. (Laurent Vivier) - configure: simplify vhost condition with Kconfig (Marc-Andre Lureau) - vhost-vdpa: add trace-events (Laurent Vivier) - dma/pl330: Fix qemu_hexdump() usage in pl330.c (Mark Kanda) - util/hexdump: introduce qemu_hexdump_line() (Laurent Vivier) - util/hexdump: Reorder qemu_hexdump() arguments (Philippe Mathieu-Daude) - util/hexdump: Convert to take a void pointer argument (Philippe Mathieu-Daude) - net/colo-compare.c: Only hexdump packets if tracing is enabled (Lukas Straub) - vhost-vdpa: batch updating IOTLB mappings (Jason Wang) - vhost: switch to use IOTLB v2 format (Jason Wang) - vhost-vdpa: remove useless variable (Laurent Vivier) - virtio: vdpa: omit check return of g_malloc (Li Qiang) - vhost-vdpa: fix indentation in vdpa_ops (Stefano Garzarella) - virtio-net: check the existence of peer before accessing vDPA config (Jason Wang) - virtio-pci: fix wrong index in virtio_pci_queue_enabled (Yuri Benditovich) - virtio-pci: fix virtio_pci_queue_enabled() (Laurent Vivier) - vhost-vdpa :Fix Coverity CID 1430270 / CID 1420267 (Cindy Lu) - vhost-vdpa: fix the compile issue without kvm (Cindy Lu) - vhost-vdpa: introduce vhost-vdpa net client (Cindy Lu) - vhost-vdpa: introduce vhost-vdpa backend (Cindy Lu) - linux headers: sync to 5.9-rc4 (Jason Wang) - Linux headers: update (Cornelia Huck) - virtio-net: fix rsc_ext compat handling (Cornelia Huck) - linux-headers: update against Linux 5.7-rc3 (Cornelia Huck) - linux-headers: update (Cornelia Huck) - virtiofsd: Pull in kernel's fuse.h (Dr. David Alan Gilbert) - linux-headers: Update (Bharata B Rao) - linux-headers: Update (Greg Kurz) - vhost_net: introduce set_config & get_config (Cindy Lu) - vhost: implement vhost_force_iommu method (Cindy Lu) - vhost: introduce new VhostOps vhost_force_iommu (Cindy Lu) - vhost: implement vhost_vq_get_addr method (Cindy Lu) - vhost: introduce new VhostOps vhost_vq_get_addr (Cindy Lu) - vhost: implement vhost_dev_start method (Cindy Lu) - vhost: introduce new VhostOps vhost_dev_start (Cindy Lu) - vhost: check the existence of vhost_set_iotlb_callback (Jason Wang) - virtio-pci: implement queue_enabled method (Jason Wang) - virtio-bus: introduce queue_enabled method (Jason Wang) - vhost_net: use the function qemu_get_peer (Cindy Lu) - net: introduce qemu_get_peer (Cindy Lu) - vhost: correctly turn on VIRTIO_F_IOMMU_PLATFORM (Jason Wang) - imx7-ccm: add digprog mmio write method (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469} - tz-ppc: add dummy read/write methods (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469} - spapr_pci: add spapr msi read method (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469} - nvram: add nrf51_soc flash read method (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469} - prep: add ppc-parity write method (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469} - vfio: add quirk device write method (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469} - pci-host: designware: add pcie-msi read method (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469} - hw/pci-host: add pci-intack write method (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469} - oslib-posix: take lock before qemu_cond_broadcast (Bauerchen) [Orabug: 32555402] - oslib-posix: initialize mutex and condition variable (Paolo Bonzini) [Orabug: 32555402] - mem-prealloc: optimize large guest startup (Bauerchen) [Orabug: 32555402] - i386: Add the support for AMD EPYC 3rd generation processors (Babu Moger) - acpi: cpuhp: document CPHP_GET_CPU_ID_CMD command (Igor Mammedov) - acpi: cpuhp: add CPHP_GET_CPU_ID_CMD command (Igor Mammedov) - acpi: cpuhp: spec: add typical usecases (Igor Mammedov) - acpi: cpuhp: spec: clarify store into 'Command data' when 'Command field' == 0 (Igor Mammedov) - acpi: cpuhp: spec: fix 'Command data' description (Igor Mammedov) - acpi: cpuhp: spec: clarify 'CPU selector' register usage and endianness (Igor Mammedov) - acpi: cpuhp: introduce 'Command data 2' field (Igor Mammedov) - x86: ich9: let firmware negotiate 'CPU hot-unplug with SMI' feature (Igor Mammedov) - x86: ich9: factor out 'guest_cpu_hotplug_features' (Igor Mammedov) - x86: acpi: let the firmware handle pending 'CPU remove' events in SMM (Igor Mammedov) - x86: acpi: introduce AcpiPmInfo::smi_on_cpu_unplug (Igor Mammedov) - acpi: cpuhp: introduce 'firmware performs eject' status/control bits (Igor Mammedov) - x68: acpi: trigger SMI before sending hotplug Notify event to OSPM (Igor Mammedov) - x86: acpi: introduce the PCI0.SMI0 ACPI device (Igor Mammedov) - x86: acpi: introduce AcpiPmInfo::smi_on_cpuhp (Igor Mammedov) - x86: ich9: expose 'smi_negotiated_features' as a QOM property (Igor Mammedov) - tests: acpi: mark to be changed tables in bios-tables-test-allowed-diff (Igor Mammedov) - acpi: add aml_land() and aml_break() primitives (Igor Mammedov) - x86: cpuhp: refuse cpu hot-unplug request earlier if not supported (Igor Mammedov) - x86: cpuhp: prevent guest crash on CPU hotplug when broadcast SMI is in use (Igor Mammedov) - x86: lpc9: let firmware negotiate 'CPU hotplug with SMI' features (Igor Mammedov) - q35: implement 128K SMRAM at default SMBASE address (Igor Mammedov) - hw/intc/arm_gic: Fix interrupt ID in GICD_SGIR register (Philippe Mathieu-Daude) [Orabug: 32470471] {CVE-2021-20221} - memory: clamp cached translation in case it points to an MMIO region (Paolo Bonzini) [Orabug: 32252673] {CVE-2020-27821} - hw/sd/sdhci: Fix DMA Transfer Block Size field (Philippe Mathieu-Daude) [Orabug: 32613470] {CVE-2021-3409} [4.2.1-6.el8] - i386/pc: Keep PCI 64-bit hole within usable IOVA space (Joao Martins) - pc/cmos: Adjust CMOS above 4G memory size according to 1Tb boundary (Joao Martins) - i386/pc: Round up the hotpluggable memory within valid IOVA ranges (Joao Martins) - i386/pc: Account IOVA reserved ranges above 4G boundary (Joao Martins) [4.2.1-5.el8] - hostmem: fix default 'prealloc-threads' count (Mark Kanda) - hostmem: introduce 'prealloc-threads' property (Igor Mammedov) - qom: introduce object_register_sugar_prop (Paolo Bonzini) - migration/multifd: Do error_free after migrate_set_error to avoid memleaks (Pan Nengyuan) - multifd/tls: fix memoryleak of the QIOChannelSocket object when cancelling migration (Chuan Zheng) - migration/multifd: fix hangup with TLS-Multifd due to blocking handshake (Chuan Zheng) - migration/tls: add trace points for multifd-tls (Chuan Zheng) - migration/tls: add support for multifd tls-handshake (Chuan Zheng) - migration/tls: extract cleanup function for common-use (Chuan Zheng) - migration/multifd: fix memleaks in multifd_new_send_channel_async (Pan Nengyuan) - migration/multifd: fix nullptr access in multifd_send_terminate_threads (Zhimin Feng) - migration/tls: add tls_hostname into MultiFDSendParams (Chuan Zheng) - migration/tls: extract migration_tls_client_create for common-use (Chuan Zheng) - migration/tls: save hostname into MigrationState (Chuan Zheng) - tests/qtest: add a test case for pvpanic-pci (Mihai Carabas) - pvpanic : update pvpanic spec document (Mihai Carabas) - hw/misc/pvpanic: add PCI interface support (Mihai Carabas) - hw/misc/pvpanic: split-out generic and bus dependent code (Mihai Carabas) - qemu-img: Add --target-is-zero to convert (David Edmondson) - 9pfs: Fully restart unreclaim loop (CVE-2021-20181) (Greg Kurz) [Orabug: 32441198] {CVE-2021-20181} - ide: atapi: check logical block address and read size (CVE-2020-29443) (Prasad J Pandit) [Orabug: 32393835] {CVE-2020-29443} - Document CVE-2019-20808 as fixed (Mark Kanda) [Orabug: 32339196] {CVE-2019-20808} - block/iscsi:fix heap-buffer-overflow in iscsi_aio_ioctl_cb (Chen Qun) [Orabug: 32339207] {CVE-2020-11947} - net: remove an assert call in eth_get_gso_type (Prasad J Pandit) [Orabug: 32102583] {CVE-2020-27617} - nvdimm: honor -object memory-backend-file, readonly=on option (Stefan Hajnoczi) [Orabug: 32265408] - hostmem-file: add readonly=on|off option (Stefan Hajnoczi) [Orabug: 32265408] - memory: add readonly support to memory_region_init_ram_from_file() (Stefan Hajnoczi) [Orabug: 32265408] [4.2.1-4.el8] - Document CVE-2020-25723 as fixed (Mark Kanda) [Orabug: 32222397] {CVE-2020-25723} - hw/net/e1000e: advance desc_offset in case of null descriptor (Prasad J Pandit) [Orabug: 32217517] {CVE-2020-28916} - i386: Add 2nd Generation AMD EPYC processors (Babu Moger) [Orabug: 32217570] - libslirp: Update version to include CVE fixes (Mark Kanda) [Orabug: 32208456] [Orabug: 32208462] {CVE-2020-29129} {CVE-2020-29130} - Document CVE-2020-25624 as fixed (Mark Kanda) [Orabug: 32212527] {CVE-2020-25624} - pvpanic: Advertise the PVPANIC_CRASHLOADED event support (Paolo Bonzini) [Orabug: 32102853] - ati: check x y display parameter values (Prasad J Pandit) [Orabug: 32108251] {CVE-2020-27616} - Add AArch64 support for QMP regdump tool and sosreport plugin (Mark Kanda) [Orabug: 32080658] - Add qemu_regdump sosreport plugin support for '-mon' QMP sockets (Mark Kanda) - migration/dirtyrate: present dirty rate only when querying the rate has completed (Chuan Zheng) - migration/dirtyrate: record start_time and calc_time while at the measuring state (Chuan Zheng) - migration/dirtyrate: Add trace_calls to make it easier to debug (Chuan Zheng) - migration/dirtyrate: Implement qmp_cal_dirty_rate()/qmp_get_dirty_rate() function (Chuan Zheng) - migration/dirtyrate: Implement calculate_dirtyrate() function (Chuan Zheng) - migration/dirtyrate: Implement set_sample_page_period() and is_sample_period_valid() (Chuan Zheng) - migration/dirtyrate: skip sampling ramblock with size below MIN_RAMBLOCK_SIZE (Chuan Zheng) - migration/dirtyrate: Compare page hash results for recorded sampled page (Chuan Zheng) - migration/dirtyrate: Record hash results for each sampled page (Chuan Zheng) - migration/dirtyrate: move RAMBLOCK_FOREACH_MIGRATABLE into ram.h (Chuan Zheng) - migration/dirtyrate: Add dirtyrate statistics series functions (Chuan Zheng) - migration/dirtyrate: Add RamblockDirtyInfo to store sampled page info (Chuan Zheng) - migration/dirtyrate: add DirtyRateStatus to denote calculation status (Chuan Zheng) - migration/dirtyrate: setup up query-dirtyrate framwork (Chuan Zheng) - ram_addr: Split RAMBlock definition (Juan Quintela) [4.2.1-3.el8] - qemu-kvm.spec: Install block storage module RPMs by default (Karl Heubaum) [Orabug: 31943789] - qemu-kvm.spec: Enable block-ssh module RPM (Karl Heubaum) [Orabug: 31943763] - hw: usb: hcd-ohci: check for processed TD before retire (Prasad J Pandit) [Orabug: 31901690] {CVE-2020-25625} - hw: usb: hcd-ohci: check len and frame_number variables (Prasad J Pandit) [Orabug: 31901690] {CVE-2020-25625} - hw: ehci: check return value of 'usb_packet_map' (Li Qiang) [Orabug: 31901649] {CVE-2020-25084} - hw: xhci: check return value of 'usb_packet_map' (Li Qiang) [Orabug: 31901649] {CVE-2020-25084} - usb: fix setup_len init (CVE-2020-14364) (Gerd Hoffmann) [Orabug: 31848849] {CVE-2020-14364} - Document CVE-2020-12829 and CVE-2020-14415 as fixed (Mark Kanda) [Orabug: 31855502] [Orabug: 31855427] {CVE-2020-12829} {CVE-2020-14415} [4.2.1-2.el8] - hw/net/xgmac: Fix buffer overflow in xgmac_enet_send() (Mauro Matteo Cascella) [Orabug: 31667649] {CVE-2020-15863} - hw/net/net_tx_pkt: fix assertion failure in net_tx_pkt_add_raw_fragment() (Mauro Matteo Cascella) [Orabug: 31737809] {CVE-2020-16092} - migration: fix memory leak in qmp_migrate_set_parameters (Zheng Chuan) [Orabug: 31806256] - virtio-net: fix removal of failover device (Juan Quintela) [Orabug: 31806255] - pvpanic: introduce crashloaded for pvpanic (zhenwei pi) [Orabug: 31677154] [4.2.1-1.el8] - hw/sd/sdcard: Do not switch to ReceivingData if address is invalid (Philippe Mathieu-Daude) [Orabug: 31414336] {CVE-2020-13253} - hw/sd/sdcard: Update coding style to make checkpatch.pl happy (Philippe Mathieu-Daude) [Orabug: 31414336] - hw/sd/sdcard: Do not allow invalid SD card sizes (Philippe Mathieu-Daude) [Orabug: 31414336] {CVE-2020-13253} - hw/sd/sdcard: Simplify realize() a bit (Philippe Mathieu-Daude) [Orabug: 31414336] - hw/sd/sdcard: Restrict Class 6 commands to SCSD cards (Philippe Mathieu-Daude) [Orabug: 31414336] - libslirp: Update to v4.3.1 to fix CVE-2020-10756 (Karl Heubaum) [Orabug: 31604999] {CVE-2020-10756} - Document CVEs as fixed 2/2 (Karl Heubaum) [Orabug: 30618035] {CVE-2017-18043} {CVE-2018-10839} {CVE-2018-11806} {CVE-2018-12617} {CVE-2018-15746} {CVE-2018-16847} {CVE-2018-16867} {CVE-2018-17958} {CVE-2018-17962} {CVE-2018-17963} {CVE-2018-18849} {CVE-2018-19364} {CVE-2018-19489} {CVE-2018-3639} {CVE-2018-5683} {CVE-2018-7550} {CVE-2018-7858} {CVE-2019-12068} {CVE-2019-15034} {CVE-2019-15890} {CVE-2019-20382} {CVE-2020-10702} {CVE-2020-10761} {CVE-2020-11102} {CVE-2020-11869} {CVE-2020-13361} {CVE-2020-13765} {CVE-2020-13800} {CVE-2020-1711} {CVE-2020-1983} {CVE-2020-8608} - Document CVEs as fixed 1/2 (Karl Heubaum) [Orabug: 30618035] {CVE-2017-10806} {CVE-2017-11334} {CVE-2017-12809} {CVE-2017-13672} {CVE-2017-13673} {CVE-2017-13711} {CVE-2017-14167} {CVE-2017-15038} {CVE-2017-15119} {CVE-2017-15124} {CVE-2017-15268} {CVE-2017-15289} {CVE-2017-16845} {CVE-2017-17381} {CVE-2017-18030} {CVE-2017-2630} {CVE-2017-2633} {CVE-2017-5715} {CVE-2017-5753} {CVE-2017-5754} {CVE-2017-5931} {CVE-2017-6058} {CVE-2017-7471} {CVE-2017-7493} {CVE-2017-8112} {CVE-2017-8309} {CVE-2017-8379} {CVE-2017-8380} {CVE-2017-9503} {CVE-2017-9524} {CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2018-16872} {CVE-2018-20123} {CVE-2018-20124} {CVE-2018-20125} {CVE-2018-20126} {CVE-2018-20191} {CVE-2018-20216} {CVE-2018-20815} {CVE-2019-11091} {CVE-2019-12155} {CVE-2019-14378} {CVE-2019-3812} {CVE-2019-5008} {CVE-2019-6501} {CVE-2019-6778} {CVE-2019-8934} {CVE-2019-9824} - qemu-kvm.spec: Add .spec file for OL8 (Karl Heubaum) [Orabug: 30618035] - qemu.spec: Add .spec file for OL7 (Karl Heubaum) [Orabug: 30618035] - qemu-submodule-init: Add Git submodule init script (Karl Heubaum) [Orabug: 30618035] - vhost.conf: Initial vhost.conf (Karl Heubaum) [Orabug: 30618035] - parfait: Add buildrpm/parfait-qemu.conf (Karl Heubaum) [Orabug: 30618035] - virtio: Set PCI subsystem vendor ID to Oracle (Karl Heubaum) [Orabug: 30618035] - qemu_regdump.py: Initial qemu_regdump.py (Karl Heubaum) [Orabug: 30618035] - qmp-regdump: Initial qmp-regdump (Karl Heubaum) [Orabug: 30618035] - bridge.conf: Initial bridge.conf (Karl Heubaum) [Orabug: 30618035] - kvm.conf: Initial kvm.conf (Karl Heubaum) [Orabug: 30618035] - 80-kvm.rules: Initial 80-kvm.rules (Karl Heubaum) [Orabug: 30618035] - exec: set map length to zero when returning NULL (Prasad J Pandit) [Orabug: 31439733] {CVE-2020-13659} - megasas: use unsigned type for reply_queue_head and check index (Prasad J Pandit) [Orabug: 31414338] {CVE-2020-13362} - memory: Revert 'memory: accept mismatching sizes in memory_region_access_valid' (Michael S. Tsirkin) [Orabug: 31439736] [Orabug: 31452202] {CVE-2020-13754} {CVE-2020-13791} [4.1.1-3.el8] - buildrpm/spec files: Don't package elf2dmp (Karl Heubaum) [Orabug: 31657424] - qemu-kvm.spec: Enable the block-curl package (Karl Heubaum) [Orabug: 31657424] - qemu.spec: enable have_curl in spec (Dongli Zhang) [Orabug: 31657424] [4.1.1-2.el8] - Document CVE-2020-13765 as fixed (Karl Heubaum) [Orabug: 31463250] {CVE-2020-13765} - kvm: Reallocate dirty_bmap when we change a slot (Dr. David Alan Gilbert) [Orabug: 31076399] - kvm: split too big memory section on several memslots (Igor Mammedov) [Orabug: 31076399] - target/i386: do not set unsupported VMX secondary execution controls (Vitaly Kuznetsov) [Orabug: 31463710] - target/i386: add VMX definitions (Paolo Bonzini) [Orabug: 31463710] - ati-vga: check mm_index before recursive call (CVE-2020-13800) (Prasad J Pandit) [Orabug: 31452206] {CVE-2020-13800} - es1370: check total frame count against current frame (Prasad J Pandit) [Orabug: 31463235] {CVE-2020-13361} - ati-vga: Fix checks in ati_2d_blt() to avoid crash (BALATON Zoltan) [Orabug: 31238432] {CVE-2020-11869} - libslirp: Update to stable-4.2 to fix CVE-2020-1983 (Karl Heubaum) [Orabug: 31241227] {CVE-2020-1983} - Document CVEs as fixed (Karl Heubaum) {CVE-2019-12068} {CVE-2019-15034} - libslirp: Update to version 4.2.0 to fix CVEs (Karl Heubaum) [Orabug: 30274592] [Orabug: 30869830] {CVE-2019-15890} {CVE-2020-8608} - target/i386: add support for MSR_IA32_TSX_CTRL (Paolo Bonzini) [Orabug: 31124041] - qemu-img: Add --target-is-zero to convert (David Edmondson) - vnc: fix memory leak when vnc disconnect (Li Qiang) [Orabug: 30996427] {CVE-2019-20382} - iscsi: Cap block count from GET LBA STATUS (CVE-2020-1711) (Felipe Franciosi) [Orabug: 31124035] {CVE-2020-1711} - qemu.spec: Remove 'BuildRequires: kernel' (Karl Heubaum) [Orabug: 31124047] seabios [1.16.0-3] - seabios-virtio-blk-use-larger-default-request-size.patch [bz#2101787] - Resolves: bz#2101787 ([rhel.8.7] Loading a kernel/initrd is sometimes very slow) [1.16.0-2] - seabios-shortcut-skip-unbootable-disks-optimitation.patch [bz#2073012] - seabios-pci-refactor-the-pci_config_-functions.patch [bz#2083884] - seabios-reset-force-standard-PCI-configuration-access.patch [bz#2083884] - Resolves: bz#2073012 (Guest whose os is installed multiple disks but boot partition is installed on single disk can't boot into OS on RHEL 8 [rhel-8.7.0]) - Resolves: bz#2083884 (qemu reboot problem with seabios 1.16.0) [1.16.0-1] - Rebase to upstream 1.16 tag [bz#2066828] - Resolves: bz#2066828 (rebase seabios to 1.16 release) [1.15.0-1.el8] - Rebase to 1.15 (bz#2018392) - Resolves: bz#2018392 [1.15.0-1.el8] - pci-reserve-resources-for-pcie-pci-bridge-to-fix-reg.patch [bz#2001921] - pci: let firmware reserve IO for pcie-pci-bridge.patch [bz#2001921] - Resolves: bz#2001921 [1.14.0-1.el8] - Rebase to 1.14 (bz#1809772) - Resolves: bz#1809772 (rebase seabios for RHEL AV-8.3.0) [1.13.0-1.el8] - Rebase to 1.13 (bz#1793377) - Resolves: bz#1793377 (rebase seabios to 1.13) [1.12.0-5.el8] - seabios-add-get_keystroke_full-helper.patch [bz#1693031] - seabios-bootmenu-add-support-for-more-than-9-entries.patch [bz#1693031] - Resolves: bz#1693031 (On systems with more than 10 available boot devices, keys are uninintuitive) [1.12.0-4.el8] - seabios-tpm-Check-for-TPM-related-ACPI-tables-before-attempt.patch [bz#1705212] - seabios-usb-ehci-Clear-pipe-token-on-pipe-reallocate.patch [bz#1705212] - Resolves: bz#1705212 (Backport 1.12.1 patches to RHEL-AV 8.1.0) [1.12.0-3.el8] - seabios-rh-add-configs-for-ramfb-and-bochs-display.patch [bz#1724098] - Resolves: bz#1724098 (enable device: bochs-display (seabios)) [1.12.0-1.el8] - Rebase to 1.12.0 [bz#1666134] - Resolves: bz#1666134 (Rebase seabios for RHEL-AV release in virt:8.0.0 stream) [1.11.1-3.el8] - Resolves: bz#1613465 (Fix seabios package) [1.11.1-2.el8] - Resolves: bz#1607349 (Serial Graphics Adapter show error seabios version) [1.11.1-1.el8] - Rebasing seabios 1.11.1 [1.11.0-2.el8] - Syncronizing exploded tree with dist-git [1.11.0-1.el8] - Creating RHEL-8.0 initial branch based on 1.11.0 - Resolves: bz#1515300 - (Prepare seabios for RHEL-8.0) [1.11.0-1] - Rebased to version 1.11.0 - Add three patches from RHEL [1.10.2-3] - Disable cross-compilation on RHEL [1.10.2-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [1.10.2-1] - Rebased to version 1.10.2 [1.10.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [1.10.1-1] - Rebased to version 1.10.1 [1.9.3-1] - Rebased to version 1.9.3 [1.9.1-3] - Include MPT Fusion driver, in preparation for QEMU 2.6 - Include XHCI and SD in 128k ROM, sacrifice bootsplash instead [1.9.1-1] - Rebased to version 1.9.1 - Fix incorrect UUID format in boot output (bz #1284259) [1.9.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [1.9.0-1] - Rebased to version 1.9.0 [1.8.2-1] - Rebased to version 1.8.2 [1.8.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [1.8.1-1] - Rebased to version 1.8.1 [1.8.0-1] - Rebased to version 1.8.0 - Initial support for USB3 hubs - Initial support for SD cards (on QEMU only) - Initial support for transitioning to 32bit mode using SMIs (on QEMU TCG only) - SeaVGABIOS improvements [1.7.5.1-1] - Update to seabios-1.7.5.1 [1.7.5-3] - Fix PCI-e hotplug (bz #1115598) [1.7.5-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [1.7.5-1] - Rebased to version 1.7.5 - Support for obtaining SMBIOS tables directly from QEMU. - XHCI USB controller fixes for real hardware - seavgabios: New driver for 'coreboot native vga' support - seavgabios: Improved detection of x86emu versions with incorrect emulation. - Several bug fixes and code cleanups [1.7.4-5] - Fix booting FreeBSD VMs in virt-manager [1.7.4-3] - Build 256k bios images for qemu 2.0 [1.7.4-2] - Fix kvm migration with empty virtio-scsi controller (bz #1032208) [1.7.4-1] - Rebased to version 1.7.4 - Support for obtaining ACPI tables directly from QEMU. - Initial support for XHCI USB controllers (initially for QEMU only). - Support for booting from 'pvscsi' devices on QEMU. - Enhanced floppy driver - improved support for real hardware. - coreboot cbmem console support. [1.7.3.2-1] - Update to 1.7.3.2 for qemu 1.7 [1.7.3.1-3] - Fix pasto in CONFIG_DEBUG_LEVEL. [1.7.3.1-2] - Compile as all three of BIOS, CSM and CoreBoot payload. [1.7.3.1-1] - Rebased to version 1.7.3.1 - Fix USB EHCI detection that was broken in hlist conversion of PCIDevices. - Fix bug in CBFS file walking with compressed files. - acpi: sync FADT flags from PIIX4 to Q35 [1.7.3-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild [1.7.3-2] - Install aml files for use by qemu [1.7.3-1] - Rebased to version 1.7.3 - Initial support for using SeaBIOS as a UEFI CSM - Support for detecting and using ACPI reboot ports. - Non-standard floppy sizes now work again with recent QEMU versions. - Several bug fixes and code cleanups - Again fix vgabios obsoletes (bz #981147) [1.7.2.2-1] - Update to seabios stable 1.7.2.2 - Obsolete vgabios (bz #967315) [1.7.2-1] - Rebased to version 1.7.2 - Support for ICH9 host chipset ('q35') on emulators - Support for booting from LSI MegaRAID SAS controllers - Support for using the ACPI PM timer on emulators - Improved Geode VGA BIOS support. - Several bug fixes [1.7.1-4] - Root seabios package is noarch too because it only contains docs [1.7.1-3] - Add seavgabios subpackage [1.7.1-2] - Build with cross compiler. Resolves: #866664. [1.7.1-1] - Rebased to version 1.7.1 - Initial support for booting from USB attached scsi (USB UAS) drives - USB EHCI 64bit controller support - USB MSC multi-LUN device support - Support for booting from LSI SCSI controllers on emulators - Support for booting from AMD PCscsi controllers on emulators [1.7.0-4] - Modernise and tidy up the RPM. - Allow debug versions of SeaBIOS to be built easily. [1.7.0-3] - Enable S3/S4 support for guests (it's an F18 feature after all) [1.7.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [1.7.0-1] - Rebased to version 1.7.0 - Support for virtio-scsi - Improved USB drive support - Several USB controller bug fixes and improvements [1.6.3-2] - Fix bugs in booting from host (or redirected) USB pen drives [1.6.3-1] - Update to 1.6.3 upstream - Add virtio-scsi [0.6.2-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [0.6.2-3] - Stop advertising S3 and S4 in DSDT (bz#741375) - incdule iasl buildreq [0.6.2-2] - Fix QXL bug in 0.6.2 [0.6.2-1] - Update to 0.6.2 upstream for a number of bugfixes [0.6.1-1] - Update to 0.6.1 upstream for a number of bugfixes [0.6.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [0.6.0-1] - Update seabios to latest stable so we can drop patches. [0.5.1-2] - Ugly hacks to make package noarch and available for arch that cannot build it. - Disable useless debuginfo [0.5.1-1] - Update to 0.5.1 stable release - Pick up patches required for current qemu [0.5.1-0.1.20100108git669c991] - Created initial package sgabios supermin [5.1.19] - Resolves: bz#1810193 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release) [5.1.19-9] - Rebuild all virt packages to fix RHEL's upgrade path - Resolves: rhbz#1695587 (Ensure modular RPM upgrade path) [5.1.19-8] - Pass CFLAGS & LDFLAGS to final supermin link resolves: rhbz#1624175 [5.1.19-7] - Rebuild for OCaml 4.07.0. [5.1.19-6] - Drop dietlibc in RHEL 8 resolves: rhbz#1588067 [5.1.19-5] - Bump release and rebuild. [5.1.19-4] - Reenable hardened build [5.1.19-3] - Fix bytes/string problems. [5.1.19-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [5.1.19-1] - New upstream version 5.1.19. - Remove all patches, now upstream. [5.1.18-5] - Rebuilt for RPM soname bump [5.1.18-4] - Fix supermin crash with truncated vmlinuz file (RHBZ#1477758). - Include all upstream patches since 5.1.18. [5.1.18-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [5.1.18-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [5.1.18-1] - New upstream release 5.1.18. - Fixes problem with creating incorrect symlinks (RHBZ#1470157). [5.1.17-5] - Enable dietlibc on aarch64 and POWER. [5.1.17-4] - Drop dependency on hawkey and versioned dependencies on dnf. [5.1.17-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [5.1.17-2] - Rebuild for OCaml 4.04.0. [5.1.17-1] - New upstream release 5.1.17. - Check signature on the tarball before unpacking it. - Remove patches, all upstream. [5.1.16-6] - Switch to dietlibc on s390x [5.1.16-5] - Do not break the binary on interpreted builds (#1375213) [5.1.16-4] - Add all upstream patches since 5.1.16 was released. [5.1.16-3] - Add upstream patch for DAX / vNVDIMM support. [5.1.16-2] - New upstream version 5.1.16. - Drop all patches since they are upstream. - Depend on systemd-udev to work around RHBZ#1331012. [5.1.15-2] - Add all upstream patches since 5.1.15 was released. - These should improve boot performance and initrd size. [5.1.15-1] - New upstream version 5.1.15. - Remove all patches, since they are now included in this version. - Enable dietlibc, remove glibc-static, xz-static, zlib-static. [5.1.14-4] - Add more patches since 5.1.14. [5.1.14-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [5.1.14-2] - Add all patches since 5.1.14. [5.1.14-1] - New upstream version 5.1.14. - Remove all patches - now upstream. [5.1.13-4] - Pull in all upstream patches since 5.1.13. - Choose providers better (RHBZ#1266918). - Use autopatch. - Explicitly depend on pod2html. [5.1.13-3] - Bump version to rebuild against new RPM in Rawhide. [5.1.13-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [5.1.13-1] - New upstream version 5.1.13. - Remove patch, now upstream. [5.1.12-11] - Prefer 'dnf download' over 'yumdownloader' (again). - BR grubby for the tests to work. [5.1.12-9] - Revert back to yumdownloader (RHBZ#1186948). [5.1.12-8] - Prefer 'dnf download' over 'yumdownloader'. [5.1.12-7] - Disable hardened build again. See RHBZ#1202091 RHBZ#1204162. [5.1.12-6] - Enable hardening flags by building the static 'init' specially before the main build. - Use _smp_mflags. [5.1.12-4] - Add a -devel subpackage containing automated RPM dependency generator for supermin appliances. [5.1.12-2] - Disable hardened build as it breaks building the static 'init' binary. [5.1.12-1] - New upstream version 5.1.12. - Includes ARM fix: lpae kernels can now be booted (RHBZ#1199733). [5.1.11-2] - Rebuild for xz-5.2.0 in Rawhide (RHBZ#1179252). [5.1.11-1] - New upstream version 5.1.11. [5.1.10-2] - Update to upstream commit d78c898c7e2bc5f12cbebef98b95a7908d9120f1. - BR rpm-devel, since it is now used instead of invoking rpm. - BR automake and autoconf, and run autoreconf (configure.ac is modified by the patches). [5.1.10-1] - New upstream version 5.1.10. - Remove patch which is now included upstream. [5.1.9-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild [5.1.9-2] - Add upstream patch to avoid endless loop in Rawhide. [5.1.9-1] - New upstream version 5.1.9. - Remove patches which are now upstream. [5.1.8-9] - Add Requires findutils (RHBZ#1113029). [5.1.8-8] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [5.1.8-7] - Add patch to fix RPM handler when filenames may contain spaces. [5.1.8-4] - Skip execstack test on Fedora 20 (ARM only). [5.1.8-3] - BR xz-static & xz-devel packages, to support xz-compressed kernel modules. [5.1.8-1] - New upstream version 5.1.8. - Remove patches which are now upstream. [5.1.7-3] - Add upstream patch which removes need to run execstack (RHBZ#1093261). [5.1.7-2] - Add patch to fix quoting around mke2fs parameter (RHBZ#1084960). [5.1.7-1] - New upstream version 5.1.7. - Remove ppc64p7 patch which is now upstream. [5.1.6-5] - Requires tar, which is not installed in an @Core installation. [5.1.6-4] - Add upstream patch to fix supermin on ppc64p7. [5.1.6-3] - New upstream version 5.1.6. - Fix tests. [5.1.5-2] - Disable execstack on aarch64. It comes from prelink which does not exist on aarch64. [5.1.5-1] - New upstream version 5.1.5. [5.1.3-1] - New upstream version 5.1.3. [5.1.2-1] - New upstream version 5.1.2. - Fixes a serious bug in --build mode. [5.1.1-1] - New upstream version 5.1.1. - Remove patch which is now upstream. [5.1.0-3] - Add BR yum-utils (for yumdownloader). - Add upstream patch which stops duplicate packages appearing. [5.1.0-2] - New upstream version 5.1.0. - Note this is effectively a rewrite, and is not completely compatible. - There is no separate 'supermin-helper' subpackage any more. - Requires rpm instead of yum. [4.1.6-2] - New upstream version 4.1.6. - Should fix all autotools brokenness. - Man pages are now all in section 1. - Remove patch which is now upstream. - +BR /usr/bin/execstack (from prelink). [4.1.5-5] - Rerun autoreconf to fix autotools brokenness. [4.1.5-4] - Why was prelink required? Remove it. [4.1.5-3] - correct Obsoletes version for febootstrap and febootstrap-supermin-helper [4.1.5-2] - (For ARM) Don't crash if SUPERMIN_DTB is set and --dtb not specified. [4.1.5-1] - New upstream version 4.1.5. - Has (optionally) a new command line syntax. - Supports device trees for ARM. [4.1.4-1] - New upstream version 4.1.4. - Supports compressed cpio image files, experimentally. [4.1.3-1] - New upstream version 4.1.3. - Remove patch which is now upstream. - Add examples directory to documentation. [4.1.2-2] - Include upstream patch to get correct directory setgid/sticky bits in the appliance. [4.1.2-1] - New upstream version 4.1.2. - Remove patch which is now upstream. [4.1.1-2] - Add upstream patch to ignore ghost non-regular files. - This fixes builds on Fedora 20 because the filesystem package has been changed so /var/lock and /var/run are marked as ghost. [4.1.1-1] - New upstream version 4.1.1. - The program has been renamed 'supermin' from 'febootstrap'. - Obsolete, but don't Provide because supermin is not a compatible replacement. - Use '_isa' to specify architecture of supermin-helper subpackage. [1:3.21-2] - Add upstream patch to drop supplemental groups (RHBZ#902476). - Remove 'Group:' RPM headers which are no longer necessary. - Remove some commented-out requirements. [1:3.21-1] - New upstream version 3.21. [1:3.20-1] - New upstream version 3.20. [1:3.19-2] - Work around brokenness in yum (RHBZ#850913). - Remove defattr, no longer required. [1:3.19-1] - New upstream version 3.19. [3.18-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [3.18-1] - New upstream version 3.18. - This adds support for EPEL 5. [3.17-1] - New upstream version 3.17. [3.16-1] - New upstream version 3.16. [3.15-1] - New upstream version 3.15. - This version includes root=<device> support, needed for libguestfs with virtio-scsi. - Remove upstream patch. [3.14-6] - For RHEL 7 only, add ExclusiveArch x86-64. [3.14-5] - Bundled gnulib (RHBZ#821752). [3.14-4] - Add back explicit dependencies for external programs. [3.14-3] - Drop ExclusiveArch as it's supported on all primary & secondary arches - Cleanup spec and deps [3.14-2] - New upstream version 3.14. - Add upstream patch to fix RHBZ#808421. [3.13-4] - e2fsprogs moved /sbin/mke2fs to /usr/sbin (thanks Eric Sandeen). [3.13-2] - Missing BR zlib-static. [3.13-1] - New upstream version 3.13. - Remove upstream patch which is included in this version. [3.12-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [3.12-4] - Depend on latest e2fsprogs (RHBZ#771310). [3.12-2] - Include upstream patch to work around Python stupidity. [3.12-1] - New upstream version 3.12. - Remove upstream patch which is included in this version. [3.11-2] - Add upstream patch to fix febootstrap on non-Debian. [3.11-1] - New upstream version 3.11. [3.10-1] - New upstream version 3.10. [3.9-1] - New upstream version 3.9. [3.8-1] - New upstream version 3.8. [3.7-1] - New upstream version 3.7. [3.6-1] - New upstream version 3.6. - This version no longer needs external insmod.static. [3.5-1] - New upstream version 3.5. - Remove patch which is now upstream. [3.4-2] - Don't fail if objects are created in a symlinked dir (RHBZ#698089). [3.4-1] - New upstream version 3.4. - febootstrap-supermin-helper Obsoletes older versions of febootstrap. [3.3-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [3.3-4] - Split package into febootstrap (for building) and febootstrap-supermin-helper (for running). Note that febootstrap depends on febootstrap-supermin-helper, but you can install febootstrap-supermin-helper on its own. [3.3-3] - Clear executable stack flag on febootstrap-supermin-helper. [3.3-2] - add the ocaml's ExclusiveArch [3.3-1] - New upstream version 3.3. [3.2-1] - New upstream version 3.2. - Remove upstream patches. [3.1-5] - Previous fix for RHBZ#654638 didn't work, fix it correctly. [3.1-4] - Properly ignore .*.hmac files (accidental reopening of RHBZ#654638). [3.1-3] - Uses yumdownloader at runtime, so require yum-utils. [3.1-2] - New upstream version 3.1. - BR insmod.static. [3.0-2] - New upstream version 3.0 (note this is incompatible with 2.x). - Fix upstream URLs. - fakeroot, fakechroot no longer required. - insmod.static is required at runtime (missing dependency from earlier). - The only programs are 'febootstrap' and 'febootstrap-supermin-helper'. - BR ocaml, ocaml-findlib-devel. - No examples are provided with this version of febootstrap. [2.11-1] - New upstream version 2.11. - Fixes 'ext2fs_mkdir .. No free space in directory' bug which affects libguestfs on rawhide. [2.10-1] - New upstream version 2.10. - Adds -u and -g options to febootstrap-supermin-helper which are required by virt-v2v. [2.9-1] - New upstream version 2.9. - Fixes directory ordering problem in febootstrap-supermin-helper. [2.8-1] - New upstream version 2.8. [2.8-0.2] - New pre-release version of 2.8. + Note this is based on 2.7 + mailing list patches. - New BRs on mke2fs, libext2fs, glibc-static. [2.7-2] - New upstream version 2.7. - febootstrap-supermin-helper shell script rewritten in C for speed. - This package contains C code so it is no longer 'noarch'. - MAKEDEV isn't required. [2.6-1] - New upstream release 2.6. - Recheck package in rpmlint. [2.5-2] - New upstream release 2.5. - Remove BR upx (not needed by upstream). - Two more scripts / manpages. [2.4-1] - New upstream release 2.4. [2.3-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [2.3-1] - New upstream release 2.3. [2.2-1] - New upstream release 2.2. [2.0-1] - New upstream release 2.0. [1.9-1] - New upstream release 1.9. [1.8-1] - New upstream release 1.8. [1.7-1] - New upstream release 1.7. [1.5-3] - Configure script has (unnecessary) BuildRequires on fakeroot, fakechroot, yum. [1.5-2] - Initial build for Fedora. LOW Copyright 2024 Oracle, Inc. CVE-2024-3447 cpe:/a:oracle:exadata_dbserver:23.1.19.0.0::ol8 cpe:/a:oracle:linux:8::kvm_appstream Oracle Linux 8 hivex libguestfs [1.44.0-9.0.2] - libguestfs.spec: Add btrfs-progs RPM to appliance [Orabug: 35634755] libguestfs-winsupport libiscsi libnbd [1.6.0-6.el8] - Fix CVE-2024-7383 NBD server improper certificate validation resolves: RHEL-52728 [1.6.0-5.el8] - Fix CVE-2022-0485: Fail nbdcopy if NBD read or write fails resolves: rhbz#2045718 [1.6.0-4.el8] - Resolves: bz#2000225 (Rebase virt:rhel module:stream based on AV-8.6) [1.2.2] - Resolves: bz#1844296 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release) [1.2.2-1] - New stable release 1.2.2. [1.2.1-1] - New stable release 1.2.1. [1.2.0-1] - New stable release 1.2.0. [1.0.3-1] - New upstream version 1.0.3. - Contains fix for remote code execution vulnerability. - Add new libnbd-security(3) man page. [1.0.2-1] - New upstream version 1.0.2. - Remove patches which are upstream. - Contains fix for NBD Protocol Downgrade Attack (CVE-2019-14842). - Fix previous commit message. [1.0.1-2] - Add upstream patch to fix nbdsh (for nbdkit tests). - Fix interop tests on slow machines. [1.0.1-1] - New stable version 1.0.1. [1.0.0-1] - New upstream version 1.0.0. [0.9.9-2] - Rebuilt for Python 3.8 [0.9.9-1] - New upstream version 0.9.9. [0.9.8-4] - Fix nbdkit dependencies so we're actually running the tests. - Add glib2-devel BR so we build the glib main loop example. - Add upstream patch to fix test error: nbd_connect_unix: getlogin: No such device or address - Fix test failure on 32 bit. [0.9.8-3] - Bump and rebuild to fix releng brokenness. https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/2LIDI33G3IEIPYSCCIP6WWKNHY7XZJGQ/ [0.9.8-2] - Rebuilt for Python 3.8 [0.9.8-1] - New upstream version 0.9.8. - Package the new nbd_*(3) man pages. [0.9.7-1] - New upstream version 0.9.7. - Add libnbd-ocaml(3) man page. [0.9.6-2] - Add all upstream patches since 0.9.6 was released. - Package the ocaml bindings into a subpackage. [0.9.6-1] - New upstream verison 0.9.6. [0.1.9-1] - New upstream version 0.1.9. [0.1.8-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild [0.1.8-1] - New upstream version 0.1.8. [0.1.7-1] - New upstream version 0.1.7. [0.1.6-1] - New upstream version 0.1.6. [0.1.5-1] - New upstream version 0.1.5. [0.1.4-1] - New upstream version 0.1.4. [0.1.2-2] - Enable libxml2 for NBD URI support. [0.1.2-1] - New upstream version 0.1.2. [0.1.1-1] - Fix license in man pages and examples. - Add nbdsh(1) man page. - Include the signature and keyring even if validation is disabled. - Update devel subpackage license. - Fix old FSF address in Python tests. - Filter Python provides. - Remove executable permission on the tar.gz.sig file. - Initial release. libtpms libvirt [9.0.0-7.el8] - qemu: conf: Add configuration to tune vcpu unplug timeout (Partha Satapathy) [Orabug: 37098750] - conf: Fix migration in some firmware autoselection scenarios (Andrea Bolognani) [Orabug: 37024703] - cpu_map: Add SapphireRapids CPU model (Lin Yang) - cpu_map: Add missing feature 'fsrc' (Tim Wiederhake) - cpu_map: Add missing feature 'fsrs' (Tim Wiederhake) - cpu_map: Add missing feature 'fzrm' (Tim Wiederhake) [9.0.0-6.el8] - rpc: ensure temporary GSource is removed from client event loop (Daniel P. Berrange) [Orabug: 36821472] {CVE-2024-4418} - rpc: Don't warn about 'max_client_requests' in single-threaded daemons (Peter Krempa) [Orabug: 36422853] [9.0.0-5.el8] - Fix off-by-one error in udevListInterfacesByStatus (Martin Kletzander) [Orabug: 36364464] {CVE-2024-1441} [9.0.0-4.el8] - qemuProcessRefreshDisks: Extract update of a single disk (Peter Krempa) [Orabug: 35885348] - qemuProcessRefreshDisks: Properly compare tray status (Peter Krempa) [Orabug: 35885348] [9.0.0-3.el8] - storage: Fix returning of locked objects from 'virStoragePoolObjListSearch' (Peter Krempa) [Orabug: 35644221] {CVE-2023-3750} - virpci: Resolve leak in virPCIVirtualFunctionList cleanup (Tim Shearer) [Orabug: 35395469] {CVE-2023-2700} - qemuProcessRefreshDisks: Don't skip filling of disk information if tray state didn't change (Peter Krempa) [Orabug: 35636469] [9.0.0-2.el8] - qemu_migration: don't block migration for network hostdev (Joao Martins) - util: basic support for VFIO variant drivers (Laine Stump) [9.0.0-1.el8] - Update to libvirt 9.0.0 (Karl Heubaum) [7.10.0-2.el8] - remote: do not stop libvirtd after period of inactivity (Menno Lageman) [Orabug: 34069688] [7.10.0-1.el8] - Update to libvirt 7.10.0 (Wim ten Have) [7.9.0-1.el8] - Update to libvirt 7.9.0 (Wim ten Have) [5.7.0-31.el8] - qemu: Do not latch guestCPUs when guests hotplug with active domain groups (Wim ten Have) [Orabug: 33440015] [5.7.0-30.el8] - qemuDomainSnapshotDiskPrepareOne: Fix logic of relative backing store update (Peter Krempa) [Orabug: 33086913] - qemu: Don't set NVRAM label when creating it (Michal Privoznik) [Orabug: 33319048] - qemu: protect guestCPUs from drift under vcpu guest timeouts (Wim ten Have) [Orabug: 33368490] [5.7.0-29.el8] - qemu: vCORE distribution under vNUMA host partitioning should balance guests vCPU:pCPU pinning (Wim ten Have) [Orabug: 32355455] - qemuDomainSnapshotDiskPrepareOne: Don't load the relative path with blockdev (Peter Krempa) [Orabug: 33151464] - qemu: block: Support VIR_DOMAIN_BLOCK_COMMIT/PULL/REBASE_RELATIVE with blockdev (Peter Krempa) [Orabug: 33151464] - qemu: Tell secdrivers which images are top parent (Michal Privoznik) [Orabug: 33086913] - security: Introduce VIR_SECURITY_DOMAIN_IMAGE_PARENT_CHAIN_TOP flag (Michal Privoznik) [Orabug: 33086913] [5.7.0-28.el8] - qemu_capabilities: Rework domain caps cache (Michal Privoznik) [Orabug: 32664432] - tests: fix virArchFromHost() redefine error (Joe Jin) [Orabug: 32664432] - qemu: cache host arch separately from virCapsPtr (Daniel P. Berrange) [Orabug: 32664432] - cpu.c: Check properly for virCapabilitiesGetNodeInfo() retval (Michal Privoznik) [Orabug: 32664432] - virStorageSourceParseBackingJSONRaw: Parse 'offset' and 'size' attributes (Peter Krempa) [Orabug: 32164351] - tests: qemu: Add test data for the new <slice> element (Peter Krempa) [Orabug: 32164351] - qemu: Add support for slices of type 'storage' (Peter Krempa) [Orabug: 32164351] - tests: qemublock: Add cases for creating image overlays on top of disks with <slice> (Peter Krempa) [Orabug: 32164351] - qemu: block: Properly format storage slice into backing store strings (Peter Krempa) [Orabug: 32164351] - qemu: domain: Store nodenames of slice in status XML (Peter Krempa) [Orabug: 32164351] - conf: Implement support for <slices> of disk source (Peter Krempa) [Orabug: 32164351] - docs: Document the new <slices> sub-element of disk's <source> (Peter Krempa) [Orabug: 32164351] - qemu: block: forbid creation of storage sources with <slice> (Peter Krempa) [Orabug: 32164351] - qemuDomainValidateStorageSource: Reject unsupported slices (Peter Krempa) [Orabug: 32164351] - qemuBlockStorageSourceGetFormatRawProps: format 'offset' and 'size' for slice (Peter Krempa) [Orabug: 32164351] - util: virstoragefile: Add data structure for storing storage source slices (Peter Krempa) [Orabug: 32164351] - tests: virstorage: Add test data for json specified raw image with offset/size (Peter Krempa) [Orabug: 32164351] - docs: formatdomain: Close <source> on one of disk examples (Peter Krempa) [Orabug: 32164351] - qemu: domain: Refactor formatting of node names into status XML (Peter Krempa) [Orabug: 32164351] - tests: virstorage: Add test cases for 'json:' pseudo-URI without 'file' wrapper (Peter Krempa) [Orabug: 32164351] - virStorageSourceParseBackingJSON: Prevent arbitrary nesting with format drivers (Peter Krempa) [Orabug: 32164351] - virStorageSourceParseBackingJSON: Allow 'json:' pseudo URIs without 'file' wrapper (Peter Krempa) [Orabug: 32164351] - virStorageSourceJSONDriverParser: annotate 'format' drivers (Peter Krempa) [Orabug: 32164351] - virStorageSourceParseBackingJSON: Move deflattening of json: URIs out of recursion (Peter Krempa) [Orabug: 32164351] - virStorageSourceParseBackingJSON: Pass around original backing file string (Peter Krempa) [Orabug: 32164351] - qemu: enable blockdev support (Peter Krempa) [Orabug: 32164351] - qemu: Instantiate pflash via -machine when using blockdev (Peter Krempa) [Orabug: 32164351] - qemu: command: Build the 'pflash' drives via -machine (Peter Krempa) [Orabug: 32164351] - qemu: command: Build -blockdev-s for backing of pflash (Peter Krempa) [Orabug: 32164351] - qemu: domain: Introduce helper to convert <loader> into virStorageSource (Peter Krempa) [Orabug: 32164351] - qemu: domain: Store virStorageSources representing pflash backing (Peter Krempa) [Orabug: 32164351] - qemu: command: Extract formatting of -drive for pflash (Peter Krempa) [Orabug: 32164351] - qemu: capabilities: Add detection of the 'savevm' fix for -blockdev (Peter Krempa) [Orabug: 32164351] - qemu: qapi: Add support for command features (Peter Krempa) [Orabug: 32164351] - qemu: caps: Add capability for dynamic 'auto-read-only' support for files (Peter Krempa) [Orabug: 32164351] - tests: qemucapabilities: Refresh data for unreleased qemu-4.2 on x86_64 (Peter Krempa) [Orabug: 32164351] - qemu: caps: Base support of 'backingStoreInput' domain feature on QEMU_CAPS_BLOCKDEV (Peter Krempa) [Orabug: 32164351] - docs: Document support for obeying <backingStore> of <disk> on input (Peter Krempa) [Orabug: 32164351] - conf: domcaps: Add 'backingStoreInput' domain capability (Peter Krempa) [Orabug: 32164351] - qemu: domcaps: Simplify adding new domaincaps based on qemu caps (Peter Krempa) [Orabug: 32164351] - domaincaps: Store domain capability features in an array (Peter Krempa) [Orabug: 32164351] - qemu: domcaps: Initialize all features (Peter Krempa) [Orabug: 32164351] - domcaps: Add function for initializing domain caps as unsupported (Peter Krempa) [Orabug: 32164351] - conf: domaincaps: Use virXMLFormatElement in virDomainCapsFormatFeatures (Peter Krempa) [Orabug: 32164351] - conf: domaincaps: Extract formatting of the <features> subelement (Peter Krempa) [Orabug: 32164351] - conf: domaincaps: Replace FORMAT_SINGLE macro by a function (Peter Krempa) [Orabug: 32164351] - conf: capabilities: Modernize virCapabilitiesFormatMemoryBandwidth (Peter Krempa) [Orabug: 32164351] - conf: caps: Modernize virCapabilitiesFormatCaches (Peter Krempa) [Orabug: 32164351] - conf: turn virDomainMemtuneFormat void (Peter Krempa) [Orabug: 32164351] - conf: domain: Split up formatting of <memtune> and <memoryBacking> (Peter Krempa) [Orabug: 32164351] - conf: Rename virDomainCapsFeature to virDomainProcessCapsFeature (Peter Krempa) [Orabug: 32164351] - conf: storagecaps: Fix broken attempt at being const-correct (Peter Krempa) [Orabug: 32164351] - conf: domaincaps: Fix broken attempt at being const-correct (Peter Krempa) [Orabug: 32164351] - qemu: caps: Make capability filler functions void (Peter Krempa) [Orabug: 32164351] - util: buffer: Add init macro for automatically setting child XML indent (Peter Krempa) [Orabug: 32164351] - qemu: snapshot: Fix inactive external snapshots when backing chain is present (Peter Krempa) [Orabug: 32164351] - qemu: blockjob: Transfer 'readonly' state of images after active layer block commit (Peter Krempa) [Orabug: 32164351] - qemu: command: Use XML based disk bus convertor in error message (Peter Krempa) [Orabug: 32164351] - storagefile: Fill in meta->externalDataStore (Cole Robinson) [Orabug: 32164351] - storagefile: Add externalDataStore member (Cole Robinson) [Orabug: 32164351] - storagefile: Split out virStorageSourceNewFromChild (Cole Robinson) [Orabug: 32164351] - storagefile: Don't access backingStoreRaw directly in FromBackingRelative (Cole Robinson) [Orabug: 32164351] - storagefile: Fill in meta->externalDataStoreRaw (Cole Robinson) [Orabug: 32164351] - storagefile: Add externalDataStoreRaw member (Cole Robinson) [Orabug: 32164351] - storagefile: Fix backing format \0 check (Cole Robinson) [Orabug: 32164351] - storagefile: Rename qcow2GetExtensions 'format' argument (Cole Robinson) [Orabug: 32164351] - storagefile: Rename qcow2GetBackingStoreFormat (Cole Robinson) [Orabug: 32164351] - storagefile: Push extension_end calc to qcow2GetBackingStoreFormat (Cole Robinson) [Orabug: 32164351] - storagefile: Push 'start' into qcow2GetBackingStoreFormat (Cole Robinson) [Orabug: 32164351] - storagefile: Use qcowXGetBackingStore directly (Cole Robinson) [Orabug: 32164351] - storagefile: Drop now unused isQCow2 argument (Cole Robinson) [Orabug: 32164351] - storagefile: Check version to determine if qcow2 or not (Cole Robinson) [Orabug: 32164351] - storagefile: qcow1: Let qcowXGetBackingStore fill in format (Cole Robinson) [Orabug: 32164351] - storagefile: qcow1: Fix check for empty backing file (Cole Robinson) [Orabug: 32164351] - storagefile: qcow1: Check for BACKING_STORE_OK (Cole Robinson) [Orabug: 32164351] - qemu: snapshot: Don't update current snapshot until we're done (Peter Krempa) [Orabug: 32164351] - qemu: block: Replace snapshot transaction action generator (Peter Krempa) [Orabug: 32164351] - tests: qemumonitor: Add testing for the 'transaction' command and generators (Peter Krempa) [Orabug: 32164351] - qemu: monitor: Add transaction generators for snapshot APIs (Peter Krempa) [Orabug: 32164351] - qemu: monitor: Add transaction generators for dirty bitmap APIs (Peter Krempa) [Orabug: 32164351] - tests: qemucapabilities: fix 4.2.0 qemucapabilities (Joe Jin) [Orabug: 32164351] - qemu: checkpoint: Do ACL check prior to snapshot interlocking (Peter Krempa) [Orabug: 32164351] - qemu: driver: Remove misplaced qemuDomainObjEndJob in qemuDomainCheckpointGetXMLDesc (Peter Krempa) [Orabug: 32164351] - conf: Drop pointless 'domain' argument from virDomainSnapshotRedefinePrep (Peter Krempa) [Orabug: 32164351] - conf: Drop pointless 'domain' argument from virDomainCheckpointRedefinePrep (Peter Krempa) [Orabug: 32164351] - tests: qemucapabilities: Update caps of qemu-4.1 to released version (Peter Krempa) [Orabug: 32164351] - tests: add qemu capabilities data for qemu 4.2 (Peter Krempa) [Orabug: 32164351] - lxc: fix compile error (Joe Jin) [Orabug: 32164351] - qemu: driver: Remove QEMU_ADD_BLOCK_PARAM_LL macro (Peter Krempa) [Orabug: 32164351] - qemu: driver: Don't return anything from qemuDomainBlockStatsGatherTotals (Peter Krempa) [Orabug: 32164351] - qemu: driver: Remove pointless macro QEMU_BLOCK_STAT_TOTAL (Peter Krempa) [Orabug: 32164351] - qemu: monitor: Change fields in qemuBlockStats to 'unsigned' (Peter Krempa) [Orabug: 32164351] - qemu: monitor: Refactor cleanup in qemuMonitorJSONGetAllBlockStatsInfo (Peter Krempa) [Orabug: 32164351] - qemu: monitor: Refactor cleanup in qemuMonitorJSONGetOneBlockStatsInfo (Peter Krempa) [Orabug: 32164351] - qemu: monitor: Refactor cleanup in qemuMonitorJSONBlockStatsCollectData (Peter Krempa) [Orabug: 32164351] - qemu: Remove stale comment for qemuDomainBlockStats (Peter Krempa) [Orabug: 32164351] - qemu_blockjob: Remove secdriver metadata for whole backing chain on job completion (Michal Privoznik) [Orabug: 32164351] - qemu: hotplug: Use VIR_AUTOFREE() instead VIR_FREE for strings (Daniel Henrique Barboza) [Orabug: 32164351] - qemu: snapshot: Do ACL check prior to checkpoint interlocking (Peter Krempa) [Orabug: 32164351] - qemuCheckDiskConfigAgainstDomain: Validate disk's SCSI address iff disk is SCSI (Xu Yandong) [Orabug: 32164351] - qemuSharedDeviceEntryRemove: Free domain name before VIR_DELETE_ELEMENT (Xu Yandong) [Orabug: 32164351] - qemu_capabilities: Temporarily disable dbus-vmstate capability (Michal Privoznik) [Orabug: 32164351] - Revert 'qemu: add socket datagram capability' (Michal Privoznik) [Orabug: 32164351] - tests: qemustatusxml2xml: Fix disk target mess (Peter Krempa) [Orabug: 32164351] - snapshot: Store both config and live XML in the snapshot domain (Maxiwell S. Garcia) [Orabug: 32164351] - qemu: formatting XML from domain def choosing the root name (Maxiwell S. Garcia) [Orabug: 32164351] - qemu: Don't leak domain def when RevertToSnapshot fails (Jiri Denemark) [Orabug: 32164351] - qemu: Fix regression in snapshot-revert (Eric Blake) [Orabug: 32164351] - lib: Define and use autofree for virConfPtr (Michal Privoznik) [Orabug: 32164351] - qemu_conf: Use more of VIR_AUTOUNREF() (Michal Privoznik) [Orabug: 32164351] - qemu_conf: Use more of VIR_AUTOFREE() (Michal Privoznik) [Orabug: 32164351] - qemu_conf: Drop a pair of needless 'cleanup' labels (Michal Privoznik) [Orabug: 32164351] - virhostdev: Don't unref @pcidevs twice (Michal Privoznik) [Orabug: 32164351] - qemu_conf.c: introduce qemuAddRemoveSharedDeviceInternal (Daniel Henrique Barboza) [Orabug: 32164351] - qemu_conf.c: introduce qemuAddRemoveSharedDiskInternal (Daniel Henrique Barboza) [Orabug: 32164351] - qemu_conf.c: introduce qemuAddRemoveSharedHostdevInternal (Daniel Henrique Barboza) [Orabug: 32164351] - remote: fix UNIX socket path being incorrectly built for libvirtd (eater) [Orabug: 32164351] - lib: Grab write lock when modifying list of domains (Michal Privoznik) [Orabug: 32164351] - qemu: reset VM id after external devices stop (Marc-Andre Lureau) [Orabug: 32164351] - qemu: add dbus-vmstate capability (Marc-Andre Lureau) [Orabug: 32164351] - qemu: add socket datagram capability (Marc-Andre Lureau) [Orabug: 32164351] - tests: fix xml2xml tpm-emulator.xml test (Marc-Andre Lureau) [Orabug: 32164351] - qemu: migration: Switch to blockdev mode for non-shared storage migration (Peter Krempa) [Orabug: 32164351] - qemu: migration: Refactor cleanup in qemuMigrationSrcNBDStorageCopy (Peter Krempa) [Orabug: 32164351] - qemu: migration: Refactor cleanup in qemuMigrationSrcNBDStorageCopyBlockdev (Peter Krempa) [Orabug: 32164351] - qemu: Defer support checks for external active snapshots to blockdev code or qemu (Peter Krempa) [Orabug: 32164351] - qemu: Add -blockdev support for external snapshots (Peter Krempa) [Orabug: 32164351] - qemu: snapshot: Skip overlay file creation/interogation if unsupported (Peter Krempa) [Orabug: 32164351] - qemu: Merge use of 'reuse' flag in qemuDomainSnapshotDiskPrepareOne (Peter Krempa) [Orabug: 32164351] - qemu: Disband qemuDomainSnapshotCreateSingleDiskActive (Peter Krempa) [Orabug: 32164351] - qemu: snapshot: Rename external disk snapshot handling functions (Peter Krempa) [Orabug: 32164351] - qemu: snapshot: Move error preservation to qemuDomainSnapshotDiskDataCleanup (Peter Krempa) [Orabug: 32164351] - qemu: snapshot: Save status and config XMLs only on success (Peter Krempa) [Orabug: 32164351] - qemu: snapshot: Fix image lock handling when taking a snapshot (Peter Krempa) [Orabug: 32164351] - qemu: driver: Fix shallow non-reuse block copy (Peter Krempa) [Orabug: 32164351] - qemu: Explicitly pass backing store to qemuBuildStorageSourceChainAttachPrepareBlockdevTop (Peter Krempa) [Orabug: 32164351] - qemu: block: explicitly pass backing store to qemuBlockStorageSourceAttachPrepareBlockdev (Peter Krempa) [Orabug: 32164351] - qemu: command: Refactor qemuBuildStorageSourceChainAttachPrepareBlockdevInternal (Peter Krempa) [Orabug: 32164351] - qemu: block: Explicitly specify backingStore when creating format layer props (Peter Krempa) [Orabug: 32164351] - qemu: block: Unify conditions to format backing store of format node definition (Peter Krempa) [Orabug: 32164351] - qemu: Prevent storage causing too much nested XML (Peter Krempa) [Orabug: 32164351] - qemu: domain: Refactor cleanup in qemuDomainDetermineDiskChain (Peter Krempa) [Orabug: 32164351] - qemu: hotplug: Setup disk throttling with blockdev (Peter Krempa) [Orabug: 32164351] - qemu: hotplug: Use VIR_AUTOFREE in qemuDomainAttachDiskGeneric (Peter Krempa) [Orabug: 32164351] - qemu: hotplug: Simplify cleanup in qemuDomainChangeMediaLegacy (Peter Krempa) [Orabug: 32164351] - qemu: Fix qemuDomainObjTaint with virtlogd (Jiri Denemark) [Orabug: 32164351] - qemu: monitor: Fix formatting of 'offset' in qemuMonitorJSONSaveMemory (Peter Krempa) [Orabug: 32164351] - tests: qemublock: Use bigger numbers as dummy capacity/physical (Peter Krempa) [Orabug: 32164351] - qemu: block: Use correct type when creating image size JSON entries (Peter Krempa) [Orabug: 32164351] - Exadata: protect vNUMA/SMT from artificially injected faults (Wim ten Have) [Orabug: 32708041] - virnetserver: fix some memory leaks in virNetTLSContextReloadForServer (Jin Yan) - virt-admin: Introduce command srv-update-tls (Zhang Bo) [Orabug: 32768102] - admin: Introduce virAdmServerUpdateTlsFiles (Zhang Bo) [Orabug: 32768102] - tls: Add a mutex lock on 'tlsCtxt' (Zhang Bo) [Orabug: 32768102] - virnetserver: Introduce virNetServerUpdateTlsFiles (Zhang Bo) [Orabug: 32768102] [5.7.0-27.el8] - Exadata: protect libvirt hugepage acquisition from QEMU async init (Wim ten Have) [Orabug: 32561685] [5.7.0-26.el8] - exadata: Fix autonomous hugepage acquisition barrier hang (Wim ten Have) [Orabug: 32537538] - exadata: Fix CPU Packing when out of pCPUs (Wim ten Have) [Orabug: 32527311] [5.7.0-25.el8] - exadata: force a host CPUs reserved pCPU threshold (Wim ten Have) [Orabug: 32516090] [5.7.0-24.el8] - exadata: Add configurable libvirtd mlockall support (Wim ten Have) [Orabug: 32479237] - exadata: hint a configurable number of memory init threads to qemu (Wim ten Have) [Orabug: 32460334] - Exadata: domain group should allow for asymmetric creation (Wim ten Have) [Orabug: 32060622] [5.7.0-23.el8] - util: remove unneeded cleanup labels (Wim ten Have) [Orabug: 32399255] - virnuma: Don't work around numa_node_to_cpus() for non-existent nodes (Wim ten Have) [Orabug: 32379098] [5.7.0-22.el8] - build: add dependency to help patch tooling (Menno Lageman) [Orabug: 32284540] - Exadata: fix active guest dgroup-delete requests (Wim ten Have) [Orabug: 32095306] - Exadata: fix a rogue Domain Groups dgroup-undefine flaw (Wim ten Have) [Orabug: 31945084] [2.7.0-21.el8] - exadata: Fix the validation when defining domain groups (Wim ten Have) [Orabug: 32085856] - qemu: improve error message when guest vcpu count exceeds domain group limit (Menno Lageman) [Orabug: 31985111] - qemu: Autonomous hugepage acquisition for 2-MiB and 1-GiB guest memoryBacking (Wim ten Have) - qemu: Fix a qemuMemReleaseHostHugepages state error (Wim ten Have) [Orabug: 32069203] - qemu: avoid guest CPU process handling if exadataConfig is disabled (Wim ten Have) [Orabug: 32053696] - domain_conf: Relax SCSI addr used check (Michal Privoznik) [Orabug: 31386162] - domain_conf: Make virDomainDeviceFindSCSIController accept virDomainDeviceDriveAddress struct (Michal Privoznik) [Orabug: 31386162] - qemu: remove use of qemuDomainObjBeginJobWithAgent() (Jonathon Jongsma) [Orabug: 31990187] {CVE-2019-20485} - qemu: agent: set ifname to NULL after freeing (Jan Tomko) [Orabug: 31964426] {CVE-2020-25637} - rpc: require write acl for guest agent in virDomainInterfaceAddresses (Jan Tomko) [Orabug: 31964426] {CVE-2020-25637} - rpc: add support for filtering @acls by uint params (Jan Tomko) [Orabug: 31964426] {CVE-2020-25637} - rpc: gendispatch: handle empty flags (Jan Tomko) [Orabug: 31964426] {CVE-2020-25637} [5.7.0-19.el8] - qemu: Verify use of hugepages when releasing its acquired status (Wim ten Have) [Orabug: 31839035] - qemu: Autonomous hugepages acquisition and release (Wim ten Have) [Orabug: 31367986] [5.7.0-17.el8] - qemu: Fix cpu boundary checks when starting or configuring guest domains. (Wim ten Have) [Orabug: 31469231] - libvirt: Allocate max possible CPUs for QEMU to prepare guest memory (Wim ten Have) [Orabug: 31064560] [5.7.0-16.el8] - qemu: format 'x-aw-bits' on intel-iommu command line (Menno Lageman) - qemu: format address wdith on intel-iommu command line (Menno Lageman) - conf: add address width attribute to iommu (Menno Lageman) - tests: add tests for host-phys-bits KVM feature (Menno Lageman) [Orabug: 31354547] - qemu: support host-phys-bits KVM feature (Menno Lageman) [Orabug: 31374547] - storage: Fix daemon crash on lookup storagepool by targetpath (Yi Li) [Orabug: 31439483] {CVE-2020-10703} [5.7.0-15.el8] - qemu: Escape the qemu driver systemd DOT hoax (Wim ten Have) [Orabug: 31380815] [5.7.0-14.el8] - vmx: make 'fileName' optional for CD-ROMs (Pino Toscano) [Orabug: 31350200] - vmx: shortcut earlier few 'ignore' cases in virVMXParseDisk() (Pino Toscano) [Orabug: 31350200] - domain group: Fix a potential SEGV while restoring guest domains (Wim ten Have) [Orabug: 31285615] - cpu_map: Distinguish Cascadelake-Server from Skylake-Server (Jiri Denemark) [Orabug: 31214897] - cpu_map: Add more -noTSX x86 CPU models (Christian Ehrhardt) [Orabug: 31214897] - qemuDomainGetStatsIOThread: Don't leak array with 0 iothreads (Peter Krempa) [Orabug: 31251756] {CVE-2020-12430} [5.7.0-13.el8] - domain groups: Fix multiple Domain Group vCPU administration flaws (Wim ten Have) [Orabug: 31145304] - qemu: fix missing #if defined(ENABLE_EXADATA) (Menno Lageman) - build: Fix qemu-submodule-init syntax-check issue (Wim ten Have) - libvirt: Fix various introduced Fedora/RHEL build violations (Wim ten Have) [Orabug: 31143337] - qemu: don't hold both jobs for suspend (Jonathon Jongsma) [Orabug: 31073098] {CVE-2019-20485} - domain groups: qemu driver error refers to pCPUs instead of vCPUs (Wim ten Have) [Orabug: 31075757] - node_device_conf: Don't leak @physical_function in virNodeDeviceGetPCISRIOVCaps (Jiang Kun) [Orabug: 31070337] [5.7.0-12.el8] - libvirt: vNUMA automatic host paritioning allows erroneous vcpu settings (Wim ten Have) [Orabug: 31050313] - remote: do not stop libvirtd after period of inactivity (Menno Lageman) [Orabug: 31003707] - remote: do not use socket activation by default (Menno Lageman) [Orabug: 31003707] - qemu driver: handle targetNode under memory hot-plug operations (Wim ten Have) [Orabug: 31009716] - domain groups: refresh dgbase host capabilities prior to defining a new group (Wim ten Have) [Orabug: 31026069] - domain groups: Always cleanup system.slice controlled hugepage reservations (Wim ten Have) [Orabug: 31025853] - domain groups: Enable DGs upon fresh groups arrival (Wim ten Have) [Orabug: 31021247] - domain groups: Skip undefined domain groups when validating lists (Wim ten Have) [Orabug: 31030117] [5.7.0-11.el8] - domain groups: Add functionality to control NUMA node alignment (Wim ten Have) [Orabug: 30988105] - domain groups: A rename should always update active and config domain definitions (Wim ten Have) [Orabug: 30999730] [5.7.0-10.el8] - domain groups: refresh dgbase depending host capabilities before rendering the cpuguestmask (Wim ten Have) [Orabug: 30987361] - conf: domain group validation errors should print correct group info (Menno Lageman) [Orabug: 30988428] - qemu: reserve hugepages when memoryBacking when live attaching memory (Wim ten Have) [Orabug: 30985510] - domain groups: avoid virDomainGroupInit if exadataConfig is disabled (Wim ten Have) [Orabug: 30985907] [5.7.0-9.el8] - vNUMA: distinguish standard and vNUMA memory 'setmaxmem' operations (Wim ten Have) [Orabug: 30894536] [5.7.0-8.el8] - domain groups: End Of BETA (Wim ten Have) - domaingroups: ExaData Domain Groups POC (Wim ten Have) - domaingroup: preliminary virsh support for domain groups - drop #4 (Menno Lageman) - tests: add various tests to exercise vNUMA host partitioning (Wim ten Have) [Orabug: 29720293] - qemu: driver changes for new vNUMA Host and Nodeset partitioning (Wim ten Have) [Orabug: 29720293] - XML definitions for guest vNUMA and parsing routines (Wim ten Have) [Orabug: 29720293] - Revert 'exadata: can not configure shared memory hosted disk devices for vhostmd.service' (Menno Lageman) - qemu: Forcibly mknod() even if it exists (Michal Privoznik) [5.7.0-5.el8] - exadata: can not configure shared memory hosted disk devices for vhostmd.service (Menno Lageman) [Orabug: 30598065] [5.7.0-4.el8] - build: skip copyright check for gnulib (Menno Lageman) - Revert 'network: pull global chain init into separate method' (Menno Lageman) [Orabug: 30611188] - Revert 'network: add more debugging of firewall chain creation' (Menno Lageman) [Orabug: 30611188] - Revert 'network: delay global firewall setup if no networks are running' (Menno Lageman) [Orabug: 30611188] - qemu-submodule-init: Add Git submodule init script (Karl Heubaum) [Orabug: 30796221] [5.7.0-3.el8] - Add VMware esx support (Menno Lageman) [Orabug: 30449929] [5.7.0-2.el8] - enable VMware hypervisor driver libvirt-dbus [1.3.0-2.el8] - Resolves: bz#2000225 (Rebase virt:rhel module:stream based on AV-8.6) [1.3.0] - Resolves: bz#1810193 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release) [1.2.0-3] - Rebuild all virt packages to fix RHEL's upgrade path - Resolves: rhbz#1695587 (Ensure modular RPM upgrade path) [1.2.0-2] - util: fix virtDBusUtilDecodeUUID (rhbz#1647823) [1.2.0-1] - Rebased to libvirt-dbus-1.2.0 (rhbz#1630196) [1.0.0-1] - Rebase from Fedora libvirt-python [9.0.0-7.el8] - Update to libvirt 9.0.0-7 (Karl Heubaum) [9.0.0-6.el8] - Update to libvirt 9.0.0-6 (Karl Heubaum) [9.0.0-5.el8] - Update to libvirt 9.0.0-5 (Karl Heubaum) [9.0.0-4.el8] - Update to libvirt 9.0.0-4 (Karl Heubaum) [9.0.0-3.el8] - Update to libvirt 9.0.0-3 (Karl Heubaum) [9.0.0-2.el8] - Update to libvirt 9.0.0-2 (Karl Heubaum) [9.0.0-1.el8] - Update to 9.0.0 release (Karl Heubaum) [7.10.0-2.el8] - Update version number to match libvirt 7.10.0-2 (Karl Heubaum) [7.10.0-1.el8] - Update to 7.10.0 release (Karl Heubaum) [7.9.0] - Update to 7.9.0 release (Karl Heubaum) nbdkit netcf perl-Sys-Virt qemu-kvm [7.2.0-16.el8] - block: fix failing assert on paused VM migration (Andrey Drobyshev) [Orabug: 37106834] - migration/multifd: Fix rb->receivedmap cleanup race (Fabiano Rosas) [Orabug: 36932320] - migration/savevm: Remove extra load cleanup calls (Fabiano Rosas) [Orabug: 36932320] - migration: fix switchover abort termination paths (Elena Ufimtseva) [Orabug: 36932320] - nbd/server: CVE-2024-7409: Avoid use-after-free when closing server (Eric Blake) [Orabug: 36921582] {CVE-2024-7409} - nbd/server: CVE-2024-7409: Close stray clients at server-stop (Eric Blake) [Orabug: 36921582] {CVE-2024-7409} - nbd/server: CVE-2024-7409: Drop non-negotiating clients (Eric Blake) [Orabug: 36921582] {CVE-2024-7409} - nbd/server: CVE-2024-7409: Cap default max-connections to 100 (Eric Blake) [Orabug: 36921582] {CVE-2024-7409} - nbd/server: Plumb in new args to nbd_client_add() (Eric Blake) [Orabug: 36921582] {CVE-2024-7409} - nbd: Minor style and typo fixes (Eric Blake) [Orabug: 36921582] {CVE-2024-7409} - scsi-disk: Always report RESERVATION_CONFLICT to guest (Kevin Wolf) - scsi-disk: Add warning comments that host_status errors take a shortcut (Kevin Wolf) - scsi-block: Don't skip callback for sgio error status/driver_status (Kevin Wolf) - scsi-disk: Use positive return value for status in dma_readv/writev (Kevin Wolf) - target/i386: Add new CPU model SierraForest (Tao Su) - target/i386: Add few security fix bits in ARCH_CAPABILITIES into SapphireRapids CPU model (Lei Wang) - target/i386: Add new bit definitions of MSR_IA32_ARCH_CAPABILITIES (Tao Su) - target/i386: Allow MCDT_NO if host supports (Tao Su) - target/i386: Add support for MCDT_NO in CPUID enumeration (Tao Su) - target/i386: Adjust feature level according to FEAT_7_1_EDX (Tao Su) - target/i386: Export MSR_ARCH_CAPABILITIES bits to guests (Pawan Gupta) - target/i386: Add support for PREFETCHIT0/1 in CPUID enumeration (Jiaxi Chen) - target/i386: Add support for AVX-NE-CONVERT in CPUID enumeration (Jiaxi Chen) - target/i386: Add support for AVX-VNNI-INT8 in CPUID enumeration (Jiaxi Chen) - target/i386: Add support for AVX-IFMA in CPUID enumeration (Jiaxi Chen) - target/i386: Add support for AMX-FP16 in CPUID enumeration (Jiaxi Chen) - target/i386: Add support for CMPCCXADD in CPUID enumeration (Jiaxi Chen) - i386: Add new CPU model SapphireRapids (Wang, Lei) - target/i386: KVM: allow fast string operations if host supports them (Paolo Bonzini) - target/i386: add FZRM, FSRS, FSRC (Paolo Bonzini) - spec: disable keyutils (Mark Kanda) [Orabug: 36903731] - meson.build: Make keyutils independent from keyring (Thomas Huth) [Orabug: 36903731] [7.2.0-15.el8] - migration: abort on destination if switchover limit exceeded (Elena Ufimtseva) - migration: introduce strict switchover SLA (Elena Ufimtseva) - migration: add error to MigrationIncomingState (Elena Ufimtseva) - migration: Set migration status early in incoming side (Fabiano Rosas) - tests/qtest: migration: Use migrate_incoming_qmp where appropriate (Fabiano Rosas) - tests/qtest: migration: Add migrate_incoming_qmp helper (Fabiano Rosas) - tests/qtest: migration: Expose migrate_set_capability (Fabiano Rosas) - vfio/migration: Multifd device state transfer support - send side (Maciej S. Szmigiero) - vfio/migration: Add x-orcl-migration-multifd-transfer VFIO property (Maciej S. Szmigiero) - vfio/migration: Multifd device state transfer support - receive side (Maciej S. Szmigiero) - migration/multifd: Add migration_has_device_state_support() (Maciej S. Szmigiero) - migration/multifd: Device state transfer support - send side (Maciej S. Szmigiero) - migration/multifd: Convert multifd_send_pages::next_channel to atomic (Maciej S. Szmigiero) - migration/multifd: Device state transfer support - receive side (Maciej S. Szmigiero) - migration: Add load_finish handler and associated functions (Maciej S. Szmigiero) - migration: Add qemu_loadvm_load_state_buffer() and its handler (Maciej S. Szmigiero) - migration: Add save_live_complete_precopy_{begin,end} handlers (Maciej S. Szmigiero) - migration/multifd: Zero p->flags before starting filling a packet (Maciej S. Szmigiero) - migration/ram: Add load start trace event (Maciej S. Szmigiero) - vfio/migration: Add save_{iterate,complete_precopy}_started trace events (Maciej S. Szmigiero) - hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs (Philippe Mathieu-Daude) [Orabug: 36869694] {CVE-2024-3446} - hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs (Philippe Mathieu-Daude) [Orabug: 36869694] {CVE-2024-3446} - hw/display/virtio-gpu: Protect from DMA re-entrancy bugs (Philippe Mathieu-Daude) [Orabug: 36869694] {CVE-2024-3446} - hw/virtio: Introduce virtio_bh_new_guarded() helper (Philippe Mathieu-Daude) [Orabug: 36869694] {CVE-2024-3446} - pcie_sriov: Validate NumVFs (Akihiko Odaki) [Orabug: 36314082] {CVE-2024-26327} - hw/nvme: Use pcie_sriov_num_vfs() (Akihiko Odaki) [Orabug: 36314111] {CVE-2024-26328} - pcie: Introduce pcie_sriov_num_vfs (Akihiko Odaki) [Orabug: 36314111] {CVE-2024-26328} - qcow2: Don't open data_file with BDRV_O_NO_IO (Kevin Wolf) [Orabug: 36801853] {CVE-2024-4467} - target/i386: drop AMD machine check bits from Intel CPUID (Paolo Bonzini) [Orabug: 36785079] - target/i386: pass X86CPU to x86_cpu_get_supported_feature_word (Paolo Bonzini) [Orabug: 36785079] - migration: prevent migration when VM has poisoned memory (William Roche) [Orabug: 35533097] - i386: Add support for overflow recovery (John Allen) [Orabug: 34691766] - i386: Add support for SUCCOR feature (John Allen) [Orabug: 34691766] - i386: Fix MCE support for AMD hosts (John Allen) [Orabug: 34691766] [7.2.0-13.el8] - vfio/migration: Enhance VFIO migration state tracing (Avihai Horon) - vfio/migration: Don't emit STOP_COPY VFIO migration QAPI event twice (Avihai Horon) - vfio/migration: Emit VFIO migration QAPI event (Avihai Horon) - qapi/vfio: Add VFIO migration QAPI event (Avihai Horon) - migration/multifd: solve zero page causing multiple page faults (Yuan Liu) [Orabug: 36727051] - multifd: Add the ramblock to MultiFDRecvParams (Lukas Straub) [Orabug: 36727051] - migration: Fix qmp_query_migrate mbps value (Fabiano Rosas) [Orabug: 36727104] - migration: Allow user to specify available switchover bandwidth (Peter Xu) [Orabug: 35636284] - migration/dirtyrate: Fix precision losses and g_usleep overshoot (Andrei Gudkov) [Orabug: 36727091] - Use new created qemu_target_pages_to_MiB() (Juan Quintela) [Orabug: 36727091] - softmmu: Create qemu_target_pages_to_MiB() (Juan Quintela) [Orabug: 36727091] - migration/calc-dirty-rate: replaced CRC32 with xxHash (Andrei Gudkov) [Orabug: 36727063] - migration/multifd: Enable multifd zero page checking by default. (Hao Xiang) [Orabug: 34131170] - migration/multifd: Implement ram_save_target_page_multifd to handle multifd version of MigrationOps::ram_save_target_page. (Hao Xiang) [Orabug: 34131170] - migration/multifd: Implement zero page transmission on the multifd thread. (Hao Xiang) [Orabug: 34131170] - migration/multifd: Add new migration option zero-page-detection. (Hao Xiang) [Orabug: 34131170] - migration: Make ram_save_target_page() a pointer (Juan Quintela) [Orabug: 34131170] - migration: Yield bitmap_mutex properly when sending/sleeping (Peter Xu) [Orabug: 34131170] - migration/multifd: Add a synchronization point for channel creation (Fabiano Rosas) [Orabug: 34131170] - migration/multifd: Unify multifd and TLS connection paths (Fabiano Rosas) [Orabug: 34131170] - migration/multifd: Move multifd_send_setup into migration thread (Fabiano Rosas) [Orabug: 34131170] - migration/multifd: Move multifd_send_setup error handling in to the function (Fabiano Rosas) [Orabug: 34131170] - migration/multifd: Remove p->running (Fabiano Rosas) [Orabug: 34131170] - migration/multifd: Optimize sender side to be lockless (Peter Xu) [Orabug: 34131170] - migration/multifd: Join the TLS thread (Fabiano Rosas) [Orabug: 34131170] - migration/multifd: Fix MultiFDSendParams.packet_num race (Peter Xu) [Orabug: 34131170] - migration/multifd: Stick with send/recv on function names (Peter Xu) [Orabug: 34131170] - migration/multifd: Cleanup multifd_load_cleanup() (Peter Xu) [Orabug: 34131170] - migration/multifd: Cleanup multifd_save_cleanup() (Peter Xu) [Orabug: 34131170] - migration/multifd: Rewrite multifd_queue_page() (Peter Xu) [Orabug: 34131170] - migration/multifd: Change retval of multifd_send_pages() (Peter Xu) [Orabug: 34131170] - migration/multifd: Change retval of multifd_queue_page() (Peter Xu) [Orabug: 34131170] - migration/multifd: Split multifd_send_terminate_threads() (Peter Xu) [Orabug: 34131170] - migration/multifd: Forbid spurious wakeups (Peter Xu) [Orabug: 34131170] - migration/multifd: Move header prepare/fill into send_prepare() (Peter Xu) [Orabug: 34131170] - migration/multifd: multifd_send_prepare_header() (Peter Xu) [Orabug: 34131170] - migration/multifd: Move trace_multifd_send|recv() (Peter Xu) [Orabug: 34131170] - migration/multifd: Move total_normal_pages accounting (Peter Xu) [Orabug: 34131170] - migration/multifd: Rename p->num_packets and clean it up (Peter Xu) [Orabug: 34131170] - migration/multifd: Drop pages->num check in sender thread (Peter Xu) [Orabug: 34131170] - migration/multifd: Simplify locking in sender thread (Peter Xu) [Orabug: 34131170] - migration/multifd: Separate SYNC request with normal jobs (Peter Xu) [Orabug: 34131170] - migration/multifd: Drop MultiFDSendParams.normal[] array (Peter Xu) [Orabug: 34131170] - migration/multifd: Postpone reset of MultiFDPages_t (Peter Xu) [Orabug: 34131170] - migration/multifd: Remove MultiFDPages_t::packet_num (Fabiano Rosas) [Orabug: 34131170] - migration/multifd: Drop MultiFDSendParams.quit, cleanup error paths (Peter Xu) [Orabug: 34131170] - migration/multifd: multifd_send_kick_main() (Peter Xu) [Orabug: 34131170] - migration/multifd: Fix leaking of Error in TLS error flow (Avihai Horon) [Orabug: 34131170] - migration/ram: Merge save_zero_page functions (Fabiano Rosas) [Orabug: 34131170] - migration/ram: Move xbzrle zero page handling into save_zero_page (Fabiano Rosas) [Orabug: 34131170] - migration/multifd: Stop setting p->ioc before connecting (Fabiano Rosas) [Orabug: 34131170] - migration: Centralize BH creation and dispatch (Fabiano Rosas) [Orabug: 34131170] - migration: Add a wrapper to qemu_bh_schedule (Fabiano Rosas) [Orabug: 34131170] - migration: Remove transferred atomic counter (Juan Quintela) [Orabug: 35636284] - migration: Use migration_transferred_bytes() (Juan Quintela) [Orabug: 35636284] - migration: migration_rate_limit_reset() don't need the QEMUFile (Juan Quintela) [Orabug: 35636284] - migration: migration_transferred_bytes() don't need the QEMUFile (Juan Quintela) [Orabug: 35636284] - multifd: reset next_packet_len after sending pages (Elena Ufimtseva) [Orabug: 35636284] - multifd: fix counters in multifd_send_thread (Elena Ufimtseva) [Orabug: 35636284] - migration/multifd: Compute transferred bytes correctly (Juan Quintela) [Orabug: 35636284] - migration: check for rate_limit_max for RATE_LIMIT_DISABLED (Elena Ufimtseva) [Orabug: 35636284] - migration: Use the number of transferred bytes directly (Juan Quintela) [Orabug: 35636284] - qemu_file: Use a stat64 for qemu_file_transferred (Juan Quintela) [Orabug: 35636284] - migration: set file error on subsection loading (Marc-Andre Lureau) [Orabug: 35636284] - migration: Receiving a zero page non zero is an error (Juan Quintela) [Orabug: 35636284] - migration/multifd: Stop checking p->quit in multifd_send_thread (Fabiano Rosas) [Orabug: 35636284] - migration/multifd: Clarify Error usage in multifd_channel_connect (Fabiano Rosas) [Orabug: 35636284] - multifd: cleanup the function multifd_channel_connect (Li Zhang) [Orabug: 35636284] - migration/multifd: Unify multifd_send_thread error paths (Fabiano Rosas) [Orabug: 35636284] - migration: Non multifd migration don't care about multifd flushes (Juan Quintela) [Orabug: 35636284] - migration: fix RAMBlock add NULL check (Dmitry Frolov) [Orabug: 35829153] - migration: We don't need the field rate_limit_used anymore (Juan Quintela) [Orabug: 35636284] - migration: Use migration_transferred_bytes() to calculate rate_limit (Juan Quintela) [Orabug: 35636284] - migration: Add a trace for migration_transferred_bytes (Juan Quintela) [Orabug: 35636284] - migration: Move migration_total_bytes() to migration-stats.c (Juan Quintela) [Orabug: 35636284] - qemu-file: Remove total from qemu_file_total_transferred_*() (Juan Quintela) [Orabug: 35636284] - migration: Move rate_limit_max and rate_limit_used to migration_stats (Juan Quintela) [Orabug: 35636284] - qemu-file: Account for rate_limit usage on qemu_fflush() (Juan Quintela) [Orabug: 35636284] - migration: Don't use INT64_MAX for unlimited rate (Juan Quintela) [Orabug: 35636284] - qemu-file: Make rate_limit_used an uint64_t (Juan Quintela) [Orabug: 35636284] - qemu-file: make qemu_file_[sg]et_rate_limit() use an uint64_t (Juan Quintela) [Orabug: 35636284] - migration: We set the rate_limit by a second (Juan Quintela) [Orabug: 35829153] - migration: A rate limit value of 0 is valid (Juan Quintela) [Orabug: 35636284] - qemu-file: Make ram_control_save_page() use accessors for rate_limit (Juan Quintela) [Orabug: 35636284] - qemu-file: Make total_transferred an uint64_t (Juan Quintela) [Orabug: 35636284] - qemu-file: No need to check for shutdown in qemu_file_rate_limit (Juan Quintela) [Orabug: 35636284] - migration: Document all migration_stats (Juan Quintela) [Orabug: 35636284] - multifd: We already account for this packet on the multifd thread (Juan Quintela) [Orabug: 35636284] - migration: Make dirty_bytes_last_sync atomic (Juan Quintela) [Orabug: 35636284] - migration: Make dirty_pages_rate atomic (Juan Quintela) [Orabug: 35636284] - stat64: Add stat64_set() operation (Paolo Bonzini) [Orabug: 35636284] - multifd: Only flush once each full round of memory (Juan Quintela) [Orabug: 35636284] - migration: Make find_dirty_block() return a single parameter (Juan Quintela) [Orabug: 35636284] - migration: Simplify ram_find_and_save_block() (Juan Quintela) [Orabug: 35636284] - multifd: Protect multifd_send_sync_main() calls (Juan Quintela) [Orabug: 35636284] - multifd: Create property multifd-flush-after-each-section (Juan Quintela) [Orabug: 35636284] - multifd: Fix the number of channels ready (Juan Quintela) [Orabug: 35636284] - migration: Rename normal to normal_pages (Juan Quintela) [Orabug: 35636284] - migration: Rename duplicate to zero_pages (Juan Quintela) [Orabug: 35636284] - migration: Make dirty_sync_count atomic (Juan Quintela) [Orabug: 35636284] - migration: Make downtime_bytes atomic (Juan Quintela) [Orabug: 35636284] - migration: Make precopy_bytes atomic (Juan Quintela) [Orabug: 35636284] - migration: Make dirty_sync_missed_zero_copy atomic (Juan Quintela) [Orabug: 35636284] - migration: Make multifd_bytes atomic (Juan Quintela) [Orabug: 35636284] - migration: Update atomic stats out of the mutex (Juan Quintela) [Orabug: 35636284] - migration: Merge ram_counters and ram_atomic_counters (Juan Quintela) [Orabug: 35636284] - migration/multifd: correct multifd_send_thread to trace the flags (Wei Wang) [Orabug: 35636284] - ram: Document migration ram flags (Juan Quintela) [Orabug: 35636284] - migration: Calculate ram size once (Juan Quintela) [Orabug: 35636284] - multifd: Fix a race on reading MultiFDPages_t.block (Zhenzhong Duan) [Orabug: 35636284] - migration: Use atomic ops properly for page accountings (Peter Xu) [Orabug: 35636284] - migration: Export ram_release_page() (Juan Quintela) [Orabug: 35636284] - migration: Export ram_transferred_ram() (Juan Quintela) [Orabug: 35636284] - multifd: Create page_count fields into both MultiFD{Recv,Send}Params (Juan Quintela) [Orabug: 35636284] - multifd: Create page_size fields into both MultiFD{Recv,Send}Params (Juan Quintela) [Orabug: 35636284] - migration: Fix migration_channel_read_peek() error path () (Avihai Horon) [Orabug: 36726827] - migration/multifd: Remove error_setg() in migration_ioc_process_incoming() (Avihai Horon) [Orabug: 36726827] - migration: Refactor migration_incoming_setup() (Avihai Horon) [Orabug: 36726827] - migration: check magic value for deciding the mapping of channels (manish.mishra) [Orabug: 36726827] - io: Add support for MSG_PEEK for socket channel (manish.mishra) [Orabug: 36726827] - hw/sd/sdhci: Do not update TRNMOD when Command Inhibit (DAT) is set (hilippe Mathieu-Daude) [Orabug: 36575206] {CVE-2024-3447} - block: lock AioContext in bdrv_replace_child_noperm() when in non-coroutine context (Mark Kanda) [Orabug: 36514180] - hw/scsi/scsi-generic: Fix io_timeout property not applying (Lorenz Brun) [Orabug: 36637684] - target/i386/monitor: synchronize cpu state for lapic info (Dongli Zhang) [Orabug: 36607747] - qemu_init: increase NOFILE soft limit on POSIX (Fiona Ebner) [Orabug: 36416389] [7.2.0-11.el8] - vfio/migration: Add a note about migration rate limiting (Avihai Horon) [Orabug: 36329758] - vfio/migration: Refactor vfio_save_state() return value (Avihai Horon) [Orabug: 36329758] - migration: Don't serialize devices in qemu_savevm_state_iterate() (Avihai Horon) [Orabug: 36329758] - ui/clipboard: add asserts for update and request (Fiona Ebner) [Orabug: 36323175] {CVE-2023-6683} - ui/clipboard: mark type as not available when there is no data (Fiona Ebner) [Orabug: 36323175] {CVE-2023-6683} - virtio-net: correctly copy vnet header when flushing TX (Jason Wang) [Orabug: 36154459] {CVE-2023-6693} - esp: restrict non-DMA transfer length to that of available data (Mark Cave-Ayland) [Orabug: 36322141] {CVE-2024-24474} - vhost: Perform memory section dirty scans once per iteration (Si-Wei Liu) - vhost: dirty log should be per backend type (Si-Wei Liu) - net: Update MemReentrancyGuard for NIC (Akihiko Odaki) [Orabug: 35644197] {CVE-2023-3019} - net: Provide MemReentrancyGuard * to qemu_new_nic() (Akihiko Odaki) [Orabug: 35644197] {CVE-2023-3019} - lsi53c895a: disable reentrancy detection for MMIO region, too (Thomas Huth) [Orabug: 33774027] {CVE-2021-3750} - memory: stricter checks prior to unsetting engaged_in_io (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - async: avoid use-after-free on re-entrancy guard (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - apic: disable reentrancy detection for apic-msi (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - raven: disable reentrancy detection for iomem (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - bcm2835_property: disable reentrancy detection for iomem (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - lsi53c895a: disable reentrancy detection for script RAM (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - hw: replace most qemu_bh_new calls with qemu_bh_new_guarded (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - checkpatch: add qemu_bh_new/aio_bh_new checks (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - async: Add an optional reentrancy guard to the BH API (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - memory: prevent dma-reentracy issues (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - hw/acpi: propagate vcpu hotplug after switch to modern interface (Aaron Young) - migration: Fix use-after-free of migration state object (Fabiano Rosas) [Orabug: 36242218] - kvm: Fix crash due to access uninitialized kvm_state (Gavin Shan) [Orabug: 36269244] - migration: Avoid usage of static variable inside tracepoint (Joao Martins) - migration: Add tracepoints for downtime checkpoints (Peter Xu) - migration: migration_stop_vm() helper (Peter Xu) - migration: Add per vmstate downtime tracepoints (Peter Xu) - migration: Add migration_downtime_start|end() helpers (Peter Xu) - migration: Set downtime_start even for postcopy (Peter Xu) - hv-balloon: implement pre-Glib 2.68 compatibility (Maciej S. Szmigiero) - hw/i386/pc: Support hv-balloon (Maciej S. Szmigiero) - qapi: Add HV_BALLOON_STATUS_REPORT event and its QMP query command (Maciej S. Szmigiero) - qapi: Add query-memory-devices support to hv-balloon (Maciej S. Szmigiero) - Add Hyper-V Dynamic Memory Protocol driver (hv-balloon) hot-add support (Maciej S. Szmigiero) - Add Hyper-V Dynamic Memory Protocol driver (hv-balloon) base (Maciej S. Szmigiero) - Add Hyper-V Dynamic Memory Protocol definitions (Maciej S. Szmigiero) - memory-device: Drop size alignment check (David Hildenbrand) - memory-device: Support empty memory devices (David Hildenbrand) - memory,vhost: Allow for marking memory device memory regions unmergeable (David Hildenbrand) - memory: Clarify mapping requirements for RamDiscardManager (David Hildenbrand) - memory-device,vhost: Support automatic decision on the number of memslots (David Hildenbrand) - vhost: Add vhost_get_max_memslots() (David Hildenbrand) - kvm: Add stub for kvm_get_max_memslots() (David Hildenbrand) - memory-device,vhost: Support memory devices that dynamically consume memslots (David Hildenbrand) - memory-device: Track required and actually used memslots in DeviceMemoryState (David Hildenbrand) - stubs: Rename qmp_memory_device.c to memory_device.c (David Hildenbrand) - memory-device: Support memory devices with multiple memslots (David Hildenbrand) - vhost: Return number of free memslots (David Hildenbrand) - kvm: Return number of free memslots (David Hildenbrand) - vhost: Remove vhost_backend_can_merge() callback (David Hildenbrand) - vhost: Rework memslot filtering and fix 'used_memslot' tracking (David Hildenbrand) - virtio-md-pci: New parent type for virtio-mem-pci and virtio-pmem-pci (David Hildenbrand) - migration/ram: Expose ramblock_is_ignored() as migrate_ram_is_ignored() (David Hildenbrand) - virtio-mem: Skip most of virtio_mem_unplug_all() without plugged memory (David Hildenbrand) - softmmu/physmem: Warn with ram_block_discard_range() on MAP_PRIVATE file mapping (David Hildenbrand) - memory-device: Track used region size in DeviceMemoryState (David Hildenbrand) - memory-device: Refactor memory_device_pre_plug() (David Hildenbrand) - hw/i386/pc: Remove PC_MACHINE_DEVMEM_REGION_SIZE (David Hildenbrand) - hw/i386/acpi-build: Rely on machine->device_memory when building SRAT (David Hildenbrand) - hw/i386/pc: Use machine_memory_devices_init() (David Hildenbrand) - hw/loongarch/virt: Use machine_memory_devices_init() (David Hildenbrand) - hw/ppc/spapr: Use machine_memory_devices_init() (David Hildenbrand) - hw/arm/virt: Use machine_memory_devices_init() (David Hildenbrand) - memory-device: Introduce machine_memory_devices_init() (David Hildenbrand) - memory-device: Unify enabled vs. supported error messages (David Hildenbrand) - hw/scsi/scsi-disk: Disallow block sizes smaller than 512 [CVE-2023-42467] (Thomas Huth) [Orabug: 35808564] {CVE-2023-42467} - tests/qtest: ahci-test: add test exposing reset issue with pending callback (Fiona Ebner) [Orabug: 35977245] {CVE-2023-5088} - hw/ide: reset: cancel async DMA operation before resetting state (Fiona Ebner) [Orabug: 35977245] {CVE-2023-5088} [7.2.0-7.el8] - vfio/common: Probe type1 iommu dirty tracking support (Joao Martins) [Orabug: 36024839] - vfio/common: Allow disabling device dirty page tracking (Joao Martins) [Orabug: 36024839] [7.2.0-6.el8] - hw/smbios: Fix core count in type4 (Zhao Liu) [Orabug: 35869694] - hw/smbios: Fix thread count in type4 (Zhao Liu) [Orabug: 35869694] - hw/smbios: Fix smbios_smp_sockets caculation (Zhao Liu) [Orabug: 35869694] - machine: Add helpers to get cores/threads per socket (Zhao Liu) [Orabug: 35869694] - migration/multifd: Move load_cleanup inside incoming_state_destroy (Leonardo Bras) [Orabug: 35829153] - migration/multifd: Join all multifd threads in order to avoid leaks (Leonardo Bras) [Orabug: 35829153] - migration/multifd: Remove unnecessary assignment on multifd_load_cleanup() (Leonardo Bras) [Orabug: 35829153] - migration/multifd: Change multifd_load_cleanup() signature and usage (Leonardo Bras) [Orabug: 35829153] - vfio/migration: Block VFIO migration with background snapshot (Avihai Horon) - vfio/migration: Block VFIO migration with postcopy migration (Avihai Horon) - migration: Add .save_prepare() handler to struct SaveVMHandlers (Avihai Horon) - migration: Move more initializations to migrate_init() (Avihai Horon) - vfio/migration: Fail adding device with enable-migration=on and existing blocker (Avihai Horon) - migration: Add migration prefix to functions in target.c (Avihai Horon) - vfio/migration: Allow migration of multiple P2P supporting devices (Avihai Horon) - vfio/migration: Add P2P support for VFIO migration (Avihai Horon) - vfio/migration: Refactor PRE_COPY and RUNNING state checks (Joao Martins) - qdev: Add qdev_add_vm_change_state_handler_full() (Avihai Horon) - sysemu: Add prepare callback to struct VMChangeStateEntry (Avihai Horon) - vfio/migration: Move from STOP_COPY to STOP in vfio_save_cleanup() (Avihai Horon) - hw/vfio: Add number of dirty pages to vfio_get_dirty_bitmap tracepoint (Joao Martins) - exec/ram_addr: Return number of dirty pages in cpu_physical_memory_set_dirty_lebitmap() (Joao Martins) - migration: fix populate_vfio_info (Steve Sistare) - vfio/migration: Revert out of tree P2P support (Joao Martins) - async: clarify usage of barriers in the polling case (Paolo Bonzini) [Orabug: 35871058] - async: update documentation of the memory barriers (Paolo Bonzini) [Orabug: 35871058] - physmem: add missing memory barrier (Paolo Bonzini) [Orabug: 35871058] - qemu-coroutine-lock: add smp_mb__after_rmw() (Paolo Bonzini) [Orabug: 35871058] - aio-wait: switch to smp_mb__after_rmw() (Paolo Bonzini) [Orabug: 35871058] - edu: add smp_mb__after_rmw() (Paolo Bonzini) [Orabug: 35871058] - qemu-thread-win32: cleanup, fix, document QemuEvent (Paolo Bonzini) [Orabug: 35871058] - qemu-thread-posix: cleanup, fix, document QemuEvent (Paolo Bonzini) [Orabug: 35871058] - qatomic: add smp_mb__before/after_rmw() (Paolo Bonzini) [Orabug: 35871058] - dump: kdump-zlib data pages not dumped with pvtime/aarch64 (Dongli Zhang) [Orabug: 35777876] - hw/smbios: fix field corruption in type 4 table (Julia Suvorova) [Orabug: 35756216] - kvm: Atomic memslot updates (David Hildenbrand) [Orabug: 35728782] - KVM: keep track of running ioctls (Emanuele Giuseppe Esposito) [Orabug: 35728782] - accel: introduce accelerator blocker API (Emanuele Giuseppe Esposito) [Orabug: 35728782] [7.2.0-5.el8] - virtio-crypto: verify src&dst buffer length for sym request (zhenwei pi) [Orabug: 35683774] {CVE-2023-3180} - io: remove io watch if TLS channel is closed during handshake (Daniel P. Berrange) [Orabug: 35683826] {CVE-2023-3354} - ui/vnc-clipboard: fix infinite loop in inflate_buffer (CVE-2023-3255) (Mauro Matteo Cascella) [Orabug: 35683770] {CVE-2023-3255} - hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330) (Thomas Huth) [Orabug: 35683817] {CVE-2023-0330} - vhost-vdpa: do not cleanup the vdpa/vhost-net structures if peer nic is present (Ani Sinha) [Orabug: 35649138] {CVE-2023-3301} - qmp-regdump: use QMP command 'query-cpus-fast' (Mark Kanda) [7.2.0-4.el8] - vfio/migration: Allow migration of multiple P2P supporting devices (Avihai Horon) - vfio/migration: Add P2P support for VFIO migration (Avihai Horon) - sysemu: Add pre VM state change callback (Avihai Horon) - vfio/migration: Refactor PRE_COPY and RUNNING state checks (Joao Martins) - vfio/common: Add an option to relax vIOMMU usage (Joao Martins) - virtio-rng-pci: fix transitional migration compat for vectors (David Alan Gilbert) [Orabug: 35595177] - virtio-rng-pci: fix migration compat for vectors (David Alan Gilbert) [Orabug: 35595177] - vfio: Fix null pointer dereference bug in vfio_bars_finalize() (Avihai Horon) - vfio/migration: Return bool type for vfio_migration_realize() (Zhenzhong Duan) - vfio/migration: Remove print of 'Migration disabled' (Zhenzhong Duan) - vfio/migration: Free resources when vfio_migration_realize fails (Zhenzhong Duan) - vfio/migration: Change vIOMMU blocker from global to per device (Zhenzhong Duan) - vfio/pci: Disable INTx in vfio_realize error path (Zhenzhong Duan) - vfio/pci: Free leaked timer in vfio_realize error path (Zhenzhong Duan) - vfio/pci: Fix a segfault in vfio_realize (Zhenzhong Duan) - vfio/migration: Make VFIO migration non-experimental (Avihai Horon) - vfio/migration: Reset bytes_transferred properly (Avihai Horon) - vfio/pci: Call vfio_prepare_kvm_msi_virq_batch() in MSI retry path (Shameer Kolothum) - vfio/migration: Add support for switchover ack capability (Avihai Horon) - vfio/migration: Add VFIO migration pre-copy support (Avihai Horon) - vfio/migration: Store VFIO migration flags in VFIOMigration (Avihai Horon) - vfio/migration: Refactor vfio_save_block() to return saved data size (Avihai Horon) - tests: Add migration switchover ack capability test (Avihai Horon) - migration: Enable switchover ack capability (Avihai Horon) - migration: Implement switchover ack logic (Avihai Horon) - migration: Add switchover ack capability (Avihai Horon) - target/i386: Add EPYC-Genoa model to support Zen 4 processor series (Babu Moger) [Orabug: 35555649] - target/i386: Add VNMI and automatic IBRS feature bits (Babu Moger) [Orabug: 35555649] - target/i386: Add missing feature bits in EPYC-Milan model (Babu Moger) [Orabug: 35555649] - target/i386: Add feature bits for CPUID_Fn80000021_EAX (Babu Moger) [Orabug: 35555649] - target/i386: Add a couple of feature bits in 8000_0008_EBX (Babu Moger) [Orabug: 35555649] - target/i386: Add new EPYC CPU versions with updated cache_info (Michael Roth) [Orabug: 35555649] - target/i386: allow versioned CPUs to specify new cache_info (Michael Roth) [Orabug: 35555649] - target/i386/kvm: get and put AMD pmu registers (Dongli Zhang) [Orabug: 35562155] - Makefile: qemu-bundle is a directory (Juan Quintela) - 9pfs: prevent opening special files (CVE-2023-2861) (Christian Schoenebeck) [Orabug: 35570017] {CVE-2023-2861} - pcie: Do not update hotplugged device power in RUN_STATE_INMIGRATE state (Annie Li) [Orabug: 33642532] - pcie: Do not set power state for some hot-plugged devices (Annie Li) [Orabug: 33642532] - pc: q35: Bump max_cpus to 1024 (Suravee Suthikulpanit) [Orabug: 35425619] [7.2.0-3.el8] - vfio/migration: Skip log_sync during migration SETUP state (Avihai Horon) - migration: fix ram_state_pending_exact() (Juan Quintela) - spec: allow have_tools 0 (Steve Sistare) - spec: allow no block device modules (Steve Sistare) - qemu-kvm.spec: fix Linux io_uring support (Mark Kanda) - hw/intc/ioapic: Update KVM routes before redelivering IRQ, on RTE update (David Woodhouse) - oslib-posix: fix uninitialized var in wait_mem_prealloc() (Mark Kanda) - vfio/migration: Rename entry points (Alex Williamson) - docs/devel: Document VFIO device dirty page tracking (Avihai Horon) - vfio/migration: Query device dirty page tracking support (Joao Martins) - vfio/migration: Block migration with vIOMMU (Joao Martins) - vfio/common: Add device dirty page bitmap sync (Joao Martins) - vfio/common: Extract code from vfio_get_dirty_bitmap() to new function (Avihai Horon) - vfio/common: Add device dirty page tracking start/stop (Joao Martins) - vfio/common: Record DMA mapped IOVA ranges (Joao Martins) - vfio/common: Add helper to consolidate iova/end calculation (Joao Martins) - vfio/common: Consolidate skip/invalid section into helper (Joao Martins) - vfio/common: Use a single tracepoint for skipped sections (Joao Martins) - vfio/common: Add helper to validate iova/end against hostwin (Joao Martins) - vfio/common: Add VFIOBitmap and alloc function (Avihai Horon) - vfio/common: Abort migration if dirty log start/stop/sync fails (Avihai Horon) - vfio/common: Fix wrong %m usages (Avihai Horon) - vfio/common: Fix error reporting in vfio_get_dirty_bitmap() (Avihai Horon) - docs/devel: Align VFIO migration docs to v2 protocol (Avihai Horon) - vfio: Alphabetize migration section of VFIO trace-events file (Avihai Horon) - vfio/migration: Remove VFIO migration protocol v1 (Avihai Horon) - vfio/migration: Implement VFIO migration protocol v2 (Avihai Horon) - vfio/migration: Rename functions/structs related to v1 protocol (Avihai Horon) - vfio/migration: Move migration v1 logic to vfio_migration_init() (Avihai Horon) - vfio/migration: Block multiple devices migration (Avihai Horon) - vfio/common: Change vfio_devices_all_running_and_saving() logic to equivalent one (Avihai Horon) - vfio/migration: Allow migration without VFIO IOMMU dirty tracking support (Avihai Horon) - vfio/migration: Fix NULL pointer dereference bug (Avihai Horon) - linux-headers: Update to v6.2-rc8 (Avihai Horon) - migration/qemu-file: Add qemu_file_get_to_fd() (Avihai Horon) - migration: Rename res_{postcopy,precopy}_only (Juan Quintela) - migration: Remove unused res_compatible (Juan Quintela) - migration: In case of postcopy, the memory ends in res_postcopy_only (Juan Quintela) - migration: I messed state_pending_exact/estimate (Juan Quintela) - linux-headers: Update to v6.1 (Peter Xu) - migration: simplify migration_iteration_run() (Juan Quintela) - migration: Remove unused threshold_size parameter (Juan Quintela) - migration: Split save_live_pending() into state_pending_* (Juan Quintela) - migration: No save_live_pending() method uses the QEMUFile parameter (Juan Quintela) - Revert 'virtio-scsi: Send 'REPORTED LUNS CHANGED' sense data upon disk hotplug events' (Karl Heubaum) [Orabug: 35161059] - oslib-posix: initialize backend memory objects in parallel (Mark Kanda) [Orabug: 32555402] - oslib-posix: refactor memory prealloc threads (Mark Kanda) [Orabug: 32555402] - qemu-kvm.spec: vhost-user is conditional (Steve Sistare) - qemu-kvm.spec: libseccomp is conditional (Steve Sistare) [7.2.0-1.el8] - vl: Add an -action option to override MCE handling (Mark Kanda) - hw/arm/virt: build SMBIOS 19 table (Mihai Carabas) - virtio-net-pci: Don't use 'efi-virtio.rom' on AArch64 (Mark Kanda) - migration: increase listening socket backlog (Elena Ufimtseva) - virtio: Set PCI subsystem vendor ID to Oracle (Karl Heubaum) - Update to QEMU 7.2.0 (Karl Heubaum) [6.1.1-4.el8] - display/qxl-render: fix race condition in qxl_cursor (CVE-2021-4207) (Mauro Matteo Cascella) [Orabug: 34591445] {CVE-2021-4207} - ui/cursor: fix integer overflow in cursor_alloc (CVE-2021-4206) (Mauro Matteo Cascella) [Orabug: 34591281] {CVE-2021-4206} - scsi/lsi53c895a: really fix use-after-free in lsi_do_msgout (CVE-2022-0216) (Mauro Matteo Cascella) [Orabug: 34590706] {CVE-2022-0216} - scsi/lsi53c895a: fix use-after-free in lsi_do_msgout (CVE-2022-0216) (Mauro Matteo Cascella) [Orabug: 34590706] {CVE-2022-0216} - tests/qtest: Add fuzz-lsi53c895a-test (Philippe Mathieu-Daude) [Orabug: 34590706] {CVE-2022-0216} - hw/scsi/lsi53c895a: Do not abort when DMA requested and no data queued (Philippe Mathieu-Daude) [Orabug: 34590706] {CVE-2022-0216} - virtio-net: fix map leaking on error during receive (Jason Wang) [Orabug: 34538375] {CVE-2022-26353} - vfio: defer to commit kvm irq routing when enable msi/msix (Mike Longpeng) [Orabug: 34528963] - Revert 'vfio: Avoid disabling and enabling vectors repeatedly in VFIO migration' (Mike Longpeng) [Orabug: 34528963] - vfio: simplify the failure path in vfio_msi_enable (Mike Longpeng) [Orabug: 34528963] - vfio: move re-enabling INTX out of the common helper (Mike Longpeng) [Orabug: 34528963] - vfio: simplify the conditional statements in vfio_msi_enable (Mike Longpeng) [Orabug: 34528963] - kvm/msi: do explicit commit when adding msi routes (Mike Longpeng) [Orabug: 34528963] - kvm-irqchip: introduce new API to support route change (Mike Longpeng) [Orabug: 34528963] - event_notifier: handle initialization failure better (Maxim Levitsky) [Orabug: 34528963] - virtio-net: don't handle mq request in userspace handler for vhost-vdpa (Si-Wei Liu) - vhost-vdpa: change name and polarity for vhost_vdpa_one_time_request() (Si-Wei Liu) - vhost-vdpa: backend feature should set only once (Si-Wei Liu) - vhost-net: fix improper cleanup in vhost_net_start (Si-Wei Liu) - vhost-vdpa: fix improper cleanup in net_init_vhost_vdpa (Si-Wei Liu) - virtio-net: align ctrl_vq index for non-mq guest for vhost_vdpa (Si-Wei Liu) - virtio-net: setup vhost_dev and notifiers for cvq only when feature is negotiated (Si-Wei Liu) - virtio: fix the condition for iommu_platform not supported (Halil Pasic) - vdpa: Make ncs autofree (Eugenio Perez) - vhost-vdpa: make notifiers _init()/_uninit() symmetric (Laurent Vivier) - hw/virtio: vdpa: Fix leak of host-notifier memory-region (Laurent Vivier) - vhost-vdpa: stick to -errno error return convention (Roman Kagan) - vdpa: Add dummy receive callback (Eugenio Perez) - vdpa: Check for existence of opts.vhostdev (Eugenio Perez) - vdpa: Replace qemu_open_old by qemu_open at (Eugenio Perez) - vhost: Fix last vq queue index of devices with no cvq (Eugenio Perez) - vhost: Rename last_index to vq_index_end (Eugenio Perez) - net/vhost-vdpa: fix memory leak in vhost_vdpa_get_max_queue_pairs() (Stefano Garzarella) - vhost-vdpa: Set discarding of RAM broken when initializing the backend (David Hildenbrand) - vhost-vdpa: multiqueue support (Jason Wang) - virtio-net: vhost control virtqueue support (Jason Wang) - vhost: record the last virtqueue index for the virtio device (Jason Wang) - virtio-net: use 'queue_pairs' instead of 'queues' when possible (Jason Wang) - vhost-net: control virtqueue support (Jason Wang) - net: introduce control client (Jason Wang) - vhost-vdpa: let net_vhost_vdpa_init() returns NetClientState * (Jason Wang) - vhost-vdpa: prepare for the multiqueue support (Jason Wang) - vhost-vdpa: classify one time request (Jason Wang) - vhost-vdpa: open device fd in net_init_vhost_vdpa() (Jason Wang) - vdpa: Check for iova range at mappings changes (Eugenio Perez) - vdpa: Add vhost_vdpa_section_end (Eugenio Perez) - net/vhost-vdpa: Fix device compatibility check (Kevin Wolf) - net/vhost-user: Fix device compatibility check (Kevin Wolf) - net: Introduce NetClientInfo.check_peer_type() (Kevin Wolf) - memory: Name all the memory listeners (Peter Xu) - vhost-vdpa: remove the unncessary queue_index assignment (Jason Wang) - vhost-vdpa: fix the wrong assertion in vhost_vdpa_init() (Jason Wang) - vhost-vdpa: tweak the error label in vhost_vdpa_add() (Jason Wang) - vhost-vdpa: fix leaking of vhost_net in vhost_vdpa_add() (Jason Wang) - vhost-vdpa: don't cleanup twice in vhost_vdpa_add() (Jason Wang) - vhost-vdpa: remove the unnecessary check in vhost_vdpa_add() (Jason Wang) - vhost_net: do not assume nvqs is always 2 (Jason Wang) - vhost: use unsigned int for nvqs (Jason Wang) - vhost_net: remove the meaningless assignment in vhost_net_start_one() (Jason Wang) - vhost-vdpa: correctly return err in vhost_vdpa_set_backend_cap() (Jason Wang) - vhost-vdpa: remove unused variable 'acked_features' (Jason Wang) - vhost: correctly detect the enabling IOMMU (Jason Wang) - virtio-pci: implement iommu_enabled() (Jason Wang) - virtio-bus: introduce iommu_enabled() (Jason Wang) - hw/virtio: Fix leak of host-notifier memory-region (Yajun Wu) - vhost-vdpa: Do not send empty IOTLB update batches (Eugenio Perez) - target/i386/kvm: Fix disabling MPX on '-cpu host' with MPX-capable host (Maciej S. Szmigiero) [Orabug: 33528615] [6.1.1-3.el8] - acpi: pcihp: pcie: set power on cap on parent slot (Igor Mammedov) [Orabug: 33984018] [Orabug: 33995665] - pcie: expire pending delete (Gerd Hoffmann) [Orabug: 33984018] [Orabug: 33995665] - pcie: fast unplug when slot power is off (Gerd Hoffmann) [Orabug: 33984018] [Orabug: 33995665] - pcie: factor out pcie_cap_slot_unplug() (Gerd Hoffmann) [Orabug: 33984018] [Orabug: 33995665] - pcie: add power indicator blink check (Gerd Hoffmann) [Orabug: 33984018] [Orabug: 33995665] - pcie: implement slot power control for pcie root ports (Gerd Hoffmann) [Orabug: 33984018] [Orabug: 33995665] - pci: implement power state (Gerd Hoffmann) [Orabug: 33984018] [Orabug: 33995665] - tests: bios-tables-test update expected blobs (Igor Mammedov) [Orabug: 33984018] [Orabug: 33995665] - hw/i386/acpi-build: Deny control on PCIe Native Hot-plug in _OSC (Julia Suvorova) [Orabug: 33984018] [Orabug: 33995665] - bios-tables-test: Allow changes in DSDT ACPI tables (Julia Suvorova) [Orabug: 33984018] [Orabug: 33995665] - hw/acpi/ich9: Add compat prop to keep HPC bit set for 6.1 machine type (Julia Suvorova) [Orabug: 33984018] [Orabug: 33995665] [6.1.1-2.el8] - vhost-vsock: detach the virqueue element in case of error (Stefano Garzarella) [Orabug: 33941752] {CVE-2022-26354} - qemu_regdump.py/qmp-regdump: Switch to Python 3 (Karl Heubaum) - block/mirror: fix NULL pointer dereference in mirror_wait_on_conflicts() (Stefano Garzarella) [Orabug: 33916572] {CVE-2021-4145} [6.1.1-1.el8] - virtio-net-pci: Don't use 'efi-virtio.rom' on AArch64 (Mark Kanda) - migration: increase listening socket backlog (Elena Ufimtseva) - virtio: Set PCI subsystem vendor ID to Oracle (Karl Heubaum) - virtiofsd: Drop membership of all supplementary groups (CVE-2022-0358) (Vivek Goyal) [Orabug: 33816690] {CVE-2022-0358} - acpi: validate hotplug selector on access (Michael S. Tsirkin) [Orabug: 33816625] {CVE-2021-4158} - Update to QEMU 6.1.1 (Karl Heubaum) [4.2.1.15.el8] - qemu-kvm.spec: Add support for reading vmdk, vhdx, vpc, https, and ssh disk image formats from qemu-kvm (Karl Heubaum) [Orabug: 33741340] - Document CVE-2021-4158 and CVE-2021-3947 as fixed (Mark Kanda) [Orabug: 33719302] [Orabug: 33754145] {CVE-2021-4158} {CVE-2021-3947} - hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196 (Philippe Mathieu-Daude) [Orabug: 32439466] {CVE-2021-20196} - hw/block/fdc: Extract blk_create_empty_drive() (Philippe Mathieu-Daude) [Orabug: 32439466] {CVE-2021-20196} - net: vmxnet3: validate configuration values during activate (CVE-2021-20203) (Prasad J Pandit) [Orabug: 32559476] {CVE-2021-20203} - lan9118: switch to use qemu_receive_packet() for loopback (Alexander Bulekov) [Orabug: 32560540] {CVE-2021-3416} - pcnet: switch to use qemu_receive_packet() for loopback (Alexander Bulekov) [Orabug: 32560540] {CVE-2021-3416} - rtl8139: switch to use qemu_receive_packet() for loopback (Alexander Bulekov) [Orabug: 32560540] {CVE-2021-3416} - tx_pkt: switch to use qemu_receive_packet_iov() for loopback (Jason Wang) [Orabug: 32560540] {CVE-2021-3416} - sungem: switch to use qemu_receive_packet() for loopback (Jason Wang) [Orabug: 32560540] {CVE-2021-3416} - dp8393x: switch to use qemu_receive_packet() for loopback packet (Jason Wang) [Orabug: 32560540] {CVE-2021-3416} - e1000: switch to use qemu_receive_packet() for loopback (Jason Wang) [Orabug: 32560540] {CVE-2021-3416} - net: introduce qemu_receive_packet() (Jason Wang) [Orabug: 32560540] {CVE-2021-3416} - target/i386: Populate x86_ext_save_areas offsets using cpuid where possible (Paolo Bonzini) - target/i386: Observe XSAVE state area offsets (Paolo Bonzini) - target/i386: Make x86_ext_save_areas visible outside cpu.c (Paolo Bonzini) - target/i386: Pass buffer and length to XSAVE helper (Paolo Bonzini) - target/i386: Clarify the padding requirements of X86XSaveArea (Paolo Bonzini) - target/i386: Consolidate the X86XSaveArea offset checks (Paolo Bonzini) - target/i386: Declare constants for XSAVE offsets (Paolo Bonzini) [4.2.1-14.el8] - scsi: fix sense code for EREMOTEIO (Paolo Bonzini) [Orabug: 33537443] - scsi: move host_status handling into SCSI drivers (Hannes Reinecke) [Orabug: 33537443] - scsi: inline sg_io_sense_from_errno() into the callers (Hannes Reinecke) [Orabug: 33537443] - scsi-generic: do not snoop the output of failed commands (Paolo Bonzini) [Orabug: 33537443] - scsi: Add mapping for generic SCSI_HOST status to sense codes (Hannes Reinecke) [Orabug: 33537443] - scsi: Rename linux-specific SG_ERR codes to generic SCSI_HOST error codes (Hannes Reinecke) [Orabug: 33537443] - scsi: drop 'result' argument from command_complete callback (Hannes Reinecke) [Orabug: 33537443] - scsi-disk: pass guest recoverable errors through even for rerror=stop (Paolo Bonzini) [Orabug: 33537443] - scsi-disk: pass SCSI status to scsi_handle_rw_error (Paolo Bonzini) [Orabug: 33537443] - scsi: introduce scsi_sense_from_errno() (Paolo Bonzini) [Orabug: 33537443] - scsi-disk: do not complete requests early for rerror/werror=ignore (Paolo Bonzini) [Orabug: 33537443] - scsi-disk: move scsi_handle_rw_error earlier (Paolo Bonzini) [Orabug: 33537443] - scsi-disk: convert more errno values back to SCSI statuses (Paolo Bonzini) [Orabug: 33537443] [4.2.1-13.el8] - pcie: Do not set power state for some hot-plugged devices (Annie Li) [Orabug: 33642532] [4.2.1-12.1.el8] - Update slirp to address various CVEs (Mark Kanda) [Orabug: 32208456] [Orabug: 33014409] [Orabug: 33014414] [Orabug: 33014417] [Orabug: 33014420] {CVE-2020-29129} {CVE-2020-29130} {CVE-2021-3592} {CVE-2021-3593} {CVE-2021-3594} {CVE-2021-3595} - hw/pflash_cfi01: Allow backing devices to be smaller than memory region (David Edmondson) - pcie: expire pending delete (Gerd Hoffmann) [Orabug: 33450706] - pcie: fast unplug when slot power is off (Gerd Hoffmann) [Orabug: 33450706] - pcie: factor out pcie_cap_slot_unplug() (Gerd Hoffmann) [Orabug: 33450706] - pcie: add power indicator blink check (Gerd Hoffmann) [Orabug: 33450706] - pcie: implement slot power control for pcie root ports (Gerd Hoffmann) [Orabug: 33450706] - pci: implement power state (Gerd Hoffmann) [Orabug: 33450706] - hw/pci/pcie: Move hot plug capability check to pre_plug callback (Julia Suvorova) [Orabug: 33450706] - hw/pci/pcie: Replace PCI_DEVICE() casts with existing variable (Julia Suvorova) [Orabug: 33450706] - hw/pci/pcie: Forbid hot-plug if it's disabled on the slot (Julia Suvorova) [Orabug: 33450706] - pcie_root_port: Add hotplug disabling option (Julia Suvorova) [Orabug: 33450706] - qdev-monitor: Forbid repeated device_del (Julia Suvorova) [Orabug: 33450706] - i386:acpi: Remove _HID from the SMBus ACPI entry (Corey Minyard) - uas: add stream number sanity checks (Gerd Hoffmann) [Orabug: 33280793] {CVE-2021-3713} - usbredir: fix free call (Gerd Hoffmann) [Orabug: 33198441] {CVE-2021-3682} - hw/scsi/scsi-disk: MODE_PAGE_ALLS not allowed in MODE SELECT commands (Mauro Matteo Cascella) [Orabug: 33548490] {CVE-2021-3930} - e1000: fix tx re-entrancy problem (Jon Maloy) [Orabug: 32560552] {CVE-2021-20257} - virtio-net-pci: Don't use 'efi-virtio.rom' on AArch64 (Mark Kanda) [Orabug: 33537594] - MAINTAINERS: Add ACPI/HEST/GHES entries (Dongjiu Geng) - target-arm: kvm64: handle SIGBUS signal from kernel or KVM (Dongjiu Geng) - ACPI: Record Generic Error Status Block(GESB) table (Dongjiu Geng) - KVM: Move hwpoison page related functions into kvm-all.c (Dongjiu Geng) - ACPI: Record the Generic Error Status Block address (Dongjiu Geng) - ACPI: Build Hardware Error Source Table (Dongjiu Geng) - ACPI: Build related register address fields via hardware error fw_cfg blob (Dongjiu Geng) - docs: APEI GHES generation and CPER record description (Dongjiu Geng) - hw/arm/virt: Introduce a RAS machine option (Dongjiu Geng) - acpi: nvdimm: change NVDIMM_UUID_LE to a common macro (Dongjiu Geng) - block/curl: HTTP header field names are case insensitive (David Edmondson) [Orabug: 33287589] - block/curl: HTTP header fields allow whitespace around values (David Edmondson) [Orabug: 33287589] [4.2.1-11.el8] - trace: use STAP_SDT_V2 to work around symbol visibility (Stefan Hajnoczi) [Orabug: 33272428] [4.2.1-11.el8] - pvrdma: Fix the ring init error flow (Marcel Apfelbaum) [Orabug: 33120142] {CVE-2021-3608} - pvrdma: Ensure correct input on ring init (Marcel Apfelbaum) [Orabug: 33120146] {CVE-2021-3607} - hw/rdma: Fix possible mremap overflow in the pvrdma device (Marcel Apfelbaum) [Orabug: 33120084] {CVE-2021-3582} - vhost-user-gpu: reorder free calls (Gerd Hoffmann) [Orabug: 32950701] {CVE-2021-3544} - vhost-user-gpu: abstract vg_cleanup_mapping_iov (Li Qiang) [Orabug: 32950716] {CVE-2021-3546} - vhost-user-gpu: fix OOB write in 'virgl_cmd_get_capset' (Li Qiang) [Orabug: 32950716] {CVE-2021-3546} - vhost-user-gpu: fix memory leak in 'virgl_resource_attach_backing' (Li Qiang) [Orabug: 32950701] {CVE-2021-3544} - vhost-user-gpu: fix memory leak in 'virgl_cmd_resource_unref' (Li Qiang) [Orabug: 32950701] {CVE-2021-3544} - vhost-user-gpu: fix memory leak while calling 'vg_resource_unref' (Li Qiang) [Orabug: 32950701] {CVE-2021-3544} - vhost-user-gpu: fix memory leak in vg_resource_attach_backing (Li Qiang) [Orabug: 32950701] {CVE-2021-3544} - vhost-user-gpu: fix resource leak in 'vg_resource_create_2d' (Li Qiang) [Orabug: 32950701] {CVE-2021-3544} - vhost-user-gpu: fix memory disclosure in virgl_cmd_get_capset_info (Li Qiang) [Orabug: 32950708] {CVE-2021-3545} - usb: limit combined packets to 1 MiB (Gerd Hoffmann) [Orabug: 32842778] {CVE-2021-3527} - usb/redir: avoid dynamic stack allocation (Gerd Hoffmann) [Orabug: 32842778] {CVE-2021-3527} - mptsas: Remove unused MPTSASState 'pending' field (Michael Tokarev) [Orabug: 32470463] {CVE-2021-3392} - oslib-posix: initialize backend memory objects in parallel (Mark Kanda) [Orabug: 32555402] - oslib-posix: refactor memory prealloc threads (Mark Kanda) [Orabug: 32555402] [4.2.1-10.el8] - e1000: fail early for evil descriptor (Jason Wang) [Orabug: 32560552] {CVE-2021-20257} - Document CVE-2020-27661 as fixed (Mark Kanda) [Orabug: 32960200] {CVE-2020-27661} - block: Avoid stale pointer dereference in blk_get_aio_context() (Greg Kurz) - block: Fix blk->in_flight during blk_wait_while_drained() (Kevin Wolf) - block: Increase BB.in_flight for coroutine and sync interfaces (Kevin Wolf) - block-backend: Reorder flush/pdiscard function definitions (Kevin Wolf) - i386/pc: let iterator handle regions below 4G (Joao Martins) - arm/virt: Add memory hot remove support (Shameer Kolothum) [Orabug: 32643506] - i386/pc: consolidate usable iova iteration (Joao Martins) - i386/acpi: fix SRAT ranges in accordance to usable IOVA (Joao Martins) - migration: increase listening socket backlog (Elena Ufimtseva) - multifd: Make multifd_save_setup() get an Error parameter (Juan Quintela) - multifd: Make multifd_load_setup() get an Error parameter (Juan Quintela) - migration: fix maybe-uninitialized warning (Marc-Andre Lureau) - migration: Fix the re-run check of the migrate-incoming command (Yury Kotov) - multifd: Initialize local variable (Juan Quintela) - multifd: Be consistent about using uint64_t (Juan Quintela) - Bug #1829242 correction. (Alexey Romko) - migration/multifd: fix destroyed mutex access in terminating multifd threads (Jiahui Cen) - migration/multifd: fix nullptr access in terminating multifd threads (Jiahui Cen) - migration/multifd: not use multifd during postcopy (Wei Yang) - migration/multifd: clean pages after filling packet (Wei Yang) - migration: Make sure that we don't call write() in case of error (Juan Quintela) - migration: fix multifd_send_pages() next channel (Laurent Vivier) - migration/multifd: bypass uuid check for initial packet (Elena Ufimtseva) [Orabug: 32610480] - migration/tls: add error handling in multifd_tls_handshake_thread (Hao Wang) - migration/tls: fix inverted semantics in multifd_channel_connect (Hao Wang) - migration/multifd: do not access uninitialized multifd_recv_state (Elena Ufimtseva) [Orabug: 32795384] - io/channel-tls.c: make qio_channel_tls_shutdown thread-safe (Lukas Straub) - qemu.spec: Enable qemu-guest-agent RPM for OL7 (Karl Heubaum) [Orabug: 32415543] - virtio-net: Set mac address to hardware if the peer is vdpa (Cindy Lu) - net: Add vhost-vdpa in show_netdevs() (Cindy Lu) - vhost-vdpa: Add qemu_close in vhost_vdpa_cleanup (Cindy Lu) - hw/virtio/vhost-vdpa: Fix Coverity CID 1432864 (Philippe Mathieu-Daude) - vhost-vdpa: negotiate VIRTIO_NET_F_STATUS with driver (Si-Wei Liu) - configure: Fix build dependencies with vhost-vdpa. (Laurent Vivier) - configure: simplify vhost condition with Kconfig (Marc-Andre Lureau) - vhost-vdpa: add trace-events (Laurent Vivier) - dma/pl330: Fix qemu_hexdump() usage in pl330.c (Mark Kanda) - util/hexdump: introduce qemu_hexdump_line() (Laurent Vivier) - util/hexdump: Reorder qemu_hexdump() arguments (Philippe Mathieu-Daude) - util/hexdump: Convert to take a void pointer argument (Philippe Mathieu-Daude) - net/colo-compare.c: Only hexdump packets if tracing is enabled (Lukas Straub) - vhost-vdpa: batch updating IOTLB mappings (Jason Wang) - vhost: switch to use IOTLB v2 format (Jason Wang) - vhost-vdpa: remove useless variable (Laurent Vivier) - virtio: vdpa: omit check return of g_malloc (Li Qiang) - vhost-vdpa: fix indentation in vdpa_ops (Stefano Garzarella) - virtio-net: check the existence of peer before accessing vDPA config (Jason Wang) - virtio-pci: fix wrong index in virtio_pci_queue_enabled (Yuri Benditovich) - virtio-pci: fix virtio_pci_queue_enabled() (Laurent Vivier) - vhost-vdpa :Fix Coverity CID 1430270 / CID 1420267 (Cindy Lu) - vhost-vdpa: fix the compile issue without kvm (Cindy Lu) - vhost-vdpa: introduce vhost-vdpa net client (Cindy Lu) - vhost-vdpa: introduce vhost-vdpa backend (Cindy Lu) - linux headers: sync to 5.9-rc4 (Jason Wang) - Linux headers: update (Cornelia Huck) - virtio-net: fix rsc_ext compat handling (Cornelia Huck) - linux-headers: update against Linux 5.7-rc3 (Cornelia Huck) - linux-headers: update (Cornelia Huck) - virtiofsd: Pull in kernel's fuse.h (Dr. David Alan Gilbert) - linux-headers: Update (Bharata B Rao) - linux-headers: Update (Greg Kurz) - vhost_net: introduce set_config & get_config (Cindy Lu) - vhost: implement vhost_force_iommu method (Cindy Lu) - vhost: introduce new VhostOps vhost_force_iommu (Cindy Lu) - vhost: implement vhost_vq_get_addr method (Cindy Lu) - vhost: introduce new VhostOps vhost_vq_get_addr (Cindy Lu) - vhost: implement vhost_dev_start method (Cindy Lu) - vhost: introduce new VhostOps vhost_dev_start (Cindy Lu) - vhost: check the existence of vhost_set_iotlb_callback (Jason Wang) - virtio-pci: implement queue_enabled method (Jason Wang) - virtio-bus: introduce queue_enabled method (Jason Wang) - vhost_net: use the function qemu_get_peer (Cindy Lu) - net: introduce qemu_get_peer (Cindy Lu) - vhost: correctly turn on VIRTIO_F_IOMMU_PLATFORM (Jason Wang) - imx7-ccm: add digprog mmio write method (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469} - tz-ppc: add dummy read/write methods (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469} - spapr_pci: add spapr msi read method (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469} - nvram: add nrf51_soc flash read method (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469} - prep: add ppc-parity write method (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469} - vfio: add quirk device write method (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469} - pci-host: designware: add pcie-msi read method (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469} - hw/pci-host: add pci-intack write method (Prasad J Pandit) [Orabug: 31576552] {CVE-2020-15469} - oslib-posix: take lock before qemu_cond_broadcast (Bauerchen) [Orabug: 32555402] - oslib-posix: initialize mutex and condition variable (Paolo Bonzini) [Orabug: 32555402] - mem-prealloc: optimize large guest startup (Bauerchen) [Orabug: 32555402] - i386: Add the support for AMD EPYC 3rd generation processors (Babu Moger) - acpi: cpuhp: document CPHP_GET_CPU_ID_CMD command (Igor Mammedov) - acpi: cpuhp: add CPHP_GET_CPU_ID_CMD command (Igor Mammedov) - acpi: cpuhp: spec: add typical usecases (Igor Mammedov) - acpi: cpuhp: spec: clarify store into 'Command data' when 'Command field' == 0 (Igor Mammedov) - acpi: cpuhp: spec: fix 'Command data' description (Igor Mammedov) - acpi: cpuhp: spec: clarify 'CPU selector' register usage and endianness (Igor Mammedov) - acpi: cpuhp: introduce 'Command data 2' field (Igor Mammedov) - x86: ich9: let firmware negotiate 'CPU hot-unplug with SMI' feature (Igor Mammedov) - x86: ich9: factor out 'guest_cpu_hotplug_features' (Igor Mammedov) - x86: acpi: let the firmware handle pending 'CPU remove' events in SMM (Igor Mammedov) - x86: acpi: introduce AcpiPmInfo::smi_on_cpu_unplug (Igor Mammedov) - acpi: cpuhp: introduce 'firmware performs eject' status/control bits (Igor Mammedov) - x68: acpi: trigger SMI before sending hotplug Notify event to OSPM (Igor Mammedov) - x86: acpi: introduce the PCI0.SMI0 ACPI device (Igor Mammedov) - x86: acpi: introduce AcpiPmInfo::smi_on_cpuhp (Igor Mammedov) - x86: ich9: expose 'smi_negotiated_features' as a QOM property (Igor Mammedov) - tests: acpi: mark to be changed tables in bios-tables-test-allowed-diff (Igor Mammedov) - acpi: add aml_land() and aml_break() primitives (Igor Mammedov) - x86: cpuhp: refuse cpu hot-unplug request earlier if not supported (Igor Mammedov) - x86: cpuhp: prevent guest crash on CPU hotplug when broadcast SMI is in use (Igor Mammedov) - x86: lpc9: let firmware negotiate 'CPU hotplug with SMI' features (Igor Mammedov) - q35: implement 128K SMRAM at default SMBASE address (Igor Mammedov) - hw/intc/arm_gic: Fix interrupt ID in GICD_SGIR register (Philippe Mathieu-Daude) [Orabug: 32470471] {CVE-2021-20221} - memory: clamp cached translation in case it points to an MMIO region (Paolo Bonzini) [Orabug: 32252673] {CVE-2020-27821} - hw/sd/sdhci: Fix DMA Transfer Block Size field (Philippe Mathieu-Daude) [Orabug: 32613470] {CVE-2021-3409} [4.2.1-6.el8] - i386/pc: Keep PCI 64-bit hole within usable IOVA space (Joao Martins) - pc/cmos: Adjust CMOS above 4G memory size according to 1Tb boundary (Joao Martins) - i386/pc: Round up the hotpluggable memory within valid IOVA ranges (Joao Martins) - i386/pc: Account IOVA reserved ranges above 4G boundary (Joao Martins) [4.2.1-5.el8] - hostmem: fix default 'prealloc-threads' count (Mark Kanda) - hostmem: introduce 'prealloc-threads' property (Igor Mammedov) - qom: introduce object_register_sugar_prop (Paolo Bonzini) - migration/multifd: Do error_free after migrate_set_error to avoid memleaks (Pan Nengyuan) - multifd/tls: fix memoryleak of the QIOChannelSocket object when cancelling migration (Chuan Zheng) - migration/multifd: fix hangup with TLS-Multifd due to blocking handshake (Chuan Zheng) - migration/tls: add trace points for multifd-tls (Chuan Zheng) - migration/tls: add support for multifd tls-handshake (Chuan Zheng) - migration/tls: extract cleanup function for common-use (Chuan Zheng) - migration/multifd: fix memleaks in multifd_new_send_channel_async (Pan Nengyuan) - migration/multifd: fix nullptr access in multifd_send_terminate_threads (Zhimin Feng) - migration/tls: add tls_hostname into MultiFDSendParams (Chuan Zheng) - migration/tls: extract migration_tls_client_create for common-use (Chuan Zheng) - migration/tls: save hostname into MigrationState (Chuan Zheng) - tests/qtest: add a test case for pvpanic-pci (Mihai Carabas) - pvpanic : update pvpanic spec document (Mihai Carabas) - hw/misc/pvpanic: add PCI interface support (Mihai Carabas) - hw/misc/pvpanic: split-out generic and bus dependent code (Mihai Carabas) - qemu-img: Add --target-is-zero to convert (David Edmondson) - 9pfs: Fully restart unreclaim loop (CVE-2021-20181) (Greg Kurz) [Orabug: 32441198] {CVE-2021-20181} - ide: atapi: check logical block address and read size (CVE-2020-29443) (Prasad J Pandit) [Orabug: 32393835] {CVE-2020-29443} - Document CVE-2019-20808 as fixed (Mark Kanda) [Orabug: 32339196] {CVE-2019-20808} - block/iscsi:fix heap-buffer-overflow in iscsi_aio_ioctl_cb (Chen Qun) [Orabug: 32339207] {CVE-2020-11947} - net: remove an assert call in eth_get_gso_type (Prasad J Pandit) [Orabug: 32102583] {CVE-2020-27617} - nvdimm: honor -object memory-backend-file, readonly=on option (Stefan Hajnoczi) [Orabug: 32265408] - hostmem-file: add readonly=on|off option (Stefan Hajnoczi) [Orabug: 32265408] - memory: add readonly support to memory_region_init_ram_from_file() (Stefan Hajnoczi) [Orabug: 32265408] [4.2.1-4.el8] - Document CVE-2020-25723 as fixed (Mark Kanda) [Orabug: 32222397] {CVE-2020-25723} - hw/net/e1000e: advance desc_offset in case of null descriptor (Prasad J Pandit) [Orabug: 32217517] {CVE-2020-28916} - i386: Add 2nd Generation AMD EPYC processors (Babu Moger) [Orabug: 32217570] - libslirp: Update version to include CVE fixes (Mark Kanda) [Orabug: 32208456] [Orabug: 32208462] {CVE-2020-29129} {CVE-2020-29130} - Document CVE-2020-25624 as fixed (Mark Kanda) [Orabug: 32212527] {CVE-2020-25624} - pvpanic: Advertise the PVPANIC_CRASHLOADED event support (Paolo Bonzini) [Orabug: 32102853] - ati: check x y display parameter values (Prasad J Pandit) [Orabug: 32108251] {CVE-2020-27616} - Add AArch64 support for QMP regdump tool and sosreport plugin (Mark Kanda) [Orabug: 32080658] - Add qemu_regdump sosreport plugin support for '-mon' QMP sockets (Mark Kanda) - migration/dirtyrate: present dirty rate only when querying the rate has completed (Chuan Zheng) - migration/dirtyrate: record start_time and calc_time while at the measuring state (Chuan Zheng) - migration/dirtyrate: Add trace_calls to make it easier to debug (Chuan Zheng) - migration/dirtyrate: Implement qmp_cal_dirty_rate()/qmp_get_dirty_rate() function (Chuan Zheng) - migration/dirtyrate: Implement calculate_dirtyrate() function (Chuan Zheng) - migration/dirtyrate: Implement set_sample_page_period() and is_sample_period_valid() (Chuan Zheng) - migration/dirtyrate: skip sampling ramblock with size below MIN_RAMBLOCK_SIZE (Chuan Zheng) - migration/dirtyrate: Compare page hash results for recorded sampled page (Chuan Zheng) - migration/dirtyrate: Record hash results for each sampled page (Chuan Zheng) - migration/dirtyrate: move RAMBLOCK_FOREACH_MIGRATABLE into ram.h (Chuan Zheng) - migration/dirtyrate: Add dirtyrate statistics series functions (Chuan Zheng) - migration/dirtyrate: Add RamblockDirtyInfo to store sampled page info (Chuan Zheng) - migration/dirtyrate: add DirtyRateStatus to denote calculation status (Chuan Zheng) - migration/dirtyrate: setup up query-dirtyrate framwork (Chuan Zheng) - ram_addr: Split RAMBlock definition (Juan Quintela) [4.2.1-3.el8] - qemu-kvm.spec: Install block storage module RPMs by default (Karl Heubaum) [Orabug: 31943789] - qemu-kvm.spec: Enable block-ssh module RPM (Karl Heubaum) [Orabug: 31943763] - hw: usb: hcd-ohci: check for processed TD before retire (Prasad J Pandit) [Orabug: 31901690] {CVE-2020-25625} - hw: usb: hcd-ohci: check len and frame_number variables (Prasad J Pandit) [Orabug: 31901690] {CVE-2020-25625} - hw: ehci: check return value of 'usb_packet_map' (Li Qiang) [Orabug: 31901649] {CVE-2020-25084} - hw: xhci: check return value of 'usb_packet_map' (Li Qiang) [Orabug: 31901649] {CVE-2020-25084} - usb: fix setup_len init (CVE-2020-14364) (Gerd Hoffmann) [Orabug: 31848849] {CVE-2020-14364} - Document CVE-2020-12829 and CVE-2020-14415 as fixed (Mark Kanda) [Orabug: 31855502] [Orabug: 31855427] {CVE-2020-12829} {CVE-2020-14415} [4.2.1-2.el8] - hw/net/xgmac: Fix buffer overflow in xgmac_enet_send() (Mauro Matteo Cascella) [Orabug: 31667649] {CVE-2020-15863} - hw/net/net_tx_pkt: fix assertion failure in net_tx_pkt_add_raw_fragment() (Mauro Matteo Cascella) [Orabug: 31737809] {CVE-2020-16092} - migration: fix memory leak in qmp_migrate_set_parameters (Zheng Chuan) [Orabug: 31806256] - virtio-net: fix removal of failover device (Juan Quintela) [Orabug: 31806255] - pvpanic: introduce crashloaded for pvpanic (zhenwei pi) [Orabug: 31677154] [4.2.1-1.el8] - hw/sd/sdcard: Do not switch to ReceivingData if address is invalid (Philippe Mathieu-Daude) [Orabug: 31414336] {CVE-2020-13253} - hw/sd/sdcard: Update coding style to make checkpatch.pl happy (Philippe Mathieu-Daude) [Orabug: 31414336] - hw/sd/sdcard: Do not allow invalid SD card sizes (Philippe Mathieu-Daude) [Orabug: 31414336] {CVE-2020-13253} - hw/sd/sdcard: Simplify realize() a bit (Philippe Mathieu-Daude) [Orabug: 31414336] - hw/sd/sdcard: Restrict Class 6 commands to SCSD cards (Philippe Mathieu-Daude) [Orabug: 31414336] - libslirp: Update to v4.3.1 to fix CVE-2020-10756 (Karl Heubaum) [Orabug: 31604999] {CVE-2020-10756} - Document CVEs as fixed 2/2 (Karl Heubaum) [Orabug: 30618035] {CVE-2017-18043} {CVE-2018-10839} {CVE-2018-11806} {CVE-2018-12617} {CVE-2018-15746} {CVE-2018-16847} {CVE-2018-16867} {CVE-2018-17958} {CVE-2018-17962} {CVE-2018-17963} {CVE-2018-18849} {CVE-2018-19364} {CVE-2018-19489} {CVE-2018-3639} {CVE-2018-5683} {CVE-2018-7550} {CVE-2018-7858} {CVE-2019-12068} {CVE-2019-15034} {CVE-2019-15890} {CVE-2019-20382} {CVE-2020-10702} {CVE-2020-10761} {CVE-2020-11102} {CVE-2020-11869} {CVE-2020-13361} {CVE-2020-13765} {CVE-2020-13800} {CVE-2020-1711} {CVE-2020-1983} {CVE-2020-8608} - Document CVEs as fixed 1/2 (Karl Heubaum) [Orabug: 30618035] {CVE-2017-10806} {CVE-2017-11334} {CVE-2017-12809} {CVE-2017-13672} {CVE-2017-13673} {CVE-2017-13711} {CVE-2017-14167} {CVE-2017-15038} {CVE-2017-15119} {CVE-2017-15124} {CVE-2017-15268} {CVE-2017-15289} {CVE-2017-16845} {CVE-2017-17381} {CVE-2017-18030} {CVE-2017-2630} {CVE-2017-2633} {CVE-2017-5715} {CVE-2017-5753} {CVE-2017-5754} {CVE-2017-5931} {CVE-2017-6058} {CVE-2017-7471} {CVE-2017-7493} {CVE-2017-8112} {CVE-2017-8309} {CVE-2017-8379} {CVE-2017-8380} {CVE-2017-9503} {CVE-2017-9524} {CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130} {CVE-2018-16872} {CVE-2018-20123} {CVE-2018-20124} {CVE-2018-20125} {CVE-2018-20126} {CVE-2018-20191} {CVE-2018-20216} {CVE-2018-20815} {CVE-2019-11091} {CVE-2019-12155} {CVE-2019-14378} {CVE-2019-3812} {CVE-2019-5008} {CVE-2019-6501} {CVE-2019-6778} {CVE-2019-8934} {CVE-2019-9824} - qemu-kvm.spec: Add .spec file for OL8 (Karl Heubaum) [Orabug: 30618035] - qemu.spec: Add .spec file for OL7 (Karl Heubaum) [Orabug: 30618035] - qemu-submodule-init: Add Git submodule init script (Karl Heubaum) [Orabug: 30618035] - vhost.conf: Initial vhost.conf (Karl Heubaum) [Orabug: 30618035] - parfait: Add buildrpm/parfait-qemu.conf (Karl Heubaum) [Orabug: 30618035] - virtio: Set PCI subsystem vendor ID to Oracle (Karl Heubaum) [Orabug: 30618035] - qemu_regdump.py: Initial qemu_regdump.py (Karl Heubaum) [Orabug: 30618035] - qmp-regdump: Initial qmp-regdump (Karl Heubaum) [Orabug: 30618035] - bridge.conf: Initial bridge.conf (Karl Heubaum) [Orabug: 30618035] - kvm.conf: Initial kvm.conf (Karl Heubaum) [Orabug: 30618035] - 80-kvm.rules: Initial 80-kvm.rules (Karl Heubaum) [Orabug: 30618035] - exec: set map length to zero when returning NULL (Prasad J Pandit) [Orabug: 31439733] {CVE-2020-13659} - megasas: use unsigned type for reply_queue_head and check index (Prasad J Pandit) [Orabug: 31414338] {CVE-2020-13362} - memory: Revert 'memory: accept mismatching sizes in memory_region_access_valid' (Michael S. Tsirkin) [Orabug: 31439736] [Orabug: 31452202] {CVE-2020-13754} {CVE-2020-13791} [4.1.1-3.el8] - buildrpm/spec files: Don't package elf2dmp (Karl Heubaum) [Orabug: 31657424] - qemu-kvm.spec: Enable the block-curl package (Karl Heubaum) [Orabug: 31657424] - qemu.spec: enable have_curl in spec (Dongli Zhang) [Orabug: 31657424] [4.1.1-2.el8] - Document CVE-2020-13765 as fixed (Karl Heubaum) [Orabug: 31463250] {CVE-2020-13765} - kvm: Reallocate dirty_bmap when we change a slot (Dr. David Alan Gilbert) [Orabug: 31076399] - kvm: split too big memory section on several memslots (Igor Mammedov) [Orabug: 31076399] - target/i386: do not set unsupported VMX secondary execution controls (Vitaly Kuznetsov) [Orabug: 31463710] - target/i386: add VMX definitions (Paolo Bonzini) [Orabug: 31463710] - ati-vga: check mm_index before recursive call (CVE-2020-13800) (Prasad J Pandit) [Orabug: 31452206] {CVE-2020-13800} - es1370: check total frame count against current frame (Prasad J Pandit) [Orabug: 31463235] {CVE-2020-13361} - ati-vga: Fix checks in ati_2d_blt() to avoid crash (BALATON Zoltan) [Orabug: 31238432] {CVE-2020-11869} - libslirp: Update to stable-4.2 to fix CVE-2020-1983 (Karl Heubaum) [Orabug: 31241227] {CVE-2020-1983} - Document CVEs as fixed (Karl Heubaum) {CVE-2019-12068} {CVE-2019-15034} - libslirp: Update to version 4.2.0 to fix CVEs (Karl Heubaum) [Orabug: 30274592] [Orabug: 30869830] {CVE-2019-15890} {CVE-2020-8608} - target/i386: add support for MSR_IA32_TSX_CTRL (Paolo Bonzini) [Orabug: 31124041] - qemu-img: Add --target-is-zero to convert (David Edmondson) - vnc: fix memory leak when vnc disconnect (Li Qiang) [Orabug: 30996427] {CVE-2019-20382} - iscsi: Cap block count from GET LBA STATUS (CVE-2020-1711) (Felipe Franciosi) [Orabug: 31124035] {CVE-2020-1711} - qemu.spec: Remove 'BuildRequires: kernel' (Karl Heubaum) [Orabug: 31124047] seabios sgabios supermin [5.2.1-2.0.1.el8] - Rebuild [Orabug: 35720304] [5.2.1-2.el8] - Supermin should ignore +debug kernels resolves: rhbz#2051332 - Add copy-patches script. [5.2.1-1.el8] - Resolves: bz#2000225 (Rebase virt:rhel module:stream based on AV-8.6) [5.1.19] - Resolves: bz#1810193 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release) [5.1.19-9] - Rebuild all virt packages to fix RHEL's upgrade path - Resolves: rhbz#1695587 (Ensure modular RPM upgrade path) [5.1.19-8] - Pass CFLAGS & LDFLAGS to final supermin link resolves: rhbz#1624175 [5.1.19-7] - Rebuild for OCaml 4.07.0. [5.1.19-6] - Drop dietlibc in RHEL 8 resolves: rhbz#1588067 [5.1.19-5] - Bump release and rebuild. [5.1.19-4] - Reenable hardened build [5.1.19-3] - Fix bytes/string problems. [5.1.19-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [5.1.19-1] - New upstream version 5.1.19. - Remove all patches, now upstream. [5.1.18-5] - Rebuilt for RPM soname bump [5.1.18-4] - Fix supermin crash with truncated vmlinuz file (RHBZ#1477758). - Include all upstream patches since 5.1.18. [5.1.18-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [5.1.18-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [5.1.18-1] - New upstream release 5.1.18. - Fixes problem with creating incorrect symlinks (RHBZ#1470157). [5.1.17-5] - Enable dietlibc on aarch64 and POWER. [5.1.17-4] - Drop dependency on hawkey and versioned dependencies on dnf. [5.1.17-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [5.1.17-2] - Rebuild for OCaml 4.04.0. [5.1.17-1] - New upstream release 5.1.17. - Check signature on the tarball before unpacking it. - Remove patches, all upstream. [5.1.16-6] - Switch to dietlibc on s390x [5.1.16-5] - Do not break the binary on interpreted builds (#1375213) [5.1.16-4] - Add all upstream patches since 5.1.16 was released. [5.1.16-3] - Add upstream patch for DAX / vNVDIMM support. [5.1.16-2] - New upstream version 5.1.16. - Drop all patches since they are upstream. - Depend on systemd-udev to work around RHBZ#1331012. [5.1.15-2] - Add all upstream patches since 5.1.15 was released. - These should improve boot performance and initrd size. [5.1.15-1] - New upstream version 5.1.15. - Remove all patches, since they are now included in this version. - Enable dietlibc, remove glibc-static, xz-static, zlib-static. [5.1.14-4] - Add more patches since 5.1.14. [5.1.14-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [5.1.14-2] - Add all patches since 5.1.14. [5.1.14-1] - New upstream version 5.1.14. - Remove all patches - now upstream. [5.1.13-4] - Pull in all upstream patches since 5.1.13. - Choose providers better (RHBZ#1266918). - Use autopatch. - Explicitly depend on pod2html. [5.1.13-3] - Bump version to rebuild against new RPM in Rawhide. [5.1.13-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [5.1.13-1] - New upstream version 5.1.13. - Remove patch, now upstream. [5.1.12-11] - Prefer 'dnf download' over 'yumdownloader' (again). - BR grubby for the tests to work. [5.1.12-9] - Revert back to yumdownloader (RHBZ#1186948). [5.1.12-8] - Prefer 'dnf download' over 'yumdownloader'. [5.1.12-7] - Disable hardened build again. See RHBZ#1202091 RHBZ#1204162. [5.1.12-6] - Enable hardening flags by building the static 'init' specially before the main build. - Use _smp_mflags. [5.1.12-4] - Add a -devel subpackage containing automated RPM dependency generator for supermin appliances. [5.1.12-2] - Disable hardened build as it breaks building the static 'init' binary. [5.1.12-1] - New upstream version 5.1.12. - Includes ARM fix: lpae kernels can now be booted (RHBZ#1199733). [5.1.11-2] - Rebuild for xz-5.2.0 in Rawhide (RHBZ#1179252). [5.1.11-1] - New upstream version 5.1.11. [5.1.10-2] - Update to upstream commit d78c898c7e2bc5f12cbebef98b95a7908d9120f1. - BR rpm-devel, since it is now used instead of invoking rpm. - BR automake and autoconf, and run autoreconf (configure.ac is modified by the patches). [5.1.10-1] - New upstream version 5.1.10. - Remove patch which is now included upstream. [5.1.9-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild [5.1.9-2] - Add upstream patch to avoid endless loop in Rawhide. [5.1.9-1] - New upstream version 5.1.9. - Remove patches which are now upstream. [5.1.8-9] - Add Requires findutils (RHBZ#1113029). [5.1.8-8] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [5.1.8-7] - Add patch to fix RPM handler when filenames may contain spaces. [5.1.8-4] - Skip execstack test on Fedora 20 (ARM only). [5.1.8-3] - BR xz-static & xz-devel packages, to support xz-compressed kernel modules. [5.1.8-1] - New upstream version 5.1.8. - Remove patches which are now upstream. [5.1.7-3] - Add upstream patch which removes need to run execstack (RHBZ#1093261). [5.1.7-2] - Add patch to fix quoting around mke2fs parameter (RHBZ#1084960). [5.1.7-1] - New upstream version 5.1.7. - Remove ppc64p7 patch which is now upstream. [5.1.6-5] - Requires tar, which is not installed in an @Core installation. [5.1.6-4] - Add upstream patch to fix supermin on ppc64p7. [5.1.6-3] - New upstream version 5.1.6. - Fix tests. [5.1.5-2] - Disable execstack on aarch64. It comes from prelink which does not exist on aarch64. [5.1.5-1] - New upstream version 5.1.5. [5.1.3-1] - New upstream version 5.1.3. [5.1.2-1] - New upstream version 5.1.2. - Fixes a serious bug in --build mode. [5.1.1-1] - New upstream version 5.1.1. - Remove patch which is now upstream. [5.1.0-3] - Add BR yum-utils (for yumdownloader). - Add upstream patch which stops duplicate packages appearing. [5.1.0-2] - New upstream version 5.1.0. - Note this is effectively a rewrite, and is not completely compatible. - There is no separate 'supermin-helper' subpackage any more. - Requires rpm instead of yum. [4.1.6-2] - New upstream version 4.1.6. - Should fix all autotools brokenness. - Man pages are now all in section 1. - Remove patch which is now upstream. - +BR /usr/bin/execstack (from prelink). [4.1.5-5] - Rerun autoreconf to fix autotools brokenness. [4.1.5-4] - Why was prelink required? Remove it. [4.1.5-3] - correct Obsoletes version for febootstrap and febootstrap-supermin-helper [4.1.5-2] - (For ARM) Don't crash if SUPERMIN_DTB is set and --dtb not specified. [4.1.5-1] - New upstream version 4.1.5. - Has (optionally) a new command line syntax. - Supports device trees for ARM. [4.1.4-1] - New upstream version 4.1.4. - Supports compressed cpio image files, experimentally. [4.1.3-1] - New upstream version 4.1.3. - Remove patch which is now upstream. - Add examples directory to documentation. [4.1.2-2] - Include upstream patch to get correct directory setgid/sticky bits in the appliance. [4.1.2-1] - New upstream version 4.1.2. - Remove patch which is now upstream. [4.1.1-2] - Add upstream patch to ignore ghost non-regular files. - This fixes builds on Fedora 20 because the filesystem package has been changed so /var/lock and /var/run are marked as ghost. [4.1.1-1] - New upstream version 4.1.1. - The program has been renamed 'supermin' from 'febootstrap'. - Obsolete, but don't Provide because supermin is not a compatible replacement. - Use '_isa' to specify architecture of supermin-helper subpackage. [1:3.21-2] - Add upstream patch to drop supplemental groups (RHBZ#902476). - Remove 'Group:' RPM headers which are no longer necessary. - Remove some commented-out requirements. [1:3.21-1] - New upstream version 3.21. [1:3.20-1] - New upstream version 3.20. [1:3.19-2] - Work around brokenness in yum (RHBZ#850913). - Remove defattr, no longer required. [1:3.19-1] - New upstream version 3.19. [3.18-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [3.18-1] - New upstream version 3.18. - This adds support for EPEL 5. [3.17-1] - New upstream version 3.17. [3.16-1] - New upstream version 3.16. [3.15-1] - New upstream version 3.15. - This version includes root=<device> support, needed for libguestfs with virtio-scsi. - Remove upstream patch. [3.14-6] - For RHEL 7 only, add ExclusiveArch x86-64. [3.14-5] - Bundled gnulib (RHBZ#821752). [3.14-4] - Add back explicit dependencies for external programs. [3.14-3] - Drop ExclusiveArch as it's supported on all primary & secondary arches - Cleanup spec and deps [3.14-2] - New upstream version 3.14. - Add upstream patch to fix RHBZ#808421. [3.13-4] - e2fsprogs moved /sbin/mke2fs to /usr/sbin (thanks Eric Sandeen). [3.13-2] - Missing BR zlib-static. [3.13-1] - New upstream version 3.13. - Remove upstream patch which is included in this version. [3.12-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [3.12-4] - Depend on latest e2fsprogs (RHBZ#771310). [3.12-2] - Include upstream patch to work around Python stupidity. [3.12-1] - New upstream version 3.12. - Remove upstream patch which is included in this version. [3.11-2] - Add upstream patch to fix febootstrap on non-Debian. [3.11-1] - New upstream version 3.11. [3.10-1] - New upstream version 3.10. [3.9-1] - New upstream version 3.9. [3.8-1] - New upstream version 3.8. [3.7-1] - New upstream version 3.7. [3.6-1] - New upstream version 3.6. - This version no longer needs external insmod.static. [3.5-1] - New upstream version 3.5. - Remove patch which is now upstream. [3.4-2] - Don't fail if objects are created in a symlinked dir (RHBZ#698089). [3.4-1] - New upstream version 3.4. - febootstrap-supermin-helper Obsoletes older versions of febootstrap. [3.3-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [3.3-4] - Split package into febootstrap (for building) and febootstrap-supermin-helper (for running). Note that febootstrap depends on febootstrap-supermin-helper, but you can install febootstrap-supermin-helper on its own. [3.3-3] - Clear executable stack flag on febootstrap-supermin-helper. [3.3-2] - add the ocaml's ExclusiveArch [3.3-1] - New upstream version 3.3. [3.2-1] - New upstream version 3.2. - Remove upstream patches. [3.1-5] - Previous fix for RHBZ#654638 didn't work, fix it correctly. [3.1-4] - Properly ignore .*.hmac files (accidental reopening of RHBZ#654638). [3.1-3] - Uses yumdownloader at runtime, so require yum-utils. [3.1-2] - New upstream version 3.1. - BR insmod.static. [3.0-2] - New upstream version 3.0 (note this is incompatible with 2.x). - Fix upstream URLs. - fakeroot, fakechroot no longer required. - insmod.static is required at runtime (missing dependency from earlier). - The only programs are 'febootstrap' and 'febootstrap-supermin-helper'. - BR ocaml, ocaml-findlib-devel. - No examples are provided with this version of febootstrap. [2.11-1] - New upstream version 2.11. - Fixes 'ext2fs_mkdir .. No free space in directory' bug which affects libguestfs on rawhide. [2.10-1] - New upstream version 2.10. - Adds -u and -g options to febootstrap-supermin-helper which are required by virt-v2v. [2.9-1] - New upstream version 2.9. - Fixes directory ordering problem in febootstrap-supermin-helper. [2.8-1] - New upstream version 2.8. [2.8-0.2] - New pre-release version of 2.8. + Note this is based on 2.7 + mailing list patches. - New BRs on mke2fs, libext2fs, glibc-static. [2.7-2] - New upstream version 2.7. - febootstrap-supermin-helper shell script rewritten in C for speed. - This package contains C code so it is no longer 'noarch'. - MAKEDEV isn't required. [2.6-1] - New upstream release 2.6. - Recheck package in rpmlint. [2.5-2] - New upstream release 2.5. - Remove BR upx (not needed by upstream). - Two more scripts / manpages. [2.4-1] - New upstream release 2.4. [2.3-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [2.3-1] - New upstream release 2.3. [2.2-1] - New upstream release 2.2. [2.0-1] - New upstream release 2.0. [1.9-1] - New upstream release 1.9. [1.8-1] - New upstream release 1.8. [1.7-1] - New upstream release 1.7. [1.5-3] - Configure script has (unnecessary) BuildRequires on fakeroot, fakechroot, yum. [1.5-2] - Initial build for Fedora. swtpm virt-v2v MODERATE Copyright 2024 Oracle, Inc. CVE-2024-7409 cpe:/a:oracle:linux:8::kvm_appstream cpe:/a:oracle:exadata_dbserver:24.1.5.0.0::ol8 Oracle Linux 7 [1.7.1] - Create new 1.7.1 release for OL7 which includes the following fixed CVEs: - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access [Orabug: 36990130] {CVE-2024-1298} - EDK2: In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. [Orabug: 36990244] {CVE-2024-25742} - EDK2: EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. [Orabug: 36990198] {CVE-2023-45236} - EDK2: EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. [Orabug: 36990210] {CVE-2023-45237} MODERATE Copyright 2024 Oracle, Inc. CVE-2023-45237 CVE-2024-25742 CVE-2024-1298 CVE-2023-45236 cpe:/a:oracle:linux:7::kvm_utils Oracle Linux 7 [1.7.1] - Create new 1.7.1 release for OL7 which includes the following fixed CVEs: - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access [Orabug: 36990130] {CVE-2024-1298} - EDK2: In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. [Orabug: 36990244] {CVE-2024-25742} - EDK2: EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. [Orabug: 36990198] {CVE-2023-45236} - EDK2: EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. [Orabug: 36990210] {CVE-2023-45237} MODERATE Copyright 2024 Oracle, Inc. CVE-2024-1298 CVE-2024-25742 CVE-2023-45236 CVE-2023-45237 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:linux:7::kvm_utils cpe:/a:oracle:linux:7::optional_latest Oracle Linux 8 [20240909] - Create new 20240909 release for OL8 which includes the following fixed CVEs: - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access [Orabug: 36990130] {CVE-2024-1298} - EDK2: In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. [Orabug: 36990244] {CVE-2024-25742} - EDK2: EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. [Orabug: 36990198] {CVE-2023-45236} - EDK2: EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. [Orabug: 36990210] {CVE-2023-45237} MODERATE Copyright 2024 Oracle, Inc. CVE-2023-45236 CVE-2024-1298 CVE-2024-25742 CVE-2023-45237 cpe:/a:oracle:linux:8::distro_builder cpe:/a:oracle:linux:8::kvm_appstream Oracle Linux 8 Oracle Linux 9 [5.15.0-301.163.5.2] - mm: avoid leaving partial pfn mappings around in error case (Linus Torvalds) [Orabug: 37174198] {CVE-2024-47674} - Revert 'Documentation/admin-guide/acpi: Move information out of shell script comments' (Dave Kleikamp) [Orabug: 37144820] - Revert 'irqchip/gic-v3: Move partition_create_desc() work to a helper' (Dave Kleikamp) [Orabug: 37144820] - Revert 'irqchip/gic: Collect GIC_IRQ_TYPE definitions into one place' (Dave Kleikamp) [Orabug: 37144820] - Revert 'ACPI / irq: Allow a compile-time arg0 for acpi_register_gsi()'s fwspec' (Dave Kleikamp) [Orabug: 37144820] - Revert 'irqchip/gic, gic-v3: Translate fwspec for DT and ACPI systems in the same way' (Dave Kleikamp) [Orabug: 37144820] - Revert 'ACPI / PPTT: Provide a helper to walk processor containers' (Dave Kleikamp) [Orabug: 37144820] - Revert 'ACPI / PPTT: Add a helper to build a cpumask from a cpu_node' (Dave Kleikamp) [Orabug: 37144820] - Revert 'irqchip/gic-v3: Print DT partitions in the same way as APCI' (Dave Kleikamp) [Orabug: 37144820] - Revert 'irqchip/gic-v3: Build PPI partitions on ACPI systems' (Dave Kleikamp) [Orabug: 37144820] - Revert 'irqchip/gic-v3: select and translate the partition domain' (Dave Kleikamp) [Orabug: 37144820] - Revert 'ACPI / irq: Add acpi_register_partitioned_percpu_gsi()' (Dave Kleikamp) [Orabug: 37144820] - Revert 'ACPI / PPTT: Find PPTT cache level by ID' (Dave Kleikamp) [Orabug: 37144820] - Revert 'ACPI / PPTT: Add a helper to fill a cpumask from a processor container' (Dave Kleikamp) [Orabug: 37144820] - Revert 'ACPI / PPTT: Add a helper to fill a cpumask from a cache_id' (Dave Kleikamp) [Orabug: 37144820] - Revert 'drivers: base: cacheinfo: Check per_cpu_cacheinfo() is allocated' (Dave Kleikamp) [Orabug: 37144820] - Revert 'drivers: base: cacheinfo: Add helper to find the cache size from cpu+level' (Dave Kleikamp) [Orabug: 37144820] - Revert 'cacheinfo: Allow for >32-bit cache 'id'' (Dave Kleikamp) [Orabug: 37144820] - Revert 'cacheinfo: Set cache 'id' based on DT data' (Dave Kleikamp) [Orabug: 37144820] - Revert 'cacheinfo: Expose the code to generate a cache-id from a device_node' (Dave Kleikamp) [Orabug: 37144820] [5.15.0-301.163.5.1] - vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (Haoran Zhang) [Orabug: 37142443] [5.15.0-301.163.5] - netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init(). (Kuniyuki Iwashima) [Orabug: 36964003] {CVE-2024-42270} - netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init(). (Kuniyuki Iwashima) [Orabug: 36964001] {CVE-2024-42269} - Revert 'arm64: Allow 512K irqs' (Harshit Mogalapalli) [Orabug: 37117987] [5.15.0-301.163.4] - pds_core: Prevent race issues involving the adminq (Brett Creeley) [Orabug: 36529980] {CVE-2024-26623} - netdevsim: avoid potential loop in nsim_dev_trap_report_work() (Eric Dumazet) [Orabug: 36530387] {CVE-2024-26681} - devlink: fix possible use-after-free and memory leaks in devlink_init() (Vasiliy Kovalev) [Orabug: 36530666] {CVE-2024-26734} - x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (Adamos Ttofari) [Orabug: 36642225] {CVE-2024-35801} - net/mlx5e: Fix mlx5e_priv_init() cleanup flow (Carolina Jubran) [Orabug: 36643379] {CVE-2024-35959} - uek-rpm: correctly set DEFAULTKERNEL after removal of uek kernels (Rhythm Mahajan) [Orabug: 36709294] - RDMA: Flip the meaning of '-1' and '0' in ibv_create_cq / ib_create_cq (Gerd Rausch) [Orabug: 36822216] - Revert 'rds: ib: fix non-determinism when comp_vector is zero' (Gerd Rausch) [Orabug: 36822216] - net/mlx5: Fix tainted pointer delete is case of flow rules creation fail (Aleksandr Mishin) [Orabug: 36835804] {CVE-2024-40940} - xfrm: Remove documentation WARN_ON to limit return values for offloaded SA (Patrisious Haddad) [Orabug: 37080855] - perf/x86/amd: Fix crash due to race between amd_pmu_enable_all, perf NMI and throttling (Ravi Bangoria) [Orabug: 37088496] [5.15.0-301.163.3] - uek-rpm: T93: enable xxhash crypto module for fips (Dave Kleikamp) [Orabug: 37075386] - mm: ioremap: Add ioremap/iounmap_allowed() (Kefeng Wang) [Orabug: 37061929] - netfilter: nf_tables: use timestamp to check for set element timeout (Pablo Neira Ayuso) [Orabug: 36630431] {CVE-2024-27397} - uek-rpm: Enable CONFIG_DEVICE_PRIVATE for the 64K page kernel (Dave Kleikamp) [Orabug: 36670372] - uek-rpm: Config changes to support Grace Hopper (Dave Kleikamp) [Orabug: 36670372] - arm64: Allow 512K irqs (Dave Kleikamp) [Orabug: 36670372] - tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer (Matthew R. Ochs) [Orabug: 36670372] - firmware: smccc: Fix use of uninitialised results structure (Punit Agrawal) [Orabug: 36670372] - i2c: smbus: Check for parent device before dereference (Andy Shevchenko) [Orabug: 36670372] - gpio: tegra186: remove unneeded loop in tegra186_gpio_init_route_mapping() (Tom Rix) [Orabug: 36670372] - dt-bindings: gpio: Remove FSI domain ports on Tegra234 (Prathamesh Shete) [Orabug: 36670372] - i2c: tegra: Do not mark ACPI devices as irq safe (Breno Leitao) [Orabug: 36670372] - tpm_tis_spi: Add hardware wait polling (Krishna Yarlagadda) [Orabug: 36670372] - spi: tegra210-quad: Enable TPM wait polling (Krishna Yarlagadda) [Orabug: 36670372] - spi: Add TPM HW flow flag (Krishna Yarlagadda) [Orabug: 36670372] - spi: tegra210-quad: set half duplex flag (Krishna Yarlagadda) [Orabug: 36670372] - spi: tegra210-quad: Fix iterator outside loop (Krishna Yarlagadda) [Orabug: 36670372] - spi: tegra210-quad: Fix validate combined sequence (Krishna Yarlagadda) [Orabug: 36670372] - ACPI/IORT: Update SMMUv3 DeviceID support (Robin Murphy) [Orabug: 36670372] - spi: tegra210-quad: Fix duplicate resource error (Krishna Yarlagadda) [Orabug: 36670372] - spi: tegra210-quad: Don't initialise DMA if not supported (Jon Hunter) [Orabug: 36670372] - spi: tegra210-quad: Fix combined sequence (Krishna Yarlagadda) [Orabug: 36670372] - irqchip/gicv3: Workaround for NVIDIA erratum T241-FABRIC-4 (Shanker Donthineni) [Orabug: 36670372] - irqchip/gicv3: Handle resource request failure consistently (Robin Murphy) [Orabug: 36670372] - irqchip/gic-v3: Claim iomem resources (Robin Murphy) [Orabug: 36670372] - i2c: tegra: Fix PEC support for SMBUS block read (Akhil R) [Orabug: 36670372] - i2c: tegra: Set ACPI node as primary fwnode (Akhil R) [Orabug: 36670372] - arm64: tegra: Enable Tegra SPI & QSPI in deconfig (Krishna Yarlagadda) [Orabug: 36670372] - spi: tegra210-quad: Multi-cs support (Krishna Yarlagadda) [Orabug: 36670372] - i2c: tegra: Add SMBus block read function (Akhil R) [Orabug: 36670372] - spi: tegra210-quad: use device_reset method (Krishna Yarlagadda) [Orabug: 36670372] - i2c: smbus: Use device_*() functions instead of of_*() (Akhil R) [Orabug: 36670372] - spi: tegra210-quad: add acpi support (Krishna Yarlagadda) [Orabug: 36670372] - docs: firmware-guide: ACPI: Add named interrupt doc (Akhil R) [Orabug: 36670372] - device property: Add fwnode_irq_get_byname (Akhil R) [Orabug: 36670372] - device property: Add fwnode_iomap() (Anand Ashok Dumbre) [Orabug: 36670372] - spi: tegra210-quad: combined sequence mode (Krishna Yarlagadda) [Orabug: 36670372] - spi: tegra210-quad: add new chips to compatible (Krishna Yarlagadda) [Orabug: 36670372] - gpio: tegra186: Add IRQ per bank for Tegra241 (Akhil R) [Orabug: 36670372] - spi: tegra210-quad: use devm call for cdata memory (Krishna Yarlagadda) [Orabug: 36670372] - gpio: tegra186: Add support for Tegra241 (Akhil R) [Orabug: 36670372] - gpio: tegra186: Add support for Tegra234 (Prathamesh Shete) [Orabug: 36670372] - gpio: tegra186: Support multiple interrupts per bank (Thierry Reding) [Orabug: 36670372] - gpio: tegra186: Force one interrupt per bank (Thierry Reding) [Orabug: 36670372] - dt-bindings: gpio: Add Tegra241 support (Akhil R) [Orabug: 36670372] - dt-bindings: gpio: Add Tegra234 support (Prathamesh Shete) [Orabug: 36670372] - dt-bindings: gpio: tegra186: Convert to json-schema (Thierry Reding) [Orabug: 36670372] - i2c: tegra: use i2c_timings for bus clock freq (Akhil R) [Orabug: 36670372] - i2c: tegra: Add the ACPI support (Akhil R) [Orabug: 36670372] - net/mlx5: Stop waiting for PCI if pci channel is offline (Moshe Shemesh) [Orabug: 36955683] - Revert 'crypto: ecc - Move ecc.h to include/crypto/internal' (Dave Kleikamp) [Orabug: 37062541] - Revert 'crypto: ecc - Export additional functions from crypto/ecc.c' (Dave Kleikamp) [Orabug: 37062541] - Revert 'crypto: add ECDSA signature generation support' (Dave Kleikamp) [Orabug: 37062541] - Revert 'crypto: add ECDSA test vectors from RFC 6979' (Dave Kleikamp) [Orabug: 37062541] - Revert 'crypto: make RFC6979 test vectors generic to all drivers' (Dave Kleikamp) [Orabug: 37062541] - Revert 'crypto: ecdsa - export ecdsa signature ASN.1 parser' (Dave Kleikamp) [Orabug: 37062541] - Revert 'crypto: ecdsa - export ecdsa privkey ASN.1 parser' (Dave Kleikamp) [Orabug: 37062541] - Revert 'crypto: octeontx2: add support for ECDSA P192, P256 and P384' (Dave Kleikamp) [Orabug: 37062541] - Revert 'crypto: octeontx2: add support for DH' (Dave Kleikamp) [Orabug: 37062541] - Revert 'crypto: octeontx2: fix opcode incase of SGv2' (Dave Kleikamp) [Orabug: 37062541] - i40e: Change user notification of non-SFP module in i40e_get_module_info() (Andrii Staikov) [Orabug: 37069948] [5.15.0-301.163.2] - x86/efistub: Branch straight to kernel entry point from C code (Ard Biesheuvel) [Orabug: 36943196] - x86/efi: Make the deprecated EFI handover protocol optional (Ard Biesheuvel) [Orabug: 36943196] - efi: fix panic in kdump kernel (Oleksandr Tymoshenko) [Orabug: 36943196] - efi: verify that variable services are supported (Johan Hovold) [Orabug: 36943196] - efi: libstub: Give efi_main() asmlinkage qualification (Ard Biesheuvel) [Orabug: 36943196] - x86/boot/compressed: Simplify IDT/GDT preserve/restore in the EFI thunk (Ard Biesheuvel) [Orabug: 36943196] - x86/boot/compressed, efi: Merge multiple definitions of image_offset into one (Ard Biesheuvel) [Orabug: 36943196] - x86/boot/compressed: Move efi32_pe_entry() out of head_64.S (Ard Biesheuvel) [Orabug: 36943196] - x86/boot/compressed: Move efi32_entry out of head_64.S (Ard Biesheuvel) [Orabug: 36943196] - x86/boot/compressed: Move efi32_pe_entry into .text section (Ard Biesheuvel) [Orabug: 36943196] - x86/boot/compressed: Move bootargs parsing out of 32-bit startup code (Ard Biesheuvel) [Orabug: 36943196] - x86/boot/compressed: Move 32-bit entrypoint code into .text section (Ard Biesheuvel) [Orabug: 36943196] - x86/boot/compressed: Rename efi_thunk_64.S to efi-mixed.S (Ard Biesheuvel) [Orabug: 36943196] - efi: libstub: use EFI_LOADER_CODE region when moving the kernel in memory (Ard Biesheuvel) [Orabug: 36943196] - efi/x86: libstub: Make DXE calls mixed mode safe (Ard Biesheuvel) [Orabug: 36943196] - efi: libstub: ensure allocated memory to be executable (Baskov Evgeniy) [Orabug: 36943196] - efi: libstub: declare DXE services table (Baskov Evgeniy) [Orabug: 36943196] - x86/compressed: Export and rename add_identity_map() (Michael Roth) [Orabug: 36943196] - x86/compressed/64: Detect/setup SEV/SME features earlier during boot (Michael Roth) [Orabug: 36943196] - x86/boot: Use MSR read/write helpers instead of inline assembly (Michael Roth) [Orabug: 36943196] - x86/boot: Introduce helpers for MSR reads/writes (Michael Roth) [Orabug: 36943196] - x86/compressed/acpi: Move EFI detection to helper (Michael Roth) [Orabug: 36943196] - efi/libstub: add prototype of efi_tcg2_protocol::hash_log_extend_event() (Ard Biesheuvel) [Orabug: 36943196] - efi/libstub: x86/mixed: increase supported argument count (Ard Biesheuvel) [Orabug: 36943196] - uek: kabi: update x86_64 kABI files for new symbols (Yifei Liu) [Orabug: 37033066] - crypto/octeontx2: Use dynamic allocated memory region for lmtst (Bharat Bhushan) [Orabug: 36725601] - crypto/octeontx2: Initialize cptlfs device info once (Bharat Bhushan) [Orabug: 36725601] - octeontx2-bphy-netdev: fix rsfec stats reading (Baha Mesleh) [Orabug: 36725601] - octeontx2-pf: Add NIXLF error/poison interrupt handlers (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-af: dbg: Add debug prints for NIX AF interrupts (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-af: poll for tx link credits before link mode change (Naveen Mamindlapalli) [Orabug: 36725601] - drivers: gpio: thunderx: Do not support irq config for both edge (Suneel Garapati) [Orabug: 36725601] - octeontx2-af: Knobs for NPC default rule counters (Linu Cherian) [Orabug: 36725601] - octeontx2-af: debugfs: Add Channel info to RPM map (Linu Cherian) [Orabug: 36725601] - Octeontx2-af: Skip overlap check for SPI field (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Modify SMQ flush sequence to drop packets (Naveen Mamindlapalli) [Orabug: 36725601] - drivers: spi-cadence-xspi: Add error check for xfer logic register base (Petr Malat) [Orabug: 36725601] - octeontx2-af: Fix issue with GRE parsing (Kiran Kumar K) [Orabug: 36725601] - octeontx2-af: add shutdown function (Dave Kleikamp) [Orabug: 36725601] - uek-rpm: Build T93 embedded kernel (Dave Kleikamp) [Orabug: 36725601] - driver: soc: marvell: add cpss drivers (Dave Kleikamp) [Orabug: 36725601] - PCI: boot time optimization (Harman Kalra) [Orabug: 36725601] - octeontx_edac: Fix mcc_edac failure at boot (Thomas Tai) [Orabug: 36725601] - soc: Only try to build Marvell SOC code on aarch64 (Dave Kleikamp) [Orabug: 36725601] - efi/Marvell: Work-around for bootefi memmap errors (Henry Willard) [Orabug: 36725601] - octeontx2-af: add max_vfs module param (Tom Saeger) [Orabug: 36725601] - arm64: Fix compiler warning when CONFIG_MRVL_OCTEONTX_EL0_INTR is undefined. (Tom Saeger) [Orabug: 36725601] - thermal: add CN98XX support for Marvell Octeon TX2 SoC temperature sensors (Dave Kleikamp) [Orabug: 36725601] - thermal: support for Marvell Octeon TX2 SoC temperature sensors (Eric Saint-Etienne) [Orabug: 36725601] - crypto: octeontx2: let the core report the driver name instead of the drivers (Dave Kleikamp) [Orabug: 36725601] - octeontx2-pf: extend ringparam setting/getting API with rx_buf_len (Dave Kleikamp) [Orabug: 36725601] - octeontx2-pf: Fix arguments to bpf_warn_invalid_xdp_action() (Dave Kleikamp) [Orabug: 36725601] - octeontx2-af: fix bitmap_weight formatting (Dave Kleikamp) [Orabug: 36725601] - octeontx2-bphy-netdev: Support for eCPRI MsgType5 timestamping (Sai Krishna) [Orabug: 36725601] - octeontx2-bphy-netdev: Use correct netdev priv structure for debugging (Baha Mesleh) [Orabug: 36725601] - gpio: thunder: Fix invalid object pointer in kfree. (Szymon Balcerak) [Orabug: 36725601] - soc: marvell: bert: BERT support for CN10k (Piyush Malgujar) [Orabug: 36725601] - drivers: soc: marvell: octeontx_info: Fix parsing of two fdt properties (Felix Manlunas) [Orabug: 36725601] - octeontx2-af: Add validation before accessing fwdata (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Add support to parse more VLAN headers (Kiran Kumar K) [Orabug: 36725601] - drivers: octeontx-edac: Add gic error decoder (Jayanthi Annadurai) [Orabug: 36725601] - drivers: pci-octeon-pem: Remove unused variables (Suneel Garapati) [Orabug: 36725601] - octeontx2-af: Add debugfs support to dump NIX TM registers (Anshumali Gaur) [Orabug: 36725601] - driver: edac: octeontx: offline/poison page on fatal/UE (Wladislav Wiebe) [Orabug: 36725601] - gpio: thunderx: Fixed 'pin-cfg' values collection. (Szymon Balcerak) [Orabug: 36725601] - octeontx2-bphy-netdev: disable CPRI RX on cleanup (Baha Mesleh) [Orabug: 36725601] - octeontx2-bphy-netdev: ignore mcs untagged error (Baha Mesleh) [Orabug: 36725601] - driver: i2c: mv64xxx: cn9130 bus lockup issue (Narendra Hadke) [Orabug: 36725601] - Calculate delay-element (Aaron Williams) [Orabug: 36725601] - Disable enhanced strobe if not selected (Aaron Williams) [Orabug: 36725601] - Fix clock timing for MMC DDR modes (Aaron Williams) [Orabug: 36725601] - soc: marvell: hw_access: fix modpost error (Satheesh Paul) [Orabug: 36725601] - octeontx2-af: Fix issue with IPV6 GRE and multi VLAN (Kiran Kumar K) [Orabug: 36725601] - octeontx2-af: Add KPU changes to parse fabric path header (Kiran Kumar K) [Orabug: 36725601] - xhci: Use more than one Event Ring segment (Jonathan Bell) [Orabug: 36725601] - xhci: Set DESI bits in ERDP register correctly (Lukas Wunner) [Orabug: 36725601] - soc: marvell: hw_access: add ioctl to get link info (Satheesh Paul) [Orabug: 36725601] - mdio: mdio-thunder: Fix driver build when ACPI disabled. (Szymon Balcerak) [Orabug: 36725601] - mdio: mdio-thunder: Add ACPI support. (Szymon Balcerak) [Orabug: 36725601] - gpio: thunderx: Add ACPI support. (Szymon Balcerak) [Orabug: 36725601] - octeontx2-pf: Check for DMAC extraction support before setting DMAC based hardware filter for a VF (Suman Ghosh) [Orabug: 36725601] - octeontx2-pf: Do not use HW TSO when gso_size < 16bytes (Geetha sowjanya) [Orabug: 36725601] - drivers: spi: xspi: Modify HW xfer workaround (Witold Sadowski) [Orabug: 36725601] - octeontx2-af: Added debugfs support to dump NIX TM topology (Anshumali Gaur) [Orabug: 36725601] - octeontx2-af: reveal only TIM params that are available (Shijith Thotton) [Orabug: 36725601] - octeontx2-bphy-netdev: disable rx on RFOEs on exit (Baha Mesleh) [Orabug: 36725601] - soc: marvell: otx2: Add dependency in Kconfig for GHES BERT (Piyush Malgujar) [Orabug: 36725601] - octeontx2-cpt: Wake up waiting process as last step (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-pf: Send UP messages to VF only when VF is up. (Subbaraya Sundeep) [Orabug: 36725601] - crypto: octeontx2: Honor irqaffinity passed via bootargs (Bharat Bhushan) [Orabug: 36725601] - octeontx2-af: fix mcam hit counter (Ankur Dwivedi) [Orabug: 36725601] - octeontx2-af: Fix default entries mcam entry action (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: map management port always to first PF (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: configure 802.3 pause frames in SGMII/QSGMII mode (Hariprasad Kelam) [Orabug: 36725601] - FWLOG: Correct read length with ppos (Mikko Suni) [Orabug: 36725601] - octeontx2-pf: Reorder tearing down of PTP RX info work queue, mailbox (Sai Krishna) [Orabug: 36725601] - octeontx2-af: Fix Support of FDSA tag (George Cherian) [Orabug: 36725601] - octeontx2-bphy-netdev: release psm queues on exit (Baha Mesleh) [Orabug: 36725601] - octeontx2-bphy-netdev: ignore MCS bypass errors (Baha Mesleh) [Orabug: 36725601] - MMC: Fix for SD card support in cadence driver (Paul Way) [Orabug: 36725601] - octeontx2-bphy-netdev: Add cpri busrt packet limiter (Naveen Mamindlapalli) [Orabug: 36725601] - genirq: Export irqaffinity_default (Sunil Goutham) [Orabug: 36725601] - octeontx2-bphy-netdev: Add SW workaround for Zero padding (Sai Krishna) [Orabug: 36725601] - octeontx2-af: Add new devlink param to configure maximum usable NIX LFs (Suman Ghosh) [Orabug: 36725601] - octeontx2-pf: Honor irqaffinity passed via bootargs (Sunil Goutham) [Orabug: 36725601] - octeontx2-af: add TIM error af interrupt handlers (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: clear state on TIM ring disable (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: disable preemption when enabling TIM (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-vf: Fix VF mbox up message error on PTP RX enable (Sai Krishna) [Orabug: 36725601] - drivers: spi-cadence-xspi: Change xfer logic base (Suneel Garapati) [Orabug: 36725601] - soc: marvell: otx2: Add Kconfig option for otx2-ghes-init file. (Piyush Malgujar) [Orabug: 36725601] - driver: edac: octeontx: Improvements to GIC RAS handler (Chandrakala Chavva) [Orabug: 36725601] - edac: octeontx: Add support for GIC RAS reporting (Jayanthi Annadurai) [Orabug: 36725601] - octeontx2-af: Dump hw register state on error (Geetha sowjanya) [Orabug: 36725601] - Change struct octeontx2_pcie_console_nexus (Ray Asbury) [Orabug: 36725601] - octeontx2-af: account for cycle wraparound (Pavan Nikhilesh) [Orabug: 36725601] - drivers: spi: cadence-xspi: Export chip select gpio conditionally (Suneel Garapati) [Orabug: 36725601] - spi: cadence: Improve MRVL locking mechanism (Witold Sadowski) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix PTP PHC sw timecounter reset ioctl (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-af: prevent TIM register read reorder (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-dpi: fix incorrect chunk size config (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-dpi: configure dma engine FIFO (Amit Prakash Shukla) [Orabug: 36725601] - octeontx2-pf: ethtool: support multi advertise mode (Hariprasad Kelam) [Orabug: 36725601] - octeontx-pf: Update SGMII mode mapping (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-pf: ethtool: Remove dependency of phyad (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: enable rxc with lookaside cpt lf (Vidya Sagar Velumuri) [Orabug: 36725601] - octeontx2-af: add mbox to capture counters (Pavan Nikhilesh) [Orabug: 36725601] - crypto: octeontx2: increase timeout value of load_fvc CPT instruction poll (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2: increase timeout value of load_fvc CPT instruction poll (Srujana Challa) [Orabug: 36725601] - octeontx2-dpi: extend sysfs to dump DPI PF registers (Satha Rao) [Orabug: 36725601] - octeontx2-af: reduce cpt flt interrupt vectors for cn10kb (Srujana Challa) [Orabug: 36725601] - octeontx2-pf: Fix updating PFC configuration during running traffic (Suman Ghosh) [Orabug: 36725601] - drivers: pci: probe: Read after write fixup for PBUS register (Suneel Garapati) [Orabug: 36725601] - genirq: Increase the number of interrupters (George Cherian) [Orabug: 36725601] - drivers: spi-cadence-xspi: Fix clock divisor change logic (Suneel Garapati) [Orabug: 36725601] - driver: mmc: sdhci-cadence: ACPI support added for eMMC driver for CN10K (Piyush Malgujar) [Orabug: 36725601] - driver: mmc: sdhci: Add ACPI check (Piyush Malgujar) [Orabug: 36725601] - octeontx2-af: Add debug logs. (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-pf: Add more debug messages (Geetha sowjanya) [Orabug: 36725601] - octeontx2-pf: Fix dangling pointers in the netdev qset (Geetha sowjanya) [Orabug: 36725601] - drivers: cadence-xspi: Optimize workaround logic (Suneel Garapati) [Orabug: 36725601] - edac: octeontx: Add error syndrome (Jayanthi Annadurai) [Orabug: 36725601] - drivers: i2c-octeon-core: Add recovery for WDOG_TOUT error status (Suneel Garapati) [Orabug: 36725601] - soc: marvell: otx2: Add CN10 check (Piyush Malgujar) [Orabug: 36725601] - octeontx2: Improve mailbox tracepoints for debugging (Subbaraya Sundeep) [Orabug: 36725601] - crypto: octeontx2: add timeout for load_fvc completion poll (Srujana Challa) [Orabug: 36725601] - octeontx2-af: avoid RXC register access in FLR on CN10KB (Nithin Dabilpuram) [Orabug: 36725601] - drivers: i2c-octeon-core: Add error state recovery (Bruno Matic) [Orabug: 36725601] - octeontx2-bphy-netdev: Add an ioctl to reset PTP PHC sw timecounter offset (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-af: Remove MAC address validation check (Suman Ghosh) [Orabug: 36725601] - octeontx2-pf: Use TL2 level for egress match all configuration (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-af: Add a new mbox to read/write MCAM hit status (Suman Ghosh) [Orabug: 36725601] - crypto: octeontx2: fix devlink params get callback (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2: fix opcode incase of SGv2 (Srujana Challa) [Orabug: 36725601] - ptp_clockmatrix: print driver version during probe (Naveen Mamindlapalli) [Orabug: 36725601] - driver: mfd/misc/ptp: update renasas smu drivers to v1.0 tag (Naveen Mamindlapalli) [Orabug: 36725601] - driver: edac: octeontx: Init MC grain (Vasyl Gomonovych) [Orabug: 36725601] - rqchip/gic-v3: Use raw_spin_lock in irq context (Geetha sowjanya) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: don't drop packets with macsec errors (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix register offset definitions (Naveen Mamindlapalli) [Orabug: 36725601] - drivers: spi: cadence: Reconfigure xSPI config to STIG Mode (Witold Sadowski) [Orabug: 36725601] - spi: Add xfer() function for cadence xSPI (Suneel Garapati) [Orabug: 36725601] - drivers: spi: Add arbitration support for Cadence SPI (Suneel Garapati) [Orabug: 36725601] - watchdog: sbsa_gwdt: Apply the Errata workaround seen on CN10K Processors (George Cherian) [Orabug: 36725601] - driver: spi: cadence: Remove unused variables (Geetha sowjanya) [Orabug: 36725601] - octeontx2-af: Flush WQ before destroy (Geetha sowjanya) [Orabug: 36725601] - octeontx2-pf: Check address for Null before free (Geetha sowjanya) [Orabug: 36725601] - octeontx2-pf: Detach LF resources on probe cleanup (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-af: add validation checks for function arguments (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2: Fix klockwork issues in BPHY and SSO (Suman Ghosh) [Orabug: 36725601] - octeontx2: Fix klockwork issues. (Suman Ghosh) [Orabug: 36725601] - octeontx2-af: Free NIX_AF_INT_VEC_GEN interrupt too (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-af: utilize hardware FLR support in SSO (Shijith Thotton) [Orabug: 36725601] - drivers: marvell: Fix klockwork issues (Suman Ghosh) [Orabug: 36725601] - arm64: smccc: Add trace events to SMC calls. (Rakesh Babu Saladi) [Orabug: 36725601] - crypto: octeontx2: add support for AES_GMAC (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2: add support for DH (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2: add support for ccm(aes) (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2: support md5 and hmac(md5) (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2: support sha1, sha256, sha384 and sha512 (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2: add support for ECDSA P192, P256 and P384 (Srujana Challa) [Orabug: 36725601] - crypto: ecdsa - export ecdsa privkey ASN.1 parser (Srujana Challa) [Orabug: 36725601] - crypto: ecdsa - export ecdsa signature ASN.1 parser (Srujana Challa) [Orabug: 36725601] - driver: serdes_debugfs: add support for debugfs (anthony chan-MA Eng_IC) [Orabug: 36725601] - octeontx2-af: fix to get different rq mask (Rakesh Kudurumalla) [Orabug: 36725601] - crypto: make RFC6979 test vectors generic to all drivers (Srujana Challa) [Orabug: 36725601] - crypto: add ECDSA test vectors from RFC 6979 (Srujana Challa) [Orabug: 36725601] - crypto: add ECDSA signature generation support (Srujana Challa) [Orabug: 36725601] - crypto: ecc - Export additional functions from crypto/ecc.c (Srujana Challa) [Orabug: 36725601] - octeontx2-af: update TIM adjust GTI errata silicons (Shijith Thotton) [Orabug: 36725601] - octeontx2-af: fix accessing of CPT register on 105xx. (Srujana Challa) [Orabug: 36725601] - octeontx2-pf: Using compound/head page ref count (Geetha sowjanya) [Orabug: 36725601] - octeontx2-bphy-netdev: Fixed sparse errors (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-pf: Remove source port check while adding ntuple rule for GTP-U/C (Suman Ghosh) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix ptp timestamp conversion when using external clock (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: don't modify pps threshold when sw timecounter is not used (Naveen Mamindlapalli) [Orabug: 36725601] - crypto: octeontx2: add devlink option to set max_rxc_icb_cnt (Srujana Challa) [Orabug: 36725601] - octeontx2-pf: Define new ethtool modes for CN10KB (Hariprasad Kelam) [Orabug: 36725601] - driver: spi: cadence: Add ACPI support (Piyush Malgujar) [Orabug: 36725601] - Octeontx2-pf: Fix error condition for GTP-U/C rule insertion (Suman Ghosh) [Orabug: 36725601] - drivers:spi:cadence-xspi: Switch to polling mode when in panic (Gowthami Thiagarajan) [Orabug: 36725601] - drivers:spi:cadence-xspi: Add low-level changes to support kmsg panic/oops write (Gowthami Thiagarajan) [Orabug: 36725601] - spi: spi-nor: Fix the spi_nor_panic_write (Gowthami Thiagarajan) [Orabug: 36725601] - drivers: mtd: spi-nor: Support kmsg dumper based on pstore/blk (Gowthami Thiagarajan) [Orabug: 36725601] - octeontx2-sdp: add CN10kB for using correct mask (Radha Mohan Chintakuntla) [Orabug: 36725601] - ptm-ep: Add PTM requestor driver (Radha Mohan Chintakuntla) [Orabug: 36725601] - octeontx2-af: mcs: Remove SA stats support (Geetha sowjanya) [Orabug: 36725601] - octeontx2-af: fix CPT ctx flush (Srujana Challa) [Orabug: 36725601] - octeontx2-af: fix issue with spitosa table teardown (Nithin Dabilpuram) [Orabug: 36725601] - scmi: mailbox: Increase message slots (Piyush Malgujar) [Orabug: 36725601] - octeontx2-af: Update minimum receive frame size (Sathesh Edara) [Orabug: 36725601] - watchdog: sbsa_gwdt: Enable the WDOG_STOP_ON_PANIC (George Cherian) [Orabug: 36725601] - drivers: watchdog: Add support for panic notifier callback (George Cherian) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: Poll for timestamp to commit into PTP ring (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-pf: Use 1 TL4 queue per SDP output queue, enable SDP backpressure (Roy Franz) [Orabug: 36725601] - spi: cadence: Clear interrupt status before enabling interrupts (Witold Sadowski) [Orabug: 36725601] - octeontx2-dpi: queue reset of DPI VF during initialization (Sibaranjan Pattnayak) [Orabug: 36725601] - spi: cadence: Add support for xfer operation. (Witold Sadowski) [Orabug: 36725601] - octeontx-bphy-netdev: dev_ioctl: split out ndo_eth_ioctl (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix OTX2_RFOE_IOCTL_RX_IND_CFG in case of CNF10K (Janne Kukkonen) [Orabug: 36725601] - octeontx2-af: consider mode when using cpt base channel for bp (Nithin Dabilpuram) [Orabug: 36725601] - octeontx2-af: update SSO FLR routine (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: Add additional checks to validate user-def field value for GTP-u and GTP-C (Suman Ghosh) [Orabug: 36725601] - octeontx2-dpi: add sysfs for communication from userspace (Sibaranjan Pattnayak) [Orabug: 36725601] - octeontx2-sdp: Fix programming EPF_RINFO (Radha Mohan Chintakuntla) [Orabug: 36725601] - octeontx2-bphy-netdev: debugfs: remove debugfs entries. (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix updating host ptp offset multiple times (Naveen Mamindlapalli) [Orabug: 36725601] - drivers: mmc: sdhci-cadence: Change command delay value (Chandrakala Chavva) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix rfoe ptp clock cleanup (Baha Mesleh) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix issue of using incorrect netdev priv (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: fix link carrier state update for cnf10k (Baha Mesleh) [Orabug: 36725601] - octeontx2-bphy-netdev: Avoid kernel crash when psw jd_ptr is NULL (Mikko Suni) [Orabug: 36725601] - drivers: pci-octeon-pem: Rectify resetting PEM (Ray Asbury) [Orabug: 36725601] - drivers: pci-octeon-pem: Rectify RC link recover work (Suneel Garapati) [Orabug: 36725601] - drivers: pci: octeon-pem: Fix hardware issue (Suneel Garapati) [Orabug: 36725601] - drivers: pci: octeon-pem: Check on MSI-X vector count (Suneel Garapati) [Orabug: 36725601] - drivers: pci: controller: Add Octeon PEM driver (Suneel Garapati) [Orabug: 36725601] - drivers: pci: probe: Add fixup for Marvell PCIeRC bridge (Suneel Garapati) [Orabug: 36725601] - PCI: marvell-cnxk-ep: rename driver macro name string (Radha Mohan Chintakuntla) [Orabug: 36725601] - watchdog: sbsa_wdog: Make sure to program a larger timeout value (George Cherian) [Orabug: 36725601] - soc: marvell: hw_access: add dependency OCTEONTX2_AF (Jia Ma) [Orabug: 36725601] - octeontx2-af: debugfs: fix undefined SSO register access (Shijith Thotton) [Orabug: 36725601] - octeontx2-af: fix inline inbound IPsec configuration (Srujana Challa) [Orabug: 36725601] - octeontx2-bphy: Generate PPS OUT on PHC PTP_CLK_REQ_PEROUT (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: update TIM adjust GTI errata silicons (Shijith Thotton) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix ioctl OTX2_CPRI_IOCTL_LINK_EVENT cpri context (Janne Kukkonen) [Orabug: 36725601] - driver: edac: octeontx: Add revision check for new pass of the chip (Chandrakala Chavva) [Orabug: 36725601] - drivers: spi: cadence: Fix clock operations (Witold Sadowski) [Orabug: 36725601] - octeontx2-bphy-netdev: Remove ptp list processing (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-bphy-netdev: Use two send queues for cnf10k (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-bphy-netdev: Use separate xmit function for PTP (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-bphy-netdev: Simplify job submission to hardware (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-bphy-netdev: Simplify error checks and updating stats (Subbaraya Sundeep) [Orabug: 36725601] - drivers: soc: Removed Below Warning message for generic header file on CN8XX platform. (sdonelli) [Orabug: 36725601] - octeontx2-dpi: configure writing DMA result to an offset of the event (Sibaranjan Pattnayak) [Orabug: 36725601] - PCI: add misc character device for BAR4 mem access (Satananda Burla) [Orabug: 36725601] - cacheinfo: Expose the code to generate a cache-id from a device_node (James Morse) [Orabug: 36725601] - cacheinfo: Set cache 'id' based on DT data (Rob Herring) [Orabug: 36725601] - cacheinfo: Allow for >32-bit cache 'id' (Rob Herring) [Orabug: 36725601] - drivers: base: cacheinfo: Add helper to find the cache size from cpu+level (James Morse) [Orabug: 36725601] - drivers: base: cacheinfo: Check per_cpu_cacheinfo() is allocated (James Morse) [Orabug: 36725601] - ACPI / PPTT: Add a helper to fill a cpumask from a cache_id (James Morse) [Orabug: 36725601] - ACPI / PPTT: Add a helper to fill a cpumask from a processor container (James Morse) [Orabug: 36725601] - ACPI / PPTT: Find PPTT cache level by ID (James Morse) [Orabug: 36725601] - ACPI / irq: Add acpi_register_partitioned_percpu_gsi() (James Morse) [Orabug: 36725601] - irqchip/gic-v3: select and translate the partition domain (James Morse) [Orabug: 36725601] - irqchip/gic-v3: Build PPI partitions on ACPI systems (James Morse) [Orabug: 36725601] - irqchip/gic-v3: Print DT partitions in the same way as APCI (James Morse) [Orabug: 36725601] - ACPI / PPTT: Add a helper to build a cpumask from a cpu_node (James Morse) [Orabug: 36725601] - ACPI / PPTT: Provide a helper to walk processor containers (James Morse) [Orabug: 36725601] - irqchip/gic, gic-v3: Translate fwspec for DT and ACPI systems in the same way (James Morse) [Orabug: 36725601] - ACPI / irq: Allow a compile-time arg0 for acpi_register_gsi()'s fwspec (James Morse) [Orabug: 36725601] - irqchip/gic: Collect GIC_IRQ_TYPE definitions into one place (James Morse) [Orabug: 36725601] - irqchip/gic-v3: Move partition_create_desc() work to a helper (James Morse) [Orabug: 36725601] - Documentation/admin-guide/acpi: Move information out of shell script comments (James Morse) [Orabug: 36725601] - arm64: Add workaround for Cavium erratum 36890 (Andrew Pinski) [Orabug: 36725601] - octeontx2-pf: Fix coverity issues (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-af: Add NPC support to filter GTP-U and GTP-C packets based on TEID (Suman Ghosh) [Orabug: 36725601] - PCI: controller: Add Marvell OcteonTx2 PCIe Endpoint driver (Radha Mohan Chintakuntla) [Orabug: 36725601] - soc: octeontx2-dpi: Add DPI DMA PF driver (Radha Mohan Chintakuntla) [Orabug: 36725601] - soc: octeontx2-sdp: Add CN10K SDP support (Radha Mohan Chintakuntla) [Orabug: 36725601] - soc: octeontx2-sdp: Fix SDP output backpressure (Radha Mohan Chintakuntla) [Orabug: 36725601] - soc: octeontx2-sdp: add multi-PF support in SDP (Radha Mohan Chintakuntla) [Orabug: 36725601] - soc: octeontx2-sdp: setup the SDP channel configuration (Radha Mohan Chintakuntla) [Orabug: 36725601] - soc: octeontx2-sdp: Add FLR handling support (Radha Mohan Chintakuntla) [Orabug: 36725601] - soc: octeontx2-sdp: Add mailbox support (Radha Mohan Chintakuntla) [Orabug: 36725601] - soc: octeontx2-sdp: Add SDP PF driver support (Radha Mohan Chintakuntla) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: Enable FORCE_COND_CLK_EN only for applicable chips. (Rakesh Babu Saladi) [Orabug: 36725601] - drivers: soc: marvell: Add PCI console driver (Rick Farrington) [Orabug: 36725601] - firmware: octeontx2: Move AVS reset control to MUB bus (sdonelli) [Orabug: 36725601] - octeontx2-bphy-netdev: fix coverity issues (Naveen Mamindlapalli) [Orabug: 36725601] - KVM: arm64: Extend timer errata-38627 to kvm (Bharat Bhushan) [Orabug: 36725601] - clocksource: Add Marvell Errata-38627 workaround (Bharat Bhushan) [Orabug: 36725601] - EDAC: Octeon: Init SDEI (Vasyl Gomonovych) [Orabug: 36725601] - drives: soc: marvell: Using struct proc_ops instead of file_operations (Piyush Malgujar) [Orabug: 36725601] - drives: soc: marvell: Update octtx_info to display sdk-version (Chandrakala Chavva) [Orabug: 36725601] - drives: soc: marvell: Fix issues reported by static code analysis (Wojciech Bartczak) [Orabug: 36725601] - drives: soc: marvell: update to support to print reset counters (Selvam Venkatachalam) [Orabug: 36725601] - drives: soc: marvell: Remove unnecessary warnings about reset counters (Wojciech Bartczak) [Orabug: 36725601] - drives: soc: marvell: support to print reset counters (Selvam Venkatachalam) [Orabug: 36725601] - drives: soc: marvell: Fixes conversion for BOARD-MAC-ADDRESS-ID-NUM in octeontx_info (Wojciech Bartczak) [Orabug: 36725601] - drives: soc: marvell: Fixes unnecessary logging from octeontx info driver (Wojciech Bartczak) [Orabug: 36725601] - drives: soc: marvell: Fix OcteonTX info driver (Wojciech Bartczak) [Orabug: 36725601] - drives: soc: marvell: Adds MAC addressess overview to board info (Wojciech Bartczak) [Orabug: 36725601] - drives: soc: marvell: Display version information for flash components (Aaron Williams) [Orabug: 36725601] - drives: soc: marvell: publish no of macs in octeontx_info node (Sujeet Baranwal) [Orabug: 36725601] - drives: soc: marvell: Alter ways of mac address parsing (Sujeet Baranwal) [Orabug: 36725601] - drives: soc: marvell: Board info logic reorg (Sujeet Baranwal) [Orabug: 36725601] - drives: soc: marvell: Board information made available (Sujeet Baranwal) [Orabug: 36725601] - octeontx2-pf: disable preemption while using per_cpu pointer (Geetha sowjanya) [Orabug: 36725601] - octeontx2-pf: Dereference only a valid pointer (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-pf: Allow pkts of size morethan MTU to be transmitted (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-pf: Skip dma map and unmap when IOMMU is bypassed (Sunil Goutham) [Orabug: 36725601] - octeontx2-pf: Add missing changes in otx2_ethtool.c (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-sdpvf: Fix PTP options for SDP interfaces (Roy Franz) [Orabug: 36725601] - octeontx2-vf: Add partial ethtool support for SDP VFs (Radha Mohan Chintakuntla) [Orabug: 36725601] - octeontx2-pf: Support to enable EDSA/Higig2 pkts parsing (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-pf: Add ethtool -m option support. (Christina Jacob) [Orabug: 36725601] - octeontx2-pf: Avoid null pointer dereference (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-vf: Export symbol 'otx2_config_serdes_link_state' (Rakesh Babu) [Orabug: 36725601] - octeontx2-pf: devlink param support to modify physical interface links. (Rakesh Babu) [Orabug: 36725601] - octeontx2-pf: Add devlink param to vary rbuf size (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-pf: Add devlink param to vary cqe size (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-pf: Add devlink support to configure TL1 RR_PRIO (Hariprasad Kelam) [Orabug: 36725601] - soc: marvell: otx2: Fix initcall funciton should return an 'int' (Vasyl Gomonovych) [Orabug: 36725601] - soc: marvell: otx2: Fix old kzfree (Vasyl Gomonovych) [Orabug: 36725601] - octeontx2-af: support for custom L2 header (Satheesh Paul A) [Orabug: 36725601] - octeontx2-af: Add mbox to alloc/free BPIDs (Geetha sowjanya) [Orabug: 36725601] - octeontx2-af: Dynamically allocate bpids for CPT and LBK (Geetha sowjanya) [Orabug: 36725601] - octeontx2-af: add programming SDP BPID in cn10k (Radha Mohan Chintakuntla) [Orabug: 36725601] - octeontx2-af: Fix BPID calculation for SDP (Radha Mohan Chintakuntla) [Orabug: 36725601] - crypto: octeontx2: add ctx_val workaround (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2: fix rsa verify (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2: fix dma unmap issue with ahash (Srujana Challa) [Orabug: 36725601] - arm64: Enable Spectre BHB mitigation for Marvell OcteonTx2 cpus (Linu Cherian) [Orabug: 36725601] - mtd: spi-nor: winbond: Update w25q256fw flash memory to use 4B opcodes (Witold Sadowski) [Orabug: 36725601] - mtd: spi-nor: macronix: Add support for mx25um51245g (Witold Sadowski) [Orabug: 36725601] - mailbox: mvl-mhu: update copyright note (Wojciech Zmuda) [Orabug: 36725601] - scmi: mailbox: increase timeout for rx response (Jayanthi Annadurai) [Orabug: 36725601] - clk: control device frequency using sysfs (Wojciech Bartczak) [Orabug: 36725601] - scmi: perf: octtx2: round off OPP frequencies to neaest 100 (Sujeet Baranwal) [Orabug: 36725601] - scmi: mailbox: modifies rx buffer size and timeout for rx response (Wojciech Bartczak) [Orabug: 36725601] - driver: mailbox: Cleanup dead code (Wojciech Bartczak) [Orabug: 36725601] - mailbox: marvell: Initialize interrupts only if there's client for data (Wojciech Bartczak) [Orabug: 36725601] - driver: mailbox: Reject non-configured CPC instances (Wojciech Bartczak) [Orabug: 36725601] - driver: mailbox: Add support for LPI/SPI interrupt configuration in MHU (Wojciech Bartczak) [Orabug: 36725601] - driver: mailbox: Remove superfluous mutex in MHU implementation (Wojciech Bartczak) [Orabug: 36725601] - driver: MHU: Driver adjustment for 10x based octeontx platforms (Wojciech Bartczak) [Orabug: 36725601] - Marvell MHU: Fixes locking mechanism in MHU driver (Wojciech Bartczak) [Orabug: 36725601] - mailbox: add OcteonTX2 MHU mailbox driver (Wojciech Bartczak) [Orabug: 36725601] - soc: marvell: otx2: Enable MSI-X interrupts (Vasyl Gomonovych) [Orabug: 36725601] - soc: marvell: otx2: Add error injection interface (Vasyl Gomonovych) [Orabug: 36725601] - soc: marvell: otx2: Add BERT support for OTX2 (Vasyl Gomonovych) [Orabug: 36725601] - EDAC: Octeon: Add Marvell's OcteonTx2 SoC and CN10KA SoC EDAC driver (Vasyl Gomonovych) [Orabug: 36725601] - mmc: octeontx2: ACPI support added for eMMC driver for T9x. (Piyush Malgujar) [Orabug: 36725601] - mmc: octeontx2: Resolve issues reported by static analysis (Wojciech Bartczak) [Orabug: 36725601] - mmc: octeontx2: Removes static variables in tuning code (Wojciech Bartczak) [Orabug: 36725601] - mmc: octeontx2: Add MMC polling method to support kmsg panic/oops write (Bhaskara Budiredla) [Orabug: 36725601] - mmc: octeontx2: cleanup mmc_oops driver (Bhaskara Budiredla) [Orabug: 36725601] - mmc: octeontx2: Adds CMD tuning for eMMC HS200 mode (Wojciech Bartczak) [Orabug: 36725601] - mmc: octeontx2: Cleans up mmc code and prepare it for HS200 tuning update (Wojciech Bartczak) [Orabug: 36725601] - mmc: octeontx2: Adds device tree entries to control eMMC input timings (Wojciech Bartczak) [Orabug: 36725601] - mmc: octeontx2: Adds a way to dynamically control eMMC bus input timings (Wojciech Bartczak) [Orabug: 36725601] - mmc: octeontx2: Adds new overrides for eMMC bus output timings (Wojciech Bartczak) [Orabug: 36725601] - mmc: octeontx2: Adds mechanism to modify output timings for MMC bus (Wojciech Bartczak) [Orabug: 36725601] - mmc: octeontx2: enables mmc polling for pstore path (Bhaskara Budiredla) [Orabug: 36725601] - mmc: octeontx2: fix handling calibration glitch (Aaron Williams) [Orabug: 36725601] - mmc: octeontx2: Configure flags for T96 pass B0 (Chandrakala Chavva) [Orabug: 36725601] - mmc: octeontx2: Use flags for hardware differences (Aaron Williams) [Orabug: 36725601] - mmc: octeontx2: Fix tuning for T96 C0 (Chandrakala Chavva) [Orabug: 36725601] - mmc: octeontx2: Add tuning support for HS400 mode (Aaron Williams) [Orabug: 36725601] - mmc: octeontx2: speed limit for tx2-c0 (Sujeet Baranwal) [Orabug: 36725601] - mmc: octeontx2: use calibrated timing taps (Peter Swain) [Orabug: 36725601] - mmc: octeontx2: do not drop bus lock in tuning (Peter Swain) [Orabug: 36725601] - mmc: octeontx2: slot switch by vqmmc/gpio (Peter Swain) [Orabug: 36725601] - mmc: octeontx2: reorganize before vqmmc switching (Peter Swain) [Orabug: 36725601] - mmc: octeontx2: cmd and data out values fixture (Sujeet Baranwal) [Orabug: 36725601] - mmc: octeontx2: amend hs400 tuning (Peter Swain) [Orabug: 36725601] - mmc: octeontx2: correct clock divisor (Peter Swain) [Orabug: 36725601] - mmc: octeontx2: fix swiotlb buffer is full (Peter Swain) [Orabug: 36725601] - mmc: octeontx2: avoid single-slot startup issues (Peter Swain) [Orabug: 36725601] - mmc: octeontx2: execute_tuning for octeontx2 (Peter Swain) [Orabug: 36725601] - mmc: octeontx2: track & apply CMD6 bus changes ASAP (Peter Swain) [Orabug: 36725601] - mmc: octeontx2: cn96xx HS200-8wide-100MHz (Peter Swain) [Orabug: 36725601] - mmc: octeontx2: CMD19/21 type correction (Peter Swain) [Orabug: 36725601] - mmc: octeontx2: finish_dma_single() should teardown/unmap (Peter Swain) [Orabug: 36725601] - mmc: octeontx2: use device tree entries (Sujeet Baranwal) [Orabug: 36725601] - mmc: octeontx2: emmc tuning for delay (Sujeet Baranwal) [Orabug: 36725601] - mmc: octeontx2: skip unavailable slots (Peter Swain) [Orabug: 36725601] - mmc: octeontx2: calibrate tap delay (Sujeet Baranwal) [Orabug: 36725601] - mmc: octeontx2: incorporate hw interface io ctl params (Sujeet Baranwal) [Orabug: 36725601] - mmc: octeontx2: interrupt addition for ncb fault (Sujeet Baranwal) [Orabug: 36725601] - mmc: octeontx2: emmc operation limited to 100 MHz (Sujeet Baranwal) [Orabug: 36725601] - mmc: octeontx2: fix shutdown deadlock with active sd-card (Peter Swain) [Orabug: 36725601] - mmc: octeontx2: Configure sample command and data directly (Sujeet Baranwal) [Orabug: 36725601] - mmc: octeontx2: Use proper register to clear interrupts (Chandrakala Chavva) [Orabug: 36725601] - mmc: octeontx2: add check for 8/9xxx chips (Sujeet Baranwal) [Orabug: 36725601] - firmware: octeontx2: sfp-info: Update sfp_info_data (Piyush Malgujar) [Orabug: 36725601] - firmware: octeontx2: sfp-info: check supported platforms first (Damian Eppel) [Orabug: 36725601] - firmware: octeontx2: sfp-info: added support for t9x (Damian Eppel) [Orabug: 36725601] - firmware: octeontx2: sysfs driver for dumping sfp info (Damian Eppel) [Orabug: 36725601] - misc: bphy: disable ctr module on non-BPHY boards (Jakub Palider) [Orabug: 36725601] - misc: bphy: prevent out-of-bound array iteration (Jakub Palider) [Orabug: 36725601] - misc: bphy: Restore static resource allocation (Jakub Palider) [Orabug: 36725601] - misc: bphy: Fix resource release sequence (Jakub Palider) [Orabug: 36725601] - misc: bphy: Add ioctl to get BPHY irqs bitmask (Jakub Palider) [Orabug: 36725601] - misc: bphy: Get max irq number from firmware (Jakub Palider) [Orabug: 36725601] - misc: bphy: Add ioctl to get max irq number (Jakub Palider) [Orabug: 36725601] - drivers: cleanup el3 handler only if parent process exits (Radha Mohan Chintakuntla) [Orabug: 36725601] - misc: otx_bphy_ctr: Add OcteonTx2 BPHY control driver (Radha Mohan Chintakuntla) [Orabug: 36725601] - spi: cadence: Add Marvell IP modification changes (Witold Sadowski) [Orabug: 36725601] - spi: cadence: Add read access size switch (Witold Sadowski) [Orabug: 36725601] - spi: cadence: Change dt-bindings documentation for Cadence XSPI controller (Witold Sadowski) [Orabug: 36725601] - spi: cadence: Add polling mode support (Witold Sadowski) [Orabug: 36725601] - spi: cadence: Change dt-bindings documentation for Cadence XSPI controller (Witold Sadowski) [Orabug: 36725601] - Firmware: mub: Add Marvell Utility Bus. (sdonelli) [Orabug: 36725601] - soc: marvell: PHY diagnostics: minor updates (Srikanth Pidugu) [Orabug: 36725601] - soc: marvell: PHY diagnostics: more debug capabilities (Srikanth Pidugu) [Orabug: 36725601] - soc: marvell: PHY diagnostics: unified SoC check (Damian Eppel) [Orabug: 36725601] - soc: marvell: PHY diagnostics: page access support (Damian Eppel) [Orabug: 36725601] - soc: marvell: PHY diagnostics: driver update (Damian Eppel) [Orabug: 36725601] - soc: marvell: PHY diagnostics debugfs driver (Damian Eppel) [Orabug: 36725601] - soc: marvell: mvmdio_uio: paged access support (Damian Eppel) [Orabug: 36725601] - soc: marvell: mvmdio_uio: lock on accessing mdio bus (Damian Eppel) [Orabug: 36725601] - soc: marvell: MDIO uio driver (Damian Eppel) [Orabug: 36725601] - octeontx2-bphy-netdev: use ioremap() instead of ioremap_nocache (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: update ethtool drop stats when mbt erros are set (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: debugfs: Added FEC stats in debugfs. (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: update ethtool drop stats (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Add new secondary BCN offset for slave (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: enable skb list processing for delay_request. (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: Add new fields in ethtool stats (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: Set external_clock_rate for all RFOE interfaces. (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev:cnf10k: Share RFOE PTP offset with host (Roy Franz) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: Avoid ptp skb list processing in 1-step mode (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: update drop stats when psw errors are set (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: check psm queue space for ptp queue (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: Use atomic update feature to update PTP clock (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: Enable force_cond_clk_en bit (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: Recalculate UDP checksum. (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix updating rx byte stats (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: debugfs: new entry to dump RPM stats (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: debugfs: new entry to dump timestamp ring (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: debugfs: new entry to dump jdt ring (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: debugfs: Add new debugfs root entry (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: fix for PTP BCN delta (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: Use PTP ring tail index to read timestamp (Baha Mesleh) [Orabug: 36725601] - octeontx2-bphy-netdev: PTP 1-step improvements (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev:: Share RFOE PTP offset with host (Roy Franz) [Orabug: 36725601] - octeontx2-bphy-netdev: PTP BCN synchronization support for CNF10k platforms. (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: Add cnf10k rfoe debugfs (Baha Mesleh) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf105xxn: fix ptp timestamp in master mode (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: convert MIO_PTP_TIMESTAMP value to nsecs (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix updating JD pkt length and blocksize (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix improper names used for IRQs. (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: IOCTL to read input clock parameters. (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix cnf10k link state set (Baha Mesleh) [Orabug: 36725601] - otx2-bphy-netdev: synchronize BCN to PTP slave clock. (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: stop pkt transmission when psm queue is disabled (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf95n: fix ptp timestamp in master mode (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: fix compilation warning (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: use platform_get_irq_optional for PSM GPINT2 (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: Fix incorrect PTP clock frequency. (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf95n: ptp: use 950MHz clock for ptp slave (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf95n: ptp: Fix ptp clock counter read (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix ethtool stats string order (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf95n: add PTP slave support. (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: Fix ptp hardware clock counter conversion (Naveen Mamindlapalli) [Orabug: 36725601] - cnf10k-rfoe: skb shinfo falls on a different cacheline, avoid reading it (Sunil Goutham) [Orabug: 36725601] - cnf10k-rfoe: Adjust structure elements to reduce cache misses (Sunil Goutham) [Orabug: 36725601] - cnf10k-rfoe: Avoid costly iova_to_virt of packet dma address in xmit (Sunil Goutham) [Orabug: 36725601] - cnf10k-rfoe: Cleanup packet stats maintenance (Sunil Goutham) [Orabug: 36725601] - cnf10k-rfoe: Optimize packet length retrieval for non-ecpri packets (Sunil Goutham) [Orabug: 36725601] - cnf10k-rfoe: Remove duplicate error checking (Sunil Goutham) [Orabug: 36725601] - octeontx2-bphy-netdev: use sw timecounter for ptp phc (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: Add PTP 2S legacy mode support. (Rakesh Babu Saladi) [Orabug: 36725601] - oceontx2-bphy-netdev: cnf10k: Fix 1S sync timestamp fields. (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: re-enable cpri gpint when interface is stopped (Baha Mesleh) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix cpri interrupt handling (Baha Mesleh) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10kb: 1-step PTP support for CNF10KB. (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: cpri: Add missing ethtool stats (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: Fix CNF10K_CPRIX_ETH_UL_INT clearing (Janne Kukkonen) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: Modify PTP timestamp format. (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix cnf10k ecpri rx packet issue (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10kb: Add PTP slave support for CNF10KB. (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: add cpri netdev support (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: add prefix for cnf10k registers (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: move duplicate code to common headers (Naveen Mamindlapalli) [Orabug: 36725601] - cnf10k-rfoe: Prepend 8-byte PTP header to packets in PTP queue. (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf95: add jumbo frame support (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: 1-step PTP and slave support. (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: rfoe netdev cleanup (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: convert psw ptp timestamp to cpu byte order (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: fix missing ioctls on CNF10K (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: move common ptp structures to rfoe_common.h (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy: Fix issues reported by static analysis. (Rakesh Babu Saladi) [Orabug: 36725601] - cnf10k: rfoe: add jumbo frame support to cnf10k (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: rfoe: fix ptp4l bad message issue (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy: Add PTP slave and external PTP input clock support in RFOE PHC driver. (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: fix tx ptp ring entry format change (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix cpri rx packet handling (Baha Mesleh) [Orabug: 36725601] - octeontx2-bphy-netdev: ptp: Fix ptp timestamp reading across lmacs (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: Fix incorrect ptp tstamp entry size (Naveen Mamindlapalli) [Orabug: 36725601] - otx2-bphy-netdev: cnf10kb: add support for psm gpint2 interrupt (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: fix possibility of processing the mbt multiple times (Baha Mesleh) [Orabug: 36725601] - octeontx2-bphy-netdev: fix link carrier state update (Baha Mesleh) [Orabug: 36725601] - octeontx2-bphy-netdev: limit cpri error logging rate (Baha Mesleh) [Orabug: 36725601] - otx2-bphy-netdev: cn10k: fix NULL pointer dereference (Naveen Mamindlapalli) [Orabug: 36725601] - otx2-bphy-netdev: fix offset of cn10k registers (Naveen Mamindlapalli) [Orabug: 36725601] - otx2-bphy-netdev: remove unwanted debug message (Naveen Mamindlapalli) [Orabug: 36725601] - otx2-bphy-netdev: added cnf10k bphy netdev functionality (Naveen Mamindlapalli) [Orabug: 36725601] - otx2-bphy-netdev: separate bphy common code into separate files (Naveen Mamindlapalli) [Orabug: 36725601] - otx2-bphy-netdev: disable cpri code when cpri hw is not present (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: add debugfs support (Baha Mesleh) [Orabug: 36725601] - octeontx2-bphy-netdev: don't process a packet when psw indicates error (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: cpri: fix compilation warnings (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Add rfoe rx vlan forwarding configuration (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: avoid multiple kfree of common lmac objects (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix common lmac resource free (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: fix cleanup sequence in char device release (Baha Mesleh) [Orabug: 36725601] - octeontx2-bphy-netdev: remove unnecessary check when setting INTF_DOWN flag (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Add timeout to ptp transmit timestamp polling (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix napi schedule issue when intf is down (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix ptp tx processing race condition (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Added RFOE LMAC stats to ethtool (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Add PTP hardware clock support to rfoe interfaces (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix list_entry usage in the code (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Added ioctl to set low level link state (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix ptp pending skb list processing (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix kernel crash with ioctl trying to add timer (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Set minimum length of Tx packets to 64 bytes (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Enable accessing RFOE_RX_IND regs before odp netdev init (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Enable MSIXEN bit in IOCTL handler (Naveen Mamindlapalli) [Orabug: 36725601] - otx2-bphy-netdev: Add support for registering both rfoe and cpri netdev intf (Naveen Mamindlapalli) [Orabug: 36725601] - otx2-bphy-netdev: Add support for configurable PTP clock rate (Naveen Mamindlapalli) [Orabug: 36725601] - octeonx2-bphy-netdev: Add support for switching mode from RFOE to CPRI (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Add support for CPRI Ethernet packet processing (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: segregate chardev specific code (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix NULL pointer dereference (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Enable MSIXEN bit in MSIX CAP HDR (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Added PTP BCN offset algorithm (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Added ioctl to access RFOE_RX_IND registers (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Added support for configurable packet types (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: netdev cleanup in char dev close (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: fix napi scheduling issue when interface is down (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: added full packet dump of mbt buffer (Naveen Mamindlapalli) [Orabug: 36725601] - OcteonTX2 BPHY RFOE netdev driver initial version (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-af: extend context reading capability (Harman Kalra) [Orabug: 36725601] - soc: marvell: hw_access: add mapping for mcs registers (Ankur Dwivedi) [Orabug: 36725601] - soc: marvell: hw-access: register access via debugfs (Sumit Gaur) [Orabug: 36725601] - soc: marvell: hw_access: fix pci resource leak (Harman Kalra) [Orabug: 36725601] - soc: marvell: hw_access: fix csr mapping range (Harman Kalra) [Orabug: 36725601] - soc: marvell: hw_access: Extend available ranges (Jakub Palider) [Orabug: 36725601] - soc: marvell: hw_access: add support to read aura/pool context (Ashwin Sekhar T K) [Orabug: 36725601] - soc: marvell: hw_access: get cgx info (Harman Kalra) [Orabug: 36725601] - soc: marvell: hw_access: add hw context reading support (Harman Kalra) [Orabug: 36725601] - soc: marvell: hw_access: cleaning up existing hw access driver (Harman Kalra) [Orabug: 36725601] - soc: marvell: hw_access: renaming to hw access driver (Harman Kalra) [Orabug: 36725601] - soc: marvell: Driver to access and modify device CSRs. (Rakesh Babu) [Orabug: 36725601] - drivers: soc: fwlog: use max_t instead of max (Pragnesh Patel) [Orabug: 36725601] - fwlog: fix invalid pointers and copy size in wraparound case (Aaro Koskinen) [Orabug: 36725601] - drivers: soc: fwlog: fix mapped size (Pragnesh Patel) [Orabug: 36725601] - drivers: soc: fwlog: Add firmware bootlog support (Pragnesh Patel) [Orabug: 36725601] - drivers: mmc: sdhci-cadence: Interrupt handling workaround (Jayanthi Annadurai) [Orabug: 36725601] - drivers: soc: Adds common Marvell OcteonTX header for SMC calls (sdonelli) [Orabug: 36725601] - octeontx2-af: Update HW workarounds for 96xx C0, 98xx and F95xx B0 chips (Geetha sowjanya) [Orabug: 36725601] - octeontx2-af: add TIM adjust GTI errata workaround (Shijith Thotton) [Orabug: 36725601] - octeontx2-af: cn10k: devlink params to configure TIM (Shijith Thotton) [Orabug: 36725601] - octeontx2-af: add support for changing vlan tpid (Nithin Dabilpuram) [Orabug: 36725601] - octeontx2-af: rvu: enable mcs fips mailboxes (Ankur Dwivedi) [Orabug: 36725601] - octeontx2-af: Check the msix offset return value (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-af: NDC sync op af mbox support (Nithin Dabilpuram) [Orabug: 36725601] - octeontx2-af: Move QMEM allocations from GFP_KERNEL to ATOMIC (Sunil Goutham) [Orabug: 36725601] - octeontx2-af: sync kernel structures with firmware (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: mcs: Add missing stats (Geetha sowjanya) [Orabug: 36725601] - octeontx2-af: mcs: add mailboxes for fips (Ankur Dwivedi) [Orabug: 36725601] - octeontx2-af: convert dev_dbg to tracepoint in mbox (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-af: Introducing REE block for 98xx (Smadar Fuks) [Orabug: 36725601] - octeontx2-af: Add support for SPI to SA index translation (Kiran Kumar K) [Orabug: 36725601] - drivers: sdhci: Add option to configure sdhci timeout (Jayanthi Annadurai) [Orabug: 36725601] - mmc: sdhci-cadence: Add debug option for SD6 controller (Jayanthi Annadurai) [Orabug: 36725601] - dt-bindings: mmc: sdhci-cadence: SD6 support (Jayanthi Annadurai) [Orabug: 36725601] - mmc: sdhci-cadence: enable MMC_SDHCI_IO_ACCESSORS support (Jayanthi Annadurai) [Orabug: 36725601] - mmc: sdhci-cadence: SD6 controller support (Dhananjay Kangude) [Orabug: 36725601] - mmc: sdhci-cadence: Restructure the code (Dhananjay Kangude) [Orabug: 36725601] - mmc: sdhci-cadence: Rename functions/structures to SD4 specific (Dhananjay Kangude) [Orabug: 36725601] - drivers: gpio: thunderx: Change GPIO level interrupt handler to handle_level_irq (Piyush Malgujar) [Orabug: 36725601] - drivers: gpio: thunderx: extend PIN_SEL to cover cn96xx (Piyush Malgujar) [Orabug: 36725601] - drivers: gpio: thunderx: Configure pin function at probe (Piyush Malgujar) [Orabug: 36725601] - drivers: gpio: thunderx: avoid potential deadlock (Piyush Malgujar) [Orabug: 36725601] - drivers: spi: octeontx2: ACPI support for SPI driver (Piyush Malgujar) [Orabug: 36725601] - drivers: spi: octeontx2: Resolve issues detected in static code analysis (Piyush Malgujar) [Orabug: 36725601] - drivers: spi: octeontx2: Add fix for hw issue (Piyush Malgujar) [Orabug: 36725601] - drivers: spi: octeontx2: use read after write for MPI_CFG (Piyush Malgujar) [Orabug: 36725601] - drivers: spi: octeontx2: set tritx in config register (Piyush Malgujar) [Orabug: 36725601] - drivers: spi: octeontx2: Support for octeontx2 spi controller (Piyush Malgujar) [Orabug: 36725601] - octeontx2-pf: Add support for creating netdev interfaces for SDP VFs (Radha Mohan Chintakuntla) [Orabug: 36725601] - octeontx2-af: add support for CPT second pass (Rakesh Kudurumalla) [Orabug: 36725601] - octeontx2-af: support overriding aura to zero for second pass (Nithin Dabilpuram) [Orabug: 36725601] - crypto: octeontx2: add support for ECDH (Srujana Challa) [Orabug: 36725601] - octeontx2-pf: notify VF about ptp event (Harman Kalra) [Orabug: 36725601] - octeontx2-af: Sending tsc value to the userspace (Harman Kalra) [Orabug: 36725601] - octeontx2-af: extend npa context reading capability (Ashwin Sekhar T K) [Orabug: 36725601] - octeontx2-af: allow second pass pkts via default ucast entry (Nithin Dabilpuram) [Orabug: 36725601] - octeontx2-af: suppress kpu profile loading warning (Harman Kalra) [Orabug: 36725601] - octeontx2-af: use cpt channel mask in flow install path (Nithin Dabilpuram) [Orabug: 36725601] - octeontx2-af: fix arguments passed to XAQ aura deinit (Shijith Thotton) [Orabug: 36725601] - octeontx2-af: Support for FDSA tag (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Code placement for cgx.c (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Gracefully skip the cgx_probe for unmapped devices. (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: link mode mapping (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: cn10k: Limit number of CGX blocks (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: rvu_cgx code placement (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Support for PTP notification to PF (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Add programmed macaddr to RVU pfvf (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Show count of dropped packets by DMAC filters (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Skip CGX probe if not connected to NIX (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: RPM extend csr address for T105N (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: cn10k: new Interface modes support (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Do not allow VFs to overwrite PKIND config (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Put CGX LMAC also in Higig2 mode (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Add new CGX_CMDs to set and get PHY modulation type (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Handle physical link state change requests (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: update address of global CGX RX_STATS (Hariprasad Kelam) [Orabug: 36725601] - crypto: octeontx: enable driver (Harman Kalra) [Orabug: 36725601] - crypto: octeontx-83: enable crypto device in domain (Harman Kalra) [Orabug: 36725601] - arm64: Add support for ASID locking (Alex Belits) [Orabug: 36725601] - kernel/exit.c: Add task cleanup callbacks (Alex Belits) [Orabug: 36725601] - PCI: octeontx-83: add new quirks (Harman Kalra) [Orabug: 36725601] - octeontx2-af: add new mbox to support sync cycle on rx path (Satha Rao) [Orabug: 36725601] - octeontx2-af: add mbox to enable or disable BP on CPT link (Nithin Dabilpuram) [Orabug: 36725601] - octeontx2-af: fix LBK backpressure config (Nithin Dabilpuram) [Orabug: 36725601] - octeontx2-af: set default min and max rx len for CPT link (Nithin Dabilpuram) [Orabug: 36725601] - crypto: octeontx2: add support for CPT1 in VF driver (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2: add support for rsa sign and verify (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2: add support for gcm(aes) (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2: add support for akcipher rsa (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2: add support for hash algorithms (Srujana Challa) [Orabug: 36725601] - octeontx2-af: TIM: Set conditional clock always on (Geetha sowjanya) [Orabug: 36725601] - octeontx2-af: Apply relevant HW issue workarounds for 96xx B0 silicon (Sunil Goutham) [Orabug: 36725601] - octeontx2-af: add NIX mbox message to get HW info (Shijith Thotton) [Orabug: 36725601] - octeontx2-af: sync changes missed from tim (Shijith Thotton) [Orabug: 36725601] - octeontx2-af: ignore sso lf count when checking pffunc validity (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: fix TIM disable lf sequence (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: use clock source to compute start cycle (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: reduce TIM TENNS clock source interval (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: cn10k: fix incorrect TIM interval array size (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: cn10k: update clock source offset (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: cn10k: track timer ring intervals (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: Setup edge used for GPIO timing (Michal Mazur) [Orabug: 36725601] - octeontx2-af: fix TIM slot to lf lookup (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: add TIM LF teardown (Stanislaw Kardach) [Orabug: 36725601] - octeontx2-af: fix TIM block address usage (Stanislaw Kardach) [Orabug: 36725601] - octeontx2-af: update TIM 10ns clk source min interval (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: Verify NPA/SSO/NIX PF_FUNC mapping (Sunil Goutham) [Orabug: 36725601] - octeontx2-af: add workaround for TIM reverse lookup (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: Add TIM unit support. (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: sync changes missed from sso (Shijith Thotton) [Orabug: 36725601] - octeontx2-af: serialize bar2 alias access (Srujana Challa) [Orabug: 36725601] - octeontx2-af: add read back of AF_BAR2_SEL register (Srujana Challa) [Orabug: 36725601] - octeontx2-af: add support for SSO WQE stashing (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: add SSO XAQ AURA access errata workaround (Shijith Thotton) [Orabug: 36725601] - octeontx2-af: timeout while draining SSO queues (Shijith Thotton) [Orabug: 36725601] - octeontx2-af: cycle through SSO queues to drain work (Shijith Thotton) [Orabug: 36725601] - octeontx2-af: use SSO HWS AF invalidate instead of LF invalidate (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: fix atomic load on NPA LF registers (Harman Kalra) [Orabug: 36725601] - octeontx2-af: drain XAQ buffers before lf teardown (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: fix implitit variable array (Stanislaw Kardach) [Orabug: 36725601] - octeontx2-af: add intradevice FLR handling (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: add additional description to irqs (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: add ratelimit to limit the asynchronous err messages (Shijith Thotton) [Orabug: 36725601] - octeontx2-af: add debugfs support for sso (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: remove support to limit xaq depth (Shijith Thotton) [Orabug: 36725601] - octeontx2-af: allow lower threshold in sso group qos mbox (Shijith Thotton) [Orabug: 36725601] - octeontx2-af: update SSO HWS invalidate mbox definition (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: add mbox to configure SSO group mask (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: enable SSO work interrupt periodic counter (Nithin Dabilpuram) [Orabug: 36725601] - octeontx2-af: invalidate GWC before accessing workslot (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: cn10k: enable getwork prefetching (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: ratelimit digest prints (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: add mbox to configure SSO LSW (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: fixes for SSO FLR (Shijith Thotton) [Orabug: 36725601] - octeontx2-af: enhance SSO FLR for CN10K (Shijith Thotton) [Orabug: 36725601] - octeontx2-af: add SSO mbox message to release XAQ aura (Shijith Thotton) [Orabug: 36725601] - octeontx2-af: reset HWS group mask during FLR (Michal Mazur) [Orabug: 36725601] - octeontx2-af: Fix reading SSOW_LF_GWS_TAG after rvu_poll_reg() (Radha Mohan Chintakuntla) [Orabug: 36725601] - octeontx2-af: Make SSO/SSOW LF teardown less CPU intensive (Radha Mohan Chintakuntla) [Orabug: 36725601] - octeontx2-af: add sso error af interrupt handlers (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: fix rvu_sso_ggrp_taq_flush (Angela Czubak) [Orabug: 36725601] - octeontx2-af: drain xaq before reconfiguring aura (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: restore sso hwgrp default thresholds (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: manually dain partially consumed TAQ buffers (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: update SSO HWGRP teardown sequence (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: update SSO GWS teardown sequence (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: add mbox to get SSO GWS/GGRP stats (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: add mbox to configure thresholds per HWGRP (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: Add SSO unit support to the AF driver (Radha Mohan Chintakuntla) [Orabug: 36725601] - irqchip/gicv3-its: Workaround for Marvell errata 35443 for 9xx (Geetha sowjanya) [Orabug: 36725601] - irqchip/gic-v3: Extend workaround for interrupt loss on IPI (Linu Cherian) [Orabug: 36725601] - irqchip/gic-v3: Add workaround for interrupt loss on IPI (Linu Cherian) [Orabug: 36725601] - iommu/arm-smmu-v3: Force 32 byte command queue memory reads (Linu Cherian) [Orabug: 36725601] - octeontx2-pf: Add ucast filter count configurability via devlink. (Sai Krishna) [Orabug: 36725601] - devlink: add documentation for octeontx2 driver (Subbaraya Sundeep) [Orabug: 36725601] - crypto: ecc - Move ecc.h to include/crypto/internal (Daniele Alessandrelli) [Orabug: 36725601] - arm64: cpufeature: Add missing .field_width for GIC system registers (Mark Brown) [Orabug: 36725601] - octeontx2-af: Fix devlink params (Sunil Goutham) [Orabug: 36725601] - octeontx2-af: fix the double free in rvu_npc_freemem() (Su Hui) [Orabug: 36725601] - octeontx2-af: Fix multicast/mirror group lock/unlock issue (Suman Ghosh) [Orabug: 36725601] - net: flower: fix stack-out-of-bounds in fl_set_key_cfm() (Eric Dumazet) [Orabug: 36725601] - Watchdog: marvell_gti_wdt: Remove redundant dev_err_probe() for platform_get_irq() (Jinjie Ruan) [Orabug: 36725601] - watchdog: marvell_gti_wdt: Fix error code in probe() (Dan Carpenter) [Orabug: 36725601] - crypto: octeontx2 - add missing check for dma_map_single (Chen Ni) [Orabug: 36725601] - i2c: xgene-slimpro: Fix wrong pointer passed to PTR_ERR() (Wei Yongjun) [Orabug: 36725601] - octeontx2-af: Initialize 'cntr_val' to fix uninitialized symbol error (Suman Ghosh) [Orabug: 36725601] - octeontx2-pf: Fix transmit scheduler resource leak (Hariprasad Kelam) [Orabug: 36725601] - Octeontx2-pf: Free send queue buffers incase of leaf to inner (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-pf: fix FLOW_DIS_IS_FRAGMENT implementation (Asbjorn Sloth Tonnesen) [Orabug: 36725601] - crypto: octeontx2 - select CONFIG_NET_DEVLINK (Shijith Thotton) [Orabug: 36725601] - perf/smmuv3: Fix unused variable warning when CONFIG_OF=n (Will Deacon) [Orabug: 36725601] - net: octeontx2-pf: mcs: consider MACSEC setting (Randy Dunlap) [Orabug: 36725601] - octeontx2-pf: mcs: Fix NULL pointer dereferences (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-pf: mcs: Clear stats before freeing resource (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-pf: mcs: Do not reset PN while updating secy (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-pf: mcs: update PN only when update_pn is true (Radu Pirea (NXP OSS)) [Orabug: 36725601] - octeontx2-pf: Fix pfc_alloc_status array overflow (Suman Ghosh) [Orabug: 36725601] - octeontx2-pf: Fix linking objects into multiple modules (Geetha sowjanya) [Orabug: 36725601] - octeontx2-pf: Do xdp_do_flush() after redirects. (Sebastian Andrzej Siewior) [Orabug: 36725601] - crypto: ecc - Export additional helper functions (Daniele Alessandrelli) [Orabug: 36725601] - arm64: cpufeature: Always specify and use a field width for capabilities (Mark Brown) [Orabug: 36725601] - octeontx2-pf: TC flower offload support for mirror (Suman Ghosh) [Orabug: 36725601] - octeontx2-pf: Add TC flower offload support for TCP flags (Sai Krishna) [Orabug: 36725601] - octeontx2-pf: TC flower offload support for ICMP type and code (Geetha sowjanya) [Orabug: 36725601] - octeontx2-pf: Tc flower offload support for MPLS (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Harden rule validation. (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-pf: TC flower offload support for SPI field (Ratheesh Kannoth) [Orabug: 36725601] - net: flow_dissector: Add IPSEC dissector (Ratheesh Kannoth) [Orabug: 36725601] - net: flow_dissector: add support for cfm packets (Zahari Doychev) [Orabug: 36725601] - flow_dissector: Add support for HSRv0 (Kurt Kanzenbach) [Orabug: 36725601] - flow_dissector: Add support for HSR (Kurt Kanzenbach) [Orabug: 36725601] - octeontx2-af: Initialize maps. (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-af: Fix a double free issue (Suman Ghosh) [Orabug: 36725601] - Octeontx2-af: Fix an issue in firmware shared data reserved space (Hariprasad Kelam) [Orabug: 36725601] - Octeontx2-af: Fetch MAC channel info from firmware (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-pf: Send UP messages to VF only when VF is up. (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-af: CN10KB: Fix FIFO length calculation for RPM2 (Nithin Dabilpuram) [Orabug: 36725601] - crypto: octeontx2 - By default allocate one CPT LF per CPT VF (Bharat Bhushan) [Orabug: 36725601] - octeontx2-af: Fix pause frame configuration (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Add new devlink param to configure maximum usable NIX block LFs (Suman Ghosh) [Orabug: 36725601] - drivers: watchdog: marvell_gti: fix zero pretimeout handling (Bharat Bhushan) [Orabug: 36725601] - octeontx2-pf: Add support for offload tc with skbedit mark action (Geetha sowjanya) [Orabug: 36725601] - octeontx2-pf: Use default max_active works instead of one (Subbaraya Sundeep) [Orabug: 36725601] - net: octeontx2: Use alloc_ordered_workqueue() to create ordered workqueues (Tejun Heo) [Orabug: 36725601] - octeontx2-pf: Wait till detach_resources msg is complete (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-af: Add new mbox to support multicast/mirror offload (Suman Ghosh) [Orabug: 36725601] - octeontx2-pf: Fix page pool frag allocation warning (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-af: update type of prof fields in nix_aw_enq_req (Simon Horman) [Orabug: 36725601] - octeontx2-pf: Fix page pool cache index corruption. (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-pf: fix page_pool creation fail for rings > 32k (Ratheesh Kannoth) [Orabug: 36725601] - tc: flower: Enable offload support IPSEC SPI field. (Ratheesh Kannoth) [Orabug: 36725601] - tc: flower: support for SPI (Ratheesh Kannoth) [Orabug: 36725601] - net: flower: add support for matching cfm fields (Zahari Doychev) [Orabug: 36725601] - net/sched: flower: Helper function for vlan ethtype checks (Boris Sukholitko) [Orabug: 36725601] - net/sched: flower: Allow matching on layer 2 miss (Ido Schimmel) [Orabug: 36725601] - net/sched: flower: Add L2TPv3 filter (Wojciech Drewek) [Orabug: 36725601] - net/sched: flower: Add PPPoE filter (Wojciech Drewek) [Orabug: 36725601] - net/sched: flower: Add number of vlan tags filter (Boris Sukholitko) [Orabug: 36725601] - octeontx2-af: Move validation of ptp pointer before its usage (Sai Krishna) [Orabug: 36725601] - octeontx2-af: CN10KB: fix PFC configuration (Hariprasad Kelam) [Orabug: 36725601] - drivers: watchdog: marvell_gti: Program the max_hw_heartbeat_ms (George Cherian) [Orabug: 36725601] - octeontx2-pf: mcs: Generate hash key using ecb(aes) (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-af: Promisc enable/disable through mbox (Ratheesh Kannoth) [Orabug: 36725601] - crypto: octeontx2 - support setting ctx ilen for inline CPT LF (Nithin Dabilpuram) [Orabug: 36725601] - octeontx2-pf: Fix graceful exit during PFC configuration failure (Suman Ghosh) [Orabug: 36725601] - cteonxt2-pf: Fix backpressure config for multiple PFC priorities to work simultaneously (Suman Ghosh) [Orabug: 36725601] - octeontx2-pf: TC flower offload support for rxqueue mapping (Ratheesh Kannoth) [Orabug: 36725601] - act_skbedit: skbedit queue mapping for receive queue (Amritha Nambiar) [Orabug: 36725601] - net/sched: act_skbedit: Add extack messages for offload failure (Ido Schimmel) [Orabug: 36725601] - octeontx2-af: TC flower offload support for inner VLAN (Suman Ghosh) [Orabug: 36725601] - octeontx2-af: Code restructure to handle TC outer VLAN offload (Suman Ghosh) [Orabug: 36725601] - dt-bindings: watchdog: marvell GTI system watchdog driver (Bharat Bhushan) [Orabug: 36725601] - octeontx2-pf: Add support for page pool (Ratheesh Kannoth) [Orabug: 36725601] - Watchdog: Add marvell GTI watchdog driver (Bharat Bhushan) [Orabug: 36725601] - octeontx2-af: Fix promiscuous mode (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-af: Remove the PF_FUNC validation for NPC transmit rules (Subbaraya Sundeep) [Orabug: 36725601] - crypto: octeontx2 - add devlink option to set t106 mode (Srujana Challa) [Orabug: 36725601] - ptp: idt82p33: remove PEROUT_ENABLE_OUTPUT_MASK (Min Li) [Orabug: 36725601] - ptp: idt82p33: Add PTP_CLK_REQ_EXTTS support (Min Li) [Orabug: 36725601] - ptp: ptp_clockmatrix: return -EBUSY if phase pull-in is in progress (Min Li) [Orabug: 36725601] - ptp: ptp_clockmatrix: fix is_single_shot (Min Li) [Orabug: 36725601] - ptp: ptp_clockmatrix: Add PTP_CLK_REQ_EXTTS support (Min Li) [Orabug: 36725601] - ptp: idt82p33: use rsmu driver to access i2c/spi bus (Min Li) [Orabug: 36725601] - ptp: ptp_clockmatrix: repair non-kernel-doc comment (Randy Dunlap) [Orabug: 36725601] - ptp: clockmatrix: use rsmu driver to access i2c/spi bus (Min Li) [Orabug: 36725601] - ptp: ptp_clockmatrix: Add support for pll_mode=0 and manual ref switch of WF and WP (Min Li) [Orabug: 36725601] - ptp: ptp_clockmatrix: Add support for FW 5.2 (8A34005) (Min Li) [Orabug: 36725601] - ptp: ptp_clockmatrix: Remove idtcm_enable_tod_sync() (Min Li) [Orabug: 36725601] - octeontx2-af: Fix mcs sa cam entries size (Geetha sowjanya) [Orabug: 36725601] - octeontx2-pf: Remove xdp queues on program detach (Geetha sowjanya) [Orabug: 36725601] - octeontx2-pf: ethtool expose qos stats (Hariprasad Kelam) [Orabug: 36725601] - macsec: Use helper macsec_netdev_priv for offload drivers (Subbaraya Sundeep) [Orabug: 36725601] - macsec: Don't rely solely on the dst MAC address to identify destination MACsec device (Emeel Hakim) [Orabug: 36725601] - vlan: Add MACsec offload operations for VLAN interface (Emeel Hakim) [Orabug: 36725601] - octeontx2-pf: mcs: Support VLAN in clear text (Subbaraya Sundeep) [Orabug: 36725601] - ethtool: add support to set/get completion queue event size (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-af: Adjust Tx credits when MCS external bypass is disabled (Nithin Dabilpuram) [Orabug: 36725601] - crypto: octeontx2 - register error interrupts for inline cptlf (Nithin Dabilpuram) [Orabug: 36725601] - octeontx2-af: mcs: Fix MCS block interrupt (Geetha sowjanya) [Orabug: 36725601] - irqchip/gic-v3: Detect LPI invalidation MMIO registers (Marc Zyngier) [Orabug: 36725601] - irqchip/gic-v3: Exposes bit values for GICR_CTLR.{IR, CES} (Marc Zyngier) [Orabug: 36725601] - octeontx2-af: Enable hardware timestamping for VFs (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-af: Fix hash extraction enable configuration (Suman Ghosh) [Orabug: 36725601] - octeontx2-pf: Restore TC ingress police rules when interface is up (Subbaraya Sundeep) [Orabug: 36725601] - crypto: octeontx2 - add LF reset on queue disable (Srujana Challa) [Orabug: 36725601] - octeontx2-pf: mcs: Fix shared counters logic (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-pf: mcs: Match macsec ethertype along with DMAC (Subbaraya Sundeep) [Orabug: 36725601] - octeonxt2-af: mcs: Fix per port bypass config (Geetha sowjanya) [Orabug: 36725601] - octeontx2-af: mcs: Write TCAM_DATA and TCAM_MASK registers at once (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-af: Fix issues with NPC field hash extract (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-pf: Fix PFC TX scheduler free (Suman Ghosh) [Orabug: 36725601] - octeontx2-af: print error message incase of invalid pf mapping (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Fix depth of cam and mem table. (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-af: Fix start and end bit for scan config (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-af: Update correct mask to filter IPv4 fragments (Suman Ghosh) [Orabug: 36725601] - octeontx2-af: debugfs: update CQ context fields (Nithin Dabilpuram) [Orabug: 36725601] - octeontx2-pf: mcs: Offload extended packet number(XPN) feature (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-af: Add devlink option to adjust mcam high prio zone entries (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-af: Update/Fix NPC field hash extract feature (Ratheesh Kannoth) [Orabug: 36725601] - crypto: octeontx2 - remove errata workaround for CN10KB or CN10KA B0 chip. (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2 - add ctx_val workaround (Srujana Challa) [Orabug: 36725601] - perf/uapi: Define PERF_MEM_SNOOPX_PEER in kernel header file (Ravi Bangoria) [Orabug: 36725601] - octeontx2-af: cn10kb: fix interrupt csr addresses (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: mcs: Config parser to skip 8B header (Geetha sowjanya) [Orabug: 36725601] - net: macsec: remove the prepare flag from the MACsec offloading context (Antoine Tenart) [Orabug: 36725601] - net: atlantic: macsec: remove checks on the prepare phase (Antoine Tenart) [Orabug: 36725601] - net: phy: mscc: macsec: remove checks on the prepare phase (Antoine Tenart) [Orabug: 36725601] - net: macsec: remove the prepare phase when offloading (Antoine Tenart) [Orabug: 36725601] - net: atlantic: macsec: make the prepare phase a noop (Antoine Tenart) [Orabug: 36725601] - net: phy: mscc: macsec: make the prepare phase a noop (Antoine Tenart) [Orabug: 36725601] - octeontx2-af: CN10KB: Add USGMII LMAC mode (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Set XOFF on other child transmit schedulers during SMQ flush (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-pf: Enable PTP PPS output support (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-pf: Use PTP HW timestamp counter atomic update feature (Sai Krishna) [Orabug: 36725601] - octeontx2: Remove unnecessary ternary operators (Ruan Jinjie) [Orabug: 36725601] - arm64: mm: Convert to GENERIC_IOREMAP (Kefeng Wang) [Orabug: 36725601] - mm: ioremap: Use more sensible name in ioremap_prot() (Kefeng Wang) [Orabug: 36725601] - mailbox: pcc: Use PCC mailbox channel pointer instead of standard (Sudeep Holla) [Orabug: 36725601] - mailbox: pcc: Add pcc_mbox_chan structure to hold shared memory region info (Sudeep Holla) [Orabug: 36725601] - mailbox: pcc: Consolidate subspace doorbell register parsing (Sudeep Holla) [Orabug: 36725601] - mailbox: pcc: Consolidate subspace interrupt information parsing (Sudeep Holla) [Orabug: 36725601] - mailbox: pcc: Refactor all PCC channel information into a structure (Sudeep Holla) [Orabug: 36725601] - mailbox: pcc: Fix kernel doc warnings (Sudeep Holla) [Orabug: 36725601] - of: Add of_get_cpu_hwid() to read hardware ID from CPU nodes (Rob Herring) [Orabug: 36725601] - genirq: GENERIC_IRQ_EFFECTIVE_AFF_MASK depends on SMP (Samuel Holland) [Orabug: 36725601] - ACPI: irq: Allow acpi_gsi_to_irq() to have an arch-specific fallback (Marc Zyngier) [Orabug: 36725601] - ACPI: irq: Fix some kernel-doc issues (Xiongfeng Wang) [Orabug: 36725601] - APCI: irq: Add support for multiple GSI domains (Marc Zyngier) [Orabug: 36725601] - octeontx2-af: Add validation for lmac type (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Fix devlink unregister (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-pf: consider both Rx and Tx packet stats for adaptive interrupt coalescing (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-pf: Free pending and dropped SQEs (Geetha sowjanya) [Orabug: 36725601] - octeontx2: Detect the mbox up or down message via register (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-af: Install TC filter rules in hardware based on priority (Suman Ghosh) [Orabug: 36725601] - octeontx2-pf: Increase the size of dmac filter flows (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-pf: Allow both ntuple and TC features on the interface (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-pf: Prepare for QOS offload (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-pf: htb offload support for Round Robin scheduling (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-pf: implement transmit schedular allocation algorithm (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-pf: Add support for HTB offload (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-pf: Fix resource leakage in VF driver unbind (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-pf: Refactor schedular queue alloc/free calls (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-pf: qos send queues management (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-pf: Fix SQE threshold checking (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-pf: Rename tot_tx_queues to non_qos_queues (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Add filter profiles in hardware to extract packet headers (Suman Ghosh) [Orabug: 36725601] - octeontx2-af: cn10k: mcs: Fix a resource leak in the probe and remove functions (Christophe JAILLET) [Orabug: 36725601] - spi: cadence: Ensure data lines set to low during dummy-cycle period (Witold Sadowski) [Orabug: 36725601] - spi: cadence: Fix busy cycles calculation (Witold Sadowski) [Orabug: 36725601] - spi: cadence: Remove redundant dev_err call (Shang XiaoJing) [Orabug: 36725601] - spi: cadence: fix platform_get_irq.cocci warning (Yihao Han) [Orabug: 36725601] - spi: cadence: Add of_node_put() before return (Wan Jiabing) [Orabug: 36725601] - spi: cadence: fix static checker warning (Parshuram Thombare) [Orabug: 36725601] - spi: cadence: Fix spelling mistake 'nunber' -> 'number' (Colin Ian King) [Orabug: 36725601] - spi: cadence: add support for Cadence XSPI controller (Parshuram Thombare) [Orabug: 36725601] - spi: cadence: add dt-bindings documentation for Cadence XSPI controller (Parshuram Thombare) [Orabug: 36725601] - Documentation: arm64: Document PMU counters access from userspace (Raphael Gault) [Orabug: 36725601] - octeontx2-af: Add missing mcs flr handler call (Geetha sowjanya) [Orabug: 36725601] - octeontx2-af: Fix mcs stats register address (Geetha sowjanya) [Orabug: 36725601] - i2c: octeon: Handle watchdog timeout (Suneel Garapati) [Orabug: 36725601] - i2c: octeon: Add platform prefix to macros (Piyush Malgujar) [Orabug: 36725601] - i2c: thunderx: Support for High speed mode (Suneel Garapati) [Orabug: 36725601] - i2c: thunderx: Clock divisor logic changes (Suneel Garapati) [Orabug: 36725601] - octeontx2-af: cn10k: Set NIX DWRR MTU for CN10KB silicon (Sunil Goutham) [Orabug: 36725601] - octeontx2-af: cn10k: Increase outstanding LMTST transactions (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: cn10k: mcs: Fix copy and paste bug in mcs_bbe_intr_handler() (Dan Carpenter) [Orabug: 36725601] - octeontx2-pf: Recalculate UDP checksum for ptp 1-step sync packet (Geetha sowjanya) [Orabug: 36725601] - octeontx2-pf: Add support to filter packet based on IP fragment (Suman Ghosh) [Orabug: 36725601] - octeontx2-pf: Add additional checks while configuring ucast/bcast/mcast rules (Suman Ghosh) [Orabug: 36725601] - octeontx2-af: Allow mkex profile without DMAC and add L2M/L2B header extraction support (Suman Ghosh) [Orabug: 36725601] - octeontx2-af: Don't treat lack of CGX interfaces as error (Sunil Goutham) [Orabug: 36725601] - octeontx2-pf: Reset MAC stats during probe (Sai Krishna) [Orabug: 36725601] - octeontx2-af: Reset MAC features in FLR (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Add FEC stats for RPM/RPM_USX block (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: cn10kb: Add RPM_USX MAC support (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Support variable number of lmacs (Rakesh Babu Saladi) [Orabug: 36725601] - net: thunderx: remove null check after call container_of() (Haowen Bai) [Orabug: 36725601] - octeontx2-af: Removed unnecessary debug messages. (Sunil Goutham) [Orabug: 36725601] - octeontx2-af: Enable LBK links only when switch mode is on. (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-af: Add NIX Errata workaround on CN10K silicon (Geetha sowjanya) [Orabug: 36725601] - octeontx2-af: add option to toggle DROP_RE enable in rx cfg (Nithin Dabilpuram) [Orabug: 36725601] - crypto: octeontx2 - update CPT inbound inline IPsec mailbox (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2 - add support for AF to CPT PF uplink mbox (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2 - add SGv2 support for CN10KB or CN10KA B0 (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2 - hardware configuration for inline IPsec (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2 - Fix objects shared between several modules (Alexander Lobakin) [Orabug: 36725601] - crypto: octeontx2 - remove CPT block reset (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2 - increase CPT HW instruction queue length (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2 - Remove the unneeded result variable (ye xingchen) [Orabug: 36725601] - crypto: octeontx2 - simplify the return expression of otx2_cpt_aead_cbc_aes_sha_setkey() (Minghao Chi) [Orabug: 36725601] - crypto: octeontx2 - use swap() to make code cleaner (chiminghao) [Orabug: 36725601] - crypto: drivers - move from strlcpy with unused retval to strscpy (Wolfram Sang) [Orabug: 36725601] - crypto: octeontx2 - fix potential null pointer access (Shijith Thotton) [Orabug: 36725601] - crypto: octeontx2 - add firmware version in devlink info (Shijith Thotton) [Orabug: 36725601] - crypto: octeontx2 - disable DMA black hole on an DMA fault (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2 - CN10K CPT to RNM workaround (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2 - Use swap() instead of swap_engines() (Jiapeng Chong) [Orabug: 36725601] - crypto: octeontx2 - Avoid stack variable overflow (Kees Cook) [Orabug: 36725601] - crypto: octeontx2 - out of bounds access in otx2_cpt_dl_custom_egrp_delete() (Dan Carpenter) [Orabug: 36725601] - crypto: octeontx2 - add apis for custom engine groups (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2 - fix missing unlock (Yang Yingliang) [Orabug: 36725601] - crypto: octeontx2 - add synchronization between mailbox accesses (Harman Kalra) [Orabug: 36725601] - crypto: octeontx2 - parameters for custom engine groups (Srujana Challa) [Orabug: 36725601] - octeontx2-af: update CPT inbound inline IPsec config mailbox (Srujana Challa) [Orabug: 36725601] - octeontx2-af: restore rxc conf after teardown sequence (Nithin Dabilpuram) [Orabug: 36725601] - octeontx2-af: add mbox to return CPT_AF_FLT_INT info (Srujana Challa) [Orabug: 36725601] - octeontx2-af: optimize cpt pf identification (Srujana Challa) [Orabug: 36725601] - octeontx2-af: modify FLR sequence for CPT (Srujana Challa) [Orabug: 36725601] - octeontx2-af: add mbox for CPT LF reset (Srujana Challa) [Orabug: 36725601] - octeontx2-af: recover CPT engine when it gets fault (Srujana Challa) [Orabug: 36725601] - arm64: Declare non global symbols as static (Linu Cherian) [Orabug: 36725601] - arm64: Add cavium_erratum_23154_cpus missing sentinel (Marc Zyngier) [Orabug: 36725601] - irqchip/gic-v3: Workaround Marvell erratum 38545 when reading IAR (Linu Cherian) [Orabug: 36725601] - arm64: re-enable CAVIUM_ERRATUM_23154, disable CAVIUM_ERRATUM_27456 (Dave Kleikamp) [Orabug: 36725601] - dt-bindings: perf: marvell: cn10k ddr performance monitor (Bharat Bhushan) [Orabug: 36725601] - hwrng: cavium - fix NULL but dereferenced coccicheck error (Wan Jiabing) [Orabug: 36725601] - perf/smmuv3: Add devicetree support (Jean-Philippe Brucker) [Orabug: 36725601] - ethernet: marvell: octeontx2 Fix resource not freed after malloc (Manank Patel) [Orabug: 36725601] - octeontx2-pf: mcs: fix possible memory leak in otx2_probe() (Yang Yingliang) [Orabug: 36725601] - octeontx2-af: cn10k: mcs: Fix error return code in mcs_register_interrupts() (Yang Yingliang) [Orabug: 36725601] - octeontx2-pf: mcs: fix missing unlock in some error paths (Yang Yingliang) [Orabug: 36725601] - octeontx2-pf: mcs: remove unneeded semicolon (Yang Li) [Orabug: 36725601] - octeontx2-pf: mcs: Introduce MACSEC hardware offloading (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-af: cn10k: mcs: Add debugfs support (Geetha sowjanya) [Orabug: 36725601] - octeontx2-af: cn10k: mcs: Handle MCS block interrupts (Geetha sowjanya) [Orabug: 36725601] - octeontx2-af: cn10k: mcs: Support for stats collection (Geetha sowjanya) [Orabug: 36725601] - octeontx2-af: cn10k: mcs: Install a default TCAM for normal traffic (Geetha sowjanya) [Orabug: 36725601] - octeontx2-af: cn10k: mcs: Manage the MCS block hardware resources (Geetha sowjanya) [Orabug: 36725601] - octeontx2-af: cn10k: mcs: Add mailboxes for port related operations (Geetha sowjanya) [Orabug: 36725601] - octeontx2-af: cn10k: Introduce driver for macsec block. (Geetha sowjanya) [Orabug: 36725601] - octeontx2-pf: Fix unused variable build error (Ren Zhijie) [Orabug: 36725601] - octeontx2-af: Initialize PTP_SEC_ROLLOVER register properly (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-af: Add PTP PPS Errata workaround on CN10K silicon (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-pf: Add support for ptp 1-step mode on CN10K silicon (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: return correct ptp timestamp for CN10K silicon (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-pf: Add egress PFC support (Suman Ghosh) [Orabug: 36725601] - octeontx2-pf: Reduce minimum mtu size to 60 (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-af: Fixes static warnings (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-af: Limit link bringup time at firmware (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: returning uninitialized variable (Sebin Sebastian) [Orabug: 36725601] - octeontx2-af: Remove duplicate include (Jiapeng Chong) [Orabug: 36725601] - octeontx2-af: Skip CGX/RPM probe incase of zero lmac count (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Enable Exact match flag in kex profile (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-pf: Add support for exact match table. (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-af: Invoke exact match functions if supported (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-af: Wrapper functions for MAC addr add/del/update/reset (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2: Modify mbox request and response structures (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-af: Debugsfs support for exact match. (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-af: Drop rules for NPC MCAM (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-af: FLR handler for exact match table. (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-af: devlink configuration support (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-af: Exact match scan from kex profile (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-af: Exact match support (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-af: Use hashed field in MCAM key (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-af: Don't reset previous pfc config (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: fix operand size in bitwise operation (Shijith Thotton) [Orabug: 36725601] - marvell/octeontx2/af: fix repeated words in comments (Jilin Yuan) [Orabug: 36725601] - octeontx2-vf: Add support for adaptive interrupt coalescing (Suman Ghosh) [Orabug: 36725601] - octeontx2-pf: Add support for adaptive interrupt coalescing (Suman Ghosh) [Orabug: 36725601] - octeontx2-pf: Vary completion queue event size (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-pf: Change receive buffer size using ethtool (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-pf: Remove unnecessary synchronize_irq() before free_irq() (Minghao Chi) [Orabug: 36725601] - octeontx2-af: debugfs: fix error return of allocations (Niels Dossche) [Orabug: 36725601] - octeontx2-pf: replace bitmap_weight with bitmap_empty where appropriate (Yury Norov) [Orabug: 36725601] - octeontx2-af: cn10k: add workaround for ptp errata (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-pf: cn10k: add support for new ptp timestamp format (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-af: fix array bound error (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-pf: Add TC feature for VFs (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-pf: PFC config support with DCBx (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Flow control resource management (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Priority flow control configuration support (Sunil Kumar Kori) [Orabug: 36725601] - octeontx2-af: Fix interrupt name strings (Sunil Goutham) [Orabug: 36725601] - octeontx2-nicvf: Free VF PTP resources. (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-af: debugfs: don't corrupt user memory (Dan Carpenter) [Orabug: 36725601] - octeontx2-nicvf: fix ioctl callback (Arnd Bergmann) [Orabug: 36725601] - octeontx2-af: use swap() to make code cleaner (Yang Guang) [Orabug: 36725601] - octeontx2-af: debugfs: Add channel and channel mask. (Rakesh Babu) [Orabug: 36725601] - octeontx2-af: cn10k: debugfs for dumping LMTST map table (Harman Kalra) [Orabug: 36725601] - octeontx2-af: debugfs: Minor changes. (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-af: Increase number of reserved entries in KPU (Kiran Kumar K) [Orabug: 36725601] - octeontx2-nic: fix mixed module build (Arnd Bergmann) [Orabug: 36725601] - octeontx2-af: Add support to flush full CPT CTX cache (Srujana Challa) [Orabug: 36725601] - octeontx2-af: Perform cpt lf teardown in non FLR path (Nithin Dabilpuram) [Orabug: 36725601] - octeontx2-af: Enable CPT HW interrupts (Srujana Challa) [Orabug: 36725601] - octeontx2-pf: Simplify the receive buffer size calculation (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-af: Remove redundant initialization of variable pin (Colin Ian King) [Orabug: 36725601] - octeontx2-pf: Add XDP support to netdev PF (Geetha sowjanya) [Orabug: 36725601] - octeontx2-nicvf: Add PTP hardware clock support to NIX VF (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-af: Add external ptp input clock (Yi Guo) [Orabug: 36725601] - octeontx2-af: Use ptp input clock info from firmware data (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2: Move devlink registration to be last devlink command (Leon Romanovsky) [Orabug: 36725601] - octeontx2-af: Limit KPU parsing for GTPU packets (Kiran Kumar K) [Orabug: 36725601] - octeontx2-af: Remove redundant initialization of variable blkaddr (Colin Ian King) [Orabug: 36725601] - octeontx2-af: Fix uninitialized variable val (Colin Ian King) [Orabug: 36725601] - octeontx2-af: Hardware configuration for inline IPsec (Srujana Challa) [Orabug: 36725601] - octeontx2-pf: CN10K: Hide RPM stats over ethtool (Hariprasad Kelam) [Orabug: 36725601] - uek-rpm: Add skx_edac_common.ko to core-x86_64.list (Sherry Yang) [Orabug: 37033806] - EDAC, i10nm: make skx_common.o a separate module (Arnd Bergmann) [Orabug: 37033806] - VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (David Fernandez Gonzalez) [Orabug: 37037203] - uek-rpm: Enable CONFIG_BLK_DEV_DRBD (Vijayendra Suman) [Orabug: 36930383] - crypto: qat - specify firmware files for 402xx (Giovanni Cabiddu) [Orabug: 37041628] [5.15.0-301.163.1] - mm/memory-failure: send SIGBUS in the event of thp split fail (Jane Chu) [Orabug: 36307960] - mm/memory-failure: move hwpoison_filter() higher up (Jane Chu) [Orabug: 36307960] - mm/memory-failure: improve memory failure action_result messages (Jane Chu) [Orabug: 36307960] - mm/hwpoison: put page in already hwpoisoned case with MF_COUNT_INCREASED (Naoya Horiguchi) [Orabug: 36307960] - mm/madvise: add MF_ACTION_REQUIRED to madvise(MADV_HWPOISON) (Jane Chu) [Orabug: 36307960] - mm/memory-failure: try to send SIGBUS even if unmap failed (Jane Chu) [Orabug: 36307960] - mm: memory-failure: cleanup try_to_split_thp_page() (Kefeng Wang) [Orabug: 36307960] - fwctl: Allow up to 4k devices (Saeed Mahameed) [Orabug: 36970896] - net/mlx5: Fix IPsec RoCE MPV trace call (Patrisious Haddad) [Orabug: 37000459] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-35959 CVE-2024-42269 CVE-2024-47674 CVE-2024-42270 CVE-2024-26623 CVE-2024-26681 CVE-2024-35801 CVE-2024-26734 CVE-2024-40940 CVE-2024-27397 cpe:/a:oracle:linux:8::UEKR7 cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9::UEKR7 Oracle Linux 7 Oracle Linux 8 Oracle Linux 9 [20241003-999.35.git95bfe086.el8] - Rebase to latest upstream [Orabug: 37132142] - Fix build error in ol7 due to linking in copy-firmware.sh [Orabug: 37132515] - Bring back drirectory structure qcom/sc8280xp [Orabug: 37132142] MODERATE Copyright 2024 Oracle, Inc. CVE-2023-31356 CVE-2023-20584 cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:7::latest cpe:/o:oracle:linux:8:10:baseos_patch cpe:/o:oracle:linux:9:4:baseos_patch cpe:/a:oracle:linux:7::optional_latest cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 Oracle Linux Automation Manager 2.2 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-3651 CVE-2024-24680 CVE-2024-42005 cpe:/a:oracle:linux:8::developer_EPEL cpe:/a:oracle:linux:8::automation2 cpe:/a:oracle:linux:8::automation cpe:/a:oracle:linux:8::automation2.2 Oracle Linux 6 Oracle Linux 7 [4.1.12-124.91.3] - nfs_atomic_open(): prevent parallel nfs_lookup() on a negative hashed (Al Viro) [Orabug: 37006239] [4.1.12-124.91.2] - vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (Haoran Zhang) [Orabug: 37035560] [4.1.12-124.91.1] - vt_ioctl: fix array_index_nospec in vt_setactivate (Jakob Koschel) [Orabug: 37101899] {CVE-2022-48804} - tty: vt_ioctl: fix potential Spectre v1 (Gustavo A. R. Silva) [Orabug: 37101899] {CVE-2022-48804} - USB: core: Fix hang in usb_kill_urb by adding memory barriers (Alan Stern) [Orabug: 37101883] {CVE-2022-48760} - smb: client: fix OOB in smbCalcSize() (Paulo Alcantara) [Orabug: 36165420] {CVE-2023-6606} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-6606 CVE-2022-48804 CVE-2022-48760 cpe:/a:oracle:linux:6:10:UEKR4_ELS cpe:/a:oracle:linux:7::UEKR4 Oracle Linux 7 Oracle Linux 8 [5.4.17-2136.337.5] - net/mlx5: disable the 'fast unload' feature on Exadata systems (Qing Huang) [Orabug: 37093177] [5.4.17-2136.337.4] - ocfs2: reserve space for inline xattr before attaching reflink tree (Gautham Ananthakrishna) [Orabug: 37199020] - Revert 'ocfs2: ocfs2 crash due to invalid h_next_leaf_blk value in extent block' (Gautham Ananthakrishna) [Orabug: 37199020] - net/rds: Make send+receive IRQ assignments visible to user-space (Gerd Rausch) [Orabug: 36987151] - igb: Do not free the irq resources if they are already freed by igb_close() (Yifei Liu) [Orabug: 37005245] - A/A Bonding: check port count during RDMA device addition (Arumugam Kolappan) [Orabug: 36579195] [5.4.17-2136.337.3] - vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (Haoran Zhang) [Orabug: 37137548] {CVE-2024-49863} - rds/ib: Count memory consumed by rds_page_frag (Hans Westgaard Ry) [Orabug: 37172717] - fs/dcache: allow fractional values in fs.negative-dentry-limit (Gautham Ananthakrishna) [Orabug: 37156523] - mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() (Miaohe Lin) [Orabug: 36683094] {CVE-2024-36028} - uek: Disable /proc/uek under Xen and under non-Exadata systems (Konrad Rzeszutek Wilk) [Orabug: 37170992] - uek: Add force_noio runtime option. (Konrad Rzeszutek Wilk) [Orabug: 37145327] - treewide: Make the force_noio parameter be writable. (Konrad Rzeszutek Wilk) [Orabug: 37145327] - treewide: Sample foo_bar_force_noio before use (Hakon Bugge) [Orabug: 37145327] - workqueue: Add Oracle specific code to modify the flags of tasks. (Konrad Rzeszutek Wilk) [Orabug: 37145327] - net/mlx5: Free IRQ rmap and notifier on kernel shutdown (Saeed Mahameed) [Orabug: 36706485] - net/mlx5: Free irqs only on shutdown callback (Shay Drory) [Orabug: 36706485] - kpcimgr: Add dynamic memory region allocation feature (Joe Dobosenski) [Orabug: 36983478] - uek: kabi: Introduce APIs to hide/fake inclusion of headers (Saeed Mirzamohammadi) [Orabug: 37097450] - RDMA/cma: Always set static rate to 0 for RoCE (Mark Zhang) [Orabug: 37100215] - net/mlx5e: nullify cq->dbg pointer in mlx5_debug_cq_remove() (Valentine Fatiev) [Orabug: 37104450] - net/mlx5e: Fix memory leak in mlx5_core_destroy_cq() error path (Valentine Fatiev) [Orabug: 37099359] [5.4.17-2136.337.2] - LTS tag: v5.4.284 (Sherry Yang) - Revert 'parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367' (Greg Kroah-Hartman) - cx82310_eth: fix error return code in cx82310_bind() (Zhang Changzhong) - net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket (Daniel Borkmann) - rtmutex: Drop rt_mutex::wait_lock before scheduling (Roland Xu) [Orabug: 37116446] {CVE-2024-46829} - drm/i915/fence: Mark debug_fence_free() with __maybe_unused (Andy Shevchenko) - drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused (Andy Shevchenko) - nvmet-tcp: fix kernel crash if commands allocation fails (Maurizio Lombardi) [Orabug: 37074465] {CVE-2024-46737} - arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (Jonathan Cameron) [Orabug: 37116413] {CVE-2024-46822} - arm64: acpi: Move get_cpu_for_acpi_id() to a header (James Morse) - ACPI: processor: Fix memory leaks in error paths of processor_add() (Jonathan Cameron) - ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() (Jonathan Cameron) - nilfs2: protect references to superblock parameters exposed in sysfs (Ryusuke Konishi) [Orabug: 37074677] {CVE-2024-46780} - nilfs2: replace snprintf in show functions with sysfs_emit (Qing Wang) - tracing: Avoid possible softlockup in tracing_iter_reset() (Zheng Yejian) - ring-buffer: Rename ring_buffer_read() to read_buffer_iter_advance() (Steven Rostedt (VMware)) - uprobes: Use kzalloc to allocate xol area (Sven Schnelle) - clocksource/drivers/timer-of: Remove percpu irq related code (Daniel Lezcano) - clocksource/drivers/imx-tpm: Fix next event not taking effect sometime (Jacky Bai) - clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX (Jacky Bai) - Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic (Naman Jain) - uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (Saurabh Sengar) [Orabug: 37074473] {CVE-2024-46739} - nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc (Geert Uytterhoeven) - binder: fix UAF caused by offsets overwrite (Carlos Llamas) [Orabug: 37074477] {CVE-2024-46740} - iio: fix scale application in iio_convert_raw_to_processed_unlocked (Matteo Martelli) - iio: buffer-dmaengine: fix releasing dma channel on error (David Lechner) - staging: iio: frequency: ad9834: Validate frequency parameter value (Aleksandr Mishin) [Orabug: 37159728] {CVE-2024-47663} - NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations (Trond Myklebust) - ata: pata_macio: Use WARN instead of BUG (Michael Ellerman) - lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (Kent Overstreet) [Orabug: 37159757] {CVE-2024-47668} - of/irq: Prevent device address out-of-bounds read in interrupt map walk (Stefan Wiehler) [Orabug: 37074488] {CVE-2024-46743} - Squashfs: sanity check symbolic link size (Phillip Lougher) [Orabug: 37074495] {CVE-2024-46744} - usbnet: ipheth: race between ipheth_close and error handling (Oliver Neukum) - Input: uinput - reject requests with unreasonable number of slots (Dmitry Torokhov) [Orabug: 37074503] {CVE-2024-46745} - HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup (Camila Alvarez) [Orabug: 37074513] {CVE-2024-46747} - btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() (David Sterba) - PCI: Add missing bridge lock to pci_bus_lock() (Dan Williams) [Orabug: 37074532] {CVE-2024-46750} - btrfs: clean up our handling of refs == 0 in snapshot delete (Josef Bacik) [Orabug: 37116494] {CVE-2024-46840} - btrfs: replace BUG_ON with ASSERT in walk_down_proc() (Josef Bacik) - smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu() (Zqiang) - wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (Sascha Hauer) [Orabug: 37074561] {CVE-2024-46755} - libbpf: Add NULL checks to bpf_object__{prev_map,next_map} (Andreas Ziegler) - hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074566] {CVE-2024-46756} - hwmon: (nct6775-core) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074571] {CVE-2024-46757} - hwmon: (lm95234) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074579] {CVE-2024-46758} - hwmon: (adc128d818) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074584] {CVE-2024-46759} - pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (Krishna Kumar) [Orabug: 37074595] {CVE-2024-46761} - devres: Initialize an uninitialized struct member (Zijun Hu) - um: line: always fill *error_out in setup_one_line() (Johannes Berg) [Orabug: 37116518] {CVE-2024-46844} - cgroup: Protect css->cgroup write under css_set_lock (Waiman Long) - iommu/vt-d: Handle volatile descriptor status read (Jacob Pan) - dm init: Handle minors larger than 255 (Benjamin Marzinski) - ASoC: topology: Properly initialize soc_enum values (Amadeusz Slawinski) - net: dsa: vsc73xx: fix possible subblocks range of CAPT block (Pawel Dembicki) - net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN (Jonas Gorski) - net: bridge: fdb: convert added_by_external_learn to use bitops (Nikolay Aleksandrov) - net: bridge: fdb: convert added_by_user to bitops (Nikolay Aleksandrov) - net: bridge: fdb: convert is_sticky to bitops (Nikolay Aleksandrov) - net: bridge: fdb: convert is_static to bitops (Nikolay Aleksandrov) - net: bridge: fdb: convert is_local to bitops (Nikolay Aleksandrov) - usbnet: modern method to get random MAC (Oliver Neukum) - net: usb: don't write directly to netdev->dev_addr (Jakub Kicinski) - drivers/net/usb: Remove all strcpy() uses (Len Baker) - cx82310_eth: re-enable ethernet mode after router reboot (Ondrej Zary) - tcp_bpf: fix return value of tcp_bpf_sendmsg() (Cong Wang) [Orabug: 37074693] {CVE-2024-46783} - platform/x86: dell-smbios: Fix error path in dell_smbios_init() (Aleksandr Mishin) - can: bcm: Remove proc entry when dev is unregistered. (Kuniyuki Iwashima) [Orabug: 37074625] {CVE-2024-46771} - pcmcia: Use resource_size function on resource object (Jules Irenge) - media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse (Chen Ni) - PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) (Kishon Vijay Abraham I) [Orabug: 37159750] {CVE-2024-47667} - usb: uas: set host status byte on data completion error (Shantanu Goel) - wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 (Arend van Spriel) - udf: Avoid excessive partition lengths (Jan Kara) [Orabug: 37074665] {CVE-2024-46777} - netfilter: nf_conncount: fix wrong variable type (Yunjian Wang) - af_unix: Remove put_pid()/put_cred() in copy_peercred(). (Kuniyuki Iwashima) - irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 (Pali Rohar) - smack: unix sockets: fix accept()ed socket label (Konstantin Andreev) - ALSA: hda: Add input value sanity checks to HDMI channel map controls (Takashi Iwai) - nilfs2: fix state management in error path of log writing function (Ryusuke Konishi) [Orabug: 37159765] {CVE-2024-47669} - nilfs2: fix missing cleanup on rollforward recovery error (Ryusuke Konishi) [Orabug: 37074684] {CVE-2024-46781} - sched: sch_cake: fix bulk flow accounting logic for host fairness (Toke Hoiland-Jorgensen) [Orabug: 37116443] {CVE-2024-46828} - ila: call nf_unregister_net_hooks() sooner (Eric Dumazet) [Orabug: 37074689] {CVE-2024-46782} - clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API (Satya Priya Kakitapalli) - clk: qcom: clk-alpha-pll: Fix the pll post div mask (Satya Priya Kakitapalli) - clk: hi6220: use CLK_OF_DECLARE_DRIVER (Peter Griffin) - reset: hi6220: Add support for AO reset controller (Peter Griffin) - fuse: use unsigned type for getxattr/listxattr size truncation (Jann Horn) - fuse: update stats for pages in dropped aux writeback list (Joanne Koong) - mmc: sdhci-of-aspeed: fix module autoloading (Liao Chen) - mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K (Sam Protsenko) - irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init() (Ma Ke) - ata: libata: Fix memory leak for error path in ata_host_alloc() (Zheng Qixing) - ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices (Christoffer Sandberg) - ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (robelin) [Orabug: 37074722] {CVE-2024-46798} - sch/netem: fix use after free in netem_dequeue (Stephen Hemminger) [Orabug: 37074726] {CVE-2024-46800} - i2c: Use IS_REACHABLE() for substituting empty ACPI functions (Richard Fitzgerald) - udf: Limit file size to 4TB (Jan Kara) - virtio_net: Fix napi_skb_cache_put warning (Breno Leitao) [Orabug: 36964474] {CVE-2024-43835} - net: set SOCK_RCU_FREE before inserting socket into hashtable (Stanislav Fomichev) - block: initialize integrity buffer to zero before writing it to media (Christoph Hellwig) [Orabug: 36964515] {CVE-2024-43854} - media: uvcvideo: Enforce alignment of frame and interval (Ricardo Ribalda) - drm/amd/display: Skip wbscl_set_scaler_filter if filter is null (Alex Hung) [Orabug: 37073032] {CVE-2024-46714} - wifi: cfg80211: make hash table duplicates more survivable (Johannes Berg) - smack: tcp: ipv4, fix incorrect labeling (Casey Schaufler) - usb: typec: ucsi: Fix null pointer dereference in trace (Abhishek Pandit-Subedi) [Orabug: 37073065] {CVE-2024-46719} - usbip: Don't submit special requests twice (Simon Holesch) - ionic: fix potential irq name truncation (Shannon Nelson) - apparmor: fix possible NULL pointer dereference (Leesoo Ahn) [Orabug: 37073078] {CVE-2024-46721} - drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device (Michael Chen) - drm/amdgpu: fix mc_data out-of-bounds read warning (Tim Huang) [Orabug: 37073083] {CVE-2024-46722} - drm/amdgpu: fix ucode out-of-bounds read warning (Tim Huang) [Orabug: 37073088] {CVE-2024-46723} - drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create (Hersen Wu) - drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] (Alex Hung) [Orabug: 37116366] {CVE-2024-46815} - drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (Hersen Wu) [Orabug: 37116376] {CVE-2024-46817} - drm/amd/display: Check gpio_id before used as array index (Alex Hung) [Orabug: 37116385] {CVE-2024-46818} - drm/amdgpu: fix overflowed array index read warning (Tim Huang) - drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr (Ma Jun) - net: usb: qmi_wwan: add MeiG Smart SRM825L (ZHANG Yuntian) - i2c: Fix conditional for substituting empty ACPI functions (Richard Fitzgerald) - drm: panel-orientation-quirks: Add quirk for OrangePi Neo (Philip Mueller) - LTS tag: v5.4.283 (Sherry Yang) - scsi: aacraid: Fix double-free on probe failure (Ben Hutchings) [Orabug: 37070700] {CVE-2024-46673} - net: dsa: mv8e6xxx: Fix stub function parameters (Andrew Lunn) - usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() (Zijun Hu) - usb: dwc3: st: add missing depopulate in probe error path (Krzysztof Kozlowski) - usb: dwc3: st: fix probed platform device ref count on probe error path (Krzysztof Kozlowski) [Orabug: 37070705] {CVE-2024-46674} - usb: dwc3: core: Prevent USB core invalid event buffer address access (Selvarasu Ganesan) [Orabug: 37070710] {CVE-2024-46675} - usb: dwc3: omap: add missing depopulate in probe error path (Krzysztof Kozlowski) - USB: serial: option: add MeiG Smart SRM825L (ZHANG Yuntian) - cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (Ian Ray) - soc: qcom: cmd-db: Map shared memory as WC, not WB (Volodymyr Babchuk) - nfc: pn533: Add poll mod list filling check (Aleksandr Mishin) [Orabug: 37070717] {CVE-2024-46676} - nfc: pn533: Add autopoll capability (Lars Poeschel) - nfc: pn533: Add dev_up/dev_down hooks to phy_ops (Lars Poeschel) - net: busy-poll: use ktime_get_ns() instead of local_clock() (Eric Dumazet) - gtp: fix a potential NULL pointer dereference (Cong Wang) [Orabug: 37070722] {CVE-2024-46677} - ethtool: check device is present when getting link settings (Jamie Bainbridge) [Orabug: 37070728] {CVE-2024-46679} - r8152: Factor out OOB link list waits (Prashant Malani) - soundwire: stream: fix programming slave ports for non-continous port maps (Krzysztof Kozlowski) - cgroup/cpuset: Prevent UAF in proc_cpuset_show() (Chen Ridong) [Orabug: 36964510] {CVE-2024-43853} - ata: libata-core: Fix null pointer dereference on error (Niklas Cassel) [Orabug: 36897457] {CVE-2024-41098} - media: uvcvideo: Fix integer overflow calculating timestamp (Ricardo Ribalda) - drm/amdkfd: don't allow mapping the MMIO HDP page with large pages (Alex Deucher) [Orabug: 36867631] {CVE-2024-41011} - wifi: mwifiex: duplicate static structs used in driver instances (Sascha Hauer) - pinctrl: single: fix potential NULL dereference in pcs_get_function() (Ma Ke) [Orabug: 37070744] {CVE-2024-46685} - drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (Jesse Zhang) [Orabug: 36898009] {CVE-2024-42228} (Alexander Lobakin) - Input: MT - limit max slots (Tetsuo Handa) [Orabug: 37029137] {CVE-2024-45008} - Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO (Lee, Chun-Yi) [Orabug: 36654191] {CVE-2023-31083} - mmc: dw_mmc: allow biu and ciu clocks to defer (Ben Whitten) - cxgb4: add forgotten u64 ivlan cast before shift (Nikolay Kuratov) - HID: microsoft: Add rumble support to latest xbox controllers (Siarhei Vishniakou) - HID: wacom: Defer calculation of resolution until resolution_code is known (Jason Gerecke) - Bluetooth: MGMT: Add error handling to pair_device() (Griffin Kroah-Hartman) [Orabug: 36992976] {CVE-2024-43884} - mmc: mmc_test: Fix NULL dereference on allocation failure (Dan Carpenter) [Orabug: 37070691] {CVE-2024-45028} - drm/msm/dpu: don't play tricks with debug macros (Dmitry Baryshkov) - drm/msm: use drm_debug_enabled() to check for debug categories (Jani Nikula) - net: xilinx: axienet: Fix dangling multicast addresses (Sean Anderson) - net: xilinx: axienet: Always disable promiscuous mode (Sean Anderson) - ipv6: prevent UAF in ip6_send_skb() (Eric Dumazet) [Orabug: 37029076] {CVE-2024-44987} - netem: fix return value if duplicate enqueue fails (Stephen Hemminger) [Orabug: 37070660] {CVE-2024-45016} - net: dsa: mv88e6xxx: Fix out-of-bound access (Joseph Huang) [Orabug: 37029082] {CVE-2024-44988} - net: dsa: mv88e6xxx: replace ATU violation prints with trace points (Vladimir Oltean) - net: dsa: mv88e6xxx: read FID when handling ATU violations (Hans J. Schultz) - net: dsa: mv88e6xxx: global1_atu: Add helper for get next (Andrew Lunn) - net: dsa: mv88e6xxx: global2: Expose ATU stats register (Andrew Lunn) - netfilter: nft_counter: Synchronize nft_counter_reset() against reader. (Sebastian Andrzej Siewior) - kcm: Serialise kcm_sendmsg() for the same socket. (Kuniyuki Iwashima) [Orabug: 37013761] {CVE-2024-44946} - tc-testing: don't access non-existent variable on exception (Simon Horman) - Bluetooth: hci_core: Fix LE quote calculation (Luiz Augusto von Dentz) - Bluetooth: hci_core: Fix not handling link timeouts propertly (Luiz Augusto von Dentz) - Bluetooth: Make use of __check_timeout on hci_sched_le (Luiz Augusto von Dentz) - dm suspend: return -ERESTARTSYS instead of -EINTR (Mikulas Patocka) - dm: do not use waitqueue for request-based DM (Ming Lei) - dm mpath: pass IO start time to path selector (Gabriel Krisman Bertazi) - media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) (Aurelien Jarno) - block: use 'unsigned long' for blk_validate_block_size(). (Tetsuo Handa) - gtp: pull network headers in gtp_dev_xmit() (Eric Dumazet) [Orabug: 37029111] {CVE-2024-44999} - hrtimer: Prevent queuing of hrtimer without a function callback (Phil Chang) - nvmet-rdma: fix possible bad dereference when freeing rsps (Sagi Grimberg) - ext4: set the type of max_zeroout to unsigned int to avoid overflow (Baokun Li) - irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc (Guanrui Huang) - usb: dwc3: core: Skip setting event buffers for host only controllers (Krishna Kurapati) - s390/iucv: fix receive buffer virtual vs physical address confusion (Alexander Gordeev) - openrisc: Call setup_memory() earlier in the init sequence (Oreoluwa Babatunde) - NFS: avoid infinite loop in pnfs_update_layout. (NeilBrown) - nvmet-tcp: do not continue for invalid icreq (Hannes Reinecke) - Bluetooth: bnep: Fix out-of-bound access (Luiz Augusto von Dentz) - nvme: clear caller pointer on identify failure (Keith Busch) - usb: gadget: fsl: Increase size of name buffer for endpoints (Uwe Kleine-Konig) - f2fs: fix to do sanity check in update_sit_entry (Zhiguo Niu) - btrfs: delete pointless BUG_ON check on quota root in btrfs_qgroup_account_extent() (David Sterba) - btrfs: send: handle unexpected data in header buffer in begin_cmd() (David Sterba) - btrfs: handle invalid root reference found in may_destroy_subvol() (David Sterba) - btrfs: change BUG_ON to assertion when checking for delayed_node root (David Sterba) - powerpc/boot: Only free if realloc() succeeds (Michael Ellerman) - powerpc/boot: Handle allocation failure in simple_realloc() (Li zeming) - parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367 (Helge Deller) - x86: Increase brk randomness entropy for 64-bit systems (Kees Cook) - md: clean up invalid BUG_ON in md_ioctl (Li Nan) - virtiofs: forbid newlines in tags (Stefan Hajnoczi) - drm/lima: set gp bus_stop bit before hard reset (Erico Nunes) - net/sun3_82586: Avoid reading past buffer in debug output (Kees Cook) - scsi: lpfc: Initialize status local variable in lpfc_sli4_repost_sgl_list() (Justin Tee) - fs: binfmt_elf_efpic: don't use missing interpreter's properties (Max Filippov) - media: pci: cx23885: check cx23885_vdev_init() return (Hans Verkuil) - quota: Remove BUG_ON from dqget() (Jan Kara) - ext4: do not trim the group with corrupted block bitmap (Baokun Li) - nvmet-trace: avoid dereferencing pointer too early (Daniel Wagner) - powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu (Kunwu Chan) - IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock (Chengfeng Ye) - wifi: iwlwifi: abort scan when rfkill on but device enabled (Miri Korenblit) - gfs2: setattr_chown: Add missing initialization (Andreas Gruenbacher) - scsi: spi: Fix sshdr use (Mike Christie) - binfmt_misc: cleanup on filesystem umount (Christian Brauner) - staging: ks7010: disable bh on tx_dev_lock (Chengfeng Ye) - media: radio-isa: use dev_name to fill in bus_info (Hans Verkuil) - i2c: riic: avoid potential division by zero (Wolfram Sang) - wifi: cw1200: Avoid processing an invalid TIM IE (Jeff Johnson) - ssb: Fix division by zero issue in ssb_calc_clock_rate (Rand Deeb) - net: hns3: fix a deadlock problem when config TC during resetting (Jie Wang) [Orabug: 37029098] {CVE-2024-44995} - net: dsa: vsc73xx: pass value in phy_write operation (Pawel Dembicki) - net: axienet: Fix register defines comment description (Radhey Shyam Pandey) - net: axienet: Autodetect 64-bit DMA capability (Andre Przywara) - net: axienet: Upgrade descriptors to hold 64-bit addresses (Andre Przywara) - net: axienet: Wrap DMA pointer writes to prepare for 64 bit (Andre Przywara) - net: axienet: Drop MDIO interrupt registers from ethtools dump (Andre Przywara) - net: axienet: Check for DMA mapping errors (Andre Przywara) - net: axienet: Factor out TX descriptor chain cleanup (Andre Przywara) - net: axienet: Improve DMA error handling (Andre Przywara) - net: axienet: Fix DMA descriptor cleanup path (Andre Przywara) - atm: idt77252: prevent use after free in dequeue_rx() (Dan Carpenter) [Orabug: 37029105] {CVE-2024-44998} - net/mlx5e: Correctly report errors for ethtool rx flows (Cosmin Ratiu) - s390/uv: Panic for set and remove shared access UVC errors (Claudio Imbrenda) - btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits() (Alexander Lobakin) - s390/cio: rename bitmap_size() -> idset_bitmap_size() (Alexander Lobakin) - overflow: Implement size_t saturating arithmetic helpers (Kees Cook) - overflow.h: Add flex_array_size() helper (Gustavo A. R. Silva) - memcg_write_event_control(): fix a user-triggerable oops (Al Viro) [Orabug: 37070672] {CVE-2024-45021} - drm/amdgpu: Actually check flags for all context ops. (Bas Nieuwenhuizen) - selinux: fix potential counting error in avc_add_xperms_decision() (Zhen Lei) - fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (Al Viro) [Orabug: 37070680] {CVE-2024-45025} - bitmap: introduce generic optimized bitmap_size() (Alexander Lobakin) - vfs: Don't evict inode under the inode lru traversing context (Zhihao Cheng) [Orabug: 37029119] {CVE-2024-45003} - dm persistent data: fix memory allocation failure (Mikulas Patocka) - dm resume: don't return EINVAL when signalled (Khazhismel Kumykov) - arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to NUMA_NO_NODE (Haibo Xu) - s390/dasd: fix error recovery leading to data corruption on ESE devices (Stefan Haberland) [Orabug: 37070687] {CVE-2024-45026} - xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration (Mathias Nyman) [Orabug: 37029125] {CVE-2024-45006} - ALSA: usb-audio: Support Yamaha P-125 quirk entry (Juan Jose Arboleda) - fuse: Initialize beyond-EOF page contents before setting uptodate (Jann Horn) [Orabug: 37017951] {CVE-2024-44947} [5.4.17-2136.337.1] - wireguard: netlink: check for dangling peer via is_dead instead of empty list (Jason A. Donenfeld) [Orabug: 36596766] {CVE-2024-26951} - xsigo: add prefix xve/xsvnic with gro and __path_find (Alok Tiwari) [Orabug: 37089693] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-45021 CVE-2024-46757 CVE-2024-46777 CVE-2024-46780 CVE-2024-44947 CVE-2024-44987 CVE-2024-45003 CVE-2024-45026 CVE-2024-46676 CVE-2024-46737 CVE-2024-46844 CVE-2024-47669 CVE-2024-42228 CVE-2024-46743 CVE-2024-44995 CVE-2024-46721 CVE-2024-46783 CVE-2024-45006 CVE-2024-45016 CVE-2024-46817 CVE-2024-46840 CVE-2024-47663 CVE-2024-46722 CVE-2024-43854 CVE-2024-46744 CVE-2024-46747 CVE-2024-46815 CVE-2024-36028 CVE-2024-46758 CVE-2024-47668 CVE-2024-41011 CVE-2024-45025 CVE-2024-46714 CVE-2024-46723 CVE-2024-46759 CVE-2024-46781 CVE-2024-46800 CVE-2024-47667 CVE-2024-45008 CVE-2024-46719 CVE-2024-43853 CVE-2024-44946 CVE-2024-44988 CVE-2024-46675 CVE-2024-46679 CVE-2024-46755 CVE-2024-46798 CVE-2024-46818 CVE-2024-46828 CVE-2024-49863 CVE-2023-31083 CVE-2024-44998 CVE-2024-46822 CVE-2024-49958 CVE-2024-43884 CVE-2024-46673 CVE-2024-46756 CVE-2024-46829 CVE-2024-41098 CVE-2024-43835 CVE-2024-45028 CVE-2024-46685 CVE-2024-46745 CVE-2024-46750 CVE-2024-46771 CVE-2024-46782 CVE-2024-26951 CVE-2024-44999 CVE-2024-46674 CVE-2024-46677 CVE-2024-46739 CVE-2024-46740 CVE-2024-46761 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:10:baseos_patch cpe:/a:oracle:linux:8::UEKR6 cpe:/a:oracle:linux:7::UEKR6 Oracle Linux 7 [4.14.35-2047.542.2] - fs/dcache: allow fractional values in fs.negative-dentry-limit (Gautham Ananthakrishna) [Orabug: 37156524] - lib/math: move int_pow() from pwm_bl.c for wider use (Andy Shevchenko) [Orabug: 37156524] [4.14.35-2047.542.1] - genirq/cpuhotplug: Retry with cpu_online_mask when migration fails (Dongli Zhang) [Orabug: 37132827] - net/mlx5e: nullify cq->dbg pointer in mlx5_debug_cq_remove() (Valentine Fatiev) [Orabug: 37104452] - RDMA/cma: Always set static rate to 0 for RoCE (Mark Zhang) [Orabug: 37100216] - net/mlx5e: Fix memory leak in mlx5_core_destroy_cq() error path (Valentine Fatiev) [Orabug: 37099360] - LTS version v4.14.352 (Yifei Liu) - filelock: Fix fcntl/close race recovery compat path (Jann Horn) [Orabug: 36874759] {CVE-2024-41012} {CVE-2024-41020} - jfs: don't walk off the end of ealist (lei lu) [Orabug: 36891668] {CVE-2024-41017} - ocfs2: add bounds checking to ocfs2_check_dir_entry() (lei lu) [Orabug: 36891656] {CVE-2024-41015} - ACPI: processor_idle: Fix invalid comparison with insertion sort for latency (Kuan-Wei Chiu) - ARM: 9324/1: fix get_user() broken with veneer (Masahiro Yamada) - filelock: Remove locks reliably when fcntl/close race is detected (Jann Horn) [Orabug: 36874759] {CVE-2024-41012} {CVE-2024-41020} - hfsplus: fix uninit-value in copy_name (Edward Adam Davis) [Orabug: 36896970] {CVE-2024-41059} - selftests/vDSO: fix clang build errors and warnings (John Hubbard) - spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices (Uwe Kleine-Konig) - fs: better handle deep ancestor chains in is_subdir() (Christian Brauner) - Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (Tetsuo Handa) [Orabug: 36896995] {CVE-2024-41063} - net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() (Yunshui Jiang) - net: usb: qmi_wwan: add Telit FN912 compositions (Daniele Palmas) - ALSA: dmaengine_pcm: terminate dmaengine before synchronize (Shengjiu Wang) - s390/sclp: Fix sclp_init() cleanup on failure (Heiko Carstens) [Orabug: 36897034] {CVE-2024-41068} - Input: elantech - fix touchpad state on resume for Lenovo N24 (Jonathan Denose) - wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (Dmitry Antipov) [Orabug: 36897313] {CVE-2024-41072} - mei: demote client disconnect warning on suspend to debug (Alexander Usyskin) - fs/file: fix the check in find_next_fd() (Yuntao Wang) - kconfig: remove wrong expr_trans_bool() (Masahiro Yamada) - kconfig: gconf: give a proper initial state to the Save button (Masahiro Yamada) - ila: block BH in ila_output() (Eric Dumazet) [Orabug: 36897361] {CVE-2024-41081} - Input: silead - Always support 10 fingers (Hans de Goede) - Input: silead - add support for capactive home button found on some x86 tablets (Hans de Goede) - wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() (Dmitry Antipov) - wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata (Nicolas Escande) - ACPI: EC: Avoid returning AE_OK on errors in address space handler (Armin Wolf) - ACPI: EC: Abort address space access upon error (Armin Wolf) - scsi: qedf: Set qed_slowpath_params to zero before use (Saurav Kashyap) - gcc-plugins: Rename last_stmt() for GCC 14+ (Kees Cook) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-41015 CVE-2024-41059 CVE-2024-41068 CVE-2024-41063 CVE-2024-41081 CVE-2024-41012 CVE-2024-41072 CVE-2024-41017 CVE-2024-41020 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7::developer_UEKR5 cpe:/a:oracle:linux:7::UEKR5 cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 Oracle Linux 9 [5.15.0-302.167.6] - ice: Add a per-VF limit on number of FDIR filters (Ahmed Zaki) [Orabug: 36964088] {CVE-2024-42291} - scsi: lpfc: Fix a possible null pointer dereference (Huai-Yuan Liu) [Orabug: 36964437] {CVE-2024-43821} - power: reset: pwr-mlxbf: support graceful shutdown (Asmaa Mnebhi) [Orabug: 37208029] - gpio: mlxbf3: Support shutdown() function (Asmaa Mnebhi) [Orabug: 37208029] - sdhci-of-dwcmshc: disable PM runtime in dwcmshc_remove() (Liming Sun) [Orabug: 37208029] - ocfs2: reserve space for inline xattr before attaching reflink tree (Gautham Ananthakrishna) [Orabug: 37199019] - Revert 'ocfs2: ocfs2 crash due to invalid h_next_leaf_blk value in extent block' (Gautham Ananthakrishna) [Orabug: 37199019] [5.15.0-302.167.5] - mm/hugetlb: fix adjusting poison page flag in non-HVO scenario (Jane Chu) [Orabug: 37182268] - x86/bugs: Adjust SRSO mitigation to new features (Boris Ostrovsky) [Orabug: 37145844] - net/mlx5: disable the 'fast unload' feature on Exadata systems (Qing Huang) [Orabug: 37093170] - NFS: remove revoked delegation from server's delegation list (Dai Ngo) [Orabug: 36990366] - perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology() (Alexander Antonov) [Orabug: 36882937] {CVE-2023-52450} [5.15.0-302.167.4] - LTS version: v5.15.167 (Vijayendra Suman) - udp: fix receiving fraglist GSO packets (Felix Fietkau) - memcg: protect concurrent access to mem_cgroup_idr (Shakeel Butt) [Orabug: 36993003] {CVE-2024-43892} - btrfs: fix race between direct IO write and fsync when using same fd (Filipe Manana) [Orabug: 37195092] {CVE-2024-46734} - net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket (Daniel Borkmann) - x86/mm: Fix PTI for i386 some more (Thomas Gleixner) - net: drop bad gso csum_start and offset in virtio_net_hdr (Willem de Bruijn) [Orabug: 37195028] {CVE-2024-43897} - gso: fix dodgy bit handling for GSO_UDP_L4 (Yan Zhai) - net: change maximum number of UDP segments to 128 (Yuri Benditovich) - net: more strict VIRTIO_NET_HDR_GSO_UDP_L4 validation (Willem de Bruijn) - gpio: rockchip: fix OF node leak in probe() (Krzysztof Kozlowski) - drm/i915/fence: Mark debug_fence_free() with __maybe_unused (Andy Shevchenko) - drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused (Andy Shevchenko) - ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode (Matteo Martelli) - nvmet-tcp: fix kernel crash if commands allocation fails (Maurizio Lombardi) [Orabug: 37074464] {CVE-2024-46737} - arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (Jonathan Cameron) [Orabug: 37116411] {CVE-2024-46822} - arm64: acpi: Move get_cpu_for_acpi_id() to a header (James Morse) - ACPI: processor: Fix memory leaks in error paths of processor_add() (Jonathan Cameron) - ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() (Jonathan Cameron) - workqueue: Improve scalability of workqueue watchdog touch (Nicholas Piggin) [Orabug: 37116487] {CVE-2024-46839} - workqueue: wq_watchdog_touch is always called with valid CPU (Nicholas Piggin) - nilfs2: protect references to superblock parameters exposed in sysfs (Ryusuke Konishi) [Orabug: 37074676] {CVE-2024-46780} - nilfs2: replace snprintf in show functions with sysfs_emit (Qing Wang) - ksmbd: Unlock on in ksmbd_tcp_set_interfaces() (Dan Carpenter) - ksmbd: unset the binding mark of a reused connection (Namjae Jeon) [Orabug: 37074716] {CVE-2024-46795} - perf/aux: Fix AUX buffer serialization (Peter Zijlstra) [Orabug: 37070802] {CVE-2024-46713} - uprobes: Use kzalloc to allocate xol area (Sven Schnelle) - clocksource/drivers/timer-of: Remove percpu irq related code (Daniel Lezcano) - clocksource/drivers/imx-tpm: Fix next event not taking effect sometime (Jacky Bai) - clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX (Jacky Bai) - Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic (Naman Jain) - uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (Saurabh Sengar) [Orabug: 37074472] {CVE-2024-46739} - nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc (Geert Uytterhoeven) - binder: fix UAF caused by offsets overwrite (Carlos Llamas) [Orabug: 37074476] {CVE-2024-46740} - usb: dwc3: core: update LC timer as per USB Spec V3.2 (Faisal Hassan) - iio: adc: ad7124: fix chip ID mismatch (Dumitru Ceclan) - iio: adc: ad7124: fix config comparison (Dumitru Ceclan) - iio: fix scale application in iio_convert_raw_to_processed_unlocked (Matteo Martelli) - iio: buffer-dmaengine: fix releasing dma channel on error (David Lechner) - staging: iio: frequency: ad9834: Validate frequency parameter value (Aleksandr Mishin) [Orabug: 37159727] {CVE-2024-47663} - cifs: Check the lease context if we actually got a lease (Ronnie Sahlberg) - NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations (Trond Myklebust) - ata: pata_macio: Use WARN instead of BUG (Michael Ellerman) - MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed (Jiaxun Yang) [Orabug: 37116454] {CVE-2024-46832} - lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (Kent Overstreet) [Orabug: 37159756] {CVE-2024-47668} - of/irq: Prevent device address out-of-bounds read in interrupt map walk (Stefan Wiehler) [Orabug: 37074487] {CVE-2024-46743} - Squashfs: sanity check symbolic link size (Phillip Lougher) [Orabug: 37074494] {CVE-2024-46744} - usbnet: ipheth: race between ipheth_close and error handling (Oliver Neukum) - Input: uinput - reject requests with unreasonable number of slots (Dmitry Torokhov) [Orabug: 37074502] {CVE-2024-46745} - HID: amd_sfh: free driver_data after destroying hid device (Olivier Sobrie) [Orabug: 37074507] {CVE-2024-46746} - HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup (Camila Alvarez) [Orabug: 37074512] {CVE-2024-46747} - s390/vmlinux.lds.S: Move ro_after_init section behind rodata section (Heiko Carstens) - btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() (David Sterba) - kselftests: dmabuf-heaps: Ensure the driver name is null-terminated (Zenghui Yu) - i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup (Jarkko Nikula) [Orabug: 37159737] {CVE-2024-47665} - net: dpaa: avoid on-stack arrays of NR_CPUS elements (Vladimir Oltean) - PCI: Add missing bridge lock to pci_bus_lock() (Dan Williams) [Orabug: 37074530] {CVE-2024-46750} - riscv: set trap vector earlier (yang.zhang) - btrfs: replace BUG_ON() with error handling at update_ref_for_cow() (Filipe Manana) [Orabug: 37074542] {CVE-2024-46752} - btrfs: clean up our handling of refs == 0 in snapshot delete (Josef Bacik) [Orabug: 37116493] {CVE-2024-46840} - btrfs: replace BUG_ON with ASSERT in walk_down_proc() (Josef Bacik) - fs/ntfs3: Check more cases when directory is corrupted (Konstantin Komarov) - smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu() (Zqiang) - wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (Sascha Hauer) [Orabug: 37074560] {CVE-2024-46755} - dma-mapping: benchmark: Don't starve others when doing the test (Yicong Yang) - ext4: fix possible tid_t sequence overflows (Luis Henriques (SUSE)) - drm/amdgpu: Set no_hw_access when VF request full GPU fails (Yifan Zha) - libbpf: Add NULL checks to bpf_object__{prev_map,next_map} (Andreas Ziegler) - hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074565] {CVE-2024-46756} - hwmon: (nct6775-core) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074570] {CVE-2024-46757} - hwmon: (lm95234) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074578] {CVE-2024-46758} - hwmon: (adc128d818) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074583] {CVE-2024-46759} - pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (Krishna Kumar) [Orabug: 37074594] {CVE-2024-46761} - devres: Initialize an uninitialized struct member (Zijun Hu) - um: line: always fill *error_out in setup_one_line() (Johannes Berg) [Orabug: 37116517] {CVE-2024-46844} - cgroup: Protect css->cgroup write under css_set_lock (Waiman Long) - iommu/vt-d: Handle volatile descriptor status read (Jacob Pan) - dm init: Handle minors larger than 255 (Benjamin Marzinski) - ASoC: topology: Properly initialize soc_enum values (Amadeusz Slawinski) - net: dsa: vsc73xx: fix possible subblocks range of CAPT block (Pawel Dembicki) - net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN (Jonas Gorski) - fou: Fix null-ptr-deref in GRO. (Kuniyuki Iwashima) [Orabug: 37074606] {CVE-2024-46763} - gro: remove rcu_read_lock/rcu_read_unlock from gro_complete handlers (Eric Dumazet) - gro: remove rcu_read_lock/rcu_read_unlock from gro_receive handlers (Eric Dumazet) - bareudp: Fix device stats updates. (Guillaume Nault) - usbnet: modern method to get random MAC (Oliver Neukum) - net: usb: don't write directly to netdev->dev_addr (Jakub Kicinski) - ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (Larysa Zaremba) - igc: Unlock on error in igc_io_resume() (Dan Carpenter) - tcp_bpf: fix return value of tcp_bpf_sendmsg() (Cong Wang) [Orabug: 37074692] {CVE-2024-46783} - platform/x86: dell-smbios: Fix error path in dell_smbios_init() (Aleksandr Mishin) - igb: Fix not clearing TimeSync interrupts for 82580 (Daiwei Li) - can: m_can: Release irq on error in m_can_open (Simon Horman) - can: bcm: Remove proc entry when dev is unregistered. (Kuniyuki Iwashima) [Orabug: 37074624] {CVE-2024-46771} - drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 (Marek Olsak) - pcmcia: Use resource_size function on resource object (Jules Irenge) - media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse (Chen Ni) - PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) (Kishon Vijay Abraham I) [Orabug: 37159749] {CVE-2024-47667} - media: vivid: don't set HDMI TX controls if there are no HDMI outputs (Hans Verkuil) - drm/amd/display: Check HDCP returned status (Alex Hung) - usb: uas: set host status byte on data completion error (Shantanu Goel) - wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 (Arend van Spriel) - leds: spi-byte: Call of_node_put() on error path (Andy Shevchenko) - media: vivid: fix wrong sizeimage value for mplane (Hans Verkuil) - udf: Avoid excessive partition lengths (Jan Kara) [Orabug: 37074664] {CVE-2024-46777} - netfilter: nf_conncount: fix wrong variable type (Yunjian Wang) - iommu: sun50i: clear bypass register (Jernej Skrabec) - af_unix: Remove put_pid()/put_cred() in copy_peercred(). (Kuniyuki Iwashima) - irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 (Pali Rohar) - smack: unix sockets: fix accept()ed socket label (Konstantin Andreev) - ALSA: hda: Add input value sanity checks to HDMI channel map controls (Takashi Iwai) - mptcp: pm: send ACK on an active subflow (Matthieu Baerts (NGI0)) - mptcp: pr_debug: add missing at the end (Matthieu Baerts (NGI0)) - mptcp: pm: skip connecting to already established sf (Matthieu Baerts (NGI0)) - mptcp: pm: do not remove already closed subflows (Matthieu Baerts (NGI0)) - mptcp: pm: ADD_ADDR 0 is not a new address (Matthieu Baerts (NGI0)) - mptcp: close subflow when receiving TCP+FIN (Matthieu Baerts (NGI0)) - mptcp: avoid duplicated SUB_CLOSED events (Matthieu Baerts (NGI0)) - mptcp: pm: avoid possible UaF when selecting endp (Matthieu Baerts (NGI0)) - mptcp: constify a bunch of of helpers (Paolo Abeni) - mptcp: pm: fullmesh: select the right ID later (Matthieu Baerts (NGI0)) - mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (Matthieu Baerts (NGI0)) - mptcp: pm: only decrement add_addr_accepted for MPJ req (Matthieu Baerts (NGI0)) - mptcp: pm: re-using ID of unused flushed subflows (Matthieu Baerts (NGI0)) - nilfs2: fix state management in error path of log writing function (Ryusuke Konishi) [Orabug: 37159764] {CVE-2024-47669} - nilfs2: fix missing cleanup on rollforward recovery error (Ryusuke Konishi) [Orabug: 37074683] {CVE-2024-46781} - sched: sch_cake: fix bulk flow accounting logic for host fairness (Toke Hoiland-Jorgensen) [Orabug: 37116442] {CVE-2024-46828} - ila: call nf_unregister_net_hooks() sooner (Eric Dumazet) [Orabug: 37074688] {CVE-2024-46782} - tracing: Avoid possible softlockup in tracing_iter_reset() (Zheng Yejian) - can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open (Simon Arlott) [Orabug: 37074711] {CVE-2024-46791} - clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API (Satya Priya Kakitapalli) - clk: qcom: clk-alpha-pll: Fix the pll post div mask (Satya Priya Kakitapalli) - fuse: use unsigned type for getxattr/listxattr size truncation (Jann Horn) - fuse: update stats for pages in dropped aux writeback list (Joanne Koong) - mmc: cqhci: Fix checking of CQHCI_HALT state (Seunghwan Baek) - mmc: sdhci-of-aspeed: fix module autoloading (Liao Chen) - mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K (Sam Protsenko) - Bluetooth: MGMT: Ignore keys being loaded with invalid type (Luiz Augusto von Dentz) - Revert 'Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE' (Luiz Augusto von Dentz) - nvme-pci: Add sleep quirk for Samsung 990 Evo (Georg Gottleuber) - rtmutex: Drop rt_mutex::wait_lock before scheduling (Roland Xu) [Orabug: 37116445] {CVE-2024-46829} - irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init() (Ma Ke) - ata: libata: Fix memory leak for error path in ata_host_alloc() (Zheng Qixing) - ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx (Maximilien Perreault) - ALSA: hda/realtek: add patch for internal mic in Lenovo V145 (Terry Cheong) - ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices (Christoffer Sandberg) - KVM: SVM: Don't advertise Bus Lock Detect to guest if SVM support is missing (Ravi Bangoria) - KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE (Maxim Levitsky) - ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (robelin) [Orabug: 37074721] {CVE-2024-46798} - sch/netem: fix use after free in netem_dequeue (Stephen Hemminger) [Orabug: 37074725] {CVE-2024-46800} - i2c: Use IS_REACHABLE() for substituting empty ACPI functions (Richard Fitzgerald) - ext4: handle redirtying in ext4_bio_write_page() (Jan Kara) - udf: Limit file size to 4TB (Jan Kara) - ext4: reject casefold inode flag without casefold feature (Eric Biggers) - rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow (Nikita Kiryushin) [Orabug: 36753533] {CVE-2024-38577} - virtio_net: Fix napi_skb_cache_put warning (Breno Leitao) [Orabug: 36964473] {CVE-2024-43835} - drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr (Bob Zhou) [Orabug: 36993065] {CVE-2024-43905} - media: uvcvideo: Enforce alignment of frame and interval (Ricardo Ribalda) - drm/amd/display: Skip wbscl_set_scaler_filter if filter is null (Alex Hung) [Orabug: 37073031] {CVE-2024-46714} - block: remove the blk_flush_integrity call in blk_integrity_unregister (Christoph Hellwig) - wifi: cfg80211: make hash table duplicates more survivable (Johannes Berg) - drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ (Marek Vasut) [Orabug: 37116336] {CVE-2024-46810} - drm/meson: plane: Add error handling (Haoran Liu) - smack: tcp: ipv4, fix incorrect labeling (Casey Schaufler) - usb: typec: ucsi: Fix null pointer dereference in trace (Abhishek Pandit-Subedi) [Orabug: 37073064] {CVE-2024-46719} - usbip: Don't submit special requests twice (Simon Holesch) - rcu/nocb: Remove buggy bypass lock contention mitigation (Frederic Weisbecker) - ionic: fix potential irq name truncation (Shannon Nelson) - RDMA/efa: Properly handle unexpected AQ completions (Michael Margolin) - hwspinlock: Introduce hwspin_lock_bust() (Richard Maina) - PCI: al: Check IORESOURCE_BUS existence during probe (Aleksandr Mishin) - cpufreq: scmi: Avoid overflow of target_freq in fast switch (Jagadeesh Kona) - wifi: iwlwifi: remove fw_running op (Shahar S Matityahu) - drm/amdgpu: update type of buf size to u32 for eeprom functions (Tao Zhou) - drm/amd/pm: check negtive return for table entries (Jesse Zhang) - drm/amdgpu: the warning dereferencing obj for nbio_v7_4 (Jesse Zhang) [Orabug: 37116393] {CVE-2024-46819} - drm/amd/pm: check specific index for aldebaran (Jesse Zhang) - drm/amdgpu: fix the waring dereferencing hive (Jesse Zhang) [Orabug: 37116300] {CVE-2024-46805} - drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs (Ma Jun) - apparmor: fix possible NULL pointer dereference (Leesoo Ahn) [Orabug: 37073077] {CVE-2024-46721} - drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device (Michael Chen) - drm/amdgpu: fix mc_data out-of-bounds read warning (Tim Huang) [Orabug: 37073082] {CVE-2024-46722} - drm/amdgpu: fix ucode out-of-bounds read warning (Tim Huang) [Orabug: 37073087] {CVE-2024-46723} - drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number (Ma Jun) [Orabug: 37073093] {CVE-2024-46724} - drm/amdgpu: Fix out-of-bounds write warning (Ma Jun) [Orabug: 37073098] {CVE-2024-46725} - drm/amdgpu/pm: Fix uninitialized variable agc_btc_response (Ma Jun) - drm/amdgpu/pm: Fix uninitialized variable warning for smu10 (Ma Jun) - drm/amd/amdgpu: Check tbo resource pointer (Asad Kamal) [Orabug: 37116315] {CVE-2024-46807} - drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create (Hersen Wu) - drm/amd/display: Check msg_id before processing transcation (Alex Hung) [Orabug: 37116360] {CVE-2024-46814} - drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] (Alex Hung) [Orabug: 37116365] {CVE-2024-46815} - drm/amd/display: Add array index check for hdcp ddc access (Hersen Wu) [Orabug: 37116295] {CVE-2024-46804} - drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (Hersen Wu) [Orabug: 37116375] {CVE-2024-46817} - drm/amd/display: Check gpio_id before used as array index (Alex Hung) [Orabug: 37116384] {CVE-2024-46818} - drm/amdgpu: avoid reading vf2pf info size from FB (Zhigang Luo) - drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr (Tim Huang) - drm/amdgpu: fix uninitialized scalar variable warning (Tim Huang) - drm/amd/pm: fix the Out-of-bounds read warning (Jesse Zhang) [Orabug: 37073129] {CVE-2024-46731} - drm/amd/pm: fix warning using uninitialized value of max_vid_step (Jesse Zhang) - drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr (Tim Huang) - drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc (Ma Jun) - drm/amdgpu: fix overflowed array index read warning (Tim Huang) - drm/amd/display: Assign linear_pitch_alignment even for VM (Alvin Lee) [Orabug: 37073135] {CVE-2024-46732} - drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr (Ma Jun) - net: usb: qmi_wwan: add MeiG Smart SRM825L (ZHANG Yuntian) - dma-debug: avoid deadlock between dma debug vs printk and netconsole (Rik van Riel) - i2c: Fix conditional for substituting empty ACPI functions (Richard Fitzgerald) - ALSA: hda/conexant: Mute speakers at suspend / shutdown (Takashi Iwai) - ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown (Takashi Iwai) - drm: panel-orientation-quirks: Add quirk for OrangePi Neo (Philip Mueller) - LTS version: v5.15.166 (Vijayendra Suman) - apparmor: fix policy_unpack_test on big endian systems (Guenter Roeck) - scsi: aacraid: Fix double-free on probe failure (Ben Hutchings) [Orabug: 37070699] {CVE-2024-46673} - igc: Fix qbv tx latency by setting gtxoffset (Faizal Rahim) - igc: Fix reset adapter logics when tx mode change (Faizal Rahim) - phy: zynqmp: Enable reference clock correctly (Sean Anderson) - usb: cdnsp: fix for Link TRB with TC (Pawel Laszczak) - usb: cdnsp: fix incorrect index in cdnsp_get_hw_deq function (Pawel Laszczak) - usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() (Zijun Hu) - usb: dwc3: st: add missing depopulate in probe error path (Krzysztof Kozlowski) - usb: dwc3: st: fix probed platform device ref count on probe error path (Krzysztof Kozlowski) [Orabug: 37070704] {CVE-2024-46674} - usb: dwc3: core: Prevent USB core invalid event buffer address access (Selvarasu Ganesan) [Orabug: 37070709] {CVE-2024-46675} - usb: dwc3: omap: add missing depopulate in probe error path (Krzysztof Kozlowski) - USB: serial: option: add MeiG Smart SRM825L (ZHANG Yuntian) - cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (Ian Ray) - soc: qcom: cmd-db: Map shared memory as WC, not WB (Volodymyr Babchuk) - nfc: pn533: Add poll mod list filling check (Aleksandr Mishin) [Orabug: 37070716] {CVE-2024-46676} - net: busy-poll: use ktime_get_ns() instead of local_clock() (Eric Dumazet) - gtp: fix a potential NULL pointer dereference (Cong Wang) [Orabug: 37070721] {CVE-2024-46677} - ethtool: check device is present when getting link settings (Jamie Bainbridge) [Orabug: 37070727] {CVE-2024-46679} - dmaengine: dw: Add memory bus width verification (Serge Semin) - dmaengine: dw: Add peripheral bus width verification (Serge Semin) - phy: xilinx: phy-zynqmp: Fix SGMII linkup failure on resume (Piyush Mehta) - phy: xilinx: phy-zynqmp: dynamic clock support for power-save (Piyush Mehta) - phy: xilinx: add runtime PM support (Piyush Mehta) - PM: runtime: Add DEFINE_RUNTIME_DEV_PM_OPS() macro (Paul Cercueil) - PM: core: Add EXPORT[_GPL]_SIMPLE_DEV_PM_OPS macros (Paul Cercueil) - PM: core: Remove DEFINE_UNIVERSAL_DEV_PM_OPS() macro (Paul Cercueil) - soundwire: stream: fix programming slave ports for non-continous port maps (Krzysztof Kozlowski) - cgroup/cpuset: Prevent UAF in proc_cpuset_show() (Chen Ridong) [Orabug: 36964509] {CVE-2024-43853} - ata: libata-core: Fix null pointer dereference on error (Niklas Cassel) [Orabug: 36897456] {CVE-2024-41098} - drm/amdkfd: don't allow mapping the MMIO HDP page with large pages (Alex Deucher) [Orabug: 36867630] {CVE-2024-41011} - Revert 'MIPS: Loongson64: reset: Prioritise firmware service' (Greg Kroah-Hartman) - mptcp: sched: check both backup in retrans (Matthieu Baerts (NGI0)) - net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response (Haiyang Zhang) - wifi: mwifiex: duplicate static structs used in driver instances (Sascha Hauer) - pinctrl: single: fix potential NULL dereference in pcs_get_function() (Ma Ke) [Orabug: 37070743] {CVE-2024-46685} - pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins (Huang-Huang Bao) - btrfs: run delayed iputs when flushing delalloc (Josef Bacik) - drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (Jesse Zhang) [Orabug: 36898008] {CVE-2024-42228} (Alexander Lobakin) - Input: MT - limit max slots (Tetsuo Handa) [Orabug: 37029136] {CVE-2024-45008} - Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO (Lee, Chun-Yi) [Orabug: 35358656] {CVE-2023-31083} - mm/numa: no task_numa_fault() call if PTE is changed (Zi Yan) - mm/numa: no task_numa_fault() call if PMD is changed (Zi Yan) - ALSA: timer: Relax start tick time check for slave timer elements (Takashi Iwai) - hwmon: (ltc2992) Fix memory leak in ltc2992_parse_dt() (Javier Carrasco) - Revert 'drm/amd/display: Validate hw_points_num before using it' (Alex Hung) - mmc: dw_mmc: allow biu and ciu clocks to defer (Ben Whitten) - KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 (Marc Zyngier) [Orabug: 37070792] {CVE-2024-46707} - cxgb4: add forgotten u64 ivlan cast before shift (Nikolay Kuratov) - HID: microsoft: Add rumble support to latest xbox controllers (Siarhei Vishniakou) - HID: wacom: Defer calculation of resolution until resolution_code is known (Jason Gerecke) - MIPS: Loongson64: Set timer mode in cpu-probe (Jiaxun Yang) - scsi: core: Fix the return value of scsi_logical_block_count() (Chaotian Jing) - Bluetooth: MGMT: Add error handling to pair_device() (Griffin Kroah-Hartman) [Orabug: 36992975] {CVE-2024-43884} - mmc: mmc_test: Fix NULL dereference on allocation failure (Dan Carpenter) [Orabug: 37070690] {CVE-2024-45028} - drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails (Dmitry Baryshkov) [Orabug: 37029059] {CVE-2024-44982} - drm/msm/dp: reset the link phy params before link training (Abhinav Kumar) - drm/msm/dpu: don't play tricks with debug macros (Dmitry Baryshkov) - net: xilinx: axienet: Fix dangling multicast addresses (Sean Anderson) - net: xilinx: axienet: Always disable promiscuous mode (Sean Anderson) - netfilter: flowtable: validate vlan header (Pablo Neira Ayuso) [Orabug: 37029063] {CVE-2024-44983} - ipv6: prevent possible UAF in ip6_xmit() (Eric Dumazet) [Orabug: 37029066] {CVE-2024-44985} - ipv6: fix possible UAF in ip6_finish_output2() (Eric Dumazet) [Orabug: 37029068] {CVE-2024-44986} - ipv6: prevent UAF in ip6_send_skb() (Eric Dumazet) [Orabug: 37029075] {CVE-2024-44987} - netem: fix return value if duplicate enqueue fails (Stephen Hemminger) [Orabug: 37070659] {CVE-2024-45016} - net: dsa: mv88e6xxx: Fix out-of-bound access (Joseph Huang) [Orabug: 37029081] {CVE-2024-44988} - net: dsa: mv88e6xxx: replace ATU violation prints with trace points (Vladimir Oltean) - net: dsa: mv88e6xxx: read FID when handling ATU violations (Hans J. Schultz) - dpaa2-switch: Fix error checking in dpaa2_switch_seed_bp() (Dan Carpenter) - ice: fix ICE_LAST_OFFSET formula (Maciej Fijalkowski) - bonding: fix xfrm state handling when clearing active slave (Nikolay Aleksandrov) - bonding: fix xfrm real_dev null pointer dereference (Nikolay Aleksandrov) [Orabug: 37029084] {CVE-2024-44989} - bonding: fix null pointer deref in bond_ipsec_offload_ok (Nikolay Aleksandrov) [Orabug: 37029087] {CVE-2024-44990} - bonding: fix bond_ipsec_offload_ok return type (Nikolay Aleksandrov) - ip6_tunnel: Fix broken GRO (Thomas Bogendoerfer) - netfilter: nft_counter: Synchronize nft_counter_reset() against reader. (Sebastian Andrzej Siewior) - netfilter: nft_counter: Disable BH in nft_counter_offload_stats(). (Sebastian Andrzej Siewior) - kcm: Serialise kcm_sendmsg() for the same socket. (Kuniyuki Iwashima) [Orabug: 37013760] {CVE-2024-44946} - tc-testing: don't access non-existent variable on exception (Simon Horman) - Bluetooth: SMP: Fix assumption of Central always being Initiator (Luiz Augusto von Dentz) - Bluetooth: hci_core: Fix LE quote calculation (Luiz Augusto von Dentz) - platform/surface: aggregator: Fix warning when controller is destroyed in probe (Maximilian Luz) - net: mana: Fix doorbell out of order violation and avoid unnecessary doorbell rings (Long Li) - dm suspend: return -ERESTARTSYS instead of -EINTR (Mikulas Patocka) - media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) (Aurelien Jarno) - nfsd: make svc_stat per-network namespace instead of global (Josef Bacik) - nfsd: remove nfsd_stats, make th_cnt a global counter (Josef Bacik) - nfsd: make all of the nfsd stats per-network namespace (Josef Bacik) - nfsd: expose /proc/net/sunrpc/nfsd in net namespaces (Josef Bacik) - nfsd: rename NFSD_NET_* to NFSD_STATS_* (Josef Bacik) - sunrpc: use the struct net as the svc proc private (Josef Bacik) - sunrpc: remove ->pg_stats from svc_program (Josef Bacik) - sunrpc: pass in the sv_stats struct through svc_create_pooled (Josef Bacik) - nfsd: stop setting ->pg_stats for unused stats (Josef Bacik) - sunrpc: don't change ->sv_stats if it doesn't exist (Josef Bacik) - NFSD: Fix frame size warning in svc_export_parse() (Chuck Lever) - NFSD: Rewrite synopsis of nfsd_percpu_counters_init() (Chuck Lever) - NFSD: Refactor the duplicate reply cache shrinker (Chuck Lever) - NFSD: Replace nfsd_prune_bucket() (Chuck Lever) - NFSD: Rename nfsd_reply_cache_alloc() (Chuck Lever) - NFSD: Refactor nfsd_reply_cache_free_locked() (Chuck Lever) - nfsd: move init of percpu reply_cache_stats counters back to nfsd_init_net (Jeff Layton) - nfsd: move reply cache initialization into nfsd startup (Jeff Layton) - block: use 'unsigned long' for blk_validate_block_size(). (Tetsuo Handa) - gtp: pull network headers in gtp_dev_xmit() (Eric Dumazet) [Orabug: 37029110] {CVE-2024-44999} - hrtimer: Prevent queuing of hrtimer without a function callback (Phil Chang) - nvmet-rdma: fix possible bad dereference when freeing rsps (Sagi Grimberg) - ext4: set the type of max_zeroout to unsigned int to avoid overflow (Baokun Li) - irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc (Guanrui Huang) - usb: dwc3: core: Skip setting event buffers for host only controllers (Krishna Kurapati) - platform/x86: lg-laptop: fix %s null argument warning (Gergo Koteles) - clocksource: Make watchdog and suspend-timing multiplication overflow safe (Adrian Hunter) - s390/iucv: fix receive buffer virtual vs physical address confusion (Alexander Gordeev) - openrisc: Call setup_memory() earlier in the init sequence (Oreoluwa Babatunde) - NFS: avoid infinite loop in pnfs_update_layout. (NeilBrown) - nvmet-tcp: do not continue for invalid icreq (Hannes Reinecke) - net: hns3: add checking for vf id of mailbox (Jian Shen) - Bluetooth: bnep: Fix out-of-bound access (Luiz Augusto von Dentz) - usb: gadget: fsl: Increase size of name buffer for endpoints (Uwe Kleine-Konig) - f2fs: fix to do sanity check in update_sit_entry (Zhiguo Niu) - btrfs: delete pointless BUG_ON check on quota root in btrfs_qgroup_account_extent() (David Sterba) - btrfs: change BUG_ON to assertion in tree_move_down() (David Sterba) - btrfs: send: handle unexpected data in header buffer in begin_cmd() (David Sterba) - btrfs: handle invalid root reference found in may_destroy_subvol() (David Sterba) - btrfs: change BUG_ON to assertion when checking for delayed_node root (David Sterba) - powerpc/boot: Only free if realloc() succeeds (Michael Ellerman) - powerpc/boot: Handle allocation failure in simple_realloc() (Li zeming) - parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367 (Helge Deller) - memory: stm32-fmc2-ebi: check regmap_read return value (Christophe Kerello) - x86: Increase brk randomness entropy for 64-bit systems (Kees Cook) - md: clean up invalid BUG_ON in md_ioctl (Li Nan) - netlink: hold nlk->cb_mutex longer in __netlink_dump_start() (Eric Dumazet) - clocksource/drivers/arm_global_timer: Guard against division by zero (Martin Blumenstingl) - virtiofs: forbid newlines in tags (Stefan Hajnoczi) - drm/lima: set gp bus_stop bit before hard reset (Erico Nunes) - net/sun3_82586: Avoid reading past buffer in debug output (Kees Cook) - media: drivers/media/dvb-core: copy user arrays safely (Philipp Stanner) - fs: binfmt_elf_efpic: don't use missing interpreter's properties (Max Filippov) - media: pci: cx23885: check cx23885_vdev_init() return (Hans Verkuil) - quota: Remove BUG_ON from dqget() (Jan Kara) - fuse: fix UAF in rcu pathwalks (Al Viro) - afs: fix __afs_break_callback() / afs_drop_open_mmap() race (Al Viro) - ext4: do not trim the group with corrupted block bitmap (Baokun Li) - nvmet-trace: avoid dereferencing pointer too early (Daniel Wagner) - powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu (Kunwu Chan) - memory: tegra: Skip SID programming if SID registers aren't set (Ashish Mhetre) - arm64: Fix KASAN random tag seed initialization (Samuel Holland) - hwmon: (ltc2992) Avoid division by zero (Antoniu Miclaus) - IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock (Chengfeng Ye) - wifi: iwlwifi: fw: Fix debugfs command sending (Mukesh Sisodiya) - wifi: iwlwifi: abort scan when rfkill on but device enabled (Miri Korenblit) - gfs2: setattr_chown: Add missing initialization (Andreas Gruenbacher) - scsi: spi: Fix sshdr use (Mike Christie) - media: qcom: venus: fix incorrect return value (Hans Verkuil) - binfmt_misc: cleanup on filesystem umount (Christian Brauner) - staging: ks7010: disable bh on tx_dev_lock (Chengfeng Ye) - drm/amd/display: Validate hw_points_num before using it (Alex Hung) - staging: iio: resolver: ad2s1210: fix use before initialization (David Lechner) - media: radio-isa: use dev_name to fill in bus_info (Hans Verkuil) - i3c: mipi-i3c-hci: Do not unmap region not mapped for transfer (Jarkko Nikula) - i3c: mipi-i3c-hci: Remove BUG() when Ring Abort request times out (Jarkko Nikula) - s390/smp,mcck: fix early IPI handling (Heiko Carstens) - RDMA/rtrs: Fix the problem of variable not initialized fully (Zhu Yanjun) - i2c: riic: avoid potential division by zero (Wolfram Sang) - wifi: cw1200: Avoid processing an invalid TIM IE (Jeff Johnson) - wifi: mac80211: fix BA session teardown race (Johannes Berg) - wifi: cfg80211: check wiphy mutex is held for wdev mutex (Johannes Berg) - ssb: Fix division by zero issue in ssb_calc_clock_rate (Rand Deeb) - ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 (Parsa Poorshikhian) - net: hns3: fix a deadlock problem when config TC during resetting (Jie Wang) [Orabug: 37029097] {CVE-2024-44995} - net: hns3: fix wrong use of semaphore up (Jie Wang) - netfilter: nf_queue: drop packets with cloned unconfirmed conntracks (Florian Westphal) - netfilter: flowtable: initialise extack before use (Donald Hunter) [Orabug: 37070666] {CVE-2024-45018} - netfilter: allow ipv6 fragments to arrive on different devices (Tom Hughes) - mptcp: correct MPTCP_SUBFLOW_ATTR_SSN_OFFSET reserved size (Eugene Syromiatnikov) - mlxbf_gige: disable RX filters until RX path initialized (David Thompson) - net: dsa: vsc73xx: check busy flag in MDIO operations (Pawel Dembicki) - net: dsa: vsc73xx: use read_poll_timeout instead delay loop (Pawel Dembicki) - net: dsa: vsc73xx: pass value in phy_write operation (Pawel Dembicki) - net: axienet: Fix register defines comment description (Radhey Shyam Pandey) - atm: idt77252: prevent use after free in dequeue_rx() (Dan Carpenter) [Orabug: 37029103] {CVE-2024-44998} - net/mlx5e: Correctly report errors for ethtool rx flows (Cosmin Ratiu) - igc: Fix packet still tx after gate close by reducing i226 MAC retry buffer (Faizal Rahim) - igc: remove I226 Qbv BaseTime restriction (Muhammad Husaini Zulkifli) - igc: Correct the launchtime offset (Muhammad Husaini Zulkifli) - s390/uv: Panic for set and remove shared access UVC errors (Claudio Imbrenda) - drm/amdgpu/jpeg2: properly set atomics vmid field (Alex Deucher) - memcg_write_event_control(): fix a user-triggerable oops (Al Viro) [Orabug: 37070671] {CVE-2024-45021} - drm/amdgpu: Actually check flags for all context ops. (Bas Nieuwenhuizen) - btrfs: tree-checker: add dev extent item checks (Qu Wenruo) - selinux: fix potential counting error in avc_add_xperms_decision() (Zhen Lei) - fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (Al Viro) [Orabug: 37070679] {CVE-2024-45025} - bitmap: introduce generic optimized bitmap_size() (Alexander Lobakin) - btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits() (Alexander Lobakin) - s390/cio: rename bitmap_size() -> idset_bitmap_size() (Alexander Lobakin) - fs/ntfs3: add prefix to bitmap_size() and use BITS_TO_U64() (Alexander Lobakin) - vfs: Don't evict inode under the inode lru traversing context (Zhihao Cheng) [Orabug: 37029118] {CVE-2024-45003} - dm persistent data: fix memory allocation failure (Mikulas Patocka) - dm resume: don't return EINVAL when signalled (Khazhismel Kumykov) - arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to NUMA_NO_NODE (Haibo Xu) - s390/dasd: fix error recovery leading to data corruption on ESE devices (Stefan Haberland) [Orabug: 37070686] {CVE-2024-45026} - thunderbolt: Mark XDomain as unplugged when router is removed (Mika Westerberg) [Orabug: 37070774] {CVE-2024-46702} - xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration (Mathias Nyman) [Orabug: 37029124] {CVE-2024-45006} - ALSA: usb-audio: Support Yamaha P-125 quirk entry (Juan Jose Arboleda) - ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET (Lianqin Hu) - char: xillybus: Check USB endpoints when probing device (Eli Billauer) [Orabug: 37070649] {CVE-2024-45011} - char: xillybus: Refine workqueue handling (Eli Billauer) - char: xillybus: Don't destroy workqueue from work item running on it (Eli Billauer) [Orabug: 37029128] {CVE-2024-45007} - fuse: Initialize beyond-EOF page contents before setting uptodate (Jann Horn) [Orabug: 37017950] {CVE-2024-44947} - LTS version: v5.15.165 (Vijayendra Suman) - Revert 'ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error' (Niklas Cassel) - media: Revert 'media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()' (Sean Young) - ARM: dts: imx6qdl-kontron-samx6i: fix phy-mode (Michael Walle) - wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (Eric Dumazet) [Orabug: 36897690] {CVE-2024-42114} - binfmt_flat: Fix corruption when not offsetting data start (Kees Cook) [Orabug: 37029015] {CVE-2024-44966} - usb: gadget: u_audio: Check return codes from usb_ep_enable and config_ep_by_speed. (Chris Wulff) - nvme/pci: Add APST quirk for Lenovo N60z laptop (WangYuli) - exec: Fix ToCToU between perm check and set-uid/gid usage (Kees Cook) [Orabug: 36984016] {CVE-2024-43882} - arm64: cpufeature: Fix the visibility of compat hwcaps (Amit Daniel Kachhap) - arm64: dts: qcom: msm8996: correct #clock-cells for QMP PHY nodes (Dmitry Baryshkov) - powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt. (Mahesh Salgaonkar) [Orabug: 36897773] {CVE-2024-42126} - drm/i915/gem: Fix Virtual Memory mapping boundaries calculation (Andi Shyti) [Orabug: 36953968] {CVE-2024-42259} - mptcp: fully established after ADD_ADDR echo on MPJ (Matthieu Baerts (NGI0)) - wifi: mac80211: check basic rates validity (Johannes Berg) - PCI: dwc: Restore MSI Receiver mask during resume (Jisheng Zhang) - net: stmmac: Enable mac_managed_pm phylink config (Shenwei Wang) - netfilter: nf_tables: prefer nft_chain_validate (Florian Westphal) [Orabug: 36896845] {CVE-2024-41042} - netfilter: nf_tables: allow clone callbacks to sleep (Florian Westphal) - netfilter: nf_tables: bail out if stateful expression provides no .clone (Pablo Neira Ayuso) - netfilter: nf_tables: set element extended ACK reporting support (Pablo Neira Ayuso) - tls: fix race between tx work scheduling and socket close (Jakub Kicinski) [Orabug: 36529710] {CVE-2024-26585} - PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal (Lukas Wunner) [Orabug: 36964228] {CVE-2024-42302} - btrfs: fix double inode unlock for direct IO sync writes (Filipe Manana) [Orabug: 37195039] {CVE-2024-43885} - xfs: fix log recovery buffer allocation for the legacy h_size fixup (Christoph Hellwig) [Orabug: 36809257] {CVE-2024-39472} - btrfs: fix corruption after buffer fault in during direct IO append write (Filipe Manana) - selftests: mptcp: join: check backup support in signal endp (Matthieu Baerts (NGI0)) - selftests: mptcp: join: validate backup in MPJ (Matthieu Baerts (NGI0)) - mptcp: pm: fix backup support in signal endpoints (Matthieu Baerts (NGI0)) - mptcp: export local_address (Geliang Tang) - mptcp: pm: only set request_bkup flag when sending MP_PRIO (Matthieu Baerts (NGI0)) - mptcp: fix bad RCVPRUNED mib accounting (Paolo Abeni) - mptcp: mib: count MPJ with backup flag (Matthieu Baerts (NGI0)) - mptcp: fix NL PM announced address accounting (Paolo Abeni) - mptcp: distinguish rcv vs sent backup flag in requests (Matthieu Baerts (NGI0)) - mptcp: sched: check both directions for backup (Matthieu Baerts (NGI0)) - drm/mgag200: Set DDC timeout in milliseconds (Thomas Zimmermann) - drm/bridge: analogix_dp: properly handle zero sized AUX transactions (Lucas Stach) - sched/smt: Fix unbalance sched_smt_present dec/inc (Yang Yingliang) [Orabug: 37028981] {CVE-2024-44958} - sched/smt: Introduce sched_smt_present_inc/dec() helper (Yang Yingliang) - x86/mtrr: Check if fixed MTRRs exist before saving them (Andi Kleen) [Orabug: 37028935] {CVE-2024-44948} - padata: Fix possible divide-by-0 panic in padata_mt_helper() (Waiman Long) [Orabug: 36992992] {CVE-2024-43889} - tracing: Fix overflow in get_free_elt() (Tze-nan Wu) [Orabug: 36992997] {CVE-2024-43890} - power: supply: axp288_charger: Round constant_charge_voltage writes down (Hans de Goede) - power: supply: axp288_charger: Fix constant_charge_voltage writes (Hans de Goede) - genirq/irqdesc: Honor caller provided affinity in alloc_desc() (Shay Drory) - irqchip/xilinx: Fix shift out of bounds (Radhey Shyam Pandey) - kcov: properly check for softirq context (Andrey Konovalov) - serial: core: check uartclk for zero to avoid divide by zero (George Kennedy) [Orabug: 36993008] {CVE-2024-43893} - timekeeping: Fix bogus clock_was_set() invocation in do_adjtimex() (Thomas Gleixner) - ntp: Safeguard against time_constant overflow (Justin Stitt) - irqchip/meson-gpio: Convert meson_gpio_irq_controller::lock to 'raw_spinlock_t' (Arseniy Krasnov) - irqchip/meson-gpio: support more than 8 channels gpio irq (Qianggui Song) - clocksource: Fix brown-bag boolean thinko in cs_watchdog_read() (Paul E. McKenney) - clocksource: Scale the watchdog read retries automatically (Feng Tang) - torture: Enable clocksource watchdog with 'tsc=watchdog' (Paul E. McKenney) - clocksource: Reduce the default clocksource_watchdog() retries to 2 (Waiman Long) - ntp: Clamp maxerror and esterror to operating range (Justin Stitt) - vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler (Jason Wang) - tick/broadcast: Move per CPU pointer access into the atomic section (Thomas Gleixner) [Orabug: 37195086] {CVE-2024-44968} - scsi: ufs: core: Fix hba->last_dme_cmd_tstamp timestamp updating logic (Vamshi Gajjela) - scsi: mpi3mr: Avoid IOMMU page faults on REPORT ZONES (Damien Le Moal) - usb: gadget: u_serial: Set start_delayed during suspend (Prashanth K) - usb: gadget: core: Check for unset descriptor (Chris Wulff) [Orabug: 37028987] {CVE-2024-44960} - USB: serial: debug: do not echo input by default (Marek Marczykowski-Gorecki) - usb: vhci-hcd: Do not drop references before new references are gained (Oliver Neukum) [Orabug: 36992970] {CVE-2024-43883} - ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (Takashi Iwai) - ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (Steven 'Steve' Kendall) - ALSA: line6: Fix racy access to midibuf (Takashi Iwai) [Orabug: 37028956] {CVE-2024-44954} - drm/client: fix null pointer dereference in drm_client_modeset_probe (Ma Ke) [Orabug: 36993013] {CVE-2024-43894} - ALSA: usb-audio: Re-add ScratchAmp quirk entries (Takashi Iwai) - spi: spi-fsl-lpspi: Fix scldiv calculation (Stefan Wahren) - kprobes: Fix to check symbol prefixes correctly (Masami Hiramatsu (Google)) - bpf: kprobe: remove unused declaring of bpf_kprobe_override (Menglong Dong) - i2c: smbus: Send alert notifications to all devices if source not found (Guenter Roeck) - spi: spidev: Add missing spi_device_id for bh2228fv (Geert Uytterhoeven) - ASoC: codecs: wsa881x: Correct Soundwire ports mask (Krzysztof Kozlowski) - ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (Krzysztof Kozlowski) - i2c: smbus: Improve handling of stuck alerts (Guenter Roeck) - arm64: cputype: Add Cortex-A725 definitions (Mark Rutland) - arm64: cputype: Add Cortex-X1C definitions (Mark Rutland) - arm64: cputype: Add Cortex-X925 definitions (Mark Rutland) - arm64: cputype: Add Cortex-A720 definitions (Mark Rutland) - arm64: cputype: Add Cortex-X3 definitions (Mark Rutland) - arm64: cputype: Add Neoverse-V3 definitions (Mark Rutland) - arm64: cputype: Add Cortex-X4 definitions (Mark Rutland) - arm64: barrier: Restore spec_bar() macro (Mark Rutland) - arm64: Add Neoverse-V2 part (Besar Wicaksono) - arm64: cpufeature: Force HWCAP to be based on the sysreg visible to user-space (James Morse) - ext4: fix wrong unit use in ext4_mb_find_by_goal (Kemeng Shi) - sched/cputime: Fix mul_u64_u64_div_u64() precision for cputime (Zheng Zucheng) - scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES (Damien Le Moal) - profiling: remove profile=sleep support (Tetsuo Handa) - SUNRPC: Fix a race to wake a sync task (Benjamin Coddington) - s390/sclp: Prevent release of buffer in I/O (Peter Oberparleiter) [Orabug: 37029019] {CVE-2024-44969} - jbd2: avoid memleak in jbd2_journal_write_metadata_buffer (Kemeng Shi) - ext4: fix uninitialized variable in ext4_inlinedir_to_tree (Xiaxi Shen) - media: uvcvideo: Fix the bandwdith quirk on USB 3.x (Michal Pecio) - media: uvcvideo: Ignore empty TS packets (Ricardo Ribalda) - drm/amd/display: Add null checker before passing variables (Alex Hung) [Orabug: 36993047] {CVE-2024-43902} - drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules (Ma Jun) [Orabug: 36993077] {CVE-2024-43907} - drm/amdgpu: Fix the null pointer dereference to ras_manager (Ma Jun) [Orabug: 36993083] {CVE-2024-43908} - drm/amdgpu/pm: Fix the null pointer dereference for smu7 (Ma Jun) [Orabug: 36993089] {CVE-2024-43909} - btrfs: fix bitmap leak when loading free space cache on duplicate entry (Filipe Manana) - wifi: nl80211: don't give key data to userspace (Johannes Berg) - udf: prevent integer overflow in udf_bitmap_free_blocks() (Roman Smirnov) - PCI: Add Edimax Vendor ID to pci_ids.h (FUJITA Tomonori) - selftests/bpf: Fix send_signal test with nested CONFIG_PARAVIRT (Yonghong Song) - ACPI: SBS: manage alarm sysfs attribute through psy core (Thomas Weissschuh) - ACPI: battery: create alarm sysfs attribute atomically (Thomas Weissschuh) - clocksource/drivers/sh_cmt: Address race condition for clock events (Niklas Soderlund) - md/raid5: avoid BUG_ON() while continue reshape after reassembling (Yu Kuai) [Orabug: 36993126] {CVE-2024-43914} - md: do not delete safemode_timer in mddev_suspend (Li Nan) - rcutorture: Fix rcu_torture_fwd_cb_cr() data race (Paul E. McKenney) - net: fec: Stop PPS on driver remove (Csokas, Bence) - l2tp: fix lockdep splat (James Chapman) - net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (Joe Hattori) [Orabug: 37029031] {CVE-2024-44971} - Bluetooth: l2cap: always unlock channel in l2cap_conless_channel() (Dmitry Antipov) - net: linkwatch: use system_unbound_wq (Eric Dumazet) - net: bridge: mcast: wait for previous gc cycles when removing port (Nikolay Aleksandrov) [Orabug: 36993143] {CVE-2024-44934} - net: usb: qmi_wwan: fix memory leak for not ip packets (Daniele Palmas) [Orabug: 36983958] {CVE-2024-43861} - sctp: Fix null-ptr-deref in reuseport_add_sock(). (Kuniyuki Iwashima) [Orabug: 36993146] {CVE-2024-44935} - sctp: move hlist_node and hashent out of sctp_ep_common (Xin Long) - x86/mm: Fix pti_clone_entry_text() for i386 (Peter Zijlstra) - x86/mm: Fix pti_clone_pgtable() alignment assumption (Peter Zijlstra) [Orabug: 37029011] {CVE-2024-44965} - irqchip/mbigen: Fix mbigen node address layout (Yipeng Zou) - netfilter: ipset: Add list flush to cancel_gc (Alexander Maltsev) - mptcp: fix duplicate data handling (Paolo Abeni) - r8169: don't increment tx_dropped in case of NETDEV_TX_BUSY (Heiner Kallweit) - net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (Ma Ke) - drm/vmwgfx: Fix a deadlock in dma buf fence polling (Zack Rusin) [Orabug: 36983964] {CVE-2024-43863} - Revert 'ALSA: firewire-lib: operate for period elapse event in process context' (Edmund Raile) - Revert 'ALSA: firewire-lib: obsolete workqueue for period update' (Edmund Raile) - ALSA: hda/realtek: Add quirk for Acer Aspire E5-574G (Mavroudis Chatzilazaridis) - ALSA: usb-audio: Correct surround channels in UAC1 channel map (Takashi Iwai) - protect the fetch of ->fd[fd] in do_dup2() from mispredictions (Al Viro) [Orabug: 36963807] {CVE-2024-42265} - HID: wacom: Modify pen IDs (Tatsunosuke Tobita) - platform/chrome: cros_ec_proto: Lock device when updating MKBP version (Patryk Duda) - power: supply: bq24190_charger: replace deprecated strncpy with strscpy (Justin Stitt) - riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error() (Zhe Qiao) [Orabug: 36963814] {CVE-2024-42267} - ipv6: fix ndisc_is_useropt() handling for PIO (Maciej Zenczykowski) - net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys (Shahar Shitrit) - net: mvpp2: Don't re-use loop iterator (Dan Carpenter) - net/iucv: fix use after free in iucv_sock_close() (Alexandra Winter) [Orabug: 36964005] {CVE-2024-42271} - rtnetlink: Don't ignore IFLA_TARGET_NETNSID when ifname is specified in rtnl_dellink(). (Kuniyuki Iwashima) - rtnetlink: enable alt_ifname for setlink/newlink (Florent Fourcot) - ALSA: hda: conexant: Fix headset auto detect fail in the polling mode (songxiebing) - drm/vmwgfx: Fix overlay when using Screen Targets (Ian Forbes) - drm/nouveau: prime: fix refcount underflow (Danilo Krummrich) [Orabug: 36983978] {CVE-2024-43867} - MIPS: dts: loongson: Fix ls2k1000-rtc interrupt (Jiaxun Yang) - MIPS: dts: loongson: Fix liointc IRQ polarity (Jiaxun Yang) - MIPS: Loongson64: DTS: Fix PCIe port nodes for ls7a (Jiaxun Yang) - MIPS: Loongson64: DTS: Add RTC support to Loongson-2K1000 (Binbin Zhou) - remoteproc: imx_rproc: Fix refcount mistake in imx_rproc_addr_init (Aleksandr Mishin) - drm/dp_mst: Fix all mstb marked as not probed after suspend/resume (Wayne Lin) - irqchip/imx-irqsteer: Handle runtime power management correctly (Shenwei Wang) [Orabug: 36964084] {CVE-2024-42290} - irqchip/imx-irqsteer: Add runtime PM support (Lucas Stach) - irqchip/imx-irqsteer: Constify irq_chip struct (Lucas Stach) - irqdomain: Fixed unbalanced fwnode get and put (Herve Codina) - leds: triggers: Flush pending brightness before activating trigger (Thomas Weissschuh) - leds: trigger: Call synchronize_rcu() before calling trig->activate() (Hans de Goede) - leds: trigger: Store brightness set by led_trigger_event() (Heiner Kallweit) - leds: trigger: Remove unused function led_trigger_rename_static() (Heiner Kallweit) - leds: trigger: use RCU to protect the led_cdevs list (Johannes Berg) - drivers: soc: xilinx: check return status of get_api_version() (Jay Buddhabhatti) - soc: xilinx: move PM_INIT_FINALIZE to zynqmp_pm_domains driver (Michael Tretter) - ext4: check the extent status again before inserting delalloc block (Zhang Yi) - ext4: factor out a common helper to query extent map (Zhang Yi) - ext4: convert to exclusive lock while inserting delalloc extents (Zhang Yi) - ext4: refactor ext4_da_map_blocks() (Zhang Yi) - ext4: make ext4_es_insert_extent() return void (Baokun Li) - sysctl: always initialize i_uid/i_gid (Thomas Weissschuh) [Orabug: 36964269] {CVE-2024-42312} - arm64: dts: qcom: ipq8074: Disable SS instance in Parkmode for USB (Krishna Kurapati) - arm64: dts: qcom: msm8998: Disable SS instance in Parkmode for USB (Krishna Kurapati) - arm64: dts: qcom: msm8998: switch USB QMP PHY to new style of bindings (Dmitry Baryshkov) - arm64: dts: qcom: msm8998: drop USB PHY clock index (Johan Hovold) - arm64: dts: qcom: msm8996: Move '#clock-cells' to QMP PHY child node (Shawn Guo) - powerpc/configs: Update defconfig with now user-visible CONFIG_FSL_IFC (Esben Haabendal) - fs: don't allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT (Seth Forshee (DigitalOcean)) - nvme-pci: add missing condition check for existence of mapped data (Leon Romanovsky) [Orabug: 36964021] {CVE-2024-42276} - nvme: separate command prep and issue (Jens Axboe) - nvme: split command copy into a helper (Jens Axboe) - iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en (Artem Chernyshev) [Orabug: 36964025] {CVE-2024-42277} - ceph: fix incorrect kmalloc size of pagevec mempool (ethanwu) - ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is reachable (Pierre-Louis Bossart) - spi: spidev: add correct compatible for Rohm BH2228FV (Conor Dooley) - spi: spidev: order compatibles alphabetically (Krzysztof Kozlowski) - spidev: Add Silicon Labs EM3581 device compatible (Vincent Tremblay) - spi: spidev: Replace OF specific code by device property API (Andy Shevchenko) - spi: spidev: Replace ACPI specific code by device_get_match_data() (Andy Shevchenko) - spi: spidev: Make probe to fail early if a spidev compatible is used (Javier Martinez Canillas) - lirc: rc_dev_get_from_fd(): fix file leak (Al Viro) - powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() (Al Viro) - apparmor: Fix null pointer deref when receiving skb during sock creation (Xiao Liang) - mISDN: Fix a use after free in hfcmulti_tx() (Dan Carpenter) [Orabug: 36964031] {CVE-2024-42280} - bpf: Fix a segment issue when downgrading gso_size (Fred Li) [Orabug: 36964037] {CVE-2024-42281} - net: nexthop: Initialize all fields in dumped nexthops (Petr Machata) [Orabug: 36964043] {CVE-2024-42283} - net: stmmac: Correct byte order of perfect_match (Simon Horman) - tipc: Return non-zero value from tipc_udp_addr2str() on error (Shigeru Yoshida) [Orabug: 36964046] {CVE-2024-42284} - netfilter: nft_set_pipapo_avx2: disable softinterrupts (Florian Westphal) - net: bonding: correctly annotate RCU in bond_should_notify_peers() (Johannes Berg) - ipv4: Fix incorrect source address in Record Route option (Ido Schimmel) - MIPS: SMP-CPS: Fix address for GCR_ACCESS register for CM3 and later (Gregory CLEMENT) - bpf, events: Use prog to emit ksymbol event for main program (Hou Tao) - dma: fix call order in dmam_free_coherent (Lance Richardson) [Orabug: 36964522] {CVE-2024-43856} - libbpf: Fix no-args func prototype BTF dumping syntax (Andrii Nakryiko) - um: time-travel: fix signal blocking race/hang (Johannes Berg) - um: time-travel: fix time-travel-start option (Johannes Berg) - phy: cadence-torrent: Check return value on register read (Ma Ke) - dmaengine: ti: k3-udma: Fix BCHAN count with UHC and HC channels (Vignesh Raghavendra) - jfs: Fix array-index-out-of-bounds in diFree (Jeongjun Park) [Orabug: 36964529] {CVE-2024-43858} - kdb: address -Wformat-security warnings (Arnd Bergmann) - kernel: rerun task_work while freezing in get_signal() (Pavel Begunkov) - io_uring/io-wq: limit retrying worker initialisation (Pavel Begunkov) - nilfs2: handle inconsistent state in nilfs_btnode_create_block() (Ryusuke Konishi) [Orabug: 36964202] {CVE-2024-42295} - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 (WangYuli) - Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables (Hilda Wu) - rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings (Ilya Dryomov) - rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (Ilya Dryomov) - drm/panfrost: Mark simple_ondemand governor as softdep (Dragan Simic) - MIPS: Loongson64: Test register availability before use (Jiaxun Yang) - MIPS: Loongson64: reset: Prioritise firmware service (Jiaxun Yang) - MIPS: Loongson64: Remove memory node for builtin-dtb (Jiaxun Yang) - MIPS: Loongson64: env: Hook up Loongsson-2K (Jiaxun Yang) - MIPS: dts: loongson: Fix GMAC phy node (Jiaxun Yang) - MIPS: ip30: ip30-console: Add missing include (Jiaxun Yang) - remoteproc: imx_rproc: Skip over memory region when node value is NULL (Aleksandr Mishin) [Orabug: 36964536] {CVE-2024-43860} - remoteproc: stm32_rproc: Fix mailbox interrupts queuing (Gwenael Treuveur) - rbd: don't assume rbd_is_lock_owner() for exclusive mappings (Ilya Dryomov) - selftests/sigaltstack: Fix ppc64 GCC build (Michael Ellerman) - RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (Bart Van Assche) [Orabug: 36964053] {CVE-2024-42285} - platform: mips: cpu_hwmon: Disable driver on unsupported hardware (Jiaxun Yang) - watchdog/perf: properly initialize the turbo mode timestamp and rearm counter (Thomas Gleixner) - rtc: isl1208: Fix return value of nvmem callbacks (Joy Chakraborty) - drm/i915/dp: Reset intel_dp->link_trained before retraining the link (Imre Deak) - drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell (Alex Deucher) - drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8 (Nitin Gote) - perf/x86/intel/pt: Fix a topa_entry base address calculation (Adrian Hunter) - perf/x86/intel/pt: Fix topa_entry base length (Marco Cavenati) - perf/x86/intel/uncore: Fix the bits of the CHA extended umask for SPR (Kan Liang) - perf: Fix event leak upon exit (Frederic Weisbecker) [Orabug: 36983986] {CVE-2024-43870} - rtc: cmos: Fix return value of nvmem callbacks (Joy Chakraborty) - mm/numa_balancing: teach mpol_to_str about the balancing mode (Tvrtko Ursulin) - devres: Fix memory leakage caused by driver API devm_free_percpu() (Zijun Hu) [Orabug: 36983990] {CVE-2024-43871} - devres: Fix devm_krealloc() wasting memory (Zijun Hu) - gve: Fix an edge case for TSO skb validity check (Bailey Forrest) - kobject_uevent: Fix OOB access within zap_modalias_env() (Zijun Hu) [Orabug: 37203371] {CVE-2024-42292} - kbuild: Fix '-S -c' in x86 stack protector scripts (Nathan Chancellor) - decompress_bunzip2: fix rare decompression failure (Ross Lagerwall) - ubi: eba: properly rollback inside self_check_eba (Fedor Pchelkin) - clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use (Bastien Curutchet) - fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed (Huacai Chen) [Orabug: 36964218] {CVE-2024-42299} - dev/parport: fix the array out-of-bounds risk (tuhaowen) [Orabug: 36964222] {CVE-2024-42301} - binder: fix hang of unregistered readers (Carlos Llamas) - PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio (Manivannan Sadhasivam) - PCI: dw-rockchip: Fix initial PERST# GPIO value (Niklas Cassel) - PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (Wei Liu) - hwrng: amd - Convert PCIBIOS_* return codes to errnos (Ilpo Jarvinen) - tools/memory-model: Fix bug in lock.cat (Alan Stern) - ALSA: usb-audio: Add a quirk for Sonix HD USB Camera (wangdicheng) - ALSA: usb-audio: Move HD Webcam quirk to the right place (Takashi Iwai) - ALSA: usb-audio: Fix microphone sound on HD webcam. (wangdicheng) - KVM: VMX: Split out the non-virtualization part of vmx_interrupt_blocked() (Sean Christopherson) - media: uvcvideo: Fix integer overflow calculating timestamp (Ricardo Ribalda) - jbd2: make jbd2_journal_get_max_txn_bufs() internal (Jan Kara) - leds: ss4200: Convert PCIBIOS_* return codes to errnos (Ilpo Jarvinen) - wifi: mwifiex: Fix interface type change (Rafael Beims) - selftests/landlock: Add cred_transfer test (Mickael Salaun) - io_uring: tighten task exit cancellations (Pavel Begunkov) - ext4: make sure the first directory block is not a hole (Baokun Li) [Orabug: 36964231] {CVE-2024-42304} - ext4: check dot and dotdot of dx_root before making dir indexed (Baokun Li) [Orabug: 36964236] {CVE-2024-42305} - m68k: amiga: Turn off Warp1260 interrupts during boot (Paolo Pisati) - udf: Avoid using corrupted block bitmap buffer (Jan Kara) [Orabug: 36964241] {CVE-2024-42306} - task_work: Introduce task_work_cancel() again (Frederic Weisbecker) - task_work: s/task_work_cancel()/task_work_cancel_func()/ (Frederic Weisbecker) - apparmor: use kvfree_sensitive to free data->data (Fedor Pchelkin) - sched/fair: Use all little CPUs for CPU-bound workloads (Pierre Gondois) - drm/amd/display: Check for NULL pointer (Sung Joon Kim) [Orabug: 36964246] {CVE-2024-42308} - drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (Ma Ke) [Orabug: 36964252] {CVE-2024-42309} - drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (Ma Ke) [Orabug: 36964258] {CVE-2024-42310} - ext2: Verify bitmap and itable block numbers before using them (Jan Kara) - hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (Chao Yu) [Orabug: 36964264] {CVE-2024-42311} - ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error (Igor Pylypiv) - media: venus: fix use after free in vdec_close (Dikshita Agarwal) [Orabug: 36964274] {CVE-2024-42313} - char: tpm: Fix possible memory leak in tpm_bios_measurements_open() (Joe Hattori) - fuse: verify {g,u}id mount options correctly (Eric Sandeen) - sched/fair: set_load_weight() must also call reweight_task() for SCHED_IDLE tasks (Tejun Heo) - ipv6: take care of scope when choosing the src addr (Nicolas Dichtel) - af_packet: Handle outgoing VLAN packets without hardware offloading (Chengen Du) - net: netconsole: Disable target before netpoll cleanup (Breno Leitao) - tick/broadcast: Make takeover of broadcast hrtimer reliable (Yu Liao) - dt-bindings: thermal: correct thermal zone node name limit (Krzysztof Kozlowski) - mm: mmap_lock: replace get_memcg_path_buf() with on-stack buffer (Tetsuo Handa) - mm/hugetlb: fix possible recursive locking detected warning (Miaohe Lin) - landlock: Don't lose track of restrictions on cred_transfer (Jann Horn) [Orabug: 36964283] {CVE-2024-42318} - fs/ntfs3: Missed error return (Konstantin Komarov) - rtc: interface: Add RTC offset to alarm after fix-up (Csokas, Bence) - nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro (Ryusuke Konishi) - fs/proc/task_mmu: indicate PM_FILE for PMD-mapped file THP (David Hildenbrand) - fs/ntfs3: Fix field-spanning write in INDEX_HDR (Konstantin Komarov) - fs/ntfs3: Replace inode_trylock with inode_lock (Konstantin Komarov) - pinctrl: freescale: mxs: Fix refcount of child (Peng Fan) - pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails (Yang Yingliang) - pinctrl: ti: ti-iodelay: Drop if block with always false condition (Uwe Kleine-Konig) - pinctrl: single: fix possible memory leak when pinctrl_enable() fails (Yang Yingliang) - pinctrl: core: fix possible memory leak when pinctrl_enable() fails (Yang Yingliang) - pinctrl: rockchip: update rk3308 iomux routes (Dmitry Yashin) - fs/ntfs3: Fix getting file type (Konstantin Komarov) - fs/ntfs3: Missed NI_FLAG_UPDATE_PARENT setting (Konstantin Komarov) - fs/ntfs3: Fix transform resident to nonresident for compressed files (Konstantin Komarov) - fs/ntfs3: Merge synonym COMPRESSION_UNIT and NTFS_LZNT_CUNIT (Konstantin Komarov) - fs/ntfs3: Use ALIGN kernel macro (Konstantin Komarov) - net: dsa: b53: Limit chip-wide jumbo frame config to CPU ports (Martin Willi) - net: dsa: mv88e6xxx: Limit chip-wide frame size config to CPU ports (Martin Willi) - netfilter: nf_set_pipapo: fix initial map fill (Florian Westphal) - netfilter: nft_set_pipapo: constify lookup fn args where possible (Florian Westphal) - netfilter: ctnetlink: use helper function to calculate expect ID (Pablo Neira Ayuso) [Orabug: 37013754] {CVE-2024-44944} - bnxt_re: Fix imm_data endianness (Jack Wang) - RDMA/hns: Fix insufficient extend DB for VFs. (Chengchang Tang) - RDMA/hns: Fix undifined behavior caused by invalid max_sge (Chengchang Tang) - RDMA/hns: Fix missing pagesize and alignment check in FRMR (Chengchang Tang) - macintosh/therm_windtunnel: fix module unload. (Nick Bowler) - powerpc/xmon: Fix disassembly CPU feature checks (Michael Ellerman) - net: missing check virtio (Denis Arefev) [Orabug: 36964424] {CVE-2024-43817} - vhost/vsock: always initialize seqpacket_allow (Michael S. Tsirkin) [Orabug: 36983999] {CVE-2024-43873} - PCI: endpoint: Clean up error handling in vpci_scan_bus() (Dan Carpenter) [Orabug: 36984004] {CVE-2024-43875} - Input: elan_i2c - do not leave interrupt disabled on suspend failure (Dmitry Torokhov) - RDMA/device: Return error earlier if port in not valid (Leon Romanovsky) - mtd: make mtd_test.c a separate module (Arnd Bergmann) - ASoC: max98088: Check for clk_prepare_enable() error (Chen Ni) - RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs (Honggang LI) - RDMA/mlx4: Fix truncated output warning in alias_GUID.c (Leon Romanovsky) - RDMA/mlx4: Fix truncated output warning in mad.c (Leon Romanovsky) - Input: qt1050 - handle CHIP_ID reading error (Andrei Lalaev) - RDMA/cache: Release GID table even if leak is detected (Leon Romanovsky) - RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE (Chiara Meiohas) - coresight: Fix ref leak when of_coresight_parse_endpoint() fails (James Clark) - clk: qcom: gcc-sc7280: Update force mem core bit for UFS ICE clock (Taniya Das) - clk: qcom: branch: Add helper functions for setting retain bits (Konrad Dybcio) - PCI: Fix resource double counting on remove & rescan (Ilpo Jarvinen) - SUNRPC: Fixup gss_status tracepoint error output (Benjamin Coddington) - sparc64: Fix incorrect function signature and add prototype for prom_cif_init (Andreas Larsson) - ext4: avoid writing unitialized memory to disk in EA inodes (Jan Kara) - ext4: don't track ranges in fast_commit if inode has inlined data (Luis Henriques (SUSE)) - ext4: return early for non-eligible fast_commit track events (Ritesh Harjani) - NFSv4.1 another fix for EXCHGID4_FLAG_USE_PNFS_DS for DS server (Olga Kornievskaia) - SUNRPC: avoid soft lockup when transmitting UDP to reachable server. (NeilBrown) - xprtrdma: Fix rpcrdma_reqs_reset() (Chuck Lever) - mfd: omap-usb-tll: Use struct_size to allocate tll (Javier Carrasco) - mfd: rsmu: Split core code into separate module (Arnd Bergmann) - perf intel-pt: Fix exclude_guest setting (Adrian Hunter) - perf intel-pt: Fix aux_watermark calculation for 64-bit size (Adrian Hunter) - media: venus: flush all buffers in output plane streamoff (Dikshita Agarwal) - ext4: fix infinite loop when replaying fast_commit (Luis Henriques (SUSE)) - Revert 'leds: led-core: Fix refcount leak in of_led_get()' (Luca Ceresoli) - drm/qxl: Add check for drm_cvt_mode (Chen Ni) [Orabug: 36964455] {CVE-2024-43829} - drm/etnaviv: fix DMA direction handling for cached RW buffers (Lucas Stach) - perf report: Fix condition in sort__sym_cmp() (Namhyung Kim) - leds: trigger: Unregister sysfs attributes before calling deactivate() (Hans de Goede) [Orabug: 36964458] {CVE-2024-43830} - drm/mediatek: Add DRM_MODE_ROTATE_0 to rotation property (Hsiao Chien Sung) - drm/mediatek: Add missing plane settings when async update (Hsiao Chien Sung) - media: renesas: vsp1: Store RPF partition configuration per RPF instance (Laurent Pinchart) - media: renesas: vsp1: Fix _irqsave and _irq mix (Laurent Pinchart) - media: uvcvideo: Override default flags (Daniel Schaefer) - saa7134: Unchecked i2c_transfer function result fixed (Aleksandr Burakov) - media: i2c: Fix imx412 exposure control (Bryan O'Donoghue) - media: imon: Fix race getting ictx->lock (Ricardo Ribalda) - media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() (Zheng Yejian) - drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() (Douglas Anderson) - drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators (Douglas Anderson) - drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit (Friedrich Vock) - drm/amd/pm: Fix aldebaran pcie speed reporting (Lijo Lazar) - xdp: fix invalid wait context of page_pool_destroy() (Taehee Yoo) [Orabug: 36964469] {CVE-2024-43834} - selftests: forwarding: devlink_lib: Wait for udev events after reloading (Amit Cohen) - bpf: Eliminate remaining 'make W=1' warnings in kernel/bpf/btf.o (Alan Maguire) - bna: adjust 'name' buf size of bna_tcb and bna_ccb structures (Alexey Kodanev) [Orabug: 36964479] {CVE-2024-43839} - bpf: annotate BTF show functions with __printf (Alan Maguire) - selftests/bpf: Close fd in error path in drop_on_reuseport (Geliang Tang) - locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (John Stultz) - wifi: virt_wifi: don't use strlen() in const context (Johannes Berg) - gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey (Gaosheng Cui) - wifi: virt_wifi: avoid reporting connection success with wrong SSID (En-Wei Wu) [Orabug: 36964486] {CVE-2024-43841} - perf: Fix default aux_watermark calculation (Adrian Hunter) - perf: Prevent passing zero nr_pages to rb_alloc_aux() (Adrian Hunter) - perf: Fix perf_aux_size() for greater-than 32-bit size (Adrian Hunter) - perf/x86/intel/pt: Fix pt_topa_entry_for_page() address calculation (Adrian Hunter) - netfilter: nf_tables: rise cap on SELinux secmark context (Pablo Neira Ayuso) - libbpf: Checking the btf_type kind when fixing variable offsets (Donglin Peng) - net: fec: Fix FEC_ECR_EN1588 being cleared on link-down (Csokas, Bence) - net: fec: Refactor: #define magic constants (Csokas Bence) - wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (Baochen Qiang) [Orabug: 36984009] {CVE-2024-43879} - wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() (Baochen Qiang) - wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers (Baochen Qiang) - mlxsw: spectrum_acl: Fix ACL scale regression and firmware errors (Ido Schimmel) - mlxsw: spectrum_acl_erp: Fix object nesting warning (Ido Schimmel) [Orabug: 36984012] {CVE-2024-43880} - lib: objagg: Fix general protection fault (Ido Schimmel) [Orabug: 36964494] {CVE-2024-43846} - selftests/bpf: Check length of recv in test_sockmap (Geliang Tang) - net/smc: set rmb's SG_MAX_SINGLE_ALLOC limitation only when CONFIG_ARCH_NO_SG_CHAIN is defined (Guangguan Wang) - tcp: fix races in tcp_v[46]_err() (Eric Dumazet) - tcp: fix race in tcp_write_err() (Eric Dumazet) - tcp: add tcp_done_with_error() helper (Eric Dumazet) - tcp: annotate lockless access to sk->sk_err (Eric Dumazet) - tcp: annotate lockless accesses to sk->sk_err_soft (Eric Dumazet) - net: esp: cleanup esp_output_tail_tcp() in case of unsupported ESPINTCP (Hagar Hemdan) - selftests/bpf: Fix prog numbers in test_sockmap (Geliang Tang) - wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device (Samasth Norway Ananda) - firmware: turris-mox-rwtm: Initialize completion before mailbox (Marek Behun) - firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() (Marek Behun) - firmware: turris-mox-rwtm: Do not complete if there are no waiters (Marek Behun) - vmlinux.lds.h: catch .bss..L* sections into BSS') (Christophe Leroy) - ARM: spitz: fix GPIO assignment for backlight (Dmitry Torokhov) - ARM: pxa: spitz: use gpio descriptors for audio (Arnd Bergmann) - m68k: cmpxchg: Fix return value for default case in __arch_xchg() (Thorsten Blum) - x86/xen: Convert comma to semicolon (Chen Ni) - m68k: atari: Fix TT bootup freeze / unexpected (SCU) interrupt messages (Eero Tamminen) - arm64: dts: amlogic: gx: correct hdmi clocks (Jerome Brunet) - arm64: dts: mediatek: mt8183-kukui-jacuzzi: Add ports node for anx7625 (Chen-Yu Tsai) - arm64: dts: mediatek: mt7622: fix 'emmc' pinctrl mux (Rafal Milecki) - arm64: dts: mediatek: mt8183-kukui: Drop bogus output-enable property (Chen-Yu Tsai) - ARM: dts: imx6qdl-kontron-samx6i: fix PCIe reset polarity (Michael Walle) - ARM: dts: imx6qdl-kontron-samx6i: fix SPI0 chip selects (Michael Walle) - ARM: dts: imx6qdl-kontron-samx6i: fix board reset (Michael Walle) - ARM: dts: imx6qdl-kontron-samx6i: fix PHY reset (Michael Walle) - ARM: dts: imx6qdl-kontron-samx6i: move phy reset into phy-node (Marco Felsch) - arm64: dts: rockchip: Increase VOP clk rate on RK3328 (Jonas Karlman) - soc: qcom: pdr: fix parsing of domains lists (Dmitry Baryshkov) - soc: qcom: pdr: protect locator_addr with the main mutex (Dmitry Baryshkov) [Orabug: 36964502] {CVE-2024-43849} - memory: fsl_ifc: Make FSL_IFC config visible and selectable (Esben Haabendal) - arm64: dts: qcom: msm8996: specify UFS core_clk frequencies (Dmitry Baryshkov) - soc: qcom: rpmh-rsc: Ensure irqs aren't disabled by rpmh_rsc_send_data() callers (Stephen Boyd) - arm64: dts: qcom: sm8250: add power-domain to UFS PHY (Dmitry Baryshkov) - arm64: dts: qcom: sm8250: switch UFS QMP PHY to new style of bindings (Dmitry Baryshkov) - arm64: dts: qcom: sdm845: add power-domain to UFS PHY (Dmitry Baryshkov) - hwmon: (max6697) Fix swapped temp{1,8} critical alarms (Guenter Roeck) - hwmon: (max6697) Fix underflow when writing limit attributes (Guenter Roeck) - drm/meson: fix canvas release in bind function (Yao Zi) - pwm: stm32: Always do lazy disabling (Uwe Kleine-Konig) - hwmon: (adt7475) Fix default duty on fan is disabled (Wayne Tung) - x86/platform/iosf_mbi: Convert PCIBIOS_* return codes to errnos (Ilpo Jarvinen) - x86/pci/xen: Fix PCIBIOS_* return code handling (Ilpo Jarvinen) - x86/pci/intel_mid_pci: Fix PCIBIOS_* return code handling (Ilpo Jarvinen) - x86/of: Return consistent error type from x86_of_pci_irq_enable() (Ilpo Jarvinen) - hfsplus: fix to avoid false alarm of circular locking (Chao Yu) - block: initialize integrity buffer to zero before writing it to media (Christoph Hellwig) [Orabug: 36964514] {CVE-2024-43854} - block: cleanup bio_integrity_prep (Jinyoung Choi) - block: refactor to use helper (Nitesh Shetty) - platform/chrome: cros_ec_debugfs: fix wrong EC message version (Tzung-Bi Shih) - f2fs: fix to don't dirty inode for readonly filesystem (Chao Yu) [Orabug: 36964212] {CVE-2024-42297} - f2fs: fix return value of f2fs_convert_inline_inode() (Chao Yu) [Orabug: 36964207] {CVE-2024-42296} - LTS version: v5.15.164 (Vijayendra Suman) - tap: add missing verification for short frame (Si-Wei Liu) [Orabug: 36879156] {CVE-2024-41090} - tun: add missing verification for short frame (Dongli Zhang) [Orabug: 36879156] {CVE-2024-41091} - wifi: rt2x00: use explicitly signed or unsigned types (Jason A. Donenfeld) - filelock: Fix fcntl/close race recovery compat path (Jann Horn) [Orabug: 36874755] {CVE-2024-41012} {CVE-2024-41020} - ALSA: pcm_dmaengine: Don't synchronize DMA channel when DMA is paused (Shengjiu Wang) - arm64: dts: qcom: sdm630: Disable SS instance in Parkmode for USB (Krishna Kurapati) - arm64: dts: qcom: msm8996: Disable SS instance in Parkmode for USB (Krishna Kurapati) - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (Seunghun Han) - ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 (Edson Juliano Drosdeck) - fs/ntfs3: Validate ff offset (lei lu) [Orabug: 36891672] {CVE-2024-41019} - jfs: don't walk off the end of ealist (lei lu) [Orabug: 36891666] {CVE-2024-41017} - ocfs2: add bounds checking to ocfs2_check_dir_entry() (lei lu) [Orabug: 36891654] {CVE-2024-41015} - Add gitignore file for samples/fanotify/ subdirectory (Linus Torvalds) - docs: Fix formatting of literal sections in fanotify docs (Gabriel Krisman Bertazi) - samples: Make fs-monitor depend on libc and headers (Gabriel Krisman Bertazi) - samples: Add fs error monitoring example (Gabriel Krisman Bertazi) - wifi: mac80211: disable softirqs for queued frame handling (Johannes Berg) - mm/damon/core: merge regions aggressively when max_nr_regions is unmet (SeongJae Park) - minmax: relax check to allow comparison between unsigned arguments and signed constants (David Laight) - minmax: allow comparisons of 'int' against 'unsigned char/short' (David Laight) - minmax: allow min()/max()/clamp() if the arguments have the same signedness. (David Laight) - minmax: fix header inclusions (Andy Shevchenko) - minmax: clamp more efficiently by avoiding extra comparison (Jason A. Donenfeld) - minmax: sanity check constant bounds when clamping (Jason A. Donenfeld) - tracing: Define the is_signed_type() macro once (Bart Van Assche) - spi: mux: set ctlr->bits_per_word_mask (David Lechner) - hfsplus: fix uninit-value in copy_name (Edward Adam Davis) [Orabug: 36896968] {CVE-2024-41059} - selftests/vDSO: fix clang build errors and warnings (John Hubbard) - spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices (Uwe Kleine-Konig) - riscv: stacktrace: fix usage of ftrace_graph_ret_addr() (Puranjay Mohan) - fs: better handle deep ancestor chains in is_subdir() (Christian Brauner) - drm/radeon: check bo_va->bo is non-NULL before using it (Pierre-Eric Pelloux-Prayer) [Orabug: 36896974] {CVE-2024-41060} - Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (Tetsuo Handa) [Orabug: 36896993] {CVE-2024-41063} - scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed (Xingui Yang) - powerpc/eeh: avoid possible crash when edev->pdev changes (Ganesh Goudar) [Orabug: 36897001] {CVE-2024-41064} - powerpc/pseries: Whitelist dtl slub object for copying to userspace (Anjali K) [Orabug: 36897008] {CVE-2024-41065} - net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() (Yunshui Jiang) - net: usb: qmi_wwan: add Telit FN912 compositions (Daniele Palmas) - ALSA: dmaengine_pcm: terminate dmaengine before synchronize (Shengjiu Wang) - ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx (Aivaz Latypov) - btrfs: qgroup: fix quota root leak after quota disable failure (Filipe Manana) [Orabug: 36897343] {CVE-2024-41078} - platform/x86: lg-laptop: Use ACPI device handle when evaluating WMAB/WMBB (Armin Wolf) - platform/x86: lg-laptop: Change ACPI device id (Armin Wolf) - platform/x86: lg-laptop: Remove LGEX0815 hotkey handling (Armin Wolf) - platform/x86: wireless-hotkey: Add support for LG Airplane Button (Armin Wolf) - s390/sclp: Fix sclp_init() cleanup on failure (Heiko Carstens) [Orabug: 36897031] {CVE-2024-41068} - can: kvaser_usb: fix return value for hif_usb_send_regout (Chen Ni) - ASoC: ti: omap-hdmi: Fix too long driver name (Primoz Fiser) - ASoC: ti: davinci-mcasp: Set min period size using FIFO config (Jai Luthra) - ALSA: dmaengine: Synchronize dma channel after drop() (Jai Luthra) - bytcr_rt5640 : inverse jack detect for Archos 101 cesium (Thomas GENTY) - Input: i8042 - add Ayaneo Kun to i8042 quirk table (Tobias Jakobi) - Input: elantech - fix touchpad state on resume for Lenovo N24 (Jonathan Denose) - mips: fix compat_sys_lseek syscall (Arnd Bergmann) - ALSA: hda/realtek: Add more codec ID to no shutup pins list (Kailang Yang) - drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency (Alexey Makhalov) - KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (Michael Ellerman) [Orabug: 36897047] {CVE-2024-41070} - wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (Dmitry Antipov) [Orabug: 36897311] {CVE-2024-41072} - nvme: avoid double free special payload (Chunguang Xu) [Orabug: 36897316] {CVE-2024-41073} - mei: demote client disconnect warning on suspend to debug (Alexander Usyskin) - fs/file: fix the check in find_next_fd() (Yuntao Wang) - kconfig: remove wrong expr_trans_bool() (Masahiro Yamada) - kconfig: gconf: give a proper initial state to the Save button (Masahiro Yamada) - null_blk: fix validation of block size (Andreas Hindborg) [Orabug: 36897338] {CVE-2024-41077} - arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (Wei Li) - ila: block BH in ila_output() (Eric Dumazet) [Orabug: 36897359] {CVE-2024-41081} - net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (Eric Dumazet) - Input: silead - Always support 10 fingers (Hans de Goede) - selftests/openat2: Fix build warnings on ppc64 (Michael Ellerman) - wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() (Dmitry Antipov) - wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option (Ayala Beker) - wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd (Yedidya Benshimol) - wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup (Yedidya Benshimol) - wifi: mac80211: handle tasklet frames before stopping (Johannes Berg) - wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata (Nicolas Escande) - tools/power/cpupower: Fix Pstate frequency reporting on AMD Family 1Ah CPUs (Dhananjay Ugwekar) - ACPI: EC: Avoid returning AE_OK on errors in address space handler (Armin Wolf) - ACPI: EC: Abort address space access upon error (Armin Wolf) - scsi: qedf: Set qed_slowpath_params to zero before use (Saurav Kashyap) - scsi: qedf: Wait for stag work during unload (Saurav Kashyap) - scsi: qedf: Don't process stag work during unload and recovery (Saurav Kashyap) - scsi: core: alua: I/O errors for ALUA state transitions (Martin Wilck) - scsi: core: Fix a use-after-free (Bart Van Assche) - bpf: Fix overrunning reservations in ringbuf (Daniel Borkmann) [Orabug: 36850238] {CVE-2024-41009} - ACPI: processor_idle: Fix invalid comparison with insertion sort for latency (Kuan-Wei Chiu) - ARM: 9324/1: fix get_user() broken with veneer (Masahiro Yamada) - filelock: Remove locks reliably when fcntl/close race is detected (Jann Horn) [Orabug: 36874755] {CVE-2024-41012} {CVE-2024-41020} - gcc-plugins: Rename last_stmt() for GCC 14+ (Kees Cook) [5.15.0-302.163.3] - uek-rpm: T93: Enable CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER (Thomas Tai) [Orabug: 37174880] - mm: avoid leaving partial pfn mappings around in error case (Linus Torvalds) [Orabug: 37174198] {CVE-2024-47674} - rds/ib: Count memory consumed by rds_page_frag (Hans Westgaard Ry) [Orabug: 37162157] - uek-rpm: Set CONFIG_CRYPTO_FIPS_NAME properly in embedded kernels (Dave Kleikamp) [Orabug: 37160327] - fs/dcache: allow fractional values in fs.negative-dentry-limit (Gautham Ananthakrishna) [Orabug: 37156522] - Revert 'Documentation/admin-guide/acpi: Move information out of shell script comments' (Dave Kleikamp) [Orabug: 37144820] - Revert 'irqchip/gic-v3: Move partition_create_desc() work to a helper' (Dave Kleikamp) [Orabug: 37144820] - Revert 'irqchip/gic: Collect GIC_IRQ_TYPE definitions into one place' (Dave Kleikamp) [Orabug: 37144820] - Revert 'ACPI / irq: Allow a compile-time arg0 for acpi_register_gsi()'s fwspec' (Dave Kleikamp) [Orabug: 37144820] - Revert 'irqchip/gic, gic-v3: Translate fwspec for DT and ACPI systems in the same way' (Dave Kleikamp) [Orabug: 37144820] - Revert 'ACPI / PPTT: Provide a helper to walk processor containers' (Dave Kleikamp) [Orabug: 37144820] - Revert 'ACPI / PPTT: Add a helper to build a cpumask from a cpu_node' (Dave Kleikamp) [Orabug: 37144820] - Revert 'irqchip/gic-v3: Print DT partitions in the same way as APCI' (Dave Kleikamp) [Orabug: 37144820] - Revert 'irqchip/gic-v3: Build PPI partitions on ACPI systems' (Dave Kleikamp) [Orabug: 37144820] - Revert 'irqchip/gic-v3: select and translate the partition domain' (Dave Kleikamp) [Orabug: 37144820] - Revert 'ACPI / irq: Add acpi_register_partitioned_percpu_gsi()' (Dave Kleikamp) [Orabug: 37144820] - Revert 'ACPI / PPTT: Find PPTT cache level by ID' (Dave Kleikamp) [Orabug: 37144820] - Revert 'ACPI / PPTT: Add a helper to fill a cpumask from a processor container' (Dave Kleikamp) [Orabug: 37144820] - Revert 'ACPI / PPTT: Add a helper to fill a cpumask from a cache_id' (Dave Kleikamp) [Orabug: 37144820] - Revert 'drivers: base: cacheinfo: Check per_cpu_cacheinfo() is allocated' (Dave Kleikamp) [Orabug: 37144820] - Revert 'drivers: base: cacheinfo: Add helper to find the cache size from cpu+level' (Dave Kleikamp) [Orabug: 37144820] - Revert 'cacheinfo: Allow for >32-bit cache 'id'' (Dave Kleikamp) [Orabug: 37144820] - Revert 'cacheinfo: Set cache 'id' based on DT data' (Dave Kleikamp) [Orabug: 37144820] - Revert 'cacheinfo: Expose the code to generate a cache-id from a device_node' (Dave Kleikamp) [Orabug: 37144820] - KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (Kim Phillips) [Orabug: 37126702] - x86/cpu, kvm: Add the SMM_CTL MSR not present feature (Kim Phillips) [Orabug: 37126702] - x86/cpu, kvm: Add the Null Selector Clears Base feature (Kim Phillips) [Orabug: 37126702] - x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (Kim Phillips) [Orabug: 37126702] - x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (Kim Phillips) [Orabug: 37126702] - KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (Kim Phillips) [Orabug: 37126702] - KVM: x86: Advertise that the SMM_CTL MSR is not supported (Jim Mattson) [Orabug: 37126702] - KVM: x86: synthesize CPUID leaf 0x80000021h if useful (Paolo Bonzini) [Orabug: 37126702] - KVM: x86: skip host CPUID call for hypervisor leaves (Paolo Bonzini) [Orabug: 37126702] - KVM: x86: add support for CPUID leaf 0x80000021 (Paolo Bonzini) [Orabug: 37126702] - amd_hsmp: Update PwrEfficiencyModeSelection message (Suma Hegde) [Orabug: 37123833] - amd_hsmp: Add support for new error codes returned from firmware (Suma Hegde) [Orabug: 37123833] - amd_hsmp: Add new HSMP messages of protocol version 7 (Suma Hegde) [Orabug: 37123833] - IB/mlx5: Fix mlx5_ib_get_vector_irqn() after dynamic IRQ allocation change (Gerd Rausch) [Orabug: 37069671] - arm64: kdump: increase crashkernel reservation size for crashkernel=auto (Brian Maly) [Orabug: 36949800] - rds: Support rds-pings with payload (Hakon Bugge) [Orabug: 36847470] - mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() (Miaohe Lin) [Orabug: 36683092] {CVE-2024-36028} - mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled (Miaohe Lin) [Orabug: 36597930] {CVE-2024-26987} [5.15.0-302.163.2] - uek: kabi: Introduce APIs to hide/fake inclusion of headers (Saeed Mirzamohammadi) [Orabug: 37144803] - uek-rpm: Enable config for Mediatek mt7915E wireless driver (Saeed Mirzamohammadi) [Orabug: 37123534] - uek-rpm: Update the x86 kABI files for new symbol (Yifei Liu) [Orabug: 37108651] - KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked (Sean Christopherson) [Orabug: 36809298] {CVE-2024-39483} - net: bridge: xmit: make sure we have at least eth header len bytes (Nikolay Aleksandrov) [Orabug: 36753371] {CVE-2024-38538} - net: add pskb_may_pull_reason() helper (Eric Dumazet) [Orabug: 36753371] {CVE-2024-38538} [5.15.0-302.163.1] - vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (Haoran Zhang) [Orabug: 37035557] {CVE-2024-49863} - kpcimgr: Add dynamic memory region allocation feature (Joe Dobosenski) [Orabug: 36983477] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-39472 CVE-2024-41019 CVE-2024-43821 CVE-2024-43849 CVE-2024-43870 CVE-2024-43883 CVE-2024-45026 CVE-2024-46752 CVE-2024-46814 CVE-2024-26585 CVE-2024-41011 CVE-2024-42284 CVE-2024-42295 CVE-2024-42302 CVE-2024-42305 CVE-2024-44946 CVE-2024-44971 CVE-2024-44982 CVE-2024-44995 CVE-2024-45003 CVE-2024-45006 CVE-2024-45028 CVE-2024-46677 CVE-2024-46714 CVE-2024-46739 CVE-2024-46755 CVE-2024-46763 CVE-2024-46791 CVE-2024-46807 CVE-2024-47669 CVE-2024-43846 CVE-2024-43853 CVE-2024-43875 CVE-2024-43884 CVE-2024-46724 CVE-2024-46844 CVE-2024-47668 CVE-2024-41017 CVE-2024-41072 CVE-2024-42126 CVE-2024-43856 CVE-2024-43860 CVE-2024-43863 CVE-2024-43897 CVE-2024-43908 CVE-2024-43914 CVE-2024-44960 CVE-2024-44983 CVE-2024-46674 CVE-2024-46702 CVE-2024-46713 CVE-2024-46721 CVE-2024-46725 CVE-2024-46737 CVE-2024-46805 CVE-2024-46822 CVE-2024-49863 CVE-2023-52450 CVE-2024-41070 CVE-2024-42114 CVE-2024-42265 CVE-2024-42301 CVE-2024-42311 CVE-2024-43880 CVE-2024-43882 CVE-2024-43902 CVE-2024-44947 CVE-2024-44986 CVE-2024-45016 CVE-2024-46722 CVE-2024-46723 CVE-2024-46743 CVE-2024-46756 CVE-2024-46815 CVE-2024-47663 CVE-2024-36028 CVE-2024-41009 CVE-2024-41015 CVE-2024-41078 CVE-2024-42290 CVE-2024-42313 CVE-2024-44935 CVE-2024-44968 CVE-2024-46676 CVE-2024-46707 CVE-2024-46744 CVE-2024-46750 CVE-2024-46795 CVE-2024-44934 CVE-2024-44969 CVE-2024-44989 CVE-2024-45008 CVE-2024-46761 CVE-2024-41012 CVE-2024-41064 CVE-2024-42296 CVE-2024-42306 CVE-2024-43830 CVE-2024-43873 CVE-2024-43894 CVE-2024-43905 CVE-2024-44948 CVE-2024-44954 CVE-2024-44966 CVE-2024-44990 CVE-2024-46740 CVE-2024-46746 CVE-2024-46777 CVE-2024-46780 CVE-2024-46819 CVE-2024-47667 CVE-2024-47674 CVE-2024-41042 CVE-2024-41068 CVE-2024-41081 CVE-2024-42228 CVE-2024-42267 CVE-2024-42297 CVE-2024-42310 CVE-2024-42318 CVE-2024-43834 CVE-2024-43858 CVE-2024-44944 CVE-2024-44958 CVE-2024-44987 CVE-2024-44998 CVE-2024-46758 CVE-2024-46800 CVE-2024-46810 CVE-2024-41090 CVE-2024-42280 CVE-2024-42283 CVE-2024-42309 CVE-2024-43829 CVE-2024-43871 CVE-2024-44965 CVE-2024-46719 CVE-2024-46783 CVE-2024-46817 CVE-2024-46828 CVE-2024-46832 CVE-2024-38538 CVE-2024-39483 CVE-2024-41020 CVE-2024-41065 CVE-2024-41077 CVE-2024-42259 CVE-2024-42276 CVE-2024-42277 CVE-2024-42308 CVE-2024-43835 CVE-2024-43879 CVE-2024-43889 CVE-2024-43909 CVE-2024-45025 CVE-2024-46675 CVE-2024-46679 CVE-2024-46759 CVE-2024-46771 CVE-2024-47665 CVE-2023-31083 CVE-2024-41091 CVE-2024-42299 CVE-2024-43817 CVE-2024-43861 CVE-2024-44988 CVE-2024-45011 CVE-2024-45018 CVE-2024-46731 CVE-2024-46781 CVE-2024-46829 CVE-2024-46839 CVE-2024-41073 CVE-2024-41098 CVE-2024-42271 CVE-2024-43885 CVE-2024-43890 CVE-2024-43892 CVE-2024-44999 CVE-2024-45007 CVE-2024-46685 CVE-2024-46757 CVE-2024-46798 CVE-2024-46818 CVE-2024-46840 CVE-2024-26987 CVE-2024-38577 CVE-2024-42304 CVE-2024-43839 CVE-2024-43854 CVE-2024-43867 CVE-2024-43893 CVE-2024-44985 CVE-2024-46745 CVE-2024-46747 CVE-2024-46782 CVE-2024-41059 CVE-2024-41060 CVE-2024-41063 CVE-2024-42281 CVE-2024-42285 CVE-2024-42291 CVE-2024-42292 CVE-2024-42312 CVE-2024-43841 CVE-2024-43907 CVE-2024-45021 CVE-2024-46673 CVE-2024-46732 CVE-2024-46734 CVE-2024-46804 cpe:/a:oracle:linux:8::UEKR7 cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9::UEKR7 Oracle Linux 7 [4.1.6-9.0.1] - Fixes giflib CVE-2023-48161 issue [Orabug: 37178930] MODERATE Copyright 2024 Oracle, Inc. CVE-2023-48161 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [7.0.117-1.0.1] - Update to .NET SDK 7.0.117 and Runtime 7.0.17 - Port Revert 'Disable implicit rejection for RSA PKCS#1 (#95217) patch MODERATE Copyright 2024 Oracle, Inc. CVE-2024-21392 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 9 [- 7.0.117-1.0.1] - Update to .NET SDK 7.0.117 and Runtime 7.0.17 - Port revert 'Disable implicit rejection for RSA PKCS#1 (#95217)' patch [- 7.0.116-1.0.1] - Update to .NET SDK 7.0.116 and Runtime 7.0.16 * Tue Jan 16 2024 Lukas Lipinsky - 7.0.115-1.0.1 - Update to .NET SDK 7.0.115 and Runtime 7.0.15 [7.0.114-1.0.1] - Update to .NET SDK 7.0.114 and Runtime 7.0.14 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-21392 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [- 8.0.103-2.0.1] - Update to .NET SDK 8.0.103 and Runtime 8.0.3 - Disable checking the signature of the last certificate in a chain if the certificate is supposedly self-signed. - Resolves: RHEL-25254 - Backport MSBuild locale fix - Resolves: RHEL-23936 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-21392 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 8 [8.0.103-1.0.1] - Update to .NET SDK 8.0.103 and Runtime 8.0.3 - Backport MSBuild locale fix MODERATE Copyright 2024 Oracle, Inc. CVE-2024-21392 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 9 [2.85-14.1] - Fix CVE 2023-50387 and CVE 2023-50868 - Resolves: RHEL-25674 - Resolves: RHEL-25638 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-50387 CVE-2023-50868 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 [2.79-31.2] - Fix CVE 2023-50387 and CVE 2023-50868 - Resolves: RHEL-25628 - Resolves: RHEL-25666 [2.79-31.1] - Do not crash on invalid domain in --synth-domain option (RHEL-22741) [2.79-31] - Do not create and search --local and --address=/x/# domains (#2233542) [2.79-30] - Make create logfile writeable by root (#2156789) [2.79-29] - Fix also dynamically set resolvers over dbus (#2186481) [2.79-28] - Correct possible crashes when server=/example.net/# is used (#2186481) [2.79-27] - Limit offered EDNS0 size to 1232 (CVE-2023-28450) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-50387 CVE-2023-50868 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 Oracle Linux 8 libecap squid [7:4.15-7.10] - Resolves: RHEL-19551 - squid:4/squid: denial of service in HTTP request parsing (CVE-2023-50269) [7:4.15-7.9] - Resolves: RHEL-28611 - squid:4/squid: Denial of Service in HTTP Chunked Decoding (CVE-2024-25111) [7:4.15-7.6] - Resolves: RHEL-26087 - squid:4/squid: denial of service in HTTP header parser (CVE-2024-25617) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-25111 CVE-2023-50269 CVE-2024-25617 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [7:5.5-6.0.1.8] - Rebuild with release bump [7:5.5-6.8] - Resolves: RHEL-19555 - squid: denial of service in HTTP request parsing (CVE-2023-50269) [7:5.5-6.7] - Resolves: RHEL-28614 - squid: Denial of Service in HTTP Chunked Decoding (CVE-2024-25111) [7:5.5-6.6] - Resolves: RHEL-26091 - squid: denial of service in HTTP header parser (CVE-2024-25617) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-50269 CVE-2024-25111 CVE-2024-25617 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1:7.1.8.1-12.0.1] - Replace colors with Oracle colors [Orabug: 32120093] - Added the --with-hamcrest option to configure. [1:7.1.8.1-12] - Fix CVE-2023-6185 escape url passed to gstreamer - Fix CVE-2023-6186 check link target protocols IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-6186 CVE-2023-6185 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 8 ruby [3.1.4-142] - Upgrade to Ruby 3.1.4. Resolves: RHEL-28565 - Fix HTTP response splitting in CGI. Resolves: RHEL-28564 - Fix ReDos vulnerability in URI. Resolves: RHEL-28567 Resolves: RHEL-28576 - Fix ReDos vulnerability in Time. Resolves: RHEL-28566 - Make RDoc soft dependency in IRB. Resolves: RHEL-28569 rubygem-abrt [0.4.0-1] - Update to abrt 0.4.0. Resolves: rhbz#1842476 rubygem-mysql2 [0.5.3-3] - Fix SSL related test failure by backporting Fedora commit <c33b1cf>. Related: RHEL-28565 rubygem-pg [1.3.2-1] - Update to pg 1.3.2 by merging Fedora rawhide branch (commit: 39bbd1b) Resolves: rhbz#2063772 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-28756 CVE-2023-28755 CVE-2021-33621 CVE-2023-36617 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [42.2.14-3] - Fix CVE-2024-1597 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1597 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [42.2.28-1] - rebase to 42.2.28 - fix for CVE-2024-1597 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1597 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [1:16.20.2-4.0.1] - reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks Resolves: CVE-2024-22019 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-22019 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 8 nodejs [1:16.20.2-4.0.1] - reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks Resolves: CVE-2024-22019 nodejs-nodemon nodejs-packaging [26-1] - nodejs.prov: find namespaced bundled dependencies - Apply https://src.fedoraproject.org/rpms/nodejs-packaging/c/e24e7df IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-44487 CVE-2024-22019 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [1.20.12-2] - Fix CVE-2024-1394 - Resolves: RHEL-27189 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1394 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 delve [1.20.2-1.0.1] - Disable DWARF compression which has issues (Alex Burmashev) [1.20.2-1] - Rebase to 1.20.2 - Resolves: rhbz#2186495 golang [1.20.12-3] - Fix CVE-2024-1394 - Resolves: RHEL-27928 [1.20.12-2] - Fix sources file - Related: RHEL-19231 go-toolset IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1394 cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [115.9.1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding OpenELA file [115.9.1] - Add debranding patches (Mustafa Gezen) - Add OpenELA default preferences (Louis Abel) [115.9.1-1] - Update to 115.9.1 [115.9.0-2] - Update to 115.9.0 build2 [115.9.0-1] - Update to 115.9.0 build1 - Fix expat CVE-2023-52425 CRITICAL Copyright 2024 Oracle, Inc. CVE-2024-2608 CVE-2023-5388 CVE-2024-2610 CVE-2024-29944 CVE-2024-2607 CVE-2024-2611 CVE-2024-2612 CVE-2024-0743 CVE-2024-2616 CVE-2024-2614 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [115.9.1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding OpenELA file [115.9.1] - Add debranding patches (Mustafa Gezen) - Add OpenELA default preferences (Louis Abel) [115.9.1-1] - Update to 115.9.1 [115.9.0-2] - Update to 115.9.0 build2 [115.9.0-1] - Update to 115.9.0 build1 - Fix expat CVE-2023-52425 CRITICAL Copyright 2024 Oracle, Inc. CVE-2024-2616 CVE-2024-2611 CVE-2024-29944 CVE-2024-2612 CVE-2024-2614 CVE-2024-2608 CVE-2023-5388 CVE-2024-2607 CVE-2024-0743 CVE-2024-2610 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 7 [115.9.1-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [115.9.1-1] - Update to 115.9.1 [115.9.0-2] - Update to 115.9.0 build2 [115.9.0-1] - Update to 115.9.0 build1 - Fix expat CVE-2023-52425 CRITICAL Copyright 2024 Oracle, Inc. CVE-2023-5388 CVE-2024-29944 CVE-2024-2611 CVE-2024-2612 CVE-2024-2614 CVE-2024-2616 CVE-2024-2607 CVE-2024-2608 CVE-2024-0743 CVE-2024-2610 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 9 [115.9.0-1.0.1] - Add Oracle prefs [115.9.0-1] - Update to 115.9.0 build1 - Fix expat CVE-2023-52425 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-2611 CVE-2024-2612 CVE-2024-2607 CVE-2024-2610 CVE-2023-5388 CVE-2024-1936 CVE-2024-2608 CVE-2024-0743 CVE-2024-2614 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 8 [115.9.0-1.0.1] - Add Oracle prefs [115.9.0-1] - Update to 115.9.0 build1 - Fix expat CVE-2023-52425 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-2610 CVE-2023-5388 CVE-2024-2608 CVE-2024-0743 CVE-2024-1936 CVE-2024-2607 CVE-2024-2611 CVE-2024-2614 CVE-2024-2612 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [115.9.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [115.9.0-1] - Update to 115.9.0 build1 - Fix expat CVE-2023-52425 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-1936 CVE-2024-2611 CVE-2024-2607 CVE-2023-5388 CVE-2024-2610 CVE-2024-2612 CVE-2024-0743 CVE-2024-2608 CVE-2024-2614 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 9 [9.2.10-8] - Rebuild with latest version of golang - resolve RHEL-24313 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1394 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [5.1.1-2] - Rebuild with latest version of golang - resolves CVE-CVE-2024-1394 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1394 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 nodejs [1:18.19.1-1] - Rebase to version 18.19.1 - Fixes: CVE-2024-21892 CVE-2024-22019 (high) - Fixes: CVE-2023-46809 (medium) nodejs-nodemon nodejs-packaging IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-46809 CVE-2024-22019 CVE-2024-21892 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 8 nodejs [1:18.19.1-1] - Rebase to version 18.19.1 - Fixes: CVE-2024-21892 CVE-2024-22019 (high) - Fixes: CVE-2023-46809 (medium) nodejs-nodemon nodejs-packaging IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-22019 CVE-2023-46809 CVE-2024-21892 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [6.4.7.2-16.0.1] - Replace colors with Oracle colors [Orabug: 32120093] - Build with --with-vendor='Oracle America, Inc.' - Added the --with-hamcrest option to configure. [1:6.4.7.2-16] - Fix CVE-2023-6185 escape url passed to gstreamer - Fix CVE-2023-6186 check link target protocols IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-6186 CVE-2023-6185 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 9 [2.5.0-1.1] - CVE-2023-52425: Fix parsing of large tokens - CVE-2024-28757: Reject direct parameter entity recursion - Resolves: RHEL-29698 - Resolves: RHEL-29695 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-52425 CVE-2024-28757 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 ruby [3.1.4-143] - Upgrade to Ruby 3.1.4. Resolves: RHEL-5586 - Fix HTTP response splitting in CGI. Resolves: RHEL-5591 - Fix ReDos vulnerability in URI. Resolves: RHEL-28919 Resolves: RHEL-5612 - Fix ReDos vulnerability in Time. Resolves: RHEL-28920 - Make RDoc soft dependency in IRB. Resolves: RHEL-5613 [3.1.2-142] - Bypass git submodule test failure on Git >= 2.38.1. - Fix tests with Europe/Amsterdam pre-1970 time on tzdata version 2022b. - Fix for tzdata-2022g. - Fix OpenSSL.fips_mode and OpenSSL::PKey.read in OpenSSL 3 FIPS. Resolves: RHEL-5590 - ssl: use ffdhe2048 from RFC 7919 as the default DH group parameters Related: RHEL-5590 - Disable fiddle tests that use FFI closures. Related: RHEL-5590 rubygem-mysql2 [0.5.4-1] - New upstream release 0.5.4 by merging Fedora rawhide branch (commit: e21b5b9) Resolves: rhbz#2063773 [0.5.3-1] - New upstream release 0.5.3 by merging Fedora master branch (commit: 674d475) Resolves: rhbz#1817135 rubygem-pg [1.3.5-1] - Update to pg 1.3.5 Related: rhbz#2063773 [1.2.3-1] - Update to pg 1.2.3 by merging Fedora master branch (commit: 5db4d26) Resolves: rhbz#1817135 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-28755 CVE-2023-28756 CVE-2023-36617 CVE-2021-33621 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 8 [7.61.1-33.5] - cap SFTP packet size sent (RHEL-5485) - when keyboard-interactive auth fails, try password (#2229800) - unify the upload/method handling (CVE-2023-28322) - fix cookie injection with none file (CVE-2023-38546) - lowercase the domain names before PSL checks (CVE-2023-46218) MODERATE Copyright 2024 Oracle, Inc. CVE-2023-38546 CVE-2023-28322 CVE-2023-46218 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/o:oracle:linux:8:9:baseos_patch cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 Oracle Linux 8 [4.18.0-513.24.1_9.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652] - Drop not needed patch [4.18.0-513.24.1_9] - ceph: add ceph_cap_unlink_work to fire check_caps() immediately (Xiubo Li) [RHEL-27496 RHEL-21760] - ceph: always queue a writeback when revoking the Fb caps (Xiubo Li) [RHEL-27496 RHEL-21760] - ceph: always check dir caps asynchronously (Xiubo Li) [RHEL-27496 RHEL-21760] [4.18.0-513.23.1_9] - scsi: smartpqi: Fix disable_managed_interrupts (Tomas Henzl) [RHEL-26139 RHEL-25747] - ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (Carlos Maiolino) [RHEL-26331 RHEL-23386] {CVE-2021-33631} - serial: core: return early on unsupported ioctls (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - lib/hexdump: make print_hex_dump_bytes() a nop on !DEBUG builds (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix race condition in status line change on dead connections (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - Revert 'tty: n_gsm: fix UAF in gsm_cleanup_mux' (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix UAF in gsm_cleanup_mux (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: add parameter negotiation support (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: add parameters used with parameter negotiation (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: introduce macro for minimal unit size (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: name the debug bits (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: introduce gsm_control_command() function (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: replace use of gsm_read_ea() with gsm_read_ea_val() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: name gsm tty device minors (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: initialize more members at gsm_alloc_mux() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix flow control handling in tx path (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix resource allocation order in gsm_activate_mux() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix deadlock and link starvation in outgoing data path (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix race condition in gsmld_write() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix non flow control frames during mux flow off (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix missing timer to handle stalled links (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix wrong queuing behavior in gsm_dlci_data_output() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix tty registration before control channel open (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix user open not possible at responder until initiator open (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Debug output allocation must use GFP_ATOMIC (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Fix packet data hex dump output (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix buffer over-read in gsm_dlci_data() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix sometimes uninitialized warning in gsm_dlci_modem_output() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix software flow control handling (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix invalid use of MSC in advanced option (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix broken virtual tty handling (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix missing update of modem controls after DLCI open (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix reset fifo race condition (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix missing tty wakeup in convergence layer type 2 (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix wrong signal octets encoding in MSC (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix wrong command frame length field encoding (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix wrong command retry handling (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix missing explicit ldisc flush (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix wrong DLCI release order (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix insufficient txframe size (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix frame reception handling (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix mux cleanup after unregister tty device (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix decoupled mux resource (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix restart handling via CLD command (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix deadlock in gsmtty_open() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix wrong modem processing in convergence layer type 2 (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix wrong tty control line for flow control (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix NULL pointer access due to DLCI release (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix encoding of command/response bit (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix SW flow control encoding/handling (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: remove tty parameter from mxser_receive_chars_new() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: don't throttle manually (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: make mxser_port::ldisc_stop_rx a bool (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Don't ignore write return value in gsmld_output() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: clean up indenting in gsm_queue() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Save dlci address open status when config requester (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Modify gsmtty driver register method when config requester (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Delete gsmtty open SABM frame when config requester (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Modify CR,PF bit printk info when config requester (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Modify CR,PF bit when config requester (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: stop using alloc_tty_driver (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: don't store semi-state into tty drivers (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - hvsi: don't panic on tty_register_driver failure (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - amiserial: switch rs_table to a single state (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - amiserial: expand 'custom' (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - amiserial: use memset to zero serial_state (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - amiserial: remove serial_* strings (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: drop mxser_port::custom_divisor (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: drop mxser_port::baud_base (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: remove unused mxser_port::stop_rx (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: don't allocate MXSER_PORTS + 1 (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: remove cnt from mxser_receive_chars (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: remove MOXA_GETMSTATUS ioctl (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: remove MOXA_GETDATACOUNT ioctl (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: remove MOXA_CHKPORTENABLE ioctl (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: remove MOXA_ASPP_LSTATUS ioctl (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: remove MOXA_ASPP_MON and friends (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: remove MOXA_SET_BAUD_METHOD ioctl (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: remove MOXA_GET_MAJOR deprecated ioctl (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: drop unused MOXA_DIAGNOSE macro (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: drop UART_MCR_AFE and UART_LSR_SPECIAL defines (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: remove else from LSR bits checks (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: extract mxser_receive_chars_old (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: extract mxser_receive_chars_new (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: simplify mxser_interrupt and drop mxser_board::vector_mask (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: extract port ISR (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: cleanup LSR handling in mxser_receive_chars (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: remove nonsense from ISR (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: drop constant board::uart_type (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: introduce enum mxser_must_hwid (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: rename mxser_board::chip_flag to must_hwid (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: rename CheckIsMoxaMust to mxser_get_must_hwid (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: cleanup Gpci_uart_info struct (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: integrate mxser.h into .c (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: drop ISA support (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - n_gsm: use goto-failpaths in gsm_init (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: mxser: drop low-latency workaround (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: check error while registering tty devices (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: mxser: fix TIOCSSERIAL jiffies conversions (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm, remove duplicates of parameters (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: do not check tty_unregister_driver's return value (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: nozomi, remove init/exit messages (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty_port: drop last traces of low_latency (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Demote obvious abuse of kernel-doc and supply other missing docss (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm, eliminate indirection for gsm->{output,error}() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Fix bogus i++ in gsm_data_kick (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Remove unnecessary test in gsm_print_packet() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Fix waking up upper tty layer when room available (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Fix SOF skipping (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Improve debug output (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - n_gsm: switch constipated to bool (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - n_gsm: switch throttled to bool (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - n_gsm: switch dead to bool (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - n_gsm: introduce enum gsm_dlci_mode (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - n_gsm: introduce enum gsm_dlci_state (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - n_gsm: drop unneeded gsm_dlci->fifo field (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Replace zero-length array with flexible-array member (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: avoid recursive locking with async port hangup (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: add helpers to convert mux-num to/from tty-base (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - docs: serial: move it to the driver-api (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - docs: serial: convert docs to ReST and rename to *.rst (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Mark expected switch fall-throughs (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - n_gsm: Constify u8 and unsigned char usage (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Add copy_config() and gsm_config() to prepare for serdev (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - mxser: switch to ->[sg]et_serial() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - amiserial: switch to ->[sg]et_serial() (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} - tty/serial_core: add ISO7816 infrastructure (Wander Lairson Costa) [RHEL-19954 RHEL-19955] {CVE-2023-6546} [4.18.0-513.22.1_9] - s390/qeth: Fix vipa deletion (Tobias Huschle) [RHEL-25811 RHEL-11194] - smsc95xx: fix stalled rx after link change (Izabela Bakollari) [RHEL-25719 RHEL-22312] - ceph: don't let check_caps skip sending responses for revoke msgs (Xiubo Li) [RHEL-20909 RHEL-16412] - ceph: issue a cap release immediately if no cap exists (Xiubo Li) [RHEL-20909 RHEL-16412] - ceph: trigger to flush the buffer when making snapshot (Xiubo Li) [RHEL-20909 RHEL-16412] - ceph: force updating the msg pointer in non-split case (Xiubo Li) [RHEL-20909 RHEL-16412] - ceph: flush cap releases when the session is flushed (Xiubo Li) [RHEL-20909 RHEL-16412] - ceph: reorder fields in 'struct ceph_snapid_map' (Xiubo Li) [RHEL-20909 RHEL-16412] - ceph: voluntarily drop Xx caps for requests those touch parent mtime (Xiubo Li) [RHEL-20909 RHEL-16412] - KVM: x86: Constrain guest-supported xfeatures only at KVM_GET_XSAVE{2} (Bandan Das) [RHEL-23063 RHEL-7558] - x86/fpu: Allow caller to constrain xfeatures when copying to uabi buffer (Bandan Das) [RHEL-23063 RHEL-7558] - dm-crypt, dm-verity: disable tasklets (Benjamin Marzinski) [RHEL-26101 RHEL-22232] - dm verity: initialize fec io before freeing it (Benjamin Marzinski) [RHEL-26101 RHEL-22232] - dm-verity: don't use blocking calls from tasklets (Benjamin Marzinski) [RHEL-26101 RHEL-22232] [4.18.0-513.21.1_9] - rbd: don't move requests to the running list on errors (Ilya Dryomov) [RHEL-24204 RHEL-21941] - drm/amdgpu: Fix potential fence use-after-free v2 (Jorge San Emeterio) [RHEL-24479 RHEL-22504] {CVE-2023-51042} - perf: Fix perf_event_validate_size() lockdep splat (Michael Petlan) [RHEL-22930 RHEL-17968] {CVE-2023-6931} - perf: Fix perf_event_validate_size() (Michael Petlan) [RHEL-22930 RHEL-17968] {CVE-2023-6931} - smb: client: fix OOB in receive_encrypted_standard() (Scott Mayhew) [RHEL-22077 RHEL-21685] {CVE-2024-0565} - ibmveth: Remove condition to recompute TCP header checksum. (Mamatha Inamdar) [RHEL-20822 RHEL-12553] [4.18.0-513.20.1_9] - drm/vmwgfx: Fix possible null pointer derefence with invalid contexts (Jocelyn Falempe) [RHEL-22766 RHEL-3179] {CVE-2022-38096} - drm/mgag200: Fix gamma lut not initialized for G200ER, G200EV, G200SE (Jocelyn Falempe) [RHEL-21055 RHEL-21054] [4.18.0-513.19.1_9] - libceph: fix potential use-after-free on linger ping and resends (Jay Shin) [RHEL-21394 RHEL-20390] - netfilter: nf_tables: reject QUEUE/DROP verdict parameters (Florian Westphal) [RHEL-24010 RHEL-23506] {CVE-2024-1086} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2022-38096 CVE-2021-33631 CVE-2023-6931 CVE-2023-6546 CVE-2024-0565 CVE-2024-1086 CVE-2023-51042 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/o:oracle:linux:8:9:baseos_patch cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [3.21.0-10] - timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin) Resolves: RHEL-22791 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-0914 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:9:baseos_patch cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [530-2] - Fix CVE-2022-48624 - Resolves: RHEL-26265 MODERATE Copyright 2024 Oracle, Inc. CVE-2022-48624 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/o:oracle:linux:8:9:baseos_patch cpe:/o:oracle:linux:8:10:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 Oracle Linux 8 [2.2.5-11.0.1.1] - lib: Prevent integer overflow in doProlog [CVE-2022-23990][Orabug: 33910314] [2.2.5-11.1] - CVE-2023-52425 expat: parsing large tokens can trigger a denial of service - Resolves: RHEL-29321 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-52425 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/o:oracle:linux:8:9:baseos_patch cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 Oracle Linux 8 [5.1.1-2] - Rebuild with latest version of golang - resolves CVE-2024-1394 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1394 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [9.2.10-8] - Rebuild with latest version of golang - resolves CVE-2024-1394 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1394 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 nodejs [1:20.11.1-1] - Rebase to version 20.11.1 - Fixes: CVE-2024-21892 CVE-2024-21896 CVE-2024-22017 CVE-2024-22019 (high) - Fixes: CVE-2023-46809 CVE-2024-21890 CVE-2024-21891 (medium) nodejs-nodemon nodejs-packaging IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-21892 CVE-2024-22017 CVE-2024-21890 CVE-2023-46809 CVE-2024-22019 CVE-2024-21891 CVE-2024-21896 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 9 nodejs [1:20.11.1-1] - Rebase to version 20.11.1 - Fixes: CVE-2024-21892 CVE-2024-21896 CVE-2024-22017 CVE-2024-22019 (high) - Fixes: CVE-2023-46809 CVE-2024-21890 CVE-2024-21891 (medium) nodejs-nodemon nodejs-packaging IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-46809 CVE-2024-21896 CVE-2024-21890 CVE-2024-22017 CVE-2024-22019 CVE-2024-21892 CVE-2024-21891 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:4:appstream_patch cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 8 varnish [6.0.13-1] - new version 6.0.13 - Resolves: RHEL-30378 - varnish:6/varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156) varnish-modules IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-30156 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [6.6.2-4.1] - Resolves: RHEL-30387 - varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156) [6.6.2-4] - Add parameters h2_rst_allowance and h2_rst_allowance_period to mitigate CVE-2023-44487 - Resolves: RHEL-12817 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-30156 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [590-3] - Fix CVE-2022-48624 - Resolves: RHEL-26265 MODERATE Copyright 2024 Oracle, Inc. CVE-2022-48624 cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9:4:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 8 [2.6-11.0.1] - Change OS_VENDOR to OracleServer [2.6-11] - make initrd accessible only by root (CVE-2024-23301), PR 3123 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-23301 cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [1.16.2-3.5] - Rebuilt again with z-stream target [1.16.2-3.4] - Correct typo in new config file [1.16.2-3.3] - Ensure group access correction reaches also updated configs (CVE-2024-1488) [1.16.2-3.2] - Ensure only unbound group can change configuration (CVE-2024-1488) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1488 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 8 [1.16.2-5.6] - Rebuilt again with z-stream target [1.16.2-5.5] - Correct typo in new config file [1.16.2-5.4] - Ensure group access correction reaches also updated configs (CVE-2024-1488) [1.16.2-5.3] - Ensure only unbound group can change configuration (CVE-2024-1488) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1488 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 Oracle Linux 8 [32:9.16.23-0.16.2] - Prevent crashing at masterformat system test (CVE-2023-6516) [32:9.16.23-0.16.1] - Prevent increased CPU load on large DNS messages (CVE-2023-4408) - Prevent assertion failure when nxdomain-redirect is used with RFC 1918 reverse zones (CVE-2023-5517) - Prevent assertion failure if DNS64 and serve-stale is used (CVE-2023-5679) - Specific recursive query patterns may lead to an out-of-memory condition (CVE-2023-6516) - Prevent increased CPU consumption in DNSSEC validator (CVE-2023-50387 CVE-2023-50868) - Import tests for large DNS messages fix - Add downstream change complementing CVE-2023-50387 [32:9.16.23-0.16] - Limit the amount of recursion possible in control channel (CVE-2023-3341) [32:9.16.23-0.15] - Strengten cache cleaning to prevent overflowing configured limit (CVE-2023-2828) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-50868 CVE-2023-6516 CVE-2023-50387 CVE-2023-5679 CVE-2023-5517 CVE-2023-4408 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 bind [32:9.11.36-11.1] - Speed up parsing of DNS messages with many different names (CVE-2023-4408) - Prevent increased CPU consumption in DNSSEC validator (CVE-2023-50387 CVE-2023-50868) - Do not use header_prev in expire_lru_headers dhcp [4.3.6] - Change bug tracker path [12:4.3.6-49.1] - Rebuild because of bind ABI changes related to CVE-2023-50387 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-50387 CVE-2023-50868 CVE-2023-4408 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/o:oracle:linux:8:9:baseos_patch cpe:/o:oracle:linux:8:10:baseos_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 Oracle Linux 8 [3.6.16-8.3_fips] - Allow RSA keygen with modulus sizes bigger than 3072 bits and validate the seed length as defined in FIPS 186-4 section B.3.2 [Orabug: 33200526] - Allow bigger known RSA modulus sizes when calling rsa_generate_fips186_4_keypair directly [Orabug: 33200526] - Change Epoch from 1 to 10_fips [3.6.16-8.3] - Fix memleak with older GMP (RHEL-28957) [3.6.16-8.2] - Fix timing side-channel in deterministic ECDSA (RHEL-28957) [3.6.16-8.1] - auth/rsa-psk: minimize branching after decryption (RHEL-21586) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-28834 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:linux:8:10:appstream_base cpe:/o:oracle:linux:8:9:baseos_patch cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/o:oracle:linux:8:10:baseos_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 cpe:/a:oracle:linux:8::u4_security_validation Oracle Linux 7 [1.20.4-29] - Fix regression caused by the fix for CVE-2024-31083 [1.20.4-28] - CVE fix for: CVE-2024-31080, CVE-2024-31081, CVE-2024-31082 and CVE-2024-31083 Resolves: https://issues.redhat.com/browse/RHEL-31003 Resolves: https://issues.redhat.com/browse/RHEL-30989 Resolves: https://issues.redhat.com/browse/RHEL-30973 - Add util-linux as a dependency of Xvfb - Fix compilation error on i686 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-31083 CVE-2024-31081 CVE-2024-31080 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 httpd mod_http2 [1.15.7-8.5] - Resolves: RHEL-29816 - httpd:2.4/mod_http2: httpd: CONTINUATION frames DoS (CVE-2024-27316) mod_md IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-27316 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [7:3.5.20-17.0.1] - Mutiple CVE fixes for squid [Orabug: 33146289] - Resolves: CVE-2021-28651 squid: Bug 5104: Memory leak in RFC 2169 response parsing (#778) - Resolves: CVE-2021-28652 squid: Bug 5106: Broken cache manager URL parsing (#788) - Resolves: CVE-2021-31806,31807,31808 squid: Handle more Range requests (#790) - Resolves: CVE-2021-33620 squid: Handle more partial responses (#791) [7:3.5.20-17.10] - Resolves: RHEL-16779 - squid: NULL pointer dereference in the gopher protocol code -- Remove support for Gopher protocol (CVE-2023-46728) - Resolves: RHEL-18176 - squid: Buffer over-read in the HTTP Message processing feature (CVE-2023-49285) - Resolves: RHEL-18171 - squid: Incorrect Check of Function Return Value In Helper Process management (CVE-2023-49286) - Resolves: RHEL-16758 - squid: Denial of Service in SSL Certificate validation (CVE-2023-46724) - Resolves: RHEL-19557 - squid: denial of service in HTTP request parsing (CVE-2023-50269) - Resolves: RHEL-26082 - squid: denial of service in HTTP header parser (CVE-2024-25617) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-25617 CVE-2023-49286 CVE-2023-46724 CVE-2023-49285 CVE-2023-46728 CVE-2023-50269 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 9 bind [32:9.16.23-14.4] - Rebuild with correct z-stream tag again [32:9.16.23-14.3] - Rebuild together with bind-dyndb-ldap to adjust ABI changes [32:9.16.23-14.2] - Import tests for large DNS messages fix - Add downstream change complementing CVE-2023-50387 [32:9.16.23-14.1] - Prevent increased CPU load on large DNS messages (CVE-2023-4408) - Prevent assertion failure when nxdomain-redirect is used with RFC 1918 reverse zones (CVE-2023-5517) - Prevent assertion failure if DNS64 and serve-stale is used (CVE-2023-5679) - Specific recursive query patterns may lead to an out-of-memory condition (CVE-2023-6516) - Prevent increased CPU consumption in DNSSEC validator (CVE-2023-50387 CVE-2023-50868) bind-dyndb-ldap [11.9-8.3] - Rebuild with correct z-stream tag again [11.9-8.2] - Rebuild required for BIND changes for KeyTrap change (CVE-2023-50387) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-5517 CVE-2023-5679 CVE-2023-50387 CVE-2023-50868 CVE-2023-4408 CVE-2023-6516 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 7 [1.1.12-1] - Update runc to 1.1.12 [JIRA: OLDIS-30530] [1.1.10-1] - Update runc to 1.1.10 [JIRA: OLDIS-30530] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-21626 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ol7 cpe:/a:oracle:linux:7::addons cpe:/a:oracle:linux:7::developer cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ol7 Oracle Linux 7 [1:1.8.0.412.b08-1] - Update to shenandoah-jdk8u412-b08 (GA) - Update release notes for shenandoah-8u412-b08. - Complete release note for Certainly roots - Switch to GA mode. - ** This tarball is embargoed until 2024-04-16 @ 1pm PT. ** - Related: RHEL-30926 [1:1.8.0.412.b07-0.1.ea] - Update to shenandoah-jdk8u412-b07 (EA) - Update release notes for shenandoah-8u412-b07. - Require tzdata 2024a due to upstream inclusion of JDK-8322725 - Only require tzdata 2023d for now as 2024a is unavailable in buildroot - Resolves: RHEL-30926 [1:1.8.0.412.b01-0.1.ea] - Turn off xz multi-threading on i686 as it fails with an out of memory error - Normalise whitespace - Move to upstream tag style (shenandoah8ux-by) in preparation for eventually moving back to official sources - generate_source_tarball.sh: Rename JCONSOLE_JS_PATCH{,_DEFAULT} to JCONSOLE_PATCH{,_DEFAULT} for brevity - generate_source_tarball.sh: Adapt OPENJDK_LATEST logic to work with 8u Shenandoah fork - generate_source_tarball.sh: Adapt version logic to work with 8u - generate_source_tarball.sh: Add quoting for SCRIPT_DIR and JCONSOLE_PATCH (SC2086) - generate_source_tarball.sh: Update examples in header for clarity - generate_source_tarball.sh: Create directory in TMPDIR when using WITH_TEMP - generate_source_tarball.sh: Only add --depth=1 on non-local repositories - Move maintenance scripts to a scripts subdirectory - icedtea_sync.sh: Update with a VCS mode that retrieves sources from a Mercurial repository - jconsole.desktop.in: Restored by running icedtea_sync.sh - policytool.desktop.in: Likewise. - Restore IcedTea sources correctly in spec file - discover_trees.sh: Set compile-command and indentation instructions for Emacs - discover_trees.sh: shellcheck: Do not use -o (SC2166) - discover_trees.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) - discover_trees.sh: shellcheck: Double-quote variable references (SC2086) - generate_source_tarball.sh: Add authorship - icedtea_sync.sh: Set compile-command and indentation instructions for Emacs - icedtea_sync.sh: shellcheck: Double-quote variable references (SC2086) - icedtea_sync.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) - openjdk_news.sh: Set compile-command and indentation instructions for Emacs - openjdk_news.sh: shellcheck: Double-quote variable references (SC2086) - openjdk_news.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) - openjdk_news.sh: shellcheck: Remove deprecated egrep usage (SC2196) - generate_source_tarball.sh: Handle an existing checkout - generate_source_tarball.sh: Sync indentation with java-21-openjdk version - generate_source_tarball.sh: Support using a subdirectory via TO_COMPRESS - Related: RHEL-30926 [1:1.8.0.412.b01-0.1.ea] - Invoke xz in multi-threaded mode - generate_source_tarball.sh: Add WITH_TEMP environment variable - generate_source_tarball.sh: Multithread xz on all available cores - generate_source_tarball.sh: Add OPENJDK_LATEST environment variable - generate_source_tarball.sh: Update comment about tarball naming - generate_source_tarball.sh: Reformat comment header - generate_source_tarball.sh: Reformat and update help output - generate_source_tarball.sh: Do a shallow clone, for speed - generate_source_tarball.sh: Eliminate some removal prompting - generate_source_tarball.sh: Make tarball reproducible - generate_source_tarball.sh: Prefix temporary directory with temp- - generate_source_tarball.sh: Remove temporary directory exit conditions - generate_source_tarball.sh: Set compile-command in Emacs - generate_source_tarball.sh: Remove REPO_NAME from FILE_NAME_ROOT - generate_source_tarball.sh: Move PROJECT_NAME and REPO_NAME checks - generate_source_tarball.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) - generate_source_tarball.sh: shellcheck: Double-quote variable references (SC2086) - generate_source_tarball.sh: shellcheck: Do not use -a (SC2166) - generate_source_tarball.sh: shellcheck: Do not use $ on arithmetic variables (SC2004) - Use backward-compatible patch syntax - generate_source_tarball.sh: Ignore -ga tags with OPENJDK_LATEST - generate_source_tarball.sh: Remove trailing period in echo - generate_source_tarball.sh: Use long-style argument to grep - generate_source_tarball.sh: Add license - generate_source_tarball.sh: Add indentation instructions for Emacs - Remove -T0 argument from systemtap tar invocation - Related: RHEL-30926 [1:1.8.0.412.b01-0.1.ea] - Update to shenandoah-jdk8u412-b01 (EA) - Update release notes for shenandoah-8u412-b01. - Switch to EA mode. - Related: RHEL-30926 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-21085 CVE-2024-21068 CVE-2024-21094 CVE-2024-21011 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 Oracle Linux 9 [1:1.8.0.412.b08-2.0.1] - Add Oracle vendor bug URL [Orabug: 34340155] MODERATE Copyright 2024 Oracle, Inc. CVE-2024-21011 CVE-2024-21094 CVE-2024-21068 CVE-2024-21085 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 7 [1:11.0.23.0.9-2.0.1] - link atomic for ix86 build [1:11.0.23.0.9-2] - Fix 11.0.22 release date in NEWS - Restore ppc64le --with-jobs=1 workaround to avoid flaky ppc builds [1:11.0.23.0.9-1] - Update to jdk-11.0.23+9 (GA) - Update release notes to 11.0.23+9 - Switch to GA mode for release - Require tzdata 2024a due to upstream inclusion of JDK-8322725 - Only require tzdata 2023d for now as 2024a is unavailable in buildroot - ** This tarball is embargoed until 2024-04-16 @ 1pm PT. ** - Resolves: RHEL-30914 [1:11.0.23.0.1-0.1.ea] - Update to jdk-11.0.23+1 (EA) - Update release notes to 11.0.23+1 - Switch to EA mode - Speed up PPC build by removing ppc64le --with-jobs=1 workaround MODERATE Copyright 2024 Oracle, Inc. CVE-2024-21085 CVE-2024-21011 CVE-2024-21012 CVE-2024-21068 CVE-2024-21094 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 Oracle Linux 9 [1:11.0.23.0.9-3.0.1] - Add Oracle vendor bug URL [Orabug: 34340155] [1:11.0.23.0.9-2] - Fix 11.0.22 release date in NEWS [1:11.0.23.0.9-1] - Update to jdk-11.0.23+9 (GA) - Update release notes to 11.0.23+9 - Switch to GA mode for release - Require tzdata 2024a due to upstream inclusion of JDK-8322725 - Only require tzdata 2023d for now as 2024a is unavailable in buildroot - ** This tarball is embargoed until 2024-04-16 @ 1pm PT. ** - Resolves: RHEL-30920 [1:11.0.23.0.1-0.1.ea] - Update to jdk-11.0.23+1 (EA) - Update release notes to 11.0.23+1 - Switch to EA mode MODERATE Copyright 2024 Oracle, Inc. CVE-2024-21094 CVE-2024-21012 CVE-2024-21085 CVE-2024-21068 CVE-2024-21011 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 Oracle Linux 9 [17.0.11.0.9-2.0.1] - Add Oracle vendor bug URL [1:17.0.11.0.9-2] - Update to jdk-17.0.11+9 (GA) - Add openjdk-17.0.11+9.tar.xz to .gitignore - Sync java-17-openjdk-portable.specfile from openjdk-portable-rhel-8 - Update buildver from 7 to 9 - Update portablerelease from 1 to 3 - Change is_ga from 0 to 1 to enable GA mode for release - Update tzdata Requires comment to mention that 2024a is not yet in the buildroot - Update tzdata BuildRequires comment to mention that 2024a is not yet in the buildroot - Update tzdata BuildRequires fro 2023c to 2023d - Update sources from openjdk-17.0.11+7-ea.tar.xz to openjdk-17.0.11+9.tar.xz - Resolves: RHEL-27137 - ** This tarball is embargoed until 2024-04-16 @ 1pm PT. ** [1:17.0.11.0.7-0.2.ea] - Update to jdk-17.0.11+7 (EA) - Sync java-17-openjdk-portable.specfile - Sync java-17-openjdk-portable.specfile again to mention OPENJDK-2730 - Related: RHEL-27137 [1:17.0.11.0.6-0.2.ea] - Update to jdk-17.0.11+6 (EA) - Sync java-17-openjdk-portable.specfile - Update buildjdkver to match the featurever - Use featurever macro to specify fips patch - Explain patchN syntax situation in a comment - generate_source_tarball.sh: Fix whitespace - generate_source_tarball.sh: Skip -ga tags - generate_source_tarball.sh: Get -ea suffix from version-numbers.conf - generate_source_tarball.sh: Use git archive to generate tarball - generate_source_tarball.sh: Update version in comment - generate_source_tarball.sh: Remove trailing period in echo - generate_source_tarball.sh: Add indentation instructions for Emacs - Require tzdata 2023d (JDK-8322725) - generate_source_tarball.sh: Add license - openjdk_news.sh: Use grep -E instead of egrep - Remove RH1649512 patch for libjpeg-turbo FAR macro - Move pcsc-lite-libs patch to in-need-of-upstreaming section - Related: RHEL-27137 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-21011 CVE-2024-21012 CVE-2024-21068 CVE-2024-21094 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 Oracle Linux 9 [1:21.0.3.0.9-1.0.1] - Add Oracle vendor bug URL [Orabug: 34340155] [1:21.0.3.0.9-1] - Update to jdk-21.0.3+9 (GA) - Update release notes to 21.0.3+9 - Switch to GA mode. - Sync the copy of the portable specfile with the latest update - ** This tarball is embargoed until 2024-04-16 @ 1pm PT. ** - Resolves: RHEL-32405 [1:21.0.3.0.7-0.1.ea] - Update to jdk-21.0.3+7 (EA) - Update release notes to 21.0.3+7 - Require tzdata 2024a due to upstream inclusion of JDK-8322725 - Only require tzdata 2023d for now as 2024a is unavailable in buildroot - Drop JDK-8009550 which is now available upstream - Re-generate FIPS patch against 21.0.3+7 following backport of JDK-8325254 - Resolves: RHEL-30944 [1:21.0.3.0.1-0.2.ea] - Invoke xz in multi-threaded mode - generate_source_tarball.sh: Add WITH_TEMP environment variable - generate_source_tarball.sh: Multithread xz on all available cores - generate_source_tarball.sh: Add OPENJDK_LATEST environment variable - generate_source_tarball.sh: Update comment about tarball naming - generate_source_tarball.sh: Reformat comment header - generate_source_tarball.sh: Reformat and update help output - generate_source_tarball.sh: Do a shallow clone, for speed - generate_source_tarball.sh: Append -ea designator when required - generate_source_tarball.sh: Eliminate some removal prompting - generate_source_tarball.sh: Make tarball reproducible - generate_source_tarball.sh: Prefix temporary directory with temp- - generate_source_tarball.sh: Remove temporary directory exit conditions - generate_source_tarball.sh: Fix -ea logic to add dash - generate_source_tarball.sh: Set compile-command in Emacs - generate_source_tarball.sh: Remove REPO_NAME from FILE_NAME_ROOT - generate_source_tarball.sh: Move PROJECT_NAME and REPO_NAME checks - generate_source_tarball.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) - generate_source_tarball.sh: shellcheck: Double-quote variable references (SC2086) - generate_source_tarball.sh: shellcheck: Do not use -a (SC2166) - generate_source_tarball.sh: shellcheck: Do not use $ on arithmetic variables (SC2004) - Use backward-compatible patch syntax - generate_source_tarball.sh: Ignore -ga tags with OPENJDK_LATEST - generate_source_tarball.sh: Fix whitespace - generate_source_tarball.sh: Remove trailing period in echo - generate_source_tarball.sh: Use long-style argument to grep - generate_source_tarball.sh: Add license - generate_source_tarball.sh: Add indentation instructions for Emacs - Related: RHEL-30944 [1:21.0.3.0.1-0.2.ea] - Install alt-java man page from the misc tarball as it is no longer in the JDK image - generate_source_tarball.sh: Update examples in header for clarity - generate_source_tarball.sh: Cleanup message issued when checkout already exists - generate_source_tarball.sh: Create directory in TMPDIR when using WITH_TEMP - generate_source_tarball.sh: Only add --depth=1 on non-local repositories - Move maintenance scripts to a scripts subdirectory - discover_trees.sh: Set compile-command and indentation instructions for Emacs - discover_trees.sh: shellcheck: Do not use -o (SC2166) - discover_trees.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) - discover_trees.sh: shellcheck: Double-quote variable references (SC2086) - generate_source_tarball.sh: Add authorship - icedtea_sync.sh: Set compile-command and indentation instructions for Emacs - icedtea_sync.sh: shellcheck: Double-quote variable references (SC2086) - icedtea_sync.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) - openjdk_news.sh: Set compile-command and indentation instructions for Emacs - openjdk_news.sh: shellcheck: Double-quote variable references (SC2086) - openjdk_news.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) - openjdk_news.sh: shellcheck: Remove deprecated egrep usage (SC2196) - generate_source_tarball.sh: Output values of new options WITH_TEMP and OPENJDK_LATEST - generate_source_tarball.sh: Double-quote DEPTH reference (SC2086) - generate_source_tarball.sh: Avoid empty DEPTH reference while still appeasing shellcheck - Related: RHEL-30944 [1:21.0.3.0.1-0.1.ea] - Update to jdk-21.0.3+1 (EA) - Update release notes to 21.0.3+1 - Switch to EA mode - Require tzdata 2023d due to upstream inclusion of JDK-8322725 - Bump FreeType version to 2.13.2 following JDK-8316028 - Related: RHEL-30944 [1:21.0.2.0.13-2] - Sync the copy of the portable specfile with the latest update - Define portablesuffix according to whether pkgos is defined or not - Related: RHEL-30944 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-21068 CVE-2024-21012 CVE-2024-21011 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 6 [2.6.32-754.53.1.OL6] - net/sched: sch_qfq: refactor parsing of netlink parameters [Orabug: 36517546] - net/sched: sch_qfq: account for stab overhead in qfq_enqueue {CVE-2023-3611} [Orabug: 36517546] - net/sched: cls_fw: Fix improper refcount update leads to use-after-free {CVE-2023-3776} [Orabug: 36517546] - net: sched: sch_qfq: Fix UAF in qfq_dequeue() {CVE-2023-4921} [Orabug: 36517546] - net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg {CVE-2023-31436} [Orabug: 36517546] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-3611 CVE-2023-3776 CVE-2023-31436 CVE-2023-4921 cpe:/a:oracle:linux:6:10:ELS Oracle Linux 9 [1.15.19-5.1] - Resolves: RHEL-29826 - mod_http2: httpd: CONTINUATION frames DoS (CVE-2024-27316) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-27316 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [3.7.6-23.4] - Fix timing side-channel in deterministic ECDSA (RHEL-28958) - Fix potential crash during chain building/verification (RHEL-28953) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-28835 CVE-2024-28834 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 8 [15.8-4.0.1] - Add support for Oracle signed shim [Orabug: 36540084] - Add shim binaries signed with Oracle Secure Boot Signing (key 1) [Orabug: 36540084] [15.8-1.0.3] - Update shimx64.efi, shimia32.efi and shimaa64.efi v15.8 signed by Microsoft [Orabug: 36072863] [15.8-1.0.2] - Use binaries with correct shim.ol generation [Orabug: 36072863] - Set SBAT_AUTOMATIC_DATE=2021030218 [Orabug: 36072863] [15.8-1.0.1] - Update to 15.8 [Orabug: 36072863] - fix CVE-2023-40546, CVE-2023-40547, CVE-2023-40548, CVE-2023-40549, CVE-2023-40550, CVE-2023-40551 [Orabug: 36072863] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-40546 CVE-2023-40549 CVE-2023-40548 CVE-2023-40547 CVE-2023-40550 CVE-2023-40551 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/o:oracle:linux:8:10:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/o:oracle:linux:8:9:baseos_patch cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 Oracle Linux 9 [15.8-1.0.3] - Update shimx64.efi and shimaa64.efi v15.8 signed by Microsoft [Orabug: 36072879] - Update shim fb and mm binaries to match unsigned releases [Orabug: 36072879] [15.8-1.0.2] - Use binaries with correct shim.ol generation [Orabug: 36072879] - Set SBAT_AUTOMATIC_DATE=2021030218 [Orabug: 36072879] [15.8-1.0.1] - Update to 15.8 [Orabug: 36072879] - fix CVE-2023-40546, CVE-2023-40547, CVE-2023-40548, CVE-2023-40549, CVE-2023-40550, CVE-2023-40551 [Orabug: 36072879] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-40551 CVE-2023-40548 CVE-2023-40549 CVE-2023-40546 CVE-2023-40550 CVE-2023-40547 cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9:4:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [115.10.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [115.10.0-1] - Update to 115.10.0 build1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-3852 CVE-2024-2609 CVE-2024-3857 CVE-2024-3859 CVE-2024-3854 CVE-2024-3864 CVE-2024-3861 cpe:/a:oracle:linux:9::appstream Oracle Linux 7 [115.10.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [115.10.0-1] - Update to 115.10.0 build1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-3852 CVE-2024-2609 CVE-2024-3864 CVE-2024-3854 CVE-2024-3859 CVE-2024-3861 CVE-2024-3857 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [115.10.0-1.0.1] - Change default prefs file to Oracle version [115.10.0-1] - Update to 115.10.0 build1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-3852 CVE-2024-3857 CVE-2024-3859 CVE-2024-2609 CVE-2024-3864 CVE-2024-3854 CVE-2024-3861 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [115.10.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [115.10.0-2] - Update to 115.10.0 build2 [115.10.0-1] - Update to 115.10.0 build1 - Revert expat CVE-2023-52425 fix LOW Copyright 2024 Oracle, Inc. CVE-2024-3302 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [115.10.0-2.0.1] - Add Oracle prefs [115.10.0] - Add OpenELA debranding [115.10.0-2] - Update to 115.10.0 build2 [115.10.0-1] - Update to 115.10.0 build1 - Revert expat CVE-2023-52425 fix LOW Copyright 2024 Oracle, Inc. CVE-2024-3302 cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [115.10.0-2.0.1] - Add Oracle prefs - Add OpenELA debranding [115.10.0-2] - Update to 115.10.0 build2 [115.10.0-1] - Update to 115.10.0 build1 - Revert expat CVE-2023-52425 fix LOW Copyright 2024 Oracle, Inc. CVE-2024-3302 cpe:/a:oracle:linux:9::appstream Oracle Linux 7 [3.2.1-1.0.1] - Fix CVE-2023-49083: NULL-dereference when loading PKCS7 certificates [Orabug: 36143838] MODERATE Copyright 2024 Oracle, Inc. CVE-2023-49083 cpe:/a:oracle:linux:7::developer cpe:/a:oracle:linux:7::addons Oracle Linux 7 shim [- 15.8-2.0.3.el7] - Set shim.ol sbat generation to 3 [Orabug: 36271343] [- 15.8-2.0.1.el7] - Set SBAT_AUTOMATIC_DATE to 2021030218 [Orabug: 36271343] - Rebuild with Oracle certificates [Orabug: 36271343] - Full list of fixed CVEs: CVE-2023-40546, CVE-2023-40547, CVE-2023-40548, CVE-2023-40549, CVE-2023-40550, CVE-2023-40551 [Orabug: 36271343] [15.8-2.el7] - Rebuild to fix the commit ident and MAKEFLAGS Resolves: RHEL-11254 [15.8-1.el7] - Update to shim-15.8 for CVE-2023-40547 Resolves: RHEL-11254 shim-signed [15.8-1.0.3] - Update shimx64.efi signed by Microsoft [Orabug: 36271343] [15.8-1.0.1] - Set shim.ol sbat generation to 3 [Orabug: 36271343] - Set SBAT_AUTOMATIC_DATE to 2021030218 [Orabug: 36271343] - Rebuild with Oracle certificates [Orabug: 36271343] - Full list of fixed CVEs: CVE-2023-40546, CVE-2023-40547, CVE-2023-40548, CVE-2023-40549, CVE-2023-40550, CVE-2023-40551 [Orabug: 36271343] - Disable ia32 build [Orabug: 36271343] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-40547 CVE-2023-40548 CVE-2023-40550 CVE-2023-40546 CVE-2023-40551 CVE-2023-40549 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ovs3 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ovs3 cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 delve golang [1.20.12-8] - Update sources file - Related: RHEL-27928 [1.20.12-7] - Fix CVE-2024-1394 - Resolves: RHEL-27928 [1.20.12-6] - Fix CVE-2023-45288 - Resolves: RHEL-31914 go-toolset IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-45288 cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [1.20.12-4] - Rebuild for z-stream - Related: RHEL-28939 [1.20.12-3] - Fix CVE-2023-45288 - Resolves: RHEL-28939 - Temporarily disable FIPS tests (RHELBLD-14822) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-45288 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 [4.12-2.0.1.2] - Add libreswan-oracle.patch to detect Oracle Linux distro [4.12-2.2] - Fix patch application in the previous change [4.12-2.1] - Fix CVE-2024-2357 (RHEL-28742) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-2357 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [2.02-0.87.0.26.el7.14] - Replace bugzilla.oracle.com reference [Orabug: 35477723] - Backport kernel EFI allocation pacthes [Orabug: 34301086] - Add to the list CVE-2021-3695, CVE-2021-3696, CVE-2021-3697, CVE-2022-28734, CVE-2022-28735, CVE-2022-28736 [JIRA: OLDIS-16371] - bump SBAT generation [JIRA: OLDIS-16371] - Cleanup XEN shell script (Alex Burmashev) [Orabug: 33851417] - Update SBAT data (Alex Burmashev) [Orabug: 33851417] - efinet: change SNP open call (Alex Burmashev) [Orabug: 32646964] - disable buggy 0183-efinet-retransmit-if-our-device-is-busy.patch [Orabug: 27982684] - Patch multiboot2 to the recent state [Orabug: 32950597] - Enable multiboot2 for UEFI ( non Secureboot ) mode [Orabug: 32950597] - Update signing certificate [Orabug: 32670043] - Update shim and certificates dependencies [Orabug: 32670043] - xfs: Don't attempt to iterate over empty directory [Orabug: 32584717] - add SBAT metadata for Oracle Linux grub2 - Use similar format for menu entry in grub environment block - config file. [Orabug: 32172943] - Fix degradation in multiboot2 code [Orabug: 32069510] - Update signing certificate for efi binaries - Update upstream references [Orabug: 30138841] - Restore symlink to grub environment file, that was removed during grub2-efi update if grub2 package is also installed on UEFI machines [Orabug: 27345750] - fix symlink removal scriptlet, to be executed only on removal [Orabug: 19231481] - Fix comparison in patch for [Orabug: 18504756] - Remove symlink to grub environment file during uninstall on EFI platforms [Orabug: 19231481] - replace dynamic EFI boot folder path generation with predefined 'redhat' (Alex Burmashev) - Put 'with' in menuentry instead of 'using' [Orabug: 18504756] - Use different titles for UEK and RHCK kernels [Orabug: 18504756] MODERATE Copyright 2024 Oracle, Inc. CVE-2022-2601 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ol7 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ovs3 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ovs3 cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [3.10.0-1160.118.1.0.1] - debug: lock down kgdb [Orabug: 34270798] {CVE-2022-21499} [3.10.0-1160.118.1] - Update Oracle Linux certificates (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-2.0.9 - Update oracle(kernel-sig-key) value to match new certificate (Ilya Okomin) [3.10.0-1160.118.1] - iommu/amd: Fix NULL dereference bug in match_hid_uid (Jerry Snitselaar) [RHEL-8721] [3.10.0-1160.117.1] - tracing/perf: Fix double put of trace event when init fails (Michael Petlan) [RHEL-18052] - tracing: Fix race in perf_trace_buf initialization (Michael Petlan) [RHEL-18052] - net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve (Davide Caratti) [RHEL-16458] {CVE-2023-4623} - net/sched: sch_hfsc: Ensure inner classes have fsc curve (Davide Caratti) [RHEL-16458] {CVE-2023-4623} - gfs2: Fix invalid metadata access in punch_hole (Andrew Price) [RHEL-28785] - vt: vt_ioctl: fix race in VT_RESIZEX (Jay Shin) [RHEL-28639] {CVE-2020-36558} - selinux: cleanup and consolidate the XFRM alloc/clone/delete/free code (Ondrej Mosnacek) [RHEL-27751] - bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() (David Marlin) [RHEL-3682] {CVE-2023-2002} - bluetooth: Perform careful capability checks in hci_sock_ioctl() (David Marlin) [RHEL-3682] {CVE-2023-2002} - cifs: fix panic in smb2_reconnect (Jay Shin) [RHEL-26301] - af_unix: Fix null-ptr-deref in unix_stream_sendpage(). (Guillaume Nault) [RHEL-16144] {CVE-2023-4622} - NFS: Set the stable writes BDI capability (Benjamin Coddington) [RHEL-22193] - RDMA/i40iw: Prevent zero-length STAG registration (Kamal Heib) [RHEL-6299] {CVE-2023-25775} - sched/membarrier: reduce the ability to hammer on sys_membarrier (Wander Lairson Costa) [RHEL-26402] {CVE-2024-26602} [3.10.0-1160.116.1] - bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() (David Marlin) [RHEL-3682] {CVE-2023-2002} - bluetooth: Perform careful capability checks in hci_sock_ioctl() (David Marlin) [RHEL-3682] {CVE-2023-2002} - cifs: fix panic in smb2_reconnect (Jay Shin) [RHEL-26301] [3.10.0-1160.115.1] - af_unix: Fix null-ptr-deref in unix_stream_sendpage(). (Guillaume Nault) [RHEL-16144] {CVE-2023-4622} - NFS: Set the stable writes BDI capability (Benjamin Coddington) [RHEL-22193] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-4623 CVE-2023-2002 CVE-2023-4622 CVE-2023-25775 CVE-2020-36558 cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ol7 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 9 [4.12-1.0.1.1] - Add libreswan-oracle.patch to detect Oracle Linux distro [4.12-1.1] - Fix CVE-2024-2357 (RHEL-29734) - x509: unpack IPv6 general names based on length (RHEL-32719) [4.12-1] - Update to 4.12 to fix CVE-2023-38710, CVE-2023-38711, CVE-2023-38712 - Resolves: rhbz#2215956 [4.9-5] - Just bumping up the version to include bugs for CVE-2023-2295. There is no code fix for it. Fix for it is including the code fix for CVE-2023-30570. - Fix CVE-2023-2295 Regression of CVE-2023-30570 fixes in the Red Hat Enterprise Linux - Resolves: rhbz#2189777, rhbz#2190148 [4.9-4] - Just bumping up the version as an incorrect 9.3 build was created. - Related: rhbz#2187171 [4.9-3] - Fix CVE-2023-30570:Malicious IKEv1 Aggressive Mode packets can crash libreswan - Resolves: rhbz#2187171 [4.9-2] - Fix CVE-2023-23009: remote DoS via crafted TS payload with an incorrect selector length (rhbz#2173674) [4.9-1] - Update to 4.9. Resolves: rhbz#2128669 - Switch to using %autopatch as in Fedora MODERATE Copyright 2024 Oracle, Inc. CVE-2024-2357 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 [1.13.1-2.10] - Fix crash caused by fix for CVE-2024-31083 Resolves: RHEL-30981 [1.13.1-2.9] - Rebuild (z-stream target) Resolves: RHEL-31011 Resolves: RHEL-30981 Resolves: RHEL-30998 [1.13.1-2.8] - Fix CVE-2024-31080 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents Resolves: RHEL-31011 - Fix CVE-2024-31083 tigervnc: xorg-x11-server: User-after-free in ProcRenderAddGlyphs Resolves: RHEL-30981 - Fix CVE-2024-31081 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice Resolves: RHEL-30998 [1.13.1-3.7] - Fix use after free related to CVE-2024-21886 Resolves: RHEL-20432 - Fix copy/paste error in the DeviceStateNotify Resolves: RHEL-20583 [1.13.1-3.6] - Don't try to get pointer position when the pointer becomes a floating device Resolves: RHEL-20432 [1.13.1-3.5] - Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer overflow in DisableDevice Resolves: RHEL-20432 - Fix CVE-2024-21885 tigervnc: xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent Resolves: RHEL-20420 - Fix CVE-2024-0229 tigervnc: xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access Resolves: RHEL-20583 - Fix CVE-2023-6816 tigervnc: xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer Resolves: RHEL-21252 [1.13.1-2.4] - Updated fix for CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions Resolves: RHEL-18409 [1.13.1-2.3] - Rebuild (selinux-policy) Resolves: RHEL-18409 Resolves: RHEL-18421 [1.13.1-2.2] - Fix CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions Resolves: RHEL-18409 - Fix CVE-2023-6478 tigervnc: xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty Resolves: RHEL-18421 [1.13.1-2.1] - Fix CVE-2023-5380 tigervnc: xorg-x11-server: Use-after-free bug in DestroyWindow - Fix CVE-2023-5367 tigervnc: xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty Resolves: RHEL-15229 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-31080 CVE-2024-31083 CVE-2024-31081 cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [1.31.5-1.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178] [1:1.31.5-1] - update to the latest content of https://github.com/containers/buildah/tree/release-1.31 (https://github.com/containers/buildah/commit/5fd539c) - Resolves: RHEL-26775 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1753 cpe:/a:oracle:linux:9::appstream Oracle Linux 7 [1.8.0-33.0.1] - Dropped xorg-CVE-2023-5367.patch, xorg-CVE-2023-6816.patch, xorg-CVE-2023-6377.patch, xorg-CVE-2023-6478.patch, xorg-CVE-2024-0229-1.patch, xorg-CVE-2024-0229-2.patch, xorg-CVE-2024-0229-3.patch, xorg-CVE-2024-21885.patch, xorg-CVE-2024-21886-1.patch, xorg-CVE-2024-21886-2.patch, xorg-dix-fix-use-after-free-in-input-device-shutdown.patch, xorg-CVE-2024-31080.patch, xorg-CVE-2024-31081.patch, xorg-CVE-2024-31082.patch, xorg-CVE-2024-31083.patch, xorg-CVE-2024-31083-followup.patch [1.8.0-33] - Fix crash caused by fix for CVE-2024-31083 Resolves: RHEL-30976 [1.8.0-32] - Fix CVE-2024-31080 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents Resolves: RHEL-31006 - Fix CVE-2024-31083 tigervnc: xorg-x11-server: User-after-free in ProcRenderAddGlyphs Resolves: RHEL-30976 - Fix CVE-2024-31081 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice Resolves: RHEL-30993 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-31081 CVE-2024-31083 CVE-2024-31080 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 buildah [1.24.7-1] - bump to v1.24.7 - Resolves: RHEL-26767 cockpit-podman conmon containernetworking-plugins containers-common container-selinux criu crun fuse-overlayfs libslirp oci-seccomp-bpf-hook podman python-podman runc [1.1.12-1.0.1] - rebuild with golang 1.20.12 for CVE-2023-39326 skopeo slirp4netns udica IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1753 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 * Tue Feb 27 2024 Aaron Young - Create new 20240227 release for OL8 which includes the following fixed CVEs: {CVE-2023-45229} {CVE-2023-45230} {CVE-2023-45231} {CVE-2023-45232} {CVE-2023-45233} {CVE-2023-45234} {CVE-2023-45235} {CVE-2022-36763} {CVE-2022-36764} {CVE-2022-36765} - Update to OpenSSL 3.0.10 which includes the following fixed CVEs: {CVE-2023-2975} {CVE-2023-1255} {CVE-2023-0401} {CVE-2023-0217} {CVE-2023-0216} {CVE-2023-0215} {CVE-2022-4203} {CVE-2022-3996} {CVE-2022-3602} {CVE-2022-3786} {CVE-2022-3358} {CVE-2022-2274} {CVE-2022-1473} {CVE-2022-1434} {CVE-2022-1343} {CVE-2021-4044} {CVE-2021-23839} * Tue Aug 22 2023 Aaron Young - Create new 20230822.cvm release for OL8 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-45230 CVE-2023-45235 CVE-2022-36765 CVE-2023-45229 CVE-2023-45231 CVE-2023-45233 CVE-2022-36764 CVE-2023-45234 CVE-2022-36763 CVE-2023-45232 cpe:/a:oracle:linux:8::distro_builder cpe:/a:oracle:linux:8::kvm_appstream Oracle Linux 8 aardvark-dns buildah [1:1.31.5-1] - update to the latest content of https://github.com/containers/buildah/tree/release-1.31 (https://github.com/containers/buildah/commit/5fd539c) - Resolves: RHEL-26772 [1:1.31.3-3] - Make the module buildable again - Resolves: RHEL-16299 [1:1.31.3-2] - Rebuild with golang 1.20.10 for CVE-2023-39321 - Related: Jira:RHEL-4512 cockpit-podman conmon containernetworking-plugins containers-common container-selinux criu crun fuse-overlayfs libslirp netavark oci-seccomp-bpf-hook podman python-podman runc skopeo slirp4netns udica IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1753 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [0.11.7-2] - Fixed CVE-2024-25126, CVE-2024-26141, CVE-2024-26146 in bundled dependency rack Resolves: RHEL-26446, RHEL-26448, RHEL-26450 [0.11.7-1] - Rebased to the latest sources (see CHANGELOG.md) Resolves: RHEL-7740 [0.11.6-6] - Rebased to the latest upstream sources (see CHANGELOG.md) Resolves: RHEL-7582, RHEL-7583, RHEL-7669, RHEL-7672, RHEL-7697, RHEL-7698, RHEL-7700, RHEL-7703, RHEL-7719, RHEL-7725, RHEL-7730, RHEL-7738, RHEL-7739, RHEL-7740, RHEL-7744, RHEL-7746 - TLS cipher setting in pcsd now follows system-wide crypto policies by default Resolves: RHEL-7724 - Tightened permissions of bundled rubygems to be 755 or stricter Resolves: RHEL-7716 [0.11.6-5] - No changes, fixing an error in a new quality control process - Resolves: RHEL-15217 [0.11.6-4] - No changes, testing a new quality control process - Resolves: RHEL-15217 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-26146 CVE-2024-25126 CVE-2024-26141 cpe:/a:oracle:linux:9::addons Oracle Linux 9 osbuild [110-1] - New upstream release [109-1] - New upstream release [106-1] - New upstream release [105-1] - New upstream release [104-2] - Fix unit tests in RHEL CI by backporting upstream fixes [104-1] - New upstream release [103-1] - New upstream release [102-1] - New upstream release [101-2] - Change unit-test timeout from 3h to 4h - Rebuild after failed gating [101-1] - New upstream release [100-1] - New upstream release [99-1] - New upstream release [98-1] - New upstream release [97-1] - New upstream release [96-1] - New upstream release [95-1] - New upstream release [94-1] - New upstream release osbuild-composer [101-1] - New upstream release [100-1] - New upstream release [99-1] - New upstream release [98-1] - New upstream release [96-1] - New upstream release [95-1] - New upstream release [94-1] - New upstream release [93-1] - New upstream release [92-1] - New upstream release [91-1] - New upstream release [89-1] - New upstream release [88-1] - New upstream release [87-1] - New upstream release [86-1] - New upstream release [85-1] - New upstream release [84-1] - New upstream release [82-1] - New upstream release [80-1] - New upstream release [79-1] - New upstream release [77-1] - New upstream release [76-1] - New upstream release [75-1] - New upstream release [74-1] - New upstream release [73-1] - New upstream release [72-1] - New upstream release [71-1] - New upstream release [70-1] - New upstream release [69-1] - New upstream release [68-1] - New upstream release [67-2] - Fix functional tests to make them pass in RHEL-9.2 gating [67-1] - New upstream release [62-1] - New upstream release [60-1] - New upstream release [59-1] - New upstream release [58-1] - New upstream release [57-1] - New upstream release [55-1] - New upstream release [54-1] - New upstream release [53-1] - New upstream release [51-1] - New upstream release [46-1] - New upstream release MODERATE Copyright 2024 Oracle, Inc. CVE-2024-2307 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [2.42.5-1] - Update to 2.42.5 Resolves: RHEL-3960 [2.42.4-1] - Update to 2.42.4 Resolves: RHEL-3960 Resolves: RHEL-19366 [2.42.3-1] - Update to 2.42.3 Resolves: RHEL-3960 [2.42.2-1] - Update to 2.42.2 Resolves: RHEL-3960 [2.42.1-1] - Update to 2.42.1 Resolves: RHEL-3960 [2.42.0-1] - Upgrade to 2.42.0 Resolves: RHEL-3960 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2014-1745 CVE-2023-41983 CVE-2023-39928 CVE-2024-23213 CVE-2024-23206 CVE-2023-40414 CVE-2023-32359 CVE-2023-42890 CVE-2023-42883 CVE-2023-42852 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [4.10.0-62] - bundled urllib3: fix CVE-2023-45803 Resolves: RHEL-18139 - bundled pycryptodome: fix CVE-2023-52323 Resolves: RHEL-20917 - bundled jinja2: fix CVE-2024-22195 Resolves: RHEL-21345 [4.10.0-61] - fence_zvmip: document required user permissions in metadata/manpage Resolves: RHEL-14344 [4.10.0-60] - all agents: update metadata in non-I/O agents to Power or Network fencing Resolves: RHEL-14030 [4.10.0-57] - bundled urllib3: fix CVE-2023-43804 Resolves: RHEL-11999 [4.10.0-56] - fence_scsi: fix registration handling if ISID conflicts Resolves: RHEL-5396 - bundled certifi: fix CVE-2023-37920 Resolves: RHEL-9446 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-22195 CVE-2023-45803 CVE-2023-52323 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::addons Oracle Linux 9 [8.2.0-11] - kvm-coroutine-cap-per-thread-local-pool-size.patch [RHEL-28947] - kvm-coroutine-reserve-5-000-mappings.patch [RHEL-28947] - Resolves: RHEL-28947 (Qemu crashing with 'failed to set up stack guard page: Cannot allocate memory') [8.2.0-10] - kvm-chardev-lower-priority-of-the-HUP-GSource-in-socket-.patch [RHEL-24614] - kvm-Revert-chardev-char-socket-Fix-TLS-io-channels-sendi.patch [RHEL-24614] - kvm-Revert-chardev-use-a-child-source-for-qio-input-sour.patch [RHEL-24614] - Resolves: RHEL-24614 ([RHEL9][chardev] qemu hit core dump while using TLS server from host to guest) [8.2.0-9] - kvm-mirror-Don-t-call-job_pause_point-under-graph-lock.patch [RHEL-28125] - kvm-nbd-server-Fix-race-in-draining-the-export.patch [RHEL-28125] - kvm-iotests-Add-test-for-reset-AioContext-switches-with-.patch [RHEL-28125] - kvm-pc-smbios-fixup-manufacturer-product-version-to-matc.patch [RHEL-21705] - Resolves: RHEL-28125 (RHEL9.4 - KVM : Live migration of guest with multiple qcow devices remains incomplete.) - Resolves: RHEL-21705 (pc-q35-rhel9.4.0 does not provide proper computer information) [8.2.0-8] - kvm-ui-clipboard-mark-type-as-not-available-when-there-i.patch [RHEL-19629] - kvm-ui-clipboard-add-asserts-for-update-and-request.patch [RHEL-19629] - kvm-hw-i386-pc-Defer-smbios_set_defaults-to-machine_done.patch [RHEL-21705] - kvm-Implement-base-of-SMBIOS-type-9-descriptor.patch [RHEL-21705] - kvm-Implement-SMBIOS-type-9-v2.6.patch [RHEL-21705] - kvm-smbios-cleanup-smbios_get_tables-from-legacy-handlin.patch [RHEL-21705] - kvm-smbios-get-rid-of-smbios_smp_sockets-global.patch [RHEL-21705] - kvm-smbios-get-rid-of-smbios_legacy-global.patch [RHEL-21705] - kvm-smbios-avoid-mangling-user-provided-tables.patch [RHEL-21705] - kvm-smbios-don-t-check-type4-structures-in-legacy-mode.patch [RHEL-21705] - kvm-smbios-add-smbios_add_usr_blob_size-helper.patch [RHEL-21705] - kvm-smbios-rename-expose-structures-bitmaps-used-by-both.patch [RHEL-21705] - kvm-smbios-build-legacy-mode-code-only-for-pc-machine.patch [RHEL-21705] - kvm-smbios-handle-errors-consistently.patch [RHEL-21705] - kvm-smbios-get-rid-of-global-smbios_ep_type.patch [RHEL-21705] - kvm-smbios-clear-smbios_type4_count-before-building-tabl.patch [RHEL-21705] - kvm-smbios-extend-smbios-entry-point-type-with-auto-valu.patch [RHEL-21705] - kvm-smbios-in-case-of-entry-point-is-auto-try-to-build-v.patch [RHEL-21705] - kvm-smbios-error-out-when-building-type-4-table-is-not-p.patch [RHEL-21705] - kvm-pc-q35-set-SMBIOS-entry-point-type-to-auto-by-defaul.patch [RHEL-21705] - Resolves: RHEL-19629 (CVE-2023-6683 qemu-kvm: QEMU: VNC: NULL pointer dereference in qemu_clipboard_request() [rhel-9]) - Resolves: RHEL-21705 (pc-q35-rhel9.4.0 does not provide proper computer information) [8.2.0-7] - kvm-qemu_init-increase-NOFILE-soft-limit-on-POSIX.patch [RHEL-26049] - kvm-chardev-char-socket-Fix-TLS-io-channels-sending-too-.patch [RHEL-24614] - Resolves: RHEL-26049 (When max vcpu is greater than or equal to 246, qemu unable to init event notifier) - Resolves: RHEL-24614 ([RHEL9][chardev][s390x] qemu hit core dump while using TLS server from host to guest) [8.2.0-6] - kvm-virtio-scsi-Attach-event-vq-notifier-with-no_poll.patch [RHEL-3934] - kvm-virtio-Re-enable-notifications-after-drain.patch [RHEL-3934] - kvm-virtio-blk-Use-ioeventfd_attach-in-start_ioeventfd.patch [RHEL-3934] - kvm-virtio-blk-avoid-using-ioeventfd-state-in-irqfd-cond.patch [RHEL-15394] - kvm-hw-arm-virt-deprecate-virt-rhel9.-0-2-.0-machine-typ.patch [RHEL-24988] - Resolves: RHEL-3934 ([qemu-kvm] Failed on repeatedly hotplug/unplug disk iothread enabled ) - Resolves: RHEL-15394 (virtio-blk: qemu hang on 'no response on QMP query-status' when write data to disk without enough space) - Resolves: RHEL-24988 (Mark virt-rhel9.{0,2}.0 machine types as deprecated) [8.2.0-5] - kvm-hv-balloon-use-get_min_alignment-to-express-32-GiB-a.patch [RHEL-20341] - kvm-memory-device-reintroduce-memory-region-size-check.patch [RHEL-20341] - kvm-block-backend-Allow-concurrent-context-changes.patch [RHEL-24593] - kvm-scsi-Await-request-purging.patch [RHEL-24593] - kvm-string-output-visitor-show-structs-as-omitted.patch [RHEL-17369 RHEL-20764 RHEL-7356] - kvm-string-output-visitor-Fix-pseudo-struct-handling.patch [RHEL-17369 RHEL-20764 RHEL-7356] - kvm-qdev-properties-alias-all-object-class-properties.patch [RHEL-17369 RHEL-20764 RHEL-7356] - kvm-qdev-add-IOThreadVirtQueueMappingList-property-type.patch [RHEL-17369 RHEL-20764 RHEL-7356] - kvm-virtio-blk-add-iothread-vq-mapping-parameter.patch [RHEL-17369 RHEL-20764 RHEL-7356] - kvm-virtio-blk-Fix-potential-nullpointer-read-access-in-.patch [RHEL-17369 RHEL-20764 RHEL-7356] - kvm-iotests-add-filter_qmp_generated_node_ids.patch [RHEL-17369 RHEL-20764 RHEL-7356] - kvm-iotests-port-141-to-Python-for-reliable-QMP-testing.patch [RHEL-17369 RHEL-20764 RHEL-7356] - kvm-monitor-only-run-coroutine-commands-in-qemu_aio_cont.patch [RHEL-17369 RHEL-20764 RHEL-7356] - kvm-virtio-blk-move-dataplane-code-into-virtio-blk.c.patch [RHEL-17369 RHEL-20764 RHEL-7356] - kvm-virtio-blk-rename-dataplane-create-destroy-functions.patch [RHEL-17369 RHEL-20764 RHEL-7356] - kvm-virtio-blk-rename-dataplane-to-ioeventfd.patch [RHEL-17369 RHEL-20764 RHEL-7356] - kvm-virtio-blk-restart-s-rq-reqs-in-vq-AioContexts.patch [RHEL-17369 RHEL-20764 RHEL-7356] - kvm-virtio-blk-tolerate-failure-to-set-BlockBackend-AioC.patch [RHEL-17369 RHEL-20764 RHEL-7356] - kvm-virtio-blk-always-set-ioeventfd-during-startup.patch [RHEL-17369 RHEL-20764 RHEL-7356] - kvm-tests-unit-Bump-test-replication-timeout-to-60-secon.patch [RHEL-17369 RHEL-20764 RHEL-7356] - kvm-iotests-iothreads-stream-Use-the-right-TimeoutError.patch [RHEL-17369 RHEL-20764 RHEL-7356] - kvm-virtio-mem-default-enable-dynamic-memslots.patch [RHEL-24045] - Resolves: RHEL-20341 (memory-device size alignment check invalid in QEMU 8.2) - Resolves: RHEL-24593 (qemu crash blk_get_aio_context(BlockBackend *): Assertion ctx == blk->ctx' when repeatedly hotplug/unplug disk) - Resolves: RHEL-17369 ([nfv virt][rt][post-copy migration] qemu-kvm: ../block/qcow2.c:5263: ImageInfoSpecific *qcow2_get_specific_info(BlockDriverState *, Error **): Assertion false' failed.) - Resolves: RHEL-20764 ([qemu-kvm] Enable qemu multiqueue block layer support) - Resolves: RHEL-7356 ([qemu-kvm] no response with QMP command device_add when repeatedly hotplug/unplug virtio disks [RHEL-9]) - Resolves: RHEL-24045 (QEMU: default-enable dynamically using multiple memslots for virtio-mem) [8.2.0-4] - kvm-vfio-pci-Clear-MSI-X-IRQ-index-always.patch [RHEL-21293] - Resolves: RHEL-21293 ([emulated igb] Failed to set up TRIGGER eventfd signaling for interrupt INTX-0: VFIO_DEVICE_SET_IRQS failure: Invalid argument) [8.2.0-3] - kvm-hw-arm-virt-Add-properties-to-disable-high-memory-re.patch [RHEL-19738] - kvm-vfio-Introduce-base-object-for-VFIOContainer-and-tar.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Introduce-a-empty-VFIOIOMMUOps.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Switch-to-dma_map-unmap-API.patch [RHEL-19302 RHEL-21057] - kvm-vfio-common-Introduce-vfio_container_init-destroy-he.patch [RHEL-19302 RHEL-21057] - kvm-vfio-common-Move-giommu_list-in-base-container.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Move-space-field-to-base-container.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Switch-to-IOMMU-BE-set_dirty_page_tra.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Move-per-container-device-list-in-bas.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Convert-functions-to-base-container.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Move-pgsizes-and-dma_max_mappings-to-.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Move-vrdl_list-to-base-container.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Move-listener-to-base-container.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Move-dirty_pgsizes-and-max_dirty_bitm.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Move-iova_ranges-to-base-container.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Implement-attach-detach_device.patch [RHEL-19302 RHEL-21057] - kvm-vfio-spapr-Introduce-spapr-backend-and-target-interf.patch [RHEL-19302 RHEL-21057] - kvm-vfio-spapr-switch-to-spapr-IOMMU-BE-add-del_section_.patch [RHEL-19302 RHEL-21057] - kvm-vfio-spapr-Move-prereg_listener-into-spapr-container.patch [RHEL-19302 RHEL-21057] - kvm-vfio-spapr-Move-hostwin_list-into-spapr-container.patch [RHEL-19302 RHEL-21057] - kvm-backends-iommufd-Introduce-the-iommufd-object.patch [RHEL-19302 RHEL-21057] - kvm-util-char_dev-Add-open_cdev.patch [RHEL-19302 RHEL-21057] - kvm-vfio-common-return-early-if-space-isn-t-empty.patch [RHEL-19302 RHEL-21057] - kvm-vfio-iommufd-Implement-the-iommufd-backend.patch [RHEL-19302 RHEL-21057] - kvm-vfio-iommufd-Relax-assert-check-for-iommufd-backend.patch [RHEL-19302 RHEL-21057] - kvm-vfio-iommufd-Add-support-for-iova_ranges-and-pgsizes.patch [RHEL-19302 RHEL-21057] - kvm-vfio-pci-Extract-out-a-helper-vfio_pci_get_pci_hot_r.patch [RHEL-19302 RHEL-21057] - kvm-vfio-pci-Introduce-a-vfio-pci-hot-reset-interface.patch [RHEL-19302 RHEL-21057] - kvm-vfio-iommufd-Enable-pci-hot-reset-through-iommufd-cd.patch [RHEL-19302 RHEL-21057] - kvm-vfio-pci-Allow-the-selection-of-a-given-iommu-backen.patch [RHEL-19302 RHEL-21057] - kvm-vfio-pci-Make-vfio-cdev-pre-openable-by-passing-a-fi.patch [RHEL-19302 RHEL-21057] - kvm-vfio-platform-Allow-the-selection-of-a-given-iommu-b.patch [RHEL-19302 RHEL-21057] - kvm-vfio-platform-Make-vfio-cdev-pre-openable-by-passing.patch [RHEL-19302 RHEL-21057] - kvm-vfio-ap-Allow-the-selection-of-a-given-iommu-backend.patch [RHEL-19302 RHEL-21057] - kvm-vfio-ap-Make-vfio-cdev-pre-openable-by-passing-a-fil.patch [RHEL-19302 RHEL-21057] - kvm-vfio-ccw-Allow-the-selection-of-a-given-iommu-backen.patch [RHEL-19302 RHEL-21057] - kvm-vfio-ccw-Make-vfio-cdev-pre-openable-by-passing-a-fi.patch [RHEL-19302 RHEL-21057] - kvm-vfio-Make-VFIOContainerBase-poiner-parameter-const-i.patch [RHEL-19302 RHEL-21057] - kvm-hw-arm-Activate-IOMMUFD-for-virt-machines.patch [RHEL-19302 RHEL-21057] - kvm-kconfig-Activate-IOMMUFD-for-s390x-machines.patch [RHEL-19302 RHEL-21057] - kvm-hw-i386-Activate-IOMMUFD-for-q35-machines.patch [RHEL-19302 RHEL-21057] - kvm-vfio-pci-Move-VFIODevice-initializations-in-vfio_ins.patch [RHEL-19302 RHEL-21057] - kvm-vfio-platform-Move-VFIODevice-initializations-in-vfi.patch [RHEL-19302 RHEL-21057] - kvm-vfio-ap-Move-VFIODevice-initializations-in-vfio_ap_i.patch [RHEL-19302 RHEL-21057] - kvm-vfio-ccw-Move-VFIODevice-initializations-in-vfio_ccw.patch [RHEL-19302 RHEL-21057] - kvm-vfio-Introduce-a-helper-function-to-initialize-VFIOD.patch [RHEL-19302 RHEL-21057] - kvm-docs-devel-Add-VFIO-iommufd-backend-documentation.patch [RHEL-19302 RHEL-21057] - kvm-hw-ppc-Kconfig-Imply-VFIO_PCI.patch [RHEL-19302 RHEL-21057] - kvm-vfio-spapr-Extend-VFIOIOMMUOps-with-a-release-handle.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Introduce-vfio_legacy_setup-for-furth.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Initialize-VFIOIOMMUOps-under-vfio_in.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Introduce-a-VFIOIOMMU-QOM-interface.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Introduce-a-VFIOIOMMU-legacy-QOM-inte.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Intoduce-a-new-VFIOIOMMUClass-setup-h.patch [RHEL-19302 RHEL-21057] - kvm-vfio-spapr-Introduce-a-sPAPR-VFIOIOMMU-QOM-interface.patch [RHEL-19302 RHEL-21057] - kvm-vfio-iommufd-Introduce-a-VFIOIOMMU-iommufd-QOM-inter.patch [RHEL-19302 RHEL-21057] - kvm-vfio-spapr-Only-compile-sPAPR-IOMMU-support-when-nee.patch [RHEL-19302 RHEL-21057] - kvm-vfio-iommufd-Remove-CONFIG_IOMMUFD-usage.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Replace-basename-with-g_path_get_base.patch [RHEL-19302 RHEL-21057] - kvm-hw-vfio-fix-iteration-over-global-VFIODevice-list.patch [RHEL-19302 RHEL-21057] - kvm-vfio-iommufd-Remove-the-use-of-stat-to-check-file-ex.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Rename-vfio_init_container-to-vfio_se.patch [RHEL-19302 RHEL-21057] - kvm-vfio-migration-Add-helper-function-to-set-state-or-r.patch [RHEL-19302 RHEL-21057] - kvm-backends-iommufd-Remove-check-on-number-of-backend-u.patch [RHEL-19302 RHEL-21057] - kvm-backends-iommufd-Remove-mutex.patch [RHEL-19302 RHEL-21057] - kvm-Compile-IOMMUFD-object-on-aarch64.patch [RHEL-19302 RHEL-21057] - kvm-Compile-IOMMUFD-on-s390x.patch [RHEL-19302 RHEL-21057] - kvm-Compile-IOMMUFD-on-x86_64.patch [RHEL-19302 RHEL-21057] - kvm-target-s390x-kvm-pv-Provide-some-more-useful-informa.patch [RHEL-18212] - kvm-nbd-server-avoid-per-NBDRequest-nbd_client_get-put.patch [RHEL-15965] - kvm-nbd-server-only-traverse-NBDExport-clients-from-main.patch [RHEL-15965] - kvm-nbd-server-introduce-NBDClient-lock-to-protect-field.patch [RHEL-15965] - kvm-block-file-posix-set-up-Linux-AIO-and-io_uring-in-th.patch [RHEL-15965] - kvm-virtio-blk-add-lock-to-protect-s-rq.patch [RHEL-15965] - kvm-virtio-blk-don-t-lock-AioContext-in-the-completion-c.patch [RHEL-15965] - kvm-virtio-blk-don-t-lock-AioContext-in-the-submission-c.patch [RHEL-15965] - kvm-scsi-only-access-SCSIDevice-requests-from-one-thread.patch [RHEL-15965] - kvm-virtio-scsi-don-t-lock-AioContext-around-virtio_queu.patch [RHEL-15965] - kvm-scsi-don-t-lock-AioContext-in-I-O-code-path.patch [RHEL-15965] - kvm-dma-helpers-don-t-lock-AioContext-in-dma_blk_cb.patch [RHEL-15965] - kvm-virtio-scsi-replace-AioContext-lock-with-tmf_bh_lock.patch [RHEL-15965] - kvm-scsi-assert-that-callbacks-run-in-the-correct-AioCon.patch [RHEL-15965] - kvm-tests-remove-aio_context_acquire-tests.patch [RHEL-15965] - kvm-aio-make-aio_context_acquire-aio_context_release-a-n.patch [RHEL-15965] - kvm-graph-lock-remove-AioContext-locking.patch [RHEL-15965] - kvm-block-remove-AioContext-locking.patch [RHEL-15965] - kvm-block-remove-bdrv_co_lock.patch [RHEL-15965] - kvm-scsi-remove-AioContext-locking.patch [RHEL-15965] - kvm-aio-wait-draw-equivalence-between-AIO_WAIT_WHILE-and.patch [RHEL-15965] - kvm-aio-remove-aio_context_acquire-aio_context_release-A.patch [RHEL-15965] - kvm-docs-remove-AioContext-lock-from-IOThread-docs.patch [RHEL-15965] - kvm-scsi-remove-outdated-AioContext-lock-comment.patch [RHEL-15965] - kvm-job-remove-outdated-AioContext-locking-comments.patch [RHEL-15965] - kvm-block-remove-outdated-AioContext-locking-comments.patch [RHEL-15965] - kvm-block-coroutine-wrapper-use-qemu_get_current_aio_con.patch [RHEL-15965] - kvm-s390x-pci-avoid-double-enable-disable-of-aif.patch [RHEL-21169] - kvm-s390x-pci-refresh-fh-before-disabling-aif.patch [RHEL-21169] - kvm-s390x-pci-drive-ISM-reset-from-subsystem-reset.patch [RHEL-21169] - kvm-include-ui-rect.h-fix-qemu_rect_init-mis-assignment.patch [RHEL-21570] - kvm-virtio-gpu-block-migration-of-VMs-with-blob-true.patch [RHEL-7565] - kvm-spec-Enable-zstd.patch [RHEL-7361] - Resolves: RHEL-19738 (Enable properties allowing to disable high memory regions) - Resolves: RHEL-19302 (NVIDIA:Grace-Hopper Backport QEMU IOMMUFD Backend) - Resolves: RHEL-21057 (Request backport of 9353b6da430f90e47f352dbf6dc31120c8914da6) - Resolves: RHEL-18212 ([RHEL9][Secure-execution][s390x] The error message is not clear when boot up a SE guest with wrong encryption) - Resolves: RHEL-15965 ( [qemu-kvm] Remove AioContext lock (no response with QMP command block_resize)) - Resolves: RHEL-21169 ([s390x] VM fails to start with ISM passed through QEMU 8.2) - Resolves: RHEL-21570 (Critical performance degradation for input devices in virtio vnc session) - Resolves: RHEL-7565 (qemu crashed when migrate guest with blob resources enabled) - Resolves: RHEL-7361 ([qemu-kvm] Enable zstd support for qcow2 files) [8.2.0-2] - kvm-hw-arm-virt-Fix-compats.patch [RHEL-17168] - Resolves: RHEL-17168 (Introduce virt-rhel9.4.0 arm-virt machine type [aarch64]) [8.2.0-1] - Rebase to QEMU 8.2.0 [RHEL-14111] - Fix machine type compatibility [RHEL-17067 RHEL-17068] - Add 9.4.0 machine type [RHEL-17168 RHEL-19117 RHEL-19119] - Resolves: RHEL-14111 (Rebase qemu-kvm to QEMU 8.2.0) - Resolves: RHEL-17067 (Check/fix machine type compatibility for qemu-kvm 8.2.0 [s390x]) - Resolves: RHEL-17068 (Check/fix machine type compatibility for qemu-kvm 8.2.0 [x86_64]) - Resolves: RHEL-17168 (Introduce virt-rhel9.4.0 arm-virt machine type [aarch64]) - Resolves: RHEL-19117 (Introduce virt-rhel9.4.0 arm-virt machine type [x86_64]) - Resolves: RHEL-19119 (Introduce virt-rhel9.4.0 arm-virt machine type [s390x]) [8.1.0-5] - kvm-Preparation-for-using-allow-rpcs-list-in-guest-agent.patch [RHEL-955] - kvm-Use-allow-rpcs-instead-of-block-rpcs-in-guest-agent..patch [RHEL-955] - Resolves: RHEL-955 (Use allow-rpcs instead of block-rpcs in guest-agent.service) [8.1.0-4] - kvm-hw-scsi-scsi-disk-Disallow-block-sizes-smaller-than-.patch [RHEL-2828] - kvm-Enable-igb-on-x86_64.patch [RHEL-1308] - kvm-host-include-generic-host-atomic128-Fix-compilation-.patch [RHEL-12991] - kvm-Enable-qemu-kvm-device-usb-redirec-for-aarch64.patch [RHEL-7561] - Resolves: RHEL-2828 (CVE-2023-42467 qemu-kvm: qemu: denial of service due to division by zero [rhel-9]) - Resolves: RHEL-1308 ([RFE] iGB: Add an emulated SR-IOV network card) - Resolves: RHEL-12991 (qemu-kvm fails to build on s390x with clang-17) - Resolves: RHEL-7561 (Missing the rpm package qemu-kvm-device-usb-redirect on Arm64 platform) [8.1.0-3] - kvm-migration-Fix-race-that-dest-preempt-thread-close-to.patch [RHEL-11219] - kvm-migration-Fix-possible-race-when-setting-rp_state.er.patch [RHEL-11219] - kvm-migration-Fix-possible-races-when-shutting-down-the-.patch [RHEL-11219] - kvm-migration-Fix-possible-race-when-shutting-down-to_ds.patch [RHEL-11219] - kvm-migration-Remove-redundant-cleanup-of-postcopy_qemuf.patch [RHEL-11219] - kvm-migration-Consolidate-return-path-closing-code.patch [RHEL-11219] - kvm-migration-Replace-the-return-path-retry-logic.patch [RHEL-11219] - kvm-migration-Move-return-path-cleanup-to-main-migration.patch [RHEL-11219] - kvm-file-posix-Clear-bs-bl.zoned-on-error.patch [RHEL-7360] - kvm-file-posix-Check-bs-bl.zoned-for-zone-info.patch [RHEL-7360] - kvm-file-posix-Fix-zone-update-in-I-O-error-path.patch [RHEL-7360] - kvm-file-posix-Simplify-raw_co_prw-s-out-zone-code.patch [RHEL-7360] - kvm-tests-file-io-error-New-test.patch [RHEL-7360] - Resolves: RHEL-11219 (migration tests failing for RHEL 9.4 sometimes) - Resolves: RHEL-7360 (Qemu Core Dumped When Writing Larger Size Than The Size of A Data Disk) [8.1.0-2] - kvm-virtio-Drop-out-of-coroutine-context-in-virtio_load.patch [RHEL-832] - Resolves: RHEL-832 (qemu-kvm crashed when migrating guest with failover vf) [8.1.0-1] - Rebase to QEMU 8.1 [RHEL-870] - Resolves: RHEL-870 (Rebase qemu-kvm to QEMU 8.1.0) [8.0.0-13] - kvm-vdpa-return-errno-in-vhost_vdpa_get_vring_group-erro.patch [RHEL-923] - kvm-vdpa-move-CVQ-isolation-check-to-net_init_vhost_vdpa.patch [RHEL-923] - kvm-vdpa-use-first-queue-SVQ-state-for-CVQ-default.patch [RHEL-923] - kvm-vdpa-export-vhost_vdpa_set_vring_ready.patch [RHEL-923] - kvm-vdpa-rename-vhost_vdpa_net_load-to-vhost_vdpa_net_cv.patch [RHEL-923] - kvm-vdpa-move-vhost_vdpa_set_vring_ready-to-the-caller.patch [RHEL-923] - kvm-vdpa-remove-net-cvq-migration-blocker.patch [RHEL-923] - Resolves: RHEL-923 (vhost shadow virtqueue: state restore through CVQ) [8.0.0-12] - kvm-target-i386-allow-versioned-CPUs-to-specify-new-cach.patch [bz#2094913] - kvm-target-i386-Add-new-EPYC-CPU-versions-with-updated-c.patch [bz#2094913] - kvm-target-i386-Add-a-couple-of-feature-bits-in-8000_000.patch [bz#2094913] - kvm-target-i386-Add-feature-bits-for-CPUID_Fn80000021_EA.patch [bz#2094913] - kvm-target-i386-Add-missing-feature-bits-in-EPYC-Milan-m.patch [bz#2094913] - kvm-target-i386-Add-VNMI-and-automatic-IBRS-feature-bits.patch [bz#2094913] - kvm-target-i386-Add-EPYC-Genoa-model-to-support-Zen-4-pr.patch [bz#2094913] - Resolves: bz#2094913 (Add EPYC-Genoa CPU model in qemu) [8.0.0-11] - kvm-block-blkio-enable-the-completion-eventfd.patch [bz#2225354 bz#2225439] - kvm-block-blkio-do-not-use-open-flags-in-qemu_open.patch [bz#2225354 bz#2225439] - kvm-block-blkio-move-blkio_connect-in-the-drivers-functi.patch [bz#2225354 bz#2225439] - kvm-block-blkio-retry-blkio_connect-if-it-fails-using-fd.patch [bz#2225354 bz#2225439] - kvm-block-blkio-fall-back-on-using-path-when-fd-setting-.patch [bz#2225354 bz#2225439] - kvm-block-blkio-use-blkio_set_int-fd-to-check-fd-support.patch [bz#2225354 bz#2225439] - kvm-hw-virtio-iommu-Fix-potential-OOB-access-in-virtio_i.patch [bz#2229133] - kvm-virtio-iommu-Standardize-granule-extraction-and-form.patch [bz#2229133] - kvm-hw-arm-smmu-Handle-big-endian-hosts-correctly.patch [bz#2229133] - kvm-qapi-i386-sev-Change-the-reduced-phys-bits-value-fro.patch [bz#2214839] - kvm-qemu-options.hx-Update-the-reduced-phys-bits-documen.patch [bz#2214839] - kvm-i386-sev-Update-checks-and-information-related-to-re.patch [bz#2214839] - kvm-i386-cpu-Update-how-the-EBX-register-of-CPUID-0x8000.patch [bz#2214839] - kvm-Provide-elf2dmp-binary-in-qemu-tools.patch [bz#2165917] - Resolves: bz#2225354 ([vdpa-blk] The new driver virtio-blk-vhost-user not work in VM booting) - Resolves: bz#2225439 ([vdpa-blk] read-only=on option not work on driver virtio-blk-vhost-vdpa) - Resolves: bz#2229133 (Backport some virtio-iommu and smmu fixes) - Resolves: bz#2214839 ([AMDSERVER 9.3 Bug] Qemu SEV reduced-phys-bits fixes) - Resolves: bz#2165917 (qemu-kvm: contrib/elf2dmp: Windows Server 2022 support) [8.0.0-10] - kvm-util-iov-Make-qiov_slice-public.patch [bz#2174676] - kvm-block-Collapse-padded-I-O-vecs-exceeding-IOV_MAX.patch [bz#2174676] - kvm-util-iov-Remove-qemu_iovec_init_extended.patch [bz#2174676] - kvm-iotests-iov-padding-New-test.patch [bz#2174676] - kvm-block-Fix-pad_request-s-request-restriction.patch [bz#2174676] - kvm-vdpa-do-not-block-migration-if-device-has-cvq-and-x-.patch [RHEL-573] - kvm-virtio-net-correctly-report-maximum-tx_queue_size-va.patch [bz#2040509] - kvm-hw-pci-Disable-PCI_ERR_UNCOR_MASK-reg-for-machine-ty.patch [bz#2223691] - kvm-vhost-vdpa-mute-unaligned-memory-error-report.patch [bz#2141965] - Resolves: bz#2174676 (Guest hit EXT4-fs error on host 4K disk when repeatedly hot-plug/unplug running IO disk [RHEL9]) - Resolves: RHEL-573 ([mlx vhost_vdpa][rhel 9.3]live migration fail with 'net vdpa cannot migrate with CVQ feature') - Resolves: bz#2040509 ([RFE]:Add support for changing 'tx_queue_size' to a setable value) - Resolves: bz#2223691 ([machine type 9.2]Failed to migrate VM from RHEL 9.3 to RHEL 9.2) - Resolves: bz#2141965 ([TPM][vhost-vdpa][rhel9.2]Boot a guest with 'vhost-vdpa + TPM emulator', qemu output: qemu-kvm: vhost_vdpa_listener_region_add received unaligned region) [8.0.0-9] - kvm-scsi-fetch-unit-attention-when-creating-the-request.patch [bz#2176702] - kvm-scsi-cleanup-scsi_clear_unit_attention.patch [bz#2176702] - kvm-scsi-clear-unit-attention-only-for-REPORT-LUNS-comma.patch [bz#2176702] - kvm-s390x-ap-Wire-up-the-device-request-notifier-interfa.patch [RHEL-794] - kvm-multifd-Create-property-multifd-flush-after-each-sec.patch [bz#2196295] - kvm-multifd-Protect-multifd_send_sync_main-calls.patch [bz#2196295] - kvm-multifd-Only-flush-once-each-full-round-of-memory.patch [bz#2196295] - kvm-net-socket-prepare-to-cleanup-net_init_socket.patch [RHEL-582] - kvm-net-socket-move-fd-type-checking-to-its-own-function.patch [RHEL-582] - kvm-net-socket-remove-net_init_socket.patch [RHEL-582] - kvm-pcie-Add-hotplug-detect-state-register-to-cmask.patch [bz#2215819] - kvm-spec-Build-DBUS-display.patch [bz#2207940] - Resolves: bz#2176702 ([RHEL9][virtio-scsi] scsi-hd cannot hot-plug successfully after hot-plug it repeatly) - Resolves: RHEL-794 (Backport s390x fixes from QEMU 8.1) - Resolves: bz#2196295 (Multifd flushes its channels 10 times per second) - Resolves: RHEL-582 ([passt][rhel 9.3] qemu core dump occurs when guest is shutdown after hotunplug/hotplug a passt interface) - Resolves: bz#2215819 (Migration test failed while guest with PCIe devices) - Resolves: bz#2207940 ([RFE] Enable qemu-ui-dbus subpackage) [8.0.0-8] - kvm-virtio-iommu-Fix-64kB-host-page-size-VFIO-device-ass.patch [bz#2211609 bz#2211634] - kvm-virtio-iommu-Rework-the-traces-in-virtio_iommu_set_p.patch [bz#2211609 bz#2211634] - kvm-vfio-pci-add-support-for-VF-token.patch [bz#2192818] - kvm-vfio-migration-Skip-log_sync-during-migration-SETUP-.patch [bz#2192818] - kvm-vfio-pci-Static-Resizable-BAR-capability.patch [bz#2192818] - kvm-vfio-pci-Fix-a-use-after-free-issue.patch [bz#2192818] - kvm-util-vfio-helpers-Use-g_file_read_link.patch [bz#2192818] - kvm-migration-Make-all-functions-check-have-the-same-for.patch [bz#2192818] - kvm-migration-Move-migration_properties-to-options.c.patch [bz#2192818] - kvm-migration-Add-switchover-ack-capability.patch [bz#2192818] - kvm-migration-Implement-switchover-ack-logic.patch [bz#2192818] - kvm-migration-Enable-switchover-ack-capability.patch [bz#2192818] - kvm-vfio-migration-Refactor-vfio_save_block-to-return-sa.patch [bz#2192818] - kvm-vfio-migration-Store-VFIO-migration-flags-in-VFIOMig.patch [bz#2192818] - kvm-vfio-migration-Add-VFIO-migration-pre-copy-support.patch [bz#2192818] - kvm-vfio-migration-Add-support-for-switchover-ack-capabi.patch [bz#2192818] - kvm-vfio-Implement-a-common-device-info-helper.patch [bz#2192818] - kvm-hw-vfio-pci-quirks-Support-alternate-offset-for-GPUD.patch [bz#2192818] - kvm-vfio-pci-Call-vfio_prepare_kvm_msi_virq_batch-in-MSI.patch [bz#2192818] - kvm-vfio-migration-Reset-bytes_transferred-properly.patch [bz#2192818] - kvm-vfio-migration-Make-VFIO-migration-non-experimental.patch [bz#2192818] - kvm-vfio-pci-Fix-a-segfault-in-vfio_realize.patch [bz#2192818] - kvm-vfio-pci-Free-leaked-timer-in-vfio_realize-error-pat.patch [bz#2192818] - kvm-hw-vfio-pci-quirks-Sanitize-capability-pointer.patch [bz#2192818] - kvm-vfio-pci-Disable-INTx-in-vfio_realize-error-path.patch [bz#2192818] - kvm-vfio-migration-Change-vIOMMU-blocker-from-global-to-.patch [bz#2192818] - kvm-vfio-migration-Free-resources-when-vfio_migration_re.patch [bz#2192818] - kvm-vfio-migration-Remove-print-of-Migration-disabled.patch [bz#2192818] - kvm-vfio-migration-Return-bool-type-for-vfio_migration_r.patch [bz#2192818] - kvm-vfio-Fix-null-pointer-dereference-bug-in-vfio_bars_f.patch [bz#2192818] - kvm-pc-bios-s390-ccw-Makefile-Use-z-noexecstack-to-silen.patch [bz#2220866] - kvm-pc-bios-s390-ccw-Fix-indentation-in-start.S.patch [bz#2220866] - kvm-pc-bios-s390-ccw-Provide-space-for-initial-stack-fra.patch [bz#2220866] - kvm-pc-bios-s390-ccw-Don-t-use-__bss_start-with-the-larl.patch [bz#2220866] - kvm-ui-Fix-pixel-colour-channel-order-for-PNG-screenshot.patch [bz#2222579] - kvm-block-blkio-fix-module_block.py-parsing.patch [bz#2213317] - kvm-Fix-virtio-blk-vhost-vdpa-typo-in-spec-file.patch [bz#2213317] - Resolves: bz#2211609 (With virtio-iommu and vfio-pci, qemu reports 'warning: virtio-iommu page mask 0xfffffffffffff000 does not match 0x40201000') - Resolves: bz#2211634 ([aarch64] With virtio-iommu and vfio-pci, qemu coredump when host using kernel-64k package) - Resolves: bz#2192818 ([VFIO LM] Live migration) - Resolves: bz#2220866 (Misaligned symbol for s390-ccw image during qemu-kvm build) - Resolves: bz#2222579 (PNG screendump doesn't save screen correctly) - Resolves: bz#2213317 (Enable libblkio-based block drivers in QEMU) [8.0.0-7] - kvm-numa-Validate-cluster-and-NUMA-node-boundary-if-requ.patch [bz#2171363] - kvm-hw-arm-Validate-cluster-and-NUMA-node-boundary.patch [bz#2171363] - kvm-hw-arm-virt-Validate-cluster-and-NUMA-node-boundary-.patch [bz#2171363] - kvm-vhost-fix-vhost_dev_enable_notifiers-error-case.patch [RHEL-330] - kvm-kvm-reuse-per-vcpu-stats-fd-to-avoid-vcpu-interrupti.patch [bz#2218644] - kvm-vhost-vdpa-do-not-cleanup-the-vdpa-vhost-net-structu.patch [bz#2128929] - Resolves: bz#2171363 ([aarch64] Kernel hits Call trace with irregular CPU-to-NUMA association) - Resolves: RHEL-330 ([virtual network][qemu-kvm-8.0.0-rc1]qemu core dump: qemu-kvm: ../softmmu/memory.c:2592: void memory_region_del_eventfd(MemoryRegion *, hwaddr, unsigned int, _Bool, uint64_t, EventNotifier *): Assertion i != mr->ioeventfd_nb' failed) - Resolves: bz#2218644 (query-stats QMP command interrupts vcpus, the Max Latencies could be more than 100us (rhel 9.3.0 clone)) - Resolves: bz#2128929 ([rhel9.2] hotplug/hotunplug mlx vdpa device to the occupied addr port, then qemu core dump occurs after shutdown guest) [8.0.0-6] - kvm-target-i386-add-support-for-FLUSH_L1D-feature.patch [bz#2216201] - kvm-target-i386-add-support-for-FB_CLEAR-feature.patch [bz#2216201] - kvm-block-blkio-use-qemu_open-to-support-fd-passing-for-.patch [bz#2180076] - kvm-qapi-add-fdset-feature-for-BlockdevOptionsVirtioBlkV.patch [bz#2180076] - kvm-Enable-libblkio-block-drivers.patch [bz#2213317] - Resolves: bz#2216201 ([qemu-kvm]VM reports vulnerabilty to mmio_stale_data on patched host with microcode) - Resolves: bz#2180076 ([qemu-kvm] support fd passing for libblkio QEMU BlockDrivers) - Resolves: bz#2213317 (Enable libblkio-based block drivers in QEMU) [8.0.0-5] - kvm-block-compile-out-assert_bdrv_graph_readable-by-defa.patch [bz#2186725] - kvm-graph-lock-Disable-locking-for-now.patch [bz#2186725] - kvm-nbd-server-Fix-drained_poll-to-wake-coroutine-in-rig.patch [bz#2186725] - kvm-iotests-Test-commit-with-iothreads-and-ongoing-I-O.patch [bz#2186725] - kvm-memory-prevent-dma-reentracy-issues.patch [RHEL-516] - kvm-async-Add-an-optional-reentrancy-guard-to-the-BH-API.patch [RHEL-516] - kvm-checkpatch-add-qemu_bh_new-aio_bh_new-checks.patch [RHEL-516] - kvm-hw-replace-most-qemu_bh_new-calls-with-qemu_bh_new_g.patch [RHEL-516] - kvm-lsi53c895a-disable-reentrancy-detection-for-script-R.patch [RHEL-516] - kvm-bcm2835_property-disable-reentrancy-detection-for-io.patch [RHEL-516] - kvm-raven-disable-reentrancy-detection-for-iomem.patch [RHEL-516] - kvm-apic-disable-reentrancy-detection-for-apic-msi.patch [RHEL-516] - kvm-async-avoid-use-after-free-on-re-entrancy-guard.patch [RHEL-516] - kvm-loongarch-mark-loongarch_ipi_iocsr-re-entrnacy-safe.patch [RHEL-516] - kvm-memory-stricter-checks-prior-to-unsetting-engaged_in.patch [RHEL-516] - kvm-lsi53c895a-disable-reentrancy-detection-for-MMIO-reg.patch [RHEL-516] - kvm-hw-scsi-lsi53c895a-Fix-reentrancy-issues-in-the-LSI-.patch [RHEL-516] - kvm-hw-pci-Disable-PCI_ERR_UNCOR_MASK-register-for-machi.patch [bz#2189423] - kvm-multifd-Fix-the-number-of-channels-ready.patch [bz#2196289] - kvm-util-async-teardown-wire-up-query-command-line-optio.patch [bz#2168500] - kvm-s390x-pv-Fix-spurious-warning-with-asynchronous-tear.patch [bz#2168500] - Resolves: bz#2186725 (Qemu hang when commit during fio running(iothread enable)) - Resolves: RHEL-516 (CVE-2023-2680 qemu-kvm: QEMU: hcd-ehci: DMA reentrancy issue (incomplete fix for CVE-2021-3750) [rhel-9]) - Resolves: bz#2189423 (Failed to migrate VM from rhel 9.3 to rhel 9.2) - Resolves: bz#2196289 (Fix number of ready channels on multifd) - Resolves: bz#2168500 ([IBM 9.3 FEAT] KVM: Improve memory reclaiming for z15 Secure Execution guests - qemu part) [8.0.0-4] - kvm-migration-Attempt-disk-reactivation-in-more-failure-.patch [bz#2058982] - kvm-util-mmap-alloc-qemu_fd_getfs.patch [bz#2057267] - kvm-vl.c-Create-late-backends-before-migration-object.patch [bz#2057267] - kvm-migration-postcopy-Detect-file-system-on-dest-host.patch [bz#2057267] - kvm-migration-mark-mixed-functions-that-can-suspend.patch [bz#2057267] - kvm-postcopy-ram-do-not-use-qatomic_mb_read.patch [bz#2057267] - kvm-migration-remove-extra-whitespace-character-for-code.patch [bz#2057267] - kvm-migration-Merge-ram_counters-and-ram_atomic_counters.patch [bz#2057267] - kvm-migration-Update-atomic-stats-out-of-the-mutex.patch [bz#2057267] - kvm-migration-Make-multifd_bytes-atomic.patch [bz#2057267] - kvm-migration-Make-dirty_sync_missed_zero_copy-atomic.patch [bz#2057267] - kvm-migration-Make-precopy_bytes-atomic.patch [bz#2057267] - kvm-migration-Make-downtime_bytes-atomic.patch [bz#2057267] - kvm-migration-Make-dirty_sync_count-atomic.patch [bz#2057267] - kvm-migration-Make-postcopy_requests-atomic.patch [bz#2057267] - kvm-migration-Rename-duplicate-to-zero_pages.patch [bz#2057267] - kvm-migration-Rename-normal-to-normal_pages.patch [bz#2057267] - kvm-migration-rename-enabled_capabilities-to-capabilitie.patch [bz#2057267] - kvm-migration-Pass-migrate_caps_check-the-old-and-new-ca.patch [bz#2057267] - kvm-migration-move-migration_global_dump-to-migration-hm.patch [bz#2057267] - kvm-spice-move-client_migrate_info-command-to-ui.patch [bz#2057267] - kvm-migration-Create-migrate_cap_set.patch [bz#2057267] - kvm-migration-Create-options.c.patch [bz#2057267] - kvm-migration-Move-migrate_colo_enabled-to-options.c.patch [bz#2057267] - kvm-migration-Move-migrate_use_compression-to-options.c.patch [bz#2057267] - kvm-migration-Move-migrate_use_events-to-options.c.patch [bz#2057267] - kvm-migration-Move-migrate_use_multifd-to-options.c.patch [bz#2057267] - kvm-migration-Move-migrate_use_zero_copy_send-to-options.patch [bz#2057267] - kvm-migration-Move-migrate_use_xbzrle-to-options.c.patch [bz#2057267] - kvm-migration-Move-migrate_use_block-to-options.c.patch [bz#2057267] - kvm-migration-Move-migrate_use_return-to-options.c.patch [bz#2057267] - kvm-migration-Create-migrate_rdma_pin_all-function.patch [bz#2057267] - kvm-migration-Move-migrate_caps_check-to-options.c.patch [bz#2057267] - kvm-migration-Move-qmp_query_migrate_capabilities-to-opt.patch [bz#2057267] - kvm-migration-Move-qmp_migrate_set_capabilities-to-optio.patch [bz#2057267] - kvm-migration-Move-migrate_cap_set-to-options.c.patch [bz#2057267] - kvm-migration-Move-parameters-functions-to-option.c.patch [bz#2057267] - kvm-migration-Use-migrate_max_postcopy_bandwidth.patch [bz#2057267] - kvm-migration-Move-migrate_use_block_incremental-to-opti.patch [bz#2057267] - kvm-migration-Create-migrate_throttle_trigger_threshold.patch [bz#2057267] - kvm-migration-Create-migrate_checkpoint_delay.patch [bz#2057267] - kvm-migration-Create-migrate_max_cpu_throttle.patch [bz#2057267] - kvm-migration-Move-migrate_announce_params-to-option.c.patch [bz#2057267] - kvm-migration-Create-migrate_cpu_throttle_initial-to-opt.patch [bz#2057267] - kvm-migration-Create-migrate_cpu_throttle_increment-func.patch [bz#2057267] - kvm-migration-Create-migrate_cpu_throttle_tailslow-funct.patch [bz#2057267] - kvm-migration-Move-migrate_postcopy-to-options.c.patch [bz#2057267] - kvm-migration-Create-migrate_max_bandwidth-function.patch [bz#2057267] - kvm-migration-Move-migrate_use_tls-to-options.c.patch [bz#2057267] - kvm-migration-Move-qmp_migrate_set_parameters-to-options.patch [bz#2057267] - kvm-migration-Allow-postcopy_ram_supported_by_host-to-re.patch [bz#2057267] - kvm-block-bdrv-blk_co_unref-for-calls-in-coroutine-conte.patch [bz#2185688] - kvm-block-Don-t-call-no_coroutine_fns-in-qmp_block_resiz.patch [bz#2185688] - kvm-iotests-Use-alternative-CPU-type-that-is-not-depreca.patch [bz#2185688] - kvm-iotests-Test-resizing-image-attached-to-an-iothread.patch [bz#2185688] - kvm-Enable-Linux-io_uring.patch [bz#1947230] - Resolves: bz#2058982 (Qemu core dump if cut off nfs storage during migration) - Resolves: bz#2057267 (Migration with postcopy fail when vm set with shared memory) - Resolves: bz#2185688 ([qemu-kvm] no response with QMP command block_resize) - Resolves: bz#1947230 (Enable QEMU support for io_uring in RHEL9) [8.0.0-3] - kvm-migration-Handle-block-device-inactivation-failures-.patch [bz#2058982] - kvm-migration-Minor-control-flow-simplification.patch [bz#2058982] - Resolves: bz#2058982 (Qemu core dump if cut off nfs storage during migration) [8.0.0-2] - kvm-acpi-pcihp-allow-repeating-hot-unplug-requests.patch [bz#2087047] - kvm-hw-acpi-limit-warning-on-acpi-table-size-to-pc-machi.patch [bz#1934134] - kvm-hw-acpi-Mark-acpi-blobs-as-resizable-on-RHEL-pc-mach.patch [bz#1934134] - Resolves: bz#2087047 (Disk detach is unsuccessful while the guest is still booting) - Resolves: bz#1934134 (ACPI table limits warning when booting guest with 512 VCPUs) [8.0.0-1] - Rebase to QEMU 8.0.0 - Resolves: bz#2180898 (Rebase to QEMU 8.0.0 for RHEL 9.3.0) [7.2.0-14] - Rebuild for 9.2 release - Resolves: bz#2173590 (bugs in emulation of BMI instructions (for libguestfs without KVM)) - Resolves: bz#2156876 ([virtual network][rhel7.9_guest] qemu-kvm: vhost vring error in virtqueue 1: Invalid argument (22)) [7.2.0-13] - kvm-target-i386-fix-operand-size-of-unary-SSE-operations.patch [bz#2173590] - kvm-tests-tcg-i386-Introduce-and-use-reg_t-consistently.patch [bz#2173590] - kvm-target-i386-Fix-BEXTR-instruction.patch [bz#2173590] - kvm-target-i386-Fix-C-flag-for-BLSI-BLSMSK-BLSR.patch [bz#2173590] - kvm-target-i386-fix-ADOX-followed-by-ADCX.patch [bz#2173590] - kvm-target-i386-Fix-32-bit-AD-CO-X-insns-in-64-bit-mode.patch [bz#2173590] - kvm-target-i386-Fix-BZHI-instruction.patch [bz#2173590] - kvm-intel-iommu-fail-DEVIOTLB_UNMAP-without-dt-mode.patch [bz#2156876] - Resolves: bz#2173590 (bugs in emulation of BMI instructions (for libguestfs without KVM)) - Resolves: bz#2156876 ([virtual network][rhel7.9_guest] qemu-kvm: vhost vring error in virtqueue 1: Invalid argument (22)) [7.2.0-12] - kvm-scsi-protect-req-aiocb-with-AioContext-lock.patch [bz#2155748] - kvm-dma-helpers-prevent-dma_blk_cb-vs-dma_aio_cancel-rac.patch [bz#2155748] - kvm-virtio-scsi-reset-SCSI-devices-from-main-loop-thread.patch [bz#2155748] - kvm-qatomic-add-smp_mb__before-after_rmw.patch [bz#2175660] - kvm-qemu-thread-posix-cleanup-fix-document-QemuEvent.patch [bz#2175660] - kvm-qemu-thread-win32-cleanup-fix-document-QemuEvent.patch [bz#2175660] - kvm-edu-add-smp_mb__after_rmw.patch [bz#2175660] - kvm-aio-wait-switch-to-smp_mb__after_rmw.patch [bz#2175660] - kvm-qemu-coroutine-lock-add-smp_mb__after_rmw.patch [bz#2175660] - kvm-physmem-add-missing-memory-barrier.patch [bz#2175660] - kvm-async-update-documentation-of-the-memory-barriers.patch [bz#2175660] - kvm-async-clarify-usage-of-barriers-in-the-polling-case.patch [bz#2175660] - Resolves: bz#2155748 (qemu crash on void blk_drain(BlockBackend *): Assertion qemu_in_main_thread() failed) - Resolves: bz#2175660 (Guest hangs when starting or rebooting) [7.2.0-11] - kvm-hw-smbios-fix-field-corruption-in-type-4-table.patch [bz#2169904] - Resolves: bz#2169904 ([SVVP] job 'Check SMBIOS Table Specific Requirements' failed on win2022) [7.2.0-10] - kvm-block-temporarily-hold-the-new-AioContext-of-bs_top-.patch [bz#2168209] - Resolves: bz#2168209 (Qemu coredump after do snapshot of mirrored top image and its converted base image(iothread enabled)) [7.2.0-9] - kvm-tests-qtest-netdev-test-stream-and-dgram-backends.patch [bz#2169232] - kvm-net-stream-add-a-new-option-to-automatically-reconne.patch [bz#2169232] - kvm-linux-headers-Update-to-v6.1.patch [bz#2158704] - kvm-util-userfaultfd-Add-uffd_open.patch [bz#2158704] - kvm-util-userfaultfd-Support-dev-userfaultfd.patch [bz#2158704] - kvm-io-Add-support-for-MSG_PEEK-for-socket-channel.patch [bz#2169732] - kvm-migration-check-magic-value-for-deciding-the-mapping.patch [bz#2169732] - kvm-target-s390x-arch_dump-Fix-memory-corruption-in-s390.patch [bz#2168172] - Resolves: bz#2169232 (RFE: reconnect option for stream socket back-end) - Resolves: bz#2158704 (RFE: Prefer /dev/userfaultfd over userfaultfd(2) syscall) - Resolves: bz#2169732 (Multifd migration fails under a weak network/socket ordering race) - Resolves: bz#2168172 ([s390x] qemu-kvm coredumps when SE crashes) [7.2.0-8] - kvm-qcow2-Fix-theoretical-corruption-in-store_bitmap-err.patch [bz#2150180] - kvm-qemu-img-commit-Report-errors-while-closing-the-imag.patch [bz#2150180] - kvm-qemu-img-bitmap-Report-errors-while-closing-the-imag.patch [bz#2150180] - kvm-qemu-iotests-Test-qemu-img-bitmap-commit-exit-code-o.patch [bz#2150180] - kvm-accel-tcg-Test-CPUJumpCache-in-tb_jmp_cache_clear_pa.patch [bz#2165280] - kvm-block-Improve-empty-format-specific-info-dump.patch [bz#1860292] - kvm-block-file-Add-file-specific-image-info.patch [bz#1860292] - kvm-block-vmdk-Change-extent-info-type.patch [bz#1860292] - kvm-block-Split-BlockNodeInfo-off-of-ImageInfo.patch [bz#1860292] - kvm-qemu-img-Use-BlockNodeInfo.patch [bz#1860292] - kvm-block-qapi-Let-bdrv_query_image_info-recurse.patch [bz#1860292] - kvm-block-qapi-Introduce-BlockGraphInfo.patch [bz#1860292] - kvm-block-qapi-Add-indentation-to-bdrv_node_info_dump.patch [bz#1860292] - kvm-iotests-Filter-child-node-information.patch [bz#1860292] - kvm-iotests-106-214-308-Read-only-one-size-line.patch [bz#1860292] - kvm-qemu-img-Let-info-print-block-graph.patch [bz#1860292] - kvm-qemu-img-Change-info-key-names-for-protocol-nodes.patch [bz#1860292] - kvm-Revert-vhost-user-Monitor-slave-channel-in-vhost_use.patch [bz#2155173] - kvm-Revert-vhost-user-Introduce-nested-event-loop-in-vho.patch [bz#2155173] - kvm-virtio-rng-pci-fix-transitional-migration-compat-for.patch [bz#2162569] - Resolves: bz#2150180 (qemu-img finishes successfully while having errors in commit or bitmaps operations) - Resolves: bz#2165280 ([kvm-unit-tests] debug-wp-migration fails) - Resolves: bz#1860292 (RFE: add extent_size_hint information to qemu-img info) - Resolves: bz#2155173 ([vhost-user] unable to start vhost net: 71: falling back on userspace) - Resolves: bz#2162569 ([transitional device][virtio-rng-pci-transitional]Stable Guest ABI failed between RHEL 8.6 to RHEL 9.2) [7.2.0-7] - kvm-vdpa-use-v-shadow_vqs_enabled-in-vhost_vdpa_svqs_sta.patch [bz#2104412] - kvm-vhost-set-SVQ-device-call-handler-at-SVQ-start.patch [bz#2104412] - kvm-vhost-allocate-SVQ-device-file-descriptors-at-device.patch [bz#2104412] - kvm-vhost-move-iova_tree-set-to-vhost_svq_start.patch [bz#2104412] - kvm-vdpa-add-vhost_vdpa_net_valid_svq_features.patch [bz#2104412] - kvm-vdpa-request-iova_range-only-once.patch [bz#2104412] - kvm-vdpa-move-SVQ-vring-features-check-to-net.patch [bz#2104412] - kvm-vdpa-allocate-SVQ-array-unconditionally.patch [bz#2104412] - kvm-vdpa-add-asid-parameter-to-vhost_vdpa_dma_map-unmap.patch [bz#2104412] - kvm-vdpa-store-x-svq-parameter-in-VhostVDPAState.patch [bz#2104412] - kvm-vdpa-add-shadow_data-to-vhost_vdpa.patch [bz#2104412] - kvm-vdpa-always-start-CVQ-in-SVQ-mode-if-possible.patch [bz#2104412] - kvm-vdpa-fix-VHOST_BACKEND_F_IOTLB_ASID-flag-check.patch [bz#2104412] - kvm-spec-Disable-VDUSE.patch [bz#2128222] - Resolves: bz#2104412 (vDPA ASID support in Qemu) - Resolves: bz#2128222 (VDUSE block export should be disabled in builds for now) [7.2.0-6] - kvm-virtio_net-Modify-virtio_net_get_config-to-early-ret.patch [bz#2141088] - kvm-virtio_net-copy-VIRTIO_NET_S_ANNOUNCE-if-device-mode.patch [bz#2141088] - kvm-vdpa-handle-VIRTIO_NET_CTRL_ANNOUNCE-in-vhost_vdpa_n.patch [bz#2141088] - kvm-vdpa-do-not-handle-VIRTIO_NET_F_GUEST_ANNOUNCE-in-vh.patch [bz#2141088] - kvm-s390x-pv-Implement-a-CGS-check-helper.patch [bz#2122523] - kvm-s390x-pci-coalesce-unmap-operations.patch [bz#2163701] - kvm-s390x-pci-shrink-DMA-aperture-to-be-bound-by-vfio-DM.patch [bz#2163701] - kvm-s390x-pci-reset-ISM-passthrough-devices-on-shutdown-.patch [bz#2163701] - kvm-qga-linux-add-usb-support-to-guest-get-fsinfo.patch [bz#2149191] - Resolves: bz#2141088 (vDPA SVQ guest announce support) - Resolves: bz#2122523 (Secure guest can't boot with maximal number of vcpus (248)) - Resolves: bz#2163701 ([s390x] VM fails to start with ISM passed through) - Resolves: bz#2149191 ([RFE][guest-agent] - USB bus type support) [7.2.0-5] - kvm-virtio-introduce-macro-VIRTIO_CONFIG_IRQ_IDX.patch [bz#1905805] - kvm-virtio-pci-decouple-notifier-from-interrupt-process.patch [bz#1905805] - kvm-virtio-pci-decouple-the-single-vector-from-the-inter.patch [bz#1905805] - kvm-vhost-introduce-new-VhostOps-vhost_set_config_call.patch [bz#1905805] - kvm-vhost-vdpa-add-support-for-config-interrupt.patch [bz#1905805] - kvm-virtio-add-support-for-configure-interrupt.patch [bz#1905805] - kvm-vhost-add-support-for-configure-interrupt.patch [bz#1905805] - kvm-virtio-net-add-support-for-configure-interrupt.patch [bz#1905805] - kvm-virtio-mmio-add-support-for-configure-interrupt.patch [bz#1905805] - kvm-virtio-pci-add-support-for-configure-interrupt.patch [bz#1905805] - kvm-s390x-s390-virtio-ccw-Activate-zPCI-features-on-s390.patch [bz#2159408] - kvm-vhost-fix-vq-dirty-bitmap-syncing-when-vIOMMU-is-ena.patch [bz#2124856] - kvm-block-drop-bdrv_remove_filter_or_cow_child.patch [bz#2155112] - kvm-qed-Don-t-yield-in-bdrv_qed_co_drain_begin.patch [bz#2155112] - kvm-test-bdrv-drain-Don-t-yield-in-.bdrv_co_drained_begi.patch [bz#2155112] - kvm-block-Revert-.bdrv_drained_begin-end-to-non-coroutin.patch [bz#2155112] - kvm-block-Remove-drained_end_counter.patch [bz#2155112] - kvm-block-Inline-bdrv_drain_invoke.patch [bz#2155112] - kvm-block-Fix-locking-for-bdrv_reopen_queue_child.patch [bz#2155112] - kvm-block-Drain-individual-nodes-during-reopen.patch [bz#2155112] - kvm-block-Don-t-use-subtree-drains-in-bdrv_drop_intermed.patch [bz#2155112] - kvm-stream-Replace-subtree-drain-with-a-single-node-drai.patch [bz#2155112] - kvm-block-Remove-subtree-drains.patch [bz#2155112] - kvm-block-Call-drain-callbacks-only-once.patch [bz#2155112] - kvm-block-Remove-ignore_bds_parents-parameter-from-drain.patch [bz#2155112] - kvm-block-Drop-out-of-coroutine-in-bdrv_do_drained_begin.patch [bz#2155112] - kvm-block-Don-t-poll-in-bdrv_replace_child_noperm.patch [bz#2155112] - kvm-block-Remove-poll-parameter-from-bdrv_parent_drained.patch [bz#2155112] - kvm-accel-introduce-accelerator-blocker-API.patch [bz#1979276] - kvm-KVM-keep-track-of-running-ioctls.patch [bz#1979276] - kvm-kvm-Atomic-memslot-updates.patch [bz#1979276] - Resolves: bz#1905805 (support config interrupt in vhost-vdpa qemu) - Resolves: bz#2159408 ([s390x] VMs with ISM passthrough don't autostart after leapp upgrade from RHEL 8) - Resolves: bz#2124856 (VM with virtio interface and iommu=on will crash when try to migrate) - Resolves: bz#2155112 (Qemu coredump after do snapshot of mirrored top image and its converted base image(iothread enabled)) - Resolves: bz#1979276 (SVM: non atomic memslot updates cause boot failure with seabios and cpu-pm=on) [7.2.0-4] - kvm-virtio-rng-pci-fix-migration-compat-for-vectors.patch [bz#2155749] - kvm-Update-QGA-service-for-new-command-line.patch [bz#2156515] - Resolves: bz#2155749 ([regression][stable guest abi][qemu-kvm7.2]Migration failed due to virtio-rng device between RHEL8.8 and RHEL9.2/MSI-X) - Resolves: bz#2156515 ([guest-agent] Replace '-blacklist' to '-block-rpcs' in qemu-ga config file) [7.2.0-3] - kvm-hw-arm-virt-Introduce-virt_set_high_memmap-helper.patch [bz#2113840] - kvm-hw-arm-virt-Rename-variable-size-to-region_size-in-v.patch [bz#2113840] - kvm-hw-arm-virt-Introduce-variable-region_base-in-virt_s.patch [bz#2113840] - kvm-hw-arm-virt-Introduce-virt_get_high_memmap_enabled-h.patch [bz#2113840] - kvm-hw-arm-virt-Improve-high-memory-region-address-assig.patch [bz#2113840] - kvm-hw-arm-virt-Add-compact-highmem-property.patch [bz#2113840] - kvm-hw-arm-virt-Add-properties-to-disable-high-memory-re.patch [bz#2113840] - kvm-hw-arm-virt-Enable-compat-high-memory-region-address.patch [bz#2113840] - Resolves: bz#2113840 ([RHEL9.2] Memory mapping optimization for virt machine) [7.2.0-2] - Fix updating from 7.1.0 - kvm-redhat-fix-virt-rhel9.2.0-compat-props.patch[bz#2154640] - Resolves: bz#2154640 ([aarch64] qemu fails to load 'efi-virtio.rom' romfile when creating virtio-net-pci) [7.2.0-1] - Rebase to QEMU 7.2.0 [bz#2135806] - Resolves: bz#2135806 (Rebase to QEMU 7.2 for RHEL 9.2.0) [7.1.0-7] - kvm-hw-acpi-erst.c-Fix-memory-handling-issues.patch [bz#2149108] - Resolves: bz#2149108 (CVE-2022-4172 qemu-kvm: QEMU: ACPI ERST: memory corruption issues in read_erst_record and write_erst_record [rhel-9]) [7.1.0-6] - kvm-block-move-bdrv_qiov_is_aligned-to-file-posix.patch [bz#2143170] - kvm-block-use-the-request-length-for-iov-alignment.patch [bz#2143170] - Resolves: bz#2143170 (The installation can not start when install files (iso) locate on a 4k disk) [7.1.0-5] - kvm-rtl8139-Remove-unused-variable.patch [bz#2141218] - kvm-qemu-img-remove-unused-variable.patch [bz#2141218] - kvm-host-libusb-Remove-unused-variable.patch [bz#2141218] - Resolves: bz#2141218 (qemu-kvm build fails with clang 15.0.1 due to false unused variable error) [7.1.0-4] - kvm-Revert-intel_iommu-Fix-irqchip-X2APIC-configuration-.patch [bz#2126095] - Resolves: bz#2126095 ([rhel9.2][intel_iommu]Booting guest with '-device intel-iommu,intremap=on,device-iotlb=on,caching-mode=on' causes kernel call trace) [7.1.0-3] - kvm-target-i386-kvm-fix-kvmclock_current_nsec-Assertion-.patch [bz#2108531] - Resolves: bz#2108531 (Windows guest reboot after migration with wsl2 installed inside) [7.1.0-2] - kvm-vdpa-Skip-the-maps-not-in-the-iova-tree.patch [RHELX-57] - kvm-vdpa-do-not-save-failed-dma-maps-in-SVQ-iova-tree.patch [RHELX-57] - kvm-util-accept-iova_tree_remove_parameter-by-value.patch [RHELX-57] - kvm-vdpa-Remove-SVQ-vring-from-iova_tree-at-shutdown.patch [RHELX-57] - kvm-vdpa-Make-SVQ-vring-unmapping-return-void.patch [RHELX-57] - kvm-vhost-Always-store-new-kick-fd-on-vhost_svq_set_svq_.patch [RHELX-57] - kvm-vdpa-Use-ring-hwaddr-at-vhost_vdpa_svq_unmap_ring.patch [RHELX-57] - kvm-vhost-stop-transfer-elem-ownership-in-vhost_handle_g.patch [RHELX-57] - kvm-vhost-use-SVQ-element-ndescs-instead-of-opaque-data-.patch [RHELX-57] - kvm-vhost-Delete-useless-read-memory-barrier.patch [RHELX-57] - kvm-vhost-Do-not-depend-on-NULL-VirtQueueElement-on-vhos.patch [RHELX-57] - kvm-vhost_net-Add-NetClientInfo-start-callback.patch [RHELX-57] - kvm-vhost_net-Add-NetClientInfo-stop-callback.patch [RHELX-57] - kvm-vdpa-add-net_vhost_vdpa_cvq_info-NetClientInfo.patch [RHELX-57] - kvm-vdpa-Move-command-buffers-map-to-start-of-net-device.patch [RHELX-57] - kvm-vdpa-extract-vhost_vdpa_net_cvq_add-from-vhost_vdpa_.patch [RHELX-57] - kvm-vhost_net-add-NetClientState-load-callback.patch [RHELX-57] - kvm-vdpa-Add-virtio-net-mac-address-via-CVQ-at-start.patch [RHELX-57] - kvm-vdpa-Delete-CVQ-migration-blocker.patch [RHELX-57] - kvm-vdpa-Make-VhostVDPAState-cvq_cmd_in_buffer-control-a.patch [RHELX-57] - kvm-vdpa-extract-vhost_vdpa_net_load_mac-from-vhost_vdpa.patch [RHELX-57] - kvm-vdpa-Add-vhost_vdpa_net_load_mq.patch [RHELX-57] - kvm-vdpa-validate-MQ-CVQ-commands.patch [RHELX-57] - kvm-virtio-net-Update-virtio-net-curr_queue_pairs-in-vdp.patch [RHELX-57] - kvm-vdpa-Allow-MQ-feature-in-SVQ.patch [RHELX-57] - kvm-i386-reset-KVM-nested-state-upon-CPU-reset.patch [bz#2125281] - kvm-i386-do-kvm_put_msr_feature_control-first-thing-when.patch [bz#2125281] - kvm-Revert-Re-enable-capstone-internal-build.patch [bz#2127825] - kvm-spec-Use-capstone-package.patch [bz#2127825] - Resolves: RHELX-57 (vDPA SVQ Multiqueue support ) - Resolves: bz#2125281 ([RHEL9.1] Guests in VMX root operation fail to reboot with QEMU's 'system_reset' command [rhel-9.2.0]) - Resolves: bz#2127825 (Use capstone for qemu-kvm build) [7.1.0-1] - Rebase to QEMU 7.1.0 [bz#2111769] - Resolves: bz#2111769 (Rebase to QEMU 7.1.0) [7.0.0-11] - kvm-QIOChannelSocket-Fix-zero-copy-flush-returning-code-.patch [bz#2107466] - kvm-Add-dirty-sync-missed-zero-copy-migration-stat.patch [bz#2107466] - kvm-migration-multifd-Report-to-user-when-zerocopy-not-w.patch [bz#2107466] - kvm-migration-Avoid-false-positive-on-non-supported-scen.patch [bz#2107466] - kvm-migration-add-remaining-params-has_-true-in-migratio.patch [bz#2107466] - kvm-QIOChannelSocket-Add-support-for-MSG_ZEROCOPY-IPV6.patch [bz#2107466] - kvm-pc-bios-s390-ccw-Fix-booting-with-logical-block-size.patch [bz#2112303] - kvm-vdpa-Fix-bad-index-calculus-at-vhost_vdpa_get_vring_.patch [bz#2116876] - kvm-vdpa-Fix-index-calculus-at-vhost_vdpa_svqs_start.patch [bz#2116876] - kvm-vdpa-Fix-memory-listener-deletions-of-iova-tree.patch [bz#2116876] - kvm-vdpa-Fix-file-descriptor-leak-on-get-features-error.patch [bz#2116876] - Resolves: bz#2107466 (zerocopy capability can be enabled when set migrate capabilities with multifd and compress/xbzrle together) - Resolves: bz#2112303 (virtio-blk: Can't boot fresh installation from used 512 cluster_size image under certain conditions) - Resolves: bz#2116876 (Fixes for vDPA control virtqueue support in Qemu) [7.0.0-10] - kvm-vhost-Track-descriptor-chain-in-private-at-SVQ.patch [bz#1939363] - kvm-vhost-Fix-device-s-used-descriptor-dequeue.patch [bz#1939363] - kvm-hw-virtio-Replace-g_memdup-by-g_memdup2.patch [bz#1939363] - kvm-vhost-Fix-element-in-vhost_svq_add-failure.patch [bz#1939363] - kvm-meson-create-have_vhost_-variables.patch [bz#1939363] - kvm-meson-use-have_vhost_-variables-to-pick-sources.patch [bz#1939363] - kvm-vhost-move-descriptor-translation-to-vhost_svq_vring.patch [bz#1939363] - kvm-virtio-net-Expose-MAC_TABLE_ENTRIES.patch [bz#1939363] - kvm-virtio-net-Expose-ctrl-virtqueue-logic.patch [bz#1939363] - kvm-vdpa-Avoid-compiler-to-squash-reads-to-used-idx.patch [bz#1939363] - kvm-vhost-Reorder-vhost_svq_kick.patch [bz#1939363] - kvm-vhost-Move-vhost_svq_kick-call-to-vhost_svq_add.patch [bz#1939363] - kvm-vhost-Check-for-queue-full-at-vhost_svq_add.patch [bz#1939363] - kvm-vhost-Decouple-vhost_svq_add-from-VirtQueueElement.patch [bz#1939363] - kvm-vhost-Add-SVQDescState.patch [bz#1939363] - kvm-vhost-Track-number-of-descs-in-SVQDescState.patch [bz#1939363] - kvm-vhost-add-vhost_svq_push_elem.patch [bz#1939363] - kvm-vhost-Expose-vhost_svq_add.patch [bz#1939363] - kvm-vhost-add-vhost_svq_poll.patch [bz#1939363] - kvm-vhost-Add-svq-avail_handler-callback.patch [bz#1939363] - kvm-vdpa-Export-vhost_vdpa_dma_map-and-unmap-calls.patch [bz#1939363] - kvm-vhost-net-vdpa-add-stubs-for-when-no-virtio-net-devi.patch [bz#1939363] - kvm-vdpa-manual-forward-CVQ-buffers.patch [bz#1939363] - kvm-vdpa-Buffer-CVQ-support-on-shadow-virtqueue.patch [bz#1939363] - kvm-vdpa-Extract-get-features-part-from-vhost_vdpa_get_m.patch [bz#1939363] - kvm-vdpa-Add-device-migration-blocker.patch [bz#1939363] - kvm-vdpa-Add-x-svq-to-NetdevVhostVDPAOptions.patch [bz#1939363] - kvm-redhat-Update-linux-headers-linux-kvm.h-to-v5.18-rc6.patch [bz#2111994] - kvm-target-s390x-kvm-Honor-storage-keys-during-emulation.patch [bz#2111994] - kvm-kvm-don-t-use-perror-without-useful-errno.patch [bz#2095608] - kvm-multifd-Copy-pages-before-compressing-them-with-zlib.patch [bz#2099934] - kvm-Revert-migration-Simplify-unqueue_page.patch [bz#2099934] - Resolves: bz#1939363 (vDPA control virtqueue support in Qemu) - Resolves: bz#2111994 (RHEL9: skey test in kvm_unit_test got failed) - Resolves: bz#2095608 (Please correct the error message when try to start qemu with '-M kernel-irqchip=split') - Resolves: bz#2099934 (Guest reboot on destination host after postcopy migration completed) [7.0.0-9] - kvm-virtio-iommu-Add-bypass-mode-support-to-assigned-dev.patch [bz#2100106] - kvm-virtio-iommu-Use-recursive-lock-to-avoid-deadlock.patch [bz#2100106] - kvm-virtio-iommu-Add-an-assert-check-in-translate-routin.patch [bz#2100106] - kvm-virtio-iommu-Fix-the-partial-copy-of-probe-request.patch [bz#2100106] - kvm-virtio-iommu-Fix-migration-regression.patch [bz#2100106] - kvm-pc-bios-s390-ccw-virtio-Introduce-a-macro-for-the-DA.patch [bz#2098077] - kvm-pc-bios-s390-ccw-bootmap-Improve-the-guessing-logic-.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-blkdev-Simplify-fix-virtio_i.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-blkdev-Remove-virtio_assume_.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-Set-missing-status-bits-whil.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-Read-device-config-after-fea.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-Beautify-the-code-for-readin.patch [bz#2098077] - kvm-pc-bios-s390-ccw-Split-virtio-scsi-code-from-virtio_.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-blkdev-Request-the-right-fea.patch [bz#2098077] - kvm-pc-bios-s390-ccw-netboot.mak-Ignore-Clang-s-warnings.patch [bz#2098077] - kvm-hw-block-fdc-Prevent-end-of-track-overrun-CVE-2021-3.patch [bz#1951522] - kvm-tests-qtest-fdc-test-Add-a-regression-test-for-CVE-2.patch [bz#1951522] - Resolves: bz#2100106 (Fix virtio-iommu/vfio bypass) - Resolves: bz#2098077 (virtio-blk: Can't boot fresh installation from used virtio-blk dasd disk under certain conditions) - Resolves: bz#1951522 (CVE-2021-3507 qemu-kvm: QEMU: fdc: heap buffer overflow in DMA read data transfers [rhel-9.0]) [7.0.0-8] - kvm-tests-avocado-update-aarch64_virt-test-to-exercise-c.patch [bz#2060839] - kvm-RHEL-only-tests-avocado-Switch-aarch64-tests-from-a5.patch [bz#2060839] - kvm-RHEL-only-AArch64-Drop-unsupported-CPU-types.patch [bz#2060839] - kvm-target-i386-deprecate-CPUs-older-than-x86_64-v2-ABI.patch [bz#2060839] - kvm-target-s390x-deprecate-CPUs-older-than-z14.patch [bz#2060839] - kvm-target-arm-deprecate-named-CPU-models.patch [bz#2060839] - kvm-meson.build-Fix-docker-test-build-alpine-when-includ.patch [bz#1968509] - kvm-QIOChannel-Add-flags-on-io_writev-and-introduce-io_f.patch [bz#1968509] - kvm-QIOChannelSocket-Implement-io_writev-zero-copy-flag-.patch [bz#1968509] - kvm-migration-Add-zero-copy-send-parameter-for-QMP-HMP-f.patch [bz#1968509] - kvm-migration-Add-migrate_use_tls-helper.patch [bz#1968509] - kvm-multifd-multifd_send_sync_main-now-returns-negative-.patch [bz#1968509] - kvm-multifd-Send-header-packet-without-flags-if-zero-cop.patch [bz#1968509] - kvm-multifd-Implement-zero-copy-write-in-multifd-migrati.patch [bz#1968509] - kvm-QIOChannelSocket-Introduce-assert-and-reduce-ifdefs-.patch [bz#1968509] - kvm-QIOChannelSocket-Fix-zero-copy-send-so-socket-flush-.patch [bz#1968509] - kvm-migration-Change-zero_copy_send-from-migration-param.patch [bz#1968509] - kvm-migration-Allow-migrate-recover-to-run-multiple-time.patch [bz#2096143] - Resolves: bz#2060839 (Consider deprecating CPU models like 'kvm64' / 'qemu64' on RHEL 9) - Resolves: bz#1968509 (Use MSG_ZEROCOPY on QEMU Live Migration) - Resolves: bz#2096143 (The migration port is not released if use it again for recovering postcopy migration) [7.0.0-7] - kvm-coroutine-ucontext-use-QEMU_DEFINE_STATIC_CO_TLS.patch [bz#1952483] - kvm-coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch [bz#1952483] - kvm-coroutine-win32-use-QEMU_DEFINE_STATIC_CO_TLS.patch [bz#1952483] - kvm-Enable-virtio-iommu-pci-on-x86_64.patch [bz#2094252] - kvm-linux-aio-fix-unbalanced-plugged-counter-in-laio_io_.patch [bz#2092788] - kvm-linux-aio-explain-why-max-batch-is-checked-in-laio_i.patch [bz#2092788] - Resolves: bz#1952483 (RFE: QEMU's coroutines fail with CFLAGS=-flto on non-x86_64 architectures) - Resolves: bz#2094252 (Compile the virtio-iommu device on x86_64) - Resolves: bz#2092788 (Stalled IO Operations in VM) [7.0.0-6] - kvm-Introduce-event-loop-base-abstract-class.patch [bz#2031024] - kvm-util-main-loop-Introduce-the-main-loop-into-QOM.patch [bz#2031024] - kvm-util-event-loop-base-Introduce-options-to-set-the-th.patch [bz#2031024] - kvm-qcow2-Improve-refcount-structure-rebuilding.patch [bz#2072379] - kvm-iotests-108-Test-new-refcount-rebuild-algorithm.patch [bz#2072379] - kvm-qcow2-Add-errp-to-rebuild_refcount_structure.patch [bz#2072379] - kvm-iotests-108-Fix-when-missing-user_allow_other.patch [bz#2072379] - kvm-virtio-net-setup-vhost_dev-and-notifiers-for-cvq-onl.patch [bz#2070804] - kvm-virtio-net-align-ctrl_vq-index-for-non-mq-guest-for-.patch [bz#2070804] - kvm-vhost-vdpa-fix-improper-cleanup-in-net_init_vhost_vd.patch [bz#2070804] - kvm-vhost-net-fix-improper-cleanup-in-vhost_net_start.patch [bz#2070804] - kvm-vhost-vdpa-backend-feature-should-set-only-once.patch [bz#2070804] - kvm-vhost-vdpa-change-name-and-polarity-for-vhost_vdpa_o.patch [bz#2070804] - kvm-virtio-net-don-t-handle-mq-request-in-userspace-hand.patch [bz#2070804] - kvm-Revert-globally-limit-the-maximum-number-of-CPUs.patch [bz#2094270] - kvm-vfio-common-remove-spurious-warning-on-vfio_listener.patch [bz#2086262] - Resolves: bz#2031024 (Add support for fixing thread pool size [QEMU]) - Resolves: bz#2072379 (Fail to rebuild the reference count tables of qcow2 image on host block devices (e.g. LVs)) - Resolves: bz#2070804 (PXE boot crash qemu when using multiqueue vDPA) - Resolves: bz#2094270 (Do not set the hard vCPU limit to the soft vCPU limit in downstream qemu-kvm anymore) - Resolves: bz#2086262 ([Win11][tpm]vfio_listener_region_del received unaligned region) [7.0.0-5] - kvm-qemu-nbd-Pass-max-connections-to-blockdev-layer.patch [bz#1708300] - kvm-nbd-server-Allow-MULTI_CONN-for-shared-writable-expo.patch [bz#1708300] - Resolves: bz#1708300 (RFE: qemu-nbd vs NBD_FLAG_CAN_MULTI_CONN) [7.0.0-4] - kvm-qapi-machine.json-Add-cluster-id.patch [bz#2041823] - kvm-qtest-numa-test-Specify-CPU-topology-in-aarch64_numa.patch [bz#2041823] - kvm-hw-arm-virt-Consider-SMP-configuration-in-CPU-topolo.patch [bz#2041823] - kvm-qtest-numa-test-Correct-CPU-and-NUMA-association-in-.patch [bz#2041823] - kvm-hw-arm-virt-Fix-CPU-s-default-NUMA-node-ID.patch [bz#2041823] - kvm-hw-acpi-aml-build-Use-existing-CPU-topology-to-build.patch [bz#2041823] - kvm-coroutine-Rename-qemu_coroutine_inc-dec_pool_size.patch [bz#2079938] - kvm-coroutine-Revert-to-constant-batch-size.patch [bz#2079938] - kvm-virtio-scsi-fix-ctrl-and-event-handler-functions-in-.patch [bz#2079347] - kvm-virtio-scsi-don-t-waste-CPU-polling-the-event-virtqu.patch [bz#2079347] - kvm-virtio-scsi-clean-up-virtio_scsi_handle_event_vq.patch [bz#2079347] - kvm-virtio-scsi-clean-up-virtio_scsi_handle_ctrl_vq.patch [bz#2079347] - kvm-virtio-scsi-clean-up-virtio_scsi_handle_cmd_vq.patch [bz#2079347] - kvm-virtio-scsi-move-request-related-items-from-.h-to-.c.patch [bz#2079347] - kvm-Revert-virtio-scsi-Reject-scsi-cd-if-data-plane-enab.patch [bz#1995710] - kvm-migration-Fix-operator-type.patch [bz#2064530] - Resolves: bz#2041823 ([aarch64][numa] When there are at least 6 Numa nodes serial log shows 'arch topology borken') - Resolves: bz#2079938 (qemu coredump when boot with multi disks (qemu) failed to set up stack guard page: Cannot allocate memory) - Resolves: bz#2079347 (Guest boot blocked when scsi disks using same iothread and 100% CPU consumption) - Resolves: bz#1995710 (RFE: Allow virtio-scsi CD-ROM media change with IOThreads) - Resolves: bz#2064530 (Rebuild qemu-kvm with clang-14) [7.0.0-3] - kvm-hw-arm-virt-Remove-the-dtb-kaslr-seed-machine-option.patch [bz#2046029] - kvm-hw-arm-virt-Fix-missing-initialization-in-instance-c.patch [bz#2046029] - kvm-Enable-virtio-iommu-pci-on-aarch64.patch [bz#1477099] - kvm-sysemu-tpm-Add-a-stub-function-for-TPM_IS_CRB.patch [bz#2037612] - kvm-vfio-common-remove-spurious-tpm-crb-cmd-misalignment.patch [bz#2037612] - Resolves: bz#2046029 ([WRB] New machine type property - dtb-kaslr-seed) - Resolves: bz#1477099 (virtio-iommu (including ACPI, VHOST/VFIO integration, migration support)) - Resolves: bz#2037612 ([Win11][tpm][QL41112 PF] vfio_listener_region_add received unaligned region) [7.0.0-2] - kvm-configs-devices-aarch64-softmmu-Enable-CONFIG_VIRTIO.patch [bz#2044162] - kvm-target-ppc-cpu-models-Fix-ppc_cpu_aliases-list-for-R.patch [bz#2081022] - Resolves: bz#2044162 ([RHEL9.1] Enable virtio-mem as tech-preview on ARM64 QEMU) - Resolves: bz#2081022 (Build regression on ppc64le with c9s qemu-kvm 7.0.0-1 changes) [7.0.0-1] - Rebase to QEMU 7.0.0 [bz#2064757] - Do not build ssh block driver anymore [bz#2064500] - Removed hpet and parallel port support [bz#2065042] - Compatibility support [bz#2064782 bz#2064771] - Resolves: bz#2064757 (Rebase to QEMU 7.0.0) - Resolves: bz#2064500 (Install qemu-kvm-6.2.0-11.el9_0.1 failed as conflict with qemu-kvm-block-ssh-6.2.0-11.el9_0.1) - Resolves: bz#2065042 (Remove upstream-only devices from the qemu-kvm binary) - Resolves: bz#2064782 (Update machine type compatibility for QEMU 7.0.0 update [s390x]) - Resolves: bz#2064771 (Update machine type compatibility for QEMU 7.0.0 update [x86_64]) [6.2.0-13] - kvm-RHEL-disable-seqpacket-for-vhost-vsock-device-in-rhe.patch [bz#2065589] - Resolves: bz#2065589 (RHEL 9.0 guest with vsock device migration failed from RHEL 9.0 > RHEL 8.6 [rhel-9.1.0]) MODERATE Copyright 2024 Oracle, Inc. CVE-2023-5088 CVE-2023-6683 CVE-2023-42467 CVE-2023-3019 CVE-2023-3255 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [0.21.1-1] - 0.21.1 - Include the fix for CVE-2023-1729 from Fedora Resolves: RHEL-768 LOW Copyright 2024 Oracle, Inc. CVE-2023-1729 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::distro_builder cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1.7.0-9] - Fix CVE-2023-43785: out-of-bounds memory access in _XkbReadKeySyms() - Fix CVE-2023-43786: stack exhaustion from infinite recursion in PutSubImage() - Fix CVE-2023-43787: integer overflow in XCreateImage() leading to a heap overflow MODERATE Copyright 2024 Oracle, Inc. CVE-2023-43786 CVE-2023-43787 CVE-2023-43785 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [3.5.13-10] - Drop hardening patches from previous version to keep ABI compatibility [3.5.13-9] - CVE-2023-43786 libX11: stack exhaustion from infinite recursion in PutSubImage() - CVE-2023-43787 libX11: integer overflow in XCreateImage() leading to a heap overflow - CVE-2023-43788 libXpm: out of bounds read in XpmCreateXpmImageFromBuffer() - CVE-2023-43789 libXpm: out of bounds read on XPM with corrupted colormap MODERATE Copyright 2024 Oracle, Inc. CVE-2023-43788 CVE-2023-43789 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [4.11.0-9.0.1] - Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674] - Add bind to ipa-server-common Requires [Orabug: 36518596] [4.11.0-9] - Resolves: RHEL-28258 vault fails on non-fips client if server is in FIPS mode - Resolves: RHEL-26154 ipa: freeipa: specially crafted HTTP requests potentially lead to DoS or data exposure [4.11.0-8] - Resolves: RHEL-12143 'ipa vault-add is failing with ipa: ERROR: an internal error has occurred in FIPS mode - Resolves: RHEL-25738 ipa-kdb: Cannot determine if PAC generator is available [4.11.0-7] - Resolves: RHEL-25260 tier-1-upstream-dns-locations failed on RHEL8.8 gating - Resolves: RHEL-25738 ipa-kdb: Cannot determine if PAC generator is available - Resolves: RHEL-25815 Backport latest test fixes in python3-ipatests [4.11.0-6] - Resolves: RHEL-23627 IPA stops working if HTTP/... service principal was created before FreeIPA 4.4.0 and never modified - Resolves: RHEL-23625 sidgen plugin does not ignore staged users - Resolves: RHEL-23621 session cookie can't be read - Resolves: RHEL-22372 Gating-DL1 test failure in test_integration/test_dns_locations.py::TestDNSLocations::()::test_ipa_ca_records - Resolves: RHEL-21809 CA less servers are failing to be added in topology segment for domain suffix - Resolves: RHEL-17996 Memory leak in IdM's KDC [4.11.0-5] - Resolves: RHEL-12589 ipa: Invalid CSRF protection - Resolves: RHEL-19748 ipa hbac-test did not report that it hit an arbitrary search limit - Resolves: RHEL-21059 'DogtagCertsConfigCheck' fails, displaying the error message 'Malformed directive: ca.signing.certnickname=caSigningCert cert-pki-ca' - Resolves: RHEL-21804 ipa client 4.10.2 - Failed to obtain host TGT - Resolves: RHEL-21809 CA less servers are failing to be added in topology segment for domain suffix - Resolves: RHEL-21810 ipa-client-install --automount-location does not work - Resolves: RHEL-21811 Handle change in behavior of pki-server ca-config-show in pki 11.5.0 - Resolves: RHEL-21812 Backport latest test fixes in ipa - Resolves: RHEL-21813 krb5kdc fails to start when pkinit and otp auth type is enabled in ipa - Resolves: RHEL-21815 IPA 389ds plugins need to have better logging and tracing - Resolves: RHEL-21937 Make sure a default NetBIOS name is set if not passed in by ADTrust instance constructor [4.11.0-4] - Resolves: RHEL-16985 Handle samba 4.19 changes in samba.security.dom_sid() [4.11.0-3] - Resolves: RHEL-14428 healthcheck reports nsslapd-accesslog-logbuffering is set to 'off' [4.11.0-2] - Resolves: RHEL-14292 Backport latest test fixes in python3-ipatests - Resolves: RHEL-15443 Server install: failure to install with externally signed CA because of timezone issue - Resolves: RHEL-15444 Minimum length parameter in pwpolicy cannot be removed with empty string - Resolves: RHEL-14842 Upstream xmlrpc tests are failing in RHEL9.4 [4.11.0-1] - Resolves: RHEL-11652 Rebase ipa to latest 4.11.x version for RHEL 9.4 [4.10.2-4] - Resolves: rhbz#2231847 RHEL 8.8 & 9.2 fails to create AD trust with STIG applied - Resolves: rhbz#2232056 Include latest test fixes in python3-ipatests [4.10.2-3] - Resolves: rhbz#2229712 Delete operation protection for admin user - Resolves: rhbz#2227831 Interrupt request processing in ipadb_fill_info3() if connection to 389ds is lost - Resolves: rhbz#2227784 libipa_otp_lasttoken plugin memory leak - Resolves: rhbz#2224570 Improved error messages are needed when attempting to add a non-existing idp to a user - Resolves: rhbz#2230251 Backport latest test fixes to python3-ipatests [4.10.2-2] - Resolves: rhbz#2192969 Better handling of the command line and web UI cert search and/or list features - Resolves: rhbz#2214933 Uninstalling of the IPA server is encountering a failure during the unconfiguration of the CA (Unconfiguring CA) - Resolves: rhbz#2216114 After updating the RHEL from 8.7 to 8.8, IPA services fails to start - Resolves: rhbz#2216549 Upgrade to 4.9.10-6.0.1 fails: attributes are managed by topology plugin - Resolves: rhbz#2216611 Backport latest test fixes in python3-ipatests - Resolves: rhbz#2216872 User authentication failing on OTP validation using multiple tokens, succeeds with password only [4.10.2-1] - Resolves: rhbz#2196426 [Rebase] Rebase ipa to latest 4.10.x release for RHEL 9.3 - Resolves: rhbz#2192969 Better handling of the command line and web UI cert search and/or list features - Resolves: rhbz#2192625 Better catch of the IPA web UI event 'IPA Error 4301:CertificateOperationError', and IPA httpd error CertificateOperationError - Resolves: rhbz#2188567 IPA client Kerberos configuration incompatible with java - Resolves: rhbz#2182683 Tolerate absence of PAC ticket signature depending of domain and servers capabilities [rhel-9] - Resolves: rhbz#2180914 Sequence processing failures for group_add using server context - Resolves: rhbz#2165880 Add RBCD support to IPA - Resolves: rhbz#2160399 get_ranges - [file ipa_sidgen_common.c, line 276]: Failed to convert LDAP entry to range struct [4.10.1-6] - Resolves: rhbz#2169632 Backport latest test fixes in python3-ipatests [4.10.1-5] - Resolves: rhbz#2162656 Passwordless (GSSAPI) SSH not working for subdomain - Resolves: rhbz#2166326 Removing the last DNS type for ipa-ca does not work - Resolves: rhbz#2167473 RFE - Add a warning note about possible performance impact of the Auto Member rebuild task - Resolves: rhbz#2168244 requestsearchtimelimit=0 doesn't seems to be work with ipa-acme-manage pruning command [4.10.1-4] - Resolves: rhbz#2161284 'ERROR Could not remove /tmp/tmpbkw6hawo.ipabkp' can be seen prior to 'ipa-client-install' command was successful - Resolves: rhbz#2164403 ipa-trust-add with --range-type=ipa-ad-trust-posix fails while creating an ID range - Resolves: rhbz#2162677 RFE: Implement support for PKI certificate and request pruning - Resolves: rhbz#2167312 - Backport latest test fixes in python3-ipatests [4.10.1-3] - Rebuild against krb5 1.20.1 ABI - Resolves: rhbz#2155425 [4.10.1-2] - Resolves: rhbz#2148887 MemberManager with groups fails - Resolves: rhbz#2150335 idm:client is missing dependency on krb5-pkinit [4.10.1-1] - Resolves: rhbz#2141315 [Rebase] Rebase ipa to latest 4.10.x release for RHEL 9.2 - Resolves: rhbz#2094673 ipa-client-install should just use system wide CA store and do not specify TLS_CACERT in ldap.conf - Resolves: rhbz#2117167 After leapp upgrade on ipa-client ipa-server package installation failed. (REQ_FULL_WITH_MEMBERS returns object from wrong domain) - Resolves: rhbz#2127833 Password Policy Grace login limit allows invalid maximum value - Resolves: rhbz#2143224 [RFE] add certificate support to ipa-client instead of one time password - Resolves: rhbz#2144736 vault interoperability with older RHEL systems is broken - Resolves: rhbz#2148258 ipa-client-install does not maintain server affinity during installation - Resolves: rhbz#2148379 Add warning for empty targetattr when creating ACI with RBAC - Resolves: rhbz#2148380 OTP token sync always returns OK even with random numbers - Resolves: rhbz#2148381 Deprecated feature idnssoaserial in IdM appears when creating reverse dns zones - Resolves: rhbz#2148382 Introduction of URI records for kerberos breaks location functionality [4.10.0-7] - Resolves: rhbz#2124547 Attempt to log in as 'root' user with admin's password in Web UI does not properly fail - Resolves: rhbz#2137555 Attempt to log in as 'root' user with admin's password in Web UI does not properly fail [rhel-9.1.0.z] [4.10.0-6] - Resolves: rhbz#2110014 ldap bind occurs when admin user changes password with gracelimit=0 - Resolves: rhbz#2112901 RFE: Allow grace login limit to be set in IPA WebUI - Resolves: rhbz#2115495 group password policy by default does not allow grace logins - Resolves: rhbz#2116966 ipa-replica-manage displays traceback: Unexpected error: 'bool' object has no attribute 'lower' [4.10.0-5] - Resolves: rhbz#2109645 - Rebuild for samba-4.16.3-101.el9 [4.10.0-4] - Resolves: rhbz#2109645 - Rebuild for samba-4.16.3-100.el9 [4.10.0-3] - Resolves: rhbz#2105294 IdM WebUI Pagination Size should not allow empty value [4.10.0-2] - Resolves: rhbz#2091988 [RFE] Add code to check password expiration on ldap bind [4.10.0-1] - Resolves: rhbz#747959 [RFE] Support random serial numbers in IPA certificates - Resolves: rhbz#2100227 [UX] Preserving a user account produces output saying it was deleted [4.9.10-1] - Resolves: rhbz#2079469 [Rebase] Rebase ipa to latest 4.9.x release - Resolves: rhbz#2012911 named journalctl logs shows 'zone testrealm.test/IN: serial (serialnumber) write back to LDAP failed.' - Resolves: rhbz#2069202 [RFE] add support for authenticating against external IdP services using OAUTH2 preauthenticaiton mechanism provided by SSSD - Resolves: rhbz#2083218 ipa-dnskeysyncd floods /var/log/messages with DEBUG messages - Resolves: rhbz#2089750 RFE: Improve error message with more detail for ipa-replica-install command - Resolves: rhbz#2091988 [RFE] Add code to check password expiration on ldap bind - Resolves: rhbz#2094400 [RFE] ipa-client-install should provide option to enable subid: sss in /etc/nsswitch.conf - Resolves: rhbz#2096922 secret in ipa-pki-proxy.conf is not changed if new requiredSecret value is present in /etc/pki/pki-tomcat/server.xml MODERATE Copyright 2024 Oracle, Inc. CVE-2024-1481 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [8.5.3-4] - Resolves: RHEL-14825 - crafted BGP UPDATE message leading to a crash [8.5.3-3] - Resolves: RHEL-14822 - mishandled malformed data leading to a crash [8.5.3-2] - Resolves: RHEL-15915 - crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message - Resolves: RHEL-15918 - crash from malformed EOR-containing BGP UPDATE message [8.5.3-1] - Resolves: RHEL-15291 - Rebase FRR to version 8.5.3 in RHEL9 [8.3.1-12] - Resolves: RHEL-3541 - Incorrect handling of a error in parsing of an invalid section of a BGP update can de-peer a router MODERATE Copyright 2024 Oracle, Inc. CVE-2023-41358 CVE-2023-46753 CVE-2023-31489 CVE-2023-41360 CVE-2023-31490 CVE-2023-41359 CVE-2023-41909 CVE-2023-46752 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [1.26.12-2] - Security fix for CVE-2023-43804 Resolves: RHEL-12003 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-43804 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [1.20.4-24] - Fix use after free related to CVE-2024-21886 [1.20.11-23] - CVE fix for: CVE-2023-6816, CVE-2024-0229, CVE-2024-21885, CVE-2024-21886, CVE-2024-0408 and CVE-2024-0409 Resolves: https://issues.redhat.com/browse/RHEL-21203 Resolves: https://issues.redhat.com/browse/RHEL-20531 Resolves: https://issues.redhat.com/browse/RHEL-20380 Resolves: https://issues.redhat.com/browse/RHEL-20386 Resolves: https://issues.redhat.com/browse/RHEL-21193 Resolves: https://issues.redhat.com/browse/RHEL-21200 [1.20.11-22] - CVE fix for: CVE-2023-6377, CVE-2023-6478 Resolves: https://issues.redhat.com/browse/RHEL-18322 Resolves: https://issues.redhat.com/browse/RHEL-18329 [1.20.11-20] - CVE fix for: CVE-2023-5380 Resolves: https://issues.redhat.com/browse/RHEL-14062 [1.20.11-20] - CVE fix for: CVE-2023-5367 Resolves: https://issues.redhat.com/browse/RHEL-13430 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-5380 CVE-2024-0229 CVE-2024-21886 CVE-2024-0409 CVE-2024-21885 CVE-2023-5367 CVE-2023-6478 CVE-2023-6816 CVE-2024-0408 CVE-2023-6377 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [21.1.9-5] Fix for CVE-2023-6816, CVE-2024-0229, CVE-2024-21885, CVE-2024-21886, CVE-2024-0408, CVE-2024-0409 [21.1.9-4] - Fix for CVE-2023-6377, CVE-2023-6478 [22.1.9-3] - Fix for CVE-2023-5367 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-6816 CVE-2024-0408 CVE-2024-0409 CVE-2024-0229 CVE-2023-6478 CVE-2023-6377 CVE-2024-21885 CVE-2024-21886 CVE-2023-5367 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::distro_builder Oracle Linux 9 [4:1.1.12-2] - Switch dependency on criu to Recommends - Resolves: RHEL-25116 MODERATE Copyright 2024 Oracle, Inc. CVE-2022-30630 CVE-2022-30632 CVE-2023-45287 CVE-2022-30631 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [1.0.31-8] - fix integer overflows causing CVE-2022-33065 (#RHEL-3751) MODERATE Copyright 2024 Oracle, Inc. CVE-2022-33065 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [2:4.9.4-0.1.0.1] - Add devices on container startup, not on creation - Backport fast gzip for compression [Orabug: 36420418] - overlay: Put should ignore ENINVAL for Unmount [Orabug: 36234694] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404] [2:4.9.4-0.1] - update to the latest content of https://github.com/containers/podman/tree/v4.9 (https://github.com/containers/podman/commit/4b69d93) - Related: RHEL-2112 [2:4.9.3-0.1] - update to the latest content of https://github.com/containers/podman/tree/v4.9 (https://github.com/containers/podman/commit/b8a887c) - Related: RHEL-2112 [2:4.9.2-1] - update to the latest content of https://github.com/containers/podman/tree/v4.9 (https://github.com/containers/podman/commit/4c14019) - Related: RHEL-2112 [2:4.9.1-1] - switch to v4.9.1-rhel branch - update dnsname to the latest commit - Related: Jira:RHEL-2112 [2:4.9.0-1] - update to https://github.com/containers/podman/releases/tag/v4.9.0 - Related: RHEL-2112 [2:4.8.3-1] - update to https://github.com/containers/podman/releases/tag/v4.8.3 - Related: RHEL-2112 [2:4.8.2-1] - update to https://github.com/containers/podman/releases/tag/v4.8.2 - Related: RHEL-2112 [2:4.8.1-1] - update to latest content of https://github.com/containers/podman/releases/tag/4.8.1 - Related: Jira:RHEL-2112 [2:4.7.2-3] - Rebuild for following CVEs: CVE-2023-39318 CVE-2023-39319 CVE-2023-39321 CVE-2023-39322 - Related: Jira:RHEL-2785 [2:4.7.2-2] - update to latest content of https://github.com/containers/podman/releases/tag/4.7.2 (https://github.com/containers/podman/commit/750b4c3a7c31f6573350f0b3f1b787f26e0fe1e3) - Related: Jira:RHEL-2112 [2:4.7.2-1] - update to https://github.com/containers/podman/releases/tag/v4.7.2 - remove gvisor from podman and depend on external one - Related: Jira:RHEL-2112 [2:4.6.1-6] - update to the latest content of https://github.com/containers/podman/tree/v4.6.1-rhel (https://github.com/containers/podman/commit/68e7ae0) - Related: Jira:RHEL-2112 [2:4.6.1-5] - update to the latest content of https://github.com/containers/podman/tree/v4.6.1-rhel (https://github.com/containers/podman/commit/ea33dce) - Related: #2176063 [2:4.6.1-4] - amend podmansh provides - Related: #2176063 [2:4.6.1-3] - update to the latest content of https://github.com/containers/podman/tree/v4.6.1-rhel (https://github.com/containers/podman/commit/8bb0204) - Related: #2176063 [2:4.6.1-2] - update to the latest content of https://github.com/containers/podman/tree/v4.6.1-rhel (https://github.com/containers/podman/commit/1b2fadd) - Resolves: #2232127 [2:4.6.1-1] - update to latest content of https://github.com/containers/podman/releases/tag/4.6.1 - Related: #2176063 [2:4.6.0-3] - build podman 4.6.0 off main branch for early testing of zstd compression - Related: #2176063 [2:4.6.0-2] - update license token to be SPDX compatible - Related: #2176063 [2:4.6.0-1] - update to latest content of https://github.com/containers/podman/releases/tag/4.6.0 (https://github.com/containers/podman/commit/38e6fab9664c6e59b66e73523b307a56130316ae) [2:4.6.0-0.3] - rebuild with the new bats - Related: #2176063 [2:4.6.0-0.2] - update to 4.6.0-rc2 - Related: #2176063 [2:4.6.0-0.1] - update to 4.6.0-rc1 - Related: #2176063 [2:4.5.1-5] - rebuild for following CVEs: CVE-2023-25173 CVE-2022-41724 CVE-2022-41725 CVE-2023-24537 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539 CVE-2023-24540 CVE-2023-29400 - Resolves: #2175071 - Resolves: #2179950 - Resolves: #2187318 - Resolves: #2187366 - Resolves: #2203681 - Resolves: #2207512 [2:4.5.1-4] - update to https://github.com/containers/gvisor-tap-vsock/releases/tag/v0.6.1 - Related: #2176063 [2:4.5.1-3] - rebuild for following CVEs: CVE-2023-25173 CVE-2022-41724 CVE-2022-41725 CVE-2023-24537 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539 CVE-2023-24540 CVE-2023-29400 - Resolves: #2175074 - Resolves: #2179966 - Resolves: #2187322 - Resolves: #2187383 - Resolves: #2203702 - Resolves: #2207522 [2:4.5.1-2] - rebuild - Resolves: #2177611 [2:4.5.1-1] - update to https://github.com/containers/podman/releases/tag/v4.5.1 - Related: #2176063 [2:4.5.0-1] - update to 4.5.0 - Related: #2176063 [2:4.4.1-10] - build and add missing docker man pages - Resolves: #2187187 [2:4.4.1-9] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel (https://github.com/containers/podman/commit/fd0ea3b) - Resolves: #2173089 [2:4.4.1-8] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel (https://github.com/containers/podman/commit/05037d3) - Resolves: #2178263 [2:4.4.1-7] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel (https://github.com/containers/podman/commit/67f7e1e) - Related: #2176063 [2:4.4.1-6] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel (https://github.com/containers/podman/commit/4461c9c) - Related: #2176063 [2:4.4.1-5] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel (https://github.com/containers/podman/commit/bf400bd) - Related: #2176063 [2:4.4.1-4] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel (https://github.com/containers/podman/commit/ffc2614) - Resolves: #2179450 [2:4.4.1-3] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel (https://github.com/containers/podman/commit/e1703bb) - Related: #2124478 [2:4.4.1-2] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel (https://github.com/containers/podman/commit/0b38633) - Related: #2124478 [2:4.4.1-1] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel (https://github.com/containers/podman/commit/d4e285a) - Related: #2124478 [2:4.4.1-0.1] - update to the latest content of https://github.com/containers/podman/tree/v4.4 (https://github.com/containers/podman/commit/f5670f0) - Related: #2124478 [2:4.4.0-1] - update to podman-4.4 release - Related: #2124478 [2:4.4.0-0.10] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/68bbdc2) - Related: #2124478 [2:4.4.0-0.9] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/323b515) - Related: #2124478 [2:4.4.0-0.8] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/c35e74f) - Related: #2124478 [2:4.4.0-0.7] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/ce504bb) - Related: #2124478 [2:4.4.0-0.6] - add quadlet to tests - Related: #2124478 [2:4.4.0-0.5] - obsolete podman-catatonit in order to not to file conflict with catatonit - Related: #2124478 [2:4.4.0-0.4] - build v4.4.0-rc2 - Related: #2124478 [2:4.4.0-0.3] - remove podman-machine-cni, it is now part of podman 4.0 or newer - Related: #2124478 [2:4.4.0-0.2] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/07ba51d) - update gvisor-tap-vsock to 0.5.0 - Related: #2124478 [2:4.4.0-0.1] - podman-4.4.0-rc1 - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/f1af5b3) - Related: #2124478 [2:4.3.1-4] - podman shouldn't provide and file conflict with catatonit in CRB - Resolves: #2151322 [2:4.3.1-3] - fix 'podman manifest add' is not concurrent safe - Resolves: #2105173 [2:4.3.1-2] - properly obsolete catatonit - Resolves: #2123319 [2:4.3.1-1] - update to https://github.com/containers/podman/releases/tag/v4.3.1 - Related: #2124478 [2:4.3.0-2] - rebuild to fix CVE-2022-30629 - Related: #2102994 [2:4.3.0-1] - update to https://github.com/containers/podman/releases/tag/v4.3.0 - Related: #2124478 [2:4.2.0-3] - fix dependency in test subpackage - Related: #2061316 [2:4.2.0-2] - readd catatonit - Related: #2061316 [2:4.2.0-1] - update to latest content of https://github.com/containers/podman/releases/tag/4.2.0 (https://github.com/containers/podman/commit/7fe5a419cfd2880df2028ad3d7fd9378a88a04f4) - Related: #2061316 [2:4.2.0-0.3rc3] - require catatonit for gating tests - Related: #2061316 [2:4.2.0-0.2rc3] - update to 4.2.0-rc3 - Related: #2061316 [2:4.2.0-0.1rc2] - update to 4.2.0-rc2 - Related: #2061316 [2:4.1.1-6] - convert catatonit dependency to soft dep as catatonit is no longer in Appstream but in CRB - Related: #2061316 [2:4.1.1-5] - rebuild for combined gating with catatonit - Related: #2097694 [2:4.1.1-4] - catatonit is now a standalone package - Related: #2097694 [2:4.1.1-3] - update to the latest content of https://github.com/containers/podman/tree/v4.1.1-rhel (https://github.com/containers/podman/commit/fa692a6) - Related: #2097694 [2:4.1.1-2] - be sure podman services/sockets are stopped upon package removal - Related: #2061316 [2:4.1.1-1] - update to https://github.com/containers/podman/releases/tag/v4.1.1 - Related: #2061316 [2:4.1.0-4] - don't require runc and Recommends: crun - Related: #2061316 [2:4.1.0-3] - Re-enable LTO and debuginfo - Related: #2061316 [2:4.1.0-2] - update gvisor-tap-vsock to 0.2.0 to fix compilation with golang 1.18 - Related: #2061316 [2:4.1.0-1] - update to https://github.com/containers/podman/releases/tag/v4.1.0 - Related: #2061316 [2:4.0.3-2] - require netavark and move CNI to soft dependencies - Related: #2061316 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-45287 CVE-2023-39326 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [3.2.3-5] - Add pmix_test - Resolves: RHEL-3693 [3.2.3-4] - Fix CVE-2023-41915 - Resolves: RHEL-3693 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-41915 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1.18.1-3] - Backport unit test of recent libnbd API addition resolves: RHEL-16292 [1.18.1-2] - Fix assertion in ext-mode BLOCK_STATUS (CVE-2023-5871) resolves: RHEL-15143 [1.18.1-1] - Rebase to 1.18.1 resolves: RHEL-14476 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-5871 CVE-2023-5215 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [2:2.11.2-1] - Update to 2.11.2 (RHEL-4290, RHEL-4292, RHEL-4296, RHEL-4298, RHEL-4300, RHEL-4302, RHEL-4304, RHEL-4306, RHEL-4308, RHEL-4310, RHEL-4312, RHEL-10060) MODERATE Copyright 2024 Oracle, Inc. CVE-2023-39351 CVE-2023-39352 CVE-2023-40569 CVE-2023-39356 CVE-2023-40567 CVE-2023-39350 CVE-2023-40186 CVE-2023-39353 CVE-2023-39354 CVE-2023-40181 CVE-2023-40188 CVE-2023-40589 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [14:4.99.0-9] - Resolves: RHEL-21558 - tcpslice: use-after-free in extract_slice() [14:4.99.0-8] - Resolves: RHEL-10714 - Fix PGM option printing MODERATE Copyright 2024 Oracle, Inc. CVE-2021-41043 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [6.2.0-1.0.1] - Fixed libpcp derived metric issue for ol9 [Orabug: 36538820] [6.2.0-1] - Rebase to latest stable version of PCP (RHEL-2317) [6.1.1-4] - Fix pcp-ss(1) handling of UDP packet states (RHEL-17649) [6.1.1-2] - Fix pcp-ss(1) default handling of listen state (RHEL-17335) - Added pcp package dependency on diffutils for diffstat(1) [6.1.1-1] - Improve pmlogcheck performance with compressed archives (RHEL-3930) - Fix pcp-ss(1) utility handling of duplicate sources (RHEL-7498) - Fine-tune PCP python wrapper path resolution (RHEL-7509) - Rebase to latest stable version of PCP (RHEL-2317) [6.1.0-1] - Use absolute path in default PCP_PYTHON_PROG (BZ 2227011) - Update to latest PCP sources. MODERATE Copyright 2024 Oracle, Inc. CVE-2023-6917 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [2.3.4-28] - Fix CVE-2023-43788: out of bounds read in XpmCreateXpmImageFromBuffer() - Fix CVE-2023-43789: out of bounds read on XPM with corrupted colormap MODERATE Copyright 2024 Oracle, Inc. CVE-2023-43788 CVE-2023-43789 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [4:5.32.1-481] - Fixes: CVE-2023-47038 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-47038 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [10.0.0-6.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] [10.0.0-6] - qemu: virtiofs: do not crash if cgroups are missing (RHEL-7386) - qemu: virtiofs: set correct label when creating the socket (RHEL-7386) - qemu: virtiofs: error out if getting the group or user name fails (RHEL-7386) [10.0.0-5] - cpu: x86: Add support for adding features to existing CPU models (RHEL-25995) - qemu: domain: Check arch in qemuDomainMakeCPUMigratable (RHEL-25995) - conf: cpu: Introduce virCPUDefListFeatures (RHEL-25995) - qemu: domain: Drop added features from migratable CPU (RHEL-25995) - Add vmx-* features to Broadwell* (RHEL-25995) - Add vmx-* features to Cascadelake* (RHEL-25995) - Add vmx-* features to Conroe (RHEL-25995) - Add vmx-* features to Cooperlake (RHEL-25995) - Add vmx-* features to core{,2}duo (RHEL-25995) - Add vmx-* features to Haswell* (RHEL-25995) - Add vmx-* features to Icelake* (RHEL-25995) - Add vmx-* features to IvyBridge* (RHEL-25995) - Add vmx-* features to kvm* (RHEL-25995) - Add vmx-* features to Nehalem* (RHEL-25995) - Add vmx-* features to Penryn (RHEL-25995) - Add vmx-* features to SandyBridge* (RHEL-25995) - Add vmx-* features to SapphireRapids (RHEL-25995) - Add vmx-* features to Skylake* (RHEL-25995) - Add vmx-* features to Snowridge (RHEL-25995) - Add vmx-* features to Westmere* (RHEL-25995) [10.0.0-4] - Set stubDriverName from hostdev driver model attribute during pci device setup (RHEL-25858) - qemuMigrationDstPrepareStorage: Use 'switch' statement to include all storage types (RHEL-24825) - qemuMigrationDstPrepareStorage: Properly consider path for 'vdpa' devices (RHEL-24825) - domain_validate: Account for NVDIMM label size properly when checking for memory conflicts (RHEL-4452) [10.0.0-3] - remote_driver: Restore special behavior of remoteDomainGetBlockIoTune() (RHEL-22800) - conf: Introduce dynamicMemslots attribute for virtio-mem (RHEL-15316) - qemu_capabilities: Add QEMU_CAPS_DEVICE_VIRTIO_MEM_PCI_DYNAMIC_MEMSLOTS capability (RHEL-15316) - qemu_validate: Check capability for virtio-mem dynamicMemslots (RHEL-15316) - qemu_command: Generate cmd line for virtio-mem dynamicMemslots (RHEL-15316) - qemu_snapshot: fix detection if non-leaf snapshot isn't in active chain (RHEL-23212) - qemu_snapshot: create: refactor external snapshot detection (RHEL-22797) - qemu_snapshot: create: don't require disk-only flag for offline external snapshot (RHEL-22797) - remoteDispatchAuthPolkit: Fix lock ordering deadlock if client closes connection during auth (RHEL-20337) - util: virtportallocator: Add VIR_DEBUG statements for port allocations and release (RHEL-21543) - qemu: migration: Properly handle reservation of manually specified NBD port (RHEL-21543) - qemuMigrationDstStartNBDServer: Refactor cleanup (RHEL-21543) - virPCIVPDResourceIsValidTextValue: Adjust comment to reflect actual code (RHEL-22314) - util: pcivpd: Refactor virPCIVPDResourceIsValidTextValue (RHEL-22314) - virNodeDeviceCapVPDFormatCustom*: Escape unsanitized strings (RHEL-22314) - virNodeDeviceCapVPDFormat: Properly escape system-originated strings (RHEL-22314) - schema: nodedev: Adjust allowed characters in 'vpdFieldValueFormat' (RHEL-22314) - tests: Test the previously mishandled PCI VPD characters (RHEL-22314) - Don't overwrite error message from 'virXPathNodeSet' (RHEL-22314) - tests: virpcivpdtest: Remove 'testVirPCIVPDReadVPDBytes' case (RHEL-22314) - util: virpcivpd: Unexport 'virPCIVPDReadVPDBytes' (RHEL-22314) - util: pcivpd: Unexport virPCIVPDParseVPDLargeResourceFields (RHEL-22314) - tests: virpcivpd: Remove 'testVirPCIVPDParseVPDStringResource' case (RHEL-22314) - util: virpcivpd: Unexport 'virPCIVPDParseVPDLargeResourceString' (RHEL-22314) - virPCIVPDResourceGetKeywordPrefix: Fix logging (RHEL-22314) - util: virpcivpd: Remove return value from virPCIVPDResourceCustomUpsertValue (RHEL-22314) - conf: virNodeDeviceCapVPDParse*: Remove pointless NULL checks (RHEL-22314) - virpcivpdtest: testPCIVPDResourceBasic: Remove tests for uninitialized 'ro'/'rw' section (RHEL-22314) - util: virPCIVPDResourceUpdateKeyword: Remove impossible checks (RHEL-22314) - conf: node_device: Refactor 'virNodeDeviceCapVPDParseCustomFields' to fix error reporting (RHEL-22314) - virNodeDeviceCapVPDParseXML: Fix error reporting (RHEL-22314) - util: virpcivpd: Remove return value from virPCIVPDResourceUpdateKeyword (RHEL-22314) - virPCIDeviceHasVPD: Refactor 'debug' messages (RHEL-22314) - virPCIDeviceGetVPD: Fix multiple error handling bugs (RHEL-22314) - virPCIDeviceGetVPD: Handle errors in callers (RHEL-22314) - virPCIVPDReadVPDBytes: Refactor error handling (RHEL-22314) - virPCIVPDParseVPDLargeResourceString: Properly report errors (RHEL-22314) - virPCIVPDParseVPDLargeResourceFields: Merge logic conditions (RHEL-22314) - virPCIVPDParseVPDLargeResourceFields: Remove impossible 'default' switch case (RHEL-22314) - virPCIVPDParseVPDLargeResourceFields: Refactor processing of read data (RHEL-22314) - virPCIVPDParseVPDLargeResourceFields: Refactor return logic (RHEL-22314) - virPCIVPDParseVPDLargeResourceFields: Report proper errors (RHEL-22314) - virPCIVPDParse: Do reasonable error reporting (RHEL-22314) - virt-admin: Add warning when connection to default daemon fails (RHEL-23170) [10.0.0-2] - tests: Add hostcpudata for machine with CPU clusters (RHEL-7043) - conf: Report CPU clusters in capabilities XML (RHEL-7043) - conf: Allow specifying CPU clusters (RHEL-7043) - qemu: Introduce QEMU_CAPS_SMP_CLUSTERS (RHEL-7043) - qemu: Use CPU clusters for guests (RHEL-7043) - tests: Add test case for CPU clusters (RHEL-7043) - qemu: Make monitor aware of CPU clusters (RHEL-7043) - tests: Verify handling of CPU clusters in QMP data (RHEL-7043) - build: Make daemons depend on generated *_protocol.[ch] (RHEL-15267) - domain_validate: Check for domain address conflicts fully (RHEL-4452) - qemu_hotplug: Don't lose 'created' flag in qemuDomainChangeNet() (RHEL-22714) [10.0.0-1] - Rebased to libvirt-10.0.0 (RHEL-15267) - The rebase also fixes the following bugs: RHEL-18782, RHEL-735, RHEL-18165, RHEL-4607, RHEL-700 RHEL-7100, RHEL-15480, RHEL-7416, RHEL-20609, RHEL-7570 RHEL-20444, RHEL-17596, RHEL-7569 [9.10.0-1] - Rebased to libvirt-9.10.0 (rhbz#RHEL-15267) - The rebase also fixes the following bugs: rhbz#RHEL-16878, rhbz#RHEL-14611, rhbz#RHEL-7384, rhbz#RHEL-16870, rhbz#RHEL-18439 rhbz#RHEL-16751, rhbz#RHEL-4452, rhbz#RHEL-17841, rhbz#RHEL-15288, rhbz#RHEL-7040 [9.9.0-1] - Rebased to libvirt-9.9.0 (rhbz#RHEL-15267) - The rebase also fixes the following bugs: rhbz#RHEL-7525, rhbz#RHEL-7570, rhbz#RHEL-7542, rhbz#RHEL-7568, rhbz#RHEL-7545 rhbz#RHEL-3231, rhbz#RHEL-7382, rhbz#RHEL-7345, rhbz#RHEL-1717, rhbz#RHEL-7528 rhbz#RHEL-1833, rhbz#RHEL-7569, rhbz#RHEL-4432, rhbz#RHEL-974, rhbz#RHEL-4994 rhbz#RHEL-7419 [9.5.0-6] - tests: Use DO_TEST_CAPS_*_ABI_UPDATE() for ppc64 (rhbz#2196178) - tests: Switch to firmware autoselection for hvf (rhbz#2196178) - tests: Use virt-4.0 machine type for aarch64 (rhbz#2196178) - tests: Consistently use /path/to/guest_VARS.fd (rhbz#2196178) - tests: Turn abi-update.xml into a symlink (rhbz#2196178) - tests: Rename firmware-auto-efi-nvram-path (rhbz#2196178) - qemu: Fix return value for qemuFirmwareFillDomainLegacy() (rhbz#2196178) - qemu: Fix lookup against stateless/combined pflash (rhbz#2196178) - tests: Add some more DO_TEST*ABI_UPDATE* macros (rhbz#2196178) - tests: Add more tests for firmware selection (rhbz#2196178) - tests: Update firmware descriptor files (rhbz#2196178) - tests: Drop tags from BIOS firmware descriptor (rhbz#2196178) - tests: Include microvm in firmwaretest (rhbz#2196178) - qemu: Don't overwrite NVRAM template for legacy firmware (rhbz#2196178) - qemu: Generate NVRAM path in more cases (rhbz#2196178) - qemu: Filter firmware based on loader.readonly (rhbz#2196178) - qemu: Match NVRAM template extension for new domains (rhbz#2196178) - conf: Don't default to raw format for loader/NVRAM (rhbz#2196178) - tests: Rename firmware-auto-efi-format-loader-qcow2-nvram-path (rhbz#2196178) - tests: Reintroduce firmware-auto-efi-format-mismatch (rhbz#2196178) - rpm: Reorder scriptlets (rhbz#2210058) - rpm: Reduce use of with_modular_daemons (rhbz#2210058) - rpm: Remove custom libvirtd restart logic (rhbz#2210058) - rpm: Introduce new macros for handling of systemd units (rhbz#2210058) - rpm: Switch to new macros for handling of systemd units (rhbz#2210058) - rpm: Delete unused macros (rhbz#2210058) [9.5.0-5] - Revert 'qemu_passt: Actually use @logfd' (rhbz#2209191) - Revert 'qemu_passt: Precreate passt logfile' (rhbz#2209191) [9.5.0-4] - storage: Fix returning of locked objects from 'virStoragePoolObjListSearch' (CVE-2023-3750, rhbz#2221851) [9.5.0-3] - tests: remove acpi support from s390x ccw hotplug tests (rhbz#2168499) - tests: add capabilities for QEMU 8.1.0 on s390x (rhbz#2168499) - qemu: add run-with async-teardown capability (rhbz#2168499) - qemu: allow use of async teardown in domain (rhbz#2168499) - conf: domcaps: Add 'async-teardown' domain capability (rhbz#2168499) - qemu: S390 does not provide physical address size (rhbz#2224016) - nodedev: report mdev persistence properly (rhbz#2143158) - node_device: Don't leak error message buffer from virMdevctlListDefined|Active (rhbz#2143158) [9.5.0-2] - nodedev: transient mdev update on nodeDeviceCreateXML (rhbz#2143158) - nodedev: refactor mdevctl thread functions (rhbz#2143158) - nodedev: update mdevs from the mdevctl thread (rhbz#2143158) [9.5.0-1] - Rebased to libvirt-9.5.0 (rhbz#2175785) [9.5.0-0rc1.1] - Rebased to libvirt-9.5.0-rc1 (rhbz#2175785) - The rebase also fixes the following bugs: rhbz#2160356, rhbz#2209191, rhbz#2210287, rhbz#2209853, rhbz#2171860 rhbz#2138150, rhbz#2171384 [9.4.0-1] - Rebased to libvirt-9.4.0 (rhbz#2175785) - The rebase also fixes the following bugs: rhbz#2119007, rhbz#2193315, rhbz#2209658, rhbz#2143158, rhbz#2208946 rhbz#2138150, rhbz#2203657, rhbz#2180679, rhbz#2203709 [9.3.0-2] - qemu_domin: Account for NVMe disks when calculating memlock limit on hotplug (rhbz#2014030) [9.3.0-1] - Rebased to libvirt-9.3.0 (rhbz#2175785) - The rebase also fixes the following bugs: rhbz#2181235, rhbz#2176215, rhbz#2187133, rhbz#2178885, rhbz#2174700 rhbz#2160435, rhbz#2184966, rhbz#2187278, rhbz#2014030, rhbz#2185184 rhbz#2156300 [9.2.0-1] - Rebased to libvirt-9.2.0 (rhbz#2175785) - The rebase also fixes the following bugs: rhbz#2178885, rhbz#2000410, rhbz#2175582, rhbz#2154750, rhbz#2175449 rhbz#2181234, rhbz#2078693, rhbz#2176924, rhbz#2156300, rhbz#2173142 rhbz#2171973, rhbz#2178866, rhbz#2182961, rhbz#2174397, rhbz#2179030 rhbz#2161965, rhbz#2035985 [9.1.0-1] - Rebased to libvirt-9.1.0 (rhbz#2175785) - The rebase also fixes the following bugs: rhbz#2004850, rhbz#2137346, rhbz#2166235, rhbz#1961326 [9.0.0-7] - qemu_snapshot: remove memory snapshot when deleting external snapshot (rhbz#2170826) - qemu_snapshot: refactor qemuSnapshotDeleteExternalPrepare (rhbz#2170826) [9.0.0-6] - rpc: client: Don't check return value of virNetMessageNew (rhbz#2145188) - rpc: Don't warn about 'max_client_requests' in single-threaded daemons (rhbz#2145188) [9.0.0-5] - qemu_extdevice: Do cleanup host only for VIR_DOMAIN_TPM_TYPE_EMULATOR (rhbz#2168762) - qemu: blockjob: Handle 'pending' blockjob state only when we need it (rhbz#2168769) [9.0.0-4] - qemuProcessStop: Fix detection of outgoing migration for external devices (rhbz#2161557) - qemuExtTPMStop: Restore TPM state label more often (rhbz#2161557) - qemuProcessLaunch: Tighten rules for external devices wrt incoming migration (rhbz#2161557) - qemu_process: Produce better debug message wrt domain namespaces (rhbz#2167302) - qemu_namespace: Deal with nested mounts when umount()-ing /dev (rhbz#2167302) - qemuProcessRefreshDisks: Don't skip filling of disk information if tray state didn't change (rhbz#2166411) [9.0.0-3] - src: Don't use virReportSystemError() on virProcessGetStatInfo() failure (rhbz#2148266) - qemu: Provide virDomainGetCPUStats() implementation for session connection (rhbz#2148266) - virsh: Make domif-setlink work more than once (rhbz#2165466) - qemu_fd: Remove declaration for 'qemuFDPassNewDirect' (rhbz#2040272) - qemuStorageSourcePrivateDataFormat: Rename 'tmp' to 'objectsChildBuf' (rhbz#2040272) - qemu: command: Handle FD passing commandline via qemuBuildBlockStorageSourceAttachDataCommandline (rhbz#2040272) - qemuFDPassTransferCommand: Mark that FD was passed (rhbz#2040272) - qemu: fd: Add helpers allowing storing FD set data in status XML (rhbz#2040272) - qemu: domain: Store fdset ID for disks passed to qemu via FD (rhbz#2040272) - qemu: block: Properly handle FD-passed disk hot-(un-)plug (rhbz#2040272) [9.0.0-2] - vircgroupv2: fix cpu.weight limits check (rhbz#2037998) - domain_validate: drop cpu.shares cgroup check (rhbz#2037998) - docs: document correct cpu shares limits with both cgroups v1 and v2 (rhbz#2037998) - qemu_interface: Fix managed='no' case when creating an ethernet interface (rhbz#2144738) - conf: clarify some external TPM error messages (rhbz#2063723) - qemu: hotplug: Remove legacy quirk for 'dimm' address generation (rhbz#2158701) - qemu: alias: Remove 'oldAlias' argument of qemuAssignDeviceMemoryAlias (rhbz#2158701) - qemu: Remove 'memAliasOrderMismatch' field from VM private data (rhbz#2158701) - rpc: Fix error message in virNetServerSetClientLimits (rhbz#2033879) [9.0.0-1] - Rebased to libvirt-9.0.0 (rhbz#2124466) - The rebase also fixes the following bugs: rhbz#2151064, rhbz#1874163, rhbz#2130192, rhbz#2111948, rhbz#1824722 rhbz#2150455, rhbz#2063723, rhbz#1717611, rhbz#2160448, rhbz#2151869 rhbz#2040272, rhbz#2144738, rhbz#2159851, rhbz#2156289, rhbz#2033879 rhbz#1820437, rhbz#2151202 [8.10.0-2] - qemu_process: Document qemuProcessPrepare{Domain,Host}() order (rhbz#2150760) - qemu_extdevice: Init paths in qemuExtDevicesPrepareDomain() (rhbz#2150760) - qemu_extdevice: Expose qemuExtDevicesInitPaths() (rhbz#2150760) - qemu: Init ext devices paths on reconnect (rhbz#2150760) [8.10.0-1] - Rebased to libvirt-8.10.0 (rhbz#2124466) - The rebase also fixes the following bugs: rhbz#2128993, rhbz#2143235, rhbz#2143840, rhbz#1874163, rhbz#2000075 rhbz#2143838, rhbz#2104919, rhbz#2072204, rhbz#2137298 [8.9.0-2] - RHEL: rpminspect: Disable abidiff inspection (rhbz#2124466) - spec: Fix python3-libvirt requirement in client-qemu package (rhbz#2124466) [8.9.0-1] - Rebased to libvirt-8.9.0 (rhbz#2124466) - The rebase also fixes the following bugs: rhbz#2074559, rhbz#2134009, rhbz#1777212, rhbz#2013523, rhbz#2114866 rhbz#1964855 [8.8.0-1] - Rebased to libvirt-8.8.0 (rhbz#2124466) - The rebase also fixes the following bugs: rhbz#2122534, rhbz#2121262, rhbz#2130089, rhbz#2121276, rhbz#2121627 rhbz#2125111, rhbz#2129239, rhbz#1964855, rhbz#2114866 [8.7.0-1] - Rebased to libvirt-8.7.0 (rhbz#2124466) - The rebase also fixes the following bugs: rhbz#2084046, rhbz#2108483, rhbz#2123371, rhbz#2101633, rhbz#1988211 rhbz#2086677, rhbz#2103132, rhbz#2078805, rhbz#2111301, rhbz#2094641 [8.5.0-5] - rpc: Pass OPENSSL_CONF through to ssh invocations (rhbz#2112348) [8.5.0-4] - qemu: Pass migration flags to qemuMigrationParamsApply (rhbz#2111070) - qemu_migration_params: Replace qemuMigrationParamTypes array (rhbz#2111070) - qemu_migration: Pass migParams to qemuMigrationSrcResume (rhbz#2111070) - qemu_migration: Apply max-postcopy-bandwidth on post-copy resume (rhbz#2111070) - qemu: Always assume support for QEMU_CAPS_MIGRATION_PARAM_XBZRLE_CACHE_SIZE (rhbz#2107892) - qemu_migration: Store original migration params in status XML (rhbz#2107892) - qemu_migration_params: Refactor qemuMigrationParamsApply (rhbz#2107892) - qemu_migration_params: Refactor qemuMigrationParamsReset (rhbz#2107892) - qemu_migration_params: Avoid deadlock in qemuMigrationParamsReset (rhbz#2107892) - qemu: Restore original memory locking limit on reconnect (rhbz#2107424) - qemu: Properly release job in qemuDomainSaveInternal (rhbz#1497907) - qemu: don't call qemuMigrationSrcIsAllowedHostdev() from qemuMigrationDstPrepareFresh() (rhbz#1497907) [8.5.0-3] - qemu: introduce capability QEMU_CAPS_MIGRATION_BLOCKED_REASONS (rhbz#2092833) - qemu: new function to retrieve migration blocker reasons from QEMU (rhbz#2092833) - qemu: query QEMU for migration blockers before our own harcoded checks (rhbz#2092833) - qemu: remove hardcoded migration fail for vDPA devices if we can ask QEMU (rhbz#2092833) - qemu_migration: Use EnterMonitorAsync in qemuDomainGetMigrationBlockers (rhbz#2092833) - qemu: don't try to query QEMU about migration blockers during offline migration (rhbz#2092833) - qemu_migration: Acquire correct job in qemuMigrationSrcIsAllowed (rhbz#2092833) - virsh: Require --xpath for *dumpxml (rhbz#2103524) - qemu: skip hardcoded hostdev migration check if QEMU can do it for us (rhbz#1497907) [8.5.0-2] - domain_conf: Format <defaultiothread/> more often (rhbz#2059511) - domain_conf: Format iothread IDs more often (rhbz#2059511) - qemu: Make IOThread changing more robust (rhbz#2059511) - qemuDomainSetIOThreadParams: Accept VIR_DOMAIN_AFFECT_CONFIG flag (rhbz#2059511) - virsh: Implement --config for iothreadset (rhbz#2059511) - docs: Document TPM portion of domcaps (rhbz#2103119) - virtpm: Introduce TPM-1.2 and TPM-2.0 capabilieis (rhbz#2103119) - domcaps: Introduce TPM backendVersion (rhbz#2103119) - qemu: Report supported TPM version in domcaps (rhbz#2103119) - vircpi: Add PCIe 5.0 and 6.0 link speeds (rhbz#2105231) [8.5.0-1] - Rebased to libvirt-8.5.0 (rhbz#2060313) - The rebase also fixes the following bugs: rhbz#1475431, rhbz#2026765, rhbz#2059511, rhbz#2089431, rhbz#2102009 [8.4.0-3] - qemu: fd: Fix monitor usage of qemuFDPassDirectGetPath (rhbz#2092856) [8.4.0-2] - Revert 'RHEL: Fix virConnectGetMaxVcpus output' (rhbz#2095260) [8.4.0-1] - Rebased to libvirt-8.4.0 (rhbz#2060313) - The rebase also fixes the following bugs: rhbz#2057768, rhbz#2081981, rhbz#2035163, rhbz#2075837, rhbz#2082540 rhbz#2075383 [8.3.0-1] - Rebased to libvirt-8.3.0 (rhbz#2060313) - The rebase also fixes the following bugs: rhbz#1653327, rhbz#2075765, rhbz#2075464, rhbz#2078274, rhbz#2070380 rhbz#2073887, rhbz#2073867 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-2496 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [2:1.14.3-0.1] - update to the latest content of https://github.com/containers/skopeo/tree/release-1.14 (https://github.com/containers/skopeo/commit/1c2ab99) - Related: RHEL-2112 [2:1.14.1-2] - Switch to the maint branch - Related: Jira:RHEL-2112 [2:1.14.1-1] - update to https://github.com/containers/skopeo/releases/tag/v1.14.1 - Related: RHEL-2112 [2:1.14.0-1] - bump to v1.14.0 - Related: Jira:RHEL-2112 [2:1.13.3-3] - Rebuild with golang 1.20.10 - Related: Jira:RHEL-2786 [2:1.13.3-2] - Rebuild with golang 1.21.3 - Related: Jira:RHEL-2786 [2:1.13.3-1] - update to https://github.com/containers/skopeo/releases/tag/v1.13.3 - Related: #2176063 [2:1.13.2-1] - update to https://github.com/containers/skopeo/releases/tag/v1.13.2 - Related: #2176063 [2:1.13.1-1] - update to https://github.com/containers/skopeo/releases/tag/v1.13.1 - Related: #2176063 [2:1.13.0-1] - update to https://github.com/containers/skopeo/releases/tag/v1.13.0 - Related: #2176063 [2:1.12.0-3] - rebuild for following CVEs: CVE-2022-41724 CVE-2022-41725 CVE-2023-24537 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539 CVE-2023-24540 CVE-2023-29400 - Resolves: #2179967 - Resolves: #2187323 - Resolves: #2187384 - Resolves: #2203703 - Resolves: #2207523 [2:1.12.0-2] - remove fakeroot from skopeo-tests - Related: #2176063 [2:1.12.0-1] - update to 1.12.0 - Related: #2176063 [2:1.11.3-0.1] - update to the latest content of https://github.com/containers/skopeo/tree/release-1.11 (https://github.com/containers/skopeo/commit/d79588e) - Related: #2176063 [2:1.11.2-0.2] - update to the latest content of https://github.com/containers/skopeo/tree/release-1.11 (https://github.com/containers/skopeo/commit/8191ef3) - Related: #2176063 [2:1.11.2-0.1] - update to the latest content of https://github.com/containers/skopeo/tree/release-1.11 (https://github.com/containers/skopeo/commit/3f98753) - Related: #2124478 [2:1.11.1-1] - update to https://github.com/containers/skopeo/releases/tag/v1.11.1 - Related: #2124478 [2:1.11.0-1] - update to 1.11.0 release - Related: #2124478 [2:1.11.0-0.4] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/b3b2c73) - Related: #2124478 [2:1.11.0-0.3] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/fe15a36) - Related: #2124478 [2:1.11.0-0.2] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/8e09e64) - Related: #2124478 [2:1.11.0-0.1] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/2817510) - Related: #2124478 [2:1.10.0-1] - update to https://github.com/containers/skopeo/releases/tag/v1.10.0 - Related: #2124478 [2:1.9.3-1] - update to https://github.com/containers/skopeo/releases/tag/v1.9.3 - Related: #2124478 [2:1.9.2-1] - update to https://github.com/containers/skopeo/releases/tag/v1.9.2 - Related: #2061316 [2:1.9.1-1] - update to https://github.com/containers/skopeo/releases/tag/v1.9.1 - Related: #2061316 [2:1.9.0-1] - update to https://github.com/containers/skopeo/releases/tag/v1.9.0 - Related: #2061316 [2:1.8.0-4] - Re-enable debuginfo - Related: #2061316 [2:1.8.0-3] - BuildRequires: /usr/bin/go-md2man - Related: #2061316 [2:1.8.0-2] - enable LTO - Related: #1988128 [2:1.8.0-1] - update to https://github.com/containers/skopeo/releases/tag/v1.8.0 - Related: #2061316 [2:1.7.0-1] - update to https://github.com/containers/skopeo/releases/tag/v1.7.0 - Related: #2061316 [2:1.6.1-4] - add tags: classic (Ed Santiago) - Related: #2061316 [2:1.6.1-3] - remove BATS from required packages (Ed Santiago) - Related: #2061316 [2:1.6.1-2] - be sure to install BATS before gating tests are executed (thanks to Ed Santiago) - Related: #2061316 [2:1.6.1-1] - update to https://github.com/containers/skopeo/releases/tag/v1.6.1 - Related: #2000051 [2:1.6.0-1] - update to https://github.com/containers/skopeo/releases/tag/v1.6.0 - Related: #2000051 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-45287 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [1.33.6-2.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178] [2:1.33.6-2] - update tags for systemd libsubid - Resolves: RHEL-26594 [2:1.33.6-1] - update to the latest content of https://github.com/containers/buildah/tree/release-1.33 (https://github.com/containers/buildah/commit/f843563) - Related: RHEL-2112 [2:1.33.5-1] - update to the latest content of https://github.com/containers/buildah/tree/release-1.33 (https://github.com/containers/buildah/commit/70b792d) - Related: RHEL-2112 [2:1.33.4-1] - revert back to 1.33.4 - Related: Jira:RHEL-2112 [1:1.34.0-1] - update to https://github.com/containers/buildah/releases/tag/v1.34.0 - Related: RHEL-2112 [1:1.33.2-1] - Bump to v1.33.2 - Related: Jira:RHEL-2112 [1:1.33.1-3] - Rebuild for CVEs: CVE-2023-39318 CVE-2023-39319 CVE-2023-39321 CVE-2023-39322 - Related: Jira:RHEL-2779 [1:1.33.1-2] - Fix gating issues in tests/tests.yml - Related: RHEL-2112 [1:1.33.1-1] - update to https://github.com/containers/buildah/releases/tag/v1.33.1 - Related: RHEL-2112 [1:1.32.2-1] - update to https://github.com/containers/buildah/releases/tag/v1.32.2 - Related: RHEL-2112 [1:1.32.1-1] - update to https://github.com/containers/buildah/releases/tag/v1.32.1 - Related: RHEL-2112 [1:1.32.0-1] - update to https://github.com/containers/buildah/releases/tag/v1.32.0 - Related: Jira:RHEL-2112 [1:1.31.3-1] - update to https://github.com/containers/buildah/releases/tag/v1.31.3 - Related: #2176063 [1:1.31.2-1] - update to https://github.com/containers/buildah/releases/tag/v1.31.2 - Related: #2176063 [1:1.31.1-2] - build buildah off main branch for early testing of zstd compression - Related: #2176063 [1:1.31.1-1] - update to https://github.com/containers/buildah/releases/tag/v1.31.1 - Related: #2176063 [1:1.31.0-1] - update to https://github.com/containers/buildah/releases/tag/v1.31.0 - Related: #2176063 [1:1.30.0-2] - rebuild for following CVEs: CVE-2023-25173 CVE-2022-41724 CVE-2022-41725 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539 CVE-2023-24540 CVE-2023-29400 - Resolves: #2175073 - Resolves: #2179958 - Resolves: #2187332 - Resolves: #2187375 - Resolves: #2203696 - Resolves: #2207518 [1:1.30.0-1] - update to 1.30.0 - Related: #2176063 [1:1.29.1-2] - update to the latest content of https://github.com/containers/buildah/tree/release-1.29 (https://github.com/containers/buildah/commit/f07d2c9) - Resolves: #2178263 [1:1.29.1-1] - update to the latest content of https://github.com/containers/buildah/tree/release-1.29 (https://github.com/containers/buildah/commit/7fa17a8) - Related: #2124478 [1:1.29.0-3] - update to the latest content of https://github.com/containers/buildah/tree/release-1.29 (https://github.com/containers/buildah/commit/c822cc6) - Related: #2124478 [1:1.29.0-2] - update to the latest content of https://github.com/containers/buildah/tree/release-1.29 (https://github.com/containers/buildah/commit/94b723c) - Related: #2124478 [1:1.29.0-1] - update to the latest content of https://github.com/containers/buildah/tree/release-1.29.0 (https://github.com/containers/buildah/commit/94b723c) - Related: #2124478 [1:1.29.0-0.4] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/078a7ff) - Related: #2124478 [1:1.29.0-0.3] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/4b72f05) - Related: #2124478 [1:1.29.0-0.2] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/c541c35) - Related: #2124478 [1:1.29.0-0.1] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/8ca903b) - Related: #2124478 [1:1.28.2-3] - update to the latest content of https://github.com/containers/buildah/tree/release-1.28 (https://github.com/containers/buildah/commit/cfefbb6) - fixes segmentation fault on s390x - Resolves: #2150429 [1:1.28.2-2] - update to the latest content of https://github.com/containers/buildah/tree/release-1.28 (https://github.com/containers/buildah/commit/7e4d9dd) - Resolves: #2151247 [1:1.28.2-1] - update to https://github.com/containers/buildah/releases/tag/v1.28.2 - Related: #2124478 [1:1.28.0-2] - pull in crun by default - Resolves: #2142494 [1:1.28.0-1] - update to https://github.com/containers/buildah/releases/tag/v1.28.0 - Related: #2124478 [1:1.27.0-2] - fix CVE-2022-2990 - Related: #2061316 [1:1.27.0-1] - update to https://github.com/containers/buildah/releases/tag/v1.27.0 - Related: #2061316 [1:1.26.4-2] - add buildah-tutorial to test subpackage - Related: #2061316 [1:1.26.4-1] - update to https://github.com/containers/buildah/releases/tag/v1.26.4 - Related: #2061316 [1:1.26.3-1] - update to https://github.com/containers/buildah/releases/tag/v1.26.3 - Related: #2061316 [1:1.26.2-1] - update to https://github.com/containers/buildah/releases/tag/v1.26.2 - Related: #2061316 [1:1.26.1-4] - Re-enable LTO and debuginfo - Related: #2061316 [1:1.26.1-3] - BuildRequires: /usr/bin/go-md2man - Related: #2061316 [1:1.26.1-2] - Add missing container networking dependencies (thanks to Neal Gompa) - Related: #2061316 [1:1.26.1-1] - update to https://github.com/containers/buildah/releases/tag/v1.26.1 - Related: #2061316 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-45287 CVE-2023-39326 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [1:2.14.14-1] - ansible-core 2.14.14 release (RHEL-23783) - Fix CVE-2024-0690 (possible information leak in tasks that ignore ANSIBLE_NO_LOG configuration) (RHEL-22124) [1:2.14.13-1] - ansible-core 2.14.13 release (RHEL-19298) [1:2.14.12-1] - ansible-core 2.14.12 release (RHEL-18950) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-0690 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [20231122-6.0.1] - Replace upstream references [Orabug:36569119] [20231122-6] - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Pa.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Add-Unit-tests-to-CI-and-create-Host-Test.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Un.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Pa.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Un.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Patc.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Unit.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Patc.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Unit.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p2.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p3.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p4.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Adds-a-SecurityFix.yaml-file.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Re.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Dhcp6Dxe-Removes-duplicate-check-and-repl.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Dhcp6Dxe-Packet-Length-is-not-updated-bef.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Updating-SecurityFixes.yaml.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - Resolves: RHEL-21841 (CVE-2023-45229 edk2: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message [rhel-9]) - Resolves: RHEL-21843 (CVE-2023-45230 edk2: Buffer overflow in the DHCPv6 client via a long Server ID option [rhel-9]) - Resolves: RHEL-21845 (CVE-2023-45231 edk2: Out of Bounds read when handling a ND Redirect message with truncated options [rhel-9]) - Resolves: RHEL-21847 (CVE-2023-45232 edk2: Infinite loop when parsing unknown options in the Destination Options header [rhel-9]) - Resolves: RHEL-21849 (TRIAGE CVE-2023-45233 edk2: Infinite loop when parsing a PadN option in the Destination Options header [rhel-9]) - Resolves: RHEL-21851 (CVE-2023-45234 edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message [rhel-9]) - Resolves: RHEL-21853 (TRIAGE CVE-2023-45235 edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message [rhel-9]) [20231122-5] - edk2-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-4118.patch [RHEL-21157] - edk2-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-4118.patch [RHEL-21157] - edk2-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-411-2.patch [RHEL-21157] - edk2-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-411-3.patch [RHEL-21157] - edk2-SecurityPkg-Updating-SecurityFixes.yaml-after-symbol.patch [RHEL-21157] - edk2-OvmfPkg-Sec-Setup-MTRR-early-in-the-boot-process.patch [RHEL-21704] - edk2-MdePkg-ArchitecturalMsr.h-add-defines-for-MTRR-cache.patch [RHEL-21704] - edk2-UefiCpuPkg-MtrrLib.h-use-cache-type-defines-from-Arc.patch [RHEL-21704] - edk2-OvmfPkg-Sec-use-cache-type-defines-from-Architectura.patch [RHEL-21704] - Resolves: RHEL-21157 (CVE-2022-36764 edk2: heap buffer overflow in Tcg2MeasurePeImage() [rhel-9]) - Resolves: RHEL-21704 (vGPU VM take several minutes to show tianocore logo if firmware is ovmf) [20231122-4] - edk2-OvmfPkg-VirtNorFlashDxe-add-casts-to-UINTN-and-UINT3.patch [RHEL-20963] - edk2-OvmfPkg-VirtNorFlashDxe-clarify-block-write-logic-fi.patch [RHEL-20963] - edk2-OvmfPkg-VirtNorFlashDxe-add-a-loop-for-NorFlashWrite.patch [RHEL-20963] - edk2-OvmfPkg-VirtNorFlashDxe-allow-larger-writes-without-.patch [RHEL-20963] - edk2-OvmfPkg-VirtNorFlashDxe-ValidateFvHeader-unwritten-s.patch [RHEL-20963] - edk2-OvmfPkg-VirtNorFlashDxe-move-DoErase-code-block-into.patch [RHEL-20963] - Resolves: RHEL-20963 ([rhel9] guest fails to boot due to ASSERT error) [20231122-3] - edk2-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-411.patch [RHEL-21155] - edk2-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-4117.patch [RHEL-21155] - edk2-SecurityPkg-Adding-CVE-2022-36763-to-SecurityFixes.y.patch [RHEL-21155] - Resolves: RHEL-21155 (CVE-2022-36763 edk2: heap buffer overflow in Tcg2MeasureGptTable() [rhel-9]) [20231122-2] - edk2-OvmfPkg-RiscVVirt-use-gEfiAuthenticatedVariableGuid-.patch [RHEL-20963] - edk2-OvmfPkg-VirtNorFlashDxe-stop-accepting-gEfiVariableG.patch [RHEL-20963] - edk2-OvmfPkg-VirtNorFlashDxe-sanity-check-variables.patch [RHEL-20963] - Resolves: RHEL-20963 ([rhel9] guest fails to boot due to ASSERT error) [20231122-1] - Rebase to edk2-stable202311 [RHEL-12323] - Switch to OpenSSL 3.0 [RHEL-49] - Resolves: RHEL-12323 (Rebase EDK2 for RHEL 9.4) - Resolves: RHEL-49 (consume / bundle RHEL-9 OpenSSL (version 3.0.x) in RHEL-9 edk2) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2022-36764 CVE-2022-36763 CVE-2023-3446 CVE-2023-45231 CVE-2023-45229 CVE-2023-45233 CVE-2023-45232 CVE-2023-45235 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1:1.4.0-2] - rebuild - Related: RHEL-18372 [1:1.4.0-1] - update to https://github.com/containernetworking/plugins/releases/tag/v1.4.0 - Related: RHEL-2112 [1:1.3.0-5] - fix path to dhcp service - Resolves: #RHEL-3140 [1:1.3.0-4] - add Epoch in Provides - Related: #2176063 [1:1.3.0-3] - remove no_openssl for FIPS compliance - Related: #2176063 [1:1.3.0-2] - rebuild for following CVEs: CVE-2022-41724 CVE-2022-41725 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539 CVE-2023-24540 CVE-2023-29400 - Resolves: #2179960 - Resolves: #2187333 - Resolves: #2187376 - Resolves: #2203705 - Resolves: #2207519 [1:1.3.0-1] - update to https://github.com/containernetworking/plugins/releases/tag/v1.3.0 - Related: #2176063 [1:1.2.0-1] - update to https://github.com/containernetworking/plugins/releases/tag/v1.2.0 - Related: #2124478 [1:1.1.1-3] - Re-enable LTO and debuginfo - Related: #2061316 [1:1.1.1-2] - BuildRequires: /usr/bin/go-md2man - Related: #2061316 [1:1.1.1-1] - update to https://github.com/containernetworking/plugins/releases/tag/v1.1.1 - Related: #2061316 [1:1.1.0-1] - update to https://github.com/containernetworking/plugins/releases/tag/v1.1.0 - Related: #2061316 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-45287 CVE-2023-39326 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [5.15.9-9] - Fix CVE-2024-25580: potential buffer overflow when reading KTX images Resolves: RHEL-25726 [5.15.9-8] - Fix incorrect integer overflow check in HTTP2 implementation Resolves: RHEL-20239 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-25580 CVE-2023-51714 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [2.4.57-8.0.1] - Replace index.html with Oracle's index page oracle_index.html. [2.4.57-8] - mod_xml2enc: fix media type handling Resolves: RHEL-17686 - mod_dav: add DavBasePath Resolves: RHEL-6600 [2.4.57-7] - Resolves: RHEL-14447 - httpd: mod_macro: out-of-bounds read vulnerability (CVE-2023-31122) [2.4.57-6] - Resolves: RHEL-5071 - mod_dav_fs: add DavLockDBType - mod_dav_fs: add global mutex around lockdb interaction MODERATE Copyright 2024 Oracle, Inc. CVE-2023-31122 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [1.22.1-4] - CVE-2023-40474: Integer overflow leading to heap overwrite in MXF - CVE-2023-40475: Integer overflow leading to heap overwrite in MXF - CVE-2023-40476: Integer overflow in H.265 video parser - ZDI-CAN-22300: buffer overflow vulnerability - Resolves: RHEL-19501, RHEL-19505, RHEL-19506, RHEL-20201 [1.22.1-3] - Bump version - Resolves: RHEL-16795, RHEL-16788 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-40475 CVE-2023-50186 CVE-2023-40474 CVE-2023-40476 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [4.4.0-12] - Fix CVE-2023-6228 - Resolves: RHEL-10084 [4.4.0-11] - Fix CVE-2023-40090 CVE-2023-3618 CVE-2023-40745 CVE-2023-41175 - Resolves: RHEL-5458 RHEL-5455 RHEL-5405 RHEL-5450 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-6228 CVE-2023-40745 CVE-2023-41175 CVE-2023-3618 CVE-2022-40090 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [5:2.2.6-2] - Fix for: CVE-2023-4874 CVE-2023-4875 - Resolves: RHEL-2812 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-4874 CVE-2023-4875 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [3.11.7-1] - Rebase to 3.11.7 Resolves: RHEL-20233 [3.11.5-2] - Security fix for CVE-2023-27043 Resolves: RHEL-21325 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-27043 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [2.0.90.7] - Fix CVE-2021-29390 - Resolves: RHEL-5413 MODERATE Copyright 2024 Oracle, Inc. CVE-2021-29390 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1.13.1-8] - Fix copy/paste error in the DeviceStateNotify Resolves: RHEL-20533 [1.13.1-7] - Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer overflow in DisableDevice Resolves: RHEL-20389 - Fix CVE-2024-21885 tigervnc: xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent Resolves: RHEL-20383 - Fix CVE-2024-0229 tigervnc: xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access Resolves: RHEL-20533 - Fix CVE-2023-6816 tigervnc: xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer Resolves: RHEL-21213 [1.13.1-6] - Use dup() to get available file descriptor when using -inetd option Resolves: RHEL-19858 [1.13.1-5] - Fix CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions Resolves: RHEL-18414 - Fix CVE-2023-6478 tigervnc: xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty Resolves: RHEL-18426 [1.13.1-4] - Fix CVE-2023-5380 tigervnc: xorg-x11-server: Use-after-free bug in DestroyWindow Resolves: RHEL-15237 - Fix CVE-2023-5367 tigervnc: xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty Resolves: RHEL-15249 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-5574 CVE-2023-5380 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [1.22.1-2] - CVE-2023-37328: heap overwrite in subtitle parsing - Resolves: RHEL-19475 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-37328 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [1.22.1-2] - CVE-2023-37327: integer overflow leading to heap overwrite in FLAC image tag handling - Resolves: RHEL-19471 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-37327 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 * Tue Feb 27 2024 Aaron Young - Create new 20240227 release for OL9 which includes the following fixed CVEs: {CVE-2023-45229} {CVE-2023-45230} {CVE-2023-45231} {CVE-2023-45232} {CVE-2023-45233} {CVE-2023-45234} {CVE-2023-45235} {CVE-2022-36763} {CVE-2022-36764} {CVE-2022-36765} - Update to OpenSSL 3.0.10 which includes the following fixed CVEs: {CVE-2023-2975} {CVE-2023-1255} {CVE-2023-0401} {CVE-2023-0217} {CVE-2023-0216} {CVE-2023-0215} {CVE-2022-4203} {CVE-2022-3996} {CVE-2022-3602} {CVE-2022-3786} {CVE-2022-3358} {CVE-2022-2274} {CVE-2022-1473} {CVE-2022-1434} {CVE-2022-1343} {CVE-2021-4044} {CVE-2021-23839} * Tue Aug 22 2023 Aaron Young - Create new 20230822.cvm release for OL9 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-45231 CVE-2022-36763 CVE-2023-45230 CVE-2022-36765 CVE-2022-36764 CVE-2023-45229 CVE-2023-45232 CVE-2023-45234 CVE-2023-45233 CVE-2023-45235 cpe:/a:oracle:linux:9::developer_kvm_utils cpe:/a:oracle:linux:9::kvm_utils Oracle Linux 9 [37.0.2-6] - Security fix for CVE-2023-49083 - Resolves: RHEL-19832 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-49083 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [2.11.3-5] - Security fix for CVE-2024-22195 Resolves: RHEL-21349 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-22195 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 mingw-binutils [2.41-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild [2.41-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild [2.41-1] - Update to 2.41 [2.40-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild mingw-crt * Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild [11.0.1-1] - Update to 11.0.1 * Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild mingw-filesystem [148-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild [148-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild [148-1] - Add pkgconfig provides [147-3] - Add dependency on cmake-rpm-macros [147-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild mingw-gcc [13.2.1-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild [13.2.1-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild [13.2.1-1] - Update to 13.2.1 (20230728) [13.1.1-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild mingw-headers [11.0.1-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild [11.0.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild [11.0.1-1] - Update to 11.0.1 [11.0.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild mingw-libffi [3.4.4-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild [3.4.4-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild mingw-w64-tools [11.0.1-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild [11.0.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild [11.0.1-1] - Update to 11.0.1 mingw-winpthreads [11.0.1-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild [11.0.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild [11.0.1-1] - Update to 11.0.1 [11.0.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild mingw-zlib [1.3.1-1] - Update to 1.3.1 [1.2.13-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild [1.2.13-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild [1.2.13-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild MODERATE Copyright 2024 Oracle, Inc. CVE-2023-1579 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::distro_builder cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [3.2.1-10] - Fix CVE-2024-24258 and CVE-2024-24259 Resolves: https://issues.redhat.com/browse/RHEL-25176 Resolves: https://issues.redhat.com/browse/RHEL-25178 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-24259 CVE-2024-24258 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [2.0.26-1] - Resolves: RHEL-14691 - mod_http2 rebase to 2.0.26 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-45802 CVE-2023-43622 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [0.13.71-11] - Fix CVE-2020-18770 Previous patch was causing segfault Resolves: RHEL-14967 [0.13.71-10] - Fix CVE-2020-18770 Resolves: RHEL-14967 MODERATE Copyright 2024 Oracle, Inc. CVE-2020-18770 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 mod_jk [1.2.49-1] - Related: RHEL-27511 - Rebase to upstream 1.2.49 release mod_proxy_cluster [1.3.20-1] - Rebase mod_cluster to upstream 1.3.20.Final tag - Related: RHEL-27497 - Rebase to upstream 1.3.20.Final release MODERATE Copyright 2024 Oracle, Inc. CVE-2023-6710 CVE-2023-41081 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [5.14.0-427.13.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates - 5.14.0 - Debranding patches copied from Rocky Linux (Louis Abel and Sherif Nagy from RESF) [5.14.0-427.13.1_4] - ice: fix enabling RX VLAN filtering (Petr Oros) [RHEL-28837] [5.14.0-427.12.1_4] - mm/sparsemem: fix race in accessing memory_section->usage (Waiman Long) [RHEL-28877 RHEL-28878] {CVE-2023-52489} - Revert '[redhat] kabi: add symbol __scsi_execute to stablelist' (Ewan D. Milne) [RHEL-30725] [5.14.0-427.11.1_4] - xfs: fix SEEK_HOLE/DATA for regions with active COW extents (Bill O'Donnell) [RHEL-29365] [5.14.0-427.10.1_4] - NFS: remove sync_mode test from nfs_writepage_locked() (Jeffrey Layton) [RHEL-28630] - nfs: Remove writepage (Jeffrey Layton) [RHEL-28630] [5.14.0-427.9.1_4] - blk-mq: don't schedule block kworker on isolated CPUs (Ming Lei) [RHEL-13920] [5.14.0-427.8.1_4] - dm-integrity: align the outgoing bio in integrity_recheck (Benjamin Marzinski) [RHEL-29679] - dm-integrity: fix a memory leak when rechecking the data (Benjamin Marzinski) [RHEL-29679] - NFSv4: fairly test all delegations on a SEQ4_ revocation (Benjamin Coddington) [RHEL-7976] [5.14.0-427.7.1_4] - NFS: Read unlock folio on nfs_page_create_from_folio() error (Benjamin Coddington) [RHEL-18029] - i40e: Fix VF MAC filter removal (Ivan Vecera) [RHEL-15701] - i40e: Fix firmware version comparison function (Ivan Vecera) [RHEL-15701] - i40e: disable NAPI right after disabling irqs when handling xsk_pool (Ivan Vecera) [RHEL-15701] - i40e: take into account XDP Tx queues when stopping rings (Ivan Vecera) [RHEL-15701] - i40e: avoid double calling i40e_pf_rxq_wait() (Ivan Vecera) [RHEL-15701] - i40e: Fix wrong mask used during DCB config (Ivan Vecera) [RHEL-15701] - i40e: Fix waiting for queues of all VSIs to be disabled (Ivan Vecera) [RHEL-15701] - i40e: Do not allow untrusted VF to remove administratively set MAC (Ivan Vecera) [RHEL-15701] - net: intel: fix old compiler regressions (Ivan Vecera) [RHEL-15701] - i40e: update xdp_rxq_info::frag_size for ZC enabled Rx queue (Ivan Vecera) [RHEL-15701] - i40e: set xdp_rxq_info::frag_size (Ivan Vecera) [RHEL-15701] - intel: xsk: initialize skb_frag_t::bv_offset in ZC drivers (Ivan Vecera) [RHEL-15701] - i40e: handle multi-buffer packets that are shrunk by xdp prog (Ivan Vecera) [RHEL-15701] - i40e: Include types.h to some headers (Ivan Vecera) [RHEL-15701] - i40e: Restore VF MSI-X state during PCI reset (Ivan Vecera) [RHEL-15701] - i40e: fix use-after-free in i40e_aqc_add_filters() (Ivan Vecera) [RHEL-15701] - i40e: Avoid unnecessary use of comma operator (Ivan Vecera) [RHEL-15701] - i40e: Fix VF disable behavior to block all traffic (Ivan Vecera) [RHEL-15701] - i40e: Fix filter input checks to prevent config with invalid values (Ivan Vecera) [RHEL-15701] - i40e: field get conversion (Ivan Vecera) [RHEL-15701] - i40e: field prep conversion (Ivan Vecera) [RHEL-15701] - intel: add bit macro includes where needed (Ivan Vecera) [RHEL-15701] - i40e: remove fake support of rx-frames-irq (Ivan Vecera) [RHEL-15701] - i40e: Fix ST code value for Clause 45 (Ivan Vecera) [RHEL-15701] - i40e: Fix unexpected MFS warning message (Ivan Vecera) [RHEL-15701] - i40e: Remove queue tracking fields from i40e_adminq_ring (Ivan Vecera) [RHEL-15701] - i40e: Remove AQ register definitions for VF types (Ivan Vecera) [RHEL-15701] - i40e: Delete unused and useless i40e_pf fields (Ivan Vecera) [RHEL-15701] - i40e: Fix adding unsupported cloud filters (Ivan Vecera) [RHEL-15701] - i40e: Delete unused i40e_mac_info fields (Ivan Vecera) [RHEL-15701] - i40e: Move inline helpers to i40e_prototype.h (Ivan Vecera) [RHEL-15701] - i40e: Remove VF MAC types (Ivan Vecera) [RHEL-15701] - i40e: Use helpers to check running FW and AQ API versions (Ivan Vecera) [RHEL-15701] - i40e: Add other helpers to check version of running firmware and AQ API (Ivan Vecera) [RHEL-15701] - i40e: Move i40e_is_aq_api_ver_ge helper (Ivan Vecera) [RHEL-15701] - i40e: Initialize hardware capabilities at single place (Ivan Vecera) [RHEL-15701] - i40e: Consolidate hardware capabilities (Ivan Vecera) [RHEL-15701] - i40e: Use DECLARE_BITMAP for flags field in i40e_hw (Ivan Vecera) [RHEL-15701] - i40e: Use DECLARE_BITMAP for flags and hw_features fields in i40e_pf (Ivan Vecera) [RHEL-15701] - i40e: Remove _t suffix from enum type names (Ivan Vecera) [RHEL-15701] - i40e: Remove unused flags (Ivan Vecera) [RHEL-15701] - i40e: add an error code check in i40e_vsi_setup (Ivan Vecera) [RHEL-15701] - i40e: increase max descriptors for XL710 (Ivan Vecera) [RHEL-15701] - i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR (Ivan Vecera) [RHEL-15701] - i40e: sync next_to_clean and next_to_process for programming status desc (Ivan Vecera) [RHEL-15701] - i40e: Fix I40E_FLAG_VF_VLAN_PRUNING value (Ivan Vecera) [RHEL-15701] - i40e: xsk: remove count_mask (Ivan Vecera) [RHEL-15701] - i40e: use scnprintf over strncpy+strncat (Ivan Vecera) [RHEL-15701] - intel: fix format warnings (Ivan Vecera) [RHEL-15701] - i40e: Refactor and rename i40e_read_pba_string() (Ivan Vecera) [RHEL-15701] - i40e: Split and refactor i40e_nvm_version_str() (Ivan Vecera) [RHEL-15701] - i40e: prevent crash on probe if hw registers have invalid values (Ivan Vecera) [RHEL-15701] - i40e: Move DDP specific macros and structures to i40e_ddp.c (Ivan Vecera) [RHEL-15701] - i40e: Remove circular header dependencies and fix headers (Ivan Vecera) [RHEL-15701] - i40e: Split i40e_osdep.h (Ivan Vecera) [RHEL-15701] - i40e: Move memory allocation structures to i40e_alloc.h (Ivan Vecera) [RHEL-15701] - i40e: Simplify memory allocation functions (Ivan Vecera) [RHEL-15701] - i40e: Refactor I40E_MDIO_CLAUSE* macros (Ivan Vecera) [RHEL-15701] - i40e: Move I40E_MASK macro to i40e_register.h (Ivan Vecera) [RHEL-15701] - i40e: Remove back pointer from i40e_hw structure (Ivan Vecera) [RHEL-15701] - i40e: Add rx_missed_errors for buffer exhaustion (Ivan Vecera) [RHEL-15701] - net: Tree wide: Replace xdp_do_flush_map() with xdp_do_flush(). (Ivan Vecera) [RHEL-15701] - i40e: fix potential memory leaks in i40e_remove() (Ivan Vecera) [RHEL-15701] - i40e: fix potential NULL pointer dereferencing of pf->vf i40e_sync_vsi_filters() (Ivan Vecera) [RHEL-15701] - i40e: fix misleading debug logs (Ivan Vecera) [RHEL-15701] - i40e: Replace one-element array with flex-array member in struct i40e_profile_aq_section (Ivan Vecera) [RHEL-15701] - i40e: Replace one-element array with flex-array member in struct i40e_section_table (Ivan Vecera) [RHEL-15701] - i40e: Replace one-element array with flex-array member in struct i40e_profile_segment (Ivan Vecera) [RHEL-15701] - i40e: Replace one-element array with flex-array member in struct i40e_package_header (Ivan Vecera) [RHEL-15701] - i40e: Remove unused function declarations (Ivan Vecera) [RHEL-15701] - i40e: remove i40e_status (Ivan Vecera) [RHEL-15701] - i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir() (Ivan Vecera) [RHEL-15701] - i40e: xsk: add TX multi-buffer support (Ivan Vecera) [RHEL-15701] - i40e: xsk: add RX multi-buffer support (Ivan Vecera) [RHEL-15701] - i40e, xsk: fix comment typo (Ivan Vecera) [RHEL-15701] - i40e: remove unnecessary check for old MAC == new MAC (Ivan Vecera) [RHEL-15701] - i40e: fix i40e_setup_misc_vector() error handling (Ivan Vecera) [RHEL-15701] - i40e: fix accessing vsi->active_filters without holding lock (Ivan Vecera) [RHEL-15701] - i40e: Add support for VF to specify its primary MAC address (Ivan Vecera) [RHEL-15701] - i40e: fix registers dump after run ethtool adapter self test (Ivan Vecera) [RHEL-15701] - i40e: fix flow director packet filter programming (Ivan Vecera) [RHEL-15701] - i40e: add support for XDP multi-buffer Rx (Ivan Vecera) [RHEL-15701] - i40e: add xdp_buff to i40e_ring struct (Ivan Vecera) [RHEL-15701] - i40e: introduce next_to_process to i40e_ring (Ivan Vecera) [RHEL-15701] - i40e: use frame_sz instead of recalculating truesize for building skb (Ivan Vecera) [RHEL-15701] - i40e: Change size to truesize when using i40e_rx_buffer_flip() (Ivan Vecera) [RHEL-15701] - i40e: add pre-xdp page_count in rx_buffer (Ivan Vecera) [RHEL-15701] - i40e: change Rx buffer size for legacy-rx to support XDP multi-buffer (Ivan Vecera) [RHEL-15701] - i40e: consolidate maximum frame size calculation for vsi (Ivan Vecera) [RHEL-15701] - i40e: check vsi type before setting xdp_features flag (Ivan Vecera) [RHEL-15701] - drivers: net: turn on XDP features (Ivan Vecera) [RHEL-15701] - i40e: add xdp frags support to ndo_xdp_xmit (Ivan Vecera) [RHEL-15701] - dmaengine: idxd: Ensure safe user copy of completion record (Jerry Snitselaar) [RHEL-28511] - dmaengine: idxd: Remove shadow Event Log head stored in idxd (Jerry Snitselaar) [RHEL-28511] - dmaengine: idxd: Move dma_free_coherent() out of spinlocked context (Jerry Snitselaar) [RHEL-28511] [5.14.0-427.6.1_4] - IB/hfi1: Fix sdma.h tx->num_descs off-by-one error (Daniel Vacek) [RHEL-26063] - ASoC: Intel: soc-acpi: rt713+rt1316, no sdw-dmic config (Jaroslav Kysela) [RHEL-26456] - hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed (Maxim Levitsky) [RHEL-26435] - hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove (Maxim Levitsky) [RHEL-26435] - mlxsw: spectrum_acl_tcam: Fix stack corruption (Ivan Vecera) [RHEL-26463 RHEL-26465] {CVE-2024-26586} [5.14.0-427.5.1_4] - i2c: i801: Fix block process call transactions (David Arcari) [RHEL-26479 RHEL-26481] {CVE-2024-26593} - sched/membarrier: reduce the ability to hammer on sys_membarrier (Wander Lairson Costa) [RHEL-23428 RHEL-23429] {CVE-2024-26602} [5.14.0-427.4.1_4] - redhat/configs: enable pwr-mlxbf (Nirmala Dalvi) [RHEL-21119] - power: reset: pwr-mlxbf: support graceful reboot instead of emergency reset (Nirmala Dalvi) [RHEL-21119] - power: reset: use capital 'OR' for multiple licenses in SPDX (Nirmala Dalvi) [RHEL-21119] - power: reset: pwr-mlxbf: change rst_pwr_hid and low_pwr_hid from global to local variables (Nirmala Dalvi) [RHEL-21119] - power: reset: pwr-mlxbf: add missing include (Nirmala Dalvi) [RHEL-21119] - power: reset: pwr-mlxbf: add BlueField SoC power control driver (Nirmala Dalvi) [RHEL-21119] - redhat/configs: enable pinctrl_mlxbf3 This driver is required to support the pinctrl device on the Bluefield-3 card. (Nirmala Dalvi) [RHEL-21115] - pinctrl: mlxbf3: Remove gpio_disable_free() (Nirmala Dalvi) [RHEL-21115] - pinctrl: use capital 'OR' for multiple licenses in SPDX (Nirmala Dalvi) [RHEL-21115] - pinctrl: mlxbf3: set varaiable mlxbf3_pmx_funcs storage-class-specifier to static (Nirmala Dalvi) [RHEL-21115] - pinctrl: mlxbf3: Add pinctrl driver support (Nirmala Dalvi) [RHEL-21115] - redhat/configs: enable gpio_mlxbf3 (Nirmala Dalvi) [RHEL-21113] - gpio: mlxbf3: add an error code check in mlxbf3_gpio_probe (Nirmala Dalvi) [RHEL-21113] - gpio: mlxbf3: use capital 'OR' for multiple licenses in SPDX (Nirmala Dalvi) [RHEL-21113] - gpio: mlxbf3: Support add_pin_ranges() (Nirmala Dalvi) [RHEL-21113] - gpio: mlxbf3: Add gpio driver support (Nirmala Dalvi) [RHEL-21113] - redhat/configs: enable mlxbf-pmc (Luiz Capitulino) [RHEL-21122] - platform/mellanox: mlxbf-pmc: Ignore unsupported performance blocks (Luiz Capitulino) [RHEL-21122] - platform/mellanox: mlxbf-pmc: mlxbf_pmc_event_list(): make size ptr optional (Luiz Capitulino) [RHEL-21122] - platform/mellanox: mlxbf-pmc: Cleanup signed/unsigned mix-up (Luiz Capitulino) [RHEL-21122] - platform/mellanox: mlxbf-pmc: Replace uintN_t with kernel-style types (Luiz Capitulino) [RHEL-21122] - platform/mellanox: mlxbf-pmc: Fix offset calculation for crspace events (Luiz Capitulino) [RHEL-21122] - platform/mellanox: Check devm_hwmon_device_register_with_groups() return value (Luiz Capitulino) [RHEL-21122] - platform/mellanox: Add null pointer checks for devm_kasprintf() (Luiz Capitulino) [RHEL-21122] - platform/mellanox: mlxbf-pmc: Add support for BlueField-3 (Luiz Capitulino) [RHEL-21122] - platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (Luiz Capitulino) [RHEL-21122] - platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (Luiz Capitulino) [RHEL-21122] - platform/mellanox: mlxbf-pmc: fix sscanf() error checking (Luiz Capitulino) [RHEL-21122] - platform/mellanox: mlxbf-pmc: fix kernel-doc notation (Luiz Capitulino) [RHEL-21122] - SUNRPC: Remove stale comments (Jeffrey Layton) [RHEL-22860] - NFSD: Remove BUG_ON in nfsd4_process_cb_update() (Jeffrey Layton) [RHEL-22860] - NFSD: Replace comment with lockdep assertion (Jeffrey Layton) [RHEL-22860] - NFSD: Remove unused @reason argument (Jeffrey Layton) [RHEL-22860] - NFSD: Add callback operation lifetime trace points (Jeffrey Layton) [RHEL-22860] - NFSD: Rename nfsd_cb_state trace point (Jeffrey Layton) [RHEL-22860] - NFSD: Replace dprintks in nfsd4_cb_sequence_done() (Jeffrey Layton) [RHEL-22860] - NFSD: Add nfsd_seq4_status trace event (Jeffrey Layton) [RHEL-22860] - NFSD: Retransmit callbacks after client reconnects (Jeffrey Layton) [RHEL-22860] - NFSD: Reschedule CB operations when backchannel rpc_clnt is shut down (Jeffrey Layton) [RHEL-22860] - NFSD: Convert the callback workqueue to use delayed_work (Jeffrey Layton) [RHEL-22860] - NFSD: Reset cb_seq_status after NFS4ERR_DELAY (Jeffrey Layton) [RHEL-22860] - NFSv4, NFSD: move enum nfs_cb_opnum4 to include/linux/nfs4.h (Jeffrey Layton) [RHEL-22860] - tls: fix use-after-free on failed backlog decryption (Sabrina Dubroca) [RHEL-26410 RHEL-26415] {CVE-2024-26584} - tls: separate no-async decryption request handling from async (Sabrina Dubroca) [RHEL-26410 RHEL-26415] {CVE-2024-26584} - tls: decrement decrypt_pending if no async completion will be called (Sabrina Dubroca) [RHEL-26416 RHEL-26421] {CVE-2024-26583} - net: tls: fix use-after-free with partial reads and async decrypt (Sabrina Dubroca) [RHEL-26398 RHEL-26401] {CVE-2024-26582} - net: tls: handle backlogging of crypto requests (Sabrina Dubroca) [RHEL-26410 RHEL-26415] {CVE-2024-26584} - tls: fix race between tx work scheduling and socket close (Sabrina Dubroca) [RHEL-26361 RHEL-26363] {CVE-2024-26585} - tls: fix race between async notify and socket close (Sabrina Dubroca) [RHEL-26416 RHEL-26421] {CVE-2024-26583} - net: tls: factor out tls_*crypt_async_wait() (Sabrina Dubroca) [RHEL-26416 RHEL-26421] {CVE-2024-26583} - i2c: mlxbf: Use devm_platform_get_and_ioremap_resource() (Luiz Capitulino) [RHEL-21116] - I2C: Explicitly include correct DT includes (Luiz Capitulino) [RHEL-21116] - i2c: mlxbf: Use dev_err_probe in probe function (Luiz Capitulino) [RHEL-21116] - i2c: Convert to platform remove callback returning void (Luiz Capitulino) [RHEL-21116] - i2c: mlxbf: depend on ACPI; clean away ifdeffage (Luiz Capitulino) [RHEL-21116] - i2c: mlxbf: remove device tree support (Luiz Capitulino) [RHEL-21116] - i2c: mlxbf: support BlueField-3 SoC (Luiz Capitulino) [RHEL-21116] - i2c: mlxbf: add multi slave functionality (Luiz Capitulino) [RHEL-21116] - i2c: mlxbf: support lock mechanism (Luiz Capitulino) [RHEL-21116] - i2c: mlxbf: Fix frequency calculation (Luiz Capitulino) [RHEL-21116] - i2c: mlxbf: Refactor _UID handling to use acpi_dev_uid_to_integer() (Luiz Capitulino) [RHEL-21116] - i2c: mlxbf: remove IRQF_ONESHOT (Luiz Capitulino) [RHEL-21116] - i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() (Luiz Capitulino) [RHEL-21116] - i2c: mlxbf: incorrect base address passed during io write (Luiz Capitulino) [RHEL-21116] [5.14.0-427.3.1_4] - SEV: disable SEV-ES DebugSwap by default (Paolo Bonzini) [RHEL-22997] - dm-integrity, dm-verity: reduce stack usage for recheck (Benjamin Marzinski) [RHEL-20912] - dm-crypt: recheck the integrity tag after a failure (Benjamin Marzinski) [RHEL-20912] - dm-crypt: don't modify the data when using authenticated encryption (Benjamin Marzinski) [RHEL-20912] - dm-verity: recheck the hash after a failure (Benjamin Marzinski) [RHEL-20912] - dm-integrity: recheck the integrity tag after a failure (Benjamin Marzinski) [RHEL-20912] - tracing/timerlat: Move hrtimer_init to timerlat_fd open() (John Kacur) [RHEL-26665] - gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump (Andrew Price) [RHEL-26500 RHEL-26502] {CVE-2023-52448} - NFSv4: Always ask for type with READDIR (Benjamin Coddington) [RHEL-15843] - sunrpc: have svc tasks sleep in TASK_INTERRUPTIBLE instead of TASK_IDLE (Jeffrey Layton) [RHEL-22742] - smb: client: fix OOB in receive_encrypted_standard() (Scott Mayhew) [RHEL-21687 RHEL-21688] {CVE-2024-0565} - EDAC/amd64: Add support for family 0x19, models 0x90-9f devices (Aristeu Rozanski) [RHEL-10022] - EDAC/mc: Add support for HBM3 memory type (Aristeu Rozanski) [RHEL-10022] - x86/MCE/AMD: Add new MA_LLC, USR_DP, and USR_CP bank types (Aristeu Rozanski) [RHEL-10022] - EDAC/mce_amd: Remove SMCA Extended Error code descriptions (Aristeu Rozanski) [RHEL-10022] - x86/mce/amd, EDAC/mce_amd: Move long names to decoder module (Aristeu Rozanski) [RHEL-10022] - EDAC/amd64: Cache and use GPU node map (Aristeu Rozanski) [RHEL-10022] - EDAC/amd64: Add support for AMD heterogeneous Family 19h Model 30h-3Fh (Aristeu Rozanski) [RHEL-10022] - EDAC/amd64: Document heterogeneous system enumeration (Aristeu Rozanski) [RHEL-10022] - x86/MCE/AMD, EDAC/mce_amd: Decode UMC_V2 ECC errors (Aristeu Rozanski) [RHEL-10022] - EDAC/amd64: Fix indentation in umc_determine_edac_cap() (Aristeu Rozanski) [RHEL-10022] - EDAC: Sanitize MODULE_AUTHOR strings (Aristeu Rozanski) [RHEL-10022] - EDAC/amd64: Add get_err_info() to pvt->ops (Aristeu Rozanski) [RHEL-10022] - EDAC/amd64: Split dump_misc_regs() into dct/umc functions (Aristeu Rozanski) [RHEL-10022] - EDAC/amd64: Split init_csrows() into dct/umc functions (Aristeu Rozanski) [RHEL-10022] - EDAC/amd64: Split determine_edac_cap() into dct/umc functions (Aristeu Rozanski) [RHEL-10022] - fprobe: Ensure running fprobe_exit_handler() finished before calling rethook_free() (Viktor Malik) [RHEL-26131] - fprobe: Release rethook after the ftrace_ops is unregistered (Viktor Malik) [RHEL-26131] - fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super {CVE-2024-0841} (Audra Mitchell) [RHEL-20615 RHEL-20617] {CVE-2024-0841} - smb: client: fix parsing of SMB3.1.1 POSIX create context (Paulo Alcantara) [RHEL-26242 RHEL-26244] {CVE-2023-52434} - smb: client: fix potential OOBs in smb2_parse_contexts() (Paulo Alcantara) [RHEL-26242 RHEL-26244] {CVE-2023-52434} [5.14.0-427.2.1_4] - x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (Paolo Bonzini) [RHEL-23426] - x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (Paolo Bonzini) [RHEL-23426] - x86/boot: Move x86_cache_alignment initialization to correct spot (Paolo Bonzini) [RHEL-23426] - x86/sev-es: Set x86_virt_bits to the correct value straight away, instead of a two-phase approach (Paolo Bonzini) [RHEL-23426] - KVM: x86: make KVM_REQ_NMI request iff NMI pending for vcpu (Prasad Pandit) [RHEL-2815] - drm/tegra: Remove existing framebuffer only if we support display (Robert Foss) [RHEL-26130] - Deprecate qla4xxx in RHEL-9 (Chris Leech) [RHEL-1241] - dm-bufio: fix no-sleep mode (Benjamin Marzinski) [RHEL-23968] - selftests: rtnetlink: add MACsec offload tests (Sabrina Dubroca) [RHEL-24616] - netdevsim: add dummy macsec offload (Sabrina Dubroca) [RHEL-24616] - selftests: rtnetlink: Make the set of tests to run configurable (Sabrina Dubroca) [RHEL-24616] [5.14.0-427.1.1_4] - config: wifi: enable MT7925E card (Jose Ignacio Tornos Martinez) [RHEL-14693] - shmem: support idmapped mounts for tmpfs (Giuseppe Scrivano) [RHEL-23900] - iommu/vt-d: Fix incorrect cache invalidation for mm notification (Jerry Snitselaar) [RHEL-26541] - mmu_notifiers: rename invalidate_range notifier (Jerry Snitselaar) [RHEL-26541] - mmu_notifiers: don't invalidate secondary TLBs as part of mmu_notifier_invalidate_range_end() (Jerry Snitselaar) [RHEL-26541] - mmu_notifiers: call invalidate_range() when invalidating TLBs (Jerry Snitselaar) [RHEL-26541] - mmu_notifiers: fixup comment in mmu_interval_read_begin() (Jerry Snitselaar) [RHEL-26541] - mlxbf_gige: Enable the GigE port in mlxbf_gige_open (Luiz Capitulino) [RHEL-21118] - mlxbf_gige: Fix intermittent no ip issue (Luiz Capitulino) [RHEL-21118] - mlxbf_gige: fix receive packet race condition (Luiz Capitulino) [RHEL-21118] - net: ethernet: mellanox: Convert to platform remove callback returning void (Luiz Capitulino) [RHEL-21118] - mlxbf_gige: Remove two unused function declarations (Luiz Capitulino) [RHEL-21118] - net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure (Luiz Capitulino) [RHEL-21118] - mlxbf_gige: fix white space in mlxbf_gige_eth_ioctl (Luiz Capitulino) [RHEL-21118] - mlxbf_gige: add 'set_link_ksettings' ethtool callback (Luiz Capitulino) [RHEL-21118] - mlxbf_gige: support 10M/100M/1G speeds on BlueField-3 (Luiz Capitulino) [RHEL-21118] - mlxbf_gige: add MDIO support for BlueField-3 (Luiz Capitulino) [RHEL-21118] - net/mlxbf_gige: Fix an IS_ERR() vs NULL bug in mlxbf_gige_mdio_probe (Luiz Capitulino) [RHEL-21118] - mlxbf_gige: clear MDIO gateway lock after read (Luiz Capitulino) [RHEL-21118] - mlxbf_gige: compute MDIO period based on i1clk (Luiz Capitulino) [RHEL-21118] - mlxbf_gige: remove own module name define and use KBUILD_MODNAME instead (Luiz Capitulino) [RHEL-21118] - net/mlxbf_gige: use eth_zero_addr() to clear mac address (Luiz Capitulino) [RHEL-21118] - mlxbf_gige: remove driver-managed interrupt counts (Luiz Capitulino) [RHEL-21118] - mlxbf_gige: increase MDIO polling rate to 5us (Luiz Capitulino) [RHEL-21118] - net: mellanox: mlxbf_gige: Replace non-standard interrupt handling (Luiz Capitulino) [RHEL-21118] - mlxbf_gige: clear valid_polarity upon open (Luiz Capitulino) [RHEL-21118] - net/mlxbf_gige: Make use of devm_platform_ioremap_resourcexxx() (Luiz Capitulino) [RHEL-21118] - redhat: update self-test data (Scott Weaver) - redhat: enable zstream release numbering for RHEL 9.4 (Scott Weaver) - redhat: set default dist suffix for RHEL 9.4 (Scott Weaver) [5.14.0-427] - scsi: smartpqi: Fix disable_managed_interrupts (Tomas Henzl) [RHEL-26145] - redhat/configs: Enable Intel IAA Compression Accelerator for x86 (Vladis Dronov) [RHEL-20145] - crypto: iaa - Account for cpu-less numa nodes (Vladis Dronov) [RHEL-20145] - crypto: iaa - remove unneeded semicolon (Vladis Dronov) [RHEL-20145] - crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (Vladis Dronov) [RHEL-20145] - crypto: iaa - Change desc->priv to 0 (Vladis Dronov) [RHEL-20145] - dmaengine: idxd: Add support for device/wq defaults (Vladis Dronov) [RHEL-20145] - crypto: iaa - Add IAA Compression Accelerator stats (Vladis Dronov) [RHEL-20145] - crypto: iaa - Add irq support for the crypto async interface (Vladis Dronov) [RHEL-20145] - crypto: iaa - Add support for deflate-iaa compression algorithm (Vladis Dronov) [RHEL-20145] - crypto: iaa - Add compression mode management along with fixed mode (Vladis Dronov) [RHEL-20145] - crypto: iaa - Add per-cpu workqueue table with rebalancing (Vladis Dronov) [RHEL-20145] - crypto: iaa - Add Intel IAA Compression Accelerator crypto driver core (Vladis Dronov) [RHEL-20145] - crypto: iaa - Add IAA Compression Accelerator Documentation (Vladis Dronov) [RHEL-20145] - dmaengine: idxd: add callback support for iaa crypto (Vladis Dronov) [RHEL-20145] - dmaengine: idxd: Add wq private data accessors (Vladis Dronov) [RHEL-20145] - dmaengine: idxd: Export wq resource management functions (Vladis Dronov) [RHEL-20145] - dmaengine: idxd: Export descriptor management functions (Vladis Dronov) [RHEL-20145] - dmaengine: idxd: Rename drv_enable/disable_wq to idxd_drv_enable/disable_wq, and export (Vladis Dronov) [RHEL-20145] - dmaengine: idxd: add external module driver support for dsa_bus_type (Vladis Dronov) [RHEL-20145] - dmaengine: idxd: add wq driver name support for accel-config user tool (Vladis Dronov) [RHEL-20145] [5.14.0-426] - firmware: arm_ffa: Assign the missing IDR allocation ID to the FFA device (Mark Salter) [RHEL-16037] - firmware: arm_ffa: Allow the FF-A drivers to use 32bit mode of messaging (Mark Salter) [RHEL-16037] - optee: fix uninited async notif value (Mark Salter) [RHEL-16037] - KEYS: trusted: tee: Refactor register SHM usage (Mark Salter) [RHEL-16037] - redhat/configs: enable ARM_FFA_TRANSPORT (Mark Salter) [RHEL-16037] - firmware: arm_ffa: Don't set the memory region attributes for MEM_LEND (Mark Salter) [RHEL-16037] - firmware: arm_ffa: Set handle field to zero in memory descriptor (Mark Salter) [RHEL-16037] - firmware: arm_ffa: Set reserved/MBZ fields to zero in the memory descriptors (Mark Salter) [RHEL-16037] - firmware: arm_ffa: Fix FFA device names for logical partitions (Mark Salter) [RHEL-16037] - firmware: arm_ffa: Fix usage of partition info get count flag (Mark Salter) [RHEL-16037] - firmware: arm_ffa: Check if ffa_driver remove is present before executing (Mark Salter) [RHEL-16037] - tee: optee: Add SMC for loading OP-TEE image (Mark Salter) [RHEL-16037] - optee: add per cpu asynchronous notification (Mark Salter) [RHEL-16037] - tee: optee: Fix typo Unuspported -> Unsupported (Mark Salter) [RHEL-16037] - tee: amdtee: fix race condition in amdtee_open_session (Mark Salter) [RHEL-16037] - firmware: arm_ffa: Move comment before the field it is documenting (Mark Salter) [RHEL-16037] - optee: Add __init/__exit annotations to module init/exit funcs (Mark Salter) [RHEL-16037] - tee: optee: fix possible memory leak in optee_register_device() (Mark Salter) [RHEL-16037] - firmware: arm_ffa: Split up ffa_ops into info, message and memory operations (Mark Salter) [RHEL-16037] - firmware: arm_ffa: Set up 32bit execution mode flag using partiion property (Mark Salter) [RHEL-16037] - firmware: arm_ffa: Add v1.1 get_partition_info support (Mark Salter) [RHEL-16037] - firmware: arm_ffa: Rename ffa_dev_ops as ffa_ops (Mark Salter) [RHEL-16037] - firmware: arm_ffa: Make memory apis ffa_device independent (Mark Salter) [RHEL-16037] - tee: optee: Drop ffa_ops in optee_ffa structure using ffa_dev->ops directly (Mark Salter) [RHEL-16037] - tee: fix compiler warning in tee_shm_register() (Mark Salter) [RHEL-16037] - tee: add overflow check in register_shm_helper() (Mark Salter) [RHEL-16037] - tee: tee_get_drvdata(): fix description of return value (Mark Salter) [RHEL-16037] - optee: Remove duplicate 'of' in two places. (Mark Salter) [RHEL-16037] - optee: smc_abi.c: fix wrong pointer passed to IS_ERR/PTR_ERR() (Mark Salter) [RHEL-16037] - tee: optee: Pass a pointer to virt_addr_valid() (Mark Salter) [RHEL-16037] - tee: optee: Use ffa_dev_get_drvdata to fetch driver_data (Mark Salter) [RHEL-16037] - tee: remove flags TEE_IOCTL_SHM_MAPPED and TEE_IOCTL_SHM_DMA_BUF (Mark Salter) [RHEL-16037] - tee: remove tee_shm_va2pa() and tee_shm_pa2va() (Mark Salter) [RHEL-16037] - optee: cache argument shared memory structs (Mark Salter) [RHEL-16037] - optee: add FF-A capability OPTEE_FFA_SEC_CAP_ARG_OFFSET (Mark Salter) [RHEL-16037] - optee: add OPTEE_SMC_CALL_WITH_RPC_ARG and OPTEE_SMC_CALL_WITH_REGD_ARG (Mark Salter) [RHEL-16037] - optee: rename rpc_arg_count to rpc_param_count (Mark Salter) [RHEL-16037] - tee: make tee_shm_register_kernel_buf vmalloc supported (Mark Salter) [RHEL-16037] - tee: combine 'config' and 'menu' for TEE's menuconfig (Mark Salter) [RHEL-16037] - tee: optee: add missing mutext_destroy in optee_ffa_probe (Mark Salter) [RHEL-16037] - tee: refactor TEE_SHM_* flags (Mark Salter) [RHEL-16037] - tee: replace tee_shm_register() (Mark Salter) [RHEL-16037] - KEYS: trusted: tee: use tee_shm_register_kernel_buf() (Mark Salter) [RHEL-16037] - tee: add tee_shm_register_{user,kernel}_buf() (Mark Salter) [RHEL-16037] - optee: add optee_pool_op_free_helper() (Mark Salter) [RHEL-16037] - tee: replace tee_shm_alloc() (Mark Salter) [RHEL-16037] - tee: simplify shm pool handling (Mark Salter) [RHEL-16037] - tee: add tee_shm_alloc_user_buf() (Mark Salter) [RHEL-16037] - tee: remove unused tee_shm_pool_alloc_res_mem() (Mark Salter) [RHEL-16037] - hwrng: optee-rng: use tee_shm_alloc_kernel_buf() (Mark Salter) [RHEL-16037] - tee: amdtee: Make use of the helper macro LIST_HEAD() (Mark Salter) [RHEL-16037] - tee: optee: fix error return code in probe function (Mark Salter) [RHEL-16037] - optee: use driver internal tee_context for some rpc (Mark Salter) [RHEL-16037] - optee: add error checks in optee_ffa_do_call_with_arg() (Mark Salter) [RHEL-16037] - optee: Use bitmap_free() to free bitmap (Mark Salter) [RHEL-16037] - optee: Fix NULL but dereferenced coccicheck error (Mark Salter) [RHEL-16037] - optee: add asynchronous notifications (Mark Salter) [RHEL-16037] - optee: separate notification functions (Mark Salter) [RHEL-16037] - tee: export teedev_open() and teedev_close_context() (Mark Salter) [RHEL-16037] - tee: fix put order in teedev_close_context() (Mark Salter) [RHEL-16037] - optee: Suppress false positive kmemleak report in optee_handle_rpc() (Mark Salter) [RHEL-16037] - tee: amdtee: fix an IS_ERR() vs NULL bug (Mark Salter) [RHEL-16037] - optee: fix kfree NULL pointer (Mark Salter) [RHEL-16037] - optee: Fix spelling mistake 'reclain' -> 'reclaim' (Mark Salter) [RHEL-16037] - optee: add FF-A support (Mark Salter) [RHEL-16037] - firmware: arm_ffa: Add ffa_dev_get_drvdata helper function (Mark Salter) [RHEL-16037] - firmware: arm_ffa: Use FFA_FEATURES to detect if native versions are supported (Mark Salter) [RHEL-16037] - firmware: arm_ffa: Add support for querying FF-A features (Mark Salter) [RHEL-16037] - firmware: arm_ffa: Remove ffa_dev_ops_get() (Mark Salter) [RHEL-16037] - firmware: arm_ffa: Add pointer to the ffa_dev_ops in struct ffa_dev (Mark Salter) [RHEL-16037] - PCI: Fix active state requirement in PME polling (Alex Williamson) [RHEL-25125] [5.14.0-425] - cgroup/cpuset: Include isolated cpuset CPUs in cpu_is_isolated() check (Waiman Long) [RHEL-21798] - cgroup/cpuset: Expose cpuset.cpus.isolated (Waiman Long) [RHEL-21798] - cgroup/cpuset: Take isolated CPUs out of workqueue unbound cpumask (Waiman Long) [RHEL-21798] - cgroup/cpuset: Keep track of CPUs in isolated partitions (Waiman Long) [RHEL-21798] - selftests/cgroup: Minor code cleanup and reorganization of test_cpuset_prs.sh (Waiman Long) [RHEL-21798] - workqueue: Move workqueue_set_unbound_cpumask() and its helpers inside CONFIG_SYSFS (Waiman Long) [RHEL-21798] - workqueue: Add workqueue_unbound_exclude_cpumask() to exclude CPUs from wq_unbound_cpumask (Waiman Long) [RHEL-21798] - workqueue: Make sure that wq_unbound_cpumask is never empty (Waiman Long) [RHEL-21798] - workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask() (Waiman Long) [RHEL-21798] - workqueue: add cmdline parameter workqueue.unbound_cpus to further constrain wq_unbound_cpumask at boot time (Waiman Long) [RHEL-21798] - ovl: mark xwhiteouts directory with overlay.opaque='x' (Alexander Larsson) [RHEL-25807] - ovl: Add documentation on nesting of overlayfs mounts (Alexander Larsson) [RHEL-25807] - Enable CONFIG_PWRSEQ_{SIMPLIE,EMMC} on aarch64 (Charles Mirabile) [RHEL-21062] - mmc: pwrseq: Convert to platform remove callback returning void (Charles Mirabile) [RHEL-21062] - mmc: pwrseq_simple: Convert to platform remove callback returning void (Charles Mirabile) [RHEL-21062] - mmc: pwrseq_simple: include deferred probe reasons (Charles Mirabile) [RHEL-21062] - mmc: pwrseq: Use bitmap_free() to free bitmap (Charles Mirabile) [RHEL-21062] - crypto: ccp - fix memleak in ccp_init_dm_workarea (Vladis Dronov) [RHEL-14851] - crypto: ccp/sp - Convert to platform remove callback returning void (Vladis Dronov) [RHEL-14851] - crypto: ccp - Dump SEV command buffer registers on SEV command error (Vladis Dronov) [RHEL-14851] - crypto: ccp - Add support for DBC over PSP mailbox (Vladis Dronov) [RHEL-14851] - crypto: ccp - Add a macro to check capabilities register (Vladis Dronov) [RHEL-14851] - crypto: ccp - Add a communication path abstraction for DBC (Vladis Dronov) [RHEL-14851] - crypto: ccp - Add support for extended PSP mailbox commands (Vladis Dronov) [RHEL-14851] - crypto: ccp - Move direct access to some PSP registers out of TEE (Vladis Dronov) [RHEL-14851] - crypto: ccp - Get a free page to use while fetching initial nonce (Vladis Dronov) [RHEL-14851] - crypto: ccp - Add support for getting and setting DBC parameters (Vladis Dronov) [RHEL-14851] - crypto: ccp - Add support for setting user ID for dynamic boost control (Vladis Dronov) [RHEL-14851] - crypto: ccp - Add support for fetching a nonce for dynamic boost control (Vladis Dronov) [RHEL-14851] - crypto: ccp - move setting PSP master to earlier in the init (Vladis Dronov) [RHEL-14851] - crypto: ccp - Add bootloader and TEE version offsets (Vladis Dronov) [RHEL-14851] - crypto: ccp - Add support for displaying PSP firmware versions (Vladis Dronov) [RHEL-14851] - crypto: ccp - Rename macro for security attributes (Vladis Dronov) [RHEL-14851] - sched/core: Make sched_setaffinity() always return -EINVAL on empty cpumask (Waiman Long) [RHEL-21440] - i2c: designware: Disable TX_EMPTY irq while waiting for block length byte (Charles Mirabile) [RHEL-24020] - bpf: sockmap, updating the sg structure should also update curr (Felix Maurer) [RHEL-21459] - bpf, x64: Fix tailcall infinite loop (Felix Maurer) [RHEL-21459] - tty: n_gsm: initialize more members at gsm_alloc_mux() (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix race condition in gsmld_write() (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix resource allocation order in gsm_activate_mux() (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix race condition in status line change on dead connections (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix flow control handling in tx path (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: Debug output allocation must use GFP_ATOMIC (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix sometimes uninitialized warning in gsm_dlci_modem_output() (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix NULL pointer access due to DLCI release (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: name the debug bits (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: replace use of gsm_read_ea() with gsm_read_ea_val() (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix missing tty wakeup in convergence layer type 2 (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix wrong signal octets encoding in MSC (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix buffer over-read in gsm_dlci_data() (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix wrong modem processing in convergence layer type 2 (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix user open not possible at responder until initiator open (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: Delete gsmtty open SABM frame when config requester (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix deadlock and link starvation in outgoing data path (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix non flow control frames during mux flow off (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix reset fifo race condition (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix missing explicit ldisc flush (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix deadlock in gsmtty_open() (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: Modify CR,PF bit printk info when config requester (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix SW flow control encoding/handling (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: add parameters used with parameter negotiation (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix wrong command retry handling (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: introduce macro for minimal unit size (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix insufficient txframe size (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: introduce gsm_control_command() function (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix invalid use of MSC in advanced option (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix wrong command frame length field encoding (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix wrong tty control line for flow control (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix missing timer to handle stalled links (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix wrong queuing behavior in gsm_dlci_data_output() (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: add parameter negotiation support (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix tty registration before control channel open (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix software flow control handling (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: Fix packet data hex dump output (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: Don't ignore write return value in gsmld_output() (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: name gsm tty device minors (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: stop using alloc_tty_driver (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: don't store semi-state into tty drivers (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - hvsi: don't panic on tty_register_driver failure (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - amiserial: switch rs_table to a single state (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - amiserial: expand 'custom' (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - amiserial: remove serial_* strings (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - amiserial: use memset to zero serial_state (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - Revert 'tty: n_gsm: fix UAF in gsm_cleanup_mux' (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix encoding of command/response bit (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix broken virtual tty handling (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix missing update of modem controls after DLCI open (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix frame reception handling (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: clean up indenting in gsm_queue() (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: Save dlci address open status when config requester (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: Modify CR,PF bit when config requester (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix UAF in gsm_cleanup_mux (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix wrong DLCI release order (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix mux cleanup after unregister tty device (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix decoupled mux resource (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix restart handling via CLD command (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: Modify gsmtty driver register method when config requester (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - config: wifi: enable RTL 8852CE card (Jose Ignacio Tornos Martinez) [RHEL-22603] [5.14.0-424] - tunnels: fix out of bounds access when building IPv6 PMTU error (Antoine Tenart) [RHEL-21839] - Revert 'efi/arm64: libstub: avoid SetVirtualAddressMap() when possible' (Paolo Bonzini) [RHEL-23382] - Revert 'arm64: efi: Force the use of SetVirtualAddressMap() on Altra machines' (Paolo Bonzini) [RHEL-23382] - Revert 'arm64: efi: Force the use of SetVirtualAddressMap() on eMAG and Altra Max machines' (Paolo Bonzini) [RHEL-23382] - Revert 'arm64: efi: Use SMBIOS processor version to key off Ampere quirk' (Paolo Bonzini) [RHEL-23382] - Revert 'efi/libstub: smbios: Drop unused 'recsize' parameter' (Paolo Bonzini) [RHEL-23382] - crypto: rsa - restrict plaintext/ciphertext values more (Vladis Dronov) [RHEL-24869] - crypto: rsa - add a check for allocation failure (Vladis Dronov) [RHEL-24869] - crypto: rsa - allow only odd e and restrict value in FIPS mode (Vladis Dronov) [RHEL-24869] - dm-crypt, dm-verity: disable tasklets (Benjamin Marzinski) [RHEL-23572] - dm verity: initialize fec io before freeing it (Benjamin Marzinski) [RHEL-23572] - dm-verity: don't use blocking calls from tasklets (Benjamin Marzinski) [RHEL-23572] - netfilter: nf_tables: bail out on mismatching dynset and set expressions (Florian Westphal) [RHEL-19016 RHEL-19017] {CVE-2023-6622} - memory: tegra: Add Tegra234 clients for RCE and VI (Joel Slebodnick) [RHEL-16714] - cpufreq: tegra194: remove redundant AND with cpu_online_mask (Joel Slebodnick) [RHEL-16714] - cpufreq: tegra194: use refclk delta based loop instead of udelay (Joel Slebodnick) [RHEL-16714] - cpufreq: tegra194: save CPU data to avoid repeated SMP calls (Joel Slebodnick) [RHEL-16714] - i2c: tegra: Fix i2c-tegra DMA config option processing (Joel Slebodnick) [RHEL-16714] - i2c: tegra: Fix failure during probe deferral cleanup (Joel Slebodnick) [RHEL-16714] - firmware: tegra: bpmp: Add support for DRAM MRQ GSCs (Joel Slebodnick) [RHEL-16714] - gpio: tegra186: Check PMC driver status before any request (Joel Slebodnick) [RHEL-16714] - soc/tegra: fuse: Fix Tegra234 fuse size (Joel Slebodnick) [RHEL-16714] - soc/tegra: pmc: Add AON SW Wake support for Tegra234 (Joel Slebodnick) [RHEL-16714] - gpio: tegra186: Check GPIO pin permission before access. (Joel Slebodnick) [RHEL-16714] - soc/tegra: fuse: Add support for Tegra264 (Joel Slebodnick) [RHEL-16714] - soc/tegra: bpmp: Actually free memory on error path (Joel Slebodnick) [RHEL-16714] - firmware: tegra: bpmp: Fix error paths in debugfs (Joel Slebodnick) [RHEL-16714] - netfilter: nf_tables: check if catch-all set element is active in next generation (Florian Westphal) [RHEL-23505 RHEL-23511] {CVE-2024-1085} - netfilter: nf_tables: reject QUEUE/DROP verdict parameters (Florian Westphal) [RHEL-23502 RHEL-23508] {CVE-2024-1086} - RHEL: re-enable CONFIG_TCP_CONG_ILLINOIS (Davide Caratti) [RHEL-5736] - KVM: selftests: Fix a semaphore imbalance in the dirty ring logging test (Eric Auger) [RHEL-16671 RHEL-24620] - KVM: arm64: Add missing memory barriers when switching to pKVM's hyp pgd (Eric Auger) [RHEL-24620] - KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache (Eric Auger) [RHEL-24620] - KVM: arm64: vgic-v3: Reinterpret user ISPENDR writes as I{C,S}PENDR (Eric Auger) [RHEL-24620] - KVM: arm64: vgic: Use common accessor for writes to ICPENDR (Eric Auger) [RHEL-24620] - KVM: arm64: vgic: Use common accessor for writes to ISPENDR (Eric Auger) [RHEL-24620] - KVM: arm64: vgic-v4: Restore pending state on host userspace write (Eric Auger) [RHEL-24620] - KVM: arm64: Update and fix FGT register masks (Eric Auger) [RHEL-24620] - IB: Use capital 'OR' for multiple licenses in SPDX (Izabela Bakollari) [RHEL-10363] - RDMA/rdmavt: Delete unnecessary NULL check (Izabela Bakollari) [RHEL-10363] - IB/rdmavt: Fix target union member for rvt_post_one_wr() (Izabela Bakollari) [RHEL-10363] - ice: add CGU info to devlink info callback (Petr Oros) [RHEL-22620] - nvme: start keep-alive after admin queue setup (Maurizio Lombardi) [RHEL-25203] - perf list: Fix JSON segfault by setting the used skip_duplicate_pmus callback (Michael Petlan) [RHEL-17626] - libbpf: Use OPTS_SET() macro in bpf_xdp_query() (Viktor Malik) [RHEL-24445] - ovl: remove privs in ovl_fallocate() (Miklos Szeredi) [RHEL-17368] - ovl: remove privs in ovl_copyfile() (Miklos Szeredi) [RHEL-17368] - nvme-host: fix the updating of the firmware version (Maurizio Lombardi) [RHEL-25086] - devlink: Expose port function commands to control IPsec packet offloads (Petr Oros) [RHEL-24425] - devlink: Expose port function commands to control IPsec crypto offloads (Petr Oros) [RHEL-24425] [5.14.0-423] - Bluetooth: Add support for Gale Peak (8087:0036) (Jose Ignacio Tornos Martinez) [RHEL-24999] - Bluetooth: btintel: Add support for Gale Peak (Jose Ignacio Tornos Martinez) [RHEL-24999] - mlxbf-bootctl: correctly identify secure boot with development keys (Luiz Capitulino) [RHEL-21120] - platform/mellanox: mlxbf-bootctl: Convert to platform remove callback returning void (Luiz Capitulino) [RHEL-21120] - mlxbf-bootctl: Support sysfs entries for MFG fields (Luiz Capitulino) [RHEL-21120] - mlxbf-bootctl: Support setting the ARM boot state to 'OS up' (Luiz Capitulino) [RHEL-21120] - mlxbf-bootctl: Support the large icmc write/read (Luiz Capitulino) [RHEL-21120] - mlxbf-bootctl: Add sysfs file for BlueField boot log (Luiz Capitulino) [RHEL-21120] - mlxbf-bootctl: Add sysfs file for BlueField boot fifo (Luiz Capitulino) [RHEL-21120] - platform/mellanox: add firmware reset support (Luiz Capitulino) [RHEL-21120] - tpm: Enable hwrng only for Pluton on AMD CPUs (Stepan Horacek) [RHEL-18985] - redhat: hsr: Mark as tech preview (Felix Maurer) [RHEL-24972] - Bluetooth: Add more enc key size check (Bastien Nocera) [RHEL-19668 RHEL-19669] {CVE-2023-24023} - netfilter: xt_recent: fix (increase) ipv6 literal buffer length (Florian Westphal) [RHEL-21163] - netfilter: xt_owner: Fix for unsafe access of sk->sk_socket (Florian Westphal) [RHEL-21163] - netfilter: xt_u32: validate user space input (Florian Westphal) [RHEL-21163] - keys, dns: Fix size check of V1 server-list header (Davide Caratti) [RHEL-21582] - keys, dns: Fix missing size check of V1 server-list header (Davide Caratti) [RHEL-21582] - keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry (Davide Caratti) [RHEL-21582] - net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev() (Davide Caratti) [RHEL-21582] - psample: Require 'CAP_NET_ADMIN' when joining 'packets' group (Davide Caratti) [RHEL-21582] - llc: verify mac len before reading mac header (Davide Caratti) [RHEL-21582] - ceph: add ceph_cap_unlink_work to fire check_caps() immediately (Ilya Dryomov) [RHEL-22252] - ceph: always queue a writeback when revoking the Fb caps (Ilya Dryomov) [RHEL-22252] - ceph: always check dir caps asynchronously (Ilya Dryomov) [RHEL-22252] - ice: Add check for lport extraction to LAG init (Petr Oros) [RHEL-21561] - ice: stop trashing VF VSI aggregator node ID information (Petr Oros) [RHEL-21561] - pmdomain: xilinx: Move Kconfig option to the pmdomain subsystem (Radu Rendec) [RHEL-25420] - pmdomain: ti: Move and add Kconfig options to the pmdomain subsystem (Radu Rendec) [RHEL-25420] - pmdomain: tegra: Move Kconfig option to the pmdomain subsystem (Radu Rendec) [RHEL-25420] - pmdomain: st: Add a Kconfig option for the ux500 power domain (Radu Rendec) [RHEL-25420] - pmdomain: samsung: Move Kconfig option to the pmdomain subsystem (Radu Rendec) [RHEL-25420] - pmdomain: rockchip: Move Kconfig option to the pmdomain subsystem (Radu Rendec) [RHEL-25420] - pmdomain: renesas: Move Kconfig options to the pmdomain subsystem (Radu Rendec) [RHEL-25420] - pmdomain: qcom: Move Kconfig options to the pmdomain subsystem (Radu Rendec) [RHEL-25420] - pmdomain: mediatek: Move Kconfig options to the pmdomain subsystem (Radu Rendec) [RHEL-25420] - pmdomain: imx: Move Kconfig options to the pmdomain subsystem (Radu Rendec) [RHEL-25420] - pmdomain: bcm: Move Kconfig options to the pmdomain subsystem (Radu Rendec) [RHEL-25420] - pmdomain: amlogic: Move Kconfig options to the pmdomain subsystem (Radu Rendec) [RHEL-25420] - pmdomain: actions: Move Kconfig file to the pmdomain subsystem (Radu Rendec) [RHEL-25420] - pmdomain: Prepare to move Kconfig files into the pmdomain subsystem (Radu Rendec) [RHEL-25420] - pmdomain: Rename the genpd subsystem to pmdomain (Radu Rendec) [RHEL-25420] - genpd: imx: relocate scu-pd under genpd (Radu Rendec) [RHEL-25420] - genpd: move owl-sps-helper.c from drivers/soc (Radu Rendec) [RHEL-25420] - genpd: Makefile: build imx (Radu Rendec) [RHEL-25420] - ARM: ux500: Move power-domain driver to the genpd dir (Radu Rendec) [RHEL-25420] - ARM: ux500: Convert power-domain code into a regular platform driver (Radu Rendec) [RHEL-25420] - soc: xilinx: Move power-domain driver to the genpd dir (Radu Rendec) [RHEL-25420] - soc: ti: Mover power-domain drivers to the genpd dir (Radu Rendec) [RHEL-25420] - soc: tegra: Move powergate-bpmp driver to the genpd dir (Radu Rendec) [RHEL-25420] - soc: samsung: Move power-domain driver to the genpd dir (Radu Rendec) [RHEL-25420] - soc: rockchip: Mover power-domain driver to the genpd dir (Radu Rendec) [RHEL-25420] - soc: renesas: Move power-domain drivers to the genpd dir (Radu Rendec) [RHEL-25420] - soc: qcom: Move power-domain drivers to the genpd dir (Radu Rendec) [RHEL-25420] - soc: mediatek: Move power-domain drivers to the genpd dir (Radu Rendec) [RHEL-25420] - soc: imx: Move power-domain drivers to the genpd dir (Radu Rendec) [RHEL-25420] - soc: bcm: Move power-domain drivers to the genpd dir (Radu Rendec) [RHEL-25420] - soc: amlogic: Move power-domain drivers to the genpd dir (Radu Rendec) [RHEL-25420] - soc: actions: Move power-domain driver to the genpd dir (Radu Rendec) [RHEL-25420] - genpd: Create a new subsystem directory to host genpd providers (Radu Rendec) [RHEL-25420] - soc: mediatek: Let PMIC Wrapper and SCPSYS depend on OF (Radu Rendec) [RHEL-25420] - ARM: ux500: Drop unused register file (Radu Rendec) [RHEL-25420] - redhat/confgs: enable sdhci-of-dwcmshc (Luiz Capitulino) [RHEL-21121] - mmc: sdhci-of-dwcmshc: Add runtime PM operations (Luiz Capitulino) [RHEL-21121] - mmc: sdhci-of-dwcmshc: Add error handling in dwcmshc_resume (Luiz Capitulino) [RHEL-21121] - mmc: sdhci-of-dwcmshc: Convert to platform remove callback returning void (Luiz Capitulino) [RHEL-21121] - mmc: sdhci-of-dwcmshc: Explicitly include correct DT includes (Luiz Capitulino) [RHEL-21121] - mmc: sdhci-of-dwcmshc: properly determine max clock on Rockchip (Luiz Capitulino) [RHEL-21121] - mmc: sdhci-of-dwcmshc: add the missing device table IDs for acpi (Luiz Capitulino) [RHEL-21121] - mmc: sdhci-of-dwcmshc: Update DLL and pre-change delay for rockchip platform (Luiz Capitulino) [RHEL-21121] - mmc: sdhci-of-dwcmshc: enable host V4 support for BlueField-3 SoC (Luiz Capitulino) [RHEL-21121] - mmc: sdhci-of-dwcmshc: Re-enable support for the BlueField-3 SoC (Luiz Capitulino) [RHEL-21121] - mmc: sdhci-of-dwcmshc: add support for rk3588 (Luiz Capitulino) [RHEL-21121] - mmc: sdhci-of-dwcmshc: rename rk3568 to rk35xx (Luiz Capitulino) [RHEL-21121] - mmc: sdhci-of-dwcmshc: add reset call back for rockchip Socs (Luiz Capitulino) [RHEL-21121] - netfilter: nft_set_pipapo: prefer gfp_kernel allocation (Florian Westphal) [RHEL-21443] - netfilter: nf_tables: mark newset as dead on transaction abort (Florian Westphal) [RHEL-21443] - netfilter: nft_immediate: drop chain reference counter on error (Florian Westphal) [RHEL-21443] - netfilter: nf_tables: skip set commit for deleted/destroyed sets (Florian Westphal) [RHEL-21443] - netfilter: nf_tables: set transport offset from mac header for netdev/egress (Florian Westphal) [RHEL-21443] - netfilter: nf_tables: validate family when identifying table via handle (Florian Westphal) [RHEL-21443] - netfilter: nf_tables: fix 'exist' matching on bigendian arches (Florian Westphal) [RHEL-21443] - netfilter: nf_tables: bogus ENOENT when destroying element which does not exist (Florian Westphal) [RHEL-21443] - netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() (Florian Westphal) [RHEL-21443] - netfilter: nft_set_rbtree: .deactivate fails if element has expired (Florian Westphal) [RHEL-21443] - netfilter: nft_payload: fix wrong mac header matching (Florian Westphal) [RHEL-21443] - netfilter: nf_tables: do not refresh timeout when resetting element (Florian Westphal) [RHEL-21443] - netfilter: nf_tables: uapi: Describe NFTA_RULE_CHAIN_ID (Florian Westphal) [RHEL-21443] - netfilter: nftables: exthdr: fix 4-byte stack OOB write (Florian Westphal) [RHEL-21443] - netfilter: nft_exthdr: Fix non-linear header modification (Florian Westphal) [RHEL-21443] - redhat: add nvidia oot signing key (David Airlie) [RHEL-18051] - RDMA/efa: Fix wrong resources deallocation order (Izabela Bakollari) [RHEL-17697] - RDMA/efa: Add RDMA write HW statistics counters (Izabela Bakollari) [RHEL-17697] - RDMA/efa: Fix unsupported page sizes in device (Izabela Bakollari) [RHEL-17697] - RDMA/efa: Add rdma write capability to device caps (Izabela Bakollari) [RHEL-17697] - RDMA/efa: Add data polling capability feature bit (Izabela Bakollari) [RHEL-17697] - md: partially revert 'md/raid6: use valid sector values to determine if an I/O should wait on the reshape' (Benjamin Marzinski) [RHEL-24489] - ipvs: fix racy memcpy in proc_do_sync_threshold (Florian Westphal) [RHEL-21166] - ipvs: align inner_mac_header for encapsulation (Florian Westphal) [RHEL-21166] - x86/mce: Prevent duplicate error records (Aristeu Rozanski) [RHEL-24447] [5.14.0-422] - sfc: Check firmware supports Ethernet PTP filter (Izabela Bakollari) [RHEL-11017] - sfc: allocate a big enough SKB for loopback selftest packet (Izabela Bakollari) [RHEL-11017] - sfc: fix field-spanning memcpy in selftest (Izabela Bakollari) [RHEL-11017] - sfc: Remove vfdi.h (Izabela Bakollari) [RHEL-11017] - sfc: Cleanups in io.h (Izabela Bakollari) [RHEL-11017] - sfc: Miscellaneous comment removals (Izabela Bakollari) [RHEL-11017] - sfc: Remove struct efx_special_buffer (Izabela Bakollari) [RHEL-11017] - sfc: Filter cleanups for Falcon and Siena (Izabela Bakollari) [RHEL-11017] - sfc: Remove some NIC type indirections that are no longer needed (Izabela Bakollari) [RHEL-11017] - sfc: Remove PTP code for Siena (Izabela Bakollari) [RHEL-11017] - sfc: Remove EFX_REV_SIENA_A0 (Izabela Bakollari) [RHEL-11017] - sfc: Remove support for siena high priority queue (Izabela Bakollari) [RHEL-11017] - sfc: Remove siena_nic_data and stats (Izabela Bakollari) [RHEL-11017] - sfc: Remove falcon references (Izabela Bakollari) [RHEL-11017] - sfc: support for devlink port requires MAE access (Izabela Bakollari) [RHEL-11017] - sfc: falcon: use padding to fix alignment in loopback test (Izabela Bakollari) [RHEL-11017] - sfc: siena: use padding to fix alignment in loopback test (Izabela Bakollari) [RHEL-11017] - sfc: use padding to fix alignment in loopback test (Izabela Bakollari) [RHEL-11017] - sfc: fix crash when reading stats while NIC is resetting (Izabela Bakollari) [RHEL-11017] - sfc: keep alive neighbour entries while a TC encap action is using them (Izabela Bakollari) [RHEL-11017] - sfc: fix uninitialized variable use (Izabela Bakollari) [RHEL-11017] - sfc: add CONFIG_INET dependency for TC offload (Izabela Bakollari) [RHEL-11017] - sfc: do not try to call tc functions when CONFIG_SFC_SRIOV=n (Izabela Bakollari) [RHEL-11017] - sfc: Add devlink dev info support for EF10 (Izabela Bakollari) [RHEL-11017] - sfc: generate encap headers for TC offload (Izabela Bakollari) [RHEL-11017] - sfc: neighbour lookup for TC encap action offload (Izabela Bakollari) [RHEL-11017] - sfc: MAE functions to create/update/delete encap headers (Izabela Bakollari) [RHEL-11017] - sfc: add function to atomically update a rule in the MAE (Izabela Bakollari) [RHEL-11017] - sfc: some plumbing towards TC encap action offload (Izabela Bakollari) [RHEL-11017] - sfc: add fallback action-set-lists for TC offload (Izabela Bakollari) [RHEL-11017] - sfc: fix error unwinds in TC offload (Izabela Bakollari) [RHEL-11017] - sfc: handle VI shortage on ef100 by readjusting the channels (Izabela Bakollari) [RHEL-11017] - sfc: fix devlink info error handling (Izabela Bakollari) [RHEL-11017] - sfc: populate enc_ip_tos matches in MAE outer rules (Izabela Bakollari) [RHEL-11017] - sfc: release encap match in efx_tc_flow_free() (Izabela Bakollari) [RHEL-11017] - sfc: disable RXFCS and RXALL features by default (Izabela Bakollari) [RHEL-11017] - sfc: add offloading of 'foreign' TC (decap) rules (Izabela Bakollari) [RHEL-11017] - sfc: add code to register and unregister encap matches (Izabela Bakollari) [RHEL-11017] - sfc: add functions to insert encap matches into the MAE (Izabela Bakollari) [RHEL-11017] - sfc: handle enc keys in efx_tc_flower_parse_match() (Izabela Bakollari) [RHEL-11017] - sfc: add notion of match on enc keys to MAE machinery (Izabela Bakollari) [RHEL-11017] - sfc: document TC-to-EF100-MAE action translation concepts (Izabela Bakollari) [RHEL-11017] - sfc: support offloading TC VLAN push/pop actions to the MAE (Izabela Bakollari) [RHEL-11017] - sfc: move xdp_features configuration in efx_pci_probe_post_io() (Izabela Bakollari) [RHEL-11017] - redhat: configs: ccimx93-dvk: enable eth network (Eric Chanudet) [RHEL-20495] - redhat: configs: ccimx93-dvk enablement (Eric Chanudet) [RHEL-20495] - net/mlx5: Consider VLAN interface in MACsec TX steering rules (Amir Tzin) [RHEL-20930] - net/mlx5: Support MACsec over VLAN (Amir Tzin) [RHEL-20930] - net/mlx5: Enable MACsec offload feature for VLAN interface (Amir Tzin) [RHEL-20930] - firmware: arm_scmi: Specify the performance level when adding an OPP (Steve Dunnagan) [RHEL-9668] - OPP: Extend dev_pm_opp_data with a level (Steve Dunnagan) [RHEL-9668] - OPP: Add dev_pm_opp_add_dynamic() to allow more flexibility (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Fix frequency truncation by promoting multiplier type (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Fix possible frequency truncation when using level indexing mode (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Drop redundant ->device_domain_id() from perf ops (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Align perf ops to use domain-id as in-parameter (Steve Dunnagan) [RHEL-9668] - cpufreq: scmi: Prepare to move OF parsing of domain-id to cpufreq (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Extend perf protocol ops to get information of a domain (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Extend perf protocol ops to get number of domains (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add SCMI v3.1 System Power extensions (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add qcom smc/hvc transport support (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Convert u32 to unsigned long to align with arm_smccc_1_1_invoke() (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add support for clock parents (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Simplify error path in scmi_dvfs_device_opps_add() (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Rename scmi_{msg_,}clock_config_{get,set}_{2,21} (Steve Dunnagan) [RHEL-9668] - redhat/configs: add ARM SCMI configs (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add clock OEM config clock operations (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add clock .state_get support to pre-v3.2 (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add v3.2 clock CONFIG_GET support (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add clock v3.2 CONFIG_SET support (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Simplify enable/disable clock operations (Steve Dunnagan) [RHEL-9668] - clk: scmi: Support atomic clock enable/disable API (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Fixup perf power-cost/microwatt support (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add v3.2 perf level indexing mode support (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Harden perf domain info access (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Fix chan_free cleanup on SMC (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Drop OF node reference in the transport channel setup (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Fix signed error return values handling (Steve Dunnagan) [RHEL-9668] - firmware: smccc: Fix use of uninitialised results structure (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Augment SMC/HVC to allow optional parameters (Steve Dunnagan) [RHEL-9668] - arm64: cpuidle: fix #ifdef for acpi functions (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Fix incorrect alloc_workqueue() invocation (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add support for unidirectional mailbox channels (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Fix xfers allocation on Rx channel (Steve Dunnagan) [RHEL-9668] - firmware: Use of_property_present() for testing DT property presence (Steve Dunnagan) [RHEL-9668] - firmware/psci: demote suspend-mode warning to info level (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Use the bitmap API to allocate bitmaps (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Fix device node validation for mailbox transport (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Fix raw coexistence mode behaviour on failure path (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Remove duplicate include header inclusion (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Return a literal instead of a variable (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Clean up a return statement in scmi_probe (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add per-channel raw injection support (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add the raw mode co-existence support (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Call raw mode hooks from the core stack (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Reject SCMI drivers when configured in raw mode (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add core raw transmission support (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Populate a common SCMI debugfs root (Steve Dunnagan) [RHEL-9668] - include: trace: Add platform and channel instance references (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add internal platform/channel identifiers (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Move errors defs and code to common.h (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add xfer helpers to provide raw access (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add flags field to xfer (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Refactor scmi_wait_for_message_response (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Refactor polling helpers (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Refactor xfer in-flight registration routines (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Split bus and driver into distinct modules (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Introduce a new lifecycle for protocol devices (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Refactor device create/destroy helpers (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Move handle get/set helpers (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Refactor protocol device creation (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add common notifier helpers (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Move protocol registration helpers (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Use dedicated devices to initialize channels (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Simplify chan_available transport operation (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Set fwnode for the scmi_device (Steve Dunnagan) [RHEL-9668] - cpuidle: drivers: firmware: psci: Dont instrument suspend code (Steve Dunnagan) [RHEL-9668] - firmware/psci: Don't register with debugfs if PSCI isn't available (Steve Dunnagan) [RHEL-9668] - firmware/psci: Fix MEM_PROTECT_RANGE function numbers (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Make Rx chan_setup fail on memory errors (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Make tx_prepare time out eventually (Steve Dunnagan) [RHEL-9668] - firmware/psci: Add debugfs support to ease debugging (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Harmonize SCMI tracing message format (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Support only one single system power device (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Use new SCMI full message tracing (Steve Dunnagan) [RHEL-9668] - include: trace: Add SCMI full message tracing (Steve Dunnagan) [RHEL-9668] - arm64: cpuidle: remove generic cpuidle support (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Remove usage of the deprecated ida_simple_xxx API (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Fix response size warning for OPTEE transport (Steve Dunnagan) [RHEL-9668] - cpufreq: scmi: Support the power scale in micro-Watts in SCMI v3.1 (Steve Dunnagan) [RHEL-9668] - cpufreq: scmi: Use .register_em() to register with energy model (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Do not use !! on boolean when setting msg->flags (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add Powercap protocol enable support (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Refactor the internal powercap get/set helpers (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add debugfs ABI documentation for raw mode (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Fix virtio channels cleanup on shutdown (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Harden shared memory access in fetch_response (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Harden shared memory access in fetch_notification (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Clear stale xfer->hdr.status (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Fix deferred_tx_wq release on error paths (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Fix devres allocation device in virtio transport (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Suppress the driver's bind attributes (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Cleanup the core driver removal callback (Steve Dunnagan) [RHEL-9668] - psci: Fix the function type for psci_initcall_t (Steve Dunnagan) [RHEL-9668] - Revert 'firmware: arm_scmi: Add clock management to the SCMI power domain' (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Fix the asynchronous reset requests (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add SCMI PM driver remove routine (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Harden accesses to the reset domains (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Harden accesses to the sensor domains (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Improve checks in the info_get operations (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Fix missing kernel-doc in optee (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Get detailed power scale from perf (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Use fast channel tracing (Steve Dunnagan) [RHEL-9668] - include: trace: Add SCMI fast channel tracing (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add devm_protocol_acquire helper (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add SCMI v3.1 powercap fast channels support (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add SCMI v3.1 powercap protocol basic support (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Generalize the fast channel support (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add SCMI System Power Control driver (Steve Dunnagan) [RHEL-9668] - net: wwan: move wwan_hwsim to internals rpm (Jose Ignacio Tornos Martinez) [RHEL-24618] - Enable Intel MEI engine proxy for i915 (Mika Penttila) [RHEL-1351] - mei: gsc_proxy: add gsc proxy driver (Mika Penttila) [RHEL-1351] - mei: me: add meteor lake point M DID (Mika Penttila) [RHEL-1351] - mei: bus: fix unlink on bus in error path (Mika Penttila) [RHEL-1351] - misc/mei/hdcp: Use correct macros to initialize uuid_le (Mika Penttila) [RHEL-1351] - mei: pxp: Use correct macros to initialize uuid_le (Mika Penttila) [RHEL-1351] - mei: bus-fixup:upon error print return values of send and receive (Mika Penttila) [RHEL-1351] - mei: bus-fixup: change pxp mode only if message was sent (Mika Penttila) [RHEL-1351] - mei: add timeout to send (Mika Penttila) [RHEL-1351] - drm: bridge: samsung-dsim: Don't use FORCE_STOP_STATE (Mika Penttila) [RHEL-1351] - drm/bridge: anx7625: Ensure bridge is suspended in disable() (Mika Penttila) [RHEL-1351] - drm/bridge: parade-ps8640: Make sure we drop the AUX mutex in the error case (Mika Penttila) [RHEL-1351] - drm/bridge: parade-ps8640: Ensure bridge is suspended in .post_disable() (Mika Penttila) [RHEL-1351] - drm/bridge: sii902x: Fix audio codec unregistration (Mika Penttila) [RHEL-1351] - drm/bridge: sii902x: Fix probing race issue (Mika Penttila) [RHEL-1351] - drm/panel: samsung-s6d7aa0: drop DRM_BUS_FLAG_DE_HIGH for lsl080al02 (Mika Penttila) [RHEL-1351] - drm: panel-simple: add missing bus flags for Tianma tm070jvhg[30/33] (Mika Penttila) [RHEL-1351] - drm/bridge: parade-ps8640: Wait for HPD when doing an AUX transfer (Mika Penttila) [RHEL-1351] - drm/amdgpu/gfx11: set UNORD_DISPATCH in compute MQDs (Mika Penttila) [RHEL-1351] - drm/amdgpu/gfx10: set UNORD_DISPATCH in compute MQDs (Mika Penttila) [RHEL-1351] - drm/panel-edp: drm/panel-edp: Fix AUO B116XTN02 name (Mika Penttila) [RHEL-1351] - drm/panel-edp: drm/panel-edp: Fix AUO B116XAK01 name and timing (Mika Penttila) [RHEL-1351] - drm/panel-edp: Add AUO B116XTN02, BOE NT116WHM-N21,836X2, NV116WHM-N49 V8.0 (Mika Penttila) [RHEL-1351] - drm/i915/psr: Only allow PSR in LPSP mode on HSW non-ULT (Mika Penttila) [RHEL-1351] - drm/i915/lnl: Remove watchdog timers for PSR (Mika Penttila) [RHEL-1351] - drm/amd/display: Fix uninitialized variable usage in core_link_ 'read_dpcd() & write_dpcd()' functions (Mika Penttila) [RHEL-1351] - drm/amdgpu/pm: Fix the power source flag error (Mika Penttila) [RHEL-1351] - drm/amd/display: Fix late derefrence 'dsc' check in 'link_set_dsc_pps_packet()' (Mika Penttila) [RHEL-1351] - drm/amd/display: Align the returned error code with legacy DP (Mika Penttila) [RHEL-1351] - drm/amd/display: Port DENTIST hang and TDR fixes to OTG disable W/A (Mika Penttila) [RHEL-1351] - drm/amd/display: Fix variable deferencing before NULL check in edp_setup_replay() (Mika Penttila) [RHEL-1351] - drm/amdgpu: correct the cu count for gfx v11 (Mika Penttila) [RHEL-1351] - drm/bridge: nxp-ptn3460: simplify some error checking (Mika Penttila) [RHEL-1351] - Revert 'drm/amd/display: fix bandwidth validation failure on DCN 2.1' (Mika Penttila) [RHEL-1351] - drm/amd/display: Disable PSR-SU on Parade 0803 TCON again (Mika Penttila) [RHEL-1351] - drm/amd/display: fix bandwidth validation failure on DCN 2.1 (Mika Penttila) [RHEL-1351] - drm: Allow drivers to indicate the damage helpers to ignore damage clips (Mika Penttila) [RHEL-1351] - drm/virtio: Disable damage clipping if FB changed since last page-flip (Mika Penttila) [RHEL-1351] - drm: Disable the cursor plane on atomic contexts with virtualized drivers (Mika Penttila) [RHEL-1351] - drm/tidss: Fix atomic_flush check (Mika Penttila) [RHEL-1351] - drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking (Mika Penttila) [RHEL-1351] - drm: Don't unref the same fb many times by mistake due to deadlock handling (Mika Penttila) [RHEL-1351] - Revert 'drm/i915/dsi: Do display on sequence later on icl+' (Mika Penttila) [RHEL-1351] - drm/amdgpu: Fix the null pointer when load rlc firmware (Mika Penttila) [RHEL-1351] - Revert 'drm/amd: Enable PCIe PME from D3' (Mika Penttila) [RHEL-1351] - nouveau/vmm: don't set addr on the fail path to avoid warning (Mika Penttila) [RHEL-1351] - drm/amdgpu: fall back to INPUT power for AVG power via INFO IOCTL (Mika Penttila) [RHEL-1351] - drm/amdkfd: fixes for HMM mem allocation (Mika Penttila) [RHEL-1351] - drm/amd: Enable PCIe PME from D3 (Mika Penttila) [RHEL-1351] - Revert 'drm/amdkfd: Relocate TBA/TMA to opposite side of VM hole' (Mika Penttila) [RHEL-1351] - drm/amd/display: avoid stringop-overflow warnings for dp_decide_lane_settings() (Mika Penttila) [RHEL-1351] - drm/amd/pm/smu7: fix a memleak in smu7_hwmgr_backend_init (Mika Penttila) [RHEL-1351] - drm/amdkfd: Confirm list is non-empty before utilizing list_first_entry in kfd_topology.c (Mika Penttila) [RHEL-1351] - drm/amdkfd: Fix type of 'dbg_flags' in 'struct kfd_process' (Mika Penttila) [RHEL-1351] - drm/amd/pm: fix a double-free in amdgpu_parse_extended_power_table (Mika Penttila) [RHEL-1351] - gpu/drm/radeon: fix two memleaks in radeon_vm_init (Mika Penttila) [RHEL-1351] - drivers/amd/pm: fix a use-after-free in kv_parse_power_table (Mika Penttila) [RHEL-1351] - drm/amd/pm: fix a double-free in si_dpm_init (Mika Penttila) [RHEL-1351] - drm/amdgpu/debugfs: fix error code when smc register accessors are NULL (Mika Penttila) [RHEL-1351] - drm/panel: st7701: Fix AVCL calculation (Mika Penttila) [RHEL-1351] - drm/bridge: tc358767: Fix return value on error case (Mika Penttila) [RHEL-1351] - drm/bridge: cdns-mhdp8546: Fix use of uninitialized variable (Mika Penttila) [RHEL-1351] - drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table (Mika Penttila) [RHEL-1351] - drm/radeon/dpm: fix a memleak in sumo_parse_power_table (Mika Penttila) [RHEL-1351] - drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() (Mika Penttila) [RHEL-1351] - drm/drv: propagate errors from drm_modeset_register_all() (Mika Penttila) [RHEL-1351] - drm/radeon: check return value of radeon_ring_lock() (Mika Penttila) [RHEL-1351] - drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check() (Mika Penttila) [RHEL-1351] - drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg() (Mika Penttila) [RHEL-1351] - drm/bridge: Fix typo in post_disable() description (Mika Penttila) [RHEL-1351] - drm/bridge: tpd12s015: Drop buggy __exit annotation for remove function (Mika Penttila) [RHEL-1351] - drm/nouveau/fence:: fix warning directly dereferencing a rcu pointer (Mika Penttila) [RHEL-1351] - drm/panel-elida-kd35t133: hold panel in reset for unprepare (Mika Penttila) [RHEL-1351] - drm/panel: nv3051d: Hold panel in reset for unprepare (Mika Penttila) [RHEL-1351] - drm/dp_mst: Fix fractional DSC bpp handling (Mika Penttila) [RHEL-1351] - drm/amd/display: Pass pwrseq inst for backlight and ABM (Mika Penttila) [RHEL-1351] - drm/crtc: fix uninitialized variable use (Mika Penttila) [RHEL-1351] - drm/amd/display: get dprefclk ss info from integration info table (Mika Penttila) [RHEL-1351] - drm/amd/display: Add case for dcn35 to support usb4 dmub hpd event (Mika Penttila) [RHEL-1351] - drm/amdkfd: svm range always mapped flag not working on APU (Mika Penttila) [RHEL-1351] - drm/crtc: Fix uninit-value bug in drm_mode_setcrtc (Mika Penttila) [RHEL-1351] - drm/amdgpu: Add NULL checks for function pointers (Mika Penttila) [RHEL-1351] - drm/amd/display: Add monitor patch for specific eDP (Mika Penttila) [RHEL-1351] - nouveau/tu102: flush all pdbs on vmm flush (Mika Penttila) [RHEL-1351] - Revert 'drm/prime: Unexport helpers for fd/handle conversion' (Mika Penttila) [RHEL-1351] - drm/amdgpu: Use another offset for GC 9.4.3 remap (Mika Penttila) [RHEL-1351] - drm/amdkfd: Free gang_ctx_bo and wptr_bo in pqm_uninit (Mika Penttila) [RHEL-1351] - drm/amdgpu: Fix cat debugfs amdgpu_regs_didt causes kernel null pointer (Mika Penttila) [RHEL-1351] - drm/amd/display: update dcn315 lpddr pstate latency (Mika Penttila) [RHEL-1351] - drm/amdkfd: Use common function for IP version check (Mika Penttila) [RHEL-1351] - drm/amdgpu: Do not issue gpu reset from nbio v7_9 bif interrupt (Mika Penttila) [RHEL-1351] - drm/amd/display: Fix sending VSC (+ colorimetry) packets for DP/eDP displays without PSR (Mika Penttila) [RHEL-1351] - drm/amd/display: add nv12 bounding box (Mika Penttila) [RHEL-1351] - drm/amdgpu: skip gpu_info fw loading on navi12 (Mika Penttila) [RHEL-1351] - drm/amd/display: Increase frame warning limit with KASAN or KCSAN in dml (Mika Penttila) [RHEL-1351] - drm/amd/display: Increase num voltage states to 40 (Mika Penttila) [RHEL-1351] - drm/i915: Call intel_pre_plane_updates() also for pipes getting enabled (Mika Penttila) [RHEL-1351] - drm/i915/perf: Update handling of MMIO triggered reports (Mika Penttila) [RHEL-1351] - drm/i915/dp: Fix passing the correct DPCD_REV for drm_dp_set_phy_test_pattern (Mika Penttila) [RHEL-1351] - drm/bridge: ps8640: Fix size mismatch warning w/ len (Mika Penttila) [RHEL-1351] - drm/bridge: ti-sn65dsi86: Never store more than msg->size bytes in AUX xfer (Mika Penttila) [RHEL-1351] - drm/bridge: parade-ps8640: Never store more than msg->size bytes in AUX xfer (Mika Penttila) [RHEL-1351] - drm/mgag200: Fix gamma lut not initialized for G200ER, G200EV, G200SE (Mika Penttila) [RHEL-1351] - drm/amd/display: pbn_div need be updated for hotplug event (Mika Penttila) [RHEL-1351] - drm/i915/dmc: Don't enable any pipe DMC events (Mika Penttila) [RHEL-1351] - drm/i915: Reject async flips with bigjoiner (Mika Penttila) [RHEL-1351] - drm/amdgpu: re-create idle bo's PTE during VM state machine reset (Mika Penttila) [RHEL-1351] - drm/i915/mtl: Fix HDMI/DP PLL clock selection (Mika Penttila) [RHEL-1351] - drm/i915/hwmon: Fix static analysis tool reported issues (Mika Penttila) [RHEL-1351] - drm: Fix FD ownership check in drm_master_check_perm() (Mika Penttila) [RHEL-1351] - drm: Update file owner during use (Mika Penttila) [RHEL-1351] - drm/i915/edp: don't write to DP_LINK_BW_SET when using rate select (Mika Penttila) [RHEL-1351] - drm/i915: Introduce crtc_state->enhanced_framing (Mika Penttila) [RHEL-1351] - drm/i915: Fix FEC state dump (Mika Penttila) [RHEL-1351] - drm/amd/display: fix hw rotated modes when PSR-SU is enabled (Mika Penttila) [RHEL-1351] - drm/i915: Fix remapped stride with CCS on ADL+ (Mika Penttila) [RHEL-1351] - drm/i915: Fix intel_atomic_setup_scalers() plane_state handling (Mika Penttila) [RHEL-1351] - drm/i915: Fix ADL+ tiled plane stride when the POT stride is smaller than the original (Mika Penttila) [RHEL-1351] - drm/amd/display: Restore guard against default backlight value < 1 nit (Mika Penttila) [RHEL-1351] - drm/edid: also call add modes in EDID connector update fallback (Mika Penttila) [RHEL-1351] - drm/amdgpu: fix tear down order in amdgpu_vm_pt_free (Mika Penttila) [RHEL-1351] - drm/amdgpu/sdma5.2: add begin/end_use ring callbacks (Mika Penttila) [RHEL-1351] - drm/i915: Use internal class when counting engine resets (Mika Penttila) [RHEL-1351] - drm/i915/selftests: Fix engine reset count storage for multi-tile (Mika Penttila) [RHEL-1351] - drm/amdgpu: Restrict extended wait to PSP v13.0.6 (Mika Penttila) [RHEL-1351] - drm/amdgpu: update retry times for psp BL wait (Mika Penttila) [RHEL-1351] - drm/amdgpu: Fix refclk reporting for SMU v13.0.6 (Mika Penttila) [RHEL-1351] - drm/amdgpu: disable MCBP by default (Mika Penttila) [RHEL-1351] - drm/i915: Skip some timing checks on BXT/GLK DSI transcoders (Mika Penttila) [RHEL-1351] - drm/i915/mst: Reject modes that require the bigjoiner (Mika Penttila) [RHEL-1351] - drm/i915/mst: Fix .mode_valid_ctx() return values (Mika Penttila) [RHEL-1351] - drm/atomic-helpers: Invoke end_fb_access while owning plane state (Mika Penttila) [RHEL-1351] - drm/amdkfd: get doorbell's absolute offset based on the db_size (Mika Penttila) [RHEL-1351] - drm/amd/amdgpu/amdgpu_doorbell_mgr: Correct misdocumented param 'doorbell_index' (Mika Penttila) [RHEL-1351] - drm/amdgpu: correct chunk_ptr to a pointer to chunk. (Mika Penttila) [RHEL-1351] - drm/amdgpu: finalizing mem_partitions at the end of GMC v9 sw_fini (Mika Penttila) [RHEL-1351] - drm/amdgpu: Do not program VF copy regs in mmhub v1.8 under SRIOV (v2) (Mika Penttila) [RHEL-1351] - nouveau: use an rwlock for the event lock. (Mika Penttila) [RHEL-1351] - drm/amd/display: Fix MPCC 1DLUT programming (Mika Penttila) [RHEL-1351] - drm/amd/display: Simplify brightness initialization (Mika Penttila) [RHEL-1351] - drm/amd/display: Reduce default backlight min from 5 nits to 1 nits (Mika Penttila) [RHEL-1351] - drm/amd/display: refactor ILR to make it work (Mika Penttila) [RHEL-1351] - drm/amd/pm: fix a memleak in aldebaran_tables_init (Mika Penttila) [RHEL-1351] - drm/panel: nt36523: fix return value check in nt36523_probe() (Mika Penttila) [RHEL-1351] - drm/panel: starry-2081101qfh032011-53g: Fine tune the panel power sequence (Mika Penttila) [RHEL-1351] - drm/i915/gsc: Mark internal GSC engine with reserved uabi class (Mika Penttila) [RHEL-1351] - drm/amd/display: Remove power sequencing check (Mika Penttila) [RHEL-1351] - drm/amd/display: Refactor edp power control (Mika Penttila) [RHEL-1351] - dma-buf: fix check in dma_resv_add_fence (Mika Penttila) [RHEL-1351] - nouveau: find the smallest page allocation to cover a buffer alloc. (Mika Penttila) [RHEL-1351] - drm/amd/display: force toggle rate wa for first link training for a retimer (Mika Penttila) [RHEL-1351] - drm/amd/display: fix ABM disablement (Mika Penttila) [RHEL-1351] - drm/amd/display: Update min Z8 residency time to 2100 for DCN314 (Mika Penttila) [RHEL-1351] - drm/amd/display: Use DRAM speed from validation for dummy p-state (Mika Penttila) [RHEL-1351] - drm/amd/display: Remove min_dst_y_next_start check for Z8 (Mika Penttila) [RHEL-1351] - drm/amd/display: Include udelay when waiting for INBOX0 ACK (Mika Penttila) [RHEL-1351] - drm/amdgpu: Update EEPROM I2C address for smu v13_0_0 (Mika Penttila) [RHEL-1351] - drm/amdgpu: fix memory overflow in the IB test (Mika Penttila) [RHEL-1351] - drm/amdgpu: Force order between a read and write to the same address (Mika Penttila) [RHEL-1351] - drm/amdgpu: correct the amdgpu runtime dereference usage count (Mika Penttila) [RHEL-1351] - drm/amd: Enable PCIe PME from D3 (Mika Penttila) [RHEL-1351] - drm/i915: Also check for VGA converter in eDP probe (Mika Penttila) [RHEL-1351] - drm/ast: Disconnect BMC if physical connector is connected (Mika Penttila) [RHEL-1351] - drm/panel: boe-tv101wum-nl6: Fine tune Himax83102-j02 panel HFP and HBP (Mika Penttila) [RHEL-1351] - drm/i915: do not clean GT table on error path (Mika Penttila) [RHEL-1351] - drm/panel: simple: Fix Innolux G101ICE-L01 timings (Mika Penttila) [RHEL-1351] - drm/panel: simple: Fix Innolux G101ICE-L01 bus flags (Mika Penttila) [RHEL-1351] - drm/panel: auo,b101uan08.3: Fine tune the panel power sequence (Mika Penttila) [RHEL-1351] - drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox (Mika Penttila) [RHEL-1351] - drm/amd/display: Clear dpcd_sink_ext_caps if not set (Mika Penttila) [RHEL-1351] - drm/amd/display: Enable fast plane updates on DCN3.2 and above (Mika Penttila) [RHEL-1351] - drm/amd/display: fix a NULL pointer dereference in amdgpu_dm_i2c_xfer() (Mika Penttila) [RHEL-1351] - drm/amd/display: Fix DSC not Enabled on Direct MST Sink (Mika Penttila) [RHEL-1351] - drm/amd/display: Guard against invalid RPTR/WPTR being set (Mika Penttila) [RHEL-1351] - drm/amdgpu: Fix possible null pointer dereference (Mika Penttila) [RHEL-1351] - drm/amdgpu: lower CS errors to debug severity (Mika Penttila) [RHEL-1351] - drm/amdgpu: fix error handling in amdgpu_bo_list_get() (Mika Penttila) [RHEL-1351] - drm/amdgpu: fix error handling in amdgpu_vm_init (Mika Penttila) [RHEL-1351] - drm/amdgpu: don't use ATRM for external devices (Mika Penttila) [RHEL-1351] - drm/amdgpu: add a retry for IP discovery init (Mika Penttila) [RHEL-1351] - drm/amdgpu: fix GRBM read timeout when do mes_self_test (Mika Penttila) [RHEL-1351] - drm/amdgpu/smu13: drop compute workload workaround (Mika Penttila) [RHEL-1351] - drm/amd/pm: Fix error of MACO flag setting code (Mika Penttila) [RHEL-1351] - drm/i915: Flush WC GGTT only on required platforms (Mika Penttila) [RHEL-1351] - drm/i915: Fix potential spectre vulnerability (Mika Penttila) [RHEL-1351] - drm/i915: Bump GLK CDCLK frequency when driving multiple pipes (Mika Penttila) [RHEL-1351] - drm/amd/display: Add Null check for DPP resource (Mika Penttila) [RHEL-1351] - drm: bridge: it66121: ->get_edid callback must not return err pointers (Mika Penttila) [RHEL-1351] - drm/amd/pm: Handle non-terminated overdrive commands. (Mika Penttila) [RHEL-1351] - drm/amd/display: enable dsc_clk even if dsc_pg disabled (Mika Penttila) [RHEL-1351] - i915/perf: Fix NULL deref bugs with drm_dbg() calls (Mika Penttila) [RHEL-1351] - drm/i915/tc: Fix -Wformat-truncation in intel_tc_port_init (Mika Penttila) [RHEL-1351] - drm/amdgpu: fix software pci_unplug on some chips (Mika Penttila) [RHEL-1351] - drm/qxl: prevent memory leak (Mika Penttila) [RHEL-1351] - drm/amd/display: Avoid NULL dereference of timing generator (Mika Penttila) [RHEL-1351] - drm/amd: check num of link levels when update pcie param (Mika Penttila) [RHEL-1351] - drm/amd/display: fix num_ways overflow error (Mika Penttila) [RHEL-1351] - drm/amd: Disable PP_PCIE_DPM_MASK when dynamic speed switching not supported (Mika Penttila) [RHEL-1351] - drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL (Mika Penttila) [RHEL-1351] - drm/amdkfd: Fix shift out-of-bounds issue (Mika Penttila) [RHEL-1351] - drm/panel: st7703: Pick different reset sequence (Mika Penttila) [RHEL-1351] - drm/amdgpu/vkms: fix a possible null pointer dereference (Mika Penttila) [RHEL-1351] - drm/radeon: fix a possible null pointer dereference (Mika Penttila) [RHEL-1351] - drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (Mika Penttila) [RHEL-1351] - drm/panel: fix a possible null pointer dereference (Mika Penttila) [RHEL-1351] - drm/amdgpu: Fix potential null pointer derefernce (Mika Penttila) [RHEL-1351] - drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (Mika Penttila) [RHEL-1351] - drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (Mika Penttila) [RHEL-1351] - drm/amd/display: use full update for clip size increase of large plane source (Mika Penttila) [RHEL-1351] - drm/amd: Update update_pcie_parameters functions to use uint8_t arguments (Mika Penttila) [RHEL-1351] - drm/amdgpu: update retry times for psp vmbx wait (Mika Penttila) [RHEL-1351] - drm/amdkfd: Fix a race condition of vram buffer unref in svm code (Mika Penttila) [RHEL-1351] - drm/amdgpu: not to save bo in the case of RAS err_event_athub (Mika Penttila) [RHEL-1351] - drm/edid: Fixup h/vsync_end instead of h/vtotal (Mika Penttila) [RHEL-1351] - drm/amd/display: add seamless pipe topology transition check (Mika Penttila) [RHEL-1351] - drm/amd/display: Don't lock phantom pipe on disabling (Mika Penttila) [RHEL-1351] - drm/amd/display: Blank phantom OTG before enabling (Mika Penttila) [RHEL-1351] - drm/amdkfd: ratelimited SQ interrupt messages (Mika Penttila) [RHEL-1351] - drm/gma500: Fix call trace when psb_gem_mm_init() fails (Mika Penttila) [RHEL-1351] - drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE (Mika Penttila) [RHEL-1351] - drm/amdgpu: don't put MQDs in VRAM on ARM | ARM64 (Mika Penttila) [RHEL-1351] - drm/amdgpu/gfx10,11: use memcpy_to/fromio for MQDs (Mika Penttila) [RHEL-1351] - drm/amd/pm: Fix a memory leak on an error path (Mika Penttila) [RHEL-1351] - drm/bridge: lt9611uxc: fix the race in the error path (Mika Penttila) [RHEL-1351] - gpu: host1x: Correct allocated size for contexts (Mika Penttila) [RHEL-1351] - drm/amd/display: Bail from dm_check_crtc_cursor if no relevant change (Mika Penttila) [RHEL-1351] - drm/amd/display: Refactor dm_get_plane_scale helper (Mika Penttila) [RHEL-1351] - drm/amd/display: Check all enabled planes in dm_check_crtc_cursor (Mika Penttila) [RHEL-1351] - drm/amd/display: Fix null pointer dereference in error message (Mika Penttila) [RHEL-1351] - drm/amdkfd: Handle errors from svm validate and map (Mika Penttila) [RHEL-1351] - drm/amdkfd: Remove svm range validated_once flag (Mika Penttila) [RHEL-1351] - drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code (Mika Penttila) [RHEL-1351] - drm/amdgpu: Increase IH soft ring size for GFX v9.4.3 dGPU (Mika Penttila) [RHEL-1351] - drm/bridge: tc358768: Fix tc358768_ns_to_cnt() (Mika Penttila) [RHEL-1351] - drm/bridge: tc358768: Clean up clock period code (Mika Penttila) [RHEL-1351] - drm/bridge: tc358768: Rename dsibclk to hsbyteclk (Mika Penttila) [RHEL-1351] - drm/bridge: tc358768: Use dev for dbg prints, not priv->dev (Mika Penttila) [RHEL-1351] - drm/bridge: tc358768: Print logical values, not raw register values (Mika Penttila) [RHEL-1351] - drm/bridge: tc358768: Use struct videomode (Mika Penttila) [RHEL-1351] - drm/bridge: tc358768: Fix bit updates (Mika Penttila) [RHEL-1351] - drm/bridge: tc358768: Fix use of uninitialized variable (Mika Penttila) [RHEL-1351] - drm/bridge: lt8912b: Add missing drm_bridge_attach call (Mika Penttila) [RHEL-1351] - drm/bridge: lt8912b: Manually disable HPD only if it was enabled (Mika Penttila) [RHEL-1351] - drm/bridge: lt8912b: Fix crash on bridge detach (Mika Penttila) [RHEL-1351] - drm/bridge: lt8912b: Fix bridge_detach (Mika Penttila) [RHEL-1351] - drm: bridge: it66121: Fix invalid connector dereference (Mika Penttila) [RHEL-1351] - drm/radeon: Remove the references of radeon_gem_ pread & pwrite ioctls (Mika Penttila) [RHEL-1351] - drm/radeon: possible buffer overflow (Mika Penttila) [RHEL-1351] - drm: bridge: for GENERIC_PHY_MIPI_DPHY also select GENERIC_PHY (Mika Penttila) [RHEL-1351] - drm: bridge: samsung-dsim: Initialize ULPS EXIT for i.MX8M DSIM (Mika Penttila) [RHEL-1351] - drm/amd/display: Don't use fsleep for PSR exit waits (Mika Penttila) [RHEL-1351] [5.14.0-421] - ida: Fix crash in ida_free when the bitmap is empty (Wander Lairson Costa) [RHEL-19683 RHEL-19684] {CVE-2023-6915} - drm/virtio: Set segment size for virtio_gpu device (Sebastian Ott) [RHEL-22710] - arm64: module: Fix PLT counting when CONFIG_RANDOMIZE_BASE=n (Jennifer Berringer) [RHEL-1687] - arm64: module: rework module VA range selection (Jennifer Berringer) [RHEL-1687] - Documentation/arm64: update memory layout table. (Jennifer Berringer) [RHEL-1687] - arm64: module: mandate MODULE_PLTS (Jennifer Berringer) [RHEL-1687] - arm64: ftrace: fix module PLTs with mcount (Jennifer Berringer) [RHEL-1687] - arm64: ftrace: consistently handle PLTs. (Jennifer Berringer) [RHEL-1687] - arm64: ftrace: fix branch range checks (Jennifer Berringer) [RHEL-1687] - arm64: module: move module randomization to module.c (Jennifer Berringer) [RHEL-1687] - arm64: kaslr: split kaslr/module initialization (Jennifer Berringer) [RHEL-1687] - arm64: module: remove old !KASAN_VMALLOC logic (Jennifer Berringer) [RHEL-1687] - netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new (Xin Long) [RHEL-22341] - ALSA: hda: Fix possible null-ptr-deref when assigning a stream (Jaroslav Kysela) [RHEL-21053] - ALSA: hda: intel-nhlt: Ignore vbps when looking for DMIC 32 bps format (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: ipc4-loader: remove the CPC check warnings (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: topology: Use partial match for disconnecting DAI link and DAI widget (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: topology: Fix mem leak in sof_dai_load() (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: ipc4-topology: Add deep buffer size to debug prints (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: Intel: hda-codec: Delay the codec device registration (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: ipc4-topology: Correct data structures for the GAIN module (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: ipc4-topology: Correct data structures for the SRC module (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: sof-audio: Modify logic for enabling/disabling topology cores (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: ipc4-topology: Add core_mask in struct snd_sof_pipeline (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: Intel: hda-dsp: Make sure that no irq handler is pending before suspend (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: Intel: Move binding to display driver outside of deferred probe (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: Intel: Fix error handling in hda_init() (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: Intel: hda: start splitting the probe (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: core: Add probe_early and remove_late callbacks (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: IPC4: sort pipeline based on priority (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: IPC4: get pipeline priority from topology (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: sof-pci-dev: Update the ipc_type module parameter description (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: ipc4-control: Add support for ALSA enum control (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: ipc4-control: Add support for ALSA switch control (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: ipc4-topology: Add definition for generic switch/enum control (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: Intel: hda-loader: Add support for split library loading (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: ipc4: Add new message type: SOF_IPC4_GLB_LOAD_LIBRARY_PREPARE (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: Intel: hda: Add definition for SDxFIFOS.FIFOS mask (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: ipc4: Convert status code 2 and 15 to -EOPNOTSUPP (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: ipc4-pcm: fixup dailink based on copier format (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: ipc4-topology: export sof_ipc4_copier_is_single_format (Jaroslav Kysela) [RHEL-21053] - objtool: Add __kunit_abort() to noreturns (Nico Pache) [RHEL-19099] - config: wifi: enable new kunit configuration options (Jose Ignacio Tornos Martinez) [RHEL-19746] - config: wifi: disable new unsupported configuration options (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: fix a memory corruption (Jose Ignacio Tornos Martinez) [RHEL-10297 RHEL-19746] - wifi: iwlwifi: change link id in time event to s8 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: skip adding debugfs symlink for reconfig (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: use deflink and fix typo in link ID check (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: rely on mac80211 debugfs handling for vif (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: cfg80211: parse all ML elements in an ML probe response (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: cfg80211: correct comment about MLD ID (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: fix advertised TTLM scheduling (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: assign phy_ctxt before eSR activation (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: fix out of bound copy_from_user (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: Do not warn if valid link pair was not found (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: fix the error handler of rfkill config (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7921: fix wrong 6Ghz power type (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7921: fix CLC command timeout when suspend/resume (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7996: fix mt7996_mcu_all_sta_info_event struct packing (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7915: also MT7981 is 3T3R but nss2 on 5 GHz band (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7915: fix EEPROM offset of TSSI flag on MT7981 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7996: fix alignment of sta info event (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: fix typo in mt76_get_of_eeprom_from_nvmem function (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7996: fix uninitialized variable in parsing txfree (Jose Ignacio Tornos Martinez) [RHEL-19746] - net: qrtr: ns: Return 0 if server port is not present (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: add/remove driver debugfs entries as appropriate (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: do not re-add debugfs entries during resume (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: pcie: don't synchronize IRQs from IRQ (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: cfg80211: fix certs build to not depend on file order (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: fix crash with WED rx support enabled (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: pcie: avoid a NULL pointer dereference (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: mesh_plink: fix matches_local logic (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: mesh: check element parsing succeeded (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: check defragmentation succeeded (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: don't re-add debugfs during reconfig (Jose Ignacio Tornos Martinez) [RHEL-19746] - net: rfkill: gpio: set GPIO direction (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: check if the existing link config remains unchanged (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: cfg80211: Add my certificate (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: pcie: add another missing bh-disable for rxq->lock (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ieee80211: don't require protected vendor action frames (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: handle 320 MHz in ieee80211_ht_cap_ie_to_sta_ht_cap (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: avoid offset calculation on NULL pointer (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: cfg80211: hold wiphy mutex for send_interface (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: cfg80211: lock wiphy mutex for rfkill poll (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: cfg80211: fix CQM for non-range use (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: do not pass AP_VLAN vif pointer to drivers during flush (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: fix an error code in iwl_mvm_mld_add_sta() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7925: fix typo in mt7925_init_he_caps (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: fix system commands group ordering (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7921: fix 6GHz disabled by the missing default CLC config (Jose Ignacio Tornos Martinez) [RHEL-19746] - net: fill in MODULE_DESCRIPTION()s in kuba@'s modules (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ray_cs: Remove unnecessary (void*) conversions (Jose Ignacio Tornos Martinez) [RHEL-19746] - Revert 'wifi: ath11k: call ath11k_mac_fils_discovery() without condition' (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: Introduce and use ath12k_sta_to_arsta() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: fix htt mlo-offset event locking (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: fix dfs-radar and temperature event locking (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: fix gtk offload status event locking (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: fix htt pktlog locking (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: fix dfs radar event locking (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: fix temperature event locking (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: rename the sc naming convention to ab (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: rename the wmi_sc naming convention to wmi_ab (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: add firmware-2.bin support (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: qmi: refactor ath11k_qmi_m3_load() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: cleanup firmware elements parsing (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rt2x00: rework MT7620 PA/LNA RF calibration (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rt2x00: rework MT7620 channel config function (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rt2x00: improve MT7620 register initialization (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7921: fix kernel panic by accessing invalid 6GHz channel info (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rt2x00: fix rt2800 watchdog function (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath9k_htc: fix format-truncation warning (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: brcmfmac: fix format-truncation warnings (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: drop robust action frames before assoc (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: cfg80211: Allow AP/P2PGO to indicate port authorization to peer STA/P2PClient (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: bump FW API to 86 for AX/BZ/SC devices (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: read DSM func 2 for specific RF types (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: show dump even for pldr_sync (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: cycle FW link on chanctx removal (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: trace full frames with TX status request (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: empty overflow queue during flush (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: fw: Add support for UATS table in UHB (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: add a print when sending RLC command (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: debugfs for fw system stats (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: implement new firmware API for statistics (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: fix regdb initialization (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: update IGTK in mvmvif upon D3 resume (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: simplify the reorder buffer (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: disable multi rx queue for 9000 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: Return success if link could not be removed (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: fix size check for fw_link_id (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: pcie: synchronize IRQs before NAPI (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: add support for SNPS DPHYIP region type (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: fix netif csum flags (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: remove set_tim callback for MLD ops (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: api: fix center_freq label in PHY diagram (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: support link id in SESSION_PROTECTION_NOTIF (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: support link_id in SESSION_PROTECTION cmd (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: make time_events MLO aware (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: rename struct cfg80211_rx_assoc_resp to cfg80211_rx_assoc_resp_data (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: rename ieee80211_tx_status() to ieee80211_tx_status_skb() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: add support for activating UNII-1 in WW via BIOS (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: remove TDLS stations from FW (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: fix iwl_mvm_mac_flush_sta() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: change iwl_mvm_flush_sta() API (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: extend alive timeout to 2 seconds (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: fix the PHY context resolution for p2p device (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: fold the ref++ into iwl_mvm_phy_ctxt_add (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: don't add dummy phy context (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: cleanup MLO and non-MLO unification code (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: implement ROC version 3 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: send EDT table to FW (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: Fix key flags for IGTK on AP interface (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlmvm: fw: Add new OEM vendor to tas approved list (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: Fix unreachable code path (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: add new RF support for wifi7 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: fw: increase fw_version string size (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: fix change_address deadlock during unregister (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: Add __counted_by for struct ieee802_11_elems and use struct_size() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: check for kmemdup() return value in iwl_parse_tlv_firmware() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: remove unused argument of ieee80211_get_tdls_action() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: Correctly set link configuration (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: fix the rf step and flavor bits range (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: fw: Fix debugfs command sending (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: advertise support for SCS traffic description (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: Don't always bind/link the P2P Device interface (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: add start mac ctdp sum calculation debugfs handler (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: abort scan when rfkill on but device enabled (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: Add basic link selection logic (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mei: return error from register when not built (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: fix SB CFG check (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: add a per-link debugfs (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: rework debugfs handling (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: yoyo: swap cdb and jacket bits values (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: add support for new ini region types (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: Extract common prph mac/phy regions data dump logic (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: nl80211: fix doc typos (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: fix header kernel-doc typos (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: cfg80211: fix header kernel-doc typos (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: add link id to mgd_prepare_tx() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: Check if we had first beacon with relevant links (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: flush STA queues on unauthorization (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: purge TX queues in flush_queues flow (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: cfg80211: wext: convert return value to kernel-doc (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: fix a expired vs. cancel race in roc (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: make mgd_protect_tdls_discover MLO-aware (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: cfg80211: Fix typo in documentation (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: Fix setting vif links (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: cfg80211: Handle specific BSSID in 6GHz scanning (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: mesh: fix some kdoc warnings (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: cfg80211: Include operating class 137 in 6GHz band (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: Rename and update IEEE80211_VIF_DISABLE_SMPS_OVERRIDE (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: handle debugfs when switching to/from MLO (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: add a driver callback to add vif debugfs (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: don't recreate driver link debugfs in reconfig (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: cleanup auth_data only if association continues (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: bump FW API to 84 for AX/BZ/SC devices (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: use correct sta ID for IGTK/BIGTK (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: offload IGTK in AP if BIGTK is supported (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: fix removing pasn station for responder (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: pcie: clean up WFPM control bits (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: fix opmode start/stop race (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: skip opmode start retries on dead transport (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: pcie: propagate iwl_pcie_gen2_apm_init() error (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: update station's MFP flag after association (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: wilc1000: use vmm_table as array in wilc struct (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtlwifi: drop chk_switch_dmdp() from HAL interface (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtlwifi: drop fill_fake_txdesc() from HAL interface (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtlwifi: drop pre_fill_tx_bd_desc() from HAL interface (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: move software DCFO compensation setting to proper position (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: correct the DCFO tracking flow to improve CFO compensation (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: modify the register setting and the flow of CFO tracking (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: phy: generalize valid bit of BSS color (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: phy: change naming related BT coexistence functions (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw88: dump firmware debug information in abnormal state (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw88: debug: add to check if debug mask is enabled (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtlwifi: cleanup struct rtl_ps_ctl (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: rename the sc naming convention to ab (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: rename the wmi_sc naming convention to wmi_ab (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: Remove ath12k_base::bd_api (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: Remove ath11k_base::bd_api (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: Enable Mesh support for QCN9274 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: register EHT mesh capabilities (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: Use device_get_match_data() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: mac: do bf_monitor only if WiFi 6 chips (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: mac: set bf_assoc capabilities according to chip gen (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: mac: set bfee_ctrl() according to chip gen (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: mac: add registers of MU-EDCA parameters for WiFi 7 chips (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: mac: generalize register of MU-EDCA switch according to chip gen (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: mac: update RTS threshold according to chip gen (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtlwifi: simplify TX command fill callbacks (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: Introduce and use ath11k_sta_to_arsta() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: Remove unused struct ath11k_htc_frame (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: fix invalid m3 buffer address (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: add ath12k_qmi_free_resource() for recovery (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: configure RDDM size to MHI for device recovery (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: add parsing of phy bitmap for reg rules (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: add parsing of phy bitmap for reg rules (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: ath11k_debugfs_register(): fix format-truncation warning (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: coex: add annotation __counted_by() to struct rtw89_btc_btf_set_mon_reg (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: coex: add annotation __counted_by() for struct rtw89_btc_btf_set_slot_table (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: add EHT radiotap in monitor mode (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: show EHT rate in debugfs (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: parse TX EHT rate selected by firmware from RA C2H report (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: Add EHT rate mask as parameters of RA H2C command (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: parse EHT information from RX descriptor and PPDU status packet (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: radiotap: add bandwidth definition of EHT U-SIG (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtlwifi: use convenient list_count_nodes() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: brcmfmac: fweh: Add __counted_by for struct brcmf_fweh_queue_item and use struct_size() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw88: Remove duplicate NULL check before calling usb_kill/free_urb() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: Consistently use ath12k_vif_to_arvif() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: call ath11k_mac_fils_discovery() without condition (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: remove redundant memset() in ath12k_hal_reo_qdesc_setup() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtlwifi: use unsigned long for bt_coexist_8723 timestamp (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw88: 8821c: tweak CCK TX filter setting for SRRC regulation (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw88: regd: update regulatory map to R64-R42 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw88: 8822c: update TX power limit to V70 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw88: 8821c: update TX power limit to V67 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw88: regd: configure QATAR and UK (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtlwifi: remove unreachable code in rtl92d_dm_check_edca_turbo() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: debug: txpwr table supports Wi-Fi 7 chips (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: debug: show txpwr table according to chip gen (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: phy: set TX power RU limit according to chip gen (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: phy: set TX power limit according to chip gen (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: phy: set TX power offset according to chip gen (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: phy: set TX power by rate according to chip gen (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: mac: get TX power control register according to chip gen (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: fix debug messages (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: fix Tx power value during active CAC (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: fix CAC running state during virtual interface start (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath10k: simplify ath10k_peer_create() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtlwifi: use unsigned long for rtl_bssid_entry timestamp (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtlwifi: fix EDCA limit set by BT coexistence (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rt2x00: fix MT7620 low RSSI issue (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: refine bandwidth 160MHz uplink OFDMA performance (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: refine uplink trigger based control mechanism (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: 8851b: update TX power tables to R34 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: 8852b: update TX power tables to R35 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: 8852c: update TX power tables to R67 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: regd: configure Thailand in regulation type (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath10k: indicate to mac80211 scan complete with aborted flag for ATH10K_SCAN_STARTING state (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath: dfs_pattern_detector: Use flex array to simplify code (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath: dfs_pattern_detector: Fix a memory initialization issue (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath10k: Don't touch the CE interrupt registers after power up (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath10k: consistently use kstrtoX_from_user() functions (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: add keep backward compatibility of PHY mode to avoid firmware crash (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: add read variant from SMBIOS for download board data (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: do not drop data frames from unassociated stations (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: mhi: fix potential memory leak in ath12k_mhi_register() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: Annotate struct mt76_rx_tid with __counted_by (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7921: update the channel usage when the regd domain changed (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7921: get regulatory information from the clc event (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7921: add 6GHz power type support for clc (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7921: enable set txpower for UNII-4 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7921: move connac nic capability handling to mt7921 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: reduce spin_lock_bh held up in mt76_dma_rx_cleanup (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7996: remove periodic MPDU TXS request (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7996: enable PPDU-TxS to host (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7996: Add mcu commands for getting sta tx statistic (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7996: get tx_retries and tx_failed from txfree (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt792x: move some common usb code in mt792x module (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt792x: move mt7921_skb_add_usb_sdio_hdr in mt792x module (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7915 add tc offloading support (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7925: add Mediatek Wi-Fi7 driver for mt7925 chips (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7921: fix the wrong rate selected in fw for the chanctx driver (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7921: fix the wrong rate pickup for the chanctx driver (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: move struct ieee80211_chanctx_conf up to struct mt76_vif (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: Drop unnecessary error check for debugfs_create_dir() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7915: fix beamforming availability check (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7915: update mpdu density capability (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: check vif type before reporting cca and csa (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: fix per-band IEEE80211_CONF_MONITOR flag comparison (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: get rid of false alamrs of tx emission issues (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: fix potential memory leak of beacon commands (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: check sta rx control frame to multibss capability (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: update beacon size limitation (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: connac: add MBSSID support for mt7996 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: fix clang-specific fortify warnings (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7921e: Support MT7992 IP in Xiaomi Redmibook 15 Pro (2023) (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: Use PTR_ERR_OR_ZERO() to simplify code (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7996: support per-band LED control (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7996: support more options for mt7996_set_bitrate_mask() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7996: only set vif teardown cmds at remove interface (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7996: fix TWT command format (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7996: fix rx rate report for CBW320-2 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7996: fix wmm queue mapping (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7996: fix beamformee ss subfield in EHT PHY cap (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7996: fix beamform mcu cmd configuration (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7996: set correct wcid in txp (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: connac: add more unified event IDs (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: connac: add more unified command IDs (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: connac: add data field in struct tlv (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: connac: add eht support for tx power (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: connac: add eht support for phy mode config (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: connac: export functions for mt7925 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt792x: support mt7925 chip init (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: connac: introduce helper for mt7925 chipset (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7915: fix monitor mode issues (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: add DMA mapping error check in mt76_alloc_txwi() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: remove unused error path in mt76_connac_tx_complete_skb (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: fix race condition related to checking tx queue fill status (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: use atomic iface iteration for pre-TBTT work (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7603: disable A-MSDU tx support on MT7628 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7603: add missing register initialization for MT7628 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7603: improve stuck beacon handling (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7603: improve watchdog reset reliablity (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7603: rework/fix rx pse hang check (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: add back SPDX identifier (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: fix ieee80211_drop_unencrypted_mgmt return type/value (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtlwifi: cleanup few rtlxxxx_set_hw_reg() routines (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: declare MCC in interface combination (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: 8852c: declare to support two chanctx (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: pause/proceed MCC for ROC and HW scan (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: mcc: fix NoA start time when GO is auxiliary (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rt2x00: remove redundant check if u8 array element is less than zero (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: mac: fix struct ieee80211_sband_iftype_data handling (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: fix ath11k_mac_op_remain_on_channel() stack usage (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: add msdu_end structure for WCN7850 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: Set default beacon mode to burst mode (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: call ath12k_mac_fils_discovery() without condition (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: remove unnecessary (void*) conversions (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: enable IEEE80211_HW_SINGLE_SCAN_ON_ALL_BANDS for WCN7850 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: change to treat alpha code na as world wide regdomain (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: indicate scan complete for scan canceled when scan running (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: indicate to mac80211 scan complete with aborted flag for ATH12K_SCAN_STARTING state (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: fix recovery fail while firmware crash when doing channel switch (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: add support for hardware rfkill for WCN7850 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: use kstrtoul_from_user() where appropriate (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: expand __ieee80211_data_to_8023() status (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: split ieee80211_drop_unencrypted_mgmt() return value (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: remove RX_DROP_UNUSABLE (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: fix check for unusable RX result (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: cfg80211: add local_state_change to deauth trace (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: cfg80211: OWE DH IE handling offload (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ieee80211: add UL-bandwidth definition of trigger frame (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: add mapping of a periphery register crf for WH RF (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: check for iwl_mvm_mld_update_sta() errors (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: support injection antenna control (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: refactor TX rate handling (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: make pldr_sync AX210 specific (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: fail NIC access fast on dead NIC (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: add support for new wowlan_info_notif (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: pcie: (re-)assign BAR0 on driver bind (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: implement enable/disable for China 2022 regulatory (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: handle link-STA allocation in restart (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: iterate active links for STA queues (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: support set_antenna() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: reject MLO channel configuration if not supported (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: report per-link error during association (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: cfg80211: report per-link errors during association (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: support antenna control in injection (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: support handling of advertised TID-to-link mapping (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: add support for parsing TID to Link mapping element (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211_hwsim: Handle BSS_CHANGED_VALID_LINKS (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: Notify the low level driver on change in MLO valid links (Jose Ignacio Tornos Martinez) [RHEL-19746] ... IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-45863 CVE-2023-31083 CVE-2023-39194 CVE-2023-51043 CVE-2023-52610 CVE-2023-6040 CVE-2023-28464 CVE-2022-0480 CVE-2023-6915 CVE-2023-39193 CVE-2023-25775 CVE-2023-52522 CVE-2023-42754 CVE-2022-45934 CVE-2023-6932 CVE-2023-28866 CVE-2023-39198 CVE-2023-52581 CVE-2024-26583 CVE-2023-6931 CVE-2023-39189 CVE-2023-37453 CVE-2023-52434 CVE-2024-26633 CVE-2024-0565 CVE-2023-52574 CVE-2024-26582 CVE-2023-52448 CVE-2023-52620 CVE-2024-26602 CVE-2024-0841 CVE-2024-26586 CVE-2024-26609 CVE-2023-52489 CVE-2023-24023 CVE-2023-52529 CVE-2024-26584 CVE-2023-4133 CVE-2023-6531 CVE-2023-6176 CVE-2023-42756 CVE-2023-6121 CVE-2023-52578 CVE-2022-38096 CVE-2023-46862 CVE-2023-6546 CVE-2024-1085 CVE-2024-26593 CVE-2023-51780 CVE-2023-3567 CVE-2024-26585 CVE-2020-26555 CVE-2023-52580 CVE-2024-1086 CVE-2023-6622 CVE-2023-51779 CVE-2023-52476 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_base Oracle Linux 9 [4.4-10.git1] - CVE-2021-41072 squashfs-tools: additional write outside destination directory exploit fix CVE-2021-40153 squashfs-tools: unvalidated filepaths allow writing outside of destination rhbz#2007304 RHEL-7763 [4.4-9.git1] - CVE-2021-40153 squashfs-tools: unvalidated filepaths allow writing outside of destination rhbz#2000638 MODERATE Copyright 2024 Oracle, Inc. CVE-2021-40153 CVE-2021-41072 cpe:/o:oracle:linux:9:4:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [2.7.4-10] - Resolves:RHEL-2268 Fix CI tests results [2.7.4-9] - Resolves:RHEL-2268 CVE-2023-25193 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-25193 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/o:oracle:linux:9:4:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [0.8-20] - Fix CVE-2023-38469 (RHEL-5637) [0.8-19] - Fix CVE-2023-38471 (RHEL-5642) [0.8-18] - Fix CVE-2023-38472 (RHEL-5645) [0.8-17] - Fix CVE-2023-38470 (RHEL-5641) [0.8-16] - Fix CVE-2023-38473 (RHEL-5729) MODERATE Copyright 2024 Oracle, Inc. CVE-2023-38470 CVE-2023-38472 CVE-2023-38469 CVE-2023-38471 CVE-2023-38473 cpe:/a:oracle:linux:9::distro_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:4:appstream_base cpe:/o:oracle:linux:9:4:baseos_base Oracle Linux 9 [1.2.2-2] - Backport fixes for issues found by OpenScanHub - Related: RHEL-7945 [1.2.2-1] - Rebase to upstream v1.2.2 - Related: RHEL-15865 - Related: RHEL-14995 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-45897 cpe:/o:oracle:linux:9:4:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [1.3.1-19.0.1] - pam_limits: fix use after free in pam_sm_open_session [Orabug: 36406534] [1.3.1-19] - pam_namespace: protect_dir(): use O_DIRECTORY to prevent local DoS situations. CVE-2024-22365. Resolves: RHEL-21244 [1.3.1-18] - libpam: use getlogin() from libc and not utmp. Resolves: RHEL-16727 - pam_access: handle hostnames in access.conf. Resolves: RHEL-22300 [1.5.1-17] - pam_faillock: create tallydir before creating tallyfile. Resolves: RHEL-20943 [1.5.1-16] - libpam: use close_range() to close file descriptors. Resolves: RHEL-5099 - fix formatting of audit messages. Resolves: RHEL-5100 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-22365 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/o:oracle:linux:9:4:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 openssl [1:3.0.7-27.0.3] - Enable openssl-fips-provider dependency [Orabug: 36504822] [1:3.0.7-27.0.2] - Temporary disable openssl-fips-provider dependency [Orabug: 36504822] [1:3.0.7-27.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.7-27] - Use certified FIPS module instead of freshly built one in Red Hat distribution Related: RHEL-23474 [1:3.0.7-26] - Avoid implicit function declaration when building openssl Related: RHEL-1780 - In FIPS mode, prevent any other operations when rsa_keygen_pairwise_test fails Resolves: RHEL-17104 - Add a directory for OpenSSL providers configuration Resolves: RHEL-17193 - Eliminate memory leak in OpenSSL when setting elliptic curves on SSL context Resolves: RHEL-19515 - POLY1305 MAC implementation corrupts vector registers on PowerPC (CVE-2023-6129) Resolves: RHEL-21151 - Excessive time spent checking invalid RSA public keys (CVE-2023-6237) Resolves: RHEL-21654 - SSL ECDHE Kex fails when pkcs11 engine is set in config file Resolves: RHEL-20249 - Denial of service via null dereference in PKCS#12 Resolves: RHEL-22486 - Use certified FIPS module instead of freshly built one in Red Hat distribution Resolves: RHEL-23474 openssl-fips-provider [3.0.7-2.0.1] - Add bundle with Oracle Linux 9 OpenSSL FIPS Provider module files [Orabug: 36504822] - Replace upstream references [Orabug: 34340177] [3.0.7-2] - Denote conflict with old versions of openssl-libs package Related: RHEL-23474 [3.0.7-1] Initial packaging LOW Copyright 2024 Oracle, Inc. CVE-2023-6237 CVE-2023-3817 CVE-2023-6129 CVE-2024-0727 CVE-2023-2975 CVE-2023-5678 CVE-2023-3446 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::userspace_ksplice cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_base Oracle Linux 9 [2.06-77.0.1] - Support setting custom kernels as default kernels [Orabug: 36043978] - Bump SBAT metadata for grub to 3 [Orabug: 34872719] - Fix CVE-2022-3775 [Orabug: 34871953] - Enable signing for aarch64 EFI - Fix signing certificate names - Enable back btrfs grub module for EFI pre-built image [Orabug: 34360986] - Replaced bugzilla.oracle.com references [Orabug: 34202300] - Update provided certificate version to 202204 [JIRA: OLDIS-16371] - Various coverity fixes [JIRA: OLDIS-16371] - bump SBAT generation - Update bug url [Orabug: 34202300] - Revert provided certificate version back to 202102 [JIRA: OLDIS-16371] - Update signing certificate [JIRA: OLDIS-16371] - fix SBAT data [JIRA: OLDIS-16371] - Update requires [JIRA: OLDIS-16371] - Rebuild for SecureBoot signatures [Orabug: 33801813] - Do not add shim and grub certificate deps for aarch64 packages [Orabug: 32670033] - Update Oracle SBAT data [Orabug: 32670033] - Use new signing certificate [Orabug: 32670033] - honor /etc/sysconfig/kernel DEFAULTKERNEL setting for BLS [Orabug: 30643497] - set EFIDIR as redhat for additional grub2 tools [Orabug: 29875597] - Update upstream references [Orabug: 26388226] - Insert Unbreakable Enterprise Kernel text into BLS config file [Orabug: 29417955] - Put 'with' in menuentry instead of 'using' [Orabug: 18504756] - Use different titles for UEK and RHCK kernels [Orabug: 18504756] [2.06-77] - kern/dl: grub_dl_set_mem_attrs()/grub_dl_load_segments() fixes - Resolves: #RHEL-26322 [2.06-76] - fs/ntfs: OOB write fix - (CVE-2023-4692) - Resolves: #RHEL-11567 [2.06-75] - grub-set-bootflag: Fix for CVE-2024-1048 - (CVE-2024-1048) - Resolves: #RHEL-20747 [2.06-74] - Don't run 20-grub.install for UKIs - Resolves: #RHEL-21368 [2.06-73] - search command: add flag to only search root dev - Resolves: #RHEL-20526 - Resolves: #CVE-2023-4001 [2.06-72] - normal: Remove grub_env_set prefix in grub_try_normal_prefix - Resolves: #RHEL-1601 [2.06-71] - kern/ieee1275/init: ppc64: Restrict high memory in presence of fadump - Resolves: #RHEL-14282 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-4693 CVE-2024-1048 CVE-2023-4692 cpe:/o:oracle:linux:9:4:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [252-32.0.2] - Due to a new [Orabug: 36564551] filed on April 29 2024, reverting from back to - previous Tony Lam patch [Orabug: 25897792] until issue with [Orabug: 36564551] is resolved. - Re-Added 1001-Fix-missing-netdev-for-iscsi-entry-in-fstab.patch [Orabug: 25897792] - Removed the following, associated with [Orabug: 36269319]: - 1A) Remove 1001-systemd-fstab-generator-reload-targets.patch - 1B) Remove Fix local-fs and remote-fs targets during system boot [Orabug: 36269319] - 1C) Remove 'systemd-fstab-generator-reload-targets.service' file [Orabug: 36269319] - 1D) Remove required rpms for correct kickstart/systemd functionality within systemd.spec [Orabug: 36269319] - 1E) Remove Important: Review 1001-systemd-fstab-generator-reload-targets.patch for important build details/steps [Orabug: 36269319] [252-32.0.1] - Backport upstream pstore dmesg fix [Orabug: 34868110] - Remove upstream references [Orabug: 33995357] - Disable unprivileged BPF by default [Orabug: 32870980] - udev rules: fix memory hot add and remove [Orabug: 31310273] - set 'RemoveIPC=no' in logind.conf as default for OL7.2 [Orabug: 22224874] - allow dm remove ioctl to co-operate with UEK3 [Orabug: 18467469] - shutdown: get only active md arrays. [Orabug: 34467234] - Wait for an extra configurable time before udevd kills a worker [Orabug: 36017407] - Removed unneeded patches from the systemd.spec - 1001-Fix-missing-netdev-for-iscsi-entry-in-fstab.patch [Orabug: 25897792] - 1004-orabug34272490-0001-core-device-ignore-DEVICE_FOUND_UDEV-bit-on-switchin.patch [Orabug: 34272490] - 1005-orabug34272490-0002-core-device-drop-unnecessary-condition.patch [Orabug: 34272490] - 1007-orabug34868110-pstore-fixes-for-dmesg.txt-reconstruction.patch [Orabug: 34868110] [252-32] - rebase rhel-net-naming-sysattrs to v0.5 [252-31] - bootctl: rework random seed logic to use open_mkdir_at() and openat() (RHEL-16952) - bootctl: properly sync fs before/after moving random seed file into place (RHEL-16952) - bootctl: when updating EFI random seed file, hash old seed with new one (RHEL-16952) - sha256: add helper than hashes a buffer *and* its size (RHEL-16952) - random-seed: don't refresh EFI random seed from random-seed.c anymore (RHEL-16952) - bootctl: downgrade graceful messages to LOG_NOTICE (RHEL-16952) - units: rename/rework systemd-boot-system-token.service -> systemd-boot-random-seed.service (RHEL-16952) - bootctl: split out setting of system token into function of its own (RHEL-16952) [252-30] - resolved: limit the number of signature validations in a transaction (RHEL-26643) - resolved: reduce the maximum nsec3 iterations to 100 (RHEL-26643) - efi: alignment of the PE file has to be at least 512 bytes (RHEL-26133) - units: change assert to condition to skip running in initrd/os (RHEL-16182) - ci: add configuration for regression sniffer GA (RHEL-1086) [252-29] - units: fix typo in Condition in systemd-boot-system-token (RHEL-16952) [252-28] - random-seed: shorten a bit may_credit() (RHEL-16952) - random-seed: make one more use of random_write_entropy() (RHEL-16952) - random-seed: use getopt() (RHEL-16952) - random-seed: make the logic to calculate the number of bytes read from the random seed file clearer (RHEL-16952) - random-seed: no need to pass 'mode' argument when opening /dev/urandom (RHEL-16952) - random-seed: split out run() (RHEL-16952) - random_seed: minor improvement in run() (RHEL-16952) - random-seed: downgrade some messages (RHEL-16952) - random-seed: clarify one comment (RHEL-16952) - random-seed: make sure to load machine id even if the seed file is missing (RHEL-16952) - chase-symlinks: add new flag for prohibiting any following of symlinks (RHEL-16952) - bootctl,bootspec: make use of CHASE_PROHIBIT_SYMLINKS whenever we access the ESP/XBOOTLDR (RHEL-16952) - boot: implement kernel EFI RNG seed protocol with proper hashing (RHEL-16952) - random-seed: refresh EFI boot seed when writing a new seed (RHEL-16952) - random-seed: handle post-merge review nits (RHEL-16952) - boot: do not truncate random seed file (RHEL-16952) - bootctl: install system token on virtualized systems (RHEL-16952) - boot: remove random-seed-mode (RHEL-16952) - stub: handle random seed like sd-boot does (RHEL-16952) - efi: add efi_guid_equal() helper (RHEL-16952) - efi: add common implementation for loop finding EFI configuration tables (RHEL-16952) - boot: Detect hypervisors using SMBIOS info (RHEL-16952) - boot: Skip soft-brick warning when in a VM (RHEL-16952) - boot: Replace UINTN with size_t (RHEL-16952) - boot: Use unsigned for beep counting (RHEL-16952) - boot: Use unicode literals (RHEL-16952) - macro: add generic IS_ALIGNED32() anf friends (RHEL-16952) - meson: use 0|1 for SD_BOOT (RHEL-16952) - boot: Add printf functions (RHEL-16952) - boot: Use printf for error logging (RHEL-16952) - boot: Introduce log_wait (RHEL-16952) - boot: Add log_trace debugging helper (RHEL-16952) - tree-wide: Use __func__ in asserts (RHEL-16952) - boot: Drop use of xpool_print/SPrint (RHEL-16952) - boot: Drop use of Print (RHEL-16952) - boot: Rework GUID handling (RHEL-16952) - efi-string: Fix strchr() null byte handling (RHEL-16952) - efi-string: Add startswith8() (RHEL-16952) - efi-string: Add efi_memchr() (RHEL-16952) - vmm: Add more const (RHEL-16952) - vmm: Add smbios_find_oem_string() (RHEL-16952) - stub: Read extra kernel command line items from SMBIOS (RHEL-16952) - vmm: Modernize get_smbios_table() (RHEL-16952) - stub: measure SMBIOS kernel-cmdline-extra in PCR12 (RHEL-16952) - efi: support passing empty cmdline to mangle_stub_cmdline() (RHEL-16952) - efi: set EFIVAR to stop Shim from uninstalling its protocol (RHEL-16952) - ukify: use empty stub for addons (RHEL-16952) - stub: allow loading and verifying cmdline addons (RHEL-16952) - TODO: remove fixed item (RHEL-16952) - fix: do not check/verify slice units if recursive errors are to be ignored (RHEL-1086) [252-27] - test: merge TEST-20-MAINPIDGAMES into TEST-07-PID1 (fixup) (RHEL-1086) - test: use the default nsec3-iterations value (RHEL-1086) - test: explicitly set nsec3-iterations to 0 (RHEL-1086) - core: mount namespaces: Remove auxiliary bind mounts directory after unit termination (RHEL-19483) - ci: deploy systemd man to GitHub Pages (RHEL-1086) - doc: add missing <listitem> to systemd.net-naming-scheme.xml (RHEL-7026) - man: reorder the list of supported naming schemes (RHEL-7026) - tree-wide: fix return value handling of base64mem() (RHEL-16182) - Consolidate various TAKE_* into TAKE_GENERIC(), add TAKE_STRUCT() (RHEL-16182) - pcrphase: add env var for overriding stub check (RHEL-16182) - pcrphase: gracefully exit if TPM2 support is incomplete (RHEL-16182) - tpm2-util: split out code that derives 'good' TPM2 banks into an strv from pcrphase and generalize it in tpm2-util.c (RHEL-16182) - tpm2-util: split out code that extends a PCR from pcrphase (RHEL-16182) - tpm2-util: optionally do HMAC in tpm2_extend_bytes() in case we process sensitive data (RHEL-16182) - cryptsetup: add tpm2-measure-pcr= and tpm2-measure-bank= crypttab options (RHEL-16182) - man: document the new crypttab measurement options (RHEL-16182) - gpt-auto-generator: automatically measure root/var volume keys into PCR 15 (RHEL-16182) - blkid-util: define enum for blkid_do_safeprobe() return values (RHEL-16182) - pcrphase: make tool more generic, reuse for measuring machine id/fs uuids (RHEL-16182) - units: measure /etc/machine-id into PCR 15 during early boot (RHEL-16182) - generators: optionally, measure file systems at boot (RHEL-16182) - tpm2: add common helper for checking if we are running on UKI with TPM measurements (RHEL-16182) - man: document new machine-id/fs measurement options (RHEL-16182) - test: add simple integration test for checking PCR extension works as it should (RHEL-16182) - update TODO (RHEL-16182) - cryptsetup: retry TPM2 unseal operation if it fails with TPM2_RC_PCR_CHANGED (RHEL-16182) - boot: Simplify object erasure (RHEL-16182) - tree-wide: use CLEANUP_ERASE() at various places (RHEL-16182) - dlfcn: add new safe_dclose() helper (RHEL-16182) - tpm2: rename tpm2 alg id<->string functions (RHEL-16182) - tpm2: rename struct tpm2_context to Tpm2Context (RHEL-16182) - tpm2: use ref counter for Tpm2Context (RHEL-16182) - tpm2: use Tpm2Context* instead of ESYS_CONTEXT* (RHEL-16182) - tpm2: add Tpm2Handle with automatic cleanup (RHEL-16182) - tpm2: simplify tpm2_seal() blob creation (RHEL-16182) - tpm2: add salt to pin (RHEL-16182) - basic/macro: add macro to iterate variadic args (RHEL-16182) - test/test-macro: add tests for FOREACH_VA_ARGS() (RHEL-16182) - basic/bitfield: add bitfield operations (RHEL-16182) - test/test-bitfield: add tests for bitfield macros (RHEL-16182) - tpm2: add tpm2_get_policy_digest() (RHEL-16182) - tpm2: add TPM2_PCR_VALID() (RHEL-16182) - tpm2: add/rename functions to manage pcr selections (RHEL-16182) - test/test-tpm2: add tests for pcr selection functions (RHEL-16182) - tpm2: add tpm2_pcr_read() (RHEL-16182) - tpm2: move openssl-required ifdef code out of policy-building function (RHEL-16182) - tpm2: add tpm2_is_encryption_session() (RHEL-16182) - tpm2: move policy building out of policy session creation (RHEL-16182) - tpm2: add support for a trusted SRK (RHEL-16182) - tpm2: fix nits from PR #26185 (RHEL-16182) - tpm2: replace magic number (RHEL-16182) - tpm2: add tpm2_digest_*() functions (RHEL-16182) - tpm2: replace hash_pin() with tpm2_digest_*() functions (RHEL-16182) - tpm2: add tpm2_set_auth() (RHEL-16182) - tpm2: add tpm2_get_name() (RHEL-16182) - tpm2: rename pcr_values_size vars to n_pcr_values (RHEL-16182) - tpm2: add tpm2_policy_pcr() (RHEL-16182) - tpm2: add tpm2_policy_auth_value() (RHEL-16182) - tpm2: add tpm2_policy_authorize() (RHEL-16182) - tpm2: use tpm2_policy_authorize() (RHEL-16182) - tpm2: add tpm2_calculate_sealing_policy() (RHEL-16182) - tpm: remove external calls to dlopen_tpm2() (RHEL-16182) - tpm2: remove all extern tpm2-tss symbols (RHEL-16182) - tpm2: add tpm2_get_capability(), tpm2_cache_capabilities(), tpm2_capability_pcrs() (RHEL-16182) - tpm2: verify symmetric parms in tpm2_context_new() (RHEL-16182) - tpm2: replace _cleanup_tpm2_* macros with _cleanup_() (RHEL-16182) - tpm2-util: use compound initialization when allocating tpm2 objects (RHEL-16182) - tpm2: add tpm2_get_capability_handle(), tpm2_esys_handle_from_tpm_handle() (RHEL-16182) - tpm2: add tpm2_read_public() (RHEL-16182) - tpm2: add tpm2_get_legacy_template() and tpm2_get_srk_template() (RHEL-16182) - tpm2: add tpm2_load() (RHEL-16182) - tpm2: add tpm2_load_external() (RHEL-16182) - tpm2: move local vars in tpm2_seal() to point of use (RHEL-16182) - tpm2: replace magic number in hmac_sensitive initialization (RHEL-16182) - tpm2: add tpm2_create() (RHEL-16182) - tpm2: replace tpm2_capability_pcrs() macro with direct c->capaiblity_pcrs use (RHEL-16182) - basic/alloc-util: add greedy_realloc_append() (RHEL-16182) - tpm2: cache the TPM supported commands, add tpm2_supports_command() (RHEL-16182) - tpm2: cache TPM algorithms (RHEL-16182) - tpm2: add tpm2_persist_handle() (RHEL-16182) - tpm2: add tpm2_get_or_create_srk() (RHEL-16182) - tpm2: move local vars in tpm2_unseal() to point of use (RHEL-16182) - tpm2: remove tpm2_make_primary() (RHEL-16182) - tpm2: use CreatePrimary() to create primary keys instead of Create() (RHEL-16182) - cryptsetup: downgrade a bunch of log messages that to LOG_WARNING (RHEL-16182) - boot/measure: replace TPM PolicyPCR session with calculation (RHEL-16182) - core: imply DeviceAllow=/dev/tpmrm0 with LoadCredentialEncrypted (RHEL-16182) - added more test cases (RHEL-16182) - test: fixed negative checks in TEST-70-TPM2. Use in-line error handling rather than redirections. Follow up on #27020 (RHEL-16182) - systemd-cryptenroll: add string aliases for tpm2 PCRs Fixes #26697. RFE. (RHEL-16182) - cryptenroll: fix an assertion with weak passwords (RHEL-16182) - man/systemd-cryptenroll: update list of PCRs, link to uapi docs (RHEL-16182) - tpm2: add debug logging to functions converting hash or asym algs to/from strings or ids (RHEL-16182) - tpm2: add tpm2_hash_alg_to_size() (RHEL-16182) - tpm2: change tpm2_tpm*_pcr_selection_to_mask() to return mask (RHEL-16182) - tpm2: add more helper functions for managing TPML_PCR_SELECTION and TPMS_PCR_SELECTION (RHEL-16182) - tpm2: add Tpm2PCRValue struct and associated functions (RHEL-16182) - tpm2: move declared functions in header lower down (RHEL-16182) - tpm2: declare tpm2_log_debug_*() functions in tpm2_util.h (RHEL-16182) - tpm2: change tpm2_calculate_policy_pcr(), tpm2_calculate_sealing_policy() to use Tpm2PCRValue array (RHEL-16182) - tpm2: change tpm2_parse_pcr_argument() parameters to parse to Tpm2PCRValue array (RHEL-16182) - tpm2: add TPM2B_*_MAKE(), TPM2B_*_CHECK_SIZE() macros (RHEL-16182) - tpm2: add tpm2_pcr_read_missing_values() (RHEL-16182) - openssl: add openssl_pkey_from_pem() (RHEL-16182) - openssl: add rsa_pkey_new(), rsa_pkey_from_n_e(), rsa_pkey_to_n_e() (RHEL-16182) - openssl: add ecc_pkey_new(), ecc_pkey_from_curve_x_y(), ecc_pkey_to_curve_x_y() (RHEL-16182) - test: add DEFINE_HEX_PTR() helper function (RHEL-16182) - openssl: add test-openssl (RHEL-16182) - tpm2: add functions to convert TPM2B_PUBLIC to/from openssl pkey or PEM (RHEL-16182) - tpm2: move policy calculation out of tpm2_seal() (RHEL-16182) - man: update systemd-cryptenroll man page with details on --tpm2-pcrs format change (RHEL-16182) - tpm2: update TEST-70-TPM2 to test passing PCR value to systemd-cryptenroll (RHEL-16182) - tpm2: change *alg_to_* functions to use switch() (RHEL-16182) - tpm2: lowercase TPM2_PCR_VALUE[S]_VALID functions (RHEL-16182) - tpm2: move cast from lhs to rhs in uint16_t/int comparison (RHEL-16182) - tpm2: in validator functions, return false instead of assert failure (RHEL-16182) - tpm2: in tpm2_pcr_values_valid() use FOREACH_ARRAY() (RHEL-16182) - tpm2: use SIZE_MAX instead of strlen() for unhexmem() (RHEL-16182) - tpm2: put !isempty() check inside previous !isempty() check (RHEL-16182) - tpm2: simplify call to asprintf() (RHEL-16182) - tpm2: check pcr value hash != 0 before looking up hash algorithm name (RHEL-16182) - tpm2: use strempty() (RHEL-16182) - tpm2: split TPM2_PCR_VALUE_MAKE() over multiple lines (RHEL-16182) - tpm2: remove ret_ prefix from input/output params (RHEL-16182) - tpm2: use memcpy_safe() instead of memcpy() (RHEL-16182) - openssl: use new(char, size) instead of malloc(size) (RHEL-16182) - tpm2: use table for openssl<->tpm2 ecc curve id mappings (RHEL-16182) - tpm2: use switch() instead of if-else (RHEL-16182) - tpm2: make logging level consistent at debug for some functions (RHEL-16182) - tpm2: remove unnecessary void* cast (RHEL-16182) - tpm2: add tpm2_pcr_values_has_(any|all)_values() functions (RHEL-16182) - tpm2: wrap (7) in UINT32_C() (RHEL-16182) - cryptenroll: change man page example to remove leading 0x and lowercase hex (RHEL-16182) - openssl: add log_openssl_errors() (RHEL-16182) - openssl: add openssl_digest_size() (RHEL-16182) - openssl: add openssl_digest_many() (RHEL-16182) - openssl: replace openssl_hash() with openssl_digest() (RHEL-16182) - openssl: add openssl_hmac_many() (RHEL-16182) - openssl: add rsa_oaep_encrypt_bytes() (RHEL-16182) - openssl: add kdf_kb_hmac_derive() (RHEL-16182) - openssl: add openssl_cipher_many() (RHEL-16182) - openssl: add ecc_edch() (RHEL-16182) - openssl: add kdf_ss_derive() (RHEL-16182) - dlfcn-util: add static asserts ensuring our sym_xyz() func ptrs match the types from the official headers (RHEL-16182) - tpm2: add tpm2_marshal_blob() and tpm2_unmarshal_blob() (RHEL-16182) - tpm2: add tpm2_serialize() and tpm2_deserialize() (RHEL-16182) - tpm2: add tpm2_index_to_handle() and tpm2_index_from_handle() (RHEL-16182) - tpm2: fix build failure without openssl (RHEL-16182) - tpm2-util: look for tpm2-pcr-signature.json directly in /.extra/ (RHEL-16182) - tpm2: downgrade most log functions from error to debug (RHEL-16182) - tpm2: handle older tpm enrollments without a saved pcr bank (RHEL-16182) - tpm2: allow tpm2_make_encryption_session() without bind key (RHEL-16182) - tpm2: update tpm2 test for supported commands (RHEL-16182) - tpm2: use GREEDY_REALLOC_APPEND() in tpm2_get_capability_handles(), cap max value (RHEL-16182) - tpm2: change tpm2_unseal() to accept Tpm2Context instead of device string (RHEL-16182) - tpm2: cache TPM's supported ECC curves (RHEL-16182) - tpm2-util: make tpm2_marshal_blob()/tpm2_unmarshal_blob() static (RHEL-16182) - tpm2-util: make tpm2_read_public() static, as we use it only internally in tpm2-util.c (RHEL-16182) - cryptenroll: allow specifying handle index of key to use for sealing (RHEL-16182) - test: add tests for systemd-cryptenroll --tpm2-seal-key-handle (RHEL-16182) - tpm2: do not call Esys_TR_Close() (RHEL-16182) - tpm2: don't use GetCapability() to check transient handles (RHEL-16182) - tpm2-util: pick up a few new symbols from tpm2-tss (RHEL-16182) - tpm2: add tpm2_get_pin_auth() (RHEL-16182) - tpm2: instead of adjusting authValue trailing 0(s), trim them as required by tpm spec (RHEL-16182) - tpm2-util: rename tpm2_calculate_name() -> tpm2_calculate_pubkey_name() (RHEL-16182) - cryptenroll: do not implicitly verify with default tpm policy signature (RHEL-16182) - cryptenroll: drop deadcode (RHEL-16182) - tpm2: allow using tpm2_get_srk_template() without tpm (RHEL-16182) - tpm2: add test to verify srk templates (RHEL-16182) - tpm2: add tpm2_sym_alg_*_string() and tpm2_sym_mode_*_string() (RHEL-16182) - tpm2: add tpm2_calculate_seal() and helper functions (RHEL-16182) - tpm2: update test-tpm2 for tpm2_calculate_seal() (RHEL-16182) - cryptenroll: add support for calculated TPM2 enrollment (RHEL-16182) - test: update TEST-70 with systemd-cryptenroll calculated TPM2 enrollment (RHEL-16182) - openssl-util: avoid freeing invalid pointer (RHEL-16182) - creds-util: check for CAP_DAC_READ_SEARCH (RHEL-16182) - creds-util: do not try TPM2 if there is not support (RHEL-16182) - creds-util: merge the TPM2 detection for initrd (RHEL-16182) - cryptenroll: fix a memory leak (RHEL-16182) - sd-journal: introduce sd_journal_step_one() (RHEL-11591) - test: modernize test-journal-flush (RHEL-11591) - journal-file-util: do not fail when journal_file_set_offline() called more than once (RHEL-11591) - journal-file-util: Prefer punching holes instead of truncating (RHEL-11591) - test: add reproducer for SIGBUS issue caused by journal truncation (RHEL-11591) [252-26] - spec: update rhel-net-naming-sysattrs to v0.4 (RHEL-22278) [252-25] - spec: add new package with RHEL-specific network naming sysattrs (RHEL-22278) [252-24] - ci: use source-git-automation composite Action (RHEL-1086) - ci: increase the cron interval to 45 minutes (RHEL-1086) - ci: add all Z-Stream versions to array of allowed versions (RHEL-1086) - udev/net_id: introduce naming scheme for RHEL-9.4 (RHEL-22427) - basic/errno-util: add wrappers which only accept negative errno (RHEL-22443) - errno-util: allow ERRNO_IS_* to accept types wider than int (RHEL-22443) - udev: add new builtin net_driver (RHEL-22443) - udev/net_id: introduce naming scheme for RHEL-8.10 (RHEL-22427) [252-23] - logind: don't setup idle session watch for lock-screen and greeter (RHEL-20757) - logind: don't make idle action timer accuracy more coarse than timeout (RHEL-20757) - logind: do TTY idle logic only for sessions marked as 'tty' (RHEL-20757) - meson: Properly install 90-uki-copy.install (RHEL-16354) [252-22] - Revert 'man: mention System Administrator's Guide in systemctl manpage' (RHEL-19436) - man: mention RHEL documentation in systemctl's man page (RHEL-19436) - resolved: actually check authenticated flag of SOA transaction (RHEL-6216) - udev: allow/denylist for reading sysfs attributes when composing a NIC name (RHEL-1317) - man: environment value -> udev property (RHEL-1317) [252-21] - meson: fix installation of ukify (RHEL-13199) - sd-id128: introduce id128_hash_ops_free (RHEL-5988) - udevadm-trigger: allow to fallback without synthetic UUID only first time (RHEL-5988) - udevadm-trigger: settle with synthetic UUID if the kernel support it (RHEL-5988) - udevadm-trigger: also check with the original syspath if device is renamed (RHEL-5988) - test: use 'udevadm trigger --settle' even if device is renamed (RHEL-5988) - sd-event: don't mistake USEC_INFINITY passed in for overflow (RHEL-6090) - pid1: rework service_arm_timer() to optionally take a relative time value (RHEL-6090) - manager: add one more assert() (RHEL-6090) - pid1: add new Type=notify-reload service type (RHEL-6090) - man: document Type=notify-reload (RHEL-6090) - pid1: make sure we send our calling service manager RELOADING=1 when reloading (RHEL-6090) - networkd: implement Type=notify-reload protocol (RHEL-6090) - udevd: implement the full Type=notify-reload protocol (RHEL-6090) - logind: implement Type=notify-reload protocol properly (RHEL-6090) - notify: add --stopping + --reloading switches (RHEL-6090) - test: add Type=notify-reload testcase (RHEL-6090) - update TODO (RHEL-6090) - core: check for SERVICE_RELOAD_NOTIFY in manager_dbus_is_running (RHEL-6090) [252-20] - udev/net: allow new link name as an altname before renaming happens (RHEL-5988) - sd-netlink: do not swap old name and alternative name (RHEL-5988) - sd-netlink: restore altname on error in rtnl_set_link_name (RHEL-5988) - udev: attempt device rename even if interface is up (RHEL-5988) - sd-netlink: add a test for rtnl_set_link_name() (RHEL-5988) - test-network: add a test for renaming device to current altname (RHEL-5988) - udev: align table (RHEL-5988) - sd-device: make device_set_syspath() clear sysname and sysnum (RHEL-5988) - sd-device: do not directly access entry in sd-device object (RHEL-5988) - udev: move device_rename() from device-private.c (RHEL-5988) - udev: restore syspath and properties on failure (RHEL-5988) - sd-device: introduce device_get_property_int() (RHEL-5988) - core/device: downgrade log level for ignored errors (RHEL-5988) - core/device: ignore failed uevents (RHEL-5988) - test: add tests for failure in renaming network interface (RHEL-5988) - test: modernize test-netlink.c (RHEL-5988) - test-netlink: use dummy interface to test assigning new interface name (RHEL-5988) - udev: use SYNTHETIC_ERRNO() at one more place (RHEL-5988) - udev: make udev_builtin_run() take UdevEvent* (RHEL-5988) - udev/net: verify ID_NET_XYZ before trying to assign it as an alternative name (RHEL-5988) - udev/net: generate new network interface name only on add uevent (RHEL-5988) - sd-netlink: make rtnl_set_link_name() optionally append alternative names (RHEL-5988) - udev/net: assign alternative names only on add uevent (RHEL-5988) - test: add tests for renaming network interface (RHEL-5988) - Backport ukify from upstream (RHEL-13199) - bootctl: make --json output normal json (RHEL-13199) - test: replace readfp() with read_file() (RHEL-13199) - stub/measure: document and measure .uname UKI section (RHEL-13199) - boot: measure .sbat section (RHEL-13199) - Revert 'test_ukify: no stinky root needed for signing' (RHEL-13199) - ukify: move to /usr/bin and mark as non non-experimental (RHEL-13199) - kernel-install: Add uki layout (RHEL-16354) - kernel-install: remove math slang from man page (RHEL-16354) - kernel-install: handle uki installs automatically (RHEL-16354) - 90-uki-copy.install: create /EFI/Linux directory if needed (RHEL-16354) - kernel-install: Log location that uki is installed in (RHEL-16354) - bootctl: fix errno logging (RHEL-16354) - bootctl: add kernel-identity command (RHEL-16354) - bootctl: add kernel-inspect command (RHEL-16354) - bootctl: add kernel-inspect to --help text (RHEL-16354) - bootctl: drop full stop at end of --help texts (RHEL-16354) - bootctl: change section title for kernel image commands (RHEL-16354) - bootctl: remove space that should not be there (RHEL-16354) - bootctl: kernel-inspect: print os info (RHEL-16354) - bootctl-uki: several coding style fixlets (RHEL-16354) - tree-wide: unify how we pick OS pretty name to display (RHEL-16354) - bootctl-uki: several follow-ups for inspect_osrel() (RHEL-16354) - bootctl: Add missing %m (RHEL-16354) - bootctl: tweak DOS header magic check (RHEL-16354) [252-19] - ci: Extend source-git-automation (RHEL-1086) - netif-naming-scheme: let's also include rhel8 schemes (RHEL-7026) - systemd-analyze: Add table and JSON output implementation to plot (RHEL-5070) - systemd-analyze: Update man/systemd-analyze.xml with Plot JSON and table (RHEL-5070) - systemd-analyze: Add tab complete logic for plot (RHEL-5070) - systemd-analyze: Add --json=, --table and -no-legend tests for plot (RHEL-5070) - ci: enable source-git automation to validate reviews and ci results (RHEL-1086) - ci: remove Mergify config - replaced by Pull Request Validator (RHEL-1086) - ci: enable auto-merge GH Action (RHEL-1086) - ci: add missing permissions (RHEL-1086) - ci: permissions: write-all (RHEL-1086) - ci(lint): exclude .in files from ShellCheck lint (RHEL-1086) - udev: raise RLIMIT_NOFILE as high as we can (RHEL-11040) MODERATE Copyright 2024 Oracle, Inc. CVE-2023-7008 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_base Oracle Linux 9 [3:2.1.0-18] - add gating.yaml [3:2.1.0-17] - fix improper command line parsing (CVE-2023-46316) MODERATE Copyright 2024 Oracle, Inc. CVE-2023-46316 cpe:/o:oracle:linux:9:4:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [0.10.4-13] - Bump up the version so that the version in 9.3 is lower. - Resolves: RHEL-19310, RHEL-19691, RHEL-17245 LOW Copyright 2024 Oracle, Inc. CVE-2023-6918 CVE-2023-6004 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/o:oracle:linux:9:4:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [5.39-16] - Fix stack-based buffer over-read in file_copystr() (CVE-2022-48554) [5.39-15] - Fix segfault in python3-file-magic concurrent method calls LOW Copyright 2024 Oracle, Inc. CVE-2022-48554 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_base Oracle Linux 9 [1:2.10-5] - Support macsec HW offload. Resolves: RHEL-22440 - Backport fix for PEAP client (CVE-2023-52160) MODERATE Copyright 2024 Oracle, Inc. CVE-2023-52160 cpe:/o:oracle:linux:9:4:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [0.42.2-3] - Bump pixman version 0.42.2 - Drop DesktopQE gating - Fix CVEs: CVE-2022-44638 - Resolves: RHEL-5013 MODERATE Copyright 2024 Oracle, Inc. CVE-2022-44638 cpe:/a:oracle:linux:9::distro_builder cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [2.78.0-1] - Bump glib2 version 2.78.0 - Drop DesktopQE gating - Fix CVEs: CVE-2023-32636, CVE-2023-29499, CVE-2023-32611, CVE-2023-32665, DoS - Resolves: RHEL-5019 - Resolves: RHEL-5020 - Resolves: RHEL-5092 - Resolves: RHEL-5093 - Resolves: RHEL-5094 LOW Copyright 2024 Oracle, Inc. CVE-2023-32611 CVE-2023-32665 CVE-2023-29499 CVE-2023-32636 cpe:/a:oracle:linux:9::distro_builder cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [4.9.4-3.0.1] - Add devices on container startup, not on creation - Backport fast gzip for compression [Orabug: 36420418] - overlay: Put should ignore ENINVAL for Unmount [Orabug: 36234694] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404] [4:4.9.4-3] - rebuild - Related: RHEL-28234 [4:4.9.4-2] - bump Epoch to 4 to preserve upgrade path from rhel 8.10 - bump release tag or else it refuses to build - Resolves: RHEL-28234 [4:4.9.4-1] - bump Epoch to 4 to preserve upgrade path from rhel 8.10 - Resolves: RHEL-28234 [3:4.9.4-1] - update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/7752c56) - Resolves: RHEL-28234 [3:4.9.3-3] - update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/5f872ae) - Resolves: RHEL-28234 [3:4.9.3-2] - update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/06e4598) - Resolves: RHEL-28636 [2:4.9.3-1] - update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/c82fdc8) - Resolves: RHEL-28633 RHEL-28629 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-1753 CVE-2024-24786 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [2:1.14.3-2] - update to the latest content of https://github.com/containers/skopeo/tree/release-1.14 (https://github.com/containers/skopeo/commit/5f2b9af) - Resolves: RHEL-28736 [2:1.14.3-1] - update to the latest content of https://github.com/containers/skopeo/tree/release-1.14 (https://github.com/containers/skopeo/commit/4a2bc3a) - Resolves: RHEL-28235 [2:1.14.3-0.2] - update to the latest content of https://github.com/containers/skopeo/tree/release-1.14 (https://github.com/containers/skopeo/commit/d0a0f1a) - Resolves: RHEL-28235 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-28180 CVE-2024-24786 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [1.33.7-1.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178] [2:1.33.7-1] - update to the latest content of https://github.com/containers/buildah/tree/release-1.33 (https://github.com/containers/buildah/commit/b95e962) - Resolves: RHEL-28230 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-24786 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 bind [9.16.23-18.0.1] - Fix warning when changing device file permissions [Orabug: 36518580] [32:9.16.23-18.1] - Rebuild with correct z-stream tag again [32:9.16.23-18] - Prevent crashing at masterformat system test (CVE-2023-6516) [32:9.16.23-17] - Import tests for large DNS messages fix - Add downstream change complementing CVE-2023-50387 [32:9.16.23-16] - Prevent increased CPU load on large DNS messages (CVE-2023-4408) - Prevent assertion failure when nxdomain-redirect is used with RFC 1918 reverse zones (CVE-2023-5517) - Prevent assertion failure if DNS64 and serve-stale is used (CVE-2023-5679) - Specific recursive query patterns may lead to an out-of-memory condition (CVE-2023-6516) - Prevent increased CPU consumption in DNSSEC validator (CVE-2023-50387 CVE-2023-50868) bind-dyndb-ldap [11.9-9] - Rebuild required for BIND changes for KeyTrap change (CVE-2023-50387) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-4408 CVE-2023-5517 CVE-2023-50868 CVE-2023-50387 CVE-2023-5679 CVE-2023-6516 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [0.8-5] - Address potential DoS with high compression ratio Resolves: RHEL-28698 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-28102 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [10.0.0-6.2.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] [10.0.0-6.2.el9_4] - qemu: Fix migration with custom XML (RHEL-32654) [10.0.0-6.1.el9_4] - Fix off-by-one error in udevListInterfacesByStatus (CVE-2024-1441, RHEL-25081) - remote: check for negative array lengths before allocation (CVE-2024-2494) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-2494 CVE-2024-1441 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [1.21.9-2] - Rebuilt for z-stream - Related: RHEL-24312 - Related: RHEL-28940 [1.21.9-1] - Fix CVE-2024-1394 - Fix CVE-2023-45288 - Resolves RHEL-24312 - Resolves RHEL-28940 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-45290 CVE-2024-24785 CVE-2024-1394 CVE-2024-24783 CVE-2023-45289 CVE-2024-24784 CVE-2023-45288 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [2.0.26-2] - Resolves: RHEL-31855 - mod_http2: httpd: CONTINUATION frames DoS (CVE-2024-27316) [2.0.26-1] - Resolves: RHEL-14691 - mod_http2 rebase to 2.0.26 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-27316 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [4.12-2.0.1] - Add libreswan-oracle.patch to detect Oracle Linux distro [4.12-2] - Fix CVE-2024-2357 (RHEL-32761) - x509: unpack IPv6 general names based on length (RHEL-32718) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-2357 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [6.2.0-2.0.1] - Fixed libpcp derived metric issue for ol9 [Orabug: 36538820] [6.2.0-2] - Disable RESP proxying by default in pmproxy (RHEL-30719) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-3019 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [9.2.10-16] - Check OrdID is correct before deleting snapshot - fix CVE-2024-1313 - fix CVE-2024-1394 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-1394 CVE-2024-1313 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [5.1.1-2] - fix CVE-2024-1394 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1394 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [3.8.3-4] - Bump release to ensure el9 package is greater than el9_* packages [3.8.3-3] - Bump release to ensure el9 package is greater than el9_* packages [3.8.3-2] - Fix timing side-channel in deterministic ECDSA (RHEL-28959) - Fix potential crash during chain building/verification (RHEL-28954) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-28834 CVE-2024-28835 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [2.9.4-6.0.1] - Restore default debug level for sss_cache [Orabug: 32810448] [2.9.4-6] - Resolves: RHEL-27209 - Race condition during authorization leads to GPO policies functioning inconsistently [rhel-9.4.0] [2.9.4-5] - Resolves: RHEL-28161 - Passkey cannot fall back to password [2.9.4-4] - Resolves: RHEL-28161 - Passkey cannot fall back to password [2.9.4-3] - Resolves: RHEL-22340 - socket leak - Resolves: RHEL-28161 - Passkey cannot fall back to password MODERATE Copyright 2024 Oracle, Inc. CVE-2023-3758 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_patch Oracle Linux 9 [1.13.1-8.3] - Rebuild (z-stream target) Resolves: RHEL-30985 Resolves: RHEL-31015 [1.13.1-8.2] - Fix crash caused by fix for CVE-2024-31083 Resolves: RHEL-30985 [1.13.1-8.1] - Fix CVE-2024-31080 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents Resolves: RHEL-31015 - Fix CVE-2024-31083 tigervnc: xorg-x11-server: User-after-free in ProcRenderAddGlyphs Resolves: RHEL-30985 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-31080 CVE-2024-31081 CVE-2024-31083 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [2.9.13-6] - Fix CVE-2024-25062 (RHEL-29196) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-25062 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 8 [3.2.0-3] - Rebuild with new Golang - Resolves: RHEL-32542 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-45288 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [2.28-236.0.1.13] - Forward port of Oracle patches. Reviewed-by: Jose E. Marchesi IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-2961 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::appstream cpe:/o:oracle:linux:8:9:baseos_patch cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 9 [3.4.1-2] - Rebuild with new Golang - Resolves: RHEL-32570, RHEL-28385, RHEL-28402, RHEL-28432 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-24783 CVE-2023-45289 CVE-2023-45290 CVE-2023-45288 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [5.14.0-427.16.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates [5.14.0-427.16.1_4] - memory: tegra: Skip SID programming if SID registers aren't set (Robert Foss) [RHEL-32675 RHEL-23656] - memory: tegra: Add SID override programming for MC clients (Robert Foss) [RHEL-32675 RHEL-23656] - iommu: Don't reserve 0-length IOVA region (Robert Foss) [RHEL-32675 RHEL-23656] [5.14.0-427.15.1_4] - ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (Michal Schmidt) [RHEL-30110 RHEL-19000] - ice: avoid the PTP hardware semaphore in gettimex64 path (Michal Schmidt) [RHEL-30110 RHEL-19000] - ice: add ice_adapter for shared data across PFs on the same NIC (Michal Schmidt) [RHEL-30110 RHEL-19000] - crypto: iaa - mark tech preview (Vladis Dronov) [RHEL-32242 RHEL-29685] - crypto: iaa - Fix nr_cpus < nr_iaa case (Vladis Dronov) [RHEL-32242 RHEL-29685] - crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (Vladis Dronov) [RHEL-32242 RHEL-29685] - crypto: iaa - Fix comp/decomp delay statistics (Vladis Dronov) [RHEL-32242 RHEL-29685] - crypto: iaa - Fix async_disable descriptor leak (Vladis Dronov) [RHEL-32242 RHEL-29685] - crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() (Vladis Dronov) [RHEL-32242 RHEL-29685] - crypto: iaa - Remove header table code (Vladis Dronov) [RHEL-32242 RHEL-29685] - cgroup: cgroup-v1: do not exclude cgrp_dfl_root (Laurent Vivier) [RHEL-32716 RHEL-31381] - x86/sev: Harden #VC instruction emulation somewhat (Vitaly Kuznetsov) [RHEL-30030 RHEL-30031] {CVE-2024-25743 CVE-2024-25742} [5.14.0-427.14.1_4] - crypto: dh - implement FIPS PCT (Vladis Dronov) [RHEL-27009 RHEL-25845] - crypto: tcrypt - add ffdhe2048(dh) test (Vladis Dronov) [RHEL-27009 RHEL-25845] - crypto: dh - Make public key test FIPS-only (Vladis Dronov) [RHEL-27009 RHEL-25845] - printk: allow disabling printk per-console device kthreads at boot (Luis Claudio R. Goncalves) [RHEL-30678 RHEL-17709] - mm, vmscan: remove ISOLATE_UNMAPPED (Nico Pache) [RHEL-29235 RHEL-28667] - trace-vmscan-postprocess: sync with tracepoints updates (Nico Pache) [RHEL-29235 RHEL-28667] - tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (Nico Pache) [RHEL-29235 RHEL-28667] - mm/mglru: skip special VMAs in lru_gen_look_around() (Nico Pache) [RHEL-29235 RHEL-28667] - mm/mglru: reclaim offlined memcgs harder (Nico Pache) [RHEL-29235 RHEL-28667] - mm/mglru: try to stop at high watermarks (Nico Pache) [RHEL-29235 RHEL-28667] - mm/mglru: fix underprotected page cache (Nico Pache) [RHEL-29235 RHEL-28667] - mm: multi-gen LRU: reuse some legacy trace events (Nico Pache) [RHEL-29235 RHEL-28667] - mm: multi-gen LRU: improve design doc (Nico Pache) [RHEL-29235 RHEL-28667] - mm: multi-gen LRU: clean up sysfs code (Nico Pache) [RHEL-29235 RHEL-28667] - cpu/hotplug: Do not bail-out in DYING/STARTING sections (David Arcari) [RHEL-29673 RHEL-19514] - crypto: akcipher - Disable signing and decryption (Herbert Xu) [RHEL-29079 RHEL-17113] {CVE-2023-6240} MODERATE Copyright 2024 Oracle, Inc. CVE-2024-25742 CVE-2023-6240 CVE-2024-25743 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_patch Oracle Linux 8 nodejs [1:20.12.2-2] - Backport nghttp2 patch for CVE-2024-28182 [1:20.12.2-1] - Rebase to version 20.12.0 Fixes: CVE-2024-27983 CVE-2024-27982 CVE-2024-22025 (node) Fixes: CVE-2024-25629 (c-ares) nodejs-nodemon nodejs-packaging IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-27983 CVE-2024-27982 CVE-2024-28182 CVE-2024-25629 CVE-2024-22025 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 9 nodejs [1:18.20.2-2] - Removes .ps1 files - Rebase to 18.20.2 - Fixes: CVE-2024-27983, CVE-2024-28182, CVE-2024-27982, CVE-2024-25629 nodejs-nodemon nodejs-packaging IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-28182 CVE-2024-25629 CVE-2024-27982 CVE-2024-27983 CVE-2024-22025 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 8 nodejs [1:18.20.2-1] - Removes .ps1 files - Rebase to 18.20.2 - Fixes: CVE-2024-27983, CVE-2024-28182, CVE-2024-27982, CVE-2024-25629 nodejs-nodemon nodejs-packaging IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-27983 CVE-2024-28182 CVE-2024-25629 CVE-2024-22025 CVE-2024-27982 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [8.0.105-1.0.1] - Add support for Oracle Linux [8.0.105-1] - Update to .NET SDK 8.0.105 and Runtime 8.0.5 - Resolves: RHEL-35317 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-30046 CVE-2024-30045 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [7.0.119-1.0.1] - Add OracleLinux support IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-30045 CVE-2024-30046 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 nodejs [1:20.12.2-2] - Backport nghttp2 patch for CVE-2024-28182 [1:20.12.2-1] - Rebase to version 20.12.0 Fixes: CVE-2024-27983 CVE-2024-27982 CVE-2024-22025 (node) Fixes: CVE-2024-25629 (c-ares) nodejs-nodemon nodejs-packaging IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-25629 CVE-2024-27983 CVE-2024-27982 CVE-2024-28182 CVE-2024-22025 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:4:appstream_patch cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 8 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-45237 CVE-2024-1298 CVE-2023-45236 CVE-2024-25742 cpe:/a:oracle:linux:8::distro_builder Oracle Linux 7 [115.11.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [115.11.0-1] - Update to 115.11.0 build1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-4770 CVE-2024-4768 CVE-2024-4767 CVE-2024-4777 CVE-2024-4367 CVE-2024-4769 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 9 [115.11.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [115.11.0-1] - Update to 115.11.0 build1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-4777 CVE-2024-4367 CVE-2024-4767 CVE-2024-4768 CVE-2024-4770 CVE-2024-4769 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [115.11.0-1.0.1] - Add Oracle prefs [115.11.0-1] - Update to 115.11.0 build2 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-4777 CVE-2024-4770 CVE-2024-4367 CVE-2024-4767 CVE-2024-4769 CVE-2024-4768 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [1:16.20.2-8.0.1] - Fix CVE-2024-28182, CVE-2024-22025, CVE-2024-25629, CVE-2024-27982, CVE-2024-27983 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-25629 CVE-2024-22025 CVE-2024-28182 CVE-2024-27982 CVE-2024-27983 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 7 [115.11.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [115.11.0-1] - Update to 115.11.0 build2 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-4367 CVE-2024-4769 CVE-2024-4770 CVE-2024-4768 CVE-2024-4767 CVE-2024-4777 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [0.10.18-2.0.1] - Replace HAM-logo.png with a generic one [0.10.18-2] - Fixed CVE-2024-25126, CVE-2024-26141, CVE-2024-26146 in bundled dependency rack Resolves: RHEL-26445, RHEL-26447, RHEL-26449 [0.10.18-1] - Rebased to the latest sources (see CHANGELOG.md) Resolves: RHEL-7741 [0.10.17-6] - Rebased to the latest upstream sources (see CHANGELOG.md) - Remove the preview of the new pcs web interface Resolves: RHEL-17280 [0.10.17-5] - Rebased to the latest upstream sources (see CHANGELOG.md) Resolves: RHEL-7584, RHEL-7668, RHEL-7729, RHEL-7731, RHEL-7732, RHEL-7741, RHEL-7742, RHEL-7743, RHEL-7745, RHEL-8467 - Tightened permissions of bundled rubygems to be 755 or stricter Resolves: RHEL-7715 [0.10.17-4] - No changes, fixed an error in the new quality control process - Resolves: RHEL-15218 [0.10.17-3] - No changes, testing a new quality control process - Resolves: RHEL-15218 [0.10.17-2] - Make use of filters when extracting tarballs to enhance security if provided by Python (pcs config restore command) - Do not display duplicate records in commands pcs property [config] --all and pcs property describe - Resolves: rhbz#2218841 rhbz#2219388 [0.10.17-1] - Rebased to the latest upstream sources (see CHANGELOG.md) - Updated bundled rubygems: tilt, puma - Resolves: rhbz#2112259 rhbz#2163439 rhbz#2166289 [0.10.16-1] - Rebased to the latest upstream sources (see CHANGELOG.md) - Updated bundled dependencies: dacite - Added bundled rubygems: nio4r, puma - Removed bundled rubygems: daemons, eventmachine, thin - Updated bundled rubygems: backports, rack, rack-test, tilt - Resolves: rhbz#1957591 rhbz#2022748 rhbz#2160555 rhbz#2163439 rhbz#2166289 rhbz#2166294 rhbz#2176490 rhbz#2178700 rhbz#2178707 rhbz#2179010 rhbz#2180378 rhbz#2189958 [0.10.15-4] - Fixed enabling/disabling sbd when cluster is not running - Added BuildRequires: pam - needed for tier0 tests during build - Resolves: rhbz#2166243 [0.10.15-3] - Allow time values in stonith-watchdog-time property - Resource/stonith agent self-validation of instance attributes is now disabled by default, as many agents do not work with it properly - Updated bundled rubygems: rack, rack-protection, sinatra - Added license for ruby2_keywords - Resolves: rhbz#2158804 rhbz#2159455 [0.10.15-2] - Added warning when omitting validation of misconfigured resource - Fixed displaying of bool and integer values in pcs resource config command - Updated bundled rubygems: ethon, json, rack-protection, sinatra - Resolves: rhbz#2151166 rhbz#2151511 [0.10.15-1] - Rebased to latest upstream sources (see CHANGELOG.md) - Updated Python bundled dependency dateutil - Resolves: rhbz#2112002 rhbz#2112263 rhbz#2112291 rhbz#2132582 [0.10.14-6] - Rebased to latest upstream sources (see CHANGELOG.md) - Updated rubygem bundled packages: mustermann, rack, rack-protection, rack-test, sinatra, tilt - Resolves: rhbz#1816852 rhbz#1918527 rhbz#2112267 rhbz#2112291 [0.10.14-4] - Fixed enable sbd from webui - Resolves: rhbz#2117650 [0.10.14-3] - Fixed pcs quorum device remove - Resolves: rhbz#2115326 [0.10.14-2] - Fixed booth ticket mode value case insensitive - Fixed booth sync check whether /etc/booth exists - Resolves: rhbz#1786964 rhbz#1791670 [0.10.14-1] - Rebased to latest upstream sources (see CHANGELOG.md) - Updated bundled rubygems: rack - Resolves: rhbz#2059500 rhbz#2096787 rhbz#2097383 rhbz#2097391 rhbz#2097392 rhbz#2097393 [0.10.13-1] - Rebased to latest upstream sources (see CHANGELOG.md) - Updated pcs-web-ui - Updated bundled rubygems: backports, daemons, ethon ffi, json, ruby2_keywords, thin - Resolves: rhbz#1730232 rhbz#1786964 rhbz#1791661 rhbz#1791670 rhbz#1874624 rhbz#1909904 rhbz#1950551 rhbz#1954099 rhbz#2019894 rhbz#2023845 rhbz#2059500 rhbz#2064805 rhbz#2068456 [0.10.12-7] - Updated bundled rubygems: sinatra, rack-protection - Resolves: rhbz#2081332 [0.10.12-6] - Fixed processing agents not conforming to OCF schema - Resolves: rhbz#2050274 [0.10.12-5] - Fixed snmp client - Resolves: rhbz#2047983 [0.10.12-4] - Fixed cluster destroy in web ui - Fixed covscan issue in web ui - Resolves: rhbz#1970508 [0.10.12-3] - Fixed 'pcs resource move --autodelete' command - Fixed removing of unavailable fence-scsi storage device - Fixed ocf validation of ocf linbit drdb agent - Fixed creating empty cib - Updated pcs-web-ui - Resolves: rhbz#1990784 rhbz#2022463 rhbz#2032997 rhbz#2036633 [0.10.12-2] - Fixed rsc update cmd when unable to get agent metadata - Fixed enabling corosync-qdevice - Resolves: rhbz#1384485 rhbz#2028902 [0.10.12-1] - Rebased to latest upstream sources (see CHANGELOG.md) - Updated pcs-web-ui - Resolves: rhbz#1552470 rhbz#1997011 rhbz#2017311 rhbz#2017312 rhbz#2024543 rhbz#2012128 [0.10.11-2] - Rebased to latest upstream sources (see CHANGELOG.md) - Removed 'export PYTHONCOERCECLOCALE=0' - Resolves: rhbz#1384485 rhbz#1936833 rhbz#1968088 rhbz#1990784 rhbz#2012128 [0.10.11-1] - Rebased to latest upstream sources (see CHANGELOG.md) - Updated pcs-web-ui - Enabled wui patching - Resolves: rhbz#1533090 rhbz#1970508 rhbz#1997011 rhbz#2003066 rhbz#2003068 rhbz#2012128 [0.10.10-2] - Fixed create resources with depth operation attribute - Resolves: rhbz#1998454 [0.10.10-1] - Rebased to latest upstream sources (see CHANGELOG.md) - Updated pcs-web-ui - Resolves: rhbz#1885293 rhbz#1847102 rhbz#1935594 [0.10.9-1] - Rebased to latest upstream sources (see CHANGELOG.md) - Resolves: rhbz#1432097 rhbz#1847102 rhbz#1935594 rhbz#1984901 [0.10.8-4] - Rebased to latest upstream sources (see CHANGELOG.md) - Resolves: rhbz#1759995 rhbz#1872378 rhbz#1935594 [0.10.8-3] - Rebased to latest upstream sources (see CHANGELOG.md) - Gating changes - Resolves: rhbz#1678273 rhbz#1690419 rhbz#1750240 rhbz#1759995 rhbz#1872378 rhbz#1909901 rhbz#1935594 [0.10.8-2] - Rebased to latest upstream sources (see CHANGELOG.md) - Updated pcs-web-ui - Resolves: rhbz#1285269 rhbz#1290830 rhbz#1720221 rhbz#1841019 rhbz#1854238 rhbz#1882291 rhbz#1885302 rhbz#1886342 rhbz#1896458 rhbz#1922996 rhbz#1927384 rhbz#1927394 rhbz#1930886 rhbz#1935594 [0.10.8-1] - Rebased to latest upstream sources (see CHANGELOG.md) - Updated pcs-web-ui - Updated python bundled dependencies: dacite, dataclasses - Resolves: rhbz#1457314 rhbz#1619818 rhbz#1667066 rhbz#1762816 rhbz#1794062 rhbz#1845470 rhbz#1856397 rhbz#1877762 rhbz#1917286 [0.10.7-3] - Rebased to latest upstream sources (see CHANGELOG.md) - Add BuildRequires: make - Resolves: rhbz#1667061 rhbz#1667066 rhbz#1774143 rhbz#1885658 [0.10.7-2] - Rebased to latest upstream sources (see CHANGELOG.md) - Changed BuildRequires from git to git-core - Resolves: rhbz#1869399 rhbz#1885658 rhbz#1896379 [0.10.7-1] - Rebased to latest upstream sources (see CHANGELOG.md) - Added python bundled dependency dateutil - Fixed virtual bundle provides for ember, handelbars, jquery and jquery-ui - Resolves: rhbz#1222691 rhbz#1741056 rhbz#1851335 rhbz#1862966 rhbz#1869399 rhbz#1873691 rhbz#1875301 rhbz#1883445 rhbz#1885658 rhbz#1885841 [0.10.6-4] - Fixed invalid CIB error caused by resource and operation defaults with mixed and-or rules - Updated pcs-web-ui - Resolves: rhbz#1867516 [0.10.6-3] - Added Upgrade CIB if user specifies on-fail=demote - Fixed rpmdiff issue with binary stripping checker - Fixed removing non-empty tag by removing tagged resource group or clone - Resolves: rhbz#1843079 rhbz#1857295 [0.10.6-2] - Added resource and operation defaults that apply to specific resource/operation types - Added Requires/BuildRequires: python3-pyparsing - Added Requires: logrotate - Fixed resource and stonith documentation - Fixed rubygem licenses - Fixed update_times() - Updated rubygem rack to version 2.2.3 - Removed BuildRequires execstack (it is not needed) - Resolves: rhbz#1805082 rhbz#1817547 [0.10.6-1] - Rebased to latest upstream sources (see CHANGELOG.md) - Added python bundled dependencies: dacite, dataclasses - Added new bundled rubygem ruby2_keywords - Updated rubygem bundled packages: backports, ethon, ffi, json, mustermann, rack, rack_protection, rack_test, sinatra, tilt - Updated pcs-web-ui - Updated test run, only tier0 tests are running during build - Removed BuildRequires needed for tier1 tests which were removed for build (pacemaker-cli, fence_agents-*, fence_virt, booth-site) - Resolves: rhbz#1387358 rhbz#1684676 rhbz#1722970 rhbz#1778672 rhbz#1782553 rhbz#1790460 rhbz#1805082 rhbz#1810017 rhbz#1817547 rhbz#1830552 rhbz#1832973 rhbz#1833114 rhbz#1833506 rhbz#1838853 rhbz#1839637 [0.10.4-6] - Fixed communication between python and ruby daemons - Resolves: rhbz#1783106 [0.10.4-5] - Fixed link to sbd man page from sbd enable doc - Fixed safe-disabling clones, groups, bundles - Fixed sinatra wrapper performance issue - Fixed detecting fence history support - Fixed cookie options - Updated hint for 'resource create ... master' - Updated gating tests execution, smoke tests run from upstream sources - Resolves: rhbz#1750427 rhbz#1781303 rhbz#1783106 rhbz#1793574 [0.10.4-4] - Fix testsuite for pacemaker-2.0.3-4 - Resolves: rhbz#1792946 [0.10.4-3] - Added basic resource views in new webUI MODERATE Copyright 2024 Oracle, Inc. CVE-2024-26141 CVE-2024-25126 CVE-2024-26146 cpe:/a:oracle:linux:8::addons Oracle Linux 8 osbuild [110-1] - New upstream release [109-1] - New upstream release [106-1] - New upstream release [105-1] - New upstream release [104-2] - Fix unit tests in RHEL CI by backporting upstream fixes [104-1] - New upstream release [101-1] - New upstream release [100-2] - Change unit-test timeout from 3h to 4h [100-1] - New upstream release [96-1] - New upstream release [95-1] - New upstream release [94-1] - New upstream release osbuild-composer [101-1] - New upstream release [100-1] - New upstream release [99-1] - New upstream release [98-1] - New upstream release [96-1] - New upstream release [95-1] - New upstream release [94-1] - New upstream release [93-1] - New upstream release [92-1] - New upstream release [91-1] - New upstream release [90-1] - New upstream release [89-1] - New upstream release MODERATE Copyright 2024 Oracle, Inc. CVE-2024-2307 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 8 hivex libguestfs [1.44.0-9.0.2] - libguestfs.spec: Add btrfs-progs RPM to appliance [Orabug: 35634755] [1.44.0-9.0.1] - Replace upstream references from description tag - Config supermin to use host yum.conf in ol8 [Orabug: 29319324] - Set DISTRO_ORACLE_LINUX correspeonding to ol [1:1.44.0-9] - Fix CVE-2022-2211 Denial of Service in --key parameter resolves: rhbz#2101280 [1:1.44.0-8] - Obsolete old libguestfs-benchmarking subpackage resolves: rhbz#2091597 [1:1.44.0-7] - Disable 5-level page tables when using -cpu max resolves: rhbz#2084566 related: rhbz#2075424 [1:1.44.0-6] - Backport support for -cpu max to allow RHEL 9 guests to be modified resolves: rhbz#2075424 [1:1.44.0-5] - Fix libguestfs failure with qemu 6.2, libvirt 7.10 resolves: rhbz#2035177 libguestfs-winsupport [8.10-1] - Rebase to ntfs-3g 2022.10.3 - Fixes: CVE-2022-40284 - resolves: rhbz#2236373 [8.8-1] - Rebase to ntfs-3g 2022.5.17 - Fixes: CVE-2021-46790, CVE-2022-30783, CVE-2022-30784, CVE-2022-30785, CVE-2022-30786, CVE-2022-30787, CVE-2022-30788, CVE-2022-30789 resolves: rhbz#2127240 rhbz#2127248 (also: 2127233 2127234 2127241 2127249 2127255 2127256 2127262 2127263) [8.6-1] - Rebase to ntfs-3g 2021.8.22 - Fixes: CVE-2021-33285, CVE-2021-33286, CVE-2021-33287, CVE-2021-33289, CVE-2021-35266, CVE-2021-35267, CVE-2021-35268, CVE-2021-35269, CVE-2021-39251, CVE-2021-39252, CVE-2021-39253, CVE-2021-39254 resolves: rhbz#2004490 [8.2-1.el8] - Resolves: bz#2000225 (Rebase virt:rhel module:stream based on AV-8.6) [8.2] - Resolves: bz#1810193 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release) [8.0-4] - Rebuild all virt packages to fix RHEL's upgrade path - Resolves: rhbz#1695587 (Ensure modular RPM upgrade path) [8.0-3] - Fix for CVE-2019-9755 (heap-based buffer overflow leads to local root privilege escalation) resolves: rhbz#1698503 [8.0-2] - Fix for ntfsclone crash (RHBZ#1601146). [8.0-1] - Rebase to 2017.3.23. - Remove patches which are now upstream. - Resynch with Fedora package. - Enable all architectures for RHEL 8. [7.2-2] - Fix for handling guest filenames with invalid or incomplete multibyte or wide characters resolves: rhbz#1301593 [7.2-1] - Rebase and rebuild for RHEL 7.2 resolves: rhbz#1240278 [7.1-6] - Bump version and rebuild. related: rhbz#1221583 [7.1-5] - Enable aarch64 architecture. resolves: rhbz#1221583 [7.1-4] - Enable debuginfo support and stripping. resolves: rhbz#1100319 [7.1-3] - Add patches from Fedora package which add fstrim support. resolves: rhbz#1100319 [7.1-2] - New package for RHEL 7.1 - Rebase to ntfs-3g 2014.2.15 resolves: rhbz#1100319 - Change the package so it works with supermin5. - Remove dependency on external FUSE. [7.0-2] - Resync against Rawhide package (ntfs-3g 2013.1.13). - Drop HAL file since HAL is dead. resolves: rhbz#819939 [7.0-1] - New package for RHEL 7 resolves: rhbz#819939 - Resync against Rawhide package. [1.0-7] - Disable debuginfo package. resolves: RHBZ#691555. [1.0-6] - Require libguestfs 1.7.17 (newer version in RHEL 6.1). - Require febootstrap-supermin-helper instead of febootstrap resolves: RHBZ#670299. [1.0-5] - Make sure intermediate lib* directories are created in hostfiles (RHBZ#603429) [1.0-4] - Requires fuse-libs (RHBZ#599300). [1.0-3] - ExclusiveArch x86_64. [1.0-2] - Package Windows support for libguestfs. libiscsi libnbd [1.6.0-5.el8] - Fix CVE-2022-0485: Fail nbdcopy if NBD read or write fails resolves: rhbz#2045718 [1.6.0-4.el8] - Resolves: bz#2000225 (Rebase virt:rhel module:stream based on AV-8.6) [1.2.2] - Resolves: bz#1844296 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release) [1.2.2-1] - New stable release 1.2.2. [1.2.1-1] - New stable release 1.2.1. [1.2.0-1] - New stable release 1.2.0. [1.0.3-1] - New upstream version 1.0.3. - Contains fix for remote code execution vulnerability. - Add new libnbd-security(3) man page. [1.0.2-1] - New upstream version 1.0.2. - Remove patches which are upstream. - Contains fix for NBD Protocol Downgrade Attack (CVE-2019-14842). - Fix previous commit message. [1.0.1-2] - Add upstream patch to fix nbdsh (for nbdkit tests). - Fix interop tests on slow machines. [1.0.1-1] - New stable version 1.0.1. [1.0.0-1] - New upstream version 1.0.0. [0.9.9-2] - Rebuilt for Python 3.8 [0.9.9-1] - New upstream version 0.9.9. [0.9.8-4] - Fix nbdkit dependencies so we're actually running the tests. - Add glib2-devel BR so we build the glib main loop example. - Add upstream patch to fix test error: nbd_connect_unix: getlogin: No such device or address - Fix test failure on 32 bit. [0.9.8-3] - Bump and rebuild to fix releng brokenness. https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/2LIDI33G3IEIPYSCCIP6WWKNHY7XZJGQ/ [0.9.8-2] - Rebuilt for Python 3.8 [0.9.8-1] - New upstream version 0.9.8. - Package the new nbd_*(3) man pages. [0.9.7-1] - New upstream version 0.9.7. - Add libnbd-ocaml(3) man page. [0.9.6-2] - Add all upstream patches since 0.9.6 was released. - Package the ocaml bindings into a subpackage. [0.9.6-1] - New upstream verison 0.9.6. [0.1.9-1] - New upstream version 0.1.9. [0.1.8-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild [0.1.8-1] - New upstream version 0.1.8. [0.1.7-1] - New upstream version 0.1.7. [0.1.6-1] - New upstream version 0.1.6. [0.1.5-1] - New upstream version 0.1.5. [0.1.4-1] - New upstream version 0.1.4. [0.1.2-2] - Enable libxml2 for NBD URI support. [0.1.2-1] - New upstream version 0.1.2. [0.1.1-1] - Fix license in man pages and examples. - Add nbdsh(1) man page. - Include the signature and keyring even if validation is disabled. - Update devel subpackage license. - Fix old FSF address in Python tests. - Filter Python provides. - Remove executable permission on the tar.gz.sig file. - Initial release. libtpms libvirt-dbus [1.3.0-2.el8] - Resolves: bz#2000225 (Rebase virt:rhel module:stream based on AV-8.6) [1.3.0] - Resolves: bz#1810193 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release) [1.2.0-3] - Rebuild all virt packages to fix RHEL's upgrade path - Resolves: rhbz#1695587 (Ensure modular RPM upgrade path) [1.2.0-2] - util: fix virtDBusUtilDecodeUUID (rhbz#1647823) [1.2.0-1] - Rebased to libvirt-dbus-1.2.0 (rhbz#1630196) [1.0.0-1] - Rebase from Fedora libvirt [8.0.0-23.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] - Add runtime deps for pkg librbd1 >= 1:10.2.5 (Keshav Sharma) [8.0.0-23] - virnuma: Avoid integer overflow in virNumaGetPages() (rhbz#RHEL-16749) libvirt-python nbdkit netcf perl-Sys-Virt qemu-kvm [6.2.0-49] - kvm-glib-compat-Introduce-g_memdup2-wrapper.patch [RHEL-19628] - kvm-ui-clipboard-mark-type-as-not-available-when-there-i.patch [RHEL-19628] - kvm-virtio-net-correctly-copy-vnet-header-when-flushing-.patch [RHEL-19496] - Resolves: RHEL-19628 (CVE-2023-6683 virt:rhel/qemu-kvm: QEMU: VNC: NULL pointer dereference in qemu_clipboard_request() [rhel-8]) - Resolves: RHEL-19496 (CVE-2023-6693 virt:rhel/qemu-kvm: QEMU: virtio-net: stack buffer overflow in virtio_net_flush_tx() [rhel-8]) [6.2.0-48] - kvm-iotests-add-filter_qmp_generated_node_ids.patch [RHEL-7353] - kvm-iotests-port-141-to-Python-for-reliable-QMP-testing.patch [RHEL-7353] - kvm-monitor-only-run-coroutine-commands-in-qemu_aio_cont.patch [RHEL-7353] - kvm-iotests-Make-144-deterministic-again.patch [RHEL-7353] - Resolves: RHEL-7353 ([qemu-kvm] no response with QMP command device_add when repeatedly hotplug/unplug virtio disks [RHEL-8]) [6.2.0-47] - kvm-s390x-pci-avoid-double-enable-disable-of-aif.patch [RHEL-22411] - kvm-s390x-pci-refresh-fh-before-disabling-aif.patch [RHEL-22411] - kvm-s390x-pci-drive-ISM-reset-from-subsystem-reset.patch [RHEL-22411] - Resolves: RHEL-22411 ([s390x] VM fails to start with ISM passed through) [6.2.0-46] - kvm-MAINTAINERS-split-out-s390x-sections.patch [RHEL-18214] - kvm-s390x-pv-remove-semicolon-from-macro-definition.patch [RHEL-18214] - kvm-hw-s390x-pv-Restrict-Protected-Virtualization-to-sys.patch [RHEL-18214] - kvm-hw-s390x-Move-KVM-specific-PV-from-hw-to-target-s390.patch [RHEL-18214] - kvm-target-s390x-kvm-pv-Provide-some-more-useful-informa.patch [RHEL-18214] - Resolves: RHEL-18214 ([RHEL8][Secure-execution][s390x] The error message is not clear when boot up a SE guest with wrong encryption) [6.2.0-45] - kvm-acpi-fix-acpi_index-migration.patch [RHEL-20189] - kvm-RHEL-Enable-x-not-migrate-acpi-index-for-all-pre-RHE.patch [RHEL-20189] - kvm-hw-arm-virt-Do-not-load-efi-virtio.rom-for-all-virti.patch [RHEL-14870] - Resolves: RHEL-20189 ([RHEL.8.10.0]Failed to migrate guest with pc (i440x) between RHELAV 8.4.0 and RHEL 8.10.0) - Resolves: RHEL-14870 ([rhel8]ipxe-roms-qemu does not provide efi-virtio.rom) [6.2.0-44] - kvm-hw-ide-reset-cancel-async-DMA-operation-before-reset.patch [RHEL-15437] - kvm-tests-qtest-ahci-test-add-test-exposing-reset-issue-.patch [RHEL-15437] - Resolves: RHEL-15437 (CVE-2023-5088 virt:rhel/qemu-kvm: QEMU: improper IDE controller reset can lead to MBR overwrite [rhel-8]) [6.2.0-43] - kvm-net-Provide-MemReentrancyGuard-to-qemu_new_nic.patch [RHEL-7309] - kvm-net-Update-MemReentrancyGuard-for-NIC.patch [RHEL-7309] - kvm-vhost-release-memory_listener-object-in-error-path.patch [RHEL-7567] - kvm-ui-fix-crash-when-there-are-no-active_console.patch [RHEL-2600] - Resolves: RHEL-7309 (CVE-2023-3019 virt:rhel/qemu-kvm: QEMU: e1000e: heap use-after-free in e1000e_write_packet_to_guest() [rhel-8]) - Resolves: RHEL-7567 ([RHEL8][clone]VM crash when guest running testpmd and delete created vhostuserclient port on host) - Resolves: RHEL-2600 (qemu core dump occurs when client connects to VNC server because qemu cmd only adds vnc but without graphics device) [6.2.0-42] - kvm-target-s390x-dump-Remove-unneeded-dump-info-function.patch [RHEL-16696] - kvm-dump-Add-arch-cleanup-function.patch [RHEL-16696] - kvm-target-s390x-arch_dump-Add-arch-cleanup-function-for.patch [RHEL-16696] - Resolves: RHEL-16696 (RHEL8 - KVM : Secure execution guest remains in 'paused' state, post 'virsh dump' failure (qemu-kvm)) [6.2.0-41] - kvm-s390x-ap-fix-missing-subsystem-reset-registration.patch [bz#2111390] - kvm-s390x-do-a-subsystem-reset-before-the-unprotect-on-r.patch [bz#2111390] - kvm-redhat-Update-linux-headers-for-kvm_s390_vm_cpu_uv_f.patch [bz#2111390] - kvm-target-s390x-kvm-Refactor-AP-functionalities.patch [bz#2111390] - kvm-target-s390x-AP-passthrough-for-PV-guests.patch [bz#2111390] - Resolves: bz#2111390 ([IBM 8.10 FEAT] KVM: Enable Secure Execution Crypto Passthrough - qemu part) seabios sgabios supermin [5.2.1-2.0.1.el8] - Rebuild [Orabug: 35720304] [5.2.1-2.el8] - Supermin should ignore +debug kernels resolves: rhbz#2051332 - Add copy-patches script. [5.2.1-1.el8] - Resolves: bz#2000225 (Rebase virt:rhel module:stream based on AV-8.6) [5.1.19] - Resolves: bz#1810193 (Upgrade components in virt:rhel module:stream for RHEL-8.3 release) [5.1.19-9] - Rebuild all virt packages to fix RHEL's upgrade path - Resolves: rhbz#1695587 (Ensure modular RPM upgrade path) [5.1.19-8] - Pass CFLAGS & LDFLAGS to final supermin link resolves: rhbz#1624175 [5.1.19-7] - Rebuild for OCaml 4.07.0. [5.1.19-6] - Drop dietlibc in RHEL 8 resolves: rhbz#1588067 [5.1.19-5] - Bump release and rebuild. [5.1.19-4] - Reenable hardened build [5.1.19-3] - Fix bytes/string problems. [5.1.19-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [5.1.19-1] - New upstream version 5.1.19. - Remove all patches, now upstream. [5.1.18-5] - Rebuilt for RPM soname bump [5.1.18-4] - Fix supermin crash with truncated vmlinuz file (RHBZ#1477758). - Include all upstream patches since 5.1.18. [5.1.18-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [5.1.18-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [5.1.18-1] - New upstream release 5.1.18. - Fixes problem with creating incorrect symlinks (RHBZ#1470157). [5.1.17-5] - Enable dietlibc on aarch64 and POWER. [5.1.17-4] - Drop dependency on hawkey and versioned dependencies on dnf. [5.1.17-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [5.1.17-2] - Rebuild for OCaml 4.04.0. [5.1.17-1] - New upstream release 5.1.17. - Check signature on the tarball before unpacking it. - Remove patches, all upstream. [5.1.16-6] - Switch to dietlibc on s390x [5.1.16-5] - Do not break the binary on interpreted builds (#1375213) [5.1.16-4] - Add all upstream patches since 5.1.16 was released. [5.1.16-3] - Add upstream patch for DAX / vNVDIMM support. [5.1.16-2] - New upstream version 5.1.16. - Drop all patches since they are upstream. - Depend on systemd-udev to work around RHBZ#1331012. [5.1.15-2] - Add all upstream patches since 5.1.15 was released. - These should improve boot performance and initrd size. [5.1.15-1] - New upstream version 5.1.15. - Remove all patches, since they are now included in this version. - Enable dietlibc, remove glibc-static, xz-static, zlib-static. [5.1.14-4] - Add more patches since 5.1.14. [5.1.14-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [5.1.14-2] - Add all patches since 5.1.14. [5.1.14-1] - New upstream version 5.1.14. - Remove all patches - now upstream. [5.1.13-4] - Pull in all upstream patches since 5.1.13. - Choose providers better (RHBZ#1266918). - Use autopatch. - Explicitly depend on pod2html. [5.1.13-3] - Bump version to rebuild against new RPM in Rawhide. [5.1.13-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [5.1.13-1] - New upstream version 5.1.13. - Remove patch, now upstream. [5.1.12-11] - Prefer 'dnf download' over 'yumdownloader' (again). - BR grubby for the tests to work. [5.1.12-9] - Revert back to yumdownloader (RHBZ#1186948). [5.1.12-8] - Prefer 'dnf download' over 'yumdownloader'. [5.1.12-7] - Disable hardened build again. See RHBZ#1202091 RHBZ#1204162. [5.1.12-6] - Enable hardening flags by building the static 'init' specially before the main build. - Use _smp_mflags. [5.1.12-4] - Add a -devel subpackage containing automated RPM dependency generator for supermin appliances. [5.1.12-2] - Disable hardened build as it breaks building the static 'init' binary. [5.1.12-1] - New upstream version 5.1.12. - Includes ARM fix: lpae kernels can now be booted (RHBZ#1199733). [5.1.11-2] - Rebuild for xz-5.2.0 in Rawhide (RHBZ#1179252). [5.1.11-1] - New upstream version 5.1.11. [5.1.10-2] - Update to upstream commit d78c898c7e2bc5f12cbebef98b95a7908d9120f1. - BR rpm-devel, since it is now used instead of invoking rpm. - BR automake and autoconf, and run autoreconf (configure.ac is modified by the patches). [5.1.10-1] - New upstream version 5.1.10. - Remove patch which is now included upstream. [5.1.9-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild [5.1.9-2] - Add upstream patch to avoid endless loop in Rawhide. [5.1.9-1] - New upstream version 5.1.9. - Remove patches which are now upstream. [5.1.8-9] - Add Requires findutils (RHBZ#1113029). [5.1.8-8] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [5.1.8-7] - Add patch to fix RPM handler when filenames may contain spaces. [5.1.8-4] - Skip execstack test on Fedora 20 (ARM only). [5.1.8-3] - BR xz-static & xz-devel packages, to support xz-compressed kernel modules. [5.1.8-1] - New upstream version 5.1.8. - Remove patches which are now upstream. [5.1.7-3] - Add upstream patch which removes need to run execstack (RHBZ#1093261). [5.1.7-2] - Add patch to fix quoting around mke2fs parameter (RHBZ#1084960). [5.1.7-1] - New upstream version 5.1.7. - Remove ppc64p7 patch which is now upstream. [5.1.6-5] - Requires tar, which is not installed in an @Core installation. [5.1.6-4] - Add upstream patch to fix supermin on ppc64p7. [5.1.6-3] - New upstream version 5.1.6. - Fix tests. [5.1.5-2] - Disable execstack on aarch64. It comes from prelink which does not exist on aarch64. [5.1.5-1] - New upstream version 5.1.5. [5.1.3-1] - New upstream version 5.1.3. [5.1.2-1] - New upstream version 5.1.2. - Fixes a serious bug in --build mode. [5.1.1-1] - New upstream version 5.1.1. - Remove patch which is now upstream. [5.1.0-3] - Add BR yum-utils (for yumdownloader). - Add upstream patch which stops duplicate packages appearing. [5.1.0-2] - New upstream version 5.1.0. - Note this is effectively a rewrite, and is not completely compatible. - There is no separate 'supermin-helper' subpackage any more. - Requires rpm instead of yum. [4.1.6-2] - New upstream version 4.1.6. - Should fix all autotools brokenness. - Man pages are now all in section 1. - Remove patch which is now upstream. - +BR /usr/bin/execstack (from prelink). [4.1.5-5] - Rerun autoreconf to fix autotools brokenness. [4.1.5-4] - Why was prelink required? Remove it. [4.1.5-3] - correct Obsoletes version for febootstrap and febootstrap-supermin-helper [4.1.5-2] - (For ARM) Don't crash if SUPERMIN_DTB is set and --dtb not specified. [4.1.5-1] - New upstream version 4.1.5. - Has (optionally) a new command line syntax. - Supports device trees for ARM. [4.1.4-1] - New upstream version 4.1.4. - Supports compressed cpio image files, experimentally. [4.1.3-1] - New upstream version 4.1.3. - Remove patch which is now upstream. - Add examples directory to documentation. [4.1.2-2] - Include upstream patch to get correct directory setgid/sticky bits in the appliance. [4.1.2-1] - New upstream version 4.1.2. - Remove patch which is now upstream. [4.1.1-2] - Add upstream patch to ignore ghost non-regular files. - This fixes builds on Fedora 20 because the filesystem package has been changed so /var/lock and /var/run are marked as ghost. [4.1.1-1] - New upstream version 4.1.1. - The program has been renamed 'supermin' from 'febootstrap'. - Obsolete, but don't Provide because supermin is not a compatible replacement. - Use '_isa' to specify architecture of supermin-helper subpackage. [1:3.21-2] - Add upstream patch to drop supplemental groups (RHBZ#902476). - Remove 'Group:' RPM headers which are no longer necessary. - Remove some commented-out requirements. [1:3.21-1] - New upstream version 3.21. [1:3.20-1] - New upstream version 3.20. [1:3.19-2] - Work around brokenness in yum (RHBZ#850913). - Remove defattr, no longer required. [1:3.19-1] - New upstream version 3.19. [3.18-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [3.18-1] - New upstream version 3.18. - This adds support for EPEL 5. [3.17-1] - New upstream version 3.17. [3.16-1] - New upstream version 3.16. [3.15-1] - New upstream version 3.15. - This version includes root=<device> support, needed for libguestfs with virtio-scsi. - Remove upstream patch. [3.14-6] - For RHEL 7 only, add ExclusiveArch x86-64. [3.14-5] - Bundled gnulib (RHBZ#821752). [3.14-4] - Add back explicit dependencies for external programs. [3.14-3] - Drop ExclusiveArch as it's supported on all primary & secondary arches - Cleanup spec and deps [3.14-2] - New upstream version 3.14. - Add upstream patch to fix RHBZ#808421. [3.13-4] - e2fsprogs moved /sbin/mke2fs to /usr/sbin (thanks Eric Sandeen). [3.13-2] - Missing BR zlib-static. [3.13-1] - New upstream version 3.13. - Remove upstream patch which is included in this version. [3.12-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [3.12-4] - Depend on latest e2fsprogs (RHBZ#771310). [3.12-2] - Include upstream patch to work around Python stupidity. [3.12-1] - New upstream version 3.12. - Remove upstream patch which is included in this version. [3.11-2] - Add upstream patch to fix febootstrap on non-Debian. [3.11-1] - New upstream version 3.11. [3.10-1] - New upstream version 3.10. [3.9-1] - New upstream version 3.9. [3.8-1] - New upstream version 3.8. [3.7-1] - New upstream version 3.7. [3.6-1] - New upstream version 3.6. - This version no longer needs external insmod.static. [3.5-1] - New upstream version 3.5. - Remove patch which is now upstream. [3.4-2] - Don't fail if objects are created in a symlinked dir (RHBZ#698089). [3.4-1] - New upstream version 3.4. - febootstrap-supermin-helper Obsoletes older versions of febootstrap. [3.3-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [3.3-4] - Split package into febootstrap (for building) and febootstrap-supermin-helper (for running). Note that febootstrap depends on febootstrap-supermin-helper, but you can install febootstrap-supermin-helper on its own. [3.3-3] - Clear executable stack flag on febootstrap-supermin-helper. [3.3-2] - add the ocaml's ExclusiveArch [3.3-1] - New upstream version 3.3. [3.2-1] - New upstream version 3.2. - Remove upstream patches. [3.1-5] - Previous fix for RHBZ#654638 didn't work, fix it correctly. [3.1-4] - Properly ignore .*.hmac files (accidental reopening of RHBZ#654638). [3.1-3] - Uses yumdownloader at runtime, so require yum-utils. [3.1-2] - New upstream version 3.1. - BR insmod.static. [3.0-2] - New upstream version 3.0 (note this is incompatible with 2.x). - Fix upstream URLs. - fakeroot, fakechroot no longer required. - insmod.static is required at runtime (missing dependency from earlier). - The only programs are 'febootstrap' and 'febootstrap-supermin-helper'. - BR ocaml, ocaml-findlib-devel. - No examples are provided with this version of febootstrap. [2.11-1] - New upstream version 2.11. - Fixes 'ext2fs_mkdir .. No free space in directory' bug which affects libguestfs on rawhide. [2.10-1] - New upstream version 2.10. - Adds -u and -g options to febootstrap-supermin-helper which are required by virt-v2v. [2.9-1] - New upstream version 2.9. - Fixes directory ordering problem in febootstrap-supermin-helper. [2.8-1] - New upstream version 2.8. [2.8-0.2] - New pre-release version of 2.8. + Note this is based on 2.7 + mailing list patches. - New BRs on mke2fs, libext2fs, glibc-static. [2.7-2] - New upstream version 2.7. - febootstrap-supermin-helper shell script rewritten in C for speed. - This package contains C code so it is no longer 'noarch'. - MAKEDEV isn't required. [2.6-1] - New upstream release 2.6. - Recheck package in rpmlint. [2.5-2] - New upstream release 2.5. - Remove BR upx (not needed by upstream). - Two more scripts / manpages. [2.4-1] - New upstream release 2.4. [2.3-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [2.3-1] - New upstream release 2.3. [2.2-1] - New upstream release 2.2. [2.0-1] - New upstream release 2.0. [1.9-1] - New upstream release 1.9. [1.8-1] - New upstream release 1.8. [1.7-1] - New upstream release 1.7. [1.5-3] - Configure script has (unnecessary) BuildRequires on fakeroot, fakechroot, yum. [1.5-2] - Initial build for Fedora. swtpm virt-v2v MODERATE Copyright 2024 Oracle, Inc. CVE-2023-5088 CVE-2023-3255 CVE-2023-6693 CVE-2023-6683 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [9.27-12] - fix to prevent divison by zero in devices - Resolves: rhbz#2235009 LOW Copyright 2024 Oracle, Inc. CVE-2020-21710 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [4.2.1-129] - bundled urllib3: fix CVE-2023-45803 Resolves: RHEL-18132 - bundled pycryptodome: fix CVE-2023-52323 Resolves: RHEL-20915 - bundled jinja2: fix CVE-2024-22195 Resolves: RHEL-22174 [4.2.1-127] - fence_scsi: fix registration handling if ISID conflicts Resolves: RHEL-5397 - fence_zvmip: document required user permissions in metadata/manpage Resolves: RHEL-14343 [4.2.1-125] - all agents: update metadata in non-I/O agents to Power or Network fencing Resolves: RHEL-14031 [4.2.1-123] - bundled urllib3: fix CVE-2023-43804 Resolves: RHEL-11988 [4.2.1-122] - bundled certifi: fix CVE-2023-37920 Resolves: RHEL-6972 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-22195 CVE-2023-45803 CVE-2023-52323 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::addons cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [1.6.8-8] - Backport fix for Xlib lockups due to recursive XError (RHEL-23452) [1.6.8-7] - Fix CVE-2023-43785: out-of-bounds memory access in _XkbReadKeySyms() - Fix CVE-2023-43786: stack exhaustion from infinite recursion in PutSubImage() - Fix CVE-2023-43787: integer overflow in XCreateImage() leading to a heap overflow MODERATE Copyright 2024 Oracle, Inc. CVE-2023-43787 CVE-2023-43786 CVE-2023-43785 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 Oracle Linux 8 [3.5.12-11] - Drop hardening patches from previous version to keep ABI compatibility [3.5.12-10] - CVE-2023-43786 libX11: stack exhaustion from infinite recursion in PutSubImage() - CVE-2023-43787 libX11: integer overflow in XCreateImage() leading to a heap overflow - CVE-2023-43788 libXpm: out of bounds read in XpmCreateXpmImageFromBuffer() - CVE-2023-43789 libXpm: out of bounds read on XPM with corrupted colormap MODERATE Copyright 2024 Oracle, Inc. CVE-2023-43788 CVE-2023-43789 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [21.01.0-11] - Fix crashes in FoFiType1C - Rebuild for inclusion of poppler-glib-doc in CRB - Resolves: RHEL-4255, RHEL-4273 [21.01.0-10] - Check XRef's Catalog for being a Dict - Resolves: #2189816 [20.11.0-9] - Check isDict before calling getDict 2 - Resolves: #2189837 [20.11.0-8] - Check isDict before calling getDict - Resolves: #2189823 [20.11.0-7] - Don't crash in broken documents - Resolves: #2189844 [20.11.0-6] - Check for overflow when computing number of symbols - in JBIG2 text region - Resolves: #2126361 [20.11.0-5] - Don't run out of file for Hints - Rebuild for #2096452 - Resolves: #2090969, #2096452 [20.11.0-4] - Fix opening files with streams with wrong generations - Resolves: #2002575 [20.11.0-3] - Fix crash when processing dates of embedded files - Resolves: #1981108 [20.11.0-2] - Improve python3 build dependency - Resolves: #1896335 [20.11.0-1] - Rebase poppler to 20.11.0 - Modify/remove patches as needed - Resolves: #1644423 [0.66.0-27] - Fix crash on broken file in tilingPatternFill() - Resolves: #1801341 [0.66.0-26] - Coverity scan related fixes - Related: #1618766 [0.66.0-25] - Check whether input is RGB in PSOutputDev::checkPageSlice() - also when using '-optimizecolorspace' flag - Resolves: #1697576 [0.66.0-24] - Check whether input is RGB in PSOutputDev::checkPageSlice() - Resolves: #1697576 [0.66.0-23] - Ignore dict Length if it is broken - Resolves: #1733027 [0.66.0-22] - Fail gracefully if not all components of JPEG2000Stream - have the same size - Resolves: #1723505 [0.66.0-21] - Implement crypto functions using NSS - Resolves: #1618766 [0.66.0-20] - Fix stack overflow on broken file - Resolves: #1691887 [0.66.0-19] - Constrain number of cycles in rescale filter - Compute correct coverage values for box filter - Resolves: #1688418 [0.66.0-18] - Fix possible crash on broken files in ImageStream::getLine() - Resolves: #1685268 [0.66.0-17] - Check Catalog from XRef for being a Dict - Resolves: #1677347 [0.66.0-16] - Move the fileSpec.dictLookup call inside fileSpec.isDict if - Resolves: #1677028 [0.66.0-15] - Do not try to construct invalid rich media annotation assets - Resolves: #1677025 [0.66.0-14] - Defend against requests for negative XRef indices - Resolves: #1673699 [0.66.0-13] - Do not try to parse into unallocated XRef entry - Resolves: #1677057 [0.66.0-12] - Avoid global display profile state becoming an uncontrolled - memory leak - Resolves: #1646552 [0.66.0-11] - Fix tiling patterns when pattern cell is too far - Resolves: #1644094 [0.66.0-10] - Check for valid file name of embedded file - Resolves: #1649453 [0.66.0-9] - Check for valid embedded file before trying to save it - Resolves: #1649443 [0.66.0-8] - Check for stream before calling stream methods - when saving an embedded file - Resolves: #1649438 [0.66.0-7] - Fix crash on missing embedded file - Resolves: #1649460 [0.66.0-6] - Avoid cycles in PDF parsing - Resolves: #1626623 [0.66.0-5] - Fix crash when accessing list of selections - Resolves: #1638712 [0.66.0-4] - Fix important issues found by covscan - Resolves: #1602662 [0.66.0-3] - Fix BuildRequires for /usr/bin/python3 - Resolves: #1615561 [0.66.0-2] - Fix crash when Object has negative number (CVE-2018-13988) - Resolves: #1607463 [0.66.0-1] - Rebase poppler to 0.66.0 - Resolves: #1600553 [0.62.0-4] - Drop reversion of removal of Qt4 frontend [0.62.0-3] - Fix infinite recursion (CVE-2017-18267) - Resolves: #1578779 [0.62.0-2] - Fix building of poppler with python3 only - Resolves: #1580849 [0.62.0-1] - new upstream release [0.61.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [0.61.1-1] - new upstream release [0.61.0-1] - new upstream release [0.60.1-2] - -qt5: drop hard-coded versioned dependency [0.60.0-1] - new upstream release [0.59.0-2] - Resolves: rhbz#1494583 CVE-2017-14520 [0.59.0-1] - new upstream release [0.57.0-1] - new upstream release [0.56.0-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [0.56.0-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [0.56.0-2] - Resolves: rhbz#1459067 CVE-2017-7515 CVE-2017-9775 CVE-2017-9776 CVE-2017-9865 [0.56.0-1] - new upstream release [0.55.0-2] - Resolves: rhbz#1456828 CVE-2017-7511 Null pointer deference [0.55.0-1] - new upstream release [0.53.0-1] - new upstream release [0.52.0-1] - new upstream release [0.51.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [0.51.0-1] - new upstream release [0.50.0-1] - new upstream release [0.49.0-1] - new upstream release [0.48.0-1] - Update to 0.48.0 - Resolves: #1359555 [0.45.0-2] - Don't crash when calling cmsGetColorSpace() - Resolves: #1363669 [0.45.0-1] - Update to 0.45.0 - Resolves: #1338421 [0.43.0-2] - Restore the current position of char also in output device - Related: #1352717 [0.43.0-1] - Update to 0.43.0 - Resolves: #1318462 [0.41.0-1] - Update to 0.41.0 - Resolves: #1309145 [0.40.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [0.40.0-1] - Update to 0.40.0 - Resolves: #1251781 [0.34.0-1] - Update to 0.34.0 - Resolves: #1241305 [0.33.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [0.33.0-1] - Update to 0.33.0 - Resolves: #1190427 [0.30.0-5] - Rebuilt for GCC 5 C++11 ABI change [0.30.0-4] - Respect orientation when selecting words - Resolves: #1185007 [0.30.0-3] - Rebuilt for Fedora 23 Change https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code [0.30.0-2] - Use libopenjpeg2 instead of libopenjpeg [0.30.0-1] - Update to 0.30.0 - Resolves: #1171056 [0.28.1-3] - Revert previous commit (It needs poppler-0.30.0) [0.28.1-2] - Use libopenjpeg2 instead of libopenjpeg [0.28.1-1] - Update to 0.28.1 - Resolves: #1147443 [0.26.4-1] - Update to 0.26.4 [0.26.3-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild [0.26.3-1] - Update to 0.26.3 [0.26.2-2] - Rebuilt for gobject-introspection 1.41.4 [0.26.2-1] - Update to 0.26.2 [0.26.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [0.26.0-1] - Update to 0.26.0 [0.24.3-3] - Use correct format string - Resolves: #1048202 [0.24.3-2] - rebuild (qt5 qreal/arm) [0.24.3-1] - Update to 0.24.3 - Resolves: #1023712 [0.24.2-4] - fix mocversiongrep configure checks (so Qt 5.2 works) - %configure --disable-silent-rules [0.24.2-3] - undo ExcludeArch: ppc ppc64 (qt5-qtbase-5.1.1-6+ fixed) [0.24.2-2] - -qt5: ExcludeArch: ppc ppc64 (f20, hopefully temporary) [0.24.2-1] - Update to 0.24.2 [0.24.1-2] - Don't convert pdftohtml.1 to UTF-8, it is already UTF-8 [0.24.1-1] - Update to 0.24.1 [0.24.0-2] - Fix Qt5 requirements [0.24.0-1] - Update to 0.24.0 [0.22.5-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild [0.22.5-1] - Update to 0.22.5 [0.22.1-5] - Switch from LCMS to LCMS2 - Resolves: #975465 [0.22.1-4] - Fix changelog dates [0.22.1-3] - Enable generating of TIFF files by pdftoppm [0.22.1-2] - Fix man pages of pdftops and pdfseparate [0.22.1-1] - Update to 0.22.1 [0.22.0-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild [0.22.0-2] - -demos: omit extraneous (and broken) dep [0.22.0-1] - Update to 0.22.0 [0.20.2-9] - Move poppler-glib-demo to new sub-package demos - Resolves: #872338 [0.20.2-8] - Add references to corresponding bugs for poppler-0.20.3-5.patch [0.20.2-7] - Add missing hunk to patch poppler-0.20.3-5.patch [0.20.2-6] - Backport most of the changes from poppler-0.20.3 - poppler-0.20.5 - (those which doesn't change API or ABI and are important) - See poppler-0.20.3-5.patch for detailed list of included commits [0.20.2-5] - Remove unused patch [0.20.2-4] - Update License field [0.20.2-3] - Fix conversion to ps when having multiple strips [0.20.2-2] - Make sure xScale and yScale are always initialized - Resolves: #840515 [0.20.2-1] - Update to 0.20.2 [0.20.1-3] - Try empty string instead of NULL as password if needed - Resolves: #845578 [0.20.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [0.20.1-1] - Update to 0.20.1 * Mon Jun 25 2012 Nils Philippsen <nils@redhat.com> - license is 'GPLv2 or GPLv3' from poppler-0.20.0 on (based off xpdf-3.03) [0.20.0-1] - Update to 0.20.0 [0.18.4-3] - Backport of a patch which sets mask matrix before drawing an image with a mask - Resolves: #817378 [0.18.4-2] - Rebuilt for c++ ABI breakage [0.18.4-1] - 0.18.4 [0.18.3-3] - rebuild (openjpeg) [0.18.3-2] - -devel: don't own all headers [0.18.3-1] - 0.18.3 [0.18.2-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [0.18.2-1] - Update to 0.18.2 - Remove upstreamed patches [0.18.1-3] - Rebuild for new libpng [0.18.1-2] - poppler-glib.pc pkgconfig file broken (#749898) - %check: verify pkgconfig sanity [0.18.1-1] - Update to 0.18.1 - pkgconfig-style deps - tighten deps with %_isa [0.18.0-2] - rebuild [0.18.0-1] - Update to 0.18.0 [0.17.3-2] - Don't include pdfextract and pdfmerge in resulting packages for now - since they conflict with packages pdfmerge and mupdf (#740906) [0.17.3-1] - Update to 0.17.3 [0.17.0-2] - Fix a problem with freeing of memory in PreScanOutputDev (#730941) [0.17.0-1] - Update to 0.17.0 [0.16.7-1] - 0.16.7 [0.16.6-2] - Drop dependency on gtk-doc (#604412) [0.16.6-1] - Update to 0.16.6 [0.16.5-1] - Update to 0.16.5 [0.16.4-1] - Update to 0.16.4 [0.16.3-2] - Update to 0.16.3 [0.16.3-1] - Update to 0.16.3 [0.16.2-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [0.16.2-1] - Update to 0.16.2 [0.16.0-3] - drop qt3 bindings - rename -qt4 -> -qt [0.16.0-2] - rebuild (openjpeg) [0.16.0-1] - 0.16.0 [0.15.3-1] - Update to 0.15.3 [0.15.1-1] - Update to 0.15.1 - Remove CVE-2010-3702, 3703 and 3704 patches (they are already in 0.15.1) [0.15.0-5] - Add poppler-0.15.0-CVE-2010-3702.patch (Properly initialize parser) - Add poppler-0.15.0-CVE-2010-3703.patch (Properly initialize stack) - Add poppler-0.15.0-CVE-2010-3704.patch (Fix crash in broken pdf (code < 0)) - Resolves: #639861 * Wed Sep 29 2010 jkeating - 0.15.0-4 - Rebuilt for gcc bug 634757 [0.15.0-3] - Remove explicit requirement of gobject-introspection [0.15.0-2] - Move requirement of gobject-introspection to glib sub-package [0.15.0-1] - Update to 0.15.0 - Enable introspection [0.14.3-1] - Update to 0.14.3 [0.14.2-1] - Update to 0.14.2 - Remove poppler-0.12.1-objstream.patch [0.14.1-1] - Update to 0.14.1 - Don't apply poppler-0.12.1-objstream.patch, it is not needed anymore [0.14.0-1] - Update to 0.14.0 [0.13.4-1] - poppler-0.13.4 [0.13.3-2] - Update 'sources' file - Add BuildRequires 'gettext-devel' [0.13.3-1] - poppler-0.13.3 [0.12.4-2] - Fix showing of radio buttons (#480868) [0.12.4-1] - popper-0.12.4 [0.12.3-9] - Fix downscaling of rotated pages (#563353) [0.12.3-8] - Get current FcConfig before using it (#533992) [0.12.3-7] - use alternative/upstream downscale patch (#556549, fdo#5589) [0.12.3-6] - Add dependency on poppler-data (#553991) [0.12.3-5] - cairo backend, scale images correctly (#556549, fdo#5589) [0.12.3-4] - Sanitize versioned Obsoletes/Provides [0.12.3-3] - Correct permissions of goo/GooTimer.h - Convert pdftohtml.1 to utf8 - Make the pdftohtml's Provides/Obsoletes versioned [0.12.3-1] - poppler-0.12.3 [0.12.2-1] - poppler-0.12.2 [0.12.1-3] - CVE-2009-3607 poppler: create_surface_from_thumbnail_data integer overflow (#526924) [0.12.1-1] - poppler-0.12.1 - deprecate xpdf/pdftohtml Conflicts/Obsoletes [0.12.0-1] - Update to 0.12.0 [0.11.3-1] - Update to 0.11.3 [0.11.2-1] - Update to 0.11.2 [0.11.1-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [0.11.1-2] - omit poppler-data (#507675) [0.11.1-1] - poppler-0.11.1 [0.11.0-6] - reduce lib deps in qt/qt4 pkg-config support [0.11.0-5] - --enable-libjpeg - (explicitly) --disable-zlib [0.11.0-3] - --enable-libopenjpeg, --disable-zlib [0.11.0-2] - update changelog - track sonames [0.11.0-1] - Update to 0.11.0 [0.10.5-1] - Update to 0.10.5 [0.10.4-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild [0.10.4-1] - Update to 0.10.4 [0.10.3-2] - add needed scriptlets - nuke rpaths [0.10.3-1] - Update to 0.10.3 [0.10.2-1] - Update to 0.10.2 [0.10.1-1] - Update to 0.10.1 and -data 0.2.1 [0.8.7-2] - cleanup qt3 hack - %description cosmetics [0.8.7-1] - Update to 0.8.7 [0.8.6-1] - Update to 0.8.6 [0.8.5-1] - Update to 0.8.5 [0.8.3-1] - Update to 0.8.3 [0.8.1-1] - Update to 0.8.1 [0.8.0-3] - poppler-0.8.0-ocg-crash.patch: Fix a crash when no optional content groups are defined. - Mangle configure to account for the new directory for qt3 libs. - Fix grammar in %description. [0.8.0-2] - -qt-devel: Requires: qt3-devel [0.8.0-1] - Update to 0.8.0 [0.7.3-1] - Update to 0.7.3 [0.7.2-1] - Update to 0.7.2 [0.7.1-1] - Update to 0.7.1 [0.7.0-1] - Update to 0.7.0 [0.6.4-4] - Autorebuild for GCC 4.3 [0.6.4-3] - apply ObjStream patch (#433090) [0.6.4-2] - Add some required inter-subpackge deps [0.6.4-1] - Update to 0.6.4 - Split off poppler-glib [0.6.2-3] - Fix the qt3 checks some more [0.6.2-2] - package xpdf headers in poppler-devel (Jindrich Novy) - Fix qt3 detection (Denis Leroy) [0.6.2-1] - Update to 0.6.2 [0.6-2] - include qt4 wrapper [0.6-1] - Update to 0.6 [0.5.91-2] - Remove debug spew [0.5.91-1] - Update to 0.5.91 [0.5.9-2] - Update the license field [0.5.9-1] - Update to 0.5.9 [0.5.4-7] - fix it so the qt pkgconfig/.so aren't in the main poppler-devel [0.5.4-5] - Include epoch in the Provides/Obsoletes for xpdf-utils [0.5.4-4] - Add Provides/Obsoletes for xpdf-utils (#219033) [0.5.4-3] - drop hard-wired: Req: gtk2 - --disable-static - enable qt wrapper - -devel: Requires: pkgconfig [0.5.4-2] - rebuilt for unwind info generation, broken in gcc-4.1.1-21 [0.5.4-1.fc6] - Rebase to 0.5.4, drop poppler-0.5.3-libs.patch, fixes #205813, [0.5.3-3.fc6] - Move .so to -devel (#203637). [0.5.3-2.fc6] - link against fontconfig (see bug 202256) [0.5.3-1.1] - rebuild [0.5.3-1] - Update to 0.5.3. [0.5.2-1] - Update to 0.5.2. [0.5.1-2] - Rebuild the get rid of old soname dependency. [0.5.1-1] - Update to version 0.5.1. [0.5.0-4.2] - bump again for double-long bug on ppc(64) [0.5.0-4.1] - rebuilt for new gcc4.1 snapshot and glibc changes [0.5.0-4] - change xpdf conflict version to be <= instead of < [0.5.0-3] - update conflicts: xpdf line to be versioned [0.5.0-2.0] - Update to 0.5.0 and add poppler-utils subpackage. - Flesh out poppler-utils subpackage. * Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com> - rebuilt [0.4.2-1] - Update to 0.4.2 and disable splash backend so we don't build it. [0.4.1-2] - Rebuild [0.4.1-1] - Update to 0.4.1 [0.4.0-2] - Bump release and rebuild. [0.4.0-1] - Update to 0.4.0 [0.3.3-2] - Rebuild to pick up new cairo soname. [0.3.3-1] - Update to 0.3.3 and change to build cairo backend. [0.3.2-1] - Update to 0.3.2 [0.3.1] - Update to 0.3.1 [0.3.0] - Update to 0.3.0 * Wed Apr 13 2005 Florian La Roche <laroche@redhat.com> - remove empty post/postun scripts [0.2.0-1] - Update to 0.2.0 [0.1.2-1] - Update to 0.1.2 - Use tar.gz because there are not bz of poppler [0.1.1-1] - Initial build MODERATE Copyright 2024 Oracle, Inc. CVE-2020-36024 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [1.7.5-4] - Resolves:RHEL-8400 allows attackers to trigger O(n^2) growth via consecutive marks MODERATE Copyright 2024 Oracle, Inc. CVE-2023-25193 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 Oracle Linux 8 [7.5.1-22.0.1] - Fix POSTIN scriptlet [Orabug: 34712485] - Resolves: RHEL-15916 - Flowspec overflow in bgpd/bgp_flowspec.c - Resolves: RHEL-15919 - Out of bounds read in bgpd/bgp_label.c - Resolves: RHEL-15869 - crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message - Resolves: RHEL-15868 - crash from malformed EOR-containing BGP UPDATE message [7.5.1-22] - Resolves: RHEL-22303 - Zebra not fetching host routes [7.5.1-21] - Resolves: RHEL-2216 - NULL pointer dereference [7.5.1-20] - Resolves: RHEL-4797 - missing length check in bgp_attr_psid_sub() can lead do DoS [7.5.1-19] - Resolves: RHEL-14824 - crafted BGP UPDATE message leading to a crash [7.5.1-18] - Resolves: RHEL-14821 - mishandled malformed data leading to a crash [7.5.1-17] - Resolves: RHEL-6583 - Routes are not refreshed after changing the inbound route rules from deny to permit [7.5.1-16] - Resolves: RHEL-15916 - Flowspec overflow in bgpd/bgp_flowspec.c - Resolves: RHEL-15919 - Out of bounds read in bgpd/bgp_label.c - Resolves: RHEL-15869 - crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message - Resolves: RHEL-15868 - crash from malformed EOR-containing BGP UPDATE message [7.5.1-15] - Resolves: RHEL-12039 - crash in plist update [7.5.1-14] - Resolves: RHEL-6617 - Incorrect handling of a error in parsing of an invalid section of a BGP update can de-peer a router MODERATE Copyright 2024 Oracle, Inc. CVE-2023-46752 CVE-2023-41909 CVE-2023-41358 CVE-2023-31490 CVE-2023-46753 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [2.42.5-1] - Update to 2.42.5 Resolves: RHEL-3961 [2.42.4-1] - Update to 2.42.4 Resolves: RHEL-3961 Resolves: RHEL-19365 [2.42.3-1] - Update to 2.42.3 Resolves: RHEL-3961 [2.42.2-1] - Update to 2.42.2 Resolves: RHEL-3961 [2.42.1-1] - Update to 2.42.1 Resolves: RHEL-3961 [2.42.0-1] - Upgrade to 2.42.0 Resolves: RHEL-3961 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-23206 CVE-2023-32359 CVE-2023-42890 CVE-2023-42883 CVE-2023-39928 CVE-2023-41983 CVE-2014-1745 CVE-2023-40414 CVE-2023-42852 CVE-2024-23213 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 8 mod_wsgi [4.7.1-7] - Bump release for rebuild Resolves: rhbz#2213595 [4.7.1-6] - Remove rpath Resolves: rhbz#2213837 [4.7.1-5] - Core dumped upon file upload >= 1GB Resolves: rhbz#2125172 [4.7.1-4] - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz#1877430 [4.7.1-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [4.7.1-2] - Rebuilt for Python 3.9 [4.7.1-1] - update to 4.7.1 (#1721376) [4.6.8-3] - Use make_build macro instead of just make - https://docs.fedoraproject.org/en-US/packaging-guidelines/#_parallel_make [4.6.8-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild [4.6.8-1] - update to 4.6.8 (#1721376) [4.6.6-6] - try again to drop Python 2 [4.6.6-5] - drop python2 build [4.6.6-4] - Rebuilt for Python 3.8.0rc1 (#1748018) [4.6.6-3] - Rebuilt for Python 3.8 [4.6.6-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild [4.6.6-1] - update to 4.6.6 (rhbz#1718151) [4.6.5-1] - update to 4.6.5 [4.6.4-4] - only build docs with Python 3 - fix build on Fedora>30 and RHEL 7 [4.6.4-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild [4.6.4-2] - Run Python 3 build in a subdir, so module isn't linked against both libpython 2 and libpython 3 (rhbz#1609491) [4.6.4-1] - update to 4.6.4 (rhbz#1560329) [4.6.2-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild [4.6.2-4] - Rebuilt for Python 3.7 [4.6.2-3] - use sphinx-build-3 if python2 support is disabled [4.6.2-2] - Update conditionals. - Make preperations for non-python2 builds [4.6.2-1] - update to 4.6.2 (rhbz#1514768) - add gcc BR [4.5.20-4] - restrict module DSO symbol exports [4.5.20-3] - Update Python 2 dependency declarations to new packaging standards (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) [4.5.20-2] - Python 2 binary package renamed to python2-mod_wsgi See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3 [4.5.20-1] - update to 4.5.20 [4.5.15-5] - include mod_wsgi Python package and mod_wsgi-express script [4.5.15-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [4.5.15-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [4.5.15-2] - Rebuild due to bug in RPM (RHBZ #1468476) [4.5.15-1] - update to 4.5.15 (#1431893) [4.5.13-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [4.5.13-1] - Update to 4.5.13 [4.5.9-2] - Rebuild for Python 3.6 [4.5.9-1] - upgrade to 4.5.9 (rhbz#1180445) [4.4.8-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [4.4.8-3] - Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5 [4.4.8-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [4.4.8-1] - Upstream to 4.4.8. - This version includes the fix for the segfault described in RHBZ#1178851. [4.4.3-1] - update to new upstream version 4.4.3 (#1176914) [4.4.1-1] - update to new upstream version 4.4.1 (#1170994) [4.3.2-1] - update to new upstream version 4.3.2 (#1104526) [3.5-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild [3.5-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [3.5-1] - Update to 3.5 to fix CVE-2014-0240 (#1101863) - Remove all of the patches, which have been applied upstream - Update source URL for new the GitHub upstream [3.4-14] - rebuild for Python 3.4 [3.4.13] - do not use conflicts between mod_wsgi packages (rhbz#1087943) [3.4-12] - fix _httpd_mmn expansion in absence of httpd-devel [3.4-11] - added python3 subpackage (thanks to Jakub Dornak), rhbz#1035876 [3.4-10] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild [3.4-9] - modernize spec file (thanks to rcollet) [3.4-8] - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild [3.4-7] - compile with -fno-strict-aliasing to workaround Python bug http://www.python.org/dev/peps/pep-3123/ [3.4-6] - use _httpd_moddir macro [3.4-5] - spec file cleanups [3.4-4] - enable PR_SET_DUMPABLE in daemon process to enable core dumps [3.4-3] - use a NULL c->sbh pointer with httpd 2.4 (possible fix for #867276) - add logging for unexpected daemon process loss [3.4-2] - also use RPM_LD_FLAGS for build bz. #867137 [3.4-1] - update to upstream release 3.4 [3.3-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [3.3-6] - add possible fix for daemon mode crash (#831701) [3.3-5] - move wsgi.conf to conf.modules.d [3.3-4] - rebuild for httpd 2.4 [3.3-3] - prepare for httpd 2.4.x [3.3-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [3.3-1] - update to 3.3 [3.2-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [3.2-2] - Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild [3.2-1] - update to 3.2 [3.1-2] - removed conflicts as it violates fedora packaging policy [3.1-1] - update to 3.1 - add explicit enable-shared - add conflicts mod_python < 3.3.1 [2.5-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [2.5-1] - Update to 2.5 [2.3-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild [2.3-2] - Rebuild for Python 2.6 [2.3-1] - Update to 2.3 [2.1-2] - Remove requires on httpd-devel [2.1-1] - Update to 2.1 [1.3-4] - Build against the shared python lib. [1.3-3] - Autorebuild for GCC 4.3 [1.3-2] - Require httpd [1.3-1] - Update to 1.3 [1.0-1] - Initial packaging for Fedora numpy [1.19.4-3] - Adjusted the postun scriptlets to enable upgrading to RHEL 9 - Resolves: rhbz#1933055 [1.19.4-2] - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz#1877430 [1:1.19.4-1] - 1.19.4 [1:1.19.3-1] - 1.19.3 [1:1.19.2-2] - Make test suite work in FIPS (140-2) Mode [1:1.19.2-1] - 1.19.2 [1:1.19.1-3] - https://fedoraproject.org/wiki/Changes/FlexiBLAS_as_BLAS/LAPACK_manager [1:1.19.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [1:1.19.1-1] - 1.19.1 [1:1.19.0-2] - Assume old-style numpy provides from python2-numpy [1:1.19.0-1] - 1.19.0 final. [1:1.19.0-0.rc2] - 1.19.0 rc2 [1:1.18.4-3] - Rebuilt for Python 3.9 [1:1.18.4-2] - Own __pycache__ dir, 1833392 [1:1.18.4-1] - 1.18.4 [1:1.18.3-1] - 1.18.3 [1:1.18.2-1] - 1.18.2 [1:1.18.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild [1:1.18.1-1] - 1.18.1 [1:1.18.0-1] - 1.18.0 [1:1.17.4-2] - Backport patch for s390x failures - Enable non-broken tests on ppc64le [1:1.17.4-1] - 1.17.4 [1:1.17.3-1] - 1.17.3 [1:1.17.2-1] - 1.17.2 [1:1.17.1-1] - 1.17.1 [1:1.17.0-3] - Rebuilt for Python 3.8 [1:1.17.0-2] - Reintroduce libnpymath.a (#1735674) [1:1.17.0-1] - 1.17.0, split out Python 2. [1:1.16.4-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild [1:1.16.4-2] - Avoid hardcoding /usr prefix [1:1.16.4-1] - 1.16.4 [1:1.16.3-2] - Build only with openblasp (bugz#1709161) [1:1.16.3-1] - 1.16.3. [1:1.16.2-1] - 1.16.2. [1:1.16.1-1] - 1.16.1. [1:1.16.0-1] - 1.16.0. [1:1.15.1-2] - Switch to pytest for running tests during check - Stop ignoring failures when running tests - Set PATH in check so that f2py tests work - Update docs to match release - Remove outdated workaround from rhbz#849713 [1:1.15.1-1] - Update to latest version [1:1.15.0-2] - Fix broken build on s390x - Remove bytecode produced by pytest - Re-enable tests on s390x [1:1.15.0-1] - 1.15.0 [1:1.14.5-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild [1:1.14.5-2] - Rebuilt for Python 3.7 [1:1.14.5-1] - 1.14.5 [1:1.14.3-1] - 1.14.3 [1:1.14.2-1] - 1.14.2 [1:1.14.1-1] - 1.14.1 [1:1.14.0-0.rc1.1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [1:1.14.0-0.rc1] - 1.14.0 rc1 [1:1.13.3-5] - Fix ambiguous Python 2 dependency declarations (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) [1:1.13.3-4] - Split out doc subpackage. [1:1.13.3-3] - Cleanup spec file conditionals [1:1.13.3-2] - set proper environment variables for openblas [1:1.13.3-1] - 1.13.3 [1:1.13.2-1] - 1.13.2 [1:1.13.1-4] - Use openblas where available, BZ 1472318. [1:1.13.1-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [1:1.13.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [1:1.13.1-1] - 1.13.1 final [1:1.13.0-1] - 1.13.0 final [1:1.13.0-0.rc2] - 1.13.0 rc2 [1:1.13.0-0.rc1] - 1.13.0 rc1 [1:1.12.1-1] - 1.12.1 [1:1.12.0-1] - Update to 1.12.0, build with gcc 7.0. [1:1.11.2-2] - Rebuild for Python 3.6 [1:1.11.2-1] - Update to 1.11.2 final [1:1.11.2-0.rc1] - Update to 1.11.2rc1, BZ 1340440. [1:1.11.1-2] - https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages [1:1.11.1-1] - Update to 1.11.1 final [1:1.11.1-0.rc1] - Update to 1.11.1rc1, BZ 1340440. [1:1.11.0-4] - Update to 1.11.0 final [1:1.11.0-3.rc2] - Update to 1.11.0rc2 [1:1.11.0-2.b3] - Bump Release. 1b2 is higher than 0b3 [1:1.11.0-0.b3] - Update to 1.11.0b2, BZ 1306249. [1:1.11.0-1b2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [1:1.11.0-0.b2] - Update to 1.11.0b2, BZ 1303387. [1:1.11.0-020161016.cc2b04git] - Update to git snapshot (due to build issue) after 1.11.0b1, BZ 1301943. [1:1.10.4-1] - Update to 1.10.4, BZ 1296509. [1:1.10.2-1] - Update to 1.10.2, BZ 1291674. [1:1.10.2-0.2.rc2] - Update to 1.10.2rc1, BZ 1289550. [1:1.10.2-0.1.rc1] - Update to 1.10.2rc1 - Drop opt-flags patch applied upstream [1:1.10.1-6] - Add provides to satisfy numpy%{_isa} requires in other packages [1:1.10.1-5] - Re-add provides f2py [1:1.10.1-4] - Fix obsoletes / provides for numpy -> python2-numpy rename [1:1.10.1-3] - Remove fortran flags or arm would build with -march=x86-64 [1:1.10.1-2] - Provide python2-* packages - Run tests with verbose=2 [1:1.10.1-1] - Update to 1.10.1, BZ 1271022. [1:1.10.0-2] - Rebuilt for Python3.5 rebuild [1:1.10.0-1] - Update to 1.10.0 final. [1:1.10.0-0.b1] - Update to 1.10.0b1, BZ 1252641. [1:1.9.2-3] - Add python2-numpy provides (bug #1249423) - Spec cleanup [1:1.9.2-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [1:1.9.2-1] - Update to 1.9.2 [1:1.9.1-2] - Add upstream patch to fix xerbla linkage (bug #1172834) [1:1.9.1-1] - Update to 1.9.1, BZ 1160273. [1:1.9.0-1] - Update to 1.9.0 [1:1.9.0-0.1.rc1] - Update to 1.9.0rc1 [1:1.8.2-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild [1:1.8.2-1] - Update to 1.8.2 [1:1.8.1-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [1:1.8.1-3] - Rebuild for Python 3.4 [1:1.8.1-2] - Fixing FTBFS on ppc64le (#1078354) [1:1.8.1-1] - Update to 1.8.1 [1:1.8.0-5] - Fix __pycache__ ownership (bug #1072467) [1:1.8.0-4] - Fix CVE-2014-1858, CVE-2014-1859: #1062009, #1062359 [1:1.8.0-3] - Ship doc module (bug #1034357) [1:1.8.0-2] - Move f2py documentation to f2py package (bug #1027394) [1:1.8.0-1] - Update to 1.8.0 final [1:1.8.0-0.7.rc2] - Update to 1.8.0rc2 - Create clean site.cfg - Use serial atlas [1:1.8.0-0.6.b2] - Add [atlas] to site.cfg for new atlas library names [1:1.8.0-0.5.b2] - Update site.cfg for new atlas library names [1:1.8.0-0.4.b2] - rebuild for atlas 3.10 [1:1.8.0-0.3.b2] - Fix libdir path in site.cfg, BZ 1006242. [1:1.8.0-0.2.b2] - Update to 1.8.0b2 [1:1.8.0-0.1.b1] - Update to 1.8.0b1 - Drop f2py patch applied upstream [1:1.7.1-5] - URL Fix, BZ 1001337 [1:1.7.1-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild [1:1.7.1-3] - Fix rpmlint warnings - Update License - Apply patch: change shebang of f2py to use binary directly [1:1.7.1-2] - Specfile cleanup (bug #969854) [1:1.7.1-1] - Update to 1.7.1 [1:1.7.0-1] - Update to 1.7.0 final [1:1.7.0-0.5.rc1] - Update to 1.7.0rc1 [1:1.7.0-0.4.b2] - Update to 1.7.0b2 - Drop patches applied upstream [1:1.7.0-0.3.b1] - Add patch from github pull 371 to fix python 3.3 pickle issue - Remove cython .c source regeneration - fails now [1:1.7.0-0.2.b1] - add workaround for rhbz#849713 (fixes FTBFS) [1:1.7.0-0.1.b1] - Update to 1.7.0b1 - Rebase python 3.3 patchs to current git master - Drop patches applied upstream [1:1.6.2-5] - rework patches for 3.3 to more directly reflect upstream's commits - re-enable test suite on python 3 - forcibly regenerate Cython .c source to avoid import issues on Python 3.3 [1:1.6.2-4] - rebuild for https://fedoraproject.org/wiki/Features/Python_3.3 - needs unicode patch [1:1.6.2-3] - remove rhel logic from with_python3 conditional [1:1.6.2-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [1:1.6.2-1] - Update to 1.6.2 final [1:1.6.2rc1-0.1] - Update to 1.6.2rc1 [1:1.6.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [1:1.6.1-1] - Update to 1.6.1 [1:1.6.0-2] - Bump and rebuild for BZ 712251. [1:1.6.0-1] - Update to 1.6.0 final [1:1.6.0-0.2.b2] - Update to 1.6.0b2 - Drop import patch fixed upstream [1:1.6.0-0.1.b1] - Update to 1.6.0b1 - Build python3 module with python3 - Add patch from upstream to fix build time import error [1:1.5.1-1] - Update to 1.5.1 final [1:1.5.1-0.4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [1:1.5.1-0.3] - fix the AttributeError during tests - fix build on s390(x) [1:1.5.1-0.2] - rebuild for newer python3 [1:1.5.1-0.1] - update to 1.5.1rc1 - add python3 subpackage - some spec-cleanups [1:1.4.1-6] - actually add the patch this time [1:1.4.1-5] - fix segfault within %check on 2.7 (patch 2) [1:1.4.1-4] - Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild [1.4.1-3] - ignore the 'Ticket #1299 second test' failure on s390(x) [1.4.1-2] - source commit fix [1.4.1-1] - New upstream release. Include backported doublefree patch [1.3.0-8] - Moved distutils back to the main package, BZ 572820. [1.3.0-7] - Reverted to 1.3.0 after upstream pulled 1.4.0, BZ 579065. [1.4.0-5] - Linking /usr/include/numpy to .h files, BZ 185079. [1.4.0-4] - Re-enabling atlas BR, dropping lapack Requires. [1.4.0-3] - Since the previous didn't work, Requiring lapack. [1.4.0-2] - Temporarily dropping atlas BR to work around 562577. [1.4.0-1] - 1.4.0. - Dropped ARM patch, ARM support added upstream. [1.3.0-6.fa1] - Add ARM support [1.3.0-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [1.3.0-5] - Fixed atlas BR, BZ 505376. [1.3.0-4] - EVR bump for pygame chainbuild. [1.3.0-3] - Moved linalg, fft back to main package. [1.3.0-2] - Split out f2py into subpackage, thanks Peter Robinson pbrobinson@gmail.com. [1.3.0-1] - Update to latest upstream. - Fixed Source0 URL. [1.3.0-0.rc1] - Update to latest upstream. [1.2.1-3] - Require python-devel, BZ 488464. [1.2.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild [1.2.1-1] - Update to 1.2.1. [1.2.0-2] - Rebuild for Python 2.6 [1.2.0-1] - New upstream release, added python-nose BR. BZ 465999. - Using atlas blas, not blas-devel. BZ 461472. [1.1.1-1] - New upstream release [1.1.0-1] - New upstream release [1.0.4-1] - New upstream release [1.0.3.1-2] - Add python egg to %files on f9+ [1.0.3.1-1] - New upstream release [1.0.3-1] - New upstream release [1.0.2-2] - Drop BR: atlas-devel, since it just provides binary-compat blas and lapack libs. Atlas can still be optionally used at runtime. (Note: this is all per the atlas maintainer). [1.0.2-1] - New upstream release [1.0.1-4] - Update gfortran patch to recognize latest gfortran f95 support - Resolves rhbz#236444 [1.0.1-3] - Fix up cpuinfo bug (#229753). Upstream bug/change: http://projects.scipy.org/scipy/scipy/ticket/349 [1.0.1-2] - Per discussion w/Jose Matos, Obsolete/Provide f2py, as the stand-alone one is no longer supported/maintained upstream [1.0.1-1] - New upstream release [1.0-2] - Rebuild for python 2.5 [1.0-1] - New upstream release [0.9.8-1] - New upstream release [0.9.6-1] - Upstream update [0.9.5-1] - Upstream update [0.9.4-2] - Rebuild for Fedora Extras 5 [0.9.4-1] - Initial RPM release - Added gfortran patch from Neal Becker python39 [3.9.18-3] - Skip tests failing on s390x Resolves: RHEL-21905 [3.9.18-2] - Security fix for CVE-2023-27043 Resolves: RHEL-5561 python3x-pip [20.2.4-9] - Require Python with tarfile filters Resolves: RHEL-25457 python3x-setuptools [50.3.2-5] - Fix for CVE-2022-40897 Resolves: RHEL-9764 [50.3.2-4] - Adjusted the postun scriptlets to enable upgrading to RHEL 9 - Resolves: rhbz#1933055 [50.3.2-3] - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz#1877430 [50.3.2-2] - Disable tests in Fedora ELN (and RHEL) [50.3.2-1] - Update to 50.3.2 (#1889093) [50.1.0-1] - Update to 50.1.0 (#1873889) [49.6.0-1] - Update to 49.6.0 (#1862791) [49.1.3-1] - Update to 49.1.3 (#1853597) - https://setuptools.readthedocs.io/en/latest/history.html#v49-1-3 [47.3.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [47.3.1-1] - Update to 47.3.1 (#1847049) - https://setuptools.readthedocs.io/en/latest/history.html#v47-3-1 [47.1.1-1] - Update to 47.1.1 (#1841123) - https://setuptools.readthedocs.io/en/latest/history.html#v47-1-1 [46.4.0-4] - Rebuilt for Python 3.9 [46.4.0-3] - Bootstrap for Python 3.9 [46.4.0-2] - Bootstrap for Python 3.9 [46.4.0-1] - Update to 46.4.0 (#1835411) - https://setuptools.readthedocs.io/en/latest/history.html#v46-4-0 [46.2.0-1] - Update to 46.2.0 (#1833826) - https://setuptools.readthedocs.io/en/latest/history.html#v46-2-0 [46.1.3-1] - Upgrade to 46.1.3 (#1817189) - https://setuptools.readthedocs.io/en/latest/history.html#v46-1-3 [46.0.0-1] - Upgrade to 46.0.0 (#1811340) - https://setuptools.readthedocs.io/en/latest/history.html#v46-0-0 [45.2.0-1] - Upgrade to 45.2.0 (#1775943) - https://setuptools.readthedocs.io/en/latest/history.html#v45-2-0 - No longer supports Python 2 [41.6.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild [41.6.0-1] - Upgrade to 41.6.0 (#1758945). - https://setuptools.readthedocs.io/en/latest/history.html#v41-6-0 - Disabled a failing upstream test: https://github.com/pypa/setuptools/issues/1896 [41.2.0-1] - Upgrade to 41.2.0 (#1742718). - https://setuptools.readthedocs.io/en/latest/history.html#v41-2-0 [41.0.1-9] - Move python2-setuptools to a separate package [41.0.1-8] - Rebuilt for Python 3.8 [41.0.1-7] - Bootstrap for Python 3.8 [41.0.1-6] - Provide pythonXdist(setuptools) when bootstrapping [41.0.1-5] - Bootstrap for Python 3.8 [41.0.1-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild [41.0.1-3] - Make /usr/bin/easy_install Python 3 - Drop obsoleted Obsoletes [41.0.1-2] - Remove optional test dependencies for Python 2 - Skip test_virtualenv on Python 2 [41.0.1-1] - Update to 41.0.1 (#1695846) - https://github.com/pypa/setuptools/blob/v41.0.1/CHANGES.rst [40.8.0-1] - Update to 40.8.0 (#1672756) - https://github.com/pypa/setuptools/blob/v40.8.0/CHANGES.rst [40.7.3-1] - Hotfix update to 40.7.3 (#1672084) - https://github.com/pypa/setuptools/blob/v40.7.3/CHANGES.rst [40.7.2-1] - Hotfix update to 40.7.2 (#1671608) - https://github.com/pypa/setuptools/blob/v40.7.2/CHANGES.rst [40.7.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild [40.7.1-1] - Hotfix update to 40.7.1 (#1670243) - https://github.com/pypa/setuptools/blob/v40.7.1/CHANGES.rst [40.7.0-1] - Update to 40.7.0 (#1669876) - https://github.com/pypa/setuptools/blob/v40.7.0/CHANGES.rst [40.4.3-1] - Update to 40.4.3 to fix dire DeprecationWarnings (#1627071) - List vendored libraries - https://github.com/pypa/setuptools/blob/v40.4.3/CHANGES.rst [40.4.1-1] - Update to 40.4.1 (#1599307). - https://github.com/pypa/setuptools/blob/v40.4.1/CHANGES.rst [39.2.0-7] - Add a subpackage with wheels - Remove the python3 bcond - Remove macros for RHEL 6 [39.2.0-6] - Create /usr/local/lib/pythonX.Y when needed (#1576924) [39.2.0-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild [39.2.0-4] - Rebuilt for Python 3.7 [39.2.0-3] - Bootstrap for Python 3.7 [39.2.0-2] - Bootstrap for Python 3.7 [39.2.0-1] - update to 39.2.0 Fixes bug #1572889 [39.0.1-1] - update to 39.0.1 Fixes bug #1531527 [38.4.0-4] - Skip test_virtualenv due to broken executable detection [38.4.0-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [38.4.0-2] - Update conditional [38.4.0-1] - update to 38.4.0 Fixes bug #1531527 [38.2.5-1] - update to 38.2.5 Fixes bug #1528968 [37.0.0-1] - Update to 37.0.0 (fixes #1474126) - Removed not needed pip3 patch (upstream included different version of fix) [36.5.0-1] - Update to 36.5.0 (related to #1474126) [36.2.0-8] - Remove the platform-python subpackage [36.2.0-7] - Re-enable tests to finish bootstrapping the platform-python stack (https://fedoraproject.org/wiki/Changes/Platform_Python_Stack) [36.2.0-6] - Add the platform-python subpackage - Disable tests so platform-python stack can be bootstrapped (https://fedoraproject.org/wiki/Changes/Platform_Python_Stack) [36.2.0-5] - Add Patch 0 that fixes a test suite failure on Python 3 in absence of the Python 2 version of pip - Move docs to their proper place [36.2.0-4] - Switch macros to bcond's and make Python 2 optional to facilitate building the Python 2 and Python 3 modules. [36.2.0-3] - Revert 'Add --executable option to easy_install command' This enhancement is currently not needed and it can possibly collide with pip --editableoption [36.2.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [36.2.0-1] - update to 36.2.0. Fixes bug #1470908 [36.0.1-1] - update to 36.0.1. Fixes bug #1458093 [35.0.2-1] - update to 35.0.2. Fixes bug #1446622 [35.0.1-1] - Update to 35.0.1. Fixes bug #1440388 [34.3.2-1] - Update to 34.3.2. Fixes bug #1428818 [34.3.0-1] - Update to 34.3.0. Fixes bug #1426463 [34.2.0-2] - Add --executable option to easy_install command [34.2.0-1] - Update to 34.2.0. Fixes bug #1421676 [34.1.1-1] - Update to 34.1.1. Fixes bug #1412268 - Fix License tag. Fixes bug #1412268 - Add Requires for fomerly bundled projects: six, packaging appdirs [32.3.1-2] - Use python macros in build and install sections [32.3.1-1] - Update to 32.3.1. Fixes bug #1409091 [32.3.0-1] - Update to 32.3.0. Fixes bug #1408564 [32.2.0-1] - Update to 32.2.0. Fixes bug #1400310 [30.4.0-2] - Enable tests [30.4.0-1] - Update to 30.4.0. Fixes bug #1400310 [28.8.0-3] - Rebuild for Python 3.6 with wheel - Disable tests [28.8.0-2] - Rebuild for Python 3.6 without wheel [28.8.0-1] - Update to 28.8.1. Fixes bug #1392722 [28.7.1-1] - Update to 28.7.1. Fixes bug #1389917 [28.6.1-1] - Update to 28.6.1. Fixes bug #1387071 [28.6.0-1] - Update to 28.6.0. Fixes bug #1385655 [28.3.0-1] - Update to 28.3.0. Fixes bug #1382971 [28.2.0-1] - Update to 28.2.0. Fixes bug #1381099 [28.1.0-1] - Update to 28.1.0. Fixes bug #1381066 [28.0.0-1] - Update to 28.0.0. Fixes bug #1380073 [27.3.0-1] - Update to 27.3.0. Fixes bug #1378067 [27.2.0-1] - Update to 27.2.0. Fixes bug #1376298 [27.1.2-1] - Update to 27.1.2. Fixes bug #1370777 [26.0.0-1] - Update to 26.0.0. Fixes bug #1370777 [25.1.6-1] - Update to 25.1.6. Fixes bug #1362325 [25.1.1-1] - Update to 25.1.1. Fixes bug #1361465 [25.1.0-1] - Update to 25.1.0 [25.0.0-1] - Update to 25.0.0 [24.2.0-1] - Update to 24.2.0. Fixes bug #1352734 [24.0.1-2] - https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages [24.0.1-1] - Update to 24.0.1. Fixes bug #1352532 [23.0.0-1] - Update to 23.0.0. Fixes bug #1346542 [22.0.5-1] - Update to 22.0.5. Fixes bug #1342706 [20.0.0-1] - Upgrade to 22.0.0 * Tue May 31 2016 Nils Philippsen <nils@redhat.com> - fix source URL [21.2.2-1] - Update to 21.2.2. Fixes bug #1332357 [20.10.1-1] - Update to 20.10.1. Fixes bug #1330375 [20.9.0-1] - Update to 20.9.0. Fixes bug #1327827 [20.8.1-1] - Update to 20.8.1. Fixes bug #1325910 [20.6.7-1] - Update to 20.6.7. Fixes bug #1322836 [20.4-1] - Update to 20.4. Fixes bug #1319366 [20.3-1] - Update to 20.3. Fixes bug #1311967 [20.2.2-1] - Update to 20.2.2. Fixes bug #1311967 [20.1.1-1] - Update to 20.1.1. Fixes bug #130719 [20.1-1] - Update to 20.1. Fixes bug #1307000 [20.0-1] - Update to 20.0. Fixes bug #1305394 [19.7-1] - Update to 19.7. Fixes bug #1304563 [19.6.2-2] - Fix python3 package file ownership [19.6.2-1] - Update to 19.6.2. Fixes bug #1303397 [19.6-1] - Update to 19.6. [19.5-1] - Update to 19.5. Fixes bug #1301313 [19.4-1] - Update to 19.4. Fixes bug #1299288 [19.2-2] - Cleanup spec from python3-setuptools review [19.2-1] - Update to 19.2. Fixes bug #1296755 [19.1.1-1] - Update to 19.1.1. Fixes bug #1292658 [18.8.1-1] - Update to 18.8.1. Fixes bug #1291678 [18.8-1] - Update to 18.8. Fixes bug #1290942 [18.7.1-1] - Update to 18.7.1. Fixes bug #1287372 [18.6.1-1] - Update to 18.6.1. Fixes bug #1270578 [18.5-3] - Try to disable zip_safe bug #1271776 - Add python2 subpackage [18.5-2] - Add patch so it is possible to set test_args variable [18.5-1] - Update to 18.5. Fixes bug #1270578 [18.4-1] - Update to 18.4. Fixes bug #1270578 - Build with wheel and check phase [18.3.2-2] - Python3.5 rebuild: rebuild without wheel and check phase [18.3.2-1] - Update to 18.3.2. Fixes bug #1264902 [18.3.1-1] - Update to 18.3.1. Fixes bug #1256188 [18.1-1] - Update to 18.1. Fixes bug #1249436 [18.0.1-2] - Explicitely provide python2-setuptools [18.0.1-1] - Update to 18.0.1 [17.1.1-3] - Drop no longer needed Requires/BuildRequires on python-backports-ssl_match_hostname - Fixes bug #1231325 [17.1.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [17.1.1-1] - Update to 17.1.1. Fixes bug 1229507 [17.1-1] - Update to 17.1. Fixes bug 1229066 [17.0-1] - Update to 17 [16.0-1] - Update to 16 [15.2-1] - new version [15.0-1] - new version [14.3.1-1] - new version [14.3.1-1] - new version [14.3-1] - new version [14.2-1] - new version [14.1.1-1] - new version [13.0.2-1] - new version [12.4-1] - new version [12.3-1] - new version [12.0.3-1] - Update to 12.0.3 [11.3.1-2] - Huge spec cleanup - Make spec buildable on all Fedoras and RHEL 6 and 7 - Make tests actually run [11.3.1-1] - Update to 11.3.1. Fixes bugs: #1179393 and #1178817 [11.0-1] - Update to 11.0. Fixes bug #1178421 [8.2.1-1] - Update to 8.2.1. Fixes bug #1175229 [7.0-1] - Latest upstream. Fixes bug #1154590. [6.1-1] - Latest upstream. Fixes bug #1152130. [6.0.2-2] - Modernized python2 macros. - Inlined locale environment variables in the %check section. - Remove bundled egg-info and .exes. [6.0.2-1] - Update to 6.0.2 [6.0.1-1] - Update to 6.0.1. Fixes bug #1044444 [2.0-8] - Remove the python-setuptools-devel Virtual Provides as per this Fedora 21 Change: http://fedoraproject.org/wiki/Changes/Remove_Python-setuptools-devel [2.0-7] - And another bug in sdist [2.0-6] - Fix a bug in the sdist command [2.0-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [2.0-4] - Rebuild as wheel for Python 3.4 [2.0-3] - Rebuilt for tag f21-python [2.0-2] - Add a switch to build setuptools as wheel [2.0-1] - Update to new upstream release with a few things removed from the API: Changelog: https://pypi.python.org/pypi/setuptools#id139 [1.4-1] - Update to 1.4 that gives easy_install pypi credential handling [1.3.1-1] - Minor upstream update to reign in overzealous warnings [1.3-1] - Upstream update that pulls in our security patches [1.1.7-1] - Update to newer upstream release that has our patch to the unittests - Fix for http://bugs.python.org/issue17997#msg194950 which affects us since setuptools copies that code. Changed to use python-backports-ssl_match_hostname so that future issues can be fixed in that package. [1.1.6-1] - Update to newer upstream release. Some minor incompatibilities listed but they should affect few, if any consumers. [0.9.6-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild [0.9.6-1] - Upstream update -- just fixes python-2.4 compat [0.9.5-1] - Update to 0.9.5 - package_index can handle hashes other than md5 - Fix security vulnerability in SSL certificate validation - https://bugzilla.redhat.com/show_bug.cgi?id=963260 [0.8-1] - Update to upstream 0.8 release. Codebase now runs on anything from python-2.4 to python-3.3 without having to be translated by 2to3. [0.7.7-1] - Update to 0.7.7 upstream release [0.7.2-2] - Update to the setuptools-0.7 branch that merges distribute and setuptools [0.6.36-1] - Update to upstream 0.6.36. Many bugfixes [0.6.28-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild [0.6.28-3] - rebuild for https://fedoraproject.org/wiki/Features/Python_3.3 [0.6.28-2] - remove rhel logic from with_python3 conditional [0.6.28-1] - New upstream release: - python-3.3 fixes - honor umask when setuptools is used to install other modules [0.6.27-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [0.6.27-2] - Fix easy_install.py having a python3 shebang in the python2 package [0.6.27-1] - Upstream bugfix [0.6.24-2] - Upstream bugfix [0.6.24-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [0.6.24-1] - Upstream bugfix - Compile the win32 launcher binary using mingw [0.6.21-1] - Upstream bugfix release [0.6.19-1] - Upstream bugfix release [0.6.14-7] - Switch to patch that I got in to upstream [0.6.14-6] - Fix build on python-3.2 [0.6.14-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [0.6.14-4] - rebuild with python3.2 http://lists.fedoraproject.org/pipermail/devel/2010-August/141368.html [0.6.14-3] - Update description to mention this is distribute [0.6.14-2] - bump for building against python 2.7 [0.6.14-1] - update to new version - all patches are upsteam [0.6.13-7] - generalize path of easy_install-2.6 and -3.1 to -2.* and -3.* [0.6.13-6] - Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild [0.6.13-5] - Upstream patch for compatibility problem with setuptools - Minor spec cleanups - Provide python-distribute for those who see an import distribute and need to get the proper package. [0.6.13-4] - Fix race condition in unittests under the python-2.6.x on F-14. [0.6.13-3] - Fix few more buildroot macros [0.6.13-2] - Include data that's needed for running tests [0.6.13-1] - Update to upstream 0.6.13 - Minor specfile formatting fixes [0.6.10-3] - First build with python3 support enabled. [0.6.10-2] - Really disable the python3 portion [0.6.10-1] - Update the python3 portions but disable for now. - Update to 0.6.10 - Remove %pre scriptlet as the file has a different name than the old package's directory [0.6.9-4] - Fix install to make /usr/bin/easy_install the py2 version - Don't need python3-tools since the library is now in the python3 package - Few other changes to cleanup style [0.6.9-2] - add python3 subpackage [0.6.9-1] - New upstream bugfix release. [0.6.8-2] - Test rebuild [0.6.8-1] - Update to 0.6.8. - Fix directory => file transition when updating from setuptools-0.6c9. [0.6.7-2] - Fix duplicate inclusion of files. - Only Obsolete old versions of python-setuptools-devel [0.6.7-1] - Move easy_install back into the main package as the needed files have been moved from python-devel to the main python package. - Update to 0.6.7 bugfix. [0.6.6-1] - Upstream bugfix release. [0.6.4-1] - First build from the distribute codebase -- distribute-0.6.4. - Remove svn patch as upstream has chosen to go with an easier change for now. [0.6c9-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [0.6c9-4] - Apply SVN-1.6 versioning patch (rhbz #511021) [0.6c9-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild python3x-six [1.15.0-3] - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz#1877430 [1.15.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [1.15.0-1] - Update to 1.15.0 (#1838702) [1.14.0-4] - Rebuilt for Python 3.9 [1.14.0-3] - Bootstrap for Python 3.9 [1.14.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild [1.14.0-1] - Update to 1.14.0 (#1768982) for Python 3.9 support (#1788494) - Drop old obsoletes for platform-python-six [1.12.0-7] - Rebuilt for Python 3.8.0rc1 (#1748018) [1.12.0-6] - Reduce Python 2 build dependencies [1.12.0-5] - Rebuilt for Python 3.8 [1.12.0-4] - Bootstrap for Python 3.8 [1.12.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild [1.12.0-1] - Update to 1.12.0 [1.11.0-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild [1.11.0-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild [1.11.0-5] - Rebuilt for Python 3.7 [1.11.0-4] - Bootstrap for Python 3.7 [1.11.0-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [1.11.0-2] - Removed and obsoleted the platform-python subpackage [1.11.0-1] - Update to 1.11.0 [1.10.0-11] - Added the platform-python subpackage [1.10.0-10] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [1.10.0-9] - Fix unversioned Python BuildRequires [1.10.0-8] - Rebuild as wheel [1.10.0-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [1.10.0-6] - Enable tests [1.10.0-5] - Rebuild for Python 3.6 - Disable python3 tests [1.10.0-4] - Modernize spec more - Depend on system-python(abi) - Cleanups [1.10.0-3] - https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages [1.10.0-2] - Modernize spec - Fix python3 package file ownership [1.10.0-1] - Update to 1.10.0 [1.9.0-4] - Rebuilt for Python3.5 rebuild [1.9.0-3] - Added python2-six provide to python-six [1.9.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [1.9.0-1] - Upstream 1.9.0 - Packaging cleanups [1.8.0-1] - upgrade to 1.8.0 (rhbz#1105861) [1.7.3-2] - fix license handling [1.7.3-1] - Latest upstream [1.6.1-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [1.6.1-2] - Rebuild for Python 3.4 [1.6.1-1] - upgrade to 1.6.1 (rhbz#1076578) [1.5.2-1] - upgrade to 1.5.2 (rhbz#1048819) [1.4.1-1] - 1.4.1 [1.3.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild [1.3.0-1] - 1.3.0 [1.2.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild [1.2.0-1] - 1.2.0 (rhbz#852658) - add %check section [1.1.0-4] - rebuild for https://fedoraproject.org/wiki/Features/Python_3.3 [1.1.0-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [1.1.0-2] - Conditionalized python3-six, allowing an el6 build. [1.1.0-1] - 1.1.0 [1.0.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [1.0.0-1] - initial packaging python-cffi [1.14.3-2] - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz#1877430 [1.14.3-1] - Update to 1.14.3 [1.14.2-1] - Update to 1.14.2 (#1869032) [1.14.1-1] - Update to 1.14.1 - Fixes: rhbz#1860698 - Fixes: rhbz#1865276 [1.14.0-2] - Rebuilt for Python 3.9 [1.14.0] - Update to 1.14.0 (#1800646) [1.13.2-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild [1.13.2-1] - Update to 1.13.2 (#1768219) [1.13.1-1] - Update to 1.13.1 (#1763767) [1.13.0-1] - Update to 1.13.0 (#1761757) [1.12.3-5] - Subpackage python2-cffi has been removed See https://fedoraproject.org/wiki/Changes/Mass_Python_2_Package_Removal [1.12.3-4] - Rebuilt for Python 3.8.0rc1 (#1748018) [1.12.3-3] - Reduce Python 2 build dependencies [1.12.3-2] - Rebuilt for Python 3.8 [1.12.3-1] - Update to 1.12.3 (#1701577) - https://cffi.readthedocs.io/en/latest/whatsnew.html#v1-12-3 [1.12.2-2] - Remove unused build dependency on Cython - Remove duplicate build dependency on pytest [1.12.2-1] - Update to 1.12.2 (#1677888) [1.11.5-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild [1.11.5-6] - Fix FTBFS (#1605627) [1.11.5-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild [1.11.5-4] - Rebuilt for Python 3.7 [1.11.5-3] - Disable tests to fix mock-only FTBFS. [1.11.5-2] - Update Python 2 dependency declarations to new packaging standards (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) [1.11.2-1] - New release 1.11.5 [1.11.2-3] - Escape macros in %changelog [1.11.2-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [1.11.2-1] - New release 1.11.0 - Fix %check [1.11.0-2] - Cleanup spec file conditionals [1.11.0-1] - New release 1.11.0 [1.10.0-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [1.10.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [1.10.0-1] - New release 1.10.0 [1.9.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [1.9.1-1] - Update to latest upstream 1.9.1 [1.8.3-4] - Modernize spec [1.8.3-3] - Rebuild for Python 3.6 - Disable test dependencies [1.8.3-2] - Re-disable check [1.8.3-1] - Update to 1.8.3 - Reenable check [1.8.2-1] - Update to 1.8.2 [1.7.0-3] - Record installed files [1.7.0-2] - https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages [1.7.0-1] - Update to 1.7.0 [1.6.0-3] - Switch Source0 to using pypi.io [1.6.0-2] - Update Source0 URL to account for pypi change [1.6.0-1] - Update to 1.6.0 (#1329203) [1.5.2-1] - Update to 1.5.2 (#1299272) [1.5.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [1.5.0-1] - Update to 1.5.0 (#1299272) [1.4.2-2] - Move python-cffi => python2-cffi [1.4.2-1] - Update to 1.4.2 (#1293504) [1.4.1-1] - Update to latest upstream release [1.3.1-1] - Update to latest upstream release [1.1.2-4] - Rebuilt for Python3.5 rebuild [1.1.2-3] - Modernize spec file - add missing source [1.1.2-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [1.1.2-2] - Update to 1.1.2 - Fix license [0.8.6-1] - Update to latest upstream. - No python3 in el7. [0.8.1-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild [0.8.1-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [0.8.1-2] - Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 [0.8.1-1] - Update to latest upstream. [0.6-5] - Add Requires of python{,3}-pycparser. [0.6-4] - Fix broken conditionals in spec (missing question marks), needed for el6. [0.6-3] - Add Python3 support. [0.6-2] - Better URL, and use version macro in Source0. [0.6-1] - initial version python-chardet python-cryptography [3.3.1-3.0.1] - Fix CVE-2023-49083: NULL-dereference when loading PKCS7 certificates [Orabug: 36143834] [3.3.1-3] - Fix CVE-2023-23931: Don't allow update_into to mutate immutable objects, - Resolves RHEL-4932 [3.3.1-2] - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz#1877430 [3.3.1-1] - Update to 3.3.1 (#1905756) [3.2.1-1] - Update to 3.2.1 (#1892153) [3.2-1] - Update to 3.2 (#1891378) [3.1-1] - Update to 3.1 (#1872978) [3.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [3.0-1] - Update to 3.0 (#185897) [2.9-3] - Rebuilt for Python 3.9 [2.9-2] - add source file verification [2.9-1] - Update to 2.9 (#1820348) python-idna [2.10-3] - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz#1877430 [2.10-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [2.10-1] - Update to 2.10 (#1851653) [2.9-2] - Rebuilt for Python 3.9 [2.9-1] - Update to 2.9 (#1803654) python-lxml [4.6.5-1] - Update to 4.6.5 - Security fix for CVE-2021-43818 Resolves: rhbz#2032569 [4.6.2-3] - Security fix for CVE-2021-28957 Resolves: rhbz#1941534 [4.6.2-2] - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz#1877430 [4.6.2-1] - Update to 4.6.2 - Fixes CVE-2020-27783 and another vulnerability in the HTML Cleaner - Fixes: rhbz#1855415 - Fixes: rhbz#1901634 [4.5.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [4.5.1-1] - Update to 4.5.1 [4.4.1-5] - Rebuilt for Python 3.9 [4.4.1-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild [4.4.1-3] - Subpackage python2-lxml has been removed See https://fedoraproject.org/wiki/Changes/Mass_Python_2_Package_Removal [4.4.1-2] - Generate C files using py3 Cython [4.4.1-1] - Update to 4.4.1 [4.4.0-2] - Rebuilt for Python 3.8 [4.4.0-1] - Update to 4.4.0 [4.2.5-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild [4.2.5-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild [4.2.5-1] - Update to 4.2.5 [4.2.4-1] - Update to 4.2.4 [4.2.3-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild [4.2.3-1] - Update to 4.2.3 [4.2.1-2] - Rebuilt for Python 3.7 [4.2.1-1] - Update to 4.2.1 [4.1.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [4.1.1-1] - Update to 4.1.1 [4.0.0-2] - Conditionally allow building without Cython [4.0.0-1] - Update to 4.0.0 [3.8.0-1] - Update to 3.8.0. Fixes bug #1458529 [3.7.2-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [3.7.2-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [3.7.2-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [3.7.2-1] - Update to 3.7.2 [3.7.1-1] - Update to 3.7.1 [3.7.0-2] - Rebuild for Python 3.6 [3.7.0-1] - Update to 3.7.0 [3.6.4-1] - Update to 3.6.4 [3.4.4-5] - https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages [3.4.4-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [3.4.4-3] - fix conditional [3.4.4-2] - Rebuilt for Python3.5 rebuild [3.4.4-1] - Update to 3.4.4 - Use %license, cleanup spec [3.3.6-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [3.3.6-1] - 3.3.6 (2014-08-28) - ================== - - Bugs fixed - ---------- - - * Prevent tree cycle creation when adding Elements as siblings. - - * LP#1361948: crash when deallocating Element siblings without parent. - - * LP#1354652: crash when traversing internally loaded documents in XSLT - extension functions. * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild [3.3.5-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [3.3.5-2] - Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 [3.3.5-1] - 3.3.5 (2014-04-18) - ================== - - Bugs fixed - ---------- - - * HTML cleaning could fail to strip javascript links that mix control - characters into the link scheme. [3.3.4-1] - 3.3.4 (2014-04-03) - ================== - - Features added - -------------- - - * Source line numbers above 65535 are available on Elements when - using libxml2 2.9 or later. - - Bugs fixed - ---------- - - * lxml.html.fragment_fromstring() failed for bytes input in Py3. [3.3.3-4] - Fix macro definition [3.3.3-3] - Add python3-cssselect to correct package [3.3.3-3] - python3-cssselect is not available on F19 [3.3.3-2] - BZ#1075070 add requires and buildrequires for cssselect [3.3.3-1] - 3.3.3 (2014-03-04) - ================== - - Bugs fixed - ---------- - - * LP#1287118: Crash when using Element subtypes with __slots__. - - Other changes - ------------- - - * The internal classes _LogEntry and _Attrib can no longer be - subclassed from Python code. [3.3.2-2] - Add check section #1075070 [3.3.2-1] - 3.3.2 (2014-02-26) - ================== - - Bugs fixed - ---------- - - * The properties resolvers and version, as well as the methods - set_element_class_lookup() and makeelement(), were lost from - iterparse objects. - - * LP#1222132: instances of XMLSchema, Schematron and RelaxNG - did not clear their local error_log before running a validation. - - * LP#1238500: lxml.doctestcompare mixed up 'expected' and 'actual' in - attribute values. - - * Some file I/O tests were failing in MS-Windows due to incorrect temp - file usage. Initial patch by Gabi Davar. - - * LP#910014: duplicate IDs in a document were not reported by DTD - validation. - - * LP#1185332: tostring(method='html') did not use HTML serialisation - semantics for trailing tail text. Initial patch by Sylvain Viollon. - - * LP#1281139: .attrib value of Comments lost its mutation methods - in 3.3.0. Even though it is empty and immutable, it should still - provide the same interface as that returned for Elements. [3.3.2-1] - 3.3.1 (2014-02-12) - ================== - - Bugs fixed - ---------- - - * LP#1014290: HTML documents parsed with parser.feed() failed to find - elements during tag iteration. - - * LP#1273709: Building in PyPy failed due to missing support for - PyUnicode_Compare() and PyByteArray_*() in PyPy's C-API. - - * LP#1274413: Compilation in MSVC failed due to missing 'stdint.h' standard - header file. - - * LP#1274118: iterparse() failed to parse BOM prefixed files. [3.3.0-2] - Update Cython requirement to >= 0.20 [3.3.0-1] - 3.3.0 (2014-01-26) - ================== - - Features added - -------------- - - Bugs fixed - ---------- - - * The heuristic that distinguishes file paths from URLs was tightened - to produce less false negatives. - - Other changes - ------------- - - - 3.3.0beta5 (2014-01-18) - ======================= - - Features added - -------------- - - * The PEP 393 unicode parsing support gained a fallback for wchar strings - which might still be somewhat common on Windows systems. - - Bugs fixed - ---------- - - * Several error handling problems were fixed throughout the code base that - could previously lead to exceptions being silently swallowed or not - properly reported. - - * The C-API function appendChild() is now deprecated as it does not - propagate exceptions (its return type is void). The new function - appendChildToElement() was added as a safe replacement. - - * Passing a string into fromstringlist() raises an exception instead of - parsing the string character by character. - - Other changes - ------------- - - * Document cleanup code was simplified using the new GC features in - Cython 0.20. - - - 3.3.0beta4 (2014-01-12) - ======================= - - Features added - -------------- - - Bugs fixed - ---------- - - * The (empty) value returned by the attrib property of Entity and - Comment objects was mutable. - - * Element class lookup wasn't available for the new pull parsers or when - using a custom parser target. - - * Setting Element attributes on instantiation with both the attrib - argument and keyword arguments could modify the mapping passed as - attrib. - - * LP#1266171: DTDs instantiated from internal/external subsets (i.e. - through the docinfo property) lost their attribute declarations. - - Other changes - ------------- - - * Built with Cython 0.20pre (gitrev 012ae82eb) to prepare support for - Python 3.4. - - - 3.3.0beta3 (2014-01-02) - ======================= - - Features added - -------------- - - * Unicode string parsing was optimised for Python 3.3 (PEP 393). - - Bugs fixed - ---------- - - * HTML parsing of Unicode strings could misdecode the input on some - platforms. - - * Crash in xmlfile() when closing open elements out of order in an error - case. - - Other changes - ------------- - - - 3.3.0beta2 (2013-12-20) - ======================= - - Features added - -------------- - - * iterparse() supports the recover option. - - Bugs fixed - ---------- - - * Crash in iterparse() for HTML parsing. - - * Crash in target parsing with attributes. - - Other changes - ------------- - - * The safety check in the read-only tree implementation (e.g. used by - PythonElementClassLookup) raises a more appropriate - ReferenceError for illegal access after tree disposal instead of - an AssertionError. This should only impact test code that - specifically checks the original behaviour. - - - 3.3.0beta1 (2013-12-12) - ======================= - - Features added - -------------- - - * New option handle_failures in make_links_absolute() and - resolve_base_href() (lxml.html) that enables ignoring or - discarding links that fail to parse as URLs. - - * New parser classes XMLPullParser and HTMLPullParser for - incremental parsing, as implemented for ElementTree in Python 3.4. - - * iterparse() enables recovery mode by default for HTML parsing - (html=True). - - Bugs fixed - ---------- - - * LP#1255132: crash when trying to run validation over non-Element (e.g. - comment or PI). - - * Error messages in the log and in exception messages that originated - from libxml2 could accidentally be picked up from preceding warnings - instead of the actual error. - - * The ElementMaker in lxml.objectify did not accept a dict as - argument for adding attributes to the element it's building. This - works as in lxml.builder now. - - * LP#1228881: repr(XSLTAccessControl) failed in Python 3. - - * Raise ValueError when trying to append an Element to itself or - to one of its own descendants, instead of running into an infinite - loop. - - * LP#1206077: htmldiff discarded whitespace from the output. - - * Compressed plain-text serialisation to file-like objects was broken. - - * lxml.html.formfill: Fix textarea form filling. - The textarea used to be cleared before the new content was set, - which removed the name attribute. - - Other changes - ------------- - - * Some basic API classes use freelists internally for faster - instantiation. This can speed up some iterparse() scenarios, - for example. - - * iterparse() was rewritten to use the new *PullParser - classes internally instead of being a parser itself. [3.2.4-1] - 3.2.4 (2013-11-07) - ================== - - Bugs fixed - ---------- - - * Memory leak when creating an XPath evaluator in a thread. - - * LP#1228881: repr(XSLTAccessControl) failed in Python 3. - - * Raise ValueError when trying to append an Element to itself or - to one of its own descendants. - - * LP#1206077: htmldiff discarded whitespace from the output. - - * Compressed plain-text serialisation to file-like objects was broken. [3.2.3-2] - Add requirement for on python-cssselect for the python2 version [3.2.3-1] - and here's a version 3.2.3. The last release accidentally lost the ability - to work on Python 2.4. There are no other changes over 3.2.2. - - 3.2.2 (2013-07-28) - ================== - - Features added - -------------- - - Bugs fixed - ---------- - - * LP#1185701: spurious XMLSyntaxError after finishing iterparse(). - - * Crash in lxml.objectify during xsi annotation. - - Other changes - ------------- - - * Return values of user provided element class lookup methods are now - validated against the type of the XML node they represent to prevent - API class mismatches. [3.2.1-1] - 3.2.1 (2013-05-11) - ================== - - Features added - -------------- - - * The methods apply_templates() and process_children() of XSLT - extension elements have gained two new boolean options elements_only - and remove_blank_text that discard either all strings or - whitespace-only strings from the result list. - - Bugs fixed - ---------- - - * When moving Elements to another tree, the namespace cleanup mechanism - no longer drops namespace prefixes from attributes for which it finds - a default namespace declaration, to prevent them from appearing as - unnamespaced attributes after serialisation. - - * Returning non-type objects from a custom class lookup method could lead - to a crash. - - * Instantiating and using subtypes of Comments and ProcessingInstructions - crashed. [3.2.0-1] - 3.2.0 (2013-04-28) - ================== - - Features added - -------------- - - Bugs fixed - ---------- - - * LP#690319: Leading whitespace could change the behaviour of the string - parsing functions in lxml.html. - - * LP#599318: The string parsing functions in lxml.html are more robust - in the face of uncommon HTML content like framesets or missing body tags. - Patch by Stefan Seelmann. - - * LP#712941: I/O errors while trying to access files with paths that - contain non-ASCII characters could raise UnicodeDecodeError instead - of properly reporting the IOError. - - * LP#673205: Parsing from in-memory strings disabled network access in the - default parser and made subsequent attempts to parse from a URL fail. - - * LP#971754: lxml.html.clean appends 'nofollow' to 'rel' attributes instead - of overwriting the current value. - - * LP#715687: lxml.html.clean no longer discards scripts that are explicitly - allowed by the user provided whitelist. Patch by Christine Koppelt. - - 3.1.2 (2013-04-12) - ================== - - Bugs fixed - ---------- - - * LP#1136509: Passing attributes through the namespace-unaware API of - the sax bridge (i.e. the handler.startElement() method) failed - with a TypeError. Patch by Mike Bayer. - - * LP#1123074: Fix serialisation error in XSLT output when converting - the result tree to a Unicode string. - - * GH#105: Replace illegal usage of xmlBufLength() in libxml2 2.9.0 - by properly exported API function xmlBufUse(). - - 3.1.1 (2013-03-29) - ================== - - Features added - -------------- - - Bugs fixed - ---------- - - * LP#1160386: Write access to lxml.html.FormElement.fields raised - an AttributeError in Py3. - - * Illegal memory access during cleanup in incremental xmlfile writer. - - Other changes - ------------- - - * The externally useless class lxml.etree._BaseParser was removed - from the module dict. [3.1.0-1] - 3.1.0 (2013-02-10) - ================== - - Features added - -------------- - - * GH#89: lxml.html.clean allows overriding the set of attributes that it - considers 'safe'. Patch by Francis Devereux. - - Bugs fixed - ---------- - - * LP#1104370: copy.copy(el.attrib) raised an exception. It now returns - a copy of the attributes as a plain Python dict. - - * GH#95: When used with namespace prefixes, the el.find*() methods - always used the first namespace mapping that was provided for each - path expression instead of using the one that was actually passed - in for the current run. - - * LP#1092521, GH#91: Fix undefined C symbol in Python runtimes compiled - without threading support. Patch by Ulrich Seidl. - - Other changes - ------------- - - - 3.1beta1 (2012-12-21) - ===================== - - Features added - -------------- - - * New build-time option --with-unicode-strings for Python 2 that - makes the API always return Unicode strings for names and text - instead of byte strings for plain ASCII content. - - * New incremental XML file writing API etree.xmlfile(). - - * E factory in lxml.objectify is callable to simplify the creation of - tags with non-identifier names without having to resort to getattr(). - - Bugs fixed - ---------- - - * When starting from a non-namespaced element in lxml.objectify, searching - for a child without explicitly specifying a namespace incorrectly found - namespaced elements with the requested local name, instead of restricting - the search to non-namespaced children. - - * GH#85: Deprecation warnings were fixed for Python 3.x. - - * GH#33: lxml.html.fromstring() failed to accept bytes input in Py3. - - * LP#1080792: Static build of libxml2 2.9.0 failed due to missing file. - - Other changes - ------------- - - * The externally useless class _ObjectifyElementMakerCaller was - removed from the module API of lxml.objectify. - - * LP#1075622: lxml.builder is faster for adding text to elements with - many children. Patch by Anders Hammarquist. [3.0.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild [3.0.1-1] - 3.0.1 (2012-10-14) - Bugs fixed - - * LP#1065924: Element proxies could disappear during garbage collection - in PyPy without proper cleanup. - * GH#71: Failure to work with libxml2 2.6.x. - * LP#1065139: static MacOS-X build failed in Py3. [3.0-1] - 3.0 (2012-10-08) - ================ - - Features added - -------------- - - Bugs fixed - ---------- - - * End-of-file handling was incorrect in iterparse() when reading from - a low-level C file stream and failed in libxml2 2.9.0 due to its - improved consistency checks. - - Other changes - ------------- - - * The build no longer uses Cython by default unless the generated C files - are missing. To use Cython, pass the option '--with-cython'. To ignore - the fatal build error when Cython is required but not available (e.g. to - run special setup.py commands that do not actually run a build), pass - '--without-cython'. - - - 3.0beta1 (2012-09-26) - ===================== - - Features added - -------------- - - * Python level access to (optional) libxml2 memory debugging features - to simplify debugging of memory leaks etc. - - Bugs fixed - ---------- - - * Fix a memory leak in XPath by switching to Cython 0.17.1. - - * Some tests were adapted to work with PyPy. - - Other changes - ------------- - - * The code was adapted to work with the upcoming libxml2 2.9.0 release. - - - 3.0alpha2 (2012-08-23) - ====================== - - Features added - -------------- - - * The .iter() method of elements now accepts tag arguments like '{*}name' - to search for elements with a given local name in any namespace. With - this addition, all combinations of wildcards now work as expected: - '{ns}name', '{}name', '{*}name', '{ns}*', '{}*' and '{*}*'. Note that - 'name' is equivalent to '{}name', but '*' is '{*}*'. The same change - applies to the .getiterator(), .itersiblings(), .iterancestors(), - .iterdescendants(), .iterchildren() and .itertext() methods, the - strip_attributes(), strip_elements() and strip_tags() functions as well - as the iterparse() function. - - * C14N allows specifying the inclusive prefixes to be promoted to - top-level during exclusive serialisation. - - Bugs fixed - ---------- - - * Passing long Unicode strings into the feed() parser interface failed to - read the entire string. - - Other changes - ------------- - - - 3.0alpha1 (2012-07-31) - ====================== - - Features added - -------------- - - * Initial support for building in PyPy (through cpyext). - - * DTD objects gained an API that allows read access to their - declarations. - - * xpathgrep.py gained support for parsing line-by-line (e.g. - from grep output) and for surrounding the output with a new root - tag. - - * E-factory in lxml.builder accepts subtypes of known data - types (such as string subtypes) when building elements around them. - - * Tree iteration and iterparse() with a selective tag - argument supports passing a set of tags. Tree nodes will be - returned by the iterators if they match any of the tags. - - Bugs fixed - ---------- - - * The .find*() methods in lxml.objectify no longer use XPath - internally, which makes them faster in many cases (especially when - short circuiting after a single or couple of elements) and fixes - some behavioural differences compared to lxml.etree. Note that - this means that they no longer support arbitrary XPath expressions - but only the subset that the ElementPath language supports. - The previous implementation was also redundant with the normal - XPath support, which can be used as a replacement. - - * el.find('*') could accidentally return a comment or processing - instruction that happened to be in the wrong spot. (Same for the - other .find*() methods.) - - * The error logging is less intrusive and avoids a global setup where - possible. - - * Fixed undefined names in html5lib parser. - - * xpathgrep.py did not work in Python 3. - - * Element.attrib.update() did not accept an attrib of - another Element as parameter. - - * For subtypes of ElementBase that make the .text or .tail - properties immutable (as in objectify, for example), inserting text - when creating Elements through the E-Factory feature of the class - constructor would fail with an exception, stating that the text - cannot be modified. - - Other changes - -------------- - - * The code base was overhauled to properly use 'const' where the API - of libxml2 and libxslt requests it. This also has an impact on the - public C-API of lxml itself, as defined in etreepublic.pxd, as - well as the provided declarations in the lxml/includes/ directory. - Code that uses these declarations may have to be adapted. On the - plus side, this fixes several C compiler warnings, also for user - code, thus making it easier to spot real problems again. - - * The functionality of 'lxml.cssselect' was moved into a separate PyPI - package called 'cssselect'. To continue using it, you must install - that package separately. The 'lxml.cssselect' module is still - available and provides the same interface, provided the 'cssselect' - package can be imported at runtime. - - * Element attributes passed in as an attrib dict or as keyword - arguments are now sorted by (namespaced) name before being created - to make their order predictable for serialisation and iteration. - Note that adding or deleting attributes afterwards does not take - that order into account, i.e. setting a new attribute appends it - after the existing ones. - - * Several classes that are for internal use only were removed - from the lxml.etree module dict: - _InputDocument, _ResolverRegistry, _ResolverContext, _BaseContext, - _ExsltRegExp, _IterparseContext, _TempStore, _ExceptionContext, - __ContentOnlyElement, _AttribIterator, _NamespaceRegistry, - _ClassNamespaceRegistry, _FunctionNamespaceRegistry, - _XPathFunctionNamespaceRegistry, _ParserDictionaryContext, - _FileReaderContext, _ParserContext, _PythonSaxParserTarget, - _TargetParserContext, _ReadOnlyProxy, _ReadOnlyPIProxy, - _ReadOnlyEntityProxy, _ReadOnlyElementProxy, _OpaqueNodeWrapper, - _OpaqueDocumentWrapper, _ModifyContentOnlyProxy, - _ModifyContentOnlyPIProxy, _ModifyContentOnlyEntityProxy, - _AppendOnlyElementProxy, _SaxParserContext, _FilelikeWriter, - _ParserSchemaValidationContext, _XPathContext, - _XSLTResolverContext, _XSLTContext, _XSLTQuotedStringParam - - * Several internal classes can no longer be inherited from: - _InputDocument, _ResolverRegistry, _ExsltRegExp, _ElementUnicodeResult, - _IterparseContext, _TempStore, _AttribIterator, _ClassNamespaceRegistry, - _XPathFunctionNamespaceRegistry, _ParserDictionaryContext, - _FileReaderContext, _PythonSaxParserTarget, _TargetParserContext, - _ReadOnlyPIProxy, _ReadOnlyEntityProxy, _OpaqueDocumentWrapper, - _ModifyContentOnlyPIProxy, _ModifyContentOnlyEntityProxy, - _AppendOnlyElementProxy, _FilelikeWriter, _ParserSchemaValidationContext, - _XPathContext, _XSLTResolverContext, _XSLTContext, - _XSLTQuotedStringParam, _XSLTResultTree, _XSLTProcessingInstruction [2.3.5-1] - Bugs fixed - - * Crash when merging text nodes in element.remove(). - * Crash in sax/target parser when reporting empty doctype. [2.3.4-1] - Bugs fixed - - * Crash when building an nsmap (Element property) with empty namespace - URIs. - * Crash due to race condition when errors (or user messages) occur during - threaded XSLT processing (or compilation). - * XSLT stylesheet compilation could ignore compilation errors. [2.3.3-4] - rebuild for https://fedoraproject.org/wiki/Features/Python_3.3 [2.3.3-3] - remove rhel logic from with_python3 conditional [2.3.3-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [2.3.3-1] - 2.3.3 (2012-01-04) - Features added - - * lxml.html.tostring() gained new serialisation options with_tail and - doctype. - - Bugs fixed - - * Fixed a crash when using iterparse() for HTML parsing and requesting - start events. - * Fixed parsing of more selectors in cssselect. Whitespace before pseudo- - elements and pseudo-classes is significant as it is a descendant - combinator. 'E :pseudo' should parse the same as 'E *:pseudo', not - 'E:pseudo'. Patch by Simon Sapin. - * lxml.html.diff no longer raises an exception when hitting 'img' tags - without 'src' attribute. [2.3.2-1] - 2.3.2 (2011-11-11) - Features added - - * lxml.objectify.deannotate() has a new boolean option - cleanup_namespaces to remove the objectify namespace declarations - (and generally clean up the namespace declarations) after removing - the type annotations. - * lxml.objectify gained its own SubElement() function as a copy of - etree.SubElement to avoid an otherwise redundant import of - lxml.etree on the user side. - - Bugs fixed - - * Fixed the 'descendant' bug in cssselect a second time (after a first - fix in lxml 2.3.1). The previous change resulted in a serious - performance regression for the XPath based evaluation of the - translated expression. Note that this breaks the usage of some - of the generated XPath expressions as XSLT location paths that - previously worked in 2.3.1. - * Fixed parsing of some selectors in cssselect. Whitespace after - combinators '>', '+' and '~' is now correctly ignored. Previously - it was parsed as a descendant combinator. For example, 'div> .foo' - was parsed the same as 'div>* .foo' instead of 'div>.foo'. Patch by - Simon Sapin. [2.3.1-1] - Features added - -------------- - - * New option kill_tags in lxml.html.clean to remove specific - tags and their content (i.e. their whole subtree). - - * pi.get() and pi.attrib on processing instructions to parse - pseudo-attributes from the text content of processing instructions. - - * lxml.get_include() returns a list of include paths that can be - used to compile external C code against lxml.etree. This is - specifically required for statically linked lxml builds when code - needs to compile against the exact same header file versions as lxml - itself. - - * Resolver.resolve_file() takes an additional option - close_file that configures if the file(-like) object will be - closed after reading or not. By default, the file will be closed, - as the user is not expected to keep a reference to it. - - Bugs fixed - ---------- - - * HTML cleaning didn't remove 'data:' links. - - * The html5lib parser integration now uses the 'official' - implementation in html5lib itself, which makes it work with newer - releases of the library. - - * In lxml.sax, endElementNS() could incorrectly reject a plain - tag name when the corresponding start event inferred the same plain - tag name to be in the default namespace. - - * When an open file-like object is passed into parse() or - iterparse(), the parser will no longer close it after use. This - reverts a change in lxml 2.3 where all files would be closed. It is - the users responsibility to properly close the file(-like) object, - also in error cases. - - * Assertion error in lxml.html.cleaner when discarding top-level elements. - - * In lxml.cssselect, use the xpath 'A//B' (short for - 'A/descendant-or-self::node()/B') instead of 'A/descendant::B' for the - css descendant selector ('A B'). This makes a few edge cases to be - consistent with the selector behavior in WebKit and Firefox, and makes - more css expressions valid location paths (for use in xsl:template - match). - - [tags no longer show up in the - collected form values. - - [values to/from a multiple select form - field properly selects them and unselects them. - - Other changes - -------------- - - * Static builds can specify the download directory with the - --download-dir option. [2.3-1] - 2.3 (2011-02-06) - ================ - - Features added - -------------- - - * When looking for children, lxml.objectify takes '{}tag' as - meaning an empty namespace, as opposed to the parent namespace. - - Bugs fixed - ---------- - - * When finished reading from a file-like object, the parser - immediately calls its .close() method. - - * When finished parsing, iterparse() immediately closes the input - file. - - * Work-around for libxml2 bug that can leave the HTML parser in a - non-functional state after parsing a severly broken document (fixed - in libxml2 2.7.8). - - * marque tag in HTML cleanup code is correctly named marquee. - - Other changes - -------------- - - * Some public functions in the Cython-level C-API have more explicit - return types. - - 2.3beta1 (2010-09-06) - ===================== - - Features added - -------------- - - Bugs fixed - ---------- - - * Crash in newer libxml2 versions when moving elements between - documents that had attributes on replaced XInclude nodes. - - * XMLID() function was missing the optional parser and - base_url parameters. - - * Searching for wildcard tags in iterparse() was broken in Py3. - - * lxml.html.open_in_browser() didn't work in Python 3 due to the - use of os.tempnam. It now takes an optional 'encoding' parameter. - - Other changes - -------------- - - 2.3alpha2 (2010-07-24) - ====================== - - Features added - -------------- - - Bugs fixed - ---------- - - * Crash in XSLT when generating text-only result documents with a - stylesheet created in a different thread. - - Other changes - -------------- - - * repr() of Element objects shows the hex ID with leading 0x - (following ElementTree 1.3). - - 2.3alpha1 (2010-06-19) - ====================== - - Features added - -------------- - - * Keyword argument namespaces in lxml.cssselect.CSSSelector() - to pass a prefix-to-namespace mapping for the selector. - - * New function lxml.etree.register_namespace(prefix, uri) that - globally registers a namespace prefix for a namespace that newly - created Elements in that namespace will use automatically. Follows - ElementTree 1.3. - - * Support 'unicode' string name as encoding parameter in - tostring(), following ElementTree 1.3. - - * Support 'c14n' serialisation method in ElementTree.write() and - tostring(), following ElementTree 1.3. - - * The ElementPath expression syntax (el.find*()) was extended to - match the upcoming ElementTree 1.3 that will ship in the standard - library of Python 3.2/2.7. This includes extended support for - predicates as well as namespace prefixes (as known from XPath). - - * During regular XPath evaluation, various ESXLT functions are - available within their namespace when using libxslt 1.1.26 or later. - - * Support passing a readily configured logger instance into - PyErrorLog, instead of a logger name. - - * On serialisation, the new doctype parameter can be used to - override the DOCTYPE (internal subset) of the document. - - * New parameter output_parent to XSLTExtension.apply_templates() - to append the resulting content directly to an output element. - - * XSLTExtension.process_children() to process the content of the - XSLT extension element itself. - - * ISO-Schematron support based on the de-facto Schematron reference - 'skeleton implementation'. - - * XSLT objects now take XPath object as __call__ stylesheet - parameters. - - * Enable path caching in ElementPath (el.find*()) to avoid parsing - overhead. - - * Setting the value of a namespaced attribute always uses a prefixed - namespace instead of the default namespace even if both declare the - same namespace URI. This avoids serialisation problems when an - attribute from a default namespace is set on an element from a - different namespace. - - * XSLT extension elements: support for XSLT context nodes other than - elements: document root, comments, processing instructions. - - * Support for strings (in addition to Elements) in node-sets returned - by extension functions. - - * Forms that lack an action attribute default to the base URL of - the document on submit. - - * XPath attribute result strings have an attrname property. - - * Namespace URIs get validated against RFC 3986 at the API level - (required by the XML namespace specification). - - * Target parsers show their target object in the .target property - (compatible with ElementTree). - - Bugs fixed - ---------- - - * API is hardened against invalid proxy instances to prevent crashes - due to incorrectly instantiated Element instances. - - * Prevent crash when instantiating CommentBase and friends. - - * Export ElementTree compatible XML parser class as - XMLTreeBuilder, as it is called in ET 1.2. - - * ObjectifiedDataElements in lxml.objectify were not hashable. They - now use the hash value of the underlying Python value (string, - number, etc.) to which they compare equal. - - * Parsing broken fragments in lxml.html could fail if the fragment - contained an orphaned closing '</div>' tag. - - * Using XSLT extension elements around the root of the output document - crashed. - - * lxml.cssselect did not distinguish between x[attr='val'] and - x [attr='val'] (with a space). The latter now matches the - attribute independent of the element. - - * Rewriting multiple links inside of HTML text content could end up - replacing unrelated content as replacements could impact the - reported position of subsequent matches. Modifications are now - simplified by letting the iterlinks() generator in lxml.html - return links in reversed order if they appear inside the same text - node. Thus, replacements and link-internal modifications no longer - change the position of links reported afterwards. - - * The .value attribute of textarea elements in lxml.html did - not represent the complete raw value (including child tags etc.). It - now serialises the complete content on read and replaces the - complete content by a string on write. - - * Target parser didn't call .close() on the target object if - parsing failed. Now it is guaranteed that .close() will be - called after parsing, regardless of the outcome. - - Other changes - ------------- - - * Official support for Python 3.1.2 and later. - - * Static MS Windows builds can now download their dependencies - themselves. - - * Element.attrib no longer uses a cyclic reference back to its - Element object. It therefore no longer requires the garbage - collector to clean up. - - * Static builds include libiconv, in addition to libxml2 and libxslt. [2.2.8-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [2.2.8-3] - rebuild for newer python3 [2.2.8-2] - Rebuild for newer libxml2 [2.2.8-1] - 2.2.8 (2010-09-02) - Bugs fixed - - * Crash in newer libxml2 versions when moving elements between - documents that had attributes on replaced XInclude nodes. - * Import fix for urljoin in Python 3.1+. [2.2.7-3] - Don't byte-compile files during install because setup.py doesn't properly byte compile for Python version 3.2 [2.2.7-2] - Rebuild for Python 3.2 [2.2.7-1] - 2.2.7 (2010-07-24) - Bugs fixed - - * Crash in XSLT when generating text-only result documents with a stylesheet created in a different thread. [2.2.6-4] - actually add the patch this time [2.2.6-3] - workaround for 2to3 issue (patch 0; bug 600036) [2.2.6-2] - Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild [2.2.6-1] - 2.2.6 (2010-03-02) - - Bugs fixed - - * Fixed several Python 3 regressions by building with Cython 0.11.3. [2.2.5-1] - 2.2.5 (2010-02-28) - - Features added - - * Support for running XSLT extension elements on the input root node - (e.g. in a template matching on '/'). - - Bugs fixed - - * Crash in XPath evaluation when reading smart strings from a document - other than the original context document. - * Support recent versions of html5lib by not requiring its XHTMLParser - in htmlparser.py anymore. - * Manually instantiating the custom element classes in lxml.objectify - could crash. - * Invalid XML text characters were not rejected by the API when they - appeared in unicode strings directly after non-ASCII characters. - * lxml.html.open_http_urllib() did not work in Python 3. - * The functions strip_tags() and strip_elements() in lxml.etree did - not remove all occurrences of a tag in all cases. - * Crash in XSLT extension elements when the XSLT context node is not - an element. [2.2.4-2] - update to current python3 guidelines - be more explicit in %files - use %global and not %define - create docs subpackage - add stripping 3-byte Byte Order Marker from src/lxml/tests/test_errors.py to get 2to3 to work (dmalcolm) - fixes FTBFS (#564674) [2.2.4-1] - Update to 2.2.4 - Enable Python 3 subpackage [2.2.3-3] - F-13's python build chain must be a little different... [2.2.3-2] - Add option to build a Python 3 subpackage, original patch by David Malcolm [2.2.3-1] - 2.2.3 (2009-10-30) - Bugs fixed - - * The resolve_entities option did not work in the incremental feed - parser. - * Looking up and deleting attributes without a namespace could hit a - namespaced attribute of the same name instead. - * Late errors during calls to SubElement() (e.g. attribute related - ones) could leave a partially initialised element in the tree. - * Modifying trees that contain parsed entity references could result - in an infinite loop. - * ObjectifiedElement.__setattr__ created an empty-string child element - when the attribute value was rejected as a non-unicode/non-ascii - string - * Syntax errors in lxml.cssselect could result in misleading error - messages. - * Invalid syntax in CSS expressions could lead to an infinite loop in - the parser of lxml.cssselect. - * CSS special character escapes were not properly handled in - lxml.cssselect. - * CSS Unicode escapes were not properly decoded in lxml.cssselect. - * Select options in HTML forms that had no explicit value attribute - were not handled correctly. The HTML standard dictates that their - value is defined by their text content. This is now supported by - lxml.html. - * XPath raised a TypeError when finding CDATA sections. This is now - fully supported. - * Calling help(lxml.objectify) didn't work at the prompt. - * The ElementMaker in lxml.objectify no longer defines the default - namespaces when annotation is disabled. - * Feed parser failed to honour the 'recover' option on parse errors. - * Diverting the error logging to Python's logging system was broken. [2.2.2-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [2.2.2-1] - 2.2.2 (2009-06-21) - Features added - - * New helper functions strip_attributes(), strip_elements(), - strip_tags() in lxml.etree to remove attributes/subtrees/tags - from a subtree. - - Bugs fixed - - * Namespace cleanup on subtree insertions could result in missing - namespace declarations (and potentially crashes) if the element - defining a namespace was deleted and the namespace was not used - by the top element of the inserted subtree but only in deeper - subtrees. - * Raising an exception from a parser target callback didn't always - terminate the parser. - * Only {true, false, 1, 0} are accepted as the lexical representation - for BoolElement ({True, False, T, F, t, f} not any more), restoring - lxml <= 2.0 behaviour. [2.2.1-1] - 2.2.1 (2009-06-02) - Features added - - * Injecting default attributes into a document during XML Schema - validation (also at parse time). - * Pass huge_tree parser option to disable parser security restrictions - imposed by libxml2 2.7. - - Bugs fixed - - * The script for statically building libxml2 and libxslt didn't work - in Py3. - * XMLSchema() also passes invalid schema documents on to libxml2 for - parsing (which could lead to a crash before release 2.6.24). [2.2-1] - 2.2 (2009-03-21) - Features added - - * Support for standalone flag in XML declaration through - tree.docinfo.standalone and by passing standalone=True/False on - serialisation. - - Bugs fixed - - * Crash when parsing an XML Schema with external imports from a - filename. [2.2-0.8.beta4] - 2.2beta4 (2009-02-27) - Features added - - * Support strings and instantiable Element classes as child arguments - to the constructor of custom Element classes. - * GZip compression support for serialisation to files and file-like - objects. - - Bugs fixed - - * Deep-copying an ElementTree copied neither its sibling PIs and - comments nor its internal/external DTD subsets. - * Soupparser failed on broken attributes without values. - * Crash in XSLT when overwriting an already defined attribute using - xsl:attribute. - * Crash bug in exception handling code under Python 3. This was due to - a problem in Cython, not lxml itself. - * lxml.html.FormElement._name() failed for non top-level forms. - * TAG special attribute in constructor of custom Element classes was - evaluated incorrectly. - - Other changes - - * Official support for Python 3.0.1. - * Element.findtext() now returns an empty string instead of None for - Elements without text content. [2.2-0.7.beta3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild [2.2-0.6.beta3] - 2.2beta3 (2009-02-17) - Features added - - * XSLT.strparam() class method to wrap quoted string parameters that - require escaping. - - Bugs fixed - - * Memory leak in XPath evaluators. - * Crash when parsing indented XML in one thread and merging it with - other documents parsed in another thread. - * Setting the base attribute in lxml.objectify from a unicode string - failed. - * Fixes following changes in Python 3.0.1. - * Minor fixes for Python 3. - - Other changes - - * The global error log (which is copied into the exception log) is now - local to a thread, which fixes some race conditions. - * More robust error handling on serialisation. [2.2-0.5.beta2] - 2.2beta2 (2009-01-25) - Bugs fixed - - * Potential memory leak on exception handling. This was due to a - problem in Cython, not lxml itself. - * iter_links (and related link-rewriting functions) in lxml.html would - interpret CSS like url('link') incorrectly (treating the quotation - marks as part of the link). - * Failing import on systems that have an io module. [2.2-0.4.beta1] - 2.2beta1 (2008-12-12) - Features added - - * Allow lxml.html.diff.htmldiff to accept Element objects, - not just HTML strings. - - Bugs fixed - - * Crash when using an XPath evaluator in multiple threads. - * Fixed missing whitespace before Link:... in lxml.html.diff. - - Other changes - - * Export lxml.html.parse. [2.2-0.3.alpha1] - Rebuild for Python 2.6 [2.2-0.2.alpha1] - Don't forget to upload the sources! [2.2-0.1.alpha1] - 2.2alpha1 (2008-11-23) - Features added - - * Support for XSLT result tree fragments in XPath/XSLT extension - functions. - * QName objects have new properties namespace and localname. - * New options for exclusive C14N and C14N without comments. - * Instantiating a custom Element classes creates a new Element. - - Bugs fixed - - * XSLT didn't inherit the parse options of the input document. - * 0-bytes could slip through the API when used inside of Unicode - strings. - * With lxml.html.clean.autolink, links with balanced parenthesis, that - end in a parenthesis, will be linked in their entirety (typical with - Wikipedia links). [2.1.3-1] - 2.1.3 (2008-11-17) - Bugs fixed - - * Ref-count leaks when lxml enters a try-except statement while an - outside exception lives in sys.exc_*(). This was due to a problem - in Cython, not lxml itself. - * Parser Unicode decoding errors could get swallowed by other - exceptions. - * Name/import errors in some Python modules. - * Internal DTD subsets that did not specify a system or public ID - were not serialised and did not appear in the docinfo property - of ElementTrees. - * Fix a pre-Py3k warning when parsing from a gzip file in Py2.6. - * Test suite fixes for libxml2 2.7. - * Resolver.resolve_string() did not work for non-ASCII byte strings. - * Resolver.resolve_file() was broken. - * Overriding the parser encoding didn't work for many encodings. [2.1.2-1] - 2.1.2 (2008-09-05) - Features added - - * lxml.etree now tries to find the absolute path name of files when - parsing from a file-like object. This helps custom resolvers when - resolving relative URLs, as lixbml2 can prepend them with the path of - the source document. - - Bugs fixed - - * Memory problem when passing documents between threads. - * Target parser did not honour the recover option and raised an exception - instead of calling .close() on the target. [2.1.1-1] - Update to 2.1.1 [2.0.7-1] - Update to 2.0.7 - Update download URL [2.0.6-1] - Update to 2.0.6 [2.0.5-1] - Update to 2.0.5 [2.0.3-1] - Update to 2.0.3 [2.0.2-1] - Update to 2.0.2 [2.0.1-1] - Update to 2.0.1 [1.3.6-2] - Autorebuild for GCC 4.3 [1.3.6-1] - Update to 1.3.6. [1.3.5-1] - Update to 1.3.5. [1.3.4-1] - Update to 1.3.4. [1.3.3-3] - Rebuild for selinux ppc32 issue. [1.3.3-2] - BR python-setuptools-devel [1.3.3-1] - Update to 1.3.3 [1.1.2-1] - Update to 1.1.2 [1.0.3-3] - Rebuild for new Python [1.0.3-2] - Rebuild for FC6 [1.0.3-1] - Update to new upstream version [1.0.2-2] - Include, don't ghost .pyo files per new guidelines [1.0.2-1] - Update to new upstream release [1.0.1-1] - Update to new upstream release [1.0-1] - Update to new upstream 1.0 release [0.9.1-3] - Add python-setuptools to BuildRequires - Use dist tag [0.9.1-2] - Fix summary and description [0.9.1-1] - update the new upstream version - remove Pyrex build req [0.8-1] - Initial package python-ply python-psutil [5.8.0-4] - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz#1877430 [5.8.0-3] - Disable test_leak_mem test. [5.8.0-2] - Disable test_sensors_temperatures test. [5.8.0-1] - Update to 5.8.0. Fixes rhbz#1909321 - Re-enable tests (skipping 2 that fail in mock). [5.7.3-1] - Update to 5.7.3 (rhbz#1857187) [5.7.2-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [5.7.2-1] - Update to 5.7.2 [5.6.7-3] - Add BR on setuptools for all package combinations [5.6.7-2] - Rebuilt for Python 3.9 [5.6.7-1] - Update to 5.6.7. Fixes bug 1768362. [5.6.3-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild [5.6.3-5] - Add python2-setuptools to BuildRequires to fix egg info. Fixes bug #1750362 [5.6.3-4] - Reduce unused build dependencies [5.6.3-3] - Rebuilt for Python 3.8 [5.6.3-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild [5.6.3-1] - Update to 5.6.3 Fixes bug #1567102 [5.5.1-1] - Update to 5.5.1 (Resolves #1567102) [5.4.3-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild [5.4.3-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild [5.4.3-5] - Rebuilt for Python 3.7 [5.4.3-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [5.4.3-3] - Update Python 2 dependency declarations to new packaging standards (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) [5.4.3-2] - Disable tests entirely. [5.4.3-1] - 5.4.3 [5.2.2-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [5.2.2-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [5.2.2-1] - Update to 5.2.2. Fixes bug #1441010 [5.2.1-1] - Update to 5.2.1. Fixes bug #1418489 [5.1.3-1] - Update to 5.1.3. Fixes bug #1418489 [5.0.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [5.0.1-1] - Update to 5.0.1. Fixes bug #1389579 - Disable failing test while upstream looks at it. [5.0.0-1] - Update to 5.0.0. Fixes bug #1389579 [4.4.0-1] - Update to 4.4.0. Fixes bug #1387942 [4.3.1-1] - Update to 4.3.1. Fixes bug #1372500 [4.3.0-2] - https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages [4.3.0-1] - Update to 4.3.0 [3.2.1-6] - Use modern provides filter - Update URL - Use %python3_pkgversion for EPEL7 compat [3.2.1-5] - fix endian issue on s390x/ppc64 [3.2.1-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [3.2.1-3] - Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5 [3.2.1-2] - Add Obsoletes for old package [3.2.1-1] - Update to 3.2.1 - Update to latest Python guidelines (https://fedorahosted.org/fpc/ticket/281) [3.1.1-2] - Restore *.so files - Enable tests [3.1.1-1] - Update to 3.1.1 [2.2.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [2.2.0-1] - new version [2.1.3-1] - Update to 2.1.3 [1.2.1-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild [1.2.1-4] - fix license handling [1.2.1-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [1.2.1-2] - Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 [1.2.1-1] - Update to 1.2.1 [1.0.1-1] - Update to 1.0.1 [0.7.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild [0.7.1-1] - Update to 0.7.1 [0.6.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild [0.6.1-1] - Update to 0.6.1 [0.5.1-3] - rebuild for https://fedoraproject.org/wiki/Features/Python_3.3 [0.5.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [0.5.1-1] - Update to 0.5.1 [0.4.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [0.4.1-1] - Update to 0.4.1 [0.4.0-1] - Update to 0.4.0 [0.3.0-1] - Update to 0.3.0 [0.2.1-1] - Update to 0.2.1 - Spec cleanup [0.2.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [0.2.0-1] - Update to 0.2.0 [0.1.3-5] - rebuild with python3.2 http://lists.fedoraproject.org/pipermail/devel/2010-August/141368.html [0.1.3-4] - bump, because previous build nvr already existed in F-14 [0.1.3-3] - Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild [0.1.3-2] - Add missing popd in %build [0.1.3-1] - Update to 0.1.3 - Remove useless call to 2to3 and corresponding BuildRequires python2-tools (this version supports Python 3) [0.1.2-4] - Change python-utils BuildRequires for python2-utils [0.1.2-3] - Add python3 subpackage [0.1.2-2] - Drop no-shebang patch for a sed command - Drop test suite from %doc tag [0.1.2-1] - Initial RPM release python-psycopg2 [2.8.6-3] - Update license tag to the SPDX format - Resolves: RHEL-12994 [2.8.6-2] - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz#1877430 [2.8.6-1] - Rebase to upstream version 2.8.6 [2.8.5-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [2.8.5-2] - Rebuilt for Python 3.9 [2.8.5-1] - Rebase to upstream version 2.8.5 [2.8.4-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild [2.8.4-1] - New upstream version 2.8.4 - bcond check renamed to bcond tests [2.8.3-2] - Package python2-psycopg2 removed on Fedora 32+ (rhbz#1761216) [2.8.3-1] - Update to 2.8.3 [2.7.7-5] - Package python2-psycopg2-debug removed on Fedora 32+ (rhbz#1747670) [2.7.7-4] - Rebuilt for Python 3.8 [2.7.7-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild [2.7.7-2] - Fixes for 3.8.0a4 rebuild Resolves: 1693641 [2.7.7-1] - update to the latest upstream release [2.7.5-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild [2.7.5-5] - prepare --without=debugrpms option (rhbz#1635166) - get the python2 packages back for a while (rhbz#1634973) [2.7.5-4] - drop python2* on f30+ (rhbz#1634973) - use proper compiler/linker flags (rhbz#1631713) - correct the (build)requires [2.7.5-3] - standalone installable doc subpackage [2.7.5-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild [2.7.5-2] - Rebuilt for Python 3.7 [2.7.5-1] - rebase to latest upstream release, per release notes: http://initd.org/psycopg/articles/2018/06/17/psycopg-275-released/ [2.7.4-5] - Rebuilt for Python 3.7 [2.7.4-4] - fix for python 3.7, by mhroncok [2.7.4-3] - depend on postgresql-test-rpm-macros [2.7.4-2] - re-enable testsuite [2.7.4-1] - rebase to latest upstream release, per release notes: http://initd.org/psycopg/articles/2018/02/08/psycopg-274-released/ [2.7.3.2-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [2.7.3.2-2] - treat python3/python2 equally [2.7.3.2-1] - update to 2.7.3.2, per release notes: http://initd.org/psycopg/articles/2017/10/24/psycopg-2732-released/ [2.7.3.1-1] - http://initd.org/psycopg/articles/2017/08/26/psycopg-2731-released/ [2.7.3-1] - rebase to latest upstream release, per release notes: http://initd.org/psycopg/articles/2017/07/24/psycopg-273-released/ [2.7.2-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [2.7.2-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [2.7.2-1] - rebase to latest upstream release, per release notes: http://initd.org/psycopg/articles/2017/07/22/psycopg-272-released/ [2.7.1-1] - rebase to latest upstream release, per release notes: http://initd.org/psycopg/articles/2017/03/01/psycopg-271-released/ - fix testsuite [2.7-1] - rebase to latest upstream release, per release notes: http://initd.org/psycopg/articles/2017/03/01/psycopg-27-released/ - enable testsuite during build, and package it [2.6.2-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [2.6.2-3] - Rebuild for Python 3.6 [2.6.2-2] - https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages [2.6.2-1] - rebase (rhbz#1353545), per release notes http://initd.org/psycopg/articles/2016/07/07/psycopg-262-released/ [2.6.1-6] - provide python2-psycopg2 (rhbz#1306025) - cleanup obsoleted packaging stuff [2.6.1-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [2.6.1-4] - again bump for new Python 3.5, not build previously? - fix rpmlint issues - no pyo files with python 3.5 * Tue Nov 10 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5 [2.6.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [2.6.1-1] - Update to 2.6.1 [2.6-1] - Update to 2.6, per changes described at: http://www.psycopg.org/psycopg/articles/2015/02/09/psycopg-26-and-255-released/ [2.5.4-1] - Update to 2.5.4, per changes described at: http://www.psycopg.org/psycopg/articles/2014/08/30/psycopg-254-released [2.5.3-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild [2.5.3-1] - rebase to most recent upstream version, per release notes: http://www.psycopg.org/psycopg/articles/2014/05/13/psycopg-253-released/ [2.5.2-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [2.5.2-2] - Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 [2.5.2-1] - Update to 2.5.2, per changes described at: http://www.psycopg.org/psycopg/articles/2014/01/07/psycopg-252-released [2.5.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild [2.5.1-1] - rebase to 2.5.1 [2.5-1] - Update to 2.5, per changes described at: http://www.psycopg.org/psycopg/articles/2013/04/07/psycopg-25-released/ [2.4.5-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild [2.4.5-6] - rebuild for https://fedoraproject.org/wiki/Features/Python_3.3 [2.4.5-5] - generalize python 3 fileglobbing to work with both Python 3.2 and 3.3 [2.4.5-4] - replace 'python3.2dmu' with 'python3-debug'; with_python3 fixes [2.4.5-3] - add with_python3 conditional [2.4.5-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [2.4.5-1] - Update to 2.4.5 [2.4.4-1] - Update to 2.4.4 - More specfile neatnik-ism [2.4.2-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [2.4.2-2] - Fix mistaken %dir marking on python3 files, per Dan Horak [2.4.2-1] - Update to 2.4.2 Related: #711095 - Some neatnik specfile cleanups [2.4-0.beta2] - 2.4.0-beta2 - add python 2 debug, python3 (optimized) and python3-debug subpackages [2.3.2-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [2.3.2-1] - Update to 2.3.2 - Clean up a few rpmlint warnings [2.2.2-3] - Fix incorrect (and invalid) License: tag. [2.2.2-2] - Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild [2.2.2-1] - Update to 2.2.2 [2.2.1-1] - Update to 2.2.1 - Improve description for 2.2 features. - Changelog for 2.2.0 is: http://initd.org/pub/software/psycopg/ChangeLog-2.2 [2.0.14-1] - Update to 2.0.14 - Update license (upstream switched to LGPL3) [2.0.13-2] - Fix rpmlint complaints: remove unneeded explicit Requires:, use Conflicts: instead of bogus Obsoletes: to indicate lack of zope subpackage [2.0.13-1] - Update to 2.0.13 [2.0.12-1] - Update to 2.0.12 [2.0.11-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [2.0.11-1] - Update to 2.0.11 [2.0.10-1] - Update to 2.0.10 [2.0.9-1] - Update to 2.0.9 [2.0.8-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild [2.0.8-2] - Rebuild for Python 2.6 [2.0.8-1] - Update to 2.0.8 [2.0.8-1] - Update to 2.0.8 [2.0.7-3] - Rebuild for Python 2.6 [2.0.7-2] - fix license tags [2.0.7-1] - Update to 2.0.7 [2.0.6-4.1] - Autorebuild for GCC 4.3 [2.0.6-3.1] - Rebuilt against PostgreSQL 8.3 [2.0.6-3] - Rebuild for rawhide changes [2.0.6-2] - Rebuild for selinux ppc32 issue. [2.0.6-1] - Update to 2.0.6 [2.0.5.1-8] - Disabled zope package temporarily. [2.0.5.1-7] - Rebuilt [2.0.5.1-5] - Bumped up spec version [2.0.5.1-4] - Rebuilt for PostgreSQL 8.2.0 [2.0.5.1-3] - Rebuilt [2.0.5.1-2] - Remove ghost'ing, per Python Packaging Guidelines [2.0.5.1-1] - Update to 2.0.5.1 [2.0.3-3] - Fixed zope package dependencies and macro definition, per bugzilla review (#199784) - Fixed zope package directory ownership, per bugzilla review (#199784) - Fixed cp usage for zope subpackage, per bugzilla review (#199784) [2.0.3-2] - Fixed 64 bit builds - Fixed license - Added Zope subpackage - Fixed typo in doc description - Added macro for zope subpackage dir [2.0.3-1] - Update to 2.0.3 - Fixed spec file, per bugzilla review (#199784) [2.0.2-3] - Removed python dependency, per bugzilla review. (#199784) - Changed doc package group, per bugzilla review. (#199784) - Replaced dos2unix with sed, per guidelines and bugzilla review (#199784) - Fix changelog dates [2.0.2-2] - Added dos2unix to buildrequires - removed python related part from package name [2.0.2-1] - Fix rpmlint errors, including dos2unix solution - Re-engineered spec file * Mon Jan 23 2006 - Devrim GUNDUZ <devrim@commandprompt.com> - First 2.0.X build * Mon Jan 23 2006 - Devrim GUNDUZ <devrim@commandprompt.com> - Update to 1.2.21 * Tue Dec 06 2005 - Devrim GUNDUZ <devrim@commandprompt.com> - Initial release for 1.1.20 python-pycparser [2.20-3] - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz#1877430 [2.20-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [2.20-1] - Update to 2.20 (#1810349) python-PyMySQL python-pysocks python-requests [2.25.0-3] - Security fix for CVE-2023-32681 Resolves: rhbz#2209469 [2.25.0-2] - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz#1877430 [2.25.0-1] - Update to 2.25.0 [2.24.0-5] - Don't BR pytest-cov [2.24.0-3] - Build with pytest 6, older version is no longer required [2.24.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [2.24.0-1] - Update to 2.24.0 - Resolves rhbz#1848104 [2.23.0-5] - Add requests[security] and requests[socks] subpackages [2.23.0-4] - Test with pytest 4, drop manual requires [2.23.0-3] - Rebuilt for Python 3.9 [2.23.0-2] - Bootstrap for Python 3.9 [2.23.0-1] - Update to 2.23.0 (#1804863). - https://requests.readthedocs.io/en/latest/community/updates/ [2.22.0-8] - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild [2.22.0-7] - Remove the python2 subpackage (rhbz#1761787) [2.22.0-6] - Python 2: Remove tests and test dependencies [2.22.0-5] - Rebuilt for Python 3.8 [2.22.0-4] - Bootstrap for Python 3.8 [2.22.0-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild [2.22.0-2] - Add minimum requirement for chardet and urllib3 [2.22.0-1] - Update to v2.22.0 [2.21.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild [2.21.0-1] - Update to v2.21.0 - Don't rely on certifi being patched properly to use the system CA bundle [2.20.0-2] - No pytest-httpbin for Python 2 [2.20.0-1] - Update to v2.20.0 [2.19.1-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild [2.19.1-2] - Rebuilt for Python 3.7 [2.19.1-1] - Update to v2.19.1 (rhbz 1591531) [2.19.0-2] - Bootstrap for Python 3.7 [2.19.0-1] - Update to v2.19.0 (rhbz 1590508) [2.18.4-6] - Don't print runtime warning about urllib3 v1.23 (rhbz 1589306) [2.18.4-5] - Allow urllib3 v1.23 (rhbz 1586311) [2.18.4-4] - Stop injecting PyOpenSSL (rhbz 1567862) [2.18.4-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [2.18.4-2] - Fix ambiguous Python 2 dependency declarations (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) [2.18.4-1] - Update to 2.18.4 [2.18.2-1] - Update to 2.18.2 [2.18.1-2] - Drop the dependency on certifi in setup.py [2.18.1-1] - Update to 2.18.1 (#1449432) - Remove tests that require non-local network (#1450608) [2.14.2-1] - Update to 2.14.2 (#1449432) - Switch to autosetup to apply patches [2.13.0-2] - Don't run tests when building as a module [2.13.0-1] - Update to 2.13.0 (#1418138) [2.12.4-3] - Include and enable tests (now python-pytest-httpbin is packaged) [2.12.4-2] - Rebuild for Python 3.6 again. [2.12.4-1] - Update to 2.12.4. Fixes #1404680 [2.12.3-2] - Rebuild for Python 3.6 [2.12.3-1] - Update to 2.12.3. Fixes #1400601 [2.12.2-1] - Update to 2.12.2 [2.12.1-2] - Backport #3713. Fixes #1397149 [2.12.1-1] - Update to 2.12.1. Fixes #1395469 - Unbundle idna, a new upstream dependency [2.11.1-1] - Update to 2.11.1. Fixes #1370814 [2.11.0-1] - Update to 2.11.0. Fixes #1365332 [2.10.0-4] - https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages [2.10.0-3] - Update python2 packaging. [2.10.0-2] - Fix python2 subpackage to comply with guidelines. [2.9.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [2.9.1-1] - new version [2.9.0-1] - new version [2.8.1-1] - Latest upstream. - Bump hard dep on urllib3 to 1.12. [2.7.0-8] - Rebuilt for Python3.5 rebuild [2.7.0-7] - Tell setuptools about what version of urllib3 we're unbundling for https://github.com/kennethreitz/requests/issues/2816 [2.7.0-6] - Replace the provides macro with a plain provides field for now until we can re-organize this package into two different subpackages. [2.7.0-5] - Remove 'provides: python2-requests' from the python3 subpackage, obviously. [2.7.0-4] - Employ %python_provides macro to provide python2-requests. [2.7.0-3] - Lock down the python-urllib3 version to the specific version we unbundled. https://bugzilla.redhat.com/show_bug.cgi?id=1253823 [2.7.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [2.7.0-1] - new version [2.6.2-1] - new version [2.6.1-1] - new version [2.6.0-1] - new version - Remove patch for CVE-2015-2296, now included in the upstream release. [2.5.3-2] - Backport fix for CVE-2015-2296. [2.5.3-1] - new version [2.5.1-1] - new version [2.5.0-3] - Pin python-urllib3 requirement at 1.10. - Fix requirement pinning syntax. [2.5.0-2] - Do the most basic of tests in the check section. [2.5.0-1] - Latest upstream, 2.5.0 for #1171068 [2.4.3-1] - Latest upstream, 2.4.3 for #1136283 [2.3.0-4] - Re-do unbundling by symlinking system libs into the requests/packages/ dir. [2.3.0-3] - fix license handling [2.3.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [2.3.0-1] - Latest upstream [2.0.0-2] - Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 [2.0.0-1] - Latest upstream. - Add doc macro to the python3 files section. - Require python-urllib3 greater than or at 1.7.1. [1.2.3-5] - fix versioned dep on python-urllib3 [1.2.3-4] - Explicitly versioned the requirements on python-urllib3. [1.2.3-3] - Release bump for a coupled update with python-urllib3. [1.2.3-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild [1.2.3-1] - Latest upstream. - Fixed bogus date in changelog. [1.1.0-4] - Correct a rhel conditional on python-ordereddict [1.1.0-3] - Unbundled python-urllib3. Using system python-urllib3 now. - Conditionally include python-ordereddict for el6. [1.1.0-2] - Unbundled python-charade/chardet. Using system python-chardet now. - Removed deprecated comments and actions against oauthlib unbundling. Those are no longer necessary in 1.1.0. - Added links to bz tickets over Patch declarations. [1.1.0-1] - Latest upstream. - Relicense to ASL 2.0 with upstream. - Removed cookie handling patch (fixed in upstream tarball). - Updated cert unbundling patch to match upstream. - Added check section, but left it commented out for koji. [0.14.1-4] - Let brp_python_bytecompile run again, take care of the non-python{2,3} modules by removing them from the python{,3}-requests package that they did not belong in. - Use the certificates in the ca-certificates package instead of the bundled one + https://bugzilla.redhat.com/show_bug.cgi?id=904614 - Fix a problem with cookie handling + https://bugzilla.redhat.com/show_bug.cgi?id=906924 [ 0.14.1-1] - Updated to latest upstream release [0.13.1-1] - Updated to latest upstream release 0.13.1 - Use system provided ca-certificates - No more async requests use grrequests https://github.com/kennethreitz/grequests - Remove gevent as it is no longer required by requests [0.11.1-1] - Updated to upstream release 0.11.1 [0.10.6-3] - Support building package for EL6 [0.10.6-2] - +python3-requests pkg [0.10.6-1] - Updated to new upstream version [0.9.3-1] - Updated to new upstream version 0.9.3 - Include python-gevent as a dependency for requests.async - Clean up shebangs in requests/setup.py,test_requests.py and test_requests_ext.py [0.8.2-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [0.8.2-1] - New upstream version - keep alive support - complete removal of cookiejar and urllib2 [0.7.6-1] - Updated to new upstream release 0.7.6 [0.6.6-1] - Updated to version 0.6.6 [0.6.1-1] - Updated to version 0.6.1 [0.6.0-1] - Updated to latest version 0.6.0 [0.5.1-2] - Remove OPT_FLAGS from build section since it is a noarch package - Fix use of mixed tabs and space - Remove extra space around the word cumbersome in description [0.5.1-1] - Initial package python-toml python-urllib3 [1.25.10-5] - Security fix for CVE-2023-43804 Resolves: RHEL-11997 [1.25.10-4] - Fix for CVE-2021-33503 Catastrophic backtracking in URL authority parser Resolves: rhbz#1968074 [1.25.10-3] - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz#1877430 [1.25.10-2] - Update RECENT_DATE dynamically [1.25.10-1] - Update to 1.25.10. Fixed bug #1824900 [1.25.8-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [1.25.8-3] - Rebuilt for Python 3.9 [1.25.8-2] - Bootstrap for Python 3.9 [1.25.8-1] - Latest upstream rhbz#1771186 [1.25.7-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild [1.25.7-2] - Subpackage python2-urllib3 has been removed See https://fedoraproject.org/wiki/Changes/Mass_Python_2_Package_Removal [1.25.6-1] - Update to v1.25.6 [1.25.3-7] - Rebuilt for Python 3.8.0rc1 (#1748018) [1.25.3-6] - Rebuilt for Python 3.8 [1.25.3-5] - Bootstrap for Python 3.8 [1.25.3-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild [1.25.3-3] - Set RECENT_DATE not to be older than 2 years (#1727796) [1.25.3-2] - Drop the Python 2 tests since Tornado is going away [1.25.3-1] - Update to 1.25.3 [1.24.1-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild [1.24.1-2] - Adjust unbundling of ssl_match_hostname [1.24.1-1] - Update to v1.24.1 [1.23-4] - Removed unneeded dependency python[23]-psutil [1.23-3] - Rebuilt for Python 3.7 [1.23-2] - Bootstrap for Python 3.7 [1.23-1] - Update to the latest upstream release (rhbz 1586072) [1.22-10] - Backport patch to support Python 3.7 (rhbz 1584112) [1.22-9] - Do not lowercase hostnames with custom-protocol (rhbz 1567862) - upstream: https://github.com/urllib3/urllib3/issues/1267 [1.22-8] - Drop the dependency on idna and cryptography (rhbz 1567862) [1.22-7] - Drop the dependency on PyOpenSSL, it's not needed (rhbz 1567862) [1.22-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [1.22-5] - Update Python 2 dependency declarations to new packaging standards (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) [1.22-4] - Fix FTBFS - Move RECENT_DATE to 2017-06-30 [1.22-3] - Symlink the Python 3 bytecode for six (rbhz 1519147) [1.22-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [1.22-1] - Update to 1.22 (#1473293) [1.21.1-1] - Update to 1.21.1 (#1445280) [1.20-1] - Update to 1.20 (#1414775) [1.19.1-2] - Rebuild for Python 3.6 [1.19.1-1] - Update to 1.19.1 - Clean up the specfile to only support Fedora 26 [1.16-3] - Rebuild now that python-requests is ready to update. [1.16-2] - https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages [1.16-1] - Update to 1.16 [1.15.1-3] - Create python2 subpackage to comply with guidelines. [1.15.1-2] - Remove broken symlinks to unbundled python3-six files https://bugzilla.redhat.com/show_bug.cgi?id=1295015 [1.15.1-1] - Removed patch for ipv6 support, now applied upstream. - Latest version. - New dep on pysocks. [1.13.1-3] - Apply patch from upstream to fix ipv6. [1.13.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [1.13.1-1] - new version [1.13-1] - new version [1.12-1] - new version [1.10.4-7] - Rebuilt for Python3.5 rebuild [1.10.4-6] - Sync from PyPI instead of a git checkout. [1.10.4-5.20150503gita91975b] - Drop requirement on python-backports-ssl_match_hostname on F22 and newer. [1.10.4-4.20150503gita91975b] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [1.10.4-3.20150503gita91975b] - Apply pyopenssl injection for an outdated cpython as per upstream advice https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning https://urllib3.readthedocs.org/en/latest/security.html#pyopenssl [1.10.4-2.20150503gita91975b] - Specify symlinks for six.py{c,o}, fixing rhbz #1222142. [1.10.4-1.20150503gita91975b] - Latest release for python-requests-2.7.0 [1.10.3-2.20150429git585983a] - Grab a git snapshot to get around this chunked encoding failure. [1.10.3-1] - new version [1.10.2-1] - new version [1.10.1-1] - new version [1.10.1-1] - new version [1.10-2] - Copy in a shim for ssl_match_hostname on python3. [1.10-1] - Latest upstream 1.10, for python-requests-2.5.0. - Re-do unbundling without patch, with symlinks. - Modernize python2 macros. - Remove the with_dummyserver tests which fail only sometimes. [1.9.1-1] - Latest upstream, 1.9.1 for latest python-requests. [1.8.2-4] - fix license handling [1.8.2-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [1.8.2-2] - Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 [1.8.2-1] - Update to latest upstream version [1.7.1-2] - Update patch to find ca_certs in the correct location. [1.7.1-1] - Latest upstream with support for a new timeout class and py3.4. [1.7-3] - Bump release again, just to push an unpaired update. [1.7-2] - Bump release to pair an update with python-requests. [1.7-1] - Update to latest upstream. - Removed the accept-header proxy patch which is included in upstream now. - Removed py2.6 compat patch which is included in upstream now. [1.5-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild [1.5-6] - Fix Requires of python-ordereddict to only apply to RHEL [1.5-5] - Unbundling finished! [1.5-4] - Upstream patch to fix Accept header when behind a proxy. - Reorganize patch numbers to more clearly distinguish them. [1.5-3] - Renamed patches to python-urllib3-* - Fixed ssl check patch to use the correct cert path for Fedora. - Included dependency on ca-certificates - Cosmetic indentation changes to the .spec file. [1.5-2] - python3-tornado BR and run all unittests on python3 [1.5-1] - Initial fedora build. python-wheel [1:0.35.1-4] - Adjusted the postun scriptlets to enable upgrading to RHEL 9 - Resolves: rhbz#1933055 [1:0.35.1-3] - Add back Epoch 1 to the package version because the original version with the epoch was available in CentOS Stream for a few days - Resolves: rhbz#1877430 [1:0.35.1-2] - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz#1877430 [1:0.35.1-1] - Update to 0.35.1 - Fixes: rhbz#1868821 [1:0.34.2-1] - Update to 0.34.2 - Drops Python 3.4 support - Fixes: rhbz#1795134 [1:0.33.6-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [1:0.33.6-5] - Rebuilt for Python 3.9 [1:0.33.6-4] - Bootstrap for Python 3.9 [1:0.33.6-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild [1:0.33.6-2] - Drop python2-wheel [1:0.33.6-1] - Update to 0.33.6 (#1708194) - Don't add the m ABI flag to wheel names on Python 3.8 [1:0.33.1-5] - Rebuilt for Python 3.8 [1:0.33.1-4] - Bootstrap for Python 3.8 [1:0.33.1-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild [1:0.33.1-2] - Make /usr/bin/wheel Python 3 [1:0.33.1-1] - Update to 0.33.1 [1:0.32.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild [1:0.32.0-1] - Update to 0.32.0 PyYAML scipy [1.5.4-5] - Skip some tests that fail on the ppc64le builders - Resolves: rhbz#2217858 [1.5.4-4] - Remove RPATH from certain shared object files - Resolves: rhbz#2222715 [1.5.4-3] - Specify LDFLAGS explicitly - Force preprocessing of Fortran sources to make annobin record proper flags - Resolves: rhbz#1778983 rhbz#1877430 [1.5.4-2] - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz#1877430 [1.5.4-1] - New upstream release 1.5.4 - Increase test timeout, 300 seconds is not always enough for test_logpdf_overflow on s390x resolves: #1894887 [1.5.3-1] - New upstream release 1.5.3 resolves: #1889132 [1.5.2-2] - Skip one more test expected to fail on 32-bit architectures [1.5.2-1] - New upstream release 1.5.2 resolves: #1853871 and 1840077 [1.5.0-4] - https://fedoraproject.org/wiki/Changes/FlexiBLAS_as_BLAS/LAPACK_manager [1.5.0-3] - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [1.5.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [1.5.0-1] - Update to latest version [1.4.1-2] - Rebuilt for Python 3.9 [1.4.1-1] - Update to 1.4.1 (bz#1771154) - Workaround FTBFS with gcc 10 (bz#1800078) [1.3.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild [1.3.1-1] - Update to 1.3.1 (#1674101) - Drop Python 2 packages (not supported by SciPy >= 1.3) - Backported upstream patch for cKDTree (fixes FTBFS) [1.2.1-8] - Rebuilt for Python 3.8.0rc1 (#1748018) [1.2.1-7] - Rebuilt for Python 3.8 [1.2.1-6] - Remove build dependency on python2-pytest-xdist and python2-pytest-timeout - Enable parallel tests in Python 3 %check - Use macros for Python interpreter in tests [1.2.1-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild [1.2.1-4] - Fix FTBFS with Py3.8 (#1606315) [1.2.1-3] - Build only against openblasp (bugz#1709161) [1.2.1-2] - Do not create *-PYTEST.pyc files [1.2.1-1] - Update to 1.2.1 - Drop scipy2-doc [1.2.0-1] - Update to 1.2.0 [1.1.0-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild [1.1.0-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild [1.1.0-2] - Don't ignore the tests results but rather have a tolerance rate - Skip test_decomp on ppc64le as it currently segfaults [1.1.0-1] - Update to 1.1.0 (#1560265, #1594355) [1.0.0-8] - Rebuilt for Python 3.7 [1.0.0-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [1.0.0-6] - Link with -lm to build with new stricter Fedora flags https://bugzilla.redhat.com/show_bug.cgi?id=1541416 [1.0.0-5] - rebuilt for GCC 8.x (gfortran soname bump) [1.0.0-4] - Disable tests on s390x [1.0.0-3] - New subpackages with HTML documentation [1.0.0-2] - Use openblas where available https://fedoraproject.org/wiki/Changes/OpenBLAS_as_default_BLAS - Remove ppc64 hackery for OpenBLAS - Don't run tests in parallel as pytest crashes - Don't run test_denormals as it tends to stuck [1.0.0-1] - update to 1.0.0 and use pytest instead of nose - use timeout during parallel %check [0.19.1-5] - Use openblas where available (except ppc64), to use same as numpy (BZ 1472318) [0.19.1-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [0.19.1-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [0.19.1-2] - Rebuild due to bug in RPM (RHBZ #1468476) [0.19.1-1] - new version [0.19.0-1] - new version [0.18.0-3] - Rebuild for libgfortran.so.3 [0.18.0-2] - Rebuild for Python 3.6 [0.18.0-1] - 0.18.0 - %check: make non-fatal as temporary workaround for scipy build on arm [0.17.0-2] - https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages * Tue May 31 2016 Nils Philippsen <nils@redhat.com> - fix source URL [0.17.0-1] - Update to 0.17.0 - Drop ctypes patch applied upstream [0.16.1-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [0.16.1-6] - Add provides to satisfy scipy%{_isa} requires in other packages [0.16.1-5] - Revert 'Discard results of testsuite on %{arm} for now' [0.16.1-4] - Discard results of testsuite on %{arm} for now Segfaults on non-aligned memory test (expected for arm) [0.16.1-3] - Add patch to fix ctypes test - Move requires to correct python2 subpackage - Add FFLAGS also in %install [0.16.1-2] - Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5 [0.16.1-1] - Update to 0.16.1 [0.16.0-1] - Update to 0.16.0 - Use python_provide macro [0.15.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [0.15.1-1] - Update to 0.15.1 [0.14.1-1] - Update to 0.14.1 [0.14.0-5] - Rebuild for rpm bug 1131892 [0.14.0-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild [0.14.0-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [0.14-2] - Rebuild with Python 3.4 [0.14-1] - Update to 0.14 - Do not use system python-six (bug #1046817) [0.13.3-2] - use python2 macros everywhere (Requested by Han Boetes) [0.13.3-1] - Update to 0.13.3 [0.13.2-1] - Update to 0.13.2 [0.13.1-2] - rebuild (suitesparse) [0.13.1-1] - Update to 0.13.1 [0.13.0-2] - Update to 0.13.0 final [0.13.0-0.4.rc1] - Update to 0.13.0rc1 [0.13.0-0.3.b1] - rebuilt with atlas 3.10 [0.13.0-0.2.b1] - Unbundle python-six (bug #1005350) [0.13.0-0.1.b1] - Update to 0.13.0b1 - Drop patches applied upstream - Fixup changelog and summary [0.12.0-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild [0.12.0-4] - Fix rpmlint warnings - License update - Add patch to use build_dir argument in build_extension [0.12.0-3] - Remove old ufsparse references, use suitesparse - Spec cleanup [0.12.0-2] - Add patch to fix segfaul in test of sgeqrf [0.12.0-1] - Update to 0.12.0 final - No longer remove weave from python3 build [0.12.0-0.1.b1] - Update to 0.12.0b1 - Drop upstreamed linalg patch [0.11.0-4] - Add patch from upstream to fix python3.3 issues in linalg routines [0.11.0-3] - Disable python3 tests for now [0.11.0-2] - Add requires python3-numpy, python3-f2py for python3-scipy (bug 863755) [0.11.0-1] - Update to 0.11.0 final [0.11.0-0.1.rc2] - Update to 0.11.0rc2 [0.10.1-4] - Rebuild for python 3.3 [0.10.1-3] - remove rhel logic from with_python3 conditional [0.10.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [0.10.1-1] - Update to 0.10.1 [0.10.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [0.10.0-1] - Update to 0.10.0 [0.9.0-2] - little cosmetic changes - filter provides in python_sitearch * Fri Sep 02 2011 Andrew McNabb <amcnabb@mcnabbs.org> - add python3 subpackage [0.9.0-1] - Update to 0.9.0 - Drop all stsci sources and patches, dropped from upstream - Drop gcc and py27 patches fixed upstream - Add %check section to run tests [0.7.2-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [0.7.2-3] - Fix scipy build on python-2.7 [0.7.2-2] - Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild [0.7.2-1] - New upstream release [0.7.1-3] - Bump for rebuild against numpy 1.3 [0.7.1-2] - Bump for rebuild against numpy 1.4.0 [0.7.1-1] - Update to 0.7.1. [0.7.0-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [0.7.0-4] - Fix for gcc34 weave blitz bug #505379 [0.7.0-3] - Add f2py requires to prepared for numpy packaging split [0.7.0-2] - Patch for stsci image function syntax fix. [0.7.0-1] - Update to final 0.7 release [0.7.0-0.3.b1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild [0.7.0-0.2.b1] - Rebuild for atlas-3.8.2 [0.7.0-0.1.b1] - Update to latest beta which lists python 2.6 support [0.6.0-8] - Rebuild for Python 2.6 [0.6.0-7] - fix the stsci fix [0.6.0-6] - include missing setup files for stsci module [0.6.0-5] - Autorebuild for GCC 4.3 [0.6.0-4] - fix for egg-info file creation [0.6.0-3] - include_dirs changes for ufsparse change in development [0.6.0-2] - Fix licensing to match Fedora packaging guidance - Remove unnecessary library deps [0.6.0-1] - update to new upstream source - update Summary, License, Url, and description - added extra dependencies - remove symlink since Lib has been renamed scipy [0.5.2.1-1] - Update to new upstream source [0.5.2-3] - fix licensing tag and bump for buildid rebuild [0.5.2-2.2] - go back to using gfortran now that numpy is patched [0.5.2-2.1] - minor correction for f77 usage [0.5.2-2] - revert to f77 due to issue with numpy in development [0.5.2-1.1] - remove arch specific optimizations [0.5.2-1] - Update for new upstream release [0.5.1-5] - Bump for rebuild against python 2.5 in devel tree [0.5.1-4] - Minor adjustments to specfile for packaging guidelines. - Changed buildrequires fftw version 3 from fftw2 [0.5.1-2] - Updated spec for FE Packaging Guidelines and for upstream version 0.5.1 [0.4.8-4] - Add BuildRequires gcc-c++ - Add python-devel - Add libstdc++ [0.4.8-3] - Add BuildRequires gcc-gfortran [0.4.8-3] - Add BuildRequires numpy [0.4.8-2] - Fix BuildRoot - Add BuildRequires, Requires - Test remove d1mach patch - Fix defattr - Add changelog - Removed Prefix, Vendor - Fix Source0 Cython pybind11 pytest [6.0.2-2] - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz#1877430 [6.0.2-1] - Update to 6.0.2. [6.0.1-1] - Update to 6.0.1 (#1862097) [6.0.0~rc1-1] - Update to 6.0.0rc1 [5.4.3-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [5.4.3-1] - Update to 5.4.3. [5.4.2-1] - Update to 5.4.2 (#1707986) [4.6.10-3] - Rebuilt for Python 3.9 [4.6.10-2] - Bootstrap for Python 3.9 [4.6.10-1] - Update to 4.6.10. [4.6.9-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild [4.6.9-1] - Update to 4.6.9. [4.6.8-1] - Update to 4.6.8. [4.6.7-1] - Update to 4.6.7 [4.6.6-1] - Update to 4.6.6. [4.6.5-4] - Rebuilt for Python 3.8.0rc1 (#1748018) [4.6.5-3] - Rebuilt for Python 3.8 [4.6.5-2] - Bootstrap for Python 3.8 [4.6.5-1] - Update to 4.6.5. - Add missing BR on make. [4.6.4-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild [4.6.4-2] - Fix a bad conflict [4.6.4-1] - Update to 4.6.4, move python2-pytest to its own source package - Make /usr/bin/pytest and /usr/bin/py.test Python 3 [4.4.1-2] - Remove optional test dependencies for Python 2 entirely [4.4.1-1] - Update to 4.4.1 (see PR#9). - Remove test dependencies on python2-hypothesis and python2-twisted (see PR#10). [4.3.1-1] - Update to 4.3.1 [4.3.0-1] - Update to 4.3.0 and fix FTBFS (#1671167, #1687384) [3.9.3-3] - Enable python dependency generator [3.9.3-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild [3.9.3-1] - Update to 3.9.3. [3.9.2-1] - Update to 3.9.2. [3.9.1-1] - Update to 3.9.1. [3.8.2-3] - Add python2-pathlib2 runtime requirement (rhbz#1639718). [3.8.2-2] - versionize pluggy dependencies [3.8.2-1] - Update to 3.8.2. [3.6.4-1] - Update to 3.6.4. [3.6.3-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild [3.6.3-1] - Update to 3.6.3. [3.6.2-3] - Enable timeout [3.6.2-2] - Rebuilt for Python 3.7 (without timeout) [3.6.2-1] - Update to 3.6.2. [3.6.1-3] - Rebuilt for Python 3.7 [3.6.1-2] - Bootstrap for Python 3.7 [3.6.1-1] - Update to 3.6.1. [3.6.0-1] - Update to 3.6.0 (#1581692) - Require and BuildRequire atomicwrites [3.5.1-1] - Update to 3.5.1. - Build the documentation with Python3. - Update requirements. [3.4.2-2] - Add Requires for required modules [3.4.2-1] - Update to 3.4.2 [3.2.3-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [3.2.3-3] - Use better Obsoletes for platform-python [3.2.3-2] - Remove platform-python subpackage - Cleanup conditionals [3.2.3-1] - Update to 3.2.3. [3.2.2-1] - Update to 3.2.2. - Move BRs to their respective subpackages. - Enable the platform-python subpackage only on F27+. [3.2.1-3] - Rebuilt for rhbz#1484607 [3.2.1-2] - Add subpackage for platform-python (https://fedoraproject.org/wiki/Changes/Platform_Python_Stack) [3.2.1-1] - Update to 3.2.1. [3.2.0-1] - 3.2.0. [3.1.3-1] - Update to 3.1.3. - Update BRs. [3.1.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [3.1.1-1] - Update to 3.1.1. - Add BR on setuptools_scm. [3.0.7-1] - Update to 3.0.7. [3.0.6-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [3.0.6-1] - Update to 3.0.6. - Drop patch applied upstream. [3.0.5-2] - Rebuild for Python 3.6 [3.0.5-1] - Update to 3.0.5. [3.0.4-1] - Update to 3.0.4. [3.0.3-1] - Update to 3.0.3. - Update requirements. [2.9.2-2] - https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages [2.9.2-1] - Update to 2.9.2. * Tue May 31 2016 Nils Philippsen <nils@redhat.com> - fix source URL [2.9.1-1] - Update to 2.9.1. - Packaging updates. [2.8.7-2] - Use new python macros - Fix python3 package file ownership [2.8.7-1] - Update to 2.8.7. [2.8.6-1] - Update to 2.8.6. [2.8.5-1] - Update to 2.8.5 [2.8.2-3] - Re-enable pexpect in tests [2.8.2-2] - Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5 [2.8.2-1] - Update to 2.8.2. [2.7.3-2] - Rebuilt for Python3.5 rebuild [2.7.3-1] - Update to 2.7.3. - Provide additional symlinks to the pytest executables (rhbz#1249891). [2.7.2-2] - Provide python2-pytest, use python_provide macro [2.7.2-1] - Update to 2.7.2. - Small fixes. [2.7.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [2.7.1-1] - Update to 2.7.1. [2.7.0-1] - Update to 2.7.0. - Apply updated Python packaging guidelines. - Mark LICENSE with %license. [2.6.4-1] - Update to 2.6.4. [2.6.3-1] - Update to 2.6.3. [2.6.1-1] - Update to 2.6.1. [2.6.0-1] - Update to 2.6.0. [2.5.2-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [2.5.2-2] - Redbuild for python 3.4 [2.5.2-1] - Update to 2.5.2. [2.4.2-2] - Only run tests from the 'testing' subdir in %check. [2.4.2-1] - Update to 2.4.2. - Add buildroot's bindir to PATH while running the testsuite. [2.3.5-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild [2.3.5-3] - Disable tests using pexpect for now, fails on F19. [2.3.5-2] - Use python-sphinx for rhel > 6 (rhbz#973318). - Update BR to use python-pexpect instead of pexpect. [2.3.5-1] - Update to 2.3.5. - Docutils needed now to build README.html. - Add some BR optionally used by the testsuite. [2.3.4-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild [2.3.4-1] - Update to 2.3.4. [2.3.2-1] - Update to 2.3.2. [2.3.1-1] - Update to 2.3.1. - Re-enable some tests, ignore others. - Docs are available in English and Japanese now. [2.2.4-4] - Add conditional for sphinx on rhel. - Remove rhel logic from with_python3 conditional. - Disable failing tests for Python3. [2.2.4-3] - rebuild for https://fedoraproject.org/wiki/Features/Python_3.3 [2.2.4-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [2.2.4-1] - Update to 2.2.4. [2.2.3-1] - Update to 2.2.3. [2.2.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [2.2.1-1] - Update to 2.2.1. [2.2.0-1] - Update to 2.2.0. [2.1.3-1] - Update to 2.1.3. [2.1.2-1] - Update to 2.1.2. [2.1.1-2] - Fix: python3 dependencies. [2.1.1-1] - Update to 2.1.1. [2.1.0-2] - Update Requires and BuildRequires tags. [2.1.0-1] - Update to 2.1.0. [2.0.3-1] - Update to 2.0.3. [2.0.2-1] - Update to 2.0.2. [2.0.0-1] - New package. python3x-pyparsing [2.4.7-5] - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz#1877430 [2.4.7-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [2.4.7-3] - Rebuilt for Python 3.9 [2.4.7-2] - Bootstrap for Python 3.9 [2.4.7-1] - Update to 2.4.7 (#1821085) [2.4.6-3] - Fix the summary for the Python 3 subpackage [2.4.6-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild [2.4.6-1] - Update to 2.4.6 (#1786815) [2.4.5-1] - Update to 2.4.5 (#1768725) - Drop Python2 subpackage (#1770564) [2.4.2-1] - Update to latest version (#1742167) [2.4.0-6] - Reduce Python 2 build time dependencies [2.4.0-5] - Rebuilt for Python 3.8 [2.4.0-4] - Bootstrap for Python 3.8 [2.4.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild [2.4.0-1] - Update to 2.4.0 [2.3.1-1] - Update to 2.3.1 [2.3.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild [2.3.0-1] - Update to 2.3.0 [2.2.0-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild [2.2.0-2] - Rebuilt for Python 3.7 [2.2.0-1] - Update to 2.2.0 [2.1.10-7] - Update Python 2 dependency declarations to new packaging standards (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) [2.1.10-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [2.1.10-5] - Remove the empty pyparsing package, provide and obsolete it from python2-pyparsing [2.1.10-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [2.1.10-3] - Rebuild as wheel [2.1.10-2] ... MODERATE Copyright 2024 Oracle, Inc. CVE-2022-40897 CVE-2023-23931 CVE-2023-43804 CVE-2023-27043 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [1.26.12-2] - Security fix for CVE-2023-43804 Resolves: RHEL-11996 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-43804 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 8 babel [2.5.1-10] - Fix CVE-2021-20095 Resolves: rhbz#1955615 [2.5.1-9] - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz#1695587 [2.5.1-8] - Fix unversioned requires/buildrequires - Resolves: rhbz#1628242 [2.5.1-7] - Remove unversioned binaries - Resolves: rhbz#1613343 [2.5.1-6] - Make possible to disable python3 subpackage [2.5.1-5] - Remove dependency on an exotic testing package python-freezegun which we don't have capacity to ship in RHEL8 - Run tests in pytest (as declared in BuildRequires) instead of unittest [2.5.1-4] - Build the documentation always using the Python 3 version Sphinx [2.5.1-3] - Require the python36-devel package when building for the python36 module [2.5.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [2.5.1-1] - update to upstream version 2.5.1 [2.3.4-7] - Update Python 2 dependency declarations to new packaging standards (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) [2.3.4-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [2.3.4-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [2.3.4-4] - Finish bootstrapping for Python 3.6 [2.3.4-3] - Rebuild for Python 3.6 - Add 'bootstrap' conditions [2.3.4-2] - https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages * Tue May 31 2016 Nils Philippsen <nils@redhat.com> - fix source URL [2.3.4-1] - version 2.3.4 - always build Python3 subpackages - remove obsolete packaging constructs - update to current Python packaging guidelines - build docs non-destructively - tag license file as %license - use %python_provide macro only if present - update remove-pytz-version patch - fix build dependencies - set TZ in %check [1.3-12] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [1.3-11] - Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5 [1.3-10] - Also make sure that the babel package that has pybabel depends on the correct packages (python2 packages on F23 or less and python3 packages on F24 and greater.) [1.3-9] - Install the python3 version of pybabel on Fedora 24+ to match with Fedora's default python version [1.3-8] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [1.3-7] - Remove pytz version requirement in egginfo as it confuses newer setuptools [1.3-6] - Change python-setuptools-devel BR into python-setuptools [1.3-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [1.3-4] - Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 [1.3-3] - fix dependencies (#1083470) [1.3-2] - enable python3 subpackage [1.3-1] - update to Babel 1.3 - disabled %check as it tries to download the CLDR [0.9.6-9] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild [0.9.6-8] - split documentation off to a separate subpackage [0.9.6-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild [0.9.6-6] - run tests in %check - add pytz build requirement for tests [0.9.6-5] - rebuild for https://fedoraproject.org/wiki/Features/Python_3.3 [0.9.6-4] - disable building of non-functional python3 subpackage (#761583) [0.9.6-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [0.9.6-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [0.9.6-1] - version 0.9.6: * Backport r493-494: documentation typo fixes. * Make the CLDR import script work with Python 2.7. * Fix various typos. * Fixed Python 2.3 compatibility (ticket #146, #233). * Sort output of list-locales. * Make the POT-Creation-Date of the catalog being updated equal to POT-Creation-Date of the template used to update (ticket #148). * Use a more explicit error message if no option or argument (command) is passed to pybabel (ticket #81). * Keep the PO-Revision-Date if it is not the default value (ticket #148). * Make --no-wrap work by reworking --width's default and mimic xgettext's behaviour of always wrapping comments (ticket #145). * Fixed negative offset handling of Catalog._set_mime_headers (ticket #165). * Add --project and --version options for commandline (ticket #173). * Add a __ne__() method to the Local class. * Explicitly sort instead of using sorted() and don't assume ordering (Python 2.3 and Jython compatibility). * Removed ValueError raising for string formatting message checkers if the string does not contain any string formattings (ticket #150). * Fix Serbian plural forms (ticket #213). * Small speed improvement in format_date() (ticket #216). * Fix number formatting for locales where CLDR specifies alt or draft items (ticket #217) * Fix bad check in format_time (ticket #257, reported with patch and tests by jomae) * Fix so frontend.CommandLineInterface.run does not accumulate logging handlers (#227, reported with initial patch by dfraser) * Fix exception if environment contains an invalid locale setting (#200) - install python2 rather than python3 executable (#710880) [0.9.5-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [0.9.5-3] - Add python3 subpackage [0.9.5-2] - Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild [0.9.5-1] - This release contains a small number of bugfixes over the 0.9.4 - release. - - What's New: - ----------- - * Fixed the case where messages containing square brackets would break - with an unpack error - * Fuzzy matching regarding plurals should *NOT* be checked against - len(message.id) because this is always 2, instead, it's should be - checked against catalog.num_plurals (ticket #212). [0.9.4-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [0.9.4-4] - Added missing requires to python-setuptools for pkg_resources [0.9.4-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild [0.9.4-2] - Rebuild for Python 2.6 [0.9.4-1] - Update to 0.9.4 [0.9.3-1] - Update to 0.9.3 [0.9.1-1] - Update to 0.9.1 [0.9-2] - BR python-setuptools-devel [0.9-1] - Update to 0.9 [0.8.1-1] - Update to 0.8.1 - Remove upstreamed patch. [0.8-3] - Replace patch with one that actually applies. [0.8-2] - Apply upstream patch to rename command line script to 'pybabel' - BZ#246208 [0.8-1] - First version for Fedora Cython [0.28.1-7] - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz#1695587 [0.28.1-6] - Replace GCC's attribute optimize('Os') by the better supported and similar (cold). - Resolves: rhbz#1658621 [0.28.1-5] - Remove unversioned provides - Resolves: rhbz#1628242 [0.28.1-4] - Remove unversioned binaries from python2 subpackage - Resolves: rhbz#1613343 [0.28.1-3] - First version for python27 module numpy [1:1.14.2-16] - Fix include path - Related: rhbz#1907601 [1:1.14.2-15] - Fix %check - Related: rhbz#1907601 [1:1.14.2-14] - Use macros rather than hardcoded paths - Resolves: rhbz#1907601 [1:1.14.2-13] - Fix CVE-2019-6446 - Resolves: rhbz#1668829 [1.14.2-12] - Set proper build flags for https://fedoraproject.org/wiki/Changes/Python_Extension_Flags - Resolves: rhbz#1715036 [1.14.2-11] - Fix broken float128 on all arches except x86_64 - Resolves: rhbz#1688709 [1.14.2-10] - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz#1695587 [1:1.14.2-9] - Remove unversioned provides - Resolves: rhbz#1628242 [1:1.14.2-8] - Fix unversioned requires/buildrequires - Resolves: rhbz#1628242 [1:1.14.2-7] - Bring symlink f2py2 back for symlink modules - Resolves: rhbz#1615727 [1:1.14.2-6] - Remove unversioned binaries from python2 subpackage - Resolves: rhbz#1613343 [1:1.14.2-5] - Switch python3 coditions to bcond [1:1.14.2-4] - Use python2 macros instead of unversioned python macros [1:1.14.2-3] - Change the shebang of f2py to the versioned /usr/bin/python2 [1:1.14.2-2] - Fix incorrect Python version guess when building on Platform-Python [1:1.14.2-1] - 1.14.2 [1:1.14.1-1] - 1.14.1 [1:1.14.0-0.rc1.1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [1:1.14.0-0.rc1] - 1.14.0 rc1 [1:1.13.3-5] - Fix ambiguous Python 2 dependency declarations (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) [1:1.13.3-4] - Split out doc subpackage. [1:1.13.3-3] - Cleanup spec file conditionals [1:1.13.3-2] - set proper environment variables for openblas [1:1.13.3-1] - 1.13.3 [1:1.13.2-1] - 1.13.2 [1:1.13.1-4] - Use openblas where available, BZ 1472318. [1:1.13.1-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [1:1.13.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [1:1.13.1-1] - 1.13.1 final [1:1.13.0-1] - 1.13.0 final [1:1.13.0-0.rc2] - 1.13.0 rc2 [1:1.13.0-0.rc1] - 1.13.0 rc1 [1:1.12.1-1] - 1.12.1 [1:1.12.0-1] - Update to 1.12.0, build with gcc 7.0. [1:1.11.2-2] - Rebuild for Python 3.6 [1:1.11.2-1] - Update to 1.11.2 final [1:1.11.2-0.rc1] - Update to 1.11.2rc1, BZ 1340440. [1:1.11.1-2] - https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages [1:1.11.1-1] - Update to 1.11.1 final [1:1.11.1-0.rc1] - Update to 1.11.1rc1, BZ 1340440. [1:1.11.0-4] - Update to 1.11.0 final [1:1.11.0-3.rc2] - Update to 1.11.0rc2 [1:1.11.0-2.b3] - Bump Release. 1b2 is higher than 0b3 [1:1.11.0-0.b3] - Update to 1.11.0b2, BZ 1306249. [1:1.11.0-1b2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [1:1.11.0-0.b2] - Update to 1.11.0b2, BZ 1303387. [1:1.11.0-020161016.cc2b04git] - Update to git snapshot (due to build issue) after 1.11.0b1, BZ 1301943. [1:1.10.4-1] - Update to 1.10.4, BZ 1296509. [1:1.10.2-1] - Update to 1.10.2, BZ 1291674. [1:1.10.2-0.2.rc2] - Update to 1.10.2rc1, BZ 1289550. [1:1.10.2-0.1.rc1] - Update to 1.10.2rc1 - Drop opt-flags patch applied upstream [1:1.10.1-6] - Add provides to satisfy numpy%{_isa} requires in other packages [1:1.10.1-5] - Re-add provides f2py [1:1.10.1-4] - Fix obsoletes / provides for numpy -> python2-numpy rename [1:1.10.1-3] - Remove fortran flags or arm would build with -march=x86-64 [1:1.10.1-2] - Provide python2-* packages - Run tests with verbose=2 [1:1.10.1-1] - Update to 1.10.1, BZ 1271022. [1:1.10.0-2] - Rebuilt for Python3.5 rebuild [1:1.10.0-1] - Update to 1.10.0 final. [1:1.10.0-0.b1] - Update to 1.10.0b1, BZ 1252641. [1:1.9.2-3] - Add python2-numpy provides (bug #1249423) - Spec cleanup [1:1.9.2-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [1:1.9.2-1] - Update to 1.9.2 [1:1.9.1-2] - Add upstream patch to fix xerbla linkage (bug #1172834) [1:1.9.1-1] - Update to 1.9.1, BZ 1160273. [1:1.9.0-1] - Update to 1.9.0 [1:1.9.0-0.1.rc1] - Update to 1.9.0rc1 [1:1.8.2-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild [1:1.8.2-1] - Update to 1.8.2 [1:1.8.1-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [1:1.8.1-3] - Rebuild for Python 3.4 [1:1.8.1-2] - Fixing FTBFS on ppc64le (#1078354) [1:1.8.1-1] - Update to 1.8.1 [1:1.8.0-5] - Fix __pycache__ ownership (bug #1072467) [1:1.8.0-4] - Fix CVE-2014-1858, CVE-2014-1859: #1062009, #1062359 [1:1.8.0-3] - Ship doc module (bug #1034357) [1:1.8.0-2] - Move f2py documentation to f2py package (bug #1027394) [1:1.8.0-1] - Update to 1.8.0 final [1:1.8.0-0.7.rc2] - Update to 1.8.0rc2 - Create clean site.cfg - Use serial atlas [1:1.8.0-0.6.b2] - Add [atlas] to site.cfg for new atlas library names [1:1.8.0-0.5.b2] - Update site.cfg for new atlas library names [1:1.8.0-0.4.b2] - rebuild for atlas 3.10 [1:1.8.0-0.3.b2] - Fix libdir path in site.cfg, BZ 1006242. [1:1.8.0-0.2.b2] - Update to 1.8.0b2 [1:1.8.0-0.1.b1] - Update to 1.8.0b1 - Drop f2py patch applied upstream [1:1.7.1-5] - URL Fix, BZ 1001337 [1:1.7.1-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild [1:1.7.1-3] - Fix rpmlint warnings - Update License - Apply patch: change shebang of f2py to use binary directly [1:1.7.1-2] - Specfile cleanup (bug #969854) [1:1.7.1-1] - Update to 1.7.1 [1:1.7.0-1] - Update to 1.7.0 final [1:1.7.0-0.5.rc1] - Update to 1.7.0rc1 [1:1.7.0-0.4.b2] - Update to 1.7.0b2 - Drop patches applied upstream [1:1.7.0-0.3.b1] - Add patch from github pull 371 to fix python 3.3 pickle issue - Remove cython .c source regeneration - fails now [1:1.7.0-0.2.b1] - add workaround for rhbz#849713 (fixes FTBFS) [1:1.7.0-0.1.b1] - Update to 1.7.0b1 - Rebase python 3.3 patchs to current git master - Drop patches applied upstream [1:1.6.2-5] - rework patches for 3.3 to more directly reflect upstream's commits - re-enable test suite on python 3 - forcibly regenerate Cython .c source to avoid import issues on Python 3.3 [1:1.6.2-4] - rebuild for https://fedoraproject.org/wiki/Features/Python_3.3 - needs unicode patch [1:1.6.2-3] - remove rhel logic from with_python3 conditional [1:1.6.2-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [1:1.6.2-1] - Update to 1.6.2 final [1:1.6.2rc1-0.1] - Update to 1.6.2rc1 [1:1.6.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [1:1.6.1-1] - Update to 1.6.1 [1:1.6.0-2] - Bump and rebuild for BZ 712251. [1:1.6.0-1] - Update to 1.6.0 final [1:1.6.0-0.2.b2] - Update to 1.6.0b2 - Drop import patch fixed upstream [1:1.6.0-0.1.b1] - Update to 1.6.0b1 - Build python3 module with python3 - Add patch from upstream to fix build time import error [1:1.5.1-1] - Update to 1.5.1 final [1:1.5.1-0.4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [1:1.5.1-0.3] - fix the AttributeError during tests - fix build on s390(x) [1:1.5.1-0.2] - rebuild for newer python3 [1:1.5.1-0.1] - update to 1.5.1rc1 - add python3 subpackage - some spec-cleanups [1:1.4.1-6] - actually add the patch this time [1:1.4.1-5] - fix segfault within %check on 2.7 (patch 2) [1:1.4.1-4] - Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild [1.4.1-3] - ignore the 'Ticket #1299 second test' failure on s390(x) [1.4.1-2] - source commit fix [1.4.1-1] - New upstream release. Include backported doublefree patch [1.3.0-8] - Moved distutils back to the main package, BZ 572820. [1.3.0-7] - Reverted to 1.3.0 after upstream pulled 1.4.0, BZ 579065. [1.4.0-5] - Linking /usr/include/numpy to .h files, BZ 185079. [1.4.0-4] - Re-enabling atlas BR, dropping lapack Requires. [1.4.0-3] - Since the previous didn't work, Requiring lapack. [1.4.0-2] - Temporarily dropping atlas BR to work around 562577. [1.4.0-1] - 1.4.0. - Dropped ARM patch, ARM support added upstream. [1.3.0-6.fa1] - Add ARM support [1.3.0-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [1.3.0-5] - Fixed atlas BR, BZ 505376. [1.3.0-4] - EVR bump for pygame chainbuild. [1.3.0-3] - Moved linalg, fft back to main package. [1.3.0-2] - Split out f2py into subpackage, thanks Peter Robinson pbrobinson@gmail.com. [1.3.0-1] - Update to latest upstream. - Fixed Source0 URL. [1.3.0-0.rc1] - Update to latest upstream. [1.2.1-3] - Require python-devel, BZ 488464. [1.2.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild [1.2.1-1] - Update to 1.2.1. [1.2.0-2] - Rebuild for Python 2.6 [1.2.0-1] - New upstream release, added python-nose BR. BZ 465999. - Using atlas blas, not blas-devel. BZ 461472. [1.1.1-1] - New upstream release [1.1.0-1] - New upstream release [1.0.4-1] - New upstream release [1.0.3.1-2] - Add python egg to %files on f9+ [1.0.3.1-1] - New upstream release [1.0.3-1] - New upstream release [1.0.2-2] - Drop BR: atlas-devel, since it just provides binary-compat blas and lapack libs. Atlas can still be optionally used at runtime. (Note: this is all per the atlas maintainer). [1.0.2-1] - New upstream release [1.0.1-4] - Update gfortran patch to recognize latest gfortran f95 support - Resolves rhbz#236444 [1.0.1-3] - Fix up cpuinfo bug (#229753). Upstream bug/change: http://projects.scipy.org/scipy/scipy/ticket/349 [1.0.1-2] - Per discussion w/Jose Matos, Obsolete/Provide f2py, as the stand-alone one is no longer supported/maintained upstream [1.0.1-1] - New upstream release [1.0-2] - Rebuild for python 2.5 [1.0-1] - New upstream release [0.9.8-1] - New upstream release [0.9.6-1] - Upstream update [0.9.5-1] - Upstream update [0.9.4-2] - Rebuild for Fedora Extras 5 [0.9.4-1] - Initial RPM release - Added gfortran patch from Neal Becker pytest python2-pip python2 [2.7.18-17.0.1] - Add Oracle Linux distribution in platform.py [Orabug: 20812544] [2.7.18-17] - Security fix for CVE-2022-48560 Resolves: RHEL-16702 [2.7.18-16] - Fix for CVE-2022-48565 Resolves: RHEL-7088 python2-rpm-macros python2-setuptools [39.0.1-14] - Fix for CVE-2022-40897 Resolves: RHEL-9763 python2-six python-attrs python-backports python-backports-ssl_match_hostname python-chardet [3.0.4-10] - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz#1695587 [3.0.4-9] - Remove unversioned binaries from python2 subpackage - Resolves: rhbz#1613343 [3.0.4-8] - Switch python3 conditions to bcond [3.0.4-7] - First version for python27 module python-coverage [4.5.1-5] - Fix the license identifier - Resolves: rhbz#2213306 [4.5.1-4] - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz#1695587 [4.5.1-3] - Remove unversioned binaries from python2 subpackage - Resolves: rhbz#1613343 [4.5.1-2] - Make possible to disable python3 subpackage [4.5.1-1] - update to 4.5.1 [4.5-1] - update to 4.5 [4.4.2-1] - update to 4.4.2 [4.4.1-6] - Use better Obsoletes for platform-python [4.4.1-5] - Remove platform-python subpackage - Cleanup spec [4.4.1-4] - Add platform-python subpackage [4.4.1-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [4.4.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [4.4.1-1] - update to 4.4.1 [4.4-1] - update to 4.4 [4.3.3-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [4.3.3-1] - update to 4.3.3 [4.3.1-1] - update to 4.3.1 [4.2-2] - Rebuild for Python 3.6 [4.2-1] - 4.2 final [4.2-0.2.b1] - https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages [4.2-0.1.b1] - update to 4.2b1 [4.1-1] - update to 4.1 [4.1-0.5.b3] - update to 4.1b3 [4.1-0.4.b2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [4.1-0.3.b2] - update to 4.1b2 [4.1-0.2.b1] - Fix and install license - Cleanup and modernize spec - Note bundled jquery libraries [4.1-0.1.b1] - update to 4.1b1 [4.0.3-1] - update to 4.0.3 [4.0.2-2] - Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5 [4.0.2-1] - update to 4.0.2 [4.0.1-1] - update to 4.0.1 [4.0-1] - update to 4.0 final [4.0-0.13.b3] - Rebuilt for Python3.5 rebuild [4.0-0.12.b3] - update to 4.0b3 [4.0-0.11.b2] - update to 4.0b2 [4.0-0.10.b1] - update to 4.0b1 [4.0-0.9.a6] - add missing Provides: python2-coverage [4.0-0.8.a6] - update to 4.0a6 [4.0-0.7.a5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [4.0-0.6.a5] - No longer run 2to3 on the python3 sources. [4.0-0.5.a5] - unicode fixup [4.0-0.4.a5] - update to 4.0a5 [4.0-0.3.a3] - update to 4.0a3 [4.0-0.2.a2] - update to 4.0a2 [4.0-0.1.a] - Update to 4.0a1 [3.7.1-1] - Update to 3.7.1 (#1043090) [3.7-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild [3.7-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [3.7-2] - Rebuild for Python 3.4 [3.7-1] - update to 3.7 - fix macros for current guidelines - rename binary (with compat symlinks) [3.6-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild [3.6-1] - update to 3.6 final [3.6-0.3.b3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild [3.6-0.3.b3] - update to 3.6beta3 [3.6-0.1.b1] - update to 3.6beta1 - patch0 merged into upstream [3.5.3-2] - Patch from upstream for traceback when people use this with python2 and python3 in the same directory [3.5.3-1] - update to 3.5.3 [3.5.2-0.4.b1] - rebuild for https://fedoraproject.org/wiki/Features/Python_3.3 [3.5.2-0.3.b1] - remove rhel logic from with_python3 conditional [3.5.2-0.2.b1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [3.5.2-0.1.b1] - update to 3.5.2b1 [3.5.1-0.2.b1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [3.5.1-0.1.b1] - update to 3.5.1b1 [3.5-0.1.b1] - update to 3.5b1 [3.4-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [3.4-2] - rebuild for newer python3 [3.4-1] - Update to 3.4 (#631751) [3.3.1-4] - Rebuild against Python 3.2 [3.3.1-3] - Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild [3.3.1-2] - Fix license tag, permissions, and filtering extraneous provides [3.3.1-1] - Update to 3.3.1 [3.2-3] - add python 3 subpackage (#536948) [3.2-2] - Require python-setuptools (#556290) [3.2-1] - update to 3.2 [3.1-1] - Update to 3.1 [3.0.1-1] - update to 3.0.1 [2.85-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [2.85-2] - fix install invocation [2.85-1] - Initial package for Fedora python-dns python-docs [2.7.16-2] - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz#1695587 [2.7.16-1] - Update to 2.7.16 Resolves: rhbz#1680967 [2.7.15-3] - Modify for prebuilding and deploying on RHEL8 - Rename the info page to python2 - Resolves: rhbz#1656048 [2.7.15-2] - Modify for building on RHEL8 - Disable the tests, because the linkchecker package isn't available in RHEL8 - Resolves: rhbz#1656048 [2.7.15-1] - Update to 2.7.15 [2.7.14-5] - Only recommend the python2 package [2.7.14-4] - Remove Obsoletes tag from when python was renamed to python2 (Fedora 25 was last) [2.7.14-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [2.7.14-2] - Fix ambiguous Python 2 dependencies declarations (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) [2.7.14-1] - Update to 2.7.14 [2.7.13-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [2.7.13-3] - Change fixed Obsoletes version with a dynamic one (rhbz#1457336) [2.7.13-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [2.7.13-1] - Update to 2.7.13 - Rename package to python2-docs [2.7.12-2] - Remove unversioned Obsoletes. [2.7.12-1] - Update to 2.7.12. [2.7.11-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [2.7.11-1] - Update to 2.7.11 [2.7.10-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [2.7.10-1] - Update to 2.7.10 [2.7.9-1] - Update to 2.7.9 [2.7.8-1] - Update to 2.7.8 [2.7.7-1] - Update to 2.7.7 [2.7.6-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [2.7.6-1] - Updated to v2.7.6 [2.7.5-6] - Used _pkgdocdir instead of _docdir [2.7.5-5] - Small tweaks of Suvayu's patch [2.7.5-4] - Enable Texinfo builder, add subpackage with python info pages [2.7.5-3] - Spec cleanup [2.7.5-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild [2.7.5-1] - Version 2.7.5. [2.7.4-1] - Version 2.7.4. [2.7.3-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild [2.7.3-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [2.7.3-2] - make link checking optional, to avoid needing to pull in linkchecker and its dependencies (rbhz#823930) [2.7.3-1] - 2.7.3 [2.7.2-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [2.7.2-2] - fix broken link to 'Global Module Index', and add a %check, verifying the absence of broken links (rhbz#670493) [2.7.2-1] - 2.7.2 [2.7.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [2.7.1-1] - 2.7.1 [2.7-1] - Update to 2.7 [2.6.5-1] - move to 2.6.5: http://www.python.org/download/releases/2.6.5/ [2.6.4-3] - fix %description (bug #559710) [2.6.4-2] - update sources for 2.6.4 [2.6.4-1] - move to 2.6.4 - drop build requirement on python-jinja; python-sphinx requires python-jinja2 (bug 532135) [2.6.2-1] - Move to 2.6.2 like python itself. [2.6-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [2.6-4] - Fix import error (#511647) [2.6-3] - Spec file cleanup (#226341) [2.6-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild [2.6-1] - Update to 2.6 [2.5.2-1] - Move to 2.5.2 like python itself. [2.5.1-3] - fix license tag [2.5.1-2] - mkdir a build root to keep recent rpm/mock happy. [2.5.1-1] - update to 2.5.1 [2.5-1] - update to 2.5 [2.4.4-1] - update to 2.4.4 [2.4.3-1.1] - rebuild [2.4.3-1] - updated to 2.4.3 * Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com> - rebuilt [2.4.2-1] - updated to 2.4.2 [2.4.1-1] - updated to 2.4.1 [2.4-102] - changed package to noarch [2.4-100] - split the doc building step into a separate source rpm python-docutils python-funcsigs python-idna [2.5-7] - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz#1695587 [2.5-6] - Switch python3 coditions to bcond [2.5-5] - First version for python27 module python-ipaddress python-jinja2 [2.10-10] - Security fix for CVE-2024-22195 Resolves: RHEL-21348 [2.10-9] - Fix CVE-2020-28493: ReDOS vulnerability due to the sub-pattern Resolves: rhbz#1928707 [2.10-8] - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz#1695587 [2.10-7] - Fix conditions [2.10-6] - Specfile cleanup and fixes [2.10-5] - Disable Python 2 build by default [2.10-4] - Allow build with Python 2 [2.10-3] - Remove docs from Python 2 package - Remove dependency on python2-babel and python2-sphinx [2.10-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [2.10-1] - Update to 2.10. - Use %bcond. - Move BRs to their respective subpackages. [2.9.6-4] - Really cleanup spec file conditionals [2.9.6-3] - Cleanup spec file conditionals [2.9.6-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [2.9.6-1] - Update to 2.9.6. [2.9.5-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [2.9.5-1] - Update to 2.9.5. [2.9.4-1] - Update to 2.9.4. [2.8.1-1] - Update to 2.8.1. [2.8-8] - Rebuild for Python 3.6 [2.8-7] - Ship python2-jinja2 (bug #1378519) - Modernize spec [2.8-6] - https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages [2.8-5] - Do not call py.test, there are currently no tests in the tarball. [2.8-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [2.8-3] - Rebuilt for Python3.5 rebuild [2.8-2] - Apply updates Python packaging guidelines. - Mark LICENSE with %license. [2.8-1] - Upstream 2.8 [2.7.3-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [2.7.3-2] - Add Requires python(3)-setuptools (bug #1168774) [2.7.3-1] - Update to 2.7.3. - Reenable docs. [2.7.2-2] - Bootstrap (without docs) build for Python 3.4 [2.7.2-1] - Update to 2.7.2. - Update python3 conditional. [2.7.1-1] - Update to 2.7.1. [2.7-1] - Update to 2.7 - spec cleanup [2.6-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild [2.6-5] - rebuild for https://fedoraproject.org/wiki/Features/Python_3.3 [2.6-4] - remove rhel logic from with_python3 conditional [2.6-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [2.6-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [2.6-1] - Update to 2.6. [2.5.5-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [2.5.5-3] - Re-enable html doc generation. - Remove conditional for F-12 and below. - Do not silently fail the testsuite for with py3k. [2.5.5-2] - Move python3 runtime requirements to python3 subpackage [2.5.5-1] - Update to 2.5.5. [2.5.2-4] - Revert to previous behavior: fail the build on failed test. - Rebuild for Python 3.2. [2.5.2-3] - %ifnarch doesn't work on noarch package so don't fail the build on failed tests [2.5.2-2] - disable the testsuite on s390(x) [2.5.2-1] - Update to upstream version 2.5.2. - Package depends on python-markupsafe and is noarch now. [2.5-4] - add explicit build-requirement on python-setuptools - fix doc disablement for python3 subpackage [2.5-3] - support disabling documentation in the build to break a circular build-time dependency with python-sphinx; disable docs for now [2.5-2] - Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild [2.5-1] - Update to upstream version 2.5. - Create python3 subpackage. - Minor specfile fixes. - Add examples directory. - Thanks to Gareth Armstrong for additional hints. [2.4.1-1] - Update to 2.4.1. [2.4-1] - Update to 2.4. [2.3.1-1] - Update to 2.3.1. - Docs are built using Sphinx now. - Run the testsuite. [2.2.1-1] - Update to 2.2.1, mainly a bugfix release. - Remove patch no longer needed. - Remove conditional for FC-8. - Compilation of speedup module has to be explicitly requested now. [2.1.1-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [2.1.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild [2.1.1-1] - Update to 2.1.1 (bugfix release). [2.1-1] - Update to 2.1, which fixes a number of bugs. See http://jinja.pocoo.org/2/documentation/changelog#version-2-1. [2.0-3] - Rebuild for Python 2.6 [2.0-2] - Use rpm buildroot macro instead of RPM_BUILD_ROOT. [2.0-1] - Upstream released 2.0. [2.0-0.1.rc1] - Modified specfile from the existing python-jinja package. python-lxml [4.2.3-6] - Security fix for CVE-2021-43818 Resolves: rhbz#2032569 [4.2.3-5] - Security fix for CVE-2021-28957 Resolves: rhbz#1941534 [4.2.3-4] - Security fix for CVE-2020-27783: mXSS due to the use of improper parser Resolves: rhbz#1901633 [4.2.3-3] - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz#1695587 [4.2.3-2] - Conditionalize the python3 subpackage - Resolves: rhbz#1638698 [4.2.3-1] - New upstream release 4.2.3 [4.1.1-3] - Conditionalize the python2 subpackage [4.1.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [4.1.1-1] - Update to 4.1.1 [4.0.0-2] - Conditionally allow building without Cython [4.0.0-1] - Update to 4.0.0 [3.8.0-1] - Update to 3.8.0. Fixes bug #1458529 [3.7.2-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [3.7.2-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [3.7.2-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [3.7.2-1] - Update to 3.7.2 [3.7.1-1] - Update to 3.7.1 [3.7.0-2] - Rebuild for Python 3.6 [3.7.0-1] - Update to 3.7.0 [3.6.4-1] - Update to 3.6.4 [3.4.4-5] - https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages [3.4.4-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [3.4.4-3] - fix conditional [3.4.4-2] - Rebuilt for Python3.5 rebuild [3.4.4-1] - Update to 3.4.4 - Use %license, cleanup spec [3.3.6-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [3.3.6-1] - 3.3.6 (2014-08-28) - ================== - - Bugs fixed - ---------- - - * Prevent tree cycle creation when adding Elements as siblings. - - * LP#1361948: crash when deallocating Element siblings without parent. - - * LP#1354652: crash when traversing internally loaded documents in XSLT - extension functions. * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild [3.3.5-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [3.3.5-2] - Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 [3.3.5-1] - 3.3.5 (2014-04-18) - ================== - - Bugs fixed - ---------- - - * HTML cleaning could fail to strip javascript links that mix control - characters into the link scheme. [3.3.4-1] - 3.3.4 (2014-04-03) - ================== - - Features added - -------------- - - * Source line numbers above 65535 are available on Elements when - using libxml2 2.9 or later. - - Bugs fixed - ---------- - - * lxml.html.fragment_fromstring() failed for bytes input in Py3. [3.3.3-4] - Fix macro definition [3.3.3-3] - Add python3-cssselect to correct package [3.3.3-3] - python3-cssselect is not available on F19 [3.3.3-2] - BZ#1075070 add requires and buildrequires for cssselect [3.3.3-1] - 3.3.3 (2014-03-04) - ================== - - Bugs fixed - ---------- - - * LP#1287118: Crash when using Element subtypes with __slots__. - - Other changes - ------------- - - * The internal classes _LogEntry and _Attrib can no longer be - subclassed from Python code. [3.3.2-2] - Add check section #1075070 [3.3.2-1] - 3.3.2 (2014-02-26) - ================== - - Bugs fixed - ---------- - - * The properties resolvers and version, as well as the methods - set_element_class_lookup() and makeelement(), were lost from - iterparse objects. - - * LP#1222132: instances of XMLSchema, Schematron and RelaxNG - did not clear their local error_log before running a validation. - - * LP#1238500: lxml.doctestcompare mixed up 'expected' and 'actual' in - attribute values. - - * Some file I/O tests were failing in MS-Windows due to incorrect temp - file usage. Initial patch by Gabi Davar. - - * LP#910014: duplicate IDs in a document were not reported by DTD - validation. - - * LP#1185332: tostring(method='html') did not use HTML serialisation - semantics for trailing tail text. Initial patch by Sylvain Viollon. - - * LP#1281139: .attrib value of Comments lost its mutation methods - in 3.3.0. Even though it is empty and immutable, it should still - provide the same interface as that returned for Elements. [3.3.2-1] - 3.3.1 (2014-02-12) - ================== - - Bugs fixed - ---------- - - * LP#1014290: HTML documents parsed with parser.feed() failed to find - elements during tag iteration. - - * LP#1273709: Building in PyPy failed due to missing support for - PyUnicode_Compare() and PyByteArray_*() in PyPy's C-API. - - * LP#1274413: Compilation in MSVC failed due to missing 'stdint.h' standard - header file. - - * LP#1274118: iterparse() failed to parse BOM prefixed files. [3.3.0-2] - Update Cython requirement to >= 0.20 [3.3.0-1] - 3.3.0 (2014-01-26) - ================== - - Features added - -------------- - - Bugs fixed - ---------- - - * The heuristic that distinguishes file paths from URLs was tightened - to produce less false negatives. - - Other changes - ------------- - - - 3.3.0beta5 (2014-01-18) - ======================= - - Features added - -------------- - - * The PEP 393 unicode parsing support gained a fallback for wchar strings - which might still be somewhat common on Windows systems. - - Bugs fixed - ---------- - - * Several error handling problems were fixed throughout the code base that - could previously lead to exceptions being silently swallowed or not - properly reported. - - * The C-API function appendChild() is now deprecated as it does not - propagate exceptions (its return type is void). The new function - appendChildToElement() was added as a safe replacement. - - * Passing a string into fromstringlist() raises an exception instead of - parsing the string character by character. - - Other changes - ------------- - - * Document cleanup code was simplified using the new GC features in - Cython 0.20. - - - 3.3.0beta4 (2014-01-12) - ======================= - - Features added - -------------- - - Bugs fixed - ---------- - - * The (empty) value returned by the attrib property of Entity and - Comment objects was mutable. - - * Element class lookup wasn't available for the new pull parsers or when - using a custom parser target. - - * Setting Element attributes on instantiation with both the attrib - argument and keyword arguments could modify the mapping passed as - attrib. - - * LP#1266171: DTDs instantiated from internal/external subsets (i.e. - through the docinfo property) lost their attribute declarations. - - Other changes - ------------- - - * Built with Cython 0.20pre (gitrev 012ae82eb) to prepare support for - Python 3.4. - - - 3.3.0beta3 (2014-01-02) - ======================= - - Features added - -------------- - - * Unicode string parsing was optimised for Python 3.3 (PEP 393). - - Bugs fixed - ---------- - - * HTML parsing of Unicode strings could misdecode the input on some - platforms. - - * Crash in xmlfile() when closing open elements out of order in an error - case. - - Other changes - ------------- - - - 3.3.0beta2 (2013-12-20) - ======================= - - Features added - -------------- - - * iterparse() supports the recover option. - - Bugs fixed - ---------- - - * Crash in iterparse() for HTML parsing. - - * Crash in target parsing with attributes. - - Other changes - ------------- - - * The safety check in the read-only tree implementation (e.g. used by - PythonElementClassLookup) raises a more appropriate - ReferenceError for illegal access after tree disposal instead of - an AssertionError. This should only impact test code that - specifically checks the original behaviour. - - - 3.3.0beta1 (2013-12-12) - ======================= - - Features added - -------------- - - * New option handle_failures in make_links_absolute() and - resolve_base_href() (lxml.html) that enables ignoring or - discarding links that fail to parse as URLs. - - * New parser classes XMLPullParser and HTMLPullParser for - incremental parsing, as implemented for ElementTree in Python 3.4. - - * iterparse() enables recovery mode by default for HTML parsing - (html=True). - - Bugs fixed - ---------- - - * LP#1255132: crash when trying to run validation over non-Element (e.g. - comment or PI). - - * Error messages in the log and in exception messages that originated - from libxml2 could accidentally be picked up from preceding warnings - instead of the actual error. - - * The ElementMaker in lxml.objectify did not accept a dict as - argument for adding attributes to the element it's building. This - works as in lxml.builder now. - - * LP#1228881: repr(XSLTAccessControl) failed in Python 3. - - * Raise ValueError when trying to append an Element to itself or - to one of its own descendants, instead of running into an infinite - loop. - - * LP#1206077: htmldiff discarded whitespace from the output. - - * Compressed plain-text serialisation to file-like objects was broken. - - * lxml.html.formfill: Fix textarea form filling. - The textarea used to be cleared before the new content was set, - which removed the name attribute. - - Other changes - ------------- - - * Some basic API classes use freelists internally for faster - instantiation. This can speed up some iterparse() scenarios, - for example. - - * iterparse() was rewritten to use the new *PullParser - classes internally instead of being a parser itself. [3.2.4-1] - 3.2.4 (2013-11-07) - ================== - - Bugs fixed - ---------- - - * Memory leak when creating an XPath evaluator in a thread. - - * LP#1228881: repr(XSLTAccessControl) failed in Python 3. - - * Raise ValueError when trying to append an Element to itself or - to one of its own descendants. - - * LP#1206077: htmldiff discarded whitespace from the output. - - * Compressed plain-text serialisation to file-like objects was broken. [3.2.3-2] - Add requirement for on python-cssselect for the python2 version [3.2.3-1] - and here's a version 3.2.3. The last release accidentally lost the ability - to work on Python 2.4. There are no other changes over 3.2.2. - - 3.2.2 (2013-07-28) - ================== - - Features added - -------------- - - Bugs fixed - ---------- - - * LP#1185701: spurious XMLSyntaxError after finishing iterparse(). - - * Crash in lxml.objectify during xsi annotation. - - Other changes - ------------- - - * Return values of user provided element class lookup methods are now - validated against the type of the XML node they represent to prevent - API class mismatches. [3.2.1-1] - 3.2.1 (2013-05-11) - ================== - - Features added - -------------- - - * The methods apply_templates() and process_children() of XSLT - extension elements have gained two new boolean options elements_only - and remove_blank_text that discard either all strings or - whitespace-only strings from the result list. - - Bugs fixed - ---------- - - * When moving Elements to another tree, the namespace cleanup mechanism - no longer drops namespace prefixes from attributes for which it finds - a default namespace declaration, to prevent them from appearing as - unnamespaced attributes after serialisation. - - * Returning non-type objects from a custom class lookup method could lead - to a crash. - - * Instantiating and using subtypes of Comments and ProcessingInstructions - crashed. [3.2.0-1] - 3.2.0 (2013-04-28) - ================== - - Features added - -------------- - - Bugs fixed - ---------- - - * LP#690319: Leading whitespace could change the behaviour of the string - parsing functions in lxml.html. - - * LP#599318: The string parsing functions in lxml.html are more robust - in the face of uncommon HTML content like framesets or missing body tags. - Patch by Stefan Seelmann. - - * LP#712941: I/O errors while trying to access files with paths that - contain non-ASCII characters could raise UnicodeDecodeError instead - of properly reporting the IOError. - - * LP#673205: Parsing from in-memory strings disabled network access in the - default parser and made subsequent attempts to parse from a URL fail. - - * LP#971754: lxml.html.clean appends 'nofollow' to 'rel' attributes instead - of overwriting the current value. - - * LP#715687: lxml.html.clean no longer discards scripts that are explicitly - allowed by the user provided whitelist. Patch by Christine Koppelt. - - 3.1.2 (2013-04-12) - ================== - - Bugs fixed - ---------- - - * LP#1136509: Passing attributes through the namespace-unaware API of - the sax bridge (i.e. the handler.startElement() method) failed - with a TypeError. Patch by Mike Bayer. - - * LP#1123074: Fix serialisation error in XSLT output when converting - the result tree to a Unicode string. - - * GH#105: Replace illegal usage of xmlBufLength() in libxml2 2.9.0 - by properly exported API function xmlBufUse(). - - 3.1.1 (2013-03-29) - ================== - - Features added - -------------- - - Bugs fixed - ---------- - - * LP#1160386: Write access to lxml.html.FormElement.fields raised - an AttributeError in Py3. - - * Illegal memory access during cleanup in incremental xmlfile writer. - - Other changes - ------------- - - * The externally useless class lxml.etree._BaseParser was removed - from the module dict. [3.1.0-1] - 3.1.0 (2013-02-10) - ================== - - Features added - -------------- - - * GH#89: lxml.html.clean allows overriding the set of attributes that it - considers 'safe'. Patch by Francis Devereux. - - Bugs fixed - ---------- - - * LP#1104370: copy.copy(el.attrib) raised an exception. It now returns - a copy of the attributes as a plain Python dict. - - * GH#95: When used with namespace prefixes, the el.find*() methods - always used the first namespace mapping that was provided for each - path expression instead of using the one that was actually passed - in for the current run. - - * LP#1092521, GH#91: Fix undefined C symbol in Python runtimes compiled - without threading support. Patch by Ulrich Seidl. - - Other changes - ------------- - - - 3.1beta1 (2012-12-21) - ===================== - - Features added - -------------- - - * New build-time option --with-unicode-strings for Python 2 that - makes the API always return Unicode strings for names and text - instead of byte strings for plain ASCII content. - - * New incremental XML file writing API etree.xmlfile(). - - * E factory in lxml.objectify is callable to simplify the creation of - tags with non-identifier names without having to resort to getattr(). - - Bugs fixed - ---------- - - * When starting from a non-namespaced element in lxml.objectify, searching - for a child without explicitly specifying a namespace incorrectly found - namespaced elements with the requested local name, instead of restricting - the search to non-namespaced children. - - * GH#85: Deprecation warnings were fixed for Python 3.x. - - * GH#33: lxml.html.fromstring() failed to accept bytes input in Py3. - - * LP#1080792: Static build of libxml2 2.9.0 failed due to missing file. - - Other changes - ------------- - - * The externally useless class _ObjectifyElementMakerCaller was - removed from the module API of lxml.objectify. - - * LP#1075622: lxml.builder is faster for adding text to elements with - many children. Patch by Anders Hammarquist. [3.0.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild [3.0.1-1] - 3.0.1 (2012-10-14) - Bugs fixed - - * LP#1065924: Element proxies could disappear during garbage collection - in PyPy without proper cleanup. - * GH#71: Failure to work with libxml2 2.6.x. - * LP#1065139: static MacOS-X build failed in Py3. [3.0-1] - 3.0 (2012-10-08) - ================ - - Features added - -------------- - - Bugs fixed - ---------- - - * End-of-file handling was incorrect in iterparse() when reading from - a low-level C file stream and failed in libxml2 2.9.0 due to its - improved consistency checks. - - Other changes - ------------- - - * The build no longer uses Cython by default unless the generated C files - are missing. To use Cython, pass the option '--with-cython'. To ignore - the fatal build error when Cython is required but not available (e.g. to - run special setup.py commands that do not actually run a build), pass - '--without-cython'. - - - 3.0beta1 (2012-09-26) - ===================== - - Features added - -------------- - - * Python level access to (optional) libxml2 memory debugging features - to simplify debugging of memory leaks etc. - - Bugs fixed - ---------- - - * Fix a memory leak in XPath by switching to Cython 0.17.1. - - * Some tests were adapted to work with PyPy. - - Other changes - ------------- - - * The code was adapted to work with the upcoming libxml2 2.9.0 release. - - - 3.0alpha2 (2012-08-23) - ====================== - - Features added - -------------- - - * The .iter() method of elements now accepts tag arguments like '{*}name' - to search for elements with a given local name in any namespace. With - this addition, all combinations of wildcards now work as expected: - '{ns}name', '{}name', '{*}name', '{ns}*', '{}*' and '{*}*'. Note that - 'name' is equivalent to '{}name', but '*' is '{*}*'. The same change - applies to the .getiterator(), .itersiblings(), .iterancestors(), - .iterdescendants(), .iterchildren() and .itertext() methods, the - strip_attributes(), strip_elements() and strip_tags() functions as well - as the iterparse() function. - - * C14N allows specifying the inclusive prefixes to be promoted to - top-level during exclusive serialisation. - - Bugs fixed - ---------- - - * Passing long Unicode strings into the feed() parser interface failed to - read the entire string. - - Other changes - ------------- - - - 3.0alpha1 (2012-07-31) - ====================== - - Features added - -------------- - - * Initial support for building in PyPy (through cpyext). - - * DTD objects gained an API that allows read access to their - declarations. - - * xpathgrep.py gained support for parsing line-by-line (e.g. - from grep output) and for surrounding the output with a new root - tag. - - * E-factory in lxml.builder accepts subtypes of known data - types (such as string subtypes) when building elements around them. - - * Tree iteration and iterparse() with a selective tag - argument supports passing a set of tags. Tree nodes will be - returned by the iterators if they match any of the tags. - - Bugs fixed - ---------- - - * The .find*() methods in lxml.objectify no longer use XPath - internally, which makes them faster in many cases (especially when - short circuiting after a single or couple of elements) and fixes - some behavioural differences compared to lxml.etree. Note that - this means that they no longer support arbitrary XPath expressions - but only the subset that the ElementPath language supports. - The previous implementation was also redundant with the normal - XPath support, which can be used as a replacement. - - * el.find('*') could accidentally return a comment or processing - instruction that happened to be in the wrong spot. (Same for the - other .find*() methods.) - - * The error logging is less intrusive and avoids a global setup where - possible. - - * Fixed undefined names in html5lib parser. - - * xpathgrep.py did not work in Python 3. - - * Element.attrib.update() did not accept an attrib of - another Element as parameter. - - * For subtypes of ElementBase that make the .text or .tail - properties immutable (as in objectify, for example), inserting text - when creating Elements through the E-Factory feature of the class - constructor would fail with an exception, stating that the text - cannot be modified. - - Other changes - -------------- - - * The code base was overhauled to properly use 'const' where the API - of libxml2 and libxslt requests it. This also has an impact on the - public C-API of lxml itself, as defined in etreepublic.pxd, as - well as the provided declarations in the lxml/includes/ directory. - Code that uses these declarations may have to be adapted. On the - plus side, this fixes several C compiler warnings, also for user - code, thus making it easier to spot real problems again. - - * The functionality of 'lxml.cssselect' was moved into a separate PyPI - package called 'cssselect'. To continue using it, you must install - that package separately. The 'lxml.cssselect' module is still - available and provides the same interface, provided the 'cssselect' - package can be imported at runtime. - - * Element attributes passed in as an attrib dict or as keyword - arguments are now sorted by (namespaced) name before being created - to make their order predictable for serialisation and iteration. - Note that adding or deleting attributes afterwards does not take - that order into account, i.e. setting a new attribute appends it - after the existing ones. - - * Several classes that are for internal use only were removed - from the lxml.etree module dict: - _InputDocument, _ResolverRegistry, _ResolverContext, _BaseContext, - _ExsltRegExp, _IterparseContext, _TempStore, _ExceptionContext, - __ContentOnlyElement, _AttribIterator, _NamespaceRegistry, - _ClassNamespaceRegistry, _FunctionNamespaceRegistry, - _XPathFunctionNamespaceRegistry, _ParserDictionaryContext, - _FileReaderContext, _ParserContext, _PythonSaxParserTarget, - _TargetParserContext, _ReadOnlyProxy, _ReadOnlyPIProxy, - _ReadOnlyEntityProxy, _ReadOnlyElementProxy, _OpaqueNodeWrapper, - _OpaqueDocumentWrapper, _ModifyContentOnlyProxy, - _ModifyContentOnlyPIProxy, _ModifyContentOnlyEntityProxy, - _AppendOnlyElementProxy, _SaxParserContext, _FilelikeWriter, - _ParserSchemaValidationContext, _XPathContext, - _XSLTResolverContext, _XSLTContext, _XSLTQuotedStringParam - - * Several internal classes can no longer be inherited from: - _InputDocument, _ResolverRegistry, _ExsltRegExp, _ElementUnicodeResult, - _IterparseContext, _TempStore, _AttribIterator, _ClassNamespaceRegistry, - _XPathFunctionNamespaceRegistry, _ParserDictionaryContext, - _FileReaderContext, _PythonSaxParserTarget, _TargetParserContext, - _ReadOnlyPIProxy, _ReadOnlyEntityProxy, _OpaqueDocumentWrapper, - _ModifyContentOnlyPIProxy, _ModifyContentOnlyEntityProxy, - _AppendOnlyElementProxy, _FilelikeWriter, _ParserSchemaValidationContext, - _XPathContext, _XSLTResolverContext, _XSLTContext, - _XSLTQuotedStringParam, _XSLTResultTree, _XSLTProcessingInstruction [2.3.5-1] - Bugs fixed - - * Crash when merging text nodes in element.remove(). - * Crash in sax/target parser when reporting empty doctype. [2.3.4-1] - Bugs fixed - - * Crash when building an nsmap (Element property) with empty namespace - URIs. - * Crash due to race condition when errors (or user messages) occur during - threaded XSLT processing (or compilation). - * XSLT stylesheet compilation could ignore compilation errors. [2.3.3-4] - rebuild for https://fedoraproject.org/wiki/Features/Python_3.3 [2.3.3-3] - remove rhel logic from with_python3 conditional [2.3.3-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [2.3.3-1] - 2.3.3 (2012-01-04) - Features added - - * lxml.html.tostring() gained new serialisation options with_tail and - doctype. - - Bugs fixed - - * Fixed a crash when using iterparse() for HTML parsing and requesting - start events. - * Fixed parsing of more selectors in cssselect. Whitespace before pseudo- - elements and pseudo-classes is significant as it is a descendant - combinator. 'E :pseudo' should parse the same as 'E *:pseudo', not - 'E:pseudo'. Patch by Simon Sapin. - * lxml.html.diff no longer raises an exception when hitting 'img' tags - without 'src' attribute. [2.3.2-1] - 2.3.2 (2011-11-11) - Features added - - * lxml.objectify.deannotate() has a new boolean option - cleanup_namespaces to remove the objectify namespace declarations - (and generally clean up the namespace declarations) after removing - the type annotations. - * lxml.objectify gained its own SubElement() function as a copy of - etree.SubElement to avoid an otherwise redundant import of - lxml.etree on the user side. - - Bugs fixed - - * Fixed the 'descendant' bug in cssselect a second time (after a first - fix in lxml 2.3.1). The previous change resulted in a serious - performance regression for the XPath based evaluation of the - translated expression. Note that this breaks the usage of some - of the generated XPath expressions as XSLT location paths that - previously worked in 2.3.1. - * Fixed parsing of some selectors in cssselect. Whitespace after - combinators '>', '+' and '~' is now correctly ignored. Previously - it was parsed as a descendant combinator. For example, 'div> .foo' - was parsed the same as 'div>* .foo' instead of 'div>.foo'. Patch by - Simon Sapin. [2.3.1-1] - Features added - -------------- - - * New option kill_tags in lxml.html.clean to remove specific - tags and their content (i.e. their whole subtree). - - * pi.get() and pi.attrib on processing instructions to parse - pseudo-attributes from the text content of processing instructions. - - * lxml.get_include() returns a list of include paths that can be - used to compile external C code against lxml.etree. This is - specifically required for statically linked lxml builds when code - needs to compile against the exact same header file versions as lxml - itself. - - * Resolver.resolve_file() takes an additional option - close_file that configures if the file(-like) object will be - closed after reading or not. By default, the file will be closed, - as the user is not expected to keep a reference to it. - - Bugs fixed - ---------- - - * HTML cleaning didn't remove 'data:' links. - - * The html5lib parser integration now uses the 'official' - implementation in html5lib itself, which makes it work with newer - releases of the library. - - * In lxml.sax, endElementNS() could incorrectly reject a plain - tag name when the corresponding start event inferred the same plain - tag name to be in the default namespace. - - * When an open file-like object is passed into parse() or - iterparse(), the parser will no longer close it after use. This - reverts a change in lxml 2.3 where all files would be closed. It is - the users responsibility to properly close the file(-like) object, - also in error cases. - - * Assertion error in lxml.html.cleaner when discarding top-level elements. - - * In lxml.cssselect, use the xpath 'A//B' (short for - 'A/descendant-or-self::node()/B') instead of 'A/descendant::B' for the - css descendant selector ('A B'). This makes a few edge cases to be - consistent with the selector behavior in WebKit and Firefox, and makes - more css expressions valid location paths (for use in xsl:template - match). - - [tags no longer show up in the - collected form values. - - [values to/from a multiple select form - field properly selects them and unselects them. - - Other changes - -------------- - - * Static builds can specify the download directory with the - --download-dir option. [2.3-1] - 2.3 (2011-02-06) - ================ - - Features added - -------------- - - * When looking for children, lxml.objectify takes '{}tag' as - meaning an empty namespace, as opposed to the parent namespace. - - Bugs fixed - ---------- - - * When finished reading from a file-like object, the parser - immediately calls its .close() method. - - * When finished parsing, iterparse() immediately closes the input - file. - - * Work-around for libxml2 bug that can leave the HTML parser in a - non-functional state after parsing a severly broken document (fixed - in libxml2 2.7.8). - - * marque tag in HTML cleanup code is correctly named marquee. - - Other changes - -------------- - - * Some public functions in the Cython-level C-API have more explicit - return types. - - 2.3beta1 (2010-09-06) - ===================== - - Features added - -------------- - - Bugs fixed - ---------- - - * Crash in newer libxml2 versions when moving elements between - documents that had attributes on replaced XInclude nodes. - - * XMLID() function was missing the optional parser and - base_url parameters. - - * Searching for wildcard tags in iterparse() was broken in Py3. - - * lxml.html.open_in_browser() didn't work in Python 3 due to the - use of os.tempnam. It now takes an optional 'encoding' parameter. - - Other changes - -------------- - - 2.3alpha2 (2010-07-24) - ====================== - - Features added - -------------- - - Bugs fixed - ---------- - - * Crash in XSLT when generating text-only result documents with a - stylesheet created in a different thread. - - Other changes - -------------- - - * repr() of Element objects shows the hex ID with leading 0x - (following ElementTree 1.3). - - 2.3alpha1 (2010-06-19) - ====================== - - Features added - -------------- - - * Keyword argument namespaces in lxml.cssselect.CSSSelector() - to pass a prefix-to-namespace mapping for the selector. - - * New function lxml.etree.register_namespace(prefix, uri) that - globally registers a namespace prefix for a namespace that newly - created Elements in that namespace will use automatically. Follows - ElementTree 1.3. - - * Support 'unicode' string name as encoding parameter in - tostring(), following ElementTree 1.3. - - * Support 'c14n' serialisation method in ElementTree.write() and - tostring(), following ElementTree 1.3. - - * The ElementPath expression syntax (el.find*()) was extended to - match the upcoming ElementTree 1.3 that will ship in the standard - library of Python 3.2/2.7. This includes extended support for - predicates as well as namespace prefixes (as known from XPath). - - * During regular XPath evaluation, various ESXLT functions are - available within their namespace when using libxslt 1.1.26 or later. - - * Support passing a readily configured logger instance into - PyErrorLog, instead of a logger name. - - * On serialisation, the new doctype parameter can be used to - override the DOCTYPE (internal subset) of the document. - - * New parameter output_parent to XSLTExtension.apply_templates() - to append the resulting content directly to an output element. - - * XSLTExtension.process_children() to process the content of the - XSLT extension element itself. - - * ISO-Schematron support based on the de-facto Schematron reference - 'skeleton implementation'. - - * XSLT objects now take XPath object as __call__ stylesheet - parameters. - - * Enable path caching in ElementPath (el.find*()) to avoid parsing - overhead. - - * Setting the value of a namespaced attribute always uses a prefixed - namespace instead of the default namespace even if both declare the - same namespace URI. This avoids serialisation problems when an - attribute from a default namespace is set on an element from a - different namespace. - - * XSLT extension elements: support for XSLT context nodes other than - elements: document root, comments, processing instructions. - - * Support for strings (in addition to Elements) in node-sets returned - by extension functions. - - * Forms that lack an action attribute default to the base URL of - the document on submit. - - * XPath attribute result strings have an attrname property. - - * Namespace URIs get validated against RFC 3986 at the API level - (required by the XML namespace specification). - - * Target parsers show their target object in the .target property - (compatible with ElementTree). - - Bugs fixed - ---------- - - * API is hardened against invalid proxy instances to prevent crashes - due to incorrectly instantiated Element instances. - - * Prevent crash when instantiating CommentBase and friends. - - * Export ElementTree compatible XML parser class as - XMLTreeBuilder, as it is called in ET 1.2. - - * ObjectifiedDataElements in lxml.objectify were not hashable. They - now use the hash value of the underlying Python value (string, - number, etc.) to which they compare equal. - - * Parsing broken fragments in lxml.html could fail if the fragment - contained an orphaned closing '</div>' tag. - - * Using XSLT extension elements around the root of the output document - crashed. - - * lxml.cssselect did not distinguish between x[attr='val'] and - x [attr='val'] (with a space). The latter now matches the - attribute independent of the element. - - * Rewriting multiple links inside of HTML text content could end up - replacing unrelated content as replacements could impact the - reported position of subsequent matches. Modifications are now - simplified by letting the iterlinks() generator in lxml.html - return links in reversed order if they appear inside the same text - node. Thus, replacements and link-internal modifications no longer - change the position of links reported afterwards. - - * The .value attribute of textarea elements in lxml.html did - not represent the complete raw value (including child tags etc.). It - now serialises the complete content on read and replaces the - complete content by a string on write. - - * Target parser didn't call .close() on the target object if - parsing failed. Now it is guaranteed that .close() will be - called after parsing, regardless of the outcome. - - Other changes - ------------- - - * Official support for Python 3.1.2 and later. - - * Static MS Windows builds can now download their dependencies - themselves. - - * Element.attrib no longer uses a cyclic reference back to its - Element object. It therefore no longer requires the garbage - collector to clean up. - - * Static builds include libiconv, in addition to libxml2 and libxslt. [2.2.8-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [2.2.8-3] - rebuild for newer python3 [2.2.8-2] - Rebuild for newer libxml2 [2.2.8-1] - 2.2.8 (2010-09-02) - Bugs fixed - - * Crash in newer libxml2 versions when moving elements between - documents that had attributes on replaced XInclude nodes. - * Import fix for urljoin in Python 3.1+. [2.2.7-3] - Don't byte-compile files during install because setup.py doesn't properly byte compile for Python version 3.2 [2.2.7-2] - Rebuild for Python 3.2 [2.2.7-1] - 2.2.7 (2010-07-24) - Bugs fixed - - * Crash in XSLT when generating text-only result documents with a stylesheet created in a different thread. [2.2.6-4] - actually add the patch this time [2.2.6-3] - workaround for 2to3 issue (patch 0; bug 600036) [2.2.6-2] - Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild [2.2.6-1] - 2.2.6 (2010-03-02) - - Bugs fixed - - * Fixed several Python 3 regressions by building with Cython 0.11.3. [2.2.5-1] - 2.2.5 (2010-02-28) - - Features added - - * Support for running XSLT extension elements on the input root node - (e.g. in a template matching on '/'). - - Bugs fixed - - * Crash in XPath evaluation when reading smart strings from a document - other than the original context document. - * Support recent versions of html5lib by not requiring its XHTMLParser - in htmlparser.py anymore. - * Manually instantiating the custom element classes in lxml.objectify - could crash. - * Invalid XML text characters were not rejected by the API when they - appeared in unicode strings directly after non-ASCII characters. - * lxml.html.open_http_urllib() did not work in Python 3. - * The functions strip_tags() and strip_elements() in lxml.etree did - not remove all occurrences of a tag in all cases. - * Crash in XSLT extension elements when the XSLT context node is not - an element. [2.2.4-2] - update to current python3 guidelines - be more explicit in %files - use %global and not %define - create docs subpackage - add stripping 3-byte Byte Order Marker from src/lxml/tests/test_errors.py to get 2to3 to work (dmalcolm) - fixes FTBFS (#564674) [2.2.4-1] - Update to 2.2.4 - Enable Python 3 subpackage [2.2.3-3] - F-13's python build chain must be a little different... [2.2.3-2] - Add option to build a Python 3 subpackage, original patch by David Malcolm [2.2.3-1] - 2.2.3 (2009-10-30) - Bugs fixed - - * The resolve_entities option did not work in the incremental feed - parser. - * Looking up and deleting attributes without a namespace could hit a - namespaced attribute of the same name instead. - * Late errors during calls to SubElement() (e.g. attribute related - ones) could leave a partially initialised element in the tree. - * Modifying trees that contain parsed entity references could result - in an infinite loop. - * ObjectifiedElement.__setattr__ created an empty-string child element - when the attribute value was rejected as a non-unicode/non-ascii - string - * Syntax errors in lxml.cssselect could result in misleading error - messages. - * Invalid syntax in CSS expressions could lead to an infinite loop in - the parser of lxml.cssselect. - * CSS special character escapes were not properly handled in - lxml.cssselect. - * CSS Unicode escapes were not properly decoded in lxml.cssselect. - * Select options in HTML forms that had no explicit value attribute - were not handled correctly. The HTML standard dictates that their - value is defined by their text content. This is now supported by - lxml.html. - * XPath raised a TypeError when finding CDATA sections. This is now - fully supported. - * Calling help(lxml.objectify) didn't work at the prompt. - * The ElementMaker in lxml.objectify no longer defines the default - namespaces when annotation is disabled. - * Feed parser failed to honour the 'recover' option on parse errors. - * Diverting the error logging to Python's logging system was broken. [2.2.2-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [2.2.2-1] - 2.2.2 (2009-06-21) - Features added - - * New helper functions strip_attributes(), strip_elements(), - strip_tags() in lxml.etree to remove attributes/subtrees/tags - from a subtree. - - Bugs fixed - - * Namespace cleanup on subtree insertions could result in missing - namespace declarations (and potentially crashes) if the element - defining a namespace was deleted and the namespace was not used - by the top element of the inserted subtree but only in deeper - subtrees. - * Raising an exception from a parser target callback didn't always - terminate the parser. - * Only {true, false, 1, 0} are accepted as the lexical representation - for BoolElement ({True, False, T, F, t, f} not any more), restoring - lxml <= 2.0 behaviour. [2.2.1-1] - 2.2.1 (2009-06-02) - Features added - - * Injecting default attributes into a document during XML Schema - validation (also at parse time). - * Pass huge_tree parser option to disable parser security restrictions - imposed by libxml2 2.7. - - Bugs fixed - - * The script for statically building libxml2 and libxslt didn't work - in Py3. - * XMLSchema() also passes invalid schema documents on to libxml2 for - parsing (which could lead to a crash before release 2.6.24). [2.2-1] - 2.2 (2009-03-21) - Features added - - * Support for standalone flag in XML declaration through - tree.docinfo.standalone and by passing standalone=True/False on - serialisation. - - Bugs fixed - - * Crash when parsing an XML Schema with external imports from a - filename. [2.2-0.8.beta4] - 2.2beta4 (2009-02-27) - Features added - - * Support strings and instantiable Element classes as child arguments - to the constructor of custom Element classes. - * GZip compression support for serialisation to files and file-like - objects. - - Bugs fixed - - * Deep-copying an ElementTree copied neither its sibling PIs and - comments nor its internal/external DTD subsets. - * Soupparser failed on broken attributes without values. - * Crash in XSLT when overwriting an already defined attribute using - xsl:attribute. - * Crash bug in exception handling code under Python 3. This was due to - a problem in Cython, not lxml itself. - * lxml.html.FormElement._name() failed for non top-level forms. - * TAG special attribute in constructor of custom Element classes was - evaluated incorrectly. - - Other changes - - * Official support for Python 3.0.1. - * Element.findtext() now returns an empty string instead of None for - Elements without text content. [2.2-0.7.beta3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild [2.2-0.6.beta3] - 2.2beta3 (2009-02-17) - Features added - - * XSLT.strparam() class method to wrap quoted string parameters that - require escaping. - - Bugs fixed - - * Memory leak in XPath evaluators. - * Crash when parsing indented XML in one thread and merging it with - other documents parsed in another thread. - * Setting the base attribute in lxml.objectify from a unicode string - failed. - * Fixes following changes in Python 3.0.1. - * Minor fixes for Python 3. - - Other changes - - * The global error log (which is copied into the exception log) is now - local to a thread, which fixes some race conditions. - * More robust error handling on serialisation. [2.2-0.5.beta2] - 2.2beta2 (2009-01-25) - Bugs fixed - - * Potential memory leak on exception handling. This was due to a - problem in Cython, not lxml itself. - * iter_links (and related link-rewriting functions) in lxml.html would - interpret CSS like url('link') incorrectly (treating the quotation - marks as part of the link). - * Failing import on systems that have an io module. [2.2-0.4.beta1] - 2.2beta1 (2008-12-12) - Features added - - * Allow lxml.html.diff.htmldiff to accept Element objects, - not just HTML strings. - - Bugs fixed - - * Crash when using an XPath evaluator in multiple threads. - * Fixed missing whitespace before Link:... in lxml.html.diff. - - Other changes - - * Export lxml.html.parse. [2.2-0.3.alpha1] - Rebuild for Python 2.6 [2.2-0.2.alpha1] - Don't forget to upload the sources! [2.2-0.1.alpha1] - 2.2alpha1 (2008-11-23) - Features added - - * Support for XSLT result tree fragments in XPath/XSLT extension - functions. - * QName objects have new properties namespace and localname. - * New options for exclusive C14N and C14N without comments. - * Instantiating a custom Element classes creates a new Element. - - Bugs fixed - - * XSLT didn't inherit the parse options of the input document. - * 0-bytes could slip through the API when used inside of Unicode - strings. - * With lxml.html.clean.autolink, links with balanced parenthesis, that - end in a parenthesis, will be linked in their entirety (typical with - Wikipedia links). [2.1.3-1] - 2.1.3 (2008-11-17) - Bugs fixed - - * Ref-count leaks when lxml enters a try-except statement while an - outside exception lives in sys.exc_*(). This was due to a problem - in Cython, not lxml itself. - * Parser Unicode decoding errors could get swallowed by other - exceptions. - * Name/import errors in some Python modules. - * Internal DTD subsets that did not specify a system or public ID - were not serialised and did not appear in the docinfo property - of ElementTrees. - * Fix a pre-Py3k warning when parsing from a gzip file in Py2.6. - * Test suite fixes for libxml2 2.7. - * Resolver.resolve_string() did not work for non-ASCII byte strings. - * Resolver.resolve_file() was broken. - * Overriding the parser encoding didn't work for many encodings. [2.1.2-1] - 2.1.2 (2008-09-05) - Features added - - * lxml.etree now tries to find the absolute path name of files when - parsing from a file-like object. This helps custom resolvers when - resolving relative URLs, as lixbml2 can prepend them with the path of - the source document. - - Bugs fixed - - * Memory problem when passing documents between threads. - * Target parser did not honour the recover option and raised an exception - instead of calling .close() on the target. [2.1.1-1] - Update to 2.1.1 [2.0.7-1] - Update to 2.0.7 - Update download URL [2.0.6-1] - Update to 2.0.6 [2.0.5-1] - Update to 2.0.5 [2.0.3-1] - Update to 2.0.3 [2.0.2-1] - Update to 2.0.2 [2.0.1-1] - Update to 2.0.1 [1.3.6-2] - Autorebuild for GCC 4.3 [1.3.6-1] - Update to 1.3.6. [1.3.5-1] - Update to 1.3.5. [1.3.4-1] - Update to 1.3.4. [1.3.3-3] - Rebuild for selinux ppc32 issue. [1.3.3-2] - BR python-setuptools-devel [1.3.3-1] - Update to 1.3.3 [1.1.2-1] - Update to 1.1.2 [1.0.3-3] - Rebuild for new Python [1.0.3-2] - Rebuild for FC6 [1.0.3-1] - Update to new upstream version [1.0.2-2] - Include, don't ghost .pyo files per new guidelines [1.0.2-1] - Update to new upstream release [1.0.1-1] - Update to new upstream release [1.0-1] - Update to new upstream 1.0 release [0.9.1-3] - Add python-setuptools to BuildRequires - Use dist tag [0.9.1-2] - Fix summary and description [0.9.1-1] - update the new upstream version - remove Pyrex build req [0.8-1] - Initial package python-markupsafe [0.23-19] - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz#1695587 [0.23-18] - Make possible to disable python3 subpackage - Disable debugsource package [0.23-17] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [0.23-16] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [0.23-15] - Clean up spec file [0.23-14] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [0.23-13] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [0.23-12] - Rebuild for Python 3.6 [0.23-11] - Ship python2-markupsafe - Modernize spec [0.23-10] - https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages [0.23-9] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [0.23-8] - Rebuilt for Python3.5 rebuild [0.23-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [0.23-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild [0.23-5] - Replace the python-setuptools-devel BR with python-setuptools [0.23-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [0.23-3] - Really rebuild for Python 3.4 [0.23-2] - Rebuild for Python 3.4 [0.23-1] - Update to 0.23 [0.18-1] - Update to 0.18 (#678537) [0.11-9] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild [0.11-8] - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild [0.11-7] - rebuild for https://fedoraproject.org/wiki/Features/Python_3.3 [0.11-6] - remove rhel logic from with_python3 conditional [0.11-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [0.11-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [0.11-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [0.11-2] - rebuild for newer python3 [0.11-1] - Update to 0.11 [0.9.2-5] - rebuild with python3.2 http://lists.fedoraproject.org/pipermail/devel/2010-August/141368.html [0.9.2-4] - Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild [0.9.2-3] - Fix missing setuptools BuildRequires. [0.9.2-2] - Fixed sitearch and python3 definitions to work better with older Fedora/RHEL. [0.9.2-1] - Initial version. python-mock python-nose python-pluggy python-psycopg2 [2.7.5-8] - Added patch for support pq_get_result_async() - Resolves: #1909674 [2.7.5-7] - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz#1695587 [2.7.5-6] - Use the fully versioned binaries during build - Related: rhbz#1619153 [2.7.5-5] - Require python2-psycopg2 instead of python-psycopg2 from the python2-psycopg2-debug subpackage - Resolves: rhbz#1628242 [2.7.5-4] - re-enable testsuite [2.7.5-3] - Disable failing tests [2.7.5-2] - BuildRequire also python36-rpm-macros as part of the python36 module build [2.7.5-1] - sync with fedora rawhide [2.7.4-5] - Let the doc subpackage be standalone installable [2.7.4-4] - Make requires on python36-devel/debug dependant on a python36_module bcond [2.7.4-3] - Revert switching Python 3 subpackages to the python3X- prefix - Switch only the requires for python3-devel/debug to the python36-prefix: the rest of the packages in the python36 collection will have the python3 prefix to be unified with the Python 3 packages for Platform-Python [2.7.4-2] - Switch the Python 3 subpackages to the python3X- prefix using the 3 macro [2.7.4-1] - rebase to latest upstream release, per release notes: http://initd.org/psycopg/articles/2018/02/08/psycopg-274-released/ [2.7.3.2-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [2.7.3.2-2] - treat python3/python2 equally [2.7.3.2-1] - update to 2.7.3.2, per release notes: http://initd.org/psycopg/articles/2017/10/24/psycopg-2732-released/ [2.7.3.1-1] - http://initd.org/psycopg/articles/2017/08/26/psycopg-2731-released/ [2.7.3-1] - rebase to latest upstream release, per release notes: http://initd.org/psycopg/articles/2017/07/24/psycopg-273-released/ [2.7.2-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [2.7.2-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [2.7.2-1] - rebase to latest upstream release, per release notes: http://initd.org/psycopg/articles/2017/07/22/psycopg-272-released/ [2.7.1-1] - rebase to latest upstream release, per release notes: http://initd.org/psycopg/articles/2017/03/01/psycopg-271-released/ - fix testsuite [2.7-1] - rebase to latest upstream release, per release notes: http://initd.org/psycopg/articles/2017/03/01/psycopg-27-released/ - enable testsuite during build, and package it [2.6.2-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [2.6.2-3] - Rebuild for Python 3.6 [2.6.2-2] - https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages [2.6.2-1] - rebase (rhbz#1353545), per release notes http://initd.org/psycopg/articles/2016/07/07/psycopg-262-released/ [2.6.1-6] - provide python2-psycopg2 (rhbz#1306025) - cleanup obsoleted packaging stuff [2.6.1-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [2.6.1-4] - again bump for new Python 3.5, not build previously? - fix rpmlint issues - no pyo files with python 3.5 * Tue Nov 10 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5 [2.6.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [2.6.1-1] - Update to 2.6.1 [2.6-1] - Update to 2.6, per changes described at: http://www.psycopg.org/psycopg/articles/2015/02/09/psycopg-26-and-255-released/ [2.5.4-1] - Update to 2.5.4, per changes described at: http://www.psycopg.org/psycopg/articles/2014/08/30/psycopg-254-released [2.5.3-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild [2.5.3-1] - rebase to most recent upstream version, per release notes: http://www.psycopg.org/psycopg/articles/2014/05/13/psycopg-253-released/ [2.5.2-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [2.5.2-2] - Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 [2.5.2-1] - Update to 2.5.2, per changes described at: http://www.psycopg.org/psycopg/articles/2014/01/07/psycopg-252-released [2.5.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild [2.5.1-1] - rebase to 2.5.1 [2.5-1] - Update to 2.5, per changes described at: http://www.psycopg.org/psycopg/articles/2013/04/07/psycopg-25-released/ [2.4.5-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild [2.4.5-6] - rebuild for https://fedoraproject.org/wiki/Features/Python_3.3 [2.4.5-5] - generalize python 3 fileglobbing to work with both Python 3.2 and 3.3 [2.4.5-4] - replace 'python3.2dmu' with 'python3-debug'; with_python3 fixes [2.4.5-3] - add with_python3 conditional [2.4.5-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [2.4.5-1] - Update to 2.4.5 [2.4.4-1] - Update to 2.4.4 - More specfile neatnik-ism [2.4.2-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [2.4.2-2] - Fix mistaken %dir marking on python3 files, per Dan Horak [2.4.2-1] - Update to 2.4.2 Related: #711095 - Some neatnik specfile cleanups [2.4-0.beta2] - 2.4.0-beta2 - add python 2 debug, python3 (optimized) and python3-debug subpackages [2.3.2-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [2.3.2-1] - Update to 2.3.2 - Clean up a few rpmlint warnings [2.2.2-3] - Fix incorrect (and invalid) License: tag. [2.2.2-2] - Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild [2.2.2-1] - Update to 2.2.2 [2.2.1-1] - Update to 2.2.1 - Improve description for 2.2 features. - Changelog for 2.2.0 is: http://initd.org/pub/software/psycopg/ChangeLog-2.2 [2.0.14-1] - Update to 2.0.14 - Update license (upstream switched to LGPL3) [2.0.13-2] - Fix rpmlint complaints: remove unneeded explicit Requires:, use Conflicts: instead of bogus Obsoletes: to indicate lack of zope subpackage [2.0.13-1] - Update to 2.0.13 [2.0.12-1] - Update to 2.0.12 [2.0.11-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [2.0.11-1] - Update to 2.0.11 [2.0.10-1] - Update to 2.0.10 [2.0.9-1] - Update to 2.0.9 [2.0.8-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild [2.0.8-2] - Rebuild for Python 2.6 [2.0.8-1] - Update to 2.0.8 [2.0.8-1] - Update to 2.0.8 [2.0.7-3] - Rebuild for Python 2.6 [2.0.7-2] - fix license tags [2.0.7-1] - Update to 2.0.7 [2.0.6-4.1] - Autorebuild for GCC 4.3 [2.0.6-3.1] - Rebuilt against PostgreSQL 8.3 [2.0.6-3] - Rebuild for rawhide changes [2.0.6-2] - Rebuild for selinux ppc32 issue. [2.0.6-1] - Update to 2.0.6 [2.0.5.1-8] - Disabled zope package temporarily. [2.0.5.1-7] - Rebuilt [2.0.5.1-5] - Bumped up spec version [2.0.5.1-4] - Rebuilt for PostgreSQL 8.2.0 [2.0.5.1-3] - Rebuilt [2.0.5.1-2] - Remove ghost'ing, per Python Packaging Guidelines [2.0.5.1-1] - Update to 2.0.5.1 [2.0.3-3] - Fixed zope package dependencies and macro definition, per bugzilla review (#199784) - Fixed zope package directory ownership, per bugzilla review (#199784) - Fixed cp usage for zope subpackage, per bugzilla review (#199784) [2.0.3-2] - Fixed 64 bit builds - Fixed license - Added Zope subpackage - Fixed typo in doc description - Added macro for zope subpackage dir [2.0.3-1] - Update to 2.0.3 - Fixed spec file, per bugzilla review (#199784) [2.0.2-3] - Removed python dependency, per bugzilla review. (#199784) - Changed doc package group, per bugzilla review. (#199784) - Replaced dos2unix with sed, per guidelines and bugzilla review (#199784) - Fix changelog dates [2.0.2-2] - Added dos2unix to buildrequires - removed python related part from package name [2.0.2-1] - Fix rpmlint errors, including dos2unix solution - Re-engineered spec file * Mon Jan 23 2006 - Devrim GUNDUZ <devrim@commandprompt.com> - First 2.0.X build * Mon Jan 23 2006 - Devrim GUNDUZ <devrim@commandprompt.com> - Update to 1.2.21 * Tue Dec 06 2005 - Devrim GUNDUZ <devrim@commandprompt.com> - Initial release for 1.1.20 python-pygments python-pymongo python-PyMySQL [0.8.0-10] - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz#1695587 [0.8.0-9] - Make possible to disable python3 subpackage [0.8.0-8] - BuildRequire also python36-rpm-macros as part of the python36 module build [0.8.0-7] - Add a bcond for python2 [0.8.0-6] - Make requires on python36-devel dependant on a python36_module bcond [0.8.0-5] - Hardcode requires on python36-devel for the python36 module. This will have to be modified when python37 is added. [0.8.0-4] - make spec file compatible with epel7 - remove conditionals and always build for Python 3 [0.8.0-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [0.8.0-2] - Update Python 2 dependency declarations to new packaging standards (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) [0.8.0-1] - Update to 0.8.0 [0.7.11-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [0.7.11-1] - Update to 0.7.11 [0.7.10-1] - Update to 0.7.10 [0.7.9-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [0.7.9-3] - Rebuild for Python 3.6 [0.7.9-2] - cherrypick commit 755dfdc upstream to allow bind before connect Related: rhbz#1378008 [0.7.9-1] - Update to 0.7.9 [0.6.7-6] - https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages [0.6.7-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [0.6.7-4] - Correct installation problems due to Requires: mariadb [0.6.7-3] - Rebuilt for python 3.5 [0.6.7-2] - Drop unnecessary mariadb requirement - Add python3 conditionals in order to rebuild it in EL7 [0.6.7-1] - Update to 0.6.7 [0.6.6-4] - Use %license in %files [0.6.6-3] - Move python2 package in its own subpackage - Add provides [0.6.6-2] - Add Provides: python2-PyMySQL - Remove usage of %py3dir [0.6.6-1] - Update to 0.6.6 [0.6.2-1] - Initial packaging python-py python-pysocks [1.6.8-6] - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz#1695587 [1.6.8-5] - Stop providing the unversioned name python-SocksiPy - Resolves: rhbz#1628242 [1.6.8-4] - Make possible to disable python3 subpackage [1.6.8-3] - First version for python27 module python-pytest-mock python-requests [2.20.0-4] - Security fix for CVE-2023-32681 Resolves: rhbz#2209469 [2.20.0-3] - Properly handle default ports when stripping the authorization header Resolves: rhbz#1762422 [2.20.0-2] - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz#1695587 [2.20.0-1] - Update to v2.20.0 for CVE-2018-18074. [2.19.1-5] - Make possible to disable python3 subpackage [2.19.1-4] - First version for python27 module [2.19.1-3] - Allow build with Python 2 [2.19.1-2] - Remove the python-pytest-cov dependency [2.19.1-1] - Update to v2.19.1 (rhbz 1591531) [2.19.0-1] - Update to v2.19.0 (rhbz 1590508) [2.18.4-6] - Skip all tests needing httpbin: httpbin has too many dependencies to be shipped in RHEL just for build-time package tests [2.18.4-5] - BR idna, or the tests fail to start [2.18.4-4] - Stop injecting PyOpenSSL (rhbz 1567862) [2.18.4-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [2.18.4-2] - Fix ambiguous Python 2 dependency declarations (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) [2.18.4-1] - Update to 2.18.4 [2.18.2-1] - Update to 2.18.2 [2.18.1-2] - Drop the dependency on certifi in setup.py [2.18.1-1] - Update to 2.18.1 (#1449432) - Remove tests that require non-local network (#1450608) [2.14.2-1] - Update to 2.14.2 (#1449432) - Switch to autosetup to apply patches [2.13.0-2] - Don't run tests when building as a module [2.13.0-1] - Update to 2.13.0 (#1418138) [2.12.4-3] - Include and enable tests (now python-pytest-httpbin is packaged) [2.12.4-2] - Rebuild for Python 3.6 again. [2.12.4-1] - Update to 2.12.4. Fixes #1404680 [2.12.3-2] - Rebuild for Python 3.6 [2.12.3-1] - Update to 2.12.3. Fixes #1400601 [2.12.2-1] - Update to 2.12.2 [2.12.1-2] - Backport #3713. Fixes #1397149 [2.12.1-1] - Update to 2.12.1. Fixes #1395469 - Unbundle idna, a new upstream dependency [2.11.1-1] - Update to 2.11.1. Fixes #1370814 [2.11.0-1] - Update to 2.11.0. Fixes #1365332 [2.10.0-4] - https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages [2.10.0-3] - Update python2 packaging. [2.10.0-2] - Fix python2 subpackage to comply with guidelines. [2.9.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [2.9.1-1] - new version [2.9.0-1] - new version [2.8.1-1] - Latest upstream. - Bump hard dep on urllib3 to 1.12. [2.7.0-8] - Rebuilt for Python3.5 rebuild [2.7.0-7] - Tell setuptools about what version of urllib3 we're unbundling for https://github.com/kennethreitz/requests/issues/2816 [2.7.0-6] - Replace the provides macro with a plain provides field for now until we can re-organize this package into two different subpackages. [2.7.0-5] - Remove 'provides: python2-requests' from the python3 subpackage, obviously. [2.7.0-4] - Employ %python_provides macro to provide python2-requests. [2.7.0-3] - Lock down the python-urllib3 version to the specific version we unbundled. https://bugzilla.redhat.com/show_bug.cgi?id=1253823 [2.7.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [2.7.0-1] - new version [2.6.2-1] - new version [2.6.1-1] - new version [2.6.0-1] - new version - Remove patch for CVE-2015-2296, now included in the upstream release. [2.5.3-2] - Backport fix for CVE-2015-2296. [2.5.3-1] - new version [2.5.1-1] - new version [2.5.0-3] - Pin python-urllib3 requirement at 1.10. - Fix requirement pinning syntax. [2.5.0-2] - Do the most basic of tests in the check section. [2.5.0-1] - Latest upstream, 2.5.0 for #1171068 [2.4.3-1] - Latest upstream, 2.4.3 for #1136283 [2.3.0-4] - Re-do unbundling by symlinking system libs into the requests/packages/ dir. [2.3.0-3] - fix license handling [2.3.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [2.3.0-1] - Latest upstream [2.0.0-2] - Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 [2.0.0-1] - Latest upstream. - Add doc macro to the python3 files section. - Require python-urllib3 greater than or at 1.7.1. [1.2.3-5] - fix versioned dep on python-urllib3 [1.2.3-4] - Explicitly versioned the requirements on python-urllib3. [1.2.3-3] - Release bump for a coupled update with python-urllib3. [1.2.3-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild [1.2.3-1] - Latest upstream. - Fixed bogus date in changelog. [1.1.0-4] - Correct a rhel conditional on python-ordereddict [1.1.0-3] - Unbundled python-urllib3. Using system python-urllib3 now. - Conditionally include python-ordereddict for el6. [1.1.0-2] - Unbundled python-charade/chardet. Using system python-chardet now. - Removed deprecated comments and actions against oauthlib unbundling. Those are no longer necessary in 1.1.0. - Added links to bz tickets over Patch declarations. [1.1.0-1] - Latest upstream. - Relicense to ASL 2.0 with upstream. - Removed cookie handling patch (fixed in upstream tarball). - Updated cert unbundling patch to match upstream. - Added check section, but left it commented out for koji. [0.14.1-4] - Let brp_python_bytecompile run again, take care of the non-python{2,3} modules by removing them from the python{,3}-requests package that they did not belong in. - Use the certificates in the ca-certificates package instead of the bundled one + https://bugzilla.redhat.com/show_bug.cgi?id=904614 - Fix a problem with cookie handling + https://bugzilla.redhat.com/show_bug.cgi?id=906924 [ 0.14.1-1] - Updated to latest upstream release [0.13.1-1] - Updated to latest upstream release 0.13.1 - Use system provided ca-certificates - No more async requests use grrequests https://github.com/kennethreitz/grequests - Remove gevent as it is no longer required by requests [0.11.1-1] - Updated to upstream release 0.11.1 [0.10.6-3] - Support building package for EL6 [0.10.6-2] - +python3-requests pkg [0.10.6-1] - Updated to new upstream version [0.9.3-1] - Updated to new upstream version 0.9.3 - Include python-gevent as a dependency for requests.async - Clean up shebangs in requests/setup.py,test_requests.py and test_requests_ext.py [0.8.2-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [0.8.2-1] - New upstream version - keep alive support - complete removal of cookiejar and urllib2 [0.7.6-1] - Updated to new upstream release 0.7.6 [0.6.6-1] - Updated to version 0.6.6 [0.6.1-1] - Updated to version 0.6.1 [0.6.0-1] - Updated to latest version 0.6.0 [0.5.1-2] - Remove OPT_FLAGS from build section since it is a noarch package - Fix use of mixed tabs and space - Remove extra space around the word cumbersome in description [0.5.1-1] - Initial package python-setuptools_scm python-sqlalchemy python-urllib3 [1.24.2-4] - Security fix for CVE-2023-43804 Resolves: RHEL-11993 [1.24.2-3] - Update RECENT_DATE dynamically Related: rhbz#1883890 rhbz#1761380 [1.24.2-2] - Security fix for CVE-2020-26137 Resolves: rhbz#1883890 [1.24.2-1] - Rebased to 1.24.2 to fix CVE-2019-11324 - Added patches for CVE-2019-11236 (AKA CVE-2019-9740) - Resolves: rhbz#1706765 rhbz#1706762 [1.23-7] - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz#1695587 [1.23-6] - Make possible to disable python3 subpackage [1.23-5] - First version for python27 module python-virtualenv python-wheel pytz [2017.2-13] - Fix FTBFS with newest tzdata Resolves: rhbz#2217852 [2017.2-12] - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz#1695587 [2017-2-11] - Remove unversioned provides - Resolves: rhbz#1628242 [2017.2-10] - Fix unversioned requires/buildrequires - Resolves: rhbz#1628242 [2017.2-9] - Switch python3 coditions to bcond [2017.2-8] - Change the shebang to a versioned Python executable [2017.2-7] - Switch __python for __python2 macro. [2017.2-6] - remove test_tzinfo.PicklingTest.testRoundtrip which fails with our system-wide timezone database (#1497572) [2017.2-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [2017.2-4] - Cleanup spec file conditionals [2017.2-3] - Python 2 binary package renamed to python2-pytz See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3 [2017.2-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [2017.2-1] - Update to 2017.2 [2016.10-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [2016.10-3] - Enable tests [2016.10-2] - Rebuild for Python 3.6 - Disable python3 tests for now [2016.10-1] - Update to 2016.10 [2016.7-1] - Update to 2016.7 [2016.6.1-1] - Update to 2016.6.1 (RHBZ #1356337) - Fix Source0 URL to override a change in PyPI URLs (see https://bitbucket.org/pypa/pypi/issues/438/) [2016.4-3] - https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages [2016.4-1] - Use proper PYTHONPATH with python3 test - Use %license - Drop BuildRoot and %clean [2016.4-1] - Update to 2016.4 (RHBZ #1265036) [2015.7-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [2015.7-2] - Rebuilt for Python3.5 rebuild [2015.7-1] - Update to 2015.7 [2015.4-1] - Update to 2015.4 (bug #1161236) - Do not ship zoneinfo with python3 package (bug #1251554) - Run tests [2012d-8] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [2012d-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [2012d-6] - Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 [2012d-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild [2012d-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild [2012d-3] - remove rhel logic from with_python3 conditional [2012d-2] - Use system zoneinfo, BZ 857266. [2012d-1] - Latest upstream, python3 support, BZ 851226. [2010h-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [2010h-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [2010h-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [2010h-3] - Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild [2010h-2] - Define => global [2010h-1] - Update to current version, BZ 573252. [2009i-7] - Corrected Source0 URL, BZ 560168. [2008i-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [2008i-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild [2008i-4] - Rebuild for Python 2.6 [2008i-3] - Apply patch correctly. [2008i-2] - Updated tzdata patch from Petr Machata bug 471014 [2008i-1] - Update to latest, now using timezone files provided by tzdata package [2006p-3] - Fix for egg-info file creation [2006p-2] - Bump for rebuild against python 2.5 and change BR to python-devel accordingly [2006p-1] - Update to 2006p [2006g-1] - Update to 2006g [2005r-2] - Rebuild for gcc/glibc changes [2005r-1] - Update to 2005r [2005m-1] - Update to 2005m [2005i-2] - Remove -O1 from install command [2005i-1] - Initial Fedora Extras package PyYAML [3.12-16] - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz#1695587 [3.12-15] - Remove unversioned provides - Resolves: rhbz#1628242 [3.12-14] - Remove unversioned provides - Resolves: rhbz#1628242 [3.12-13] - Fix unversioned requires/buildrequires - Resolves: rhbz#1628242 [3.12-12] - Switch python3 coditions to bcond [3.12-11] - Use python2 macros instead of unversioned python macros [3.12-10] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [3.12-9] - Fix ambiguous Python 2 dependency declarations (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) [3.12-8] - Cleanup spec file conditionals [3.12-7] - Add Provides for the old name without %_isa [3.12-6] - Python 2 binary package renamed to python2-pyyaml See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3 [3.12-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [3.12-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [3.12-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [3.12-2] - Rebuild for Python 3.6 [3.12-1] - New upstream release 3.12 (RHBZ#1371150) [3.11-13] - https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages [3.11-12] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [3.11-11] - Add provides for python3-yaml (RHBZ#1288807) [3.11-10] - Rebuilt for Python3.5 rebuild [3.11-9] - Add provides for python2-yaml (RHBZ#1241678) [3.11-8] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [3.11-7] - Add patch for CVE-2014-9130 (bug 1204829) [3.11-6] - fixed typecast issues using debian patch(int->size_t)(BZ#1140189) - spec file cleanup [3.11-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild [3.11-4] - fix license handling [3.11-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [3.11-2] - Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 [3.11-1] - New upstream release 3.11 (BZ#1081521) [3.10-9] - Add check section and run test suite [3.10-8] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild [3.10-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild [3.10-6] - rebuild for https://fedoraproject.org/wiki/Features/Python_3.3 [3.10-5] - remove rhel logic from with_python3 conditional [3.10-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [3.10-3] - Add Provides for python-yaml (BZ#740390) [3.10-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [3.10-1] - New upstream release 3.10 [3.09-8] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [3.09-7] - Add support to build for python 3 [3.09-6] - Bump release number for upgrade path [3.09-3] - Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild [3.09-1] - New upstream release 3.09 [3.08-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [3.08-5] - Minor tweaks to spec file aligning with latest Fedora packaging guidelines - Enforce inclusion of libyaml in build with --with-libyaml option to setup.py - Deliver to %{python_sitearch} instead of %{python_sitelib} due to _yaml.so - Thanks to Gareth Armstrong <gareth.armstrong@hp.com> [3.08-4] - Correction, change libyaml to libyaml-devel in BuildRequires [3.08-3] - Add libyaml to BuildRequires [3.08-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild [3.08-1] - New upstream release [3.06-2] - Rebuild for Python 2.6 [3.06-1] - New upstream release [3.05-2] - Remove explicit dependency on python >= 2.3 - Remove executable on example script in docs [3.05-1] - Initial packaging for Fedora scipy [1.0.0-22] - Remove RPATH from certain shared object files - Resolves: rhbz#2213056 MODERATE Copyright 2024 Oracle, Inc. CVE-2022-48565 CVE-2023-43804 CVE-2022-48560 CVE-2022-40897 CVE-2024-22195 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.10.0.0::ol8 Oracle Linux 8 MODERATE Copyright 2024 Oracle, Inc. CVE-2021-34558 CVE-2023-39319 CVE-2024-23650 CVE-2023-29409 CVE-2023-48795 CVE-2023-45287 CVE-2021-33198 CVE-2023-39322 CVE-2023-39321 CVE-2023-39326 CVE-2023-45803 CVE-2022-2880 CVE-2023-39318 CVE-2018-25091 CVE-2022-2879 CVE-2022-41715 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 Oracle Linux 8 [0.19.5-4] - Backport fix for CVE-2021-32142 from upstream Resolves: RHEL-9523 MODERATE Copyright 2024 Oracle, Inc. CVE-2021-32142 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [1.20.4-24] - Fix use after free related to CVE-2024-21886 [1.20.11-21] - CVE fix for: CVE-2023-6816, CVE-2024-0229, CVE-2024-21885, CVE-2024-21886, CVE-2024-0408 and CVE-2024-0409 Resolves: https://issues.redhat.com/browse/RHEL-21207 Resolves: https://issues.redhat.com/browse/RHEL-20528 Resolves: https://issues.redhat.com/browse/RHEL-20378 Resolves: https://issues.redhat.com/browse/RHEL-20384 Resolves: https://issues.redhat.com/browse/RHEL-21191 Resolves: https://issues.redhat.com/browse/RHEL-21198 [1.20.11-20] - CVE fix for: CVE-2023-6377, CVE-2023-6478 Resolves: https://issues.redhat.com/browse/RHEL-18321 Resolves: https://issues.redhat.com/browse/RHEL-18327 [1.20.11-19] - CVE fix for: CVE-2023-5380 Resolves: https://issues.redhat.com/browse/RHEL-14060 [1.20.11-18] - CVE fix for: CVE-2023-5367 Resolves: https://issues.redhat.com/browse/RHEL-13430 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-5380 CVE-2024-0409 CVE-2024-21885 CVE-2023-6377 CVE-2023-6478 CVE-2024-21886 CVE-2024-0229 CVE-2024-0408 CVE-2023-5367 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [21.1.3-15] Fix for CVE-2023-6816, CVE-2024-0229, CVE-2024-21885, CVE-2024-21886, CVE-2024-0408, CVE-2024-0409 [21.1.3-14] - Fix for CVE-2023-6377, CVE-2023-6478 [21.1.3-13] - Fix for CVE-2023-5367 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-6478 CVE-2024-0408 CVE-2024-21886 CVE-2024-0409 CVE-2024-21885 CVE-2023-5367 CVE-2024-0229 CVE-2023-6377 CVE-2023-6816 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [5.1.1-20] - Security fix for CVE-2023-50447 Resolves: RHEL-22240 [5.1.1-19] - Security fix for CVE-2023-44271 Resolves: RHEL-15460 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-44271 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [2.2.5-3] - Add gating test - Resolves: RHEL-3692 [2.2.5-2] - Fix CVE-2023-41915 - Resolves: RHEL-3692 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-41915 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [20220126gitbb1bba3d77-13] - edk2-EmbeddedPkg-Hob-Integer-Overflow-in-CreateHob.patch [RHEL-21158] - edk2-StandaloneMmPkg-Hob-Integer-Overflow-in-CreateHob.patch [RHEL-21158] - Resolves: RHEL-21158 (CVE-2022-36765 edk2: integer overflow in CreateHob() could lead to HOB OOB R/W [rhel-8]) [20220126gitbb1bba3d77-12] - edk2-Apply-uncrustify-changes-to-.c-.h-files-in-the-Netwo.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852] - edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Patc.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852] - edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Unit.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852] - edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Patc.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852] - edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Unit.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852] - edk2-NetworkPkg-Apply-uncrustify-changes.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852] - edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852] - edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p2.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852] - edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p3.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852] - edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p4.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852] - edk2-NetworkPkg-Adds-a-SecurityFix.yaml-file.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852] - edk2-NetworkPkg-Apply-uncrustify-changes-p2.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852] - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Re.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852] - edk2-NetworkPkg-Dhcp6Dxe-Removes-duplicate-check-and-repl.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852] - edk2-NetworkPkg-Dhcp6Dxe-Packet-Length-is-not-updated-bef.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852] - Resolves: RHEL-21840 (CVE-2023-45229 edk2: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message [rhel-8]) - Resolves: RHEL-21844 (CVE-2023-45231 edk2: Out of Bounds read when handling a ND Redirect message with truncated options [rhel-8]) - Resolves: RHEL-21846 (CVE-2023-45232 edk2: Infinite loop when parsing unknown options in the Destination Options header [rhel-8]) - Resolves: RHEL-21848 (CVE-2023-45233 edk2: Infinite loop when parsing a PadN option in the Destination Options header [rhel-8]) - Resolves: RHEL-21850 (CVE-2023-45234 edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message [rhel-8]) - Resolves: RHEL-21852 (CVE-2023-45235 edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message [rhel-8]) [20220126gitbb1bba3d77-11] - edk2-SecurityPkg-Change-use-of-EFI_D_-to-DEBUG_.patch [RHEL-21154 RHEL-21156] - edk2-SecurityPkg-Change-OPTIONAL-keyword-usage-style.patch [RHEL-21154 RHEL-21156] - edk2-MdePkg-Introduce-CcMeasurementProtocol-for-CC-Guest-.patch [RHEL-21154 RHEL-21156] - edk2-SecurityPkg-Support-CcMeasurementProtocol-in-DxeTpm2.patch [RHEL-21154 RHEL-21156] - edk2-SecurityPkg-Support-CcMeasurementProtocol-in-DxeTpmM.patch [RHEL-21154 RHEL-21156] - edk2-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-411.patch [RHEL-21154 RHEL-21156] - edk2-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-4117.patch [RHEL-21154 RHEL-21156] - edk2-SecurityPkg-Adding-CVE-2022-36763-to-SecurityFixes.y.patch [RHEL-21154 RHEL-21156] - edk2-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-418.patch [RHEL-21154 RHEL-21156] - edk2-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-4118.patch [RHEL-21154 RHEL-21156] - edk2-SecurityPkg-DxeTpm2MeasureBootLib-SEC-PATCH-4118-2.patch [RHEL-21154 RHEL-21156] - edk2-SecurityPkg-DxeTpmMeasureBootLib-SEC-PATCH-4117-2.patch [RHEL-21154 RHEL-21156] - edk2-SecurityPkg-Updating-SecurityFixes.yaml-after-symbol.patch [RHEL-21154 RHEL-21156] - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Pa.patch [RHEL-21840 RHEL-21842] - edk2-NetworkPkg-Add-Unit-tests-to-CI-and-create-Host-Test.patch [RHEL-21840 RHEL-21842] - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Un.patch [RHEL-21840 RHEL-21842] - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Pa.patch [RHEL-21840 RHEL-21842] - Resolves: RHEL-21154 (CVE-2022-36763 edk2: heap buffer overflow in Tcg2MeasureGptTable() [rhel-8]) - Resolves: RHEL-21156 (CVE-2022-36764 edk2: heap buffer overflow in Tcg2MeasurePeImage() [rhel-8]) - Resolves: RHEL-21840 (CVE-2023-45229 edk2: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message [rhel-8]) - Resolves: RHEL-21842 (CVE-2023-45230 edk2: Buffer overflow in the DHCPv6 client via a long Server ID option [rhel-8]) [20220126gitbb1bba3d77-10] - edk2-OvmfPkg-VirtNorFlashDxe-clone-ArmPlatformPkg-s-NOR-f.patch [RHEL-17587] - edk2-OvmfPkg-VirtNorFlashDxe-remove-CheckBlockLocked-feat.patch [RHEL-17587] - edk2-OvmfPkg-VirtNorFlashDxe-remove-disk-I-O-protocol-imp.patch [RHEL-17587] - edk2-OvmfPkg-VirtNorFlashDxe-drop-block-I-O-protocol-impl.patch [RHEL-17587] - edk2-OvmfPkg-VirtNorFlashDxe-avoid-array-mode-switch-afte.patch [RHEL-17587] - edk2-OvmfPkg-VirtNorFlashDxe-avoid-switching-between-mode.patch [RHEL-17587] - edk2-OvmfPkg-VirtNorFlashDxe-use-EFI_MEMORY_WC-and-drop-A.patch [RHEL-17587] - edk2-OvmfPkg-VirtNorFlashDxe-map-flash-memory-as-uncachea.patch [RHEL-17587] - edk2-OvmfPkg-VirtNorFlashDxe-stop-accepting-gEfiVariable2.patch [RHEL-17587] - edk2-OvmfPkg-VirtNorFlashDxe-sanity-check-variable2.patch [RHEL-17587] - edk2-OvmfPkg-VirtNorFlashDxe-add-casts-to-UINTN-and-UINT3.patch [RHEL-17587] - edk2-OvmfPkg-VirtNorFlashDxe-clarify-block-write-logic-fi.patch [RHEL-17587] - edk2-OvmfPkg-VirtNorFlashDxe-add-a-loop-for-NorFlashWrite.patch [RHEL-17587] - edk2-OvmfPkg-VirtNorFlashDxe-allow-larger-writes-without-.patch [RHEL-17587] - edk2-OvmfPkg-VirtNorFlashDxe-ValidateFvHeader-unwritten-s.patch [RHEL-17587] - edk2-OvmfPkg-VirtNorFlashDxe-move-DoErase-code-block-into.patch [RHEL-17587] - edk2-ArmVirtPkg-ArmVirtQemu-migrate-to-OVMF-s-VirtNorFlas.patch [RHEL-17587] - edk2-OvmfPkg-clone-NorFlashPlatformLib-into-VirtNorFlashP.patch [RHEL-17587] - Resolves: RHEL-17587 ([rhel8] guest fails to boot due to ASSERT error) [20220126gitbb1bba3d77-9] - edk2-OvmfPkg-VirtNorFlashDxe-stop-accepting-gEfiVariableG.patch [RHEL-17587] - edk2-OvmfPkg-VirtNorFlashDxe-sanity-check-variables.patch [RHEL-17587] - Resolves: RHEL-17587 ([rhel8] guest fails to boot due to ASSERT error) [20220126gitbb1bba3d77-8] - edk2-Bumped-openssl-submodule-version-to-cf317b2bb227.patch [RHEL-7560] - Resolves: RHEL-7560 (CVE-2023-3446 edk2: openssl: Excessive time spent checking DH keys and parameters [rhel-8]) [20220126gitbb1bba3d77-7] - edk2-add-8.6-machine-type-to-edk2-ovmf-cc.json.patch [RHEL-12626] - Resolves: RHEL-12626 (Missing firmware descriptor with secureboot disabled in RHEL 8) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2022-36763 CVE-2022-36764 CVE-2022-36765 CVE-2023-45229 CVE-2023-45232 CVE-2023-45235 CVE-2023-45231 CVE-2023-45233 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::distro_builder cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [2.3.4-20] - Fix CVE-2023-43788: out of bounds read in XpmCreateXpmImageFromBuffer() - Fix CVE-2023-43789: out of bounds read on XPM with corrupted colormap MODERATE Copyright 2024 Oracle, Inc. CVE-2023-43788 CVE-2023-43789 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [1.0.28-14] - fix integer overflows causing CVE-2022-33065 (#RHEL-3750) MODERATE Copyright 2024 Oracle, Inc. CVE-2022-33065 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [2.16.3-2] - rebuild with python 3.12 (RHEL-24141) [2.16.3-1] - ansible-core 2.16.3 release (RHEL-23782) - Fix CVE-2024-0690 (possible information leak in tasks that ignore ANSIBLE_NO_LOG configuration) (RHEL-22123) [2.16.2-1] - ansible-core 2.16.2 release (RHEL-19297) [2.16.1-1] - ansible-core 2.16.1 release (RHEL-18965) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-0690 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 8 bind-dyndb-ldap [11.6-4] - Modify empty zone conflicts under exclusive mode Resolves: rhbz#2126877 [11.6-3] - Rebuild against bind 9.11.36 - Resolves: rhbz#2022762 [11.6-2] - Rebuild against bind 9.11.26 - Resolves: rhbz#1904612 [11.6-1] - New upstream release - Resolves: rhbz#1891735 [11.3-1] - New upstream release - Resolves: rhbz#1845211 [11.2-4] - Rebuild against bind 9.11.18 Resolves: rhbz#1834264 [11.2-3] - Rebuild against bind 9.11.13 Related: RHBZ#1762813 [11.2-2] - Add support for serve-stale, detected on build time Patch by Petr Mensik <pemensik@redhat.com> Related: RHBZ#1762813 [11.2-1] - New upstream release - Support BIND9 9.11.11 - Resolves: rhbz#1762813 [11.1-14] - Fix attribute templating in case of a missing default value - Resolves: rhbz#1741896 [11.1-13] - Move setting of named selinux boolean to bind (#1639410) [11.1-12] - Make sure we explicitly require openssl-devel for a build - Resolves: rhbz#1613942 [11.1-11] - Rebuild against BIND 9.11.4 [11.1-10] - Rebuild for bind 9.11.3. Minor tweaks to compile. [11.1-9] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [11.1-8] - Rebuild again against bind-9.11.2-P1 [11.1-7] - Rebuild for bind 9.11.2 [11.1-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [11.1-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [11.1-4] - Bump BIND version and fix library dependecies - Coverity fixes [11.1-3] - Build with updated libraries [11.1-2] - Fix error poinstall sed script [11.1-1] - Update to 11.1 - Bumped required version of BIND to 9.11.0-6.P2 (required since bind-dyndb-ldap 11.0-1 release) - Updated source URL links to pagure [11.0-2] - Patch to fix build warnings (removed duplicate const) [11.0-2] - Added named.conf transformation script as post action [11.0-1] - Update to 11.0 [10.1-2] - Patched to alfa 11.0 with support for BIND 9.11 - Configuration format in named.conf is different and incompatible with all previous versions. Please see README.md. - Minimal BIND version is now 9.11.0rc1. Please see NEWS. [10.1-1] - Update to 10.1. - Fix deletion of DNS root zone not to break global forwarding. https://fedorahosted.org/bind-dyndb-ldap/ticket/167 [10.0-2] - Backport fix for crash https://fedorahosted.org/bind-dyndb-ldap/ticket/166 [10.0-1] - Update to 10.0 [9.0-3] - Resolved build issue due to changes in libdns API [9.0-2] - Rebuild against bind-9.10.4-P1 [9.0-1] - Update to 9.0 - Fix for GCC 4.9+ was merged upstream [8.0-6] - Fix builds with GCC 4.9+ [8.0-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [8.0-4] - Rebuild against bind 9.10.3-P2 [8.0-3] - Rebuild against bind 9.10.3rc1 [8.0-2] - rebuild against bind-9.10.2-P1 [8.0-1] - update to 8.0 [7.0-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [7.0-4] - rebuild against bind-9.10.2 [7.0-3] - Rebuild against bind-9.10.2rc2 [7.0-2] - rebuild against bind-9.10.2rc1 [7.0-1] - update to 7.0 to add support for BIND 9.10 [6.1-1] - update to 6.1 - drop patches which were merged upstream [6.0-5] - use lower version of bind-pkcs11-utils for f20 and el7 [6.0-4] - add dependency on bind-pkcs11-utils >= 32:9.9.6-2 to help with freeipa-server upgrade [6.0-3] - replace dependency on bind with dependency on bind-pkcs11 >= 32:9.9.6-2 to help with freeipa-server upgrade [6.0-2] - rebuild against bind-9.9.6 [6.0-1] - update to 6.0 [5.3-1] - update to 5.3 [5.2-1] - update to 5.2 [5.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild [5.1-1] - update to 5.1 - fixes bug 1122393 [5.0-1] - update to 5.0 [4.3-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [4.3-1] - update to 4.3 [4.1-2] - remove deprecated define _BSD_SOURCE [4.1-1] - update to 4.1 [3.5-1] - update to 3.5 [3.4-2] - rebuild against new bind [3.4-1] - update to 3.4 [3.3-1] - update to 3.3 - patch bind-dyndb-ldap-tbabej-0001-Build-fixes-for-Fedora-19.patch merged [3.2-1] - update to 3.2 [3.1-2] - rebuild against new bind - build with --disable-werror [3.1-1] - update to 3.1 [3.0-1] - update to 3.0 [2.6-1] - update to 2.6 [2.5-1] - update to 2.5 [2.4-1] - update to 2.4 [2.3-2] - rebuild with proper changelog [2.3-1] - update to 2.3 [2.1-1] - update to 2.1 [2.0-0.3.20121009git6a86b1] - rebuild against new bind-libs [2.0-0.2.20121009git6a86b1] - update to the latest master [2.0-0.1.20120921git7710d89] - update to the latest master - bind-dyndb-ldap110-master.patch was merged [1.1.0-0.16.rc1] - update to the latest git [1.1.0-0.15.rc1] - update to the latest git - fix for CVE-2012-3429 has been merged [1.1.0-0.14.rc1] - fix CVE-2012-3429 [1.1.0-0.13.rc1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [1.1.0-0.12.rc1] - update to the latest master (#827401) [1.1.0-0.11.rc1] - update to 1.1.0rc1 (CVE-2012-2134) [1.1.0-0.10.b2] - update to 1.1.0b2 [1.1.0-0.9.b1] - update to 1.1.0b1 [1.1.0-0.8.a2] - update to 1.1.0a2 [1.1.0-0.7.a1] - rebuild against new bind [1.1.0-0.6.a1] - update to 1.1.0a1 [1.0.0-0.5.rc1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [1.0.0-0.4.rc1] - update to 1.0.0rc1 [1.0.0-0.3.b1] - rebuild against new bind [1.0.0-0.2.b1] - rebuild against new bind [1.0.0-0.1.b1] - update to 1.0.0b1 (psearch + bugfixes) - bind-dyndb-ldap-rh727856.patch merged [0.2.0-4] - fix race condition in semaphore_wait (#727856) [0.2.0-3] - rebuild against new bind [0.2.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [0.2.0-1] - update to 0.2.0 - patches merged - 0001-Bugfix-Improve-LDAP-schema-to-be-loadable-by-OpenLDA.patch - 0004-Bugfix-Fix-loading-of-child-zones-from-LDAP.patch [0.1.0-0.17.b] - fix LDAP schema (#622604) - load child zones from LDAP correctly (#622617) [0.1.0-0.16.b] - build with correct RPM_OPT_FLAGS (#645529) [0.1.0-0.15.b] - use 'isc-config.sh' utility to get correct BIND9 CFLAGS [0.1.0-0.14.b] - rebuild against new bind [0.1.0-0.13.b] - rebuild against new bind [0.1.0-0.12.b] - rebuild against new bind [0.1.0-0.11.b] - rebuild against new bind [0.1.0-0.10.b] - rebuild against new bind [0.1.0-0.9.b] - update to the latest upstream release [0.1.0-0.8.a1.20091210git] - rebuild against new bind [0.1.0-0.7.a1.20091210git] - rebuild against new bind [0.1.0-0.6.a1.20091210git] - update to the latest git snapshot - change upstream URL, project moved to fedorahosted - change license to GPL version 2 or later - add epoch to versioned requires - add krb5-devel to the list of build requires [0.1.0-0.5.a1] - rebuild against new bind [0.1.0-0.4.a1] - rebuild against new bind [0.1.0-0.3.a1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [0.1.0-0.2.a1] - rebuild for dependencies [0.1.0-0.1.a1] - initial packaging custodia ipa-healthcheck ipa [4.9.13-8.0.1] - Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674] [4.9.13-8] - rpcserver: validate Kerberos principal name before running kinit Resolves: RHEL-26153 - Vault: add additional fallback to RSA-OAEP wrapping algo Resolves: RHEL-28259 [4.9.13-7] - ipa-kdb: Fix double free in ipadb_reinit_mspac() Resolves: RHEL-25742 - kra: set RSA-OAEP as default wrapping algo when FIPS is enabled Resolves: RHEL-12153 - Vault: improve vault server archival/retrieval calls error handling Resolves: RHEL-12153 - Vault: add support for RSA-OAEP wrapping algo Resolves: RHEL-12153 [4.9.13-6] - ipa-kdb: Rework ipadb_reinit_mspac() Resolves: RHEL-25742 - ipatests: wait for replica update in test_dns_locations Resolves: RHEL-22373 - ipatests: fix tasks.wait_for_replication() method Resolves: RHEL-25708 [4.9.13-5] - kdb: PAC generator: do not fail if canonical principal is missing Resolves: RHEL-23630 - ipa-kdb: Fix memory leak during PAC verification Resolves: RHEL-22644 - Fix session cookie access Resolves: RHEL-23622 - Do not ignore staged users in sidgen plugin Resovlves: RHEL-23626 - ipa-kdb: Disable Bronze-Bit check if PAC not available Resolves: RHEL-22313 - krb5kdc: Fix start when pkinit and otp auth type are enabled Resolves: RHEL-4874 - hbactest was not collecting or returning messages Resolves: RHEL-12780 [4.9.13-4] - Improve server affinity for CA-less deployments Resolves: RHEL-22283 - host: update system: Manage Host Keytab permission Resolves: RHEL-22286 - adtrustinstance: make sure NetBIOS name defaults are set properly Resolves: RHEL-21938 - ipatests: Fix healthcheck report when nsslapd accesslog logbuffering is set to off Resolves: RHEL-19672 [4.9.13-3] - ipa-kdb: Detect and block Bronze-Bit attacks Resolves: RHEL-9984 - Fix for CVE-2023-5455 Resolves: RHEL-12578 [4.9.13-2] - Handle new samba exception types. Resolves: RHEL-17623 [4.9.13-1] - Rebase ipa to 4.9.13 Resolves: RHEL-16936 [4.9.12-9] - ipa-kdb: Make AD-SIGNEDPATH optional with krb5 DAL 8 and older Resolves: RHEL-12198 [4.9.12-8] - Require krb5 release 1.18.2-25 or later Resolves: RHBZ#2234711 [4.9.12-7] - ipatests: fix test_topology Resolves: RHBZ#2232351 - Installer: activate nss and pam services in sssd.conf Resolves: RHBZ#2216532 [4.9.12-6] - ipa-kdb: fix error handling of is_master_host() Resolves: RHBZ#2214638 - ipatests: enable firewall rule for http service on acme client Resolves: RHBZ#2230256 - User plugin: improve error related to non existing idp Resolves: RHBZ#2224572 - Prevent admin user from being deleted Resolves: RHBZ#1821181 - Fix memory leak in the OTP last token plugin Resolves: RHBZ#2227783 [4.9.12-5] - Upgrade: fix replica agreement, fix backported patch Related: RHBZ#2216551 [4.9.12-4] - kdb: Use-krb5_pac_full_sign_compat() when available Resolves: RHBZ#2176406 - OTP: fix-data-type-to-avoid-endianness-issue Resolves: RHBZ#2218293 - Upgrade: fix replica agreement Resolves: RHBZ#2216551 - Upgrade: add PKI drop-in file if missing Resolves: RHBZ#2215336 - Use the python-cryptography parser directly in cert-find Resolves: RHBZ#2164349 - Backport test updates Resolves: RHBZ#221884 [4.9.12-3] - Rely on sssd-krb5 to include SSSD-generated krb5 configuration Resolves: RHBZ#2214563 [4.9.12-2] - Use the OpenSSL certificate parser in cert-find Resolves: RHBZ#2209947 [4.9.12-1] - Rebase ipa to 4.9.12 Resolves: RHBZ#2196425 - user or group name: explain the supported format Resolves: RHBZ#2150217 [4.9.11-3] - Revert DNSResolver Fix use of nameservers with ports. Related: RHBZ#2141316 [4.9.11-2] - webui IdP: Remove arrow notation due to uglify-js limitation Related: RHBZ#2141316 [4.9.11-1] - Rebase ipa to 4.9.11 Resolves: RHBZ#2141316 - updates: fix memberManager ACI to allow managers from a specified group Resolves: RHBZ#2056009 - Defer creating the final krb5.conf on clients Resolves: RHBZ#2148259 - Exclude installed policy module file from RPM verification Resolves: RHBZ#2149567 - Spec file: ipa-client depends on krb5-pkinit-openssl Resolves: RHBZ#2149889 [4.9.10-8] - ipa man page format the EXAMPLES section Resolves: RHBZ#2129895 - Fix canonicalization issue in Web UI Resolves: RHBZ#2127035 - Remove idnssoaserial argument from dns zone API. Resolves: RHBZ#2108630 - Warn for permissions with read/write/search/compare and no attrs Resolves: RHBZ#2098187 - Add PKINIT support to ipa-client-install Resolves: RHBZ#2075452 - Generate CNAMEs for TXT+URI location krb records Resolves: RHBZ#2104185 - Vault: fix interoperability issues with older RHEL systems Resolves: RHBZ#2144737 - Fix typo on ipaupgrade.log chmod during RPM %post snipppet Resolves: RHBZ#2140994 [4.9.10-7] - Rebuild to samba 4.17.2. Related: RHBZ#2132051 [4.9.10-6] - webui: Allow grace login limit Resolves: RHBZ#2109243 - check_repl_update: in progress is a boolean Resolves: RHBZ#2117303 - Disabling gracelimit does not prevent LDAP binds Resolves: RHBZ#2109236 - Set passwordgracelimit to match global policy on group pw policies Resolves: RHBZ#2115475 [4.9.10-5] - webui: Do not allow empty pagination size Resolves: RHBZ#2094672 [4.9.10-4] - Add end to end integration tests for external IdP Resolves: RHBZ#2106346 [4.9.10-3] - Add explicit dependency for libvert-libev Resolves: RHBZ#2104929 [4.9.10-2] - Preserve user: fix the confusing summary Resolves: RHBZ#2022028 - Only calculate LDAP password grace when the password is expired Related: RHBZ#782917 [4.9.10-1] - Rebase to upstream release 4.9.10 Remove upstream patches 0002 to 0016 that are part of version 4.9.10 Remove patches 1101 that is part of version 4.9.10 Rename patch 0001 to 1002 as it will be used in future RHEL 8 releases Add patches 0001 and 0002 to fix build on RHEL 8.7 Resolves: RHBZ#2079466 Resolves: RHBZ#2063155 Resolves: RHBZ#1958777 Resolves: RHBZ#2068088 Resolves: RHBZ#2004646 Resolves: RHBZ#782917 Resolves: RHBZ#2059396 Resolves: RHBZ#2092015 [4.9.8-8] - Backport latest test fixes in python3-ipatests Resolves: RHBZ#2060841 - extdom: user getorigby{user|group}name if available Resolves: RHBZ#2062379 - Set the mode on ipaupgrade.log during RPM post snipppet Resolves: RHBZ#2061957 - test_krbtpolicy: skip SPAKE-related tests in FIPS mode Resolves: RHBZ#1909630 [4.9.8-7] - ipatests: Backport test fixes in python3-ipatests. Resolves: RHBZ#2057505 [4.9.8-6] - ipatests: fix TestOTPToken::test_check_otpd_after_idle_timeout Related: RHBZ#2053024 [4.9.8-5] - ipatests: remove additional check for failed units. Resolves: RHBZ#2053024 - ipa-cldap: fix memory leak. Resolves: RHBZ#2032738 [4.9.8-4] - Don't always override the port in import_included_profiles Fixes: RHBZ#2022483 - Remove ipa-join errors from behind the debug option Fixes: RHBZ#2048558 - Enable the ccache sweep timer during installation Fixes: RHBZ#2051575 [4.9.8-3] - Config plugin: return EmptyModlist when no change is applied. Resolves: RHBZ#2031825 - Custodia: use a stronger encryption algo when exporting keys. Resolves: RHBZ#2032806 - ipa-kdb: do not remove keys for hardened auth-enabled users. Resolves: RHBZ#2033342 - ipa-pki-proxy.conf: provide access to /kra/admin/kra/getStatus Resolves: RHBZ#2049167 - Backport latest test fxes in python3 ipatests. Resolves: RHBZ#2048509 - Removed unused patch files that were part of 4.9.8 rebase. [4.9.8-2] - Revert bind-pkcs11-utils configuration in freeipa.spec. Resolves: RHBZ#2026732 [4.9.8-1] - Upstream release FreeIPA 4.9.8 Related: RHBZ#2015607 - Hardening for CVE-2020-25717 [4.9.6-9.1] - Fix S4U2Self regression for cross-realm requester SID buffer - Related: RHBZ#2021443 [4.9.6-9] - Require samba 4.14.5-13 with IPA DC server role fixes - Related: RHBZ#2021443 [4.9.6-8] - Add versioned dependency of samba-client-libs to ipa-server - Related: RHBZ#2021443 [4.9.6-7] - Hardening for CVE-2020-25717 - Harden processing of trusted domains' users in S4U operations - Resolves: RHBZ#2021443 [4.9.6-6] - Hardening for CVE-2020-25717 - Rebuild against samba-4.14.5-11.el8 - Resolves: RHBZ#2021443 [4.9.6-5] - Hardening for CVE-2020-25717 - Related: RHBZ#2019668 [4.9.6-4] - ipatests: NAMED_CRYPTO_POLICY_FILE not defined for RHEL Resolves: RHBZ#1982956 [4.9.6-3] - man page: update ipa-server-upgrade.1 Resolves: RHBZ#1973273 - Fall back to krbprincipalname when validating host auth indicators Resolves: RHBZ#1979625 - Add dependency for sssd-winbind-idmap to server-trust-ad Resolves: RHBZ#1982211 [4.9.6-2] - IPA server in debug mode fails to run because time.perf_counter_ns is Python 3.7+ Resolves: RHBZ#1974822 - Add checks to prevent assigning authentication indicators to internal IPA services Resolves: RHBZ#1979625 - Unable to set ipaUserAuthType with stageuser-add Resolves: RHBZ#1979605 [4.9.6-1] - Upstream release FreeIPA 4.9.6 Related: RHBZ#1945038 - Revise PKINIT upgrade code Resolves: RHBZ#1886837 - ipa-cert-fix man page: add note about certmonger renewal Resolves: RHBZ#1780317 - Certificate Serial Number issue Resolves: RHBZ#1919384 [4.9.5-1] - Upstream release FreeIPA 4.9.5 Related: RHBZ#1945038 - IPA to allow setting a new range type Resolves: RHBZ#1688267 - ipa-server-install displays debug output when --debug output is not specified. Resolves: RHBZ#1943151 - ACME fails to generate a cert on migrated RHEL8.4 server Resolves: RHBZ#1934991 - Switch ipa-client to use the JSON API Resolves: RHBZ#1937856 - IDM - Allow specifying permanent logging settings for BIND Resolves: RHBZ#1951511 - Cache LDAP data within a request Resolves: RHBZ#1953656 - ipa-server-upgrade is failing while upgrading rhel8.3 to rhel8.4 Resolves: RHBZ#1957768 [4.9.3-1] - Upstream release FreeIPA 4.9.3 Resolves: RHBZ#1945038 [4.9.2-1] - Upstream release FreeIPA 4.9.2 Related: RHBZ#1891832 [4.9.1-1] - Upstream release FreeIPA 4.9.1 Related: RHBZ#1891832 [4.9.0-1] - Upstream final release FreeIPA 4.9.0 Related: RHBZ#1891832 [4.9.0-0.5.rc3] - Upstream pre release FreeIPA 4.9.0rc3 Related: RHBZ#1891832 [4.9.0-0.3.rc2] - Remove ipa-server dependency from ipa-selinux subpackage - Related: RHBZ#1891832 [4.9.0-0.2.rc2] - Upstream pre release FreeIPA 4.9.0rc2 Related: RHBZ#1891832 - Synchronize spec file with upstream and Fedora Related: RHBZ#1891832 - Traceback while doing ipa-backup Resolves: RHBZ#1901068 - ipa-client-install changes system wide ssh configuration Resolves: RRBZ#1544379 - ipa-kdb: support subordinate/superior UPN suffixes Resolves: RHBZ#1891056 - KRA Transport and Storage Certificates do not renew Resolves: RHBZ#1872603 - Move where the restore state is marked during IPA server upgrade Resolves: RHBZ#1569011 - Intermittent IdM Client Registration Failures Resolves: RHBZ#1812871 - Nightly test failure in test_acme.py::TestACME::test_third_party_certs (updates-testing) Resolves: RHBZ#1903025 - Add IPA RA Agent to ACME group on the CA Resolves: RHBZ#1902727 [4.9.0-0.1.rc1] - Fix requirement for python3-kdcproxy, add no autoreqprov for ipatests sub package Related: RHBZ#1891832 [4.9.0-0.rc1] - Upstream pre release FreeIPA 4.9.0rc1 Resolves: RHBZ#1891832 - Requirements and design for libpwquality integration Resolves: RHBZ#1340463 - When parsing options require name/value pairs Resolves: RHBZ#1357495 - WebUI: Fix issue with opening links in new tab/window Resolves: RHBZ#1484088 - Use a state to determine if a 389-ds upgrade is in progress Resolves: RHBZ#1569011 - Unlock user accounts after a password reset and replicate that unlock to all IdM servers Resolves: RHBZ#1784657 - Set the certmonger subject with a string, not an object Resolves: RHBZ#1810148 - Implement ACME certificate enrolment Resolves: RHBZ#1851835 - [WebUI] Backport jQuery patches from newer versions of the library (e.g. 3.5.0) Resolves: RHBZ#1859249 - It is not possible to edit KDC database when the FreeIPA server is running Resolves: RHBZ#1875001 - Fix nsslapd-db-lock tuning of BDB backend Resolves: RHBZ#1882340 - ipa-kdb: support subordinate/superior UPN suffixes Resolves: RHBZ#1891056 - wgi/plugins.py: ignore empty plugin directories Resolves: RHBZ#1894800 [4.8.7-11] - SELinux Policy: let custodia replicate keys Resolves: RHBZ#1868432 [4.8.7-10] - Set mode of /etc/ipa/ca.crt to 0644 in CA-less installations Resolves: RHBZ#1870202 [4.8.7-9] - CAless installation: set the perms on KDC cert file Resolves: RHBZ#1863616 - EPN: handle empty attributes Resolves: RHBZ#1866938 - IPA-EPN: enhance input validation Resolves: RHBZ#1866291 - EPN: enhance input validation Resolves: RHBZ#1863079 - Require new samba build 4.12.3-52 Related: RHBZ#1868558 - Require new selinux-policy build 3.14.3-52 Related: RHBZ#1869311 [4.8.7-8] - [WebUI] IPA Error 3007: RequirmentError' while adding members in 'User ID overrides' tab (updated) Resolves: RHBZ#1757045 - ipa-client-install: use the authselect backup during uninstall Resolves: RHBZ#1810179 - Replace SSLCertVerificationError with CertificateError for py36 Resolves: RHBZ#1858318 - Fix AVC denial during ipa-adtrust-install --add-agents Resolves: RHBZ#1859213 [4.8.7-7] - replica install failing with avc denial for custodia component Resolves: RHBZ#1857157 [4.8.7-6] - selinux don't audit rules deny fetching trust topology Resolves: RHBZ#1845596 - fix iPAddress cert issuance for >1 host/service Resolves: RHBZ#1846352 - Specify cert_paths when calling PKIConnection Resolves: RHBZ#1849155 - Update crypto policy to allow AD-SUPPORT when installing IPA Resolves: RHBZ#1851139 - Add version to ipa-idoverride-memberof obsoletes Related: RHBZ#1846434 [4.8.7-5] - Add missing ipa-selinux package Resolves: RHBZ#1853263 [4.8.7-4] - Remove client-epn left over files for ONLY_CLIENT Related: RHBZ#1847999 [4.8.7-3] - [WebUI] IPA Error 3007: RequirmentError' while adding members in 'User ID overrides' tab Resolves: RHBZ#1757045 - EPN does not ship its default configuration ( /etc/ipa/epn.conf ) in freeipa-client-epn Resolves: RHBZ#1847999 - FreeIPA - Utilize 256-bit AJP connector passwords Resolves: RHBZ#1849914 - ipa: typo issue in ipanthomedirectoryrive deffinition Resolves: RHBZ#1851411 [4.8.7-2] - Remove ipa-idoverride-memberof as superceded by ipa-server 4.8.7 Resolves: RHBZ#1846434 [4.8.7-1] - Upstream release FreeIPA 4.8.7 - Require new samba build 4.12.3-0 Related: RHBZ#1818765 - New client-epn sub package Resolves: RHBZ#913799 [4.8.6-2] - Support krb5 1.18 Resolves: RHBZ#1817579 [4.8.6-1] - Upstream release FreeIPA 4.8.6 - New SELinux sub package to provide own module - Depend on selinux-policy-devel 3.14.3-43 for build due to a makefile issue in SELinux external policy support Related: RHBZ#1818765 [4.8.4-6] - Allow an empty cookie in dogtag-ipa-ca-renew-agent-submit Resolves: RHBZ#1790663 [4.8.4-5] - Fixed weekday in 4.8.4-2 changelog date Related: RHBZ#1784003 - adtrust: print DNS records for external DNS case after role is enabled Resolves: RHBZ#1665051 - AD user without override receive InternalServerError with API Resolves: RHBZ#1782572 - ipa-client-automount fails after repeated installation/uninstallation Resolves: RHBZ#1790886 - install/updates: move external members past schema compat update Resolves: RHBZ#1803165 - kdb: make sure audit_as_req callback signature change is preserved Resolves: RHBZ#1803786 [4.8.4-4] - Update dependencies for samba, 389-ds and sssd Resolves: RHBZ#1792848 [4.8.4-3] - Depend on krb5-kdb-version-devel for BuildRequires - Update nss dependency to 3.44.0-4 - Reset per-indicator Kebreros policy Resolves: RHBZ#1784761 [4.8.4-2] - DNS install check: Fix overlapping DNS zone from the master itself Resolves: RHBZ#1784003 [4.8.4-1] - Rebase to upstream release 4.8.4 - Removed upstream patches 0001 to 0008 that are part of version 4.8.3-3 Resolves: RHBZ#1782658 Resolves: RHBZ#1782169 Resolves: RHBZ#1783046 Related: RHBZ#1748987 [4.8.3-3] - Fix otptoken_sync plugin Resolves: RHBZ#1777811 [4.8.3-2] - Use default crypto policy for TLS and enable TLS 1.3 support Resolves: RHBZ#1777809 - Covscan fixes Resolves: RHBZ#1777920 - Change pki_version to 10.8.0 Related: RHBZ#1748987 [4.8.3-1] - Rebase to security release 4.8.3 (CVE-2019-14867, CVE-2019-10195) Resolves: RHBZ#1767304 Resolves: RHBZ#1776939 - Support KDC ticket policies for authentication indicators Resolves: RHBZ#1777564 [4.8.2-4] - CVE-2019-14867: Denial of service in IPA server due to wrong use of ber_scanf() Resolves: RHBZ#1767304 - CVE-2019-10195: Don't log passwords embedded in commands in calls using batch Resolves: RHBZ#1776939 [4.8.2-3] - Use default ssh host key algorithms Resolves: RHBZ#1756432 - Do not run trust upgrade code if master lacks Samba bindings Resolves: RHBZ#1757064 - Finish group membership management UI Resolves: RHBZ#1773528 [4.8.2-2] - Update dependency for bind-dndb-ldap to 11.2-2 Related: RHBZ#1762813 [4.8.2-1] - Rebase to upstream release 4.8.2 - Removed upstream patches 0001 to 0010 that are part of version 4.8.2 - Updated branding patch Resolves: RHBZ#1748987 [4.8.0-10] - Fix automount behavior with authselect Resolves: RHBZ#1740167 [4.8.0-9] - extdom: unify error code handling especially LDAP_NO_SUCH_OBJECT Resolves: RHBZ#1741530 [4.8.0-8] - FreeIPA 4.8.0 tarball lacks two update files that are in git Resolves: RHBZ#1741170 [4.8.0-7] - Allow insecure binds for migration Resolves: RHBZ#1731963 [4.8.0-6] - Fix --external-ca-profile not passed to CSR Resolves: RHBZ#1731813 [4.8.0-5] - Remove posixAccount from service_find search filter Resolves: RHBZ#1731437 - Fix repeated uninstallation of ipa-client-samba crashes Resolves: RHBZ#1732529 - WebUI: Add PKINIT status field to 'Configuration' page Resolves: RHBZ#1518153 [4.8.0-4] - Fix krb5-kdb-server -> krb5-kdb-version Related: RHBZ#1700121 [4.8.0-3] - Make sure ipa-server depends on krb5-kdb-version to pick up right MIT Kerberos KDB ABI Related: RHBZ#1700121 - User field separator uses '21349' within ipaSELInuxUserMapOrder Fixes: RHBZ#1729099 [4.8.0-2] - Fixed kdcproxy_version to 0.4-3 - Fixed krb5_version to 1.17-7 Related: RHBZ#1684528 [4.8.0-1] - New upstream release 4.8.0 - New subpackage: freeipa-client-samba - Added command ipa-cert-fix with man page - New sysconfdir sysconfig/certmonger - Updated pki_version, certmonger_version, sssd_version and kdcproxy_version Related: RHBZ#1684528 [4.7.90-3] - Fix upgrade issue with AD trust when no trust yet established Fixes: RHBZ#1708874 Related: RHBZ#1684528 [4.7.90-2] - Require certmonger 0.79.7-1 Related: RHBZ#1708095 [4.7.90-1] - Update to 4.7.90-pre1 Related: RHBZ#1684528 - Removed patches 0002 to 0031 as these are upsteram and part of 4.7.90-pre1 - Added new patches 0001-revert-minssf-defaults.patch and 0001-Correct-default-fontawesome-path-broken-by-da2cf1c5.patch [4.7.1-12] - Remove strict dependencies to krb5-server version in order to allow update of krb5 to 1.17 and change dependency to KDB DAL version. Resolves: RHBZ#1700121 [4.7.1-11] - Handle NFS configuration file changes. nfs-utils moved the configuration file from /etc/sysconfig/nfs to /etc/nfs.conf. Resolves: RHBZ#1676981 [4.7.1-10] - Fix systemd-user HBAC rule Resolves: RHBZ#1664974 [4.7.1-9] - Resolve user/group names in idoverride*-find Resolves: RHBZ#1657745 [4.7.1-8] - Create systemd-user HBAC service and rule Resolves: RHBZ#1664974 - ipaserver/dcerpc: fix exclusion entry with a forest trust domain info returned Resolves: RHBZ#1664023 [4.7.1-7.el8] - Fix misleading errors during client install rollback Resolves: RHBZ#1658283 - ipa-advise: update url of cacerdir_rehash tool Resolves: RHBZ#1658287 - Handle NTP configuration in a replica server installation Resolves: RHBZ#1651679 - Fix defects found by static analysis Resolves: RHBZ#1658182 - ipa-replica-install --setup-adtrust: check for package ipa-server-trust-ad Resolves: RHBZ#1658294 - ipaldap: invalid modlist when attribute encoding can vary Resolves: RHBZ#1658302 - Allow ipaapi and Apache user to access SSSD IFP Resolves: RHBZ#1639910 - Add sysadm_r to default SELinux user map order Resolves: RHBZ#1658303 - certdb: ensure non-empty Subject Key Identifier and validate server cert sig Resolves: RHBZ#1641988 - ipa-replica-install: password and admin-password options mutually exclusive Resolves: RHBZ#1658309 - ipa upgrade: handle double-encoded certificates Resolves: RHBZ#1658310 - PKINIT: fix ipa-pkinit-manage enable|disable Resolves: RHBZ#1658313 - Enable LDAP debug output in client to display TLS errors in join Resolves: RHBZ#1658316 - rpc: always read response Resolves: RHBZ#1639890 - ipa vault-retrieve: fix internal error Resolves: RHBZ#1658485 - Move ipa's systemd tmpfiles from /var/run to /run Resolves: RHBZ#1658487 - Fix authselect invocations to work with 1.0.2 Resolves: RHBZ#1654291 - ipa-client-automount and NFS unit name changes Resolves: RHBZ#1645501 - Fix compile issue with new 389-ds Resolves: RHBZ#1659448 [4.7.1-6.el8] - Require platform-python-setuptools instead of python3-setuptools - Resolves: rhbz#1650139 [4.7.1-5.el8] - Fixed: rhbz#1643445 - External CA step 2 fails with pki_client_database_dir is missing - Fixed: rhbz#1642834 - Smart card advise script uses hard-coded Python interpreter [4.7.1-4.el8] - Fix mapping of BUILTIN\Guests to 'nobody' group during upgrade to not use generated Samba config at this point - Related: rhbz#1623895 [4.7.1-3.el8] - New command automember-find-orphans to find and remove orphan automemeber rules has been added Resolves: RHBZ#1638373 - Moved ipa/idm logos and background to redhat-logos-ipa-80.4: header-logo.png, login-screen-background.jpg, login-screen-logo.png, product-name.png New requirement to redhat-logos-ipa >= 80.4 in ipa-server-common Resolves: RHBZ#1626507 [4.7.1-2.el8] - Move initialization of Guests mapping after cifs/ principal is created - Related: rhbz#1623895 [4.7.1-1.el8] - 4.7.1 - Fixes: rhbz#1633105 - rebase to 4.7.1 [4.7.0-6.el8] - Require the Python interpreter directly instead of using the package name - Related: rhbz#1619153 [4.7.0-5.el8] - sudo rule for 'admins' members should be created by default (#1609873) [4.7.0-4.el8] - ipaclient-install: chmod needs octal permissions (#1609880) [4.7.0-3.1.el8] - Resolves: #1609883 ipaserver/plugins/cert.py: Add reason to raise of errors.NotFound - Resolves: #1615765 do-not-use-RC4-in-FIPS-mode - Move fips_enabled to a common library to share across different plugins - ipasam: do not use RC4 in FIPS mode [4.7.0-3.el8] - Resolves: #1614301 Remove --no-sssd and --noac options - Resolves: #1613879 Disable Domain Level 0 - New patch sets to disable domain level 0 - New adapted patch to disable DL0 specific tests (pytest_ipa vs. pytest_plugins) - Adapted branding patch in ipa-replica-install.1 due to DL0 removal [4.7.0-2.el8] - Require 389-ds-base-legacy-tools for setup tools [4.7.0-1.el8] - Update to upstream 4.7.0 GA [4.6.90.pre1-2.el8] - Set krb5 DAL version to 7.0 (#1580711) - Rebuild aclocal and configure during build [4.6.90.pre1-1.el8] - Update to upstream 4.6.90.pre1 [4.5.4-5.el8.1] - Use java-1.8.0-openjdk-devel [4.5.4-5.el7] - Resolves: #1415162 ipa-exdom-extop plugin can exhaust DS worker threads [4.5.4-4.el7] - Resolves: #1388135 [RFE] limit the retro changelog to dns subtree. - ldap: limit the retro changelog to dns subtree - Resolves: #1427798 Use X509v3 Basic Constraints 'CA:TRUE' instead of 'CA:FALSE' IPA CA CSR - Include the CA basic constraint in CSRs when renewing a CA - Resolves: #1493145 ipa-replica-install might fail because of an already existing entry cn=ipa-http-delegation,cn=s4u2proxy,cn=etc, - Checks if replica-s4u2proxy.ldif should be applied - Resolves: #1493150 [RFE] set nsslapd-ignore-time-skew: on by default - ds: ignore time skew during initial replication step - ipa-replica-manage: implicitly ignore initial time skew in force-sync - Resolves: #1500218 Replica installation at domain-level 0 fails against upgraded ipa-server - Fix ipa-replica-conncheck when called with --principal - Resolves: #1506188 server-del doesn't remove dns-server configuration from ldap [4.5.4-3.el7] - Drop workaround for building on AArch64 (#1482244) - Temporarily reduce Requires on python-netaddr to 0.7.5-7 (#1506485) [4.5.4-2.el7] - Resolves: #1461177 ipa-otptoken-import - XML file is missing PBKDF2 parameters! - Resolves: #1464205 NULL LDAP context in call to ldap_search_ext_s during search in cn=ad, cn=trusts,dc=example,dc=com - Resolves: #1467887 iommu platform support for ipxe - Resolves: #1477178 [ipa-replica-install] - 406 Client Error: Failed to validate message: Incorrect number of results (0) searching forpublic key for host - Resolves: #1478251 IPA WebUI does not work after upgrade from IPA 4.4 to 4.5 - Resolves: #1480102 ipa-server-upgrade failes with 'This entry already exists' - Resolves: #1482802 Unable to set ca renewal master on replica - Resolves: #1484428 Updating from RHEL 7.3 fails with Server-Cert not found (ipa-server-upgrade) - Resolves: #1484826 FreeIPA/IdM installations which were upgraded from versions with 389 DS prior to 1.3.3.0 doesn't have whomai plugin enabled and thus startup of Web UI fails - Resolves: #1486283 TypeError in renew_ca_cert prevents from swiching back to self-signed CA - Resolves: #1469246 Replica install fails to configure IPA-specific temporary files/directories - Resolves: #1469480 bind package is not automatically updated during ipa-server upgrade process - Resolves: #1475238 Use CommonNameToSANDefault in default profile (new installs only) - Resolves: #1477703 IPA upgrade fails for latest ipa package [4.5.4-1.el7] - Use OpenJDK 8 to bootstrap on AArch64 until RH1482244 is resolved in buildroot - Resolves: #1470177 - Rebase IPA to latest 4.5.x version - Resolves: #1398594 ipa topologysuffix-verify should only warn about maximum number of replication agreements. - Resolves: #1404236 Web UI: Change 'Host Based' and 'Role Based' to 'Host-Based' and 'Role-Based' - Resolves: #1409786 Second phase of --external-ca ipa-server-install setup fails when dirsrv is not running - Resolves: #1451576 ipa cert-request failed to generate certificate from csr - Resolves: #1452086 Pagination Size under Customization in IPA WebUI accepts negative values - Resolves: #1458169 --force-join option is not mentioned in ipa-replica-install man page - Resolves: #1463186 IPA shouldn't allow objectclass if not all in lower case - Resolves: #1478322 user-show command fails when sizelimit is configured to number <= number of entity which is user member of - Resolves: #1496775 Enterprise principals should be able to trigger a refresh of the trusted domain data in the KDC - Resolves: #1502533 Changing cert-find to go through the proxy instead of using the port 8080 - Resolves: #1502663 pkinit-status command fails after an upgrade from a pre-4.5 IPA - Resolves: #1498168 Error when trying to modify a PTR record - Resolves: #1457876 ipa-backup fails silently - Resolves: #1493531 In case full PKINIT configuration is failing during server/replica install the error message should be more meaningful. - Resolves: #1449985 Suggest CA installation command in KRA installation warning [4.5.0-21.el7.2.2] - Resolves: #1477367 ipa-server-upgrade timeouts on wait_for_open ports expecting IPA services listening on IPv6 ports - Make sure upgrade also checks for IPv6 stack - control logging of host_port_open from caller - log progress of wait_for_open_ports - Resolves: #1477243 ipa help command returns traceback when no cache is present - Store help in Schema before writing to disk - Disable pylint in get_help function because of type confusion. [4.5.0-21.el7.2] - Resolves: #1477178 - [ipa-replica-install] - 406 Client Error: Failed to validate message: Incorrect number of results (0) searching forpublic key for host - Always check peer has keys before connecting - Resolves: #1482802 - Unable to set ca renewal master on replica - Fix ipa config-mod --ca-renewal-master - Resolves: #1486283 - TypeError in renew_ca_cert prevents from swiching back to self-signed CA - Backport PR 988 to ipa-4-5 Fix Certificate renewal (with ext ca) - Resolves: #1480102 - ipa-server-upgrade failes with 'This entry already exists' - Backport PR 1008 to ipa-4-5 Fix ipa-server-upgrade: This entry already exists - Resolves: #1484826 - FreeIPA/IdM installations which were upgraded from versions with 389 DS prior to 1.3.3.0 doesn't have whomai plugin enabled and thus startup of Web UI fails - Adds whoami DS plugin in case that plugin is missing - Resolves: #1478251 - IPA WebUI does not work after upgrade from IPA 4.4 to 4.5 - Fixing how sssd.conf is updated when promoting a client to replica - Resolves: #1461177 - ipa-otptoken-import - XML file is missing PBKDF2 parameters! - ipa-otptoken-import: Make PBKDF2 refer to the pkcs5 namespace - Resolves: #1484428 - Updating from RHEL 7.3 fails with Server-Cert not found (ipa-server-upgrade) - Backport 4-5: Fix ipa-server-upgrade with server cert tracking [4.5.0-21.el7.1.2] - Resolves: #1477703 IPA upgrade fails for latest ipa package - Restore old version of caIPAserviceCert for upgrade only [4.5.0-21.el7.1.1] - Resolves: #1475238 Use CommonNameToSANDefault in default profile (new installs only) - Restore old version of caIPAserviceCert for upgrade only [4.5.0-21.el7.1] - Resolves: #1455946 Provide a tooling automating the configuration of Smart Card authentication on a FreeIPA master - smart-card advises: configure systemwide NSS DB also on master - smart-card advises: add steps to store smart card signing CA cert - Allow to pass in multiple CA cert paths to the smart card advises - add a class that tracks the indentation in the generated advises - delegate the indentation handling in advises to dedicated class - advise: add an infrastructure for formatting Bash compound statements - delegate formatting of compound Bash statements to dedicated classes - Fix indentation of statements in Smart card advises - Use the compound statement formatting API for configuring PKINIT - smart card advises: use a wrapper around Bash for loops - smart card advise: use password when changing trust flags on HTTP cert - smart-card-advises: ensure that krb5-pkinit is installed on client - Resolves: #1475238 Use CommonNameToSANDefault in default profile (new installs only) - Add CommonNameToSANDefault to default cert profile - Resolves: #1464205 NULL LDAP context in call to ldap_search_ext_s during search in cn=ad,cn=trusts,dc=example,dc=com - NULL LDAP context in call to ldap_search_ext_s during search [4.5.0-21.el7] - Resolves: #1469246 Replica install fails to configure IPA-specific temporary files/directories - replica install: drop-in IPA specific config to tmpfiles.d - Resolves: #1469480 bind package is not automatically updated during ipa-server upgrade process - Bumped Required version of bind-dyndb-ldap and bind package [4.5.0-20.el7] - Resolves: #1452216 Replica installation grants HTTP principal access in WebUI - Make sure we check ccaches in all rpcserver paths [4.5.0-19.el7] - Resolves: #1462112 ipaserver installation fails in FIPS mode: OpenSSL internal error, assertion failed: Digest MD4 forbidden in FIPS mode! - ipa-sam: replace encode_nt_key() with E_md4hash() - ipa_pwd_extop: do not generate NT hashes in FIPS mode - Resolves: #1377973 ipa-server-install fails when the provided or resolved IP address is not found on local interfaces - Fix local IP address validation - ipa-dns-install: remove check for local ip address - refactor CheckedIPAddress class - CheckedIPAddress: remove match_local param - Remove ip_netmask from option parser - replica install: add missing check for non-local IP address - Remove network and broadcast address warnings [4.5.0-18.el7] - Resolves: #1449189 ipa-kra-install timeouts on replica - kra: promote: Get ticket before calling custodia [4.5.0-17.el7] - Resolve: #1455946 Provide a tooling automating the configuration of Smart Card authentication on a FreeIPA master - server certinstall: update KDC master entry - pkinit manage: introduce ipa-pkinit-manage - server upgrade: do not enable PKINIT by default - Extend the advice printing code by some useful abstractions - Prepare advise plugin for smart card auth configuration - Resolve: #1461053 allow to modify list of UPNs of a trusted forest - trust-mod: allow modifying list of UPNs of a trusted forest - WebUI: add support for changing trust UPN suffixes [4.5.0-16.el7] - Resolves: #1377973 ipa-server-install fails when the provided or resolved IP address is not found on local interfaces - Only warn when specified server IP addresses don't match intf - Resolves: #1438016 gssapi errors after IPA server upgrade - Bump version of python-gssapi - Resolves: #1457942 certauth: use canonical principal for lookups - ipa-kdb: use canonical principal in certauth plugin - Resolves: #1459153 Do not send Max-Age in ipa_session cookie to avoid breaking older clients - Add code to be able to set default kinit lifetime - Revert setting sessionMaxAge for old clients [4.5.0-15.el7] - Resolves: #1442233 IPA client commands fail when pointing to replica - httpinstance: wait until the service entry is replicated - Resolves: #1456769 ipaAnchorUUID index incorrectly configured and then not indexed - Fix index definition for ipaAnchorUUID - Resolves: #1438016 gssapi errors after IPA server upgrade - Avoid possible endless recursion in RPC call - rpc: preparations for recursion fix - rpc: avoid possible recursion in create_connection - Resolves: #1446087 services entries missing krbCanonicalName attribute. - Changing cert-find to do not use only primary key to search in LDAP. - Resolves: #1452763 ipa certmaprule change not reflected in krb5kdc workers - ipa-kdb: reload certificate mapping rules periodically - Resolves: #1455541 after upgrade login from web ui breaks - kdc.key should not be visible to all - Resolves: #1435606 Add pkinit_indicator option to KDC configuration - ipa-kdb: add pkinit authentication indicator in case of a successful certauth - Resolves: #1455945 Enabling OCSP checks in mod_nss breaks certificate issuance when ipa-ca records are not resolvable - Turn off OCSP check - Resolves: #1454483 rhel73 ipa ui - cannot del server - IPA Error 903 - server_del - TypeError: 'NoneType' object is not iterable - fix incorrect suffix handling in topology checks [4.5.0-14.el7] - Resolves: #1438731 Extend ipa-server-certinstall and ipa-certupdate to handle PKINIT certificates/anchors - certdb: add named trust flag constants - certdb, certs: make trust flags argument mandatory - certdb: use custom object for trust flags - install: trust IPA CA for PKINIT - client install: fix client PKINIT configuration - install: introduce generic Kerberos Augeas lens - server install: fix KDC PKINIT configuration - ipapython.ipautil.run: Add option to set umask before executing command - certs: do not export keys world-readable in install_key_from_p12 - certs: do not export CA certs in install_pem_from_p12 - server install: fix KDC certificate validation in CA-less - replica install: respect --pkinit-cert-file - cacert manage: support PKINIT - server certinstall: support PKINIT - Resolves: #1444432 CA-less pkinit not installable with --pkinit-cert-file option - certs: do not export CA certs in install_pem_from_p12 - server install: fix KDC certificate validation in CA-less - Resolves: #1451228 ipa-kra-install fails when primary KRA server has been decommissioned - ipa-kra-install: fix pkispawn setting for pki_security_domain_hostname - Resolves: #1451712 KRA installation fails on server that was originally installed as CA-less - ipa-ca-install: append CA cert chain into /etc/ipa/ca.crt - Resolves: #1441499 ipa cert-show does not raise error if no file name specified - ca/cert-show: check certificate_out in options - Resolves: #1449522 Deprecate ipa pkinit-anonymous command in FreeIPA 4.5+ - Remove pkinit-anonymous command - Resolves: #1449523 Provide an API command to retrieve PKINIT status in the FreeIPA topology - Allow for multivalued server attributes - Refactor the role/attribute member reporting code - Add an attribute reporting client PKINIT-capable servers - Add the list of PKINIT servers as a virtual attribute to global config - Add pkinit-status command - test_serverroles: Get rid of MockLDAP and use ldap2 instead - Resolves: #1452216 Replica installation grants HTTP principal access in WebUI - Fix rare race condition with missing ccache file - Resolves: #1455045 Simple service uninstallers must be able to handle missing service files gracefully - only stop/disable simple service if it is installed - Resolves: #1455541 after upgrade login from web ui breaks - krb5: make sure KDC certificate is readable - Resolves: #1455862 'ipa: ERROR: an internal error has occurred' on executing command 'ipa cert-request --add' after upgrade - Change python-cryptography to python2-cryptography [4.5.0-13.el7] - Resolves: #1451804 'AttributeError: 'tuple' object has no attribute 'append'' error observed during ipa upgrade with latest package. - ipa-server-install: fix uninstall - Resolves: #1445390 ipa-[ca|kra]-install with invalid DM password break replica - ca install: merge duplicated code for DM password - installutils: add DM password validator - ca, kra install: validate DM password [4.5.0-12.el7] - Resolves: #1447284 Upgrade from ipa-4.1 fails when enabling KDC proxy - python2-ipalib: add missing python dependency - installer service: fix typo in service entry - upgrade: add missing suffix to http instance - Resolves: #1444791 Update man page of ipa-kra-install - ipa-kra-install manpage: document domain-level 1 - Resolves: #1441493 ipa cert-show raises stack traces when --certificate-out=/tmp - cert-show: writable files does not mean dirs - Resolves: #1441192 Add the name of URL parameter which will be check for username during cert login - Bump version of ipa.conf file - Resolves: #1378797 Web UI must check OCSP and CRL during smartcard login - Turn on NSSOCSP check in mod_nss conf - Resolves: #1322963 Errors from AD when trying to sign ipa.csr, conflicting template on - renew agent: respect CA renewal master setting - server upgrade: always fix certmonger tracking request - cainstance: use correct profile for lightweight CA certificates - renew agent: allow reusing existing certs - renew agent: always export CSR on IPA CA certificate renewal - renew agent: get rid of virtual profiles - ipa-cacert-manage: add --external-ca-type - Resolves: #1441593 error adding authenticator indicators to host - Fixing adding authenticator indicators to host - Resolves: #1449525 Set directory ownership in spec file - Added plugins directory to ipaclient subpackages - ipaclient: fix missing RPM ownership - Resolves: #1451279 otptoken-add-yubikey KeyError: 'ipatokenotpdigits' - otptoken-add-yubikey: When --digits not provided use default value [4.5.0-11.el7] - Resolves: #1449189 ipa-kra-install timeouts on replica - ipa-kra-install: fix check_host_keys [4.5.0-10.el7] - Resolves: #1438833 [ipa-replica-install] - 406 Client Error: Failed to validate message: Incorrect number of results (0) searching forpublic key for host - Make sure remote hosts have our keys - Resolves: #1442815 Replica install fails during migration from older IPA master - Refresh Dogtag RestClient.ca_host property - Remove the cachedproperty class - Resolves: #1444787 Update warning message when KRA installation fails - kra install: update installation failure message - Resolves: #1444896 ipa-server-install with external-ca fails in FIPS mode - ipa-server-install with external CA: fix pkinit cert issuance - Resolves: #1445397 GET in KerberosSession.finalize_kerberos_acquisition() must use FreeIPA CA - kerberos session: use CA cert with full cert chain for obtaining cookie - Resolves: #1447375 ipa-client-install: extra space in pkinit_anchors definition - ipa-client-install: remove extra space in pkinit_anchors definition - Resolves: #1447703 Fix SELinux contex of http.keytab during upgrade - Use proper SELinux context with http.keytab [4.5.0-9.el7] - Resolves: #1200767 [RFE] Allow Kerberos authentication for users with certificates on smart cards (pkinit) - spec file: bump krb5 Requires for certauth fixes - Resolves: #1438729 Configure local PKINIT on DL0 or when '--no-pkinit' option is used - separate function to set ipaConfigString values on service entry - Allow for configuration of all three PKINIT variants when deploying KDC - API for retrieval of master's PKINIT status and publishing it in LDAP - Use only anonymous PKINIT to fetch armor ccache - Stop requesting anonymous keytab and purge all references of it - Use local anchor when armoring password requests - Upgrade: configure local/full PKINIT depending on the master status - Do not test anonymous PKINIT after install/upgrade - Resolves: #1442427 ipa.ipaserver.install.plugins.adtrust. update_tdo_gidnumber: ERROR Default SMB Group not found - upgrade: adtrust update_tdo_gidnumber plugin must check if adtrust is installed - Resolves: #1442932 ipa restore fails to restore IPA user - restore: restart/reload gssproxy after restore - Resolves: #1444896 ipa-server-install with external-ca fails in FIPS mode - Fix CA/server cert validation in FIPS - Resolves: #1444947 Deadlock between topology and schema-compat plugins - compat-manage: behave the same for all users - Move the compat plugin setup at the end of install - compat: ignore cn=topology,cn=ipa,cn=etc subtree - Resolves: #1445358 ipa vault-add raises TypeError - vault: piped input for ipa vault-add fails - Resolves: #1445382 ipa vault-retrieve fails to retrieve data from vault - Vault: Explicitly default to 3DES CBC - Resolves: #1445432 uninstall ipa client automount failed with RuntimeWarning - automount install: fix checking of SSSD functionality on uninstall - Resolves: #1446137 pki_client_database_password is shown in ipaserver-install.log - Hide PKI Client database password in log file [4.5.0-8.el7] - Resolves: #1443869 Command 'openssl pkcs12 ...' failed during IPA upgrade - Fix CAInstance.import_ra_cert for empty passwords [4.5.0-7.el7] - Resolves: #1431520 ipa cert-find runs a large number of searches, so IPA WebUI is slow to display user details page - cert: defer cert-find result post-processing - Resolves: #1435611 Tracebacks seen from dogtag-ipa-ca-renew-agent-submit helper when installing replica - server-install: No double Kerberos install - Resolves: #1437502 ipa-replica-install fails with requirement to use --force-join that is a client install option. - Add the force-join option to replica install - replicainstall: better client install exception handling - Resolves: #1437953 Server CA-less impossible option check - server-install: remove broken no-pkinit check - Resolves: #1441160 FreeIPA client <= 4.4 fail to parse 4.5 cookies - Add debug log in case cookie retrieval went wrong - Resolves: #1441548 ipa server install fails with --external-ca option - ext. CA: correctly write the cert chain - Resolves: #1441718 Conversion of CA-less server to CA fails on CA instance spawn - Fix CA-less to CA-full upgrade - Resolves: #1442133 Do not link libkrad, liblber, libldap_r and libsss_nss_idmap to every binary in IPA - configure: fix AC_CHECK_LIB usage - Resolves: #1442815 Replica install fails during migration from older IPA master - Fix RA cert import during DL0 replication - Related: #1442004 Building IdM/FreeIPA internally on all architectures - filtering unsupported packages - Build all subpackages on all architectures [4.5.0-6.el7] - Resolves: #1382053 Need to have validation for idrange names - idrange-add: properly handle empty --dom-name option - Resolves: #1435611 Tracebacks seen from dogtag-ipa-ca-renew-agent-submit helper when installing replica - dsinstance: reconnect ldap2 after DS is restarted by certmonger - httpinstance: avoid httpd restart during certificate request - dsinstance, httpinstance: consolidate certificate request code - install: request service certs after host keytab is set up - renew agent: revert to host keytab authentication - renew agent, restart scripts: connect to LDAP after kinit - Resolves: #1436987 ipasam: gidNumber attribute is not created in the trusted domain entry - ipa-sam: create the gidNumber attribute in the trusted domain entry - Upgrade: add gidnumber to trusted domain entry - Resolves: #1438679 [ipa-replica-install] - IncorrectPasswordException: Incorrect client security database password - Add pki_pin only when needed - Resolves: #1438348 Console output message while adding trust should be mapped with texts changed in Samba. - ipaserver/dcerpc: unify error processing - Resolves: #1438366 ipa trust-fetch-domains: ValidationError: invalid 'Credentials': Missing credentials for cross-forest communication - trust: always use oddjobd helper for fetching trust information - Resolves: #1441192 Add the name of URL parameter which will be check for username during cert login - WebUI: cert login: Configure name of parameter used to pass username - Resolves: #1437879 [copr] Replica install failing - Create system users for FreeIPA services during package installation - Resolves: #1441316 WebUI cert auth fails after ipa-adtrust-install - Fix s4u2self with adtrust [4.5.0-5.el7] - Resolves: #1318186 Misleading error message during external-ca IPA master install - httpinstance: make sure NSS database is backed up - Resolves: #1331443 Re-installing ipa-server after uninstall fails with 'ERROR CA certificate chain in ... incomplete' - httpinstance: make sure NSS database is backed up - Resolves: #1393726 Enumerate all available request type options in ipa cert-request help - Hide request_type doc string in cert-request help - Resolves: #1402959 [RFE] Universal Smart Card to Identity mapping - spec file: bump libsss_nss_idmap-devel BuildRequires - server: make sure we test for sss_nss_getlistbycert - Resolves: #1437378 ipa-adtrust-install produced an error and failed on starting smb when hostname is not FQDN - adtrust: make sure that runtime hostname result is consistent with the configuration - Resolves: #1437555 ipa-replica-install with DL0 fails to get annonymous keytab - Always check and create anonymous principal during KDC install - Remove duplicate functionality in upgrade - Resolves: #1437946 Upgrade to FreeIPA 4.5.0 does not configure anonymous principal for PKINIT - Upgrade: configure PKINIT after adding anonymous principal - Remove unused variable from failed anonymous PKINIT handling - Split out anonymous PKINIT test to a separate method - Ensure KDC is propery configured after upgrade - Resolves: #1437951 Remove pkinit-related options from server/replica-install on DL0 - Fix the order of cert-files check - Don't allow setting pkinit-related options on DL0 - replica-prepare man: remove pkinit option refs - Remove redundant option check for cert files - Resolves: #1438490 CA-less installation fails on publishing CA certificate - Get correct CA cert nickname in CA-less - Remove publish_ca_cert() method from NSSDatabase - Resolves: #1438838 Avoid arch-specific path in /etc/krb5.conf.d/ipa-certmap - IPA-KDB: use relative path in ipa-certmap config snippet - Resolves: #1439038 Allow erasing ipaDomainResolutionOrder attribute - Allow erasing ipaDomainResolutionOrder attribute [4.5.0-4.el7] - Resolves: #1434032 Run ipa-custodia with custom SELinux context - Require correct custodia version [4.5.0-3.el7] - Resolves: #800545 [RFE] Support SUDO command rename - Reworked the renaming mechanism - Allow renaming of the sudorule objects - Resolves: #872671 IPA WebUI login for AD Trusted User fails - WebUI: check principals in lowercase - WebUI: add method for disabling item in user dropdown menu - WebUI: Add support for login for AD users - Resolves: #1200767 [RFE] Allow Kerberos authentication for users with certificates on smart cards (pkinit) - ipa-kdb: add ipadb_fetch_principals_with_extra_filter() - IPA certauth plugin - ipa-kdb: do not depend on certauth_plugin.h - spec file: bump krb5-devel BuildRequires for certauth - Resolves: #1264370 RFE: disable last successful authentication by default in ipa. - Set 'KDC:Disable Last Success' by default - Resolves: #1318186 Misleading error message during external-ca IPA master install - certs: do not implicitly create DS pin.txt - httpinstance: clean up /etc/httpd/alias on uninstall - Resolves: #1331443 Re-installing ipa-server after uninstall fails with 'ERROR CA certificate chain in ... incomplete' - certs: do not implicitly create DS pin.txt - httpinstance: clean up /etc/httpd/alias on uninstall - Resolves: #1366572 [RFE] Web UI: allow Smart Card authentication - configure: fix --disable-server with certauth plugin - rpcserver.login_x509: Actually return reply from __call__ method - spec file: Bump requires to make Certificate Login in WebUI work - Resolves: #1402959 [RFE] Universal Smart Card to Identity mapping - extdom: do reverse search for domain separator - extdom: improve cert request - Resolves: #1430363 [RFE] HBAC rule names command rename - Reworked the renaming mechanism - Allow renaming of the HBAC rule objects - Resolves: #1433082 systemctl daemon-reload needs to be called after httpd.service.d/ipa.conf is manipulated - tasks: run systemctl daemon-reload after httpd.service.d updates - Resolves: #1434032 Run ipa-custodia with custom SELinux context - Use Custodia 0.3.1 features - Resolves: #1434384 RPC client should use HTTP persistent connection - Use connection keep-alive - Add debug logging for keep-alive - Increase Apache HTTPD's default keep alive timeout - Resolves: #1434729 man ipa-cacert-manage install needs clarification - man ipa-cacert-manage install needs clarification - Resolves: #1434910 replica install against IPA v3 master fails with ACIError - Fixing replica install: fix ldap connection in domlvl 0 - Resolves: #1435394 Ipa-kra-install fails with weird output when backspace is used during typing Directory Manager password - ipapython.ipautil.nolog_replace: Do not replace empty value - Resolves: #1435397 ipa-replica-install can't install replica file produced by ipa-replica-prepare on 4.5 - replica prepare: fix wrong IPA CA nickname in replica file - Resolves: #1435599 WebUI: in self-service Vault menu item is shown even if KRA is not installed - WebUI: Fix showing vault in selfservice view - Resolves: #1435718 As a ID user I cannot call a command with --rights option - ldap2: use LDAP whoami operation to retrieve bind DN for current connection - Resolves: #1436319 'Truncated search results' pop-up appears in user details in WebUI - WebUI: Add support for suppressing warnings - WebUI: suppress truncation warning in select widget - Resolves: #1436333 Uninstall fails with No such file or directory: '/var/run/ipa/services.list' - Create temporaty directories at the begining of uninstall - Resolves: #1436334 WebUI: Adding certificate mapping data using certificate fails - WebUI: Allow to add certs to certmapping with CERT LINES around - Resolves: #1436338 CLI doesn't work after ipa-restore - Backup ipa-specific httpd unit-file - Backup CA cert from kerberos folder - Resolves: #1436342 Bump samba version, required for FIPS mode and privilege separation - Bump samba version for FIPS and priv. separation - Resolves: #1436642 [ipalib/rpc.py] - 'maximum recursion depth exceeded' with ipa vault commands - Avoid growing FILE ccaches unnecessarily - Handle failed authentication via cookie - Work around issues fetching session data - Prevent churn on ccaches - Resolves: #1436657 Add workaround for pki_pin for FIPS - Generate PIN for PKI to help Dogtag in FIPS - Resolves: #1436714 [vault] cache KRA transport cert - Simplify KRA transport cert cache - Resolves: #1436723 cert-find does not find all certificates without sizelimit=0 - cert: do not limit internal searches in cert-find - Resolves: #1436724 Renewal of IPA RA fails on replica - dogtag-ipa-ca-renew-agent-submit: fix the is_replicated() function - Resolves: #1436753 Master tree fails to install - httpinstance.disable_system_trust: Don't fail if module 'Root Certs' is not available [4.5.0-2.el7] - Resolves: #1432630 python2-jinja2 needed for python2-ipaclient - Remove csrgen - Resolves: #1432903 Set GssProxy options to enable caching of ldap tickets - Add options to allow ticket caching [4.5.0-1.el7] - Resolves: #828866 [RFE] enhance --subject option for ipa-server-install - Resolves: #1160555 ipa-server-install: Cannot handle double hyphen '--' in hostname - Resolves: #1286288 Insufficient 'write' privilege to the 'ipaExternalMember' attribute - Resolves: #1321652 ipa-server-install fails when using external certificates that encapsulate RDN components in double quotes - Resolves: #1327207 ipa cert-revoke --help doesn't provide enough info on revocation reasons - Resolves: #1340880 ipa-server-install: improve prompt on interactive installation - Resolves: #1353841 ipa-replica-install fails to install when resolv.conf incomplete entries - Resolves: #1356104 cert-show command does not display Subject Alternative Names - Resolves: #1357511 Traceback message seen when ipa is provided with invalid configuration file name - Resolves: #1358752 ipa-ca-install fails on replica when IPA server is converted from CA-less to CA-full - Resolves: #1366572 [RFE] Web UI: allow Smart Card authentication - Resolves: #1367572 improve error message in ipa migrate-ds: mention ipa config-mod --enable-migration=TRUE - Resolves: #1367868 Add options to retrieve lightweight CA certificate/chain - Resolves: #1371927 Implement ca-enable/disable commands. - Resolves: #1372202 Add Users into User Group editors fails to show Full names - Resolves: #1373091 Adding an auth indicator from the CLI creates an extra check box in the UI - Resolves: #1375596 Ipa-server WebUI - long user/group name show wrong error message - Resolves: #1375905 'Normal' group type in the UI is confusing - Resolves: #1376040 IPA client ipv6 - invalid --ip-address shows traceback - Resolves: #1376630 IDM admin password gets written to /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf - Resolves: #1376729 ipa-server-install script option --no_hbac_allow should match other options - Resolves: #1378461 IPA Allows Password Reuse with History value defined when admin resets the password. - Resolves: #1379029 conncheck failing intermittently during single step replica installs - Resolves: #1379858 [RFE] better debugging for ipa-replica-conncheck - Resolves: #1384310 ipa dnsrecord-add fails with Keyerror stack trace - Resolves: #1392778 Update man page for ipa-adtrust-install by removing --no-msdcs option - Resolves: #1392858 Rebase to FreeIPA 4.5+ - Rebase to 4.5.0 - Resolves: #1399133 Delete option shouldn't be available for hosts applied to view. - Resolves: #1399190 [RFE] Certificates issued by externally signed IdM CA should contain full trust chain - Resolves: #1400416 RFE: Provide option to take backup of IPA server before uninstalling IPA server - Resolves: #1400529 cert-request is not aware of Kerberos principal aliases - Resolves: #1401526 IPA WebUI certificates are grayed out on overview page but not on details page - Resolves: #1402959 [RFE] Universal Smart Card to Identity mapping - Resolves: #1404750 ipa-client-install fails to get CA cert via LDAP when non-FQDN name of IPA server is first in /etc/hosts - Resolves: #1409628 [RFE] Semi-automatic integration with external DNS using nsupdate - Resolves: #1413742 Backport request for bug/issue Change IP address validation errors to warnings - Resolves: #1415652 IPA replica install log shows password in plain text - Resolves: #1427897 different behavior regarding system wide certs in master and replica. - Resolves: #1430314 The ipa-managed-entries command failed, exception: AttributeError: ldap2 [4.4.0-14.7] - Resolves: #1419735 ipa-replica-install fails promotecustodia.create_replica with cert errors (untrusted) - added ssl verification using IPA trust anchor - Resolves: #1428472 batch param compatibility is incorrect - compat: fix Any params in batch and dnsrecord - Renamed patches 1011 and 1012 to 0159 and 0157, as they were merged upstream [4.4.0-14.6] - Resolves: #1416454 replication race condition prevents IPA to install - wait_for_entry: use only DN as parameter - Wait until HTTPS principal entry is replicated to replica - Use proper logging for error messages [4.4.0-14.5] - Resolves: #1365858 ipa-ca-install fails on replica when IPA Master is installed without CA - Set up DS TLS on replica in CA-less topology - Resolves: #1398600 IPA replica install fails with dirsrv errors. - Do not configure PKI ajp redirection to use '::1' - Resolves: #1413137 CVE-2017-2590 ipa: Insufficient permission check for ca-del, ca-disable and ca-enable commands - ca: correctly authorise ca-del, ca-enable and ca-disable [4.4.0-14.4] - Resolves: #1370493 CVE-2016-7030 ipa: DoS attack against kerberized services by abusing password policy - ipa-kdb: search for password policies globally - Renamed patches 1011 and 1012 to 0151 and 0150, as they were merged upstream [4.4.0-14.3] - Resolves: #1398670 Check IdM Topology for broken record caused by replication conflict before upgrading it - Check for conflict entries before raising domain level [4.4.0-14.2] - Resolves: #1382812 Creation of replica for disconnected environment is failing with CA issuance errors; Need good steps. - gracefully handle setting replica bind dn group on old masters - Resolves: #1397439 ipa-ca-install on promoted replica hangs on creating a temporary CA admin - replication: ensure bind DN group check interval is set on replica config - add missing attribute to ipaca replica during CA topology update - Resolves: #1401088 IPA upgrade of replica without DNS fails during restart of named-pkcs11 - bindinstance: use data in named.conf to determine configuration status [4.4.0-14.1] - Resolves: #1370493 CVE-2016-7030 ipa: DoS attack against kerberized services by abusing password policy - password policy: Add explicit default password policy for hosts and services - Resolves: #1395311 CVE-2016-9575 ipa: Insufficient permission check in certprofile-mod - certprofile-mod: correctly authorise config update [4.4.0-14] - Resolves: #1378353 Replica install fails with old IPA master sometimes during replication process - spec file: bump minimal required version of 389-ds-base - Resolves: #1387779 Make httpd publish CA certificate on Domain Level 1 - Fix missing file that fails DL1 replica installation - Resolves: #1387782 WebUI: Services are not displayed correctly after upgrade - WebUI: services without canonical name are shown correctly - Resolves: #1389709 Traceback seen in error_log when trustdomain-del is run - trustdomain-del: fix the way how subdomain is searched [4.4.0-13] - Resolves: #1318616 CA fails to start after doing ipa-ca-install --external-ca - Keep NSS trust flags of existing certificates - Resolves: #1360813 ipa-server-certinstall does not update all certificate stores and doesn't set proper trust permissions - Add cert checks in ipa-server-certinstall - Resolves: #1371479 cert-find --all does not show information about revocation - cert: add revocation reason back to cert-find output - Resolves: #1375133 WinSync users who have First.Last casing creates users who can have their password set - ipa passwd: use correct normalizer for user principals - Resolves: #1377858 Users with 2FA tokens are not able to login to IPA servers - Properly handle LDAP socket closures in ipa-otpd - Resolves: #1387779 Make httpd publish CA certificate on Domain Level 1 - Make httpd publish its CA certificate on DL1 [4.4.0-12] - Resolves: #1373910 IPA server upgrade fails with DNS timed out errors. - Resolves: #1375269 ipa trust-fetch-domains throws internal error [4.4.0-11] - Resolves: #1373359 ipa-certupdate fails with 'CA is not configured' - Fix regression introduced in ipa-certupdate [4.4.0-10] - Resolves: #1355753 adding two way non transitive(external) trust displays internal error on the console - Always fetch forest info from root DCs when establishing two-way trust - factor out populate_remote_domain method into module-level function - Always fetch forest info from root DCs when establishing one-way trust - Resolves: #1356101 Lightweight sub-CA certs are not tracked by certmonger after ipa-replica-install - Track lightweight CAs on replica installation - Resolves: #1357488 ipa command stuck forever on higher versioned client with lower versioned server - compat: Save server's API version in for pre-schema servers - compat: Fix ping command call - schema cache: Store and check info for pre-schema servers - Resolves: #1363905 man page for ipa-replica-manage has a typo in -c flag - Fix man page ipa-replica-manage: remove duplicate -c option from --no-lookup - Resolves: #1367865 webui: cert_revoke should use --cacn to set correct CA when revoking certificate - cert: include CA name in cert command output - WebUI add support for sub-CAs while revoking certificates - Resolves: #1368424 Unable to view certificates issued by Sub CA in Web UI - Add support for additional options taken from table facet - WebUI: Fix showing certificates issued by sub-CA - Resolves: #1368557 dnsrecord-add does not prompt for missing record parts internactively - dns: normalize record type read interactively in dnsrecord_add - dns: prompt for missing record parts in CLI - dns: fix crash in interactive mode against old servers - Resolves: #1370519 Certificate revocation in service-del and host-del isn't aware of Sub CAs - cert: fix cert-find --certificate when the cert is not in LDAP - Make host/service cert revocation aware of lightweight CAs - Resolves: #1371901 Use OAEP padding with custodia - Use RSA-OAEP instead of RSA PKCS#1 v1.5 - Resolves: #1371915 When establishing external two-way trust, forest root Administrator account is used to fetch domain info - do not use trusted forest name to construct domain admin principal - Resolves: #1372597 Incorrect CA ACL evaluation of SAN DNS names in certificate request - Fix CA ACL Check on SubjectAltNames - Resolves: #1373272 CLI always sends default command version - cli: use full name when executing a command - Resolves: #1373359 ipa-certupdate fails with 'CA is not configured' - Fix ipa-certupdate for CA-less installation - Resolves: #1373540 client-install with IPv6 address fails on link-local address (always) - Fix parse errors with link-local addresses [4.4.0-9] - Resolves: #1081561 CA not start during ipa server install in pure IPv6 env - Fix ipa-server-install in pure IPv6 environment - Resolves: #1318169 Tree-root domains in a trusted AD forest aren't marked as reachable via the forest root - trust: make sure ID range is created for the child domain even if it exists - ipa-kdb: simplify trusted domain parent search - Resolves: #1335567 Update Warning in IdM Web UI API browser - WebUI: add API browser is tech preview warning - Resolves: #1348560 Mulitple domain Active Directory Trust conflict - ipaserver/dcerpc: reformat to make the code closer to pep8 - trust: automatically resolve DNS trust conflicts for triangle trusts - Resolves: #1351593 CVE-2016-5404 ipa: Insufficient privileges check in certificate revocation - cert-revoke: fix permission check bypass (CVE-2016-5404) - Resolves: #1353936 custodia.conf and server.keys file is world-readable. - Remove Custodia server keys from LDAP - Secure permissions of Custodia server.keys - Resolves: #1358752 ipa-ca-install fails on replica when IPA server is converted from CA-less to CA-full - custodia: include known CA certs in the PKCS#12 file for Dogtag - custodia: force reconnect before retrieving CA certs from LDAP - Resolves: #1362333 ipa vault container owner cannot add vault - Fix: container owner should be able to add vault - Resolves: #1365546 External trust with root domain is transitive - trust: make sure external trust topology is correctly rendered - Resolves: #1365572 IPA server broken after upgrade - Require pki-core-10.3.3-7 - Resolves: #1367864 Server assumes latest version of command instead of version 1 for old / 3rd party clients - rpcserver: assume version 1 for unversioned command calls - rpcserver: fix crash in XML-RPC system commands - Resolves: #1367773 thin client ignores locale change - schema cache: Fallback to 'en_us' when locale is not available - Resolves: #1368754 ipa server uninstall fails with Python 'Global Name error' - Fail on topology disconnect/last role removal - Resolves: #1368981 ipa otptoken-add --type=hotp --key creates wrong OTP - otptoken, permission: Convert custom type parameters on server - Resolves: #1369414 ipa server-del fails with Python stack trace - Handled empty hostname in server-del command - Resolves: #1369761 ipa-server must depend on a version of httpd that support mod_proxy with UDS - Require httpd 2.4.6-31 with mod_proxy Unix socket support - Resolves: #1370512 Received ACIError instead of DuplicatedError in stageuser_tests - Raise DuplicatedEnrty error when user exists in delete_container - Resolves: #1371479 cert-find --all does not show information about revocation - cert: add missing param values to cert-find output - Renamed patch 1011 to 0100, as it was merged upstream [4.4.0-8] - Resolves: #1298288 [RFE] Improve performance in large environments. - cert: speed up cert-find - Resolves: #1317379 [EXPERIMENTAL][RFE] Web UI: allow Smart Card authentication - service: add flag to allow S4U2Self - Add 'trusted to auth as user' checkbox - Added new authentication method - Resolves: #1353881 ipa-replica-install suggests about non-existent --force-ntpd option - Don't show --force-ntpd option in replica install - Resolves: #1354441 DNS forwarder check is too strict: unable to add sub-domain to already-broken domain - DNS: allow to add forward zone to already broken sub-domain - Resolves: #1356146 performance regression in CLI help - schema: Speed up schema cache - frontend: Change doc, summary, topic and NO_CLI to class properties - schema: Introduce schema cache format - schema: Generate bits for help load them on request - help: Do not create instances to get information about commands and topics - schema cache: Do not reset ServerInfo dirty flag - schema cache: Do not read fingerprint and format from cache - Access data for help separately - frontent: Add summary class property to CommandOverride - schema cache: Read server info only once - schema cache: Store API schema cache in memory - client: Do not create instance just to check isinstance - schema cache: Read schema instead of rewriting it when SchemaUpToDate - Resolves: #1360769 ipa-server-certinstall couldnt unlock private key file - server install: do not prompt for cert file PIN repeatedly - Resolves: #1364113 ipa-password: ipa: ERROR: RuntimeError: Unable to create cache directory: [Errno 13] Permission denied: '/home/test_user' - schema: Speed up schema cache - Resolves: #1366604 cert-find crashes on invalid certificate data - cert: do not crash on invalid data in cert-find - Resolves: #1366612 Middle replica uninstallation in line topology works without '--ignore-topology-disconnect' - Fail on topology disconnect/last role removal - Resolves: #1366626 caacl-add-service: incorrect error message when service does not exists - Fix ipa-caalc-add-service error message - Resolves: #1367022 The ipa-server-upgrade command failed when named-pkcs11 does not happen to run during dnf upgrade - DNS server upgrade: do not fail when DNS server did not respond - Resolves: #1367759 [RFE] [webui] warn admin if there is only one IPA server with CA - Add warning about only one existing CA server - Set servers list as default facet in topology facet group - Resolves: #1367773 thin client ignores locale change - schema check: Check current client language against cached one [4.4.0-7] - Resolves: #1361119 UPN-based search for AD users does not match an entry in slapi-nis map cache - support multiple uid values in schema compatibility tree [4.4.0-6] - Resolves: #1309700 Process /usr/sbin/winbindd was killed by signal 6 - Revert 'spec: add conflict with bind-chroot to freeipa-server-dns' - Resolves: #1341249 Subsequent external CA installation fails - install: fix external CA cert validation - Resolves: #1353831 ipa-server-install fails in container because of hostnamectl set-hostname - server-install: Fix --hostname option to always override api.env values - install: Call hostnamectl set-hostname only if --hostname option is used - Resolves: #1356091 ipa-cacert-manage --help and man differ - Improvements for the ipa-cacert-manage man and help - Resolves: #1360631 ipa-backup is not keeping the /etc/tmpfiles.d/dirsrv-<instance>.conf - ipa-backup: backup /etc/tmpfiles.d/dirsrv-<instance>.conf - Resolves: #1361047 ipa-replica-install --help usage line suggests the replica file is needed - Update ipa-replica-install documentation - Resolves: #1361545 ipa-client-install starts rhel-domainname.service but does not rpm-require it - client: RPM require initscripts to get *-domainname.service - Resolves: #1364197 caacl: error when instantiating rules with service principals - caacl: fix regression in rule instantiation - Resolves: #1364310 ipa otptoken-add bytes object has no attribute confirm - parameters: move the confirm kwarg to Param - Resolves: #1364464 Topology graph: ca and domain adders shows question marks instead of plus icon - Fix unicode characters in ca and domain adders - Resolves: #1365083 Incomplete output returned for command ipa vault-add - client: add missing output params to client-side commands - Resolves: #1365526 build fails during 'make check' - ipa-kdb: Fix unit test after packaging changes in krb5 [4.4.0-5] - Resolves: #1353829 traceback message seen in ipaserver-uninstall.log file. - Do not initialize API in ipa-client-automount uninstall - Resolves: #1356899 com.redhat.idm.trust.fetch_domains need update after thin client changes - idrange: fix unassigned global variable - Resolves: #1360792 Migrating users doesn't update krbCanonicalName - re-set canonical principal name on migrated users - Resolves: #1362012 ipa hbactest produces error about cannot concatenate 'str' and 'bool' objects - Fix ipa hbactest output - Resolves: #1362260 ipa vault-mod no longer allows defining salt - vault: add missing salt option to vault_mod - Resolves: #1362312 ipa vault-retrieve internal error when using the wrong public key - vault: Catch correct exception in decrypt - Resolves: #1362537 ipa-server-install fails to create symlink from /etc/ipa/kdcproxy/ to /etc/httpd/conf.d/ - Correct path to HTTPD's systemd service directory - Resolves: #1363756 Increase length of passwords generated by installer - Increase default length of auto generated passwords [4.4.0-4] - Resolves: #1117306 [RFE] Allow multiple Principals per host entry (Kerberos aliases) - harden the check for trust namespace overlap in new principals - Resolves: #1351142 CLI is not using session cookies for communication with IPA API - Fix session cookies - Resolves: #1353888 Fix the help for ipa otp and other topics - help: Add dnsserver commands to help topic 'dns' - Resolves: #1354406 host-del updatedns options complains about missing ptr record for host - Host-del: fix behavior of --updatedns and PTR records - Resolves: #1355718 ipa-replica-manage man page example output differs actual command output - Minor fix in ipa-replica-manage MAN page - Resolves: #1358229 Traceback message should be fixed, seen while editing winsync migrated user information in Default trust view. - baseldap: Fix MidairCollision instantiation during entry modification - Resolves: #1358849 CA replica install logs to wrong log file - unite log file name of ipa-ca-install - Resolves: #1359130 ipa-server-install command fails to install IPA server. - DNS Locations: fix update-system-records unpacking error - Resolves: #1359237 AVC on dirsrv config caused by IPA installer - Use copy when replacing files to keep SELinux context - Resolves: #1359692 ipa-client-install join fail with traceback against RHEL-6.8 ipa-server - compat: fix ping call - Resolves: #1359738 ipa-replica-install --domain=<IPA primary domain> option does not work - replica-install: Fix --domain - Resolves: #1360778 Vault commands are available in CLI even when the server does not support them - Revert 'Enable vault-* commands on client' - client: fix hiding of commands which lack server support - Related: #1281704 Rebase to softhsm 2.1.0 - Remove the workaround for softhsm bug #1293340 - Related: #1298288 [RFE] Improve performance in large environments. - Create indexes for krbCanonicalName attribute [4.4.0-3] - Resolves: #1296140 Remove redhat-access-plugin-ipa support - Obsolete and conflict redhat-access-plugin-ipa - Resolves: #1351119 Multiple issues while uninstalling ipa-server - server uninstall fails to remove krb principals - Resolves: #1351758 ipa commands not showing expected error messages - frontend: copy command arguments to output params on client - Show full error message for selinuxusermap-add-hostgroup - Resolves: #1352883 Traceback on adding default automember group and hostgroup set - allow 'value' output param in commands without primary key - Resolves: #1353888 Fix the help for ipa otp and other topics - schema: Fix subtopic -> topic mapping - Resolves: #1354348 ipa trustconfig-show throws internal error. - allow 'value' output param in commands without primary key - Resolves: #1354381 ipa trust-add with raw option gives internal error. - trust-add: handle --all/--raw options properly - Resolves: #1354493 Replica install fails with old IPA master - DNS install: Ensure that DNS servers container exists - Resolves: #1354628 ipa hostgroup-add-member does not return error message when adding itself as member - frontend: copy command arguments to output params on client - Resolves: #1355856 ipa otptoken-add --type=totp gives internal error - messages: specify message type for ResultFormattingError - Resolves: #1356063 'ipa radiusproxy-add' command needs to prompt to enter secret key - expose --secret option in radiusproxy-* commands - prevent search for RADIUS proxy servers by secret - Resolves: #1356099 Bug in the ipapwd plugin - Heap corruption in ipapwd plugin - Resolves: #1356899 com.redhat.idm.trust.fetch_domains need update after thin client changes - Use server API in com.redhat.idm.trust-fetch-domains oddjob helper - Resolves: #1356964 Renaming a user removes all of his principal aliases - Preserve user principal aliases during rename operation [4.4.0-2.1] - Resolves: #1274524 [RFE] Qualify up to 60 IdM replicas - Resolves: #1320838 [RFE] Support IdM Client in a DNS domain controlled by AD - Related: #1356134 'kinit -E' does not work for IPA user [4.4.0-2] - Resolves: #1356102 Server uninstall does not stop tracking lightweight sub-CA with certmonger - uninstall: untrack lightweight CA certs - Resolves: #1351807 ipa-nis-manage config.get_dn missing - ipa-nis-manage: Use server API to retrieve plugin status - Resolves: #1353452 ipa-compat-manage command failed, exception: NotImplementedError: config.get_dn() - ipa-compat-manage: use server API to retrieve plugin status - Resolves: #1353899 ipa-advise: object of type 'type' has no len() - ipa-advise: correct handling of plugin namespace iteration - Resolves: #1356134 'kinit -E' does not work for IPA user - kdb: check for local realm in enterprise principals - Resolves: #1353072 ipa unknown command vault-add - Enable vault-* commands on client - vault-add: set the default vault type on the client side if none was given - Resolves: #1353995 Default CA can be used without a CA ACL - caacl: expand plugin documentation - Resolves: #1356144 host-find should not print SSH keys by default, only SSH fingerprints - host-find: do not show SSH key by default - Resolves: #1353506 ipa migrate-ds command fails for IPA in RHEL 7.3 - Removed unused method parameter from migrate-ds [4.4.0-1] - Resolves: #747612 [RFE] IPA should support and manage DNS sites - Resolves: #826790 Disabling password expiration (--maxlife=0 and --minlife=0) in the default global_policy in IPA sets user's password expiration (krbPasswordExpiration) to be 90 days - Resolves: #896699 ipa-replica-manage -H does not delete DNS SRV records - Resolves: #1084018 [RFE] Add IdM user password change support for legacy client compat tree - Resolves: #1117306 [RFE] Allow multiple Principals per host entry (Kerberos aliases) - Fix incorrect check for principal type when evaluating CA ACLs - Resolves: #1146860 [RFE] Offer OTP generation for host enrollment in the UI - Resolves: #1238190 ipasam unable to lookup group in directory yet manual search works - Resolves: #1250110 search by users which don't have read rights for all attrs in search_attributes fails - Resolves: #1263764 Show Certificate displays in useless format - Resolves: #1272491 [WebUI] Certificate action dropdown does not display all the options after adding new certificate - Resolves: #1292141 Rebase to FreeIPA 4.4+ - Rebase to 4.4.0 - Resolves: #1294503 IPA fails to issue 3rd party certs - Resolves: #1298242 [RFE] API compatibility - compatibility of clients - Resolves: #1298848 [RFE] Centralized topology management - Resolves: #1298966 [RFE] Extend Smart Card support - Resolves: #1315146 Multiple clients cannot join domain simultaneously: /var/run/httpd/ipa/clientcaches race condition? - Resolves: #1318903 ipa server install failing when SUBCA signs the cert - Resolves: #1319003 ipa-winsync-migrate: Traceback should be fixed with proper console output - Resolves: #1324055 IPA always qualify requests for admin - Resolves: #1328552 [RFE] Allow users to authenticate with alternative names - Resolves: #1334582 Inconsistent UI and CLI options for removing certificate hold - Resolves: #1346321 Exclude o=ipaca subtree from Retro Changelog (syncrepl) - Resolves: #1349281 Fix Conflicts with ipa-python - Resolves: #1350695 execution of copy-schema script fails - Resolves: #1351118 upgrade failed for RHEL-7.3 from RHEL-7.2.z - Resolves: #1351153 AVC seen on Replica during ipa-server upgrade test execution to 7.3 - Resolves: #1351276 ipa-server-install with dns cannot resolve itself to create ipa-ca entry - Related: #1343422 [RFE] Add GssapiImpersonate option [4.4.0-0.2.alpha1] - Resolves: #1348948 IPA server install fails with build ipa-server-4.4.0-0.el7.1.alpha1 - Revert 'Increased mod_wsgi socket-timeout' [4.4.0-0.1.alpha1] - Resolves: #712109 'krbExtraData not allowed' is logged in DS error log while setting password for default sudo binddn. - Resolves: #747612 [RFE] IPA should support and manage DNS sites - Resolves: #768316 [RFE] ipa-getkeytab should auto-detect the ipa server name - Resolves: #825391 [RFE] Replica installation should provide a means for inheriting nssldap security access settings - Resolves: #921497 Incorrect *.py[co] files placement - Resolves: #1029640 RHEL7 IPA to add DNA Plugin config for dnaRemote support - Resolves: #1029905 389 DS cache sizes not replicated to IPA replicas - Resolves: #1196958 IPA replica installation failing with high number of users (160000). - Resolves: #1219402 IPA suggests to uninstall a client when the user needs to uninstall a replica - Resolves: #1224057 [RFE] TGS authorization decisions in KDC based on Authentication Indicator - Resolves: #1234222 [WebUI] UI error message is not appropriate for 'Kerberos principal expiration' - Resolves: #1234223 [WebUI] General invalid password error message appearing for 'Locked user' - Resolves: #1254267 ipa-server-install failure applying ldap updates with limits exceeded - Resolves: #1258626 realmdomains-mod --add-domain command throwing error when doamin already is in forwardzone. - Resolves: #1259020 ipa-server-adtrust-install doesn't allow NetBIOS-name=EXAMPLE-TEST.COM (dash character) - Resolves: #1260993 DNSSEC signing enablement on dnszone should throw error message when DNSSEC master not installed - Resolves: #1262747 dnssec options missing in ipa-dns-install man page - Resolves: #1265900 Fail installation immediately after dirsrv fails to install using ipa-server-install - Resolves: #1265915 idoverrideuser-find fails if any SID anchor is not resolvable anymore - Resolves: #1268027 ipa-dnskeysync-replica crash with backtrace - LimitsExceeded: limits exceeded for this query - Resolves: #1269089 Certificate of managed-by host/service fails to resubmit - Resolves: #1269200 ipa-server crashing while trying to preserve admin user - Resolves: #1271321 Reduce ioblocktimeout and idletimeout defaults - Resolves: #1271579 Automember rule expressions disappear from tables on single expression delete - Resolves: #1275816 Incomplete ports for IPA ad-trust - Resolves: #1276351 [RFE] Remove /usr/share/ipa/updates/50-lockout-policy.update file from IPA releases - Resolves: #1277109 Add tool tips for Revert, Refresh, Undo, and Undo All in the IPA UI - Resolves: #1278426 Better error message needed for invalid ca-signing-algo option - Resolves: #1279932 ipa-client-install --request-cert needs workaround in anaconda chroot - Resolves: #1282521 Creating a user w/o private group fails when doing so in WebUI - Resolves: #1283879 ipa-winsync-migrate: Traceback message should be replaced by 'IPA is not configured on this system' - Resolves: #1285071 ipa-kra-install fails on replica looking for admin cert file - Resolves: #1287194 [RFE] Support of UPN for trusted domains - Resolves: #1288967 Normalize Manager entry in ipa user-add - Resolves: #1289487 Priority field missing in Password Policy detail tab - Resolves: #1291140 ipa client should configure kpasswd_server directive in krb5.conf - Resolves: #1292141 Rebase to FreeIPA 4.4+ - Rebase to 4.4.0.alpha1 - Resolves: #1298848 [RFE] Centralized topology management - Resolves: #1300576 Browser setup page includes instructions for Internet Explorer - Resolves: #1301586 ipa host-del --updatedns should remove related dns entries. - Resolves: #1304618 Residual Files After IPA Server Uninstall - Resolves: #1305144 ipa-python does not require its dependencies - Resolves: #1309700 Process /usr/sbin/winbindd was killed by signal 6 - Resolves: #1313798 Console output post ipa-winsync-migrate command should be corrected. - Resolves: #1314786 [RFE] External Trust with Active Directory domain - Resolves: #1319023 Include description for 'status' option in man page for ipactl command. - Resolves: #1319912 ipa-server-install does not completely change hostname and named-pkcs11 fails - Resolves: #1320891 IPA Error 3009: Validation error: Invalid 'ptrrecord': Reverse zone in-addr.arpa. requires exactly 4 IP address compnents, 5 given - Resolves: #1327207 ipa cert-revoke --help doesn't provide enough info on revocation reasons - Resolves: #1328549 'ipa-kra-install' command reports incorrect message when it is executed on server already installed with KRA. - Resolves: #1329209 ipa-nis-manage enable: change service name from 'portmap' to 'rpcbind' - Resolves: #1329275 ipa-nis-manage command should include status option - Resolves: #1330843 'man ipa' should be updated with latest commands - Resolves: #1333755 ipa cert-request causes internal server error while requesting certificate - Resolves: #1337484 EOF is not handled for ipa-client-install command - Resolves: #1338031 Insufficient 'write' privilege on some attributes for the members of the role which has 'User Administrators' privilege. - Resolves: #1343142 IPA DNS should do better verification of DNS zones - Resolves: #1347928 Frontpage exposes runtime error with no cookies enabled in browser [4.3.1-0.201605241723GIT1b427d3.1] - Resolves: #1339483 ipa-server-install fails with ERROR pkinit_cert_files - Fix incorrect rebase of patch 1001 [4.3.1-0.201605241723GIT1b427d3] - Resolves: #1339233 CA installed on replica is always marked as renewal master - Related: #1292141 Rebase to FreeIPA 4.4+ - Rebase to 4.3.1.201605241723GIT1b427d3 [4.3.1-0.201605191449GITf8edf37.1] - Resolves: #1332809 ipa-server-4.2.0-15.el7_2.6.1.x86_64 fails to install because of missing dependencies - Rebuild with krb5-1.14.1 [4.3.1-0.201605191449GITf8edf37] - Resolves: #837369 [RFE] Switch to client promotion to replica model - Resolves: #1199516 [RFE] Move replication topology to the shared tree - Resolves: #1206588 [RFE] Visualize FreeIPA server replication topology - Resolves: #1211602 Hide ipa-server-install KDC master password option (-P) - Resolves: #1212713 ipa-csreplica-manage: it could be nice to have also list-ruv / clean-ruv / abort-clean-ruv for o=ipaca backend - Resolves: #1267206 ipa-server-install uninstall should warn if no installation found - Resolves: #1295865 The Domain option is not correctly set in idmapd.conf when ipa-client-automount is executed. - Resolves: #1327092 URI details missing and OCSP-URI details are incorrectly displayed when certificate generated using IPA on RHEL 7.2up2. - Resolves: #1332809 ipa-server-4.2.0-15.el7_2.6.1.x86_64 fails to install because of missing dependencies - Related: #1292141 Rebase to FreeIPA 4.4+ - Rebase to 4.3.1.201605191449GITf8edf37 [4.2.0-16] - Resolves: #1277696 IPA certificate auto renewal fail with 'Invalid Credential' - cert renewal: make renewal of ipaCert atomic - Resolves: #1278330 installer options are not validated at the beginning of installation - install: fix command line option validation - Resolves: #1282845 sshd_config change on ipa-client-install can prevent sshd from starting up - client install: do not corrupt OpenSSH config with Match sections - Resolves: #1282935 ipa upgrade causes vault internal error - install: export KRA agent PEM file in ipa-kra-install - Resolves: #1283429 Default CA ACL rule is not created during ipa-replica-install - TLS and Dogtag HTTPS request logging improvements - Avoid race condition caused by profile delete and recreate - Do not erroneously reinit NSS in Dogtag interface - Add profiles and default CA ACL on migration - disconnect ldap2 backend after adding default CA ACL profiles - do not disconnect when using existing connection to check default CA ACLs - Resolves: #1283430 ipa-kra-install: fails to apply updates - suppress errors arising from adding existing LDAP entries during KRA install - Resolves: #1283748 Caching of ipaconfig does not work in framework - fix caching in get_ipa_config - Resolves: #1283943 IPA DNS Zone/DNS Forward Zone details missing after upgrade from RHEL 7.0 to RHEL 7.2 - upgrade: fix migration of old dns forward zones - Fix upgrade of forwardzones when zone is in realmdomains - Resolves: #1284413 ipa-cacert-manage renew fails on nonexistent ldap connection - ipa-cacert-renew: Fix connection to ldap. - Resolves: #1284414 ipa-otptoken-import fails on nonexistent ldap connection - ipa-otptoken-import: Fix connection to ldap. - Resolves: #1286635 IPA server upgrade fails from RHEL 7.0 to RHEL 7.2 using 'yum update ipa* sssd' - Set minimal required version for openssl - Resolves: #1286781 ipa-nis-manage does not update ldap with all NIS maps - Upgrade: Fix upgrade of NIS Server configuration - Resolves: #1289311 umask setting causes named-pkcs11 issue with directory permissions on /var/lib/ipa/dnssec - DNS: fix file permissions - Explicitly call chmod on newly created directories - Fix: replace mkdir with chmod - Resolves: #1290142 Broken 7.2.0 to 7.2.z upgrade - flawed version comparison - Fix version comparison - use FFI call to rpmvercmp function for version comparison - Resolves: #1292595 In IPA-AD trust environment some secondary IPA based Posix groups are missing - ipa-kdb: map_groups() consider all results - Resolves: #1293870 User should be notified for wrong password in password reset page - Fixed login error message box in LoginScreen page - Resolves: #1296196 Sysrestore did not restore state if a key is specified in mixed case - Allow to used mixed case for sysrestore - Resolves: #1296214 DNSSEC key purging is not handled properly - DNSSEC: Improve error reporting from ipa-ods-exporter - DNSSEC: Make sure that current state in OpenDNSSEC matches key state in LDAP - DNSSEC: Make sure that current key state in LDAP matches key state in BIND - DNSSEC: remove obsolete TODO note - DNSSEC: add debug mode to ldapkeydb.py - DNSSEC: logging improvements in ipa-ods-exporter - DNSSEC: remove keys purged by OpenDNSSEC from master HSM from LDAP - DNSSEC: ipa-dnskeysyncd: Skip zones with old DNSSEC metadata in LDAP - DNSSEC: ipa-ods-exporter: add ldap-cleanup command - DNSSEC: ipa-dnskeysyncd: call ods-signer ldap-cleanup on zone removal - DNSSEC: Log debug messages at log level DEBUG - Resolves: #1296216 ipa-server-upgrade fails if certmonger is not running - prevent crash of CA-less server upgrade due to absent certmonger - always start certmonger during IPA server configuration upgrade - Resolves: #1297811 The ipa -e skip_version_check=1 still issues incompatibility error when called against RHEL 6 server - ipalib: assume version 2.0 when skip_version_check is enabled - Resolves: #1298289 install fails when locale is 'fr_FR.UTF-8' - Do not decode HTTP reason phrase from Dogtag - Resolves: #1300252 shared certificateProfiles container is missing on a freshly installed RHEL7.2 system - upgrade: unconditional import of certificate profiles into LDAP - Resolves: #1301674 --setup-dns and other options is forgotten for using an external PKI - installer: Propagate option values from components instead of copying them. - installer: Fix logic of reading option values from cache. - Resolves: #1301687 issues with migration from RHEL 6 self-signed to RHEL 7 CA IPA setup - ipa-ca-install: print more specific errors when CA is already installed - cert renewal: import all external CA certs on IPA CA cert renewal - CA install: explicitly set dogtag_version to 10 - fix standalone installation of externally signed CA on IPA master - replica install: validate DS and HTTP server certificates - replica install: improvements in the handling of CA-related IPA config entries - Resolves: #1301901 [RFE] compat tree: show AD members of IPA groups - slapi-nis: update configuration to allow external members of IPA groups - Resolves: #1305533 ipa trust-add succeded but after that ipa trust-find returns '0 trusts matched' - upgrade: fix config of sidgen and extdom plugins - trusts: use ipaNTTrustPartner attribute to detect trust entries - Warn user if trust is broken - fix upgrade: wait for proper DS socket after DS restart - Insure the admin_conn is disconnected on stop - Fix connections to DS during installation - Fix broken trust warnings - Resolves: #1321092 Installers fail when there are multiple versions of the same certificate - certdb: never use the -r option of certutil - Related: #1317381 Crash during IPA upgrade due to slapd - spec file: update minimum required version of slapi-nis - Related: #1322691 CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2114 CVE-2016-2115 CVE-2016-2118 samba: various flaws [rhel-7.3] - Rebuild against newer Samba version [4.2.0-15] - Resolves: #1252556 Missing CLI param and ACL for vault service operations - vault: fix private service vault creation [4.2.0-14] - Resolves: #1262996 ipa vault internal error on replica without KRA - upgrade: make sure ldap2 is connected in export_kra_agent_pem - Resolves: #1270608 IPA upgrade fails for server with CA cert signed by external CA - schema: do not derive ipaVaultPublicKey from ipaPublicKey [4.2.0-13] - Resolves: #1217009 OTP sync in UI does not work for TOTP tokens - Fix an integer underflow bug in libotp - Resolves: #1262996 ipa vault internal error on replica without KRA - install: always export KRA agent PEM file - vault: select a server with KRA for vault operations - Resolves: #1269777 IPA restore overwrites /etc/passwd and /etc/group files - do not overwrite files with local users/groups when restoring authconfig - Renamed patch 1011 to 0138, as it was merged upstream [4.2.0-12] - Resolves: #1204205 [RFE] ID Views: Automated migration tool from Winsync to Trusts - winsync-migrate: Convert entity names to posix friendly strings - winsync-migrate: Properly handle collisions in the names of external groups - Resolves: #1261074 Adjust Firefox configuration to new extension signing policy - webui: use manual Firefox configuration for Firefox >= 40 - Resolves: #1263337 IPA Restore failed with installed KRA - ipa-backup: Add mechanism to store empty directory structure - Resolves: #1264793 CVE-2015-5284 ipa: ipa-kra-install includes certificate and private key in world readable file [rhel-7.2] - install: fix KRA agent PEM file permissions - Resolves: #1265086 Mark IdM API Browser as experimental - WebUI: add API browser is experimental warning - Resolves: #1265277 Fix kdcproxy user creation - install: create kdcproxy user during server install - platform: add option to create home directory when adding user - install: fix kdcproxy user home directory - Resolves: #1265559 GSS failure after ipa-restore - destroy httpd ccache after stopping the service [4.2.0-11] - Resolves: #1258965 ipa vault: set owner of vault container - baseldap: make subtree deletion optional in LDAPDelete - vault: add vault container commands - vault: set owner to current user on container creation - vault: update access control - vault: add permissions and administrator privilege - install: support KRA update - Resolves: #1261586 ipa config-mod addattr fails for ipauserobjectclasses - config: allow user/host attributes with tagging options - Resolves: #1262315 Unable to establish winsync replication - winsync: Add inetUser objectclass to the passsync sysaccount [4.2.0-10] - Resolves: #1260663 crash of ipa-dnskeysync-replica component during ipa-restore - IPA Restore: allows to specify files that should be removed - Resolves: #1261806 Installing ipa-server package breaks httpd - Handle timeout error in ipa-httpd-kdcproxy - Resolves: #1262322 Failed to backup CS.cfg message in upgrade. - Server Upgrade: backup CS.cfg when dogtag is turned off [4.2.0-9] - Resolves: #1257074 The KRA agent cert is stored in a PEM file that is not tracked - cert renewal: Include KRA users in Dogtag LDAP update - cert renewal: Automatically update KRA agent PEM file - Resolves: #1257163 renaming certificatte profile with --rename option leads to integrity issues - certprofile: remove 'rename' option - Resolves: #1257968 kinit stop working after ipa-restore - Backup: back up the hosts file - Resolves: #1258926 Remove 'DNSSEC is experimental' warnings - DNSSEC: remove 'DNSSEC is experimental' warnings - Resolves: #1258929 Uninstallation of IPA leaves extra entry in /etc/hosts - Installer: do not modify /etc/hosts before user agreement - Resolves: #1258944 DNSSEC daemons may deadlock when processing more than 1 zone - DNSSEC: backup and restore opendnssec zone list file - DNSSEC: remove ccache and keytab of ipa-ods-exporter - DNSSEC: prevent ipa-ods-exporter from looping after service auto-restart - DNSSEC: Fix deadlock in ipa-ods-exporter <-> ods-enforcerd interaction - DNSSEC: Fix HSM synchronization in ipa-dnskeysyncd when running on DNSSEC key master - DNSSEC: Fix key metadata export - DNSSEC: Wrap master key using RSA OAEP instead of old PKCS v1.5. - Resolves: #1258964 revert to use ldapi to add kra agent in KRA install - Using LDAPI to setup CA and KRA agents. - Resolves: #1259848 server closes connection and refuses commands after deleting user that is still logged in - ldap: Make ldap2 connection management thread-safe again - Resolves: #1259996 AttributeError: 'NameSpace' object has no attribute 'ra_certprofile' while ipa-ca-install - load RA backend plugins during standalone CA install on CA-less IPA master [4.2.0-8] - Resolves: #1254689 Storing big file as a secret in vault raises traceback - vault: Limit size of data stored in vault - Resolves: #1255880 ipactl status should distinguish between different pki-tomcat services - ipactl: Do not start/stop/restart single service multiple times [4.2.0-7] - Resolves: #1256840 [webui] majority of required fields is no longer marked as required - fix missing information in object metadata - Resolves: #1256842 [webui] no option to choose trust type when creating a trust - webui: add option to establish bidirectional trust - Resolves: #1256853 Clear text passwords in KRA install log - Removed clear text passwords from KRA install log. - Resolves: #1257072 The 'Standard Vault' MUST not be the default and must be discouraged - vault: change default vault type to symmetric - Resolves: #1257163 renaming certificatte profile with --rename option leads to integrity issues - certprofile: prevent rename (modrdn) [4.2.0-6] - Resolves: #1249226 IPA dnssec-validation not working for AD dnsforwardzone - DNSSEC: fix forward zone forwarders checks - Resolves: #1250190 idrange is not added for sub domain - trusts: format Kerberos principal properly when fetching trust topology - Resolves: #1252334 User life cycle: missing ability to provision a stage user from a preserved user - Add user-stage command - Resolves: #1252863 After applying RHBA-2015-1554 errata, IPA service fails to start. - spec file: Add Requires(post) on selinux-policy - Resolves: #1254304 Changing vault encryption attributes - Change internal rsa_(public|private)_key variable names - Added support for changing vault encryption. - Resolves: #1256715 Executing user-del --preserve twice removes the user pernamently - improve the usability of ipa user-del --preserve command [4.2.0-5] - Resolves: #1199530 [RFE] Provide user lifecycle managment capabilities - user-undel: Fix error messages. - Resolves: #1200694 [RFE] Support for multiple cert profiles - Prohibit deletion of predefined profiles - Resolves: #1232819 testing ipa-restore on fresh system install fails - Backup/resore authentication control configuration - Resolves: #1243331 pkispawn fails when migrating to 4.2 server from 3.0 server - Require Dogtag PKI >= 10.2.6 - Resolves: #1245225 Asymmetric vault drops traceback when the key is not proper - Asymmetric vault: validate public key in client - Resolves: #1248399 Missing DNSSEC related files in backup - fix typo in BasePathNamespace member pointing to ods exporter config - ipa-backup: archive DNSSEC zone file and kasp.db - Resolves: #1248405 PassSync should be disabled after ipa-winsync-migrate is finished - winsync-migrate: Add warning about passsync - winsync-migrate: Expand the man page - Resolves: #1248524 User can't find any hosts using 'ipa host-find uln-cp-update-1' - adjust search so that it works for non-admin users - Resolves: #1250093 ipa certprofile-import accepts invalid config - Require Dogtag PKI >= 10.2.6 - Resolves: #1250107 IPA framework should not allow modifying trust on AD trust agents - trusts: Detect missing Samba instance - Resolves: #1250111 User lifecycle - preserved users can be assigned membership - ULC: Prevent preserved users from being assigned membership - Resolves: #1250145 Add permission for user to bypass caacl enforcement - Add permission for bypassing CA ACL enforcement - Resolves: #1250190 idrange is not added for sub domain - idranges: raise an error when local IPA ID range is being modified - trusts: harden trust-fetch-domains oddjobd-based script - Resolves: #1250928 Man page for ipa-server-install is out of sync - install: Fix server and replica install options - Resolves: #1251225 IPA default CAACL does not allow cert-request for services after upgrade - Fix default CA ACL added during upgrade - Resolves: #1251561 ipa vault-add Unknown option: ipavaultpublickey - validate mutually exclusive options in vault-add - Resolves: #1251579 ipa vault-add --user should set container owner equal to user on first run - Fixed vault container ownership. - Resolves: #1252517 cert-request rejects request with correct krb5PrincipalName SAN - Fix KRB5PrincipalName / UPN SAN comparison - Resolves: #1252555 ipa vault-find doesn't work for services - vault: Add container information to vault command results - Add flag to list all service and user vaults - Resolves: #1252556 Missing CLI param and ACL for vault service operations - Added CLI param and ACL for vault service operations. - Resolves: #1252557 certprofile: improve profile format documentation - certprofile-import: improve profile format documentation - certprofile: add profile format explanation - Resolves: #1253443 ipa vault-add creates vault with invalid type - vault: validate vault type - Resolves: #1253480 ipa vault-add-owner does not fail when adding an existing owner - baseldap: Allow overriding member param label in LDAPModMember - vault: Fix param labels in output of vault owner commands - Resolves: #1253511 ipa vault-find does not use criteria - vault: Fix vault-find with criteria - Resolves: #1254038 ipa-replica-install pk12util error returns exit status 10 - install: Fix replica install with custom certificates - Resolves: #1254262 ipa-dnskeysync-replica crash cannot contact kdc - improve the handling of krb5-related errors in dnssec daemons - Resolves: #1254412 when dirsrv is off ,upgrade from 7.1 to 7.2 fails with starting CA and named-pkcs11.service - Server Upgrade: Start DS before CA is started. - Resolves: #1254637 Add ACI and permission for managing user userCertificate attribute - add permission: System: Manage User Certificates - Resolves: #1254641 Remove CSR allowed-extensions restriction - cert-request: remove allowed extensions check - Resolves: #1254693 vault --service does not normalize service principal - vault: normalize service principal in service vault operations - Resolves: #1254785 ipa-client-install does not properly handle dual stacked hosts - client: Add support for multiple IP addresses during installation. - Add dependency to SSSD 1.13.1 - client: Add description of --ip-address and --all-ip-addresses to man page [4.2.0-4] - Resolves: #1072383 [RFE] Provide ability to map CAC identity certificates to users in IdM - store certificates issued for user entries as - user-show: add --out option to save certificates to file - Resolves: #1145748 [RFE] IPA running with One Way Trust - Fix upgrade of sidgen and extdom plugins - Resolves: #1195339 ipa-client-install changes the label on various files which causes SELinux denials - Use 'mv -Z' in specfile to restore SELinux context - Resolves: #1198796 Text in UI should describe differing LDAP vs Krb behavior for combinations of 'User authentication types' - webui: add LDAP vs Kerberos behavior description to user auth - Resolves: #1199530 [RFE] Provide user lifecycle managment capabilities - ULC: Fix stageused-add --from-delete command - Resolves: #1200694 [RFE] Support for multiple cert profiles - certprofile-import: do not require profileId in profile data - Give more info on virtual command access denial - Allow SAN extension for cert-request self-service - Add profile for DNP3 / IEC 62351-8 certificates - Work around python-nss bug on unrecognised OIDs - Resolves: #1204501 [RFE] Add Password Vault (KRA) functionality - Validate vault's file parameters - Fixed missing KRA agent cert on replica. - Resolves: #1225866 display browser config options that apply to the browser. - webui: add Kerberos configuration instructions for Chrome - Remove ico files from Makefile - Resolves: #1246342 Unapply idview raises internal error - idviews: Check for the Default Trust View only if applying the view - Resolves: #1248102 [webui] regression - incorrect/no failed auth messages - webui: fix regressions failed auth messages - Resolves: #1248396 Internal error in DomainValidator.__search_in_dc - dcerpc: Fix UnboundLocalError for ccache_name - Resolves: #1249455 ipa trust-add failed CIFS server configuration does not allow access to \pipe\lsarpc - Fix selector of protocol for LSA RPC binding string - dcerpc: Simplify generation of LSA-RPC binding strings - Resolves: #1250192 Error in ipa trust-fecth-domains - Fix incorrect type comparison in trust-fetch-domains - Resolves: #1251553 Winsync setup fails with unexpected error - replication: Fix incorrect exception invocation - Resolves: #1251854 ipa aci plugin is not parsing aci's correctly. - ACI plugin: correctly parse bind rules enclosed in - Resolves: #1252414 Trust agent install does not detect available replicas to add to master - adtrust-install: Correctly determine 4.2 FreeIPA servers [4.2.0-3] - Resolves: #1170770 [AD TRUST]IPA should detect inconsistent realm domains that conflicts with AD DC - trusts: Check for AD root domain among our trusted domains - Resolves: #1195339 ipa-client-install changes the label on various files which causes SELinux denials - sysrestore: copy files instead of moving them to avoind SELinux issues - Resolves: #1196656 [ipa-client][rhel71] enable debugging for spawned commands / ntpd -qgc hangs - enable debugging of ntpd during client installation - Resolves: #1205264 Migration UI Does Not Work When Anonymous Bind is Disabled - migration: Use api.env variables. - Resolves: #1212719 abort-clean-ruv subcommand should allow replica-certifyall: no - Allow value 'no' for replica-certify-all attr in abort-clean-ruv subcommand - Resolves: #1216935 ipa trust-add shows ipa: ERROR: an internal error has occurred - dcerpc: Expand explanation for WERR_ACCESS_DENIED - dcerpc: Fix UnboundLocalError for ccache_name - Resolves: #1222778 idoverride group-del can delete user and user-del can delete group - dcerpc: Add get_trusted_domain_object_type method - idviews: Restrict anchor to name and name to anchor conversions - idviews: Enforce objectclass check in idoverride*-del - Resolves: #1234919 Be able to request certificates without certmonger service running - cermonger: Use private unix socket when DBus SystemBus is not available. - ipa-client-install: Do not (re)start certmonger and DBus daemons. - Resolves: #1240939 Please add dependency on bind-pkcs11 - Create server-dns sub-package. - ipaplatform: Add constants submodule - DNS: check if DNS package is installed - Resolves: #1242914 Bump minimal selinux-policy and add booleans to allow calling out oddjobd-activated services - selinux: enable httpd_run_ipa to allow communicating with oddjobd services - Resolves: #1243261 non-admin users cannot search hbac rules - fix hbac rule search for non-admin users - fix selinuxusermap search for non-admin users - Resolves: #1243652 Client has missing dependency on memcache - do not import memcache on client - Resolves: #1243835 [webui] user change password dialog does not work - webui: fix user reset password dialog - Resolves: #1244802 spec: selinux denial during kdcproxy user creation - Fix selinux denial during kdcproxy user creation - Resolves: #1246132 trust-fetch-domains: Do not chown keytab to the sssd user - oddjob: avoid chown keytab to sssd if sssd user does not exist - Resolves: #1246136 Adding a privilege to a permission avoids validation - Validate adding privilege to a permission - Resolves: #1246141 DNS Administrators cannot search in zones - DNS: Consolidate DNS RR types in API and schema - Resolves: #1246143 User plugin - user-find doesn't work properly with manager option - fix broken search for users by their manager [4.2.0-2] - Resolves: #1131907 [ipa-client-install] cannot write certificate file '/etc/ipa/ca.crt.new': must be string or buffer, not None - Resolves: #1195775 unsaved changes dialog internally inconsistent - Resolves: #1199530 [RFE] Provide user lifecycle managment capabilities - Stageusedr-activate: show username instead of DN - Resolves: #1200694 [RFE] Support for multiple cert profiles - Prevent to rename certprofile profile id - Resolves: #1222047 IPA to AD Trust: IPA ERROR 4016: Remote Retrieve Error - Resolves: #1224769 copy-schema-to-ca.py does not overwrites schema files - copy-schema-to-ca: allow to overwrite schema files - Resolves: #1241941 kdc component installation of IPA failed - spec file: Update minimum required version of krb5 - Resolves: #1242036 Replica install fails to update DNS records - Fix DNS records installation for replicas - Resolves: #1242884 Upgrade to 4.2.0 fails when enabling kdc proxy - Start dirsrv for kdcproxy upgrade [4.2.0-1] - Resolves: #846033 [RFE] Documentation for JSONRPC IPA API - Resolves: #989091 Ability to manage IdM/IPA directly from a standard LDAP client - Resolves: #1072383 [RFE] Provide ability to map CAC identity certificates to users in IdM - Resolves: #1115294 [RFE] Add support for DNSSEC - Resolves: #1145748 [RFE] IPA running with One Way Trust - Resolves: #1199520 [RFE] Introduce single upgrade tool - ipa-server-upgrade - Resolves: #1199530 [RFE] Provide user lifecycle managment capabilities - Resolves: #1200694 [RFE] Support for multiple cert profiles - Resolves: #1200728 [RFE] Replicate PKI Profile information - Resolves: #1200735 [RFE] Allow issuing certificates for user accounts - Resolves: #1204054 SSSD database is not cleared between installs and uninstalls of ipa - Resolves: #1204205 [RFE] ID Views: Automated migration tool from Winsync to Trusts - Resolves: #1204501 [RFE] Add Password Vault (KRA) functionality - Resolves: #1204504 [RFE] Add access control so hosts can create their own services - Resolves: #1206534 [RFE] Offer Kerberos over HTTP (kdcproxy) by default - Resolves: #1206613 [RFE] Configure IPA to be a trust agent by default - Resolves: #1209476 package ipa-client does not require package dbus-python - Resolves: #1211589 [RFE] Add option to skip the verify_client_version - Resolves: #1211608 [RFE] Generic support for unknown DNS RR types (RFC 3597) - Resolves: #1215735 ipa-replica-prepare automatically adds a DNS zone - Resolves: #1217010 OTP Manager field is not exposed in the UI - Resolves: #1222475 krb5kdc : segfault at 0 ip 00007fa9f64d82bb sp 00007fffd68b2340 error 6 in libc-2.17.so - Related: #1204809 Rebase ipa to 4.2 - Update to upstream 4.2.0 - Move /etc/ipa/kdcproxy to the server subpackage [4.2.0-0.2.alpha1] - Resolves: #1228671 pkispawn fails in ipa-ca-install and ipa-kra-install - Related: #1204809 Rebase ipa to 4.2 - Fix minimum version of slapi-nis - Require python-sss and python-sss-murmur (provided by sssd-1.13.0) [4.2.0-0.1.alpha1] - Resolves: #805188 [RFE] 'ipa migrate-ds' ldapsearches with scope=1 - Resolves: #1019272 With 20000+ users, adding a user to a group intermittently throws Internal server error - Resolves: #1035494 Unable to add Kerberos principal via kadmin.local - Resolves: #1045153 ipa-managed-entries --list -p <badpassword> still requires DM password - Resolves: #1125950 ipa-server-install --uinstall doesn't remove port 7389 from ldap_port_t - Resolves: #1132540 [RFE] Expose service delegation rules in UI and CLI - Resolves: #1145584 ipaserver/install/cainstance.py creates pkiuser not matching uidgid - Resolves: #1176036 IDM client registration failure in a high load environment - Resolves: #1183116 Remove Requires: subscription-manager - Resolves: #1186054 permission-add does not prompt to enter --right option in interactive mode - Resolves: #1187524 Replication agreement with replica not disabled when ipa-restore done without IPA installed - Resolves: #1188195 Fax number not displayed for user-show when kinit'ed as normal user. - Resolves: #1189034 'an internal error has occurred' during ipa host-del --updatedns - Resolves: #1193554 ipa-client-automount: failing with error LDAP server returned UNWILLING_TO_PERFORM. This likely means that minssf is enabled. - Resolves: #1193759 IPA extdom plugin fails when encountering large groups - Resolves: #1194312 [ipa-python] ipalib.errors.LDAPError: failed to decode certificate: (SEC_ERROR_INVALID_ARGS) security library: invalid arguments. - Resolves: #1194633 Default trust view can be deleted in lower case - Resolves: #1196455 ipa-server-install step [8/27]: starting certificate server instance - confusing CA staus message on TLS error - Resolves: #1198263 Limit deadlocks between DS plugin DNA and slapi-nis - Resolves: #1199527 [RFE] Use datepicker component for datetime fields - Resolves: #1200867 [RFE] Make OTP validation window configurable - Resolves: #1200883 [RFE] Switch apache to use mod_auth_gssapi - Resolves: #1202998 CVE-2015-1827 ipa: memory corruption when using get_user_grouplist() [rhel-7.2] - Resolves: #1204637 slow group operations - Resolves: #1204642 migrate-ds: slow add o users to default group - Resolves: #1208461 IPA CA master server update stuck on checking getStatus via https - Resolves: #1211602 Hide ipa-server-install KDC master password option (-P) - Resolves: #1211708 ipa-client-install gets stuck during NTP sync - Resolves: #1215197 ipa-client-install ignores --ntp-server option during time sync - Resolves: #1215200 ipa-client-install configures IPA server as NTP source even if IPA server has not ntpd configured - Resolves: #1217009 OTP sync in UI does not work for TOTP tokens - Related: #1204809 Rebase ipa to 4.2 - Update to upstream 4.2.0.alpha1 [4.1.0-18.3] - [ipa-python] ipalib.errors.LDAPError: failed to decode certificate: (SEC_ERROR_INVALID_ARGS) security library: invalid arguments. (#1194312) [4.1.0-18.2] - IPA extdom plugin fails when encountering large groups (#1193759) - CVE-2015-0283 ipa: slapi-nis: infinite loop in getgrnam_r() and getgrgid_r() (#1202998) [4.1.0-18.1] - 'an internal error has occurred' during ipa host-del --updatedns (#1198431) - Renamed patch 1013 to 0114, as it was merged upstream - Fax number not displayed for user-show when kinit'ed as normal user. (#1198430) - Replication agreement with replica not disabled when ipa-restore done without IPA installed (#1199060) - Limit deadlocks between DS plugin DNA and slapi-nis (#1199128) [4.1.0-18] - Fix ipa-pwd-extop global configuration caching (#1187342) - group-detach does not add correct objectclasses (#1187540) [4.1.0-17] - Wrong directories created on full restore (#1186398) - ipa-restore crashes if replica is unreachable (#1186396) - idoverrideuser-add option --sshpubkey does not work (#1185410) [4.1.0-16] - PassSync does not sync passwords due to missing ACIs (#1181093) - ipa-replica-manage list does not list synced domain (#1181010) - Do not assume certmonger is running in httpinstance (#1181767) - ipa-replica-manage disconnect fails without password (#1183279) - Put LDIF files to their original location in ipa-restore (#1175277) - DUA profile not available anonymously (#1184149) - IPA replica missing data after master upgraded (#1176995) [4.1.0-15] - Re-add accidentally removed patches for #1170695 and #1164896 [4.1.0-14] - IPA Replicate creation fails with error 'Update failed! Status: [10 Total update abortedLDAP error: Referral]' (#1166265) - running ipa-server-install --setup-dns results in a crash (#1072502) - DNS zones are not migrated into forward zones if 4.0+ replica is added (#1175384) - gid is overridden by uid in default trust view (#1168904) - When migrating warn user if compat is enabled (#1177133) - Clean up debug log for trust-add (#1168376) - No error message thrown on restore(full kind) on replica from full backup taken on master (#1175287) - ipa-restore proceed even IPA not configured (#1175326) - Data replication not working as expected after data restore from full backup (#1175277) - IPA externally signed CA cert expiration warning missing from log (#1178128) - ipa-upgradeconfig fails in CA-less installs (#1181767) - IPA certs fail to autorenew simultaneouly (#1173207) - More validation required on ipa-restore's options (#1176034) [4.1.0-13] - Expand the token auth/sync windows (#919228) - Access is not rejected for disabled domain (#1172598) - krb5kdc crash in ldap_pvt_search (#1170695) - RHEL7.1 IPA server httpd avc denials after upgrade (#1164896) [4.1.0-12] - RHEL7.1 ipa-cacert-manage renewed certificate from MS ADCS not compatible (#1169591) - CLI doesn't show SSHFP records with SHA256 added via nsupdate (regression) (#1172578) [4.1.0-11] - Throw zonemgr error message before installation proceeds (#1163849) - Winsync: Setup is broken due to incorrect import of certificate (#1169867) - Enable last token deletion when password auth type is configured (#919228) - ipa-otp-lasttoken loads all user's tokens on every mod/del (#1166641) - add --hosts and --hostgroup options to allow/retrieve keytab methods (#1007367) - Extend host-show to add the view attribute in set of default attributes (#1168916) - Prefer TCP connections to UDP in krb5 clients (#919228) - [WebUI] Not able to unprovisioning service in IPA 4.1 (#1168214) - webui: increase notification duration (#1171089) - RHEL7.1 ipa automatic CA cert renewal stuck in submitting state (#1166931) - RHEL7.1 ipa-cacert-manage cannot change external to self-signed ca cert (#1170003) - Improve validation of --instance and --backend options in ipa-restore (#951581) - RHEL7.1 ipa replica unable to replicate to rhel6 master (#1167964) - Disable TLS 1.2 in nss.conf until mod_nss supports it (#1156466) [4.1.0-10] - Use NSS protocol range API to set available TLS protocols (#1156466) [4.1.0-9] - schema update on RHEL-6.6 using latest copy-schema-to-ca.py from RHEL-7.1 build fails (#1167196) - Investigate & fix Coverity defects in IPA DS/KDC plugins (#1160756) - 'ipa trust-add ... ' cmd says : (Trust status: Established and verified) while in the logs we see 'WERR_ACCESS_DENIED' during verification step. (#1144121) - POODLE: force using safe ciphers (non-SSLv3) in IPA client and server (#1156466) - Add support/hooks for a one-time password system like SecureID in IPA (#919228) - Tracebacks with latest build for --zonemgr cli option (#1167270) - ID Views: Support migration from the sync solution to the trust solution (#891984) [4.1.0-8] - Improve otptoken help messages (#919228) - Ensure users exist when assigning tokens to them (#919228) - Enable QR code display by default in otptoken-add (#919228) - Show warning instead of error if CA did not start (#1158410) - CVE-2014-7850 freeipa: XSS flaw can be used to escalate privileges (#1165774) - Traceback when adding zone with long name (#1164859) - Backup & Restore mechanism (#951581) - ignoring user attributes in migrate-ds does not work if uppercase characters are returned by ldap (#1159816) - Allow ipa-getkeytab to optionally fetch existing keys (#1007367) - Failure when installing on dual stacked system with external ca (#1128380) - ipa-server should keep backup of CS.cfg (#1059135) - Tracebacks with latest build for --zonemgr cli option (#1167270) - webui: use domain name instead of domain SID in idrange adder dialog (#891984) - webui: normalize idview tab labels (#891984) [4.1.0-7] - ipa-csreplica-manage connect fails (#1157735) - error message which is not understandable when IDNA2003 characters are present in --zonemgr (#1163849) - Fix warning message should not contain CLI commands (#1114013) - Renewing the CA signing certificate does not extend its validity period end (#1163498) - RHEL7.1 ipa-server-install --uninstall Could not set SELinux booleans for httpd (#1159330) [4.1.0-6] - Fix: DNS installer adds invalid zonemgr email (#1056202) - ipaplatform: Use the dirsrv service, not target (#951581) - Fix: DNS policy upgrade raises asertion error (#1161128) - Fix upgrade referint plugin (#1161128) - Upgrade: fix trusts objectclass violationi (#1161128) - group-add doesn't accept gid parameter (#1149124) [4.1.0-5] - Update slapi-nis dependency to pull 0.54-2 (#891984) - ipa-restore: Don't crash if AD trust is not installed (#951581) - Prohibit setting --rid-base for ranges of ipa-trust-ad-posix type (#1138791) - Trust setting not restored for CA cert with ipa-restore command (#1159011) - ipa-server-install fails when restarting named (#1162340) [4.1.0-4] - Update Requires on pki-ca to 10.1.2-4 (#1129558) - build: increase java stack size for all arches - Add ipaSshPubkey and gidNumber to the ACI to read ID user overrides (#891984) - Fix dns zonemgr validation regression (#1056202) - Handle profile changes in dogtag-ipa-ca-renew-agent (#886645) - Do not wait for new CA certificate to appear in LDAP in ipa-certupdate (#886645) - Add bind-dyndb-ldap working dir to IPA specfile - Fail if certmonger can't see new CA certificate in LDAP in ipa-cacert-manage (#886645) - Investigate & fix Coverity defects in IPA DS/KDC plugins (#1160756) - Deadlock in schema compat plugin (#1161131) - ipactl stop should stop dirsrv last (#1161129) - Upgrade 3.3.5 to 4.1 failed (#1161128) - CVE-2014-7828 freeipa: password not required when OTP in use (#1160877) [4.1.0-3] - Do not check if port 8443 is available in step 2 of external CA install (#1129481) [4.1.0-2] - Update Requires on selinux-policy to 3.13.1-4 [4.1.0-1] - Update to upstream 4.1.0 (#1109726) [4.1.0-0.1.alpha1] - Update to upstream 4.1.0 Alpha 1 (#1109726) [4.0.3-3] - Add redhat-access-plugin-ipa dependency [4.0.3-2] - Re-enable otptoken_yubikey plugin [4.0.3-1] - Update to upstream 4.0.3 (#1109726) [3.3.3-29] - Server installation fails using external signed certificates with 'IndexError: list index out of range' (#1111320) - Add rhino to BuildRequires to fix Web UI build error [3.3.3-28] - ipa-client-automount fails with incompatibility error when installed against older IPA server (#1083108) [3.3.3-27] - Proxy PKI URI /ca/ee/ca/profileSubmit to enable replication with future PKI versions (#1080865) [3.3.3-26] - When IdM server trusts multiple AD forests, IPA client returns invalid group membership info (#1079498) [3.3.3-25] - Deletion of active subdomain range should not be allowed (#1075615) [3.3.3-24] - PKI database is ugraded during replica installation (#1075118) [3.3.3-23] - Unable to add trust successfully with --trust-secret (#1075704) [3.3.3-22] ... MODERATE Copyright 2024 Oracle, Inc. CVE-2024-1481 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [1.4.3.39-3] - Bump version to 1.4.3.39-3 - Resolves: RHEL-19240 - RFE Add PROXY protocol support to 389-ds-base via confiuration item - similar to Postfix [1.4.3.39-2] - Bump version to 1.4.3.39-2 - Resolves: RHEL-23209 - CVE-2024-1062 389-ds:1.4/389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr) - Resolves: RHEL-5390 - schema-compat-plugin expensive with automember rebuild - Resolves: RHEL-5135 - crash in sync_update_persist_op() of content sync plugin [1.4.3.39-1] - Bump version to 1.4.3.39-1 - Resolves: RHEL-19028 - Rebase 389-ds-base in RHEL 8.10 to 1.4.3.39 - Resolves: RHEL-19240 - [RFE] Add PROXY protocol support to 389-ds-base - Resolves: RHEL-5143 - SELinux labeling for dirsrv files seen during ipa install/uninstall should be moved to DEBUG. - Resolves: RHEL-5107 - bdb_start - Detected Disorderly Shutdown directory server is not starting - Resolves: RHEL-16338 - ns-slapd crash in slapi_attr_basetype - Resolves: RHEL-14025 - After an upgrade the LDAP server won't start if nsslapd-conntablesize is present in the dse.ldif file. [1.4.3.38-1] - Bump version to 1.4.3.38-1 - Resolves: RHEL-19028 - Rebase 389-ds-base in RHEL 8.10 to 1.4.3.38 [1.4.3.37-1] - Bump versionto 1.4.3.37-1 - Resolves: rhbz#2224505 - Paged search impacts performance - Resolves: rhbz#2220890 - healthcheck tool needs to be updates for new default password storage scheme - Resolves: rhbz#2218235 - python3-lib389: Python tarfile extraction needs change to avoid a warning - Resolves: rhbz#2210491 - dtablesize being set to soft maxfiledescriptor limit causing massive slowdown in large enviroments. - Resolves: rhbz#2149967 - SELinux labeling for dirsrv files seen during ipa install/uninstall should be moved to DEBUG [1.4.3.36-2] - Bump version to 1.4.3.36-2 - Resolves: rhbz#2220890 - healthcheck tool needs to be updates for new default password storage scheme [1.4.3.36-1] - Bump version to 1.4.3.36-1 - Resolves: rhbz#2188628 - Rebase 389-ds-base in RHEL 8.9 to 1.4.3.36 [1.4.3.35-1] - Bump version to 1.4.3.35-1 - Resolves: rhbz#2188628 - Rebase 389-ds-base in RHEL 8.9 to 1.4.3.35 [1.4.3.32-1] - Bump version to 1.4.3.32-1 - Resolves: Bug 2098138 - broken nsslapd-subtree-rename-switch option in rhds11 - Resolves: Bug 2119063 - entryuuid fixup tasks fails because entryUUID is not mutable - Resolves: Bug 2136610 - [RFE] Add 'cn' attribute to IPA audit logs - Resolves: Bug 2142638 - pam mutex lock causing high etimes, affecting red hat internal sso - Resolves: Bug 2096795 - [RFE] Support ECDSA private keys for TLS MODERATE Copyright 2024 Oracle, Inc. CVE-2024-1062 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [0.27-18] - Fix unsafe decoding in indef case (CVE-2013-7488) MODERATE Copyright 2024 Oracle, Inc. CVE-2013-7488 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [5.15.3-7] - Fix CVE-2024-25580: potential buffer overflow when reading KTX images Resolves: RHEL-25725 [5.15.3-6] - Fix incorrect integer overflow check in HTTP2 implementation Resolves: RHEL-20238 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-51714 CVE-2024-25580 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [5:2.0.7-3] - Fix for: CVE-2023-4874 CVE-2023-4875 - Resolves: RHEL-2811 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-4875 CVE-2023-4874 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [4.0.9-31] - Fix CVE-2022-3599 CVE-2022-4645 - Resolves: RHEL-5399 [4.0.9-30] - Bump specfile to retrigger gating - Add tests folder for standard beakerlib - Related: RHEL-4683 RHEL-4685 RHEL-4686 RHEL-4687 RHEL-4688 MODERATE Copyright 2024 Oracle, Inc. CVE-2022-4645 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [1.16.1-4.0.1] - Update origin URL [Orabug: 36209826] [1.16.1-4] - Patch CVE-2023-40474: Integer overflow - Patch CVE-2023-40475: Integer overflow - Patch CVE-2023-40476: Integer overflow in H.265 video parser - Resolves: RHEL-19500, RHEL-19504, RHEL-19507 [1.16.1-3] - Bump to avoid conflict with z stream. - Resolves: RHEL-16794 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-40475 CVE-2023-40474 CVE-2023-40476 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 apache-commons-collections apache-commons-lang apache-commons-net bea-stax fasterxml-oss-parent [49-1] - Rebase to upstream version 49 [26-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [26-5] - Fix license tag [26-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [26-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [26-2] - Remove site-plugin from build [26-1] - update to 26 [24-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [24-2] - disable maven-enforcer-plugin support [24-1] - update to 24 [18e-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [18e-1] - update to 18e [16-2] - remove com.google.code.maven-replacer-plugin:replacer references [16-1] - update to 16 [11-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [11-3] - Rebuild to regenerate Maven auto-requires [11-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild [11-1] - update to 11 [10-2] - switch to XMvn - minor changes to adapt to current guideline [10-1] - update to 10 [4-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild [4-2] - Update for https://fedoraproject.org/wiki/Fedora_19_Maven_Rebuild - Replace maven BuildRequires with maven-local [4-1] - update to 4 [3-1] - initial rpm glassfish-fastinfoset glassfish-jaxb-api glassfish-jaxb [2.2.11-12] - Update requiremnts to avoid conflicts with jaxb module packages jackson-annotations [2.14.2-1] - Rebase to upstream version 2.14.2 jackson-bom [2.14.2-1] - Rebase to upstream version 2.14.2 jackson-core [2.14.2-1] - Rebase to upstream version 2.14.2 jackson-databind [2.14.2-1] - Rebase to upstream version 2.14.2 jackson-jaxrs-providers [2.14.2-1] - Rebase to upstream version 2.14.2 jackson-modules-base [2.14.2-2] - Remove patch for java 11 [2.14.2-1] - Rebase to upstream version 2.14.2 [2.14.1-1] - Update to version 2.14.1 - Resolves: #2070122 [2.11.4-8] - Drop jaxb-runtime dependency [2.11.4-7] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [2.11.4-6] - Drop jackson-module-afterburner, jackson-module-guice, jackson-module-mrbean, jackson-module-osgi, jackson-module-paranamer, and jackson-module-javadoc [2.11.4-5] - Add Obsoletes and Conflicts [2.11.4-4] - Rename subpackages to pki-jackson [2.11.4-3] - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 [2.11.4-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild [2.11.4-1] - Update to version 2.11.4. [2.11.3-1] - Update to version 2.11.3. [2.11.2-1] - Update to version 2.11.2. [2.11.1-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [2.11.1-2] - Rebuilt for JDK-11, see https://fedoraproject.org/wiki/Changes/Java11 [2.11.1-1] - Update to version 2.11.1. [2.11.0-1] - Update to version 2.11.0. [2.10.4-1] - Update to version 2.10.4. [2.10.3-1] - Update to version 2.10.3. [2.10.2-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild [2.10.2-1] - Update to version 2.10.2. [2.10.1-1] - Update to version 2.10.1. jackson-parent [2.14-1] - Rebase to upstream version 2.14 [2.10-1] - Update to latest upstream release [2.9.1.2-1] - Update to latest upstream release [2.9.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [2.9.1-1] - Update to latest upstream release [2.7-3.1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [2.7-2.1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [2.7-1.1] - update to 2.7-1 [2.6.2-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [2.6.2-1] - update to 2.6.2 [2.5-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [2.5-1] - update to 2.5 [2.4.1-1] - initial rpm jakarta-commons-httpclient javassist pki-servlet-engine [1:9.0.62-1] - Bump version number to avoid conflicts with tomcat [1:9.0.30-4] - Convert pki-servlet-engine into an alias for tomcat [1:9.0.30-3] - Reverts: rhbz#1969366 as it causes other issues [1:9.0.30-2] - Resolves: rhbz#1969366 CA instance installation fails with error message [1:9.0.30-1] - Resolves: rhbz#1721684 Rebase pki-servlet-engine to 9.0.30 - Update to JWS 5.3.0 distribution - Remove new dependencies that PKI doesn't need (and are not provided by RHEL 8) [1:9.0.7-16] - Obsoleted pki-servlet-container [1:9.0.7-15] - Rename pki-servlet-container into pki-servlet-engine [1:9.0.7-14] - Update to JWS 5.0.2 distribution - Resolves: rhbz#1658846 CVE-2018-8034 pki-servlet-container: tomcat: host name verification missing in WebSocket client - Resolves: rhbz#1579614 CVE-2018-8014 pki-servlet-container: tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins - Resolves: rhbz#1619232 - CVE-2018-8037 pki-servlet-container: tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up - Resolves: rhbz#1641874 - CVE-2018-11784 pki-servlet-container: tomcat: Open redirect in default servlet [1:9.0.7-13] - Reinstate Maven artifacts and fix maven-metadata JAR path [1:9.0.7-12] - Add missing BuildRequires: systemd-units [1:9.0.7-11] - Resolves: rhbz#1594139 Cleanup Provides and Requires [1:9.0.7-10] - Create packages for FreeIPA that wrap the JWS distribution of Tomcat relaxngDatatype slf4j [0:1.7.25-4] - Disallow EventData deserialization by default (CVE-2018-8088) - Resolves rhbz#1549928 [0:1.7.25-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [0:1.7.25-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [0:1.7.25-1] - Update to upstream version 1.7.25 [0:1.7.22-4] - Avoid absolute paths [0:1.7.22-3] - Avoid literal carriage return - Remove Group tag [0:1.7.22-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [0:1.7.22-1] - Update to upstream version 1.7.22 [0:1.7.21-4] - Install source JARs in separate package [0:1.7.21-3] - Remove build-requires on perl [0:1.7.21-2] - Fix build issue with maven-jar-plugin 3.0.0 [0:1.7.21-1] - Update to upstream version 1.7.21 [0:1.7.20-1] - Update to upstream version 1.7.20 [0:1.7.19-1] - Update to upstream version 1.7.19 [0:1.7.18-1] - Update to upstream version 1.7.18 [0:1.7.17-1] - Update to upstream version 1.7.17 [0:1.7.16-1] - Update to upstream version 1.7.16 [0:1.7.14-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [0:1.7.14-1] - Update to upstream version 1.7.14 [0:1.7.13-1] - Update to upstream version 1.7.13 [0:1.7.12-3] - List manual files in %files section [0:1.7.12-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [0:1.7.12-1] - Update to upstream version 1.7.12 [0:1.7.10-1] - Update to upstream version 1.7.10 [0:1.7.7-3] - Remove workaround for MSHARED-325 [0:1.7.7-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [0:1.7.7-1] - Update to upstream version 1.7.7 [0:1.7.6-5] - Disable filtering of bundled JavaScript binaries - Resolves: rhbz#1078536 [0:1.7.6-4] - Merge api, simple and nop back into main package - Remove parent, migrator and site subpackages [0:1.7.6-3] - Split into subpackages [0:1.7.6-2] - Remove wagon-ssh build extension - Disable slf4j-android module [0:1.7.6-2] - Use Requires: java-headless rebuild (#1067528) [0:1.7.6-1] - Update to upstream version 1.7.6 [0:1.7.5-3] - Install manual to versionless docdir (#993551) [0:1.7.5-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild [0:1.7.5-1] - Update to upstream version 1.7.5 [0:1.7.4-1] - Update to upstream version 1.7.4 [0:1.7.3-1] - Update to upstream version 1.7.3 [0:1.7.2-9] - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild [0:1.7.2-8] - Update for https://fedoraproject.org/wiki/Fedora_19_Maven_Rebuild - Replace maven BuildRequires with maven-local [0:1.7.2-7] - Fix install location of manual [0:1.7.2-6] - Rebuild to generate maven provides [0:1.7.2-5] - Build with xmvn [0:1.7.2-4] - Install Apache license file - Resolves: rhbz#878996 [0:1.7.2-3] - Avoid cyclic OSGi dependencies [0:1.7.2-2] - Fix license to ASL 2.0 and MIT - Update to add_maven_depmap macro - Use generated .mfiles list - Small packaging cleanups [0:1.7.2-1] - Update to upstream version 1.7.2 [0:1.7.1-1] - Update to upstream version 1.7.1 [0:1.7.0-1] - Update to upstream version 1.7.0 [0:1.6.6-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [0:1.6.6-1] - Update to upstream version 1.6.6 - Convert patches to POM macros [0:1.6.1-5] - Crosslink with local JDK API docs. [0:1.6.1-4] - Specify explicit source encoding to fix build with Java 1.7. - Remove no longer needed javadoc dir upgrade hack. [0:1.6.1-3] - Build with maven 3.x. [0:1.6.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [0:1.6.1-1] - Update to new upstream version. - Various guidelines fixes. [0:1.5.11-3] - Add maven-site-pugin BR. - Use new package names. [0:1.5.11-2] - Skip installing tests jar that is no longer produced. - Use javadoc aggregate. - Use mavenpomdir macro. [0:1.5.11-1] - Update to 1.5.11. - Drop depmap and component info files. [0:1.5.10-5] - Require cal10n [0:1.5.10-4] - Fix javadoc files. [0:1.5.10-3] - BR maven-plugin-build-helper. [0:1.5.10-2] - BR cal10n. [0:1.5.10-1] - Update to upstream 1.5.10. [0:1.5.8-5] - Skip tests. [0:1.5.8-4] - Fix other line lenghts. [0:1.5.8-3] - Fix permissions. - Fixed descriptions. - Fix file lengths. [0:1.5.8-2] - Adapt for Fedora. [0:1.5.8-1] - 1.5.8 - Replace slf4j-1.5.6-integration-tests-current-only.patch with slf4j-1.5.8-skip-integration-tests.patch because of the failure of 'testMatch' [0:1.5.6-2] - Add -ext jar, depmap and pom - Save jcl104-over-slf4j as symlink [0:1.5.6-1] - 1.5.6 - add repolib - fix file eol - fix Release tag [0:1.5.2-2] - use excalibur for avalon - remove javadoc scriptlets - GCJ fixes - fix maven directory ownership - fix -bc --short-circuit by moving some of %build to %prep [0:1.5.2-1.jpp5] - 1.5.2 [0:1.4.2-2jpp] - Fix macro misprint - Add maven2-plugin BRs [0:1.4.2-1jpp] - Upgrade to 1.4.2 - Build with maven2 - Add poms and depmap frags - Add gcj_support option [0:1.0-0.rc5.1jpp] - First JPackage release. stax-ex velocity xalan-j2 xerces-j2 xml-commons-apis [1.4.01-25] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [1.4.01-24] - Elimitate race condition when injecting JAR manifest - Resolves: rhbz#1495249 [1.4.01-23] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [1.4.01-22] - Update to current packaging guidelines [1.4.01-21] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [1.4.01-20] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [1.4.01-19] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [1.4.01-18] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [1.4.01-17] - Don't generate duplicate Maven metadata [1.4.01-16] - Use .mfiles generated during build [1.4.01-15] - Use Requires: java-headless rebuild (#1067528) [1.4.01-14] - Fix FTBFS. [1.4.01-13] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild [1.4.01-12] - Update manifest to match Eclipse version (Resolved: rhbz#964039). [1.4.01-11] - Add Require-Bundle: system.bundle to manifest - Resolves: rhbz#917659 [1.4.01-10] - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild [1.4.01-9] - Add additional maven depmap [1.4.01-8] - Remove osgi(system.bundle) requirement from manifest [1.4.01-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [1.4.01-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [1.4.01-5] - Add missing packages to manifest - javax.xml.stream, javax.xml.stream.events, javax.xml.stream.util, javax.xml.transform.stax (bug #743360) [1.4.01-4] - Add maven metadata - Few guidelines tweaks (buildroot, clean, defattr) - Versionless jars & javadocs [1.4.01-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [1.4.01-2] - Fix FTBFS and rpmlint warnings. - Don't package javadoc in manual package. [0:1.4.01-1] - Update to 1.4.01. [0:1.3.04-3.5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [0:1.3.04-2.5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild [0:1.3.04-1.5] - Add osgi metadata to the ext jar too. [0:1.3.04-1.4] - Add osgi metadata. [0:1.3.04-1.3] - Remove natively compiled bits from the javadoc package (462809) [0:1.3.04-1.2] - drop repotag - fix license tag [0:1.3.04-1jpp.1] - Autorebuild for GCC 4.3 [0:1.3.04-0jpp.1] - Update to 1.3.04 [0:1.3.03-0jpp.1] - Split xml-commons package up into 2 separate package: xml-commons-apis and xml-commons-which. [0:1.3.02-0.b2.7jpp.10] - Add missing Requires for post and postun javadoc sections [0:1.3.02-0.b2.7jpp_9fc] - Rebuilt [0:1.3.02-0.b2.7jpp_8fc] - rebuild [0:1.3.02-0.b2.7jpp_7fc] - stop scriptlet spew [0:1.3.02-0.b2.7jpp_6fc] - Updated to 1.3 [0:1.0-0.b2.7jpp_5fc] - bump again for double-long bug on ppc(64) [0:1.0-0.b2.7jpp_4fc] - rebuilt again * Tue Dec 13 2005 Jesse Keating <jkeating@redhat.com> - rebuilt for new gcj * Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com> - rebuilt [0:1.0-0.b2.7jpp_3fc] - Build on ia64, ppc64, s390 and s390x. - Switch to aot-compile-rpm (also BC-compiles the which jar). [0:1.0-0.b2.7jpp_2fc] - Remove all prebuilt stuff from the tarball. [0:1.0-0.b2.7jpp_1fc] - Upgrade to 1.0-0.b2.7jpp. - Remove now-unnecessary workaround for #130162. - Rearrange how BC-compiled stuff is built and installed. [0:1.0-0.b2.6jpp_13fc] - Add alpha to the list of build architectures (#157522). - Use absolute paths for rebuild-gcj-db. [0:1.0-0.b2.6jpp_12fc] - Add dependencies for %post and %postun scriptlets (#156901). [0:1.0-0.b2.6jpp_11fc] - BC-compile the API jar. [0:1.0-0.b2.6jpp_10fc] - Remove gcj endorsed dir support (#155693). [0:1.0-0.b2.6jpp_9fc] - Provide a default transformer when running under libgcj. [0:1.0-0.b2.6jpp_8fc] - Provide a default DOM builder when running under libgcj (#155693). [0:1.0-0.b2.6jpp_7fc] - Provide a default SAX parser when running under libgcj (#155693). [0:1.0-0.b2.6jpp_6fc] - Add gcj endorsed dir support. [0:1.0-0.b2.6jpp_5fc] - Sync with RHAPS. [0:1.0-0.b2.6jpp_4fc] - Build into Fedora. [0:1.0-0.b2.6jpp_3fc] - Bootstrap into Fedora. [0:1.0-0.b2.6jpp_3rh] - add coreutils BuildRequires [0:1.0-0.b2.6jpp_2rh] - RH vacuuming part II [0:1.0-0.b2.6jpp_1rh] - RH vacuuming xml-commons-resolver xmlstreambuffer xsom jss [4.11.0-1] - Rebase to JSS 4.11.0 [4.10.0-0.1] - Rebase to JSS 4.10.0-alpha1 [4.9.8-1] - Rebase to JSS 4.9.8 [4.9.4-1] - Rebase to JSS 4.9.4 - Bug 2013674 - JSS cannot be properly initialized after using another NSS-backed security provider [4.9.3-1] - Rebase to JSS 4.9.3 - Bug 2046022 - CVE-2021-4213 pki-core:10.6/jss: memory leak in TLS connection leads to OOM [rhel-8] [4.9.2-1] - Rebase to JSS 4.9.2 [4.9.1-1] - Rebase to JSS 4.9.1 [4.9.0-1] - Rebase to JSS 4.9.0 [4.9.0-0.2] - Rebase to JSS 4.9.0-alpha2 [4.9.0-0.1] - Rebase to JSS 4.9.0-alpha1 [4.8.1-1] - Rebase to upstream JSS v4.8.1 - Red Hat Bugilla #1908541 - jss broke SCEP - missing PasswordChallenge class - Red Hat Bugilla #1489256 - [RFE] jss should support RSA with OAEP padding [4.8.0-2] - Only check PKCS11Constants on beta builds - Bump tomcatjss, pki-core conflicts due to lang3 [4.8.0-1] - Rebase to upstream JSS v4.8.0 [4.8.0-0.1] - Rebase to upstream JSS v4.8.0-b1 [4.7.3-1] - Rebase to upstream stable release JSS v4.7.3 - Red Hat Bugzilla #1873235 - Fix SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT in pki ca-user-cert-add [4.7.2-1] - Rebase to upstream stable release JSS v4.7.2 - Red Hat Bugzilla #1822246 - Fix SSLSocket NULL pointer deference after close [4.7.1-1] - Rebase to upstream stable release JSS v4.7.1 [4.7.0-1] - Rebase to upstream stable release JSS v4.7.0 - Fixed TestSSLEngine [4.7.0-0.4] - Rebased to JSS 4.7.0-b4 [4.7.0-0.3] - Rebased to JSS 4.7.0-b3 [4.7.0-0.1] - Rebased to JSS 4.7.0-b1 [4.6.2-4] - Red Hat Bugzilla #1807371 - KRA-HSM: Async and sync key recovery using kra agent web is failing [4.6.2-3] - Red Hat Bugzilla #1807371 - KRA-HSM: Async and sync key recovery using kra agent web is failing [4.6.2-2] - Red Hat Bugzilla #1730767 - JSS: Wrap NSS CMAC + KDF implementations - Rebased to JSS 4.6.2 [4.6.0-5] - Red Hat Bugzilla #1747987 - CVE 2019-14823 jss: OCSP policy 'Leaf and Chain' implicitly trusts the root certificate [4.6.0-4] - Red Hat Bugzilla #1698059 - pki-core implements crypto [4.6.0-3] - Red Hat Bugzilla #1721135 - JSS - LD_FLAGS support [4.6.0-2] - Minor updates to release [4.6.0-1] - Rebased to JSS 4.6.0 [4.5.3-1] - Rebased to JSS 4.5.3 [4.5.0-1] - Rebased to JSS 4.5.0 [4.5.0-0.6] - Rebased to JSS 4.5.0-b1 [4.5.0-0.5] - Red Hat Bugzilla #1612063 - Do not override system crypto policy (support TLS 1.3) [4.5.0-0.4] - Rebased to JSS 4.5.0-a4 - Red Hat Bugzilla #1604462 - jss: FTBFS in Fedora rawhide [4.5.0-0.3] - Rebased to JSS 4.5.0-a3 [4.5.0-0.2] - Rebased to JSS 4.5.0-a2 [4.5.0-0.1] - Rebased to JSS 4.5.0-a1 ldapjdk [4.24.0-1] - Rebase to LDAP SDK 4.24.0 [4.24.0-0.1] - Rebase to LDAP SDK 4.24.0-alpha1 [4.23.0-1] - Rebase to LDAP SDK 4.23.0 [4.23.0-0.1] - Rebase to LDAP SDK 4.23.0-alpha1 [4.22.0-1] - Rebase to LDAP SDK 4.22.0 [4.21.0-2] - Bump min required JSS version to 4.6.0 [4.21.0-1] - Rebase to LDAP SDK 4.21.0 pki-core [10.15.0-1.0.1] - Remove upstream reference [10.15.0-1] - Rebase to PKI 10.15.0 [10.15.0-0.1] - Rebase to PKI 10.15.0-alpha1 [10.14.3-2] - Replace pki-servlet-engine with tomcat resteasy [3.0.26-7] - RHEL-16724: Replace pki-servlet-4.0-api with tomcat-servlet-4.0-api tomcatjss [7.8.0-1] - Rebase to TomcatJSS 7.8.0 [7.8.0-0.1] - Rebase to TomcatJSS 7.8.0-alpha1 [7.7.3-1] - Replace pki-servlet-engine with tomcat [7.7.1-1] - Rebase to TomcatJSS 7.7.1 [7.7.0-1] - Rebase to TomcatJSS 7.7.0 [7.7.0-0.1] - Rebase to TomcatJSS 7.7.0-alpha1 [7.6.1-1] - Rebase to TomcatJSS 7.6.1 [7.6.0-2] - Bump dependency to JSS 4.8.0 - Remove unsupported platforms [7.6.0-1] - Rebase to TomcatJSS 7.6.0 [7.5.0-1] - Rebase to TomcatJSS 7.5.0 [7.5.0-0.2] - Rebase to TomcatJSS 7.5.0-a2 [7.5.0-0.1] - Rebase to TomcatJSS 7.5.0-a1 [7.4.1-2] - Bump dependency to JSS 4.6.0 [7.4.1-1] - Rebase to TomcatJSS 7.4.1 [7.4.0-1] - Rebase to TomcatJSS 7.4.0 [7.3.6-1] - Rebase to TomcatJSS 7.3.6 [7.3.5-1] - Rebase to TomcatJSS 7.3.5 [7.3.4-1] - Rebase to TomcatJSS 7.3.4 [7.3.3-2] - Red Hat Bugzilla #1612063 - Do not override system crypto policy (support TLS 1.3) [7.3.3-1] - Rebase to TomcatJSS 7.3.3 [7.3.2-1] - Rebase to TomcatJSS 7.3.2 [7.3.1-1] - Fix Tomcat dependencies - Rebase to TomcatJSS 7.3.1 [7.3.0-1] - Clean up spec file - Rebase to TomcatJSS 7.3.0 final [7.3.0-0.2] - Rebase to TomcatJSS 7.3.0 beta MODERATE Copyright 2024 Oracle, Inc. CVE-2020-36518 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [3.11.7-1.0.1] - Update rpm-macros description [Orabug: 36024572] [3.11.7-1] - Rebase to 3.11.7 Resolves: RHEL-21915 [3.11.5-2] - Security fix for CVE-2023-27043 Resolves: RHEL-7842 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-27043 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [2.4.5-4] - Fix CVE-2020-18652 - Resolves: RHEL-5416 [2.4.5-3] - Fix CVE-2020-18651 - Resolves: RHEL-5415 MODERATE Copyright 2024 Oracle, Inc. CVE-2020-18652 CVE-2020-18651 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [1.13.1-8] - Fix copy/paste error in the DeviceStateNotify Resolves: RHEL-20530 [1.13.1-7] - Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer overflow in DisableDevice Resolves: RHEL-20388 - Fix CVE-2024-21885 tigervnc: xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent Resolves: RHEL-20382 - Fix CVE-2024-0229 tigervnc: xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access Resolves: RHEL-20530 - Fix CVE-2023-6816 tigervnc: xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer Resolves: RHEL-21214 [1.13.1-6] - Use dup() to get available file descriptor when using -inetd option Resolves: RHEL-21000 [1.13.1-5] - Fix CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions Resolves: RHEL-18410 - Fix CVE-2023-6478 tigervnc: xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty Resolves: RHEL-18422 [1.13.1-4] - Fix CVE-2023-5380 tigervnc: xorg-x11-server: Use-after-free bug in DestroyWindow Resolves: RHEL-15236 - Fix CVE-2023-5367 tigervnc: xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty Resolves: RHEL-15230 [1.13.1-3] - Support username alias in PlainUsers Resolves: RHEL-4258 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-5380 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [1.16.1-3.0.1] - Update origin URL [Orabug: 36209826] [1.16.1-3] - CVE-2023-37328 gstreamer1-plugins-base: heap overwrite in subtitle parsing - Resolves: RHEL-19472 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-37328 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 Oracle Linux 8 [1.16.1-4] - CVE-2023-37327: integer overflow leading to heap overwrite in FLAC image tag handling - Resolves: RHEL-19469 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-37327 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [2.18-399] - Fix tests to run in correct order [2.18-398] - Fix CVE-2023-31484 - Package tests [2.18-397] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [2.18-396] - Rebase patches to prevent from installing back-up files [2.18-395] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [2.18-394] - Perl 5.26 re-rebuild of bootstrapped packages [2.18-393] - Perl 5.26 rebuild [2.18-2] - Don't BR: perl(Module::Build) when bootstrapping [2.18-1] - Upgrade to CPAN-2.18 as provided in perl-5.25.12 [2.16-1] - 2.16 bump [2.14-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [2.14-4] - Use Perl porter's fix for searching cpan -j file (CPAN RT#116507) - Fix logging fatal errors (https://github.com/andk/cpanpm/pull/104) [2.14-3] - Apply remains of CVE-2016-1238 fix from perl (CPAN RT#116507) - Do not search cpan -j file in @INC (CPAN RT#116507) [2.14-2] - Fix CVE-2016-1238 properly (CPAN RT#116507) [2.14-1] - 2.14 bump - Fix installation from a working directory (CPAN RT#115734) - Fix 'cpan -O' invocation (CPAN RT#115786) - Do not use Net::FTP if ftp_proxy variable points to an HTTP server (CPAN RT#110833) - Recognize URL schemata disregarding the case - Fix CVE-2016-1238 (loading optional modules from current working directory) - Recognize exact version dependency operator (CPAN RT#47934) - Cope with non-digit version strings [2.11-366] - Perl 5.24 re-rebuild of bootstrapped packages [2.11-365] - Increase release to favour standalone package [2.11-349] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [2.11-348] - Require make package [2.11-347] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [2.11-346] - Perl 5.22 re-rebuild of bootstrapped packages [2.11-345] - Increase release to favour standalone package [2.11-2] - Perl 5.22 rebuild [2.11-1] - 2.11 bump in order to dual-live with perl 5.22 [2.10-1] - 2.10 bump [2.05-309] - Allow changing the configuration directory name [2.05-308] - Create site paths for the first time (bug #1158873) [2.05-307] - Synchronize to perl.spec modifications - Disable non-core modules when bootstrapping [2.05-1] - Specfile autogenerated by cpanspec 1.78. MODERATE Copyright 2024 Oracle, Inc. CVE-2023-31484 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 Oracle Linux 8 [1:1.4.0-29] - fix out-of-bounds read in oggenc (CVE-2023-43361) MODERATE Copyright 2024 Oracle, Inc. CVE-2023-43361 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [2.10.1-4] - Security fix for CVE-2024-22195 Resolves: RHEL-21347 [2.10.1-3] - Fix CVE-2020-28493: ReDOS vulnerability due to the sub-pattern Resolves: rhbz#1928707 [2.10.1-2] - Rebuild of package to go through gating - Resolves: rhbz#1701301 [2.10.1-1] - Rebase to 2.10.1 (security update) to fix CVE-2019-10906 - Resolves: rhbz#1701301 [2.10-9] - Require platform-python-setuptools instead of python3-setuptools - Resolves: rhbz#1650536 [2.10-8] - Revert changes commited to wrong branch [2.10-7] - Fix conditions [2.10-6] - Specfile cleanup and fixes [2.10-5] - Disable Python 2 build by default [2.10-4] - Allow build with Python 2 [2.10-3] - Remove docs from Python 2 package - Remove dependency on python2-babel and python2-sphinx [2.10-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [2.10-1] - Update to 2.10. - Use %bcond. - Move BRs to their respective subpackages. [2.9.6-4] - Really cleanup spec file conditionals [2.9.6-3] - Cleanup spec file conditionals [2.9.6-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [2.9.6-1] - Update to 2.9.6. [2.9.5-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [2.9.5-1] - Update to 2.9.5. [2.9.4-1] - Update to 2.9.4. [2.8.1-1] - Update to 2.8.1. [2.8-8] - Rebuild for Python 3.6 [2.8-7] - Ship python2-jinja2 (bug #1378519) - Modernize spec [2.8-6] - https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages [2.8-5] - Do not call py.test, there are currently no tests in the tarball. [2.8-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [2.8-3] - Rebuilt for Python3.5 rebuild [2.8-2] - Apply updates Python packaging guidelines. - Mark LICENSE with %license. [2.8-1] - Upstream 2.8 [2.7.3-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [2.7.3-2] - Add Requires python(3)-setuptools (bug #1168774) [2.7.3-1] - Update to 2.7.3. - Reenable docs. [2.7.2-2] - Bootstrap (without docs) build for Python 3.4 [2.7.2-1] - Update to 2.7.2. - Update python3 conditional. [2.7.1-1] - Update to 2.7.1. [2.7-1] - Update to 2.7 - spec cleanup [2.6-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild [2.6-5] - rebuild for https://fedoraproject.org/wiki/Features/Python_3.3 [2.6-4] - remove rhel logic from with_python3 conditional [2.6-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [2.6-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [2.6-1] - Update to 2.6. [2.5.5-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [2.5.5-3] - Re-enable html doc generation. - Remove conditional for F-12 and below. - Do not silently fail the testsuite for with py3k. [2.5.5-2] - Move python3 runtime requirements to python3 subpackage [2.5.5-1] - Update to 2.5.5. [2.5.2-4] - Revert to previous behavior: fail the build on failed test. - Rebuild for Python 3.2. [2.5.2-3] - %ifnarch doesn't work on noarch package so don't fail the build on failed tests [2.5.2-2] - disable the testsuite on s390(x) [2.5.2-1] - Update to upstream version 2.5.2. - Package depends on python-markupsafe and is noarch now. [2.5-4] - add explicit build-requirement on python-setuptools - fix doc disablement for python3 subpackage [2.5-3] - support disabling documentation in the build to break a circular build-time dependency with python-sphinx; disable docs for now [2.5-2] - Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild [2.5-1] - Update to upstream version 2.5. - Create python3 subpackage. - Minor specfile fixes. - Add examples directory. - Thanks to Gareth Armstrong for additional hints. [2.4.1-1] - Update to 2.4.1. [2.4-1] - Update to 2.4. [2.3.1-1] - Update to 2.3.1. - Docs are built using Sphinx now. - Run the testsuite. [2.2.1-1] - Update to 2.2.1, mainly a bugfix release. - Remove patch no longer needed. - Remove conditional for FC-8. - Compilation of speedup module has to be explicitly requested now. [2.1.1-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [2.1.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild [2.1.1-1] - Update to 2.1.1 (bugfix release). [2.1-1] - Update to 2.1, which fixes a number of bugs. See http://jinja.pocoo.org/2/documentation/changelog#version-2-1. [2.0-3] - Rebuild for Python 2.6 [2.0-2] - Use rpm buildroot macro instead of RPM_BUILD_ROOT. [2.0-1] - Upstream released 2.0. [2.0-0.1.rc1] - Modified specfile from the existing python-jinja package. MODERATE Copyright 2024 Oracle, Inc. CVE-2024-22195 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [37.0.2-6] - Security fix for CVE-2023-49083 - Resolves: RHEL-19831 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-49083 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [3.0.0-9] - Fix CVE-2024-24258 and CVE-2024-24259 Resolves: https://issues.redhat.com/browse/RHEL-25175 Resolves: https://issues.redhat.com/browse/RHEL-25177 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-24259 CVE-2024-24258 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 8 httpd [2.4.37-64.0.1] - Replace index.html with Oracle's index page oracle_index.html [2.4.37-64] - Resolves: RHEL-14448 - httpd: mod_macro: out-of-bounds read vulnerability (CVE-2023-31122) [2.4.37-63] - mod_xml2enc: fix media type handling Resolves: RHEL-14321 mod_http2 [1.15.7-10] - Resolves: RHEL-29817 - httpd:2.4/mod_http2: httpd: CONTINUATION frames DoS (CVE-2024-27316) [1.15.7-9.3] - Resolves: RHEL-13367 - httpd:2.4/mod_http2: reset requests exhaust memory (incomplete fix of CVE-2023-44487)(CVE-2023-45802) [1.15.7-8.3] - Resolves: #2177748 - CVE-2023-25690 httpd:2.4/httpd: HTTP request splitting with mod_rewrite and mod_proxy [1.15.7-7] - Resolves: #2095650 - Dependency from mod_http2 on httpd broken [1.15.7-6] - Backport SNI feature refactor - Resolves: rhbz#2137257 [1.15.7-5] - Resolves: #2035030 - CVE-2021-44224 httpd:2.4/httpd: possible NULL dereference or SSRF in forward proxy configurations [1.15.7-4] - Resolves: #1966728 - CVE-2021-33193 httpd:2.4/mod_http2: httpd: Request splitting via HTTP/2 method injection and mod_proxy [1.15.7-3] - Resolves: #1869077 - CVE-2020-11993 httpd:2.4/mod_http2: httpd: mod_http2 concurrent pool usage [1.15.7-2] - Resolves: #1869073 - CVE-2020-9490 httpd:2.4/mod_http2: httpd: Push diary crash on specifically crafted HTTP/2 header [1.15.7-1] - new version 1.15.7 - Resolves: #1814236 - RFE: mod_http2 rebase - Resolves: #1747289 - CVE-2019-10082 httpd:2.4/mod_http2: httpd: read-after-free in h2 connection shutdown - Resolves: #1696099 - CVE-2019-0197 httpd:2.4/mod_http2: httpd: mod_http2: possible crash on late upgrade - Resolves: #1696094 - CVE-2019-0196 httpd:2.4/mod_http2: httpd: mod_http2: read-after-free on a string compare - Resolves: #1677591 - CVE-2018-17189 httpd:2.4/mod_http2: httpd: mod_http2: DoS via slow, unneeded request bodies [1.11.3-3] - Resolves: #1744999 - CVE-2019-9511 httpd:2.4/mod_http2: HTTP/2: large amount of data request leads to denial of service - Resolves: #1745086 - CVE-2019-9516 httpd:2.4/mod_http2: HTTP/2: 0-length headers leads to denial of service - Resolves: #1745154 - CVE-2019-9517 httpd:2.4/mod_http2: HTTP/2: request for large response leads to denial of service [1.11.3-2] - update release (#1695587) [1.11.3-1] - new version 1.11.3 - Resolves: #1633401 - CVE-2018-11763 mod_http2: httpd: DoS for HTTP/2 connections by continuous SETTINGS [1.10.20-1] - update to 1.10.20 [1.10.18-1] - update to 1.10.18 [1.10.16-1] - update to 1.10.16 (CVE-2018-1302) [1.10.13-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [1.10.13-1] - update to 1.10.13 [1.10.12-1] - update to 1.10.12 [1.10.10-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [1.10.10-1] - update to 1.10.10 [1.10.7-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [1.10.7-1] - update to 1.10.7 [1.10.6-1] - update to 1.10.6 [1.10.5-1] - update to 1.10.5 [1.10.1-1] - Initial import (#1440780). mod_md MODERATE Copyright 2024 Oracle, Inc. CVE-2023-31122 CVE-2023-45802 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [0.13.68-13] - Fix CVE-2020-18770 Previous patch contained segfault bug Resolves: RHEL-14966 [0.13.68-12] - Add the gating tests from the 8.8.0 branch Resolves: RHEL-24429 [0.13.68-11] - Use /usr/libexec/platform-python macro during the config phase (used for doc generation) Resolves: RHEL-22880 [0.13.68-10] - Fix CVE-2020-18770 Resolves: RHEL-14966 MODERATE Copyright 2024 Oracle, Inc. CVE-2020-18770 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 perl-Algorithm-Diff perl-Archive-Tar perl-Archive-Zip perl-autodie perl-bignum perl-Carp perl-Compress-Bzip2 perl-Compress-Raw-Bzip2 perl-Compress-Raw-Lzma perl-Compress-Raw-Zlib [2.096-2] - Fix test broken by update in zlib on s390x - Related: RHEL-16371 perl-Config-Perl-V perl-constant perl-CPAN-DistnameInfo perl-CPAN-Meta perl-CPAN-Meta-Requirements perl-CPAN-Meta-YAML perl-CPAN perl-Data-Dumper perl-Data-OptList perl-Data-Section perl-DB_File perl-Devel-PPPort perl-Devel-Size perl-Digest-MD5 perl-Digest perl-Digest-SHA perl-Encode-Locale perl-Encode perl-Env perl-experimental perl-Exporter perl-ExtUtils-CBuilder perl-ExtUtils-Install perl-ExtUtils-MakeMaker perl-ExtUtils-Manifest perl-ExtUtils-ParseXS perl-Fedora-VSP perl-File-Fetch perl-File-HomeDir perl-File-Path perl-File-Temp perl-File-Which perl-Filter perl-Filter-Simple perl-generators perl-Getopt-Long perl-HTTP-Tiny perl-Importer perl-inc-latest perl-IO-Compress-Lzma perl-IO-Compress perl-IO-Socket-IP perl-IPC-Cmd perl-IPC-System-Simple perl-IPC-SysV perl-JSON-PP perl-libnet perl-Locale-Maketext perl-local-lib perl-Math-BigInt-FastCalc perl-Math-BigInt perl-Math-BigRat perl-MIME-Base64 perl-Module-Build perl-Module-CoreList perl-Module-Load-Conditional perl-Module-Load perl-Module-Metadata perl-MRO-Compat perl-Object-HashBase perl-Package-Generator perl-Params-Check perl-Params-Util perl-parent perl-PathTools perl [4:5.32.1-473] - Fix CVE-2023-47038 - Added perl-autouse and perl-ExtUtils-MM-Utils to perl run-requires perl-perlfaq perl-PerlIO-via-QuotedPrint perl-Perl-OSType perl-Pod-Checker perl-Pod-Escapes perl-podlators perl-Pod-Parser perl-Pod-Perldoc perl-Pod-Simple perl-Pod-Usage perl-Scalar-List-Utils perl-Socket perl-Software-License perl-Storable perl-Sub-Exporter perl-Sub-Install perl-Sys-Syslog perl-Term-ANSIColor perl-Term-Cap perl-Term-Table perl-Test-Harness perl-Test-Simple perl-Text-Balanced perl-Text-Diff perl-Text-Glob perl-Text-ParseWords perl-Text-Tabs+Wrap perl-Text-Template perl-Thread-Queue perl-threads perl-threads-shared perl-Time-HiRes perl-Time-Local perl-Unicode-Collate perl-Unicode-Normalize perl-URI perl-version MODERATE Copyright 2024 Oracle, Inc. CVE-2023-47038 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [4.18.0-553.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652] - Drop not needed patch [4.18.0-553] - cpuhotplug: Fix kABI breakage caused by CPUHP_AP_HYPERV_ONLINE (Vitaly Kuznetsov) [RHEL-35784] [4.18.0-552] - i40e: Enforce software interrupt during busy-poll exit (Ivan Vecera) [RHEL-26248] - i40e: Remove _t suffix from enum type names (Ivan Vecera) [RHEL-26248] [4.18.0-551] - x86/sev: Harden #VC instruction emulation somewhat (Vitaly Kuznetsov) [RHEL-30040] {CVE-2024-25743 CVE-2024-25742} - i40e: Fix VF MAC filter removal (Ivan Vecera) [RHEL-22992] - i40e: Do not allow untrusted VF to remove administratively set MAC (Ivan Vecera) [RHEL-22992] [4.18.0-550] - mm/sparsemem: fix race in accessing memory_section->usage (Waiman Long) [RHEL-28875 RHEL-28876] {CVE-2023-52489} - mm: use __pfn_to_section() instead of open coding it (Waiman Long) [RHEL-28875] {CVE-2023-52489} [4.18.0-549] - dm-integrity: align the outgoing bio in integrity_recheck (Benjamin Marzinski) [RHEL-29678] - dm-integrity: fix a memory leak when rechecking the data (Benjamin Marzinski) [RHEL-29678] - RDMA/mana_ib: Add CQ interrupt support for RAW QP (Maxim Levitsky) [RHEL-23934] - RDMA/mana_ib: query device capabilities (Maxim Levitsky) [RHEL-23934] - RDMA/mana_ib: register RDMA device with GDMA (Maxim Levitsky) [RHEL-23934] - net: mana: add msix index sharing between EQs (Maxim Levitsky) [RHEL-23934] - net: mana: Fix spelling mistake 'enforecement' -> 'enforcement' (Maxim Levitsky) [RHEL-23934] - net :mana :Add remaining GDMA stats for MANA to ethtool (Maxim Levitsky) [RHEL-23934] - net: mana: Fix oversized sge0 for GSO packets (Maxim Levitsky) [RHEL-23934] - net: mana: Fix TX CQE error handling (Maxim Levitsky) [RHEL-23934] - net: mana: Add gdma stats to ethtool output for mana (Maxim Levitsky) [RHEL-23934] - net: mana: Fix MANA VF unload when hardware is unresponsive (Maxim Levitsky) [RHEL-23934] - net: mana: Configure hwc timeout from hardware (Maxim Levitsky) [RHEL-23934] - RDMA/mana_ib: Use v2 version of cfg_rx_steer_req to enable RX coalescing (Maxim Levitsky) [RHEL-23934] [4.18.0-548] - gitlab-ci: enable arm64/s390x/ppc64le debug builds (Michael Hofmann) - arm64: Add missing bits of AmpereOne Spectre-BHB mitigation (Mark Salter) [RHEL-29005] - [rt] enable CONFIG_DRM_MGAG200_IOBURST_WORKAROUND (Jocelyn Falempe) [RHEL-13214] - drm/mgag200: Add a workaround for low-latency (Jocelyn Falempe) [RHEL-13214] [4.18.0-547] - x86/efistub: Avoid placing the kernel below LOAD_PHYSICAL_ADDR (Lenny Szubowicz) [RHEL-2505] - x86/efistub: Give up if memory attribute protocol returns an error (Lenny Szubowicz) [RHEL-2505] - x86/boot: Increase section and file alignment to 4k/512 (Lenny Szubowicz) [RHEL-2505] - x86/boot: Split off PE/COFF .data section (Lenny Szubowicz) [RHEL-2505] - x86/boot: Drop PE/COFF .reloc section (Lenny Szubowicz) [RHEL-2505] - x86/boot: Construct PE/COFF .text section from assembler (Lenny Szubowicz) [RHEL-2505] - x86/boot: Derive file size from _edata symbol (Lenny Szubowicz) [RHEL-2505] - x86/boot/compressed: Remove, discard, or assert for unwanted sections (Lenny Szubowicz) [RHEL-2505] - x86/boot: Check that there are no run-time relocations (Lenny Szubowicz) [RHEL-2505] - x86/boot: Discard .discard.unreachable for arch/x86/boot/compressed/vmlinux (Lenny Szubowicz) [RHEL-2505] - x86/boot: Define setup size in linker script (Lenny Szubowicz) [RHEL-2505] - x86/boot: Set EFI handover offset directly in header asm (Lenny Szubowicz) [RHEL-2505] - x86/boot: Drop references to startup_64 (Lenny Szubowicz) [RHEL-2505] - x86/boot: Drop redundant code setting the root device (Lenny Szubowicz) [RHEL-2505] - x86/build: Declutter the build output (Lenny Szubowicz) [RHEL-2505] - x86/boot: Omit compression buffer from PE/COFF image memory footprint (Lenny Szubowicz) [RHEL-2505] - x86/boot: Mark global variables as static (Lenny Szubowicz) [RHEL-2505] - efi/x86: Remove extra headroom for setup block (Lenny Szubowicz) [RHEL-2505] - x86/boot: Remove the 'bugger off' message (Lenny Szubowicz) [RHEL-2505] - x86/efi: Drop alignment flags from PE section headers (Lenny Szubowicz) [RHEL-2505] - efi: Put Linux specific magic number in the DOS header (Lenny Szubowicz) [RHEL-2505] - efi/x86: Fix the missing KASLR_FLAG bit in boot_params->hdr.loadflags (Lenny Szubowicz) [RHEL-2505] - efi/x86: Avoid physical KASLR on older Dell systems (Lenny Szubowicz) [RHEL-2505] - x86/boot: efistub: Assign global boot_params variable (Lenny Szubowicz) [RHEL-2505] - x86/boot: Rename conflicting 'boot_params' pointer to 'boot_params_ptr' (Lenny Szubowicz) [RHEL-2505] - x86/efistub: Avoid legacy decompressor when doing EFI boot (Lenny Szubowicz) [RHEL-2505] - x86/efistub: Perform SNP feature test while running in the firmware (Lenny Szubowicz) [RHEL-2505] - x86/sev: Do not try to parse for the CC blob on non-AMD hardware (Lenny Szubowicz) [RHEL-2505] - efi/libstub: Add limit argument to efi_random_alloc() (Lenny Szubowicz) [RHEL-2505] - arm64: efi: Limit allocations to 48-bit addressable physical region (Lenny Szubowicz) [RHEL-2505] - efi: libstub: use EFI_LOADER_CODE region when moving the kernel in memory (Lenny Szubowicz) [RHEL-2505] - arm64: efi: kaslr: Fix occasional random alloc (and boot) failure (Lenny Szubowicz) [RHEL-2505] - efi/libstub/random: Increase random alloc granularity (Lenny Szubowicz) [RHEL-2505] - x86/decompressor: Factor out kernel decompression and relocation (Lenny Szubowicz) [RHEL-2505] - x86/decompressor: Move global symbol references to C code (Lenny Szubowicz) [RHEL-2505] - decompress: Use 8 byte alignment (Lenny Szubowicz) [RHEL-2505] - x86/efistub: Prefer EFI memory attributes protocol over DXE services (Lenny Szubowicz) [RHEL-2505] - x86/efistub: Perform 4/5 level paging switch from the stub (Lenny Szubowicz) [RHEL-2505] - x86/decompressor: Merge trampoline cleanup with switching code (Lenny Szubowicz) [RHEL-2505] - x86/decompressor: Pass pgtable address to trampoline directly (Lenny Szubowicz) [RHEL-2505] - x86/decompressor: Only call the trampoline when changing paging levels (Lenny Szubowicz) [RHEL-2505] - x86/decompressor: Call trampoline directly from C code (Lenny Szubowicz) [RHEL-2505] - x86/decompressor: Avoid the need for a stack in the 32-bit trampoline (Lenny Szubowicz) [RHEL-2505] - x86/decompressor: Use standard calling convention for trampoline (Lenny Szubowicz) [RHEL-2505] - x86/decompressor: Call trampoline as a normal function (Lenny Szubowicz) [RHEL-2505] - x86/boot/compressed/64: Remove .bss/.pgtable from bzImage (Lenny Szubowicz) [RHEL-2505] - x86/boot: Remove run-time relocations from .head.text code (Lenny Szubowicz) [RHEL-2505] - x86/decompressor: Assign paging related global variables earlier (Lenny Szubowicz) [RHEL-2505] - x86/decompressor: Store boot_params pointer in callee save register (Lenny Szubowicz) [RHEL-2505] - x86/efistub: Clear BSS in EFI handover protocol entrypoint (Lenny Szubowicz) [RHEL-2505] - x86/head_64: Store boot_params pointer in callee save register (Lenny Szubowicz) [RHEL-2505] - x86/decompressor: Don't rely on upper 32 bits of GPRs being preserved (Lenny Szubowicz) [RHEL-2505] - x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (Lenny Szubowicz) [RHEL-2505] - efi/libstub: Add memory attribute protocol definitions (Lenny Szubowicz) [RHEL-2505] - efi/x86: libstub: remove unused variable (Lenny Szubowicz) [RHEL-2505] - x86/boot: Robustify calling startup_{32,64}() from the decompressor code (Lenny Szubowicz) [RHEL-2505] - x86/efistub: Simplify and clean up handover entry code (Lenny Szubowicz) [RHEL-2505] - x86/efistub: Branch straight to kernel entry point from C code (Lenny Szubowicz) [RHEL-2505] - efi/x86: Avoid using code32_start (Lenny Szubowicz) [RHEL-2505] - efi/libstub/x86: Use Exit() boot service to exit the stub on errors (Lenny Szubowicz) [RHEL-2505] - efi: x86: Wipe setup_data on pure EFI boot (Lenny Szubowicz) [RHEL-2505] - efi: x86: Fix config name for setting the NX-compatibility flag in the PE header (Lenny Szubowicz) [RHEL-2505] - efi: x86: Set the NX-compatibility flag in the PE header (Lenny Szubowicz) [RHEL-2505] - efi/x86: Add kernel preferred address to PE header (Lenny Szubowicz) [RHEL-2505] - efi/x86: Use symbolic constants in PE header instead of bare numbers (Lenny Szubowicz) [RHEL-2505] - efi/x86: Drop redundant .bss section (Lenny Szubowicz) [RHEL-2505] - efi/x86: add headroom to decompressor BSS to account for setup block (Lenny Szubowicz) [RHEL-2505] - x86/boot: Remove run-time relocations from head_{32,64}.S (Lenny Szubowicz) [RHEL-2505] - x86/boot/compressed: Fix debug_puthex() parameter type (Lenny Szubowicz) [RHEL-2505] - x86/boot/compressed/64: Use 32-bit (zero-extended) MOV for z_output_len (Lenny Szubowicz) [RHEL-2505] - x86/boot: Use unsigned comparison for addresses (Lenny Szubowicz) [RHEL-2505] - x86/boot: Micro-optimize GDT loading instructions (Lenny Szubowicz) [RHEL-2505] - x86/boot: GDT limit value should be size - 1 (Lenny Szubowicz) [RHEL-2505] - efi/x86: Remove GDT setup from efi_main (Lenny Szubowicz) [RHEL-2505] - x86/boot: Clear direction and interrupt flags in startup_64 (Lenny Szubowicz) [RHEL-2505] - efi/x86: Don't depend on firmware GDT layout (Lenny Szubowicz) [RHEL-2505] - x86/boot: Remove KEEP_SEGMENTS support (Lenny Szubowicz) [RHEL-2505] - x86/boot: Handle malformed SRAT tables during early ACPI parsing (Lenny Szubowicz) [RHEL-2505] - efi/libstub/x86: Use mandatory 16-byte stack alignment in mixed mode (Lenny Szubowicz) [RHEL-2505] - efi/libstub/x86: Avoid globals to store context during mixed mode calls (Lenny Szubowicz) [RHEL-2505] - x86/efistub: Disable paging at mixed mode entry (Lenny Szubowicz) [RHEL-2505] - x86: efi/random: Invoke EFI_RNG_PROTOCOL to seed the UEFI RNG table (Lenny Szubowicz) [RHEL-2505] - x86/asm: Make some functions local (Lenny Szubowicz) [RHEL-2505] - x86/boot: Annotate data appropriately (Lenny Szubowicz) [RHEL-2505] - x86/boot: Annotate local functions (Lenny Szubowicz) [RHEL-2505] - x86/asm: Make more symbols local (Lenny Szubowicz) [RHEL-2505] - x86/boot/compressed/64: Fix missing initialization in find_trampoline_placement() (Lenny Szubowicz) [RHEL-2505] - x86/boot/compressed/64: Fix boot on machines with broken E820 table (Lenny Szubowicz) [RHEL-2505] - x86, boot: Remove multiple copy of static function sanitize_boot_params() (Lenny Szubowicz) [RHEL-2505] - x86/boot/compressed/64: Remove unused variable (Lenny Szubowicz) [RHEL-2505] - x86/boot/compressed/64: Explain paging_prepare()'s return value (Lenny Szubowicz) [RHEL-2505] - x86/boot: Save several bytes in decompressor (Lenny Szubowicz) [RHEL-2505] - fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super (Audra Mitchell) [RHEL-20614] {CVE-2024-0841} - net/gve: update check for little-endianness in gve kconfig (Joshua Washington) [RHEL-29030] [4.18.0-546] - sched/membarrier: reduce the ability to hammer on sys_membarrier (Wander Lairson Costa) [RHEL-23430] {CVE-2024-26602} - NFS: Set the stable writes flag when initialising the super block (Benjamin Coddington) [RHEL-25266] - smb: client: fix OOB in receive_encrypted_standard() (Scott Mayhew) [RHEL-21685] {CVE-2024-0565} - scsi: core: Move scsi_host_busy() out of host lock if it is for per-command (Ming Lei) [RHEL-23942] - scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler (Ming Lei) [RHEL-23942] - gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump (Andrew Price) [RHEL-26501] {CVE-2023-52448} - smb: client: fix parsing of SMB3.1.1 POSIX create context (Paulo Alcantara) [RHEL-26241] {CVE-2023-52434} - smb: client: fix potential OOBs in smb2_parse_contexts() (Paulo Alcantara) [RHEL-26241] {CVE-2023-52434} - smb3: Replace smb2pdu 1-element arrays with flex-arrays (Jay Shin) [RHEL-22143] - cifs: Replace remaining 1-element arrays (Jay Shin) [RHEL-22143] - cifs: Convert struct fealist away from 1-element array (Jay Shin) [RHEL-22143] - cifs: remove unneeded 2bytes of padding from smb2 tree connect (Jay Shin) [RHEL-22143] - cifs: Replace zero-length arrays with flexible-array members (Jay Shin) [RHEL-22143] - cifs: Replace a couple of one-element arrays with flexible-array members (Jay Shin) [RHEL-22143] - cifs: fix FILE_BOTH_DIRECTORY_INFO definition (Jay Shin) [RHEL-22143] - nfsd: use locks_inode_context helper (Jeffrey Layton) [RHEL-27441] - nfs: use locks_inode_context helper (Jeffrey Layton) [RHEL-27441] - lockd: use locks_inode_context helper (Jeffrey Layton) [RHEL-27441] - cifs: use locks_inode_context helper (Jeffrey Layton) [RHEL-27441] - ceph: use locks_inode_context helper (Jeffrey Layton) [RHEL-27441] - filelock: add a new locks_inode_context accessor function (Jeffrey Layton) [RHEL-27441] - dm-integrity, dm-verity: reduce stack usage for recheck (Benjamin Marzinski) [RHEL-27849] - dm-crypt: recheck the integrity tag after a failure (Benjamin Marzinski) [RHEL-27849] - dm-crypt: don't modify the data when using authenticated encryption (Benjamin Marzinski) [RHEL-27849] - dm-verity: recheck the hash after a failure (Benjamin Marzinski) [RHEL-27849] - dm-integrity: recheck the integrity tag after a failure (Benjamin Marzinski) [RHEL-27849] [4.18.0-545] - tracing/timerlat: Move hrtimer_init to timerlat_fd open() (John Kacur) [RHEL-26667] - tracing/perf: Fix double put of trace event when init fails (Michael Petlan) [RHEL-19537] - ipvlan: Add handling of NETDEV_UP events (Hangbin Liu) [RHEL-19098] - ceph: add ceph_cap_unlink_work to fire check_caps() immediately (Xiubo Li) [RHEL-21760] - ceph: always queue a writeback when revoking the Fb caps (Xiubo Li) [RHEL-21760] - ceph: always check dir caps asynchronously (Xiubo Li) [RHEL-21760] - nfs: fix redundant readdir request after get eof (Benjamin Coddington) [RHEL-7780] - NFSv4.1: fixup use EXCHGID4_FLAG_USE_PNFS_DS for DS server (Scott Mayhew) [RHEL-7994] - NFSv4.1: fix pnfs MDS=DS session trunking (Scott Mayhew) [RHEL-7994] - NFSv4.1: fix zero value filehandle in post open getattr (Scott Mayhew) [RHEL-7994] - NFSv4.1: use EXCHGID4_FLAG_USE_PNFS_DS for DS server (Scott Mayhew) [RHEL-7994] [4.18.0-544] - ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (Carlos Maiolino) [RHEL-23386] {CVE-2021-33631} - i2c: designware: Disable TX_EMPTY irq while waiting for block length byte (Charles Mirabile) [RHEL-24019] - scsi: smartpqi: Fix disable_managed_interrupts (Tomas Henzl) [RHEL-25747] - hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write (Steve Best) [RHEL-26167] - gitlab-ci: do not show (results can be ignored) for rt pipelines (Michael Hofmann) [4.18.0-543] - perf symbols: Symbol lookup with kcore can fail if multiple segments match stext (Charles Mirabile) [RHEL-23760] - perf/arm-cmn: Move overlapping wp_combine field (Charles Mirabile) [RHEL-23757] - drm/amd: Fix detection of _PR3 on the PCIe root port (Michel Danzer) [RHEL-14572] - xfs: avoid AGI->AGF->inode-buffer deadlocks (Thiago Becker) [RHEL-7914] - dm-crypt, dm-verity: disable tasklets (Benjamin Marzinski) [RHEL-22232] - dm verity: initialize fec io before freeing it (Benjamin Marzinski) [RHEL-22232] - dm-verity: don't use blocking calls from tasklets (Benjamin Marzinski) [RHEL-22232] - char: misc: Increase the maximum number of dynamic misc devices to 1048448 (Charles Mirabile) [RHEL-23758] - char: misc: remove usage of list iterator past the loop body (Charles Mirabile) [RHEL-23758] - char: misc: increase DYNAMIC_MINORS value (Charles Mirabile) [RHEL-23758] - char: misc: Move EXPORT_SYMBOL immediately next to the functions/varibles (Charles Mirabile) [RHEL-23758] - clocksource/drivers/arm_arch_timer: Force inlining of erratum_set_next_event_generic() (Mark Salter) [RHEL-19605] - clocksource/drivers/arm_arch_timer: Fix handling of ARM erratum 858921 (Mark Salter) [RHEL-19605] - clocksource/drivers/arm_arch_timer: Remove arch_timer_rate1 (Mark Salter) [RHEL-19605] - clocksource/drivers/arm_arch_timer: Fix CNTPCT_LO and CNTVCT_LO value (Mark Salter) [RHEL-19605] - clocksource/drivers/arm_arch_timer: Disable timer before programming CVAL (Mark Salter) [RHEL-19605] - clocksource/drivers/arm_arch_timer: Fix XGene-1 TVAL register math error (Mark Salter) [RHEL-19605] - clocksource/drivers/arm_arch_timer: limit XGene-1 workaround (Mark Salter) [RHEL-19605] - clocksource/drivers/arch_arm_timer: Move workaround synchronisation around (Mark Salter) [RHEL-19605] - clocksource/drivers/arm_arch_timer: Fix masking for high freq counters (Mark Salter) [RHEL-19605] - clocksource/drivers/arm_arch_timer: Drop unnecessary ISB on CVAL programming (Mark Salter) [RHEL-19605] - clocksource/drivers/arm_arch_timer: Remove any trace of the TVAL programming interface (Mark Salter) [RHEL-19605] - clocksource/drivers/arm_arch_timer: Work around broken CVAL implementations (Mark Salter) [RHEL-19605] - clocksource/drivers/arm_arch_timer: Advertise 56bit timer to the core code (Mark Salter) [RHEL-19605] - clocksource/drivers/arm_arch_timer: Move MMIO timer programming over to CVAL (Mark Salter) [RHEL-19605] - clocksource/drivers/arm_arch_timer: Fix MMIO base address vs callback ordering issue (Mark Salter) [RHEL-19605] - clocksource/drivers/arm_arch_timer: Add __ro_after_init and __init (Mark Salter) [RHEL-19605] - clocksource/drivers/arm_arch_timer: Move drop _tval from erratum function names (Mark Salter) [RHEL-19605] - clocksource/drivers/arm_arch_timer: Move system register timer programming over to CVAL (Mark Salter) [RHEL-19605] - clocksource/drivers/arm_arch_timer: Extend write side of timer register accessors to u64 (Mark Salter) [RHEL-19605] - clocksource/drivers/arm_arch_timer: Drop CNT*_TVAL read accessors (Mark Salter) [RHEL-19605] - clocksource/arm_arch_timer: Add build-time guards for unhandled register accesses (Mark Salter) [RHEL-19605] [4.18.0-542] - netfilter: nf_tables: reject QUEUE/DROP verdict parameters (Florian Westphal) [RHEL-23506] {CVE-2024-1086} - drm/virtio: Set segment size for virtio_gpu device (Sebastian Ott) [RHEL-15465] - xfs: run blockgc on freeze to avoid inode inactivation deadlock (Brian Foster) [RHEL-11344] - RDMA/irdma: Report the correct link speed (Kamal Heib) [RHEL-23967] - scsi: core: Increase max device queue_depth to 4096 (Ming Lei) [RHEL-11725] - smsc95xx: fix stalled rx after link change (Izabela Bakollari) [RHEL-22312] - ovl: remove privs in ovl_fallocate() (Miklos Szeredi) [RHEL-17933] - ovl: remove privs in ovl_copyfile() (Miklos Szeredi) [RHEL-17933] - Bluetooth: Add more enc key size check (David Marlin) [RHEL-19666] {CVE-2023-24023} - Bluetooth: Normalize HCI_OP_READ_ENC_KEY_SIZE cmdcmplt (David Marlin) [RHEL-19666] {CVE-2023-24023} - IB: Use capital 'OR' for multiple licenses in SPDX (Izabela Bakollari) [RHEL-10238] - RDMA/rdmavt: Delete unnecessary NULL check (Izabela Bakollari) [RHEL-10238] - IB/rdmavt: Fix target union member for rvt_post_one_wr() (Izabela Bakollari) [RHEL-10238] - selftests/mm: cow: print ksft header before printing anything else (Nico Pache) [RHEL-5623] - selftests/mm/kugepaged: restore thp settings at exit (Nico Pache) [RHEL-5623] - selftests: line buffer test program's stdout (Nico Pache) [RHEL-5623] - selftests/kselftest/runner.sh: Pass optional command parameters in environment (Nico Pache) [RHEL-5623] - selftests/kselftest/runner/run_one(): allow running non-executable files (Nico Pache) [RHEL-5623] - selftests: allow runners to override the timeout (Nico Pache) [RHEL-5623] - selftests: mm: fix map_hugetlb failure on 64K page size systems (Nico Pache) [RHEL-5623] - redhat: Fix build for kselftests mm (Nico Pache) [RHEL-5623] - selftests: anon_cow: skip broken test (Nico Pache) [RHEL-5623] - mm/gup_test: free memory allocated via kvcalloc() using kvfree() (Nico Pache) [RHEL-5623] - selftests/mm: prevent duplicate runs caused by TEST_GEN_PROGS (Nico Pache) [RHEL-5623] - selftests: mm: add a test for mutually aligned moves > PMD size (Nico Pache) [RHEL-5623] - tools: fix ARRAY_SIZE defines in tools and selftests hdrs (Nico Pache) [RHEL-5623] - selftests: mm: fix failure case when new remap region was not found (Nico Pache) [RHEL-5623] - selftests/mm: fix WARNING comparing pointer to 0 (Nico Pache) [RHEL-5623] - selftests/mm: run all tests from run_vmtests.sh (Nico Pache) [RHEL-5623] - selftests/mm: optionally pass duration to transhuge-stress (Nico Pache) [RHEL-5623] - selftests/mm: make migration test robust to failure (Nico Pache) [RHEL-5623] - selftests/mm: va_high_addr_switch should skip unsupported arm64 configs (Nico Pache) [RHEL-5623] - selftests/mm: fix thuge-gen test bugs (Nico Pache) [RHEL-5623] - selftests/mm: skip soft-dirty tests on arm64 (Nico Pache) [RHEL-5623] - selftests/mm: add gup test matrix in run_vmtests.sh (Nico Pache) [RHEL-5623] - selftests/mm: add -a to run_vmtests.sh (Nico Pache) [RHEL-5623] - selftests/mm: give scripts execute permission (Nico Pache) [RHEL-5623] - selftests: mm: remove duplicate unneeded defines (Nico Pache) [RHEL-5623] - Documentation: kselftest: 'make headers' is a prerequisite (Nico Pache) [RHEL-5623] - selftests/mm: fix build failures due to missing MADV_COLLAPSE (Nico Pache) [RHEL-5623] - selftests/mm: fix a 'possibly uninitialized' warning in pkey-x86.h (Nico Pache) [RHEL-5623] - selftests/mm: .gitignore: add mkdirty, va_high_addr_switch (Nico Pache) [RHEL-5623] - selftests/mm: fix invocation of tests that are run via shell scripts (Nico Pache) [RHEL-5623] - selftests/mm: fix 'warning: expression which evaluates to zero...' in mlock2-tests.c (Nico Pache) [RHEL-5623] - selftests/mm: fix unused variable warnings in hugetlb-madvise.c, migration.c (Nico Pache) [RHEL-5623] - selftests/mm: fix cross compilation with LLVM (Nico Pache) [RHEL-5623] - selftests/mm: run hugetlb testcases of va switch (Nico Pache) [RHEL-5623] - selftests/mm: configure nr_hugepages for arm64 (Nico Pache) [RHEL-5623] - selftests/mm: add platform independent in code comments (Nico Pache) [RHEL-5623] - selftests/mm: rename va_128TBswitch to va_high_addr_switch (Nico Pache) [RHEL-5623] - selftests/mm: add support for arm64 platform on va switch (Nico Pache) [RHEL-5623] - selftests/mm: use PM_* macros in vm_utils.h (Nico Pache) [RHEL-5623] - selftests/mm: merge default_huge_page_size() into one (Nico Pache) [RHEL-5623] - selftests/mm: link vm_util.c always (Nico Pache) [RHEL-5623] - selftests/mm: use TEST_GEN_PROGS where proper (Nico Pache) [RHEL-5623] - selftests/mm: merge util.h into vm_util.h (Nico Pache) [RHEL-5623] - selftests/mm: dump a summary in run_vmtests.sh (Nico Pache) [RHEL-5623] - selftests/mm: set overcommit_policy as OVERCOMMIT_ALWAYS (Nico Pache) [RHEL-5623] - selftests/mm: change NR_CHUNKS_HIGH for aarch64 (Nico Pache) [RHEL-5623] - selftests/mm: change MAP_CHUNK_SIZE (Nico Pache) [RHEL-5623] - selftests: vm: enable cross-compilation (Nico Pache) [RHEL-5623] - selftests/vm: rename selftests/vm to selftests/mm (Nico Pache) [RHEL-5623] - selftests: vm: Fix incorrect kernel headers search path (Nico Pache) [RHEL-5623] - selftests/vm: cow: fix compile warning on 32bit (Nico Pache) [RHEL-5623] - mm/gup_test: fix PIN_LONGTERM_TEST_READ with highmem (Nico Pache) [RHEL-5623] - mm/pagewalk: don't trigger test_walk() in walk_page_vma() (Nico Pache) [RHEL-5623] - selftests/vm: enable running select groups of tests (Nico Pache) [RHEL-5623] - selftests/vm: anon_cow: add R/O longterm tests via gup_test (Nico Pache) [RHEL-5623] - mm/gup_test: start/stop/read functionality for PIN LONGTERM test (Nico Pache) [RHEL-5623] - selftests/vm: anon_cow: add liburing test cases (Nico Pache) [RHEL-5623] - selftests/vm: anon_cow: hugetlb tests (Nico Pache) [RHEL-5623] - selftests/vm: anon_cow: THP tests (Nico Pache) [RHEL-5623] - selftests/vm: factor out pagemap_is_populated() into vm_util (Nico Pache) [RHEL-5623] - selftests/vm: anon_cow: test COW handling of anonymous memory (Nico Pache) [RHEL-5623] - selftests/vm: add local_config.h and local_config.mk to .gitignore (Nico Pache) [RHEL-5623] - selftest: vm: remove deleted local_config.* from .gitignore (Nico Pache) [RHEL-5623] - Kselftests: remove support of libhugetlbfs from kselftests (Nico Pache) [RHEL-5623] - selftests/vm: use top_srcdir instead of recomputing relative paths (Nico Pache) [RHEL-5623] - selftests/vm: skip 128TBswitch on unsupported arch (Nico Pache) [RHEL-5623] - selftests/vm: fix va_128TBswitch.sh permissions (Nico Pache) [RHEL-5623] - selftests/vm: add protection_keys tests to run_vmtests (Nico Pache) [RHEL-5623] - selftests/vm: only run 128TBswitch with 5-level paging (Nico Pache) [RHEL-5623] - userfaultfd: selftests: infinite loop in faulting_process (Nico Pache) [RHEL-5623] - userfaultfd/selftests: Fix typo in comment (Nico Pache) [RHEL-5623] - selftests: vm: Fix resource leak when return error (Nico Pache) [RHEL-5623] - selftests: vm: add the 'settings' file with timeout variable (Nico Pache) [RHEL-5623] - selftests: vm: add 'test_hmm.sh' to TEST_FILES (Nico Pache) [RHEL-5623] - selftests: vm: check numa_available() before operating 'merge_across_nodes' in ksm_tests (Nico Pache) [RHEL-5623] - selftests: vm: add migration to the .gitignore (Nico Pache) [RHEL-5623] - selftests/vm/pkeys: fix typo in comment (Nico Pache) [RHEL-5623] - userfaultfd/selftests: use swap() instead of open coding it (Nico Pache) [RHEL-5623] - selftests: vm: fix shellcheck warnings in run_vmtests.sh (Nico Pache) [RHEL-5623] - selftests: vm: refactor run_vmtests.sh to reduce boilerplate (Nico Pache) [RHEL-5623] - selftests: vm: add test for Soft-Dirty PTE bit (Nico Pache) [RHEL-5623] - selftests: vm: bring common functions to a new file (Nico Pache) [RHEL-5623] - mm: add selftests for migration entries (Nico Pache) [RHEL-5623] - selftest/vm: add skip support to mremap_test (Nico Pache) [RHEL-5623] - selftest/vm: support xfail in mremap_test (Nico Pache) [RHEL-5623] - selftest/vm: verify remap destination address in mremap_test (Nico Pache) [RHEL-5623] - selftest/vm: verify mmap addr in mremap_test (Nico Pache) [RHEL-5623] - selftests: kselftest framework: provide 'finished' helper (Nico Pache) [RHEL-5623] - selftest/vm: add helpers to detect PAGE_SIZE and PAGE_SHIFT (Nico Pache) [RHEL-5623] - selftest/vm: add util.h and and move helper functions there (Nico Pache) [RHEL-5623] - selftests: vm: remove dependecy from internal kernel macros (Nico Pache) [RHEL-5623] - selftests: vm: Add the uapi headers include variable (Nico Pache) [RHEL-5623] - selftests/vm/transhuge-stress: Support file-backed PMD folios (Nico Pache) [RHEL-5623] - selftests, x86: fix how check_cc.sh is being invoked (Nico Pache) [RHEL-5623] - selftests: vm: fix clang build error multiple output files (Nico Pache) [RHEL-5623] - kselftest/vm: fix tests build with old libc (Nico Pache) [RHEL-5623] - selftest/vm: fix map_fixed_noreplace test failure (Nico Pache) [RHEL-5623] - kselftest/vm: revert 'tools/testing/selftests/vm/userfaultfd.c: use swap() to make code cleaner' (Nico Pache) [RHEL-5623] - selftests/vm: make charge_reserved_hugetlb.sh work with existing cgroup setting (Nico Pache) [RHEL-5623] - tools/testing/selftests/vm/userfaultfd.c: use swap() to make code cleaner (Nico Pache) [RHEL-5623] - selftests/vm: remove ARRAY_SIZE define from individual tests (Nico Pache) [RHEL-5623] - selftests: vm: add KSM huge pages merging time test (Nico Pache) [RHEL-5623] - selftest/vm: fix ksm selftest to run with different NUMA topologies (Nico Pache) [RHEL-5623] - selftests/vm/transhuge-stress: fix ram size thinko (Nico Pache) [RHEL-5623] - selftests: vm: add COW time test for KSM pages (Nico Pache) [RHEL-5623] - selftests: vm: add KSM merging time test (Nico Pache) [RHEL-5623] - mm: KSM: fix data type (Nico Pache) [RHEL-5623] - selftests: vm: add KSM merging across nodes test (Nico Pache) [RHEL-5623] - selftests: vm: add KSM zero page merging test (Nico Pache) [RHEL-5623] - selftests: vm: add KSM unmerge test (Nico Pache) [RHEL-5623] - selftests: vm: add KSM merge test (Nico Pache) [RHEL-5623] - selftests: Fix spelling mistake 'cann't' -> 'cannot' (Nico Pache) [RHEL-5623] - selftests/vm: use kselftest skip code for skipped tests (Nico Pache) [RHEL-5623] - selftest/mremap_test: avoid crash with static build (Nico Pache) [RHEL-5623] - selftest/mremap_test: update the test to handle pagesize other than 4K (Nico Pache) [RHEL-5623] - selftests/vm/pkeys: exercise x86 XSAVE init state (Nico Pache) [RHEL-5623] - selftests/vm/pkeys: refill shadow register after implicit kernel write (Nico Pache) [RHEL-5623] - selftests/vm/pkeys: handle negative sys_pkey_alloc() return code (Nico Pache) [RHEL-5623] - vm/test_vmalloc.sh: adapt for updated driver interface (Nico Pache) [RHEL-5623] - tool: selftests: fix spelling typo of 'writting' (Nico Pache) [RHEL-5623] - userfaultfd/selftests: hint the test runner on required privilege (Nico Pache) [RHEL-5623] - userfaultfd/selftests: fix retval check for userfaultfd_open() (Nico Pache) [RHEL-5623] - userfaultfd/selftests: always dump something in modes (Nico Pache) [RHEL-5623] - userfaultfd: selftests: make __{s,u}64 format specifiers portable (Nico Pache) [RHEL-5623] - tools: Avoid comma separated statements (Nico Pache) [RHEL-5623] - kselftests: vm: add mremap tests (Nico Pache) [RHEL-5623] - Revert 'selftests/vm: enable running select groups of tests' (Nico Pache) [RHEL-5623] [4.18.0-541] - cgroup/rstat: Optimize cgroup_rstat_updated_list() (Waiman Long) [RHEL-18154] - cgroup/rstat: Reduce cpu_lock hold time in cgroup_rstat_flush_locked() (Waiman Long) [RHEL-18154] - cgroup: use irqsave in cgroup_rstat_flush_locked(). (Waiman Long) [RHEL-18154] - cgroup: fix spelling mistakes (Waiman Long) [RHEL-18154] - s390/ipl: add missing intersection check to ipl_report handling (Tobias Huschle) [RHEL-24612] - drm/amdgpu: Fix potential fence use-after-free v2 (Michel Danzer) [RHEL-22504] {CVE-2023-51042} - sched/fair: Don't balance task to its current running CPU (Luis Claudio R. Goncalves) [RHEL-8854] - md: partially revert 'md/raid6: use valid sector values to determine if an I/O should wait on the reshape' (Benjamin Marzinski) [RHEL-24518] - blk-mq: fix IO hang from sbitmap wakeup race (Ming Lei) [RHEL-21289] - sfc: introduce shutdown entry point in efx pci driver (Izabela Bakollari) [RHEL-11016] - KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache (Sebastian Ott) [RHEL-5178] - efi: libstub: ensure allocated memory to be executable (Lenny Szubowicz) [RHEL-24852] - efi: libstub: declare DXE services table (Lenny Szubowicz) [RHEL-24852] - efi/libstub/x86: Avoid overflowing code32_start on PE entry (Lenny Szubowicz) [RHEL-24852] - RDMA/efa: Fix wrong resources deallocation order (Izabela Bakollari) [RHEL-18229] - RDMA/efa: Add RDMA write HW statistics counters (Izabela Bakollari) [RHEL-18229] - RDMA/efa: Fix unsupported page sizes in device (Izabela Bakollari) [RHEL-18229] - RDMA/efa: Add rdma write capability to device caps (Izabela Bakollari) [RHEL-18229] - RDMA/efa: Add data polling capability feature bit (Izabela Bakollari) [RHEL-18229] - APEI: GHES: correctly return NULL for ghes_get_devices() (Aristeu Rozanski) [RHEL-1603] - EDAC/ghes: Make ghes_edac a proper module (Aristeu Rozanski) [RHEL-1603] - EDAC/ghes: Prepare to make ghes_edac a proper module (Aristeu Rozanski) [RHEL-1603] - EDAC/ghes: Add a notifier for reporting memory errors (Aristeu Rozanski) [RHEL-1603] - efi/cper: Export several helpers for ghes_edac to use (Aristeu Rozanski) [RHEL-1603] - ACPI: APEI: rename ghes_init() with an 'acpi_' prefix (Aristeu Rozanski) [RHEL-1603] - ACPI: APEI: explicit init of HEST and GHES in apci_init() (Aristeu Rozanski) [RHEL-1603] - EDAC/ghes: Clear scanned data on unload (Aristeu Rozanski) [RHEL-1603] - EDAC/ghes: Fix NULL pointer dereference in ghes_edac_register() (Aristeu Rozanski) [RHEL-1603] - EDAC/ghes: Scan the system once on driver init (Aristeu Rozanski) [RHEL-1603] - EDAC/ghes: Remove unused members of struct ghes_edac_pvt, rename it to ghes_pvt (Aristeu Rozanski) [RHEL-1603] - EDAC: Introduce an mci_for_each_dimm() iterator (Aristeu Rozanski) [RHEL-1603] - EDAC: Remove EDAC_DIMM_OFF() macro (Aristeu Rozanski) [RHEL-1603] - r8169: add handling DASH when DASH is disabled (Izabela Bakollari) [RHEL-6505] - r8169: remove rtl_wol_shutdown_quirk() (Izabela Bakollari) [RHEL-6505] - r8169: improve driver unload and system shutdown behavior on DASH-enabled systems (Izabela Bakollari) [RHEL-6505] - r8169: fix dmar pte write access is not set error (Izabela Bakollari) [RHEL-6505] - r8169: move rtl_wol_enable_rx() and rtl_prepare_power_down() (Izabela Bakollari) [RHEL-6505] - r8169: prevent potential deadlock in rtl8169_close (Izabela Bakollari) [RHEL-6505] - r8169: fix deadlock on RTL8125 in jumbo mtu mode (Izabela Bakollari) [RHEL-6505] - r8169: fix network lost after resume on DASH systems (Izabela Bakollari) [RHEL-6505] - r8169: respect userspace disabling IFF_MULTICAST (Izabela Bakollari) [RHEL-6505] - r8169: fix the KCSAN reported data race in rtl_rx while reading desc->opts1 (Izabela Bakollari) [RHEL-6505] - r8169: fix the KCSAN reported data-race in rtl_tx while reading TxDescArray[entry].opts1 (Izabela Bakollari) [RHEL-6505] - r8169: fix the KCSAN reported data-race in rtl_tx() while reading tp->cur_tx (Izabela Bakollari) [RHEL-6505] - r8169: fix rare issue with broken rx after link-down on RTL8125 (Izabela Bakollari) [RHEL-6505] - r8169: check for PCI read error in probe (Izabela Bakollari) [RHEL-6505] - r8169: fix RTL8168H and RTL8107E rx crc error (Izabela Bakollari) [RHEL-6505] - r8169: reset bus if NIC isn't accessible after tx timeout (Izabela Bakollari) [RHEL-6505] - r8169: disable ASPM in case of tx timeout (Izabela Bakollari) [RHEL-6505] - r8169: use tp_to_dev instead of open code (Izabela Bakollari) [RHEL-6505] - r8169: add rtl_disable_rxdvgate() (Izabela Bakollari) [RHEL-6505] - r8169: remove not needed net_ratelimit() check (Izabela Bakollari) [RHEL-6505] - r8169: remove useless PCI region size check (Izabela Bakollari) [RHEL-6505] - Bluetooth: hci_sync: Fix not processing all entries on cmd_sync_work (David Marlin) [RHEL-23781] - Bluetooth: hci_core: Fix unbalanced unlock in set_device_flags() (David Marlin) [RHEL-23781] - Bluetooth: Fix not checking MGMT cmd pending queue (David Marlin) [RHEL-23781] - Bluetooth: hci_sync: Fix not using conn_timeout (David Marlin) [RHEL-23781] - Bluetooth: hci_sync: Fix hci_update_accept_list_sync (David Marlin) [RHEL-23781] - Bluetooth: assign len after null check (David Marlin) [RHEL-23781] - Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks (David Marlin) [RHEL-23781] - Bluetooth: fix data races in smp_unregister(), smp_del_chan() (David Marlin) [RHEL-23781] - Bluetooth: hci_core: Fix leaking sent_cmd skb (David Marlin) [RHEL-23781] - Bluetooth: hci_sock: fix endian bug in hci_sock_setsockopt() (David Marlin) [RHEL-23781] - Bluetooth: L2CAP: uninitialized variables in l2cap_sock_setsockopt() (David Marlin) [RHEL-23781] - Bluetooth: btqca: sequential validation (David Marlin) [RHEL-23781] - Bluetooth: hci_event: Rework hci_inquiry_result_with_rssi_evt (David Marlin) [RHEL-23781] - Bluetooth: btbcm: disable read tx power for MacBook Air 8,1 and 8,2 (David Marlin) [RHEL-23781] - Bluetooth: hci_qca: Fix NULL vs IS_ERR_OR_NULL check in qca_serdev_probe (David Marlin) [RHEL-23781] - Bluetooth: hci_bcm: Check for error irq (David Marlin) [RHEL-23781] - Bluetooth: MGMT: Fix spelling mistake 'simultanous' -> 'simultaneous' (David Marlin) [RHEL-23781] - Bluetooth: vhci: Set HCI_QUIRK_VALID_LE_STATES (David Marlin) [RHEL-23781] - Bluetooth: MGMT: Fix LE simultaneous roles UUID if not supported (David Marlin) [RHEL-23781] - Bluetooth: hci_sync: Add check simultaneous roles support (David Marlin) [RHEL-23781] - Bluetooth: hci_sync: Wait for proper events when connecting LE (David Marlin) [RHEL-23781] - Bluetooth: hci_sync: Add support for waiting specific LE subevents (David Marlin) [RHEL-23781] - Bluetooth: hci_sync: Add hci_le_create_conn_sync (David Marlin) [RHEL-23781] - Bluetooth: hci_event: Use skb_pull_data when processing inquiry results (David Marlin) [RHEL-23781] - Bluetooth: hci_sync: Push sync command cancellation to workqueue (David Marlin) [RHEL-23781] - Bluetooth: hci_qca: Stop IBS timer during BT OFF (David Marlin) [RHEL-23781] - Bluetooth: btintel: Add missing quirks and msft ext for legacy bootloader (David Marlin) [RHEL-23781] - Bluetooth: L2CAP: Fix using wrong mode (David Marlin) [RHEL-23781] - Bluetooth: hci_sync: Fix not always pausing advertising when necessary (David Marlin) [RHEL-23781] - Bluetooth: mgmt: Make use of mgmt_send_event_skb in MGMT_EV_DEVICE_CONNECTED (David Marlin) [RHEL-23781] - Bluetooth: mgmt: Make use of mgmt_send_event_skb in MGMT_EV_DEVICE_FOUND (David Marlin) [RHEL-23781] - Bluetooth: mgmt: Introduce mgmt_alloc_skb and mgmt_send_event_skb (David Marlin) [RHEL-23781] - Bluetooth: btusb: Return error code when getting patch status failed (David Marlin) [RHEL-23781] - Bluetooth: btusb: Handle download_firmware failure cases (David Marlin) [RHEL-23781] - Bluetooth: msft: Fix compilation when CONFIG_BT_MSFTEXT is not set (David Marlin) [RHEL-23781] - Bluetooth: hci_sync: Set Privacy Mode when updating the resolving list (David Marlin) [RHEL-23781] - Bluetooth: Introduce HCI_CONN_FLAG_DEVICE_PRIVACY device flag (David Marlin) [RHEL-23781] - Bluetooth: btusb: Add support for queuing during polling interval (David Marlin) [RHEL-23781] - Bluetooth: hci_core: Rework hci_conn_params flags (David Marlin) [RHEL-23781] - Bluetooth: MGMT: Use hci_dev_test_and_{set,clear}_flag (David Marlin) [RHEL-23781] - Bluetooth: btbcm: disable read tx power for some Macs with the T2 Security chip (David Marlin) [RHEL-23781] - Bluetooth: add quirk disabling LE Read Transmit Power (David Marlin) [RHEL-23781] - Bluetooth: hci_event: Use of a function table to handle Command Status (David Marlin) [RHEL-23781] - Bluetooth: hci_event: Use of a function table to handle Command Complete (David Marlin) [RHEL-23781] - Bluetooth: hci_event: Use of a function table to handle LE subevents (David Marlin) [RHEL-23781] - Bluetooth: hci_event: Use of a function table to handle HCI events (David Marlin) [RHEL-23781] - Bluetooth: HCI: Use skb_pull_data to parse LE Direct Advertising Report event (David Marlin) [RHEL-23781] - Bluetooth: HCI: Use skb_pull_data to parse LE Ext Advertising Report event (David Marlin) [RHEL-23781] - Bluetooth: HCI: Use skb_pull_data to parse LE Advertising Report event (David Marlin) [RHEL-23781] - Bluetooth: HCI: Use skb_pull_data to parse LE Metaevents (David Marlin) [RHEL-23781] - Bluetooth: HCI: Use skb_pull_data to parse Extended Inquiry Result event (David Marlin) [RHEL-23781] - Bluetooth: HCI: Use skb_pull_data to parse Inquiry Result with RSSI event (David Marlin) [RHEL-23781] - Bluetooth: HCI: Use skb_pull_data to parse Inquiry Result event (David Marlin) [RHEL-23781] - Bluetooth: HCI: Use skb_pull_data to parse Number of Complete Packets event (David Marlin) [RHEL-23781] - Bluetooth: HCI: Use skb_pull_data to parse Command Complete event (David Marlin) [RHEL-23781] - Bluetooth: HCI: Use skb_pull_data to parse BR/EDR events (David Marlin) [RHEL-23781] - Bluetooth: btusb: Cancel sync commands for certain URB errors (David Marlin) [RHEL-23781] - Bluetooth: hci_core: Cancel sync command if sending a frame failed (David Marlin) [RHEL-23781] - Bluetooth: Add hci_cmd_sync_cancel to public API (David Marlin) [RHEL-23781] - Bluetooth: Reset more state when cancelling a sync command (David Marlin) [RHEL-23781] - Bluetooth: Limit duration of Remote Name Resolve (David Marlin) [RHEL-23781] - Bluetooth: Send device found event on name resolve failure (David Marlin) [RHEL-23781] - Bluetooth: HCI: Fix definition of hci_rp_delete_stored_link_key (David Marlin) [RHEL-23781] - Bluetooth: HCI: Fix definition of hci_rp_read_stored_link_key (David Marlin) [RHEL-23781] - Bluetooth: refactor malicious adv data check (David Marlin) [RHEL-23781] - Bluetooth: btusb: Add one more Bluetooth part for the Realtek RTL8852AE (David Marlin) [RHEL-23781] - Bluetooth: btusb: enable Mediatek to support AOSP extension (David Marlin) [RHEL-23781] - Bluetooth: Attempt to clear HCI_LE_ADV on adv set terminated error event (David Marlin) [RHEL-23781] - Bluetooth: Ignore HCI_ERROR_CANCELLED_BY_HOST on adv set terminated event (David Marlin) [RHEL-23781] - Bluetooth: hci_request: Remove bg_scan_update work (David Marlin) [RHEL-23781] - Bluetooth: hci_sync: Convert MGMT_OP_SET_CONNECTABLE to use cmd_sync (David Marlin) [RHEL-23781] - Bluetooth: hci_sync: Convert MGMT_OP_SET_DISCOVERABLE to use cmd_sync (David Marlin) [RHEL-23781] - Bluetooth: btmrvl_main: repair a non-kernel-doc comment (David Marlin) [RHEL-23781] - Bluetooth: Don't initialize msft/aosp when using user channel (David Marlin) [RHEL-23781] - Bluetooth: fix uninitialized variables notify_evt (David Marlin) [RHEL-23781] - Bluetooth: stop proccessing malicious adv data (David Marlin) [RHEL-23781] - Bluetooth: hci_h4: Fix padding calculation error within h4_recv_buf() (David Marlin) [RHEL-23781] - Bluetooth: aosp: Support AOSP Bluetooth Quality Report (David Marlin) [RHEL-23781] - Bluetooth: Add struct of reading AOSP vendor capabilities (David Marlin) [RHEL-23781] - Bluetooth: hci_sync: Fix not setting adv set duration (David Marlin) [RHEL-23781] - Bluetooth: hci_sync: Fix missing static warnings (David Marlin) [RHEL-23781] - Bluetooth: hci_sync: Rework hci_suspend_notifier (David Marlin) [RHEL-23781] - Bluetooth: hci_sync: Rework init stages (David Marlin) [RHEL-23781] - Bluetooth: hci_sync: Convert MGMT_OP_SSP (David Marlin) [RHEL-23781] - Bluetooth: hci_sync: Convert adv_expire (David Marlin) [RHEL-23781] - Bluetooth: hci_sync: Convert MGMT_OP_SET_ADVERTISING (David Marlin) [RHEL-23781] - Bluetooth: hci_sync: Convert MGMT_OP_SET_PHY_CONFIGURATION (David Marlin) [RHEL-23781] - Bluetooth: hci_sync: Convert MGMT_OP_SET_LOCAL_NAME (David Marlin) [RHEL-23781] - Bluetooth: hci_sync: Convert MGMT_OP_READ_LOCAL_OOB_EXT_DATA (David Marlin) [RHEL-23781] - Bluetooth: hci_sync: Convert MGMT_OP_READ_LOCAL_OOB_DATA (David Marlin) [RHEL-23781] - Bluetooth: hci_sync: Convert MGMT_OP_SET_LE (David Marlin) [RHEL-23781] - Bluetooth: hci_sync: Convert MGMT_OP_GET_CLOCK_INFO (David Marlin) [RHEL-23781] - Bluetooth: hci_sync: Convert MGMT_OP_SET_SECURE_CONN (David Marlin) [RHEL-23781] - Bluetooth: hci_sync: Convert MGMT_OP_GET_CONN_INFO (David Marlin) [RHEL-23781] - Bluetooth: hci_sync: Enable synch'd set_bredr (David Marlin) [RHEL-23781] - Bluetooth: hci_sync: Convert MGMT_OP_SET_FAST_CONNECTABLE (David Marlin) [RHEL-23781] - Bluetooth: hci_sync: Convert MGMT_OP_START_DISCOVERY (David Marlin) [RHEL-23781] - Bluetooth: hci_sync: Convert MGMT_SET_POWERED (David Marlin) [RHEL-23781] - Bluetooth: hci_sync: Rework background scan (David Marlin) [RHEL-23781] - Bluetooth: hci_sync: Enable advertising when LL privacy is enabled (David Marlin) [RHEL-23781] - Bluetooth: hci_sync: Make use of hci_cmd_sync_queue set 3 (David Marlin) [RHEL-23781] - Bluetooth: hci_sync: Make use of hci_cmd_sync_queue set 2 (David Marlin) [RHEL-23781] - Bluetooth: hci_sync: Make use of hci_cmd_sync_queue set 1 (David Marlin) [RHEL-23781] - Bluetooth: Add helper for serialized HCI command execution (David Marlin) [RHEL-23781] - Bluetooth: Fix removing adv when processing cmd complete (David Marlin) [RHEL-23781] - Bluetooth: hci_bcm: Remove duplicated entry in OF table (David Marlin) [RHEL-23781] - Bluetooth: bfusb: fix division by zero in send path (David Marlin) [RHEL-23781] - Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails (David Marlin) [RHEL-23781] - Bluetooth: vhci: Fix checking of msft_opcode (David Marlin) [RHEL-23781] - Bluetooth: btsdio: Do not bind to non-removable BCM4345 and BCM43455 (David Marlin) [RHEL-23781] - Bluetooth: vhci: Add support for setting msft_opcode and aosp_capable (David Marlin) [RHEL-23781] - Bluetooth: btusb: fix memory leak in btusb_mtk_submit_wmt_recv_urb() (David Marlin) [RHEL-23781] - Bluetooth: Fix memory leak of hci device (David Marlin) [RHEL-23781] - Bluetooth: btintel: Fix bdaddress comparison with garbage value (David Marlin) [RHEL-23781] - Bluetooth: Fix debugfs entry leak in hci_register_dev() (David Marlin) [RHEL-23781] - Bluetooth: L2CAP: Fix not initializing sk_peer_pid (David Marlin) [RHEL-23781] - Bluetooth: hci_sock: purge socket queues in the destruct() callback (David Marlin) [RHEL-23781] - Bluetooth: mgmt: Fix Experimental Feature Changed event (David Marlin) [RHEL-23781] - Bluetooth: hci_vhci: Fix to set the force_wakeup value (David Marlin) [RHEL-23781] - Bluetooth: Read codec capabilities only if supported (David Marlin) [RHEL-23781] - Bluetooth: Fix handling of SUSPEND_DISCONNECTING (David Marlin) [RHEL-23781] - Bluetooth: hci_vhci: Fix calling hci_{suspend,resume}_dev (David Marlin) [RHEL-23781] - skbuff: introduce skb_pull_data (David Marlin) [RHEL-23781] - Bluetooth: defer cleanup of resources in hci_unregister_dev() (David Marlin) [RHEL-23781] - serial: core: return early on unsupported ioctls (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - lib/hexdump: make print_hex_dump_bytes() a nop on !DEBUG builds (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix race condition in status line change on dead connections (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - Revert 'tty: n_gsm: fix UAF in gsm_cleanup_mux' (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix UAF in gsm_cleanup_mux (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: add parameter negotiation support (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: add parameters used with parameter negotiation (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: introduce macro for minimal unit size (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: name the debug bits (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: introduce gsm_control_command() function (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: replace use of gsm_read_ea() with gsm_read_ea_val() (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: name gsm tty device minors (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: initialize more members at gsm_alloc_mux() (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix flow control handling in tx path (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix resource allocation order in gsm_activate_mux() (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix deadlock and link starvation in outgoing data path (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix race condition in gsmld_write() (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix non flow control frames during mux flow off (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix missing timer to handle stalled links (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix wrong queuing behavior in gsm_dlci_data_output() (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix tty registration before control channel open (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix user open not possible at responder until initiator open (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Debug output allocation must use GFP_ATOMIC (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Fix packet data hex dump output (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix buffer over-read in gsm_dlci_data() (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix sometimes uninitialized warning in gsm_dlci_modem_output() (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix software flow control handling (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix invalid use of MSC in advanced option (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix broken virtual tty handling (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix missing update of modem controls after DLCI open (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix reset fifo race condition (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix missing tty wakeup in convergence layer type 2 (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix wrong signal octets encoding in MSC (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix wrong command frame length field encoding (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix wrong command retry handling (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix missing explicit ldisc flush (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix wrong DLCI release order (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix insufficient txframe size (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix frame reception handling (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix mux cleanup after unregister tty device (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix decoupled mux resource (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix restart handling via CLD command (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix deadlock in gsmtty_open() (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix wrong modem processing in convergence layer type 2 (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix wrong tty control line for flow control (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix NULL pointer access due to DLCI release (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix encoding of command/response bit (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: fix SW flow control encoding/handling (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - mxser: remove tty parameter from mxser_receive_chars_new() (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - mxser: don't throttle manually (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - mxser: make mxser_port::ldisc_stop_rx a bool (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Don't ignore write return value in gsmld_output() (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: clean up indenting in gsm_queue() (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Save dlci address open status when config requester (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Modify gsmtty driver register method when config requester (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Delete gsmtty open SABM frame when config requester (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Modify CR,PF bit printk info when config requester (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Modify CR,PF bit when config requester (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: stop using alloc_tty_driver (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: don't store semi-state into tty drivers (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - hvsi: don't panic on tty_register_driver failure (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - amiserial: switch rs_table to a single state (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - amiserial: expand 'custom' (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - amiserial: use memset to zero serial_state (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - amiserial: remove serial_* strings (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - mxser: drop mxser_port::custom_divisor (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - mxser: drop mxser_port::baud_base (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - mxser: remove unused mxser_port::stop_rx (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - mxser: don't allocate MXSER_PORTS + 1 (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - mxser: remove cnt from mxser_receive_chars (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - mxser: remove MOXA_GETMSTATUS ioctl (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - mxser: remove MOXA_GETDATACOUNT ioctl (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - mxser: remove MOXA_CHKPORTENABLE ioctl (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - mxser: remove MOXA_ASPP_LSTATUS ioctl (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - mxser: remove MOXA_ASPP_MON and friends (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - mxser: remove MOXA_SET_BAUD_METHOD ioctl (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - mxser: remove MOXA_GET_MAJOR deprecated ioctl (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - mxser: drop unused MOXA_DIAGNOSE macro (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - mxser: drop UART_MCR_AFE and UART_LSR_SPECIAL defines (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - mxser: remove else from LSR bits checks (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - mxser: extract mxser_receive_chars_old (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - mxser: extract mxser_receive_chars_new (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - mxser: simplify mxser_interrupt and drop mxser_board::vector_mask (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - mxser: extract port ISR (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - mxser: cleanup LSR handling in mxser_receive_chars (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - mxser: remove nonsense from ISR (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - mxser: drop constant board::uart_type (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - mxser: introduce enum mxser_must_hwid (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - mxser: rename mxser_board::chip_flag to must_hwid (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - mxser: rename CheckIsMoxaMust to mxser_get_must_hwid (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - mxser: cleanup Gpci_uart_info struct (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - mxser: integrate mxser.h into .c (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - mxser: drop ISA support (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - n_gsm: use goto-failpaths in gsm_init (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: mxser: drop low-latency workaround (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: check error while registering tty devices (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: mxser: fix TIOCSSERIAL jiffies conversions (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm, remove duplicates of parameters (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: do not check tty_unregister_driver's return value (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: nozomi, remove init/exit messages (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty_port: drop last traces of low_latency (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Demote obvious abuse of kernel-doc and supply other missing docss (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm, eliminate indirection for gsm->{output,error}() (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Fix bogus i++ in gsm_data_kick (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Remove unnecessary test in gsm_print_packet() (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Fix waking up upper tty layer when room available (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Fix SOF skipping (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Improve debug output (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - n_gsm: switch constipated to bool (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - n_gsm: switch throttled to bool (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - n_gsm: switch dead to bool (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - n_gsm: introduce enum gsm_dlci_mode (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - n_gsm: introduce enum gsm_dlci_state (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - n_gsm: drop unneeded gsm_dlci->fifo field (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Replace zero-length array with flexible-array member (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: avoid recursive locking with async port hangup (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: add helpers to convert mux-num to/from tty-base (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - docs: serial: move it to the driver-api (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - docs: serial: convert docs to ReST and rename to *.rst (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Mark expected switch fall-throughs (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - n_gsm: Constify u8 and unsigned char usage (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty: n_gsm: Add copy_config() and gsm_config() to prepare for serdev (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - mxser: switch to ->[sg]et_serial() (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - amiserial: switch to ->[sg]et_serial() (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} - tty/serial_core: add ISO7816 infrastructure (Wander Lairson Costa) [RHEL-19955] {CVE-2023-6546} [4.18.0-540] - mm/readahead: reintroduce legacy madvise_willneed behavior to force_page_cache_readahead (Rafael Aquini) [RHEL-22476] - PCI: Disable ATS for specific Intel IPU E2000 devices (Myron Stowe) [RHEL-21011] - PCI: Extract ATS disabling to a helper function (Myron Stowe) [RHEL-21011] - HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (Tony Camuso) [RHEL-14732] - HID: intel-ish-hid: ipc: Add Arrow Lake PCI device ID (Tony Camuso) [RHEL-14732] - HID: intel-ish-hid: Fix kernel panic during warm reset (Tony Camuso) [RHEL-14732] - net: usb: ax88179_178a: avoid failed operations when device is disconnected (Jose Ignacio Tornos Martinez) [RHEL-17561] - net: usb: ax88179_178a: avoid two consecutive device resets (Jose Ignacio Tornos Martinez) [RHEL-17561] - net: usb: ax88179_178a: fix failed operations during ax88179_reset (Jose Ignacio Tornos Martinez) [RHEL-17561] - net: usb: ax88179_178a: Bind only to vendor-specific interface (Jose Ignacio Tornos Martinez) [RHEL-17561] - net: usb: ax88179_178a: wol optimizations (Jose Ignacio Tornos Martinez) [RHEL-17561] - net: usb: ax88179_178a: move priv to driver_priv (Jose Ignacio Tornos Martinez) [RHEL-17561] - net: usb: ax88179_178a: restore state on resume (Jose Ignacio Tornos Martinez) [RHEL-17561] - net: usb: ax88179_178a: clean up pm calls (Jose Ignacio Tornos Martinez) [RHEL-17561] - net: usb: ax88179_178a: remove redundant init code (Jose Ignacio Tornos Martinez) [RHEL-17561] - net: make drivers set the TSO limit not the GSO limit (Jose Ignacio Tornos Martinez) [RHEL-17561] - net: usb: ax88179_178a: add Allied Telesis AT-UMCs (Jose Ignacio Tornos Martinez) [RHEL-17561] - net: usb: ax88179_178a: add TSO feature (Jose Ignacio Tornos Martinez) [RHEL-17561] - ethernet: constify references to netdev->dev_addr in drivers (Jose Ignacio Tornos Martinez) [RHEL-17561] - net: usb: ax88179_178a: initialize local variables before use (Jose Ignacio Tornos Martinez) [RHEL-17561] - gve: Remove dependency on 4k page size. (Joshua Washington) [RHEL-22210] - gve: Add page size register to the register_page_list command. (Joshua Washington) [RHEL-22210] - gve: Remove obsolete checks that rely on page size. (Joshua Washington) [RHEL-22210] - gve: Deprecate adminq_pfn for pci revision 0x1. (Joshua Washington) [RHEL-22210] - gve: Perform adminq allocations through a dma_pool. (Joshua Washington) [RHEL-22210] - gve: add gve_features_check() (Joshua Washington) [RHEL-22210] - gve: Fixes for napi_poll when budget is 0 (Joshua Washington) [RHEL-22210] - gve: Do not fully free QPL pages on prefill errors (Joshua Washington) [RHEL-22210] - gve: Use size_add() in call to struct_size() (Joshua Washington) [RHEL-22210] - gve: fix frag_list chaining (Joshua Washington) [RHEL-22210] - gve: RX path for DQO-QPL (Joshua Washington) [RHEL-22210 RHEL-9878] - gve: Tx path for DQO-QPL (Joshua Washington) [RHEL-22210 RHEL-9878] - gve: Control path for DQO-QPL (Joshua Washington) [RHEL-22210 RHEL-9878] - gve: trivial spell fix Recive to Receive (Joshua Washington) [RHEL-22210] - gve: unify driver name usage (Joshua Washington) [RHEL-22210] - gve: Set default duplex configuration to full (Joshua Washington) [RHEL-22210] - gve: Remove the code of clearing PBA bit (Joshua Washington) [RHEL-22210] - gve: Secure enough bytes in the first TX desc for all TCP pkts (Joshua Washington) [RHEL-22210] - gve: Cache link_speed value from device (Joshua Washington) [RHEL-22210] - gve: Add AF_XDP zero-copy support for GQI-QPL format (Joshua Washington) [RHEL-22210] - gve: Add XDP REDIRECT support for GQI-QPL format (Joshua Washington) [RHEL-22210] - gve: Add XDP DROP and TX support for GQI-QPL format (Joshua Washington) [RHEL-22210] - gve: Changes to add new TX queues (Joshua Washington) [RHEL-22210] - gve: XDP support GQI-QPL: helper function changes (Joshua Washington) [RHEL-22210] - gve: Fix gve interrupt names (Joshua Washington) [RHEL-22210] - gve: Handle alternate miss completions (Joshua Washington) [RHEL-22210] - gve: Adding a new AdminQ command to verify driver (Joshua Washington) [RHEL-22210] - gve: Fix error return code in gve_prefill_rx_pages() (Joshua Washington) [RHEL-22210] - gve: Reduce alloc and copy costs in the GQ rx path (Joshua Washington) [RHEL-22210] - google/gve:fix repeated words in comments (Joshua Washington) [RHEL-22210] - gve: Fix spelling mistake 'droping' -> 'dropping' (Joshua Washington) [RHEL-22210] - gve: enhance no queue page list detection (Joshua Washington) [RHEL-22210] - net: Google gve: Remove dma_wmb() before ringing doorbell (Joshua Washington) [RHEL-22210] [4.18.0-539] - tcp: Dump bound-only sockets in inet_diag. (Guillaume Nault) [RHEL-6113] - rh_messages.h: update driver and device lists (Scott Weaver) [RHEL-22126] - vmstat: allow_direct_reclaim should use zone_page_state_snapshot (Marcelo Tosatti) [RHEL-22138] - rbd: don't move requests to the running list on errors (Ilya Dryomov) [RHEL-21941] - drm/vmwgfx: Fix possible null pointer derefence with invalid contexts (Jocelyn Falempe) [RHEL-3179] {CVE-2022-38096} - atm: Fix Use-After-Free in do_vcc_ioctl (Guillaume Nault) [RHEL-21179] {CVE-2023-51780} - perf/x86/intel/uncore: Factor out topology_gidnid_map() (Michael Petlan) [RHEL-22189] - perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology() (Michael Petlan) [RHEL-22189] - KVM: x86: Constrain guest-supported xfeatures only at KVM_GET_XSAVE{2} (Bandan Das) [RHEL-7558] - x86/fpu: Allow caller to constrain xfeatures when copying to uabi buffer (Bandan Das) [RHEL-7558] - Bluetooth: Fix double free in hci_conn_cleanup (David Marlin) [RHEL-2555] {CVE-2023-28464} - Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (David Marlin) [RHEL-2555] - kobject: Fix slab-out-of-bounds in fill_kobj_path() (Waiman Long) [RHEL-20926] {CVE-2023-45863} - kobject: modify kobject_get_path() to take a const * (Waiman Long) [RHEL-20926] {CVE-2023-45863} - kobject: Remove docstring reference to kset (Waiman Long) [RHEL-20926] {CVE-2023-45863} - EDAC/amd64: Add support for AMD family 1Ah models 00h-1Fh and 40h-4Fh (Aristeu Rozanski) [RHEL-10031] - amd64: allow F0 and F6 registers to be missing (Aristeu Rozanski) [RHEL-10031] - hwmon: (k10temp) Add thermal support for AMD Family 1Ah-based models (Aristeu Rozanski) [RHEL-10031] - x86/amd_nb: Add PCI IDs for AMD Family 1Ah-based models (Aristeu Rozanski) [RHEL-10031] - nvmet-tcp: Fix the H2C expected PDU len calculation (Maurizio Lombardi) [RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6536 CVE-2023-6535 CVE-2023-6356} - nvmet-tcp: remove boilerplate code (Maurizio Lombardi) [RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6536 CVE-2023-6535 CVE-2023-6356} - nvmet-tcp: fix a crash in nvmet_req_complete() (Maurizio Lombardi) [RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6536 CVE-2023-6535 CVE-2023-6356} - nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length (Maurizio Lombardi) [RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6536 CVE-2023-6535 CVE-2023-6356} - ipv6: Remove extra counter pull before gc (Davide Caratti) [RHEL-21457] {CVE-2023-52340} - ipv6: remove max_size check inline with ipv4 (Davide Caratti) [RHEL-21457] {CVE-2023-52340} - net/dst: use a smaller percpu_counter batch for dst entries accounting (Davide Caratti) [RHEL-21457] {CVE-2023-52340} - net: add a route cache full diagnostic message (Davide Caratti) [RHEL-21457] {CVE-2023-52340} - x86/sev: Use the GHCB protocol when available for SNP CPUID requests (Bandan Das) [RHEL-16382] - x86/sev: Do not handle #VC for DR7 read/write (Bandan Das) [RHEL-16382] - Revert 'x86/sev: Expose sev_es_ghcb_hv_call() for use by HyperV' (Bandan Das) [RHEL-16382] - x86/alternatives: Add cond_resched() to text_poke_bp_batch() (Waiman Long) [RHEL-15221] - x86/alternative: Fix race in try_get_desc() (Waiman Long) [RHEL-15221] - x86/alternatives: Mark text_poke_loc_init() static (Waiman Long) [RHEL-15221] - x86/int3: Ensure that poke_int3_handler() is not traced (Waiman Long) [RHEL-15221] - tools/mm: filter out timestamps for correct collation (Audra Mitchell) [RHEL-3821] - tools/vm/page_owner_sort.c: support sorting pid and time (Audra Mitchell) [RHEL-3821] - tools/vm/page_owner_sort.c: filter out unneeded line (Audra Mitchell) [RHEL-3821] - tools/vm/page_owner: use page_owner_sort in the use example (Audra Mitchell) [RHEL-3821] - mm/page_owner: remove free_ts from page_owner output (Audra Mitchell) [RHEL-3821] - xfs: up(ic_sema) if flushing data device fails (Andrey Albershteyn) [RHEL-8464] - xfs: reserve less log space when recovering log intent items (Andrey Albershteyn) [RHEL-8464] - xfs: fix an agbno overflow in __xfs_getfsmap_datadev (Andrey Albershteyn) [RHEL-8464] - xfs: fix agf_fllast when repairing an empty AGFL (Andrey Albershteyn) [RHEL-8464] - xfs: fix dqiterate thinko (Andrey Albershteyn) [RHEL-8464] - xfs: fix uninit warning in xfs_growfs_data (Andrey Albershteyn) [RHEL-8464] - xfs: fix xfs_btree_query_range callers to initialize btree rec fully (Andrey Albershteyn) [RHEL-8464] - xfs: validate fsmap offsets specified in the query keys (Andrey Albershteyn) [RHEL-8464] - xfs: fix logdev fsmap query result filtering (Andrey Albershteyn) [RHEL-8464] - xfs: clean up the rtbitmap fsmap backend (Andrey Albershteyn) [RHEL-8464] - xfs: fix integer overflows in the fsmap rtbitmap and logdev backends (Andrey Albershteyn) [RHEL-8464] - xfs: fix interval filtering in multi-step fsmap queries (Andrey Albershteyn) [RHEL-8464] - xfs: don't reverse order of items in bulk AIL insertion (Andrey Albershteyn) [RHEL-8464] - xfs: fix ag count overflow during growfs (Andrey Albershteyn) [RHEL-8464] - xfs: don't deplete the reserve pool when trying to shrink the fs (Andrey Albershteyn) [RHEL-8464] - xfs: fix agf/agfl verification on v4 filesystems (Andrey Albershteyn) [RHEL-8464] - xfs: set bnobt/cntbt numrecs correctly when formatting new AGs (Andrey Albershteyn) [RHEL-8464] - xfs: fix rm_offset flag handling in rmap keys (Andrey Albershteyn) [RHEL-8464] - xfs: make kobj_type structures constant (Andrey Albershteyn) [RHEL-8464] - xfs: allow setting full range of panic tags (Andrey Albershteyn) [RHEL-8464] - xfs: shut up -Wuninitialized in xfsaild_push (Andrey Albershteyn) [RHEL-8464] - xfs: use memcpy, not strncpy, to format the attr prefix during listxattr (Andrey Albershteyn) [RHEL-8464] - xfs: initialize the check_owner object fully (Andrey Albershteyn) [RHEL-8464] - xfs: fix uninitialized list head in struct xfs_refcount_recovery (Andrey Albershteyn) [RHEL-8464] - xfs: increase rename inode reservation (Andrey Albershteyn) [RHEL-8464] - xfs: remove xfs_setattr_time() declaration (Andrey Albershteyn) [RHEL-8464] - xfs: Fix false ENOSPC when performing direct write on a delalloc extent in cow fork (Andrey Albershteyn) [RHEL-8464] - xfs: check return codes when flushing block devices (Andrey Albershteyn) [RHEL-8464] - xfs: reduce the number of atomic when locking a buffer after lookup (Andrey Albershteyn) [RHEL-8464] - xfs: convert btree buffer log flags to unsigned. (Andrey Albershteyn) [RHEL-8464] - xfs: shutdown in intent recovery has non-intent items in the AIL (Andrey Albershteyn) [RHEL-8464] - xfs: aborting inodes on shutdown may need buffer lock (Andrey Albershteyn) [RHEL-8464] - xfs: only bother with sync_filesystem during readonly remount (Andrey Albershteyn) [RHEL-8464] - xfs: kill the XFS_IOC_{ALLOC,FREE}SP* ioctls (Andrey Albershteyn) [RHEL-8464] {CVE-2021-4155} - xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (Andrey Albershteyn) [RHEL-8464] - xfs: only run COW extent recovery when there are no live extents (Andrey Albershteyn) [RHEL-8464] - xfs: move recovery needed state updates to xfs_log_mount_finish (Andrey Albershteyn) [RHEL-8464] - xfs: clear log incompat feature bits when the log is idle (Andrey Albershteyn) [RHEL-8464] - xfs: allow setting and clearing of log incompat feature flags (Andrey Albershteyn) [RHEL-8464] - xfs: remove all COW fork extents when remounting readonly (Andrey Albershteyn) [RHEL-8464] - xfs: replace snprintf in show functions with sysfs_emit (Andrey Albershteyn) [RHEL-8464] - xfs: reduce the size of nr_ops for refcount btree cursors (Andrey Albershteyn) [RHEL-8464] - xfs: rework attr2 feature and mount options (Andrey Albershteyn) [RHEL-8464] - xfs: sb verifier doesn't handle uncached sb buffer (Andrey Albershteyn) [RHEL-8464] - xfs: standardize inode number formatting in ftrace output (Andrey Albershteyn) [RHEL-8464] - xfs: make fsmap backend function key parameters const (Andrey Albershteyn) [RHEL-8464] - xfs: remove kmem_alloc_io() (Andrey Albershteyn) [RHEL-8464] - mm: Add kvrealloc() (Andrey Albershteyn) [RHEL-8464] - xfs: remove kmem_realloc() (Andrey Albershteyn) [RHEL-8464] - xfs: fix silly whitespace problems with kernel libxfs (Andrey Albershteyn) [RHEL-8464] - xfs: deprecate BMV_IF_NO_DMAPI_READ flag (Andrey Albershteyn) [RHEL-8464] [4.18.0-538] - ida: Fix crash in ida_free when the bitmap is empty (Wander Lairson Costa) [RHEL-19681] {CVE-2023-6915} - mm: create a new system state and fix core_kernel_text() (Joel Savitz) [RHEL-5227] - redhat: rewrite genlog and support Y- tags (Jan Stancek) - Revert 'md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d' (Nigel Croxon) [RHEL-22698] - Revert 'x86/fpu/xstate: Fix PKRU covert channel' (Steve Best) [RHEL-22192] - net: tls, update curr on splice as well (Sabrina Dubroca) [RHEL-19065] {CVE-2024-0646} - smb: client: fix OOB in smbCalcSize() (Scott Mayhew) [RHEL-18990] {CVE-2023-6606} - smb: client: fix potential OOB in smb2_dump_detail() (Scott Mayhew) [RHEL-19144] {CVE-2023-6610} - smb: client: fix potential OOB in cifs_dump_detail() (Scott Mayhew) [RHEL-19144] {CVE-2023-6610} - ovl: skip stale entries in merge dir cache iteration (Miklos Szeredi) [RHEL-18076] - ovl: invalidate readdir cache on changes to dir with origin (Miklos Szeredi) [RHEL-18076] - ipv6: avoid atomic fragment on GSO packets (Hangbin Liu) [RHEL-22149] - ipv6: fix potential NULL deref in fib6_add() (Hangbin Liu) [RHEL-22149] - lockdep: Fix block chain corruption (Joel Savitz) [RHEL-5227] - futex: Don't include process MM in futex key on no-MMU (Joel Savitz) [RHEL-5227] - locking/rtmutex: Fix task->pi_waiters integrity (Joel Savitz) [RHEL-5227] - locking/rwsem: Add __always_inline annotation to __down_read_common() and inlined callers (Joel Savitz) [RHEL-5227] - locking/rwsem: Disable preemption in all down_write*() and up_write() code paths (Joel Savitz) [RHEL-5227] - mm: make generic arch_is_kernel_initmem_freed() do what it says (Joel Savitz) [RHEL-5227] [4.18.0-537] - cgroup/cpuset: Inherit parent's load balance state in v2 (Waiman Long) [RHEL-12873] - cgroup/cpuset: Free DL BW in case can_attach() fails (Waiman Long) [RHEL-12873] - sched/deadline: Create DL BW alloc, free & check overflow interface (Waiman Long) [RHEL-12873] - cgroup/cpuset: Iterate only if DEADLINE tasks are present (Waiman Long) [RHEL-12873] - sched/cpuset: Keep track of SCHED_DEADLINE task in cpusets (Waiman Long) [RHEL-12873] - sched/cpuset: Bring back cpuset_mutex (Waiman Long) [RHEL-12873] - cgroup/cpuset: Rename functions dealing with DEADLINE accounting (Waiman Long) [RHEL-12873] - cgroup/cpuset: Skip task update if hotplug doesn't affect current cpuset (Waiman Long) [RHEL-12873] - cgroup/cpuset: Fix wrong check in update_parent_subparts_cpumask() (Waiman Long) [RHEL-12873] - cgroup/cpuset: Optimize cpuset_attach() on v2 (Waiman Long) [RHEL-12873] - cgroup/cpuset: Skip spread flags update on v2 (Waiman Long) [RHEL-12873] - kselftest/cgroup: Add cpuset v2 partition root state test (Waiman Long) [RHEL-12873] - cgroup/cpuset: Update description of cpuset.cpus.partition in cgroup-v2.rst (Waiman Long) [RHEL-12873] - cgroup/cpuset: Make partition invalid if cpumask change violates exclusivity rule (Waiman Long) [RHEL-12873] - cgroup/cpuset: Relocate a code block in validate_change() (Waiman Long) [RHEL-12873] - cgroup/cpuset: Show invalid partition reason string (Waiman Long) [RHEL-12873] - cgroup/cpuset: Add a new isolated cpus.partition type (Waiman Long) [RHEL-12873] - cgroup/cpuset: Relax constraints to partition & cpus changes (Waiman Long) [RHEL-12873] - cgroup/cpuset: Allow no-task partition to have empty cpuset.cpus.effective (Waiman Long) [RHEL-12873] - cgroup/cpuset: Miscellaneous cleanups & add helper functions (Waiman Long) [RHEL-12873] - cgroup: cleanup comments (Waiman Long) [RHEL-12873] - cgroup/cpuset: Avoid memory migration when nodemasks match (Waiman Long) [RHEL-12873] - cgroup/cpuset: Enable memory migration for cpuset v2 (Waiman Long) [RHEL-12873] - cgroup/cpuset: Enable event notification when partition state changes (Waiman Long) [RHEL-12873] - doc/admin-guide/cgroup-v2: use tables (Waiman Long) [RHEL-12873] - docs/admin-guide: cgroup-v2: fix cgroup.type rendering (Waiman Long) [RHEL-12873] - docs: fix memory.low description in cgroup-v2.rst (Waiman Long) [RHEL-12873] - cgroup/cpuset: Revert 'Reduce cpuset_rwsem writer latency' (Waiman Long) [RHEL-12873] - selftests/bpf: Workaround verification failure for fexit_bpf2bpf/func_replace_return_code (Artem Savkov) [RHEL-17256] - mISDN: fix use-after-free bugs in l1oip timer handlers (Ricardo Robaina) [RHEL-2553 RHEL-2690] {CVE-2022-3565} - firmware: dmi-sysfs: make pr_info messages rate limited (Prarit Bhargava) [RHEL-21096] - xfs: short circuit xfs_growfs_data_private() if delta is zero (Andrey Albershteyn) [RHEL-19431] - net-sysfs: add check for netdevice being present to speed_show (Michal Schmidt) [RHEL-16007] - drm/mgag200: Fix gamma lut not initialized for G200ER, G200EV, G200SE (Jocelyn Falempe) [RHEL-21054] - netfilter: nf_tables: bail out on mismatching dynset and set expressions (Florian Westphal) [RHEL-19014] {CVE-2023-6622} - netfilter: nft_set_pipapo: skip inactive elements during set walk (Florian Westphal) [RHEL-19721] {CVE-2023-6817} - ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet (Hangbin Liu) [RHEL-19794] {CVE-2023-6932} - s390/paes: fix PKEY_TYPE_EP11_AES handling for secure keyblobs (Tobias Huschle) [RHEL-22160] - s390/dasd: protect device queue against concurrent access (Tobias Huschle) [RHEL-22161] - s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (Tobias Huschle) [RHEL-16317] - s390/cmma: fix detection of DAT pages (Tobias Huschle) [RHEL-16317] - s390/mm: add missing arch_set_page_dat() call to gmap allocations (Tobias Huschle) [RHEL-16317] - s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() (Tobias Huschle) [RHEL-16317] - s390/cmma: fix initial kernel address space page table walk (Tobias Huschle) [RHEL-16317] - s390/vfio-ap: do not reset queue removed from host config (Cedric Le Goater) [RHEL-19575] - s390/vfio-ap: reset queues associated with adapter for queue unbound from driver (Cedric Le Goater) [RHEL-19575] - s390/vfio-ap: reset queues filtered from the guest's AP config (Cedric Le Goater) [RHEL-19575] - s390/vfio-ap: let on_scan_complete() callback filter matrix and update guest's APCB (Cedric Le Goater) [RHEL-19575] - s390/vfio-ap: loop over the shadow APCB when filtering guest's AP configuration (Cedric Le Goater) [RHEL-19575] - s390/vfio-ap: always filter entire AP matrix (Cedric Le Goater) [RHEL-19575] - KVM: s390: vsie: Fix STFLE interpretive execution identification (Cedric Le Goater) [RHEL-19575] - KVM: s390: vsie: fix race during shadow creation (Cedric Le Goater) [RHEL-19575] - KVM: s390: fix cc for successful PQAP (Cedric Le Goater) [RHEL-19575] - KVM: s390: fix setting of fpc register (Cedric Le Goater) [RHEL-19575] - s390/vfio-ap: fix sysfs status attribute for AP queue devices (Cedric Le Goater) [RHEL-19575] - s390/vfio-ap: unpin pages on gisc registration failure (Cedric Le Goater) [RHEL-19575] - iommu/iova: Manage the depot list size (Jerry Snitselaar) [RHEL-10100] - iommu/iova: Make the rcache depot scale better (Jerry Snitselaar) [RHEL-10100] - iommu/iova: Optimize iova_magazine_alloc() (Jerry Snitselaar) [RHEL-10100] - iommu/vt-d: Remove two WARN_ON in domain_context_mapping_one() (Jerry Snitselaar) [RHEL-10100] - iommu/vt-d: Handle the failure case of dmar_reenable_qi() (Jerry Snitselaar) [RHEL-10100] - iommu/vt-d: Remove BUG_ON in dmar_insert_dev_scope() (Jerry Snitselaar) [RHEL-10100] - iommu/vt-d: Remove a useless BUG_ON(dev->is_virtfn) (Jerry Snitselaar) [RHEL-10100] - iommu/vt-d: Remove BUG_ON in map/unmap() (Jerry Snitselaar) [RHEL-10100] - iommu/vt-d: Remove BUG_ON when domain->pgd is NULL (Jerry Snitselaar) [RHEL-10100] - iommu/vt-d: Remove BUG_ON in handling iotlb cache invalidation (Jerry Snitselaar) [RHEL-10100] - iommu/vt-d: Remove BUG_ON on checking valid pfn range (Jerry Snitselaar) [RHEL-10100] - iommu/vt-d: Make size of operands same in bitwise operations (Jerry Snitselaar) [RHEL-10100] - iommu/vt-d: Do not use GFP_ATOMIC when not needed (Jerry Snitselaar) [RHEL-10100] - iommu/vt-d: Remove PASID supervisor request support (Jerry Snitselaar) [RHEL-10100] - iommu/vt-d: Use non-privileged mode for all PASIDs (Jerry Snitselaar) [RHEL-10100] - iommu: Optimise PCI SAC address trick (Jerry Snitselaar) [RHEL-10100] - iommu/amd: Use page mode macros in fetch_pte() (Jerry Snitselaar) [RHEL-10100] - iommu/amd: Allocate IOMMU irqs using numa locality info (Jerry Snitselaar) [RHEL-10100] - iommu/amd: Allocate page table using numa locality info (Jerry Snitselaar) [RHEL-10100] - iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter (Jerry Snitselaar) [RHEL-10100] - iommu/amd: Fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (Jerry Snitselaar) [RHEL-10100] - iommu/amd: Do not allocate io_pgtable_ops for passthrough domain (Jerry Snitselaar) [RHEL-10100] - iommu/amd: Fix error handling for pdev_pri_ats_enable() (Jerry Snitselaar) [RHEL-10100] - iommu/amd: Fix compile error for unused function (Jerry Snitselaar) [RHEL-10025] - iommu/amd: Improving Interrupt Remapping Table Invalidation (Jerry Snitselaar) [RHEL-10025] - iommu/amd: Do not Invalidate IRT when IRTE caching is disabled (Jerry Snitselaar) [RHEL-10025] - iommu/amd: Introduce Disable IRTE Caching Support (Jerry Snitselaar) [RHEL-10025] - iommu/amd: Change macro for IOMMU control register bit shift to decimal value (Jerry Snitselaar) [RHEL-10025] - iommu/amd: Remove the unused struct amd_ir_data.ref (Jerry Snitselaar) [RHEL-10025] - iommu/amd: Switch amd_iommu_update_ga() to use modify_irte_ga() (Jerry Snitselaar) [RHEL-10025] - iommu/amd: Handle GALog overflows (Jerry Snitselaar) [RHEL-10025] - iommu/amd: Process all IVHDs before enabling IOMMU features (Jerry Snitselaar) [RHEL-10100] - iommu/amd: Introduce global variable for storing common EFR and EFR2 (Jerry Snitselaar) [RHEL-10100] - iommu/amd: Introduce Support for Extended Feature 2 Register (Jerry Snitselaar) [RHEL-10100] - iommu/vt-d: Avoid memory allocation in iommu_suspend() (Jerry Snitselaar) [RHEL-10100] - iommu/vt-d: Fix to flush cache of PASID directory table (Jerry Snitselaar) [RHEL-10100] - of/address: Return an error when no valid dma-ranges are found (Jerry Snitselaar) [RHEL-10100] - iommu/arm-smmu-qcom: Fix mask extraction for bootloader programmed SMRs (Jerry Snitselaar) [RHEL-10100] - iommu/arm-smmu-qcom: Read back stream mappings (Jerry Snitselaar) [RHEL-10100] - of: Fix 'dma-ranges' handling for bus controllers (Jerry Snitselaar) [RHEL-10100] - swiotlb: move slot allocation explanation comment where it belongs (Jerry Snitselaar) [RHEL-10100] - swiotlb: fix debugfs reporting of reserved memory pools (Jerry Snitselaar) [RHEL-10100] - iommu: fix MAX_ORDER usage in __iommu_dma_alloc_pages() (Jerry Snitselaar) [RHEL-1261] - swiotlb: use the calculated number of areas (Jerry Snitselaar) [RHEL-1261] - swiotlb: relocate PageHighMem test away from rmem_swiotlb_setup (Jerry Snitselaar) [RHEL-1261] - swiotlb: reduce the number of areas to match actual memory pool size (Jerry Snitselaar) [RHEL-1261] - swiotlb: always set the number of areas before allocating the pool (Jerry Snitselaar) [RHEL-1261] - swiotlb: clean up some coding style and minor issues (Jerry Snitselaar) [RHEL-1261] - iommu/amd: Fix DTE_IRQ_PHYS_ADDR_MASK macro (Jerry Snitselaar) [RHEL-1261] - iommu/amd/iommu_v2: Clear pasid state in free path (Jerry Snitselaar) [RHEL-14152] - iommu/amd/iommu_v2: Fix pasid_state refcount dec hit 0 warning on pasid unbind (Jerry Snitselaar) [RHEL-14152] - iommu/amd: Don't block updates to GATag if guest mode is on (Jerry Snitselaar) [RHEL-1261] - iommu/amd: Fix domain flush size when syncing iotlb (Jerry Snitselaar) [RHEL-1261] - iommu/amd: Fix 'Guest Virtual APIC Table Root Pointer' configuration in IRTE (Jerry Snitselaar) [RHEL-1261] - iommu: Fix error unwind in iommu_group_alloc() (Jerry Snitselaar) [RHEL-1261] - net/mlx5e: Fix error code in mlx5e_tc_action_miss_mapping_get() (Amir Tzin) [RHEL-924] - net/mlx5: Fix fw tracer first block check (Amir Tzin) [RHEL-924] - net/mlx5e: fix a potential double-free in fs_udp_create_groups (Amir Tzin) [RHEL-924] - net/mlx5e: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list() (Amir Tzin) [RHEL-924] - net/mlx5e: fix double free of encap_header (Amir Tzin) [RHEL-924] - Revert 'net/mlx5e: fix double free of encap_header' (Amir Tzin) [RHEL-924] - Revert 'net/mlx5e: fix double free of encap_header in update funcs' (Amir Tzin) [RHEL-924] - net/mlx5e: fix double free of encap_header in update funcs (Amir Tzin) [RHEL-924] - net/mlx5e: fix double free of encap_header (Amir Tzin) [RHEL-924] - net/mlx5e: Fix error codes in alloc_branch_attr() (Amir Tzin) [RHEL-924] - net/mlx5e: Track xmit submission to PTP WQ after populating metadata map (Amir Tzin) [RHEL-924] - net/mlx5e: Avoid referencing skb after free-ing in drop path of mlx5e_sq_xmit_wqe (Amir Tzin) [RHEL-924] - net/mlx5e: Correct snprintf truncation handling for fw_version buffer used by representors (Amir Tzin) [RHEL-924] - net/mlx5e: Correct snprintf truncation handling for fw_version buffer (Amir Tzin) [RHEL-924] - net/mlx5: Fix a NULL vs IS_ERR() check (Amir Tzin) [RHEL-924] - net/mlx5e: Check netdev pointer before checking its net ns (Amir Tzin) [RHEL-924] - net/mlx5e: TC, Don't offload post action rule if not supported (Amir Tzin) [RHEL-924] - net/mlx5e: Remove a useless function call (Amir Tzin) [RHEL-924] - net/mlx5e: Fix possible deadlock on mlx5e_tx_timeout_work (Amir Tzin) [RHEL-924] - net/mlx5: Increase size of irq name buffer (Amir Tzin) [RHEL-924] - net/mlx5e: Update doorbell for port timestamping CQ before the software counter (Amir Tzin) [RHEL-924] - net/mlx5e: Add recovery flow for tx devlink health reporter for unhealthy PTP SQ (Amir Tzin) [RHEL-924] - net/mlx5e: Make tx_port_ts logic resilient to out-of-order CQEs (Amir Tzin) [RHEL-924] - net/mlx5e: Check return value of snprintf writing to fw_version buffer for representors (Amir Tzin) [RHEL-924] - net/mlx5e: Check return value of snprintf writing to fw_version buffer (Amir Tzin) [RHEL-924] - net/mlx5e: Reduce the size of icosq_str (Amir Tzin) [RHEL-924] - net/mlx5e: Fix pedit endianness (Amir Tzin) [RHEL-924] - net/mlx5: Decouple PHC .adjtime and .adjphase implementations (Amir Tzin) [RHEL-924] - IB/mlx5: Fix init stage error handling to avoid double free of same QP and UAF (Amir Tzin) [RHEL-924] - IB/mlx5: Fix rdma counter binding for RAW QP (Amir Tzin) [RHEL-924] - net/mlx5e: Fix VF representors reporting zero counters to 'ip -s' command (Amir Tzin) [RHEL-13397 RHEL-924] - net/mlx5e: Don't offload internal port if filter device is out device (Amir Tzin) [RHEL-924] - net/mlx5e: XDP, Fix XDP_REDIRECT mpwqe page fragment leaks on shutdown (Amir Tzin) [RHEL-924] - net/mlx5: Handle fw tracer change ownership event based on MTRC (Amir Tzin) [RHEL-924] - net/mlx5: Bridge, fix peer entry ageing in LAG mode (Amir Tzin) [RHEL-924] - net/mlx5: E-switch, register event handler before arming the event (Amir Tzin) [RHEL-924] - net/mlx5e: Again mutually exclude RX-FCS and RX-port-timestamp (Amir Tzin) [RHEL-924] - RDMA/mlx5: Fix NULL string error (Amir Tzin) [RHEL-924] - RDMA/mlx5: Fix mutex unlocking on error flow for steering anchor creation (Amir Tzin) [RHEL-924] - net/mlx5: Free IRQ rmap and notifier on kernel shutdown (Amir Tzin) [RHEL-924] - net/mlx5: Free irqs only on shutdown callback (Amir Tzin) [RHEL-924] - net/mlx5: Improve naming of pci function vectors (Amir Tzin) [RHEL-924] - net/mlx5e: Clear mirred devices array if the rule is split (Amir Tzin) [RHEL-924] - net/mlx5: Dynamic cyclecounter shift calculation for PTP free running clock (Amir Tzin) [RHEL-924] - RDMA/mlx5: Fix trailing */ formatting in block comment (Amir Tzin) [RHEL-924] - net/mlx5: Use RMW accessors for changing LNKCTL (Amir Tzin) [RHEL-924] - net/mlx5: DR, Fix code indentation (Amir Tzin) [RHEL-924] - net/mlx5: Fix error message in mlx5_sf_dev_state_change_handler() (Amir Tzin) [RHEL-924] - net/mlx5e: Add capability check for vnic counters (Amir Tzin) [RHEL-924] - net/mlx5e: Expose catastrophic steering error counters (Amir Tzin) [RHEL-924] - net/mlx5: Skip clock update work when device is in error state (Amir Tzin) [RHEL-924] - net/mlx5: LAG, Check correct bucket when modifying LAG (Amir Tzin) [RHEL-924] - net/mlx5e: Unoffload post act rule when handling FIB events (Amir Tzin) [RHEL-924] - net/mlx5: Allow 0 for total host VFs (Amir Tzin) [RHEL-924] - net/mlx5: DR, Fix wrong allocation of modify hdr pattern (Amir Tzin) [RHEL-924] - net/mlx5e: TC, Fix internal port memory leak (Amir Tzin) [RHEL-924] - net/mlx5: Fix typo reminder -> remainder (Amir Tzin) [RHEL-924] - net/mlx5: fs_core: Skip the FTs in the same FS_TYPE_PRIO_CHAINS fs_prio (Amir Tzin) [RHEL-924] - net/mlx5: fs_core: Make find_closest_ft more generic (Amir Tzin) [RHEL-924] - net/mlx5e: kTLS, Fix protection domain in use syndrome when devlink reload (Amir Tzin) [RHEL-924] - net/mlx5e: Move representor neigh cleanup to profile cleanup_tx (Amir Tzin) [RHEL-924] - net/mlx5e: Fix crash moving to switchdev mode when ntuple offload is set (Amir Tzin) [RHEL-13501 RHEL-924] - net/mlx5e: Don't hold encap tbl lock if there is no encap action (Amir Tzin) [RHEL-924] - net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer() (Amir Tzin) [RHEL-924] - net/mlx5: fix potential memory leak in mlx5e_init_rep_rx (Amir Tzin) [RHEL-924] - net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx (Amir Tzin) [RHEL-924] - net/mlx5e: Check for NOT_READY flag state after locking (Amir Tzin) [RHEL-924] - net/mlx5: Register a unique thermal zone per device (Amir Tzin) [RHEL-924] - net/mlx5e: fix memory leak in mlx5e_ptp_open (Amir Tzin) [RHEL-924] - net/mlx5e: fix memory leak in mlx5e_fs_tt_redirect_any_create (Amir Tzin) [RHEL-924] - net/mlx5e: fix double free in mlx5e_destroy_flow_table (Amir Tzin) [RHEL-924] - net/mlx5: Fix reserved at offset in hca_cap register (Amir Tzin) [RHEL-924] - RDMA/mlx5: Fix Q-counters query in LAG mode (Amir Tzin) [RHEL-924] - RDMA/mlx5: Remove vport Q-counters dependency on normal Q-counters (Amir Tzin) [RHEL-924] - RDMA/mlx5: Fix Q-counters per vport allocation (Amir Tzin) [RHEL-924] - net/mlx5: Drain health before unregistering devlink (Amir Tzin) [RHEL-924] - net/mlx5: E-switch, Devcom, sync devcom events and devcom comp register (Amir Tzin) [RHEL-924] - eth: mlx5: avoid iterator use outside of a loop (Amir Tzin) [RHEL-924] - net/mlx5: Update op_mode to op_mod for port selection (Amir Tzin) [RHEL-924] - net/mlx5: E-Switch, Remove redundant dev arg from mlx5_esw_vport_alloc() (Amir Tzin) [RHEL-924] - Documentation: net/mlx5: Wrap notes in admonition blocks (Amir Tzin) [RHEL-924] - Documentation: net/mlx5: Use bullet and definition lists for vnic counters description (Amir Tzin) [RHEL-924] - Documentation: net/mlx5: Wrap vnic reporter devlink commands in code blocks (Amir Tzin) [RHEL-924] - net/mlx5e: Add vnic devlink health reporter to representors (Amir Tzin) [RHEL-14659 RHEL-924] - net/mlx5: Add vnic devlink health reporter to PFs/VFs (Amir Tzin) [RHEL-14659 RHEL-924] - Revert 'net/mlx5: Expose vnic diagnostic counters for eswitch managed vports' (Amir Tzin) [RHEL-14659 RHEL-924] - Revert 'net/mlx5: Expose steering dropped packets counter' (Amir Tzin) [RHEL-14659 RHEL-924] - net/mlx5: Create a new profile for SFs (Amir Tzin) [RHEL-924] - net/mlx5: Bridge, add tracepoints for multicast (Amir Tzin) [RHEL-924] - net/mlx5: Bridge, implement mdb offload (Amir Tzin) [RHEL-924] - net/mlx5: Bridge, support multicast VLAN pop (Amir Tzin) [RHEL-924] - net/mlx5: Bridge, add per-port multicast replication tables (Amir Tzin) [RHEL-924] - net/mlx5: Bridge, snoop igmp/mld packets (Amir Tzin) [RHEL-924] - net/mlx5: Bridge, extract code to lookup parent bridge of port (Amir Tzin) [RHEL-924] - net/mlx5: Bridge, move additional data structures to priv header (Amir Tzin) [RHEL-924] - net/mlx5: Bridge, increase bridge tables sizes (Amir Tzin) [RHEL-924] - net/mlx5: Add mlx5_ifc definitions for bridge multicast support (Amir Tzin) [RHEL-924] - net/mlx5e: Fix SQ SW state layout in SQ devlink health diagnostics (Amir Tzin) [RHEL-924] - net/mlx5e: Fix RQ SW state layout in RQ devlink health diagnostics (Amir Tzin) [RHEL-924] - RDMA/mlx5: Remove unused num_alloc_xa_entries variable (Amir Tzin) [RHEL-924] - net/mlx5e: Rename misleading skb_pc/cc references in ptp code (Amir Tzin) [RHEL-924] - net/mlx5: Update cyclecounter shift value to improve ptp free running mode precision (Amir Tzin) [RHEL-924] - RDMA/mlx5: Expand switchdev Q-counters to expose representor statistics (Amir Tzin) [RHEL-924] - net/mlx5: Introduce other vport query for Q-counters (Amir Tzin) [RHEL-924] - net/mlx5e: Fix build break on 32bit (Amir Tzin) [RHEL-924] - net/mlx5: Set out of order (ooo) by default (Amir Tzin) [RHEL-924] - RDMA/mlx5: Disable out-of-order in integrity enabled QPs (Amir Tzin) [RHEL-924] - net/mlx5: Expose bits for enabling out-of-order by default (Amir Tzin) [RHEL-924] - net/mlx5e: TC, Add support for VxLAN GBP encap/decap flows offload (Amir Tzin) [RHEL-897 RHEL-924] - net/mlx5e: Add helper for encap_info_equal for tunnels with options (Amir Tzin) [RHEL-897 RHEL-924] - net/mlx5e: Remove redundant include statement and adjust code to upstream. (Amir Tzin) [RHEL-924] - net/mlx5e: Enable TC offload for egress MACVLAN over bond (Amir Tzin) [RHEL-924] - net/mlx5e: Enable TC offload for ingress MACVLAN over bond (Amir Tzin) [RHEL-924] - net/mlx5e: TC, Extract indr setup block checks to function (Amir Tzin) [RHEL-924] - net/mlx5e: Add XSK RQ state flag for RQ devlink health diagnostics (Amir Tzin) [RHEL-924] - net/mlx5e: Expose SQ SW state as part of SQ health diagnostics (Amir Tzin) [RHEL-924] - net/mlx5e: Stringify RQ SW state in RQ devlink health diagnostics (Amir Tzin) [RHEL-924] - net/mlx5e: Rename RQ/SQ adaptive moderation state flag (Amir Tzin) [RHEL-924] - net/mlx5e: Utilize the entire fifo (Amir Tzin) [RHEL-924] - net/mlx5: Implement thermal zone (Amir Tzin) [RHEL-924] - net/mlx5: Stop waiting for PCI up if teardown was triggered (Amir Tzin) [RHEL-924] - net/mlx5: remove redundant clear_bit (Amir Tzin) [RHEL-924] [4.18.0-536] - libbpf: Add LIBBPF_DEPRECATED_SINCE macro for scheduling API deprecations (Artem Savkov) [RHEL-10697] - drm/amdgpu/sdma5.2: add begin/end_use ring callbacks (Michel Danzer) [RHEL-19603] - audit: fix possible soft lockup in __audit_inode_child() (Ricardo Robaina) [RHEL-9128] - audit: correct audit_filter_inodes() definition (Ricardo Robaina) [RHEL-9128] - usb: typec: ucsi: Use GET_CAPABILITY attributes data to set power supply scope (Desnes Nunes) [RHEL-14574] - perf: Fix perf_event_validate_size() lockdep splat (Michael Petlan) [RHEL-17968] - perf: Fix perf_event_validate_size() (Michael Petlan) [RHEL-17968] {CVE-2023-6931} - Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg (Ricardo Robaina) [RHEL-20743] {CVE-2023-51779} - md/raid1-10: limit the number of plugged bio (Nigel Croxon) [RHEL-19121] - md/raid1-10: don't handle pluged bio by daemon thread (Nigel Croxon) [RHEL-19121] - md/md-bitmap: add a new helper to unplug bitmap asynchrously (Nigel Croxon) [RHEL-19121] - md/raid1-10: submit write io directly if bitmap is not enabled (Nigel Croxon) [RHEL-19121] - md/raid1-10: factor out a helper to submit normal write (Nigel Croxon) [RHEL-19121] - md/raid1-10: factor out a helper to add bio to plug (Nigel Croxon) [RHEL-19121] - selftests/bpf: Workaround verification failure for fexit_bpf2bpf/func_replace_return_code (Felix Maurer) [RHEL-15938] - bpf, sockmap: Reject sk_msg egress redirects to non-TCP sockets (Felix Maurer) [RHEL-15506] - bpf, sockmap: Fix map type error in sock_map_del_link (Felix Maurer) [RHEL-15506] - xsk: fix refcount underflow in error path (Felix Maurer) [RHEL-15506] - bpf, cpumap: Make sure kthread is running before map update returns (Felix Maurer) [RHEL-15506] - bpf: cpumap: Fix memory leak in cpu_map_update_elem (Felix Maurer) [RHEL-15506] - page_pool: fix inconsistency for page_pool_ring_[un]lock() (Felix Maurer) [RHEL-15506] - net: page_pool: use in_softirq() instead (Felix Maurer) [RHEL-15506] - xsk: Fix unaligned descriptor validation (Felix Maurer) [RHEL-15506] - Revert 'x86/hyperv: fix logical processor creation' (Vitaly Kuznetsov) [RHEL-10110] - x86/hyperv: fix logical processor creation (Vitaly Kuznetsov) [RHEL-10110] - x86/hyperv: Move the code in ivm.c around to avoid unnecessary ifdef's (Vitaly Kuznetsov) [RHEL-10110] - x86/hyperv: Remove hv_isolation_type_en_snp (Vitaly Kuznetsov) [RHEL-10110] - x86/hyperv: Use TDX GHCI to access some MSRs in a TDX VM with the paravisor (Vitaly Kuznetsov) [RHEL-10110] - Drivers: hv: vmbus: Bring the post_msg_page back for TDX VMs with the paravisor (Vitaly Kuznetsov) [RHEL-10110] - x86/hyperv: Introduce a global variable hyperv_paravisor_present (Vitaly Kuznetsov) [RHEL-10110] - x86/hyperv: Add missing 'inline' to hv_snp_boot_ap() stub (Vitaly Kuznetsov) [RHEL-10110] - x86/hyperv: Mark hv_ghcb_terminate() as noreturn (Vitaly Kuznetsov) [RHEL-10110] - Drivers: hv: vmbus: Support >64 VPs for a fully enlightened TDX/SNP VM (Vitaly Kuznetsov) [RHEL-10110] - x86/hyperv: Fix serial console interrupts for fully enlightened TDX guests (Vitaly Kuznetsov) [RHEL-10110] - Drivers: hv: vmbus: Support fully enlightened TDX guests (Vitaly Kuznetsov) [RHEL-10110] - x86/hyperv: Support hypercalls for fully enlightened TDX guests (Vitaly Kuznetsov) [RHEL-10110] - x86/hyperv: Add hv_isolation_type_tdx() to detect TDX guests (Vitaly Kuznetsov) [RHEL-10110] - x86/hyperv: Fix undefined reference to isolation_type_en_snp without CONFIG_HYPERV (Vitaly Kuznetsov) [RHEL-10110] - x86/hyperv: Add hyperv-specific handling for VMMCALL under SEV-ES (Vitaly Kuznetsov) [RHEL-10110] - x86/hyperv: Add smp support for SEV-SNP guest (Vitaly Kuznetsov) [RHEL-10110] - x86/hyperv: implement and use hv_smp_prepare_cpus (Vitaly Kuznetsov) [RHEL-10110] - x86/hyperv: Add VTL specific structs and hypercalls (Vitaly Kuznetsov) [RHEL-10110] - clocksource: hyper-v: Mark hyperv tsc page unencrypted in sev-snp enlightened guest (Vitaly Kuznetsov) [RHEL-10110] - x86/hyperv: Use vmmcall to implement Hyper-V hypercall in sev-snp enlightened guest (Vitaly Kuznetsov) [RHEL-10110] - drivers: hv: Mark percpu hvcall input arg page unencrypted in SEV-SNP enlightened guest (Vitaly Kuznetsov) [RHEL-10110] - Drivers: hv: vmbus: Remove the per-CPU post_msg_page (Vitaly Kuznetsov) [RHEL-10110] - x86/hyperv: Mark Hyper-V vp assist page unencrypted in SEV-SNP enlightened guest (Vitaly Kuznetsov) [RHEL-10110] - x86/hyperv: Set Virtual Trust Level in VMBus init message (Vitaly Kuznetsov) [RHEL-10110] - x86/hyperv: Add sev-snp enlightened guest static key (Vitaly Kuznetsov) [RHEL-10110] - x86/tdx: Do not corrupt frame-pointer in __tdx_hypercall() (Vitaly Kuznetsov) [RHEL-10110] - x86/tdx: Expand __tdx_hypercall() to handle more arguments (Vitaly Kuznetsov) [RHEL-10110] - x86/tdx: Refactor __tdx_hypercall() to allow pass down more arguments (Vitaly Kuznetsov) [RHEL-10110] - x86/tdx: Add more registers to struct tdx_hypercall_args (Vitaly Kuznetsov) [RHEL-10110] - x86/tdx: Fix typo in comment in __tdx_hypercall() (Vitaly Kuznetsov) [RHEL-10110] - arm64/hyperv: Use CPUHP_AP_HYPERV_ONLINE state to fix CPU online sequencing (Vitaly Kuznetsov) [RHEL-10110] - x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline (Vitaly Kuznetsov) [RHEL-10110] - PCI: hv: Replace retarget_msi_interrupt_params with hyperv_pcpu_input_arg (Vitaly Kuznetsov) [RHEL-10110] - PCI: hv: Enable PCI pass-thru devices in Confidential VMs (Vitaly Kuznetsov) [RHEL-10110] - Drivers: hv: Don't remap addresses that are above shared_gpa_boundary (Vitaly Kuznetsov) [RHEL-10110] - hv_netvsc: Remove second mapping of send and recv buffers (Vitaly Kuznetsov) [RHEL-10110] - Drivers: hv: vmbus: Remove second way of mapping ring buffers (Vitaly Kuznetsov) [RHEL-10110] - Drivers: hv: vmbus: Remove second mapping of VMBus monitor pages (Vitaly Kuznetsov) [RHEL-10110] - swiotlb: Remove bounce buffer remapping for Hyper-V (Vitaly Kuznetsov) [RHEL-10110] - x86/hyperv: Change vTOM handling to use standard coco mechanisms (Vitaly Kuznetsov) [RHEL-10110] - init: Call mem_encrypt_init() after Hyper-V hypercall init is done (Vitaly Kuznetsov) [RHEL-10110] - x86/mm: Handle decryption/re-encryption of bss_decrypted consistently (Vitaly Kuznetsov) [RHEL-10110] - Drivers: hv: Explicitly request decrypted in vmap_pfn() calls (Vitaly Kuznetsov) [RHEL-10110] - x86/hyperv: Reorder code to facilitate future work (Vitaly Kuznetsov) [RHEL-10110] - x86/ioremap: Add hypervisor callback for private MMIO mapping in coco VM (Vitaly Kuznetsov) [RHEL-10110] - x86/sev: Add SEV-SNP guest feature negotiation support (Vitaly Kuznetsov) [RHEL-10110] - ALSA: update configuration for RHEL 8.10 (Jaroslav Kysela) [RHEL-13726] - ASoC: hdmi-codec: fix missing report for jack initial status (Jaroslav Kysela) [RHEL-13726] - ALSA: pcm: fix out-of-bounds in snd_pcm_state_names (Jaroslav Kysela) [RHEL-13726] - ALSA: cs35l41: Fix for old systems which do not support command (Jaroslav Kysela) [RHEL-13726] - ALSA: hda: cs35l41: Remove unnecessary boolean state variable firmware_running (Jaroslav Kysela) [RHEL-13726] - ALSA: usb-audio: Add Pioneer DJM-450 mixer controls (Jaroslav Kysela) [RHEL-13726] - ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5 (Jaroslav Kysela) [RHEL-13726] - ALSA: hda/realtek: fix speakers on XPS 9530 (2023) (Jaroslav Kysela) [RHEL-13726] - ALSA: hda/realtek: Apply quirk for ASUS UM3504DA (Jaroslav Kysela) [RHEL-13726] - ALSA: hda/realtek: Add supported ALC257 for ChromeOS (Jaroslav Kysela) [RHEL-13726] - ALSA: hda/realtek: Headset Mic VREF to 100% (Jaroslav Kysela) [RHEL-13726] - ALSA: hda - Fix speaker and headset mic pin config for CHUWI CoreBook XPro (Jaroslav Kysela) [RHEL-13726] - ALSA: hda/realtek: Add quirks for HP Laptops (Jaroslav Kysela) [RHEL-13726] - ALSA: hda/realtek: Add quirks for ASUS 2024 Zenbooks (Jaroslav Kysela) [RHEL-13726] - ALSA: hda/realtek: Enable Mute LED on HP 255 G10 (Jaroslav Kysela) [RHEL-13726] - ALSA: hda/realtek: Enable Mute LED on HP 255 G8 (Jaroslav Kysela) [RHEL-13726] - ALSA: hda/realtek - Add Dell ALC295 to pin fall back table (Jaroslav Kysela) [RHEL-13726] - ALSA: info: Fix potential deadlock at disconnection (Jaroslav Kysela) [RHEL-13726] - ALSA: hda: ASUS UM5302LA: Added quirks for cs35L41/10431A83 on i2c bus (Jaroslav Kysela) [RHEL-13726] - ALSA: hda/realtek: Add support dual speaker for Dell (Jaroslav Kysela) [RHEL-13726] - ASoC: nau8540: Add self recovery to improve capture quility (Jaroslav Kysela) [RHEL-13726] - ASoC: hdmi-codec: register hpd callback on component probe (Jaroslav Kysela) [RHEL-13726] - ASoC: dapm: fix clock get name (Jaroslav Kysela) [RHEL-13726] - ALSA: hda: Add ASRock X670E Taichi to denylist (Jaroslav Kysela) [RHEL-13726] - ALSA: hda/realtek: Add quirk for ASUS UX7602ZM (Jaroslav Kysela) [RHEL-13726] - ASoC: da7219: Improve system suspend and resume handling (Jaroslav Kysela) [RHEL-13726] - ASoC: rt712-sdca: fix speaker route missing issue (Jaroslav Kysela) [RHEL-13726] - ALSA: hda: cs35l41: Fix missing error code in cs35l41_smart_amp() (Jaroslav Kysela) [RHEL-13726] - ALSA: hda: cs35l41: mark cs35l41_verify_id() static (Jaroslav Kysela) [RHEL-13726] - ALSA: scarlett2: Add missing check with firmware version control (Jaroslav Kysela) [RHEL-13726] - ALSA: scarlett2: Remap Level Meter values (Jaroslav Kysela) [RHEL-13726] - ALSA: scarlett2: Allow passing any output to line_out_remap() (Jaroslav Kysela) [RHEL-13726] - ALSA: scarlett2: Add support for reading firmware version (Jaroslav Kysela) [RHEL-13726] - ALSA: scarlett2: Rename Gen 3 config sets (Jaroslav Kysela) [RHEL-13726] - ALSA: scarlett2: Rename scarlett_gen2 to scarlett2 (Jaroslav Kysela) [RHEL-13726] - ASoC: cs35l41: Detect CSPL errors when sending CSPL commands (Jaroslav Kysela) [RHEL-13726] - ALSA: hda: cs35l41: Check CSPL state after loading firmware (Jaroslav Kysela) [RHEL-13726] - ALSA: hda: cs35l41: Do not unload firmware before reset in system suspend (Jaroslav Kysela) [RHEL-13726] - ALSA: hda: cs35l41: Force a software reset after hardware reset (Jaroslav Kysela) [RHEL-13726] - ALSA: hda: cs35l41: Run boot process during resume callbacks (Jaroslav Kysela) [RHEL-13726] - ALSA: hda: cs35l41: Assert Reset prior to de-asserting in probe and system resume (Jaroslav Kysela) [RHEL-13726] - ALSA: hda: cs35l41: Assert reset before system suspend (Jaroslav Kysela) [RHEL-13726] - ALSA: hda: cs35l41: Use reset label to get GPIO for HP Zbook Fury 17 G9 (Jaroslav Kysela) [RHEL-13726] - ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails (Jaroslav Kysela) [RHEL-13726] - ALSA: usb-audio: add quirk flag to enable native DSD for McIntosh devices (Jaroslav Kysela) [RHEL-13726] - ASoC: codecs: rt298: remove redundant assignment to d_len_code (Jaroslav Kysela) [RHEL-13726] - ASoC: SOF: sof-pci-dev: Fix community key quirk detection (Jaroslav Kysela) [RHEL-13726] - ASoC: intel: sof_sdw: Stop processing CODECs when enough are found (Jaroslav Kysela) [RHEL-13726] - ALSA: hda: intel-dsp-config: Fix JSL Chromebook quirk detection (Jaroslav Kysela) [RHEL-13726] - ASoC: da7213: Add new kcontrol for tonegen (Jaroslav Kysela) [RHEL-13726] - ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (Jaroslav Kysela) [RHEL-13726] - ASoC: da7219: Correct the process of setting up Gnd switch in AAD (Jaroslav Kysela) [RHEL-13726] - ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq5xxx (Jaroslav Kysela) [RHEL-13726] - ALSA: hda/realtek: Add quirk for ASUS ROG GU603ZV (Jaroslav Kysela) [RHEL-13726] - ASoC: rt5650: fix the wrong result of key button (Jaroslav Kysela) [RHEL-13726] - ASoC: rt715: reorder the argument in error log (Jaroslav Kysela) [RHEL-13726] - ASoC: rt715-sdca: reorder the argument in error log (Jaroslav Kysela) [RHEL-13726] - ASoC: Intel: sof_sdw_rt712_sdca: construct cards->components by name_prefix (Jaroslav Kysela) [RHEL-13726] - ASoC: Intel: sof_sdw_rt_sdca_jack_common: add rt713 support (Jaroslav Kysela) [RHEL-13726] - ASoC: Intel: soc-acpi-intel-mtl-match: add rt713 rt1316 config (Jaroslav Kysela) [RHEL-13726] - ASoC: Intel: soc-acpi-intel-rpl-match: add rt711-l0-rt1316-l12 support (Jaroslav Kysela) [RHEL-13726] - ASoC: Intel: sof_sdw: update HP Omen match (Jaroslav Kysela) [RHEL-13726] - ASoC: cs42l42: Fix missing include of gpio/consumer.h (Jaroslav Kysela) [RHEL-13726] - ASoC: SOF: core: Ensure sof_ops_free() is still called when probe never ran. (Jaroslav Kysela) [RHEL-13726] - ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support (Jaroslav Kysela) [RHEL-13726] - ALSA: usb-audio: Fix microphone sound on Nexigo webcam. (Jaroslav Kysela) [RHEL-13726] - ALSA: hda/realtek: Change model for Intel RVP board (Jaroslav Kysela) [RHEL-13726] - ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (Jaroslav Kysela) [RHEL-13726] - ALSA: hda: cs35l41: Cleanup and fix double free in firmware request (Jaroslav Kysela) [RHEL-13726] - ASoC: rt5682: Fix regulator enable/disable sequence (Jaroslav Kysela) [RHEL-13726] - ASoC: hdmi-codec: Fix broken channel map reporting (Jaroslav Kysela) [RHEL-13726] - ASoC: core: Do not call link_exit() on uninitialized rtd objects (Jaroslav Kysela) [RHEL-13726] - ASoC: core: Print component name when printing log (Jaroslav Kysela) [RHEL-13726] - ASoC: amd: yc: Fix non-functional mic on Lenovo 82YM (Jaroslav Kysela) [RHEL-13726] - ALSA: aloop: Add control element for getting the access mode (Jaroslav Kysela) [RHEL-13726] - ALSA: aloop: Add support for the non-interleaved access mode (Jaroslav Kysela) [RHEL-13726] - ALSA: inx0m: fix name of SIS7013 sound chip in comment (Jaroslav Kysela) [RHEL-13726] - ASoC: SOF: amd: fix for firmware reload failure after playback (Jaroslav Kysela) [RHEL-13726] - ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support (Jaroslav Kysela) [RHEL-13726] - ASoC: soc-generic-dmaengine-pcm: Fix function name in comment (Jaroslav Kysela) [RHEL-13726] - ALSA: hda: cs35l41: Add read-only ALSA control for forced mute (Jaroslav Kysela) [RHEL-13726] - ALSA: hda: cs35l41: Support mute notifications for CS35L41 HDA (Jaroslav Kysela) [RHEL-13726] - ALSA: hda/realtek: Support ACPI Notification framework via component binding (Jaroslav Kysela) [RHEL-13726] - ALSA: hda: cs35l41: Add notification support into component binding (Jaroslav Kysela) [RHEL-13726] - ALSA: hda/realtek - ALC287 merge RTK codec with CS CS35L41 AMP (Jaroslav Kysela) [RHEL-13726] - ASoC: hdac_hda: fix HDA patch loader support (Jaroslav Kysela) [RHEL-13726] - soundwire: bus: Make IRQ handling conditionally built (Jaroslav Kysela) [RHEL-13726] - ASoC: soc-pcm.c: Make sure DAI parameters cleared if the DAI becomes inactive (Jaroslav Kysela) [RHEL-13726] - ASoC: Intel: sof_sdw: add support for SKU 0B14 (Jaroslav Kysela) [RHEL-13726] - ASoC: Intel: soc-acpi: fix Dell SKU 0B34 (Jaroslav Kysela) [RHEL-13726] - ASoC: hdac_hda: add HDA patch loader support (Jaroslav Kysela) [RHEL-13726] - ALSA: hda/realtek - ALC287 Realtek I2S speaker platform support (Jaroslav Kysela) [RHEL-13726] - ALSA: usb-audio: scarlett_gen2: Fix another -Wformat-truncation warning (Jaroslav Kysela) [RHEL-13726] - ASoC: SOF: ipc4-topology: Use size_add() in call to struct_size() (Jaroslav Kysela) [RHEL-13726] - ASoC: SOF: Intel: MTL: Reduce the DSP init timeout (Jaroslav Kysela) [RHEL-13726] - ASoC: SOF: core: Only call sof_ops_free() on remove if the probe was successful (Jaroslav Kysela) [RHEL-13726] - ALSA: riptide: Fix -Wformat-truncation warning for longname string (Jaroslav Kysela) [RHEL-13726] - ALSA: cs4231: Fix -Wformat-truncation warning for longname string (Jaroslav Kysela) [RHEL-13726] - ALSA: ad1848: Fix -Wformat-truncation warning for longname string (Jaroslav Kysela) [RHEL-13726] - ALSA: hda: generic: Check potential mixer name string truncation (Jaroslav Kysela) [RHEL-13726] - ALSA: cmipci: Fix -Wformat-truncation warning (Jaroslav Kysela) [RHEL-13726] - ALSA: firewire: Fix -Wformat-truncation warning for MIDI stream names (Jaroslav Kysela) [RHEL-13726] - ALSA: firewire: Fix -Wformat-truncation warning for longname string (Jaroslav Kysela) [RHEL-13726] - ALSA: xen: Fix -Wformat-truncation warning (Jaroslav Kysela) [RHEL-13726] - ALSA: opti9x: Fix -Wformat-truncation warning (Jaroslav Kysela) [RHEL-13726] - ALSA: es1688: Fix -Wformat-truncation warning (Jaroslav Kysela) [RHEL-13726] - ALSA: cs4236: Fix -Wformat-truncation warning (Jaroslav Kysela) [RHEL-13726] - ALSA: sscape: Fix -Wformat-truncation warning (Jaroslav Kysela) [RHEL-13726] - ALSA: caiaq: Fix -Wformat-truncation warning (Jaroslav Kysela) [RHEL-13726] - ALSA: usb-audio: scarlett_gen2: Fix -Wformat-truncation warning (Jaroslav Kysela) [RHEL-13726] - ASoC: imx-audmix: Fix return error with devm_clk_get() (Jaroslav Kysela) [RHEL-13726] - ASoC: hdaudio.c: Add missing check for devm_kstrdup (Jaroslav Kysela) [RHEL-13726] - ALSA: scarlett2: Add correct product series name to messages (Jaroslav Kysela) [RHEL-13726] - ALSA: scarlett2: Add support for Clarett 8Pre USB (Jaroslav Kysela) [RHEL-13726] - ALSA: scarlett2: Move USB IDs out from device_info struct (Jaroslav Kysela) [RHEL-13726] - ALSA: scarlett2: Default mixer driver to enabled (Jaroslav Kysela) [RHEL-13726] - ASoC: SOF: ipc4-topology: fix wrong sizeof argument (Jaroslav Kysela) [RHEL-13726] - ASoC: SOF: sof-audio: Fix DSP core put imbalance on widget setup failure (Jaroslav Kysela) [RHEL-13726] - firmware: cirrus: cs_dsp: Only log list of algorithms in debug build (Jaroslav Kysela) [RHEL-13726] - ASoC: cs42l42: Avoid stale SoundWire ATTACH after hard reset (Jaroslav Kysela) [RHEL-13726] - ASoC: cs42l42: Don't rely on GPIOD_OUT_LOW to set RESET initially low (Jaroslav Kysela) [RHEL-13726] - ASoC: cs42l42: Ensure a reset pulse meets minimum pulse width. (Jaroslav Kysela) [RHEL-13726] - ALSA: usb-audio: mixer: Remove temporary string use in parse_clock_source_unit (Jaroslav Kysela) [RHEL-13726] - ALSA: hda/realtek: Splitting the UX3402 into two separate models (Jaroslav Kysela) [RHEL-13726] - ALSA: hda: intel-sdw-acpi: Use u8 type for link index (Jaroslav Kysela) [RHEL-13726] - ASoC: rt5640: Only cancel jack-detect work on suspend if active (Jaroslav Kysela) [RHEL-13726] - ASoC: rt5640: Fix IRQ not being free-ed for HDA jack detect mode (Jaroslav Kysela) [RHEL-13726] - ASoC: rt5640: Enable the IRQ on resume after configuring jack-detect (Jaroslav Kysela) [RHEL-13726] - ASoC: rt5640: Do not disable/enable IRQ twice on suspend/resume (Jaroslav Kysela) [RHEL-13726] - ASoC: rt5640: Fix sleep in atomic context (Jaroslav Kysela) [RHEL-13726] - ASoC: rt5640: Revert 'Fix sleep in atomic context' (Jaroslav Kysela) [RHEL-13726] - ALSA: core: Use dev_name of card_dev as debugfs directory name (Jaroslav Kysela) [RHEL-13726] - ALSA: hda/realtek - Fixed two speaker platform (Jaroslav Kysela) [RHEL-13726] - ASoC: amd: yc: Fix non-functional mic on Lenovo 82QF and 82UG (Jaroslav Kysela) [RHEL-13726] - Add DMI ID for MSI Bravo 15 B7ED (Jaroslav Kysela) [RHEL-13726] - ASoC: soc-pcm: Shrink stack frame for __soc_pcm_hw_params (Jaroslav Kysela) [RHEL-13726] - ALSA: hda: cs35l41: Consistently use dev_err_probe() (Jaroslav Kysela) [RHEL-13726] - ALSA: hda: cs35l41: Undo runtime PM changes at driver exit time (Jaroslav Kysela) [RHEL-13726] - ALSA: hda: cs35l41: Fix unbalanced pm_runtime_get() (Jaroslav Kysela) [RHEL-13726] - ASoC: cs35l41: Make use of dev_err_probe() (Jaroslav Kysela) [RHEL-13726] - ASoC: cs35l41: Undo runtime PM changes at driver exit time (Jaroslav Kysela) [RHEL-13726] - ASoC: cs35l41: Verify PM runtime resume errors in IRQ handler (Jaroslav Kysela) [RHEL-13726] - ASoC: cs35l41: Fix broken shared boost activation (Jaroslav Kysela) [RHEL-13726] - ASoC: cs35l41: Handle mdsync_up reg write errors (Jaroslav Kysela) [RHEL-13726] - ASoC: cs35l41: Handle mdsync_down reg write errors (Jaroslav Kysela) [RHEL-13726] - ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (Jaroslav Kysela) [RHEL-13726] - ASoC: amd: yc: Fix a non-functional mic on Lenovo 82TL (Jaroslav Kysela) [RHEL-13726] - ALSA: hda/realtek - ALC287 I2S speaker platform support (Jaroslav Kysela) [RHEL-13726] - regmap: debugfs: Fix a erroneous check after snprintf() (Jaroslav Kysela) [RHEL-13726] - ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs. (Jaroslav Kysela) [RHEL-13726] - ASoC: rt5645: NULL pointer access when removing jack (Jaroslav Kysela) [RHEL-13726] - ASoC: amd: yc: Add DMI entries to support Victus by HP Gaming Laptop 15-fb0xxx (8A3E) (Jaroslav Kysela) [RHEL-13726] - ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl (Jaroslav Kysela) [RHEL-13726] - ALSA: usb-audio: Don't try to submit URBs after disconnection (Jaroslav Kysela) [RHEL-13726] - ASoC: soc-core.c: Do not error if a DAI link component is not found (Jaroslav Kysela) [RHEL-13726] - ALSA: hda/realtek: Add quirk for mute LEDs on HP ENVY x360 15-eu0xxx (Jaroslav Kysela) [RHEL-13726] - ASoC: amd: yc: Fix a non-functional mic on Lenovo 82SJ (Jaroslav Kysela) [RHEL-13726] - ALSA: ymfpci: Fix the missing snd_card_free() call at probe error (Jaroslav Kysela) [RHEL-13726] - ALSA: hda: cs35l41: Override the _DSD for HP Zbook Fury 17 G9 to correct boost type (Jaroslav Kysela) [RHEL-13726] - ALSA: hda/realtek: Add quirk for HP Victus 16-d1xxx to enable mute LED (Jaroslav Kysela) [RHEL-13726] - ASoC: cs35l41: Correct amp_gain_tlv values (Jaroslav Kysela) [RHEL-13726] - ASoC: SOF: amd: clear dsp to host interrupt status (Jaroslav Kysela) [RHEL-13726] - ASoC: SOF: amd: clear panic mask status when panic occurs (Jaroslav Kysela) [RHEL-13726] - ASoC: SOF: amd: add conditional check for acp_clkmux_sel register (Jaroslav Kysela) [RHEL-13726] - ASoC: SOF: amd: remove redundant clock mux selection register write (Jaroslav Kysela) [RHEL-13726] - ASoC: SOF: amd: enable ACP external global interrupt (Jaroslav Kysela) [RHEL-13726] - ASoC: SOF: amd: remove unused sha dma interrupt code (Jaroslav Kysela) [RHEL-13726] - ALSA: ac97: Fix possible error value of *rac97 (Jaroslav Kysela) [RHEL-13726] - ASoC: SOF: ipc4-topology: Add module parameter to ignore the CPC value (Jaroslav Kysela) [RHEL-13726] - ASoC: SOF: ipc4-topology: Modify the reference output valid_bits for copier (Jaroslav Kysela) [RHEL-13726] - ASoC: SOF: ipc4-topology: Fix pipeline params at the output of copier (Jaroslav Kysela) [RHEL-13726] - ASoC: SOF: ipc4-topology: Fix the output reference params for SRC (Jaroslav Kysela) [RHEL-13726] - ASoC: SOF: ipc4-topology: Modify pipeline params based on SRC output format (Jaroslav Kysela) [RHEL-13726] - ALSA: usb-audio: Fix init call orders for UAC1 (Jaroslav Kysela) [RHEL-13726] - ASoC: rt5640: fix typos (Jaroslav Kysela) [RHEL-13726] - ASoC: amd: yc: Add VivoBook Pro 15 to quirks list for acp6x (Jaroslav Kysela) [RHEL-13726] - ASoC: amd: acp: Add kcontrols and widgets per-codec in common code (Jaroslav Kysela) [RHEL-13726] - ALSA: aoa: Fix typos in PCM fix patch (Jaroslav Kysela) [RHEL-13726] - ASoC: rt5645: improve the depop sequences of CBJ detection (Jaroslav Kysela) [RHEL-13726] - ASoC: rt5682s: Convert to use GPIO descriptors (Jaroslav Kysela) [RHEL-13726] - ASoC: rt5682: Convert to use GPIO descriptors (Jaroslav Kysela) [RHEL-13726] - ASoC: rt5668: Convert to use GPIO descriptors (Jaroslav Kysela) [RHEL-13726] - ASoC: rt5665: Convert to use GPIO descriptors (Jaroslav Kysela) [RHEL-13726] - ASoC: rt5640: Convert to just use GPIO descriptors (Jaroslav Kysela) [RHEL-13726] - ALSA: hda: cs35l41: change cs35l41_prop_model to static (Jaroslav Kysela) [RHEL-13726] - ALSA: core: Drop snd_device_initialize() (Jaroslav Kysela) [RHEL-13726] - ALSA: seq: Create device with snd_device_alloc() (Jaroslav Kysela) [RHEL-13726] - ALSA: timer: Create device with snd_device_alloc() (Jaroslav Kysela) [RHEL-13726] - ALSA: compress: Don't embed device (Jaroslav Kysela) [RHEL-13726] - ALSA: rawmidi: Don't embed device (Jaroslav Kysela) [RHEL-13726] - ALSA: hwdep: Don't embed device (Jaroslav Kysela) [RHEL-13726] - ALSA: pcm: Don't embed device (Jaroslav Kysela) [RHEL-13726] - ALSA: control: Don't embed ctl_dev (Jaroslav Kysela) [RHEL-13726] - ALSA: core: Introduce snd_device_alloc() (Jaroslav Kysela) [RHEL-13726] - ASoC: SOF: ipc4-pcm: fix possible null pointer deference (Jaroslav Kysela) [RHEL-13726] - ALSA: hda: cs35l41: Fix the loop check in cs35l41_add_dsd_properties (Jaroslav Kysela) [RHEL-13726] - firmware: cs_dsp: Fix new control name check (Jaroslav Kysela) [RHEL-13726] - ALSA: hda: cs35l41: Support systems with missing _DSD properties (Jaroslav Kysela) [RHEL-13726] - ALSA: hda: intel-dsp-cfg: Add Chromebook quirk to ADL/RPL (Jaroslav Kysela) [RHEL-13726] - ALSA: hda/realtek - Remodified 3k pull low procedure (Jaroslav Kysela) [RHEL-13726] - ASoC: SOF: topology: Add a token for dropping widget name in kcontrol name (Jaroslav Kysela) [RHEL-13726] - ASoC: dapm: Add a flag for not having widget name in kcontrol name (Jaroslav Kysela) [RHEL-13726] - ASoC: SOF: Intel: Refactor code for HDA stream creation (Jaroslav Kysela) [RHEL-13726] - ASoC: Intel: soc-acpi: add support for Dell SKU0C87 devices (Jaroslav Kysela) [RHEL-13726] - ASoC: rt715: Drop GPIO includes (Jaroslav Kysela) [RHEL-13726] - ASoC: rt5682-sdw: Drop GPIO includes (Jaroslav Kysela) [RHEL-13726] - ASoC: rt5660: Drop GPIO includes (Jaroslav Kysela) [RHEL-13726] - ASoC: rt5659: Drop legacy GPIO include (Jaroslav Kysela) [RHEL-13726] - ASoC: rt5645: Drop legacy GPIO include (Jaroslav Kysela) [RHEL-13726] - ASoC: rt5514: Drop GPIO include (Jaroslav Kysela) [RHEL-13726] - ASoC: rt5514-spi: Drop GPIO include (Jaroslav Kysela) [RHEL-13726] - ASoC: rt1308: Drop GPIO includes (Jaroslav Kysela) [RHEL-13726] - ASoC: rt1305: Drop GPIO includes (Jaroslav Kysela) [RHEL-13726] - ASoC: rt1019: Drop GPIO include (Jaroslav Kysela) [RHEL-13726] - ASoC: rt1016: Drop GPIO include (Jaroslav Kysela) [RHEL-13726] - ASoC: rt1015p: Drop legacy GPIO include (Jaroslav Kysela) [RHEL-13726] - ASoC: rt1015: Drop GPIO include (Jaroslav Kysela) [RHEL-13726] - ASoC: rt1011: Drop GPIO includes (Jaroslav Kysela) [RHEL-13726] - ASoC: soc-jack: calling snd_soc_jack_report causes a null pointer access (Jaroslav Kysela) [RHEL-13726] - ALSA: hda/cs8409: Support new Dell Dolphin Variants (Jaroslav Kysela) [RHEL-13726] - ASoC: rt1308-sdw: fix random louder sound (Jaroslav Kysela) [RHEL-13726] - ASoC: SOF: ipc3: Use devm_kmemdup to replace devm_kmalloc + memcpy (Jaroslav Kysela) [RHEL-13726] - ASoC: tas5805m: Use devm_kmemdup to replace devm_kmalloc + memcpy (Jaroslav Kysela) [RHEL-13726] - ASoC: rt715: Add software reset in io init (Jaroslav Kysela) [RHEL-13726] - ASoC: SOF: Intel: Initialize chip in hda_sdw_check_wakeen_irq() (Jaroslav Kysela) [RHEL-13726] - ALSA: hda/realtek: Switch Dell Oasis models to use SPI (Jaroslav Kysela) [RHEL-13726] - ALSA: hda/realtek: Add quirks for HP G11 Laptops (Jaroslav Kysela) [RHEL-13726] - ASoC: SOF: ipc4-topology: Update the basecfg for copier earlier (Jaroslav Kysela) [RHEL-13726] - ASoC: intel: sof_sdw: Simplify get_slave_info (Jaroslav Kysela) [RHEL-13726] - ASoC: intel: sof_sdw: Allow different devices on the same link (Jaroslav Kysela) [RHEL-13726] - ASoC: intel: sof_sdw: Support multiple groups on the same link (Jaroslav Kysela) [RHEL-13726] - ASoC: intel: sof_sdw: Device loop should not always start at adr_index (Jaroslav Kysela) [RHEL-13726] - ASoC: intel: sof_sdw: Move range check of codec_conf into inner loop (Jaroslav Kysela) [RHEL-13726] - ASoC: intel: sof_sdw: Update DLC index each time one is added (Jaroslav Kysela) [RHEL-13726] - ASoC: intel: sof_sdw: Pull device loop up into create_sdw_dailink (Jaroslav Kysela) [RHEL-13726] - ASoC: intel: sof_sdw: Add helper to create a single codec DLC (Jaroslav Kysela) [RHEL-13726] - ASoC: intel: sof-sdw: Move check for valid group id to get_dailink_info (Jaroslav Kysela) [RHEL-13726] - ASoC: intel: sof_sdw: Check link mask validity in get_dailink_info (Jaroslav Kysela) [RHEL-13726] - ASoC: intel: sof_sdw: Remove duplicate NULL check on adr_link (Jaroslav Kysela) [RHEL-13726] - ASoC: intel: sof_sdw: Printk's should end with a newline (Jaroslav Kysela) [RHEL-13726] - ASoC: SOF: intel: hda: Clean up link DMA for IPC3 during stop (Jaroslav Kysela) [RHEL-13726] - ASoC: Intel: sof-sdw-cs42142: fix for codec button mapping (Jaroslav Kysela) [RHEL-13726] - ASoC: SOF: Intel: hda-mlink: add sublink to dev_dbg() log (Jaroslav Kysela) [RHEL-13726] - ASoC: SOF: IPC4: clarify 'pipeline_ids' usage and logs (Jaroslav Kysela) [RHEL-13726] - ASoC: SOF: Intel: add abstraction for SoundWire wake-ups (Jaroslav Kysela) [RHEL-13726] - ASoC: SOF: Intel: hda-dai-ops: only allocate/release streams for first CPU DAI (Jaroslav Kysela) [RHEL-13726] - ASoC: SOF: ipc4-topology: restore gateway config length (Jaroslav Kysela) [RHEL-13726] - ASoC: SOF: ipc4: avoid uninitialized default instance 0 (Jaroslav Kysela) [RHEL-13726] - ASoC: SOF: Intel: fix u16/32 confusion in LSDIID (Jaroslav Kysela) [RHEL-13726] - ASoC: SOF: Intel: hda-mlink: fix off-by-one error (Jaroslav Kysela) [RHEL-13726] - ALSA: info: Remove unused function declarations (Jaroslav Kysela) [RHEL-13726] - ASoC: SOF: Fix incorrect use of sizeof in sof_ipc3_do_rx_work() (Jaroslav Kysela) [RHEL-13726] - ASoC: amd: acp3x-rt5682-max9836: Configure jack as not detecting Line Out (Jaroslav Kysela) [RHEL-13726] - soundwire: bus: Allow SoundWire peripherals to register IRQ handlers (Jaroslav Kysela) [RHEL-13726] - ASoC: soc-acpi: Add missing kernel doc (Jaroslav Kysela) [RHEL-13726] - soundWire: intel_auxdevice: resume 'sdw-master' on startup and system resume (Jaroslav Kysela) [RHEL-13726] - soundwire: intel_auxdevice: enable pm_runtime earlier on startup (Jaroslav Kysela) [RHEL-13726] - ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces. (Jaroslav Kysela) [RHEL-13726] - ASoC: Intel: sof_da7219_max98373: Map missing Line Out jack kcontrol (Jaroslav Kysela) [RHEL-13726] - ASoC: Intel: kbl_da7219_max98927: Map missing Line Out jack kcontrol (Jaroslav Kysela) [RHEL-13726] - ASoC: Intel: kbl_da7219_max98357a: Map missing Line Out jack kcontrol (Jaroslav Kysela) [RHEL-13726] - ASoC: Intel: bytcr_wm5102: Map missing Line Out jack kcontrol (Jaroslav Kysela) [RHEL-13726] - ASoC: Intel: bxt_da7219_max98357a: Map missing Line Out jack kcontrol (Jaroslav Kysela) [RHEL-13726] - ASoC: Intel: avs: da7219: Map missing jack kcontrols (Jaroslav Kysela) [RHEL-13726] - ASoC: amd: acp3x-rt5682-max9836: Map missing jack kcontrols (Jaroslav Kysela) [RHEL-13726] - ASoC: amd: acp: Map missing jack kcontrols (Jaroslav Kysela) [RHEL-13726] - ASoC: amd: acp-rt5645: Map missing jack kcontrols (Jaroslav Kysela) [RHEL-13726] - ASoC: amd: acp-da7219-max98357a: Map missing jack kcontrols (Jaroslav Kysela) [RHEL-13726] - ASoC: max98373-sdw: enable pm_runtime in probe, keep status as 'suspended' (Jaroslav Kysela) [RHEL-13726] - ASoC: max98363: enable pm_runtime in probe, keep status as 'suspended' (Jaroslav Kysela) [RHEL-13726] - ASoC: rt5682-sdw: enable pm_runtime in probe, keep status as 'suspended' (Jaroslav Kysela) [RHEL-13726] - ASoC: rt1318-sdw: enable pm_runtime in probe, keep status as 'suspended' (Jaroslav Kysela) [RHEL-13726] - ASoC: rt1316-sdw: enable pm_runtime in probe, keep status as 'suspended' (Jaroslav Kysela) [RHEL-13726] - ASoC: rt1308-sdw: enable pm_runtime in probe, keep status as 'suspended' (Jaroslav Kysela) [RHEL-13726] - ASoC: rt715-sdca: enable pm_runtime in probe, keep status as 'suspended' (Jaroslav Kysela) [RHEL-13726] - ASoC: rt715: enable pm_runtime in probe, keep status as 'suspended' (Jaroslav Kysela) [RHEL-13726] - ASoC: rt712-sdca-dmic: enable pm_runtime in probe, keep status as 'suspended' (Jaroslav Kysela) [RHEL-13726] - ASoC: rt1712-sdca: enable pm_runtime in probe, keep status as 'suspended' (Jaroslav Kysela) [RHEL-13726] - ASoC: rt700: enable pm_runtime in probe, keep status as 'suspended' (Jaroslav Kysela) [RHEL-13726] - ASoC: rt711-sdca: enable pm_runtime in probe, keep status as 'suspended' (Jaroslav Kysela) [RHEL-13726] - ASoC: rt711: enable pm_runtime in probe, keep status as 'suspended' (Jaroslav Kysela) [RHEL-13726] - ASoC: rt5682-sdw: make regmap cache-only in probe (Jaroslav Kysela) [RHEL-13726] - ASoC: SoundWire codecs: make regmap cache-only in probe (Jaroslav Kysela) [RHEL-13726] - ASoC: SoundWire codecs: return error status in probe (Jaroslav Kysela) [RHEL-13726] - ALSA: hda/i915: extend connectivity check to cover Intel ARL (Jaroslav Kysela) [RHEL-13726] - ALSA: hda: intel-dsp-cfg: use common include for MeteorLake (Jaroslav Kysela) [RHEL-13726] - ALSA: hda: add HD Audio PCI ID for Intel Arrow Lake-S (Jaroslav Kysela) [RHEL-13726] - PCI: add ArrowLake-S PCI ID for Intel HDAudio subsystem. (Jaroslav Kysela) [RHEL-13726] - ALSA: hda: cs35l41: Print amp configuration after bind (Jaroslav Kysela) [RHEL-13726] - ALSA: ac97: set variables dev_attr_vendor_id to static (Jaroslav Kysela) [RHEL-13726] - ASoC: rt5665: add missed regulator_bulk_disable (Jaroslav Kysela) [RHEL-13726] - ALSA: usb-audio: Remove unused function declaration (Jaroslav Kysela) [RHEL-13726] - ASoC: intel: sof_sdw: Move group_generated logic (Jaroslav Kysela) [RHEL-13726] - ASoC: intel: sof_sdw: Merge codec_conf_alloc into dailink_info (Jaroslav Kysela) [RHEL-13726] - ASoC: intel: sof_sdw: Clean up DAI link counting (Jaroslav Kysela) [RHEL-13726] - ASoC: intel: sof_sdw: Allow direct specification of CODEC name (Jaroslav Kysela) [RHEL-13726] - ASoC: Intel: sof_sdw: break earlier when a adr link contains different codecs (Jaroslav Kysela) [RHEL-13726] - ASoC: intel: sof_sdw: Move amp_num initialisation to mc_probe (Jaroslav Kysela) [RHEL-13726] - ASoC: intel: sof_sdw: Remove redundant parameters in dai creation (Jaroslav Kysela) [RHEL-13726] - ASoC: intel: sof_sdw: Minor tidy up of mc_probe (Jaroslav Kysela) [RHEL-13726] - ASoC: intel: sof_sdw: Constify parameter to find_codec_part_info (Jaroslav Kysela) [RHEL-13726] - ASoC: intel: sof_sdw: Simplify find_codec_info_acpi (Jaroslav Kysela) [RHEL-13726] - ASoC: intel: sof_sdw: Remove some extra line breaks (Jaroslav Kysela) [RHEL-13726] - ASoC: intel: sof_sdw: Rename codec_idx to codec_dlc_index (Jaroslav Kysela) [RHEL-13726] - ASoC: intel: sof_sdw: Use consistent variable naming for links (Jaroslav Kysela) [RHEL-13726] - ASoC: Intel: sof_sdw: add support for SKU 0AFE (Jaroslav Kysela) [RHEL-13726] - ASoC: Intel: sof_sdw: rename link_id to be_id (Jaroslav Kysela) [RHEL-13726] - ASoC: Intel: sof_sdw: allow mockup amplifier to provide feedback (Jaroslav Kysela) [RHEL-13726] - ASoC: Intel: sof_sdw: reorder SoundWire codecs in Kconfig (Jaroslav Kysela) [RHEL-13726] - ASoC: Intel: soc-acpi: Add entry for rt711-sdca-sdw at link 0 in RPL match table (Jaroslav Kysela) [RHEL-13726] - ASoC: amd: acp5x-mach:add checks to avoid static analysis warnings (Jaroslav Kysela) [RHEL-13726] - ASoC: Intel: atom: remove static analysis false positive (Jaroslav Kysela) [RHEL-13726] - ASoC: Intel: bdw_rt286: add checks to avoid static analysis warnings (Jaroslav Kysela) [RHEL-13726] - ASoC: SOF: topology: simplify code to prevent static analysis warnings (Jaroslav Kysela) [RHEL-13726] - ASoC: SOF: ipc3: add checks to prevent static analysis warnings (Jaroslav Kysela) [RHEL-13726] - ASoC: SOF: sof-client-probes-ipc4: add checks to prevent static analysis warnings (Jaroslav Kysela) [RHEL-13726] - ASoC: SOF: Deprecate invalid enums in IPC3 (Jaroslav Kysela) [RHEL-13726] - ASoC: SOF: ipc3: update dai_link_fixup for SOF_DAI_MEDIATEK_AFE (Jaroslav Kysela) [RHEL-13726] - ASoC: 88pm860x: refactor deprecated strncpy (Jaroslav Kysela) [RHEL-13726] - ASoC: fsl_micfil: refactor deprecated strncpy (Jaroslav Kysela) [RHEL-13726] - ALSA: bcd2000: refactor deprecated strncpy (Jaroslav Kysela) [RHEL-13726] - ALSA: xen-front: refactor deprecated strncpy (Jaroslav Kysela) [RHEL-13726] - ALSA: hda/realtek: Support ASUS G713PV laptop (Jaroslav Kysela) [RHEL-13726] - ALSA: usb-audio: Update for native DSD support quirks (Jaroslav Kysela) [RHEL-13726] - ASoC: rt1316: fix key tone missing (Jaroslav Kysela) [RHEL-13726] - ASoC: cs42l51: change cs42l51_of_match to static (Jaroslav Kysela) [RHEL-13726] - ASoC: SOF: ipc3-dtrace: Switch to memdup_user_nul() helper (Jaroslav Kysela) [RHEL-13726] - ALSA: hda/relatek: Enable Mute LED on HP 250 G8 (Jaroslav Kysela) [RHEL-13726] - ALSA: usb-audio: Add quirk for Microsoft Modern Wireless Headset (Jaroslav Kysela) [RHEL-13726] - ALSA: hda: cs35l41: Ensure amp is only unmuted during playback (Jaroslav Kysela) [RHEL-13726] - ALSA: hda: cs35l41: Add device_link between HDA and cs35l41_hda (Jaroslav Kysela) [RHEL-13726] - ALSA: hda: cs35l41: Rework System Suspend to ensure correct call separation (Jaroslav Kysela) [RHEL-13726] - ALSA: hda: cs35l41: Use pre and post playback hooks (Jaroslav Kysela) [RHEL-13726] - ALSA: hda: hda_component: Add pre and post playback hooks to hda_component (Jaroslav Kysela) [RHEL-13726] - ALSA: hda: cs35l41: Move Play and Pause into separate functions (Jaroslav Kysela) [RHEL-13726] - ALSA: hda: cs35l41: Ensure we pass up any errors during system suspend. (Jaroslav Kysela) [RHEL-13726] - ALSA: hda: cs35l41: Ensure we correctly re-sync regmap before system suspending. (Jaroslav Kysela) [RHEL-13726] - ALSA: hda: cs35l41: Check mailbox status of pause command after firmware load (Jaroslav Kysela) [RHEL-13726] - ALSA: cs35l41: Poll for Power Up/Down rather than waiting a fixed delay (Jaroslav Kysela) [RHEL-13726] - ALSA: cs35l41: Use mbox command to enable speaker output for external boost (Jaroslav Kysela) [RHEL-13726] - ALSA: hda: add HDMI codec ID for Intel LNL (Jaroslav Kysela) [RHEL-13726] ... MODERATE Copyright 2024 Oracle, Inc. CVE-2023-42755 CVE-2023-52448 CVE-2024-25742 CVE-2024-25743 CVE-2023-52620 CVE-2023-24023 CVE-2023-45863 CVE-2023-51779 CVE-2022-23222 CVE-2023-6176 CVE-2024-26671 CVE-2021-3753 CVE-2022-45934 CVE-2023-3567 CVE-2023-6622 CVE-2023-6932 CVE-2023-39194 CVE-2023-52434 CVE-2024-26602 CVE-2021-4204 CVE-2023-4133 CVE-2023-28464 CVE-2023-37453 CVE-2023-39189 CVE-2023-39192 CVE-2023-39193 CVE-2023-39198 CVE-2023-51780 CVE-2024-0841 CVE-2023-4244 CVE-2023-6915 CVE-2023-42754 CVE-2019-13631 CVE-2023-31083 CVE-2023-52489 CVE-2023-52581 CVE-2023-25775 CVE-2023-6121 CVE-2023-38409 CVE-2020-25656 CVE-2022-3565 CVE-2023-1513 CVE-2023-52340 CVE-2023-52580 CVE-2024-26609 CVE-2023-52574 CVE-2022-0500 CVE-2019-15505 cpe:/o:oracle:linux:8:10:baseos_base cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [4.3-21] - CVE-2021-41072 squashfs-tools: additional write outside destination directory exploit fix CVE-2021-40153 squashfs-tools: unvalidated filepaths allow writing outside of destination Resolves: rhbz#2007303 rhbz#2000637 MODERATE Copyright 2024 Oracle, Inc. CVE-2021-40153 CVE-2021-41072 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/o:oracle:linux:8:10:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 Oracle Linux 8 [1.3.1-33] - pam_namespace: protect_dir(): use O_DIRECTORY to prevent local DoS situations. CVE-2024-22365. Resolves: RHEL-21242 [1.3.1-32] - pam_access: handle hostnames in access.conf. Resolves: RHEL-3374 [1.3.1-31] - pam_faillock: create tallydir before creating tallyfile. Resolves: RHEL-19810 [1.3.1-30] - pam_unix: enable bcrypt. Resolves: RHEL-5057 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-22365 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/o:oracle:linux:8:10:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 Oracle Linux 8 [8.0p1-24.0.1] - Update upstream references [Orabug: 36587718] [8.0p1-24] - Providing a kill switch for scp to deal with CVE-2020-15778 Resolves: RHEL-22870 [8.0p1-23] - Fix Terrapin attack Resolves: RHEL-19308 [8.0p1-22] - Fix Terrapin attack Resolves: RHEL-19308 - Forbid shell metasymbols in username/hostname Resolves: RHEL-19788 [8.0p1-21] - Using DigestSign/DigestVerify functions for better FIPS compatibility Resolves: RHEL-5217 [8.0p1-20] - Limit artificial delays in sshd while login using AD user Resolves: RHEL-1684 - Add comment to OpenSSH server config about FIPS-incompatible key Resolves: RHEL-5221 - Avoid killing all processes on system in case of race condition Resolves: RHEL-11548 - Avoid sshd_config 256K limit Resolves: RHEL-5279 - Using DigestSign/DigestVerify functions for better FIPS compatibility Resolves: RHEL-5217 - Fix GSS KEX causing ssh failures when connecting to WinSSHD Resolves: RHEL-5321 MODERATE Copyright 2024 Oracle, Inc. CVE-2020-15778 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/o:oracle:linux:8:10:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 Oracle Linux 8 [20240415-999.32.git5da74b16.el8] - Rebase to latest upstream [Orabug: 36482906] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2022-46329 CVE-2023-20592 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/o:oracle:linux:8:10:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/o:oracle:linux:8:9:baseos_patch cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 Oracle Linux 8 [2.02-156.0.1] - Restore correct SBAT entries - Replaced bugzilla.oracle.com references [Orabug: 35475894] - efinet: Close and reopen card on failure [Orabug: 35126950] - Fix CVE-2022-3775 [Orabug: 34867710] - Bump SBAT metadata for grub to 3 [Orabug: 34871758] - Enable signing on aarch64 - Don't try to switch to a BLS config if GRUB_ENABLE_BLSCFG is already set (Javier Martinez Canillas) [Orabug: 34375996] - Enable back btrfs module by default [Orabug: 34377188] - Backport upstream SNP protocol fixes [Orabug: 34195100] - Rebase Fix EFI loader kernel image allocation patch, adapt it to new NX code [Orabug: 34352232] - enable multiboot2 [Orabug: 34285558] - backport arm64: Fix EFI loader kernel image allocation [Orabug: 33702462] - backport Arm: check for the PE magic for the compiled arch [Orabug: 33702462] - Backport some better script logic for BTRFS support [Orabug: 32448171] - Do not add shim and grub certificate deps for aarch64 packages [Orabug: 32670033] - Update Oracle SBAT data [Orabug: 32670033] - Use new signing certificate [Orabug: 32670033] - Fix various coverity issues [Orabug: 32530657] - Set proper blsdir if /boot is on btrfs rootfs [Orabug: 32063327] - Add CVE-2020-15706, CVE-2020-15707 to the list [Orabug: 31225072] - honor /etc/sysconfig/kernel DEFAULTKERNEL setting for BLS [Orabug: 30643497] - set EFIDIR as redhat for additional grub2 tools [Orabug: 29875597] - Update upstream references [Orabug: 26388226] - Insert Unbreakable Enterprise Kernel text into BLS config file [Orabug: 29417955] - fix symlink removal scriptlet, to be executed only on removal [Orabug: 19231481] - Fix comparison in patch for 18504756 - Remove symlink to grub environment file during uninstall on EFI platforms [Orabug: 19231481] - Put 'with' in menuentry instead of 'using' [Orabug: 18504756] - Use different titles for UEK and RHCK kernels [Orabug: 18504756] [2.02-156] - fs/ntfs: OOB write fix - (CVE-2023-4692) - Resolves: #RHEL-11566 [2.06-155] - grub-set-bootflag: Fix for CVE-2024-1048 - (CVE-2024-1048) - Resolves: #RHEL-20746 [2.02-154] - Missing install script for previous commit - Related: #RHEL-4343 [2.02-153] - util: Enable default kernel for updates - Resolves: #RHEL-4343 [2.02-152] - kern/ieee1275/init: ppc64: Restrict high memory in presence of fadump - Resolves: #RHEL-14283 [2.02-151] - util: Regenerate kernelopts if missing on ppc - Resolves: #2051889 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-4693 CVE-2023-4692 CVE-2024-1048 cpe:/o:oracle:linux:8:10:baseos_base cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 Oracle Linux 8 [239-82.0.1] - Fixed deletion issue for symlink when device is opened [Orabug: 36228608] - Fix local-fs and remote-fs targets during system boot (replaces old Orabug: 25897792) [Orabug: 35871376] - 1A) Add 'systemd-fstab-generator-reload-targets.service' file [Orabug: 35871376] - 1B) Add required rpms for correct kickstart/systemd functionality within systemd.spec [Orabug: 35871376] - 1C) Important: Review 1902-systemd-fstab-generator-reload-targets.patch for important build details/steps [Orabug: 35871376] - Prevent duplicate uuid device to replace existing one in udev [Orabug: 35987487] - Backport upstream pstore dmesg fix [Orabug: 34850699] - mount: flush out cycle state on DEAD->MOUNTED only, not the other way round [Orabug: 35454661] - core/mount: adjust deserialized state based on /proc/self/mountinfo [Orabug: 35454661] - Prevent duplicate label to replace exsisting one in udev [Orabug: 34898273] - Oracle-Redhat Errata ELSA-2023:3837 CVE-2023-26604 OLERRATA-43629 - Detect podman as separate container type [Orabug: 31922204] - improve container detection logic [Orabug: 31922204] - mount: flush out cycle state on DEAD->MOUNTED only, not the other way round [Orabug: 35454661] - core/mount: adjust deserialized state based on /proc/self/mountinfo [Orabug: 35454661] - Prevent duplicate label to replace existing one in udev [Orabug: 34898273] - Standardize ioctl (BTRFS_IOC_QGROUP_CREATE) check and return -ENOTCONN, if quota is not enabled [Orabug: 34694253] - Disable unprivileged BPF by default [Orabug: 32870980] - udev rules: fix memory hot add and remove [Orabug: 31310273] - fix to enable systemd-pstore.service [Orabug: 30951066] - journal: change support URL shown in the catalog entries [Orabug: 30853009] - set 'RemoveIPC=no' in logind.conf as default for OL7.2 [Orabug: 22224874] - allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469] - Backport upstream patches for the new systemd-pstore tool (Eric DeVolder) [OraBug: 30230056] - Removed unneeded patches (Already provided upstream or not required) - 1902-Fix-missing-netdev-for-iscsi-entry-in-fstab.patch [Orabug: 25897792] - 1800-pager-set-LESSSECURE-whenver-we-invoke-a-pager.patch (#2175624) - 1801-pager-make-pager-secure-when-under-euid-is-changed-o.patch (#2175624) - 1802-pstore-fix-crash-and-forward-dummy-arguments-instead.patch (#2190151) - 2002-orabug31420486-pstore-introduce-tmpfiles.d-systemd-pstore.conf.patch [Orabug: 31420486] - 2009-login-add-a-missing-error-check-for-session_set_lead.patch (#2158167) - 2010-logind-reset-session-leader-if-we-know-for-a-fact-th.patch (#2158167) - 2011-sulogin-fix-control-lost-of-the-current-terminal-whe.patch (#2227769) - systemd.spec: prevent 'myhostname' from being appended on upgrade (#2187761) (#2227769) - Updated mod_nss() and readlink /etc/nsswitch.conf sections (#2187761) - systemd.spec: mod_nss() and readlink /etc/nsswitch.conf sections (#2187761) [239-82] - ci: add configuration for regression sniffer GA (RHEL-1087) - coredump: actually store parsed unit in the context (RHEL-18302) - resolved: limit the number of signature validations in a transaction (RHEL-26644) - resolved: reduce the maximum nsec3 iterations to 100 (RHEL-26644) [239-81] - man: update link to RHEL documentation (RHEL-26355) [239-80] - fd-util: rework how we determine highest possible fd (RHEL-18302) - basic/fd-util: refuse 'infinite' loop in close_all_fds() (RHEL-18302) - fd-util: split out inner fallback loop of close_all_fds() as close_all_fds_without_malloc() (RHEL-18302) - exec-util: use close_all_fds_without_malloc() from freeze() (RHEL-18302) - ci: use source-git-automation composite Action (RHEL-1087) - ci: increase the cron interval to 45 minutes (RHEL-1087) - ci: add all Z-Stream versions to array of allowed versions (RHEL-1087) - tree-wide: always declare bitflag enums the same way (RHEL-2857) - login: Add KEY_RESTART handling (RHEL-2857) - analyze security: fix recursive call of syscall_names_in_filter() (RHEL-5991) - analyze-security: do not assign badness to filtered-out syscalls (RHEL-5991) - analyze-security: include an actual syscall name in the message (RHEL-5991) - udev/net_id: introduce naming scheme for RHEL-8.10 (RHEL-22426) - doc: add missing <listitem> to systemd.net-naming-scheme.xml (RHEL-22426) - service: schedule cleanup of PID hashmaps when we now longer have main_pid and we are in container (RHEL-5863) [239-79] - ci: Extend source-git-automation (RHEL-1087) - ci: add missing configuration for commit linter (RHEL-1087) - ci: add Red Hat Enterprise Linux 8 to the list of supported products (RHEL-1087) - ci: enable source-git automation to validate reviews and ci results (RHEL-1087) - ci: remove Mergify config - replaced by Pull Request Validator (RHEL-1087) - ci: enable auto-merge GH Action (RHEL-1087) - fstab-generator: allow overriding /etc/fstab with (RHEL-1087) - fstab-generator: allow overriding path to /sysroot/etc/fstab too (RHEL-1087) - test: backport TEST-81-GENERATORS (fstab-generator only) (RHEL-1087) - resolved: actually check authenticated flag of SOA transaction (RHEL-6213) MODERATE Copyright 2024 Oracle, Inc. CVE-2023-7008 cpe:/o:oracle:linux:8:10:baseos_base cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 Oracle Linux 8 [3:2.1.0-8] - add gating.yaml [3:2.1.0-7] - fix improper command line parsing (CVE-2023-46316) MODERATE Copyright 2024 Oracle, Inc. CVE-2023-46316 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/o:oracle:linux:8:10:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 Oracle Linux 8 [1:6.1.2-11] - Fix: CVE-2021-43618 Resolves: RHEL-23055 MODERATE Copyright 2024 Oracle, Inc. CVE-2021-43618 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/o:oracle:linux:8:10:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 Oracle Linux 8 [0.9.6-14] - Fix CVE-2023-48795 Prefix truncation attack on Binary Packet Protocol (BPP) - Fix CVE-2023-6918 Missing checks for return values for digests - Fix CVE-2023-6004 ProxyCommand/ProxyJump features allow injection of malicious code through hostname - Note: version is bumped from 12 to 14 directly, as the z-stream version in 8.9 also has 13. So bumping it to 14, will prevent upgrade conflicts. - Resolves:RHEL-19690, RHEL-17244, RHEL-19312 [0.9.6-12] - Fix loglevel regression - Related: rhbz#2182251, rhbz#2189742 [0.9.6-11] - .fmf/version is needed to run the tests - Related: rhbz#2182251, rhbz#2189742 [0.9.6-10] - Add missing ci.fmf file - Related: rhbz#2182251, rhbz#2189742 [0.9.6-9] - Fix covscan errors found at gating - Related: rhbz#2182251, rhbz#2189742 [0.9.6-8] - Backport test fixing commits to make the build pass - Related: rhbz#2182251, rhbz#2189742 [0.9.6-7] - Fix NULL dereference during rekeying with algorithm guessing GHSL-2023-032 / CVE-2023-1667 - Fix possible authentication bypass GHSL 2023-085 / CVE-2023-2283 - Resolves: rhbz#2182251, rhbz#2189742 [0.9.6-6] - Enable client and server testing build time - Fix failing rekey test on arch s390x - Resolves: rhbz#2126342 [0.9.6-5] - Fix CI configuration for new TMT - Resolves: rhbz#2149910 [0.9.6-4] - Make VERBOSE and lower log levels less verbose - Resolves: rhbz#2091512 [0.9.6-3] - Remove STI tests [0.9.6-2] - Remove bad patch causing errors - Adding BuildRequires for openssh (SSHD support) [0.9.6-1] - Fix CVE-2021-3634: Fix possible heap-buffer overflow when rekeying with different key exchange mechanism - Rebase to version 0.9.6 - Rename SSHD_EXECUTABLE to SSH_EXECUTABLE in tests/torture.c - Resolves: rhbz#1896651, rhbz#1994600 [0.9.4-4] - Revert previous commit as it is incorrect. [0.9.6-1] - Fix CVE-2021-3634: Fix possible heap-buffer overflow when rekeying with different key exchange mechanism (#1978810) [0.9.4-3] - Fix CVE-2020-16135 NULL pointer dereference in sftpserver.c if ssh_buffer_new returns NULL (#1862646) [0.9.4-2] - Do not return error when server properly closed the channel (#1849071) - Add a test for CVE-2019-14889 - Do not parse configuration file in torture_knownhosts test [0.9.4-1] - Update to version 0.9.4 https://www.libssh.org/2020/04/09/libssh-0-9-4-and-libssh-0-8-9-security-release/ - Fixed CVE-2019-14889 (#1781782) - Fixed CVE-2020-1730 (#1802422) - Create missing directories in the path provided for known_hosts files (#1733914) - Removed inclusion of OpenSSH server configuration file from libssh_server.config (#1821339) [0.9.0-4] - Skip 1024 bits RSA key generation test in FIPS mode (#1734485) [0.9.0-3] - Add Obsoletes in libssh-config to avoid conflict with old libssh which installed the configuration files. [0.9.0-2] - Eliminate circular dependency with libssh-config subpackage [0.9.0-1] - Update to version 0.9.0 https://www.libssh.org/2019/06/28/libssh-0-9-0/ - Added explicit Requires for crypto-policies - Do not ignore known_hosts keys when SSH_OPTIONS_HOSTKEYS is set - Provide the configuration files in a separate libssh-config subpackage [0.8.91-0.1] - Update to 0.9.0 pre release version (0.8.91) - Added default configuration files for client and server - Removed unused patch files left behind - Fixed issues found to run upstream test suite with SELinux [0.8.5-2] - Fix more regressions introduced by the fixes for CVE-2018-10933 [0.8.5-1] - Update to version 0.8.5 * Fixed an issue where global known_hosts file was ignored (#1649321) * Fixed ssh_get_fd() to return writable file descriptor (#1649319) * Fixed regression introduced in known_hosts parsing (#1649315) * Fixed a regression which caused only the first algorithm in known_hosts to be considered (#1638790) [0.8.3-5] - Fix regressions introduced by the fixes for CVE-2018-10933 [0.8.3-4] - Fix for authentication bypass issue in server implementation (#1639926) [0.8.3-3] - Fixed errors found by static code analysis (#1602594) [0.8.3-1] - Update to version 0.8.3 * Added support for rsa-sha2 (#1610882) * Added support to parse private keys in openssh container format (other than ed25519) (#1622983) * Added support for diffie-hellman-group18-sha512 and diffie-hellman-group16-sha512 (#1610885) * Added ssh_get_fingerprint_hash() * Added ssh_pki_export_privkey_base64() * Added support for Match keyword in config file * Improved performance and reduced memory footprint for sftp * Fixed ecdsa publickey auth * Fixed reading a closed channel * Added support to announce posix-rename@openssh.com and hardlink@openssh.com in the sftp server * Use -fstack-protector-strong if possible (#1624135) [0.8.1-4] - Fix the creation of symbolic links for libssh_threads.so.4 [0.8.1-3] - Add missing Provides for libssh_threads.so.4 [0.8.1-2] - Add Provides for libssh_threads.so to unbreak applications - Fix ABIMap detection to not depend on python to build [0.8.1-1] - Update to version 0.8.1 https://www.libssh.org/2018/08/13/libssh-0-8-1/ [0.8.0-1] - Update to version 0.8.0 https://www.libssh.org/2018/08/10/libssh-0-8-0/ [0.7.5-9] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild [0.7.5-8] - BR: gcc-c++, use %make_build [0.7.5-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - Related: bug#1614611 [0.7.5-6] - resolves: #1540021 - Build against OpenSSL 1.1 [0.7.5-5] - Switch to %ldconfig_scriptlets [0.7.5-4] - Fix parsing ssh_config [0.7.5-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [0.7.5-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [0.7.5-1] - Update to version 0.7.5 [0.7.4-2] - BR: compat-openssl10-devel (f26+, #1423088) - use %license - -devel: drop hardcoded pkgconfig dep (let autodeps handle it) - %files: track library sonames, simplify -devel - %install: use 'install/fast' target - .spec cosmetics, drop deprecated %clean section [0.7.4-1] - Update to version 0.7.4 * Added id_ed25519 to the default identity list * Fixed sftp EOF packet handling * Fixed ssh_send_banner() to confirm with RFC 4253 * Fixed some memory leaks - resolves: #1419007 [0.7.3-1] - resolves: #1311259 - Fix CVE-2016-0739 - resolves: #1311332 - Update to version 0.7.3 * Fixed CVE-2016-0739 * Fixed ssh-agent on big endian * Fixed some documentation issues - Enabled GSSAPI support [0.7.2-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild [0.7.2-2] - resolves: #1271230 - Fix ssh-agent support on big endian [0.7.2-1] - Update to version 0.7.2 * Fixed OpenSSL detection on Windows * Fixed return status for ssh_userauth_agent() * Fixed KEX to prefer hmac-sha2-256 * Fixed sftp packet handling * Fixed return values of ssh_key_is_(public|private) * Fixed bug in global success reply - resolves: #1267346 [0.7.1-1] - Update to version 0.7.1 * Fixed SSH_AUTH_PARTIAL auth with auto public key * Fixed memory leak in session options * Fixed allocation of ed25519 public keys * Fixed channel exit-status and exit-signal * Reintroduce ssh_forward_listen() [0.7.0-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild [0.7.0-2] - Add patch to fix undefined symbol: ssh_forward_listen (bug #1221310) [0.7.0-1] - Update to version 0.7.0 * Added support for ed25519 keys * Added SHA2 algorithms for HMAC * Added improved and more secure buffer handling code * Added callback for auth_none_function * Added support for ECDSA private key signing * Added more tests * Fixed a lot of bugs * Improved API documentation [0.6.5-1] - resolves: #1213775 - Security fix for CVE-2015-3146 - resolves: #1218076 - Security fix for CVE-2015-3146 [0.6.4-1] - Security fix for CVE-2014-8132. [0.6.3-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild [0.6.3-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [0.6.3-1] - Fix CVE-2014-0017. [0.6.1-1] - Update to version 0.6.1. - resolves: #1056757 - Fix scp mode. - resolves: #1053305 - Fix known_hosts heuristic. [0.6.0-1] - Update to 0.6.0 [0.5.5-1] - Update to 0.5.5. - Clenup the spec file. [0.5.4-5] - Add EPEL 5 support. - Add Debian patches to enable Doxygen documentation. [0.5.4-4] - Add patch for #982685. [0.5.4-3] - Clean up SPEC file and fix rpmlint complaints. [0.5.4-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild [0.5.4-1] - update to security 0.5.4 release - CVE-2013-0176 (#894407) [0.5.3-1] - update to security 0.5.3 release (#878465) [0.5.2-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [0.5.2-1] - update to 0.5.2 version (#730270) [0.5.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild [0.5.0-1] - bounce versionn to 0.5.0 (#709785) - the support for protocol v1 is disabled [0.4.8-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild [0.4.8-1] - bounce versionn to 0.4.8 (#670456) [0.4.6-1] - bounce versionn to 0.4.6 (#630602) [0.4.4-1] - bounce versionn to 0.4.4 (#598592) [0.4.3-1] - bounce versionn to 0.4.3 (#593288) [0.4.2-1] - bounce versionn to 0.4.2 (#573972) [0.4.1-1] - bounce versionn to 0.4.1 (#565870) [0.4.0-1] - bounce versionn to 0.4.0 (#541010) [0.3.92-2] - typo in spec file [0.3.92-1] - bounce versionn to 0.3.92 (0.4 beta2) (#541010) [0.2-4] - rebuilt with new openssl [0.2-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [0.2-2] - Small changes during review [0.2-1] - Initial build LOW Copyright 2024 Oracle, Inc. CVE-2023-6918 CVE-2023-6004 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/o:oracle:linux:8:10:baseos_base cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 Oracle Linux 8 hivex libguestfs libguestfs-winsupport libiscsi libnbd libtpms libvirt [8.0.0-23.1.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] - Add runtime deps for pkg librbd1 >= 1:10.2.5 (Keshav Sharma) [8.0.0-23.1.el8] - remote: check for negative array lengths before allocation (CVE-2024-2494) libvirt-dbus libvirt-python nbdkit netcf perl-Sys-Virt qemu-kvm [6.2.0-49] - kvm-glib-compat-Introduce-g_memdup2-wrapper.patch [RHEL-19628] - kvm-ui-clipboard-mark-type-as-not-available-when-there-i.patch [RHEL-19628] - kvm-virtio-net-correctly-copy-vnet-header-when-flushing-.patch [RHEL-19496] - Resolves: RHEL-19628 (CVE-2023-6683 virt:rhel/qemu-kvm: QEMU: VNC: NULL pointer dereference in qemu_clipboard_request() [rhel-8]) - Resolves: RHEL-19496 (CVE-2023-6693 virt:rhel/qemu-kvm: QEMU: virtio-net: stack buffer overflow in virtio_net_flush_tx() [rhel-8]) [6.2.0-48] - kvm-iotests-add-filter_qmp_generated_node_ids.patch [RHEL-7353] - kvm-iotests-port-141-to-Python-for-reliable-QMP-testing.patch [RHEL-7353] - kvm-monitor-only-run-coroutine-commands-in-qemu_aio_cont.patch [RHEL-7353] - kvm-iotests-Make-144-deterministic-again.patch [RHEL-7353] - Resolves: RHEL-7353 ([qemu-kvm] no response with QMP command device_add when repeatedly hotplug/unplug virtio disks [RHEL-8]) [6.2.0-47] - kvm-s390x-pci-avoid-double-enable-disable-of-aif.patch [RHEL-22411] - kvm-s390x-pci-refresh-fh-before-disabling-aif.patch [RHEL-22411] - kvm-s390x-pci-drive-ISM-reset-from-subsystem-reset.patch [RHEL-22411] - Resolves: RHEL-22411 ([s390x] VM fails to start with ISM passed through) [6.2.0-46] - kvm-MAINTAINERS-split-out-s390x-sections.patch [RHEL-18214] - kvm-s390x-pv-remove-semicolon-from-macro-definition.patch [RHEL-18214] - kvm-hw-s390x-pv-Restrict-Protected-Virtualization-to-sys.patch [RHEL-18214] - kvm-hw-s390x-Move-KVM-specific-PV-from-hw-to-target-s390.patch [RHEL-18214] - kvm-target-s390x-kvm-pv-Provide-some-more-useful-informa.patch [RHEL-18214] - Resolves: RHEL-18214 ([RHEL8][Secure-execution][s390x] The error message is not clear when boot up a SE guest with wrong encryption) [6.2.0-45] - kvm-acpi-fix-acpi_index-migration.patch [RHEL-20189] - kvm-RHEL-Enable-x-not-migrate-acpi-index-for-all-pre-RHE.patch [RHEL-20189] - kvm-hw-arm-virt-Do-not-load-efi-virtio.rom-for-all-virti.patch [RHEL-14870] - Resolves: RHEL-20189 ([RHEL.8.10.0]Failed to migrate guest with pc (i440x) between RHELAV 8.4.0 and RHEL 8.10.0) - Resolves: RHEL-14870 ([rhel8]ipxe-roms-qemu does not provide efi-virtio.rom) [6.2.0-44] - kvm-hw-ide-reset-cancel-async-DMA-operation-before-reset.patch [RHEL-15437] - kvm-tests-qtest-ahci-test-add-test-exposing-reset-issue-.patch [RHEL-15437] - Resolves: RHEL-15437 (CVE-2023-5088 virt:rhel/qemu-kvm: QEMU: improper IDE controller reset can lead to MBR overwrite [rhel-8]) [6.2.0-43] - kvm-net-Provide-MemReentrancyGuard-to-qemu_new_nic.patch [RHEL-7309] - kvm-net-Update-MemReentrancyGuard-for-NIC.patch [RHEL-7309] - kvm-vhost-release-memory_listener-object-in-error-path.patch [RHEL-7567] - kvm-ui-fix-crash-when-there-are-no-active_console.patch [RHEL-2600] - Resolves: RHEL-7309 (CVE-2023-3019 virt:rhel/qemu-kvm: QEMU: e1000e: heap use-after-free in e1000e_write_packet_to_guest() [rhel-8]) - Resolves: RHEL-7567 ([RHEL8][clone]VM crash when guest running testpmd and delete created vhostuserclient port on host) - Resolves: RHEL-2600 (qemu core dump occurs when client connects to VNC server because qemu cmd only adds vnc but without graphics device) [6.2.0-42] - kvm-target-s390x-dump-Remove-unneeded-dump-info-function.patch [RHEL-16696] - kvm-dump-Add-arch-cleanup-function.patch [RHEL-16696] - kvm-target-s390x-arch_dump-Add-arch-cleanup-function-for.patch [RHEL-16696] - Resolves: RHEL-16696 (RHEL8 - KVM : Secure execution guest remains in 'paused' state, post 'virsh dump' failure (qemu-kvm)) [6.2.0-41] - kvm-s390x-ap-fix-missing-subsystem-reset-registration.patch [bz#2111390] - kvm-s390x-do-a-subsystem-reset-before-the-unprotect-on-r.patch [bz#2111390] - kvm-redhat-Update-linux-headers-for-kvm_s390_vm_cpu_uv_f.patch [bz#2111390] - kvm-target-s390x-kvm-Refactor-AP-functionalities.patch [bz#2111390] - kvm-target-s390x-AP-passthrough-for-PV-guests.patch [bz#2111390] - Resolves: bz#2111390 ([IBM 8.10 FEAT] KVM: Enable Secure Execution Crypto Passthrough - qemu part) seabios sgabios supermin swtpm virt-v2v MODERATE Copyright 2024 Oracle, Inc. CVE-2024-2494 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 aardvark-dns buildah [2:1.33.7-1] - update to the latest content of https://github.com/containers/buildah/tree/release-1.33 (https://github.com/containers/buildah/commit/b95e962) - Resolves: RHEL-28224 cockpit-podman conmon containernetworking-plugins containers-common container-selinux criu [3.18-5] - rebuild to preserve upgrade path - Related: RHEL-32671 crun fuse-overlayfs libslirp [4.4.0-2] - rebuild to preserve upgrade path 8.9 -> 8.10 - Related: RHEL-32671 netavark oci-seccomp-bpf-hook podman [4:4.9.4-1] - update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/7752c56) - Resolves: RHEL-28225 python-podman skopeo [2:1.14.3-2] - update to the latest content of https://github.com/containers/skopeo/tree/release-1.14 (https://github.com/containers/skopeo/commit/5f2b9af) - Resolves: RHEL-28728 [2:1.14.3-1] - update to the latest content of https://github.com/containers/skopeo/tree/release-1.14 (https://github.com/containers/skopeo/commit/4a2bc3a) - Resolves: RHEL-28226 [2:1.14.3-0.2] - update to the latest content of https://github.com/containers/skopeo/tree/release-1.14 (https://github.com/containers/skopeo/commit/d0a0f1a) - Resolves: RHEL-28226 slirp4netns udica [0.2.6-21] - bump release to preserve update path - Resolves: RHEL-32671 [0.2.6-20] - bump release to preserve update path - Related: #2139052 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1753 CVE-2022-41715 CVE-2024-24786 CVE-2024-28180 CVE-2022-2880 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 Oracle Linux 8 [1.20.14-23] - CVE fix for: CVE-2024-31080, CVE-2024-31081, CVE-2024-31082 and CVE-2024-31083 - Add util-linux as a dependency of Xvfb - Fix compilation error on i686 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-31081 CVE-2024-31083 CVE-2024-31080 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 delve golang [1.21.9-1] - Fix CVE-2023-45288 - Resolves: RHEL-31915 go-toolset [1.21.9-1] - Fix CVE-2023-45288 - Resolves: RHEL-31915 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-45289 CVE-2024-24784 CVE-2023-45288 CVE-2024-24783 CVE-2024-24785 CVE-2023-45290 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [1.13.1-10] - Drop patches that are already part of xorg-x11-server Resolves: RHEL-30755 Resolves: RHEL-30767 Resolves: RHEL-30761 [1.13.1-9] - Fix CVE-2024-31080 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents Resolves: RHEL-30755 - Fix CVE-2024-31083 tigervnc: xorg-x11-server: User-after-free in ProcRenderAddGlyphs Resolves: RHEL-30767 - Fix CVE-2024-31081 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice Resolves: RHEL-30761 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-31081 CVE-2024-31080 CVE-2024-31083 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [5.3.7-20.0.1] - pcp-zoneinfo fix to replay ol7 archives [Orabug: 35903733] - Backporting of python tool pcp-meminfo [Orabug: 35759707] - Backporting of python tool pcp-slabinfo [Orabug: 35560940] - Backporting of python tool pcp-buddyinfo [Orabug: 35660932] - Backporting of python tool pcp-netstat [Orabug: 34324779] - Backporting of python tool pcp-zoneinfo [Orabug: 35660927] - Fixed multiple pcp python utiltites issues[Orabug: 35434363] - Fixed broken pipe issue in pcp ps utlity[Orabug: 34830203] - Fixed pcp mpstat utiltiy crash issue [Orabug: 34891338] - Pcp mpstat utiltiy initial archive file read error fix [Orabug: 34869451] - Fix pcp-ps to show n sample with archives[Orabug: 34849959] - Pcp ps Utility -o option and print issue fix [Orabug: 34321683] - Pcp ps utilty has been added [Orabug: 34321683] [5.3.7-20] - Disable RESP proxying by default in pmproxy (RHEL-30715) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-3019 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [9.2.10-16] - Check OrdID is correct before deleting snapshot - fix CVE-2024-1313 - fix CVE-2024-1394 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1313 CVE-2024-1394 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 bind-dyndb-ldap custodia ipa [4.9.13-9.0.1] - Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674] [9.4.13-9] - dcerpc: invalidate forest trust intfo cache when filtering out realm domains Resolves: RHEL-28559 - Backport latests test fixes in python3-tests ipatests: add xfail for autoprivate group test with override ipatests: remove xfail thanks to sssd 2.9.4 ipatests: adapt for new automembership fixup behavior ipatests: Fixes for test_ipahealthcheck_ipansschainvalidation testcases test_xmlrpc: adopt to automember plugin message changes in 389-ds Resolves: RHEL-29908 ipa-healthcheck opendnssec python-jwcrypto [0.5.0-2] - Address potential DoS with high compression ratio Resolves: RHEL-28697 - Limit number of iterations for PBES Resolves: RHEL-23036 RHEL-23037 python-kdcproxy python-qrcode python-yubico pyusb slapi-nis softhsm MODERATE Copyright 2024 Oracle, Inc. CVE-2024-28102 CVE-2023-6681 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [1.18.2-27.0.1] - Fixed race condition in krb5_set_password() [Orabug: 33609767] [1.18.2-27] - Fix memory leak in GSSAPI interface Resolves: RHEL-27250 - Fix memory leak in PMAP RPC interface Resolves: RHEL-27244 - Make TCP waiting time configurable Resolves: RHEL-17131 LOW Copyright 2024 Oracle, Inc. CVE-2024-26458 CVE-2024-26461 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:10:baseos_patch cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 Oracle Linux 8 [2.28-251.0.2.1] - Forward port of Oracle patches over 2.28-251.1 Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-2961 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:10:baseos_patch cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [2.9.4-3.0.1] - Restore default debug level for sss_cache [Orabug: 32810448] [2.9.4-3] - Resolves: RHEL-27205 - Race condition during authorization leads to GPO policies functioning inconsistently MODERATE Copyright 2024 Oracle, Inc. CVE-2023-3758 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/o:oracle:linux:8:10:baseos_patch cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 bind [32:9.11.36-14] - Speed up parsing of DNS messages with many different names (CVE-2023-4408) - Prevent increased CPU consumption in DNSSEC validator (CVE-2023-50387 CVE-2023-50868) - Do not use header_prev in expire_lru_headers dhcp [4.3.6] - Change bug tracker path [12:4.3.6-50] - Rebuild because of bind ABI changes related to CVE-2023-50387 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-50387 CVE-2023-4408 CVE-2023-50868 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/o:oracle:linux:8:10:baseos_patch cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 Oracle Linux 8 [1.15.0-12] - Security fix for CVE-2023-29483 Resolves: RHEL-32630 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-29483 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/o:oracle:linux:8:10:baseos_patch cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 Oracle Linux 7 [1:5.3.6.1-26.0.1] - adjust color palette to match Redwood style. - Replaced RedHat colors with Oracle colors, and the filename redhat.soc with oracle.soc in specfile - Build with --with-vendor='Oracle America, Inc.' [1:5.3.6.1-26] - Fix CVE-2022-38745 Empty entry in Java class path - Fix CVE-2023-0950 Array Index UnderFlow in Calc Formula Parsing - Fix CVE-2023-1183 libreoffice: Arbitrary File Write - Fix CVE-2023-6185 escape url passed to gstreamer IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-6185 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 9 [5.14.0-427.18.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates [5.14.0-427.18.1_4] - netfilter: nf_tables: disallow anonymous set with timeout flag (Phil Sutter) [RHEL-32971 RHEL-30082] {CVE-2024-26642} - netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (Phil Sutter) [RHEL-33070 RHEL-30078] {CVE-2024-26643} - netfilter: nft_ct: fix l3num expectations with inet pseudo family (Phil Sutter) [RHEL-32963 RHEL-31345] {CVE-2024-26673} - netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations (Phil Sutter) [RHEL-32963 RHEL-31345] {CVE-2024-26673} - arm64: tlb: Fix TLBI RANGE operand (Shaoqin Huang) [RHEL-33412 RHEL-26259] - arm64/mm: Modify range-based tlbi to decrement scale (Shaoqin Huang) [RHEL-33412 RHEL-26259] - rh_messages.h: mark mlx5 on Bluefield-3 as unmaintained (Scott Weaver) [RHEL-35878 RHEL-33061] - net: ip_tunnel: prevent perpetual headroom growth (Guillaume Nault) [RHEL-33934 RHEL-31816] {CVE-2024-26804} - gitlab-ci: use zstream builder container image (Michael Hofmann) - selftests: net: gro fwd: update vxlan GRO test expectations (Antoine Tenart) [RHEL-30910 RHEL-19729] - udp: prevent local UDP tunnel packets from being GROed (Antoine Tenart) [RHEL-30910 RHEL-19729] - udp: do not transition UDP GRO fraglist partial checksums to unnecessary (Antoine Tenart) [RHEL-30910 RHEL-19729] - gro: fix ownership transfer (Antoine Tenart) [RHEL-30910 RHEL-19729] - udp: do not accept non-tunnel GSO skbs landing in a tunnel (Antoine Tenart) [RHEL-30910 RHEL-19729] - bpf, tcx: Get rid of tcx_link_const (Felix Maurer) [RHEL-33062 RHEL-28590] - selftests/bpf: Add additional mprog query test coverage (Felix Maurer) [RHEL-33062 RHEL-28590] - selftests/bpf: Make seen_tc* variable tests more robust (Felix Maurer) [RHEL-33062 RHEL-28590] - selftests/bpf: Test query on empty mprog and pass revision into attach (Felix Maurer) [RHEL-33062 RHEL-28590] - selftests/bpf: Adapt assert_mprog_count to always expect 0 count (Felix Maurer) [RHEL-33062 RHEL-28590] - selftests/bpf: Test bpf_mprog query API via libbpf and raw syscall (Felix Maurer) [RHEL-33062 RHEL-28590] - selftest/bpf: Add various selftests for program limits (Felix Maurer) [RHEL-33062 RHEL-28590] - bpf: Refuse unused attributes in bpf_prog_{attach,detach} (Felix Maurer) [RHEL-33062 RHEL-28590] - bpf: Handle bpf_mprog_query with NULL entry (Felix Maurer) [RHEL-33062 RHEL-28590] - net: Fix skb consume leak in sch_handle_egress (Felix Maurer) [RHEL-33062 RHEL-28590] - selftests/bpf: Add various more tcx test cases (Felix Maurer) [RHEL-33062 RHEL-28590] - selftests/bpf: Add test for detachment on empty mprog entry (Felix Maurer) [RHEL-33062 RHEL-28590] - tcx: Fix splat during dev unregister (Felix Maurer) [RHEL-33062 RHEL-28590] - tcx: Fix splat in ingress_destroy upon tcx_entry_free (Felix Maurer) [RHEL-33062 RHEL-28590] - selftests/bpf: Add mprog API tests for BPF tcx links (Felix Maurer) [RHEL-33062 RHEL-28590] - selftests/bpf: Add mprog API tests for BPF tcx opts (Felix Maurer) [RHEL-33062 RHEL-28590] - bpf: Add fd-based tcx multi-prog infra with link support (Felix Maurer) [RHEL-33062 RHEL-28590] - bpftool: Implement link show support for tcx (Artem Savkov) [RHEL-33062 RHEL-23643] - bpftool: Extend net dump with tcx progs (Artem Savkov) [RHEL-33062 RHEL-23643] - bpf: fix precision backtracking instruction iteration (Jay Shin) [RHEL-35230 RHEL-23643] [5.14.0-427.17.1_4] - ceph: switch to use cap_delay_lock for the unlink delay list (Jay Shin) [RHEL-33003 RHEL-32997] - ceph: remove useless session parameter for check_caps() (Xiubo Li) [RHEL-33003 RHEL-19813] - ceph: flush the dirty caps immediatelly when quota is approaching (Xiubo Li) [RHEL-33003 RHEL-19813] - vhost: Add smp_rmb() in vhost_enable_notify() (Gavin Shan) [RHEL-31839 RHEL-26104] - vhost: Add smp_rmb() in vhost_vq_avail_empty() (Gavin Shan) [RHEL-31839 RHEL-26104] - iommu/vt-d: Support enforce_cache_coherency only for empty domains (Jerry Snitselaar) [RHEL-32793 RHEL-31083] - iommu/vt-d: Add MTL to quirk list to skip TE disabling (Jerry Snitselaar) [RHEL-32793 RHEL-31083] - iommu/vt-d: Make context clearing consistent with context mapping (Jerry Snitselaar) [RHEL-32793 RHEL-31083] - iommu/vt-d: Disable PCI ATS in legacy passthrough mode (Jerry Snitselaar) [RHEL-32793 RHEL-31083] - iommu/vt-d: Omit devTLB invalidation requests when TES=0 (Jerry Snitselaar) [RHEL-32793 RHEL-31083] - PCI/MSI: Prevent MSI hardware interrupt number truncation (Myron Stowe) [RHEL-33656 RHEL-21453] MODERATE Copyright 2024 Oracle, Inc. CVE-2024-26643 CVE-2024-26642 CVE-2024-26804 CVE-2024-26673 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_patch Oracle Linux 9 [1:9.0.87-1.el9_4.1] - Resolves: RHEL-34815 - Rebase tomcat to version 9.0.87 - Resolves: RHEL-31048 tomcat: Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) - Resolves: RHEL-31032 tomcat: : Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) - Resolves: RHEL-35328 - Amend tomcat's changelog (CVE-2023-46589, CVE-2023-45648, CVE-2023-42795, CVE-2023-42794, CVE-2023-44487, CVE-2023-41080) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-23672 CVE-2024-24549 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [2.34-100.0.1.2] - Forward-port Oracle patches for ol9-u4 Reviewed by: Jose E. Marchesi IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-2961 CVE-2024-33599 CVE-2024-33601 CVE-2024-33600 CVE-2024-33602 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_patch Oracle Linux 8 [7.0.119-1.0.1] - Add support for Oracle Linux [7.0.119-1] - Update to .NET SDK 7.0.119 and Runtime 7.0.19 - Resolves: RHEL-35313 [7.0.118-2] - Update to .NET SDK 7.0.118 and Runtime 7.0.18 - Resolves: RHEL-31199 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-30045 CVE-2024-30046 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [2.36.12-6] - Backport fixes for CVE-2022-48622 - Apply patches with git to enable binary patching - Resolves: RHEL-30478 MODERATE Copyright 2024 Oracle, Inc. CVE-2022-48622 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:10:baseos_patch cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [21.1.3-16] - CVE fix for: CVE-2024-31080, CVE-2024-31081, CVE-2024-31083 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-31081 CVE-2024-31083 CVE-2024-31080 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [2.28-251.0.2.2] - Forward port of Oracle patches over 2.28-251.2 Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> Oracle history: May-23-2024 Cupertino Miranda <cupertino.miranda@oracle.com> - 2.28-251.0.2.1 - Forward port of Oracle patches over 2.28-251.1 Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-33600 CVE-2024-33599 CVE-2024-33602 CVE-2024-33601 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 cpe:/o:oracle:linux:8:10:baseos_patch cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [8.0.105-1.0.1] - Add support for Oracle Linux [8.0.105-1] - Update to .NET SDK 8.0.105 and Runtime 8.0.5 - Resolves: RHEL-35316 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-30045 CVE-2024-30046 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [3.4.1-2] - Rebuild with new Golang - Resolves: RHEL-32543, RHEL-28377, RHEL-28399, RHEL-28423 [3.4.1-1] - Update to version 3.4.1 - Resolves: RHEL-17102 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-45290 CVE-2024-24783 CVE-2023-45289 CVE-2023-45288 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [3.6.8-62.0.1] - Add Oracle Linux distribution in platform.py [Orabug: 20812544] [3.6.8-62] - Security fix for CVE-2024-0450 Resolves: RHEL-33683 [3.6.8-61] - Security fix for CVE-2023-6597 Resolves: RHEL-33671 [3.6.8-60] - Fix build with expat with fixed CVE-2023-52425 Related: RHEL-33671 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-0450 CVE-2023-6597 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/o:oracle:linux:8:10:baseos_patch cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 Oracle Linux 8 mod_wsgi numpy python39 [3.9.19-1] - Update to 3.9.19 - Security fixes for CVE-2023-6597 and CVE-2024-0450 - Fix tests for XMLPullParser with Expat with fixed CVE Resolves: RHEL-33676, RHEL-33688 python3x-pip python3x-setuptools python3x-six python-cffi python-chardet python-cryptography python-idna [2.10-4] - Security fix for CVE-2024-3651 Resolves: RHEL-32705 python-lxml python-ply python-psutil python-psycopg2 python-pycparser python-PyMySQL python-pysocks python-requests python-toml python-urllib3 python-wheel PyYAML scipy IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-3651 CVE-2024-0450 CVE-2023-6597 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 ruby [3.0.7-143] - Fix Zlib test failures on s390x due to HW acceleration Related: RHEL-36189 [3.0.7-142] - Upgrade to Ruby 3.0.7. Resolves: RHEL-36189 - Fix HTTP response splitting in CGI. Resolves: RHEL-36193 - Fix ReDoS vulnerability in URI. Resolves: RHEL-36196 - Fix ReDoS vulnerability in Time. Resolves: RHEL-36205 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-36198 - Fix RCE vulnerability with .rdoc_options in RDoc. Resolves: RHEL-36200 - Fix arbitrary memory address read vulnerability with Regex search. Resolves: RHEL-36203 rubygem-abrt rubygem-mysql2 rubygem-pg MODERATE Copyright 2024 Oracle, Inc. CVE-2021-33621 CVE-2024-27281 CVE-2024-27280 CVE-2023-28755 CVE-2023-28756 CVE-2024-27282 cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [1.43.0-5.2] - fix CONTINUATION frames DoS (CVE-2024-28182, CVE-2024-27316) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-28182 cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_patch Oracle Linux 9 [590-4] - Fix CVE-2024-32487 - Resolves: RHEL-33773 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-32487 cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 8 ruby [3.1.5-143] - Upgrade to Ruby 3.1.5. Resolves: RHEL-35748 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-35749 - Fix RCE vulnerability with .rdoc_options in RDoc. Resolves: RHEL-35750 - Fix arbitrary memory address read vulnerability with Regex search. Resolves: RHEL-35751 rubygem-abrt rubygem-mysql2 rubygem-pg MODERATE Copyright 2024 Oracle, Inc. CVE-2024-27281 CVE-2024-27282 CVE-2024-27280 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [2.17-326.3] - Forward-port Oracle patches to 2.17-326.3 Reviewed-by: Jose E. Marchesi [2.17-326.3] - nscd: Fix timeout type in netgroup cache (RHEL-34263) [2.17-326.2] - nscd: Do not use sendfile for the netgroup cache - nscd: Use-after-free in netgroup cache - CVE-2024-33599: nscd: buffer overflow in netgroup cache (RHEL-34263) - CVE-2024-33600: nscd: null pointer dereferences in netgroup cache - CVE-2024-33601: nscd: crash on out-of-memory condition - CVE-2024-33602: nscd: memory corruption with NSS netgroup modules [2.17-326.1] - CVE-2024-2961: Out of bounds write in iconv conversion to ISO-2022-CN-EXT (RHEL-31803) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-33600 CVE-2024-2961 CVE-2024-33599 CVE-2024-33601 CVE-2024-33602 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ovs3 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ovs3 cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [1.3.11.1-5] - Bump version to 1.3.11.1-5 - Resolves: RHEL-33337 - redhat-ds:11/389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request - Resolves: RHEL-34817 - redhat-ds:11/389-ds-base: Malformed userPassword may cause crash at do_modify in slapd/modify.c IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-2199 CVE-2024-3657 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [4.18.0-553.5.1.el8_10.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652] - Drop not needed patch [4.18.0-553.5.1.el8_10] - tools/power/turbostat: Fix uncore frequency file string (David Arcari) [RHEL-29238] - tools/power turbostat: Expand probe_intel_uncore_frequency() (David Arcari) [RHEL-29238] - uio: Fix use-after-free in uio_open (Ricardo Robaina) [RHEL-26232] {CVE-2023-52439} - net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (Ken Cox) [RHEL-27316] {CVE-2021-47013} - keys: Fix linking a duplicate key to a keyring's assoc_array (David Howells) [RHEL-30772] - keys: Hoist locking out of __key_link_begin() (David Howells) [RHEL-30772] - keys: Break bits out of key_unlink() (David Howells) [RHEL-30772] - keys: Change keyring_serialise_link_sem to a mutex (David Howells) [RHEL-30772] - wifi: brcm80211: handle pmk_op allocation failure (Jose Ignacio Tornos Martinez) [RHEL-35150] {CVE-2024-27048} - wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work (Jose Ignacio Tornos Martinez) [RHEL-35140] {CVE-2024-27052} - wifi: iwlwifi: mvm: ensure offloading TID queue exists (Jose Ignacio Tornos Martinez) [RHEL-35130] {CVE-2024-27056} - wifi: mt76: mt7921e: fix use-after-free in free_irq() (Jose Ignacio Tornos Martinez) [RHEL-34866] {CVE-2024-26892} - wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete (Jose Ignacio Tornos Martinez) [RHEL-34189] {CVE-2024-26897} - wifi: iwlwifi: mvm: fix a crash when we run out of stations (Jose Ignacio Tornos Martinez) [RHEL-31547] {CVE-2024-26693} - wifi: iwlwifi: fix double-free bug (Jose Ignacio Tornos Martinez) [RHEL-31543] {CVE-2024-26694} - wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (Jose Ignacio Tornos Martinez) [RHEL-29089] {CVE-2023-52594} - wifi: rt2x00: restart beacon queue when hardware reset (Jose Ignacio Tornos Martinez) [RHEL-29093] {CVE-2023-52595} - wifi: iwlwifi: fix a memory corruption (Jose Ignacio Tornos Martinez) [RHEL-28903] {CVE-2024-26610} [4.18.0-553.4.1.el8_10] - cpuhotplug: Fix kABI breakage caused by CPUHP_AP_HYPERV_ONLINE (Vitaly Kuznetsov) [RHEL-36117] - net/mlx5e: Prevent deadlock while disabling aRFS (Kamal Heib) [RHEL-35041] {CVE-2024-27014} - x86/tsc: Defer marking TSC unstable to a worker (Wander Lairson Costa) [RHEL-32676] - x86/smpboot: Make TSC synchronization function call based (Wander Lairson Costa) [RHEL-32676] - net: usb: fix possible use-after-free in smsc75xx_bind (Jose Ignacio Tornos Martinez) [RHEL-30311] {CVE-2021-47171} - net: usb: fix memory leak in smsc75xx_bind (Jose Ignacio Tornos Martinez) [RHEL-30311] {CVE-2021-47171} [4.18.0-552.3.1.el8_10] - netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (Phil Sutter) [RHEL-30076] {CVE-2024-26643} - netfilter: nf_tables: disallow anonymous set with timeout flag (Phil Sutter) [RHEL-30080] {CVE-2024-26642} - selftests/bpf: Fix pyperf180 compilation failure with clang18 (Artem Savkov) [RHEL-35576] - md/raid5: fix atomicity violation in raid5_cache_count (Nigel Croxon) [RHEL-27930] {CVE-2024-23307} - usb: ulpi: Fix debugfs directory leak (Desnes Nunes) [RHEL-33287] {CVE-2024-26919} - powerpc/pseries: Fix potential memleak in papr_get_attr() (Mamatha Inamdar) [RHEL-35213] {CVE-2022-48669} - USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command (Desnes Nunes) [RHEL-35122] {CVE-2024-27059} - NFSv4: fairly test all delegations on a SEQ4_ revocation (Benjamin Coddington) [RHEL-34912] - USB: core: Fix deadlock in usb_deauthorize_interface() (Desnes Nunes) [RHEL-35002] {CVE-2024-26934} - usb: xhci: Add error handling in xhci_map_urb_for_dma (Desnes Nunes) [RHEL-34958] {CVE-2024-26964} - fs: sysfs: Fix reference leak in sysfs_break_active_protection() (Ewan D. Milne) [RHEL-35076] {CVE-2024-26993} - xhci: handle isoc Babble and Buffer Overrun events properly (Desnes Nunes) [RHEL-31297] {CVE-2024-26659} - xhci: process isoc TD properly when there was a transaction error mid TD. (Desnes Nunes) [RHEL-31297] {CVE-2024-26659} - USB: core: Fix deadlock in port "disable" sysfs attribute (Desnes Nunes) [RHEL-35006] {CVE-2024-26933} - USB: core: Add hub_get() and hub_put() routines (Desnes Nunes) [RHEL-35006] {CVE-2024-26933} - netfilter: ipset: Missing gc cancellations fixed (Phil Sutter) [RHEL-30521] - netfilter: ipset: fix performance regression in swap operation (Phil Sutter) [RHEL-30521] - netfilter: ipset: Fix "INFO: rcu detected stall in hash_xxx" reports (Phil Sutter) [RHEL-30521] - netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test (Phil Sutter) [RHEL-30521] - x86/apic/x2apic: Fix a NULL pointer deref when handling a dying cpu (David Arcari) [RHEL-32516] - x86/coco: Disable 32-bit emulation by default on TDX and SEV (Vitaly Kuznetsov) [RHEL-25087] {CVE-2024-25744} - x86: Make IA32_EMULATION boot time configurable (Vitaly Kuznetsov) [RHEL-25087] {CVE-2024-25744} - x86/entry: Make IA32 syscalls' availability depend on ia32_enabled() (Vitaly Kuznetsov) [RHEL-25087] {CVE-2024-25744} - x86/elf: Make loading of 32bit processes depend on ia32_enabled() (Vitaly Kuznetsov) [RHEL-25087] {CVE-2024-25744} - x86/entry: Rename ignore_sysret() (Vitaly Kuznetsov) [RHEL-25087] {CVE-2024-25744} - x86/cpu: Don't write CSTAR MSR on Intel CPUs (Vitaly Kuznetsov) [RHEL-25087] {CVE-2024-25744} - x86: Introduce ia32_enabled() (Vitaly Kuznetsov) [RHEL-25087] {CVE-2024-25744} [4.18.0-552.2.1.el8_10] - s390/ptrace: handle setting of fpc register correctly (Tobias Huschle) [RHEL-29106] {CVE-2023-52598} - net/smc: fix illegal rmb_desc access in SMC-D connection dump (Tobias Huschle) [RHEL-27746] {CVE-2024-26615} - wifi: mac80211: fix race condition on enabling fast-xmit (Jose Ignacio Tornos Martinez) [RHEL-31664] {CVE-2024-26779} - powerpc/fadump: make is_kdump_kernel() return false when fadump is active (Mamatha Inamdar) [RHEL-24401] - vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (Mamatha Inamdar) [RHEL-24401] - mtd: require write permissions for locking and badblock ioctls (Prarit Bhargava) [RHEL-27585] {CVE-2021-47055} - mtd: properly check all write ioctls for permissions (Prarit Bhargava) [RHEL-27585] {CVE-2021-47055} - pid: take a reference when initializing (Waiman Long) [RHEL-29420] {CVE-2021-47118} - i2c: i801: Don't generate an interrupt on bus reset (Prarit Bhargava) [RHEL-30325] {CVE-2021-47153} - RDMA/srpt: Do not register event handler until srpt device is fully setup (Kamal Heib) [RHEL-33224] {CVE-2024-26872} - ceph: switch to corrected encoding of max_xattr_size in mdsmap (Xiubo Li) [RHEL-26723] - ceph: switch to use cap_delay_lock for the unlink delay list (Xiubo Li) [RHEL-32870] - ceph: pass ino# instead of old_dentry if it's disconnected (Xiubo Li) [RHEL-32870] - fat: fix uninitialized field in nostale filehandles (Andrey Albershteyn) [RHEL-33186 RHEL-35108] {CVE-2024-26973} - do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak (Andrey Albershteyn) [RHEL-33186] {CVE-2024-26901} - idpf: limit the support to GCP only (Michal Schmidt) [RHEL-15652] - redhat/configs: enable CONFIG_IDPF (Michal Schmidt) [RHEL-15652] - idpf: remove the use of ETHTOOL_RING_USE_TCP_DATA_SPLIT (Michal Schmidt) [RHEL-15652] - idpf: workaround for unavailable skb page recycling (Michal Schmidt) [RHEL-15652] - idpf: always allocate a full page (Michal Schmidt) [RHEL-15652] - idpf: remove page pool stats code (Michal Schmidt) [RHEL-15652] - idpf: add minimal macros for __free(kfree) to work (Michal Schmidt) [RHEL-15652] - idpf: fixup include paths for RHEL 8 (Michal Schmidt) [RHEL-15652] - idpf: fix kernel panic on unknown packet types (Michal Schmidt) [RHEL-15652] - idpf: disable local BH when scheduling napi for marker packets (Michal Schmidt) [RHEL-15652] - idpf: remove dealloc vector msg err in idpf_intr_rel (Michal Schmidt) [RHEL-15652] - idpf: fix minor controlq issues (Michal Schmidt) [RHEL-15652] - idpf: prevent deinit uninitialized virtchnl core (Michal Schmidt) [RHEL-15652] - idpf: cleanup virtchnl cruft (Michal Schmidt) [RHEL-15652] - idpf: refactor idpf_recv_mb_msg (Michal Schmidt) [RHEL-15652] - idpf: add async_handler for MAC filter messages (Michal Schmidt) [RHEL-15652] - idpf: refactor remaining virtchnl messages (Michal Schmidt) [RHEL-15652] - idpf: refactor queue related virtchnl messages (Michal Schmidt) [RHEL-15652] - idpf: refactor vport virtchnl messages (Michal Schmidt) [RHEL-15652] - idpf: implement virtchnl transaction manager (Michal Schmidt) [RHEL-15652] - idpf: add idpf_virtchnl.h (Michal Schmidt) [RHEL-15652] - idpf: avoid compiler padding in virtchnl2_ptype struct (Michal Schmidt) [RHEL-15652] - idpf: distinguish vports by the dev_port attribute (Michal Schmidt) [RHEL-15652] - idpf: avoid compiler introduced padding in virtchnl2_rss_key struct (Michal Schmidt) [RHEL-15652] - idpf: fix corrupted frames and skb leaks in singleq mode (Michal Schmidt) [RHEL-15652] - idpf: refactor some missing field get/prep conversions (Michal Schmidt) [RHEL-15652] - idpf: add get/set for Ethtool's header split ringparam (Michal Schmidt) [RHEL-15652] - idpf: fix potential use-after-free in idpf_tso() (Michal Schmidt) [RHEL-15652] - idpf: cancel mailbox work in error path (Michal Schmidt) [RHEL-15652] - idpf: set scheduling mode for completion queue (Michal Schmidt) [RHEL-15652] - idpf: add SRIOV support and other ndo_ops (Michal Schmidt) [RHEL-15652] - idpf: add ethtool callbacks (Michal Schmidt) [RHEL-15652] - idpf: add singleq start_xmit and napi poll (Michal Schmidt) [RHEL-15652] - idpf: add RX splitq napi poll support (Michal Schmidt) [RHEL-15652] - idpf: add TX splitq napi poll support (Michal Schmidt) [RHEL-15652] - idpf: add splitq start_xmit (Michal Schmidt) [RHEL-15652] - idpf: initialize interrupts and enable vport (Michal Schmidt) [RHEL-15652] - idpf: configure resources for RX queues (Michal Schmidt) [RHEL-15652] - idpf: configure resources for TX queues (Michal Schmidt) [RHEL-15652] - idpf: add ptypes and MAC filter support (Michal Schmidt) [RHEL-15652] - idpf: add create vport and netdev configuration (Michal Schmidt) [RHEL-15652] - idpf: add core init and interrupt request (Michal Schmidt) [RHEL-15652] - idpf: add controlq init and reset checks (Michal Schmidt) [RHEL-15652] - idpf: add module register and probe functionality (Michal Schmidt) [RHEL-15652] - virtchnl: add virtchnl version 2 ops (Michal Schmidt) [RHEL-15652] - net: netdev_queue: netdev_txq_completed_mb(): fix wake condition (Michal Schmidt) [RHEL-15652] - net: piggy back on the memory barrier in bql when waking queues (Michal Schmidt) [RHEL-15652] - net: provide macros for commonly copied lockless queue stop/wake code (Michal Schmidt) [RHEL-15652] [4.18.0-552.1.1.el8_10] - redhat: set DIST to el8_10 and ZSTREAM to yes for 8.10 (Denys Vlasenko) - tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (Prarit Bhargava) [RHEL-32590] {CVE-2021-47185} - net: mana: Fix Rx DMA datasize and skb_over_panic (Cathy Avery) [RHEL-32579] - RDMA/srpt: Support specifying the srpt_service_guid parameter (Kamal Heib) [RHEL-31710] {CVE-2024-26744} - RDMA/qedr: Fix qedr_create_user_qp error flow (Kamal Heib) [RHEL-31714] {CVE-2024-26743} - hwmon: (coretemp) Fix out-of-bounds memory access (David Arcari) [RHEL-31305] {CVE-2024-26664} - RDMA/irdma: Fix KASAN issue with tasklet (Kamal Heib) [RHEL-15776] - net: bridge: use DEV_STATS_INC() (Ivan Vecera) [RHEL-27989] {CVE-2023-52578} - net: Fix unwanted sign extension in netdev_stats_to_stats64() (Ivan Vecera) [RHEL-27989] {CVE-2023-52578} - net: add atomic_long_t to net_device_stats fields (Ivan Vecera) [RHEL-27989] {CVE-2023-52578} - net/sched: act_ct: fix skb leak and crash on ooo frags (Xin Long) [RHEL-29467] {CVE-2023-52610} - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (Jose Ignacio Tornos Martinez) [RHEL-28015] {CVE-2023-52528 } - RDMA/core: Fix uninit-value access in ib_get_eth_speed() (Kamal Heib) [RHEL-30130] - RDMA/core: Get IB width and speed from netdev (Kamal Heib) [RHEL-30130] - cpufreq: intel_pstate: Add Emerald Rapids support in no-HWP mode (Prarit Bhargava) [RHEL-29444] - powerpc/mm: Fix null-pointer dereference in pgtable_cache_add (Mamatha Inamdar) [RHEL-29118] {CVE-2023-52607} - powerpc/lib: Validate size for vector operations (Mamatha Inamdar) [RHEL-29114] {CVE-2023-52606} - usb: hub: Guard against accesses to uninitialized BOS descriptors (Desnes Nunes) [RHEL-28986] {CVE-2023-52477} - media: uvcvideo: Fix OOB read (Desnes Nunes) [RHEL-27940] {CVE-2023-52565} - media: pvrusb2: fix use after free on context disconnection (Desnes Nunes) [RHEL-26498] {CVE-2023-52445} - i2c: i801: Fix block process call transactions (Prarit Bhargava) [RHEL-26478] {CVE-2024-26593} - overlay: disable EVM (Coiby Xu) [RHEL-19863] - evm: add support to disable EVM on unsupported filesystems (Coiby Xu) [RHEL-19863] - evm: don't copy up 'security.evm' xattr (Coiby Xu) [RHEL-19863] - net: ena: Remove ena_select_queue (Kamal Heib) [RHEL-14286] - media: dvbdev: Fix memory leak in dvb_media_device_free() (Prarit Bhargava) [RHEL-27254] {CVE-2020-36777} - gfs2: Fix invalid metadata access in punch_hole (Andrew Price) [RHEL-28784] - i2c: Fix a potential use after free (Prarit Bhargava) [RHEL-26849] {CVE-2019-25162} - i2c: validate user data in compat ioctl (Prarit Bhargava) [RHEL-27022] {CVE-2021-46934} - platform/x86: think-lmi: Fix reference leak (Prarit Bhargava) [RHEL-28030] {CVE-2023-52520} - vhost: use kzalloc() instead of kmalloc() followed by memset() (Jon Maloy) [RHEL-21505] {CVE-2024-0340} - RDMA/siw: Fix connection failure handling (Kamal Heib) [RHEL-28042] {CVE-2023-52513} - vt: fix memory overlapping when deleting chars in the buffer (Waiman Long) [RHEL-27778 RHEL-27779] {CVE-2022-48627} - x86/fpu: Stop relying on userspace for info to fault in xsave buffer (Steve Best) [RHEL-26669] {CVE-2024-26603} - mptcp: fix double-free on socket dismantle (Davide Caratti) [RHEL-22773] {CVE-2024-26782} - crypto: akcipher - Disable signing and decryption (Herbert Xu) [RHEL-17114] {CVE-2023-6240} - crypto: akcipher - default implementations for request callbacks (Herbert Xu) [RHEL-17114] {CVE-2023-6240} - crypto: testmgr - split akcipher tests by a key type (Herbert Xu) [RHEL-17114] {CVE-2023-6240} - workqueue: Warn when a rescuer could not be created (Waiman Long) [RHEL-22136] - RDMA/cma: Avoid GID lookups on iWARP devices (Benjamin Coddington) [RHEL-12456] - RDMA/cma: Deduplicate error flow in cma_validate_port() (Benjamin Coddington) [RHEL-12456] - RDMA/core: Set gid_attr.ndev for iWARP devices (Benjamin Coddington) [RHEL-12456] - RDMA/siw: Fabricate a GID on tun and loopback devices (Benjamin Coddington) [RHEL-12456] MODERATE Copyright 2024 Oracle, Inc. CVE-2021-46934 CVE-2023-6240 CVE-2023-52595 CVE-2021-47055 CVE-2021-47185 CVE-2022-48669 CVE-2023-52513 CVE-2023-52594 CVE-2024-26615 CVE-2021-47013 CVE-2023-52520 CVE-2024-25744 CVE-2024-26693 CVE-2024-26892 CVE-2024-26603 CVE-2022-48627 CVE-2023-52607 CVE-2024-26642 CVE-2024-26743 CVE-2021-47153 CVE-2023-52598 CVE-2024-26901 CVE-2023-52477 CVE-2023-52528 CVE-2023-52565 CVE-2024-26779 CVE-2024-26872 CVE-2024-26973 CVE-2020-36777 CVE-2021-47118 CVE-2021-47171 CVE-2023-52606 CVE-2023-52610 CVE-2024-27052 CVE-2023-52439 CVE-2024-26744 CVE-2024-26919 CVE-2024-26933 CVE-2024-0340 CVE-2024-26593 CVE-2024-26643 CVE-2024-26659 CVE-2024-26934 CVE-2023-52445 CVE-2023-52578 CVE-2024-26610 CVE-2024-26897 CVE-2024-27014 CVE-2024-27056 CVE-2019-25162 CVE-2024-26694 CVE-2024-27059 CVE-2024-26964 CVE-2024-26664 CVE-2024-27048 CVE-2024-26993 CVE-2024-23307 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:10:baseos_patch cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 9 - [5.14.0-427.20.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates [5.14.0-427.20.1_4] - ipv6: sr: fix possible use-after-free and null-ptr-deref (Hangbin Liu) [RHEL-33968 RHEL-31732] {CVE-2024-26735} - idpf: fix kernel panic on unknown packet types (Michal Schmidt) [RHEL-36145 RHEL-29035] - idpf: refactor some missing field get/prep conversions (Michal Schmidt) [RHEL-36145 RHEL-29035] - PCI: Fix pci_rh_check_status() call semantics (Luiz Capitulino) [RHEL-36541 RHEL-35032] - cxgb4: Properly lock TX queue for the selftest. (John B. Wyatt IV) [RHEL-36530 RHEL-31990 RHEL-9354] [5.14.0-427.19.1_4] - x86/mce: Cleanup mce_usable_address() (Prarit Bhargava) [RHEL-33810 RHEL-25415] - x86/mce: Define amd_mce_usable_address() (Prarit Bhargava) [RHEL-33810 RHEL-25415] - x86/MCE/AMD: Split amd_mce_is_memory_error() (Prarit Bhargava) [RHEL-33810 RHEL-25415] - fs: sysfs: Fix reference leak in sysfs_break_active_protection() (Ewan D. Milne) [RHEL-35302 RHEL-35078] {CVE-2024-26993} MODERATE Copyright 2024 Oracle, Inc. CVE-2024-26735 CVE-2024-26993 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_patch Oracle Linux 8 [2.9.7-18.1] - Fix CVE-2024-25062 (RHEL-31056) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-25062 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/o:oracle:linux:8:10:baseos_patch cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 Oracle Linux 8 [1:9.0.87-1.el8_10.1] - Resolves: RHEL-38548 - Amend tomcat package's changelog so that fixed CVEs are mentioned explicitly - Resolves: RHEL-35813 - Rebase tomcat to version 9.0.87 - Resolves: RHEL-29255 tomcat: Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) - Resolves: RHEL-29250 tomcat: Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-23672 CVE-2024-24549 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [310.4-1.0.1] - Update documentation links [Orabug: 34706402] - Drop subscription-manager-cockpit requirement for ol [Orabug: 34681110] - Remove duplicate reference to server in cockpit [Orabug: 33862832] - Update documentation links [Orabug: 32795691] - Make documentation links point to Oracle Linux information [Orabug: 30271413] [Orabug: 32013095] - Fix rendering of hwinfo page on systems with some empty memory slots [Orabug: 32826970] [310.4-1] - sosreport: Fix command injection with crafted report names [CVE-2024-2947] (jira#RHEL-30452) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-2947 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/o:oracle:linux:8:10:baseos_patch cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 Oracle Linux 9 ruby [3.1.5-144] - Upgrade to Ruby 3.1.5. Resolves: RHEL-33978 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-34129 - Fix RCE vulnerability with .rdoc_options in RDoc. Resolves: RHEL-34121 - Fix arbitrary memory address read vulnerability with Regex search. Resolves: RHEL-33871 [3.1.4-143] - Upgrade to Ruby 3.1.4. Resolves: RHEL-5586 - Fix HTTP response splitting in CGI. Resolves: RHEL-5591 - Fix ReDos vulnerability in URI. Resolves: RHEL-28919 Resolves: RHEL-5612 - Fix ReDos vulnerability in Time. Resolves: RHEL-28920 - Make RDoc soft dependency in IRB. Resolves: RHEL-5613 [3.1.2-142] - Bypass git submodule test failure on Git >= 2.38.1. - Fix tests with Europe/Amsterdam pre-1970 time on tzdata version 2022b. - Fix for tzdata-2022g. - Fix OpenSSL.fips_mode and OpenSSL::PKey.read in OpenSSL 3 FIPS. Resolves: RHEL-5590 - ssl: use ffdhe2048 from RFC 7919 as the default DH group parameters Related: RHEL-5590 - Disable fiddle tests that use FFI closures. Related: RHEL-5590 [3.1.2-141] - Upgrade to Ruby 3.1.2 by merging Fedora Rawhide branch (commit: b7b5473). Resolves: rhbz#2063773 rubygem-mysql2 [0.5.4-1] - New upstream release 0.5.4 by merging Fedora rawhide branch (commit: e21b5b9) Resolves: rhbz#2063773 [0.5.3-1] - New upstream release 0.5.3 by merging Fedora master branch (commit: 674d475) Resolves: rhbz#1817135 rubygem-pg * Thu May 26 2022 Jarek Prokop - 1.3.5-1 - Update to pg 1.3.5 Related: rhbz#2063773 [1.2.3-1] - Update to pg 1.2.3 by merging Fedora master branch (commit: 5db4d26) Resolves: rhbz#1817135 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-27280 CVE-2024-27281 CVE-2024-27282 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 7 [458-10] - Fix CVE-2024-32487 - Resolves: RHEL-32802 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-32487 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ovs3 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ovs3 cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 ruby [3.3.1-2] - Upgrade to Ruby 3.3.1. Resolves: RHEL-37446 - Fix buffer overread vulnerability in StringIO. (CVE-2024-27280) Resolves: RHEL-37448 - Fix RCE vulnerability with .rdoc_options in RDoc. (CVE-2024-27281) Resolves: RHEL-37449 - Fix Arbitrary memory address read vulnerability with Regex search. (CVE-2024-27282) Resolves: RHEL-37447 rubygem-abrt rubygem-mysql2 [0.5.5-1] - Upgrade to mysql2 0.5.5. Related: RHEL-17090 rubygem-pg [1.5.4-1] - Upgrade to pg 1.5.4. Related: RHEL-17090 [1.3.2-1] - Update to pg 1.3.2 by merging Fedora rawhide branch (commit: 39bbd1b) Resolves: rhbz#2063772 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-27281 CVE-2024-27280 CVE-2024-27282 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 9 ruby [3.3.1-2] - Upgrade to Ruby 3.3.1. Resolves: RHEL-37697 - Fix buffer overread vulnerability in StringIO. (CVE-2024-27280) Resolves: RHEL-37699 - Fix RCE vulnerability with .rdoc_options in RDoc. (CVE-2024-27281) Resolves: RHEL-37696 - Fix Arbitrary memory address read vulnerability with Regex search. (CVE-2024-27282) Resolves: RHEL-37698 rubygem-mysql2 [0.5.5-1] - Upgrade to mysql2 0.5.5. Related: RHEL-17089 rubygem-pg [1.5.4-1] - Upgrade to pg 1.5.4. Related: RHEL-17089 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-27280 CVE-2024-27282 CVE-2024-27281 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 7 bind [32:9.11.4-26.P2.16] - Prevent increased CPU consumption in DNSSEC validator (CVE-2023-50387 CVE-2023-50868) - Add missing design by contract tests to dns_catz* - Speed up parsing of DNS messages with many different names (CVE-2023-4408) - Do not use header_prev in expire_lru_headers bind-dyndb-ldap [11.1-7.1] - Rebuild required for BIND changes for KeyTrap change (CVE-2023-50387) dhcp [12:4.2.5-83.0.3.2] - Update bug reporting URL [Orabug: 35496820] - Direct users to Oracle Linux support site. [12:4.2.5-83.2] - Rebuild because of bind ABI changes related to CVE-2023-50387 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-4408 CVE-2023-50868 CVE-2023-50387 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ol7 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ol7 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ovs3 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ol7 cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ovs3 cpe:/a:oracle:linux:7:9:patch Oracle Linux 9 [4.11.0-15.0.1] - Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674] - Add bind to ipa-server-common Requires [Orabug: 36518596] [4.11.0-15] - Resolves: RHEL-32231 CVE-2024-3183 ipa: freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force - Resolves: RHEL-31409 CVE-2024-2698 ipa: freeipa: delegation rules allow a proxy service to impersonate any user to access another target service IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-3183 CVE-2024-2698 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 8 bind-dyndb-ldap custodia ipa [4.9.13-10.0.1] - Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674] [4.9.13-10] - kdb: apply combinatorial logic for ticket flags (CVE-2024-3183) Resolves: RHEL-29927 - kdb: fix vulnerability in GCD rules handling (CVE-2024-2698) Resolves: RHEL-29692 ipa-healthcheck opendnssec python-jwcrypto python-kdcproxy python-qrcode python-yubico pyusb slapi-nis softhsm IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-3183 CVE-2024-2698 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [4.6.8-5.0.1.el7_9.17] - Blank out header-logo.png product-name.png - Replace login-screen-logo.png [Orabug: 20362818] [4.6.8-5.el7_9.17] - Resolves: RHEL-29926 ipa: user can obtain a hash of the passwords of all domain users and perform offline brute force IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-3183 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [115.11.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding OpenELA file [115.11.0-1] - Update to 115.11.0 build1 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-4768 CVE-2024-4777 CVE-2024-4367 CVE-2024-4769 CVE-2024-4770 CVE-2024-4767 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [115.11.0-1.0.1] - Add Oracle prefs file [115.11.0-1] - Update to 115.11.0 build2 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-4770 CVE-2024-4767 CVE-2024-4768 CVE-2024-4769 CVE-2024-4777 CVE-2024-4367 cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [4.10.0-62.3] - bundled jinja2: fix CVE-2024-34064 Resolves: RHEL-36482 [4.10.0-62.2] - fence_eps: add fence_epsr2 for ePowerSwitch R2 and newer Resolves: RHEL-35273 [4.10.0-62.1] - ha-cloud-support: upgrade bundled pyroute2 libs to fix issue in gcp-vpc-move-route's stop-action Resolves: RHEL-29668 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-34064 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::distro_builder cpe:/a:oracle:linux:9:4:appstream_patch cpe:/a:oracle:linux:9::addons Oracle Linux 9 [2024.3-3] - Backport https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6 Resolves: #RHEL-31852 [2024.3-2] - Backport https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6 Resolves: #RHEL-31852 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-2905 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [4.9.4-4.0.1] - Improved saving remote build context to tarfile in Podman daemon [Orabug: 36495655] - Add devices on container startup, not on creation - Backport fast gzip for compression [Orabug: 36420418] - overlay: Put should ignore ENINVAL for Unmount [Orabug: 36234694] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404] [4:4.9.4-4] - update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/4afc71a) - Resolves: RHEL-28735 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-28176 CVE-2024-28180 CVE-2023-45290 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [1.33.7-2.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178] [2:1.33.7-2] - update to the latest content of https://github.com/containers/buildah/tree/release-1.33 (https://github.com/containers/buildah/commit/997beea) - Resolves: RHEL-28731 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-45290 CVE-2024-28180 CVE-2024-28176 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [6:0.7.3-3] - rebuild for CVE-2023-45290 - Resolves: RHEL-28388 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-45290 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [1:1.4.0-3] - rebuild for CVE-2023-45290 - Resolves: RHEL-28384 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-45290 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [2.42.6-4] - Backport fixes for CVE-2022-48622 - Resolves: RHEL-36432 MODERATE Copyright 2024 Oracle, Inc. CVE-2022-48622 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [7.1.8.1-12.0.1] - Replace colors with Oracle colors [Orabug: 32120093] - Added the --with-hamcrest option to configure. [7.1.8.1] - Remove Red Hat branding - Change vendor to RESF [1:7.1.8.1-12] - Fix CVE-2023-6185 escape url passed to gstreamer - Fix CVE-2023-6186 check link target protocols [1:7.1.8.1-11] - Resolves: rhbz#2210193 CVE-2023-0950 Array Index UnderFlow in Calc Formula Parsing - Resolves: rhbz#2210197 CVE-2023-2255 libreoffice: Remote documents loaded without prompt via IFrame - Resolves: rhbz#2208510 CVE-2023-1183 libreoffice: Arbitrary File Write [1:7.1.8.1-10] - Fix erroneous libreoffice-ure dependencies [1:7.1.8.1-9] - Resolves: rhbz#2182392 CVE-2022-38745 [1:7.1.8.1-8] - Resolves: rhbz#2134759 Untrusted Macros - Resolves: rhbz#2134757 Weak Master Keys - Resolves: rhbz#2134755 Static Initialization Vector - Resolves: rhbz#2134761 Macro URL arbitrary script execution IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-6185 CVE-2023-6186 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [2.4.5-8] - Bump version to 2.4.5-8 - Fix License tag [2.4.5-7] - Bump version to 2.4.5-7 - Resolves: RHEL-34819 - redhat-ds:11/389-ds-base: Malformed userPassword may cause crash at do_modify in slapd/modify.c - Resolves: RHEL-34825 - redhat-ds:11/389-ds-base: potential denial of service via specially crafted kerberos AS-REQ requ IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-3657 CVE-2024-2199 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [3.0.7-162] - Upgrade to Ruby 3.0.7. Resolves: RHEL-35740 - Fix HTTP response splitting in CGI. Resolves: RHEL-35741 - Fix ReDoS vulnerability in URI. Resolves: RHEL-35742 - Fix ReDoS vulnerability in Time. Resolves: RHEL-35743 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-35744 - Fix RCE vulnerability with .rdoc_options in RDoc. Resolves: RHEL-35746 - Fix arbitrary memory address read vulnerability with Regex search. Resolves: RHEL-35747 [3.0.4-161] - Fix OpenSSL.fips_mode and OpenSSL::PKey.read in OpenSSL 3 FIPS. Resolves: RHEL-12724 - ssl: use ffdhe2048 from RFC 7919 as the default DH group parameters Related: RHEL-12724 [3.0.4-160] - Bypass git submodule test failure on Git >= 2.38.1. - Fix tests with Europe/Amsterdam pre-1970 time on tzdata version 2022b. - Fix for tzdata-2022g. - Fix File.utime test. [3.0.4-160] - Upgrade to Ruby 3.0.4. Resolves: rhbz#2096347 - OpenSSL test suite fixes due to disabled SHA1. Resolves: rbhz#2107696 - Fix double free in Regexp compilation. Resolves: CVE-2022-28738 - Fix buffer overrun in String-to-Float conversion. Resolves: CVE-2022-28739 MODERATE Copyright 2024 Oracle, Inc. CVE-2021-33621 CVE-2024-27281 CVE-2023-28756 CVE-2024-27282 CVE-2024-27280 CVE-2023-28755 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [1.19.1-2] - Resolves: RHEL-26529 - Out of bounds read in ares__read_line() [rhel-9] LOW Copyright 2024 Oracle, Inc. CVE-2024-25629 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [311.2-1.0.1] - Replaced upstream urls in documentation with oracle links [Orabug: 36528753] - Drop subscription-manager-cockpit requirement for ol [Orabug: 34681110] - Remove duplicate reference to server in cockpit [Orabug: 34030494] - Update documentation links [Orabug: 30271413], [Orabug: 32013095], [Orabug: 32795691], [Orabug: 34398512], [Orabug: 34742876] - Update spec file for new release [311.2] - Remove recommends on subscription-manager-cockpit if applicable [311.2-1] - sosreport: Fix command injection with crafted report names [CVE-2024-2947] (jira#RHEL-31074) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-2947 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [2.10-7.0.1.1] - Rebuild with release bump [2.10-7.1] - Security fix for CVE-2024-3651 Resolves: RHEL-33464 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-3651 cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 7 [115.12.0-1.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [115.12.0-1] - Update to 115.12.0 build1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-5688 CVE-2024-5690 CVE-2024-5696 CVE-2024-5691 CVE-2024-5700 CVE-2024-5693 CVE-2024-5702 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [115.12.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding OpenELA file [115.12.0-1] - Update to 115.12.0 build1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-5691 CVE-2024-5700 CVE-2024-5702 CVE-2024-5693 CVE-2024-5690 CVE-2024-5696 CVE-2024-5688 cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [115.12.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [115.12.0-1] - Update to 115.12.0 build1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-5700 CVE-2024-5702 CVE-2024-5688 CVE-2024-5691 CVE-2024-5693 CVE-2024-5696 CVE-2024-5690 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [1.12.9-1] - Update to 1.12.9 (CVE-2024-32462) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-32462 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 8 [1.12.9-1] - Update to 1.12.9 (CVE-2024-32462) [1.12.8-1] - Rebase to 1.12.8 (RHEL-4220) [1.10.8-3] - Let flatpak own %{_sysconfdir}/flatpak (RHEL-15822) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-32462 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 aardvark-dns [2:1.10.0-1] - update to https://github.com/containers/aardvark-dns/releases/tag/v1.10.0 - Related: Jira:RHEL-2110 [2:1.9.0-1] - update to https://github.com/containers/aardvark-dns/releases/tag/v1.9.0 - Related: Jira:RHEL-2110 [2:1.8.0-1] - update to https://github.com/containers/aardvark-dns/releases/tag/v1.8.0 - Related: Jira:RHEL-2110 buildah [2:1.33.7-2] - update to the latest content of https://github.com/containers/buildah/tree/release-1.33 (https://github.com/containers/buildah/commit/997beea) - Resolves: RHEL-28725 cockpit-podman [84.1-1] - update to https://github.com/cockpit-project/cockpit-podman/releases/tag/84.1 - Related: Jira:RHEL-25557 [84-1] - update to https://github.com/cockpit-project/cockpit-podman/releases/tag/84 - Related: Jira:RHEL-2110 [83-1] - update to https://github.com/cockpit-project/cockpit-podman/releases/tag/83 - Related: Jira:RHEL-2110 [82-1] - update to https://github.com/cockpit-project/cockpit-podman/releases/tag/82 - Related: Jira:RHEL-2110 [81-1] - update to https://github.com/cockpit-project/cockpit-podman/releases/tag/81 - Related: Jira:RHEL-2110 [80-1] - update to https://github.com/cockpit-project/cockpit-podman/releases/tag/80 - Related: Jira:RHEL-2110 [79-1] - update to https://github.com/cockpit-project/cockpit-podman/releases/tag/79 - Related: Jira:RHEL-2110 [78-1] - update to https://github.com/cockpit-project/cockpit-podman/releases/tag/78 - Related: Jira:RHEL-2110 [77-1] - update to https://github.com/cockpit-project/cockpit-podman/releases/tag/77 - Related: Jira:RHEL-2110 [75-1] - update to https://github.com/cockpit-project/cockpit-podman/releases/tag/75 - Related: #2176055 conmon [3:2.1.10-1] - update to https://github.com/containers/conmon/releases/tag/v2.1.10 - Related: Jira:RHEL-2110 [3:2.1.8-1] - update to https://github.com/containers/conmon/releases/tag/v2.1.8 - Related: #2176055 containernetworking-plugins [1:1.4.0-2] - rebuild - Resolves: RHEL-18390 [1:1.4.0-1] - update to https://github.com/containernetworking/plugins/releases/tag/v1.4.0 - Related: Jira:RHEL-2110 containers-common [2:1-81.0.1] - Updated removed references [Orabug: 33473101] (Alex Burmashev) - Adjust registries.conf (Nikita Gerasimov) - remove references to RedHat registry (Nikita Gerasimov) [2:1-81] - Update shortnames from Pyxis - Related: Jira:RHEL-2110 [2:1-80] - bump release to preserve upgrade path - Resolves: Jira:RHEL-12277 container-selinux [2:2.229.0-2] - remove watch statements properly for RHEL8 and lower - Related: Jira:RHEL-2110 [2:2.229.0-1] - update to https://github.com/containers/container-selinux/releases/tag/v2.229.0 - Related: Jira:RHEL-2110 [2:2.228.1-1] - update to https://github.com/containers/container-selinux/releases/tag/v2.228.1 - Related: Jira:RHEL-2110 [2:2.228.0-1] - update to https://github.com/containers/container-selinux/releases/tag/v2.228.0 - Related: Jira:RHEL-2110 [2:2.227.0-1] - update to https://github.com/containers/container-selinux/releases/tag/v2.227.0 - Related: Jira:RHEL-2110 [2:2.226.0-1] - update to https://github.com/containers/container-selinux/releases/tag/v2.226.0 - remove dependency on policycoreutils-python-utils as it pulls in python - Related: Jira:RHEL-2110 [2:2.224.0-1] - update to https://github.com/containers/container-selinux/releases/tag/v2.224.0 - Related: Jira:RHEL-2110 [2:2.222.0-1] - update to https://github.com/containers/container-selinux/releases/tag/v2.222.0 - Related: Jira:RHEL-2110 criu [3.18-5] - rebuild to preserve upgrade path - Related: RHEL-32671 [3.18-4] - switch to egg-info on 8.9 - Related: #2176055 [3.18-3] - remove --progress-bar option - Related: #2176055 [3.18-2] - update to 3.18 - Related: #2176055 [3.17-1] - update to 3.17 - Resolves: #2175794 crun [1.14.3-2] - remove BR libgcrypt-devel, no longer needed - Related: Jira:RHEL-2110 [1.14.3-1] - update to https://github.com/containers/crun/releases/tag/1.14.3 - Related: Jira:RHEL-2110 [1.14.1-1] - update to https://github.com/containers/crun/releases/tag/1.14.1 - Related: Jira:RHEL-2110 [1.14-1] - update to https://github.com/containers/crun/releases/tag/1.14 - Related: Jira:RHEL-2110 [1.13-1] - update to https://github.com/containers/crun/releases/tag/1.13 - Related: Jira:RHEL-2110 [1.12-1] - update to https://github.com/containers/crun/releases/tag/1.12 - Related: Jira:RHEL-2110 [1.11.2-1] - update to https://github.com/containers/crun/releases/tag/1.11.2 - Related: Jira:RHEL-2110 [1.11.1-1] - update to https://github.com/containers/crun/releases/tag/1.11.1 - Related: Jira:RHEL-2110 [1.11-1] - update to https://github.com/containers/crun/releases/tag/1.11 - Related: Jira:RHEL-2110 [1.9.2-1] - update to https://github.com/containers/crun/releases/tag/1.9.2 - Related: Jira:RHEL-2110 [1.9.1-1] - update to https://github.com/containers/crun/releases/tag/1.9.1 - Related: Jira:RHEL-2110 [1.9-1] - update to https://github.com/containers/crun/releases/tag/1.9 - Related: Jira:RHEL-2110 fuse-overlayfs [1.13-1] - update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.13 - Related: Jira:RHEL-2110 libslirp [4.4.0-2] - rebuild to preserve upgrade path 8.9 -> 8.10 - Related: RHEL-32671 netavark [2:1.10.3-1] - update to https://github.com/containers/netavark/releases/tag/v1.10.3 - Related: Jira:RHEL-2110 [2:1.10.2-1] - update to https://github.com/containers/netavark/releases/tag/v1.10.2 - Related: Jira:RHEL-2110 [2:1.10.1-1] - update to https://github.com/containers/netavark/releases/tag/v1.10.1 - Related: Jira:RHEL-2110 [2:1.10.0-1] - update to https://github.com/containers/netavark/releases/tag/v1.10.0 - Related: Jira:RHEL-2110 [2:1.9.0-1] - update to https://github.com/containers/netavark/releases/tag/v1.9.0 - Related: Jira:RHEL-2110 [2:1.8.0-2] - fix directory for systemd units - Related: Jira:RHEL-2110 [2:1.8.0-1] - update to https://github.com/containers/netavark/releases/tag/v1.8.0 - Related: Jira:RHEL-2110 oci-seccomp-bpf-hook [1.2.10-1] - update to https://github.com/containers/oci-seccomp-bpf-hook/releases/tag/v1.2.10 - Related: Jira:RHEL-2110 podman [4:4.9.4-3.0.1] - Add devices on container startup, not on creation [4:4.9.4-3] - BR: /usr/bin/man - Related: RHEL-28727 [4:4.9.4-2] - update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/6464b2c) - Resolves: RHEL-28727 python-podman [4.9.0-1] - update to https://github.com/containers/podman-py/releases/tag/v4.9.0 - Related: Jira:RHEL-2110 [4.8.2-1] - update to https://github.com/containers/podman-py/releases/tag/v4.8.2 - Related: Jira:RHEL-2110 [4.8.0.post1-1] - update to https://github.com/containers/podman-py/releases/tag/v4.8.0.post1 - Related: Jira:RHEL-2110 [4.7.0-1] - update to https://github.com/containers/podman-py/releases/tag/v4.7.0 - Related: Jira:RHEL-2110 runc skopeo [2:1.14.3-2] - update to the latest content of https://github.com/containers/skopeo/tree/release-1.14 (https://github.com/containers/skopeo/commit/5f2b9af) - Resolves: RHEL-28728 [2:1.14.3-1] - update to the latest content of https://github.com/containers/skopeo/tree/release-1.14 (https://github.com/containers/skopeo/commit/4a2bc3a) - Resolves: RHEL-28226 slirp4netns [1.2.3-1] - update to https://github.com/rootless-containers/slirp4netns/releases/tag/v1.2.3 - Related: Jira:RHEL-2110 [1.2.2-1] - update to https://github.com/rootless-containers/slirp4netns/releases/tag/v1.2.2 - Related: Jira:RHEL-2110 udica [0.2.6-21] - bump release to preserve update path - Resolves: RHEL-32671 [0.2.6-20] - bump release to preserve update path - Related: #2139052 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-28180 CVE-2024-28176 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 Oracle Linux 7 [1.0.9-13] - Fix CVE-2024-32462 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-32462 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 9 [9.54.0-16] - RHEL-39110 fix regression discovered in OPVP device [9.54.0-15] - RHEL-39110 CVE-2024-33871 ghostscript: OPVP device arbitrary code execution via custom Driver library IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-33871 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 8 [9.27-13] - CVE-2024-33871 ghostscript: OPVP device arbitrary code execution via custom Driver library IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-33871 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 9 [115.12.1-1.0.1] - Add Oracle prefs [115.12.1] - Add OpenELA debranding [115.12.1-1] - Update to 115.12.1 build1 [115.12.0-2] - Update to 115.12.0 build2 [115.12.0-1] - Update to 115.12.0 build1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-5696 CVE-2024-5700 CVE-2024-5702 CVE-2024-5691 CVE-2024-5693 CVE-2024-5690 CVE-2024-5688 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 7 [115.12.1-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [115.12.1-1] - Update to 115.12.1 build1 [115.12.0-2] - Update to 115.12.0 build2 [115.12.0-1] - Update to 115.12.0 build1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-5688 CVE-2024-5690 CVE-2024-5691 CVE-2024-5700 CVE-2024-5702 CVE-2024-5696 CVE-2024-5693 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [115.12.1-1.0.1] - Add Oracle prefs file [115.12.1] - Add OpenELA debranding [115.12.1-1] - Update to 115.12.1 build1 [115.12.0-2] - Update to 115.12.0 build2 [115.12.0-1] - Update to 115.12.0 build1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-5690 CVE-2024-5691 CVE-2024-5688 CVE-2024-5696 CVE-2024-5700 CVE-2024-5702 CVE-2024-5693 cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [4.12-2.0.1.1] - Add libreswan-oracle.patch to detect Oracle Linux distro [4.12-2.1] - Fix CVE-2024-3652 (RHEL-40102) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-3652 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 8 [3.11.9-1.0.1] - Update rpm-macros description [Orabug: 36024572] [3.11.9-1] - Rebase to 3.11.9 - Security fixes for CVE-2023-6597 and CVE-2024-0450 - Fix expat tests for the latest expat security release Resolves: RHEL-33672, RHEL-33684 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-0450 CVE-2023-6597 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 9 [3.11.7-1.1] - Security fix for CVE-2023-6597 - Fix tests for XMLPullParser with Expat with fixed CVE Resolves: RHEL-33884 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-6597 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [3.9.18-3.1] - Security fixes for CVE-2023-6597 and CVE-2024-0450 - Fix tests for XMLPullParser with Expat with fixed CVE Resolves: RHEL-33887, RHEL-34287 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-0450 CVE-2023-6597 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_patch Oracle Linux 9 [2.43.5-1] - Update to 2.43.5 - Related: RHEL-36402, RHEL-36414 [2.43.4-1] - Update to 2.43.4 - Resolves: RHEL-36402, RHEL-36414 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-32002 CVE-2024-32020 CVE-2024-32465 CVE-2024-32004 CVE-2024-32021 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 8 [2.43.5-1] - Update to 2.43.5 - Related: RHEL-36399, RHEL-36411 [2.43.4-1] - Update to 2.43.4 - Resolves: RHEL-36399, RHEL-36411 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-32465 CVE-2024-32021 CVE-2024-32020 CVE-2024-32002 CVE-2024-32004 cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [11.5.0-2.0.1] - Replaced upstream graphical references [Orabug: 33952704] [11.5.0-2] - RHEL-9916 CVE-2023-4727 pki-core: dogtag ca: token authentication bypass vulnerability IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-4727 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 8 httpd [2.4.37-65.0.1] - Replace index.html with Oracle's index page oracle_index.html [2.4.37-65] - Resolves: RHEL-31857 - httpd:2.4/httpd: HTTP response splitting (CVE-2023-38709) mod_http2 mod_md MODERATE Copyright 2024 Oracle, Inc. CVE-2023-38709 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 8 - [4.18.0-553.8.1_10.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652] - Drop not needed patch [4.18.0-553.8.1_10] - udf: Fix NULL pointer dereference in udf_symlink function (Pavel Reichl) [RHEL-37769] {CVE-2021-47353} - net: ti: fix UAF in tlan_remove_one (Jose Ignacio Tornos Martinez) [RHEL-38940] {CVE-2021-47310} - ARM: footbridge: fix PCI interrupt mapping (Myron Stowe) [RHEL-26971] {CVE-2021-46909} - i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (Kamal Heib) [RHEL-37454] {CVE-2024-36004} - net/mlx5e: Fix mlx5e_priv_init() cleanup flow (Kamal Heib) [RHEL-37424] {CVE-2024-35959} - net/mlx5: Properly link new fs rules into the tree (Kamal Heib) [RHEL-37420] {CVE-2024-35960} - net/mlx5e: fix a potential double-free in fs_any_create_groups (Kamal Heib) [RHEL-37091] {CVE-2023-52667} - net: ena: Fix incorrect descriptor free behavior (Kamal Heib) [RHEL-37428] {CVE-2024-35958} - mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (Jose Ignacio Tornos Martinez) [RHEL-37763] {CVE-2021-47356} - mISDN: fix possible use-after-free in HFC_cleanup() (Jose Ignacio Tornos Martinez) [RHEL-37763] {CVE-2021-47356} - crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak (Vladis Dronov) [RHEL-35106] {CVE-2024-26974} - crypto: qat - implement dh fallback for primes > 4K (Vladis Dronov) [RHEL-35106] - crypto: qat - avoid division by zero (Vladis Dronov) [RHEL-35106] - crypto: qat - resolve race condition during AER recovery (Vladis Dronov) [RHEL-35106] {CVE-2024-26974} - crypto: qat - use kcalloc_node() instead of kzalloc_node() (Vladis Dronov) [RHEL-35106] - [rt] Enable CONFIG_DRM_MGAG200_DISABLE_WRITECOMBINE (Jocelyn Falempe) [RHEL-36172] - drm/mgag200: Add an option to disable Write-Combine (Jocelyn Falempe) [RHEL-36172] - drm/mgag200: Fix caching setup for remapped video memory (Jocelyn Falempe) [RHEL-36172] - Revert 'drm/mgag200: Add a workaround for low-latency' (Jocelyn Falempe) [RHEL-36172] - mptcp: fix data re-injection from stale subflow (Davide Caratti) [RHEL-33133] {CVE-2024-26826} - ipv6: sr: fix incorrect unregister order (Hangbin Liu) [RHEL-31730] - ipv6: sr: fix possible use-after-free and null-ptr-deref (Hangbin Liu) [RHEL-31730] {CVE-2024-26735} - net/bnx2x: Prevent access to a freed page in page_pool (Michal Schmidt) [RHEL-14195 RHEL-33243] {CVE-2024-26859} - bnx2x: new flag for track HW resource allocation (Michal Schmidt) [RHEL-14195 RHEL-33243] - bnx2x: fix page fault following EEH recovery (Michal Schmidt) [RHEL-14195 RHEL-33243] - x86: KVM: SVM: always update the x2avic msr interception (Maxim Levitsky) [RHEL-15495] {CVE-2023-5090} - EDAC/thunderx: Fix possible out-of-bounds string access (Aristeu Rozanski) [RHEL-26573] {CVE-2023-52464} [4.18.0-553.7.1_10] - net: qcom/emac: fix UAF in emac_remove (Ken Cox) [RHEL-37834] {CVE-2021-47311} - perf/core: Bail out early if the request AUX area is out of bound (Michael Petlan) [RHEL-38268] {CVE-2023-52835} - crypto: pcrypt - Fix hungtask for PADATA_RESET (Herbert Xu) [RHEL-38171] {CVE-2023-52813} - drm/amdgpu: fix use-after-free bug (Jocelyn Falempe) [RHEL-31240] {CVE-2024-26656} - mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash (Ivan Vecera) [RHEL-37008] {CVE-2024-35854} - mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update (Ivan Vecera) [RHEL-37004] {CVE-2024-35855} - mlxsw: spectrum_acl_tcam: Fix memory leak during rehash (Ivan Vecera) [RHEL-37012] {CVE-2024-35853} - mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work (Ivan Vecera) [RHEL-37016] {CVE-2024-35852} - mlxsw: spectrum_acl_tcam: Fix warning during rehash (Ivan Vecera) [RHEL-37480] {CVE-2024-36007} - can: peak_pci: peak_pci_remove(): fix UAF (Jose Ignacio Tornos Martinez) [RHEL-38419] {CVE-2021-47456} - usbnet: fix error return code in usbnet_probe() (Jose Ignacio Tornos Martinez) [RHEL-38440] {CVE-2021-47495} - usbnet: sanity check for maxpacket (Jose Ignacio Tornos Martinez) [RHEL-38440] {CVE-2021-47495} - net/mlx5e: fix a double-free in arfs_create_groups (Kamal Heib) [RHEL-36920] {CVE-2024-35835} - can: dev: can_put_echo_skb(): don't crash kernel if can_priv::echo_skb is accessed out of bounds (Jose Ignacio Tornos Martinez) [RHEL-38220] {CVE-2023-52878} - net: cdc_eem: fix tx fixup skb leak (Jose Ignacio Tornos Martinez) [RHEL-38080] {CVE-2021-47236} - net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path (Jose Ignacio Tornos Martinez) [RHEL-38113] {CVE-2023-52703} - usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() (Desnes Nunes) [RHEL-38248] {CVE-2023-52877} - usb: config: fix iteration issue in 'usb_get_bos_descriptor()' (Desnes Nunes) [RHEL-38240] {CVE-2023-52781} - gro: fix ownership transfer (Xin Long) [RHEL-37226] {CVE-2024-35890} - tipc: fix kernel warning when sending SYN message (Xin Long) [RHEL-38109] {CVE-2023-52700} - erspan: make sure erspan_base_hdr is present in skb->head (Xin Long) [RHEL-37230] {CVE-2024-35888} - scsi: mpi3mr: Use proper format specifier in mpi3mr_sas_port_add() (Bryan Gurney) [RHEL-17366] - scsi: mpi3mr: Sanitise num_phys (Bryan Gurney) [RHEL-17366] - netfilter: nf_tables: use timestamp to check for set element timeout (Phil Sutter) [RHEL-38023] {CVE-2024-27397} - net/ipv6: SKB symmetric hash should incorporate transport ports (Sabrina Dubroca) [RHEL-32061] - crypto: s390/aes - Fix buffer overread in CTR mode (Herbert Xu) [RHEL-37089] {CVE-2023-52669} - net: Save and restore msg_namelen in sock_sendmsg (Jamie Bainbridge) [RHEL-35893] - net: prevent address rewrite in kernel_bind() (Jamie Bainbridge) [RHEL-35893] - net: prevent rewrite of msg_name in sock_sendmsg() (Jamie Bainbridge) [RHEL-35893] - net: replace calls to sock->ops->connect() with kernel_connect() (Jamie Bainbridge) [RHEL-35893] - net: Avoid address overwrite in kernel_connect (Jamie Bainbridge) [RHEL-35893] - wifi: iwlwifi: dbg-tlv: ensure NUL termination (Jose Ignacio Tornos Martinez) [RHEL-37026] {CVE-2024-35845} - wifi: mac80211: fix potential sta-link leak (Jose Ignacio Tornos Martinez) [RHEL-36916] {CVE-2024-35838} - wifi: nl80211: reject iftype change with mesh ID change (Jose Ignacio Tornos Martinez) [RHEL-36884] {CVE-2024-27410} - wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes (Jose Ignacio Tornos Martinez) [RHEL-36807] {CVE-2024-35789} - Bluetooth: Avoid potential use-after-free in hci_error_reset (David Marlin) [RHEL-31826] {CVE-2024-26801} - tls: disable async encrypt/decrypt (Sabrina Dubroca) [RHEL-26362 RHEL-26409 RHEL-26420] {CVE-2024-26584 CVE-2024-26583 CVE-2024-26585} - Squashfs: check the inode number is not the invalid value of zero (Phillip Lougher) [RHEL-35096] {CVE-2024-26982} - ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry (Rafael Aquini) [RHEL-27782] {CVE-2021-47069} - ipc/msg.c: update and document memory barriers (Rafael Aquini) [RHEL-27782] {CVE-2021-47069} - ipc/sem.c: document and update memory barriers (Rafael Aquini) [RHEL-27782] {CVE-2021-47069} - ipc/mqueue.c: update/document memory barriers (Rafael Aquini) [RHEL-27782] {CVE-2021-47069} - ipc/mqueue.c: remove duplicated code (Rafael Aquini) [RHEL-27782] {CVE-2021-47069} - net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context (Kamal Heib) [RHEL-30582] {CVE-2023-52626} - Revert 'ACPI: bus: Rework system-level device notification handling' (Prarit Bhargava) [RHEL-21486] - hwrng: core - Fix page fault dead lock on mmap-ed hwrng (Prarit Bhargava) [RHEL-29485] {CVE-2023-52615} [4.18.0-553.6.1_10] - powerpc/powernv: Add a null pointer check in opal_event_init() (Mamatha Inamdar) [RHEL-37058] {CVE-2023-52686} - crypto: rsa - add a check for allocation failure (Vladis Dronov) [RHEL-35361] - crypto: rsa - allow only odd e and restrict value in FIPS mode (Vladis Dronov) [RHEL-35361] - KEYS: use kfree_sensitive with key (Vladis Dronov) [RHEL-35361] - lib/mpi: Extend the MPI library (only mpi_*_bit() part) (Vladis Dronov) [RHEL-35361] - net: ip_tunnel: prevent perpetual headroom growth (Felix Maurer) [RHEL-31814] {CVE-2024-26804} - s390/cpum_cf: make crypto counters upward compatible across machine types (Tobias Huschle) [RHEL-36048] - RDMA/mlx5: Fix fortify source warning while accessing Eth segment (Kamal Heib) [RHEL-33162] {CVE-2024-26907} - ovl: fix leaked dentry (Miklos Szeredi) [RHEL-27306] {CVE-2021-46972} - x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() (Rafael Aquini) [RHEL-33166] {CVE-2024-26906} - x86/mm: Move is_vsyscall_vaddr() into asm/vsyscall.h (Rafael Aquini) [RHEL-33166] {CVE-2024-26906} - x86/mm/vsyscall: Consider vsyscall page part of user address space (Rafael Aquini) [RHEL-33166] {CVE-2024-26906} - x86/mm: Add vsyscall address helper (Rafael Aquini) [RHEL-33166] {CVE-2024-26906} - mm/swap: fix race when skipping swapcache (Rafael Aquini) [RHEL-31644] {CVE-2024-26759} - swap: fix do_swap_page() race with swapoff (Rafael Aquini) [RHEL-31644] {CVE-2024-26759} - mm/swapfile: use percpu_ref to serialize against concurrent swapoff (Rafael Aquini) [RHEL-31644] {CVE-2024-26759} - mm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions() (Rafael Aquini) [RHEL-29294] {CVE-2023-52560} - ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr (Jiri Benc) [RHEL-29783] - block: null_blk: Fix handling of fake timeout request (Ming Lei) [RHEL-8130] - null_blk: fix poll request timeout handling (Ming Lei) [RHEL-8130] - block: null_blk: end timed out poll request (Ming Lei) [RHEL-8130] - block: null_blk: only set set->nr_maps as 3 if active poll_queues is > 0 (Ming Lei) [RHEL-8130] - null_blk: allow zero poll queues (Ming Lei) [RHEL-8130] - null_blk: Fix handling of submit_queues and poll_queues attributes (Ming Lei) [RHEL-8130] - null_blk: poll queue support (Ming Lei) [RHEL-8130] - null_blk: fix command timeout completion handling (Ming Lei) [RHEL-8130] - platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (Prarit Bhargava) [RHEL-27790] {CVE-2021-47073} - Bluetooth: avoid memcmp() out of bounds warning (David Marlin) [RHEL-3017] {CVE-2020-26555} - Bluetooth: hci_event: Fix coding style (David Marlin) [RHEL-3017] {CVE-2020-26555} - Bluetooth: hci_event: Fix using memcmp when comparing keys (David Marlin) [RHEL-3017] {CVE-2020-26555} - Bluetooth: Reject connection with the device which has same BD_ADDR (David Marlin) [RHEL-3017] {CVE-2020-26555} - Bluetooth: hci_event: Ignore NULL link key (David Marlin) [RHEL-3017] {CVE-2020-26555} - ppp_async: limit MRU to 64K (Guillaume Nault) [RHEL-31353] {CVE-2024-26675} - powerpc/imc-pmu: Add a null pointer check in update_events_in_group() (Mamatha Inamdar) [RHEL-37078] {CVE-2023-52675} - tcp: do not accept ACK of bytes we never sent (Xin Long) [RHEL-21952] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-52877 CVE-2023-52881 CVE-2024-26585 CVE-2024-26675 CVE-2024-26907 CVE-2024-26982 CVE-2024-35845 CVE-2024-36007 CVE-2024-36004 CVE-2021-47495 CVE-2023-52675 CVE-2024-35853 CVE-2024-35855 CVE-2021-47236 CVE-2023-5090 CVE-2023-52560 CVE-2023-52667 CVE-2023-52813 CVE-2021-47073 CVE-2024-35835 CVE-2024-35838 CVE-2020-26555 CVE-2024-26826 CVE-2024-26906 CVE-2024-35789 CVE-2024-35888 CVE-2021-47353 CVE-2023-52878 CVE-2024-26801 CVE-2024-26735 CVE-2024-26859 CVE-2024-27410 CVE-2024-35854 CVE-2023-52835 CVE-2024-26804 CVE-2024-27397 CVE-2024-35890 CVE-2024-35958 CVE-2023-52686 CVE-2023-52703 CVE-2024-26759 CVE-2021-47356 CVE-2023-52464 CVE-2024-35959 CVE-2024-35960 CVE-2021-46909 CVE-2023-52626 CVE-2024-35852 CVE-2021-47310 CVE-2021-46972 CVE-2021-47069 CVE-2021-47311 CVE-2023-52615 CVE-2024-26584 CVE-2023-52669 CVE-2023-52700 CVE-2023-52781 CVE-2021-47456 CVE-2024-26583 CVE-2024-26656 CVE-2024-26974 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/o:oracle:linux:8:10:baseos_patch cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 9 [1.21.11-1] - Update to Go 1.21.11 that fixes CVE-2024-24789 and CVE-2024-24790 - Resolves: RHEL-40275 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-24789 CVE-2024-24790 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 7 [10.5.18-32] - ########################################################################## - # RHEL 7.9 (Async Security Update CY24Q2.4): - ########################################################################## - Updated nspr-devel and nss-devel build requirements as well as nss and nss-tools runtime requirements (mharmsen) - Updated jss dependencies (mharmsen) - Added git build dependency (mharmsen) - Additional trivial fix (jmagne) - RHEL-9917 - EMBARGOED CVE-2023-4727 pki-core: dogtag ca: token authentication bypass vulnerability [rhel-7.9.z] (jmagne) - RHEL-24339 - pki-core - PrettyPrintCert does not properly translate AIA information into a readable format [RHEL 7.9.z] (mfargett) - RHEL-26881 - Fix additional OID mappings [RHEL 7.9.z] (mfargett) - ########################################################################## - # RHCS 9.7 (Async Security Update CY24Q2.4): - ########################################################################## - Bug 2047831 - Coolkey Hardcoded RSA Max Key Size [RHCS 9.7.z] (jmagne) - Bug 2121463 - Add Secure Channel Support for AES-256 Keys [RHCS 9.7.z] (jmagne) - Bug 2177785 - TPS missing Host header field in HTTP/1.1 request message [RHCS 9.7.z] (mfargett) - Bug 2180920 - add AES support for TMS server-side keygen on latest HSM / FIPS environment [RHCS 9.7.z] (jmagne) - Bug 2233158 - Make key wrapping algorithm configurable between AES-KWP and AES-CBC [RHCS 9.7.z] (jmagne) - Bug 2253682 - pkidestroy log keeps HSM token password [RHCS 9.7.z] (mfargett, jmagne) - Bug 2265180 - Add Support for Symmetric Key Rollover [RHCS 9.7.z] (jmagne) - Bug 2280722 - Shared token is not generated for TPS and TKS during install despite adding pki_import_shared_secret=True param at install [RHCS 9.7.z] (jmagne) [10.5.18-31] - ########################################################################## - # RHEL 7.9 (Async Security Update CY24Q2.3): - ########################################################################## - Updated nspr-devel and nss-devel build requirements as well as nss and nss-tools runtime requirements (mharmsen) - Updated jss dependencies (mharmsen) - Added git build dependency (mharmsen) - Additional trivial fix (jmagne) - RHEL-9917 - EMBARGOED CVE-2023-4727 pki-core: dogtag ca: token authentication bypass vulnerability [rhel-7.9.z] (jmagne) - RHEL-24339 - pki-core - PrettyPrintCert does not properly translate AIA information into a readable format [RHEL 7.9.z] (mfargett) - RHEL-26881 - Fix additional OID mappings [RHEL 7.9.z] (mfargett) - ########################################################################## - # RHCS 9.7 (Async Security Update CY24Q2.3): - ########################################################################## - Bug 2047831 - Coolkey Hardcoded RSA Max Key Size [RHCS 9.7.z] (jmagne) - Bug 2121463 - Add Secure Channel Support for AES-256 Keys [RHCS 9.7.z] (jmagne) - Bug 2177785 - TPS missing Host header field in HTTP/1.1 request message [RHCS 9.7.z] (mfargett) - Bug 2180920 - add AES support for TMS server-side keygen on latest HSM / FIPS environment [RHCS 9.7.z] (jmagne) - Bug 2233158 - Make key wrapping algorithm configurable between AES-KWP and AES-CBC [RHCS 9.7.z] (jmagne) - Bug 2253682 - pkidestroy log keeps HSM token password [RHCS 9.7.z] (mfargett, jmagne) - Bug 2265180 - Add Support for Symmetric Key Rollover [RHCS 9.7.z] (jmagne) - Bug 2280722 - Shared token is not generated for TPS and TKS during install despite adding pki_import_shared_secret=True param at install [RHCS 9.7.z] (jmagne) [10.5.18-30] - ########################################################################## - # RHEL 7.9 (Async Security Update CY24Q2.2): - ########################################################################## - Updated nspr-devel and nss-devel build requirements as well as nss and nss-tools runtime requirements (mharmsen) - Updated jss dependencies (mharmsen) - Added git build dependency (mharmsen) - Additional trivial fix (jmagne) - RHEL-9917 - EMBARGOED CVE-2023-4727 pki-core: dogtag ca: token authentication bypass vulnerability [rhel-7.9.z] (jmagne) - RHEL-24339 - pki-core - PrettyPrintCert does not properly translate AIA information into a readable format [RHEL 7.9.z] (mfargett) - RHEL-26881 - Fix additional OID mappings [RHEL 7.9.z] (mfargett) - ########################################################################## - # RHCS 9.7 (Async Security Update CY24Q2.2): - ########################################################################## - Bug 2047831 - Coolkey Hardcoded RSA Max Key Size [RHCS 9.7.z] (jmagne) - Bug 2121463 - Add Secure Channel Support for AES-256 Keys [RHCS 9.7.z] (jmagne) - Bug 2177785 - TPS missing Host header field in HTTP/1.1 request message [RHCS 9.7.z] (mfargett) - Bug 2180920 - add AES support for TMS server-side keygen on latest HSM / FIPS environment [RHCS 9.7.z] (jmagne) - Bug 2233158 - Make key wrapping algorithm configurable between AES-KWP and AES-CBC [RHCS 9.7.z] (jmagne) - Bug 2253682 - pkidestroy log keeps HSM token password [RHCS 9.7.z] (mfargett, jmagne) - Bug 2265180 - Add Support for Symmetric Key Rollover [RHCS 9.7.z] (jmagne) - Bug 2280722 - Shared token is not generated for TPS and TKS during install despite adding pki_import_shared_secret=True param at install [RHCS 9.7.z] (jmagne) [10.5.18-29] - ########################################################################## - # RHEL 7.9 (Async Security Update CY24Q2.1): - ########################################################################## - Updated nspr-devel and nss-devel build requirements as well as nss and nss-tools runtime requirements (mharmsen) - Updated jss dependencies (mharmsen) - Added git build dependency (mharmsen) - Additional trivial fix (jmagne) - RHEL-9917 - EMBARGOED CVE-2023-4727 pki-core: dogtag ca: token authentication bypass vulnerability [rhel-7.9.z] (jmagne) - RHEL-24339 - pki-core - PrettyPrintCert does not properly translate AIA information into a readable format [RHEL 7.9.z] (mfargett) - RHEL-26881 - Fix additional OID mappings [RHEL 7.9.z] (mfargett) - ########################################################################## - # RHCS 9.7 (Async Security Update CY24Q2.1): - ########################################################################## - Bug 2047831 - Coolkey Hardcoded RSA Max Key Size [RHCS 9.7.z] (jmagne) - Bug 2121463 - Add Secure Channel Support for AES-256 Keys [RHCS 9.7.z] (jmagne) - Bug 2177785 - TPS missing Host header field in HTTP/1.1 request message [RHCS 9.7.z] (mfargett) - Bug 2180920 - add AES support for TMS server-side keygen on latest HSM / FIPS environment [RHCS 9.7.z] (jmagne) - Bug 2233158 - Make key wrapping algorithm configurable between AES-KWP and AES-CBC [RHCS 9.7.z] (jmagne) - Bug 2253682 - pkidestroy log keeps HSM token password [RHCS 9.7.z] (mfargett, jmagne) - Bug 2265180 - Add Support for Symmetric Key Rollover [RHCS 9.7.z] (jmagne) - Bug 2280722 - Shared token is not generated for TPS and TKS during install despite adding pki_import_shared_secret=True param at install [RHCS 9.7.z] (jmagne) [10.5.18-28] - ########################################################################## - # RHEL 7.9 (Async Security Update CY24Q2): - ########################################################################## - Updated nspr-devel and nss-devel build requirements as well as nss and nss-tools runtime requirements (mharmsen) - Updated jss dependencies (mharmsen) - Added git build dependency (mharmsen) - RHEL-9917 - EMBARGOED CVE-2023-4727 pki-core: dogtag ca: token authentication bypass vulnerability [rhel-7.9.z] (jmagne) - RHEL-24339 - pki-core - PrettyPrintCert does not properly translate AIA information into a readable format [RHEL 7.9.z] (mfargett) - RHEL-26881 - Fix additional OID mappings [RHEL 7.9.z] (mfargett) - ########################################################################## - # RHCS 9.7 (Async Security Update CY24Q2): - ########################################################################## - Bug 2047831 - Coolkey Hardcoded RSA Max Key Size [RHCS 9.7.z] (jmagne) - Bug 2121463 - Add Secure Channel Support for AES-256 Keys [RHCS 9.7.z] (jmagne) - Bug 2177785 - TPS missing Host header field in HTTP/1.1 request message [RHCS 9.7.z] (mfargett) - Bug 2180920 - add AES support for TMS server-side keygen on latest HSM / FIPS environment [RHCS 9.7.z] (jmagne) - Bug 2233158 - Make key wrapping algorithm configurable between AES-KWP and AES-CBC [RHCS 9.7.z] (jmagne) - Bug 2253682 - pkidestroy log keeps HSM token password [RHCS 9.7.z] (mfargett) - Bug 2265180 - Add Support for Symmetric Key Rollover [RHCS 9.7.z] (jmagne) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-4727 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [5.1.1-21] - Security fix for CVE-2024-28219 Resolves: RHEL-31071 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-28219 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [2.10.1-5] - Security fix for CVE-2024-34064 Resolves: RHEL-35651 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-34064 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [1.4.3.39-7] - Bump version to 1.4.3.39-7 - Resolves: RHEL-16277 - LDAP connections are closed with code T2 before the IO block timeout is reached. [rhel-8.10.0.z] [1.4.3.39-6] - Bump version to 1.4.3.39-6 - Resolves: RHEL-16277 - LDAP connections are closed with code T2 before the IO block timeout is reached. [rhel-8.10.0.z] [1.4.3.39-5] - Bump version to 1.4.3.39-5 - Resolves: RHEL-16277 - LDAP connections are closed with code T2 before the IO block timeout is reached. [rhel-8.10.0.z] [1.4.3.39-4] - Bump version to 1.4.3.39-4 - Resolves: RHEL-34818 - redhat-ds:11/389-ds-base: Malformed userPassword may cause crash at do_modify in slapd/modify.c - Resolves: RHEL-34824 - redhat-ds:11/389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-3657 CVE-2024-2199 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 delve [1.21.2-3.0.1] - Disable DWARF compression which has issues (Alex Burmashev) [1.21.2-3] - Skip an additional test as it's breaking in the CI system. - Modify the name of the patch. - Resolves: RHEL-22820 [1.21.2-2] - Fix: Remove architectures from exclude ExcludeArch - Resolves: RHEL-22820 [1.21.2-1] - Rebase to 1.21.2 - Add support for ppc64le and aarch64 - Enable the test suite - Modify ports: Some CI systems complain about the usage of the 8888 port. - Improve the way PPC64LE support is enabled. - Resolves: RHEL-22820 golang [1.21.11-1] - Update to Go1.21.11 to address CVE-2024-24789 and CVE-2024-24790 - Resolves: RHEL-40274 [1.21.10] - Update to Go 1.21.10 - Resolves: RHEL-36993 go-toolset [1.21.11-1] - Rebase to Go1.21.11 that includes fixes for CVE-2024-24789 and CVE-2024-24790 - Resolves: RHEL-40274 [1.21.10-1] - Update to Go 1.21.10 - Resolves: RHEL-36993 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-24790 CVE-2024-24789 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [3.5-10] - Resolves: RHEL-29578 - vulnerable to marvin attack if the authentication option is used [3.5-9] - Resolves: RHEL-17069 - possible denial of service [3.5-8] - Related: #2222205 - bumping nvr for correct update path MODERATE Copyright 2024 Oracle, Inc. CVE-2023-7250 CVE-2024-26306 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 Oracle Linux 8 [6.4.7.2-17.0.1] - Replace colors with Oracle colors [Orabug: 32120093] - Build with --with-vendor='Oracle America, Inc.' - Added the --with-hamcrest option to configure. [6.4.7.2] - Remove Red Hat branding - Change vendor to RESF [1:6.4.7.2-17] - Fix CVE-2024-3044 add notify for script use MODERATE Copyright 2024 Oracle, Inc. CVE-2024-3044 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [3.12.3-2] - Enable importing of hash-based .pyc files under FIPS mode Resolves: RHEL-40776 [3.12.3-1] - Update to 3.12.3 Related: RHEL-33685 [3.12.2-3] - Move all test modules to the python3-test package, namely: - __phello__ - _xxsubinterpreters - xxlimited - xxlimited_35 - xxsubtype [3.12.2-2] - Fix tests for XMLPullParser with Expat with fixed CVE [3.12.2-1] - Update to 3.12.2 Resolves: RHEL-33685 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-0450 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [1.0.2-2] - Security fix for CVE-2024-36039 Resolves: RHEL-38365 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-36039 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [1.1.0-3] - Security fix for CVE-2024-36039 Resolves: RHEL-38366 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-36039 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 aardvark-dns [2:1.10.0-1] - update to https://github.com/containers/aardvark-dns/releases/tag/v1.10.0 - Related: Jira:RHEL-2110 [2:1.9.0-1] - update to https://github.com/containers/aardvark-dns/releases/tag/v1.9.0 - Related: Jira:RHEL-2110 [2:1.8.0-1] - update to https://github.com/containers/aardvark-dns/releases/tag/v1.8.0 - Related: Jira:RHEL-2110 buildah [2:1.33.8-1] - update to the latest content of https://github.com/containers/buildah/tree/release-1.33 (https://github.com/containers/buildah/commit/b65a814) - Resolves: RHEL-40850 cockpit-podman conmon containernetworking-plugins containers-common container-selinux criu [3.18-5] - rebuild to preserve upgrade path - Related: RHEL-32671 crun fuse-overlayfs libslirp [4.4.0-2] - rebuild to preserve upgrade path 8.9 -> 8.10 - Related: RHEL-32671 netavark oci-seccomp-bpf-hook podman [4.9.4-4.0.1] - Add devices on container startup, not on creation [4:4.9.4-4] - update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/1a6dca2) - Resolves: RHEL-40851 python-podman runc skopeo [2:1.14.4-1] - update to the latest content of https://github.com/containers/skopeo/tree/release-1.14 (https://github.com/containers/skopeo/commit/78d9c9a) - Resolves: RHEL-40852 slirp4netns udica [0.2.6-21] - bump release to preserve update path - Resolves: RHEL-32671 [0.2.6-20] - bump release to preserve update path - Related: #2139052 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-24786 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 Oracle Linux 8 [1:1.41.1-2] - Backport fixes for CVE-2024-24806 Resolves: RHEL-24790 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-24806 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [1.13.0-11] - Resolves: RHEL-26525 - c-ares: Out of bounds read in ares__read_line() [rhel-8] LOW Copyright 2024 Oracle, Inc. CVE-2024-25629 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/o:oracle:linux:8:10:baseos_patch cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 Oracle Linux 8 [1.33.0-6.1] - fix CONTINUATION frames DoS (CVE-2024-27316) [1.33.0-6] - fix CONTINUATION frames DoS (CVE-2024-28182) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-28182 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/o:oracle:linux:8:10:baseos_patch cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [530-3] - Fix CVE-2024-32487 - Resolves: RHEL-32738 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-32487 CVE-2022-48624 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/o:oracle:linux:8:10:baseos_patch cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 Oracle Linux 8 [1.51.0-9] - Address segfault found in CVE-2023-52425 (RHEL-24226) MODERATE Copyright 2024 Oracle, Inc. CVE-2023-52425 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:10:baseos_patch cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [2.5-7] - Fix patch application for security fix for CVE-2024-3651 Resolves: RHEL-32703 [2.5-6] - Security fix for CVE-2024-3651 Resolves: RHEL-32703 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-3651 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/o:oracle:linux:8:10:baseos_patch cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 Oracle Linux 8 [2.4.46-19] - Bump version to 2.4.46-19 - Resolves: RHEL-34283 - openldap: null pointer dereference in ber_memalloc_x function LOW Copyright 2024 Oracle, Inc. CVE-2023-2953 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/o:oracle:linux:8:10:baseos_patch cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [ - 1:2.2.6-60] - RHEL-40386 cups: Cupsd Listen arbitrary chmod 0140777 - Delete the domain socket file after stopping the cups.socket service - Fix cupsd Listener checks [1:2.2.6-59] - RHEL-40386 cups: Cupsd Listen arbitrary chmod 0140777 - Require cups.socket in cupsd service file [1:2.2.6-58] - CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-35235 cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/o:oracle:linux:8:10:baseos_patch cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 Oracle Linux 9 [8.2.0-11.el9_4.4] - Fixing CVE-2024-4467 - Resolves: RHEL-35610 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-4467 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [8.7p1-38.0.2.1] - Update upstream references [Orabug: 36564626] [8.7p1-38.1] - Possible remote code execution due to a race condition (CVE-2024-6387) Resolves: RHEL-45347 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-6387 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 - [5.14.0-427.24.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates [5.14.0-427.24.1_4] - net/bnx2x: Prevent access to a freed page in page_pool (Michal Schmidt) [RHEL-43272 RHEL-23117] - bnx2x: new flag for track HW resource allocation (Michal Schmidt) [RHEL-43272 RHEL-23117] - bnx2x: fix page fault following EEH recovery (Michal Schmidt) [RHEL-43272 RHEL-23117] - bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending() (Michal Schmidt) [RHEL-43272 RHEL-23117] - bnx2x: fix potential memory leak in bnx2x_tpa_stop() (Michal Schmidt) [RHEL-43272 RHEL-23117] - xen-netfront: Add missing skb_mark_for_recycle (Vitaly Kuznetsov) [RHEL-37626 RHEL-36573] {CVE-2024-27393} - tools/power/turbostat: Fix uncore frequency file string (David Arcari) [RHEL-34953 RHEL-29239] - tools/power turbostat: Expand probe_intel_uncore_frequency() (David Arcari) [RHEL-34953 RHEL-29239] - net/mlx5e: fix a potential double-free in fs_any_create_groups (Kamal Heib) [RHEL-38972 RHEL-37093] {CVE-2023-52667} - crypto: qat - Fix typo (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak (Vladis Dronov) [RHEL-38546 RHEL-35816] {CVE-2024-26974} - crypto: qat - specify firmware files for 402xx (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - validate slices count returned by FW (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - improve error logging to be consistent across features (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - improve error message in adf_get_arbiter_mapping() (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - implement dh fallback for primes > 4K (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - Fix spelling mistake 'Invalide' -> 'Invalid' (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - implement interface for live migration (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - add interface for live migration (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - add bank save and restore flows (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - expand CSR operations for QAT GEN4 devices (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - rename get_sla_arr_of_type() (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - relocate CSR access code (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - move PFVF compat checker to a function (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - relocate and rename 4xxx PF2VM definitions (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - adf_get_etr_base() helper (Vladis Dronov) [RHEL-38546 RHEL-35816] - redhat/configs: Add CONFIG_CRYPTO_DEV_QAT_420XX (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - make ring to service map common for QAT GEN4 (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - fix ring to service map for dcc in 420xx (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - fix ring to service map for dcc in 4xxx (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - fix comment structure (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - remove unnecessary description from comment (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - remove double initialization of value (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - avoid division by zero (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - removed unused macro in adf_cnv_dbgfs.c (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - remove unused macros in qat_comp_alg.c (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - uninitialized variable in adf_hb_error_inject_write() (Vladis Dronov) [RHEL-38546 RHEL-35816] - Documentation: qat: fix auto_reset section (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - resolve race condition during AER recovery (Vladis Dronov) [RHEL-38546 RHEL-35816] {CVE-2024-26974} - crypto: qat - change SLAs cleanup flow at shutdown (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - improve aer error reset handling (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - limit heartbeat notifications (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - add auto reset on error (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - add fatal error notification (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - re-enable sriov after pf reset (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - update PFVF protocol for recovery (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - disable arbitration before reset (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - add fatal error notify method (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - add heartbeat error simulator (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - use kcalloc_node() instead of kzalloc_node() (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - avoid memcpy() overflow warning (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - generate dynamically arbiter mappings (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - add support for ring pair level telemetry (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - add support for device telemetry (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - add admin msgs for telemetry (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - include pci.h for GET_DEV() (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - add support for 420xx devices (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - move fw config related structures (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - relocate portions of qat_4xxx code (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - change signature of uof_get_num_objs() (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - relocate and rename get_service_enabled() (Vladis Dronov) [RHEL-38546 RHEL-35816] - seq_file: add helper macro to define attribute for rw file (Vladis Dronov) [RHEL-38546 RHEL-35816] - minmax: Introduce {min,max}_array() (Vladis Dronov) [RHEL-38546 RHEL-35816] [5.14.0-427.23.1_4] - net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context (Kamal Heib) [RHEL-34050 RHEL-30492] {CVE-2023-52626} - blk-mq: add helper for checking if one CPU is mapped to specified hctx (Ming Lei) [RHEL-38595 RHEL-36684] - net/sched: flower: Add lock protection when remove filter handle (Petr Oros) [RHEL-35672 RHEL-33379] - Bluetooth: Avoid potential use-after-free in hci_error_reset (David Marlin) [RHEL-33913 RHEL-31828] {CVE-2024-26801} - net: hns3: do not allow call hns3_nic_net_open repeatedly (Jose Ignacio Tornos Martinez) [RHEL-38933 RHEL-37707] {CVE-2021-47400} - tmpfs: fix Documentation of noswap and huge mount options (Nico Pache) [RHEL-38252 RHEL-31975] - shmem: add support to ignore swap (Chris von Recklinghausen) [RHEL-38252 RHEL-31975] - shmem: update documentation (Chris von Recklinghausen) [RHEL-38252 RHEL-31975] - shmem: skip page split if we're not reclaiming (Chris von Recklinghausen) [RHEL-38252 RHEL-31975] - shmem: move reclaim check early on writepages() (Chris von Recklinghausen) [RHEL-38252 RHEL-31975] - shmem: set shmem_writepage() variables early (Chris von Recklinghausen) [RHEL-38252 RHEL-31975] - shmem: remove check for folio lock on writepage() (Chris von Recklinghausen) [RHEL-38252 RHEL-31975] - ice: Add automatic VF reset on Tx MDD events (Petr Oros) [RHEL-39083 RHEL-36317] - net/ipv6: SKB symmetric hash should incorporate transport ports (Ivan Vecera) [RHEL-37641 RHEL-36218] - ipv6: sr: fix memleak in seg6_hmac_init_algo (Hangbin Liu) [RHEL-37669 RHEL-37511] - ipv6: sr: fix missing sk_buff release in seg6_input_core (Hangbin Liu) [RHEL-37669 RHEL-37511] - ipv6: sr: fix invalid unregister error path (Hangbin Liu) [RHEL-37669 RHEL-37511] - ipv6: sr: fix incorrect unregister order (Hangbin Liu) [RHEL-37669 RHEL-37511] - ipv6: sr: add missing seg6_local_exit (Hangbin Liu) [RHEL-37669 RHEL-37511] - block: fix q->blkg_list corruption during disk rebind (Ming Lei) [RHEL-36687 RHEL-33577] - ice: fix uninitialized dplls mutex usage (Petr Oros) [RHEL-36716 RHEL-36283] - ice: fix pin phase adjust updates on PF reset (Petr Oros) [RHEL-36716 RHEL-36283] - ice: fix dpll periodic work data updates on PF reset (Petr Oros) [RHEL-36716 RHEL-36283] - ice: fix dpll and dpll_pin data access on PF reset (Petr Oros) [RHEL-36716 RHEL-36283] - ice: fix dpll input pin phase_adjust value updates (Petr Oros) [RHEL-36716 RHEL-36283] - ice: fix connection state of DPLL and out pin (Petr Oros) [RHEL-36716 RHEL-36283] - redhat: remove the merge subtrees script (Derek Barbosa) - redhat: rhdocs: delete .get_maintainer.conf (Derek Barbosa) - redhat: rhdocs: Remove the rhdocs directory (Derek Barbosa) - net/mlx5: Properly link new fs rules into the tree (Kamal Heib) [RHEL-38954 RHEL-37422] {CVE-2024-35960} - smb: client: fix UAF in smb2_reconnect_server() (Jay Shin) [RHEL-28943 RHEL-40177 RHEL-37273 RHEL-7986] {CVE-2024-35870} - smb: client: remove extra @chan_count check in __cifs_put_smb_ses() (Jay Shin) [RHEL-28943 RHEL-31245] - RHEL: enable CONFIG_AMD_ATL (Aristeu Rozanski) [RHEL-36220 RHEL-26704] - EDAC/amd64: Use new AMD Address Translation Library (Aristeu Rozanski) [RHEL-36220 RHEL-26704] - RAS: Introduce AMD Address Translation Library (Aristeu Rozanski) [RHEL-36220 RHEL-26704] MODERATE Copyright 2024 Oracle, Inc. CVE-2024-27393 CVE-2024-35870 CVE-2023-52626 CVE-2024-26801 CVE-2024-26974 CVE-2024-35960 CVE-2023-52667 CVE-2021-47400 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_patch Oracle Linux 8 hivex libguestfs libguestfs-winsupport libiscsi libnbd libtpms libvirt [8.0.0-23.2.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] - Add runtime deps for pkg librbd1 >= 1:10.2.5 (Keshav Sharma) [8.0.0-23.2] - util: Fix error return for virProcessKillPainfullyDelay() (RHEL-36064) - rpc: ensure temporary GSource is removed from client event loop (CVE-2024-4418) libvirt-dbus libvirt-python nbdkit netcf perl-Sys-Virt qemu-kvm seabios sgabios supermin swtpm virt-v2v LOW Copyright 2024 Oracle, Inc. CVE-2024-4418 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 jss ldapjdk pki-core [10.15.1-1.0.1] - Remove upstream reference [10.15.1-1] - Rebase to PKI 10.15.1 - Fix CVE 2023-4727 resteasy tomcatjss IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-4727 cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [1.33.7-3.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178] [2:1.33.7-3] - rebuild for CVE-2024-1394 - Resolves: RHEL-24307 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1394 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 8 [4.12-2.0.1.4] - Add libreswan-oracle.patch to detect Oracle Linux distro [4.12-2.4] - Fix CVE-2024-3652 (RHEL-32482) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-3652 cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [4.9.4-5.0.1] - Fixes issue of podman execvp error while using podmansh [Orabug: 36073625] - Improved saving remote build context to tarfile in Podman daemon [Orabug: 36495655] - Add devices on container startup, not on creation - Backport fast gzip for compression [Orabug: 36420418] - overlay: Put should ignore ENINVAL for Unmount [Orabug: 36234694] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404] [4:4.9.4-5] - rebuild for CVE-2024-1394 - Resolves: RHEL-40793 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1394 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [6:0.7.3-4] - rebuild for CVE-2024-1394 - Resolves: RHEL-24315 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1394 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 8 hivex libguestfs libguestfs-winsupport libiscsi libnbd libtpms libvirt libvirt-dbus libvirt-python nbdkit netcf perl-Sys-Virt qemu-kvm [6.2.0-50] - kvm-qcow2-Don-t-open-data_file-with-BDRV_O_NO_IO.patch [RHEL-35616] - kvm-iotests-244-Don-t-store-data-file-with-protocol-in-i.patch [RHEL-35616] - kvm-iotests-270-Don-t-store-data-file-with-json-prefix-i.patch [RHEL-35616] - kvm-block-introduce-bdrv_open_file_child-helper.patch [RHEL-35616] - kvm-block-Parse-filenames-only-when-explicitly-requested.patch [RHEL-35616] - Resolves: RHEL-35616 (CVE-2024-4467 virt:rhel/qemu-kvm: QEMU: 'qemu-img info' leads to host file read/write [rhel-8.10.z]) seabios sgabios supermin swtpm virt-v2v IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-4467 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 9 [4.10.0-62.4] - bundled urllib3: fix CVE-2024-37891 Resolves: RHEL-43956 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-37891 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch cpe:/a:oracle:linux:9::addons Oracle Linux 8 [6.0.132-1.0.1] - Add support for Oracle Linux [6.0.132-1] - Update to .NET SDK 6.0.132 and Runtime 6.0.32 - Resolves: RHEL-45319 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-38095 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 9 [6.0.132-1.0.1] - Add support for Oracle Linux [6.0.132-1] - Update to .NET SDK 6.0.132 and Runtime 6.0.32 - Resolves: RHEL-45321 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-38095 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [8.0.107-1.0.1] - Add support for Oracle Linux [8.0.107-1] - Update to .NET SDK 8.0.107 and Runtime 8.0.7 - Resolves: RHEL-45324 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-35264 CVE-2024-38095 CVE-2024-30105 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 8 [8.0.107-1.0.1] - Add support for Oracle Linux [8.0.107-1] - Update to .NET SDK 8.0.107 and Runtime 8.0.7 - Resolves: RHEL-45322 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-35264 CVE-2024-38095 CVE-2024-30105 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 9 [8.7p1-38.0.2.4] - Possible remote code execution due to a race condition (CVE-2024-6409) Resolves: RHEL-45741 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-6409 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 8 ruby [2.5.9-112] - Fix ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755. (CVE-2023-36617) Resolves: RHEL-5614 - Fix Buffer overread vulnerability in StringIO. (CVE-2024-27280) Resolves: RHEL-34125 - Fix RCE vulnerability with .rdoc_options in RDoc. (CVE-2024-27281) Resolves: RHEL-34117 - Fix Arbitrary memory address read vulnerability with Regex search. (CVE-2024-27282) Resolves: RHEL-33867 - Fix REXML DoS parsing an XML with many <'s in an attribute value. (CVE-2024-35176) Resolves: RHEL-37877 rubygem-abrt rubygem-bson rubygem-bundler rubygem-mongo rubygem-mysql2 rubygem-pg MODERATE Copyright 2024 Oracle, Inc. CVE-2023-36617 CVE-2024-27280 CVE-2024-27281 CVE-2024-35176 CVE-2024-27282 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [115.13.0-3.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [115.13.0] - Add debranding patches (Mustafa Gezen) - Add OpenELA default preferences (Louis Abel) [115.13.0-3] - Update to 115.13.0 build3 [115.13.0-2] - Update to 115.13.0 build2 [115.13.0-1] - Update to 115.13.0 build1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-6601 CVE-2024-6603 CVE-2024-6604 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [2:1.14.3-3] - golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1394 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 8 [115.13.0-3.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding OpenELA file [115.13.0] - Add debranding patches (Mustafa Gezen) - Add OpenELA default preferences (Louis Abel) [115.13.0-3] - Update to 115.13.0 build3 [115.13.0-2] - Update to 115.13.0 build2 [115.13.0-1] - Update to 115.13.0 build1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-6601 CVE-2024-6603 CVE-2024-6604 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [9.25-5.0.1] - Fixes CVE-2024-33871 OPVP device arbitrary code execution via custom Driver library IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-33871 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [1:1.8.0.412.b08-1.0.1] - Fixes openjdk below given CVE issues - CVE-2024-21131 Improve-UTF8-String-supports - CVE-2024-21138 Better-symbol-storage - Fixes bad immediate dominator info openjdk bug8262017 - Fixes malformed control flow openjdk bug8303466 - CVE-2024-21140 Improved-loop-handling - CVE-2024-21144 Enhance-Pack-200-loading - CVE-2024-21145 Improve-2D-image-handling - CVE-2024-21147 Improve-array-management IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-21138 CVE-2024-21140 CVE-2024-21131 CVE-2024-21145 CVE-2024-21144 CVE-2024-21147 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 Oracle Linux 9 [1.8.0.422.b05-2.0.1] - Add Oracle vendor bug URL [Orabug: 34340155] [1:1.8.0.422.b05-1.1] - Update to shenandoah-jdk8u422-b05 (GA) - Update release notes for shenandoah-8u422-b05. - Rebase PR2462 patch following patched hunk being removed by JDK-8322106 - Switch to GA mode. - Sync the copy of the portable specfile with the latest update - Actually require tzdata 2024a now it is available in the buildroot - Add missing build dependencies on zlib-devel and tar - Update LCMS version to match JDK-8245400 - ** This tarball is embargoed until 2024-07-16 @ 1pm PT. ** - Resolves: RHEL-46866 - Resolves: RHEL-47001 [1:1.8.0.422.b01-0.1.ea] - Update to shenandoah-jdk8u422-b01 (EA) - Update release notes for shenandoah-8u422-b01. - Switch to EA mode. - Sync the copy of the portable specfile with the latest update - Restore NEWS file and rename remove-intree-libraries.sh so portable can be rebuilt - Document policy repacking script and rename to correct spelling and style - Limit Java only tests to one architecture using jdk_test_arch - Related: RHEL-46866 - Resolves: RHEL-47067 - Resolves: RHEL-47087 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-21131 CVE-2024-21138 CVE-2024-21140 CVE-2024-21144 CVE-2024-21145 CVE-2024-21147 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 7 [1:11.0.23.0.9-2.0.3] - Fixes below CVE's - CVE-2024-21131 Improve-UTF8-String-supports - CVE-2024-21138 Better-symbol-storage - Fixes malformed control flow openjdk bug8303466 - CVE-2024-21140 Improved-loop-handling - CVE-2024-21144 Enhance-Pack-200-loading - CVE-2024-21145 Improve-2D-image-handling - CVE-2024-21147 Improve-array-management IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-21131 CVE-2024-21138 CVE-2024-21140 CVE-2024-21145 CVE-2024-21147 CVE-2024-21144 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 9 Oracle Linux 8 [11.0.24.0.8-2.0.1] - Add Oracle vendor bug URL [Orabug: 34340155] [1:11.0.24.0.8-1] - Update to jdk-11.0.24+8 (GA) - Update release notes to 11.0.24+8 - Adjusted DTLS & RPATH NEWS entries to match OpenJDK 17 & 21 release notes - Switch to GA mode for release - Fix Provides to reflect up to date component versions - Add zlib build required or bundled version (1.3.1), depending on system_libs setting - Resolves: RHEL-45202 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-21131 CVE-2024-21147 CVE-2024-21144 CVE-2024-21138 CVE-2024-21145 CVE-2024-21140 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 Oracle Linux 9 [1:17.0.12.0.7-2.0.1] - Add Oracle vendor bug URL [1:17.0.12.0.7-2] - Update to jdk-17.0.12+7 (GA) - Update .gitignore to ignore openjdk-17.0.12+7.tar.xz - Sync java-17-openjdk-portable.specfile - Set buildver to 7 - Set portablerelease 1 - Set is_ga to 1 - Update sources to openjdk-17.0.12+7.tar.xz - Resolves: RHEL-46641 - Resolves: RHEL-47019 - ** This tarball is embargoed until 2024-07-16 @ 1pm PT. ** [1:17.0.12.0.6-0.1.ea] - Add debuginfo section to rpminspect.yaml (OPENJDK-2904) - Add unicode section to rpminspect.yaml (OPENJDK-2904) [1:17.0.12.0.6-0.1.ea] - Add upstream patch that removes illegal RLO Unicode characters (JDK-8332174) - Sync the copy of the portable specfile with the latest update [1:17.0.12.0.6-0.1.ea] - Delete fips-17u-d63771ea660.patch - Add fips-17u-e893be00150.patch - Update fipsver to e893be00150 [1:17.0.12.0.6-0.1.ea] - generate_source_tarball.sh: Use tar exclude options for VCS files - generate_source_tarball.sh: Improve VCS exclusion [1:17.0.12.0.6-0.1.ea] - generate_source_tarball.sh: Update examples in header for clarity - generate_source_tarball.sh: Cleanup message issued when checkout already exists - generate_source_tarball.sh: Create directory in TMPDIR when using WITH_TEMP - generate_source_tarball.sh: Only add --depth=1 on non-local repositories - icedtea_sync.sh: Reinstate from rhel-8.9.0 branch - Move maintenance scripts to a scripts subdirectory - discover_trees.sh: Set compile-command and indentation instructions for Emacs - discover_trees.sh: shellcheck: Do not use -o (SC2166) - discover_trees.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) - discover_trees.sh: shellcheck: Double-quote variable references (SC2086) - generate_source_tarball.sh: Add authorship - icedtea_sync.sh: Set compile-command and indentation instructions for Emacs - icedtea_sync.sh: shellcheck: Double-quote variable references (SC2086) - icedtea_sync.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) - openjdk_news.sh: Set compile-command and indentation instructions for Emacs - openjdk_news.sh: shellcheck: Double-quote variable references (SC2086) - openjdk_news.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) - openjdk_news.sh: shellcheck: Remove deprecated egrep usage (SC2196) - generate_source_tarball.sh: Output values of new options WITH_TEMP and OPENJDK_LATEST - generate_source_tarball.sh: Double-quote DEPTH reference (SC2086) - generate_source_tarball.sh: Avoid empty DEPTH reference while still appeasing shellcheck [1:17.0.12.0.6-0.1.ea] - Update to jdk-17.0.12+6 (EA) - Add openjdk-17.0.12+6-ea.tar.xz to .gitignore - Set updatever to 12 - Set buildver to 6 - Set rpmrelease to 1 - Set is_ga to 0 - Update sources to openjdk-17.0.12+6-ea.tar.xz - Require tzdata-java 2024a at runtime and for build (JDK-8325150) - Update lcms2 bundled provides to 2.16.0 - Add zlib 1.3.1 bundled provides and zlib-devel build requirement (OPENJDK-3065) - Label as error a designator mismatch - Change a fix-me comment to a note instead - Sync generate_source_tarball.sh from Fedora rawhide IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-21131 CVE-2024-21140 CVE-2024-21145 CVE-2024-21138 CVE-2024-21147 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 Oracle Linux 9 [1:21.0.4.0.7-1.0.1] - Add Oracle vendor bug URL [Orabug: 34340155] [1:21.0.4.0.7-1] - Update to jdk-21.0.4+7 (GA) - Update release notes to 21.0.4+7 - Switch to GA mode. - Sync the copy of the portable specfile with the latest update - Add missing section headers in NEWS - ** This tarball is embargoed until 2024-07-16 @ 1pm PT. ** - Resolves: RHEL-47022 [1:21.0.4.0.5-0.1.ea] - Update to jdk-21.0.4+5 (EA) - Update release notes to 21.0.4+5 - Limit Java only tests to one architecture using jdk_test_arch - Actually require tzdata 2024a now it is available in the buildroot - Resolves: RHEL-45356 - Resolves: RHEL-47399 [1:21.0.4.0.1-0.1.ea] - Update to jdk-21.0.4+1 (EA) - Update release notes to 21.0.4+1 - Switch to EA mode - Bump LCMS 2 version to 2.16.0 following JDK-8321489 - Add zlib build requirement or bundled version (1.3.1), depending on system_libs setting - Restore NEWS file so portable can be rebuilt - Sync the copy of the portable specfile with the latest update - Related: RHEL-45356 - Resolves: RHEL-46028 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-21131 CVE-2024-21138 CVE-2024-21145 CVE-2024-21147 CVE-2024-21140 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 9 - [5.14.0-427.26.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates [5.14.0-427.26.1_4] - net: ena: Fix incorrect descriptor free behavior (Kamal Heib) [RHEL-39217 RHEL-37430] {CVE-2024-35958} - tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). (Guillaume Nault) [RHEL-41749 RHEL-39837] {CVE-2024-36904} - mm/mglru: Revert 'don't sync disk for each aging cycle' (Waiman Long) [RHEL-44418] - tipc: fix UAF in error path (Xin Long) [RHEL-34848 RHEL-34280] {CVE-2024-36886} - selftest/cgroup: Update test_cpuset_prs.sh to match changes (Waiman Long) [RHEL-45139] - cgroup/cpuset: Make cpuset.cpus.exclusive independent of cpuset.cpus (Waiman Long) [RHEL-45139] - cgroup/cpuset: Delay setting of CS_CPU_EXCLUSIVE until valid partition (Waiman Long) [RHEL-45139] - selftest/cgroup: Fix test_cpuset_prs.sh problems reported by test robot (Waiman Long) [RHEL-45139] - cgroup/cpuset: Fix remote root partition creation problem (Waiman Long) [RHEL-45139] - cgroup/cpuset: Optimize isolated partition only generate_sched_domains() calls (Waiman Long) [RHEL-45139] - cgroup/cpuset: Fix retval in update_cpumask() (Waiman Long) [RHEL-45139] - cgroup/cpuset: Fix a memory leak in update_exclusive_cpumask() (Waiman Long) [RHEL-45139] - ice: implement AQ download pkg retry (Petr Oros) [RHEL-38907 RHEL-17318] - redhat: include resolve_btfids in kernel-devel (Viktor Malik) [RHEL-43426 RHEL-40707] - blk-cgroup: fix list corruption from resetting io stat (cki-backport-bot) [RHEL-44977] {CVE-2024-38663} - misc: rtsx: do clear express reg every SD_INT (David Arcari) [RHEL-39985 RHEL-33706] - misc: rtsx: Fix rts5264 driver status incorrect when card removed (David Arcari) [RHEL-39985 RHEL-33706] - netfilter: tproxy: bail out if IP has been disabled on the device (cki-backport-bot) [RHEL-44371] {CVE-2024-36270} - lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure (cki-backport-bot) [RHEL-44263 RHEL-44261] {CVE-2024-38543} - r8169: Fix possible ring buffer corruption on fragmented Tx packets. (cki-backport-bot) [RHEL-44039] {CVE-2024-38586} - net: micrel: Fix receiving the timestamp in the frame for lan8841 (cki-backport-bot) [RHEL-43996] {CVE-2024-38593} - vt: fix memory overlapping when deleting chars in the buffer (Waiman Long) [RHEL-43379 RHEL-27780] {CVE-2022-48627} - net/mlx5e: Use a memory barrier to enforce PTP WQ xmit submission tracking occurs after populating the metadata_map (Kamal Heib) [RHEL-42728 RHEL-34192] {CVE-2024-26858} - locking/atomic: Make test_and_*_bit() ordered on failure (Paolo Bonzini) [RHEL-45896] - mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index (Rafael Aquini) [RHEL-42659 RHEL-31840] {CVE-2024-26783} - can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock (Jose Ignacio Tornos Martinez) [RHEL-42379 RHEL-31530] {CVE-2023-52638} - ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() (Ken Cox) [RHEL-42226 RHEL-38715] {CVE-2021-47548} [5.14.0-427.25.1_4] - nvme: fix reconnection fail due to reserved tag allocation (Maurizio Lombardi) [RHEL-42896 RHEL-36896] {CVE-2024-27435} - net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg (cki-backport-bot) [RHEL-43625] {CVE-2021-47596} - scsi: sg: Avoid race in error handling & drop bogus warn (Ewan D. Milne) [RHEL-36106 RHEL-35659] - scsi: sg: Avoid sg device teardown race (Ewan D. Milne) [RHEL-36106 RHEL-35659] - netfilter: nf_tables: use timestamp to check for set element timeout (Florian Westphal) [RHEL-38032 RHEL-33985] {CVE-2024-27397} - netfilter: nft_set_rbtree: Remove unused variable nft_net (Florian Westphal) [RHEL-38032 RHEL-33985] - netfilter: nft_set_rbtree: prefer sync gc to async worker (Florian Westphal) [RHEL-38032 RHEL-33985] - netfilter: nft_set_rbtree: rename gc deactivate+erase function (Florian Westphal) [RHEL-38032 RHEL-33985] - netfilter: nf_tables: de-constify set commit ops function argument (Florian Westphal) [RHEL-38032 RHEL-33985] - octeontx2-af: avoid off-by-one read from userspace (Kamal Heib) [RHEL-40486 RHEL-39873] {CVE-2024-36957} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2021-47548 CVE-2023-52638 CVE-2024-27397 CVE-2024-35958 CVE-2024-36270 CVE-2024-38586 CVE-2024-38593 CVE-2024-38663 CVE-2021-47596 CVE-2024-36957 CVE-2024-36904 CVE-2024-27435 CVE-2024-26858 CVE-2024-38543 CVE-2022-48627 CVE-2024-36886 CVE-2024-26783 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_patch Oracle Linux 8 [5.15.3-8] - HTTP2: Delay any communication until encrypted() can be responded to Resolves: RHEL-46340 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-39936 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [1.7-7] - Validate route information option length IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-5564 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:10:baseos_patch cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 Oracle Linux 7 [1.2-10.0.1] - Increasing release number as per Oracle package release policy IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-5564 cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ovs3 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ovs3 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ovs3 cpe:/a:oracle:linux:7:9:patch Oracle Linux 9 [5.15.9-10] - HTTP2: Delay any communication until encrypted() can be responded to Resolves: RHEL-46348 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-39936 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [115.13.0-3.0.1] - Add Oracle prefs [115.13.0] - Add OpenELA debranding [115.13.0-3] - Update to 115.13.0 build5 [115.13.0-2] - Update to 115.13.0 build3 [115.13.0-1] - Update to 115.13.0 build1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-6604 CVE-2024-6601 CVE-2024-6603 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 [115.13.0-3.0.1] - Add Oracle prefs file [115.13.0] - Add OpenELA debranding [115.13.0-3] - Update to 115.13.0 build5 [115.13.0-2] - Update to 115.13.0 build3 [115.13.0-1] - Update to 115.13.0 build1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-6603 CVE-2024-6601 CVE-2024-6604 cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [1.8-6] - Validate route information option length [1.8-5] - Convert the license tag to SPDX format Related: RHELMISC-1363 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-5564 cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 7 [5.9.7-5.0.1] - Backport fix for CVE-2024-39936 [Orabug: 36904373] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-39936 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 httpd [2.4.37-65.0.1.1] - Replace index.html with Oracle's index page oracle_index.html [2.4.37-65.1] - Resolves: RHEL-45812 - httpd:2.4/httpd: Substitution encoding issue in mod_rewrite (CVE-2024-38474) - Resolves: RHEL-45785 - httpd:2.4/httpd: Encoding problem in mod_proxy (CVE-2024-38473) - Resolves: RHEL-45777 - httpd:2.4/httpd: Improper escaping of output in mod_rewrite (CVE-2024-38475) - Resolves: RHEL-45758 - httpd:2.4/httpd: null pointer dereference in mod_proxy (CVE-2024-38477) - Resolves: RHEL-45743 - httpd:2.4/httpd: Potential SSRF in mod_rewrite (CVE-2024-39573) mod_http2 mod_md IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-38475 CVE-2024-38477 CVE-2024-38473 CVE-2024-39573 CVE-2024-38474 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [2.4.57-11.0.1] - Replace index.html with Oracle's index page oracle_index.html. [2.4.57-11] - Resolves: RHEL-45792 - httpd: Encoding problem in mod_proxy (CVE-2024-38473) [2.4.57-9] - Resolves: RHEL-45766 - httpd: null pointer dereference in mod_proxy (CVE-2024-38477) - Resolves: RHEL-45749 - httpd: Potential SSRF in mod_rewrite (CVE-2024-39573) - Resolves: RHEL-45818 - httpd: Substitution encoding issue in mod_rewrite (CVE-2024-38474) - Resolves: RHEL-45771 - httpd: Improper escaping of output in mod_rewrite (CVE-2024-38475) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-38474 CVE-2024-38473 CVE-2024-38477 CVE-2024-39573 CVE-2024-38475 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [20231122-6.0.1.el9_4.2] - Replace upstream references [Orabug:36569119] [20231122-6.el9_4.2] - edk2-NetworkPkg-SECURITY-PATCH-CVE-2023-45237.patch [RHEL-40270 RHEL-40272] - edk2-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch [RHEL-40270 RHEL-40272] - edk2-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch [RHEL-40270 RHEL-40272] - edk2-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-che.patch [RHEL-40270 RHEL-40272] - edk2-SecurityPkg-RngDxe-add-rng-test.patch [RHEL-40270 RHEL-40272] - edk2-OvmfPkg-wire-up-RngDxe.patch [RHEL-40270 RHEL-40272] - edk2-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch [RHEL-40270 RHEL-40272] - edk2-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch [RHEL-40270 RHEL-40272] - Resolves: RHEL-40270 (CVE-2023-45237 edk2: Use of a Weak PseudoRandom Number Generator [rhel-9.4.z]) - Resolves: RHEL-40272 (CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [rhel-9.4.z]) [20231122-6.el9_4.1] - edk2-EmbeddedPkg-Hob-Integer-Overflow-in-CreateHob.patch [RHEL-30156] - edk2-StandaloneMmPkg-Hob-Integer-Overflow-in-CreateHob.patch [RHEL-30156] - Resolves: RHEL-30156 (CVE-2022-36765 edk2: integer overflow in CreateHob() could lead to HOB OOB R/W [rhel-9.4.z]) MODERATE Copyright 2024 Oracle, Inc. CVE-2022-36765 CVE-2023-45236 CVE-2023-45237 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [7.1.8.1-13.0.1] - Replace colors with Oracle colors [Orabug: 32120093] - Added the --with-hamcrest option to configure. [1:7.1.8.1-13] - Fix CVE-2024-3044 add notify for script use MODERATE Copyright 2024 Oracle, Inc. CVE-2024-3044 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1:1.42.0-2] - Backport fix for CVE-2024-24806 Resolves: RHEL-24791 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-24806 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [10.0.0-6.6.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] [10.0.0-6.6.el9_4] - vmx: Do not require DVS Port ID (RHEL-45520) - vmx: Do not require all ID data for VMWare Distributed Switch (RHEL-46595) [10.0.0-6.5.el9_4] - qemu: Fix migration with disabled vmx-* CPU features (RHEL-44984) [10.0.0-6.4.el9_4] - rpc: ensure temporary GSource is removed from client event loop (CVE-2024-4418) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-4418 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1:1.4.0-4] - rebuild for CVE-2024-1394 - Resolves: RHEL-40809 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1394 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [4:1.1.12-3] - rebuild for CVE-2024-1394 - Resolves: RHEL-24320 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1394 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [3.11.7-1.3] - Security fix for CVE-2024-4032 Resolves: RHEL-44097 [3.11.7-1.2] - Enable importing of hash-based .pyc files under FIPS mode Resolves: RHEL-40785 LOW Copyright 2024 Oracle, Inc. CVE-2024-4032 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1:2.3.3op2-27] - Revert the cups-libs license identifier to the 'legacy' format [1:2.3.3op2-26] - RHEL-40388 cups: Cupsd Listen arbitrary chmod 0140777 - Delete the domain socket file after stopping the cups.socket service - Fix cupsd Listener checks [1:2.3.3op2-25] - CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-35235 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [3.9.18-3.3] - Security fix for CVE-2024-4032 Resolves: RHEL-44106 [3.9.18-3.2] - Enable importing of hash-based .pyc files under FIPS mode Resolves: RHEL-40767 LOW Copyright 2024 Oracle, Inc. CVE-2024-4032 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_patch Oracle Linux 9 [7:5.5-13] - Resolves: RHEL-45056 - squid: Out-of-bounds write error may lead to Denial of Service (CVE-2024-37894) - Resolves: RHEL-45643 - squid: vulnerable to a Denial of Service attack against Cache Manager error responses (CVE-2024-23638) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-23638 CVE-2024-37894 cpe:/a:oracle:linux:9::appstream Oracle Linux 7 [3.0.13-15.0.1] - Fixes CVE-2024-3596 security issue [Orabug: 36904288] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-3596 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 9 - [5.14.0-427.28.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates [5.14.0-427.28.1_4] - mlxbf_gige: call request_irq() after NAPI initialized (Kamal Heib) [RHEL-43012 RHEL-37179] {CVE-2024-35907} - mlxbf_gige: stop PHY during open() error paths (Kamal Heib) [RHEL-43012 RHEL-37179] {CVE-2024-35907} - mlxbf_gige: stop interface during shutdown (Kamal Heib) [RHEL-41708 RHEL-37244] {CVE-2024-35885} - net: amd-xgbe: Fix skb data length underflow (Ken Cox) [RHEL-43796 RHEL-43794] {CVE-2022-48743} - nfp: flower: handle acti_netdevs allocation failure (Ken Cox) [RHEL-42852 RHEL-35158] {CVE-2024-27046} - block: add check that partition length needs to be aligned with block size (Ming Lei) [RHEL-45501 RHEL-26616] {CVE-2023-52458} - nfsd: hold a lighter-weight client reference over CB_RECALL_ANY (Benjamin Coddington) [RHEL-45517 RHEL-31513] - NFSD: CREATE_SESSION must never cache NFS4ERR_DELAY replies (Benjamin Coddington) [RHEL-45517 RHEL-31513] - NFSD: Document the phases of CREATE_SESSION (Benjamin Coddington) [RHEL-45517 RHEL-31513] - NFSD: Fix the NFSv4.1 CREATE_SESSION operation (Benjamin Coddington) [RHEL-45517 RHEL-31513] - icmp: prevent possible NULL dereferences from icmp_build_probe() (Antoine Tenart) [RHEL-42974 RHEL-37002] {CVE-2024-35857} - NFSv4.1: fix handling NFS4ERR_DELAY when testing for session trunking (Scott Mayhew) [RHEL-45360 RHEL-24133] - RAS/AMD/ATL: Use system settings for MI300 DRAM to normalized address translation (Aristeu Rozanski) [RHEL-46335 RHEL-38634] - RAS/AMD/ATL: Fix MI300 bank hash (Aristeu Rozanski) [RHEL-46335 RHEL-38634] - net/ipv6: avoid possible UAF in ip6_route_mpath_notify() (Hangbin Liu) [RHEL-42689 RHEL-33271] {CVE-2024-26852} - epoll: be better about file lifetimes (Pavel Reichl) [RHEL-44091 RHEL-44083] {CVE-2024-38580} - scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (Dick Kennedy) [RHEL-40659 RHEL-40665 RHEL-24508 RHEL-39793] {CVE-2024-36924} - scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (Dick Kennedy) [RHEL-40659 RHEL-40669 RHEL-24508 RHEL-39887] {CVE-2024-36952} - bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel (Viktor Malik) [RHEL-42640 RHEL-31726] {CVE-2024-26737} - can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv (Ken Cox) [RHEL-41489 RHEL-38415] {CVE-2021-47459} - wifi: ath11k: restore country code during resume (Jose Ignacio Tornos Martinez) [RHEL-46230 RHEL-12349] - wifi: ath11k: refactor setting country code logic (Jose Ignacio Tornos Martinez) [RHEL-46230 RHEL-12349] - bus: mhi: host: Add mhi_power_down_keep_dev() API to support system suspend/hibernation (Jose Ignacio Tornos Martinez) [RHEL-46230 RHEL-12349] - net: qrtr: support suspend/hibernation (Jose Ignacio Tornos Martinez) [RHEL-46230 RHEL-12349] - wifi: ath11k: support hibernation (Jose Ignacio Tornos Martinez) [RHEL-46230 RHEL-12349] - wifi: ath11k: thermal: don't try to register multiple times (Jose Ignacio Tornos Martinez) [RHEL-46230 RHEL-12349] - wifi: ath11k: fix warning on DMA ring capabilities event (Jose Ignacio Tornos Martinez) [RHEL-46230 RHEL-12349] - wifi: ath11k: do not dump SRNG statistics during resume (Jose Ignacio Tornos Martinez) [RHEL-46230 RHEL-12349] - wifi: ath11k: remove MHI LOOPBACK channels (Jose Ignacio Tornos Martinez) [RHEL-46230 RHEL-12349] - wifi: ath11k: rearrange IRQ enable/disable in reset path (Jose Ignacio Tornos Martinez) [RHEL-46230 RHEL-12349] [5.14.0-427.27.1_4] - drm/ast: Fix soft lockup (CKI Backport Bot) [RHEL-45716] - dm: call the resume method on internal suspend (Benjamin Marzinski) [RHEL-41838 RHEL-33217] {CVE-2024-26880} - KVM: arm64: Do not re-initialize the KVM lock (Sebastian Ott) [RHEL-37528 RHEL-36279] - KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() (Sebastian Ott) [RHEL-37528 RHEL-36279] - KVM: arm64: Fix host-programmed guest events in nVHE (Sebastian Ott) [RHEL-37528 RHEL-36279] - KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler (Sebastian Ott) [RHEL-37528 RHEL-36279] - KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() (Sebastian Ott) [RHEL-37528 RHEL-36279] - KVM: arm64: Fix double-free following kvm_pgtable_stage2_free_unlinked() (Sebastian Ott) [RHEL-37528 RHEL-36279] - octeontx2-af: Use separate handlers for interrupts (Kamal Heib) [RHEL-42846 RHEL-35170] {CVE-2024-27030} - Squashfs: check the inode number is not the invalid value of zero (Abhi Das) [RHEL-42811 RHEL-35098] {CVE-2024-26982} - net: fix sk_memory_allocated_{add|sub} vs softirqs (Paolo Abeni) [RHEL-36773 RHEL-34070] - tcp: sk_forced_mem_schedule() optimization (Paolo Abeni) [RHEL-36773 RHEL-34070] - net: make SK_MEMORY_PCPU_RESERV tunable (Paolo Abeni) [RHEL-36773 RHEL-34070] - ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() (Pavel Reichl) [RHEL-42655 RHEL-31690] {CVE-2024-26773} - scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (John Meneghini) [RHEL-42528 RHEL-38200] {CVE-2023-52809} - KVM: x86/mmu: Retry fault before acquiring mmu_lock if mapping is changing (Maxim Levitsky) [RHEL-43388] - s390/cpum_cf: make crypto counters upward compatible across machine types (Tobias Huschle) [RHEL-40398 RHEL-36047] - RAS: enable CONFIG_RAS_FMPM (Aristeu Rozanski) [RHEL-36212 RHEL-17008] - RAS: Avoid build errors when CONFIG_DEBUG_FS=n (Aristeu Rozanski) [RHEL-36212 RHEL-17008] - RAS/AMD/FMPM: Safely handle saved records of various sizes (Aristeu Rozanski) [RHEL-36212 RHEL-17008] - RAS/AMD/FMPM: Avoid NULL ptr deref in get_saved_records() (Aristeu Rozanski) [RHEL-36212 RHEL-17008] - Merge tag 'edac_updates_for_v6.9' of git://git.kernel.org/pub/scm/linux/kernel/git/ras/ras (Aristeu Rozanski) [RHEL-36212 RHEL-17008] - RAS/AMD/FMPM: Fix off by one when unwinding on error (Aristeu Rozanski) [RHEL-36212 RHEL-17008] - RAS/AMD/FMPM: Add debugfs interface to print record entries (Aristeu Rozanski) [RHEL-36212 RHEL-17008] - RAS/AMD/FMPM: Save SPA values (Aristeu Rozanski) [RHEL-36212 RHEL-17008] - RAS: Export helper to get ras_debugfs_dir (Aristeu Rozanski) [RHEL-36212 RHEL-17008] - RAS/AMD/ATL: Fix bit overflow in denorm_addr_df4_np2() (Aristeu Rozanski) [RHEL-36212 RHEL-17008] - RAS: Introduce a FRU memory poison manager (Aristeu Rozanski) [RHEL-36212 RHEL-17008] - x86/cpu/amd: Provide a separate accessor for Node ID (Aristeu Rozanski) [RHEL-36212 RHEL-17008] - RAS/AMD/ATL: Add MI300 row retirement support (Aristeu Rozanski) [RHEL-36212 RHEL-17008] - Documentation: Move RAS section to admin-guide (Aristeu Rozanski) [RHEL-36212 RHEL-17008] - RAS/AMD/ATL: Add MI300 DRAM to normalized address translation support (Aristeu Rozanski) [RHEL-36212 RHEL-17008] - RAS/AMD/ATL: Fix array overflow in get_logical_coh_st_fabric_id_mi300() (Aristeu Rozanski) [RHEL-36212 RHEL-17008] - RAS/AMD/ATL: Add MI300 support (Aristeu Rozanski) [RHEL-36212 RHEL-17008] - Documentation: RAS: Add index and address translation section (Aristeu Rozanski) [RHEL-36212 RHEL-17008] - cpu/SMT: Make SMT control more robust against enumeration failures (Aristeu Rozanski) [RHEL-36212 RHEL-17008] MODERATE Copyright 2024 Oracle, Inc. CVE-2021-47459 CVE-2024-26773 CVE-2024-26852 CVE-2024-35857 CVE-2024-26880 CVE-2024-36924 CVE-2024-36952 CVE-2023-52809 CVE-2024-38580 CVE-2023-52458 CVE-2024-26982 CVE-2024-35907 CVE-2024-27046 CVE-2024-35885 CVE-2022-48743 CVE-2024-26737 CVE-2024-27030 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_patch Oracle Linux 9 [3.0.21-40] - Backport fixes for BlastRADIUS CVE Resolves: RHEL-46566 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-3596 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 8 [3.0.20-15] - Backport BlastRADIUS CVE fix Resolves: RHEL-46572 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-3596 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [2.4.6-99.0.3.1] - Opt-ins for unsafe prefix_stat and %3f [Orabug: 36904263][CVE-2024-38474][CVE-2024-38475] - mod_proxy: validate hostname [Orabug: 36904263][CVE-2024-38477] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-38477 CVE-2024-38475 CVE-2024-38474 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [1.15.1-55.0.3] - Length check when parsing GSS token encapsulation [Orabug: 36927256] - Add a simple DER support header [Orabug: 36927256] - Fix vulnerabilities in GSS message token handling [Orabug: 36927256] [1.15.1-55.0.1] - Add recursion limit for ASN.1 indefinite lengths [Orabug: 32582360] [1.15.1-55] - Fix integer overflows in PAC parsing (CVE-2022-42898) - Resolves: rhbz#2140961 [1.15.1-54] - Try harder to avoid password change replay errors - Resolves: #2063163 [1.15.1-53] - Backport usage of SHA-256 instead of SHA-1 for PKINIT CMS digest - Resolves: #2066319 [1.15.1-51] - Fix KDC null deref on TGS inner body null server (CVE-2021-37750) - Resolves: #1997599 [1.15.1-50] - Disable smoke tests on s390x and remove sleep - Resolves: #1782492 [1.15.1-49] - Fix LDAP policy enforcement of pw_expiration - Resolves: #1782492 [1.15.1-48] - Fix LDAP policy enforcement of pw_expiration - Resolves: #1782492 [1.15.1-47] - Do expiration warnings for all init_creds APIs - Resolves: #1733289 [1.15.1-46] - Add pkinit_cert_match support - Resolves: #1656126 [1.15.1-45] - Install kerberos(7) - Resolves: #1704726 [1.15.1-44] - Address some optimized-out memset() calls - Resolves: #1663506 [1.15.1-43] - Correct kpasswd_server description in krb5.conf(5) - Resolves: #1498347 [1.15.1-42] - Log when non-root ksu authorization fails - Resolves: #1270927 [1.15.1-41] - Update man pages to reference kerberos(7) - Resolves: #1704726 [1.15.1-40] - Prefer TCP to UDP for password changes - Resolves: #1637349 [1.15.1-39] - Remove incorrect KDC assertion - Resolves: #1673017 [1.15.1-38] - Add FILE prefix to pkinit_anchors field - Resolves: #1661338 [1.15.1-37] - Bring back builtin crypto (openssl broke too many FIPS setups) - Resolves: #1645711 [1.15.1-36] - Clean up MEMORY ccache behavior to match upstream more closely - Resolves: #1605756 [1.15.1-35] - Fix bugs with concurrent use of MEMORY ccaches - Resolves: #1605756 [1.15.1-34] - In FIPS mode, add plaintext fallback for RC4 usages and taint - Resolves: #1570600 [1.15.1-33] - Use SHA-256 instead of MD5 for audit ticket IDs - Resolves: #1570600 [1.15.1-32] - Include preauth name in trace output if possible - Update cert generation scripts to work on modern openssl - Fix per-request preauth scoping - Add test case for PKINIT DH renegotiation - Echo KDC cookies in preauth tryagain - Fall back to other preauth mechanisms after failures - Resolves: #1540130 [1.15.1-31] - Add German translation - Resolves: #1497301 [1.15.1-30] - Add default pkinit_anchors value to krb5.conf - Resolves: #1508081 [1.15.1-29] - Process profile includedir in sorted order - Also, ignore dotfiles in included directories - Resolves: #1539824 [1.15.1-28] - Exit with status 0 from kadmind - Resolves: #1373909 [1.15.1-27] - Continue after KRB5_CC_END in KCM cache iteration - Resolves: #1563166 [1.15.1-26] - Merge duplicate subsections in profile library - Resolves: #1519625 [1.15.1-25] - Fix service dependencies on network state - Resolves: #1525232 [1.15.1-24] - Explicitly use openssl rather than builtin crypto - Resolves: #1570600 [1.15.1-23] - Fix flaws in LDAP DN checking (CVE-2018-5729, CVE-2018-5730) - Resolves: #1562684 - Resolves: #1562679 [1.15.1-22] - Fix segfault in finish_dispatch() - Resolves: #1568970 [1.15.1-21] - Unparse SANs with NO_REALM - Resolves: #1482457 [1.15.1-20] - Fix hex conversion of PKINIT certid strings - Resolves: #1538491 [1.15.1-19] - Limit ticket lifetime to 2^31-1 seconds - Resolves: #1554723 [1.15.1-18] - Expose context errors in pkinit_server_plugin_init - Resolves: #1460089 [1.15.1-17] - Drop certauth test changes that prevented runnig it - Resolves: #1498767 [1.15.1-16] - Drop irrelevant DIR trigger logic - Resolves: #1431198 [1.15.1-15] - Fix CVE-2017-7562 (certauth eku bypass) - Resolves: #1498767 [1.15.1-14] - Fix CVE-2017-11368 (s4u2 request assertion failures) - Resolves: #1498768 [1.15.1-13] - Force-add /etc/krb5.conf.d so we can guarantee it exists - Resolves: #1431198 [1.15.1-12] - Add krb5 policy plugin interface - Remove soname downgrade - Resolves: #1462982 [1.15.1-11] - Make t_certauth.py runnable - Resolves: #1443388 [1.15.1-10] - Add context SSF query support - Resolves: #1472956 [1.15.1-9] - Remove incomplete PKINIT OCSP support - Resolves: #1460089 [1.15.1-8] - Add kprop.service argument file - Resolves: #1389073 [1.15.1-7] - Fix enterprise principal forwarding - Resolves: #1378440 [1.15.1-6] - Fix bug in certauth backport - Resolves: #1428484 [1.15.1-5] - rubygem-rkerberos still needs us to lie about soname - Resolves: #1389073 [1.15.1-4] - Backport certauth plugin and related pkinit changes - Note: related changes cannot be tested because RHEL does not allow binary git diffs - Resolves: #1428484 [1.15.1-3] - Remove duplication between subpackages - Resolves: #1254640 [1.15.1-2] - Add back deleted sources - Resolves: #1389073 [1.15.1-1] - Bump to krb5-1.15.1 (very small change) - Apply some sanity to our patches and ordering - Resolves: #1389073 [1.15-2] - Reinstate e_data free method; bumps KDB to 6.1 - Resolves: #1389073 [1.15-1] - Rebase to 1.15-final - Resolves: #1389073 - Resolves: #1367169 - Resolves: #1389072 - Resolves: #1366863 [1.14.1-27] - Properly handle EOF on libkrad sockets - Resolves: #1382449 [1.14.1-26] - Use responder in non-preauth AS reqs - Resolves: #1363690 [1.14.1-25] - Fix bad debug_log() call in selinux handling - Resolves: #1292153 [1.14.1-24] - Fix KKDCPP with TLS SNI by always presenting 'Host:' header - Resolves: #1364993 [1.14.1-23] - Add dependency on libkadm5 to krb5-devel - Resolves: #1347403 [1.14.1-22] - Builders have new version of mock; adapt. - Resolves: #1290239 [1.14.1-21] - Fix CVE-2016-3120 - Resolves: #1361504 [1.14.1-20] - Make version dependencies on libkadm5 more explicit to appease rpmdiff - Resolves: #1347403 [1.14.1-19] - Add in upstream version of kprop port and tests - Resolves: #1292795 [1.14.1-18] - Fix incorrect recv() size calculation in libkrad - Resolves: #1349042 [1.14.1-17] - Separate out the kadm5 libs - Resolves: #1347403 [1.14.1-16] - Fix kprop/iprop handling of default realm - Fix t_kprop.py - Resolves: #1290561 - Resolves: #1302967 - Resolves: #1292795 [1.14.1-15] - Fix SPNEGO with NTLM to conform to MS-SPNG section 3.3.5.1 - Resolves: #1341726 [1.14.1-14] - Do not indicate depricated mechanisms when requested - Resolves: #1293908 [1.14.1-13] - Fix OTP module incorrectly overwriting as_key - Resolves: #1340304 [1.14.1-12] - Fix CVE-2016-3119 (LDAP NULL dereference) - Resolves: #1339562 [1.14.1-11] - Make ksu not ask for password without -n - Resolves: #1247261 [1.14.1-10] - Frob kadm5 soname version so that the rebase does not break things - Resolves: #1292153 [1.14.1-9] - Revamp selinux patch to not leak memory - Resolves: #1313457 [1.14.1-8] - Add snippet support in /etc/krb5.conf.d - Resolves: #1146945 [1.14.1-7] - Skip unnecessary mech calls in gss_inquire_cred - Resolves: #1314493 [1.14.1-6] - Fix impersonate_name to work with interposers - Resolves: #1284987 [1.14.1-5] - Fix change tracking of krb5.conf - Resolves: #1208243 [1.14.1-4] - Ensure log files are not world-readable - Resolves: #1256735 [1.14.1-3] - Clean up initscript handling in spec file - Resolves: #1283902 - Resolves: #1183058 [1.14.1-2] - Backport spec file changes from Fedora - Resolves: #1290239 [1.14.1-1] - Rebase to new upstream version 1.14.1 - Remove pax logic - Resolves: #1292153 - Resolves: #1135427 - Resolves: #1265509 - Resolves: #1265510 - Resolves: #1296241 [1.13.2-12] - Remove obsolete trigger to enable building of package - Resolves: #1306970 [1.13.2-11] - Fix CVE-2015-8631, CVE-2015-8630, and CVE-2015-8629 - Resolves: #1306970 [1.13.2-9] - Add patch and test case for 'KDC does not return proper client principal for client referrals' - Resolves: #1259846 [1.13.2-9] - Ammend patch for RedHat bug #1252454 ('testsuite complains 'Lifetime has increased by 32436 sec while 0 sec passed!', while rhel5-libkrb5 passes') to handle the newly introduced valgrind hits. [1.13.2-8] - Add a patch to fix RH Bug #1250154 ('[s390x, ppc64, ppc64le]: kadmind does not accept ACL if kadm5.acl does not end with EOL') The code 'accidently' works on x86/AMD64 because declaring a variable |char| results in an |unsigned char| by default while most other platforms (e.g. { s390x, ppc64, ppc64le, ...}) default to |signed char| (still have to use lint(1) to clean up 38 more instances of this kind of bug). [1.13.2-7] - Obsolete multilib versions of server packages to fix RH bug #1251913 ('krb5 should obsolete the multilib versions of krb5-server and krb5-server-ldap'). The following packages are declared obsolete: - krb5-server-1.11.3-49.el7.i686 - krb5-server-1.11.3-49.el7.ppc - krb5-server-1.11.3-49.el7.s390 - krb5-server-ldap-1.11.3-49.el7.i686 - krb5-server-ldap-1.11.3-49.el7.ppc - krb5-server-ldap-1.11.3-49.el7.s390 [1.13.2-6] - Add a patch to fix RedHat bug #1252454 ('testsuite complains 'Lifetime has increased by 32436 sec while 0 sec passed!', while rhel5-libkrb5 passes') so that krb5 resolves GSS creds if |time_rec| is requested. [1.13.2-5] - Add a patch to fix RedHat bug #1251586 ('KDC sends multiple requests to ipa-otpd for the same authentication') which causes the KDC to send multiple retries to ipa-otpd for TCP transports while it should only be done for UDP. [1.13.2-4] - the rebase to krb5 1.13.2 in vers 1.13.2-0 also fixed: - Redhat Bug #1247761 ('RFE: Minor krb5 spec file cleanup and sync with recent Fedora 22/23 changes') - Redhat Bug #1247751 ('krb5-config returns wrong -specs path') - Redhat Bug #1247608 ('Add support for multi-hop preauth mechs via |KDC_ERR_MORE_PREAUTH_DATA_REQUIRED| for RFC 6113 ('A Generalized Framework for Kerberos Pre-Authentication')') - Removed 'krb5-1.10-kprop-mktemp.patch' and 'krb5-1.3.4-send-pr-tempfile.patch', both are no longer used since the rebase to krb5 1.13.1 [1.13.2-3] - Add patch to fix Redhat Bug #1222903 ('[SELinux] AVC denials may appear when kadmind starts'). The issue was caused by an unneeded |htons()| which triggered SELinux AVC denials due to the 'random' port usage. [1.13.2-2] - Add fix for RedHat Bug #1164304 ('Upstream unit tests loads the installed shared libraries instead the ones from the build') [1.13.2-1] - the rebase to krb5 1.13.1 in vers 1.13.1-0 also fixed: - Bug 1144498 ('Fix the race condition in the libkrb5 replay cache') - Bug 1163402 ('kdb5_ldap_util view_policy does not shows ticket flags on s390x and ppc64') - Bug 1185770 ('Missing upstream test in krb5-1.12.2: src/tests/gssapi/t_invalid.c') - Bug 1204211 ('CVE-2014-5355 krb5: unauthenticated denial of service in recvauth_common() and other') [1.13.2-0] - Update to krb5-1.13.2 - drop patch for krb5-1.13.2-CVE_2015_2694_requires_preauth_bypass_in_PKINIT_enabled_KDC, fixed in krb5-1.13.2 - drop patch for krb5-1.12.1-CVE_2014_5355_fix_krb5_read_message_handling, fixed in krb5-1.13.2 [1.13.1-2] - the rebase to krb5 1.13.1 in vers 1.13.1-0 also fixed RH bug #1156144 ('krb5 upstream test t_kdb.py failure') [1.13.1-1] - fix for CVE-2015-2694 (#1218020) 'requires_preauth bypass in PKINIT-enabled KDC'. In MIT krb5 1.12 and later, when the KDC is configured with PKINIT support, an unauthenticated remote attacker can bypass the requires_preauth flag on a client principal and obtain a ciphertext encrypted in the principal's long-term key. This ciphertext could be used to conduct an off-line dictionary attack against the user's password. [1.13.1-0] - Update to krb5-1.13.1 - patch krb5-1.12-selinux-label was updated and renamed to krb5-1.13-selinux-label - patch krb5-1.11-dirsrv-accountlock was updated and renamed to krb5-1.13-dirsrv-accountlock - drop patch for krb5-1.12-pwdch-fast, fixed in krb5-1.13 - drop patch for krb5-1.12ish-kpasswd_tcp, fixed in krb5-1.13 - drop patch for krb5-master-rcache-internal-const, no longer needed - drop patch for krb5-master-rcache-acquirecred-cleanup, no longer needed - drop patch for krb5-master-rcache-acquirecred-source, no longer needed - drop patch for krb5-master-rcache-acquirecred-test, no longer needed - drop patch for krb5-master-move-otp-sockets, no longer needed - drop patch for krb5-master-mechd, no longer needed - drop patch for krb5-master-strdupcheck, no longer needed - drop patch for krb5-master-compatible-keys, no longer needed - drop patch for krb5-1.12-system-exts, fixed in krb5-1.13 - drop patch for 0001-In-ksu-merge-krb5_ccache_copy-and-_restricted, no longer needed - drop patch for 0002-In-ksu-don-t-stat-not-on-disk-ccache-residuals, no longer needed - drop patch for 0003-Use-an-intermediate-memory-cache-in-ksu, no longer needed - drop patch for 0004-Make-ksu-respect-the-default_ccache_name-setting, no longer needed - drop patch for 0005-Copy-config-entries-to-the-ksu-target-ccache, no longer needed - drop patch for 0006-Use-more-randomness-for-ksu-secondary-cache-names, no longer needed - drop patch for 0007-Make-krb5_cc_new_unique-create-DIR-directories, no longer needed - drop patch for krb5-1.12-kpasswd-skip-address-check, fixed in krb5-1.13 - drop patch for 0000-Refactor-cm-functions-in-sendto_kdc.c, no longer needed - drop patch for 0001-Simplify-sendto_kdc.c, no longer needed - drop patch for 0002-Add-helper-to-determine-if-a-KDC-is-the-master, no longer needed - drop patch for 0003-Use-k5_transport-_strategy-enums-for-k5_sendto, no longer needed - drop patch for 0004-Build-support-for-TLS-used-by-HTTPS-proxy-support, no longer needed - drop patch for 0005-Add-ASN.1-codec-for-KKDCP-s-KDC-PROXY-MESSAGE, no longer needed - drop patch for 0006-Dispatch-style-protocol-switching-for-transport, no longer needed - drop patch for 0007-HTTPS-transport-Microsoft-KKDCPP-implementation, no longer needed - drop patch for 0008-Load-custom-anchors-when-using-KKDCP, no longer needed - drop patch for 0009-Check-names-in-the-server-s-cert-when-using-KKDCP, no longer needed - drop patch for 0010-Add-some-longer-form-docs-for-HTTPS, no longer needed - drop patch for 0011-Have-k5test.py-provide-runenv-to-python-tests, no longer needed - drop patch for 0012-Add-a-simple-KDC-proxy-test-server, no longer needed - drop patch for 0013-Add-tests-for-MS-KKDCP-client-support, no longer needed - drop patch for krb5-1.12ish-tls-plugins, fixed in krb5-1.13.1 - drop patch for krb5-1.12-nodelete-plugins, fixed in krb5-1.13.1 - drop patch for krb5-1.12-ksu-untyped-default-ccache-name, fixed in krb5-1.13.1 - drop patch for krb5-1.12-ksu-no-ccache, fixed in krb5-1.13.1 - drop patch for krb5-ksu_not_working_with_default_principal, fixed in krb5-1.13.1 - drop patch for CVE_2014_5353_fix_LDAP_misused_policy_name_crash, fixed in krb5-1.13.1 - drop patch for CVE_2014_5354_support_keyless_principals_in_ldap, fixed in krb5-1.13.1 - drop patch for kinit -C loops (MIT/krb5 bug #243), fixed in krb5-1.13.1 - drop patch for CVEs { 2014-9421, 2014-9422, 2014-9423, 2014-5352 }, fixed in krb5-1.13.1 - added patch krb5-1.14-Support-KDC_ERR_MORE_PREAUTH_DATA_REQUIRED - added patch krb5-1.12.1-CVE_2014_5355_fix_krb5_read_message_handling - Minor spec cleanup [1.12.2-14] - fix for kinit -C loops (#1184629, MIT/krb5 issue 243, 'Do not loop on principal unknown errors'). [1.12.2-13] - fix for CVE-2014-5352 (#1179856) 'gss_process_context_token() incorrectly frees context (MITKRB5-SA-2015-001)' - fix for CVE-2014-9421 (#1179857) 'kadmind doubly frees partial deserialization results (MITKRB5-SA-2015-001)' - fix for CVE-2014-9422 (#1179861) 'kadmind incorrectly validates server principal name (MITKRB5-SA-2015-001)' - fix for CVE-2014-9423 (#1179863) 'libgssrpc server applications leak uninitialized bytes (MITKRB5-SA-2015-001)' [1.12.2-12] - fix for CVE-2014-5354 (#1174546) 'krb5: NULL pointer dereference when using keyless entries' [1.12.2-11] - fix for CVE-2014-5353 (#1174543) 'Fix LDAP misused policy name crash' [1.12.2-10] - In ksu, without the -e flag, also check .k5users (#1105489) When ksu was explicitly told to spawn a shell, a line in .k5users which listed '*' as the allowed command would cause the principal named on the line to be considered as a candidate for authentication. When ksu was not passed a command to run, which implicitly meant that the invoking user wanted to run the target user's login shell, knowledge that the principal was a valid candidate was ignored, which could cause a less optimal choice of the default target principal. This doesn't impact the authorization checks which we perform later. Patch by Nalin Dahyabhai <nalin@redhat.com> [1.12.2-9] - Undo libkadmclnt SONAME change (from 8 to 9) which originally happened in the krb5 1.12 rebase (#1166012) but broke rubygem-rkerberos (sort of ruby language bindings for libkadmclnt&co.) dependicies, as side effect of rubygem-rkerberos using private interfaces in libkadmclnt. [1.12.2-8] - fix the problem where the %license file has been a dangling symlink - ksu: pull in fix from pull #206 to avoid breakage when the default_ccache_name doesn't include a cache type as a prefix - ksu: pull in a proposed fix for pull #207 to avoid breakage when the invoking user doesn't already have a ccache [1.12.2-7] - pull in patch from master to load plugins with RTLD_NODELETE, when defined (RT#7947) [1.12.2-6] - backport patch to make the client skip checking the server's reply address when processing responses to password-change requests, which between NAT and upcoming HTTPS support, can cause us to erroneously report an error to the user when the server actually reported success (RT#7886) - backport support for accessing KDCs and kpasswd services via HTTPS proxies (marked by being specified as https URIs instead as hostnames or hostname-and-port), such as the one implemented in python-kdcproxy (RT#7929, #109919), and pick up a subsequent patch to build HTTPS as a plugin [1.12.2-5] - backport fix for trying all compatible keys when not being strict about acceptor names while reading AP-REQs (RT#7883, #1078888) - define _GNU_SOURCE in files where we use EAI_NODATA, to make sure that it's declared (#1059730,#1084068,#1109102) [1.12.2-4] - kpropd hasn't bothered with -S since 1.11; stop trying to use that flag in the systemd unit file [1.12.2-3] - pull in upstream fix for an incorrect check on the value returned by a strdup() call (#1132062) [1.12.1-15] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild [1.12.2-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild [1.12.2-1] - update to 1.12.2 - drop patch for RT#7820, fixed in 1.12.2 - drop patch for #231147, fixed as RT#3277 in 1.12.2 - drop patch for RT#7818, fixed in 1.12.2 - drop patch for RT#7836, fixed in 1.12.2 - drop patch for RT#7858, fixed in 1.12.2 - drop patch for RT#7924, fixed in 1.12.2 - drop patch for RT#7926, fixed in 1.12.2 - drop patches for CVE-2014-4341/CVE-2014-4342, included in 1.12.2 - drop patch for CVE-2014-4343, included in 1.12.2 - drop patch for CVE-2014-4344, included in 1.12.2 - drop patch for CVE-2014-4345, included in 1.12.2 - replace older proposed changes for ksu with backports of the changes after review and merging upstream (#1015559, #1026099, #1118347) [1.12.1-14] - incorporate fix for MITKRB5-SA-2014-001 (CVE-2014-4345) [1.12.1-13] - gssapi: pull in upstream fix for a possible NULL dereference in spnego (CVE-2014-4344) [1.12.1-12] - gssapi: pull in proposed fix for a double free in initiators (David Woodhouse, CVE-2014-4343, #1117963) [1.12.1-11] - fix license handling [1.12.1-10] - pull in fix for denial of service by injection of malformed GSSAPI tokens (CVE-2014-4341, CVE-2014-4342, #1116181) [1.12.1-9] - pull in changes from upstream which add processing of the contents of /etc/gss/mech.d/*.conf when loading GSS modules (#1102839) [1.12.1-8] - pull in fix for building against tcl 8.6 (#1107061) [1.12.1-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild [1.12.1-6] - Backport fix for change password requests when using FAST (RT#7868) [1.12.1-5] - spnego: pull in patch from master to restore preserving the OID of the mechanism the initiator requested when we have multiple OIDs for the same mechanism, so that we reply using the same mechanism OID and the initiator doesn't get confused (#1066000, RT#7858) [1.12.1-4] - pull in patch from master to move the default directory which the KDC uses when computing the socket path for a local OTP daemon from the database directory (/var/kerberos/krb5kdc) to the newly-added run directory (/run/krb5kdc), in line with what we're expecting in 1.13 (RT#7859, more of #1040056 as #1063905) - add a tmpfiles.d configuration file to have /run/krb5kdc created at boot-time - own /var/run/krb5kdc [1.12.1-3] - refresh nss_wrapper and add socket_wrapper to the %check environment * Fri Jan 31 2014 Nalin Dahyabhai <nalin@redhat.com> - add currently-proposed changes to teach ksu about credential cache collections and the default_ccache_name setting (#1015559,#1026099) [1.12.1-2] - pull in multiple changes to allow replay caches to be added to a GSS credential store as 'rcache'-type credentials (RT#7818/#7819/#7836, [1.12.1-1] - update to 1.12.1 - drop patch for RT#7794, included now - drop patch for RT#7797, included now - drop patch for RT#7803, included now - drop patch for RT#7805, included now - drop patch for RT#7807, included now - drop patch for RT#7045, included now - drop patches for RT#7813 and RT#7815, included now - add patch to always retrieve the KDC time offsets from keyring caches, so that we don't mistakenly interpret creds as expired before their time when our clock is ahead of the KDC's (RT#7820, #1030607) [1.12-11] - update the PIC patch for iaesx86.s to not use ELF relocations to the version that landed upstream (RT#7815, #1045699) * Thu Jan 09 2014 Nalin Dahyabhai <nalin@redhat.com> - pass -Wl,--warn-shared-textrel to the compiler when we're creating shared libraries [1.12-10] - amend the PIC patch for iaesx86.s to also save/restore ebx in the functions where we modify it, because the ELF spec says we need to [1.12-9] - grab a more-commented version of the most recent patch from upstream master - make a guess at making the 32-bit AES-NI implementation sufficiently position-independent to not require execmod permissions for libk5crypto (more of #1045699) [1.12-8] - add patch from Dhiru Kholia for the AES-NI implementations to allow libk5crypto to be properly marked as not needing an executable stack on arches where they're used (#1045699, and so many others) [1.12-7] - revert that last change for a bit while sorting out execstack when we use AES-NI (#1045699) [1.12-6] - add yasm as a build requirement for AES-NI support, on arches that have yasm and AES-NI [1.12-5] - pull in fix from master to make reporting of errors encountered by the SPNEGO mechanism work better (RT#7045, part of #1043962) * Thu Dec 19 2013 Nalin Dahyabhai <nalin@redhat.com> - update a test wrapper to properly handle things that the new libkrad does, and add python-pyrad as a build requirement so that we can run its tests [1.12-4] - revise previous patch to initialize one more element [1.12-3] - backport fixes to krb5_copy_context (RT#7807, #1044735/#1044739) [1.12-2] - pull in fix from master to return a NULL pointer rather than allocating zero bytes of memory if we read a zero-length input token (RT#7794, part of - pull in fix from master to ignore an empty token from an acceptor if we've already finished authenticating (RT#7797, part of #1043962) - pull in fix from master to avoid a memory leak when a mechanism's init_sec_context function fails (RT#7803, part of #1043962) - pull in fix from master to avoid a memory leak in a couple of error cases which could occur while obtaining acceptor credentials (RT#7805, part of #1043962) [1.12-1] - update to 1.12 final [1.12-beta2.0] - update to beta2 - drop obsolete backports for storing KDC time offsets and expiration times in keyring credential caches [1.12-beta1.0] - rebase to master - update to beta1 - drop obsolete backport of fix for RT#7706 [1.11.4-2] - pull in fix to store KDC time offsets in keyring credential caches (RT#7768, - pull in fix to set expiration times on credentials stored in keyring credential caches (RT#7769, #1031724) [1.11.4-1] - update to 1.11.4 - drop patch for RT#7650, obsoleted - drop patch for RT#7706, obsoleted as RT#7723 - drop patch for CVE-2013-1418/CVE-2013-6800, included in 1.11.4 [1.11.3-31] - switch to the simplified version of the patch for #1029110 (RT#7764) [1.11.3-30] - check more thoroughly for errors when resolving KEYRING ccache names of type 'persistent', which should only have a numeric UID as the next part of the name (#1029110) [1.11.3-29] - incorporate upstream patch for remote crash of KDCs which serve multiple realms simultaneously (RT#7756, CVE-2013-1418/CVE-2013-6800, [1.11.3-28] - drop patch to add additional access() checks to ksu - they add to breakage when non-FILE: caches are in use (#1026099), shouldn't be resulting in any benefit, and clash with proposed changes to fix its cache handling [1.11.3-27] - add some minimal description to the top of the wrapper scripts we use when starting krb5kdc and kadmind to describe why they exist (tooling) [1.12-alpha1.0] - initial update to alpha1 - drop backport of persistent keyring support - drop backport for RT#7689 - drop obsolete patch for fixing a use-before-init in a test program - drop obsolete patch teaching config.guess/config.sub about aarch64-linux - drop backport for RT#7598 - drop backport for RT#7172 - drop backport for RT#7642 - drop backport for RT#7643 - drop patches from master to not test GSSRPC-over-UDP and to not depend on the portmapper, which are areas where our build systems often give us trouble, too; obsolete - drop backports for RT#7682 - drop backport for RT#7709 - drop backport for RT#7590 and partial backport for RT#7680 - drop OTP backport - drop backports for RT#7656 and RT#7657 - BuildRequires: libedit-devel to prefer it - BuildRequires: pkgconfig, since configure uses it [1.11.3-26] - create and own /etc/gss (#1019937) [1.11.3-25] - pull up fix for importing previously-exported credential caches in the gssapi library (RT# 7706, #1019420) [1.11.3-24] - backport the callback to use the libkrb5 prompter when we can't load PEM files for PKINIT (RT#7590, includes part of #965721/#1016690) - extract the rest of the fix #965721/#1016690 from the changes for RT#7680 [1.11.3-23] - fix trigger scriptlet's invocation of sed (#1016945) [1.11.3-22] - rebuild with keyutils 1.5.8 (part of #1012043) [1.11.3-21] - switch to the version of persistent-keyring that was just merged to master (RT#7711), along with related changes to kinit (RT#7689) - go back to setting default_ccache_name to a KEYRING type [1.11.3-20] - pull up fix for not calling a kdb plugin's check-transited-path method before calling the library's default version, which only knows how to read what's in the configuration file (RT#7709, #1013664) [1.11.3-19] - configure --without-krb5-config so that we don't pull in the old default ccache name when we want to stop setting a default ccache name at configure- time [1.11.3-18] - fix broken dependency on awk (should be gawk, rdieter) [1.11.3-17] - add missing dependency on newer keyutils-libs (#1012034) [1.11.3-16] - back out setting default_ccache_name to the new default for now, resetting it to the old default while the kernel/keyutils bits get sorted (sgallagh) [1.11.3-15] - add explicit build-time dependency on a version of keyutils that's new enough to include keyctl_get_persistent() (more of #991148) [1.11.3-14] - incorporate Simo's updated backport of his updated persistent-keyring changes (more of #991148) [1.11.3-13] - don't break during %check when the session keyring is revoked [1.11.3-12] - pull the newer F21 defaults back to F20 (sgallagh) * Mon Sep 09 2013 Nalin Dahyabhai <nalin@redhat.com> - only apply the patch to autocreate /run/user/0 when we're hard-wiring the default ccache location to be under it; otherwise it's unnecessary [1.11.3-11] - don't let comments intended for one scriptlet become part of the 'script' that gets passed to ldconfig as part of another one (Mattias Ellert, #1005675) [1.11.3-10] - incorporate Simo's backport of his persistent-keyring changes (#991148) - restore build-time default DEFCCNAME on Fedora 21 and later and EL, and instead set default_ccache_name in the default krb5.conf's [libdefaults] section (#991148) - on releases where we expect krb5.conf to be configured with a default_ccache_name, add it whenever we upgrade from an older version of the package that wouldn't have included it in its default configuration file (#991148) [1.11.3-9] - take another stab at accounting for UnversionedDocdirs for the -libs subpackage (spotted by ssorce) - switch to just the snapshot of nss_wrapper we were using, since we no longer need to carry anything that isn't in the cwrap.org repository (ssorce) [1.11.3-8] - drop a patch we weren't not applying (build tooling) - wrap kadmind and kpropd in scripts which check for the presence/absence of files which dictate particular exit codes before exec'ing the actual binaries, instead of trying to use ConditionPathExists in the unit files to accomplish that, so that we exit with failure properly when what we expect isn't actually in effect on the system (#800343) [1.11.3-7] - attempt to account for UnversionedDocdirs for the -libs subpackage [1.11.3-6] - tweak configuration files used during tests to try to reduce the number of conflicts encountered when builds for multiple arches land on the same builder [1.11.3-5] - pull up changes to allow GSSAPI modules to provide more functions (RT#7682, #986564/#986565) [1.11.3-4] - use (a bundled, for now, copy of) nss_wrapper to let us run some of the self-tests at build-time in more places than we could previously (#978756) - cover inconsistencies in whether or not there's a local caching nameserver that's willing to answer when the build environment doesn't have a resolver configuration, so that nss_wrapper's faking of the local hostname can be complete [1.11.3-3] - specify dependencies on the same arch of krb5-libs by using the %{?_isa} suffix, to avoid dragging 32-bit libraries onto 64-bit systems (#980155) [1.11.3-2] - special-case /run/user/0, attempting to create it when resolving a directory cache below it fails due to ENOENT and we find that it doesn't already exist, either, before attempting to create the directory cache (maybe helping, maybe just making things more confusing for #961235) [1.11.3-1] - update to 1.11.3 - drop patch for RT#7605, fixed in this release - drop patch for CVE-2002-2443, fixed in this release - drop patch for RT#7369, fixed in this release - pull upstream fix for breaking t_skew.py by adding the patch for #961221 [1.11.2-10] - respin with updated version of patch for RT#7650 (#969331) [1.11.2-9] - don't forget to set the SELinux label when creating the directory for a DIR: ccache - pull in proposed fix for attempts to get initial creds, which end up following referrals, incorrectly trying to always use master KDCs if they talked to a master at any point (should fix RT#7650) [1.11.2-8] - pull in patches from master to not test GSSRPC-over-UDP and to not depend on the portmapper, which are areas where our build systems often give us trouble, too [1.11.2-7] - backport fix for not being able to verify the list of transited realms in GSS acceptors (RT#7639, #959685) - backport fix for not being able to pass an empty password to the get-init-creds APIs and have them actually use it (RT#7642, #960001) - add backported proposed fix to use the unauthenticated server time as the basis for computing the requested credential expiration times, rather than the client's idea of the current time, which could be significantly incorrect (#961221) [1.11.2-6] - pull in upstream fix to start treating a KRB5CCNAME value that begins with DIR:: the same as it would a DIR: value with just one ccache file in it (RT#7172, #965574) [1.11.2-5] - pull up fix for UDP ping-pong flaw in kpasswd service (CVE-2002-2443, [1.11.2-4] - Update otp patches - Merge otp patches into a single patch - Add keycheck patch [1.11.2-3] - pull the changing of the compiled-in default ccache location to DIR:/run/user/%{uid}/krb5cc back into F19, in line with SSSD and the most recent pam_krb5 build [1.11.2-2] - correct some configuration file paths which the KDC_DIR patch missed [1.11.2-1] - update to 1.11.2 - drop pulled in patch for RT#7586, included in this release - drop pulled in patch for RT#7592, included in this release - pull in fix for keeping track of the message type when parsing FAST requests in the KDC (RT#7605, #951843) (also #951965) [1.11.1-9] - move the compiled-in default ccache location from the previous default of FILE:/tmp/krb5cc_%{uid} to DIR:/run/user/%{uid}/krb5cc (part of #949588) [1.11.1-8] - Update otp backport patches (libk5radius => libkrad) [1.11.1-7] - when testing the RPC library, treat denials from the local portmapper the same as a portmapper-not-running situation, to allow other library tests to be run while building the package [1.11.1-6] - create and own /var/kerberos/krb5/user instead of /var/kerberos/kdc/user, since that's what the libraries actually look for - add buildrequires on nss-myhostname, in an attempt to get more of the tests to run properly during builds - pull in Simo's patch to recognize 'client_keytab' as a key type which can be passed in to gss_acquire_cred_from() (RT#7598) [1.11.1-5] - pull up Simo's patch to mark the correct mechanism on imported GSSAPI contexts (RT#7592) - go back to using reconf to run autoconf and autoheader (part of #925640) - add temporary patch to use newer config.guess/config.sub (more of #925640) * Mon Mar 18 2013 Nalin Dahyabhai <nalin@redhat.com> - fix a version comparison to expect newer texlive build requirements when %{_rhel} > 6 rather than when it's > 7 [1.11.1-4] - Add libverto-devel requires for krb5-devel - Add otp support [1.11.1-3] - fix a memory leak when acquiring credentials using a keytab (RT#7586, #911110) [1.11.1-2] - prebuild PDF docs to reduce multilib differences (internal tooling, #884065) - drop the kerberos-iv portreserve file, and drop the rest on systemd systems - escape uses of macros in comments (more of #884065) [1.11.1-1] - update to 1.11.1 - drop patch for noticing negative timeouts being passed to the poll() wrapper in the client transmit functions [1.11-2] - set 'rdns = false' in the default krb5.conf (#908323,#908324) [1.11-1] - update to 1.11 release [1.11-0.beta2.0] - update to 1.11 beta 2 * Thu Dec 13 2012 Nalin Dahyabhai <nalin@redhat.com> - when building with our bundled copy of libverto, package it in with -libs rather than with -server (#886049) [1.11-0.beta1.0] - update to 1.11 beta 1 [1.11-0.alpha1.1] - handle releases where texlive packaging wasn't yet as complicated as it is in Fedora 18 - fix an uninitialized-variable error building one of the test programs [1.11-0.alpha1.0] - move the rather large pile of html and pdf docs to -workstation, so that just having something that links to the libraries won't drag them onto a system, and we avoid having to sort out hard-coded paths that include %{_libdir} showing up in docs in multilib packages - actually create %{_var}/kerberos/kdc/user, so that it can be packaged - correct the list of packaged man pages - don't dummy up required tex stylesheets, require them - require pdflatex and makeindex * Thu Nov 15 2012 Nalin Dahyabhai <nalin@redhat.com> - update to 1.11 alpha 1 - drop backported patch for RT #7406 - drop backported patch for RT #7407 - drop backported patch for RT #7408 - the new docs system generates PDFs, so stop including them as sources - drop backported patch to allow deltat.y to build with the usual warning flags and the current gcc - drop backported fix for disabling use of a replay cache when verifying initial credentials - drop backported fix for teaching PKINIT clients which trust the KDC's certificate directly to verify signed-data messages that are signed with the KDC's certificate, when the blobs don't include a copy of the KDC's certificate - drop backported patches to make keytab-based authentication attempts work better when the client tells the KDC that it supports a particular cipher, but doesn't have a key for it in the keytab - drop backported fix for avoiding spurious clock skew when a TGT is decrypted long after the KDC sent it to the client which decrypts it - move the cross-referenced HTML docs into the -libs package to avoid broken internal links - drop patches to fixup paths in man pages, shouldn't be needed any more [1.10.3-7] - tag a couple of other patches which we still need to be applied during %{?_rawbuild} builds (zmraz) [1.10.3-6] - actually pull up the patch for RT#7063, and not some other ticket (#773496) [1.10.3-5] - add patch based on one from Filip Krska to not call poll() with a negative timeout when the caller's intent is for us to just stop calling it (#838548) * Fri Sep 07 2012 Nalin Dahyabhai <nalin@redhat.com> - on EL6, conflict with libsmbclient before 3.5.10-124, which is when it stopped linking with a symbol which we no longer export (#771687) - pull up patch for RT#7063, in which not noticing a prompt for a long time throws the client library's idea of the time difference between it and the KDC really far out of whack (#773496) - add a backport of more patches to set the client's list of supported enctypes when using a keytab to be the list of types of keys in the keytab, plus the list of other types the client supports but for which it doesn't have keys, in that order, so that KDCs have a better chance of being able to issue tickets with session keys of types that the client can use (#837855) [1.10.3-4] - cut down the number of times we load SELinux labeling configuration from a minimum of two times to actually one (more of #845125) [1.10.3-3] - backport patch to disable replay detection in krb5_verify_init_creds() while reading the AP-REQ that's generated in the same function (RT#7229) [1.10.3-2] - undo rename from krb5-pkinit-openssl to krb5-pkinit on EL6 - version the Obsoletes: on the krb5-pkinit-openssl to krb5-pkinit rename - reintroduce the init scripts for non-systemd releases - forward-port %{?_rawbuild} annotations from EL6 packaging [1.10.3-1] - update to 1.10.3, rolling in the fixes from MITKRB5-SA-2012-001 [1.10.2-7] - selinux: hang on to the list of selinux contexts, freeing and reloading it only when the file we read it from is modified, freeing it when the shared library is being unloaded (#845125) [1.10.2-6] - go back to not messing with library file paths on Fedora 17: it breaks file path dependencies in other packages, and since Fedora 17 is already released, breaking that is our fault [1.10.2-5] - add upstream patch to fix freeing an uninitialized pointer and dereferencing another uninitialized pointer in the KDC (MITKRB5-SA-2012-001, CVE-2012-1014 and CVE-2012-1015, #844779 and #844777) - fix a thinko in whether or not we mess around with devel .so symlinks on systems without a separate /usr (sbose) [1.10.2-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild [1.10.2-3] - backport a fix to allow a PKINIT client to handle SignedData from a KDC that's signed with a certificate that isn't in the SignedData, but which is available as an anchor or intermediate on the client (RT#7183) [1.10.2-2] - back out this labeling change (dwalsh): - when building the new label for a file we're about to create, also mix in the current range, in addition to the current user [1.10.2-1] - update to 1.10.2 - when building the new label for a file we're about to create, also mix in the current range, in addition to the current user - also package the PDF format admin, user, and install guides - drop some PDFs that no longer get built right - add a backport of Stef's patch to set the client's list of supported enctypes to match the types of keys that we have when we are using a keytab to try to get initial credentials, so that a KDC won't send us an AS reply that we can't encrypt (RT#2131, #748528) - don't shuffle around any shared libraries on releases with no-separate-/usr, since /usr/lib is the same place as /lib - add explicit buildrequires: on 'hostname', for the tests, on systems where it's in its own package, and require net-tools, which used to provide the command, everywhere * Mon May 07 2012 Nalin Dahyabhai <nalin@redhat.com> - skip the setfscreatecon() if fopen() is passed 'rb' as the open mode (part of #819115) [1.10.1-3] - have -server require /usr/share/dict/words, which we set as the default dict_file in kdc.conf (#817089) [1.10.1-2] - change back dns_lookup_kdc to the default setting (Stef Walter, #805318) - comment out example.com examples in default krb5.conf (Stef Walter, #805320) [1.10.1-1] - update to 1.10.1 - drop the KDC crash fix - drop the KDC lookaside cache fix - drop the fix for kadmind RPC ACLs (CVE-2012-1012) [1.10-5] - when removing -workstation, remove our files from the info index while the file is still there, in %preun, rather than %postun, and use the compressed file's name (#801035) [1.10-4] - Fix string RPC ACLs (RT#7093); CVE-2012-1012 [1.10-3] - Add upstream lookaside cache behavior fix (RT#7082) [1.10-2] - add patch to accept keytab entries with vno==0 as matches when we're searching for an entry with a specific name/kvno (#230382/#782211,RT#3349) [1.10-1] - update to 1.10 final [1.10-0.beta1.2] - Add upstream crashfix patch (RT#7081) [1.10-0.beta1.1] - update to beta 1 * Wed Jan 11 2012 Peter Robinson <pbrobinson@gmail.com> - mktemp was long obsoleted by coreutils [1.10-0.alpha2.2] - modify the deltat grammar to also tell gcc (4.7) to suppress 'maybe-uninitialized' warnings in addition to the 'uninitialized' warnings it's already being told to suppress (RT#7080) [1.10-0.alpha2.1] - update to alpha 2 - drop a couple of patches which were integrated for alpha 2 [1.10-0.alpha1.3] - pull in patch for RT#7046: tag a ccache containing credentials obtained via S4U2Proxy with the principal name of the proxying principal (part of #761317) so that the default principal name can be set to that of the client for which it is proxying, which results in the ccache looking more normal to consumers of the ccache that don't care that there's proxying going on - pull in patch for RT#7047: allow tickets obtained via S4U2Proxy to be cached (more of #761317) - pull in patch for RT#7048: allow PAC verification to only bother trying to verify the signature with keys that it's given (still more of #761317) [1.10-0.alpha1.2] - apply upstream patch to fix a null pointer dereference when processing TGS requests (CVE-2011-1530, #753748) [1.10-0.alpha1.1] - correct a bug in the fix for #754001 so that the file creation context is consistently reset [1.10-0.alpha1.0] - update to 1.10 alpha 1 - on newer releases where we can assume NSS >= 3.13, configure PKINIT to build using NSS - on newer releases where we build PKINIT using NSS, configure libk5crypto to build using NSS - rename krb5-pkinit-openssl to krb5-pkinit on newer releases where we're expecting to build PKINIT using NSS instead - during %check, run check in the library and kdc subdirectories, which should be able to run inside of the build system without issue [1.9.1-19] - Rebuilt for glibc bug#747377 [1.9.1-18] - apply upstream patch to fix a null pointer dereference with the LDAP kdb backend (CVE-2011-1527, #744125), an assertion failure with multiple kdb backends (CVE-2011-1528), and a null pointer dereference with multiple kdb backends (CVE-2011-1529) (#737711) [1.9.1-17] - pull in patch from trunk to rename krb5int_pac_sign() to krb5_pac_sign() and make it public (#745533) [1.9.1-16] - kadmin.service: fix #723723 again - kadmin.service,krb5kdc.service: remove optional use of in command lines, because systemd parsing doesn't handle alternate value shell variable syntax - kprop.service: add missing Type=forking so that systemd doesn't assume simple - kprop.service: expect the ACL configuration to be there, not absent - handle a harder-to-trigger assertion failure that starts cropping up when we exit the transmit loop on time (#739853) [1.9.1-15] - hardcode pid file as option in krb5kdc.service [1.9.1-14] - fix pid path in krb5kdc.service [1.9.1-13] - convert to systemd [1.9.1-12] - pull in upstream patch for RT#6952, confusion following referrals for cross-realm auth (#734341) - pull in build-time deps for the tests [1.9.1-11] - switch to the upstream patch for #727829 [1.9.1-10] - handle an assertion failure that starts cropping up when the patch for using poll (#701446) meets servers that aren't running KDCs or against which the connection fails for other reasons (#727829, #734172) [1.9.1-9] - override the default build rules to not delete temporary y.tab.c files, so that they can be packaged, allowing debuginfo files which point to them do so usefully (#729044) [1.9.1-8] - build shared libraries with partial RELRO support (#723995) - filter out potentially multiple instances of -Wl,-z,relro from krb5-config output, now that it's in the buildroot's default LDFLAGS - pull in a patch to fix losing track of the replay cache FD, from SVN by way of Kevin Coffman [1.9.1-7] - kadmind.init: drop the attempt to detect no-database-present errors (#723723), which is too fragile in cases where the database has been manually moved or is accessed through another kdb plugin [1.9.1-6] - backport fixes to teach libkrb5 to use descriptors higher than FD_SETSIZE to talk to a KDC by using poll() if it's detected at compile-time (#701446, RT#6905) [1.9.1-5] - pull a fix from SVN to try to avoid triggering a PTR lookup in getaddrinfo() during krb5_sname_to_principal(), and to let getaddrinfo() decide whether or not to ask for an IPv6 address based on the set of configured interfaces (#717378, RT#6922) - pull a fix from SVN to use AI_ADDRCONFIG more often (RT#6923) [1.9.1-4] - apply upstream patch by way of Burt Holzman to fall back to a non-referral method in cases where we might be derailed by a KDC that rejects the canonicalize option (for example, those from the RHEL 2.1 or 3 era) (#715074) [1.9.1-3] - pull a fix from SVN to get libgssrpc clients (e.g. kadmin) authenticating using the old protocol over IPv4 again (RT#6920) * Tue Jun 14 2011 Nalin Dahyabhai <nalin@redhat.com> - incorporate a fix to teach the file labeling bits about when replay caches are expunged (#576093) * Thu May 26 2011 Nalin Dahyabhai <nalin@redhat.com> - switch to the upstream patch for #707145 [1.9.1-2] - klist: don't trip over referral entries when invoked with -s (#707145, RT#6915) * Fri May 06 2011 Nalin Dahyabhai <nalin@redhat.com> - fixup URL in a comment - when built with NSS, require 3.12.10 rather than 3.12.9 [1.9.1-1] - update to 1.9.1: - drop no-longer-needed patches for CVE-2010-4022, CVE-2011-0281, CVE-2011-0282, CVE-2011-0283, CVE-2011-0284, CVE-2011-0285 [1.9-9] - kadmind: add upstream patch to fix free() on an invalid pointer (#696343, MITKRB5-SA-2011-004, CVE-2011-0285) * Mon Apr 04 2011 Nalin Dahyabhai <nalin@redhat.com> - don't discard the error code from an error message received in response to a change-password request (#658871, RT#6893) * Fri Apr 01 2011 Nalin Dahyabhai <nalin@redhat.com> - override INSTALL_SETUID at build-time so that ksu is installed into the buildroot with the right permissions (part of #225974) [1.9-8] - backport change from SVN to fix a computed-value-not-used warning in kpropd (#684065) [1.9-7] - turn off NSS as the backend for libk5crypto for now to work around its DES string2key not working (#679012) - add revised upstream patch to fix double-free in KDC while returning typed-data with errors (MITKRB5-SA-2011-003, CVE-2011-0284, #674325) * Thu Feb 17 2011 Nalin Dahyabhai <nalin@redhat.com> - throw in a not-applied-by-default patch to try to make pkinit debugging into a run-time boolean option named 'pkinit_debug' [1.9-6] - turn on NSS as the backend for libk5crypto, adding nss-devel as a build dependency when that switch is flipped [1.9-5] - krb5kdc init script: prototype some changes to do a quick spot-check of the TGS and kadmind keys and warn if there aren't any non-weak keys on file for them (to flush out parts of #651466) [1.9-4] - add upstream patches to fix standalone kpropd exiting if the per-client child process exits with an error (MITKRB5-SA-2011-001), a hang or crash in the KDC when using the LDAP kdb backend, and an uninitialized pointer use in the KDC (MITKRB5-SA-2011-002) (CVE-2010-4022, #664009, CVE-2011-0281, #668719, CVE-2011-0282, #668726, CVE-2011-0283, #676126) [1.9-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Mon Feb 07 2011 Nalin Dahyabhai <nalin@redhat.com> - fix a compile error in the SELinux labeling patch when -DDEBUG is used (Sumit Bose) * Tue Feb 01 2011 Nalin Dahyabhai <nalin@redhat.com> - properly advertise that the kpropd init script now supports force-reload (Zbysek Mraz, #630587) [1.9-2] - pkinit: when verifying signed data, use the CMS APIs for better interoperability (#636985, RT#6851) [1.9-1] - update to 1.9 final [1.9-0.beta3.1] - fix link flags and permissions on shared libraries (ausil) [1.9-0.beta3.0] - update to 1.9 beta 3 [1.9-0.beta2.0] - update to 1.9 beta 2 [1.9-0.beta1.1] - drop not-needed-since-1.8 build dependency on rsh (ssorce) [1.9-0.beta1.0] - start moving to 1.9 with beta 1 - drop patches for RT#5755, RT#6762, RT#6774, RT#6775 - drop no-longer-needed backport patch for #539423 - drop no-longer-needed patch for CVE-2010-1322 - if WITH_NSS is set, built with --with-crypto-impl=nss (requires NSS 3.12.9) [1.8.3-8] - incorporate upstream patch to fix uninitialized pointer crash in the KDC's authorization data handling (CVE-2010-1322, #636335) [1.8.3-7] - rebuild [1.8.3-6] - pull down patches from trunk to implement k5login_authoritative and k5login_directory settings for krb5.conf (#539423) * Wed Sep 29 2010 jkeating - 1.8.3-5 - Rebuilt for gcc bug 634757 [1.8.3-4] - fix reading of keyUsage extensions when attempting to select pkinit client certs (part of #629022, RT#6775) - fix selection of pkinit client certs when one or more don't include a subjectAltName extension (part of #629022, RT#6774) [1.8.3-3] - build with -fstack-protector-all instead of the default -fstack-protector, so that we add checking to more functions (i.e., all of them) (#629950) - also link binaries with -Wl,-z,relro,-z,now (part of #629950) [1.8.3-2] - fix a logic bug in computing key expiration times (RT#6762, #627022) [1.8.3-1] - update to 1.8.3 - drop backports of fixes for gss context expiration and error table registration/deregistration mismatch - drop patch for upstream #6750 [1.8.2-3] - tell krb5kdc and kadmind to create pid files, since they can - add logrotate configuration files for krb5kdc and kadmind (#462658) - fix parsing of the pidfile option in the KDC (upstream #6750) [1.8.2-2] - libgssapi: pull in patch from svn to stop returning context-expired errors when the ticket which was used to set up the context expires (#605366, upstream #6739) * Mon Jun 21 2010 Nalin Dahyabhai <nalin@redhat.com> - pull up fix for upstream #6745, in which the gssapi library would add the wrong error table but subsequently attempt to unload the right one [1.8.2-1] - update to 1.8.2 - drop patches for CVE-2010-1320, CVE-2010-1321 [1.8.1-7] - rebuild * Thu May 27 2010 Nalin Dahyabhai <nalin@redhat.com> - ksu: move session management calls to before we drop privileges, like su does (#596887), and don't skip the PAM account check for root or the same user (more of #540769) [1.8.1-6] - make krb5-server-ldap also depend on the same version-release of krb5-libs, as the other subpackages do, if only to make it clearer than it is when we just do it through krb5-server - drop explicit linking with libtinfo for applications that use libss, now that readline itself links with libtinfo (as of readline-5.2-3, since fedora 7 or so) - go back to building without strict aliasing (compiler warnings in gssrpc) [1.8.1-5] - add patch to correct GSSAPI library null pointer dereference which could be triggered by malformed client requests (CVE-2010-1321, #582466) [1.8.1-4] - fix output of kprop's init script's 'status' and 'reload' commands (#588222) [1.8.1-3] - incorporate patch to fix double-free in the KDC (CVE-2010-1320, #581922) [1.8.1-2] - fix a typo in kerberos.ldif [1.8.1-1] - update to 1.8.1 - no longer need patches for #555875, #561174, #563431, RT#6661, CVE-2010-0628 - replace buildrequires on tetex-latex with one on texlive-latex, which is the package that provides it now * Thu Apr 08 2010 Nalin Dahyabhai <nalin@redhat.com> - kdc.conf: no more need to suggest a v4 mode, or listening on the v4 port * Thu Apr 08 2010 Nalin Dahyabhai <nalin@redhat.com> - drop patch to suppress key expiration warnings sent from the KDC in the last-req field, as the KDC is expected to just be configured to either send them or not as a particular key approaches expiration (#556495) [1.8-5] - add upstream fix for denial-of-service in SPNEGO (CVE-2010-0628, #576325) - kdc.conf: no more need to suggest keeping keys with v4-compatible salting [1.8-4] - remove the krb5-appl bits (the -workstation-clients and -workstation-servers subpackages) now that krb5-appl is its own package - replace our patch for #563431 (kpasswd doesn't fall back to guessing your principal name using your user name if you don't have a ccache) with the one upstream uses [1.8-3] - add documentation for the ticket_lifetime option (#561174) [1.8-2] - pull up patch to get the client libraries to correctly perform password changes over IPv6 (Sumit Bose, RT#6661) [1.8-1] - update to 1.8 - temporarily bundling the krb5-appl package (split upstream as of 1.8) until its package review is complete - profile.d scriptlets are now only needed by -workstation-clients - adjust paths in init scripts - drop upstreamed fix for KDC denial of service (CVE-2010-0283) - drop patch to check the user's password correctly using crypt(), which isn't a code path we hit when we're using PAM [1.7.1-6] - fix a null pointer dereference and crash introduced in our PAM patch that would happen if ftpd was given the name of a user who wasn't known to the local system, limited to being triggerable by gssapi-authenticated clients by the default xinetd config (Olivier Fourdan, #569472) [1.7.1-5] - fix a regression (not labeling a kdb database lock file correctly, #569902) [1.7.1-4] - move the package changelog to the end to match the usual style (jdennis) - scrub out references to (jdennis) - include a symlink to the readme with the name LICENSE so that people can find it more easily (jdennis) [1.7.1-3] - pull up the change to make kpasswd's behavior better match the docs when there's no ccache (#563431) [1.7.1-2] - apply patch from upstream to fix KDC denial of service (CVE-2010-0283, [1.7.1-1] - update to 1.7.1 - don't trip AD lockout on wrong password (#542687, #554351) - incorporates fixes for CVE-2009-4212 and CVE-2009-3295 - fixes gss_krb5_copy_ccache() when SPNEGO is used - move sim_client/sim_server, gss-client/gss-server, uuclient/uuserver to the devel subpackage, better lining up with the expected krb5/krb5-appl split in 1.8 - drop kvno,kadmin,k5srvutil,ktutil from -workstation-servers, as it already depends on -workstation which also includes them [1.7-23] - tighten up default permissions on kdc.conf and kadm5.acl (#558343) [1.7-22] - use portreserve correctly -- portrelease takes the basename of the file whose entries should be released, so we need three files, not one [1.7-21] - suppress warnings of impending password expiration if expiration is more than seven days away when the KDC reports it via the last-req field, just as we already do when it reports expiration via the key-expiration field (#556495) - link with libtinfo rather than libncurses, when we can, in future RHEL [1.7-20] - krb5_get_init_creds_password: check opte->flags instead of options->flags when checking whether or not we get to use the prompter callback (#555875) [1.7-19] - use portreserve to make sure the KDC can always bind to the kerberos-iv port, kpropd can always bind to the krb5_prop port, and that kadmind can always bind to the kerberos-adm port (#555279) - correct inadvertent use of macros in the changelog (rpmlint) [1.7-18] - add upstream patch for integer underflow during AES and RC4 decryption (CVE-2009-4212), via Tom Yu (#545015) [1.7-17] - put the conditional back for the -devel subpackage - back down to the earlier version of the patch for #551764; the backported alternate version was incomplete [1.7-16] - use %global instead of %define - pull up proposed patch for creating previously-not-there lock files for kdb databases when 'kdb5_util' is called to 'load' (#551764) * Mon Jan 04 2010 Dennis Gregorovic <dgregor@redhat.com> - fix conditional for future RHEL [1.7-15] - add upstream patch for KDC crash during referral processing (CVE-2009-3295), via Tom Yu (#545002) [1.7-14] - refresh patch for #542868 from trunk * Thu Dec 10 2009 Nalin Dahyabhai <nalin@redhat.com> - move man pages that live in the -libs subpackage into the regular %{_mandir} tree where they'll still be found if that package is the only one installed (#529319) [1.7-13] - and put it back in * Tue Dec 08 2009 Nalin Dahyabhai <nalin@redhat.com> - back that last change out [1.7-12] - try to make gss_krb5_copy_ccache() work correctly for spnego (#542868) * Fri Dec 04 2009 Nalin Dahyabhai <nalin@redhat.com> - make krb5-config suppress CFLAGS output when called with --libs (#544391) [1.7-11] - ksu: move account management checks to before we drop privileges, like su does (#540769) - selinux: set the user part of file creation contexts to match the current context instead of what we looked up - configure with --enable-dns-for-realm instead of --enable-dns, which isn't recognized any more [1.7-10] - move /etc/pam.d/ksu from krb5-workstation-servers to krb5-workstation, where it's actually needed (#538703) [1.7-9] - add some conditional logic to simplify building on older Fedora releases * Tue Oct 13 2009 Nalin Dahyabhai <nalin@redhat.com> - don't forget the README [1.7-8] - specify the location of the subsystem lock when using the status() function in the kadmind and kpropd init scripts, so that we get the right error when we're dead but have a lock file - requires initscripts 8.99 (#521772) * Tue Sep 08 2009 Nalin Dahyabhai <nalin@redhat.com> - if the init script fails to start krb5kdc/kadmind/kpropd because it's already running (according to status()), return 0 (part of #521772) [1.7-7] - work around a compile problem with new openssl [1.7-6] - rebuilt with new openssl [1.7-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild [1.7-5] - rebuild to pick up the current forms of various patches * Mon Jul 06 2009 Nalin Dahyabhai <nalin@redhat.com> - simplify the man pages patch by only preprocessing the files we care about and moving shared configure.in logic into a shared function - catch the case of ftpd printing file sizes using %i, when they might be bigger than an int now [1.7-4] - try to merge and clean up all the large file support for ftp and rcp - ftpd no longer prints a negative length when sending a large file from a 32-bit host * Tue Jun 30 2009 Nalin Dahyabhai <nalin@redhat.com> - pam_rhosts_auth.so's been gone, use pam_rhosts.so instead [1.7-3] - switch buildrequires: and requires: on e2fsprogs-devel into buildrequires: and requires: on libss-devel, libcom_err-devel, per sandeen on fedora-devel-list * Fri Jun 26 2009 Nalin Dahyabhai <nalin@redhat.com> - fix a type mismatch in krb5_copy_error_message() - ftp: fix some odd use of strlen() - selinux labeling: use selabel_open() family of functions rather than matchpathcon(), bail on it if attempting to get the mutex lock fails * Tue Jun 16 2009 Nalin Dahyabhai <nalin@redhat.com> - compile with %{?_smp_mflags} (Steve Grubb) - drop the bit where we munge part of the error table header, as it's not needed any more [1.7-2] - add and own %{_libdir}/krb5/plugins/authdata [1.7-1] - update to 1.7 - no need to work around build issues with ASN1BUF_OMIT_INLINE_FUNCS - configure recognizes --enable/--disable-pkinit now - configure can take --disable-rpath now - no more libdes425, krb524d, krb425.info - kadmin/k5srvutil/ktutil are user commands now - new kproplog - FAST encrypted-challenge plugin is new - drop static build logic - drop pam_krb5-specific configuration from the default krb5.conf - drop only-use-v5 flags being passed to various things started by xinetd - put %{krb5prefix}/sbin in everyone's path, too (#504525) [1.6.3-106] - add an auth stack to ksu's PAM configuration so that pam_setcred() calls won't just fail [1.6.3-105] - make PAM support for ksu also set PAM_RUSER [1.6.3-104] - extend PAM support to ksu: perform account and session management for the target user - pull up and merge James Leddy's changes to also set PAM_RHOST in PAM-aware network-facing services [1.6.3-103] - fix a typo in a ksu error message (Marek Mahut) - 'rev' works the way the test suite expects now, so don't disable tests that use it [1.6.3-102] - add LSB-style init script info * Fri Apr 17 2009 Nalin Dahyabhai <nalin@redhat.com> - explicitly run the pdf generation script using sh (part of #225974) [1.6.3-101] - add patches for read overflow and null pointer dereference in the implementation of the SPNEGO mechanism (CVE-2009-0844, CVE-2009-0845) - add patch for attempt to free uninitialized pointer in libkrb5 (CVE-2009-0846) - add patch to fix length validation bug in libkrb5 (CVE-2009-0847) - put the krb5-user .info file into just -workstation and not also -workstation-clients [1.6.3-100] - turn off krb4 support (it won't be part of the 1.7 release, but do it now) - use triggeruns to properly shut down and disable krb524d when -server and -workstation-servers gets upgraded, because it's gone now - move the libraries to /%{_lib}, but leave --libdir alone so that plugins get installed and are searched for in the same locations (#473333) - clean up buildprereq/prereqs, explicit mktemp requires, and add the ldconfig for the -server-ldap subpackage (part of #225974) - escape possible macros in the changelog (part of #225974) - fixup summary texts (part of #225974) - take the execute bit off of the protocol docs (part of #225974) - unflag init scripts as configuration files (part of #225974) - make the kpropd init script treat 'reload' as 'restart' (part of #225974) [1.6.3-19] - libgssapi_krb5: backport fix for some errors which can occur when we fail to set up the server half of a context (CVE-2009-0845) [1.6.3-18] - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild [1.6.3-17] - rebuild * Thu Sep 04 2008 Nalin Dahyabhai <nalin@redhat.com> - if we successfully change the user's password during an attempt to get initial credentials, but then fail to get initial creds from a non-master using the new password, retry against the master (#432334) [1.6.3-16] - fix license tag * Wed Jul 16 2008 Nalin Dahyabhai <nalin@redhat.com> - clear fuzz out of patches, dropping a man page patch which is no longer necessary - quote %{__cc} where needed because it includes whitespace now - define ASN1BUF_OMIT_INLINE_FUNCS at compile-time (for now) to keep building [1.6.3-15] - build with -fno-strict-aliasing, which is needed because the library triggers these warnings - don't forget to label principal database lock files - fix the labeling patch so that it doesn't break bootstrapping [1.6.3-14] - generate src/include/krb5/krb5.h before building - fix conditional for sparcv9 [1.6.3-13] - ftp: use the correct local filename during mget when the 'case' option is enabled (#442713) [1.6.3-12] - stop exporting kadmin keys to a keytab file when kadmind starts -- the daemon's been able to use the database directly for a long long time now - belatedly add aes128,aes256 to the default set of supported key types [1.6.3-11] - libgssapi_krb5: properly export the acceptor subkey when creating a lucid context (Kevin Coffman, via the nfs4 mailing list) [1.6.3-10] - add fixes from MITKRB5-SA-2008-001 for use of null or dangling pointer when v4 compatibility is enabled on the KDC (CVE-2008-0062, CVE-2008-0063, - add fixes from MITKRB5-SA-2008-002 for array out-of-bounds accesses when high-numbered descriptors are used (CVE-2008-0947, #433596) - add backport bug fix for an attempt to free non-heap memory in libgssapi_krb5 (CVE-2007-5901, #415321) - add backport bug fix for a double-free in out-of-memory situations in libgssapi_krb5 (CVE-2007-5971, #415351) [1.6.3-9] - rework file labeling patch to not depend on fragile preprocessor trickery, in another attempt at fixing #428355 and friends [1.6.3-8] - ftp: add patch to fix 'runique on' case when globbing fixes applied - stop adding a redundant but harmless call to initialize the gssapi internals * Mon Feb 25 2008 Nalin Dahyabhai <nalin@redhat.com> - add patch to suppress double-processing of /etc/krb5.conf when we build with --sysconfdir=/etc, thereby suppressing double-logging (#231147) * Mon Feb 25 2008 Nalin Dahyabhai <nalin@redhat.com> - remove a patch, to fix problems with interfaces which are 'up' but which have no address assigned, which conflicted with a different fix for the same problem in 1.5 (#200979) * Mon Feb 25 2008 Nalin Dahyabhai <nalin@redhat.com> - ftp: don't lose track of a descriptor on passive get when the server fails to open a file * Mon Feb 25 2008 Nalin Dahyabhai <nalin@redhat.com> - in login, allow PAM to interact with the user when they've been strongly authenticated - in login, signal PAM when we're changing an expired password that it's an expired password, so that when cracklib flags a password as being weak it's treated as an error even if we're running as root [1.6.3-7] - drop netdb patch - kdb_ldap: add patch to treat 'nsAccountLock: true' as an indication that the DISALLOW_ALL_TIX flag is set on an entry, for better interop with Fedora, Netscape, Red Hat Directory Server (Simo Sorce) [1.6.3-6] - patch to avoid depending on <netdb.h> to define NI_MAXHOST and NI_MAXSERV [1.6.3-5] - enable patch for key-expiration reporting - enable patch to make kpasswd fall back to TCP if UDP fails (#251206) - enable patch to make kpasswd use the right sequence number on retransmit - enable patch to allow mech-specific creds delegated under spnego to be found when searching for creds [1.6.3-4] - some init script cleanups - drop unquoted check and silent exit for '' (#426852, #242502) - krb524: don't barf on missing database if it looks like we're using kldap, same as for kadmin - return non-zero status for missing files which cause startup to fail (#242502) [1.6.3-3] - allocate space for the nul-terminator in the local pathname when looking up a file context, and properly free a previous context (Jose Plans, #426085) [1.6.3-2] - rebuild [1.6.3-1] - update to 1.6.3, dropping now-integrated patches for CVE-2007-3999 and CVE-2007-4000 (the new pkinit module is built conditionally and goes into the -pkinit-openssl package, at least for now, to make a buildreq loop with openssl avoidable) [1.6.2-10] - make proper use of pam_loginuid and pam_selinux in rshd and ftpd * Fri Oct 12 2007 Nalin Dahyabhai <nalin@redhat.com> - make krb5.conf %verify(not md5 size mtime) in addition to %config(noreplace), like /etc/nsswitch.conf (#329811) [1.6.2-9] - apply the fix for CVE-2007-4000 instead of the experimental patch for setting ok-as-delegate flags [1.6.2-8] - move the db2 kdb plugin from -server to -libs, because a multilib libkdb might need it [1.6.2-7] - also perform PAM session and credential management when ftpd accepts a client using strong authentication, missed earlier - also label kadmind log files and files created by the db2 plugin [1.6.2-6] - incorporate updated fix for CVE-2007-3999 (CVE-2007-4743) - fix incorrect call to 'test' in the kadmin init script (#252322,#287291) [1.6.2-5] - incorporate fixes for MITKRB5-SA-2007-006 (CVE-2007-3999, CVE-2007-4000) [1.6.2-4] - cover more cases in labeling files on creation - add missing gawk build dependency [1.6.2-3] - rebuild [1.6.2-2] - kdc.conf: default to listening for TCP clients, too (#248415) [1.6.2-1] - update to 1.6.2 - add 'buildrequires: texinfo-tex' to get texi2pdf [1.6.1-8] - incorporate fixes for MITKRB5-SA-2007-004 (CVE-2007-2442,CVE-2007-2443) and MITKRB5-SA-2007-005 (CVE-2007-2798) [1.6.1-7] - reintroduce missing %postun for the non-split_workstation case [1.6.1-6] - rebuild [1.6.1-5.1] - rebuild [1.6.1-5] - add missing pam-devel build requirement, force selinux-or-fail build [1.6.1-4] - rebuild [1.6.1-3] - label all files at creation-time according to the SELinux policy (#228157) * Fri Jun 22 2007 Nalin Dahyabhai <nalin@redhat.com> - perform PAM account / session management in krshd (#182195,#195922) - perform PAM authentication and account / session management in ftpd - perform PAM authentication, account / session management, and password- changing in login.krb5 (#182195,#195922) * Fri Jun 22 2007 Nalin Dahyabhai <nalin@redhat.com> - preprocess kerberos.ldif into a format FDS will like better, and include that as a doc file as well * Fri Jun 22 2007 Nalin Dahyabhai <nalin@redhat.com> - switch man pages to being generated with the right paths in them - drop old, incomplete SELinux patch - add patch from Greg Hudson to make srvtab routines report missing-file errors at same point that keytab routines do (#241805) [1.6.1-2] - pull patch from svn to undo unintentional chattiness in ftp - pull patch from svn to handle NULL krb5_get_init_creds_opt structures better in a couple of places where they're expected [1.6.1-1] - update to 1.6.1 - drop no-longer-needed patches for CVE-2007-0956,CVE-2007-0957,CVE-2007-1216 - drop patch for sendto bug in 1.6, fixed in 1.6.1 * Fri May 18 2007 Nalin Dahyabhai <nalin@redhat.com> - kadmind.init: don't fail outright if the default principal database isn't there if it looks like we might be using the kldap plugin - kadmind.init: attempt to extract the key for the host-specific kadmin service when we try to create the keytab [1.6-6] - omit dependent libraries from the krb5-config --libs output, as using shared libraries (no more static libraries) makes them unnecessary and they're not part of the libkrb5 interface (patch by Rex Dieter, #240220) (strips out libkeyutils, libresolv, libdl) [1.6-5] - pull in keyutils as a build requirement to get the 'KEYRING:' ccache type, because we've merged [1.6-4] - fix an uninitialized length value which could cause a crash when parsing key data coming from a directory server - correct a typo in the krb5.conf man page ('ldap_server'->'ldap_servers') * Fri Apr 13 2007 Nalin Dahyabhai <nalin@redhat.com> - move the default acl_file, dict_file, and admin_keytab settings to the part of the default/example kdc.conf where they'll actually have an effect (#236417) [1.5-24] - merge security fixes from RHSA-2007:0095 [1.6-3] - add patch to correct unauthorized access via krb5-aware telnet daemon (#229782, CVE-2007-0956) - add patch to fix buffer overflow in krb5kdc and kadmind (#231528, CVE-2007-0957) - add patch to fix double-free in kadmind (#231537, CVE-2007-1216) * Thu Mar 22 2007 Nalin Dahyabhai <nalin@redhat.com> - back out buildrequires: keyutils-libs-devel for now [1.6-2] - add buildrequires: on keyutils-libs-devel to enable use of keyring ccaches, dragging keyutils-libs in as a dependency [1.5-23] - fix bug ID in changelog [1.5-22] [1.5-21] - add preliminary patch to fix buffer overflow in krb5kdc and kadmind (#231528, CVE-2007-0957) - add preliminary patch to fix double-free in kadmind (#231537, CVE-2007-1216) * Wed Feb 28 2007 Nalin Dahyabhai <nalin@redhat.com> - add patch to build semi-useful static libraries, but don't apply it unless we need them [1.5-20] - temporarily back out %post changes, fix for #143289 for security update - add preliminary patch to correct unauthorized access via krb5-aware telnet * Mon Feb 19 2007 Nalin Dahyabhai <nalin@redhat.com> - make profile.d scriptlets mode 644 instead of 755 (part of #225974) [1.6-1] - clean up quoting of command-line arguments passed to the krsh/krlogin wrapper scripts * Mon Jan 22 2007 Nalin Dahyabhai <nalin@redhat.com> - initial update to 1.6, pre-package-reorg - move workstation daemons to a new subpackage (#81836, #216356, #217301), and make the new subpackage require xinetd (#211885) [1.5-18] - make use of install-info more failsafe (Ville Skytta, #223704) - preserve timestamps on shell scriptlets at %install-time [1.5-17] - move to using pregenerated PDF docs to cure multilib conflicts (#222721) [1.5-16] - update backport of the preauth module interface (part of #194654) [1.5-14] - apply fixes from Tom Yu for MITKRB5-SA-2006-002 (CVE-2006-6143) (#218456) - apply fixes from Tom Yu for MITKRB5-SA-2006-003 (CVE-2006-6144) (#218456) [1.5-12] - update backport of the preauth module interface * Mon Oct 30 2006 Nalin Dahyabhai <nalin@redhat.com> - update backport of the preauth module interface - add proposed patches 4566, 4567 - add proposed edata reporting interface for KDC - add temporary placeholder for module global context fixes [1.5-11] - don't bail from the KDC init script if there's no database, it may be in a different location than the default (fenlason) - remove the [kdc] section from the default krb5.conf -- doesn't seem to have been applicable for a while [1.5-10] - rename krb5.sh and krb5.csh so that they don't overlap (#210623) - way-late application of added error info in kadmind.init (#65853) [1.5-9.pal_18695] - add backport of in-development preauth module interface (#208643) [1.5-9] - provide docs in PDF format instead of as tex source (Enrico Scholz, #209943) [1.5-8] - add missing shebang headers to krsh and krlogin wrapper scripts (#209238) [1.5-7] - set SS_LIB at configure-time so that libss-using apps get working readline support (#197044) [1.5-6] - switch to the updated patch for MITKRB-SA-2006-001 [1.5-5] - apply patch to address MITKRB-SA-2006-001 (CVE-2006-3084) [1.5-4] - ensure that the gssapi library's been initialized before walking the internal mechanism list in gss_release_oid(), needed if called from gss_release_name() right after a gss_import_name() (#198092) [1.5-3] - rebuild [1.5-2] - pull up latest revision of patch to reduce lockups in rsh/rshd [1.5-1.2] - rebuild [1.5-1.1] - rebuild [1.5-1] - build [1.5-0] - update to 1.5 [1.4.3-9] - mark profile.d config files noreplace (Laurent Rineau, #196447) [1.4.3-8] - add buildprereq for autoconf [1.4.3-7] - further munge krb5-config so that 'libdir=/usr/lib' is given even on 64-bit architectures, to avoid multilib conflicts; other changes will conspire to strip out the -L flag which uses this, so it should be harmless (#192692) [1.4.3-6] - adjust the patch which removes the use of rpath to also produce a krb5-config which is okay in multilib environments (#190118) - make the name-of-the-tempfile comment which compile_et adds to error code headers always list the same file to avoid conflicts on multilib installations - strip SIZEOF_LONG out of krb5.h so that it doesn't conflict on multilib boxes - strip GSS_SIZEOF_LONG out of gssapi.h so that it doesn't conflict on mulitlib boxes [1.4.3-5] - Fix formatting typo in kinit.1 (krb5-kinit-man-typo.patch) [1.4.3-4.1] - bump again for double-long bug on ppc(64) [1.4.3-4] - give a little bit more information to the user when kinit gets the catch-all I/O error (#180175) [1.4.3-3] - rebuild properly when pthread_mutexattr_setrobust_np() is defined but not declared, such as with recent glibc when _GNU_SOURCE isn't being used [1.4.3-2] - Use full paths in krb5.sh to avoid path lookups * Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com> - rebuilt * Thu Dec 01 2005 Nalin Dahyabhai <nalin@redhat.com> - login: don't truncate passwords before passing them into crypt(), in case they're significant (#149476) [1.4.3-1] - update to 1.4.3 - make ksu setuid again (#137934, others) [1.4.2-4] - mark %{krb5prefix}/man so that files which are packaged within it are flagged as %doc (#168163) [1.4.2-3] - add an xinetd configuration file for encryption-only telnetd, parallelling the kshell/ekshell pair (#167535) [1.4.2-2] - change the default configured encryption type for KDC databases to the compiled-in default of des3-hmac-sha1 (#57847) [1.4.2-1] - update to 1.4.2, incorporating the fixes for MIT-KRB5-SA-2005-002 and MIT-KRB5-SA-2005-003 [1.4.1-6] - rebuild [1.4.1-5] - fix telnet client environment variable disclosure the same way NetKit's telnet client did (CAN-2005-0488) (#159305) - keep apps which call krb5_principal_compare() or krb5_realm_compare() with malformed or NULL principal structures from crashing outright (Thomas Biege) (#161475) * Tue Jun 28 2005 Nalin Dahyabhai <nalin@redhat.com> - apply fixes from draft of MIT-KRB5-SA-2005-002 (CAN-2005-1174,CAN-2005-1175) (#157104) - apply fixes from draft of MIT-KRB5-SA-2005-003 (CAN-2005-1689) (#159755) [1.4.1-4] - fix double-close in keytab handling - add port of fixes for CAN-2004-0175 to krb5-aware rcp (#151612) [1.4.1-3] - prevent spurious EBADF in krshd when stdin is closed by the client while the command is running (#151111) [1.4.1-2] - add deadlock patch, removed old patch [1.4.1-1] - update to 1.4.1, incorporating fixes for CAN-2005-0468 and CAN-2005-0469 - when starting the KDC or kadmind, if KRB5REALM is set via the /etc/sysconfig file for the service, pass it as an argument for the -r flag [1.4-3] - drop krshd patch for now * Thu Mar 17 2005 Nalin Dahyabhai <nalin@redhat.com> - add draft fix from Tom Yu for slc_add_reply() buffer overflow (CAN-2005-0469) - add draft fix from Tom Yu for env_opt_add() buffer overflow (CAN-2005-0468) [1.4-2] - don't include <term.h> into the telnet client when we're not using curses [1.4-1] - update to 1.4 - v1.4 kadmin client requires a v1.4 kadmind on the server, or use the '-O' flag to specify that it should communicate with the server using the older protocol - new libkrb5support library - v5passwdd and kadmind4 are gone - versioned symbols - pick up from /etc/sysconfig/krb5kdc, if it exists, and pass it on to krb5kdc - pick up from /etc/sysconfig/kadmin, if it exists, and pass it on to kadmind - pick up from /etc/sysconfig/krb524, if it exists, and pass it on to krb524d *instead of* '-m' - set 'forwardable' in [libdefaults] in the default krb5.conf to match the default setting which we supply for pam_krb5 - set a default of 24h for 'ticket_lifetime' in [libdefaults], reflecting the compiled-in default [1.3.6-3] - rebuild [1.3.6-2] - rebuild [1.3.6-1] - update to 1.3.6, which includes the previous fix [1.3.5-8] - apply fix from Tom Yu for MITKRB5-SA-2004-004 (CAN-2004-1189) [1.3.5-7] - fix deadlock during file transfer via rsync/krsh - thanks goes to James Antill for hint [1.3.5-6] - rebuild [1.3.5-3] - fix predictable-tempfile-name bug in krb5-send-pr (CAN-2004-0971, #140036) * Tue Nov 16 2004 Nalin Dahyabhai <nalin@redhat.com> - silence compiler warning in kprop by using an in-memory ccache with a fixed name instead of an on-disk ccache with a name generated by tmpnam() [1.3.5-2] - fix globbing patch port mode (#139075) [1.3.5-1] - fix segfault in telnet due to incorrect checking of gethostbyname_r result codes (#129059) * Fri Oct 15 2004 Nalin Dahyabhai <nalin@redhat.com> - remove rc4-hmac:norealm and rc4-hmac:onlyrealm from the default list of supported keytypes in kdc.conf -- they produce exactly the same keys as rc4-hmac:normal because rc4 string-to-key ignores salts - nuke kdcrotate -- there are better ways to balance the load on KDCs, and the SELinux policy for it would have been scary-looking - update to 1.3.5, mainly to include MITKRB5SA 2004-002 and 2004-003 [1.3.4-7] - rebuild [1.3.4-6] - rebuild [1.3.4-5] - incorporate revised fixes from Tom Yu for CAN-2004-0642, CAN-2004-0644, CAN-2004-0772 [1.3.4-4] - rebuild [1.3.4-3] - incorporate fixes from Tom Yu for CAN-2004-0642, CAN-2004-0772 (MITKRB5-SA-2004-002, #130732) - incorporate fixes from Tom Yu for CAN-2004-0644 (MITKRB5-SA-2004-003, #130732) [1.3.4-2] - fix indexing error in server sorting patch (#127336) * Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com> - rebuilt [1.3.4-0.1] - update to 1.3.4 final [1.3.4-0] - update to 1.3.4 beta1 - remove MITKRB5-SA-2004-001, included in 1.3.4 [1.3.3-8] - rebuild [1.3.3-7] - rebuild [1.3.3-6] - apply updated patch from MITKRB5-SA-2004-001 (revision 2004-06-02) [1.3.3-5] - rebuild [1.3.3-4] - apply patch from MITKRB5-SA-2004-001 (#125001) [1.3.3-3] - removed rpath [1.3.3-2] - re-enable large file support, fell out in 1.3-1 - patch rcp to use long long and %lld format specifiers when reporting file sizes on large files [1.3.3-1] - update to 1.3.3 [1.3.2-1] - update to 1.3.2 [1.3.1-12] - rebuild [1.3.1-11.1] - rebuilt [1.3.1-11] - rebuilt [1.3.1-10] - catch krb4 send_to_kdc cases in kdc preference patch [1.3.1-9] - remove patch to set TERM in klogind which, combined with the upstream fix in 1.3.1, actually produces the bug now (#114762) [1.3.1-8] - when iterating over lists of interfaces which are 'up' from getifaddrs(), skip over those which have no address (#113347) * Mon Jan 12 2004 Nalin Dahyabhai <nalin@redhat.com> - prefer the kdc which last replied to a request when sending requests to kdcs [1.3.1-7] - fix combination of --with-netlib and --enable-dns (#82176) * Tue Nov 18 2003 Nalin Dahyabhai <nalin@redhat.com> - remove libdefault ticket_lifetime option from the default krb5.conf, it is ignored by libkrb5 [1.3.1-6] - fix bug in patch to make rlogind start login with a clean environment a la netkit rlogin, spotted and fixed by Scott McClung [1.3.1-5] - include profile.d scriptlets in krb5-devel so that krb5-config will be in the path if krb5-workstation isn't installed, reported by Kir Kolyshkin * Mon Sep 08 2003 Nalin Dahyabhai <nalin@redhat.com> - add more etypes (arcfour) to the default enctype list in kdc.conf - don't apply previous patch, refused upstream [1.3.1-4] - fix 32/64-bit bug storing and retrieving the issue_date in v4 credentials [1.3.1-3] - Don't check for write access on /etc/krb5.conf if SELinux [1.3.1-2] - fixup some int/pointer varargs wackiness [1.3.1-1] - rebuild [1.3.1-0] - update to 1.3.1 [1.3-2] - pull fix for non-compliant encoding of salt field in etype-info2 preauth data from 1.3.1 beta 1, until 1.3.1 is released. [1.3-1] - update to 1.3 [1.2.8-4] - correctly use stdargs [1.3-0.beta.4] - test update to 1.3 beta 4 - ditch statglue build option - krb5-devel requires e2fsprogs-devel, which now provides libss and libcom_err * Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com> - rebuilt [1.2.8-2] - gcc 3.3 doesn't implement varargs.h, include stdarg.h instead [1.2.8-1] - update to 1.2.8 [1.2.7-14] - fix double-free of enc_part2 in krb524d [1.2.7-13] - update to latest patch kit for MITKRB5-SA-2003-004 [1.2.7-12] - add patch included in MITKRB5-SA-2003-003 (CAN-2003-0028) [1.2.7-11] - add patches from patchkit from MITKRB5-SA-2003-004 (CAN-2003-0138 and CAN-2003-0139) [1.2.7-10] - rebuild [1.2.7-9] - fix buffer underrun in unparsing certain principals (CAN-2003-0082) [1.2.7-8] - add patch to document the reject-bad-transited option in kdc.conf * Mon Feb 03 2003 Nalin Dahyabhai <nalin@redhat.com> - add patch to fix server-side crashes when principals have no components (CAN-2003-0072) [1.2.7-7] - add patch from Mark Cox for exploitable bugs in ftp client * Wed Jan 22 2003 Tim Powers <timp@redhat.com> - rebuilt [1.2.7-5] - use PICFLAGS when building code from the ktany patch [1.2.7-4] - debloat [1.2.7-3] - include .so.* symlinks as well as .so.*.* [1.2.7-2] - always #include <errno.h> to access errno, never do it directly - enable LFS on a bunch of other 32-bit arches * Wed Dec 04 2002 Nalin Dahyabhai <nalin@redhat.com> - increase the maximum name length allowed by kuserok() to the higher value used in development versions * Mon Dec 02 2002 Nalin Dahyabhai <nalin@redhat.com> - install src/krb524/README as README.krb524 in the -servers package, includes information about converting for AFS principals [1.2.7-1] - update to 1.2.7 - disable use of tcl * Mon Nov 11 2002 Nalin Dahyabhai <nalin@redhat.com> - update to 1.2.7-beta2 (internal only, not for release), dropping dnsparse and kadmind4 fixes [1.2.6-5] - add patch for buffer overflow in kadmind4 (not used by default) [1.2.6-4] - drop a hunk from the dnsparse patch which is actually redundant (thanks to Tom Yu) [1.2.6-3] - patch to handle truncated dns responses [1.2.6-2] - remove hashless key types from the default kdc.conf, they're not supposed to be there, noted by Sam Hartman on krbdev [1.2.6-1] - update to 1.2.6 [1.2.5-7] - use %{_lib} for the sake of multilib systems [1.2.5-6] - add patch from Tom Yu for exploitable bugs in rpc code used in kadmind [1.2.5-5] - fix bug in krb5.csh which would cause the path check to always succeed [1.2.5-4] - build even libdb.a with -fPIC and . * Fri Jun 21 2002 Tim Powers <timp@redhat.com> - automated rebuild * Sun May 26 2002 Tim Powers <timp@redhat.com> - automated rebuild [1.2.5-1] - update to 1.2.5 - disable statglue [1.2.4-1] - update to 1.2.4 [1.2.3-5] - rebuild in new environment - reenable statglue * Sat Jan 26 2002 Florian La Roche <Florian.LaRoche@redhat.de> - prereq chkconfig for the server subpackage [1.2.3-3] - build without -g3, which gives us large static libraries in -devel [1.2.3-2] - reintroduce ld.so.conf munging in the -libs %post [1.2.3-1] - rename the krb5 package back to krb5-libs; the previous rename caused something of an uproar - update to 1.2.3, which includes the FTP and telnetd fixes - configure without --enable-dns-for-kdc --enable-dns-for-realm, which now set the default behavior instead of enabling the feature (the feature is enabled by --enable-dns, which we still use) - reenable optimizations on Alpha - support more encryption types in the default kdc.conf (heads-up from post to comp.protocols.kerberos by Jason Heiss) [1.2.2-14] - rename the krb5-libs package to krb5 (naming a subpackage -libs when there is no main package is silly) - move defaults for PAM to the appdefaults section of krb5.conf -- this is the area where the krb5_appdefault_* functions look for settings) - disable statglue (warning: breaks binary compatibility with previous packages, but has to be broken at some point to work correctly with unpatched versions built with newer versions of glibc) [1.2.2-13] - bump release number and rebuild * Wed Aug 01 2001 Nalin Dahyabhai <nalin@redhat.com> - add patch to fix telnetd vulnerability * Fri Jul 20 2001 Nalin Dahyabhai <nalin@redhat.com> - tweak statglue.c to fix stat/stat64 aliasing problems - be cleaner in use of gcc to build shlibs * Wed Jul 11 2001 Nalin Dahyabhai <nalin@redhat.com> - use gcc to build shared libraries * Wed Jun 27 2001 Nalin Dahyabhai <nalin@redhat.com> - add patch to support 'ANY' keytab type (i.e., 'default_keytab_name = ANY:FILE:/etc/krb5.keytab,SRVTAB:/etc/srvtab' patch from Gerald Britton, #42551) - build with -D_FILE_OFFSET_BITS=64 to get large file I/O in ftpd (#30697) - patch ftpd to use long long and %lld format specifiers to support the SIZE command on large files (also #30697) - don't use LOG_AUTH as an option value when calling openlog() in ksu (#45965) - implement reload in krb5kdc and kadmind init scripts (#41911) - lose the krb5server init script (not using it any more) * Sun Jun 24 2001 Elliot Lee <sopwith@redhat.com> - Bump release + rebuild. * Tue May 29 2001 Nalin Dahyabhai <nalin@redhat.com> - pass some structures by address instead of on the stack in krb5kdc * Tue May 22 2001 Nalin Dahyabhai <nalin@redhat.com> - rebuild in new environment * Thu Apr 26 2001 Nalin Dahyabhai <nalin@redhat.com> - add patch from Tom Yu to fix ftpd overflows (#37731) * Wed Apr 18 2001 Than Ngo <than@redhat.com> - disable optimizations on the alpha again * Fri Mar 30 2001 Nalin Dahyabhai <nalin@redhat.com> - add in glue code to make sure that libkrb5 continues to provide a weak copy of stat() * Thu Mar 15 2001 Nalin Dahyabhai <nalin@redhat.com> - build alpha with -O0 for now * Thu Mar 08 2001 Nalin Dahyabhai <nalin@redhat.com> - fix the kpropd init script * Mon Mar 05 2001 Nalin Dahyabhai <nalin@redhat.com> - update to 1.2.2, which fixes some bugs relating to empty ETYPE-INFO - re-enable optimization on Alpha * Thu Feb 08 2001 Nalin Dahyabhai <nalin@redhat.com> - build alpha with -O0 for now - own %{_var}/kerberos * Tue Feb 06 2001 Nalin Dahyabhai <nalin@redhat.com> - own the directories which are created for each package (#26342) * Tue Jan 23 2001 Nalin Dahyabhai <nalin@redhat.com> - gettextize init scripts * Fri Jan 19 2001 Nalin Dahyabhai <nalin@redhat.com> - add some comments to the ksu patches for the curious - re-enable optimization on alphas * Mon Jan 15 2001 Nalin Dahyabhai <nalin@redhat.com> - fix krb5-send-pr (#18932) and move it from -server to -workstation - buildprereq libtermcap-devel - temporariliy disable optimization on alphas - gettextize init scripts * Tue Dec 05 2000 Nalin Dahyabhai <nalin@redhat.com> - force -fPIC * Fri Dec 01 2000 Nalin Dahyabhai <nalin@redhat.com> - rebuild in new environment * Tue Oct 31 2000 Nalin Dahyabhai <nalin@redhat.com> - add bison as a BuildPrereq (#20091) * Mon Oct 30 2000 Nalin Dahyabhai <nalin@redhat.com> - change /usr/dict/words to /usr/share/dict/words in default kdc.conf (#20000) * Thu Oct 05 2000 Nalin Dahyabhai <nalin@redhat.com> - apply kpasswd bug fixes from David Wragg * Wed Oct 04 2000 Nalin Dahyabhai <nalin@redhat.com> - make krb5-libs obsolete the old krb5-configs package (#18351) - don't quit from the kpropd init script if there's no principal database so that you can propagate the first time without running kpropd manually - don't complain if /etc/ld.so.conf doesn't exist in the -libs %post * Tue Sep 12 2000 Nalin Dahyabhai <nalin@redhat.com> - fix credential forwarding problem in klogind (goof in KRB5CCNAME handling) (#11588) - fix heap corruption bug in FTP client (#14301) * Wed Aug 16 2000 Nalin Dahyabhai <nalin@redhat.com> - fix summaries and descriptions - switched the default transfer protocol from PORT to PASV as proposed on bugzilla (#16134), and to match the regular ftp package's behavior * Wed Jul 19 2000 Jeff Johnson <jbj@redhat.com> - rebuild to compress man pages. * Sat Jul 15 2000 Bill Nottingham <notting@redhat.com> - move initscript back * Fri Jul 14 2000 Nalin Dahyabhai <nalin@redhat.com> - disable servers by default to keep linuxconf from thinking they need to be started when they don't * Thu Jul 13 2000 Prospector <bugzilla@redhat.com> - automatic rebuild * Mon Jul 10 2000 Nalin Dahyabhai <nalin@redhat.com> - change cleanup code in post to not tickle chkconfig - add grep as a Prereq: for -libs * Thu Jul 06 2000 Nalin Dahyabhai <nalin@redhat.com> - move condrestarts to postun - make xinetd configs noreplace - add descriptions to xinetd configs - add /etc/init.d as a prereq for the -server package - patch to properly truncate dumb in krlogind * Fri Jun 30 2000 Nalin Dahyabhai <nalin@redhat.com> - update to 1.2.1 - back out Tom Yu's patch, which is a big chunk of the 1.2 -> 1.2.1 update - start using the official source tarball instead of its contents * Thu Jun 29 2000 Nalin Dahyabhai <nalin@redhat.com> - Tom Yu's patch to fix compatibility between 1.2 kadmin and 1.1.1 kadmind - pull out 6.2 options in the spec file (sonames changing in 1.2 means it's not compatible with other stuff in 6.2, so no need) * Wed Jun 28 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak graceful start/stop logic in post and preun * Mon Jun 26 2000 Nalin Dahyabhai <nalin@redhat.com> - update to the 1.2 release - ditch a lot of our patches which went upstream - enable use of DNS to look up things at build-time - disable use of DNS to look up things at run-time in default krb5.conf - change ownership of the convert-config-files script to root.root - compress PS docs - fix some typos in the kinit man page - run condrestart in server post, and shut down in preun * Mon Jun 19 2000 Nalin Dahyabhai <nalin@redhat.com> - only remove old krb5server init script links if the init script is there * Sat Jun 17 2000 Nalin Dahyabhai <nalin@redhat.com> - disable kshell and eklogin by default * Thu Jun 15 2000 Nalin Dahyabhai <nalin@redhat.com> - patch mkdir/rmdir problem in ftpcmd.y - add condrestart option to init script - split the server init script into three pieces and add one for kpropd * Wed Jun 14 2000 Nalin Dahyabhai <nalin@redhat.com> - make sure workstation servers are all disabled by default - clean up krb5server init script * Fri Jun 09 2000 Nalin Dahyabhai <nalin@redhat.com> - apply second set of buffer overflow fixes from Tom Yu - fix from Dirk Husung for a bug in buffer cleanups in the test suite - work around possibly broken rev binary in running test suite - move default realm configs from /var/kerberos to %{_var}/kerberos * Tue Jun 06 2000 Nalin Dahyabhai <nalin@redhat.com> - make ksu and v4rcp owned by root * Sat Jun 03 2000 Nalin Dahyabhai <nalin@redhat.com> - use %{_infodir} to better comply with FHS - move .so files to -devel subpackage - tweak xinetd config files (bugs #11833, #11835, #11836, #11840) - fix package descriptions again * Wed May 24 2000 Nalin Dahyabhai <nalin@redhat.com> - change a LINE_MAX to 1024, fix from Ken Raeburn - add fix for login vulnerability in case anyone rebuilds without krb4 compat - add tweaks for byte-swapping macros in krb.h, also from Ken - add xinetd config files - make rsh and rlogin quieter - build with debug to fix credential forwarding - add rsh as a build-time req because the configure scripts look for it to determine paths * Wed May 17 2000 Nalin Dahyabhai <nalin@redhat.com> - fix config_subpackage logic * Tue May 16 2000 Nalin Dahyabhai <nalin@redhat.com> - remove setuid bit on v4rcp and ksu in case the checks previously added don't close all of the problems in ksu - apply patches from Jeffrey Schiller to fix overruns Chris Evans found - reintroduce configs subpackage for use in the errata - add PreReq: sh-utils * Mon May 15 2000 Nalin Dahyabhai <nalin@redhat.com> - fix double-free in the kdc (patch merged into MIT tree) - include convert-config-files script as a documentation file * Wed May 03 2000 Nalin Dahyabhai <nalin@redhat.com> - patch ksu man page because the -C option never works - add access() checks and disable debug mode in ksu - modify default ksu build arguments to specify more directories in CMD_PATH and to use getusershell() * Wed May 03 2000 Bill Nottingham <notting@redhat.com> - fix configure stuff for ia64 * Mon Apr 10 2000 Nalin Dahyabhai <nalin@redhat.com> - add LDCOMBINE=-lc to configure invocation to use libc versioning (bug #10653) - change Requires: for/in subpackages to include %{version} * Wed Apr 05 2000 Nalin Dahyabhai <nalin@redhat.com> - add man pages for kerberos(1), kvno(1), .k5login(5) - add kvno to -workstation * Mon Apr 03 2000 Nalin Dahyabhai <nalin@redhat.com> - Merge krb5-configs back into krb5-libs. The krb5.conf file is marked as a %config file anyway. - Make krb5.conf a noreplace config file. * Thu Mar 30 2000 Nalin Dahyabhai <nalin@redhat.com> - Make klogind pass a clean environment to children, like NetKit's rlogind does. * Wed Mar 08 2000 Nalin Dahyabhai <nalin@redhat.com> - Don't enable the server by default. - Compress info pages. - Add defaults for the PAM module to krb5.conf * Mon Mar 06 2000 Nalin Dahyabhai <nalin@redhat.com> - Correct copyright: it's exportable now, provided the proper paperwork is filed with the government. * Fri Mar 03 2000 Nalin Dahyabhai <nalin@redhat.com> - apply Mike Friedman's patch to fix format string problems - don't strip off argv[0] when invoking regular rsh/rlogin * Thu Mar 02 2000 Nalin Dahyabhai <nalin@redhat.com> - run kadmin.local correctly at startup * Mon Feb 28 2000 Nalin Dahyabhai <nalin@redhat.com> - pass absolute path to kadm5.keytab if/when extracting keys at startup * Sat Feb 19 2000 Nalin Dahyabhai <nalin@redhat.com> - fix info page insertions * Wed Feb 09 2000 Nalin Dahyabhai <nalin@redhat.com> - tweak server init script to automatically extract kadm5 keys if /var/kerberos/krb5kdc/kadm5.keytab doesn't exist yet - adjust package descriptions * Thu Feb 03 2000 Nalin Dahyabhai <nalin@redhat.com> - fix for potentially gzipped man pages * Fri Jan 21 2000 Nalin Dahyabhai <nalin@redhat.com> - fix comments in krb5-configs * Fri Jan 07 2000 Nalin Dahyabhai <nalin@redhat.com> - move /usr/kerberos/bin to end of PATH * Tue Dec 28 1999 Nalin Dahyabhai <nalin@redhat.com> - install kadmin header files * Tue Dec 21 1999 Nalin Dahyabhai <nalin@redhat.com> - patch around TIOCGTLC defined on alpha and remove warnings from libpty.h - add installation of info docs - remove krb4 compat patch because it doesn't fix workstation-side servers * Mon Dec 20 1999 Nalin Dahyabhai <nalin@redhat.com> - remove hesiod dependency at build-time * Sun Dec 19 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu> - rebuild on 1.1.1 * Thu Oct 07 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu> - clean up init script for server, verify that it works [jlkatz] - clean up rotation script so that rc likes it better - add clean stanza * Mon Oct 04 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu> - backed out ncurses and makeshlib patches - update for krb5-1.1 - add KDC rotation to rc.boot, based on ideas from Michael's C version * Mon Sep 27 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu> - added -lncurses to telnet and telnetd makefiles * Mon Jul 05 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu> - added krb5.csh and krb5.sh to /etc/profile.d * Tue Jun 22 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu> - broke out configuration files * Mon Jun 14 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu> - fixed server package so that it works now * Sat May 15 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu> - started changelog (previous package from zedz.net) - updated existing 1.0.5 RPM from Eos Linux to krb5 1.0.6 - added --force to makeinfo commands to skip errors during build MODERATE Copyright 2024 Oracle, Inc. CVE-2024-37370 CVE-2024-37371 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [4.0.9-32] - Fix CVE-2023-6228 CVE-2023-52356 CVE-2023-25433 CVE-2018-15209 - Resolves: RHEL-30682 RHEL-30520 RHEL-30474 RHEL-5406 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-6228 CVE-2023-25433 CVE-2018-15209 CVE-2023-52356 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [4.18.0-553.16.1_10.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652] - Drop not needed patch [4.18.0-553.16.1_10] - x86/bhi: Fix incorrect CLEAR_BRANCH_HISTORY position in entry_INT80_compat (Waiman Long) [RHEL-50648] [4.18.0-553.15.1_10] - Revert 'scsi: st: Add third party poweron reset handling' (John Meneghini) [RHEL-44613] - ionic: fix use after netif_napi_del() (CKI Backport Bot) [RHEL-47624] {CVE-2024-39502} - ionic: clean interrupt before enabling queue to avoid credit race (CKI Backport Bot) [RHEL-47624] {CVE-2024-39502} - net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change (CKI Backport Bot) [RHEL-49321] {CVE-2021-47624} - xhci: Handle TD clearing for multiple streams case (CKI Backport Bot) [RHEL-47882] {CVE-2024-40927} - net: openvswitch: Fix Use-After-Free in ovs_ct_exit (cki-backport-bot) [RHEL-36362] {CVE-2024-27395} - net: bridge: mst: fix suspicious rcu usage in br_mst_set_state (Ivan Vecera) [RHEL-43721] {CVE-2024-36979} - net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state (Ivan Vecera) [RHEL-43721] {CVE-2024-36979} - net: bridge: mst: fix vlan use-after-free (cki-backport-bot) [RHEL-43721] {CVE-2024-36979} - irqchip/gic-v3-its: Prevent double free on error (Charles Mirabile) [RHEL-37022] {CVE-2024-35847} - irqchip/gic-v3-its: Fix potential VPE leak on error (Charles Mirabile) [RHEL-37744] {CVE-2021-47373} - i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() (Charles Mirabile) [RHEL-34735] {CVE-2022-48632} - iommu/dma: fix zeroing of bounce buffer padding used by untrusted devices (Eder Zulian) [RHEL-36954] {CVE-2024-35814} - swiotlb: remove alloc_size argument to swiotlb_tbl_map_single() (Eder Zulian) [RHEL-36954] {CVE-2024-35814} - swiotlb: fix swiotlb_bounce() to do partial sync's correctly (Eder Zulian) [RHEL-36954] {CVE-2024-35814} - swiotlb: extend buffer pre-padding to alloc_align_mask if necessary (Eder Zulian) [RHEL-36954] {CVE-2024-35814} - swiotlb: Reinstate page-alignment for mappings >= PAGE_SIZE (Eder Zulian) [RHEL-36954] {CVE-2024-35814} - swiotlb: Fix alignment checks when both allocation and DMA masks are present (Eder Zulian) [RHEL-36954] {CVE-2024-35814} - swiotlb: Fix double-allocation of slots due to broken alignment handling (Eder Zulian) [RHEL-36954] {CVE-2024-35814} - genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline (cki-backport-bot) [RHEL-44441] {CVE-2024-31076} [4.18.0-553.14.1_10] - s390/qeth: Fix kernel panic after setting hsuid (Mete Durlu) [RHEL-49754] - perf/core: Protect event sibling list locking against interrupt inversion (Daniel Vacek) [RHEL-31798] - vt: fix unicode buffer corruption when deleting characters (Steve Best) [RHEL-36936] {CVE-2024-35823} - cifs: translate network errors on send to -ECONNABORTED (Paulo Alcantara) [RHEL-36754] - xfs: don't block in busy flushing when freeing extents (Brian Foster) [RHEL-7984] - xfs: allow extent free intents to be retried (Brian Foster) [RHEL-7984] - xfs: pass alloc flags through to xfs_extent_busy_flush() (Brian Foster) [RHEL-7984] - xfs: use deferred frees for btree block freeing (Brian Foster) [RHEL-7984] - xfs: fix bounds check in xfs_defer_agfl_block() (Brian Foster) [RHEL-7984] - xfs: validate block number being freed before adding to xefi (Brian Foster) [RHEL-7984] - xfs: rename xfs_bmap_add_free to xfs_free_extent_later (Brian Foster) [RHEL-7984] - usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group (Desnes Nunes) [RHEL-36803] {CVE-2024-35790} - stm class: Fix a double free in stm_register_device() (Steve Best) [RHEL-44514] {CVE-2024-38627} - s390/qeth: Fix potential loss of L3-IP@ in case of network issues (Mete Durlu) [RHEL-49755] - tls: fix missing memory barrier in tls_init (cki-backport-bot) [RHEL-44471] {CVE-2024-36489} - xfs: fix log recovery buffer allocation for the legacy h_size fixup (Bill O'Donnell) [RHEL-46473] {CVE-2024-39472} - fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats (Brian Foster) [RHEL-31562] {CVE-2024-26686} - fs/proc: do_task_stat: move thread_group_cputime_adjusted() outside of lock_task_sighand() (Brian Foster) [RHEL-31562] {CVE-2024-26686} - fs/proc: do_task_stat: use __for_each_thread() (Brian Foster) [RHEL-31562] {CVE-2024-26686} - exit: Use the correct exit_code in /proc/<pid>/stat (Brian Foster) [RHEL-31562] {CVE-2024-26686} - scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (Ewan D. Milne) [RHEL-38283] {CVE-2023-52811} - scsi: qla2xxx: Fix double free of fcport (Ewan D. Milne) [RHEL-39549] {CVE-2024-26929} - scsi: qla2xxx: Fix double free of the ha->vp_map pointer (Ewan D. Milne) [RHEL-39549] {CVE-2024-26930} - scsi: qla2xxx: Fix command flush on cable pull (Ewan D. Milne) [RHEL-39549] {CVE-2024-26931} [4.18.0-553.13.1_10] - redhat: remove handling of deleted rhdocs/ directory from genspec.sh (Denys Vlasenko) - x86/bugs: Fix BHI retpoline check (Waiman Long) [RHEL-28202] {CVE-2024-2201} - x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI (Waiman Long) [RHEL-28202] {CVE-2024-2201} - x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (Waiman Long) [RHEL-28202] {CVE-2024-2201} - x86/bugs: Clarify that syscall hardening isn't a BHI mitigation (Waiman Long) [RHEL-28202] {CVE-2024-2201} - x86/bugs: Fix BHI handling of RRSBA (Waiman Long) [RHEL-28202] {CVE-2024-2201} - x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' (Waiman Long) [RHEL-28202] {CVE-2024-2201} - x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES (Waiman Long) [RHEL-28202] {CVE-2024-2201} - x86/bugs: Fix BHI documentation (Waiman Long) [RHEL-28202] {CVE-2024-2201} - x86/bugs: Fix return type of spectre_bhi_state() (Waiman Long) [RHEL-28202] {CVE-2024-2201} - x86/bugs: Make CONFIG_SPECTRE_BHI_ON the default (Waiman Long) [RHEL-28202] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Waiman Long) [RHEL-28202] {CVE-2024-2201} - x86/bhi: Add BHI mitigation knob (Waiman Long) [RHEL-28202] {CVE-2024-2201} - x86/bhi: Enumerate Branch History Injection (BHI) bug (Waiman Long) [RHEL-28202] {CVE-2024-2201} - x86/bhi: Define SPEC_CTRL_BHI_DIS_S (Waiman Long) [RHEL-28202] {CVE-2024-2201} - x86/bhi: Add support for clearing branch history at syscall entry (Waiman Long) [RHEL-28202] {CVE-2024-2201} - x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file (Waiman Long) [RHEL-28202] - perf/x86/amd/lbr: Use freeze based on availability (Waiman Long) [RHEL-28202] - Documentation/kernel-parameters: Add spec_rstack_overflow to mitigations=off (Waiman Long) [RHEL-28202] - KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace (Waiman Long) [RHEL-28202] - x86/bugs: Reset speculation control settings on init (Waiman Long) [RHEL-28202] - KVM: x86: Update KVM-only leaf handling to allow for 100% KVM-only leafs (Waiman Long) [RHEL-28202] - KVM: x86: Hide IA32_PLATFORM_DCA_CAP[31:0] from the guest (Waiman Long) [RHEL-28202] - mptcp: ensure snd_nxt is properly initialized on connect (Davide Caratti) [RHEL-39865] {CVE-2024-36889} - powerpc/pseries: Enforce hcall result buffer validity and size (Mamatha Inamdar) [RHEL-48291] {CVE-2024-40974} - wifi: mac80211: fix potential key use-after-free (Jose Ignacio Tornos Martinez) [RHEL-28007] {CVE-2023-52530} - cppc_cpufreq: Fix possible null pointer dereference (Mark Langsdorf) [RHEL-44137] {CVE-2024-38573} - net/sched: act_mirred: use the backlog for mirred ingress (Davide Caratti) [RHEL-31718] {CVE-2024-26740} - vfio/pci: Lock external INTx masking ops (Alex Williamson) [RHEL-31922] {CVE-2024-26810} - net: sched: sch_multiq: fix possible OOB write in multiq_tune() (Davide Caratti) [RHEL-43464] {CVE-2024-36978} - tcp: fix tcp_init_transfer() to not reset icsk_ca_initialized (Guillaume Nault) [RHEL-37850] {CVE-2021-47304} - pstore/ram: Fix crash when setting number of cpus to an odd number (Lenny Szubowicz) [RHEL-29471] {CVE-2023-52619} - drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node (Jocelyn Falempe) [RHEL-37101] {CVE-2023-52662} - drm/vmwgfx: Fix the lifetime of the bo cursor memory (Jocelyn Falempe) [RHEL-36962] {CVE-2024-35810} - drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed (Jocelyn Falempe) [RHEL-34987] {CVE-2024-26940} - drm/vmwgfx: Unmap the surface before resetting it on a plane state (Jocelyn Falempe) [RHEL-35217] {CVE-2023-52648} - drm/vmwgfx: Fix invalid reads in fence signaled events (Jocelyn Falempe) [RHEL-40010] {CVE-2024-36960} - block: Fix wrong offset in bio_truncate() (Ming Lei) [RHEL-43782] {CVE-2022-48747} - bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (CKI Backport Bot) [RHEL-46913] {CVE-2024-39487} - net: fix __dst_negative_advice() race (Xin Long) [RHEL-41183] {CVE-2024-36971} - igc: avoid returning frame twice in XDP_REDIRECT (Corinna Vinschen) [RHEL-33264] {CVE-2024-26853} - mac802154: fix llsec key resources release in mac802154_llsec_key_del (Steve Best) [RHEL-34967] {CVE-2024-26961} - cpufreq: exit() callback is optional (Mark Langsdorf) [RHEL-43840] {CVE-2024-38615} - cifs: prevent infinite recursion in CIFSGetDFSRefer() (Paulo Alcantara) [RHEL-34672] - cifs: lock chan_lock outside match_session (Paulo Alcantara) [RHEL-34672] - smb3: workaround negprot bug in some Samba servers (Paulo Alcantara) [RHEL-34672] - smb3: use netname when available on secondary channels (Paulo Alcantara) [RHEL-34672] - smb3: fix empty netname context on secondary channels (Paulo Alcantara) [RHEL-34672] - cifs: populate empty hostnames for extra channels (Paulo Alcantara) [RHEL-34672] - cifs: always iterate smb sessions using primary channel (Paulo Alcantara) [RHEL-34672] - cifs: Fix connections leak when tlink setup failed (Paulo Alcantara) [RHEL-34672] - cifs: Fix memory leak when build ntlmssp negotiate blob failed (Paulo Alcantara) [RHEL-34672] - cifs: always initialize struct msghdr smb_msg completely (Paulo Alcantara) [RHEL-34672] - cifs: don't send down the destination address to sendmsg for a SOCK_STREAM (Paulo Alcantara) [RHEL-34672] - cifs: revalidate mapping when doing direct writes (Paulo Alcantara) [RHEL-34672] - cifs: skip extra NULL byte in filenames (Paulo Alcantara) [RHEL-34672] - cifs: list_for_each() -> list_for_each_entry() (Paulo Alcantara) [RHEL-34672] - smb2: small refactor in smb2_check_message() (Paulo Alcantara) [RHEL-34672] - cifs: Fix crash on unload of cifs_arc4.ko (Paulo Alcantara) [RHEL-34672] - cifs: remove check of list iterator against head past the loop body (Paulo Alcantara) [RHEL-34672] - cifs: fix reconnect on smb3 mount types (Paulo Alcantara) [RHEL-34672] - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (Paulo Alcantara) [RHEL-34672] - cifs: skip trailing separators of prefix paths (Paulo Alcantara) [RHEL-34672] - cifs: fix ntlmssp on old servers (Paulo Alcantara) [RHEL-34672] - cifs: fix NULL ptr dereference in refresh_mounts() (Paulo Alcantara) [RHEL-34672] - cifs: do not skip link targets when an I/O fails (Paulo Alcantara) [RHEL-34672] - cifs: fix confusing unneeded warning message on smb2.1 and earlier (Paulo Alcantara) [RHEL-34672] - smb3: fix snapshot mount option (Paulo Alcantara) [RHEL-34672] - cifs: fix workstation_name for multiuser mounts (Paulo Alcantara) [RHEL-34672] - cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (Paulo Alcantara) [RHEL-34672] - cifs: free ntlmsspblob allocated in negotiate (Paulo Alcantara) [RHEL-34672] - cifs: avoid use of dstaddr as key for fscache client cookie (Paulo Alcantara) [RHEL-34672] - cifs: add server conn_id to fscache client cookie (Paulo Alcantara) [RHEL-34672] - cifs: fix missed refcounting of ipc tcon (Paulo Alcantara) [RHEL-34672] - smb2: clarify rc initialization in smb2_reconnect (Paulo Alcantara) [RHEL-34672] - cifs: populate server_hostname for extra channels (Paulo Alcantara) [RHEL-34672] - cifs: nosharesock should be set on new server (Paulo Alcantara) [RHEL-34672] - cifs: introduce cifs_ses_mark_for_reconnect() helper (Paulo Alcantara) [RHEL-34672] - cifs: protect srv_count with cifs_tcp_ses_lock (Paulo Alcantara) [RHEL-34672] - cifs: move debug print out of spinlock (Paulo Alcantara) [RHEL-34672] - cifs: do not duplicate fscache cookie for secondary channels (Paulo Alcantara) [RHEL-34672] - cifs: connect individual channel servers to primary channel server (Paulo Alcantara) [RHEL-34672] - cifs: protect session channel fields with chan_lock (Paulo Alcantara) [RHEL-34672] - cifs: do not negotiate session if session already exists (Paulo Alcantara) [RHEL-34672] - smb3: do not setup the fscache_super_cookie until fsinfo initialized (Paulo Alcantara) [RHEL-34672] - cifs: fix potential use-after-free bugs (Paulo Alcantara) [RHEL-34672] - cifs: release lock earlier in dequeue_mid error case (Paulo Alcantara) [RHEL-34672] - smb3: remove trivial dfs compile warning (Paulo Alcantara) [RHEL-34672] - cifs: support nested dfs links over reconnect (Paulo Alcantara) [RHEL-34672] - cifs: for compound requests, use open handle if possible (Paulo Alcantara) [RHEL-34672] - cifs: split out dfs code from cifs_reconnect() (Paulo Alcantara) [RHEL-34672] - cifs: convert list_for_each to entry variant (Paulo Alcantara) [RHEL-34672] - cifs: introduce new helper for cifs_reconnect() (Paulo Alcantara) [RHEL-34672] - cifs: fix print of hdr_flags in dfscache_proc_show() (Paulo Alcantara) [RHEL-34672] - cifs: send workstation name during ntlmssp session setup (Paulo Alcantara) [RHEL-34672] - cifs: nosharesock should not share socket with future sessions (Paulo Alcantara) [RHEL-34672] - smb3: add dynamic trace points for socket connection (Paulo Alcantara) [RHEL-34672] - cifs: Move SMB2_Create definitions to the shared area (Paulo Alcantara) [RHEL-34672] - cifs: Move more definitions into the shared area (Paulo Alcantara) [RHEL-34672] - cifs: move NEGOTIATE_PROTOCOL definitions out into the common area (Paulo Alcantara) [RHEL-34672] - cifs: Create a new shared file holding smb2 pdu definitions (Paulo Alcantara) [RHEL-34672] - cifs: fix incorrect check for null pointer in header_assemble (Paulo Alcantara) [RHEL-34672] - smb3: correct server pointer dereferencing check to be more consistent (Paulo Alcantara) [RHEL-34672] - cifs: Deal with some warnings from W=1 (Paulo Alcantara) [RHEL-34672] - cifs: fix a sign extension bug (Paulo Alcantara) [RHEL-34672] - cifs: fix incorrect kernel doc comments (Paulo Alcantara) [RHEL-34672] - cifs: remove pathname for file from SPDX header (Paulo Alcantara) [RHEL-34672] - cifs: move SMB FSCTL definitions to common code (Paulo Alcantara) [RHEL-34672] - cifs: rename cifs_common to smbfs_common (Paulo Alcantara) [RHEL-34672] - cifs: update FSCTL definitions (Paulo Alcantara) [RHEL-34672] - cifs: cifs_md4 convert to SPDX identifier (Paulo Alcantara) [RHEL-34672] - cifs: create a MD4 module and switch cifs.ko to use it (Paulo Alcantara) [RHEL-34672] - cifs: fork arc4 and create a separate module for it for cifs and other users (Paulo Alcantara) [RHEL-34672] - smb3: fix posix extensions mount option (Paulo Alcantara) [RHEL-34672] - cifs: fix wrong release in sess_alloc_buffer() failed path (Paulo Alcantara) [RHEL-34672] - CIFS: Fix a potencially linear read overflow (Paulo Alcantara) [RHEL-34672] - cifs: use the correct max-length for dentry_path_raw() (Paulo Alcantara) [RHEL-34672] - cifs: create sd context must be a multiple of 8 (Paulo Alcantara) [RHEL-34672] - cifs: do not share tcp sessions of dfs connections (Paulo Alcantara) [RHEL-34672] - cifs: added WARN_ON for all the count decrements (Paulo Alcantara) [RHEL-34672] - cifs: fix missing null session check in mount (Paulo Alcantara) [RHEL-34672] - cifs: handle reconnect of tcon when there is no cached dfs referral (Paulo Alcantara) [RHEL-34672] - cifs: fix the out of range assignment to bit fields in parse_server_interfaces (Paulo Alcantara) [RHEL-34672] - smb3: fix typo in header file (Paulo Alcantara) [RHEL-34672] - SMB3.1.1: Add support for negotiating signing algorithm (Paulo Alcantara) [RHEL-34672] - cifs: prevent NULL deref in cifs_compose_mount_options() (Paulo Alcantara) [RHEL-34672] - cifs: fix NULL dereference in smb2_check_message() (Paulo Alcantara) [RHEL-34672] - smbdirect: missing rc checks while waiting for rdma events (Paulo Alcantara) [RHEL-34672] - cifs: Avoid field over-reading memcpy() (Paulo Alcantara) [RHEL-34672] - smb311: remove dead code for non compounded posix query info (Paulo Alcantara) [RHEL-34672] - cifs: fix SMB1 error path in cifs_get_file_info_unix (Paulo Alcantara) [RHEL-34672] - smb3: fix uninitialized value for port in witness protocol move (Paulo Alcantara) [RHEL-34672] - cifs: fix unneeded null check (Paulo Alcantara) [RHEL-34672] - cifs: use SPDX-Licence-Identifier (Paulo Alcantara) [RHEL-34672] - cifs: convert list_for_each to entry variant in cifs_debug.c (Paulo Alcantara) [RHEL-34672] - cifs: convert list_for_each to entry variant in smb2misc.c (Paulo Alcantara) [RHEL-34672] - cifs: missed ref-counting smb session in find (Paulo Alcantara) [RHEL-34672] - cifs: do not share tcp servers with dfs mounts (Paulo Alcantara) [RHEL-34672] - cifs: set a minimum of 2 minutes for refreshing dfs cache (Paulo Alcantara) [RHEL-34672] - cifs: Remove unused inline function is_sysvol_or_netlogon() (Paulo Alcantara) [RHEL-34672] - cifs: remove duplicated prototype (Paulo Alcantara) [RHEL-34672] - cifs: fix ipv6 formating in cifs_ses_add_channel (Paulo Alcantara) [RHEL-34672] - cifs: fix string declarations and assignments in tracepoints (Paulo Alcantara) [RHEL-34672] - cifs: fix memory leak in smb2_copychunk_range (Paulo Alcantara) [RHEL-34672] - SMB3: incorrect file id in requests compounded with open (Paulo Alcantara) [RHEL-34672] - smb3: if max_channels set to more than one channel request multichannel (Paulo Alcantara) [RHEL-34672] - smb3: do not attempt multichannel to server which does not support it (Paulo Alcantara) [RHEL-34672] - smb3: when mounting with multichannel include it in requested capabilities (Paulo Alcantara) [RHEL-34672] - cifs: simplify SWN code with dummy funcs instead of ifdefs (Paulo Alcantara) [RHEL-34672] - cifs: log mount errors using cifs_errorf() (Paulo Alcantara) [RHEL-34672] - cifs: switch build_path_from_dentry() to using dentry_path_raw() (Paulo Alcantara) [RHEL-34672] - cifs: fix out-of-bound memory access when calling smb3_notify() at mount point (Paulo Alcantara) [RHEL-34672] - cifs: allocate buffer in the caller of build_path_from_dentry() (Paulo Alcantara) [RHEL-34672] - cifs: make build_path_from_dentry() return const char * (Paulo Alcantara) [RHEL-34672] - cifs: remove old dead code (Paulo Alcantara) [RHEL-34672] - fs: cifs: Remove repeated struct declaration (Paulo Alcantara) [RHEL-34672] - cifs: have cifs_fattr_to_inode() refuse to change type on live inode (Paulo Alcantara) [RHEL-34672] - cifs: have ->mkdir() handle race with another client sanely (Paulo Alcantara) [RHEL-34672] - do_cifs_create(): don't set ->i_mode of something we had not created (Paulo Alcantara) [RHEL-34672] - cifs: Silently ignore unknown oplock break handle (Paulo Alcantara) [RHEL-34672] - cifs: change noisy error message to FYI (Paulo Alcantara) [RHEL-34672] - cifs: print MIDs in decimal notation (Paulo Alcantara) [RHEL-34672] - cifs: minor simplification to smb2_is_network_name_deleted (Paulo Alcantara) [RHEL-34672] - TCON Reconnect during STATUS_NETWORK_NAME_DELETED (Paulo Alcantara) [RHEL-34672] - cifs: clarify hostname vs ip address in /proc/fs/cifs/DebugData (Paulo Alcantara) [RHEL-34672] - cifs: change confusing field serverName (to ip_addr) (Paulo Alcantara) [RHEL-34672] - cifs: Reformat DebugData and index connections by conn_id. (Paulo Alcantara) [RHEL-34672] - cifs: Identify a connection by a conn_id. (Paulo Alcantara) [RHEL-34672] - smb3: negotiate current dialect (SMB3.1.1) when version 3 or greater requested (Paulo Alcantara) [RHEL-34672] - smb3: Fix out-of-bounds bug in SMB2_negotiate() (Paulo Alcantara) [RHEL-34672] - fs/cifs: Simplify bool comparison. (Paulo Alcantara) [RHEL-34672] - fs/cifs: Assign boolean values to a bool variable (Paulo Alcantara) [RHEL-34672] - cifs: Avoid error pointer dereference (Paulo Alcantara) [RHEL-34672] - cifs: Re-indent cifs_swn_reconnect() (Paulo Alcantara) [RHEL-34672] - cifs: Unlock on errors in cifs_swn_reconnect() (Paulo Alcantara) [RHEL-34672] - cifs: Delete a stray unlock in cifs_swn_reconnect() (Paulo Alcantara) [RHEL-34672] - cifs: Tracepoints and logs for tracing credit changes. (Paulo Alcantara) [RHEL-34672] - cifs: Fix some error pointers handling detected by static checker (Paulo Alcantara) [RHEL-34672] - smb3: remind users that witness protocol is experimental (Paulo Alcantara) [RHEL-34672] - SMB3.1.1: do not log warning message if server doesn't populate salt (Paulo Alcantara) [RHEL-34672] - SMB3.1.1: update comments clarifying SPNEGO info in negprot response (Paulo Alcantara) [RHEL-34672] - SMB3.1.1: remove confusing mount warning when no SPNEGO info on negprot rsp (Paulo Alcantara) [RHEL-34672] - SMB3: avoid confusing warning message on mount to Azure (Paulo Alcantara) [RHEL-34672] - md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING (Nigel Croxon) [RHEL-46662] {CVE-2024-39476} - net: fix information leakage in /proc/net/ptype (Hangbin Liu) [RHEL-44000] {CVE-2022-48757} - usb: typec: ucsi: Limit read size on v1.2 (Desnes Nunes) [RHEL-37286] {CVE-2024-35924} - minmax: relax check to allow comparison between unsigned arguments and signed constants (Desnes Nunes) [RHEL-37286] - minmax: allow comparisons of 'int' against 'unsigned char/short' (Desnes Nunes) [RHEL-37286] - minmax: allow min()/max()/clamp() if the arguments have the same signedness. (Desnes Nunes) [RHEL-37286] - minmax: add umin(a, b) and umax(a, b) (Desnes Nunes) [RHEL-37286] - minmax: fix header inclusions (Desnes Nunes) [RHEL-37286] - minmax: clamp more efficiently by avoiding extra comparison (Desnes Nunes) [RHEL-37286] - minmax: sanity check constant bounds when clamping (Desnes Nunes) [RHEL-37286] - tracing: Define the is_signed_type() macro once (Desnes Nunes) [RHEL-37286] - linux/bits.h: fix compilation error with GENMASK (Desnes Nunes) [RHEL-37286] - x86/apic: Mask IOAPIC entries when disabling the local APIC (Lenny Szubowicz) [RHEL-18077] - userfaultfd: fix a race between writeprotect and exit_mmap() (Rafael Aquini) [RHEL-38410] {CVE-2021-47461} - mm: khugepaged: skip huge page collapse for special files (Waiman Long) [RHEL-38446] {CVE-2021-47491} - cachefiles: fix memory leak in cachefiles_add_cache() (Andrey Albershteyn) [RHEL-33109] {CVE-2024-26840} - drm/amd/display: Implement bounds check for stream encoder creation in DCN301 (Michel Danzer) [RHEL-31429] {CVE-2024-26660} - net/mlx5: Discard command completions in internal error (Kamal Heib) [RHEL-44231] {CVE-2024-38555} - drm: Don't unref the same fb many times by mistake due to deadlock handling (CKI Backport Bot) [RHEL-29011] {CVE-2023-52486} - md: fix resync softlockup when bitmap size is less than array size (Nigel Croxon) [RHEL-43942] {CVE-2024-38598} - rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation (Davide Caratti) [RHEL-39712] {CVE-2024-36017} - netfilter: nf_tables: discard table flag update with pending basechain deletion (Phil Sutter) [RHEL-37205] {CVE-2024-35897} - netfilter: nf_tables: reject table flag and netdev basechain updates (Phil Sutter) [RHEL-37205] - scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (Ewan D. Milne) [RHEL-40172] {CVE-2024-36924} - scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (Ewan D. Milne) [RHEL-40172] {CVE-2024-36952} - netfilter: nf_tables: fix memleak in map from abort path (Phil Sutter) [RHEL-35052] {CVE-2024-27011} - netfilter: nf_tables: reject new basechain after table flag update (Phil Sutter) [RHEL-37193] {CVE-2024-35900} - netfilter: nf_tables: flush pending destroy work before exit_net release (Phil Sutter) [RHEL-37197] {CVE-2024-35899} - netfilter: complete validation of user input (Phil Sutter) [RHEL-37210] - netfilter: validate user input for expected length (Phil Sutter) [RHEL-37210] {CVE-2024-35896} - netfilter: tproxy: bail out if IP has been disabled on the device (Phil Sutter) [RHEL-44363] {CVE-2024-36270} - netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (Phil Sutter) [RHEL-44532] {CVE-2024-36286} - netfilter: nf_tables: do not compare internal table flags on updates (Phil Sutter) [RHEL-35114] {CVE-2024-27065} - netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (Phil Sutter) [RHEL-35028] {CVE-2024-27019} - netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (Phil Sutter) [RHEL-35024] {CVE-2024-27020} - netfilter: nf_tables: __nft_expr_type_get() selects specific family type (Phil Sutter) [RHEL-35024] - netfilter: conntrack: serialize hash resizes and cleanups (Phil Sutter) [RHEL-37703] {CVE-2021-47408} - netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path (Phil Sutter) [RHEL-34217] {CVE-2024-26925} - netfilter: nf_tables: release batch on table validation from abort path (Phil Sutter) [RHEL-34217] - ipvlan: add ipvlan_route_v6_outbound() helper (Davide Caratti) [RHEL-38319] {CVE-2023-52796} [4.18.0-553.12.1_10] - net: bridge: xmit: make sure we have at least eth header len bytes (cki-backport-bot) [RHEL-44291] {CVE-2024-38538} - drivers/amd/pm: fix a use-after-free in kv_parse_power_table (Michel Danzer) [RHEL-26893] {CVE-2023-52469} - SUNRPC: Fix a suspicious RCU usage warning (Scott Mayhew) [RHEL-30503] {CVE-2023-52623} - ice: Fix some null pointer dereference issues in ice_ptp.c (Petr Oros) [RHEL-26901] {CVE-2023-52471} - xfs: fix internal error from AGFL exhaustion (Pavel Reichl) [RHEL-45581] - sched/psi: Fix use-after-free in ep_remove_wait_queue() (Phil Auld) [RHEL-38117] {CVE-2023-52707} - wait: add wake_up_pollfree() (Phil Auld) [RHEL-38117] - net/ipv6: avoid possible UAF in ip6_route_mpath_notify() (Hangbin Liu) [RHEL-33269] {CVE-2024-26852} - net: bridge: switchdev: Skip MDB replays of deferred events on offload (Ivan Vecera) [RHEL-33117] {CVE-2024-26837} - ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (Pavel Reichl) [RHEL-31700] {CVE-2024-26772} - ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() (Pavel Reichl) [RHEL-31688] {CVE-2024-26773} - ext4: fix double-free of blocks due to wrong extents moved_len (Pavel Reichl) [RHEL-31612] {CVE-2024-26704} - vxlan: Pull inner IP header in vxlan_xmit_one(). (Guillaume Nault) [RHEL-31389] - geneve: Fix incorrect inner network header offset when innerprotoinherit is set (Guillaume Nault) [RHEL-31389] - vxlan: Pull inner IP header in vxlan_rcv(). (Guillaume Nault) [RHEL-31389] - geneve: fix header validation in geneve[6]_xmit_skb (Guillaume Nault) [RHEL-31389] - geneve: make sure to pull inner header in geneve_rx() (Guillaume Nault) [RHEL-31389] - net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb (Guillaume Nault) [RHEL-31389] - net: geneve: check skb is large enough for IPv4/IPv6 header (Guillaume Nault) [RHEL-31389] - net/smc: fix neighbour and rtable leak in smc_ib_find_route() (Tobias Huschle) [RHEL-39744] {CVE-2024-36945} - igb: Fix string truncation warnings in igb_set_fw_version (Corinna Vinschen) [RHEL-38452] {CVE-2024-36010} - bonding: stop the device in bond_setup_by_slave() (Hangbin Liu) [RHEL-38327] {CVE-2023-52784} - i40e: fix vf may be used uninitialized in this function warning (Kamal Heib) [RHEL-39702] {CVE-2024-36020} - powerpc/64: Fix the definition of the fixmap area (Mamatha Inamdar) [RHEL-27191] {CVE-2021-47018} - powerpc/mm/hash64: Add a variable to track the end of IO mapping (Mamatha Inamdar) [RHEL-27191] {CVE-2021-47018} - nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). (Xin Long) [RHEL-39770] {CVE-2024-36933} - net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (Xin Long) [RHEL-39770] - net: core: reject skb_copy(_expand) for fraglist GSO skbs (Xin Long) [RHEL-39779] {CVE-2024-36929} - tcp: properly terminate timers for kernel sockets (Guillaume Nault) [RHEL-37171] {CVE-2024-35910} - net: relax socket state check at accept time. (Florian Westphal) [RHEL-39831] - tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (Florian Westphal) [RHEL-39831] {CVE-2024-36905} - tcp: remove redundant check on tskb (Florian Westphal) [RHEL-39831] - drm/ast: Fix soft lockup (cki-backport-bot) [RHEL-37438] {CVE-2024-35952} - null_blk: Fix return value of nullb_device_power_store() (Ming Lei) [RHEL-39341] - null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' (Ming Lei) [RHEL-39341] - null_blk: fix return value from null_add_dev() (Ming Lei) [RHEL-39341] [4.18.0-553.11.1_10] - x86/bugs: Reverse instruction order of CLEAR_CPU_BUFFERS (Waiman Long) [RHEL-42121] - Revert 'x86/bugs: Use fixed addressing for VERW operand' (Waiman Long) [RHEL-42121] - KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests (Waiman Long) [RHEL-42121] - x86/rfds: Mitigate Register File Data Sampling (RFDS) (Waiman Long) [RHEL-42121] - Documentation/hw-vuln: Add documentation for RFDS (Waiman Long) [RHEL-42121] - x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set (Waiman Long) [RHEL-42121] - x86/bugs: Use fixed addressing for VERW operand (Waiman Long) [RHEL-42121] - KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (Waiman Long) [RHEL-42121] - x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (Waiman Long) [RHEL-42121] - x86/entry_32: Add VERW just before userspace transition (Waiman Long) [RHEL-42121] - x86/entry_64: Add VERW just before userspace transition (Waiman Long) [RHEL-42121] - x86/bugs: Add asm helpers for executing VERW (Waiman Long) [RHEL-42121] - x86/cpu: Fix Gracemont uarch (Waiman Long) [RHEL-42121] - Documentation/hw-vuln: Unify filename specification in index (Waiman Long) [RHEL-42121] - KVM: VMX: Access @flags as a 32-bit value in __vmx_vcpu_run() (Waiman Long) [RHEL-42121] - x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (Waiman Long) [RHEL-42121] - x86/asm: Have the __ASM_FORM macros handle commas in arguments (Waiman Long) [RHEL-42121] - x86/asm: Allow to pass macros to __ASM_FORM() (Waiman Long) [RHEL-42121] - wifi: iwlwifi: mvm: guard against invalid STA ID on removal (Jose Ignacio Tornos Martinez) [RHEL-39801] {CVE-2024-36921} - ipv6: Fix potential uninit-value access in __ip6_make_skb() (Antoine Tenart) [RHEL-39784] - ipv4: Fix uninit-value access in __ip_make_skb() (Antoine Tenart) [RHEL-39784] {CVE-2024-36927} - perf mmap: Lazily initialize zstd streams to save memory when not using it (Michael Petlan) [RHEL-34876] - perf tools: Fix spelling mistake 'commpressor' -> 'compressor' (Michael Petlan) [RHEL-34876] - perf record: Introduce data transferred and compressed stats (Michael Petlan) [RHEL-34876] - perf record: Introduce compressor at mmap buffer object (Michael Petlan) [RHEL-34876] - perf record: Introduce bytes written stats (Michael Petlan) [RHEL-34876] - perf record: Introduce data file at mmap buffer object (Michael Petlan) [RHEL-34876] - perf record: Start threads in the beginning of trace streaming (Alexey Bayduraev) [RHEL-34876] - perf record: Stop threads in the end of trace streaming (Michael Petlan) [RHEL-34876] - perf record: Introduce thread local variable (Michael Petlan) [RHEL-34876] - perf record: Introduce function to propagate control commands (Michael Petlan) [RHEL-34876] - perf record: Introduce thread specific data array (Michael Petlan) [RHEL-34876] - tools lib: Introduce fdarray duplicate function (Michael Petlan) [RHEL-34876] - perf record: Introduce thread affinity and mmap masks (Michael Petlan) [RHEL-34876] - gfs2: Be more careful with the quota sync generation (Andreas Gruenbacher) [RHEL-40901] - gfs2: Get rid of some unnecessary quota locking (Andreas Gruenbacher) [RHEL-40901] - gfs2: Add some missing quota locking (Andreas Gruenbacher) [RHEL-40901] - gfs2: Fold qd_fish into gfs2_quota_sync (Andreas Gruenbacher) [RHEL-40901] - gfs2: quota need_sync cleanup (Andreas Gruenbacher) [RHEL-40901] - gfs2: Fix and clean up function do_qc (Andreas Gruenbacher) [RHEL-40901] - gfs2: Revert 'Add quota_change type' (Andreas Gruenbacher) [RHEL-40901] - gfs2: Revert 'ignore negated quota changes' (Andreas Gruenbacher) [RHEL-40901] - gfs2: qd_check_sync cleanups (Andreas Gruenbacher) [RHEL-40901] - gfs2: Check quota consistency on mount (Andreas Gruenbacher) [RHEL-40901] - gfs2: Minor gfs2_quota_init error path cleanup (Andreas Gruenbacher) [RHEL-40901] - gfs2: fix kernel BUG in gfs2_quota_cleanup (Edward Adam Davis) [RHEL-40901] - gfs2: Clean up quota.c:print_message (Andreas Gruenbacher) [RHEL-40901] - gfs2: Clean up gfs2_alloc_parms initializers (Andreas Gruenbacher) [RHEL-40901] - gfs2: Two quota=account mode fixes (Andreas Gruenbacher) [RHEL-40901] - gfs2: Remove useless assignment (Bob Peterson) [RHEL-40901] - gfs2: simplify slot_get (Bob Peterson) [RHEL-40901] - gfs2: Simplify qd2offset (Bob Peterson) [RHEL-40901] - gfs2: Remove quota allocation info from quota file (Bob Peterson) [RHEL-40901] - gfs2: use constant for array size (Bob Peterson) [RHEL-40901] - gfs2: Set qd_sync_gen in do_sync (Bob Peterson) [RHEL-40901] - gfs2: Remove useless err set (Bob Peterson) [RHEL-40901] - gfs2: Small gfs2_quota_lock cleanup (Bob Peterson) [RHEL-40901] - gfs2: move qdsb_put and reduce redundancy (Bob Peterson) [RHEL-40901] - gfs2: Don't try to sync non-changes (Bob Peterson) [RHEL-40901] - gfs2: Simplify function need_sync (Bob Peterson) [RHEL-40901] - gfs2: remove unneeded pg_oflow variable (Bob Peterson) [RHEL-40901] - gfs2: remove unneeded variable done (Bob Peterson) [RHEL-40901] - gfs2: pass sdp to gfs2_write_buf_to_page (Bob Peterson) [RHEL-40901] - gfs2: pass sdp in to gfs2_write_disk_quota (Bob Peterson) [RHEL-40901] - gfs2: Pass sdp to gfs2_adjust_quota (Bob Peterson) [RHEL-40901] - gfs2: remove dead code for quota writes (Bob Peterson) [RHEL-40901] - gfs2: Use qd_sbd more consequently (Bob Peterson) [RHEL-40901] - gfs2: replace 'found' with dedicated list iterator variable (Jakob Koschel) [RHEL-40901] - gfs2: Some whitespace cleanups (Andreas Gruenbacher) [RHEL-40901] - gfs2: Fix gfs2_qa_get imbalance in gfs2_quota_hold (Bob Peterson) [RHEL-40901] - af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (Guillaume Nault) [RHEL-43961] {CVE-2024-38596} - af_unix: Fix data-races around sk->sk_shutdown. (Guillaume Nault) [RHEL-43961] {CVE-2024-38596} - af_unix: Fix data races around sk->sk_shutdown. (Guillaume Nault) [RHEL-43961] {CVE-2024-38596} - perf/core: Fix event sibling list locking (Daniel Vacek) [RHEL-31798] - media: bttv: fix use after free error due to btv->timeout timer (Kate Hsuan) [RHEL-38256] {CVE-2023-52847} - arp: Prevent overflow in arp_req_get(). (Antoine Tenart) [RHEL-31706] {CVE-2024-26733} - Bluetooth: btusb: Add a new PID/VID 0489/e0c8 for MT7921 (David Marlin) [RHEL-10263] - mm: swap: fix race between free_swap_and_cache() and swapoff() (Waiman Long) [RHEL-34971] {CVE-2024-26960} - swap: comments get_swap_device() with usage rule (Waiman Long) [RHEL-34971] {CVE-2024-26960} - mm/swapfile.c: __swap_entry_free() always free 1 entry (Waiman Long) [RHEL-34971] {CVE-2024-26960} - mm/swapfile.c: call free_swap_slot() in __swap_entry_free() (Waiman Long) [RHEL-34971] {CVE-2024-26960} - mm/swapfile.c: use __try_to_reclaim_swap() in free_swap_and_cache() (Waiman Long) [RHEL-34971] {CVE-2024-26960} - net: amd-xgbe: Fix skb data length underflow (Ken Cox) [RHEL-43788] {CVE-2022-48743} - ovl: fix warning in ovl_create_real() (cki-backport-bot) [RHEL-43652] {CVE-2021-47579} - net/sched: initialize noop_qdisc owner (Davide Caratti) [RHEL-35056] - net/sched: Fix mirred deadlock on device recursion (Davide Caratti) [RHEL-35056] {CVE-2024-27010} - ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (Pavel Reichl) [RHEL-45029] {CVE-2024-39276} - ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() (Ken Cox) [RHEL-38713] {CVE-2021-47548} - ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound (Hangbin Liu) [RHEL-44396] {CVE-2024-33621} - mlxsw: spectrum_acl_tcam: Fix stack corruption (Ivan Vecera) [RHEL-26462] {CVE-2024-26586} - inet: inet_defrag: prevent sk release while still in use (Antoine Tenart) [RHEL-33398] {CVE-2024-26921} - skb_expand_head() adjust skb->truesize incorrectly (Antoine Tenart) [RHEL-33398] - nvmet: fix ns enable/disable possible hang (Ming Lei) [RHEL-43547] [4.18.0-553.10.1_10] - SUNRPC: Fix RPC client cleaned up the freed pipefs dentries (Scott Mayhew) [RHEL-38264] {CVE-2023-52803} - scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() (Ewan D. Milne) [RHEL-39717] {CVE-2024-36025} - tcp: add sanity checks to rx zerocopy (Guillaume Nault) [RHEL-29494] {CVE-2024-26640} - SUNRPC: fix some memleaks in gssx_dec_option_array (Scott Mayhew) [RHEL-35209] {CVE-2024-27388} - wifi: nl80211: don't free NULL coalescing rule (Jose Ignacio Tornos Martinez) [RHEL-39752] {CVE-2024-36941} - nfs: fix UAF in direct writes (Scott Mayhew) [RHEL-34975] {CVE-2024-26958} - NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 (Scott Mayhew) [RHEL-33228] {CVE-2024-26870} - drm/amd/pm: Fix error of MACO flag setting code (Michel Danzer) [RHEL-15928] - scsi: aacraid: fix io hangs and improve performance (John Meneghini) [RHEL-23913] - block: prevent division by zero in blk_rq_stat_sum() (Ming Lei) [RHEL-37279] {CVE-2024-35925} - block: fix overflow in blk_ioctl_discard() (Ming Lei) [RHEL-39811] {CVE-2024-36917} - virtio-blk: fix implicit overflow on virtio_max_dma_size (Ming Lei) [RHEL-38131] {CVE-2023-52762} - nbd: null check for nla_nest_start (Ming Lei) [RHEL-35176] {CVE-2024-27025} - isdn: mISDN: netjet: Fix crash in nj_probe: (Ken Cox) [RHEL-38444] {CVE-2021-47284} - isdn: mISDN: Fix sleeping function called from invalid context (Ken Cox) [RHEL-38400] {CVE-2021-47468} - net/smc: avoid data corruption caused by decline (Tobias Huschle) [RHEL-38234] {CVE-2023-52775} - ubi: Check for too small LEB size in VTBL code (David Arcari) [RHEL-25092] {CVE-2024-25739} - i2c: core: Fix atomic xfer check for non-preempt config (Steve Best) [RHEL-38313] {CVE-2023-52791} - i2c: core: Run atomic i2c xfer when !preemptible (Steve Best) [RHEL-38313] {CVE-2023-52791} - firewire: ohci: mask bus reset interrupts between ISR and bottom half (Steve Best) [RHEL-39902] {CVE-2024-36950} - ipv6: init the accept_queue's spinlocks in inet6_create (Guillaume Nault) [RHEL-28899] {CVE-2024-26614} - tcp: make sure init the accept_queue's spinlocks once (Guillaume Nault) [RHEL-28899] {CVE-2024-26614} - tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (Steve Best) [RHEL-39352] {CVE-2024-36016} - mlxsw: spectrum_acl_tcam: Fix incorrect list API usage (Ivan Vecera) [RHEL-37484] {CVE-2024-36006} - pwm: Fix double shift bug (Steve Best) [RHEL-38278] {CVE-2023-52756} - mmc: sdio: fix possible resource leaks in some error paths (Steve Best) [RHEL-38149] {CVE-2023-52730} - of: unittest: Fix compile in the non-dynamic case (Steve Best) [RHEL-37070] {CVE-2023-52679} - of: unittest: Fix of_count_phandle_with_args() expected value message (Steve Best) [RHEL-37070] {CVE-2023-52679} - of: Fix double free in of_parse_phandle_with_args_map (Steve Best) [RHEL-37070] {CVE-2023-52679} - pinctrl: core: delete incorrect free in pinctrl_enable() (Steve Best) [RHEL-39756] {CVE-2024-36940} - pinctrl: core: fix possible memory leak in pinctrl_enable() (Steve Best) [RHEL-39756] {CVE-2024-36940} - media: gspca: cpia1: shift-out-of-bounds in set_flicker (Desnes Nunes) [RHEL-38331] {CVE-2023-52764} - tipc: fix a possible memleak in tipc_buf_append (Xin Long) [RHEL-39881] {CVE-2024-36954} - cifs: fix mid leak during reconnection after timeout threshold (Paulo Alcantara) [RHEL-36222] - cifs: Fix use-after-free in rdata->read_into_pages() (Paulo Alcantara) [RHEL-36222] - cifs: Fix pages leak when writedata alloc failed in cifs_write_from_iter() (Paulo Alcantara) [RHEL-36222] - cifs: Fix pages array leak when writedata alloc failed in cifs_writedata_alloc() (Paulo Alcantara) [RHEL-36222] - cifs: destage dirty pages before re-reading them for cache=none (Paulo Alcantara) [RHEL-36222] - cifs: destage any unwritten data to the server before calling copychunk_write (Paulo Alcantara) [RHEL-36222] - Adjust cifssb maximum read size (Paulo Alcantara) [RHEL-36222] - cifs: make locking consistent around the server session status (Paulo Alcantara) [RHEL-36222] - cifs: fix credit accounting for extra channel (Paulo Alcantara) [RHEL-36222] - smb3: prevent races updating CurrentMid (Paulo Alcantara) [RHEL-36222] - cifs: fix missing spinlock around update to ses->status (Paulo Alcantara) [RHEL-36222] - cifs: use echo_interval even when connection not ready. (Paulo Alcantara) [RHEL-36222] - cifs: detect dead connections only when echoes are enabled. (Paulo Alcantara) [RHEL-36222] - cifs: Fix preauth hash corruption (Paulo Alcantara) [RHEL-36222] - cifs: do not send close in compound create+close requests (Paulo Alcantara) [RHEL-36222] - cifs: ask for more credit on async read/write code paths (Paulo Alcantara) [RHEL-36222] - cifs: use discard iterator to discard unneeded network data more efficiently (Paulo Alcantara) [RHEL-36222] - cifs: Fix in error types returned for out-of-credit situations. (Paulo Alcantara) [RHEL-36222] - smb3: fix crediting for compounding when only one request in flight (Paulo Alcantara) [RHEL-36222] - cifs: New optype for session operations. (Paulo Alcantara) [RHEL-36222] - mm/gup: do not return 0 from pin_user_pages_fast() for bad args (Paulo Alcantara) [RHEL-36222] - wifi: brcmfmac: pcie: handle randbuf allocation failure (Jose Ignacio Tornos Martinez) [RHEL-44124] {CVE-2024-38575} - tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). (Guillaume Nault) [RHEL-39835] {CVE-2024-36904} - wifi: mac80211: don't return unset power in ieee80211_get_tx_power() (Jose Ignacio Tornos Martinez) [RHEL-38159] {CVE-2023-52832} - wifi: ath11k: fix gtk offload status event locking (Jose Ignacio Tornos Martinez) [RHEL-38155] {CVE-2023-52777} - net: ieee802154: fix null deref in parse dev addr (Steve Best) [RHEL-38012] {CVE-2021-47257} - mm/hugetlb: fix missing hugetlb_lock for resv uncharge (Rafael Aquini) [RHEL-37465] {CVE-2024-36000} - x86/xen: Add some null pointer checking to smp.c (Vitaly Kuznetsov) [RHEL-33258] {CVE-2024-26908} - x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (Vitaly Kuznetsov) [RHEL-33258] {CVE-2024-26908} - wifi: cfg80211: check A-MSDU format more carefully (Jose Ignacio Tornos Martinez) [RHEL-37343] {CVE-2024-35937} - wifi: rtw89: fix null pointer access when abort scan (Jose Ignacio Tornos Martinez) [RHEL-37355] {CVE-2024-35946} - atl1c: Work around the DMA RX overflow issue (Ken Cox) [RHEL-38287] {CVE-2023-52834} - wifi: ath11k: decrease MHI channel buffer length to 8KB (Jose Ignacio Tornos Martinez) [RHEL-37339] {CVE-2024-35938} - wifi: iwlwifi: mvm: rfi: fix potential response leaks (Jose Ignacio Tornos Martinez) [RHEL-37163] {CVE-2024-35912} - USB: core: Fix access violation during port device removal (Desnes Nunes) [RHEL-39853] {CVE-2024-36896} - scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() (Ewan D. Milne) [RHEL-37123] {CVE-2024-35930} - netfilter: nf_tables: honor table dormant flag from netdev release event path (Phil Sutter) [RHEL-37450] {CVE-2024-36005} - wifi: iwlwifi: mvm: don't set the MFP flag for the GTK (Jose Ignacio Tornos Martinez) [RHEL-36898] {CVE-2024-27434} - wifi: iwlwifi: mvm: Fix key flags for IGTK on AP interface (Jose Ignacio Tornos Martinez) [RHEL-36898] {CVE-2024-27434} - misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume (Steve Best) [RHEL-36932] {CVE-2024-35824} [4.18.0-553.9.1_10] - x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (Steve Best) [RHEL-37262] {CVE-2024-35876} - net/sched: flower: Fix chain template offload (Xin Long) [RHEL-31313] {CVE-2024-26669} - SUNRPC: fix a memleak in gss_import_v2_context (Scott Mayhew) [RHEL-35195] {CVE-2023-52653} - efivarfs: force RO when remounting if SetVariable is not supported (Pavel Reichl) [RHEL-26564] {CVE-2023-52463} - dmaengine: idxd: add a write() method for applications to submit work (Jerry Snitselaar) [RHEL-35826] {CVE-2024-21823} - dmaengine: idxd: add a new security check to deal with a hardware erratum (Jerry Snitselaar) [RHEL-35826] {CVE-2024-21823} - VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist (Jerry Snitselaar) [RHEL-35826] {CVE-2024-21823} - quota: Fix potential NULL pointer dereference (Pavel Reichl) [RHEL-33219] {CVE-2024-26878} - locking/lockdep: Fix overflow in presentation of average lock-time (Cestmir Kalina) [RHEL-17678] - blk-cgroup: Properly propagate the iostat update up the hierarchy (Ming Lei) [RHEL-40939] - proc: Use new_inode not new_inode_pseudo (Ian Kent) [RHEL-40167] - stmmac: Clear variable when destroying workqueue (Izabela Bakollari) [RHEL-31822] {CVE-2024-26802} - powerpc/pseries/memhp: Fix access beyond end of drmem array (Mamatha Inamdar) [RHEL-26495] {CVE-2023-52451} - platform/x86: wmi: Fix opening of char device (David Arcari) [RHEL-38258] {CVE-2023-52864} - Revert 'net/mlx5: Block entering switchdev mode with ns inconsistency' (Kamal Heib) [RHEL-36908] {CVE-2023-52658} - hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed (Cathy Avery) [RHEL-39074] - hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove (Cathy Avery) [RHEL-39074] - hv_netvsc: Calculate correct ring size when PAGE_SIZE is not 4 Kbytes (Cathy Avery) [RHEL-39074] - hv_netvsc: remove duplicated including of slab.h (Cathy Avery) [RHEL-39074] - hv_netvsc: rndis_filter needs to select NLS (Cathy Avery) [RHEL-39074] - hv_netvsc: Mark VF as slave before exposing it to user-mode (Cathy Avery) [RHEL-39074] - hv_netvsc: Fix race of register_netdevice_notifier and VF register (Cathy Avery) [RHEL-39074] - hv_netvsc: fix race of netvsc and VF register_netdevice (Cathy Avery) [RHEL-39074] - hv_netvsc: fix netvsc_send_completion to avoid multiple message length checks (Cathy Avery) [RHEL-39074] - hv_netvsc: Allocate rx indirection table size dynamically (Cathy Avery) [RHEL-39074] - net: hv_netvsc: Fix a warning triggered by memcpy in rndis_filter (Cathy Avery) [RHEL-39074] - gfs2: Fix lru_count accounting (Andreas Gruenbacher) [RHEL-32941] - gfs2: Fix 'Make glock lru list scanning safer' (Andreas Gruenbacher) [RHEL-32941] - gfs2: Fix 'ignore unlock failures after withdraw' (Andreas Gruenbacher) [RHEL-32941] - gfs2: Don't set GLF_LOCK in gfs2_dispose_glock_lru (Andreas Gruenbacher) [RHEL-32941] - gfs2: Don't forget to complete delayed withdraw (Andreas Gruenbacher) [RHEL-32941] - gfs2: Delay withdraw from atomic context (Andreas Gruenbacher) [RHEL-32941] - gfs2: trivial clean up of gfs2_ail_error (Andreas Gruenbacher) [RHEL-32941] - ext4: fix corruption during on-line resize (Carlos Maiolino) [RHEL-36974] {CVE-2024-35807} - ext4: correct offset of gdb backup in non meta_bg group to update_backups (Carlos Maiolino) [RHEL-36974] - ext4: avoid online resizing failures due to oversized flex bg (Carlos Maiolino) [RHEL-30507] {CVE-2023-52622} - ext4: use time_is_before_jiffies() instead of open coding it (Carlos Maiolino) [RHEL-30507] - ext4: unify the type of flexbg_size to unsigned int (Carlos Maiolino) [RHEL-30507] - ext4: remove unnecessary check from alloc_flex_gd() (Carlos Maiolino) [RHEL-30507] - tracing: Do no increment trace_clock_global() by one (Jerome Marchand) [RHEL-27107] {CVE-2021-46939} - tracing: Restructure trace_clock_global() to never block (Jerome Marchand) [RHEL-27107] {CVE-2021-46939} - net/sched: act_skbmod: prevent kernel-infoleak (Xin Long) [RHEL-37220] {CVE-2024-35893} - tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (Xin Long) [RHEL-38307] {CVE-2023-52845} - redhat: remove the merge subtrees script (Derek Barbosa) - redhat: rhdocs: delete .get_maintainer.conf (Derek Barbosa) - redhat: rhdocs: Remove the rhdocs directory (Derek Barbosa) - dyndbg: fix old BUG_ON in >control parser (Waiman Long) [RHEL-37111] {CVE-2024-35947} - dyndbg: let query-modname override actual module name (Waiman Long) [RHEL-37111] - dyndbg: make dyndbg a known cli param (Waiman Long) [RHEL-37111] - lan78xx: Fix exception on link speed change (Jamie Bainbridge) [RHEL-33437] - net: usb: lan78xx: don't modify phy_device state concurrently (Jamie Bainbridge) [RHEL-33437] - efi: runtime: Fix potential overflow of soft-reserved region size (Lenny Szubowicz) [RHEL-33096] {CVE-2024-26843} - perf/arm-cmn: Fail DTC counter allocation correctly (Michael Petlan) [RHEL-23841] - perf/arm-cmn: Rework DTC counters (again) (Michael Petlan) [RHEL-23841] - perf/arm-cmn: Fix DTC domain detection (Michael Petlan) [RHEL-23841] - perf/arm-cmn: Revamp model detection (Michael Petlan) [RHEL-23841] - perf/arm-cmn: Fix port detection for CMN-700 (Michael Petlan) [RHEL-23841] - perf/arm-cmn: Move overlapping wp_combine field (Michael Petlan) [RHEL-23841] - Partially revert 'perf/arm-cmn: Optimise DTC counter accesses' (Michael Petlan) [RHEL-23841] - drivers/perf: Compile with gnu99 standard (Michael Petlan) [RHEL-23841] - x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (Steve Best) [RHEL-36994] {CVE-2024-35801} - watchdog: softdog: Add options 'soft_reboot_cmd' and 'soft_active_on_boot' (Waiman Long) [RHEL-19723] - tipc: fix UAF in error path (Xin Long) [RHEL-34278] {CVE-2024-36886} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-52451 CVE-2024-26773 CVE-2024-33621 CVE-2024-35924 CVE-2024-36896 CVE-2021-47491 CVE-2023-52619 CVE-2023-52811 CVE-2024-26940 CVE-2024-36889 CVE-2024-38573 CVE-2024-39502 CVE-2021-47548 CVE-2023-52463 CVE-2023-52648 CVE-2023-52832 CVE-2024-27025 CVE-2024-35938 CVE-2024-36005 CVE-2021-47284 CVE-2021-47408 CVE-2023-52471 CVE-2023-52775 CVE-2023-52784 CVE-2024-25739 CVE-2024-27010 CVE-2024-27395 CVE-2024-36921 CVE-2024-38596 CVE-2024-38615 CVE-2022-48757 CVE-2023-28746 CVE-2023-52864 CVE-2024-26733 CVE-2024-36886 CVE-2024-36945 CVE-2021-47018 CVE-2021-47257 CVE-2021-47304 CVE-2021-47373 CVE-2022-48743 CVE-2023-52530 CVE-2023-52623 CVE-2024-26704 CVE-2024-26958 CVE-2024-26960 CVE-2024-35912 CVE-2024-35925 CVE-2024-36025 CVE-2024-36917 CVE-2024-36927 CVE-2024-38575 CVE-2021-47461 CVE-2023-52469 CVE-2023-52679 CVE-2024-36971 CVE-2024-36979 CVE-2021-46939 CVE-2021-47579 CVE-2022-48632 CVE-2023-52662 CVE-2023-52707 CVE-2023-52847 CVE-2024-27020 CVE-2024-35810 CVE-2024-35899 CVE-2024-36016 CVE-2024-36020 CVE-2024-36270 CVE-2023-52796 CVE-2024-27011 CVE-2024-31076 CVE-2024-36950 CVE-2024-39276 CVE-2024-39487 CVE-2023-52764 CVE-2023-52791 CVE-2023-52845 CVE-2024-21823 CVE-2024-26698 CVE-2024-26772 CVE-2024-27019 CVE-2024-35801 CVE-2024-35807 CVE-2024-35847 CVE-2024-36904 CVE-2024-36905 CVE-2024-36933 CVE-2024-36960 CVE-2024-36978 CVE-2024-38598 CVE-2024-38627 CVE-2024-26840 CVE-2024-35823 CVE-2024-35910 CVE-2024-36286 CVE-2024-36940 CVE-2022-48747 CVE-2024-26843 CVE-2024-26878 CVE-2024-26908 CVE-2024-35876 CVE-2024-36929 CVE-2024-38555 CVE-2024-39472 CVE-2023-52730 CVE-2023-52756 CVE-2023-52803 CVE-2024-26586 CVE-2024-26660 CVE-2024-26853 CVE-2024-27065 CVE-2024-35824 CVE-2024-35897 CVE-2024-35947 CVE-2024-36489 CVE-2024-36941 CVE-2024-36954 CVE-2024-39476 CVE-2021-47624 CVE-2024-26686 CVE-2024-26921 CVE-2024-26961 CVE-2024-27434 CVE-2024-35930 CVE-2024-36010 CVE-2024-40927 CVE-2024-40974 CVE-2021-47468 CVE-2023-52653 CVE-2023-52834 CVE-2024-2201 CVE-2024-26614 CVE-2024-26740 CVE-2024-26802 CVE-2024-26852 CVE-2024-26925 CVE-2024-35893 CVE-2024-35896 CVE-2024-35937 CVE-2024-36006 CVE-2024-36017 CVE-2024-38538 CVE-2023-52622 CVE-2024-26640 CVE-2024-35952 CVE-2023-52486 CVE-2024-27388 CVE-2024-26810 CVE-2024-35790 CVE-2024-35946 CVE-2023-52777 CVE-2024-26669 CVE-2023-52762 CVE-2024-26837 CVE-2024-35814 CVE-2024-26870 CVE-2023-52658 CVE-2024-35900 CVE-2024-36000 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:10:baseos_patch cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 9 [2.4.57-11.0.1.el9_4.1] - Replace index.html with Oracle's index page oracle_index.html. [2.4.57-11.1] - Resolves: RHEL-46047 - httpd: Security issues via backend applications whose response headers are malicious or exploitable (CVE-2024-38476) - Resolves: RHEL-53021 - Regression introduced by CVE-2024-38474 fix IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-38476 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [2.4.5-9] - Bump version to 2.4.5-9 - Resolves: RHEL-44323 - unauthenticated user can trigger a DoS by sending a specific extended search request - Resolves: RHEL-40945 - Malformed userPassword hash may cause Denial of Service - Resolves: RHEL-49457 - perf search result investigation for many large static groups and members - Resolves: RHEL-49459 - subsuffix are not returned in one level scoped search MODERATE Copyright 2024 Oracle, Inc. CVE-2024-6237 CVE-2024-5953 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 8 httpd [2.4.37-65.2.0.1] - Replace index.html with Oracle's index page oracle_index.html [2.4.37-65.2] - Resolves: RHEL-46040 - httpd:2.4/httpd: Security issues via backend applications whose response headers are malicious or exploitable (CVE-2024-38476) - Resolves: RHEL-53022 - Regression introduced by CVE-2024-38474 fix mod_http2 [1.15.7-10] - Resolves: RHEL-29817 - httpd:2.4/mod_http2: httpd: CONTINUATION frames DoS (CVE-2024-27316) mod_md IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-38476 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 9 bind [9.16.23-18.0.1.6] - Fix warning when changing device file permissions [Orabug: 36518580] [32:9.16.23-18.6] - Minor fix of reclimit test backport (CVE-2024-1737) [32:9.16.23-18.5] - Backport addition of max-records-per-type and max-records-per-type options [32:9.16.23-18.2] - Resolve CVE-2024-1975 - Resolve CVE-2024-1737 - Resolve CVE-2024-4076 - Add ability to change runtime limits for max types and records per name [32:9.16.23-18.1] - Rebuild with correct z-stream tag again [32:9.16.23-18] - Prevent crashing at masterformat system test (CVE-2023-6516) [32:9.16.23-17] - Import tests for large DNS messages fix - Add downstream change complementing CVE-2023-50387 [32:9.16.23-16] - Prevent increased CPU load on large DNS messages (CVE-2023-4408) - Prevent assertion failure when nxdomain-redirect is used with RFC 1918 reverse zones (CVE-2023-5517) - Prevent assertion failure if DNS64 and serve-stale is used (CVE-2023-5679) - Specific recursive query patterns may lead to an out-of-memory condition (CVE-2023-6516) - Prevent increased CPU consumption in DNSSEC validator (CVE-2023-50387 CVE-2023-50868) [32:9.16.23-15] - Update addresses of b.root-servers.net (RHEL-18188) [32:9.16.23-14] - Limit the amount of recursion possible in control channel (CVE-2023-3341) [32:9.16.23-13] - Prevent possible endless loop when refreshing stale data (CVE-2023-2911) [32:9.16.23-12] - Strengten cache cleaning to prevent overflowing configured limit (CVE-2023-2828) [32:9.16.23-11] - Correct backport issue in statistics rendering fix (#2126912) [32:9.16.23-10] - Handle subtle difference between upstream and rhel (CVE-2022-3094) [32:9.16.23-9] - Prevent flooding with UPDATE requests (CVE-2022-3094) - Handle RRSIG queries when server-stale is active (CVE-2022-3736) - Fix crash when soft-quota is reached and serve-stale is active (CVE-2022-3924) [32:9.16.23-8] - Correct regression preventing bind-dyndb-ldap build (#2162795) [32:9.16.23-7] - Prevent freeing zone during statistics rendering (#2101712) [32:9.16.23-6] - Bound the amount of work performed for delegations (CVE-2022-2795) - Add /usr/lib64/named to bind-chroot (#2129466) [32:9.16.23-5] - Fix possible serve-stale related crash (CVE-2022-3080) - Fix memory leak in ECDSA verify processing (CVE-2022-38177) - Fix memory leak in EdDSA verify processing (CVE-2022-38178) bind-dyndb-ldap [11.9-10] - Rebuilt for BIND CVE-2024-1737 fixes (CVE-2024-1737) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-4076 CVE-2024-1737 CVE-2024-1975 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 8 aardvark-dns buildah [2:1.33.8-4] - rebuild for golang fixes - Related: RHEL-28452 cockpit-podman [84.1-1] - update to https://github.com/cockpit-project/cockpit-podman/releases/tag/84.1 - Related: Jira:RHEL-25557 conmon [3:2.1.10-1] - update to https://github.com/containers/conmon/releases/tag/v2.1.10 - Related: Jira:RHEL-2110 containernetworking-plugins [1:1.4.0-5] - rebuild for golang fixes - Related: RHEL-28452 containers-common [1-82.0.1] - Updated removed references [Orabug: 33473101] (Alex Burmashev) - Adjust registries.conf (Nikita Gerasimov) - remove references to RedHat registry (Nikita Gerasimov) container-selinux [2:2.229.0-2] - remove watch statements properly for RHEL8 and lower - Related: Jira:RHEL-2110 criu crun [1.14.3-2] - remove BR libgcrypt-devel, no longer needed - Related: Jira:RHEL-2110 fuse-overlayfs [1.13-1] - update to https://github.com/containers/fuse-overlayfs/releases/tag/v1.13 - Related: Jira:RHEL-2110 libslirp netavark oci-seccomp-bpf-hook [1.2.10-1] - update to https://github.com/containers/oci-seccomp-bpf-hook/releases/tag/v1.2.10 - Related: Jira:RHEL-2110 podman [4.9.4-12.0.2] - Fixes issue of podman execvp error while using podmansh [Orabug: 36756665] python-podman [4.9.0-2] - depend directly on urllib3 - Resolves: RHEL-43567 runc [1:1.1.12-4] - rebuild for golang fixes - Related: RHEL-28452 skopeo [2:1.14.5-3] - rebuild for golang fixes - Related: RHEL-28452 slirp4netns [1.2.3-1] - update to https://github.com/rootless-containers/slirp4netns/releases/tag/v1.2.3 - Related: Jira:RHEL-2110 udica IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-6104 CVE-2024-3727 CVE-2023-45290 CVE-2024-24784 CVE-2024-24789 CVE-2024-37298 CVE-2024-24783 CVE-2024-1394 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 Oracle Linux 7 [3.10.0-1160.119.1.0.3.el7.OL7] - net: fix __dst_negative_advice() race (Eric Dumazet) [Orabug: 36947298] [3.10.0-1160.119.1.0.2.el7.OL7] - md/raid5: fix oops during stripe resizing (Ritika Srivastava) [Orabug: 34048726] - blk-mq: Remove generation seqeunce (Ritika Srivastava) [Orabug: 33964689] - block: init flush rq ref count to 1 (Ritika Srivastava) [Orabug: 33964689] - block: fix null pointer dereference in blk_mq_rq_timed_out() (Ritika Srivastava) [Orabug: 33964689] - [xen/netfront] stop tx queues during live migration (Orabug: 33446314) - [xen/balloon] Support xend-based toolstack (Orabug: 28663970) - [x86/apic/x2apic] avoid allocate multiple irq vectors for a single interrupt on multiple cpu, otherwise irq vectors would be used up when there are only 2 cpu online per node. [Orabug: 28691156] - [bonding] avoid repeated display of same link status change. [Orabug: 28109857] - [ipc] ipc/sem.c: bugfix for semctl(,,GETZCNT) (Manfred Spraul) [Orabug: 22552377] - kexec: Increase KEXEC_AUTO_RESERVED_SIZE to 256M [Orabug: 31517048] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-36971 CVE-2022-1011 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 9 [65.5.1-2.1] - Security fix for CVE-2024-6345 Resolves: RHEL-50490 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-6345 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 cjose mod_auth_openidc [2.4.9.4-6] - Resolves: RHEL-36492 Race condition in mod_auth_openidc filecache - Resolves: RHEL-25421 mod_auth_openidc: DoS when using OIDCSessionType client-cookie and manipulating cookies (CVE-2024-24814) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-24814 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [9.2.10-17] - Allow for mssql datasource in selinux policy - Resolves RHEL-43435 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-24789 CVE-2024-24790 CVE-2024-24788 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [10-2.3] - Backport fix for CVE-2024-28176 Resolves: RHEL-28719 [10-2.2] - Fix tests on s390x Related: RHEL-29857 [10-2.1] - Fixes CVE-2023-50967 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-50967 CVE-2024-28176 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [20220126gitbb1bba3d77-13.el8_10.2] [20220126gitbb1bba3d77-13.el8_10.1] - edk2-MdeModulePkg-Change-use-of-EFI_D_-to-DEBUG_.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-MdeModulePkg-Potential-UINT32-overflow-in-S3-ResumeC.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-MdePkg-Apply-uncrustify-changes.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-NetworkPkg-Apply-uncrustify-changes.p2.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Rename-RdRandGenerateEntropy-to-g.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Remove-ArchGetSupportedRngAlgorit.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Documentation-include-parameter-c.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Check-before-advertising-Cpu-Rng-.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Add-AArch64-RawAlgorithm-support-.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Add-debug-warning-for-NULL-PcdCpu.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Rename-AArch64-RngDxe.c.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Add-Arm-support-of-RngDxe.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Correctly-update-mAvailableAlgoAr.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Conditionally-install-EFI_RNG_PRO.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-MdeModulePkg-Duplicate-BaseRngLibTimerLib-to-MdeModu.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-MdePkg-Add-deprecated-warning-to-BaseRngLibTimer.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-SecurityPkg.dec-Move-PcdCpuRngSupportedA.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-MdePkg-DxeRngLib-Request-raw-algorithm-instead-of-de.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-MdePkg-Rng-Add-GUID-to-describe-Arm-Rndr-Rng-algorit.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-MdeModulePkg-Rng-Add-GUID-to-describe-unsafe-Rng-alg.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-MdePkg-Rng-Add-GetRngGuid-to-RngLib.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Use-GetRngGuid-when-probing-RngLi.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Simplify-Rng-algorithm-selection-.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-NetworkPkg-SECURITY-PATCH-CVE-2023-45237.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-che.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-add-rng-test.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-OvmfPkg-wire-up-RngDxe.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch [RHEL-21854 RHEL-21856 RHEL-40099] - Resolves: RHEL-21854 (CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [rhel-8]) - Resolves: RHEL-21856 (CVE-2023-45237 edk2: Use of a Weak PseudoRandom Number Generator [rhel-8]) - Resolves: RHEL-40099 (CVE-2024-1298 edk2: Temporary DoS vulnerability [rhel-8.10.z]) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-1298 CVE-2023-45236 CVE-2023-45237 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [3.32.2-56] - Only open portal login in response to user action Resolves: RHEL-39097 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-36472 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [1.19.5-12.0.1] - SSLv3 support dropped from openssl, v3 test certificates need to be replaced [Orabug: 29613455] [1.19.5-12] - Resolves: RHEL-43559 - Misinterpretation of input may lead to improper behavior MODERATE Copyright 2024 Oracle, Inc. CVE-2024-38428 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [20.11.0-12] - Fix crash in broken documents when using -dests - Fix versions in changelog - Resolves: RHEL-44330 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-6239 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [0.4.28-4] - Add patch for CVE-2024-40897 - Resolves: RHEL-50710 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-40897 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 Oracle Linux 8 [1.24.2-8] - Security fix for CVE-2024-37891 Resolves: RHEL-45334 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-37891 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:10:baseos_patch cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 Oracle Linux 8 [1.18.2-29.0.1] - Fixed race condition in krb5_set_password() [Orabug: 33609767] [1.18.2-29] - CVE-2024-37370 CVE-2024-37371 Fix vulnerabilities in GSS message token handling Resolves: RHEL-45398 RHEL-45386 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-37371 CVE-2024-37370 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:10:baseos_patch cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 Oracle Linux 9 [115.14.0-2.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [115.14.0] - Add debranding patches (Mustafa Gezen) - Add OpenELA default preferences (Louis Abel) [115.14.0-2] - Update to 115.14.0 build2 [115.14.0-1] - Update to 115.14.0 build1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-7522 CVE-2024-7519 CVE-2024-7526 CVE-2024-7521 CVE-2024-7518 CVE-2024-7520 CVE-2024-7525 CVE-2024-7527 CVE-2024-7528 CVE-2024-7529 CVE-2024-7524 cpe:/a:oracle:linux:9::appstream Oracle Linux 7 [115.12.0-1.0.3] - Security fixes [Orabug: 36904311][Orabug: 36948200][CVE-2024-6601] [CVE-2024-6603][CVE-2024-6604][CVE-2024-7519][CVE-2024-7520][CVE-2024-7521] [CVE-2024-7522][CVE-2024-7524][CVE-2024-7525][CVE-2024-7526][CVE-2024-7527] [CVE-2024-7529] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-7528 CVE-2024-7527 CVE-2024-7519 CVE-2024-7526 CVE-2024-7520 CVE-2024-7521 CVE-2024-7525 CVE-2024-7524 CVE-2024-7529 CVE-2024-7518 CVE-2024-7522 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 9 [8.0.108-1.0.1] - Add support for Oracle Linux [8.0.108-1] - Update to .NET SDK 8.0.108 and Runtime 8.0.8 - Resolves: RHEL-52389 [8.0.107-2] - Fix ownership of some missed directories - Resolves: RHEL-47080 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-38167 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 8 [8.0.108-1.0.1] - Add support for Oracle Linux [8.0.108-1] - Update to .NET SDK 8.0.108 and Runtime 8.0.8 - Resolves: RHEL-52388 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-38167 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [0.10.18-2.0.1] - Replace HAM-logo.png with a generic one [0.10.18-2] - Updated rubygem rexml Resolves: RHEL-37883 LOW Copyright 2024 Oracle, Inc. CVE-2024-35176 cpe:/a:oracle:linux:8::addons Oracle Linux 9 [5.14.0-427.31.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates [5.14.0-427.31.1_4] - net: fix __dst_negative_advice() race (CKI Backport Bot) [RHEL-46798] {CVE-2024-36971} - net: annotate data-races around sk->sk_dst_pending_confirm (CKI Backport Bot) [RHEL-46798] {CVE-2024-36971} [5.14.0-427.30.1_4] - dmaengine: idxd: add a write() method for applications to submit work (Jerry Snitselaar) [RHEL-35840] {CVE-2024-21823} - dmaengine: idxd: add a new security check to deal with a hardware erratum (Jerry Snitselaar) [RHEL-35840] {CVE-2024-21823} - VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist (Jerry Snitselaar) [RHEL-35840] {CVE-2024-21823} - tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer (Mark Salter) [RHEL-49538 RHEL-39308] - virtio: delete vq in vp_find_vqs_msix() when request_irq() fails (Jon Maloy) [RHEL-44467] {CVE-2024-37353} - phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (Izabela Bakollari) [RHEL-36271 RHEL-26682] {CVE-2024-26600} - eeprom: at24: fix memory corruption race condition (CKI Backport Bot) [RHEL-42970] {CVE-2024-35848} - eeprom: at24: Probe for DDR3 thermal sensor in the SPD case (CKI Backport Bot) [RHEL-42970] {CVE-2024-35848} - eeprom: at24: Use dev_err_probe for nvmem register failure (CKI Backport Bot) [RHEL-42970] {CVE-2024-35848} - eeprom: at24: Add support for 24c1025 EEPROM (CKI Backport Bot) [RHEL-42970] {CVE-2024-35848} - eeprom: at24: remove struct at24_client (CKI Backport Bot) [RHEL-42970] {CVE-2024-35848} - at24: Support probing while in non-zero ACPI D state (CKI Backport Bot) [RHEL-42970] {CVE-2024-35848} - tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). (CKI Backport Bot) [RHEL-44439] {CVE-2024-37356} - cxl/region: Fix cxlr_pmem leaks (cki-backport-bot) [RHEL-44486] {CVE-2024-38391} - tls: fix missing memory barrier in tls_init (cki-backport-bot) [RHEL-44480] {CVE-2024-36489} - igc: avoid returning frame twice in XDP_REDIRECT (Corinna Vinschen) [RHEL-42714 RHEL-33266] {CVE-2024-26853} - ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound (Hangbin Liu) [RHEL-44404 RHEL-44402] {CVE-2024-33621} - ipvlan: add ipvlan_route_v6_outbound() helper (Davide Caratti) [RHEL-44404 RHEL-32205] - ipvlan: properly track tx_errors (Davide Caratti) [RHEL-44404 RHEL-32205] - wifi: nl80211: don't free NULL coalescing rule (Jose Ignacio Tornos Martinez) [RHEL-41698 RHEL-39754] {CVE-2024-36941} - wifi: iwlwifi: dbg-tlv: ensure NUL termination (Jose Ignacio Tornos Martinez) [RHEL-41658 RHEL-37028] {CVE-2024-35845} - mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work (Ivan Vecera) [RHEL-41556 RHEL-37018] {CVE-2024-35852} - net: openvswitch: fix overwriting ct original tuple for ICMPv6 (cki-backport-bot) [RHEL-44215] {CVE-2024-38558} - wifi: iwlwifi: read txq->read_ptr under lock (Jose Ignacio Tornos Martinez) [RHEL-41520 RHEL-39799] {CVE-2024-36922} - wifi: cfg80211: check A-MSDU format more carefully (Jose Ignacio Tornos Martinez) [RHEL-38754 RHEL-37345] {CVE-2024-35937} - ice: fix memory corruption bug with suspend and rebuild (Petr Oros) [RHEL-49858 RHEL-17486] {CVE-2024-35911} - ipv6: prevent possible NULL deref in fib6_nh_init() (Hangbin Liu) [RHEL-48182 RHEL-45826] {CVE-2024-40961} - netns: Make get_net_ns() handle zero refcount net (Paolo Abeni) [RHEL-48117 RHEL-46610] {CVE-2024-40958} - net: do not leave a dangling sk pointer, when socket creation fails (Paolo Abeni) [RHEL-48072 RHEL-46610] {CVE-2024-40954} - net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool() (CKI Backport Bot) [RHEL-47902] {CVE-2024-40928} - net: netlink: af_netlink: Prevent empty skb by adding a check on len. (Ivan Vecera) [RHEL-43619 RHEL-30344] {CVE-2021-47606} - bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (CKI Backport Bot) [RHEL-46921] {CVE-2024-39487} - nfs: fix panic when nfs4_ff_layout_prepare_ds() fails (Benjamin Coddington) [RHEL-42732 RHEL-34875] {CVE-2024-26868} - efi: fix panic in kdump kernel (Steve Best) [RHEL-42920 RHEL-36998] {CVE-2024-35800} - ipv6: fix potential 'struct net' leak in inet6_rtm_getaddr() (Hangbin Liu) [RHEL-41735 RHEL-31050] {CVE-2024-27417} - netfilter: nf_tables: do not compare internal table flags on updates (Florian Westphal) [RHEL-41682 RHEL-33985] {CVE-2024-27065} - ipv6: Fix potential uninit-value access in __ip6_make_skb() (Antoine Tenart) [RHEL-41466 RHEL-39786] {CVE-2024-36903} - netfilter: nf_tables: honor table dormant flag from netdev release event path (Florian Westphal) [RHEL-40056 RHEL-33985] {CVE-2024-36005} - cifs: fix underflow in parse_server_interfaces() (Paulo Alcantara) [RHEL-34636 RHEL-31245] {CVE-2024-26828} - drm/i915/audio: Fix audio time stamp programming for DP (CKI Backport Bot) [RHEL-45843] - platform/x86: wmi: Fix opening of char device (David Arcari) [RHEL-42548 RHEL-38260] {CVE-2023-52864} - platform/x86: wmi: remove unnecessary initializations (David Arcari) [RHEL-42548 RHEL-38260] {CVE-2023-52864} - rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation (CKI Backport Bot) [RHEL-43170] {CVE-2024-36017} - netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain (Florian Westphal) [RHEL-40062 RHEL-33985] {CVE-2024-26808} - ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr (Jiri Benc) [RHEL-39017 RHEL-32372] {CVE-2024-35969} - netfilter: nf_tables: flush pending destroy work before exit_net release (Florian Westphal) [RHEL-38765 RHEL-33985] {CVE-2024-35899} - vt: fix unicode buffer corruption when deleting characters (Andrew Halaney) [RHEL-42947 RHEL-24205] {CVE-2024-35823} [5.14.0-427.29.1_4] - net: Avoid address overwrite in kernel_connect (Davide Caratti) [RHEL-45728 RHEL-30875] - net: replace calls to sock->ops->connect() with kernel_connect() (Davide Caratti) [RHEL-45728 RHEL-33410] - i40e: fix vf may be used uninitialized in this function warning (Kamal Heib) [RHEL-41638 RHEL-39704] {CVE-2024-36020} - cifs: translate network errors on send to -ECONNABORTED (Jay Shin) [RHEL-47047 RHEL-31245] - wifi: brcmfmac: pcie: handle randbuf allocation failure (Jose Ignacio Tornos Martinez) [RHEL-44132] {CVE-2024-38575} - wifi: iwlwifi: mvm: guard against invalid STA ID on removal (Jose Ignacio Tornos Martinez) [RHEL-43208 RHEL-39803] {CVE-2024-36921} - wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes (Jose Ignacio Tornos Martinez) [RHEL-42906 RHEL-36809] {CVE-2024-35789} - wifi: iwlwifi: mvm: don't set the MFP flag for the GTK (Jose Ignacio Tornos Martinez) [RHEL-42886 RHEL-36900] {CVE-2024-27434} - wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work (Jose Ignacio Tornos Martinez) [RHEL-42860 RHEL-35142] {CVE-2024-27052} - wifi: mt76: mt7925e: fix use-after-free in free_irq() (Jose Ignacio Tornos Martinez) [RHEL-42856 RHEL-35148] {CVE-2024-27049} - wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete (Jose Ignacio Tornos Martinez) [RHEL-42743 RHEL-34187] {CVE-2024-26897} - wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (Jose Ignacio Tornos Martinez) [RHEL-42383 RHEL-35199] {CVE-2023-52651} - net: core: reject skb_copy(_expand) for fraglist GSO skbs (Xin Long) [RHEL-41402 RHEL-39781] {CVE-2024-36929} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-26853 CVE-2024-27049 CVE-2024-38391 CVE-2024-26828 CVE-2024-35852 CVE-2024-26868 CVE-2024-36929 CVE-2024-37353 CVE-2024-27052 CVE-2024-36017 CVE-2024-36921 CVE-2024-35789 CVE-2024-40928 CVE-2023-52651 CVE-2024-21823 CVE-2024-36005 CVE-2024-38575 CVE-2024-35845 CVE-2024-27065 CVE-2024-36903 CVE-2024-37356 CVE-2021-47606 CVE-2024-26897 CVE-2024-36489 CVE-2024-36020 CVE-2024-27434 CVE-2024-36941 CVE-2024-26600 CVE-2023-52864 CVE-2024-39487 CVE-2024-26808 CVE-2024-27417 CVE-2024-40961 CVE-2024-35800 CVE-2024-35848 CVE-2024-40954 CVE-2024-35911 CVE-2024-40958 CVE-2024-35937 CVE-2024-35969 CVE-2024-36971 CVE-2024-35823 CVE-2024-35899 CVE-2024-38558 CVE-2024-36922 CVE-2024-33621 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_patch Oracle Linux 8 [32:9.16.23-0.22] - Minor fix of reclimit test backport (CVE-2024-1737) [32:9.16.23-0.21] - Backport addition of max-records-per-type and max-records-per-type options (CVE-2024-1737) [32:9.16.23-0.20] - Resolve CVE-2024-1975 - Resolve CVE-2024-1737 - Resolve CVE-2024-4076 - Add ability to change runtime limits for max types and records per name [32:9.16.23-0.19] - Add few more explicit conflicts with bind subpackages (RHEL-2208) [32:9.16.23-0.18] - Prevent crashing at masterformat system test (CVE-2023-6516) [32:9.16.23-0.17] - Prevent increased CPU load on large DNS messages (CVE-2023-4408) - Prevent assertion failure when nxdomain-redirect is used with RFC 1918 reverse zones (CVE-2023-5517) - Prevent assertion failure if DNS64 and serve-stale is used (CVE-2023-5679) - Specific recursive query patterns may lead to an out-of-memory condition (CVE-2023-6516) - Prevent increased CPU consumption in DNSSEC validator (CVE-2023-50387 CVE-2023-50868) - Import tests for large DNS messages fix - Add downstream change complementing CVE-2023-50387 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1975 CVE-2024-1737 CVE-2024-4076 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [115.14.0-2.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding OpenELA file [115.14.0] - Add debranding patches (Mustafa Gezen) - Add OpenELA default preferences (Louis Abel) [115.14.0-2] - Update to 115.14.0 build2 [115.14.0-1] - Update to 115.14.0 build1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-7519 CVE-2024-7521 CVE-2024-7526 CVE-2024-7527 CVE-2024-7529 CVE-2024-7518 CVE-2024-7522 CVE-2024-7525 CVE-2024-7520 CVE-2024-7524 CVE-2024-7528 cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [115.14.0-1.0.1] - Add Oracle prefs [115.14.0] - Add OpenELA debranding [115.14.0-1] - Update to 115.14.0 build1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-7519 CVE-2024-7527 CVE-2024-7520 CVE-2024-7522 CVE-2024-7528 CVE-2024-7518 CVE-2024-7521 CVE-2024-7525 CVE-2024-7529 CVE-2024-7526 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 [115.14.0-1.0.1] - Add Oracle prefs file [115.14.0] - Add OpenELA debranding [115.14.0-1] - Update to 115.14.0 build1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-7528 CVE-2024-7520 CVE-2024-7527 CVE-2024-7522 CVE-2024-7519 CVE-2024-7525 CVE-2024-7518 CVE-2024-7526 CVE-2024-7529 CVE-2024-7521 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [32:9.11.36-16.2] - Rebuild after CI change [32:9.11.36-16.1] - Resolve CVE-2024-1975 - Resolve CVE-2024-1737 - Add ability to change runtime limits for max types and records per name [32:9.11.36-16] - Ensure incompatible dhcp is not accepted [32:9.11.36-15] - Ensure incompatible bind-dyndb-ldap is not accepted IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1975 CVE-2024-1737 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:10:baseos_patch cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 Oracle Linux 9 [7.76.1-29.el9_4.1] - provide common cleanup method for push headers (CVE-2024-2398) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-2398 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 8 [39.2.0-8] - Security fix for CVE-2024-6345 Resolves: RHEL-50470 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-6345 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:10:baseos_patch cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 Oracle Linux 8 [68.2.2-4] - Security fix for CVE-2024-6345 Resolves: RHEL-50475 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-6345 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [65.5.1-3] - Security fix for CVE-2024-6345 Resolves: RHEL-50484 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-6345 cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [68.2.2-3.1] - Security fix for CVE-2024-6345 Resolves: RHEL-50481 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-6345 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [53.0.0-12.1] - Security fix for CVE-2024-6345 Resolves: RHEL-50466 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-6345 cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [7.1.8.1-14.0.1] - Replace colors with Oracle colors [Orabug: 32120093] - Added the --with-hamcrest option to configure. [7.1.8.1] - Remove Red Hat branding - Change vendor to RESF [1:7.1.8.1-14] - Fix CVE-2024-6472 remove ability to trust not validated macro signatures in high security MODERATE Copyright 2024 Oracle, Inc. CVE-2024-6472 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 8 [6.4.7.2-18.0.1] - Replace colors with Oracle colors [Orabug: 32120093] - Build with --with-vendor='Oracle America, Inc.' - Added the --with-hamcrest option to configure. [6.4.7.2] - Remove Red Hat branding - Change vendor to RESF [1:6.4.7.2-18] - Fix CVE-2024-6472 remove ability to trust not validated macro signatures in high security MODERATE Copyright 2024 Oracle, Inc. CVE-2024-6472 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [7.61.1-34.el8_10.2] - provide common cleanup method for push headers (CVE-2024-2398) [7.61.1-34.el8_10.1] - fix incorrect backport of bz2229800 (RHEL-44684) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-2398 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:10:baseos_patch cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 Oracle Linux 9 [1:9.0.87-1.el9_4.2] - Resolves: RHEL-46162 tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-34750 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 [1:9.0.87-1.el8_10.2] - Resolves: RHEL-46167 tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-34750 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 nodejs [1:20.16.0-1] - Update to 20.16.0 Fixes: CVE-2024-36137 CVE-2024-22018 CVE-2024-22020 nodejs-nodemon nodejs-packaging MODERATE Copyright 2024 Oracle, Inc. CVE-2024-22018 CVE-2024-22020 CVE-2024-28863 CVE-2024-36137 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 9 nodejs [1:20.16.0-1] - Update to 20.16.0 Fixes: CVE-2024-36137 CVE-2024-22018 CVE-2024-22020 nodejs-nodemon nodejs-packaging MODERATE Copyright 2024 Oracle, Inc. CVE-2024-36137 CVE-2024-22020 CVE-2024-22018 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:4:appstream_patch cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 8 pgaudit [16.0-1] - Update to 16.0 - Support postgresql 16 - Initial import for PG 16 module - Resolves: RHEL-3636 pg_repack postgres-decoderbufs [2.4.0-1.Final] - Initial import for postgresql 16 stream - Related: RHEL-3636 postgresql [16.4-1] - Update to 16.4 - Fix CVE-2024-7348 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-7348 CVE-2024-4317 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [5.14.0-427.33.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates [5.14.0-427.33.1_4] - bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (Kamal Heib) [RHEL-44287] {CVE-2024-38540} - netfilter: flowtable: validate pppoe header (Florian Westphal) [RHEL-44430 RHEL-33469] {CVE-2024-27016} - crypto: bcm - Fix pointer arithmetic (cki-backport-bot) [RHEL-44116] {CVE-2024-38579} - udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). (CKI Backport Bot) [RHEL-51035 RHEL-51033] {CVE-2024-41041} - netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (Florian Westphal) [RHEL-42832 RHEL-33985] {CVE-2024-27019} - netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV (Florian Westphal) [RHEL-42832 RHEL-33985] - netfilter: nf_tables: NULL pointer dereference in nf_tables_updobj() (Florian Westphal) [RHEL-42832 RHEL-33985] - netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path (Florian Westphal) [RHEL-41802 RHEL-33985] {CVE-2024-26925} - netfilter: nf_tables: discard table flag update with pending basechain deletion (Florian Westphal) [RHEL-40231 RHEL-33985] {CVE-2024-35897} - netfilter: nf_tables: reject table flag and netdev basechain updates (Florian Westphal) [RHEL-40231 RHEL-33985] - netfilter: bridge: replace physindev with physinif in nf_bridge_info (Florian Westphal) [RHEL-42966 RHEL-37040] {CVE-2024-35839} - netfilter: propagate net to nf_bridge_get_physindev (Florian Westphal) [RHEL-42966 RHEL-37040] {CVE-2024-35839} - netfilter: nfnetlink_log: use proper helper for fetching physinif (Florian Westphal) [RHEL-42966 RHEL-37040] {CVE-2024-35839} - netfilter: nf_queue: remove excess nf_bridge variable (Florian Westphal) [RHEL-42966 RHEL-37040] {CVE-2024-35839} - netfilter: nft_limit: reject configurations that cause integer overflow (Florian Westphal) [RHEL-40065 RHEL-33985] {CVE-2024-26668} - scsi: qedi: Fix crash while reading debugfs attribute (CKI Backport Bot) [RHEL-48339] {CVE-2024-40978} - mm/huge_memory: don't unpoison huge_zero_folio (Aristeu Rozanski) [RHEL-47804] {CVE-2024-40914} - tipc: force a dst refcount before doing decryption (Xin Long) [RHEL-48375 RHEL-6118] {CVE-2024-40983} - netfilter: nft_set_rbtree: skip end interval element from gc (Florian Westphal) [RHEL-41265] {CVE-2024-26581} - nvmet: fix a possible leak when destroy a ctrl during qp establishment (CKI Backport Bot) [RHEL-52021 RHEL-52019 RHEL-52020] {CVE-2024-42152} - net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (CKI Backport Bot) [RHEL-51756] {CVE-2024-42110} - netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (Florian Westphal) [RHEL-40265 RHEL-33985] {CVE-2024-35898} - netfilter: br_netfilter: remove WARN traps (CKI Backport Bot) [RHEL-42882] {CVE-2024-27415} - netfilter: br_netfilter: skip conntrack input hook for promisc packets (CKI Backport Bot) [RHEL-42882] {CVE-2024-27415} - netfilter: bridge: confirm multicast packets before passing them up the stack (CKI Backport Bot) [RHEL-42882] {CVE-2024-27415} - netfilter: nf_conntrack_bridge: initialize err to 0 (CKI Backport Bot) [RHEL-42882] {CVE-2024-27415} - netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (Florian Westphal) [RHEL-42842 RHEL-33985] {CVE-2024-27020} [5.14.0-427.32.1_4] - REDHAT: Makefile, dont reset dist-git-tmp if set (Lucas Zampieri) - net/mlx5e: Fix netif state handling (Benjamin Poirier) [RHEL-43872 RHEL-43870] {CVE-2024-38608} - net/mlx5e: Add wrapping for auxiliary_driver ops and remove unused args (Benjamin Poirier) [RHEL-43872 RHEL-43870] {CVE-2024-38608} - tun: add missing verification for short frame (Patrick Talbert) [RHEL-50202 RHEL-50203] {CVE-2024-41091} - tap: add missing verification for short frame (Patrick Talbert) [RHEL-50264 RHEL-50265] {CVE-2024-41090} - vfio/pci: Lock external INTx masking ops (Alex Williamson) [RHEL-43421 RHEL-30023] {CVE-2024-26810} - net: bridge: xmit: make sure we have at least eth header len bytes (cki-backport-bot) [RHEL-44299] {CVE-2024-38538} - KVM: arm64: Ensure target address is granule-aligned for range TLBI (Sebastian Ott) [RHEL-52248 RHEL-31215] - RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt (cki-backport-bot) [RHEL-44250] {CVE-2024-38544} - NFSv4: Fix memory leak in nfs4_set_security_label (CKI Backport Bot) [RHEL-52082] {CVE-2024-41076} - md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING (Nigel Croxon) [RHEL-46421 RHEL-35393] {CVE-2024-39476} - KVM: s390: fix LPSWEY handling (CKI Backport Bot) [RHEL-50074] - cxl/port: Fix delete_endpoint() vs parent unregistration race (John W. Linville) [RHEL-39290 RHEL-23582] {CVE-2023-52771} - net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() (Petr Oros) [RHEL-49862 RHEL-17486] {CVE-2024-26855} - ice: fix LAG and VF lock dependency in ice_reset_vf() (Petr Oros) [RHEL-49820 RHEL-17486] {CVE-2024-36003} - net: wwan: iosm: Fix tainted pointer delete is case of region creation fail (Jose Ignacio Tornos Martinez) [RHEL-47992 RHEL-9429] {CVE-2024-40939} - wifi: cfg80211: Lock wiphy in cfg80211_get_station (CKI Backport Bot) [RHEL-47770] {CVE-2024-40911} - wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() (CKI Backport Bot) [RHEL-47788] {CVE-2024-40912} - wifi: iwlwifi: mvm: check n_ssids before accessing the ssids (CKI Backport Bot) [RHEL-47920] {CVE-2024-40929} - wifi: iwlwifi: mvm: don't read past the mfuart notifcation (CKI Backport Bot) [RHEL-48028] {CVE-2024-40941} - seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors (Hangbin Liu) [RHEL-48098 RHEL-45826] {CVE-2024-40957} - ipv6: fix possible race in __fib6_drop_pcpu_from() (Hangbin Liu) [RHEL-47572 RHEL-45826] {CVE-2024-40905} - redhat/configs: Enable CONFIG_DRM_MGAG200_DISABLE_WRITECOMBINE (Jocelyn Falempe) [RHEL-39581 RHEL-28760] - drm/mgag200: Add an option to disable Write-Combine (Jocelyn Falempe) [RHEL-39581 RHEL-28760] - drm/mgag200: Fix caching setup for remapped video memory (Scott Weaver) [RHEL-39581 RHEL-24102] - Revert 'drm/mgag200: Flush the cache to improve latency' (Scott Weaver) [RHEL-39581 RHEL-28760] - net: psample: fix flag being set in wrong skb (Adrian Moreno) [RHEL-47275] - net: openvswitch: store sampling probability in cb. (Adrian Moreno) [RHEL-47275] - net: openvswitch: add psample action (Adrian Moreno) [RHEL-47275] - net: psample: allow using rate as probability (Adrian Moreno) [RHEL-47275] - net: psample: skip packet copy if no listeners (Adrian Moreno) [RHEL-47275] - net: psample: add user cookie (Adrian Moreno) [RHEL-47275] - i40e: fix: remove needless retries of NVM update (CKI Backport Bot) [RHEL-48169 RHEL-36692] - ice: Reject pin requests with unsupported flags (Petr Oros) [RHEL-50388 RHEL-17486] - ice: Don't process extts if PTP is disabled (Petr Oros) [RHEL-50388 RHEL-17486] - ice: Fix improper extts handling (Petr Oros) [RHEL-50388 RHEL-17486] - ice: stop destroying and reinitalizing Tx tracker during reset (Petr Oros) [RHEL-50388 RHEL-17486] - ice: factor out ice_ptp_rebuild_owner() (Petr Oros) [RHEL-50388 RHEL-17486] - ice: rename ice_ptp_tx_cfg_intr (Petr Oros) [RHEL-50388 RHEL-17486] - ice: don't check has_ready_bitmap in E810 functions (Petr Oros) [RHEL-50388 RHEL-17486] - ice: rename verify_cached to has_ready_bitmap (Petr Oros) [RHEL-50388 RHEL-17486] - ice: pass reset type to PTP reset functions (Petr Oros) [RHEL-50388 RHEL-17486] - ice: introduce PTP state machine (Petr Oros) [RHEL-50388 RHEL-17486] - ice: make RX HW timestamp reading code more reusable (Petr Oros) [RHEL-50388 RHEL-17486] - ice: Rename E822 to E82X (Petr Oros) [RHEL-50388 RHEL-17486] - ice: periodically kick Tx timestamp interrupt (Petr Oros) [RHEL-50388 RHEL-17486] - ice: Re-enable timestamping correctly after reset (Petr Oros) [RHEL-50388 RHEL-17486] - ptp: introduce helpers to adjust by scaled parts per million (Petr Oros) [RHEL-50388 RHEL-17486] - tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (Andrew Halaney) [RHEL-42566 RHEL-24205] {CVE-2023-52880} - netfilter: complete validation of user input (Phil Sutter) [RHEL-47384 RHEL-37212] {CVE-2024-35962} - netfilter: validate user input for expected length (Phil Sutter) [RHEL-41668 RHEL-37212] {CVE-2024-35896} - scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() (Ewan D. Milne) [RHEL-40051 RHEL-39719] {CVE-2024-36025} - x86/xen: Add some null pointer checking to smp.c (Vitaly Kuznetsov) [RHEL-37615 RHEL-33260] {CVE-2024-26908} - x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (Prarit Bhargava) [RHEL-37615 RHEL-25415] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-27415 CVE-2024-40914 CVE-2024-40978 CVE-2024-26925 CVE-2024-39476 CVE-2024-42152 CVE-2024-40983 CVE-2024-36003 CVE-2024-40905 CVE-2024-41091 CVE-2023-52880 CVE-2024-35898 CVE-2024-35897 CVE-2024-40929 CVE-2024-27020 CVE-2024-38538 CVE-2024-26855 CVE-2024-27019 CVE-2024-36025 CVE-2024-40911 CVE-2024-41041 CVE-2024-40941 CVE-2024-38579 CVE-2024-40912 CVE-2024-40957 CVE-2024-26810 CVE-2024-35896 CVE-2024-27016 CVE-2024-41090 CVE-2024-26908 CVE-2024-35839 CVE-2023-52771 CVE-2024-26581 CVE-2024-35962 CVE-2024-26668 CVE-2024-38608 CVE-2024-38544 CVE-2024-41076 CVE-2024-38540 CVE-2024-42110 CVE-2024-40939 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_patch Oracle Linux 9 pgaudit pg_repack postgres-decoderbufs postgresql [16.4-1] - Update to 16.4 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-4317 CVE-2024-7348 cpe:/a:oracle:linux:9::appstream Oracle Linux 7 [32:9.11.4-26.0.1.P2.16] - Resolve CVE-2024-1975 - Resolve CVE-2024-1737 - Add ability to change runtime limits for max types and records per name IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1737 CVE-2024-1975 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [1.7.0-11] - Add patch to fix integer overflows. - Fix compilation by including limits.h - Resolves: RHEL-40650 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-5197 CVE-2023-6349 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 mod_wsgi numpy python39 [3.9.19-7] - Security fix for CVE-2024-8088 Resolves: RHEL-55954 [3.9.19-6] - Security fix for CVE-2024-6923 Resolves: RHEL-53102 [3.9.19-5] - Properly propagate the optimization flags to C extensions [3.9.19-4] - Build Python with -O3 - https://fedoraproject.org/wiki/Changes/Python_built_with_gcc_O3 [3.9.19-3] - Security fix for CVE-2024-4032 Resolves: RHEL-44094 [3.9.19-2] - Enable importing of hash-based .pyc files under FIPS mode Resolves: RHEL-40786 python3x-pip python3x-setuptools [50.3.2-6] - Security fix for CVE-2024-6345 Resolves: RHEL-50493 python3x-six python-cffi python-chardet python-cryptography python-idna python-lxml python-ply python-psutil python-psycopg2 python-pycparser python-PyMySQL python-pysocks python-requests python-toml python-urllib3 python-wheel PyYAML scipy MODERATE Copyright 2024 Oracle, Inc. CVE-2024-4032 CVE-2024-8088 CVE-2024-6923 CVE-2024-6345 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 9 [13.16-1.0.1] - Remove non ASCII character from changelog date [13.16-1] - Update to 13.16 [13.14-2] - Remove /var/run/postgresql - Related: RHEL-25756 [13.14-1] - Update to 13.14 - Fix CVE-2024-0985 [13.13-1] - Update to 13.13 - Fixes CVE-2023-5868, CVE-2023-5869, CVE-2023-5870, and CVE-2023-39417 - Resolves: RHEL-5567 [13.11-1] - Update to 13.11 - Resolves: #2207935 * Tue Feb 28 2023 Filip Janus <fjanus@redhat.com> - 13.10-1 - Update to 13.10 - Resolves: #2114734 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-7348 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 8 pgaudit pg_repack postgres-decoderbufs postgresql [12.20-1] - Update to 12.20 - Fix CVE-2024-7348 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-7348 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 8 pgaudit pg_repack postgres-decoderbufs postgresql [15.8-1] - Update to 15.8 - Fix CVE-2024-7348 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-4317 CVE-2024-7348 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 8 pgaudit pg_repack postgres-decoderbufs postgresql [13.16-1] - Update to 13.16 - Fix CVE-2024-7348 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-7348 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 9 pgaudit [1.7.0-1] - Initial import for postgresql 15 module - Update to 1.7.0 - Support postgresql 15 - Related: #2128410 pg_repack postgres-decoderbufs [1.9.7-1.Final] - Iitial import for postgresql 15 stream - Related: #2128410 postgresql [15.8-1] - Update to 15.8 [15.6-3] - Remove /var/run/postgresql - Related: RHEL-51271 [15.6-2] - Enable lz4 and zstd support [15.6-1] - Update to 15.6 and 13.14 - Fix CVE-2024-0985 [15.5-1] - update to 15.5 - Fixes CVE-2023-5868, CVE-2023-5869, CVE-2023-5870, CVE-2023-39417, and CVE-2023-39418 [15.3-1] - update to 15.3 - Fixes CVE-2023-2454 and CVE-2023-2455 Resolves: #2214875 [15.2-1] - update to 15.2 - Resolves: #2128410 [15.0-2] - update postgresql-setup to 8.8 [15.0-1] - Initial import for postgresql 15 - Resolves: #2128410 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-7348 CVE-2024-4317 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [3.12.1-4.3] - Security fix for CVE-2024-8088 Resolves: RHEL-55964 [3.12.1-4.2] - Security fix for CVE-2024-6923 Resolves: RHEL-53087 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-6923 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 nodejs [1:18.20.4-1] - Update to 18.20.4 Fixes: CVE-2024-22020 CVE-2024-28863 nodejs-nodemon nodejs-packaging MODERATE Copyright 2024 Oracle, Inc. CVE-2024-22020 CVE-2024-28863 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 8 nodejs [1:18.20.4-1] - Update to 18.20.4 Fixes: CVE-2024-22020 CVE-2024-28863 nodejs-nodemon nodejs-packaging MODERATE Copyright 2024 Oracle, Inc. CVE-2024-22020 CVE-2024-28863 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [1.3.11.1-5.0.1] - Security fix for CVE-2024-5953 [Orabug: 37016708][CVE-2024-5953] MODERATE Copyright 2024 Oracle, Inc. CVE-2024-5953 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 9 [1.26.5-5.1] - Security fix for CVE-2024-37891 - Backport upstream patch to fix TypeError for http connection if the PoolManager - is instantiated with server_hostname Resolves: RHEL-49853 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-37891 cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [3.9.18-3.5] - Security fix for CVE-2024-8088 Resolves: RHEL-55968 [3.9.18-3.4] - Security fix for CVE-2024-6923 Resolves: RHEL-53044 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-6923 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_patch Oracle Linux 9 [1.21.1-2.0.1] - Fixed race condition in krb5_set_password() [Orabug: 33609767] [1.21.1-2] - CVE-2024-37370 CVE-2024-37371 Fix vulnerabilities in GSS message token handling Resolves: RHEL-45401 RHEL-45390 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-37370 CVE-2024-37371 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [3.11.7-1.5] - Security fix for CVE-2024-8088 Resolves: RHEL-55960 [3.11.7-1.4] - Security fix for CVE-2024-6923 Resolves: RHEL-53037 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-6923 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [0.4.31-7] - Add patch for CVE-2024-40897 - Resolves: RHEL-50701 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-40897 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1:1.4.0-5] - rebuild for CVE-2024-24783 - Resolves: RHEL-28431 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-24783 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [6:0.7.3-5] - rebuild for CVE-2024-24783 - Resolves: RHEL-28435 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-24783 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [4:1.1.12-4] - rebuild for CVE-2024-24783 - Resolves: RHEL-28439 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-24783 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1.33.7-4.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178] [2:1.33.7-4] - rebuild for CVE-2024-24783 - Resolves: RHEL-28428 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-24783 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1.21.1-8] - Resolves: RHEL-43226 - Misinterpretation of input may lead to improper behavior MODERATE Copyright 2024 Oracle, Inc. CVE-2024-38428 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [4.9.4-10.0.1] - Fixes issue of podman execvp error while using podmansh [Orabug: 36073625] - Improved saving remote build context to tarfile in Podman daemon [Orabug: 36495655] - Add devices on container startup, not on creation - Backport fast gzip for compression [Orabug: 36420418] - overlay: Put should ignore ENINVAL for Unmount [Orabug: 36234694] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404] [4:4.9.4-10] - update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/6b45bb1) - Resolves: RHEL-53250 [4:4.9.4-9] - update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/1a2d8e3) - Resolves: RHEL-50507 [4:4.9.4-8] - update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/affa589) - Resolves: RHEL-45916 [4:4.9.4-7] - update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/8fa0c76) - Resolves: RHEL-40804 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-6104 CVE-2024-37298 CVE-2024-24783 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [2:1.14.5-1] - update to the latest content of https://github.com/containers/skopeo/tree/release-1.14 (https://github.com/containers/skopeo/commit/072072b) - Resolves: RHEL-40805 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-24783 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [9.54.0-17] - RHEL-44759 CVE-2024-33870 ghostscript: path traversal to arbitrary files if the current directory is in the permitted paths - RHEL-44745 CVE-2024-33869 ghostscript: path traversal and command execution due to path reduction - RHEL-44731 CVE-2024-29510 ghostscript: format string injection leads to shell command execution (SAFER bypass) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-29510 CVE-2024-33870 CVE-2024-33869 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 8 [4.2.1-129.4] - bundled setuptools: fix CVE-2024-6345 Resolves: RHEL-50223 [4.2.1-129.3] - bundled urllib3: fix CVE-2024-37891 Resolves: RHEL-43568 [4.2.1-129.2] - fence_eps: add fence_epsr2 for ePowerSwitch R2 and newer Resolves: RHEL-7734 - bundled jinja2: fix CVE-2024-34064 Resolves: RHEL-35655 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-37891 CVE-2024-6345 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [4.9.0-54.4] - bundled setuptools: fix CVE-2024-6345 Resolves: RHEL-50360 [4.9.0-54.3] - gcp-pd-move: fix TLS_VERSION_1 issue Resolves: RHEL-50041 [4.9.0-54.2] - bundled urllib3: fix CVE-2024-37891 Resolves: RHEL-44923 [4.9.0-54.1] - AWS agents: retry failed metadata requests to avoid instantly failing when there is a hiccup in the network or metadata service - db2: fix OCF_SUCESS typo Resolves: RHEL-34137, RHEL-32828 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-37891 CVE-2024-6345 cpe:/a:oracle:linux:8::addons Oracle Linux 9 bubblewrap [0.4.1-7] - Add support for --bind-fd and --ro-bind-fd (CVE-2024-42472) flatpak [1.12.9-3] - Fix previous changelog entry [1.12.9-2] - Backport upstream patches for CVE-2024-42472 - Require bubblewrap version that has new --bind-fd option backported for addressing CVE-2024-42472 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-42472 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_patch Oracle Linux 7 [1.0.9-13.0.1] - Fix CVE-2024-42472 [Orabug: 37027734] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-42472 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 bubblewrap [0.4.0-2] - Backport upstream fix to help address CVE-2024-42472 in flatpak flatpak [1.12.9-3] - Fix previous changelog entry [1.12.9-2] - Backport upstream patches for CVE-2024-42472 - Require bubblewrap version that has new --bind-fd option backported for addressing CVE-2024-42472 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-42472 cpe:/o:oracle:linux:8:10:baseos_patch cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 9 [2.68.4-14.1] - Fix CVE-2024-34397, signal subscription vulnerabilities - Resolves: RHEL-56979 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-34397 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_patch Oracle Linux 9 [1:27.2-10] - org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code (CVE-2024-39331) - Disable xwidgets (RHEL-33447) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-39331 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1:2.3.16-11.1] - fix CVE-2024-23184: using a large number of address headers may trigger a denial of service (RHEL-55211) - fix CVE-2024-23185: very large headers can cause resource exhaustion when parsing message (RHEL-55225) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-23185 CVE-2024-23184 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [5.14.0-427.35.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates [5.14.0-427.35.1_4] - usb-storage: alauda: Check whether the media is initialized (CKI Backport Bot) [RHEL-43716] {CVE-2024-38619} - ceph: force sending a cap update msg back to MDS for revoke op (Xiubo Li) [RHEL-55437] - ceph: periodically flush the cap releases (Xiubo Li) [RHEL-55437] - mm: avoid overflows in dirty throttling logic (Jay Shin) [RHEL-51848 RHEL-50004] {CVE-2024-42131} - Revert 'mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again' (Jay Shin) [RHEL-51701 RHEL-50004] {CVE-2024-42102} - mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again (Jay Shin) [RHEL-42628 RHEL-5619] {CVE-2024-26720} - net: fix out-of-bounds access in ops_init (Paolo Abeni) [RHEL-43188 RHEL-46610] {CVE-2024-36883} - nvme: avoid double free special payload (CKI Backport Bot) [RHEL-51311] {CVE-2024-41073} - kernfs: change kernfs_rename_lock into a read-write lock (Jay Shin) [RHEL-55253 RHEL-52956] - kernfs: Separate kernfs_pr_cont_buf and rename_lock (Jay Shin) [RHEL-55253 RHEL-52956] - kernfs: fix missing kernfs_iattr_rwsem locking (Jay Shin) [RHEL-55253 RHEL-52956] - kernfs: Use a per-fs rwsem to protect per-fs list of kernfs_super_info (Jay Shin) [RHEL-55253 RHEL-52956] - kernfs: Introduce separate rwsem to protect inode attributes (Jay Shin) [RHEL-55253 RHEL-52956] - xhci: Handle TD clearing for multiple streams case (CKI Backport Bot) [RHEL-47894 RHEL-47892] {CVE-2024-40927} - Bluetooth: af_bluetooth: Fix deadlock (Bastien Nocera) [RHEL-34161] {CVE-2024-26886} - xdp: Remove WARN() from __xdp_reg_mem_model() (CKI Backport Bot) [RHEL-51586] {CVE-2024-42082} - nfsd: don't take fi_lock in nfsd_break_deleg_cb() (Benjamin Coddington) [RHEL-42578 RHEL-34875] - nfsd: fix RELEASE_LOCKOWNER (Benjamin Coddington) [RHEL-42578 RHEL-34875] {CVE-2024-26629} - net: bridge: mst: fix suspicious rcu usage in br_mst_set_state (CKI Backport Bot) [RHEL-43729 RHEL-43727] - net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state (CKI Backport Bot) [RHEL-43729 RHEL-43727] - net: bridge: mst: fix vlan use-after-free (cki-backport-bot) [RHEL-43729] {CVE-2024-36979} - efivarfs: force RO when remounting if SetVariable is not supported (Pavel Reichl) [RHEL-42343 RHEL-26588] {CVE-2023-52463} - ACPI: arm64: export acpi_arch_thermal_cpufreq_pctg() (Charles Mirabile) [RHEL-34234 RHEL-1697] - ACPI: processor: reduce CPUFREQ thermal reduction pctg for Tegra241 (Charles Mirabile) [RHEL-34234 RHEL-1697] - ACPI: thermal: Add Thermal fast Sampling Period (_TFP) support (Scott Weaver) [RHEL-34234 RHEL-1697] [5.14.0-427.34.1_4] - mm: prevent derefencing NULL ptr in pfn_section_valid() (Jarod Wilson) [RHEL-51140 RHEL-51138] {CVE-2024-41055} - mm, kmsan: fix infinite recursion due to RCU critical section (Jarod Wilson) [RHEL-51140 RHEL-51138] {CVE-2024-41055} - ppp: reject claimed-as-LCP but actually malformed packets (CKI Backport Bot) [RHEL-51061 RHEL-51059] {CVE-2024-41044} - x86: stop playing stack games in profile_pc() (CKI Backport Bot) [RHEL-51651] {CVE-2024-42096} - PCI/MSI: Fix UAF in msi_capability_init (CKI Backport Bot) [RHEL-51438] {CVE-2024-41096} - iommufd: Fix missing update of domains_itree after splitting iopt_area (Jerry Snitselaar) [RHEL-42518 RHEL-28780] {CVE-2023-52801} - mm: cachestat: fix folio read-after-free in cache walk (Nico Pache) [RHEL-41739 RHEL-5619] {CVE-2024-26630} - regmap: maple: Fix cache corruption in regcache_maple_drop() (Jaroslav Kysela) [RHEL-43179 RHEL-39706] {CVE-2024-36019} - mm: cachestat: fix two shmem bugs (Nico Pache) [RHEL-36912] {CVE-2024-35797} - kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address (Steve Best) [RHEL-42778 RHEL-34985] {CVE-2024-26946} - mm/hugetlb: fix missing hugetlb_lock for resv uncharge (Rafael Aquini) [RHEL-43132 RHEL-37467] {CVE-2024-36000} - rbd: don't assume rbd_is_lock_owner() for exclusive mappings (Ilya Dryomov) [RHEL-52675 RHEL-50366] - rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings (Ilya Dryomov) [RHEL-52675 RHEL-50366] - rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (Ilya Dryomov) [RHEL-52675 RHEL-50366] - gpio: tegra186: Fix tegra186_gpio_is_accessible() check (Charles Mirabile) [RHEL-49347 RHEL-32452] - net/sched: Fix UAF when resolving a clash (CKI Backport Bot) [RHEL-51022 RHEL-51020] {CVE-2024-41040} - KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() (Maxim Levitsky) [RHEL-41462 RHEL-32430] {CVE-2024-35791} - cxl/region: Fix memregion leaks in devm_cxl_add_region() (John W. Linville) [RHEL-47965 RHEL-23582] {CVE-2024-40936} - x86/coco: Require seeding RNG with RDRAND on CoCo systems (Lenny Szubowicz) [RHEL-42986 RHEL-37269] {CVE-2024-35875} - scsi: qedf: Ensure the copied buf is NUL terminated (cki-backport-bot) [RHEL-44203] {CVE-2024-38559} MODERATE Copyright 2024 Oracle, Inc. CVE-2024-41096 CVE-2024-42082 CVE-2024-42131 CVE-2023-52801 CVE-2024-26720 CVE-2024-35791 CVE-2024-40927 CVE-2023-52463 CVE-2024-36883 CVE-2024-36979 CVE-2024-38619 CVE-2024-40936 CVE-2024-26629 CVE-2024-26946 CVE-2024-42096 CVE-2024-38559 CVE-2024-26630 CVE-2024-41055 CVE-2024-35797 CVE-2024-36000 CVE-2024-41044 CVE-2024-36019 CVE-2024-41073 CVE-2024-42102 CVE-2024-41040 CVE-2024-26886 CVE-2024-35875 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_patch Oracle Linux 8 [1.4.3.39-8] - Bump version to 1.4.3.39-8 - Resolves: RHEL-40943 - CVE-2024-5953 389-ds:1.4/389-ds-base: Malformed userPassword hash may cause Denial of Service [rhel-8.10.z] - Resolves: RHEL-58069 - perf search result investigation for many large static groups and members [rhel-8.10.0.z] MODERATE Copyright 2024 Oracle, Inc. CVE-2024-5953 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [39.2.0-10.0.3] - Back port fix for CVE-2024-6345 [Orabug: 37054771] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-6345 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [0.9.8-7.0.1] - Fixes CVE-2024-6345 security issue [Orabug: 37054994] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-6345 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [0.10.18-2.0.1.el8_10.2] - Replace HAM-logo.png with a generic one [0.10.18-2.el8_10.2] - Updated rubygem rexml Resolves: RHEL-52409, RHEL-52788, RHEL-55997 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-41123 CVE-2024-41946 CVE-2024-43398 cpe:/a:oracle:linux:8::addons Oracle Linux 9 [128.2.0-1.0.2] - Fix firefox-oracle-default-prefs.js for new nss [Orabug: 37079773] [128.2.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [128.2.0] - Add debranding patches (Mustafa Gezen) - Add OpenELA default preferences (Louis Abel) [128.2.0-1] - Update to 128.2.0 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-8382 CVE-2024-7652 CVE-2024-8381 CVE-2024-8384 CVE-2024-8383 CVE-2024-8385 CVE-2024-8387 CVE-2024-8386 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 [128.2.0-1.0.2] - Fix firefox-oracle-default-prefs.js for new nss [Orabug: 37079789] [128.2.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding OpenELA file [128.2.0] - Add debranding patches (Mustafa Gezen) - Add OpenELA default preferences (Louis Abel) [128.2.0-1] - Update to 128.2.0 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-8387 CVE-2024-7652 CVE-2024-8381 CVE-2024-8382 CVE-2024-8384 CVE-2024-8385 CVE-2024-8386 CVE-2024-8383 cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [128.2.0-1.0.2] - Fix prefs for new nss [Orabug: 37079813] [128.2.0-1.0.1] - Add Oracle prefs [128.2.0] - Add OpenELA debranding [128.2.0-1] - Update to 128.2.0 [128.1.1-2] - Update to 128.1.1 [128.0-1] - Update to 128.0 final [128.0b4-1] - Update to 128.0b4 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-8382 CVE-2024-8386 CVE-2024-8387 CVE-2024-8381 CVE-2024-8385 CVE-2024-8394 CVE-2024-7652 CVE-2024-8384 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 [128.2.0-1.0.2] - Fix prefs for new nss [Orabug: 37079820] [128.2.0-1.0.1] - Add Oracle prefs file [128.2.0] - Add OpenELA debranding [128.2.0-1] - Update to 128.2.0 [128.1.1-2] - Update to 128.1.1 [128.0-1] - Update to 128.0 final [128.0b4-1] - Update to 128.0b4 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-8394 CVE-2024-7652 CVE-2024-8387 CVE-2024-8385 CVE-2024-8382 CVE-2024-8381 CVE-2024-8384 CVE-2024-8386 cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [4.10.0-62.5] - bundled setuptools: fix CVE-2024-6345 Resolves: RHEL-49657 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-6345 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::addons Oracle Linux 9 [2.5.0-2.1] - Fix multiple CVEs - Fix CVE-2024-45492 integer overflow - Fix CVE-2024-45491 Integer Overflow or Wraparound - Fix CVE-2024-45490 Negative Length Parsing Vulnerability - Resolves: RHEL-57510 - Resolves: RHEL-57497 - Resolves: RHEL-56763 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-45492 CVE-2024-45490 CVE-2024-45491 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [1.18.1-4.0.1] - Add new content to nbd_connect_uri.pod [1.18.1-4] - Fix CVE-2024-7383 NBD server improper certificate validation resolves: RHEL-52730 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-7383 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [3.0.7-28.0.1] - Drop OpenELA branding, apply Oracle branding patches - Enable openssl-fips-provider dependency [Orabug: 36504822] - Temporary disable openssl-fips-provider dependency [Orabug: 36504822] - Replace upstream references [Orabug: 34340177] [1:3.0.7-28] - Patch for CVE-2024-6119 Resolves: RHEL-55340 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-6119 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 8 ruby [3.3.5-3] - Upgrade to Ruby 3.3.5 Resolves: RHEL-55409 - Fix DoS vulnerability in rexml. (CVE-2024-39908) (CVE-2024-41946) (CVE-2024-43398) Resolves: RHEL-57049 Resolves: RHEL-57054 Resolves: RHEL-57069 - Fix REXML DoS when parsing an XML having many specific characters such as whitespace character, >] and ]>. (CVE-2024-41123) Resolves: RHEL-52783 rubygem-abrt [0.4.0-1] - Update to abrt 0.4.0. Resolves: rhbz#1842476 rubygem-mysql2 [0.5.5-1] - Upgrade to mysql2 0.5.5. Related: RHEL-17090 rubygem-pg [1.5.4-1] - Upgrade to pg 1.5.4. Related: RHEL-17090 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-39908 CVE-2024-41123 CVE-2024-41946 CVE-2024-43398 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 9 ruby [3.3.5-3] - Upgrade to Ruby 3.3.5 Resolves: RHEL-57576 - Fix DoS vulnerability in rexml. (CVE-2024-39908) (CVE-2024-41946) (CVE-2024-43398) Resolves: RHEL-57573 Resolves: RHEL-57570 Resolves: RHEL-57578 - Fix REXML DoS when parsing an XML having many specific characters such as whitespace character, >] and ]>. (CVE-2024-41123) Resolves: RHEL-57567 - Fix incorrect symlink for rubygem-irb's library. Resolves: RHEL-57597 [3.3.1-2] - Upgrade to Ruby 3.3.1. Resolves: RHEL-37697 - Fix buffer overread vulnerability in StringIO. (CVE-2024-27280) Resolves: RHEL-37699 - Fix RCE vulnerability with .rdoc_options in RDoc. (CVE-2024-27281) Resolves: RHEL-37696 - Fix Arbitrary memory address read vulnerability with Regex search. (CVE-2024-27282) Resolves: RHEL-37698 [3.3.0-1] - Upgrade to Ruby 3.3.0. Resolves: RHEL-17089 [3.1.2-142] - Bypass git submodule test failure on Git >= 2.38.1. - Fix tests with Europe/Amsterdam pre-1970 time on tzdata version 2022b. - Fix for tzdata-2022g. - Fix OpenSSL.fips_mode and OpenSSL::PKey.read in OpenSSL 3 FIPS. Resolves: RHEL-5590 - ssl: use ffdhe2048 from RFC 7919 as the default DH group parameters Related: RHEL-5590 - Disable fiddle tests that use FFI closures. Related: RHEL-5590 rubygem-mysql2 [0.5.5-1] - Upgrade to mysql2 0.5.5. Related: RHEL-17089 rubygem-pg [1.5.4-1] - Upgrade to pg 1.5.4. Related: RHEL-17089 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-41123 CVE-2024-41946 CVE-2024-43398 CVE-2024-39908 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 8 [5.3.7-22.0.1] - pcp-zoneinfo fix to replay ol7 archives [Orabug: 35903733] - Backporting of python tool pcp-meminfo [Orabug: 35759707] - Backporting of python tool pcp-slabinfo [Orabug: 35560940] - Backporting of python tool pcp-buddyinfo [Orabug: 35660932] - Backporting of python tool pcp-netstat [Orabug: 34324779] - Backporting of python tool pcp-zoneinfo [Orabug: 35660927] - Fixed multiple pcp python utiltites issues[Orabug: 35434363] - Fixed broken pipe issue in pcp ps utlity[Orabug: 34830203] - Fixed pcp mpstat utiltiy crash issue [Orabug: 34891338] - Pcp mpstat utiltiy initial archive file read error fix [Orabug: 34869451] - Fix pcp-ps to show n sample with archives[Orabug: 34849959] - Pcp ps Utility -o option and print issue fix [Orabug: 34321683] - Pcp ps utilty has been added [Orabug: 34321683] [5.3.7-22] - Fix buffer sizing checks in pmstore PDU handling (RHEL-57796) - Guard against symlink attacks in pmpost program (RHEL-57799) - Fix libpcp_web webgroup slow request refcounting (RHEL-58002) - Update pmdahacluster for newer crm_mon versions (RHEL-57788) [5.3.7-21] - Fix python API day-of-year out of range bug (RHEL-29708) - Added spec deps on ps and diffutils for diff (RHEL-17081) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-45769 CVE-2024-45770 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [128.2.0-1.0.1] - Remove nomerge annotation from abort calls [Orabug: 37079143] - Update to 128.2.0 [Orabug: 37079143] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-8385 CVE-2024-8381 CVE-2024-8386 CVE-2024-7652 CVE-2024-8382 CVE-2024-8383 CVE-2024-8387 CVE-2024-8384 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 9 [6.2.0-5.0.1] - Fixed libpcp derived metric issue for ol9 [Orabug: 36538820] [6.2.0-5] - Fix buffer sizing checks in pmstore PDU handling (RHEL-57805) - Guard against symlink attacks in pmpost program (RHEL-57810) - Fix libpcp_web webgroup slow request refcounting (RHEL-58306) - Updated pmdahacluster for newer crm_mon versions (RHEL-50693) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-45769 CVE-2024-45770 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 delve [1.21.2-4.0.1] - Disable DWARF compression which has issues (Alex Burmashev) [1.21.2-4] - Skip tests in %check due to incompatible Go version in buildroot (temporary). - Resolves: RHEL-59518 golang [1.21.13-2] - Rebuild Go with CVE Fixes - Remove fix-memleak-setupRSA.patch (exists upstream) - Resolves: RHEL-58223 - Resolves: RHEL-57961 - Resolves: RHEL-57847 - Resolves: RHEL-57860 [1.21.13-1] - Update to Go1.21.13 to fix CVE-2024-24791 - Resolves: RHEL-47198 go-toolset [1.21.13-1] - Fix CVE-2024-24791 - Resolves: RHEL-47198 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-34156 CVE-2024-24791 CVE-2024-34158 CVE-2024-34155 cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [1.21.13-3] - Related: RHEL-58226 [1.21.13-2] - Rebuild Go with CVE Fixes - Remove fix-memleak-setupRSA.patch (exists upstream) - Resolves: RHEL-58226 - Resolves: RHEL-57962 - Resolves: RHEL-57848 - Resolves: RHEL-57865 [1.21.13-1] - Rebase to Go1.21.13 to pick the fix for CVE-2024-24791 - Technically Go1.21.12 contains the fix for the CVE but there was another latest release so rebasing to that - Resolves: RHEL-53547 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-34156 CVE-2024-24791 CVE-2024-34155 CVE-2024-34158 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [5.1.1-3] - Resolves RHEL-57930: CVE-2024-34156 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-34156 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [9.2.10-17] - Resolves RHEL-57925: CVE-2024-34156 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-34156 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 [3.12.5-2] - Security fix for CVE-2024-8088 Resolves: RHEL-55939 [3.12.5-1] - Update to 3.12.5 - Security fix for CVE-2024-6923 Resolves: RHEL-53075 [3.12.4-3] - Properly propagate the optimization flags to C extensions [3.12.4-2] - Build Python with -O3 - https://fedoraproject.org/wiki/Changes/Python_built_with_gcc_O3 [3.12.4-1] - Update to 3.12.4 Resolves: RHEL-44074 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-6923 CVE-2024-8088 CVE-2024-4032 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [3.11.9-7.0.1] - Update rpm-macros description [Orabug: 36024572] [3.11.9-7] - Security fix for CVE-2024-8088 Resolves: RHEL-55934 [3.11.9-6] - Security fix for CVE-2024-6923 Resolves: RHEL-53089 [3.11.9-5] - Properly propagate the optimization flags to C extensions [3.11.9-4] - Build Python with -O3 - https://fedoraproject.org/wiki/Changes/Python_built_with_gcc_O3 [3.11.9-3] - Security fix for CVE-2024-4032 Resolves: RHEL-44067 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-4032 CVE-2024-6923 CVE-2024-8088 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [3.22.30-12] - Stop loading modules from cwd (CVE-2024-6655) - Resolves: RHEL-46988 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-6655 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 hivex libguestfs libguestfs-winsupport libiscsi libnbd [1.6.0-6] - Fix CVE-2024-7383 NBD server improper certificate validation resolves: RHEL-52728 libtpms libvirt libvirt-dbus libvirt-python nbdkit netcf perl-Sys-Virt qemu-kvm [6.2.0-53] - kvm-nbd-server-Favor-qemu_aio_context-over-iohandler-con.patch [RHEL-52611] - kvm-iotests-test-NBD-TLS-iothread.patch [RHEL-52611] - kvm-nbd-server-CVE-2024-7409-Avoid-use-after-free-when-c.patch [RHEL-52611] - Resolves: RHEL-52611 (CVE-2024-7409 virt:rhel/qemu-kvm: Denial of Service via Improper Synchronization in QEMU NBD Server During Socket Closure [rhel-8.10.z]) seabios sgabios supermin swtpm virt-v2v MODERATE Copyright 2024 Oracle, Inc. CVE-2024-7383 CVE-2024-7409 CVE-2024-3446 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 aardvark-dns buildah cockpit-podman conmon containernetworking-plugins containers-common container-selinux criu crun fuse-overlayfs libslirp netavark oci-seccomp-bpf-hook podman [4.9.4-13.0.1] - Fixes issue of container created in cgroupv2 not start in cgroupv1 [Orabug: 36136813] - Fixes container memory limit not set after host is rebooted with cgroupv2 [Orabug: 36136802] - Fixes issue of podman execvp error while using podmansh [Orabug: 36756665] [4:4.9.4-13] - update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/e3221b5) - Resolves: RHEL-56326 python-podman runc skopeo slirp4netns udica MODERATE Copyright 2024 Oracle, Inc. CVE-2023-45290 CVE-2024-24783 CVE-2024-24784 CVE-2024-24788 CVE-2024-24791 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [1:2.3.16-6] - fix CVE-2024-23185: very large headers can cause resource exhaustion when parsing message (RHEL-55219) - fix CVE-2024-23184: using a large number of address headers may trigger a denial of service (RHEL-55206) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-23184 CVE-2024-23185 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [3.6.8-67.0.1] - Add Oracle Linux distribution in platform.py [Orabug: 20812544] [3.6.8-67] - Security fix for CVE-2024-6232 Resolves: RHEL-57399 [3.6.8-66] - Security fix for CVE-2024-6923 Resolves: RHEL-53065 [3.6.8-65] - Build Python with -O3 - https://fedoraproject.org/wiki/Changes/Python_built_with_gcc_O3 [3.6.8-64] - Add explicit RPM Provides for /usr/libexec/platform-python Resolves: RHEL-48605 [3.6.8-63] - Security fix for CVE-2024-4032 Resolves: RHEL-44060 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-6923 CVE-2024-6232 CVE-2024-4032 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:10:baseos_patch cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [2.9.8-3] - fix incomplete backport of the fix for the emergency file replacement vulnerability (RHEL-35236) [2.9.8-2] - fix emergency file replacement vulnerability (RHEL-35236) LOW Copyright 2024 Oracle, Inc. CVE-2024-5742 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:10:baseos_patch Oracle Linux 8 [1:26.1-12] - org-file-contents: Consider all remote files unsafe (CVE-2024-30205) - org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code (CVE-2024-39331) - Make Gnus treats inline MIME contents as untrusted (CVE-2024-30203) - Disable xwidgets (RHEL-14549) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-30203 CVE-2024-39331 CVE-2024-30205 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:10:baseos_patch cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [2.2.5-15.0.1] - lib: Prevent integer overflow in doProlog [CVE-2022-23990][Orabug: 33910314] [2.2.5-15] - Rebuild for test reconfiguration [2.2.5-14] - Fix multiple CVEs - Fix CVE-2024-45492 integer overflow - Fix CVE-2024-45491 Integer Overflow or Wraparound - Fix CVE-2024-45490 Negative Length Parsing Vulnerability - Resolves: RHEL-57505 - Resolves: RHEL-57493 - Resolves: RHEL-56751 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-45491 CVE-2024-45490 CVE-2024-45492 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:10:baseos_patch Oracle Linux 7 [3.10.0-1160.119.1.0.5.el7.OL7] - wifi: mac80211: Avoid address calculations via out of bounds array indexing (Kees Cook) [Orabug: 37092983] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-41071 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7:9:patch cpe:/a:oracle:linux:7::optional_latest Oracle Linux 9 [5.14.0-427.37.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates [5.14.0-427.37.1_4] - ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses (CKI Backport Bot) [RHEL-42783] {CVE-2024-26947} - powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV (Mamatha Inamdar) [RHEL-45537 RHEL-25055] - tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (Steve Best) [RHEL-40517 RHEL-39354] {CVE-2024-36016} - smb: client: set correct id, uid and cruid for multiuser automounts (Jay Shin) [RHEL-47260 RHEL-31245] - printk: printk.c: Disable per_console_kthreads on !CONFIG_PREEMPT_RT (Derek Barbosa) [RHEL-39064] - uio: Fix use-after-free in uio_open (Ricardo Robaina) [RHEL-41275 RHEL-26233] {CVE-2023-52439} - gpiolib: cdev: Fix use after free in lineinfo_changed_notify (Steve Best) [RHEL-43192 RHEL-39849] {CVE-2024-36899} - wifi: mac80211: Avoid address calculations via out of bounds array indexing (CKI Backport Bot) [RHEL-51287 RHEL-51285] {CVE-2024-41071} - Input: cyapa - add missing input core locking to suspend/resume functions (cki-backport-bot) [RHEL-44455] {CVE-2023-52884} - net: usb: lan78xx: reorder cleanup operations to avoid UAF bugs (Jamie Bainbridge) [RHEL-34928 RHEL-33332] - lan78xx: Limit number of driver warning messages (Jamie Bainbridge) [RHEL-34928 RHEL-33332] - lan78xx: Fix race condition in disconnect handling (Jamie Bainbridge) [RHEL-34928 RHEL-33332] - lan78xx: Fix race conditions in suspend/resume handling (Jamie Bainbridge) [RHEL-34928 RHEL-33332] - lan78xx: Fix partial packet errors on suspend/resume (Jamie Bainbridge) [RHEL-34928 RHEL-33332] - lan78xx: Fix exception on link speed change (Jamie Bainbridge) [RHEL-34928 RHEL-33332] - lan78xx: Add missing return code checks (Jamie Bainbridge) [RHEL-34928 RHEL-33332] - lan78xx: Remove unused pause frame queue (Jamie Bainbridge) [RHEL-34928 RHEL-33332] - lan78xx: Set flow control threshold to prevent packet loss (Jamie Bainbridge) [RHEL-34928 RHEL-33332] - lan78xx: Remove unused timer (Jamie Bainbridge) [RHEL-34928 RHEL-33332] - lan78xx: Fix white space and style issues (Jamie Bainbridge) [RHEL-34928 RHEL-33332] - sctp: fix association labeling in the duplicate COOKIE-ECHO case (CKI Backport Bot) [RHEL-56745 RHEL-48647] - ice: xsk: fix txq interrupt mapping (Petr Oros) [RHEL-52771 RHEL-15670] - ice: add missing WRITE_ONCE when clearing ice_rx_ring::xdp_prog (Petr Oros) [RHEL-52771 RHEL-15670] - ice: improve updating ice_{t,r}x_ring::xsk_pool (Petr Oros) [RHEL-52771 RHEL-15670] - ice: toggle netif_carrier when setting up XSK pool (Petr Oros) [RHEL-52771 RHEL-15670] - ice: modify error handling when setting XSK pool in ndo_bpf (Petr Oros) [RHEL-52771 RHEL-15670] - ice: replace synchronize_rcu with synchronize_net (Petr Oros) [RHEL-52771 RHEL-15670] - ice: don't busy wait for Rx queue disable in ice_qp_dis() (Petr Oros) [RHEL-52771 RHEL-15670] - ice: respect netif readiness in AF_XDP ZC related ndo's (Petr Oros) [RHEL-52771 RHEL-15670] - ice: remove af_xdp_zc_qps bitmap (Petr Oros) [RHEL-52771 RHEL-17486] - ice: reorder disabling IRQ and NAPI in ice_qp_dis (Petr Oros) [RHEL-52771 RHEL-17486] - ice: make ice_vsi_cfg_txq() static (Petr Oros) [RHEL-52771 RHEL-17486] - ice: make ice_vsi_cfg_rxq() static (Petr Oros) [RHEL-52771 RHEL-17486] - ice: make use of DEFINE_FLEX() for struct ice_aqc_add_tx_qgrp (Petr Oros) [RHEL-52771 RHEL-17486] - xdp: reflect tail increase for MEM_TYPE_XSK_BUFF_POOL (Petr Oros) [RHEL-52771 RHEL-38863] - ice: update xdp_rxq_info::frag_size for ZC enabled Rx queue (Petr Oros) [RHEL-52771 RHEL-38863] - intel: xsk: initialize skb_frag_t::bv_offset in ZC drivers (Petr Oros) [RHEL-52771 RHEL-38863] - ice: remove redundant xdp_rxq_info registration (Petr Oros) [RHEL-52771 RHEL-38863] - ice: work on pre-XDP prog frag count (Petr Oros) [RHEL-52771 RHEL-38863] - xsk: fix usage of multi-buffer BPF helpers for ZC XDP (Petr Oros) [RHEL-52771 RHEL-38863] - xsk: make xsk_buff_pool responsible for clearing xdp_buff::flags (Petr Oros) [RHEL-52771 RHEL-38863] - xsk: recycle buffer in case Rx queue was full (Petr Oros) [RHEL-52771 RHEL-38863] - overflow: add DEFINE_FLEX() for on-stack allocs (Petr Oros) [RHEL-52771 RHEL-30138] - overflow: Add struct_size_t() helper (Petr Oros) [RHEL-52771 RHEL-30138] - bpf, sockmap: Prevent lock inversion deadlock in map delete elem (Felix Maurer) [RHEL-41479 RHEL-30107] {CVE-2024-35895} - xfs: allow SECURE namespace xattrs to use reserved block pool (CKI Backport Bot) [RHEL-54443 RHEL-49806] - platform/x86/intel-uncore-freq: Don't present root domain on error (David Arcari) [RHEL-43291 RHEL-38558] - platform/x86/intel-uncore-freq: Increase minor number support (David Arcari) [RHEL-43291 RHEL-38558] - platform/x86/intel-uncore-freq: Process read/write blocked feature status (David Arcari) [RHEL-43291 RHEL-38558] - platform/x86/intel/tpmi: Move TPMI ID definition (Steve Best) [RHEL-43291 RHEL-35956] - ice: fix VSI lists confusion when adding VLANs (CKI Backport Bot) [RHEL-57778 RHEL-20571] - ice: fix accounting for filters shared by multiple VSIs (CKI Backport Bot) [RHEL-57778 RHEL-20571] - ice: fix accounting if a VLAN already exists (CKI Backport Bot) [RHEL-57778 RHEL-17486] [5.14.0-427.36.1_4] - scsi: qla2xxx: Fix double free of fcport (Nilesh Javali) [RHEL-39547 RHEL-40034 RHEL-25184 RHEL-35020] {CVE-2024-26929} - scsi: qla2xxx: Fix double free of the ha->vp_map pointer (Nilesh Javali) [RHEL-39547 RHEL-41325 RHEL-25184 RHEL-35016] {CVE-2024-26930} - scsi: qla2xxx: Fix command flush on cable pull (Nilesh Javali) [RHEL-39547 RHEL-40029 RHEL-25184 RHEL-35012] {CVE-2024-26931} - net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket (Benjamin Coddington) [RHEL-53708 RHEL-53004] {CVE-2024-42246} - ice: Add netif_device_attach/detach into PF reset flow (CKI Backport Bot) [RHEL-56275 RHEL-56084] - wifi: mt76: replace skb_put with skb_put_zero (CKI Backport Bot) [RHEL-52368] {CVE-2024-42225} - cppc_cpufreq: Fix possible null pointer dereference (cki-backport-bot) [RHEL-44145] {CVE-2024-38573} - ring-buffer: Fix a race between readers and resize checks (cki-backport-bot) [RHEL-43920] {CVE-2024-38601} - fork: defer linking file vma until vma is fully initialized (Rafael Aquini) [RHEL-35617 RHEL-35022] {CVE-2024-27022} - ACPICA: Revert 'ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.' (CKI Backport Bot) [RHEL-48393 RHEL-48391] {CVE-2024-40984} - KVM: x86/mmu: x86: Don't overflow lpage_info when checking attributes (Maxim Levitsky) [RHEL-41345 RHEL-32430] {CVE-2024-26991} - net/sched: act_mirred: don't override retval if we already lost the skb (Davide Caratti) [RHEL-42644 RHEL-31724] {CVE-2024-26739} - net/sched: act_mirred: Create function tcf_mirred_to_dev and improve readability (Davide Caratti) [RHEL-42644 RHEL-32137] - cpufreq: exit() callback is optional (cki-backport-bot) [RHEL-43848] {CVE-2024-38615} - gfs2: Fix potential glock use-after-free on unmount (Andreas Gruenbacher) [RHEL-44157 RHEL-44155] {CVE-2024-38570} - gfs2: simplify gdlm_put_lock with out_free label (Andreas Gruenbacher) [RHEL-44157 RHEL-44155] {CVE-2024-38570} - gfs2: Remove ill-placed consistency check (Andreas Gruenbacher) [RHEL-44157 RHEL-44155] {CVE-2024-38570} - wifi: nl80211: Avoid address calculations via out of bounds array indexing (Jose Ignacio Tornos Martinez) [RHEL-46505 RHEL-34696] {CVE-2024-38562} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-38573 CVE-2024-26931 CVE-2024-40984 CVE-2024-26991 CVE-2024-26929 CVE-2024-26930 CVE-2024-38615 CVE-2024-26739 CVE-2024-26947 CVE-2024-36899 CVE-2024-38601 CVE-2024-42246 CVE-2024-27022 CVE-2024-36016 CVE-2024-38562 CVE-2024-38570 CVE-2024-42225 CVE-2023-52884 CVE-2023-52439 CVE-2024-35895 CVE-2024-41071 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_patch Oracle Linux 8 [4.18.0-553.22.1_10.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652] - Drop not needed patch [4.18.0-553.22.1_10] - wifi: mac80211: Avoid address calculations via out of bounds array indexing (Michal Schmidt) [RHEL-51278] {CVE-2024-41071} [4.18.0-553.21.1_10] - s390/dasd: fix error recovery leading to data corruption on ESE devices (Mete Durlu) [RHEL-55874] - protect the fetch of ->fd[fd] in do_dup2() from mispredictions (CKI Backport Bot) [RHEL-55123] {CVE-2024-42265} - net: openvswitch: fix overwriting ct original tuple for ICMPv6 (cki-backport-bot) [RHEL-44207] {CVE-2024-38558} - mlxsw: thermal: Fix out-of-bounds memory accesses (CKI Backport Bot) [RHEL-38375] {CVE-2021-47441} - USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (CKI Backport Bot) [RHEL-47552] {CVE-2024-40904} - ipvs: properly dereference pe in ip_vs_add_service (Phil Sutter) [RHEL-54903] {CVE-2024-42322} - net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket (CKI Backport Bot) [RHEL-53702] {CVE-2024-42246} - drm/amdgpu: change vm->task_info handling (Michel Danzer) [RHEL-49379] {CVE-2024-41008} - drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() (Michel Danzer) [RHEL-45036] {CVE-2024-39471} - drm/amdgpu: add error handle to avoid out-of-bounds (Michel Danzer) [RHEL-45036] {CVE-2024-39471} - drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (Michel Danzer) [RHEL-52845] {CVE-2024-42228} [4.18.0-553.20.1_10] - KVM: arm64: Disassociate vcpus from redistributor region on teardown (Shaoqin Huang) [RHEL-48417] {CVE-2024-40989} - devres: Fix memory leakage caused by driver API devm_free_percpu() (CKI Backport Bot) [RHEL-55597] {CVE-2024-43871} - phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (Izabela Bakollari) [RHEL-26680] {CVE-2024-26600} - nvmet-fc: avoid deadlock on delete association path (Maurizio Lombardi) [RHEL-31618] {CVE-2024-26769} - nvmet-fc: release reference on target port (Maurizio Lombardi) [RHEL-31618] {CVE-2024-26769} - ACPI: LPIT: Avoid u32 multiplication overflow (Mark Langsdorf) [RHEL-37062] {CVE-2023-52683} - sched/deadline: Fix task_struct reference leak (Phil Auld) [RHEL-50904] {CVE-2024-41023} - nfsd: fix crash on LOCKT on reexported NFSv3 (Benjamin Coddington) [RHEL-31515] - mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path (CKI Backport Bot) [RHEL-26570] {CVE-2024-26595} - mlxsw: spectrum_acl_tcam: Move devlink param to TCAM code (Ivan Vecera) [RHEL-26570] {CVE-2024-26595} - ACPI: extlog: fix NULL pointer dereference check (Mark Langsdorf) [RHEL-29110] {CVE-2023-52605} - ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() (Mark Langsdorf) [RHEL-33198] {CVE-2024-26894} - mm: prevent derefencing NULL ptr in pfn_section_valid() (Audra Mitchell) [RHEL-51132] {CVE-2024-41055} - mm, kmsan: fix infinite recursion due to RCU critical section (Audra Mitchell) [RHEL-51132] {CVE-2024-41055} - cipso: make cipso_v4_skbuff_delattr() fully remove the CIPSO options (Ondrej Mosnacek) [RHEL-30904] - cipso: fix total option length computation (Ondrej Mosnacek) [RHEL-30904] - ext4: do not create EA inode under buffer lock (Carlos Maiolino) [RHEL-48271] {CVE-2024-40972} - ext4: fold quota accounting into ext4_xattr_inode_lookup_create() (Carlos Maiolino) [RHEL-48271] {CVE-2024-40972} - ext4: check the return value of ext4_xattr_inode_dec_ref() (Carlos Maiolino) [RHEL-48271] {CVE-2024-40972} - ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (Carlos Maiolino) [RHEL-48507] {CVE-2024-40998} - ext4: remove duplicate definition of ext4_xattr_ibody_inline_set() (Carlos Maiolino) [RHEL-48271] {CVE-2024-40972} [4.18.0-553.19.1_10] - drm/i915/vma: Fix UAF on destroy against retire race (Mika Penttila) [RHEL-35222] {CVE-2024-26939} - RHEL-48620 (Kenneth Yin) [RHEL-48620] - net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() (CKI Backport Bot) [RHEL-42721] {CVE-2024-26855} - net: usb: asix: do not force pause frames support (Ken Cox) [RHEL-28108] {CVE-2021-47101} - net: asix: fix 'can't send until first packet is send' issue (Ken Cox) [RHEL-28108] {CVE-2021-47101} - net: asix: fix modprobe 'sysfs: cannot create duplicate filename' (Ken Cox) [RHEL-28108] {CVE-2021-47101} - net: asix: add proper error handling of usb read errors (Ken Cox) [RHEL-28108] {CVE-2021-47101} - asix: fix wrong return value in asix_check_host_enable() (Ken Cox) [RHEL-28108] {CVE-2021-47101} - asix: fix uninit-value in asix_mdio_read() (Ken Cox) [RHEL-28108] {CVE-2021-47101} - net: usb: asix: ax88772: fix boolconv.cocci warnings (Ken Cox) [RHEL-28108] {CVE-2021-47101} - net: usb: asix: do not call phy_disconnect() for ax88178 (Ken Cox) [RHEL-28108] {CVE-2021-47101} - net: usb: asix: ax88772: move embedded PHY detection as early as possible (Ken Cox) [RHEL-28108] {CVE-2021-47101} - net: asix: fix uninit value bugs (Ken Cox) [RHEL-28108] {CVE-2021-47101} - net: usb: asix: ax88772: add missing stop (Ken Cox) [RHEL-28108] {CVE-2021-47101} - net: usb: asix: ax88772: suspend PHY on driver probe (Ken Cox) [RHEL-28108] {CVE-2021-47101} - net: usb: asix: ax88772: manage PHY PM from MAC (Ken Cox) [RHEL-28108] {CVE-2021-47101} - net: usb: asix: ax88772: Fix less than zero comparison of a u16 (Ken Cox) [RHEL-28108] {CVE-2021-47101} - net: usb: asix: Fix less than zero comparison of a u16 (Ken Cox) [RHEL-28108] {CVE-2021-47101} - net: usb: asix: add error handling for asix_mdio_* functions (Ken Cox) [RHEL-28108] {CVE-2021-47101} - net: usb: asix: ax88772: add phylib support (Ken Cox) [RHEL-28108] {CVE-2021-47101} - net: usb: asix: refactor asix_read_phy_addr() and handle errors on return (Ken Cox) [RHEL-28108] {CVE-2021-47101} - SUNRPC: always free ctxt when freeing deferred request (Jay Shin) [RHEL-40936] - SUNRPC: double free xprt_ctxt while still in use (Jay Shin) [RHEL-40936] - SUNRPC: Remove svc_rqst::rq_xprt_hlen (Jay Shin) [RHEL-40936] - SUNRPC: Remove dead code in svc_tcp_release_rqst() (Jay Shin) [RHEL-40936] - x86/bugs: Extend VMware Retbleed workaround to Nehalem & earlier CPUs (Waiman Long) [RHEL-48646] - wifi: iwlwifi: read txq->read_ptr under lock (Jose Ignacio Tornos Martinez) [RHEL-39797] {CVE-2024-36922} - scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (John Meneghini) [RHEL-39908] {CVE-2024-36919} - nbd: always initialize struct msghdr completely (Ming Lei) [RHEL-29498] {CVE-2024-26638} - block: don't call rq_qos_ops->done_bio if the bio isn't tracked (Ming Lei) [RHEL-42151] {CVE-2021-47412} - nvmet: fix a possible leak when destroy a ctrl during qp establishment (Maurizio Lombardi) [RHEL-52013] {CVE-2024-42152} - ipv6: prevent NULL dereference in ip6_output() (Sabrina Dubroca) [RHEL-39912] {CVE-2024-36901} - ppp: reject claimed-as-LCP but actually malformed packets (Guillaume Nault) [RHEL-51052] {CVE-2024-41044} - leds: trigger: Unregister sysfs attributes before calling deactivate() (CKI Backport Bot) [RHEL-54834] {CVE-2024-43830} - crypto: bcm - Fix pointer arithmetic (cki-backport-bot) [RHEL-44108] {CVE-2024-38579} - scsi: qedf: Ensure the copied buf is NUL terminated (John Meneghini) [RHEL-44195] {CVE-2024-38559} - x86/bhi: Avoid warning in #DB handler due to BHI mitigation (Waiman Long) [RHEL-53657] {CVE-2024-42240} - scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (CKI Backport Bot) [RHEL-47529] {CVE-2024-40901} - ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() (CKI Backport Bot) [RHEL-39843] {CVE-2024-36902} - net: usb: ax88179_178a: improve link status logs (Jose Ignacio Tornos Martinez) [RHEL-45167] - net: usb: ax88179_178a: improve reset check (Jose Ignacio Tornos Martinez) [RHEL-45167] - net: usb: ax88179_178a: fix link status when link is set to down/up (Jose Ignacio Tornos Martinez) [RHEL-45167] - net: usb: ax88179_178a: avoid writing the mac address before first reading (Jose Ignacio Tornos Martinez) [RHEL-45167] - KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() (Shaoqin Huang) [RHEL-40837] {CVE-2024-36953} - KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id (Shaoqin Huang) [RHEL-40837] {CVE-2024-36953} - media: cec: cec-api: add locking in cec_release() (Kate Hsuan) [RHEL-22559] {CVE-2024-23848} - media: cec: core: avoid confusing 'transmit timed out' message (Kate Hsuan) [RHEL-22559] {CVE-2024-23848} - media: cec: core: avoid recursive cec_claim_log_addrs (Kate Hsuan) [RHEL-22559] {CVE-2024-23848} - media: cec: cec-adap: always cancel work in cec_transmit_msg_fh (Kate Hsuan) [RHEL-22559] {CVE-2024-23848} - media: cec: core: remove length check of Timer Status (Kate Hsuan) [RHEL-22559] {CVE-2024-23848} - media: cec: core: count low-drive, error and arb-lost conditions (Kate Hsuan) [RHEL-22559] {CVE-2024-23848} - media: cec: core: add note about *_from_edid() function usage in drm (Kate Hsuan) [RHEL-22559] {CVE-2024-23848} - media: cec: core: add adap_unconfigured() callback (Kate Hsuan) [RHEL-22559] {CVE-2024-23848} - media: cec: core: add adap_nb_transmit_canceled() callback (Kate Hsuan) [RHEL-22559] {CVE-2024-23848} - media: cec: core: don't set last_initiator if tx in progress (Kate Hsuan) [RHEL-22559] {CVE-2024-23848} - media: cec: core: disable adapter in cec_devnode_unregister (Kate Hsuan) [RHEL-22559] {CVE-2024-23848} - media: cec: core: not all messages were passed on when monitoring (Kate Hsuan) [RHEL-22559] {CVE-2024-23848} - media: cec: add support for Absolute Volume Control (Kate Hsuan) [RHEL-22559] {CVE-2024-23848} - media: cec-adap.c: log when claiming LA fails unexpectedly (Kate Hsuan) [RHEL-22559] {CVE-2024-23848} - media: cec-adap.c: drop activate_cnt, use state info instead (Kate Hsuan) [RHEL-22559] {CVE-2024-23848} - media: cec-adap.c: reconfigure if the PA changes during configuration (Kate Hsuan) [RHEL-22559] {CVE-2024-23848} - media: cec-adap.c: fix is_configuring state (Kate Hsuan) [RHEL-22559] {CVE-2024-23848} - media: cec-adap.c: stop trying LAs on CEC_TX_STATUS_TIMEOUT (Kate Hsuan) [RHEL-22559] {CVE-2024-23848} - media: cec-adap.c: don't unconfigure if already unconfigured (Kate Hsuan) [RHEL-22559] {CVE-2024-23848} - media: cec: add optional adap_configured callback (Kate Hsuan) [RHEL-22559] {CVE-2024-23848} - media: cec: add xfer_timeout_ms field (Kate Hsuan) [RHEL-22559] {CVE-2024-23848} - media: cec: use call_op and check for !unregistered (Kate Hsuan) [RHEL-22559] {CVE-2024-23848} - media: cec-pin: fix interrupt en/disable handling (Kate Hsuan) [RHEL-22559] {CVE-2024-23848} - media: cec-pin: drop unused 'enabled' field from struct cec_pin (Kate Hsuan) [RHEL-22559] {CVE-2024-23848} - media: cec-pin: fix off-by-one SFT check (Kate Hsuan) [RHEL-22559] {CVE-2024-23848} - media: cec-pin: rename timer overrun variables (Kate Hsuan) [RHEL-22559] {CVE-2024-23848} - media: cec: correctly pass on reply results (Kate Hsuan) [RHEL-22559] {CVE-2024-23848} - media: cec: abort if the current transmit was canceled (Kate Hsuan) [RHEL-22559] {CVE-2024-23848} - media: cec: call enable_adap on s_log_addrs (Kate Hsuan) [RHEL-22559] {CVE-2024-23848} - media: media/cec.h: document cec_adapter fields (Kate Hsuan) [RHEL-22559] {CVE-2024-23848} - media: cec: fix a deadlock situation (Kate Hsuan) [RHEL-22559] {CVE-2024-23848} - media: cec: safely unhook lists in cec_data (Kate Hsuan) [RHEL-22559] {CVE-2024-23848} - media: cec: copy sequence field for the reply (Kate Hsuan) [RHEL-22559] {CVE-2024-23848} - media: cec: fix trivial style warnings (Kate Hsuan) [RHEL-22559] {CVE-2024-23848} - media: cec-adap.c: add 'unregistered' checks (Kate Hsuan) [RHEL-22559] {CVE-2024-23848} - media: cec-adap.c: don't use flush_scheduled_work() (Kate Hsuan) [RHEL-22559] {CVE-2024-23848} - media: Use fallthrough pseudo-keyword (Kate Hsuan) [RHEL-22559] {CVE-2024-23848} - media: cec: remove unused waitq and phys_addrs fields (Kate Hsuan) [RHEL-22559] {CVE-2024-23848} - media: cec: silence shift wrapping warning in __cec_s_log_addrs() (Kate Hsuan) [RHEL-22559] {CVE-2024-23848} - media: cec: move the core to a separate directory (Kate Hsuan) [RHEL-22559] {CVE-2024-23848} - net/iucv: Avoid explicit cpumask var allocation on stack (CKI Backport Bot) [RHEL-51631] {CVE-2024-42094} - scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (Dick Kennedy) [RHEL-40400] - KVM: selftests: Make hyperv_clock require TSC based system clocksource (Vitaly Kuznetsov) [RHEL-19027] - KVM: selftests: Run clocksource dependent tests with hyperv_clocksource_tsc_page too (Vitaly Kuznetsov) [RHEL-19027] - KVM: selftests: Use generic sys_clocksource_is_tsc() in vmx_nested_tsc_scaling_test (Vitaly Kuznetsov) [RHEL-19027] - KVM: selftests: Generalize check_clocksource() from kvm_clock_test (Vitaly Kuznetsov) [RHEL-19027] - firmware: cs_dsp: Return error if block header overflows file (CKI Backport Bot) [RHEL-53646] {CVE-2024-42238} - firmware: cs_dsp: Validate payload length before processing block (CKI Backport Bot) [RHEL-53638] {CVE-2024-42237} - mm, slub: fix potential memoryleak in kmem_cache_open() (Waiman Long) [RHEL-38404] {CVE-2021-47466} - slub: don't panic for memcg kmem cache creation failure (Waiman Long) [RHEL-38404] {CVE-2021-47466} - wifi: ath11k: fix htt pktlog locking (Jose Ignacio Tornos Martinez) [RHEL-38317] {CVE-2023-52800} - wifi: ath11k: fix dfs radar event locking (Jose Ignacio Tornos Martinez) [RHEL-38165] {CVE-2023-52798} - lib/generic-radix-tree.c: Don't overflow in peek() (Waiman Long) [RHEL-37737] {CVE-2021-47432} - include/linux/generic-radix-tree.h: replace kernel.h with the necessary inclusions (Waiman Long) [RHEL-37737] {CVE-2021-47432} - EDAC/i10nm: Skip the absent memory controllers (Aristeu Rozanski) [RHEL-43236] - scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (John Meneghini) [RHEL-38197] {CVE-2023-52809} - gfs2: Fix potential glock use-after-free on unmount (Andreas Gruenbacher) [RHEL-44149] {CVE-2024-38570} - gfs2: simplify gdlm_put_lock with out_free label (Andreas Gruenbacher) [RHEL-44149] {CVE-2024-38570} - gfs2: Remove ill-placed consistency check (Andreas Gruenbacher) [RHEL-44149] {CVE-2024-38570} - nvme-fc: do not wait in vain when unloading module (Ewan D. Milne) [RHEL-33083] {CVE-2024-26846} - HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts (CKI Backport Bot) [RHEL-49698] {CVE-2022-48866} - scsi: qedf: Set qed_slowpath_params to zero before use (John Meneghini) [RHEL-9797] - scsi: qedf: Wait for stag work during unload (John Meneghini) [RHEL-9797] - scsi: qedf: Don't process stag work during unload and recovery (John Meneghini) [RHEL-9797] - Revert 'mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again' (Audra Mitchell) [RHEL-42625] {CVE-2024-26720} - mm: avoid overflows in dirty throttling logic (Audra Mitchell) [RHEL-51840] {CVE-2024-42131} - mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again (Audra Mitchell) [RHEL-42625] {CVE-2024-26720} - ACPI: fix NULL pointer dereference (Mark Langsdorf) [RHEL-37897] {CVE-2021-47289} [4.18.0-553.18.1_10] - scsi: mpi3mr: Avoid memcpy field-spanning write WARNING (Ewan D. Milne) [RHEL-39805] {CVE-2024-36920} - tun: limit printing rate when illegal packet received by tun dev (Jon Maloy) [RHEL-35046] {CVE-2024-27013} - drm/amdgpu/debugfs: fix error code when smc register accessors are NULL (Michel Danzer) [RHEL-38210] {CVE-2023-52817} - drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL (Michel Danzer) [RHEL-38210] {CVE-2023-52817} - drm/amdgpu/mes: fix use-after-free issue (Michel Danzer) [RHEL-44043] {CVE-2024-38581} - drm/amdgpu: Fix the null pointer when load rlc firmware (Michel Danzer) [RHEL-30603] {CVE-2024-26649} - drm/amdgpu: Fix potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()' (Michel Danzer) [RHEL-35160] {CVE-2024-27042} - net/sched: Fix UAF when resolving a clash (Xin Long) [RHEL-51014] {CVE-2024-41040} - tcp_metrics: validate source addr length (Guillaume Nault) [RHEL-52025] {CVE-2024-42154} - NFSv4/pnfs: Fix a use-after-free bug in open (Benjamin Coddington) [RHEL-35508] - NFSv4: Don't hold the layoutget locks across multiple RPC calls (Benjamin Coddington) [RHEL-35508] - scsi: qedf: Make qedf_execute_tmf() non-preemptible (John Meneghini) [RHEL-51799] {CVE-2024-42124} - Input: elantech - fix stack out of bound access in elantech_change_report_id() (CKI Backport Bot) [RHEL-41938] {CVE-2021-47097} - HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (CKI Backport Bot) [RHEL-28982] {CVE-2023-52478} - drm/radeon: fix UBSAN warning in kv_dpm.c (CKI Backport Bot) [RHEL-48399] {CVE-2024-40988} - usb: core: Don't hold the device lock while sleeping in do_proc_control() (Desnes Nunes) [RHEL-43646] {CVE-2021-47582} - USB: core: Make do_proc_control() and do_proc_bulk() killable (Desnes Nunes) [RHEL-43646] {CVE-2021-47582} - scsi: qedi: Fix crash while reading debugfs attribute (CKI Backport Bot) [RHEL-48327] {CVE-2024-40978} - wifi: mt76: mt7921s: fix potential hung tasks during chip recovery (CKI Backport Bot) [RHEL-48309] {CVE-2024-40977} - net: tcp: accept old ack during closing (Jamie Bainbridge) [RHEL-52433] - wifi: iwlwifi: mvm: don't read past the mfuart notifcation (CKI Backport Bot) [RHEL-48016] {CVE-2024-40941} - net/iucv: fix use after free in iucv_sock_close() (Mete Durlu) [RHEL-53988] - wifi: iwlwifi: mvm: check n_ssids before accessing the ssids (CKI Backport Bot) [RHEL-47908] {CVE-2024-40929} - Input: aiptek - properly check endpoint type (Benjamin Tissoires) [RHEL-48963] {CVE-2022-48836} - Input: aiptek - use descriptors of current altsetting (Benjamin Tissoires) [RHEL-48963] {CVE-2022-48836} - Input: aiptek - fix endpoint sanity check (Benjamin Tissoires) [RHEL-48963] {CVE-2022-48836} - usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB (CKI Backport Bot) [RHEL-52373] {CVE-2024-42226} - wifi: mt76: replace skb_put with skb_put_zero (CKI Backport Bot) [RHEL-52366] {CVE-2024-42225} - wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() (CKI Backport Bot) [RHEL-47776] {CVE-2024-40912} - wifi: cfg80211: Lock wiphy in cfg80211_get_station (CKI Backport Bot) [RHEL-47758] {CVE-2024-40911} - VMCI: Use struct_size() in kmalloc() (Steve Best) [RHEL-37325] {CVE-2024-35944} - VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() (Steve Best) [RHEL-37325] {CVE-2024-35944} - VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() (Steve Best) [RHEL-37325] {CVE-2024-35944} - wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (Jose Ignacio Tornos Martinez) [RHEL-51761] {CVE-2024-42114} - usb: atm: cxacru: fix endpoint checking in cxacru_bind() (CKI Backport Bot) [RHEL-51442] {CVE-2024-41097} - nfs: handle error of rpc_proc_register() in init_nfs_fs() (Scott Mayhew) [RHEL-39904] {CVE-2024-36939} - drm/radeon: check bo_va->bo is non-NULL before using it (CKI Backport Bot) [RHEL-51184] {CVE-2024-41060} - udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). (CKI Backport Bot) [RHEL-51027] {CVE-2024-41041} - USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (CKI Backport Bot) [RHEL-50961] {CVE-2024-41035} - tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). (CKI Backport Bot) [RHEL-44408] {CVE-2024-37356} - tcp: avoid too many retransmit packets (Florian Westphal) [RHEL-48627] {CVE-2024-41007} - tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() (Florian Westphal) [RHEL-48627] - net: tcp: fix unexcepted socket die when snd_wnd is 0 (Florian Westphal) [RHEL-48627] - tcp: refactor tcp_retransmit_timer() (Florian Westphal) [RHEL-48627] - tcp: exit if nothing to retransmit on RTO timeout (Florian Westphal) [RHEL-48627] - netfilter: nf_tables: Reject tables of unsupported family (Florian Westphal) [RHEL-21418] {CVE-2023-6040} [4.18.0-553.17.1_10] - kyber: fix out of bounds access when preempted (Ming Lei) [RHEL-27258] {CVE-2021-46984} - vfs: don't mod negative dentry count when on shrinker list (Brian Foster) [RHEL-35874] - fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading (Brian Foster) [RHEL-35874] - fbmem: Do not delete the mode that is still in use (CKI Backport Bot) [RHEL-37796] {CVE-2021-47338} - netpoll: Fix race condition in netpoll_owner_active (CKI Backport Bot) [RHEL-49361] {CVE-2024-41005} - firmware: arm_scpi: Fix string overflow in SCPI genpd driver (Mark Salter) [RHEL-43702] {CVE-2021-47609} - ipv6: prevent possible NULL dereference in rt6_probe() (Guillaume Nault) [RHEL-48149] {CVE-2024-40960} - HID: i2c-hid-of: fix NULL-deref on failed power up (CKI Backport Bot) [RHEL-31598] {CVE-2024-26717} - cpufreq: amd-pstate: fix memory leak on CPU EPP exit (CKI Backport Bot) [RHEL-48489] {CVE-2024-40997} - x86/mm/pat: fix VM_PAT handling in COW mappings (Chris von Recklinghausen) [RHEL-37258] {CVE-2024-35877} - PCI/PM: Drain runtime-idle callbacks before driver removal (Myron Stowe) [RHEL-42937] {CVE-2024-35809} - PCI: Drop pci_device_remove() test of pci_dev->driver (Myron Stowe) [RHEL-42937] {CVE-2024-35809} - drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() (Mika Penttila) [RHEL-26909] {CVE-2023-52470} - USB: core: Fix hang in usb_kill_urb by adding memory barriers (Desnes Nunes) [RHEL-43979] {CVE-2022-48760} - cifs: fix bad fids sent over wire (Paulo Alcantara) [RHEL-52517] - smb3: add additional null check in SMB311_posix_mkdir (Paulo Alcantara) [RHEL-52517] - smb3: add additional null check in SMB2_tcon (Paulo Alcantara) [RHEL-52517] - smb3: add additional null check in SMB2_open (Paulo Alcantara) [RHEL-52517] - smb3: add additional null check in SMB2_ioctl (Paulo Alcantara) [RHEL-52517] - selftests: forwarding: devlink_lib: Wait for udev events after reloading (Mark Langsdorf) [RHEL-47642] {CVE-2024-39501} - drivers: core: synchronize really_probe() and dev_uevent() (Mark Langsdorf) [RHEL-47642] {CVE-2024-39501} - udp: do not accept non-tunnel GSO skbs landing in a tunnel (Xin Long) [RHEL-42997] {CVE-2024-35884} - filelock: Remove locks reliably when fcntl/close race is detected (Bill O'Donnell) [RHEL-50170] {CVE-2024-41012} - Input: add bounds checking to input_set_capability() (Benjamin Tissoires) [RHEL-21413] {CVE-2022-48619} - xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (CKI Backport Bot) [RHEL-48130] {CVE-2024-40959} - blk-cgroup: fix list corruption from reorder of WRITE ->lqueued (Ming Lei) [RHEL-33695] - blk-cgroup: fix list corruption from resetting io stat (Ming Lei) [RHEL-33695] - net: do not leave a dangling sk pointer, when socket creation fails (CKI Backport Bot) [RHEL-48060] {CVE-2024-40954} - perf/x86/lbr: Filter vsyscall addresses (Michael Petlan) [RHEL-28991] {CVE-2023-52476} - vmci: prevent speculation leaks by sanitizing event in event_deliver() (CKI Backport Bot) [RHEL-47678] {CVE-2024-39499} - serial: core: fix transmit-buffer reset and memleak (Steve Best) [RHEL-38731] {CVE-2021-47527} - powerpc/pseries: Whitelist dtl slub object for copying to userspace (Mamatha Inamdar) [RHEL-51236] {CVE-2024-41065} - powerpc/eeh: avoid possible crash when edev->pdev changes (Mamatha Inamdar) [RHEL-51220] {CVE-2024-41064} - x86: stop playing stack games in profile_pc() (Steve Best) [RHEL-51643] {CVE-2024-42096} - mptcp: ensure snd_una is properly initialized on connect (Florian Westphal) [RHEL-47933 RHEL-47934] {CVE-2024-40931} - liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet (CKI Backport Bot) [RHEL-47492] {CVE-2024-39506} - tun: add missing verification for short frame (Patrick Talbert) [RHEL-50194] {CVE-2024-41091} - tap: add missing verification for short frame (Patrick Talbert) [RHEL-50279] {CVE-2024-41090} - usb-storage: alauda: Check whether the media is initialized (Desnes Nunes) [RHEL-43708] {CVE-2024-38619} - usb-storage: alauda: Fix uninit-value in alauda_check_media() (Desnes Nunes) [RHEL-43708] {CVE-2024-38619} - hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field (Steve Best) [RHEL-37723] {CVE-2021-47384} - block: fix that util can be greater than 100% (Ming Lei) [RHEL-23074] - block: support to account io_ticks precisely (Ming Lei) [RHEL-23074] - watchdog: Fix possible use-after-free by calling del_timer_sync() (Steve Best) [RHEL-38795] {CVE-2021-47321} - hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field (Steve Best) [RHEL-37719] {CVE-2021-47385} - mlxsw: spectrum: Protect driver from buggy firmware (CKI Backport Bot) [RHEL-42245] {CVE-2021-47560} - mlxsw: Verify the accessed index doesn't exceed the array length (CKI Backport Bot) [RHEL-42245] {CVE-2021-47560} - dm: call the resume method on internal suspend (Benjamin Marzinski) [RHEL-41835] {CVE-2024-26880} - tty: Fix out-of-bound vmalloc access in imageblit (Steve Best) [RHEL-37727] {CVE-2021-47383} - hwmon: (w83791d) Fix NULL pointer dereference by removing unnecessary structure field (Steve Best) [RHEL-37715] {CVE-2021-47386} - hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (Steve Best) [RHEL-37710] {CVE-2021-47393} - nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells (Steve Best) [RHEL-38436] {CVE-2021-47497} - driver core: auxiliary bus: Fix memory leak when driver_register() fail (Steve Best) [RHEL-37901] {CVE-2021-47287} - phylib: fix potential use-after-free (cki-backport-bot) [RHEL-43764] {CVE-2022-48754} - ptp: Fix possible memory leak in ptp_clock_register() (Hangbin Liu) [RHEL-38424] {CVE-2021-47455} - NFSv4: Fix memory leak in nfs4_set_security_label (CKI Backport Bot) [RHEL-51315] {CVE-2024-41076} - pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (CKI Backport Bot) [RHEL-51618] {CVE-2024-42090} - ftruncate: pass a signed offset (CKI Backport Bot) [RHEL-51598] {CVE-2024-42084} - af_unix: Fix garbage collector racing against connect() (Felix Maurer) [RHEL-34225] {CVE-2024-26923} - virtio-net: Add validation for used length (Laurent Vivier) [RHEL-42080] {CVE-2021-47352} - net: fix possible store tearing in neigh_periodic_work() (Antoine Tenart) [RHEL-42359] {CVE-2023-52522} - tunnels: fix out of bounds access when building IPv6 PMTU error (Antoine Tenart) [RHEL-41823] {CVE-2024-26665} - vt_ioctl: fix array_index_nospec in vt_setactivate (John W. Linville) [RHEL-49141] {CVE-2022-48804} - Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (CKI Backport Bot) [RHEL-38302] {CVE-2023-52840} - netns: Make get_net_ns() handle zero refcount net (Antoine Tenart) [RHEL-48105] {CVE-2024-40958} - tracing: Ensure visibility when inserting an element into tracing_map (Michael Petlan) [RHEL-30457] {CVE-2024-26645} - KVM: s390: fix LPSWEY handling (CKI Backport Bot) [RHEL-50072] - firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files (CKI Backport Bot) [RHEL-51144] {CVE-2024-41056} - SUNRPC: Fix a race to wake a sync task (Benjamin Coddington) [RHEL-11843] - firmware: cs_dsp: Fix overflow checking of wmfw header (CKI Backport Bot) [RHEL-50999] {CVE-2024-41039} - firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers (CKI Backport Bot) [RHEL-50987] {CVE-2024-41038} - net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (Xin Long) [RHEL-48471] {CVE-2024-40995} - net: fix out-of-bounds access in ops_init (Xin Long) [RHEL-43185] {CVE-2024-36883} - x86/mce/therm_throt: Undo thermal polling properly on CPU offline (Steve Best) [RHEL-45310] - x86/mce/therm_throt: Do not access uninitialized therm_work (Steve Best) [RHEL-45310] - x86/mce/therm_throt: Mark throttle_active_work() as __maybe_unused (Steve Best) [RHEL-45310] - x86/mce/therm_throt: Mask out read-only and reserved MSR bits (Steve Best) [RHEL-45310] - x86/mce/therm_throt: Optimize notifications of thermal throttle (Steve Best) [RHEL-45310] - jiffies: add utility function to calculate delta in ms (Steve Best) [RHEL-45310] - x86/mce: Lower throttling MCE messages' priority to warning (Steve Best) [RHEL-45310] - dmaengine: idxd: Fix oops during rmmod on single-CPU platforms (Eder Zulian) [RHEL-37361] {CVE-2024-35989} - xfs: don't walk off the end of a directory data block (CKI Backport Bot) [RHEL-50879] {CVE-2024-41013} - xfs: add bounds checking to xlog_recover_process_data (CKI Backport Bot) [RHEL-50856] {CVE-2024-41014} - dm-crypt: limit the size of encryption requests (Benjamin Marzinski) [RHEL-29330] - netfilter: flowtable: remove nf_ct_l4proto_find() call (Florian Westphal) [RHEL-49589] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2021-47441 CVE-2021-47455 CVE-2021-47560 CVE-2022-48619 CVE-2023-52476 CVE-2023-52800 CVE-2024-26846 CVE-2024-39499 CVE-2024-39506 CVE-2024-40995 CVE-2024-42084 CVE-2021-46984 CVE-2021-47097 CVE-2021-47466 CVE-2021-47527 CVE-2023-52470 CVE-2023-52478 CVE-2024-26939 CVE-2024-35877 CVE-2024-39501 CVE-2024-41035 CVE-2024-41091 CVE-2024-42237 CVE-2021-47287 CVE-2021-47393 CVE-2023-52817 CVE-2024-26649 CVE-2024-36902 CVE-2021-47101 CVE-2021-47352 CVE-2021-47383 CVE-2021-47384 CVE-2024-26600 CVE-2024-26638 CVE-2024-38579 CVE-2021-47289 CVE-2022-48754 CVE-2022-48866 CVE-2023-52809 CVE-2024-38559 CVE-2024-38570 CVE-2022-48804 CVE-2023-52522 CVE-2024-26720 CVE-2024-36939 CVE-2024-41060 CVE-2024-41064 CVE-2024-41071 CVE-2024-41097 CVE-2024-42246 CVE-2021-47321 CVE-2021-47338 CVE-2021-47432 CVE-2024-26855 CVE-2024-38619 CVE-2024-41041 CVE-2024-41055 CVE-2024-41076 CVE-2021-47386 CVE-2023-52605 CVE-2024-26595 CVE-2024-26645 CVE-2024-35809 CVE-2024-38581 CVE-2024-40959 CVE-2023-52683 CVE-2024-35884 CVE-2024-41007 CVE-2024-41056 CVE-2024-42238 CVE-2021-47385 CVE-2021-47412 CVE-2021-47582 CVE-2024-26717 CVE-2024-26894 CVE-2024-27042 CVE-2024-36901 CVE-2024-36919 CVE-2024-36953 CVE-2024-40998 CVE-2024-41012 CVE-2024-42114 CVE-2024-42124 CVE-2021-47497 CVE-2022-48836 CVE-2024-26665 CVE-2024-26769 CVE-2024-40904 CVE-2024-40929 CVE-2024-40931 CVE-2024-40972 CVE-2024-41005 CVE-2024-41065 CVE-2024-42090 CVE-2024-42094 CVE-2024-42154 CVE-2024-42225 CVE-2021-47609 CVE-2023-52840 CVE-2024-27013 CVE-2024-36883 CVE-2024-36920 CVE-2024-38558 CVE-2024-40901 CVE-2024-40954 CVE-2024-41014 CVE-2023-6040 CVE-2024-26880 CVE-2024-35944 CVE-2024-40960 CVE-2024-40989 CVE-2024-41038 CVE-2024-41090 CVE-2024-42226 CVE-2024-42240 CVE-2024-42265 CVE-2022-48760 CVE-2024-26923 CVE-2024-37356 CVE-2024-40997 CVE-2024-41013 CVE-2024-41023 CVE-2024-41040 CVE-2024-41044 CVE-2024-42131 CVE-2024-42322 CVE-2024-43830 CVE-2024-43871 CVE-2023-52798 CVE-2024-23848 CVE-2024-35989 CVE-2024-36922 CVE-2024-39471 CVE-2024-40911 CVE-2024-40912 CVE-2024-40941 CVE-2024-40958 CVE-2024-40977 CVE-2024-40978 CVE-2024-40988 CVE-2024-41008 CVE-2024-41039 CVE-2024-42096 CVE-2024-42152 CVE-2024-42228 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:10:baseos_patch cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 7 [2.4.6-99.0.5.1] - Differentiate trusted sources [Orabug: 37100272][CVE-2024-38476] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-38476 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [3.4.1-3] - Rebuild with new Golang - Resolves: RHEL-57900 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-34156 cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [3.4.1-4] - Rebuild with new Golang - Resolves: RHEL-57920 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-34156 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [101-2.0.1] - Rebuild on new golang to address CVE-2024-34156 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-34156 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [5.9.1-13.0.1] - fix error index value when snmpget is used a proxy pass [Orabug: 35010262] [1:5.9.1-13.3] - fix CVE-2022-24805, CVE-2022-24806, CVE-2022-24807, CVE-2022-24808, CVE-2022-24809 and CVE-2022-24810 (RHEL-32062) MODERATE Copyright 2024 Oracle, Inc. CVE-2022-24805 CVE-2022-24806 CVE-2022-24807 CVE-2022-24809 CVE-2022-24810 CVE-2022-24808 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 [101-2.0.1] - Rebuilt to fix: - CVE-2024-34156 - CVE-2024-1394 - RHEL-24303 - RHEL-57905 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1394 CVE-2024-34156 cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [1.28.7-17.0.1] - header/footer not being printed in banner page. [Orabug: 28265099] (isaac.chen@oracle.com) - Fixes [Orabug: 29163824] source indentation not following convention (isaac.chen@oracle.com) [1.28.7-17] - fix rpmverify error [1.28.7-16] - CVE-2024-47175 cups-filters: remote command injection via attacker controlled data in PPD file - CVE-2024-47076 cups-filters: cfGetPrinterAttributes API does not perform sanitization on returned IPP attributes - CVE-2024-47176 cups-filters: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-47076 CVE-2024-47175 CVE-2024-47176 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 8 [9.2.10-18] - Resolves RHEL-47191 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-24791 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [1.3.11.1-5.0.3] - Security fix for CVE-2024-8445 [Orabug: 37119399][CVE-2024-8445] MODERATE Copyright 2024 Oracle, Inc. CVE-2024-8445 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [1.20.0-35.0.1] - header/footer not being printed in banner page. [Orabug: 28265099] (isaac.chen@oracle.com) - Fixes [Orabug: 29163824] source indentation not following convention (isaac.chen@oracle.com) [1.20.0-35] - CVE-2024-47175 cups-filters: remote command injection via attacker controlled data in PPD file - CVE-2024-47076 cups-filters: cfGetPrinterAttributes API does not perform sanitization on returned IPP attributes - CVE-2024-47176 cups-filters: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-47176 CVE-2024-47175 CVE-2024-47076 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 delve golang [1.21.13-3] - Add evp-digest-sign-final.patch - Resolves: RHEL-61109 go-toolset MODERATE Copyright 2024 Oracle, Inc. CVE-2024-9355 cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [128.3.0-1.0.1] - Fix firefox-oracle-default-prefs.js for new nss [Orabug: 37079773] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [128.3.0] - Add debranding patches (Mustafa Gezen) - Add OpenELA default preferences (Louis Abel) [128.3.0-1] - Update to 128.3.0 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-9402 CVE-2024-9401 CVE-2024-9392 CVE-2024-9393 CVE-2024-9394 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1.21.13-4] - Fix CVE-2024-9355 - Resolves: RHEL-61046 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-9355 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [128.3.0-1.0.1] - Fix prefs for new nss [Orabug: 37079813] - Add Oracle prefs [128.3.0] - Add OpenELA debranding [128.3.0-1] - Update to 127.3.0 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-9399 CVE-2024-9396 CVE-2024-9402 CVE-2024-9403 CVE-2024-9393 CVE-2024-9401 CVE-2024-9392 CVE-2024-9400 CVE-2024-9397 CVE-2024-9398 CVE-2024-9394 cpe:/a:oracle:linux:9::appstream Oracle Linux 7 [1.0.35-29.0.3] - Unsupport cups-browsed service - CVE-2024-47076, CVE-2024-47175, CVE-2024-47176 [Orabug: 37217141] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-47176 CVE-2024-47850 CVE-2024-47175 CVE-2024-47076 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [128.3.0-1.0.1] - Fix prefs for new nss [Orabug: 37079820] - Add Oracle prefs file [128.3.0] - Add OpenELA debranding [128.3.0-1] - Update to 127.3.0 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-9400 CVE-2024-9394 CVE-2024-9403 CVE-2024-9399 CVE-2024-9392 CVE-2024-9393 CVE-2024-9402 CVE-2024-9398 CVE-2024-9397 CVE-2024-9401 CVE-2024-9396 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [128.3.0-1.0.1] - Fix firefox-oracle-default-prefs.js for new nss [Orabug: 37079789] [128.3.0] - Add debranding patches (Mustafa Gezen) - Add OpenELA default preferences (Louis Abel) [128.3.0-1] - Update to 128.3.0 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-9393 CVE-2024-9396 CVE-2024-9400 CVE-2024-8900 CVE-2024-9399 CVE-2024-9392 CVE-2024-9394 CVE-2024-9401 CVE-2024-9397 CVE-2024-9398 CVE-2024-9402 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [128.3.0-1.0.1] - Update to 128.3.0 [Orabug: 37139909] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-8900 CVE-2024-9393 CVE-2024-9399 CVE-2024-9397 CVE-2024-9400 CVE-2024-9398 CVE-2024-9402 CVE-2024-9401 CVE-2024-9403 CVE-2024-9392 CVE-2024-9394 CVE-2024-9396 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 7 [219-78.0.17] - Backport secure pager invocation for CVE-2023-26604 [Orabug: 37139943] MODERATE Copyright 2024 Oracle, Inc. CVE-2023-26604 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [1:1.1.1k-14] - Backport fix SSL_select_next proto from OpenSSL 3.2 Fix CVE-2024-5535 Resolves: RHEL-45654 LOW Copyright 2024 Oracle, Inc. CVE-2024-5535 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:10:baseos_patch Oracle Linux 8 [6.0.135-1.0.1] - Add support for Oracle Linux [6.0.135-1] - Update to .NET SDK 6.0.135 and Runtime 6.0.35 - Resolves: RHEL-60792 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-43484 CVE-2024-43483 CVE-2024-43485 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 9 [6.0.135-1.0.1] - Add support for Oracle Linux [6.0.135-1] - Update to .NET SDK 6.0.135 and Runtime 6.0.35 - Resolves: RHEL-60798 [6.0.134-1] - Update to .NET SDK 6.0.134 and Runtime 6.0.34 - Resolves: RHEL-56683 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-43485 CVE-2024-43484 CVE-2024-43483 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 8 [8.0.110-1.0.1] - Add support for Oracle Linux [8.0.110-1] - Update to .NET SDK 8.0.110 and Runtime 8.0.10 - Resolves: RHEL-60794 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-38229 CVE-2024-43484 CVE-2024-43485 CVE-2024-43483 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 9 [8.0.110-1.0.1] - Add support for Oracle Linux [8.0.110-1] - Update to .NET SDK 8.0.110 and Runtime 8.0.10 - Resolves: RHEL-60800 [8.0.109-1] - Update to .NET SDK 8.0.109 and Runtime 8.0.9 - Resolves: RHEL-56679 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-43484 CVE-2024-43485 CVE-2024-38229 CVE-2024-43483 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [128.3.1-2.0.1] - Fix firefox-oracle-default-prefs.js for new nss [Orabug: 37079773] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [128.3.1] - Add debranding patches (Mustafa Gezen) - Add OpenELA default preferences (Louis Abel) [128.3.1-1] - Update to 128.3.1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-9680 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 [128.3.1-2.0.1] - Fix firefox-oracle-default-prefs.js for new nss [Orabug: 37079789] [128.3.1] - Add debranding patches (Mustafa Gezen) - Add OpenELA default preferences (Louis Abel) [128.3.1-1] - Update to 128.3.1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-9680 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [128.3.1-1.0.1] - Fix prefs for new nss [Orabug: 37079820] - Add Oracle prefs file [128.3.1] - Add OpenELA debranding [128.3.1-1] - Update to 128.3.1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-9680 cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [128.3.1-1.0.1] - Fix prefs for new nss [Orabug: 37079813] - Add Oracle prefs [128.3.1] - Add OpenELA debranding [128.3.1-1] - Update to 128.3.1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-9680 cpe:/a:oracle:linux:9::appstream Oracle Linux 7 [128.3.1-2.0.1] - Update to 128.3.1 [Orabug: 37168934] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-9680 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 9 [2.0.32-5.0.1] - IPMI SMB kernel module name is ipmi_ssif in all modern kernels. openipmi-helper script fixed. [Orabug: 27093288] (alexey.petrenko@oracle.com) [2.0.32-5] - Update the patch for CVE-2024-42934 to add a missing upstream commit from 2.0.36: 663e3cd3 [2.0.32-4] - Backport two commits from 2.0.36 to add checks in ipmi_sim and ipmilan (CVE-2024-42934) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-42934 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 8 aardvark-dns [2:1.10.1-2] - build off the RHEL maintenance branch - Resolves: RHEL-59129 buildah cockpit-podman conmon containernetworking-plugins containers-common container-selinux criu crun fuse-overlayfs libslirp netavark oci-seccomp-bpf-hook podman python-podman runc [1:1.1.12-5] - bump golang buildrequires - add no_openssl build tag - Resolves RHEL-55757 skopeo slirp4netns udica IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-34158 CVE-2024-34156 CVE-2024-34155 CVE-2023-45290 cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [4.9.4-13.0.1] - Fixes issue of podman execvp error while using podmansh [Orabug: 36073625] - Improved saving remote build context to tarfile in Podman daemon [Orabug: 36495655] - Add devices on container startup, not on creation - Backport fast gzip for compression [Orabug: 36420418] - overlay: Put should ignore ENINVAL for Unmount [Orabug: 36234694] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404] [4:4.9.4-13] - update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/6cf9920) - Resolves: RHEL-60964 [4:4.9.4-12] - rebuild to address CVE-2024-34155 CVE-2024-34156 CVE-2024-34158 - Resolves: RHEL-57980 RHEL-57950 RHEL-58203 [4:4.9.4-11] - update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/e3221b5) - Resolves: RHEL-56327 RHEL-50231 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-34158 CVE-2024-34155 CVE-2024-34156 CVE-2024-9341 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1:1.4.0-6] - rebuild for CVE-2024-34156 - Resolves: RHEL-57915 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-34156 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [2:1.14.5-2] - rebuild for CVE-2024-34156 - Resolves: RHEL-57955 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-34156 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1.33.9-1.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178] [2:1.33.9-1] - update to the latest content of https://github.com/containers/buildah/tree/release-1.33 (https://github.com/containers/buildah/commit/4dc26b9) - Resolves: RHEL-61116 [2:1.33.7-5] - rebuild to address CVE-2024-34155 CVE-2024-34156 CVE-2024-34158 - Resolves: RHEL-58191 RHEL-57972 RHEL-57910 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-34155 CVE-2024-34156 CVE-2024-9341 CVE-2024-34158 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 Oracle Linux 9 [1.8.0.432.b06-2.0.1] - Add Oracle vendor bug URL [Orabug: 34340155] [1:1.8.0.432.b06-1] - Update to shenandoah-jdk8u432-b06 (GA) - Update release notes for shenandoah-8u432-b06. - Drop JDK-828109{6,7,8}/PR3836 patch following integration of upstream version - Regenerate JDK-8199936/PR3533 patch following JDK-828109{6,7,8} integration - Bump version of bundled zlib to 1.3.1 following JDK-8324632 - Include backport of JDK-8328999 to update giflib to 5.2.2 - Bump version of bundled giflib to 5.2.2 following JDK-8328999 - Add build scripts to repository to ease remembering all CentOS & RHEL targets and options - Sync the copy of the portable specfile with the latest update - Resolves: RHEL-58791 - Resolves: RHEL-62278 - Resolves: RHEL-61285 - ** This tarball is embargoed until 2024-10-15 @ 1pm PT. ** MODERATE Copyright 2024 Oracle, Inc. CVE-2024-21235 CVE-2024-21208 CVE-2024-21217 CVE-2023-48161 CVE-2024-21210 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 Oracle Linux 9 [1:11.0.25.0.9-2.0.1] - Add Oracle vendor bug URL [Orabug: 34340155] [1:11.0.25.0.9-2] - Update to jdk-11.0.25+9 (GA) - Update release notes to 11.0.25+9 - Switch to GA mode for release - Related: RHEL-58772 - ** This tarball is embargoed until 2024-10-15 @ 1pm PT. ** [1:11.0.25.0.8-0.2.ea] - Update to jdk-11.0.25+8 (EA) - Update release notes to 11.0.25+8 - Related: RHEL-58772 [1:11.0.25.0.7-0.3.ea] - RHJDKBP-875 - Added gating.yaml and/or rpminspect.yaml - RHJDKBP-874 - Remove - Related: RHEL-58772 [1:11.0.25.0.7-0.1.ea] - Update to jdk-11.0.25+7 (EA) - Update release notes to 11.0.25+7 - Related: RHEL-58772 [1:11.0.25.0.6-0.3.ea] - Limit Java only tests to one 'jdk_test_arch' - Resolves: RHEL-59727 - Related: RHEL-58772 [1:11.0.25.0.6-0.2.ea] - Update to jdk-11.0.25+6 (EA) - Switch to EA mode - Update release notes to 11.0.25+6 - Related: RHEL-58772 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-48161 CVE-2024-21210 CVE-2024-21208 CVE-2024-21217 CVE-2024-21235 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 Oracle Linux 9 [17.0.13.0.11-3.0.1] - Add Oracle vendor bug URL [Orabug: 34340155] [1:17.0.13.0.11-3] - Correct version suffix in 'Update to jdk-17.0.13+11 (GA)' changelog entry - Related: RHEL-58781 [1:17.0.13.0.11-2] - Update to jdk-17.0.13+11 (GA) - Update .gitignore to ignore openjdk-17.0.13+11.tar.xz - Sync java-17-openjdk-portable.specfile from openjdk-portable-rhel-8 - Set buildver to 11 - Set is_ga to 1 - Update sources to openjdk-17.0.13+11.tar.xz - Resolves: RHEL-58781 - ** This tarball is embargoed until 2024-10-15 @ 1pm PT. ** [1:17.0.13.0.10-0.2.ea] - Vary portablesuffix depending on whether we are on RHEL ('el8') or CentOS ('el9') - Set rpmrelease to 2 - Related: RHEL-58781 [1:17.0.13.0.10-0.1.ea] - Update to jdk-17.0.13+10 (EA) - Update .gitignore to ignore openjdk-17.0.13+10-ea.tar.xz - Sync java-17-openjdk-portable.specfile from openjdk-portable-centos-9 - Set buildver to 10 - Update sources to openjdk-17.0.13+10-ea.tar.xz - Related: RHEL-58781 [1:17.0.13.0.9-0.1.ea] - Update to jdk-17.0.13+9 (EA) - Update .gitignore to ignore openjdk-17.0.13+9-ea.tar.xz - Sync java-17-openjdk-portable.specfile from openjdk-portable-centos-9 - Set buildver to 9 - Set rpmrelease to 1 - Set portablerelease to 1 - Update sources to openjdk-17.0.13+9-ea.tar.xz - Related: RHEL-58781 [1:17.0.13.0.1-0.4.ea] - Set rpmrelease to 4 - Set portablerelease to 2 - Related: RHEL-58781 [1:17.0.13.0.1-0.3.ea] - Synchronize java-17-openjdk-portable.specfile - Set rpmrelease to 3 - Related: RHEL-58781 [1:17.0.13.0.1-0.2.ea] - Update to jdk-17.0.13+1 (EA) - Update .gitignore to ignore openjdk-17.0.13+1-ea.tar.xz - Synchronize java-17-openjdk-portable.specfile - Set updatever to 13 - Set buildver to 1 - Set is_ga to 0 - Update sources to openjdk-17.0.13+1-ea.tar.xz - Related: RHEL-58781 - Remove 0001-8332174-Remove-2-unpaired-RLO-Unicode-characters-in-.patch - Remove unicode section from rpminspect.yml, fixed instead by https://gitlab.cee.redhat.com/osci/rpminspect-data-redhat/-/merge_requests/180 (OPENJDK-2904) - Related: RHEL-58781 [1:17.0.12.0.7-3] - Sync java-17-openjdk-portable.specfile from openjdk-portable-rhel-8 - Set rpmrelease to 3 - Set portablerelease to 4 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-21208 CVE-2024-21235 CVE-2024-21210 CVE-2024-21217 CVE-2023-48161 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 Oracle Linux 9 [1:21.0.5.0.10-3.0.1] - Add Oracle vendor bug URL [Orabug: 34340155] [1:21.0.5.0.10-3] - Sync the copy of the portable specfile with the latest update - ** This tarball is embargoed until 2024-10-15 @ 1pm PT. ** - Related: RHEL-61346 [1:21.0.5.0.10-2] - Update to jdk-21.0.5+10 (GA) - Update release notes to 21.0.5+10 - Bump giflib version to 5.2.2 following JDK-8328999 - Bump libpng version to 1.6.43 following JDK-8329004 - Vary portablesuffix depending on whether we are on RHEL ('el8') or CentOS ('el9') - Handle debugedit being a separate package installed in /usr on RHEL/CentOS 10 - Add build scripts to repository to ease remembering all CentOS & RHEL targets and options - Sync with RHEL 7 portable build: - Use ExclusiveArch over ExcludeArch - pkgos definition needs to be early enough to be used in portablesuffix - Make build scripts executable - Sync the copy of the portable specfile with the latest update - Revert JDK-8327501 & JDK-8328366 backport until more mature. - Resolves: RHEL-58798 - Resolves: RHEL-17186 - Resolves: RHEL-61346 - ** This tarball is embargoed until 2024-10-15 @ 1pm PT. ** MODERATE Copyright 2024 Oracle, Inc. CVE-2024-21210 CVE-2024-21208 CVE-2023-48161 CVE-2024-21235 CVE-2024-21217 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 9 [5.14.0-427.40.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates [5.14.0-427.40.1_4] - gfs2: Fix NULL pointer dereference in gfs2_log_flush (CKI Backport Bot) [RHEL-51561 RHEL-51559] {CVE-2024-42079} - net: stmmac: Separate C22 and C45 transactions for xgmac (CKI Backport Bot) [RHEL-60274 RHEL-6297] - dmaengine: idxd: Check for driver name match before sva user feature (Jerry Snitselaar) [RHEL-47239 RHEL-44836 RHEL-46619] - ceph: switch to corrected encoding of max_xattr_size in mdsmap (Xiubo Li) [RHEL-57609 RHEL-26722] - KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked (CKI Backport Bot) [RHEL-46428] {CVE-2024-39483} - vfs: don't mod negative dentry count when on shrinker list (Brian Foster) [RHEL-60567 RHEL-46609] - fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading (Brian Foster) [RHEL-60567 RHEL-46609] - x86/bugs: Reverse instruction order of CLEAR_CPU_BUFFERS (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746} - Revert 'x86/bugs: Use fixed addressing for VERW operand' (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746} - KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746} - redhat/configs: Enable x86 CONFIG_MITIGATION_RFDS (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746} - x86/rfds: Mitigate Register File Data Sampling (RFDS) (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746} - Documentation/hw-vuln: Add documentation for RFDS (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746} - x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746} - x86/bugs: Use fixed addressing for VERW operand (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746} - KVM/VMX: Move VERW closer to VMentry for MDS mitigation (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746} - KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746} - x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746} - x86/entry_32: Add VERW just before userspace transition (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746} - x86/entry_64: Add VERW just before userspace transition (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746} - x86/entry: Harden return-to-user (Prarit Bhargava) [RHEL-48713 RHEL-25415] - x86/entry: Optimize common_interrupt_return() (Prarit Bhargava) [RHEL-48713 RHEL-25415] - x86/bugs: Add asm helpers for executing VERW (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746} - sched: act_ct: take care of padding in struct zones_ht_key (Xin Long) [RHEL-55112 RHEL-50682] {CVE-2024-42272} - sched: act_ct: add netns into the key of tcf_ct_flow_table (Xin Long) [RHEL-55112 RHEL-28816] - dmaengine: idxd: Fix oops during rmmod on single-CPU platforms (CKI Backport Bot) [RHEL-41361] {CVE-2024-35989} - hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field (Steve Best) [RHEL-42115 RHEL-37721] {CVE-2021-47385} [5.14.0-427.39.1_4] - mptcp: ensure snd_nxt is properly initialized on connect (cki-backport-bot) [RHEL-52474 RHEL-39867] {CVE-2024-36889} - ping: fix address binding wrt vrf (Antoine Tenart) [RHEL-57563 RHEL-50920] - net/mlx5: Add a timeout to acquire the command queue semaphore (Benjamin Poirier) [RHEL-44227 RHEL-44225] {CVE-2024-38556} - xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (CKI Backport Bot) [RHEL-48142 RHEL-48140] {CVE-2024-40959} - ionic: fix use after netif_napi_del() (Michal Schmidt) [RHEL-47636 RHEL-47634] {CVE-2024-39502} - ionic: clean interrupt before enabling queue to avoid credit race (Michal Schmidt) [RHEL-47636 RHEL-36065] - Revert 'net/mlx5: Block entering switchdev mode with ns inconsistency' (Benjamin Poirier) [RHEL-42391 RHEL-24466] {CVE-2023-52658} - tipc: Return non-zero value from tipc_udp_addr2str() on error (Xin Long) [RHEL-55075 RHEL-55074] {CVE-2024-42284} - x86: set FSRS automatically on AMD CPUs that have FSRM (Prarit Bhargava) [RHEL-56970 RHEL-25415] [5.14.0-427.38.1_4] - module: avoid allocation if module is already present and ready (Donald Dutile) [RHEL-52417] - module: move early sanity checks into a helper (Donald Dutile) [RHEL-52417] - module: extract patient module check into helper (Donald Dutile) [RHEL-52417] - null_blk: Fix return value of nullb_device_power_store() (Ming Lei) [RHEL-58636 RHEL-39662] - null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' (Ming Lei) [RHEL-58636 RHEL-39662] - net: sched: sch_multiq: fix possible OOB write in multiq_tune() (cki-backport-bot) [RHEL-43472] {CVE-2024-36978} - netfilter: nft_flow_offload: release dst in case direct xmit path is used (Florian Westphal) [RHEL-38520 RHEL-33469] - netfilter: nft_flow_offload: reset dst in route object after setting up flow (Florian Westphal) [RHEL-38520 RHEL-33469] {CVE-2024-27403} - netfilter: flowtable: simplify route logic (Florian Westphal) [RHEL-38520 RHEL-33469] - net: psample: fix uninitialized metadata. (Adrian Moreno) [RHEL-56909] MODERATE Copyright 2024 Oracle, Inc. CVE-2024-42079 CVE-2024-36978 CVE-2021-47385 CVE-2023-28746 CVE-2024-39502 CVE-2024-38556 CVE-2024-39483 CVE-2024-35989 CVE-2024-27403 CVE-2024-40959 CVE-2024-42284 CVE-2023-52658 CVE-2024-36889 CVE-2024-42272 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_patch Oracle Linux 9 [2.46.1-1] - Update to 2.46.1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-27820 CVE-2024-23271 CVE-2024-27838 CVE-2024-40780 CVE-2024-40782 CVE-2024-44187 CVE-2024-40776 CVE-2024-27851 CVE-2024-40779 CVE-2024-40866 CVE-2024-40789 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 [9.2.10-20] - Resolves RHEL-62307: CVE-2024-47875 [9.2.10-19] - Resolves RHEL-61779: CVE-2024-9355 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-47875 CVE-2024-9355 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [1.2.10-7] - Unbreak validation of unknown keys [1.2.10-6] - Fix improper escaping of Libreswan configuration (CVE-2024-9050) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-9050 cpe:/a:oracle:linux:8::appstream Oracle Linux 7 [1.2.4-2.0.1] - Fix improper escaping of Libreswan configuration [CVE-2024-9050][Orabug: 37206712] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-9050 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 mod_wsgi numpy python39 [3.9.20-1] - Update to 3.9.20 Resolves: RHEL-60007 python3x-pip python3x-setuptools python3x-six python-cffi python-chardet python-cryptography python-idna python-lxml python-ply python-psutil python-psycopg2 python-pycparser python-PyMySQL python-pysocks python-requests python-toml python-urllib3 python-wheel PyYAML scipy MODERATE Copyright 2024 Oracle, Inc. CVE-2024-6232 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 7 [2.4-1.0.1] - Fixed CVE 2024-3651 [Orabug: 37206964] MODERATE Copyright 2024 Oracle, Inc. CVE-2024-3651 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 9 [3.11.7-1.6] - Security fix for CVE-2024-6232 Resolves: RHEL-57411 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-6232 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [3.9.18-3.6] - Fix: CVE-2024-6232 - Resolves: RHEL-57421 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-6232 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_patch Oracle Linux 9 [3.12.1-4.4] - Security fix for CVE-2024-6232 Resolves: RHEL-57416 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-6232 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1.33.10-1.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178] [2:1.33.10-1] - update to the latest content of https://github.com/containers/buildah/tree/release-1.33 (https://github.com/containers/buildah/commit/bd85c17) - Resolves: RHEL-61842 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-9675 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [5.14.0-427.42.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates [5.14.0-427.42.1_4] - redhat/configs: Add CONFIG_MITIGATION_SPECTRE_BHI (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201} - x86/bugs: Fix BHI retpoline check (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201} - x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201} - x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201} - x86/bugs: Clarify that syscall hardening isn't a BHI mitigation (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201} - x86/bugs: Fix BHI handling of RRSBA (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201} - x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201} - x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201} - x86/bugs: Fix BHI documentation (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201} - x86/bugs: Fix return type of spectre_bhi_state() (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201} - x86/bugs: Make CONFIG_SPECTRE_BHI_ON the default (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201} - KVM: x86: Add BHI_NO (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201} - x86/bhi: Add BHI mitigation knob (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201} - x86/bhi: Enumerate Branch History Injection (BHI) bug (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201} - x86/bhi: Define SPEC_CTRL_BHI_DIS_S (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201} - x86/bhi: Add support for clearing branch history at syscall entry (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201} - x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201} - perf/x86/amd/lbr: Use freeze based on availability (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201} - Documentation/kernel-parameters: Add spec_rstack_overflow to mitigations=off (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201} - KVM: x86: Use a switch statement and macros in __feature_translate() (Maxim Levitsky) [RHEL-45492 RHEL-32430] - KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace (Maxim Levitsky) [RHEL-45492 RHEL-32430] - x86/entry/32: Convert do_fast_syscall_32() to bool return type (Prarit Bhargava) [RHEL-45492 RHEL-25415] - x86/entry: Add do_SYSENTER_32() prototype (Prarit Bhargava) [RHEL-45492 RHEL-25415] - x86/bugs: Reset speculation control settings on init (Prarit Bhargava) [RHEL-45492 RHEL-25415] - mpls: Reduce skb re-allocations due to skb_cow() (Guillaume Nault) [RHEL-61696 RHEL-55145] - scsi: core: Fix unremoved procfs host directory regression (Ewan D. Milne) [RHEL-39539 RHEL-39601 RHEL-33543 RHEL-35000] {CVE-2024-26935} - tty: Fix out-of-bound vmalloc access in imageblit (Andrew Halaney) [RHEL-42095 RHEL-24205] {CVE-2021-47383} - block: initialize integrity buffer to zero before writing it to media (Ming Lei) [RHEL-54769 RHEL-54768] {CVE-2024-43854} - block: cleanup bio_integrity_prep (Ming Lei) [RHEL-54769 RHEL-25988] - block: refactor to use helper (Ming Lei) [RHEL-54769 RHEL-25988] - ceph: fix cap ref leak via netfs init_request (Patrick Donnelly) [RHEL-62666 RHEL-61459] - redhat/configs: Enable CONFIG_OCTEON_EP_VF (CKI Backport Bot) [RHEL-61744 RHEL-25860] - octeon_ep_vf: add ethtool support (CKI Backport Bot) [RHEL-61744 RHEL-25860] - octeon_ep_vf: add Tx/Rx processing and interrupt support (CKI Backport Bot) [RHEL-61744 RHEL-25860] - octeon_ep_vf: add support for ndo ops (CKI Backport Bot) [RHEL-61744 RHEL-25860] - octeon_ep_vf: add Tx/Rx ring resource setup and cleanup (CKI Backport Bot) [RHEL-61744 RHEL-25860] - octeon_ep_vf: add VF-PF mailbox communication. (CKI Backport Bot) [RHEL-61744 RHEL-25860] - octeon_ep_vf: add hardware configuration APIs (CKI Backport Bot) [RHEL-61744 RHEL-25860] - octeon_ep_vf: Add driver framework and device initialization (CKI Backport Bot) [RHEL-61744 RHEL-25860] - octeon_ep: support firmware notifications for VFs (CKI Backport Bot) [RHEL-61744 RHEL-25860] - octeon_ep: control net framework to support VF offloads (CKI Backport Bot) [RHEL-61744 RHEL-25860] - octeon_ep: PF-VF mailbox version support (CKI Backport Bot) [RHEL-61744 RHEL-25860] - octeon_ep: add PF-VF mailbox communication (CKI Backport Bot) [RHEL-61744 RHEL-25860] - x86/mm/ident_map: Use gbpages only where full GB page should be mapped. (Chris von Recklinghausen) [RHEL-62209 RHEL-26268] - netfilter: nfnetlink_queue: un-break NF_REPEAT (Phil Sutter) [RHEL-62299] [5.14.0-427.41.1_4] - iommu/amd: Fix panic accessing amd_iommu_enable_faulting (Jerry Snitselaar) [RHEL-55507 RHEL-37320 RHEL-40344] - iommu/vt-d: Allocate DMAR fault interrupts locally (Jerry Snitselaar) [RHEL-55507 RHEL-28780] - netfilter: nft_inner: validate mandatory meta and payload (Phil Sutter) [RHEL-47488 RHEL-47486] {CVE-2024-39504} - netfilter: flowtable: initialise extack before use (CKI Backport Bot) [RHEL-58546 RHEL-58544] {CVE-2024-45018} - ext4: do not create EA inode under buffer lock (Carlos Maiolino) [RHEL-48285 RHEL-48282] {CVE-2024-40972} - ext4: fold quota accounting into ext4_xattr_inode_lookup_create() (Carlos Maiolino) [RHEL-48285 RHEL-48282] {CVE-2024-40972} - ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (Carlos Maiolino) [RHEL-48519 RHEL-48517] {CVE-2024-40998} - ext4: turn quotas off if mount failed after enabling quotas (Carlos Maiolino) [RHEL-48519 RHEL-48517] {CVE-2024-40998} - mptcp: fix data re-injection from stale subflow (Davide Caratti) [RHEL-59920 RHEL-32669] {CVE-2024-26826} - xfs: add bounds checking to xlog_recover_process_data (CKI Backport Bot) [RHEL-50864 RHEL-50862] {CVE-2024-41014} - af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc(). (Davide Caratti) [RHEL-42771 RHEL-33410] - af_unix: Fix garbage collector racing against connect() (Davide Caratti) [RHEL-42771 RHEL-33410] {CVE-2024-26923} - af_unix: fix lockdep positive in sk_diag_dump_icons() (Davide Caratti) [RHEL-42771 RHEL-33410] - xfs: don't walk off the end of a directory data block (CKI Backport Bot) [RHEL-50887 RHEL-50885] {CVE-2024-41013} - ipv6: prevent possible NULL dereference in rt6_probe() (Hangbin Liu) [RHEL-48161 RHEL-45826] {CVE-2024-40960} - mac802154: fix llsec key resources release in mac802154_llsec_key_del (Steve Best) [RHEL-42795 RHEL-34969] {CVE-2024-26961} - mptcp: ensure snd_una is properly initialized on connect (Florian Westphal) [RHEL-47945 RHEL-47943] {CVE-2024-40931} - USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (CKI Backport Bot) [RHEL-47560 RHEL-47558] {CVE-2024-40904} - nvme-multipath: fix io accounting on failover (John Meneghini) [RHEL-59646 RHEL-56635] - nvme: fix multipath batched completion accounting (John Meneghini) [RHEL-59646 RHEL-56635] - xfs: fix log recovery buffer allocation for the legacy h_size fixup (Bill O'Donnell) [RHEL-46481 RHEL-46479] {CVE-2024-39472} - tcp: add sanity checks to rx zerocopy (Paolo Abeni) [RHEL-58403 RHEL-29496] {CVE-2024-26640} - netpoll: Fix race condition in netpoll_owner_active (CKI Backport Bot) [RHEL-49373 RHEL-49371] {CVE-2024-41005} - wifi: mt76: mt7921s: fix potential hung tasks during chip recovery (CKI Backport Bot) [RHEL-48321 RHEL-48319] {CVE-2024-40977} - smb: client: fix hang in wait_for_response() for negproto (Jay Shin) [RHEL-61606 RHEL-57983] - NFSv4.1/pnfs: fix NFS with TLS in pnfs (Benjamin Coddington) [RHEL-61467 RHEL-34576] - ceph: remove the incorrect Fw reference check when dirtying pages (Xiubo Li) [RHEL-61415 RHEL-60255] - net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (Davide Caratti) [RHEL-48483 RHEL-44375] {CVE-2024-40995} - net/sched: taprio: extend minimum interval restriction to entire cycle too (Davide Caratti) [RHEL-44377 RHEL-44375] {CVE-2024-36244} - net/sched: taprio: make q->picos_per_byte available to fill_sched_entry() (Davide Caratti) [RHEL-44377 RHEL-44375] {CVE-2024-36244} MODERATE Copyright 2024 Oracle, Inc. CVE-2024-26640 CVE-2024-41013 CVE-2024-36244 CVE-2024-40995 CVE-2024-26935 CVE-2024-2201 CVE-2024-41014 CVE-2024-26923 CVE-2024-26826 CVE-2024-39504 CVE-2024-40904 CVE-2024-40931 CVE-2024-40977 CVE-2024-45018 CVE-2024-41005 CVE-2024-43854 CVE-2024-26961 CVE-2024-40960 CVE-2024-40998 CVE-2021-47383 CVE-2024-39472 CVE-2024-40972 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_patch Oracle Linux 9 [9.2.10-19] - Resolves RHEL-62309: CVE-2024-47875 [9.2.10-18] - Resolves RHEL-61049: CVE-2024-9355 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-9355 CVE-2024-47875 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [2.0.26-2.1] - Resolves: RHEL-45803 - mod_http2: DoS by null pointer in websocket over HTTP/2 (CVE-2024-36387) LOW Copyright 2024 Oracle, Inc. CVE-2024-36387 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [128.4.0-1.0.1] - Fix firefox-oracle-default-prefs.js for new nss [Orabug: 37079773] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [128.4.0] - Add debranding patches (Mustafa Gezen) - Add OpenELA default preferences (Louis Abel) [128.4.0-1] - Update to 128.4.0 build1 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-10461 CVE-2024-10466 CVE-2024-10462 CVE-2024-10464 CVE-2024-10458 CVE-2024-10463 CVE-2024-10459 CVE-2024-10465 CVE-2024-10467 CVE-2024-10460 cpe:/a:oracle:linux:9::appstream Oracle Linux 7 [128.4.0-1.0.1] - Update to 128.4.0 build1 [Orabug: 37236498][CVE-2024-10458][CVE-2024-10459] [CVE-2024-10460][CVE-2024-10461][CVE-2024-10462][CVE-2024-10463] [CVE-2024-10464][CVE-2024-10465][CVE-2024-10466][CVE-2024-10467] MODERATE Copyright 2024 Oracle, Inc. CVE-2024-10465 CVE-2024-10462 CVE-2024-10467 CVE-2024-10458 CVE-2024-10459 CVE-2024-10463 CVE-2024-10464 CVE-2024-10466 CVE-2024-10460 CVE-2024-10461 cpe:/a:oracle:linux:7::latest cpe:/a:oracle:linux:7::optional_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 8 [128.4.0-1.0.1] - Fix firefox-oracle-default-prefs.js for new nss [Orabug: 37079789] [128.4.0] - Add debranding patches (Mustafa Gezen) - Add OpenELA default preferences (Louis Abel) [128.4.0-1] - Update to 128.4.0 build1 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-10463 CVE-2024-10458 CVE-2024-10467 CVE-2024-10465 CVE-2024-10462 CVE-2024-10461 CVE-2024-10464 CVE-2024-10459 CVE-2024-10466 CVE-2024-10460 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [128.4.0-1.0.1] - Fix prefs for new nss [Orabug: 37079820] - Add Oracle prefs file [128.4.0] - Add OpenELA debranding [128.4.0-1] - Update to 128.4.0 build1 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-10467 CVE-2024-10463 CVE-2024-10465 CVE-2024-10459 CVE-2024-10464 CVE-2024-10466 CVE-2024-10460 CVE-2024-10461 CVE-2024-10458 CVE-2024-10462 cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [128.4.0-1.0.1] - Fix prefs for new nss [Orabug: 37079813] - Add Oracle prefs [128.4.0] - Add OpenELA debranding [128.4.0-1] - Update to 128.4.0 build1 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-10458 CVE-2024-10461 CVE-2024-10465 CVE-2024-10460 CVE-2024-10463 CVE-2024-10467 CVE-2024-10464 CVE-2024-10466 CVE-2024-10459 CVE-2024-10462 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 xorg-x11-server [1.20.11-25] - CVE fix for CVE-2024-9632 xorg-x11-server-Xwayland [21.1.3-17] - Fix for CVE-2024-9632 - (RHEL-61995) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-9632 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 9 [3.1.1-2.1] - fix CVE-2023-5481 (RHEL-64162) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-5841 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 8 [0.16.0-6] - Fix security hole checking unpacked kernel headers (CVE-2024-2313) - Resolves: RHEL-28764 LOW Copyright 2024 Oracle, Inc. CVE-2024-2313 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [0.25.0-9] - Really prevent the loading of compromised headers (RHEL-28768, CVE-2024-2314) [0.25.0-8] - Check header ownership (RHEL-28768) LOW Copyright 2024 Oracle, Inc. CVE-2024-2314 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [4.0.9-33] - fix CVE-2024-7006 a null pointer dereference in tif_dirinfo (RHEL-52927) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-7006 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [1.2.2-5] - Avoid printing TypeError traceback - gevent.pywsgi: Much improved handling of chunk trailers Backport fix for CVE-2023-41419 Resolves: RHEL-17078 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-41419 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [3.12.6-1] - Update to 3.12.6 Resolves: RHEL-57405 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-6232 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [3.11.10-1.0.1] - Update rpm-macros description [Orabug: 36024572] [3.11.10-1] - Update to 3.11.10 Resolves: RHEL-57400 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-6232 cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [1.26.19-1] - Rebase to 1.26.19 to fix CVE-2024-37891 Resolves: RHEL-59989 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-37891 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [1.26.12-4] - Fix test_ssltransport for changes in ssl.SSLSocket in Python 3.11.3 Related: RHEL-59995 [1.26.12-3] - Security fix for CVE-2024-37891 Resolves: RHEL-59995 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-37891 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 aardvark-dns buildah cockpit-podman conmon containernetworking-plugins containers-common [1-82.0.1] - Updated removed references [Orabug: 33473101] (Alex Burmashev) - Adjust registries.conf (Nikita Gerasimov) - remove references to RedHat registry (Nikita Gerasimov) container-selinux criu crun fuse-overlayfs libslirp netavark oci-seccomp-bpf-hook podman [4:4.9.4-15.0.1] - Fixes issue of container created in cgroupv2 not start in cgroupv1 [Orabug: 36136813] - Fixes container memory limit not set after host is rebooted with cgroupv2 [Orabug: 36136802] - Fixes issue of podman execvp error while using podmansh [Orabug: 36756665] [4:4.9.4-15] - update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/235a22c) - Resolves: RHEL-61837 [4:4.9.4-14] - update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/6cf9920) - Resolves: RHEL-60962 python-podman runc skopeo slirp4netns IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-9407 CVE-2024-9675 CVE-2024-9341 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [5.1.1-9] - Resolves RHEL-61780: CVE-2024-9355 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-9355 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [1.8.27-5.1] - Reject '#' as part of URI path component (CVE-2023-45539, RHEL-18168) MODERATE Copyright 2024 Oracle, Inc. CVE-2023-45539 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 - [4.18.0-553.27.1_10.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652] [4.18.0-553.27.1_10] - lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (Waiman Long) [RHEL-62139] {CVE-2024-47668} - bonding: fix xfrm real_dev null pointer dereference (Hangbin Liu) [RHEL-57239] {CVE-2024-44989} - bonding: fix null pointer deref in bond_ipsec_offload_ok (Hangbin Liu) [RHEL-57233] {CVE-2024-44990} - bpf: Fix overrunning reservations in ringbuf (Viktor Malik) [RHEL-49414] {CVE-2024-41009} - xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (CKI Backport Bot) [RHEL-49309] {CVE-2022-48773} - tty: tty_io: update timestamps on all device nodes (Aristeu Rozanski) [RHEL-55257] - tty: use 64-bit timstamp (Aristeu Rozanski) [RHEL-55257] - ELF: fix kernel.randomize_va_space double read (Rafael Aquini) [RHEL-60669] {CVE-2024-46826} - xfrm: set dst dev to blackhole_netdev instead of loopback_dev in ifdown (Xin Long) [RHEL-58100] - loopback: fix lockdep splat (Xin Long) [RHEL-58100] - blackhole_netdev: use blackhole_netdev to invalidate dst entries (Xin Long) [RHEL-58100] - loopback: create blackhole net device similar to loopack. (Xin Long) [RHEL-58100] [4.18.0-553.26.1_10] - nouveau: lock the client object tree. (Abdiel Janulgue) [RHEL-35118] {CVE-2024-27062} - cifs: fix deadlock between reconnect and lease break (Paulo Alcantara) [RHEL-58037] - ACPI: PAD: fix crash in exit_round_robin() (Mark Langsdorf) [RHEL-56156] - gfs2: Randomize GLF_VERIFY_DELETE work delay (Andreas Gruenbacher) [RHEL-35757] - gfs2: Use mod_delayed_work in gfs2_queue_try_to_evict (Andreas Gruenbacher) [RHEL-35757] - gfs2: Update to the evict / remote delete documentation (Andreas Gruenbacher) [RHEL-35757] - gfs2: Clean up delete work processing (Andreas Gruenbacher) [RHEL-35757] - gfs2: Return enum evict_behavior from gfs2_upgrade_iopen_glock (Andreas Gruenbacher) [RHEL-35757] - gfs2: Rename dinode_demise to evict_behavior (Andreas Gruenbacher) [RHEL-35757] - gfs2: Rename GIF_{DEFERRED -> DEFER}_DELETE (Andreas Gruenbacher) [RHEL-35757] - gfs2: Faster gfs2_upgrade_iopen_glock wakeups (Andreas Gruenbacher) [RHEL-35757] - gfs2: Fix unlinked inode cleanup (Andreas Gruenbacher) [RHEL-35757] - gfs2: Initialize gl_no_formal_ino earlier (Andreas Gruenbacher) [RHEL-35757] - gfs2: Rename GLF_VERIFY_EVICT to GLF_VERIFY_DELETE (Andreas Gruenbacher) [RHEL-35757] - gfs2: make timeout values more explicit (Wolfram Sang) [RHEL-35757] - gfs2: Simplify function gfs2_upgrade_iopen_glock (Andreas Gruenbacher) [RHEL-35757] - gfs2: Rename SDF_DEACTIVATING to SDF_KILL (Andreas Gruenbacher) [RHEL-35757] - gfs2: Cease delete work during unmount (Bob Peterson) [RHEL-35757] - gfs2: Improve gfs2_upgrade_iopen_glock comment (Andreas Gruenbacher) [RHEL-35757] - gfs2: nit: gfs2_drop_inode shouldn't return bool (Bob Peterson) [RHEL-35757] - dmaengine: fix NULL pointer in channel unregistration function (Jerry Snitselaar) [RHEL-28867] {CVE-2023-52492} - dma-direct: Leak pages on dma_set_decrypted() failure (Jerry Snitselaar) [RHEL-37335] {CVE-2024-35939} - nfsd: fix delegation_blocked() to block correctly for at least 30 seconds (Olga Kornievskaia) [RHEL-41075] - NFSv4: Always ask for type with READDIR (Benjamin Coddington) [RHEL-39397] - cifs: get rid of unneeded conditional in cifs_get_num_sgs() (Paulo Alcantara) [RHEL-60251] - cifs: Get rid of unneeded conditional in the smb2_get_aead_req() (Paulo Alcantara) [RHEL-60251] - cifs: Remove duplicated include in cifsglob.h (Paulo Alcantara) [RHEL-60251] - cifs: fix oops during encryption (Paulo Alcantara) [RHEL-60251] [4.18.0-553.25.1_10] - cifs: modefromsids must add an ACE for authenticated users (Paulo Alcantara) [RHEL-56052] - cifs: do not use uninitialized data in the owner/group sid (Paulo Alcantara) [RHEL-56052] - cifs: fix set of group SID via NTSD xattrs (Paulo Alcantara) [RHEL-56052] - smb3: correct smb3 ACL security descriptor (Paulo Alcantara) [RHEL-56052] - smb3: fix possible access to uninitialized pointer to DACL (Paulo Alcantara) [RHEL-56052] - cifs: remove two cases where rc is set unnecessarily in sid_to_id (Paulo Alcantara) [RHEL-56052] - cifs: Fix chmod with modefromsid when an older ACE already exists. (Paulo Alcantara) [RHEL-56052] - cifs: update new ACE pointer after populate_new_aces. (Paulo Alcantara) [RHEL-56052] - cifs: If a corrupted DACL is returned by the server, bail out. (Paulo Alcantara) [RHEL-56052] - cifs: cleanup a few le16 vs. le32 uses in cifsacl.c (Paulo Alcantara) [RHEL-56052] - cifs: Change SIDs in ACEs while transferring file ownership. (Paulo Alcantara) [RHEL-56052] - cifs: Retain old ACEs when converting between mode bits and ACL. (Paulo Alcantara) [RHEL-56052] - cifs: Fix cifsacl ACE mask for group and others. (Paulo Alcantara) [RHEL-56052] - Add SMB 2 support for getting and setting SACLs (Paulo Alcantara) [RHEL-56052] - SMB3: Add support for getting and setting SACLs (Paulo Alcantara) [RHEL-56052] - cifs: Enable sticky bit with cifsacl mount option. (Paulo Alcantara) [RHEL-56052] - cifs: Fix unix perm bits to cifsacl conversion for 'other' bits. (Paulo Alcantara) [RHEL-56052] - drm/i915/gt: Fix potential UAF by revoke of fence registers (Mika Penttila) [RHEL-53633] {CVE-2024-41092} - scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (Dick Kennedy) [RHEL-27224] - kobject_uevent: Fix OOB access within zap_modalias_env() (Rafael Aquini) [RHEL-55000] {CVE-2024-42292} - gfs2: Fix NULL pointer dereference in gfs2_log_flush (Andrew Price) [RHEL-51553] {CVE-2024-42079} - of: module: add buffer overflow check in of_modalias() (Charles Mirabile) [RHEL-44267] {CVE-2024-38541} [4.18.0-553.24.1_10] - cifs: do not set WorkstationName in NTLMSSP auth blob (Paulo Alcantara) [RHEL-56729] - padata: Fix possible divide-by-0 panic in padata_mt_helper() (Steve Best) [RHEL-56162] {CVE-2024-43889} - i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR (CKI Backport Bot) [RHEL-57000] - sctp: Fix null-ptr-deref in reuseport_add_sock(). (Xin Long) [RHEL-56234] {CVE-2024-44935} - net/mlx5e: Fix netif state handling (Michal Schmidt) [RHEL-43864] {CVE-2024-38608} - net/mlx5e: Add wrapping for auxiliary_driver ops and remove unused args (Michal Schmidt) [RHEL-43864] {CVE-2024-38608} - r8169: Fix possible ring buffer corruption on fragmented Tx packets. (cki-backport-bot) [RHEL-44031] {CVE-2024-38586} - netfilter: flowtable: initialise extack before use (Florian Westphal) [RHEL-58542] {CVE-2024-45018} - memcg: protect concurrent access to mem_cgroup_idr (Rafael Aquini) [RHEL-56252] {CVE-2024-43892} - memcontrol: ensure memcg acquired by id is properly set up (Rafael Aquini) [RHEL-56252] {CVE-2024-43892} - mm: memcontrol: fix cannot alloc the maximum memcg ID (Rafael Aquini) [RHEL-56252] {CVE-2024-43892} - mm/memcg: minor cleanup for MEM_CGROUP_ID_MAX (Rafael Aquini) [RHEL-56252] {CVE-2024-43892} - ice: Add netif_device_attach/detach into PF reset flow (CKI Backport Bot) [RHEL-23676] [4.18.0-553.23.1_10] - ethtool: check device is present when getting link settings (Jamie Bainbridge) [RHEL-57002] - netfilter: nft_set_pipapo: do not free live element (Phil Sutter) [RHEL-34221] {CVE-2024-26924} - netfilter: nf_tables: missing iterator type in lookup walk (Phil Sutter) [RHEL-35033] {CVE-2024-27017} - netfilter: nft_set_pipapo: walk over current view on netlink dump (Phil Sutter) [RHEL-35033] {CVE-2024-27017} - netfilter: nftables: add helper function to flush set elements (Phil Sutter) [RHEL-35033] {CVE-2024-27017} - netfilter: nf_tables: prefer nft_chain_validate (Phil Sutter) [RHEL-51040] {CVE-2024-41042} - netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (Phil Sutter) [RHEL-51516] {CVE-2024-42070} - netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (Phil Sutter) [RHEL-43003] {CVE-2024-35898} - netfilter: ipset: Fix suspicious rcu_dereference_protected() (Phil Sutter) [RHEL-47606] {CVE-2024-39503} - netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type (Phil Sutter) [RHEL-47606] {CVE-2024-39503} - netfilter: ipset: Add list flush to cancel_gc (Phil Sutter) [RHEL-47606] {CVE-2024-39503} - netfilter: nf_conntrack_h323: Add protection for bmp length out of range (Phil Sutter) [RHEL-42680] {CVE-2024-26851} - netfilter: bridge: replace physindev with physinif in nf_bridge_info (Florian Westphal) [RHEL-37038 RHEL-37039] {CVE-2024-35839} - netfilter: propagate net to nf_bridge_get_physindev (Florian Westphal) [RHEL-37038 RHEL-37039] {CVE-2024-35839} - netfilter: nfnetlink_log: use proper helper for fetching physinif (Florian Westphal) [RHEL-37038 RHEL-37039] {CVE-2024-35839} - netfilter: nf_queue: remove excess nf_bridge variable (Florian Westphal) [RHEL-37038 RHEL-37039] {CVE-2024-35839} - dev/parport: fix the array out-of-bounds risk (Steve Best) [RHEL-54985] {CVE-2024-42301} - KVM: Always flush async #PF workqueue when vCPU is being destroyed (Sean Christopherson) [RHEL-35100] {CVE-2024-26976} - bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (Kamal Heib) [RHEL-44279] {CVE-2024-38540} - tipc: Return non-zero value from tipc_udp_addr2str() on error (Xin Long) [RHEL-55069] {CVE-2024-42284} - Bluetooth: Fix TOCTOU in HCI debugfs implementation (CKI Backport Bot) [RHEL-26831] {CVE-2024-24857} - drm/i915/dpt: Make DPT object unshrinkable (CKI Backport Bot) [RHEL-47856] {CVE-2024-40924} - tipc: force a dst refcount before doing decryption (Xin Long) [RHEL-48363] {CVE-2024-40983} - block: initialize integrity buffer to zero before writing it to media (Ming Lei) [RHEL-54763] {CVE-2024-43854} - gso: do not skip outer ip header in case of ipip and net_failover (CKI Backport Bot) [RHEL-55790] {CVE-2022-48936} - drm/amdgpu: avoid using null object of framebuffer (CKI Backport Bot) [RHEL-51405] {CVE-2024-41093} - ipv6: prevent possible NULL deref in fib6_nh_init() (Guillaume Nault) [RHEL-48170] {CVE-2024-40961} - mlxsw: spectrum_acl_erp: Fix object nesting warning (CKI Backport Bot) [RHEL-55568] {CVE-2024-43880} - ibmvnic: Add tx check to prevent skb leak (CKI Backport Bot) [RHEL-51249] {CVE-2024-41066} - ibmvnic: rename local variable index to bufidx (CKI Backport Bot) [RHEL-51249] {CVE-2024-41066} - netfilter: bridge: replace physindev with physinif in nf_bridge_info (Florian Westphal) [RHEL-37038 RHEL-37039] {CVE-2024-35839} - netfilter: propagate net to nf_bridge_get_physindev (Florian Westphal) [RHEL-37038 RHEL-37039] {CVE-2024-35839} - netfilter: nfnetlink_log: use proper helper for fetching physinif (Florian Westphal) [RHEL-37038 RHEL-37039] {CVE-2024-35839} - netfilter: nf_queue: remove excess nf_bridge variable (Florian Westphal) [RHEL-37038 RHEL-37039] {CVE-2024-35839} - USB: serial: mos7840: fix crash on resume (CKI Backport Bot) [RHEL-53680] {CVE-2024-42244} - ACPICA: Revert 'ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.' (CKI Backport Bot) [RHEL-48381] {CVE-2024-40984} MODERATE Copyright 2024 Oracle, Inc. CVE-2024-35939 CVE-2022-48773 CVE-2024-26851 CVE-2024-26976 CVE-2024-38540 CVE-2024-38608 CVE-2024-40961 CVE-2024-42244 CVE-2024-42292 CVE-2022-48936 CVE-2024-41009 CVE-2024-27017 CVE-2024-42070 CVE-2024-43880 CVE-2024-44935 CVE-2024-44990 CVE-2024-43892 CVE-2024-47668 CVE-2024-26924 CVE-2024-38541 CVE-2024-43854 CVE-2024-43889 CVE-2024-44989 CVE-2024-46826 CVE-2024-24857 CVE-2024-42079 CVE-2024-27062 CVE-2024-35898 CVE-2024-41066 CVE-2024-42284 CVE-2024-38586 CVE-2024-40984 CVE-2023-52492 CVE-2024-35839 CVE-2024-41093 CVE-2024-40924 CVE-2024-39503 CVE-2024-41092 CVE-2024-45018 CVE-2024-40983 CVE-2024-41042 CVE-2024-42301 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:10:baseos_patch cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [1.51.0-10] - Prevent integer overflow or wraparound, CVE-2024-4549 (RHEL-57519) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-45491 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:10:baseos_patch cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 [1.18.2-30.0.1] - Fixed race condition in krb5_set_password() [Orabug: 33609767] [1.18.2-30] - libkrad: implement support for Message-Authenticator (CVE-2024-3596) Resolves: RHEL-50253 - Remove RSA protocol for PKINIT Resolves: RHEL-17616 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-3596 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:10:baseos_patch Oracle Linux 8 delve [1.22.1-1.0.1] - Disable DWARF compression which has issues (Alex Burmashev) [1.22.1-1] - Rebase to 1.22.1 - Resolves: RHEL-54307 golang [1.22.7-1] - Update to Go 1.22.7 - Resolves: RHEL-58223 - Resolves: RHEL-57961 - Resolves: RHEL-57847 - Resolves: RHEL-57860 [1.22.5-3] - Update fix that loads Openssl in FIPS mode if fips==1 - Related: RHEL-52485 [1.22.5-2] - Include fix that loads Openssl only in FIPS mode to avoid panic - Resolves: RHEL-52485 [1.22.5-1] - Rebase to Go1.22.5 to fix CVE-2024-24791 - Resolves: RHEL-46972 [1.22.4-1] - Addresses CVEs-2024-24789 and CVE-2024-24790 - Resolves: RHEL-40157 [1.22.3-3] - Update openssl backend - Resolves: RHEL-36102 [1.22.3-2] - Restore HashSign / HashVerify API - Resolves: RHEL-35884 [1.22.3-1] - Update to Go 1.22.3 - Resolves: RHEL-35884 - Resolves: RHEL-35075 - Resolves: RHEL-35632 - Resolves: RHEL-35901 [1.22.2-1] - Rebase to 1.22.2 - Re-enable CGO - Skip TestCrashDumpsAllThreads - Resolves: RHEL-33157 go-toolset [1.22.7-1] - Update to Go 1.22.7 - Resolves: RHEL-58223 - Resolves: RHEL-57961 - Resolves: RHEL-57847 - Resolves: RHEL-57860 [1.22.5-1] - Rebase to Go1.22.5 to fix CVE-2024-24791 - Resolves: RHEL-46972 [1.22.4-1] - Addresses CVEs-2024-24789 and CVE-2024-24790 - Resolves: RHEL-40157 [1.22.3-1] - Update to Go 1.22.3 - Resolves: RHEL-35884 - Resolves: RHEL-35075 - Resolves: RHEL-35632 - Resolves: RHEL-35901 [1.22.2-1] - Update to Go 1.22.2 - Resolves: RHEL-33157 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-24790 cpe:/a:oracle:linux:8::appstream Oracle Linux 9 [4.4.0-12.1] - fix CVE-2024-7006 a null pointer dereference in tif_dirinfo (RHEL-52931) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-7006 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 8 [1.0.6-27.0.1] - CVE-2019-12900: Accept as many selectors as the file format allows [Orabug: 37266061] [1.0.6-27] - Fixes out of bounds access in BZ2_decompress (RHEL-64929) LOW Copyright 2024 Oracle, Inc. CVE-2019-12900 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:10:baseos_patch Oracle Linux 9 [20231122-6.0.1.el9_4.4] - Replace upstream references [Orabug:36569119] [20231122-6.el9_4.4] - edk2-Bumped-openssl-submodule-version-to-0205b5898872.patch [RHEL-55337] - Resolves: RHEL-55337 (CVE-2024-6119 edk2/openssl: Possible denial of service in X.509 name checks [rhel-9.4.z]) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-6119 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [4.9.4-16.0.1] - Fixes issue of podman execvp error while using podmansh [Orabug: 36073625] - Improved saving remote build context to tarfile in Podman daemon [Orabug: 36495655] - Add devices on container startup, not on creation - Backport fast gzip for compression [Orabug: 36420418] - overlay: Put should ignore ENINVAL for Unmount [Orabug: 36234694] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404] [4:4.9.4-16] - update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/70e4d02) - Resolves: RHEL-65451 [4:4.9.4-15] - update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/1866072) - Resolves: RHEL-61868 [4:4.9.4-14] - update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/235a22c) - Resolves: RHEL-61154 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-9676 CVE-2024-9407 CVE-2024-9675 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 [1.16.1-4.0.1] - Update origin URL [Orabug: 36209826] [1.16.1-4] - CVE-2024-4453 gstreamer1: EXIF Metadata Parsing Integer Overflow - Resolves: RHEL-38509 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-4453 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [2.2.5-16.0.1] - lib: Prevent integer overflow in doProlog [CVE-2022-23990][Orabug: 33910314] [2.2.5-16] - Fix CVE-2024-50602 - Resolves: RHEL-65062 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-50602 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:10:baseos_patch Oracle Linux 8 [1.13.1-14] - Fix CVE-2024-9632: xorg-x11-server: heap-based buffer overflow privilege escalation vulnerability Resolves: RHEL-61999 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-9632 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [2.62.3-6] - Backport upstream patch for CVE-2024-52530 - HTTP request smuggling via stripping null bytes from the ends of header names - Backport upstream patch for CVE-2024-52530 - infinite loop while reading websocket data - Resolves: RHEL-67076 - Resolves: RHEL-67067 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-52530 CVE-2024-52532 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:10:baseos_patch cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [2.46.3-1] - Update to 2.46.3 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-23271 CVE-2024-27838 CVE-2024-40866 CVE-2024-44187 CVE-2024-44185 CVE-2024-44296 CVE-2024-4558 CVE-2024-27820 CVE-2024-40789 CVE-2024-40780 CVE-2024-40782 CVE-2024-40779 CVE-2024-27851 CVE-2024-44244 cpe:/a:oracle:linux:8::appstream Oracle Linux 8 libecap squid [7:4.15-10.3] - Resolves: RHEL-22593 - CVE-2024-23638 squid:4/squid: vulnerable to a Denial of Service attack against Cache Manager error responses [7:4.15-10.2] - Disable ESI support - Resolves: RHEL-65075 - CVE-2024-45802 squid:4/squid: Denial of Service processing ESI response content [7:4.15-10.1] - Resolves: RHEL-56024 - (Regression) Transfer-encoding:chunked data is not sent to the client in its complementary IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-23638 CVE-2024-45802 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:8::appstream Oracle Linux 8 [2.30-125.0.1] - Forward port Oracle patches from 2.30-125 Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> Oracle history: LOW Copyright 2024 Oracle, Inc. CVE-2018-12699 cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:10:baseos_patch cpe:/a:oracle:linux:8::appstream