Oracle Errata System Oracle Linux 5.11 2024-04-08T23:51:46 Oracle Linux 9 [3.0.1-43.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.1-43] - CVE-2022-3602: X.509 Email Address Buffer Overflow - running tests Resolves: CVE-2022-3602 [1:3.0.1-42] - CVE-2022-3602: X.509 Email Address Buffer Overflow Resolves: CVE-2022-3602 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-3786 CVE-2022-3602 Oracle Linux 9 [0.11.3-4] - Fixed ruby socket permissions - Resolves: rhbz#2116841 [0.11.3-3] - Fixed booth ticket mode value case insensitive - Fixed booth sync check whether /etc/booth exists - Resolves: rhbz#2026725 rhbz#2058243 [0.11.3-2] - Fixed 'pcs resource restart' traceback - Resolves: rhbz#2102663 [0.11.3-1] - Rebased to latest upstream sources (see CHANGELOG.md) - Updated pcs-web-ui - Updated bundled rubygems: rack - Resolves: rhbz#2059122 rhbz#2059177 rhbz#2059501 rhbz#2095695 rhbz#2096886 rhbz#2097730 rhbz#2097731 rhbz#2097732 rhbz#2097733 rhbz#2097778 [0.11.2-1] - Rebased to latest upstream sources (see CHANGELOG.md) - Updated pcs-web-ui - Updated bundled rubygems: backports, daemons, ethon ffi, ruby2_keywords, thin - Stopped bundling rubygem-rexml (use distribution package instead) - Resolves: rhbz#1301204 rhbz#2024522 rhbz#2026725 rhbz#2029844 rhbz#2039884 rhbz#2053177 rhbz#2054671 rhbz#2058243 rhbz#2058246 rhbz#2058247 rhbz#2058251 rhbz#2058252 rhbz#2059142 rhbz#2059145 rhbz#2059148 rhbz#2059149 rhbz#2059501 rhbz#2064818 rhbz#2068457 rhbz#2076585 [0.11.1-11] - Updated bundled rubygems: sinatra, rack-protection - Resolves: rhbz#2081334 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1049 Oracle Linux 8 Oracle Linux 9 [5.15.0-4.70.5.2] - Revert 'sched: Remove the limitation of WF_ON_CPU on wakelist if wakee cpu is idle' (Samasth Norway Ananda) [Orabug: 34783367] [5.15.0-4.70.5.1] - NFSv4: Fixes for nfs4_inode_return_delegation() (Trond Myklebust) [Orabug: 34751176] [5.15.0-4.70.5] - uek: kabi: update kABI files for new symbols (Saeed Mirzamohammadi) [Orabug: 34595591] - Revert 'scsi: lpfc: SLI path split: Refactor lpfc_iocbq' (John Donnelly) [Orabug: 34678989] - Revert 'scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4' (John Donnelly) [Orabug: 34678989] - Revert 'scsi: lpfc: SLI path split: Refactor SCSI paths' (John Donnelly) [Orabug: 34678989] - Revert 'scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID' (John Donnelly) [Orabug: 34678989] - Revert 'scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup()' (John Donnelly) [Orabug: 34678989] - Revert 'scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4()' (John Donnelly) [Orabug: 34678989] - Revert 'scsi: lpfc: Resolve some cleanup issues following SLI path refactoring' (John Donnelly) [Orabug: 34678989] - Revert 'scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input' (John Donnelly) [Orabug: 34678989] - Revert 'scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE' (John Donnelly) [Orabug: 34678989] - RDS/IB Fix allocation warning (Hans Westgaard Ry) [Orabug: 34684321] - fs: remove no_llseek (Jason A. Donenfeld) [Orabug: 34705082] - vfio: do not set FMODE_LSEEK flag (Jason A. Donenfeld) [Orabug: 34705082] - dma-buf: remove useless FMODE_LSEEK flag (Jason A. Donenfeld) [Orabug: 34705082] - fs: do not compare against ->llseek (Jason A. Donenfeld) [Orabug: 34705082] - fs: clear or set FMODE_LSEEK based on llseek function (Jason A. Donenfeld) [Orabug: 34705082] - hwmon: (opbmc) AST2600 SP reset driver adjustment (Jan Zdarek) [Orabug: 34710681] - hwmon: (opbmc) Driver message prefixes (Jan Zdarek) [Orabug: 34710681] - NFSD: fix use-after-free on source server when doing inter-server copy (Dai Ngo) [Orabug: 34716070] [5.15.0-4.70.4] - xen/ovmapi: Build OVM guest messaging driver (Jonah Palmer) [Orabug: 34512197] - net/rds: Send congestion map updates only via path zero (Anand Khoje) [Orabug: 34578048] - Revert 'RDS/IB: Fix RDS IB SRQ implementation and tune it' (Hans Westgaard Ry) [Orabug: 34662659] - RDMA/cma: Use output interface for net_dev check (Hakon Bugge) [Orabug: 34694979] - crypto: qat - add support for 401xx devices (Giovanni Cabiddu) [Orabug: 34686738] [5.15.0-4.70.3] - Revert 'Makefile: link with -z noexecstack --no-warn-rwx-segments' (Jack Vogel) - Revert 'x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments' (Jack Vogel) [5.15.0-4.70.2] - LTS version: v5.15.70 (Jack Vogel) - ALSA: hda/sigmatel: Fix unused variable warning for beep power change (Takashi Iwai) - KVM: SEV: add cache flush to solve SEV cache incoherency issues (Mingwei Zhang) - net: Find dst with sk's xfrm policy not ctl_sk (sewookseo) - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (Hyunwoo Kim) - mksysmap: Fix the mismatch of 'L0' symbols in System.map (Youling Tang) - drm/panfrost: devfreq: set opp to the recommended one to configure regulator (Clement Peron) - MIPS: OCTEON: irq: Fix octeon_irq_force_ciu_mapping() (Alexander Sverdlin) - afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked (David Howells) - net: usb: qmi_wwan: add Quectel RM520N (jerry.meng) - ALSA: hda/tegra: Align BDL entry to 4KB boundary (Mohan Kumar) - ALSA: hda/sigmatel: Keep power up while beep is enabled (Takashi Iwai) - wifi: mac80211_hwsim: check length for virtio packets (Soenke Huster) - rxrpc: Fix calc of resend age (David Howells) - rxrpc: Fix local destruction being repeated (David Howells) - scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (Hannes Reinecke) - regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (Xiaolei Wang) - ASoC: nau8824: Fix semaphore unbalance at error paths (Takashi Iwai) - arm64: dts: juno: Add missing MHU secure-irq (Jassi Brar) - video: fbdev: i740fb: Error out if 'pixclock' equals zero (Zheyu Ma) - binder: remove inaccurate mmap_assert_locked() (Carlos Llamas) - drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega (Alex Deucher) - drm/amdgpu: move nbio ih_doorbell_range() into ih code for vega (Alex Deucher) - drm/amdgpu: Don't enable LTR if not supported (Lijo Lazar) for parisc and xtensa (Ben Hutchings) - parisc: Allow CONFIG_64BIT with ARCH=parisc (Helge Deller) - cifs: always initialize struct msghdr smb_msg completely (Stefan Metzmacher) - cifs: don't send down the destination address to sendmsg for a SOCK_STREAM (Stefan Metzmacher) - cifs: revalidate mapping when doing direct writes (Ronnie Sahlberg) - of/device: Fix up of_dma_configure_id() stub (Thierry Reding) - parisc: ccio-dma: Add missing iounmap in error path in ccio_probe() (Yang Yingliang) - block: blk_queue_enter() / __bio_queue_enter() must return -EAGAIN for nowait (Stefan Roesch) - drm/meson: Fix OSD1 RGB to YCbCr coefficient (Stuart Menefy) - drm/meson: Correct OSD1 global alpha value (Stuart Menefy) - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (Pali Rohar) - NFSv4: Turn off open-by-filehandle and NFS re-export for NFSv4.0 (Trond Myklebust) - pinctrl: sunxi: Fix name for A100 R_PIO (Michael Wu) - pinctrl: rockchip: Enhance support for IRQ_TYPE_EDGE_BOTH (Joao H. Spies) - pinctrl: qcom: sc8180x: Fix wrong pin numbers (Molly Sophia) - pinctrl: qcom: sc8180x: Fix gpio_wakeirq_map (Molly Sophia) - of: fdt: fix off-by-one error in unflatten_dt_nodes() (Sergey Shtylyov) - tty: serial: atmel: Preserve previous USART mode if RS485 disabled (Sergiu Moga) - serial: atmel: remove redundant assignment in rs485_config (Lino Sanfilippo) - drm/tegra: vic: Fix build warning when CONFIG_PM=n (YueHaibing) - LTS version: v5.15.69 (Jack Vogel) - Input: goodix - add compatible string for GT1158 (Jarrah Gosbell) - RDMA/irdma: Use s/g array in post send only when its valid (Sindhu-Devale) - usb: gadget: f_uac2: fix superspeed transfer (Jing Leng) - usb: gadget: f_uac2: clean up some inconsistent indenting (Colin Ian King) - soc: fsl: select FSL_GUTS driver for DPIO (Mathew McBride) - mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region() (Jann Horn) to IGNORE_UAS (Hu Xiaoying) - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (Hans de Goede) - perf/arm_pmu_platform: fix tests for platform_get_irq() failure (Yu Zhe) - net: dsa: hellcreek: Print warning only once (Kurt Kanzenbach) - drm/amd/amdgpu: skip ucode loading if ucode_size == 0 (Chengming Gui) - nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() (Maurizio Lombardi) - Input: iforce - add support for Boeder Force Feedback Wheel (Greg Tulli) - ieee802154: cc2520: add rc code in cc2520_tx() (Li Qiong) - gpio: mockup: remove gpio debugfs when remove device (Wei Yongjun) - tg3: Disable tg3 device on system reboot to avoid triggering AER (Kai-Heng Feng) - hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (Even Xu) - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (Jason Wang) - dt-bindings: iio: gyroscope: bosch,bmg160: correct number of pins (Krzysztof Kozlowski) - drm/msm/rd: Fix FIFO-full deadlock (Rob Clark) - platform/surface: aggregator_registry: Add support for Surface Laptop Go 2 (Maximilian Luz) - Input: goodix - add support for GT1158 (Ondrej Jirman) - iommu/vt-d: Fix kdump kernels boot failure with scalable mode (Lu Baolu) - tracefs: Only clobber mode/uid/gid on remount if asked (Brian Norris) - tracing: hold caller_addr to hardirq_{enable,disable}_ip (Yipeng Zou) - task_stack, x86/cea: Force-inline stack helpers (Borislav Petkov) - x86/mm: Force-inline __phys_addr_nodebug() (Borislav Petkov) - lockdep: Fix -Wunused-parameter for _THIS_IP_ (Nick Desaulniers) - ARM: dts: at91: sama7g5ek: specify proper regulator output ranges (Claudiu Beznea) - ARM: dts: at91: fix low limit for CPU regulator (Claudiu Beznea) - ARM: dts: imx6qdl-kontron-samx6i: fix spi-flash compatible (Marco Felsch) - ARM: dts: imx: align SPI NOR node name with dtschema (Krzysztof Kozlowski) - ACPI: resource: skip IRQ override on AMD Zen platforms (Chuanhong Guo) - NFS: Fix WARN_ON due to unionization of nfs_inode.nrequests (Dave Wysochanski) - LTS version: v5.15.68 (Jack Vogel) - ARM: at91: ddr: remove CONFIG_SOC_SAMA7 dependency (Claudiu Beznea) - perf machine: Use path__join() to compose a path instead of snprintf(dir, '/', filename) (Arnaldo Carvalho de Melo) - drm/bridge: display-connector: implement bus fmts callbacks (Neil Armstrong) - arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly (Ionela Voinescu) - iommu/vt-d: Correctly calculate sagaw value of IOMMU (Lu Baolu) - arm64/bti: Disable in kernel BTI when cross section thunks are broken (Mark Brown) - Revert 'arm64: kasan: Revert 'arm64: mte: reset the page tag in page->flags'' (Sasha Levin) - hwmon: (mr75203) enable polling for all VM channels (Eliav Farber) - hwmon: (mr75203) fix multi-channel voltage reading (Eliav Farber) - hwmon: (mr75203) fix voltage equation for negative source input (Eliav Farber) - hwmon: (mr75203) update pvt->v_num and vm_num to the actual number of used sensors (Eliav Farber) - hwmon: (mr75203) fix VM sensor allocation when 'intel,vm-map' not defined (Eliav Farber) - s390/boot: fix absolute zero lowcore corruption on boot (Alexander Gordeev) - iommu/amd: use full 64-bit value in build_completion_wait() (John Sperbeck) - swiotlb: avoid potential left shift overflow (Chao Gao) - i40e: Fix ADQ rate limiting for PF (Przemyslaw Patynowski) - i40e: Refactor tc mqprio checks (Przemyslaw Patynowski) - kbuild: disable header exports for UML in a straightforward way (Masahiro Yamada) - MIPS: loongson32: ls1c: Fix hang during startup (Yang Ling) - ASoC: mchp-spdiftx: Fix clang -Wbitfield-constant-conversion (Nathan Chancellor) - ASoC: mchp-spdiftx: remove references to mchp_i2s_caps (Claudiu Beznea) - hwmon: (tps23861) fix byte order in resistance register (Alexandru Gagniuc) - perf script: Fix Cannot print 'iregs' field for hybrid systems (Zhengjun Xing) - sch_sfb: Also store skb len before calling child enqueue (Toke Hoiland-Jorgensen) - RDMA/irdma: Report RNR NAK generation in device caps (Sindhu-Devale) - RDMA/irdma: Return correct WC error for bind operation failure (Sindhu-Devale) - RDMA/irdma: Report the correct max cqes from query device (Sindhu-Devale) - nvmet: fix mar and mor off-by-one errors (Dennis Maisenbacher) - tcp: fix early ETIMEDOUT after spurious non-SACK RTO (Neal Cardwell) - nvme-tcp: fix regression that causes sporadic requests to time out (Sagi Grimberg) - nvme-tcp: fix UAF when detecting digest errors (Sagi Grimberg) - erofs: fix pcluster use-after-free on UP platforms (Gao Xiang) - RDMA/mlx5: Set local port to one when accessing counters (Chris Mi) - IB/core: Fix a nested dead lock as part of ODP flow (Yishai Hadas) - ipv6: sr: fix out-of-bounds read when setting HMAC data. (David Lebrun) - RDMA/siw: Pass a pointer to virt_to_page() (Linus Walleij) - xen-netback: only remove 'hotplug-status' when the vif is actually destroyed (Paul Durrant) - iavf: Detach device during reset task (Ivan Vecera) - i40e: Fix kernel crash during module removal (Ivan Vecera) - ice: use bitmap_free instead of devm_kfree (Michal Swiatkowski) - tcp: TX zerocopy should not sense pfmemalloc status (Eric Dumazet) - net: introduce __skb_fill_page_desc_noacc (Pavel Begunkov) - tipc: fix shift wrapping bug in map_get() (Dan Carpenter) - sch_sfb: Don't assume the skb is still around after enqueueing to child (Toke Hoiland-Jorgensen) - Revert 'net: phy: meson-gxl: improve link-up behavior' (Heiner Kallweit) - afs: Use the operation issue time instead of the reply time for callbacks (David Howells) - rxrpc: Fix an insufficiently large sglist in rxkad_verify_packet_2() (David Howells) - rxrpc: Fix ICMP/ICMP6 error handling (David Howells) - ALSA: usb-audio: Register card again for iface over delayed_register option (Takashi Iwai) - ALSA: usb-audio: Inform the delayed registration more properly (Takashi Iwai) - RDMA/srp: Set scmnd->result only when scmnd is not NULL (yangx.jy@fujitsu.com) - netfilter: nf_conntrack_irc: Fix forged IP logic (David Leadbeater) - netfilter: nf_tables: clean up hook list when offload flags check fails (Pablo Neira Ayuso) - netfilter: br_netfilter: Drop dst references before setting. (Harsh Modi) - ARM: dts: at91: sama5d2_icp: don't keep vdd_other enabled all the time (Claudiu Beznea) - ARM: dts: at91: sama5d27_wlsom1: don't keep ldo2 enabled all the time (Claudiu Beznea) - ARM: dts: at91: sama5d2_icp: specify proper regulator output ranges (Claudiu Beznea) - ARM: dts: at91: sama5d27_wlsom1: specify proper regulator output ranges (Claudiu Beznea) - ARM: at91: pm: fix DDR recalibration when resuming from backup and self-refresh (Claudiu Beznea) - ARM: at91: pm: fix self-refresh for sama7g5 (Claudiu Beznea) - wifi: wilc1000: fix DMA on stack objects (Ajay.Kathat@microchip.com) - RDMA/hns: Fix wrong fixed value of qp->rq.wqe_shift (Wenpeng Liang) - RDMA/hns: Fix supported page size (Chengchang Tang) - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs (Liang He) - RDMA/cma: Fix arguments order in net device validation (Michael Guralnik) - tee: fix compiler warning in tee_shm_register() (Jens Wiklander) - regulator: core: Clean up on enable failure (Andrew Halaney) - soc: imx: gpcv2: Assert reset before ungating clock (Marek Vasut) - ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node (Marco Felsch) - RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (Jack Wang) - RDMA/rtrs-clt: Use the right sg_cnt after ib_dma_map_sg (Jack Wang) - ASoC: qcom: sm8250: add missing module owner (Srinivas Kandagatla) - cgroup: Elide write-locking threadgroup_rwsem when updating csses on an empty subtree (Tejun Heo) - NFS: Fix another fsync() issue after a server reboot (Trond Myklebust) - NFS: Save some space in the inode (Trond Myklebust) - NFS: Further optimisations for 'ls -l' (Trond Myklebust) - scsi: lpfc: Add missing destroy_workqueue() in error path (Yang Yingliang) - scsi: mpt3sas: Fix use-after-free warning (Sreekanth Reddy) - drm/i915: Implement WaEdpLinkRateDataReload (Ville Syrjala) - nvmet: fix a use-after-free (Bart Van Assche) - drm/amd/display: fix memory leak when using debugfs_lookup() (Greg Kroah-Hartman) - sched/debug: fix dentry leak in update_sched_domain_debugfs (Greg Kroah-Hartman) - debugfs: add debugfs_lookup_and_remove() (Greg Kroah-Hartman) - kprobes: Prohibit probes in gate area (Christian A. Ehrhardt) - vfio/type1: Unpin zero pages (Alex Williamson) - btrfs: zoned: set pseudo max append zone limit in zone emulation mode (Shin'ichiro Kawasaki) - tracing: Fix to check event_mutex is held while accessing trigger list (Masami Hiramatsu (Google)) - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (Dongxiang Ke) - ALSA: usb-audio: Split endpoint setups for hw_params and prepare (Takashi Iwai) - ALSA: aloop: Fix random zeros in capture data when using jiffies timer (Pattara Teerapong) - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (Tasos Sahanidis) - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (Takashi Iwai) - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (Qu Huang) - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (Yang Yingliang) - fbdev: fbcon: Destroy mutex on freeing struct fb_info (Shigeru Yoshida) - md: Flush workqueue md_rdev_misc_wq in md_alloc() (David Sloan) - net/core/skbuff: Check the return value of skb_copy_bits() (lily) - cpufreq: check only freq_table in __resolve_freq() (Lukasz Luba) - netfilter: conntrack: work around exceeded receive window (Florian Westphal) - arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level (Sudeep Holla) - parisc: Add runtime check to prevent PA2.0 kernels on PA1.x machines (Helge Deller) - parisc: ccio-dma: Handle kmalloc failure in ccio_init_resources() (Li Qiong) - Revert 'parisc: Show error if wrong 32/64-bit compiler is being used' (Helge Deller) - scsi: ufs: core: Reduce the power mode change timeout (Bart Van Assche) - drm/radeon: add a force flush to delay work when radeon (Zhenneng Li) - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup. (Candice Li) - drm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device to psp_hw_fini (YiPeng Chai) - drm/gem: Fix GEM handle release errors (Jeffy Chen) - scsi: megaraid_sas: Fix double kfree() (Guixin Liu) - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (Tony Battersby) - Revert 'mm: kmemleak: take a full lowmem check in kmemleak_*_phys()' (Yee Lee) - fs: only do a memory barrier for the first set_buffer_uptodate() (Linus Torvalds) - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (Stanislaw Gruszka) - efi: capsule-loader: Fix use-after-free in efi_capsule_write (Hyunwoo Kim) - efi: libstub: Disable struct randomization (Ard Biesheuvel) - net: wwan: iosm: remove pointless null check (Jakub Kicinski) - LTS version: v5.15.67 (Jack Vogel) - kbuild: fix up permissions on scripts/pahole-flags.sh (Greg Kroah-Hartman) - LTS version: v5.15.66 (Jack Vogel) - USB: serial: ch341: fix disabled rx timer on older devices (Johan Hovold) - USB: serial: ch341: fix lost character on LCR updates (Johan Hovold) - usb: dwc3: disable USB core PHY management (Johan Hovold) - usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (Johan Hovold) - usb: dwc3: fix PHY disable sequence (Johan Hovold) - kbuild: Add skip_encoding_btf_enum64 option to pahole (Martin Rodriguez Reboredo) - kbuild: Unify options for BTF generation for vmlinux and modules (Jiri Olsa) - tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() (Mazin Al Haddad) - drm/i915: Skip wm/ddb readout for disabled pipes (Ville Syrjala) - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (Diego Santa Cruz) - ALSA: seq: Fix data-race at module auto-loading (Takashi Iwai) - ALSA: seq: oss: Fix data-race for max_midi_devs access (Takashi Iwai) - ALSA: hda/realtek: Add speaker AMP init for Samsung laptops with ALC298 (Kacper Michajlow) - net: mac802154: Fix a condition in the receive path (Miquel Raynal) - net: Use u64_stats_fetch_begin_irq() for stats fetch. (Sebastian Andrzej Siewior) - ip: fix triggering of 'icmp redirect' (Nicolas Dichtel) - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (Siddh Raman Pant) - wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected (Siddh Raman Pant) - driver core: Don't probe devices after bus_type.match() probe deferral (Isaac J. Manjarres) - usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (Krishna Kurapati) - usb: xhci-mtk: fix bandwidth release issue (Chunfeng Yun) - usb: xhci-mtk: relax TT periodic bandwidth allocation (Chunfeng Yun) - USB: core: Prevent nested device-reset calls (Alan Stern) - s390: fix nospec table alignments (Josh Poimboeuf) - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (Gerald Schaefer) - usb-storage: Add ignore-residue quirk for NXP PN7462AU (Witold Lipieta) - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (Thierry GUIBERT) - usb: cdns3: fix incorrect handling TRB_SMM flag for ISOC transfer (Pawel Laszczak) - usb: cdns3: fix issue with rearming ISO OUT endpoint (Pawel Laszczak) - usb: dwc2: fix wrong order of phy_power_on and phy_init (Heiner Kallweit) - usb: typec: tcpm: Return ENOTSUPP for power supply prop writes (Badhri Jagan Sridharan) - usb: typec: intel_pmc_mux: Add new ACPI ID for Meteor Lake IOM device (Utkarsh Patel) - usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles (Pablo Sun) - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (Slark Xiao) - USB: serial: option: add Quectel EM060K modem (Yonglin Tan) - USB: serial: option: add support for OPPO R11 diag port (Yan Xinyu) - USB: serial: cp210x: add Decagon UCA device id (Johan Hovold) - xhci: Add grace period after xHC start to prevent premature runtime suspend. (Mathias Nyman) - media: mceusb: Use new usb_control_msg_*() routines (Alan Stern) - usb: dwc3: pci: Add support for Intel Raptor Lake (Heikki Krogerus) - thunderbolt: Use the actual buffer in tb_async_error() (Mika Westerberg) - xen-blkfront: Cache feature_persistent value before advertisement (SeongJae Park) - xen-blkfront: Advertise feature-persistent as user requested (SeongJae Park) - xen-blkback: Advertise feature-persistent as user requested (SeongJae Park) - mm: pagewalk: Fix race between unmap and page walker (Steven Price) - xen/grants: prevent integer overflow in gnttab_dma_alloc_pages() (Dan Carpenter) - KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (Jim Mattson) - gpio: pca953x: Add mutex_lock for regcache sync in PM (Haibo Chen) - hwmon: (gpio-fan) Fix array out of bounds access (Armin Wolf) - clk: bcm: rpi: Add missing newline (Stefan Wahren) - clk: bcm: rpi: Prevent out-of-bounds access (Stefan Wahren) - clk: bcm: rpi: Use correct order for the parameters of devm_kcalloc() (Christophe JAILLET) - clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (Stefan Wahren) - Input: rk805-pwrkey - fix module autoloading (Peter Robinson) - clk: core: Fix runtime PM sequence in clk_core_unprepare() (Chen-Yu Tsai) - Revert 'clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops' (Stephen Boyd) - clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (Chen-Yu Tsai) - drm/i915/reg: Fix spelling mistake 'Unsupport' -> 'Unsupported' (Colin Ian King) - KVM: VMX: Heed the 'msr' argument in msr_write_intercepted() (Jim Mattson) - cifs: fix small mempool leak in SMB2_negotiate() (Enzo Matsumiya) - binder: fix alloc->vma_vm_mm null-ptr dereference (Carlos Llamas) - binder: fix UAF of ref->proc caused by race condition (Carlos Llamas) - mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage switch failure (Adrian Hunter) - mmc: core: Fix UHS-I SD 1.8V workaround branch (Adrian Hunter) - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (Niek Nooijens) - misc: fastrpc: fix memory corruption on open (Johan Hovold) - misc: fastrpc: fix memory corruption on probe (Johan Hovold) - iio: adc: mcp3911: use correct formula for AD conversion (Marcus Folkesson) - iio: ad7292: Prevent regulator double disable (Matti Vaittinen) - Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (Tetsuo Handa) - tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete (Sherry Sun) - musb: fix USB_MUSB_TUSB6010 dependency (Arnd Bergmann) - vt: Clear selection before changing the font (Helge Deller) - powerpc: align syscall table for ppc32 (Masahiro Yamada) - staging: r8188eu: add firmware dependency (Grzegorz Szymaszek) - staging: rtl8712: fix use after free bugs (Dan Carpenter) - serial: fsl_lpuart: RS485 RTS polariy is inverse (Shenwei Wang) - soundwire: qcom: fix device status array range (Srinivas Kandagatla) - net/smc: Remove redundant refcount increase (Yacan Liu) - Revert 'sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb' (Jakub Kicinski) - tcp: annotate data-race around challenge_timestamp (Eric Dumazet) - sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb (Toke Hoiland-Jorgensen) - kcm: fix strp_init() order and cleanup (Cong Wang) - mlxbf_gige: compute MDIO period based on i1clk (David Thompson) - ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler (Duoming Zhou) - net/sched: fix netdevice reference leaks in attach_default_qdiscs() (Wang Hai) - net: sched: tbf: don't call qdisc_put() while holding tree lock (Zhengchao Shao) - net: dsa: xrs700x: Use irqsave variant for u64 stats update (Sebastian Andrzej Siewior) - openvswitch: fix memory leak at failed datapath creation (Andrey Zhadchenko) - net: smsc911x: Stop and start PHY during suspend and resume (Florian Fainelli) - net: sparx5: fix handling uneven length packets in manual extraction (Casper Andersson) - Revert 'xhci: turn off port power in shutdown' (Mathias Nyman) - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (Dan Carpenter) - ALSA: hda: intel-nhlt: Correct the handling of fmt_config flexible array (Peter Ujfalusi) - ALSA: hda: intel-nhlt: remove use of __func__ in dev_dbg (Pierre-Louis Bossart) - drm/i915/display: avoid warnings when registering dual panel backlight (Arun R Murthy) - drm/i915/backlight: extract backlight code to a separate file (Jani Nikula) - ieee802154/adf7242: defer destroy_workqueue call (Lin Ma) - bpf, cgroup: Fix kernel BUG in purge_effective_progs (Pu Lehui) - bpf: Restrict bpf_sys_bpf to CAP_PERFMON (YiFei Zhu) - skmsg: Fix wrong last sg check in sk_msg_recvmsg() (Liu Jian) - iio: adc: mcp3911: make use of the sign bit (Marcus Folkesson) - platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (Andy Shevchenko) - drm/msm/dsi: Fix number of regulators for SDM660 (Douglas Anderson) - drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (Douglas Anderson) - drm/msm/dp: delete DP_RECOVERED_CLOCK_OUT_EN to fix tps4 (Kuogee Hsieh) - drm/msm/dsi: fix the inconsistent indenting (sunliming) - LTS version: v5.15.65 (Jack Vogel) - net: neigh: don't call kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - net/af_packet: check len when min_header_len equals to 0 (Zhengchao Shao) - android: binder: fix lockdep check on clearing vma (Liam Howlett) - btrfs: fix space cache corruption and potential double allocations (Omar Sandoval) - kprobes: don't call disarm_kprobe() for disabled kprobes (Kuniyuki Iwashima) - btrfs: tree-checker: check for overlapping extent items (Josef Bacik) - btrfs: fix lockdep splat with reloc root extent buffers (Josef Bacik) - btrfs: move lockdep class helpers to locking.c (Josef Bacik) - testing: selftests: nft_flowtable.sh: use random netns names (Florian Westphal) - netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y (Geert Uytterhoeven) - drm/amd/display: avoid doing vm_init multiple time (Charlene Liu) - drm/amdgpu: Increase tlb flush timeout for sriov (Dusica Milinkovic) - drm/amd/display: Fix pixel clock programming (Ilya Bakoulin) - drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid (Evan Quan) - ksmbd: don't remove dos attribute xattr on O_TRUNC open (Namjae Jeon) - s390/hypfs: avoid error message under KVM (Juergen Gross) - neigh: fix possible DoS due to net iface start/stop loop (Denis V. Lunev) - ksmbd: return STATUS_BAD_NETWORK_NAME error status if share is not configured (Namjae Jeon) - drm/amd/display: clear optc underflow before turn off odm clock (Fudong Wang) - drm/amd/display: For stereo keep 'FLIP_ANY_FRAME' (Alvin Lee) - drm/amd/display: Fix HDMI VSIF V3 incorrect issue (Leo Ma) - drm/amd/display: Avoid MPC infinite loop (Josip Pavic) - ASoC: sh: rz-ssi: Improve error handling in rz_ssi_probe() error path (Biju Das) - fs/ntfs3: Fix work with fragmented xattr (Konstantin Komarov) - btrfs: fix warning during log replay when bumping inode link count (Filipe Manana) - btrfs: add and use helper for unlinking inode during log replay (Filipe Manana) - btrfs: remove no longer needed logic for replaying directory deletes (Filipe Manana) - btrfs: remove root argument from btrfs_unlink_inode() (Filipe Manana) - mmc: sdhci-of-dwcmshc: Re-enable support for the BlueField-3 SoC (Liming Sun) - mmc: sdhci-of-dwcmshc: rename rk3568 to rk35xx (Sebastian Reichel) - mmc: sdhci-of-dwcmshc: add reset call back for rockchip Socs (Yifeng Zhao) - mmc: mtk-sd: Clear interrupts when cqe off/disable (Wenbin Mei) - drm/i915/gt: Skip TLB invalidations once wedged (Chris Wilson) - HID: thrustmaster: Add sparco wheel and fix array length (Michael Hubner) - HID: asus: ROG NKey: Ignore portion of 0x5a report (Josh Kilmer) - HID: AMD_SFH: Add a DMI quirk entry for Chromebooks (Akihiko Odaki) - HID: add Lenovo Yoga C630 battery quirk (Steev Klimaszewski) - ALSA: usb-audio: Add quirk for LH Labs Geek Out HD Audio 1V5 (Takashi Iwai) - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (Jann Horn) - bpf: Don't redirect packets with invalid pkt_len (Zhengchao Shao) - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (Yang Jihong) - fbdev: fb_pm2fb: Avoid potential divide by zero error (Letu Ren) - net: fix refcount bug in sk_psock_get (2) (Hawkins Jiawei) - HID: hidraw: fix memory leak in hidraw_release() (Karthik Alapati) - media: pvrusb2: fix memory leak in pvr_probe (Dongliang Mu) - udmabuf: Set the DMA mask for the udmabuf device (v2) (Vivek Kasireddy) - HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report (Lee Jones) - Revert 'PCI/portdrv: Don't disable AER reporting in get_port_device_capability()' (Greg Kroah-Hartman) - Bluetooth: L2CAP: Fix build errors in some archs (Luiz Augusto von Dentz) - kbuild: Fix include path in scripts/Makefile.modpost (Jing Leng) - io_uring: fix UAF due to missing POLLFREE handling (Pavel Begunkov) - io_uring: fix wrong arm_poll error handling (Pavel Begunkov) - io_uring: fail links when poll fails (Pavel Begunkov) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1184 Oracle Linux 8 Oracle Linux 9 [5.15.0-5.76.5.1] - proc: proc_skip_spaces() shouldn't think it is working on C strings (Linus Torvalds) [Orabug: 34883037] {CVE-2022-4378} - proc: avoid integer type confusion in get_proc_long (Linus Torvalds) [Orabug: 34883037] {CVE-2022-4378} [5.15.0-5.76.5] - KVM: x86: Use SRCU to protect zap in __kvm_set_or_clear_apicv_inhibit() (Ben Gardon) [Orabug: 34817119] - KVM: x86: Don't inhibit APICv/AVIC if xAPIC ID mismatch is due to 32-bit ID (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Track xAPIC ID only on userspace SET, _after_ vAPIC is updated (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Process ICR on AVIC IPI delivery failure due to invalid target (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Flush the 'current' TLB when activating AVIC (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Purge 'highest ISR' cache when updating APICv state (Sean Christopherson) [Orabug: 34817119] - iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Add AVIC doorbell tracepoint (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: x86: Warning APICv inconsistency only when vcpu APIC mode is valid (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Introduce hybrid-AVIC mode (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Do not throw warning when calling avic_vcpu_load on a running vcpu (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Introduce logic to (de)activate x2AVIC mode (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Refresh AVIC configuration when changing APIC mode (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: x86: Deactivate APICv on vCPU with APIC disabled (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Do not virtualize MSR accesses for APIC LVTT register (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Fix x2APIC MSRs interception (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Adding support for configuring x2APIC MSRs interception (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Do not support updating APIC ID when in x2APIC mode (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Compute dest based on sender's x2APIC status for AVIC kick (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Update avic_kick_target_vcpus to support 32-bit APIC ID (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Update max number of vCPUs supported for x2AVIC mode (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Detect X2APIC virtualization (x2AVIC) support (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: x86: lapic: Rename [GET/SET]_APIC_DEST_FIELD to [GET/SET]_XAPIC_DEST_FIELD (Suravee Suthikulpanit) [Orabug: 34817119] - x86/cpufeatures: Introduce x2AVIC CPUID bit (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: x86: Blindly get current x2APIC reg value on 'nodecode write' traps (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Bug the VM if an accelerated x2APIC trap occurs on a 'bad' reg (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Do not block APIC write for non ICR registers (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: x86: Add support for vICR APIC-write VM-Exits in x2APIC mode (Zeng Guang) [Orabug: 34817119] - KVM: x86: disable preemption while updating apicv inhibition (Maxim Levitsky) [Orabug: 34817119] - KVM: SVM: Fix x2APIC Logical ID calculation for avic_kick_target_vcpus_fast (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: x86: SVM: fix avic_kick_target_vcpus_fast (Maxim Levitsky) [Orabug: 34817119] - KVM: x86: SVM: remove avic's broken code that updated APIC ID (Maxim Levitsky) [Orabug: 34817119] - KVM: x86: Don't inhibit APICv/AVIC on xAPIC ID 'change' if APIC is disabled (Sean Christopherson) [Orabug: 34817119] - KVM: x86: inhibit APICv/AVIC on changes to APIC ID or APIC base (Maxim Levitsky) [Orabug: 34817119] - KVM: x86: document AVIC/APICv inhibit reasons (Maxim Levitsky) [Orabug: 34817119] - KVM: x86: SVM: allow to force AVIC to be enabled (Maxim Levitsky) [Orabug: 34817119] - KVM: SVM: Introduce trace point for the slow-path of avic_kic_target_vcpus (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Use target APIC ID to complete AVIC IRQs when possible (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: x86: Skip KVM_GUESTDBG_BLOCKIRQ APICv update if APICv is disabled (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Do not activate AVIC for SEV-enabled guest (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: x86: Trace all APICv inhibit changes and capture overall status (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Add wrappers for setting/clearing APICv inhibits (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Make APICv inhibit reasons an enum and cleanup naming (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Disable preemption across AVIC load/put during APICv refresh (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Treat x2APIC's ICR as a 64-bit register, not two 32-bit regs (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Add helpers to handle 64-bit APIC MSR read/writes (Sean Christopherson) [Orabug: 34817119] - KVM: x86: WARN if KVM emulates an IPI without clearing the BUSY flag (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Don't rewrite guest ICR on AVIC IPI virtualization failure (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Use 'raw' APIC register read for handling APIC-write VM-Exit (Sean Christopherson) [Orabug: 34817119] - KVM: VMX: Handle APIC-write offset wrangling in VMX code (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Rename AVIC helpers to use 'avic' prefix instead of 'svm' (Sean Christopherson) [Orabug: 34817119] - KVM: VMX: Rename VMX functions to conform to kvm_x86_ops names (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Rename kvm_x86_ops pointers to align w/ preferred vendor names (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Drop export for .tlb_flush_current() static_call key (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Skip APICv update if APICv is disable at the module level (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Unexport __kvm_request_apicv_update() (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: fix race between interrupt delivery and AVIC inhibition (Maxim Levitsky) [Orabug: 34817119] - KVM: SVM: set IRR in svm_deliver_interrupt (Paolo Bonzini) [Orabug: 34817119] - KVM: SVM: extract avic_ring_doorbell (Maxim Levitsky) [Orabug: 34817119] - KVM: x86: SVM: move avic definitions from AMD's spec to svm.h (Maxim Levitsky) [Orabug: 34817119] - KVM: x86: lapic: don't touch irr_pending in kvm_apic_update_apicv when inhibiting it (Maxim Levitsky) [Orabug: 34817119] - KVM: x86: Move delivery of non-APICv interrupt into vendor code (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Drop AVIC's intermediate avic_set_running() helper (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Skip AVIC and IRTE updates when loading blocking vCPU (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Use kvm_vcpu_is_blocking() in AVIC load to handle preemption (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Remove unnecessary APICv/AVIC update in vCPU unblocking path (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Don't bother checking for 'running' AVIC when kicking for IPIs (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Signal AVIC doorbell iff vCPU is in guest mode (Sean Christopherson) [Orabug: 34817119] - KVM: x86: add a tracepoint for APICv/AVIC interrupt delivery (Maxim Levitsky) [Orabug: 34817119] - KVM: Add helpers to wake/query blocking vCPU (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Ensure target pCPU is read once when signalling AVIC doorbell (Sean Christopherson) [Orabug: 34817119] - KVM: ensure APICv is considered inactive if there is no APIC (Paolo Bonzini) [Orabug: 34817119] - KVM: x86: inhibit APICv when KVM_GUESTDBG_BLOCKIRQ active (Maxim Levitsky) [Orabug: 34817119] - KVM: x86: Use rw_semaphore for APICv lock to allow vCPU parallelism (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Move SVM's APICv sanity check to common x86 (Sean Christopherson) [Orabug: 34817119] - rds: Remove the cp_rdsinfo_pending flag (Hakon Bugge) [Orabug: 34658657] - RDMA/mlx5: Change debug log level for remote access error syndromes (Arumugam Kolappan) [Orabug: 34798451] - uek-rpm: kernel-uek.spec: make -modules-extra depend on -modules (Todd Vierling) [Orabug: 34820756] - Feature: Add cmdline param sched_uek=[preempt,wakeidle] (Libo Chen) [Orabug: 34779451] - rds: ib: Fix cleanup of rds_ib_cache_gc_worker (Hakon Bugge) [Orabug: 34806076] - KVM: nVMX: Add tracepoint for nested VM-Enter (David Matlack) [Orabug: 34806794] - KVM: x86: Update trace function for nested VM entry to support VMX (Mingwei Zhang) [Orabug: 34806794] - KVM: nVMX: Allow VMREAD when Enlightened VMCS is in use (Vitaly Kuznetsov) [Orabug: 34806794] - KVM: nVMX: Implement evmcs_field_offset() suitable for handle_vmread() (Vitaly Kuznetsov) [Orabug: 34806794] - KVM: nVMX: Rename vmcs_to_field_offset{,_table} (Vitaly Kuznetsov) [Orabug: 34806794] - x86/kvm: Always inline evmcs_write64() (Peter Zijlstra) [Orabug: 34806794] - RDMA/uverbs: restrack shared PDs (Sharath Srinivasan) [Orabug: 34812520] [5.15.0-5.76.4] - x86: Ignore iommu=off for AMD cpus (Dave Kleikamp) [Orabug: 34211826] - virtio-net: use mtu size as buffer length for big packets (Gavin Li) [Orabug: 34756664] - virtio-net: introduce and use helper function for guest gso support checks (Gavin Li) [Orabug: 34756664] - vdpa/mlx5: Use consistent RQT size (Eli Cohen) [Orabug: 34756664] - vdpa: mlx5: synchronize driver status with CVQ (Jason Wang) [Orabug: 34756664] - vdpa: support exposing the count of vqs to userspace (Longpeng) [Orabug: 34756664] - vdpa: change the type of nvqs to u32 (Longpeng) [Orabug: 34756664] - vdpa: support exposing the config size to userspace (Longpeng) [Orabug: 34756664] - vdpa/mlx5: re-create forwarding rules after mac modified (Michael Qiu) [Orabug: 34756664] - Add definition of VIRTIO_F_IN_ORDER feature bit (Gautam Dawar) [Orabug: 34756664] - vdpa: factor out vdpa_set_features_unlocked for vdpa internal use (Si-Wei Liu) [Orabug: 34756664] - RDMA/cma: Use output interface for net_dev check (Hakon Bugge) [Orabug: 34774007] - Revert 'RDMA/cma: Use output interface for net_dev check' (Hakon Bugge) [Orabug: 34774007] - Revert 'rdmaip: Flush ARP cache after address has been cleared' (Sharath Srinivasan) [Orabug: 34783631] - Revert 'sched: Remove the limitation of WF_ON_CPU on wakelist if wakee cpu is idle' (Samasth Norway Ananda) [Orabug: 34807135] [5.15.0-5.76.3] - uek-rpm: Add Documentation to kernel-uek-devel (Somasundaram Krishnasamy) [Orabug: 34734127] - kfence: add sysfs interface to disable kfence for selected slabs. (Imran Khan) [Orabug: 34744270] - scsi: target: core: Silence the message about unknown VPD pages (Konstantin Shelekhin) [Orabug: 34764767] - x86/microcode/AMD: Apply the patch late on every logical thread (Mihai Carabas) [Orabug: 34765295] - perf/x86/intel: Hide Topdown metrics events if slots is not enumerated (Kan Liang) [Orabug: 34771183] [5.15.0-5.76.2] - LTS version: v5.15.76 (Jack Vogel) - mm: /proc/pid/smaps_rollup: fix no vma's null-deref (Seth Jenkins) - mmc: core: Add SD card quirk for broken discard (Avri Altman) - Makefile.debug: re-enable debug info for .S files (Nick Desaulniers) - x86/Kconfig: Drop check for -mabi=ms for CONFIG_EFI_STUB (Nathan Chancellor) - ACPI: video: Force backlight native for more TongFang devices (Werner Sembach) - perf: Skip and warn on unknown format 'configN' attrs (Rob Herring) - mmc: sdhci-tegra: Use actual clock rate for SW tuning correction (Prathamesh Shete) - tracing: Do not free snapshot if tracer is on cmdline (Steven Rostedt (Google)) - tracing: Simplify conditional compilation code in tracing_set_tracer() (sunliming) - ksmbd: fix incorrect handling of iterate_dir (Namjae Jeon) - ksmbd: handle smb2 query dir request for OutputBufferLength that is too small (Namjae Jeon) - arm64: mte: move register initialization to C (Peter Collingbourne) - fs: dlm: fix invalid derefence of sb_lvbptr (Alexander Aring) - iommu/vt-d: Clean up si_domain in the init_dmars() error path (Jerry Snitselaar) - iommu/vt-d: Allow NVS regions in arch_rmrr_sanity_check() (Charlotte Tan) - net: phy: dp83822: disable MDI crossover status change interrupt (Felix Riemann) - net: sched: fix race condition in qdisc_graft() (Eric Dumazet) - net: hns: fix possible memory leak in hnae_ae_register() (Yang Yingliang) - wwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new() (Yang Yingliang) - sfc: include vport_id in filter spec hash and equal() (Pieter Jansen van Vuuren) - net: sched: sfb: fix null pointer access issue when sfb_init() fails (Zhengchao Shao) - net: sched: delete duplicate cleanup of backlog and qlen (Zhengchao Shao) - net: sched: cake: fix null pointer access issue when cake_init() fails (Zhengchao Shao) - nvmet: fix workqueue MEM_RECLAIM flushing dependency (Sagi Grimberg) - nvme-hwmon: kmalloc the NVME SMART log buffer (Serge Semin) - nvme-hwmon: consistently ignore errors from nvme_hwmon_init (Christoph Hellwig) - netfilter: nf_tables: relax NFTA_SET_ELEM_KEY_END set flags requirements (Pablo Neira Ayuso) - ionic: catch NULL pointer issue on reconfig (Brett Creeley) - net: hsr: avoid possible NULL deref in skb_clone() (Eric Dumazet) - dm: remove unnecessary assignment statement in alloc_dev() (Genjian Zhang) - cifs: Fix xid leak in cifs_ses_add_channel() (Zhang Xiaoxu) - cifs: Fix xid leak in cifs_flock() (Zhang Xiaoxu) - cifs: Fix xid leak in cifs_copy_file_range() (Zhang Xiaoxu) - cifs: Fix xid leak in cifs_create() (Zhang Xiaoxu) - udp: Update reuse->has_conns under reuseport_lock. (Kuniyuki Iwashima) - scsi: lpfc: Fix memory leak in lpfc_create_port() (Rafael Mendonca) - net: phylink: add mac_managed_pm in phylink_config structure (Shenwei Wang) - net: phy: dp83867: Extend RX strap quirk for SGMII mode (Harini Katakam) - net/atm: fix proc_mpc_write incorrect return value (Xiaobo Liu) - sfc: Change VF mac via PF as first preference if available. (Jonathan Cooper) - HID: magicmouse: Do not set BTN_MOUSE on double report (Jose Exposito) - i40e: Fix DMA mappings leak (Jan Sokolowski) - tipc: fix an information leak in tipc_topsrv_kern_subscr (Alexander Potapenko) - tipc: Fix recognition of trial period (Mark Tomlinson) - ACPI: extlog: Handle multiple records (Tony Luck) - drm/vc4: Add module dependency on hdmi-codec (Maxime Ripard) - btrfs: fix processing of delayed tree block refs during backref walking (Filipe Manana) - btrfs: fix processing of delayed data refs during backref walking (Filipe Manana) - x86/topology: Fix duplicated core ID within a package (Zhang Rui) - x86/topology: Fix multiple packages shown on a single-package system (Zhang Rui) - media: venus: dec: Handle the case where find_format fails (Bryan O'Donoghue) - media: mceusb: set timeout to at least timeout provided (Sean Young) - media: ipu3-imgu: Fix NULL pointer dereference in active selection access (Sakari Ailus) - KVM: arm64: vgic: Fix exit condition in scan_its_table() (Eric Ren) - kvm: Add support for arch compat vm ioctls (Alexander Graf) - mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages (Rik van Riel) - drm/amdgpu: fix sdma doorbell init ordering on APUs (Alex Deucher) - cpufreq: qcom: fix memory leak in error path (Fabien Parent) - x86/resctrl: Fix min_cbm_bits for AMD (Babu Moger) - ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS (Kai-Heng Feng) - ata: ahci-imx: Fix MODULE_ALIAS (Alexander Stein) - hwmon/coretemp: Handle large core ID value (Zhang Rui) - x86/microcode/AMD: Apply the patch early on every logical thread (Borislav Petkov) - i2c: qcom-cci: Fix ordering of pm_runtime_xx and i2c_add_adapter (Bryan O'Donoghue) - cpufreq: qcom: fix writes in read-only memory region (Fabien Parent) - selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context() (GONG, Ruiqi) - ocfs2: fix BUG when iput after ocfs2_mknod fails (Joseph Qi) - ocfs2: clear dinode links count in case of error (Joseph Qi) - btrfs: enhance unsupported compat RO flags handling (Qu Wenruo) - perf/x86/intel/pt: Relax address filter validation (Adrian Hunter) - arm64: errata: Remove AES hwcap for COMPAT tasks (James Morse) - usb: gadget: uvc: improve sg exit condition (Michael Grzeschik) - usb: gadget: uvc: giveback vb2 buffer on req complete (Michael Grzeschik) - usb: gadget: uvc: rework uvcg_queue_next_buffer to uvcg_complete_buffer (Michael Grzeschik) - usb: gadget: uvc: use on returned header len in video_encode_isoc_sg (Michael Grzeschik) - usb: gadget: uvc: consistently use define for headerlen (Michael Grzeschik) - arm64/mm: Consolidate TCR_EL1 fields (Anshuman Khandual) - r8152: add PID for the Lenovo OneLink+ Dock (Jean-Francois Le Fillatre) - LTS version: v5.15.75 (Jack Vogel) - io-wq: Fix memory leak in worker creation (Rafael Mendonca) - gcov: support GCC 12.1 and newer compilers (Martin Liska) - thermal: intel_powerclamp: Use first online CPU as control_cpu (Rafael J. Wysocki) - ext4: continue to expand file system when the target size doesn't reach (Jerry Lee ) - lib/Kconfig.debug: Add check for non-constant .{s,u}leb128 support to DWARF5 (Nathan Chancellor) - Kconfig.debug: add toolchain checks for DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT (Masahiro Yamada) - Kconfig.debug: simplify the dependency of DEBUG_INFO_DWARF4/5 (Masahiro Yamada) - drm/amd/display: Fix build breakage with CONFIG_DEBUG_FS=n (Nathan Chancellor) - net/ieee802154: don't warn zero-sized raw_sendmsg() (Tetsuo Handa) - Revert 'net/ieee802154: reject zero-sized raw_sendmsg()' (Alexander Aring) - net: ethernet: ti: davinci_mdio: fix build for mdio bitbang uses (Randy Dunlap) - blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() (Yu Kuai) - ALSA: usb-audio: Fix last interface check for registration (Takashi Iwai) - net: ieee802154: return -EINVAL for unknown addr type (Alexander Aring) - mm: hugetlb: fix UAF in hugetlb_handle_userfault (Liu Shixin) - io_uring/rw: fix unexpected link breakage (Pavel Begunkov) - io_uring/rw: fix error'ed retry return values (Pavel Begunkov) - io_uring/rw: fix short rw error handling (Pavel Begunkov) - io_uring: correct pinned_vm accounting (Pavel Begunkov) - io_uring/af_unix: defer registered files gc to io_uring release (Pavel Begunkov) - perf intel-pt: Fix segfault in intel_pt_print_info() with uClibc (Adrian Hunter) - clk: bcm2835: Round UART input clock up (Ivan T. Ivanov) - clk: bcm2835: Make peripheral PLLC critical (Maxime Ripard) - usb: idmouse: fix an uninit-value in idmouse_open (Dongliang Mu) - nvmet-tcp: add bounds check on Transfer Tag (Varun Prakash) - nvme: copy firmware_rev on each init (Keith Busch) - ext2: Use kvmalloc() for group descriptor array (Jan Kara) - scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled (Arun Easi) - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (Xiaoke Wang) - staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw() (Xiaoke Wang) - Revert 'usb: storage: Add quirk for Samsung Fit flash' (sunghwan jung) - usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination error after resume bug (Piyush Mehta) - arm64: dts: imx8mp: Add snps,gfladj-refclk-lpm-sel quirk to USB nodes (Alexander Stein) - usb: musb: Fix musb_gadget.c rxstate overflow bug (Robin Guo) - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (Jianglei Nie) - md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (Logan Gunthorpe) - eventfd: guard wake_up in eventfd fs calls as well (Dylan Yudaken) - HID: roccat: Fix use-after-free in roccat_read() (Hyunwoo Kim) - soundwire: intel: fix error handling on dai registration issues (Pierre-Louis Bossart) - soundwire: cadence: Don't overwrite msg->buf during write commands (Richard Fitzgerald) - bcache: fix set_at_max_writeback_rate() for multiple attached devices (Coly Li) - ata: libahci_platform: Sanity check the DT child nodes number (Serge Semin) - blk-throttle: prevent overflow while calculating wait time (Yu Kuai) - staging: vt6655: fix potential memory leak (Nam Cao) - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (Wei Yongjun) - iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT device to identity (Yicong Yang) - nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (Shigeru Yoshida) - scsi: 3w-9xxx: Avoid disabling device if failing to enable it (Letu Ren) - dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow (Vaishnav Achath) - usb: host: xhci-plat: suspend/resume clks for brcm (Justin Chen) - usb: host: xhci-plat: suspend and resume clocks (Justin Chen) - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (Quanyang Wang) - media: platform: fix some double free in meson-ge2d and mtk-jpeg and s5p-mfc (Hangyu Hua) - media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (Zheyu Ma) - clk: zynqmp: Fix stack-out-of-bounds in strncpy (Ian Nam) - ARM: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n (Alex Sverdlin) - btrfs: don't print information about space cache or tree every remount (Maciej S. Szmigiero) - btrfs: scrub: try to fix super block errors (Qu Wenruo) - btrfs: dump extra info if one free space cache has more bitmaps than it should (Qu Wenruo) - arm64: dts: imx8mq-librem5: Add bq25895 as max17055's power supply (Sebastian Krzyszkowiak) - kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT (Mark Brown) - ARM: dts: imx6sx: add missing properties for sram (Alexander Stein) - ARM: dts: imx6sll: add missing properties for sram (Alexander Stein) - ARM: dts: imx6sl: add missing properties for sram (Alexander Stein) - ARM: dts: imx6qp: add missing properties for sram (Alexander Stein) - ARM: dts: imx6dl: add missing properties for sram (Alexander Stein) - ARM: dts: imx6q: add missing properties for sram (Alexander Stein) - ARM: dts: imx7d-sdb: config the max pressure for tsc2046 (Haibo Chen) - drm/amd/display: Remove interface for periodic interrupt 1 (Aric Cyr) - drm/dp: Don't rewrite link config when setting phy test pattern (Khaled Almahallawy) - mmc: sdhci-msm: add compatible string check for sdm670 (Richard Acayan) - drm/meson: explicitly remove aggregate driver at module unload time (Adrian Larumbe) - drm/meson: reorder driver deinit sequence to fix use-after-free bug (Adrian Larumbe) - drm/amdgpu: fix initial connector audio value (hongao) - ASoC: SOF: pci: Change DMI match info to support all Chrome platforms (Jairaj Arava) - platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (Hans de Goede) - platform/chrome: cros_ec: Notify the PM of wake events during resume (Jameson Thies) - drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (Maya Matuszczyk) - drm/vc4: vec: Fix timings for VEC modes (Mateusz Kwiatkowski) - ALSA: usb-audio: Register card at the last interface (Takashi Iwai) - drm: bridge: dw_hdmi: only trigger hotplug event on link change (Lucas Stach) - udmabuf: Set ubuf->sg = NULL if the creation of sg table fails (Vivek Kasireddy) - drm/amd/display: fix overflow on MIN_I64 definition (David Gow) - gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init() (Zeng Jingxiang) - drm/komeda: Fix handling of atomic commits in the atomic_commit_tail hook (Liviu Dudau) - drm: Prevent drm_copy_field() to attempt copying a NULL pointer (Javier Martinez Canillas) - drm: Use size_t type for len variable in drm_copy_field() (Javier Martinez Canillas) - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (Jianglei Nie) - r8152: Rate limit overflow messages (Andrew Gaul) - Bluetooth: L2CAP: Fix user-after-free (Luiz Augusto von Dentz) - net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory (Liu Jian) - hwmon: (sht4x) do not overflow clamping operation on 32-bit platforms (Jason A. Donenfeld) - wifi: rt2x00: correctly set BBP register 86 for MT7620 (Daniel Golle) - wifi: rt2x00: set SoC wmac clock register (Daniel Golle) - wifi: rt2x00: set VGC gain for both chains of MT7620 (Daniel Golle) - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (Daniel Golle) - wifi: rt2x00: don't run Rt5592 IQ calibration on MT7620 (Daniel Golle) - can: bcm: check the result of can_send() in bcm_can_tx() (Ziyang Xuan) - Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (Luiz Augusto von Dentz) - Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (Tetsuo Handa) - wifi: mt76: mt7921: reset msta->airtime_ac while clearing up hw value (Sean Wang) - regulator: core: Prevent integer underflow (Patrick Rudolph) - Bluetooth: btintel: Mark Intel controller to support LE_STATES quirk (Kiran K) - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (Alexander Coffin) - iavf: Fix race between iavf_close and iavf_reset_task (Michal Jaron) - xfrm: Update ipcomp_scratches with NULL when freed (Khalid Masum) - thunderbolt: Add back Intel Falcon Ridge end-to-end flow control workaround (Mika Westerberg) - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (Tetsuo Handa) - x86/mce: Retrieve poison range from hardware (Jane Chu) - tcp: annotate data-race around tcp_md5sig_pool_populated (Eric Dumazet) - openvswitch: Fix overreporting of drops in dropwatch (Mike Pattrick) - openvswitch: Fix double reporting of drops in dropwatch (Mike Pattrick) - net: ethernet: ti: davinci_mdio: Add workaround for errata i2329 (Ravi Gunasekaran) - ice: set tx_tstamps when creating new Tx rings via ethtool (Jacob Keller) - bpftool: Clear errno after libcap's checks (Quentin Monnet) - wifi: brcmfmac: fix invalid address access when enabling SCAN log level (Wright Feng) - NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data (Anna Schumaker) - x86/entry: Work around Clang __bdos() bug (Kees Cook) - ACPI: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable (Mario Limonciello) - ARM: decompressor: Include .data.rel.ro.local (Kees Cook) - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (Srinivas Pandruvada) - powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue (Chao Qin) - MIPS: BCM47XX: Cast memcmp() of function to (void *) (Kees Cook) - cpufreq: intel_pstate: Add Tigerlake support in no-HWP mode (Doug Smythies) - ACPI: tables: FPDT: Don't call acpi_os_map_memory() on invalid phys address (Hans de Goede) - ACPI: video: Add Toshiba Satellite/Portege Z830 quirk (Arvid Norlander) - rcu-tasks: Convert RCU_LOCKDEP_WARN() to WARN_ONCE() (Zqiang) - rcu: Back off upon fill_page_cache_func() allocation failure (Michal Hocko) - rcu: Avoid triggering strict-GP irq-work when RCU is idle (Zqiang) - fs: dlm: fix race in lowcomms (Alexander Aring) - selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle (Stefan Berger) - f2fs: fix to account FS_CP_DATA_IO correctly (Chao Yu) - f2fs: fix race condition on setting FI_NO_EXTENT flag (Zhang Qilong) - ACPI: APEI: do not add task_work to kernel thread to avoid memory leak (Shuai Xue) - thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id (Vincent Knecht) - crypto: cavium - prevent integer overflow loading firmware (Dan Carpenter) - crypto: marvell/octeontx - prevent integer overflows (Dan Carpenter) - kbuild: rpm-pkg: fix breakage when V=1 is used (Janis Schoetterl-Glausch) - kbuild: remove the target in signal traps when interrupted (Masahiro Yamada) - tracing/osnoise: Fix possible recursive locking in stop_per_cpu_kthreads (Nico Pache) - tracing: kprobe: Make gen test module work in arm and riscv (Yipeng Zou) - tracing: kprobe: Fix kprobe event gen test module on exit (Yipeng Zou) - iommu/iova: Fix module config properly (Robin Murphy) - cifs: return correct error in ->calc_signature() (Enzo Matsumiya) - crypto: qat - fix DMA transfer direction (Damian Muszynski) - crypto: inside-secure - Change swab to swab32 (Peter Harliman Liem) - crypto: ccp - Release dma channels before dmaengine unrgister (Koba Ko) - crypto: akcipher - default implementation for setting a private key (Ignat Korchagin) - iommu/omap: Fix buffer overflow in debugfs (Dan Carpenter) - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (Waiman Long) - crypto: hisilicon/qm - fix missing put dfx access (Weili Qian) - crypto: qat - fix default value of WDT timer (Lucas Segarra Fernandez) - hwrng: imx-rngc - Moving IRQ handler registering after imx_rngc_irq_mask_clear() (Kshitiz Varshney) - cgroup: Honor caller's cgroup NS when resolving path (Michal Koutny) - hwrng: arm-smccc-trng - fix NO_ENTROPY handling (James Cowgill) - crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (Ye Weihua) - crypto: sahara - don't sleep when in softirq (Zhengchao Shao) - powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL (Haren Myneni) - powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (Li Huafei) - powerpc: Fix SPE Power ISA properties for e500v1 platforms (Pali Rohar) - powerpc/64s: Fix GENERIC_CPU build flags for PPC970 / G5 (Nicholas Piggin) - x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition (Vitaly Kuznetsov) - powerpc: Fix fallocate and fadvise64_64 compat parameter combination (Rohan McLure) - powerpc/powernv: add missing of_node_put() in opal_export_attrs() (Zheng Yongjun) - powerpc/pci_dn: Add missing of_node_put() (Liang He) - powerpc/sysdev/fsl_msi: Add missing of_node_put() (Liang He) - powerpc/math_emu/efp: Include module.h (Nathan Chancellor) - powerpc/configs: Properly enable PAPR_SCM in pseries_defconfig (Michael Ellerman) - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (Jack Wang) - mailbox: mpfs: account for mbox offsets while sending (Conor Dooley) - mailbox: mpfs: fix handling of the reg property (Conor Dooley) - clk: ast2600: BCLK comes from EPLL (Joel Stanley) - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (Miaoqian Lin) - clk: imx: scu: fix memleak on platform_device_add() fails (Lin Yujun) - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (Stefan Wahren) - clk: baikal-t1: Add SATA internal ref clock buffer (Serge Semin) - clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent (Serge Semin) - clk: baikal-t1: Fix invalid xGMAC PTP clock divider (Serge Semin) - clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD (Serge Semin) - spmi: pmic-arb: correct duplicate APID to PPID mapping logic (David Collins) - usb: mtu3: fix failed runtime suspend in host only mode (Chunfeng Yun) - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (Dave Jiang) - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (Chen-Yu Tsai) - mfd: sm501: Add check for platform_driver_register() (Jiasheng Jiang) - mfd: fsl-imx25: Fix check for platform_get_irq() errors (Dan Carpenter) - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (Christophe JAILLET) - mfd: lp8788: Fix an error handling path in lp8788_probe() (Christophe JAILLET) - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (Christophe JAILLET) - mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (Christophe JAILLET) - fsi: core: Check error number after calling ida_simple_get (Jiasheng Jiang) - RDMA/rxe: Fix resize_finish() in rxe_queue.c (Bob Pearson) - clk: qcom: gcc-sm6115: Override default Alpha PLL regs (Adam Skladowski) - clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical (Robert Marko) - scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() (Mike Christie) - scsi: iscsi: Run recv path from workqueue (Mike Christie) - scsi: iscsi: Add recv workqueue helpers (Mike Christie) - scsi: iscsi: Rename iscsi_conn_queue_work() (Mike Christie) - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (Duoming Zhou) - serial: 8250: Fix restoring termios speed after suspend (Pali Rohar) - firmware: google: Test spinlock on panic path to avoid lockups (Guilherme G. Piccoli) - slimbus: qcom-ngd-ctrl: allow compile testing without QCOM_RPROC_COMMON (Krzysztof Kozlowski) - staging: vt6655: fix some erroneous memory clean-up loops (Nam Cao) - phy: qualcomm: call clk_disable_unprepare in the error handling (Dongliang Mu) - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (Sherry Sun) - serial: 8250: Toggle IER bits on only after irq has been set up (Ilpo Jarvinen) - drivers: serial: jsm: fix some leaks in probe (Dan Carpenter) - usb: gadget: function: fix dangling pnp_string in f_printer.c (Albert Briscoe) - xhci: Don't show warning for reinit on known broken suspend (Mario Limonciello) - IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers (Daisuke Matsuda) - RDMA/cm: Use SLID in the work completion as the DLID in responder side (Mark Zhang) - md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk() (David Sloan) - md/raid5: Ensure stripe_fill happens on non-read IO with journal (Logan Gunthorpe) - md: Replace snprintf with scnprintf (Saurabh Sengar) - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (Dan Carpenter) - ata: fix ata_id_has_dipm() (Niklas Cassel) - ata: fix ata_id_has_ncq_autosense() (Niklas Cassel) - ata: fix ata_id_has_devslp() (Niklas Cassel) - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (Niklas Cassel) - RDMA/siw: Fix QP destroy to wait for all references dropped. (Bernard Metzler) - RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall. (Bernard Metzler) - RDMA/srp: Fix srp_abort() (Bart Van Assche) - RDMA/irdma: Align AE id codes to correct flush code and event (Sindhu-Devale) - mtd: rawnand: fsl_elbc: Fix none ECC mode (Pali Rohar) - mtd: rawnand: intel: Remove undocumented compatible string (Martin Blumenstingl) - mtd: rawnand: intel: Read the chip-select line from the correct OF node (Martin Blumenstingl) - phy: phy-mtk-tphy: fix the phy type setting issue (Chunfeng Yun) - phy: amlogic: phy-meson-axg-mipi-pcie-analog: Hold reference returned by of_get_parent() (Liang He) - mtd: devices: docg3: check the return value of devm_ioremap() in the probe (William Dean) - clk: qcom: sm6115: Select QCOM_GDSC (Dang Huynh) - dyndbg: drop EXPORTed dynamic_debug_exec_queries (Jim Cromie) - dyndbg: let query-modname override actual module name (Jim Cromie) - dyndbg: fix module.dyndbg handling (Jim Cromie) - dyndbg: fix static_branch manipulation (Jim Cromie) - dmaengine: hisilicon: Add multi-thread support for a DMA channel (Jie Hai) - dmaengine: hisilicon: Fix CQ head update (Jie Hai) - dmaengine: hisilicon: Disable channels when unregister hisi_dma (Jie Hai) - fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (Dan Carpenter) - misc: ocxl: fix possible refcount leak in afu_ioctl() (Hangyu Hua) - RDMA/rxe: Fix the error caused by qp->sk (Zhu Yanjun) - RDMA/rxe: Fix 'kernel NULL pointer dereference' error (Zhu Yanjun) - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (Miaoqian Lin) - media: uvcvideo: Use entity get_cur in uvc_ctrl_set (Yunke Cao) - media: uvcvideo: Fix memory leak in uvc_gpio_parse (Jose Exposito) - media: meson: vdec: add missing clk_disable_unprepare on error in vdec_hevc_start() (Xu Qiang) - tty: xilinx_uartps: Fix the ignore_status (Shubhrajyoti Datta) - media: exynos4-is: fimc-is: Add of_node_put() when breaking out of loop (Liang He) - HSI: omap_ssi_port: Fix dma_map_sg error check (Jack Wang) - HSI: omap_ssi: Fix refcount leak in ssi_probe (Miaoqian Lin) - clk: tegra20: Fix refcount leak in tegra20_clock_init (Miaoqian Lin) - clk: tegra: Fix refcount leak in tegra114_clock_init (Miaoqian Lin) - clk: tegra: Fix refcount leak in tegra210_clock_init (Miaoqian Lin) - clk: sprd: Hold reference returned by of_get_parent() (Liang He) - clk: berlin: Add of_node_put() for of_get_parent() (Liang He) - clk: qoriq: Hold reference returned by of_get_parent() (Liang He) - clk: oxnas: Hold reference returned by of_get_parent() (Liang He) - clk: meson: Hold reference returned by of_get_parent() (Liang He) - usb: common: debug: Check non-standard control requests (Thinh Nguyen) - RDMA/mlx5: Don't compare mkey tags in DEVX indirect mkey (Aharon Landau) - iio: magnetometer: yas530: Change data type of hard_offsets to signed (Jakob Hauser) - iio: ABI: Fix wrong format of differential capacitance channel ABI. (Jonathan Cameron) - iio: inkern: fix return value in devm_of_iio_channel_get_by_name() (Nuno Sa) - iio: inkern: only release the device node when done with it (Nuno Sa) - iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume (Claudiu Beznea) - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (Claudiu Beznea) - iio: adc: at91-sama5d2_adc: check return status for pressure and touch (Claudiu Beznea) - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (Claudiu Beznea) - ARM: dts: exynos: fix polarity of VBUS GPIO of Origen (Dmitry Torokhov) - arm64: ftrace: fix module PLTs with mcount (Mark Rutland) - ext4: don't run ext4lazyinit for read-only filesystems (Josh Triplett) - ARM: Drop CMDLINE_* dependency on ATAGS (Geert Uytterhoeven) - ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family (Dmitry Torokhov) - arm64: dts: ti: k3-j7200: fix main pinmux range (Matt Ranostay) - soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA (Dmitry Osipenko) - ia64: export memory_add_physaddr_to_nid to fix cxl build error (Randy Dunlap) - ARM: dts: kirkwood: lsxl: remove first ethernet port (Michael Walle) - ARM: dts: kirkwood: lsxl: fix serial line (Michael Walle) - ARM: dts: turris-omnia: Fix mpp26 pin name and comment (Marek Behun) - ARM: dts: imx6qdl-kontron-samx6i: hook up DDC i2c bus (Lucas Stach) - soc: qcom: smem_state: Add refcounting for the 'state->of_node' (Liang He) - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (Liang He) - locks: fix TOCTOU race when granting write lease (Amir Goldstein) - memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() (Liang He) - memory: of: Fix refcount leak bug in of_get_ddr_timings() (Liang He) - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (Liang He) - ALSA: hda/hdmi: Don't skip notification handling during PM operation (Takashi Iwai) - ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (Zhang Qilong) - ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe (Zhang Qilong) - ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe (Zhang Qilong) - ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe (Zhang Qilong) - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (Christophe JAILLET) - ALSA: dmaengine: increment buffer pointer atomically (Andreas Pape) - ASoC: da7219: Fix an error handling path in da7219_register_dai_clks() (Christophe JAILLET) - ASoC: codecs: tx-macro: fix kcontrol put (Srinivas Kandagatla) - drm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl() (Rafael Mendonca) - drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa() (Kuogee Hsieh) - drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (Dmitry Baryshkov) - ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API (Liang He) - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (Christophe JAILLET) - drm/amdgpu: Fix memory leak in hpd_rx_irq_create_workqueue() (Rafael Mendonca) - drm/omap: dss: Fix refcount leak bugs (Liang He) - drm/bochs: fix blanking (Gerd Hoffmann) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-4378 CVE-2022-1184 Oracle Linux 9 [1:11.0.15.0.10-1] - Update to jdk-11.0.15.0+10 - Update release notes to 11.0.15.0+10 - Switch to GA mode for release - Rebase RH1996182 FIPS patch after JDK-8254410 - Resolves: rhbz#2073594 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21426 CVE-2022-21434 CVE-2022-21476 CVE-2022-21496 CVE-2022-21443 Oracle Linux 9 [1:17.0.3.0.7-1] - April 2022 security update to jdk 17.0.3+7 - Update to jdk-17.0.3.0+7 tarball - Update release notes to 17.0.3.0+7 - Add missing README.md and generate_source_tarball.sh - Resolves: rhbz#2073578 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21426 CVE-2022-21434 CVE-2022-21476 CVE-2022-21496 CVE-2022-21443 CVE-2022-21449 Oracle Linux 9 [1:1.8.0.332.b09-1] - Update to shenandoah-jdk8u332-b09 (GA) - Update release notes for 8u332-b09. - Resolves: rhbz#2074649 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21426 CVE-2022-21434 CVE-2022-21476 CVE-2022-21496 CVE-2022-21443 Oracle Linux 9 [1.10-9] - fix an arbitrary-file-write vulnerability in zgrep Resolves: CVE-2022-1271 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1271 Oracle Linux 9 [1.2.11-31.1] - Fix CVE-2018-25032 Resolves: CVE-2018-25032 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2018-25032 Oracle Linux 9 [6.0.105-1.0.1] - Add missing Oracle RIDs - Build all packages on source-build even when in servicing [6.0.105-1] - Update to .NET SDK 6.0.105 and Runtime 6.0.5 - Resolves: RHBZ#2082268 [6.0.104-1] - Update to .NET SDK 6.0.104 and Runtime 6.0.4 - Resolves: RHBZ#2080460 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-29117 CVE-2022-29145 CVE-2022-23267 Oracle Linux 9 [91.9.0-3.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Reference oracle-indexhtml within Requires [Orabug: 33802044] [91.9.0-3] - Update to 91.9.0 build3 [91.9.0-2] - Update to 91.9.0 build2 [91.9.0-1] - Update to 91.9.0 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-29911 CVE-2022-29909 CVE-2022-29912 CVE-2022-29914 CVE-2022-29916 CVE-2022-29917 CVE-2022-1520 CVE-2022-29913 Oracle Linux 9 [91.9.0-1.0.1] - Replaced upstream package with oracle-indexhtml [Orabug: 33802044] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Removed Upstream references [91.9.0-1] - Update to 91.9.0 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-29911 CVE-2022-29909 CVE-2022-29912 CVE-2022-29914 CVE-2022-29916 CVE-2022-29917 Oracle Linux 9 [1.14.1-5] - Fix for CVE-2022-24070 (#2076565) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-24070 Oracle Linux 9 [3.2.3-9.1] - Resolves: #2074784 - A flaw found in zlib v1.2.2.2 through zlib v1.2.11 when compressing certain inputs IMPORTANT Copyright 2022 Oracle, Inc. CVE-2018-25032 Oracle Linux 9 [91.9.1-1.0.1] - Replaced upstream package with oracle-indexhtml [Orabug: 33802044] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Removed Upstream references [91.9.1-1] - Update to 91.9.1 build1 CRITICAL Copyright 2022 Oracle, Inc. CVE-2022-1802 CVE-2022-1529 Oracle Linux 9 [13.7-1] - Resolves: CVE-2022-1552 - Update to 13.7 - Release notes: https://www.postgresql.org/docs/release/13.7/ IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1552 Oracle Linux 9 [91.9.1-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Reference oracle-indexhtml within Requires [Orabug: 33802044] [91.9.1-1] - Update to 91.9.1 build1 CRITICAL Copyright 2022 Oracle, Inc. CVE-2022-1802 CVE-2022-1529 Oracle Linux 9 [8.2102.0-101.1] - Address CVE-2022-24903, Heap-based overflow in TCP syslog server resolves: rhbz#2081402 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-24903 Oracle Linux 9 [91.10.0-1.0.1] - Replaced upstream package with oracle-indexhtml [Orabug: 33802044] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Removed Upstream references [91.10.0-1] - Update to 91.10.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-31738 CVE-2022-31747 CVE-2022-31736 CVE-2022-31737 CVE-2022-31740 CVE-2022-31741 CVE-2022-31742 Oracle Linux 9 [91.10.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Reference oracle-indexhtml within Requires [Orabug: 33802044] [91.10.0-1] - Update to 91.10.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-31738 CVE-2022-31747 CVE-2022-1834 CVE-2022-31736 CVE-2022-31737 CVE-2022-31740 CVE-2022-31741 CVE-2022-31742 Oracle Linux 9 [1:1.1.1k-4.0.1] - Backport upstream PRs 18446 and 18481 which update certificates used for the self-tests [Orabug: 34326055] [1:1.1.1k-4] - Fixes CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates Resolves: rhbz#2063147 - Disable FIPS mode; it does not work and will not be certified Resolves: rhbz#2091968 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-0778 Oracle Linux 9 [5.2.5-8] - Fix arbitrary file write vulnerability Resolves: CVE-2022-1271 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1271 Oracle Linux 9 [1:2.3.3op2-13.1] - CVE-2022-26691 cups: authorization bypass when using 'local' authorization IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-26691 Oracle Linux 9 [6.0.106-1.0.1] - Add missing Oracle RIDs - Build all packages on source-build even when in servicing [6.0.106-1] - Update to .NET SDK 6.0.106 and Runtime 6.0.6 - Resolves: RHBZ#2093433 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-30184 Oracle Linux 9 [2.06-27.0.5.el9_0.7] - Replaced bugzilla.oracle.com references [Orabug: 34202300] - Update provided certificate version to 202204 [JIRA: OLDIS-16371] - Various coverity fixes [JIRA: OLDIS-16371] - bump SBAT generation - Update bug url [Orabug: 34202300] - Revert provided certificate version back to 202102 [JIRA: OLDIS-16371] - Update signing certificate [JIRA: OLDIS-16371] - fix SBAT data [JIRA: OLDIS-16371] - Update requires [JIRA: OLDIS-16371] - Rebuild for SecureBoot signatures [Orabug: 33801813] - Do not add shim and grub certificate deps for aarch64 packages [Orabug: 32670033] - Update Oracle SBAT data [Orabug: 32670033] - Use new signing certificate [Orabug: 32670033] - honor /etc/sysconfig/kernel DEFAULTKERNEL setting for BLS [Orabug: 30643497] - set EFIDIR as redhat for additional grub2 tools [Orabug: 29875597] - Update upstream references [Orabug: 26388226] - Insert Unbreakable Enterprise Kernel text into BLS config file [Orabug: 29417955] - Put 'with' in menuentry instead of 'using' [Orabug: 18504756] - Use different titles for UEK and RHCK kernels [Orabug: 18504756] [2.06-27.el9_0.7] - CVE fixes for 2022-06-07 - CVE-2022-28736 CVE-2022-28735 CVE-2022-28734 CVE-2022-28733 - CVE-2021-3697 CVE-2021-3696 CVE-2021-3695 - Resolves: #2089810 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-28737 CVE-2021-3696 CVE-2022-28734 CVE-2021-3695 CVE-2021-3697 CVE-2022-28733 CVE-2022-28735 CVE-2022-28736 Oracle Linux 9 [8.2.2637-16.0.1] - - Remove upstream references [Orabug: 31197557] [2:8.2.2637-16.2] - CVE-2022-1621 vim: heap buffer overflow - CVE-2022-1629 vim: buffer over-read [2:8.2.2637-16.1] - CVE-2022-0554 vim: Use of Out-of-range Pointer Offset in vim prior - CVE-2022-0943 vim: Heap-based Buffer Overflow occurs in vim - CVE-2022-1154 vim: use after free in utf_ptr2char - CVE-2022-1420 vim: Out-of-range Pointer Offset MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1154 CVE-2022-1420 CVE-2022-1621 CVE-2022-1629 CVE-2022-0554 CVE-2022-0943 Oracle Linux 9 [ 2.2.10-12.2] - Improve fix for CVE-2022-25313 - Related: CVE-2022-25313 [ 2.2.10-12.1] - Fix multiple CVEs - Resolves: CVE-2022-25314 - Resolves: CVE-2022-25313 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-25313 CVE-2022-25314 Oracle Linux 9 [7.76.1-14.el9_0.4] - fix too eager reuse of TLS and SSH connections (CVE-2022-27782) [7.76.1-14.el9_0.3] - fix leak of SRP credentials in redirects (CVE-2022-27774) [7.76.1-14.el9_0.2] - add missing tests to Makefile [7.76.1-14.el9_0.1] - fix credential leak on redirect (CVE-2022-27774) - fix auth/cookie leak on redirect (CVE-2022-27776) - fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-22576 CVE-2022-27774 CVE-2022-27776 CVE-2022-27782 Oracle Linux 9 [5.14.0-70.17.1.0.1_0.OL9] - lockdown: also lock down previous kgdb use (Daniel Thompson) [Orabug: 34290418] {CVE-2022-21499} [5.14.0-70.17.1_0.OL9] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 < 15.3-1.0.4 - Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944] [5.14.0-70.17.1_0] - netfilter: nf_tables: disallow non-stateful expression in sets earlier (Phil Sutter) [2092994 2092995] {CVE-2022-1966} - thunderx nic: mark device as unmaintained (Inigo Huguet) [2092638 2060285] - pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init (Steve Best) [2092255 2067770] - perf: Fix sys_perf_event_open() race against self (Michael Petlan) [2087963 2087964] {CVE-2022-1729} - spec: Fix separate tools build (Jiri Olsa) [2090852 2054579] - mm: lru_cache_disable: replace work queue synchronization with synchronize_rcu (Marcelo Tosatti) [2086963 2033500] [5.14.0-70.16.1_0] - dm integrity: fix memory corruption when tag_size is less than digest size (Benjamin Marzinski) [2082187 2081778] [5.14.0-70.15.1_0] - CI: Use zstream builder image (Veronika Kabatova) - tcp: drop the hash_32() part from the index calculation (Guillaume Nault) [2087128 2064868] {CVE-2022-1012} - tcp: increase source port perturb table to 2^16 (Guillaume Nault) [2087128 2064868] {CVE-2022-1012} - tcp: dynamically allocate the perturb table used by source ports (Guillaume Nault) [2087128 2064868] {CVE-2022-1012} - tcp: add small random increments to the source port (Guillaume Nault) [2087128 2064868] {CVE-2022-1012} - tcp: resalt the secret every 10 seconds (Guillaume Nault) [2087128 2064868] {CVE-2022-1012} - tcp: use different parts of the port_offset for index and offset (Guillaume Nault) [2087128 2064868] {CVE-2022-1012} - secure_seq: use the 64 bits of the siphash for port offset calculation (Guillaume Nault) [2087128 2064868] {CVE-2022-1012} - Revert 'netfilter: conntrack: tag conntracks picked up in local out hook' (Florian Westphal) [2085480 2061850] - Revert 'netfilter: nat: force port remap to prevent shadowing well-known ports' (Florian Westphal) [2085480 2061850] - redhat/koji/Makefile: Decouple koji Makefile from Makefile.common (Andrea Claudi) - redhat: fix make {distg-brew,distg-koji} (Andrea Claudi) - esp: limit skb_page_frag_refill use to a single page (Sabrina Dubroca) [2082950 2082951] {CVE-2022-27666} - esp: Fix possible buffer overflow in ESP transformation (Sabrina Dubroca) [2082950 2082951] {CVE-2022-27666} - sctp: use the correct skb for security_sctp_assoc_request (Ondrej Mosnacek) [2084044 2078856] - security: implement sctp_assoc_established hook in selinux (Ondrej Mosnacek) [2084044 2078856] - security: add sctp_assoc_established hook (Ondrej Mosnacek) [2084044 2078856] - security: call security_sctp_assoc_request in sctp_sf_do_5_1D_ce (Ondrej Mosnacek) [2084044 2078856] - security: pass asoc to sctp_assoc_request and sctp_sk_clone (Ondrej Mosnacek) [2084044 2078856] [5.14.0-70.14.1_0] - PCI: hv: Propagate coherence from VMbus device to PCI device (Vitaly Kuznetsov) [2074830 2068432] - Drivers: hv: vmbus: Propagate VMbus coherence to each VMbus device (Vitaly Kuznetsov) [2074830 2068432] - redhat: rpminspect: disable 'patches' check for known empty patch files (Herton R. Krzesinski) - redhat/configs: make SHA512_arch algos and CRYPTO_USER built-ins (Vladis Dronov) [2072643 2070624] - CI: Drop baseline runs (Veronika Kabatova) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-27666 CVE-2022-1729 CVE-2022-1966 CVE-2022-1012 Oracle Linux 9 [2.9.13-1.1] - Fix CVE-2022-29824 (#2082299) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-29824 Oracle Linux 9 [10.37-5] - Explicitly require uft subpackages in tools subpackage [10.37-4] - Resolves: CVE-2022-1586 CVE-2022-1587 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1586 CVE-2022-1587 Oracle Linux 9 [3.5.3-2] - Resolves: CVE-2022-26280 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-26280 Oracle Linux 9 [1.19.3-2] - CVE-2022-1215: fix a format string vulnerability (#2076816) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1215 Oracle Linux 9 [6.2.0-11.el9_0.3] - kvm-RHEL-disable-seqpacket-for-vhost-vsock-device-in-rhe.patch [bz#2071102] - kvm-virtio-net-fix-map-leaking-on-error-during-receive.patch [bz#2075635] - kvm-vhost-vsock-detach-the-virqueue-element-in-case-of-e.patch [bz#2075640] - Resolves: bz#2071102 (RHEL 9.0 guest with vsock device migration failed from RHEL 9.0 > RHEL 8.6 [rhel-9.0.0.z]) - Resolves: bz#2075635 (CVE-2022-26353 qemu-kvm: QEMU: virtio-net: map leaking on error during receive [rhel-9] [rhel-9.0.0.z]) - Resolves: bz#2075640 (CVE-2022-26354 qemu-kvm: QEMU: vhost-vsock: missing virtqueue detach on error can lead to memory leak [rhel-9] [rhel-9.0.0.z]) [6.2.0-11.el9_0.2] - kvm-pci-expose-TYPE_XIO3130_DOWNSTREAM-name.patch [bz#2053584] - kvm-acpi-pcihp-pcie-set-power-on-cap-on-parent-slot.patch [bz#2053584] - kvm-vmxcap-Add-5-level-EPT-bit.patch [bz#2038051] - kvm-i386-Add-Icelake-Server-v6-CPU-model-with-5-level-EP.patch [bz#2038051] - kvm-acpi-fix-QEMU-crash-when-started-with-SLIC-table.patch [bz#2043531] - kvm-tests-acpi-whitelist-expected-blobs-before-changing-.patch [bz#2043531] - kvm-tests-acpi-add-SLIC-table-test.patch [bz#2043531] - kvm-tests-acpi-SLIC-update-expected-blobs.patch [bz#2043531] - kvm-tests-acpi-manually-pad-OEM_ID-OEM_TABLE_ID-for-test.patch [bz#2043531] - kvm-tests-acpi-whitelist-nvdimm-s-SSDT-and-FACP.slic-exp.patch [bz#2043531] - kvm-acpi-fix-OEM-ID-OEM-Table-ID-padding.patch [bz#2043531] - kvm-tests-acpi-update-expected-blobs.patch [bz#2043531] - kvm-tests-acpi-test-short-OEM_ID-OEM_TABLE_ID-values-in-.patch [bz#2043531] - kvm-rhel-workaround-for-lack-of-binary-patches-in-SRPM.patch [bz#2043531] - Resolves: bz#2053584 (watchdog: BUG: soft lockup - CPU#3 stuck for 22s! [cat:2843]) - Resolves: bz#2038051 (Win11 (q35+edk2) guest broke after install wsl2 through 'wsl --install -d Ubuntu-20.04') - Resolves: bz#2043531 (Guest can not start with SLIC acpi table) [6.2.0-11.el9_0.1] - kvm-RHEL-mark-old-machine-types-as-deprecated.patch [bz#2052050] - kvm-hw-virtio-vdpa-Fix-leak-of-host-notifier-memory-regi.patch [bz#2059786] - kvm-spec-Fix-obsolete-for-spice-subpackages.patch [bz#2059175 bz#2059146] - kvm-spec-Obsolete-old-usb-redir-subpackage.patch [bz#2059175 bz#2059146] - kvm-spec-Obsolete-ssh-driver.patch [bz#2059175 bz#2059146] MODERATE Copyright 2022 Oracle, Inc. CVE-2022-26353 CVE-2022-26354 Oracle Linux 9 [91.11.0-2.0.1] - Replaced upstream package with oracle-indexhtml [Orabug: 33802044] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Removed Upstream references [91.11.0-2] - Update to 91.11.0 build2 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-2200 CVE-2022-34472 CVE-2022-34479 CVE-2022-34481 CVE-2022-34484 CVE-2022-31744 CVE-2022-34468 CVE-2022-34470 Oracle Linux 9 [91.11.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Reference oracle-indexhtml within Requires [Orabug: 33802044] [91.11.0-2] - Update to 91.11.0 build2 [91.11.0-1] - Update to 91.11.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-2200 CVE-2022-34472 CVE-2022-34479 CVE-2022-34481 CVE-2022-34484 CVE-2022-31744 CVE-2022-34468 CVE-2022-34470 CVE-2022-2226 Oracle Linux 9 [7:5.2-1.1] - Resolves: #2100784 - CVE-2021-46784 squid: DoS when processing gopher server responses IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-46784 Oracle Linux 9 [1:11.0.16.0.8-1.0.1] - Replace upstream references [Orabug: 34340155] [1:11.0.16.0.8-1] - Update to jdk-11.0.16+8 - Update release notes to 11.0.16+8 - Use same tarball naming style as java-17-openjdk and java-latest-openjdk - Drop JDK-8257794 patch now upstreamed - Print release file during build, which should now include a correct SOURCE value from .src-rev - Update tarball script with IcedTea GitHub URL and .src-rev generation - Use 'git apply' with patches in the tarball script to allow binary diffs - Include script to generate bug list for release notes - Update tzdata requirement to 2022a to match JDK-8283350 - Make use of the vendor version string to store our version & release rather than an upstream release date - Explicitly require crypto-policies during build and runtime for system security properties - Rebase FIPS patches from fips branch and simplify by using a single patch from that repository - * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage - * RH2090378: Revert to disabling system security properties and FIPS mode support together - Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch - Enable system security properties in the RPM (now disabled by default in the FIPS repo) - Improve security properties test to check both enabled and disabled behaviour - Run security properties test with property debugging on - Resolves: rhbz#2106516 - Resolves: rhbz#2099915 - Resolves: rhbz#2107868 [1:11.0.16.0.8-1] - Add additional patch during tarball generation to align tests with ECC changes - Related: rhbz#2106516 [1:11.0.16.0.8-1] - RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode - Resolves: rhbz#2107866 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21540 CVE-2022-21541 CVE-2022-34169 Oracle Linux 9 [1.8.0.342.b07-1.0.1] - Replace upstream references [Orabug: 34340145] [1:1.8.0.342.b07-1] - Update to shenandoah-jdk8u342-b07 - Update release notes for shenandoah-8u342-b07. - Print release file during build, which should now include a correct SOURCE value from .src-rev - Update tarball script with IcedTea GitHub URL and .src-rev generation - Use 'git apply' with patches in the tarball script to allow binary diffs - Remove redundant 'REPOS' variable from tarball script - Include script to generate bug list for release notes - Update tzdata requirement to 2022a to match JDK-8283350 - Rebase FIPS patches from fips branch and simplify by using a single patch from that repository - * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage - * RH2090378: Revert to disabling system security properties and FIPS mode support together - Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch - Perform configuration changes (e.g. nss.cfg, nss.fips.cfg, tzdb.dat) in installjdk - Enable system security properties in the RPM (now disabled by default in the FIPS repo) - Improve security properties test to check both enabled and disabled behaviour - Run security properties test with property debugging on - Explicitly require crypto-policies during build and runtime for system security properties - Resolves: rhbz#2099916 - Resolves: rhbz#2107958 - Resolves: rhbz#2084776 - Resolves: rhbz#2106508 [1:1.8.0.332.b09-2] - RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode - Resolves: rhbz#2107956 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21540 CVE-2022-21541 CVE-2022-34169 Oracle Linux 9 [7.5.11-5] - resolve CVE-2022-31107 grafana: OAuth account takeover IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-31107 Oracle Linux 9 [1:17.0.4.0.8-0.2.ea] - Revert the following changes until copy-java-configs has adapted to relative symlinks: - * Move cacerts replacement to install section and retain original of this and tzdb.dat - * Run tests on the installed image, rather than the build image - * Introduce variables to refer to the static library installation directories - * Use relative symlinks so they work within the image - * Run debug symbols check during build stage, before the install strips them - The move of turning on system security properties is retained so we don't ship with them off - Related: rhbz#2084779 [1:17.0.4.0.8-1] - Update to jdk-17.0.4.0+8 - Update release notes to 17.0.4.0+8 - Need to include the '.S' suffix in debuginfo checks after JDK-8284661 - Print release file during build, which should now include a correct SOURCE value from .src-rev - Update tarball script with IcedTea GitHub URL and .src-rev generation - Include script to generate bug list for release notes - Update tzdata requirement to 2022a to match JDK-8283350 - Move EA designator check to prep so failures can be caught earlier - Make EA designator check non-fatal while upstream is not maintaining it - Explicitly require crypto-policies during build and runtime for system security properties - Make use of the vendor version string to store our version & release rather than an upstream release date - Include a test in the RPM to check the build has the correct vendor information. - Rebase FIPS patches from fips-17u branch and simplify by using a single patch from that repository - * RH2094027: SunEC runtime permission for FIPS - * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage - * RH2090378: Revert to disabling system security properties and FIPS mode support together - Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch - Enable system security properties in the RPM (now disabled by default in the FIPS repo) - Improve security properties test to check both enabled and disabled behaviour - Run security properties test with property debugging on - Turn on system security properties as part of the build's install section - Move cacerts replacement to install section and retain original of this and tzdb.dat - Run tests on the installed image, rather than the build image - Introduce variables to refer to the static library installation directories - Use relative symlinks so they work within the image - Run debug symbols check during build stage, before the install strips them - Resolves: rhbz#2084779 - Resolves: rhbz#2099919 - Resolves: rhbz#2107943 - Resolves: rhbz#2107941 - Resolves: rhbz#2106523 [1:17.0.4.0.1-0.2.ea] - Fix issue where CheckVendor.java test erroneously passes when it should fail. - Add proper quoting so '&' is not treated as a special character by the shell. - Related: rhbz#2084779 [1:17.0.3.0.7-2] - RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode - Resolves: rhbz#2105395 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21549 CVE-2022-21540 CVE-2022-21541 CVE-2022-34169 Oracle Linux 9 [91.12.0-2.0.1] - Removed Upstream references [91.12.0-1] - Update to 91.12.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-2505 CVE-2022-36318 CVE-2022-36319 Oracle Linux 9 [91.12.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Reference oracle-indexhtml within Requires [Orabug: 33802044] [91.12.0-1] - Update to 91.12.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-2505 CVE-2022-36318 CVE-2022-36319 Oracle Linux 9 golang [1.17.12-1] - Update Go to version 1.17.12 - Resolves: rhbz#2109183 [1.17.7-2] - Clean up dist-git patches - Resolves: rhbz#2109174 go-toolset [1.17.12-1] - Update Go to version 1.17.12 - Resolves: rhbz#2109183 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1705 CVE-2022-28131 CVE-2022-30631 CVE-2022-30633 CVE-2022-30635 CVE-2022-32148 CVE-2022-1962 CVE-2022-30630 CVE-2022-30632 Oracle Linux 9 [8.0.13-2] - fix password of excessive length triggers buffer overflow leading to RCE CVE-2022-31626 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-31626 Oracle Linux 9 [8.2.2637-16.0.1.3] - Remove upstream references [Orabug: 31197557] [2:8.2.2637-16.3] - CVE-2022-1785 vim: Out-of-bounds Write - CVE-2022-1897 vim: out-of-bounds write in vim_regsub_both() in regexp.c - CVE-2022-1927 vim: buffer over-read in utf_ptr2char() in mbyte.c MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1785 CVE-2022-1897 CVE-2022-1927 Oracle Linux 9 galera [26.4.11-1.0.1] - Requirement to delete garbd-wrapper script and lp1184034 test case without using patches. Patches from previous release have been deleted - Drop nmap-ncat requirement. [Orabug: 34116228] - Added galera-skip-lp1184034-testcase.patch - Added backport-removes-nmap-probing-in-garbd-wrapper.patch [26.4.11-1] - Rebase to 26.4.11 mariadb [3:10.5.16-2] - Release bump for rebuild [3:10.5.16-1] - Rebase to 10.5.16 [3:10.5.15-1] - Rebase to 10.5.15 mysql-selinux [1.0.5-1] - Rebase to 1.0.5 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-46659 CVE-2021-46668 CVE-2022-24048 CVE-2022-27377 CVE-2022-27381 CVE-2022-27382 CVE-2022-27383 CVE-2022-27444 CVE-2022-27447 CVE-2022-27448 CVE-2022-27449 CVE-2022-27455 CVE-2022-27458 CVE-2021-46661 CVE-2021-46663 CVE-2021-46664 CVE-2021-46665 CVE-2021-46669 CVE-2022-24050 CVE-2022-24051 CVE-2022-24052 CVE-2022-27376 CVE-2022-27378 CVE-2022-27379 CVE-2022-27380 CVE-2022-27384 CVE-2022-27386 CVE-2022-27387 CVE-2022-27445 CVE-2022-27446 CVE-2022-27451 CVE-2022-27452 CVE-2022-27456 CVE-2022-27457 CVE-2022-31622 CVE-2022-31623 Oracle Linux 9 [5.14.0-70.22.1.0.1_0.OL9] [lockdown: also lock down previous kgdb use (Daniel Thompson) [Orabug: 34290418] {CVE-2022-21499} [5.14.0-70.22.1_0.OL9] [Update Oracle Linux certificates (Kevin Lyons) [Disable signing for aarch64 (Ilya Okomin) [Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] [Update x509.genkey [Orabug: 24817676] [Conflict with shim-ia32 and shim-x64 < 15.3-1.0.4 [Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944] [5.14.0-70.22.1_0] [PCI: vmd: Revert 2565e5b69c44 ('PCI: vmd: Do not disable MSI-X remapping if interrupt remapping is enabled by IOMMU.') (Myron Stowe) [2109974 2084146] [PCI: vmd: Assign VMD IRQ domain before enumeration (Myron Stowe) [2109974 2084146] [rhel config: Set DMAR_UNITS_SUPPORTED (Jerry Snitselaar) [2105326 2094984] [iommu/vt-d: Make DMAR_UNITS_SUPPORTED a config setting (Jerry Snitselaar) [2105326 2094984] [5.14.0-70.21.1_0] [ibmvnic: fix race between xmit and reset (Gustavo Walbon) [2103085 2061556] [scsi: core: sysfs: Fix setting device state to SDEV_RUNNING (Chris Leech) [2098251 2095440] [scsi: core: sysfs: Fix hang when device state is set via sysfs (Chris Leech) [2098251 2095440] [5.14.0-70.20.1_0] [block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (Ming Lei) [2106024 2066297] {CVE-2022-0494} [ahci: Add a generic 'controller2' RAID id (Tomas Henzl) [2099740 2078880] [ahci: remove duplicated PCI device IDs (Tomas Henzl) [2099740 2042790] [gfs2: Stop using glock holder auto-demotion for now (Andreas Gruenbacher) [2097306 2082193] [gfs2: buffered write prefaulting (Andreas Gruenbacher) [2097306 2082193] [gfs2: Align read and write chunks to the page cache (Andreas Gruenbacher) [2097306 2082193] [gfs2: Pull return value test out of should_fault_in_pages (Andreas Gruenbacher) [2097306 2082193] [gfs2: Clean up use of fault_in_iov_iter_{read,write}able (Andreas Gruenbacher) [2097306 2082193] [gfs2: Variable rename (Andreas Gruenbacher) [2097306 2082193] [gfs2: Fix filesystem block deallocation for short writes (Andreas Gruenbacher) [2097306 2082193] [iomap: iomap_write_end cleanup (Andreas Gruenbacher) [2097306 2082193] [iomap: iomap_write_failed fix (Andreas Gruenbacher) [2097306 2082193] [gfs2: Don't re-check for write past EOF unnecessarily (Andreas Gruenbacher) [2097306 2082193] [gfs2: No short reads or writes upon glock contention (Andreas Gruenbacher) [2097306 2082193] [fs/iomap: Fix buffered write page prefaulting (Andreas Gruenbacher) [2097306 2082193] [gfs2: Make sure not to return short direct writes (Andreas Gruenbacher) [2097306 2082193] [gfs2: Remove dead code in gfs2_file_read_iter (Andreas Gruenbacher) [2097306 2082193] [gfs2: Fix gfs2_file_buffered_write endless loop workaround (Andreas Gruenbacher) [2097306 2082193] [gfs2: Minor retry logic cleanup (Andreas Gruenbacher) [2097306 2082193] [gfs2: Disable page faults during lockless buffered reads (Andreas Gruenbacher) [2097306 2082193] [gfs2: Fix should_fault_in_pages() logic (Andreas Gruenbacher) [2097306 2082193] [gfs2: Initialize gh_error in gfs2_glock_nq (Andreas Gruenbacher) [2097306 2082193] [gfs2: Make use of list_is_first (Andreas Gruenbacher) [2097306 2082193] [gfs2: Switch lock order of inode and iopen glock (Andreas Gruenbacher) [2097306 2082193] [gfs2: cancel timed-out glock requests (Andreas Gruenbacher) [2097306 2082193] [gfs2: Expect -EBUSY after canceling dlm locking requests (Andreas Gruenbacher) [2097306 2082193] [gfs2: gfs2_setattr_size error path fix (Andreas Gruenbacher) [2097306 2082193] [gfs2: assign rgrp glock before compute_bitstructs (Bob Peterson) [2097306 2082193] [5.14.0-70.19.1_0] [KVM: x86/mmu: make apf token non-zero to fix bug (Vitaly Kuznetsov) [2100903 2074832] [powerpc/64: Move paca allocation later in boot (Desnes A. Nunes do Rosario) [2092248 2055566] [powerpc: Set crashkernel offset to mid of RMA region (Desnes A. Nunes do Rosario) [2092248 2055566] [powerpc/64s/hash: Make hash faults work in NMI context (Desnes A. Nunes do Rosario) [2092253 2062762] [5.14.0-70.18.1_0] [NFSv4: Fix free of uninitialized nfs4_label on referral lookup. (Benjamin Coddington) [2101858 2086367] [NFSv4 only print the label when its queried (Benjamin Coddington) [2101854 2057327] [crypto: fips - make proc files report fips module name and version (Simo Sorce) [2093384 2080499] [net: sched: fix use-after-free in tc_new_tfilter() (Ivan Vecera) [2071707 2090410] {CVE-2022-1055} MODERATE Copyright 2022 Oracle, Inc. CVE-2022-0494 CVE-2022-1055 Oracle Linux 9 [6.0.108-1.0.1] - Add missing Oracle RIDs - Build all packages on source-build even when in servicing [6.0.108-1] - Update to .NET SDK 6.0.108 and Runtime 6.0.8 - Resolves: RHBZ#2112413 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-34716 Oracle Linux 9 [7.76.1-14.el9_0.5] - fix unpreserved file permissions (CVE-2022-32207) - fix HTTP compression denial of service (CVE-2022-32206) - fix FTP-KRB bad message verification (CVE-2022-32208) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-32206 CVE-2022-32208 CVE-2022-32207 Oracle Linux 9 [91.13.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Reference oracle-indexhtml within Requires [Orabug: 33802044] [91.13.0-1] - Update to 91.13.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-38478 CVE-2022-38472 CVE-2022-38473 CVE-2022-38476 CVE-2022-38477 Oracle Linux 9 [91.13.0-1.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [91.13.0-1] - Update to 91.13.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-38478 CVE-2022-38472 CVE-2022-38473 CVE-2022-38476 CVE-2022-38477 Oracle Linux 9 [3.2.3-9.2] - Resolves: #2111176 - remote arbitrary files write inside the directories of connecting peers IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-29154 Oracle Linux 9 [3.0.1-41.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.1-41] - Zeroize public keys as required by FIPS 140-3 Resolves: rhbz#2115861 - Add FIPS indicator for HKDF Resolves: rhbz#2118388 [1:3.0.1-40] - Deal with DH keys in FIPS mode according FIPS-140-3 requirements Related: rhbz#2115856 - Deal with ECDH keys in FIPS mode according FIPS-140-3 requirements Related: rhbz#2115857 - Use signature for RSA pairwise test according FIPS-140-3 requirements Related: rhbz#2115858 - Reseed all the parent DRBGs in chain on reseeding a DRBG Related: rhbz#2115859 - Zeroization according to FIPS-140-3 requirements Related: rhbz#2115861 [1:3.0.1-39] - Use RSA-OAEP in FIPS RSA encryption/decryption FIPS self-test - Use Use digest_sign & digest_verify in FIPS signature self test - Use FFDHE2048 in Diffie-Hellman FIPS self-test Resolves: rhbz#2112978 [1:3.0.1-38] - Fix segfault in EVP_PKEY_Q_keygen() when OpenSSL was not previously initialized. Resolves: rhbz#2107530 - Improve AES-GCM performance on Power9 and Power10 ppc64le Resolves: rhbz#2103044 - Improve ChaCha20 performance on Power10 ppc64le Resolves: rhbz#2103044 [1:3.0.1-37] - CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 Resolves: CVE-2022-2097 [1:3.0.1-36] - Ciphersuites with RSAPSK KX should be filterd in FIPS mode - Related: rhbz#2091994 - FIPS provider should block RSA encryption for key transport. - Other RSA encryption options should still be available if key length is enough - Related: rhbz#2091977 - Improve diagnostics when passing unsupported groups in TLS - Related: rhbz#2086554 - Fix PPC64 Montgomery multiplication bug - Related: rhbz#2101346 - Strict certificates validation shouldn't allow explicit EC parameters - Related: rhbz#2085521 - CVE-2022-2068: the c_rehash script allows command injection - Related: rhbz#2098276 [1:3.0.1-35] - Add explicit indicators for signatures in FIPS mode and mark signature primitives as unapproved. Resolves: rhbz#2087234 [1:3.0.1-34] - Some OpenSSL test certificates are expired, updating - Resolves: rhbz#2095696 [1:3.0.1-33] - CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory - Resolves: rhbz#2089443 - CVE-2022-1343 openssl: Signer certificate verification returned inaccurate response when using OCSP_NOCHECKS - Resolves: rhbz#2089439 - CVE-2022-1292 openssl: c_rehash script allows command injection - Resolves: rhbz#2090361 - Revert 'Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode' Related: rhbz#2087234 - Use KAT for ECDSA signature tests, s390 arch - Resolves: rhbz#2086866 [1:3.0.1-32] - openssl ecparam -list_curves lists only FIPS-approved curves in FIPS mode - Resolves: rhbz#2091929 - Ciphersuites with RSA KX should be filterd in FIPS mode - Related: rhbz#2091994 - In FIPS mode, signature verification works with keys of arbitrary size above 2048 bit, and only with 1024, 1280, 1536, 1792 bits for keys below 2048 bits - Resolves: rhbz#2091938 [1:3.0.1-31] - Disable SHA-1 signature verification in FIPS mode - Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode Resolves: rhbz#2087234 [1:3.0.1-30] - Use KAT for ECDSA signature tests - Resolves: rhbz#2086866 [1:3.0.1-29] - -config argument of openssl app should work properly in FIPS mode - Resolves: rhbz#2085500 - openssl req defaults on PKCS#8 encryption changed to AES-256-CBC - Resolves: rhbz#2085499 [1:3.0.1-28] - OpenSSL should not accept custom elliptic curve parameters - Resolves rhbz#2085508 - OpenSSL should not accept explicit curve parameters in FIPS mode - Resolves rhbz#2085521 [1:3.0.1-27] - Change FIPS module version to include hash of specfile, patches and sources Resolves: rhbz#2082585 [1:3.0.1-26] - OpenSSL FIPS module should not build in non-approved algorithms Resolves: rhbz#2082584 [1:3.0.1-25] - FIPS provider should block RSA encryption for key transport. - Other RSA encryption options should still be available - Resolves: rhbz#2053289 [1:3.0.1-24] - Fix occasional internal error in TLS when DHE is used Resolves: rhbz#2080323 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1292 CVE-2022-2068 CVE-2022-2097 CVE-2022-1343 CVE-2022-1473 Oracle Linux 9 [11.3.5-1.0.1.el9_0.1] - Fix spaces in vmware udev rule for scsi devices [Orabug: 24461968] - Fix vmware udev rule in 99-vmware-scsi-timeout.rules file. [Orabug: 22815019] - Increase timeout for scsi devices on VMWare guests by adding a udev rule. [Orabug: 21819156] [11.3.5-1.el9_0.1] - ovt-Properly-check-authorization-on-incoming-guestOps-re.patch [bz#2119285] - Resolves: bz#2119285 (CVE-2022-31676 open-vm-tools: local root privilege escalation in the virtual machine [rhel-9.0.0.z]) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-31676 Oracle Linux 9 [6.0.109-1.0.1] - Add missing Oracle RIDs - Build all packages on source-build even when in servicing [6.0.109-1] - Update to .NET SDK 6.0.109 and Runtime 6.0.9 - Resolves: RHBZ#2123791 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-38013 Oracle Linux 9 [3.0.4-160] - Upgrade to Ruby 3.0.4. Resolves: rhbz#2109428 - OpenSSL test suite fixes due to disabled SHA1. Related: rbhz#2109428 - Fix double free in Regexp compilation. Resolves: CVE-2022-28738 - Fix buffer overrun in String-to-Float conversion. Resolves: CVE-2022-28739 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-28738 CVE-2022-28739 Oracle Linux 9 [8.0.30-3] - Release bump for rebuild [8.0.30-1] - Update to MySQL 8.0.30 - Remove patches now upstream: chain certs, OpenSSL 3, s390 and robin hood - Add a new plugin [8.0.29-1] - Update to MySQL 8.0.29 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-21427 CVE-2022-21412 CVE-2022-21413 CVE-2022-21414 CVE-2022-21423 CVE-2022-21435 CVE-2022-21437 CVE-2022-21440 CVE-2022-21451 CVE-2022-21454 CVE-2022-21457 CVE-2022-21479 CVE-2022-21509 CVE-2022-21515 CVE-2022-21525 CVE-2022-21526 CVE-2022-21530 CVE-2022-21534 CVE-2022-21537 CVE-2022-21553 CVE-2022-21556 CVE-2022-21415 CVE-2022-21417 CVE-2022-21418 CVE-2022-21425 CVE-2022-21436 CVE-2022-21438 CVE-2022-21444 CVE-2022-21452 CVE-2022-21455 CVE-2022-21459 CVE-2022-21460 CVE-2022-21462 CVE-2022-21478 CVE-2022-21517 CVE-2022-21522 CVE-2022-21527 CVE-2022-21528 CVE-2022-21529 CVE-2022-21531 CVE-2022-21538 CVE-2022-21539 CVE-2022-21547 CVE-2022-21569 Oracle Linux 9 nodejs [16.16.0-1] - Rebase to version 16.16.0 Resolves: RHBZ#2106290 Resolves: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 [16.14.0-5] - Decouple dependency bundling from bootstrapping nodejs-nodemon MODERATE Copyright 2022 Oracle, Inc. CVE-2020-7788 CVE-2022-32212 CVE-2022-32213 CVE-2022-33987 CVE-2022-32214 CVE-2022-32215 CVE-2022-29244 CVE-2020-28469 CVE-2021-3807 CVE-2021-33502 Oracle Linux 9 [2.3.3-2] - Fix CVE-2022-34903 (#2108449) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-34903 Oracle Linux 9 [28-5.1] - Fix a stack buffer over-read in the c-shquote library - Fix null pointer reference when supplying a malformed XML config file - Add gating.yaml Resolves: CVE-2022-31212 Resolves: CVE-2022-31213 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-31212 CVE-2022-31213 Oracle Linux 9 [5.14.0-70.26.1.0.1_0.OL9] - lockdown: also lock down previous kgdb use (Daniel Thompson) [Orabug: 34290418] {CVE-2022-21499} [5.14.0-70.26.1_0.OL9] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 < 15.3-1.0.4 - Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944] [5.14.0-70.26.1_0] - redhat/configs enable CONFIG_ICE_HWTS (Petr Oros) [2108204 2037974] - redhat/configs enable CONFIG_ICE_SWITCHDEV (Petr Oros) [2108204 2037974] - ice: Fix VF not able to send tagged traffic with no VLAN filters (Petr Oros) [2119290 2116964] - ice: Ignore error message when setting same promiscuous mode (Petr Oros) [2119290 2116964] - ice: Fix clearing of promisc mode with bridge over bond (Petr Oros) [2119290 2116964] - ice: Ignore EEXIST when setting promisc mode (Petr Oros) [2119290 2116964] - ice: Fix double VLAN error when entering promisc mode (Petr Oros) [2119290 2116964] - ice: Fix promiscuous mode not turning off (Petr Oros) [2119290 2116964] - ice: Introduce enabling promiscuous mode on multiple VF's (Petr Oros) [2119290 2116964] - ice: do not setup vlan for loopback VSI (Petr Oros) [2119290 2116964] - ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS) (Petr Oros) [2119290 2116964] - ice: Fix VSIs unable to share unicast MAC (Petr Oros) [2119290 2116964] - ice: Fix max VLANs available for VF (Petr Oros) [2119290 2116964] - ice: change devlink code to read NVM in blocks (Petr Oros) [2119290 2116964] - ice: Fix memory corruption in VF driver (Petr Oros) [2108204 2037974] - ice: Fix queue config fail handling (Petr Oros) [2108204 2037974] - ice: Sync VLAN filtering features for DVM (Petr Oros) [2108204 2037974] - ice: Fix PTP TX timestamp offset calculation (Petr Oros) [2108204 2037974] - ice: Fix interrupt moderation settings getting cleared (Petr Oros) [2108204 2037974] - ice: fix possible under reporting of ethtool Tx and Rx statistics (Petr Oros) [2108204 2037974] - ice: fix crash when writing timestamp on RX rings (Petr Oros) [2108204 2037974] - ice: fix PTP stale Tx timestamps cleanup (Petr Oros) [2108204 2037974] - ice: clear stale Tx queue settings before configuring (Petr Oros) [2108204 2037974] - ice: Fix race during aux device (un)plugging (Petr Oros) [2108204 2037974] - ice: fix use-after-free when deinitializing mailbox snapshot (Petr Oros) [2108204 2037974] - ice: wait 5 s for EMP reset after firmware flash (Petr Oros) [2108204 2037974] - ice: Protect vf_state check by cfg_lock in ice_vc_process_vf_msg() (Petr Oros) [2108204 2037974] - ice: Fix incorrect locking in ice_vc_process_vf_msg() (Petr Oros) [2108204 2037974] - ice: Fix memory leak in ice_get_orom_civd_data() (Petr Oros) [2108204 2037974] - ice: fix crash in switchdev mode (Petr Oros) [2108204 2037974] - ice: allow creating VFs for !CONFIG_NET_SWITCHDEV (Petr Oros) [2108204 2037974] - ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (Petr Oros) [2108204 2037974] - ice: clear cmd_type_offset_bsz for TX rings (Petr Oros) [2108204 2037974] - ice: xsk: fix VSI state check in ice_xsk_wakeup() (Petr Oros) [2108204 2037974] - ice: synchronize_rcu() when terminating rings (Petr Oros) [2108204 2037974] - ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (Petr Oros) [2108204 2037974] - ice: Set txq_teid to ICE_INVAL_TEID on ring creation (Petr Oros) [2108204 2037974] - ice: Fix broken IFF_ALLMULTI handling (Petr Oros) [2108204 2037974] - ice: Fix MAC address setting (Petr Oros) [2108204 2037974] - ice: Clear default forwarding VSI during VSI release (Petr Oros) [2108204 2037974] - ice: xsk: Fix indexing in ice_tx_xsk_pool() (Petr Oros) [2108204 2037974] - ice: xsk: Stop Rx processing when ntc catches ntu (Petr Oros) [2108204 2037974] - ice: don't allow to run ice_send_event_to_aux() in atomic ctx (Petr Oros) [2108204 2037974] - ice: fix 'scheduling while atomic' on aux critical err interrupt (Petr Oros) [2108204 2037974] - ice: add trace events for tx timestamps (Petr Oros) [2108204 2037974] - ice: fix return value check in ice_gnss.c (Petr Oros) [2108204 2037974] - ice: destroy flow director filter mutex after releasing VSIs (Petr Oros) [2108204 2037974] - ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats() (Petr Oros) [2108204 2037974] - ice: remove PF pointer from ice_check_vf_init (Petr Oros) [2108204 2037974] - ice: introduce ice_virtchnl.c and ice_virtchnl.h (Petr Oros) [2108204 2037974] - ice: cleanup long lines in ice_sriov.c (Petr Oros) [2108204 2037974] - ice: introduce ICE_VF_RESET_LOCK flag (Petr Oros) [2108204 2037974] - ice: introduce ICE_VF_RESET_NOTIFY flag (Petr Oros) [2108204 2037974] - ice: convert ice_reset_vf to take flags (Petr Oros) [2108204 2037974] - ice: convert ice_reset_vf to standard error codes (Petr Oros) [2108204 2037974] - ice: make ice_reset_all_vfs void (Petr Oros) [2108204 2037974] - ice: drop is_vflr parameter from ice_reset_all_vfs (Petr Oros) [2108204 2037974] - ice: move reset functionality into ice_vf_lib.c (Petr Oros) [2108204 2037974] - ice: fix a long line warning in ice_reset_vf (Petr Oros) [2108204 2037974] - ice: introduce VF operations structure for reset flows (Petr Oros) [2108204 2037974] - ice: fix incorrect dev_dbg print mistaking 'i' for vf->vf_id (Petr Oros) [2108204 2037974] - ice: introduce ice_vf_lib.c, ice_vf_lib.h, and ice_vf_lib_private.h (Petr Oros) [2108204 2037974] - ice: use ice_is_vf_trusted helper function (Petr Oros) [2108204 2037974] - ice: log an error message when eswitch fails to configure (Petr Oros) [2108204 2037974] - ice: cleanup error logging for ice_ena_vfs (Petr Oros) [2108204 2037974] - ice: move ice_set_vf_port_vlan near other .ndo ops (Petr Oros) [2108204 2037974] - ice: refactor spoofchk control code in ice_sriov.c (Petr Oros) [2108204 2037974] - ice: rename ICE_MAX_VF_COUNT to avoid confusion (Petr Oros) [2108204 2037974] - ice: remove unused definitions from ice_sriov.h (Petr Oros) [2108204 2037974] - ice: convert vf->vc_ops to a const pointer (Petr Oros) [2108204 2037974] - ice: remove circular header dependencies on ice.h (Petr Oros) [2108204 2037974] - ice: rename ice_virtchnl_pf.c to ice_sriov.c (Petr Oros) [2108204 2037974] - ice: rename ice_sriov.c to ice_vf_mbx.c (Petr Oros) [2108204 2037974] - ice: Fix FV offset searching (Petr Oros) [2108204 2037974] - ice: Add support for outer dest MAC for ADQ tunnels (Petr Oros) [2108204 2037974] - ice: avoid XDP checks in ice_clean_tx_irq() (Petr Oros) [2108204 2037974] - ice: change 'can't set link' message to dbg level (Petr Oros) [2108204 2037974] - ice: Add slow path offload stats on port representor in switchdev (Petr Oros) [2108204 2037974] - ice: Add support for inner etype in switchdev (Petr Oros) [2108204 2037974] - ice: Fix curr_link_speed advertised speed (Petr Oros) [2108204 2037974] - ice: Don't use GFP_KERNEL in atomic context (Petr Oros) [2108204 2037974] - ice: stop disabling VFs due to PF error responses (Petr Oros) [2108204 2037974] - ice: convert VF storage to hash table with krefs and RCU (Petr Oros) [2108204 2037974] - ice: introduce VF accessor functions (Petr Oros) [2108204 2037974] - ice: factor VF variables to separate structure (Petr Oros) [2108204 2037974] - ice: convert ice_for_each_vf to include VF entry iterator (Petr Oros) [2108204 2037974] - ice: use ice_for_each_vf for iteration during removal (Petr Oros) [2108204 2037974] - ice: remove checks in ice_vc_send_msg_to_vf (Petr Oros) [2108204 2037974] - ice: move VFLR acknowledge during ice_free_vfs (Petr Oros) [2108204 2037974] - ice: move clear_malvf call in ice_free_vfs (Petr Oros) [2108204 2037974] - ice: pass num_vfs to ice_set_per_vf_res() (Petr Oros) [2108204 2037974] - ice: store VF pointer instead of VF ID (Petr Oros) [2108204 2037974] - ice: refactor unwind cleanup in eswitch mode (Petr Oros) [2108204 2037974] - ice: add TTY for GNSS module for E810T device (Petr Oros) [2108204 2037974] - ice: initialize local variable 'tlv' (Petr Oros) [2108204 2037974] - ice: check the return of ice_ptp_gettimex64 (Petr Oros) [2108204 2037974] - ice: fix concurrent reset and removal of VFs (Petr Oros) [2108204 2037974] - ice: fix setting l4 port flag when adding filter (Petr Oros) [2108204 2037974] - ice: Match on all profiles in slow-path (Petr Oros) [2108204 2037974] - ice: enable parsing IPSEC SPI headers for RSS (Petr Oros) [2108204 2037974] - ice: Simplify tracking status of RDMA support (Petr Oros) [2108204 2037974] - ice: fix IPIP and SIT TSO offload (Petr Oros) [2108204 2037974] - ice: fix an error code in ice_cfg_phy_fec() (Petr Oros) [2108204 2037974] - ice: Add ability for PF admin to enable VF VLAN pruning (Petr Oros) [2108204 2037974] - ice: Add support for 802.1ad port VLANs VF (Petr Oros) [2108204 2037974] - ice: Advertise 802.1ad VLAN filtering and offloads for PF netdev (Petr Oros) [2108204 2037974] - ice: Support configuring the device to Double VLAN Mode (Petr Oros) [2108204 2037974] - ice: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 (Petr Oros) [2108204 2037974] - ice: Add hot path support for 802.1Q and 802.1ad VLAN offloads (Petr Oros) [2108204 2037974] - ice: Add outer_vlan_ops and VSI specific VLAN ops implementations (Petr Oros) [2108204 2037974] - ice: Adjust naming for inner VLAN operations (Petr Oros) [2108204 2037974] - ice: Use the proto argument for VLAN ops (Petr Oros) [2108204 2037974] - ice: Refactor vf->port_vlan_info to use ice_vlan (Petr Oros) [2108204 2037974] - ice: Introduce ice_vlan struct (Petr Oros) [2108204 2037974] - ice: Add new VSI VLAN ops (Petr Oros) [2108204 2037974] - ice: Add helper function for adding VLAN 0 (Petr Oros) [2108204 2037974] - ice: Refactor spoofcheck configuration functions (Petr Oros) [2108204 2037974] - ice: Remove likely for napi_complete_done (Petr Oros) [2108204 2037974] - ice: add support for DSCP QoS for IDC (Petr Oros) [2108204 2037974] - ice: respect metadata on XSK Rx to skb (Petr Oros) [2108204 2037974] - ice: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (Petr Oros) [2108204 2037974] - ice: respect metadata in legacy-rx/ice_construct_skb() (Petr Oros) [2108204 2037974] - ice: Remove useless DMA-32 fallback configuration (Petr Oros) [2108204 2037974] - ice: Use bitmap_free() to free bitmap (Petr Oros) [2108204 2037974] - ice: Optimize a few bitmap operations (Petr Oros) [2108204 2037974] - ice: Slightly simply ice_find_free_recp_res_idx (Petr Oros) [2108204 2037974] - ice: improve switchdev's slow-path (Petr Oros) [2108204 2037974] - ice: replay advanced rules after reset (Petr Oros) [2108204 2037974] - net: fixup build after bpf header changes (Petr Oros) [2108204 2037974] - net: Don't include filter.h from net/sock.h (Petr Oros) [2108204 2037974] - ice: Add flow director support for channel mode (Petr Oros) [2108204 2037974] - ice: switch to napi_build_skb() (Petr Oros) [2108204 2037974] - ice: xsk: fix cleaned_count setting (Petr Oros) [2108204 2037974] - ice: xsk: allow empty Rx descriptors on XSK ZC data path (Petr Oros) [2108204 2037974] - ice: xsk: allocate separate memory for XDP SW ring (Petr Oros) [2108204 2037974] - ice: xsk: return xsk buffers back to pool when cleaning the ring (Petr Oros) [2108204 2037974] - ice: trivial: fix odd indenting (Petr Oros) [2108204 2037974] - ice: support crosstimestamping on E822 devices if supported (Petr Oros) [2108204 2037974] - ice: exit bypass mode once hardware finishes timestamp calibration (Petr Oros) [2108204 2037974] - ice: ensure the hardware Clock Generation Unit is configured (Petr Oros) [2108204 2037974] - ice: implement basic E822 PTP support (Petr Oros) [2108204 2037974] - ice: convert clk_freq capability into time_ref (Petr Oros) [2108204 2037974] - ice: introduce ice_ptp_init_phc function (Petr Oros) [2108204 2037974] - ice: use 'int err' instead of 'int status' in ice_ptp_hw.c (Petr Oros) [2108204 2037974] - ice: PTP: move setting of tstamp_config (Petr Oros) [2108204 2037974] - ice: introduce ice_base_incval function (Petr Oros) [2108204 2037974] - ice: Fix E810 PTP reset flow (Petr Oros) [2108204 2037974] - ice: Don't put stale timestamps in the skb (Petr Oros) [2108204 2037974] - ice: Use div64_u64 instead of div_u64 in adjfine (Petr Oros) [2108204 2037974] - ice: use modern kernel API for kick (Petr Oros) [2108204 2037974] - ice: tighter control over VSI_DOWN state (Petr Oros) [2108204 2037974] - ice: use prefetch methods (Petr Oros) [2108204 2037974] - ice: update to newer kernel API (Petr Oros) [2108204 2037974] - ice: support immediate firmware activation via devlink reload (Petr Oros) [2108204 2037974] - ice: reduce time to read Option ROM CIVD data (Petr Oros) [2108204 2037974] - ice: move ice_devlink_flash_update and merge with ice_flash_pldm_image (Petr Oros) [2108204 2037974] - ice: move and rename ice_check_for_pending_update (Petr Oros) [2108204 2037974] - ice: devlink: add shadow-ram region to snapshot Shadow RAM (Petr Oros) [2108204 2037974] - ice: Remove unused ICE_FLOW_SEG_HDRS_L2_MASK (Petr Oros) [2108204 2037974] - ice: Remove unnecessary casts (Petr Oros) [2108204 2037974] - ice: Propagate error codes (Petr Oros) [2108204 2037974] - ice: Remove excess error variables (Petr Oros) [2108204 2037974] - ice: Cleanup after ice_status removal (Petr Oros) [2108204 2037974] - ice: Remove enum ice_status (Petr Oros) [2108204 2037974] - ice: Use int for ice_status (Petr Oros) [2108204 2037974] - ice: Remove string printing for ice_status (Petr Oros) [2108204 2037974] - ice: Refactor status flow for DDP load (Petr Oros) [2108204 2037974] - ice: Refactor promiscuous functions (Petr Oros) [2108204 2037974] - ice: refactor PTYPE validating (Petr Oros) [2108204 2037974] - ice: Add package PTYPE enable information (Petr Oros) [2108204 2037974] - ice: safer stats processing (Petr Oros) [2108204 2037974] - ice: fix adding different tunnels (Petr Oros) [2108204 2037974] - ice: fix choosing UDP header type (Petr Oros) [2108204 2037974] - ice: ignore dropped packets during init (Petr Oros) [2108204 2037974] - ice: rearm other interrupt cause register after enabling VFs (Petr Oros) [2108204 2037974] - ice: fix FDIR init missing when reset VF (Petr Oros) [2108204 2037974] - net/ice: Remove unused enum (Petr Oros) [2108204 2037974] - net/ice: Fix boolean assignment (Petr Oros) [2108204 2037974] - ice: avoid bpf_prog refcount underflow (Petr Oros) [2108204 2037974] - ice: fix vsi->txq_map sizing (Petr Oros) [2108204 2037974] - net/ice: Add support for enable_iwarp and enable_roce devlink param (Petr Oros) [2108204 2037974] - ice: Hide bus-info in ethtool for PRs in switchdev mode (Petr Oros) [2108204 2037974] - ice: Clear synchronized addrs when adding VFs in switchdev mode (Petr Oros) [2108204 2037974] - ice: fix error return code in ice_get_recp_frm_fw() (Petr Oros) [2108204 2037974] - ice: Fix clang -Wimplicit-fallthrough in ice_pull_qvec_from_rc() (Petr Oros) [2108204 2037974] - ice: Add support to print error on PHY FW load failure (Petr Oros) [2108204 2037974] - ice: Add support for changing MTU on PR in switchdev mode (Petr Oros) [2108204 2037974] - ice: send correct vc status in switchdev (Petr Oros) [2108204 2037974] - ice: support for GRE in eswitch (Petr Oros) [2108204 2037974] - ice: low level support for tunnels (Petr Oros) [2108204 2037974] - ice: VXLAN and Geneve TC support (Petr Oros) [2108204 2037974] - ice: support for indirect notification (Petr Oros) [2108204 2037974] - ice: Add tc-flower filter support for channel (Petr Oros) [2108204 2037974] - ice: enable ndo_setup_tc support for mqprio_qdisc (Petr Oros) [2108204 2037974] - ice: Add infrastructure for mqprio support via ndo_setup_tc (Petr Oros) [2108204 2037974] - ice: fix an error code in ice_ena_vfs() (Petr Oros) [2108204 2037974] - ice: Refactor PR ethtool ops (Petr Oros) [2108204 2037974] - ice: Manage act flags for switchdev offloads (Petr Oros) [2108204 2037974] - ice: Forbid trusted VFs in switchdev mode (Petr Oros) [2108204 2037974] - ice: introduce XDP_TX fallback path (Petr Oros) [2108204 2037974] - ice: optimize XDP_TX workloads (Petr Oros) [2108204 2037974] - ice: propagate xdp_ring onto rx_ring (Petr Oros) [2108204 2037974] - ice: do not create xdp_frame on XDP_TX (Petr Oros) [2108204 2037974] - ice: unify xdp_rings accesses (Petr Oros) [2108204 2037974] - ice: ndo_setup_tc implementation for PR (Petr Oros) [2108204 2037974] - ice: ndo_setup_tc implementation for PF (Petr Oros) [2108204 2037974] - ice: Allow changing lan_en and lb_en on all kinds of filters (Petr Oros) [2108204 2037974] - ice: cleanup rules info (Petr Oros) [2108204 2037974] - ice: allow deleting advanced rules (Petr Oros) [2108204 2037974] - ice: allow adding advanced rules (Petr Oros) [2108204 2037974] - ice: create advanced switch recipe (Petr Oros) [2108204 2037974] - ice: manage profiles and field vectors (Petr Oros) [2108204 2037974] - ice: implement low level recipes functions (Petr Oros) [2108204 2037974] - ice: add port representor ethtool ops and stats (Petr Oros) [2108204 2037974] - ice: switchdev slow path (Petr Oros) [2108204 2037974] - ice: rebuild switchdev when resetting all VFs (Petr Oros) [2108204 2037974] - ice: enable/disable switchdev when managing VFs (Petr Oros) [2108204 2037974] - ice: introduce new type of VSI for switchdev (Petr Oros) [2108204 2037974] - ice: set and release switchdev environment (Petr Oros) [2108204 2037974] - ice: allow changing lan_en and lb_en on dflt rules (Petr Oros) [2108204 2037974] - ice: manage VSI antispoof and destination override (Petr Oros) [2108204 2037974] - ice: allow process VF opcodes in different ways (Petr Oros) [2108204 2037974] - ice: introduce VF port representor (Petr Oros) [2108204 2037974] - ice: Move devlink port to PF/VF struct (Petr Oros) [2108204 2037974] - ice: support basic E-Switch mode control (Petr Oros) [2108204 2037974] - ethernet: use eth_hw_addr_set() for dev->addr_len cases (Petr Oros) [2108204 2037974] - ethernet: use eth_hw_addr_set() instead of ether_addr_copy() (Petr Oros) [2108204 2037974] - ice: Use xdp_buf instead of rx_buf for xsk zero-copy (Petr Oros) [2108204 2037974] - ice: Only lock to update netdev dev_addr (Petr Oros) [2108204 2037974] - ice: restart periodic outputs around time changes (Petr Oros) [2108204 2037974] - ice: fix Tx queue iteration for Tx timestamp enablement (Petr Oros) [2108204 2037974] - devlink: Add 'enable_iwarp' generic device param (Petr Oros) [2108204 2037974] - i40e: Fix tunnel checksum offload with fragmented traffic (Ivan Vecera) [2119479 2037980] - i40e: Fix call trace in setup_tx_descriptors (Ivan Vecera) [2119479 2037980] - i40e: Fix calculating the number of queue pairs (Ivan Vecera) [2119479 2037980] - i40e: Fix adding ADQ filter to TC0 (Ivan Vecera) [2119479 2037980] - i40e: i40e_main: fix a missing check on list iterator (Ivan Vecera) [2119479 2037980] - i40e, xsk: Get rid of redundant 'fallthrough' (Ivan Vecera) [2119479 2037980] - i40e, xsk: Diversify return values from xsk_wakeup call paths (Ivan Vecera) [2119479 2037980] - i40e, xsk: Terminate Rx side of NAPI when XSK Rx queue gets full (Ivan Vecera) [2119479 2037980] - i40e: Add Ethernet Connection X722 for 10GbE SFP+ support (Ivan Vecera) [2119479 2037980] - i40e: Add vsi.tx_restart to i40e ethtool stats (Ivan Vecera) [2119479 2037980] - i40e: Add tx_stopped stat (Ivan Vecera) [2119479 2037980] - i40e: Add support for MPLS + TSO (Ivan Vecera) [2119479 2037980] - i40e: little endian only valid checksums (Ivan Vecera) [2119479 2037980] - i40e: stop disabling VFs due to PF error responses (Ivan Vecera) [2119479 2037980] - Revert 'i40e: Fix reset bw limit when DCB enabled with 1 TC' (Ivan Vecera) [2119479 2037980] - i40e: Add a stat for tracking busy rx pages (Ivan Vecera) [2119479 2037980] - i40e: Add a stat for tracking pages waived (Ivan Vecera) [2119479 2037980] - i40e: Add a stat tracking new RX page allocations (Ivan Vecera) [2119479 2037980] - i40e: Aggregate and export RX page reuse stat (Ivan Vecera) [2119479 2037980] - i40e: Remove rx page reuse double count (Ivan Vecera) [2119479 2037980] - i40e: Fix race condition while adding/deleting MAC/VLAN filters (Ivan Vecera) [2119479 2037980] - i40e: Add new version of i40e_aq_add_macvlan function (Ivan Vecera) [2119479 2037980] - i40e: Add new versions of send ASQ command functions (Ivan Vecera) [2119479 2037980] - i40e: Add sending commands in atomic context (Ivan Vecera) [2119479 2037980] - i40e: Remove unused RX realloc stat (Ivan Vecera) [2119479 2037980] - i40e: Disable hw-tc-offload feature on driver load (Ivan Vecera) [2119479 2037980] - i40e: Fix reset path while removing the driver (Ivan Vecera) [2119479 2037980] - i40e: Fix reset bw limit when DCB enabled with 1 TC (Ivan Vecera) [2119479 2037980] - i40e: respect metadata on XSK Rx to skb (Ivan Vecera) [2119479 2037980] - i40e: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (Ivan Vecera) [2119479 2037980] - i40e: Remove useless DMA-32 fallback configuration (Ivan Vecera) [2119479 2037980] - i40e: fix unsigned stat widths (Ivan Vecera) [2119479 2037980] - i40e: Fix for failed to init adminq while VF reset (Ivan Vecera) [2119479 2037980] - i40e: Fix queues reservation for XDP (Ivan Vecera) [2119479 2037980] - i40e: Fix issue when maximum queues is exceeded (Ivan Vecera) [2119479 2037980] - i40e: Increase delay to 1 s after global EMP reset (Ivan Vecera) [2119479 2037980] - i40e: remove variables set but not used (Ivan Vecera) [2119479 2037980] - i40e: Remove non-inclusive language (Ivan Vecera) [2119479 2037980] - i40e: Update FW API version (Ivan Vecera) [2119479 2037980] - i40e: Minimize amount of busy-waiting during AQ send (Ivan Vecera) [2119479 2037980] - i40e: Add ensurance of MacVlan resources for every trusted VF (Ivan Vecera) [2119479 2037980] - i40e: Fix incorrect netdev's real number of RX/TX queues (Ivan Vecera) [2119479 2037980] - i40e: Fix for displaying message regarding NVM version (Ivan Vecera) [2119479 2037980] - i40e: fix use-after-free in i40e_sync_filters_subtask() (Ivan Vecera) [2119479 2037980] - i40e: Fix to not show opcode msg on unsuccessful VF MAC change (Ivan Vecera) [2119479 2037980] - i40e: switch to napi_build_skb() (Ivan Vecera) [2119479 2037980] - i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc (Ivan Vecera) [2119479 2037980] - i40e: Fix pre-set max number of queues for VF (Ivan Vecera) [2119479 2037980] - i40e: Fix failed opcode appearing if handling messages from VF (Ivan Vecera) [2119479 2037980] - i40e: Fix display error code in dmesg (Ivan Vecera) [2119479 2037980] - i40e: Fix creation of first queue by omitting it if is not power of two (Ivan Vecera) [2119479 2037980] - i40e: Fix warning message and call stack during rmmod i40e driver (Ivan Vecera) [2119479 2037980] - i40e: Fix ping is lost after configuring ADq on VF (Ivan Vecera) [2119479 2037980] - i40e: Fix changing previously set num_queue_pairs for PFs (Ivan Vecera) [2119479 2037980] - i40e: Fix NULL ptr dereference on VSI filter sync (Ivan Vecera) [2119479 2037980] - i40e: Fix correct max_pkt_size on VF RX queue (Ivan Vecera) [2119479 2037980] - i40e: Fix freeing of uninitialized misc IRQ vector (Ivan Vecera) [2119479 2037980] - i40e: Fix spelling mistake 'dissable' -> 'disable' (Ivan Vecera) [2119479 2037980] - i40e: add support for PTP external synchronization clock (Ivan Vecera) [2119479 2037980] - i40e: improve locking of mac_filter_hash (Ivan Vecera) [2119479 2037980] - netfilter: nf_tables: sanitize nft_set_desc_concat_parse() (Florian Westphal) [2108199 2096401] {CVE-2022-1972} - netfilter: nf_tables: stricter validation of element data (Florian Westphal) [2104591 2104592] {CVE-2022-34918} [5.14.0-70.25.1_0] - powerpc/smp: Update cpu_core_map on all PowerPc systems (Diego Domingos) [2121719 2063682] - iavf: Fix deadlock in initialization (Ivan Vecera) [2119477 2037976] - iavf: Fix reset error handling (Ivan Vecera) [2119477 2037976] - iavf: Fix NULL pointer dereference in iavf_get_link_ksettings (Ivan Vecera) [2119477 2037976] - iavf: Fix adminq error handling (Ivan Vecera) [2119477 2037976] - iavf: Fix missing state logs (Ivan Vecera) [2119477 2037976] - iavf: Fix VLAN_V2 addition/rejection (Ivan Vecera) [2119477 2037976] - ethernet: use eth_hw_addr_set() instead of ether_addr_copy() (Ivan Vecera) [2119477 2037976] - iavf: Fix issue with MAC address of VF shown as zero (Ivan Vecera) [2119477 2037976] - Revert 'iavf: Fix deadlock occurrence during resetting VF interface' (Ivan Vecera) [2119477 2037976] - iavf: Fix hang during reboot/shutdown (Ivan Vecera) [2119477 2037976] - iavf: Fix double free in iavf_reset_task (Ivan Vecera) [2119477 2037976] - iavf: Fix adopting new combined setting (Ivan Vecera) [2119477 2037976] - iavf: Fix handling of vlan strip virtual channel messages (Ivan Vecera) [2119477 2037976] - iavf: Fix __IAVF_RESETTING state usage (Ivan Vecera) [2119477 2037976] - iavf: Fix missing check for running netdev (Ivan Vecera) [2119477 2037976] - iavf: Fix deadlock in iavf_reset_task (Ivan Vecera) [2119477 2037976] - iavf: Fix race in init state (Ivan Vecera) [2119477 2037976] - iavf: Fix locking for VIRTCHNL_OP_GET_OFFLOAD_VLAN_V2_CAPS (Ivan Vecera) [2119477 2037976] - iavf: Fix init state closure on remove (Ivan Vecera) [2119477 2037976] - iavf: Add waiting so the port is initialized in remove (Ivan Vecera) [2119477 2037976] - iavf: Rework mutexes for better synchronisation (Ivan Vecera) [2119477 2037976] - iavf: Remove non-inclusive language (Ivan Vecera) [2119477 2037976] - iavf: Fix incorrect use of assigning iavf_status to int (Ivan Vecera) [2119477 2037976] - iavf: stop leaking iavf_status as 'errno' values (Ivan Vecera) [2119477 2037976] - iavf: remove redundant ret variable (Ivan Vecera) [2119477 2037976] - iavf: Add usage of new virtchnl format to set default MAC (Ivan Vecera) [2119477 2037976] - iavf: refactor processing of VLAN V2 capability message (Ivan Vecera) [2119477 2037976] - iavf: Add support for 50G/100G in AIM algorithm (Ivan Vecera) [2119477 2037976] - iavf: Remove useless DMA-32 fallback configuration (Ivan Vecera) [2119477 2037976] - iavf: remove an unneeded variable (Ivan Vecera) [2119477 2037976] - iavf: Fix limit of total number of queues to active queues of VF (Ivan Vecera) [2119477 2037976] - iavf: switch to napi_build_skb() (Ivan Vecera) [2119477 2037976] - iavf: Restrict maximum VLAN filters for VIRTCHNL_VF_OFFLOAD_VLAN_V2 (Ivan Vecera) [2119477 2037976] - iavf: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 offload enable/disable (Ivan Vecera) [2119477 2037976] - iavf: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 hotpath (Ivan Vecera) [2119477 2037976] - iavf: Add support VIRTCHNL_VF_OFFLOAD_VLAN_V2 during netdev config (Ivan Vecera) [2119477 2037976] - iavf: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 negotiation (Ivan Vecera) [2119477 2037976] - virtchnl: Add support for new VLAN capabilities (Ivan Vecera) [2119477 2037976] - virtchnl: Use the BIT() macro for capability/offload flags (Ivan Vecera) [2119477 2037976] - virtchnl: Remove unused VIRTCHNL_VF_OFFLOAD_RSVD define (Ivan Vecera) [2119477 2037976] - iavf: do not override the adapter state in the watchdog task (again) (Ivan Vecera) [2119477 2037976] - iavf: missing unlocks in iavf_watchdog_task() (Ivan Vecera) [2119477 2037976] - iavf: Fix reporting when setting descriptor count (Ivan Vecera) [2119477 2037976] - iavf: restore MSI state on reset (Ivan Vecera) [2119477 2037976] - iavf: Fix displaying queue statistics shown by ethtool (Ivan Vecera) [2119477 2037976] - iavf: Refactor string format to avoid static analysis warnings (Ivan Vecera) [2119477 2037976] - iavf: Refactor text of informational message (Ivan Vecera) [2119477 2037976] - iavf: Fix static code analysis warning (Ivan Vecera) [2119477 2037976] - iavf: Refactor iavf_mac_filter struct memory usage (Ivan Vecera) [2119477 2037976] - iavf: Enable setting RSS hash key (Ivan Vecera) [2119477 2037976] - iavf: Add trace while removing device (Ivan Vecera) [2119477 2037976] - iavf: return errno code instead of status code (Ivan Vecera) [2119477 2037976] - iavf: Log info when VF is entering and leaving Allmulti mode (Ivan Vecera) [2119477 2037976] - iavf: Add change MTU message (Ivan Vecera) [2119477 2037976] - iavf: Fix VLAN feature flags after VFR (Ivan Vecera) [2119477 2037976] - iavf: Fix refreshing iavf adapter stats on ethtool request (Ivan Vecera) [2119477 2037976] - iavf: Fix deadlock occurrence during resetting VF interface (Ivan Vecera) [2119477 2037976] - iavf: Prevent changing static ITR values if adaptive moderation is on (Ivan Vecera) [2119477 2037976] - iavf: Restore VLAN filters after link down (Ivan Vecera) [2119477 2037976] - iavf: Fix for setting queues to 0 (Ivan Vecera) [2119477 2037976] - iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset (Ivan Vecera) [2119477 2037976] - iavf: validate pointers (Ivan Vecera) [2119477 2037976] - iavf: prevent accidental free of filter structure (Ivan Vecera) [2119477 2037976] - iavf: Fix failure to exit out from last all-multicast mode (Ivan Vecera) [2119477 2037976] - iavf: don't clear a lock we don't hold (Ivan Vecera) [2119477 2037976] - iavf: free q_vectors before queues in iavf_disable_vf (Ivan Vecera) [2119477 2037976] - iavf: check for null in iavf_fix_features (Ivan Vecera) [2119477 2037976] - iavf: Fix return of set the new channel count (Ivan Vecera) [2119477 2037976] - iavf: Fix kernel BUG in free_msi_irqs (Ivan Vecera) [2119477 2037976] - iavf: Add helper function to go from pci_dev to adapter (Ivan Vecera) [2119477 2037976] - iavf: Combine init and watchdog state machines (Ivan Vecera) [2119477 2037976] - iavf: Add __IAVF_INIT_FAILED state (Ivan Vecera) [2119477 2037976] - iavf: Refactor iavf state machine tracking (Ivan Vecera) [2119477 2037976] - iavf: fix double unlock of crit_lock (Ivan Vecera) [2119477 2037976] - iavf: use mutexes for locking of critical sections (Ivan Vecera) [2119477 2037976] - iavf: fix locking of critical sections (Ivan Vecera) [2119477 2037976] - iavf: do not override the adapter state in the watchdog task (Ivan Vecera) [2119477 2037976] - redhat: nvme/tcp mistakenly uses blk_mq_tag_to_rq(nvme_tcp_tagset(queue)) (John Meneghini) [2118698 2112031] - x86/platform/uv: Log gap hole end size (Frank Ramsay) [2107732 2074097] - x86/platform/uv: Update TSC sync state for UV5 (Frank Ramsay) [2107732 2074097] - x86/platform/uv: Update NMI Handler for UV5 (Frank Ramsay) [2107732 2074097] - cpufreq: intel_pstate: Add Ice Lake server to out-of-band IDs (Steve Best) [2099417 2072886] - [s390] RDMA/mlx5: Fix number of allocated XLT entries (Mete Durlu) [2092270 2088360] [5.14.0-70.24.1_0] - nvme: fix RCU hole that allowed for endless looping in multipath round robin (Gopal Tiwari) [2117756 2108624] - nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info (Gopal Tiwari) [2117756 2066146] - nvme: only call synchronize_srcu when clearing current path (Gopal Tiwari) [2117756 2066146] - nvme-multipath: revalidate paths during rescan (Gopal Tiwari) [2117756 2066146] - block: fix surprise removal for drivers calling blk_set_queue_dying (Gopal Tiwari) [2117755 2066146] - nvme-tcp: fix bogus request completion when failing to send AER (Gopal Tiwari) [2117755 2066146] - nvme: fix use after free when disconnecting a reconnecting ctrl (Gopal Tiwari) [2117755 2066146] - kvm: x86: Add CPUID support for Intel AMX (David Arcari) [2108203 1924149] [5.14.0-70.23.1_0] - block: limit request dispatch loop duration (Ming Lei) [2111395 2066297] - block: ensure plug merging checks the correct queue at least once (Ming Lei) [2111395 2066297] - net/mlx5e: Don't block routes with nexthop objects in SW (Mohammad Kabat) [2092535 2061799] - net/mlx5e: Fix wrong usage of fib_info_nh when routes with nexthop objects are used (Mohammad Kabat) [2092535 2049450] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-34918 CVE-2022-2078 Oracle Linux 9 [2.36.7-1] - Update to 2.36.7 Related: #2123430 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-32893 Oracle Linux 9 [102.3.0-6.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.3.0-6] - Update to 102.3.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-40956 CVE-2022-40957 CVE-2022-40958 CVE-2022-40959 CVE-2022-40960 CVE-2022-40962 Oracle Linux 9 [102.3.0-3.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.3.0-3] - Update to 102.3.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-40956 CVE-2022-40957 CVE-2022-40958 CVE-2022-40959 CVE-2022-3032 CVE-2022-3034 CVE-2022-40960 CVE-2022-40962 CVE-2022-3033 CVE-2022-36059 Oracle Linux 9 [32:9.16.23-1.1] - Fix possible serve-stale related crash (CVE-2022-3080) - Fix memory leak in ECDSA verify processing (CVE-2022-38177) - Fix memory leak in EdDSA verify processing (CVE-2022-38178) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-38177 CVE-2022-38178 CVE-2022-3080 Oracle Linux 9 [ 2.2.10-12.3] - Ensure raw tagnames are safe exiting internalEntityParser - Resolves: CVE-2022-40674 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-40674 Oracle Linux 9 [7:5.2-1.2] - Resolves: #2130251 - CVE-2022-41318 squid: buffer-over-read in SSPI and SMB authentication IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-41318 Oracle Linux 9 gnutls [3.7.6-12] - fips: mark PBKDF2 with short key and output sizes non-approved - fips: only mark HMAC as approved in PBKDF2 - fips: mark gnutls_key_generate with short key sizes non-approved - fips: fix checking on hash algorithm used in ECDSA - fips: preserve operation context around FIPS selftests API [3.7.6-11] - Supply --with{,out}-{zlib,brotli,zstd} explicitly [3.7.6-10] - Revert nettle version pinning as it doesn't work well in side-tag [3.7.6-9] - Pin nettle version in Requires when compiled with FIPS [3.7.6-8] - Bundle GMP to privatize memory functions - Disable certificate compression support by default [3.7.6-7] - Update gnutls-3.7.6-cpuid-fixes.patch [3.7.6-6] - Mark RSA SigVer operation approved for known modulus sizes (#2119770) - accelerated: clear AVX bits if it cannot be queried through XSAVE [3.7.6-5] - Block DES-CBC usage in decrypting PKCS#12 bag under FIPS (#2115314) - sysrng: reseed source DRBG for prediction resistance [3.7.6-4] - Make gnutls-cli work with KTLS for testing - Fix double-free in gnutls_pkcs7_verify (#2109789) [3.7.6-3] - Limit input size for AES-GCM according to SP800-38D (#2108635) - Do not treat GPG verification errors as fatal - Remove gnutls-3.7.6-libgnutlsxx-const.patch [3.7.6-2] - Allow enabling KTLS with config file (#2108532) [3.7.6-1] - Update to gnutls 3.7.6 (#2102591) [3.7.3-10] - Use only the first component of VERSION from /etc/os-release (#2076626) - Don't run power-on self-tests on DSA (#2076627) nettle [3.8-3] - Rebuild in new side-tag [3.8-2] - Bundle GMP to privatize memory functions - Zeroize stack allocated intermediate data [3.8-1] - Update to nettle 3.8 (#2100350) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-2509 Oracle Linux 9 [6.0.110-1.0.1] - Add missing Oracle RIDs - Build all packages on source-build even when in servicing [6.0.110-1] - Update to .NET SDK 6.0.110 and Runtime 6.0.10 - Resolves: RHBZ#2131328 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-41032 Oracle Linux 9 [16.17.1-1] - Rebase to version 16.17.1 Resolves: CVE-2022-35255 CVE-2022-35256 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-35255 CVE-2022-35256 Oracle Linux 9 [1:17.0.5.0.8-2] - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 - Update CLDR data with Europe/Kyiv (JDK-8293834) - Drop JDK-8292223 patch which we found to be unnecessary - Update TestTranslations.java to use public API based on TimeZoneNamesTest upstream - Related: rhbz#2132934 [1:17.0.5.0.8-1] - Update to jdk-17.0.5+8 (GA) - Update release notes to 17.0.5+8 (GA) - Switch to GA mode for final release. - * This tarball is embargoed until 2022-10-18 @ 1pm PT. * - Resolves: rhbz#2132934 [1:17.0.5.0.7-0.1.ea] - Update to jdk-17.0.5+7 - Update release notes to 17.0.5+7 - Resolves: rhbz#2132934 [1:17.0.5.0.1-0.1.ea] - Update to jdk-17.0.5+1 - Update release notes to 17.0.5+1 - Switch to EA mode for 17.0.5 pre-release builds. - Related: rhbz#2132934 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-21618 CVE-2022-21628 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-39399 Oracle Linux 9 [1.8.0.352.b08-2.0.1] - Replace upstream references [Orabug: 34340145] [1:1.8.0.352.b08-2] - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 - Add test to ensure timezones can be translated - Related: rhbz#2133695 [1:1.8.0.352.b08-1] - Update to shenandoah-jdk8u352-b08 (GA) - Update release notes for shenandoah-8u352-b08. - Rebase FIPS patch against 8u352-b07 - * This tarball is embargoed until 2022-10-18 @ 1pm PT. * - Resolves: rhbz#2133695 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-21628 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 Oracle Linux 9 [11.0.17.0.8-2.0.1] - Replace upstream references [Orabug: 34340155] [1:11.0.17.0.8-2] - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 - Update CLDR data with Europe/Kyiv (JDK-8293834) - Drop JDK-8292223 patch which we found to be unnecessary - Update TestTranslations.java to use public API based on TimeZoneNamesTest upstream - Related: rhbz#2133695 [1:11.0.17.0.8-1] - Update to jdk-11.0.17+8 (GA) - Update release notes to 11.0.17+8 - Switch to GA mode for release - Resolves: rhbz#2133695 [1:11.0.17.0.7-0.1.ea] - Update to jdk-11.0.17+7 - Update release notes to 11.0.17+7 - Resolves: rhbz#2131865 [1:11.0.17.0.1-0.1.ea] - Update to jdk-11.0.17+1 - Update release notes to 11.0.17+1 - Switch to EA mode for 11.0.17 pre-release builds. - Related: rhbz#2131865 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-21618 CVE-2022-21628 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-39399 Oracle Linux 9 [102.3.0-7.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.3.0-7] - Fix for expat CVE-2022-40674 and non functional webrtc IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-40674 Oracle Linux 9 [102.3.0-4.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.3.0-4] - Fix for expat CVE-2022-40674 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-40674 Oracle Linux 9 [102.4.0-1.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.4.0-1] - Update to 102.4.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-42929 CVE-2022-42932 CVE-2022-42927 CVE-2022-42928 Oracle Linux 9 [1.5.1-5] - Fix for CVE-2022-3515 (#2135703) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-3515 Oracle Linux 9 [102.4.0-1] - Update to 102.4.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-42929 CVE-2022-42932 CVE-2022-42927 CVE-2022-42928 CVE-2022-39236 CVE-2022-39249 CVE-2022-39250 CVE-2022-39251 Oracle Linux 9 [0.8.7-7.1] - Add 0044-multipathd-ignore-duplicated-multipathd-command-keys.patch - Resolves: bz #2133997 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-41974 Oracle Linux 9 [3.0.1-43.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.1-43] - CVE-2022-3602: X.509 Email Address Buffer Overflow - running tests Resolves: CVE-2022-3602 [1:3.0.1-42] - CVE-2022-3602: X.509 Email Address Buffer Overflow Resolves: CVE-2022-3602 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-3602 CVE-2022-3786 Oracle Linux 9 [1.2.11-32] - Fix heap-based buffer over-read or buffer overflow in inflate in inflate.c - Resolves: CVE-2022-37434 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-37434 Oracle Linux 9 [5.14.0-70.30.1.0.1_0.OL9] - lockdown: also lock down previous kgdb use (Daniel Thompson) [Orabug: 34290418] {CVE-2022-21499} [5.14.0-70.30.1_0.OL9] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 < 15.3-1.0.4 - Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944] [5.14.0-70.30.1_0] - random: trigger reseeding DRBG on more occasions (Daiki Ueno) [2128970 2125257] - random: allow reseeding DRBG with getrandom (Daiki Ueno) [2121129 2114854] - nvme-tcp: handle number of queue changes (John Meneghini) [2131360 2112025] - nvmet: expose max queues to configfs (John Meneghini) [2131360 2112025] - nvme-fabrics: parse nvme connect Linux error codes (John Meneghini) [2131360 2112025] - nvmet: revert 'nvmet: make discovery NQN configurable' (Gopal Tiwari) [2131360 2066146] - vfio/type1: Unpin zero pages (Alex Williamson) [2128791 2121855] - cifs: fix bad fids sent over wire (Ronnie Sahlberg) [2127858 2088775] - SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (Ronnie Sahlberg) [2127858 2088775] - cifs: verify that tcon is valid before dereference in cifs_kill_sb (Ronnie Sahlberg) [2127858 2048823] - cifs: release cached dentries only if mount is complete (Ronnie Sahlberg) [2127858 2048823] - cifs: we do not need a spinlock around the tree access during umount (Ronnie Sahlberg) [2127858 2048823] - cifs: fix handlecache and multiuser (Ronnie Sahlberg) [2127858 2048823] - cifs: fix workstation_name for multiuser mounts (Ronnie Sahlberg) [2127858 2048823] - cifs: free ntlmsspblob allocated in negotiate (Ronnie Sahlberg) [2127858 2048823] - cifs: fix ntlmssp auth when there is no key exchange (Ronnie Sahlberg) [2127858 2048823] - cifs: send workstation name during ntlmssp session setup (Ronnie Sahlberg) [2127858 2048823] - cifs: Fix crash on unload of cifs_arc4.ko (Ronnie Sahlberg) [2127858 2048823] - Documentation, arch: Remove leftovers from CIFS_WEAK_PW_HASH (Ronnie Sahlberg) [2127858 2048823] - cifs: fix the cifs_reconnect path for DFS (Ronnie Sahlberg) [2127858 2048823] - cifs: sanitize multiple delimiters in prepath (Ronnie Sahlberg) [2127858 2048823] - cifs: ignore resource_id while getting fscache super cookie (Ronnie Sahlberg) [2127858 2048823] - cifs: avoid use of dstaddr as key for fscache client cookie (Ronnie Sahlberg) [2127858 2048823] - cifs: add server conn_id to fscache client cookie (Ronnie Sahlberg) [2127858 2048823] - cifs: wait for tcon resource_id before getting fscache super (Ronnie Sahlberg) [2127858 2048823] - cifs: fix missed refcounting of ipc tcon (Ronnie Sahlberg) [2127858 2048823] - cifs: update internal version number (Ronnie Sahlberg) [2127858 2048823] - smb2: clarify rc initialization in smb2_reconnect (Ronnie Sahlberg) [2127858 2048823] - cifs: populate server_hostname for extra channels (Ronnie Sahlberg) [2127858 2048823] - cifs: nosharesock should be set on new server (Ronnie Sahlberg) [2127858 2048823] - cifs: introduce cifs_ses_mark_for_reconnect() helper (Ronnie Sahlberg) [2127858 2048823] - cifs: protect srv_count with cifs_tcp_ses_lock (Ronnie Sahlberg) [2127858 2048823] - cifs: move debug print out of spinlock (Ronnie Sahlberg) [2127858 2048823] - cifs: do not duplicate fscache cookie for secondary channels (Ronnie Sahlberg) [2127858 2048823] - cifs: connect individual channel servers to primary channel server (Ronnie Sahlberg) [2127858 2048823] - cifs: protect session channel fields with chan_lock (Ronnie Sahlberg) [2127858 2048823] - cifs: do not negotiate session if session already exists (Ronnie Sahlberg) [2127858 2048823] - smb3: do not setup the fscache_super_cookie until fsinfo initialized (Ronnie Sahlberg) [2127858 2048823] - cifs: fix potential use-after-free bugs (Ronnie Sahlberg) [2127858 2048823] - cifs: fix memory leak of smb3_fs_context_dup::server_hostname (Ronnie Sahlberg) [2127858 2048823] - smb3: add additional null check in SMB311_posix_mkdir (Ronnie Sahlberg) [2127858 2048823] - cifs: release lock earlier in dequeue_mid error case (Ronnie Sahlberg) [2127858 2048823] - smb3: add additional null check in SMB2_tcon (Ronnie Sahlberg) [2127858 2048823] - smb3: add additional null check in SMB2_open (Ronnie Sahlberg) [2127858 2048823] - smb3: add additional null check in SMB2_ioctl (Ronnie Sahlberg) [2127858 2048823] - smb3: remove trivial dfs compile warning (Ronnie Sahlberg) [2127858 2048823] - cifs: support nested dfs links over reconnect (Ronnie Sahlberg) [2127858 2048823] - smb3: do not error on fsync when readonly (Ronnie Sahlberg) [2127858 2048823] - cifs: for compound requests, use open handle if possible (Ronnie Sahlberg) [2127858 2048823] - cifs: set a minimum of 120s for next dns resolution (Ronnie Sahlberg) [2127858 2048823] - cifs: split out dfs code from cifs_reconnect() (Ronnie Sahlberg) [2127858 2048823] - cifs: convert list_for_each to entry variant (Ronnie Sahlberg) [2127858 2048823] - cifs: introduce new helper for cifs_reconnect() (Ronnie Sahlberg) [2127858 2048823] - cifs: fix print of hdr_flags in dfscache_proc_show() (Ronnie Sahlberg) [2127858 2048823] - cifs: nosharesock should not share socket with future sessions (Ronnie Sahlberg) [2127858 2048823] - smb3: add dynamic trace points for socket connection (Ronnie Sahlberg) [2127858 2048823] - cifs: Move SMB2_Create definitions to the shared area (Ronnie Sahlberg) [2127858 2048823] - cifs: Move more definitions into the shared area (Ronnie Sahlberg) [2127858 2048823] - cifs: move NEGOTIATE_PROTOCOL definitions out into the common area (Ronnie Sahlberg) [2127858 2048823] - cifs: Create a new shared file holding smb2 pdu definitions (Ronnie Sahlberg) [2127858 2048823] - cifs: add mount parameter tcpnodelay (Ronnie Sahlberg) [2127858 2048823] - cifs: To match file servers, make sure the server hostname matches (Ronnie Sahlberg) [2127858 2048823] - cifs: fix incorrect check for null pointer in header_assemble (Ronnie Sahlberg) [2127858 2048823] - smb3: correct server pointer dereferencing check to be more consistent (Ronnie Sahlberg) [2127858 2048823] - smb3: correct smb3 ACL security descriptor (Ronnie Sahlberg) [2127858 2048823] - cifs: Clear modified attribute bit from inode flags (Ronnie Sahlberg) [2127858 2048823] - cifs: Deal with some warnings from W=1 (Ronnie Sahlberg) [2127858 2048823] - cifs: fix a sign extension bug (Ronnie Sahlberg) [2127858 2048823] - cifs: Not to defer close on file when lock is set (Ronnie Sahlberg) [2127858 2048823] - cifs: Fix soft lockup during fsstress (Ronnie Sahlberg) [2127858 2048823] - cifs: Deferred close performance improvements (Ronnie Sahlberg) [2127858 2048823] - cifs: fix incorrect kernel doc comments (Ronnie Sahlberg) [2127858 2048823] - cifs: remove pathname for file from SPDX header (Ronnie Sahlberg) [2127858 2048823] - cifs: properly invalidate cached root handle when closing it (Ronnie Sahlberg) [2127858 2048823] - cifs: move SMB FSCTL definitions to common code (Ronnie Sahlberg) [2127858 2048823] - cifs: rename cifs_common to smbfs_common (Ronnie Sahlberg) [2127858 2048823] - cifs: cifs_md4 convert to SPDX identifier (Ronnie Sahlberg) [2127858 2048823] - cifs: create a MD4 module and switch cifs.ko to use it (Ronnie Sahlberg) [2127858 2048823] - cifs: fork arc4 and create a separate module for it for cifs and other users (Ronnie Sahlberg) [2127858 2048823] - cifs: remove support for NTLM and weaker authentication algorithms (Ronnie Sahlberg) [2127858 2048823] - cifs: update FSCTL definitions (Ronnie Sahlberg) [2127858 2048823] - cifs: Do not leak EDEADLK to dgetents64 for STATUS_USER_SESSION_DELETED (Ronnie Sahlberg) [2127858 2048823] - cifs: enable fscache usage even for files opened as rw (Ronnie Sahlberg) [2127858 2048823] - smb3: fix posix extensions mount option (Ronnie Sahlberg) [2127858 2048823] - cifs: fix wrong release in sess_alloc_buffer() failed path (Ronnie Sahlberg) [2127858 2048823] - CIFS: Fix a potencially linear read overflow (Ronnie Sahlberg) [2127858 2048823] - drm/mgag200: Select clock in PLL update functions (Herton R. Krzesinski) [2112017 2043115] - mt76: mt7921: Fix the error handling path of mt7921_pci_probe() (Inigo Huguet) [2095653 2096777] - mt76: mt7921e: fix possible probe failure after reboot (Inigo Huguet) [2095653 2065633] [5.14.0-70.29.1_0] - configs: enable CONFIG_HP_ILO for aarch64 (Mark Salter) [2129453 2126153] - KVM: x86/mmu: Don't advance iterator after restart due to yielding (Nico Pache) [2127859 2055725] - scsi: csiostor: Add module softdep on cxgb4 (Rahul Lakkireddy) [2127857 1977553] - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (Oleg Nesterov) [2127875 2121271] {CVE-2022-30594} [5.14.0-70.28.1_0] - powerpc: Enable execve syscall exit tracepoint (Steve Best) [2106661 2095526] [5.14.0-70.27.1_0] - posix-cpu-timers: Cleanup CPU timers before freeing them during exec (Wander Lairson Costa) [2116967 2116968] {CVE-2022-2585} - fix race between exit_itimers() and /proc/pid/timers (Wander Lairson Costa) [2116967 2116968] {CVE-2022-2585} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-30594 CVE-2022-2585 Oracle Linux 9 [3.9.10-3] - Security fix for CVE-2020-10735 - Fix the test suite support for Expat >= 2.4.5 Resolves: rhbz#1834423 MODERATE Copyright 2022 Oracle, Inc. CVE-2020-10735 Oracle Linux 9 [11.0.6-1.0.1] - Replaced upstream graphical references [Orabug: 33952704] [11.0.6-1] - Bug #2107335 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE [rhel-9.0.0.z] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-2414 Oracle Linux 9 [5.4.2-4.3] - Fix up CVE-2022-33099 patch [5.4.2-4.2] - Enable gating [5.4.2-4.1] - apply upstream fix for CVE-2022-33099 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-33099 Oracle Linux 9 cockpit-composer [41-1.0.1] - Make per page documentation links point to Oracle Linux [Orabug: 32013095], [Orabug:34398922] [41-1] - New upstream release [40-1] - New upstream release [39-1] - New upstream release [38-1] - New upstream release [37-1] - New upstream release [35-1] - New upstream release [34-1] - New upstream release [33-1] - Add support for OCI upload target - Update translations - Update dependencies [32-1] - Add Edge Raw, RHEL Installer, Edge Simplified Installer image types - Improve user account modal responsiveness - Update tests - Update minor NPM dependencies - Update translation files [31-1] - Add new ostree image types - Improve loading state when waiting for api responses - Improve notification system - Improve test stability - Update NPM dependencies - Update translations [30-3] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [30-2] - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 [30-1] - Add and update translations - Update NPM dependencies - Improve test reliability [28-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild [28-1] - Use sentence case rather than title case - Add and update tests - Update translations from weblate - Update minor NPM dependencies [27-1] - Improve test reliability - Update translations from weblate - Update minor NPM dependencies [26-1] - Add additional form validation for the Create Image Wizard - Improve page size dropdown styling - Update minor NPM dependencies - Improve code styling - Improve test reliability osbuild [65-1] - New upstream release [64-1] - New upstream release [63-1] - New upstream release [62-1] - New upstream release [61-1] - New upstream release [60-1] - New upstream release [59-1] - New upstream release [58-1] - New upstream release [57-1] - New upstream release [56-1] - New upstream release [55-1] - New upstream release [54-1] - New upstream release [53-1] - New upstream release [52-1] - New upstream release [50-1] - New upstream release [49-1] - New upstream release [48-1] - New upstream release [47-1] - New upstream release [46-1] - New upstream release [45-1] - New upstream release [44-1] - New upstream release [43-1] - New upstream release [42-1] - New upstream release [39-1] - New upstream release [35-1] - Upstream release 35 [34-1] - Upstream release 34 [33-1] - Upstream release 33 [32-1] - Upstream release 32 [31-1] - Upstream release 31 [30-1] - Upstream release 30 - Many new stages for building ostree-based raw images - Bootiso.mono stage was deprecated and split into smaller stages - Mounts are now represented as an array in a manifest - Various bug fixes and improvements to various stages [29-2] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [29-1] - Upstream release 29 - Adds host services - Adds modprobe and logind stage [27-3] - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 [27-2] - Include Fedora 35 runner (upstream commit 337e0f0) [27-1] - Upstream release 27 - Various bug fixes related to the new container and installer stages introdcued in version 25 and 26. [26-1] - Upstream release 26 - Support for building boot isos - Grub stage gained support for saved_entry to fix grub tooling [25-1] - Upstream release 25 - First tech preview of the new manifest format. Includes various new stages and inputs to be able to build ostree commits contained in a oci archive. [24-1] - Upstream release 24 - Turn on dependency generator for everything but runners - Include new input binaries [23-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild [23-1] - Upstream release 23 - Do not mangle shebangs for assemblers, runners & stages. [22-1] - Upstream release 22 [21-1] - Upstream reelase 21 osbuild-composer [62.1-1] - New upstream release [62-1] - New upstream release [60-1] - New upstream release [59-1] - New upstream release [58-1] - New upstream release [57-1] - New upstream release [55-1] - New upstream release [54-1] - New upstream release [53-1] - New upstream release [51-1] - New upstream release [46-1] - New upstream release [45-1] - New upstream release [44-1] - New upstream release [43-1] - New upstream release [42-1] - New upstream release [41-1] - New upstream release [40-1] - New upstream release [39-1] - New upstream release [38-1] - New upstream release * Tue Nov 02 2021 lavocatt - 37-1 - New upstream release [36-1] - New upstream release [33-1] - New upstream release [32-1] - New upstream release [31-1] - New upstream release [30-2] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [30-1] - New upstream release [29-3] - Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065 [29-2] - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 [29-1] - New upstream release [28-1] - New upstream release [27-1] - New upstream release [26-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild [26-2] - Fix the compatibility with a new golang-github-azure-storage-blob 0.12 [26-1] - New upstream release [25-1] - New upstream release [24-1] - New upstream release [23-1] - New upstream release [22-1] - New upstream release weldr-client [35.5-4] - tests: Add osbuild-composer repo file for RHEL 9.1 Related: rhbz#2118831 [35.5-3] - tests: Update tests for osbuild composer changes Resolves: rhbz#2118831 LOW Copyright 2022 Oracle, Inc. CVE-2022-32189 Oracle Linux 9 [2:4.2.0-3.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404] [2:4.2.0-3] - fix dependency in test subpackage - Related: #2061316 [2:4.2.0-2] - readd catatonit - Related: #2061316 [2:4.2.0-1] - update to latest content of https://github.com/containers/podman/releases/tag/4.2.0 (https://github.com/containers/podman/commit/7fe5a419cfd2880df2028ad3d7fd9378a88a04f4) - Related: #2061316 [2:4.2.0-0.3rc3] - require catatonit for gating tests - Related: #2061316 [2:4.2.0-0.2rc3] - update to 4.2.0-rc3 - Related: #2061316 [2:4.2.0-0.1rc2] - update to 4.2.0-rc2 - Related: #2061316 [2:4.1.1-6] - convert catatonit dependency to soft dep as catatonit is no longer in Appstream but in CRB - Related: #2061316 [2:4.1.1-5] - rebuild for combined gating with catatonit - Related: #2097694 [2:4.1.1-4] - catatonit is now a standalone package - Related: #2097694 [2:4.1.1-3] - update to the latest content of https://github.com/containers/podman/tree/v4.1.1-rhel (https://github.com/containers/podman/commit/fa692a6) - Related: #2097694 [2:4.1.1-2] - be sure podman services/sockets are stopped upon package removal - Related: #2061316 MODERATE Copyright 2022 Oracle, Inc. CVE-2020-28851 CVE-2021-20291 CVE-2021-20199 CVE-2020-28852 CVE-2021-4024 CVE-2021-33197 CVE-2021-34558 CVE-2022-27191 Oracle Linux 9 [2:1.9.2-1] - update to https://github.com/containers/skopeo/releases/tag/v1.9.2 - Related: #2061316 [2:1.9.1-1] - update to https://github.com/containers/skopeo/releases/tag/v1.9.1 - Related: #2061316 [2:1.9.0-1] - update to https://github.com/containers/skopeo/releases/tag/v1.9.0 - Related: #2061316 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-33198 CVE-2021-20291 Oracle Linux 9 [1.48.4-2.0.1] - Add btrfs-progs to the packages installed in the appliance [Orabug: 34137448] - Replace upstream references from a description tag - Fix build on Oracle Linux [Orabug: 29319324] - Set DISTRO_ORACLE_LINUX correspeonding to ol [1:1.48.4-2] - Rebase to new stable branch version 1.48.4 resolves: rhbz#2059285 - Disable 5-level page tables when using -cpu max resolves: rhbz#2084568 - SELinux relabelling should not stop on ext4 immutable bits resolves: rhbz#1794518 - Ignore iface in add-drive variants resolves: rhbz#1844341 - Lift protocol limit on guestfs_readdir() resolves: rhbz#1674392 - Check return values from librpm calls (2089623) - Document limitations of encrypted RBD disks resolves: rhbz#2033247 - Fix lvm-set-filter failed in guestfish with the latest lvm2 package resolves: rhbz#1965941 - Enable PHP bindings resolves: rhbz#2097718 - Add support for Clevis & Tang resolves: rhbz#1809453 - Fix CVE-2022-2211 Denial of Service in --key parameter resolves: rhbz#2101281 - Add clevis-luks to BRs, required for Clevis & Tang related: rhbz#1809453 - Add zstd support to guestfs_file_architecture resolves: rhbz#2117004 [1:1.48.0-2] - Disable signature checking in librpm resolves: rhbz#2065172 [1:1.48.0-1] - Rebase to new stable branch version 1.48.0 resolves: rhbz#2059285 LOW Copyright 2022 Oracle, Inc. CVE-2022-2211 Oracle Linux 9 [1.48.2-5] - Rebase to guestfs-tools 1.48.2 resolves: rhbz#2059286 - Default to --selinux-relabel in various tools resolves: rhbz#2075718, rhbz#2089748 - Add lvm system.devices cleanup operation to virt-sysprep resolves: rhbz#2072493 - Refactor virt-customize --install, --update options in common submodule - Add support for Clevis & Tang resolves: rhbz#1809453 - Fix CVE-2022-2211 Denial of Service in --key parameter resolves: rhbz#2102721 - Fix virt-sysprep and LUKS-on-LVM guests resolves: rhbz#2106286 LOW Copyright 2022 Oracle, Inc. CVE-2022-2211 Oracle Linux 9 [7.0.0-13] - kvm-i386-reset-KVM-nested-state-upon-CPU-reset.patch [bz#2117546] - kvm-i386-do-kvm_put_msr_feature_control-first-thing-when.patch [bz#2117546] - Resolves: bz#2117546 ([RHEL9.1] Guests in VMX root operation fail to reboot with QEMUs system_reset command) [7.0.0-12] - kvm-scsi-generic-Fix-emulated-block-limits-VPD-page.patch [bz#2120275] - kvm-vhost-Get-vring-base-from-vq-not-svq.patch [bz#2114060] - kvm-vdpa-Skip-the-maps-not-in-the-iova-tree.patch [bz#2114060] - kvm-vdpa-do-not-save-failed-dma-maps-in-SVQ-iova-tree.patch [bz#2114060] - kvm-util-Return-void-on-iova_tree_remove.patch [bz#2114060] - kvm-util-accept-iova_tree_remove_parameter-by-value.patch [bz#2114060] - kvm-vdpa-Remove-SVQ-vring-from-iova_tree-at-shutdown.patch [bz#2114060] - kvm-vdpa-Make-SVQ-vring-unmapping-return-void.patch [bz#2114060] - kvm-vhost-Always-store-new-kick-fd-on-vhost_svq_set_svq_.patch [bz#2114060] - kvm-vdpa-Use-ring-hwaddr-at-vhost_vdpa_svq_unmap_ring.patch [bz#2114060] - kvm-vhost-stop-transfer-elem-ownership-in-vhost_handle_g.patch [bz#2114060] - kvm-vhost-use-SVQ-element-ndescs-instead-of-opaque-data-.patch [bz#2114060] - kvm-vhost-Delete-useless-read-memory-barrier.patch [bz#2114060] - kvm-vhost-Do-not-depend-on-NULL-VirtQueueElement-on-vhos.patch [bz#2114060] - kvm-vhost_net-Add-NetClientInfo-start-callback.patch [bz#2114060] - kvm-vhost_net-Add-NetClientInfo-stop-callback.patch [bz#2114060] - kvm-vdpa-add-net_vhost_vdpa_cvq_info-NetClientInfo.patch [bz#2114060] - kvm-vdpa-Move-command-buffers-map-to-start-of-net-device.patch [bz#2114060] - kvm-vdpa-extract-vhost_vdpa_net_cvq_add-from-vhost_vdpa_.patch [bz#2114060] - kvm-vhost_net-add-NetClientState-load-callback.patch [bz#2114060] - kvm-vdpa-Add-virtio-net-mac-address-via-CVQ-at-start.patch [bz#2114060] - kvm-vdpa-Delete-CVQ-migration-blocker.patch [bz#2114060] - kvm-virtio-scsi-fix-race-in-virtio_scsi_dataplane_start.patch [bz#2099541] - Resolves: bz#2120275 (Wrong max_sectors_kb and Maximum transfer length on the pass-through device [rhel-9.1]) - Resolves: bz#2114060 (vDPA state restore support through control virtqueue in Qemu) - Resolves: bz#2099541 (qemu coredump with error Assertion qemu_mutex_iothread_locked() failed when repeatly hotplug/unplug disks in pause status) [7.0.0-11] - kvm-QIOChannelSocket-Fix-zero-copy-flush-returning-code-.patch [bz#2107466] - kvm-Add-dirty-sync-missed-zero-copy-migration-stat.patch [bz#2107466] - kvm-migration-multifd-Report-to-user-when-zerocopy-not-w.patch [bz#2107466] - kvm-migration-Avoid-false-positive-on-non-supported-scen.patch [bz#2107466] - kvm-migration-add-remaining-params-has_-true-in-migratio.patch [bz#2107466] - kvm-QIOChannelSocket-Add-support-for-MSG_ZEROCOPY-IPV6.patch [bz#2107466] - kvm-pc-bios-s390-ccw-Fix-booting-with-logical-block-size.patch [bz#2112303] - kvm-vdpa-Fix-bad-index-calculus-at-vhost_vdpa_get_vring_.patch [bz#2116876] - kvm-vdpa-Fix-index-calculus-at-vhost_vdpa_svqs_start.patch [bz#2116876] - kvm-vdpa-Fix-memory-listener-deletions-of-iova-tree.patch [bz#2116876] - kvm-vdpa-Fix-file-descriptor-leak-on-get-features-error.patch [bz#2116876] - Resolves: bz#2107466 (zerocopy capability can be enabled when set migrate capabilities with multifd and compress/xbzrle together) - Resolves: bz#2112303 (virtio-blk: Cant boot fresh installation from used 512 cluster_size image under certain conditions) - Resolves: bz#2116876 (Fixes for vDPA control virtqueue support in Qemu) [7.0.0-10] - kvm-vhost-Track-descriptor-chain-in-private-at-SVQ.patch [bz#1939363] - kvm-vhost-Fix-device-s-used-descriptor-dequeue.patch [bz#1939363] - kvm-hw-virtio-Replace-g_memdup-by-g_memdup2.patch [bz#1939363] - kvm-vhost-Fix-element-in-vhost_svq_add-failure.patch [bz#1939363] - kvm-meson-create-have_vhost_-variables.patch [bz#1939363] - kvm-meson-use-have_vhost_-variables-to-pick-sources.patch [bz#1939363] - kvm-vhost-move-descriptor-translation-to-vhost_svq_vring.patch [bz#1939363] - kvm-virtio-net-Expose-MAC_TABLE_ENTRIES.patch [bz#1939363] - kvm-virtio-net-Expose-ctrl-virtqueue-logic.patch [bz#1939363] - kvm-vdpa-Avoid-compiler-to-squash-reads-to-used-idx.patch [bz#1939363] - kvm-vhost-Reorder-vhost_svq_kick.patch [bz#1939363] - kvm-vhost-Move-vhost_svq_kick-call-to-vhost_svq_add.patch [bz#1939363] - kvm-vhost-Check-for-queue-full-at-vhost_svq_add.patch [bz#1939363] - kvm-vhost-Decouple-vhost_svq_add-from-VirtQueueElement.patch [bz#1939363] - kvm-vhost-Add-SVQDescState.patch [bz#1939363] - kvm-vhost-Track-number-of-descs-in-SVQDescState.patch [bz#1939363] - kvm-vhost-add-vhost_svq_push_elem.patch [bz#1939363] - kvm-vhost-Expose-vhost_svq_add.patch [bz#1939363] - kvm-vhost-add-vhost_svq_poll.patch [bz#1939363] - kvm-vhost-Add-svq-avail_handler-callback.patch [bz#1939363] - kvm-vdpa-Export-vhost_vdpa_dma_map-and-unmap-calls.patch [bz#1939363] - kvm-vhost-net-vdpa-add-stubs-for-when-no-virtio-net-devi.patch [bz#1939363] - kvm-vdpa-manual-forward-CVQ-buffers.patch [bz#1939363] - kvm-vdpa-Buffer-CVQ-support-on-shadow-virtqueue.patch [bz#1939363] - kvm-vdpa-Extract-get-features-part-from-vhost_vdpa_get_m.patch [bz#1939363] - kvm-vdpa-Add-device-migration-blocker.patch [bz#1939363] - kvm-vdpa-Add-x-svq-to-NetdevVhostVDPAOptions.patch [bz#1939363] - kvm-redhat-Update-linux-headers-linux-kvm.h-to-v5.18-rc6.patch [bz#2111994] - kvm-target-s390x-kvm-Honor-storage-keys-during-emulation.patch [bz#2111994] - kvm-kvm-don-t-use-perror-without-useful-errno.patch [bz#2095608] - kvm-multifd-Copy-pages-before-compressing-them-with-zlib.patch [bz#2099934] - kvm-Revert-migration-Simplify-unqueue_page.patch [bz#2099934] - Resolves: bz#1939363 (vDPA control virtqueue support in Qemu) - Resolves: bz#2111994 (RHEL9: skey test in kvm_unit_test got failed) - Resolves: bz#2095608 (Please correct the error message when try to start qemu with -M kernel-irqchip=split) - Resolves: bz#2099934 (Guest reboot on destination host after postcopy migration completed) [7.0.0-9] - kvm-virtio-iommu-Add-bypass-mode-support-to-assigned-dev.patch [bz#2100106] - kvm-virtio-iommu-Use-recursive-lock-to-avoid-deadlock.patch [bz#2100106] - kvm-virtio-iommu-Add-an-assert-check-in-translate-routin.patch [bz#2100106] - kvm-virtio-iommu-Fix-the-partial-copy-of-probe-request.patch [bz#2100106] - kvm-virtio-iommu-Fix-migration-regression.patch [bz#2100106] - kvm-pc-bios-s390-ccw-virtio-Introduce-a-macro-for-the-DA.patch [bz#2098077] - kvm-pc-bios-s390-ccw-bootmap-Improve-the-guessing-logic-.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-blkdev-Simplify-fix-virtio_i.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-blkdev-Remove-virtio_assume_.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-Set-missing-status-bits-whil.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-Read-device-config-after-fea.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-Beautify-the-code-for-readin.patch [bz#2098077] - kvm-pc-bios-s390-ccw-Split-virtio-scsi-code-from-virtio_.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-blkdev-Request-the-right-fea.patch [bz#2098077] - kvm-pc-bios-s390-ccw-netboot.mak-Ignore-Clang-s-warnings.patch [bz#2098077] - kvm-hw-block-fdc-Prevent-end-of-track-overrun-CVE-2021-3.patch [bz#1951522] - kvm-tests-qtest-fdc-test-Add-a-regression-test-for-CVE-2.patch [bz#1951522] - Resolves: bz#2100106 (Fix virtio-iommu/vfio bypass) - Resolves: bz#2098077 (virtio-blk: Cant boot fresh installation from used virtio-blk dasd disk under certain conditions) - Resolves: bz#1951522 (CVE-2021-3507 qemu-kvm: QEMU: fdc: heap buffer overflow in DMA read data transfers [rhel-9.0]) [7.0.0-8] - kvm-tests-avocado-update-aarch64_virt-test-to-exercise-c.patch [bz#2060839] - kvm-RHEL-only-tests-avocado-Switch-aarch64-tests-from-a5.patch [bz#2060839] - kvm-RHEL-only-AArch64-Drop-unsupported-CPU-types.patch [bz#2060839] - kvm-target-i386-deprecate-CPUs-older-than-x86_64-v2-ABI.patch [bz#2060839] - kvm-target-s390x-deprecate-CPUs-older-than-z14.patch [bz#2060839] - kvm-target-arm-deprecate-named-CPU-models.patch [bz#2060839] - kvm-meson.build-Fix-docker-test-build-alpine-when-includ.patch [bz#1968509] - kvm-QIOChannel-Add-flags-on-io_writev-and-introduce-io_f.patch [bz#1968509] - kvm-QIOChannelSocket-Implement-io_writev-zero-copy-flag-.patch [bz#1968509] - kvm-migration-Add-zero-copy-send-parameter-for-QMP-HMP-f.patch [bz#1968509] - kvm-migration-Add-migrate_use_tls-helper.patch [bz#1968509] - kvm-multifd-multifd_send_sync_main-now-returns-negative-.patch [bz#1968509] - kvm-multifd-Send-header-packet-without-flags-if-zero-cop.patch [bz#1968509] - kvm-multifd-Implement-zero-copy-write-in-multifd-migrati.patch [bz#1968509] - kvm-QIOChannelSocket-Introduce-assert-and-reduce-ifdefs-.patch [bz#1968509] - kvm-QIOChannelSocket-Fix-zero-copy-send-so-socket-flush-.patch [bz#1968509] - kvm-migration-Change-zero_copy_send-from-migration-param.patch [bz#1968509] - kvm-migration-Allow-migrate-recover-to-run-multiple-time.patch [bz#2096143] - Resolves: bz#2060839 (Consider deprecating CPU models like kvm64 / qemu64 on RHEL 9) - Resolves: bz#1968509 (Use MSG_ZEROCOPY on QEMU Live Migration) - Resolves: bz#2096143 (The migration port is not released if use it again for recovering postcopy migration) [7.0.0-7] - kvm-coroutine-ucontext-use-QEMU_DEFINE_STATIC_CO_TLS.patch [bz#1952483] - kvm-coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch [bz#1952483] - kvm-coroutine-win32-use-QEMU_DEFINE_STATIC_CO_TLS.patch [bz#1952483] - kvm-Enable-virtio-iommu-pci-on-x86_64.patch [bz#2094252] - kvm-linux-aio-fix-unbalanced-plugged-counter-in-laio_io_.patch [bz#2092788] - kvm-linux-aio-explain-why-max-batch-is-checked-in-laio_i.patch [bz#2092788] - Resolves: bz#1952483 (RFE: QEMUs coroutines fail with CFLAGS=-flto on non-x86_64 architectures) - Resolves: bz#2094252 (Compile the virtio-iommu device on x86_64) - Resolves: bz#2092788 (Stalled IO Operations in VM) [7.0.0-6] - kvm-Introduce-event-loop-base-abstract-class.patch [bz#2031024] - kvm-util-main-loop-Introduce-the-main-loop-into-QOM.patch [bz#2031024] - kvm-util-event-loop-base-Introduce-options-to-set-the-th.patch [bz#2031024] - kvm-qcow2-Improve-refcount-structure-rebuilding.patch [bz#2072379] - kvm-iotests-108-Test-new-refcount-rebuild-algorithm.patch [bz#2072379] - kvm-qcow2-Add-errp-to-rebuild_refcount_structure.patch [bz#2072379] - kvm-iotests-108-Fix-when-missing-user_allow_other.patch [bz#2072379] - kvm-virtio-net-setup-vhost_dev-and-notifiers-for-cvq-onl.patch [bz#2070804] - kvm-virtio-net-align-ctrl_vq-index-for-non-mq-guest-for-.patch [bz#2070804] - kvm-vhost-vdpa-fix-improper-cleanup-in-net_init_vhost_vd.patch [bz#2070804] - kvm-vhost-net-fix-improper-cleanup-in-vhost_net_start.patch [bz#2070804] - kvm-vhost-vdpa-backend-feature-should-set-only-once.patch [bz#2070804] - kvm-vhost-vdpa-change-name-and-polarity-for-vhost_vdpa_o.patch [bz#2070804] - kvm-virtio-net-don-t-handle-mq-request-in-userspace-hand.patch [bz#2070804] - kvm-Revert-globally-limit-the-maximum-number-of-CPUs.patch [bz#2094270] - kvm-vfio-common-remove-spurious-warning-on-vfio_listener.patch [bz#2086262] - Resolves: bz#2031024 (Add support for fixing thread pool size [QEMU]) - Resolves: bz#2072379 (Fail to rebuild the reference count tables of qcow2 image on host block devices (e.g. LVs)) - Resolves: bz#2070804 (PXE boot crash qemu when using multiqueue vDPA) - Resolves: bz#2094270 (Do not set the hard vCPU limit to the soft vCPU limit in downstream qemu-kvm anymore) - Resolves: bz#2086262 ([Win11][tpm]vfio_listener_region_del received unaligned region) [7.0.0-5] - kvm-qemu-nbd-Pass-max-connections-to-blockdev-layer.patch [bz#1708300] - kvm-nbd-server-Allow-MULTI_CONN-for-shared-writable-expo.patch [bz#1708300] - Resolves: bz#1708300 (RFE: qemu-nbd vs NBD_FLAG_CAN_MULTI_CONN) [7.0.0-4] - kvm-qapi-machine.json-Add-cluster-id.patch [bz#2041823] - kvm-qtest-numa-test-Specify-CPU-topology-in-aarch64_numa.patch [bz#2041823] - kvm-hw-arm-virt-Consider-SMP-configuration-in-CPU-topolo.patch [bz#2041823] - kvm-qtest-numa-test-Correct-CPU-and-NUMA-association-in-.patch [bz#2041823] - kvm-hw-arm-virt-Fix-CPU-s-default-NUMA-node-ID.patch [bz#2041823] - kvm-hw-acpi-aml-build-Use-existing-CPU-topology-to-build.patch [bz#2041823] - kvm-coroutine-Rename-qemu_coroutine_inc-dec_pool_size.patch [bz#2079938] - kvm-coroutine-Revert-to-constant-batch-size.patch [bz#2079938] - kvm-virtio-scsi-fix-ctrl-and-event-handler-functions-in-.patch [bz#2079347] - kvm-virtio-scsi-don-t-waste-CPU-polling-the-event-virtqu.patch [bz#2079347] - kvm-virtio-scsi-clean-up-virtio_scsi_handle_event_vq.patch [bz#2079347] - kvm-virtio-scsi-clean-up-virtio_scsi_handle_ctrl_vq.patch [bz#2079347] - kvm-virtio-scsi-clean-up-virtio_scsi_handle_cmd_vq.patch [bz#2079347] - kvm-virtio-scsi-move-request-related-items-from-.h-to-.c.patch [bz#2079347] - kvm-Revert-virtio-scsi-Reject-scsi-cd-if-data-plane-enab.patch [bz#1995710] - kvm-migration-Fix-operator-type.patch [bz#2064530] - Resolves: bz#2041823 ([aarch64][numa] When there are at least 6 Numa nodes serial log shows arch topology borken) - Resolves: bz#2079938 (qemu coredump when boot with multi disks (qemu) failed to set up stack guard page: Cannot allocate memory) - Resolves: bz#2079347 (Guest boot blocked when scsi disks using same iothread and 100% CPU consumption) - Resolves: bz#1995710 (RFE: Allow virtio-scsi CD-ROM media change with IOThreads) - Resolves: bz#2064530 (Rebuild qemu-kvm with clang-14) [7.0.0-3] - kvm-hw-arm-virt-Remove-the-dtb-kaslr-seed-machine-option.patch [bz#2046029] - kvm-hw-arm-virt-Fix-missing-initialization-in-instance-c.patch [bz#2046029] - kvm-Enable-virtio-iommu-pci-on-aarch64.patch [bz#1477099] - kvm-sysemu-tpm-Add-a-stub-function-for-TPM_IS_CRB.patch [bz#2037612] - kvm-vfio-common-remove-spurious-tpm-crb-cmd-misalignment.patch [bz#2037612] - Resolves: bz#2046029 ([WRB] New machine type property - dtb-kaslr-seed) - Resolves: bz#1477099 (virtio-iommu (including ACPI, VHOST/VFIO integration, migration support)) - Resolves: bz#2037612 ([Win11][tpm][QL41112 PF] vfio_listener_region_add received unaligned region) [7.0.0-2] - kvm-configs-devices-aarch64-softmmu-Enable-CONFIG_VIRTIO.patch [bz#2044162] - kvm-target-ppc-cpu-models-Fix-ppc_cpu_aliases-list-for-R.patch [bz#2081022] - Resolves: bz#2044162 ([RHEL9.1] Enable virtio-mem as tech-preview on ARM64 QEMU) - Resolves: bz#2081022 (Build regression on ppc64le with c9s qemu-kvm 7.0.0-1 changes) [7.0.0-1] - Rebase to QEMU 7.0.0 [bz#2064757] - Do not build ssh block driver anymore [bz#2064500] - Removed hpet and parallel port support [bz#2065042] - Compatibility support [bz#2064782 bz#2064771] - Resolves: bz#2064757 (Rebase to QEMU 7.0.0) - Resolves: bz#2064500 (Install qemu-kvm-6.2.0-11.el9_0.1 failed as conflict with qemu-kvm-block-ssh-6.2.0-11.el9_0.1) - Resolves: bz#2065042 (Remove upstream-only devices from the qemu-kvm binary) - Resolves: bz#2064782 (Update machine type compatibility for QEMU 7.0.0 update [s390x]) - Resolves: bz#2064771 (Update machine type compatibility for QEMU 7.0.0 update [x86_64]) MODERATE Copyright 2022 Oracle, Inc. CVE-2021-3750 CVE-2021-3507 CVE-2021-3611 CVE-2021-4158 Oracle Linux 9 [2.0.7-6.0.1] - Replaced bugzilla.oracle.com references [Orabug: 34202300] - replaced upstream references [Orabug:34089586] [1:2.0.7-6] - Install qemu-ga package during conversion resolves: rhbz#2028764 [1:2.0.7-5] - Remove LVM2 devices file during conversion resolves: rhbz#2112801 - Add support for Zstandard compressed kernel modules resolves: rhbz#2116811 [1:2.0.7-4] - Remove legacy crypto advice and replace with targeted mechanism resolves: rhbz#2062360 [1:2.0.7-3] - relax qemu64 VCPU feature checking in the libvirt output resolves rhbz#2107503 [1:2.0.7-2] - Rebase to stable branch version 2.0.7 resolves: rhbz#2059287, rhbz#1658126, rhbz#1788823, rhbz#1854275 - Fix openssh-clients dependency resolves: rhbz#2064178 - Fix security issue when running virt-v2v as root resolves: rhbz#2066773 - Remove -o json mode resolves: rhbz#2074026 - Allow conversion of guests with NVMe drives from VMX files resolves: rhbz#2070530 - Cleanly reject guests with snapshots when using -it ssh resolves: rhbz#1774386 - Document that vmx+ssh -ip auth doesnt cover ssh / scp shell commands resolves: rhbz#1854275 - Fix conversion if swap partition isnt encrypted with root directory resolves: rhbz#1658128 - Document permissions when importing OVA using RHV UI resolves: rhbz#2039597 - Multiple fixes for -o qemu mode resolves: rhbz#2074805 - Work around blocking bug in OpenStack resolves: rhbz#2074801 - If multiple open-vm-tools packages are installed, remove all (2076436) - For -o rhv-upload wait for VM creation task resolves: rhbz#1985830 - For -i vmx add full support for SATA hard disks resolves: rhbz#1883802 - Fix booting of RHEL 9.1 guests after conversion resolves: rhbz#2076013 - Fix -o qemu warning resolves: rhbz#2082603 - If listing RPM applications fails, rebuild DB and retry (2089623) - Document -i vmx -it ssh percent encoding in ssh URIs resolves: rhbz#1938954 - Document extra permissions needed for VMware 7 (1817050) - Remove osprober devices left around by grub2 resolves: rhbz#2003503 - Add Requires python3 / platform-python resolves: rhbz#2094779 - Fix CVE-2022-2211 Denial of Service in --key parameter resolves: rhbz#2102719 - Add -oo compressed support resolves: rhbz#2047660 - Limit the maximum of disks per guest resolves: rhbz#2051564 - Add support for LUKS encrypted guests using Clevis & Tang resolves: rhbz#1809453 - Fix remapping of nvme devices in /boot/grub2/device.map resolves: rhbz#2101665 - Improve documentation of vmx+ssh and -ip option resolves: rhbz#1854275 - Fix race condition when unmounting in -o rhv mode (1953286#c26) [1:1.45.99-1] - Rebase to upstream 1.45.99. - Add check for sufficient free space in the host resolves: rhbz#2051394 - Update documentation of -ip for conversions from VMware over HTTPS related: rhbz#1960087 - -o rhv-upload: Keep connections alive resolves: rhbz#2032324 - -o rhv-upload: Improve conversion performance resolves: rhbz#2039255 - -o rhv-upload: Replace -oo rhv-direct with -oo rhv-proxy resolves: rhbz#2033096 - Fix log line wrapping making log parsing difficult (1820221) [1:1.45.97-4] - v2v import from vCenter fails when using interactive password because cookie-script tries to be interactive (pick commit 8abc07a8589a) resolves: rhbz#1960087 - model=virtio-transitional is wrongly added when converting windows guest to local by rhel9 v2v (pick commit range commit range 8abc07a8589a..cacedec64072) resolves: rhbz#2043333 [1:1.45.97-3] - Rebase to upstream 1.45.97. resolves: rhbz#2011713 - Add virtio-transitional for older guests when converting to q35 resolves: rhbz#1942325 - Fix -o rhv mode resolves: rhbz#2027598 - input: xen: Fix assertion error when importing from remote block device resolves: rhbz#2041852 - output: -o json: Allow -oo (output options) to work resolves: rhbz#2041850 - Fix virt-v2v hang when given incorrect vpx:// URL resolves: rhbz#2041886 - Fix hang when converting with virt-p2v resolves: rhbz#2044911 - Send nbdinfo debugging information to stderr resolves: rhbz#2044922 - Explicitly require platform-python resolves: rhbz#2046178 [1:1.45.95-3] - output_rhv: restrict block status collection to the old RHV output - Rebase from upstream commit 702a511b7f33 to direct child commit 07b12fe99fb9 resolves: rhbz#2034240 [1:1.45.95-2] - Rebase to upstream 1.45.95. - Change video type to VGA (instead of QXL). - Remove --in-place support properly. - Remove -o glance support properly. - Fix quoting with openssh >= 8.7 (RHEL) / 8.8 - Fix q35 error IDE controllers are unsupported - Add virt-v2v and libvirt version in debug output - Fix -o rhv output mode showing no guests listed resolves: rhbz#2011713, rhbz#1961107, rhbz#2027673, rhbz#1637857, rhbz#2032112, rhbz#2027598 [1:1.45.3-3] - Fix conversion of Windows BitLocker guests resolves: rhbz#1994984 [1:1.45.3-2] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [1:1.45.3-1] - New upstream development version 1.45.3. - Rebase RHEL patches. resolves: rhbz#1950634 [1:1.45.2-1] - New upstream development version 1.45.2. - Remove --debug-overlays and --print-estimate options. - Remove -o glance option on RHEL 9 (RHBZ#1977539). - Remove support for RHEV-APT (RHBZ#1945549). [1:1.45.1-1.el9.1] - New upstream development version 1.45.1. - Require virtio-win on RHEL (RHBZ#1972644). - v2v-test-harness, virt-v2v-copy-to-local have been removed upstream. [1:1.44.0-2] - nbdkit-vddk-plugin dep only exists on x86-64. [1:1.44.0-1.el9.1] - Rebuild in RHEL 9 against libguestfs 1.45.5 resolves: rhbz#1959042 [1:1.44.0-1] - New upstream stable branch version 1.44.0. [1:1.43.5-1] - New upstream version 1.43.5. [1:1.43.4-5] - Add upstream patch to depend on xorriso. - Change libguestfs-tools-c -> guestfs-tools. [1:1.43.4-3] - Add downstream (RHEL-only) patches (RHBZ#1931724). [1:1.43.4-2] - Bump and rebuild for ocaml-gettext update. [1:1.43.4-1] - New upstream version 1.43.4. [1:1.43.3-4] - OCaml 4.12.0 build [1:1.43.3-3] - Add fix for OCaml 4.12. [1:1.43.3-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild [1:1.43.3-1] - New upstream version 1.43.3. [1:1.43.2-3] - Drop obsolete virt-v2v-copy-to-local tool for Fedora 34 and RHEL 9. [1:1.43.2-2] - Unify Fedora and RHEL spec files. [1:1.43.2-1] - New upstream version 1.43.2. LOW Copyright 2022 Oracle, Inc. CVE-2022-2211 Oracle Linux 9 [3.14.0-13] - Rebuilt for test fixes [3.14.0-12] - Rebuilt for test fixes [3.14.0-11] - Applied patch for for CVE-2021-22570 (#2055641) MODERATE Copyright 2022 Oracle, Inc. CVE-2021-22570 Oracle Linux 9 [2:2.99.8-3] - fix CVE-2022-30067 - fix CVE-2022-32990 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-32990 CVE-2022-30067 Oracle Linux 9 [1.2.0-11] - CVE-2020-23903 speex: divide by zero in read_samples() via crafted WAV file - Resolves: CVE-2020-23903 LOW Copyright 2022 Oracle, Inc. CVE-2020-23903 Oracle Linux 9 [8.5.0-7.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] [8.5.0-7] - security_selinux: Dont ignore NVMe disks when setting image label (rhbz#2121441) [8.5.0-6] - qemu_process: Destroy domains namespace after killing QEMU (rhbz#2121141) [8.5.0-5] - rpc: Pass OPENSSL_CONF through to ssh invocations (rhbz#2112348) [8.5.0-4] - qemu: Pass migration flags to qemuMigrationParamsApply (rhbz#2111070) - qemu_migration_params: Replace qemuMigrationParamTypes array (rhbz#2111070) - qemu_migration: Pass migParams to qemuMigrationSrcResume (rhbz#2111070) - qemu_migration: Apply max-postcopy-bandwidth on post-copy resume (rhbz#2111070) - qemu: Always assume support for QEMU_CAPS_MIGRATION_PARAM_XBZRLE_CACHE_SIZE (rhbz#2107892) - qemu_migration: Store original migration params in status XML (rhbz#2107892) - qemu_migration_params: Refactor qemuMigrationParamsApply (rhbz#2107892) - qemu_migration_params: Refactor qemuMigrationParamsReset (rhbz#2107892) - qemu_migration_params: Avoid deadlock in qemuMigrationParamsReset (rhbz#2107892) - qemu: Restore original memory locking limit on reconnect (rhbz#2107424) - qemu: Properly release job in qemuDomainSaveInternal (rhbz#1497907) - qemu: dont call qemuMigrationSrcIsAllowedHostdev() from qemuMigrationDstPrepareFresh() (rhbz#1497907) [8.5.0-3] - qemu: introduce capability QEMU_CAPS_MIGRATION_BLOCKED_REASONS (rhbz#2092833) - qemu: new function to retrieve migration blocker reasons from QEMU (rhbz#2092833) - qemu: query QEMU for migration blockers before our own harcoded checks (rhbz#2092833) - qemu: remove hardcoded migration fail for vDPA devices if we can ask QEMU (rhbz#2092833) - qemu_migration: Use EnterMonitorAsync in qemuDomainGetMigrationBlockers (rhbz#2092833) - qemu: dont try to query QEMU about migration blockers during offline migration (rhbz#2092833) - qemu_migration: Acquire correct job in qemuMigrationSrcIsAllowed (rhbz#2092833) - virsh: Require --xpath for *dumpxml (rhbz#2103524) - qemu: skip hardcoded hostdev migration check if QEMU can do it for us (rhbz#1497907) [8.5.0-2] - domain_conf: Format <defaultiothread/> more often (rhbz#2059511) - domain_conf: Format iothread IDs more often (rhbz#2059511) - qemu: Make IOThread changing more robust (rhbz#2059511) - qemuDomainSetIOThreadParams: Accept VIR_DOMAIN_AFFECT_CONFIG flag (rhbz#2059511) - virsh: Implement --config for iothreadset (rhbz#2059511) - docs: Document TPM portion of domcaps (rhbz#2103119) - virtpm: Introduce TPM-1.2 and TPM-2.0 capabilieis (rhbz#2103119) - domcaps: Introduce TPM backendVersion (rhbz#2103119) - qemu: Report supported TPM version in domcaps (rhbz#2103119) - vircpi: Add PCIe 5.0 and 6.0 link speeds (rhbz#2105231) [8.5.0-1] - Rebased to libvirt-8.5.0 (rhbz#2060313) - The rebase also fixes the following bugs: rhbz#1475431, rhbz#2026765, rhbz#2059511, rhbz#2089431, rhbz#2102009 LOW Copyright 2022 Oracle, Inc. CVE-2022-0897 Oracle Linux 9 [1.27.0-2.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178] [1:1.27.0-2] - fix CVE-2022-2990 - Related: #2061316 [1:1.27.0-1] - update to https://github.com/containers/buildah/releases/tag/v1.27.0 - Related: #2061316 [1:1.26.4-2] - add buildah-tutorial to test subpackage - Related: #2061316 [1:1.26.4-1] - update to https://github.com/containers/buildah/releases/tag/v1.26.4 - Related: #2061316 [1:1.26.3-1] - update to https://github.com/containers/buildah/releases/tag/v1.26.3 - Related: #2061316 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-2990 CVE-2022-27191 CVE-2021-33195 CVE-2021-33198 CVE-2021-33197 CVE-2022-2989 CVE-2021-20291 Oracle Linux 9 [1.0.10-6.el9.2] - Security fixes for CVE-2022-25308, CVE-2022-25309, CVE-2022-25310 Resolves: rhbz#2050086, rhbz#2050069, rhbz#2050063 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-25309 CVE-2022-25310 CVE-2022-25308 Oracle Linux 9 [5.15.3-1] - 5.15.3 Resolves: bz#2061352 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-25255 Oracle Linux 9 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-26716 CVE-2022-26717 CVE-2022-22629 CVE-2022-30293 CVE-2022-22628 CVE-2022-26700 CVE-2022-22662 CVE-2022-26710 CVE-2022-26709 CVE-2022-22624 CVE-2022-26719 Oracle Linux 9 [7.5.15-3] - resolve CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions - resolve CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header - resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working - resolve CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read - resolve CVE-2022-30630 golang: io/fs: stack exhaustion in Glob - resolve CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob - resolve CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode - resolve CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip - resolve CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal [7.5.15-2] - resolve CVE-2022-31107 grafana: OAuth account takeover [7.5.15-1] - update to 7.5.15 tagged upstream community sources, see CHANGELOG - resolve CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources - resolve CVE-2022-21702 grafana: XSS vulnerability in data source handling - resolve CVE-2022-21703 grafana: CSRF vulnerability can lead to privilege escalation - resolve CVE-2022-21713 grafana: IDOR vulnerability can lead to information disclosure - resolve CVE-2021-23648 sanitize-url: XSS - resolve CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter - declare Node.js dependencies of subpackages - make vendor and webpack tarballs reproducible [7.5.11-3] - use HMAC-SHA-256 instead of SHA-1 to generate password reset tokens - update FIPS tests in check phase [7.5.11-2] - resolve CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache - resolve CVE-2021-43813 grafana: directory traversal vulnerability for *.md files [7.5.11-1] - update to 7.5.11 tagged upstream community sources, see CHANGELOG - resolve CVE-2021-39226 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21698 CVE-2022-21713 CVE-2022-32148 CVE-2022-21703 CVE-2022-30632 CVE-2022-21673 CVE-2022-21702 CVE-2022-30630 CVE-2022-1962 CVE-2022-30631 CVE-2021-23648 CVE-2022-1705 CVE-2022-30635 CVE-2022-30633 CVE-2022-28131 Oracle Linux 9 [1.16.2-2] - Require openssl tool for unbound-keygen (#2116802) [1.16.2-1] - Update to 1.16.2 (#2087120) [1.16.0-3] - Disable ED25519 and ED448 in FIPS mode (#2079548) [1.16.0-2] - Restart keygen service before every unbound start (#2094336) [1.16.0-1] - Update to 1.16.0 (#2087120) [1.15.0-1] - Update to 1.15.0 (#2030608) - Update icannbundle.pem [1.13.2-1] - Resolves: rhbz#1992985 unbound-1.13.2 is available - Use system-wide crypto policies [1.13.1-15] - Export unbound-devel to CRB repository (#2056116) [1.13.1-14] - Stop creating wrong devel manual pages (#2071943) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-30699 CVE-2022-30698 Oracle Linux 9 [2.4.53-7.0.1] - Replace index.html with Oracles index page oracle_index.html. [2.4.53-7] - Resolves: #2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling - Resolves: #2097032 - CVE-2022-28615 httpd: out-of-bounds read in ap_strcmp_match() - Resolves: #2098248 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism - Resolves: #2097016 - CVE-2022-28614 httpd: out-of-bounds read via ap_rwrite() - Resolves: #2097452 - CVE-2022-29404 httpd: mod_lua: DoS in r:parsebody - Resolves: #2097459 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability - Resolves: #2097481 - CVE-2022-30556 httpd: mod_lua: Information disclosure with websockets [2.4.53-6] - Related: #2065677 - httpd minimisation for ubi-micro [2.4.53-5] - Resolves: #2098056 - mod_ldap: High CPU usage at apr_ldap_rebind_remove() [2.4.53-4] - Resolves: #2095838 - mod_mime_magic: invalid type 0 in mconvert() [2.4.53-3] - Resolves: #2065677 - httpd minimisation for ubi-micro - minimize httpd dependencies (new httpd-core package) - mod_systemd and mod_brotli are now packaged in the main httpd package [2.4.53-1] - new version 2.4.53 - Resolves: #2079939 - httpd rebase to 2.4.53 - Resolves: #2075406 - httpd.conf uses icon bomb.gif for all files/dirs ending with core [2.4.51-8] - Resolves: #2073459 - Cannot override LD_LIBARY_PATH in Apache HTTPD using SetEnv or PassEnv MODERATE Copyright 2022 Oracle, Inc. CVE-2022-26377 CVE-2022-28614 CVE-2022-30522 CVE-2022-23943 CVE-2022-28615 CVE-2022-29404 CVE-2022-31813 CVE-2022-30556 CVE-2022-22721 CVE-2022-22719 Oracle Linux 9 [32:9.16.23-5] - Fix possible serve-stale related crash (CVE-2022-3080) - Fix memory leak in ECDSA verify processing (CVE-2022-38177) - Fix memory leak in EdDSA verify processing (CVE-2022-38178) [32:9.16.23-4] - Export bind-doc package (#2104863) [32:9.16.23-3] - Tighten cache protection against record from forwarders (CVE-2021-25220) - Include test of forwarders [32:9.16.23-2] - TCP connections with keep-response-order are properly close in all cases (CVE-2022-0396) MODERATE Copyright 2022 Oracle, Inc. CVE-2021-25220 CVE-2022-0396 Oracle Linux 9 [2.85-5] - Prevent endless loop in forward_query (#2120711) [2.85-4] - Prevent use after free in dhcp6_no_relay (CVE-2022-0934) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-0934 Oracle Linux 9 [1.3.3-10] - handle end-of-stream when encoding with verification (CVE-2021-0561) MODERATE Copyright 2022 Oracle, Inc. CVE-2021-0561 Oracle Linux 9 [4:1.1.4-1] - update to https://github.com/opencontainers/runc/releases/tag/v1.1.4 - Related: #2061316 LOW Copyright 2022 Oracle, Inc. CVE-2022-29162 Oracle Linux 9 [6.2.7-1] - rebase to 6.2.7 #2083151 LOW Copyright 2022 Oracle, Inc. CVE-2022-24736 CVE-2022-24735 Oracle Linux 9 [0.7.0-3.20211109gitb79fd91] - Disable OpenSSL FIPS mode to avoid libtpms failures Resolves: rhbz#2090219 [0.7.0-2.20211109gitb79fd91] - Add fix for CVE-2022-23645. Resolves: rhbz#2056518 LOW Copyright 2022 Oracle, Inc. CVE-2022-23645 Oracle Linux 9 * Tue Jun 14 2022 Michal Ruprich - 8.2.2-4 - Resolves: #2095404 - frr use systemd-sysusers [8.2.2-3] - Resolves: #2081304 - Enhanced TMT testing for centos-stream [8.2.2-2] - Resolves: #2069571 - the dynamic routing setup does not work any more [8.2.2-1] - Resolves: #2069563 - Rebase frr to version 8.2.2 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-26125 Oracle Linux 9 [2.14.0-1] - New release - Add ignition-apply symlink - Add ignition-rmcfg symlink and ignition-delete-config.service [2.13.0-2] - Rename -validate-nonlinux subpackage to -validate-redistributable - Add static Linux binaries to -redistributable - Fix macro invocation in comment - Avoid kernel lockdown on VMware when running with secure boot MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1706 Oracle Linux 9 [5.4.0-5] - CVE-2021-44269 wavpack: heap Out-of-bounds Read - Resolves: CVE-2021-44269 LOW Copyright 2022 Oracle, Inc. CVE-2021-44269 Oracle Linux 9 [21.01.0-13] - Dont run out of file for Hints - Rebuild for #2096451 - Resolves: #2090970, #2096451 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-27337 Oracle Linux 9 [2.1.3-4] - Bump version to 2.1.3-4 - Resolves: Bug 1872451 - Fix regression with dscreate template [2.1.3-3] - Bump version to 2.1.3-3 - Resolves: Bug 2118765 [2.1.3-2] - Bump version to 2.1.3-2 - Resolves: Bug 2118765 - SIGSEGV in sync_repl [2.1.3-1] - Bump version to 2.1.3-1 - Resolves: Bug 2061801 - rebase 389-ds-base to 2.1.3 - Resolves: Bug 1872451 - RFE - run as non-root - Resolves: Bug 2052527 - RFE - Provide an option to abort an Auto Member rebuild task - Resolves: Bug 2057056 - Import may break the replication because changelog starting csn may not be created - Resolves: Bug 2057063 - Add support for recursively deleting subentries - Resolves: Bug 2062778 - sending crafted message could result in DoS - Resolves: Bug 2064781 - expired password was still allowed to access the database - Resolves: Bug 2100337 - dsconf backend export userroot fails ldap.DECODING_ERROR [2.1.1-3] - Bump version to 2.1.1-3 - Resolves: Bug 2061801 - Fix nss-tools requirement [2.1.1-2] - Bump version to 2.1.1-2 - Resolves: Bug 2061801 - Fix lmdb-libs requirement [2.1.1-1] - Bump version to 2.1.1-1 - Resolves: Bug 2061801 - rebase 389-ds-base to 2.1.1 [2.1.0-1] - Bump version to 2.1.0-1 - Resolves: Bug 2061801 - rebase 389-ds-base to 2.1.0 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-2850 CVE-2022-0918 CVE-2022-0996 Oracle Linux 9 [4.4.0-2] - Update to version 4.4.0 - Resolves: CVE-2022-0561 CVE-2022-0562 CVE-2022-22844 CVE-2022-0865 CVE-2022-0891 CVE-2022-0924 CVE-2022-0909 CVE-2022-0908 CVE-2022-1354 CVE-2022-1355 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1355 CVE-2022-1354 CVE-2022-0909 CVE-2022-0865 CVE-2022-0924 CVE-2022-0908 CVE-2022-22844 CVE-2022-0561 CVE-2022-0562 CVE-2022-0891 Oracle Linux 9 [8.0.20-3] - snmp3 calls using authPriv or authNoPriv immediately return false #2104630 [8.0.20-2] - fix patch41 not applied (use system nikic/php-parser when available) [8.0.20-1] - rebase to 8.0.20 #2095752 - clean unneeded dependency on useradd command #2095447 - add upstream patch to initialize pcre before mbstring - retrieve tzdata version from /usr/share/zoneinfo/tzdata.zi MODERATE Copyright 2022 Oracle, Inc. CVE-2022-31625 CVE-2021-21708 Oracle Linux 9 [2.4.0-7] - Fix CVE-2022-1122 LOW Copyright 2022 Oracle, Inc. CVE-2022-1122 Oracle Linux 9 [1:2.3.16-7.0.1] - do not run systemd commands during leapp upgrade [Orabug: 34680501] [1:2.3.16-7] - fix possible privilege escalation when similar master and non-master passdbs are used (#2106232) [1:2.3.16-6] - fix possible nonzero return value of postinst script(#2053368) [1:2.3.16-5] - workaround sysuers macro defficiency (#2095399) [1:2.3.16-4] - use systemd-sysusers for user creation (#2095399) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-30550 Oracle Linux 9 [5:2.2.6-1] - Rebase to upstream version 2.2.6 Resolves: CVE-2022-1328 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1328 Oracle Linux 9 [1.20.11-11] - CVE fix for: CVE-2022-2319/ZDI-CAN-16062, CVE-2022-2320/ZDI-CAN-16070 Resolves: rhbz#2108157, rhbz#2108162 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-2319 CVE-2022-2320 Oracle Linux 9 [21.1.3-3] - CVE fix for: CVE-2022-2319/ZDI-CAN-16062, CVE-2022-2320/ZDI-CAN-16070 Resolves: rhbz#2110440, rhbz#2110433 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-2320 CVE-2022-2319 Oracle Linux 9 [4.6.5-3] - Security fix for CVE-2022-2309 - Resolves: rhbz#2107571 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-2309 Oracle Linux 9 [3.2.0-3] - bump NVR MODERATE Copyright 2022 Oracle, Inc. CVE-2022-32148 CVE-2022-30635 CVE-2022-30630 CVE-2022-30631 CVE-2022-1705 CVE-2022-30632 Oracle Linux 9 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-24795 Oracle Linux 9 [21.11.2-1] - Rebase to 21.11.2 (#2126159) - Includes fixes for CVE-2022-2132 (#2107173) and CVE-2022-28199 (#2123616) [21.11.1-1] - Rebase to 21.11.1 (#2106856) - Includes fix for CVE-2021-3839 (#2026642) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-28199 CVE-2022-2132 CVE-2021-3839 Oracle Linux 9 [5.14.0-162.6.1_1.OL9] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944] - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] [5.14.0-162.6.1_1] - kabi: add symbol yield to stablelist (cestmir Kalina) [2120286] - kabi: add symbol xa_find_after to stablelist (cestmir Kalina) [2120286] - kabi: add symbol xa_find to stablelist (cestmir Kalina) [2120286] - kabi: add symbol xa_destroy to stablelist (cestmir Kalina) [2120286] - kabi: add symbol x86_spec_ctrl_base to stablelist (cestmir Kalina) [2120286] - kabi: add symbol x86_cpu_to_apicid to stablelist (cestmir Kalina) [2120286] - kabi: add symbol wait_for_completion_interruptible to stablelist (cestmir Kalina) [2120286] - kabi: add symbol wait_for_completion to stablelist (cestmir Kalina) [2120286] - kabi: add symbol vsprintf to stablelist (cestmir Kalina) [2120286] - kabi: add symbol vsnprintf to stablelist (cestmir Kalina) [2120286] - kabi: add symbol vprintk to stablelist (cestmir Kalina) [2120286] - kabi: add symbol vmemmap_base to stablelist (cestmir Kalina) [2120286] - kabi: add symbol vmalloc_base to stablelist (cestmir Kalina) [2120286] - kabi: add symbol vmalloc to stablelist (cestmir Kalina) [2120286] - kabi: add symbol vm_zone_stat to stablelist (cestmir Kalina) [2120286] - kabi: add symbol vm_event_states to stablelist (cestmir Kalina) [2120286] - kabi: add symbol vfree to stablelist (cestmir Kalina) [2120286] - kabi: add symbol uv_undefined to stablelist (cestmir Kalina) [2120286] - kabi: add symbol uv_teardown_irq to stablelist (cestmir Kalina) [2120286] - kabi: add symbol uv_setup_irq to stablelist (cestmir Kalina) [2120286] - kabi: add symbol uv_possible_blades to stablelist (cestmir Kalina) [2120286] - kabi: add symbol uv_get_hubless_system to stablelist (cestmir Kalina) [2120286] - kabi: add symbol uv_bios_obj_count to stablelist (cestmir Kalina) [2120286] - kabi: add symbol uv_bios_install_heap to stablelist (cestmir Kalina) [2120286] - kabi: add symbol uv_bios_get_pci_topology to stablelist (cestmir Kalina) [2120286] - kabi: add symbol uv_bios_get_master_nasid to stablelist (cestmir Kalina) [2120286] - kabi: add symbol uv_bios_get_heapsize to stablelist (cestmir Kalina) [2120286] - kabi: add symbol uv_bios_get_geoinfo to stablelist (cestmir Kalina) [2120286] - kabi: add symbol uv_bios_enum_ports to stablelist (cestmir Kalina) [2120286] - kabi: add symbol uv_bios_enum_objs to stablelist (cestmir Kalina) [2120286] - kabi: add symbol up_write to stablelist (cestmir Kalina) [2120286] - kabi: add symbol up_read to stablelist (cestmir Kalina) [2120286] - kabi: add symbol up to stablelist (cestmir Kalina) [2120286] - kabi: add symbol unregister_reboot_notifier to stablelist (cestmir Kalina) [2120286] - kabi: add symbol unregister_nmi_handler to stablelist (cestmir Kalina) [2120286] - kabi: add symbol unregister_netdevice_notifier to stablelist (cestmir Kalina) [2120286] - kabi: add symbol unregister_chrdev_region to stablelist (cestmir Kalina) [2120286] - kabi: add symbol unregister_blkdev to stablelist (cestmir Kalina) [2120286] - kabi: add symbol tsc_khz to stablelist (cestmir Kalina) [2120286] - kabi: add symbol try_wait_for_completion to stablelist (cestmir Kalina) [2120286] - kabi: add symbol touch_softlockup_watchdog to stablelist (cestmir Kalina) [2120286] - kabi: add symbol time64_to_tm to stablelist (cestmir Kalina) [2120286] - kabi: add symbol this_cpu_off to stablelist (cestmir Kalina) [2120286] - kabi: add symbol tasklet_unlock_wait to stablelist (cestmir Kalina) [2120286] - kabi: add symbol tasklet_kill to stablelist (cestmir Kalina) [2120286] - kabi: add symbol tasklet_init to stablelist (cestmir Kalina) [2120286] - kabi: add symbol system_wq to stablelist (cestmir Kalina) [2120286] - kabi: add symbol system_freezing_cnt to stablelist (cestmir Kalina) [2120286] - kabi: add symbol sys_tz to stablelist (cestmir Kalina) [2120286] - kabi: add symbol synchronize_rcu to stablelist (cestmir Kalina) [2120286] - kabi: add symbol strstr to stablelist (cestmir Kalina) [2120286] - kabi: add symbol strsep to stablelist (cestmir Kalina) [2120286] - kabi: add symbol strrchr to stablelist (cestmir Kalina) [2120286] - kabi: add symbol strnlen to stablelist (cestmir Kalina) [2120286] - kabi: add symbol strncpy_from_user to stablelist (cestmir Kalina) [2120286] - kabi: add symbol strncpy to stablelist (cestmir Kalina) [2120286] - kabi: add symbol strncmp to stablelist (cestmir Kalina) [2120286] - kabi: add symbol strncasecmp to stablelist (cestmir Kalina) [2120286] - kabi: add symbol strlen to stablelist (cestmir Kalina) [2120286] - kabi: add symbol strlcpy to stablelist (cestmir Kalina) [2120286] - kabi: add symbol strlcat to stablelist (cestmir Kalina) [2120286] - kabi: add symbol strcpy to stablelist (cestmir Kalina) [2120286] - kabi: add symbol strcmp to stablelist (cestmir Kalina) [2120286] - kabi: add symbol strchr to stablelist (cestmir Kalina) [2120286] - kabi: add symbol sscanf to stablelist (cestmir Kalina) [2120286] - kabi: add symbol sprintf to stablelist (cestmir Kalina) [2120286] - kabi: add symbol sort to stablelist (cestmir Kalina) [2120286] - kabi: add symbol snprintf to stablelist (cestmir Kalina) [2120286] - kabi: add symbol sn_region_size to stablelist (cestmir Kalina) [2120286] - kabi: add symbol sn_partition_id to stablelist (cestmir Kalina) [2120286] - kabi: add symbol smp_call_function_single_async to stablelist (cestmir Kalina) [2120286] - kabi: add symbol smp_call_function_single to stablelist (cestmir Kalina) [2120286] - kabi: add symbol smp_call_function_many to stablelist (cestmir Kalina) [2120286] - kabi: add symbol sme_me_mask to stablelist (cestmir Kalina) [2120286] - kabi: add symbol simple_strtoull to stablelist (cestmir Kalina) [2120286] - kabi: add symbol simple_strtoul to stablelist (cestmir Kalina) [2120286] - kabi: add symbol simple_strtol to stablelist (cestmir Kalina) [2120286] - kabi: add symbol simple_read_from_buffer to stablelist (cestmir Kalina) [2120286] - kabi: add symbol set_freezable to stablelist (cestmir Kalina) [2120286] - kabi: add symbol set_current_groups to stablelist (cestmir Kalina) [2120286] - kabi: add symbol security_sb_eat_lsm_opts to stablelist (cestmir Kalina) [2120286] - kabi: add symbol security_free_mnt_opts to stablelist (cestmir Kalina) [2120286] - kabi: add symbol scsi_command_size_tbl to stablelist (cestmir Kalina) [2120286] - kabi: add symbol scnprintf to stablelist (cestmir Kalina) [2120286] - kabi: add symbol schedule_timeout to stablelist (cestmir Kalina) [2120286] - kabi: add symbol schedule to stablelist (cestmir Kalina) [2120286] - kabi: add symbol rtnl_is_locked to stablelist (cestmir Kalina) [2120286] - kabi: add symbol revert_creds to stablelist (cestmir Kalina) [2120286] - kabi: add symbol request_threaded_irq to stablelist (cestmir Kalina) [2120286] - kabi: add symbol remove_wait_queue to stablelist (cestmir Kalina) [2120286] - kabi: add symbol register_reboot_notifier to stablelist (cestmir Kalina) [2120286] - kabi: add symbol register_netdevice_notifier to stablelist (cestmir Kalina) [2120286] - kabi: add symbol register_chrdev_region to stablelist (cestmir Kalina) [2120286] - kabi: add symbol refcount_warn_saturate to stablelist (cestmir Kalina) [2120286] - kabi: add symbol recalc_sigpending to stablelist (cestmir Kalina) [2120286] - kabi: add symbol rcu_read_unlock_strict to stablelist (cestmir Kalina) [2120286] - kabi: add symbol rb_next to stablelist (cestmir Kalina) [2120286] - kabi: add symbol rb_first to stablelist (cestmir Kalina) [2120286] - kabi: add symbol radix_tree_delete to stablelist (cestmir Kalina) [2120286] - kabi: add symbol queue_work_on to stablelist (cestmir Kalina) [2120286] - kabi: add symbol queue_delayed_work_on to stablelist (cestmir Kalina) [2120286] - kabi: add symbol put_unused_fd to stablelist (cestmir Kalina) [2120286] - kabi: add symbol ptrs_per_p4d to stablelist (cestmir Kalina) [2120286] - kabi: add symbol printk to stablelist (cestmir Kalina) [2120286] - kabi: add symbol prepare_to_wait_exclusive to stablelist (cestmir Kalina) [2120286] - kabi: add symbol prepare_to_wait_event to stablelist (cestmir Kalina) [2120286] - kabi: add symbol prepare_to_wait to stablelist (cestmir Kalina) [2120286] - kabi: add symbol prepare_creds to stablelist (cestmir Kalina) [2120286] - kabi: add symbol posix_acl_valid to stablelist (cestmir Kalina) [2120286] - kabi: add symbol posix_acl_to_xattr to stablelist (cestmir Kalina) [2120286] - kabi: add symbol posix_acl_from_xattr to stablelist (cestmir Kalina) [2120286] - kabi: add symbol posix_acl_alloc to stablelist (cestmir Kalina) [2120286] - kabi: add symbol physical_mask to stablelist (cestmir Kalina) [2120286] - kabi: add symbol phys_base to stablelist (cestmir Kalina) [2120286] - kabi: add symbol pgdir_shift to stablelist (cestmir Kalina) [2120286] - kabi: add symbol percpu_ref_init to stablelist (cestmir Kalina) [2120286] - kabi: add symbol percpu_ref_exit to stablelist (cestmir Kalina) [2120286] - kabi: add symbol panic_notifier_list to stablelist (cestmir Kalina) [2120286] - kabi: add symbol panic to stablelist (cestmir Kalina) [2120286] - kabi: add symbol page_offset_base to stablelist (cestmir Kalina) [2120286] - kabi: add symbol override_creds to stablelist (cestmir Kalina) [2120286] - kabi: add symbol numa_node to stablelist (cestmir Kalina) [2120286] - kabi: add symbol nr_cpu_ids to stablelist (cestmir Kalina) [2120286] - kabi: add symbol node_states to stablelist (cestmir Kalina) [2120286] - kabi: add symbol mutex_unlock to stablelist (cestmir Kalina) [2120286] - kabi: add symbol mutex_trylock to stablelist (cestmir Kalina) [2120286] - kabi: add symbol mutex_lock to stablelist (cestmir Kalina) [2120286] - kabi: add symbol mutex_is_locked to stablelist (cestmir Kalina) [2120286] - kabi: add symbol msleep to stablelist (cestmir Kalina) [2120286] - kabi: add symbol memset to stablelist (cestmir Kalina) [2120286] - kabi: add symbol mempool_free_slab to stablelist (cestmir Kalina) [2120286] - kabi: add symbol mempool_free to stablelist (cestmir Kalina) [2120286] - kabi: add symbol mempool_destroy to stablelist (cestmir Kalina) [2120286] - kabi: add symbol mempool_create_node to stablelist (cestmir Kalina) [2120286] - kabi: add symbol mempool_create to stablelist (cestmir Kalina) [2120286] - kabi: add symbol mempool_alloc_slab to stablelist (cestmir Kalina) [2120286] - kabi: add symbol mempool_alloc to stablelist (cestmir Kalina) [2120286] - kabi: add symbol memparse to stablelist (cestmir Kalina) [2120286] - kabi: add symbol memory_read_from_buffer to stablelist (cestmir Kalina) [2120286] - kabi: add symbol memmove to stablelist (cestmir Kalina) [2120286] - kabi: add symbol memcpy to stablelist (cestmir Kalina) [2120286] - kabi: add symbol memcmp to stablelist (cestmir Kalina) [2120286] - kabi: add symbol mem_section to stablelist (cestmir Kalina) [2120286] - kabi: add symbol mds_idle_clear to stablelist (cestmir Kalina) [2120286] - kabi: add symbol lookup_bdev to stablelist (cestmir Kalina) [2120286] - kabi: add symbol ktime_get_ts64 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol ktime_get_real_ts64 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol ktime_get_coarse_real_ts64 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol ktime_get to stablelist (cestmir Kalina) [2120286] - kabi: add symbol kthread_should_stop to stablelist (cestmir Kalina) [2120286] - kabi: add symbol kstrtoull to stablelist (cestmir Kalina) [2120286] - kabi: add symbol kstrtoll to stablelist (cestmir Kalina) [2120286] - kabi: add symbol kmalloc_order_trace to stablelist (cestmir Kalina) [2120286] - kabi: add symbol kfree to stablelist (cestmir Kalina) [2120286] - kabi: add symbol kernel_sigaction to stablelist (cestmir Kalina) [2120286] - kabi: add symbol kernel_fpu_end to stablelist (cestmir Kalina) [2120286] - kabi: add symbol kernel_fpu_begin_mask to stablelist (cestmir Kalina) [2120286] - kabi: add symbol jiffies_64 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol jiffies to stablelist (cestmir Kalina) [2120286] - kabi: add symbol is_vmalloc_addr to stablelist (cestmir Kalina) [2120286] - kabi: add symbol is_uv_system to stablelist (cestmir Kalina) [2120286] - kabi: add symbol iounmap to stablelist (cestmir Kalina) [2120286] - kabi: add symbol ioremap to stablelist (cestmir Kalina) [2120286] - kabi: add symbol iomem_resource to stablelist (cestmir Kalina) [2120286] - kabi: add symbol init_wait_entry to stablelist (cestmir Kalina) [2120286] - kabi: add symbol init_timer_key to stablelist (cestmir Kalina) [2120286] - kabi: add symbol in_group_p to stablelist (cestmir Kalina) [2120286] - kabi: add symbol in_aton to stablelist (cestmir Kalina) [2120286] - kabi: add symbol in6_pton to stablelist (cestmir Kalina) [2120286] - kabi: add symbol in4_pton to stablelist (cestmir Kalina) [2120286] - kabi: add symbol hrtimer_start_range_ns to stablelist (cestmir Kalina) [2120286] - kabi: add symbol hrtimer_init to stablelist (cestmir Kalina) [2120286] - kabi: add symbol hrtimer_forward to stablelist (cestmir Kalina) [2120286] - kabi: add symbol hrtimer_cancel to stablelist (cestmir Kalina) [2120286] - kabi: add symbol groups_alloc to stablelist (cestmir Kalina) [2120286] - kabi: add symbol get_zeroed_page to stablelist (cestmir Kalina) [2120286] - kabi: add symbol get_unused_fd_flags to stablelist (cestmir Kalina) [2120286] - kabi: add symbol free_percpu to stablelist (cestmir Kalina) [2120286] - kabi: add symbol free_pages to stablelist (cestmir Kalina) [2120286] - kabi: add symbol free_irq to stablelist (cestmir Kalina) [2120286] - kabi: add symbol fortify_panic to stablelist (cestmir Kalina) [2120286] - kabi: add symbol flush_workqueue to stablelist (cestmir Kalina) [2120286] - kabi: add symbol finish_wait to stablelist (cestmir Kalina) [2120286] - kabi: add symbol elfcorehdr_addr to stablelist (cestmir Kalina) [2120286] - kabi: add symbol efi to stablelist (cestmir Kalina) [2120286] - kabi: add symbol dump_stack to stablelist (cestmir Kalina) [2120286] - kabi: add symbol downgrade_write to stablelist (cestmir Kalina) [2120286] - kabi: add symbol down_write_trylock to stablelist (cestmir Kalina) [2120286] - kabi: add symbol down_write to stablelist (cestmir Kalina) [2120286] - kabi: add symbol down_trylock to stablelist (cestmir Kalina) [2120286] - kabi: add symbol down_read_trylock to stablelist (cestmir Kalina) [2120286] - kabi: add symbol down_read to stablelist (cestmir Kalina) [2120286] - kabi: add symbol down_interruptible to stablelist (cestmir Kalina) [2120286] - kabi: add symbol down to stablelist (cestmir Kalina) [2120286] - kabi: add symbol dmi_get_system_info to stablelist (cestmir Kalina) [2120286] - kabi: add symbol devmap_managed_key to stablelist (cestmir Kalina) [2120286] - kabi: add symbol dev_base_lock to stablelist (cestmir Kalina) [2120286] - kabi: add symbol destroy_workqueue to stablelist (cestmir Kalina) [2120286] - kabi: add symbol delayed_work_timer_fn to stablelist (cestmir Kalina) [2120286] - kabi: add symbol del_timer_sync to stablelist (cestmir Kalina) [2120286] - kabi: add symbol default_wake_function to stablelist (cestmir Kalina) [2120286] - kabi: add symbol csum_partial to stablelist (cestmir Kalina) [2120286] - kabi: add symbol cpumask_next to stablelist (cestmir Kalina) [2120286] - kabi: add symbol cpufreq_quick_get to stablelist (cestmir Kalina) [2120286] - kabi: add symbol cpu_sibling_map to stablelist (cestmir Kalina) [2120286] - kabi: add symbol cpu_number to stablelist (cestmir Kalina) [2120286] - kabi: add symbol cpu_khz to stablelist (cestmir Kalina) [2120286] - kabi: add symbol cpu_info to stablelist (cestmir Kalina) [2120286] - kabi: add symbol cpu_bit_bitmap to stablelist (cestmir Kalina) [2120286] - kabi: add symbol congestion_wait to stablelist (cestmir Kalina) [2120286] - kabi: add symbol complete_and_exit to stablelist (cestmir Kalina) [2120286] - kabi: add symbol complete to stablelist (cestmir Kalina) [2120286] - kabi: add symbol commit_creds to stablelist (cestmir Kalina) [2120286] - kabi: add symbol clear_user to stablelist (cestmir Kalina) [2120286] - kabi: add symbol capable to stablelist (cestmir Kalina) [2120286] - kabi: add symbol cancel_delayed_work_sync to stablelist (cestmir Kalina) [2120286] - kabi: add symbol cancel_delayed_work to stablelist (cestmir Kalina) [2120286] - kabi: add symbol call_usermodehelper to stablelist (cestmir Kalina) [2120286] - kabi: add symbol call_rcu to stablelist (cestmir Kalina) [2120286] - kabi: add symbol cachemode2protval to stablelist (cestmir Kalina) [2120286] - kabi: add symbol boot_cpu_data to stablelist (cestmir Kalina) [2120286] - kabi: add symbol blk_stack_limits to stablelist (cestmir Kalina) [2120286] - kabi: add symbol bitmap_release_region to stablelist (cestmir Kalina) [2120286] - kabi: add symbol bitmap_find_free_region to stablelist (cestmir Kalina) [2120286] - kabi: add symbol avenrun to stablelist (cestmir Kalina) [2120286] - kabi: add symbol autoremove_wake_function to stablelist (cestmir Kalina) [2120286] - kabi: add symbol atomic_notifier_chain_unregister to stablelist (cestmir Kalina) [2120286] - kabi: add symbol atomic_notifier_chain_register to stablelist (cestmir Kalina) [2120286] - kabi: add symbol async_synchronize_full_domain to stablelist (cestmir Kalina) [2120286] - kabi: add symbol async_synchronize_full to stablelist (cestmir Kalina) [2120286] - kabi: add symbol alloc_workqueue to stablelist (cestmir Kalina) [2120286] - kabi: add symbol alloc_chrdev_region to stablelist (cestmir Kalina) [2120286] - kabi: add symbol add_wait_queue_exclusive to stablelist (cestmir Kalina) [2120286] - kabi: add symbol add_wait_queue to stablelist (cestmir Kalina) [2120286] - kabi: add symbol add_timer to stablelist (cestmir Kalina) [2120286] - kabi: add symbol abort_creds to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _totalram_pages to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_write_unlock_irqrestore to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_write_unlock_bh to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_write_lock_irqsave to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_write_lock_bh to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_spin_unlock_irqrestore to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_spin_unlock_irq to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_spin_unlock_bh to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_spin_unlock to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_spin_trylock_bh to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_spin_trylock to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_spin_lock_irqsave to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_spin_lock_irq to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_spin_lock_bh to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_spin_lock to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_read_unlock_irqrestore to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_read_unlock_bh to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_read_lock_irqsave to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_read_lock_bh to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _find_next_bit to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _find_first_zero_bit to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _find_first_bit to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _ctype to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _copy_to_user to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _copy_from_user to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __xa_insert to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __x86_indirect_thunk_rsi to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __x86_indirect_thunk_rdx to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __x86_indirect_thunk_rdi to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __x86_indirect_thunk_rcx to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __x86_indirect_thunk_rbx to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __x86_indirect_thunk_rbp to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __x86_indirect_thunk_rax to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __x86_indirect_thunk_r8 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __x86_indirect_thunk_r15 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __x86_indirect_thunk_r14 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __x86_indirect_thunk_r13 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __x86_indirect_thunk_r12 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __x86_indirect_thunk_r10 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __warn_printk to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __wake_up to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __vmalloc to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __uv_hub_info_list to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __uv_cpu_info to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __unregister_chrdev to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __udelay to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __tasklet_schedule to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __sw_hweight64 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __sw_hweight32 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __stack_chk_fail to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __request_region to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __release_region to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __register_nmi_handler to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __register_blkdev to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __refrigerator to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __rcu_read_unlock to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __rcu_read_lock to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __put_user_8 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __put_user_4 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __put_user_2 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __put_cred to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __preempt_count to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __per_cpu_offset to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __num_online_cpus to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __node_distance to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __ndelay to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __mutex_init to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __msecs_to_jiffies to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __list_del_entry_valid to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __list_add_valid to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __kmalloc to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __init_waitqueue_head to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __init_swait_queue_head to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __init_rwsem to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __hw_addr_init to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __get_user_2 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __get_free_pages to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __fentry__ to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __cpu_possible_mask to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __cpu_online_mask to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __const_udelay to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __cond_resched to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __check_object_size to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __bitmap_weight to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __bitmap_intersects to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __bitmap_equal to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __bitmap_and to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __alloc_percpu to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __SCT__preempt_schedule to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __SCT__might_resched to stablelist (cestmir Kalina) [2120286] - kabi: re-enable build-time kabi-checks (cestmir Kalina) [2120321] - sfc: fix null pointer dereference in efx_hard_start_xmit (Inigo Huguet) [2129287] - sfc: fix TX channel offset when using legacy interrupts (Inigo Huguet) [2129287] [5.14.0-162.5.1_1] - redhat: change default dist suffix for RHEL 9.1 (Patrick Talbert) - netfilter: nf_tables: clean up hook list when offload flags check fails (Florian Westphal) [2121393] - netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (Florian Westphal) [2121393] - netfilter: nf_conntrack_irc: Fix forged IP logic (Florian Westphal) [2121393] - netfilter: nf_conntrack_irc: Tighten matching on DCC message (Florian Westphal) [2121393] - netfilter: br_netfilter: Drop dst references before setting. (Florian Westphal) [2121393] - netfilter: flowtable: fix stuck flows on cleanup due to pending work (Florian Westphal) [2121393] - netfilter: flowtable: add function to invoke garbage collection immediately (Florian Westphal) [2121393] - netfilter: nf_tables: disallow binding to already bound chain (Florian Westphal) [2121393] - netfilter: nft_tunnel: restrict it to netdev family (Florian Westphal) [2121393] - netfilter: nf_tables: disallow updates of implicit chain (Florian Westphal) [2121393] - netfilter: nft_tproxy: restrict to prerouting hook (Florian Westphal) [2121393] - netfilter: ebtables: reject blobs that dont provide all entry points (Florian Westphal) [2121393] - netfilter: nf_tables: check NFT_SET_CONCAT flag if field_count is specified (Florian Westphal) [2121393] - netfilter: nf_tables: disallow NFT_SET_ELEM_CATCHALL and NFT_SET_ELEM_INTERVAL_END (Florian Westphal) [2121393] - netfilter: nf_tables: NFTA_SET_ELEM_KEY_END requires concat and interval flags (Florian Westphal) [2121393] - netfilter: nf_tables: validate NFTA_SET_ELEM_OBJREF based on NFT_SET_OBJECT flag (Florian Westphal) [2121393] - netfilter: nf_tables: possible module reference underflow in error path (Florian Westphal) [2121393] - netfilter: nf_tables: disallow NFTA_SET_ELEM_KEY_END with NFT_SET_ELEM_INTERVAL_END flag (Florian Westphal) [2121393] - netfilter: nf_tables: use READ_ONCE and WRITE_ONCE for shared generation id access (Florian Westphal) [2121393] - netfilter: nf_tables: fix null deref due to zeroed list head (Florian Westphal) [2121393] - netfilter: nf_tables: disallow jump to implicit chain from set element (Florian Westphal) [2121393] - netfilter: nfnetlink: re-enable conntrack expectation events (Florian Westphal) [2121393] [5.14.0-162.4.1] - iwlwifi: limit fw version for AC9560 to avoid fw crash (Inigo Huguet) [2096128] - configs: enable CONFIG_HP_ILO for aarch64 (Mark Salter) [2126153] [5.14.0-162.3.1] - scsi: restore setting of scmd->scsi_done() in EH and reset ioctl paths (Ewan D. Milne) [2120469] - x86/boot: Dont propagate uninitialized boot_params->cc_blob_address (Terry Bowman) [2124644] - ice: Allow operation with reduced device MSI-X (Petr Oros) [2107719] [5.14.0-162.2.1] - ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (Ken Cox) [2109871] - drm/hyperv : Removing the restruction of VRAM allocation with PCI bar size (Vitaly Kuznetsov) [2030922] - drm/nouveau/kms/nv140-: Disable interlacing (Lyude Paul) [2122068] [5.14.0-162.1.1] - drm/amdgpu: Only disable prefer_shadow on hawaii (Lyude Paul) [2120670] - i40e: Fix kernel crash during module removal (Ivan Vecera) [2070375] - Revert net: macsec: update SCI upon MAC address change. (Sabrina Dubroca) [2118139] - redhat: enable zstream release numbering for rhel 9.1 (Patrick Talbert) - redhat: add missing CVE reference to latest changelog entries (Patrick Talbert) [5.14.0-162] - Revert ixgbevf: Mailbox improvements (Ken Cox) [2120548] - Revert ixgbevf: Add support for new mailbox communication between PF and VF (Ken Cox) [2120548] - posix-cpu-timers: Cleanup CPU timers before freeing them during exec (Wander Lairson Costa) [2116968] {CVE-2022-2585} - fix race between exit_itimers() and /proc/pid/timers (Wander Lairson Costa) [2116968] {CVE-2022-2585} [5.14.0-161] - x86/ftrace: Use alternative RET encoding (Joe Lawrence) [2121368] - x86/ibt,ftrace: Make function-graph play nice (Joe Lawrence) [2121368] - x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() (Joe Lawrence) [2121368] - x86/text-patching: Make text_gen_insn() play nice with ANNOTATE_NOENDBR (Joe Lawrence) [2121368] - redhat: remove GL_DISTGIT_USER, RHDISTGIT and unify dist-git cloning (Frantisek Hrbata) - random: allow reseeding DRBG with getrandom (Daiki Ueno) [2114854] [5.14.0-160] - iavf: Fix VLAN_V2 addition/rejection (Ivan Vecera) [2119701] - gve: Recording rx queue before sending to napi (Jordan Kimbrough) [2022916] - gve: fix the wrong AdminQ buffer queue index check (Jordan Kimbrough) [2022916] - gve: Fix GFP flags when allocing pages (Jordan Kimbrough) [2022916] - gve: Add tx|rx-coalesce-usec for DQO (Jordan Kimbrough) [2022916] - gve: Add consumed counts to ethtool stats (Jordan Kimbrough) [2022916] - gve: Implement suspend/resume/shutdown (Jordan Kimbrough) [2022916] - gve: Add optional metadata descriptor type GVE_TXD_MTD (Jordan Kimbrough) [2022916] - gve: remove memory barrier around seqno (Jordan Kimbrough) [2022916] - gve: Update gve_free_queue_page_list signature (Jordan Kimbrough) [2022916] - gve: Move the irq db indexes out of the ntfy block struct (Jordan Kimbrough) [2022916] - gve: Correct order of processing device options (Jordan Kimbrough) [2022916] - gve: fix for null pointer dereference. (Jordan Kimbrough) [2022916] - gve: fix unmatched u64_stats_update_end() (Jordan Kimbrough) [2022916] - gve: Fix off by one in gve_tx_timeout() (Jordan Kimbrough) [2022916] - gve: Add a jumbo-frame device option. (Jordan Kimbrough) [2022916] - gve: Implement packet continuation for RX. (Jordan Kimbrough) [2022916] - gve: Add RX context. (Jordan Kimbrough) [2022916] - gve: Track RX buffer allocation failures (Jordan Kimbrough) [2022916] - gve: Allow pageflips on larger pages (Jordan Kimbrough) [2022916] - gve: Add netif_set_xps_queue call (Jordan Kimbrough) [2022916] - gve: Recover from queue stall due to missed IRQ (Jordan Kimbrough) [2022916] - gve: Do lazy cleanup in TX path (Jordan Kimbrough) [2022916] - gve: Add rx buffer pagecnt bias (Jordan Kimbrough) [2022916] - gve: Switch to use napi_complete_done (Jordan Kimbrough) [2022916] - gve: report 64bit tx_bytes counter from gve_handle_report_stats() (Jordan Kimbrough) [2022916] - gve: fix gve_get_stats() (Jordan Kimbrough) [2022916] - gve: Properly handle errors in gve_assign_qpl (Jordan Kimbrough) [2022916] - gve: Avoid freeing NULL pointer (Jordan Kimbrough) [2022916] - gve: Correct available tx qpl check (Jordan Kimbrough) [2022916] - gve: Use kvcalloc() instead of kvzalloc() (Jordan Kimbrough) [2022916] - gve: DQO: avoid unused variable warnings (Jordan Kimbrough) [2022916] - gve: fix the wrong AdminQ buffer overflow check (Jordan Kimbrough) [2022916] - ath9k: htc: clean up statistics macros (Jose Ignacio Tornos Martinez) [2084600] {CVE-2022-1679} - ath9k: hif_usb: simplify if-if to if-else (Jose Ignacio Tornos Martinez) [2084600] {CVE-2022-1679} - ath9k: fix use-after-free in ath9k_hif_usb_rx_cb (Jose Ignacio Tornos Martinez) [2084600] {CVE-2022-1679} - net: qcom/emac: Fix improper merge resolution in device_get_mac_address (Patrick Talbert) [2108539] - x86/speculation: Add LFENCE to RSB fill sequence (Waiman Long) [2115086] {CVE-2022-26373} - x86/speculation: Add RSB VM Exit protections (Waiman Long) [2115086] {CVE-2022-26373} - tools headers cpufeatures: Sync with the kernel sources (Waiman Long) [2115086] - x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (Waiman Long) [2115086] - lkdtm: Disable return thunks in rodata.c (Waiman Long) [2115086] - x86/amd: Use IBPB for firmware calls (Waiman Long) [2115086] - x86/bugs: Warn when ibrs mitigation is selected on Enhanced IBRS parts (Waiman Long) [2115086] - x86/alternative: Report missing return thunk details (Waiman Long) [2115086] - nvme-fc: restart admin queue if the caller needs to restart queue (Ewan D. Milne) [2104461] - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (Rahul Lakkireddy) [2109526] - scsi: csiostor: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (Rahul Lakkireddy) [2109526] MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1184 CVE-2022-28893 CVE-2022-23816 CVE-2022-21499 CVE-2022-39190 CVE-2022-2639 CVE-2022-21123 CVE-2021-3640 CVE-2022-0168 CVE-2022-1679 CVE-2022-21166 CVE-2022-36946 CVE-2022-2586 CVE-2022-20368 CVE-2020-36516 CVE-2022-0617 CVE-2022-28390 CVE-2022-21125 CVE-2022-23825 CVE-2022-26373 CVE-2022-1048 CVE-2022-1353 CVE-2022-1280 CVE-2022-1998 CVE-2022-29581 CVE-2022-29901 CVE-2022-0854 CVE-2022-24448 CVE-2022-29900 CVE-2022-1016 CVE-2022-1852 Oracle Linux 9 [3.2.3-18] - Resolves: #2111177 - remote arbitrary files write inside the directories of connecting peers [3.2.3-17] - Resolves: #2116669 - zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field [3.2.3-16] - Related: #2081296 - Adding ci.fmf for separation of testing results [3.2.3-15] - Related: #2081296 - Disabling STI [3.2.3-14] - Resolves: #2071514 - A flaw found in zlib when compressing (not decompressing) certain inputs [3.2.3-13] - Resolves: #2079639 - rsync --atimes doesnt work [3.2.3-12] - Resolves: #2081296 - Enable fmf tests in centos stream [3.2.3-11] - Resolves: #2053198 - rsync segmentation fault [3.2.3-10] - Resolves: #2077431 - Read-only files that have changed xattrs fail to allow xattr changes MODERATE Copyright 2022 Oracle, Inc. CVE-2022-37434 Oracle Linux 9 [7.76.1-19] - fix unpreserved file permissions (CVE-2022-32207) - fix HTTP compression denial of service (CVE-2022-32206) - fix FTP-KRB bad message verification (CVE-2022-32208) [7.76.1-18] - fix too eager reuse of TLS and SSH connections (CVE-2022-27782) [7.76.1-17] - fix leak of SRP credentials in redirects (CVE-2022-27774) [7.76.1-16] - add missing tests to Makefile [7.76.1-15] - fix credential leak on redirect (CVE-2022-27774) - fix auth/cookie leak on redirect (CVE-2022-27776) - fix bad local IPv6 connection reuse (CVE-2022-27775) - fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576) LOW Copyright 2022 Oracle, Inc. CVE-2022-27775 Oracle Linux 9 [4.16.4-101] - resolves: rhbz#2121317 - Do not require samba package in python3-samba [4.16.4-100] - Rebase to version 4.16.4 - resolves: rhbz#2108332 - Fix CVE-2022-32742 [ 4.16.3-101] - related: rhbz#2077487 - Rebase Samba to 4.16.3 - resolves: rhbz#2097655 - The pcap background queue process should not be stopped - resolves: rhbz#2100105 - Fix net ads info LDAP server and LDAP server name [4.16.2-102] - resolves: rhbz#2106279 - Fix crash in rpcd_classic [4.16.2-101] - resolves: rhbz#2093833 - Fix weak dependency on logrotate - resolves: rhbz#2096813 - Fix printer displays only after 300 seconds timeout [4.16.2-100] - Fix rpminspect abidiff - related: rhbz#2077487 - Rebase Samba to 4.16.2 [4.16.1-100] - resolves: rhbz#2077487 - Rebase Samba to the the latest 4.16.x release MODERATE Copyright 2022 Oracle, Inc. CVE-2022-32742 Oracle Linux 9 [2.5.2-1] - Rebase to version 2.5.2 - resolves: rhbz#2109017 - Fix CVE-2022-32746 [2.5.1-1] - related: rhbz#2077490 - Rebase to version 2.5.1 [2.5.0-1] - resolves: rhbz#2077490 - Rebase to version 2.5.0 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-32746 Oracle Linux 9 [2.10.4-9] - Guard face->size - Resolves: #2079280 [2.10.4-8] - Properly guard face_index - Resolves: #2079262 [2.10.4-7] - Avoid invalid face index - Resolves: #2079271 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-27406 CVE-2022-27404 CVE-2022-27405 Oracle Linux 9 [3.9.14-1] - Update to 3.9.14 - Security fixes for CVE-2020-10735 and CVE-2021-28861 Resolves: rhbz#2120642, rhbz#1834423, rhbz#2128249 [3.9.13-3] - Fix test_get_ciphers in test_ssl.py for FIPS mode Resolves: rhbz#2058233 [3.9.13-2] - Security fix for CVE-2015-20107 Resolves: rhbz#2075390 [3.9.13-1] - Update to 3.9.13 Resolves: rhbz#2054702, rhbz#2059951 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-28861 CVE-2015-20107 Oracle Linux 9 [1.46.5-3] - Add sanity check to extent manipulation (#2073549) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1304 Oracle Linux 9 [2.7.4-8] - Resolves:rh#2103849 - Update tests.yaml [2.7.4-7] - Resolves:rh#2103849 CVE-2022-33068 - Fix Covscan compiler warning for inclusion of parenthesis - Update tests.yaml [2.7.4-6] - Resolves:rh#2103849 CVE-2022-33068 harfbuzz: integer overflow in the component hb-ot-shape-fallback.c MODERATE Copyright 2022 Oracle, Inc. CVE-2022-33068 Oracle Linux 9 [12:4.4.2-17.b1] - omshell: add support for hmac-sha512 algorithm (#2083553) [12:4.4.2-16.b1] - Fix for CVE-2021-25220 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-25220 Oracle Linux 9 [3.18.0-7] - lockState: do not print error: when exit code is unaffected (#2090926) [3.18.0-6] - fix potential DoS from unprivileged users via the state file (CVE-2022-1348) * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [3.18.0-4] - make renamecopy and copytruncate override each other (#1934601) - unify documentation of copy/copytruncate/renamecopy (#1934629) - fix resource leaks reported by Coverity [3.18.0-3] - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 [3.18.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild [3.18.0-1] - new upstream version 3.18.0 [3.17.0-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [3.17.0-2] - Use make macros - https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro [3.17.0-1] - new upstream version 3.17.0 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1348 Oracle Linux 9 [1.3.3] - Rebased to libtirpc-1.3.3 (bz 2118157) MODERATE Copyright 2022 Oracle, Inc. CVE-2021-46828 Oracle Linux 9 [12.0.1-11.2] - Bump release and rebuild resolves: rhbz#2096010 [12.0.1-11.1] - Rebase to Fedora Rawhide resolves: rhbz#2080170 LOW Copyright 2022 Oracle, Inc. CVE-2021-46195 Oracle Linux 9 [2.70.1-2] - Rebuild for mingw-zlib update resolves: rhbz#2116278 LOW Copyright 2022 Oracle, Inc. CVE-2021-28153 Oracle Linux 9 [1.2.12-2] - Fix changelog Related: rhbz#2068371 [1.2.12-1] - Bump version to 1.2.12 to fix CVE-2018-25032 Related: rhbz#2068371 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2018-25032 Oracle Linux 9 [4.2.0-7.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404] [2:4.2.0-7] - update to the latest content of https://github.com/containers/podman/tree/v4.2.0-rhel (https://github.com/containers/podman/commit/35c0df3) - Resolves: #2120436 [2:4.2.0-6] - update to the latest content of https://github.com/containers/podman/tree/v4.2.0-rhel (https://github.com/containers/podman/commit/d520a5c) - Resolves: #2136845 [2:4.2.0-5] - properly obsolete catatonit - Resolves: #2123319 [2:4.2.0-4] - update to the latest content of https://github.com/containers/podman/tree/v4.2.0-rhel (https://github.com/containers/podman/commit/4978898) - Resolves: #2124676 LOW Copyright 2022 Oracle, Inc. CVE-2022-2990 CVE-2022-2989 Oracle Linux 9 [7.0.100-0.5.rc2.0.1] - Set TargetRid based on os release major version, add OL arm64 RuntimeIdentifier [Orabug: 34671152] [7.0.100-0.5.rc2] - Add lldb as a build dependency - Related: RHBZ#2134641 [7.0.100-0.4.rc2] - Enable ppc64le builds - Related: RHBZ#2134641 [7.0.100-0.3.rc2] - Update to .NET 7 RC 2 - Resolves: RHBZ#2134641 [7.0.100-0.2.rc1] - Update to .NET 7 RC 1 - Enable s390x builds - Resolves: RHBZ#2123884 [7.0.100-0.1] - Initial .NET 7 package - Resolves: RHBZ#2112027 [6.0.105-1] - Update to .NET SDK 6.0.105 and Runtime 6.0.5 [6.0.104-1] - Update to .NET SDK 6.0.104 and Runtime 6.0.4 [6.0.103-1] - Update to .NET SDK 6.0.103 and Runtime 6.0.3 [6.0.102-1] - Update to .NET SDK 6.0.102 and Runtime 6.0.2 [6.0.101-3] - Update to .NET SDK 6.0.101 and Runtime 6.0.1 [6.0.100-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild [6.0.100-2] - Disable bootstrap [6.0.100-1] - Update to .NET 6 [6.0.0-0.7.rc2] - Update to .NET 6 RC2 [6.0.0-0.6.28be3e9a006d90d8c6e87d4353b77882829df718] - Enable building on arm64 - Related: RHBZ#1986017 [6.0.0-0.5.28be3e9a006d90d8c6e87d4353b77882829df718] - Enable building on s390x - Related: RHBZ#1986017 [6.0.0-0.4.28be3e9a006d90d8c6e87d4353b77882829df718] - Clean up tarball and add initial support for s390x - Related: RHBZ#1986017 [6.0.0-0.3.28be3e9a006d90d8c6e87d4353b77882829df718] - Update to work-in-progress RC2 release [6.0.0-0.2.preview6] - Updated to build the latest source-build preview [6.0.0-0.1.preview6] - Initial package for .NET 6 [5.0.204-1] - Update to .NET SDK 5.0.204 and Runtime 5.0.7 [5.0.203-1] - Update to .NET SDK 5.0.203 and Runtime 5.0.6 [5.0.202-1] - Update to .NET SDK 5.0.202 and Runtime 5.0.5 [5.0.104-2] - Mark files under /etc/ as config(noreplace) - Add an rpm-inspect configuration file - Add an rpmlintrc file - Enable gating for release branches and ELN too [5.0.104-1] - Update to .NET SDK 5.0.104 and Runtime 5.0.4 - Drop unneeded/upstreamed patches [5.0.103-2] - Add Fedora 35 RIDs [5.0.103-1] - Update to .NET SDK 5.0.103 and Runtime 5.0.3 [5.0.102-2] - Disable bootstrap [5.0.100-2] - Update to .NET Core Runtime 5.0.0 and SDK 5.0.100 commit 9c4e5de [5.0.100-1] - Update to .NET Core Runtime 5.0.0 and SDK 5.0.100 [5.0.100-0.4.20201202git337413b] - Update to latest 5.0 pre-GA commit [5.0.100-0.4.20201123gitdee899c] - Update to 5.0 pre-GA commit MODERATE Copyright 2022 Oracle, Inc. CVE-2022-41032 Oracle Linux 9 [6.5.1-1] - Update to 6.5.1 Resolves: CVE-2022-3500 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-3500 Oracle Linux 9 [0.8.7-12.1] - Add 0062-multipathd-ignore-duplicated-multipathd-command-keys.patch - Resolves: bz #2133998 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-3787 Oracle Linux 9 [3.9.14-1.1] - Fix for CVE-2022-42919 Resolves: rhbz#2138705 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-42919 Oracle Linux 9 [102.5.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.5.0-2] - Update to 102.5.0 build2 [102.5.0-1] - Update to 102.5.0 build1 [102.4.0-1] - Update to 102.4.0 build1 [102.3.0-4] - Fix for expat CVE-2022-40674 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-45405 CVE-2022-45418 CVE-2022-45416 CVE-2022-45408 CVE-2022-45409 CVE-2022-45420 CVE-2022-45406 CVE-2022-45403 CVE-2022-45410 CVE-2022-45412 CVE-2022-45421 CVE-2022-45404 CVE-2022-45411 Oracle Linux 9 [102.5.0-1.0.1] - Updated homepages to use https [Orabug: 34648274] [102.5.0-1] - Update to 102.5.0 build1 [102.4.0-1] - Update to 102.4.0 build1 [102.3.0-7] - Fix for expat CVE-2022-40674 and non functional webrtc IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-45421 CVE-2022-45416 CVE-2022-45406 CVE-2022-45403 CVE-2022-45408 CVE-2022-45405 CVE-2022-45411 CVE-2022-45409 CVE-2022-45404 CVE-2022-45410 CVE-2022-45412 CVE-2022-45418 CVE-2022-45420 Oracle Linux 9 [1.19.1-24.0.1] - Fixed race condition in krb5_set_password() [Orabug: 33609767] [1.19.1-24] - Fix integer overflows in PAC parsing (CVE-2022-42898) - Resolves: rhbz#2140970 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-42898 Oracle Linux 9 [6.6.2-2.1] - Resolves: #2142095 - CVE-2022-45060 varnish: Request Forgery Vulnerability IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-45060 Oracle Linux 9 nodejs [1:18.12.1-1] - Rebase + CVEs - Resolves: #2142809 - Resolves: #2142830, #2142856 nodejs-nodemon [2.0.20-1] - Rebase to 2.0.20 Resolves: CVE-2022-3517 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-43548 CVE-2022-3517 Oracle Linux 9 [102.6.0-1.0.1] - Updated homepages to use https [Orabug: 34648274] [102.6.0-1] - Update to 102.6.0 build1 [102.5.0-2] - Added libwebrtc screencast patch for newer features IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-46881 CVE-2022-46882 CVE-2022-46880 CVE-2022-46874 CVE-2022-46872 CVE-2022-46878 Oracle Linux 9 [102.6.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.6.0-2] - Update to 102.6.0 build2 [102.6.0-1] - Update to 102.6.0 build1 [102.5.0-3] - Use openssl for the librnp crypto backend to enable the openpgp encryption IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-45414 CVE-2022-46882 CVE-2022-46881 CVE-2022-46872 CVE-2022-46880 CVE-2022-46878 CVE-2022-46874 Oracle Linux 9 [0.11.1-10.el9_0.1] - Updated bundled rubygems: sinatra, rack-protection - Resolves: rhbz#2081333 [0.11.1-10] - Fixed snmp client - Fixed translating resource roles in colocation constraint - Resolves: rhbz#2048640 [0.11.1-9] - Fixed cluster destroy in web ui - Fixed covscan issue in web ui - Resolves: rhbz#2044409 [0.11.1-8] - Fixed 'pcs resource move' command - Fixed removing of unavailable fence-scsi storage device - Fixed ocf validation of ocf linbit drdb agent - Fixed creating empty cib - Updated pcs-web-ui - Resolves: rhbz#1990787 rhbz#2033248 rhbz#2039883 rhbz#2040420 [0.11.1-7] - Fixed enabling corosync-qdevice - Fixed resource update command when unable to get agent metadata - Fixed revert of disallowing to clone a group with a stonith - Resolves: rhbz#1811072 rhbz#2019836 rhbz#2032473 [0.11.1-6] - Rebased to latest upstream sources (see CHANGELOG.md) - Updated pcs web ui - Resolves: rhbz#1990787 rhbz#1997019 rhbz#2012129 rhbz#2024542 rhbz#2027678 rhbz#2027679 [0.11.1-5] - Rebased to latest upstream sources (see CHANGELOG.md) - Resolves: rhbz#1990787 rhbz#2018969 rhbz#2019836 rhbz#2023752 rhbz#2012129 [0.11.1-4] - Rebased to latest upstream sources (see CHANGELOG.md) - Updated pcs web ui - Enabled wui patching - Resolves: rhbz#1811072 rhbz#1945305 rhbz#1997019 rhbz#2012129 [0.11.1-1] - Rebased to latest upstream sources (see CHANGELOG.md) - Resolves: rhbz#1283805 rhbz#1910644 rhbz#1910645 rhbz#1956703 rhbz#1956706 rhbz#1985981 rhbz#1991957 rhbz#1996062 rhbz#1996067 [0.11.0.alpha.1-1] - Rebased to latest upstream sources (see CHANGELOG.md) - Updated pcs web ui - Resolves: rhbz#1283805 rhbz#1910644 rhbz#1910645 rhbz#1985981 rhbz#1991957 rhbz#1996067 [0.10.9-2] - Rebuilt for libffi 3.4.2 SONAME transition. Related: rhbz#1891914 [0.10.9-1] - Rebased to latest upstream sources (see CHANGELOG.md) - Resolves: rhbz#1991957 [0.10.8-11] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [0.10.8-10] - Rebased to latest upstream sources (see CHANGELOG.md) - Fixed web-ui build - Fixed tests for pacemaker 2.1 - Resolves: rhbz#1975440 rhbz#1922302 [0.10.8-9] - Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065 [0.10.8-8] - Rebuild with fixed gaiting tests - Stopped bundling rubygem-json (use distribution package instead) - Fixed patches - Resolves: rhbz#1881064 [0.10.8-7] - Fixed License tag - Rebuild with fixed dependency for gating tier0 tests - Resolves: rhbz#1881064 [0.10.8-6] - Rebased to latest upstream sources (see CHANGELOG.md) - Removed clufter related commands - Resolves: rhbz#1881064 [0.10.8-5] - Updated pcs web ui node modules - Fixed build issue on low memory build hosts - Resolves: rhbz#1951272 [0.10.8-4] - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 [0.10.8-3] - Replace pyOpenSSL with python-cryptography - Resolves: rhbz#1927404 [0.10.8-2] - Bundle rubygem depedencies and python3-tornado - Resolves: rhbz#1929710 [0.10.8-1] - Rebased to latest upstream sources (see CHANGELOG.md) - Updated pcs-web-ui - Updated bundled python dependency: dacite - Changed BuildRequires from git to git-core - Added conditional (Build)Requires: rubygem(rexml) - Added conditional Requires: rubygem(webrick) [0.10.7-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild [0.10.7-3] - Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_3.0 [0.10.7-2] - Python 3.10 related fix [0.10.7-1] - Rebased to latest upstream sources (see CHANGELOG.md) - Added dependency on python packages pyparsing and dateutil - Fixed virtual bundle provides for ember, handelbars, jquery and jquery-ui - Removed dependency on python3-clufter [0.10.6-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [0.10.6-1] - Rebased to latest upstream sources (see CHANGELOG.md) - Updated pcs-web-ui - Stopped bundling tornado (use distribution package instead) - Stopped bundling rubygem-tilt (use distribution package instead) - Removed rubygem bundling - Removed unneeded BuildRequires: execstack, gcc, gcc-c++ - Excluded some tests for tornado daemon [0.10.5-8] - Use make macros - https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro [0.10.5-7] - Use fixed upstream version of dacite with Python 3.9 support - Split upstream tests in gating into tiers [0.10.5-6] - Use patched version of dacite compatible with Python 3.9 - Resolves: rhbz#1838327 [0.10.5-5] - Rebuilt for Python 3.9 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-29970 Oracle Linux 8 Oracle Linux 9 [5.15.0-0.30.20] - floppy: use a statically allocated error counter (Willy Tarreau) [Orabug: 34218638] {CVE-2022-1652} - x86: Disable RET on kexec (Konrad Rzeszutek Wilk) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: do not enable IBPB-on-entry when IBPB is not supported (Thadeu Lima de Souza Cascardo) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - arm64: proton-pack: provide vulnerability file value for RETBleed (James Morse) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/cpu/amd: Enumerate BTC_NO (Andrew Cooper) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/common: Stamp out the stepping madness (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - KVM: VMX: Prevent RSB underflow before vmenter (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/speculation: Fill RSB on vmexit for IBRS (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - KVM: VMX: Fix IBRS handling after vmexit (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - KVM: VMX: Convert launched argument to flags (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - KVM: VMX: Flatten __vmx_vcpu_run() (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/speculation: Remove x86_spec_ctrl_mask (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/speculation: Fix SPEC_CTRL write on SMT state change (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/speculation: Fix firmware entry SPEC_CTRL handling (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/cpu/amd: Add Spectral Chicken (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - objtool: Add entry UNRET validation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Do IBPB fallback check only once (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Add retbleed=ibpb (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/xen: Rename SYS* entry points (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - objtool: Update Retpoline validation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - intel_idle: Disable IBRS during long idle (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Report Intel retbleed vulnerability (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS (Pawan Gupta) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Optimize SPEC_CTRL MSR writes (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/entry: Add kernel IBRS implementation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Enable STIBP for JMP2RET (Kim Phillips) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Add AMD retbleed= boot parameter (Alexandre Chartre) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Report AMD retbleed vulnerability (Alexandre Chartre) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86: Add magic AMD return-thunk (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - objtool: Treat .text.__x86.* as noinstr (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86: Use return-thunk in asm code (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/sev: Avoid using __x86_return_thunk (Kim Phillips) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/kvm: Fix SETcc emulation for return thunks (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/bpf: Use alternative RET encoding (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/ftrace: Use alternative RET encoding (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86,static_call: Use alternative RET encoding (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86,objtool: Create .return_sites (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86: Undo return-thunk damage (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/retpoline: Use -mfunction-return (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/retpoline: Swizzle retpoline thunk (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/retpoline: Cleanup some #ifdefery (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/cpufeatures: Move RETPOLINE flags to word 11 (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/kvm/vmx: Make noinstr clean (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/entry: Remove skip_r11rcx (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/entry: Fix register corruption in compat syscall (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/entry: Use PUSH_AND_CLEAR_REGS for compat (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/entry: Simplify entry_INT80_compat() (Linus Torvalds) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/mm: Simplify RESERVE_BRK() (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - crypto: x86/poly1305 - Fixup SLS (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86,static_call: Fix __static_call_return0 for i386 (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - kvm/emulate: Fix SETcc emulation function offsets with SLS (Borislav Petkov) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - objtool: Default ignore INT3 for unreachable (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86: Add straight-line-speculation mitigation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - objtool: Add straight-line-speculation validation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86: Prepare inline-asm for straight-line-speculation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86: Prepare asm files for straight-line-speculation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/lib/atomic64_386_32: Rename things (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/alternative: Relax text_poke_bp() constraint (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - static_call,x86: Robustify trampoline patching (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/xen: Move hypercall_page to top of the file (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1652 CVE-2022-23816 CVE-2022-29901 Oracle Linux 9 [2.06-27.0.6.el9_0.7] - Enable back btrfs grub module for EFI pre-built image [Orabug: 34360986] [2.06-27.0.5.el9_0.7] - Replaced bugzilla.oracle.com references [Orabug: 34202300] - Update provided certificate version to 202204 [JIRA: OLDIS-16371] - Various coverity fixes [JIRA: OLDIS-16371] - bump SBAT generation - Update bug url [Orabug: 34202300] - Revert provided certificate version back to 202102 [JIRA: OLDIS-16371] - Update signing certificate [JIRA: OLDIS-16371] - fix SBAT data [JIRA: OLDIS-16371] - Update requires [JIRA: OLDIS-16371] - Rebuild for SecureBoot signatures [Orabug: 33801813] - Do not add shim and grub certificate deps for aarch64 packages [Orabug: 32670033] - Update Oracle SBAT data [Orabug: 32670033] - Use new signing certificate [Orabug: 32670033] - honor /etc/sysconfig/kernel DEFAULTKERNEL setting for BLS [Orabug: 30643497] - set EFIDIR as redhat for additional grub2 tools [Orabug: 29875597] - Update upstream references [Orabug: 26388226] - Insert Unbreakable Enterprise Kernel text into BLS config file [Orabug: 29417955] - Put 'with' in menuentry instead of 'using' [Orabug: 18504756] - Use different titles for UEK and RHCK kernels [Orabug: 18504756] [2.06-27.el9_0.7] - CVE fixes for 2022-06-07 - CVE-2022-28736 CVE-2022-28735 CVE-2022-28734 CVE-2022-28733 - CVE-2021-3697 CVE-2021-3696 CVE-2021-3695 - Resolves: #2089810 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-28737 CVE-2021-3696 CVE-2022-28734 CVE-2021-3695 CVE-2021-3697 CVE-2022-28733 CVE-2022-28735 CVE-2022-28736 Oracle Linux 8 Oracle Linux 9 [5.15.0-0.30.20.1] - lockdown: Fix kexec lockdown bypass with ima policy (Eric Snowberg) [Orabug: 34386636] {CVE-2022-21505} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21505 Oracle Linux 9 [2.4.51-7.0.2] - mod_proxy: ap_proxy_http_request() to clear hop-by-hop first and fixup last [CVE-2022-31813][Orabug: 34381949] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-31813 Oracle Linux 8 Oracle Linux 9 [5.15.0-1.43.4.1] - net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460936] {CVE-2022-2588} [5.15.0-1.43.4] - Revert selftests/bpf: add tests verifying unprivileged bpf behaviour (Alan Maguire) [Orabug: 34399286] - Revert selftests/bpf: Add test for reg2btf_ids out of bounds access (Alan Maguire) [Orabug: 34399286] [5.15.0-1.43.3] - x86/alternative: The retpoline alternative is not applied (Alexandre Chartre) [Orabug: 34395937] - x86/ftrace: Do not copy ftrace_stub() in ftrace trampoline (Alexandre Chartre) [Orabug: 34395937] [5.15.0-100.43.0] - ocfs2: kill EBUSY from dlmfs_evict_inode (Junxiao Bi) [Orabug: 34364336] - ocfs2: dlmfs: dont clear USER_LOCK_ATTACHED when destroying lock (Junxiao Bi) [Orabug: 34364336] - ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (Junxiao Bi via Ocfs2-devel) [Orabug: 34364336] - net/rds: Fix a NULL dereference in rds_tcp_accept_one() (Harshit Mogalapalli) [Orabug: 34366723] - lockdown: Fix kexec lockdown bypass with ima policy (Eric Snowberg) [Orabug: 34393053] {CVE-2022-21505} [5.15.0-1.43.1] - LTS version: v5.15.43 (Jack Vogel) - mptcp: Do TCP fallback on early DSS checksum failure (Mat Martineau) - LTS version: v5.15.42 (Jack Vogel) - afs: Fix afs_getattr() to refetch file status if callback break occurred (David Howells) - i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (Yang Yingliang) - mt76: mt7921e: fix possible probe failure after reboot (Sean Wang) - dt-bindings: pinctrl: aspeed-g6: remove FWQSPID group (Jae Hyun Yoo) - Input: ili210x - fix reset timing (Marek Vasut) - arm64: Enable repeat tlbi workaround on KRYO4XX gold CPUs (Shreyas K K) - net: atlantic: verify hw_head_ lies within TX buffer ring (Grant Grundler) - net: atlantic: add check for MAX_SKB_FRAGS (Grant Grundler) - net: atlantic: reduce scope of is_rsc_complete (Grant Grundler) - net: atlantic: fix frag[0] not initialized (Grant Grundler) - net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe() (Yang Yingliang) - ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one() (Yang Yingliang) - nl80211: fix locking in nl80211_set_tx_bitrate_mask() (Johannes Berg) - net: fix wrong network header length (Lina Wang) - fbdev: Prevent possible use-after-free in fb_release() (Daniel Vetter) - Revert fbdev: Make fb_release() return -ENODEV if fbdev was unregistered (Javier Martinez Canillas) - selftests: add ping test with ping_group_range tuned (Nicolas Dichtel) - nl80211: validate S1G channel width (Kieran Frewen) - mac80211: fix rx reordering with non explicit / psmp ack policy (Felix Fietkau) - scsi: qla2xxx: Fix missed DMA unmap for aborted commands (Gleb Chesnokov) - scsi: scsi_dh_alua: Properly handle the ALUA transitioning state (Brian Bunker) - perf bench numa: Address compiler error on s390 (Thomas Richter) - perf regs x86: Fix arch__intr_reg_mask() for the hybrid platform (Kan Liang) - gpio: mvebu/pwm: Refuse requests with inverted polarity (Uwe Kleine-Konig) - gpio: gpio-vf610: do not touch other bits when set the target bit (Haibo Chen) - perf build: Fix check for btf__load_from_kernel_by_id() in libbpf (Arnaldo Carvalho de Melo) - scsi: ufs: core: Fix referencing invalid rsp field (Daejun Park) - riscv: dts: sifive: fu540-c000: align dma node name with dtschema (Krzysztof Kozlowski) - net: bridge: Clear offload_fwd_mark when passing frame up bridge interface. (Andrew Lunn) - netfilter: flowtable: move dst_check to packet path (Ritaro Takenaka) - netfilter: flowtable: pass flowtable to nf_flow_table_iterate() (Pablo Neira Ayuso) - netfilter: flowtable: fix TCP flow teardown (Pablo Neira Ayuso) - igb: skip phy status check where unavailable (Kevin Mitchell) - mptcp: fix checksum byte order (Paolo Abeni) - mptcp: reuse __mptcp_make_csum in validate_data_csum (Geliang Tang) - mptcp: change the parameter of __mptcp_make_csum (Geliang Tang) - ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 (Ard Biesheuvel) - ARM: 9196/1: spectre-bhb: enable for Cortex-A15 (Ard Biesheuvel) - net: af_key: add check for pfkey_broadcast in function pfkey_process (Jiasheng Jiang) - net/mlx5e: Properly block LRO when XDP is enabled (Maxim Mikityanskiy) - net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (Maor Dickman) - NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (Duoming Zhou) - net/qla3xxx: Fix a test in ql_reset_work() (Christophe JAILLET) - clk: at91: generated: consider range when calculating best rate (Codrin Ciubotariu) - ice: Fix interrupt moderation settings getting cleared (Michal Wilczynski) - ice: move ice_container_type onto ice_ring_container (Maciej Fijalkowski) - ice: fix possible under reporting of ethtool Tx and Rx statistics (Paul Greenwalt) - ice: fix crash when writing timestamp on RX rings (Arkadiusz Kubalewski) - net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (Zixuan Fu) - net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (Zixuan Fu) - net: systemport: Fix an error handling path in bcm_sysport_probe() (Christophe JAILLET) - Revert PCI: aardvark: Rewrite IRQ code to chained IRQ handler (Pali Rohar) - netfilter: nft_flow_offload: fix offload with pppoe + vlan (Felix Fietkau) - net: fix dev_fill_forward_path with pppoe + bridge (Felix Fietkau) - netfilter: nft_flow_offload: skip dst neigh lookup for ppp devices (Felix Fietkau) - netfilter: flowtable: fix excessive hw offload attempts after failure (Felix Fietkau) - net/sched: act_pedit: sanitize shift argument before usage (Paolo Abeni) - xfrm: fix disable_policy flag use when arriving from different devices (Eyal Birger) - xfrm: rework default policy structure (Nicolas Dichtel) - net: macb: Increment rx bd head after allocating skb and buffer (Harini Katakam) - net: ipa: record proper RX transaction count (Alex Elder) - ALSA: hda - fix unused Realtek function when PM is not enabled (Randy Dunlap) - pinctrl: mediatek: mt8365: fix IES control pins (Mattijs Korpershoek) - ARM: dts: aspeed: Add video engine to g6 (Howard Chiu) - ARM: dts: aspeed: Add secure boot controller node (Joel Stanley) - ARM: dts: aspeed: Add ADC for AST2600 and enable for Rainier and Everest (Eddie James) - ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group (Jae Hyun Yoo) - pinctrl: pinctrl-aspeed-g6: remove FWQSPID group in pinctrl (Jae Hyun Yoo) - ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi (Jae Hyun Yoo) - dma-buf: ensure unique directory name for dmabuf stats (Charan Teja Kalla) - dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (Jerome Pouiller) - drm/dp/mst: fix a possible memory leak in fetch_monitor_name() (Hangyu Hua) - drm/i915/dmc: Add MMIO range restrictions (Anusha Srivatsa) - drm/amd: Dont reset dGPUs if the system is going to s2idle (Mario Limonciello) - libceph: fix potential use-after-free on linger ping and resends (Ilya Dryomov) - crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ (Ondrej Mosnacek) - arm64: mte: Ensure the cleared tags are visible before setting the PTE (Catalin Marinas) - arm64: paravirt: Use RCU read locks to guard stolen_time (Prakruthi Deepak Heragu) - KVM: x86/mmu: Update number of zapped pages even if page list is stable (Sean Christopherson) - Revert can: m_can: pci: use custom bit timings for Elkhart Lake (Jarkko Nikula) - PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold (Rafael J. Wysocki) - Fix double fget() in vhost_net_set_backend() (Al Viro) - selinux: fix bad cleanup on error in hashtab_duplicate() (Ondrej Mosnacek) - ALSA: hda/realtek: Add quirk for TongFang devices with pop noise (Werner Sembach) - ALSA: wavefront: Proper check of get_user() error (Takashi Iwai) - ALSA: usb-audio: Restore Rane SL-1 quirk (Takashi Iwai) - nilfs2: fix lockdep warnings during disk space reclamation (Ryusuke Konishi) - nilfs2: fix lockdep warnings in page operations for btree nodes (Ryusuke Konishi) - ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame() (linyujun) - platform/chrome: cros_ec_debugfs: detach log reader wq from devm (Tzung-Bi Shih) - drbd: remove usage of list iterator variable after loop (Jakob Koschel) - MIPS: lantiq: check the return value of kzalloc() (Xiaoke Wang) - fs: fix an infinite loop in iomap_fiemap (Guo Xuenan) - rtc: mc146818-lib: Fix the AltCentury for AMD platforms (Mario Limonciello) - nvme-multipath: fix hang when disk goes live over reconnect (Anton Eidelman) - nvmet: use a private workqueue instead of the system workqueue (Sagi Grimberg) - tools/virtio: compile with -pthread (Michael S. Tsirkin) - vhost_vdpa: dont setup irq offloading when irq_num < 0 (Zhu Lingshan) - s390/pci: improve zpci_dev reference counting (Niklas Schnelle) - s390/traps: improve panic message for translation-specification exception (Heiko Carstens) - ALSA: hda/realtek: Enable headset mic on Lenovo P360 (Kai-Heng Feng) - crypto: x86/chacha20 - Avoid spurious jumps to other functions (Peter Zijlstra) - crypto: stm32 - fix reference leak in stm32_crc_remove (Zheng Yongjun) - rtc: sun6i: Fix time overflow handling (Andre Przywara) - gfs2: Disable page faults during lockless buffered reads (Andreas Gruenbacher) - nvme-pci: add quirks for Samsung X5 SSDs (Monish Kumar R) - Input: stmfts - fix reference leak in stmfts_input_open (Zheng Yongjun) - Input: add bounds checking to input_set_capability() (Jeff LaBundy) - um: Cleanup syscall_handler_t definition/cast, fix warning (David Gow) - rtc: pcf2127: fix bug when reading alarm registers (Hugo Villeneuve) - rtc: fix use-after-free on device removal (Vincent Whitchurch) - Revert drm/i915/opregion: check port number bounds for SWSCI display power state (Greg Thelen) - mm/kfence: reset PG_slab and memcg_data before freeing __kfence_pool (Hyeonggon Yoo) - Watchdog: sp5100_tco: Enable Family 17h+ CPUs (Terry Bowman) - Watchdog: sp5100_tco: Add initialization using EFCH MMIO (Terry Bowman) - Watchdog: sp5100_tco: Refactor MMIO base address initialization (Terry Bowman) - Watchdog: sp5100_tco: Move timer initialization into function (Terry Bowman) - i2c: piix4: Enable EFCH MMIO for Family 17h+ (Terry Bowman) - i2c: piix4: Add EFCH MMIO support for SMBus port select (Terry Bowman) - i2c: piix4: Add EFCH MMIO support to SMBus base address detect (Terry Bowman) - i2c: piix4: Add EFCH MMIO support to region request and release (Terry Bowman) - i2c: piix4: Move SMBus port selection into function (Terry Bowman) - i2c: piix4: Move SMBus controller base address detect into function (Terry Bowman) - i2c: piix4: Move port I/O region request/release code into functions (Terry Bowman) - i2c: piix4: Replace hardcoded memory map size with a #define (Terry Bowman) - kernel/resource: Introduce request_mem_region_muxed() (Terry Bowman) - io_uring: arm poll for non-nowait files (Pavel Begunkov) - usb: gadget: fix race when gadget driver register via ioctl (Schspa Shi) - LTS version: v5.15.41 (Jack Vogel) - usb: gadget: uvc: allow for application to cleanly shutdown (Dan Vacura) - usb: gadget: uvc: rename function to be more consistent (Michael Tretter) - ping: fix address binding wrt vrf (Nicolas Dichtel) - mm/hwpoison: use pr_err() instead of dump_page() in get_any_page() (Naoya Horiguchi) - dma-buf: call dma_buf_stats_setup after dmabuf is in valid list (Charan Teja Reddy) - Revert drm/amd/pm: keep the BACO feature enabled for suspend (Alex Deucher) - drm/vmwgfx: Initialize drm_mode_fb_cmd2 (Zack Rusin) - SUNRPC: Ensure that the gssproxy client can start in a connected state (Trond Myklebust) - net: phy: micrel: Pass .probe for KS8737 (Fabio Estevam) - net: phy: micrel: Do not use kszphy_suspend/resume for KSZ8061 (Fabio Estevam) - arm[64]/memremap: dont abuse pfn_valid() to ensure presence of linear map (Mike Rapoport) - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (Waiman Long) - writeback: Avoid skipping inode writeback (Jing Xia) - net: phy: Fix race condition on link status change (Francesco Dolcini) - net: atlantic: always deep reset on pm op, fixing up my null deref regression (Manuel Ullmann) - i40e: i40e_main: fix a missing check on list iterator (Xiaomeng Tong) - drm/nouveau/tegra: Stop using iommu_present() (Robin Murphy) - drm/vmwgfx: Disable command buffers on svga3 without gbobjects (Zack Rusin) - mm/huge_memory: do not overkill when splitting huge_zero_page (Xu Yu) - Revert mm/memory-failure.c: skip huge_zero_page in memory_failure() (Xu Yu) - ceph: fix setting of xattrs on async created inodes (Jeff Layton) - serial: 8250_mtk: Fix register address for XON/XOFF character (AngeloGioacchino Del Regno) - serial: 8250_mtk: Fix UART_EFR register address (AngeloGioacchino Del Regno) - fsl_lpuart: Dont enable interrupts too early (Indan Zupancic) - slimbus: qcom: Fix IRQ check in qcom_slim_probe (Miaoqian Lin) - USB: serial: option: add Fibocom MA510 modem (Sven Schwermer) - USB: serial: option: add Fibocom L610 modem (Sven Schwermer) - USB: serial: qcserial: add support for Sierra Wireless EM7590 (Ethan Yang) - USB: serial: pl2303: add device id for HP LM930 Display (Scott Chen) - usb: typec: tcpci_mt6360: Update for BMC PHY setting (ChiYuan Huang) - usb: typec: tcpci: Dont skip cleanup in .remove() on error (Uwe Kleine-Konig) - usb: cdc-wdm: fix reading stuck on device close (Sergey Ryazanov) - tty: n_gsm: fix mux activation issues in gsm_config() (Daniel Starke) - tty: n_gsm: fix buffer over-read in gsm_dlci_data() (Daniel Starke) - tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (Yang Yingliang) - x86/mm: Fix marking of unused sub-pmd ranges (Adrian-Ken Rueegsegger) - usb: xhci-mtk: fix fs isocs transfer error (Chunfeng Yun) - KVM: PPC: Book3S PR: Enable MSR_DR for switch_mmu_context() (Alexander Graf) - firmware_loader: use kernel credentials when reading firmware (Thiebaud Weksteen) - interconnect: Restore sync state by ignoring ipa-virt in provider count (Stephen Boyd) - tcp: drop the hash_32() part from the index calculation (Willy Tarreau) - tcp: increase source port perturb table to 2^16 (Willy Tarreau) - tcp: dynamically allocate the perturb table used by source ports (Willy Tarreau) - tcp: add small random increments to the source port (Willy Tarreau) - tcp: resalt the secret every 10 seconds (Eric Dumazet) - tcp: use different parts of the port_offset for index and offset (Willy Tarreau) - secure_seq: use the 64 bits of the siphash for port offset calculation (Willy Tarreau) - net: sfp: Add tx-fault workaround for Huawei MA5671A SFP ONT (Matthew Hagan) - net: emaclite: Dont advertise 1000BASE-T and do auto negotiation (Shravya Kumbham) - ASoC: SOF: Fix NULL pointer exception in sof_pci_probe callback (Ajit Kumar Pandey) - s390: disable -Warray-bounds (Sven Schnelle) - ASoC: ops: Validate input values in snd_soc_put_volsw_range() (Mark Brown) - ASoC: max98090: Generate notifications on changes for custom control (Mark Brown) - ASoC: max98090: Reject invalid values in custom control put() (Mark Brown) - iommu: arm-smmu: disable large page mappings for Nvidia arm-smmu (Ashish Mhetre) - RDMA/irdma: Fix deadlock in irdma_cleanup_cm_core() (Duoming Zhou) - hwmon: (f71882fg) Fix negative temperature (Ji-Ze Hong (Peter Hong)) - gfs2: Fix filesystem block deallocation for short writes (Andreas Gruenbacher) - drm/vmwgfx: Fix fencing on SVGAv3 (Zack Rusin) - tls: Fix context leak on tls_device_down (Maxim Mikityanskiy) - net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() (Taehee Yoo) - net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending (Guangguan Wang) - net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down() (Florian Fainelli) - drm/vc4: hdmi: Fix build error for implicit function declaration (Hui Tang) - net: bcmgenet: Check for Wake-on-LAN interrupt probe deferral (Florian Fainelli) - net: ethernet: mediatek: ppe: fix wrong size passed to memset() (Yang Yingliang) - net/sched: act_pedit: really ensure the skb is writable (Paolo Abeni) - s390/lcs: fix variable dereferenced before check (Alexandra Winter) - s390/ctcm: fix potential memory leak (Alexandra Winter) - s390/ctcm: fix variable dereferenced before check (Alexandra Winter) - virtio: fix virtio transitional ids (Shunsuke Mie) - arm64: vdso: fix makefile dependency on vdso.so (Joey Gouly) - selftests: vm: Makefile: rename TARGETS to VMTARGETS (Joel Savitz) - procfs: prevent unprivileged processes accessing fdinfo dir (Kalesh Singh) - hwmon: (ltq-cputemp) restrict it to SOC_XWAY (Randy Dunlap) - dim: initialize all struct fields (Jesse Brandeburg) - ionic: fix missing pci_release_regions() on error in ionic_probe() (Yang Yingliang) - nfs: fix broken handling of the softreval mount option (Dan Aloni) - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (Johannes Berg) - net: sfc: fix memory leak due to ptp channel (Taehee Yoo) - sfc: Use swap() instead of open coding it (Jiapeng Chong) - fbdev: efifb: Fix a use-after-free due early fb_info cleanup (Javier Martinez Canillas) - net: chelsio: cxgb4: Avoid potential negative array offset (Kees Cook) - netlink: do not reset transport header in netlink_recvmsg() (Eric Dumazet) - drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (Christophe JAILLET) - ipv4: drop dst in multicast routing path (Lokesh Dhoundiyal) - ice: fix PTP stale Tx timestamps cleanup (Michal Michalik) - ice: Fix race during aux device (un)plugging (Ivan Vecera) - platform/surface: aggregator: Fix initialization order when compiling as builtin module (Maximilian Luz) - fbdev: vesafb: Cleanup fb_info in .fb_destroy rather than .remove (Javier Martinez Canillas) - fbdev: efifb: Cleanup fb_info in .fb_destroy rather than .remove (Javier Martinez Canillas) - fbdev: simplefb: Cleanup fb_info in .fb_destroy rather than .remove (Javier Martinez Canillas) - net: mscc: ocelot: avoid corrupting hardware counters when moving VCAP filters (Vladimir Oltean) - net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0 (Vladimir Oltean) - net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups (Vladimir Oltean) - net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in hardware when deleted (Vladimir Oltean) - net: Fix features skip in for_each_netdev_feature() (Tariq Toukan) - mac80211: Reset MBSSID parameters upon connection (Manikanta Pubbisetty) - hwmon: (tmp401) Add OF device ID table (Camel Guo) - iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (Guenter Roeck) - batman-adv: Dont skb_split skbuffs with frag_list (Sven Eckelmann) - LTS version: v5.15.40 (Jack Vogel) - mm: fix invalid page pointer returned with FOLL_PIN gups (Peter Xu) - mm/mlock: fix potential imbalanced rlimit ucounts adjustment (Miaohe Lin) - mm/hwpoison: fix error page recovered but reported not recovered (Naoya Horiguchi) - mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic() (Muchun Song) - mm: shmem: fix missing cache flush in shmem_mfill_atomic_pte() (Muchun Song) - mm: hugetlb: fix missing cache flush in copy_huge_page_from_user() (Muchun Song) - mm: fix missing cache flush for all tail pages of compound page (Muchun Song) - udf: Avoid using stale lengthOfImpUse (Jan Kara) - rfkill: uapi: fix RFKILL_IOCTL_MAX_SIZE ioctl request definition (Gleb Fotengauer-Malinovskiy) - Bluetooth: Fix the creation of hdev->name (Itay Iellin) - tools arch: Update arch/x86/lib/mem{cpy,set}_64.S copies used in perf bench mem memcpy (Arnaldo Carvalho de Melo) - kbuild: move objtool_args back to scripts/Makefile.build (Masahiro Yamada) - LTS version: v5.15.39 (Jack Vogel) - PCI: aardvark: Update comment about link going down after link-up (Marek Behun) - PCI: aardvark: Drop __maybe_unused from advk_pcie_disable_phy() (Marek Behun) - PCI: aardvark: Dont mask irq when mapping (Pali Rohar) - PCI: aardvark: Remove irq_mask_ack() callback for INTx interrupts (Pali Rohar) - PCI: aardvark: Use separate INTA interrupt for emulated root bridge (Pali Rohar) - PCI: aardvark: Fix support for PME requester on emulated bridge (Pali Rohar) - PCI: aardvark: Add support for PME interrupts (Pali Rohar) - PCI: aardvark: Optimize writing PCI_EXP_RTCTL_PMEIE and PCI_EXP_RTSTA_PME on emulated bridge (Pali Rohar) - PCI: aardvark: Add support for ERR interrupt on emulated bridge (Pali Rohar) - PCI: aardvark: Enable MSI-X support (Pali Rohar) - PCI: aardvark: Fix setting MSI address (Pali Rohar) - PCI: aardvark: Add support for masking MSI interrupts (Pali Rohar) - PCI: aardvark: Refactor unmasking summary MSI interrupt (Pali Rohar) - PCI: aardvark: Use dev_fwnode() instead of of_node_to_fwnode(dev->of_node) (Marek Behun) - PCI: aardvark: Make msi_domain_info structure a static driver structure (Marek Behun) - PCI: aardvark: Make MSI irq_chip structures static driver structures (Marek Behun) - PCI: aardvark: Check return value of generic_handle_domain_irq() when processing INTx IRQ (Pali Rohar) - PCI: aardvark: Rewrite IRQ code to chained IRQ handler (Pali Rohar) - PCI: aardvark: Replace custom PCIE_CORE_INT_* macros with PCI_INTERRUPT_* (Pali Rohar) - PCI: aardvark: Disable common PHY when unbinding driver (Pali Rohar) - PCI: aardvark: Disable link training when unbinding driver (Pali Rohar) - PCI: aardvark: Assert PERST# when unbinding driver (Pali Rohar) - PCI: aardvark: Fix memory leak in driver unbind (Pali Rohar) - PCI: aardvark: Mask all interrupts when unbinding driver (Pali Rohar) - PCI: aardvark: Disable bus mastering when unbinding driver (Pali Rohar) - PCI: aardvark: Comment actions in driver remove method (Pali Rohar) - PCI: aardvark: Clear all MSIs at setup (Pali Rohar) - PCI: aardvark: Add support for DEVCAP2, DEVCTL2, LNKCAP2 and LNKCTL2 registers on emulated bridge (Pali Rohar) - PCI: pci-bridge-emul: Add definitions for missing capabilities registers (Pali Rohar) - PCI: pci-bridge-emul: Add description for class_revision field (Pali Rohar) - rcu: Apply callbacks processing time limit only on softirq (Frederic Weisbecker) - rcu: Fix callbacks processing time limit retaining cond_resched() (Frederic Weisbecker) - Revert parisc: Mark sched_clock unstable only if clocks are not syncronized (Helge Deller) - mmc: rtsx: add 74 Clocks in power on flow (Ricky WU) - selftest/vm: verify remap destination address in mremap_test (Sidhartha Kumar) - selftest/vm: verify mmap addr in mremap_test (Sidhartha Kumar) - KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (Wanpeng Li) - KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (Paolo Bonzini) - KVM: x86: Do not change ICR on write to APIC_SELF_IPI (Paolo Bonzini) - x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (Wanpeng Li) - KVM: selftests: Silence compiler warning in the kvm_page_table_test (Thomas Huth) - kvm: selftests: do not use bitfields larger than 32-bits for PTEs (Paolo Bonzini) - iommu/dart: Add missing module owner to ops structure (Hector Martin) - net/mlx5e: Lag, Dont skip fib events on current dst (Vlad Buslov) - net/mlx5e: Lag, Fix fib_info pointer assignment (Vlad Buslov) - net/mlx5e: Lag, Fix use-after-free in fib event handler (Vlad Buslov) - net/mlx5: Fix slab-out-of-bounds while reading resource dump menu (Aya Levin) - fbdev: Make fb_release() return -ENODEV if fbdev was unregistered (Javier Martinez Canillas) - kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (Sandipan Das) - gpio: mvebu: drop pwm base assignment (Baruch Siach) - drm/amdgpu: Ensure HDA function is suspended before ASIC reset (Kai-Heng Feng) - drm/amdgpu: dont set s3 and s0ix at the same time (Mario Limonciello) - drm/amdgpu: explicitly check for s0ix when evicting resources (Mario Limonciello) - drm/amdgpu: unify BO evicting method in amdgpu_ttm (Nirmoy Das) - btrfs: always log symlinks in full mode (Filipe Manana) - btrfs: force v2 space cache usage for subpage mount (Qu Wenruo) - smsc911x: allow using IRQ0 (Sergey Shtylyov) - selftests: ocelot: tc_flower_chains: specify conform-exceed action for policer (Vladimir Oltean) - bnxt_en: Fix unnecessary dropping of RX packets (Michael Chan) - bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (Somnath Kotur) - selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational (Ido Schimmel) - rxrpc: Enable IPv6 checksums on transport socket (David Howells) - mld: respect RCU rules in ip6_mc_source() and ip6_mc_msfilter() (Eric Dumazet) - hinic: fix bug of wq out of bound access (Qiao Ma) - btrfs: do not BUG_ON() on failure to update inode when setting xattr (Filipe Manana) - drm/msm/dp: remove fail safe mode related code (Kuogee Hsieh) - selftests/net: so_txtime: usage(): fix documentation of default clock (Marc Kleine-Budde) - selftests/net: so_txtime: fix parsing of start time stamp on 32 bit systems (Marc Kleine-Budde) - net: emaclite: Add error handling for of_address_to_resource() (Shravya Kumbham) - net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter() (Eric Dumazet) - net: cpsw: add missing of_node_put() in cpsw_probe_dt() (Yang Yingliang) - net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller (Niels Dossche) - net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux() (Yang Yingliang) - net: dsa: mt7530: add missing of_node_put() in mt7530_setup() (Yang Yingliang) - net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init() (Yang Yingliang) - NFSv4: Dont invalidate inode attributes on delegation return (Trond Myklebust) - RDMA/irdma: Fix possible crash due to NULL netdev in notifier (Mustafa Ismail) - RDMA/irdma: Reduce iWARP QP destroy time (Shiraz Saleem) - RDMA/irdma: Flush iWARP QP if modified to ERR from RTR state (Tatyana Nikolova) - RDMA/siw: Fix a condition race issue in MPA request processing (Cheng Xu) - SUNRPC release the transport of a relocated task with an assigned transport (Olga Kornievskaia) - selftests/seccomp: Dont call read() on TTY from background pgrp (Jann Horn) - net/mlx5: Fix deadlock in sync reset flow (Moshe Shemesh) - net/mlx5: Avoid double clear or set of sync reset requested (Moshe Shemesh) - net/mlx5e: Fix the calling of update_buffer_lossy() API (Mark Zhang) - net/mlx5e: CT: Fix queued up restore put() executing after relevant ft release (Paul Blakey) - net/mlx5e: Dont match double-vlan packets if cvlan is not set (Vlad Buslov) - net/mlx5e: Fix trust state reset in reload (Moshe Tal) - iommu/dart: check return value after calling platform_get_resource() (Yang Yingliang) - iommu/vt-d: Drop stop marker messages (Lu Baolu) - ASoC: soc-ops: fix error handling (Pierre-Louis Bossart) - ASoC: dmaengine: Restore NULL prepare_slave_config() callback (Codrin Ciubotariu) - hwmon: (pmbus) disable PEC if not enabled (Adam Wujek) - hwmon: (adt7470) Fix warning on module removal (Armin Wolf) - gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (Puyou Lu) - gpio: visconti: Fix fwnode of GPIO IRQ (Nobuhiro Iwamatsu) - NFC: netlink: fix sleep in atomic bug when firmware download timeout (Duoming Zhou) - nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (Duoming Zhou) - nfc: replace improper check device_is_registered() in netlink related functions (Duoming Zhou) - can: grcan: only use the NAPI poll budget for RX (Andreas Larsson) - can: grcan: grcan_probe(): fix broken system id check for errata workaround needs (Andreas Larsson) - can: grcan: use ofdev->dev when allocating DMA memory (Daniel Hellstrom) - can: isotp: remove re-binding of bound socket (Oliver Hartkopp) - can: grcan: grcan_close(): fix deadlock (Duoming Zhou) - s390/dasd: Fix read inconsistency for ESE DASD devices (Jan Hoppner) - s390/dasd: Fix read for ESE with blksize < 4k (Jan Hoppner) - s390/dasd: prevent double format of tracks for ESE devices (Stefan Haberland) - s390/dasd: fix data corruption for ESE devices (Stefan Haberland) - ASoC: meson: Fix event generation for AUI CODEC mux (Mark Brown) - ASoC: meson: Fix event generation for G12A tohdmi mux (Mark Brown) - ASoC: meson: Fix event generation for AUI ACODEC mux (Mark Brown) - ASoC: wm8958: Fix change notifications for DSP controls (Mark Brown) - ASoC: da7219: Fix change notifications for tone generator frequency (Mark Brown) - genirq: Synchronize interrupt thread startup (Thomas Pfaff) - net: stmmac: disable Split Header (SPH) for Intel platforms (Tan Tee Min) - firewire: core: extend card->lock in fw_core_handle_bus_reset (Niels Dossche) - firewire: remove check of list iterator against head past the loop body (Jakob Koschel) - firewire: fix potential uaf in outbound_phy_packet_callback() (Chengfeng Ye) - timekeeping: Mark NMI safe time accessors as notrace (Kurt Kanzenbach) - Revert SUNRPC: attempt AF_LOCAL connect on setup (Trond Myklebust) - RISC-V: relocate DTB if its outside memory region (Nick Kossifidis) - drm/amdgpu: do not use passthrough mode in Xen dom0 (Marek Marczykowski-Gorecki) - drm/amd/display: Avoid reading audio pattern past AUDIO_CHANNELS_COUNT (Harry Wentland) - iommu/arm-smmu-v3: Fix size calculation in arm_smmu_mm_invalidate_range() (Nicolin Chen) - iommu/vt-d: Calculate mask for non-aligned flushes (David Stevens) - KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id (Kyle Huey) - x86/fpu: Prevent FPU state corruption (Thomas Gleixner) - gpiolib: of: fix bounds check for gpio-reserved-ranges (Andrei Lalaev) - mmc: core: Set HS clock speed before sending HS CMD13 (Brian Norris) - mmc: sunxi-mmc: Fix DMA descriptors allocated above 32 bits (Samuel Holland) - mmc: sdhci-msm: Reset GCC_SDCC_BCR register for SDHC (Shaik Sajida Bhanu) - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (Takashi Sakamoto) - ALSA: hda/realtek: Add quirk for Yoga Duet 7 13ITL6 speakers (Zihao Wang) - parisc: Merge model and model name into one line in /proc/cpuinfo (Helge Deller) - MIPS: Fix CP0 counter erratum detection for R4k CPUs (Maciej W. Rozycki) - LTS version: v5.15.38 (Jack Vogel) - powerpc/64: Add UADDR64 relocation support (Alexey Kardashevskiy) - objtool: Fix type of reloc::addend (Peter Zijlstra) - objtool: Fix code relocs vs weak symbols (Peter Zijlstra) - eeprom: at25: Use DMA safe buffers (Christophe Leroy) - perf symbol: Remove arch__symbols__fixup_end() (Namhyung Kim) - tty: n_gsm: fix software flow control handling (Daniel Starke) - tty: n_gsm: fix incorrect UA handling (Daniel Starke) - tty: n_gsm: fix reset fifo race condition (Daniel Starke) - tty: n_gsm: fix missing tty wakeup in convergence layer type 2 (Daniel Starke) - tty: n_gsm: fix wrong signal octets encoding in MSC (Daniel Starke) - tty: n_gsm: fix wrong command frame length field encoding (Daniel Starke) - tty: n_gsm: fix wrong command retry handling (Daniel Starke) - tty: n_gsm: fix missing explicit ldisc flush (Daniel Starke) - tty: n_gsm: fix wrong DLCI release order (Daniel Starke) - tty: n_gsm: fix insufficient txframe size (Daniel Starke) - netfilter: nft_socket: only do sk lookups when indev is available (Florian Westphal) - tty: n_gsm: fix malformed counter for out of frame data (Daniel Starke) - tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (Daniel Starke) - tty: n_gsm: fix mux cleanup after unregister tty device (Daniel Starke) - tty: n_gsm: fix decoupled mux resource (Daniel Starke) - tty: n_gsm: fix restart handling via CLD command (Daniel Starke) - perf symbol: Update symbols__fixup_end() (Namhyung Kim) - perf symbol: Pass is_kallsyms to symbols__fixup_end() (Namhyung Kim) - x86/cpu: Load microcode during restore_processor_state() (Borislav Petkov) - ARM: dts: imx8mm-venice-gw{71xx,72xx,73xx}: fix OTG controller OC mode (Tim Harvey) - ARM: dts: at91: sama7g5ek: enable pull-up on flexcom3 console lines (Eugen Hristev) - btrfs: fix leaked plug after failure syncing log on zoned filesystems (Filipe Manana) - thermal: int340x: Fix attr.show callback prototype (Kees Cook) - ACPI: processor: idle: Avoid falling back to C3 type C-states (Ville Syrjala) - net: ethernet: stmmac: fix write to sgmii_adapter_base (Dinh Nguyen) - drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (Imre Deak) - drm/i915: Check EDID for HDR static metadata when choosing blc (Jouni Hogander) - netfilter: Update ip6_route_me_harder to consider L3 domain (Martin Willi) - mtd: rawnand: qcom: fix memory corruption that causes panic (Md Sadre Alam) - kasan: prevent cpu_quarantine corruption when CPU offline and cache shrink occur at same time (Zqiang) - zonefs: Clear inode information flags on inode creation (Damien Le Moal) - zonefs: Fix management of open zones (Damien Le Moal) - Revert ACPI: processor: idle: fix lockup regression on 32-bit ThinkPad T40 (Ville Syrjala) - selftest/vm: verify remap destination address in mremap_test (Sidhartha Kumar) - selftest/vm: verify mmap addr in mremap_test (Sidhartha Kumar) - powerpc/perf: Fix 32bit compile (Alexey Kardashevskiy) - drivers: net: hippi: Fix deadlock in rr_close() (Duoming Zhou) - cifs: destage any unwritten data to the server before calling copychunk_write (Ronnie Sahlberg) - x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (Mikulas Patocka) - bonding: do not discard lowest hash bit for non layer3+4 hashing (suresh kumar) - ksmbd: set fixed sector size to FS_SECTOR_SIZE_INFORMATION (Namjae Jeon) - ksmbd: increment reference count of parent fp (Namjae Jeon) - arch: xtensa: platforms: Fix deadlock in rs_close() (Duoming Zhou) - ext4: fix bug_on in start_this_handle during umount filesystem (Ye Bin) - ASoC: wm8731: Disable the regulator when probing fails (Zheyu Ma) - ASoC: Intel: soc-acpi: correct device endpoints for max98373 (Chao Song) - tcp: fix F-RTO may not work correctly when receiving DSACK (Pengcheng Yang) - Revert ibmvnic: Add ethtool private flag for driver-defined queue limits (Dany Madden) - ixgbe: ensure IPsec VF<->PF compatibility (Leon Romanovsky) - perf arm-spe: Fix addresses of synthesized SPE events (Timothy Hayes) - gfs2: No short reads or writes upon glock contention (Andreas Gruenbacher) - gfs2: Make sure not to return short direct writes (Andreas Gruenbacher) - gfs2: Minor retry logic cleanup (Andreas Gruenbacher) - gfs2: Prevent endless loops in gfs2_file_buffered_write (Andreas Gruenbacher) - net: fec: add missing of_node_put() in fec_enet_init_stop_mode() (Yang Yingliang) - bnx2x: fix napi API usage sequence (Manish Chopra) - tls: Skip tls_append_frag on zero copy size (Maxim Mikityanskiy) - drm/amd/display: Fix memory leak in dcn21_clock_source_create (Miaoqian Lin) - drm/amdkfd: Fix GWS queue count (David Yat Sin) - netfilter: conntrack: fix udp offload timeout sysctl (Volodymyr Mytnyk) - io_uring: check reserved fields for recv/recvmsg (Jens Axboe) - io_uring: check reserved fields for send/sendmsg (Jens Axboe) - net: dsa: lantiq_gswip: Dont set GSWIP_MII_CFG_RMII_CLK (Martin Blumenstingl) - drm/sun4i: Remove obsolete references to PHYS_OFFSET (Samuel Holland) - net: dsa: mv88e6xxx: Fix port_hidden_wait to account for port_base_addr (Nathan Rossi) - net: phy: marvell10g: fix return value on error (Baruch Siach) - net: bcmgenet: hide status block before TX timestamping (Jonathan Lemon) - cpufreq: qcom-cpufreq-hw: Clear dcvs interrupts (Vladimir Zapolskiy) - clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (Yang Yingliang) - bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (Christophe JAILLET) - tcp: make sure treq->af_specific is initialized (Eric Dumazet) - tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT (Eric Dumazet) - ip_gre, ip6_gre: Fix race condition on o_seqno in collect_md mode (Peilin Ye) - ip6_gre: Make o_seqno start from 0 in native mode (Peilin Ye) - ip_gre: Make o_seqno start from 0 in native mode (Peilin Ye) - net/smc: sync err code when tcp connection was refused (liuyacan) - net: hns3: add return value for mailbox handling in PF (Jian Shen) - net: hns3: add validity check for message data length (Jian Shen) - net: hns3: modify the return code of hclge_get_ring_chain_from_mbx (Jie Wang) - net: hns3: clear inited state and stop client after failed to register netdev (Jian Shen) - cpufreq: fix memory leak in sun50i_cpufreq_nvmem_probe (Xiaobing Luo) - pinctrl: pistachio: fix use of irq_of_parse_and_map() (Lv Ruyi) - arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock (Fabio Estevam) - ARM: dts: imx6ull-colibri: fix vqmmc regulator (Max Krummenacher) - sctp: check asoc strreset_chunk in sctp_generate_reconf_event (Xin Long) - wireguard: device: check for metadata_dst with skb_valid_dst() (Nikolay Aleksandrov) - tcp: ensure to use the most recently sent skb when filling the rate sample (Pengcheng Yang) - pinctrl: stm32: Keep pinctrl block clock enabled when LEVEL IRQ requested (Marek Vasut) - tcp: md5: incorrect tcp_header_len for incoming connections (Francesco Ruggeri) - pinctrl: rockchip: fix RK3308 pinmux bits (Luca Ceresoli) - bpf, lwt: Fix crash when using bpf_skb_set_tunnel_key() from bpf_xmit lwt hook (Eyal Birger) - netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (Pablo Neira Ayuso) - net: dsa: Add missing of_node_put() in dsa_port_link_register_of (Miaoqian Lin) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-2588 Oracle Linux 8 Oracle Linux 9 [5.15.0-1.43.4.2] - rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 33981854] {CVE-2022-21385} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21385 Oracle Linux 9 [3.0.1-41.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.1-41] - Zeroize public keys as required by FIPS 140-3 Resolves: rhbz#2115861 - Add FIPS indicator for HKDF Resolves: rhbz#2118388 [1:3.0.1-40] - Deal with DH keys in FIPS mode according FIPS-140-3 requirements Related: rhbz#2115856 - Deal with ECDH keys in FIPS mode according FIPS-140-3 requirements Related: rhbz#2115857 - Use signature for RSA pairwise test according FIPS-140-3 requirements Related: rhbz#2115858 - Reseed all the parent DRBGs in chain on reseeding a DRBG Related: rhbz#2115859 - Zeroization according to FIPS-140-3 requirements Related: rhbz#2115861 [1:3.0.1-39] - Use RSA-OAEP in FIPS RSA encryption/decryption FIPS self-test - Use Use digest_sign & digest_verify in FIPS signature self test - Use FFDHE2048 in Diffie-Hellman FIPS self-test Resolves: rhbz#2112978 [1:3.0.1-38] - Fix segfault in EVP_PKEY_Q_keygen() when OpenSSL was not previously initialized. Resolves: rhbz#2107530 - Improve AES-GCM performance on Power9 and Power10 ppc64le Resolves: rhbz#2103044 - Improve ChaCha20 performance on Power10 ppc64le Resolves: rhbz#2103044 [1:3.0.1-37] - CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 Resolves: CVE-2022-2097 [1:3.0.1-36] - Ciphersuites with RSAPSK KX should be filterd in FIPS mode - Related: rhbz#2091994 - FIPS provider should block RSA encryption for key transport. - Other RSA encryption options should still be available if key length is enough - Related: rhbz#2091977 - Improve diagnostics when passing unsupported groups in TLS - Related: rhbz#2086554 - Fix PPC64 Montgomery multiplication bug - Related: rhbz#2101346 - Strict certificates validation shouldn't allow explicit EC parameters - Related: rhbz#2085521 - CVE-2022-2068: the c_rehash script allows command injection - Related: rhbz#2098276 [1:3.0.1-35] - Add explicit indicators for signatures in FIPS mode and mark signature primitives as unapproved. Resolves: rhbz#2087234 [1:3.0.1-34] - Some OpenSSL test certificates are expired, updating - Resolves: rhbz#2095696 [1:3.0.1-33] - CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory - Resolves: rhbz#2089443 - CVE-2022-1343 openssl: Signer certificate verification returned inaccurate response when using OCSP_NOCHECKS - Resolves: rhbz#2089439 - CVE-2022-1292 openssl: c_rehash script allows command injection - Resolves: rhbz#2090361 - Revert 'Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode' Related: rhbz#2087234 - Use KAT for ECDSA signature tests, s390 arch - Resolves: rhbz#2086866 [1:3.0.1-32] - openssl ecparam -list_curves lists only FIPS-approved curves in FIPS mode - Resolves: rhbz#2091929 - Ciphersuites with RSA KX should be filterd in FIPS mode - Related: rhbz#2091994 - In FIPS mode, signature verification works with keys of arbitrary size above 2048 bit, and only with 1024, 1280, 1536, 1792 bits for keys below 2048 bits - Resolves: rhbz#2091938 [1:3.0.1-31] - Disable SHA-1 signature verification in FIPS mode - Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode Resolves: rhbz#2087234 [1:3.0.1-30] - Use KAT for ECDSA signature tests - Resolves: rhbz#2086866 [1:3.0.1-29] - -config argument of openssl app should work properly in FIPS mode - Resolves: rhbz#2085500 - openssl req defaults on PKCS#8 encryption changed to AES-256-CBC - Resolves: rhbz#2085499 [1:3.0.1-28] - OpenSSL should not accept custom elliptic curve parameters - Resolves rhbz#2085508 - OpenSSL should not accept explicit curve parameters in FIPS mode - Resolves rhbz#2085521 [1:3.0.1-27] - Change FIPS module version to include hash of specfile, patches and sources Resolves: rhbz#2082585 [1:3.0.1-26] - OpenSSL FIPS module should not build in non-approved algorithms Resolves: rhbz#2082584 [1:3.0.1-25] - FIPS provider should block RSA encryption for key transport. - Other RSA encryption options should still be available - Resolves: rhbz#2053289 [1:3.0.1-24] - Fix occasional internal error in TLS when DHE is used Resolves: rhbz#2080323 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1292 CVE-2022-2068 CVE-2022-2097 CVE-2022-1343 CVE-2022-1473 Oracle Linux 9 [0.11.1-10.el9_0.2] - Fixed ruby socket permissions - Resolves: rhbz#2116839 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-2735 Oracle Linux 8 Oracle Linux 9 [5.15.0-2.52.3] - posix-cpu-timers: Cleanup CPU timers before freeing them during exec (Thadeu Lima de Souza Cascardo) [Orabug: 34495548] {CVE-2022-2585} - fix race between exit_itimers() and /proc/pid/timers (Oleg Nesterov) [Orabug: 34495548] - rds: ib: Add preemption control when using per-cpu variables (Hakon Bugge) [Orabug: 34505120] - ocfs2: fix handle refcount leak in two exception handling paths (Chenyuan Mi) [Orabug: 34436530] - netfilter: nf_tables: do not allow RULE_ID to refer to another chain (Thadeu Lima de Souza Cascardo) [Orabug: 34495566] {CVE-2022-2586} - netfilter: nf_tables: do not allow CHAIN_ID to refer to another table (Thadeu Lima de Souza Cascardo) [Orabug: 34495566] {CVE-2022-2586} - netfilter: nf_tables: do not allow SET_ID to refer to another table (Thadeu Lima de Souza Cascardo) [Orabug: 34495566] {CVE-2022-2586} - rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 34510687] {CVE-2022-21385} - kernfs: Replace global kernfs_open_file_mutex with hashed mutexes. (Imran Khan) [Orabug: 34476940] - kernfs: Introduce interface to access global kernfs_open_file_mutex. (Imran Khan) [Orabug: 34476940] - kernfs: make ->attr.open RCU protected. (Imran Khan) [Orabug: 34476940] - kernfs: Rename kernfs_put_open_node to kernfs_unlink_open_file. (Imran Khan) [Orabug: 34476940] - kernfs: Remove reference counting for kernfs_open_node. (Imran Khan) [Orabug: 34476940] - Revert net/rds: Connect TCP backends deterministically (Gerd Rausch) [Orabug: 34476561] - rds/ib: handle posted ACK during connection shutdown (Rohit Nair) [Orabug: 34465808] - rds/ib: reap tx completions during connection shutdown (Rohit Nair) [Orabug: 34465808] - uek-rpm: Set CONFIG_VSOCKETS=m and CONFIG_VSOCKETS_DIAG=m (Victor Erminpour) [Orabug: 34461322] - scsi: target: Fix WRITE_SAME No Data Buffer crash (Mike Christie) [Orabug: 34419970] {CVE-2022-21546} - rds/rdma: destroy CQs during user initiated rds connection resets (Rohit Nair) [Orabug: 34414238] [5.15.0-2.52.2] - PCI: pciehp: Add quirk to handle spurious DLLSC on a x4x4 SSD (Thomas Tai) [Orabug: 34358322] - net/mlx5: E-Switch, change VFs default admin state to auto in switchdev (Maor Dickman) [Orabug: 34477072] - xen/manage: Use orderly_reboot() to reboot (Ross Lagerwall) [Orabug: 34480751] - net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34484536] {CVE-2022-2588} [5.15.0-2.52.1] - LTS version: v5.15.52 (Jack Vogel) - io_uring: fix not locked access to fixed buf table (Pavel Begunkov) - net: mscc: ocelot: allow unregistered IP multicast flooding to CPU (Vladimir Oltean) - rtw88: rtw8821c: enable rfe 6 devices (Ping-Ke Shih) - rtw88: 8821c: support RFE type4 wifi NIC (Guo-Feng Fan) - fs: account for group membership (Christian Brauner) - fs: fix acl translation (Christian Brauner) - fs: support mapped mounts of mapped filesystems (Christian Brauner) - fs: add i_user_ns() helper (Christian Brauner) - fs: port higher-level mapping helpers (Christian Brauner) - fs: remove unused low-level mapping helpers (Christian Brauner) - fs: use low-level mapping helpers (Christian Brauner) - docs: update mapping documentation (Christian Brauner) - fs: account for filesystem mappings (Christian Brauner) - fs: tweak fsuidgid_has_mapping() (Christian Brauner) - fs: move mapping helpers (Christian Brauner) - fs: add is_idmapped_mnt() helper (Christian Brauner) - powerpc/ftrace: Remove ftrace init tramp once kernel init is complete (Naveen N. Rao) - xfs: Fix the free logic of state in xfs_attr_node_hasname (Yang Xu) - xfs: use kmem_cache_free() for kmem_cache objects (Rustam Kovhaev) - bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (Coly Li) - tick/nohz: unexport __init-annotated tick_nohz_full_setup() (Masahiro Yamada) - LTS version: v5.15.51 (Jack Vogel) - powerpc/pseries: wire up rng during setup_arch() (Jason A. Donenfeld) - kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt) (Masahiro Yamada) - dma-direct: use the correct size for dma_set_encrypted() (Dexuan Cui) - perf build-id: Fix caching files with a wrong build ID (Adrian Hunter) - random: update comment from copy_to_user() -> copy_to_iter() (Jason A. Donenfeld) - ARM: dts: bcm2711-rpi-400: Fix GPIO line names (Stefan Wahren) - modpost: fix section mismatch check for exported init/exit sections (Masahiro Yamada) - ARM: cns3xxx: Fix refcount leak in cns3xxx_init (Miaoqian Lin) - memory: samsung: exynos5422-dmc: Fix refcount leak in of_get_dram_timings (Miaoqian Lin) - ARM: Fix refcount leak in axxia_boot_secondary (Miaoqian Lin) - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (Miaoqian Lin) - ARM: exynos: Fix refcount leak in exynos_map_pmu (Miaoqian Lin) - arm64: dts: ti: k3-am64-main: Remove support for HS400 speed mode (Aswath Govindraju) - ARM: dts: imx6qdl: correct PU regulator ramp delay (Lucas Stach) - ARM: dts: imx7: Move hsic_phy power domain to HSIC PHY node (Alexander Stein) - drm/msm/dp: Always clear mask bits to disable interrupts at dp_ctrl_reset_irq_ctrl() (Kuogee Hsieh) - powerpc/powernv: wire up rng during setup_arch (Jason A. Donenfeld) - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (Andrew Donnellan) - powerpc: Enable execve syscall exit tracepoint (Naveen N. Rao) - powerpc/microwatt: wire up rng during setup_arch() (Jason A. Donenfeld) - parisc: Enable ARCH_HAS_STRICT_MODULE_RWX (Helge Deller) - parisc/stifb: Fix fb_is_primary_device() only available with CONFIG_FB_STI (Helge Deller) - xtensa: Fix refcount leak bug in time.c (Liang He) - xtensa: xtfpga: Fix refcount leak bug in setup (Liang He) - iio: adc: ti-ads131e08: add missing fwnode_handle_put() in ads131e08_alloc_channels() (Jialin Zhang) - iio: adc: adi-axi-adc: Fix refcount leak in adi_axi_adc_attach_client (Miaoqian Lin) - iio: adc: rzg2l_adc: add missing fwnode_handle_put() in rzg2l_adc_parse_properties() (Jialin Zhang) - iio: adc: axp288: Override TS pin bias current for some models (Hans de Goede) - iio: adc: stm32: Fix IRQs on STM32F4 by removing custom spurious IRQs message (Yannick Brosseau) - iio: adc: stm32: Fix ADCs iteration in irq handler (Yannick Brosseau) - iio: afe: rescale: Fix boolean logic bug (Linus Walleij) - iio: imu: inv_icm42600: Fix broken icm42600 (chip id 0 value) (Jean-Baptiste Maneyrol) - iio: adc: stm32: fix maximum clock rate for stm32mp15x (Olivier Moysan) - iio: trigger: sysfs: fix use-after-free on remove (Vincent Whitchurch) - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (Zheyu Ma) - iio: accel: mma8452: ignore the return value of reset operation (Haibo Chen) - iio:accel:mxc4005: rearrange iio trigger get and register (Dmitry Rokosov) - iio:accel:bma180: rearrange iio trigger get and register (Dmitry Rokosov) - iio:accel:kxcjk-1013: rearrange iio trigger get and register (Dmitry Rokosov) - iio:chemical:ccs811: rearrange iio trigger get and register (Dmitry Rokosov) - iio:humidity:hts221: rearrange iio trigger get and register (Dmitry Rokosov) - f2fs: attach inline_data after setting compression (Jaegeuk Kim) - btrfs: fix deadlock with fsync+fiemap+transaction commit (Josef Bacik) - btrfs: dont set lock_owner when locking extent buffer for reading (Zygo Blaxell) - dt-bindings: usb: ehci: Increase the number of PHYs (Geert Uytterhoeven) - dt-bindings: usb: ohci: Increase the number of PHYs (Geert Uytterhoeven) - usb: chipidea: udc: check request status before setting device address (Xu Yang) - USB: gadget: Fix double-free bug in raw_gadget driver (Alan Stern) - usb: gadget: Fix non-unique driver names in raw-gadget driver (Alan Stern) - xhci-pci: Allow host runtime PM as default for Intel Meteor Lake xHCI (Utkarsh Patel) - xhci-pci: Allow host runtime PM as default for Intel Raptor Lake xHCI (Tanveer Alam) - xhci: turn off port power in shutdown (Mathias Nyman) - usb: typec: wcove: Drop wrong dependency to INTEL_SOC_PMIC (Andy Shevchenko) - iio: adc: vf610: fix conversion mode sysfs node name (Baruch Siach) - iio: magnetometer: yas530: Fix memchr_inv() misuse (Linus Walleij) - iio: mma8452: fix probe fail when device tree compatible is used. (Haibo Chen) - s390/cpumf: Handle events cycles and instructions identical (Thomas Richter) - gpio: winbond: Fix error code in winbond_gpio_get() (Dan Carpenter) - nvme: move the Samsung X5 quirk entry to the core quirks (Christoph Hellwig) - nvme-pci: add NO APST quirk for Kioxia device (Enzo Matsumiya) - sock: redo the psock vs ULP protection check (Jakub Kicinski) - Revert net/tls: fix tls_sk_proto_close executed repeatedly (Jakub Kicinski) - virtio_net: fix xdp_rxq_info bug after suspend/resume (Stephan Gerhold) - igb: Make DMA faster when CPU is active on the PCIe link (Kai-Heng Feng) - regmap-irq: Fix offset/index mismatch in read_sub_irq_data() (Aidan MacDonald) - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (Aidan MacDonald) - ice: ethtool: advertise 1000M speeds properly (Anatolii Gerasymenko) - afs: Fix dynamic root getattr (David Howells) - MIPS: Remove repetitive increase irq_err_count (huhai) - x86/xen: Remove undefined behavior in setup_features() (Julien Grall) - xen-blkfront: Handle NULL gendisk (Jason Andryuk) - selftests: netfilter: correct PKTGEN_SCRIPT_PATHS in nft_concat_range.sh (Jie2x Zhou) - udmabuf: add back sanity check (Gerd Hoffmann) - net/tls: fix tls_sk_proto_close executed repeatedly (Ziyang Xuan) - erspan: do not assume transport header is always set (Eric Dumazet) - perf arm-spe: Dont set data source if its not a memory operation (Leo Yan) - drm/msm/dp: force link training for display resolution change (Kuogee Hsieh) - drm/msm/dp: do not initialize phy until plugin interrupt received (Kuogee Hsieh) - drm/msm/dp: dp_link_parse_sink_count() return immediately if aux read failed (Kuogee Hsieh) - drm/msm/dp: Drop now unused hpd_high member (Bjorn Andersson) - drm/msm/dp: check core_initialized before disable interrupts at dp_display_unbind() (Kuogee Hsieh) - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (Miaoqian Lin) - net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (Peilin Ye) - ethtool: Fix get module eeprom fallback (Ivan Vecera) - bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (Jay Vosburgh) - igb: fix a use-after-free issue in igb_clean_tx_ring (Lorenzo Bianconi) - tipc: fix use-after-free Read in tipc_named_reinit (Hoang Le) - net: fix data-race in dev_isalive() (Eric Dumazet) - net: Write lock dev_base_lock without disabling bottom halves. (Sebastian Andrzej Siewior) - KVM: arm64: Prevent kmemleak from accessing pKVM memory (Quentin Perret) - phy: aquantia: Fix AN when higher speeds than 1G are not advertised (Claudiu Manoil) - scsi: storvsc: Correct reporting of Hyper-V I/O size limits (Saurabh Sengar) - bpf, x86: Fix tail call count offset calculation on bpf2bpf call (Jakub Sitnicki) - drm/sun4i: Fix crash during suspend after component bind failure (Samuel Holland) - bpf: Fix request_sock leak in sk lookup helpers (Jon Maxwell) - drm/msm: use for_each_sgtable_sg to iterate over scatterlist (Jonathan Marek) - xsk: Fix generic transmit when completion queue reservation fails (Ciara Loftus) - scsi: iscsi: Exclude zero from the endpoint ID range (Sergey Gorenko) - drm/msm: Switch ordering of runpm put vs devfreq_idle (Rob Clark) - scsi: scsi_debug: Fix zone transition to full condition (Damien Le Moal) - netfilter: use get_random_u32 instead of prandom (Florian Westphal) - drm/msm: Fix double pm_runtime_disable() call (Maximilian Luz) - drm/msm: Ensure mmap offset is initialized (Rob Clark) - USB: serial: option: add Quectel RM500K module support (Macpaul Lin) - USB: serial: option: add Quectel EM05-G modem (Yonglin Tan) - USB: serial: option: add Telit LE910Cx 0x1250 composition (Carlo Lobrano) - USB: serial: pl2303: add support for more HXN (G) types (Johan Hovold) - drm/i915: Implement w/a 22010492432 for adl-s (Ville Syrjala) - tracing/kprobes: Check whether get_kretprobe() returns NULL in kretprobe_dispatcher() (Masami Hiramatsu (Google)) - dm mirror log: clear log bits up to BITS_PER_LONG boundary (Mikulas Patocka) - dm era: commit metadata in postsuspend after worker stops (Nikos Tsironis) - ata: libata: add qc->flags in ata_qc_complete_template tracepoint (Edward Wu) - mtd: rawnand: gpmi: Fix setting busy timeout setting (Sascha Hauer) - MAINTAINERS: Add new IOMMU development mailing list (Joerg Roedel) - xen/gntdev: Avoid blocking in unmap_grant_pages() (Demi Marie Obenour) - mmc: mediatek: wait dma stop bit reset to 0 (Mengqi Zhang) - mmc: sdhci-pci-o2micro: Fix card detect by dealing with debouncing (Chevron Li) - scsi: ibmvfc: Allocate/free queue resource only during probe/remove (Tyrel Datwyler) - scsi: ibmvfc: Store vhost pointer during subcrq allocation (Tyrel Datwyler) - btrfs: add error messages to all unrecognized mount options (David Sterba) - btrfs: prevent remounting to v1 space cache for subpage mount (Qu Wenruo) - btrfs: fix hang during unmount when block group reclaim task is running (Filipe Manana) - 9p: fix fid refcount leak in v9fs_vfs_get_link (Dominique Martinet) - 9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl (Dominique Martinet) - 9p: Fix refcounting during full path walks for fid lookups (Tyler Hicks) - net: openvswitch: fix parsing of nw_proto for IPv6 fragments (Rosemarie ORiorden) - ALSA: hda/realtek: Add quirk for Clevo NS50PU (Tim Crawford) - ALSA: hda/realtek: Add quirk for Clevo PD70PNT (Tim Crawford) - ALSA: hda/realtek: Apply fixup for Lenovo Yoga Duet 7 properly (Takashi Iwai) - ALSA: hda/realtek - ALC897 headset MIC no sound (Kailang Yang) - ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (Soham Sen) - ALSA: hda/conexant: Fix missing beep setup (Takashi Iwai) - ALSA: hda/via: Fix missing beep setup (Takashi Iwai) - random: quiet urandom warning ratelimit suppression message (Jason A. Donenfeld) - random: schedule mix_interrupt_randomness() less often (Jason A. Donenfeld) - LTS version: v5.15.50 (Jack Vogel) - arm64: mm: Dont invalidate FROM_DEVICE buffers at start of DMA transfer (Will Deacon) - serial: core: Initialize rs485 RTS polarity already on probe (Lukas Wunner) - selftests/bpf: Add selftest for calling global functions from freplace (Toke Hoiland-Jorgensen) - bpf: Fix calling global functions from BPF_PROG_TYPE_EXT programs (Toke Hoiland-Jorgensen) - usb: gadget: u_ether: fix regression in setting fixed MAC address (Marian Postevca) - zonefs: fix zonefs_iomap_begin() for reads (Damien Le Moal) - drm/amd/display: Dont reinitialize DMCUB on s0ix resume (Nicholas Kazlauskas) - s390/mm: use non-quiescing sske for KVM switch to keyed guest (Christian Borntraeger) - LTS version: v5.15.49 (Jack Vogel) - clk: imx8mp: fix usb_root_clk parent (Peng Fan) (Masahiro Yamada) - virtio-pci: Remove wrong address verification in vp_del_vqs() (Murilo Opsfelder Araujo) - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (Andy Chi) - KVM: arm64: Dont read a HW interrupt pending state in user context (Marc Zyngier) - ext4: add reserved GDT blocks check (Zhang Yi) - ext4: make variable count signed (Ding Xiang) - ext4: fix bug_on ext4_mb_use_inode_pa (Baokun Li) - ext4: fix super block checksum incorrect after mount (Ye Bin) - cfi: Fix __cfi_slowpath_diag RCU usage with cpuidle (Sami Tolvanen) - drm/amd/display: Cap OLED brightness per max frame-average luminance (Roman Li) - dm mirror log: round up region bitmap size to BITS_PER_LONG (Mikulas Patocka) - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (Shinichiro Kawasaki) - serial: 8250: Store to lsr_save_flags after lsr read (Ilpo Jarvinen) - tty: n_gsm: Debug output allocation must use GFP_ATOMIC (Tony Lindgren) - usb: gadget: f_fs: change ep->ep safe in ffs_epfile_io() (Linyu Yuan) - usb: gadget: f_fs: change ep->status safe in ffs_epfile_io() (Linyu Yuan) - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (Miaoqian Lin) - usb: cdnsp: Fixed setting last_trb incorrectly (Jing Leng) - usb: dwc2: Fix memory leak in dwc2_hcd_init (Miaoqian Lin) - USB: serial: io_ti: add Agilent E5805A support (Robert Eckelmann) - USB: serial: option: add support for Cinterion MV31 with new baseline (Slark Xiao) - crypto: memneq - move into lib/ (Jason A. Donenfeld) - comedi: vmk80xx: fix expression for tx buffer size (Ian Abbott) - mei: me: add raptor lake point S DID (Alexander Usyskin) - mei: hbm: drop capability response on early shutdown (Alexander Usyskin) - i2c: designware: Use standard optional ref clock implementation (Serge Semin) - sched: Fix balance_push() vs __sched_setscheduler() (Peter Zijlstra) - irqchip/realtek-rtl: Fix refcount leak in map_interrupts (Miaoqian Lin) - irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions (Miaoqian Lin) - irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions (Miaoqian Lin) - irqchip/gic/realview: Fix refcount leak in realview_gic_of_init (Miaoqian Lin) - i2c: npcm7xx: Add check for platform_driver_register (Jiasheng Jiang) - faddr2line: Fix overlapping text section failures, the sequel (Josh Poimboeuf) - block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (Bart Van Assche) - init: Initialize noop_backing_dev_info early (Jan Kara) - certs/blacklist_hashes.c: fix const confusion in certs blacklist (Masahiro Yamada) - arm64: ftrace: consistently handle PLTs. (Mark Rutland) - arm64: ftrace: fix branch range checks (Mark Rutland) - net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (Duoming Zhou) - net: bgmac: Fix an erroneous kfree() in bgmac_remove() (Christophe JAILLET) - mlxsw: spectrum_cnt: Reorder counter pools (Petr Machata) - nvme: add device name to warning in uuid_show() (Thomas WeiBschuh) - rtc: ftrtc010: Use platform_get_irq() to get the interrupt (Lad Prabhakar) - rtc: ftrtc010: Use platform_get_irq() to get the interrupt (Lad Prabhakar) - rtc: mt6397: check return value after calling platform_get_resource() (Yang Yingliang) - ARM: dts: aspeed: ast2600-evb: Enable RX delay for MAC0/MAC1 (Howard Chiu) - clocksource/drivers/riscv: Events are stopped during CPU suspend (Samuel Holland) - soc: rockchip: Fix refcount leak in rockchip_grf_init (Miaoqian Lin) - extcon: ptn5150: Add queue work sync before driver release (Li Jun) - ksmbd: fix reference count leak in smb_check_perm_dacl() (Xin Xiong) - coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier (Guilherme G. Piccoli) - soundwire: intel: prevent pm_runtime resume prior to system suspend (Pierre-Louis Bossart) - export: fix string handling of namespace in EXPORT_SYMBOL_NS (Greg Kroah-Hartman) - serial: sifive: Report actual baud base rather than fixed 115200 (Maciej W. Rozycki) - power: supply: axp288_fuel_gauge: Drop BIOS version check from T3 MRD DMI quirk (Hans de Goede) - phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (Johan Hovold) - misc/pvpanic: Convert regular spinlock into trylock on panic path (Guilherme G. Piccoli) - pvpanic: Fix typos in the comments (Andy Shevchenko) - rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails (Krzysztof Kozlowski) - iio: adc: sc27xx: Fine tune the scale calibration values (Cixi Geng) - iio: adc: sc27xx: fix read big scale voltage not right (Cixi Geng) - iio: proximity: vl53l0x: Fix return value check of wait_for_completion_timeout (Miaoqian Lin) - iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (Miaoqian Lin) - rpmsg: virtio: Fix the unregistration of the device rpmsg_ctrl (Arnaud Pouliquen) - rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev() (Hangyu Hua) - rpmsg: virtio: Fix possible double free in rpmsg_probe() (Hangyu Hua) - usb: typec: mux: Check dev_set_name() return value (Bjorn Andersson) - firmware: stratix10-svc: fix a missing check on list iterator (Xiaomeng Tong) - misc: fastrpc: fix an incorrect NULL check on list iterator (Xiaomeng Tong) - usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) - usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (Wesley Cheng) - rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) - pwm: raspberrypi-poe: Fix endianness in firmware struct (Uwe Kleine-Konig) - pwm: lp3943: Fix duty calculation in case period was clamped (Uwe Kleine-Konig) - staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (Christophe JAILLET) - usb: musb: Fix missing of_node_put() in omap2430_probe (Miaoqian Lin) - USB: storage: karma: fix rio_karma_init return (Lin Ma) - usb: usbip: add missing device lock on tweak configuration cmd (Niels Dossche) - usb: usbip: fix a refcount leak in stub_probe() (Hangyu Hua) - remoteproc: imx_rproc: Ignore create mem entry for resource table (Peng Fan) - tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (Sherry Sun) - serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe (Miaoqian Lin) - tty: n_tty: Restore EOF push handling behavior (Daniel Gibson) - tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (Miaoqian Lin) - tty: goldfish: Use tty_port_destroy() to destroy port (Wang Weiyang) - lkdtm/bugs: Dont expect thread termination without CONFIG_UBSAN_TRAP (Christophe Leroy) - lkdtm/bugs: Check for the NULL pointer after calling kmalloc (Jiasheng Jiang) - iio: adc: ad7124: Remove shift from scan_type (Alexandru Tachici) - staging: greybus: codecs: fix type confusion of list iterator variable (Jakob Koschel) - pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (Randy Dunlap) - LTS version: v5.15.46 (Jack Vogel) - block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (Jan Kara) - pinctrl/rockchip: support setting input-enable param (Caleb Connolly) - md: bcache: check the return value of kzalloc() in detached_dev_do_request() (Jia-Ju Bai) - md: fix double free of io_acct_set bioset (Xiao Ni) - md: Dont set mddev private to NULL in raid0 pers->free (Xiao Ni) - fs/ntfs3: Fix invalid free in log_replay (Namjae Jeon) - exportfs: support idmapped mounts (Christian Brauner) - fs: add two trivial lookup helpers (Christian Brauner) - interconnect: qcom: icc-rpmh: Add BCMs to commit list in pre_aggregate (Mike Tipton) - interconnect: qcom: sc7180: Drop IP0 interconnects (Stephen Boyd) - ext4: only allow test_dummy_encryption when supported (Eric Biggers) - MIPS: IP30: Remove incorrect cpu_has_fpu override (Maciej W. Rozycki) - MIPS: IP27: Remove incorrect cpu_has_fpu override (Maciej W. Rozycki) - RDMA/rxe: Generate a completion for unsupported/invalid opcode (Xiao Yang) - RDMA/hns: Remove the num_cqc_timer variable (Yixing Liu) - staging: r8188eu: delete rtw_wx_read/write32() (Dan Carpenter) - Revert random: use static branch for crng_ready() (Jason A. Donenfeld) - list: test: Add a test for list_is_head() (David Gow) - kseltest/cgroup: Make test_stress.sh work if run interactively (Waiman Long) - net: ipa: fix page free in ipa_endpoint_replenish_one() (Alex Elder) - net: ipa: fix page free in ipa_endpoint_trans_release() (Alex Elder) - phy: qcom-qmp: fix reset-controller leak on probe errors (Johan Hovold) - coresight: core: Fix coresight device probe failure issue (Mao Jinlong) - blk-iolatency: Fix inflight count imbalances and IO hangs on offline (Tejun Heo) - vdpasim: allow to enable a vq repeatedly (Eugenio Perez) - dt-bindings: gpio: altera: correct interrupt-cells (Dinh Nguyen) - docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (Akira Yokosawa) - SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (Steve French) - ARM: pxa: maybe fix gpio lookup tables (Arnd Bergmann) - ARM: dts: s5pv210: Remove spi-cs-high on panel in Aries (Jonathan Bakker) - phy: qcom-qmp: fix struct clk leak on probe errors (Johan Hovold) - clk: tegra: Add missing reset deassertion (Diogo Ivo) - arm64: tegra: Add missing DFLL reset on Tegra210 (Diogo Ivo) - arm64: dts: qcom: ipq8074: fix the sleep clock frequency (Kathiravan T) - gma500: fix an incorrect NULL check on list iterator (Xiaomeng Tong) - tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (Xiaomeng Tong) - serial: pch: dont overwrite xmit->buf[0] by x_char (Jiri Slaby) - bcache: avoid journal no-space deadlock by reserving 1 journal bucket (Coly Li) - bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (Coly Li) - bcache: improve multithreaded bch_sectors_dirty_init() (Coly Li) - bcache: improve multithreaded bch_btree_check() (Coly Li) - stm: ltdc: fix two incorrect NULL checks on list iterator (Xiaomeng Tong) - carl9170: tx: fix an incorrect use of list iterator (Xiaomeng Tong) - ASoC: rt5514: Fix event generation for DSP Voice Wake Up control (Mark Brown) - rtl818x: Prevent using not initialized queues (Alexander Wetzel) - xtensa/simdisk: fix proc_read_simdisk() (Yi Yang) - mm/memremap: fix missing call to untrack_pfn() in pagemap_range() (Miaohe Lin) - hugetlb: fix huge_pmd_unshare address update (Mike Kravetz) - nodemask.h: fix compilation error with GCC12 (Christophe de Dinechin) - mm/page_alloc: always attempt to allocate at least one page during bulk allocation (Mel Gorman) - Revert mm/cma.c: remove redundant cma_mutex lock (Dong Aisheng) - iommu/dma: Fix iova map result check bug (Yunfei Wang) - iommu/msm: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) - ksmbd: fix outstanding credits related bugs (Hyunchul Lee) - ftrace: Clean up hash direct_functions on register failures (Song Liu) - kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (Naveen N. Rao) - um: Fix out-of-bounds read in LDT setup (Vincent Whitchurch) - um: chan_user: Fix winch_tramp() return value (Johannes Berg) - um: Use asm-generic/dma-mapping.h (Johannes Berg) - mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (Felix Fietkau) - cfg80211: declare MODULE_FIRMWARE for regulatory.db (Dimitri John Ledkov) - thermal: devfreq_cooling: use local ops instead of global ops (Kant Fan) - irqchip: irq-xtensa-mx: fix initial IRQ affinity (Max Filippov) - irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (Pali Rohar) - csky: patch_text: Fixup last cpu should be master (Guo Ren) - mmc: core: Allows to override the timeout value for ioctl() path (Bean Huo) - RDMA/hfi1: Fix potential integer multiplication overflow errors (Dennis Dalessandro) - Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug (Sean Christopherson) - ima: remove the IMA_TEMPLATE Kconfig option (GUO Zihua) - media: coda: Add more H264 levels for CODA960 (Nicolas Dufresne) - media: coda: Fix reported H264 profile (Nicolas Dufresne) - mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N (Tokunori Ikegami) - mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (Tokunori Ikegami) - md: fix an incorrect NULL check in md_reload_sb (Xiaomeng Tong) - md: fix an incorrect NULL check in does_sb_need_changing (Xiaomeng Tong) - drm/i915/dsi: fix VBT send packet port selection for ICL+ (Jani Nikula) - drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (Brian Norris) - drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (Xiaomeng Tong) - drm/nouveau/clk: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) - drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem (Lucas Stach) - drm/nouveau/subdev/bus: Ratelimit logging for fault errors (Lyude Paul) - drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. (Dave Airlie) - landlock: Fix same-layer rule unions (Mickael Salaun) - landlock: Create find_rule() from unmask_layers() (Mickael Salaun) - landlock: Reduce the maximum number of layers to 16 (Mickael Salaun) - landlock: Define access_mask_t to enforce a consistent access mask size (Mickael Salaun) - selftests/landlock: Test landlock_create_ruleset(2) argument check ordering (Mickael Salaun) - landlock: Change landlock_restrict_self(2) check ordering (Mickael Salaun) - landlock: Change landlock_add_rule(2) argument check ordering (Mickael Salaun) - selftests/landlock: Add tests for O_PATH (Mickael Salaun) - selftests/landlock: Fully test file rename with remove access (Mickael Salaun) - selftests/landlock: Extend access right tests to directories (Mickael Salaun) - selftests/landlock: Add tests for unknown access rights (Mickael Salaun) - selftests/landlock: Extend tests for minimal valid attribute size (Mickael Salaun) - selftests/landlock: Make tests build with old libc (Mickael Salaun) - landlock: Fix landlock_add_rule(2) documentation (Mickael Salaun) - samples/landlock: Format with clang-format (Mickael Salaun) - samples/landlock: Add clang-format exceptions (Mickael Salaun) - selftests/landlock: Format with clang-format (Mickael Salaun) - selftests/landlock: Normalize array assignment (Mickael Salaun) - selftests/landlock: Add clang-format exceptions (Mickael Salaun) - landlock: Format with clang-format (Mickael Salaun) - landlock: Add clang-format exceptions (Mickael Salaun) - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (Manivannan Sadhasivam) - scsi: dc395x: Fix a missing check on list iterator (Xiaomeng Tong) - dlm: fix missing lkb refcount handling (Alexander Aring) - dlm: uninitialized variable on error in dlm_listen_for_all() (Dan Carpenter) - dlm: fix plock invalid read (Alexander Aring) - s390/stp: clock_delta should be signed (Sven Schnelle) - s390/perf: obtain sie_block from the right address (Nico Boehr) - mm, compaction: fast_find_migrateblock() should return pfn in the target zone (Rei Yamamoto) - staging: r8188eu: prevent ->Ssid overflow in rtw_wx_set_scan() (Denis Efremov) - PCI: qcom: Fix unbalanced PHY init on probe errors (Johan Hovold) - PCI: qcom: Fix runtime PM imbalance on probe errors (Johan Hovold) - PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299 (Bjorn Helgaas) - drm/amdgpu: add beige goby PCI ID (Alex Deucher) - tracing: Initialize integer variable to prevent garbage return value (Gautam Menghani) - tracing: Fix potential double free in create_var_ref() (Keita Suzuki) - tty: goldfish: Introduce gf_ioread32()/gf_iowrite32() (Laurent Vivier) - ACPI: property: Release subnode properties with data nodes (Sakari Ailus) - ext4: avoid cycles in directory h-tree (Jan Kara) - ext4: verify dir block before splitting it (Jan Kara) - ext4: fix bug_on in __es_tree_search (Baokun Li) - ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state (Theodore Tso) - ext4: fix bug_on in ext4_writepages (Ye Bin) - ext4: fix warning in ext4_handle_inode_extension (Ye Bin) - ext4: fix race condition between ext4_write and ext4_convert_inline_data (Baokun Li) - ext4: fix use-after-free in ext4_rename_dir_prepare (Ye Bin) - ext4: mark group as trimmed only if it was fully scanned (Dmitry Monakhov) - bfq: Make sure bfqg for which we are queueing requests is online (Jan Kara) - bfq: Get rid of __bio_blkcg() usage (Jan Kara) - bfq: Track whether bfq_group is still online (Jan Kara) - bfq: Remove pointless bfq_init_rq() calls (Jan Kara) - bfq: Drop pointless unlock-lock pair (Jan Kara) - bfq: Update cgroup information before merging bio (Jan Kara) - bfq: Split shared queues on move between cgroups (Jan Kara) - bfq: Avoid merging queues with different parents (Jan Kara) - bfq: Avoid false marking of bic as stably merged (Jan Kara) - efi: Do not import certificates from UEFI Secure Boot for T2 Macs (Aditya Garg) - fs-writeback: writeback_sb_inodes:Recalculate wrote according skipped pages (Zhihao Cheng) - iwlwifi: mvm: fix assert 1F04 upon reconfig (Emmanuel Grumbach) - wifi: mac80211: fix use-after-free in chanctx code (Johannes Berg) - objtool: Fix symbol creation (Peter Zijlstra) - objtool: Fix objtool regression on x32 systems (Mikulas Patocka) - f2fs: fix to do sanity check for inline inode (Chao Yu) - f2fs: fix fallocate to use file_modified to update permissions consistently (Chao Yu) - f2fs: dont use casefolded comparison for . and .. (Eric Biggers) - f2fs: fix to do sanity check on total_data_blocks (Chao Yu) - f2fs: dont need inode lock for system hidden quota (Jaegeuk Kim) - f2fs: fix deadloop in foreground GC (Chao Yu) - f2fs: fix to clear dirty inode in f2fs_evict_inode() (Chao Yu) - f2fs: fix to do sanity check on block address in f2fs_do_zero_range() (Chao Yu) - f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count() (Chao Yu) - NFSv4.1 mark qualified async operations as MOVEABLE tasks (Olga Kornievskaia) - NFS: Convert GFP_NOFS to GFP_KERNEL (Trond Myklebust) - NFS: Create a new nfs_alloc_fattr_with_label() function (Anna Schumaker) - NFS: Always initialise fattr->label in nfs_fattr_alloc() (Trond Myklebust) - video: fbdev: vesafb: Fix a use-after-free due early fb_info cleanup (Javier Martinez Canillas) - perf jevents: Fix event syntax error caused by ExtSel (Zhengjun Xing) - perf c2c: Use stdio interface if slang is not supported (Leo Yan) - perf build: Fix btf__load_from_kernel_by_id() feature check (Jiri Olsa) - i2c: rcar: fix PM ref counts in probe error paths (Kuninori Morimoto) - i2c: npcm: Handle spurious interrupts (Tali Perry) - i2c: npcm: Correct register access width (Tyrone Ting) - i2c: npcm: Fix timeout calculation (Tali Perry) - iommu/amd: Increase timeout waiting for GA log enablement (Joerg Roedel) - dmaengine: stm32-mdma: fix chan initialization in stm32_mdma_irq_handler() (Amelie Delaunay) - dmaengine: stm32-mdma: remove GISR1 register (Amelie Delaunay) - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (Miaoqian Lin) - NFS: Further fixes to the writeback error handling (Trond Myklebust) - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (Trond Myklebust) - NFS: Dont report errors from nfs_pageio_complete() more than once (Trond Myklebust) - NFS: Do not report flush errors in nfs_write_end() (Trond Myklebust) - NFS: Dont report ENOSPC write errors twice (Trond Myklebust) - NFS: fsync() should report filesystem errors over EINTR/ERESTARTSYS (Trond Myklebust) - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (Trond Myklebust) - dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (Christophe JAILLET) - i2c: at91: Initialize dma_buf in at91_twi_xfer() (Nathan Chancellor) - iommu/mediatek: Fix NULL pointer dereference when printing dev_name (Miles Chen) - MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon (Guenter Roeck) - iommu/arm-smmu-v3-sva: Fix mm use-after-free (Jean-Philippe Brucker) - cpufreq: mediatek: Unregister platform device on exit (Rex-BC Chen) - cpufreq: mediatek: Use module_init and add module_exit (Jia-Wei Chang) - i2c: at91: use dma safe buffers (Michael Walle) - iommu/mediatek: Add mutex for m4u_group and m4u_dom in data (Yong Wu) - iommu/mediatek: Remove clk_disable in mtk_iommu_remove (Yong Wu) - iommu/mediatek: Add list_del in mtk_iommu_remove (Yong Wu) - iommu/mediatek: Fix 2 HW sharing pgtable issue (Yong Wu) - iommu/amd: Enable swiotlb in all cases (Mario Limonciello) - f2fs: fix dereference of stale list iterator after loop body (Jakob Koschel) - f2fs: fix to do sanity check on inline_dots inode (Chao Yu) - f2fs: support fault injection for dquot_initialize() (Chao Yu) - OPP: call of_node_put() on error path in _bandwidth_supported() (Dan Carpenter) - Input: stmfts - do not leave device disabled in stmfts_input_open (Dmitry Torokhov) - KVM: LAPIC: Drop pending LAPIC timer injection when canceling the timer (Wanpeng Li) - RDMA/hfi1: Prevent use of lock before it is initialized (Douglas Miller) - mailbox: forward the hrtimer if not queued and under a lock (Bjorn Ardo) - nfsd: destroy percpu stats counters after reply cache shutdown (Julian Schroeder) - mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() (Yang Yingliang) - powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup (Miaoqian Lin) - powerpc/xive: Fix refcount leak in xive_spapr_init (Miaoqian Lin) - powerpc/xive: Add some error handling code to xive_spapr_init() (Christophe JAILLET) - macintosh: via-pmu and via-cuda need RTC_LIB (Randy Dunlap) - powerpc/perf: Fix the threshold compare group constraint for power9 (Kajol Jain) - powerpc/perf: Fix the threshold compare group constraint for power10 (Kajol Jain) - powerpc/64: Only WARN if __pa()/__va() called with bad addresses (Michael Ellerman) - hwrng: omap3-rom - fix using wrong clk_disable() in omap_rom_rng_runtime_resume() (Yang Yingliang) - PCI: microchip: Fix potential race in interrupt handling (Daire McNamara) - PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (Kuppuswamy Sathyanarayanan) - Input: sparcspkr - fix refcount leak in bbc_beep_probe (Miaoqian Lin) - hugetlbfs: fix hugetlbfs_statfs() locking (Mina Almasry) - ARM: dts: at91: sama7g5: remove interrupt-parent from gic node (Eugen Hristev) - crypto: cryptd - Protect per-CPU resource by disabling BH. (Sebastian Andrzej Siewior) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-2588 CVE-2022-21385 CVE-2022-21546 CVE-2022-2586 CVE-2022-34918 CVE-2022-2585 Oracle Linux 9 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-4206 CVE-2021-4207 CVE-2022-0216 CVE-2022-26353 Oracle Linux 8 Oracle Linux 9 [5.15.0-3.60.5.1] - fs: remove no_llseek (Jason A. Donenfeld) [Orabug: 34721465] - vfio: do not set FMODE_LSEEK flag (Jason A. Donenfeld) [Orabug: 34721465] - dma-buf: remove useless FMODE_LSEEK flag (Jason A. Donenfeld) [Orabug: 34721465] - fs: do not compare against ->llseek (Jason A. Donenfeld) [Orabug: 34721465] - fs: clear or set FMODE_LSEEK based on llseek function (Jason A. Donenfeld) [Orabug: 34721465] [5.15.0-3.60.5] - hwmon: (opbmc) Add support for AST2600 based Pilot (Jan Zdarek) [Orabug: 34605427] - random: Fix incorrect type for 'rc' variable (Harshit Mogalapalli) [Orabug: 34596909] [5.15.0-3.60.4] - netfilter: ebtables: reject blobs that don't provide all entry points (Florian Westphal) [Orabug: 34513977] - uek-rpm: Disable CONFIG_CRYPTO_STREEBOG (Victor Erminpour) [Orabug: 34538054] - uek-rpm: Disable CONFIG_CRYPTO_SM3 (Victor Erminpour) [Orabug: 34538054] - uek-rpm: Disable CONFIG_CRYPTO_SM4 (Victor Erminpour) [Orabug: 34538054] - af_key: Do not call xfrm_probe_algs in parallel (Herbert Xu) [Orabug: 34566751] {CVE-2022-3028} - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() (Tetsuo Handa) [Orabug: 34567776] cpus_read_lock() deadlock (Tejun Heo) [Orabug: 34567776] [5.15.0-3.60.3] - audit: annotate branch direction for audit_in_mask() (Ankur Arora) [Orabug: 34544783] - audit: cache ctx->major in audit_filter_syscall() (Ankur Arora) [Orabug: 34544783] [5.15.0-3.60.2] - LTS version: v5.15.60 (Jack Vogel) - x86/speculation: Add LFENCE to RSB fill sequence (Pawan Gupta) - x86/speculation: Add RSB VM Exit protections (Daniel Sneddon) - macintosh/adb: fix oob read in do_adb_query() function (Ning Qiang) - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3586 (Hilda Wu) - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3587 (Hilda Wu) - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0CB8:0xC558 (Hilda Wu) - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04C5:0x1675 (Hilda Wu) - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04CA:0x4007 (Hilda Wu) - Bluetooth: btusb: Add support of IMC Networks PID 0x3568 (Aaron Ma) - dt-bindings: bluetooth: broadcom: Add BCM4349B1 DT binding (Ahmad Fatoum) - Bluetooth: hci_bcm: Add DT compatible for CYW55572 (Hakan Jansson) - Bluetooth: hci_bcm: Add BCM4349B1 variant (Ahmad Fatoum) - btrfs: zoned: fix critical section of relocation inode writeback (Naohiro Aota) - btrfs: zoned: prevent allocation from previous data relocation BG (Naohiro Aota) - arm64: set UXN on swapper page tables (Peter Collingbourne) - KVM: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user() (Mingwei Zhang) - selftests: KVM: Handle compiler optimizations in ucall (Raghavendra Rao Ananta) - tools/kvm_stat: fix display of error when multiple processes are found (Dmitry Klochkov) - KVM: selftests: Make hyperv_clock selftest more stable (Vitaly Kuznetsov) - KVM: x86: do not set st->preempted when going back to user space (Paolo Bonzini) - KVM: x86: do not report a vCPU as preempted outside instruction boundaries (Paolo Bonzini) [Orabug: 34571000] {CVE-2022-39189} - crypto: arm64/poly1305 - fix a read out-of-bound (GUO Zihua) - ACPI: APEI: Better fix to avoid spamming the console with old error logs (Tony Luck) - ACPI: video: Shortening quirk list by identifying Clevo by board_name only (Werner Sembach) - ACPI: video: Force backlight native for some TongFang devices (Werner Sembach) - tools/vm/slabinfo: Handle files in debugfs (Stephane Graber) - block: fix default IO priority handling again (Jan Kara) - selftests/bpf: Check dst_port only on the client socket (Jakub Sitnicki) - selftests/bpf: Extend verifier and bpf_sock tests for dst_port loads (Jakub Sitnicki) - x86/speculation: Make all RETbleed mitigations 64-bit only (Ben Hutchings) - LTS version: v5.15.59 (Jack Vogel) - x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (Thadeu Lima de Souza Cascardo) - docs/kernel-parameters: Update descriptions for 'mitigations=' param with retbleed (Eiichi Tsukata) - EDAC/ghes: Set the DIMM label unconditionally (Toshi Kani) - ARM: 9216/1: Fix MAX_DMA_ADDRESS overflow (Florian Fainelli) - page_alloc: fix invalid watermark check on a negative value (Jaewon Kim) - mm/hmm: fault non-owner device private entries (Ralph Campbell) - ARM: crypto: comment out gcc warning that breaks clang builds (Greg Kroah-Hartman) - sctp: leave the err path free in sctp_stream_init to sctp_stream_free (Xin Long) - sfc: disable softirqs for ptp TX (Alejandro Lucero) - perf symbol: Correct address for bss symbols (Leo Yan) - virtio-net: fix the race between refill work and close (Jason Wang) - netfilter: nf_queue: do not allow packet truncation below transport header offset (Florian Westphal) - octeontx2-pf: cn10k: Fix egress ratelimit configuration (Sunil Goutham) - sctp: fix sleep in atomic context bug in timer handlers (Duoming Zhou) - i40e: Fix interface init with MSI interrupts (no MSI-X) (Michal Maloszewski) - ipv4: Fix data-races around sysctl_fib_notify_on_flag_change. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_reflect_tos. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_comp_sack_nr. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_comp_sack_slack_ns. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_comp_sack_delay_ns. (Kuniyuki Iwashima) - net: Fix data-races around sysctl_[rw]mem(_offset)?. (Kuniyuki Iwashima) - tcp: Fix data-races around sk_pacing_rate. (Kuniyuki Iwashima) - net: mld: fix reference count leak in mld_{query | report}_work() (Taehee Yoo) - net: macsec: fix potential resource leak in macsec_add_rxsa() and macsec_add_txsa() (Jianglei Nie) - macsec: always read MACSEC_SA_ATTR_PN as a u64 (Sabrina Dubroca) - macsec: limit replay window size with XPN (Sabrina Dubroca) - macsec: fix error message in macsec_add_rxsa and _txsa (Sabrina Dubroca) - macsec: fix NULL deref in macsec_add_rxsa (Sabrina Dubroca) - Documentation: fix sctp_wmem in ip-sysctl.rst (Xin Long) - tcp: Fix a data-race around sysctl_tcp_invalid_ratelimit. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_autocorking. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_min_rtt_wlen. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_min_tso_segs. (Kuniyuki Iwashima) - net: sungem_phy: Add of_node_put() for reference returned by of_get_parent() (Liang He) - net: pcs: xpcs: propagate xpcs_read error to xpcs_get_state_c37_sgmii (Vladimir Oltean) - igmp: Fix data-races around sysctl_igmp_qrv. (Kuniyuki Iwashima) - net/tls: Remove the context from the list in tls_device_down (Maxim Mikityanskiy) - ipv6/addrconf: fix a null-ptr-deref bug for ip6_ptr (Ziyang Xuan) - net: ping6: Fix memleak in ipv6_renew_options(). (Kuniyuki Iwashima) - scsi: mpt3sas: Stop fw fault watchdog work item during system shutdown (David Jeffery) - tcp: Fix a data-race around sysctl_tcp_challenge_ack_limit. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_limit_output_bytes. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_moderate_rcvbuf. (Kuniyuki Iwashima) - octeontx2-pf: Fix UDP/TCP src and dst port tc filters (Subbaraya Sundeep) - Revert 'tcp: change pingpong threshold to 3' (Wei Wang) - scsi: ufs: host: Hold reference returned by of_parse_phandle() (Liang He) - ice: do not setup vlan for loopback VSI (Maciej Fijalkowski) - ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS) (Maciej Fijalkowski) - tcp: Fix data-races around sysctl_tcp_no_ssthresh_metrics_save. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_nometrics_save. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_frto. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_adv_win_scale. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_app_win. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_dsack. (Kuniyuki Iwashima) - watch_queue: Fix missing locking in add_watch_to_object() (Linus Torvalds) - watch_queue: Fix missing rcu annotation (David Howells) - drm/simpledrm: Fix return type of simpledrm_simple_display_pipe_mode_valid() (Nathan Chancellor) - nouveau/svm: Fix to migrate all requested pages (Alistair Popple) - s390/archrandom: prevent CPACF trng invocations in interrupt context (Harald Freudenberger) - asm-generic: remove a broken and needless ifdef conditional (Lukas Bulwahn) - hugetlb: fix memoryleak in hugetlb_mcopy_atomic_pte (Miaohe Lin) - mm: fix page leak with multiple threads mapping the same page (Josef Bacik) - secretmem: fix unhandled fault in truncate (Mike Rapoport) - fs: sendfile handles O_NONBLOCK of out_fd (Andrei Vagin) - ntfs: fix use-after-free in ntfs_ucsncmp() (ChenXiaoSong) - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (Luiz Augusto von Dentz) - LTS version: v5.15.58 (Jack Vogel) - drm/amd/display: Fix wrong format specifier in amdgpu_dm.c (Hayden Goodfellow) - x86/entry_32: Fix segment exceptions (Peter Zijlstra) - drm/amdgpu: Off by one in dm_dmub_outbox1_low_irq() (Dan Carpenter) - x86: drop bogus 'cc' clobber from __try_cmpxchg_user_asm() (Jan Beulich) - KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness (Maxim Levitsky) - x86/extable: Prefer local labels in .set directives (Nick Desaulniers) - drm/amd/display: invalid parameter check in dmub_hpd_callback (Jose Exposito) - drm/amd/display: Don't lock connection_mutex for DMUB HPD (Nicholas Kazlauskas) - watch-queue: remove spurious double semicolon (Linus Torvalds) - net: usb: ax88179_178a needs FLAG_SEND_ZLP (Jose Alonso) - tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() (Jiri Slaby) - tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push() (Jiri Slaby) - tty: drop tty_schedule_flip() (Jiri Slaby) - tty: the rest, stop using tty_schedule_flip() (Jiri Slaby) - tty: drivers/tty/, stop using tty_schedule_flip() (Jiri Slaby) - watchqueue: make sure to serialize 'wqueue->defunct' properly (Linus Torvalds) - drm/amd/display: Fix surface optimization regression on Carrizo (Nicholas Kazlauskas) - drm/amd/display: Optimize bandwidth on following fast update (Nicholas Kazlauskas) - drm/amd/display: Reset DMCUB before HW init (Nicholas Kazlauskas) - exfat: use updated exfat_chain directly during renaming (Sungjong Seo) - Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks (Luiz Augusto von Dentz) - Bluetooth: SCO: Fix sco_send_frame returning skb->len (Luiz Augusto von Dentz) - Bluetooth: Fix passing NULL to PTR_ERR (Luiz Augusto von Dentz) - Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg (Luiz Augusto von Dentz) - Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg (Luiz Augusto von Dentz) - Bluetooth: Add bt_skb_sendmmsg helper (Luiz Augusto von Dentz) - Bluetooth: Add bt_skb_sendmsg helper (Luiz Augusto von Dentz) - um: virtio_uml: Fix broken device handling in time-travel (Johannes Berg) - um: virtio_uml: Allow probing from devicetree (Vincent Whitchurch) - tracing: Fix return value of trace_pid_write() (Wonhyuk Yang) - tracing: Place trace_pid_list logic into abstract functions (Steven Rostedt (VMware)) - tracing: Have event format check not flag %p* on __get_dynamic_array() (Steven Rostedt (Google)) - exfat: fix referencing wrong parent directory information after renaming (Yuezhang Mo) - crypto: qat - re-enable registration of algorithms (Giovanni Cabiddu) - crypto: qat - add param check for DH (Giovanni Cabiddu) - crypto: qat - add param check for RSA (Giovanni Cabiddu) - crypto: qat - remove dma_free_coherent() for DH (Giovanni Cabiddu) - crypto: qat - remove dma_free_coherent() for RSA (Giovanni Cabiddu) - crypto: qat - fix memory leak in RSA (Giovanni Cabiddu) - crypto: qat - add backlog mechanism (Giovanni Cabiddu) - crypto: qat - refactor submission logic (Giovanni Cabiddu) - crypto: qat - use pre-allocated buffers in datapath (Giovanni Cabiddu) - crypto: qat - set to zero DH parameters before free (Giovanni Cabiddu) - iwlwifi: fw: uefi: add missing include guards (Johannes Berg) - mt76: fix use-after-free by removing a non-RCU wcid pointer (Felix Fietkau) - xhci: Set HCD flag to defer primary roothub registration (Kishon Vijay Abraham I) - xhci: dbc: Rename xhci_dbc_init and xhci_dbc_exit (Mathias Nyman) - xhci: dbc: create and remove dbc structure in dbgtty driver. (Mathias Nyman) - xhci: dbc: refactor xhci_dbc_init() (Mathias Nyman) - KVM: x86: Use __try_cmpxchg_user() to emulate atomic accesses (Sean Christopherson) - x86/extable: Extend extable functionality (Peter Zijlstra) - x86/entry_32: Remove .fixup usage (Peter Zijlstra) - bitfield.h: Fix 'type of reg too small for mask' test (Peter Zijlstra) - x86/extable: Provide EX_TYPE_DEFAULT_MCE_SAFE and EX_TYPE_FAULT_MCE_SAFE (Thomas Gleixner) - x86/extable: Rework the exception table mechanics (Thomas Gleixner) - x86/mce: Deduplicate exception handling (Thomas Gleixner) - x86/extable: Get rid of redundant macros (Thomas Gleixner) - x86/extable: Tidy up redundant handler functions (Thomas Gleixner) - x86/uaccess: Implement macros for CMPXCHG on user addresses (Peter Zijlstra) - dlm: fix pending remove if msg allocation fails (Alexander Aring) - sched/deadline: Fix BUG_ON condition for deboosted tasks (Juri Lelli) - bpf: Make sure mac_header was set before using it (Eric Dumazet) - mm/mempolicy: fix uninit-value in mpol_rebind_policy() (Wang Cheng) - KVM: Don't null dereference ops->destroy (Alexey Kardashevskiy) - spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA transfers (Marc Kleine-Budde) - KVM: selftests: Fix target thread to be migrated in rseq_test (Gavin Shan) - gpio: gpio-xilinx: Fix integer overflow (Srinivas Neeli) - tcp: Fix data-races around sysctl_tcp_max_reordering. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_abort_on_overflow. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_rfc1337. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_stdurg. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_retrans_collapse. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_slow_start_after_idle. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_recovery. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_early_retrans. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl knobs related to SYN option. (Kuniyuki Iwashima) - udp: Fix a data-race around sysctl_udp_l3mdev_accept. (Kuniyuki Iwashima) - ip: Fix data-races around sysctl_ip_prot_sock. (Kuniyuki Iwashima) - ipv4: Fix data-races around sysctl_fib_multipath_hash_fields. (Kuniyuki Iwashima) - ipv4: Fix data-races around sysctl_fib_multipath_hash_policy. (Kuniyuki Iwashima) - ipv4: Fix a data-race around sysctl_fib_multipath_use_neigh. (Kuniyuki Iwashima) - drm/imx/dcss: Add missing of_node_put() in fail path (Liang He) - net: dsa: vitesse-vsc73xx: silent spi_device_id warnings (Oleksij Rempel) - net: dsa: sja1105: silent spi_device_id warnings (Oleksij Rempel) - be2net: Fix buffer overflow in be_get_module_eeprom (Hristo Venev) - gpio: pca953x: use the correct register address when regcache sync during init (Haibo Chen) - gpio: pca953x: use the correct range when do regmap sync (Haibo Chen) - gpio: pca953x: only use single read/write for No AI mode (Haibo Chen) - net: stmmac: remove redunctant disable xPCS EEE call (Wong Vee Khee) - ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (Piotr Skajewski) - i40e: Fix erroneous adapter reinitialization during recovery process (Dawid Lukwinski) - pinctrl: armada-37xx: use raw spinlocks for regmap to avoid invalid wait context (Vladimir Oltean) - pinctrl: armada-37xx: Convert to use dev_err_probe() (Andy Shevchenko) - pinctrl: armada-37xx: Make use of the devm_platform_ioremap_resource() (Andy Shevchenko) - pinctrl: armada-37xx: Use temporary variable for struct device (Andy Shevchenko) - iavf: Fix handling of dummy receive descriptors (Przemyslaw Patynowski) - tcp: Fix data-races around sysctl_tcp_fastopen_blackhole_timeout. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_fastopen. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_max_syn_backlog. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_tw_reuse. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_notsent_lowat. (Kuniyuki Iwashima) - tcp: Fix data-races around some timeout sysctl knobs. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_reordering. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_migrate_req. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_syncookies. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_syn(ack)?_retries. (Kuniyuki Iwashima) - tcp: Fix data-races around keepalive sysctl knobs. (Kuniyuki Iwashima) - igmp: Fix data-races around sysctl_igmp_max_msf. (Kuniyuki Iwashima) - igmp: Fix a data-race around sysctl_igmp_max_memberships. (Kuniyuki Iwashima) - igmp: Fix data-races around sysctl_igmp_llm_reports. (Kuniyuki Iwashima) - net/tls: Fix race in TLS device down flow (Tariq Toukan) - net: stmmac: fix dma queue left shift overflow issue (Junxiao Chang) - perf tests: Fix Convert perf time to TSC test for hybrid (Adrian Hunter) - i2c: cadence: Change large transfer count reset logic to be unconditional (Robert Hancock) - i2c: mlxcpld: Fix register setting for 400KHz frequency (Vadim Pasternak) - net: ipv4: use kfree_skb_reason() in ip_rcv_finish_core() (Menglong Dong) - net: ipv4: use kfree_skb_reason() in ip_rcv_core() (Menglong Dong) - net: netfilter: use kfree_drop_reason() for NF_DROP (Menglong Dong) - net: skb_drop_reason: add document for drop reasons (Menglong Dong) - net: socket: rename SKB_DROP_REASON_SOCKET_FILTER (Menglong Dong) - net: skb: use kfree_skb_reason() in __udp4_lib_rcv() (Menglong Dong) - net: skb: use kfree_skb_reason() in tcp_v4_rcv() (Menglong Dong) - net: skb: introduce kfree_skb_reason() (Menglong Dong) - net: dsa: microchip: ksz_common: Fix refcount leak bug (Liang He) - mtd: rawnand: gpmi: Set WAIT_FOR_READY timeout based on program/erase times (Sascha Hauer) - mtd: rawnand: gpmi: validate controller clock rate (Dario Binacchi) - net: stmmac: fix unbalanced ptp clock issue in suspend/resume flow (Biao Huang) - net: stmmac: fix pm runtime issue in stmmac_dvr_remove() (Biao Huang) - tcp: Fix a data-race around sysctl_tcp_probe_interval. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_probe_threshold. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_mtu_probe_floor. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_min_snd_mss. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_base_mss. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_mtu_probing. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_l3mdev_accept. (Kuniyuki Iwashima) - tcp: sk->sk_bound_dev_if once in inet_request_bound_dev_if() (Eric Dumazet) - tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept. (Kuniyuki Iwashima) - ip: Fix a data-race around sysctl_fwmark_reflect. (Kuniyuki Iwashima) - ip: Fix a data-race around sysctl_ip_autobind_reuse. (Kuniyuki Iwashima) - ip: Fix data-races around sysctl_ip_nonlocal_bind. (Kuniyuki Iwashima) - ip: Fix data-races around sysctl_ip_fwd_update_priority. (Kuniyuki Iwashima) - ip: Fix data-races around sysctl_ip_fwd_use_pmtu. (Kuniyuki Iwashima) - ip: Fix data-races around sysctl_ip_no_pmtu_disc. (Kuniyuki Iwashima) - igc: Reinstate IGC_REMOVED logic and implement it properly (Lennert Buytenhek) - Revert 'e1000e: Fix possible HW unit hang after an s0ix exit' (Sasha Neftin) - e1000e: Enable GPT clock before sending message to CSME (Sasha Neftin) - nvme: fix block device naming collision (Israel Rukshin) - nvme: check for duplicate identifiers earlier (Christoph Hellwig) - scsi: ufs: core: Drop loglevel of WriteBoost message (Bjorn Andersson) - scsi: megaraid: Clear READ queue map's nr_queues (Ming Lei) - drm/amd/display: Ignore First MST Sideband Message Return Error (Fangzhi Zuo) - drm/amdgpu/display: add quirk handling for stutter mode (Alex Deucher) - drm/amd/display: Fork thread to offload work of hpd_rx_irq (Wayne Lin) - drm/amd/display: Add option to defer works of hpd_rx_irq (Wayne Lin) - drm/amd/display: Support for DMUB HPD interrupt handling (Jude Shih) - tcp: Fix data-races around sysctl_tcp_ecn. (Kuniyuki Iwashima) - sysctl: move some boundary constants from sysctl.c to sysctl_vals (Xiaoming Ni) - mm/pagealloc: sysctl: change watermark_scale_factor max limit to 30% (Suren Baghdasaryan) - net: tun: split run_ebpf_filter() and pskb_trim() into different 'if statement' (Dongli Zhang) - ipv4/tcp: do not use per netns ctl sockets (Eric Dumazet) - perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() (Peter Zijlstra) - pinctrl: ralink: Check for null return of devm_kcalloc (William Dean) - pinctrl: ralink: rename pinctrl-rt2880 to pinctrl-ralink (Arinc UNAL) - pinctrl: ralink: rename MT7628(an) functions to MT76X8 (Arinc UNAL) - RDMA/irdma: Fix sleep from invalid context BUG (Mustafa Ismail) - RDMA/irdma: Do not advertise 1GB page size for x722 (Mustafa Ismail) - power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (Miaoqian Lin) - xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() (Hangyu Hua) - ip: Fix data-races around sysctl_ip_default_ttl. (Kuniyuki Iwashima) - r8152: fix a WOL issue (Hayes Wang) - xfs: fix perag reference leak on iteration race with growfs (Brian Foster) - xfs: terminate perag iteration reliably on agcount (Brian Foster) - xfs: rename the next_agno perag iteration variable (Brian Foster) - xfs: fold perag loop iteration logic into helper function (Brian Foster) - xfs: fix maxlevels comparisons in the btree staging code (Darrick J. Wong) - mt76: mt7921: Fix the error handling path of mt7921_pci_probe() (Christophe JAILLET) - mt76: mt7921e: fix possible probe failure after reboot (Sean Wang) - mt76: mt7921: use physical addr to unify register access (Sean Wang) - Revert 'mt76: mt7921e: fix possible probe failure after reboot' (Sean Wang) - Revert 'mt76: mt7921: Fix the error handling path of mt7921_pci_probe()' (Sean Wang) - batman-adv: Use netif_rx_any_context() any. (Sebastian Andrzej Siewior) - serial: mvebu-uart: correctly report configured baudrate value (Pali Rohar) - PCI: hv: Fix interrupt mapping for multi-MSI (Jeffrey Hugo) - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (Jeffrey Hugo) - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (Jeffrey Hugo) - PCI: hv: Fix multi-MSI to allow more than one MSI vector (Jeffrey Hugo) - Revert 'selftest/vm: verify mmap addr in mremap_test' (Oleksandr Tymoshenko) - Revert 'selftest/vm: verify remap destination address in mremap_test' (Oleksandr Tymoshenko) - bus: mhi: host: pci_generic: add Telit FN990 (Daniele Palmas) - bus: mhi: host: pci_generic: add Telit FN980 v1 hardware revision (Daniele Palmas) - drm/ttm: fix locking in vmap/vunmap TTM GEM helpers (Christian Konig) - mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication (Ido Schimmel) - riscv: add as-options for modules with assembly compontents (Ben Dooks) - pinctrl: stm32: fix optional IRQ support to gpios (Fabien Dessenne) - LTS version: v5.15.57 (Jack Vogel) - x86: Use -mindirect-branch-cs-prefix for RETPOLINE builds (Peter Zijlstra) - um: Add missing apply_returns() (Peter Zijlstra) - x86/asm/32: Fix ANNOTATE_UNRET_SAFE use on 32-bit (Jiri Slaby) - x86/xen: Fix initialisation in hypercall_page after rethunk (Ben Hutchings) - x86/static_call: Serialize __static_call_fixup() properly (Thomas Gleixner) - x86/speculation: Disable RRSBA behavior (Pawan Gupta) - x86/kexec: Disable RET on kexec (Konrad Rzeszutek Wilk) - x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported (Thadeu Lima de Souza Cascardo) - x86/entry: Move PUSH_AND_CLEAR_REGS() back into error_entry (Peter Zijlstra) - x86/bugs: Add Cannon lake to RETBleed affected CPU list (Pawan Gupta) - x86/retbleed: Add fine grained Kconfig knobs (Peter Zijlstra) - objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (Josh Poimboeuf) - objtool: Add entry UNRET validation (Peter Zijlstra) - x86/xen: Add UNTRAIN_RET (Peter Zijlstra) - intel_idle: Disable IBRS during long idle (Peter Zijlstra) - x86: Add magic AMD return-thunk (Peter Zijlstra) - x86/entry: Avoid very early RET (Peter Zijlstra) - x86/ftrace: Use alternative RET encoding (Peter Zijlstra) - objtool: skip non-text sections when adding return-thunk sites (Thadeu Lima de Souza Cascardo) - bpf,x86: Respect X86_FEATURE_RETPOLINE* (Peter Zijlstra) - bpf,x86: Simplify computing label offsets (Peter Zijlstra) - x86/alternative: Add debug prints to apply_retpolines() (Peter Zijlstra) - x86/alternative: Try inline spectre_v2=retpoline,amd (Peter Zijlstra) - x86/alternative: Handle Jcc __x86_indirect_thunk_ eg (Peter Zijlstra) - x86/alternative: Implement .retpoline_sites support (Peter Zijlstra) - x86/retpoline: Create a retpoline thunk array (Peter Zijlstra) - x86/retpoline: Move the retpoline thunk declarations to nospec-branch.h (Peter Zijlstra) - x86/asm: Fixup odd GEN-for-each-reg.h usage (Peter Zijlstra) - x86/asm: Fix register order (Peter Zijlstra) - x86/retpoline: Remove unused replacement symbols (Peter Zijlstra) - objtool: Introduce CFI hash (Peter Zijlstra) - objtool,x86: Replace alternatives with .retpoline_sites (Peter Zijlstra) - objtool: Shrink struct instruction (Peter Zijlstra) - objtool: Explicitly avoid self modifying code in .altinstr_replacement (Peter Zijlstra) - objtool: Fix SLS validation for kcov tail-call replacement (Peter Zijlstra) - objtool: Classify symbols (Peter Zijlstra) - x86/entry: Don't call error_entry() for XENPV (Lai Jiangshan) - x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (Lai Jiangshan) - x86/entry: Switch the stack after error_entry() returns (Lai Jiangshan) - x86/traps: Use pt_regs directly in fixup_bad_iret() (Lai Jiangshan) - LTS version: v5.15.56 (Jack Vogel) - drm/aperture: Run fbdev removal before internal helpers (Thomas Zimmermann) - x86/pat: Fix x86_has_pat_wp() (Juergen Gross) - serial: 8250: Fix PM usage_count for console handover (Ilpo Jarvinen) - serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (Ilpo Jarvinen) - serial: stm32: Clear prev values before setting RTS delays (Ilpo Jarvinen) - serial: 8250: fix return error code in serial8250_request_std_resource() (Yi Yang) - vt: fix memory overlapping when deleting chars in the buffer (Yangxi Xiang) - tty: serial: samsung_tty: set dma burst_size to 1 (Chanho Park) - usb: dwc3: gadget: Fix event pending check (Thinh Nguyen) - usb: typec: add missing uevent when partner support PD (Linyu Yuan) - USB: serial: ftdi_sio: add Belimo device ids (Lucien Buchmann) - signal handling: don't use BUG_ON() for debugging (Linus Torvalds) - nvme-pci: phison e16 has bogus namespace ids (Keith Busch) - ALSA: usb-audio: Add quirk for Fiero SC-01 (fw v1.0.0) (Egor Vorontsov) - ALSA: usb-audio: Add quirk for Fiero SC-01 (Egor Vorontsov) - ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices (John Veness) - Revert 'can: xilinx_can: Limit CANFD brp to 2' (Srinivas Neeli) - ARM: dts: stm32: use the correct clock source for CEC on stm32mp151 (Gabriel Fernandez) - soc: ixp4xx/npe: Fix unused match warning (Linus Walleij) - x86: Clear .brk area at early boot (Juergen Gross) - irqchip: or1k-pic: Undefine mask_ack for level triggered hardware (Stafford Horne) - ASoC: madera: Fix event generation for rate controls (Charles Keepax) - ASoC: madera: Fix event generation for OUT1 demux (Charles Keepax) - ASoC: cs47l15: Fix event generation for low power mux control (Charles Keepax) - ASoC: dapm: Initialise kcontrol data for mux/demux controls (Charles Keepax) - ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error (Shuming Fan) - ASoC: wm5110: Fix DRE control (Charles Keepax) - ASoC: Intel: bytcr_wm5102: Fix GPIO related probe-ordering problem (Hans de Goede) - ASoC: wcd938x: Fix event generation for some controls (Mark Brown) - ASoC: SOF: Intel: hda-loader: Clarify the cl_dsp_init() flow (Peter Ujfalusi) - ASoC: codecs: rt700/rt711/rt711-sdca: initialize workqueues in probe (Pierre-Louis Bossart) - ASoC: rt7*-sdw: harden jack_detect_handler (Pierre-Louis Bossart) - ASoC: rt711: fix calibrate mutex initialization (Pierre-Louis Bossart) - ASoC: Intel: sof_sdw: handle errors on card registration (Pierre-Louis Bossart) - ASoC: rt711-sdca-sdw: fix calibrate mutex initialization (Pierre-Louis Bossart) - ASoC: Realtek/Maxim SoundWire codecs: disable pm_runtime on remove (Pierre-Louis Bossart) - pinctrl: aspeed: Fix potential NULL dereference in aspeed_pinmux_set_mux() (Haowen Bai) - ASoC: ops: Fix off by one in range control validation (Mark Brown) - net: sfp: fix memory leak in sfp_probe() (Jianglei Nie) - nvme: fix regression when disconnect a recovering ctrl (Ruozhu Li) - nvme-tcp: always fail a request when sending it failed (Sagi Grimberg) - NFC: nxp-nci: don't print header length mismatch on i2c error (Michael Walle) - net: tipc: fix possible refcount leak in tipc_sk_create() (Hangyu Hua) - fbdev: Disable sysfb device registration when removing conflicting FBs (Javier Martinez Canillas) - firmware: sysfb: Add sysfb_disable() helper function (Javier Martinez Canillas) - firmware: sysfb: Make sysfb_create_simplefb() return a pdev pointer (Javier Martinez Canillas) - platform/x86: hp-wmi: Ignore Sanitization Mode event (Kai-Heng Feng) - cpufreq: pmac32-cpufreq: Fix refcount leak bug (Liang He) - scsi: hisi_sas: Limit max hw sectors for v3 HW (John Garry) - netfilter: br_netfilter: do not skip all hooks with 0 priority (Florian Westphal) - virtio_mmio: Restore guest page size on resume (Stephan Gerhold) - virtio_mmio: Add missing PM calls to freeze/restore (Stephan Gerhold) - vduse: Tie vduse mgmtdev and its device (Parav Pandit) - vdpa/mlx5: Initialize CVQ vringh only once (Eli Cohen) - powerpc/xive/spapr: correct bitmap allocation size (Nathan Lynch) - ksmbd: use SOCK_NONBLOCK type for kernel_accept() (Namjae Jeon) - btrfs: zoned: fix a leaked bioc in read_zone_info (Christoph Hellwig) - btrfs: rename btrfs_bio to btrfs_io_context (Qu Wenruo) - mm: sysctl: fix missing numa_stat when !CONFIG_HUGETLB_PAGE (Muchun Song) - ACPI: video: Fix acpi_video_handles_brightness_key_presses() (Hans de Goede) - net/tls: Check for errors in tls_device_init (Tariq Toukan) - KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op() (Vitaly Kuznetsov) - net: atlantic: remove aq_nic_deinit() when resume (Chia-Lin Kao (AceLan)) - net: atlantic: remove deep parameter on suspend/resume functions (Chia-Lin Kao (AceLan)) - sfc: fix kernel panic when creating VF (Inigo Huguet) - seg6: bpf: fix skb checksum in bpf_push_seg6_encap() (Andrea Mayer) - seg6: fix skb checksum in SRv6 End.B6 and End.B6.Encaps behaviors (Andrea Mayer) - seg6: fix skb checksum evaluation in SRH encapsulation/insertion (Andrea Mayer) - ceph: switch netfs read ops to use rreq->inode instead of rreq->mapping->host (Jeff Layton) - sfc: fix use after free when disabling sriov (Inigo Huguet) - drm/amd/pm: Prevent divide by zero (Yefim Barashkin) - drm/amd/display: Only use depth 36 bpp linebuffers on DCN display engines. (Mario Kleiner) - ima: Fix potential memory leak in ima_init_crypto() (Jianglei Nie) - ima: force signature verification when CONFIG_KEXEC_SIG is configured (Coiby Xu) - net: stmmac: fix leaks in probe (Dan Carpenter) - net: ftgmac100: Hold reference returned by of_get_child_by_name() (Liang He) - nexthop: Fix data-races around nexthop_compat_mode. (Kuniyuki Iwashima) - ipv4: Fix data-races around sysctl_ip_dynaddr. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_ecn_fallback. (Kuniyuki Iwashima) - raw: Fix a data-race around sysctl_raw_l3mdev_accept. (Kuniyuki Iwashima) - icmp: Fix a data-race around sysctl_icmp_ratemask. (Kuniyuki Iwashima) - icmp: Fix a data-race around sysctl_icmp_ratelimit. (Kuniyuki Iwashima) - icmp: Fix a data-race around sysctl_icmp_errors_use_inbound_ifaddr. (Kuniyuki Iwashima) - icmp: Fix a data-race around sysctl_icmp_ignore_bogus_error_responses. (Kuniyuki Iwashima) - icmp: Fix data-races around sysctl_icmp_echo_enable_probe. (Kuniyuki Iwashima) - sysctl: Fix data-races in proc_dointvec_ms_jiffies(). (Kuniyuki Iwashima) - sysctl: Fix data-races in proc_dou8vec_minmax(). (Kuniyuki Iwashima) - bnxt_en: Fix bnxt_refclk_read() (Pavan Chebbi) - bnxt_en: Fix bnxt_reinit_after_abort() code path (Michael Chan) - drm/i915: Require the vm mutex for i915_vma_bind() (Thomas Hellstrom) - drm/i915/uc: correctly track uc_fw init failure (Daniele Ceraolo Spurio) - drm/i915/gt: Serialize TLB invalidates with GT resets (Chris Wilson) - drm/i915/gt: Serialize GRDOM access between multiple engine resets (Chris Wilson) - drm/i915/dg2: Add Wa_22011100796 (Bruce Chang) - drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (Dan Carpenter) - tracing: Fix sleeping while atomic in kdb ftdump (Douglas Anderson) - lockd: fix nlm_close_files (Jeff Layton) - lockd: set fl_owner when unlocking files (Jeff Layton) - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (Demi Marie Obenour) - drm/i915/gvt: IS_ERR() vs NULL bug in intel_gvt_update_reg_whitelist() (Dan Carpenter) - netfilter: nf_tables: replace BUG_ON by element length check (Pablo Neira Ayuso) - netfilter: nf_log: incorrect offset to network header (Pablo Neira Ayuso) - arm64: dts: broadcom: bcm4908: Fix cpu node for smp boot (William Zhang) - arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC (William Zhang) - ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero (Michal Suchanek) - ARM: dts: at91: sama5d2: Fix typo in i2s1 node (Ryan Wanner) - ipv4: Fix a data-race around sysctl_fib_sync_mem. (Kuniyuki Iwashima) - icmp: Fix data-races around sysctl. (Kuniyuki Iwashima) - cipso: Fix data-races around sysctl. (Kuniyuki Iwashima) - net: Fix data-races around sysctl_mem. (Kuniyuki Iwashima) - inetpeer: Fix data-races around sysctl. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_max_orphans. (Kuniyuki Iwashima) - sysctl: Fix data races in proc_dointvec_jiffies(). (Kuniyuki Iwashima) - sysctl: Fix data races in proc_doulongvec_minmax(). (Kuniyuki Iwashima) - sysctl: Fix data races in proc_douintvec_minmax(). (Kuniyuki Iwashima) - sysctl: Fix data races in proc_dointvec_minmax(). (Kuniyuki Iwashima) - sysctl: Fix data races in proc_douintvec(). (Kuniyuki Iwashima) - sysctl: Fix data races in proc_dointvec(). (Kuniyuki Iwashima) - net: ethernet: ti: am65-cpsw: Fix devlink port register sequence (Siddharth Vadapalli) - net: stmmac: dwc-qos: Disable split header for Tegra194 (Jon Hunter) - ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array (Peter Ujfalusi) - ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks() (Peter Ujfalusi) - ASoC: tas2764: Fix amp gain register offset & default (Hector Martin) - ASoC: tas2764: Correct playback volume range (Hector Martin) - ASoC: tas2764: Fix and extend FSYNC polarity handling (Martin Poviser) - ASoC: tas2764: Add post reset delays (Martin Poviser) - ASoC: sgtl5000: Fix noise on shutdown/remove (Francesco Dolcini) - ima: Fix a potential integer overflow in ima_appraise_measurement (Huaxin Lu) - drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() (Hangyu Hua) - net/mlx5e: Ring the TX doorbell on DMA errors (Maxim Mikityanskiy) - net/mlx5e: Fix capability check for updating vnic env counters (Gal Pressman) - net/mlx5e: Fix enabling sriov while tc nic rules are offloaded (Paul Blakey) - net/mlx5e: kTLS, Fix build time constant test in RX (Tariq Toukan) - net/mlx5e: kTLS, Fix build time constant test in TX (Tariq Toukan) - ARM: 9210/1: Mark the FDT_FIXED sections as shareable (Zhen Lei) - ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle (Ard Biesheuvel) - spi: amd: Limit max transfer and message size (Cristian Ciocaltea) - ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count (Kris Bahnsen) - reset: Fix devm bulk optional exclusive control getter (Serge Semin) - xfs: drop async cache flushes from CIL commits. (Dave Chinner) - xfs: don't include bnobt blocks when reserving free block pool (Darrick J. Wong) - Revert 'evm: Fix memleak in init_desc' (Xiu Jianfeng) - sh: convert nommu io{re,un}map() to static inline functions (Geert Uytterhoeven) - nilfs2: fix incorrect masking of permission flags for symlinks (Ryusuke Konishi) - fs/remap: constrain dedupe of EOF blocks (Dave Chinner) - drm/panfrost: Fix shrinker list corruption by madvise IOCTL (Dmitry Osipenko) - drm/panfrost: Put mapping instead of shmem obj on panfrost_mmu_map_fault_addr() error (Dmitry Osipenko) - btrfs: return -EAGAIN for NOWAIT dio reads/writes on compressed and inline extents (Filipe Manana) - cgroup: Use separate src/dst nodes when preloading css_sets for migration (Tejun Heo) - wifi: mac80211: fix queue selection for mesh/OCB interfaces (Felix Fietkau) - ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction (Ard Biesheuvel) - ARM: 9213/1: Print message about disabled Spectre workarounds only once (Dmitry Osipenko) - ip: fix dflt addr selection for connected nexthop (Nicolas Dichtel) - net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (Steven Rostedt (Google)) - tracing/histograms: Fix memory leak problem (Zheng Yejian) - mm: split huge PUD on wp_huge_pud fallback (Gowans, James) - mm: userfaultfd: fix UFFDIO_CONTINUE on fallocated shmem pages (Axel Rasmussen) - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (Juergen Gross) - ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop (Meng Tang) - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 (Meng Tang) - ALSA: hda/realtek: fix mute/micmute LEDs for HP machines (Jeremy Szu) - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (Meng Tang) - ALSA: hda/realtek: Fix headset mic for Acer SF313-51 (Meng Tang) - ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (Meng Tang) - ALSA: hda - Add fixup for Dell Latitidue E5430 (Meng Tang) - LTS version: v5.15.55 (Jack Vogel) - Revert 'mtd: rawnand: gpmi: Fix setting busy timeout setting' (Greg Kroah-Hartman) - LTS version: v5.15.54 (Jack Vogel) - selftests/net: fix section name when using xdp_dummy.o (Hangbin Liu) - dmaengine: idxd: force wq context cleanup on device disable path (Dave Jiang) - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (Miaoqian Lin) - dmaengine: qcom: bam_dma: fix runtime PM underflow (Caleb Connolly) - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (Miaoqian Lin) - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (Michael Walle) - dmaengine: lgm: Fix an error handling path in intel_ldma_probe() (Christophe JAILLET) - dmaengine: pl330: Fix lockdep warning about non-static key (Dmitry Osipenko) - ida: don't use BUG_ON() for debugging (Linus Torvalds) - dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo (Samuel Holland) - Revert 'serial: 8250_mtk: Make sure to select the right FEATURE_SEL' (AngeloGioacchino Del Regno) - Revert 'mm/memory-failure.c: fix race with changing page compound again' (Naoya Horiguchi) - misc: rtsx_usb: set return value in rsp_buf alloc err path (Shuah Khan) - misc: rtsx_usb: use separate command and response buffers (Shuah Khan) - misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (Shuah Khan) - dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (Peter Robinson) - i2c: cadence: Unregister the clk notifier in error path (Satish Nagireddy) - r8169: fix accessing unset transport header (Heiner Kallweit) - selftests: forwarding: fix error message in learning_test (Vladimir Oltean) - selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT (Vladimir Oltean) - selftests: forwarding: fix flood_unicast_test when h2 supports IFF_UNICAST_FLT (Vladimir Oltean) - ibmvnic: Properly dispose of all skbs during a failover. (Rick Lindsley) - ARM: dts: stm32: add missing usbh clock and fix clk order on stm32mp15 (Fabrice Gasnier) - ARM: dts: stm32: use usbphyc ck_usbo_48m as USBH OHCI clock on stm32mp151 (Amelie Delaunay) - i40e: Fix VF's MAC Address change on VM (Norbert Zulinski) - i40e: Fix dropped jumbo frames statistics (Lukasz Cieplicki) - i2c: piix4: Fix a memory leak in the EFCH MMIO support (Jean Delvare) - xsk: Clear page contiguity bit when unmapping pool (Ivan Malov) - ARM: at91: fix soc detection for SAM9X60 SiPs (Mihai Sain) - ARM: dts: at91: sama5d2_icp: fix eeprom compatibles (Eugen Hristev) - ARM: dts: at91: sam9x60ek: fix eeprom compatible and size (Eugen Hristev) - ARM: at91: pm: use proper compatibles for sama7g5's rtc and rtt (Claudiu Beznea) - ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt (Claudiu Beznea) - ARM: at91: pm: use proper compatible for sama5d2's rtc (Claudiu Beznea) - arm64: dts: qcom: msm8992-*: Fix vdd_lvs1_2-supply typo (Stephan Gerhold) - pinctrl: sunxi: sunxi_pconf_set: use correct offset (Andrei Lalaev) - arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc settings (Peng Fan) - arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad settings (Peng Fan) - arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad settings (Peng Fan) - arm64: dts: imx8mp-evk: correct I2C3 pad settings (Peng Fan) - arm64: dts: imx8mp-evk: correct I2C1 pad settings (Peng Fan) - arm64: dts: imx8mp-evk: correct eqos pad settings (Peng Fan) - arm64: dts: imx8mp-evk: correct vbus pad settings (Peng Fan) - arm64: dts: imx8mp-evk: correct gpio-led pad settings (Peng Fan) - arm64: dts: imx8mp-evk: correct the uart2 pinctl value (Sherry Sun) - arm64: dts: imx8mp-evk: correct mmc pad settings (Peng Fan) - ARM: mxs_defconfig: Enable the framebuffer (Fabio Estevam) - arm64: dts: qcom: sdm845: use dispcc AHB clock for mdss node (Dmitry Baryshkov) - arm64: dts: qcom: msm8994: Fix CPU6/7 reg values (Konrad Dybcio) - ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in .set_jack_detect (Pierre-Louis Bossart) - ASoC: rt711-sdca: Add endianness flag in snd_soc_component_driver (Charles Keepax) - ASoC: rt711: Add endianness flag in snd_soc_component_driver (Charles Keepax) - pinctrl: sunxi: a83t: Fix NAND function name for some pins (Samuel Holland) - ARM: meson: Fix refcount leak in meson_smp_prepare_cpus (Miaoqian Lin) - tty: n_gsm: fix encoding of command/response bit (daniel.starke@siemens.com) - btrfs: fix use of uninitialized variable at rm device ioctl (Tom Rix) - virtio-blk: modify the value type of num in virtio_queue_rq() (Ye Guojin) - btrfs: fix error pointer dereference in btrfs_ioctl_rm_dev_v2() (Dan Carpenter) - Revert 'serial: sc16is7xx: Clear RS485 bits in the shutdown' (Hui Wang) - can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits (Jimmy Assarsson) - can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression (Jimmy Assarsson) - can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info (Jimmy Assarsson) - net: dsa: qca8k: reset cpu port on MTU change (Christian Marangi) - powerpc/powernv: delay rng platform device creation until later in boot (Jason A. Donenfeld) - video: of_display_timing.h: include errno.h (Hsin-Yi Wang) - memregion: Fix memregion_free() fallback definition (Dan Williams) - PM: runtime: Redefine pm_runtime_release_supplier() (Rafael J. Wysocki) - fbcon: Prevent that screen size is smaller than font size (Helge Deller) - fbcon: Disallow setting font bigger than screen size (Helge Deller) - fbmem: Check virtual screen sizes in fb_set_var() (Helge Deller) - fbdev: fbmem: Fix logo center image dx issue (Guiling Deng) - iommu/vt-d: Fix PCI bus rescan device hot add (Yian Chen) - module: fix [e_shstrndx].sh_size=0 OOB access (Alexey Dobriyan) - module: change to print useful messages from elf_validity_check() (Shuah Khan) - dt-bindings: soc: qcom: smd-rpm: Fix missing MSM8936 compatible (Bryan O'Donoghue) - dt-bindings: soc: qcom: smd-rpm: Add compatible for MSM8953 SoC (Vladimir Lypak) - rxrpc: Fix locking issue (David Howells) - irqchip/gic-v3: Refactor ISB + EOIR at ack time (Mark Rutland) - irqchip/gic-v3: Ensure pseudo-NMIs have an ISB between ack and handling (Mark Rutland) - io_uring: avoid io-wq -EAGAIN looping for !IOPOLL (Pavel Begunkov) - Bluetooth: btmtksdio: fix use-after-free at btmtksdio_recv_event (Sean Wang) - Bluetooth: protect le accept and resolv lists with hdev->lock (Niels Dossche) - drm/mediatek: Add vblank register/unregister callback functions (Rex-BC Chen) - drm/mediatek: Add cmdq_handle in mtk_crtc (Chun-Kuang Hu) - drm/mediatek: Detect CMDQ execution timeout (Chun-Kuang Hu) - drm/mediatek: Remove the pointer of struct cmdq_client (Chun-Kuang Hu) - drm/mediatek: Use mailbox rx_callback instead of cmdq_task_cb (Chun-Kuang Hu) - drm/i915: Fix a race between vma / object destruction and unbinding (Thomas Hellstrom) - drm/amdgpu: vi: disable ASPM on Intel Alder Lake based systems (Richard Gong) - drm/amd: Refactor amdgpu_aspm to be evaluated per device (Mario Limonciello) - tty: n_gsm: fix invalid gsmtty_write_room() result (Daniel Starke) - serial: 8250_mtk: Make sure to select the right FEATURE_SEL (AngeloGioacchino Del Regno) - tty: n_gsm: fix sometimes uninitialized warning in gsm_dlci_modem_output() (Daniel Starke) - tty: n_gsm: fix invalid use of MSC in advanced option (Daniel Starke) - mm/hwpoison: fix race between hugetlb free/demotion and memory_failure_hugetlb() (Naoya Horiguchi) - mm/memory-failure.c: fix race with changing page compound again (Miaohe Lin) - mm/hwpoison: avoid the impact of hwpoison_filter() return value on mce handler (luofei) - mm/hwpoison: mf_mutex for soft offline and unpoison (Naoya Horiguchi) - KVM: Initialize debugfs_dentry when a VM is created to avoid NULL deref (Sean Christopherson) - btrfs: zoned: use dedicated lock for data relocation (Naohiro Aota) - btrfs: zoned: encapsulate inode locking for zoned relocation (Johannes Thumshirn) - tty: n_gsm: fix missing update of modem controls after DLCI open (Daniel Starke) - ALSA: usb-audio: add mapping for MSI MAG X570S Torpedo MAX. (Maurizio Avogadro) - ALSA: usb-audio: add mapping for MSI MPG X570S Carbon Max Wifi. (Johannes Schickel) - tty: n_gsm: fix frame reception handling (Daniel Starke) - tty: n_gsm: Save dlci address open status when config requester (Zhenguo Zhao) - tty: n_gsm: Modify CR,PF bit when config requester (Zhenguo Zhao) - KVM: Don't create VM debugfs files outside of the VM directory (Oliver Upton) - drm/amd/vcn: fix an error msg on vcn 3.0 (tiancyin) - ASoC: rt5682: fix an incorrect NULL check on list iterator (Xiaomeng Tong) - ASoC: rt5682: move clk related code to rt5682_i2c_probe (Jack Yu) - uapi/linux/stddef.h: Add include guards (Tadeusz Struk) - stddef: Introduce DECLARE_FLEX_ARRAY() helper (Kees Cook) - bus: mhi: Fix pm_state conversion to string (Paul Davey) - bus: mhi: core: Use correctly sized arguments for bit field (Kees Cook) - serial: sc16is7xx: Clear RS485 bits in the shutdown (Hui Wang) - powerpc/tm: Fix more userspace r13 corruption (Nicholas Piggin) - powerpc: flexible GPR range save/restore macros (Nicholas Piggin) - powerpc/32: Don't use lmw/stmw for saving/restoring non volatile regs (Christophe Leroy) - scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test (Arun Easi) - KVM: s390x: fix SCK locking (Claudio Imbrenda) - btrfs: don't access possibly stale fs_info data in device_list_add (Dongliang Mu) - KVM: use __vcalloc for very large allocations (Paolo Bonzini) - mm: vmalloc: introduce array allocation functions (Paolo Bonzini) - Compiler Attributes: add __alloc_size() for better bounds checking (Kees Cook) - mtd: spi-nor: Skip erase logic when SPI_NOR_NO_ERASE is set (Tudor Ambarus) - batman-adv: Use netif_rx(). (Sebastian Andrzej Siewior) - iio: accel: mma8452: use the correct logic to get mma8452_data (Haibo Chen) - riscv/mm: Add XIP_FIXUP for riscv_pfn_base (Palmer Dabbelt) - NFSD: COMMIT operations must not return NFS?ERR_INVAL (Chuck Lever) - NFSD: De-duplicate net_generic(nf->nf_net, nfsd_net_id) (Chuck Lever) - drm/amd/display: Fix by adding FPU protection for dcn30_internal_validate_bw (CHANDAN VURDIGERE NATARAJ) - drm/amd/display: Set min dcfclk if pipe count is 0 (Michael Strauss) - drbd: fix an invalid memory access caused by incorrect use of list iterator (Xiaomeng Tong) - drbd: Fix double free problem in drbd_create_device (Wu Bo) - drbd: add error handling support for add_disk() (Luis Chamberlain) - btrfs: remove device item and update super block in the same transaction (Qu Wenruo) - btrfs: use btrfs_get_dev_args_from_path in dev removal ioctls (Josef Bacik) - btrfs: add a btrfs_get_dev_args_from_path helper (Josef Bacik) - btrfs: handle device lookup with btrfs_dev_lookup_args (Josef Bacik) - vdpa/mlx5: Avoid processing works if workqueue was destroyed (Eli Cohen) - gfs2: Fix gfs2_file_buffered_write endless loop workaround (Andreas Gruenbacher) - scsi: qla2xxx: Fix crash during module load unload test (Arun Easi) - scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe (Quinn Tran) - scsi: qla2xxx: Fix laggy FC remote port session recovery (Quinn Tran) - scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue (Manish Rangankar) - KVM: x86/mmu: Use common TDP MMU zap helper for MMU notifier unmap hook (Sean Christopherson) - KVM: x86/mmu: Use yield-safe TDP MMU root iter in MMU notifier unmapping (Sean Christopherson) - clk: renesas: r9a07g044: Update multiplier and divider values for PLL2/3 (Lad Prabhakar) - cxl/port: Hold port reference until decoder release (Dan Williams) - mt76: mt7921: do not always disable fw runtime-pm (Lorenzo Bianconi) - mt76: mt76_connac: fix MCU_CE_CMD_SET_ROC definition error (Sean Wang) - media: davinci: vpif: fix use-after-free on driver unbind (Johan Hovold) - media: omap3isp: Use struct_group() for memcpy() region (Kees Cook) - stddef: Introduce struct_group() helper macro (Kees Cook) - block: fix rq-qos breakage from skipping rq_qos_done_bio() (Tejun Heo) - block: only mark bio as tracked if it really is tracked (Jens Axboe) - block: use bdev_get_queue() in bio.c (Pavel Begunkov) - io_uring: ensure that fsnotify is always called (Jens Axboe) - virtio-blk: avoid preallocating big SGL for data (Max Gurtovoy) - ibmvnic: Allow queueing resets during probe (Sukadev Bhattiprolu) - ibmvnic: clear fop when retrying probe (Sukadev Bhattiprolu) - ibmvnic: init init_done_rc earlier (Sukadev Bhattiprolu) - s390/setup: preserve memory at OLDMEM_BASE and OLDMEM_SIZE (Alexander Egorenkov) - s390/setup: use physical pointers for memblock_reserve() (Alexander Gordeev) - s390/boot: allocate amode31 section in decompressor (Alexander Gordeev) - netfilter: nft_payload: don't allow th access for fragments (Florian Westphal) - netfilter: nft_payload: support for inner header matching / mangling (Pablo Neira Ayuso) - netfilter: nf_tables: convert pktinfo->tprot_set to flags field (Pablo Neira Ayuso) - ASoC: rt5682: Fix deadlock on resume (Peter Ujfalusi) - ASoC: rt5682: Re-detect the combo jack after resuming (Derek Fang) - ASoC: rt5682: Avoid the unexpected IRQ event during going to suspend (Derek Fang) - net/mlx5e: TC, Reject rules with forward and drop actions (Roi Dayan) - net/mlx5e: TC, Reject rules with drop and modify hdr action (Roi Dayan) - net/mlx5e: Split actions_match_supported() into a sub function (Roi Dayan) - net/mlx5e: Check action fwd/drop flag exists also for nic flows (Roi Dayan) - RISC-V: defconfigs: Set CONFIG_FB=y, for FB console (Palmer Dabbelt) - riscv: defconfig: enable DRM_NOUVEAU (Heinrich Schuchardt) - bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (Hou Tao) - bpf: Stop caching subprog index in the bpf_pseudo_func insn (Martin KaFai Lau) - mt76: mt7921: fix a possible race enabling/disabling runtime-pm (Lorenzo Bianconi) - mt76: mt7921: introduce mt7921_mcu_set_beacon_filter utility routine (Lorenzo Bianconi) - mt76: mt7921: get rid of mt7921_mac_set_beacon_filter (Lorenzo Bianconi) - platform/x86: wmi: Fix driver->notify() vs ->probe() race (Hans de Goede) - platform/x86: wmi: Replace read_takes_no_args with a flags field (Hans de Goede) - platform/x86: wmi: introduce helper to convert driver to WMI driver (Barnabas Pocze) - qed: Improve the stack space of filter_config() (Shai Malin) - ath11k: add hw_param for wakeup_mhi (Seevalamuthu Mariappan) - memory: renesas-rpc-if: Avoid unaligned bus access for HyperFlash (Andrew Gabbasov) - media: ir_toy: prevent device from hanging during transmit (Sean Young) - PCI: pciehp: Ignore Link Down/Up caused by error-induced Hot Reset (Lukas Wunner) - PCI/portdrv: Rename pm_iter() to pcie_port_device_iter() (Lukas Wunner) - drm/i915: Replace the unconditional clflush with drm_clflush_virt_range() (Ville Syrjala) - drm/i915/gt: Register the migrate contexts with their engines (Thomas Hellstrom) - drm/i915: Disable bonding on gen12+ platforms (Matthew Brost) - btrfs: fix deadlock between chunk allocation and chunk btree modifications (Filipe Manana) - dma-buf/poll: Get a file reference for outstanding fence callbacks (Michel Danzer) - Input: goodix - try not to touch the reset-pin on x86/ACPI devices (Hans de Goede) - Input: goodix - refactor reset handling (Hans de Goede) - Input: goodix - add a goodix.h header file (Hans de Goede) - Input: goodix - change goodix_i2c_write() len parameter type to int (Hans de Goede) - Input: cpcap-pwrbutton - handle errors from platform_get_irq() (Tang Bin) - btrfs: fix warning when freeing leaf after subvolume creation failure (Filipe Manana) - btrfs: fix invalid delayed ref after subvolume creation failure (Filipe Manana) - btrfs: add additional parameters to btrfs_init_tree_ref/btrfs_init_data_ref (Nikolay Borisov) - btrfs: rename btrfs_alloc_chunk to btrfs_create_chunk (Nikolay Borisov) - netfilter: nft_set_pipapo: release elements in clone from abort path (Pablo Neira Ayuso) - net: rose: fix UAF bug caused by rose_t0timer_expiry (Duoming Zhou) - usbnet: fix memory leak in error case (Oliver Neukum) - bpf: Fix insufficient bounds propagation from adjust_scalar_min_max_vals (Daniel Borkmann) - bpf: Fix incorrect verifier simulation around jmp32's jeq/jne (Daniel Borkmann) - can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround broken CRC on TBC register (Thomas Kopp) - can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround handling for mcp2517fd (Thomas Kopp) - can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp to full 32 bits (Marc Kleine-Budde) - can: m_can: m_can_chip_config(): actually enable internal timestamping (Marc Kleine-Budde) - can: gs_usb: gs_usb_open/close(): fix memory leak (Rhett Aultman) - can: grcan: grcan_probe(): remove extra of_node_get() (Liang He) - can: bcm: use call_rcu() instead of costly synchronize_rcu() (Oliver Hartkopp) - ALSA: cs46xx: Fix missing snd_card_free() call at probe error (Takashi Iwai) - ALSA: hda/realtek: Add quirk for Clevo L140PU (Tim Crawford) - ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD (Takashi Iwai) - Revert 'selftests/bpf: Add test for bpf_timer overwriting crash' (Po-Hsu Lin) - mm/filemap: fix UAF in find_lock_entries (Liu Shixin) - mm/slub: add missing TID updates on slab deactivation (Jann Horn) - LTS version: v5.15.53 (Jack Vogel) - hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails (Yang Yingliang) - hwmon: (occ) Prevent power cap command overwriting poll response (Eddie James) - hwmon: (occ) Remove sequence numbering and checksum calculation (Eddie James) - drm/fourcc: fix integer type usage in uapi header (Carlos Llamas) - platform/x86: panasonic-laptop: filter out duplicate volume up/down/mute keypresses (Hans de Goede) - platform/x86: panasonic-laptop: don't report duplicate brightness key-presses (Hans de Goede) - platform/x86: panasonic-laptop: revert 'Resolve hotkey double trigger bug' (Hans de Goede) - platform/x86: panasonic-laptop: sort includes alphabetically (Hans de Goede) - platform/x86: panasonic-laptop: de-obfuscate button codes (Stefan Seyfried) - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (Liang He) - drm/msm/gem: Fix error return on fence id alloc fail (Rob Clark) - drm/i915/gem: add missing else (katrinzhou) - net: fix IFF_TX_SKB_NO_LINEAR definition (Dan Carpenter) - fsi: occ: Force sequence numbering per OCC (Eddie James) - clocksource/drivers/ixp4xx: remove EXPORT_SYMBOL_GPL from ixp4xx_timer_setup() (Greg Kroah-Hartman) - net: usb: qmi_wwan: add Telit 0x1070 composition (Daniele Palmas) - xen/arm: Fix race in RB-tree based P2M accounting (Oleksandr Tyshchenko) - xen-netfront: restore __skb_queue_tail() positioning in xennet_get_responses() (Jan Beulich) - xen/blkfront: force data bouncing when backend is untrusted (Roger Pau Monne) - xen/netfront: force data bouncing when backend is untrusted (Roger Pau Monne) - xen/netfront: fix leaking data in shared pages (Roger Pau Monne) - xen/blkfront: fix leaking data in shared pages (Roger Pau Monne) - selftests/rseq: Change type of rseq_offset to ptrdiff_t (Mathieu Desnoyers) - selftests/rseq: x86-32: use %gs segment selector for accessing rseq thread area (Mathieu Desnoyers) - selftests/rseq: x86-64: use %fs segment selector for accessing rseq thread area (Mathieu Desnoyers) - selftests/rseq: Fix: work-around asm goto compiler bugs (Mathieu Desnoyers) - selftests/rseq: Remove arm/mips asm goto compiler work-around (Mathieu Desnoyers) - selftests/rseq: Fix warnings about #if checks of undefined tokens (Mathieu Desnoyers) - selftests/rseq: Fix ppc32 offsets by using long rather than off_t (Mathieu Desnoyers) - selftests/rseq: Fix ppc32 missing instruction selection 'u' and 'x' for load/store (Mathieu Desnoyers) - selftests/rseq: Fix ppc32: wrong rseq_cs 32-bit field pointer on big endian (Mathieu Desnoyers) - selftests/rseq: Uplift rseq selftests for compatibility with glibc-2.35 (Mathieu Desnoyers) - selftests/rseq: Introduce thread pointer getters (Mathieu Desnoyers) - selftests/rseq: Introduce rseq_get_abi() helper (Mathieu Desnoyers) - selftests/rseq: Remove volatile from __rseq_abi (Mathieu Desnoyers) - selftests/rseq: Remove useless assignment to cpu variable (Mathieu Desnoyers) - selftests/rseq: introduce own copy of rseq uapi header (Mathieu Desnoyers) - selftests/rseq: remove ARRAY_SIZE define from individual tests (Shuah Khan) - selftests/bpf: Add test_verifier support to fixup kfunc call insns (Kumar Kartikeya Dwivedi) - tcp: add a missing nf_reset_ct() in 3WHS handling (Eric Dumazet) - MAINTAINERS: add Leah as xfs maintainer for 5.15.y (Leah Rumancik) - net: tun: avoid disabling NAPI twice (Jakub Kicinski) - mlxsw: spectrum_router: Fix rollback in tunnel next hop init (Petr Machata) - ipv6: fix lockdep splat in in6_dump_addrs() (Eric Dumazet) - ipv6/sit: fix ipip6_tunnel_get_prl return value (katrinzhou) - tunnels: do not assume mac header is set in skb_tunnel_check_pmtu() (Eric Dumazet) - ACPI: video: Change how we determine if brightness key-presses are handled (Hans de Goede) - io_uring: ensure that send/sendmsg and recv/recvmsg check sqe->ioprio (Jens Axboe) - epic100: fix use after free on rmmod (Tong Zhang) - tipc: move bc link creation back to tipc_node_create (Xin Long) - NFC: nxp-nci: Don't issue a zero length i2c_master_read() (Michael Walle) - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) - powerpc/memhotplug: Add add_pages override for PPC (Aneesh Kumar K.V) - net: bonding: fix use-after-free after 802.3ad slave unbind (Yevhen Orlov) - net: phy: ax88772a: fix lost pause advertisement configuration (Oleksij Rempel) - net: bonding: fix possible NULL deref in rlb code (Eric Dumazet) - net: asix: fix 'can't send until first packet is send' issue (Oleksij Rempel) - net/sched: act_api: Notify user space if any actions were flushed before error (Victor Nogueira) - net/dsa/hirschmann: Add missing of_node_get() in hellcreek_led_setup() (Liang He) - netfilter: nft_dynset: restore set element counter when failing to update (Pablo Neira Ayuso) - s390: remove unneeded 'select BUILD_BIN2C' (Masahiro Yamada) - vdpa/mlx5: Update Control VQ callback information (Eli Cohen) - PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events (Miaoqian Lin) - caif_virtio: fix race between virtio_device_ready() and ndo_open() (Jason Wang) - vfs: fix copy_file_range() regression in cross-fs copies (Amir Goldstein) - NFSD: restore EINVAL error translation in nfsd_commit() (Alexey Khoroshilov) - net: ipv6: unexport __init-annotated seg6_hmac_net_init() (YueHaibing) - selftests: mptcp: more stable diag tests (Paolo Abeni) - usbnet: fix memory allocation in helpers (Oliver Neukum) - net: usb: asix: do not force pause frames support (Oleksij Rempel) - linux/dim: Fix divide by 0 in RDMA DIM (Tao Liu) - RDMA/cm: Fix memory leak in ib_cm_insert_listen (Miaoqian Lin) - RDMA/qedr: Fix reporting QP timeout attribute (Kamal Heib) - net: dp83822: disable rx error interrupt (Enguerrand de Ribaucourt) - net: dp83822: disable false carrier interrupt (Enguerrand de Ribaucourt) - net: tun: stop NAPI when detaching queues (Jakub Kicinski) - net: tun: unlink NAPI from device on destruction (Jakub Kicinski) - net: dsa: bcm_sf2: force pause link settings (Doug Berger) - selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test (Dimitris Michailidis) - virtio-net: fix race between ndo_open() and virtio_device_ready() (Jason Wang) - net: usb: ax88179_178a: Fix packet receiving (Jose Alonso) - net: rose: fix UAF bugs caused by timer handler (Duoming Zhou) - SUNRPC: Fix READ_PLUS crasher (Chuck Lever) - s390/archrandom: simplify back to earlier design and initialize earlier (Jason A. Donenfeld) - dm raid: fix KASAN warning in raid5_add_disks (Mikulas Patocka) - dm raid: fix accesses beyond end of raid member array (Heinz Mauelshagen) - powerpc/bpf: Fix use of user_pt_regs in uapi (Naveen N. Rao) - powerpc/book3e: Fix PUD allocation size in map_kernel_page() (Christophe Leroy) - powerpc/prom_init: Fix kernel config grep (Liam Howlett) - nvdimm: Fix badblocks clear off-by-one error (Chris Ye) - nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA IM2P33F8ABR1 (Lamarque Vieira Souza) - nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA XPG SX6000LNP (AKA SPECTRIX S40G) (Pablo Greco) - net: phy: Don't trigger state machine while in suspend (Lukas Wunner) - ipv6: take care of disable_policy when restoring routes (Nicolas Dichtel) - ksmbd: use vfs_llseek instead of dereferencing NULL (Jason A. Donenfeld) - ksmbd: check invalid FileOffset and BeyondFinalZero in FSCTL_ZERO_DATA (Namjae Jeon) - ksmbd: set the range of bytes to zero without extending file size in FSCTL_ZERO_DATA (Namjae Jeon) - drm/amdgpu: To flush tlb for MMHUB of RAVEN series (Ruili Ji) - Revert 'drm/amdgpu/display: set vblank_disable_immediate for DC' (Alex Deucher) - cpufreq:cppc_cpufreq: prevent crash on reading freqdomain_cpus (chris hyser) [Orabug: 34327463] - vmcoreinfo: add kallsyms_num_syms symbol (Stephen Brennan) [Orabug: 34475877] - vmcoreinfo: include kallsyms symbols (Stephen Brennan) [Orabug: 34475877] - kallsyms: move declarations to internal header (Stephen Brennan) [Orabug: 34475877] - Revert 'KVM: x86: Print error code in exception injection tracepoint iff valid' (Sherry Yang) [Orabug: 34539458] - uek-rpm: Enable IMA_APPRAISE_SB_BOOTPARAM (Eric Snowberg) [Orabug: 34549007] - integrity: Allow ima_appraise bootparam to be set when SB is enabled (Eric Snowberg) [Orabug: 34549007] - net/mlx5: E-Switch, change VFs default admin state to auto in switchdev (Maor Dickman) [Orabug: 34533007] - Revert 'net/mlx5: E-Switch, change VFs default admin state to auto in switchdev' (Devesh Sharma) [Orabug: 34532946] - uek-rpm: Install kernel-rpm-macros as build dependency (Somasundaram Krishnasamy) [Orabug: 34529696] [5.15.0-3.52.1] - rds: ib: Fix lfstack to acquire visibility to list head (Hakon Bugge) [Orabug: 34522536] - locking/atomic: Make test_and_*_bit() ordered on failure (Hector Martin) [Orabug: 34520178] - intel_idle: make SPR C1 and C1E be independent (Artem Bityutskiy) [Orabug: 34510397] - intel_idle: Add AlderLake support (Zhang Rui) [Orabug: 34510397] - intel_idle: Fix SPR C6 optimization (Artem Bityutskiy) [Orabug: 34510397] - intel_idle: Fix the 'preferred_cstates' module parameter (Artem Bityutskiy) [Orabug: 34510397] - cpuidle: intel_idle: Drop redundant backslash at line end (Rafael J. Wysocki) [Orabug: 34510397] - mlx4: Subscribe to PXM notifier (Konrad Rzeszutek Wilk) [Orabug: 27206634] [Orabug: 34509446] - xen/pci: Add PXM node notifier for PXM (NUMA) changes. (Konrad Rzeszutek Wilk) [Orabug: 27206634] [Orabug: 34509446] - xen/pcifront: Walk the PCI bus after XenStore notification (Konrad Rzeszutek Wilk) [Orabug: 27206634] [Orabug: 34509446] - xen-pcifront/hvm: Slurp up 'pxm' entry and set NUMA node on PCIe device. (V5) (Konrad Rzeszutek Wilk) [Orabug: 34509446] - scsi: core: Fix warning in scsi_alloc_sgtables() (Jason Yan) [Orabug: 33857787] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-3028 Oracle Linux 9 [3.0.1-41.0.3] - Add units tests for CVE-2022-3786, CVE-2022-3602 patches [3.0.1-41.0.2] - Fix CVE-2022-3786, CVE-2022-3602 [3.0.1-41.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.1-41] - Zeroize public keys as required by FIPS 140-3 Resolves: rhbz#2115861 - Add FIPS indicator for HKDF Resolves: rhbz#2118388 [1:3.0.1-40] - Deal with DH keys in FIPS mode according FIPS-140-3 requirements Related: rhbz#2115856 - Deal with ECDH keys in FIPS mode according FIPS-140-3 requirements Related: rhbz#2115857 - Use signature for RSA pairwise test according FIPS-140-3 requirements Related: rhbz#2115858 - Reseed all the parent DRBGs in chain on reseeding a DRBG Related: rhbz#2115859 - Zeroization according to FIPS-140-3 requirements Related: rhbz#2115861 [1:3.0.1-39] - Use RSA-OAEP in FIPS RSA encryption/decryption FIPS self-test - Use Use digest_sign & digest_verify in FIPS signature self test - Use FFDHE2048 in Diffie-Hellman FIPS self-test Resolves: rhbz#2112978 [1:3.0.1-38] - Fix segfault in EVP_PKEY_Q_keygen() when OpenSSL was not previously initialized. Resolves: rhbz#2107530 - Improve AES-GCM performance on Power9 and Power10 ppc64le Resolves: rhbz#2103044 - Improve ChaCha20 performance on Power10 ppc64le Resolves: rhbz#2103044 [1:3.0.1-37] - CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 Resolves: CVE-2022-2097 [1:3.0.1-36] - Ciphersuites with RSAPSK KX should be filterd in FIPS mode - Related: rhbz#2091994 - FIPS provider should block RSA encryption for key transport. - Other RSA encryption options should still be available if key length is enough - Related: rhbz#2091977 - Improve diagnostics when passing unsupported groups in TLS - Related: rhbz#2086554 - Fix PPC64 Montgomery multiplication bug - Related: rhbz#2101346 - Strict certificates validation shouldn't allow explicit EC parameters - Related: rhbz#2085521 - CVE-2022-2068: the c_rehash script allows command injection - Related: rhbz#2098276 [1:3.0.1-35] - Add explicit indicators for signatures in FIPS mode and mark signature primitives as unapproved. Resolves: rhbz#2087234 [1:3.0.1-34] - Some OpenSSL test certificates are expired, updating - Resolves: rhbz#2095696 [1:3.0.1-33] - CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory - Resolves: rhbz#2089443 - CVE-2022-1343 openssl: Signer certificate verification returned inaccurate response when using OCSP_NOCHECKS - Resolves: rhbz#2089439 - CVE-2022-1292 openssl: c_rehash script allows command injection - Resolves: rhbz#2090361 - Revert 'Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode' Related: rhbz#2087234 - Use KAT for ECDSA signature tests, s390 arch - Resolves: rhbz#2086866 [1:3.0.1-32] - openssl ecparam -list_curves lists only FIPS-approved curves in FIPS mode - Resolves: rhbz#2091929 - Ciphersuites with RSA KX should be filterd in FIPS mode - Related: rhbz#2091994 - In FIPS mode, signature verification works with keys of arbitrary size above 2048 bit, and only with 1024, 1280, 1536, 1792 bits for keys below 2048 bits - Resolves: rhbz#2091938 [1:3.0.1-31] - Disable SHA-1 signature verification in FIPS mode - Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode Resolves: rhbz#2087234 [1:3.0.1-30] - Use KAT for ECDSA signature tests - Resolves: rhbz#2086866 [1:3.0.1-29] - -config argument of openssl app should work properly in FIPS mode - Resolves: rhbz#2085500 - openssl req defaults on PKCS#8 encryption changed to AES-256-CBC - Resolves: rhbz#2085499 [1:3.0.1-28] - OpenSSL should not accept custom elliptic curve parameters - Resolves rhbz#2085508 - OpenSSL should not accept explicit curve parameters in FIPS mode - Resolves rhbz#2085521 [1:3.0.1-27] - Change FIPS module version to include hash of specfile, patches and sources Resolves: rhbz#2082585 [1:3.0.1-26] - OpenSSL FIPS module should not build in non-approved algorithms Resolves: rhbz#2082584 [1:3.0.1-25] - FIPS provider should block RSA encryption for key transport. - Other RSA encryption options should still be available - Resolves: rhbz#2053289 [1:3.0.1-24] - Fix occasional internal error in TLS when DHE is used Resolves: rhbz#2080323 [1:3.0.1-23] - Update missing initialization patch with feedback from upstream Resolves: rhbz#2076654 [1:3.0.1-22] - Invocation of the missing initialization - Resolves: rhbz#2076654 [1:3.0.1-21] - Fix openssl curl error with LANG=tr_TR.utf8 - Resolves: rhbz#2076654 [1:3.0.1-20] - Fix acceptance of SHA-1 certificates with rh-allow-sha1-signatures = yes when no OpenSSL library context is set - Resolves: rhbz#2063306 [1:3.0.1-19] - Fix TLS connections with SHA1 signatures if rh-allow-sha1-signatures = yes - Resolves: rhbz#2063306 [1:3.0.1-18] - CVE-2022-0778 fix - Resolves: rhbz#2062314 [1:3.0.1-15.1] - Fix invocation of EVP_PKEY_CTX_set_rsa_padding(RSA_PKCS1_PSS_PADDING) before setting an allowed digest with EVP_PKEY_CTX_set_signature_md() - Resolves: rhbz#2061607 [1:3.0.1-14.1] - Allow SHA1 in SECLEVEL 2 if rh-allow-sha1-signatures = yes - Resolves: rhbz#2031742 [1:3.0.1-14] - Prevent use of SHA1 with ECDSA - Resolves: rhbz#2031742 [1:3.0.1-13] - OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters - Resolves: rhbz#1977867 [1:3.0.1-12] - Support KBKDF (NIST SP800-108) with an R value of 8bits - Resolves: rhbz#2027261 [1:3.0.1-11] - Allow SHA1 usage in MGF1 for RSASSA-PSS signatures - Resolves: rhbz#2031742 [1:3.0.1-10] - rebuilt [1:3.0.1-9] - Allow SHA1 usage in HMAC in TLS - Resolves: rhbz#2031742 [1:3.0.1-8] - OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters - Resolves: rhbz#1977867 - pkcs12 export broken in FIPS mode - Resolves: rhbz#2049265 [1:3.0.1-8] - Disable SHA1 signature creation and verification by default - Set rh-allow-sha1-signatures = yes to re-enable - Resolves: rhbz#2031742 [1:3.0.1-7] - s_server: correctly handle 2^14 byte long records - Resolves: rhbz#2042011 [1:3.0.1-6] - Adjust FIPS provider version - Related: rhbz#2026445 [1:3.0.1-5] - On the s390x, zeroize all the copies of TLS premaster secret - Related: rhbz#2040448 [1:3.0.1-4] - rebuilt [1:3.0.1-3] - KATS tests should be executed before HMAC verification - Restoring fips=yes for SHA1 - Related: rhbz#2026445, rhbz#2041994 [1:3.0.1-2] - Add enable-buildtest-c++ to the configure options. - Related: rhbz#1990814 [1:3.0.1-1] - Rebase to upstream version 3.0.1 - Fixes CVE-2021-4044 Invalid handling of X509_verify_cert() internal errors in libssl - Resolves: rhbz#2038910, rhbz#2035148 [1:3.0.0-7] - Remove algorithms we don't plan to certify from fips module - Remove native fipsmodule.cnf - Related: rhbz#2026445 [1:3.0.0-6] - openssl speed should run in FIPS mode - Related: rhbz#1977318 [1:3.0.0-5] - rebuilt for spec cleanup - Related: rhbz#1985362 [1:3.0.0-4] - Embed FIPS HMAC in fips.so - Enforce loading FIPS provider when FIPS kernel flag is on - Related: rhbz#1985362 [1:3.0.0-3] - Fix memory leak in s_client - Related: rhbz#1996092 [1:3.0.0-2] - Avoid double-free on error seeding the RNG. - KTLS and FIPS may interfere, so tests need to be tuned - Resolves: rhbz#1952844, rhbz#1961643 [1:3.0.0-1] - Rebase to upstream version 3.0.0 - Related: rhbz#1990814 [1:3.0.0-0.beta2.7] - Removes the dual-abi build as it not required anymore. The mass rebuild was completed and all packages are rebuilt against Beta version. - Resolves: rhbz#1984097 [1:3.0.0-0.beta2.6] - Correctly process CMS reading from /dev/stdin - Resolves: rhbz#1986315 [3.0.0-0.beta2.5] - Add instruction for loading legacy provider in openssl.cnf - Resolves: rhbz#1975836 [3.0.0-0.beta2.4] - Adds support for IDEA encryption. - Resolves: rhbz#1990602 [3.0.0-0.beta2.3] - Fixes core dump in openssl req -modulus - Fixes 'openssl req' to not ask for password when non-encrypted private key is used - cms: Do not try to check binary format on stdin and -rctform fix - Resolves: rhbz#1988137, rhbz#1988468, rhbz#1988137 [1:3.0.0-0.beta2.2.1] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [3.0.0-0.beta2.2] - When signature_algorithm extension is omitted, use more relevant alerts - Resolves: rhbz#1965017 [3.0.0-0.beta2.1] - Rebase to upstream version beta2 - Related: rhbz#1903209 [3.0.0-0.beta1.5] - Prevents creation of duplicate cert entries in PKCS #12 files - Resolves: rhbz#1978670 [3.0.0-0.beta1.4] - NVR bump to update to OpenSSL 3.0 Beta1 [3.0.0-0.beta1.3] - Update patch dual-abi.patch to add the #define macros in implementation files instead of public header files [3.0.0-0.beta1.2] - Removes unused patch dual-abi.patch [3.0.0-0.beta1.1] - Update to Beta1 version - Includes a patch to support dual-ABI, as Beta1 brekas ABI with alpha16 [3.0.0-0.alpha16.7] - Fixes override of openssl_conf in openssl.cnf - Use AI_ADDRCONFIG only when explicit host name is given - Temporarily remove fipsmodule.cnf for arch i686 - Fixes segmentation fault in BN_lebin2bn - Resolves: rhbz#1975847, rhbz#1976845, rhbz#1973477, rhbz#1975855 [3.0.0-0.alpha16.6] - Adds FIPS mode compatibility patch (sahana@redhat.com) - Related: rhbz#1977318 [3.0.0-0.alpha16.5] - Fixes system hang issue when booted in FIPS mode (sahana@redhat.com) - Temporarily disable downstream FIPS patches - Related: rhbz#1977318 [3.0.0-0.alpha16.4] - Speeding up building openssl (dbelyavs@redhat.com) Resolves: rhbz#1903209 [3.0.0-0.alpha16.3] - Fix reading SPKAC data from stdin - Fix incorrect OSSL_PKEY_PARAM_MAX_SIZE for ed25519 and ed448 - Return 0 after cleanup in OPENSSL_init_crypto() - Cleanup the peer point formats on regotiation - Fix default digest to SHA256 [3.0.0-0.alpha16.2] - Enable FIPS via config options [3.0.0-0.alpha16.1] - Update to alpha 16 version Resolves: rhbz#1952901 openssl sends alert after orderly connection close [3.0.0-0.alpha15.1] - Update to alpha 15 version Resolves: rhbz#1903209, rhbz#1952598, [1:3.0.0-0.alpha13.1.1] - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 [3.0.0-0.alpha13.1] - Update to new major release OpenSSL 3.0.0 alpha 13 Resolves: rhbz#1903209 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-3602 CVE-2022-3786 Oracle Linux 9 [6.4.1-9] - Fix arbitrary bytecode produced via out-of-bounds writing - Resolves: CVE-2022-42920 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-42920 Oracle Linux 9 [2.36.7-1.1] - Add patch for CVE-2022-42856 Resolves: #2153738 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-42856 Oracle Linux 9 [6.0.113-1.0.1] - Add missing Oracle Linux Runtime IDs [6.0.113-1] - Update to .NET SDK 6.0.113 and Runtime 6.0.13 - Resolves: RHBZ#2154459 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-21538 Oracle Linux 9 [1:17.0.6.0.10-3.0.1] - Replace upstream references [Orabug: 34340155] [1:17.0.6.0.10-3] - Add missing release note for JDK-8295687 - Resolves: rhbz#2160111 [1:17.0.6.0.10-3] - Update FIPS support to bring in latest changes - * OJ1357: Fix issue on FIPS with a SecurityManager in place - Related: rhbz#2147476 [1:17.0.6.0.10-3] - Fix flatpak builds by disabling TestTranslations test due to missing tzdb.dat - Related: rhbz#2160111 [1:17.0.6.0.10-2] - Update to jdk-17.0.6.0+10 - Update release notes to 17.0.6.0+10 - Switch to GA mode for release - ** This tarball is embargoed until 2023-01-17 @ 1pm PT. ** - Related: rhbz#2153097 [1:17.0.6.0.9-0.2.ea] - Update to jdk-17.0.6+9 - Update release notes to 17.0.6+9 - Drop local copy of JDK-8293834 now this is upstream - Require tzdata 2022g due to inclusion of JDK-8296108, JDK-8296715 & JDK-8297804 - Update TestTranslations.java to test the new America/Ciudad_Juarez zone - Resolves: rhbz#2153097 [1:17.0.6.0.1-0.2.ea] - Update to jdk-17.0.6+1 - Update release notes to 17.0.6+1 - Switch to EA mode for 17.0.6 pre-release builds. - Re-enable EA upstream status check now it is being actively maintained. - Drop JDK-8294357 (tzdata2022d) & JDK-8295173 (tzdata2022e) local patches which are now upstream - Drop JDK-8275535 local patch now this has been accepted and backported upstream - Bump tzdata requirement to 2022e now the package is available in RHEL - Related: rhbz#2153097 [1:17.0.5.0.8-4] - Update FIPS support to bring in latest changes - * Add nss.fips.cfg support to OpenJDK tree - * RH2117972: Extend the support for NSS DBs (PKCS11) in FIPS mode - * Remove forgotten dead code from RH2020290 and RH2104724 - Drop local nss.fips.cfg.in handling now this is handled in the patched OpenJDK build - Resolves: rhbz#2147476 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-21835 CVE-2023-21843 Oracle Linux 9 [11.0.18.0.10-2.0.1] - Replace upstream references [Orabug: 34340155] [1:11.0.18.0.10-2] - Update to jdk-11.0.18+10 (GA) - Update release notes to 11.0.18+10 - Switch to GA mode for release - ** This tarball is embargoed until 2023-01-17 @ 1pm PT. ** - Related: rhbz#2157798 [1:11.0.18.0.9-0.2.ea] - Update to jdk-11.0.18+9 - Update release notes to 11.0.18+9 - Drop local copy of JDK-8293834 now this is upstream - Require tzdata 2022g due to inclusion of JDK-8296108, JDK-8296715 & JDK-8297804 - Update TestTranslations.java to test the new America/Ciudad_Juarez zone - Resolves: rhbz#2157798 [1:11.0.18.0.1-0.2.ea] - Update to jdk-11.0.18+1 - Update release notes to 11.0.18+1 - Switch to EA mode for 11.0.18 pre-release builds. - Drop local copies of JDK-8294357 & JDK-8295173 now upstream contains tzdata 2022e - Drop local copy of JDK-8275535 which is finally upstream - Related: rhbz#2157798 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-21835 CVE-2023-21843 Oracle Linux 9 [1.8.0.362.b09-2.0.1] - Replace upstream references [Orabug: 34340145] [1:1.8.0.362.b09-2] - Update cacerts patch to fix OPENJDK-1433 SecurityManager issue - Update to shenandoah-jdk8u352-b09 (GA) - Update release notes for shenandoah-8u352-b09. - Resolves: rhbz#2163594 [1:1.8.0.362.b08-2] - Update to shenandoah-jdk8u352-b08 (GA) - Update release notes for shenandoah-8u352-b08. - Fix broken links and missing release notes in older releases. - Drop RH1163501 patch which is not upstream or in 11, 17 & 19 packages and seems obsolete - Patch was broken by inclusion of 'JDK-8293554: Enhanced DH Key Exchanges' - Patch was added for a specific corner case of a 4096-bit DH key on a Fedora host that no longer exists - Fedora now appears to be using RSA and the JDK now supports ECC in preference to large DH keys - Resolves: rhbz#2160111 [1:1.8.0.362.b07-0.2.ea] - Update to shenandoah-jdk8u362-b07 (EA) - Update release notes for shenandoah-8u362-b07. - Switch to EA mode for 8u362 pre-release builds. - Drop JDK-8195607/PR3776/RH1760437 now this is upstream - Require tzdata 2022g due to inclusion of JDK-8296108, JDK-8296715 & JDK-8297804 - Drop tzdata patches for 2022d & 2022e (JDK-8294357 & JDK-8295173) which are now upstream - Update TestTranslations.java to test the new America/Ciudad_Juarez zone - Resolves: rhbz#2159912 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-21830 CVE-2023-21843 Oracle Linux 9 [1.9.5p2-7.1] RHEL 9.1.0.Z ERRATUM - CVE-2023-22809 sudo: arbitrary file write with privileges of the RunAs user Resolves: rhbz#2161224 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-22809 Oracle Linux 9 [102.7.0-1.0.1] - Updated homepages to use https [Orabug: 34648274] [102.7.0-1] - Update to 102.7.0 build1 [102.6.0-2] - Add firefox-x11 subpackage to allow explicit run of firefox under x11 on RHEL9 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-23603 CVE-2023-23605 CVE-2022-46877 CVE-2023-23601 CVE-2023-23599 CVE-2023-23598 CVE-2022-46871 CVE-2023-23602 Oracle Linux 9 [4.4.0-5] - Bump release - Resolves: CVE-2022-2953 [4.4.0-4] - Resolves: CVE-2022-2519 CVE-2022-2520 CVE-2022-2521 [4.4.0-3] - Fix CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 - Resolves: #2106768 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-2057 CVE-2022-2521 CVE-2022-2519 CVE-2022-2056 CVE-2022-2520 CVE-2022-2953 CVE-2022-2058 Oracle Linux 9 [1.0.0-10.2] - Fix dbus memory leak on connection failure - Fix unauthorized access via D-bus Resolves: rhbz#2127877 MODERATE Copyright 2023 Oracle, Inc. CVE-2019-25058 Oracle Linux 9 [7.1.8.1-8.0.1] - Replace colors with Oracle colors [Orabug: 32120093] - Build with --with-vendor='Oracle America, Inc.' - Added the --with-hamcrest option to configure. [1:7.1.8.1-8] - Resolves: rhbz#2134759 Untrusted Macros - Resolves: rhbz#2134757 Weak Master Keys - Resolves: rhbz#2134755 Static Initialization Vector - Resolves: rhbz#2134761 Macro URL arbitrary script execution MODERATE Copyright 2023 Oracle, Inc. CVE-2022-3140 CVE-2022-26307 CVE-2022-26305 CVE-2022-26306 Oracle Linux 9 [42.2.18-6] - fix for CVE-2022-31197 * Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-31197 Oracle Linux 9 nodejs [1:16.18.1-3] - Update sources of undici WASM blobs Resolves: rhbz#2151617 [1:16.18.1-2] - Add back libs and v8-devel subpackages - Related: RHBZ#2121126 - Record previously fixed CVE - Resolves: CVE-2021-44906 [1:16.18.1-1] - Rebase + CVEs - Resolves: #2142808 - Resolves: #2142826, #2131745, #2142855 nodejs-nodemon [2.0.20-2] - Record CVE fixed in the current or previous upstream versions - Resolves: CVE-2021-44906 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-43548 CVE-2022-35256 CVE-2021-44906 CVE-2022-3517 Oracle Linux 9 golang [1.18.9-1] - Rebase to Go 1.18.9 - Enable big endian support for fips mode - Fix ppc64le linker issue - Resolves: rhbz#2144547 - Resolves: rhbz#2149311 go-toolset [1.18.9-1] - Rebase to Go 1.18.9 - Enable big endian support for fips mode - Fix ppc64le linker issue - Resolves: rhbz#2144547 - Resolves: rhbz#2149311 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-2880 CVE-2022-41715 CVE-2022-2879 Oracle Linux 9 [7.76.1-19.el9_1.1] - fix POST following PUT confusion (CVE-2022-32221) MODERATE Copyright 2023 Oracle, Inc. CVE-2022-32221 Oracle Linux 9 [5.14.0-162.12.1_1.OL9] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944] - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] [5.14.0-162.12.1_1] - x86/fpu: Drop fpregs lock before inheriting FPU permissions (Valentin Schneider) [2154407 2153181] - hv_netvsc: Fix race between VF offering and VF association message from host (Mohammed Gamal) [2151605 2149277] - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (Emanuele Giuseppe Esposito) [2150910 2092794] [5.14.0-162.11.1_1] - drm/i915: fix TLB invalidation for Gen12 video and compute engines (Wander Lairson Costa) [2148152 2148153] {CVE-2022-4139} - memcg: prohibit unconditional exceeding the limit of dying tasks (Chris von Recklinghausen) [2143976 2120352] - mm, oom: do not trigger out_of_memory from the #PF (Waiman Long) [2143976 2139747] - mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks (Chris von Recklinghausen) [2143976 2120352] - pipe: Fix missing lock in pipe_resize_ring() (Ian Kent) [2141631 2141632] {CVE-2022-2959} - net: usb: ax88179_178a: Fix packet receiving (Jose Ignacio Tornos Martinez) [2142722 2142723] {CVE-2022-2964} - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (Jose Ignacio Tornos Martinez) [2142722 2142723] {CVE-2022-2964} - NFSD: Protect against send buffer overflow in NFSv3 READ (Scott Mayhew) [2141769 2141770] {CVE-2022-43945} - NFSD: Protect against send buffer overflow in NFSv2 READ (Scott Mayhew) [2141769 2141770] {CVE-2022-43945} - NFSD: Protect against send buffer overflow in NFSv3 READDIR (Scott Mayhew) [2141769 2141770] {CVE-2022-43945} - NFSD: Protect against send buffer overflow in NFSv2 READDIR (Scott Mayhew) [2141769 2141770] {CVE-2022-43945} - SUNRPC: Fix svcxdr_init_encode's buflen calculation (Scott Mayhew) [2141769 2141770] {CVE-2022-43945} - SUNRPC: Fix svcxdr_init_decode's end-of-buffer calculation (Scott Mayhew) [2141769 2141770] {CVE-2022-43945} [5.14.0-162.10.1_1] - ice: Fix crash by keep old cfg when update TCs more than queues (Petr Oros) [2132070 2131953] - ice: Fix tunnel checksum offload with fragmented traffic (Petr Oros) [2132070 2131953] - ice: handle E822 generic device ID in PLDM header (Petr Oros) [2132070 2131953] - ice: ethtool: Prohibit improper channel config for DCB (Petr Oros) [2132070 2131953] - ice: ethtool: advertise 1000M speeds properly (Petr Oros) [2132070 2131953] - ice: Fix switchdev rules book keeping (Petr Oros) [2132070 2131953] - ice: fix access-beyond-end in the switch code (Petr Oros) [2132070 2131953] - eth: ice: silence the GCC 12 array-bounds warning (Petr Oros) [2132070 2131953] - ice: Expose RSS indirection tables for queue groups via ethtool (Petr Oros) [2132070 2131953] - Revert 'ice: Hide bus-info in ethtool for PRs in switchdev mode' (Petr Oros) [2132070 2131953] - ice: remove period on argument description in ice_for_each_vf (Petr Oros) [2132070 2131953] - ice: add a function comment for ice_cfg_mac_antispoof (Petr Oros) [2132070 2131953] - ice: fix wording in comment for ice_reset_vf (Petr Oros) [2132070 2131953] - ice: remove return value comment for ice_reset_all_vfs (Petr Oros) [2132070 2131953] - ice: always check VF VSI pointer values (Petr Oros) [2132070 2131953] - ice: add newline to dev_dbg in ice_vf_fdir_dump_info (Petr Oros) [2132070 2131953] - ice: get switch id on switchdev devices (Petr Oros) [2132070 2131953] - ice: return ENOSPC when exceeding ICE_MAX_CHAIN_WORDS (Petr Oros) [2132070 2131953] - ice: introduce common helper for retrieving VSI by vsi_num (Petr Oros) [2132070 2131953] - ice: use min_t() to make code cleaner in ice_gnss (Petr Oros) [2132070 2131953] - ice, xsk: Avoid refilling single Rx descriptors (Petr Oros) [2132070 2131953] - ice, xsk: Diversify return values from xsk_wakeup call paths (Petr Oros) [2132070 2131953] - ice, xsk: Terminate Rx side of NAPI when XSK Rx queue gets full (Petr Oros) [2132070 2131953] - ice, xsk: Decorate ICE_XDP_REDIR with likely() (Petr Oros) [2132070 2131953] - ice: Add mpls+tso support (Petr Oros) [2132070 2131953] - ice: switch: convert packet template match code to rodata (Petr Oros) [2132070 2131953] - ice: switch: use convenience macros to declare dummy pkt templates (Petr Oros) [2132070 2131953] - ice: switch: use a struct to pass packet template params (Petr Oros) [2132070 2131953] - ice: switch: unobscurify bitops loop in ice_fill_adv_dummy_packet() (Petr Oros) [2132070 2131953] - ice: switch: add and use u16[] aliases to ice_adv_lkup_elem::{h, m}_u (Petr Oros) [2132070 2131953] - ice: Support GTP-U and GTP-C offload in switchdev (Petr Oros) [2132070 2131953] - Documentation/admin-guide: Document nomodeset kernel parameter (Karol Herbst) [2145217 2143841] - drm: Move nomodeset kernel parameter to the DRM subsystem (Karol Herbst) [2145217 2143841] - selftests/bpf: Limit unroll_count for pyperf600 test (Frantisek Hrbata) [2144902 2139836] - nvme-fc: fix the fc_appid_store return value (Ewan D. Milne) [2136914 2113035] - ACPI: processor idle: Practically limit 'Dummy wait' workaround to old Intel systems (Wei Huang) [2142168 2130652] - CI: Drop c9s CI parts (Veronika Kabatova) - CI: Use GA builder container (Veronika Kabatova) [5.14.0-162.9.1_1] - CI: Remove deprecated variable (Veronika Kabatova) - drm: fix duplicated code in drm_connector_register (Karol Herbst) [2134619 2132575] - drm/mgag200: Fix PLL setup for G200_SE_A rev >=4 (Jocelyn Falempe) [2140153 1960467] - scsi: mpi3mr: Schedule IRQ kthreads only on non-RT kernels (Tomas Henzl) [2139213 2136223] [5.14.0-162.8.1_1] - redhat: fix the branch we pull from the documentation tree (Herton R. Krzesinski) - nvme-tcp: handle number of queue changes (John Meneghini) [2131359 2112025] - nvmet: expose max queues to configfs (John Meneghini) [2131359 2112025] - nvme-fabrics: parse nvme connect Linux error codes (John Meneghini) [2131359 2112025] - vfio/type1: Unpin zero pages (Alex Williamson) [2128514 2121855] - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (Oleg Nesterov) [2127881 2121271] {CVE-2022-30594} [5.14.0-162.7.1_1] - i2c: ismt: prevent memory corruption in ismt_access() (David Arcari) [2127532 2125582] {CVE-2022-3077} - x86/fpu: Prevent FPU state corruption (Oleksandr Natalenko) [2134588 2131667] - iavf: Fix reset error handling (Petr Oros) [2127884 2119712] - iavf: Fix NULL pointer dereference in iavf_get_link_ksettings (Petr Oros) [2127884 2119712] - iavf: Fix missing state logs (Petr Oros) [2127884 2119712] IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-4139 CVE-2022-3077 CVE-2022-2964 CVE-2022-43945 CVE-2022-2959 CVE-2022-30594 Oracle Linux 9 [1.12.20-7.0.1] - fix netlink poll: error 4 (Zhenzhong Duan) [1:1.12.20-7] - Fix CVE-2022-42010 (#2133647) - Fix CVE-2022-42011 (#2133641) - Fix CVE-2022-42012 (#2133635) MODERATE Copyright 2023 Oracle, Inc. CVE-2022-42011 CVE-2022-42012 CVE-2022-42010 Oracle Linux 9 [250-12.0.2.el9_1.1] - Backport upstream pstore dmesg fix [Orabug: 34868110] - Remove upstream references [Orabug: 33995357] - Disable unprivileged BPF by default [Orabug: 32870980] - udev rules: fix memory hot add and remove [Orabug: 31310273] - set 'RemoveIPC=no' in logind.conf as default for OL7.2 [Orabug: 22224874] - allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469] - fix _netdev is missing for iscsi entry in /etc/fstab (tony.l.lam@oracle.com) [Orabug: 25897792] - shutdown: get only active md arrays. [Orabug: 34467234] [250-12.1] - time-util: fix buffer-over-run (#2139388) MODERATE Copyright 2023 Oracle, Inc. CVE-2022-3821 Oracle Linux 9 [2.4.9-1.1] - CVE-2022-43680 expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate - Resolves: CVE-2022-43680 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-43680 Oracle Linux 9 [2.9.13-3] - Fix CVE-2022-40303 (#2136564) - Fix CVE-2022-40304 (#2136569) MODERATE Copyright 2023 Oracle, Inc. CVE-2022-40303 CVE-2022-40304 Oracle Linux 9 [3.34.1-6] - Fixes CVE-2022-35737 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-35737 Oracle Linux 9 [5.1.8-6] - Add a null check in parameter_brace_transform() function Resolves: CVE-2022-3715 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-3715 Oracle Linux 9 [4.16.0-9] - Resolves: rhbz#2140602 MODERATE Copyright 2023 Oracle, Inc. CVE-2021-46848 Oracle Linux 9 [3.5.13-8] - Fix CVE-2022-46285: infinite loop on unclosed comments (#2160230) - Fix CVE-2022-44617: runaway loop with width of 0 (#2160232) - Fix CVE-2022-4883: compression depends on /usr/local/bin:/usr/bin (#2160242) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-4883 CVE-2022-44617 CVE-2022-46285 Oracle Linux 9 [102.7.1-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.7.1-1] - Update to 102.7.1 build1 [102.7.0-1] - Update to 102.7.0 build1 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-46871 CVE-2023-23601 CVE-2023-23605 CVE-2023-23598 CVE-2023-23603 CVE-2023-23599 CVE-2022-46877 CVE-2023-23602 Oracle Linux 9 [102.7.1-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.7.1-2] - Update to 102.7.1 build2 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-0430 Oracle Linux 9 [2.31.1-3] - Fixes CVE-2022-23521 and CVE-2022-41903 - Tests: try harder to find open ports for apache, git, and svn - Resolves: #2162069 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-41903 CVE-2022-23521 Oracle Linux 9 [1.12.0-5] - xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation Resolves: bz#2167060 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-0494 Oracle Linux 9 [1.5.1-6] - Fix for CVE-2022-47629 (#2161571) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-47629 Oracle Linux 9 [2.06-46.0.4.el9_1.3] - Bump SBAT metadata for grub to 3 [Orabug: 34872719] - Fix CVE-2022-3775 [Orabug: 34871953] - Enable signing for aarch64 EFI - Fix signing certificate names - Enable back btrfs grub module for EFI pre-built image [Orabug: 34360986] - Replaced bugzilla.oracle.com references [Orabug: 34202300] - Update provided certificate version to 202204 [JIRA: OLDIS-16371] - Various coverity fixes [JIRA: OLDIS-16371] - bump SBAT generation - Update bug url [Orabug: 34202300] - Revert provided certificate version back to 202102 [JIRA: OLDIS-16371] - Update signing certificate [JIRA: OLDIS-16371] - fix SBAT data [JIRA: OLDIS-16371] - Update requires [JIRA: OLDIS-16371] - Rebuild for SecureBoot signatures [Orabug: 33801813] - Do not add shim and grub certificate deps for aarch64 packages [Orabug: 32670033] - Update Oracle SBAT data [Orabug: 32670033] - Use new signing certificate [Orabug: 32670033] - honor /etc/sysconfig/kernel DEFAULTKERNEL setting for BLS [Orabug: 30643497] - set EFIDIR as redhat for additional grub2 tools [Orabug: 29875597] - Update upstream references [Orabug: 26388226] - Insert Unbreakable Enterprise Kernel text into BLS config file [Orabug: 29417955] - Put 'with' in menuentry instead of 'using' [Orabug: 18504756] - Use different titles for UEK and RHCK kernels [Orabug: 18504756] [2.06-46.el9_1.3] - Give up on redhat-sb-certs - Resolves: CVE-2022-2601 [2.06-46.el9_1.2] - CVE update (actually 2.06-49) - Resolves: CVE-2022-2601 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-3775 CVE-2022-2601 cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [102.8.0-2.0.1] - Updated homepages to use https [Orabug: 34648274] [102.8.0-2] - Update to 102.8.0 build2 [102.8.0-1] - Update to 102.8.0 build1 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-25732 CVE-2023-25739 CVE-2023-25737 CVE-2023-25742 CVE-2023-25743 CVE-2023-25735 CVE-2023-0767 CVE-2023-25729 CVE-2023-25728 CVE-2023-25730 CVE-2023-25744 CVE-2023-25746 Oracle Linux 9 [102.8.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.8.0-2] - Update to 102.8.0 build2 [102.8.0-1] - Update to 102.8.0 build1 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-25732 CVE-2023-25728 CVE-2023-25737 CVE-2023-25742 CVE-2023-25743 CVE-2023-25739 CVE-2023-0767 CVE-2023-25729 CVE-2023-25746 CVE-2023-25730 CVE-2023-0616 CVE-2023-25735 CVE-2023-25744 Oracle Linux 9 [2.36.7-1.2] - Add patch for CVE-2023-23529 Resolves: #2170000 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-23529 Oracle Linux 9 [3.0.1-47.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.1-47] - Fixed X.509 Name Constraints Read Buffer Overflow Resolves: CVE-2022-4203 - Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed Double free after calling PEM_read_bio_ex Resolves: CVE-2022-4450 - Fixed Use-after-free following BIO_new_NDEF Resolves: CVE-2023-0215 - Fixed Invalid pointer dereference in d2i_PKCS7 functions Resolves: CVE-2023-0216 - Fixed NULL dereference validating DSA public key Resolves: CVE-2023-0217 - Fixed X.400 address type confusion in X.509 GeneralName Resolves: CVE-2023-0286 - Fixed NULL dereference during PKCS7 data verification Resolves: CVE-2023-0401 [1:3.0.1-46] - Refactor OpenSSL fips module MAC verification Resolves: rhbz#2158412 - Disallow SHAKE in RSA-OAEP decryption in FIPS mode Resolves: rhbz#2144010 [1:3.0.1-45] - Add support of X25519 and X448 'group' parameter in EVP_PKEY_CTX objects Resolves: rhbz#2149010 - Fix explicit indicator for PSS salt length in FIPS mode when used with negative magic values Resolves: rhbz#2144012 - Update change to default PSS salt length with patch state from upstream Related: rhbz#2144012 [1:3.0.1-44] - SHAKE-128/256 are not allowed with RSA in FIPS mode Resolves: rhbz#2144010 - Avoid memory leaks in TLS Resolves: rhbz#2144008 - FIPS RSA CRT tests must use correct parameters Resolves: rhbz#2144006 - FIPS-140-3 permits only SHA1, SHA256, and SHA512 for DRBG-HASH/DRBG-HMAC Resolves: rhbz#2144017 - Remove support for X9.31 signature padding in FIPS mode Resolves: rhbz#2144015 - Add explicit indicator for SP 800-108 KDFs with short key lengths Resolves: rhbz#2144019 - Add explicit indicator for HMAC with short key lengths Resolves: rhbz#2144000 - Set minimum password length for PBKDF2 in FIPS mode Resolves: rhbz#2144003 - Add explicit indicator for PSS salt length in FIPS mode Resolves: rhbz#2144012 - Clamp default PSS salt length to digest size for FIPS 186-4 compliance Related: rhbz#2144012 - Forbid short RSA keys for key encapsulation/decapsulation in FIPS mode Resolves: rhbz#2145170 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-0401 CVE-2022-4450 CVE-2023-0216 CVE-2023-0217 CVE-2023-0286 CVE-2023-0215 CVE-2022-4304 CVE-2022-4203 Oracle Linux 9 - [5.14.0-162.18.1_1.OL9] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944] - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] [5.14.0-162.18.1_1] - powerpc/pseries: Use lparcfg to reconfig VAS windows for DLPAR CPU (Steve Best) [2154305 2133101] - redhat/configs: Change the amd-pstate driver from builtin to loadable (David Arcari) [2151274 2143793] - powerpc/pseries/mobility: set NMI watchdog factor during an LPM (Steve Best) [2140085 2122830] - powerpc/watchdog: introduce a NMI watchdog's factor (Steve Best) [2140085 2122830] - watchdog: export lockup_detector_reconfigure (Steve Best) [2140085 2122830] - powerpc/mobility: wait for memory transfer to complete (Steve Best) [2140085 2122830] [5.14.0-162.17.1_1] - PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (Emanuele Giuseppe Esposito) [2155459 2100404] - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (Emanuele Giuseppe Esposito) [2155459 2100404] - PCI: hv: Fix interrupt mapping for multi-MSI (Emanuele Giuseppe Esposito) [2155459 2100404] - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (Emanuele Giuseppe Esposito) [2155459 2100404] - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (Emanuele Giuseppe Esposito) [2155459 2100404] - PCI: hv: Fix multi-MSI to allow more than one MSI vector (Emanuele Giuseppe Esposito) [2155459 2100404] - proc: proc_skip_spaces() shouldn't think it is working on C strings (Wander Lairson Costa) [2152580 2152581] {CVE-2022-4378} - proc: avoid integer type confusion in get_proc_long (Wander Lairson Costa) [2152580 2152581] {CVE-2022-4378} - blk-mq: run queue no matter whether the request is the last request (Ming Lei) [2162535 2118511] - netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits (Florian Westphal) [2161724 2161725] {CVE-2023-0179} - nvme-tcp: fix regression that causes sporadic requests to time out (Gopal Tiwari) [2161344 2124526] - netfs: Fix dodgy maths (Xiubo Li) [2161418 2138981] - netfs: Fix missing xas_retry() calls in xarray iteration (Xiubo Li) [2161418 2138981] [5.14.0-162.16.1_1] - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (Ricardo Robaina) [2152929 2152931] {CVE-2022-3564} - gitlab-ci: use CI templates from production branch (Michael Hofmann) [5.14.0-162.15.1_1] - KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (Thomas Huth) [2158815 2140899] - x86/fpu: Do not leak fpstate pointer on fork (Rafael Aquini) [2133083 2120448] - Revert 'usb: typec: ucsi: add a common function ucsi_unregister_connectors()' (Torez Smith) [2153277 2113003] - i2c: ismt: Fix an out-of-bounds bug in ismt_access() (David Arcari) [2154859 2119067] {CVE-2022-2873} [5.14.0-162.14.1_1] - NFSD: fix use-after-free in __nfs42_ssc_open() (Benjamin Coddington) [2152815 2152816] {CVE-2022-4379} - PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (Mohammed Gamal) [2155930 2155277] - PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (Mohammed Gamal) [2155930 2155277] - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (Mohammed Gamal) [2155930 2155277] - sched/core: Always flush pending blk_plug (Phil Auld) [2153792 2115520] [5.14.0-162.13.1_1] - scsi: qla2xxx: Fix crash when I/O abort times out (Nilesh Javali) [2152178 2115892] - net: mana: Fix race on per-CQ variable napi work_done (Emanuele Giuseppe Esposito) [2155145 2153431] IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-0179 CVE-2022-4378 CVE-2022-3564 CVE-2022-4379 CVE-2022-2873 Oracle Linux 9 [53.0.0-10.1] - Security fix for CVE-2022-40897 Resolves: rhbz#2158559 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-40897 Oracle Linux 9 [3.9.14-1.2] - Security fix for CVE-2022-45061 Resolves: rhbz#2144072 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-45061 Oracle Linux 9 [250-12.0.2.3] - Backport upstream pstore dmesg fix [Orabug: 34868110] - Remove upstream references [Orabug: 33995357] - Disable unprivileged BPF by default [Orabug: 32870980] - udev rules: fix memory hot add and remove [Orabug: 31310273] - set 'RemoveIPC=no' in logind.conf as default for OL7.2 [Orabug: 22224874] - allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469] - fix _netdev is missing for iscsi entry in /etc/fstab (tony.l.lam@oracle.com) [Orabug: 25897792] - shutdown: get only active md arrays. [Orabug: 34467234] [250-12.3] - shared/json: allow json_variant_dump() to return an error (#2149074) - shared/json: use different return code for empty input (#2149074) - coredump: avoid deadlock when passing processed backtrace data (#2149074) - test: disable flaky subtests that require udevadm wait/lock (#2149074) [250-12.2] - coredump: adjust whitespace (#2155516) - basic: add STRERROR() wrapper for strerror_r() (#2155516) - coredump: do not allow user to access coredumps with changed uid/gid/capabilities (#2155516) - Packit: build SRPMs in Copr (#2155516) - test: support non-summer time (#2155516) - test: bump the base VM memory to 768M (#2155516) - test: don't overwrite existing (#2155516) MODERATE Copyright 2023 Oracle, Inc. CVE-2022-45873 CVE-2022-4415 Oracle Linux 9 [5.4.4-2] - Resolves CVE-2021-43519 [5.4.4-1] - Rebase to lua 5.4.4 - Resolves CVE-2021-44964 [5.4.2-7] - Fix up CVE-2022-33099 patch [5.4.2-6] - Enable gating [5.4.2-5] - apply upstream fix for CVE-2022-33099 MODERATE Copyright 2023 Oracle, Inc. CVE-2021-43519 CVE-2021-44964 Oracle Linux 9 [8.2.2637-20.0.1] - Remove upstream references [Orabug: 31197557] [2:8.2.2637-20] - CVE-2022-47024 vim: no check if the return value of XChangeGC() is NULL [2:8.2.2637-19] - CVE-2022-1785 vim: Out-of-bounds Write - CVE-2022-1897 vim: out-of-bounds write in vim_regsub_both() in regexp.c - CVE-2022-1927 vim: buffer over-read in utf_ptr2char() in mbyte.c [2:8.2.2637-18] - CVE-2022-1621 vim: heap buffer overflow - CVE-2022-1629 vim: buffer over-read [2:8.2.2637-17] - CVE-2022-1154 vim: use after free in utf_ptr2char - CVE-2022-1420 vim: Out-of-range Pointer Offset MODERATE Copyright 2023 Oracle, Inc. CVE-2022-47024 Oracle Linux 9 [2:1.34-6] - Fix CVE-2022-48303 - Resolves: CVE-2022-48303 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-48303 Oracle Linux 9 [8.0.27-1] - rebase to 8.0.27 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-37454 CVE-2022-31631 CVE-2022-31629 CVE-2022-31628 CVE-2022-31630 Oracle Linux 9 [2.4.53-7.0.1] - Replace index.html with Oracle's index page oracle_index.html. [2.4.53-7.1] - Resolves: #2165975 - prevent sscg creating /dhparams.pem - Resolves: #2165970 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write of zero byte - Resolves: #2165973 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting - Resolves: #2165974 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request smuggling MODERATE Copyright 2023 Oracle, Inc. CVE-2022-37436 CVE-2022-36760 CVE-2006-20001 Oracle Linux 9 [115-6.0.1] - Update Oracle Linux test certificates [Orabug: 31928433] [115-6] - Fix chmod invocation - Resolves: CVE-2022-3560 [115-5] - Deprecate pesign-authorize and drop ACL use - Resolves: CVE-2022-3560 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-3560 Oracle Linux 9 [2.0.90-6] - Fix CVE-2021-46822 - Resolves: CVE-2021-46822 MODERATE Copyright 2023 Oracle, Inc. CVE-2021-46822 Oracle Linux 9 [3.7.6-18] - Update gnutls-3.7.8-fips-pct-dh.patch to the upstream version (#2168610) [3.7.6-17] - Fix timing side-channel in TLS RSA key exchange (#2162600) [3.7.6-16] - fips: extend PCT to DH key generation (#2168610) [3.7.6-14] - fips: remove library path checking from FIPS integrity check (#2149638) - fips: rename hmac file to its previous name (#2149640) [3.7.6-13] - cipher: add restriction on CCM tag length under FIPS mode (#2144535) - nettle: mark non-compliant RSA-PSS salt length to be not-approved (#2144537) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-0361 Oracle Linux 8 Oracle Linux 9 [5.15.0-6.80.3.1] - Revert 'rds: ib: Enable FC by default' (Hakon Bugge) [Orabug: 34964359] [5.15.0-6.80.3] - net/mlx5: Suppress error logging on UCTX creation (Marina) [Orabug: 34888471] - rds: ib: Fix leaked MRs during kexec (Hakon Bugge) [Orabug: 34892082] - uek-rpm: Add ptp_kvm.ko to core rpm (Somasundaram Krishnasamy) [Orabug: 34901414] - Revert 'tracing/ring-buffer: Have polling block on watermark' (Harshit Mogalapalli) [Orabug: 34890999] [5.15.0-6.80.2] - scsi: mpi3mr: Remove unnecessary cast (Jules Irenge) [Orabug: 34640445] - scsi: mpi3mr: Update driver version to 8.2.0.3.0 (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Fix scheduling while atomic type bug (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Scan the devices during resume time (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Free enclosure objects during driver unload (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Handle 0xF003 Fault Code (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Graceful handling of surprise removal of PCIe HBA (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Schedule IRQ kthreads only on non-RT kernels (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Support new power management framework (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Update mpi3 header files (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Fix error code in mpi3mr_transport_smp_handler() (Dan Carpenter) [Orabug: 34640445] - scsi: mpi3mr: Fix error codes in mpi3mr_report_manufacture() (Dan Carpenter) [Orabug: 34640445] - scsi: mpi3mr: Block I/Os while refreshing target dev objects (Chandrakanth patil) [Orabug: 34640445] - scsi: mpi3mr: Refresh SAS ports during soft reset (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Support SAS transport class callbacks (Chandrakanth patil) [Orabug: 34640445] - scsi: mpi3mr: Add framework to issue MPT transport cmds (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Add SAS SATA end devices to STL (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Get target object based on rphy (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Add expander devices to STL (Chandrakanth patil) [Orabug: 34640445] - scsi: mpi3mr: Enable STL on HBAs where multipath is disabled (Chandrakanth patil) [Orabug: 34640445] - scsi: mpi3mr: Add helper functions to manage device's port (Chandrakanth patil) [Orabug: 34640445] - scsi: mpi3mr: Add helper functions to retrieve device objects (Chandrakanth patil) [Orabug: 34640445] - scsi: mpi3mr: Add framework to add phys to STL (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Enable Enclosure device add event (Chandrakanth patil) [Orabug: 34640445] - scsi: mpi3mr: Add helper functions to retrieve config pages (Chandrakanth patil) [Orabug: 34640445] - scsi: mpi3mr: Add framework to issue config requests (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Add config and transport related debug flags (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Delete a stray tab (Dan Carpenter) [Orabug: 34640445] - scsi: mpi3mr: Unlock on error path (Dan Carpenter) [Orabug: 34640445] - scsi: mpi3mr: Reduce VD queue depth on detecting throttling (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Resource Based Metering (Chandrakanth patil) [Orabug: 34640445] - scsi: mpi3mr: Increase cmd_per_lun to 128 (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Enable shared host tagset (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Fix kernel-doc (Chandrakanth patil) [Orabug: 34640445] - scsi: mpi3mr: Rework mrioc->bsg_device model to fix warnings (Sumit Saxena) [Orabug: 34640445] - scsi: mpi3mr: Add target device related sysfs (Chandrakanth patil) [Orabug: 34640445] - scsi: mpi3mr: Add shost related sysfs attributes (Chandrakanth patil) [Orabug: 34640445] - scsi: mpi3mr: Return error if dma_alloc_coherent() fails (Dan Carpenter) [Orabug: 34640445] - scsi: mpi3mr: Fix a NULL vs IS_ERR() bug in mpi3mr_bsg_init() (Dan Carpenter) [Orabug: 34640445] - scsi: mpi3mr: Return I/Os to an unrecoverable HBA with DID_ERROR (Chandrakanth patil) [Orabug: 34640445] - scsi: mpi3mr: Hidden drives not removed during soft reset (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Increase I/O timeout value to 60s (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Update driver version to 8.0.0.69.0 (Sumit Saxena) [Orabug: 34640445] - scsi: mpi3mr: Add support for NVMe passthrough (Sumit Saxena) [Orabug: 34640445] - scsi: mpi3mr: Expose adapter state to sysfs (Chandrakanth patil) [Orabug: 34640445] - scsi: mpi3mr: Add support for PEL commands (Sumit Saxena) [Orabug: 34640445] - scsi: mpi3mr: Add support for MPT commands (Sumit Saxena) [Orabug: 34640445] - scsi: mpi3mr: Move data structures/definitions from MPI headers to uapi header (Sumit Saxena) [Orabug: 34640445] - scsi: mpi3mr: Add support for driver commands (Sumit Saxena) [Orabug: 34640445] - scsi: mpi3mr: Add bsg device support (Sumit Saxena) [Orabug: 34640445] - scsi: mpi3mr: Fix flushing !WQ_MEM_RECLAIM events warning (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Bump driver version to 8.0.0.68.0 (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Update the copyright year (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Fix cmnd getting marked as in use forever (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Fix hibernation issue (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Update MPI3 headers (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Fix printing of pending I/O count (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Fix deadlock while canceling the fw event (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Fix formatting problems in some kernel-doc comments (Yang Li) [Orabug: 34640445] - scsi: mpi3mr: Fix some spelling mistakes (Colin Ian King) [Orabug: 34640445] - scsi: mpi3mr: Bump driver version to 8.0.0.61.0 (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Enhanced Task Management Support Reply handling (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Use TM response codes from MPI3 headers (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Add io_uring interface support in I/O-polled mode (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Print cable mngnt and temp threshold events (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Support Prepare for Reset event (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Add Event acknowledgment logic (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Gracefully handle online FW update operation (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Detect async reset that occurred in firmware (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Add IOC reinit function (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Handle offline FW activation in graceful manner (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Code refactor of IOC init - part2 (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Code refactor of IOC init - part1 (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Fault IOC when internal command gets timeout (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Display IOC firmware package version (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Handle unaligned PLL in unmap cmnds (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Increase internal cmnds timeout to 60s (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Do access status validation before adding devices (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Add support for PCIe Managed Switch SES device (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Update MPI3 headers - part2 (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Update MPI3 headers - part1 (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Don't reset IOC if cmnds flush with reset status (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Replace spin_lock() with spin_lock_irqsave() (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Add debug APIs based on logging_level bits (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Use scnprintf() instead of snprintf() (Dan Carpenter) [Orabug: 34640445] - scsi: mpi3mr: Clean up mpi3mr_print_ioc_info() (Dan Carpenter) [Orabug: 34640445] - rds: ib: Remove unnecessary call to rds_ib_ring_unalloc (Hakon Bugge) [Orabug: 34768825] - rds: ib: Remove unnecessary i_flowctl term from conditions (Hakon Bugge) [Orabug: 34768825] - rds: ib: Remove unnesesarry variable initialization (Hakon Bugge) [Orabug: 34768825] - rds: ib: Make sure receives are posted before connection is up (Hakon Bugge) [Orabug: 34768825] - rds: ib: Fix the Retry counter dependency on RNR NAK Retry counter (Hakon Bugge) [Orabug: 34768825] - rds: Deduct one credit on the passive side (Hakon Bugge) [Orabug: 34768825] - rds: Use all eight bits for credit updates (Hakon Bugge) [Orabug: 34768825] - RDS/IB: Fix the misplaced counter update rdma dto path (Devesh Sharma) [Orabug: 34865847] - uek-rpm: Enable CONFIG_HP_ILO for aarch64 (Saeed Mirzamohammadi) [Orabug: 34869880] - uek-rpm: ol8: Choose right annobin plugin for UEK build (Somasundaram Krishnasamy) [Orabug: 34873882] - proc: proc_skip_spaces() shouldn't think it is working on C strings (Linus Torvalds) [Orabug: 34882775] {CVE-2022-4378} - proc: avoid integer type confusion in get_proc_long (Linus Torvalds) [Orabug: 34882775] {CVE-2022-4378} [5.15.0-6.80.1] - LTS version: v5.15.80 (Jack Vogel) - ntfs: check overflow when iterating ATTR_RECORDs (Hawkins Jiawei) - ntfs: fix out-of-bounds read in ntfs_attr_find() (Hawkins Jiawei) - ntfs: fix use-after-free in ntfs_attr_find() (Hawkins Jiawei) - net/9p: use a dedicated spinlock for trans_fd (Dominique Martinet) - mm: fs: initialize fsdata passed to write_begin/write_end interface (Alexander Potapenko) - wifi: wext: use flex array destination for memcpy() (Hawkins Jiawei) - 9p/trans_fd: always use O_NONBLOCK read/write (Tetsuo Handa) - gfs2: Switch from strlcpy to strscpy (Andreas Gruenbacher) - gfs2: Check sb_bsize_shift after reading superblock (Andrew Price) - 9p: trans_fd/p9_conn_cancel: drop client lock earlier (Dominique Martinet) - kcm: close race conditions on sk_receive_queue (Cong Wang) - kcm: avoid potential race in kcm_tx_work (Eric Dumazet) - tcp: cdg: allow tcp_cdg_release() to be called multiple times (Eric Dumazet) - macvlan: enforce a consistent minimal mtu (Eric Dumazet) - Input: i8042 - fix leaking of platform device on module removal (Chen Jun) - kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (Li Huafei) - scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (Yuan Can) - scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus() (Yang Yingliang) - net: use struct_group to copy ip/ipv6 header addresses (Hangbin Liu) - tracing: Fix warning on variable 'struct trace_array' (Aashish Sharma) - ring-buffer: Include dropped pages in counting dirty patches (Steven Rostedt (Google)) - perf: Improve missing SIGTRAP checking (Marco Elver) - serial: 8250_lpss: Use 16B DMA burst with Elkhart Lake (Ilpo Jarvinen) - nvme: ensure subsystem reset is single threaded (Keith Busch) - nvme: restrict management ioctls to admin (Keith Busch) - perf/x86/intel/pt: Fix sampling using single range output (Adrian Hunter) - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (Alexander Potapenko) - docs: update mediator contact information in CoC doc (Shuah Khan) - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (Xiongfeng Wang) - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (Chevron Li) - mmc: core: properly select voltage range without power cycle (Yann Gautier) - firmware: coreboot: Register bus in module init (Brian Norris) - iommu/vt-d: Set SRE bit only when hardware has SRS cap (Tina Zhang) - iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging entries (Tina Zhang) - scsi: zfcp: Fix double free of FSF request when qdio send fails (Benjamin Block) - net: phy: marvell: add sleep time after enabling the loopback bit (Aminuddin Jamaluddin) - maccess: Fix writing offset in case of fault in strncpy_from_kernel_nofault() (Alban Crequy) - Input: iforce - invert valid length check when fetching device IDs (Tetsuo Handa) - serial: 8250_lpss: Configure DMA also w/o DMA filter (Ilpo Jarvinen) - serial: 8250: Flush DMA Rx on RLSI (Ilpo Jarvinen) - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (Ilpo Jarvinen) - dm ioctl: fix misbehavior if list_versions races with module loading (Mikulas Patocka) - iio: pressure: ms5611: changed hardcoded SPI speed to value limited (Mitja Spes) - iio: adc: mp2629: fix potential array out of bound access (Saravanan Sekar) - iio: adc: mp2629: fix wrong comparison of channel (Saravanan Sekar) - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (Yang Yingliang) - iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (Yang Yingliang) - usb: typec: mux: Enter safe mode only when pins need to be reconfigured (Rajat Khandelwal) - usb: cdns3: host: fix endless superspeed hub port reset (Li Jun) - usb: chipidea: fix deadlock in ci_otg_del_timer (Duoming Zhou) - usb: add NO_LPM quirk for Realforce 87U Keyboard (Nicolas Dumazet) - USB: serial: option: add Fibocom FM160 0x0111 composition (Reinhard Speyerer) - USB: serial: option: add u-blox LARA-L6 modem (Davide Tronchin) - USB: serial: option: add u-blox LARA-R6 00B modem (Davide Tronchin) - USB: serial: option: remove old LARA-R6 PID (Davide Tronchin) - USB: serial: option: add Sierra Wireless EM9191 (Benoit Monin) - USB: bcma: Make GPIO explicitly optional (Linus Walleij) - speakup: fix a segfault caused by switching consoles (Mushahid Hussain) - slimbus: stream: correct presence rate frequencies (Krzysztof Kozlowski) - slimbus: qcom-ngd: Fix build error when CONFIG_SLIM_QCOM_NGD_CTRL=y && CONFIG_QCOM_RPROC_COMMON=m (Zheng Bin) - Revert 'usb: dwc3: disable USB core PHY management' (Johan Hovold) - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (Takashi Iwai) - ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro (Emil Flink) - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (Takashi Iwai) - drm/amd/display: Add HUBP surface flip interrupt handler (Rodrigo Siqueira) - tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit() (Shang XiaoJing) - tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit() (Shang XiaoJing) - tracing: Fix race where eprobes can be called before the event (Steven Rostedt (Google)) - tracing: Fix wild-memory-access in register_synth_event() (Shang XiaoJing) - tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event() (Shang XiaoJing) - tracing/ring-buffer: Have polling block on watermark (Steven Rostedt (Google)) - tracing: Fix memory leak in tracing_read_pipe() (Wang Yufen) - ring_buffer: Do not deactivate non-existant pages (Daniil Tatianin) - ftrace: Fix null pointer dereference in ftrace_add_mod() (Xiu Jianfeng) - ftrace: Optimize the allocation for mcount entries (Wang Wensheng) - ftrace: Fix the possible incorrect kernel message (Wang Wensheng) - cifs: add check for returning value of SMB2_set_info_init (Anastasia Belova) - net: thunderbolt: Fix error handling in tbnet_init() (Yuan Can) - net: microchip: sparx5: Fix potential null-ptr-deref in sparx_stats_init() and sparx5_start() (Shang XiaoJing) - cifs: Fix wrong return value checking when GETFLAGS (Zhang Xiaoxu) - net/x25: Fix skb leak in x25_lapb_receive_frame() (Wei Yongjun) - net: ag71xx: call phylink_disconnect_phy if ag71xx_hw_enable() fail in ag71xx_open() (Liu Jian) - cifs: add check for returning value of SMB2_close_init (Anastasia Belova) - platform/surface: aggregator: Do not check for repeated unsequenced packets (Maximilian Luz) - platform/x86/intel: pmc: Don't unconditionally attach Intel PMC when virtualized (Roger Pau Monne) - drbd: use after free in drbd_create_device() (Dan Carpenter) - bridge: switchdev: Fix memory leaks when changing VLAN protocol (Ido Schimmel) - net: hns3: fix setting incorrect phy link ksettings for firmware in resetting process (Guangbin Huang) - net: ena: Fix error handling in ena_init() (Yuan Can) - net: ionic: Fix error handling in ionic_init_module() (Yuan Can) - xen/pcpu: fix possible memory leak in register_pcpu() (Yang Yingliang) - net: dsa: make dsa_master_ioctl() see through port_hwtstamp_get() shims (Vladimir Oltean) - net: mhi: Fix memory leak in mhi_net_dellink() (Wei Yongjun) - bnxt_en: Remove debugfs when pci_register_driver failed (Gaosheng Cui) - net: caif: fix double disconnect client in chnl_net_open() (Zhengchao Shao) - net: macvlan: Use built-in RCU list checking (Chuang Wang) - mISDN: fix misuse of put_device() in mISDN_register_device() (Wang ShaoBo) - net: liquidio: release resources when liquidio driver open failed (Zhengchao Shao) - soc: imx8m: Enable OCOTP clock before reading the register (Xiaolei Wang) - net: stmmac: ensure tx function is not running in stmmac_xdp_release() (Mohd Faizal Abdul Rahim) - net: hinic: Fix error handling in hinic_module_init() (Yuan Can) - mISDN: fix possible memory leak in mISDN_dsp_element_register() (Yang Yingliang) - net: bgmac: Drop free_netdev() from bgmac_enet_remove() (Wei Yongjun) - bpf: Initialize same number of free nodes for each pcpu_freelist (Xu Kuohai) - MIPS: Loongson64: Add WARN_ON on kexec related kmalloc failed (Liao Chang) - MIPS: fix duplicate definitions for exported symbols (Rongwei Zhang) - nfp: change eeprom length to max length enumerators (Jaco Coetzee) - ata: libata-transport: fix error handling in ata_tdev_add() (Yang Yingliang) - ata: libata-transport: fix error handling in ata_tlink_add() (Yang Yingliang) - ata: libata-transport: fix error handling in ata_tport_add() (Yang Yingliang) - ata: libata-transport: fix double ata_host_put() in ata_tport_add() (Yang Yingliang) - arm64: dts: imx8mn: Fix NAND controller size-cells (Marek Vasut) - arm64: dts: imx8mm: Fix NAND controller size-cells (Marek Vasut) - ARM: dts: imx7: Fix NAND controller size-cells (Marek Vasut) - drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (Shang XiaoJing) - drm/drv: Fix potential memory leak in drm_dev_init() (Shang XiaoJing) - drm/panel: simple: set bpc field for logic technologies displays (Aishwarya Kothari) - drm/vc4: kms: Fix IS_ERR() vs NULL check for vc4_kms (Gaosheng Cui) - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (Zeng Heng) - parport_pc: Avoid FIFO port location truncation (Maciej W. Rozycki) - siox: fix possible memory leak in siox_device_add() (Yang Yingliang) - arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro (D Scott Phillips) - bpf: Fix memory leaks in __check_func_call (Wang Yufen) - block: sed-opal: kmalloc the cmd/resp buffers (Serge Semin) - scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (Yang Yingliang) - pinctrl: rockchip: list all pins in a possible mux route for PX30 (Quentin Schulz) - ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (Chen Zhongjin) - bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb() (Baisong Zhong) - tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send (Duoming Zhou) - serial: imx: Add missing .thaw_noirq hook (Shawn Guo) - serial: 8250: omap: Flush PM QOS work on remove (Tony Lindgren) - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (Tony Lindgren) - serial: 8250_omap: remove wait loop from Errata i202 workaround (Matthias Schiffer) - serial: 8250: omap: Fix missing PM runtime calls for omap8250_set_mctrl() (Tony Lindgren) - ARM: at91: pm: avoid soft resetting AC DLL (Claudiu Beznea) - ASoC: tas2764: Fix set_tdm_slot in case of single slot (Martin Poviser) - ASoC: tas2770: Fix set_tdm_slot in case of single slot (Martin Poviser) - ASoC: core: Fix use-after-free in snd_soc_exit() (Chen Zhongjin) - ARM: dts: at91: sama7g5: fix signal name of pin PB2 (Mihai Sain) - spi: stm32: Print summary 'callbacks suppressed' message (Marek Vasut) - arm64: dts: qcom: sm8350-hdk: Specify which LDO modes are allowed (Douglas Anderson) - arm64: dts: qcom: sm8250-xperia-edo: Specify which LDO modes are allowed (Douglas Anderson) - arm64: dts: qcom: sm8150-xperia-kumano: Specify which LDO modes are allowed (Douglas Anderson) - arm64: dts: qcom: sa8155p-adp: Specify which LDO modes are allowed (Douglas Anderson) - KVM: x86/pmu: Do not speculatively query Intel GP PMCs that don't exist yet (Like Xu) - spi: intel: Use correct mask for flash and protected regions (Mika Westerberg) - mtd: spi-nor: intel-spi: Disable write protection only if asked (Mika Westerberg) - ASoC: codecs: jz4725b: Fix spelling mistake 'Sourc' -> 'Source', 'Routee' -> 'Route' (Colin Ian King) - x86/cpu: Add several Intel server CPU model numbers (Tony Luck) - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (Luiz Augusto von Dentz) - btrfs: remove pointless and double ulist frees in error paths of qgroup tests (Filipe Manana) - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (Nathan Huckleberry) - i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (Nam Cao) - i2c: tegra: Allocate DMA memory for DMA engine (Thierry Reding) - firmware: arm_scmi: Cleanup the core driver removal callback (Cristian Marussi) - ACPI: x86: Add another system to quirk list for forcing StorageD3Enable (Mario Limonciello) - NFSv4: Retry LOCK on OLD_STATEID during delegation return (Benjamin Coddington) - btrfs: raid56: properly handle the error when unable to find the missing stripe (Qu Wenruo) - RDMA/efa: Add EFA 0xefa2 PCI ID (Michael Margolin) - ACPI: scan: Add LATT2021 to acpi_ignore_dep_ids[] (Hans de Goede) - drm/amd/display: Remove wrong pipe control lock (Rodrigo Siqueira) - ASoC: rt1308-sdw: add the default value of some registers (Shuming Fan) - selftests/intel_pstate: fix build for ARCH=x86_64 (Ricardo Canuelo) - selftests/futex: fix build for clang (Ricardo Canuelo) - ASoC: Intel: sof_sdw: add quirk variant for LAPBC710 NUC15 (Pierre-Louis Bossart) - ASoC: codecs: jz4725b: fix capture selector naming (Siarhei Volkau) - ASoC: codecs: jz4725b: use right control for Capture Volume (Siarhei Volkau) - ASoC: codecs: jz4725b: fix reported volume for Master ctl (Siarhei Volkau) - ASoC: codecs: jz4725b: add missed Line In power control bit (Siarhei Volkau) - spi: intel: Fix the offset to get the 64K erase opcode (Mauro Lima) - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (Xiaolei Wang) - ASoC: rt1019: Fix the TDM settings (Derek Fang) - ASoC: mt6660: Keep the pm_runtime enables before component stuff in mt6660_i2c_probe (Zhang Qilong) - ASoC: wm8997: Revert 'ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe' (Zhang Qilong) - ASoC: wm5110: Revert 'ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe' (Zhang Qilong) - ASoC: wm5102: Revert 'ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe' (Zhang Qilong) - LTS version: v5.15.79 (Jack Vogel) - x86/cpu: Restore AMD's DE_CFG MSR after resume (Borislav Petkov) - net: tun: call napi_schedule_prep() to ensure we own a napi (Eric Dumazet) - drm/amdkfd: Migrate in CPU page fault use current mm (Philip Yang) - marvell: octeontx2: build error: unknown type name 'u64' (Anders Roxell) - dmaengine: at_hdmac: Check return code of dma_async_device_register (Tudor Ambarus) - dmaengine: at_hdmac: Fix impossible condition (Tudor Ambarus) - dmaengine: at_hdmac: Don't allow CPU to reorder channel enable (Tudor Ambarus) - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (Tudor Ambarus) - dmaengine: at_hdmac: Fix descriptor handling when issuing it to hardware (Tudor Ambarus) - dmaengine: at_hdmac: Fix concurrency over the active list (Tudor Ambarus) - dmaengine: at_hdmac: Free the memset buf without holding the chan lock (Tudor Ambarus) - dmaengine: at_hdmac: Fix concurrency over descriptor (Tudor Ambarus) - dmaengine: at_hdmac: Fix concurrency problems by removing atc_complete_all() (Tudor Ambarus) - dmaengine: at_hdmac: Protect atchan->status with the channel lock (Tudor Ambarus) - dmaengine: at_hdmac: Do not call the complete callback on device_terminate_all (Tudor Ambarus) - dmaengine: at_hdmac: Fix premature completion of desc in issue_pending (Tudor Ambarus) - dmaengine: at_hdmac: Start transfer for cyclic channels in issue_pending (Tudor Ambarus) - dmaengine: at_hdmac: Don't start transactions at tx_submit level (Tudor Ambarus) - dmaengine: at_hdmac: Fix at_lli struct definition (Tudor Ambarus) - cert host tools: Stop complaining about deprecated OpenSSL functions (Linus Torvalds) - can: j1939: j1939_send_one(): fix missing CAN header initialization (Oliver Hartkopp) - mm/shmem: use page_mapping() to detect page cache for uffd continue (Peter Xu) - mm/memremap.c: map FS_DAX device memory as decrypted (Pankaj Gupta) - mm/damon/dbgfs: check if rm_contexts input is for a real context (SeongJae Park) - udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (ZhangPeng) - mms: sdhci-esdhc-imx: Fix SDHCI_RESET_ALL for CQHCI (Brian Norris) - btrfs: zoned: initialize device's zone info for seeding (Johannes Thumshirn) - btrfs: selftests: fix wrong error check in btrfs_free_dummy_root() (Zhang Xiaoxu) - btrfs: fix match incorrectly in dev_args_match_device (Liu Shixin) - wifi: ath11k: avoid deadlock during regulatory update in ath11k_regd_update() (Wen Gong) - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (Jorge Lopez) - drm/amdgpu: disable BACO on special BEIGE_GOBY card (Guchun Chen) - drm/i915/dmabuf: fix sg_table handling in map_dma_buf (Matthew Auld) - nilfs2: fix use-after-free bug of ns_writer on remount (Ryusuke Konishi) - nilfs2: fix deadlock in nilfs_count_free_blocks() (Ryusuke Konishi) - ata: libata-scsi: fix SYNCHRONIZE CACHE (16) command failure (Shin'ichiro Kawasaki) - vmlinux.lds.h: Fix placement of '.data..decrypted' section (Nathan Chancellor) - ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (Jussi Laako) - ALSA: usb-audio: Add quirk entry for M-Audio Micro (Takashi Iwai) - ALSA: usb-audio: Yet more regression for for the delayed card registration (Takashi Iwai) - ALSA: hda/realtek: Add Positivo C6300 model quirk (Edson Juliano Drosdeck) - ALSA: hda: fix potential memleak in 'add_widget_node' (Ye Bin) - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (Xian Wang) - ALSA: hda/hdmi - enable runtime pm for more AMD display audio (Evan Quan) - mmc: sdhci-esdhc-imx: use the correct host caps for MMC_CAP_8_BIT_DATA (Haibo Chen) - mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI (Brian Norris) - mmc: sdhci_am654: Fix SDHCI_RESET_ALL for CQHCI (Brian Norris) - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (Brian Norris) - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (Brian Norris) - MIPS: jump_label: Fix compat branch range check (Jiaxun Yang) - arm64: efi: Fix handling of misaligned runtime regions and drop warning (Ard Biesheuvel) - riscv: fix reserved memory setup (Conor Dooley) - riscv: vdso: fix build with llvm (Jisheng Zhang) - riscv: process: fix kernel info leakage (Jisheng Zhang) - net: macvlan: fix memory leaks of macvlan_common_newlink (Chuang Wang) - ethernet: tundra: free irq when alloc ring failed in tsi108_open() (Zhengchao Shao) - net: mv643xx_eth: disable napi when init rxq or txq failed in mv643xx_eth_open() (Zhengchao Shao) - ethernet: s2io: disable napi when start nic failed in s2io_card_up() (Zhengchao Shao) - net: atlantic: macsec: clear encryption keys from the stack (Antoine Tenart) - net: phy: mscc: macsec: clear encryption keys when freeing a flow (Antoine Tenart) - stmmac: dwmac-loongson: fix missing of_node_put() while module exiting (Yang Yingliang) - stmmac: dwmac-loongson: fix missing pci_disable_device() in loongson_dwmac_probe() (Yang Yingliang) - stmmac: dwmac-loongson: fix missing pci_disable_msi() while module exiting (Yang Yingliang) - cxgb4vf: shut down the adapter when t4vf_update_port_info() failed in cxgb4vf_open() (Zhengchao Shao) - mctp: Fix an error handling path in mctp_init() (Wei Yongjun) - stmmac: intel: Update PCH PTP clock rate from 200MHz to 204.8MHz (Tan, Tee Min) - stmmac: intel: Enable 2.5Gbps for Intel AlderLake-S (Wong Vee Khee) - net: cxgb3_main: disable napi when bind qsets failed in cxgb_up() (Zhengchao Shao) - net: cpsw: disable napi in cpsw_ndo_open() (Zhengchao Shao) - net/mlx5e: E-Switch, Fix comparing termination table instance (Roi Dayan) - net/mlx5: Allow async trigger completion execution on single CPU systems (Roy Novich) - net/mlx5: Bridge, verify LAG state when adding bond to bridge (Vlad Buslov) - net: wwan: iosm: fix memory leak in ipc_pcie_read_bios_cfg (M Chetan Kumar) - net: nixge: disable napi when enable interrupts failed in nixge_open() (Zhengchao Shao) - net: marvell: prestera: fix memory leak in prestera_rxtx_switch_init() (Zhengchao Shao) - netfilter: Cleanup nft_net->module_list from nf_tables_exit_net() (Shigeru Yoshida) - netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg() (Ziyang Xuan) - perf tools: Add the include/perf/ directory to .gitignore (Donglin Peng) - perf stat: Fix printing os->prefix in CSV metrics output (Athira Rajeev) - drivers: net: xgene: disable napi when register irq failed in xgene_enet_open() (Zhengchao Shao) - net: lapbether: fix issue of invalid opcode in lapbeth_open() (Zhengchao Shao) - dmaengine: ti: k3-udma-glue: fix memory leak when register device fail (Yang Yingliang) - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (Christophe JAILLET) - dmaengine: pxa_dma: use platform_get_irq_optional (Doug Brown) - tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header (Xin Long) - net: broadcom: Fix BCMGENET Kconfig (YueHaibing) - net: stmmac: dwmac-meson8b: fix meson8b_devm_clk_prepare_enable() (Rasmus Villemoes) - can: af_can: fix NULL pointer dereference in can_rx_register() (Zhengchao Shao) - ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network (Alexander Potapenko) - tcp: prohibit TCP_REPAIR_OPTIONS if data was already sent (Lu Wei) - drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (Yuan Can) - net: wwan: mhi: fix memory leak in mhi_mbim_dellink (HW He) - net: wwan: iosm: fix memory leak in ipc_wwan_dellink (HW He) - hamradio: fix issue of dev reference count leakage in bpq_device_event() (Zhengchao Shao) - net: lapbether: fix issue of dev reference count leakage in lapbeth_device_event() (Zhengchao Shao) - KVM: s390: pv: don't allow userspace to set the clock under PV (Nico Boehr) - phy: ralink: mt7621-pci: add sentinel to quirks table (John Thomson) - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (Gaosheng Cui) - net: fman: Unregister ethernet device on removal (Sean Anderson) - bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer (Alex Barba) - bnxt_en: Fix possible crash in bnxt_hwrm_set_coal() (Michael Chan) - net: tun: Fix memory leaks of napi_get_frags (Wang Yufen) - octeontx2-pf: NIX TX overwrites SQ_CTX_HW_S[SQ_INT] (Ratheesh Kannoth) - octeontx2-pf: Use hardware register for CQE count (Geetha sowjanya) - macsec: clear encryption keys from the stack after setting up offload (Sabrina Dubroca) - macsec: fix detection of RXSCs when toggling offloading (Sabrina Dubroca) - macsec: fix secy->n_rx_sc accounting (Sabrina Dubroca) - macsec: delete new rxsc when offload fails (Sabrina Dubroca) - net: gso: fix panic on frag_list with mixed head alloc types (Jiri Benc) - bpf: Fix wrong reg type conversion in release_reference() (Youlin Li) - bpf: Add helper macro bpf_for_each_reg_in_vstate (Kumar Kartikeya Dwivedi) - bpf, sock_map: Move cancel_work_sync() out of sock lock (Cong Wang) - bpf: Fix sockmap calling sleepable function in teardown path (John Fastabend) - bpf, sockmap: Fix sk->sk_forward_alloc warn_on in sk_stream_kill_queues (Wang Yufen) - HID: hyperv: fix possible memory leak in mousevsc_probe() (Yang Yingliang) - bpftool: Fix NULL pointer dereference when pin {PROG, MAP, LINK} without FILE (Pu Lehui) - wifi: mac80211: Set TWT Information Frame Disabled bit as 1 (Howard Hsu) - bpf, sockmap: Fix the sk->sk_forward_alloc warning of sk_stream_kill_queues (Wang Yufen) - bpf, verifier: Fix memory leak in array reallocation for stack state (Kees Cook) - soundwire: qcom: check for outanding writes before doing a read (Srinivas Kandagatla) - soundwire: qcom: reinit broadcast completion (Srinivas Kandagatla) - wifi: cfg80211: fix memory leak in query_regdb_file() (Arend van Spriel) - wifi: cfg80211: silence a sparse RCU warning (Johannes Berg) - phy: stm32: fix an error code in probe (Dan Carpenter) - hwspinlock: qcom: correct MMIO max register for newer SoCs (Krzysztof Kozlowski) - drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram() (Yang Li) - drm/amdkfd: handle CPU fault on COW mapping (Philip Yang) - drm/amdkfd: avoid recursive lock in migrations back to RAM (Alex Sierra) - fuse: fix readdir cache race (Miklos Szeredi) - thunderbolt: Add DP OUT resource when DP tunnel is discovered (Sanjay R Mehta) - thunderbolt: Tear down existing tunnels when resuming from hibernate (Mika Westerberg) - LTS version: v5.15.78 (Jack Vogel) - wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker() (Dokyung Song) - drm/i915/sdvo: Setup DDC fully before output init (Ville Syrjala) - drm/i915/sdvo: Filter out invalid outputs more sensibly (Ville Syrjala) - drm/rockchip: dsi: Force synchronous probe (Brian Norris) - drm/rockchip: dsi: Clean up 'usage_mode' when failing to attach (Brian Norris) - cifs: fix regression in very old smb1 mounts (Ronnie Sahlberg) - ext4,f2fs: fix readahead of verity data (Matthew Wilcox (Oracle)) - tee: Fix tee_shm_register() for kernel TEE drivers (Sumit Garg) - KVM: x86: emulator: update the emulation mode after CR0 write (Maxim Levitsky) - KVM: x86: emulator: update the emulation mode after rsm (Maxim Levitsky) - KVM: x86: emulator: introduce emulator_recalc_and_set_mode (Maxim Levitsky) - KVM: x86: emulator: em_sysexit should update ctxt->mode (Maxim Levitsky) - KVM: arm64: Fix bad dereference on MTE-enabled systems (Ryan Roberts) - KVM: VMX: fully disable SGX if SECONDARY_EXEC_ENCLS_EXITING unavailable (Emanuele Giuseppe Esposito) - KVM: x86: Mask off reserved bits in CPUID.8000001FH (Jim Mattson) - KVM: x86: Mask off reserved bits in CPUID.80000001H (Jim Mattson) - KVM: x86: Mask off reserved bits in CPUID.80000008H (Jim Mattson) - KVM: x86: Mask off reserved bits in CPUID.8000001AH (Jim Mattson) - KVM: x86: Mask off reserved bits in CPUID.80000006H (Jim Mattson) - x86/syscall: Include asm/ptrace.h in syscall_wrapper header (Jiri Olsa) - ext4: fix BUG_ON() when directory entry has invalid rec_len (Luis Henriques) - ext4: fix warning in 'ext4_da_release_space' (Ye Bin) - parisc: Avoid printing the hardware path twice (Helge Deller) - parisc: Export iosapic_serial_irq() symbol for serial port driver (Helge Deller) - parisc: Make 8250_gsc driver dependend on CONFIG_PARISC (Helge Deller) - perf/x86/intel: Fix pebs event constraints for SPR (Kan Liang) - perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes[] (Kan Liang) - perf/x86/intel: Fix pebs event constraints for ICL (Kan Liang) - arm64: entry: avoid kprobe recursion (Mark Rutland) - efi: random: Use 'ACPI reclaim' memory for random seed (Ard Biesheuvel) - efi: random: reduce seed size to 32 bytes (Ard Biesheuvel) - fuse: add file_modified() to fallocate (Miklos Szeredi) - capabilities: fix potential memleak on error path from vfs_getxattr_alloc() (Gaosheng Cui) - tracing/histogram: Update document for KEYS_MAX size (Zheng Yejian) - tools/nolibc/string: Fix memcmp() implementation (Rasmus Villemoes) - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (Steven Rostedt (Google)) - kprobe: reverse kp->flags when arm_kprobe failed (Li Qiang) - tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd() (Shang XiaoJing) - tcp/udp: Make early_demux back namespacified. (Kuniyuki Iwashima) - ftrace: Fix use-after-free for dynamic ftrace_ops (Li Huafei) - btrfs: fix type of parameter generation in btrfs_get_dentry (David Sterba) - btrfs: fix tree mod log mishandling of reallocated nodes (Josef Bacik) - btrfs: fix lost file sync on direct IO write with nowait and dsync iocb (Filipe Manana) - fscrypt: fix keyring memory leak on mount failure (Eric Biggers) - fscrypt: stop using keyrings subsystem for fscrypt_master_key (Eric Biggers) - af_unix: Fix memory leaks of the whole sk due to OOB skb. (Kuniyuki Iwashima) - block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (Yu Kuai) - Bluetooth: L2CAP: Fix attempting to access uninitialized memory (Luiz Augusto von Dentz) {CVE-2022-42895} - Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (Luiz Augusto von Dentz) {CVE-2022-42896} - i2c: piix4: Fix adapter not be removed in piix4_remove() (Chen Zhongjin) - arm64: dts: juno: Add thermal critical trip points (Cristian Marussi) - firmware: arm_scmi: Fix devres allocation device in virtio transport (Cristian Marussi) - firmware: arm_scmi: Make Rx chan_setup fail on memory errors (Cristian Marussi) - firmware: arm_scmi: Suppress the driver's bind attributes (Cristian Marussi) - block: Fix possible memory leak for rq_wb on add_disk failure (Chen Zhongjin) - arm64: dts: ls208xa: specify clock frequencies for the MDIO controllers (Ioana Ciornei) - arm64: dts: ls1088a: specify clock frequencies for the MDIO controllers (Ioana Ciornei) - arm64: dts: lx2160a: specify clock frequencies for the MDIO controllers (Ioana Ciornei) - arm64: dts: imx8: correct clock order (Peng Fan) - ARM: dts: imx6qdl-gw59{10,13}: fix user pushbutton GPIO offset (Tim Harvey) - clk: qcom: Update the force mem core bit for GPU clocks (Taniya Das) - efi/tpm: Pass correct address to memblock_reserve (Jerry Snitselaar) - i2c: xiic: Add platform module alias (Martin Tuma) - drm/amdgpu: set vm_update_mode=0 as default for Sienna Cichlid in SRIOV case (Danijel Slivka) - HID: saitek: add madcatz variant of MMO7 mouse device ID (Samuel Bailey) - scsi: core: Restrict legal sdev_state transitions via sysfs (Uday Shankar) - ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init() (Ashish Kalra) - media: v4l: subdev: Fail graciously when getting try data for NULL state (Sakari Ailus) - media: meson: vdec: fix possible refcount leak in vdec_probe() (Hangyu Hua) - media: dvb-frontends/drxk: initialize err to 0 (Hans Verkuil) - media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE (Hans Verkuil) - media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (Hans Verkuil) - media: rkisp1: Zero v4l2_subdev_format fields in when validating links (Laurent Pinchart) - media: rkisp1: Use correct macro for gradient registers (Laurent Pinchart) - media: rkisp1: Initialize color space on resizer sink and source pads (Laurent Pinchart) - media: rkisp1: Don't pass the quantization to rkisp1_csm_config() (Laurent Pinchart) - s390/cio: fix out-of-bounds access on cio_ignore free (Peter Oberparleiter) - s390/cio: derive cdev information only for IO-subchannels (Vineeth Vijayan) - s390/boot: add secure boot trailer (Peter Oberparleiter) - s390/uaccess: add missing EX_TABLE entries to __clear_user() (Heiko Carstens) - mtd: parsers: bcm47xxpart: Fix halfblock reads (Linus Walleij) - mtd: parsers: bcm47xxpart: print correct offset on read error (Rafal Milecki) - fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards (Helge Deller) - video/fbdev/stifb: Implement the stifb_fillrect() function (Helge Deller) - drm/msm/hdmi: fix IRQ lifetime (Johan Hovold) - drm/msm/hdmi: Remove spurious IRQF_ONESHOT flag (Daniel Thompson) - vsock: fix possible infinite sleep in vsock_connectible_wait_data() (Dexuan Cui) - ipv6: fix WARNING in ip6_route_net_exit_late() (Zhengchao Shao) - net, neigh: Fix null-ptr-deref in neigh_table_clear() (Chen Zhongjin) - net/smc: Fix possible leaked pernet namespace in smc_init() (Chen Zhongjin) - stmmac: dwmac-loongson: fix invalid mdio_node (Liu Peibao) - ibmvnic: Free rwi on reset success (Nick Child) - net: mdio: fix undefined behavior in bit shift for __mdiobus_register (Gaosheng Cui) - Bluetooth: L2CAP: Fix memory leak in vhci_write (Hawkins Jiawei) - Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del() (Zhengchao Shao) - Bluetooth: virtio_bt: Use skb_put to set length (Soenke Huster) - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (Maxim Mikityanskiy) - netfilter: ipset: enforce documented limit to prevent allocating huge memory (Jozsef Kadlecsik) - btrfs: fix ulist leaks in error paths of qgroup self tests (Filipe Manana) - btrfs: fix inode list leak during backref walking at find_parent_nodes() (Filipe Manana) - btrfs: fix inode list leak during backref walking at resolve_indirect_refs() (Filipe Manana) - isdn: mISDN: netjet: fix wrong check of device registration (Yang Yingliang) - mISDN: fix possible memory leak in mISDN_register_device() (Yang Yingliang) - rose: Fix NULL pointer dereference in rose_send_frame() (Zhang Qilong) - ipvs: fix WARNING in ip_vs_app_net_cleanup() (Zhengchao Shao) - ipvs: fix WARNING in __ip_vs_cleanup_batch() (Zhengchao Shao) - ipvs: use explicitly signed chars (Jason A. Donenfeld) - netfilter: nf_tables: release flow rule object from commit path (Pablo Neira Ayuso) - netfilter: nf_tables: netlink notifier might race to release objects (Pablo Neira Ayuso) - net: tun: fix bugs for oversize packet when napi frags enabled (Ziyang Xuan) - net: sched: Fix use after free in red_enqueue() (Dan Carpenter) - ata: pata_legacy: fix pdc20230_set_piomode() (Sergey Shtylyov) - net: fec: fix improper use of NETDEV_TX_BUSY (Zhang Changzhong) - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (Shang XiaoJing) - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (Shang XiaoJing) - nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (Shang XiaoJing) - nfc: fdp: Fix potential memory leak in fdp_nci_send() (Shang XiaoJing) - net: dsa: fall back to default tagger if we can't load the one from DT (Vladimir Oltean) - RDMA/qedr: clean up work queue on failure in qedr_alloc_resources() (Dan Carpenter) - RDMA/core: Fix null-ptr-deref in ib_core_cleanup() (Chen Zhongjin) - net: dsa: Fix possible memory leaks in dsa_loop_init() (Chen Zhongjin) - nfs4: Fix kmemleak when allocate slot failed (Zhang Xiaoxu) - NFSv4.2: Fixup CLONE dest file size for zero-length count (Benjamin Coddington) - SUNRPC: Fix null-ptr-deref when xps sysfs alloc failed (Zhang Xiaoxu) - NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot (Trond Myklebust) - NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (Trond Myklebust) - NFSv4: Fix a potential state reclaim deadlock (Trond Myklebust) - RDMA/hns: Disable local invalidate operation (Yangyang Li) - RDMA/hns: Use hr_reg_xxx() instead of remaining roce_set_xxx() (Wenpeng Liang) - RDMA/hns: Remove magic number (Xinhao Liu) - IB/hfi1: Correctly move list in sc_disable() (Dean Luick) - KVM: x86: Add compat handler for KVM_X86_SET_MSR_FILTER (Alexander Graf) - KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter() (Alexander Graf) - KVM: x86: Protect the unused bits in MSR exiting flags (Aaron Lewis) - HID: playstation: add initial DualSense Edge controller support (Roderick Colenbrander) - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (Baolin Wang) - drm/amd/display: explicitly disable psr_feature_enable appropriately (Shirish S) - KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1) (Sean Christopherson) - serial: ar933x: Deassert Transmit Enable on ->rs485_config() (Lukas Wunner) - scsi: lpfc: Rework MIB Rx Monitor debug info logic (James Smart) - scsi: lpfc: Adjust CMF total bytes and rxmonitor (James Smart) - scsi: lpfc: Adjust bytes received vales during cmf timer interval (James Smart) - LTS version: v5.15.77 (Jack Vogel) - tcp/udp: Fix memory leak in ipv6_renew_options(). (Kuniyuki Iwashima) - serial: Deassert Transmit Enable on probe in driver-specific way (Lukas Wunner) - serial: core: move RS485 configuration tasks from drivers into core (Lino Sanfilippo) - can: rcar_canfd: rcar_canfd_handle_global_receive(): fix IRQ storm on global FIFO receive (Biju Das) - can: rcar_canfd: fix channel specific IRQ handling for RZ/G2L (Biju Das) - scsi: sd: Revert 'scsi: sd: Remove a local variable' (Yu Kuai) - arm64: Add AMPERE1 to the Spectre-BHB affected list (D Scott Phillips) - net: enetc: survive memory pressure without crashing (Vladimir Oltean) - kcm: do not sense pfmemalloc status in kcm_sendpage() (Eric Dumazet) - net: do not sense pfmemalloc status in skb_append_pagefrags() (Eric Dumazet) - net/mlx5: Fix crash during sync firmware reset (Suresh Devarakonda) - net/mlx5: Update fw fatal reporter state on PCI handlers successful recover (Roy Novich) - net/mlx5: Print more info on pci error handlers (Saeed Mahameed) - net/mlx5: Fix possible use-after-free in async command interface (Tariq Toukan) - net/mlx5e: Extend SKB room check to include PTP-SQ (Aya Levin) - net/mlx5e: Do not increment ESN when updating IPsec ESN state (Hyong Youb Kim) - netdevsim: remove dir in nsim_dev_debugfs_init() when creating ports dir failed (Zhengchao Shao) - net: broadcom: bcm4908_enet: update TX stats after actual transmission (Rafal Milecki) - net: broadcom: bcm4908enet: remove redundant variable bytes (Colin Ian King) - nh: fix scope used to find saddr when adding non gw nh (Nicolas Dichtel) - net: bcmsysport: Indicate MAC is in charge of PHY PM (Florian Fainelli) - net: ehea: fix possible memory leak in ehea_register_port() (Yang Yingliang) - openvswitch: switch from WARN to pr_warn (Aaron Conole) - ALSA: aoa: Fix I2S device accounting (Takashi Iwai) - ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (Yang Yingliang) - net: ethernet: ave: Fix MAC to be in charge of PHY PM (Kunihiko Hayashi) - net: fec: limit register access on i.MX6UL (Juergen Borleis) - perf vendor events arm64: Fix incorrect Hisi hip08 L3 metrics (Shang XiaoJing) - PM: domains: Fix handling of unavailable/disabled idle states (Sudeep Holla) - net: ksz884x: fix missing pci_disable_device() on error in pcidev_init() (Yang Yingliang) - i40e: Fix flow-type by setting GL_HASH_INSET registers (Slawomir Laba) - i40e: Fix VF hang when reset is triggered on another VF (Sylwester Dziedziuch) - i40e: Fix ethtool rx-flow-hash setting for X722 (Slawomir Laba) - ipv6: ensure sane device mtu in tunnels (Eric Dumazet) - perf vendor events power10: Fix hv-24x7 metric events (Kajol Jain) - media: vivid: set num_in/outputs to 0 if not supported (Hans Verkuil) - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (Hans Verkuil) - media: v4l2-dv-timings: add sanity checks for blanking values (Hans Verkuil) - media: vivid: dev->bitmap_cap wasn't freed in all cases (Hans Verkuil) - media: vivid: s_fbuf: add more sanity checks (Hans Verkuil) - PM: hibernate: Allow hybrid sleep to work with s2idle (Mario Limonciello) - can: mcp251x: mcp251x_can_probe(): add missing unregister_candev() in error path (Dongliang Mu) - can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (Dongliang Mu) - drm/amdkfd: Fix memory leak in kfd_mem_dmamap_userptr() (Rafael Mendonca) - net-memcg: avoid stalls when under memory pressure (Jakub Kicinski) - tcp: fix indefinite deferral of RTO with SACK reneging (Neal Cardwell) - tcp: fix a signed-integer-overflow bug in tcp_add_backlog() (Lu Wei) - tcp: minor optimization in tcp_add_backlog() (Eric Dumazet) - net: lantiq_etop: don't free skb when returning NETDEV_TX_BUSY (Zhang Changzhong) - net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed (Zhengchao Shao) - kcm: annotate data-races around kcm->rx_wait (Eric Dumazet) - kcm: annotate data-races around kcm->rx_psock (Eric Dumazet) - atlantic: fix deadlock at aq_nic_stop (Inigo Huguet) - drm/i915/dp: Reset frl trained flag before restarting FRL training (Ankit Nautiyal) - amd-xgbe: add the bit rate quirk for Molex cables (Raju Rangoju) - amd-xgbe: fix the SFP compliance codes check for DAC cables (Raju Rangoju) - x86/unwind/orc: Fix unreliable stack dump with gcov (Chen Zhongjin) - nfc: virtual_ncidev: Fix memory leak in virtual_nci_send() (Shang XiaoJing) - net: macb: Specify PHY PM management done by MAC (Sergiu Moga) - net: hinic: fix the issue of double release MBOX callback of VF (Zhengchao Shao) - net: hinic: fix the issue of CMDQ memory leaks (Zhengchao Shao) - net: hinic: fix memory leak when reading function table (Zhengchao Shao) - net: hinic: fix incorrect assignment issue in hinic_set_interrupt_cfg() (Zhengchao Shao) - net: netsec: fix error handling in netsec_register_mdio() (Yang Yingliang) - tipc: fix a null-ptr-deref in tipc_topsrv_accept (Xin Long) - perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of clear_cpu_cap() (Maxim Levitsky) - ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() (Yang Yingliang) - ASoC: qcom: lpass-cpu: Mark HDMI TX parity register as volatile (Srinivasa Rao Mandadapu) - mtd: rawnand: intel: Add missing of_node_put() in ebu_nand_probe() (Yang Yingliang) - arc: iounmap() arg is volatile (Randy Dunlap) - sched/core: Fix comparison in sched_group_cookie_match() (Lin Shengwang) - perf: Fix missing SIGTRAPs (Peter Zijlstra) - ASoC: qcom: lpass-cpu: mark HDMI TX registers as volatile (Srinivasa Rao Mandadapu) - KVM: selftests: Fix number of pages for memory slot in memslot_modification_stress_test (Gavin Shan) - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (Nathan Huckleberry) - media: atomisp: prevent integer overflow in sh_css_set_black_frame() (Dan Carpenter) - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (Alexander Stein) - net: ieee802154: fix error return code in dgram_bind() (Wei Yongjun) - ethtool: eeprom: fix null-deref on genl_info in dump (Xin Long) - mmc: block: Remove error check of hw_reset on reset (Christian Lohle) - s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (Heiko Carstens) - s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (Heiko Carstens) - perf auxtrace: Fix address filter symbol name match for modules (Adrian Hunter) - ARC: mm: fix leakage of memory allocated for PTE (Pavel Kozlov) - pinctrl: Ingenic: JZ4755 bug fixes (Siarhei Volkau) - kernfs: fix use-after-free in __kernfs_remove (Christian A. Ehrhardt) - counter: microchip-tcb-capture: Handle Signal1 read and Synapse (William Breathitt Gray) - mmc: sdhci-esdhc-imx: Propagate ESDHC_FLAG_HS400* only on 8bit bus (Sascha Hauer) - mmc: sdhci-pci-core: Disable ES for ASUS BIOS on Jasper Lake (Patrick Thompson) - mmc: core: Fix kernel panic when remove non-standard SDIO card (Matthew Ma) - mmc: sdhci_am654: 'select', not 'depends' REGMAP_MMIO (Brian Norris) - coresight: cti: Fix hang in cti_disable_hw() (James Clark) - drm/msm/dp: fix IRQ lifetime (Johan Hovold) - drm/msm/hdmi: fix memory corruption with too many bridges (Johan Hovold) - drm/msm/dsi: fix memory corruption with too many bridges (Johan Hovold) - drm/amdgpu: disallow gfxoff until GC IP blocks complete s2idle resume (Prike Liang) - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (Manish Rangankar) - mac802154: Fix LQI recording (Miquel Raynal) - exec: Copy oldsighand->action under spin-lock (Bernd Edlinger) - fs/binfmt_elf: Fix memory leak in load_elf_binary() (Li Zetao) - cpufreq: intel_pstate: hybrid: Use known scaling factor for P-cores (Rafael J. Wysocki) - cpufreq: intel_pstate: Read all MSRs on the target CPU (Rafael J. Wysocki) - fbdev: smscufx: Fix several use-after-free bugs (Hyunwoo Kim) - iio: adxl372: Fix unsafe buffer attributes (Matti Vaittinen) - iio: temperature: ltc2983: allocate iio channels once (Cosmin Tanislav) - iio: light: tsl2583: Fix module unloading (Shreeya Patel) - tools: iio: iio_utils: fix digit calculation (Matti Vaittinen) - xhci: Remove device endpoints from bandwidth list when freeing the device (Mathias Nyman) - xhci-pci: Set runtime PM as default policy on all xHC 1.2 or later devices (Mario Limonciello) - xhci: Add quirk to reset host back to default state at shutdown (Mathias Nyman) - mtd: rawnand: marvell: Use correct logic for nand-keep-config (Tony O'Brien) - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (Jens Glathe) - usb: bdc: change state when port disconnected (Justin Chen) - usb: dwc3: gadget: Don't set IMI for no_interrupt (Thinh Nguyen) - usb: dwc3: gadget: Stop processing more requests on IMI (Thinh Nguyen) - usb: gadget: uvc: fix sg handling during video encode (Jeff Vanhoof) - usb: gadget: uvc: fix sg handling in error case (Dan Vacura) - USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (Hannu Hartikainen) - ALSA: rme9652: use explicitly signed char (Jason A. Donenfeld) - ALSA: au88x0: use explicitly signed char (Jason A. Donenfeld) - ALSA: usb-audio: Add quirks for M-Audio Fast Track C400/600 (Takashi Iwai) - ALSA: Use del_timer_sync() before freeing timer (Steven Rostedt (Google)) - can: kvaser_usb: Fix possible completions during init_completion (Anssi Hannula) - can: j1939: transport: j1939_session_skb_drop_old(): spin_unlock_irqrestore() before kfree_skb() (Yang Yingliang) - NFSv4: Add an fattr allocation to _nfs4_discover_trunking() (Scott Mayhew) - NFSv4: Fix free of uninitialized nfs4_label on referral lookup. (Benjamin Coddington) - rds: ib: Enable FC by default (Hakon Bugge) [Orabug: 33930793] - Adding a new sysfs entry point -- forcepower -- to /sys/bus/pci/slots/X. (James Puthukattukaran) [Orabug: 34719459] - nvme: paring quiesce/unquiesce (Ming Lei) [Orabug: 34719459] - nvme: prepare for pairing quiescing and unquiescing (Ming Lei) [Orabug: 34719459] - nvme: apply nvme API to quiesce/unquiesce admin queue (Ming Lei) [Orabug: 34719459] - nvme: add APIs for stopping/starting admin queue (Ming Lei) [Orabug: 34719459] - hugetlbfs: don't delete error page from pagecache (James Houghton) [Orabug: 34772616] - mm: shmem: don't truncate page if memory failure happens (Yang Shi) [Orabug: 34772616] - mm: hwpoison: handle non-anonymous THP correctly (Yang Shi) [Orabug: 34772616] - mm: hwpoison: refactor refcount check handling (Yang Shi) [Orabug: 34772616] - net/rds: Quiesce heartbeat worker in rds_conn_path_destroy() (Sharath Srinivasan) [Orabug: 34815818] - net/rds: Add support for tracing RDS heartbeats (Sharath Srinivasan) [Orabug: 34815818] - net/rds: Enable RDS heartbeat by default (Sharath Srinivasan) [Orabug: 34815818] - uek-rpm: core.list: add VirtualBox guest drivers to core package (Todd Vierling) [Orabug: 34820755] - tools/power turbostat: fix SPR PC6 limits (Artem Bityutskiy) [Orabug: 34838996] - tools/power turbostat: separate SPR from ICX (Artem Bityutskiy) [Orabug: 34838996] - rds: ib: Fix incorrect error handling during QP creation (Hakon Bugge) [Orabug: 34857202] - Revert 'random: clear fast pool, crng, and batches in cpuhp bring up' (Somasundaram Krishnasamy) [Orabug: 34850847] IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-42896 CVE-2022-42895 CVE-2022-4378 Oracle Linux 9 [2.06-46.0.4] - Bump SBAT metadata for grub to 3 [Orabug: 34872719] [2.06-46.0.3] - Fix CVE-2022-2601 and CVE-2022-3775 [Orabug: 34871953] - Enable signing for aarch64 EFI IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-3775 CVE-2022-2601 Oracle Linux 8 Oracle Linux 9 [5.15.0-7.86.6.1] - net/rds: Delegate fan-out to a background worker (Gerd Rausch) [Orabug: 35051226] [5.15.0-7.86.6] - runtime revert of virtio_net: Stripe queue affinities across cores. (Konrad Rzeszutek Wilk) [Orabug: 35001044] - rds: ib: Make sure messages that errors out also get unmapped (Hakon Bugge) [Orabug: 35015598] - Ignore hot plug events when force powering off a device (James Puthukattukaran) [Orabug: 35015761] - mptcp: UEK: disable mptcp protocol (Jack Vogel) [Orabug: 34821286] [5.15.0-7.86.5] - uek-rpm: Enable HP watchdog for aarch64 (Saeed Mirzamohammadi) [Orabug: 34902069] - watchdog/hpwdt: Include nmi.h only if CONFIG_HPWDT_NMI_DECODING (Jerry Hoemann) [Orabug: 34902069] - watchdog/hpwdt: Enable HP_WATCHDOG for ARM64 systems. (Jerry Hoemann) [Orabug: 34902069] - Revert 'selftests/bpf: Add test for unstable CT lookup API' (Alan Maguire) [Orabug: 34951842] - uek-rpm: config-x86-64*: enable CONFIG_MT7921E (Todd Vierling) [Orabug: 34970472] - netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits (Pablo Neira Ayuso) [Orabug: 34978152] {CVE-2023-0179} - perf/x86/rapl: Use standard Energy Unit for SPR Dram RAPL domain (Zhang Rui) [Orabug: 34978296] - powercap: intel_rapl: support new layout of Psys PowerLimit Register on SPR (Zhang Rui) [Orabug: 34978296] - uek: kabi: enable aarch64 kABI checking (Saeed Mirzamohammadi) [Orabug: 34339132] [5.15.0-7.86.4] - net/rds: Fill in rds_exthdr_size gaps (Gerd Rausch) [Orabug: 34979170] - Revert 'uek: kabi: enable aarch64 kABI checking' (Jack Vogel) - Revert 'uek-rpm: Disable kABI checking for aarch64 64k builds' (Jack Vogel) [5.15.0-7.86.3] - uek-rpm: Disable kABI checking for aarch64 64k builds (Saeed Mirzamohammadi) [Orabug: 34339132] [5.15.0-7.86.2] - net/rds: Trigger rds_send_hs_ping() more than once (Gerd Rausch) [Orabug: 34607844] - Revert 'RDS: TCP: Track peer's connection generation number' (Gerd Rausch) [Orabug: 34700109] - net/rds: Use the first lane until RDS_EXTHDR_NPATHS arrives (Gerd Rausch) [Orabug: 34314502] - net/rds: Kick-start TCP receiver after accept (Gerd Rausch) [Orabug: 34600819] - net/rds: rds_tcp_conn_path_shutdown must not discard messages (Gerd Rausch) [Orabug: 34560700] - net/rds: Encode cp_index in TCP source port (Gerd Rausch) [Orabug: 34556036] - uek: kabi: enable aarch64 kABI checking (Saeed Mirzamohammadi) [Orabug: 34339132] - uek-rpm: Disable Promise SuperTrak EX series storage controllers (Somasundaram Krishnasamy) [Orabug: 34670747] - uek-rpm: ol9: Disable CONFIG_IR_MCEUSB from UEK7 OL9. (Harshit Mogalapalli) [Orabug: 34820237] - IB/mlx5: Add a signature check to received EQEs and CQEs (Rohit Nair) [Orabug: 34821073] - rds: ib: Avoid tear-down of caches unless already initialized (Hakon Bugge) [Orabug: 34826403] - KVM: SVM: Fix AVIC GATag to support max number of vCPUs (Suravee Suthikulpanit) [Orabug: 34961703] - Revert 'rds: ib: Enable FC by default' (Hakon Bugge) [Orabug: 34964359] - uek-rpm: Add nft_reject* modules to core rpm. (Somasundaram Krishnasamy) [Orabug: 34970060] - cpufreq: intel_pstate: Support Sapphire Rapids OOB mode (Srinivas Pandruvada) [Orabug: 34961609] [5.15.0-7.86.1] - LTS version: v5.15.86 (Jack Vogel) - pwm: tegra: Fix 32 bit build (Steven Price) - mfd: qcom_rpm: Use devm_of_platform_populate() to simplify code (Christophe JAILLET) - extcon: usbc-tusb320: Call the Type-C IRQ handler only if a port is registered (Yassine Oudjana) - media: dvbdev: fix refcnt bug (Lin Ma) - media: dvbdev: fix build warning due to comments (Lin Ma) - net: stmmac: fix errno when create_singlethread_workqueue() fails (Gaosheng Cui) - scsi: qla2xxx: Fix crash when I/O abort times out (Arun Easi) - btrfs: do not BUG_ON() on ENOMEM when dropping extent items for a range (Filipe Manana) - ovl: fix use inode directly in rcu-walk mode (Chen Zhongjin) - fbdev: fbcon: release buffer when fbcon_do_set_font() failed (Tetsuo Handa) - gcov: add support for checksum field (Rickard x Andersson) - floppy: Fix memory leak in do_floppy_init() (Yuan Can) - regulator: core: fix deadlock on regulator enable (Johan Hovold) - iio: adc128s052: add proper .data members in adc128_of_match table (Rasmus Villemoes) - iio: adc: ad_sigma_delta: do not use internal iio_dev lock (Nuno Sa) - iio: fix memory leak in iio_device_register_eventset() (Zeng Heng) - reiserfs: Add missing calls to reiserfs_security_free() (Roberto Sassu) - security: Restrict CONFIG_ZERO_CALL_USED_REGS to gcc or clang > 15.0.6 (Nathan Chancellor) - 9p: set req refcount to zero to avoid uninitialized usage (Schspa Shi) - loop: Fix the max_loop commandline argument treatment when it is set to 0 (Isaac J. Manjarres) - HID: mcp2221: don't connect hidraw (Enrik Berkhan) - HID: wacom: Ensure bootloader PID is usable in hidraw mode (Jason Gerecke) - xhci: Prevent infinite loop in transaction errors recovery for streams (Mathias Nyman) - usb: dwc3: core: defer probe on ulpi_read_id timeout (Ferry Toth) - usb: dwc3: Fix race between dwc3_set_mode and __dwc3_set_mode (Sven Peter) - arm64: dts: qcom: sm8250: fix USB-DP PHY registers (Johan Hovold) - usb: xhci-mtk: fix leakage of shared hcd when fail to set wakeup irq (Chunfeng Yun) - usb: cdnsp: fix lack of ZLP for ep0 (Pawel Laszczak) - ALSA: hda/hdmi: Add HP Device 0x8711 to force connect list (Jiao Zhou) - ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB (Edward Pacman) - ALSA: usb-audio: add the quirk for KT0206 device (wangdicheng) - ima: Simplify ima_lsm_copy_rule (GUO Zihua) - pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES (John Stultz) - afs: Fix lost servers_outstanding count (David Howells) - perf debug: Set debug_peo_args and redirect_to_stderr variable to correct values in perf_quiet_option() (Yang Jihong) - pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion (John Stultz) - LoadPin: Ignore the 'contents' argument of the LSM hooks (Kees Cook) - drm/i915/display: Don't disable DDI/Transcoder when setting phy test pattern (Khaled Almahallawy) - ASoC: rt5670: Remove unbalanced pm_runtime_put() (Hans de Goede) - ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume() (Wang Jingjin) - ASoC: wm8994: Fix potential deadlock (Marek Szyprowski) - ASoC: mediatek: mt8183: fix refcount leak in mt8183_mt6358_ts3a227_max98357_dev_probe() (Wang Yufen) - ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume() (Wang Jingjin) - ASoC: audio-graph-card: fix refcount leak of cpu_ep in __graph_for_each_link() (Wang Yufen) - ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe() (Wang Yufen) - ASoC: Intel: Skylake: Fix driver hang during shutdown (Cezary Rojewski) - ALSA: hda: add snd_hdac_stop_streams() helper (Pierre-Louis Bossart) - ALSA/ASoC: hda: move/rename snd_hdac_ext_stop_streams to hdac_stream.c (Pierre-Louis Bossart) - hwmon: (jc42) Fix missing unlock on error in jc42_write() (Yang Yingliang) - KVM: selftests: Fix build regression by using accessor function (Tyler Hicks) - tools/include: Add _RET_IP_ and math definitions to kernel.h (Karolina Drobnik) - orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init() (Zhang Xiaoxu) - orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string() (Zhang Xiaoxu) - drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid() (Nathan Chancellor) - drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid() (Nathan Chancellor) - hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param() (Hawkins Jiawei) - scsi: elx: libefc: Fix second parameter type in state callbacks (Nathan Chancellor) - scsi: ufs: Reduce the START STOP UNIT timeout (Bart Van Assche) - scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (Justin Tee) - crypto: hisilicon/hpre - fix resource leak in remove process (Zhiqi Song) - clk: st: Fix memory leak in st_of_quadfs_setup() (Xiu Jianfeng) - media: si470x: Fix use-after-free in si470x_int_in_callback() (Shigeru Yoshida) - mmc: renesas_sdhi: better reset from HS400 mode (Wolfram Sang) - mmc: f-sdh30: Add quirks for broken timeout clock capability (Kunihiko Hayashi) - wifi: mt76: do not run mt76u_status_worker if the device is not running (Lorenzo Bianconi) - regulator: core: fix use_count leakage when handling boot-on (Rui Zhang) - libbpf: Avoid enum forward-declarations in public API in C++ mode (Andrii Nakryiko) - drm/amd/display: Use the largest vready_offset in pipe group (Wesley Chalmers) - blk-mq: fix possible memleak when register 'hctx' failed (Ye Bin) - media: dvb-usb: fix memory leak in dvb_usb_adapter_init() (Mazin Al Haddad) - media: dvbdev: adopts refcnt to avoid UAF (Lin Ma) - media: dvb-frontends: fix leak of memory fw (Yan Lei) - ethtool: avoiding integer overflow in ethtool_phys_id() (Maxim Korotkov) - bpf: Prevent decl_tag from being referenced in func_proto arg (Stanislav Fomichev) - ppp: associate skb with a device at tx (Stanislav Fomichev) - mrp: introduce active flags to prevent UAF when applicant uninit (Schspa Shi) - ipv6/sit: use DEV_STATS_INC() to avoid data-races (Eric Dumazet) - net: add atomic_long_t to net_device_stats fields (Eric Dumazet) - drm/amd/display: fix array index out of bound error in bios parser (Aurabindo Pillai) - md/raid1: stop mdx_raid1 thread when raid1 array run failed (Jiang Li) - drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() (Li Zhong) - drm/mediatek: Fix return type of mtk_hdmi_bridge_mode_valid() (Nathan Chancellor) - drm/sti: Use drm_mode_copy() (Ville Syrjala) - drm/rockchip: Use drm_mode_copy() (Ville Syrjala) - drm/msm: Use drm_mode_copy() (Ville Syrjala) - s390/lcs: Fix return type of lcs_start_xmit() (Nathan Chancellor) - s390/netiucv: Fix return type of netiucv_tx() (Nathan Chancellor) - s390/ctcm: Fix return type of ctc{mp,}m_tx() (Nathan Chancellor) - drm/amdgpu: Fix type of second parameter in odn_edit_dpm_table() callback (Nathan Chancellor) - drm/amdgpu: Fix type of second parameter in trans_msg() callback (Nathan Chancellor) - igb: Do not free q_vector unless new one was allocated (Kees Cook) - wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() (Minsuk Kang) - hamradio: baycom_epp: Fix return type of baycom_send_packet() (Nathan Chancellor) - net: ethernet: ti: Fix return type of netcp_ndo_start_xmit() (Nathan Chancellor) - bpf: make sure skb->len != 0 when redirecting to a tunneling device (Stanislav Fomichev) - qed (gcc13): use u16 for fid to be big enough (Jiri Slaby (SUSE)) - Revert 'drm/amd/display: Limit max DSC target bpp for specific monitors' (Hamza Mahfooz) - drm/amd/display: prevent memory leak (gehao) - ipmi: fix memleak when unload ipmi driver (Zhang Yuchen) - ASoC: codecs: rt298: Add quirk for KBL-R RVP platform (Amadeusz Slawinski) - wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out (Shigeru Yoshida) - wifi: ath9k: verify the expected usb_endpoints are present (Fedor Pchelkin) - brcmfmac: return error when getting invalid max_flowrings from dongle (Wright Feng) - media: imx-jpeg: Disable useless interrupt to avoid kernel panic (Ming Qian) - drm/etnaviv: add missing quirks for GC300 (Doug Brown) - hfs: fix OOB Read in __hfs_brec_find (ZhangPeng) - acct: fix potential integer overflow in encode_comp_t() (Zheng Yejian) - nilfs2: fix shift-out-of-bounds due to too large exponent of block size (Ryusuke Konishi) - nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset() (Ryusuke Konishi) - ACPICA: Fix error code path in acpi_ds_call_control_method() (Rafael J. Wysocki) - fs: jfs: fix shift-out-of-bounds in dbDiscardAG (Hoi Pok Wu) - jfs: Fix fortify moan in symlink (Dr. David Alan Gilbert) - udf: Avoid double brelse() in udf_rename() (Shigeru Yoshida) - fs: jfs: fix shift-out-of-bounds in dbAllocAG (Dongliang Mu) - binfmt_misc: fix shift-out-of-bounds in check_special_flags (Liu Shixin) - x86/hyperv: Remove unregister syscore call from Hyper-V cleanup (Gaurav Kohli) - video: hyperv_fb: Avoid taking busy spinlock on panic path (Guilherme G. Piccoli) - arm64: make is_ttbrX_addr() noinstr-safe (Mark Rutland) - rcu: Fix __this_cpu_read() lockdep warning in rcu_force_quiescent_state() (Zqiang) - HID: amd_sfh: Add missing check for dma_alloc_coherent (Jiasheng Jiang) - net: stream: purge sk_error_queue in sk_stream_kill_queues() (Eric Dumazet) - myri10ge: Fix an error handling path in myri10ge_probe() (Christophe JAILLET) - rxrpc: Fix missing unlock in rxrpc_do_sendmsg() (David Howells) - net_sched: reject TCF_EM_SIMPLE case for complex ematch module (Cong Wang) - mailbox: zynq-ipi: fix error handling while device_register() fails (Yang Yingliang) - mailbox: arm_mhuv2: Fix return value check in mhuv2_probe() (Yang Yingliang) - mailbox: mpfs: read the system controller's status (Conor Dooley) - skbuff: Account for tail adjustment during pull operations (Subash Abhinov Kasiviswanathan) - arm64: dts: mt8183: Fix Mali GPU clock (Chen-Yu Tsai) - soc: mediatek: pm-domains: Fix the power glitch issue (Chun-Jie Chen) - openvswitch: Fix flow lookup to use unmasked key (Eelco Chaudron) - selftests: devlink: fix the fd redirect in dummy_reporter_test (Jakub Kicinski) - rtc: mxc_v2: Add missing clk_disable_unprepare() (GUO Zihua) - igc: Set Qbv start_time and end_time to end_time if not being configured in GCL (Tan Tee Min) - igc: Lift TAPRIO schedule restriction (Kurt Kanzenbach) - igc: recalculate Qbv end_time by considering cycle time (Tan Tee Min) - igc: allow BaseTime 0 enrollment for Qbv (Tan Tee Min) - igc: Add checking for basetime less than zero (Muhammad Husaini Zulkifli) - igc: Use strict cycles for Qbv scheduling (Vinicius Costa Gomes) - igc: Enhance Qbv scheduling by using first flag bit (Vinicius Costa Gomes) - r6040: Fix kmemleak in probe and remove (Li Zetao) - unix: Fix race in SOCK_SEQPACKET's unix_dgram_sendmsg() (Kirill Tkhai) - nfc: pn533: Clear nfc_target before being used (Minsuk Kang) - net: enetc: avoid buffer leaks on xdp_do_redirect() failure (Vladimir Oltean) - selftests/bpf: Add test for unstable CT lookup API (Kumar Kartikeya Dwivedi) - block, bfq: fix possible uaf for 'bfqq->bic' (Yu Kuai) - mISDN: hfcmulti: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - mISDN: hfcpci: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - mISDN: hfcsusb: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - net: macsec: fix net device access prior to holding a lock (Emeel Hakim) - nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (Dan Aloni) - rtc: pcf85063: fix pcf85063_clkout_control (Alexandre Belloni) - rtc: pic32: Move devm_rtc_allocate_device earlier in pic32_rtc_probe() (Gaosheng Cui) - rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe() (Gaosheng Cui) - netfilter: flowtable: really fix NAT IPv6 offload (Qingfang DENG) - mfd: pm8008: Fix return value check in pm8008_probe() (Yang Yingliang) - mfd: pm8008: Remove driver data structure pm8008_data (Lee Jones) - mfd: qcom_rpm: Fix an error handling path in qcom_rpm_probe() (Christophe JAILLET) - mfd: bd957x: Fix Kconfig dependency on REGMAP_IRQ (Matti Vaittinen) - powerpc/pseries/eeh: use correct API for error log size (Nathan Lynch) - powerpc/eeh: Drop redundant spinlock initialization (Haowen Bai) - remoteproc: qcom: q6v5: Fix missing clk_disable_unprepare() in q6v5_wcss_qcs404_power_on() (Shang XiaoJing) - remoteproc: qcom_q6v5_pas: Fix missing of_node_put() in adsp_alloc_memory_region() (Yuan Can) - remoteproc: qcom_q6v5_pas: detach power domains on remove (Luca Weiss) - remoteproc: qcom_q6v5_pas: disable wakeup on probe fail or remove (Luca Weiss) - remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5_wcss_init_mmio() (Shang XiaoJing) - remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev() (Gaosheng Cui) - pwm: mediatek: always use bus clock for PWM on MT7622 (Daniel Golle) - pwm: mtk-disp: Fix the parameters calculated by the enabled flag of disp_pwm (xinlei lee) - pwm: sifive: Call pwm_sifive_update_clock() while mutex is held (Uwe Kleine-Konig) - iommu/sun50i: Remove IOMMU_DOMAIN_IDENTITY (Jason Gunthorpe) - selftests/powerpc: Fix resource leaks (Miaoqian Lin) - powerpc/hv-gpci: Fix hv_gpci event list (Kajol Jain) - powerpc/83xx/mpc832x_rdb: call platform_device_put() in error case in of_fsl_spi_probe() (Yang Yingliang) - powerpc/perf: callchain validate kernel stack pointer bounds (Nicholas Piggin) - powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (Yang Yingliang) - powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds (Gustavo A. R. Silva) - cxl: Fix refcount leak in cxl_calc_capp_routing (Miaoqian Lin) - powerpc/52xx: Fix a resource leak in an error handling path (Christophe JAILLET) - macintosh/macio-adb: check the return value of ioremap() (Xie Shaowen) - macintosh: fix possible memory leak in macio_add_one_device() (Yang Yingliang) - iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe() (Yuan Can) - iommu/amd: Fix pci device refcount leak in ppr_notifier() (Yang Yingliang) - rtc: pcf85063: Fix reading alarm (Alexander Stein) - rtc: snvs: Allow a time difference on clock register read (Stefan Eichenberger) - rtc: cmos: Disable ACPI RTC event on removal (Rafael J. Wysocki) - rtc: cmos: Rename ACPI-related functions (Rafael J. Wysocki) - rtc: cmos: Eliminate forward declarations of some functions (Rafael J. Wysocki) - rtc: cmos: Call rtc_wake_setup() from cmos_do_probe() (Rafael J. Wysocki) - rtc: cmos: Call cmos_wake_setup() from cmos_do_probe() (Rafael J. Wysocki) - rtc: cmos: fix build on non-ACPI platforms (Alexandre Belloni) - rtc: cmos: Fix wake alarm breakage (Rafael J. Wysocki) - rtc: cmos: Fix event handler registration ordering issue (Rafael J. Wysocki) - rtc: rtc-cmos: Do not check ACPI_FADT_LOW_POWER_S0 (Rafael J. Wysocki) - dmaengine: idxd: Fix crc_val field for completion record (Fenghua Yu) - fs/ntfs3: Fix slab-out-of-bounds read in ntfs_trim_fs (Abdun Nihaal) - pwm: tegra: Improve required rate calculation (Jon Hunter) - include/uapi/linux/swab: Fix potentially missing __always_inline (Matt Redfearn) - phy: usb: s2 WoL wakeup_count not incremented for USB->Eth devices (Al Cooper) - iommu/rockchip: fix permission bits in page table entries v2 (Michael Riesch) - iommu/sun50i: Fix flush size (Jernej Skrabec) - iommu/sun50i: Fix R/W permission check (Jernej Skrabec) - iommu/sun50i: Consider all fault sources for reset (Jernej Skrabec) - iommu/sun50i: Fix reset release (Jernej Skrabec) - fs/ntfs3: Harden against integer overflows (Dan Carpenter) - overflow: Implement size_t saturating arithmetic helpers (Kees Cook) - fs/ntfs3: Avoid UBSAN error on true_sectors_per_clst() (Shigeru Yoshida) - RDMA/siw: Fix pointer cast warning (Arnd Bergmann) - perf stat: Do not delay the workload with --delay (Namhyung Kim) - perf stat: Refactor __run_perf_stat() common code (Adrian Herrera Arcila) - power: supply: fix null pointer dereferencing in power_supply_get_battery_info (ruanjinjie) - power: supply: ab8500: Fix error handling in ab8500_charger_init() (Yuan Can) - HSI: omap_ssi_core: Fix error handling in ssi_init() (Yuan Can) - power: supply: z2_battery: Fix possible memleak in z2_batt_probe() (Zhang Qilong) - perf symbol: correction while adjusting symbol (Ajay Kaher) - perf trace: Handle failure when trace point folder is missed (Leo Yan) - perf trace: Use macro RAW_SYSCALL_ARGS_NUM to replace number (Leo Yan) - perf trace: Return error if a system call doesn't exist (Leo Yan) - power: supply: fix residue sysfs file in error handle route of __power_supply_register() (Zeng Heng) - HSI: omap_ssi_core: fix possible memory leak in ssi_probe() (Yang Yingliang) - HSI: omap_ssi_core: fix unbalanced pm_runtime_disable() (Yang Yingliang) - fbdev: uvesafb: Fixes an error handling path in uvesafb_probe() (Christophe JAILLET) - fbdev: uvesafb: don't build on UML (Randy Dunlap) - fbdev: geode: don't build on UML (Randy Dunlap) - fbdev: ep93xx-fb: Add missing clk_disable_unprepare in ep93xxfb_probe() (Gaosheng Cui) - fbdev: vermilion: decrease reference count in error path (Xiongfeng Wang) - fbdev: via: Fix error in via_core_init() (Shang XiaoJing) - fbdev: pm2fb: fix missing pci_disable_device() (Yang Yingliang) - fbdev: ssd1307fb: Drop optional dependency (Andy Shevchenko) - thermal/drivers/qcom/lmh: Fix irq handler return value (Bjorn Andersson) - thermal/drivers/qcom/temp-alarm: Fix inaccurate warning for gen2 (Luca Weiss) - thermal/drivers/imx8mm_thermal: Validate temperature range (Marcus Folkesson) - samples: vfio-mdev: Fix missing pci_disable_device() in mdpy_fb_probe() (Shang XiaoJing) - ksmbd: Fix resource leak in ksmbd_session_rpc_open() (Xiu Jianfeng) - tracing/hist: Fix issue of losting command info in error_log (Zheng Yejian) - usb: storage: Add check for kcalloc (Jiasheng Jiang) - i2c: ismt: Fix an out-of-bounds bug in ismt_access() (Zheyu Ma) - i2c: mux: reg: check return value after calling platform_get_resource() (Yang Yingliang) - gpiolib: protect the GPIO device against being dropped while in use by user-space (Bartosz Golaszewski) - gpiolib: make struct comments into real kernel docs (Bartosz Golaszewski) - gpiolib: cdev: fix NULL-pointer dereferences (Bartosz Golaszewski) - gpiolib: Get rid of redundant 'else' (Andy Shevchenko) - vme: Fix error not catched in fake_init() (Chen Zhongjin) - staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor() (YueHaibing) - staging: rtl8192u: Fix use after free in ieee80211_rx() (Dan Carpenter) - i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe (Hui Tang) - chardev: fix error handling in cdev_device_add() (Yang Yingliang) - mcb: mcb-parse: fix error handing in chameleon_parse_gdd() (Yang Yingliang) - drivers: mcb: fix resource leak in mcb_probe() (Zhengchao Shao) - usb: gadget: f_hid: fix refcount leak on error path (John Keeping) - usb: gadget: f_hid: fix f_hidg lifetime vs cdev (John Keeping) - usb: roles: fix of node refcount leak in usb_role_switch_is_parent() (Yang Yingliang) - coresight: trbe: remove cpuhp instance node before remove cpuhp state (Yang Shen) - counter: stm32-lptimer-cnt: fix the check on arr and cmp registers update (Fabrice Gasnier) - iio: adis: add '__adis_enable_irq()' implementation (Ramona Bolboaca) - iio:imu:adis: Move exports into IIO_ADISLIB namespace (Jonathan Cameron) - iio: adis: stylistic changes (Nuno Sa) - iio: adis: handle devices that cannot unmask the drdy pin (Nuno Sa) - iio: temperature: ltc2983: make bulk write buffer DMA-safe (Cosmin Tanislav) - cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter() (Yang Yingliang) - cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter() (Yang Yingliang) - firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() (Yang Yingliang) - misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os (Zheng Wang) - misc: tifm: fix possible memory leak in tifm_7xx1_switch_media() (ruanjinjie) - ocxl: fix pci device refcount leak when calling get_function_0() (Yang Yingliang) - misc: ocxl: fix possible name leak in ocxl_file_register_afu() (Yang Yingliang) - test_firmware: fix memory leak in test_firmware_init() (Zhengchao Shao) - serial: sunsab: Fix error handling in sunsab_init() (Yuan Can) - serial: altera_uart: fix locking in polling mode (Gabriel Somlo) - tty: serial: altera_uart_{r,t}x_chars() need only uart_port (Jiri Slaby) - tty: serial: clean up stop-tx part in altera_uart_tx_chars() (Jiri Slaby) - serial: pch: Fix PCI device refcount leak in pch_request_dma() (Xiongfeng Wang) - serial: stm32: move dma_request_chan() before clk_prepare_enable() (Valentin Caron) - serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle. (delisun) - serial: amba-pl011: avoid SBSA UART accessing DMACR register (Jiamei Xie) - extcon: usbc-tusb320: Update state on probe even if no IRQ pending (Marek Vasut) - extcon: usbc-tusb320: Add USB TYPE-C support (Marek Vasut) - extcon: usbc-tusb320: Factor out extcon into dedicated functions (Marek Vasut) - usb: typec: Factor out non-PD fwnode properties (Samuel Holland) - extcon: usbc-tusb320: Add support for TUSB320L (Yassine Oudjana) - extcon: usbc-tusb320: Add support for mode setting and reset (Yassine Oudjana) - usb: typec: tipd: Fix spurious fwnode_handle_put in error path (Sven Peter) - usb: typec: tipd: Cleanup resources if devm_tps6598_psy_register fails (Sven Peter) - usb: typec: tcpci: fix of node refcount leak in tcpci_register_port() (Yang Yingliang) - usb: typec: Check for ops->exit instead of ops->enter in altmode_exit (Sven Peter) - staging: vme_user: Fix possible UAF in tsi148_dma_list_add (Gaosheng Cui) - usb: fotg210-udc: Fix ages old endianness issues (Linus Walleij) - uio: uio_dmem_genirq: Fix deadlock between irq config and handling (Rafael Mendonca) - uio: uio_dmem_genirq: Fix missing unlock in irq configuration (Rafael Mendonca) - vfio: platform: Do not pass return buffer to ACPI _RST method (Rafael Mendonca) - class: fix possible memory leak in __class_register() (Yang Yingliang) - serial: 8250_bcm7271: Fix error handling in brcmuart_init() (Yuan Can) - serial: tegra: Read DMA status before terminating (Kartik) - drivers: dio: fix possible memory leak in dio_init() (Yang Yingliang) - RISC-V: Align the shadow stack (Palmer Dabbelt) - IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces (Dragos Tatulea) - hwrng: geode - Fix PCI device refcount leak (Xiongfeng Wang) - hwrng: amd - Fix PCI device refcount leak (Xiongfeng Wang) - crypto: img-hash - Fix variable dereferenced before check 'hdev->req' (Gaosheng Cui) - RDMA/hns: Fix error code of CMD (Chengchang Tang) - RDMA/hns: Fix page size cap from firmware (Chengchang Tang) - RDMA/hns: Fix PBL page MTR find (Chengchang Tang) - RDMA/hns: Fix AH attr queried by query_qp (Chengchang Tang) - orangefs: Fix sysfs not cleanup when dev init failed (Zhang Xiaoxu) - PCI: mt7621: Add sentinel to quirks table (John Thomson) - PCI: mt7621: Rename mt7621_pci_ to mt7621_pcie_ (Bjorn Helgaas) - RDMA/srp: Fix error return code in srp_parse_options() (Wang Yufen) - RDMA/hfi1: Fix error return code in parse_platform_config() (Wang Yufen) - riscv/mm: add arch hook arch_clear_hugepage_flags (Tong Tiangen) - crypto: omap-sham - Use pm_runtime_resume_and_get() in omap_sham_probe() (Shang XiaoJing) - crypto: amlogic - Remove kcalloc without check (Christophe JAILLET) - RDMA/nldev: Fix failure to send large messages (Mark Zhang) - f2fs: avoid victim selection from previous victim section (Yonggil Song) - RDMA/nldev: Add checks for nla_nest_start() in fill_stat_counter_qps() (Yuan Can) - scsi: snic: Fix possible UAF in snic_tgt_create() (Gaosheng Cui) - scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (Chen Zhongjin) - scsi: ipr: Fix WARNING in ipr_init() (Shang XiaoJing) - scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (Yang Yingliang) - scsi: fcoe: Fix possible name leak when device_register() fails (Yang Yingliang) - scsi: scsi_debug: Fix a warning in resp_report_zones() (Harshit Mogalapalli) - scsi: scsi_debug: Fix a warning in resp_verify() (Harshit Mogalapalli) - scsi: efct: Fix possible memleak in efct_device_init() (Chen Zhongjin) - scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (Yang Yingliang) - scsi: hpsa: Fix error handling in hpsa_add_sas_host() (Yang Yingliang) - scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (Yang Yingliang) - padata: Fix list iterator in padata_do_serial() (Daniel Jordan) - padata: Always leave BHs disabled when running ->parallel() (Daniel Jordan) - crypto: tcrypt - Fix multibuffer skcipher speed test mem leak (Zhang Yiqun) - scsi: hpsa: Fix possible memory leak in hpsa_init_one() (Yuan Can) - dt-bindings: visconti-pcie: Fix interrupts array max constraints (Serge Semin) - dt-bindings: imx6q-pcie: Fix clock names for imx6sx and imx8mq (Serge Semin) - RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed (Zhang Xiaoxu) - RDMA/hns: fix memory leak in hns_roce_alloc_mr() (Zhengchao Shao) - crypto: ccree - Make cc_debugfs_global_fini() available for module init function (Uwe Kleine-Konig) - RDMA/hfi: Decrease PCI device reference count in error path (Xiongfeng Wang) - PCI: Check for alloc failure in pci_request_irq() (Zeng Heng) - RDMA/hns: Fix ext_sge num error when post send (Luoyouming) - RDMA/hns: Repacing 'dseg_len' by macros in fill_ext_sge_inl_data() (Luoyouming) - crypto: hisilicon/qm - add missing pci_dev_put() in q_num_set() (Xiongfeng Wang) - crypto: cryptd - Use request context instead of stack for sub-request (Herbert Xu) - crypto: ccree - Remove debugfs when platform_driver_register failed (Gaosheng Cui) - scsi: scsi_debug: Fix a warning in resp_write_scat() (Harshit Mogalapalli) - RDMA/siw: Set defined status for work completion with undefined status (Bernard Metzler) - RDMA/nldev: Return '-EAGAIN' if the cm_id isn't from expected port (Mark Zhang) - RDMA/core: Make sure 'ib_port' is valid when access sysfs node (Mark Zhang) - RDMA/restrack: Release MR restrack when delete (Mark Zhang) - PCI: vmd: Disable MSI remapping after suspend (Nirmal Patel) - IB/mad: Don't call to function that might sleep while in atomic context (Leonid Ravich) - RDMA/siw: Fix immediate work request flush to completion queue (Bernard Metzler) - scsi: qla2xxx: Fix set-but-not-used variable warnings (Bart Van Assche) - RDMA/irdma: Report the correct link speed (Shiraz Saleem) - f2fs: fix to destroy sbi->post_read_wq in error path of f2fs_fill_super() (Chao Yu) - f2fs: fix normal discard process (Dongdong Zhang) - f2fs: fix to invalidate dcc->f2fs_issue_discard in error path (Chao Yu) - apparmor: Fix memleak in alloc_ns() (Xiu Jianfeng) - crypto: rockchip - rework by using crypto_engine (Corentin Labbe) - crypto: rockchip - remove non-aligned handling (Corentin Labbe) - crypto: rockchip - better handle cipher key (Corentin Labbe) - crypto: rockchip - add fallback for ahash (Corentin Labbe) - crypto: rockchip - add fallback for cipher (Corentin Labbe) - crypto: rockchip - do not store mode globally (Corentin Labbe) - crypto: rockchip - do not do custom power management (Corentin Labbe) - f2fs: Fix the race condition of resize flag between resizefs (Zhang Qilong) - PCI: pci-epf-test: Register notifier if only core_init_notifier is enabled (Kunihiko Hayashi) - RDMA/core: Fix order of nldev_exit call (Leon Romanovsky) - PCI: dwc: Fix n_fts[] array overrun (Vidya Sagar) - apparmor: Use pointer to struct aa_label for lbs_cred (Xiu Jianfeng) - scsi: core: Fix a race between scsi_done() and scsi_timeout() (Bart Van Assche) - crypto: nitrox - avoid double free on error path in nitrox_sriov_init() (Natalia Petrova) - crypto: sun8i-ss - use dma_addr instead u32 (Corentin Labbe) - crypto: hisilicon/qm - fix missing destroy qp_idr (Weili Qian) - apparmor: Fix abi check to include v8 abi (John Johansen) - apparmor: fix lockdep warning when removing a namespace (John Johansen) - apparmor: fix a memleak in multi_transaction_new() (Gaosheng Cui) - net: dsa: tag_8021q: avoid leaking ctx on dsa_tag_8021q_register() error path (Vladimir Oltean) - i40e: Fix the inability to attach XDP program on downed interface (Bartosz Staszewski) - stmmac: fix potential division by 0 (Piergiorgio Beruto) - Bluetooth: RFCOMM: don't call kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - Bluetooth: hci_core: don't call kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - Bluetooth: hci_bcsp: don't call kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - Bluetooth: hci_h5: don't call kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - Bluetooth: hci_ll: don't call kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - Bluetooth: hci_qca: don't call kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - Bluetooth: btusb: don't call kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - Bluetooth: btintel: Fix missing free skb in btintel_setup_combined() (Wang ShaoBo) - Bluetooth: MGMT: Fix error report for ADD_EXT_ADV_PARAMS (Inga Stotland) - sctp: sysctl: make extra pointers netns aware (Firo Yang) - ntb_netdev: Use dev_kfree_skb_any() in interrupt context (Eric Pilmore) - net: lan9303: Fix read error execution path (Jerry Ray) - can: tcan4x5x: Fix use of register error status mask (Markus Schneider-Pargmann) - can: m_can: Call the RAM init directly from m_can_chip_config (Vivek Yadav) - can: tcan4x5x: Remove invalid write in clear_interrupts (Markus Schneider-Pargmann) - net: amd-xgbe: Check only the minimum speed for active/passive cables (Tom Lendacky) - net: amd-xgbe: Fix logic around active and passive cables (Tom Lendacky) - af_unix: call proto_unregister() in the error path in af_unix_init() (Yang Yingliang) - net: amd: lance: don't call dev_kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - hamradio: don't call dev_kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - net: ethernet: dnet: don't call dev_kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - net: emaclite: don't call dev_kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - net: apple: bmac: don't call dev_kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - net: apple: mace: don't call dev_kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - net/tunnel: wait until all sk_user_data reader finish before releasing the sock (Hangbin Liu) - net: farsync: Fix kmemleak when rmmods farsync (Li Zetao) - ethernet: s2io: don't call dev_kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - of: overlay: fix null pointer dereferencing in find_dup_cset_node_entry() and find_dup_cset_prop() (ruanjinjie) - drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init() (Yuan Can) - net: stmmac: fix possible memory leak in stmmac_dvr_probe() (Gaosheng Cui) - net: stmmac: selftests: fix potential memleak in stmmac_test_arpoffload() (Zhang Changzhong) - net: defxx: Fix missing err handling in dfx_init() (Yongqiang Liu) - net: vmw_vsock: vmci: Check memcpy_from_msg() (Artem Chernyshev) - clk: socfpga: Fix memory leak in socfpga_gate_init() (Xiu Jianfeng) - bpf: Do not zero-extend kfunc return values (Bjorn Topel) - blktrace: Fix output non-blktrace event when blk_classic option enabled (Yang Jihong) - wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware() (Wang Yufen) - wifi: rtl8xxxu: Fix the channel width reporting (Bitterblue Smith) - wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h (Bitterblue Smith) - spi: spi-gpio: Don't set MOSI as an input if not 3WIRE mode (Kris Bahnsen) - clk: samsung: Fix memory leak in _samsung_clk_register_pll() (Xiu Jianfeng) - media: coda: Add check for kmalloc (Jiasheng Jiang) - media: coda: Add check for dcoda_iram_alloc (Jiasheng Jiang) - media: c8sectpfe: Add of_node_put() when breaking out of loop (Liang He) - regulator: qcom-labibb: Fix missing of_node_put() in qcom_labibb_regulator_probe() (Yuan Can) - mmc: core: Normalize the error handling branch in sd_read_ext_regs() (Zhen Lei) - memstick/ms_block: Add check for alloc_ordered_workqueue (Jiasheng Jiang) - memstick: ms_block: Add error handling support for add_disk() (Luis Chamberlain) - mmc: renesas_sdhi: alway populate SCC pointer (Wolfram Sang) - mmc: mmci: fix return value check of mmc_add_host() (Yang Yingliang) - mmc: wbsd: fix return value check of mmc_add_host() (Yang Yingliang) - mmc: via-sdmmc: fix return value check of mmc_add_host() (Yang Yingliang) - mmc: meson-gx: fix return value check of mmc_add_host() (Yang Yingliang) - mmc: omap_hsmmc: fix return value check of mmc_add_host() (Yang Yingliang) - mmc: atmel-mci: fix return value check of mmc_add_host() (Yang Yingliang) - mmc: wmt-sdmmc: fix return value check of mmc_add_host() (Yang Yingliang) - mmc: vub300: fix return value check of mmc_add_host() (Yang Yingliang) - mmc: toshsd: fix return value check of mmc_add_host() (Yang Yingliang) - mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host() (Yang Yingliang) - mmc: rtsx_pci: fix return value check of mmc_add_host() (Yang Yingliang) - mmc: pxamci: fix return value check of mmc_add_host() (Yang Yingliang) - mmc: mxcmmc: fix return value check of mmc_add_host() (Yang Yingliang) - mmc: moxart: fix return value check of mmc_add_host() (Yang Yingliang) - mmc: alcor: fix return value check of mmc_add_host() (Yang Yingliang) - riscv, bpf: Emit fixed-length instructions for BPF_PSEUDO_FUNC (Pu Lehui) - NFSv4.x: Fail client initialisation if state manager thread can't run (Trond Myklebust) - SUNRPC: Fix missing release socket in rpc_sockname() (Wang ShaoBo) - xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (Zhang Xiaoxu) - ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt (Gaosheng Cui) - media: saa7164: fix missing pci_disable_device() (Liu Shixin) - ALSA: pcm: Set missing stop_operating flag at undoing trigger start (Takashi Iwai) - bpf, sockmap: fix race in sock_map_free() (Eric Dumazet) - hwmon: (jc42) Restore the min/max/critical temperatures on resume (Martin Blumenstingl) - hwmon: (jc42) Convert register access and caching to regmap/regcache (Martin Blumenstingl) - regulator: core: fix resource leak in regulator_register() (Yang Yingliang) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-0179 CVE-2022-4139 CVE-2022-45869 CVE-2022-3545 Oracle Linux 9 [0.11.3-4.el9_1.2] - Updated bundled rubygems: mustermann, rack, rack_protection, sinatra, tilt - Added license for rubygem ruby2_keywords - Resolves: rhbz#2159426 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-45442 Oracle Linux 9 [3.0.1-47.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.1-47] - Fixed X.509 Name Constraints Read Buffer Overflow Resolves: CVE-2022-4203 - Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed Double free after calling PEM_read_bio_ex Resolves: CVE-2022-4450 - Fixed Use-after-free following BIO_new_NDEF Resolves: CVE-2023-0215 - Fixed Invalid pointer dereference in d2i_PKCS7 functions Resolves: CVE-2023-0216 - Fixed NULL dereference validating DSA public key Resolves: CVE-2023-0217 - Fixed X.400 address type confusion in X.509 GeneralName Resolves: CVE-2023-0286 - Fixed NULL dereference during PKCS7 data verification Resolves: CVE-2023-0401 [1:3.0.1-46] - Refactor OpenSSL fips module MAC verification Resolves: rhbz#2158412 - Disallow SHAKE in RSA-OAEP decryption in FIPS mode Resolves: rhbz#2144010 [1:3.0.1-45] - Add support of X25519 and X448 'group' parameter in EVP_PKEY_CTX objects Resolves: rhbz#2149010 - Fix explicit indicator for PSS salt length in FIPS mode when used with negative magic values Resolves: rhbz#2144012 - Update change to default PSS salt length with patch state from upstream Related: rhbz#2144012 [1:3.0.1-44] - SHAKE-128/256 are not allowed with RSA in FIPS mode Resolves: rhbz#2144010 - Avoid memory leaks in TLS Resolves: rhbz#2144008 - FIPS RSA CRT tests must use correct parameters Resolves: rhbz#2144006 - FIPS-140-3 permits only SHA1, SHA256, and SHA512 for DRBG-HASH/DRBG-HMAC Resolves: rhbz#2144017 - Remove support for X9.31 signature padding in FIPS mode Resolves: rhbz#2144015 - Add explicit indicator for SP 800-108 KDFs with short key lengths Resolves: rhbz#2144019 - Add explicit indicator for HMAC with short key lengths Resolves: rhbz#2144000 - Set minimum password length for PBKDF2 in FIPS mode Resolves: rhbz#2144003 - Add explicit indicator for PSS salt length in FIPS mode Resolves: rhbz#2144012 - Clamp default PSS salt length to digest size for FIPS 186-4 compliance Related: rhbz#2144012 - Forbid short RSA keys for key encapsulation/decapsulation in FIPS mode Resolves: rhbz#2145170 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-0286 CVE-2022-4450 CVE-2023-0215 CVE-2022-4203 CVE-2022-4304 CVE-2023-0401 CVE-2023-0217 CVE-2023-0216 Oracle Linux 8 Oracle Linux 9 [5.15.0-8.91.4.1] - uek-rpm: Add opbmc to core rpm (Somasundaram Krishnasamy) [Orabug: 35157130] [5.15.0-8.91.4] - selftests/vm: remove ARRAY_SIZE define from individual tests (Shuah Khan) [Orabug: 35088471] - selftests: Provide local define of __cpuid_count() (Reinette Chatre) [Orabug: 35088471] - tools: fix ARRAY_SIZE defines in tools and selftests hdrs (Shuah Khan) [Orabug: 35088471] - uek-rpm: aarch64 enable DETECT_HUNG_TASK (Tom Saeger) [Orabug: 34580801] [5.15.0-8.91.3] - Update README with UEK Text Description (Somasundaram Krishnasamy) [Orabug: 35084845] - uek-rpm: config-x86-64*: Disable CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT (Alejandro Jimenez) [Orabug: 35059109] - Revert 'RDMA/irdma: Fix warning, move switch variable into case' (Jack Vogel) [Orabug: 35048858] - Revert 'RDMA/irdma: Move variable into switch case' (Jack Vogel) [Orabug: 35048858] - Revert 'ACPI/IORT: Move variables in switch, fix for build warnings.' (Jack Vogel) [Orabug: 35048858] [5.15.0-8.91.2] - RDMA/addr: Refresh neighbour entries upon rdma_resolve_addr() (Gerd Rausch) [Orabug: 35060575] - net/rds: Go back to alloc_ordered_workqueue() (Gerd Rausch) [Orabug: 35042697] - sched/core: Remove sched_uek cmdline parameter (Konrad Rzeszutek Wilk) [Orabug: 35049222] - uek-misc: Initial version (Konrad Rzeszutek Wilk) [Orabug: 35049222] - treewide: Move the definition in a global file (Konrad Rzeszutek Wilk) [Orabug: 35049222] - treewide: Rename wake_affine_idle_pull into on_exadata (Konrad Rzeszutek Wilk) [Orabug: 35049222] - sched/core: Remove sched_uek=preempt (Konrad Rzeszutek Wilk) [Orabug: 35049222] - perf/x86/uncore: Don't WARN_ON_ONCE() for a broken discovery table (Kan Liang) [Orabug: 35038311] - perf/x86/uncore: Add a quirk for UPI on SPR (Kan Liang) [Orabug: 35038311] - perf/x86/uncore: Ignore broken units in discovery table (Kan Liang) [Orabug: 35038311] - perf/x86/uncore: Fix potential NULL pointer in uncore_get_alias_name (Kan Liang) [Orabug: 35038311] - perf/x86/uncore: Factor out uncore_device_to_die() (Kan Liang) [Orabug: 35038311] - perf/x86/intel/uncore: Enable UPI topology discovery for Sapphire Rapids (Alexander Antonov) [Orabug: 35038311] - perf/x86/intel/uncore: Enable UPI topology discovery for Skylake Server (Alexander Antonov) [Orabug: 35038311] - perf/x86/intel/uncore: Generalize get_topology() for SKX PMUs (Alexander Antonov) [Orabug: 35038311] - perf/x86/intel/uncore: Introduce UPI topology type (Alexander Antonov) [Orabug: 35038311] - perf/x86/intel/uncore: Get UPI NodeID and GroupID (Alexander Antonov) [Orabug: 35038311] - perf/x86/intel/uncore: Enable UPI topology discovery for Icelake Server (Alexander Antonov) [Orabug: 35038311] - perf/x86/intel/uncore: Generalize IIO topology support (Alexander Antonov) [Orabug: 35038311] - net/rds: Delegate fan-out to a background worker (Gerd Rausch) [Orabug: 34994148] - i40e: Add basic support for I710 devices (Stanislaw Grzeszczak) [Orabug: 35059783] [5.15.0-8.91.1] - LTS version: v5.15.91 (Jack Vogel) - perf/x86/amd: fix potential integer overflow on shift of a int (Colin Ian King) - netfilter: conntrack: unify established states for SCTP paths (Sriram Yagnaraman) - x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (Thomas Gleixner) - block: fix and cleanup bio_check_ro (Christoph Hellwig) - kbuild: Allow kernel installation packaging to override pkg-config (Chun-Tse Shao) - cpufreq: governor: Use kobject release() method to free dbs_data (Kevin Hao) - cpufreq: Move to_gov_attr_set() to cpufreq.h (Kevin Hao) - Revert 'Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode' (Dmitry Torokhov) - tools: gpio: fix -c option of gpio-event-mon (Ivo Borisov Shopov) - treewide: fix up files incorrectly marked executable (Linus Torvalds) - net: mdio-mux-meson-g12a: force internal PHY off on mux switch (Jerome Brunet) - net/tg3: resolve deadlock in tg3_reset_task() during EEH (David Christensen) - thermal: intel: int340x: Add locking to int340x_thermal_get_trip_type() (Rafael J. Wysocki) - net: mctp: mark socks as dead on unhash, prevent re-add (Jeremy Kerr) - net: ravb: Fix possible hang if RIS2_QFF1 happen (Yoshihiro Shimoda) - net: ravb: Fix lack of register setting after system resumed for Gen3 (Yoshihiro Shimoda) - ravb: Rename 'no_ptp_cfg_active' and 'ptp_cfg_active' variables (Biju Das) - gpio: mxc: Unlock on error path in mxc_flip_edge() (Dan Carpenter) - nvme: fix passthrough csi check (Keith Busch) - riscv/kprobe: Fix instruction simulation of JALR (Liao Chang) - sctp: fail if no bound addresses can be used for a given scope (Marcelo Ricardo Leitner) - net/sched: sch_taprio: do not schedule in taprio_reset() (Eric Dumazet) - netrom: Fix use-after-free of a listening socket. (Kuniyuki Iwashima) - netfilter: conntrack: fix vtag checks for ABORT/SHUTDOWN_COMPLETE (Sriram Yagnaraman) - ipv4: prevent potential spectre v1 gadget in fib_metrics_match() (Eric Dumazet) - ipv4: prevent potential spectre v1 gadget in ip_metrics_convert() (Eric Dumazet) - netlink: annotate data races around sk_state (Eric Dumazet) - netlink: annotate data races around dst_portid and dst_group (Eric Dumazet) - netlink: annotate data races around nlk->portid (Eric Dumazet) - netfilter: nft_set_rbtree: skip elements in transaction from garbage collection (Pablo Neira Ayuso) - netfilter: nft_set_rbtree: Switch to node list walk for overlap detection (Pablo Neira Ayuso) - drm/i915/selftest: fix intel_selftest_modify_policy argument types (Arnd Bergmann) - net: fix UaF in netns ops registration error path (Paolo Abeni) - netlink: prevent potential spectre v1 gadgets (Eric Dumazet) - i2c: designware: use casting of u64 in clock multiplication to avoid overflow (Lareine Khawaly) - scsi: ufs: core: Fix devfreq deadlocks (Johan Hovold) - net: mana: Fix IRQ name - add PCI and queue number (Haiyang Zhang) - EDAC/qcom: Do not pass llcc_driv_data as edac_device_ctl_info's pvt_info (Manivannan Sadhasivam) - EDAC/device: Respect any driver-supplied workqueue polling value (Manivannan Sadhasivam) - ARM: 9280/1: mm: fix warning on phys_addr_t to void pointer assignment (Giulio Benetti) - ipv6: fix reachability confirmation with proxy_ndp (Gergely Risko) - thermal: intel: int340x: Protect trip temperature from concurrent updates (Srinivas Pandruvada) - KVM: arm64: GICv4.1: Fix race with doorbell on VPE activation/deactivation (Marc Zyngier) - KVM: x86/vmx: Do not skip segment attributes if unusable bit is set (Hendrik Borghorst) - ovl: fail on invalid uid/gid mapping at copy up (Miklos Szeredi) - ksmbd: limit pdu length size according to connection status (Namjae Jeon) - ksmbd: downgrade ndr version error message to debug (Namjae Jeon) - ksmbd: do not sign response to session request for guest login (Marios Makassikis) - ksmbd: add max connections parameter (Namjae Jeon) - ksmbd: add smbd max io size parameter (Namjae Jeon) - i2c: mv64xxx: Add atomic_xfer method to driver (Chris Morgan) - i2c: mv64xxx: Remove shutdown method from driver (Chris Morgan) - cifs: Fix oops due to uncleared server->smbd_conn in reconnect (David Howells) - ftrace/scripts: Update the instructions for ftrace-bisect.sh (Steven Rostedt (Google)) - trace_events_hist: add check for return value of 'create_hist_field' (Natalia Petrova) - tracing: Make sure trace_printk() can output as soon as it can be used (Steven Rostedt (Google)) - module: Don't wait for GOING modules (Petr Pavlu) - KVM: SVM: fix tsc scaling cache logic (Maxim Levitsky) - scsi: hpsa: Fix allocation size for scsi_host_alloc() (Alexey V. Vissarionov) - drm/amdgpu: complete gfxoff allow signal during suspend without delay (Harsh Jain) - Bluetooth: hci_sync: cancel cmd_timer if hci_open failed (Archie Pusaka) - exit: Use READ_ONCE() for all oops/warn limit reads (Kees Cook) - docs: Fix path paste-o for /sys/kernel/warn_count (Kees Cook) - panic: Expose 'warn_count' to sysfs (Kees Cook) - panic: Introduce warn_limit (Kees Cook) - panic: Consolidate open-coded panic_on_warn checks (Kees Cook) - exit: Allow oops_limit to be disabled (Kees Cook) - exit: Expose 'oops_count' to sysfs (Kees Cook) - exit: Put an upper limit on how often we can oops (Jann Horn) - panic: Separate sysctl logic from CONFIG_SMP (Kees Cook) - ia64: make IA64_MCA_RECOVERY bool instead of tristate (Randy Dunlap) - csky: Fix function name in csky_alignment() and die() (Nathan Chancellor) - h8300: Fix build errors from do_exit() to make_task_dead() transition (Nathan Chancellor) - hexagon: Fix function name in die() (Nathan Chancellor) - objtool: Add a missing comma to avoid string concatenation (Eric W. Biederman) - exit: Add and use make_task_dead. (Eric W. Biederman) - kasan: no need to unset panic_on_warn in end_report() (Tiezhu Yang) - ubsan: no need to unset panic_on_warn in ubsan_epilogue() (Tiezhu Yang) - panic: unset panic_on_warn inside panic() (Tiezhu Yang) - kernel/panic: move panic sysctls to its own file (tangmeng) - sysctl: add a new register_sysctl_init() interface (Xiaoming Ni) - fs: reiserfs: remove useless new_opts in reiserfs_remount (Dongliang Mu) - x86: ACPI: cstate: Optimize C3 entry on AMD CPUs (Deepak Sharma) - drm/i915: Remove unused variable (Nirmoy Das) - Revert 'selftests/bpf: check null propagation only neither reg is PTR_TO_BTF_ID' (Sasha Levin) - drm/i915: Allow switching away via vga-switcheroo if uninitialized (Thomas Zimmermann) - firmware: coreboot: Check size of table entry and use flex-array (Kees Cook) - lockref: stop doing cpu_relax in the cmpxchg loop (Mateusz Guzik) - platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK (Hans de Goede) - platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD (Michael Klein) - r8152: add vendor/device ID pair for Microsoft Devkit (Andre Przywara) - scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id (Yihang Li) - KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (Heiko Carstens) - spi: spidev: remove debug messages that access spidev->spi without locking (Bartosz Golaszewski) - ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets (Mark Brown) - ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC (Mark Brown) - cpufreq: armada-37xx: stop using 0 as NULL pointer (Miles Chen) - perf/x86/intel/uncore: Add Emerald Rapids (Kan Liang) - perf/x86/msr: Add Emerald Rapids (Kan Liang) - s390: expicitly align _edata and _end symbols on page boundary (Alexander Gordeev) - s390/debug: add _ASM_S390_ prefix to header guard (Niklas Schnelle) - drm: Add orientation quirk for Lenovo ideapad D330-10IGL (Patrick Thompson) - net: usb: cdc_ether: add support for Thales Cinterion PLS62-W modem (Hui Wang) - ASoC: fsl_micfil: Correct the number of steps on SX controls (Chancel Liu) - cpufreq: Add SM6375 to cpufreq-dt-platdev blocklist (Konrad Dybcio) - kcsan: test: don't put the expect array on the stack (Max Filippov) - cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist (Sumit Gupta) - scsi: iscsi: Fix multiple iSCSI session unbind events sent to userspace (Wenchao Hao) - tcp: fix rate_app_limited to default to 1 (David Morley) - net: stmmac: enable all safety features by default (Andrew Halaney) - thermal: core: call put_device() only after device_register() fails (Viresh Kumar) - thermal/core: fix error code in __thermal_cooling_device_register() (Dan Carpenter) - thermal: Validate new state in cur_state_store() (Viresh Kumar) - thermal/core: Rename 'trips' to 'num_trips' (Daniel Lezcano) - thermal/core: Remove duplicate information when an error occurs (Daniel Lezcano) - net: dsa: microchip: ksz9477: port map correction in ALU table entry register (Rakesh Sankaranarayanan) - selftests/net: toeplitz: fix race on tpacket_v3 block close (Willem de Bruijn) - driver core: Fix test_async_probe_init saves device in wrong array (Chen Zhongjin) - w1: fix WARNING after calling w1_process() (Yang Yingliang) - w1: fix deadloop in __w1_remove_master_device() (Yang Yingliang) - device property: fix of node refcount leak in fwnode_graph_get_next_endpoint() (Yang Yingliang) - ptdma: pt_core_execute_cmd() should use spinlock (Eric Pilmore) - octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt (Kevin Hao) - tcp: avoid the lookup process failing to get sk in ehash table (Jason Xing) - nvme-pci: fix timeout request state check (Keith Busch) - drm/amd/display: fix issues with driver unload (Hamza Mahfooz) - phy: phy-can-transceiver: Skip warning if no 'max-bitrate' (Geert Uytterhoeven) - dmaengine: xilinx_dma: call of_node_put() when breaking out of for_each_child_of_node() (Liu Shixin) - cifs: fix potential deadlock in cache_refresh_path() (Paulo Alcantara) - HID: betop: check shape of output reports (Pietro Borrello) - l2tp: prevent lockdep issue in l2tp_tunnel_register() (Eric Dumazet) - virtio-net: correctly enable callback during start_xmit (Jason Wang) - net: macb: fix PTP TX timestamp failure due to packet padding (Robert Hancock) - dmaengine: Fix double increment of client_count in dma_chan_get() (Koba Ko) - drm/panfrost: fix GENERIC_ATOMIC64 dependency (Arnd Bergmann) - net: mlx5: eliminate anonymous module_init & module_exit (Randy Dunlap) - net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (Maor Dickman) - net: ipa: disable ipa interrupt during suspend (Caleb Connolly) - Bluetooth: Fix possible deadlock in rfcomm_sk_state_change (Ying Hsu) - usb: gadget: f_fs: Ensure ep0req is dequeued before free_request (Udipto Goswami) - usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait (Udipto Goswami) - HID: revert CHERRY_MOUSE_000C quirk (Jiri Kosina) - pinctrl: rockchip: fix mux route data for rk3568 (Jonas Karlman) - net: stmmac: fix invalid call to mdiobus_get_phy() (Heiner Kallweit) - HID: check empty report_list in bigben_probe() (Pietro Borrello) - HID: check empty report_list in hid_validate_values() (Pietro Borrello) - net: mdio: validate parameter addr in mdiobus_get_phy() (Heiner Kallweit) - net: usb: sr9700: Handle negative len (Szymon Heidrich) - octeontx2-pf: Avoid use of GFP_KERNEL in atomic context (Geetha sowjanya) - l2tp: close all race conditions in l2tp_tunnel_register() (Cong Wang) - l2tp: convert l2tp_tunnel_list to idr (Cong Wang) - l2tp: Don't sleep and disable BH under writer-side sk_callback_lock (Jakub Sitnicki) - l2tp: Serialize access to sk_user_data with sk_callback_lock (Jakub Sitnicki) [Orabug: 34951574] {CVE-2022-4129} - net/sched: sch_taprio: fix possible use-after-free (Eric Dumazet) - net: stmmac: Fix queue statistics reading (Kurt Kanzenbach) - pinctrl: rockchip: fix reading pull type on rk3568 (Jonas Karlman) - pinctrl/rockchip: add error handling for pull/drive register getters (Sebastian Reichel) - pinctrl/rockchip: Use temporary variable for struct device (Andy Shevchenko) - wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid (Szymon Heidrich) [Orabug: 35037701] {CVE-2023-23559} - gpio: mxc: Always set GPIOs used as interrupt source to INPUT mode (Marek Vasut) - gpio: mxc: Protect GPIO irqchip RMW with bgpio spinlock (Marek Vasut) - gpio: use raw spinlock for gpio chip shadowed data (Schspa Shi) - sch_htb: Avoid grafting on htb_destroy_class_offload when destroying htb (Rahul Rameshbabu) - net: enetc: avoid deadlock in enetc_tx_onestep_tstamp() (Vladimir Oltean) - net: wan: Add checks for NULL for utdm in undo_uhdlc_init and unmap_si_regs (Esina Ekaterina) - net: nfc: Fix use-after-free in local_cleanup() (Jisoo Jang) - phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in rockchip_usb2phy_power_on() (Shang XiaoJing) - bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation (Luis Gerhorst) - amd-xgbe: Delay AN timeout during KR training (Raju Rangoju) - amd-xgbe: TX Flow Ctrl Registers are h/w ver dependent (Raju Rangoju) - ARM: dts: at91: sam9x60: fix the ddr clock for sam9x60 (Claudiu Beznea) - NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (Xingyuan Mo) - phy: ti: fix Kconfig warning and operator precedence (Randy Dunlap) - arm64: dts: qcom: msm8992-libra: Fix the memory map (Konrad Dybcio) - arm64: dts: qcom: msm8992-libra: Add CPU regulators (Konrad Dybcio) - arm64: dts: qcom: msm8992: Don't use sfpb mutex (Konrad Dybcio) - PM: AVS: qcom-cpr: Fix an error handling path in cpr_probe() (Christophe JAILLET) - affs: initialize fsdata in affs_truncate() (Alexander Potapenko) - IB/hfi1: Remove user expected buffer invalidate race (Dean Luick) - IB/hfi1: Immediately remove invalid memory from hardware (Dean Luick) - IB/hfi1: Fix expected receive setup error exit issues (Dean Luick) - IB/hfi1: Reserve user expected TIDs (Dean Luick) - IB/hfi1: Reject a zero-length user expected buffer (Dean Luick) - RDMA/core: Fix ib block iterator counter overflow (Yonatan Nachum) - tomoyo: fix broken dependency on *.conf.default (Masahiro Yamada) - firmware: arm_scmi: Harden shared memory access in fetch_notification (Cristian Marussi) - firmware: arm_scmi: Harden shared memory access in fetch_response (Cristian Marussi) - EDAC/highbank: Fix memory leak in highbank_mc_probe() (Miaoqian Lin) - reset: uniphier-glue: Fix possible null-ptr-deref (Hui Tang) - reset: uniphier-glue: Use reset_control_bulk API (Philipp Zabel) - soc: imx8m: Fix incorrect check for of_clk_get_by_name() (Miaoqian Lin) - arm64: dts: imx8mm-venice-gw7901: fix USB2 controller OC polarity (Tim Harvey) - HID: intel_ish-hid: Add check for ishtp_dma_tx_map (Jiasheng Jiang) - ARM: imx: add missing of_node_put() (Dario Binacchi) - arm64: dts: imx8mm-beacon: Fix ecspi2 pinmux (Adam Ford) - ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts' (Fabio Estevam) - ARM: dts: imx7d-pico: Use 'clock-frequency' (Fabio Estevam) - ARM: dts: imx6ul-pico-dwarf: Use 'clock-frequency' (Fabio Estevam) - arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (Fabio Estevam) - dmaengine: ti: k3-udma: Do conditional decrement of UDMA_CHAN_RT_PEER_BCNT_REG (Jayesh Choudhary) - memory: mvebu-devbus: Fix missing clk_disable_unprepare in mvebu_devbus_probe() (Gaosheng Cui) - memory: atmel-sdramc: Fix missing clk_disable_unprepare in atmel_ramc_probe() (Gaosheng Cui) - memory: tegra: Remove clients SID override programming (Ashish Mhetre) - LTS version: v5.15.90 (Jack Vogel) - io_uring/rw: remove leftover debug statement (Jens Axboe) - io_uring/rw: ensure kiocb_end_write() is always called (Jens Axboe) - io_uring: fix double poll leak on repolling (Pavel Begunkov) - io_uring: Clean up a false-positive warning from GCC 9.3.0 (Alviro Iskandar Setiawan) - mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma (Hugh Dickins) - soc: qcom: apr: Make qcom,protection-domain optional again (Stephan Gerhold) - Revert 'wifi: mac80211: fix memory leak in ieee80211_if_add()' (Eric Dumazet) - block: mq-deadline: Rename deadline_is_seq_writes() (Damien Le Moal) - net/mlx5: fix missing mutex_unlock in mlx5_fw_fatal_reporter_err_work() (Yang Yingliang) - net/ulp: use consistent error code when blocking ULP (Paolo Abeni) - io_uring/net: fix fast_iov assignment in io_setup_async_msg() (Stefan Metzmacher) - io_uring: io_kiocb_update_pos() should not touch file for non -1 offset (Jens Axboe) - tracing: Use alignof__(struct {type b;}) instead of offsetof() (Steven Rostedt (Google)) - x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (YingChi Long) - Revert 'drm/amdgpu: make display pinning more flexible (v2)' (Alex Deucher) - efi: rt-wrapper: Add missing include (Ard Biesheuvel) - arm64: efi: Execute runtime services from a dedicated stack (Ard Biesheuvel) - fs/ntfs3: Fix attr_punch_hole() null pointer derenference (Alon Zahavi) - drm/amdgpu: drop experimental flag on aldebaran (Alex Deucher) - drm/amd/display: Fix COLOR_SPACE_YCBCR2020_TYPE matrix (Joshua Ashton) - drm/amd/display: Calculate output_color_space after pixel encoding adjustment (Joshua Ashton) - drm/amd/display: Fix set scaling doesn's work (hongao) - drm/i915/display: Check source height is > 0 (Drew Davenport) - drm/i915: re-disable RC6p on Sandy Bridge (Sasa Dragic) - mei: me: add meteor lake point M DID (Alexander Usyskin) - gsmi: fix null-deref in gsmi_get_variable (Khazhismel Kumykov) - serial: atmel: fix incorrect baudrate setup (Tobias Schramm) - serial: amba-pl011: fix high priority character transmission in rs486 mode (Lino Sanfilippo) - dmaengine: idxd: Let probe fail when workqueue cannot be enabled (Reinette Chatre) - dmaengine: tegra210-adma: fix global intr clear (Mohan Kumar) - dmaengine: lgm: Move DT parsing after initialization (Peter Harliman Liem) - serial: pch_uart: Pass correct sg to dma_unmap_sg() (Ilpo Jarvinen) - dt-bindings: phy: g12a-usb3-pcie-phy: fix compatible string documentation (Heiner Kallweit) - dt-bindings: phy: g12a-usb2-phy: fix compatible string documentation (Heiner Kallweit) - usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210 (Juhyung Park) - usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() (Maciej zenczykowski) - usb: gadget: g_webcam: Send color matching descriptor per frame (Daniel Scally) - usb: typec: altmodes/displayport: Fix pin assignment calculation (Prashant Malani) - usb: typec: altmodes/displayport: Add pin assignment helper (Prashant Malani) - usb: typec: tcpm: Fix altmode re-registration causes sysfs create fail (ChiYuan Huang) - usb: host: ehci-fsl: Fix module alias (Alexander Stein) - usb: cdns3: remove fetched trb from cache before dequeuing (Pawel Laszczak) - USB: serial: cp210x: add SCALANCE LPE-9000 device id (Michael Adler) - USB: gadgetfs: Fix race between mounting and unmounting (Alan Stern) - tty: fix possible null-ptr-defer in spk_ttyio_release (Gaosheng Cui) - tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer (Krzysztof Kozlowski) - staging: mt7621-dts: change some node hex addresses to lower case (Sergio Paracuellos) - bpf: restore the ebpf program ID for BPF_AUDIT_UNLOAD and PERF_BPF_EVENT_PROG_UNLOAD (Paul Moore) - riscv: dts: sifive: fu740: fix size of pcie 32bit memory (Ben Dooks) - thunderbolt: Use correct function to calculate maximum USB3 link rate (Mika Westerberg) - cifs: do not include page data when checking signature (Enzo Matsumiya) - btrfs: fix race between quota rescan and disable leading to NULL pointer deref (Filipe Manana) - btrfs: do not abort transaction on failure to write log tree when syncing log (Filipe Manana) - mmc: sdhci-esdhc-imx: correct the tuning start tap and step setting (Haibo Chen) - mmc: sunxi-mmc: Fix clock refcount imbalance during unbind (Samuel Holland) - ACPI: PRM: Check whether EFI runtime is available (Ard Biesheuvel) - comedi: adv_pci1760: Fix PWM instruction handling (Ian Abbott) - usb: core: hub: disable autosuspend for TI TUSB8041 (Flavio Suligoi) - misc: fastrpc: Fix use-after-free race condition for maps (Ola Jeppsson) - misc: fastrpc: Don't remove map on creater_process and device_release (Abel Vesa) - USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100 (Greg Kroah-Hartman) - staging: vchiq_arm: fix enum vchiq_status return types (Arnd Bergmann) - USB: serial: option: add Quectel EM05CN modem (Duke Xin) - USB: serial: option: add Quectel EM05CN (SG) modem (Duke Xin) - USB: serial: option: add Quectel EC200U modem (Ali Mirghasemi) - USB: serial: option: add Quectel EM05-G (RS) modem (Duke Xin) - USB: serial: option: add Quectel EM05-G (CS) modem (Duke Xin) - USB: serial: option: add Quectel EM05-G (GR) modem (Duke Xin) - prlimit: do_prlimit needs to have a speculation check (Greg Kroah-Hartman) - xhci: Detect lpm incapable xHC USB3 roothub ports from ACPI tables (Mathias Nyman) - usb: acpi: add helper to check port lpm capability using acpi _DSM (Mathias Nyman) - xhci: Add a flag to disable USB3 lpm on a xhci root port level. (Mathias Nyman) - xhci: Add update_hub_device override for PCI xHCI hosts (Mathias Nyman) - xhci: Fix null pointer dereference when host dies (Mathias Nyman) - usb: xhci: Check endpoint is valid before dereferencing it (Jimmy Hu) - xhci-pci: set the dma max_seg_size (Ricardo Ribalda) - io_uring/rw: defer fsnotify calls to task context (Jens Axboe) - io_uring: do not recalculate ppos unnecessarily (Dylan Yudaken) - io_uring: update kiocb->ki_pos at execution time (Dylan Yudaken) - io_uring: remove duplicated calls to io_kiocb_ppos (Dylan Yudaken) - io_uring: ensure that cached task references are always put on exit (Jens Axboe) - io_uring: fix async accept on O_NONBLOCK sockets (Dylan Yudaken) - io_uring: allow re-poll if we made progress (Jens Axboe) - io_uring: support MSG_WAITALL for IORING_OP_SEND(MSG) (Jens Axboe) - io_uring: add flag for disabling provided buffer recycling (Jens Axboe) - io_uring: ensure recv and recvmsg handle MSG_WAITALL correctly (Jens Axboe) - io_uring: improve send/recv error handling (Pavel Begunkov) - io_uring: pass in EPOLL_URING_WAKE for eventfd signaling and wakeups (Jens Axboe) - eventfd: provide a eventfd_signal_mask() helper (Jens Axboe) - eventpoll: add EPOLL_URING_WAKE poll wakeup flag (Jens Axboe) - io_uring: don't gate task_work run on TIF_NOTIFY_SIGNAL (Jens Axboe) - hugetlb: unshare some PMDs when splitting VMAs (James Houghton) - drm/amd: Delay removal of the firmware framebuffer (Sasha Levin) - drm/amdgpu: disable runtime pm on several sienna cichlid cards(v2) (Guchun Chen) - ALSA: hda/realtek: fix mute/micmute LEDs don't work for a HP platform (Jeremy Szu) - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (Andy Chi) - efi: fix userspace infinite retry read efivars after EFI runtime services page fault (Ding Hui) - nilfs2: fix general protection fault in nilfs_btree_insert() (Ryusuke Konishi) - zonefs: Detect append writes at invalid locations (Damien Le Moal) - Add exception protection processing for vd in axi_chan_handle_err function (Shawn.Shao) - wifi: mac80211: sdata can be NULL during AMPDU start (Alexander Wetzel) - wifi: brcmfmac: fix regression for Broadcom PCIe wifi devices (Arend van Spriel) - Bluetooth: hci_qca: Fix driver shutdown on closed serdev (Krzysztof Kozlowski) - fbdev: omapfb: avoid stack overflow warning (Arnd Bergmann) - perf/x86/rapl: Treat Tigerlake like Icelake (Chris Wilson) - f2fs: let's avoid panic if extent_tree is not created (Jaegeuk Kim) - x86/asm: Fix an assembler warning with current binutils (Mikulas Patocka) - btrfs: always report error in run_one_delayed_ref() (Qu Wenruo) - RDMA/srp: Move large values to a new enum for gcc13 (Jiri Slaby (SUSE)) - r8169: move rtl_wol_enable_rx() and rtl_prepare_power_down() (Chunhao Lin) - net/ethtool/ioctl: return -EOPNOTSUPP if we have no phy stats (Daniil Tatianin) - vduse: Validate vq_num in vduse_validate_config() (Harshit Mogalapalli) - virtio_pci: modify ENOENT to EINVAL (Angus Chen) - tools/virtio: initialize spinlocks in vring_test.c (Ricardo Canuelo) - selftests/bpf: check null propagation only neither reg is PTR_TO_BTF_ID (Hao Sun) - pNFS/filelayout: Fix coalescing test for single DS (Olga Kornievskaia) - btrfs: fix trace event name typo for FLUSH_DELAYED_REFS (Naohiro Aota) - LTS version: v5.15.89 (Jack Vogel) - pinctrl: amd: Add dynamic debugging for active GPIOs (Mario Limonciello) - Revert 'usb: ulpi: defer ulpi_register on ulpi_read_id timeout' (Ferry Toth) - block: handle bio_split_to_limits() NULL return (Jens Axboe) - io_uring/io-wq: only free worker if it was allocated for creation (Jens Axboe) - io_uring/io-wq: free worker if task_work creation is canceled (Jens Axboe) - efi: fix NULL-deref in init error path (Johan Hovold) - arm64: cmpxchg_double*: hazard against entire exchange variable (Mark Rutland) - arm64: atomics: remove LL/SC trampolines (Mark Rutland) - arm64: atomics: format whitespace consistently (Mark Rutland) - io_uring: lock overflowing for IOPOLL (Pavel Begunkov) - KVM: x86: Do not return host topology information from KVM_GET_SUPPORTED_CPUID (Paolo Bonzini) - Documentation: KVM: add API issues section (Paolo Bonzini) - mm: Always release pages to the buddy allocator in memblock_free_late(). (Aaron Thompson) - platform/surface: aggregator: Add missing call to ssam_request_sync_free() (Maximilian Luz) - igc: Fix PPS delta between two synchronized end-points (Christopher S Hall) - perf build: Properly guard libbpf includes (Ian Rogers) - net/mlx5e: Don't support encap rules with gbp option (Gavin Li) - net/mlx5: Fix ptp max frequency adjustment range (Rahul Rameshbabu) - net/sched: act_mpls: Fix warning during failed attribute validation (Ido Schimmel) - tools/nolibc: fix the O_* fcntl/open macro definitions for riscv (Willy Tarreau) - tools/nolibc: restore mips branch ordering in the _start block (Willy Tarreau) - tools/nolibc: Remove .global _start from the entry point code (Ammar Faizi) - tools/nolibc/arch: mark the _start symbol as weak (Willy Tarreau) - tools/nolibc/arch: split arch-specific code into individual files (Willy Tarreau) - tools/nolibc/types: split syscall-specific definitions into their own files (Willy Tarreau) - tools/nolibc/std: move the standard type definitions to std.h (Willy Tarreau) - tools/nolibc: use pselect6 on RISCV (Willy Tarreau) - tools/nolibc: x86-64: Use mov 0,%eax instead of mov 0,%rax (Ammar Faizi) - tools/nolibc: x86: Remove r8, r9 and r10 from the clobber list (Ammar Faizi) - af_unix: selftest: Fix the size of the parameter to connect() (Mirsad Goran Todorovac) - nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() (Minsuk Kang) - hvc/xen: lock console list traversal (Roger Pau Monne) - octeontx2-af: Fix LMAC config in cgx_lmac_rx_tx_enable (Angela Czubak) - tipc: fix unexpected link reset due to discovery messages (Tung Nguyen) - ALSA: usb-audio: Relax hw constraints for implicit fb sync (Takashi Iwai) - ALSA: usb-audio: Make sure to stop endpoints before closing EPs (Takashi Iwai) - ASoC: wm8904: fix wrong outputs volume after power reactivation (Emanuele Ghidoli) - scsi: ufs: core: WLUN suspend SSU/enter hibern8 fail recovery (Peter Wang) - scsi: ufs: Stop using the clock scaling lock in the error handler (Bart Van Assche) - scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (Shin'ichiro Kawasaki) - regulator: da9211: Use irq handler when ready (Ricardo Ribalda) - x86/resctrl: Fix task CLOSID/RMID update race (Peter Newman) - EDAC/device: Fix period calculation in edac_device_reset_delay_period() (Eliav Farber) - x86/boot: Avoid using Intel mnemonics in AT&T syntax asm (Peter Zijlstra) - powerpc/imc-pmu: Fix use of mutex in IRQs disabled section (Kajol Jain) - netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function. (Gavrilov Ilia) - sched/core: Fix use-after-free bug in dup_user_cpus_ptr() (Waiman Long) - iommu/mediatek-v1: Fix an error handling path in mtk_iommu_v1_probe() (Christophe JAILLET) - iommu/iova: Fix alloc iova overflows issue (Yunfei Wang) - usb: ulpi: defer ulpi_register on ulpi_read_id timeout (Ferry Toth) - bus: mhi: host: Fix race between channel preparation and M0 event (Qiang Yu) - ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (Herbert Xu) [Orabug: 35005828] {CVE-2023-0394} - ixgbe: fix pci device refcount leak (Yang Yingliang) - platform/x86: sony-laptop: Don't turn off 0x153 keyboard backlight during probe (Hans de Goede) - dt-bindings: msm/dsi: Don't require vcca-supply on 14nm PHY (Konrad Dybcio) - dt-bindings: msm/dsi: Don't require vdds-supply on 10nm PHY (Konrad Dybcio) - drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer (Kuogee Hsieh) - platform/x86: ideapad-laptop: Add Legion 5 15ARH05 DMI id to set_fn_lock_led_list[] (Hans de Goede) - dt-bindings: msm: dsi-phy-28nm: Add missing qcom, dsi-phy-regulator-ldo-mode (Bryan O'Donoghue) - dt-bindings: msm: dsi-controller-main: Fix description of core clock (Bryan O'Donoghue) - dt-bindings: msm: dsi-controller-main: Fix power-domain constraint (Bryan O'Donoghue) - drm/msm/adreno: Make adreno quirks not overwrite each other (Konrad Dybcio) - dt-bindings: msm: dsi-controller-main: Fix operating-points-v2 constraint (Bryan O'Donoghue) - platform/x86: dell-privacy: Fix SW_CAMERA_LENS_COVER reporting (Hans de Goede) - platform/surface: aggregator: Ignore command messages not intended for us (Maximilian Luz) - platform/x86: dell-privacy: Only register SW_CAMERA_LENS_COVER if present (Hans de Goede) - cifs: Fix uninitialized memory read for smb311 posix symlink create (Volker Lendecke) - net/mlx5e: Set action fwd flag when parsing tc action goto (Roi Dayan) - drm/i915/gt: Reset twice (Chris Wilson) - drm/virtio: Fix GEM handle creation UAF (Rob Clark) - s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() (Heiko Carstens) - s390/cpum_sf: add READ_ONCE() semantics to compare and swap loops (Heiko Carstens) - ASoC: qcom: lpass-cpu: Fix fallback SD line index handling (Brian Norris) - s390/kexec: fix ipl report address for kdump (Alexander Egorenkov) - perf auxtrace: Fix address filter duplicate symbol selection (Adrian Hunter) - net: stmmac: add aux timestamps fifo clearance wait (Noor Azura Ahmad Tarmizi) - docs: Fix the docs build with Sphinx 6.0 (Jonathan Corbet) - efi: tpm: Avoid READ_ONCE() for accessing the event log (Ard Biesheuvel) - selftests: kvm: Fix a compile error in selftests/kvm/rseq_test.c (Jinrong Liang) - KVM: arm64: nvhe: Fix build with profile optimization (Denis Nikitin) - KVM: arm64: Fix S1PTW handling on RO memslots (Marc Zyngier) - ALSA: hda/realtek: Enable mute/micmute LEDs on HP Spectre x360 13-aw0xxx (Luka Guzenko) - ALSA: hda/realtek - Turn on power early (Yuchi Yang) - ALSA: control-led: use strscpy in set_led_id() (Jaroslav Kysela) - LTS version: v5.15.88 (Jack Vogel) - ALSA: hda - Enable headset mic on another Dell laptop with ALC3254 (Chris Chiu) - ALSA: hda/hdmi: Add a HP device 0x8715 to force connect list (Adrian Chan) - ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (Clement Lecigne) [Orabug: 34983525] {CVE-2023-0266} - net/ulp: prevent ULP without clone op from entering the LISTEN status (Paolo Abeni) - net: sched: disallow noqueue for qdisc classes (Frederick Lawler) [Orabug: 35005790] {CVE-2022-47929} - serial: fixup backport of 'serial: Deassert Transmit Enable on probe in driver-specific way' (Rasmus Villemoes) - selftests/vm/pkeys: Add a regression test for setting PKRU through ptrace (Kyle Huey) - x86/fpu: Emulate XRSTOR's behavior if the xfeatures PKRU bit is not set (Kyle Huey) - x86/fpu: Allow PKRU to be (once again) written by ptrace. (Kyle Huey) - x86/fpu: Add a pkru argument to copy_uabi_to_xstate() (Kyle Huey) - x86/fpu: Add a pkru argument to copy_uabi_from_kernel_to_xstate(). (Kyle Huey) - x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (Kyle Huey) - parisc: Align parisc MADV_XXX constants with all other architectures (Helge Deller) - LTS version: v5.15.87 (Jack Vogel) - drm/mgag200: Fix PLL setup for G200_SE_A rev >=4 (Jocelyn Falempe) - io_uring: Fix unsigned 'res' comparison with zero in io_fixup_rw_res() (Harshit Mogalapalli) - efi: random: combine bootloader provided RNG seed with RNG protocol output (Ard Biesheuvel) - mbcache: Avoid nesting of cache->c_list_lock under bit locks (Jan Kara) - net: hns3: fix return value check bug of rx copybreak (Jie Wang) - btrfs: make thaw time super block check to also verify checksum (Qu Wenruo) - selftests: set the BUILD variable to absolute path (Muhammad Usama Anjum) - ext4: don't allow journal inode to have encrypt flag (Eric Biggers) - mptcp: use proper req destructor for IPv6 (Matthieu Baerts) - mptcp: dedicated request sock for subflow in v6 (Matthieu Baerts) - Revert 'ACPI: PM: Add support for upcoming AMD uPEP HID AMDI007' (Mario Limonciello) - ksmbd: check nt_len to be at least CIFS_ENCPWD_SIZE in ksmbd_decode_ntlmssp_auth_blob (William Liu) - ksmbd: fix infinite loop in ksmbd_conn_handler_loop() (Namjae Jeon) - hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (Linus Torvalds) - hfs/hfsplus: use WARN_ON for sanity check (Arnd Bergmann) - drm/i915/gvt: fix vgpu debugfs clean in remove (Zhenyu Wang) - drm/i915/gvt: fix gvt debugfs destroy (Zhenyu Wang) - riscv, kprobes: Stricter c.jr/c.jalr decoding (Bjorn Topel) - riscv: uaccess: fix type of 0 variable on error in get_user() (Ben Dooks) - thermal: int340x: Add missing attribute for data rate base (Srinivas Pandruvada) - io_uring: fix CQ waiting timeout handling (Pavel Begunkov) - block: don't allow splitting of a REQ_NOWAIT bio (Jens Axboe) - fbdev: matroxfb: G200eW: Increase max memory from 1 MB to 16 MB (Paul Menzel) - nfsd: fix handling of readdir in v4root vs. mount upcall timeout (Jeff Layton) - x86/bugs: Flush IBP in ib_prctl_set() (Rodrigo Branco) - x86/kexec: Fix double-free of elf header buffer (Takashi Iwai) - btrfs: check superblock to ensure the fs was not modified at thaw time (Qu Wenruo) - nvme: also return I/O command effects from nvme_command_effects (Christoph Hellwig) - nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it (Christoph Hellwig) - io_uring: check for valid register opcode earlier (Jens Axboe) - nvme: fix multipath crash caused by flush request when blktrace is enabled (Yanjun Zhang) - ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet (Hans de Goede) - udf: Fix extension of the last extent in the file (Jan Kara) - caif: fix memory leak in cfctrl_linkup_request() (Zhengchao Shao) - drm/i915: unpin on error in intel_vgpu_shadow_mm_pin() (Dan Carpenter) - perf stat: Fix handling of --for-each-cgroup with --bpf-counters to match non BPF mode (Namhyung Kim) - usb: rndis_host: Secure rndis_query check against int overflow (Szymon Heidrich) - octeontx2-pf: Fix lmtst ID used in aura free (Geetha sowjanya) - drivers/net/bonding/bond_3ad: return when there's no aggregator (Daniil Tatianin) - fs/ntfs3: don't hold ni_lock when calling truncate_setsize() (Tetsuo Handa) - drm/imx: ipuv3-plane: Fix overlay plane width (Philipp Zabel) - perf tools: Fix resources leak in perf_data__open_dir() (Miaoqian Lin) - netfilter: ipset: Rework long task execution when adding/deleting entries (Jozsef Kadlecsik) - netfilter: ipset: fix hash:net,port,net hang with /0 subnet (Jozsef Kadlecsik) - net: sparx5: Fix reading of the MAC address (Horatiu Vultur) - net: sched: cbq: dont intepret cls results when asked to drop (Jamal Hadi Salim) [Orabug: 34983582] {CVE-2023-23454} - net: sched: atm: dont intepret cls results when asked to drop (Jamal Hadi Salim) [Orabug: 34983613] {CVE-2023-23455} - gpio: sifive: Fix refcount leak in sifive_gpio_probe (Miaoqian Lin) - ceph: switch to vfs_inode_has_locks() to fix file lock bug (Xiubo Li) - filelock: new helper: vfs_inode_has_locks (Jeff Layton) - drm/meson: Reduce the FIFO lines held when AFBC is not used (Carlo Caione) - RDMA/mlx5: Fix validation of max_rd_atomic caps for DC (Maor Gottlieb) - RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device (Shay Drory) - net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe (Miaoqian Lin) - net: ena: Update NUMA TPH hint register upon NUMA node update (David Arinzon) - net: ena: Set default value for RX interrupt moderation (David Arinzon) - net: ena: Fix rx_copybreak value update (David Arinzon) - net: ena: Use bitmask to indicate packet redirection (David Arinzon) - net: ena: Account for the number of processed bytes in XDP (David Arinzon) - net: ena: Don't register memory info on XDP exchange (David Arinzon) - net: ena: Fix toeplitz initial hash value (David Arinzon) - net: amd-xgbe: add missed tasklet_kill (Jiguang Xiao) - net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (Adham Faris) - net/mlx5e: Always clear dest encap in neigh-update-del (Chris Mi) - net/mlx5e: TC, Refactor mlx5e_tc_add_flow_mod_hdr() to get flow attr (Roi Dayan) - net/mlx5e: IPoIB, Don't allow CQE compression to be turned on by default (Dragos Tatulea) - net/mlx5: Avoid recovery in probe flows (Shay Drory) - net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (Jiri Pirko) - net/mlx5: E-Switch, properly handle ingress tagged packets on VST (Moshe Shemesh) - vdpa_sim: fix vringh initialization in vdpasim_queue_ready() (Stefano Garzarella) - vhost: fix range used in translate_desc() (Stefano Garzarella) - vringh: fix range used in iotlb_translate() (Stefano Garzarella) - vhost/vsock: Fix error handling in vhost_vsock_init() (Yuan Can) - vdpa_sim: fix possible memory leak in vdpasim_net_init() and vdpasim_blk_init() (ruanjinjie) - nfc: Fix potential resource leaks (Miaoqian Lin) - net: dsa: mv88e6xxx: depend on PTP conditionally (Johnny S. Lee) - qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure (Daniil Tatianin) - net: sched: fix memory leak in tcindex_set_parms (Hawkins Jiawei) - net: hns3: fix VF promisc mode not update when mac table full (Jian Shen) - net: hns3: fix miss L3E checking for rx packet (Jian Shen) - net: hns3: extract macro to simplify ring stats update code (Peng Li) - net: hns3: refactor hns3_nic_reuse_page() (Hao Chen) - net: hns3: add interrupts re-initialization while doing VF FLR (Jie Wang) - nfsd: shut down the NFSv4 state objects before the filecache (Jeff Layton) - veth: Fix race with AF_XDP exposing old or uninitialized descriptors (Shawn Bohrer) - netfilter: nf_tables: honor set timeout and garbage collection updates (Pablo Neira Ayuso) - vmxnet3: correctly report csum_level for encapsulated packet (Ronak Doshi) - netfilter: nf_tables: perform type checking for existing sets (Pablo Neira Ayuso) - netfilter: nf_tables: add function to create set stateful expressions (Pablo Neira Ayuso) - netfilter: nf_tables: consolidate set description (Pablo Neira Ayuso) - drm/panfrost: Fix GEM handle creation ref-counting (Steven Price) - bpf: pull before calling skb_postpull_rcsum() (Jakub Kicinski) - btrfs: fix an error handling path in btrfs_defrag_leaves() (Sasha Levin) - SUNRPC: ensure the matching upcall is in-flight upon downcall (minoura makoto) - drm/i915/migrate: fix length calculation (Matthew Auld) - drm/i915/migrate: fix offset calculation (Matthew Auld) - drm/i915/migrate: don't check the scratch page (Matthew Auld) - ext4: fix deadlock due to mbcache entry corruption (Jan Kara) - mbcache: automatically delete entries from cache on freeing (Jan Kara) - ext4: correct inconsistent error msg in nojournal mode (Baokun Li) - ext4: goto right label 'failed_mount3a' (Jason Yan) - ravb: Fix 'failed to switch device to config mode' message during unbind (Biju Das) - perf probe: Fix to get the DW_AT_decl_file and DW_AT_call_file as unsinged data (Masami Hiramatsu (Google)) - perf probe: Use dwarf_attr_integrate as generic DWARF attr accessor (Masami Hiramatsu (Google)) - media: s5p-mfc: Fix in register read and write for H264 (Smitha T Murthy) - media: s5p-mfc: Clear workbit to handle error condition (Smitha T Murthy) - media: s5p-mfc: Fix to handle reference queue during finishing (Smitha T Murthy) - x86/MCE/AMD: Clear DFR errors found in THR handler (Yazen Ghannam) - x86/mce: Get rid of msr_ops (Borislav Petkov) - btrfs: fix extent map use-after-free when handling missing device in read_one_chunk (void0red) - btrfs: move missing device handling in a dedicate function (Nikolay Borisov) - btrfs: replace strncpy() with strscpy() (Sasha Levin) - phy: qcom-qmp-combo: fix out-of-bounds clock access (Sasha Levin) - ARM: renumber bits related to _TIF_WORK_MASK (Jens Axboe) - ext4: fix off-by-one errors in fast-commit block filling (Eric Biggers) - ext4: fix unaligned memory access in ext4_fc_reserve_space() (Eric Biggers) - ext4: add missing validation of fast-commit record lengths (Eric Biggers) - ext4: don't set up encryption key during jbd2 transaction (Eric Biggers) - ext4: disable fast-commit of encrypted dir operations (Eric Biggers) - ext4: fix potential out of bound read in ext4_fc_replay_scan() (Eric Biggers) - ext4: factor out ext4_fc_get_tl() (Eric Biggers) - ext4: introduce EXT4_FC_TAG_BASE_LEN helper (Eric Biggers) - ext4: use ext4_debug() instead of jbd_debug() (Eric Biggers) - ext4: remove unused enum EXT4_FC_COMMIT_FAILED (Eric Biggers) - tracing: Fix issue of missing one synthetic field (Zheng Yejian) - block: mq-deadline: Fix dd_finish_request() for zoned devices (Damien Le Moal) - drm/amdgpu: make display pinning more flexible (v2) (Alex Deucher) - drm/amdgpu: handle polaris10/11 overlap asics (v2) (Alex Deucher) - ext4: allocate extended attribute value in vmalloc area (Ye Bin) - ext4: avoid unaccounted block allocation when expanding inode (Jan Kara) - ext4: initialize quota before expanding inode in setproject ioctl (Jan Kara) - ext4: fix inode leak in ext4_xattr_inode_create() on an error path (Ye Bin) - ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (Ye Bin) - ext4: avoid BUG_ON when creating xattrs (Jan Kara) - ext4: fix error code return to user-space in ext4_get_branch() (Luis Henriques) - ext4: fix corruption when online resizing a 1K bigalloc fs (Baokun Li) - ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline (Eric Whitney) - ext4: init quota for 'old.inode' in 'ext4_rename' (Ye Bin) - ext4: fix uninititialized value in 'ext4_evict_inode' (Ye Bin) - ext4: fix leaking uninitialized memory in fast-commit journal (Eric Biggers) - ext4: fix bug_on in __es_tree_search caused by bad boot loader inode (Baokun Li) - ext4: check and assert if marking an no_delete evicting inode dirty (Zhang Yi) - ext4: fix reserved cluster accounting in __es_remove_extent() (Ye Bin) - ext4: fix bug_on in __es_tree_search caused by bad quota inode (Baokun Li) - ext4: add helper to check quota inums (Baokun Li) - ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode (Baokun Li) - ext4: fix undefined behavior in bit shift for ext4_check_flag_values (Gaosheng Cui) - ext4: fix use-after-free in ext4_orphan_cleanup (Baokun Li) - fs: ext4: initialize fsdata in pagecache_write() (Alexander Potapenko) - ext4: remove trailing newline from ext4_msg() message (Luis Henriques) - ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop (Baokun Li) - ext4: silence the warning when evicting inode with dioread_nolock (Zhang Yi) - drm/ingenic: Fix missing platform_driver_unregister() call in ingenic_drm_init() (Yuan Can) - drm/i915/dsi: fix VBT send packet port selection for dual link DSI (Mikko Kovanen) - drm/vmwgfx: Validate the box size for the snooped cursor (Zack Rusin) - drm/connector: send hotplug uevent on connector cleanup (Simon Ser) - device_cgroup: Roll back to original exceptions after copy failure (Wang Weiyang) - parisc: led: Fix potential null-ptr-deref in start_task() (Shang XiaoJing) - remoteproc: core: Do pm_relax when in RPROC_OFFLINE state (Maria Yu) - iommu/amd: Fix ivrs_acpihid cmdline parsing code (Kim Phillips) - phy: qcom-qmp-combo: fix sc8180x reset (Johan Hovold) - driver core: Fix bus_type.match() error handling in __driver_attach() (Isaac J. Manjarres) - crypto: ccp - Add support for TEE for PCI ID 0x14CA (Mario Limonciello) - crypto: n2 - add missing hash statesize (Corentin Labbe) - riscv: mm: notify remote harts about mmu cache updates (Sergey Matyukevich) - riscv: stacktrace: Fixup ftrace_graph_ret_addr retp argument (Guo Ren) - PCI/sysfs: Fix double free in error path (Sascha Hauer) - PCI: Fix pci_device_is_present() for VFs by checking PF (Michael S. Tsirkin) - ipmi: fix use after free in _ipmi_destroy_user() (Dan Carpenter) - ima: Fix a potential NULL pointer access in ima_restore_measurement_list (Huaxin Lu) - mtd: spi-nor: Check for zero erase size in spi_nor_find_best_erase_type() (Alexander Sverdlin) - ipmi: fix long wait in unload when IPMI disconnect (Zhang Yuchen) - ipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection() (Maximilian Luz) - ASoC: jz4740-i2s: Handle independent FIFO flush bits (Aidan MacDonald) - wifi: wilc1000: sdio: fix module autoloading (Michael Walle) - efi: Add iMac Pro 2017 to uefi skip cert quirk (Aditya Garg) - md/bitmap: Fix bitmap chunk size overflow issues (Florian-Ewald Mueller) - block: mq-deadline: Do not break sequential write streams to zoned HDDs (Damien Le Moal) - rtc: ds1347: fix value written to century register (Ian Abbott) - cifs: fix missing display of three mount options (Steve French) - cifs: fix confusing debug message (Paulo Alcantara) - media: dvb-core: Fix UAF due to refcount races at releasing (Takashi Iwai) [Orabug: 34820628] {CVE-2022-41218} - media: dvb-core: Fix double free in dvb_register_device() (Keita Suzuki) - ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod (Nick Desaulniers) - staging: media: tegra-video: fix device_node use after free (Luca Ceresoli) - staging: media: tegra-video: fix chan->mipi value on error (Luca Ceresoli) - tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line (Yang Jihong) - tracing/probes: Handle system names with hyphens (Steven Rostedt (Google)) - tracing/hist: Fix wrong return value in parse_action_params() (Zheng Yejian) - tracing: Fix complicated dependency of CONFIG_TRACER_MAX_TRACE (Masami Hiramatsu (Google)) - tracing: Fix race where eprobes can be called before the event (Steven Rostedt (Google)) - x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (Masami Hiramatsu (Google)) - x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK (Masami Hiramatsu (Google)) - ftrace/x86: Add back ftrace_expected for ftrace bug reports (Steven Rostedt (Google)) - x86/microcode/intel: Do not retry microcode reloading on the APs (Ashok Raj) - KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1 (Sean Christopherson) - KVM: nVMX: Inject #GP, not #UD, if 'generic' VMXON CR0/CR4 check fails (Sean Christopherson) - KVM: VMX: Resume guest immediately when injecting #GP on ECREATE (Sean Christopherson) - of/kexec: Fix reading 32-bit 'linux,initrd-{start,end}' values (Rob Herring) - perf/core: Call LSM hook after copying perf_event_attr (Namhyung Kim) - tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx' (Zheng Yejian) - dm cache: set needs_check flag after aborting metadata (Mike Snitzer) - dm cache: Fix UAF in destroy() (Luo Meng) - dm clone: Fix UAF in clone_dtr() (Luo Meng) - dm integrity: Fix UAF in dm_integrity_dtr() (Luo Meng) - dm thin: Fix UAF in run_timer_softirq() (Luo Meng) - dm thin: resume even if in FAIL mode (Luo Meng) - dm thin: Use last transaction's pmd->root when commit failed (Zhihao Cheng) - dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (Zhihao Cheng) - dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (Mike Snitzer) - mptcp: remove MPTCP 'ifdef' in TCP SYN cookies (Matthieu Baerts) - mptcp: mark ops structures as ro_after_init (Florian Westphal) - fs: dlm: retry accept() until -EAGAIN or error returns (Alexander Aring) - fs: dlm: fix sock release if listen fails (Alexander Aring) - ALSA: hda/realtek: Apply dual codec fixup for Dell Latitude laptops (Chris Chiu) - ALSA: patch_realtek: Fix Dell Inspiron Plus 16 (Philipp Jungkamp) - cpufreq: Init completion before kobject_init_and_add() (Yongqiang Liu) - PM/devfreq: governor: Add a private governor_data for governor (Kant Fan) - selftests: Use optional USERCFLAGS and USERLDFLAGS (Mickael Salaun) - arm64: dts: qcom: sdm850-lenovo-yoga-c630: correct I2C12 pins drive strength (Krzysztof Kozlowski) - ARM: ux500: do not directly dereference __iomem (Jason A. Donenfeld) - btrfs: fix resolving backrefs for inline extent followed by prealloc (Boris Burkov) - mmc: sdhci-sprd: Disable CLK_AUTO when the clock is less than 400K (Wenchao Chen) - arm64: dts: qcom: sdm845-db845c: correct SPI2 pins drive strength (Krzysztof Kozlowski) - perf/x86/intel/uncore: Clear attr_update properly (Alexander Antonov) - perf/x86/intel/uncore: Disable I/O stacks to PMU mapping on ICX-D (Alexander Antonov) - jbd2: use the correct print format (Bixuan Cui) - ktest.pl minconfig: Unset configs instead of just removing them (Steven Rostedt) - kest.pl: Fix grub2 menu handling for rebooting (Steven Rostedt) - soc: qcom: Select REMAP_MMIO for LLCC driver (Manivannan Sadhasivam) - media: stv0288: use explicitly signed char (Jason A. Donenfeld) - net/af_packet: make sure to pull mac header (Eric Dumazet) - net/af_packet: add VLAN support for AF_PACKET SOCK_RAW GSO (Hangbin Liu) - rcu-tasks: Simplify trc_read_check_handler() atomic operations (Paul E. McKenney) - ASoC/SoundWire: dai: expand 'stream' concept beyond SoundWire (Pierre-Louis Bossart) - ASoC: Intel/SOF: use set_stream() instead of set_tdm_slots() for HDAudio (Pierre-Louis Bossart) - kcsan: Instrument memcpy/memset/memmove with newer Clang (Marco Elver) - SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails (Chuck Lever) - tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak (Hanjun Guo) - tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak (Hanjun Guo) - tpm: acpi: Call acpi_put_table() to fix memory leak (Hanjun Guo) - mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING (Deren Wu) - f2fs: allow to read node block after shutdown (Jaegeuk Kim) - f2fs: should put a page when checking the summary info (Pavel Machek) - mm, compaction: fix fast_isolate_around() to stay within boundaries (NARIBAYASHI Akira) - md: fix a crash in mempool_free (Mikulas Patocka) - mfd: mt6360: Add bounds checking in Regmap read/write call-backs (ChiYuan Huang) - pnode: terminate at peers of source (Christian Brauner) - ALSA: line6: fix stack overflow in line6_midi_transmit (Artem Egorkine) - ALSA: line6: correct midi status byte when receiving data from podxt (Artem Egorkine) - ovl: Use ovl mounter's fsuid and fsgid in ovl_link() (Zhang Tianci) - binfmt: Fix error return code in load_elf_fdpic_binary() (Wang Yufen) - hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (Aditya Garg) - pstore/zone: Use GFP_ATOMIC to allocate zone buffer (Qiujun Huang) - pstore: Properly assign mem_type property (Luca Stefani) - HID: plantronics: Additional PIDs for double volume key presses quirk (Terry Junge) - HID: multitouch: fix Asus ExpertBook P2 P2451FA trackpoint (Jose Exposito) - powerpc/rtas: avoid scheduling in rtas_os_term() (Nathan Lynch) - powerpc/rtas: avoid device tree lookups in rtas_os_term() (Nathan Lynch) - objtool: Fix SEGFAULT (Christophe Leroy) - fs/ntfs3: Fix slab-out-of-bounds in r_page (Yin Xiujiang) - fs/ntfs3: Delete duplicate condition in ntfs_read_mft() (Dan Carpenter) - fs/ntfs3: Use __GFP_NOWARN allocation at ntfs_fill_super() (Tetsuo Handa) - fs/ntfs3: Use __GFP_NOWARN allocation at wnd_init() (Tetsuo Handa) - fs/ntfs3: Validate index root when initialize NTFS security (Edward Lo) - soundwire: dmi-quirks: add quirk variant for LAPBC710 NUC15 (Pierre-Louis Bossart) - fs/ntfs3: Fix slab-out-of-bounds read in run_unpack (Hawkins Jiawei) - fs/ntfs3: Validate resident attribute name (Edward Lo) - fs/ntfs3: Validate buffer length while parsing index (Edward Lo) - fs/ntfs3: Validate attribute name offset (Edward Lo) - fs/ntfs3: Add null pointer check for inode operations (Edward Lo) - fs/ntfs3: Fix memory leak on ntfs_fill_super() error path (Shigeru Yoshida) - fs/ntfs3: Add null pointer check to attr_load_runs_vcn (Edward Lo) - fs/ntfs3: Validate data run offset (Edward Lo) - fs/ntfs3: Add overflow check for attribute size (edward lo) - fs/ntfs3: Validate BOOT record_size (edward lo) - nvmet: don't defer passthrough commands with trivial effects to the workqueue (Christoph Hellwig) - nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (Christoph Hellwig) - ata: ahci: Fix PCS quirk application for suspend (Adam Vodopjan) - block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq (Yu Kuai) - ACPI: resource: do IRQ override on Lenovo 14ALC7 (Adrian Freund) - ACPI: resource: do IRQ override on XMG Core 15 (Erik Schumacher) - ACPI: resource: do IRQ override on LENOVO IdeaPad (Jiri Slaby (SUSE)) - ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA (Tamim Khan) - nvme-pci: fix page size checks (Keith Busch) - nvme-pci: fix mempool alloc size (Keith Busch) - nvme-pci: fix doorbell buffer value endianness (Klaus Jensen) - cifs: fix oops during encryption (Paulo Alcantara) - usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init (Miaoqian Lin) - IB/mlx4: Implement backend callback for 'ib_get_vector_irqn' (Gerd Rausch) [Orabug: 34276618] - net/rds: Split send & receive vectors again (Gerd Rausch) [Orabug: 34276609] - drivers: base: cacheinfo: export symbol 'get_cpu_cacheinfo' (Gerd Rausch) [Orabug: 34276609] - net/rds: Bring tasklets back for better latency (Gerd Rausch) [Orabug: 34276240] - net/rds: Throttle check for CQ CPU affinity (Gerd Rausch) [Orabug: 34276240] - net/rds: Follow the observed CQ CPU affinity (Gerd Rausch) [Orabug: 34276240] - net/rds: Add 'preferred_cpu' option to 'rds_rdma.ko' (Gerd Rausch) [Orabug: 34276240] - net/mlx5: Add new verb 'ib_get_vector_irqn' (Gerd Rausch) [Orabug: 34276240] - net/rds: Use the preferred_cpu in rds_queue_{,delayed}_work (Gerd Rausch) [Orabug: 34276240] - net/rds: Make workers use the designated CPU (Gerd Rausch) [Orabug: 34276240] - net/rds: Put more CPU cores to work (Gerd Rausch) [Orabug: 34276240] - net/rds: Get rid of tasklets (Gerd Rausch) [Orabug: 34276240] - net/rds: Use the same vector for send & receive (Gerd Rausch) [Orabug: 34276240] - net/rds: Allocate rds_ib_{incoming,frag}_slab on HCA NUMA nodeid (Gerd Rausch) [Orabug: 34276240] - net/rds: Allocate pages on HCA NUMA nodeid (Gerd Rausch) [Orabug: 34276240] - uek-rpm: [act|cls]_bpf should be part of core (Alan Maguire) [Orabug: 34551630] - net/rds: Do not RESET_ALT_CONN if conn drops with DR_IB_DISCONNECTED_EVENT (Sharath Srinivasan) [Orabug: 34864406] - rds: ib: Keep IB MRs on clean_list unless we are tearing down the pool (Hakon Bugge) [Orabug: 34987233] - rds: ib: Add FRWR related statistics counters (Hakon Bugge) [Orabug: 34987233] - scsi: megaraid_sas: Skip syncing the RAID map on older controllers (Martin K. Petersen) [Orabug: 35028425] - iommu/amd: Don't block updates to GATag if guest mode is already on (Joao Martins) [Orabug: 34988288] - IB/core: Make GID table entry (gid_idx) available immediately (Konrad Rzeszutek Wilk) [Orabug: 35015836] - iommu/amd: Disable AVIC on certain systems BIOS (Joao Martins) [Orabug: 35018580] - xfs: fix incorrect i_nlink caused by inode racing (Long Li) [Orabug: 35021004] IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-23455 CVE-2022-4129 CVE-2023-23454 CVE-2023-0266 CVE-2023-23559 CVE-2023-0394 CVE-2022-41218 CVE-2022-47929 Oracle Linux 8 Oracle Linux 9 [5.15.0-100.96.32] - crypto: Report fips module name and version for aarch64 (Saeed Mirzamohammadi) [Orabug: 35225251] - uek-rpm: Enable RFC7919 config for aarch64 (Saeed Mirzamohammadi) [Orabug: 35225251] [5.15.0-100.96.31] - uek-rpm: Update linux-firmware dependency (Somasundaram Krishnasamy) [Orabug: 35213423] - block: bio-integrity: Copy flags when bio_integrity_payload is cloned (Martin K. Petersen) [Orabug: 35209013] - scsi: qla2xxx: Synchronize the IOCB count to be in order (Quinn Tran) [Orabug: 35209013] - scsi: qla2xxx: Perform lockless command completion in abort path (Nilesh Javali) [Orabug: 35209013] [5.15.0-100.96.30] - perf/x86/uncore: Don't WARN_ON_ONCE() for a broken discovery table (Kan Liang) [Orabug: 35151818] - perf/x86/uncore: Add a quirk for UPI on SPR (Kan Liang) [Orabug: 35151818] - perf/x86/uncore: Ignore broken units in discovery table (Kan Liang) [Orabug: 35151818] - perf/x86/uncore: Fix potential NULL pointer in uncore_get_alias_name (Kan Liang) [Orabug: 35151818] - perf/x86/uncore: Factor out uncore_device_to_die() (Kan Liang) [Orabug: 35151818] - Revert 'perf/x86/uncore: Factor out uncore_device_to_die()' (Thomas Tai) [Orabug: 35151818] - Revert 'perf/x86/uncore: Fix potential NULL pointer in uncore_get_alias_name' (Thomas Tai) [Orabug: 35151818] - Revert 'perf/x86/uncore: Ignore broken units in discovery table' (Thomas Tai) [Orabug: 35151818] - Revert 'perf/x86/uncore: Add a quirk for UPI on SPR' (Thomas Tai) [Orabug: 35151818] - Revert 'perf/x86/uncore: Don't WARN_ON_ONCE() for a broken discovery table' (Thomas Tai) [Orabug: 35151818] - ionic: remove unnecessary void casts (Shannon Nelson) [Orabug: 35166570] - ionic: remove unnecessary indirection (Shannon Nelson) [Orabug: 35166570] - ionic: missed doorbell workaround (Allen Hubbe) [Orabug: 35166570] - ionic: refactor use of ionic_rx_fill() (Neel Patel) [Orabug: 35166570] - ionic: enable tunnel offloads (Neel Patel) [Orabug: 35166570] - ionic: new ionic device identity level and VF start control (Shannon Nelson) [Orabug: 35166570] - ionic: only save the user set VF attributes (Shannon Nelson) [Orabug: 35166570] - ionic: replay VF attributes after fw crash recovery (Shannon Nelson) [Orabug: 35166570] - ionic: change order of devlink port register and netdev register (Jiri Pirko) [Orabug: 35166570] - ionic: no transition while stopping (Shannon Nelson) [Orabug: 35166570] - ionic: use vmalloc include (Shannon Nelson) [Orabug: 35166570] - ionic: clean up comments and whitespace (Shannon Nelson) [Orabug: 35166570] - ionic: prefer strscpy over strlcpy (Shannon Nelson) [Orabug: 35166570] - ionic: Use vzalloc for large per-queue related buffers (Brett Creeley) [Orabug: 35166570] - ionic: catch transition back to RUNNING with fw_generation 0 (Shannon Nelson) [Orabug: 35166570] - ionic: replace set_vf data with union (Shannon Nelson) [Orabug: 35166570] - ionic: stretch heartbeat detection (Shannon Nelson) [Orabug: 35166570] - ionic: remove the dbid_inuse bitmap (Shannon Nelson) [Orabug: 35166570] - ionic: disable napi when ionic_lif_init() fails (Brett Creeley) [Orabug: 35166570] - ionic: Cleanups in the Tx hotpath code (Brett Creeley) [Orabug: 35166570] - ionic: Prevent filter add/del err msgs when the device is not available (Brett Creeley) [Orabug: 35166570] - ionic: Query FW when getting VF info via ndo_get_vf_config (Brett Creeley) [Orabug: 35166570] - ionic: Allow flexibility for error reporting on dev commands (Brett Creeley) [Orabug: 35166570] - ionic: Correctly print AQ errors if completions aren't received (Brett Creeley) [Orabug: 35166570] - ionic: fix up printing of timeout error (Shannon Nelson) [Orabug: 35166570] - ionic: better handling of RESET event (Shannon Nelson) [Orabug: 35166570] - ionic: add FW_STOPPING state (Shannon Nelson) [Orabug: 35166570] - ionic: separate function for watchdog init (Shannon Nelson) [Orabug: 35166570] - ionic: no devlink_unregister if not registered (Shannon Nelson) [Orabug: 35166570] - ionic: tame the filter no space message (Shannon Nelson) [Orabug: 35166570] - ionic: allow adminq requests to override default error message (Shannon Nelson) [Orabug: 35166570] - ionic: handle vlan id overflow (Shannon Nelson) [Orabug: 35166570] - ionic: generic filter delete (Shannon Nelson) [Orabug: 35166570] - ionic: generic filter add (Shannon Nelson) [Orabug: 35166570] - ionic: add generic filter search (Shannon Nelson) [Orabug: 35166570] - ionic: remove mac overflow flags (Shannon Nelson) [Orabug: 35166570] - ionic: move lif mac address functions (Shannon Nelson) [Orabug: 35166570] - ionic: add filterlist to debugfs (Shannon Nelson) [Orabug: 35166570] - ionic: add lif param to ionic_qcq_disable (Shannon Nelson) [Orabug: 35166570] - ionic: have ionic_qcq_disable decide on sending to hardware (Shannon Nelson) [Orabug: 35166570] - ionic: add polling to adminq wait (Shannon Nelson) [Orabug: 35166570] - ionic: move lif mutex setup and delete (Shannon Nelson) [Orabug: 35166570] - ionic: check for binary values in FW ver string (Shannon Nelson) [Orabug: 35166570] - ionic: remove debug stats (Shannon Nelson) [Orabug: 35166570] - ionic: Move devlink registration to be last devlink command (Leon Romanovsky) [Orabug: 35166570] - crypto: jitter - update max health test failure in FIPS mode (Saeed Mirzamohammadi) [Orabug: 35160891] - mm: use padata for copying page ranges in vma_dup() (Anthony Yznaga) [Orabug: 35054621] - mm: parallelize unmap_page_range() for some large VMAs (Anthony Yznaga) [Orabug: 35054621] - mm: fix VMA_BUG_ON_MM due to mmap_lock not held (Anthony Yznaga) [Orabug: 35054621] - mm: avoid early cow when copying ptes for MADV_DOEXEC (Anthony Yznaga) [Orabug: 35054621] - net/rds: serialize up+down-work to relax strict ordering (Gerd Rausch) [Orabug: 35094721] - nvme-pci: add NVME_QUIRK_BOGUS_NID for Samsung PM1733a (Saeed Mirzamohammadi) [Orabug: 35145945] - nvme-pci: add NVME_QUIRK_BOGUS_NID for Samsung PM173X (Saeed Mirzamohammadi) [Orabug: 35146608] - rds: ib: Fix non-parenthetical mutex/semaphore use (Hakon Bugge) [Orabug: 35155112] - Revert 'btrfs: free device in btrfs_close_devices for a single device filesystem' (Vijayendra Suman) [Orabug: 35161535] [5.15.0-100.96.29] - NFSD: register/unregister of nfsd-client shrinker at nfsd startup/shutdown time (Dai Ngo) [Orabug: 35059907] - NFSD: refactoring courtesy_client_reaper to a generic low memory shrinker (Dai Ngo) [Orabug: 35059907] - NFSD: unregister shrinker when nfsd_init_net() fails (Tetsuo Handa) [Orabug: 35059907] - NFSD: add shrinker to reap courtesy clients on low memory condition (Dai Ngo) [Orabug: 35059907] - NFSD: keep track of the number of courtesy clients in the system (Dai Ngo) [Orabug: 35059907] - crypto: drbg - oversampling of Jitter RNG (Saeed Mirzamohammadi) [Orabug: 35141114] - crypto: tcrypt - KAT for ffdhe* algorithms (Saeed Mirzamohammadi) [Orabug: 35141114] - crypto: jitter - panic on health test failure (Saeed Mirzamohammadi) [Orabug: 35141114] - scsi: qla2xxx: Update version to 10.02.08.100-k (Nilesh Javali) [Orabug: 35007285] - scsi: qla2xxx: Fix IOCB resource check warning (Nilesh Javali) [Orabug: 35007285] - scsi: qla2xxx: Remove increment of interface err cnt (Saurav Kashyap) [Orabug: 35007285] - scsi: qla2xxx: Fix erroneous link down (Quinn Tran) [Orabug: 35007285] - scsi: qla2xxx: Remove unintended flag clearing (Quinn Tran) [Orabug: 35007285] - scsi: qla2xxx: Fix stalled login (Quinn Tran) [Orabug: 35007285] - scsi: qla2xxx: Fix exchange oversubscription for management commands (Quinn Tran) [Orabug: 35007285] - scsi: qla2xxx: Fix exchange oversubscription (Quinn Tran) [Orabug: 35007285] - scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests (Arun Easi) [Orabug: 35007285] - scsi: qla2xxx: Fix link failure in NPIV environment (Quinn Tran) [Orabug: 35007285] - scsi: qla2xxx: Check if port is online before sending ELS (Shreyas Deodhar) [Orabug: 35007285] - scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV hosts (Gleb Chesnokov) [Orabug: 35007285] - scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization (Gleb Chesnokov) [Orabug: 35007285] - scsi: qla2xxx: Remove unused variable 'found_devs' (Colin Ian King) [Orabug: 35007285] - scsi: qla2xxx: Fix serialization of DCBX TLV data request (Rafael Mendonca) [Orabug: 35007285] - scsi: qla2xxx: Remove unused declarations for qla2xxx (Gaosheng Cui) [Orabug: 35007285] - scsi: qla2xxx: Fix spelling mistake 'definiton' -> 'definition' (Colin Ian King) [Orabug: 35007285] - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (Mike Christie) [Orabug: 35007285] - ACPI: processor: idle: Disable ACPI C-state probing for xen hvm guest (Joe Jin) [Orabug: 35043629] - uek-rpm: x86_64 enable CONFIG_SLS (Maciej S. Szmigiero) [Orabug: 35073535] - net: qede: Remove unnecessary synchronize_irq() before free_irq() (Minghao Chi) [Orabug: 34901373] - uek-rpm: Disable CONFIG_USB_NET_RNDIS_WLAN (Rhythm Mahajan) [Orabug: 35037701] - certs: Add FIPS selftests (David Howells) [Orabug: 35080500] - certs: Move load_certificate_list() to be with the asymmetric keys code (David Howells) [Orabug: 35080500] - uek-rpm: Enable RFC7919 config (Saeed Mirzamohammadi) [Orabug: 35080500] - Revert 'KVM: x86/xen: Maintain valid mapping of Xen shared_info page' (Vijayendra Suman) [Orabug: 34929435] - Revert 'KVM: x86: Fix wall clock writes in Xen shared_info not to mark page dirty' (Vijayendra Suman) [Orabug: 34929435] - Revert 'crypto: rsa - flag instantiations as FIPS compliant' (Saeed Mirzamohammadi) [Orabug: 35054646] - uek-rpm/config-aarch64: Enable CONFIG_CLK_RASPBERRYPI (Vijay Kumar) [Orabug: 35018498] - vfio/mlx5: Allow loading of larger images than 512 MB (Yishai Hadas) [Orabug: 35027279] - vfio/mlx5: Fix UBSAN note (Yishai Hadas) [Orabug: 35027279] - vfio/mlx5: error pointer dereference in error handling (Dan Carpenter) [Orabug: 35027279] - vfio/mlx5: fix error code in mlx5vf_precopy_ioctl() (Dan Carpenter) [Orabug: 35027279] - vfio/mlx5: Enable MIGRATION_PRE_COPY flag (Shay Drory) [Orabug: 35027279] - vfio/mlx5: Fallback to STOP_COPY upon specific PRE_COPY error (Shay Drory) [Orabug: 35027279] - vfio/mlx5: Introduce multiple loads (Yishai Hadas) [Orabug: 35027279] - vfio/mlx5: Consider temporary end of stream as part of PRE_COPY (Yishai Hadas) [Orabug: 35027279] - vfio/mlx5: Introduce vfio precopy ioctl implementation (Yishai Hadas) [Orabug: 35027279] - vfio/mlx5: Introduce SW headers for migration states (Yishai Hadas) [Orabug: 35027279] - vfio/mlx5: Introduce device transitions of PRE_COPY (Yishai Hadas) [Orabug: 35027279] - vfio/mlx5: Refactor to use queue based data chunks (Yishai Hadas) [Orabug: 35027279] - vfio/mlx5: Refactor migration file state (Yishai Hadas) [Orabug: 35027279] - vfio/mlx5: Refactor MKEY usage (Yishai Hadas) [Orabug: 35027279] - vfio/mlx5: Refactor PD usage (Yishai Hadas) [Orabug: 35027279] - vfio/mlx5: Enforce a single SAVE command at a time (Yishai Hadas) [Orabug: 35027279] - vfio: Extend the device migration protocol with PRE_COPY (Jason Gunthorpe) [Orabug: 35027279] - net/mlx5: Introduce ifc bits for pre_copy (Shay Drory) [Orabug: 35027279] - net/mlx5: Add the log_min_mkey_entity_size capability (Maxim Mikityanskiy) [Orabug: 35027279] - vfio/iova_bitmap: refactor iova_bitmap_set() to better handle page boundaries (Joao Martins) [Orabug: 35027279] - vfio/mlx5: Fix a typo in mlx5vf_cmd_load_vhca_state() (Yishai Hadas) [Orabug: 35027279] - vfio: Add an option to get migration data size (Yishai Hadas) [Orabug: 35027279] - vfio/mlx5: Switch to use module_pci_driver() macro (Shang XiaoJing) [Orabug: 35027279] - uek-rpm: core: Move few modules which are recently enabled to core. (Harshit Mogalapalli) [Orabug: 34774213] - tools arch x86: Sync the msr-index.h copy with the kernel sources (Arnaldo Carvalho de Melo) [Orabug: 34977257] - crypto: panic on PCT failure for dh and ecdh (Saeed Mirzamohammadi) [Orabug: 34971139] - uek-rpm: mod-extra: Move modules which are recently enabled to extras (Harshit Mogalapalli) [Orabug: 34774213] - Allow the ima keyring to trust all keys in the machine keyring (Eric Snowberg) [Orabug: 34873856] - Revert 'X.509: Parse Basic Constraints for CA' (Eric Snowberg) [Orabug: 34873856] - Revert 'KEYS: CA link restriction' (Eric Snowberg) [Orabug: 34873856] - Revert 'integrity: restrict INTEGRITY_KEYRING_MACHINE to restrict_link_by_ca' (Eric Snowberg) [Orabug: 34873856] - Revert 'integrity: change ima link restriction to trust the machine keyring' (Eric Snowberg) [Orabug: 34873856] - net/mlx5: Drain fw_reset when removing device (Shay Drory) [Orabug: 34816080] - net/mlx5e: CT: Fix setting flow_source for smfs ct tuples (Paul Blakey) [Orabug: 34816080] - net/mlx5e: CT: Fix support for GRE tuples (Paul Blakey) [Orabug: 34816080] - net/mlx5e: Remove HW-GRO from reported features (Gal Pressman) [Orabug: 34816080] - net/mlx5e: Properly block HW GRO when XDP is enabled (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Properly block LRO when XDP is enabled (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Block rx-gro-hw feature in switchdev mode (Aya Levin) [Orabug: 34816080] - net/mlx5e: Wrap mlx5e_trap_napi_poll into rcu_read_lock (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5: DR, Ignore modify TTL on RX if device doesn't support it (Yevgeny Kliteynik) [Orabug: 34816080] - net/mlx5: Initialize flow steering during driver probe (Shay Drory) [Orabug: 34816080] - mlxsw: Avoid warning during ip6gre device removal (Amit Cohen) [Orabug: 34816080] - net/mlx5: Fix matching on inner TTC (Mark Bloch) [Orabug: 34816080] - net/mlx5e: Avoid checking offload capability in post_parse action (Ariel Levkovich) [Orabug: 34816080] - net/mlx5e: TC, fix decap fallback to uplink when int port not supported (Ariel Levkovich) [Orabug: 34816080] - net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (Ariel Levkovich) [Orabug: 34816080] - net/mlx5e: Fix wrong source vport matching on tunnel rule (Ariel Levkovich) [Orabug: 34816080] - net: Handle l3mdev in ip_tunnel_init_flow (David Ahern) [Orabug: 34816080] - net/mlx5e: Fix build warning, detected write beyond size of field (Saeed Mahameed) [Orabug: 34816080] - net/mlx5e: HTB, remove unused function declaration (Saeed Mahameed) [Orabug: 34816080] - net/mlx5e: Statify function mlx5_cmd_trigger_completions (Tariq Toukan) [Orabug: 34816080] - net/mlx5e: Remove MLX5E_XDP_TX_DS_COUNT (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Permit XDP with non-linear legacy RQ (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Support multi buffer XDP_TX (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Unindent the else-block in mlx5e_xmit_xdp_buff (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Implement sending multi buffer XDP frames (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Don't prefill WQEs in XDP SQ in the multi buffer mode (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Remove assignment of inline_hdr.sz on XDP TX (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Move mlx5e_xdpi_fifo_push out of xmit_xdp_frame (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Store DMA address inside struct page (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Add XDP multi buffer support to the non-linear legacy RQ (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Use page-sized fragments with XDP multi buffer (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Use fragments of the same size in non-linear legacy RQ with XDP (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Prepare non-linear legacy RQ for XDP multi buffer support (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5: Remove unused fill page array API function (Tariq Toukan) [Orabug: 34816080] - net/mlx5: Remove unused exported contiguous coherent buffer allocation API (Tariq Toukan) [Orabug: 34816080] - net/mlx5: CT: Remove extra rhashtable remove on tuple entries (Paul Blakey) [Orabug: 34816080] - net/mlx5: DR, Remove hw_ste from mlx5dr_ste to reduce memory (Rongwei Liu) [Orabug: 34816080] - net/mlx5: DR, Remove 4 members from mlx5dr_ste_htbl to reduce memory (Rongwei Liu) [Orabug: 34816080] - net/mlx5: DR, Remove num_of_entries byte_size from struct mlx5_dr_icm_chunk (Rongwei Liu) [Orabug: 34816080] - net/mlx5: DR, Remove icm_addr from mlx5dr_icm_chunk to reduce memory (Rongwei Liu) [Orabug: 34816080] - net/mlx5: DR, Remove mr_addr rkey from struct mlx5dr_icm_chunk (Rongwei Liu) [Orabug: 34816080] - net/mlx5: DR, Adjust structure member to reduce memory hole (Rongwei Liu) [Orabug: 34816080] - net/mlx5e: Drop cqe_bcnt32 from mlx5e_skb_from_cqe_mpwrq_linear (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Drop the len output parameter from mlx5e_xdp_handle (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: RX, Test the XDP program existence out of the handler (Tariq Toukan) [Orabug: 34816080] - net/mlx5e: Build SKB in place over the first fragment in non-linear legacy RQ (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Add headroom only to the first fragment in legacy RQ (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Validate MTU when building non-linear legacy RQ fragments info (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: MPLSoUDP encap, support action vlan pop_eth explicitly (Maor Dickman) [Orabug: 34816080] - net/mlx5e: MPLSoUDP decap, use vlan push_eth instead of pedit (Maor Dickman) [Orabug: 34816080] - net/sched: add vlan push_eth and pop_eth action to the hardware IR (Maor Dickman) [Orabug: 34816080] - net: Add l3mdev index to flow struct and avoid oif reset for port devices (David Ahern) [Orabug: 34816080] - net/mlx5e: Fix use-after-free in mlx5e_stats_grp_sw_update_stats (Saeed Mahameed) [Orabug: 34816080] - net/mlx4_en: use kzalloc (Julia Lawall) [Orabug: 34816080] - net/mlx5: Parse module mapping using mlx5_ifc (Gal Pressman) [Orabug: 34816080] - net/mlx5: Query the maximum MCIA register read size from firmware (Gal Pressman) [Orabug: 34816080] - net/mlx5: CT: Create smfs dr matchers dynamically (Paul Blakey) [Orabug: 34816080] - net/mlx5: CT: Add software steering ct flow steering provider (Paul Blakey) [Orabug: 34816080] - net/mlx5: Add smfs lib to export direct steering API to CT (Paul Blakey) [Orabug: 34816080] - net/mlx5: DR, Add helper to get backing dr table from a mlx5 flow table (Paul Blakey) [Orabug: 34816080] - net/mlx5: CT: Introduce a platform for multiple flow steering providers (Paul Blakey) [Orabug: 34816080] - net/mlx5: Node-aware allocation for the doorbell pgdir (Tariq Toukan) [Orabug: 34816080] - net/mlx5: Node-aware allocation for UAR (Tariq Toukan) [Orabug: 34816080] - net/mlx5: Node-aware allocation for the EQs (Tariq Toukan) [Orabug: 34816080] - net/mlx5: Node-aware allocation for the EQ table (Tariq Toukan) [Orabug: 34816080] - net/mlx5: Node-aware allocation for the IRQ table (Tariq Toukan) [Orabug: 34816080] - net/mlx5: Delete useless module.h include (Leon Romanovsky) [Orabug: 34816080] - net/mlx4: Delete useless moduleparam include (Leon Romanovsky) [Orabug: 34816080] - net/mlx5: DR, Add support for ConnectX-7 steering (Yevgeny Kliteynik) [Orabug: 34816080] - net/mlx5: DR, Refactor ste_ctx handling for STE v0/1 (Yevgeny Kliteynik) [Orabug: 34816080] - net/mlx5: DR, Rename action modify fields to reflect naming in HW spec (Yevgeny Kliteynik) [Orabug: 34816080] - net/mlx5: DR, Fix handling of different actions on the same STE in STEv1 (Yevgeny Kliteynik) [Orabug: 34816080] - net/mlx5: DR, Remove unneeded comments (Yevgeny Kliteynik) [Orabug: 34816080] - net/mlx5: DR, Add support for matching on Internet Header Length (IHL) (Yevgeny Kliteynik) [Orabug: 34816080] - net/mlx5: DR, Align mlx5dv_dr API vport action with FW behavior (Shun Hao) [Orabug: 34816080] - net/mlx5: Add debugfs counters for page commands failures (Moshe Shemesh) [Orabug: 34816080] - net/mlx5: Add pages debugfs (Moshe Shemesh) [Orabug: 34816080] - net/mlx5: Move debugfs entries to separate struct (Moshe Shemesh) [Orabug: 34816080] - net/mlx5: Change release_all_pages cap bit location (Moshe Shemesh) [Orabug: 34816080] - net/mlx5: Remove redundant error on reclaim pages (Moshe Shemesh) [Orabug: 34816080] - net/mlx5: Remove redundant error on give pages (Moshe Shemesh) [Orabug: 34816080] - net/mlx5: Remove redundant notify fail on give pages (Moshe Shemesh) [Orabug: 34816080] - net/mlx5: Add command failures data to debugfs (Moshe Shemesh) [Orabug: 34816080] - net/mlx5e: TC, Fix use after free in mlx5e_clone_flow_attr_for_post_act() (Dan Carpenter) [Orabug: 34816080] - net/mlx5: Support GRE conntrack offload (Toshiaki Makita) [Orabug: 34816080] - mlxsw: Add support for IFLA_OFFLOAD_XSTATS_L3_STATS (Petr Machata) [Orabug: 34816080] - mlxsw: Extract classification of router-related events to a helper (Petr Machata) [Orabug: 34816080] - mlxsw: spectrum_router: Drop mlxsw_sp arg from counter alloc/free functions (Petr Machata) [Orabug: 34816080] - mlxsw: reg: Fix packing of router interface counters (Petr Machata) [Orabug: 34816080] - net: rtnetlink: Add UAPI toggle for IFLA_OFFLOAD_XSTATS_L3_STATS (Petr Machata) [Orabug: 34816080] - net: rtnetlink: Add RTM_SETSTATS (Petr Machata) [Orabug: 34816080] - net: rtnetlink: Add UAPI for obtaining L3 offload xstats (Petr Machata) [Orabug: 34816080] - net: dev: Add hardware stats support (Petr Machata) [Orabug: 34816080] - net: rtnetlink: Propagate extack to rtnl_offload_xstats_fill() (Petr Machata) [Orabug: 34816080] - net: rtnetlink: RTM_GETSTATS: Allow filtering inside nests (Petr Machata) [Orabug: 34816080] - net: rtnetlink: Stop assuming that IFLA_OFFLOAD_XSTATS_* are dev-backed (Petr Machata) [Orabug: 34816080] - net: rtnetlink: Namespace functions related to IFLA_OFFLOAD_XSTATS_* (Petr Machata) [Orabug: 34816080] - mlx5: add support for page_pool_get_stats (Joe Damato) [Orabug: 34816080] - flow_offload: reject offload for all drivers with invalid police parameters (Jianbo Liu) [Orabug: 34816080] - net: flow_offload: add tc police action parameters (Jianbo Liu) [Orabug: 34816080] - net/mlx5: Add clarification on sync reset failure (Moshe Shemesh) [Orabug: 34816080] - net/mlx5: Add reset_state field to MFRL register (Moshe Shemesh) [Orabug: 34816080] - net/mlx5: cmdif, Refactor error handling and reporting of async commands (Saeed Mahameed) [Orabug: 34816080] - net/mlx5: Use mlx5_cmd_do() in core create_{cq,dct} (Saeed Mahameed) [Orabug: 34816080] - net/mlx5: cmdif, Add new api for command execution (Saeed Mahameed) [Orabug: 34816080] - net/mlx5: cmdif, cmd_check refactoring (Saeed Mahameed) [Orabug: 34816080] - net/mlx5: cmdif, Return value improvements (Saeed Mahameed) [Orabug: 34816080] - net/mlx5: Lag, offload active-backup drops to hardware (Mark Bloch) [Orabug: 34816080] - net/mlx5: Lag, record inactive state of bond device (Mark Bloch) [Orabug: 34816080] - net/mlx5: Lag, don't use magic numbers for ports (Mark Bloch) [Orabug: 34816080] - net/mlx5: Lag, use local variable already defined to access E-Switch (Mark Bloch) [Orabug: 34816080] - net/mlx5: E-switch, add drop rule support to ingress ACL (Mark Bloch) [Orabug: 34816080] - net/mlx5: E-switch, remove special uplink ingress ACL handling (Mark Bloch) [Orabug: 34816080] - net/mlx5: E-Switch, reserve and use same uplink metadata across ports (Sunil Rani) [Orabug: 34816080] - net/mlx5: Add ability to insert to specific flow group (Mark Bloch) [Orabug: 34816080] - mlx5: remove unused static inlines (Jakub Kicinski) [Orabug: 34816080] - mlxsw: core: Add support for OSFP transceiver modules (Danielle Ratson) [Orabug: 34816080] - mlxsw: Remove resource query check (Ido Schimmel) [Orabug: 34816080] - mlxsw: core: Unify method of trap support validation (Vadim Pasternak) [Orabug: 34816080] - mlxsw: spectrum: Remove SP{1,2,3} defines for FW minor and subminor (Jiri Pirko) [Orabug: 34816080] - mlxsw: core: Remove unnecessary asserts (Vadim Pasternak) [Orabug: 34816080] - mlxsw: reg: Add 'mgpir_' prefix to MGPIR fields comments (Vadim Pasternak) [Orabug: 34816080] - mlxsw: core_thermal: Remove obsolete API for query resource (Vadim Pasternak) [Orabug: 34816080] - mlxsw: core_thermal: Rename labels according to naming convention (Vadim Pasternak) [Orabug: 34816080] - mlxsw: core_hwmon: Fix variable names for hwmon attributes (Vadim Pasternak) [Orabug: 34816080] - mlxsw: core_thermal: Avoid creation of virtual hwmon objects by thermal module (Vadim Pasternak) [Orabug: 34816080] - mlxsw: spectrum_span: Ignore VLAN entries not used by the bridge in mirroring (Ido Schimmel) [Orabug: 34816080] - mlxsw: core: Prevent trap group setting if driver does not support EMAD (Vadim Pasternak) [Orabug: 34816080] - mlxsw: spectrum: remove guards against !BRIDGE_VLAN_INFO_BRENTRY (Vladimir Oltean) [Orabug: 34816080] - net/mlx5e: TC, Allow sample action with CT (Roi Dayan) [Orabug: 34816080] - net/mlx5e: TC, Make post_act parse CT and sample actions (Roi Dayan) [Orabug: 34816080] - net/mlx5e: TC, Clean redundant counter flag from tc action parsers (Roi Dayan) [Orabug: 34816080] - net/mlx5e: Use multi table support for CT and sample actions (Roi Dayan) [Orabug: 34816080] - net/mlx5e: Create new flow attr for multi table actions (Roi Dayan) [Orabug: 34816080] - net/mlx5e: Add post act offload/unoffload API (Roi Dayan) [Orabug: 34816080] - net/mlx5e: Pass actions param to actions_match_supported() (Roi Dayan) [Orabug: 34816080] - net/mlx5e: TC, Move flow hashtable to be per rep (Paul Blakey) [Orabug: 34816080] - net/mlx5e: E-Switch, Add support for tx_port_ts in switchdev mode (Aya Levin) [Orabug: 34816080] - net/mlx5e: E-Switch, Add PTP counters for uplink representor (Aya Levin) [Orabug: 34816080] - net/mlx5e: RX, Restrict bulk size for small Striding RQs (Tariq Toukan) [Orabug: 34816080] - net/mlx5e: Default to Striding RQ when not conflicting with CQE compression (Tariq Toukan) [Orabug: 34816080] - net/mlx5e: Generalize packet merge error message (Tariq Toukan) [Orabug: 34816080] - net/mlx5e: Add support for using xdp->data_meta (Alex Liu) [Orabug: 34816080] - net/mlx5e: Fix spelling mistake 'supoported' -> 'supported' (Colin Ian King) [Orabug: 34816080] - net: rtnetlink: rtnl_stats_get(): Emit an extack for unset filter_mask (Petr Machata) [Orabug: 34816080] - net/mlx5e: Optimize the common case condition in mlx5e_select_queue (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Optimize modulo in mlx5e_select_queue (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Optimize mlx5e_select_queue (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Use READ_ONCE/WRITE_ONCE for DCBX trust state (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Move repeating code that gets TC prio into a function (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Use select queue parameters to sync with control flow (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Move mlx5e_select_queue to en/selq.c (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Introduce select queue parameters (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Sync txq2sq updates with mlx5e_xmit for HTB queues (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Use a barrier after updating txq2sq (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Cleanup of start/stop all queues (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Use FW limitation for max MPW WQEBBs (Aya Levin) [Orabug: 34816080] - net/mlx5e: Read max WQEBBs on the SQ from firmware (Aya Levin) [Orabug: 34816080] - net/mlx5e: Remove unused tstamp SQ field (Tariq Toukan) [Orabug: 34816080] - mlxsw: Support FLOW_ACTION_MANGLE for SIP and DIP IPv6 addresses (Danielle Ratson) [Orabug: 34816080] - mlxsw: Support FLOW_ACTION_MANGLE for SIP and DIP IPv4 addresses (Danielle Ratson) [Orabug: 34816080] - mlxsw: core_acl_flex_actions: Add SIP_DIP_ACTION (Danielle Ratson) [Orabug: 34816080] - mlxsw: spectrum_acl: Allocate default actions for internal TCAM regions (Ido Schimmel) [Orabug: 34816080] - mlxsw: spectrum: Guard against invalid local ports (Amit Cohen) [Orabug: 34816080] - mlxsw: core: Consolidate trap groups to a single event group (Jiri Pirko) [Orabug: 34816080] - mlxsw: core: Move functions to register/unregister array of traps to core.c (Jiri Pirko) [Orabug: 34816080] - mlxsw: core: Move basic trap group initialization from spectrum.c (Jiri Pirko) [Orabug: 34816080] - mlxsw: core: Move basic_trap_groups_set() call out of EMAD init code (Jiri Pirko) [Orabug: 34816080] - mlxsw: spectrum: Set basic trap groups from an array (Jiri Pirko) [Orabug: 34816080] - net/mlx5: VLAN push on RX, pop on TX (Dima Chumak) [Orabug: 34816080] - net/mlx5: Introduce software defined steering capabilities (Dima Chumak) [Orabug: 34816080] - net/mlx5: Remove unused TIR modify bitmask enums (Tariq Toukan) [Orabug: 34816080] - net/mlx5e: CT, Remove redundant flow args from tc ct calls (Roi Dayan) [Orabug: 34816080] - net/mlx5e: TC, Store mapped tunnel id on flow attr (Roi Dayan) [Orabug: 34816080] - net/mlx5e: Test CT and SAMPLE on flow attr (Roi Dayan) [Orabug: 34816080] - net/mlx5e: Refactor eswitch attr flags to just attr flags (Roi Dayan) [Orabug: 34816080] - net/mlx5e: CT, Don't set flow flag CT for ct clear flow (Roi Dayan) [Orabug: 34816080] - net/mlx5e: TC, Hold sample_attr on stack instead of pointer (Roi Dayan) [Orabug: 34816080] - net/mlx5e: TC, Reject rules with multiple CT actions (Roi Dayan) [Orabug: 34816080] - net/mlx5e: TC, Pass attr to tc_act can_offload() (Roi Dayan) [Orabug: 34816080] - net/mlx5e: TC, Split pedit offloads verify from alloc_tc_pedit_action() (Roi Dayan) [Orabug: 34816080] - net/mlx5e: TC, Move pedit_headers_action to parse_attr (Roi Dayan) [Orabug: 34816080] - net/mlx5e: Move counter creation call to alloc_flow_attr_counter() (Roi Dayan) [Orabug: 34816080] - net/mlx5e: Pass attr arg for attaching/detaching encaps (Roi Dayan) [Orabug: 34816080] - net/mlx5e: Move code chunk setting encap dests into its own function (Roi Dayan) [Orabug: 34816080] - mlxsw: spectrum_kvdl: Use struct_size() helper in kzalloc() (Gustavo A. R. Silva) [Orabug: 34816080] - mlxsw: core_env: Forbid module reset on RJ45 ports (Danielle Ratson) [Orabug: 34816080] - mlxsw: core_env: Forbid power mode set and get on RJ45 ports (Danielle Ratson) [Orabug: 34816080] - mlxsw: core_env: Forbid getting module EEPROM on RJ45 ports (Danielle Ratson) [Orabug: 34816080] - mlxsw: core_env: Query and store port module's type during initialization (Danielle Ratson) [Orabug: 34816080] - mlxsw: reg: Add Port Module Type Mapping register (Danielle Ratson) [Orabug: 34816080] - mlxsw: spectrum_ethtool: Add support for two new link modes (Danielle Ratson) [Orabug: 34816080] - mlxsw: Add netdev argument to mlxsw_env_get_module_info() (Danielle Ratson) [Orabug: 34816080] - mlxsw: core_env: Do not pass number of modules as argument (Ido Schimmel) [Orabug: 34816080] - mlxsw: spectrum_ethtool: Remove redundant variable (Ido Schimmel) [Orabug: 34816080] - bpf: introduce BPF_F_XDP_HAS_FRAGS flag in prog_flags loading the ebpf program (Lorenzo Bianconi) [Orabug: 34816080] - net: xdp: add xdp_update_skb_shared_info utility routine (Lorenzo Bianconi) [Orabug: 34816080] - xdp: introduce flags field in xdp_buff/xdp_frame (Lorenzo Bianconi) [Orabug: 34816080] - net: skbuff: add size metadata to skb_shared_info for xdp (Lorenzo Bianconi) [Orabug: 34816080] - flow_offload: allow user to offload tc action to net device (Baowen Zheng) [Orabug: 34816080] - flow_offload: add ops to tc_action_ops for flow action setup (Baowen Zheng) [Orabug: 34816080] - flow_offload: rename offload functions with offload instead of flow (Baowen Zheng) [Orabug: 34816080] - devlink: hold the instance lock during eswitch_mode callbacks (Jakub Kicinski) [Orabug: 34816080] - netdevsim: replace vfs_lock with devlink instance lock (Jakub Kicinski) [Orabug: 34816080] - netdevsim: fix uninit value in nsim_drv_configure_vfs() (Jakub Kicinski) [Orabug: 34816080] - netdevsim: replace port_list_lock with devlink instance lock (Jakub Kicinski) [Orabug: 34816080] - devlink: add explicitly locked flavor of the rate node APIs (Jakub Kicinski) [Orabug: 34816080] - bnxt: use the devlink instance lock to protect sriov (Jakub Kicinski) [Orabug: 34816080] - devlink: pass devlink_port to port_split / port_unsplit callbacks (Jakub Kicinski) [Orabug: 34816080] - devlink: hold the instance lock in port_split / port_unsplit callbacks (Jakub Kicinski) [Orabug: 34816080] - eth: mlxsw: switch to explicit locking for port registration (Jakub Kicinski) [Orabug: 34816080] - eth: nfp: replace driver's 'pf' lock with devlink instance lock (Jakub Kicinski) [Orabug: 34816080] - eth: nfp: wrap locking assertions in helpers (Jakub Kicinski) [Orabug: 34816080] - devlink: expose instance locking and add locked port registering (Jakub Kicinski) [Orabug: 34816080] - netdevsim: rename 'driver' entry points (Jakub Kicinski) [Orabug: 34816080] - netdevsim: move max vf config to dev (Jakub Kicinski) [Orabug: 34816080] - netdevsim: move details of vf config to dev (Jakub Kicinski) [Orabug: 34816080] - uek-rpm: Define CONFIG_MLX5_VFIO_PCI=m (Joao Martins) [Orabug: 34778256] - vfio/mlx5: Set VF as migratable (Yishai Hadas) [Orabug: 34778256] - net/mlx5: Introduce ifc bits for migratable (Yishai Hadas) [Orabug: 34778256] - vfio/iova_bitmap: Fix PAGE_SIZE unaligned bitmaps (Joao Martins) [Orabug: 34778256] - vfio/mlx5: Set the driver DMA logging callbacks (Yishai Hadas) [Orabug: 34778256] - vfio/mlx5: Manage error scenarios on tracker (Yishai Hadas) [Orabug: 34778256] - vfio/mlx5: Report dirty pages from tracker (Yishai Hadas) [Orabug: 34778256] - vfio/mlx5: Create and destroy page tracker object (Yishai Hadas) [Orabug: 34778256] - vfio/mlx5: Init QP based resources for dirty tracking (Yishai Hadas) [Orabug: 34778256] - vfio: Introduce the DMA logging feature support (Yishai Hadas) [Orabug: 34778256] - vfio: Add an IOVA bitmap support (Joao Martins) [Orabug: 34778256] - vfio: Introduce DMA logging uAPIs (Yishai Hadas) [Orabug: 34778256] - net/mlx5: Query ADV_VIRTUALIZATION capabilities (Yishai Hadas) [Orabug: 34778256] - net/mlx5: Introduce ifc bits for page tracker (Yishai Hadas) [Orabug: 34778256] - vfio: Move vfio.c to vfio_main.c (Jason Gunthorpe) [Orabug: 34778256] - net/mlx5: Use software VHCA id when it's supported (Yishai Hadas) [Orabug: 34778256] - net/mlx5: Introduce ifc bits for using software vhca id (Yishai Hadas) [Orabug: 34778256] - vfio: Split migration ops from main device ops (Yishai Hadas) [Orabug: 34778256] - vfio/mlx5: Protect mlx5vf_disable_fds() upon close device (Yishai Hadas) [Orabug: 34778256] - vfio/pci: Have all VFIO PCI drivers store the vfio_pci_core_device in drvdata (Jason Gunthorpe) [Orabug: 34778256] - vfio/mlx5: Run the SAVE state command in an async mode (Yishai Hadas) [Orabug: 34778256] - vfio/mlx5: Refactor to enable VFs migration in parallel (Yishai Hadas) [Orabug: 34778256] - vfio/mlx5: Manage the VF attach/detach callback from the PF (Yishai Hadas) [Orabug: 34778256] - net/mlx5: Expose mlx5_sriov_blocking_notifier_register / unregister APIs (Yishai Hadas) [Orabug: 34778256] - vfio/mlx5: Fix to not use 0 as NULL pointer (Yishai Hadas) [Orabug: 34778256] - vfio/mlx5: Use its own PCI reset_done error handler (Yishai Hadas) [Orabug: 34778256] - vfio/pci: Expose vfio_pci_core_aer_err_detected() (Yishai Hadas) [Orabug: 34778256] - vfio/mlx5: Implement vfio_pci driver for mlx5 devices (Yishai Hadas) [Orabug: 34778256] - vfio/mlx5: Expose migration commands over mlx5 device (Yishai Hadas) [Orabug: 34778256] - vfio: Remove migration protocol v1 documentation (Jason Gunthorpe) [Orabug: 34778256] - vfio: Extend the device migration protocol with RUNNING_P2P (Jason Gunthorpe) [Orabug: 34778256] - vfio: Define device migration protocol v2 (Jason Gunthorpe) [Orabug: 34778256] - vfio: Have the core code decode the VFIO_DEVICE_FEATURE ioctl (Jason Gunthorpe) [Orabug: 34778256] - net/mlx5: Add migration commands definitions (Yishai Hadas) [Orabug: 34778256] - net/mlx5: Introduce migration bits and structures (Yishai Hadas) [Orabug: 34778256] - net/mlx5: Expose APIs to get/put the mlx5 core device (Yishai Hadas) [Orabug: 34778256] - PCI/IOV: Add pci_iov_get_pf_drvdata() to allow VF reaching the drvdata of a PF (Jason Gunthorpe) [Orabug: 34778256] - net/mlx5: Disable SRIOV before PF removal (Yishai Hadas) [Orabug: 34778256] - net/mlx5: Reuse exported virtfn index function call (Leon Romanovsky) [Orabug: 34778256] - PCI/IOV: Add pci_iov_vf_id() to get VF index (Jason Gunthorpe) [Orabug: 34778256] - NFSv4.2: Fix up an invalid combination of memory allocation flags (Trond Myklebust) [Orabug: 34844640] - Add SecureBoot signing for aarch64 arch (Sherry Yang) [Orabug: 34845745] - uek-rpm: Fix 'make olddefconfig' BLAKE2S crypto warnings (Harshit Mogalapalli) [Orabug: 34644522] - RHCK 9.1 builtin option change to module for UEK7u1 (Vijayendra Suman) [Orabug: 34687867] - uek-rpm: Disable few config options that we enabled previously. (Harshit Mogalapalli) [Orabug: 34803318] - qlogic: qed: fix clang -Wformat warnings (Justin Stitt) [Orabug: 34789504] - qed: Use bitmap_empty() (Christophe JAILLET) [Orabug: 34789504] - qed: Use the bitmap API to allocate bitmaps (Christophe JAILLET) [Orabug: 34789504] - qlogic/qed: fix repeated words in comments (Jilin Yuan) [Orabug: 34789504] - qed: fix typos in comments (Julia Lawall) [Orabug: 34789504] - net: qed: fix typos in comments (Julia Lawall) [Orabug: 34789504] - RDMA/qedr: Remove unnecessary synchronize_irq() before free_irq() (Minghao Chi) [Orabug: 34789504] - qed: Remove unnecessary synchronize_irq() before free_irq() (Minghao Chi) [Orabug: 34789504] - qed: replace bitmap_weight with bitmap_empty in qed_roce_stop() (Yury Norov) [Orabug: 34789504] - qed: rework qed_rdma_bmap_free() (Yury Norov) [Orabug: 34789504] - qede: Reduce verbosity of ptp tx timestamp (Prabhakar Kushwaha) [Orabug: 34789504] - qed: Remove IP services API. (Guillaume Nault) [Orabug: 34789504] - qed: remove an unneed NULL check on list iterator (Xiaomeng Tong) [Orabug: 34789504] - qed: fix ethtool register dump (Manish Chopra) [Orabug: 34789504] - qed: remove unnecessary memset in qed_init_fw_funcs (Wan Jiabing) [Orabug: 34789504] - qed: prevent a fw assert during device shutdown (Venkata Sudheer Kumar Bhavaraju) [Orabug: 34789504] - qed: use msleep() in qed_mcp_cmd() and add qed_mcp_cmd_nosleep() for udelay. (Venkata Sudheer Kumar Bhavaraju) [Orabug: 34789504] - qed: Use dma_set_mask_and_coherent() and simplify code (Christophe JAILLET) [Orabug: 34789504] - qed*: esl priv flag support through ethtool (Manish Chopra) [Orabug: 34789504] - qed*: enhance tx timeout debug info (Manish Chopra) [Orabug: 34789504] - qed: Enhance rammod debug prints to provide pretty details (Prabhakar Kushwaha) [Orabug: 34789504] - net: qed: fix the array may be out of bound (zhangyue) [Orabug: 34789504] - qed: Use the bitmap API to simplify some functions (Christophe JAILLET) [Orabug: 34789504] - RDMA/qed: Use helper function to set GUIDs (Kamal Heib) [Orabug: 34789504] - net: qed_dev: fix check of true !rc expression (Jean Sacren) [Orabug: 34789504] - net: qed_ptp: fix check of true !rc expression (Jean Sacren) [Orabug: 34789504] - RDMA/qedr: Remove unsupported qedr_resize_cq callback (Kamal Heib) [Orabug: 34789504] - qed: Change the TCP common variable - 'iscsi_ooo' (Shai Malin) [Orabug: 34789504] - qed: Optimize the ll2 ooo flow (Shai Malin) [Orabug: 34789504] - net: qed_debug: fix check of false (grc_param < 0) expression (Jean Sacren) [Orabug: 34789504] - qed: Fix compilation for CONFIG_QED_SRIOV undefined scenario (Prabhakar Kushwaha) [Orabug: 34789504] - qed: Initialize debug string array (Tim Gardner) [Orabug: 34789504] - qed: Fix spelling mistake 'ctx_bsaed' -> 'ctx_based' (Colin Ian King) [Orabug: 34789504] - qed: fix ll2 establishment during load of RDMA driver (Manish Chopra) [Orabug: 34789504] - qed: Update the TCP active termination 2 MSL timer ('TIME_WAIT') (Prabhakar Kushwaha) [Orabug: 34789504] - qed: Update TCP silly-window-syndrome timeout for iwarp, scsi (Nikolay Assa) [Orabug: 34789504] - qed: Update debug related changes (Prabhakar Kushwaha) [Orabug: 34789504] - qed: Add '_GTT' suffix to the IRO RAM macros (Prabhakar Kushwaha) [Orabug: 34789504] - qed: Update FW init functions to support FW 8.59.1.0 (Omkar Kulkarni) [Orabug: 34789504] - qed: Use enum as per FW 8.59.1.0 in qed_iro_hsi.h (Prabhakar Kushwaha) [Orabug: 34789504] - qed: Update qed_hsi.h for fw 8.59.1.0 (Prabhakar Kushwaha) [Orabug: 34789504] - qed: Update qed_mfw_hsi.h for FW ver 8.59.1.0 (Prabhakar Kushwaha) [Orabug: 34789504] - qed: Update common_hsi for FW ver 8.59.1.0 (Prabhakar Kushwaha) [Orabug: 34789504] - qed: Split huge qed_hsi.h header file (Omkar Kulkarni) [Orabug: 34789504] - qed: Remove e4_ and _e4 from FW HSI (Shai Malin) [Orabug: 34789504] - pmem: fix a name collision (Jane Chu) [Orabug: 34670103] - pmem: implement pmem_recovery_write() (Jane Chu) [Orabug: 34670103] - pmem: refactor pmem_clear_poison() (Jane Chu) [Orabug: 34670103] - dax: add .recovery_write dax_operation (Jane Chu) [Orabug: 34670103] - dax: introduce DAX_RECOVERY_WRITE dax access mode (Jane Chu) [Orabug: 34670103] - dm-linear: add a linear_dax_pgoff helpe (Jane Chu) [Orabug: 34670103] - dm-log-writes: add a log_writes_dax_pgoff helper (Jane Chu) [Orabug: 34670103] - dm-stripe: add a stripe_dax_pgoff helper (Jane Chu) [Orabug: 34670103] - mce: fix set_mce_nospec to always unmap the whole page (Jane Chu) [Orabug: 34670103] - x86/mce: relocate set{clear}_mce_nospec() functions (Jane Chu) [Orabug: 34670103] - acpi/nfit: rely on mce->misc to determine poison granularity (Jane Chu) [Orabug: 34670103] - crypto: seqiv - flag instantiations as FIPS compliant (Vladis Dronov) [Orabug: 34711430] - crypto: rsa - flag instantiations as FIPS compliant (Saeed Mirzamohammadi) [Orabug: 34711430] - crypto: ecdh - implement FIPS PCT (Nicolai Stange) [Orabug: 34711430] - crypto: dh - implement FIPS PCT (Nicolai Stange) [Orabug: 34711430] - crypto: dh - calculate Q from P for the full public key verification (Nicolai Stange) [Orabug: 34711430] - lib/mpi: export mpi_rshift (Nicolai Stange) [Orabug: 34711430] - crypto: dh - allow for passing NULL to the ffdheXYZ(dh)s' ->set_secret() (Nicolai Stange) [Orabug: 34711430] - crypto: testmgr - add keygen tests for ffdheXYZ(dh) templates (Nicolai Stange) [Orabug: 34711430] - crypto: dh - implement private key generation primitive for ffdheXYZ(dh) (Nicolai Stange) [Orabug: 34711430] - crypto: testmgr - add known answer tests for ffdheXYZ(dh) templates (Nicolai Stange) [Orabug: 34711430] - crypto: dh - implement ffdheXYZ(dh) templates (Nicolai Stange) [Orabug: 34711430] - crypto: dh - introduce common code for built-in safe-prime group support (Nicolai Stange) [Orabug: 34711430] - crypto: dh - split out deserialization code from crypto_dh_decode() (Nicolai Stange) [Orabug: 34711430] - crypto: dh - constify struct dh's pointer members (Nicolai Stange) [Orabug: 34711430] - crypto: dh - remove struct dh's ->q member (Nicolai Stange) [Orabug: 34711430] - crypto: kpp - provide support for KPP spawns (Nicolai Stange) [Orabug: 34711430] - crypto: kpp - provide support for KPP template instances (Nicolai Stange) [Orabug: 34711430] - crypto: xts - restrict key lengths to approved values in FIPS mode (Nicolai Stange) [Orabug: 34711430] - crypto: hmac - disallow keys < 112 bits in FIPS mode (Stephan Muller) [Orabug: 34711430] - crypto: dh - limit key size to 2048 in FIPS mode (Stephan Muller) [Orabug: 34711430] - crypto: rsa - limit key size to 2048 in FIPS mode (Stephan Muller) [Orabug: 34711430] - crypto: HMAC - add fips_skip support (Stephan Muller) [Orabug: 34711430] - crypto: disallow drbg with sha384 hash in FIPS mode (Saeed Mirzamohammadi) [Orabug: 34711430] - crypto: des - disallow des3 in FIPS mode (Stephan Muller) [Orabug: 34711430] - crypto: dh - disallow plain 'dh' usage in FIPS mode (Nicolai Stange) [Orabug: 34711430] - crypto: ecdh - disallow plain 'ecdh' usage in FIPS mode (Saeed Mirzamohammadi) [Orabug: 34711430] - crypto: testmgr - disallow plain cbcmac(aes) and ghash in FIPS mode (Saeed Mirzamohammadi) [Orabug: 34711430] - crypto: api - allow algs only in specific constructions in FIPS mode (Nicolai Stange) [Orabug: 34711430] - NFSv4.2: Fix missing removal of SLAB_ACCOUNT on kmem_cache allocation (Muchun Song) [Orabug: 34717841] - slab: remove __alloc_size attribute from __kmalloc_track_caller (Greg Kroah-Hartman) [Orabug: 34717841] - mm: memcontrol: rename memcg_cache_id to memcg_kmem_id (Muchun Song) [Orabug: 34717841] - mm: list_lru: rename list_lru_per_memcg to list_lru_memcg (Muchun Song) [Orabug: 34717841] - mm: memcontrol: fix cannot alloc the maximum memcg ID (Muchun Song) [Orabug: 34717841] - mm: memcontrol: reuse memory cgroup ID for kmem ID (Muchun Song) [Orabug: 34717841] - mm: list_lru: replace linear array with xarray (Muchun Song) [Orabug: 34717841] - mm: list_lru: rename memcg_drain_all_list_lrus to memcg_reparent_list_lrus (Muchun Song) [Orabug: 34717841] - mm: list_lru: allocate list_lru_one only when needed (Muchun Song) [Orabug: 34717841] - mm: memcontrol: move memcg_online_kmem() to mem_cgroup_css_online() (Muchun Song) [Orabug: 34717841] - xarray: use kmem_cache_alloc_lru to allocate xa_node (Muchun Song) [Orabug: 34717841] - mm: dcache: use kmem_cache_alloc_lru() to allocate dentry (Muchun Song) [Orabug: 34717841] - f2fs: allocate inode by using alloc_inode_sb() (Muchun Song) [Orabug: 34717841] - fs: allocate inode by using alloc_inode_sb() (Muchun Song) [Orabug: 34717841] - fs: introduce alloc_inode_sb() to allocate filesystems specific inode (Muchun Song) [Orabug: 34717841] - mm: introduce kmem_cache_alloc_lru (Muchun Song) [Orabug: 34717841] - mm: list_lru: transpose the array of per-node per-memcg lru lists (Muchun Song) [Orabug: 34717841] - mm: list_lru: only add memcg-aware lrus to the global lru list (Muchun Song) [Orabug: 34717841] - mm: list_lru: fix the return value of list_lru_count_one() (Muchun Song) [Orabug: 34717841] - mm: list_lru: remove holding lru lock (Muchun Song) [Orabug: 34717841] - mm: memcontrol: remove the kmem states (Muchun Song) [Orabug: 34717841] - mm: memcontrol: remove kmemcg_id reparenting (Muchun Song) [Orabug: 34717841] - mm/memcg: remove obsolete memcg_free_kmem() (Waiman Long) [Orabug: 34717841] - memcg, kmem: further deprecate kmem.limit_in_bytes (Shakeel Butt) [Orabug: 34717841] - mm/list_lru.c: prefer struct_size over open coded arithmetic (Len Baker) [Orabug: 34717841] - slab: add __alloc_size attributes for better bounds checking (Kees Cook) [Orabug: 34717841] - slab: clean up function prototypes (Kees Cook) [Orabug: 34717841] - net/mlx5e: SHAMPO, reduce TIR indication (Ben Ben-Ishay) [Orabug: 34481188] - net/mlx5: Fix offloading with ESWITCH_IPV4_TTL_MODIFY_ENABLE (Dima Chumak) [Orabug: 34481188] - net/mlx5e: Fix VF min/max rate parameters interchange mistake (Gal Pressman) [Orabug: 34481188] - net/mlx5e: Add missing increment of count (Lama Kayal) [Orabug: 34481188] - net/mlx5e: Fix MPLSoUDP encap to use MPLS action information (Maor Dickman) [Orabug: 34481188] - net/mlx5e: Add feature check for set fec counters (Lama Kayal) [Orabug: 34481188] - net/mlx5e: TC, Skip redundant ct clear actions (Roi Dayan) [Orabug: 34481188] - net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte (Yevgeny Kliteynik) [Orabug: 34481188] - net/mlx5e: Avoid field-overflowing memcpy() (Kees Cook) [Orabug: 34481188] - net/mlx5e: Use struct_group() for memcpy() region (Kees Cook) [Orabug: 34481188] - net/mlx5e: Avoid implicit modify hdr for decap drop rule (Roi Dayan) [Orabug: 34481188] - net/mlx5e: Fix broken SKB allocation in HW-GRO (Khalid Manaa) [Orabug: 34481188] - net/mlx5e: Fix wrong calculation of header index in HW_GRO (Khalid Manaa) [Orabug: 34481188] - net/mlx5e: TC, Reject rules with forward and drop actions (Roi Dayan) [Orabug: 34481188] - net/mlx5e: TC, Reject rules with drop and modify hdr action (Roi Dayan) [Orabug: 34481188] - net/mlx5e: Fix build error in fec_set_block_stats() (Jakub Kicinski) [Orabug: 34481188] - mlxsw: spectrum: Extend to support Spectrum-4 ASIC (Amit Cohen) [Orabug: 34481188] - mlxsw: spectrum_acl_bloom_filter: Add support for Spectrum-4 calculation (Amit Cohen) [Orabug: 34481188] - mlxsw: Add operations structure for bloom filter calculation (Amit Cohen) [Orabug: 34481188] - mlxsw: spectrum_acl_bloom_filter: Rename Spectrum-2 specific objects for future use (Amit Cohen) [Orabug: 34481188] - mlxsw: spectrum_acl_bloom_filter: Make mlxsw_sp_acl_bf_key_encode() more flexible (Amit Cohen) [Orabug: 34481188] - mlxsw: spectrum_acl_bloom_filter: Reorder functions to make the code more aesthetic (Amit Cohen) [Orabug: 34481188] - mlxsw: Introduce flex key elements for Spectrum-4 (Amit Cohen) [Orabug: 34481188] - mlxsw: Rename virtual router flex key element (Amit Cohen) [Orabug: 34481188] - net/mlx5e: Fix nullptr on deleting mirroring rule (Dima Chumak) [Orabug: 34481188] - net/mlx5e: Add recovery flow in case of error CQE (Gal Pressman) [Orabug: 34481188] - net/mlx5e: TC, Remove redundant error logging (Roi Dayan) [Orabug: 34481188] - net/mlx5e: Refactor set_pflag_cqe_based_moder (Saeed Mahameed) [Orabug: 34481188] - net/mlx5e: Move HW-GRO and CQE compression check to fix features flow (Gal Pressman) [Orabug: 34481188] - net/mlx5e: Fix feature check per profile (Aya Levin) [Orabug: 34481188] - net/mlx5e: Expose FEC counters via ethtool (Lama Kayal) [Orabug: 34481188] - net/mlx5: SF, Use all available cpu for setting cpu affinity (Shay Drory) [Orabug: 34481188] - net/mlx5: Introduce API for bulk request and release of IRQs (Shay Drory) [Orabug: 34481188] - net/mlx5: Split irq_pool_affinity logic to new file (Shay Drory) [Orabug: 34481188] - net/mlx5: Move affinity assignment into irq_request (Shay Drory) [Orabug: 34481188] - net/mlx5: Introduce control IRQ request API (Shay Drory) [Orabug: 34481188] - net/mlx5: mlx5e_hv_vhca_stats_create return type to void (Saeed Mahameed) [Orabug: 34481188] - net: fixup build after bpf header changes (Jakub Kicinski) [Orabug: 34481188] - net/mlx5: CT: Set flow source hint from provided tuple device (Paul Blakey) [Orabug: 34481188] - net/mlx5: Set SMFS as a default steering mode if device supports it (Yevgeny Kliteynik) [Orabug: 34481188] - net/mlx5: DR, Ignore modify TTL if device doesn't support it (Yevgeny Kliteynik) [Orabug: 34481188] - net/mlx5: DR, Improve steering for empty or RX/TX-only matchers (Yevgeny Kliteynik) [Orabug: 34481188] - net/mlx5: DR, Add support for matching on geneve_tlv_option_0_exist field (Yevgeny Kliteynik) [Orabug: 34481188] - net/mlx5: DR, Support matching on tunnel headers 0 and 1 (Muhammad Sammar) [Orabug: 34481188] - net/mlx5: DR, Add misc5 to match_param structs (Muhammad Sammar) [Orabug: 34481188] - net/mlx5: Add misc5 flow table match parameters (Muhammad Sammar) [Orabug: 34481188] - net/mlx5: DR, Warn on failure to destroy objects due to refcount (Yevgeny Kliteynik) [Orabug: 34481188] - net/mlx5: DR, Add support for UPLINK destination type (Yevgeny Kliteynik) [Orabug: 34481188] - net/mlx5: DR, Add support for dumping steering info (Muhammad Sammar) [Orabug: 34481188] - net/mlx5: DR, Add missing reserved fields to dr_match_param (Muhammad Sammar) [Orabug: 34481188] - net/mlx5: DR, Add check for flex parser ID value (Yevgeny Kliteynik) [Orabug: 34481188] - net/mlx5: DR, Remove unused struct member in matcher (Yevgeny Kliteynik) [Orabug: 34481188] - net/mlx5: DR, Fix lower case macro prefix 'mlx5_' to 'MLX5_' (Yevgeny Kliteynik) [Orabug: 34481188] - net/mlx5: DR, Fix error flow in creating matcher (Yevgeny Kliteynik) [Orabug: 34481188] - mlxsw: spectrum_flower: Make vlan_id limitation more specific (Amit Cohen) [Orabug: 34481188] - net/mlx5e: Use auxiliary_device driver data helpers (David E. Box) [Orabug: 34481188] - driver core: auxiliary bus: Add driver data helpers (David E. Box) [Orabug: 34481188] - net/mlx5e: Take packet_merge params directly from the RX res struct (Tariq Toukan) [Orabug: 34481188] - net/mlx5e: Allocate per-channel stats dynamically at first usage (Lama Kayal) [Orabug: 34481188] - net/mlx5e: Use dynamic per-channel allocations in stats (Tariq Toukan) [Orabug: 34481188] - net/mlx5e: Allow profile-specific limitation on max num of channels (Tariq Toukan) [Orabug: 34481188] - net/mlx5e: Save memory by using dynamic allocation in netdev priv (Tariq Toukan) [Orabug: 34481188] - net/mlx5e: Add profile indications for PTP and QOS HTB features (Tariq Toukan) [Orabug: 34481188] - net/mlx5e: Use bitmap field for profile features (Tariq Toukan) [Orabug: 34481188] - net/mlx5: Remove the repeated declaration (Shaokun Zhang) [Orabug: 34481188] - net/mlx5: Let user configure max_macs generic param (Shay Drory) [Orabug: 34481188] - net/mlx5: Let user configure event_eq_size param (Shay Drory) [Orabug: 34481188] - devlink: Add new 'event_eq_size' generic device param (Shay Drory) [Orabug: 34481188] - net/mlx5: Let user configure io_eq_size param (Shay Drory) [Orabug: 34481188] - devlink: Add new 'io_eq_size' generic device param (Shay Drory) [Orabug: 34481188] - mlxsw: core: Extend devlink health reporter with new events and parameters (Danielle Ratson) [Orabug: 34481188] - mlxsw: reg: Extend MFDE register with new events and parameters (Danielle Ratson) [Orabug: 34481188] - mlxsw: core: Convert a series of if statements to switch case (Danielle Ratson) [Orabug: 34481188] - mlxsw: Fix naming convention of MFDE fields (Danielle Ratson) [Orabug: 34481188] - flow_offload: add index to flow_action_entry structure (Baowen Zheng) [Orabug: 34481188] - flow_offload: reject to offload tc actions in offload drivers (Baowen Zheng) [Orabug: 34481188] - net/mlx5: Introduce log_max_current_uc_list_wr_supported bit (Shay Drory) [Orabug: 34481188] - mlxsw: Add support for VxLAN with IPv6 underlay (Amit Cohen) [Orabug: 34481188] - mlxsw: spectrum_nve: Keep track of IPv6 addresses used by FDB entries (Amit Cohen) [Orabug: 34481188] - mlxsw: reg: Add a function to fill IPv6 unicast FDB entries (Amit Cohen) [Orabug: 34481188] - mlxsw: Split handling of FDB tunnel entries between address families (Amit Cohen) [Orabug: 34481188] - mlxsw: spectrum_nve_vxlan: Make VxLAN flags check per address family (Amit Cohen) [Orabug: 34481188] - mlxsw: spectrum_ipip: Use common hash table for IPv6 address mapping (Amit Cohen) [Orabug: 34481188] - mlxsw: spectrum: Add hash table for IPv6 address mapping (Amit Cohen) [Orabug: 34481188] - net/mlx5e: Move goto action checks into tc_action goto post parse op (Roi Dayan) [Orabug: 34481188] - net/mlx5e: Move vlan action chunk into tc action vlan post parse op (Roi Dayan) [Orabug: 34481188] - net/mlx5e: Add post_parse() op to tc action infrastructure (Roi Dayan) [Orabug: 34481188] - net/mlx5e: Move sample attr allocation to tc_action sample parse op (Roi Dayan) [Orabug: 34481188] - net/mlx5e: TC action parsing loop (Roi Dayan) [Orabug: 34481188] - net/mlx5e: Add redirect ingress to tc action infra (Roi Dayan) [Orabug: 34481188] - net/mlx5e: Add sample and ptype to tc_action infra (Roi Dayan) [Orabug: 34481188] - net/mlx5e: Add ct to tc action infra (Roi Dayan) [Orabug: 34481188] - net/mlx5e: Add mirred/redirect to tc action infra (Roi Dayan) [Orabug: 34481188] - net/mlx5e: Add mpls push/pop to tc action infra (Roi Dayan) [Orabug: 34481188] - net/mlx5e: Add vlan push/pop/mangle to tc action infra (Roi Dayan) [Orabug: 34481188] - net/mlx5e: Add pedit to tc action infra (Roi Dayan) [Orabug: 34481188] - net/mlx5e: Add csum to tc action infra (Roi Dayan) [Orabug: 34481188] - net/mlx5e: Add tunnel encap/decap to tc action infra (Roi Dayan) [Orabug: 34481188] - net/mlx5e: Add goto to tc action infra (Roi Dayan) [Orabug: 34481188] - net/mlx5e: Add tc action infrastructure (Roi Dayan) [Orabug: 34481188] - net_tstamp: add new flag HWTSTAMP_FLAG_BONDED_PHC_INDEX (Hangbin Liu) [Orabug: 34481188] - net/mlx5: Create more priorities for FDB bypass namespace (Maor Gottlieb) [Orabug: 34481188] - net/mlx5: Refactor mlx5_get_flow_namespace (Maor Gottlieb) [Orabug: 34481188] - net/mlx5: Separate FDB namespace (Maor Gottlieb) [Orabug: 34481188] - bpf: Let bpf_warn_invalid_xdp_action() report more info (Paolo Abeni) [Orabug: 34481188] - net/mlx4: Use irq_update_affinity_hint() (Nitesh Narayan Lal) [Orabug: 34481188] - net/mlx5: Use irq_set_affinity_and_hint() (Nitesh Narayan Lal) [Orabug: 34481188] - genirq: Provide new interfaces for affinity hints (Thomas Gleixner) [Orabug: 34481188] - net/mlx5: Dynamically resize flow counters query buffer (Avihai Horon) [Orabug: 34481188] - net/mlx5e: TC, Set flow attr ip_version earlier (Roi Dayan) [Orabug: 34481188] - net/mlx5e: TC, Move common flow_action checks into function (Roi Dayan) [Orabug: 34481188] - net/mlx5e: Remove redundant actions arg from vlan push/pop funcs (Roi Dayan) [Orabug: 34481188] - net/mlx5e: Remove redundant actions arg from validate_goto_chain() (Roi Dayan) [Orabug: 34481188] - net/mlx5e: TC, Remove redundant action stack var (Roi Dayan) [Orabug: 34481188] - net/mlx5e: Hide function mlx5e_num_channels_changed (Tariq Toukan) [Orabug: 34481188] - net/mlx5e: SHAMPO, clean MLX5E_MAX_KLM_PER_WQE macro (Ben Ben-Ishay) [Orabug: 34481188] - net/mlx5: SF, silence an uninitialized variable warning (Dan Carpenter) [Orabug: 34481188] - net/mlx5: Fix error return code in esw_qos_create() (Wei Yongjun) [Orabug: 34481188] - mlx5: fix mlx5i_grp_sw_update_stats() stack usage (Arnd Bergmann) [Orabug: 34481188] - mlx5: fix psample_sample_packet link error (Arnd Bergmann) [Orabug: 34481188] - mlxsw: Use Switch Multicast ID Register Version 2 (Amit Cohen) [Orabug: 34481188] - mlxsw: Use Switch Flooding Table Register Version 2 (Amit Cohen) [Orabug: 34481188] - mlxsw: Add support for more than 256 ports in SBSR register (Amit Cohen) [Orabug: 34481188] - mlxsw: Use u16 for local_port field instead of u8 (Amit Cohen) [Orabug: 34481188] - mlxsw: reg: Adjust PPCNT register to support local port 255 (Amit Cohen) [Orabug: 34481188] - mlxsw: reg: Increase 'port_num' field in PMTDB register (Amit Cohen) [Orabug: 34481188] - mlxsw: reg: Align existing registers to use extended local_port field (Amit Cohen) [Orabug: 34481188] - mlxsw: item: Add support for local_port field in a split form (Amit Cohen) [Orabug: 34481188] - mlxsw: reg: Remove unused functions (Amit Cohen) [Orabug: 34481188] - mlxsw: spectrum: Bump minimum FW version to xx.2010.1006 (Amit Cohen) [Orabug: 34481188] - devlink: Simplify devlink resources unregister call (Leon Romanovsky) [Orabug: 34481188] - mlxsw: spectrum_router: Remove deadcode in mlxsw_sp_rif_mac_profile_find (Danielle Ratson) [Orabug: 34481188] - devlink: Add 'enable_iwarp' generic device param (Shiraz Saleem) [Orabug: 34481188] - mlxsw: constify address in mlxsw_sp_port_dev_addr_set (Jakub Kicinski) [Orabug: 34481188] - stmmac: fix build due to brainos in trans_start changes (Alexander Lobakin) [Orabug: 34481188] - net: annotate accesses to queue->trans_start (Eric Dumazet) [Orabug: 34481188] - net/mlx5: E-switch, Create QoS on demand (Dmytro Linkin) [Orabug: 34481188] - net/mlx5: E-switch, Enable vport QoS on demand (Dmytro Linkin) [Orabug: 34481188] - net/mlx5: E-switch, move offloads mode callbacks to offloads file (Parav Pandit) [Orabug: 34481188] - net/mlx5: E-switch, Reuse mlx5_eswitch_set_vport_mac (Parav Pandit) [Orabug: 34481188] - net/mlx5: E-switch, Remove vport enabled check (Parav Pandit) [Orabug: 34481188] - net/mlx5e: Specify out ifindex when looking up decap route (Chris Mi) [Orabug: 34481188] - net/mlx5e: TC, Move comment about mod header flag to correct place (Roi Dayan) [Orabug: 34481188] - net/mlx5e: TC, Move kfree() calls after destroying all resources (Roi Dayan) [Orabug: 34481188] - net/mlx5e: TC, Destroy nic flow counter if exists (Roi Dayan) [Orabug: 34481188] - net/mlx5: TC, using swap() instead of tmp variable (Yihao Han) [Orabug: 34481188] - net/mlx5: CT: Allow static allocation of mod headers (Paul Blakey) [Orabug: 34481188] - net/mlx5e: Refactor mod header management API (Paul Blakey) [Orabug: 34481188] - net/mlx5: Avoid printing health buffer when firmware is unavailable (Aya Levin) [Orabug: 34481188] - net/mlx5: Fix format-security build warnings (Saeed Mahameed) [Orabug: 34481188] - net/mlx5e: Support ethtool cq mode (Saeed Mahameed) [Orabug: 34481188] - netdevsim: move vfconfig to nsim_dev (Jakub Kicinski) [Orabug: 34481188] - netdevsim: take rtnl_lock when assigning num_vfs (Jakub Kicinski) [Orabug: 34481188] - netdevsim: remove max_vfs dentry (Jakub Kicinski) [Orabug: 34481188] - virtio_net: introduce TX timeout watchdog (Tony Lu) [Orabug: 34481188] - net/mlx5e: TC, Fix memory leak with rules with internal port (Roi Dayan) [Orabug: 34481188] - net/mlx5: Fix some error handling paths in 'mlx5e_tc_add_fdb_flow()' (Christophe JAILLET) [Orabug: 34481188] - net/mlx5e: Fix skb memory leak when TC classifier action offloads are disabled (Gal Pressman) [Orabug: 34481188] - net/mlx5: Fix tc max supported prio for nic mode (Chris Mi) [Orabug: 34481188] - net/mlx5: Use first online CPU instead of hard coded CPU (Shay Drory) [Orabug: 34481188] - net/mlx5: DR, Fix querying eswitch manager vport for ECPF (Yevgeny Kliteynik) [Orabug: 34481188] - mlxsw: spectrum_router: Consolidate MAC profiles when possible (Danielle Ratson) [Orabug: 34481188] - net/mlx5e: SHAMPO, Fix constant expression result (Ben Ben-Ishay) [Orabug: 34481188] - net/mlx5: Fix access to a non-supported register (Aya Levin) [Orabug: 34481188] - net/mlx5: Fix too early queueing of log timestamp work (Gal Pressman) [Orabug: 34481188] - net/mlx5: Fix use after free in mlx5_health_wait_pci_up (Amir Tzin) [Orabug: 34481188] - net/mlx5: E-Switch, Use indirect table only if all destinations support it (Maor Dickman) [Orabug: 34481188] - net/mlx5: Lag, Fix recreation of VF LAG (Maor Gottlieb) [Orabug: 34481188] - mlxsw: spectrum: Allow driver to load with old firmware versions (Danielle Ratson) [Orabug: 34481188] - RDMA/nldev: Check stat attribute before accessing it (Leon Romanovsky) [Orabug: 34481188] - net/mlx5: Fix flow counters SF bulk query len (Avihai Horon) [Orabug: 34481188] - net/mlx5: DR, Fix check for unsupported fields in match param (Yevgeny Kliteynik) [Orabug: 34481188] - net/mlx5: DR, Handle eswitch manager and uplink vports separately (Yevgeny Kliteynik) [Orabug: 34481188] - net/mlx5: Lag, fix a potential Oops with mlx5_lag_create_definer() (Dan Carpenter) [Orabug: 34481188] - net/mlx5: Support internal port as decap route device (Ariel Levkovich) [Orabug: 34481188] - net/mlx5e: Term table handling of internal port rules (Ariel Levkovich) [Orabug: 34481188] - net/mlx5e: Add indirect tc offload of ovs internal port (Ariel Levkovich) [Orabug: 34481188] - net/mlx5e: Offload internal port as encap route device (Ariel Levkovich) [Orabug: 34481188] - net/mlx5e: Offload tc rules that redirect to ovs internal port (Ariel Levkovich) [Orabug: 34481188] - net/mlx5e: Accept action skbedit in the tc actions list (Ariel Levkovich) [Orabug: 34481188] - net/mlx5: E-Switch, Add ovs internal port mapping to metadata support (Ariel Levkovich) [Orabug: 34481188] - net/mlx5e: Use generic name for the forwarding dev pointer (Ariel Levkovich) [Orabug: 34481188] - net/mlx5e: Refactor rx handler of represetor device (Ariel Levkovich) [Orabug: 34481188] - net/mlx5: DR, Add check for unsupported fields in match param (Muhammad Sammar) [Orabug: 34481188] - net/mlx5: Allow skipping counter refresh on creation (Paul Blakey) [Orabug: 34481188] - net/mlx5: CT: Remove warning of ignore_flow_level support for VFs (Paul Blakey) [Orabug: 34481188] - net/mlx5: Add esw assignment back in mlx5e_tc_sample_unoffload() (Nathan Chancellor) [Orabug: 34481188] - net: mellanox: mlxbf_gige: Replace non-standard interrupt handling (Asmaa Mnebhi) [Orabug: 34481188] - mlxsw: spectrum_qdisc: Offload root TBF as port shaper (Petr Machata) [Orabug: 34481188] - RDMA/core: Fix missed initialization of rdma_hw_stats::lock (Mark Zhang) [Orabug: 34481188] - RDMA/umem: Allow pinned dmabuf umem usage (Gal Pressman) [Orabug: 34481188] - net/mlx5: Lag, Make mlx5_lag_is_multipath() be static inline (Maor Dickman) [Orabug: 34481188] - net/mlx5e: Prevent HW-GRO and CQE-COMPRESS features operate together (Khalid Manaa) [Orabug: 34481188] - net/mlx5e: Add HW-GRO offload (Khalid Manaa) [Orabug: 34481188] - net/mlx5e: Add HW_GRO statistics (Khalid Manaa) [Orabug: 34481188] - net/mlx5e: HW_GRO cqe handler implementation (Khalid Manaa) [Orabug: 34481188] - net/mlx5e: Add data path for SHAMPO feature (Ben Ben-Ishay) [Orabug: 34481188] - net/mlx5e: Add handle SHAMPO cqe support (Khalid Manaa) [Orabug: 34481188] - net/mlx5e: Add control path for SHAMPO feature (Ben Ben-Ishay) [Orabug: 34481188] - net/mlx5e: Add support to klm_umr_wqe (Ben Ben-Ishay) [Orabug: 34481188] - net/mlx5: Add SHAMPO caps, HW bits and enumerations (Ben Ben-Ishay) [Orabug: 34481188] - lib: bitmap: Introduce node-aware alloc API (Tariq Toukan) [Orabug: 34481188] - net/mlx5: remove the recent devlink params (Jakub Kicinski) [Orabug: 34481188] - mlxsw: spectrum_router: Expose RIF MAC profiles to devlink resource (Danielle Ratson) [Orabug: 34481188] - mlxsw: spectrum_router: Add RIF MAC profiles support (Danielle Ratson) [Orabug: 34481188] - mlxsw: spectrum_router: Propagate extack further (Danielle Ratson) [Orabug: 34481188] - mlxsw: resources: Add resource identifier for RIF MAC profiles (Danielle Ratson) [Orabug: 34481188] - mlxsw: reg: Add MAC profile ID field to RITR register (Danielle Ratson) [Orabug: 34481188] - net/mlx5: SF_DEV Add SF device trace points (Parav Pandit) [Orabug: 34481188] - net/mlx5: SF, Add SF trace points (Parav Pandit) [Orabug: 34481188] - net/mlx5: Let user configure max_macs param (Shay Drory) [Orabug: 34481188] - net/mlx5: Let user configure event_eq_size param (Shay Drory) [Orabug: 34481188] - net/mlx5: Let user configure io_eq_size param (Shay Drory) [Orabug: 34481188] - net/mlx5: Bridge, support replacing existing FDB entry (Vlad Buslov) [Orabug: 34481188] - net/mlx5: Bridge, extract code to lookup and del/notify entry (Vlad Buslov) [Orabug: 34481188] - net/mlx5: Add periodic update of host time to firmware (Aya Levin) [Orabug: 34481188] - net/mlx5: Print health buffer by log level (Aya Levin) [Orabug: 34481188] - net/mlx5: Extend health buffer dump (Aya Levin) [Orabug: 34481188] - net/mlx5: Reduce flow counters bulk query buffer size for SFs (Avihai Horon) [Orabug: 34481188] - net/mlx5: Fix unused function warning of mlx5i_flow_type_mask (Shay Drory) [Orabug: 34481188] - net/mlx5: Remove unnecessary checks for slow path flag (Paul Blakey) [Orabug: 34481188] - net/mlx5e: don't write directly to netdev->dev_addr (Jakub Kicinski) [Orabug: 34481188] - RDMA/mlx5: Use dev_addr_mod() (Jakub Kicinski) [Orabug: 34481188] - mlxsw: spectrum: Use 'bitmap_zalloc()' when applicable (Christophe JAILLET) [Orabug: 34481188] - dma-buf: move dma-buf symbols into the DMA_BUF module namespace (Greg Kroah-Hartman) [Orabug: 34481188] - net: convert users of bitmap_foo() to linkmode_foo() (Sean Anderson) [Orabug: 34481188] - mlx5: fix build after merge (Jakub Kicinski) [Orabug: 34481188] - ethernet: mlxsw: use eth_hw_addr_gen() (Jakub Kicinski) [Orabug: 34481188] - RDMA/mlx5: Move struct mlx5_core_mkey to mlx5_ib (Aharon Landau) [Orabug: 34481188] - RDMA/mlx5: Replace struct mlx5_core_mkey by u32 key (Aharon Landau) [Orabug: 34481188] - RDMA/mlx5: Remove pd from struct mlx5_core_mkey (Aharon Landau) [Orabug: 34481188] - RDMA/mlx5: Remove size from struct mlx5_core_mkey (Aharon Landau) [Orabug: 34481188] - RDMA/mlx5: Remove iova from struct mlx5_core_mkey (Aharon Landau) [Orabug: 34481188] - mlxsw: spectrum_qdisc: Make RED, TBF offloads classful (Petr Machata) [Orabug: 34481188] - mlxsw: spectrum_qdisc: Validate qdisc topology (Petr Machata) [Orabug: 34481188] - mlxsw: spectrum_qdisc: Clean stats recursively when priomap changes (Petr Machata) [Orabug: 34481188] - mlxsw: spectrum_qdisc: Unify graft validation (Petr Machata) [Orabug: 34481188] - mlxsw: spectrum_qdisc: Destroy children in mlxsw_sp_qdisc_destroy() (Petr Machata) [Orabug: 34481188] - mlxsw: spectrum_qdisc: Extract two helpers for handling future FIFOs (Petr Machata) [Orabug: 34481188] - mlxsw: spectrum_qdisc: Query tclass / priomap instead of caching it (Petr Machata) [Orabug: 34481188] - net/mlx5: E-Switch, Increase supported number of forward destinations to 32 (Maor Dickman) [Orabug: 34481188] - net/mlx5: E-Switch, Use dynamic alloc for dest array (Maor Dickman) [Orabug: 34481188] - net/mlx5: Lag, use steering to select the affinity port in LAG (Maor Gottlieb) [Orabug: 34481188] - net/mlx5: Lag, add support to create/destroy/modify port selection (Maor Gottlieb) [Orabug: 34481188] - net/mlx5: Lag, add support to create TTC tables for LAG port selection (Maor Gottlieb) [Orabug: 34481188] - net/mlx5: Lag, add support to create definers for LAG (Maor Gottlieb) [Orabug: 34481188] - net/mlx5: Lag, set match mask according to the traffic type bitmap (Maor Gottlieb) [Orabug: 34481188] - net/mlx5: Lag, set LAG traffic type mapping (Maor Gottlieb) [Orabug: 34481188] - net/mlx5: Lag, move lag files into directory (Maor Gottlieb) [Orabug: 34481188] - net/mlx5: Introduce new uplink destination type (Maor Gottlieb) [Orabug: 34481188] - net/mlx5: Add support to create match definer (Maor Gottlieb) [Orabug: 34481188] - net/mlx5: Introduce port selection namespace (Maor Gottlieb) [Orabug: 34481188] - net/mlx5: Support partial TTC rules (Maor Gottlieb) [Orabug: 34481188] - mlx5: prevent 64bit divide (Jakub Kicinski) [Orabug: 34481188] - habanalabs: add support for dma-buf exporter (Tomer Tayar) [Orabug: 34481188] - net/mlx5: Use system_image_guid to determine bonding (Rongwei Liu) [Orabug: 34481188] - net/mlx5: Use native_port_num as 1st option of device index (Rongwei Liu) [Orabug: 34481188] - net/mlx5: Introduce new device index wrapper (Rongwei Liu) [Orabug: 34481188] - net/mlx5: Check return status first when querying system_image_guid (Rongwei Liu) [Orabug: 34481188] - net/mlx5: DR, Prefer kcalloc over open coded arithmetic (Len Baker) [Orabug: 34481188] - net/mlx5e: Add extack msgs related to TC for better debug (Abhiram R N) [Orabug: 34481188] - net/mlx5: CT: Fix missing cleanup of ct nat table on init failure (Paul Blakey) [Orabug: 34481188] - net/mlx5: Disable roce at HCA level (Shay Drory) [Orabug: 34481188] - net/mlx5i: Enable Rx steering for IPoIB via ethtool (Moosa Baransi) [Orabug: 34481188] - net/mlx5: Bridge, provide flow source hints (Vlad Buslov) [Orabug: 34481188] - net/mlx5: Read timeout values from DTOR (Amir Tzin) [Orabug: 34481188] - net/mlx5: Read timeout values from init segment (Amir Tzin) [Orabug: 34481188] - net/mlx5: Add layout to support default timeouts register (Amir Tzin) [Orabug: 34481188] - ethernet: constify references to netdev->dev_addr in drivers (Jakub Kicinski) [Orabug: 34481188] - mlxsw: spectrum_qdisc: Introduce per-TC ECN counters (Petr Machata) [Orabug: 34481188] - mlxsw: reg: Add ecn_marked_tc to Per-TC Congestion Counters (Petr Machata) [Orabug: 34481188] - mlxsw: reg: Rename MLXSW_REG_PPCNT_TC_CONG_TC to _CNT (Petr Machata) [Orabug: 34481188] - mlxsw: reg: Fix a typo in a group heading (Petr Machata) [Orabug: 34481188] - devlink: Don't throw an error if flash notification sent before devlink visible (Leon Romanovsky) [Orabug: 34481188] - devlink: fix flexible_array.cocci warning (Guo Zhengkui) [Orabug: 34481188] - ethtool: don't drop the rtnl_lock half way thru the ioctl (Jakub Kicinski) [Orabug: 34481188] - devlink: expose get/put functions (Jakub Kicinski) [Orabug: 34481188] - ethtool: handle info/flash data copying outside rtnl_lock (Jakub Kicinski) [Orabug: 34481188] - ethtool: push the rtnl_lock into dev_ethtool() (Jakub Kicinski) [Orabug: 34481188] - devlink: make all symbols GPL-only (Jakub Kicinski) [Orabug: 34481188] - devlink: Simplify internal devlink params implementation (Leon Romanovsky) [Orabug: 34481188] IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-2196 Oracle Linux 9 [0.11.3-4.el9_1.3] - Fixed a vulnerability in pcs-web-ui-node-modules - Resolves: rhbz#2179900 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-28154 Oracle Linux 9 [22.1-7.0.3.el9_1] - Fix log file permission [Orabug: 35302969] [22.1-7.0.2.el9_1] - Fix CVE-2023-1786 [Orabug: 35302969] IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-1786 Oracle Linux 9 [6.1.1-6.el9] - Update changelog (Karl Heubaum) [Orabug: 35343538] - ebpf: fix compatibility with libbpf 1.0+ (Shreesh Adiga) [Orabug: 35268538] - ebpf: replace deprecated bpf_program__set_socket_filter (Haochen Tong) [Orabug: 35268538] - CVE-2023-1544 is not applicable to Oracle QEMU 6.1.1 (Karl Heubaum) [Orabug: 35305727] {CVE-2023-1544} - virtio-gpu: do not byteswap padding (Paolo Bonzini) [Orabug: 35304723] - KVM: x86: workaround invalid CPUID[0xD,9] info on some AMD processors (Paolo Bonzini) [Orabug: 35241527] - qemu-kvm.spec: fix Linux io_uring support (Mark Kanda) [Orabug: 35265200] - hw/intc/ioapic: Update KVM routes before redelivering IRQ, on RTE update (David Woodhouse) [Orabug: 35219290] [6.1.1-5.el9] - hw/pvrdma: Protect against buggy or malicious guest driver (Yuval Shaia) [Orabug: 35064352] {CVE-2022-1050} - hw/display/qxl: Assert memory slot fits in preallocated MemoryRegion (Philippe Mathieu-Daude) [Orabug: 35060182] - hw/display/qxl: Avoid buffer overrun in qxl_phys2virt (CVE-2022-4144) (Philippe Mathieu-Daude) [Orabug: 35060182] {CVE-2022-4144} - hw/display/qxl: Pass requested buffer size to qxl_phys2virt() (Philippe Mathieu-Daude) [Orabug: 35060182] - hw/display/qxl: Document qxl_phys2virt() (Philippe Mathieu-Daude) [Orabug: 35060182] - hw/display/qxl: Have qxl_log_command Return early if no log_cmd handler (Philippe Mathieu-Daude) [Orabug: 35060182] - ui/vnc-clipboard: fix integer underflow in vnc_client_cut_text_ext (Mauro Matteo Cascella) [Orabug: 35060115] {CVE-2022-3165} - hw/arm/virt: build SMBIOS 19 table (Mihai Carabas) - vl: Add an -action option to override MCE handling (Mark Kanda) [Orabug: 34779160] - hw/acpi/erst.c: Fix memory handling issues (Christian A. Ehrhardt) [Orabug: 34779541] {CVE-2022-4172} - target/i386: kvm: do not access uninitialized variable on older kernels (Paolo Bonzini) [Orabug: 34492975] - x86: Support XFD and AMX xsave data migration (Zeng Guang) [Orabug: 34492975] - x86: add support for KVM_CAP_XSAVE2 and AMX state migration (Jing Liu) [Orabug: 34492975] - x86: Add AMX CPUIDs enumeration (Jing Liu) [Orabug: 34492975] - x86: Add XFD faulting bit for state components (Jing Liu) [Orabug: 34492975] - x86: Grant AMX permission for guest (Yang Zhong) [Orabug: 34492975] - x86: Add AMX XTILECFG and XTILEDATA components (Jing Liu) [Orabug: 34492975] - x86: Fix the 64-byte boundary enumeration for extended state (Jing Liu) [Orabug: 34492975] - linux-headers: include missing changes from 5.17 (Paolo Bonzini) [Orabug: 34492975] - linux-headers: Update headers to v5.17-rc1 (Vivek Goyal) [Orabug: 34492975] - linux-headers: update to 5.16-rc1 (Paolo Bonzini) [Orabug: 34492975] - i386/pc: restrict AMD only enforcing of 1Tb hole to new machine type (Joao Martins) - i386/pc: relocate 4g start to 1T where applicable (Joao Martins) - i386/pc: bounds check phys-bits against max used GPA (Joao Martins) - i386/pc: factor out device_memory base/size to helper (Joao Martins) - i386/pc: factor out above-4g end to an helper (Joao Martins) - i386/pc: pass pci_hole64_size to pc_memory_init() (Joao Martins) - i386/pc: create pci-host qdev prior to pc_memory_init() (Joao Martins) - hw/i386: add 4g boundary start to X86MachineState (Joao Martins) - vhost-vdpa: fix assert !virtio_net_get_subqueue(nc)->async_tx.elem in virtio_net_reset (Si-Wei Liu) - net/vhost-vdpa.c: Fix clang compilation failure (Peter Maydell) - vhost-vdpa: allow passing opened vhostfd to vhost-vdpa (Si-Wei Liu) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-1544 Oracle Linux 8 Oracle Linux 9 [5.15.0-101.103.2.1] - Revert 'attr: use consistent sgid stripping checks' (Sherry Yang) [Orabug: 35346968] - Revert 'iommu: Force iommu shutdown on panic' (Boris Ostrovsky) [Orabug: 35346963] [5.15.0-101.103.2] - uek-rpm: mod-extra: Remove mt7921e.ko from extras list (Harshit Mogalapalli) [Orabug: 34999685] - crypto: allow ECDH and ECDSA algorithms in FIPS (Saeed Mirzamohammadi) [Orabug: 35230211] - uek-rpm: make CRYPTO_ECDSA builtin (Saeed Mirzamohammadi) [Orabug: 35230211] - KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode (Marc Zyngier) [Orabug: 35243389] - net/mlx5: Fix memory leak in error flow of port set buffer (Maher Sanalla) [Orabug: 35246355] - net/mlx5e: Update shared buffer along with device buffer changes (Maher Sanalla) [Orabug: 35246355] - net/mlx5e: Add API to query/modify SBPR and SBCM registers (Maher Sanalla) [Orabug: 35246355] - net/mlx5: Expose shared buffer registers bits and structs (Maher Sanalla) [Orabug: 35246355] - PCI: Work around Intel I210 ROM BAR overlap defect (Bjorn Helgaas) [Orabug: 35250975] - net/rds: Adding TCP stats for TCP keepalive timeout (Nagappan Ramasamy Palaniappan) [Orabug: 35254377] - rds: slight code cleanup of RDS checksum code (William Kucharski) [Orabug: 35262486] - x86/acpi/boot: Correct acpi_is_processor_usable() check (Eric DeVolder) [Orabug: 35274587] - x86/ACPI/boot: Use FADT version to check support for online capable (Mario Limonciello) [Orabug: 35274587] - x86/acpi/boot: Do not register processors that cannot be onlined for x2APIC (Kishon Vijay Abraham I) [Orabug: 35274587] - x86/ACPI: Don't add CPUs that are not online capable (Mario Limonciello) [Orabug: 35274587] - ACPICA: Add support for MADT online enabled bit (Mario Limonciello) [Orabug: 35274587] - net/rds: use appropriate reason while dropping a connection (Praveen Kumar Kannoju) [Orabug: 35278121] - KVM: nVMX: add missing consistency checks for CR0 and CR4 (Paolo Bonzini) [Orabug: 35278210] {CVE-2023-30456} - Revert 'scsi: megaraid_sas: Skip syncing the RAID map on older controllers' (Sherry Yang) [Orabug: 35285941] [5.15.0-101.103.1] - Revert 'Revert 'x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments'' (Tom Saeger) - Revert 'Revert 'Makefile: link with -z noexecstack --no-warn-rwx-segments'' (Tom Saeger) - LTS version: v5.15.103 (Jack Vogel) - Makefile: use -gdwarf-{4|5} for assembler for DEBUG_INFO_DWARF{4|5} (Nick Desaulniers) - KVM: VMX: Fix crash due to uninitialized current_vmcs (Alexandru Matei) - KVM: VMX: Introduce vmx_msr_bitmap_l01_changed() helper (Vitaly Kuznetsov) - KVM: nVMX: Don't use Enlightened MSR Bitmap for L3 (Vitaly Kuznetsov) - fs: hold writers when changing mount's idmapping (Christian Brauner) - UML: define RUNTIME_DISCARD_EXIT (Masahiro Yamada) - xfs: remove xfs_setattr_time() declaration (Gaosheng Cui) - KVM: fix memoryleak in kvm_init() (Miaohe Lin) - tools bpftool: Fix compilation error with new binutils (Andres Freund) - tools bpf_jit_disasm: Fix compilation error with new binutils (Andres Freund) - tools perf: Fix compilation error with new binutils (Andres Freund) - tools include: add dis-asm-compat.h to handle version differences (Andres Freund) - tools build: Add feature test for init_disassemble_info API changes (Andres Freund) - sh: define RUNTIME_DISCARD_EXIT (Tom Saeger) - s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU ld < 2.36 (Masahiro Yamada) - powerpc/vmlinux.lds: Don't discard .rela* for relocatable builds (Michael Ellerman) - powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT (Michael Ellerman) - arch: fix broken BuildID for arm64 and riscv (Masahiro Yamada) - ext4: block range must be validated before use in ext4_mb_clear_bb() (Lukas Czerner) - ext4: add strict range checks while freeing blocks (Ritesh Harjani) - ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid() (Ritesh Harjani) - ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb() (Ritesh Harjani) - filelocks: use mount idmapping for setlease permission check (Seth Forshee) - media: rc: gpio-ir-recv: add remove function (Li Jun) - media: ov5640: Fix analogue gain control (Paul Elder) - scripts: handle BrokenPipeError for python scripts (Masahiro Yamada) - PCI: Add SolidRun vendor ID (Alvaro Karsz) - macintosh: windfarm: Use unsigned type for 1-bit bitfields (Nathan Chancellor) - alpha: fix R_ALPHA_LITERAL reloc for large modules (Edward Humes) - powerpc/kcsan: Exclude udelay to prevent recursive instrumentation (Rohan McLure) - powerpc/iommu: fix memory leak with using debugfs_lookup() (Greg Kroah-Hartman) - MIPS: Fix a compilation issue (xurui) - fs: use consistent setgid checks in is_sxid() (Christian Brauner) - attr: use consistent sgid stripping checks (Christian Brauner) - attr: add setattr_should_drop_sgid() (Christian Brauner) - fs: move should_remove_suid() (Christian Brauner) - attr: add in_group_or_capable() (Christian Brauner) - fs: move S_ISGID stripping into the vfs_*() helpers (Yang Xu) - fs: add mode_strip_sgid() helper (Yang Xu) - xfs: set prealloc flag in xfs_alloc_file_space() (Dave Chinner) - xfs: fallocate() should call file_modified() (Dave Chinner) - xfs: remove XFS_PREALLOC_SYNC (Dave Chinner) - xfs: use setattr_copy to set vfs inode attributes (Darrick J. Wong) - tpm/eventlog: Don't abort tpm_read_log on faulty ACPI address (Morten Linderud) - watch_queue: fix IOC_WATCH_QUEUE_SET_SIZE alloc error paths (David Disseldorp) - staging: rtl8723bs: Fix key-store index handling (Hans de Goede) - staging: rtl8723bs: fix placement of braces (Hannes Braun) - Staging: rtl8723bs: Placing opening { braces in previous line (Jagath Jog J) - staging: rtl8723bs: clean up comparsions to NULL (Michael Straube) - iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter (Gavrilov Ilia) - iommu/amd: Fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (Kim Phillips) - iommu/amd: Add PCI segment support for ivrs_[ioapic/hpet/acpihid] commands (Suravee Suthikulpanit) - nbd: use the correct block_device in nbd_bdev_reset (Christoph Hellwig) - irqdomain: Fix mapping-creation race (Johan Hovold) - ext4: Fix deadlock during directory rename (Jan Kara) - RISC-V: Don't check text_mutex during stop_machine (Conor Dooley) - s390/ftrace: remove dead code (Heiko Carstens) - riscv: Use READ_ONCE_NOCHECK in imprecise unwinding stack mode (Alexandre Ghiti) - af_unix: fix struct pid leaks in OOB support (Eric Dumazet) - af_unix: Remove unnecessary brackets around CONFIG_AF_UNIX_OOB. (Kuniyuki Iwashima) - net: dsa: mt7530: permit port 5 to work without port 6 on MT7621 SoC (Vladimir Oltean) - SUNRPC: Fix a server shutdown leak (Benjamin Coddington) - octeontx2-af: Unlock contexts in the queue context cache in case of fault detection (Suman Ghosh) - net/smc: fix fallback failed while sendmsg with fastopen (D. Wythe) - platform: x86: MLX_PLATFORM: select REGMAP instead of depending on it (Randy Dunlap) - netfilter: conntrack: adopt safer max chain length (Eric Dumazet) - scsi: megaraid_sas: Update max supported LD IDs to 240 (Chandrakanth Patil) - net: ethernet: mtk_eth_soc: fix RX data corruption issue (Daniel Golle) - net: phy: smsc: fix link up detection in forced irq mode (Heiner Kallweit) - net: phy: smsc: Cache interrupt mask (Lukas Wunner) - btf: fix resolving BTF_KIND_VAR after ARRAY, STRUCT, UNION, PTR (Lorenz Bauer) - netfilter: tproxy: fix deadlock due to missing BH disable (Florian Westphal) - netfilter: ctnetlink: revert to dumping mark regardless of event type (Ivan Delalande) - bnxt_en: Avoid order-5 memory allocation for TPA data (Michael Chan) - net: phylib: get rid of unnecessary locking (Russell King (Oracle)) - net: stmmac: add to set device wake up flag when stmmac init phy (Rongguang Wei) - drm/msm/dpu: fix len of sc7180 ctl blocks (Dmitry Baryshkov) - bpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser() (Liu Jian) - ice: copy last block omitted in ice_get_module_eeprom() (Petr Oros) - net: caif: Fix use-after-free in cfusbl_device_notify() (Shigeru Yoshida) - net: lan78xx: fix accessing the LAN7800's internal phy specific registers from the MAC driver (Yuiko Oshino) - perf stat: Fix counting when initial delay configured (Changbin Du) - selftests: nft_nat: ensuring the listening side is up before starting the client (Hangbin Liu) - ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping() (Eric Dumazet) - powerpc: dts: t1040rdb: fix compatible string for Rev A boards (Vladimir Oltean) - nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties (Kang Chen) - bgmac: fix *initial* chip reset to support BCM5358 (Rafal Milecki) - drm/msm/a5xx: fix context faults during ring switch (Dmitry Baryshkov) - drm/msm/a5xx: fix the emptyness check in the preempt code (Dmitry Baryshkov) - drm/msm/a5xx: fix highest bank bit for a530 (Dmitry Baryshkov) - drm/msm/a5xx: fix setting of the CP_PREEMPT_ENABLE_LOCAL register (Dmitry Baryshkov) - drm/msm: Fix potential invalid ptr free (Rob Clark) - drm/nouveau/kms/nv50: fix nv50_wndw_new_ prototype (Jiri Slaby (SUSE)) - drm/nouveau/kms/nv50-: remove unused functions (Ben Skeggs) - ext4: Fix possible corruption when moving a directory (Jan Kara) - regulator: core: Use ktime_get_boottime() to determine how long a regulator was off (Matthias Kaehlcke) - regulator: core: Fix off-on-delay-us for always-on/boot-on regulators (Christian Kohlschutter) - regulator: Flag uncontrollable regulators as always_on (Mark Brown) - scsi: core: Remove the /proc/scsi/ directory earlier (Bart Van Assche) - riscv: Add header include guards to insn.h (Liao Chang) - riscv: Avoid enabling interrupts in die() (Mattias Nissler) - RISC-V: Avoid dereferening NULL regs in die() (Palmer Dabbelt) - arm64: efi: Make efi_rt_lock a raw_spinlock (Pierre Gondois) - brd: mark as nowait compatible (Jens Axboe) - block/brd: add error handling support for add_disk() (Luis Chamberlain) - iommu/vt-d: Fix PASID directory pointer coherency (Jacob Pan) - irqdomain: Refactor __irq_domain_alloc_irqs() (Johan Hovold) - f2fs: retry to update the inode page given data corruption (Jaegeuk Kim) - f2fs: do not bother checkpoint by f2fs_get_node_info (Jaegeuk Kim) - f2fs: avoid down_write on nat_tree_lock during checkpoint (Jaegeuk Kim) - udf: Fix off-by-one error when discarding preallocation (Jan Kara) - fs: dlm: start midcomms before scand (Alexander Aring) - fs: dlm: add midcomms init/start functions (Alexander Aring) - fs: dlm: fix log of lowcomms vs midcomms (Alexander Aring) - KVM: SVM: Process ICR on AVIC IPI delivery failure due to invalid target (Sean Christopherson) - KVM: SVM: Don't rewrite guest ICR on AVIC IPI virtualization failure (Sean Christopherson) - KVM: Register /dev/kvm as the _very_ last thing during initialization (Sean Christopherson) - KVM: Pre-allocate cpumasks for kvm_make_all_cpus_request_except() (Vitaly Kuznetsov) - KVM: Optimize kvm_make_vcpus_request_mask() a bit (Vitaly Kuznetsov) - nfc: change order inside nfc_se_io error path (Fedor Pchelkin) - ext4: zero i_disksize when initializing the bootloader inode (Zhihao Cheng) - ext4: fix WARNING in ext4_update_inline_data (Ye Bin) - ext4: move where set the MAY_INLINE_DATA flag is set (Ye Bin) - ext4: fix another off-by-one fsmap error on 1k block filesystems (Darrick J. Wong) - ext4: fix RENAME_WHITEOUT handling for inline directories (Eric Whitney) - ext4: fix cgroup writeback accounting with fs-layer encryption (Eric Biggers) - staging: rtl8723bs: Pass correct parameters to cfg80211_get_bss() (Hans de Goede) - drm/connector: print max_requested_bpc in state debugfs (Harry Wentland) - drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc15 (Alex Deucher) - x86/CPU/AMD: Disable XSAVES on AMD family 0x17 (Andrew Cooper) - fork: allow CLONE_NEWTIME in clone3 flags (Tobias Klauser) - perf inject: Fix --buildid-all not to eat up MMAP2 (Namhyung Kim) - btrfs: fix percent calculation for bg reclaim message (Johannes Thumshirn) - LTS version: v5.15.102 (Jack Vogel) - staging: rtl8192e: Remove call_usermodehelper starting RadioPower.sh (Philipp Hortmann) - staging: rtl8192e: Remove function ..dm_check_ac_dc_power calling a script (Philipp Hortmann) - wifi: cfg80211: Partial revert 'wifi: cfg80211: Fix use after free for wext' (Hector Martin) - LTS version: v5.15.101 (Jack Vogel) - Revert 'drm/i915: Don't use BAR mappings for ring buffers with LLC' (Greg Kroah-Hartman) - LTS version: v5.15.100 (Jack Vogel) - usb: gadget: uvc: fix missing mutex_unlock() if kstrtou8() fails (Yang Yingliang) - malidp: Fix NULL vs IS_ERR() checking (Miaoqian Lin) - scsi: mpt3sas: Remove usage of dma_get_required_mask() API (Sreekanth Reddy) - scsi: mpt3sas: re-do lost mpt3sas DMA mask fix (Sreekanth Reddy) - scsi: mpt3sas: Don't change DMA mask while reallocating pools (Sreekanth Reddy) - Revert 'scsi: mpt3sas: Fix return value check of dma_get_required_mask()' (Salvatore Bonaccorso) - drm/virtio: Fix error code in virtio_gpu_object_shmem_init() (Harshit Mogalapalli) - media: uvcvideo: Fix race condition with usb_kill_urb (Ricardo Ribalda) - Bluetooth: hci_sock: purge socket queues in the destruct() callback (Nguyen Dinh Phi) - drm/display/dp_mst: Fix down message handling after a packet reception error (Imre Deak) - drm/display/dp_mst: Fix down/up message handling after sink disconnect (Imre Deak) - x86/resctl: fix scheduler confusion with 'current' (Linus Torvalds) - net: tls: avoid hanging tasks on the tx_lock (Jakub Kicinski) - soundwire: cadence: Drain the RX FIFO after an IO timeout (Richard Fitzgerald) - soundwire: cadence: Remove wasted space in response_buf (Richard Fitzgerald) - phy: rockchip-typec: Fix unsigned comparison with less than zero (Jiapeng Chong) - PCI: Add ACS quirk for Wangxun NICs (Mengyuan Lou) - PCI: loongson: Add more devices that need MRRS quirk (Huacai Chen) - kernel/fail_function: fix memory leak with using debugfs_lookup() (Greg Kroah-Hartman) - drivers: base: dd: fix memory leak with using debugfs_lookup() (Greg Kroah-Hartman) - drivers: base: component: fix memory leak with using debugfs_lookup() (Greg Kroah-Hartman) - misc: vmw_balloon: fix memory leak with using debugfs_lookup() (Greg Kroah-Hartman) - tty: pcn_uart: fix memory leak with using debugfs_lookup() (Greg Kroah-Hartman) - PCI: Take other bus devices into account when distributing resources (Mika Westerberg) - PCI: Align extra resources for hotplug bridges properly (Mika Westerberg) - usb: gadget: uvc: Make bSourceID read/write (Daniel Scally) - usb: uvc: Enumerate valid values for color matching (Daniel Scally) - USB: ene_usb6250: Allocate enough memory for full object (Kees Cook) - usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math (Kees Cook) - USB: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup() (Greg Kroah-Hartman) - USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() (Greg Kroah-Hartman) - USB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup() (Greg Kroah-Hartman) - USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() (Greg Kroah-Hartman) - USB: gadget: gr_udc: fix memory leak with using debugfs_lookup() (Greg Kroah-Hartman) - USB: isp1362: fix memory leak with using debugfs_lookup() (Greg Kroah-Hartman) - USB: isp116x: fix memory leak with using debugfs_lookup() (Greg Kroah-Hartman) - USB: fotg210: fix memory leak with using debugfs_lookup() (Greg Kroah-Hartman) - USB: sl811: fix memory leak with using debugfs_lookup() (Greg Kroah-Hartman) - USB: uhci: fix memory leak with using debugfs_lookup() (Greg Kroah-Hartman) - USB: chipidea: fix memory leak with using debugfs_lookup() (Greg Kroah-Hartman) - USB: dwc3: fix memory leak with using debugfs_lookup() (Greg Kroah-Hartman) - PCI: loongson: Prevent LS7A MRRS increases (Huacai Chen) - soundwire: bus_type: Avoid lockdep assert in sdw_drv_probe() (Richard Fitzgerald) - iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word() (Harshit Mogalapalli) - iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word() (Harshit Mogalapalli) - tools/iio/iio_utils:fix memory leak (Yulong Zhang) - mei: bus-fixup:upon error print return values of send and receive (Alexander Usyskin) - serial: sc16is7xx: setup GPIO controller later in probe (Isaac True) - tty: serial: fsl_lpuart: disable the CTS when send break signal (Sherry Sun) - tty: fix out-of-bounds access in tty_driver_lookup_tty() (Sven Schnelle) - staging: emxx_udc: Add checks for dma_alloc_coherent() (Yuan Can) - USB: fix memory leak with using debugfs_lookup() (Greg Kroah-Hartman) - media: uvcvideo: Silence memcpy() run-time false positive warnings (Kees Cook) - media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910 (Ricardo Ribalda) - media: uvcvideo: Handle errors from calls to usb_string (Guenter Roeck) - media: uvcvideo: Handle cameras with invalid descriptors (Ricardo Ribalda) - media: uvcvideo: Remove format descriptions (Laurent Pinchart) - iommu/amd: Fix error handling for pdev_pri_ats_enable() (Vasant Hegde) - IB/hfi1: Update RMT size calculation (Dean Luick) - mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak (Liang He) - bootconfig: Increase max nodes of bootconfig from 1024 to 8192 for DCC support (Souradeep Chowdhury) - firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3 (Darrell Kavanagh) - kernel/printk/index.c: fix memory leak with using debugfs_lookup() (Greg Kroah-Hartman) - tracing: Add NULL checks for buffer in ring_buffer_free_read_page() (Jia-Ju Bai) - thermal: intel: BXT_PMIC: select REGMAP instead of depending on it (Randy Dunlap) - thermal: intel: quark_dts: fix error pointer dereference (Dan Carpenter) - ASoC: mediatek: mt8195: add missing initialization (Trevor Wu) - ASoC: zl38060 add gpiolib dependency (Arnd Bergmann) - ASoC: zl38060: Remove spurious gpiolib select (Mark Brown) - ASoC: adau7118: don't disable regulators on device unbind (Nuno Sa) - loop: loop_set_status_from_info() check before assignment (Zhong Jinghua) - rtc: allow rtc_read_alarm without read_alarm callback (Alexandre Belloni) - scsi: ipr: Work around fortify-string warning (Arnd Bergmann) - genirq: Add and use an irq_data_update_affinity helper (Samuel Holland) - genirq: Refactor accessors to use irq_data_get_affinity_mask (Samuel Holland) - rtc: sun6i: Always export the internal oscillator (Samuel Holland) - vc_screen: modify vcs_size() handling in vcs_read() (George Kennedy) - tcp: tcp_check_req() can be called from process context (Eric Dumazet) - ARM: dts: spear320-hmi: correct STMPE GPIO compatible (Krzysztof Kozlowski) - net/sched: act_sample: fix action bind logic (Pedro Tammela) - net/sched: act_mpls: fix action bind logic (Pedro Tammela) - net/sched: act_pedit: fix action bind logic (Pedro Tammela) - net/sched: transition act_pedit to rcu and percpu stats (Pedro Tammela) - nfc: fix memory leak of se_io context in nfc_genl_se_io (Fedor Pchelkin) - net/mlx5: Geneve, Fix handling of Geneve object id as error code (Maor Dickman) - net/mlx5e: Verify flow_source cap before using it (Roi Dayan) - 9p/rdma: unmap receive dma buffer in rdma_request()/post_recv() (Zhengchao Shao) - 9p/xen: fix connection sequence (Juergen Gross) - 9p/xen: fix version parsing (Juergen Gross) - net: fix __dev_kfree_skb_any() vs drop monitor (Eric Dumazet) - octeontx2-pf: Use correct struct reference in test condition (Deepak R Varma) - sctp: add a refcnt in sctp_stream_priorities to avoid a nested loop (Xin Long) - ipv6: Add lwtunnel encap size of all siblings in nexthop calculation (Lu Wei) - netfilter: x_tables: fix percpu counter block leak on error path when creating new netns (Pavel Tikhomirov) - netfilter: ebtables: fix table blob use-after-free (Florian Westphal) - netfilter: ctnetlink: fix possible refcount leak in ctnetlink_create_conntrack() (Hangyu Hua) - watchdog: sbsa_wdog: Make sure the timeout programming is within the limits (George Cherian) - watchdog: pcwd_usb: Fix attempting to access uninitialized memory (Li Hua) - watchdog: Fix kmemleak in watchdog_cdev_register (Chen Jun) - watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path (ruanjinjie) - um: virt-pci: properly remove PCI device from bus (Benjamin Berg) - um: virtio_uml: move device breaking into workqueue (Benjamin Berg) - um: virtio_uml: mark device as unregistered when breaking it (Benjamin Berg) - um: virtio_uml: free command if adding to virtqueue failed (Benjamin Berg) - x86: um: vdso: Add '%rcx' and '%r11' to the syscall clobber list (Ammar Faizi) - netfilter: nf_tables: allow to fetch set elements when table has an owner (Pablo Neira Ayuso) - ext4: use ext4_fc_tl_mem in fast-commit replay path (Eric Biggers) - f2fs: fix to avoid potential memory corruption in __update_iostat_latency() (Yangtao Li) - ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed (Zhihao Cheng) - ubi: Fix UAF wear-leveling entry in eraseblk_count_seq_show() (Zhihao Cheng) - ubi: fastmap: Fix missed fm_anchor PEB in wear-leveling after disabling fastmap (Zhihao Cheng) - ubifs: ubifs_writepage: Mark page dirty after writing inode failed (Zhihao Cheng) - ubifs: dirty_cow_znode: Fix memleak in error handling path (Zhihao Cheng) - ubifs: Re-statistic cleaned znode count if commit failed (Zhihao Cheng) - ubi: Fix possible null-ptr-deref in ubi_free_volume() (Yang Yingliang) - ubifs: Fix memory leak in alloc_wbufs() (Li Zetao) - ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume() (Li Zetao) - ubi: Fix use-after-free when volume resizing failed (Li Zetao) - ubifs: Reserve one leb for each journal head while doing budget (Zhihao Cheng) - ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1 (Zhihao Cheng) - ubifs: Fix wrong dirty space budget for dirty inode (Zhihao Cheng) - ubifs: Rectify space budget for ubifs_xrename() (Zhihao Cheng) - ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted (Zhihao Cheng) - ubifs: Fix build errors as symbol undefined (Li Hua) - ubi: ensure that VID header offset + VID header size <= alloc, size (George Kennedy) - um: vector: Fix memory leak in vector_config (Xiang Yang) - f2fs: allow set compression option of files without blocks (Yangtao Li) - fs: f2fs: initialize fsdata in pagecache_write() (Alexander Potapenko) - f2fs: use memcpy_{to,from}_page() where possible (Eric Biggers) - pwm: stm32-lp: fix the check on arr and cmp registers update (Fabrice Gasnier) - pwm: sifive: Always let the first pwm_apply_state succeed (Emil Renner Berthing) - pwm: sifive: Reduce time the controller lock is held (Uwe Kleine-Konig) - objtool: Fix memory leak in create_static_call_sections() (Miaoqian Lin) - fs/jfs: fix shift exponent db_agl2size negative (Liu Shixin via Jfs-discussion) - auxdisplay: hd44780: Fix potential memory leak in hd44780_remove() (Jianglei Nie) - LTS version: v5.15.99 (Jack Vogel) - kbuild: Port silent mode detection to future gnu make. (Dmitry Goncharov) - wifi: ath9k: use proper statements in conditionals (Arnd Bergmann) - arm64: dts: qcom: ipq8074: fix Gen2 PCIe QMP PHY (Robert Marko) - iommu/vt-d: Fix an unbalanced rcu_read_lock/rcu_read_unlock() (Christophe JAILLET) - media: uvcvideo: Fix memory leak of object map on error exit path (Colin Ian King) - qede: avoid uninitialized entries in coal_entry array (Michal Schmidt) - perf intel-pt: pkt-decoder: Add CFE and EVD packets (Adrian Hunter) - drm/edid: fix AVI infoframe aspect ratio handling (Jani Nikula) - drm/i915: Don't use BAR mappings for ring buffers with LLC (John Harrison) - drm/radeon: Fix eDP for single-display iMac11,2 (Mark Hawrylak) - drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv (Mavroudis Chatzilaridis) - vfio/type1: restore locked_vm (Steve Sistare) - vfio/type1: track locked_vm per dma (Steve Sistare) - vfio/type1: prevent underflow of locked_vm via exec() (Steve Sistare) - iommu/vt-d: Avoid superfluous IOTLB tracking in lazy mode (Jacob Pan) - PCI: Avoid FLR for AMD FCH AHCI adapters (Damien Le Moal) - PCI: hotplug: Allow marking devices as disconnected during bind/unbind (Lukas Wunner) - PCI/PM: Observe reset delay irrespective of bridge_d3 (Lukas Wunner) - MIPS: DTS: CI20: fix otg power gpio (H. Nikolaus Schaller) - riscv: ftrace: Reduce the detour code size to half (Guo Ren) - riscv: ftrace: Remove wasted nops for !RISCV_ISA_C (Guo Ren) - riscv, mm: Perform BPF exhandler fixup on page fault (Bjorn Topel) - riscv: jump_label: Fixup unaligned arch_static_branch function (Andy Chiu) - riscv: mm: fix regression due to update_mmu_cache change (Sergey Matyukevich) - RISC-V: add a spin_shadow_stack declaration (Conor Dooley) - scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() (Tomas Henzl) - scsi: ses: Fix possible desc_ptr out-of-bounds accesses (Tomas Henzl) - scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses (Tomas Henzl) - scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() (Tomas Henzl) - scsi: ses: Don't attach if enclosure has no components (James Bottomley) - tools/bootconfig: fix single & used for logical condition (Antonio Alvarez Feijoo) - ring-buffer: Handle race between rb_move_tail and rb_check_pages (Mukesh Ojha) - ktest.pl: Add RUN_TIMEOUT option with default unlimited (Steven Rostedt) - ktest.pl: Fix missing 'end_monitor' when machine check fails (Steven Rostedt) - ktest.pl: Give back console on Ctrt^C on monitor (Steven Rostedt) - mm/thp: check and bail out if page in deferred queue already (Yin Fengwei) - mm: memcontrol: deprecate charge moving (Johannes Weiner) - docs: gdbmacros: print newest record (John Ogness) - remoteproc/mtk_scp: Move clk ops outside send_lock (Chen-Yu Tsai) - media: ipu3-cio2: Fix PM runtime usage_count in driver unbind (Sakari Ailus) - mips: fix syscall_get_nr (Elvira Khabirova) - dax/kmem: Fix leak of memory-hotplug resources (Dan Williams) - alpha: fix FEN fault handling (Al Viro) - ceph: update the time stamps and try to drop the suid/sgid (Xiubo Li) - rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails (Ilya Dryomov) - fuse: add inode/permission checks to fileattr_get/fileattr_set (Alexander Mikhalitsyn) - ARM: dts: exynos: correct TMU phandle in Odroid HC1 (Krzysztof Kozlowski) - ARM: dts: exynos: correct TMU phandle in Odroid XU (Krzysztof Kozlowski) - ARM: dts: exynos: correct TMU phandle in Exynos5250 (Krzysztof Kozlowski) - ARM: dts: exynos: correct TMU phandle in Odroid XU3 family (Krzysztof Kozlowski) - ARM: dts: exynos: correct TMU phandle in Exynos4 (Krzysztof Kozlowski) - ARM: dts: exynos: correct TMU phandle in Exynos4210 (Krzysztof Kozlowski) - ARM: dts: qcom: sdx55: Add Qcom SMMU-500 as the fallback for IOMMU node (Manivannan Sadhasivam) - dm flakey: fix a bug with 32-bit highmem systems (Mikulas Patocka) - dm flakey: don't corrupt the zero page (Mikulas Patocka) - dm flakey: fix logic when corrupting a bio (Mikulas Patocka) - thermal: intel: powerclamp: Fix cur_state for multi package system (Srinivas Pandruvada) - qede: fix interrupt coalescing configuration (Manish Chopra) - wifi: cfg80211: Fix use after free for wext (Alexander Wetzel) - wifi: ath11k: allow system suspend to survive ath11k (Len Brown) - wifi: rtl8xxxu: Use a longer retry limit of 48 (Bitterblue Smith) - dm: add cond_resched() to dm_wq_work() (Pingfan Liu) - dm: send just one event on resize, not two (Mikulas Patocka) - mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type (Louis Rannou) - mtd: spi-nor: spansion: Consider reserved bits in CFR5 register (Tudor Ambarus) - mtd: spi-nor: sfdp: Fix index value for SCCR dwords (Takahiro Kuwano) - ext4: refuse to create ea block when umounted (Jun Nie) - ext4: optimize ea_inode block expansion (Jun Nie) - jbd2: fix data missing when reusing bh which is ready to be checkpointed (Zhihao Cheng) - ALSA: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC (Lukasz Stelmach) - ALSA: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls() (Dmitry Fomin) - io_uring/poll: allow some retries for poll triggering spuriously (Jens Axboe) - io_uring: remove MSG_NOSIGNAL from recvmsg (David Lamparter) - io_uring/rsrc: disallow multi-source reg buffers (Pavel Begunkov) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-30456 Oracle Linux 8 Oracle Linux 9 [5.15.0-102.110.5] - RISC-V: Fix up a cherry-pick warning in setup_vm_final() (Alexandre Ghiti) - Revert 'Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work' (Liu Jian) - riscv: mm: remove redundant parameter of create_fdt_early_page_table (Song Shuai) - kernfs: change kernfs_rename_lock into a read-write lock. (Imran Khan) [Orabug: 35257584] - kernfs: Use a per-fs rwsem to protect per-fs list of kernfs_super_info. (Imran Khan) [Orabug: 35257584] - kernfs: Introduce separate rwsem to protect inode attributes. (Imran Khan) [Orabug: 35257584] - debugfs: allow access blktrace trace files in lockdown mode (Junxiao Bi) [Orabug: 35275017] - rds: Add time_spent and payload info for send_cqe handler (Rohit Nair) [Orabug: 35302534] - KVM: x86: Always enable legacy FP/SSE in allowed user XFEATURES (Dr. David Alan Gilbert) [Orabug: 35309074] - KVM: x86: Reinstate kvm_vcpu_arch.guest_supported_xcr0 (Sean Christopherson) [Orabug: 35309074] - x86/kvm: Fix compilation warning in non-x86_64 builds (Leonardo Bras) [Orabug: 35309074] - x86/kvm/fpu: Remove kvm_vcpu_arch.guest_supported_xcr0 (Leonardo Bras) [Orabug: 35309074] - x86/kvm/fpu: Limit guest user_xfeatures to supported bits of XCR0 (Leonardo Bras) [Orabug: 35309074] - KVM: x86: Move CPUID.(EAX=0x12,ECX=1) mangling to __kvm_update_cpuid_runtime() (Vitaly Kuznetsov) [Orabug: 35309074] - KVM: x86: Remove defunct setting of XCR0 for guest during vCPU create (Sean Christopherson) [Orabug: 35309074] - netfilter: nf_tables: deactivate anonymous set from preparation phase (Pablo Neira Ayuso) [Orabug: 35382083] {CVE-2023-32233} - uek-rpm: Enable CONFIG_VIRTIO_FS in UEK7 (Harshit Mogalapalli) [Orabug: 35383136] - drm/hyperv: Add ratelimit on error message (Saurabh Sengar) [Orabug: 35388012] - drm/hyperv: Don't overwrite dirt_needed value set by host (Saurabh Sengar) [Orabug: 35388012] - SUNRPC: remove the maximum number of retries in call_bind_status (Dai Ngo) [Orabug: 35397524] - scsi: target: iscsi: Handle abort for WRITE_PENDING cmds (Dmitry Bogdanov) [Orabug: 35404019] - scsi: target: iscsit: Fix TAS handling during conn cleanup (Mike Christie) [Orabug: 35404019] - scsi: target: Fix multiple LUN_RESET handling (Mike Christie) [Orabug: 35404019] - scsi: target: iscsit: Free cmds before session free (Dmitry Bogdanov) [Orabug: 35404019] - scsi: target: iscsit: Stop/wait on cmds during conn close (Mike Christie) [Orabug: 35404019] - scsi: target: iscsit: isert: Alloc per conn cmd counter (Mike Christie) [Orabug: 35404019] - scsi: target: Pass in cmd counter to use during cmd setup (Mike Christie) [Orabug: 35404019] - scsi: target: Move cmd counter allocation (Mike Christie) [Orabug: 35404019] - scsi: target: Move sess cmd counter to new struct (Mike Christie) [Orabug: 35404019] - net/rds: Fix copy&paste error (Gerd Rausch) [Orabug: 35416946] [5.15.0-102.110.4] - vdpa/mlx5: Extend driver support for new features (Eli Cohen) [Orabug: 35210565] - vdpa/mlx5: Make VIRTIO_NET_F_MRG_RXBUF off by default (Eli Cohen) [Orabug: 35210565] - vhost-vdpa: free iommu domain after last use during cleanup (Gautam Dawar) [Orabug: 35210565] - vdpa/mlx5: should not activate virtq object when suspended (Si-Wei Liu) [Orabug: 35210565] - vp_vdpa: fix the crash in hot unplug with vp_vdpa (Cindy Lu) [Orabug: 35210565] - vdpa/mlx5: support device features provisioning (Si-Wei Liu) [Orabug: 35210565] - vdpa/mlx5: make MTU/STATUS presence conditional on feature bits (Si-Wei Liu) [Orabug: 35210565] - vdpa: validate device feature provisioning against supported class (Si-Wei Liu) [Orabug: 35210565] - vdpa: validate provisioned device features against specified attribute (Si-Wei Liu) [Orabug: 35210565] - vdpa: conditionally read STATUS in config space (Si-Wei Liu) [Orabug: 35210565] - vdpa: fix improper error message when adding vdpa dev (Si-Wei Liu) [Orabug: 35210565] - vdpa/mlx5: Initialize CVQ iotlb spinlock (Eli Cohen) [Orabug: 35210565] - vdpa/mlx5: Don't clear mr struct on destroy MR (Eli Cohen) [Orabug: 35210565] - vdpa/mlx5: Directly assign memory key (Eli Cohen) [Orabug: 35210565] - vhost-vdpa: print warning when vhost_vdpa_alloc_domain fails (Alvaro Karsz) [Orabug: 35210565] - vdpa: Fix a couple of spelling mistakes in some messages (Colin Ian King) [Orabug: 35210565] - vdpa: mlx5: support per virtqueue dma device (Jason Wang) [Orabug: 35210565] - vdpa: set dma mask for vDPA device (Jason Wang) [Orabug: 35210565] - virtio-vdpa: support per vq dma device (Jason Wang) [Orabug: 35210565] - vdpa: introduce get_vq_dma_device() (Jason Wang) [Orabug: 35210565] - virtio_ring: per virtqueue dma device (Jason Wang) [Orabug: 35210565] - vhost: remove unused paramete (Liming Wu) [Orabug: 35210565] - vhost-test: remove meaningless debug info (Liming Wu) [Orabug: 35210565] - vdpa_sim: get rid of DMA ops (Jason Wang) [Orabug: 35210565] - vdpa_sim_net: vendor satistics (Jason Wang) [Orabug: 35210565] - vdpa_sim: support vendor statistics (Jason Wang) [Orabug: 35210565] - vdpasim: customize allocation size (Jason Wang) [Orabug: 35210565] - vdpa_sim: switch to use __vdpa_alloc_device() (Jason Wang) [Orabug: 35210565] - vdpa_sim: use weak barriers (Jason Wang) [Orabug: 35210565] - vdpa_sim: Implement resume vdpa op (Sebastien Boeuf) [Orabug: 35210565] - vhost-vdpa: uAPI to resume the device (Sebastien Boeuf) [Orabug: 35210565] - vhost-vdpa: Introduce RESUME backend feature bit (Sebastien Boeuf) [Orabug: 35210565] - vdpa: Add resume operation (Sebastien Boeuf) [Orabug: 35210565] - vdpa_sim_net: Offer VIRTIO_NET_F_STATUS (Eugenio Perez) [Orabug: 35210565] - vdpa/mlx5: Move some definitions to a new header file (Eli Cohen) [Orabug: 35210565] - vdpa_sim_net: should not drop the multicast/broadcast packet (Cindy Lu) [Orabug: 35210565] - vdpasim: fix memory leak when freeing IOTLBs (Jason Wang) [Orabug: 35210565] - vdpa: conditionally fill max max queue pair for stats (Jason Wang) [Orabug: 35210565] - vdpa/vp_vdpa: fix kfree a wrong pointer in vp_vdpa_remove (Rong Wang) [Orabug: 35210565] - vhost_vdpa: fix the crash in unmap a large memory (Cindy Lu) [Orabug: 35210565] - vhost-vdpa: fix an iotlb memory leak (Stefano Garzarella) [Orabug: 35210565] - RDMA/mlx5: remove variable i (Colin Ian King) [Orabug: 35210565] - vdpa/mlx5: Avoid overwriting CVQ iotlb (Eli Cohen) [Orabug: 35210565] - vdpa/mlx5: Avoid using reslock in event_handler (Eli Cohen) [Orabug: 35210565] - vdpa/mlx5: Fix wrong mac address deletion (Eli Cohen) [Orabug: 35210565] - vdpa/mlx5: Return error on vlan ctrl commands if not supported (Eli Cohen) [Orabug: 35210565] - vdpa/mlx5: Fix rule forwarding VLAN to TIR (Eli Cohen) [Orabug: 35210565] - vdpa: merge functionally duplicated dev_features attributes (Si-Wei Liu) [Orabug: 35210565] - vDPA: conditionally read MTU and MAC in dev cfg space (Zhu Lingshan) [Orabug: 35210565] - vDPA: fix spars cast warning in vdpa_dev_net_mq_config_fill (Zhu Lingshan) [Orabug: 35210565] - vDPA: check virtio device features to detect MQ (Zhu Lingshan) [Orabug: 35210565] - vDPA: check VIRTIO_NET_F_RSS for max_virtqueue_paris's presence (Zhu Lingshan) [Orabug: 35210565] - vDPA: only report driver features if FEATURES_OK is set (Zhu Lingshan) [Orabug: 35210565] - vDPA: allow userspace to query features of a vDPA device (Zhu Lingshan) [Orabug: 35210565] - vp_vdpa: support feature provisioning (Jason Wang) [Orabug: 35210565] - vdpa_sim_net: support feature provisioning (Jason Wang) [Orabug: 35210565] - vdpa: device feature provisioning (Jason Wang) [Orabug: 35210565] - virtio: drop vp_legacy_set_queue_size (Michael S. Tsirkin) [Orabug: 35210565] - vdpa/mlx5: Fix MQ to support non power of two num queues (Eli Cohen) [Orabug: 35210565] - vdpa/mlx5: Fix possible uninitialized return value (Eli Cohen) [Orabug: 35210565] - vdpa/mlx5: Support different address spaces for control and data (Eli Cohen) [Orabug: 35210565] - vdpa/mlx5: Implement susupend virtqueue callback (Eli Cohen) [Orabug: 35210565] - vdpa/mlx5: Use eth_broadcast_addr() to assign broadcast address (Xu Qiang) [Orabug: 35210565] - vdpa_sim: Implement suspend vdpa op (Eugenio Perez) [Orabug: 35210565] - vhost-vdpa: uAPI to suspend the device (Eugenio Perez) [Orabug: 35210565] - vhost-vdpa: introduce SUSPEND backend feature bit (Eugenio Perez) [Orabug: 35210565] - vdpa: Add suspend operation (Eugenio Perez) [Orabug: 35210565] - vhost-vdpa: Call ida_simple_remove() when failed (Bo Liu) [Orabug: 35210565] - vDPA: fix 'cast to restricted le16' warnings in vdpa.c (Zhu Lingshan) [Orabug: 35210565] - vDPA: !FEATURES_OK should not block querying device config space (Zhu Lingshan) [Orabug: 35210565] - vdpa_sim: use max_iotlb_entries as a limit in vhost_iotlb_init (Stefano Garzarella) [Orabug: 35210565] - vringh: iterate on iotlb_translate to handle large translations (Stefano Garzarella) [Orabug: 35210565] - vhost-vdpa: call vhost_vdpa_cleanup during the release (Stefano Garzarella) [Orabug: 35210565] - vdpa/mlx5: Add RX MAC VLAN filter support (Eli Cohen) [Orabug: 35210565] - vdpa/mlx5: Remove flow counter from steering (Eli Cohen) [Orabug: 35210565] - vhost-vdpa: return -EFAULT on copy_to_user() failure (Dan Carpenter) [Orabug: 35210565] - vdpasim: Off by one in vdpasim_set_group_asid() (Dan Carpenter) [Orabug: 35210565] - vdpa/vp_vdpa : add vdpa tool support in vp_vdpa (Cindy Lu) [Orabug: 35210565] - vdpasim: control virtqueue support (Gautam Dawar) [Orabug: 35210565] - vdpa_sim: filter destination mac address (Gautam Dawar) [Orabug: 35210565] - vdpa_sim: factor out buffer completion logic (Gautam Dawar) [Orabug: 35210565] - vdpa_sim: advertise VIRTIO_NET_F_MTU (Gautam Dawar) [Orabug: 35210565] - vhost-vdpa: support ASID based IOTLB API (Gautam Dawar) [Orabug: 35210565] - vhost-vdpa: introduce uAPI to set group ASID (Gautam Dawar) [Orabug: 35210565] - vhost-vdpa: uAPI to get virtqueue group id (Gautam Dawar) [Orabug: 35210565] - vhost-vdpa: introduce uAPI to get the number of address spaces (Gautam Dawar) [Orabug: 35210565] - vhost-vdpa: introduce uAPI to get the number of virtqueue groups (Gautam Dawar) [Orabug: 35210565] - vhost-vdpa: introduce asid based IOTLB (Gautam Dawar) [Orabug: 35210565] - vhost: support ASID in IOTLB API (Gautam Dawar) [Orabug: 35210565] - vhost_iotlb: split out IOTLB initialization (Gautam Dawar) [Orabug: 35210565] - vdpa: introduce config operations for associating ASID to a virtqueue group (Gautam Dawar) [Orabug: 35210565] - vdpa: multiple address spaces support (Gautam Dawar) [Orabug: 35210565] - vdpa: introduce virtqueue groups (Gautam Dawar) [Orabug: 35210565] - vhost-vdpa: switch to use vhost-vdpa specific IOTLB (Gautam Dawar) [Orabug: 35210565] - vhost-vdpa: passing iotlb to IOMMU mapping helpers (Gautam Dawar) [Orabug: 35210565] - virtio-vdpa: don't set callback if virtio doesn't need it (Gautam Dawar) [Orabug: 35210565] - vhost: move the backend feature bits to vhost_types.h (Gautam Dawar) [Orabug: 35210565] - vdpa/mlx5: Use readers/writers semaphore instead of mutex (Eli Cohen) [Orabug: 35210565] - vdpa/mlx5: Add support for reading descriptor statistics (Eli Cohen) [Orabug: 35210565] - net/vdpa: Use readers/writers semaphore instead of cf_mutex (Eli Cohen) [Orabug: 35210565] - net/vdpa: Use readers/writers semaphore instead of vdpa_dev_mutex (Eli Cohen) [Orabug: 35210565] - vdpa: Add support for querying vendor statistics (Eli Cohen) [Orabug: 35210565] - net/mlx5: Add support for configuring max device MTU (Eli Cohen) [Orabug: 35210565] - uek-rpm: Install dtb files under /lib/modules (Dave Kleikamp) [Orabug: 35333240] - Revert 'mm: track driver pinned pages across exec' (Anthony Yznaga) [Orabug: 35346656] - Revert 'cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset' (Tom Hromatka) [Orabug: 35361250] - Revert 'rds: ib: Fix non-parenthetical mutex/semaphore use' (Hakon Bugge) [Orabug: 35377399] [5.15.0-102.110.3] - uek-rpm: Fix the core lists to match changes in qrtr build. (Jack Vogel) - Revert 'KVM: arm64: PMU: Restore the guest's EL0 event counting after migration' (Jack Vogel) [5.15.0-102.110.2] - LTS version: v5.15.110 (Jack Vogel) - riscv: No need to relocate the dtb as it lies in the fixmap region (Alexandre Ghiti) - riscv: Do not set initial_boot_params to the linear address of the dtb (Alexandre Ghiti) - riscv: Move early dtb mapping into the fixmap region (Alexandre Ghiti) - selftests: mptcp: join: fix 'invalid address, ADD_ADDR timeout' (Matthieu Baerts) - driver core: Don't require dynamic_debug for initcall_debug probe timing (Stephen Boyd) - USB: serial: option: add UNISOC vendor and TOZED LT70C product (Ar?nc UNAL) - bluetooth: Perform careful capability checks in hci_sock_ioctl() (Ruihan Li) - drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var (Daniel Vetter) - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (Jisoo Jang) - KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() (Dan Carpenter) - KVM: arm64: Retry fault if vma_lookup() results become invalid (David Matlack) - selftests/kselftest/runner/run_one(): allow running non-executable files (SeongJae Park) - PCI/ASPM: Remove pcie_aspm_pm_state_change() (Kai-Heng Feng) - LTS version: v5.15.109 (Jack Vogel) - soc: sifive: l2_cache: fix missing of_node_put() in sifive_l2_init() (Yang Yingliang) - soc: sifive: l2_cache: fix missing free_irq() in error path in sifive_l2_init() (Yang Yingliang) - soc: sifive: l2_cache: fix missing iounmap() in error path in sifive_l2_init() (Yang Yingliang) - ASN.1: Fix check for strdup() success (Ekaterina Orlova) - ASoC: fsl_asrc_dma: fix potential null-ptr-deref (Nikita Zhandarovich) - mm/page_alloc: fix potential deadlock on zonelist_update_seq seqlock (Tetsuo Handa) - iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() (Dan Carpenter) - counter: 104-quad-8: Fix race condition between FLAG and CNTR reads (William Breathitt Gray) - pwm: hibvt: Explicitly set .polarity in .get_state() (Uwe Kleine-Konig) - pwm: iqs620a: Explicitly set .polarity in .get_state() (Uwe Kleine-Konig) - pwm: meson: Explicitly set .polarity in .get_state() (Uwe Kleine-Konig) - sctp: Call inet6_destroy_sock() via sk->sk_destruct(). (Kuniyuki Iwashima) - dccp: Call inet6_destroy_sock() via sk->sk_destruct(). (Kuniyuki Iwashima) - inet6: Remove inet6_destroy_sock() in sk->sk_prot->destroy(). (Kuniyuki Iwashima) - tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct(). (Kuniyuki Iwashima) - udp: Call inet6_destroy_sock() in setsockopt(IPV6_ADDRFORM). (Kuniyuki Iwashima) - fuse: fix deadlock between atomic O_TRUNC and page invalidation (Miklos Szeredi) - fuse: always revalidate rename target dentry (Jiachen Zhang) - fuse: fix attr version comparison in fuse_read_update_size() (Miklos Szeredi) - purgatory: fix disabling debug info (Alyssa Ross) - docs: futex: Fix kernel-doc references after code split-up preparation (Salvatore Bonaccorso) - MIPS: Define RUNTIME_DISCARD_EXIT in LD script (Jiaxun Yang) - sched/fair: Fixes for capacity inversion detection (Qais Yousef) - sched/uclamp: Fix a uninitialized variable warnings (Qais Yousef) - sched/fair: Consider capacity inversion in util_fits_cpu() (Qais Yousef) - sched/fair: Detect capacity inversion (Qais Yousef) - sched/uclamp: Cater for uclamp in find_energy_efficient_cpu()'s early exit condition (Qais Yousef) - sched/uclamp: Make cpu_overutilized() use util_fits_cpu() (Qais Yousef) - sched/uclamp: Fix fits_capacity() check in feec() (Qais Yousef) - mm: page_alloc: skip regions with hugetlbfs pages when allocating 1G pages (Mel Gorman) - mm/khugepaged: check again on anon uffd-wp during isolation (Peter Xu) - drm/i915: Fix fast wake AUX sync len (Ville Syrjala) - mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25 (Bhavya Kapoor) - kernel/sys.c: fix and improve control flow in __sys_setres[ug]id() (Ondrej Mosnacek) - memstick: fix memory leak if card device is never registered (Greg Kroah-Hartman) - nilfs2: initialize unused bytes in segment summary blocks (Ryusuke Konishi) - iio: light: tsl2772: fix reading proximity-diodes from device tree (Brian Masney) - rtmutex: Add acquire semantics for rtmutex lock acquisition slow path (Mel Gorman) - platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE (Hans de Goede) - xen/netback: use same error messages for same errors (Juergen Gross) - nvme-tcp: fix a possible UAF when failing to allocate an io queue (Sagi Grimberg) - s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (Heiko Carstens) - net: dsa: b53: mmap: add phy ops (Alvaro Fernandez Rojas) - scsi: core: Improve scsi_vpd_inquiry() checks (Damien Le Moal) - scsi: megaraid_sas: Fix fw_crash_buffer_show() (Tomas Henzl) - selftests: sigaltstack: fix -Wuninitialized (Nick Desaulniers) - platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2 (Frank Crawford) - Input: i8042 - add quirk for Fujitsu Lifebook A574/H (Jonathan Denose) - f2fs: Fix f2fs_truncate_partial_nodes ftrace event (Douglas Raillard) - e1000e: Disable TSO on i219-LM card to increase speed (Sebastian Basierski) - bpf: Fix incorrect verifier pruning due to missing register precision taints (Daniel Borkmann) - spi: spi-rockchip: Fix missing unwind goto in rockchip_sfc_probe() (Li Lanzhe) - mlxsw: pci: Fix possible crash during initialization (Ido Schimmel) - net: rpl: fix rpl header size calculation (Alexander Aring) - bonding: Fix memory leak when changing bond type to Ethernet (Ido Schimmel) - mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() (Nikita Zhandarovich) - bnxt_en: Do not initialize PTP on older P3/P4 chips (Michael Chan) - netfilter: nf_tables: tighten netlink attribute requirements for catch-all elements (Pablo Neira Ayuso) - netfilter: nf_tables: validate catch-all set elements (Pablo Neira Ayuso) - i40e: fix i40e_setup_misc_vector() error handling (Aleksandr Loktionov) - i40e: fix accessing vsi->active_filters without holding lock (Aleksandr Loktionov) - netfilter: nf_tables: fix ifdef to also consider nf_tables=m (Florian Westphal) - sfc: Fix use-after-free due to selftest_work (Ding Hui) - sfc: Split STATE_READY in to STATE_NET_DOWN and STATE_NET_UP. (Jonathan Cooper) - virtio_net: bugfix overflow inside xdp_linearize_page() (Xuan Zhuo) - net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg (Gwangun Jung) - regulator: fan53555: Fix wrong TCS_SLEW_MASK (Cristian Ciocaltea) - regulator: fan53555: Explicitly include bits header (Cristian Ciocaltea) - netfilter: br_netfilter: fix recent physdev match breakage (Florian Westphal) - arm64: dts: imx8mm-evk: correct pmic clock source (Peng Fan) - arm64: dts: meson-g12-common: specify full DMC range (Marc Gonzalez) - arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node (Dmitry Baryshkov) - ARM: dts: rockchip: fix a typo error for rk3288 spdif node (Jianqun Xu) - LTS version: v5.15.108 (Jack Vogel) - nvme-pci: avoid the deepest sleep state on ZHITAI TiPro5000 SSDs (Xi Ruoyao) - counter: Add the necessary colons and indents to the comments of counter_compi (Yanteng Si) - counter: fix docum. build problems after filename change (Randy Dunlap) - panic, kexec: make __crash_kexec() NMI safe (Valentin Schneider) - kexec: turn all kexec_mutex acquisitions into trylocks (Valentin Schneider) - nvme-pci: add NVME_QUIRK_BOGUS_NID for T-FORCE Z330 SSD (Duy Truong) - nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN (Juraj Pecigos) - nvme-pci: add NVME_QUIRK_BOGUS_NID for Lexar NM760 (Abhijit) - nvme-pci: add NVME_QUIRK_BOGUS_NID for Lexar NM610 (Shyamin Ayesh) - nvme-pci: Crucial P2 has bogus namespace ids (Tobias Gruetzmacher) - nvme-pci: avoid the deepest sleep state on ZHITAI TiPro7000 SSDs (Ning Wang) - nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA XPG GAMMIX S50 (Stefan Reiter) - i2c: ocores: generate stop condition after timeout in polling mode (Gregor Herburger) - x86/rtc: Remove __init for runtime functions (Matija Glavinic Pecotic) - sched/fair: Fix imbalance overflow (Vincent Guittot) - sched/fair: Move calculate of avg_load to a better location (zgpeng) - powerpc/papr_scm: Update the NUMA distance table for the target node (Aneesh Kumar K.V) - ubi: Fix deadlock caused by recursively holding work_sem (ZhaoLong Wang) - ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size (Zhihao Cheng) - mptcp: stricter state check in mptcp_worker (Paolo Abeni) - mptcp: use mptcp_schedule_work instead of open-coding it (Paolo Abeni) - cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach() (Waiman Long) - x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot (Basavaraj Natikar) - scsi: ses: Handle enclosure with just a primary component gracefully (Jiri Kosina) - net: phy: nxp-c45-tja11xx: fix unsigned long multiplication overflow (Radu Pirea (OSS)) - net: phy: nxp-c45-tja11xx: add remove callback (Radu Pirea (OSS)) - net: sfp: initialize sfp->i2c_block_size at sfp allocation (Ivan Bornyakov) - riscv: add icache flush for nommu sigreturn trampoline (Mathis Salmen) - drm/i915: fix race condition UAF in i915_perf_add_config_ioctl (Min Li) - i915/perf: Replace DRM_DEBUG with driver specific drm_dbg call (Umesh Nerlige Ramappa) - tracing: Have tracing_snapshot_instance_cond() write errors to the appropriate instance (Steven Rostedt (Google)) - tracing: Add trace_array_puts() to write into instance (Steven Rostedt (Google)) - counter: 104-quad-8: Fix Synapse action reported for Index signals (William Breathitt Gray) - counter: Internalize sysfs interface code (William Breathitt Gray) - counter: stm32-timer-cnt: Provide defines for slave mode selection (William Breathitt Gray) - counter: stm32-lptimer-cnt: Provide defines for clock polarities (William Breathitt Gray) - ACPI: resource: Add Medion S17413 to IRQ override quirk (Aymeric Wibo) - wifi: iwlwifi: mvm: fix mvmtxq->stopped handling (Johannes Berg) - asymmetric_keys: log on fatal failures in PE/pkcs7 (Robbie Harwood) - verify_pefile: relax wrapper length check (Robbie Harwood) - drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F (Hans de Goede) - efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L (Hans de Goede) - i2c: hisi: Avoid redundant interrupts (Yicong Yang) - i2c: imx-lpi2c: clean rx/tx buffers upon new message (Alexander Stein) - wifi: mwifiex: mark OF related data as maybe unused (Krzysztof Kozlowski) - power: supply: cros_usbpd: reclassify 'default case!' as debug (Grant Grundler) - ARM: 9290/1: uaccess: Fix KASAN false-positives (Andrew Jeffery) - libbpf: Fix single-line struct definition output in btf_dump (Andrii Nakryiko) - skbuff: Fix a race between coalescing and releasing SKBs (Liang Chen) - net: macb: fix a memory corruption in extended buffer descriptor mode (Roman Gushchin) - udp6: fix potential access to stale information (Eric Dumazet) - RDMA/core: Fix GID entry ref leak when create_ah fails (Saravanan Vajravel) - sctp: fix a potential overflow in sctp_ifwdtsn_skip (Xin Long) - net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume() (Ziyang Xuan) - qlcnic: check pci_reset_function result (Denis Plotnikov) - drm/armada: Fix a potential double free in an error handling path (Christophe JAILLET) - tcp: restrict net.ipv4.tcp_app_win (YueHaibing) - niu: Fix missing unwind goto in niu_alloc_channels() (Harshit Mogalapalli) - 9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition (Zheng Wang) - bpf: tcp: Use sock_gen_put instead of sock_put in bpf_iter_tcp (Martin KaFai Lau) - IB/mlx5: Add support for 400G_8X lane speed (Maher Sanalla) - RDMA/irdma: Add ipv4 check to irdma_find_listener() (Tatyana Nikolova) - RDMA/irdma: Increase iWARP CM default rexmit count (Mustafa Ismail) - RDMA/irdma: Fix memory leak of PBLE objects (Mustafa Ismail) - clk: sprd: set max_register according to mapping range (Chunyan Zhang) - drm/i915/dsi: fix DSS CTL register offsets for TGL+ (Jani Nikula) - KVM: arm64: PMU: Restore the guest's EL0 event counting after migration (Reiji Watanabe) - mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min (Christophe Kerello) - mtd: rawnand: stm32_fmc2: remove unsupported EDO mode (Christophe Kerello) - mtd: rawnand: meson: fix bitmask for length in command word (Arseniy Krasnov) - mtdblock: tolerate corrected bit-flips (Bang Li) - fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace (Daniel Vetter) - btrfs: fix fast csum implementation detection (Christoph Hellwig) - btrfs: print checksum type and implementation at mount time (David Sterba) - Bluetooth: Fix race condition in hidp_session_thread (Min Li) - Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} (Luiz Augusto von Dentz) - ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards (Oswald Buddenhagen) - ALSA: emu10k1: don't create old pass-through playback device on Audigy (Oswald Buddenhagen) - ALSA: firewire-tascam: add missing unwind goto in snd_tscm_stream_start_duplex() (Xu Biang) - ALSA: i2c/cs8427: fix iec958 mixer control deactivation (Oswald Buddenhagen) - ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard (Oswald Buddenhagen) - ALSA: emu10k1: fix capture interrupt handler unlinking (Oswald Buddenhagen) - Revert 'pinctrl: amd: Disable and mask interrupts on resume' (Kornel Duleba) - LTS version: v5.15.107 (Jack Vogel) - bpftool: Print newline before '}' for struct with padding only fields (Eduard Zingerman) - ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown (Heming Zhao) - kbuild: fix single directory build (Masahiro Yamada) - mm: take a page reference when removing device exclusive entries (Alistair Popple) - drm/bridge: lt9611: Fix PLL being unable to lock (Robert Foss) - mm/swap: fix swap_info_struct race between swapoff and get_swap_pages() (Rongwei Wang) - ring-buffer: Fix race while reader and writer are on the same page (Zheng Yejian) - drm/nouveau/disp: Support more modes by checking with lower bpc (Karol Herbst) - drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path (Boris Brezillon) - mm: vmalloc: avoid warn_alloc noise caused by fatal signal (Yafang Shao) - ASoC: hdac_hdmi: use set_stream() instead of set_tdm_slots() (Jason Montleon) - tracing: Free error logs of tracing instances (Steven Rostedt (Google)) - can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events (Michal Sojka) - can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access (Oleksij Rempel) - fs: drop peer group ids under namespace lock (Christian Brauner) - ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct() (Zheng Yejian) - ftrace: Mark get_lock_parent_ip() __always_inline (John Keeping) - perf/core: Fix the same task check in perf_event_set_output (Kan Liang) - cifs: sanitize paths in cifs_update_super_prepath. (Thiago Rafael Becker) - smb3: lower default deferred close timeout to address perf regression (Steve French) - smb3: allow deferred close timeout to be configurable (Steve French) - scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() (Zhong Jinghua) - scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() (Li Zetao) - iio: adc: ad7791: fix IRQ flags (Nuno Sa) - coresight-etm4: Fix for() loop drvdata->nr_addr_cmp range bug (Steve Clevenger) - coresight: etm4x: Do not access TRCIDR1 for identification (Suzuki K Poulose) - ALSA: hda/realtek: Add quirk for Clevo X370SNW (Jeremy Soller) - ksmbd: do not call kvmalloc() with __GFP_NORETRY | __GFP_NO_WARN (Marios Makassikis) - dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs (Geert Uytterhoeven) - nilfs2: fix sysfs interface lifetime (Ryusuke Konishi) - nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() (Ryusuke Konishi) - tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty (Sherry Sun) - tty: serial: sh-sci: Fix Rx on RZ/G2L SCI (Biju Das) - tty: serial: sh-sci: Fix transmit end interrupt handler (Biju Das) - iio: light: cm32181: Unregister second I2C client if present (Kai-Heng Feng) - iio: dac: cio-dac: Fix max DAC write value check for 12-bit (William Breathitt Gray) - iio: adc: ti-ads7950: Set can_sleep flag for GPIO chip (Lars-Peter Clausen) - iio: adis16480: select CONFIG_CRC32 (Arnd Bergmann) - USB: serial: option: add Quectel RM500U-CN modem (Bj?rn Mork) - USB: serial: option: add Telit FE990 compositions (Enrico Sau) - usb: typec: altmodes/displayport: Fix configure initial pin assignment (RD Babiera) - USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (Kees Jan Koster) - usb: dwc3: pci: add support for the Intel Meteor Lake-S (Heikki Krogerus) - usb: cdnsp: Fixes error: uninitialized symbol 'len' (Pawel Laszczak) - xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu (D Scott Phillips) - usb: xhci: tegra: fix sleep in atomic call (Wayne Chang) - kbuild: refactor single builds of *.ko (Masahiro Yamada) - gve: Secure enough bytes in the first TX desc for all TCP pkts (Shailend Chand) - ethtool: reset #lanes when lanes is omitted (Andy Roulin) - ice: Reset FDIR counter in FDIR init stage (Lingyu Liu) - ice: fix wrong fallback logic for FDIR (Simei Su) - NFSD: callback request does not use correct credential for AUTH_SYS (Dai Ngo) - sunrpc: only free unix grouplist after RCU settles (Jeff Layton) - net: stmmac: fix up RX flow hash indirection table when setting channels (Corinna Vinschen) - net: ethernet: ti: am65-cpsw: Fix mdio cleanup in probe (Siddharth Vadapalli) - gpio: davinci: Add irq chip flag to skip set wake (Dhruva Gole) - platform/x86: think-lmi: Clean up display of current_value on Thinkstation (Mark Pearson) - platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings (Mark Pearson) - platform/x86: think-lmi: Fix memory leak when showing current settings (Armin Wolf) - ipv6: Fix an uninit variable access bug in __ip6_make_skb() (Ziyang Xuan) - net: qrtr: Do not do DEL_SERVER broadcast after DEL_CLIENT (Sricharan Ramabadhran) - sctp: check send stream number after wait_for_sndbuf (Xin Long) - net: dsa: mv88e6xxx: Reset mv88e6393x force WD event bit (Gustav Ekelund) - net: don't let netpoll invoke NAPI if in xmit context (Jakub Kicinski) - icmp: guard against too small mtu (Eric Dumazet) - NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL (Chuck Lever) - net: qrtr: Fix a refcount bug in qrtr_recvmsg() (Ziyang Xuan) - net: qrtr: combine nameservice into main module (Luca Weiss) - wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta (Felix Fietkau) - KVM: s390: pv: fix external interruption loop not always detected (Nico Boehr) - pwm: sprd: Explicitly set .polarity in .get_state() (Uwe Kleine-Konig) - pwm: cros-ec: Explicitly set .polarity in .get_state() (Uwe Kleine-Konig) - Drivers: vmbus: Check for channel allocation before looking up relids (Mohammed Gamal) - gpio: GPIO_REGMAP: select REGMAP instead of depending on it (Randy Dunlap) - bpf: hash map, avoid deadlock with suitable hash mask (Tonghao Zhang) - serial: exar: Add support for Sealevel 7xxxC serial cards (Matthew Howell) - serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O cards (Andy Shevchenko) - iavf/iavf_main: actually log ->src mask when talking about it (Daniil Tatianin) - iavf: return errno code instead of status code (Jacob Keller) - platform/x86: int3472/discrete: Ensure the clk/power enable pins are in output mode (Hans de Goede) - platform/x86: int3472: Split into 2 drivers (Hans de Goede) - RDMA/irdma: Do not request 2-level PBLEs for CQ alloc (Mustafa Ismail) - NFSD: pass range end to vfs_fsync_range() instead of count (Brian Foster) - NFSD: Fix sparse warning (Chuck Lever) - ocfs2: fix memory leak in ocfs2_mount_volume() (Li Zetao) - ocfs2: rewrite error handling of ocfs2_fill_super (Heming Zhao via Ocfs2-devel) - ocfs2: ocfs2_mount_volume does cleanup job before return error (Heming Zhao via Ocfs2-devel) - LTS version: v5.15.106 (Jack Vogel) - x86/PVH: avoid 32-bit build warning when obtaining VGA console info (Jan Beulich) - hsr: ratelimit only when errors are printed (Matthieu Baerts) - libbpf: Fix btf_dump's packed struct determination (Andrii Nakryiko) - selftests/bpf: Add few corner cases to test padding handling of btf_dump (Andrii Nakryiko) - libbpf: Fix BTF-to-C converter's padding logic (Andrii Nakryiko) - selftests/bpf: Test btf dump for struct with padding only fields (Eduard Zingerman) - zonefs: Fix error message in zonefs_file_dio_append() (Damien Le Moal) hrtimer dance to common x86 (Sean Christopherson) - s390/uaccess: add missing earlyclobber annotations to __clear_user() (Heiko Carstens) - KVM: arm64: Disable interrupts while walking userspace PTs (Marc Zyngier) - drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub (Fangzhi Zuo) - drm/etnaviv: fix reference leak when mmaping imported buffer (Lucas Stach) - rcu: Fix rcu_torture_read ftrace event (Douglas Raillard) - xtensa: fix KASAN report for show_stack (Max Filippov) - ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z (huangwenhui) - ALSA: hda/realtek: Add quirks for some Clevo laptops (Tim Crawford) - ALSA: usb-audio: Fix regression on detection of Roland VS-100 (Takashi Iwai) - ALSA: hda/conexant: Partial revert of a quirk for Lenovo (Takashi Iwai) - NFSv4: Fix hangs when recovering open state after a server reboot (Trond Myklebust) - powerpc: Don't try to copy PPR for task with NULL pt_regs (Jens Axboe) - pinctrl: at91-pio4: fix domain name assignment (Johan Hovold) - pinctrl: amd: Disable and mask interrupts on resume (Kornel Duleba) - net: phy: dp83869: fix default value for tx-/rx-internal-delay (Josua Mayer) - xen/netback: don't do grant copy across page boundary (Juergen Gross) - can: j1939: prevent deadlock by moving j1939_sk_errqueue() (Oleksij Rempel) - zonefs: Always invalidate last cached page on append write (Damien Le Moal) - btrfs: scan device in non-exclusive mode (Anand Jain) - btrfs: fix race between quota disable and quota assign ioctls (Filipe Manana) - Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table (Hans de Goede) - cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (David Disseldorp) - cifs: prevent infinite recursion in CIFSGetDFSRefer() (Paulo Alcantara) - Input: focaltech - use explicitly signed char type (Jason A. Donenfeld) - Input: alps - fix compatibility with -funsigned-char (msizanoen) - iommu/vt-d: Allow zero SAGAW if second-stage not supported (Lu Baolu) - pinctrl: ocelot: Fix alt mode for ocelot (Horatiu Vultur) - net: ethernet: mtk_eth_soc: fix flow block refcounting logic (Felix Fietkau) - net: dsa: mv88e6xxx: Enable IGMP snooping on user ports only (Steffen Batz) - bnxt_en: Add missing 200G link speed reporting (Michael Chan) - bnxt_en: Fix typo in PCI id to device description string mapping (Kalesh AP) - bnxt_en: Fix reporting of test result in ethtool selftest (Kalesh AP) - i40e: fix registers dump after run ethtool adapter self test (Radoslaw Tyl) - net: ipa: compute DMA pool size properly (Alex Elder) - ALSA: ymfpci: Fix BUG_ON in probe function (Tasos Sahanidis) - ALSA: ymfpci: Create card with device-managed snd_devm_card_new() (Tasos Sahanidis) - ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (Jakob Koschel) - ice: add profile conflict check for AVF FDIR (Junfeng Guo) - smsc911x: avoid PHY being resumed when interface is not up (Wolfram Sang) - net: mvpp2: parser fix PPPoE (Sven Auhagen) - net: mvpp2: parser fix QinQ (Sven Auhagen) - net: mvpp2: classifier flow fix fragmentation flags (Sven Auhagen) - loop: LOOP_CONFIGURE: send uevents for partitions (Alyssa Ross) - loop: suppress uevents while reconfiguring the device (Christoph Hellwig) - s390/vfio-ap: fix memory leak in vfio_ap device driver (Tony Krowiak) - can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (Ivan Orlov) - platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix (Rajvi Jingar) - drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state (Imre Deak) - net: stmmac: don't reject VLANs when IFF_PROMISC is set (Vladimir Oltean) - net/net_failover: fix txq exceeding warning (Faicker Mo) - regulator: Handle deferred clk (Christophe JAILLET) - r8169: fix RTL8168H and RTL8107E rx crc error (ChunHao Lin) - net: dsa: microchip: ksz8863_smi: fix bulk access (Oleksij Rempel) - ptp_qoriq: fix memory leak in probe() (SongJingyi) - scsi: mpt3sas: Don't print sense pool info twice (Jerry Snitselaar) - scsi: megaraid_sas: Fix crash after a double completion (Tomas Henzl) - sfc: ef10: don't overwrite offload features at NIC reset (Inigo Huguet) - SUNRPC: fix shutdown of NFS TCP client socket (Siddharth Kawar) - mtd: rawnand: meson: invalidate cache on polling ECC bit (Arseniy Krasnov) - platform/x86: think-lmi: Add possible_values for ThinkStation (Mark Pearson) - platform/x86: think-lmi: only display possible_values if available (Mark Pearson) - platform/x86: think-lmi: use correct possible_values delimiters (Mark Pearson) - platform/x86: think-lmi: add missing type attribute (Mark Pearson) - ALSA: usb-audio: Fix recursive locking at XRUN during syncing (Takashi Iwai) - mips: bmips: BCM6358: disable RAC flush for TP1 (Alvaro Fernandez Rojas) - ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() (Harshit Mogalapalli) - tracing: Fix wrong return in kprobe_event_gen_test.c (Anton Gusev) - tools/power turbostat: fix decoding of HWP_STATUS (Antti Laakso) - tools/power turbostat: Fix /dev/cpu_dma_latency warnings (Prarit Bhargava) - fbdev: au1200fb: Fix potential divide by zero (Wei Chen) - fbdev: lxfb: Fix potential divide by zero (Wei Chen) - fbdev: intelfb: Fix potential divide by zero (Wei Chen) - fbdev: nvidia: Fix potential divide by zero (Wei Chen) - sched_getaffinity: don't assume 'cpumask_size()' is fully initialized (Linus Torvalds) - fbdev: tgafb: Fix potential divide by zero (Wei Chen) - ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() (Kuninori Morimoto) - ALSA: asihpi: check pao in control_message() (Kuninori Morimoto) - net: hsr: Don't log netdev_err message on unknown prp dst node (Kristian Overskeid) - x86/PVH: obtain VGA console info in Dom0 (Jan Beulich) - md: avoid signed overflow in slot_store() (NeilBrown) - ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds (Ravulapati Vishnu Vardhan Rao) - xfrm: Zero padding when dumping algos and encap (Herbert Xu) - bus: imx-weim: fix branch condition evaluates to a garbage value (Ivan Bornyakov) - ksmbd: don't terminate inactive sessions after a few seconds (Namjae Jeon) - kcsan: avoid passing -g for test (Marco Elver) - kernel: kcsan: kcsan_test: build without structleak plugin (Anders Roxell) - usb: dwc3: gadget: Add 1ms delay after end transfer command without IOC (Wesley Cheng) - usb: dwc3: gadget: move cmd_endtransfer to extra function (Michael Grzeschik) - fsverity: don't drop pagecache at end of FS_IOC_ENABLE_VERITY (Eric Biggers) - LTS version: v5.15.105 (Jack Vogel) - NFSD: fix use-after-free in __nfs42_ssc_open() (Dai Ngo) - ocfs2: fix data corruption after failed write (Jan Kara via Ocfs2-devel) - mm: kfence: fix using kfence_metadata without initialization in show_object() (Muchun Song) - sched/fair: Sanitize vruntime of entity being migrated (Vincent Guittot) - sched/fair: sanitize vruntime of entity being placed (Zhang Qiao) - dm crypt: avoid accessing uninitialized tasklet (Mike Snitzer) - dm crypt: add cond_resched() to dmcrypt_write() (Mikulas Patocka) - dm stats: check for and propagate alloc_percpu failure (Jiasheng Jiang) - i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (Wei Chen) - firmware: arm_scmi: Fix device node validation for mailbox transport (Cristian Marussi) - tee: amdtee: fix race condition in amdtee_open_session (Rijo Thomas) - riscv: Handle zicsr/zifencei issues between clang and binutils (Nathan Chancellor) - riscv: mm: Fix incorrect ASID argument when flushing TLB (Dylan Jhong) - drm/i915: Preserve crtc_state->inherited during state clearing (Ville Syrjala) - drm/i915/active: Fix missing debug object activation (Nirmoy Das) - drm/amdgpu/nv: Apply ASPM quirk on Intel ADL + AMD Navi (Kai-Heng Feng) - drm/meson: fix missing component unbind on bind errors (Johan Hovold) - drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found (Matheus Castello) - nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() (Ryusuke Konishi) - wifi: mac80211: fix qos on mesh interfaces (Felix Fietkau) - ksmbd: return unsupported error on smb1 mount (Namjae Jeon) - ksmbd: return STATUS_NOT_SUPPORTED on unsupported smb2.0 dialect (Namjae Jeon) - ksmbd: set FILE_NAMED_STREAMS attribute in FS_ATTRIBUTE_INFORMATION (Namjae Jeon) - KVM: x86: hyper-v: Avoid calling kvm_make_vcpus_request_mask() with vcpu_mask==NULL (Vitaly Kuznetsov) - kfence: avoid passing -g for test (Marco Elver) - usb: ucsi: Fix NULL pointer deref in ucsi_connector_change() (Hans de Goede) - usb: chipidea: core: fix possible concurrent when switch role (Xu Yang) - usb: chipdea: core: fix return -EINVAL if request role is the same with current role (Xu Yang) - usb: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver (Pawel Laszczak) - usb: cdnsp: Fixes issue with redundant Status Stage (Pawel Laszczak) - usb: cdns3: Fix issue with using incorrect PCI device function (Pawel Laszczak) - usb: typec: tcpm: fix warning when handle discover_identity message (Xu Yang) - dm thin: fix deadlock when swapping to thin device (Coly Li) - igb: revert rtnl_lock() that causes deadlock (Lin Ma) - arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name (Krzysztof Kozlowski) - lockd: set file_lock start and end when decoding nlm4 testargs (Jeff Layton) - fsverity: Remove WQ_UNBOUND from fsverity read workqueue (Nathan Huckleberry) - fscrypt: destroy keyring after security_sb_delete() (Eric Biggers) - mm/slab: Fix undefined init_cache_node_node() for NUMA and !SMP (Geert Uytterhoeven) - efi: sysfb_efi: Fix DMI quirks not working for simpledrm (Hans de Goede) - usb: gadget: u_audio: don't let userspace block driver unbind (Alvin Sipraga) - usb: dwc2: fix a devres leak in hw_enable upon suspend resume (Fabrice Gasnier) - scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR (Joel Selvaraj) - cifs: print session id while listing open files (Shyam Prasad N) - cifs: empty interface list when server doesn't support query interfaces (Shyam Prasad N) - act_mirred: use the backlog for nested calls to mirred ingress (Davide Caratti) - net/sched: act_mirred: better wording on protection against excessive stack growth (Davide Caratti) - sh: sanitize the flags on sigreturn (Al Viro) - net: usb: qmi_wwan: add Telit 0x1080 composition (Enrico Sau) - net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 (Enrico Sau) - scsi: storvsc: Handle BlockSize change in Hyper-V VHD/VHDX file (Michael Kelley) - scsi: lpfc: Avoid usage of list iterator variable after loop (Jakob Koschel) - scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() (Justin Tee) - scsi: ufs: core: Add soft dependency on governor_simpleondemand (Adrien Thierry) - scsi: hisi_sas: Check devm_add_action() return value (Kang Chen) - scsi: target: iscsi: Fix an error message in iscsi_check_key() (Maurizio Lombardi) - selftests/bpf: check that modifier resolves after pointer (Lorenz Bauer) - m68k: Only force 030 bus error if PC not in exception table (Michael Schmitz) - HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (Reka Norman) - ca8210: fix mac_len negative array access (Alexander Aring) - HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded (Danny Kaehn) - drm/cirrus: NULL-check pipe->plane.state->fb in cirrus_pipe_update() (Alexandr Sapozhnikov) - riscv: Bump COMMAND_LINE_SIZE value to 1024 (Alexandre Ghiti) - ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable (Mario Limonciello) - thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit (Tom Rix) - thunderbolt: Use const qualifier for ring_interrupt_index (Mario Limonciello) - thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access (Gil Fine) - thunderbolt: Disable interrupt auto clear for rings (Mario Limonciello) - thunderbolt: Call tb_check_quirks() after initializing adapters (Mika Westerberg) - thunderbolt: Use scale field when allocating USB3 bandwidth (Mika Westerberg) - uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (Yaroslav Furman) - hwmon (it87): Fix voltage scaling for chips with 10.9mV ADCs (Frank Crawford) - hwmon: fix potential sensor registration fail if of_node is missing (Phinex Hung) - entry/rcu: Check TIF_RESCHED _after_ delayed RCU wake-up (Frederic Weisbecker) - entry: Snapshot thread flags (Mark Rutland) - thread_info: Add helpers to snapshot thread flags (Mark Rutland) - platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl (Tzung-Bi Shih) - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (Zheng Wang) - Bluetooth: L2CAP: Fix responding with wrong PDU type (Luiz Augusto von Dentz) - Bluetooth: btqcomsmd: Fix command timeout after setting BD address (Stephan Gerhold) - net: mdio: thunder: Add missing fwnode_handle_put() (Liang He) - net: dsa: mt7530: move setting ssc_delta to PHY_INTERFACE_MODE_TRGMII case (Ar?nc UNAL) - net: dsa: mt7530: move lowering TRGMII driving to mt7530_setup() (Ar?nc UNAL) - net: dsa: mt7530: move enabling disabling core clock to mt7530_pll_setup() (Ar?nc UNAL) - gve: Cache link_speed value from device (Joshua Washington) - ksmbd: fix possible refcount leak in smb2_open() (ChenXiaoSong) - ksmbd: add low bound validation to FSCTL_QUERY_ALLOCATED_RANGES (Namjae Jeon) - ksmbd: add low bound validation to FSCTL_SET_ZERO_DATA (Namjae Jeon) - hvc/xen: prevent concurrent accesses to the shared ring (Roger Pau Monne) - nvme-tcp: fix nvme_tcp_term_pdu to match spec (Caleb Sander) - net/sonic: use dma_mapping_error() for error check (Zhang Changzhong) - erspan: do not use skb_mac_header() in ndo_start_xmit() (Eric Dumazet) - atm: idt77252: fix kmemleak when rmmod idt77252 (Li Zetao) - net: dsa: tag_brcm: legacy: fix daisy-chained switches (Alvaro Fernandez Rojas) - net/mlx5: E-Switch, Fix an Oops in error handling code (Dan Carpenter) - net/mlx5: Read the TC mapping of all priorities on ETS query (Maher Sanalla) - net/mlx5: Fix steering rules cleanup (Lama Kayal) - net/mlx5e: Set uplink rep as NETNS_LOCAL (Gavin Li) - bpf: Adjust insufficient default bpf_jit_limit (Daniel Borkmann) - i40e: fix flow director packet filter programming (Radoslaw Tyl) - iavf: fix hang on reboot with ice (Stefan Assmann) - keys: Do not cache key in task struct if key is requested from kernel thread (David Howells) - bootconfig: Fix testcase to increase max node (Masami Hiramatsu (Google)) - octeontx2-vf: Add missing free for alloc_percpu (Jiasheng Jiang) - net/ps3_gelic_net: Use dma_mapping_error (Geoff Levand) - net/ps3_gelic_net: Fix RX sk_buff length (Geoff Levand) - net: qcom/emac: Fix use after free bug in emac_remove due to race condition (Zheng Wang) - drm/i915/gt: perform uc late init after probe error injection (Andrzej Hajda) - net: mdio: fix owner field for mdio buses registered using ACPI (Florian Fainelli) - net: mdio: fix owner field for mdio buses registered using device-tree (Maxime Bizon) - net: phy: Ensure state transitions are processed from phy_stop() (Florian Fainelli) - xirc2ps_cs: Fix use after free bug in xirc2ps_detach (Zheng Wang) - qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (Daniil Tatianin) - net: usb: smsc95xx: Limit packet length to skb->len (Szymon Heidrich) - net: dsa: b53: mmap: fix device tree support (Alvaro Fernandez Rojas) - scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() (Yu Kuai) - i2c: hisi: Only use the completion interrupt to finish the transfer (Yicong Yang) - i2c: imx-lpi2c: check only for enabled interrupt flags (Alexander Stein) - igc: fix the validation logic for taprio's gate list (AKASHI Takahiro) - igbvf: Regard vf reset nack as success (Akihiko Odaki) - intel/igbvf: free irq on the error path in igbvf_request_msix() (Gaosheng Cui) - iavf: fix non-tunneled IPv6 UDP packet type and hashing (Alexander Lobakin) - iavf: fix inverted Rx hash condition leading to disabled hash (Alexander Lobakin) - xsk: Add missing overflow check in xdp_umem_reg (Kal Conley) - arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes (Marek Vasut) - ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl (Peng Fan) - ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl (Peng Fan) - power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (Zheng Wang) - power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition (Zheng Wang) - power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (Minghao Chi) - net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() (Hangyu Hua) - trace/hwlat: Do not start per-cpu thread if it is already running (Tero Kristo) - trace/hwlat: make use of the helper function kthread_run_on_cpu() (Cai Huoqing) - kthread: add the helper function kthread_run_on_cpu() (Cai Huoqing) - serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it (Randy Dunlap) - serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED (Geert Uytterhoeven) - tty: serial: fsl_lpuart: fix race on RX DMA shutdown (Alexander Sverdlin) - tty: serial: fsl_lpuart: switch to new dmaengine_terminate_* API (Sherry Sun) - serial: fsl_lpuart: Fix comment typo (Jason Wang) - tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr (Costa Shulyupin) - perf: fix perf_event_context->time (Song Liu) - perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output (Yang Jihong) - interconnect: qcom: osm-l3: fix icc_onecell_data allocation (Dmitry Baryshkov) - LTS version: v5.15.104 (Jack Vogel) - perf: Fix check before add_event_to_groups() in perf_group_detach() (Budimir Markovic) - HID: uhid: Over-ride the default maximum data buffer value with our own (Lee Jones) - HID: core: Provide new max_buffer_size attribute to over-ride the default (Lee Jones) - PCI/DPC: Await readiness of secondary bus after reset (Lukas Wunner) - PCI: Unify delay handling for reset and resume (Lukas Wunner) - io_uring: avoid null-ptr-deref in io_arm_poll_handler (Fedor Pchelkin) - drm/i915/active: Fix misuse of non-idle barriers as fence trackers (Janusz Krzysztofik) - drm/i915: Don't use stolen memory for ring buffers with LLC (John Harrison) - x86/resctrl: Clear staged_config[] before and after it is used (Shawn Wang) - x86/mm: Fix use of uninitialized buffer in sme_enable() (Nikita Zhandarovich) - x86/mce: Make sure logged MCEs are processed after sysfs update (Yazen Ghannam) - cpuidle: psci: Iterate backwards over list in psci_pd_remove() (Shawn Guo) - net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit (Radu Pirea (OSS)) - trace/hwlat: Do not wipe the contents of per-cpu thread data (Tero Kristo) - fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks (Helge Deller) - mmc: sdhci_am654: lower power-on failed message severity (Francesco Dolcini) - mm/userfaultfd: propagate uffd-wp bit when PTE-mapping the huge zeropage (David Hildenbrand) - ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (Dave Ertman) - nvme-pci: add NVME_QUIRK_BOGUS_NID for Netac NV3000 (Elmer Miroslav Mosher Golovin) - ftrace: Fix invalid address access in lookup_rec() when index is 0 (Chen Zhongjin) - mptcp: fix lockdep false positive in mptcp_pm_nl_create_listen_socket() (Paolo Abeni) - mptcp: avoid setting TCP_CLOSE state twice (Matthieu Baerts) - mptcp: add ro_after_init for tcp{,v6}_prot_override (Geliang Tang) - mptcp: fix possible deadlock in subflow_error_report (Paolo Abeni) - drm/amd/pm: Fix sienna cichlid incorrect OD volage after resume (Blazej Szczygiel) - drm/sun4i: fix missing component unbind on bind errors (Johan Hovold) - drm/shmem-helper: Remove another errant put in error path (Dmitry Osipenko) - riscv: asid: Fixup stale TLB entry cause application crash (Guo Ren) - Revert 'riscv: mm: notify remote harts about mmu cache updates' (Sergey Matyukevich) - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro (Hamidreza H. Fard) - ALSA: hda: intel-dsp-config: add MTL PCI id (Bard Liao) - cifs: Fix smb2_set_path_size() (Volker Lendecke) - tracing: Make tracepoint lockdep check actually test something (Steven Rostedt (Google)) - tracing: Check field value in hist_field_name() (Steven Rostedt (Google)) - tracing: Make splice_read available again (Sung-hun Kim) - interconnect: exynos: fix node leak in probe PM QoS error path (Johan Hovold) - interconnect: fix mem leak when freeing nodes (Johan Hovold) - s390/ipl: add missing intersection check to ipl_report handling (Sven Schnelle) - firmware: xilinx: don't make a sleepable memory allocation from an atomic context (Roman Gushchin) - serial: 8250_fsl: fix handle_irq locking (Johan Hovold) - serial: 8250_em: Fix UART port type (Biju Das) - tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted (Sherry Sun) - ext4: fix possible double unlock when moving a directory (Theodore Ts'o) - drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes (Alex Hung) - sh: intc: Avoid spurious sizeof-pointer-div warning (Michael Karcher) - net/9p: fix bug in client create for .L (Eric Van Hensbergen) - drm/amdkfd: Fix an illegal memory access (Qu Huang) - ext4: fix task hung in ext4_xattr_delete_inode (Baokun Li) - ext4: update s_journal_inum if it changes after journal replay (Baokun Li) - ext4: fail ext4_iget if special inode unallocated (Baokun Li) - jffs2: correct logic when creating a hole in jffs2_write_begin (Yifei Liu) - mmc: atmel-mci: fix race between stop command and start of next command (Tobias Schramm) - media: m5mols: fix off-by-one loop termination error (Linus Torvalds) - hwmon: (ltc2992) Set can_sleep flag for GPIO chip (Lars-Peter Clausen) - hwmon: (adm1266) Set can_sleep flag for GPIO chip (Lars-Peter Clausen) - kconfig: Update config changed flag before calling callback (Jurica Vukadin) - hwmon: tmp512: drop of_match_ptr for ID table (Krzysztof Kozlowski) - hwmon: (ucd90320) Add minimum delay between bus accesses (Lars-Peter Clausen) - hwmon: (ina3221) return prober error code (Marcus Folkesson) - hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition (Zheng Wang) - hwmon: (adt7475) Fix masking of hysteresis registers (Tony O'Brien) - hwmon: (adt7475) Display smoothing attributes in correct order (Tony O'Brien) - bonding: restore bond's IFF_SLAVE flag if a non-eth dev enslave fails (Nikolay Aleksandrov) - bonding: restore IFF_MASTER/SLAVE flags on bond enslave ether type change (Nikolay Aleksandrov) - ethernet: sun: add check for the mdesc_grab() (Liang He) - qed/qed_mng_tlv: correctly zero out ->min instead of ->hour (Daniil Tatianin) - selftests: net: devlink_port_split.py: skip test if no suitable device available (Po-Hsu Lin) - net/iucv: Fix size of interrupt data (Alexandra Winter) - net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (Szymon Heidrich) - ipv4: Fix incorrect table ID in IOCTL path (Ido Schimmel) - sh_eth: avoid PHY being resumed when interface is not up (Wolfram Sang) - ravb: avoid PHY being resumed when interface is not up (Wolfram Sang) - net: dsa: mv88e6xxx: fix max_mtu of 1492 on 6165, 6191, 6220, 6250, 6290 (Vladimir Oltean) - ice: xsk: disable txq irq before flushing hw (Maciej Fijalkowski) - block: sunvdc: add check for mdesc_grab() returning NULL (Liang He) - nvmet: avoid potential UAF in nvmet_req_complete() (Damien Le Moal) - nvme: fix handling single range discard request (Ming Lei) - block: null_blk: Fix handling of fake timeout request (Damien Le Moal) - drm/bridge: Fix returned array size name for atomic_get_input_bus_fmts kdoc (Liu Ying) - net: usb: smsc75xx: Limit packet length to skb->len (Szymon Heidrich) - net/smc: fix deadlock triggered by cancel_delayed_work_syn() (Wenjia Zhang) - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (Zheng Wang) - net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails (Heiner Kallweit) - net: tunnels: annotate lockless accesses to dev->needed_headroom (Eric Dumazet) - loop: Fix use-after-free issues (Bart Van Assche) - net: dsa: mt7530: set PLL frequency and trgmii only when trgmii is used (Ar?nc UNAL) - net: dsa: mt7530: remove now incorrect comment regarding port 5 (Ar?nc UNAL) - qed/qed_dev: guard against a possible division by zero (Daniil Tatianin) - net/smc: fix NULL sndbuf_desc in smc_cdc_tx_handler() (D. Wythe) - drm/i915/psr: Use calculated io and fast wake lines (Jouni Hogander) - drm/i915/display: clean up comments (Tom Rix) - drm/i915/display/psr: Handle plane and pipe restrictions at every page flip (Jose Roberto de Souza) - drm/i915/display/psr: Use drm damage helpers to calculate plane damaged area (Jose Roberto de Souza) - drm/i915/display: Workaround cursor left overs with PSR2 selective fetch enabled (Jose Roberto de Souza) - PCI: s390: Fix use-after-free of PCI resources with per-function hotplug (Niklas Schnelle) - vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready (Eugenio Perez) - vdpa_sim: not reset state in vdpasim_queue_ready (Eugenio Perez) - i40e: Fix kernel crash during reboot when adapter is in recovery mode (Ivan Vecera) - ipvlan: Make skb->skb_iif track skb->dev for l3s mode (Jianguo Wu) - nfc: pn533: initialize struct pn533_out_arg properly (Fedor Pchelkin) - tcp: tcp_make_synack() can be called from process context (Breno Leitao) - scsi: core: Fix a procfs host directory removal regression (Bart Van Assche) - netfilter: nft_redir: correct value of inet type .maxattrs (Jeremy Sowden) - netfilter: nft_redir: correct length for loading protocol registers (Jeremy Sowden) - netfilter: nft_masq: correct length for loading protocol registers (Jeremy Sowden) - netfilter: nft_nat: correct length for loading protocol registers (Jeremy Sowden) - ALSA: hda: Match only Intel devices with CONTROLLER_IN_GPU() (Bjorn Helgaas) - scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() (Wenchao Hao) - docs: Correct missing 'd_' prefix for dentry_operations member d_weak_revalidate (Glenn Washburn) - clk: HI655X: select REGMAP instead of depending on it (Randy Dunlap) - drm/meson: fix 1px pink line on GXM when scaling video overlay (Christian Hewitt) - cifs: Move the in_send statistic to __smb_send_rqst() (Zhang Xiaoxu) - drm/panfrost: Don't sync rpm suspension after mmu flushing (Dmitry Osipenko) - xfrm: Allow transport-mode states with AF_UNSPEC selector (Herbert Xu) - net: mana: Fix accessing freed irq affinity_hint (Haiyang Zhang) [Orabug: 35097498] - net: mana: Assign interrupts to CPUs based on NUMA nodes (Saurabh Sengar) [Orabug: 35097498] - crypto: qat - drop log level of msg in get_instance_node() (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - add resubmit logic for decompression (Giovanni Cabiddu) [Orabug: 35177771] - crypto: acomp - define max size for destination (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - enable deflate for QAT GEN4 (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - expose deflate through acomp api for QAT GEN2 (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - rename and relocate GEN2 config function (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - relocate qat_algs_alloc_flags() (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - relocate backlog related structures (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - extend buffer list interface (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - generalize crypto request buffers (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - change bufferlist logic interface (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - rename bufferlist functions (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - relocate bufferlist logic (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - fix error return code in adf_probe (Wang Yufen) [Orabug: 35177771] - crypto: qat - expose device state through sysfs for 4xxx (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - fix initialization of pfvf rts_map_msg structures (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - fix initialization of pfvf cap_msg structures (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - enable power management for QAT GEN4 (Wojciech Ziemba) [Orabug: 35177771] - crypto: qat - move and rename GEN4 error register definitions (Wojciech Ziemba) [Orabug: 35177771] - crypto: qat - add misc workqueue (Wojciech Ziemba) [Orabug: 35177771] - crypto: qat - fix access to PFVF interrupt registers for GEN4 (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - fix a signedness bug in get_service_enabled() (Dan Carpenter) [Orabug: 35177771] - crypto: qat - fix definition of ring reset results (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - add support for compression for 4xxx (Tomasz Kowalik) [Orabug: 35177771] - crypto: qat - allow detection of dc capabilities for 4xxx (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - add PFVF support to enable the reset of ring pairs (Marco Chiappero) [Orabug: 35177771] - crypto: qat - add PFVF support to the GEN4 host driver (Marco Chiappero) [Orabug: 35177771] - crypto: qat - config VFs based on ring-to-svc mapping (Marco Chiappero) [Orabug: 35177771] - crypto: qat - exchange ring-to-service mappings over PFVF (Marco Chiappero) [Orabug: 35177771] - crypto: qat - support fast ACKs in the PFVF protocol (Marco Chiappero) [Orabug: 35177771] - crypto: qat - exchange device capabilities over PFVF (Marco Chiappero) [Orabug: 35177771] - crypto: qat - introduce support for PFVF block messages (Marco Chiappero) [Orabug: 35177771] - crypto: qat - store the ring-to-service mapping (Marco Chiappero) [Orabug: 35177771] - crypto: qat - store the PFVF protocol version of the endpoints (Marco Chiappero) [Orabug: 35177771] - crypto: qat - improve the ACK timings in PFVF send (Marco Chiappero) [Orabug: 35177771] - crypto: qat - leverage read_poll_timeout in PFVF send (Marco Chiappero) [Orabug: 35177771] - crypto: qat - leverage bitfield.h utils for PFVF messages (Marco Chiappero) [Orabug: 35177771] - crypto: qat - abstract PFVF messages with struct pfvf_message (Marco Chiappero) [Orabug: 35177771] - crypto: qat - set PFVF_MSGORIGIN just before sending (Marco Chiappero) [Orabug: 35177771] - crypto: qat - make PFVF send and receive direction agnostic (Marco Chiappero) [Orabug: 35177771] - crypto: qat - make PFVF message construction direction agnostic (Marco Chiappero) [Orabug: 35177771] - crypto: qat - add the adf_get_pmisc_base() helper function (Marco Chiappero) [Orabug: 35177771] - crypto: qat - support the reset of ring pairs on PF (Marco Chiappero) [Orabug: 35177771] - crypto: qat - extend crypto capability detection for 4xxx (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - get compression extended capabilities (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - improve logging of PFVF messages (Marco Chiappero) [Orabug: 35177771] - crypto: qat - fix VF IDs in PFVF log messages (Marco Chiappero) [Orabug: 35177771] - crypto: qat - do not rely on min version (Marco Chiappero) [Orabug: 35177771] - crypto: qat - refactor pfvf version request messages (Marco Chiappero) [Orabug: 35177771] - crypto: qat - pass the PF2VF responses back to the callers (Marco Chiappero) [Orabug: 35177771] - crypto: qat - use enums for PFVF protocol codes (Marco Chiappero) [Orabug: 35177771] - crypto: qat - reorganize PFVF protocol definitions (Marco Chiappero) [Orabug: 35177771] - crypto: qat - reorganize PFVF code (Marco Chiappero) [Orabug: 35177771] - crypto: qat - abstract PFVF receive logic (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - abstract PFVF send function (Marco Chiappero) [Orabug: 35177771] - crypto: qat - differentiate between pf2vf and vf2pf offset (Marco Chiappero) [Orabug: 35177771] - crypto: qat - add pfvf_ops (Marco Chiappero) [Orabug: 35177771] - crypto: qat - relocate PFVF disabled function (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - relocate PFVF VF related logic (Marco Chiappero) [Orabug: 35177771] - crypto: qat - relocate PFVF PF related logic (Marco Chiappero) [Orabug: 35177771] - crypto: qat - handle retries due to collisions in adf_iov_putmsg() (Marco Chiappero) [Orabug: 35177771] - crypto: qat - split PFVF message decoding from handling (Marco Chiappero) [Orabug: 35177771] - crypto: qat - re-enable interrupts for legacy PFVF messages (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - change PFVF ACK behaviour (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - move interrupt code out of the PFVF handler (Marco Chiappero) [Orabug: 35177771] - crypto: qat - move VF message handler to adf_vf2pf_msg.c (Marco Chiappero) [Orabug: 35177771] - crypto: qat - move vf2pf interrupt helpers (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - refactor PF top half for PFVF (Marco Chiappero) [Orabug: 35177771] - crypto: qat - fix undetected PFVF timeout in ACK loop (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - do not handle PFVF sources for qat_4xxx (Giovanni Cabiddu) [Orabug: 35177771] - crypto: testmgr - Only disable migration in crypto_disable_simd_for_test() (Sebastian Andrzej Siewior) [Orabug: 35177771] - crypto: qat - share adf_enable_pf2vf_comms() from adf_pf2vf_msg.c (Marco Chiappero) [Orabug: 35177771] - crypto: qat - extract send and wait from adf_vf2pf_request_version() (Marco Chiappero) [Orabug: 35177771] - crypto: qat - add VF and PF wrappers to common send function (Marco Chiappero) [Orabug: 35177771] - crypto: qat - rename pfvf collision constants (Marco Chiappero) [Orabug: 35177771] - crypto: qat - move pfvf collision detection values (Marco Chiappero) [Orabug: 35177771] - crypto: qat - make pfvf send message direction agnostic (Marco Chiappero) [Orabug: 35177771] - crypto: qat - use hweight for bit counting (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - remove duplicated logic across GEN2 drivers (Marco Chiappero) [Orabug: 35177771] - crypto: qat - fix handling of VF to PF interrupts (Marco Chiappero) [Orabug: 35177771] - crypto: qat - remove unneeded packed attribute (Giovanni Cabiddu) [Orabug: 35177771] - Revert 'crypto: qat - make pfvf send message direction agnostic' (Thomas Tai) [Orabug: 35177771] - Revert 'crypto: qat - fix undetected PFVF timeout in ACK loop' (Thomas Tai) [Orabug: 35177771] - uek: kabi: Add with_kabichk flag to control kABI checking (Saeed Mirzamohammadi) [Orabug: 35241564] - rds: Fix incorrect error pointer reference (William Kucharski) [Orabug: 35315449] - Revert 'attr: use consistent sgid stripping checks' (Sherry Yang) [Orabug: 35335373] [5.15.0-102.103.1] - Revert 'iommu: Force iommu shutdown on panic' (Boris Ostrovsky) [Orabug: 35317719] - perf/arm-cmn: Add more bits to child node address offset field (Ilkka Koskinen) [Orabug: 35289157] - char: misc: Increase the maximum number of dynamic misc devices to 1048448 (D Scott Phillips) [Orabug: 35289110] - net/rds: use appropriate return code while dropping a connection (Praveen Kumar Kannoju) [Orabug: 35279326] - mm, hugepages: add hugetlb vma mremap() test (Mina Almasry) [Orabug: 35176740] - mm: hugetlb: considering PMD sharing when flushing cache/TLBs (Baolin Wang) [Orabug: 35176740] - mm: mremap: fix sign for EFAULT error return value (Niels Dossche) [Orabug: 35176740] - mm/hugetlb: fix kernel crash with hugetlb mremap (Aneesh Kumar K.V) [Orabug: 35176740] - hugetlbfs: flush before unlock on move_hugetlb_page_tables() (Nadav Amit) [Orabug: 35176740] - hugetlb: fix hugetlb cgroup refcounting during mremap (Bui Quang Minh) [Orabug: 35176740] - mm, hugepages: add mremap() support for hugepage backed vma (Mina Almasry) [Orabug: 35176740] IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-32233 cpe:/a:oracle:linux:8::UEKR7 cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch cpe:/a:oracle:linux:8::developer_UEKR7 cpe:/a:oracle:linux:9::UEKR7 cpe:/a:oracle:linux:9::developer_UEKR7 Oracle Linux 9 [0.11.4-7] - Fix displaying differences between configuration checkpoints in "pcs config checkpoint diff" command - Fix "pcs stonith update-scsi-devices" command which was broken since Pacemaker-2.1.5-rc1 - Fixed loading of cluster status in the web interface when fencing levels are configured - Fixed a vulnerability in pcs-web-ui-node-modules - Updated bundled rubygem rack - Resolves: rhbz#2179901 rhbz#2180697 rhbz#2180704 rhbz#2180708 rhbz#2180978 rhbz#2183180 [0.11.4-6] - Fixed broken filtering in create resource/fence device wizards in the web interface - Added BuildRequires: pam - needed for tier0 tests during build - Resolves: rhbz#2167471 [0.11.4-5] - Fixed enabling/disabling sbd when cluster is not running - Resolves: rhbz#2166249 [0.11.4-4] - Rebuilt with fixed patches - Resolves: rhbz#2158790 rhbz#2159454 [0.11.4-3] - Allow time values in stonith-watchdog-time property - Resource/stonith agent self-validation of instance attributes is now disabled by default, as many agents do not work with it properly. - Updated bundled rubygems: rack, rack-protection, sinatra - Added license for ruby2_keywords - Resolves: rhbz#2158790 rhbz#2159454 [0.11.4-2] - Fixed stopping of pcsd service using systemctl stop pcsd command - Fixed smoke test execution during gating - Added warning when omitting validation of misconfigured resource - Fixed displaying of bool and integer values in pcs resource config command - Updated bundled rubygems: ethon, rack-protection, sinatra - Resolves: rhbz#2148124 rhbz#2151164 rhbz#2151524 [0.11.4-1] - Rebased to latest upstream sources (see CHANGELOG.md) - Updated pcs-web-ui - Resolves: rhbz#1620043 rhbz#2019464 rhbz#2099653 rhbz#2109633 rhbz#2112293 rhbz#2116295 rhbz#2117600 rhbz#2117601 [0.11.3-5] - Rebased to latest upstream sources (see CHANGELOG.md) - Updated pcs-web-ui - Added bundled rubygem: childprocess - Removed bundled rubygem: open4 - Updated bundled rubygems: mustermann, rack, rack-protection, rack-test, sinatra, tilt - Resolves: rhbz#1493416 rhbz#1796827 rhbz#2059147 rhbz#2092950 rhbz#2112079 rhbz#2112270 rhbz#2112293 rhbz#2117599 rhbz#2117601 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-27530 CVE-2023-27539 CVE-2023-2319 cpe:/a:oracle:linux:9::addons Oracle Linux 9 [20230516-999.20.git6c9e0ed5.el9] - cd72938cb480 linux-firmware: Update AMD fam17h cpu microcode - 92624e57af69 linux-firmware: Update AMD cpu microcode [20230516-999.19.git6c9e0ed5.el9] - Rebase to upstream - Revert removal of old iwlwifi firmwares (Orabug: 35260375) CRITICAL Copyright 2023 Oracle, Inc. CVE-2023-20593 cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [20230516-999.23.git6c9e0ed5.el9] - Firmware files need to be uncompressed for early kernel load to work - Resolves 'Zenbleed' (Orabug: 35650345) {CVE-2023-20593} [20230516-999.22.git6c9e0ed5.el9] - Move the README removal, it needs to happen during build (Orabug: 35650021) - Resolves 'Zenbleed' (Orabug: 35650345) {CVE-2023-20593} [20230516-999.21.git6c9e0ed5.el9] - remove amd-ucode/README (Orabug: 35645306) CRITICAL Copyright 2023 Oracle, Inc. CVE-2023-20593 cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [20230516-999.25.git6c9e0ed5.el9] - Add missing amd-ucode/ files to nano and core rpm (Orabug: 35642190) - Add posttrans scriptlet to reload microcode on AMD (Orabug: 35636951) - Recreate initramfs for AMD systems (Orabug: 35636951) [20230516-999.24.git6c9e0ed5.el7] - 8a07fa49 linux-firmware: Update AMD fam19h cpu microcode (Orabug: 35659485) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-20569 cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [4:20220809-2.20230214.1.0.3] - update 06-55-04 to 0x2007006 - update 06-55-06 to 0x4003604 - update 06-55-07 to 0x5003604 - update 06-6a-06 to 0xd0003a5 - Resolves for Oracle hardware: {CVE-2022-40982} [Orabug: 35692740] MODERATE Copyright 2023 Oracle, Inc. CVE-2022-40982 cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [3.0.7-16.0.1] - Replace upstream references [Orabug: 34340177] IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-1255 CVE-2023-0464 CVE-2023-2650 CVE-2023-0465 CVE-2023-0466 cpe:/a:oracle:linux:9::userspace_ksplice Oracle Linux 9 istio [1.17.5-1] - Addresses CVE CVE-2023-35941, CVE-2023-35942, CVE-2023-35943, CVE-2023-35944. kubevirt [0.58.0-3] - Ensure that selinux build tags are set for all Go builds olcne [1.7.2-2] - Update kubevirt image versions fixing selinux=enforce not being supported [1.7.2-1] - Add Istio-1.17.5 and Istio-1.16.7 to address CVE's - CVE-2023-35941 - CVE-2023-35942 - CVE-2023-35943 - CVE-2023-35944 [1.7.0-10] - Remove worker-nodes enforcement from olcnectl provision [1.7.0-9] - Add resolutions for jenkins build failures IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-35943 CVE-2023-35944 CVE-2023-35941 CVE-2023-35942 cpe:/a:oracle:linux:9::olcne17 Oracle Linux 8 Oracle Linux 9 gcc [el8] [8.5.0-18.0.5] - CVE-2023-4039 GCC mitigation. Orabug 35751743. Includes removal of aarch64-preserve-args.patch. - CVE-2022-40982 'Intel Downfall' mitigation. Orabug 35751810. Add two patches originally from GCC upstream releases/gcc-11 branch. with major adjustment. gcc11-downfall-disable-gather-in-vec.patch gcc11-downfall-support-mno-gather.patch Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> gcc [el9] [11.3.1-4.3.0.4] - CVE-2023-4039 GCC mitigation. Orabug 35751837. - CVE-2022-40982 'Intel Downfall' mitigation. Orabug 35751842. Add two patches originally from GCC upstream releases/gcc-11 branch. gcc11-downfall-disable-gather-in-vec.patch gcc11-downfall-support-mno-gather.patch Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> gcc-toolset-11-gcc [el8] [11.2.1-9.1.0.6] - CVE-2023-4039 GCC mitigation. Orabug 35751885. - CVE-2022-40982 'Intel Downfall' mitigation. Orabug 35751901. Add two patches originally from GCC upstream releases/gcc-11 branch. gcc11-downfall-disable-gather-in-vec.patch gcc11-downfall-support-mno-gather.patch Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> gcc-toolset-12-gcc [el8/el9] [12.2.1-7.4.0.2] - CVE-2023-4039 GCC mitigation. Orabug 35751931. - CVE-2022-40982 'Intel Downfall' mitigation. Orabug 35751938. Add two patches originally from GCC upstream releases/gcc-11 branch. gcc12-downfall-disable-gather-in-vec.patch gcc12-downfall-support-mno-gather.patch - Introduce 'oracle_release' into .spec file. Echo it to gcc/DEV-PHASE. LOW Copyright 2023 Oracle, Inc. CVE-2023-4039 CVE-2022-40982 cpe:/o:oracle:linux:8:8:baseos_patch cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 Oracle Linux 9 [5.15.0-105.125.6.2.1] - rds: Fix lack of reentrancy for connection reset with dst addr zero (Haakon Bugge) [Orabug: 35713695] {CVE-2023-22024} IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-22024 cpe:/a:oracle:linux:8::UEKR7 cpe:/a:oracle:linux:9::UEKR7 cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 8 Oracle Linux 9 [5.15.0-105.125.6.2.2] - netfilter: nfnetlink_osf: avoid OOB read (Wander Lairson Costa) [Orabug: 35824297] - netfilter: nftables: exthdr: fix 4-byte stack OOB write (Florian Westphal) [Orabug: 35824297] - netfilter: xt_sctp: validate the flag_info count (Wander Lairson Costa) [Orabug: 35824297] - netfilter: xt_u32: validate user space input (Wander Lairson Costa) [Orabug: 35824297] - netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c (Kyle Zeng) [Orabug: 35824297] {CVE-2023-42753} IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-42753 cpe:/a:oracle:linux:8::UEKR7 cpe:/a:oracle:linux:9::UEKR7 cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [5.14.0-284.30.1.el9_2] - x86/microcode/intel: Expose collect_cpu_info_early() for IFS - x86/cpu: Load microcode during restore_processor_state() - x86/microcode: Rip out the OLD_INTERFACE - x86/microcode: Default-disable late loading - x86/microcode: Taint and warn on late loading - x86/microcode: Remove unnecessary perf callback - x86/microcode: Print previous version of microcode after reload - x86/microcode: Rip out the subsys interface gunk - x86/microcode: Simplify init path even more - x86/microcode/AMD: Rename a couple of functions {CVE-2023-20593} - x86/microcode: Add a parameter to microcode_check() to store CPU capabilities {CVE-2023-20593} - x86/microcode: Check CPU capabilities after late microcode update correctly {CVE-2023-20593} - x86/microcode: Adjust late loading result reporting message {CVE-2023-20593} - x86/amd: Cache debug register values in percpu variables {CVE-2023-20593} - x86/microcode: Remove ->request_microcode_user() - x86/microcode: Kill refresh_fw - x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter {CVE-2023-20593} - x86/microcode: Drop struct ucode_cpu_info.valid - x86/microcode/AMD: Add a @cpu parameter to the reloading functions {CVE-2023-20593} - x86/microcode/AMD: Track patch allocation size explicitly - x86/microcode/AMD: Fix mixed steppings support {CVE-2023-20593} - x86/microcode/core: Return an error only when necessary {CVE-2023-20593} - x86/apic: Don't disable x2APIC if locked - x86/cpu/amd: Move the errata checking functionality up {CVE-2023-20593} - x86/cpu: Remove redundant extern x86_read_arch_cap_msr() - x86/cpu, kvm: Add support for CPUID_80000021_EAX - KVM: x86: Advertise that the SMM_CTL MSR is not supported - KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code - x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 - x86/cpu: Support AMD Automatic IBRS - x86/CPU/AMD: Make sure EFER[AIBRSE] is set - x86/cpu/amd: Add a Zenbleed fix {CVE-2023-20593} IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-20593 CVE-2023-3610 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [2.34-60.0.3] - CVE-2023-4911: tunables: Terminate immediately if end of input is reached Reviewed by: Jose E. Marchesi <jose.marchesi@oracle.com> IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-4911 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [2.34-60.0.3] - CVE-2023-4911: tunables: Terminate immediately if end of input is reached Reviewed by: Jose E. Marchesi <jose.marchesi@oracle.com> IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-4911 cpe:/a:oracle:linux:9::userspace_ksplice Oracle Linux 8 Oracle Linux 9 [5.15.0-106.131.4] - jbd2: check 'jh->b_transaction' before removing it from checkpoint (Zhihao Cheng) - jbd2: fix checkpoint cleanup performance regression (Zhang Yi) - scsi: qla2xxx: Fix TMF leak through (Quinn Tran) - scsi: qla2xxx: Fix command flush during TMF (Quinn Tran) - scsi: qla2xxx: Limit TMF to 8 per function (Quinn Tran) - Revert 'drm/amdgpu: install stub fence into potential unused fence pointers' (Greg Kroah-Hartman) - dlm: fix plock lookup when using multiple lockspaces (Alexander Aring) - Revert 'scsi: qla2xxx: Fix buffer overrun' (Nilesh Javali) - media: dvb: symbol fixup for dvb_attach() (Greg Kroah-Hartman) - PCI: rockchip: Use 64-bit mask on MSI 64-bit PCI address (Rick Wertenbroek) - x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (Dave Hansen) - clk: qcom: reset: Use the correct type of sleep/delay based on length (Konrad Dybcio) - ALSA: ac97: Fix possible error value of *rac97 (Su Hui) - md/raid0: Fix performance regression for large sequential writes (Jan Kara) - md/raid0: Factor out helper for mapping and submitting a bio (Jan Kara) - md: add error_handlers for raid0 and linear (Mariusz Tkaczyk) - md: Set MD_BROKEN for RAID1 and RAID10 (Mariusz Tkaczyk) - LTS version: v5.15.131 (Jack Vogel) - usb: typec: tcpci: clear the fault status bit (Marco Felsch) - usb: typec: tcpci: move tcpci.h to include/linux/usb/ (Xin Ji) - pinctrl: amd: Don't show Invalid config param errors (Mario Limonciello) - nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse (Ryusuke Konishi) - nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers() (Ryusuke Konishi) - tcpm: Avoid soft reset when partner does not support get_status (Badhri Jagan Sridharan) - fsi: master-ast-cf: Add MODULE_FIRMWARE macro (Juerg Haefliger) - firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (Wang Ming) - serial: sc16is7xx: fix bug when first setting GPIO direction (Hugo Villeneuve) - serial: sc16is7xx: fix broken port 0 uart init (Hugo Villeneuve) - serial: qcom-geni: fix opp vote on shutdown (Johan Hovold) - wifi: mt76: mt7921: do not support one stream on secondary antenna only (Deren Wu) - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (Zheng Wang) - staging: rtl8712: fix race condition (Nam Cao) - HID: wacom: remove the battery when the EKR is off (Aaron Armstrong Skomra) - usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (Xu Yang) - usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (Luke Lu) - ALSA: usb-audio: Fix init call orders for UAC1 (Takashi Iwai) - USB: serial: option: add FOXCONN T99W368/T99W373 product (Slark Xiao) - USB: serial: option: add Quectel EM05G variant (0x030e) (Martin Kohn) - modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules (Christoph Hellwig) - rtc: ds1685: use EXPORT_SYMBOL_GPL for ds1685_rtc_poweroff (Christoph Hellwig) - net: enetc: use EXPORT_SYMBOL_GPL for enetc_phc_index (Christoph Hellwig) - mmc: au1xmmc: force non-modular build and remove symbol_get usage (Christoph Hellwig) - ARM: pxa: remove use of symbol_get() (Arnd Bergmann) - ksmbd: replace one-element array with flex-array member in struct smb2_ea_info (Namjae Jeon) - ksmbd: fix wrong DataOffset validation of create context (Namjae Jeon) - erofs: ensure that the post-EOF tails are all zeroed (Gao Xiang) - netfilter: nfnetlink_osf: avoid OOB read (Wander Lairson Costa) [Orabug: 35824286] - netfilter: nftables: exthdr: fix 4-byte stack OOB write (Florian Westphal) [Orabug: 35824286] - netfilter: xt_sctp: validate the flag_info count (Wander Lairson Costa) [Orabug: 35824286] - netfilter: xt_u32: validate user space input (Wander Lairson Costa) [Orabug: 35824286] - netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c (Kyle Zeng) [Orabug: 35824286] {CVE-2023-42753} - rds: Fix lack of reentrancy for connection reset with dst addr zero (Hakon Bugge) [Orabug: 35655833] {CVE-2023-22024} - attr: use consistent sgid stripping checks (Christian Brauner) [Orabug: 35520042] - Revert 'perf build-ids: Fall back to debuginfod query if debuginfo not found' (Samasth Norway Ananda) [Orabug: 35617848] - KEYS: use kfree_sensitive with key (Saeed Mirzamohammadi) [Orabug: 35746757] - kernfs: fix missing kernfs_iattr_rwsem locking (Ian Kent) [Orabug: 35796770] - scsi: megaraid_sas: Fix deadlock on firmware crashdump (Junxiao Bi) [Orabug: 35819592] [5.15.0-106.130.3] - KVM: arm64: Skip instruction after emulating write to TCR_EL1 (Oliver Upton) [Orabug: 35677037] - uek-rpm: aarch64: enable ACPI_AGDI (Mihai Carabas) [Orabug: 35761254] - arm64: sdei: abort running SDEI handlers during crash (D Scott Phillips) [Orabug: 35761254] - ACPI: AGDI: Fix missing prototype warning for acpi_agdi_init() (Ilkka Koskinen) [Orabug: 35761254] - ACPI: AGDI: Add driver for Arm Generic Diagnostic Dump and Reset device (Ilkka Koskinen) [Orabug: 35761254] - ACPI: tables: Add AGDI to the list of known table signatures (Ilkka Koskinen) [Orabug: 35761254] - ACPICA: iASL: Add suppport for AGDI table (Ilkka Koskinen) [Orabug: 35761254] - net/rds: Avoid unpin_user_pages_dirty_lock() in tasklets (Gerd Rausch) [Orabug: 35765163] - x86/CPU/AMD: Fix the DIV(0) initial fix attempt (Borislav Petkov (AMD)) [Orabug: 35776935] {CVE-2023-20588} - x86/CPU/AMD: Do not leak quotient data after a division by 0 (Borislav Petkov (AMD)) [Orabug: 35776935] {CVE-2023-20588} - x86: change default to spec_store_bypass_disable=prctl spectre_v2_user=prctl (Andrea Arcangeli) [Orabug: 35778852] [5.15.0-106.130.2] - LTS version: v5.15.130 (Jack Vogel) - rcu-tasks: Add trc_inspect_reader() checks for exiting critical section (Paul E. McKenney) - rcu-tasks: Wait for trc_read_check_handler() IPIs (Paul E. McKenney) - rcu-tasks: Fix IPI failure handling in trc_wait_for_one_reader (Neeraj Upadhyay) - rcu: Prevent expedited GP from enabling tick on offline CPU (Paul E. McKenney) - ARM: module: Use module_init_layout_section() to spot init sections (James Morse) - arm64: module: Use module_init_layout_section() to spot init sections (James Morse) - arm64: module-plts: inline linux/moduleloader.h (Arnd Bergmann) - module: Expose module_init_layout_section() (James Morse) - ACPI: thermal: Drop nocrt parameter (Mario Limonciello) - LTS version: v5.15.129 (Jack Vogel) - mm,ima,kexec,of: use memblock_free_late from ima_free_kexec_buffer (Rik van Riel) - mm: memory-failure: fix unexpected return value in soft_offline_page() (Miaohe Lin) - mm: memory-failure: kill soft_offline_free_page() (Kefeng Wang) - dma-buf/sw_sync: Avoid recursive lock during fence signal (Rob Clark) - pinctrl: renesas: rza2: Add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} (Biju Das) - clk: Fix undefined reference to clk_rate_exclusive_{get,put}' (Biju Das) - scsi: core: raid_class: Remove raid_component_add() (Zhu Wang) - scsi: snic: Fix double free in snic_tgt_create() (Zhu Wang) - can: raw: add missing refcount for memory leak fix (Oliver Hartkopp) - drm/i915: Fix premature release of request's reusable memory (Janusz Krzysztofik) - cgroup/cpuset: Free DL BW in case can_attach() fails (Dietmar Eggemann) - sched/deadline: Create DL BW alloc, free & check overflow interface (Dietmar Eggemann) - cgroup/cpuset: Iterate only if DEADLINE tasks are present (Juri Lelli) - sched/cpuset: Keep track of SCHED_DEADLINE task in cpusets (Juri Lelli) - sched/cpuset: Bring back cpuset_mutex (Juri Lelli) - cgroup/cpuset: Rename functions dealing with DEADLINE accounting (Juri Lelli) - torture: Fix hang during kthread shutdown phase (Joel Fernandes (Google)) - nfsd: use vfs setgid helper (Christian Brauner) - nfs: use vfs setgid helper (Christian Brauner) - x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 (Feng Tang) - x86/fpu: Invalidate FPU state correctly on exec() (Rick Edgecombe) - drm/display/dp: Fix the DP DSC Receiver cap size (Ankit Nautiyal) - drm/vmwgfx: Fix shader stage validation (Zack Rusin) - PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus (Igor Mammedov) - media: vcodec: Fix potential array out-of-bounds in encoder queue_setup (Wei Chen) - of: dynamic: Refactor action prints to not use '%pOF' inside devtree_lock (Rob Herring) - of: unittest: Fix EXPECT for parse_phandle_with_args_map() test (Rob Herring) - radix tree: remove unused variable (Arnd Bergmann) - lib/clz_ctz.c: Fix __clzdi2() and __ctzdi2() for 32-bit kernels (Helge Deller) - batman-adv: Hold rtnl lock during MTU update via netlink (Sven Eckelmann) - batman-adv: Fix batadv_v_ogm_aggr_send memory leak (Remi Pommarel) - batman-adv: Fix TT global entry leak when client roamed back (Remi Pommarel) - batman-adv: Do not get eth header before batadv_check_management_packet (Remi Pommarel) - batman-adv: Don't increase MTU when set by user (Sven Eckelmann) - batman-adv: Trigger events for auto adjusted MTU (Sven Eckelmann) - selinux: set next pointer before attaching to list (Christian Gottsche) - nfsd: Fix race to FREE_STATEID and cl_revoked (Benjamin Coddington) - NFS: Fix a use after free in nfs_direct_join_group() (Trond Myklebust) - mm: add a call to flush_cache_vmap() in vmap_pfn() (Alexandre Ghiti) - ALSA: ymfpci: Fix the missing snd_card_free() call at probe error (Takashi Iwai) - clk: Fix slab-out-of-bounds error in devm_clk_release() (Andrey Skvortsov) - NFSv4: Fix dropped lock for racing OPEN and delegation return (Benjamin Coddington) - ibmveth: Use dcbf rather than dcbfl (Michael Ellerman) - Revert 'KVM: x86: enable TDP MMU by default' (Sean Christopherson) - net/ncsi: change from ndo_set_mac_address to dev_set_mac_address (Ivan Mikhaylov) - net/ncsi: make one oem_gma function for all mfr id (Ivan Mikhaylov) - bonding: fix macvlan over alb bond support (Hangbin Liu) - net: remove bond_slave_has_mac_rcu() (Jakub Kicinski) - rtnetlink: Reject negative ifindexes in RTM_NEWLINK (Ido Schimmel) - rtnetlink: return ENODEV when ifname does not exist and group is given (Florent Fourcot) - netfilter: nf_tables: fix out of memory error handling (Florian Westphal) - netfilter: nf_tables: flush pending destroy work before netlink notifier (Pablo Neira Ayuso) - net/sched: fix a qdisc modification with ambiguous command request (Jamal Hadi Salim) - igc: Fix the typo in the PTM Control macro (Sasha Neftin) - igb: Avoid starting unnecessary workqueues (Alessio Igor Bogani) - ice: fix receive buffer size miscalculation (Jesse Brandeburg) - net: validate veth and vxcan peer ifindexes (Jakub Kicinski) - net: bcmgenet: Fix return value check for fixed_phy_register() (Ruan Jinjie) - net: bgmac: Fix return value check for fixed_phy_register() (Ruan Jinjie) - ipvlan: Fix a reference count leak warning in ipvlan_ns_exit() (Lu Wei) - dccp: annotate data-races in dccp_poll() (Eric Dumazet) - sock: annotate data-races around prot->memory_pressure (Eric Dumazet) - octeontx2-af: SDP: fix receive link config (Hariprasad Kelam) - tracing: Fix memleak due to race between current_tracer and trace (Zheng Yejian) - tracing: Fix cpu buffers unavailable due to 'record_disabled' missed (Zheng Yejian) - can: raw: fix lockdep issue in raw_release() (Eric Dumazet) - drm/amd/display: check TG is non-null before checking if enabled (Taimur Hassan) - drm/amd/display: do not wait for mpc idle if tg is disabled (Josip Pavic) - can: raw: fix receiver memory leak (Ziyang Xuan) - jbd2: fix a race when checking checkpoint buffer busy (Zhang Yi) - jbd2: remove journal_clean_one_cp_list() (Zhang Yi) - jbd2: remove t_checkpoint_io_list (Zhang Yi) - ALSA: pcm: Fix potential data race at PCM memory allocation helpers (Takashi Iwai) - fbdev: fix potential OOB read in fast_imageblit() (Zhang Shurong) - fbdev: Fix sys_imageblit() for arbitrary image widths (Thomas Zimmermann) - fbdev: Improve performance of sys_imageblit() (Thomas Zimmermann) - MIPS: cpu-features: Use boot_cpu_type for CPU type based features (Jiaxun Yang) - MIPS: cpu-features: Enable octeon_cache by cpu_type (Jiaxun Yang) - fs: dlm: fix mismatch of plock results from userspace (Alexander Aring) - fs: dlm: use dlm_plock_info for do_unlock_close (Alexander Aring) - fs: dlm: change plock interrupted message to debug again (Alexander Aring) - fs: dlm: add pid to debug log (Alexander Aring) - dlm: replace usage of found with dedicated list iterator variable (Jakob Koschel) - dlm: improve plock logging if interrupted (Alexander Aring) - PCI: acpiphp: Reassign resources on bridge if necessary (Igor Mammedov) - xprtrdma: Remap Receive buffers after a reconnect (Chuck Lever) - NFSv4: fix out path in __nfs4_get_acl_uncached (Fedor Pchelkin) - NFSv4.2: fix error handling in nfs42_proc_getxattr (Fedor Pchelkin) - objtool/x86: Fix SRSO mess (Peter Zijlstra) - LTS version: v5.15.128 (Jack Vogel) - x86/srso: Correct the mitigation status when SMT is disabled (Borislav Petkov (AMD)) - objtool/x86: Fixup frame-pointer vs rethunk (Peter Zijlstra) - x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (Petr Pavlu) - x86/srso: Disable the mitigation on unaffected configurations (Borislav Petkov (AMD)) - x86/retpoline: Don't clobber RFLAGS during srso_safe_ret() (Sean Christopherson) - x86/static_call: Fix __static_call_fixup() (Peter Zijlstra) - x86/srso: Explain the untraining sequences a bit more (Borislav Petkov (AMD)) - x86/cpu: Cleanup the untrain mess (Peter Zijlstra) - x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (Peter Zijlstra) - x86/cpu: Rename original retbleed methods (Peter Zijlstra) - x86/cpu: Clean up SRSO return thunk mess (Peter Zijlstra) - x86/ibt: Add ANNOTATE_NOENDBR (Peter Zijlstra) - objtool: Add frame-pointer-specific function ignore (Josh Poimboeuf) - x86/alternative: Make custom return thunk unconditional (Peter Zijlstra) - x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (Peter Zijlstra) - x86/cpu: Fix __x86_return_thunk symbol type (Peter Zijlstra) - mmc: f-sdh30: fix order of function calls in sdhci_f_sdh30_remove (Yangtao Li) - net: fix the RTO timer retransmitting skb every 1ms if linear option is enabled (Jason Xing) - virtio-net: set queues after driver_ok (Jason Wang) - af_unix: Fix null-ptr-deref in unix_stream_sendpage(). (Kuniyuki Iwashima) - arm64: dts: rockchip: Disable HS400 for eMMC on ROCK Pi 4 (Christopher Obbard) - exfat: check if filename entries exceeds max filename length (Namjae Jeon) - netfilter: set default timeout to 3 secs for sctp shutdown send and recv state (Xin Long) - drm/amd: flush any delayed gfxoff on suspend entry (Mario Limonciello) - drm/qxl: fix UAF on handle creation (Wander Lairson Costa) - mmc: block: Fix in_flight[issue_type] value error (Yibin Ding) - mmc: wbsd: fix double mmc_free_host() in wbsd_init() (Yang Yingliang) - cifs: Release folio lock on fscache read hit. (Russell Harmon via samba-technical) - ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces. (dengxiang) - serial: 8250: Fix oops for port->pm on uart_change_pm() (Tony Lindgren) - riscv: uaccess: Return the number of bytes effectively not copied (Alexandre Ghiti) - ALSA: hda/realtek - Remodified 3k pull low procedure (Kailang Yang) - soc: aspeed: socinfo: Add kfree for kstrdup (Jiasheng Jiang) - ASoC: meson: axg-tdm-formatter: fix channel slot allocation (Jerome Brunet) - ASoC: rt5665: add missed regulator_bulk_disable (Zhang Shurong) - ARM: dts: imx: Set default tuning step for imx6sx usdhc (Xiaolei Wang) - arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (Dmitry Baryshkov) - bus: ti-sysc: Flush posted write on enable before reset (Tony Lindgren) - net: do not allow gso_size to be set to GSO_BY_FRAGS (Eric Dumazet) - sock: Fix misuse of sk_under_memory_pressure() (Abel Wu) - net: dsa: mv88e6xxx: Wait for EEPROM done before HW reset (Alfred Lee) - i40e: fix misleading debug logs (Andrii Staikov) - iavf: fix FDIR rule fields masks validation (Piotr Gardocki) - team: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves (Ziyang Xuan) - net: phy: broadcom: stub c45 read/write for 54810 (Justin Chen) - netfilter: nft_dynset: disallow object maps (Pablo Neira Ayuso) - ipvs: fix racy memcpy in proc_do_sync_threshold (Sishuai Gong) - netfilter: nf_tables: deactivate catchall elements in next generation (Florian Westphal) - netfilter: nf_tables: fix false-positive lockdep splat (Florian Westphal) - drm/panel: simple: Fix AUO G121EAN01 panel timings according to the docs (Luca Ceresoli) - selftests: mirror_gre_changes: Tighten up the TTL test match (Petr Machata) - net: phy: fix IRQ-based wake-on-lan over hibernate / power off (Russell King (Oracle)) - xfrm: add forgotten nla_policy for XFRMA_MTIMER_THRESH (Lin Ma) - xfrm: add NULL check in xfrm_update_ae_params (Lin Ma) - ip_vti: fix potential slab-use-after-free in decode_session6 (Zhengchao Shao) - ip6_vti: fix slab-use-after-free in decode_session6 (Zhengchao Shao) - xfrm: fix slab-use-after-free in decode_session6 (Zhengchao Shao) - net: xfrm: Amend XFRMA_SEC_CTX nla_policy structure (Lin Ma) - net: af_key: fix sadb_x_filter validation (Lin Ma) - net: xfrm: Fix xfrm_address_filter OOB read (Lin Ma) - i2c: designware: Handle invalid SMBus block data response length value (Tam Nguyen) - i2c: designware: Correct length byte validation logic (Quan Nguyen) - btrfs: fix BUG_ON condition in btrfs_cancel_balance (xiaoshoukui) - tty: serial: fsl_lpuart: Clear the error flags by writing 1 for lpuart32 platforms (Sherry Sun) - tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux (Yi Yang) - powerpc/rtas_flash: allow user copy to flash block cache objects (Nathan Lynch) - fbdev: mmp: fix value check in mmphw_probe() (Yuanjun Gong) - i2c: hisi: Only handle the interrupt of the driver's transfer (Yicong Yang) - i2c: bcm-iproc: Fix bcm_iproc_i2c_isr deadlock issue (Chengfeng Ye) - cifs: fix potential oops in cifs_oplock_break (Steve French) - vduse: Use proper spinlock for IRQ injection (Maxime Coquelin) - virtio-mmio: don't break lifecycle of vm_dev (Wolfram Sang) - btrfs: move out now unused BG from the reclaim list (Naohiro Aota) - ARM: dts: nxp/imx6sll: fix wrong property name in usbphy node (Xu Yang) - ARM: dts: imx6sll: fixup of operating points (Andreas Kemnade) - mmc: sunxi: fix deferred probing (Sergey Shtylyov) - mmc: bcm2835: fix deferred probing (Sergey Shtylyov) - USB: dwc3: fix use-after-free on core driver unbind (Johan Hovold) - USB: dwc3: qcom: fix NULL-deref on suspend (Johan Hovold) - tty: serial: fsl_lpuart: reduce RX watermark to 0 on LS1028A (Robert Hodaszi) - tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms (Sherry Sun) - tty: serial: fsl_lpuart: Add i.MXRT1050 support (Jesse Taube) - usb: dwc3: gadget: Improve dwc3_gadget_suspend() and dwc3_gadget_resume() (Roger Quadros) - USB: dwc3: gadget: drop dead hibernation code (Johan Hovold) - usb: dwc3: Fix typos in gadget.c (Kushagra Verma) - usb: dwc3: Remove DWC3 locking during gadget suspend/resume (Wesley Cheng) - usb: dwc3: gadget: Synchronize IRQ between soft connect/disconnect (Wesley Cheng) - drm/amd/display: fix access hdcp_workqueue assert (Hersen Wu) - drm/amd/display: phase3 mst hdcp for multiple displays (hersen wu) - drm/amd/display: save restore hdcp state when display is unplugged from mst hub (hersen wu) - ARM: dts: aspeed: asrock: Correct firmware flash SPI clocks (Zev Weiss) - igc: read before write to SRRCTL register (Song Yoong Siang) - iio: addac: stx104: Fix race condition when converting analog-to-digital (William Breathitt Gray) - iio: addac: stx104: Fix race condition for stx104_write_raw() (William Breathitt Gray) - iio: stx104: Move to addac subdirectory (William Breathitt Gray) - iio: adc: stx104: Implement and utilize register structures (William Breathitt Gray) - iio: adc: stx104: Utilize iomap interface (William Breathitt Gray) - iio: add addac subdirectory (Cosmin Tanislav) - ring-buffer: Do not swap cpu_buffer during resize process (Chen Lin) - powerpc/kasan: Disable KCOV in KASAN code (Benjamin Gray) - ALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() (Tuo Li) - ALSA: hda/realtek: Add quirks for Unis H3C Desktop B760 & Q760 (dengxiang) - fs/ntfs3: Mark ntfs dirty when on-disk struct is corrupted (Konstantin Komarov) - fs: ntfs3: Fix possible null-pointer dereferences in mi_read() (Jia-Ju Bai) - fs/ntfs3: Enhance sanity check while generating attr_list (Edward Lo) - drm/amdgpu: Fix potential fence use-after-free v2 (shanzhulig) - Bluetooth: btusb: Add MT7922 bluetooth ID for the Asus Ally (Matthew Anderson) - Bluetooth: L2CAP: Fix use-after-free (Zhengping Jiang) - watchdog: sp5100_tco: support Hygon FCH/SCH (Server Controller Hub) (Yuechao Zhao) - firewire: net: fix use after free in fwnet_finish_incoming_packet() (Zhang Shurong) - pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() (Armin Wolf) - gfs2: Fix possible data races in gfs2_show_options() (Tuo Li) - usb: chipidea: imx: add missing USB PHY DPDM wakeup setting (Xu Yang) - usb: chipidea: imx: don't request QoS for imx8ulp (Xu Yang) - thunderbolt: Read retimer NVM authentication status prior tb_retimer_set_inbound_sbtx() (Mika Westerberg) - media: platform: mediatek: vpu: fix NULL ptr dereference (Hans Verkuil) - usb: gadget: u_serial: Avoid spinlock recursion in __gs_console_push (Prashanth K) - media: v4l2-mem2mem: add lock to protect parameter num_rdy (Yunfei Dong) - smb: client: fix warning in cifs_smb3_do_mount() (Paulo Alcantara) - ovl: check type and offset of struct vfsmount in ovl_entry (Christian Brauner) - RDMA/mlx5: Return the firmware result upon destroying QP/RQ (Patrisious Haddad) - HID: add quirk for 03f0:464a HP Elite Presenter Mouse (Marco Morandini) - drm/amdgpu: install stub fence into potential unused fence pointers (Lang Yu) - HID: logitech-hidpp: Add USB and Bluetooth IDs for the Logitech G915 TKL Keyboard (stuarthayhurst) - dma-remap: use kvmalloc_array/kvfree for larger dma memory remap (gaoxu) - ASoC: SOF: Intel: fix SoundWire/HDaudio mutual exclusion (Pierre-Louis Bossart) - iopoll: Call cpu_relax() in busy loops (Geert Uytterhoeven) - ARM: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix USB related warnings (Oleksij Rempel) - PCI: tegra194: Fix possible array out of bounds access (Sumit Gupta) - net: tls: avoid discarding data on record close (Jakub Kicinski) - net/tls: Multi-threaded calls to TX tls_dev_del (Tariq Toukan) - net/tls: Perform immediate device ctx cleanup when possible (Tariq Toukan) - macsec: use DEV_STATS_INC() (Eric Dumazet) - macsec: Fix traffic counters/statistics (Clayton Yager) - selftests: forwarding: tc_actions: Use ncat instead of nc (Ido Schimmel) - selftests: forwarding: tc_actions: cleanup temporary files when test is aborted (Davide Caratti) - mmc: sdhci-f-sdh30: Replace with sdhci_pltfm (Kunihiko Hayashi) - LTS version: v5.15.127 (Jack Vogel) - timers/nohz: Last resort update jiffies on nohz_full IRQ entry (Frederic Weisbecker) - timers/nohz: Switch to ONESHOT_STOPPED in the low-res handler when the tick is stopped (Nicholas Piggin) - tick: Detect and fix jiffies update stall (Frederic Weisbecker) - sch_netem: fix issues in netem_change() vs get_dist_table() (Eric Dumazet) - alpha: remove __init annotation from exported page_is_ram() (Masahiro Yamada) - scsi: qedf: Fix firmware halt over suspend and resume (Nilesh Javali) - scsi: qedi: Fix firmware halt over suspend and resume (Nilesh Javali) - scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (Karan Tilak Kumar) - scsi: core: Fix possible memory leak if device_add() fails (Zhu Wang) - scsi: snic: Fix possible memory leak if device_add() fails (Zhu Wang) - scsi: 53c700: Check that command slot is not NULL (Alexandra Diupina) - scsi: storvsc: Fix handling of virtual Fibre Channel timeouts (Michael Kelley) - scsi: core: Fix legacy /proc parsing buffer overflow (Tony Battersby) - netfilter: nf_tables: report use refcount overflow (Pablo Neira Ayuso) - nvme-rdma: fix potential unbalanced freeze & unfreeze (Ming Lei) - nvme-tcp: fix potential unbalanced freeze & unfreeze (Ming Lei) - btrfs: set cache_block_group_error if we find an error (Josef Bacik) - btrfs: reject invalid reloc tree root keys with stack dump (Qu Wenruo) - btrfs: exit gracefully if reloc roots don't match (Qu Wenruo) - btrfs: don't stop integrity writeback too early (Christoph Hellwig) - ibmvnic: Handle DMA unmapping of login buffs in release functions (Nick Child) - ibmvnic: Unmap DMA login rsp buffer on send login fail (Nick Child) - ibmvnic: Enforce stronger sanity checks on login response (Nick Child) - net/mlx5: Skip clock update work when device is in error state (Moshe Shemesh) - net/mlx5: Allow 0 for total host VFs (Daniel Jurgens) - dmaengine: mcf-edma: Fix a potential un-allocated memory access (Christophe JAILLET) - nexthop: Fix infinite nexthop bucket dump when using maximum nexthop ID (Ido Schimmel) - nexthop: Make nexthop bucket dump more efficient (Ido Schimmel) - nexthop: Fix infinite nexthop dump when using maximum nexthop ID (Ido Schimmel) - net: hns3: add wait until mac link down (Jie Wang) - net: hns3: refactor hclge_mac_link_status_wait for interface reuse (Jie Wang) - net: phy: at803x: remove set/get wol callbacks for AR8032 (Li Yang) - RDMA/umem: Set iova in ODP flow (Michael Guralnik) - wifi: cfg80211: fix sband iftype data lookup for AP_VLAN (Felix Fietkau) - drm/rockchip: Don't spam logs in atomic check (Daniel Stone) - IB/hfi1: Fix possible panic during hotplug remove (Douglas Miller) - iavf: fix potential races for FDIR filters (Piotr Gardocki) - drivers: net: prevent tun_build_skb() to exceed the packet size limit (Andrew Kanner) - dccp: fix data-race around dp->dccps_mss_cache (Eric Dumazet) - bonding: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves (Ziyang Xuan) - xsk: fix refcount underflow in error path (Magnus Karlsson) - tunnels: fix kasan splat when generating ipv4 pmtu error (Florian Westphal) - net/packet: annotate data-races around tp->status (Eric Dumazet) - mISDN: Update parameter type of dsp_cmx_send() (Nathan Chancellor) - bpf, sockmap: Fix bug that strp_done cannot be called (Xu Kuohai) - bpf, sockmap: Fix map type error in sock_map_del_link (Xu Kuohai) - net: core: remove unnecessary frame_sz check in bpf_xdp_adjust_tail() (Andrew Kanner) - selftests: forwarding: tc_flower: Relax success criterion (Ido Schimmel) - selftests: forwarding: Switch off timeout (Ido Schimmel) - selftests: forwarding: Skip test when no interfaces are specified (Ido Schimmel) - selftests: forwarding: ethtool_extended_state: Skip when using veth pairs (Ido Schimmel) - selftests: forwarding: ethtool: Skip when using veth pairs (Ido Schimmel) - selftests: forwarding: Add a helper to skip test when using veth pairs (Ido Schimmel) - selftests/rseq: Fix build with undefined __weak (Mark Brown) - drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes (Karol Herbst) - x86: Move gds_ucode_mitigated() declaration to header (Arnd Bergmann) - x86/speculation: Add cpu_show_gds() prototype (Arnd Bergmann) - x86/mm: Fix VDSO and VVAR placement on 5-level paging machines (Kirill A. Shutemov) - x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (Cristian Ciocaltea) - x86/srso: Fix build breakage with the LLVM linker (Nick Desaulniers) - usb: typec: tcpm: Fix response to vsafe0V event (Badhri Jagan Sridharan) - usb: common: usb-conn-gpio: Prevent bailing out if initial role is none (Prashanth K) - usb: dwc3: Properly handle processing of pending events (Elson Roy Serrao) - usb-storage: alauda: Fix uninit-value in alauda_check_media() (Alan Stern) - misc: rtsx: judge ASPM Mode to set PETXCFG Reg (Ricky WU) - binder: fix memory leak in binder_init() (Qi Zheng) - iio: adc: ina2xx: avoid NULL pointer dereference on OF device match (Alvin Sipraga) - iio: cros_ec: Fix the allocation size for cros_ec_command (Yiyuan Guo) - io_uring: correct check for O_TMPFILE (Aleksa Sarai) - selftests/bpf: Fix sk_assign on s390x (Ilya Leoshkevich) - selftests/bpf: Workaround verification failure for fexit_bpf2bpf/func_replace_return_code (Yonghong Song) - selftests/bpf: make test_align selftest more robust (Andrii Nakryiko) - bpf: aggressively forget precise markings during state checkpointing (Andrii Nakryiko) - bpf: stop setting precise in current state (Andrii Nakryiko) - bpf: allow precision tracking for programs with subprogs (Andrii Nakryiko) - nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (Ryusuke Konishi) - radix tree test suite: fix incorrect allocation size for pthreads (Colin Ian King) - hwmon: (pmbus/bel-pfe) Enable PMBUS_SKIP_STATUS_CHECK for pfe1100 (Tao Ren) - drm/amd/display: check attr flag before set cursor degamma on DCN3+ (Melissa Wen) - drm/shmem-helper: Reset vma->vm_ops before calling dma_buf_mmap() (Boris Brezillon) - drm/nouveau/gr: enable memory loads on helper invocation on all channels (Karol Herbst) - riscv,mmio: Fix readX()-to-delay() ordering (Andrea Parri) - dmaengine: pl330: Return DMA_PAUSED when transaction is paused (Ilpo Jarvinen) - ipv6: adjust ndisc_is_useropt() to also return true for PIO (Maciej Zenczykowski) - mmc: moxart: read scr register without changing byte order (Sergei Antonov) - wireguard: allowedips: expand maximum node depth (Jason A. Donenfeld) - ksmbd: fix wrong next length validation of ea buffer in smb2_set_ea() (Namjae Jeon) - ksmbd: validate command request size (Long Li) - LTS version v5.15.126 (Jack Vogel) - PM: sleep: wakeirq: fix wake irq arming (Johan Hovold) - PM / wakeirq: support enabling wake-up irq after runtime_suspend called (Chunfeng Yun) - soundwire: fix enumeration completion (Johan Hovold) - soundwire: bus: pm_runtime_request_resume on peripheral attachment (Pierre-Louis Bossart) - selftests/rseq: Play nice with binaries statically linked against glibc 2.35+ (Sean Christopherson) - selftests/rseq: check if libc rseq support is registered (Michael Jeanson) - drm/imx/ipuv3: Fix front porch adjustment upon hactive aligning (Alexander Stein) - powerpc/mm/altmap: Fix altmap boundary check (Aneesh Kumar K.V) - mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op() (Christophe JAILLET) - mtd: rawnand: rockchip: Align hwecc vs. raw page helper layouts (Johan Jonker) - mtd: rawnand: rockchip: fix oobfree offset and description (Johan Jonker) - mtd: rawnand: omap_elm: Fix incorrect type in assignment (Roger Quadros) - ext2: Drop fragment support (Jan Kara) - fs: Protect reconfiguration of sb read-write from racing writes (Jan Kara) - net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb (Alan Stern) - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (Sungwoo Kim) - fs/sysv: Null check to prevent null-ptr-deref bug (Prince Kumar Maurya) - fs/ntfs3: Use __GFP_NOWARN allocation at ntfs_load_attr_list() (Tetsuo Handa) - file: reinstate f_pos locking optimization for regular files (Linus Torvalds) - bpf, cpumap: Make sure kthread is running before map update returns (Hou Tao) - drm/ttm: check null pointer before accessing when swapping (Guchun Chen) - open: make RESOLVE_CACHED correctly test for O_TMPFILE (Aleksa Sarai) - bpf: Disable preemption in bpf_event_output (Jiri Olsa) - rbd: prevent busy loop when requesting exclusive lock (Ilya Dryomov) - wifi: mt76: mt7615: do not advertise 5 GHz on first phy of MT7615D (DBDC) (Paul Fertser) - net: tap_open(): set sk_uid from current_fsuid() (Laszlo Ersek) - net: tun_chr_open(): set sk_uid from current_fsuid() (Laszlo Ersek) - arm64: dts: stratix10: fix incorrect I2C property for SCL signal (Dinh Nguyen) - mtd: rawnand: meson: fix OOB available bytes for ECC (Arseniy Krasnov) - mtd: spinand: toshiba: Fix ecc_get_status (Olivier Maignial) - exfat: release s_lock before calling dir_emit() (Sungjong Seo) - exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree (gaoming) - firmware: arm_scmi: Drop OF node reference in the transport channel setup (Krzysztof Kozlowski) - ceph: defer stopping mdsc delayed_work (Xiubo Li) - USB: zaurus: Add ID for A-300/B-500/C-700 (Ross Maynard) - libceph: fix potential hang in ceph_osdc_notify() (Ilya Dryomov) - scsi: storvsc: Limit max_sectors for virtual Fibre Channel devices (Michael Kelley) - scsi: zfcp: Defer fc_rport blocking until after ADISC response (Steffen Maier) - tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen (Eric Dumazet) - tcp_metrics: annotate data-races around tm->tcpm_net (Eric Dumazet) - tcp_metrics: annotate data-races around tm->tcpm_vals[] (Eric Dumazet) - tcp_metrics: annotate data-races around tm->tcpm_lock (Eric Dumazet) - tcp_metrics: annotate data-races around tm->tcpm_stamp (Eric Dumazet) - tcp_metrics: fix addr_same() helper (Eric Dumazet) - prestera: fix fallback to previous version on same major version (Jonas Gorski) - net/mlx5: fs_core: Skip the FTs in the same FS_TYPE_PRIO_CHAINS fs_prio (Jianbo Liu) - net/mlx5: fs_core: Make find_closest_ft more generic (Jianbo Liu) - vxlan: Fix nexthop hash size (Benjamin Poirier) - ip6mr: Fix skb_under_panic in ip6mr_cache_report() (Yue Haibing) - s390/qeth: Don't call dev_close/dev_open (DOWN/UP) (Alexandra Winter) - net: dcb: choose correct policy to parse DCB_ATTR_BCN (Lin Ma) - net: netsec: Ignore 'phy-mode' on SynQuacer in DT mode (Mark Brown) - net: korina: handle clk prepare error in korina_probe() (Yuanjun Gong) - net: ll_temac: fix error checking of irq_of_parse_and_map() (Dan Carpenter) - net: ll_temac: Switch to use dev_err_probe() helper (Yang Yingliang) - bpf: sockmap: Remove preempt_disable in sock_map_sk_acquire (Tomas Glozar) - net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free (valis) - net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free (valis) - net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free (valis) - bpf, cpumap: Handle skb as well when clean up ptr_ring (Hou Tao) - net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX. (Kuniyuki Iwashima) - net: add missing data-race annotation for sk_ll_usec (Eric Dumazet) - net: add missing data-race annotations around sk->sk_peek_off (Eric Dumazet) - net: add missing READ_ONCE(sk->sk_rcvbuf) annotation (Eric Dumazet) - net: add missing READ_ONCE(sk->sk_sndbuf) annotation (Eric Dumazet) - net: add missing READ_ONCE(sk->sk_rcvlowat) annotation (Eric Dumazet) - net: annotate data-races around sk->sk_max_pacing_rate (Eric Dumazet) - qed: Fix scheduling in a tasklet while getting stats (Konstantin Khorenko) - mISDN: hfcpci: Fix potential deadlock on &hc->lock (Chengfeng Ye) - net: sched: cls_u32: Fix match key mis-addressing (Jamal Hadi Salim) - perf test uprobe_from_different_cu: Skip if there is no gcc (Georg Muller) - net: dsa: fix value check in bcm_sf2_sw_probe() (Yuanjun Gong) - rtnetlink: let rtnl_bridge_setlink checks IFLA_BRIDGE_MODE length (Lin Ma) - bpf: Add length check for SK_DIAG_BPF_STORAGE_REQ_MAP_FD parsing (Lin Ma) - net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer() (Yuanjun Gong) - net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx (Zhengchao Shao) - wifi: cfg80211: Fix return value in scan logic (Ilan Peer) - KVM: s390: fix sthyi error handling (Heiko Carstens) - word-at-a-time: use the same return type for has_zero regardless of endianness (ndesaulniers@google.com) - arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux (Hugo Villeneuve) - iommu/arm-smmu-v3: Document nesting-related errata (Robin Murphy) - iommu/arm-smmu-v3: Add explicit feature for nesting (Robin Murphy) - iommu/arm-smmu-v3: Document MMU-700 erratum 2812531 (Robin Murphy) - iommu/arm-smmu-v3: Work around MMU-600 erratum 1076982 (Robin Murphy) - net/mlx5: Free irqs only on shutdown callback (Shay Drory) - perf: Fix function pointer case (Peter Zijlstra) - io_uring: gate iowait schedule on having pending requests (Jens Axboe) - net: mana: Use the correct WQE count for ringing RQ doorbell (Long Li) [Orabug: 35555552] - net: mana: Batch ringing RX queue doorbell on receiving packets (Long Li) [Orabug: 35555552] - devlink: report devlink_port_type_warn source device (Petr Oros) [Orabug: 35727899] - scsi: mpi3mr: Update driver version to 8.5.0.0.0 (Ranjan Kumar) [Orabug: 35729632] - scsi: mpi3mr: Enhance handling of devices removed after controller reset (Ranjan Kumar) [Orabug: 35729632] - scsi: mpi3mr: WRITE SAME implementation (Ranjan Kumar) [Orabug: 35729632] - scsi: mpi3mr: Add support for more than 1MB I/O (Ranjan Kumar) [Orabug: 35729632] - scsi: mpi3mr: Update MPI Headers to version 3.00.28 (Ranjan Kumar) [Orabug: 35729632] - scsi: mpi3mr: Invoke soft reset upon TSU or event ack time out (Ranjan Kumar) [Orabug: 35729632] - scsi: mpi3mr: Propagate sense data for admin queue SCSI I/O (Sathya Prakash) [Orabug: 35729632] - scsi: mpi3mr: Fix the type used for pointers to bitmap (Christophe JAILLET) [Orabug: 35729632] - scsi: mpi3mr: Use -ENOMEM instead of -1 in mpi3mr_expander_add() (Harshit Mogalapalli) [Orabug: 35729632] - scsi: mpi3mr: Use IRQ save variants of spinlock to protect chain frame allocation (Ranjan Kumar) [Orabug: 35729632] - scsi: mpi3mr: Handle soft reset in progress fault code (0xF002) (Ranjan Kumar) [Orabug: 35729632] - scsi: mpi3mr: Update copyright year (Ranjan Kumar) [Orabug: 35729632] - scsi: mpi3mr: Fix W=1 compilation warnings (Ranjan Kumar) [Orabug: 35729632] - scsi: mpi3mr: Update MPI Headers to revision 27 (Ranjan Kumar) [Orabug: 35729632] - scsi: mpi3mr: Modify MUR timeout value to 120 seconds (Ranjan Kumar) [Orabug: 35729632] - scsi: mpi3mr: Fix admin queue memory leak upon soft reset (Ranjan Kumar) [Orabug: 35729632] - scsi: mpi3mr: Successive VD delete and add causes FW fault (Ranjan Kumar) [Orabug: 35729632] - scsi: mpi3mr: Fix expander node leak in mpi3mr_remove() (Tomas Henzl) [Orabug: 35729632] - scsi: mpi3mr: Fix memory leaks in mpi3mr_init_ioc() (Tomas Henzl) [Orabug: 35729632] - scsi: mpi3mr: Fix sas_hba.phy memory leak in mpi3mr_remove() (Tomas Henzl) [Orabug: 35729632] - scsi: mpi3mr: Fix mpi3mr_hba_port memory leak in mpi3mr_remove() (Tomas Henzl) [Orabug: 35729632] - scsi: mpi3mr: Fix config page DMA memory leak (Tomas Henzl) [Orabug: 35729632] - scsi: mpi3mr: Fix throttle_groups memory leak (Tomas Henzl) [Orabug: 35729632] - scsi: mpi3mr: Bad drive in topology results kernel crash (Ranjan Kumar) [Orabug: 35729632] - scsi: mpi3mr: NVMe command size greater than 8K fails (Ranjan Kumar) [Orabug: 35729632] - scsi: mpi3mr: Return proper values for failures in firmware init path (Ranjan Kumar) [Orabug: 35729632] - scsi: mpi3mr: Wait for diagnostic save during controller init (Ranjan Kumar) [Orabug: 35729632] - scsi: mpi3mr: Driver unload crashes host when enhanced logging is enabled (Ranjan Kumar) [Orabug: 35729632] - scsi: mpi3mr: ioctl timeout when disabling/enabling interrupt (Ranjan Kumar) [Orabug: 35729632] - scsi: mpi3mr: Remove unneeded version.h include (Jesper Juhl) [Orabug: 35729632] - scsi: mpi3mr: Fix missing mrioc->evtack_cmds initialization (Shin'ichiro Kawasaki) [Orabug: 35729632] - scsi: mpi3mr: Use number of bits to manage bitmap sizes (Shin'ichiro Kawasaki) [Orabug: 35729632] - scsi: mpi3mr: Remove unnecessary memcpy() to alltgt_info->dmi (Shin'ichiro Kawasaki) [Orabug: 35729632] - scsi: mpi3mr: Fix issues in mpi3mr_get_all_tgt_info() (Shin'ichiro Kawasaki) [Orabug: 35729632] - scsi: mpi3mr: Fix an issue found by KASAN (Tomas Henzl) [Orabug: 35729632] - scsi: mpi3mr: Remove usage of dma_get_required_mask() API (Sreekanth Reddy) [Orabug: 35729632] - scsi: mpi3mr: Suppress command reply debug prints (Shin'ichiro Kawasaki) [Orabug: 35729632] - scsi: mpi3mr: Select CONFIG_SCSI_SAS_ATTRS (Michal Kubecek) [Orabug: 35729632] - vhost-scsi: Fix alignment handling with windows (Mike Christie) [Orabug: 35769316] - selftests/bpf: fix static assert compilation issue for test_cls_*.c (Alan Maguire) [Orabug: 35773339] [5.15.0-106.125.1] - smp: Reduce NMI traffic from CSD waiters to CSD destination (Imran Khan) [Orabug: 35752500] - smp: Reduce logging due to dump_stack of CSD waiters (Imran Khan) [Orabug: 35752500] - block: Sysfs option to change ioticks granularity (Gulam Mohamed) [Orabug: 34977356] - uek: kabi: update x86_64 kABI files for new symbols (Saeed Mirzamohammadi) [Orabug: 35501675] - uek: kabi: update aarch64 kABI files for new symbols (Saeed Mirzamohammadi) [Orabug: 35553840] - rpmbuild: fixed missing _kernel_cc macros to allow alternate compilers (Mark Nicholson) [Orabug: 35729326] - scsi: megaraid_sas: Driver version update to 07.725.01.00-rc1 (Chandrakanth Patil) [Orabug: 35729651] - scsi: megaraid_sas: Add crash dump mode capability bit in MFI capabilities (Chandrakanth Patil) [Orabug: 35729651] - scsi: megaraid_sas: Add flexible array member for SGLs (Kees Cook) [Orabug: 35729651] - scsi: megaraid_sas: Fix some spelling mistakes in comment (Yu Zhe) [Orabug: 35729651] - scsi: megaraid_sas: Move megasas_dbg_lvl init to megasas_init() (Guixin Liu) [Orabug: 35729651] - scsi: megaraid_sas: Remove unnecessary memset() (Guixin Liu) [Orabug: 35729651] - scsi: megaraid_sas: Simplify megasas_update_device_list (Guixin Liu) [Orabug: 35729651] - scsi: megaraid_sas: Correct an error message (Guixin Liu) [Orabug: 35729651] - scsi: megaraid_sas: Correct value passed to scsi_device_lookup() (Guixin Liu) [Orabug: 35729651] - scsi: megaraid: Convert sysfs snprintf() to sysfs_emit() (Xuezhi Zhang) [Orabug: 35729651] - scsi: megaraid_sas: Use struct_size() in code related to struct MR_PD_CFG_SEQ_NUM_SYNC (Gustavo A. R. Silva) [Orabug: 35729651] - scsi: megaraid_sas: Use struct_size() in code related to struct MR_FW_RAID_MAP (Gustavo A. R. Silva) [Orabug: 35729651] - scsi: megaraid_sas: Replace one-element array with flexible-array member in MR_PD_CFG_SEQ_NUM_SYNC (Gustavo A. R. Silva) [Orabug: 35729651] - scsi: megaraid_sas: Replace one-element array with flexible-array member in MR_DRV_RAID_MAP (Gustavo A. R. Silva) [Orabug: 35729651] - scsi: megaraid_sas: Replace one-element array with flexible-array member in MR_FW_RAID_MAP_DYNAMIC (Gustavo A. R. Silva) [Orabug: 35729651] - scsi: megaraid_sas: Replace one-element array with flexible-array member in MR_FW_RAID_MAP (Gustavo A. R. Silva) [Orabug: 35729651] - scsi: megaraid: Remove redundant assignment to variable mfiStatus (Colin Ian King) [Orabug: 35729651] - scsi: megaraid_sas: Remove unnecessary kfree() (Guixin Liu) [Orabug: 35729651] - scsi: megaraid_sas: Remove redundant variable cmd_type (Colin Ian King) [Orabug: 35729651] - scsi: megaraid: Remove the static variable initialisation (Jason Wang) [Orabug: 35729651] - scsi: megaraid_sas: Clean up some inconsistent indenting (Jiapeng Chong) [Orabug: 35729651] - scsi: megaraid_sas: Remove redundant memset() statement (Harshit Mogalapalli) [Orabug: 35729651] - scsi: megaraid_sas: Remove unnecessary memset (Wan Jiabing) [Orabug: 35729651] - scsi: megasas: Clean up some inconsistent indenting (Yang Li) [Orabug: 35729651] - scsi: megasas: Stop using the SCSI pointer (Bart Van Assche) [Orabug: 35729651] - scsi: megaraid_sas: Use irq_set_affinity_and_hint() (Nitesh Narayan Lal) [Orabug: 35729651] - scsi: megaraid_sas: Driver version update to 07.719.03.00-rc1 (Sumit Saxena) [Orabug: 35729651] - scsi: megaraid_sas: Add helper functions for irq_context (Sumit Saxena) [Orabug: 35729651] - scsi: mpt3sas: Fix an issue when driver is being removed (Tomas Henzl) [Orabug: 35729658] - scsi: mpt3sas: Remove HBA BIOS version in the kernel log (Ranjan Kumar) [Orabug: 35729658] - scsi: mpt3sas: Drop redundant pci_enable_pcie_error_reporting() (Bjorn Helgaas) [Orabug: 35729658] - scsi: mpt3sas: Demote log level for trace buffer allocation to info (Paul Menzel) [Orabug: 35729658] - scsi: mpt3sas: Update driver version to 43.100.00.00 (Sreekanth Reddy) [Orabug: 35729658] - scsi: mpt3sas: Increase cmd_per_lun to 128 (Sreekanth Reddy) [Orabug: 35729658] - scsi: mpt3sas: Fix trace buffer registration failed (Sreekanth Reddy) [Orabug: 35729658] - scsi: mpt3sas: Disable MPI2_FUNCTION_FW_DOWNLOAD for ATTO devices (Bradley Grove) [Orabug: 35729658] - scsi: mpt3sas: Add support for ATTO ExpressSAS H12xx GT devices (Bradley Grove) [Orabug: 35729658] - scsi: mpt3sas: Remove flush_scheduled_work() call (Tetsuo Handa) [Orabug: 35729658] - scsi: mpt3sas: Fix whitespace and spelling mistake (Zhang Jiaming) [Orabug: 35729658] - scsi: mpt3sas: Fix typo in comment (Ren Yu) [Orabug: 35729658] - scsi: mpt3sas: Fix junk chars displayed while printing ChipName (Sreekanth Reddy) [Orabug: 35729658] - scsi: mpt3sas: Use cached ATA Information VPD page (Martin K. Petersen) [Orabug: 35729658] - scsi: mpt3sas: Fix adapter replyPostRegisterIndex declaration (Damien Le Moal) [Orabug: 35729658] - scsi: mpt3sas: Fix event callback log_code value handling (Damien Le Moal) [Orabug: 35729658] - scsi: mpt3sas: Fix _ctl_set_task_mid() TaskMID check (Damien Le Moal) [Orabug: 35729658] - scsi: mpt3sas: Fix mpt3sas_check_same_4gb_region() kdoc comment (Damien Le Moal) [Orabug: 35729658] - scsi: mpt3sas: Convert to flexible arrays (Kees Cook) [Orabug: 35729658] - scsi: mpt3sas: Update persistent trigger pages from sysfs interface (Suganath Prabu S) [Orabug: 35729658] - KVM: selftests: vmx_pmu_msrs_test: Drop tests mangling guest visible CPUIDs (Vitaly Kuznetsov) [Orabug: 35730650] - rds: Remove gratuitous include of time.h from rds.h (Mark Haywood) [Orabug: 35742760] - uek-rpm: Removing pre scriptlet to not allow firmware downgrade (Samasth Norway Ananda) [Orabug: 35756462] IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-20588 CVE-2023-22024 CVE-2023-42753 cpe:/a:oracle:linux:8::UEKR7 cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch cpe:/a:oracle:linux:8::developer_UEKR7 cpe:/a:oracle:linux:9::UEKR7 cpe:/a:oracle:linux:9::developer_UEKR7 Oracle Linux 9 [2.34-60.0.3.7] - CVE-2023-4527: Stack read overflow in getaddrinfo in no-aaa mode (#2234716). - CVE-2203-4806: potential use-after-free in getaddrinfo. - CVE-2023-4813: potential use-after-free in gaih_inet. Reviewed by: Jose E. Marchesi <jose.marchesi@oracle.com> [2.34-60.0.3] - CVE-2023-4911: tunables: Terminate immediately if end of input is reached Reviewed by: Jose E. Marchesi <jose.marchesi@oracle.com> IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-4806 CVE-2023-4911 CVE-2023-4527 CVE-2023-4813 cpe:/a:oracle:linux:9::userspace_ksplice Oracle Linux 9 [4:20230808-2.0.2] - update 06-6a-06 to 0xd0003b9 {CVE-2023-23583} IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-23583 cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [20230821] - Create new 20230821 release for OL9 which includes the following fixed CVEs: CVE-2019-14560 - Update to OpenSSL 1.1.1v which includes the following fixed CVEs: CVE-2023-3817 CVE-2023-3446 CVE-2023-2650 CVE-2023-0465 CVE-2023-0466 CVE-2023-0464 CVE-2023-0286 CVE-2023-0215 CVE-2022-4450 CVE-2022-4304 CVE-2022-2097 CVE-2022-2068 CVE-2022-1292 CVE-2022-0778 CVE-2021-4160 CVE-2021-3712 CVE-2021-3711 CVE-2021-3450 CVE-2021-3449 CVE-2021-23841 CVE-2021-23840 CVE-2020-1971 CVE-2020-1967 CVE-2019-1551 CVE-2019-1563 CVE-2019-1549 CVE-2019-1547 CVE-2019-1552 CVE-2019-1543 CVE-2018-0734 CVE-2018-0735 [20230613] - Create new 20230613.cvm release for OL9 [20230227] - Create new 20230227.cvm release for OL9 which includes the following fixed CVEs: CVE-2021-38578 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-0215 CVE-2022-4304 CVE-2022-4450 CVE-2023-0286 cpe:/a:oracle:linux:9::kvm_utils Oracle Linux 9 Oracle Linux 8 [5.15.0-201.135.6] - Revert ncsi: Propagate carrier gain/loss events to the NCSI controller (Johnathan Mantey) - netfilter: nf_tables: split async and sync catchall in two functions (Pablo Neira Ayuso) - netfilter: nf_tables: remove catchall element in GC sync path (Pablo Neira Ayuso) - scsi: mpt3sas: Fix loop logic (Ranjan Kumar) - Revert 'md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d' (Junxiao Bi) [Orabug: 36050011] - md: bypass block throttle for superblock update (Junxiao Bi) [Orabug: 36050011] - tracing: Have trace_event_file have ref counters (Steven Rostedt (Google)) [Orabug: 36059972] - Revert 'PCI: acpiphp: Reassign resources on bridge if necessary' (Dongli Zhang) [Orabug: 36039006] - Revert 'PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus' (Dongli Zhang) [Orabug: 36039006] - audit: Apply special optimizations (Hakon Bugge) [Orabug: 36038149] - audit: Vary struct audit_entry alignment (Hakon Bugge) [Orabug: 36038149] - Revert 'Revert 'printk: Consolidate console deferred printing'' (Hakon Bugge) [Orabug: 36038149] [5.15.0-201.135.5] - media: dvb-usb-v2: af9035: fix missing unlock (Hans Verkuil) - i2c: aspeed: Fix i2c bus hang in slave read (Jian Zhang) - i40e: Fix I40E_FLAG_VF_VLAN_PRUNING value (Ivan Vecera) - firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels() (Hao Ge) - virtio-mmio: fix memory leak of vm_dev (Maximilian Heyne) - NFSv4.1: fixup use EXCHGID4_FLAG_USE_PNFS_DS for DS server (Olga Kornievskaia) - net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve (Pedro Tammela) - Revert 'kernel/sched: Modify initial boot task idle setup' (Greg Kroah-Hartman) - usb: cdns3: Modify the return value of cdns_set_active () to void when CONFIG_PM_SLEEP is disabled (Xiaolei Wang) - quota: Fix slow quotaoff (Jan Kara) - lib/test_meminit: fix off-by-one error in test_pages() (Greg Kroah-Hartman) - nvmet-tcp: Fix a possible UAF in queue intialization setup (Sagi Grimberg) [Orabug: 36028025] {CVE-2023-5178} [5.15.0-201.135.4] - uek-rpm: Enable PDS_CORE and PDS_VFIO drivers (Joao Martins) [Orabug: 35424097] - pds_core: use correct index to mask irq (Shannon Nelson) [Orabug: 35424097] - amd/pds_core: core: No need for Null pointer check before kfree (Bragatheswaran Manickavel) [Orabug: 35424097] - pds_core: add an error code check in pdsc_dl_info_get (Su Hui) [Orabug: 35424097] - pds_core: devlink health: use retained error fmsg API (Przemek Kitszel) [Orabug: 35424097] - pds_core: add attempts to fix broken PCI (Shannon Nelson) [Orabug: 35424097] - pds_core: implement pci reset handlers (Shannon Nelson) [Orabug: 35424097] - pds_core: keep viftypes table across reset (Shannon Nelson) [Orabug: 35424097] - pds_core: check health in devcmd wait (Shannon Nelson) [Orabug: 35424097] - vfio/pds: Use proper PF device access helper (Shixiong Ou) [Orabug: 35424097] - vfio/pds: Add missing PCI_IOV depends (Shixiong Ou) [Orabug: 35424097] - pds_core: pass opcode to devcmd_wait (Shannon Nelson) [Orabug: 35424097] - pds_core: check for work queue before use (Shannon Nelson) [Orabug: 35424097] - pds_core: no reset command for VF (Shannon Nelson) [Orabug: 35424097] - pds_core: no health reporter in VF (Shannon Nelson) [Orabug: 35424097] - pds_core: protect devlink callbacks from fw_down state (Shannon Nelson) [Orabug: 35424097] - vfio/pds: Send type for SUSPEND_STATUS command (Brett Creeley) [Orabug: 35424097] - Revert 'pds_core: Fix some kernel-doc comments' (Jakub Kicinski) [Orabug: 35424097] - pds_core: Fix some kernel-doc comments (Yang Li) [Orabug: 35424097] - pds_core: remove redundant pci_clear_master() (Yu Liao) [Orabug: 35424097] - vfio/pds: fix return value in pds_vfio_get_lm_file() (Yang Yingliang) [Orabug: 35424097] - pds_core: Fix function header descriptions (Brett Creeley) [Orabug: 35424097] - vfio/pds: Add Kconfig and documentation (Brett Creeley) [Orabug: 35424097] - vfio/pds: Add support for firmware recovery (Brett Creeley) [Orabug: 35424097] - vfio/pds: Add support for dirty page tracking (Brett Creeley) [Orabug: 35424097] - vfio/pds: Add VFIO live migration support (Brett Creeley) [Orabug: 35424097] - vfio/pds: register with the pds_core PF (Brett Creeley) [Orabug: 35424097] - pds_core: Require callers of register/unregister to pass PF drvdata (Brett Creeley) [Orabug: 35424097] - vfio/pds: Initial support for pds VFIO driver (Brett Creeley) [Orabug: 35424097] - vfio: Commonize combine_ranges for use in other VFIO drivers (Brett Creeley) [Orabug: 35424097] - pds_core: Fix documentation for pds_client_register (Brett Creeley) [Orabug: 35424097] - pds_core: Fix FW recovery detection (Brett Creeley) [Orabug: 35424097] - pds_core: fix mutex double unlock in error path (Shannon Nelson) [Orabug: 35424097] - pds_core: add AUXILIARY_BUS and NET_DEVLINK to Kconfig (Shannon Nelson) [Orabug: 35424097] - pds_core: remove CONFIG_DEBUG_FS from makefile (Shannon Nelson) [Orabug: 35424097] - pds_core: Kconfig and pds_core.rst (Shannon Nelson) [Orabug: 35424097] - pds_core: publish events to the clients (Shannon Nelson) [Orabug: 35424097] - pds_core: add the aux client API (Shannon Nelson) [Orabug: 35424097] - pds_core: devlink params for enabling VIF support (Shannon Nelson) [Orabug: 35424097] - pds_core: add auxiliary_bus devices (Shannon Nelson) [Orabug: 35424097] - pds_core: add initial VF device handling (Shannon Nelson) [Orabug: 35424097] - pds_core: set up the VIF definitions and defaults (Shannon Nelson) [Orabug: 35424097] - pds_core: add FW update feature to devlink (Shannon Nelson) [Orabug: 35424097] - pds_core: Add adminq processing and commands (Shannon Nelson) [Orabug: 35424097] - pds_core: set up device and adminq (Shannon Nelson) [Orabug: 35424097] - pds_core: add devlink health facilities (Shannon Nelson) [Orabug: 35424097] - pds_core: health timer and workqueue (Shannon Nelson) [Orabug: 35424097] - pds_core: add devcmd device interfaces (Shannon Nelson) [Orabug: 35424097] - pds_core: initial framework for pds_core PF driver (Shannon Nelson) [Orabug: 35424097] - vfio/mlx5: Use the new device life cycle helpers (Yi Liu) [Orabug: 35424097] - vfio/pci: Use the new device life cycle helpers (Yi Liu) [Orabug: 35424097] - vfio: Add helpers for unifying vfio_device life cycle (Kevin Tian) [Orabug: 35424097] - net/rds: Always cancel heartbeat worker thread during conn destroy (Sharath Srinivasan) [Orabug: 35739389] - x86: KVM: SVM: always update the x2avic msr interception (Maxim Levitsky) [Orabug: 35857365] {CVE-2023-5090} - net/rds: Use proper peer port number even when not connected (Greg Jumper) [Orabug: 35896266] - hugetlb: disable HVO in Xen (Jane Chu) [Orabug: 35904478] - hugetlb: check for hugetlb folio before vmemmap_restore (Mike Kravetz) [Orabug: 35904478] - hugetlb: batch TLB flushes when restoring vmemmap (Mike Kravetz) [Orabug: 35904478] - hugetlb: batch TLB flushes when freeing vmemmap (Joao Martins) [Orabug: 35904478] - hugetlb: batch PMD split for bulk vmemmap dedup (Joao Martins) [Orabug: 35904478] - hugetlb: batch freeing of vmemmap pages (Mike Kravetz) [Orabug: 35904478] - hugetlb: perform vmemmap restoration on a list of pages (Mike Kravetz) [Orabug: 35904478] - hugetlb: perform vmemmap optimization on a list of pages (Mike Kravetz) [Orabug: 35904478] - hugetlb: restructure pool allocations (Mike Kravetz) [Orabug: 35904478] - hugetlb: optimize update_and_free_pages_bulk to avoid lock cycles (Mike Kravetz) [Orabug: 35904478] - mm: hugetlb: skip initialization of gigantic tail struct pages if freed by HVO (Usama Arif) [Orabug: 35904478] - memblock: introduce MEMBLOCK_RSRV_NOINIT flag (Usama Arif) [Orabug: 35904478] - mm: pass nid to reserve_bootmem_region() (Yajun Deng) [Orabug: 35904478] - mm/page_alloc: invert logic for early page initialisation checks (Mike Rapoport (IBM)) [Orabug: 35904478] - memblock: add missing argument definition (Usama Arif) [Orabug: 35904478] - memblock: pass memblock_type to memblock_setclr_flag (Usama Arif) [Orabug: 35904478] - mm: hugetlb_vmemmap: use nid of the head page to reallocate it (Usama Arif) [Orabug: 35904478] - mm: hugetlb_vmemmap: allow alloc vmemmap pages fallback to other nodes (Yuan Can) [Orabug: 35904478] - mm: hugetlb_vmemmap: fix hugetlb page number decrease failed on movable nodes (Yuan Can) [Orabug: 35904478] - hugetlb: set hugetlb page flag before optimizing vmemmap (Mike Kravetz) [Orabug: 35904478] - hugetlb: do not clear hugetlb dtor until allocating vmemmap (Mike Kravetz) [Orabug: 35904478] - mm/vmemmap optimization: split hugetlb and devdax vmemmap optimization (Aneesh Kumar K.V) [Orabug: 35904478] - mm/vmemmap: improve vmemmap_can_optimize and allow architectures to override (Aneesh Kumar K.V) [Orabug: 35904478] - mm: hugetlb_vmemmap: fix a race between vmemmap pmd split (Muchun Song) [Orabug: 35904478] - mm: hugetlb_vmemmap: provide stronger vmemmap allocation guarantees (Pasha Tatashin) [Orabug: 35904478] - mm/hugetlb_vmemmap: rename ARCH_WANT_HUGETLB_PAGE_OPTIMIZE_VMEMMAP (Aneesh Kumar K.V) [Orabug: 35904478] - mm/vmemmap/devdax: fix kernel crash when probing devdax devices (Aneesh Kumar K.V) [Orabug: 35904478] - mm/hugetlb_vmemmap: fix hugetlb_vmemmap_sysctls.maxlen (Jane Chu) [Orabug: 35904478] - mm: move most of core MM initialization to mm/mm_init.c (Mike Rapoport (IBM)) [Orabug: 35904478] - memblock: Disable mirror feature if kernelcore is not specified (Ma Wupeng) [Orabug: 35904478] - mm: hugetlb_vmemmap: simplify hugetlb_vmemmap_init() a bit (Muchun Song) [Orabug: 35904478] - mm/hugetlb_vmemmap: remap head page to newly allocated page (Joao Martins) [Orabug: 35904478] - mm: hugetlb_vmemmap: remove redundant list_del() (Muchun Song) [Orabug: 35904478] - mm: hugetlb_vmemmap: include missing linux/moduleparam.h (Vasily Gorbik) [Orabug: 35904478] - hugetlb: freeze allocated pages before creating hugetlb pages (Mike Kravetz) [Orabug: 35904478] - mm: hugetlb_vmemmap: simplify reset_struct_pages() (Muchun Song) [Orabug: 35904478] - mm/hugetlb: make detecting shared pte more reliable (Miaohe Lin) [Orabug: 35904478] - mm/hugetlb: fix sysfs group leak in hugetlb_unregister_node() (Miaohe Lin) [Orabug: 35904478] - mm: hugetlb_vmemmap: add missing smp_wmb() before set_pte_at() (Miaohe Lin) [Orabug: 35904478] - mm/hugetlb: fix missing call to restore_reserve_on_error() (Miaohe Lin) [Orabug: 35904478] - mm/hugetlb: fix WARN_ON(!kobj) in sysfs_create_group() (Miaohe Lin) [Orabug: 35904478] - mm/hugetlb: fix incorrect update of max_huge_pages (Miaohe Lin) [Orabug: 35904478] - mm: hugetlb_vmemmap: use PTRS_PER_PTE instead of PMD_SIZE / PAGE_SIZE (Muchun Song) [Orabug: 35904478] - mm: hugetlb_vmemmap: move code comments to vmemmap_dedup.rst (Muchun Song) [Orabug: 35904478] - mm: hugetlb_vmemmap: improve hugetlb_vmemmap code readability (Muchun Song) [Orabug: 35904478] - mm: hugetlb_vmemmap: replace early_param() with core_param() (Muchun Song) [Orabug: 35904478] - mm: hugetlb_vmemmap: move vmemmap code related to HugeTLB to hugetlb_vmemmap.c (Muchun Song) [Orabug: 35904478] - mm: hugetlb_vmemmap: introduce the name HVO (Muchun Song) [Orabug: 35904478] - mm: hugetlb_vmemmap: optimize vmemmap_optimize_mode handling (Muchun Song) [Orabug: 35904478] - mm: hugetlb_vmemmap: delete hugetlb_optimize_vmemmap_enabled() (Muchun Song) [Orabug: 35904478] - mm: memory_hotplug: make hugetlb_optimize_vmemmap compatible with memmap_on_memory (Muchun Song) [Orabug: 35904478] - mm: memory_hotplug: enumerate all supported section flags (Muchun Song) [Orabug: 35904478] - mm: hugetlb_vmemmap: fix CONFIG_HUGETLB_PAGE_FREE_VMEMMAP_DEFAULT_ON (Muchun Song) [Orabug: 35904478] - mm: hugetlb_vmemmap: add hugetlb_optimize_vmemmap sysctl (Muchun Song) [Orabug: 35904478] - mm: hugetlb_vmemmap: use kstrtobool for hugetlb_vmemmap param parsing (Muchun Song) [Orabug: 35904478] - mm: memory_hotplug: override memmap_on_memory when hugetlb_free_vmemmap=on (Muchun Song) [Orabug: 35904478] - mm: hugetlb_vmemmap: disable hugetlb_optimize_vmemmap when struct page crosses page boundaries (Muchun Song) [Orabug: 35904478] - mm/hugetlb_vmemmap: move comment block to Documentation/vm (Joao Martins) [Orabug: 35904478] - uek-rpm/ol8[9]: config switch update to keep default vmemmap optimization behavior (Jane Chu) [Orabug: 35904478] - mm: hugetlb_vmemmap: cleanup CONFIG_HUGETLB_PAGE_FREE_VMEMMAP* (Muchun Song) [Orabug: 35904478] - mm: hugetlb_vmemmap: cleanup hugetlb_free_vmemmap_enabled* (Muchun Song) [Orabug: 35904478] - mm: hugetlb_vmemmap: cleanup hugetlb_vmemmap related functions (Muchun Song) [Orabug: 35904478] - arm64: mm: hugetlb: enable HUGETLB_PAGE_FREE_VMEMMAP for arm64 (Muchun Song) [Orabug: 35904478] - mm: hugetlb_vmemmap: introduce ARCH_WANT_HUGETLB_PAGE_FREE_VMEMMAP (Muchun Song) [Orabug: 35904478] - Consider inflight IO in io accounting for high latency devices (Gulam Mohamed) [Orabug: 35922334] - EDAC/amd64: Add support for AMD family 1Ah models 00h-1Fh and 40h-4Fh (Avadhut Naik) [Orabug: 35925125] - hwmon: (k10temp) Add thermal support for AMD Family 1Ah-based models (Avadhut Naik) [Orabug: 35925125] - x86/amd_nb: Add PCI IDs for AMD Family 1Ah-based models (Avadhut Naik) [Orabug: 35925125] - EDAC/amd64: Add get_err_info() to pvt->ops (Muralidhara M K) [Orabug: 35925125] - EDAC/amd64: Split dump_misc_regs() into dct/umc functions (Muralidhara M K) [Orabug: 35925125] - EDAC/amd64: Split init_csrows() into dct/umc functions (Muralidhara M K) [Orabug: 35925125] - EDAC/amd64: Split determine_edac_cap() into dct/umc functions (Muralidhara M K) [Orabug: 35925125] - EDAC/amd64: Rename f17h_determine_edac_ctl_cap() (Yazen Ghannam) [Orabug: 35925125] - EDAC/amd64: Split setup_mci_misc_attrs() into dct/umc functions (Muralidhara M K) [Orabug: 35925125] - EDAC/amd64: Split ecc_enabled() into dct/umc functions (Muralidhara M K) [Orabug: 35925125] - EDAC/amd64: Split read_mc_regs() into dct/umc functions (Muralidhara M K) [Orabug: 35925125] - EDAC/amd64: Split determine_memory_type() into dct/umc functions (Muralidhara M K) [Orabug: 35925125] - EDAC/amd64: Split read_base_mask() into dct/umc functions (Muralidhara M K) [Orabug: 35925125] - EDAC/amd64: Split prep_chip_selects() into dct/umc functions (Muralidhara M K) [Orabug: 35925125] - EDAC/amd64: Rework hw_info_{get,put} (Yazen Ghannam) [Orabug: 35925125] - EDAC/amd64: Merge struct amd64_family_type into struct amd64_pvt (Muralidhara M K) [Orabug: 35925125] - EDAC/amd64: Do not discover ECC symbol size for Family 17h and later (Yazen Ghannam) [Orabug: 35925125] - EDAC/amd64: Drop dbam_to_cs() for Family 17h and later (Yazen Ghannam) [Orabug: 35925125] - EDAC/amd64: Split get_csrow_nr_pages() into dct/umc functions (Yazen Ghannam) [Orabug: 35925125] - EDAC/amd64: Rename debug_display_dimm_sizes() (Yazen Ghannam) [Orabug: 35925125] - EDAC/amd64: Shut up an -Werror,-Wsometimes-uninitialized clang false positive (Yazen Ghannam) [Orabug: 35925125] - EDAC/amd64: Remove early_channel_count() (Yazen Ghannam) [Orabug: 35925125] - EDAC/amd64: Remove PCI Function 0 (Yazen Ghannam) [Orabug: 35925125] - EDAC/amd64: Remove PCI Function 6 (Yazen Ghannam) [Orabug: 35925125] - EDAC/amd64: Remove scrub rate control for Family 17h and later (Yazen Ghannam) [Orabug: 35925125] - EDAC/amd64: Don't set up EDAC PCI control on Family 17h+ (Yazen Ghannam) [Orabug: 35925125] - x86/amd_nb: Unexport amd_cache_northbridges() (Muralidhara M K) [Orabug: 35925125] - EDAC/amd64: Add new register offset support and related changes (Yazen Ghannam) [Orabug: 35925125] - EDAC/amd64: Set memory type per DIMM (Yazen Ghannam) [Orabug: 35925125] - EDAC/amd64: Add support for family 19h, models 50h-5fh (Marc Bevand) [Orabug: 35925125] - EDAC/amd64: Add context struct (Yazen Ghannam) [Orabug: 35925125] - EDAC/amd64: Allow for DF Indirect Broadcast reads (Yazen Ghannam) [Orabug: 35925125] - x86/amd_nb, EDAC/amd64: Move DF Indirect Read to AMD64 EDAC (Yazen Ghannam) [Orabug: 35925125] - x86/microcode/AMD: Rip out static buffers (Borislav Petkov (AMD)) [Orabug: 35925125] - x86/microcode/amd: Remove unneeded pointer arithmetic (Nathan Fontenot) [Orabug: 35925125] - x86/microcode/AMD: Get rid of __find_equiv_id() (Borislav Petkov (AMD)) [Orabug: 35925125] - x86/microcode/AMD: Rename a couple of functions (Borislav Petkov) [Orabug: 35925125] - crypto: ccp - Add support for PCI device 0x156E (John Allen) [Orabug: 35925125] - crypto: ccp - Add support for PCI device 0x17E0 (Mario Limonciello) [Orabug: 35925125] - sbsa_gwdt: Calculate timeout with 64-bit math (Darren Hart) [Orabug: 35968810] - uek-rpm: Enable CONFIG_USBIP_VHCI_HCD and CONFIG_USBIP_HOST in UEK7 (Harshit Mogalapalli) [Orabug: 35994192] - vfio/type1: Parameterize pgsize bitmap (Joao Martins) [Orabug: 36002436] - vfio/type1: Parallel dirty scans with padata (Joao Martins) [Orabug: 36002436] - iommu/iova_bitmap: Add remote mm_struct for iova_bitmap (Joao Martins) [Orabug: 36002436] - vfio/type1: Advertise IOMMU dirty tracking support (Joao Martins) [Orabug: 36002436] - vfio/type1: Avoid perpectual dirty when iommu supports (Joao Martins) [Orabug: 36002436] - vfio/type1: Report dirty info from IOMMU (Joao Martins) [Orabug: 36002436] - vfio/type1: Add hardware dirty tracking start/stop support (Joao Martins) [Orabug: 36002436] - vfio/type1: Move start/stop dirty tracking to helpers (Joao Martins) [Orabug: 36002436] - iommu/amd: Improve dirty read io-pgtable walker (Joao Martins) [Orabug: 36002436] - iommu/amd: Access/Dirty bit support in IOPTEs (Joao Martins) [Orabug: 36002436] - iommu: Add iommu_domain ops for dirty tracking (Joao Martins) [Orabug: 36002436] - vfio: Move iova_bitmap into iommufd (Joao Martins) [Orabug: 36002436] [5.15.0-201.135.3] - Revert 'printk: Consolidate console deferred printing' (Sherry Yang) [Orabug: 35955850] [5.15.0-201.135.2] - LTS Version: v5.15.135 (Jack Vogel) - xen/events: replace evtchn_rwlock with RCU (Juergen Gross) - parisc: Restore __ldcw_align for PA-RISC 2.0 processors (John David Anglin) - ksmbd: fix uaf in smb20_oplock_break_ack (luosili) - RDMA/mlx5: Fix NULL string error (Shay Drory) - RDMA/siw: Fix connection failure handling (Bernard Metzler) - RDMA/uverbs: Fix typo of sizeof argument (Konstantin Meskhidze) - RDMA/cma: Fix truncation compilation warning in make_cma_ports (Leon Romanovsky) - RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (Mark Zhang) - gpio: pxa: disable pinctrl calls for MMP_GPIO (Duje Mihanovic) - gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (Bartosz Golaszewski) - IB/mlx4: Fix the size of a buffer in add_port_entries() (Christophe JAILLET) - of: dynamic: Fix potential memory leak in of_changeset_action() (Dan Carpenter) - RDMA/core: Require admin capabilities to set system parameters (Leon Romanovsky) - dm zoned: free dmz->ddev array in dmz_put_zoned_devices (Fedor Pchelkin) - HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (Srinivas Pandruvada) - HID: sony: remove duplicate NULL check before calling usb_free_urb() (Jiri Kosina) - sctp: update hb timer immediately after users change hb_interval (Xin Long) - sctp: update transport state when processing a dupcook packet (Xin Long) - tcp: fix delayed ACKs for MSS boundary condition (Neal Cardwell) - tcp: fix quick-ack counting to count actual ACKs of new data (Neal Cardwell) - tipc: fix a potential deadlock on &tx->lock (Chengfeng Ye) - net: stmmac: dwmac-stm32: fix resume on STM32 MCU (Ben Wolsieffer) - ipv4: Set offload_failed flag in fibmatch results (Benjamin Poirier) - netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure (Florian Westphal) - netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp (Xin Long) - ibmveth: Remove condition to recompute TCP header checksum. (David Wilder) - net: ethernet: ti: am65-cpsw: Fix error code in am65_cpsw_nuss_init_tx_chns() (Dan Carpenter) - net: nfc: llcp: Add lock when modifying device list (Jeremy Cline) - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (Shigeru Yoshida) - net: dsa: mv88e6xxx: Avoid EEPROM timeout when EEPROM is absent (Fabio Estevam) - ptp: ocp: Fix error handling in ptp_ocp_device_init (Dinghao Liu) - ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() (David Howells) - net: fix possible store tearing in neigh_periodic_work() (Eric Dumazet) - modpost: add missing else to the 'of' check (Mauricio Faria de Oliveira) - bpf, sockmap: Reject sk_msg egress redirects to non-TCP sockets (Jakub Sitnicki) - NFSv4: Fix a nfs4_state_manager() race (Trond Myklebust) - ima: rework CONFIG_IMA dependency block (Arnd Bergmann) - ima: Finish deprecation of IMA_TRUSTED_KEYRING Kconfig (Oleksandr Tymoshenko) - regmap: rbtree: Fix wrong register marked as in-cache when creating new node (Richard Fitzgerald) - wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (Felix Fietkau) - drivers/net: process the result of hdlc_open() and add call of hdlc_close() in uhdlc_close() (Alexandra Diupina) - bpf: Fix tr dereferencing (Leon Hwang) - wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (Pin-yen Lin) - wifi: iwlwifi: mvm: Fix a memory corruption issue (Christophe JAILLET) - iwlwifi: avoid void pointer arithmetic (Johannes Berg) - wifi: iwlwifi: dbg_ini: fix structure packing (Arnd Bergmann) - ubi: Refuse attaching if mtd's erasesize is 0 (Zhihao Cheng) - HID: sony: Fix a potential memory leak in sony_probe() (Christophe JAILLET) - arm64: Add Cortex-A520 CPU part definition (Rob Herring) - drm/amd: Fix detection of _PR3 on the PCIe root port (Mario Limonciello) - net: prevent rewrite of msg_name in sock_sendmsg() (Jordan Rife) - net: replace calls to sock->ops->connect() with kernel_connect() (Jordan Rife) - wifi: mwifiex: Fix tlv_buf_left calculation (Gustavo A. R. Silva) - qed/red_ll2: Fix undefined behavior bug in struct qed_ll2_info (Gustavo A. R. Silva) - vringh: don't use vringh_kiov_advance() in vringh_iov_xfer() (Stefano Garzarella) - scsi: zfcp: Fix a double put in zfcp_port_enqueue() (Dinghao Liu) - Revert 'clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz' (Greg Kroah-Hartman) - block: fix use-after-free of q->q_usage_counter (Ming Lei) - rbd: take header_rwsem in rbd_dev_refresh() only when updating (Ilya Dryomov) - rbd: decouple parent info read-in from updating rbd_dev (Ilya Dryomov) - rbd: decouple header read-in from updating rbd_dev->header (Ilya Dryomov) - rbd: move rbd_dev_refresh() definition (Ilya Dryomov) - iommu/arm-smmu-v3: Avoid constructing invalid range commands (Robin Murphy) - iommu/arm-smmu-v3: Set TTL invalidation hint better (Robin Murphy) - arm64: Avoid repeated AA64MMFR1_EL1 register read on pagefault path (Gabriel Krisman Bertazi) - ring-buffer: Fix bytes info in per_cpu buffer stats (Zheng Yejian) - ring-buffer: remove obsolete comment for free_buffer_page() (Vlastimil Babka) - NFSv4: Fix a state manager thread deadlock regression (Trond Myklebust) - NFS: rename nfs_client_kset to nfs_kset (Benjamin Coddington) - NFS: Cleanup unused rpc_clnt variable (Benjamin Coddington) - ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (Sameer Pujar) - ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (Sameer Pujar) - spi: zynqmp-gqspi: fix clock imbalance on probe failure (Johan Hovold) - spi: zynqmp-gqspi: Convert to platform remove callback returning void (Uwe Kleine-Konig) - LTS Version: v5.15.134 (Jack Vogel) - netfilter: nf_tables: fix kdoc warnings after gc rework (Florian Westphal) - drm/meson: fix memory leak on ->hpd_notify callback (Jani Nikula) - fs: binfmt_elf_efpic: fix personality for ELF-FDPIC (Greg Ungerer) - ata: libata-sata: increase PMP SRST timeout to 10s (Matthias Schiffer) - ata: libata-core: Do not register PM operations for SAS ports (Damien Le Moal) - ata: libata-core: Fix port and device removal (Damien Le Moal) - ata: libata-core: Fix ata_port_request_pm() locking (Damien Le Moal) - net: thunderbolt: Fix TCPv6 GSO checksum calculation (Mika Westerberg) - bpf: Fix BTF_ID symbol generation collision in tools/ (Nick Desaulniers) - bpf: Fix BTF_ID symbol generation collision (Jiri Olsa) - btrfs: properly report 0 avail for very full file systems (Josef Bacik) - proc: nommu: /proc/<pid>/maps: release mmap read lock (Ben Wolsieffer) - Revert 'SUNRPC dont update timeout value on connection reset' (Trond Myklebust) - io_uring/fs: remove sqe->rw_flags checking from LINKAT (Jens Axboe) - sched/rt: Fix live lock between select_fallback_rq() and RT push (Joel Fernandes (Google)) - kernel/sched: Modify initial boot task idle setup (Liam R. Howlett) - i2c: i801: unregister tco_pdev in i801_probe() error path (Heiner Kallweit) - ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (Niklas Cassel) - ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (Kailang Yang) - netfilter: nf_tables: disallow rule removal from chain binding (Pablo Neira Ayuso) [Orabug: 35865117] {CVE-2023-5197} - nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (Pan Bian) - serial: 8250_port: Check IRQ data before use (Andy Shevchenko) - Revert 'tty: n_gsm: fix UAF in gsm_cleanup_mux' (Daniel Starke) - misc: rtsx: Fix some platforms can not boot and move the l1ss judgment to probe (Ricky WU) - x86/srso: Add SRSO mitigation for Hygon processors (Pu Wen) - iommu/arm-smmu-v3: Fix soft lockup triggered by arm_smmu_mm_invalidate_range (Nicolin Chen) - Smack:- Use overlay inode label in smack_inode_copy_up() (Vishal Goel) - smack: Retrieve transmuting information in smack_inode_getsecurity() (Roberto Sassu) - smack: Record transmuting in smk_transmuted (Roberto Sassu) - nvme-pci: always return an ERR_PTR from nvme_pci_alloc_dev (Irvin Cote) - i40e: fix potential NULL pointer dereferencing of pf->vf i40e_sync_vsi_filters() (Andrii Staikov) - watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (Mika Westerberg) - watchdog: iTCO_wdt: No need to stop the timer in probe (Mika Westerberg) - nvme-pci: do not set the NUMA node of device if it has none (Pratyush Yadav) - nvme-pci: factor out a nvme_pci_alloc_dev helper (Christoph Hellwig) - nvme-pci: factor the iod mempool creation into a helper (Christoph Hellwig) - cgroup: Fix suspicious rcu_dereference_check() usage warning (Chengming Zhou) - sched/cpuacct: Optimize away RCU read lock (Chengming Zhou) - perf build: Define YYNOMEM as YYNOABORT for bison < 3.81 (Arnaldo Carvalho de Melo) - fbdev/sh7760fb: Depend on FB=y (Thomas Zimmermann) - ncsi: Propagate carrier gain/loss events to the NCSI controller (Johnathan Mantey) - powerpc/watchpoints: Annotate atomic context in more places (Benjamin Gray) - powerpc/watchpoint: Disable pagefaults when getting user instruction (Benjamin Gray) - powerpc/watchpoints: Disable preemption in thread_change_pc() (Benjamin Gray) - media: vb2: frame_vector.c: replace WARN_ONCE with a comment (Hans Verkuil) - ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (Chancel Liu) - bpf: Clarify error expectations from bpf_clone_redirect (Stanislav Fomichev) - ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (Shengjiu Wang) - spi: stm32: add a delay before SPI disable (Valentin Caron) - spi: nxp-fspi: reset the FLSHxCR1 registers (Han Xu) - ata: libata-eh: do not clear ATA_PFLAG_EH_PENDING in ata_eh_reset() (Niklas Cassel) - smb3: correct places where ENOTSUPP is used instead of preferred EOPNOTSUPP (Steve French) - scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command (Michal Grzedzicki) - scsi: pm80xx: Use phy-specific SAS address when sending PHY_START command (Michal Grzedzicki) - drm/amdgpu: Handle null atom context in VBIOS info ioctl (David Francis) - drm/amd/display: Don't check registers, if using AUX BL control (Swapnil Patel) - platform/mellanox: mlxbf-bootctl: add NET dependency into Kconfig (David Thompson) - ring-buffer: Do not attempt to read past 'commit' (Steven Rostedt (Google)) - selftests: fix dependency checker script (Ricardo B. Marliere) - btrfs: improve error message after failure to add delayed dir index item (Filipe Manana) - ring-buffer: Avoid softlockup in ring_buffer_resize() (Zheng Yejian) - selftests/ftrace: Correctly enable event in instance-event.tc (Zheng Yejian) - scsi: ufs: core: Move __ufshcd_send_uic_cmd() outside host_lock (Kiwoong Kim) - scsi: qedf: Add synchronization between I/O completions and abort (Javed Hasan) - parisc: irq: Make irq_stack_union static to avoid sparse warning (Helge Deller) - parisc: drivers: Fix sparse warning (Helge Deller) - parisc: iosapic.c: Fix sparse warnings (Helge Deller) - parisc: sba: Fix compile warning wrt list of SBA devices (Helge Deller) - spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain (Tobias Schramm) - spi: sun6i: reduce DMA RX transfer width to single byte (Tobias Schramm) - dma-debug: don't call __dma_entry_alloc_check_leak() under free_entries_lock (Sergey Senozhatsky) - i2c: npcm7xx: Fix callback completion ordering (William A. Kennington III) - gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (Wenhua Lin) - soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (Nathan Rossi) - xtensa: boot/lib: fix function prototypes (Max Filippov) - xtensa: boot: don't add include-dirs (Randy Dunlap) - xtensa: iss/network: make functions static (Randy Dunlap) - xtensa: add default definition for XCHAL_HAVE_DIV32 (Max Filippov) - firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels() (Christophe JAILLET) - power: supply: ucs1002: fix error code in ucs1002_get_property() (Dan Carpenter) - bus: ti-sysc: Fix SYSC_QUIRK_SWSUP_SIDLE_ACT handling for uart wake-up (Tony Lindgren) - ARM: dts: ti: omap: motorola-mapphone: Fix abe_clkctrl warning on boot (Tony Lindgren) - ARM: dts: ti: omap: Fix bandgap thermal cells addressing for omap3/4 (Tony Lindgren) - ARM: dts: omap: correct indentation (Krzysztof Kozlowski) - treewide: Replace GPLv2 boilerplate/reference with SPDX - gpl-2.0_56.RULE (part 1) (Thomas Gleixner) - clk: tegra: fix error return case for recalc_rate (Timo Alho) - bus: ti-sysc: Fix missing AM35xx SoC matching (Adam Ford) - bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (Julien Panis) - drm/bridge: ti-sn65dsi83: Do not generate HFP/HBP/HSA and EOT packet (Marek Vasut) - MIPS: Alchemy: only build mmc support helpers if au1xmmc is enabled (Christoph Hellwig) - btrfs: reset destination buffer when read_extent_buffer() gets invalid range (Qu Wenruo) - ata: ahci: Add Elkhart Lake AHCI controller (Werner Fischer) - ata: ahci: Rename board_ahci_mobile (Mario Limonciello) - ata: ahci: Add support for AMD A85 FCH (Hudson D4) (Paul Menzel) - ata: libata: Rename link flag ATA_LFLAG_NO_DB_DELAY (Paul Menzel) - netfilter: nft_exthdr: Fix non-linear header modification (Xiao Liang) - netfilter: exthdr: add support for tcp option removal (Florian Westphal) - Input: i8042 - add quirk for TUXEDO Gemini 17 Gen1/Clevo PD70PN (Werner Sembach) - Input: i8042 - rename i8042-x86ia64io.h to i8042-acpipnpio.h (Huacai Chen) - xfs: fix xfs_inodegc_stop racing with mod_delayed_work (Darrick J. Wong) - xfs: disable reaping in fscounters scrub (Darrick J. Wong) - xfs: check that per-cpu inodegc workers actually run on that cpu (Darrick J. Wong) - xfs: explicitly specify cpu when forcing inodegc delayed work to run immediately (Darrick J. Wong) - xfs: introduce xfs_inodegc_push() (Dave Chinner) - xfs: bound maximum wait time for inodegc work (Dave Chinner) - i2c: mux: gpio: Add missing fwnode_handle_put() (Liang He) - i2c: mux: gpio: Replace custom acpi_get_local_address() (Andy Shevchenko) - i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (Xiaoke Wang) - gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (Christophe JAILLET) - Fix up backport of 136191703038 ('interconnect: Teach lockdep about icc_bw_lock order') (Sasha Levin) - igc: Expose tx-usecs coalesce setting to user (Muhammad Husaini Zulkifli) - bnxt_en: Flush XDP for bnxt_poll_nitroa0()'s NAPI (Sebastian Andrzej Siewior) - net: ena: Flush XDP packets on error. (Sebastian Andrzej Siewior) - locking/seqlock: Do the lockdep annotation before locking in do_write_seqcount_begin_nested() (Sebastian Andrzej Siewior) - netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP (Jozsef Kadlecsik) [Orabug: 35865151] {CVE-2023-42756} - netfilter: nf_tables: disable toggling dormant table state more than once (Florian Westphal) - team: fix null-ptr-deref when team device type is changed (Ziyang Xuan) - net: bridge: use DEV_STATS_INC() (Eric Dumazet) - net: hns3: add 5ms delay before clear firmware reset irq source (Jie Wang) - net: hns3: fix fail to delete tc flower rules during reset issue (Jijie Shao) - net: hns3: only enable unicast promisc when mac table full (Jian Shen) - net: hns3: fix GRE checksum offload issue (Jie Wang) - x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (Josh Poimboeuf) - x86/srso: Fix srso_show_state() side effect (Josh Poimboeuf) - platform/x86: intel_scu_ipc: Fail IPC send if still busy (Stephen Boyd) - platform/x86: intel_scu_ipc: Don't override scu in intel_scu_ipc_dev_simple_command() (Stephen Boyd) - platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (Stephen Boyd) - platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (Stephen Boyd) - dccp: fix dccp_v4_err()/dccp_v6_err() again (Eric Dumazet) - powerpc/perf/hv-24x7: Update domain value check (Kajol Jain) - ipv4: fix null-deref in ipv4_link_failure (Kyle Zeng) - igc: Fix infinite initialization loop with early XDP redirect (Vinicius Costa Gomes) - ionic: fix 16bit math issue when PAGE_SIZE >= 64KB (David Christensen) - i40e: Fix VF VLAN offloading when port VLAN is configured (Ivan Vecera) - i40e: Add VF VLAN pruning (Mateusz Palczewski) - iavf: do not process adminq tasks when __IAVF_IN_REMOVE_TASK is set (Radoslaw Tyl) - ASoC: imx-audmix: Fix return error with devm_clk_get() (Shengjiu Wang) - net/core: Fix ETH_P_1588 flow dissector (Sasha Neftin) - selftests: tls: swap the TX and RX sockets in some tests (Sabrina Dubroca) - bpf: Avoid deadlock when using queue and stack maps from NMI (Toke Hoiland-Jorgensen) - netfilter: nf_tables: disallow element removal on anonymous sets (Pablo Neira Ayuso) - ASoC: meson: spdifin: start hw on dai probe (Jerome Brunet) - netfilter: nf_tables: fix memleak when more than 255 elements expired (Florian Westphal) - netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (Pablo Neira Ayuso) - netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails (Pablo Neira Ayuso) - netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC (Pablo Neira Ayuso) - netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention (Pablo Neira Ayuso) - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction (Pablo Neira Ayuso) [Orabug: 35814389] {CVE-2023-4244} - netfilter: nf_tables: defer gc run if previous batch is still pending (Florian Westphal) - netfilter: nf_tables: use correct lock to protect gc_list (Pablo Neira Ayuso) - netfilter: nf_tables: GC transaction race with abort path (Pablo Neira Ayuso) - netfilter: nf_tables: GC transaction race with netns dismantle (Pablo Neira Ayuso) - netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path (Pablo Neira Ayuso) - netfilter: nf_tables: don't fail inserts if duplicate has expired (Florian Westphal) - netfilter: nf_tables: remove busy mark and gc batch API (Pablo Neira Ayuso) - netfilter: nft_set_hash: mark set element as dead when deleting from packet path (Pablo Neira Ayuso) - netfilter: nf_tables: adapt set backend to use GC transaction API (Pablo Neira Ayuso) [Orabug: 35814389] {CVE-2023-4244} - netfilter: nf_tables: GC transaction API to avoid race with control plane (Pablo Neira Ayuso) - netfilter: nf_tables: don't skip expired elements during walk (Florian Westphal) - tracing: Have event inject files inc the trace array ref count (Steven Rostedt (Google)) - ext4: do not let fstrim block system suspend (Jan Kara) - ext4: move setting of trimmed bit into ext4_try_to_trim_range() (Jan Kara) - ext4: replace the traditional ternary conditional operator with with max()/min() (Kemeng Shi) - ext4: change s_last_trim_minblks type to unsigned long (Lukas Czerner) - ext4: scope ret locally in ext4_try_to_trim_range() (Lukas Bulwahn) - ata: libahci: clear pending interrupt status (Szuying Chen) - ata: ahci: Drop pointless VPRINTK() calls and convert the remaining ones (Hannes Reinecke) - tracing: Increase trace array ref count on enable and filter files (Steven Rostedt (Google)) - tracing: Make trace_marker{,_raw} stream-like (John Keeping) - NFSv4.1: fix pnfs MDS=DS session trunking (Olga Kornievskaia) - NFSv4.1: use EXCHGID4_FLAG_USE_PNFS_DS for DS server (Olga Kornievskaia) - SUNRPC: Mark the cred for revalidation if the server rejects it (Trond Myklebust) - NFS/pNFS: Report EINVAL errors from connect() to the server (Trond Myklebust) - NFS: More fixes for nfs_direct_write_reschedule_io() (Trond Myklebust) - NFS: Use the correct commit info in nfs_join_page_group() (Trond Myklebust) - LTS version: v5.15.133 (Jack Vogel) - interconnect: Teach lockdep about icc_bw_lock order (Rob Clark) - drm/amd/display: enable cursor degamma for DCN3+ DRM legacy gamma (Melissa Wen) - drm/amdgpu: fix amdgpu_cs_p1_user_fence (Christian Konig) - drm/amd/display: fix the white screen issue when >= 64GB DRAM (Yifan Zhang) - ext4: fix rec_len verify error (Shida Zhang) - scsi: pm8001: Setup IRQs on resume (Damien Le Moal) - ata: libata: disallow dev-initiated LPM transitions to unsupported states (Niklas Cassel) - i2c: aspeed: Reset the i2c controller when timeout occurs (Tommy Huang) - tracefs: Add missing lockdown check to tracefs_create_dir() (Steven Rostedt (Google)) - nfsd: fix change_info in NFSv4 RENAME replies (Jeff Layton) - tracing: Have option files inc the trace array ref count (Steven Rostedt (Google)) - tracing: Have current_trace inc the trace array ref count (Steven Rostedt (Google)) - tracing: Have tracing_max_latency inc the trace array ref count (Steven Rostedt (Google)) - btrfs: release path before inode lookup during the ino lookup ioctl (Filipe Manana) - btrfs: fix lockdep splat and potential deadlock after failure running delayed items (Filipe Manana) - ovl: fix incorrect fdput() on aio completion (Amir Goldstein) - ovl: fix failed copyup of fileattr on a symlink (Amir Goldstein) - attr: block mode changes of symlinks (Christian Brauner) - md/raid1: fix error: ISO C90 forbids mixed declarations (Nigel Croxon) - samples/hw_breakpoint: fix building without module unloading (Arnd Bergmann) - x86/purgatory: Remove LTO flags (Song Liu) - x86/boot/compressed: Reserve more memory for page tables (Kirill A. Shutemov) - scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (Jinjie Ruan) - selftests: tracing: Fix to unmount tracefs for recovering environment (Masami Hiramatsu (Google)) - scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (Jinjie Ruan) - drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (Jinjie Ruan) - btrfs: compare the correct fsid/metadata_uuid in btrfs_validate_super (Anand Jain) - btrfs: add a helper to read the superblock metadata_uuid (Anand Jain) - btrfs: move btrfs_pinned_by_swapfile prototype into volumes.h (Josef Bacik) - perf test shell stat_bpf_counters: Fix test on Intel (Namhyung Kim) - perf test: Remove bash construct from stat_bpf_counters.sh test (James Clark) - MIPS: Use 'grep -E' instead of 'egrep' (Tiezhu Yang) - mtd: rawnand: brcmnand: Fix ECC level field setting for v7.2 controller (William Zhang) - mtd: rawnand: brcmnand: Allow SoC to provide I/O operations (Florian Fainelli) - jbd2: correct the end of the journal recovery scan range (Zhang Yi) - jbd2: rename jbd_debug() to jbd2_debug() (Jan Kara) - jbd2: kill t_handle_lock transaction spinlock (Ritesh Harjani) - jbd2: fix use-after-free of transaction_t race (Ritesh Harjani) - jbd2: refactor wait logic for transaction updates into a common function (Ritesh Harjani) - printk: Consolidate console deferred printing (John Ogness) - interconnect: Fix locking for runpm vs reclaim (Rob Clark) - kobject: Add sanity check for kset->kobj.ktype in kset_register() (Zhen Lei) - media: pci: ipu3-cio2: Initialise timing struct to avoid a compiler warning (Sakari Ailus) - usb: ehci: add workaround for chipidea PORTSC.PEC bug (Xu Yang) - serial: cpm_uart: Avoid suspicious locking (Christophe Leroy) - scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (Konstantin Shelekhin) - tools: iio: iio_generic_buffer: Fix some integer type and calculation (Chenyuan Mi) - usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc (Ma Ke) - usb: cdns3: Put the cdns set active part outside the spin lock (Xiaolei Wang) - media: pci: cx23885: replace BUG with error return (Hans Verkuil) - media: tuners: qt1010: replace BUG_ON with a regular error (Hans Verkuil) - media: dvb-usb-v2: gl861: Fix null-ptr-deref in gl861_i2c_master_xfer (Zhang Shurong) - media: az6007: Fix null-ptr-deref in az6007_i2c_xfer() (Zhang Shurong) - media: anysee: fix null-ptr-deref in anysee_master_xfer (Zhang Shurong) - media: af9005: Fix null-ptr-deref in af9005_i2c_xfer (Zhang Shurong) - media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer() (Zhang Shurong) - media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer (Zhang Shurong) - PCI: fu740: Set the number of MSI vectors (Yong-Xuan Wang) - powerpc/pseries: fix possible memory leak in ibmebus_bus_init() (ruanjinjie) - ARM: 9317/1: kexec: Make smp stop calls asynchronous (Marten Lindahl) - jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount (Liu Shixin via Jfs-discussion) - fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount() (Andrew Kanner) - ext2: fix datatype of block number in ext2_xattr_set2() (Georg Ottinger) - md: raid1: fix potential OOB in raid1_remove_disk() (Zhang Shurong) - bus: ti-sysc: Configure uart quirks for k3 SoC (Tony Lindgren) - drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable() (Tuo Li) - drm/amd/display: Blocking invalid 420 modes on HDMI TMDS for DCN31 (Leo Chen) - ALSA: hda: intel-dsp-cfg: add LunarLake support (Pierre-Louis Bossart) - samples/hw_breakpoint: Fix kernel BUG 'invalid opcode: 0000' (Rong Tao) - arm64: dts: qcom: sm8250-edo: correct ramoops pmsg-size (Krzysztof Kozlowski) - arm64: dts: qcom: sm8150-kumano: correct ramoops pmsg-size (Krzysztof Kozlowski) - arm64: dts: qcom: sm6125-pdx201: correct ramoops pmsg-size (Krzysztof Kozlowski) - drm/bridge: tc358762: Instruct DSI host to generate HSE packets (Marek Vasut) - wifi: mac80211_hwsim: drop short frames (Johannes Berg) - netfilter: ebtables: fix fortify warnings in size_entry_mwt() (GONG, Ruiqi) - wifi: mac80211: check S1G action frame size (Johannes Berg) - alx: fix OOB-read compiler warning (GONG, Ruiqi) - mmc: sdhci-esdhc-imx: improve ESDHC_FLAG_ERR010450 (Giulio Benetti) - tpm_tis: Resend command to recover from data transfer errors (Alexander Steffen) - crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui() (Mark O'Donovan) - wifi: wil6210: fix fortify warnings (Dmitry Antipov) - wifi: mwifiex: fix fortify warning (Dmitry Antipov) - wifi: ath9k: fix printk specifier (Dongliang Mu) - wifi: ath9k: fix fortify warnings (Dmitry Antipov) - crypto: lrw,xts - Replace strlcpy with strscpy (Azeem Shaikh) - devlink: remove reload failed checks in params get/set callbacks (Jiri Pirko) - ACPI: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects (Mario Limonciello) - hw_breakpoint: fix single-stepping when using bpf_overflow_handler (Tomislav Novak) - perf/imx_ddr: speed up overflow frequency of cycle (Xu Yang) - perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09 (Yicong Yang) - ACPI: video: Add backlight=native DMI quirk for Lenovo Ideapad Z470 (Jiri Slaby (SUSE)) - scftorture: Forgive memory-allocation failure if KASAN (Paul E. McKenney) - rcuscale: Move rcu_scale_writer() schedule_timeout_uninterruptible() to _idle() (Zqiang) - kernel/fork: beware of __put_task_struct() calling context (Wander Lairson Costa) - ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer (Abhishek Mainkar) - locks: fix KASAN: use-after-free in trace_event_raw_event_filelock_lock (Will Shiu) - btrfs: output extra debug info if we failed to find an inline backref (Qu Wenruo) - autofs: fix memory leak of waitqueues in autofs_catatonic_mode (Fedor Pchelkin) - LTS version: v5.15.132 (Jack Vogel) - pcd: fix error codes in pcd_init_unit() (Dan Carpenter) - drm/amd/display: Fix a bug when searching for insert_above_mpcc (Wesley Chalmers) - MIPS: Only fiddle with CHECKFLAGS if need-compiler' (Maciej W. Rozycki) - kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg(). (Kuniyuki Iwashima) - ixgbe: fix timestamp configuration code (Vadim Fedorenko) - ipv6: fix ip6_sock_set_addr_preferences() typo (Eric Dumazet) - net/tls: do not free tls_rec on async operation in bpf_exec_tx_verdict() (Liu Jian) - platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (Shravan Kumar Ramani) - platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (Shravan Kumar Ramani) - platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (Liming Sun) - platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors (Liming Sun) - kcm: Fix memory leak in error path of kcm_sendmsg() (Shigeru Yoshida) - r8152: check budget for r8152_poll() (Hayes Wang) - net: dsa: sja1105: hide all multicast addresses from 'bridge fdb show' (Vladimir Oltean) - hsr: Fix uninit-value access in fill_frame_info() (Ziyang Xuan) - net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_get_fdir_all() (Hangyu Hua) - net: ethernet: mvpp2_main: fix possible OOB write in mvpp2_ethtool_get_rxnfc() (Hangyu Hua) - net/smc: use smc_lgr_list.lock to protect smc_lgr_list.list iterate in smcr_port_add (Guangguan Wang) - kselftest/runner.sh: Propagate SIGTERM to runner child (Bjorn Topel) - net: ipv4: fix one memleak in __inet_del_ifa() (Liu Jian) - ARM: dts: BCM5301X: Extend RAM to full 256MB for Linksys EA6500 V2 (Aleksey Nasibulin) - ARM: dts: samsung: exynos4210-i9100: Fix LCD screen's physical size (Paul Cercueil) - block: don't add or resize partition on the disk with GENHD_FL_NO_PART (Li Lingfeng) - block: rename GENHD_FL_NO_PART_SCAN to GENHD_FL_NO_PART (Christoph Hellwig) - block: move GENHD_FL_BLOCK_EVENTS_ON_EXCL_WRITE to disk->event_flags (Christoph Hellwig) - block: move GENHD_FL_NATIVE_CAPACITY to disk->state (Christoph Hellwig) - pcd: cleanup initialization (Christoph Hellwig) - pcd: move the identify buffer into pcd_identify (Christoph Hellwig) - perf hists browser: Fix the number of entries for 'e' key (Namhyung Kim) - perf tools: Handle old data in PERF_RECORD_ATTR (Namhyung Kim) - perf hists browser: Fix hierarchy mode header (Namhyung Kim) - MIPS: Fix CONFIG_CPU_DADDI_WORKAROUNDS modules_install' regression (Maciej W. Rozycki) - drm/amd/display: prevent potential division by zero errors (Hamza Mahfooz) - mtd: rawnand: brcmnand: Fix potential false time out warning (William Zhang) - mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write (William Zhang) - mtd: rawnand: brcmnand: Fix crash during the panic_write (William Zhang) - btrfs: use the correct superblock to compare fsid in btrfs_validate_super (Anand Jain) - btrfs: don't start transaction when joining with TRANS_JOIN_NOSTART (Filipe Manana) - btrfs: free qgroup rsv on io failure (Boris Burkov) - fuse: nlookup missing decrement in fuse_direntplus_link (ruanmeisi) - ata: pata_ftide010: Add missing MODULE_DESCRIPTION (Damien Le Moal) - ata: sata_gemini: Add missing MODULE_DESCRIPTION (Damien Le Moal) - ata: pata_falcon: fix IO base selection for Q40 (Michael Schmitz) - lib: test_scanf: Add explicit type cast to result initialization in test_number_prefix() (Nathan Chancellor) - ext4: add correct group descriptors and reserved GDT blocks to system zone (Wang Jianjian) - dmaengine: sh: rz-dmac: Fix destination and source data size setting (Hien Huynh) - ARC: atomics: Add compiler barrier to atomic operations... (Pavel Kozlov) - sh: boards: Fix CEU buffer size passed to dma_declare_coherent_memory() (Petr Tesarik) - net: hns3: remove GSO partial feature bit (Jie Wang) - net: hns3: fix the port information display when sfp is absent (Yisen Zhuang) - net: hns3: fix invalid mutex between tc qdisc and dcb ets command issue (Jijie Shao) - net: hns3: fix debugfs concurrency issue between kfree buffer and read (Hao Chen) - net: hns3: fix byte order conversion issue in hclge_dbg_fd_tcam_read() (Hao Chen) - net: dsa: sja1105: complete tc-cbs offload support on SJA1110 (Vladimir Oltean) - net: dsa: sja1105: fix -ENOSPC when replacing the same tc-cbs too many times (Vladimir Oltean) - net: dsa: sja1105: fix bandwidth discrepancy between tc-cbs software and offload (Vladimir Oltean) - ip_tunnels: use DEV_STATS_INC() (Eric Dumazet) - idr: fix param name in idr_alloc_cyclic() doc (Ariel Marcovitch) - s390/zcrypt: don't leak memory if dev_set_name() fails (Andy Shevchenko) - igb: Change IGB_MIN to allow set rx/tx value between 64 and 80 (Olga Zaborska) - igbvf: Change IGBVF_MIN to allow set rx/tx value between 64 and 80 (Olga Zaborska) - igc: Change IGC_MIN to allow set rx/tx value between 64 and 80 (Olga Zaborska) - octeontx2-af: Fix truncation of smq in CN10K NIX AQ enqueue mbox handler (Geetha sowjanya) - kcm: Destroy mutex in kcm_exit_net() (Shigeru Yoshida) - net: sched: sch_qfq: Fix UAF in qfq_dequeue() (valis) [Orabug: 35814453] {CVE-2023-4921} - af_unix: Fix data race around sk->sk_err. (Kuniyuki Iwashima) - af_unix: Fix data-races around sk->sk_shutdown. (Kuniyuki Iwashima) - af_unix: Fix data-race around unix_tot_inflight. (Kuniyuki Iwashima) - af_unix: Fix data-races around user->unix_inflight. (Kuniyuki Iwashima) - net: phy: micrel: Correct bit assignments for phy_device flags (Oleksij Rempel) - net: ipv6/addrconf: avoid integer underflow in ipv6_create_tempaddr (Alex Henrie) - veth: Fixing transmit return status for dropped packets (Liang Chen) - igb: disable virtualization features on 82580 (Corinna Vinschen) - ipv4: ignore dst hint for multipath routes (Sriram Yagnaraman) - drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (Sean Christopherson) - xsk: Fix xsk_diag use-after-free error during socket cleanup (Magnus Karlsson) - net: fib: avoid warn splat in flow dissector (Florian Westphal) - net: read sk->sk_family once in sk_mc_loop() (Eric Dumazet) - ipv4: annotate data-races around fi->fib_dead (Eric Dumazet) - sctp: annotate data-races around sk->sk_wmem_queued (Eric Dumazet) - net/sched: fq_pie: avoid stalls in fq_pie_timer() (Eric Dumazet) - pwm: lpc32xx: Remove handling of PWM channels (Vladimir Zapolskiy) - watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (Raag Jadav) - perf top: Don't pass an ERR_PTR() directly to perf_session__delete() (Arnaldo Carvalho de Melo) - perf vendor events: Drop some of the JSON/events for power10 platform (Kajol Jain) - perf vendor events: Update the JSON/events descriptions for power10 platform (Kajol Jain) - x86/virt: Drop unnecessary check on extended CPUID level in cpu_has_svm() (Sean Christopherson) - perf annotate bpf: Don't enclose non-debug code with an assert() (Arnaldo Carvalho de Melo) - Input: tca6416-keypad - fix interrupt enable disbalance (Dmitry Torokhov) - Input: tca6416-keypad - always expect proper IRQ number in i2c client (Dmitry Torokhov) - backlight: gpio_backlight: Drop output GPIO direction check for initial power state (Ying Liu) - pwm: atmel-tcb: Fix resource freeing in error path and remove (Uwe Kleine-Konig) - pwm: atmel-tcb: Harmonize resource allocation order (Uwe Kleine-Konig) - pwm: atmel-tcb: Convert to platform remove callback returning void (Uwe Kleine-Konig) - perf trace: Really free the evsel->priv area (Arnaldo Carvalho de Melo) - perf trace: Use zfree() to reduce chances of use after free (Arnaldo Carvalho de Melo) - kconfig: fix possible buffer overflow (Konstantin Meskhidze) - gfs2: low-memory forced flush fixes (Andreas Gruenbacher) - gfs2: Switch to wait_event in gfs2_logd (Andreas Gruenbacher) - kbuild: do not run depmod for 'make modules_sign' (Masahiro Yamada) - bus: mhi: host: Skip MHI reset if device is in RDDM (Qiang Yu) - NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (Fedor Pchelkin) - NFS: Fix a potential data corruption (Trond Myklebust) - clk: qcom: mss-sc7180: fix missing resume during probe (Johan Hovold) - clk: qcom: q6sstop-qcs404: fix missing resume during probe (Johan Hovold) - soc: qcom: qmi_encdec: Restrict string length in decode (Chris Lew) - clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (Dmitry Baryshkov) - clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz (Ahmad Fatoum) - dt-bindings: clock: xlnx,versal-clk: drop select:false (Krzysztof Kozlowski) - pinctrl: cherryview: fix address_space_handler() argument (Raag Jadav) - parisc: led: Reduce CPU overhead for disk & lan LED computation (Helge Deller) - parisc: led: Fix LAN receive and transmit LEDs (Helge Deller) - lib/test_meminit: allocate pages up to order MAX_ORDER (Andrew Donnellan) - clk: qcom: turingcc-qcs404: fix missing resume during probe (Johan Hovold) - drm/ast: Fix DRAM init on AST2200 (Thomas Zimmermann) - clk: qcom: camcc-sc7180: fix async resume during probe (Johan Hovold) - fbdev/ep93xx-fb: Do not assign to struct fb_info.dev (Thomas Zimmermann) - io_uring: break iopolling on signal (Pavel Begunkov) - io_uring: break out of iowq iopoll on teardown (Pavel Begunkov) - io_uring: always lock in io_apoll_task_func (Pavel Begunkov) - net/ipv6: SKB symmetric hash should incorporate transport ports (Quan Tian) - udf: initialize newblock to 0 (Tom Rix) - md/md-bitmap: remove unnecessary local variable in backlog_store() (Yu Kuai) - tracing: Zero the pipe cpumask on alloc to avoid spurious -EBUSY (Brian Foster) - perf/x86/uncore: Correct the number of CHAs on EMR (Kan Liang) - x86/sgx: Break up long non-preemptible delays in sgx_vepc_release() (Jack Wang) - USB: core: Fix oversight in SuperSpeed initialization (Alan Stern) - USB: core: Fix race by not overwriting udev->descriptor in hub_port_init() (Alan Stern) - USB: core: Change usb_get_device_descriptor() API (Alan Stern) - USB: core: Unite old scheme and new scheme descriptor reads (Alan Stern) - usb: typec: bus: verify partner exists in typec_altmode_attention (RD Babiera) - usb: typec: tcpm: set initial svdm version based on pd revision (RD Babiera) - cpufreq: brcmstb-avs-cpufreq: Fix -Warray-bounds bug (Gustavo A. R. Silva) - crypto: stm32 - fix loop iterating through scatterlist for DMA (Thomas Bourgoin) - s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (Sven Schnelle) - pstore/ram: Check start of empty przs during init (Enlin Mu) - mmc: renesas_sdhi: register irqs before registering controller (Wolfram Sang) - fsverity: skip PKCS#7 parser when keyring is empty (Eric Biggers) - net: handle ARPHRD_PPP in dev_is_mac_header_xmit() (Nicolas Dichtel) - X.509: if signature is unsupported skip validation (Thore Sommer) - dccp: Fix out of bounds access in DCCP error handler (Jann Horn) - parisc: Fix /proc/cpuinfo output for lscpu (Helge Deller) - procfs: block chmod on /proc/thread-self/comm (Aleksa Sarai) - Revert 'PCI: Mark NVIDIA T4 GPUs to avoid bus reset' (Bjorn Helgaas) - ntb: Fix calculation ntb_transport_tx_free_entry() (Dave Jiang) - ntb: Clean up tx tail index on link down (Dave Jiang) - ntb: Drop packets when qp link is down (Dave Jiang) - scsi: mpt3sas: Perform additional retries if doorbell read returns 0 (Ranjan Kumar) - media: venus: hfi_venus: Write to VIDC_CTRL_INIT after unmasking interrupts (Konrad Dybcio) - arm64: csum: Fix OoB access in IP checksum code for negative lengths (Will Deacon) - i3c: master: svc: fix probe failure when no i3c device exist (Frank Li) - xtensa: PMU: fix base address for the newer hardware (Max Filippov) - backlight/lv5207lp: Compare against struct fb_info.device (Thomas Zimmermann) - backlight/bd6107: Compare against struct fb_info.device (Thomas Zimmermann) - backlight/gpio_backlight: Compare against struct fb_info.device (Thomas Zimmermann) - ARM: OMAP2+: Fix -Warray-bounds warning in _pwrdm_state_switch() (Gustavo A. R. Silva) - ipmi_si: fix a memleak in try_smi_init() (Yi Yang) - media: i2c: ccs: Check rules is non-NULL (Sakari Ailus) - mm/vmalloc: add a safer version of find_vm_area() for debug (Joel Fernandes (Google)) - scsi: core: Fix the scsi_set_resid() documentation (Bart Van Assche) - printk: ringbuffer: Fix truncating buffer size min_t cast (Kees Cook) - rcu: dump vmalloc memory info safely (Zqiang) - ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl (Takashi Iwai) - PM / devfreq: Fix leak in devfreq_dev_release() (Boris Brezillon) - igb: set max size RX buffer when store bad packet is enabled (Radoslaw Tyl) [Orabug: 35924095] {CVE-2023-45871} - skbuff: skb_segment, Call zero copy functions before using skbuff frags (Mohamed Khalfella) - igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU (Eric Dumazet) [Orabug: 35923998] {CVE-2023-42752} - virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (Yuan Yao) - cpufreq: Fix the race condition while updating the transition_task of policy (Liao Chang) - dmaengine: ste_dma40: Add missing IRQ check in d40_probe (ruanjinjie) - um: Fix hostaudio build errors (Randy Dunlap) - mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (Yi Yang) - mtd: spi-nor: Check bus width while setting QE bit (Hsin-Yi Wang) - leds: trigger: tty: Do not use LED_ON/OFF constants, use led_blink_set_oneshot instead (Marek Behun) - leds: multicolor: Use rounded division when calculating color components (Marek Behun) - leds: pwm: Fix error code in led_pwm_create_fwnode() (Dan Carpenter) - rpmsg: glink: Add check for kstrdup (Jiasheng Jiang) - phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (Jonas Karlman) - phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (Zheng Yang) - phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (Jonas Karlman) - mtd: rawnand: brcmnand: Fix mtd oobsize (William Zhang) - tracing: Fix race issue between cpu buffer write and swap (Zheng Yejian) - tracing: Remove extra space at the end of hwlat_detector/mode (Mikhail Kobuk) - HID: multitouch: Correct devm device reference for hidinput input_dev name (Rahul Rameshbabu) - HID: logitech-dj: Fix error handling in logi_dj_recv_switch_to_dj_mode() (Nikita Zhandarovich) - Revert 'IB/isert: Fix incorrect release of isert connection' (Leon Romanovsky) - amba: bus: fix refcount leak (Peng Fan) - serial: tegra: handle clk prepare error in tegra_uart_hw_init() (Yi Yang) - scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock (Chengfeng Ye) - scsi: core: Use 32-bit hostnum in scsi_host_lookup() (Tony Battersby) - cgroup:namespace: Remove unused cgroup_namespaces_init() (Lu Jialin) - media: i2c: rdacm21: Fix uninitialized value (Jacopo Mondi) - media: ov2680: Fix regulators being left enabled on ov2680_power_on() errors (Hans de Goede) - media: ov2680: Fix ov2680_set_fmt() which == V4L2_SUBDEV_FORMAT_TRY not working (Hans de Goede) - media: ov2680: Add ov2680_fill_format() helper function (Hans de Goede) - media: ov2680: Don't take the lock for try_fmt calls (Hans de Goede) - media: ov2680: Remove VIDEO_V4L2_SUBDEV_API ifdef-s (Hans de Goede) - media: ov2680: Fix vflip / hflip set functions (Hans de Goede) - media: ov2680: Fix ov2680_bayer_order() (Hans de Goede) - media: ov2680: Remove auto-gain and auto-exposure controls (Hans de Goede) - media: i2c: ov2680: Set V4L2_CTRL_FLAG_MODIFY_LAYOUT on flips (Dave Stevenson) - media: ov5640: Enable MIPI interface in ov5640_set_power_mipi() (Marek Vasut) - USB: gadget: f_mass_storage: Fix unused variable warning (Alan Stern) - media: venus: hfi_venus: Only consider sys_idle_indicator on V1 (Konrad Dybcio) - media: go7007: Remove redundant if statement (Colin Ian King) - platform/x86: dell-sysman: Fix reference leak (Armin Wolf) - iommu/vt-d: Fix to flush cache of PASID directory table (Yanfei Xu) - iommu/qcom: Disable and reset context bank before programming (AngeloGioacchino Del Regno) - fsi: aspeed: Reset master errors after CFAM reset (Eddie James) - IB/uverbs: Fix an potential error pointer dereference (Xiang Yang) - RDMA/hns: Fix CQ and QP cache affinity (Chengchang Tang) - RDMA/hns: Fix incorrect post-send with direct wqe of wr-list (Junxian Huang) - RDMA/hns: Fix port active speed (Chengchang Tang) - iommu/sprd: Add missing force_aperture (Jason Gunthorpe) - driver core: test_async: fix an error code (Dan Carpenter) - dma-buf/sync_file: Fix docs syntax (Rob Clark) - coresight: tmc: Explicit type conversions to prevent integer overflow (Ruidong Tian) - RDMA/irdma: Replace one-element array with flexible-array member (Gustavo A. R. Silva) - scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly (Oleksandr Natalenko) - scsi: qedf: Do not touch __user pointer in qedf_dbg_debug_cmd_read() directly (Oleksandr Natalenko) - scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly (Oleksandr Natalenko) - x86/APM: drop the duplicate APM_MINOR_DEV macro (Randy Dunlap) - serial: sprd: Fix DMA buffer leak issue (Chunyan Zhang) - serial: sprd: Assign sprd_port after initialized to avoid wrong access (Chunyan Zhang) - scsi: qla4xxx: Add length check when parsing nlattrs (Lin Ma) - scsi: be2iscsi: Add length check when parsing nlattrs (Lin Ma) - scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() (Lin Ma) - scsi: iscsi: Add length check for nlattr payload (Lin Ma) - scsi: iscsi: Rename iscsi_set_param() to iscsi_if_set_param() (Wenchao Hao) - scsi: RDMA/srp: Fix residual handling (Bart Van Assche) - usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (Xu Yang) - media: mediatek: vcodec: Return NULL if no vdec_fb is found (Irui Wang) - media: rkvdec: increase max supported height for H.264 (Benjamin Gaignard) - scsi: hisi_sas: Fix normally completed I/O analysed as failed (Xingui Yang) - scsi: hisi_sas: Fix warnings detected by sparse (Xingui Yang) - scsi: hisi_sas: Modify v3 HW SATA completion error processing (Xingui Yang) - scsi: hisi_sas: Modify v3 HW SSP underflow error processing (Xingui Yang) - media: cx24120: Add retval check for cx24120_message_send() (Daniil Dulov) - media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() (Christophe JAILLET) - media: dib7000p: Fix potential division by zero (Daniil Dulov) - drivers: usb: smsusb: fix error handling code in smsusb_init_device (Dongliang Mu) - iommu: rockchip: Fix directory table address encoding (Jonas Karlman) - iommu/amd/iommu_v2: Fix pasid_state refcount dec hit 0 warning on pasid unbind (Daniel Marcovitch) - media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link() (Christophe JAILLET) - media: i2c: tvp5150: check return value of devm_kasprintf() (Claudiu Beznea) - media: ad5820: Drop unsupported ad5823 from i2c_ and of_device_id tables (Hans de Goede) - RDMA/qedr: Remove a duplicate assignment in irdma_query_ah() (Minjie Du) - pNFS: Fix assignment of xprtdata.cred (Anna Schumaker) - NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (Olga Kornievskaia) - NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (Benjamin Coddington) - NFSD: da_addr_body field missing in some GETDEVICEINFO replies (Chuck Lever) - fs: lockd: avoid possible wrong NULL parameter (Su Hui) - jfs: validate max amount of blocks before allocation. (Alexei Filippov) - ext4: fix unttached inode after power cut with orphan file feature enabled (Zhihao Cheng) - powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (Russell Currey) - nfs/blocklayout: Use the passed in gfp flags (Dan Carpenter) - powerpc/pseries: Rework lppaca_shared_proc() to avoid DEBUG_PREEMPT (Russell Currey) - powerpc: Don't include lppaca.h in paca.h (Michael Ellerman) - PCI: layerscape: Add workaround for lost link capabilities during reset (Xiaowei Bao) - PCI: layerscape: Add the endpoint linkup notifier support (Frank Li) - PCI: dwc: Add start_link/stop_link inlines (Serge Semin) - wifi: ath10k: Use RMW accessors for changing LNKCTL (Ilpo Jarvinen) - wifi: ath11k: Use RMW accessors for changing LNKCTL (Ilpo Jarvinen) - net/mlx5: Use RMW accessors for changing LNKCTL (Ilpo Jarvinen) - drm/radeon: Use RMW accessors for changing LNKCTL (Ilpo Jarvinen) - drm/amdgpu: Use RMW accessors for changing LNKCTL (Ilpo Jarvinen) - powerpc/perf: Convert fsl_emb notifier to state machine callbacks (Christophe Leroy) - powerpc/fadump: reset dump area size if fadump memory reserve fails (Sourabh Jain) - vfio/type1: fix cap_migration information leak (Stefan Hajnoczi) - powerpc/radix: Move some functions into #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE (Christophe Leroy) - clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (Ahmad Fatoum) - clk: imx8mp: fix sai4 clock (Marco Felsch) - PCI/ASPM: Use RMW accessors for changing LNKCTL (Ilpo Jarvinen) - PCI: pciehp: Use RMW accessors for changing LNKCTL (Ilpo Jarvinen) - pinctrl: mcp23s08: check return value of devm_kasprintf() (Claudiu Beznea) - PCI: Mark NVIDIA T4 GPUs to avoid bus reset (Wu Zongyong) - PCI: microchip: Correct the DED and SEC interrupt bit offsets (Daire McNamara) - clk: qcom: gcc-sm6350: Fix gcc_sdcc2_apps_clk_src (Luca Weiss) - clk: qcom: gcc-sm8250: Fix gcc_sdcc2_apps_clk_src (Patrick Whewell) - ext4: avoid potential data overflow in next_linear_group (Kemeng Shi) - ext4: correct grp validation in ext4_mb_good_group (Kemeng Shi) - EDAC/igen6: Fix the issue of no error events (Qiuxu Zhuo) - clk: qcom: gcc-sc7180: Fix up gcc_sdcc2_apps_clk_src (David Wronek) - clk: sunxi-ng: Modify mismatched function name (Zhang Jianhua) - drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init() (Minjie Du) - ipmi:ssif: Fix a memory leak when scanning for an adapter (Corey Minyard) - ipmi:ssif: Add check for kstrdup (Jiasheng Jiang) - of: unittest: Fix overlay type in apply/revert check (Geert Uytterhoeven) - of: overlay: Call of_changeset_init() early (Geert Uytterhoeven) - md: raid0: account for split bio in iostat accounting (David Jeffery) - bus: ti-sysc: Fix cast to enum warning (Tony Lindgren) - arm64: dts: qcom: apq8016-sbc: Fix ov5640 regulator supply names (Bryan O'Donoghue) - drm/mediatek: Fix potential memory leak if vmap() fail (Sui Jingfeng) - drm/mediatek: Remove freeing not dynamic allocated memory (Jason-JH.Lin) - bus: ti-sysc: Fix build warning for 64-bit build (Tony Lindgren) - io_uring: fix drain stalls by invalid SQE (Pavel Begunkov) - audit: fix possible soft lockup in __audit_inode_child() (Gaosheng Cui) - drm/msm/a2xx: Call adreno_gpu_init() earlier (Fabio Estevam) - drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() (Yang Wang) - smackfs: Prevent underflow in smk_set_cipso() (Dan Carpenter) - firmware: meson_sm: fix to avoid potential NULL pointer dereference (Zhang Shurong) - drm/msm/mdp5: Don't leak some plane state (Daniel Vetter) - drm: xlnx: zynqmp_dpsub: Add missing check for dma_set_mask (Jiasheng Jiang) - ima: Remove deprecated IMA_TRUSTED_KEYRING Kconfig (Nayna Jain) - drm/panel: simple: Add missing connector type and pixel format for AUO T215HVN01 (Marek Vasut) - drm/armada: Fix off-by-one error in armada_overlay_get_property() (Geert Uytterhoeven) - arm64: dts: qcom: sm8150: Fix the I2C7 interrupt (Zeyan Li) - of: unittest: fix null pointer dereferencing in of_unittest_find_node_by_name() (Ruan Jinjie) - drm/tegra: dpaux: Fix incorrect return value of platform_get_irq (Yangtao Li) - drm/msm: Update dev core dump to not print backwards (Ryan McCann) - md/md-bitmap: hold 'reconfig_mutex' in backlog_store() (Yu Kuai) - md/bitmap: don't set max_write_behind if there is no write mostly device (Guoqing Jiang) - md/raid10: use dereference_rdev_and_rrdev() to get devices (Li Nan) - md/raid10: factor out dereference_rdev_and_rrdev() (Li Nan) - drm/amdgpu: Update min() to min_t() in 'amdgpu_info_ioctl' (Srinivasan Shanmugam) - arm64: dts: qcom: sdm845: Fix the min frequency of 'ice_core_clk' (Manivannan Sadhasivam) - arm64: dts: qcom: sdm845: Add missing RPMh power domain to GCC (Manivannan Sadhasivam) - ARM: dts: BCM53573: Fix Ethernet info for Luxul devices (Rafal Milecki) - drm: adv7511: Fix low refresh rate register for ADV7533/5 (Bogdan Togorean) - ARM: dts: samsung: s5pv210-smdkv210: correct ethernet reg addresses (split) (Krzysztof Kozlowski) - ARM: dts: s5pv210: add dummy 5V regulator for backlight on SMDKv210 (Krzysztof Kozlowski) - ARM: dts: samsung: s3c6410-mini6410: correct ethernet reg addresses (split) (Krzysztof Kozlowski) - ARM: dts: s3c64xx: align pinctrl with dtschema (Krzysztof Kozlowski) - x86/mm: Fix PAT bit missing from page protection modify mask (Janusz Krzysztofik) - drm/etnaviv: fix dumping of active MMU context (Lucas Stach) - arm64: dts: qcom: pmi8994: Add missing OVP interrupt (Konrad Dybcio) - arm64: dts: qcom: Move WLED num-strings from pmi8994 to sony-xperia-tone (Marijn Suijten) - arm64: dts: qcom: pmi8994: Remove hardcoded linear WLED enabled-strings (Marijn Suijten) - arm64: dts: qcom: pm660l: Add missing short interrupt (Konrad Dybcio) - arm64: dts: qcom: correct SPMI WLED register range encoding (Krzysztof Kozlowski) - arm64: dts: qcom: pmi8998: Add node for WLED (AngeloGioacchino Del Regno) - arm64: dts: qcom: sm8250-sony-xperia: correct GPIO keys wakeup again (Krzysztof Kozlowski) - ARM: dts: BCM53573: Use updated 'spi-gpio' binding properties (Rafal Milecki) - ARM: dts: BCM53573: Add cells sizes to PCIe node (Rafal Milecki) - drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() (Arnd Bergmann) - arm64: dts: qcom: sm8250: Mark PCIe hosts as DMA coherent (Konrad Dybcio) - arm64: dts: qcom: pmk8350: fix ADC-TM compatible string (Dmitry Baryshkov) - arm64: dts: qcom: sm8350: Use proper CPU compatibles (Konrad Dybcio) - arm64: dts: qcom: sm8350: Add missing LMH interrupts to cpufreq (Konrad Dybcio) - arm64: dts: qcom: msm8996: Add missing interrupt to the USB2 controller (Konrad Dybcio) - arm64: dts: qcom: sm8250-edo: Rectify gpio-keys (Konrad Dybcio) - arm64: dts: qcom: sm8250-edo: Add GPIO line names for PMIC GPIOs (Konrad Dybcio) - arm64: dts: qcom: sm8250-edo: Add gpio line names for TLMM (Konrad Dybcio) - arm64: dts: qcom: sm8250: correct dynamic power coefficients (Vincent Guittot) - soc: qcom: ocmem: Fix NUM_PORTS & NUM_MACROS macros (Luca Weiss) - soc: qcom: ocmem: Add OCMEM hardware version print (Luca Weiss) - ASoC: stac9766: fix build errors with REGMAP_AC97 (Randy Dunlap) - quota: fix dqput() to follow the guarantees dquot_srcu should provide (Baokun Li) - quota: add new helper dquot_active() (Baokun Li) - quota: rename dquot_active() to inode_quota_active() (Baokun Li) - quota: factor out dquot_write_dquot() (Baokun Li) - drm/bridge: tc358764: Fix debug print parameter order (Marek Vasut) - netrom: Deny concurrent connect(). (Kuniyuki Iwashima) - net/sched: sch_hfsc: Ensure inner classes have fsc curve (Budimir Markovic) [Orabug: 35810514] {CVE-2023-4623} - hwmon: (tmp513) Fix the channel number in tmp51x_is_visible() (Biju Das) - mlxsw: i2c: Limit single transaction buffer size (Vadim Pasternak) - mlxsw: i2c: Fix chunk size setting in output mailbox buffer (Vadim Pasternak) - net: arcnet: Do not call kfree_skb() under local_irq_disable() (Jinjie Ruan) - wifi: ath9k: use IS_ERR() with debugfs_create_dir() (Wang Ming) - Bluetooth: btusb: Do not call kfree_skb() under spin_lock_irqsave() (Jinjie Ruan) - wifi: mwifiex: avoid possible NULL skb pointer dereference (Dmitry Antipov) - wifi: nl80211/cfg80211: add forgotten nla_policy for BSS color attribute (Lin Ma) - wifi: ath9k: protect WMI command response buffer replacement with a lock (Fedor Pchelkin) - wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (Fedor Pchelkin) - samples/bpf: fix broken map lookup probe (Daniel T. Lee) - wifi: mwifiex: Fix missed return in oob checks failed path (Polaris Pi) - wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (Dmitry Antipov) - fs: ocfs2: namei: check return value of ocfs2_add_entry() (Artem Chernyshev) - lwt: Check LWTUNNEL_XMIT_CONTINUE strictly (Yan Zhai) - lwt: Fix return values of BPF xmit ops (Yan Zhai) - hwrng: iproc-rng200 - Implement suspend and resume calls (Florian Fainelli) - crypto: caam - fix unchecked return value error (Gaurav Jain) - ice: ice_aq_check_events: fix off-by-one check when filling buffer (Przemek Kitszel) - net-memcg: Fix scope of sockmem pressure indicators (Abel Wu) - selftests/bpf: Clean up fmod_ret in bench_rename test script (Yipeng Zou) - net: tcp: fix unexcepted socket die when snd_wnd is 0 (Menglong Dong) - Bluetooth: Fix potential use-after-free when clear keys (Min Li) - Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (Yuanjun Gong) - crypto: stm32 - Properly handle pm_runtime_get failing (Uwe Kleine-Konig) - wifi: mwifiex: fix error recovery in PCIE buffer descriptor management (Dmitry Antipov) - wifi: mwifiex: Fix OOB and integer underflow when rx packets (Polaris Pi) - wifi: mt76: mt7915: fix power-limits while chan_switch (Ryder Lee) - can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM (Marc Kleine-Budde) - spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (Zhang Shurong) - wifi: mt76: testmode: add nla_policy for MT76_TM_ATTR_TX_LENGTH (Lin Ma) - ipv6: Add reasons for skb drops to __udp6_lib_rcv (David Ahern) - bpf: reject unhashed sockets in bpf_sk_assign (Lorenz Bauer) - udp: re-score reuseport groups when connected sockets are present (Lorenz Bauer) - regmap: rbtree: Use alloc_flags for memory allocations (Dan Carpenter) - hwrng: pic32 - use devm_clk_get_enabled (Martin Kaiser) - hwrng: nomadik - keep clock enabled while hwrng is registered (Martin Kaiser) - tcp: tcp_enter_quickack_mode() should be static (Eric Dumazet) - bpf: Clear the probe_addr for uprobe (Yafang Shao) - bpftool: Use a local bpf_perf_event_value to fix accessing its fields (Alexander Lobakin) - cpufreq: powernow-k8: Use related_cpus instead of cpus in driver.exit() (Liao Chang) - x86/efistub: Fix PCI ROM preservation in mixed mode (Mikel Rychliski) - ACPI: x86: s2idle: Fix a logic error parsing AMD constraints table (Mario Limonciello) - ACPI: x86: s2idle: Post-increment variables when getting constraints (Mario Limonciello) - s390/paes: fix PKEY_TYPE_EP11_AES handling for secure keyblobs (Holger Dengler) - s390/pkey: fix/harmonize internal keyblob headers (Holger Dengler) - selftests/futex: Order calls to futex_lock_pi (Nysal Jan K.A) - perf/imx_ddr: don't enable counter0 if none of 4 counters are used (Xu Yang) - x86/decompressor: Don't rely on upper 32 bits of GPRs being preserved (Ard Biesheuvel) - selftests/resctrl: Close perf value read fd on errors (Ilpo Jarvinen) - selftests/resctrl: Unmount resctrl FS if child fails to run benchmark (Ilpo Jarvinen) - selftests/resctrl: Don't leak buffer in fill_cache() (Ilpo Jarvinen) - selftests/resctrl: Add resctrl.h into build deps (Ilpo Jarvinen) - selftests/resctrl: Make resctrl_tests run using kselftest framework (Shaopeng Tan) - OPP: Fix passing 0 to PTR_ERR in _opp_attach_genpd() (Manivannan Sadhasivam) - refscale: Fix uninitalized use of wait_queue_head_t (Waiman Long) - ARM: ptrace: Restore syscall skipping for tracers (Kees Cook) - ARM: ptrace: Restore syscall restart tracing (Kees Cook) - selftests/harness: Actually report SKIP for signal tests (Kees Cook) - tmpfs: verify {g,u}id mount options correctly (Christian Brauner) - fs: Fix error checking for d_hash_and_lookup() (Wang Ming) - eventfd: prevent underflow for eventfd semaphores (Wen Yang) - reiserfs: Check the return value from __getblk() (Matthew Wilcox) - Revert 'net: macsec: preserve ingress frame ordering' (Sabrina Dubroca) - udf: Handle error when adding extent to a file (Jan Kara) - udf: Check consistency of Space Bitmap Descriptor (Vladislav Efanov) - of: kexec: Mark ima_{free,stable}_kexec_buffer() as __init (Nathan Chancellor) - net: Avoid address overwrite in kernel_connect (Jordan Rife) - arm64: lib: Import latest version of Arm Optimized Routines' strncmp (Joey Gouly) - crypto: rsa-pkcs1pad - Use helper to set reqsize (Herbert Xu) - tracing: Introduce pipe_cpumask to avoid race on trace_pipes (Zheng Yejian) - ALSA: seq: oss: Fix racy open/close of MIDI devices (Takashi Iwai) - scsi: lpfc: Fix incorrect big endian type assignment in bsg loopback path (Justin Tee) - scsi: storvsc: Always set no_report_opcodes (Michael Kelley) - sctp: handle invalid error codes without calling BUG() (Dan Carpenter) - bnx2x: fix page fault following EEH recovery (David Christensen) - netlabel: fix shift wrapping bug in netlbl_catmap_setlong() (Dmitry Mastykin) - drm/amdgpu: Match against exact bootloader status (Lijo Lazar) - net: hns3: restore user pause configure when disable autoneg (Jian Shen) - scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (Chengfeng Ye) - scsi: lpfc: Remove reftag check in DIF paths (Justin Tee) - idmaengine: make FSL_EDMA and INTEL_IDMA64 depends on HAS_IOMEM (Baoquan He) - wifi: brcmfmac: Fix field-spanning write in brcmf_scan_params_v2_to_v1() (Hans de Goede) - net: usb: qmi_wwan: add Quectel EM05GV2 (Martin Kohn) - vmbus_testing: fix wrong python syntax for integer value comparison (Ani Sinha) - clk: fixed-mmio: make COMMON_CLK_FIXED_MMIO depend on HAS_IOMEM (Baoquan He) - kprobes: Prohibit probing on CFI preamble symbol (Masami Hiramatsu (Google)) - security: keys: perform capable check only on privileged operations (Christian Gottsche) - ata: pata_arasan_cf: Use dev_err_probe() instead dev_err() in data_xfer() (Minjie Du) - drm/amd/display: Exit idle optimizations before attempt to access PHY (Leo Chen) - platform/x86: huawei-wmi: Silence ambient light sensor (Konstantin Shelekhin) - platform/x86/intel/hid: Add HP Dragonfly G2 to VGBS DMI quirks (Maxim Mikityanskiy) - platform/x86: intel: hid: Always call BTNL ACPI method (Hans de Goede) - ASoC: atmel: Fix the 8K sample parameter in I2SC master (Guiting Shen) - ASoC: rt711-sdca: fix for JD event handling in ClockStop Mode0 (Shuming Fan) - ASoC: rt711: fix for JD event handling in ClockStop Mode0 (Shuming Fan) - ASoc: codecs: ES8316: Fix DMIC config (Edgar) - ASoC: rt5682-sdw: fix for JD event handling in ClockStop Mode0 (Shuming Fan) - fs/nls: make load_nls() take a const parameter (Winston Wen) - s390/dasd: fix hanging device after request requeue (Stefan Haberland) - s390/dasd: use correct number of retries for ERP requests (Stefan Haberland) - m68k: Fix invalid .section syntax (Ben Hutchings) - vxlan: generalize vxlan_parse_gpe_hdr and remove unused args (Jiri Benc) - ethernet: atheros: fix return value check in atl1c_tso_csum() (Yuanjun Gong) - ASoC: da7219: Check for failure reading AAD IRQ events (Dmytro Maluka) - ASoC: da7219: Flush pending AAD IRQ when suspending (Dmytro Maluka) - ksmbd: no response from compound read (Namjae Jeon) - ksmbd: fix out of bounds in smb3_decrypt_req() (Namjae Jeon) - 9p: virtio: make sure 'offs' is initialized in zc_request (Dominique Martinet) - media: pci: cx23885: fix error handling for cx23885 ATSC boards (Nikolay Burykin) - media: pulse8-cec: handle possible ping error (Dmitry Antipov) - phy: qcom-snps-femto-v2: use qcom_snps_hsphy_suspend/resume error code (Adrien Thierry) - ARM: dts: imx: Set default tuning step for imx7d usdhc (Xiaolei Wang) - ARM: dts: imx: Adjust dma-apbh node name (Stefan Wahren) - ARM: dts: imx7s: Drop dma-apb interrupt-names (Marek Vasut) - ARM: dts: imx: update sdma node name format (Joy Zou) - rds: Put back pages on the CPU that allocated them (Hakon Bugge) [Orabug: 35768363] - mm: fix munmap() of reserved va ranges (Anthony Yznaga) [Orabug: 35843808] - mm: fix mmap() of reserved va ranges (Anthony Yznaga) [Orabug: 35843808] - mm: reinstall placeholder mappings before downgrading mmap lock (Anthony Yznaga) [Orabug: 35843808] - mm: fix hang after mapping over a mapped reserved va range (Anthony Yznaga) [Orabug: 35843808] - mm: fix update of total_vm for reserved va placeholders (Anthony Yznaga) [Orabug: 35843808] - mm: enable merging of reserved va placeholders (Anthony Yznaga) [Orabug: 35843808] - genetlink: initialize resv_start_op using existing enum values on uek7-u2 (Qing Huang) [Orabug: 35857093] - rds: Provision to allow all trace points at module load time (Arumugam Kolappan) [Orabug: 35916077] - rds/ib: Preserve dest qp num in the connect request (Arumugam Kolappan) [Orabug: 35926164] - Crash: add lock to serialize crash hotplug handling (Baoquan He) [Orabug: 35778906] - x86/crash: optimize CPU changes (Eric DeVolder) [Orabug: 35778906] - crash: change crash_prepare_elf64_headers() to for_each_possible_cpu() (Eric DeVolder) [Orabug: 35778906] - crash: hotplug support for kexec_load() (Eric DeVolder) [Orabug: 35778906] - x86/crash: add x86 crash hotplug support (Eric DeVolder) [Orabug: 35778906] - crash: memory and CPU hotplug sysfs attributes (Eric DeVolder) [Orabug: 35778906] - kexec: exclude elfcorehdr from the segment digest (Eric DeVolder) [Orabug: 35778906] - crash: add generic infrastructure for crash hotplug support (Eric DeVolder) [Orabug: 35778906] - crash: move a few code bits to setup support of crash hotplug (Eric DeVolder) [Orabug: 35778906] - remove ARCH_DEFAULT_KEXEC from Kconfig.kexec (Eric DeVolder) [Orabug: 35778906] - kexec: rename ARCH_HAS_KEXEC_PURGATORY (Eric DeVolder) [Orabug: 35778906] - sh/kexec: refactor for kernel/Kconfig.kexec (Eric DeVolder) [Orabug: 35778906] - s390/kexec: refactor for kernel/Kconfig.kexec (Eric DeVolder) [Orabug: 35778906] - riscv/kexec: refactor for kernel/Kconfig.kexec (Eric DeVolder) [Orabug: 35778906] - powerpc/kexec: refactor for kernel/Kconfig.kexec (Eric DeVolder) [Orabug: 35778906] - parisc/kexec: refactor for kernel/Kconfig.kexec (Eric DeVolder) [Orabug: 35778906] - mips/kexec: refactor for kernel/Kconfig.kexec (Eric DeVolder) [Orabug: 35778906] - m68k/kexec: refactor for kernel/Kconfig.kexec (Eric DeVolder) [Orabug: 35778906] - arm64/kexec: refactor for kernel/Kconfig.kexec (Eric DeVolder) [Orabug: 35778906] - ia64/kexec: refactor for kernel/Kconfig.kexec (Eric DeVolder) [Orabug: 35778906] - arm/kexec: refactor for kernel/Kconfig.kexec (Eric DeVolder) [Orabug: 35778906] - x86/kexec: refactor for kernel/Kconfig.kexec (Eric DeVolder) [Orabug: 35778906] - kexec: consolidate kexec and crash options into kernel/Kconfig.kexec (Eric DeVolder) [Orabug: 35778906] [5.15.0-201.131.1] - net/rds: report pending-messages count in RDS_INQ response (Devesh Sharma) [Orabug: 35596047] - uek-rpm: Disable kernel support for CONFIG_FIREWIRE in OL9 (Yifei Liu) [Orabug: 35493648] {CVE-2023-3159} - rds: Add proper refcnt when an RDS MR references an RDS Socket (Hakon Bugge) [Orabug: 35817900] - rds: Check for UAF in rds_destroy_mr (Hakon Bugge) [Orabug: 35817900] - uek-rpm: Enable Microsoft recommended Hyper-V flags for ARM (Harshvardhan Jha) [Orabug: 35823292] - xfs: reserve less log space when recovering log intent items (Darrick J. Wong) [Orabug: 35871839] - scsi: target: core: Fix deadlock due to recursive locking (Junxiao Bi) [Orabug: 35886688] IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-42752 CVE-2023-3159 CVE-2023-4244 CVE-2023-42756 CVE-2023-4623 CVE-2023-4921 CVE-2023-5090 CVE-2023-45871 CVE-2023-5178 CVE-2023-5197 cpe:/a:oracle:linux:8::UEKR7 cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:8::developer_UEKR7 cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:linux:9::UEKR7 cpe:/a:oracle:linux:9::developer_UEKR7 Oracle Linux 9 - [5.14.0-362.13.0.1_3.OL9] - cifs: Fix UAF in cifs_demultiplex_thread() (Zhang Xiaoxu) (Steve French) {CVE-2023-1192} - fs/smb/client: Reset password pointer to NULL (Quang Le) (Steve French) {CVE-2023-5345} - igb: set max size RX buffer when store bad packet is enabled (Tony Nguyen) (David S. Miller) {CVE-2023-45871} - [5.14.0-362.8.1_3.OL9] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944] - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Disable unified kernel image package build - Add Oracle Linux IMA certificates - 5.14.0 - Debranding patches copied from Rocky Linux (Louis Abel and Sherif Nagy from RESF) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-1192 CVE-2023-5345 CVE-2023-45871 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 conmon [2.1.3-7] - Resolve CVE-2023-39325 [2.1.3-6] - Add ol8_baseos_latest, and ol9_baseos_latest, to Jenkinsfile [2.1.3-5] - Add systemd-devel as build requirement [2.1.3-4] - Add support ARM build cri-o [1.26.3-3] - Resolve CVE-2023-39325 [1.26.3-2] - Add support for ARM build cri-tools [1.26.1-3] - Resolve CVE-2023-39325 [1.26.1-2] - Add ARM build support etcd [3.5.9-2] - Bump up version [3.5.9-1] - Added Oracle specific build files flannel-cni-plugin [1.1.2-3] - Resolve CVE-2023-44487 and CVE-2023-39325 [1.1.2-2] - Add ARM build support helm [3.12.0-3] - address CVE-2023-44487 and CVE-2023-39325 [-] - Add support for ARM build istio [1.17.8-1] - Added Oracle specific files for 1.17.8-1 kata [1.12.1-14] - Updated to address CVE-2023-44487 and CVE-2023-39325 [1.12.1-13] - Rebuild kata to fix timestamp issue [1.12.1-12] - Add support for ARM build kata-agent [1.12.1-9] - Updated to address CVE-2023-44487 and CVE-2023-39325 [1.12.1-8] - Remove build_date global variable in kata-image specfile [1.12.1-7] - Add support for ARM build kata-image [1.12.1-9] - Updated to address CVE-2023-44487 and CVE-2023-39325 [1.12.1-8] - Remove build_date global variable in specfile [1.12.1-7] - Add support for ARM build kata-ksm-throttler [1.12.1-9] - Updated to address CVE-2023-44487 and CVE-2023-39325 [1.12.1-8] - Bump release inline with other kata packages for fixing timestamp issue [1.12.1-7] - Add support for ARM build kata-proxy [1.12.1-9] - Updated to address CVE-2023-44487 and CVE-2023-39325 [1.12.1-8] - Bump release inline with other kata packages for fixing timestamp issue [1.12.1-7] - Add support for ARM build kata-runtime [1.12.1-9] - Updated to address CVE-2023-44487 and CVE-2023-39325 [1.12.1-8] - Bump release inline with other kata packages for fixing timestamp issue [1.12.1-7] - Add support for ARM build kata-shim [1.12.1-9] - Updated to address CVE-2023-44487 and CVE-2023-39325 [1.12.1-8] - Bump release inline with other kata packages for fixing timestamp issue [1.12.1-7] - Add support for ARM build kubernetes [1.26.10-2] - Allow dashes DNS image [1.26.10-1] - Added Oracle specific build files for Kubernetes kubernetes-cni [1.1.2-3] - Resolve CVE-2023-44487 and CVE-2023-39325 [1.1.2-2] - Add support for ARM build kubernetes-cni-plugins [1.2.0-4] - Fix go.mod [1.2.0-3] - Resolve CVE-2023-44487 and CVE-2023-39325 [1.2.0-2] - Add support for ARM build [1.2.0-1] - Added Oracle specific build files for Kubernetes CNI Plugins kubevirt [0.58.0-4] - Updated to address CVE-2023-44487 and CVE-2023-39325 olcne [1.7.5-17] - Fix update issue from 1.6.x -> 1.7.5 [1.7.5-16] - Pass imagetag to the metallb tool that converts configmap to crs [1.7.5-15] - Fix metallb upgrade failure when proxy is needed [1.7.5-14] - Update conmon to 2.1.3-7 in scripts [1.7.5-13] - Update module-operator to address CVE-2023-44487, CVE-2023-39325 [1.7.5-12] - Update multus-cni 3.9.3 to address CVE-2023-44487 and CVE-2023-39325 [1.7.5-11] - Update multus-cni 4.0.1 to address CVE-2023-44487 and CVE-2023-39325 [1.7.5-10] - Update metallb 0.13.9 to address CVE-2023-44487 and CVE-2023-39325 [1.7.5-9] - Update externalip-webhook 1.0.0 to address CVE-2023-44487 and CVE-2023-39325 [1.7.5-8] - Update calico-3.25.0 and 3.25.1 to address CVE-2023-44487, CVE-2023-39325 [1.7.5-7] - Update rook-1.10.9 and 1.11.6 to address golang CVE-2023-44487, CVE-2023-39325 [1.7.5-6] - update configmap-registry to 1.28.0 and update olm 0.23.1 to address CVE-2023-44487 and CVE-2023-39325 [1.7.5-5] - Update Istio, Grafana, Prometheus, and Kubernetes-dashboard to address CVE's - CVE-2023-44487 - CVE-2023-39325 [1.7.5-4] - update helm 3.12.0 to Address CVE-2023-44487 and CVE-2023-39325 [1.7.5-3] - Update kubernetes and components to address golang CVE-2023-44487, CVE-2023-39325 [1.7.5-2] - Add olm 0.23.1 charts [1.7.5-1] - Update kubevirt 0.58.0 to address CVE-2023-44487 and CVE-2023-39325 yq [4.34.1-3] - address CVE-2023-44487 and CVE-2023-3932A [4.34.1-2] - Add support for ARM build IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-39325 CVE-2023-44487 cpe:/a:oracle:linux:9::olcne17 Oracle Linux 9 [102.9.0-3.0.1] - Updated homepages to use https [Orabug: 34648274] [102.9.0-3] - Update to 102.9.0 build2 [102.9.0-2] - removed disable-openh264-download [102.9.0-1] - Update to 102.9.0 build1 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-28164 CVE-2023-25751 CVE-2023-25752 CVE-2023-28176 CVE-2023-28162 Oracle Linux 9 [3.79.0-17] - fix consistency return errors. We shouldn't lock the FIPS token if the application asked for invalid DH parameters on on keygen. [3.79.0-16] - Add check for RSA PSS Salt required by FIPS - Update fips_algorithms.sh according to the review. [3.79.0-15] - Fix CVE-2023-0767 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-0767 Oracle Linux 9 [102.9.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.9.0-1] - Update to 102.9.0 build1 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-25751 CVE-2023-28162 CVE-2023-25752 CVE-2023-28164 CVE-2023-28176 Oracle Linux 9 - [5.14.0-162.22.2_1.OL9] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944] - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] [5.14.0-162.22.2_1] - tun: avoid double free in tun_free_netdev (Jon Maloy) [2156373] {CVE-2022-4744} [5.14.0-162.22.1_1] - ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (Jaroslav Kysela) [2163390 2125540] {CVE-2023-0266} [5.14.0-162.21.1_1] - s390/boot: add secure boot trailer (Tobias Huschle) [2151528 2141966] - s390/kexec: fix ipl report address for kdump (Tobias Huschle) [2166903 2161327] - s390/qeth: cache link_info for ethtool (Tobias Huschle) [2166304 2110436] - scsi: zfcp: Fix missing auto port scan and thus missing target ports (Tobias Huschle) [2127880 2121088] [5.14.0-162.20.1_1] - cgroup/cpuset: remove unreachable code (Waiman Long) [2161105 1946801] - kselftest/cgroup: Add cpuset v2 partition root state test (Waiman Long) [2161105 1946801] - cgroup/cpuset: Update description of cpuset.cpus.partition in cgroup-v2.rst (Waiman Long) [2161105 1946801] - cgroup/cpuset: Make partition invalid if cpumask change violates exclusivity rule (Waiman Long) [2161105 1946801] - cgroup/cpuset: Relocate a code block in validate_change() (Waiman Long) [2161105 1946801] - cgroup/cpuset: Show invalid partition reason string (Waiman Long) [2161105 1946801] - cgroup/cpuset: Add a new isolated cpus.partition type (Waiman Long) [2161105 1946801] - cgroup/cpuset: Relax constraints to partition & cpus changes (Waiman Long) [2161105 1946801] - cgroup/cpuset: Allow no-task partition to have empty cpuset.cpus.effective (Waiman Long) [2161105 1946801] - cgroup/cpuset: Miscellaneous cleanups & add helper functions (Waiman Long) [2161105 1946801] - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (Waiman Long) [2161105 1946801] - cpuset: convert 'allowed' in __cpuset_node_allowed() to be boolean (Waiman Long) [2161105 1946801] - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (Waiman Long) [2161105 1946801] - cgroup: cleanup comments (Waiman Long) [2161105 1946801] - act_mirred: use the backlog for nested calls to mirred ingress (Davide Caratti) [2164655 2150278] {CVE-2022-4269} - net/sched: act_mirred: better wording on protection against excessive stack growth (Davide Caratti) [2164655 2150278] {CVE-2022-4269} - scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (Emanuele Giuseppe Esposito) [2170227 2150660] [5.14.0-162.19.1_1] - sched/core: Use kfree_rcu() in do_set_cpus_allowed() (Waiman Long) [2160614 2143847] - sched/core: Fix use-after-free bug in dup_user_cpus_ptr() (Waiman Long) [2160614 2143847] - sched: Always clear user_cpus_ptr in do_set_cpus_allowed() (Waiman Long) [2143766 2107354] - sched: Enforce user requested affinity (Waiman Long) [2143766 2107354] - sched: Always preserve the user requested cpumask (Waiman Long) [2143766 2107354] - sched: Introduce affinity_context (Waiman Long) [2143766 2107354] - sched: Add __releases annotations to affine_move_task() (Waiman Long) [2143766 2107354] - x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (Dean Nelson) [2168382 2122851] - x86/fpu: Exclude dynamic states from init_fpstate (Dean Nelson) [2168382 2122851] - x86/fpu: Fix the init_fpstate size check with the actual size (Dean Nelson) [2168382 2122851] - x86/fpu: Configure init_fpstate attributes orderly (Dean Nelson) [2168382 2122851] - x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (Dean Nelson) [2168382 2122851] IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-4269 CVE-2022-4744 CVE-2023-0266 Oracle Linux 9 [1.12.0-5.2] - xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability Resolves: bz#2180308 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-1393 Oracle Linux 9 httpd [2.4.53-7.0.1.5] - Replace index.html with Oracle's index page oracle_index.html. [2.4.53-7.5] - Resolves: #2177751 - CVE-2023-25690 httpd: HTTP request splitting with mod_rewrite and mod_proxy [2.4.53-7.1] - Resolves: #2165975 - prevent sscg creating /dhparams.pem - Resolves: #2165970 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write of zero byte - Resolves: #2165973 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting - Resolves: #2165974 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request smuggling [2.4.53-7] - Resolves: #2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling - Resolves: #2097032 - CVE-2022-28615 httpd: out-of-bounds read in ap_strcmp_match() - Resolves: #2098248 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism - Resolves: #2097016 - CVE-2022-28614 httpd: out-of-bounds read via ap_rwrite() - Resolves: #2097452 - CVE-2022-29404 httpd: mod_lua: DoS in r:parsebody - Resolves: #2097459 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability - Resolves: #2097481 - CVE-2022-30556 httpd: mod_lua: Information disclosure with websockets [2.4.53-6] - Related: #2065677 - httpd minimisation for ubi-micro [2.4.53-5] - Resolves: #2098056 - mod_ldap: High CPU usage at apr_ldap_rebind_remove() [2.4.53-4] - Resolves: #2095838 - mod_mime_magic: invalid type 0 in mconvert() [2.4.53-3] - Resolves: #2065677 - httpd minimisation for ubi-micro - minimize httpd dependencies (new httpd-core package) - mod_systemd and mod_brotli are now packaged in the main httpd package [2.4.53-1] - new version 2.4.53 - Resolves: #2079939 - httpd rebase to 2.4.53 - Resolves: #2075406 - httpd.conf uses icon bomb.gif for all files/dirs ending with core [2.4.51-8] - Resolves: #2073459 - Cannot override LD_LIBARY_PATH in Apache HTTPD using SetEnv or PassEnv [2.4.51-7] - Resolves: #2065251 - CVE-2022-22720 httpd: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier - Resolves: #2066311 - CVE-2021-44224 httpd: possible NULL dereference or SSRF in forward proxy configurations [2.4.51-5] - Resolves: #2035064 - CVE-2021-44790 httpd: mod_lua: possible buffer overflow when parsing multipart content [2.4.51-4] - Use NAME from os-release(5) for vendor string Resolves: #2029071 - httpd on CentOS identifies as RHEL [2.4.51-3] - add fixes for static analyzer issues (#1938740) [2.4.51-2] - Resolves: #2005416 - httpd default configuration changes [2.4.51-1] - new version 2.4.51 (#2011090) [2.4.49-1] - new version 2.4.49 (#2005339) [2.4.48-18] - Resolves: #2004143 - RFE: mod_ssl: allow sending multiple CA names which differ only in case [2.4.48-17] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [2.4.48-16] - Resolves: #1956386 - Apache trademark update - new logo [2.4.48-14] - Rebuild to pick up new build flags from redhat-rpm-config (#1984652) [2.4.48-13] - mod_ssl: OpenSSL 3 compatibility update (#1986822) [2.4.48-12] - mod_ssl: add SSLKEYLOGFILE support (#1982656) [2.4.48-11] - mod_cgid: fix doubled script timeout (#1977234) [2.4.48-10] - fix release in ServerTokens Full-Release (#1932442) [2.4.48-9] - use OOMPolicy=continue in httpd.service, httpd@.service (#1947475) [2.4.48-8] - Resolves: #1950021 - [RFE] Update httpd directive SSLProxyMachineCertificateFile to be able to handle certs without matching private key [2.4.48-7] - Resolves: #1950011 - unorderly connection close when client attempts renegotiation [2.4.48-6] - Resolves: #1932442 - 'ServerTokens Full-Release' support [2.4.48-5] - mod_ssl: fix loading encrypted privkeys with OpenSSL 3.0 (#1976080) [2.4.48-4] - add OpenSSL v3 compatibility fixes (#1975201) [2.4.48-3] - Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065 [2.4.48-2] - Resolves: #1947099 - centralizing default index.html for httpd [2.4.48-1] - new version 2.4.48 - Resolves: #1952817 - rebase to 2.4.48 [2.4.46-15] - Resolves: #1949606 - RFE: httpd, add IP_FREEBIND support for Listen [2.4.46-14] - Resolves: #1949969 - httpd : mod_proxy should allow to specify Proxy-Authorization in ProxyRemote directive [2.4.46-13] - Resolves: #1952546 - mod_proxy_wstunnel.html is a malformed XML [2.4.46-12] - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 [2.4.46-11] - Resolves: #1947496 - [RFE] ProxyWebsocketIdleTimeout from httpd mod_proxy_wstunnel mod_http2 [1.15.19-3.5] - Resolves: #2177751 - CVE-2023-25690 httpd: HTTP request splitting with mod_rewrite and mod_proxy [1.15.19-3] - Resolves: #2066311 - CVE-2021-44224 httpd: possible NULL dereference or SSRF in forward proxy configurations IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-25690 Oracle Linux 9 [13.10-1] - Update to 13.10 - Resolves: #2114734 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-2625 CVE-2022-41862 Oracle Linux 9 [2.4.17-3.2] - Reject empty http header field names (CVE-2023-25725, #2174174) [2.4.17-3.1] - Refuse interim responses with end-stream flag set (CVE-2023-0056, #2174172) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-25725 CVE-2023-0056 Oracle Linux 9 [7.76.1-19.el9_1.2] - fix HTTP multi-header compression denial of service (CVE-2023-23916) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-23916 Oracle Linux 9 - [5.14.0-162.23.1_1.OL9] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944] - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] [5.14.0-162.23.1_1] - ovl: fail on invalid uid/gid mapping at copy up (Miklos Szeredi) [2165344 2165345] {CVE-2023-0386} - intel_idle: make SPR C1 and C1E be independent (David Arcari) [2168361 2125352] - intel_idle: Add a new flag to initialize the AMX state (David Arcari) [2168361 2117766] - x86/fpu: Add a helper to prepare AMX state for low-power CPU idle (David Arcari) [2168361 2117766] - x86/insn: Add AMX instructions to the x86 instruction decoder (Michael Petlan) [2168361 2140492] - futex: Resend potentially swallowed owner death notification (Rafael Aquini) [2168836 2161817] - tun: avoid double free in tun_free_netdev (Jon Maloy) [2156373 2156374] {CVE-2022-4744} IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-0386 Oracle Linux 9 [102.10.0-1.0.1] - Updated homepages to use https [Orabug: 34648274] [102.10.0-1] - Update to 102.10.0 build1 [102.9.0-4] - Update to 102.9.0 build2 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-1945 CVE-2023-29539 CVE-2023-29541 CVE-2023-29533 CVE-2023-29550 CVE-2023-29536 CVE-2023-29535 CVE-2023-29548 Oracle Linux 9 [102.10.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.10.0-2] - Update to 102.10.0 build2 [102.10.0-1] - Update to 102.10.0 build1 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-1945 CVE-2023-28427 CVE-2023-29541 CVE-2023-29550 CVE-2023-29533 CVE-2023-29539 CVE-2023-29535 CVE-2023-29479 CVE-2023-0547 CVE-2023-29548 CVE-2023-29536 Oracle Linux 9 [17.0.7.0.7-1.0.1] - Replace upstream references [Orabug: 34340155] [1:17.0.7.0.7-1] - Update to jdk-17.0.7.0+7 - Update release notes to 17.0.7.0+7 - Require tzdata 2023c due to local inclusion of JDK-8274864 & JDK-8305113 - Update generate_tarball.sh to add support for passing a boot JDK to the configure run - Add POSIX-friendly error codes to generate_tarball.sh and fix whitespace - Remove .jcheck and GitHub support when generating tarballs, as done in upstream release tarballs - Update FIPS support against 17.0.7+6 and bring in latest changes: - * RH2134669: Add missing attributes when registering services in FIPS mode. - * test/jdk/sun/security/pkcs11/fips/VerifyMissingAttributes.java: fixed jtreg main class - * RH1940064: Enable XML Signature provider in FIPS mode - * RH2173781: Avoid calling C_GetInfo() too early, before cryptoki is initialized - ** This tarball is embargoed until 2023-04-18 @ 1pm PT. ** - Resolves: rhbz#2185182 - Resolves: rhbz#2186804 - Resolves: rhbz#2186811 - Resolves: rhbz#2186807 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-21967 CVE-2023-21930 CVE-2023-21954 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21968 Oracle Linux 9 [11.0.19.0.7-1.0.1] - Replace upstream references [Orabug: 34340155] [1:11.0.19.0.7-1] - Update to jdk-11.0.19.0+7 - Update release notes to 11.0.19.0+7 - Require tzdata 2023c due to local inclusion of JDK-8274864 & JDK-8305113 - Update generate_tarball.sh to add support for passing a boot JDK to the configure run - Add POSIX-friendly error codes to generate_tarball.sh and fix whitespace - Remove .jcheck and GitHub support when generating tarballs, as done in upstream release tarballs - Rebase FIPS support against 11.0.19+6 - Rebase RH1750419 alt-java patch against 11.0.19+6 - ** This tarball is embargoed until 2023-04-18 @ 1pm PT. ** - Resolves: rhbz#2185182 [1:11.0.18.0.10-3] - Add missing release note for JDK-8295687 - Resolves: rhbz#2160111 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-21938 CVE-2023-21939 CVE-2023-21930 CVE-2023-21954 CVE-2023-21968 CVE-2023-21937 CVE-2023-21967 Oracle Linux 9 [1.8.0.372.b07-1.0.1] - Replace upstream references [Orabug: 34340145] [1:1.8.0.372.b07-1] - Update to shenandoah-jdk8u372-b07 (GA) - Update release notes for shenandoah-8u372-b07. - Require tzdata 2023c due to inclusion of JDK-8305113 in 8u372-b07 - Reintroduce jconsole-plugin.patch from RHEL 9 - Update generate_tarball.sh to add support for passing a boot JDK to the configure run - Add POSIX-friendly error codes to generate_tarball.sh and fix whitespace - Remove .jcheck and GitHub support when generating tarballs, as done in upstream release tarballs - Drop JDK-8275535/RH2053256 patch which is now upstream - Include JDK-8271199 backport early ahead of 8u382 (RH2175317) - ** This tarball is embargoed until 2023-04-18 @ 1pm PT. ** - Resolves: rhbz#2185182 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-21954 CVE-2023-21967 CVE-2023-21968 CVE-2023-21939 CVE-2023-21937 CVE-2023-21930 CVE-2023-21938 Oracle Linux 9 [2.36.7-1.3] - Add patch for CVE-2023-28205 Resolves: #2185744 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-28205 Oracle Linux 9 [1:27.2-6.1] - Fix ob-latex.el command injection vulnerability (#2180589) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-28617 Oracle Linux 9 [1.2.0-6] - Fix tools subpackage dependency [1.2.0-4] - Added fix for mzbz#1819244 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-1999 Oracle Linux 9 [4.6-3.0.1] - Add libreswan-oracle.patch to detect Oracle Linux distro [4.6-3.1] - Resolves: rhbz#2187170 fix handling of IKEv1 aggressive mode packets IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-30570 Oracle Linux 9 [4.16.4-103.0.1] - Fix memleak in _nss_winbind_initgroups_dyn [Orabug: 34994509] [4.16.4-103] - related: rhbz#2154372 - Add additional patches for CVE-2022-38023 [4.16.4-102] - Fix CVE-2022-38023 - resolves: rhbz#2154372 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-38023 Oracle Linux 9 [4.10.0-43] - fence_vmware_soap: set login_timeout lower than default pcmk_monitor_timeout (20s) to remove tmp dirs Resolves: rhbz#2122944 [4.10.0-42] - fencing/fence_wti: add --plug-separator to be able to avoid characters that are in node name(s) Resolves: rhbz#2152107 [4.10.0-41] - fence_scsi: skip key generation during validate-all action Resolves: rhbz#2160480 [4.10.0-40] - fence_virtd: add info about multiple uuid/ip entries to manpage Resolves: rhbz#2149655 [4.10.0-39] - fence_virtd: warn if config or key file(s) are not mode 600 Resolves: rhbz#2144531 [4.10.0-37] - Upgrade bundled python-oauthlib Resolves: rhbz#2128564 [4.10.0-36] - fence_virtd: add link to uri examples and uri w/socket path example for when VMS are run as non-root user to manpage Resolves: rhbz#2138823 [4.10.0-35] - fence_ibm_powervs: improve defaults Resolves: rhbz#2136191 [4.10.0-34] - fence_lpar: only output additional output info on DEBUG level Resolves: rhbz#2134015 [4.10.0-33] - fence_virt: add note that reboot-action doesnt power on nodes that are powered off Resolves: rhbz#2132008 [4.10.0-32] - add azure-identity and dependencies Resolves: rhbz#2121546 [4.10.0-31] - fence_ibm_vpc: add token cache support Resolves: rhbz#2111998 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-36087 Oracle Linux 9 [7.2.0-14] - Rebuild for 9.2 release - Resolves: bz#2173590 (bugs in emulation of BMI instructions (for libguestfs without KVM)) - Resolves: bz#2156876 ([virtual network][rhel7.9_guest] qemu-kvm: vhost vring error in virtqueue 1: Invalid argument (22)) [7.2.0-13] - kvm-target-i386-fix-operand-size-of-unary-SSE-operations.patch [bz#2173590] - kvm-tests-tcg-i386-Introduce-and-use-reg_t-consistently.patch [bz#2173590] - kvm-target-i386-Fix-BEXTR-instruction.patch [bz#2173590] - kvm-target-i386-Fix-C-flag-for-BLSI-BLSMSK-BLSR.patch [bz#2173590] - kvm-target-i386-fix-ADOX-followed-by-ADCX.patch [bz#2173590] - kvm-target-i386-Fix-32-bit-AD-CO-X-insns-in-64-bit-mode.patch [bz#2173590] - kvm-target-i386-Fix-BZHI-instruction.patch [bz#2173590] - kvm-intel-iommu-fail-DEVIOTLB_UNMAP-without-dt-mode.patch [bz#2156876] - Resolves: bz#2173590 (bugs in emulation of BMI instructions (for libguestfs without KVM)) - Resolves: bz#2156876 ([virtual network][rhel7.9_guest] qemu-kvm: vhost vring error in virtqueue 1: Invalid argument (22)) [7.2.0-12] - kvm-scsi-protect-req-aiocb-with-AioContext-lock.patch [bz#2155748] - kvm-dma-helpers-prevent-dma_blk_cb-vs-dma_aio_cancel-rac.patch [bz#2155748] - kvm-virtio-scsi-reset-SCSI-devices-from-main-loop-thread.patch [bz#2155748] - kvm-qatomic-add-smp_mb__before-after_rmw.patch [bz#2175660] - kvm-qemu-thread-posix-cleanup-fix-document-QemuEvent.patch [bz#2175660] - kvm-qemu-thread-win32-cleanup-fix-document-QemuEvent.patch [bz#2175660] - kvm-edu-add-smp_mb__after_rmw.patch [bz#2175660] - kvm-aio-wait-switch-to-smp_mb__after_rmw.patch [bz#2175660] - kvm-qemu-coroutine-lock-add-smp_mb__after_rmw.patch [bz#2175660] - kvm-physmem-add-missing-memory-barrier.patch [bz#2175660] - kvm-async-update-documentation-of-the-memory-barriers.patch [bz#2175660] - kvm-async-clarify-usage-of-barriers-in-the-polling-case.patch [bz#2175660] - Resolves: bz#2155748 (qemu crash on void blk_drain(BlockBackend *): Assertion qemu_in_main_thread() failed) - Resolves: bz#2175660 (Guest hangs when starting or rebooting) [7.2.0-11] - kvm-hw-smbios-fix-field-corruption-in-type-4-table.patch [bz#2169904] - Resolves: bz#2169904 ([SVVP] job 'Check SMBIOS Table Specific Requirements' failed on win2022) [7.2.0-10] - kvm-block-temporarily-hold-the-new-AioContext-of-bs_top-.patch [bz#2168209] - Resolves: bz#2168209 (Qemu coredump after do snapshot of mirrored top image and its converted base image(iothread enabled)) [7.2.0-9] - kvm-tests-qtest-netdev-test-stream-and-dgram-backends.patch [bz#2169232] - kvm-net-stream-add-a-new-option-to-automatically-reconne.patch [bz#2169232] - kvm-linux-headers-Update-to-v6.1.patch [bz#2158704] - kvm-util-userfaultfd-Add-uffd_open.patch [bz#2158704] - kvm-util-userfaultfd-Support-dev-userfaultfd.patch [bz#2158704] - kvm-io-Add-support-for-MSG_PEEK-for-socket-channel.patch [bz#2169732] - kvm-migration-check-magic-value-for-deciding-the-mapping.patch [bz#2169732] - kvm-target-s390x-arch_dump-Fix-memory-corruption-in-s390.patch [bz#2168172] - Resolves: bz#2169232 (RFE: reconnect option for stream socket back-end) - Resolves: bz#2158704 (RFE: Prefer /dev/userfaultfd over userfaultfd(2) syscall) - Resolves: bz#2169732 (Multifd migration fails under a weak network/socket ordering race) - Resolves: bz#2168172 ([s390x] qemu-kvm coredumps when SE crashes) [7.2.0-8] - kvm-qcow2-Fix-theoretical-corruption-in-store_bitmap-err.patch [bz#2150180] - kvm-qemu-img-commit-Report-errors-while-closing-the-imag.patch [bz#2150180] - kvm-qemu-img-bitmap-Report-errors-while-closing-the-imag.patch [bz#2150180] - kvm-qemu-iotests-Test-qemu-img-bitmap-commit-exit-code-o.patch [bz#2150180] - kvm-accel-tcg-Test-CPUJumpCache-in-tb_jmp_cache_clear_pa.patch [bz#2165280] - kvm-block-Improve-empty-format-specific-info-dump.patch [bz#1860292] - kvm-block-file-Add-file-specific-image-info.patch [bz#1860292] - kvm-block-vmdk-Change-extent-info-type.patch [bz#1860292] - kvm-block-Split-BlockNodeInfo-off-of-ImageInfo.patch [bz#1860292] - kvm-qemu-img-Use-BlockNodeInfo.patch [bz#1860292] - kvm-block-qapi-Let-bdrv_query_image_info-recurse.patch [bz#1860292] - kvm-block-qapi-Introduce-BlockGraphInfo.patch [bz#1860292] - kvm-block-qapi-Add-indentation-to-bdrv_node_info_dump.patch [bz#1860292] - kvm-iotests-Filter-child-node-information.patch [bz#1860292] - kvm-iotests-106-214-308-Read-only-one-size-line.patch [bz#1860292] - kvm-qemu-img-Let-info-print-block-graph.patch [bz#1860292] - kvm-qemu-img-Change-info-key-names-for-protocol-nodes.patch [bz#1860292] - kvm-Revert-vhost-user-Monitor-slave-channel-in-vhost_use.patch [bz#2155173] - kvm-Revert-vhost-user-Introduce-nested-event-loop-in-vho.patch [bz#2155173] - kvm-virtio-rng-pci-fix-transitional-migration-compat-for.patch [bz#2162569] - Resolves: bz#2150180 (qemu-img finishes successfully while having errors in commit or bitmaps operations) - Resolves: bz#2165280 ([kvm-unit-tests] debug-wp-migration fails) - Resolves: bz#1860292 (RFE: add extent_size_hint information to qemu-img info) - Resolves: bz#2155173 ([vhost-user] unable to start vhost net: 71: falling back on userspace) - Resolves: bz#2162569 ([transitional device][virtio-rng-pci-transitional]Stable Guest ABI failed between RHEL 8.6 to RHEL 9.2) [7.2.0-7] - kvm-vdpa-use-v-shadow_vqs_enabled-in-vhost_vdpa_svqs_sta.patch [bz#2104412] - kvm-vhost-set-SVQ-device-call-handler-at-SVQ-start.patch [bz#2104412] - kvm-vhost-allocate-SVQ-device-file-descriptors-at-device.patch [bz#2104412] - kvm-vhost-move-iova_tree-set-to-vhost_svq_start.patch [bz#2104412] - kvm-vdpa-add-vhost_vdpa_net_valid_svq_features.patch [bz#2104412] - kvm-vdpa-request-iova_range-only-once.patch [bz#2104412] - kvm-vdpa-move-SVQ-vring-features-check-to-net.patch [bz#2104412] - kvm-vdpa-allocate-SVQ-array-unconditionally.patch [bz#2104412] - kvm-vdpa-add-asid-parameter-to-vhost_vdpa_dma_map-unmap.patch [bz#2104412] - kvm-vdpa-store-x-svq-parameter-in-VhostVDPAState.patch [bz#2104412] - kvm-vdpa-add-shadow_data-to-vhost_vdpa.patch [bz#2104412] - kvm-vdpa-always-start-CVQ-in-SVQ-mode-if-possible.patch [bz#2104412] - kvm-vdpa-fix-VHOST_BACKEND_F_IOTLB_ASID-flag-check.patch [bz#2104412] - kvm-spec-Disable-VDUSE.patch [bz#2128222] - Resolves: bz#2104412 (vDPA ASID support in Qemu) - Resolves: bz#2128222 (VDUSE block export should be disabled in builds for now) [7.2.0-6] - kvm-virtio_net-Modify-virtio_net_get_config-to-early-ret.patch [bz#2141088] - kvm-virtio_net-copy-VIRTIO_NET_S_ANNOUNCE-if-device-mode.patch [bz#2141088] - kvm-vdpa-handle-VIRTIO_NET_CTRL_ANNOUNCE-in-vhost_vdpa_n.patch [bz#2141088] - kvm-vdpa-do-not-handle-VIRTIO_NET_F_GUEST_ANNOUNCE-in-vh.patch [bz#2141088] - kvm-s390x-pv-Implement-a-CGS-check-helper.patch [bz#2122523] - kvm-s390x-pci-coalesce-unmap-operations.patch [bz#2163701] - kvm-s390x-pci-shrink-DMA-aperture-to-be-bound-by-vfio-DM.patch [bz#2163701] - kvm-s390x-pci-reset-ISM-passthrough-devices-on-shutdown-.patch [bz#2163701] - kvm-qga-linux-add-usb-support-to-guest-get-fsinfo.patch [bz#2149191] - Resolves: bz#2141088 (vDPA SVQ guest announce support) - Resolves: bz#2122523 (Secure guest can't boot with maximal number of vcpus (248)) - Resolves: bz#2163701 ([s390x] VM fails to start with ISM passed through) - Resolves: bz#2149191 ([RFE][guest-agent] - USB bus type support) [7.2.0-5] - kvm-virtio-introduce-macro-VIRTIO_CONFIG_IRQ_IDX.patch [bz#1905805] - kvm-virtio-pci-decouple-notifier-from-interrupt-process.patch [bz#1905805] - kvm-virtio-pci-decouple-the-single-vector-from-the-inter.patch [bz#1905805] - kvm-vhost-introduce-new-VhostOps-vhost_set_config_call.patch [bz#1905805] - kvm-vhost-vdpa-add-support-for-config-interrupt.patch [bz#1905805] - kvm-virtio-add-support-for-configure-interrupt.patch [bz#1905805] - kvm-vhost-add-support-for-configure-interrupt.patch [bz#1905805] - kvm-virtio-net-add-support-for-configure-interrupt.patch [bz#1905805] - kvm-virtio-mmio-add-support-for-configure-interrupt.patch [bz#1905805] - kvm-virtio-pci-add-support-for-configure-interrupt.patch [bz#1905805] - kvm-s390x-s390-virtio-ccw-Activate-zPCI-features-on-s390.patch [bz#2159408] - kvm-vhost-fix-vq-dirty-bitmap-syncing-when-vIOMMU-is-ena.patch [bz#2124856] - kvm-block-drop-bdrv_remove_filter_or_cow_child.patch [bz#2155112] - kvm-qed-Don-t-yield-in-bdrv_qed_co_drain_begin.patch [bz#2155112] - kvm-test-bdrv-drain-Don-t-yield-in-.bdrv_co_drained_begi.patch [bz#2155112] - kvm-block-Revert-.bdrv_drained_begin-end-to-non-coroutin.patch [bz#2155112] - kvm-block-Remove-drained_end_counter.patch [bz#2155112] - kvm-block-Inline-bdrv_drain_invoke.patch [bz#2155112] - kvm-block-Fix-locking-for-bdrv_reopen_queue_child.patch [bz#2155112] - kvm-block-Drain-individual-nodes-during-reopen.patch [bz#2155112] - kvm-block-Don-t-use-subtree-drains-in-bdrv_drop_intermed.patch [bz#2155112] - kvm-stream-Replace-subtree-drain-with-a-single-node-drai.patch [bz#2155112] - kvm-block-Remove-subtree-drains.patch [bz#2155112] - kvm-block-Call-drain-callbacks-only-once.patch [bz#2155112] - kvm-block-Remove-ignore_bds_parents-parameter-from-drain.patch [bz#2155112] - kvm-block-Drop-out-of-coroutine-in-bdrv_do_drained_begin.patch [bz#2155112] - kvm-block-Don-t-poll-in-bdrv_replace_child_noperm.patch [bz#2155112] - kvm-block-Remove-poll-parameter-from-bdrv_parent_drained.patch [bz#2155112] - kvm-accel-introduce-accelerator-blocker-API.patch [bz#1979276] - kvm-KVM-keep-track-of-running-ioctls.patch [bz#1979276] - kvm-kvm-Atomic-memslot-updates.patch [bz#1979276] - Resolves: bz#1905805 (support config interrupt in vhost-vdpa qemu) - Resolves: bz#2159408 ([s390x] VMs with ISM passthrough don't autostart after leapp upgrade from RHEL 8) - Resolves: bz#2124856 (VM with virtio interface and iommu=on will crash when try to migrate) - Resolves: bz#2155112 (Qemu coredump after do snapshot of mirrored top image and its converted base image(iothread enabled)) - Resolves: bz#1979276 (SVM: non atomic memslot updates cause boot failure with seabios and cpu-pm=on) [7.2.0-4] - kvm-virtio-rng-pci-fix-migration-compat-for-vectors.patch [bz#2155749] - kvm-Update-QGA-service-for-new-command-line.patch [bz#2156515] - Resolves: bz#2155749 ([regression][stable guest abi][qemu-kvm7.2]Migration failed due to virtio-rng device between RHEL8.8 and RHEL9.2/MSI-X) - Resolves: bz#2156515 ([guest-agent] Replace '-blacklist' to '-block-rpcs' in qemu-ga config file) [7.2.0-3] - kvm-hw-arm-virt-Introduce-virt_set_high_memmap-helper.patch [bz#2113840] - kvm-hw-arm-virt-Rename-variable-size-to-region_size-in-v.patch [bz#2113840] - kvm-hw-arm-virt-Introduce-variable-region_base-in-virt_s.patch [bz#2113840] - kvm-hw-arm-virt-Introduce-virt_get_high_memmap_enabled-h.patch [bz#2113840] - kvm-hw-arm-virt-Improve-high-memory-region-address-assig.patch [bz#2113840] - kvm-hw-arm-virt-Add-compact-highmem-property.patch [bz#2113840] - kvm-hw-arm-virt-Add-properties-to-disable-high-memory-re.patch [bz#2113840] - kvm-hw-arm-virt-Enable-compat-high-memory-region-address.patch [bz#2113840] - Resolves: bz#2113840 ([RHEL9.2] Memory mapping optimization for virt machine) [7.2.0-2] - Fix updating from 7.1.0 - kvm-redhat-fix-virt-rhel9.2.0-compat-props.patch[bz#2154640] - Resolves: bz#2154640 ([aarch64] qemu fails to load 'efi-virtio.rom' romfile when creating virtio-net-pci) [7.2.0-1] - Rebase to QEMU 7.2.0 [bz#2135806] - Resolves: bz#2135806 (Rebase to QEMU 7.2 for RHEL 9.2.0) [7.1.0-7] - kvm-hw-acpi-erst.c-Fix-memory-handling-issues.patch [bz#2149108] - Resolves: bz#2149108 (CVE-2022-4172 qemu-kvm: QEMU: ACPI ERST: memory corruption issues in read_erst_record and write_erst_record [rhel-9]) [7.1.0-6] - kvm-block-move-bdrv_qiov_is_aligned-to-file-posix.patch [bz#2143170] - kvm-block-use-the-request-length-for-iov-alignment.patch [bz#2143170] - Resolves: bz#2143170 (The installation can not start when install files (iso) locate on a 4k disk) [7.1.0-5] - kvm-rtl8139-Remove-unused-variable.patch [bz#2141218] - kvm-qemu-img-remove-unused-variable.patch [bz#2141218] - kvm-host-libusb-Remove-unused-variable.patch [bz#2141218] - Resolves: bz#2141218 (qemu-kvm build fails with clang 15.0.1 due to false unused variable error) [7.1.0-4] - kvm-Revert-intel_iommu-Fix-irqchip-X2APIC-configuration-.patch [bz#2126095] - Resolves: bz#2126095 ([rhel9.2][intel_iommu]Booting guest with '-device intel-iommu,intremap=on,device-iotlb=on,caching-mode=on' causes kernel call trace) [7.1.0-3] - kvm-target-i386-kvm-fix-kvmclock_current_nsec-Assertion-.patch [bz#2108531] - Resolves: bz#2108531 (Windows guest reboot after migration with wsl2 installed inside) [7.1.0-2] - kvm-vdpa-Skip-the-maps-not-in-the-iova-tree.patch [RHELX-57] - kvm-vdpa-do-not-save-failed-dma-maps-in-SVQ-iova-tree.patch [RHELX-57] - kvm-util-accept-iova_tree_remove_parameter-by-value.patch [RHELX-57] - kvm-vdpa-Remove-SVQ-vring-from-iova_tree-at-shutdown.patch [RHELX-57] - kvm-vdpa-Make-SVQ-vring-unmapping-return-void.patch [RHELX-57] - kvm-vhost-Always-store-new-kick-fd-on-vhost_svq_set_svq_.patch [RHELX-57] - kvm-vdpa-Use-ring-hwaddr-at-vhost_vdpa_svq_unmap_ring.patch [RHELX-57] - kvm-vhost-stop-transfer-elem-ownership-in-vhost_handle_g.patch [RHELX-57] - kvm-vhost-use-SVQ-element-ndescs-instead-of-opaque-data-.patch [RHELX-57] - kvm-vhost-Delete-useless-read-memory-barrier.patch [RHELX-57] - kvm-vhost-Do-not-depend-on-NULL-VirtQueueElement-on-vhos.patch [RHELX-57] - kvm-vhost_net-Add-NetClientInfo-start-callback.patch [RHELX-57] - kvm-vhost_net-Add-NetClientInfo-stop-callback.patch [RHELX-57] - kvm-vdpa-add-net_vhost_vdpa_cvq_info-NetClientInfo.patch [RHELX-57] - kvm-vdpa-Move-command-buffers-map-to-start-of-net-device.patch [RHELX-57] - kvm-vdpa-extract-vhost_vdpa_net_cvq_add-from-vhost_vdpa_.patch [RHELX-57] - kvm-vhost_net-add-NetClientState-load-callback.patch [RHELX-57] - kvm-vdpa-Add-virtio-net-mac-address-via-CVQ-at-start.patch [RHELX-57] - kvm-vdpa-Delete-CVQ-migration-blocker.patch [RHELX-57] - kvm-vdpa-Make-VhostVDPAState-cvq_cmd_in_buffer-control-a.patch [RHELX-57] - kvm-vdpa-extract-vhost_vdpa_net_load_mac-from-vhost_vdpa.patch [RHELX-57] - kvm-vdpa-Add-vhost_vdpa_net_load_mq.patch [RHELX-57] - kvm-vdpa-validate-MQ-CVQ-commands.patch [RHELX-57] - kvm-virtio-net-Update-virtio-net-curr_queue_pairs-in-vdp.patch [RHELX-57] - kvm-vdpa-Allow-MQ-feature-in-SVQ.patch [RHELX-57] - kvm-i386-reset-KVM-nested-state-upon-CPU-reset.patch [bz#2125281] - kvm-i386-do-kvm_put_msr_feature_control-first-thing-when.patch [bz#2125281] - kvm-Revert-Re-enable-capstone-internal-build.patch [bz#2127825] - kvm-spec-Use-capstone-package.patch [bz#2127825] - Resolves: RHELX-57 (vDPA SVQ Multiqueue support ) - Resolves: bz#2125281 ([RHEL9.1] Guests in VMX root operation fail to reboot with QEMU's 'system_reset' command [rhel-9.2.0]) - Resolves: bz#2127825 (Use capstone for qemu-kvm build) [7.1.0-1] - Rebase to QEMU 7.1.0 [bz#2111769] - Resolves: bz#2111769 (Rebase to QEMU 7.1.0) [7.0.0-11] - kvm-QIOChannelSocket-Fix-zero-copy-flush-returning-code-.patch [bz#2107466] - kvm-Add-dirty-sync-missed-zero-copy-migration-stat.patch [bz#2107466] - kvm-migration-multifd-Report-to-user-when-zerocopy-not-w.patch [bz#2107466] - kvm-migration-Avoid-false-positive-on-non-supported-scen.patch [bz#2107466] - kvm-migration-add-remaining-params-has_-true-in-migratio.patch [bz#2107466] - kvm-QIOChannelSocket-Add-support-for-MSG_ZEROCOPY-IPV6.patch [bz#2107466] - kvm-pc-bios-s390-ccw-Fix-booting-with-logical-block-size.patch [bz#2112303] - kvm-vdpa-Fix-bad-index-calculus-at-vhost_vdpa_get_vring_.patch [bz#2116876] - kvm-vdpa-Fix-index-calculus-at-vhost_vdpa_svqs_start.patch [bz#2116876] - kvm-vdpa-Fix-memory-listener-deletions-of-iova-tree.patch [bz#2116876] - kvm-vdpa-Fix-file-descriptor-leak-on-get-features-error.patch [bz#2116876] - Resolves: bz#2107466 (zerocopy capability can be enabled when set migrate capabilities with multifd and compress/xbzrle together) - Resolves: bz#2112303 (virtio-blk: Can't boot fresh installation from used 512 cluster_size image under certain conditions) - Resolves: bz#2116876 (Fixes for vDPA control virtqueue support in Qemu) [7.0.0-10] - kvm-vhost-Track-descriptor-chain-in-private-at-SVQ.patch [bz#1939363] - kvm-vhost-Fix-device-s-used-descriptor-dequeue.patch [bz#1939363] - kvm-hw-virtio-Replace-g_memdup-by-g_memdup2.patch [bz#1939363] - kvm-vhost-Fix-element-in-vhost_svq_add-failure.patch [bz#1939363] - kvm-meson-create-have_vhost_-variables.patch [bz#1939363] - kvm-meson-use-have_vhost_-variables-to-pick-sources.patch [bz#1939363] - kvm-vhost-move-descriptor-translation-to-vhost_svq_vring.patch [bz#1939363] - kvm-virtio-net-Expose-MAC_TABLE_ENTRIES.patch [bz#1939363] - kvm-virtio-net-Expose-ctrl-virtqueue-logic.patch [bz#1939363] - kvm-vdpa-Avoid-compiler-to-squash-reads-to-used-idx.patch [bz#1939363] - kvm-vhost-Reorder-vhost_svq_kick.patch [bz#1939363] - kvm-vhost-Move-vhost_svq_kick-call-to-vhost_svq_add.patch [bz#1939363] - kvm-vhost-Check-for-queue-full-at-vhost_svq_add.patch [bz#1939363] - kvm-vhost-Decouple-vhost_svq_add-from-VirtQueueElement.patch [bz#1939363] - kvm-vhost-Add-SVQDescState.patch [bz#1939363] - kvm-vhost-Track-number-of-descs-in-SVQDescState.patch [bz#1939363] - kvm-vhost-add-vhost_svq_push_elem.patch [bz#1939363] - kvm-vhost-Expose-vhost_svq_add.patch [bz#1939363] - kvm-vhost-add-vhost_svq_poll.patch [bz#1939363] - kvm-vhost-Add-svq-avail_handler-callback.patch [bz#1939363] - kvm-vdpa-Export-vhost_vdpa_dma_map-and-unmap-calls.patch [bz#1939363] - kvm-vhost-net-vdpa-add-stubs-for-when-no-virtio-net-devi.patch [bz#1939363] - kvm-vdpa-manual-forward-CVQ-buffers.patch [bz#1939363] - kvm-vdpa-Buffer-CVQ-support-on-shadow-virtqueue.patch [bz#1939363] - kvm-vdpa-Extract-get-features-part-from-vhost_vdpa_get_m.patch [bz#1939363] - kvm-vdpa-Add-device-migration-blocker.patch [bz#1939363] - kvm-vdpa-Add-x-svq-to-NetdevVhostVDPAOptions.patch [bz#1939363] - kvm-redhat-Update-linux-headers-linux-kvm.h-to-v5.18-rc6.patch [bz#2111994] - kvm-target-s390x-kvm-Honor-storage-keys-during-emulation.patch [bz#2111994] - kvm-kvm-don-t-use-perror-without-useful-errno.patch [bz#2095608] - kvm-multifd-Copy-pages-before-compressing-them-with-zlib.patch [bz#2099934] - kvm-Revert-migration-Simplify-unqueue_page.patch [bz#2099934] - Resolves: bz#1939363 (vDPA control virtqueue support in Qemu) - Resolves: bz#2111994 (RHEL9: skey test in kvm_unit_test got failed) - Resolves: bz#2095608 (Please correct the error message when try to start qemu with '-M kernel-irqchip=split') - Resolves: bz#2099934 (Guest reboot on destination host after postcopy migration completed) [7.0.0-9] - kvm-virtio-iommu-Add-bypass-mode-support-to-assigned-dev.patch [bz#2100106] - kvm-virtio-iommu-Use-recursive-lock-to-avoid-deadlock.patch [bz#2100106] - kvm-virtio-iommu-Add-an-assert-check-in-translate-routin.patch [bz#2100106] - kvm-virtio-iommu-Fix-the-partial-copy-of-probe-request.patch [bz#2100106] - kvm-virtio-iommu-Fix-migration-regression.patch [bz#2100106] - kvm-pc-bios-s390-ccw-virtio-Introduce-a-macro-for-the-DA.patch [bz#2098077] - kvm-pc-bios-s390-ccw-bootmap-Improve-the-guessing-logic-.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-blkdev-Simplify-fix-virtio_i.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-blkdev-Remove-virtio_assume_.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-Set-missing-status-bits-whil.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-Read-device-config-after-fea.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-Beautify-the-code-for-readin.patch [bz#2098077] - kvm-pc-bios-s390-ccw-Split-virtio-scsi-code-from-virtio_.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-blkdev-Request-the-right-fea.patch [bz#2098077] - kvm-pc-bios-s390-ccw-netboot.mak-Ignore-Clang-s-warnings.patch [bz#2098077] - kvm-hw-block-fdc-Prevent-end-of-track-overrun-CVE-2021-3.patch [bz#1951522] - kvm-tests-qtest-fdc-test-Add-a-regression-test-for-CVE-2.patch [bz#1951522] - Resolves: bz#2100106 (Fix virtio-iommu/vfio bypass) - Resolves: bz#2098077 (virtio-blk: Can't boot fresh installation from used virtio-blk dasd disk under certain conditions) - Resolves: bz#1951522 (CVE-2021-3507 qemu-kvm: QEMU: fdc: heap buffer overflow in DMA read data transfers [rhel-9.0]) [7.0.0-8] - kvm-tests-avocado-update-aarch64_virt-test-to-exercise-c.patch [bz#2060839] - kvm-RHEL-only-tests-avocado-Switch-aarch64-tests-from-a5.patch [bz#2060839] - kvm-RHEL-only-AArch64-Drop-unsupported-CPU-types.patch [bz#2060839] - kvm-target-i386-deprecate-CPUs-older-than-x86_64-v2-ABI.patch [bz#2060839] - kvm-target-s390x-deprecate-CPUs-older-than-z14.patch [bz#2060839] - kvm-target-arm-deprecate-named-CPU-models.patch [bz#2060839] - kvm-meson.build-Fix-docker-test-build-alpine-when-includ.patch [bz#1968509] - kvm-QIOChannel-Add-flags-on-io_writev-and-introduce-io_f.patch [bz#1968509] - kvm-QIOChannelSocket-Implement-io_writev-zero-copy-flag-.patch [bz#1968509] - kvm-migration-Add-zero-copy-send-parameter-for-QMP-HMP-f.patch [bz#1968509] - kvm-migration-Add-migrate_use_tls-helper.patch [bz#1968509] - kvm-multifd-multifd_send_sync_main-now-returns-negative-.patch [bz#1968509] - kvm-multifd-Send-header-packet-without-flags-if-zero-cop.patch [bz#1968509] - kvm-multifd-Implement-zero-copy-write-in-multifd-migrati.patch [bz#1968509] - kvm-QIOChannelSocket-Introduce-assert-and-reduce-ifdefs-.patch [bz#1968509] - kvm-QIOChannelSocket-Fix-zero-copy-send-so-socket-flush-.patch [bz#1968509] - kvm-migration-Change-zero_copy_send-from-migration-param.patch [bz#1968509] - kvm-migration-Allow-migrate-recover-to-run-multiple-time.patch [bz#2096143] - Resolves: bz#2060839 (Consider deprecating CPU models like 'kvm64' / 'qemu64' on RHEL 9) - Resolves: bz#1968509 (Use MSG_ZEROCOPY on QEMU Live Migration) - Resolves: bz#2096143 (The migration port is not released if use it again for recovering postcopy migration) [7.0.0-7] - kvm-coroutine-ucontext-use-QEMU_DEFINE_STATIC_CO_TLS.patch [bz#1952483] - kvm-coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch [bz#1952483] - kvm-coroutine-win32-use-QEMU_DEFINE_STATIC_CO_TLS.patch [bz#1952483] - kvm-Enable-virtio-iommu-pci-on-x86_64.patch [bz#2094252] - kvm-linux-aio-fix-unbalanced-plugged-counter-in-laio_io_.patch [bz#2092788] - kvm-linux-aio-explain-why-max-batch-is-checked-in-laio_i.patch [bz#2092788] - Resolves: bz#1952483 (RFE: QEMU's coroutines fail with CFLAGS=-flto on non-x86_64 architectures) - Resolves: bz#2094252 (Compile the virtio-iommu device on x86_64) - Resolves: bz#2092788 (Stalled IO Operations in VM) [7.0.0-6] - kvm-Introduce-event-loop-base-abstract-class.patch [bz#2031024] - kvm-util-main-loop-Introduce-the-main-loop-into-QOM.patch [bz#2031024] - kvm-util-event-loop-base-Introduce-options-to-set-the-th.patch [bz#2031024] - kvm-qcow2-Improve-refcount-structure-rebuilding.patch [bz#2072379] - kvm-iotests-108-Test-new-refcount-rebuild-algorithm.patch [bz#2072379] - kvm-qcow2-Add-errp-to-rebuild_refcount_structure.patch [bz#2072379] - kvm-iotests-108-Fix-when-missing-user_allow_other.patch [bz#2072379] - kvm-virtio-net-setup-vhost_dev-and-notifiers-for-cvq-onl.patch [bz#2070804] - kvm-virtio-net-align-ctrl_vq-index-for-non-mq-guest-for-.patch [bz#2070804] - kvm-vhost-vdpa-fix-improper-cleanup-in-net_init_vhost_vd.patch [bz#2070804] - kvm-vhost-net-fix-improper-cleanup-in-vhost_net_start.patch [bz#2070804] - kvm-vhost-vdpa-backend-feature-should-set-only-once.patch [bz#2070804] - kvm-vhost-vdpa-change-name-and-polarity-for-vhost_vdpa_o.patch [bz#2070804] - kvm-virtio-net-don-t-handle-mq-request-in-userspace-hand.patch [bz#2070804] - kvm-Revert-globally-limit-the-maximum-number-of-CPUs.patch [bz#2094270] - kvm-vfio-common-remove-spurious-warning-on-vfio_listener.patch [bz#2086262] - Resolves: bz#2031024 (Add support for fixing thread pool size [QEMU]) - Resolves: bz#2072379 (Fail to rebuild the reference count tables of qcow2 image on host block devices (e.g. LVs)) - Resolves: bz#2070804 (PXE boot crash qemu when using multiqueue vDPA) - Resolves: bz#2094270 (Do not set the hard vCPU limit to the soft vCPU limit in downstream qemu-kvm anymore) - Resolves: bz#2086262 ([Win11][tpm]vfio_listener_region_del received unaligned region) [7.0.0-5] - kvm-qemu-nbd-Pass-max-connections-to-blockdev-layer.patch [bz#1708300] - kvm-nbd-server-Allow-MULTI_CONN-for-shared-writable-expo.patch [bz#1708300] - Resolves: bz#1708300 (RFE: qemu-nbd vs NBD_FLAG_CAN_MULTI_CONN) [7.0.0-4] - kvm-qapi-machine.json-Add-cluster-id.patch [bz#2041823] - kvm-qtest-numa-test-Specify-CPU-topology-in-aarch64_numa.patch [bz#2041823] - kvm-hw-arm-virt-Consider-SMP-configuration-in-CPU-topolo.patch [bz#2041823] - kvm-qtest-numa-test-Correct-CPU-and-NUMA-association-in-.patch [bz#2041823] - kvm-hw-arm-virt-Fix-CPU-s-default-NUMA-node-ID.patch [bz#2041823] - kvm-hw-acpi-aml-build-Use-existing-CPU-topology-to-build.patch [bz#2041823] - kvm-coroutine-Rename-qemu_coroutine_inc-dec_pool_size.patch [bz#2079938] - kvm-coroutine-Revert-to-constant-batch-size.patch [bz#2079938] - kvm-virtio-scsi-fix-ctrl-and-event-handler-functions-in-.patch [bz#2079347] - kvm-virtio-scsi-don-t-waste-CPU-polling-the-event-virtqu.patch [bz#2079347] - kvm-virtio-scsi-clean-up-virtio_scsi_handle_event_vq.patch [bz#2079347] - kvm-virtio-scsi-clean-up-virtio_scsi_handle_ctrl_vq.patch [bz#2079347] - kvm-virtio-scsi-clean-up-virtio_scsi_handle_cmd_vq.patch [bz#2079347] - kvm-virtio-scsi-move-request-related-items-from-.h-to-.c.patch [bz#2079347] - kvm-Revert-virtio-scsi-Reject-scsi-cd-if-data-plane-enab.patch [bz#1995710] - kvm-migration-Fix-operator-type.patch [bz#2064530] - Resolves: bz#2041823 ([aarch64][numa] When there are at least 6 Numa nodes serial log shows 'arch topology borken') - Resolves: bz#2079938 (qemu coredump when boot with multi disks (qemu) failed to set up stack guard page: Cannot allocate memory) - Resolves: bz#2079347 (Guest boot blocked when scsi disks using same iothread and 100% CPU consumption) - Resolves: bz#1995710 (RFE: Allow virtio-scsi CD-ROM media change with IOThreads) - Resolves: bz#2064530 (Rebuild qemu-kvm with clang-14) [7.0.0-3] - kvm-hw-arm-virt-Remove-the-dtb-kaslr-seed-machine-option.patch [bz#2046029] - kvm-hw-arm-virt-Fix-missing-initialization-in-instance-c.patch [bz#2046029] - kvm-Enable-virtio-iommu-pci-on-aarch64.patch [bz#1477099] - kvm-sysemu-tpm-Add-a-stub-function-for-TPM_IS_CRB.patch [bz#2037612] - kvm-vfio-common-remove-spurious-tpm-crb-cmd-misalignment.patch [bz#2037612] - Resolves: bz#2046029 ([WRB] New machine type property - dtb-kaslr-seed) - Resolves: bz#1477099 (virtio-iommu (including ACPI, VHOST/VFIO integration, migration support)) - Resolves: bz#2037612 ([Win11][tpm][QL41112 PF] vfio_listener_region_add received unaligned region) [7.0.0-2] - kvm-configs-devices-aarch64-softmmu-Enable-CONFIG_VIRTIO.patch [bz#2044162] - kvm-target-ppc-cpu-models-Fix-ppc_cpu_aliases-list-for-R.patch [bz#2081022] - Resolves: bz#2044162 ([RHEL9.1] Enable virtio-mem as tech-preview on ARM64 QEMU) - Resolves: bz#2081022 (Build regression on ppc64le with c9s qemu-kvm 7.0.0-1 changes) [7.0.0-1] - Rebase to QEMU 7.0.0 [bz#2064757] - Do not build ssh block driver anymore [bz#2064500] - Removed hpet and parallel port support [bz#2065042] - Compatibility support [bz#2064782 bz#2064771] - Resolves: bz#2064757 (Rebase to QEMU 7.0.0) - Resolves: bz#2064500 (Install qemu-kvm-6.2.0-11.el9_0.1 failed as conflict with qemu-kvm-block-ssh-6.2.0-11.el9_0.1) - Resolves: bz#2065042 (Remove upstream-only devices from the qemu-kvm binary) - Resolves: bz#2064782 (Update machine type compatibility for QEMU 7.0.0 update [s390x]) - Resolves: bz#2064771 (Update machine type compatibility for QEMU 7.0.0 update [x86_64]) [6.2.0-13] - kvm-RHEL-disable-seqpacket-for-vhost-vsock-device-in-rhe.patch [bz#2065589] - Resolves: bz#2065589 (RHEL 9.0 guest with vsock device migration failed from RHEL 9.0 > RHEL 8.6 [rhel-9.1.0]) [6.2.0-12] - kvm-RHEL-mark-old-machine-types-as-deprecated.patch [bz#2062813] - kvm-hw-virtio-vdpa-Fix-leak-of-host-notifier-memory-regi.patch [bz#2062828] - kvm-spec-Fix-obsolete-for-spice-subpackages.patch [bz#2062819 bz#2062817] - kvm-spec-Obsolete-old-usb-redir-subpackage.patch [bz#2062819] - kvm-spec-Obsolete-ssh-driver.patch [bz#2062817] - Resolves: bz#2062828 ([virtual network][rhel9][vDPA] qemu crash after hot unplug vdpa device [rhel-9.1.0]) - Resolves: bz#2062819 (Broken upgrade path due to qemu-kvm-hw-usbredir rename [rhel-9.1.0]) - Resolves: bz#2062817 (Missing qemu-kvm-block-ssh obsolete breaks upgrade path [rhel-9.1.0]) - Resolves: bz#2062813 (Mark all RHEL-8 and earlier machine types as deprecated [rhel-9.1.0]) [6.2.0-11] - kvm-spec-Remove-qemu-virtiofsd.patch [bz#2055284] - Resolves: bz#2055284 (Remove the qemu-virtiofsd subpackage) [6.2.0-10] - kvm-Revert-ui-clipboard-Don-t-use-g_autoptr-just-to-free.patch [bz#2042820] - kvm-ui-avoid-compiler-warnings-from-unused-clipboard-inf.patch [bz#2042820] - kvm-ui-clipboard-fix-use-after-free-regression.patch [bz#2042820] - kvm-ui-vnc.c-Fixed-a-deadlock-bug.patch [bz#2042820] - kvm-memory-Fix-incorrect-calls-of-log_global_start-stop.patch [bz#2044818] - kvm-memory-Fix-qemu-crash-on-starting-dirty-log-twice-wi.patch [bz#2044818] - Resolves: bz#2042820 (qemu crash when try to copy and paste contents from client to VM) - Resolves: bz#2044818 (Qemu Core Dumped when migrate -> migrate_cancel -> migrate again during guest is paused) [6.2.0-9] - kvm-block-Lock-AioContext-for-drain_end-in-blockdev-reop.patch [bz#2046659] - kvm-iotests-Test-blockdev-reopen-with-iothreads-and-thro.patch [bz#2046659] - kvm-block-nbd-Delete-reconnect-delay-timer-when-done.patch [bz#2033626] - kvm-block-nbd-Assert-there-are-no-timers-when-closed.patch [bz#2033626] - kvm-iotests.py-Add-QemuStorageDaemon-class.patch [bz#2033626] - kvm-iotests-281-Test-lingering-timers.patch [bz#2033626] - kvm-block-nbd-Move-s-ioc-on-AioContext-change.patch [bz#2033626] - kvm-iotests-281-Let-NBD-connection-yield-in-iothread.patch [bz#2033626] - Resolves: bz#2046659 (qemu crash after execute blockdev-reopen with iothread) - Resolves: bz#2033626 (Qemu core dump when start guest with nbd node or do block jobs to nbd node) [6.2.0-8] - kvm-numa-Enable-numa-for-SGX-EPC-sections.patch [bz#2033708] - kvm-numa-Support-SGX-numa-in-the-monitor-and-Libvirt-int.patch [bz#2033708] - kvm-doc-Add-the-SGX-numa-description.patch [bz#2033708] - kvm-Enable-SGX-RH-Only.patch [bz#2033708] - kvm-qapi-Cleanup-SGX-related-comments-and-restore-sectio.patch [bz#2033708] - kvm-block-io-Update-BSC-only-if-want_zero-is-true.patch [bz#2041461] - kvm-iotests-block-status-cache-New-test.patch [bz#2041461] - kvm-iotests-Test-qemu-img-convert-of-zeroed-data-cluster.patch [bz#1882917] - kvm-qemu-img-make-is_allocated_sectors-more-efficient.patch [bz#1882917] - kvm-block-backend-prevent-dangling-BDS-pointers-across-a.patch [bz#2040123] - kvm-iotests-stream-error-on-reset-New-test.patch [bz#2040123] - kvm-hw-arm-smmuv3-Fix-device-reset.patch [bz#2042481] - Resolves: bz#2033708 ([Intel 9.0 Feat] qemu-kvm: SGX 1.5 (SGX1 + Flexible Launch Control) support) - Resolves: bz#2041461 (Inconsistent block status reply in qemu-nbd) - Resolves: bz#1882917 (the target image size is incorrect when converting a badly fragmented file) - Resolves: bz#2040123 (Qemu core dumped when do block-stream to a snapshot node on non-enough space storage) - Resolves: bz#2042481 ([aarch64] Launch guest with 'default-bus-bypass-iommu=off,iommu=smmuv3' and 'iommu_platform=on', guest hangs after system_reset) [6.2.0-7] - kvm-qemu-storage-daemon-Add-vhost-user-blk-help.patch [bz#1962088] - kvm-qemu-storage-daemon-Fix-typo-in-vhost-user-blk-help.patch [bz#1962088] - kvm-virtiofsd-Drop-membership-of-all-supplementary-group.patch [bz#2046201] - kvm-block-rbd-fix-handling-of-holes-in-.bdrv_co_block_st.patch [bz#2034791] - kvm-block-rbd-workaround-for-ceph-issue-53784.patch [bz#2034791] - Resolves: bz#1962088 ([QSD] wrong help message for the fuse) - Resolves: bz#2046201 (CVE-2022-0358 qemu-kvm: QEMU: virtiofsd: potential privilege escalation via CVE-2018-13405 [rhel-9.0]) - Resolves: bz#2034791 (Booting from Local Snapshot Core Dumped Whose Backing File Is Based on RBD) [6.2.0-6] - Moving feature support out of qemu-kvm-core to separate packages (can cause loss of functionality when using only qemu-kvm-core - qemu-kvm keeps same feature set). - kvm-spec-Rename-qemu-kvm-hw-usbredir-to-qemu-kvm-device-.patch [bz#2022847] - kvm-spec-Split-qemu-kvm-ui-opengl.patch [bz#2022847] - kvm-spec-Introduce-packages-for-virtio-gpu-modules.patch [bz#2022847] - kvm-spec-Introduce-device-display-virtio-vga-packages.patch [bz#2022847] - kvm-spec-Move-usb-host-module-to-separate-package.patch [bz#2022847] - kvm-spec-Move-qtest-accel-module-to-tests-package.patch [bz#2022847] - kvm-spec-Extend-qemu-kvm-core-description.patch [bz#2022847] - Resolves: bz#2022847 (qemu-kvm: Align package split with Fedora) [6.2.0-5] - kvm-x86-Add-q35-RHEL-8.6.0-machine-type.patch [bz#1945666] - kvm-x86-Add-q35-RHEL-9.0.0-machine-type.patch [bz#1945666] - kvm-softmmu-fix-device-deletion-events-with-device-JSON-.patch [bz#2036669] - Resolves: bz#1945666 (9.0: x86 machine types) - Resolves: bz#2036669 (DEVICE_DELETED event is not delivered for device frontend if -device is configured via JSON) [6.2.0-4] - kvm-block-nvme-fix-infinite-loop-in-nvme_free_req_queue_.patch [bz#2024544] - kvm-rhel-machine-types-x86-set-prefer_sockets.patch [bz#2028623] - Resolves: bz#2024544 (Fio workers hangs when running fio with 32 jobs iodepth 32 and QEMU's userspace NVMe driver) - Resolves: bz#2028623 ([9.0] machine types: 6.2: Fix prefer_sockets) [6.2.0-3] - kvm-hw-arm-virt-Register-iommu-as-a-class-property.patch [bz#2031044] - kvm-hw-arm-virt-Register-its-as-a-class-property.patch [bz#2031044] - kvm-hw-arm-virt-Rename-default_bus_bypass_iommu.patch [bz#2031044] - kvm-hw-arm-virt-Expose-the-RAS-option.patch [bz#2031044] - kvm-hw-arm-virt-Add-9.0-machine-type-and-remove-8.5-one.patch [bz#2031044] - kvm-hw-arm-virt-Check-no_tcg_its-and-minor-style-changes.patch [bz#2031044] - Resolves: bz#2031044 (Add rhel-9.0.0 machine types for RHEL 9.0 [aarch64]) [6.2.0-2] - kvm-redhat-Add-rhel8.6.0-and-rhel9.0.0-machine-types-for.patch [bz#2008060] - kvm-redhat-Enable-virtio-mem-as-tech-preview-on-x86-64.patch [bz#2014484] - Resolves: bz#2008060 (Fix CPU Model for new IBM Z Hardware - qemu part) - Resolves: bz#2014484 ([RHEL9] Enable virtio-mem as tech-preview on x86-64 - QEMU) [6.2.0-1] - Rebase to QEMU 6.2.0 [bz#2027697] - Resolves: bz#2027697 (Rebase to QEMU 6.2.0) [6.1.0-8] - kvm-Move-ksmtuned-files-to-separate-package.patch [bz#1971678] - Resolves: bz#1971678 (Split out ksmtuned package from qemu-kvm) [6.1.0-7] - kvm-migration-Make-migration-blocker-work-for-snapshots-.patch [bz#1996609] - kvm-migration-Add-migrate_add_blocker_internal.patch [bz#1996609] - kvm-dump-guest-memory-Block-live-migration.patch [bz#1996609] - kvm-spec-Build-the-VDI-block-driver.patch [bz#2013331] - kvm-spec-Explicitly-include-compress-filter.patch [bz#1980035] - Resolves: bz#1996609 (Qemu hit core dump when dump guest memory during live migration) - Resolves: bz#2013331 (RFE: qemu-img cannot convert from vdi format) - Resolves: bz#1980035 (RFE: Enable compress filter so we can create new, compressed qcow2 files via qemu-nbd) [6.1.0-6] - kvm-hw-arm-virt-Add-hw_compat_rhel_8_5-to-8.5-machine-ty.patch [bz#1998942] - Resolves: bz#1998942 (Add machine type compatibility update for 6.1 rebase [aarch64]) [6.1.0-5] - kvm-virtio-balloon-Fix-page-poison-subsection-name.patch [bz#1984401] - kvm-spec-Remove-block-curl-and-block-ssh-dependency.patch [bz#2010985] - Resolves: bz#1984401 (fails to revert snapshot of a VM [balloon/page-poison]) - Resolves: bz#2010985 (Remove dependency on qemu-kvm-block-curl and qemu-kvm-block-ssh [rhel-9.0.0]) [6.1.0-4] - kvm-redhat-Define-hw_compat_rhel_8_5.patch [bz#1998943] - kvm-redhat-Add-s390x-machine-type-compatibility-update-f.patch [bz#1998943] - Resolves: bz#1998943 (Add machine type compatibility update for 6.1 rebase [s390x]) [6.1.0-3] - kvm-disable-sga-device.patch [bz#2000845] - kvm-tools-virtiofsd-Add-fstatfs64-syscall-to-the-seccomp.patch [bz#2005026] - Resolves: bz#2000845 (RFE: Remove SGA, deprecate cirrus, and set defaults for QEMU machine-types in RHEL9) - Resolves: bz#2005026 ([s390][virtio-fs] Umount virtiofs shared folder failure from guest side [rhel-9.0.0]) [6.1.0-2] - kvm-hw-arm-virt-Remove-9.0-machine-type.patch [bz#2002937] - kvm-remove-sgabios-dependency.patch [bz#2000845] - kvm-enable-pulseaudio.patch [bz#1997725] - kvm-spec-disable-use-of-gcrypt-for-crypto-backends-in-fa.patch [bz#1990068] - Resolves: bz#2002937 ([qemu][aarch64] Remove 9.0 machine types in arm virt for 9-Beta) - Resolves: bz#2000845 (RFE: Remove SGA, deprecate cirrus, and set defaults for QEMU machine-types in RHEL9) - Resolves: bz#1997725 (RFE: enable pulseaudio backend on QEMU) - Resolves: bz#1990068 (Disable use of gcrypt for crypto backends in favour of gnutls) [6.1.0-1] - Rebase to QEMU 6.1.0 [bz#1997408] - Resolves: #bz#1997408 (Rebase to QEMU 6.1.0) [6.0.0-13] - kvm-qcow2-Deprecation-warning-when-opening-v2-images-rw.patch [bz#1951814] - kvm-disable-ac97-audio.patch [bz#1995819] - kvm-redhat-Disable-LTO-on-non-x86-architectures.patch [bz#1950192] - kvm-redhat-Enable-the-test-block-iothread-test-again.patch [bz#1950192] - Resolves: bz#1951814 (RFE: Warning when using qcow2-v2 (compat=0.10)) - Resolves: bz#1995819 (RFE: Remove ac97 audio support from QEMU) - Resolves: bz#1950192 (RHEL9: when ioeventfd=off and 8.4guest, (qemu) qemu-kvm: ../util/qemu-coroutine-lock.c:57: qemu_co_queue_wait_impl: Assertion qemu_in_coroutine()' failed.) [6.0.0-12.el9] - kvm-migration-Move-yank-outside-qemu_start_incoming_migr.patch [bz#1974683] - kvm-migration-Allow-reset-of-postcopy_recover_triggered-.patch [bz#1974683] - kvm-Remove-RHEL-7.0.0-machine-type.patch [bz#1968519] - kvm-Remove-RHEL-7.1.0-machine-type.patch [bz#1968519] - kvm-Remove-RHEL-7.2.0-machine-type.patch [bz#1968519] - kvm-Remove-RHEL-7.3.0-machine-types.patch [bz#1968519] - kvm-Remove-RHEL-7.4.0-machine-types.patch [bz#1968519] - kvm-Remove-RHEL-7.5.0-machine-types.patch [bz#1968519] - kvm-acpi-pc-revert-back-to-v5.2-PCI-slot-enumeration.patch [bz#1957194] - kvm-migration-failover-reset-partially_hotplugged.patch [bz#1957194] - kvm-hmp-Fix-loadvm-to-resume-the-VM-on-success-instead-o.patch [bz#1957194] - kvm-migration-Move-bitmap_mutex-out-of-migration_bitmap_.patch [bz#1957194] - kvm-i386-cpu-Expose-AVX_VNNI-instruction-to-guest.patch [bz#1957194] - kvm-ratelimit-protect-with-a-mutex.patch [bz#1957194] - kvm-Update-Linux-headers-to-5.13-rc4.patch [bz#1957194] - kvm-i386-Add-ratelimit-for-bus-locks-acquired-in-guest.patch [bz#1957194] - kvm-iothread-generalize-iothread_set_param-iothread_get_.patch [bz#1957194] - kvm-iothread-add-aio-max-batch-parameter.patch [bz#1957194] - kvm-linux-aio-limit-the-batch-size-using-aio-max-batch-p.patch [bz#1957194] - kvm-block-nvme-Fix-VFIO_MAP_DMA-failed-No-space-left-on-.patch [bz#1957194] - kvm-migration-move-wait-unplug-loop-to-its-own-function.patch [bz#1957194] - kvm-migration-failover-continue-to-wait-card-unplug-on-e.patch [bz#1957194] - kvm-aarch64-Add-USB-storage-devices.patch [bz#1957194] - kvm-iotests-Improve-and-rename-test-291-to-qemu-img-bitm.patch [bz#1957194] - kvm-qemu-img-Fail-fast-on-convert-bitmaps-with-inconsist.patch [bz#1957194] - kvm-qemu-img-Add-skip-broken-bitmaps-for-convert-bitmaps.patch [bz#1957194] - kvm-audio-Never-send-migration-section.patch [bz#1957194] - kvm-pc-bios-s390-ccw-bootmap-Silence-compiler-warning-fr.patch [bz#1939509 bz#1940132] - kvm-pc-bios-s390-ccw-Use-reset_psw-pointer-instead-of-ha.patch [bz#1939509 bz#1940132] - kvm-pc-bios-s390-ccw-netboot-Use-Wl-prefix-to-pass-param.patch [bz#1939509 bz#1940132] - kvm-pc-bios-s390-ccw-Silence-warning-from-Clang-by-marki.patch [bz#1939509 bz#1940132] - kvm-pc-bios-s390-ccw-Fix-the-cc-option-macro-in-the-Make.patch [bz#1939509 bz#1940132] - kvm-pc-bios-s390-ccw-Silence-GCC-11-stringop-overflow-wa.patch [bz#1939509 bz#1940132] - kvm-pc-bios-s390-ccw-Allow-building-with-Clang-too.patch [bz#1939509 bz#1940132] - kvm-pc-bios-s390-ccw-Fix-inline-assembly-for-older-versi.patch [bz#1939509 bz#1940132] - kvm-configure-Fix-endianess-test-with-LTO.patch [bz#1939509 bz#1940132] - kvm-spec-Switch-toolchain-to-Clang-LLVM.patch [bz#1939509 bz#1940132] - kvm-spec-Use-safe-stack-for-x86_64.patch [bz#1939509 bz#1940132] - kvm-spec-Reenable-write-support-for-VMDK-etc.-in-tools.patch [bz#1989841] - Resolves: bz#1974683 (Fail to set migrate incoming for 2nd time after the first time failed) - Resolves: bz#1968519 (Remove all the old 7.0-7.5 machine types) - Resolves: bz#1957194 (Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta) - Resolves: bz#1939509 (QEMU: enable SafeStack) - Resolves: bz#1940132 (QEMU: switch build toolchain to Clang/LLVM) - Resolves: bz#1989841 (RFE: qemu-img cannot convert images into vmdk and vpc formats) [17:6.0.0-11.1] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [6.0.0-11] - kvm-arm-virt-Register-iommu-as-a-class-property.patch [bz#1838608] - kvm-arm-virt-Register-its-as-a-class-property.patch [bz#1838608] - kvm-arm-virt-Enable-ARM-RAS-support.patch [bz#1838608] - kvm-block-Fix-in_flight-leak-in-request-padding-error-pa.patch [bz#1972079] - kvm-spec-Remove-buildldflags.patch [bz#1973029] - kvm-spec-Use-make_build-macro.patch [bz#1973029] - kvm-spec-Drop-make-install-sharedir-and-datadir-usage.patch [bz#1973029] - kvm-spec-use-make_install-macro.patch [bz#1973029] - kvm-spec-parallelize-make-check.patch [bz#1973029] - kvm-spec-Drop-explicit-build-id.patch [bz#1973029] - kvm-spec-use-build_ldflags.patch [bz#1973029] - kvm-Move-virtiofsd-to-separate-package.patch [bz#1979728] - kvm-Utilize-firmware-configure-option.patch [bz#1980139] - Resolves: bz#1838608 (aarch64: Enable ARMv8 RAS virtualization support) - Resolves: bz#1972079 (Windows Installation blocked on 4k disk when using blk+raw+iothread) - Resolves: bz#1973029 (Spec file cleanups) - Resolves: bz#1979728 (Split out virtiofsd subpackage) - Resolves: bz#1980139 (Use configure --firmwarepath more) [6.0.0-10] - kvm-s390x-css-Introduce-an-ESW-struct.patch [bz#1957194] - kvm-s390x-css-Split-out-the-IRB-sense-data.patch [bz#1957194] - kvm-s390x-css-Refactor-IRB-construction.patch [bz#1957194] - kvm-s390x-css-Add-passthrough-IRB.patch [bz#1957194] - kvm-vhost-user-blk-Fail-gracefully-on-too-large-queue-si.patch [bz#1957194] - kvm-vhost-user-blk-Make-sure-to-set-Error-on-realize-fai.patch [bz#1957194] - kvm-vhost-user-blk-Don-t-reconnect-during-initialisation.patch [bz#1957194] - kvm-vhost-user-blk-Improve-error-reporting-in-realize.patch [bz#1957194] - kvm-vhost-user-blk-Get-more-feature-flags-from-vhost-dev.patch [bz#1957194] - kvm-virtio-Fail-if-iommu_platform-is-requested-but-unsup.patch [bz#1957194] - kvm-vhost-user-blk-Check-that-num-queues-is-supported-by.patch [bz#1957194] - kvm-vhost-user-Fix-backends-without-multiqueue-support.patch [bz#1957194] - kvm-file-posix-fix-max_iov-for-dev-sg-devices.patch [bz#1957194] - kvm-scsi-generic-pass-max_segments-via-max_iov-field-in-.patch [bz#1957194] - kvm-osdep-provide-ROUND_DOWN-macro.patch [bz#1957194] - kvm-block-backend-align-max_transfer-to-request-alignmen.patch [bz#1957194] - kvm-block-add-max_hw_transfer-to-BlockLimits.patch [bz#1957194] - kvm-file-posix-try-BLKSECTGET-on-block-devices-too-do-no.patch [bz#1957194] - kvm-block-Add-option-to-use-driver-whitelist-even-in-too.patch [bz#1957782] - kvm-spec-Restrict-block-drivers-in-tools.patch [bz#1957782] - kvm-Move-tools-to-separate-package.patch [bz#1972285] - kvm-Split-qemu-pr-helper-to-separate-package.patch [bz#1972300] - kvm-spec-RPM_BUILD_ROOT-buildroot.patch [bz#1973029] - kvm-spec-More-use-of-name-instead-of-qemu-kvm.patch [bz#1973029] - kvm-spec-Use-qemu-pr-helper.service-from-qemu.git.patch [bz#1973029] - kvm-spec-Use-_sourcedir-for-referencing-sources.patch [bz#1973029] - kvm-spec-Add-tools_only.patch [bz#1973029] - kvm-spec-build-Add-run_configure-helper.patch [bz#1973029] - kvm-spec-build-Disable-more-bits-with-disable_everything.patch [bz#1973029] - kvm-spec-build-Add-macros-for-some-configure-parameters.patch [bz#1973029] - kvm-spec-files-Move-qemu-guest-agent-and-qemu-img-earlie.patch [bz#1973029] - kvm-spec-install-Remove-redundant-bits.patch [bz#1973029] - kvm-spec-install-Add-modprobe_kvm_conf-macro.patch [bz#1973029] - kvm-spec-install-Remove-qemu-guest-agent-etc-qemu-kvm-us.patch [bz#1973029] - kvm-spec-install-clean-up-qemu-ga-section.patch [bz#1973029] - kvm-spec-install-Use-a-single-tools_only-section.patch [bz#1973029] - kvm-spec-Make-tools_only-not-cross-spec-sections.patch [bz#1973029] - kvm-spec-install-Limit-time-spent-in-qemu_kvm_build.patch [bz#1973029] - kvm-spec-misc-syntactic-merges-with-Fedora.patch [bz#1973029] - kvm-spec-Use-Fedora-s-pattern-for-specifying-rc-version.patch [bz#1973029] - kvm-spec-files-don-t-use-fine-grained-docs-file-list.patch [bz#1973029] - kvm-spec-files-Add-licenses-to-qemu-common-too.patch [bz#1973029] - kvm-spec-install-Drop-python3-shebang-fixup.patch [bz#1973029] - Resolves: bz#1957194 (Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta) - Resolves: bz#1957782 (VMDK support should be read-only) - Resolves: bz#1972285 (Split out a qemu-kvm-tools subpackage) - Resolves: bz#1972300 (Split out a qemu-pr-helper subpackage) - Resolves: bz#1973029 (Spec file cleanups) [6.0.0-9] - kvm-s390x-cpumodel-add-3931-and-3932.patch [bz#1932191] - kvm-spapr-Fix-EEH-capability-issue-on-KVM-guest-for-PCI-.patch [bz#1957194] - kvm-ppc-pef.c-initialize-cgs-ready-in-kvmppc_svm_init.patch [bz#1957194] - kvm-redhat-Move-qemu-kvm-docs-dependency-to-qemu-kvm.patch [bz#1957194] - kvm-redhat-introducting-qemu-kvm-hw-usbredir.patch [bz#1957194] - kvm-redhat-use-the-standard-vhost-user-JSON-path.patch [bz#1957194] - Resolves: bz#1932191 ([IBM 9.0 FEAT] CPU Model for new IBM Z Hardware - qemu part (kvm)) - Resolves: bz#1957194 (Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta) [6.0.0-8] - kvm-Disable-TPM-passthrough.patch [bz#1978911] - kvm-redhat-Replace-the-kvm-setup.service-with-a-etc-modu.patch [bz#1978837] - Resolves: bz#1978911 (Remove TPM Passthrough option from RHEL 9) - Resolves: bz#1978837 (Remove/replace kvm-setup.service) [6.0.0-7] - kvm-aarch64-rh-devices-add-CONFIG_PXB.patch [bz#1967502] - kvm-virtio-gpu-handle-partial-maps-properly.patch [bz#1974795] - kvm-x86-Add-x86-rhel8.5-machine-types.patch [bz#1957194] - kvm-redhat-x86-Enable-kvm-asyncpf-int-by-default.patch [bz#1957194] - kvm-block-backend-add-drained_poll.patch [bz#1957194] - kvm-nbd-server-Use-drained-block-ops-to-quiesce-the-serv.patch [bz#1957194] - kvm-disable-CONFIG_USB_STORAGE_BOT.patch [bz#1957194] - kvm-doc-Fix-some-mistakes-in-the-SEV-documentation.patch [bz#1957194] - kvm-docs-Add-SEV-ES-documentation-to-amd-memory-encrypti.patch [bz#1957194] - kvm-docs-interop-firmware.json-Add-SEV-ES-support.patch [bz#1957194] - kvm-qga-drop-StandardError-syslog.patch [bz#1947977] - kvm-Remove-iscsi-support.patch [bz#1967133] - Resolves: bz#1967502 ([aarch64] [qemu] Compile the PCIe expander bridge) - Resolves: bz#1974795 ([RHEL9-beta] [aarch64] Launch guest with virtio-gpu-pci and virtual smmu causes 'virtio_gpu_dequeue_ctrl_func' ERROR) - Resolves: bz#1957194 (Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta) - Resolves: bz#1947977 (remove StandardError=syslog from qemu-guest-agent.service) - Resolves: bz#1967133 (QEMU: disable libiscsi in RHEL-9) [6.0.0-6] - kvm-yank-Unregister-function-when-using-TLS-migration.patch [bz#1972462] - kvm-pc-bios-s390-ccw-don-t-try-to-read-the-next-block-if.patch [bz#1957194] - kvm-redhat-Install-the-s390-netboot.img-that-we-ve-built.patch [bz#1957194] - kvm-sockets-update-SOCKET_ADDRESS_TYPE_FD-listen-2-backl.patch [bz#1957194] - kvm-target-i386-sev-add-support-to-query-the-attestation.patch [bz#1957194] - kvm-spapr-Don-t-hijack-current_machine-boot_order.patch [bz#1957194] - kvm-target-i386-Add-CPU-model-versions-supporting-xsaves.patch [bz#1957194] - kvm-spapr-Remove-stale-comment-about-power-saving-LPCR-b.patch [bz#1957194] - kvm-spapr-Set-LPCR-to-current-AIL-mode-when-starting-a-n.patch [bz#1957194] - Specfile cleanup [bz#1973029] - Resolves: bz#1972462 (QEMU core dump when doing TLS migration via TCP) - Resolves: bz#1957194 (Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta) - Resolves: bz#1973029 (Spec file cleanups) [6.0.0-5] - kvm-arm-virt-Register-highmem-and-gic-version-as-class-p.patch [bz#1952449] - kvm-hw-arm-virt-Add-8.5-and-9.0-machine-types-and-remove.patch [bz#1952449] - kvm-aarch64-rh-devices-add-CONFIG_PVPANIC_PCI.patch [bz#1747467] - kvm-spec-Do-not-build-qemu-kvm-block-gluster.patch [bz#1964795] - kvm-spec-Do-not-link-pcnet-and-ne2k_pci-roms.patch [bz#1965961] - kvm-redhat-s390x-add-rhel-8.5.0-compat-machine.patch [bz#1957194] - kvm-redhat-add-missing-entries-in-hw_compat_rhel_8_4.patch [bz#1957194] - kvm-redhat-Define-pseries-rhel8.5.0-machine-type.patch [bz#1957194] - kvm-virtio-net-failover-add-missing-remove_migration_sta.patch [bz#1957194] - kvm-hw-arm-virt-Disable-PL011-clock-migration-through-hw.patch [bz#1957194] - kvm-virtio-blk-Fix-rollback-path-in-virtio_blk_data_plan.patch [bz#1957194] - kvm-virtio-blk-Configure-all-host-notifiers-in-a-single-.patch [bz#1957194] - kvm-virtio-scsi-Set-host-notifiers-and-callbacks-separat.patch [bz#1957194] - kvm-virtio-scsi-Configure-all-host-notifiers-in-a-single.patch [bz#1957194] - kvm-hw-arm-smmuv3-Another-range-invalidation-fix.patch [bz#1957194] - Resolves: bz#1952449 ([aarch64] define RHEL9 machine types) - Resolves: bz#1747467 ([aarch64] [qemu] PVPANIC support) - Resolves: bz#1964795 (Remove qemu-kvm-block-gluster package) - Resolves: bz#1965961 (Remove links to not build roms) - Resolves: bz#1957194 (Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta) [6.0.0-4] - kvm-s390x-redhat-disable-experimental-3270-device.patch - Resolves: bz#1962479 (Disable the 'x-terminal3270' device in qemu-kvm on s390x) [6.0.0-3] - kvm-hw-s390x-Remove-the-RHEL7-only-machine-type.patch [bz#1944730] - Resolves: bz#1944730 (Remove RHEL7 machine type (s390-ccw-virtio-rhel7.5.0)) [6.0.0-2] - kvm-Remove-message-with-running-VM-count.patch [bz#1914461] - kvm-Remove-SPICE-and-QXL-from-x86_64-rh-devices.mak.patch [bz#1906168] - kvm-spec-file-build-qemu-kvm-without-SPICE-and-QXL.patch [bz#1906168] - kvm-spec-file-Obsolete-qemu-kvm-ui-spice.patch [bz#1906168] - Resolves: bz#1914461 (Remove KVM guest count and limit info message) - Resolves: bz#1906168 ([RHEL-9] qemu-kvm spec-file: Do not BuildRequire spice) [6.0.0-1] - Rebase to QEMU 6.0 - Resolves: bz#1872569 [5.2.0-16] - kvm-Limit-build-on-Power-to-qemu-img-and-qemu-ga-only.patch [bz#1944056] - Resolves: bz#1944056 (Do not build qemu-kvm for Power) [15:5.2.0-15] - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 [5.2.0-14.el8] - kvm-vhost-user-blk-fix-blkcfg-num_queues-endianness.patch [bz#1937004] - kvm-block-export-fix-blk_size-double-byteswap.patch [bz#1937004] - kvm-block-export-use-VIRTIO_BLK_SECTOR_BITS.patch [bz#1937004] - kvm-block-export-fix-vhost-user-blk-export-sector-number.patch [bz#1937004] - kvm-block-export-port-virtio-blk-discard-write-zeroes-in.patch [bz#1937004] - kvm-block-export-port-virtio-blk-read-write-range-check.patch [bz#1937004] - kvm-spec-ui-spice-sub-package.patch [bz#1936373] - kvm-spec-ui-opengl-sub-package.patch [bz#1936373] - Resolves: bz#1937004 (vhost-user-blk server endianness and input validation fixes) - Resolves: bz#1936373 (move spice & opengl modules to rpm subpackages) MODERATE Copyright 2023 Oracle, Inc. CVE-2022-3165 CVE-2022-4172 Oracle Linux 9 [20221207gitfff6d81270b5-9] - edk2-remove-amd-sev-feature-flag-from-secure-boot-builds-.patch [bz#2169247] - Resolves: bz#2169247 ([edk2] Install a sev guest with enrolled secure boot failed) [20221207gitfff6d81270b5-8] - edk2-OvmfPkg-disable-dynamic-mmio-window-rhel-only.patch [bz#2174605] - Resolves: bz#2174605 ([EDK2] disable dynamic mmio window) [20221207gitfff6d81270b5-7] - edk2-Revert-MdeModulePkg-TerminalDxe-add-other-text-resol.patch [bz#2162307] - Resolves: bz#2162307 (Broken GRUB output on a serial console) [20221207gitfff6d81270b5-6] - edk2-update-build-script-rhel-only.patch [bz#2168046] - edk2-update-build-config-rhel-only.patch [bz#2168046] - edk2-add-release-date-to-builds-rh-only.patch [bz#2168046] - edk2-openssl-update.patch [bz#2164534 bz#2164550 bz#2164565 bz#2164583] - edk2-rh-openssl-add-crypto-bn-rsa_sup_mul.c-to-file-list.patch [bz#2164534 bz#2164550 bz#2164565 bz#2164583] - Resolves: bz#2168046 ([SVVP] job 'Check SMBIOS Table Specific Requirements' failed on win2022) - Resolves: bz#2164534 (CVE-2023-0286 edk2: openssl: X.400 address type confusion in X.509 GeneralName [rhel-9]) - Resolves: bz#2164550 (CVE-2022-4304 edk2: openssl: timing attack in RSA Decryption implementation [rhel-9]) - Resolves: bz#2164565 (CVE-2023-0215 edk2: openssl: use-after-free following BIO_new_NDEF [rhel-9]) - Resolves: bz#2164583 (CVE-2022-4450 edk2: openssl: double free after calling PEM_read_bio_ex [rhel-9]) [20221207gitfff6d81270b5-5] - edk2-Revert-ArmVirtPkg-ArmVirtQemu-enable-initial-ID-map-.patch [bz#2157656] - Resolves: bz#2157656 ([edk2] [aarch64] Unable to initialize EFI firmware when using edk2-aarch64-20221207gitfff6d81270b5-1.el9 in some hardwares) [20221207gitfff6d81270b5-4] - edk2-ArmVirt-don-t-use-unaligned-CopyMem-on-NOR-flash.patch [bz#2158173] - Resolves: bz#2158173 ([aarch64][numa] Failed to create 2 numa nodes in some hardwares) [20221207gitfff6d81270b5-3] - edk2-OvmfPkg-VirtNorFlashDxe-map-flash-memory-as-uncachea.patch [bz#2158173] - edk2-MdePkg-Remove-Itanium-leftover-data-structure-RH-onl.patch [bz#1983086] - Resolves: bz#2158173 ([aarch64][numa] Failed to create 2 numa nodes in some hardwares) - Resolves: bz#1983086 (Assertion failure when creating 1024 VCPU VM: [...]UefiCpuPkg/CpuMpPei/CpuBist.c(186): !EFI_ERROR (Status)) [20221207gitfff6d81270b5-2] - edk2-use-rpm-build-flags-rh-only.patch [RHEL-177] - Resolves: RHEL-177 (Enable GNU_RELRO security protection) [20221207gitfff6d81270b5-1] - Rebase to edk2-stable202211 tag Resolves: RHEL-119 (rebase edk2 to edk2-stable202211) - Resolves: RHEL-75 (edk2 builds should show the build version) - Resolves: bz#2132951 (edk2: Sort traditional virtualization builds before Confidential Computing builds) [20220826gitba0e0e4c6a-2] - edk2-MdeModulePkg-PiSmmCore-SmmEntryPoint-underflow-CVE-2.patch [bz#1989857] - Resolves: bz#1989857 (CVE-2021-38578 edk2: integer underflow in SmmEntryPoint function leads to potential SMM privilege escalation [rhel-9.0]) [ 0220826gitba0e0e4c6a-1] - Rebase to edk2-stable202208 tag [RHELX-59] Resolves: RHELX-59 (rebase edk2 to 2022-08 stable tag) [20220526git16779ede2d36-4] - edk2-OvmfPkg-QemuVideoDxe-fix-bochs-mode-init.patch [RHELX-58] - Resolves: RHELX-58 (Guest console turns black with uefi rhel guests and stdvga) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2021-38578 CVE-2022-4450 CVE-2023-0286 CVE-2022-4304 CVE-2023-0215 Oracle Linux 9 [3.0.21-37] - Fix defect found by covscan Resolves: #2151705 [3.0.21-36] - Fix multiple CVEs Resolves: #2151705 Resolves: #2151703 Resolves: #2151707 [3.0.21-35] - Rebuild to add subpackages to CRB report Resolves: #2126380 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-41860 CVE-2022-41859 CVE-2022-41861 Oracle Linux 9 [9.0.9-2] - resolve CVE-2022-39229 grafana: Using email as a username can prevent other users from signing in - resolve CVE-2022-2880 CVE-2022-41715 grafana: various flaws [9.0.9-1] - update to 9.0.9 tagged upstream community sources, see CHANGELOG - resolve CVE-2022-35957 grafana: Escalation from admin to server admin when auth proxy is used (rhbz#2125530) [9.0.8-2] - bump NVR [9.0.8-1] - update to 9.0.8 tagged upstream community sources, see CHANGELOG - do not list /usr/share/grafana/conf twice - drop makefile in favor of create_bundles.sh script - sync provides/obsoletes with CentOS versions - drop husky patch MODERATE Copyright 2023 Oracle, Inc. CVE-2022-41715 CVE-2022-39229 CVE-2022-2880 CVE-2022-35957 CVE-2022-27664 Oracle Linux 9 [5.1.1-1] - update to 5.1.1 tagged upstream community sources, see CHANGELOG - resolve CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY [5.0.0-4] - update to 5.0.0 tagged upstream community sources, see CHANGELOG - install plugin in /usr/share and create symlink from /var using systemd-tmpfiles to work on rpm-ostree based distributions - revert the breaking change (change of internal plugin IDs) of upstream v5.0.0, i.e. there are no breaking changes when performing this upgrade - enable Go modules in build process - make vendor and webpack tarballs reproducible - drop makefile in favor of create_bundles.sh script MODERATE Copyright 2023 Oracle, Inc. CVE-2022-27664 Oracle Linux 9 [9.2-1] - Rebase to ntfs-3g 2022.5.17 - Fixes: CVE-2021-46790, CVE-2022-30783, CVE-2022-30784, CVE-2022-30785, CVE-2022-30786, CVE-2022-30787, CVE-2022-30788, CVE-2022-30789 resolves: rhbz#2127235 rhbz#2127242 (also 2127264 2127250 2127257) MODERATE Copyright 2023 Oracle, Inc. CVE-2021-46790 CVE-2022-30788 CVE-2022-30789 CVE-2022-30786 CVE-2022-30784 Oracle Linux 9 [8.3.1-5] - Resolves: #2147522 - It is not possible to run FRR as a non-root user [8.3.1-4] - Resolves: #2144500 - AVC error when reloading FRR with provided reload script [8.3.1-3] - Related: #2129743 - Adding missing rules for vtysh and other daemons [8.3.1-2] - Resolves: #2128738 - out-of-bounds read in the BGP daemon may lead to information disclosure or denial of service [8.3.1-1] - Resolves: #2129731 - Rebase FRR to the latest version - Resolves: #2129743 - Add targeted SELinux policy for FRR - Resolves: #2127494 - BGP incorrectly withdraws routes on graceful restart capable routers MODERATE Copyright 2023 Oracle, Inc. CVE-2022-37032 Oracle Linux 9 cockpit-composer [45-1.0.1] - Make per page documentation links point to Oracle Linux [Orabug: 32013095], [Orabug:34398922] [45-1] - New upstream release [44-1] - New upstream release [43-1] - New upstream release [42-1] - New upstream release osbuild [81-1] - New upstream release [80-1] - New upstream release [79-1] - New upstream release [78-1] - New upstream release [77-1] - New upstream release [76-1] - New upstream release [75-1] - New upstream release [74-1] - New upstream release [73-1] - New upstream release [72-1] - New upstream release [71-1] - New upstream release [70-1] - New upstream release [69-1] - New upstream release osbuild-composer [76-2] - distro/rhel: add payload repos to os package set (rhbz#2177699) - Manifest: always set kernel options in grub2 stage (rhbz#2162299) [76-1] - New upstream release [75-1] - New upstream release [74-1] - New upstream release [73-1] - New upstream release [72-1] - New upstream release [71-1] - New upstream release [70-1] - New upstream release [69-1] - New upstream release [68-1] - New upstream release [67-2] - Fix functional tests to make them pass in RHEL-9.2 gating [67-1] - New upstream release [62-1] - New upstream release [60-1] - New upstream release [59-1] - New upstream release [58-1] - New upstream release [57-1] - New upstream release [55-1] - New upstream release [54-1] - New upstream release [53-1] - New upstream release [51-1] - New upstream release [46-1] - New upstream release [45-1] - New upstream release [44-1] - New upstream release [43-1] - New upstream release [42-1] - New upstream release [41-1] - New upstream release [40-1] - New upstream release [39-1] - New upstream release [38-1] - New upstream release * Tue Nov 02 2021 lavocatt - 37-1 - New upstream release [36-1] - New upstream release [33-1] - New upstream release [32-1] - New upstream release [31-1] - New upstream release [30-2] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [30-1] - New upstream release [29-3] - Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065 [29-2] - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 weldr-client [35.9-1] - Copy rhel-92.json test repository from osbuild-composer - Update osbuild-composer test repositories from osbuild-composer - New release: 35.9 (bcl) Resolves: rhbz#2164560 - tests: Replace os.MkdirTemp with t.TempDir (bcl) - blueprint save: Allow overriding bad blueprint names (bcl) - tests: Clean up checking err in tests (bcl) - composer-cli: Implement blueprints diff (bcl) - saveBlueprint: Return the filename to the caller (bcl) - composer-cli: Add tests for using --commit with old servers (bcl) - weldr: Return error about the blueprints change route (bcl) - weldr: Save the http status code as part of APIResponse (bcl) - Add --commit support to blueprints save (bcl) - Add --commit to blueprints show (bcl) - gitleaks: Exclude the test password used in tests (bcl) - ci: add tags to AWS instances (tlavocat) - Update github.com/BurntSushi/toml to 1.2.1 - Update github.com/stretchr/testify to 1.8.1 - Update bump github.com/spf13/cobra to 1.6.1 - New release: 35.8 (bcl) - completion: Remove providers from bash completion script (bcl) - completion: Filter out new headers from compose list (bcl) - docs: Remove unneeded Long descriptions (bcl) - docs: Use a custom help template (bcl) - docs: Add more command documentation (bcl) - cmdline: Add package glob support to modules list command (bcl) - workflow: Add govulncheck on go v1.18 (bcl) - tests: Update to use golangci-lint 1.49.0 (bcl) - New release: 35.7 (bcl) - spec: Move %gometa macro above %gourl (bcl) - weldr: When starting a compose pass size as bytes, not MiB (bcl) - tests: Use correct size value in bytes for test (bcl) - workflow: Add Go 1.18 to text matrix (bcl) - Replace deprecated ioutil functions (bcl) - New release: 35.6 (bcl) - tests: Update tests for osbuild-composer changes (bcl) - CMD: Compose status format (eloy.coto) - CMD: Compose list format (eloy.coto) - tests: Update tests to check for JSON list output (bcl) - composer-cli: Change JSON output to be a list of objects (bcl) - weldr: Simplify the old ComposeLog, etc. functions (bcl) - composer-cli: Add --filename to blueprints freeze save command (bcl) - composer-cli: Add --filename to blueprints save command (bcl) - composer-cli: Add --filename to compose logs command (bcl) - composer-cli: Add --filename to compose image command (bcl) - composer-cli: Add --filename to compose metadata command (bcl) - composer-cli: Add --filename to compose results command (bcl) - weldr: Add saving to a new filename to GetFilePath function (bcl) - github: Fix issue with codecov and forced pushes in PRs (bcl) - Use golangci-lint 1.45.2 in workflow (bcl) - Run workflow tests for go 1.16.x and 1.17.x (bcl) - Move go.mod to go 1.16 (bcl) - workflows/trigger-gitlab: run Gitlab CI in new image-builder project (jrusz) - Update GitHub actions/setup-go to 3 - Update GitHub actions/checkout to 3 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-41715 CVE-2022-27664 CVE-2022-41717 CVE-2022-2879 CVE-2022-2880 Oracle Linux 9 [2.42.6-3] - Backport fixes for CVE-2021-46829 and CVE-2021-44648 - Resolves: rhbz#2115213 - Resolves: rhbz#2044346 MODERATE Copyright 2023 Oracle, Inc. CVE-2021-46829 CVE-2021-44648 Oracle Linux 9 [2:2.1.7-1] - update to https://github.com/containers/conmon/releases/tag/v2.1.7 - Resolves: #2173697 [2:2.1.6-1] - update to https://github.com/containers/conmon/releases/tag/v2.1.6 - Related: #2124478 [2:2.1.5-1] - update to https://github.com/containers/conmon/releases/tag/v2.1.5 - Related: #2124478 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-41717 Oracle Linux 9 [12.5.4-5.0.1] - add mpstat -H option to also display physically hotplugged vCPUs [Orabug: 34683087] [12.5.4-5] - Fix --dec argument validation (rhbz#2080650) [12.5.4-4] - arithmetic overflow in allocate_structures() on 32 bit systems (CVE-2022-39377) MODERATE Copyright 2023 Oracle, Inc. CVE-2022-39377 Oracle Linux 9 [1.20.11-17] - Fix xvfb-run script with --listen-tcp Resolves: rhbz#2172116 [1.20.11-16] - CVE-2023-0494 (#2166973) [1.20.11-15] - Follow-up fix for CVE-2022-46340 (#2151776) [1.20.11-14] - CVE fix for: CVE-2022-4283 (#2151801), CVE-2022-46340 (#2151776), CVE-2022-46341 (#2151781), CVE-2022-46342 (#2151788), CVE-2022-46343 (#2151791), CVE-2022-46344 (#2151798) [1.20.11-13] - Drop dependency on xorg-x11-font-utils, it was only there for one pkgconfig query for a variable that never changes value (#2148292) [1.20.11-12] - Fix CVE-2022-3550, CVE-2022-3551 Resolves: rhbz#2140768, rhbz#2140773 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-46343 CVE-2023-0494 CVE-2022-46340 CVE-2022-3550 CVE-2022-3551 CVE-2022-46341 CVE-2022-46342 CVE-2022-46344 CVE-2022-4283 Oracle Linux 9 [21.1.3-7] - Fix CVE-2023-0494 (#2166974) [21.1.3-6] - Follow-up fix for CVE-2022-46340 (#2151778) [21.1.3-5] - CVE fix for: CVE-2022-4283 (#2151803), CVE-2022-46340 (#2151778), CVE-2022-46341 (#2151783), CVE-2022-46342 (#2151786), CVE-2022-46343 (#2151793), CVE-2022-46344 (#2151796) [ 21.1.3-4] - Fix CVE-2022-3550, CVE-2022-3551 Resolves: rhbz#2140769, rhbz#2140771 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-0494 CVE-2022-46342 CVE-2022-46341 CVE-2022-3550 CVE-2022-46344 CVE-2022-4283 CVE-2022-46343 CVE-2022-46340 CVE-2022-3551 Oracle Linux 9 [1.29.1-1.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178] [1:1.29.1-1] - update to the latest content of https://github.com/containers/buildah/tree/release-1.29 (https://github.com/containers/buildah/commit/7fa17a8) - Related: #2124478 [1:1.29.0-3] - update to the latest content of https://github.com/containers/buildah/tree/release-1.29 (https://github.com/containers/buildah/commit/c822cc6) - Related: #2124478 [1:1.29.0-2] - update to the latest content of https://github.com/containers/buildah/tree/release-1.29 (https://github.com/containers/buildah/commit/94b723c) - Related: #2124478 [1:1.29.0-1] - update to the latest content of https://github.com/containers/buildah/tree/release-1.29.0 (https://github.com/containers/buildah/commit/94b723c) - Related: #2124478 [1:1.29.0-0.4] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/078a7ff) - Related: #2124478 [1:1.29.0-0.3] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/4b72f05) - Related: #2124478 [1:1.29.0-0.2] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/c541c35) - Related: #2124478 [1:1.29.0-0.1] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/8ca903b) - Related: #2124478 [1:1.28.2-3] - update to the latest content of https://github.com/containers/buildah/tree/release-1.28 (https://github.com/containers/buildah/commit/cfefbb6) - fixes segmentation fault on s390x - Resolves: #2150429 [1:1.28.2-2] - update to the latest content of https://github.com/containers/buildah/tree/release-1.28 (https://github.com/containers/buildah/commit/7e4d9dd) - Resolves: #2151247 [1:1.28.2-1] - update to https://github.com/containers/buildah/releases/tag/v1.28.2 - Related: #2124478 [1:1.28.0-2] - pull in crun by default - Resolves: #2142494 [1:1.28.0-1] - update to https://github.com/containers/buildah/releases/tag/v1.28.0 - Related: #2124478 [1:1.27.0-2] - fix CVE-2022-2990 - Related: #2061316 [1:1.27.0-1] - update to https://github.com/containers/buildah/releases/tag/v1.27.0 - Related: #2061316 [1:1.26.4-2] - add buildah-tutorial to test subpackage - Related: #2061316 [1:1.26.4-1] - update to https://github.com/containers/buildah/releases/tag/v1.26.4 - Related: #2061316 [1:1.26.3-1] - update to https://github.com/containers/buildah/releases/tag/v1.26.3 - Related: #2061316 [1:1.26.2-1] - update to https://github.com/containers/buildah/releases/tag/v1.26.2 - Related: #2061316 [1:1.26.1-4] - Re-enable LTO and debuginfo - Related: #2061316 [1:1.26.1-3] - BuildRequires: /usr/bin/go-md2man - Related: #2061316 [1:1.26.1-2] - Add missing container networking dependencies (thanks to Neal Gompa) - Related: #2061316 [1:1.26.1-1] - update to https://github.com/containers/buildah/releases/tag/v1.26.1 - Related: #2061316 [1:1.25.1-1] - update to https://github.com/containers/buildah/releases/tag/v1.25.1 - Related: #2061316 [1:1.25.0-1] - update to https://github.com/containers/buildah/releases/tag/v1.25.0 - Related: #2061316 [1:1.24.2-2] - Add patch to fix bash symtax for gating tests - Upstream PR: https://github.com/containers/buildah/pull/3792 - Related: #2000051 [1:1.24.2-1] - update to https://github.com/containers/buildah/releases/tag/v1.24.2 - Related: #2000051 [1:1.24.1-1] - update to https://github.com/containers/buildah/releases/tag/v1.24.1 - Related: #2000051 [1:1.24.0-1] - update to https://github.com/containers/buildah/releases/tag/v1.24.0 - Related: #2000051 [1:1.24.0-0.52] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/718f2b4) - Related: #2000051 [1:1.24.0-0.51] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/2189882) - Related: #2000051 [1:1.24.0-0.50] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/4b3aaee) - Related: #2000051 [1:1.24.0-0.49] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/da00c99) - Related: #2000051 [1:1.24.0-0.48] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/7bcca21) - Related: #2000051 [1:1.24.0-0.47] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/60880a7) - Related: #2000051 [1:1.24.0-0.46] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/031e72c) - Related: #2000051 [1:1.24.0-0.45] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/b3798a1) - Related: #2000051 [1:1.24.0-0.44] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/4b22fc5) - Related: #2000051 [1:1.24.0-0.43] - add required test files - Related: #2000051 [1:1.24.0-0.42] - basically, bring in from RHEL8 container-tools module, remove podman & skopeo, and bang at it until it works. (Ed Santiago) - Related: #2000051 [1:1.24.0-0.41] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/9591a8d) - Related: #2000051 [1:1.24.0-0.40] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/0bd4dd1) - Related: #2000051 [1:1.24.0-0.39] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/c5ef5c0) - Related: #2000051 [1:1.24.0-0.38] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/c7e45ed) - Related: #2000051 [1:1.24.0-0.37] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/1f1b960) - Related: #2000051 [1:1.24.0-0.36] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/de86fab) - Related: #2000051 [1:1.24.0-0.35] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/6d01253) - Related: #2000051 [1:1.24.0-0.34] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/2711b85) - Related: #2000051 [1:1.24.0-0.33] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/dc7625a) - Related: #2000051 [1:1.24.0-0.32] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/8b79d8b) - Related: #2000051 [1:1.24.0-0.31] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/b768318) - Related: #2000051 [1:1.24.0-0.30] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/78a1d08) - Related: #2000051 [1:1.24.0-0.29] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/68cd602) - Related: #2000051 [1:1.24.0-0.28] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/50ebc90) - Related: #2000051 [1:1.24.0-0.27] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/e3283ab) - Related: #2000051 [1:1.24.0-0.26] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/96e1871) - Related: #2000051 [1:1.24.0-0.25] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/ecd7474) - Related: #2000051 [1:1.24.0-0.24] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/a381063) - Related: #2000051 [1:1.24.0-0.23] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/f36d1f2) - Related: #2000051 [1:1.24.0-0.22] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/639320e) - Related: #2000051 [1:1.24.0-0.21] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/762cf6f) - Related: #2000051 [1:1.24.0-0.20] - respect Epoch in subpackage dependencies - Related: #2000051 [1:1.24.0-0.19] - bump Epoch to preserve upgrade path - Related: #2000051 [1.24.0-0.18] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/982717a) - Related: #2000051 [1.24.0-0.17] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/e47f4a1) - Related: #2000051 [1.24.0-0.16] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/211972a) - Related: #2000051 [1.24.0-0.15] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/c044ad6) - Related: #2000051 [1.24.0-0.14] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/7807a0e) - Related: #2000051 [1.24.0-0.13] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/0cd9445) - Related: #2000051 [1.24.0-0.12] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/954c481) - Related: #2000051 [1.24.0-0.11] - include all man pages - Related: #2000051 [1.24.0-0.10] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/d2ef199) - Related: #2000051 [1.24.0-0.9] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/455f2f1) - Related: #2000051 [1.24.0-0.8] - add gating.yaml - Related: #2000051 [1.24.0-0.7] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/5b0de7b) - Related: #2000051 [1.24.0-0.6] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/9a49348) - Related: #2000051 [1.24.0-0.5] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/a72aad4) - Related: #2000051 [1.24.0-0.4] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/b8757e9) - Related: #2000051 [1.24.0-0.3] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/4c287d1) - Related: #2000051 [1.24.0-0.2] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/753716a) - Related: #2000051 [1.24.0-0.1] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/69b3e56) - Related: #2000051 [1.23.0-0.3] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/8657d7e) - Related: #2000051 [1.23.0-0.2] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/0346b38) - Related: #2000051 [1.23.0-0.1] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/a5aba5c) - Related: #2000051 [1.22.3-1] - update to the latest content of https://github.com/containers/buildah/tree/release-1.22 (https://github.com/containers/buildah/commit/4d20222) - Related: #2000051 [1.22.0-3] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [1.22.0-2] - update to the latest content of https://github.com/containers/buildah/tree/release-1.22 (https://github.com/containers/buildah/commit/71b8003) - Related: #1970747 [1.22.0-1] - update to 1.22.0 release and switch to the release-1.22 maint branch - Related: #1970747 [1.22.0-0.4] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/56ff12f) - Related: #1970747 [1.22.0-0.3] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/f517d85) - Related: #1970747 [1.22.0-0.2] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/42dbc97) - Related: #1970747 [1.22.0-0.1] - switch to main branch - Related: #1970747 [1.21.4-2] - add buildah-copy helper - Related: #1970747 [1.21.4-1] - update to the latest content of https://github.com/containers/buildah/tree/release-1.21 (https://github.com/containers/buildah/commit/9c83683) - Related: #1970747 [1.21.3-2] - update to the latest content of https://github.com/containers/buildah/tree/release-1.21 (https://github.com/containers/buildah/commit/30a10f3) - Related: #1970747 [1.21.3-1] - update to the latest content of https://github.com/containers/buildah/tree/release-1.21 (https://github.com/containers/buildah/commit/7f9540d) - Related: #1970747 [1.21.1-1] - update to buildah 1.21.1 from the release-1.21 upstream branch - Related: #1970747 [1.22.0-0.17] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/ecfcde2) - Related: #1970747 [1.22.0-0.16] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/3ed5d8e) - Related: #1970747 [1.22.0-0.15] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/c7d828f) - Related: #1970747 [1.22.0-0.14] - 'buildah version' produces correct output - Related: #1970747 [1.22.0-0.13] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/6bc611d) - Related: #1970747 [1.22.0-0.12] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/3a0b52f) - Related: #1970747 [1.22.0-0.11] - switch master -> main - Related: #1970747 [1.22.0-0.10] - update to the latest content of https://github.com/containers/buildah/tree/master (https://github.com/containers/buildah/commit/6d5d1ae) - Related: #1970747 [1.22.0-0.9] - Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065 [1.22.0-0.8] - update to the latest content of https://github.com/containers/buildah/tree/master (https://github.com/containers/buildah/commit/802a904) - Related: #1970747 [1.22.0-0.7] - update to the latest content of https://github.com/containers/buildah/tree/master (https://github.com/containers/buildah/commit/5181b9c) - Related: #1970747 [1.22.0-0.6] - update to the latest content of https://github.com/containers/buildah/tree/master (https://github.com/containers/buildah/commit/814868e) - Related: #1970747 [1.22.0-0.5] - update to the latest content of https://github.com/containers/buildah/tree/master (https://github.com/containers/buildah/commit/30c07b7) - Related: #1970747 [1.22.0-0.4] - update to the latest content of https://github.com/containers/buildah/tree/master (https://github.com/containers/buildah/commit/d99221f) - Related: #1970747 [1.22.0-0.3] - update to the latest content of https://github.com/containers/buildah/tree/master (https://github.com/containers/buildah/commit/8d08247) - Related: #1970747 [1.22.0-0.2] - update buildah - Related: #1970747 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-41717 CVE-2022-30629 Oracle Linux 9 [2.38.5-1] - Update to 2.38.5 Related: #2127467 [2.38.4-1] - Update to 2.38.4 Related: #2127467 [2.38.3-1] - Update to 2.38.3 Related: #2127467 [2.38.2-1] - Update to 2.38.2 Related: #2127467 [2.38.1-2] - Fix use with aarch64 64 KiB page size Related: #2127467 [2.38.1-1] - Update to 2.38.1 Resolves: #2127467 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-32923 CVE-2022-42799 CVE-2023-23517 CVE-2022-32888 CVE-2022-42824 CVE-2022-42852 CVE-2022-46699 CVE-2022-46692 CVE-2023-25360 CVE-2023-23518 CVE-2022-42867 CVE-2022-46691 CVE-2022-42823 CVE-2022-42863 CVE-2022-46698 CVE-2022-46700 CVE-2023-25362 CVE-2023-25358 CVE-2023-25361 CVE-2022-32886 CVE-2022-42826 CVE-2023-25363 Oracle Linux 9 [1.12.0-13] - xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability Resolves: bz#2180309 [1.12.0-12] - SELinux: allow vncsession create .vnc directory Resolves: bz#2164703 [1.12.0-11] - Add sanity check when cleaning up keymap changes Resolves: bz#2169965 [1.12.0-10] - xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation Resolves: bz#2167061 [1.12.0-9] - Rebuild for xorg-x11-server CVE-2022-46340 follow up fix [1.12.0-8] - Rebuild for xorg-x11-server CVEs Resolves: CVE-2022-4283 (bz#2154234) Resolves: CVE-2022-46340 (bz#2154221) Resolves: CVE-2022-46341 (bz#2154224) Resolves: CVE-2022-46342 (bz#2154226) Resolves: CVE-2022-46343 (bz#2154228) Resolves: CVE-2022-46344 (bz#2154230) [1.12.0-7] - x0vncserver: add new keysym in case we don't find matching keycode + actually apply the patch Resolves: bz#2119017 [1.12.0-6] - x0vncserver: add new keysym in case we don't find matching keycode Resolves: bz#2119017 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-46340 CVE-2022-4283 CVE-2022-46341 CVE-2022-46343 CVE-2022-46344 CVE-2022-46342 Oracle Linux 9 [1.1.4-6] - Fix CVE-2022-40023 (#2133606) MODERATE Copyright 2023 Oracle, Inc. CVE-2022-40023 Oracle Linux 9 [21.01.0-14] - Check for overflow when computing number of symbols - in JBIG2 text region - Resolves: #2126364 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-38784 Oracle Linux 9 [1.18.4-6] - Fixes for CVE-2022-1920, CVE-2022-1921, CVE-2022-1922, CVE-2022-1923, CVE-2022-1924, CVE-2022-1925, CVE-2022-2122 Resolves: rhbz#2131034, rhbz#2131039, rhbz#2131045, rhbz#2131049, rhbz#2131054, rhbz#2131060, rhbz#2131064 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-1921 CVE-2022-1920 CVE-2022-1925 CVE-2022-1924 CVE-2022-1922 CVE-2022-2122 CVE-2022-1923 Oracle Linux 9 [32:9.16.23-11] - Correct backport issue in statistics rendering fix (#2126912) [32:9.16.23-10] - Handle subtle difference between upstream and rhel (CVE-2022-3094) [32:9.16.23-9] - Prevent flooding with UPDATE requests (CVE-2022-3094) - Handle RRSIG queries when server-stale is active (CVE-2022-3736) - Fix crash when soft-quota is reached and serve-stale is active (CVE-2022-3924) [32:9.16.23-8] - Correct regression preventing bind-dyndb-ldap build (#2162795) [32:9.16.23-7] - Prevent freeing zone during statistics rendering (#2101712) [32:9.16.23-6] - Bound the amount of work performed for delegations (CVE-2022-2795) - Add /usr/lib64/named to bind-chroot (#2129466) MODERATE Copyright 2023 Oracle, Inc. CVE-2022-3924 CVE-2022-2795 CVE-2022-3736 CVE-2022-3094 Oracle Linux 9 [4.4.1-3.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404] [2:4.4.1-3] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel (https://github.com/containers/podman/commit/e1703bb) - Related: #2124478 [2:4.4.1-2] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel (https://github.com/containers/podman/commit/0b38633) - Related: #2124478 [2:4.4.1-1] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel (https://github.com/containers/podman/commit/d4e285a) - Related: #2124478 [2:4.4.1-0.1] - update to the latest content of https://github.com/containers/podman/tree/v4.4 (https://github.com/containers/podman/commit/f5670f0) - Related: #2124478 [2:4.4.0-1] - update to podman-4.4 release - Related: #2124478 [2:4.4.0-0.10] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/68bbdc2) - Related: #2124478 [2:4.4.0-0.9] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/323b515) - Related: #2124478 [2:4.4.0-0.8] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/c35e74f) - Related: #2124478 [2:4.4.0-0.7] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/ce504bb) - Related: #2124478 [2:4.4.0-0.6] - add quadlet to tests - Related: #2124478 [2:4.4.0-0.5] - obsolete podman-catatonit in order to not to file conflict with catatonit - Related: #2124478 [2:4.4.0-0.4] - build v4.4.0-rc2 - Related: #2124478 [2:4.4.0-0.3] - remove podman-machine-cni, it is now part of podman 4.0 or newer - Related: #2124478 [2:4.4.0-0.2] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/07ba51d) - update gvisor-tap-vsock to 0.5.0 - Related: #2124478 [2:4.4.0-0.1] - podman-4.4.0-rc1 - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/f1af5b3) - Related: #2124478 [2:4.3.1-4] - podman shouldn't provide and file conflict with catatonit in CRB - Resolves: #2151322 [2:4.3.1-3] - fix 'podman manifest add' is not concurrent safe - Resolves: #2105173 [2:4.3.1-2] - properly obsolete catatonit - Resolves: #2123319 [2:4.3.1-1] - update to https://github.com/containers/podman/releases/tag/v4.3.1 - Related: #2124478 [2:4.3.0-2] - rebuild to fix CVE-2022-30629 - Related: #2102994 [2:4.3.0-1] - update to https://github.com/containers/podman/releases/tag/v4.3.0 - Related: #2124478 [2:4.2.0-3] - fix dependency in test subpackage - Related: #2061316 [2:4.2.0-2] - readd catatonit - Related: #2061316 [2:4.2.0-1] - update to latest content of https://github.com/containers/podman/releases/tag/4.2.0 (https://github.com/containers/podman/commit/7fe5a419cfd2880df2028ad3d7fd9378a88a04f4) - Related: #2061316 [2:4.2.0-0.3rc3] - require catatonit for gating tests - Related: #2061316 [2:4.2.0-0.2rc3] - update to 4.2.0-rc3 - Related: #2061316 [2:4.2.0-0.1rc2] - update to 4.2.0-rc2 - Related: #2061316 [2:4.1.1-6] - convert catatonit dependency to soft dep as catatonit is no longer in Appstream but in CRB - Related: #2061316 [2:4.1.1-5] - rebuild for combined gating with catatonit - Related: #2097694 [2:4.1.1-4] - catatonit is now a standalone package - Related: #2097694 [2:4.1.1-3] - update to the latest content of https://github.com/containers/podman/tree/v4.1.1-rhel (https://github.com/containers/podman/commit/fa692a6) - Related: #2097694 [2:4.1.1-2] - be sure podman services/sockets are stopped upon package removal - Related: #2061316 [2:4.1.1-1] - update to https://github.com/containers/podman/releases/tag/v4.1.1 - Related: #2061316 [2:4.1.0-4] - don't require runc and Recommends: crun - Related: #2061316 [2:4.1.0-3] - Re-enable LTO and debuginfo - Related: #2061316 [2:4.1.0-2] - update gvisor-tap-vsock to 0.2.0 to fix compilation with golang 1.18 - Related: #2061316 [2:4.1.0-1] - update to https://github.com/containers/podman/releases/tag/v4.1.0 - Related: #2061316 [2:4.0.3-2] - require netavark and move CNI to soft dependencies - Related: #2061316 [2:4.0.3-1] - update to https://github.com/containers/podman/releases/tag/v4.0.3 - Related: #2061316 [2:4.0.2-3] - bump minimal libseccomp version requirement - Related: #2061316 [2:4.0.2-2] - rebuilt with golang >= 1.17.5 (CVE-2021-44716, CVE-2021-44717) - Related: #2061316 [2:4.0.2-1] - update to https://github.com/containers/podman/releases/tag/v4.0.2 - Related: #2059681 [2:4.0.1-1] - update to https://github.com/containers/podman/releases/tag/v4.0.1 - Related: #2000051 [2:4.0.0-6] - set catatonit cflags after configure step, don't explicitly set ldflags - Related: #2054115 [2:4.0.0-5] - revert previous change and run set_build_flags before the build process - Related: #2054115 [2:4.0.0-4] - add -D_FORTIFY_SOURCE=2 for podman-catatonit - Related: #2054115 [2:4.0.0-3] - depend on containers-common >= 2:1-28 - Related: #2000051 [2:4.0.0-2] - use correct commit 49f8da72 for podman, previous commit said 4.0.1-dev - Related: #2000051 [2:4.0.0-1] - update to podman-4.0.0 release - Related: #2000051 [2:4.0.0-0.32] - update to the latest content of https://github.com/containers/podman/tree/v4.0 (https://github.com/containers/podman/commit/a34f279) - Related: #2000051 [2:4.0.0-0.31] - update to the latest content of https://github.com/containers/podman/tree/v4.0 (https://github.com/containers/podman/commit/ab3e566) - Related: #2000051 [2:4.0.0-0.30] - fix linker flags to assure -D_FORTIFY_SOURCE=2 is present at the command line - Related: #2000051 [2:4.0.0-0.29] - update to the latest content of https://github.com/containers/podman/tree/v4.0 (https://github.com/containers/podman/commit/b0a445e) - Related: #2000051 [2:4.0.0-0.28] - update to the latest content of https://github.com/containers/podman/tree/v4.0 (https://github.com/containers/podman/commit/c4a9aa7) - Related: #2000051 [2:4.0.0-0.27] - update to the latest content of https://github.com/containers/podman/tree/v4.0 (https://github.com/containers/podman/commit/5b2d96f) - Related: #2000051 [2:4.0.0-0.26] - set CGO_CFLAGS explicitly - Related: #2000051 [2:4.0.0-0.25] - bump to 0.25 to have highest NVR - Related: #2000051 [2:4.0.0-0.4] - rebuilt - Related: #2000051 [2:4.0.0-0.3] - update to the latest content of https://github.com/containers/podman/tree/v4.0 (https://github.com/containers/podman/commit/2dca7b2) - Related: #2000051 [2:4.0.0-0.2] - update to the latest content of https://github.com/containers/podman/tree/v4.0 (https://github.com/containers/podman/commit/4ad9e00) - Related: #2000051 [2:4.0.0-0.1] - update to the latest content of https://github.com/containers/podman/tree/v4.0 (https://github.com/containers/podman/commit/337f706) - Related: #2000051 [2:3.4.5-0.8] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/a54320a) - Related: #2000051 [2:3.4.5-0.7] - add rootless_role (Ed Santiago) - Related: #2000051 [2:3.4.5-0.6] - add git-daemon to test subpackage (https://github.com/containers/podman/issues/12851) - Related: #2000051 [2:3.4.5-0.5] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/63134a1) - Related: #2000051 [2:3.4.5-0.4] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/3f57b6e) - Related: #2000051 [2:3.4.5-0.3] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/17788ed) - Related: #2000051 [2:3.4.5-0.2] - incorporate gating test fixes from Ed Santiago: - remove buildah and skopeo (unused) - bump BATS from v1.1 to v1.5 - rename 'nonroot' to 'rootless' - Related: #2000051 [2:3.4.5-0.1] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/b8fde5c) - Related: #2000051 [2:3.4.4-0.1] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/49f589d) - Related: #2000051 [2:3.4.3-0.11] - remove downstream patch already applied upstream - Related: #2000051 [2:3.4.3-0.10] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/fe44757) - Related: #2000051 [2:3.4.3-0.9] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/815f36a) - Related: #2000051 [2:3.4.3-0.8] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/31bc358) - Related: #2000051 [2:3.4.3-0.7] - bump Epoch to not to pull in older versions built off upstream main branch - Related: #2000051 [1:3.4.3-0.6] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/e3a7a74) - add libsubid_tag.sh into BUILDTAGS - Related: #2000051 [1:3.4.3-0.5] - do not put patch URL as the backported patch will get overwritten when 'spectool -g -f' is executed - Related: #2000051 [1:3.4.3-0.4] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/7203178) - Related: #2000051 [1:3.4.3-0.3] - remove -t 0 from podman gating test - Related: #2000051 [1:3.4.3-0.2] - add BuildRequires: shadow-utils-subid-devel - Related: #2000051 [1:3.4.3-0.1] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/4808a63) - Related: #2000051 [1:3.4.2-0.8] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/fd010ad) - Related: #2000051 [1:3.4.2-0.7] - backport https://github.com/containers/podman/pull/12118 to 3.4 in attempt to fix gating tests - Related: #2000051 [1:3.4.2-0.6] - add Requires: gnupg (https://github.com/containers/podman/pull/12270) - Related: #2000051 [1:3.4.2-0.5] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/8de9950) - Related: #2000051 [1:3.4.2-0.4] - update catatonit to 1.7 - Related: #2000051 [1:3.4.2-0.3] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/75023e9) - Related: #2000051 [1:3.4.2-0.2] - compile catatonit library as PIE - Related: #2000051 [1:3.4.2-0.1] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/09aade7) - Related: #2000051 [1:3.4.1-2] - more dependency tightening - thanks to Michael Rochefort for noticing - Related: #2000051 [1:3.4.1-1] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/c15c154) - Related: #2000051 [1:4.0.0-0.24] - respect Epoch in subpackage dependencies - Related: #2000051 [1:4.0.0-0.23] - bump Epoch to preserve upgrade path from RHEL8 - Related: #2000051 [4.0.0-0.22] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/ea86893) - Related: #2000051 [4.0.0-0.21] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/14c0fcc) - Related: #2000051 [4.0.0-0.20] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/bfb904b) - Related: #2000051 [4.0.0-0.19] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/8bcc086) - Related: #2000051 [4.0.0-0.18] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/c963a50) - Related: #2000051 [4.0.0-0.17] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/b9d8c63) - Related: #2000051 [4.0.0-0.16] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/317e20a) - Related: #2000051 [4.0.0-0.15] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/b187dfe) - Related: #2000051 [4.0.0-0.14] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/cd10304) - Related: #2000051 [4.0.0-0.13] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/e19a09c) - Related: #2000051 [4.0.0-0.12] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/800d594) - Related: #2000051 [4.0.0-0.11] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/1dba601) - Related: #2000051 [4.0.0-0.10] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/8e2d25e) - Related: #2000051 [4.0.0-0.9] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/b925d70) - Related: #2000051 [4.0.0-0.8] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/6cf13c3) - Related: #2000051 [4.0.0-0.7] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/5f41ffd) - update to https://github.com/containers/podman-machine-cni/releases/tag/v0.2.0 - Related: #2000051 [4.0.0-0.6] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/4b6ffda) - Related: #2000051 [4.0.0-0.5] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/323fe36) - Related: #2000051 [4.0.0-0.4] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/b603c7a) - Related: #2000051 [4.0.0-0.3] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/0f3d3bd) - Related: #2000051 [4.0.0-0.2] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/63f6656) - Related: #2000051 [4.0.0-0.1] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/26c8549) - Related: #2000051 [3.3.1-1] - update to the latest content of https://github.com/containers/podman/tree/v3.3.1-rhel (https://github.com/containers/podman/commit/405507a) - Related: #2000051 - mark ghost dir correctly [3.3.0-4] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [3.3.0-3] - update to the latest content of https://github.com/containers/podman/tree/v3.3 (https://github.com/containers/podman/commit/57422d2) - Related: #1970747 [3.3.0-2] - update to the latest content of https://github.com/containers/podman/tree/v3.3 (https://github.com/containers/podman/commit/b1d3875) - Related: #1970747 [3.3.0-1] - update to 3.3.0 release and switch to the v3.3 maint branch - Related: #1970747 [3.3.0-0.27] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/4244288) - Related: #1970747 [3.3.0-0.26] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/f17b810) - Related: #1970747 [3.3.0-0.25] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/2041731) - Related: #1970747 [3.3.0-0.24] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/f9395dd) - Related: #1970747 [3.3.0-0.23] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/a5de831) - Related: #1970747 [3.3.0-0.22] - bump version to follow the 3.3.0 upgrade path - Related: #1970747 [3.3.0-0.9] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/4f5b19c) - Related: #1970747 [3.2.3-0.8] - update to the latest content of https://github.com/containers/podman/tree/v3.2.3-rhel (https://github.com/containers/podman/commit/78f0bd7) - Related: #1970747 [3.2.3-0.7] - switch to v3.2.3-rhel branch - Related: #1970747 [3.2.3-0.6] - update to the latest content of https://github.com/containers/podman/tree/v3.2 (https://github.com/containers/podman/commit/2eea7fe) - Related: #1970747 [3.2.3-0.5] - update to the latest content of https://github.com/containers/podman/tree/v3.2 (https://github.com/containers/podman/commit/4136f8b) - Related: #1970747 [3.2.3-0.4] - update product version in gating.yaml - update to the latest content of https://github.com/containers/podman/tree/v3.2 (https://github.com/containers/podman/commit/60d12f7) - Related: #1970747 [3.2.3-0.3] - update to the latest content of https://github.com/containers/podman/tree/v3.2 (https://github.com/containers/podman/commit/275b0d8) - Related: #1970747 [3.2.3-0.2] - put 87-podman-bridge.conflist to main podman package not podman-remote - Related: #1970747 [3.2.3-0.1] - update to the latest content of https://github.com/containers/podman/tree/v3.2 (https://github.com/containers/podman/commit/6f0bf16) - Related: #1970747 [3.2.2-2] - remove missing unit files - Related: #1970747 [3.2.2-1] - consume content from v3.2 upstream branch - Related: #1970747 [3.3.0-0.21] - fix build - Related: #1970747 [3.3.0-0.20] - update install targets - Related: #1970747 [3.3.0-0.19] - update to the latest content of https://github.com/containers/podman/tree/master (https://github.com/containers/podman/commit/1846070) - Related: #1970747 [3.3.0-0.18] - update to the latest content of https://github.com/containers/podman/tree/master (https://github.com/containers/podman/commit/c260cbd) - Related: #1970747 [3.3.0-0.17] - update to the latest content of https://github.com/containers/podman/tree/master (https://github.com/containers/podman/commit/0a0ade3) - Related: #1970747 [3.3.0-0.16] - update to the latest content of https://github.com/containers/podman/tree/master (https://github.com/containers/podman/commit/d1f57a0) - Related: #1970747 [3.3.0-0.15] - update to the latest content of https://github.com/containers/podman/tree/master (https://github.com/containers/podman/commit/fc34f35) - Related: #1970747 [3.3.0-0.14] - update to the latest content of https://github.com/containers/podman/tree/master (https://github.com/containers/podman/commit/d3afc6b) - Related: #1970747 [3.3.0-0.13] - Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065 [3.3.0-0.12] - update to the latest content of https://github.com/containers/podman/tree/master (https://github.com/containers/podman/commit/be15e69) - Related: #1970747 [3.3.0-0.11] - update to the latest content of https://github.com/containers/podman/tree/master (https://github.com/containers/podman/commit/928687e) - Resolves: #1970747 [3.3.0-0.10] - update to the latest content of https://github.com/containers/podman/tree/master (https://github.com/containers/podman/commit/ce04a3e) - Resolves: #1970747 [3.3.0-0.9] - update to the latest content of https://github.com/containers/podman/tree/master (https://github.com/containers/podman/commit/814a8b6) - Resolves: #1970747 [3.3.0-0.8] - add new systemd unit files - Related: #1970747 [3.3.0-0.7] - update to the latest content of https://github.com/containers/podman/tree/master (https://github.com/containers/podman/commit/092b2ec) - Related: #1970747 [3.3.0-0.6] - update to the latest content of https://github.com/containers/podman/tree/master (https://github.com/containers/podman/commit/e2f51ee) - Related: #1970747 [3.3.0-0.5] - update to the latest content of https://github.com/containers/podman/tree/master (https://github.com/containers/podman/commit/e549ca5) - Related: #1970747 [3.3.0-0.4] - update podman - Related: #1970747 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-30629 CVE-2022-41717 Oracle Linux 9 [2:1.11.2-0.1] - update to the latest content of https://github.com/containers/skopeo/tree/release-1.11 (https://github.com/containers/skopeo/commit/3f98753) - Related: #2124478 [2:1.11.1-1] - update to https://github.com/containers/skopeo/releases/tag/v1.11.1 - Related: #2124478 [2:1.11.0-1] - update to 1.11.0 release - Related: #2124478 [2:1.11.0-0.4] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/b3b2c73) - Related: #2124478 [2:1.11.0-0.3] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/fe15a36) - Related: #2124478 [2:1.11.0-0.2] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/8e09e64) - Related: #2124478 [2:1.11.0-0.1] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/2817510) - Related: #2124478 [2:1.10.0-1] - update to https://github.com/containers/skopeo/releases/tag/v1.10.0 - Related: #2124478 [2:1.9.3-1] - update to https://github.com/containers/skopeo/releases/tag/v1.9.3 - Related: #2124478 [2:1.9.2-1] - update to https://github.com/containers/skopeo/releases/tag/v1.9.2 - Related: #2061316 [2:1.9.1-1] - update to https://github.com/containers/skopeo/releases/tag/v1.9.1 - Related: #2061316 [2:1.9.0-1] - update to https://github.com/containers/skopeo/releases/tag/v1.9.0 - Related: #2061316 [2:1.8.0-4] - Re-enable debuginfo - Related: #2061316 [2:1.8.0-3] - BuildRequires: /usr/bin/go-md2man - Related: #2061316 [2:1.8.0-2] - enable LTO - Related: #1988128 [2:1.8.0-1] - update to https://github.com/containers/skopeo/releases/tag/v1.8.0 - Related: #2061316 [2:1.7.0-1] - update to https://github.com/containers/skopeo/releases/tag/v1.7.0 - Related: #2061316 [2:1.6.1-4] - add tags: classic (Ed Santiago) - Related: #2061316 [2:1.6.1-3] - remove BATS from required packages (Ed Santiago) - Related: #2061316 [2:1.6.1-2] - be sure to install BATS before gating tests are executed (thanks to Ed Santiago) - Related: #2061316 [2:1.6.1-1] - update to https://github.com/containers/skopeo/releases/tag/v1.6.1 - Related: #2000051 [2:1.6.0-1] - update to https://github.com/containers/skopeo/releases/tag/v1.6.0 - Related: #2000051 [2:1.5.2-1] - update to https://github.com/containers/skopeo/releases/tag/v1.5.2 - Related: #2000051 [2:1.5.1-1] - update to https://github.com/containers/skopeo/releases/tag/v1.5.1 - Related: #2000051 [2:1.5.1-0.9] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/4acc9f0) - Related: #2000051 [2:1.5.1-0.8] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/c2732cb) - Related: #2000051 [2:1.5.1-0.7] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/01e58f8) - Related: #2000051 [2:1.5.1-0.6] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/8f64c04) - Related: #2000051 [2:1.5.1-0.5] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/8182255) - Related: #2000051 [2:1.5.1-0.4] - bump Epoch to preserve upgrade patch from RHEL8 - Related: #2000051 [1:1.5.1-0.3] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/9c9a9f3) - Related: #2000051 [1:1.5.1-0.2] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/116e75f) - Related: #2000051 [1:1.5.1-0.1] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/fc81803) - Related: #2000051 [1:1.4.1-0.14] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/ff88d3f) - Related: #2000051 [1:1.4.1-0.13] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/a95b0cc) - Related: #2000051 [1:1.4.1-0.12] - add skopeo tests from Fedora - Related: #2000051 [1:1.4.1-0.11] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/53cf287) - Related: #2000051 [1:1.4.1-0.10] - add gating.yaml - Related: #2000051 [1:1.4.1-0.9] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/86fa758) - Related: #2000051 [1:1.4.1-0.8] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/2c2e5b7) - Related: #2000051 [1:1.4.1-0.7] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/25d3e7b) - Related: #2000051 [1:1.4.1-0.6] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/c5a5199) - Related: #2000051 [1:1.4.1-0.5] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/db1e814) - Related: #2000051 [1:1.4.1-0.4] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/31b8981) - Related: #2000051 [1:1.4.1-0.3] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/177443f) - Related: #2000051 [1:1.4.1-0.2] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/30f208e) - Related: #2000051 [1:1.4.1-0.1] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/47b8082) - Related: #2000051 [1:1.4.1-1] - rebuild with containers-common dep fixed - Related: #2000051 [1:1.4.0-7] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [1:1.4.0-6] - be sure short-name-mode is permissive in RHEL8 - Related: #1970747 [1:1.4.0-5] - don't define short-name-mode in RHEL8 - Related: #1970747 [1:1.4.0-4] - put both RHEL8 and RHEL9 conditional configurations into update.sh - Related: #1970747 [1:1.4.0-3] - update vendored components - always require runc on RHEL8 or lesser - Related: #1970747 [1:1.4.0-2] - update to the latest content of https://github.com/containers/skopeo/tree/release-1.4 (https://github.com/containers/skopeo/commit/a44da44) - Related: #1970747 [1:1.4.0-1] - update to 1.4.0 release and switch to the release-1.4 maint branch - Related: #1970747 [1:1.4.0-0.2] - update vendored components - ship /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release only on non-RHEL and CentOS distros - Related: #1970747 [1:1.4.0-0.1] - switch to the main branch of skopeo - Related: #1970747 [1:1.3.1-9] - Add support for signed RHEL images, enabled by default - Related: #1970747 [1:1.3.1-8] - update seccomp.json from Fedora to allow clone3 to pass - Related: #1970747 [1:1.3.1-7] - update shortnames from Pyxis - put RHEL9/UBI9 images into overrides - Related: #1970747 [1:1.3.1-6] - correct name of the option is 'short-name-mode' not 'short-names-mode' - Related: #1970747 [1:1.3.1-5] - handle CentOS Stream while updating vendored components - Related: #1970747 [1:1.3.1-4] - update to the latest content of https://github.com/containers/skopeo/tree/release-1.3 (https://github.com/containers/skopeo/commit/038f70e) - Related: #1970747 [1:1.3.1-3] - update registries.conf to be consistent with upstream - Related: #1970747 [1:1.3.1-2] - consume content from the release-1.3 upstream branch - Related: #1970747 [1:1.3.1-1] - update to https://github.com/containers/skopeo/releases/tag/v1.3.1 - Related: #1970747 [1:1.3.0-7] - Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065 [1:1.3.0-6] - set short-names-mode = 'enforcing' in registries.conf - Resolves: #1971752 [1:1.3.0-5] - configure for RHEL9 - Related: #1970747 [1:1.3.0-4] - add missing containers-mounts.conf.5.md file to git - don't list/install the same doc twice - Related: #1970747 [1:1.3.0-3] - update to new versions of vendored components - fail is there is an issue in communication with Pyxis API - understand devel branch in update.sh script, use pkg wrapper - sync with Pyxis - use containers-mounts.conf.5.md from containers/common - Related: #1970747 [1:1.2.2-4] - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 [1:1.2.2-3] - disable LTO again [1:1.2.2-2] - use rhel-shortnames only from trusted registries - sync with config files from current versions of vendored projects MODERATE Copyright 2023 Oracle, Inc. CVE-2022-30629 CVE-2022-41717 Oracle Linux 9 jss [5.3.0-1] - Rebase to JSS 5.3.0 [5.3.0-0.3.beta2] - Rebase to JSS 5.3.0-beta2 - Bug 2017098 - pki pkcs12-cert-add command failing with 'Unable to validate PKCS #12 file: Digests do not match' exception [5.3.0-0.2.beta1] - Rebase to JSS 5.3.0-beta1 ldapjdk [5.3.0-1] - Rebase to LDAP SDK 5.3.0 [5.3.0-0.2.beta1] - Rebase to LDAP SDK 5.3.0-beta1 pki-core [11.3.0-1.0.1] - Replaced upstream graphical references [Orabug: 33952704] [11.3.0-1] - Rebase to PKI 11.3.0 - Bug #2091993 - IdM Install fails on RHEL 8.5 Beta when DISA STIG is applied - Bug #2122409 - pki-tomcat/kra unable to decrypt when using RSA-OAEP padding in RHEL9 with FIPS enabled [11.3.0-0.2.beta1] - Rebase to PKI 11.3.0-beta1 - Bug #1849834 - [RFE] Provide EST Responder (RFC 7030) - Bug #1883477 - [RFE] Automatic expired certificate purging - Bug #2091999 - Error displayed should be user friendly in case RSNv3 certificate serial number collision - Bug #2106452 - softhsm2: Unable to create cert: Private key not found - Bug #2106459 - CVE-2022-2393 pki-core: Improper authentication/authorization with caServerKeygen_DirUserCert profile [11.2.1-1] - Rebase to PKI 11.2.1 - Bug #2107336 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE [rhel-9.1.0] [11.2.0-1] - Rebase to PKI 11.2.0 - Bug #2084639 ipa cert-request ssl error - Bug #2099312 SKI field is not reflected back in generated CSR - Bug #2095197 PKI cert-fix operation failing [11.2.0-0.4.beta3] - Rebase to PKI 11.2.0-beta3 - Bug #2062808 Drop SHA-1 use from authentication challenges [rhel-9.1.0] [11.2.0-0.3.beta2] - Rebase to PKI 11.2.0-beta2 - Rename packages to idm-pki [11.2.0-0.2.beta1] - Rebase to PKI 11.2.0-beta1 [11.0.3-1] - Bug #2033109 Invalid certificates with creation of subCA (pkispawn single step)[rhel-9.0.0] - Bug #2013141 kra-key-retrieve failed to accept xml input format to generate .p12 key through cli - Bug #2029838 SHA1withRSA being listed in signing certificates while approving certificate via Agent page in browser [11.0.1-3] - Change gcc compiler flags to fix annobin gating failures [11.0.1-2] - Rebase to PKI 11.0.1 [11.0.0-1] - Rebase to PKI 11.0.0 [11.0.0-0.6.beta1] - Rebase to PKI 11.0.0-beta1 - Bug #1999052 - pki instance creation fails for IPA server [11.0.0-0.5.alpha1] - Drop BuildRequires and Requires on glassfish-jaxb-api and jaxb-impl Resolves #2002594 [11.0.0-0.4.alpha1] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [11.0.0-0.3] - Drop sudo dependency [11.0.0-0.2] - Resolves: rhbz#1975406 - IPA installation fails during pki-tomcatd setup. [11.0.0-0.1] - Rebase to PKI 11.0.0-alpha1 [10.11.0-0.1] - Rebase to PKI 10.11.0-alpha1 tomcatjss [8.3.0-1] - Rebase to Tomcat JSS 8.3.0 [8.3.0-0.2.beta1] - Rebase to Tomcat JSS 8.3.0-beta1 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-2393 Oracle Linux 9 jackson-annotations [2.14.1-1] - Update to version 2.14.1 - Resolves: #2070122 jackson-core [2.14.1-1] - Update to version 2.14.1 - Resolves: #2070122 jackson-databind [2.14.1-1] - Update to version 2.14.1 - Resolves: #2070122 jackson-jaxrs-providers [2.14.1-1] - Update to version 2.14.1 - Resolves: #2070122 jackson-modules-base [2.14.1-1] - Update to version 2.14.1 - Resolves: #2070122 MODERATE Copyright 2023 Oracle, Inc. CVE-2020-36518 Oracle Linux 9 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-39253 CVE-2022-24765 CVE-2022-29187 CVE-2022-39260 Oracle Linux 9 [2:2.4.1-5] - Fix 'implicit declaration of function' errors (#2136155, #2145140) [- 2:2.4.1-4] - CVE-2022-39282: Fix length checks in parallel driver (#2136152) - CVE-2022-39283: Add missing length check in video channel (#2136154) - CVE-2022-39316, CVE-2022-39317: Add missing length checks in zgfx (#2145140) - CVE-2022-39318: Fix division by zero in urbdrc channel (#2145140) - CVE-2022-39319: Add missing length checks in urbdrc channel (#2145140) - CVE-2022-39320: Ensure urb_create_iocompletion uses size_t (#2145140) - CVE-2022-39347: Fix path validation in drive channel (#2145140) - CVE-2022-41877: Add missing length check in drive channel (#2145140) MODERATE Copyright 2023 Oracle, Inc. CVE-2022-39316 CVE-2022-39319 CVE-2022-39320 CVE-2022-39283 CVE-2022-39282 CVE-2022-41877 CVE-2022-39318 CVE-2022-39347 CVE-2022-39317 Oracle Linux 9 [4.4.0-7] - Fix CVE-2022-3970 - Resolves: CVE-2022-3970 [4.4.0-6] - Fix CVE-2022-3597 CVE-2022-3626 CVE-2022-3599 CVE-2022-3570 CVE-2022-3598 CVE-2022-3627 - Resolves: CVE-2022-3597 CVE-2022-3626 CVE-2022-3599 CVE-2022-3570 CVE-2022-3598 CVE-2022-3627 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-3570 CVE-2022-3597 CVE-2022-3627 CVE-2022-3626 CVE-2022-3970 CVE-2022-4645 CVE-2022-3598 CVE-2022-3599 CVE-2023-30774 CVE-2023-30775 Oracle Linux 9 [3.2.0-1] - Update to 3.2.0 - Resolves: #2139383 [2.13.3-4] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [2.13.3-3] - Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065 [2.13.3-2] - Fixed name of source tarball - Fixed date in the latest changelog entry - Related: #1952517 [2.13.3-1] - Update to latest version - Resolves: #1952517 [2.13.0-2] - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 [2.13.0-1] - Enable bundling - Update to latest version MODERATE Copyright 2023 Oracle, Inc. CVE-2022-27664 CVE-2022-30632 CVE-2022-32189 CVE-2022-2880 CVE-2022-1705 CVE-2022-30635 CVE-2022-30630 CVE-2022-32148 CVE-2022-41715 CVE-2022-41717 Oracle Linux 9 [1:27.2-8] - Use a 64KB page size for pdump (#1979804) [1:27.2-7] - Fix ctags local command execute vulnerability (#2149387) MODERATE Copyright 2023 Oracle, Inc. CVE-2022-45939 Oracle Linux 9 [1:1.2.0-1] - update to https://github.com/containernetworking/plugins/releases/tag/v1.2.0 - Related: #2124478 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-30629 CVE-2022-41717 Oracle Linux 9 [1.16.2-3] - Fix NRDelegation attack leading to uncontrolled resource consumption (CVE-2022-3204) MODERATE Copyright 2023 Oracle, Inc. CVE-2022-3204 Oracle Linux 9 [1:3.4.10-4] - Resolves: #2152064 - CVE-2022-3190 wireshark: f5ethtrailer Infinite loop in legacy style dissector [1:3.4.10-3] - Resolves: #2083581 - capinfos aborts in FIPS [1:3.4.10-2] - Resolves: #2160648 - Enhanced TMT testing for centos-stream MODERATE Copyright 2023 Oracle, Inc. CVE-2022-3190 Oracle Linux 9 [42.2.27-1] - rebase to 42.2.27 - fix for CVE-2022-41946 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-41946 Oracle Linux 9 php-pecl-apcu [5.1.21-1] - update to 5.1.21 for PHP 8.1 #2070040 php-pecl-rrd [2.0.3-4] - build for PHP 8.1 #2070040 php-pecl-xdebug3 [3.1.4-1] - update to 3.1.4 for PHP 8.1 #2070040 php-pecl-zip [1.20.1-1] - update to 1.20.1 for PHP 8.1 #2070040 php [8.1.14-1] - rebase to 8.1.14 [8.1.8-1] - update to 8.1.8 #2070040 [8.1.7-2] - clean unneeded dependency on useradd command [8.1.7-1] - update to 8.1.7 #2070040 [8.1.6-2] - add upstream patch to initialize pcre before mbstring - add upstream patch to use more sha256 in openssl tests [8.1.6-1] - update to 8.1.6 #2070040 [8.0.13-1] - rebase to 8.0.13 #2032429 - refresh configuration files from upstream [8.0.12-1] - rebase to 8.0.12 #2017111 #1981423 - build using system libxcrypt #2015903 [8.0.10-1] - rebase to 8.0.10 #1992513 - compatibility with OpenSSL 3.0 #1992492 - snmp: add sha256 / sha512 security protocol #1936635 - phar: implement openssl_256 and openssl_512 for phar signatures - phar: use sha256 signature by default [8.0.6-9] - Rebuilt for libffi 3.4.2 SONAME transition. Related: rhbz#1891914 [8.0.6-8] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [8.0.6-7] - Rebuild to pick up new build flags from redhat-rpm-config (#1984652) [8.0.6-6] - Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065 [8.0.6-5] - fix build with net-snmp without DES #1953492 [8.0.6-4] - fix build with openssl 3.0 #1953492 [8.0.6-3] - get rid of inet_addr and gethostbyaddr calls [8.0.6-2] - get rid of inet_ntoa and inet_aton calls [8.0.6-1] - Update to 8.0.6 - http://www.php.net/releases/8_0_6.php [8.0.5-1] - Update to 8.0.5 - http://www.php.net/releases/8_0_5.php [8.0.5~RC1-1] - update to 8.0.5RC1 [8.0.4~RC1-2] - make libdb usage conditional default: on for Fedora, off for RHEL [8.0.4~RC1-1] - update to 8.0.4RC1 [8.0.3-2] - clean conditions [8.0.3-1] - Update to 8.0.3 - http://www.php.net/releases/8_0_3.php - see https://fedoraproject.org/wiki/Changes/php80 - drop xmlrpc extension - drop json subpackage, extension always there - enchant: use libenchant-2 instead of libenchant [7.4.16-1] - Update to 7.4.16 - http://www.php.net/releases/7_4_16.php [7.4.15-3] - drop php-imap, fix #1929640 [7.4.15-2] - rebuild for libpq ABI fix rhbz#1908268 [7.4.15-1] - Update to 7.4.15 - http://www.php.net/releases/7_4_15.php - add upstream patch for https://bugs.php.net/80682 fix opcache doesn't honour pcre.jit option [7.4.15~RC2-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild [7.4.15~RC2-1] - update to 7.4.15RC2 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-31629 CVE-2022-31630 CVE-2022-31628 CVE-2022-31631 CVE-2022-37454 Oracle Linux 9 [1:5.9.1-9.0.1] - fix error index value when snmpget is used a proxy pass [Orabug: 35010262] [1:5.9.1-9] - fix CVE-2022-44792 and CVE-2022-44793 (#2141902) and (#2141906) - fix memory leak when ipv6 disable set to 1 (#2151540) [1:5.9.1-8] - fix default snmpd.conf file content (#2067954) MODERATE Copyright 2023 Oracle, Inc. CVE-2022-44793 CVE-2022-44792 Oracle Linux 9 [0.9.1-3.20211126git1ff6fe1f43] - Backport 'tpm2: Check size of buffer before accessing it' (CVE-2023-1017 & CVE-2023-1018) Resolves: rhbz#2173960 Resolves: rhbz#2173967 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-1018 CVE-2023-1017 Oracle Linux 9 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-3567 CVE-2022-47929 CVE-2022-1462 CVE-2022-3640 CVE-2022-3028 CVE-2022-3522 CVE-2022-3628 CVE-2022-42721 CVE-2022-39189 CVE-2022-42896 CVE-2022-1882 CVE-2021-33655 CVE-2023-1382 CVE-2022-3566 CVE-2022-3623 CVE-2022-1789 CVE-2022-4129 CVE-2023-0461 CVE-2022-2196 CVE-2021-26341 CVE-2023-1195 CVE-2022-3619 CVE-2022-20141 CVE-2022-42703 CVE-2022-3435 CVE-2022-3524 CVE-2022-21505 CVE-2022-33743 CVE-2022-28388 CVE-2022-2663 CVE-2022-39188 CVE-2022-4128 CVE-2022-3707 CVE-2022-43750 CVE-2022-42720 CVE-2022-3625 CVE-2022-41674 CVE-2023-0394 CVE-2022-42722 CVE-2023-0590 Oracle Linux 9 [0.8.7-20] - Add 0083-multipath.rules-fix-smart-bug-with-failed-valid-path.patch - Add 0084-libmultipath-limit-paths-that-can-get-wwid-from-envi.patch - Change how the installation dir for kpartx_id is specified - Resolves: bz #1926147 [0.8.7-19] - Fix bugzilla linked to the changes (was previously linked to the wrong bug, 2162536) - Resolves: bz #2166467 [0.8.7-18] - Add 0079-libmultipath-use-select_reload_action-in-select_acti.patch - Add 0080-libmultipath-select-resize-action-even-if-reload-is-.patch - Add 0081-libmultipath-cleanup-ACT_CREATE-code-in-select_actio.patch - Add 0082-libmultipath-keep-renames-from-stopping-other-multip.patch - Resolves: bz #2166467 [0.8.7-17] - Add 0077-libmultipath-don-t-leak-memory-on-invalid-strings.patch - Add 0078-libmutipath-validate-the-argument-count-of-config-st.patch - Resolves: bz #2145225 [0.8.7-16] - Add 0076-multipath.conf-5-remove-io-affinity-information.patch - Resolves: bz #2143125 [0.8.7-15] - Add 0067-kpartx-hold-device-open-until-partitions-have-been-c.patch * Fixes bz #2141860 - Add 0068-libmultipath-cleanup-remove_feature.patch - Add 0069-libmultipath-cleanup-add_feature.patch - Add 0070-multipath-tests-tests-for-adding-and-removing-featur.patch - Add 0071-libmultipath-fix-queue_mode-feature-handling.patch - Add 0072-multipath-tests-tests-for-reconcile_features_with_qu.patch - Add 0073-libmultipath-prepare-proto_id-for-use-by-non-scsi-de.patch - Add 0074-libmultipath-get-nvme-path-transport-protocol.patch - Add 0075-libmultipath-enforce-queue_mode-bio-for-nmve-tcp-pat.patch * Fixes bz #2033080 - Resolves: bz #2033080, #2141860 [0.8.7-14] - Add 0065-multipathd-ignore-duplicated-multipathd-command-keys.patch * Fixes bz #2133999 - Add 0066-multipath-tools-use-run-instead-of-dev-shm.patch * Fixes bz #2133989 - Resolves: bz #2133989, #2133999 [0.8.7-13] - Add 0062-multipathd-factor-out-the-code-to-flush-a-map-with-n.patch - Add 0063-libmultipath-return-success-if-we-raced-to-remove-a-.patch - Add 0064-multipathd-Handle-losing-all-path-in-update_map.patch - Resolves: bz #2125357 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-41973 Oracle Linux 9 [7.76.1-23] - fix HTTP multi-header compression denial of service (CVE-2023-23916) [7.76.1-22] - smb/telnet: fix use-after-free when HTTP proxy denies tunnel (CVE-2022-43552) [7.76.1-21] - fix POST following PUT confusion (CVE-2022-32221) [7.76.1-20] - control code in cookie denial of service (CVE-2022-35252) LOW Copyright 2023 Oracle, Inc. CVE-2022-43552 CVE-2022-35252 Oracle Linux 9 [1.8.10-2.0.1] - Drop pesign.service restart in postun [Orabug: 34760075] - Update signing certificate [JIRA: OLDIS-16371] - Rebuild for SecureBoot signatures [Orabug: 33801813] - Build with the updated Oracle certificate - Use oraclesecureboot301 as certdir [Orabug: 29881368] - Use new signing certificate (Alex Burmashev) - Update SBAT data to include Oracle [Oracle: 33072886] [1.8.10-2] - Rebuild because distrobaker did entirely the wrong thing. - Resolves: rhbz#2128384, needed for rhbz#2119436 and rhbz#2128384 [1.8.10-1] - Rebase to latest upstream release to fix multiple ESP detection problems - Resolves: rhbz#2128384, needed for rhbz#2119436 and rhbz#2128384 [1.7.10-1] - New upstream release - Resolves: rhbz#2129280 [1.7.9-2] - Include the new dbx updates on the filesystem; clients typically do not have LVFS enabled. - Resolves: rhbz#2120708 [1.7.8-1] - New upstream release - Resolves: rhbz#2059075 [1.7.4-3] - Disable the Logitech bulkcontroller plugin to avoid adding a dep to protobuf-c which lives in AppStream, not BaseOS. - Use the efi_vendor variable from EFI-RPM - Resolves: rhbz#2064904 [1.7.4-1] - New upstream release - Backport Fedora 34 changes - Include support for Lenovo TBT4 Docking stations - Do not cause systemd-modules-load failures - Build against a new enough pesign - Resolves: rhbz#2007520 [1.7.1-1] - New upstream release - Backport Fedora 34 changes - Include support for Dell TBT4 Docking stations - Resolves: rhbz#1974347 - Resolves: rhbz#1991426 [1.5.9-4] - Rebuilt to use redhatsecureboot503 signatures - Undo last Fedora sync to use the RHEL-specific patches - Resolves: rhbz#2007520 [1.5.9-3] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [1.5.9-2] - Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065 [1.5.9-1] - Rebase to include the SBAT metadata section to allow fixing BootHole - Resolves: rhbz#1951030 [1.5.5-4] - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 [1.5.5-3] - Backport a patch from master to drop the python3-pillow dep - Resolves: rhbz#1935838 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-34301 CVE-2022-34302 CVE-2022-3287 CVE-2022-34303 Oracle Linux 9 [12:4.4.2-18.b1] - Fix for CVE-2022-2928 - Fix for CVE-2022-2929 - Use systemd-sysusers for dhcp user and group (#2095396) MODERATE Copyright 2023 Oracle, Inc. CVE-2022-2928 CVE-2022-2929 Oracle Linux 9 evolution-mapi [3.40.1-5] - Related: #2131993 (Rebuild against samba 4.17) openchange [2.3-40] - Related: #2131993 (Rebuild against samba 4.17) samba [4.17.5-102.0.1] - Fix memleak in _nss_winbind_initgroups_dyn [Orabug: 34994509] [4.17.5-102] - resolves: rhbz#2169980 - Fix winbind memory leak - resolves: rhbz#2156056 - Fix Samba shares not accessible issue [4.17.5-101] - resolves: rhbz#2168534 - Create package samba-tools [4.17.5-100] - related: rhbz#2131993 - Update to version 4.17.5 [4.17.4-102] - related: rhbz#2131993 - Create package dc-libs also for 'non-dc build' [4.17.4-101] - related: rhbz#2131993 - Rebuild for MIT Kerberos 1.20.1 [4.17.4-100] - related: rhbz#2131993 - Update to version 4.17.4 - resolves: rhbz#2154373 - Fix CVE-2022-38023 - resolves: rhbz#2143196 - Fix %U include directive for share listing (netshareenum) - resolves: rhbz#2114884 - Fix id command to return new groups after successful user login - resolves: rhbz#2154885 - Fix Winbind to retrieve user groups from Active Directory [4.17.2-103] - Always add epoch to samba_depver to fix osci.brew-build.rpmdeplint.functional - related: rhbz#2131993 [4.17.2-102] - Fix CVE-2022-1615 GnuTLS gnutls_rnd() can fail and give predictable random values - resolves: rhbz#2126175 [4.17.2-101] - resolves: rhbz#2131993 - Update to version 4.17.2 [4.16.4-101] - resolves: rhbz#2121317 - Do not require samba package in python3-samba [4.16.4-100] - Rebase to version 4.16.4 - resolves: rhbz#2108332 - Fix CVE-2022-32742 [ 4.16.3-101] - related: rhbz#2077487 - Rebase Samba to 4.16.3 - resolves: rhbz#2097655 - The pcap background queue process should not be stopped - resolves: rhbz#2100105 - Fix net ads info LDAP server and LDAP server name [4.16.2-102] - resolves: rhbz#2106279 - Fix crash in rpcd_classic [4.16.2-101] - resolves: rhbz#2093833 - Fix weak dependency on logrotate - resolves: rhbz#2096813 - Fix printer displays only after 300 seconds timeout [4.16.2-100] - Fix rpminspect abidiff - related: rhbz#2077487 - Rebase Samba to 4.16.2 [4.16.1-100] - resolves: rhbz#2077487 - Rebase Samba to the the latest 4.16.x release [4.15.5-108] - resolves: rhbz#2078838 - Fix UPNs handling in lookup_name*() calls [4.15.5-106] - resolves: rhbz#2065376 - Fix 'create krb5 conf = yes when a KDC has a single IP address. - resolves: rhbz#2076504 - PAM Kerberos authentication fails with a clock skew error [4.15.5-105] - resolves: rhbz#2074891 - Fix username map for unix groups [4.15.5-104] - resolves: rhbz#2057500 - Fix winbind kerberos ticket refresh [4.15.5-103] - related: rhbz#2044231 - Fix typo in testparm output [4.15.5-102] - resolves: rhbz#2044231 - Improve idmap autorid sanity checks and documentation [4.15.5-101] - resolves: #2050111 - [RFE] Change change password change prompt phrasing - resolves: #2054110 - virusfilter_vfs_openat: Not scanned: Directory or special file [4.15.5-100] - related: rhbz#2013578 - Rebase Samba to the the latest 4.15.x release - resolves: #2046129 - Fix CVE-2021-44141 - resolves: #2046154 - Fix CVE-2021-44142 - resolves: #2044405 - Fix printing no longer works on Windows 7 - resolves: #2049485 - Fix systemd notifications - resolves: #2049604 - Disable NTLMSSP for ldap client connections [4.15.4-100] - related: rhbz#2013578 - Rebase Samba to the the latest 4.15.x release - resolves: #2039154 - Fix CVE-2021-20316 - resolves: #2044238 - Failed to authenticate users after upgrade samba package to release samba-4.14.5-7x - resolves: #2044239 - [smb] Segmentation fault when joining the domain - resolves: #2044241 - filename_convert_internal: open_pathref_fsp [xxx] failed: NT_STATUS_ACCESS_DENIED - resolves: #2044255 - Fix CVE-2021-43566 [4.15.3-1] - related: rhbz#2013578 - Rebase to Samba 4.15.3 - resolves: rhbz#2028026 - Fix possible null pointer dereference in winbind - resolves: rhbz#2033317 - Winexe: Kerberos Auth is respected via --use-kerberos=desired [4.15.2-3] - related: rhbz#2013578 - Remove unneeded lmdb dependency [4.15.2-2] - resolves: rhbz#2019675 - Fix CVE-2020-25717 [4.15.2-2] - resolves: rhbz#2019669 - Fix CVE-2021-23192 [4.15.2-2] - resolves: rhbz#2019663 - Fix CVE-2016-2124 [4.15.2-1] - resolves: rhbz#2013578 - Rebase to Samba 4.15.2 [4.14.5-103] - resolves: rhbz#1980356 - Fix winbind restart on package upgrade [0:4.14.5-102] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [4.14.5-101] - related: rhbz#1975690 - Create a subpackage for vfs-iouring [4.14.5-100] - related: rhbz#1954531 - Make sure upgrades to RHEL9 will work [4.14.5-0] - related: rhbz#1954531 - Update to Samba 4.14.5 [4.14.4-7] - related: rhbz#1954531 - Fix build issues with gcc - resolves: rhbz#1959712 - Add iouring vfs module [4.14.4-5] * related: rhbz#1954531 - Add rpminspect.yaml [4.14.4-2] - related: rhbz#1954531 - Remove obsolete /var/spool/samba [4.14.4-1] - resolves: rhbz#1954531 - Update to Samba 4.14.4 - resolves: rhbz#1949446 - Fix CVE-2021-20254 - resolves: rhbz#1942378 - Disable nis support [0:4.14.2-0.1] - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 LOW Copyright 2023 Oracle, Inc. CVE-2022-1615 Oracle Linux 9 [3.0.7-6.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.7-6] - Fixes RNG slowdown in FIPS mode Resolves: rhbz#2168224 [1:3.0.7-5] - Fixed X.509 Name Constraints Read Buffer Overflow Resolves: CVE-2022-4203 - Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed Double free after calling PEM_read_bio_ex Resolves: CVE-2022-4450 - Fixed Use-after-free following BIO_new_NDEF Resolves: CVE-2023-0215 - Fixed Invalid pointer dereference in d2i_PKCS7 functions Resolves: CVE-2023-0216 - Fixed NULL dereference validating DSA public key Resolves: CVE-2023-0217 - Fixed X.400 address type confusion in X.509 GeneralName Resolves: CVE-2023-0286 - Fixed NULL dereference during PKCS7 data verification Resolves: CVE-2023-0401 [1:3.0.7-4] - Disallow SHAKE in RSA-OAEP decryption in FIPS mode Resolves: rhbz#2142121 [1:3.0.7-3] - Refactor OpenSSL fips module MAC verification Resolves: rhbz#2157965 [1:3.0.7-2] - Various provider-related imrovements necessary for PKCS#11 provider correct operations Resolves: rhbz#2142517 - We should export 2 versions of OPENSSL_str[n]casecmp to be compatible with upstream Resolves: rhbz#2133809 - Removed recommended package for openssl-libs Resolves: rhbz#2093804 - Adjusting include for the FIPS_mode macro Resolves: rhbz#2083879 - Backport of ppc64le Montgomery multiply enhancement Resolves: rhbz#2130708 - Fix explicit indicator for PSS salt length in FIPS mode when used with negative magic values Resolves: rhbz#2142087 - Update change to default PSS salt length with patch state from upstream Related: rhbz#2142087 [1:3.0.7-1] - Rebasing to OpenSSL 3.0.7 Resolves: rhbz#2129063 [1:3.0.1-44] - SHAKE-128/256 are not allowed with RSA in FIPS mode Resolves: rhbz#2144010 - Avoid memory leaks in TLS Resolves: rhbz#2144008 - FIPS RSA CRT tests must use correct parameters Resolves: rhbz#2144006 - FIPS-140-3 permits only SHA1, SHA256, and SHA512 for DRBG-HASH/DRBG-HMAC Resolves: rhbz#2144017 - Remove support for X9.31 signature padding in FIPS mode Resolves: rhbz#2144015 - Add explicit indicator for SP 800-108 KDFs with short key lengths Resolves: rhbz#2144019 - Add explicit indicator for HMAC with short key lengths Resolves: rhbz#2144000 - Set minimum password length for PBKDF2 in FIPS mode Resolves: rhbz#2144003 - Add explicit indicator for PSS salt length in FIPS mode Resolves: rhbz#2144012 - Clamp default PSS salt length to digest size for FIPS 186-4 compliance Related: rhbz#2144012 - Forbid short RSA keys for key encapsulation/decapsulation in FIPS mode Resolves: rhbz#2145170 [1:3.0.1-43] - CVE-2022-3602: X.509 Email Address Buffer Overflow - CVE-2022-3786: X.509 Email Address Buffer Overflow Resolves: CVE-2022-3602 [1:3.0.1-42] - CVE-2022-3602: X.509 Email Address Buffer Overflow Resolves: CVE-2022-3602 (rhbz#2137723) [1:3.0.1-41] - Zeroize public keys as required by FIPS 140-3 Related: rhbz#2102542 - Add FIPS indicator for HKDF Related: rhbz#2114772 [1:3.0.1-40] - Deal with DH keys in FIPS mode according FIPS-140-3 requirements Related: rhbz#2102536 - Deal with ECDH keys in FIPS mode according FIPS-140-3 requirements Related: rhbz#2102537 - Use signature for RSA pairwise test according FIPS-140-3 requirements Related: rhbz#2102540 - Reseed all the parent DRBGs in chain on reseeding a DRBG Related: rhbz#2102541 [1:3.0.1-39] - Use RSA-OAEP in FIPS RSA encryption/decryption FIPS self-test - Use Use digest_sign & digest_verify in FIPS signature self test - Use FFDHE2048 in Diffie-Hellman FIPS self-test Resolves: rhbz#2102535 [1:3.0.1-38] - Fix segfault in EVP_PKEY_Q_keygen() when OpenSSL was not previously initialized. Resolves: rhbz#2103289 - Improve AES-GCM performance on Power9 and Power10 ppc64le Resolves: rhbz#2051312 - Improve ChaCha20 performance on Power10 ppc64le Resolves: rhbz#2051312 [1:3.0.1-37] - CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 Resolves: CVE-2022-2097 [1:3.0.1-36] - Ciphersuites with RSAPSK KX should be filterd in FIPS mode - Related: rhbz#2085088 - FIPS provider should block RSA encryption for key transport. - Other RSA encryption options should still be available if key length is enough - Related: rhbz#2053289 - Improve diagnostics when passing unsupported groups in TLS - Related: rhbz#2070197 - Fix PPC64 Montgomery multiplication bug - Related: rhbz#2098199 - Strict certificates validation shouldn't allow explicit EC parameters - Related: rhbz#2058663 - CVE-2022-2068: the c_rehash script allows command injection - Related: rhbz#2098277 [1:3.0.1-35] - Add explicit indicators for signatures in FIPS mode and mark signature primitives as unapproved. Resolves: rhbz#2087147 [1:3.0.1-34] - Some OpenSSL test certificates are expired, updating - Resolves: rhbz#2092456 [1:3.0.1-33] - CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory - Resolves: rhbz#2089444 - CVE-2022-1343 openssl: Signer certificate verification returned inaccurate response when using OCSP_NOCHECKS - Resolves: rhbz#2087911 - CVE-2022-1292 openssl: c_rehash script allows command injection - Resolves: rhbz#2090362 - Revert 'Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode' Related: rhbz#2087147 - Use KAT for ECDSA signature tests, s390 arch - Resolves: rhbz#2069235 [1:3.0.1-32] - openssl ecparam -list_curves lists only FIPS-approved curves in FIPS mode - Resolves: rhbz#2083240 - Ciphersuites with RSA KX should be filterd in FIPS mode - Related: rhbz#2085088 - In FIPS mode, signature verification works with keys of arbitrary size above 2048 bit, and only with 1024, 1280, 1536, 1792 bits for keys below 2048 bits - Resolves: rhbz#2077884 [1:3.0.1-31] - Disable SHA-1 signature verification in FIPS mode - Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode Resolves: rhbz#2087147 [1:3.0.1-30] - Use KAT for ECDSA signature tests - Resolves: rhbz#2069235 [1:3.0.1-29] - -config argument of openssl app should work properly in FIPS mode - Resolves: rhbz#2083274 - openssl req defaults on PKCS#8 encryption changed to AES-256-CBC - Resolves: rhbz#2063947 [1:3.0.1-28] - OpenSSL should not accept custom elliptic curve parameters - Resolves rhbz#2066412 - OpenSSL should not accept explicit curve parameters in FIPS mode - Resolves rhbz#2058663 [1:3.0.1-27] - Change FIPS module version to include hash of specfile, patches and sources Resolves: rhbz#2070550 [1:3.0.1-26] - OpenSSL FIPS module should not build in non-approved algorithms - Resolves: rhbz#2081378 [1:3.0.1-25] - FIPS provider should block RSA encryption for key transport. - Other RSA encryption options should still be available - Resolves: rhbz#2053289 [1:3.0.1-24] - Fix regression in evp_pkey_name2type caused by tr_TR locale fix Resolves: rhbz#2071631 [1:3.0.1-23] - Fix openssl curl error with LANG=tr_TR.utf8 - Resolves: rhbz#2071631 [1:3.0.1-22] - FIPS provider should block RSA encryption for key transport - Resolves: rhbz#2053289 [1:3.0.1-21] - Fix occasional internal error in TLS when DHE is used - Resolves: rhbz#2004915 [1:3.0.1-20] - Fix acceptance of SHA-1 certificates with rh-allow-sha1-signatures = yes when no OpenSSL library context is set - Resolves: rhbz#2065400 [1:3.0.1-19] - Fix TLS connections with SHA1 signatures if rh-allow-sha1-signatures = yes - Resolves: rhbz#2065400 [1:3.0.1-18] - CVE-2022-0778 fix - Resolves: rhbz#2062315 [1:3.0.1-17] - Fix invocation of EVP_PKEY_CTX_set_rsa_padding(RSA_PKCS1_PSS_PADDING) before setting an allowed digest with EVP_PKEY_CTX_set_signature_md() - Skipping 3.0.1-16 due to version numbering confusion with the RHEL-9.0 branch - Resolves: rhbz#2062640 [1:3.0.1-15] - Allow SHA1 in SECLEVEL 2 if rh-allow-sha1-signatures = yes - Resolves: rhbz#2060510 [1:3.0.1-14] - Prevent use of SHA1 with ECDSA - Resolves: rhbz#2031742 [1:3.0.1-13] - OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters - Resolves: rhbz#1977867 [1:3.0.1-12] - Support KBKDF (NIST SP800-108) with an R value of 8bits - Resolves: rhbz#2027261 [1:3.0.1-11] - Allow SHA1 usage in MGF1 for RSASSA-PSS signatures - Resolves: rhbz#2031742 [1:3.0.1-10] - rebuilt [1:3.0.1-9] - Allow SHA1 usage in HMAC in TLS - Resolves: rhbz#2031742 [1:3.0.1-8] - OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters - Resolves: rhbz#1977867 - pkcs12 export broken in FIPS mode - Resolves: rhbz#2049265 [1:3.0.1-8] - Disable SHA1 signature creation and verification by default - Set rh-allow-sha1-signatures = yes to re-enable - Resolves: rhbz#2031742 [1:3.0.1-7] - s_server: correctly handle 2^14 byte long records - Resolves: rhbz#2042011 [1:3.0.1-6] - Adjust FIPS provider version - Related: rhbz#2026445 [1:3.0.1-5] - On the s390x, zeroize all the copies of TLS premaster secret - Related: rhbz#2040448 [1:3.0.1-4] - rebuilt [1:3.0.1-3] - KATS tests should be executed before HMAC verification - Restoring fips=yes for SHA1 - Related: rhbz#2026445, rhbz#2041994 [1:3.0.1-2] - Add enable-buildtest-c++ to the configure options. - Related: rhbz#1990814 [1:3.0.1-1] - Rebase to upstream version 3.0.1 - Fixes CVE-2021-4044 Invalid handling of X509_verify_cert() internal errors in libssl - Resolves: rhbz#2038910, rhbz#2035148 [1:3.0.0-7] - Remove algorithms we don't plan to certify from fips module - Remove native fipsmodule.cnf - Related: rhbz#2026445 [1:3.0.0-6] - openssl speed should run in FIPS mode - Related: rhbz#1977318 [1:3.0.0-5] - rebuilt for spec cleanup - Related: rhbz#1985362 [1:3.0.0-4] - Embed FIPS HMAC in fips.so - Enforce loading FIPS provider when FIPS kernel flag is on - Related: rhbz#1985362 [1:3.0.0-3] - Fix memory leak in s_client - Related: rhbz#1996092 [1:3.0.0-2] - Avoid double-free on error seeding the RNG. - KTLS and FIPS may interfere, so tests need to be tuned - Resolves: rhbz#1952844, rhbz#1961643 [1:3.0.0-1] - Rebase to upstream version 3.0.0 - Related: rhbz#1990814 [1:3.0.0-0.beta2.7] - Removes the dual-abi build as it not required anymore. The mass rebuild was completed and all packages are rebuilt against Beta version. - Resolves: rhbz#1984097 [1:3.0.0-0.beta2.6] - Correctly process CMS reading from /dev/stdin - Resolves: rhbz#1986315 [3.0.0-0.beta2.5] - Add instruction for loading legacy provider in openssl.cnf - Resolves: rhbz#1975836 [3.0.0-0.beta2.4] - Adds support for IDEA encryption. - Resolves: rhbz#1990602 [3.0.0-0.beta2.3] - Fixes core dump in openssl req -modulus - Fixes 'openssl req' to not ask for password when non-encrypted private key is used - cms: Do not try to check binary format on stdin and -rctform fix - Resolves: rhbz#1988137, rhbz#1988468, rhbz#1988137 [1:3.0.0-0.beta2.2.1] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [3.0.0-0.beta2.2] - When signature_algorithm extension is omitted, use more relevant alerts - Resolves: rhbz#1965017 [3.0.0-0.beta2.1] - Rebase to upstream version beta2 - Related: rhbz#1903209 [3.0.0-0.beta1.5] - Prevents creation of duplicate cert entries in PKCS #12 files - Resolves: rhbz#1978670 [3.0.0-0.beta1.4] - NVR bump to update to OpenSSL 3.0 Beta1 [3.0.0-0.beta1.3] - Update patch dual-abi.patch to add the #define macros in implementation files instead of public header files [3.0.0-0.beta1.2] - Removes unused patch dual-abi.patch [3.0.0-0.beta1.1] - Update to Beta1 version - Includes a patch to support dual-ABI, as Beta1 brekas ABI with alpha16 [3.0.0-0.alpha16.7] - Fixes override of openssl_conf in openssl.cnf - Use AI_ADDRCONFIG only when explicit host name is given - Temporarily remove fipsmodule.cnf for arch i686 - Fixes segmentation fault in BN_lebin2bn - Resolves: rhbz#1975847, rhbz#1976845, rhbz#1973477, rhbz#1975855 [3.0.0-0.alpha16.6] - Adds FIPS mode compatibility patch (sahana@redhat.com) - Related: rhbz#1977318 [3.0.0-0.alpha16.5] - Fixes system hang issue when booted in FIPS mode (sahana@redhat.com) - Temporarily disable downstream FIPS patches - Related: rhbz#1977318 [3.0.0-0.alpha16.4] - Speeding up building openssl (dbelyavs@redhat.com) Resolves: rhbz#1903209 [3.0.0-0.alpha16.3] - Fix reading SPKAC data from stdin - Fix incorrect OSSL_PKEY_PARAM_MAX_SIZE for ed25519 and ed448 - Return 0 after cleanup in OPENSSL_init_crypto() - Cleanup the peer point formats on regotiation - Fix default digest to SHA256 [3.0.0-0.alpha16.2] - Enable FIPS via config options [3.0.0-0.alpha16.1] - Update to alpha 16 version Resolves: rhbz#1952901 openssl sends alert after orderly connection close LOW Copyright 2023 Oracle, Inc. CVE-2022-3358 Oracle Linux 9 [3.5.3-4] - Resolves: CVE-2022-36227 LOW Copyright 2023 Oracle, Inc. CVE-2022-36227 Oracle Linux 9 [1.20.1-8.0.1] - Fixed race condition in krb5_set_password() [Orabug: 33609767] [1.20.1-8] - Fix datetime parsing in kadmin on s390x - Resolves: rhbz#2169985 [1.20.1-7] - Fix double free on kdb5_util key creation failure - Resolves: rhbz#2166603 [1.20.1-6] - Add support for MS-PAC extended KDC signature (CVE-2022-37967) - Resolves: rhbz#2165827 [1.20.1-5] - Bypass FIPS restrictions to use KRB5KDF in case AES SHA-1 HMAC is enabled - Lazily load MD4/5 from OpenSSL if using RADIUS or RC4 enctype in FIPS mode - Resolves: rhbz#2162461 [1.20.1-4] - Set aes256-cts-hmac-sha384-192 as EXAMLE.COM master key in kdc.conf - Add AES SHA-2 HMAC family as EXAMPLE.COM supported etypes in kdc.conf - Resolves: rhbz#2068535 [1.20.1-2] - Strip debugging data from ksu executable file - Resolves: rhbz#2159643 [1.20.1-1] - Make tests compatible with sssd-client - Resolves: rhbz#2151513 - Remove invalid password expiry warning - Resolves: rhbz#2121099 - Update error checking for OpenSSL CMS_verify - Resolves: rhbz#2063838 - New upstream version (1.20.1) - Resolves: rhbz#2016312 - Fix integer overflows in PAC parsing (CVE-2022-42898) - Resolves: rhbz#2140971 [1.19.1-23] - Fix kprop for propagating dump files larger than 4GB - Resolves: rhbz#2133014 [1.19.1-22] - Restore 'supportedCMSTypes' attribute in PKINIT preauth requests - Set SHA-512 or SHA-256 with RSA as preferred CMS signature algorithms - Resolves: rhbz#2068935 [1.19.1-21] - Fix libkrad client cleanup - Allow use of larger RADIUS attributes in krad library - Resolves: rhbz#2100351 [1.19.1-20] - Fix OpenSSL 3 MD5 encyption in FIPS mode - Allow libkrad UDP/TCP connection to localhost in FIPS mode - Resolves: rhbz#2068458 [1.19.1-19] - Use p11-kit as default PKCS11 module - Resolves: rhbz#2030981 [1.19.1-18] - Try harder to avoid password change replay errors - Resolves: rhbz#2075186 [1.19.1-15] - Use SHA-256 instead of SHA-1 for PKINIT CMS digest [1.19.1-14] - Bypass FIPS restrictions to use KRB5KDF in case AES SHA-1 HMAC is enabled - Lazily load MD4/5 from OpenSSL if using RADIUS or RC4 enctype in FIPS mode [1.19.1-13] - Remove -specs= from krb5-config output - Resolves #1997021 [1.19.1-12] - Fix KDC null deref on TGS inner body null server (CVE-2021-37750) - Resolves: #1997602 [1.19.1-11.1] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [1.19.1-11] - Fix KDC null deref on bad encrypted challenge (CVE-2021-36222) - Resolves: #1983733 [1.19.1-10] - Update OpenSSL 3 provider handling to clean up properly - Resolves: #1955873 [1.19.1-9] - Sync openssl3 patches with upstream - Resolves: #1955873 [1.19.1-8] - Rebuild for rpminspect and mass rebuild cleanup; no code changes - Resolves: #1967505 [1.19.1-7] - Fix several fallback canonicalization problems - Resolves: #1967505 [1.19.1-6.1] - Rebuilt for RHEL 9 BETA for openssl 3.0 - Resolves: rhbz#1971065 [1.19.1-6] - Backport KCM retrieval fixes - Resolves: #1956403 [1.19.1-5] - Fix DES3 mention in KDFs - Resolves: #1955873 [1.19.1-4] - Port to OpenSSL 3 (alpha 15) - Resolves: #1955873 [1.19.1-3.1] - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 MODERATE Copyright 2023 Oracle, Inc. CVE-2020-17049 Oracle Linux 9 [5.4.4-3] - Apply upstream patch for CVE-2022-28805 LOW Copyright 2023 Oracle, Inc. CVE-2022-28805 Oracle Linux 9 [0.31.1-65] - Resolves: rhbz#2121828 Fix the gating tests by using only local test Upstream testsuite will not work as this package code is very old [0.31.1-64] - Resolves: rhbz#2121828 CVE-2022-32323 - heap-buffer overflow via the ReadImage() at input-bmp.c MODERATE Copyright 2023 Oracle, Inc. CVE-2022-32323 Oracle Linux 9 [2.0.2-4] - fix RHEL9.2 build - thanks to Debarshi Ray - Related: #2124478 [2.0.2-3] - rebuild - Resolves: #2037812 [2.0.2-2] - limit to golang arches only - Related: #2061316 * Thu Aug 04 2022 Jindrich Novy <jnovy@redhat.com> - update to 2.0.2 - Related: #2061316 [2.0.0-18.gitaf8da76] - fix gating.yaml as we have no functional gating tests - Related: #2000051 [2.0.0-17.gitaf8da76] - update gating.yaml and rebuild - Related: #2000051 [2.0.0-16.gitaf8da76] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [2.0.0-15.gitaf8da76] - Resolves: #1975362 - enable additional hardening flags [2.0.0-14.gitaf8da76] - Resolves: #1975362 - enable full cf-protection for x86_64 [2.0.0-13.gitaf8da76] - Resolves: #1975362 - use latest upstream commit [2.0.0-12] - Resolves: #1975362 - add -fcf-protection to CGO_CFLAGS [2.0.0-11] - Resolves: #1975362 - add gating.yaml [2.0.0-10] - Resolves: #1975362 - build with CGO_CFLAGS defined MODERATE Copyright 2023 Oracle, Inc. CVE-2022-41715 Oracle Linux 9 [8.0.32-1] - Update to MySQL 8.0.32 [8.0.31-1] - Update to MySQL 8.0.31 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-21865 CVE-2023-21880 CVE-2023-21883 CVE-2022-21604 CVE-2023-21867 CVE-2022-21640 CVE-2022-39400 CVE-2023-21871 CVE-2023-21881 CVE-2022-21625 CVE-2023-21917 CVE-2023-21887 CVE-2022-21611 CVE-2023-21864 CVE-2023-21869 CVE-2023-21870 CVE-2023-21873 CVE-2022-21608 CVE-2022-39408 CVE-2022-39410 CVE-2023-21877 CVE-2023-21912 CVE-2022-21594 CVE-2022-21599 CVE-2023-21874 CVE-2023-21836 CVE-2023-21868 CVE-2023-21878 CVE-2022-21617 CVE-2022-21633 CVE-2023-21875 CVE-2023-21876 CVE-2023-21882 CVE-2022-21632 CVE-2023-21863 CVE-2023-21879 CVE-2022-21637 Oracle Linux 9 [1:27.2-8.1] - Fix etags local command injection vulnerability (#2184369) - Fix htmlfontify.el command injection vulnerability (#2184368) - Fix ruby-mode.el local command injection vulnerability (#2184367) - Fix ob-latex.el command injection vulnerability (#2184377) [1:27.2-8] - Use a 64KB page size for pdump (#1979804) [1:27.2-7] - Fix ctags local command execute vulnerability (#2149387) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-48338 CVE-2023-2491 CVE-2022-48339 CVE-2022-48337 Oracle Linux 9 [4.9-2.0.1] - Add libreswan-oracle.patch to detect Oracle Linux distro [4.9-2] - Fix CVE-2023-23009: remote DoS via crafted TS payload with an incorrect selector length (rhbz#2173674) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-23009 Oracle Linux 9 [8.7p1-29] - Resolve possible self-DoS with some clients Resolves: rhbz#2186473 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-25136 Oracle Linux 9 [7.76.1-23.el9_2.1] - fix FTP too eager connection reuse (CVE-2023-27535) [7.76.1-23] - fix HTTP multi-header compression denial of service (CVE-2023-23916) [7.76.1-22] - smb/telnet: fix use-after-free when HTTP proxy denies tunnel (CVE-2022-43552) [7.76.1-21] - fix POST following PUT confusion (CVE-2022-32221) [7.76.1-20] - control code in cookie denial of service (CVE-2022-35252) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-27535 Oracle Linux 9 [2.38.5-1.1] - Add patch for CVE-2023-28205 Resolves: #2185745 [2.38.5-1] - Update to 2.38.5 Related: #2127467 [2.38.4-1] - Update to 2.38.4 Related: #2127467 [2.38.3-1] - Update to 2.38.3 Related: #2127467 [2.38.2-1] - Update to 2.38.2 Related: #2127467 [2.38.1-2] - Fix use with aarch64 64 KiB page size Related: #2127467 [2.38.1-1] - Update to 2.38.1 Resolves: #2127467 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-2203 Oracle Linux 9 nodejs [1:18.14.2-2] - Provide simduft - Resolves: #2159389 [1:18.14.2-1] - Rebase to 18.14.2 - Resolves: #2159389 - Resolves: CVE-2022-25881, CVE-2022-4904, CVE-2023-23936, CVE-2023-24807 - Resolves: CVE-2023-23918, CVE-2023-23919, CVE-2023-23920 nodejs-nodemon [2.0.20-2] - Patch bundled glob-parent - Resolves: CVE-2021-35065 nodejs-packaging MODERATE Copyright 2023 Oracle, Inc. CVE-2021-35065 CVE-2023-23936 CVE-2023-23918 CVE-2022-25881 CVE-2022-4904 CVE-2023-23919 CVE-2023-23920 CVE-2023-24807 Oracle Linux 9 nodejs [1:16.19.1-1] - Rebase to 16.19.1 - Resolves: rhbz#2153714 - Resolves: CVE-2023-23918 CVE-2023-23919 CVE-2023-23936 CVE-2023-24807 CVE-2023-23920 - Resolves: CVE-2022-25881 CVE-2022-4904 nodejs-nodemon [2.0.20-3] - Patch bundled glob-parent - Resolves: CVE-2021-35065 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-25881 CVE-2023-24807 CVE-2023-23918 CVE-2022-4904 CVE-2023-23920 CVE-2023-23936 Oracle Linux 8 Oracle Linux 9 [12.1.1-2.0.4] - CVE-2023-4039 mitigation. Orabug 35752028. - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> LOW Copyright 2023 Oracle, Inc. CVE-2023-4039 cpe:/a:oracle:linux:9::developer cpe:/a:oracle:linux:8::developer Oracle Linux 9 [102.11.0-2.0.1] - Updated homepages to use https [Orabug: 34648274] [102.11.0-2] - Update to 102.11.0 build2 [102.11.0-1] - Update to 102.11.0 build1 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-32207 CVE-2023-32215 CVE-2023-32212 CVE-2023-32205 CVE-2023-32206 CVE-2023-32211 CVE-2023-32213 Oracle Linux 9 [1.6.1-20.1] - Resolves: #2196575 - CVE-2022-25147 apr-util: out-of-bounds writes in the apr_base64 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-25147 Oracle Linux 9 [4.9-4.0.1] - Add libreswan-oracle.patch to detect Oracle Linux distro [4.9-4] - Just bumping up the version as an incorrect 9.3 build was created. - Related: rhbz#2187171 [4.9-3] - Fix CVE-2023-30570:Malicious IKEv1 Aggressive Mode packets can crash libreswan - Resolves: rhbz#2187171 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-2295 Oracle Linux 9 [102.11.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.11.0-1] - Update to 102.11.0 build1 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-32213 CVE-2023-32215 CVE-2023-32205 CVE-2023-32212 CVE-2023-32206 CVE-2023-32211 CVE-2023-32207 Oracle Linux 9 [2.39.3-1] - Update to 2.39.3 - Resolves: #2188352, #2188361, #2189976, #2189977 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-25815 CVE-2023-25652 CVE-2023-22490 CVE-2023-23946 CVE-2023-29007 Oracle Linux 9 [20230821] - Create new 20230821 release for OL8 which includes the following fixed CVEs: CVE-2019-14560 - Update to OpenSSL 1.1.1v which includes the following fixed CVEs: CVE-2023-3817 CVE-2023-3446 CVE-2023-2650 CVE-2023-0465 CVE-2023-0466 CVE-2023-0464 CVE-2023-0286 CVE-2023-0215 CVE-2022-4450 CVE-2022-4304 CVE-2022-2097 CVE-2022-2068 CVE-2022-1292 CVE-2022-0778 CVE-2021-4160 CVE-2021-3712 CVE-2021-3711 CVE-2021-3450 CVE-2021-3449 CVE-2021-23841 CVE-2021-23840 CVE-2020-1971 CVE-2020-1967 CVE-2019-1551 CVE-2019-1563 CVE-2019-1549 CVE-2019-1547 CVE-2019-1552 CVE-2019-1543 CVE-2018-0734 CVE-2018-0735 [20230613] - Create new 20230613.cvm release for OL8 [20230227] - Create new 20230227.cvm release for OL8 which includes the following fixed CVEs: CVE-2021-38578 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 CVE-2022-4304 cpe:/a:oracle:linux:9::developer_kvm_utils cpe:/a:oracle:linux:9::kvm_utils Oracle Linux 9 golang [1.19.9-2] - Fix TestEncryptOAEP and TLS failures in FIPS mode - Resolves: rhbz#2204476 [1.19.9-1] - Rebase to Go 1.19.9 - Resolves: rhbz#2204476 go-toolset [1.19.9-1] - Update to Go 1.19.9 - Related: rhbz#2204476 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-24540 Oracle Linux 9 [1.28.7-11.0.1] - header/footer not being printed in banner page. [Orabug: 28265099] (isaac.chen@oracle.com) - Fixes [Orabug: 29163824] source indentation not following convention (isaac.chen@oracle.com) [1.28.7-11.1] - CVE-2023-24805 cups-filters: remote code execution in cups-filters, beh CUPS backend IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-24805 __Affected_cpe_list__ Oracle Linux 9 [2.38.5-1.2] - Add patch for CVE-2023-28204 Resolves: #2209747 - Add patch for CVE-2023-32373 Resolves: #2209730 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-32373 CVE-2023-28204 __Affected_cpe_list__ Oracle Linux 9 [1.17.1-5.1] - Resolves: rhbz#2209519 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service [rhel-9.2.0.z] IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-32067 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 nodejs [1:18.14.2-3] - Update bundled c-ares to 1.19.1 Resolves: CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-31130 CVE-2023-32067 CVE-2023-31147 CVE-2023-31124 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [6.0.118-1.0.1] - Add missing Oracle Linux Runtime IDs [6.0.118-1] - Update to .NET SDK 6.0.118 and Runtime 6.0.18 - Resolves: RHBZ#2212379 [6.0.117-1] - Update to .NET SDK 6.0.117 and Runtime 6.0.17 - Resolves: RHBZ#2190264 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-24936 CVE-2023-29337 CVE-2023-33128 CVE-2023-29331 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [3.11.2-2.1] - Security fix for CVE-2023-24329 Resolves: rhbz#2173917 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-24329 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1:16.19.1-2] - Update bundled c-ares to 1.19.1 Resolves: CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 [1:16.19.1-1] - Rebase to 16.19.1 - Resolves: rhbz#2153714 - Resolves: CVE-2023-23918 CVE-2023-23919 CVE-2023-23936 CVE-2023-24807 CVE-2023-23920 - Resolves: CVE-2022-25881 CVE-2022-4904 [1:16.18.1-3] - Update sources of undici WASM blobs Resolves: rhbz#2151617 [1:16.18.1-2] - Add back libs and v8-devel subpackages - Related: RHBZ#2121126 - Record previously fixed CVE - Resolves: CVE-2021-44906 [1:16.18.1-1] - Rebase + CVEs - Resolves: #2142808 - Resolves: #2142826, #2131745, #2142855 [16.17.1-1] - Rebase to version 16.17.1 Resolves: CVE-2022-35255 CVE-2022-35256 [16.16.0-1] - Rebase to version 16.16.0 Resolves: RHBZ#2106290 Resolves: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 Resolves: CVE-2022-29244 [16.14.0-5] - Decouple dependency bundling from bootstrapping IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-31124 CVE-2023-32067 CVE-2023-31147 CVE-2023-31130 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [102.12.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.12.0-1] - Update to 102.12.0 build1 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-34414 CVE-2023-34416 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [102.12.0-1.0.1] - Updated homepages to use https [Orabug: 34648274] [102.12.0-1] - Update to 102.12.0 build1 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-34416 CVE-2023-34414 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [7.0.107-1.0.1] - Set TargetRid based on os release major version, add OL arm64 RuntimeIdentifier [Orabug: 34671152] [7.0.107-1] - Update to .NET SDK 7.0.107 and Runtime 7.0.7 - Resolves: RHBZ#2211877 [7.0.106-1] - Update to .NET SDK 7.0.106 and Runtime 7.0.6 - Resolves: RHBZ#2190269 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-24936 CVE-2023-32032 CVE-2023-29337 CVE-2023-29331 CVE-2023-33128 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [3.9.16-1.1] - Security fix for CVE-2023-24329 Resolves: rhbz#2173917 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-24329 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 8 Oracle Linux 9 [9:20200406-26] - Resolves: #2209872, CVE-2023-32700 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-32700 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 9 [4.4.0-8] - Fix CVE-2023-0800 CVE-2023-0801 CVE-2023-0802 CVE-2023-0803 CVE-2023-0804 CVE-2023-0795 CVE-2023-0796 CVE-2023-0797 CVE-2023-0798 CVE-2023-0799 CVE-2022-48281 - Resolves: CVE-2023-0800 CVE-2023-0801 CVE-2023-0802 CVE-2023-0803 CVE-2023-0804 CVE-2023-0795 CVE-2023-0796 CVE-2023-0797 CVE-2023-0798 CVE-2023-0799 CVE-2022-48281 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-0800 CVE-2023-0802 CVE-2023-0796 CVE-2023-0795 CVE-2023-0804 CVE-2023-0803 CVE-2023-0797 CVE-2023-0798 CVE-2023-0799 CVE-2022-48281 CVE-2023-0801 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [13.11-1.0.1] - Fixed postgresql port binding issue during bootup [Orabug: 35420628] [13.11-1] - Update to 13.11 - Resolves: #2207935 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-2454 CVE-2023-2455 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [9.0.0-10.2.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] [9.0.0-10.2.el9_2] - virpci: Resolve leak in virPCIVirtualFunctionList cleanup (CVE-2023-2700, rhbz#2208596) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-2700 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [3.0.7-16.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.7-16] - Fix possible DoS translating ASN.1 object identifiers Resolves: CVE-2023-2650 - Release the DRBG in global default libctx early Resolves: rhbz#2211396 [1:3.0.7-15.1] - Re-enable DHX keys in FIPS mode, disable FIPS 186-4 parameter validation and generation in FIPS mode Resolves: rhbz#2178030 [1:3.0.7-15] - Enforce using EMS in FIPS mode - alerts tuning Related: rhbz#2157951 [1:3.0.7-14] - Input buffer over-read in AES-XTS implementation on 64 bit ARM Resolves: rhbz#2188554 [1:3.0.7-13] - Enforce using EMS in FIPS mode Resolves: rhbz#2157951 - Fix excessive resource usage in verifying X509 policy constraints Resolves: rhbz#2186661 - Fix invalid certificate policies in leaf certificates check Resolves: rhbz#2187429 - Certificate policy check not enabled Resolves: rhbz#2187431 - OpenSSL rsa_verify_recover key length checks in FIPS mode Resolves: rhbz#2186819 [1:3.0.7-12] - Change explicit FIPS indicator for RSA decryption to unapproved Resolves: rhbz#2179379 [1:3.0.7-11] - Add missing reference to patchfile to add explicit FIPS indicator to RSA encryption and RSASVE and fix the gettable parameter list for the RSA asymmetric cipher implementation. Resolves: rhbz#2179379 [1:3.0.7-10] - Add explicit FIPS indicator to RSA encryption and RSASVE Resolves: rhbz#2179379 [1:3.0.7-9] - Fix explicit FIPS indicator for X9.42 KDF when used with output lengths < 14 bytes Resolves: rhbz#2175864 [1:3.0.7-8] - Fix Wpointer-sign compiler warning Resolves: rhbz#2178034 [1:3.0.7-7] - Add explicit FIPS indicators to key derivation functions Resolves: rhbz#2175860 rhbz#2175864 - Zeroize FIPS module integrity check MAC after check Resolves: rhbz#2175873 - Add explicit FIPS indicator for IV generation in AES-GCM Resolves: rhbz#2175868 - Add explicit FIPS indicator for PBKDF2, use test vector with FIPS-compliant salt in PBKDF2 FIPS self-test Resolves: rhbz#2178137 - Limit RSA_NO_PADDING for encryption and signature in FIPS mode Resolves: rhbz#2178029 - Pairwise consistency tests should use Digest+Sign/Verify Resolves: rhbz#2178034 - Forbid DHX keys import in FIPS mode Resolves: rhbz#2178030 - DH PCT should abort on failure Resolves: rhbz#2178039 - Increase RNG seeding buffer size to 32 Related: rhbz#2168224 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-2650 CVE-2023-0465 CVE-2023-0464 CVE-2023-0466 CVE-2023-1255 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 - [5.14.0-284.18.1_2] - cifs: fix wrong unlock before return from cifs_tree_connect() - docs: Remove the unnecessary unicode character - perf vendor events intel: Refresh ivytown metrics and events - perf vendor events: Update Intel ivytown - perf vendor events intel: Refresh jaketown metrics and events - perf vendor events: Update Intel jaketown - NFSD: RHEL-only bug introduced in fix for COMMIT and NFS4ERR_DELAY loop - NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop - workqueue: Fix isolated CPUs interference problem - sched/core: Fix arch_scale_freq_tick() on tickless systems - ice: no busy waiting in GNSS thread and for SQ commands - wdat_wdt: avoid watchdog timeout during reboot - hugetlbfs: don't delete error page from pagecache - mm/filemap: fix page end in filemap_get_read_batch - isched/deadline: Add more reschedule cases to prio_changed_dl() - sched/rt: Fix bad task migration for rt tasks - blk-mq: directly poll requests - KVM: VMX: Fix crash due to uninitialized current_vmcs - wifi: iwlwifi: mvm: protect TXQ list manipulation - crypto: jitter - permanent and intermittent health errors - cpufreq: intel_pstate: hybrid: Use known scaling factor for P-cores - cpufreq: intel_pstate: Read all MSRs on the target CPU - cpufreq: intel_pstate: Enable HWP IO boost for all servers - crypto: qat: Update QAT drivers upto v6.2 - info/owners.yaml: Adjust intel_qat subsystem entry - net: tls: fix possible race condition between do_tls_getsockopt_conf and do_tls_setsockopt_conf() {CVE-2023-28466} - i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() {CVE-2023-2194} - xfs: verify buffer contents when we skip log replay {CVE-2023-2124} - bluetooth: Perform careful capability checks in hci_sock_ioctl() {CVE-2023-2002} - netfilter: nf_tables: deactivate anonymous set from preparation phase {CVE-2023-32233} - perf: Fix check before add_event_to_groups() in perf_group_detach() {CVE-2023-2235} IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-2235 CVE-2023-2194 CVE-2023-2124 CVE-2023-28466 CVE-2023-2002 CVE-2023-32233 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [590-2] - Fix CVE-2022-46663 - Resolves: CVE-2022-46663 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-46663 cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 golang [1.19.10-1.0.1] - New Go version 1.19.10 [CVE-2023-29402] [CVE-2023-29403] [CVE-2023-29404] [CVE-2023-29405] go-toolset [1.19.10-1.0.1] - New Go version 1.19.10 [CVE-2023-29402] [CVE-2023-29403] [CVE-2023-29404] [CVE-2023-29405] CRITICAL Copyright 2023 Oracle, Inc. CVE-2023-29402 CVE-2023-29405 CVE-2023-29403 CVE-2023-29404 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [12.1.5-1.0.2] - [CISA Major Incident] CVE-2023-20867 open-vm-tools: authentication bypass vulnerability in the vgauth module LOW Copyright 2023 Oracle, Inc. CVE-2023-20867 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [9.0.9-3] - resolve CVE-2023-3128 grafana: Remove Email Lookup from oauth integrations (rhbz#2213701 rhbz#2213626) CRITICAL Copyright 2023 Oracle, Inc. CVE-2023-3128 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [7.0.109-1.0.1] - Set TargetRid based on os release major version, add OL arm64 RuntimeIdentifier [Orabug: 34671152] [7.0.109-1] - Update to .NET SDK 7.0.109 and Runtime 7.0.9 - Resolves: RHBZ#2219632 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-33170 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [6.0.120-1.0.1] - Add missing Oracle Linux Runtime IDs [6.0.120-1] - Update to .NET SDK 6.0.120 and Runtime 6.0.20 - Resolves: RHBZ#2219637 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-33170 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [102.13.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.13.0-2] - Update to 102.13.0 build2 [102.13.0-1] - Update to 102.13.0 build1 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-37207 CVE-2023-37201 CVE-2023-37211 CVE-2023-37208 CVE-2023-37202 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [102.13.0-2.0.1] - Updated homepages to use https [Orabug: 34648274] [102.13.0-2] - Update to 102.13.0 build2 [102.13.0-1] - Update to 102.13.0 build1 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-37207 CVE-2023-37211 CVE-2023-37202 CVE-2023-37208 CVE-2023-37201 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [32:9.16.23-11.1] - Improve RBT overmem cache cleaning (CVE-2023-2828) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-2828 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1:11.0.20.0.8-2.0.1] - Add Oracle vendor bug URL [Orabug: 34340155] - Fix tzdata requirement copy-and-paste error that led to two BuildRequires and no Requires [1:11.0.20.0.8-2] - Bump release number so we are newer than 9.0 - Related: rhbz#2221106 [1:11.0.20.0.8-1] - Update to jdk-11.0.20.0+8 (GA) - Update release notes to 11.0.20.0+8 - Drop local inclusion of JDK-8274864 & JDK-8305113 as they are included in 11.0.20+1 - Bump tzdata requirement to 2023c now it is available in the buildroot - Bump bundled LCMS version to 2.15 as in jdk-11.0.20+1. - Bump bundled HarfBuzz version to 7.0.1 as in jdk-11.0.20+7 - Use tapsets from the misc tarball - Introduce 'prelease' for the portable release versioning, to handle EA builds - Make sure root installation directory is created first - Use in-place substitution for all but the first of the tapset changes - Sync the copy of the portable specfile with the latest update - Add note at top of spec file about rebuilding - ** This tarball is embargoed until 2023-07-18 @ 1pm PT. ** - Resolves: rhbz#2217715 - Resolves: rhbz#2221106 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-22036 CVE-2023-22041 CVE-2023-22049 CVE-2023-22006 CVE-2023-25193 CVE-2023-22045 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1:17.0.8.0.7-2.0.1] - OpenJDK: ZIP file parsing infinite loop (8302483) (CVE-2023-22036) - OpenJDK: weakness in AES implementation (8308682) (CVE-2023-22041) - OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049) - harfbuzz: OpenJDK: O(n^2) growth via consecutive marks (CVE-2023-25193) - OpenJDK: HTTP client insufficient file name validation (8302475) (CVE-2023-22006) - OpenJDK: modulo operator array indexing issue (8304460) (CVE-2023-22044) - OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045) - Add Oracle vendor bug URL [Orabug: 34340155] [1:17.0.8.0.6-0.1.ea] - Update to jdk-17.0.8+6 (EA) - Sync the copy of the portable specfile with the latest update - Resolves: rhbz#2217716 [1:17.0.8.0.1-0.1.ea] - Update to jdk-17.0.8+1 (EA) - Update release notes to 17.0.8+1 - Switch to EA mode - Drop local inclusion of JDK-8274864 & JDK-8305113 as they are included in 17.0.8+1 - Bump bundled LCMS version to 2.15 as in jdk-17.0.8+1. - Bump bundled HarfBuzz version to 7.0.1 as in jdk-17.0.8+1 - Use tapsets from the misc tarball - Introduce 'prelease' for the portable release versioning, to handle EA builds - Make sure root installation directory is created first - Use in-place substitution for all but the first of the tapset changes - Related: rhbz#2217716 [1:17.0.7.0.7-4] - Introduce vm_variant global for consistency with future JDK builds - Related: rhbz#2203412 [1:17.0.7.0.7-4] - Exclude classes_nocoops.jsa on i686 and arm32 - Related: rhbz#2203412 [1:17.0.7.0.7-4] - Following JDK-8005165, class data sharing can be enabled on all JIT architectures - Related: rhbz#2203412 [1:17.0.7.0.7-4] - Fix packaging of CDS archives - Resolves: rhbz#2203412 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-22045 CVE-2023-22036 CVE-2023-22049 CVE-2023-22006 CVE-2023-22041 CVE-2023-22044 CVE-2023-25193 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1:1.8.0.382.b05-2.0.1] - Add Oracle vendor bug URL [Orabug: 34340155] [1:1.8.0.382.b05-2] - CVE-2023-22045 and CVE-2023-22049 fixed - Release bump for Oracle rebuild [1:1.8.0.382.b05-1] - Update to shenandoah-jdk8u372-b05 (GA) - Update release notes for shenandoah-8u372-b05. - ** This tarball is embargoed until 2023-07-18 @ 1pm PT. ** - Resolves: rhbz#2221106 [1:1.8.0.382.b04-0.1.ea] - Update to shenandoah-jdk8u382-b04 (EA) - Update release notes for shenandoah-8u382-b04. - Related: rhbz#2221106 [1:1.8.0.382.b01-0.1.ea] - Update to shenandoah-jdk8u382-b01 (EA) - Update release notes for shenandoah-8u382-b01. - Switch to EA mode. - Remove JDK-8271199 patch which is now upstream. - Related: rhbz#2221106 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-22045 CVE-2023-22049 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [2.38.5-1.3] - Disable JIT (CVE-2023-32435, CVE-2023-32439) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-32439 CVE-2023-32435 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [4.17.5-103.0.1] - Fix memleak in _nss_winbind_initgroups_dyn [Orabug: 34994509] [4.17.5-103] - resolves: rhbz#2223600 - Fix trust relationship between workstation and DC - resolves: rhbz#2222895 - Fix CVE-2023-3347 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-3347 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 pgaudit pg_repack postgres-decoderbufs postgresql [15.3-1] - update to 15.3 - Fixes CVE-2023-2454 and CVE-2023-2455 Resolves: #2214875 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-2455 CVE-2023-2454 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9:2:appstream_patch Oracle Linux 9 nodejs [1:18.16.1-1] - Rebase to 18.16.1 Resolves: rhbz#2188292 rhbz#2187683 Resolves: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 - Replace /usr/etc/npmrc symlink with builtin configuration Resolves: rhbz#2222285 nodejs-nodemon nodejs-packaging MODERATE Copyright 2023 Oracle, Inc. CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 CVE-2023-30581 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [1:16.20.1-1] - Rebase to 16.20.1 Resolves: rhbz#2188291 Resolves: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 - Replace /usr/etc/npmrc symlink with builtin configuration Resolves: rhbz#2177781 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-30588 CVE-2023-30581 CVE-2023-30590 CVE-2023-30589 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [0.4.1-3] - Fix stack-based buffer overflow in read_file(). Resolves: #2212467 (CVE-2023-22652) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-22652 cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [2.9.13-3.1] - Fix CVE-2023-28484 (#2186694) - Fix CVE-2023-29469 (#2186694) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-29469 CVE-2023-28484 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [2.25.1-7] - Security fix for CVE-2023-32681 Resolves: rhbz#2209469 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-32681 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [7.76.1-23.el9_2.2] - unify the upload/method handling (CVE-2023-28322) - fix host name wildcard checking (CVE-2023-28321) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-28321 CVE-2023-28322 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [5.14.0-284.25.1.0.1_2] - Fix KVM: x86/mmu: Fix race condition in direct_page_fault [Orabug: 35673032] {CVE-2022-45869} [5.14.0-284.25.1_2] - KVM: x86/mmu: Fix race condition in direct_page_fault - prlimit: do_prlimit needs to have a speculation check {CVE-2023-0458} - x86/speculation: Allow enabling STIBP with legacy IBRS {CVE-2023-1998} - ipvlan: Fix out of bounds caused by unclear skb->cb {CVE-2023-3090} - net/sched: flower: fix possible OOB write in fl_set_geneve_opt {CVE-2023-35788} IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-0458 CVE-2023-35788 CVE-2022-45869 CVE-2023-3090 CVE-2023-1998 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [0.6.1-13] - CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE Resolves: rhbz#2223308 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-37464 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [8.7p1-30] - Avoid remote code execution in ssh-agent PKCS#11 support Resolves: CVE-2023-38408 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-38408 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [102.14.0-1.0.1] - Updated homepages to use https [Orabug: 34648274] [102.14.0-1] - Update to 102.14.0 build1 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-4047 CVE-2023-4057 CVE-2023-4050 CVE-2023-4048 CVE-2023-4049 CVE-2023-4046 CVE-2023-4055 CVE-2023-4045 CVE-2023-4056 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [102.14.0-1.0.1] - Update to 102.14.0 build1 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-4049 CVE-2023-4056 CVE-2023-4046 CVE-2023-4047 CVE-2023-4057 CVE-2023-4045 CVE-2023-4050 CVE-2023-3417 CVE-2023-4048 CVE-2023-4055 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1:1.12.20-7.0.1.1] - Fix CVE-2023-34969 (#2213402) [1.12.20-7.0.1] - fix netlink poll: error 4 (Zhenzhong Duan) [1:1.12.20-7] - Fix CVE-2022-42010 (#2133647) - Fix CVE-2022-42011 (#2133641) - Fix CVE-2022-42012 (#2133635) [1:1.12.20-6] - Override upstream sysusers.d confguration (#2118226) [1:1.12.20-5] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-34969 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [3.9-10] - Fixes CVE-2023-38403 Resolves: rhbz#2223676 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-38403 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1.66.1-2] - rust-cargo: cargo does not respect the umask when extracting dependencies (CVE-2023-38497) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-38497 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [7.0.110-1.0.1] - Update to .NET SDK 7.0.110 and Runtime 7.0.10 - Resolves: RHBZ#2228571 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-38180 CVE-2023-35390 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [6.0.121-1.0.1] - Update to .NET SDK 6.0.121 and Runtime 6.0.21 - Resolves: RHBZ#2228567 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-35390 CVE-2023-38180 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1:2.3.3op2-16.1] - CVE-2023-32360 cups: Information leak through Cups-Get-Document operation IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-32360 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [102.15.0-1.0.1] - Update to 102.15.0 build1 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-4573 CVE-2023-4577 CVE-2023-4578 CVE-2023-4051 CVE-2023-4581 CVE-2023-4583 CVE-2023-4574 CVE-2023-4585 CVE-2023-4053 CVE-2023-4580 CVE-2023-4575 CVE-2023-4584 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [102.15.0-1.0.1] - Update to 102.15.0 build2 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-4573 CVE-2023-4585 CVE-2023-4574 CVE-2023-4578 CVE-2023-4583 CVE-2023-4051 CVE-2023-4577 CVE-2023-4581 CVE-2023-4580 CVE-2023-4584 CVE-2023-4053 CVE-2023-4575 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1.3.3-10.el9_2.1] - don't free memory that is still used after realloc() error (CVE-2020-22219) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2020-22219 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1:3.3-7.1] - Resolves: CVE-2023-30630 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-30630 cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [20230516-999.27.git6c9e0ed5.el9] - Update firmware for qat_4xxx devices (Orabug: 35811008) [20230516-999.26.git6c9e0ed5.el9] - Run dracut -f in %posttrans instead of %post (Orabug: 35661938) - Drop latest AMD microcode commits to family 19 file to include Milan microcode but not Genoa (Orabug: 35708511) [20230516-999.25.git6c9e0ed5.el9] - Add missing amd-ucode/ files to nano and core rpm (Orabug: 35642190) - Add posttrans scriptlet to reload microcode on AMD (Orabug: 35636951) - Recreate initramfs for AMD systems (Orabug: 35636951) [20230516-999.24.git6c9e0ed5.el7] - 8a07fa49 linux-firmware: Update AMD fam19h cpu microcode (Orabug: 35659485) [20230516-999.23.git6c9e0ed5.el9] - Firmware files need to be uncompressed for early kernel load to work - Resolves Zenbleed (Orabug: 35650345) {CVE-2023-20593} MODERATE Copyright 2023 Oracle, Inc. CVE-2023-20593 cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 - [5.14.0-284.30.0.1_2.OL9] - x86/tsx: Add a feature bit for TSX control MSR support {CVE-2023-1637} - x86/speculation: Restore speculation related MSRs {CVE-2023-1637} - x86/pm: Save the MSR validity status at context setup {CVE-2023-1637} - x86/pm: Fix false positive kmemleak report in msr_build_context() {CVE-2023-1637} - x86/cpu: Restore AMD's DE_CFG MSR after resume {CVE-2023-1637} - x86/pm: Add enumeration check before spec MSRs {CVE-2023-1637} - arm64: efi: Execute runtime services from a dedicated {CVE-2023-21102} - netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE {CVE-2023-3390} - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain {CVE-2023-3390} - netfilter: nf_tables: unbind non-anonymous set if rule construction fails {CVE-2023-3390} - netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID {CVE-2023-4147} - netfilter: nf_tables: do not ignore genmask when looking up chain by id {CVE-2023-31248} - netfilter: nf_tables: prevent OOB access in nft_byteorder_eval {CVE-2023-35001} - netfilter: nft_set_pipapo: fix improper element removal {CVE-2023-4004} - net/sched: cls_fw: Fix improper refcount update leads to use-after-free {CVE-2023-3776} IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-1637 CVE-2023-3776 CVE-2023-21102 CVE-2023-4147 CVE-2023-35001 CVE-2023-3390 CVE-2023-31248 CVE-2023-4004 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [2.48-9] - Fix integer overflow in _libcap_strdup() (CVE-2023-2603) Resolves: rhbz#2210638 - Correctly check pthread_create() return value to avoid memory leak (CVE-2023-2602) Resolves: rhbz#2222198 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-2602 CVE-2023-2603 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [6.5.2-6] - Fix registrar is subject to a DoS against SSL (CVE-2023-38200) Resolves: rhbz#2222694 - Fix challenge-protocol bypass during agent registration (CVE-2023-38201) Resolves: rhbz#2222695 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-38201 CVE-2023-38200 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [2.50.7-1.el9_2.1] - Fix CVE-2023-38633 (#2224947) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-38633 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [7.2.0-14.el9_2.5] - rhel guest failed boot with multi disks on error Failed to start udev Wait for Complete Device Initialization - CVE-2023-3354 QEMU: VNC: improper I/O watch removal in TLS handshake can lead to remote unauthenticated denial of service - hotplug/hotunplug mlx vdpa device to the occupied addr port, then qemu core dump occurs after shutdown guest IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-3354 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [6.0.122-1.0.1] - Update to .NET SDK 6.0.122 and Runtime 6.0.22 - Resolves: RHEL-1997 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-36799 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [7.0.111-1.0.1] - Update to .NET SDK 7.0.111 and Runtime 7.0.11 - Resolves: RHEL-2000 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-36799 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [8.3.1-5.2] - Fix for CVE-2023-38802 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-38802 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [102.15.1-1.0.1] - Update to 102.15.1 build2 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-4863 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1.2.0-7] - Added fix for CVE-2023-4863 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-4863 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [102.15.1-1.0.1] - Update to 102.15.1 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-4863 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [12.1.5-1.0.2.3] - Resolves: RHEL-4584 (CVE-2023-20900 open-vm-tools: SAML token signature bypass IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-20900 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 nodejs [1:18.17.1-1] - Rebase to version 18.17.1 Resolves: rhbz#2228940 Resolves: CVE-2023-32002 CVE-2023-32006 CVE-2023-32559 - Specify proper OpenSSL configuration section build Related: rhbz#2226726 nodejs-nodemon [3.0.1-1] - Rebase to 3.0.1 - Resolves: CVE-2022-25883 nodejs-packaging IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-32006 CVE-2023-32002 CVE-2022-25883 CVE-2023-32559 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [115.3.1-1.0.1] - Update to 115.3.1 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-5169 CVE-2023-5176 CVE-2023-3600 CVE-2023-5217 CVE-2023-5171 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [115.3.1-1.0.1] - Update to 115.3.1 build1 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-5169 CVE-2023-5217 CVE-2023-5171 CVE-2023-5176 CVE-2023-3600 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [2.34-60.0.3.7] - CVE-2023-4527: Stack read overflow in getaddrinfo in no-aaa mode (#2234716). - CVE-2203-4806: potential use-after-free in getaddrinfo. - CVE-2023-4813: potential use-after-free in gaih_inet. Reviewed by: Jose E. Marchesi <jose.marchesi@oracle.com> IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-4813 CVE-2023-4806 CVE-2023-4527 CVE-2023-4911 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [3.11.2-2.2] - Security fix for CVE-2023-40217 Resolves: rhbz#2235789 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-40217 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [9.54.0-10] - fix for CVE-2023-36664 - Resolves: rhbz#2217798 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-36664 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [3.9.16-1.2] - Security fix for CVE-2023-40217 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-40217 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [1:16.20.2-1] - Update to 16.20.2-1 Resolves CVE-2023-32002 CVE-2023-32006 CVE-2023-32559 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-32002 CVE-2023-32006 CVE-2023-32559 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1.9.0-7] - Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217) Resolves: rhbz#2241191 - crash related to VP9 encoding in libvpx (CVE-2023-44488) Resolves: rhbz#2241806 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-44488 CVE-2023-5217 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 galera [26.4.14-1.0.1] - Rebase to 26.4.14 [26.4.13-1.0.1] - Rebase to 26.4.13 [26.4.12-1.0.1] - Rebase to 26.4.12 mariadb [3:10.5.22-1] - Rebase to 10.5.22 [3:10.5.21-1] - Rebase to version 10.5.21 [3:10.5.20-2] - Use _fortify_level to disable fortification in debug builds [3:10.5.20-1] - Rebase to version 10.5.20 [3:10.5.18-1] - Rebase to 10.5.18 - OpenSSL 3 patch upstreamed IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-32081 CVE-2022-47015 CVE-2022-32089 CVE-2022-32084 CVE-2022-32091 CVE-2022-32082 CVE-2022-38791 CVE-2023-5157 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [32:9.16.23-11.2] - stack exhaustion in control channel code may lead to DoS (CVE-2023-3341) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-3341 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [6.0.123-1.0.1] - Update to .NET SDK 6.0.123 and Runtime 6.0.23 - Resolves: RHEL-11696 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-44487 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1:1.20.1-14.0.1.1] - Resolves: RHEL-12518 - nginx: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-44487 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1:1.8.0.392.b08-3.0.1] - Update to shenandoah-jdk8u392-b08 (GA) - OpenJDK: segmentation fault in ciMethodBlocks (CVE-2022-40433) - OpenJDK: IOR deserialization issue in CORBA (8303384) (CVE-2023-22067) - OpenJDK: certificate path validation issue during client authentication (8309966) (CVE-2023-22081) - A maximum signature file size property, jdk.jar.maxSignatureFileSize, was introduced in the 8u382 release of OpenJDK by JDK-8300596, with a default of 8 MB. This default proved to be too small for some JAR files. This release, 8u392, increases it to 16 MB. (RHEL-13593) MODERATE Copyright 2023 Oracle, Inc. CVE-2022-40433 CVE-2023-22081 CVE-2023-22067 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 golang [1.19.13-1] - Update to go 1.19.13 [CVE-2023-44487] [CVE-2023-39325] [CVE-2023-29409] go-toolset [1.19.13-1] - Update to Go version 1.19.13 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-39325 CVE-2023-29409 CVE-2023-44487 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1:11.0.21.0.9-2.0.1] - Add Oracle vendor bug URL [Orabug: 34340155] - Update to jdk-11.0.21+9 (GA) - Update release notes to 11.0.21+9 - OpenJDK: certificate path validation issue during client authentication (8309966) (CVE-2023-22081) - OpenJDK: Additional zip64 files validation (8313765) (RHBZ#2237170) - OpenJDK: Print an exception when encountering null addresses while producing thread dumps (8243210) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-22081 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [7.0.112-1.0.1] - Update to .NET SDK 7.0.112 and Runtime 7.0.12 - Resolves: RHEL-11698 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-44487 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1:17.0.9.0.9-2.0.1] - Update to jdk-17.0.9+9 (GA) - Update release notes to 17.0.9+9 - OpenJDK: memory corruption issue on x86_64 with AVX-512 (JDK-8317121) (CVE-2023-22025) - OpenJDK: certificate path validation issue during client authentication (JDK-8309966) (CVE-2023-22081) - OpenJDK: Additional zip64 files validation (JDK-8313765) (RHBZ#2237170) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-22081 CVE-2023-22025 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [7.76.1-23.el9_2.4] - curl: a heap-based buffer overflow in the SOCKS5 proxy handshake (CVE-2023-38545) - curl: cookie injection with none file (CVE-2023-38546) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-38546 CVE-2023-38545 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [1:16.20.2-3.0.1] - Update nghttp2 to 1.57.0 Resolves: CVE-2023-44487 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-44487 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1.43.0-5.1] - fix HTTP/2 Rapid Reset (CVE-2023-44487) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-44487 cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 nodejs [1:18.18.2-2] - Rebase to version 18.18.2 Resolves: CVE-2023-44487 CVE-2023-45143 CVE-2023-38552 CVE-2023-39333 nodejs-nodemon [3.0.1-1] - Rebase to 3.0.1 - Resolves: CVE-2022-25883 nodejs-packaging [2021.06-4] - NPM bundler: also find namespaced bundled dependencies [2021.06-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild [2021.06-2] - Fix hard-coded output directory in the bundler [2021.06-1] - Update to 2021.06-1 - bundler: Handle archaic license metadata - bundler: Warn about bundled dependencies with no license metadata [2021.01-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild [2021.01-2] - nodejs-packaging-bundler improvements to handle uncommon characters [2021.01] - Add nodejs-packaging-bundler and update README.md [2020.09-1] - Move to dist-git as the upstream [25-1] - Fix incorrect bundled library detection for Requires [24-1] - Check node_modules_prod for bundled dependencies [23-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [23-3] - Drop Requires: nodejs(engine) [23-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-44487 CVE-2023-39333 CVE-2023-38552 CVE-2023-45143 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [9.0.9-4] - Resolve CVE-2023-44487 Rapid Reset Attack - Resolve CVE-2023-39325 rapid stream resets can cause excessive work MODERATE Copyright 2023 Oracle, Inc. CVE-2023-39325 CVE-2023-44487 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [6.6.2-3.el9_2.1] - Add parameters h2_rst_allowance and h2_rst_allowance_period to mitigate CVE-2023-44487 - Resolves: RHEL-12818 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-44487 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [8.0.30-1] - rebase to 8.0.30 - Resolves: RHEL-11946 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-0567 CVE-2023-0662 CVE-2023-0568 CVE-2023-3247 CVE-2023-3824 CVE-2023-3823 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1:9.0.62-11.3] - HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-44487 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1:1.22.1-3.0.1.1] - Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (CVE-2023-44487) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-44487 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [9.2-2] - Rebase to ntfs-3g 2022.10.3 - Fixes: CVE-2022-40284 - resolves: rhbz#2236130 LOW Copyright 2023 Oracle, Inc. CVE-2022-40284 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [115.4.0-1.0.1] - Update to 115.4.0 build1 - Add fix for CVE-2023-44488 - Set homepage from os-release HOME_URL IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-5732 CVE-2023-5725 CVE-2023-5730 CVE-2023-5728 CVE-2023-5721 CVE-2023-5724 CVE-2023-44488 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [115.4.1-1.0.1] - Update to 115.4.1 build1 - Add fix for CVE-2023-44488 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-5721 CVE-2023-5730 CVE-2023-5725 CVE-2023-5728 CVE-2023-5732 CVE-2023-44488 CVE-2023-5724 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [6.0.124-1.0.1] - Update to .NET SDK 6.0.124 and Runtime 6.0.24 - Resolves: RHEL-14462 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-36799 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [7.0.113-1.0.1] - Update to .NET SDK 7.0.113 and Runtime 7.0.13 - Resolves: RHEL-14467 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-36799 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [9.54.0-11] - fix for CVE-2023-43115 - Resolves: rhbz#2241108 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-43115 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [7:5.5-5.el9_2.1] - Improve HTTP chunked encoding compliance (CVE-2023-46846) - Fix stack buffer overflow when parsing Digest Authorization (CVE-2023-46847) - Fix userinfo percent-encoding (CVE-2023-46848) CRITICAL Copyright 2023 Oracle, Inc. CVE-2023-46847 CVE-2023-46848 CVE-2023-46846 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [0.11.6-3] - Refreshing any page in pcs-web-ui no longer causes it to display a blank page - Resolves: rhbz#2222788 [0.11.6-2] - Added BuildRequires: debugedit - for generating MiniDebugInfo - triggered by removing find-debuginfo.sh from rpm - Make use of filters when extracting tarballs to enhance security if provided by Python (pcs config restore command) - Exporting constraints with rules in form of pcs commands now escapes # and fixes spaces in dates to make the commands valid - Constraints containing options unsupported by pcs are not exported and a warning is printed instead - Using spaces in dates in location constraint rules is deprecated - Resolves: rhbz#2163953 rhbz#2216434 rhbz#2217850 rhbz#2219407 [0.11.6-1] - Rebased to the latest upstream sources (see CHANGELOG.md) - Updated bundled rubygems: puma, tilt - Resolves: rhbz#1465829 rhbz#2163440 rhbz#2168155 [0.11.5-2] - Fixed a regression causing crash in pcs resource move command (broken since pcs-0.11.5) - Resolves: rhbz#2210855 [0.11.5-1] - Rebased to the latest upstream sources (see CHANGELOG.md) - Updated pcs-web-ui - Updated bundled dependencies: tornado, dacite - Added bundled rubygems: nio4r, puma - Removed bundled rubygems: daemons, eventmachine, thin, webrick - Updated bundled rubygems: backports, rack, rack-protection, rack-test, sinatra, tilt - Added dependency nss-tools - for working with qdevice certificates - Resolves: rhbz#1423473 rhbz#1860626 rhbz#2160664 rhbz#2163440 rhbz#2163914 rhbz#2163953 rhbz#2168155 rhbz#2168617 rhbz#2174735 rhbz#2174829 rhbz#2175881 rhbz#2177996 rhbz#2178701 rhbz#2178714 rhbz#2179902 rhbz#2180379 rhbz#2182810 LOW Copyright 2023 Oracle, Inc. CVE-2022-38900 cpe:/a:oracle:linux:9::addons Oracle Linux 9 [22.3.1-4] - Use tarfile.data_filter for extracting (CVE-2007-4559, PEP-721, PEP-706) Resolves: RHBZ#2218247 [22.3.1-3] - Fix changelog to contain Fedora contributors Resolves: RHEL-232 MODERATE Copyright 2023 Oracle, Inc. CVE-2007-4559 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [20230524-3] - edk2-OvmfPkg-AmdSev-fix-BdsPlatform.c-assertion-failure-d.patch [bz#2190244] - edk2-OvmfPkg-IoMmuDxe-add-locking-to-IoMmuAllocateBounceB.patch [bz#2211060] - edk2-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch [bz#2218196] - Resolves: bz#2190244 ([EDK2] [AMDSERVER 9.3 Bug] OVMF AP Creation Fixes) - Resolves: bz#2211060 (SEV-es guest randomly stuck at boot to hard drive screen from powerdown and boot again) - Resolves: bz#2218196 (Add vtpm devices with OVMF.amdsev.fd causes VM reset) [20230524-2] - edk2-ArmVirt-add-VirtioSerialDxe-to-ArmVirtQemu-builds.patch [RHEL-643] - edk2-ArmVirt-PlatformBootManagerLib-factor-out-IsVirtio.patch [RHEL-643] - edk2-ArmVirt-PlatformBootManagerLib-factor-out-IsVirtioPc.patch [RHEL-643] - edk2-ArmVirt-PlatformBootManagerLib-set-up-virtio-serial-.patch [RHEL-643] - edk2-OvmfPkg-VirtioSerialDxe-use-TPL_NOTIFY.patch [RHEL-643] - edk2-OvmfPkg-VirtioSerialDxe-Remove-noisy-debug-print-on-.patch [RHEL-643] - edk2-OvmfPkg-PlatformInitLib-limit-phys-bits-to-46.patch [bz#2174749] - edk2-Revert-OvmfPkg-disable-dynamic-mmio-window-rhel-only.patch [bz#2174749] - edk2-UefiCpuPkg-MpInitLib-fix-apic-mode-for-cpu-hotplug.patch [bz#2124143] - edk2-OvmfPkg-PlatformInitLib-check-PcdUse1GPageTable.patch [RHEL-644] - edk2-OvmfPkg-OvmfPkgIa32X64-enable-1G-pages.patch [RHEL-644] - edk2-OvmfPkg-MicrovmX64-enable-1G-pages.patch [RHEL-644] - Resolves: RHEL-643 (add virtio serial support to armvirt) - Resolves: bz#2174749 ([edk2] re-enable dynamic mmio window) - Resolves: bz#2124143 (ovmf must consider max cpu count not boot cpu count for apic mode [rhel-9]) - Resolves: RHEL-644 (enable gigabyte pages) [20230524-1] - Rebase to edk2-stable202305 tag [RHEL-585] Resolves: RHEL-585 ([rhel-9.3] rebase EDK2 to edk2-stable202305) [20230301gitf80f052277c8-5] - edk2-dbx-update-2023-05-09-black-lotus-edition.patch [RHEL-470] - edk2-json-descriptors-explicitly-set-mode-split.patch [RHEL-469] - Resolves: RHEL-470 (edk2: update variable store with latest dbx updates (may 9, black lotus edition)) - Resolves: RHEL-469 (explicitly set mode = split in firmware json description files) [20230301gitf80f052277c8-4] - edk2-OvmfPkg-Clarify-invariants-for-NestedInterruptTplLib.patch [bz#2189136] - edk2-OvmfPkg-Relax-assertion-that-interrupts-do-not-occur.patch [bz#2189136] - Resolves: bz#2189136 (windows 11 installation broken with edk2-20230301gitf80f052277c8-1.el9) [20230301gitf80f052277c8-3] - edk2-add-aarch64-qcow2-images.patch [bz#2186754] - edk2-update-json-files.patch [bz#2186754] - edk2-add-libvirt-version-conflict.patch [bz#2186754] - edk2-add-dbx-update-blob-rh-only.patch [RHEL-377] - edk2-spec-apply-dbx-update-rh-only.patch [RHEL-377] - Resolves: bz#2186754 (edk2: Add firmware images in qcow2 format) - Resolves: RHEL-377 (edk2: ship secure build variable store with latest dbx updates) [20230301gitf80f052277c8-2] - edk2-build-script-update.patch [bz#2183230] - edk2-PcdDxeNxMemoryProtectionPolicy-update.patch [bz#2183230] - Resolves: bz#2183230 ([edk2] Instruction abort exception when booting a VM) [20230301gitf80f052277c8-1] - Rebase to edk2-stable202302 [RHEL-266] - Resolves: RHEL-266 (rebase edk2 to 2023-02 stable tag) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-2650 CVE-2019-14560 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1.20.11-19] - Backport fix for a deadlock with DRI3 Resolves: rhbz#2192550 [1.20.11-18] - CVE fix for: CVE-2023-1393 Resolves: rhbz#2180297 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-1393 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [22.1.9-2] - Rebuild (#2158761) [22.1.9-1] - xwayland 22.1.9 (#2158761) [21.1.3-8] - Fix CVE-2023-1393 (#2180299) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-1393 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::distro_builder Oracle Linux 9 [0.20.2-6] - Fix CVE-2021-32142 Resolves: #2172140 MODERATE Copyright 2023 Oracle, Inc. CVE-2021-32142 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::distro_builder cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [2:1.13.3-1] - update to https://github.com/containers/skopeo/releases/tag/v1.13.3 - Related: #2176063 [2:1.13.2-1] - update to https://github.com/containers/skopeo/releases/tag/v1.13.2 - Related: #2176063 [2:1.13.1-1] - update to https://github.com/containers/skopeo/releases/tag/v1.13.1 - Related: #2176063 [2:1.13.0-1] - update to https://github.com/containers/skopeo/releases/tag/v1.13.0 - Related: #2176063 [2:1.12.0-3] - rebuild for following CVEs: CVE-2022-41724 CVE-2022-41725 CVE-2023-24537 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539 CVE-2023-24540 CVE-2023-29400 - Resolves: #2179967 - Resolves: #2187323 - Resolves: #2187384 - Resolves: #2203703 - Resolves: #2207523 [2:1.12.0-2] - remove fakeroot from skopeo-tests - Related: #2176063 [2:1.12.0-1] - update to 1.12.0 - Related: #2176063 [2:1.11.3-0.1] - update to the latest content of https://github.com/containers/skopeo/tree/release-1.11 (https://github.com/containers/skopeo/commit/d79588e) - Related: #2176063 [2:1.11.2-0.2] - update to the latest content of https://github.com/containers/skopeo/tree/release-1.11 (https://github.com/containers/skopeo/commit/8191ef3) - Related: #2176063 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-24536 CVE-2023-24538 CVE-2022-41723 CVE-2023-24540 CVE-2022-41724 CVE-2023-29406 CVE-2023-24534 CVE-2023-29400 CVE-2023-24537 CVE-2022-41725 CVE-2023-24539 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [2.4.9.4-4] Resolves: rhbz#2189268 - auth_openidc.conf mode 0640 by default [2.4.9.4-3] - Resolves: rhbz#2184145 - CVE-2023-28625 NULL pointer dereference when OIDCStripCookies is set and a crafted Cookie header is supplied [2.4.9.4-2] - Resolves: rhbz#2153656 - CVE-2022-23527 - Open Redirect in oidc_validate_redirect_url() using tab character MODERATE Copyright 2023 Oracle, Inc. CVE-2023-28625 CVE-2022-23527 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [8.0.0-16.el9_3] - kvm-migration-Add-migration-prefix-to-functions-in-targe.patch [bz#2229868] - kvm-migration-Move-more-initializations-to-migrate_init.patch [bz#2229868] - kvm-migration-Add-.save_prepare-handler-to-struct-SaveVM.patch [bz#2229868] - kvm-vfio-migration-Block-VFIO-migration-with-postcopy-mi.patch [bz#2229868] - Resolves: bz#2229868 ([vfio migration]Disable postcopy for VM with migratable vfio device) [8.0.0-15.el9_3] - kvm-io-remove-io-watch-if-TLS-channel-is-closed-during-h.patch [bz#2216504] - Resolves: bz#2216504 (CVE-2023-3354 qemu-kvm: QEMU: VNC: improper I/O watch removal in TLS handshake can lead to remote unauthenticated denial of service [rhel-9.3.0]) [8.0.0-13] - kvm-vdpa-return-errno-in-vhost_vdpa_get_vring_group-erro.patch [RHEL-923] - kvm-vdpa-move-CVQ-isolation-check-to-net_init_vhost_vdpa.patch [RHEL-923] - kvm-vdpa-use-first-queue-SVQ-state-for-CVQ-default.patch [RHEL-923] - kvm-vdpa-export-vhost_vdpa_set_vring_ready.patch [RHEL-923] - kvm-vdpa-rename-vhost_vdpa_net_load-to-vhost_vdpa_net_cv.patch [RHEL-923] - kvm-vdpa-move-vhost_vdpa_set_vring_ready-to-the-caller.patch [RHEL-923] - kvm-vdpa-remove-net-cvq-migration-blocker.patch [RHEL-923] - Resolves: RHEL-923 (vhost shadow virtqueue: state restore through CVQ) [8.0.0-12] - kvm-target-i386-allow-versioned-CPUs-to-specify-new-cach.patch [bz#2094913] - kvm-target-i386-Add-new-EPYC-CPU-versions-with-updated-c.patch [bz#2094913] - kvm-target-i386-Add-a-couple-of-feature-bits-in-8000_000.patch [bz#2094913] - kvm-target-i386-Add-feature-bits-for-CPUID_Fn80000021_EA.patch [bz#2094913] - kvm-target-i386-Add-missing-feature-bits-in-EPYC-Milan-m.patch [bz#2094913] - kvm-target-i386-Add-VNMI-and-automatic-IBRS-feature-bits.patch [bz#2094913] - kvm-target-i386-Add-EPYC-Genoa-model-to-support-Zen-4-pr.patch [bz#2094913] - Resolves: bz#2094913 (Add EPYC-Genoa CPU model in qemu) [8.0.0-11] - kvm-block-blkio-enable-the-completion-eventfd.patch [bz#2225354 bz#2225439] - kvm-block-blkio-do-not-use-open-flags-in-qemu_open.patch [bz#2225354 bz#2225439] - kvm-block-blkio-move-blkio_connect-in-the-drivers-functi.patch [bz#2225354 bz#2225439] - kvm-block-blkio-retry-blkio_connect-if-it-fails-using-fd.patch [bz#2225354 bz#2225439] - kvm-block-blkio-fall-back-on-using-path-when-fd-setting-.patch [bz#2225354 bz#2225439] - kvm-block-blkio-use-blkio_set_int-fd-to-check-fd-support.patch [bz#2225354 bz#2225439] - kvm-hw-virtio-iommu-Fix-potential-OOB-access-in-virtio_i.patch [bz#2229133] - kvm-virtio-iommu-Standardize-granule-extraction-and-form.patch [bz#2229133] - kvm-hw-arm-smmu-Handle-big-endian-hosts-correctly.patch [bz#2229133] - kvm-qapi-i386-sev-Change-the-reduced-phys-bits-value-fro.patch [bz#2214839] - kvm-qemu-options.hx-Update-the-reduced-phys-bits-documen.patch [bz#2214839] - kvm-i386-sev-Update-checks-and-information-related-to-re.patch [bz#2214839] - kvm-i386-cpu-Update-how-the-EBX-register-of-CPUID-0x8000.patch [bz#2214839] - kvm-Provide-elf2dmp-binary-in-qemu-tools.patch [bz#2165917] - Resolves: bz#2225354 ([vdpa-blk] The new driver virtio-blk-vhost-user not work in VM booting) - Resolves: bz#2225439 ([vdpa-blk] read-only=on option not work on driver virtio-blk-vhost-vdpa) - Resolves: bz#2229133 (Backport some virtio-iommu and smmu fixes) - Resolves: bz#2214839 ([AMDSERVER 9.3 Bug] Qemu SEV reduced-phys-bits fixes) - Resolves: bz#2165917 (qemu-kvm: contrib/elf2dmp: Windows Server 2022 support) [8.0.0-10] - kvm-util-iov-Make-qiov_slice-public.patch [bz#2174676] - kvm-block-Collapse-padded-I-O-vecs-exceeding-IOV_MAX.patch [bz#2174676] - kvm-util-iov-Remove-qemu_iovec_init_extended.patch [bz#2174676] - kvm-iotests-iov-padding-New-test.patch [bz#2174676] - kvm-block-Fix-pad_request-s-request-restriction.patch [bz#2174676] - kvm-vdpa-do-not-block-migration-if-device-has-cvq-and-x-.patch [RHEL-573] - kvm-virtio-net-correctly-report-maximum-tx_queue_size-va.patch [bz#2040509] - kvm-hw-pci-Disable-PCI_ERR_UNCOR_MASK-reg-for-machine-ty.patch [bz#2223691] - kvm-vhost-vdpa-mute-unaligned-memory-error-report.patch [bz#2141965] - Resolves: bz#2174676 (Guest hit EXT4-fs error on host 4K disk when repeatedly hot-plug/unplug running IO disk [RHEL9]) - Resolves: RHEL-573 ([mlx vhost_vdpa][rhel 9.3]live migration fail with 'net vdpa cannot migrate with CVQ feature') - Resolves: bz#2040509 ([RFE]:Add support for changing 'tx_queue_size' to a setable value) - Resolves: bz#2223691 ([machine type 9.2]Failed to migrate VM from RHEL 9.3 to RHEL 9.2) - Resolves: bz#2141965 ([TPM][vhost-vdpa][rhel9.2]Boot a guest with 'vhost-vdpa + TPM emulator', qemu output: qemu-kvm: vhost_vdpa_listener_region_add received unaligned region) [8.0.0-9] - kvm-scsi-fetch-unit-attention-when-creating-the-request.patch [bz#2176702] - kvm-scsi-cleanup-scsi_clear_unit_attention.patch [bz#2176702] - kvm-scsi-clear-unit-attention-only-for-REPORT-LUNS-comma.patch [bz#2176702] - kvm-s390x-ap-Wire-up-the-device-request-notifier-interfa.patch [RHEL-794] - kvm-multifd-Create-property-multifd-flush-after-each-sec.patch [bz#2196295] - kvm-multifd-Protect-multifd_send_sync_main-calls.patch [bz#2196295] - kvm-multifd-Only-flush-once-each-full-round-of-memory.patch [bz#2196295] - kvm-net-socket-prepare-to-cleanup-net_init_socket.patch [RHEL-582] - kvm-net-socket-move-fd-type-checking-to-its-own-function.patch [RHEL-582] - kvm-net-socket-remove-net_init_socket.patch [RHEL-582] - kvm-pcie-Add-hotplug-detect-state-register-to-cmask.patch [bz#2215819] - kvm-spec-Build-DBUS-display.patch [bz#2207940] - Resolves: bz#2176702 ([RHEL9][virtio-scsi] scsi-hd cannot hot-plug successfully after hot-plug it repeatly) - Resolves: RHEL-794 (Backport s390x fixes from QEMU 8.1) - Resolves: bz#2196295 (Multifd flushes its channels 10 times per second) - Resolves: RHEL-582 ([passt][rhel 9.3] qemu core dump occurs when guest is shutdown after hotunplug/hotplug a passt interface) - Resolves: bz#2215819 (Migration test failed while guest with PCIe devices) - Resolves: bz#2207940 ([RFE] Enable qemu-ui-dbus subpackage) [8.0.0-8] - kvm-virtio-iommu-Fix-64kB-host-page-size-VFIO-device-ass.patch [bz#2211609 bz#2211634] - kvm-virtio-iommu-Rework-the-traces-in-virtio_iommu_set_p.patch [bz#2211609 bz#2211634] - kvm-vfio-pci-add-support-for-VF-token.patch [bz#2192818] - kvm-vfio-migration-Skip-log_sync-during-migration-SETUP-.patch [bz#2192818] - kvm-vfio-pci-Static-Resizable-BAR-capability.patch [bz#2192818] - kvm-vfio-pci-Fix-a-use-after-free-issue.patch [bz#2192818] - kvm-util-vfio-helpers-Use-g_file_read_link.patch [bz#2192818] - kvm-migration-Make-all-functions-check-have-the-same-for.patch [bz#2192818] - kvm-migration-Move-migration_properties-to-options.c.patch [bz#2192818] - kvm-migration-Add-switchover-ack-capability.patch [bz#2192818] - kvm-migration-Implement-switchover-ack-logic.patch [bz#2192818] - kvm-migration-Enable-switchover-ack-capability.patch [bz#2192818] - kvm-vfio-migration-Refactor-vfio_save_block-to-return-sa.patch [bz#2192818] - kvm-vfio-migration-Store-VFIO-migration-flags-in-VFIOMig.patch [bz#2192818] - kvm-vfio-migration-Add-VFIO-migration-pre-copy-support.patch [bz#2192818] - kvm-vfio-migration-Add-support-for-switchover-ack-capabi.patch [bz#2192818] - kvm-vfio-Implement-a-common-device-info-helper.patch [bz#2192818] - kvm-hw-vfio-pci-quirks-Support-alternate-offset-for-GPUD.patch [bz#2192818] - kvm-vfio-pci-Call-vfio_prepare_kvm_msi_virq_batch-in-MSI.patch [bz#2192818] - kvm-vfio-migration-Reset-bytes_transferred-properly.patch [bz#2192818] - kvm-vfio-migration-Make-VFIO-migration-non-experimental.patch [bz#2192818] - kvm-vfio-pci-Fix-a-segfault-in-vfio_realize.patch [bz#2192818] - kvm-vfio-pci-Free-leaked-timer-in-vfio_realize-error-pat.patch [bz#2192818] - kvm-hw-vfio-pci-quirks-Sanitize-capability-pointer.patch [bz#2192818] - kvm-vfio-pci-Disable-INTx-in-vfio_realize-error-path.patch [bz#2192818] - kvm-vfio-migration-Change-vIOMMU-blocker-from-global-to-.patch [bz#2192818] - kvm-vfio-migration-Free-resources-when-vfio_migration_re.patch [bz#2192818] - kvm-vfio-migration-Remove-print-of-Migration-disabled.patch [bz#2192818] - kvm-vfio-migration-Return-bool-type-for-vfio_migration_r.patch [bz#2192818] - kvm-vfio-Fix-null-pointer-dereference-bug-in-vfio_bars_f.patch [bz#2192818] - kvm-pc-bios-s390-ccw-Makefile-Use-z-noexecstack-to-silen.patch [bz#2220866] - kvm-pc-bios-s390-ccw-Fix-indentation-in-start.S.patch [bz#2220866] - kvm-pc-bios-s390-ccw-Provide-space-for-initial-stack-fra.patch [bz#2220866] - kvm-pc-bios-s390-ccw-Don-t-use-__bss_start-with-the-larl.patch [bz#2220866] - kvm-ui-Fix-pixel-colour-channel-order-for-PNG-screenshot.patch [bz#2222579] - kvm-block-blkio-fix-module_block.py-parsing.patch [bz#2213317] - kvm-Fix-virtio-blk-vhost-vdpa-typo-in-spec-file.patch [bz#2213317] - Resolves: bz#2211609 (With virtio-iommu and vfio-pci, qemu reports 'warning: virtio-iommu page mask 0xfffffffffffff000 does not match 0x40201000') - Resolves: bz#2211634 ([aarch64] With virtio-iommu and vfio-pci, qemu coredump when host using kernel-64k package) - Resolves: bz#2192818 ([VFIO LM] Live migration) - Resolves: bz#2220866 (Misaligned symbol for s390-ccw image during qemu-kvm build) - Resolves: bz#2222579 (PNG screendump doesn't save screen correctly) - Resolves: bz#2213317 (Enable libblkio-based block drivers in QEMU) [8.0.0-7] - kvm-numa-Validate-cluster-and-NUMA-node-boundary-if-requ.patch [bz#2171363] - kvm-hw-arm-Validate-cluster-and-NUMA-node-boundary.patch [bz#2171363] - kvm-hw-arm-virt-Validate-cluster-and-NUMA-node-boundary-.patch [bz#2171363] - kvm-vhost-fix-vhost_dev_enable_notifiers-error-case.patch [RHEL-330] - kvm-kvm-reuse-per-vcpu-stats-fd-to-avoid-vcpu-interrupti.patch [bz#2218644] - kvm-vhost-vdpa-do-not-cleanup-the-vdpa-vhost-net-structu.patch [bz#2128929] - Resolves: bz#2171363 ([aarch64] Kernel hits Call trace with irregular CPU-to-NUMA association) - Resolves: RHEL-330 ([virtual network][qemu-kvm-8.0.0-rc1]qemu core dump: qemu-kvm: ../softmmu/memory.c:2592: void memory_region_del_eventfd(MemoryRegion *, hwaddr, unsigned int, _Bool, uint64_t, EventNotifier *): Assertion i != mr->ioeventfd_nb' failed) - Resolves: bz#2218644 (query-stats QMP command interrupts vcpus, the Max Latencies could be more than 100us (rhel 9.3.0 clone)) - Resolves: bz#2128929 ([rhel9.2] hotplug/hotunplug mlx vdpa device to the occupied addr port, then qemu core dump occurs after shutdown guest) [8.0.0-6] - kvm-target-i386-add-support-for-FLUSH_L1D-feature.patch [bz#2216201] - kvm-target-i386-add-support-for-FB_CLEAR-feature.patch [bz#2216201] - kvm-block-blkio-use-qemu_open-to-support-fd-passing-for-.patch [bz#2180076] - kvm-qapi-add-fdset-feature-for-BlockdevOptionsVirtioBlkV.patch [bz#2180076] - kvm-Enable-libblkio-block-drivers.patch [bz#2213317] - Resolves: bz#2216201 ([qemu-kvm]VM reports vulnerabilty to mmio_stale_data on patched host with microcode) - Resolves: bz#2180076 ([qemu-kvm] support fd passing for libblkio QEMU BlockDrivers) - Resolves: bz#2213317 (Enable libblkio-based block drivers in QEMU) [8.0.0-5] - kvm-block-compile-out-assert_bdrv_graph_readable-by-defa.patch [bz#2186725] - kvm-graph-lock-Disable-locking-for-now.patch [bz#2186725] - kvm-nbd-server-Fix-drained_poll-to-wake-coroutine-in-rig.patch [bz#2186725] - kvm-iotests-Test-commit-with-iothreads-and-ongoing-I-O.patch [bz#2186725] - kvm-memory-prevent-dma-reentracy-issues.patch [RHEL-516] - kvm-async-Add-an-optional-reentrancy-guard-to-the-BH-API.patch [RHEL-516] - kvm-checkpatch-add-qemu_bh_new-aio_bh_new-checks.patch [RHEL-516] - kvm-hw-replace-most-qemu_bh_new-calls-with-qemu_bh_new_g.patch [RHEL-516] - kvm-lsi53c895a-disable-reentrancy-detection-for-script-R.patch [RHEL-516] - kvm-bcm2835_property-disable-reentrancy-detection-for-io.patch [RHEL-516] - kvm-raven-disable-reentrancy-detection-for-iomem.patch [RHEL-516] - kvm-apic-disable-reentrancy-detection-for-apic-msi.patch [RHEL-516] - kvm-async-avoid-use-after-free-on-re-entrancy-guard.patch [RHEL-516] - kvm-loongarch-mark-loongarch_ipi_iocsr-re-entrnacy-safe.patch [RHEL-516] - kvm-memory-stricter-checks-prior-to-unsetting-engaged_in.patch [RHEL-516] - kvm-lsi53c895a-disable-reentrancy-detection-for-MMIO-reg.patch [RHEL-516] - kvm-hw-scsi-lsi53c895a-Fix-reentrancy-issues-in-the-LSI-.patch [RHEL-516] - kvm-hw-pci-Disable-PCI_ERR_UNCOR_MASK-register-for-machi.patch [bz#2189423] - kvm-multifd-Fix-the-number-of-channels-ready.patch [bz#2196289] - kvm-util-async-teardown-wire-up-query-command-line-optio.patch [bz#2168500] - kvm-s390x-pv-Fix-spurious-warning-with-asynchronous-tear.patch [bz#2168500] - Resolves: bz#2186725 (Qemu hang when commit during fio running(iothread enable)) - Resolves: RHEL-516 (CVE-2023-2680 qemu-kvm: QEMU: hcd-ehci: DMA reentrancy issue (incomplete fix for CVE-2021-3750) [rhel-9]) - Resolves: bz#2189423 (Failed to migrate VM from rhel 9.3 to rhel 9.2) - Resolves: bz#2196289 (Fix number of ready channels on multifd) - Resolves: bz#2168500 ([IBM 9.3 FEAT] KVM: Improve memory reclaiming for z15 Secure Execution guests - qemu part) [8.0.0-4] - kvm-migration-Attempt-disk-reactivation-in-more-failure-.patch [bz#2058982] - kvm-util-mmap-alloc-qemu_fd_getfs.patch [bz#2057267] - kvm-vl.c-Create-late-backends-before-migration-object.patch [bz#2057267] - kvm-migration-postcopy-Detect-file-system-on-dest-host.patch [bz#2057267] - kvm-migration-mark-mixed-functions-that-can-suspend.patch [bz#2057267] - kvm-postcopy-ram-do-not-use-qatomic_mb_read.patch [bz#2057267] - kvm-migration-remove-extra-whitespace-character-for-code.patch [bz#2057267] - kvm-migration-Merge-ram_counters-and-ram_atomic_counters.patch [bz#2057267] - kvm-migration-Update-atomic-stats-out-of-the-mutex.patch [bz#2057267] - kvm-migration-Make-multifd_bytes-atomic.patch [bz#2057267] - kvm-migration-Make-dirty_sync_missed_zero_copy-atomic.patch [bz#2057267] - kvm-migration-Make-precopy_bytes-atomic.patch [bz#2057267] - kvm-migration-Make-downtime_bytes-atomic.patch [bz#2057267] - kvm-migration-Make-dirty_sync_count-atomic.patch [bz#2057267] - kvm-migration-Make-postcopy_requests-atomic.patch [bz#2057267] - kvm-migration-Rename-duplicate-to-zero_pages.patch [bz#2057267] - kvm-migration-Rename-normal-to-normal_pages.patch [bz#2057267] - kvm-migration-rename-enabled_capabilities-to-capabilitie.patch [bz#2057267] - kvm-migration-Pass-migrate_caps_check-the-old-and-new-ca.patch [bz#2057267] - kvm-migration-move-migration_global_dump-to-migration-hm.patch [bz#2057267] - kvm-spice-move-client_migrate_info-command-to-ui.patch [bz#2057267] - kvm-migration-Create-migrate_cap_set.patch [bz#2057267] - kvm-migration-Create-options.c.patch [bz#2057267] - kvm-migration-Move-migrate_colo_enabled-to-options.c.patch [bz#2057267] - kvm-migration-Move-migrate_use_compression-to-options.c.patch [bz#2057267] - kvm-migration-Move-migrate_use_events-to-options.c.patch [bz#2057267] - kvm-migration-Move-migrate_use_multifd-to-options.c.patch [bz#2057267] - kvm-migration-Move-migrate_use_zero_copy_send-to-options.patch [bz#2057267] - kvm-migration-Move-migrate_use_xbzrle-to-options.c.patch [bz#2057267] - kvm-migration-Move-migrate_use_block-to-options.c.patch [bz#2057267] - kvm-migration-Move-migrate_use_return-to-options.c.patch [bz#2057267] - kvm-migration-Create-migrate_rdma_pin_all-function.patch [bz#2057267] - kvm-migration-Move-migrate_caps_check-to-options.c.patch [bz#2057267] - kvm-migration-Move-qmp_query_migrate_capabilities-to-opt.patch [bz#2057267] - kvm-migration-Move-qmp_migrate_set_capabilities-to-optio.patch [bz#2057267] - kvm-migration-Move-migrate_cap_set-to-options.c.patch [bz#2057267] - kvm-migration-Move-parameters-functions-to-option.c.patch [bz#2057267] - kvm-migration-Use-migrate_max_postcopy_bandwidth.patch [bz#2057267] - kvm-migration-Move-migrate_use_block_incremental-to-opti.patch [bz#2057267] - kvm-migration-Create-migrate_throttle_trigger_threshold.patch [bz#2057267] - kvm-migration-Create-migrate_checkpoint_delay.patch [bz#2057267] - kvm-migration-Create-migrate_max_cpu_throttle.patch [bz#2057267] - kvm-migration-Move-migrate_announce_params-to-option.c.patch [bz#2057267] - kvm-migration-Create-migrate_cpu_throttle_initial-to-opt.patch [bz#2057267] - kvm-migration-Create-migrate_cpu_throttle_increment-func.patch [bz#2057267] - kvm-migration-Create-migrate_cpu_throttle_tailslow-funct.patch [bz#2057267] - kvm-migration-Move-migrate_postcopy-to-options.c.patch [bz#2057267] - kvm-migration-Create-migrate_max_bandwidth-function.patch [bz#2057267] - kvm-migration-Move-migrate_use_tls-to-options.c.patch [bz#2057267] - kvm-migration-Move-qmp_migrate_set_parameters-to-options.patch [bz#2057267] - kvm-migration-Allow-postcopy_ram_supported_by_host-to-re.patch [bz#2057267] - kvm-block-bdrv-blk_co_unref-for-calls-in-coroutine-conte.patch [bz#2185688] - kvm-block-Don-t-call-no_coroutine_fns-in-qmp_block_resiz.patch [bz#2185688] - kvm-iotests-Use-alternative-CPU-type-that-is-not-depreca.patch [bz#2185688] - kvm-iotests-Test-resizing-image-attached-to-an-iothread.patch [bz#2185688] - kvm-Enable-Linux-io_uring.patch [bz#1947230] - Resolves: bz#2058982 (Qemu core dump if cut off nfs storage during migration) - Resolves: bz#2057267 (Migration with postcopy fail when vm set with shared memory) - Resolves: bz#2185688 ([qemu-kvm] no response with QMP command block_resize) - Resolves: bz#1947230 (Enable QEMU support for io_uring in RHEL9) [8.0.0-3] - kvm-migration-Handle-block-device-inactivation-failures-.patch [bz#2058982] - kvm-migration-Minor-control-flow-simplification.patch [bz#2058982] - Resolves: bz#2058982 (Qemu core dump if cut off nfs storage during migration) [8.0.0-2] - kvm-acpi-pcihp-allow-repeating-hot-unplug-requests.patch [bz#2087047] - kvm-hw-acpi-limit-warning-on-acpi-table-size-to-pc-machi.patch [bz#1934134] - kvm-hw-acpi-Mark-acpi-blobs-as-resizable-on-RHEL-pc-mach.patch [bz#1934134] - Resolves: bz#2087047 (Disk detach is unsuccessful while the guest is still booting) - Resolves: bz#1934134 (ACPI table limits warning when booting guest with 512 VCPUs) [8.0.0-1] - Rebase to QEMU 8.0.0 - Resolves: bz#2180898 (Rebase to QEMU 8.0.0 for RHEL 9.3.0) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-2680 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 adwaita-qt [1.4.2-1] - 1.4.2 Resolves: bz#2175754 python-pyqt5-sip [12.11.1-1] - 12.11.1 Resolves: bz#2188589 python-qt5 [5.15.9-1] - 5.15.9 Resolves: bz#2175758 qgnomeplatform [0.9.0-1] - 0.9.0 Resolves: bz#2175753 qt5 [5.15.9-1] - 5.15.9 Resolves: bz#2175724 qt5-doc [5.15.9-1] - 5.15.9 Resolves: bz#2175726 qt5-qt3d [5.15.9-1] - 5.15.9 Resolves: bz#2175729 qt5-qtbase [5.15.9-7] - Fix infinite loops in QXmlStreamReader (CVE-2023-38197) Resolves: bz#2222771 [5.15.9-6] - Don't allow remote attacker to bypass security restrictions caused by flaw in certificate validation (CVE-2023-34410) (version #2) Resolves: bz#2212754 [5.15.9-5] - Don't allow remote attacker to bypass security restrictions caused by flaw in certificate validation (CVE-2023-34410) Resolves: bz#2212754 [5.15.9-4] - Fix specific overflow in qtextlayout - Fix incorrect parsing of the strict-transport-security (HSTS) header - Fix buffer over-read via a crafted reply from a DNS server Resolves: bz#2209492 [5.15.9-3] - Rebuild (elfutils#2188064) Resolves: bz#2175727 [5.15.9-2] - Disable tests failing in gating Resolves: bz#2175727 [5.15.9-1] - 5.15.9 + sync with Fedora Resolves: bz#2175727 qt5-qtconnectivity [5.15.9-2] - Rebuild (elfutils#2188064) Resolves: bz#2175730 [5.15.9-1] - 5.15.9 Resolves: bz#2175730 qt5-qtdeclarative [5.15.9-3] - Rebuild (elfutils#2188064) Resolves: bz#2175728 [5.15.9-2] - Disable tests failing in gating Resolves: bz#2175728 [5.15.9-1] - 5.15.9 + sync with Fedora Resolves: bz#2178624 Resolves: bz#2175728 qt5-qtdoc [5.15.9-1] - 5.15.9 Resolves: bz#2175731 qt5-qtgraphicaleffects [5.15.9-1] - 5.15.9 Resolves: bz#2175733 qt5-qtimageformats [5.15.9-1] - 5.15.9 Resolves: bz#2175734 qt5-qtlocation [5.15.9-1] - 5.15.9 Resolves: bz#2175735 qt5-qtmultimedia [5.15.9-1] - 5.15.9 Resolves: bz#2175736 qt5-qtquickcontrols2 [5.15.9-1] - 5.15.9 Resolves: bz#2175738 qt5-qtquickcontrols [5.15.9-1] - 5.15.9 Resolves: bz#2175737 qt5-qtscript [5.15.9-1] - 5.15.9 Resolves: bz#2175745 qt5-qtsensors [5.15.9-1] - 5.15.9 Resolves: bz#2175739 qt5-qtserialbus [5.15.9-1] - 5.15.9 Resolves: bz#2175740 qt5-qtserialport [5.15.9-1] - 5.15.9 Resolves: bz#2175741 qt5-qtsvg [5.15.9-2] - Fix uninitialized variable usage in m_unitsPerEm (CVE-2023-32573) Resolves: bz#2208140 [5.15.9-1] - 5.15.9 Resolves: bz#2175742 qt5-qttools [5.15.9-3] - Rebuild (LLVM-16) Resolves: bz#2192954 [5.15.9-2] - Rebuild (elfutils#2188064) Resolves: bz#2175743 [5.15.9-1] - 5.15.9 Resolves: bz#2175743 qt5-qttranslations [5.15.9-1] - 5.15.9 Resolves: bz#2175744 qt5-qtwayland [5.15.9-1] - 5.15.9 Resolves: bz#2175746 qt5-qtwebchannel [5.15.9-1] - 5.15.9 Resolves: bz#2175747 qt5-qtwebsockets [5.15.9-2] - Move QML imports out of -devel subpackage Resolves: bz#2175749 [5.15.9-1] - 5.15.9 Resolves: bz#2175749 qt5-qtx11extras [5.15.9-1] - 5.15.9 Resolves: bz#2175750 qt5-qtxmlpatterns [5.15.9-2] - Rebuild (elfutils#2188064) Resolves: bz#2175751 [5.15.9-1] - 5.15.9 Resolves: bz#2175751 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-38197 CVE-2023-33285 CVE-2023-32573 CVE-2023-37369 CVE-2023-34410 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::distro_builder cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [23.1.1-11.0.2] - Fix Oracle Datasource network and getdata methods for OCI OL [Orabug: 35950168] [23.1.1-11.0.1] - Increase retry value and add timeout for OCI [Orabug: 35329883] - Fix log file permission [Orabug: 35302969] - Update detection logic for OL distros in config template [Orabug: 34845400] - Added missing services in rhel/systemd/cloud-init.service [Orabug: 32183938] - Added missing services in cloud-init.service.tmpl for sshd [Orabug: 32183938] - Forward port applicable cloud-init 18.4-2.0.3 changes to cloud-init-18-5 [Orabug: 30435672] - limit permissions [Orabug: 31352433] - Changes to ignore all enslaved interfaces [Orabug: 30092148] - Make Oracle datasource detect dracut based config files [Orabug: 29956753] - add modified version of enable-ec2_utils-to-stop-retrying-to-get-ec2-metadata.patch: 1. Enable ec2_utils.py having a way to stop retrying to get ec2 metadata 2. Apply stop retrying to get ec2 metadata to helper/openstack.py MetadataReader Resolves: Oracle-Bug:41660 (Bugzilla) - added OL to list of known distros [23.1.1-11] - Resolves: bz#2232296 [23.1.1-10] - Resolves: bz#2229660 bz#2229952 [23.1.1-9] - 0030-NM-renderer-set-default-IPv6-addr-gen-mode-for-all-i.patch [bz#2188388] - Resolves: bz#2188388 [23.1.1-8] - 0022-test-fixes-update-tests-to-reflect-AUTOCONNECT_PRIOR.patch [bz#2217865] - 0023-test-fixes-remove-NM_CONTROLLED-no-from-tests.patch [bz#2217865] - 0024-Revert-limit-permissions-on-def_log_file.patch [bz#2217865] - 0025-test-fixes-changes-to-apply-RHEL-specific-config-set.patch [bz#2217865] - 0026-Enable-SUSE-based-distros-for-ca-handling-2036.patch [bz#2217865] - 0027-Handle-non-existent-ca-cert-config-situation-2073.patch [bz#2217865] - 0028-logging-keep-current-file-mode-of-log-file-if-its-st.patch [bz#2222498] - 0029-DS-VMware-modify-a-few-log-level-4284.patch [bz#2225374] - Resolves: bz#2217865 bz#2222498 bz#2225374 [23.1.1-7] - 0020-Revert-Set-default-renderer-as-sysconfig-for-c9s-RHE.patch - 0021-Set-default-renderer-as-sysconfig-for-centos-rhel-41.patch [bz#2209349] - Resolves: bz#2209349 [23.1.1-6] - 0011-Revert-Manual-revert-Use-Network-Manager-and-Netplan.patch - 0012-Revert-Revert-Add-native-NetworkManager-support-1224.patch - 0013-net-sysconfig-do-not-use-the-highest-autoconnect-pri.patch - 0014-net-sysconfig-cosmetic-fix-tox-formatting.patch - 0015-nm-generate-ipv6-stateful-dhcp-config-at-par-with-sy.patch [bz#2207716] - 0016-network_manager-add-a-method-for-ipv6-static-IP-conf.patch [bz#2196284] - 0017-net-sysconfig-enable-sysconfig-renderer-if-network-m.patch [bz#2194050] - 0018-network-manager-Set-higher-autoconnect-priority-for-.patch [bz#2196231] - 0019-Set-default-renderer-as-sysconfig-for-c9s-RHEL-9.patch [bz#2209349] - Resolves: bz#2118235 bz#2194050 bz#2196231 bz#2196284 bz#2207716 bz#2209349 [23.1.1-5] - 0010-Do-not-generate-dsa-and-ed25519-key-types-when-crypt.patch [bz#2187164] - Resolves: bz#2187164 [23.1.1-4] - 0009-Make-user-vendor-data-sensitive-and-remove-log-permi.patch [bz#2190083] - Resolves: bz#2190083 [23.1.1-3] - 0008-Don-t-change-permissions-of-netrules-target-2076.patch [bz#2182948] - Resolves: bz#2182948 [23.1.1-2] - 0007-rhel-make-sure-previous-hostname-file-ends-with-a-ne.patch [bz#2184608] - Resolves: bz#2184608 [23.1.1-1] - Rebase to 23.1.1 [bz#2172811] - Resolves: bz#2172811 [22.1-9] - ci-Allow-growpart-to-resize-encrypted-partitions-1316.patch [bz#2166245] - Resolves: bz#2166245 (Add support for resizing encrypted root volume) [22.1-8] - ci-cc_set_hostname-ignore-var-lib-cloud-data-set-hostna.patch [bz#2140893] - Resolves: bz#2140893 (systemd[1]: Failed to start Initial cloud-init job after reboot system via sysrq 'b') [22.1-7] - ci-Ensure-network-ready-before-cloud-init-service-runs-.patch [bz#2152100] - Resolves: bz#2152100 ([RHEL-9] Ensure network ready before cloud-init service runs on RHEL) [22.1-6] - ci-cloud.cfg.tmpl-make-sure-centos-settings-are-identic.patch [bz#2115565] - Resolves: bz#2115565 (cloud-init configures user 'centos' or 'rhel' instead of 'cloud-user' with cloud-init-22.1) [22.1-5] - ci-Revert-Add-native-NetworkManager-support-1224.patch [bz#2107463 bz#2104389 bz#2117532 bz#2098501] - ci-Revert-Use-Network-Manager-and-Netplan-as-default-re.patch [bz#2107463 bz#2104389 bz#2117532 bz#2098501] - ci-Revert-Revert-Setting-highest-autoconnect-priority-f.patch [bz#2107463 bz#2104389 bz#2117532 bz#2098501] - Resolves: bz#2107463 ([RHEL-9.1] Cannot run sysconfig when changing the priority of network renderers) - Resolves: bz#2104389 ([RHEL-9.1]Failed to config static IP and IPv6 according to VMware Customization Config File) - Resolves: bz#2117532 ([RHEL9.1] Revert patch of configuring networking by NM keyfiles) - Resolves: bz#2098501 ([RHEL-9.1] IPv6 not workable when cloud-init configure network using NM keyfiles) [22.1-4] - ci-Honor-system-locale-for-RHEL-1355.patch [bz#2061604] - ci-cloud-init.spec-adjust-path-for-66-azure-ephemeral.r.patch [bz#2096270] - ci-setup.py-adjust-udev-rules-default-path-1513.patch [bz#2096270] - Resolves: bz#2061604 (cloud-config will change /etc/locale.conf back to en_US.UTF-8 on rhel-guest-image-9.0) - Resolves: bz#2096270 (Adjust udev/rules default path[rhel-9]) [22.1-3] - ci-Support-EC2-tags-in-instance-metadata-1309.patch [bz#2091640] - ci-cc_set_hostname-do-not-write-localhost-when-no-hostn.patch [bz#1980403] - Resolves: bz#2091640 ([cloud][init] Add support for reading tags from instance metadata) - Resolves: bz#1980403 ([RHV] RHEL 9 VM with cloud-init without hostname set doesn't result in the FQDN as hostname) [22.1-2] - ci-Add-native-NetworkManager-support-1224.patch [bz#2056964] - ci-Use-Network-Manager-and-Netplan-as-default-renderers.patch [bz#2056964] - ci-Revert-Setting-highest-autoconnect-priority-for-netw.patch [bz#2056964] - ci-Align-rhel-custom-files-with-upstream-1431.patch [bz#2088448] - ci-Remove-rhel-specific-files.patch [bz#2088448] - Resolves: bz#2056964 ([RHEL-9]Rebase cloud-init from Fedora so it can configure networking using NM keyfiles) - Resolves: bz#2088448 (Align cloud.cfg file and systemd with cloud-init upstream .tmpl files) [22.1-1] - Rebase to 22.1 [bz#2065548] - Resolves: bz#2065548 ([RHEL-9.1] cloud-init rebase to 22.1) [21.1-19] - ci-Fix-IPv6-netmask-format-for-sysconfig-1215.patch [bz#2053546] - ci-Adding-_netdev-to-the-default-mount-configuration.patch [bz#1998445] - ci-Setting-highest-autoconnect-priority-for-network-scr.patch [bz#2036060] - Resolves: bz#2053546 (cloud-init writes route6- config with a HEX netmask. ip route does not like : Error: inet6 prefix is expected rather than 'fd00:fd00:fd00::/ffff:ffff:ffff:ffff::'.) - Resolves: bz#1998445 ([Azure][RHEL-9] ordering cycle exists after reboot) - Resolves: bz#2036060 ([cloud-init][ESXi][RHEL-9] Failed to config static IP according to VMware Customization Config File) [21.1-18] - ci-Add-_netdev-option-to-mount-Azure-ephemeral-disk-121.patch [bz#1998445] - Resolves: bz#1998445 ([Azure][RHEL-9] ordering cycle exists after reboot) [21.1-17] - ci-Add-flexibility-to-IMDS-api-version-793.patch [bz#2042351] - ci-Azure-helper-Ensure-Azure-http-handler-sleeps-betwee.patch [bz#2042351] - ci-azure-Removing-ability-to-invoke-walinuxagent-799.patch [bz#2042351] - ci-Azure-eject-the-provisioning-iso-before-reporting-re.patch [bz#2042351] - ci-Azure-Retrieve-username-and-hostname-from-IMDS-865.patch [bz#2042351] - ci-Azure-Retry-net-metadata-during-nic-attach-for-non-t.patch [bz#2042351] - ci-Azure-adding-support-for-consuming-userdata-from-IMD.patch [bz#2042351] - Resolves: bz#2042351 ([RHEL-9] Support for provisioning Azure VM with userdata) [21.1-16] - ci-Datasource-for-VMware-953.patch [bz#2040090] - ci-Change-netifaces-dependency-to-0.10.4-965.patch [bz#2040090] - ci-Update-dscheck_VMware-s-rpctool-check-970.patch [bz#2040090] - ci-Revert-unnecesary-lcase-in-ds-identify-978.patch [bz#2040090] - ci-Add-netifaces-package-as-a-Requires-in-cloud-init.sp.patch [bz#2040090] - Resolves: bz#2040090 ([cloud-init][RHEL9] Support for cloud-init datasource 'cloud-init-vmware-guestinfo') [21.1-15] - ci-Add-gdisk-and-openssl-as-deps-to-fix-UEFI-Azure-init.patch [bz#2032524] - Resolves: bz#2032524 ([RHEL9] [Azure] cloud-init fails to configure the system) [21.1-14] - ci-cloudinit-net-handle-two-different-routes-for-the-sa.patch [bz#2028031] - Resolves: bz#2028031 ([RHEL-9] Above 19.2 of cloud-init fails to configure routes when configuring static and default routes to the same destination IP) [21.1-13] - ci-fix-error-on-upgrade-caused-by-new-vendordata2-attri.patch [bz#2028381] - Resolves: bz#2028381 (cloud-init.service fails to start after package update) [21.1-12] - ci-remove-unnecessary-EOF-string-in-disable-sshd-keygen.patch [bz#2016305] - Resolves: bz#2016305 (disable-sshd-keygen-if-cloud-init-active.conf:8: Missing '=', ignoring line) [21.1-11] - ci-cc_ssh.py-fix-private-key-group-owner-and-permission.patch [bz#2015974] - Resolves: bz#2015974 (cloud-init fails to set host key permissions correctly) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-1786 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [10.2.11.0.1] - Merge Oracle patches for ol9 Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> [10.2-11.el9] - Backport 'libiberty: prevent buffer overflow when decoding user input' (Luis Ferreira, RHBZ2132600) * Mon Mar 27 2023 Bruno Larsen <blarsen@redhat.com> - Backport '[gdb/breakpoint] Fix assert in jit_event_handler' (Tom de Vries, RHBZ 2130624) * Thu Mar 23 2023 Bruno Larsen <blarsen@redhat.com> - Bakport 'Fix assertion failure in copy_type' (Tom Tromey, RHBZ 2155439) - Bakport '[gdb/testsuite] Fix PR20630 regression test in gdb.base/printcmds.exp' (Tom de Vries) LOW Copyright 2023 Oracle, Inc. CVE-2021-3826 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [4:1.1.9-1] - update to https://github.com/opencontainers/runc/releases/tag/v1.1.9 - Related: #2176063 [4:1.1.8-1] - update to https://github.com/opencontainers/runc/releases/tag/v1.1.8 - Related: #2176063 [4:1.1.7-2] - rebuild for following CVEs: CVE-2021-43784 CVE-2022-41724 CVE-2023-28642 - Resolves: #2033659 - Resolves: #2179973 - Resolves: #2183103 [4:1.1.7-1] - update to https://github.com/opencontainers/runc/releases/tag/v1.1.7 - Related: #2176063 [4:1.1.6-1] - update to https://github.com/opencontainers/runc/releases/tag/v1.1.6 - Related: #2176063 [4:1.1.5-2] - runc 1.1.5 resolves CVE-2023-25809 and CVE-2023-27561 - Resolves: #2176110 - Resolves: #2183098 [4:1.1.5-1] - update to https://github.com/opencontainers/runc/releases/tag/v1.1.5 - Related: #2176063 [4:1.1.4-2] - rebuild - Resolves: #2102995 MODERATE Copyright 2023 Oracle, Inc. CVE-2021-43784 CVE-2023-27561 CVE-2023-28642 CVE-2023-25809 CVE-2022-41724 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [3.16.1-5] - Fix CVE-2023-26767 (#2181147) - Fix CVE-2023-26768 (#2181151) - Fix CVE-2023-26769 (#2181149) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-26769 CVE-2023-26767 CVE-2023-26768 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::distro_builder Oracle Linux 9 [1:1.3.0-4] - add Epoch in Provides - Related: #2176063 [1:1.3.0-3] - remove no_openssl for FIPS compliance - Related: #2176063 [1:1.3.0-2] - rebuild for following CVEs: CVE-2022-41724 CVE-2022-41725 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539 CVE-2023-24540 CVE-2023-29400 - Resolves: #2179960 - Resolves: #2187333 - Resolves: #2187376 - Resolves: #2203705 - Resolves: #2207519 [1:1.3.0-1] - update to https://github.com/containernetworking/plugins/releases/tag/v1.3.0 - Related: #2176063 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-24534 CVE-2022-41725 CVE-2023-24540 CVE-2023-24539 CVE-2022-41724 CVE-2023-29400 CVE-2023-24536 CVE-2023-24538 CVE-2023-29406 CVE-2022-41723 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 httpd [2.4.57-5.0.1] - Replace index.html with Oracle's index page oracle_index.html. [2.4.57-5] - Fix issue found by covscan - Related: #2222001 [2.4.57-4] - Resolves: #2217726 - Make PROPFIND tolerant of deletion race [2.4.57-3] - Resolves: #2222001 - mod_status lists BusyWorkers IdleWorkers keys twice [2.4.57-2] - Resolves: #2186645 - Fix issue found by covscan in httpd package - Resolves: #2173295 - Include Apache httpd module mod_authnz_fcgi [2.4.57-1] - Resolves: #2184403 - rebase httpd to 2.4.57 - Resolves: #2177753 - CVE-2023-25690 httpd: HTTP request splitting with mod_rewrite and mod_proxy mod_http2 [1.15.19-5] - Resolves: #2177753 - CVE-2023-25690 httpd: HTTP request splitting with mod_rewrite and mod_proxy MODERATE Copyright 2023 Oracle, Inc. CVE-2023-27522 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [9.5.0-7.0.1] - The path to the guest agent socket file can become too long and cause problems.(rhbz#2233744) - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] [9.5.0-7] - util: use 'stubDriverType' instead of just 'stubDriver' (rhbz#2074209) - util: add stub driver name to virPCIDevice object (rhbz#2074209) - util: rename virPCIDeviceGetDriverPathAndName (rhbz#2074209) - util: permit existing binding to VFIO variant driver (rhbz#2074209) - util: probe stub driver from within function that binds to stub driver (rhbz#2074209) - util: honor stubDriverName when probing/binding stub driver for a device (rhbz#2074209) - node_device: support binding other drivers with virNodeDeviceDetachFlags() (rhbz#2074209) - qemu: turn two multiline log messages into single line (rhbz#2074209) - docs: update description of virsh nodedev-detach --driver option (rhbz#2074209) - rpm: Fix typo in daemon name (rhbz#2236057) - rpm: Recommend libvirt-daemon for with_modular_daemons distros (rhbz#2236500) [9.5.0-6] - tests: Use DO_TEST_CAPS_*_ABI_UPDATE() for ppc64 (rhbz#2196178) - tests: Switch to firmware autoselection for hvf (rhbz#2196178) - tests: Use virt-4.0 machine type for aarch64 (rhbz#2196178) - tests: Consistently use /path/to/guest_VARS.fd (rhbz#2196178) - tests: Turn abi-update.xml into a symlink (rhbz#2196178) - tests: Rename firmware-auto-efi-nvram-path (rhbz#2196178) - qemu: Fix return value for qemuFirmwareFillDomainLegacy() (rhbz#2196178) - qemu: Fix lookup against stateless/combined pflash (rhbz#2196178) - tests: Add some more DO_TEST*ABI_UPDATE* macros (rhbz#2196178) - tests: Add more tests for firmware selection (rhbz#2196178) - tests: Update firmware descriptor files (rhbz#2196178) - tests: Drop tags from BIOS firmware descriptor (rhbz#2196178) - tests: Include microvm in firmwaretest (rhbz#2196178) - qemu: Don't overwrite NVRAM template for legacy firmware (rhbz#2196178) - qemu: Generate NVRAM path in more cases (rhbz#2196178) - qemu: Filter firmware based on loader.readonly (rhbz#2196178) - qemu: Match NVRAM template extension for new domains (rhbz#2196178) - conf: Don't default to raw format for loader/NVRAM (rhbz#2196178) - tests: Rename firmware-auto-efi-format-loader-qcow2-nvram-path (rhbz#2196178) - tests: Reintroduce firmware-auto-efi-format-mismatch (rhbz#2196178) - rpm: Reorder scriptlets (rhbz#2210058) - rpm: Reduce use of with_modular_daemons (rhbz#2210058) - rpm: Remove custom libvirtd restart logic (rhbz#2210058) - rpm: Introduce new macros for handling of systemd units (rhbz#2210058) - rpm: Switch to new macros for handling of systemd units (rhbz#2210058) - rpm: Delete unused macros (rhbz#2210058) [9.5.0-5] - Revert 'qemu_passt: Actually use @logfd' (rhbz#2209191) - Revert 'qemu_passt: Precreate passt logfile' (rhbz#2209191) [9.5.0-4] - storage: Fix returning of locked objects from 'virStoragePoolObjListSearch' (CVE-2023-3750, rhbz#2221851) [9.5.0-3] - tests: remove acpi support from s390x ccw hotplug tests (rhbz#2168499) - tests: add capabilities for QEMU 8.1.0 on s390x (rhbz#2168499) - qemu: add run-with async-teardown capability (rhbz#2168499) - qemu: allow use of async teardown in domain (rhbz#2168499) - conf: domcaps: Add 'async-teardown' domain capability (rhbz#2168499) - qemu: S390 does not provide physical address size (rhbz#2224016) - nodedev: report mdev persistence properly (rhbz#2143158) - node_device: Don't leak error message buffer from virMdevctlListDefined|Active (rhbz#2143158) [9.5.0-2] - nodedev: transient mdev update on nodeDeviceCreateXML (rhbz#2143158) - nodedev: refactor mdevctl thread functions (rhbz#2143158) - nodedev: update mdevs from the mdevctl thread (rhbz#2143158) [9.5.0-1] - Rebased to libvirt-9.5.0 (rhbz#2175785) [9.5.0-0rc1.1] - Rebased to libvirt-9.5.0-rc1 (rhbz#2175785) - The rebase also fixes the following bugs: rhbz#2160356, rhbz#2209191, rhbz#2210287, rhbz#2209853, rhbz#2171860 rhbz#2138150, rhbz#2171384 [9.4.0-1] - Rebased to libvirt-9.4.0 (rhbz#2175785) - The rebase also fixes the following bugs: rhbz#2119007, rhbz#2193315, rhbz#2209658, rhbz#2143158, rhbz#2208946 rhbz#2138150, rhbz#2203657, rhbz#2180679, rhbz#2203709 [9.3.0-2] - qemu_domin: Account for NVMe disks when calculating memlock limit on hotplug (rhbz#2014030) [9.3.0-1] - Rebased to libvirt-9.3.0 (rhbz#2175785) - The rebase also fixes the following bugs: rhbz#2181235, rhbz#2176215, rhbz#2187133, rhbz#2178885, rhbz#2174700 rhbz#2160435, rhbz#2184966, rhbz#2187278, rhbz#2014030, rhbz#2185184 rhbz#2156300 [9.2.0-1] - Rebased to libvirt-9.2.0 (rhbz#2175785) - The rebase also fixes the following bugs: rhbz#2178885, rhbz#2000410, rhbz#2175582, rhbz#2154750, rhbz#2175449 rhbz#2181234, rhbz#2078693, rhbz#2176924, rhbz#2156300, rhbz#2173142 rhbz#2171973, rhbz#2178866, rhbz#2182961, rhbz#2174397, rhbz#2179030 rhbz#2161965, rhbz#2035985 [9.1.0-1] - Rebased to libvirt-9.1.0 (rhbz#2175785) - The rebase also fixes the following bugs: rhbz#2004850, rhbz#2137346, rhbz#2166235, rhbz#1961326 [9.0.0-7] - qemu_snapshot: remove memory snapshot when deleting external snapshot (rhbz#2170826) - qemu_snapshot: refactor qemuSnapshotDeleteExternalPrepare (rhbz#2170826) [9.0.0-6] - rpc: client: Don't check return value of virNetMessageNew (rhbz#2145188) - rpc: Don't warn about 'max_client_requests' in single-threaded daemons (rhbz#2145188) [9.0.0-5] - qemu_extdevice: Do cleanup host only for VIR_DOMAIN_TPM_TYPE_EMULATOR (rhbz#2168762) - qemu: blockjob: Handle 'pending' blockjob state only when we need it (rhbz#2168769) [9.0.0-4] - qemuProcessStop: Fix detection of outgoing migration for external devices (rhbz#2161557) - qemuExtTPMStop: Restore TPM state label more often (rhbz#2161557) - qemuProcessLaunch: Tighten rules for external devices wrt incoming migration (rhbz#2161557) - qemu_process: Produce better debug message wrt domain namespaces (rhbz#2167302) - qemu_namespace: Deal with nested mounts when umount()-ing /dev (rhbz#2167302) - qemuProcessRefreshDisks: Don't skip filling of disk information if tray state didn't change (rhbz#2166411) [9.0.0-3] - src: Don't use virReportSystemError() on virProcessGetStatInfo() failure (rhbz#2148266) - qemu: Provide virDomainGetCPUStats() implementation for session connection (rhbz#2148266) - virsh: Make domif-setlink work more than once (rhbz#2165466) - qemu_fd: Remove declaration for 'qemuFDPassNewDirect' (rhbz#2040272) - qemuStorageSourcePrivateDataFormat: Rename 'tmp' to 'objectsChildBuf' (rhbz#2040272) - qemu: command: Handle FD passing commandline via qemuBuildBlockStorageSourceAttachDataCommandline (rhbz#2040272) - qemuFDPassTransferCommand: Mark that FD was passed (rhbz#2040272) - qemu: fd: Add helpers allowing storing FD set data in status XML (rhbz#2040272) - qemu: domain: Store fdset ID for disks passed to qemu via FD (rhbz#2040272) - qemu: block: Properly handle FD-passed disk hot-(un-)plug (rhbz#2040272) [9.0.0-2] - vircgroupv2: fix cpu.weight limits check (rhbz#2037998) - domain_validate: drop cpu.shares cgroup check (rhbz#2037998) - docs: document correct cpu shares limits with both cgroups v1 and v2 (rhbz#2037998) - qemu_interface: Fix managed='no' case when creating an ethernet interface (rhbz#2144738) - conf: clarify some external TPM error messages (rhbz#2063723) - qemu: hotplug: Remove legacy quirk for 'dimm' address generation (rhbz#2158701) - qemu: alias: Remove 'oldAlias' argument of qemuAssignDeviceMemoryAlias (rhbz#2158701) - qemu: Remove 'memAliasOrderMismatch' field from VM private data (rhbz#2158701) - rpc: Fix error message in virNetServerSetClientLimits (rhbz#2033879) [9.0.0-1] - Rebased to libvirt-9.0.0 (rhbz#2124466) - The rebase also fixes the following bugs: rhbz#2151064, rhbz#1874163, rhbz#2130192, rhbz#2111948, rhbz#1824722 rhbz#2150455, rhbz#2063723, rhbz#1717611, rhbz#2160448, rhbz#2151869 rhbz#2040272, rhbz#2144738, rhbz#2159851, rhbz#2156289, rhbz#2033879 rhbz#1820437, rhbz#2151202 [8.10.0-2] - qemu_process: Document qemuProcessPrepare{Domain,Host}() order (rhbz#2150760) - qemu_extdevice: Init paths in qemuExtDevicesPrepareDomain() (rhbz#2150760) - qemu_extdevice: Expose qemuExtDevicesInitPaths() (rhbz#2150760) - qemu: Init ext devices paths on reconnect (rhbz#2150760) [8.10.0-1] - Rebased to libvirt-8.10.0 (rhbz#2124466) - The rebase also fixes the following bugs: rhbz#2128993, rhbz#2143235, rhbz#2143840, rhbz#1874163, rhbz#2000075 rhbz#2143838, rhbz#2104919, rhbz#2072204, rhbz#2137298 [8.9.0-2] - RHEL: rpminspect: Disable abidiff inspection (rhbz#2124466) - spec: Fix python3-libvirt requirement in client-qemu package (rhbz#2124466) [8.9.0-1] - Rebased to libvirt-8.9.0 (rhbz#2124466) - The rebase also fixes the following bugs: rhbz#2074559, rhbz#2134009, rhbz#1777212, rhbz#2013523, rhbz#2114866 rhbz#1964855 [8.8.0-1] - Rebased to libvirt-8.8.0 (rhbz#2124466) - The rebase also fixes the following bugs: rhbz#2122534, rhbz#2121262, rhbz#2130089, rhbz#2121276, rhbz#2121627 rhbz#2125111, rhbz#2129239, rhbz#1964855, rhbz#2114866 [8.7.0-1] - Rebased to libvirt-8.7.0 (rhbz#2124466) - The rebase also fixes the following bugs: rhbz#2084046, rhbz#2108483, rhbz#2123371, rhbz#2101633, rhbz#1988211 rhbz#2086677, rhbz#2103132, rhbz#2078805, rhbz#2111301, rhbz#2094641 [8.5.0-5] - rpc: Pass OPENSSL_CONF through to ssh invocations (rhbz#2112348) [8.5.0-4] - qemu: Pass migration flags to qemuMigrationParamsApply (rhbz#2111070) - qemu_migration_params: Replace qemuMigrationParamTypes array (rhbz#2111070) - qemu_migration: Pass migParams to qemuMigrationSrcResume (rhbz#2111070) - qemu_migration: Apply max-postcopy-bandwidth on post-copy resume (rhbz#2111070) - qemu: Always assume support for QEMU_CAPS_MIGRATION_PARAM_XBZRLE_CACHE_SIZE (rhbz#2107892) - qemu_migration: Store original migration params in status XML (rhbz#2107892) - qemu_migration_params: Refactor qemuMigrationParamsApply (rhbz#2107892) - qemu_migration_params: Refactor qemuMigrationParamsReset (rhbz#2107892) - qemu_migration_params: Avoid deadlock in qemuMigrationParamsReset (rhbz#2107892) - qemu: Restore original memory locking limit on reconnect (rhbz#2107424) - qemu: Properly release job in qemuDomainSaveInternal (rhbz#1497907) - qemu: don't call qemuMigrationSrcIsAllowedHostdev() from qemuMigrationDstPrepareFresh() (rhbz#1497907) [8.5.0-3] - qemu: introduce capability QEMU_CAPS_MIGRATION_BLOCKED_REASONS (rhbz#2092833) - qemu: new function to retrieve migration blocker reasons from QEMU (rhbz#2092833) - qemu: query QEMU for migration blockers before our own harcoded checks (rhbz#2092833) - qemu: remove hardcoded migration fail for vDPA devices if we can ask QEMU (rhbz#2092833) - qemu_migration: Use EnterMonitorAsync in qemuDomainGetMigrationBlockers (rhbz#2092833) - qemu: don't try to query QEMU about migration blockers during offline migration (rhbz#2092833) - qemu_migration: Acquire correct job in qemuMigrationSrcIsAllowed (rhbz#2092833) - virsh: Require --xpath for *dumpxml (rhbz#2103524) - qemu: skip hardcoded hostdev migration check if QEMU can do it for us (rhbz#1497907) [8.5.0-2] - domain_conf: Format <defaultiothread/> more often (rhbz#2059511) - domain_conf: Format iothread IDs more often (rhbz#2059511) - qemu: Make IOThread changing more robust (rhbz#2059511) - qemuDomainSetIOThreadParams: Accept VIR_DOMAIN_AFFECT_CONFIG flag (rhbz#2059511) - virsh: Implement --config for iothreadset (rhbz#2059511) - docs: Document TPM portion of domcaps (rhbz#2103119) - virtpm: Introduce TPM-1.2 and TPM-2.0 capabilieis (rhbz#2103119) - domcaps: Introduce TPM backendVersion (rhbz#2103119) - qemu: Report supported TPM version in domcaps (rhbz#2103119) - vircpi: Add PCIe 5.0 and 6.0 link speeds (rhbz#2105231) [8.5.0-1] - Rebased to libvirt-8.5.0 (rhbz#2060313) - The rebase also fixes the following bugs: rhbz#1475431, rhbz#2026765, rhbz#2059511, rhbz#2089431, rhbz#2102009 [8.4.0-3] - qemu: fd: Fix monitor usage of qemuFDPassDirectGetPath (rhbz#2092856) [8.4.0-2] - Revert 'RHEL: Fix virConnectGetMaxVcpus output' (rhbz#2095260) [8.4.0-1] - Rebased to libvirt-8.4.0 (rhbz#2060313) - The rebase also fixes the following bugs: rhbz#2057768, rhbz#2081981, rhbz#2035163, rhbz#2075837, rhbz#2082540 rhbz#2075383 [8.3.0-1] - Rebased to libvirt-8.3.0 (rhbz#2060313) - The rebase also fixes the following bugs: rhbz#1653327, rhbz#2075765, rhbz#2075464, rhbz#2078274, rhbz#2070380 rhbz#2073887, rhbz#2073867 [8.2.0-1] - Rebased to libvirt-8.2.0 (rhbz#2060313) - The rebase also fixes the following bugs: rhbz#1866400, rhbz#2065381, rhbz#2063903, rhbz#1901394, rhbz#2065399 [8.1.0-1] - Rebased to libvirt-8.1.0 (rhbz#2060313) - The rebase also fixes the following bugs: rhbz#1643868, rhbz#2045953, rhbz#1910856, rhbz#2051451, rhbz#1745868 rhbz#2040548, rhbz#2041665, rhbz#1999372, rhbz#2038045, rhbz#2045959 rhbz#2046024, rhbz#2040555, rhbz#2057067, rhbz#2037146, rhbz#2036300 [8.0.0-5] - Make systemd unit ordering more robust (rhbz#1868537) - util: Fix machined servicename (rhbz#1868537) [8.0.0-4] - qemu_command: Generate memory only after controllers (rhbz#2047271) - qemu: Validate domain definition even on migration (rhbz#2048435) [8.0.0-3] - qemuDomainSetupDisk: Initialize 'targetPaths' (rhbz#2046170) [8.0.0-2] - build: Only install libvirt-guests when building libvirtd (rhbz#2042529) - docs: Add man page for libvirt-guests (rhbz#2042529) - remove sysconfig files (rhbz#2042529) - spec: Run pre/post-install stuff on 'daemon-driver-storage-core' (rhbz#2025644) - qemu: fix inactive snapshot revert (rhbz#2039136) - Revert 'report error when virProcessGetStatInfo() is unable to parse data' (rhbz#2043579) [8.0.0-1] - Rebased to libvirt-8.0.0 (rhbz#2001507) - The rebase also fixes the following bugs: rhbz#2039246, rhbz#2039652, rhbz#2039651, rhbz#2039131 [8.0.0-0rc1.1] - Rebased to libvirt-8.0.0-rc1 (rhbz#2001507) - The rebase also fixes the following bugs: rhbz#2034539, rhbz#2027400, rhbz#1945420, rhbz#1851249, rhbz#2032410 rhbz#2026812, rhbz#2032365, rhbz#2035888, rhbz#2036895, rhbz#2026537 [7.10.0-1] - Rebased to libvirt-7.10.0 (rhbz#2001507) - The rebase also fixes the following bugs: rhbz#2024098, rhbz#1964223, rhbz#2018488, rhbz#2021437, rhbz#2022589 rhbz#2023605, rhbz#1431589, rhbz#2024435, rhbz#2016599, rhbz#1945501 rhbz#2023674 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-3750 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [9.2.10-7] - bump release number for rebuild with fixed gating.yaml file [9.2.10-6] - resolve RHEL-12665 - resolve CVE-2023-39325 CVE-2023-44487 rapid stream resets can cause excessive work - testing is turned off due to test failures caused by testing date mismatch [9.2.10-5] - resolve CVE-2023-3128 grafana: account takeover possible when using Azure AD OAuth [9.2.10-3] - bumps exporter-toolkit to v0.7.3, sanitize-url@npm to 6.0.2, skip problematic s390 tests, License AGPL-3.0-only. [9.2.10-2] - Update to 9.2.10 [9.2.10-1] - Update to 9.2.10 [9.0.9-2] - resolve CVE-2022-39229 grafana: Using email as a username can prevent other users from signing in - resolve CVE-2022-2880 CVE-2022-41715 grafana: various flaws [9.0.9-1] - update to 9.0.9 tagged upstream community sources, see CHANGELOG - resolve CVE-2022-35957 grafana: Escalation from admin to server admin when auth proxy is used (rhbz#2125530) [9.0.8-2] - bump NVR [9.0.8-1] - update to 9.0.8 tagged upstream community sources, see CHANGELOG - do not list /usr/share/grafana/conf twice - drop makefile in favor of create_bundles.sh script - sync provides/obsoletes with CentOS versions - drop husky patch [7.5.15-3] - resolve CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions - resolve CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header - resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working - resolve CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read - resolve CVE-2022-30630 golang: io/fs: stack exhaustion in Glob - resolve CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob - resolve CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode - resolve CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip - resolve CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal [7.5.15-2] - resolve CVE-2022-31107 grafana: OAuth account takeover [7.5.15-1] - update to 7.5.15 tagged upstream community sources, see CHANGELOG - resolve CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources - resolve CVE-2022-21702 grafana: XSS vulnerability in data source handling - resolve CVE-2022-21703 grafana: CSRF vulnerability can lead to privilege escalation - resolve CVE-2022-21713 grafana: IDOR vulnerability can lead to information disclosure - resolve CVE-2021-23648 sanitize-url: XSS - resolve CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter - declare Node.js dependencies of subpackages - make vendor and webpack tarballs reproducible [7.5.11-3] - use HMAC-SHA-256 instead of SHA-1 to generate password reset tokens - update FIPS tests in check phase [7.5.11-2] - resolve CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache - resolve CVE-2021-43813 grafana: directory traversal vulnerability for *.md files MODERATE Copyright 2023 Oracle, Inc. CVE-2022-23552 CVE-2022-39201 CVE-2022-39307 CVE-2022-39306 CVE-2022-39324 CVE-2022-31123 CVE-2022-31130 CVE-2022-41717 CVE-2023-24534 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [13.11-1] - Update to 13.11 Resolves: #2171370 LOW Copyright 2023 Oracle, Inc. CVE-2022-41862 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [0.99.9-5] - Rebuild Resolves: rhbz#2227786 [0.99.9-4] - Address CVE-2020-12762 Resolves: rhbz#2203172 MODERATE Copyright 2023 Oracle, Inc. CVE-2020-12762 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [8.3.1-11] - Resolves: RHEL-2263 - bgpd: Do not explicitly print MAXTTL value for ebgp-multihop vty output [8.3.1-10] - Related: #2216912 - adding sys_admin to capabilities [8.3.1-9] - Resolves: #2215346 - frr policy does not allow the execution of /usr/sbin/ipsec [8.3.1-8] - Resolves: #2216912 - SELinux is preventing FRR-Zebra to access to network namespaces [8.3.1-7] - Resolves: #2168855 - BFD not working through VRF [8.3.1-6] - Resolves: #2184870 - Reachable assertion in peek_for_as4_capability function - Resolves: #2196795 - denial of service by crafting a BGP OPEN message with an option of type 0xff - Resolves: #2196796 - denial of service by crafting a BGP OPEN message with an option of type 0xff - Resolves: #2196794 - out-of-bounds read exists in the BGP daemon of FRRouting MODERATE Copyright 2023 Oracle, Inc. CVE-2022-40302 CVE-2022-40318 CVE-2022-36440 CVE-2022-43681 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [1:3.4.10-6] - Resolves: #2211413 - XRA dissector infinite loop [1:3.4.10-5] - Resolves: #2210864 - Candump log file parser crash Resolves: #2210865 - VMS TCPIPtrace file parser crash Resolves: #2210868 - NetScaler file parser crash Resolves: #2210870 - RTPS dissector crash Resolves: #2210871 - IEEE C37.118 Synchrophasor dissector crash MODERATE Copyright 2023 Oracle, Inc. CVE-2023-2952 CVE-2023-0666 CVE-2023-2855 CVE-2023-2856 CVE-2023-0668 CVE-2023-2858 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1.31.3-1.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178] [1:1.31.3-1] - update to https://github.com/containers/buildah/releases/tag/v1.31.3 - Related: #2176063 [1:1.31.2-1] - update to https://github.com/containers/buildah/releases/tag/v1.31.2 - Related: #2176063 [1:1.31.1-2] - build buildah off main branch for early testing of zstd compression - Related: #2176063 [1:1.31.1-1] - update to https://github.com/containers/buildah/releases/tag/v1.31.1 - Related: #2176063 [1:1.31.0-1] - update to https://github.com/containers/buildah/releases/tag/v1.31.0 - Related: #2176063 [1:1.30.0-2] - rebuild for following CVEs: CVE-2023-25173 CVE-2022-41724 CVE-2022-41725 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539 CVE-2023-24540 CVE-2023-29400 - Resolves: #2175073 - Resolves: #2179958 - Resolves: #2187332 - Resolves: #2187375 - Resolves: #2203696 - Resolves: #2207518 [1:1.30.0-1] - update to 1.30.0 - Related: #2176063 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-41723 CVE-2023-24534 CVE-2022-41725 CVE-2023-24536 CVE-2023-25173 CVE-2023-29400 CVE-2023-29406 CVE-2023-24540 CVE-2023-24539 CVE-2023-24538 CVE-2022-41724 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [2:4.6.1-5.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404] [2:4.6.1-5] - update to the latest content of https://github.com/containers/podman/tree/v4.6.1-rhel (https://github.com/containers/podman/commit/ea33dce) - Related: #2176063 [2:4.6.1-4] - amend podmansh provides - Related: #2176063 [2:4.6.1-3] - update to the latest content of https://github.com/containers/podman/tree/v4.6.1-rhel (https://github.com/containers/podman/commit/8bb0204) - Related: #2176063 [2:4.6.1-2] - update to the latest content of https://github.com/containers/podman/tree/v4.6.1-rhel (https://github.com/containers/podman/commit/1b2fadd) - Resolves: #2232127 [2:4.6.1-1] - update to latest content of https://github.com/containers/podman/releases/tag/4.6.1 - Related: #2176063 [2:4.6.0-3] - build podman 4.6.0 off main branch for early testing of zstd compression - Related: #2176063 [2:4.6.0-2] - update license token to be SPDX compatible - Related: #2176063 [2:4.6.0-1] - update to latest content of https://github.com/containers/podman/releases/tag/4.6.0 (https://github.com/containers/podman/commit/38e6fab9664c6e59b66e73523b307a56130316ae) [2:4.6.0-0.3] - rebuild with the new bats - Related: #2176063 [2:4.6.0-0.2] - update to 4.6.0-rc2 - Related: #2176063 [2:4.6.0-0.1] - update to 4.6.0-rc1 - Related: #2176063 [2:4.5.1-5] - rebuild for following CVEs: CVE-2023-25173 CVE-2022-41724 CVE-2022-41725 CVE-2023-24537 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539 CVE-2023-24540 CVE-2023-29400 - Resolves: #2175071 - Resolves: #2179950 - Resolves: #2187318 - Resolves: #2187366 - Resolves: #2203681 - Resolves: #2207512 [2:4.5.1-4] - update to https://github.com/containers/gvisor-tap-vsock/releases/tag/v0.6.1 - Related: #2176063 [2:4.5.1-3] - rebuild for following CVEs: CVE-2023-25173 CVE-2022-41724 CVE-2022-41725 CVE-2023-24537 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539 CVE-2023-24540 CVE-2023-29400 - Resolves: #2175074 - Resolves: #2179966 - Resolves: #2187322 - Resolves: #2187383 - Resolves: #2203702 - Resolves: #2207522 [2:4.5.1-2] - rebuild - Resolves: #2177611 [2:4.5.1-1] - update to https://github.com/containers/podman/releases/tag/v4.5.1 - Related: #2176063 [2:4.5.0-1] - update to 4.5.0 - Related: #2176063 [2:4.4.1-10] - build and add missing docker man pages - Resolves: #2187187 [2:4.4.1-9] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel (https://github.com/containers/podman/commit/fd0ea3b) - Resolves: #2173089 [2:4.4.1-8] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel (https://github.com/containers/podman/commit/05037d3) - Resolves: #2178263 [2:4.4.1-7] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel (https://github.com/containers/podman/commit/67f7e1e) - Related: #2176063 [2:4.4.1-6] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel (https://github.com/containers/podman/commit/4461c9c) - Related: #2176063 [2:4.4.1-5] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel (https://github.com/containers/podman/commit/bf400bd) - Related: #2176063 [2:4.4.1-4] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel (https://github.com/containers/podman/commit/ffc2614) - Resolves: #2179450 [2:4.4.1-3] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel (https://github.com/containers/podman/commit/e1703bb) - Related: #2124478 [2:4.4.1-2] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel (https://github.com/containers/podman/commit/0b38633) - Related: #2124478 [2:4.4.1-1] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel (https://github.com/containers/podman/commit/d4e285a) - Related: #2124478 [2:4.4.1-0.1] - update to the latest content of https://github.com/containers/podman/tree/v4.4 (https://github.com/containers/podman/commit/f5670f0) - Related: #2124478 [2:4.4.0-1] - update to podman-4.4 release - Related: #2124478 [2:4.4.0-0.10] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/68bbdc2) - Related: #2124478 [2:4.4.0-0.9] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/323b515) - Related: #2124478 [2:4.4.0-0.8] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/c35e74f) - Related: #2124478 [2:4.4.0-0.7] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/ce504bb) - Related: #2124478 [2:4.4.0-0.6] - add quadlet to tests - Related: #2124478 [2:4.4.0-0.5] - obsolete podman-catatonit in order to not to file conflict with catatonit - Related: #2124478 [2:4.4.0-0.4] - build v4.4.0-rc2 - Related: #2124478 [2:4.4.0-0.3] - remove podman-machine-cni, it is now part of podman 4.0 or newer - Related: #2124478 [2:4.4.0-0.2] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/07ba51d) - update gvisor-tap-vsock to 0.5.0 - Related: #2124478 [2:4.4.0-0.1] - podman-4.4.0-rc1 - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/f1af5b3) - Related: #2124478 [2:4.3.1-4] - podman shouldn't provide and file conflict with catatonit in CRB - Resolves: #2151322 [2:4.3.1-3] - fix 'podman manifest add' is not concurrent safe - Resolves: #2105173 [2:4.3.1-2] - properly obsolete catatonit - Resolves: #2123319 [2:4.3.1-1] - update to https://github.com/containers/podman/releases/tag/v4.3.1 - Related: #2124478 [2:4.3.0-2] - rebuild to fix CVE-2022-30629 - Related: #2102994 [2:4.3.0-1] - update to https://github.com/containers/podman/releases/tag/v4.3.0 - Related: #2124478 [2:4.2.0-3] - fix dependency in test subpackage - Related: #2061316 [2:4.2.0-2] - readd catatonit - Related: #2061316 [2:4.2.0-1] - update to latest content of https://github.com/containers/podman/releases/tag/4.2.0 (https://github.com/containers/podman/commit/7fe5a419cfd2880df2028ad3d7fd9378a88a04f4) - Related: #2061316 [2:4.2.0-0.3rc3] - require catatonit for gating tests - Related: #2061316 [2:4.2.0-0.2rc3] - update to 4.2.0-rc3 - Related: #2061316 [2:4.2.0-0.1rc2] - update to 4.2.0-rc2 - Related: #2061316 [2:4.1.1-6] - convert catatonit dependency to soft dep as catatonit is no longer in Appstream but in CRB - Related: #2061316 [2:4.1.1-5] - rebuild for combined gating with catatonit - Related: #2097694 [2:4.1.1-4] - catatonit is now a standalone package - Related: #2097694 [2:4.1.1-3] - update to the latest content of https://github.com/containers/podman/tree/v4.1.1-rhel (https://github.com/containers/podman/commit/fa692a6) - Related: #2097694 [2:4.1.1-2] - be sure podman services/sockets are stopped upon package removal - Related: #2061316 [2:4.1.1-1] - update to https://github.com/containers/podman/releases/tag/v4.1.1 - Related: #2061316 [2:4.1.0-4] - don't require runc and Recommends: crun - Related: #2061316 [2:4.1.0-3] - Re-enable LTO and debuginfo - Related: #2061316 [2:4.1.0-2] - update gvisor-tap-vsock to 0.2.0 to fix compilation with golang 1.18 - Related: #2061316 [2:4.1.0-1] - update to https://github.com/containers/podman/releases/tag/v4.1.0 - Related: #2061316 [2:4.0.3-2] - require netavark and move CNI to soft dependencies - Related: #2061316 [2:4.0.3-1] - update to https://github.com/containers/podman/releases/tag/v4.0.3 - Related: #2061316 [2:4.0.2-3] - bump minimal libseccomp version requirement - Related: #2061316 [2:4.0.2-2] - rebuilt with golang >= 1.17.5 (CVE-2021-44716, CVE-2021-44717) - Related: #2061316 [2:4.0.2-1] - update to https://github.com/containers/podman/releases/tag/v4.0.2 - Related: #2059681 [2:4.0.1-1] - update to https://github.com/containers/podman/releases/tag/v4.0.1 - Related: #2000051 [2:4.0.0-6] - set catatonit cflags after configure step, don't explicitly set ldflags - Related: #2054115 [2:4.0.0-5] - revert previous change and run set_build_flags before the build process - Related: #2054115 [2:4.0.0-4] - add -D_FORTIFY_SOURCE=2 for podman-catatonit - Related: #2054115 [2:4.0.0-3] - depend on containers-common >= 2:1-28 - Related: #2000051 [2:4.0.0-2] - use correct commit 49f8da72 for podman, previous commit said 4.0.1-dev - Related: #2000051 [2:4.0.0-1] - update to podman-4.0.0 release - Related: #2000051 [2:4.0.0-0.32] - update to the latest content of https://github.com/containers/podman/tree/v4.0 (https://github.com/containers/podman/commit/a34f279) - Related: #2000051 [2:4.0.0-0.31] - update to the latest content of https://github.com/containers/podman/tree/v4.0 (https://github.com/containers/podman/commit/ab3e566) - Related: #2000051 [2:4.0.0-0.30] - fix linker flags to assure -D_FORTIFY_SOURCE=2 is present at the command line - Related: #2000051 [2:4.0.0-0.29] - update to the latest content of https://github.com/containers/podman/tree/v4.0 (https://github.com/containers/podman/commit/b0a445e) - Related: #2000051 [2:4.0.0-0.28] - update to the latest content of https://github.com/containers/podman/tree/v4.0 (https://github.com/containers/podman/commit/c4a9aa7) - Related: #2000051 [2:4.0.0-0.27] - update to the latest content of https://github.com/containers/podman/tree/v4.0 (https://github.com/containers/podman/commit/5b2d96f) - Related: #2000051 [2:4.0.0-0.26] - set CGO_CFLAGS explicitly - Related: #2000051 [2:4.0.0-0.25] - bump to 0.25 to have highest NVR - Related: #2000051 [2:4.0.0-0.4] - rebuilt - Related: #2000051 [2:4.0.0-0.3] - update to the latest content of https://github.com/containers/podman/tree/v4.0 (https://github.com/containers/podman/commit/2dca7b2) - Related: #2000051 [2:4.0.0-0.2] - update to the latest content of https://github.com/containers/podman/tree/v4.0 (https://github.com/containers/podman/commit/4ad9e00) - Related: #2000051 [2:4.0.0-0.1] - update to the latest content of https://github.com/containers/podman/tree/v4.0 (https://github.com/containers/podman/commit/337f706) - Related: #2000051 [2:3.4.5-0.8] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/a54320a) - Related: #2000051 [2:3.4.5-0.7] - add rootless_role (Ed Santiago) - Related: #2000051 [2:3.4.5-0.6] - add git-daemon to test subpackage (https://github.com/containers/podman/issues/12851) - Related: #2000051 [2:3.4.5-0.5] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/63134a1) - Related: #2000051 [2:3.4.5-0.4] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/3f57b6e) - Related: #2000051 [2:3.4.5-0.3] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/17788ed) - Related: #2000051 [2:3.4.5-0.2] - incorporate gating test fixes from Ed Santiago: - remove buildah and skopeo (unused) - bump BATS from v1.1 to v1.5 - rename 'nonroot' to 'rootless' - Related: #2000051 [2:3.4.5-0.1] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/b8fde5c) - Related: #2000051 [2:3.4.4-0.1] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/49f589d) - Related: #2000051 [2:3.4.3-0.11] - remove downstream patch already applied upstream - Related: #2000051 [2:3.4.3-0.10] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/fe44757) - Related: #2000051 [2:3.4.3-0.9] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/815f36a) - Related: #2000051 [2:3.4.3-0.8] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/31bc358) - Related: #2000051 [2:3.4.3-0.7] - bump Epoch to not to pull in older versions built off upstream main branch - Related: #2000051 [1:3.4.3-0.6] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/e3a7a74) - add libsubid_tag.sh into BUILDTAGS - Related: #2000051 [1:3.4.3-0.5] - do not put patch URL as the backported patch will get overwritten when 'spectool -g -f' is executed - Related: #2000051 [1:3.4.3-0.4] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/7203178) - Related: #2000051 [1:3.4.3-0.3] - remove -t 0 from podman gating test - Related: #2000051 [1:3.4.3-0.2] - add BuildRequires: shadow-utils-subid-devel - Related: #2000051 [1:3.4.3-0.1] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/4808a63) - Related: #2000051 [1:3.4.2-0.8] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/fd010ad) - Related: #2000051 [1:3.4.2-0.7] - backport https://github.com/containers/podman/pull/12118 to 3.4 in attempt to fix gating tests - Related: #2000051 [1:3.4.2-0.6] - add Requires: gnupg (https://github.com/containers/podman/pull/12270) - Related: #2000051 [1:3.4.2-0.5] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/8de9950) - Related: #2000051 [1:3.4.2-0.4] - update catatonit to 1.7 - Related: #2000051 [1:3.4.2-0.3] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/75023e9) - Related: #2000051 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-41725 CVE-2022-41723 CVE-2023-29400 CVE-2023-24534 CVE-2023-24539 CVE-2023-3978 CVE-2023-24536 CVE-2023-24537 CVE-2023-24540 CVE-2023-25173 CVE-2022-41724 CVE-2023-24538 CVE-2023-29406 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [0.11.0-7] - add missing gating.yaml - fix rpminspect issue Related: #2215766 [0.11.0-6] - Resolves: #2215766, insecure credentials submission MODERATE Copyright 2023 Oracle, Inc. CVE-2023-35789 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [14-2] - Fix service start up [14-1] - New upstream release - v14. Resolves: rhbz#2182411 Resolves: CVE-2023-1672 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-1672 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [3.11.5-1] - Rebase to 3.11.5 - Security fixes for CVE-2023-40217 and CVE-2023-41105 Resolves: RHEL-3045, RHEL-3269 [3.11.4-3] - Fix symlink handling in the fix for CVE-2023-24329 Resolves: rhbz#263261 [3.11.4-2] - Security fix for CVE-2007-4559 Resolves: rhbz#263261 [3.11.4-1] - Update to 3.11.4 - Security fix for CVE-2023-24329 Resolves: rhbz#2173917 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-41105 CVE-2007-4559 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [2.4.22-1] - Update to 2.4.22 (#2196530) [2.4.17-7] - Fix uninitizalized resevered bytes (CVE-2023-0836, #2180861) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-0836 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [1.7.0-8] - CVE fix for: CVE-2023-3138 Resolve: rhbz#2213763 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-3138 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [7.1.8.1-11.0.1] - Replace colors with Oracle colors [Orabug: 32120093] - Build with --with-vendor='Oracle America, Inc.' - Added the --with-hamcrest option to configure. [1:7.1.8.1-11] - Resolves: rhbz#2210193 CVE-2023-0950 Array Index UnderFlow in Calc Formula Parsing - Resolves: rhbz#2210197 CVE-2023-2255 libreoffice: Remote documents loaded without prompt via IFrame - Resolves: rhbz#2208510 CVE-2023-1183 libreoffice: Arbitrary File Write [1:7.1.8.1-10] - Fix erroneous libreoffice-ure dependencies [1:7.1.8.1-9] - Resolves: rhbz#2182392 CVE-2022-38745 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-1183 CVE-2022-38745 CVE-2023-0950 CVE-2023-2255 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1.12.8-1] - Update to 1.12.8 (CVE-2023-28100, CVE-2023-28101) Resolves: #2180312, #2221792 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-28100 CVE-2023-28101 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [6.1.0-9] - Fix an open redirect in StaticFileHandler Resolves: CVE-2023-28370 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-28370 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [2.85-14] - Backport Coverity fix to hide detected issue (#2156789) [2.85-13] - Rebuild with modified gating settings [2.85-12] - Make create logfile writeable by root (#2156789) [2.85-11] - Do not create and search --local and --address=/x/# domains (#2209031) [2.85-10] - Fix also dynamically set resolvers over dbus (#2186481) [2.85-9] - Properly initialize domain parameter in dnssec mode (#2182342) [2.85-8] - Correct possible crashes when server=/example.net/# is used (#2188712) [2.85-7] - Limit offered EDNS0 size 1232 (CVE-2023-28450) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-28450 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [2.40.5-1] - Update to 2.40.5 Related: #2176270 [2.40.4-1] - Update to 2.40.4 Related: #2176270 [2.40.3-2] - Disable JIT Related: #2176270 [2.40.3-1] - Update to 2.40.3 Related: #2176270 [2.40.2-1] - Update to 2.40.2 Related: #2176270 [2.40.1-1] - Upgrade to 2.40.1 Resolves: #2176270 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-38611 CVE-2023-32370 CVE-2023-32393 CVE-2023-38600 CVE-2023-38572 CVE-2023-38597 CVE-2023-40451 CVE-2022-32885 CVE-2023-27954 CVE-2023-38594 CVE-2023-38595 CVE-2023-27932 CVE-2023-39434 CVE-2023-38599 CVE-2023-38592 CVE-2023-28198 CVE-2023-38133 CVE-2023-40397 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [2.29-3] - Resolves: rhbz#2218907 - Fix CVE-2023-31484 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-31484 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [0.076-461] - Changes the verify_SSL default parameter from 0 to 1 - CVE-2023-31486 - Resolves: rhbz#2228412 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-31486 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [9.54.0-13] - fix for CVE-2023-38559 - Resolves: rhbz#2224372 [9.54.0-12] - fix for CVE-2023-36664 - Resolves: rhbz#2217810 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-28879 CVE-2023-38559 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [4.12-1.0.1] - Add libreswan-oracle.patch to detect Oracle Linux distro [4.12-1] - Update to 4.12 to fix CVE-2023-38710, CVE-2023-38711, CVE-2023-38712 - Resolves: rhbz#2215956 [4.9-5] - Just bumping up the version to include bugs for CVE-2023-2295. There is no code fix for it. Fix for it is including the code fix for CVE-2023-30570. - Fix CVE-2023-2295 Regression of CVE-2023-30570 fixes in the Red Hat Enterprise Linux - Resolves: rhbz#2189777, rhbz#2190148 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-38712 CVE-2023-38711 CVE-2023-38710 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [2.1.0-22] - fix CVE-2023-33460 - Resolves: #2221253 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-33460 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1:0.9.72-5] - Add cve-2023-27371.patch Related: rhbz#2174640 CVE-2023-27371 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-27371 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [12.5.4-7.0.1] - add mpstat -H option to also display physically hotplugged vCPUs [Orabug: 34683087] [12.5.4-7] - add description of UMASK to man/systat.in (rhbz#2216805) [12.5.4-6] - fix the arithmetic overflow in allocate_structures() that is still possible on some 32 bit systems (CVE-2023-33204) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-33204 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [1:9.0.62-37] - Resolves: RHEL-12551 - Remove JDK subpackges which are unused [1:9.0.62-16] - Related: #2184133 Declare file conflicts [1:9.0.62-15] - Resolves: #2184133 Fix bug in Obsoletes [1:9.0.62-14] - Resolves: #2210632 CVE-2023-28709 tomcat [1:9.0.62-13] - Resolves: #2189675 Missing Tomcat POM files in RHEL 9.3 [1:9.0.62-12] - Resolves: #2189675 Missing Tomcat POM files in RHEL 9.3 - Resolves: #2173872 Remove java-11-openjdk-headles as a tomcat dependency - Resolves: #2181461 CVE-2023-28708 tomcat: not including the secure attribute causes information - Resolves: #2210632 CVE-2023-28709 - Resolves: #2184133 Add Obsoletes to tomcat package - Update patch command - Update source to include the CVE fixes MODERATE Copyright 2023 Oracle, Inc. CVE-2023-28708 CVE-2023-28709 CVE-2023-24998 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [4.4.0-10] - Fix CVE-2023-26965 CVE-2023-3316 CVE-2023-26966 CVE-2023-3576 - Resolves: CVE-2023-26965 CVE-2023-3316 CVE-2023-26966 CVE-2023-3576 [4.4.0-9] - Fix CVE-2023-2731 - Resolves: CVE-2023-2731 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-3316 CVE-2023-3576 CVE-2023-26965 CVE-2023-2731 CVE-2023-26966 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [2.0.6-4] - bump rpm version for rhel-exception build Resolves: rhbz#2230712 [2.0.6-3] - blackbox: fix buffer overflow with long log lines Resolves: rhbz#2236171 [2.0.6-1] - ipc: Retry receiving credentials if the the message is short Resolves: rhbz2149647 [2.0.6-1] - Rebase to 2.0.6 Resolves: rhbz#2072903 [2.0.3-8] - Fix negative errno in qb_ipcc_connect (introduced in 2.0.3-4) Resolves: rhbz#2057527 [2.0.3-7] - Bump soname for async-connect API addition Resolves: rhbz#bz2031865 [2.0.3-6] - Fix gating.yaml for RHEL-9 Resolves: rhbz#bz2031865 [2.0.3-5] - Add gating.yaml from RHEL Resolves: rhbz#bz2031865 [2.0.3-4] - Add async connect call for Pacemaker Resolves: rhbz#bz2031865 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-39976 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::distro_builder Oracle Linux 9 - [5.14.0-362.8.1_3.OL9] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944] - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Disable unified kernel image package build - Add Oracle Linux IMA certificates [5.14.0-362.8.1_3] - Revert 'cnic: don't pass bogus GFP_ flags to dma_alloc_coherent' (Chris Leech) [RHEL-2542] - Revert 'dma-mapping: reject __GFP_COMP in dma_alloc_attrs' (Chris Leech) [RHEL-2542] [5.14.0-362.7.1_3] - drm/amd: flush any delayed gfxoff on suspend entry (Mika Penttila) [2232662] - drm/amdgpu: skip fence GFX interrupts disable/enable for S0ix (Mika Penttila) [2232662] - drm/amd/pm: skip the RLC stop when S0i3 suspend for SMU v13.0.4/11 (Mika Penttila) [2232662] - Revert 'net/mlx5e: Switch to using napi_build_skb()' (Mohammad Kabat) [RHEL-1267] [5.14.0-362.6.1_3] - kabi: enable check-kabi (Cestmir Kalina) [RHEL-8864] - kabi: add symbol zlib_inflate_workspacesize to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol zlib_inflateInit2 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol zlib_inflateEnd to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol zlib_inflate to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol zalloc_cpumask_var to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol yield to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol xz_dec_run to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol xz_dec_init to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol xz_dec_end to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol xa_store to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol xas_find to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol xa_set_mark to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol xa_load to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __xa_insert to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol xa_get_mark to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol xa_find_after to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol xa_find to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol xa_erase to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol xa_destroy to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol xa_clear_mark to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __xa_alloc_cyclic to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __xa_alloc to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol x86_spec_ctrl_base to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __x86_return_thunk to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __x86_indirect_thunk_rsi to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __x86_indirect_thunk_rdx to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __x86_indirect_thunk_rdi to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __x86_indirect_thunk_rcx to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __x86_indirect_thunk_rbx to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __x86_indirect_thunk_rbp to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __x86_indirect_thunk_rax to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __x86_indirect_thunk_r9 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __x86_indirect_thunk_r8 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __x86_indirect_thunk_r15 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __x86_indirect_thunk_r14 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __x86_indirect_thunk_r13 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __x86_indirect_thunk_r12 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __x86_indirect_thunk_r11 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __x86_indirect_thunk_r10 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol x86_cpu_to_apicid to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __write_overflow_field to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __warn_printk to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __wake_up to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol wait_for_completion_timeout to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol wait_for_completion_interruptible to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol wait_for_completion to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol vzalloc to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol vsprintf to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol vsnprintf to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol vprintk to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol vm_zone_stat to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol vm_munmap to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol vm_event_states to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol vmemmap_base to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol vmalloc_to_page to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol vmalloc_node to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol vmalloc_base to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol vmalloc_32 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol vmalloc to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __vmalloc to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __virt_addr_valid to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol vfree to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __var_waitqueue to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol uv_undefined to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol uv_teardown_irq to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol uv_setup_irq to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol uv_possible_blades to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __uv_hub_info_list to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol uv_get_hubless_system to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __uv_cpu_info to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol uv_bios_obj_count to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol uv_bios_install_heap to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol uv_bios_get_pci_topology to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol uv_bios_get_master_nasid to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol uv_bios_get_heapsize to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol uv_bios_get_geoinfo to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol uv_bios_enum_ports to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol uv_bios_enum_objs to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol usleep_range_state to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol up_write to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol up_read to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol up to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol unregister_shrinker to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol unregister_reboot_notifier to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol unregister_nmi_handler to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol unregister_kprobe to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol unregister_chrdev_region to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __unregister_chrdev to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol unregister_blkdev to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __udelay to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol tty_termios_encode_baud_rate to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol tty_std_termios to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol tsc_khz to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol try_wait_for_completion to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol trace_seq_putc to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol trace_seq_printf to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol trace_print_flags_seq to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol trace_handle_return to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol touch_softlockup_watchdog to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _totalram_pages to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol timer_delete_sync to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol timer_delete to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol timecounter_read to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol timecounter_init to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol timecounter_cyc2time to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol time64_to_tm to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol this_cpu_off to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol tasklet_unlock_wait to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol tasklet_setup to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __tasklet_schedule to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol tasklet_kill to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol tasklet_init to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __tasklet_hi_schedule to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol sys_tz to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol system_wq to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol system_state to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol system_freezing_cnt to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol sysfs_streq to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol sysfs_emit to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol synchronize_rcu to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol synchronize_irq to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __symbol_put to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __symbol_get to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __sw_hweight64 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __sw_hweight32 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol strstr to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol strsep to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol strscpy_pad to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol strscpy to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol strrchr to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol strnlen_user to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol strnlen to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol strncpy_from_user to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol strncpy to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol strncmp to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol strncasecmp to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol strlen to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol strlcpy to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol strlcat to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol strim to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol strcspn to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol strcpy to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol strcmp to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol strchr to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol strcat to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol static_key_slow_inc to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol static_key_slow_dec to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol static_key_count to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __stack_chk_fail to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol sscanf to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol sprintf to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol sort to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol sn_region_size to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol snprintf to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol sn_partition_id to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol smp_call_function_single_async to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol smp_call_function_single to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol smp_call_function_many to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol sme_me_mask to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol simple_write_to_buffer to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol simple_strtoull to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol simple_strtoul to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol simple_strtol to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol simple_read_from_buffer to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol si_meminfo to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol sigprocmask to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __sg_page_iter_start to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __sg_page_iter_dma_next to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol sg_next to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol set_normalized_timespec64 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol set_freezable to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol set_current_groups to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol security_sb_eat_lsm_opts to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol security_free_mnt_opts to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __SCT__tp_func_xdp_exception to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __SCT__preempt_schedule_notrace to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __SCT__preempt_schedule to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __SCT__might_resched to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __SCT__cond_resched to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol scsilun_to_int to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol scsi_command_size_tbl to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol scnprintf to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol schedule_timeout to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol schedule to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol sched_clock_cpu to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol sched_clock to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol round_jiffies to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol rht_bucket_nested_insert to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol rht_bucket_nested to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __rht_bucket_nested to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol rhltable_init to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol rhashtable_insert_slow to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol rhashtable_init to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol rhashtable_free_and_destroy to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol rhashtable_destroy to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol request_threaded_irq to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __request_region to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __request_module to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol remove_wait_queue to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __release_region to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol release_firmware to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol register_shrinker to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol register_reboot_notifier to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __register_nmi_handler to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol register_kprobe to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol register_chrdev_region to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __register_blkdev to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __refrigerator to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol refcount_warn_saturate to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol refcount_dec_if_one to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol refcount_dec_and_mutex_lock to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol recalc_sigpending to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __read_overflow2_field to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol rcu_read_unlock_strict to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __rcu_read_unlock to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __rcu_read_lock to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol rcu_barrier to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol rb_next to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol rb_insert_color to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol rb_first to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol rb_erase to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_write_unlock_irqrestore to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_write_unlock_irq to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_write_unlock_bh to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_write_unlock to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_write_trylock to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_write_lock_irqsave to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_write_lock_irq to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_write_lock_bh to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_write_lock to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_spin_unlock_irqrestore to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_spin_unlock_irq to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_spin_unlock_bh to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_spin_unlock to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_spin_trylock_bh to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_spin_trylock to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_spin_lock_irqsave to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_spin_lock_irq to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_spin_lock_bh to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_spin_lock to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_read_unlock_irqrestore to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_read_unlock_irq to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_read_unlock_bh to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_read_unlock to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_read_lock_irqsave to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_read_lock_irq to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_read_lock_bh to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_read_lock to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol ___ratelimit to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol radix_tree_tag_set to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol radix_tree_next_chunk to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol radix_tree_lookup to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol radix_tree_insert to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol radix_tree_delete to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol queue_work_on to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol queue_delayed_work_on to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol qed_put_iscsi_ops to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol qed_put_eth_ops to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __put_user_8 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __put_user_4 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __put_user_2 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol put_unused_fd to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol ptrs_per_p4d to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol proc_dostring to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol proc_dointvec_minmax to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol proc_dointvec to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __printk_ratelimit to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _printk to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol print_hex_dump to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol prepare_to_wait_exclusive to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol prepare_to_wait_event to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol prepare_to_wait to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol prandom_u32 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol posix_acl_alloc to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol physical_mask to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol phys_base to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol pgprot_writecombine to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol pgdir_shift to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol perf_trace_buf_alloc to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol percpu_ref_init to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol percpu_ref_exit to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __per_cpu_offset to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol panic_notifier_list to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol panic to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol page_offset_base to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol page_frag_free to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol on_each_cpu_cond_mask to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __num_online_cpus to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol numa_node to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol ns_to_timespec64 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol nr_cpu_ids to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol node_to_cpumask_map to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol node_states to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __node_distance to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __ndelay to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol mutex_unlock to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol mutex_trylock to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol mutex_lock_interruptible to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol mutex_lock to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol mutex_is_locked to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __mutex_init to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol msleep_interruptible to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol msleep to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __msecs_to_jiffies to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol mod_timer to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol mod_delayed_work_on to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol memset to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol mem_section to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol mempool_free_slab to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol mempool_free to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol mempool_destroy to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol mempool_create_node to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol mempool_create to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol mempool_alloc_slab to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol mempool_alloc to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol memparse to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol memory_read_from_buffer to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol memmove to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol memdup_user to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol memcpy to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol memcmp to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol memchr_inv to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol mds_idle_clear to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol loops_per_jiffy to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol lookup_bdev to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol lockref_get to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __local_bh_enable_ip to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol llist_add_batch to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __list_del_entry_valid to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __list_add_valid to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kvmalloc_node to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kvfree_call_rcu to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kvfree to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol ktime_get_with_offset to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol ktime_get_ts64 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol ktime_get_real_ts64 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol ktime_get_real_seconds to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol ktime_get_coarse_real_ts64 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol ktime_get to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kthread_should_stop to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kthread_delayed_work_timer_fn to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kthread_complete_and_exit to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kstrtoull to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kstrtouint to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kstrtou8 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kstrtou16 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kstrtoll to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kstrtoint to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kstrtobool to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kstrdup to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol krealloc to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kmemdup to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kmem_cache_create_usercopy to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kmem_cache_create to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kmalloc_order_trace to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __kmalloc_node to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __kmalloc to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kfree to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kexec_crash_loaded to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kernel_sigaction to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kernel_fpu_end to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kernel_fpu_begin_mask to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kasprintf to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol jiffies_to_usecs to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol jiffies_to_msecs to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol jiffies_64 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol jiffies to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol is_vmalloc_addr to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol is_uv_system to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol iscsi_boot_create_host_kset to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol irq_set_affinity_notifier to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol irq_poll_enable to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol irq_poll_disable to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol irq_cpu_rmap_add to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __irq_apply_affinity_hint to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol iowrite32be to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol iounmap to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol ioremap_wc to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol ioremap to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol ioread8 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol ioread32be to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol ioread16be to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol iomem_resource to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol int_to_scsilun to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol int_pow to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol init_wait_var_entry to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __init_waitqueue_head to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol init_wait_entry to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol init_timer_key to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __init_swait_queue_head to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __init_rwsem to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol in_group_p to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol in_aton to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol in6_pton to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol in4_pton to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol idr_remove to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol idr_preload to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol idr_get_next_ul to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol idr_find to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol idr_destroy to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol idr_alloc_u32 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol idr_alloc to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol ida_free to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol ida_destroy to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol ida_alloc_range to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __hw_addr_init to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol hugetlb_optimize_vmemmap_key to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol hrtimer_start_range_ns to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol hrtimer_init to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol hrtimer_forward to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol hrtimer_cancel to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol groups_free to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol groups_alloc to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol get_zeroed_page to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __get_user_nocheck_1 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __get_user_2 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __get_user_1 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol get_unused_fd_flags to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol get_random_bytes to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __get_free_pages to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol gcd to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol free_percpu to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol free_pages to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol free_irq_cpu_rmap to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol free_irq to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol free_cpumask_var to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol fortify_panic to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __flush_workqueue to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol flush_work to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol finish_wait to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _find_next_zero_bit to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _find_next_bit to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _find_last_bit to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _find_first_zero_bit to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _find_first_bit to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __fentry__ to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol enable_irq to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol empty_zero_page to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol emergency_restart to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol elfcorehdr_addr to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol efi to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __dynamic_pr_debug to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol dump_stack to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol dql_reset to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol dql_completed to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol down_write_trylock to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol down_write to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol down_trylock to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol down_read_trylock to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol down_read to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol down_interruptible to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol downgrade_write to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol down to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol dmi_get_system_info to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol dmi_find_device to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol dma_pool_free to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol dma_pool_destroy to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol dma_pool_alloc to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol disable_irq to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol devmap_managed_key to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol dev_base_lock to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol destroy_workqueue to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol delayed_work_timer_fn to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __delay to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol default_wake_function to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol dca_unregister_notify to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol dca_register_notify to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol current_umask to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _ctype to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol csum_partial to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol csum_ipv6_magic to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol crc32_le to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol cpu_sibling_map to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __cpu_present_mask to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __cpu_possible_mask to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __cpu_online_mask to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol cpu_number to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol cpumask_local_spread to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol cpu_khz to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol cpu_info to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __cpuhp_setup_state to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __cpuhp_remove_state to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol cpufreq_quick_get to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol cpu_bit_bitmap to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol copy_user_generic_unrolled to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol copy_user_generic_string to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _copy_to_user to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __copy_overflow to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _copy_from_user to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __const_udelay to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol congestion_wait to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __cond_resched to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol complete_all to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol complete to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol clock_t_to_jiffies to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __check_object_size to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol cdev_alloc to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol cc_mkdec to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol capable to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol cancel_work_sync to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol cancel_work to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol cancel_delayed_work_sync to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol cancel_delayed_work to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol call_usermodehelper to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol call_srcu to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol call_rcu to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol cachemode2protval to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol boot_cpu_data to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol blocking_notifier_call_chain to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol blk_status_to_errno to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol blk_stack_limits to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol blk_mq_map_queues to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol blkdev_get_by_path to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol blkdev_get_by_dev to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __blk_alloc_disk to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol bitmap_zalloc_node to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol bitmap_zalloc to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __bitmap_xor to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __bitmap_weight to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __bitmap_subset to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __bitmap_set to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol bitmap_release_region to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol bitmap_print_to_pagebuf to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol bitmap_parselist to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __bitmap_or to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __bitmap_intersects to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol bitmap_from_arr32 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol bitmap_free to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol bitmap_find_free_region to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __bitmap_equal to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __bitmap_clear to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __bitmap_andnot to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __bitmap_and to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol bio_kmalloc to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol bin2hex to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol avenrun to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol autoremove_wake_function to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol atomic_notifier_call_chain to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _atomic_dec_and_lock to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol async_synchronize_full_domain to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol async_synchronize_full to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol argv_split to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol argv_free to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol arch_touch_nmi_watchdog to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol alloc_workqueue to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __alloc_percpu to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol alloc_pages to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __alloc_pages to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol alloc_cpu_rmap to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol alloc_cpumask_var to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol alloc_chrdev_region to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol add_wait_queue_exclusive to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol add_wait_queue to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol add_timer to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol acpi_get_table to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol acpi_disabled to stablelist (Cestmir Kalina) [RHEL-8864] - scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (Paul Ely) [RHEL-2604] - scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (Paul Ely) [RHEL-2604] [5.14.0-362.5.1_3] - x86/mce: Add support for Extended Physical Address MCA changes (Aristeu Rozanski) [2164637] - x86/mce: Define a function to extract ErrorAddr from MCA_ADDR (Aristeu Rozanski) [2164637] - x86/mce: Avoid unnecessary padding in struct mce_bank (Aristeu Rozanski) [2164637] - net/mlx5e: TC, Remove sample and ct limitation (Amir Tzin) [2229736] - net/mlx5e: TC, Remove mirror and ct limitation (Amir Tzin) [2229736] - net/mlx5e: TC, Remove tuple rewrite and ct limitation (Amir Tzin) [2229736] - net/mlx5e: TC, Remove multiple ct actions limitation (Amir Tzin) [2229736] - net/mlx5e: TC, Remove CT action reordering (Amir Tzin) [2229736] - net/mlx5e: CT: Use per action stats (Amir Tzin) [2229736] - net/mlx5e: TC, Move main flow attribute cleanup to helper func (Amir Tzin) [2229736] - net/mlx5e: TC, Remove unused vf_tun variable (Amir Tzin) [2229736] - net/mlx5e: Set default can_offload action (Amir Tzin) [2229736] [5.14.0-362.4.1_3] - Revert 'net: macsec: preserve ingress frame ordering' (Sabrina Dubroca) [RHEL-2248] - nfsd: fix change_info in NFSv4 RENAME replies (Jeffrey Layton) [2218844] - drm/amd/display: fix the white screen issue when >= 64GB DRAM (Mika Penttila) [2231925] [5.14.0-362.3.1_3] - blk-throttle: Fix io statistics for cgroup v1 (Ming Lei) [2208905] - block: make sure local irq is disabled when calling __blkcg_rstat_flush (Ming Lei) [2208905] - blk-cgroup: Flush stats before releasing blkcg_gq (Ming Lei) [2208905] - blk-cgroup: hold queue_lock when removing blkg->q_node (Ming Lei) [2217205] [5.14.0-362.2.1_3] - PCI: hv: Fix a crash in hv_pci_restore_msi_msg() during hibernation (Vitaly Kuznetsov) [2211797] - rhel: Re-add can-dev features that were removed accidentally (Radu Rendec) [2213891] - EDAC/amd64: Add support for ECC on family 19h model 60h-7Fh (Aristeu Rozanski) [2218686] - EDAC/amd64: Remove PCI Function 0 (Aristeu Rozanski) [2218686] - EDAC/amd64: Remove PCI Function 6 (Aristeu Rozanski) [2218686] - EDAC/amd64: Remove scrub rate control for Family 17h and later (Aristeu Rozanski) [2218686] - EDAC/amd64: Don't set up EDAC PCI control on Family 17h+ (Aristeu Rozanski) [2218686] - net/sched: cls_fw: Fix improper refcount update leads to use-after-free (Davide Caratti) [2225102] {CVE-2023-3776} [5.14.0-362.1.1_3] - dlm: fix plock lookup when using multiple lockspaces (Alexander Aring) [2234868] - redhat: enable zstream release numbering for rhel 9.3 (Jan Stancek) - redhat: change default dist suffix for RHEL 9.3 (Jan Stancek) - thunderbolt: Fix Thunderbolt 3 display flickering issue on 2nd hot plug onwards (Desnes Nunes) [2233967] - Revert 'firmware: raspberrypi: Fix a leak in 'rpi_firmware_get()'' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Relax base protocol sanity checks on the protocol list' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Fix incorrect error propagation in scmi_voltage_descriptors_get' (Lenny Szubowicz) [2234390] - Revert 'pstore: Add priv field to pstore_record for backend specific use' (Lenny Szubowicz) [2234390] - Revert 'efi: vars: Don't drop lock in the middle of efivar_init()' (Lenny Szubowicz) [2234390] - Revert 'efi: vars: Add thin wrapper around EFI get/set variable interface' (Lenny Szubowicz) [2234390] - Revert 'efi: pstore: Omit efivars caching EFI varstore access layer' (Lenny Szubowicz) [2234390] - Revert 'efi: vars: Use locking version to iterate over efivars linked lists' (Lenny Szubowicz) [2234390] - Revert 'efi: vars: Drop __efivar_entry_iter() helper which is no longer used' (Lenny Szubowicz) [2234390] - Revert 'efi: vars: Remove deprecated 'efivars' sysfs interface' (Lenny Szubowicz) [2234390] - Revert 'efi: vars: Switch to new wrapper layer' (Lenny Szubowicz) [2234390] - Revert 'efi: avoid efivars layer when loading SSDTs from variables' (Lenny Szubowicz) [2234390] - Revert 'efi: vars: Move efivar caching layer into efivarfs' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Add SCMI v3.1 System Power extensions' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Add devm_protocol_acquire helper' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Add SCMI System Power Control driver' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Add SCMI v3.1 powercap protocol basic support' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Generalize the fast channel support' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Add SCMI v3.1 powercap fast channels support' (Lenny Szubowicz) [2234390] - Revert 'include: trace: Add SCMI fast channel tracing' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Use fast channel tracing' (Lenny Szubowicz) [2234390] - Revert 'efi: Fix efi_power_off() not being run before acpi_power_off() when necessary' (Lenny Szubowicz) [2234390] - Revert 'cpufreq: scmi: Use .register_em() to register with energy model' (Lenny Szubowicz) [2234390] - Revert 'cpufreq: scmi: Support the power scale in micro-Watts in SCMI v3.1' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Get detailed power scale from perf' (Lenny Szubowicz) [2234390] - Revert 'firmware: dmi: Use the proper accessor for the version field' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Fix missing kernel-doc in optee' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Improve checks in the info_get operations' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Harden accesses to the sensor domains' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Harden accesses to the reset domains' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Fix the asynchronous reset requests' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Add SCMI PM driver remove routine' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: Disable struct randomization' (Lenny Szubowicz) [2234390] - Revert 'efi/x86: libstub: remove unused variable' (Lenny Szubowicz) [2234390] - Revert 'efi: capsule-loader: Fix use-after-free in efi_capsule_write' (Lenny Szubowicz) [2234390] - Revert 'efi/libstub: add some missing EFI prototypes' (Lenny Szubowicz) [2234390] - Revert 'efi/libstub: use EFI provided memcpy/memset routines' (Lenny Szubowicz) [2234390] - Revert 'efi/libstub: move efi_system_table global var into separate object' (Lenny Szubowicz) [2234390] - Revert 'efi/dev-path-parser: Refactor _UID handling to use acpi_dev_uid_to_integer()' (Lenny Szubowicz) [2234390] - Revert 'efi/libstub: implement generic EFI zboot' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: fix type confusion for load_options_size' (Lenny Szubowicz) [2234390] - Revert 'efi: efibc: avoid efivar API for setting variables' (Lenny Szubowicz) [2234390] - Revert 'efi: efibc: Guard against allocation failure' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: drop pointless get_memory_map() call' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: check Shim mode using MokSBStateRT' (Lenny Szubowicz) [2234390] - Revert 'Revert 'firmware: arm_scmi: Add clock management to the SCMI power domain'' (Lenny Szubowicz) [2234390] - Revert 'firmware: dmi: Fortify entry point length checks' (Lenny Szubowicz) [2234390] - Revert 'psci: Fix the function type for psci_initcall_t' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: avoid efi_get_memory_map() for allocating the virt map' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: simplify efi_get_memory_map() and struct efi_boot_memmap' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: remove pointless goto kludge' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: unify initrd loading between architectures' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: remove DT dependency from generic stub' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: install boot-time memory map as config table' (Lenny Szubowicz) [2234390] - Revert 'efi/libstub: refactor the initrd measuring functions' (Lenny Szubowicz) [2234390] - Revert 'efi/libstub: measure EFI LoadOptions' (Lenny Szubowicz) [2234390] - Revert 'efi/arm: libstub: move ARM specific code out of generic routines' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: fix up the last remaining open coded boot service call' (Lenny Szubowicz) [2234390] - Revert 'efi: zboot: create MemoryMapped() device path for the parent if needed' (Lenny Szubowicz) [2234390] - Revert 'efi/arm64: libstub: avoid SetVirtualAddressMap() when possible' (Lenny Szubowicz) [2234390] - Revert 'firmware: raspberrypi: Use dev_err_probe() to simplify code' (Lenny Szubowicz) [2234390] - Revert 'efi: pstore: Follow convention for the efi-pstore backend name' (Lenny Szubowicz) [2234390] - Revert 'efi/cper: Export several helpers for ghes_edac to use' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: Remove zboot signing from build options' (Lenny Szubowicz) [2234390] - Revert 'efi: ssdt: Don't free memory if ACPI table was loaded successfully' (Lenny Szubowicz) [2234390] - Revert 'efi: efivars: Fix variable writes without query_variable_store()' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: Give efi_main() asmlinkage qualification' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: Fix incorrect payload size in zboot header' (Lenny Szubowicz) [2234390] - Revert 'efi: runtime: Don't assume virtual mappings are missing if VA == PA == 0' (Lenny Szubowicz) [2234390] - Revert 'firmware: imx: scu-pd: add missed USB_1_PHY pd' (Lenny Szubowicz) [2234390] - Revert 'efi: random: reduce seed size to 32 bytes' (Lenny Szubowicz) [2234390] - Revert 'efi: random: Use 'ACPI reclaim' memory for random seed' (Lenny Szubowicz) [2234390] - Revert 'firmware: raspberrypi: Introduce rpi_firmware_find_node()' (Lenny Szubowicz) [2234390] - Revert 'firmware: ti_sci: Switch transport to polled mode during system suspend' (Lenny Szubowicz) [2234390] - Revert 'firmware: ti_sci: Use the bitmap API to allocate bitmaps' (Lenny Szubowicz) [2234390] - Revert 'firmware: ti_sci: Use the non-atomic bitmap API when applicable' (Lenny Szubowicz) [2234390] - Revert 'firmware: ti_sci: Fix polled mode during system suspend' (Lenny Szubowicz) [2234390] - Revert 'efi: efivars: Fix variable writes with unsupported query_variable_store()' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Cleanup the core driver removal callback' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Suppress the driver's bind attributes' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Fix devres allocation device in virtio transport' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Fix deferred_tx_wq release on error paths' (Lenny Szubowicz) [2234390] - Revert 'firmware: ti_sci: Use devm_bitmap_zalloc when applicable' (Lenny Szubowicz) [2234390] - Revert 'ARM: 9255/1: efi/dump UEFI runtime page tables for ARM' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: Drop randomization of runtime memory map' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: Drop handling of EFI properties table' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: Deduplicate ftrace command line argument filtering' (Lenny Szubowicz) [2234390] - Revert 'arm64: efi: Move dcache cleaning of loaded image out of efi_enter_kernel()' (Lenny Szubowicz) [2234390] - Revert 'arm64: efi: Avoid dcache_clean_poc() altogether in efi_enter_kernel()' (Lenny Szubowicz) [2234390] - Revert 'arm64: efi: Move efi-entry.S into the libstub source directory' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: Use local strncmp() implementation unconditionally' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: Clone memcmp() into the stub' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: Enable efi_printk() in zboot decompressor' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: Move screen_info handling to common code' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: Provide local implementations of strrchr() and memchr()' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: Factor out EFI stub entrypoint into separate file' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: Add image code and data size to the zimage metadata' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: Factor out min alignment and preferred kernel load address' (Lenny Szubowicz) [2234390] - Revert 'efi/arm64: libstub: Split off kernel image relocation for builtin stub' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: Merge zboot decompressor with the ordinary stub' (Lenny Szubowicz) [2234390] - Revert 'arm64: unwind: add asynchronous unwind tables to kernel and modules' (Lenny Szubowicz) [2234390] - Revert 'arm64: efi: Force the use of SetVirtualAddressMap() on Altra machines' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: use EFI_LOADER_CODE region when moving the kernel in memory' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: Implement devicepath support for initrd commandline loader' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: Permit mixed mode return types other than efi_status_t' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: Add mixed mode support to command line initrd loader' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: Undeprecate the command line initrd loader' (Lenny Szubowicz) [2234390] - Revert 'efi: memmap: Move EFI fake memmap support into x86 arch tree' (Lenny Szubowicz) [2234390] - Revert 'efi: Correct comment on efi_memmap_alloc' (Lenny Szubowicz) [2234390] - Revert 'drivers: fix typo in firmware/efi/memmap.c' (Lenny Szubowicz) [2234390] - Revert 'efi: memmap: Move manipulation routines into x86 arch tree' (Lenny Szubowicz) [2234390] - Revert 'efi: pstore: Add module parameter for setting the record size' (Lenny Szubowicz) [2234390] - Revert 'efi: random: combine bootloader provided RNG seed with RNG protocol output' (Lenny Szubowicz) [2234390] - Revert 'firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe()' (Lenny Szubowicz) [2234390] - Revert 'efi: stub: use random seed from EFI variable' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: Always enable initrd command line loader and bump version' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_ffa: Move constants to header file' (Lenny Szubowicz) [2234390] - Revert 'efi: Put Linux specific magic number in the DOS header' (Lenny Szubowicz) [2234390] - Revert 'efi: fix NULL-deref in init error path' (Lenny Szubowicz) [2234390] - Revert 'efi: fix userspace infinite retry read efivars after EFI runtime services page fault' (Lenny Szubowicz) [2234390] - Revert 'firmware/sysfb: Fix EFI/VESA format selection' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Clear stale xfer->hdr.status' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Harden shared memory access in fetch_response' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Harden shared memory access in fetch_notification' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Fix virtio channels cleanup on shutdown' (Lenny Szubowicz) [2234390] - Revert 'efi/earlycon: Replace open coded strnchrnul()' (Lenny Szubowicz) [2234390] - Revert 'firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle' (Lenny Szubowicz) [2234390] - Revert 'efi: memmap: Disregard bogus entries instead of returning them' (Lenny Szubowicz) [2234390] - Revert 'efi: verify that variable services are supported' (Lenny Szubowicz) [2234390] - Revert 'efi: efivars: prevent double registration' (Lenny Szubowicz) [2234390] - Revert 'efi/libstub: Add memory attribute protocol definitions' (Lenny Szubowicz) [2234390] - Revert 'efi: Accept version 2 of memory attributes table' (Lenny Szubowicz) [2234390] - Revert 'efi: fix potential NULL deref in efi_mem_reserve_persistent' (Lenny Szubowicz) [2234390] - Revert 'efi: zboot: Use EFI protocol to remap code/data with the right attributes' (Lenny Szubowicz) [2234390] - Revert 'efi: Use standard format for printing the EFI revision' (Lenny Szubowicz) [2234390] - Revert 'efi: Discover BTI support in runtime services regions' (Lenny Szubowicz) [2234390] - Revert 'arm64: efi: Force the use of SetVirtualAddressMap() on eMAG and Altra Max machines' (Lenny Szubowicz) [2234390] - Revert 'efi/libstub: zboot: Mark zboot EFI application as NX compatible' (Lenny Szubowicz) [2234390] - Revert 'efi: earlycon: Reprobe after parsing config tables' (Lenny Szubowicz) [2234390] - Revert 'efi/libstub: smbios: Use length member instead of record struct size' (Lenny Szubowicz) [2234390] - Revert 'arm64: efi: Use SMBIOS processor version to key off Ampere quirk' (Lenny Szubowicz) [2234390] - Revert 'efi/libstub: smbios: Drop unused 'recsize' parameter' (Lenny Szubowicz) [2234390] - Revert 'efi: sysfb_efi: Fix DMI quirks not working for simpledrm' (Lenny Szubowicz) [2234390] - Revert 'efi/libstub: zboot: Add compressed image to make targets' (Lenny Szubowicz) [2234390] - Revert 'efi/libstub: randomalloc: Return EFI_OUT_OF_RESOURCES on failure' (Lenny Szubowicz) [2234390] - Revert 'efi: Bump stub image version for macOS HVF compatibility' (Lenny Szubowicz) [2234390] - Revert 'firmware/sysfb: Fix VESA format selection' (Lenny Szubowicz) [2234390] - Revert 'redhat/configs: update firmware configs' (Lenny Szubowicz) [2234390] - Revert 'ACPI: power: Switch to sys-off handler API' (Lenny Szubowicz) [2234390] - Revert 'gsmi: fix null-deref in gsmi_get_variable' (Lenny Szubowicz) [2234390] - Revert 'efi: efivars: drop kobject from efivars_register()' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: fix efi_load_initrd_dev_path() kernel-doc comment' (Lenny Szubowicz) [2234390] - Revert 'notifier: Add atomic_notifier_call_chain_is_empty()' (Lenny Szubowicz) [2234390] - Revert 'kernel/reboot: Wrap legacy power-off callbacks into sys-off handlers' (Lenny Szubowicz) [2234390] - Revert 'kernel/reboot: Add do_kernel_power_off()' (Lenny Szubowicz) [2234390] - Revert 'kernel/reboot: Add stub for pm_power_off' (Lenny Szubowicz) [2234390] - Revert 'kernel/reboot: Add kernel_can_power_off()' (Lenny Szubowicz) [2234390] - Revert 'kernel/reboot: Add register_platform_power_off()' (Lenny Szubowicz) [2234390] - Revert 'reboot: Remove pm_power_off_prepare()' (Lenny Szubowicz) [2234390] - Revert 'kernel/reboot: Change registration order of legacy power-off handler' (Lenny Szubowicz) [2234390] - Revert 'kernel/reboot: Use static handler for register_platform_power_off()' (Lenny Szubowicz) [2234390] - Revert 'kernel/reboot: Fix powering off using a non-syscall code paths' (Lenny Szubowicz) [2234390] - Revert 'PM: hibernate: Use kernel_can_power_off()' (Lenny Szubowicz) [2234390] - x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (Waiman Long) [2227917] - Documentation/hw-vuln: Document the interaction between IBRS and STIBP (Waiman Long) [2227917] - x86/CPU/AMD: Make sure EFER[AIBRSE] is set (Waiman Long) [2227917] - sched/core: Use empty mask to reset cpumasks in sched_setaffinity() (Waiman Long) [2219681] - cgroup/cpuset: Extend test_cpuset_prs.sh to test remote partition (Waiman Long) [2174568] - cgroup/cpuset: Documentation update for partition (Waiman Long) [2174568] - cgroup/cpuset: Check partition conflict with housekeeping setup (Waiman Long) [2174568] - cgroup/cpuset: Introduce remote partition (Waiman Long) [2174568] - cgroup/cpuset: Add cpuset.cpus.exclusive for v2 (Waiman Long) [2174568] - cgroup/cpuset: Add cpuset.cpus.exclusive.effective for v2 (Waiman Long) [2174568] - cgroup/cpuset: simplify the percpu kthreads check in update_tasks_cpumask() (Waiman Long) [2174568] - cgroup/cpuset: Allow suppression of sched domain rebuild in update_cpumasks_hier() (Waiman Long) [2174568] - cgroup/cpuset: Improve temporary cpumasks handling (Waiman Long) [2174568] - cgroup/cpuset: Extract out CS_CPU_EXCLUSIVE & CS_SCHED_LOAD_BALANCE handling (Waiman Long) [2174568] - cgroup/cpuset: Inherit parent's load balance state in v2 (Waiman Long) [2174568] - cgroup/cpuset: Free DL BW in case can_attach() fails (Waiman Long) [2174568] - sched/deadline: Create DL BW alloc, free & check overflow interface (Waiman Long) [2174568] - cgroup/cpuset: Iterate only if DEADLINE tasks are present (Waiman Long) [2174568] - sched/cpuset: Keep track of SCHED_DEADLINE task in cpusets (Waiman Long) [2174568] - sched/cpuset: Bring back cpuset_mutex (Waiman Long) [2174568] - cgroup/cpuset: Rename functions dealing with DEADLINE accounting (Waiman Long) [2174568] - cgroup/cpuset: Minor updates to test_cpuset_prs.sh (Waiman Long) [2174568] - cgroup/cpuset: Include offline CPUs when tasks' cpumasks in top_cpuset are updated (Waiman Long) [2174568] - cgroup/cpuset: Skip task update if hotplug doesn't affect current cpuset (Waiman Long) [2174568] - kselftest/cgroup: Add cleanup() to test_cpuset_prs.sh (Waiman Long) [2174568] - kselftest/cgroup: Fix gathering number of CPUs (Waiman Long) [2174568] - redhat: configs: Disable CONFIG_CRYPTO_STATS since performance issue for storage (Herbert Xu) [2227964] - redhat: list Z-Jiras in the changelog before Y-Jiras (Herton R. Krzesinski) [5.14.0-362] - smb: client: fix null auth (Scott Mayhew) [2223247] - ice: Fix NULL pointer deref during VF reset (Petr Oros) [2217304] - gfs2: conversion deadlock do_promote bypass (Bob Peterson) [2226861] - gfs2: do_promote cleanup (Andreas Gruenbacher) [2226861] - scsi: lpfc: Remove reftag check in DIF paths (Paul Ely) [2227947] - scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (Paul Ely) [2227947] - scsi: lpfc: Make fabric zone discovery more robust when handling unsolicited LOGO (Paul Ely) [2227947] - scsi: lpfc: Set Establish Image Pair service parameter only for Target Functions (Paul Ely) [2227947] - scsi: lpfc: Revise ndlp kref handling for dev_loss_tmo_callbk and lpfc_drop_node (Paul Ely) [2227947] - scsi: lpfc: Qualify ndlp discovery state when processing RSCN (Paul Ely) [2227947] - ext4: drop dio overwrite only flag and associated warning (Brian Foster) [2228056] - sched/core: Add __always_inline to schedule_loop() (Crystal Wood) [2232098] - net: openvswitch: add misc error drop reasons (Adrian Moreno) [2232283] - net: openvswitch: add meter drop reason (Adrian Moreno) [2232283] - net: openvswitch: add explicit drop action (Adrian Moreno) [2232283] - net: openvswitch: add action error drop reason (Adrian Moreno) [2232283] - net: openvswitch: add last-action drop reason (Adrian Moreno) [2232283] - net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free (Davide Caratti) [2225513] {CVE-2023-4128} - net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free (Davide Caratti) [2225513] {CVE-2023-4128} - net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free (Davide Caratti) [2225513] {CVE-2023-4128} - x86/kasan: Populate shadow for shared chunk of the CPU entry area (Rafael Aquini) [2233699] - x86/kasan: Add helpers to align shadow addresses up and down (Rafael Aquini) [2233699] - x86/kasan: Rename local CPU_ENTRY_AREA variables to shorten names (Rafael Aquini) [2233699] - x86/mm: Populate KASAN shadow for entire per-CPU range of CPU entry area (Rafael Aquini) [2233699] - x86/mm: Recompute physical address for every page of per-CPU CEA mapping (Rafael Aquini) [2233699] [5.14.0-361] - watch_queue: Free the page array when watch_queue is dismantled (Carlos Maiolino) [2231268] - watch_queue: Actually free the watch (Carlos Maiolino) [2231268] - Update tree for CI (kpet-db) to autosd-rt from autosd-rhivos-rt (bgrech) - x86/sev: Do not try to parse for the CC blob on non-AMD hardware (Tao Liu) [2182562] - gfs2: Fix freeze consistency check in gfs2_trans_add_meta (Andreas Gruenbacher) [2228849] - gfs2: gfs2_freeze_lock_shared cleanup (Andreas Gruenbacher) [2228849] - gfs2: Replace sd_freeze_state with SDF_FROZEN flag (Andreas Gruenbacher) [2228849] - gfs2: Rework freeze / thaw logic (Andreas Gruenbacher) [2228849] - gfs2: Rename SDF_{FS_FROZEN => FREEZE_INITIATOR} (Andreas Gruenbacher) [2228849] - gfs2: Reconfiguring frozen filesystem already rejected (Andreas Gruenbacher) [2228849] - gfs2: Rename gfs2_freeze_lock{ => _shared } (Andreas Gruenbacher) [2228849] - gfs2: Rename the {freeze,thaw}_super callbacks (Andreas Gruenbacher) [2228849] - gfs2: Rename remaining 'transaction' glock references (Andreas Gruenbacher) [2228849] - net: mana: Use the correct WQE count for ringing RQ doorbell (Bandan Das) [2220940] - net: mana: Batch ringing RX queue doorbell on receiving packets (Bandan Das) [2220940] - net: mana: use vmalloc_array and vcalloc (Bandan Das) [2220940] - net: mana: Add support for vlan tagging (Bandan Das) [2220940] - net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters (Bandan Das) [2220940] - net: mana: Check if netdev/napi_alloc_frag returns single page (Bandan Das) [2220940] - net: mana: Rename mana_refill_rxoob and remove some empty lines (Bandan Das) [2220940] - net: mana: Add support for jumbo frame (Bandan Das) [2220940] - net: mana: Enable RX path to handle various MTU sizes (Bandan Das) [2220940] - net: mana: Refactor RX buffer allocation code to prepare for various MTU (Bandan Das) [2220940] - net: mana: Use napi_build_skb in RX path (Bandan Das) [2220940] - net: mana: Remove redundant pci_clear_master (Bandan Das) [2220940] - net: mana: Add new MANA VF performance counters for easier troubleshooting (Bandan Das) [2220940] [5.14.0-360] - PM: hibernate: Use kernel_can_power_off() (Sebastian Ott) [2183343] - kernel/reboot: Fix powering off using a non-syscall code paths (Sebastian Ott) [2183343] - kernel/reboot: Use static handler for register_platform_power_off() (Sebastian Ott) [2183343] - kernel/reboot: Change registration order of legacy power-off handler (Sebastian Ott) [2183343] - reboot: Remove pm_power_off_prepare() (Sebastian Ott) [2183343] - kernel/reboot: Add register_platform_power_off() (Sebastian Ott) [2183343] - kernel/reboot: Add kernel_can_power_off() (Sebastian Ott) [2183343] - kernel/reboot: Add stub for pm_power_off (Sebastian Ott) [2183343] - kernel/reboot: Add do_kernel_power_off() (Sebastian Ott) [2183343] - kernel/reboot: Wrap legacy power-off callbacks into sys-off handlers (Sebastian Ott) [2183343] - notifier: Add atomic_notifier_call_chain_is_empty() (Sebastian Ott) [2183343] - efi: libstub: fix efi_load_initrd_dev_path() kernel-doc comment (Sebastian Ott) [2183343] - efi: efivars: drop kobject from efivars_register() (Sebastian Ott) [2183343] - gsmi: fix null-deref in gsmi_get_variable (Sebastian Ott) [2183343] - ACPI: power: Switch to sys-off handler API (Sebastian Ott) [2183343] - redhat/configs: update firmware configs (Sebastian Ott) [2183343] - firmware/sysfb: Fix VESA format selection (Sebastian Ott) [2183343] - efi: Bump stub image version for macOS HVF compatibility (Sebastian Ott) [2183343] - efi/libstub: randomalloc: Return EFI_OUT_OF_RESOURCES on failure (Sebastian Ott) [2183343] - efi/libstub: zboot: Add compressed image to make targets (Sebastian Ott) [2183343] - efi: sysfb_efi: Fix DMI quirks not working for simpledrm (Sebastian Ott) [2183343] - efi/libstub: smbios: Drop unused 'recsize' parameter (Sebastian Ott) [2183343] - arm64: efi: Use SMBIOS processor version to key off Ampere quirk (Sebastian Ott) [2183343] - efi/libstub: smbios: Use length member instead of record struct size (Sebastian Ott) [2183343] - efi: earlycon: Reprobe after parsing config tables (Sebastian Ott) [2183343] - efi/libstub: zboot: Mark zboot EFI application as NX compatible (Sebastian Ott) [2183343] - arm64: efi: Force the use of SetVirtualAddressMap() on eMAG and Altra Max machines (Sebastian Ott) [2183343] - efi: Discover BTI support in runtime services regions (Sebastian Ott) [2183343] - efi: Use standard format for printing the EFI revision (Sebastian Ott) [2183343] - efi: zboot: Use EFI protocol to remap code/data with the right attributes (Sebastian Ott) [2183343] - efi: fix potential NULL deref in efi_mem_reserve_persistent (Sebastian Ott) [2183343] - efi: Accept version 2 of memory attributes table (Sebastian Ott) [2183343] - efi/libstub: Add memory attribute protocol definitions (Sebastian Ott) [2183343] - efi: efivars: prevent double registration (Sebastian Ott) [2183343] - efi: verify that variable services are supported (Sebastian Ott) [2183343] - efi: memmap: Disregard bogus entries instead of returning them (Sebastian Ott) [2183343] - firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle (Sebastian Ott) [2183343] - efi/earlycon: Replace open coded strnchrnul() (Sebastian Ott) [2183343] - firmware: arm_scmi: Fix virtio channels cleanup on shutdown (Sebastian Ott) [2183343] - firmware: arm_scmi: Harden shared memory access in fetch_notification (Sebastian Ott) [2183343] - firmware: arm_scmi: Harden shared memory access in fetch_response (Sebastian Ott) [2183343] - firmware: arm_scmi: Clear stale xfer->hdr.status (Sebastian Ott) [2183343] - firmware/sysfb: Fix EFI/VESA format selection (Sebastian Ott) [2183343] - efi: fix userspace infinite retry read efivars after EFI runtime services page fault (Sebastian Ott) [2183343] - efi: fix NULL-deref in init error path (Sebastian Ott) [2183343] - efi: Put Linux specific magic number in the DOS header (Sebastian Ott) [2183343] - firmware: arm_ffa: Move constants to header file (Sebastian Ott) [2183343] - efi: libstub: Always enable initrd command line loader and bump version (Sebastian Ott) [2183343] - efi: stub: use random seed from EFI variable (Sebastian Ott) [2183343] - firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() (Sebastian Ott) [2183343] - efi: random: combine bootloader provided RNG seed with RNG protocol output (Sebastian Ott) [2183343] - efi: pstore: Add module parameter for setting the record size (Sebastian Ott) [2183343] - efi: memmap: Move manipulation routines into x86 arch tree (Sebastian Ott) [2183343] - drivers: fix typo in firmware/efi/memmap.c (Sebastian Ott) [2183343] - efi: Correct comment on efi_memmap_alloc (Sebastian Ott) [2183343] - efi: memmap: Move EFI fake memmap support into x86 arch tree (Sebastian Ott) [2183343] - efi: libstub: Undeprecate the command line initrd loader (Sebastian Ott) [2183343] - efi: libstub: Add mixed mode support to command line initrd loader (Sebastian Ott) [2183343] - efi: libstub: Permit mixed mode return types other than efi_status_t (Sebastian Ott) [2183343] - efi: libstub: Implement devicepath support for initrd commandline loader (Sebastian Ott) [2183343] - efi: libstub: use EFI_LOADER_CODE region when moving the kernel in memory (Sebastian Ott) [2183343] - arm64: efi: Force the use of SetVirtualAddressMap() on Altra machines (Sebastian Ott) [2183343] - arm64: unwind: add asynchronous unwind tables to kernel and modules (Sebastian Ott) [2183343] - efi: libstub: Merge zboot decompressor with the ordinary stub (Sebastian Ott) [2183343] - efi/arm64: libstub: Split off kernel image relocation for builtin stub (Sebastian Ott) [2183343] - efi: libstub: Factor out min alignment and preferred kernel load address (Sebastian Ott) [2183343] - efi: libstub: Add image code and data size to the zimage metadata (Sebastian Ott) [2183343] - efi: libstub: Factor out EFI stub entrypoint into separate file (Sebastian Ott) [2183343] - efi: libstub: Provide local implementations of strrchr() and memchr() (Sebastian Ott) [2183343] - efi: libstub: Move screen_info handling to common code (Sebastian Ott) [2183343] - efi: libstub: Enable efi_printk() in zboot decompressor (Sebastian Ott) [2183343] - efi: libstub: Clone memcmp() into the stub (Sebastian Ott) [2183343] - efi: libstub: Use local strncmp() implementation unconditionally (Sebastian Ott) [2183343] - arm64: efi: Move efi-entry.S into the libstub source directory (Sebastian Ott) [2183343] - arm64: efi: Avoid dcache_clean_poc() altogether in efi_enter_kernel() (Sebastian Ott) [2183343] - arm64: efi: Move dcache cleaning of loaded image out of efi_enter_kernel() (Sebastian Ott) [2183343] - efi: libstub: Deduplicate ftrace command line argument filtering (Sebastian Ott) [2183343] - efi: libstub: Drop handling of EFI properties table (Sebastian Ott) [2183343] - efi: libstub: Drop randomization of runtime memory map (Sebastian Ott) [2183343] - ARM: 9255/1: efi/dump UEFI runtime page tables for ARM (Sebastian Ott) [2183343] - firmware: ti_sci: Use devm_bitmap_zalloc when applicable (Sebastian Ott) [2183343] - firmware: arm_scmi: Fix deferred_tx_wq release on error paths (Sebastian Ott) [2183343] - firmware: arm_scmi: Fix devres allocation device in virtio transport (Sebastian Ott) [2183343] - firmware: arm_scmi: Suppress the driver's bind attributes (Sebastian Ott) [2183343] - firmware: arm_scmi: Cleanup the core driver removal callback (Sebastian Ott) [2183343] - efi: efivars: Fix variable writes with unsupported query_variable_store() (Sebastian Ott) [2183343] - firmware: ti_sci: Fix polled mode during system suspend (Sebastian Ott) [2183343] - firmware: ti_sci: Use the non-atomic bitmap API when applicable (Sebastian Ott) [2183343] - firmware: ti_sci: Use the bitmap API to allocate bitmaps (Sebastian Ott) [2183343] - firmware: ti_sci: Switch transport to polled mode during system suspend (Sebastian Ott) [2183343] - firmware: raspberrypi: Introduce rpi_firmware_find_node() (Sebastian Ott) [2183343] - efi: random: Use 'ACPI reclaim' memory for random seed (Sebastian Ott) [2183343] - efi: random: reduce seed size to 32 bytes (Sebastian Ott) [2183343] - firmware: imx: scu-pd: add missed USB_1_PHY pd (Sebastian Ott) [2183343] - efi: runtime: Don't assume virtual mappings are missing if VA == PA == 0 (Sebastian Ott) [2183343] - efi: libstub: Fix incorrect payload size in zboot header (Sebastian Ott) [2183343] - efi: libstub: Give efi_main() asmlinkage qualification (Sebastian Ott) [2183343] - efi: efivars: Fix variable writes without query_variable_store() (Sebastian Ott) [2183343] - efi: ssdt: Don't free memory if ACPI table was loaded successfully (Sebastian Ott) [2183343] - efi: libstub: Remove zboot signing from build options (Sebastian Ott) [2183343] - efi/cper: Export several helpers for ghes_edac to use (Sebastian Ott) [2183343] - efi: pstore: Follow convention for the efi-pstore backend name (Sebastian Ott) [2183343] - firmware: raspberrypi: Use dev_err_probe() to simplify code (Sebastian Ott) [2183343] - efi/arm64: libstub: avoid SetVirtualAddressMap() when possible (Sebastian Ott) [2183343] - efi: zboot: create MemoryMapped() device path for the parent if needed (Sebastian Ott) [2183343] - efi: libstub: fix up the last remaining open coded boot service call (Sebastian Ott) [2183343] - efi/arm: libstub: move ARM specific code out of generic routines (Sebastian Ott) [2183343] - efi/libstub: measure EFI LoadOptions (Sebastian Ott) [2183343] - efi/libstub: refactor the initrd measuring functions (Sebastian Ott) [2183343] - efi: libstub: install boot-time memory map as config table (Sebastian Ott) [2183343] - efi: libstub: remove DT dependency from generic stub (Sebastian Ott) [2183343] - efi: libstub: unify initrd loading between architectures (Sebastian Ott) [2183343] - efi: libstub: remove pointless goto kludge (Sebastian Ott) [2183343] - efi: libstub: simplify efi_get_memory_map() and struct efi_boot_memmap (Sebastian Ott) [2183343] - efi: libstub: avoid efi_get_memory_map() for allocating the virt map (Sebastian Ott) [2183343] - psci: Fix the function type for psci_initcall_t (Sebastian Ott) [2183343] - firmware: dmi: Fortify entry point length checks (Sebastian Ott) [2183343] - Revert 'firmware: arm_scmi: Add clock management to the SCMI power domain' (Sebastian Ott) [2183343] - efi: libstub: check Shim mode using MokSBStateRT (Sebastian Ott) [2183343] - efi: libstub: drop pointless get_memory_map() call (Sebastian Ott) [2183343] - efi: efibc: Guard against allocation failure (Sebastian Ott) [2183343] - efi: efibc: avoid efivar API for setting variables (Sebastian Ott) [2183343] - efi: libstub: fix type confusion for load_options_size (Sebastian Ott) [2183343] - efi/libstub: implement generic EFI zboot (Sebastian Ott) [2183343] - efi/dev-path-parser: Refactor _UID handling to use acpi_dev_uid_to_integer() (Sebastian Ott) [2183343] - efi/libstub: move efi_system_table global var into separate object (Sebastian Ott) [2183343] - efi/libstub: use EFI provided memcpy/memset routines (Sebastian Ott) [2183343] - efi/libstub: add some missing EFI prototypes (Sebastian Ott) [2183343] - efi: capsule-loader: Fix use-after-free in efi_capsule_write (Sebastian Ott) [2183343] - efi/x86: libstub: remove unused variable (Sebastian Ott) [2183343] - efi: libstub: Disable struct randomization (Sebastian Ott) [2183343] - firmware: arm_scmi: Add SCMI PM driver remove routine (Sebastian Ott) [2183343] - firmware: arm_scmi: Fix the asynchronous reset requests (Sebastian Ott) [2183343] - firmware: arm_scmi: Harden accesses to the reset domains (Sebastian Ott) [2183343] - firmware: arm_scmi: Harden accesses to the sensor domains (Sebastian Ott) [2183343] - firmware: arm_scmi: Improve checks in the info_get operations (Sebastian Ott) [2183343] - firmware: arm_scmi: Fix missing kernel-doc in optee (Sebastian Ott) [2183343] - firmware: dmi: Use the proper accessor for the version field (Sebastian Ott) [2183343] - firmware: arm_scmi: Get detailed power scale from perf (Sebastian Ott) [2183343] - cpufreq: scmi: Support the power scale in micro-Watts in SCMI v3.1 (Sebastian Ott) [2183343] - cpufreq: scmi: Use .register_em() to register with energy model (Sebastian Ott) [2183343] - efi: Fix efi_power_off() not being run before acpi_power_off() when necessary (Sebastian Ott) [2183343] - firmware: arm_scmi: Use fast channel tracing (Sebastian Ott) [2183343] - include: trace: Add SCMI fast channel tracing (Sebastian Ott) [2183343] - firmware: arm_scmi: Add SCMI v3.1 powercap fast channels support (Sebastian Ott) [2183343] - firmware: arm_scmi: Generalize the fast channel support (Sebastian Ott) [2183343] - firmware: arm_scmi: Add SCMI v3.1 powercap protocol basic support (Sebastian Ott) [2183343] - firmware: arm_scmi: Add SCMI System Power Control driver (Sebastian Ott) [2183343] - firmware: arm_scmi: Add devm_protocol_acquire helper (Sebastian Ott) [2183343] - firmware: arm_scmi: Add SCMI v3.1 System Power extensions (Sebastian Ott) [2183343] - firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (Sebastian Ott) [2183343] - efi: vars: Move efivar caching layer into efivarfs (Sebastian Ott) [2183343] - efi: avoid efivars layer when loading SSDTs from variables (Sebastian Ott) [2183343] - efi: vars: Switch to new wrapper layer (Sebastian Ott) [2183343] - efi: vars: Remove deprecated 'efivars' sysfs interface (Sebastian Ott) [2183343] - efi: vars: Drop __efivar_entry_iter() helper which is no longer used (Sebastian Ott) [2183343] - efi: vars: Use locking version to iterate over efivars linked lists (Sebastian Ott) [2183343] - efi: pstore: Omit efivars caching EFI varstore access layer (Sebastian Ott) [2183343] - efi: vars: Add thin wrapper around EFI get/set variable interface (Sebastian Ott) [2183343] - efi: vars: Don't drop lock in the middle of efivar_init() (Sebastian Ott) [2183343] - pstore: Add priv field to pstore_record for backend specific use (Sebastian Ott) [2183343] - firmware: arm_scmi: Fix incorrect error propagation in scmi_voltage_descriptors_get (Sebastian Ott) [2183343] - firmware: arm_scmi: Relax base protocol sanity checks on the protocol list (Sebastian Ott) [2183343] - firmware: raspberrypi: Fix a leak in 'rpi_firmware_get()' (Sebastian Ott) [2183343] - redhat: stop tainting the kernel with virtio-mem (David Hildenbrand) [2228379] - x86/mm: Ease W^X enforcement back to just a warning (Ani Sinha) [2228318] - x86/mm: Disable W^X detection and enforcement on 32-bit (Ani Sinha) [2228318] - x86/mm/32: Fix W^X detection when page tables do not support NX (Ani Sinha) [2228318] - drm/nouveau/nvkm/dp: Add workaround to fix DP 1.3+ DPCD issues (Karol Herbst) [2229988] - redhat/configs: enable CONFIG_INET_DIAG_DESTROY (Andrea Claudi) [RHEL-212] - KVM: VMX: Don't fudge CR0 and CR4 for restricted L2 guest (Maxim Levitsky) [2225079] - KVM: x86: Disallow KVM_SET_SREGS{2} if incoming CR0 is invalid (Maxim Levitsky) [2225079] - KVM: Grab a reference to KVM for VM and vCPU stats file descriptors (Maxim Levitsky) [2225079] - Revert 'KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid' (Maxim Levitsky) [2225079] - KVM: x86: Acquire SRCU read lock when handling fastpath MSR writes (Maxim Levitsky) [2225079] - KVM: x86/irq: Conditionally register IRQ bypass consumer again (Maxim Levitsky) [2225079] - KVM: X86: Use GFP_KERNEL_ACCOUNT for pid_table in ipiv (Maxim Levitsky) [2225079] - KVM: x86: check the kvm_cpu_get_interrupt result before using it (Maxim Levitsky) [2225079] - KVM: x86: VMX: set irr_pending in kvm_apic_update_irr (Maxim Levitsky) [2225079] - KVM: x86: VMX: __kvm_apic_update_irr must update the IRR atomically (Maxim Levitsky) [2225079] - KVM: SVM: WARN, but continue, if misc_cg_set_capacity() fails (Maxim Levitsky) [2225079] - KVM: x86/cpuid: Add AMD CPUID ExtPerfMonAndDbg leaf 0x80000022 (Maxim Levitsky) [2225079] - KVM: x86/svm/pmu: Add AMD PerfMonV2 support (Maxim Levitsky) [2225079] - KVM: x86/cpuid: Add a KVM-only leaf to redirect AMD PerfMonV2 flag (Maxim Levitsky) [2225079] - KVM: x86/pmu: Constrain the num of guest counters with kvm_pmu_cap (Maxim Levitsky) [2225079] - KVM: x86/pmu: Advertise PERFCTR_CORE iff the min nr of counters is met (Maxim Levitsky) [2225079] - KVM: x86/pmu: Disable vPMU if the minimum num of counters isn't met (Maxim Levitsky) [2225079] - KVM: x86: Explicitly zero cpuid '0xa' leaf when PMU is disabled (Maxim Levitsky) [2225079] - KVM: x86/pmu: Provide Intel PMU's pmc_is_enabled() as generic x86 code (Maxim Levitsky) [2225079] - KVM: x86/pmu: Move handling PERF_GLOBAL_CTRL and friends to common x86 (Maxim Levitsky) [2225079] - KVM: x86/pmu: Reject userspace attempts to set reserved GLOBAL_STATUS bits (Maxim Levitsky) [2225079] - KVM: x86/pmu: Move reprogram_counters() to pmu.h (Maxim Levitsky) [2225079] - KVM: x86/pmu: Rename global_ovf_ctrl_mask to global_status_mask (Maxim Levitsky) [2225079] - KVM: SVM: enhance info printk's in SEV init (Maxim Levitsky) [2225079] - KVM: selftests: Add test for race in kvm_recalculate_apic_map() (Maxim Levitsky) [2225079] - KVM: x86: Bail from kvm_recalculate_phys_map() if x2APIC ID is out-of-bounds (Maxim Levitsky) [2225079] - KVM: SVM: Invoke trace_kvm_exit() for fastpath VM-Exits (Maxim Levitsky) [2225079] - KVM: x86: Account fastpath-only VM-Exits in vCPU stats (Maxim Levitsky) [2225079] - KVM: SVM: vNMI pending bit is V_NMI_PENDING_MASK not V_NMI_BLOCKING_MASK (Maxim Levitsky) [2225079] - KVM: x86/mmu: Grab memslot for correct address space in NX recovery worker (Maxim Levitsky) [2225079] - KVM: VMX: Inject #GP, not #UD, if SGX2 ENCLS leafs are unsupported (Maxim Levitsky) [2225079] - KVM: VMX: Inject #GP on ENCLS if vCPU has paging disabled (CR0.PG==0) (Maxim Levitsky) [2225079] - KVM: VMX: restore vmx_vmexit alignment (Maxim Levitsky) [2225079] - KVM: Don't kfree(NULL) on kzalloc() failure in kvm_assign_ioeventfd_idx() (Maxim Levitsky) [2225079] - KVM: SVM: Remove TSS reloading code after VMEXIT (Maxim Levitsky) [2225079] - KVM: Clean up kvm_vm_ioctl_create_vcpu() (Maxim Levitsky) [2225079] - KVM: allow KVM_BUG/KVM_BUG_ON to handle 64-bit cond (Maxim Levitsky) [2225079] - KVM: VMX: Use proper accessor to read guest CR4 in handle_desc() (Maxim Levitsky) [2225079] - KVM: VMX: Treat UMIP as emulated if and only if the host doesn't have UMIP (Maxim Levitsky) [2225079] - KVM: VMX: add MSR_IA32_TSX_CTRL into msrs_to_save (Maxim Levitsky) [2225079] - KVM: x86: Don't adjust guest's CPUID.0x12.1 (allowed SGX enclave XFRM) (Maxim Levitsky) [2225079] - KVM: VMX: Don't rely _only_ on CPUID to enforce XCR0 restrictions for ECREATE (Maxim Levitsky) [2225079] - KVM: VMX: Fix header file dependency of asm/vmx.h (Maxim Levitsky) [2225079] - KVM: x86: Filter out XTILE_CFG if XTILE_DATA isn't permitted (Maxim Levitsky) [2225079] - KVM: x86: Add a helper to handle filtering of unpermitted XCR0 features (Maxim Levitsky) [2225079] - KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted (Maxim Levitsky) [2225079] - KVM: x86/pmu: Prevent the PMU from counting disallowed events (Maxim Levitsky) [2225079] - KVM: x86/pmu: Rewrite reprogram_counters() to improve performance (Maxim Levitsky) [2225079] - KVM: VMX: Refactor intel_pmu_{g,}set_msr() to align with other helpers (Maxim Levitsky) [2225079] - KVM: x86/pmu: Rename pmc_is_enabled() to pmc_is_globally_enabled() (Maxim Levitsky) [2225079] - KVM: x86/pmu: Disallow legacy LBRs if architectural LBRs are available (Maxim Levitsky) [2225079] - KVM: x86/pmu: Zero out pmu->all_valid_pmc_idx each time it's refreshed (Maxim Levitsky) [2225079] - KVM: VMX: Use is_64_bit_mode() to check 64-bit mode in SGX handler (Maxim Levitsky) [2225079] - KVM: x86: Assert that the emulator doesn't load CS with garbage in !RM (Maxim Levitsky) [2225079] - KVM: nSVM: Implement support for nested VNMI (Maxim Levitsky) [2225079] - KVM: x86: Add support for SVM's Virtual NMI (Maxim Levitsky) [2225079] - KVM: x86: Route pending NMIs from userspace through process_nmi() (Maxim Levitsky) [2225079] - KVM: SVM: Add definitions for new bits in VMCB::int_ctrl related to vNMI (Maxim Levitsky) [2225079] - x86/cpufeatures: Redefine synthetic virtual NMI bit as AMD's 'real' vNMI (Maxim Levitsky) [2225079] - KVM: x86: Save/restore all NMIs when multiple NMIs are pending (Maxim Levitsky) [2225079] - KVM: x86: Tweak the code and comment related to handling concurrent NMIs (Maxim Levitsky) [2225079] - KVM: x86: Raise an event request when processing NMIs if an NMI is pending (Maxim Levitsky) [2225079] - KVM: SVM: add wrappers to enable/disable IRET interception (Maxim Levitsky) [2225079] - KVM: nSVM: Raise event on nested VM exit if L1 doesn't intercept IRQs (Maxim Levitsky) [2225079] - KVM: nSVM: Disable intercept of VINTR if saved L1 host RFLAGS.IF is 0 (Maxim Levitsky) [2225079] - KVM: nSVM: Don't sync vmcb02 V_IRQ back to vmcb12 if KVM (L0) is intercepting VINTR (Maxim Levitsky) [2225079] - KVM: x86: Use boolean return value for is_{pae,pse,paging}() (Maxim Levitsky) [2225079] - KVM: SVM: Fix benign 'bool vs. int' comparison in svm_set_cr0() (Maxim Levitsky) [2225079] - KVM: PPC: Make KVM_CAP_IRQFD_RESAMPLE platform dependent (Maxim Levitsky) [2225079] - KVM: Ensure lockdep knows about kvm->lock vs. vcpu->mutex ordering rule (Maxim Levitsky) [2225079] - KVM: selftests: Build access_tracking_perf_test for arm64 (Maxim Levitsky) [2225079] - virtio-pci: Fix legacy device flag setting error in probe (Cindy Lu) [RHEL-814] - vdpa/mlx5: Fix crash on shutdown for when no ndev exists (Cindy Lu) [RHEL-814] - vdpa/mlx5: Delete control vq iotlb in destroy_mr only when necessary (Cindy Lu) [RHEL-814] - vdpa/mlx5: Fix mr->initialized semantics (Cindy Lu) [RHEL-814] [5.14.0-359] - vxlan: fix GRO with VXLAN-GPE (Jiri Benc) [2209627] - vxlan: generalize vxlan_parse_gpe_hdr and remove unused args (Jiri Benc) [2209627] - vxlan: calculate correct header length for GPE (Jiri Benc) [2209627] - redhat/configs: turn on the framework for SPI NOR for ARM (Steve Best) [2223027] - dm cache policy smq: ensure IO doesn't prevent cleaner policy progress (Benjamin Marzinski) [2159623] - selftests: mptcp: join: fix 'implicit EP' test (Andrea Claudi) [2109139] - selftests: mptcp: join: fix 'delete and re-add' test (Andrea Claudi) [2109139] - net: tap_open(): set sk_uid from current_fsuid() (Laszlo Ersek) [2229506] {CVE-2023-4194} - net: tun_chr_open(): set sk_uid from current_fsuid() (Laszlo Ersek) [2229506] {CVE-2023-4194} - scsi: storvsc: Remove errant duplicate code (Cathy Avery) [2224931] - scsi: storvsc: Limit max_sectors for virtual Fibre Channel devices (Cathy Avery) [2224931] - net/mlx5: Register a unique thermal zone per device (Mohammad Kabat) [2210257] - net/mlx5: Implement thermal zone (Mohammad Kabat) [2210257] - redhat/configs: enable Tegra114 SPI controller (Mark Salter) [2232430] - redhat: add IMA certificates (Coiby Xu) [1870705] - locking: 9.3 KRTS JiraReadiness exercise (John B. Wyatt IV) [RHEL-981] [5.14.0-358] - KVM: SEV: remove ghcb variable declarations (Vitaly Kuznetsov) [2213808] - KVM: SEV: only access GHCB fields once (Vitaly Kuznetsov) [2213808] {CVE-2023-4155} - KVM: SEV: snapshot the GHCB before accessing it (Vitaly Kuznetsov) [2213808] {CVE-2023-4155} - usb: typec: ucsi: Mark dGPUs as DEVICE scope (Desnes Nunes) [2222462] - i2c: designware-pci: Switch to use i2c_new_ccgx_ucsi() (Desnes Nunes) [2222462] - i2c: nvidia-gpu: Convert to use dev_err_probe() (Desnes Nunes) [2222462] - i2c: nvidia-gpu: Use temporary variable for struct device (Desnes Nunes) [2222462] - i2c: nvidia-gpu: Switch to use i2c_new_ccgx_ucsi() (Desnes Nunes) [2222462] - i2c: Introduce common module to instantiate CCGx UCSI (Desnes Nunes) [2222462] - power: supply: Fix logic checking if system is running from battery (Desnes Nunes) [2222462] - hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition (Chris von Recklinghausen) [2184581] {CVE-2023-1855} - netfilter: nf_tables: unbind non-anonymous set if rule construction fails (Phil Sutter) [2213271] {CVE-2023-3390} - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (Phil Sutter) [2213271] {CVE-2023-3390} - netfilter: nf_tables: fix chain binding transaction logic (Phil Sutter) [2213271] {CVE-2023-3390} - netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE (Phil Sutter) [2213271] {CVE-2023-3390} - wifi: rtw88: unlock on error path in rtw_ops_add_interface() (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: check only affected links (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: send time sync only if needed (Inigo Huguet) [2196821] - wifi: clean up erroneously introduced file (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: Handle return value for iwl_mvm_sta_init (Inigo Huguet) [2196821] - wifi: rtw88: delete timer and free skb queue when unloading (Inigo Huguet) [2196821] - wifi: cfg80211: Fix return value in scan logic (Inigo Huguet) [2196821] - Revert 'wifi: ath11k: Enable threaded NAPI' (Inigo Huguet) [2196821] - wifi: cfg80211: fix receiving mesh packets without RFC1042 header (Inigo Huguet) [2196821] - wifi: mt76: mt7921e: fix init command fail with enabled device (Inigo Huguet) [2196821] - wifi: ath9k: convert msecs to jiffies where needed (Inigo Huguet) [2196821] - wifi: ath11k: Add missing check for ioremap (Inigo Huguet) [2196821] - wifi: ath11k: fix memory leak in WMI firmware stats (Inigo Huguet) [2196821] - wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() (Inigo Huguet) [2196821] - wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: avoid baid size integer overflow (Inigo Huguet) [2196821] - wifi: rtw88: process VO packets without workqueue to avoid PTK rekey failed (Inigo Huguet) [2196821] - wifi: rtw88: Fix action frame transmission fail before association (Inigo Huguet) [2196821] - wifi: iwlwifi: add a few rate index validity checks (Inigo Huguet) [2196821] - wifi: iwlwifi: Validate slots_num before allocating memory (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: Validate tid is in valid range before using it (Inigo Huguet) [2196821] - wifi: iwlwifi: pcie: fix NULL pointer dereference in iwl_pcie_irq_rx_msix_handler() (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: check link during TX (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: add a NULL pointer check (Inigo Huguet) [2196821] - wifi: iwlwifi: pull from TXQs with softirqs disabled (Inigo Huguet) [2196821] - wifi: iwlwifi: Correctly indicate support for VHT TX STBC (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: Add NULL check before dereferencing the pointer (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: fix potential array out of bounds access (Inigo Huguet) [2196821] - wifi: rtw88: add missing unwind goto for __rtw_download_firmware() (Inigo Huguet) [2196821] - wifi: iwlwifi: disable RX STBC when a device doesn't support it (Inigo Huguet) [2196821] - wifi: iwlwifi: don't silently ignore missing suspend or resume ops (Inigo Huguet) [2196821] - wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx (Inigo Huguet) [2196821] - wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation (Inigo Huguet) [2196821] - wifi: rtw89: pci: fix interrupt enable mask for HALT C2H of RTL8851B (Inigo Huguet) [2196821] - wifi: rtw89: fix rtw89_read_chip_ver() for RTL8852B and RTL8851B (Inigo Huguet) [2196821] - wifi: rtw88: fix incorrect error codes in rtw_debugfs_set_* (Inigo Huguet) [2196821] - wifi: rtw88: fix incorrect error codes in rtw_debugfs_copy_from_user (Inigo Huguet) [2196821] - wifi: mac80211: report all unusable beacon frames (Inigo Huguet) [2196821] - wifi: iwlwifi: pcie: Handle SO-F device for PCI id 0x7AF0 (Inigo Huguet) [2196821] - config: wifi: debug configs for ath11k, brcm80211 and iwlwifi (Inigo Huguet) [2196821] - config: wifi: set RTL8821CS, RTL8822BS and RTL8822CS as disabled (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: spin_lock_bh() to fix lockdep regression (Inigo Huguet) [2196821] - wifi: mac80211: fragment per STA profile correctly (Inigo Huguet) [2196821] - wifi: mac80211: Use active_links instead of valid_links in Tx (Inigo Huguet) [2196821] - wifi: cfg80211: remove links only on AP (Inigo Huguet) [2196821] - wifi: mac80211: take lock before setting vif links (Inigo Huguet) [2196821] - wifi: cfg80211: fix link del callback to call correct handler (Inigo Huguet) [2196821] - wifi: mac80211: fix link activation settings order (Inigo Huguet) [2196821] - wifi: cfg80211: fix double lock bug in reg_wdev_chan_valid() (Inigo Huguet) [2196821] - wifi: cfg80211: fix locking in regulatory disconnect (Inigo Huguet) [2196821] - wifi: cfg80211: fix locking in sched scan stop work (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: Fix -Warray-bounds bug in iwl_mvm_wait_d3_notif() (Inigo Huguet) [2196821] - wifi: mac80211: fix switch count in EMA beacons (Inigo Huguet) [2196821] - wifi: mac80211: don't translate beacon/presp addrs (Inigo Huguet) [2196821] - wifi: mac80211: mlme: fix non-inheritence element (Inigo Huguet) [2196821] - wifi: cfg80211: reject bad AP MLD address (Inigo Huguet) [2196821] - wifi: mac80211: use correct iftype HE cap (Inigo Huguet) [2196821] - wifi: mt76: mt7996: fix possible NULL pointer dereference in mt7996_mac_write_txwi() (Inigo Huguet) [2196821] - wifi: rtw89: remove redundant check of entering LPS (Inigo Huguet) [2196821] - wifi: rtw89: correct PS calculation for SUPPORTS_DYNAMIC_PS (Inigo Huguet) [2196821] - wifi: rtw88: correct PS calculation for SUPPORTS_DYNAMIC_PS (Inigo Huguet) [2196821] - wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll (Inigo Huguet) [2196821] - wifi: b43: fix incorrect __packed annotation (Inigo Huguet) [2196821] - wifi: rtw88: sdio: Always use two consecutive bytes for word operations (Inigo Huguet) [2196821] - mac80211_hwsim: fix memory leak in hwsim_new_radio_nl (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: Add locking to the rate read flow (Inigo Huguet) [2196821] - wifi: iwlwifi: Don't use valid_links to iterate sta links (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: don't trust firmware n_channels (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: fix OEM's name in the tas approved list (Inigo Huguet) [2196821] - wifi: iwlwifi: fix OEM's name in the ppag approved list (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: fix initialization of a return value (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: fix access to fw_id_to_mac_id (Inigo Huguet) [2196821] - wifi: iwlwifi: fw: fix DBGI dump (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: fix number of concurrent link checks (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: don't double-init spinlock (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: always free dup_data (Inigo Huguet) [2196821] - wifi: mac80211: recalc chanctx mindef before assigning (Inigo Huguet) [2196821] - wifi: mac80211: consider reserved chanctx for mindef (Inigo Huguet) [2196821] - wifi: mac80211: simplify chanctx allocation (Inigo Huguet) [2196821] - wifi: mac80211: Abort running color change when stopping the AP (Inigo Huguet) [2196821] - wifi: mac80211: fix min center freq offset tracing (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: rfi: disable RFI feature (Inigo Huguet) [2196821] - wifi: mac80211: Fix puncturing bitmap handling in __ieee80211_csa_finalize() (Inigo Huguet) [2196821] - wifi: mac80211: fortify the spinlock against deadlock by interrupt (Inigo Huguet) [2196821] - wifi: cfg80211: Drop entries with invalid BSSIDs in RNR (Inigo Huguet) [2196821] - wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value (Inigo Huguet) [2196821] - wifi: brcmfmac: Check for probe() id argument being NULL (Inigo Huguet) [2196821] - wifi: rtw88: correct qsel_to_ep[] type as int (Inigo Huguet) [2196821] - wifi: rtw88: use work to update rate to avoid RCU warning (Inigo Huguet) [2196821] - wifi: rtw89: 8852b: adjust quota to avoid SER L1 caused by access null page (Inigo Huguet) [2196821] - wifi: mt76: connac: fix stats->tx_bytes calculation (Inigo Huguet) [2196821] - wifi: mt76: mt7996: fix endianness of MT_TXD6_TX_RATE (Inigo Huguet) [2196821] - mac80211: use the new drop reasons infrastructure (Inigo Huguet) [2196821] - wifi: rtw88: Update spelling in main.h (Inigo Huguet) [2196821] - wifi: airo: remove ISA_DMA_API dependency (Inigo Huguet) [2196821] - wifi: rtl8xxxu: Simplify setting the initial gain (Inigo Huguet) [2196821] - wifi: rtl8xxxu: Add rtl8xxxu_write{8,16,32}_{set,clear} (Inigo Huguet) [2196821] - wifi: rtl8xxxu: Don't print the vendor/product/serial (Inigo Huguet) [2196821] - wifi: rtw88: Fix memory leak in rtw88_usb (Inigo Huguet) [2196821] - wifi: rtw88: call rtw8821c_switch_rf_set() according to chip variant (Inigo Huguet) [2196821] - wifi: rtw88: set pkg_type correctly for specific rtw8821c variants (Inigo Huguet) [2196821] - wifi: rtw88: rtw8821c: Fix rfe_option field width (Inigo Huguet) [2196821] - wifi: rtw88: usb: fix priority queue to endpoint mapping (Inigo Huguet) [2196821] - wifi: rtw88: 8822c: add iface combination (Inigo Huguet) [2196821] - wifi: rtw88: handle station mode concurrent scan with AP mode (Inigo Huguet) [2196821] - wifi: rtw88: prevent scan abort with other VIFs (Inigo Huguet) [2196821] - wifi: rtw88: refine reserved page flow for AP mode (Inigo Huguet) [2196821] - wifi: rtw88: disallow PS during AP mode (Inigo Huguet) [2196821] - wifi: rtw88: 8822c: extend reserved page number (Inigo Huguet) [2196821] - wifi: rtw88: add port switch for AP mode (Inigo Huguet) [2196821] - wifi: rtw88: add bitmap for dynamic port settings (Inigo Huguet) [2196821] - wifi: rtw89: mac: use regular int as return type of DLE buffer request (Inigo Huguet) [2196821] - wifi: mac80211: remove return value check of debugfs_create_dir() (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: fix RFKILL report when driver is going down (Inigo Huguet) [2196821] - wifi: iwlwifi: mei: re-ask for ownership after it was taken by CSME (Inigo Huguet) [2196821] - wifi: iwlwifi: mei: make mei filtered scan more aggressive (Inigo Huguet) [2196821] - wifi: iwlwifi: modify scan request and results when in link protection (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: enable support for MLO APIs (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: prefer RCU_INIT_POINTER() (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: fix potential memory leak (Inigo Huguet) [2196821] - wifi: iwlwifi: fw: fix argument to efi.get_variable (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: fix MIC removal confusion (Inigo Huguet) [2196821] - wifi: iwlwifi: fw: fix memory leak in debugfs (Inigo Huguet) [2196821] - wifi: iwlwifi: Update support for b0 version (Inigo Huguet) [2196821] - wifi: ath11k: Remove disabling of 80+80 and 160 MHz (Inigo Huguet) [2196821] - wifi: ath11k: Fix SKB corruption in REO destination ring (Inigo Huguet) [2196821] - wifi: ath11k: Fix incorrect update of radiotap fields (Inigo Huguet) [2196821] - wifi: ath11k: fix tx status reporting in encap offload mode (Inigo Huguet) [2196821] - wifi: ath11k: add peer mac information in failure cases (Inigo Huguet) [2196821] - wifi: ath11k: Prevent REO cmd failures (Inigo Huguet) [2196821] - wifi: ath11k: fix double free of peer rx_tid during reo cmd failure (Inigo Huguet) [2196821] - wifi: mt76: mt7996: fill txd by host driver (Inigo Huguet) [2196821] - wifi: mt76: set NL80211_EXT_FEATURE_CAN_REPLACE_PTK0 on supported drivers (Inigo Huguet) [2196821] - wifi: mt76: dma: use napi_build_skb (Inigo Huguet) [2196821] - wifi: mt76: mt7615: increase eeprom size for mt7663 (Inigo Huguet) [2196821] - wifi: mt76: mt7996: enable mesh HW amsdu/de-amsdu support (Inigo Huguet) [2196821] - wifi: mt76: mt7996: enable configured beacon tx rate (Inigo Huguet) [2196821] - wifi: mt76: mt7996: enable BSS_CHANGED_MCAST_RATE support (Inigo Huguet) [2196821] - wifi: mt76: mt7996: enable BSS_CHANGED_BASIC_RATES support (Inigo Huguet) [2196821] - wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace (Inigo Huguet) [2196821] - wifi: mac80211: remove ieee80211_tx_status_8023 (Inigo Huguet) [2196821] - wifi: iwlwifi: bump FW API to 78 for AX devices (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: check firmware response size (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: add MLO support to SF - use sta pointer (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: configure TLC on link activation (Inigo Huguet) [2196821] - wifi: iwlwifi: fix iwl_mvm_max_amsdu_size() for MLO (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: remove RS rate init update argument (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: initialize per-link STA ratescale data (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: rs-fw: properly access sband->iftype_data (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: only clients can be 20MHz-only (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: fix iwl_mvm_sta_rc_update for MLO (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: remove per-STA MFP setting (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: allow NL80211_EXT_FEATURE_SCAN_MIN_PREQ_CONTENT (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: use BSSID when building probe requests (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: update mac id management (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: adopt the latest firmware API (Inigo Huguet) [2196821] - wifi: mt76: connac: add nss calculation into mt76_connac2_mac_tx_rate_val() (Inigo Huguet) [2196821] - wifi: mt76: connac: fix txd multicast rate setting (Inigo Huguet) [2196821] - wifi: mt76: mt7921e: stop chip reset worker in unregister hook (Inigo Huguet) [2196821] - wifi: mt76: mt7921e: improve reliability of dma reset (Inigo Huguet) [2196821] - wifi: mt76: mt7921: fix missing unwind goto in mt7921u_probe (Inigo Huguet) [2196821] - mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data (Inigo Huguet) [2196821] - wifi: mt76: move mcu_uni_event and mcu_reg_event in common code (Inigo Huguet) [2196821] - wifi: mt76: mt7996: enable coredump support (Inigo Huguet) [2196821] - wifi: mt76: mt7996: add full system reset knobs into debugfs (Inigo Huguet) [2196821] - wifi: mt76: mt7996: enable full system reset support (Inigo Huguet) [2196821] - wifi: mt76: mt7921: enable p2p support (Inigo Huguet) [2196821] - wifi: mt76: mt7921: Replace fake flex-arrays with flexible-array members (Inigo Huguet) [2196821] - wifi: mt76: Replace zero-length array with flexible-array member (Inigo Huguet) [2196821] - wifi: mt76: mt7921: add Netgear AXE3000 (A8000) support (Inigo Huguet) [2196821] - wifi: mt76: mt7915: drop redundant prefix of mt7915_txpower_puts() (Inigo Huguet) [2196821] - wifi: mt76: fix 6GHz high channel not be scanned (Inigo Huguet) [2196821] - wifi: mt76: mt7921e: fix probe timeout after reboot (Inigo Huguet) [2196821] - wifi: mt76: move shared mac definitions in mt76_connac2_mac.h (Inigo Huguet) [2196821] - wifi: mt76: mt7921: get rid of eeprom.h (Inigo Huguet) [2196821] - wifi: mt76: add mt76_connac_gen_ppe_thresh utility routine (Inigo Huguet) [2196821] - wifi: mt76: get rid of unused sta_ps callbacks (Inigo Huguet) [2196821] - wifi: mt76: add mt76_connac_irq_enable utility routine (Inigo Huguet) [2196821] - wifi: mt76: move irq_tasklet in mt76_dev struct (Inigo Huguet) [2196821] - wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset (Inigo Huguet) [2196821] - wifi: mt76: mt7921: use driver flags rather than mac80211 flags to mcu (Inigo Huguet) [2196821] - wifi: mt76: mt7921: introduce mt7921_get_mac80211_ops utility routine (Inigo Huguet) [2196821] - wifi: mt76: mt7996: fix eeprom tx path bitfields (Inigo Huguet) [2196821] - wifi: mt76: mt7996: remove mt7996_mcu_set_pm() (Inigo Huguet) [2196821] - wifi: mt76: mt7996: init mpdu density cap (Inigo Huguet) [2196821] - wifi: mt76: mt7996: fix pointer calculation in ie countdown event (Inigo Huguet) [2196821] - wifi: mt76: mt7996: remove unused eeprom band selection (Inigo Huguet) [2196821] - wifi: mt76: mt7996: let non-bufferable MMPDUs use correct hw queue (Inigo Huguet) [2196821] - wifi: mt76: mt7996: add eht rx rate support (Inigo Huguet) [2196821] - wifi: mt76: mt7996: remove mt7996_mcu_beacon_check_caps() (Inigo Huguet) [2196821] - wifi: mt76: mt7915: remove mt7915_mcu_beacon_check_caps() (Inigo Huguet) [2196821] - wifi: mt76: connac: refresh tx session timer for WED device (Inigo Huguet) [2196821] - wifi: mt76: add missing locking to protect against concurrent rx/status calls (Inigo Huguet) [2196821] - wifi: mt76: handle failure of vzalloc in mt7615_coredump_work (Inigo Huguet) [2196821] - wifi: mt76: drop the incorrect scatter and gather frame (Inigo Huguet) [2196821] - wifi: mt76: mt7915: rework init flow in mt7915_thermal_init() (Inigo Huguet) [2196821] - wifi: mt76: mt7915: add dev->hif2 support for mt7916 WED device (Inigo Huguet) [2196821] - wifi: mt76: mt7915: expose device tree match table (Inigo Huguet) [2196821] - wifi: mt76: dynamic channel bandwidth changes in AP mode (Inigo Huguet) [2196821] - wifi: mt76: mt7996: fix radiotap bitfield (Inigo Huguet) [2196821] - wifi: mt76: mt7915: unlock on error in mt7915_thermal_temp_store() (Inigo Huguet) [2196821] - wifi: mt76: mt7996: Remove unneeded semicolon (Inigo Huguet) [2196821] - wifi: mt76: mt7921: fix PCI DMA hang after reboot (Inigo Huguet) [2196821] - wifi: mt76: mt7921: fix wrong command to set STA channel (Inigo Huguet) [2196821] - wifi: mt76: remove redundent MCU_UNI_CMD_* definitions (Inigo Huguet) [2196821] - wifi: ath9k: fix per-packet TX-power cap for TPC (Inigo Huguet) [2196821] - wifi: ath11k: fix undefined behavior with __fls in dp (Inigo Huguet) [2196821] - wifi: ath11k: Ignore frags from uninitialized peer in dp. (Inigo Huguet) [2196821] - wifi: ath11k: print a warning when crypto_alloc_shash() fails (Inigo Huguet) [2196821] - wifi: ath11k: pci: Add more MODULE_FIRMWARE() entries (Inigo Huguet) [2196821] - wifi: ath11k: enable SAR support on WCN6750 (Inigo Huguet) [2196821] - wifi: ath11k: Disable Spectral scan upon removing interface (Inigo Huguet) [2196821] - wifi: rtw89: add support of concurrent mode (Inigo Huguet) [2196821] - wifi: rtw89: Disallow power save with multiple stations (Inigo Huguet) [2196821] - wifi: rtw89: update statistics to FW for fine-tuning performance (Inigo Huguet) [2196821] - wifi: rtw89: use struct instead of macros to set H2C command of hardware scan (Inigo Huguet) [2196821] - wifi: rtw89: refine scan function after chanctx (Inigo Huguet) [2196821] - wifi: rtw89: prohibit enter IPS during HW scan (Inigo Huguet) [2196821] - wifi: rtw89: coex: send more hardware module info to firmware for 8851B (Inigo Huguet) [2196821] - wifi: rtw89: coex: Update function to get BT RSSI and hardware counter (Inigo Huguet) [2196821] - wifi: rtw89: coex: Add path control register to monitor list (Inigo Huguet) [2196821] - wifi: rtw89: coex: Enable Wi-Fi RX gain control for free run solution (Inigo Huguet) [2196821] - wifi: rtw89: fix power save function in WoWLAN mode (Inigo Huguet) [2196821] - wifi: rtw89: support WoWLAN mode for 8852be (Inigo Huguet) [2196821] - wifi: iwlwifi: move debug buffer allocation failure to info verbosity (Inigo Huguet) [2196821] - wifi: iwlwifi: make the loop for card preparation effective (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: allow number of beacons from FW (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: implement key link switching (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: implement BAID link switching (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: track station mask for BAIDs (Inigo Huguet) [2196821] - wifi: iwlwifi: bump FW API to 77 for AX devices (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: use correct sta mask to remove queue (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: avoid iterating over an un-initialized list (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: factor out iwl_mvm_sta_fw_id_mask() (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: properly implement HE AP support (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: Fix _iwl_mvm_get_scan_type() (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: fix getting lowest TX rate for MLO (Inigo Huguet) [2196821] - wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (Inigo Huguet) [2196821] - wifi: iwlwifi: nvm-parse: add full BW UL MU-MIMO support (Inigo Huguet) [2196821] - wifi: rtl8xxxu: Support devices with 5-6 out endpoints (Inigo Huguet) [2196821] - wifi: rtl8xxxu: Clean up some messy ifs (Inigo Huguet) [2196821] - wifi: brcmfmac: add Cypress 43439 SDIO ids (Inigo Huguet) [2196821] - wifi: rtw89: fix crash due to null pointer of sta in AP mode (Inigo Huguet) [2196821] - wifi: rtw89: correct 5 MHz mask setting (Inigo Huguet) [2196821] - wifi: rtw89: 8851b: add tables for RFK (Inigo Huguet) [2196821] - wifi: rtw89: 8851b: add BB and RF tables (2 of 2) (Inigo Huguet) [2196821] - wifi: rtw89: 8851b: add BB and RF tables (1 of 2) (Inigo Huguet) [2196821] - wifi: rtw89: pci: update PCI related settings to support 8851B (Inigo Huguet) [2196821] - wifi: rtw89: mac: update MAC settings to support 8851b (Inigo Huguet) [2196821] - wifi: rtw89: 8851b: fix TX path to path A for one RF path chip (Inigo Huguet) [2196821] - wifi: rtw89: read version of analog hardware (Inigo Huguet) [2196821] - wifi: rtw89: use hardware CFO to improve performance (Inigo Huguet) [2196821] - wifi: rtw89: support parameter tables by RFE type (Inigo Huguet) [2196821] - wifi: rtw89: add firmware format version to backward compatible with older drivers (Inigo Huguet) [2196821] - wifi: rtw89: use schedule_work to request firmware (Inigo Huguet) [2196821] - wifi: rtw89: fw: use generic flow to set/check features (Inigo Huguet) [2196821] - wifi: rtw89: fix authentication fail during scan (Inigo Huguet) [2196821] - wifi: rtw89: add flag check for power state (Inigo Huguet) [2196821] - wifi: rtw89: add ieee80211::remain_on_channel ops (Inigo Huguet) [2196821] - wifi: rtw89: add function to wait for completion of TX skbs (Inigo Huguet) [2196821] - wifi: rtw89: 8852c: add beacon filter and CQM support (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: tx: remove misleading if statement (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: Fix setting the rate for non station cases (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: validate station properly in flush (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: set STA mask for keys in MLO (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: fix ptk_pn memory leak (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: make iwl_mvm_mac_ctxt_send_beacon() static (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: track AP STA pointer and use it for MFP (Inigo Huguet) [2196821] - wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf (Inigo Huguet) [2196821] - wifi: iwlwifi: fw: move memset before early return (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: initialize seq variable (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: Fix spelling mistake 'Gerenal' -> 'General' (Inigo Huguet) [2196821] - wifi: iwlwifi: Fix spelling mistake 'upto' -> 'up to' (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: enable new MLD FW API (Inigo Huguet) [2196821] - wifi: iwlwifi: add a new PCI device ID for BZ device (Inigo Huguet) [2196821] - wifi: iwlwifi: Add RF Step Type for BZ device (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: scan legacy bands and UHB channels with same antenna (Inigo Huguet) [2196821] - wifi: iwlwifi: yoyo: Fix possible division by zero (Inigo Huguet) [2196821] - wifi: iwlwifi: yoyo: skip dump correctly on hw error (Inigo Huguet) [2196821] - wifi: iwlwifi: pcie: fix possible NULL pointer dereference (Inigo Huguet) [2196821] - wifi: iwlwifi: Fix the duplicate dump name (Inigo Huguet) [2196821] - wifi: iwlwifi: pcie: work around ROM bug on AX210 integrated (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: add DSM_FUNC_ENABLE_6E value to debugfs (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: cleanup beacon_inject_active during hw restart (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: support wowlan info notification version 2 (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: make HLTK configuration for PASN station optional (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: request limiting to 8 MSDUs per A-MSDU (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: fix shift-out-of-bounds (Inigo Huguet) [2196821] - wifi: iwlwifi: acpi: support modules with high antenna gain (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: don't drop unencrypted MCAST frames (Inigo Huguet) [2196821] - wifi: iwlwifi: dbg: print pc register data once fw dump occurred (Inigo Huguet) [2196821] - wifi: mac80211: add flush_sta method (Inigo Huguet) [2196821] - wifi: mac80211: flush queues on STA removal (Inigo Huguet) [2196821] - wifi: ieee80211: correctly mark FTM frames non-bufferable (Inigo Huguet) [2196821] - wifi: ieee80211: clean up public action codes (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: don't set CHECKSUM_COMPLETE for unsupported protocols (Inigo Huguet) [2196821] - wifi: iwlwifi: trans: don't trigger d3 interrupt twice (Inigo Huguet) [2196821] - wifi: iwlwifi: Update configurations for Bnj-a0 and specific rf devices (Inigo Huguet) [2196821] - wifi: iwlwifi: Update init sequence if tx diversity supported (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: move function sequence (Inigo Huguet) [2196821] - wifi: iwlwifi: nvm: Update HE capabilities on 6GHz band for EHT device (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: refactor TX csum mode check (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: fix A-MSDU checks (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: enable bz hw checksum from c step (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: use OFDM rate if IEEE80211_TX_CTL_NO_CCK_RATE is set (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: convert TID to FW value on queue remove (Inigo Huguet) [2196821] - wifi: iwlwifi: Update configuration for SO,SOF MAC and HR RF (Inigo Huguet) [2196821] - wifi: iwlwifi: add a validity check of queue_id in iwl_txq_reclaim (Inigo Huguet) [2196821] - wifi: iwlwifi: nvm-parse: enable 160/320 MHz for AP mode (Inigo Huguet) [2196821] - wifi: iwlwifi: debug: fix crash in __iwl_err() (Inigo Huguet) [2196821] - wifi: rtw88: Add support for the SDIO based RTL8821CS chipset (Inigo Huguet) [2196821] - wifi: rtw88: Add support for the SDIO based RTL8822CS chipset (Inigo Huguet) [2196821] - wifi: rtw88: Add support for the SDIO based RTL8822BS chipset (Inigo Huguet) [2196821] - wifi: rtw88: main: Reserve 8 bytes of extra TX headroom for SDIO cards (Inigo Huguet) [2196821] - wifi: rtw88: main: Add the {cpwm,rpwm}_addr for SDIO based chipsets (Inigo Huguet) [2196821] - wifi: rtw88: mac: Support SDIO specific bits in the power on sequence (Inigo Huguet) [2196821] - wifi: rtw88: sdio: Add HCI implementation for SDIO based chipsets (Inigo Huguet) [2196821] - wifi: rtw88: Clear RTW_FLAG_POWERON early in rtw_mac_power_switch() (Inigo Huguet) [2196821] - wifi: ath12k: Remove redundant pci_clear_master (Inigo Huguet) [2196821] - wifi: ath10k: Remove redundant pci_clear_master (Inigo Huguet) [2196821] - wifi: ath11k: Remove redundant pci_clear_master (Inigo Huguet) [2196821] - wifi: ath11k: Send 11d scan start before WMI_START_SCAN_CMDID (Inigo Huguet) [2196821] - wifi: ath11k: fix writing to unintended memory region (Inigo Huguet) [2196821] - wifi: ath11k: Fix invalid management rx frame length issue (Inigo Huguet) [2196821] - wifi: ath11k: fix rssi station dump not updated in QCN9074 (Inigo Huguet) [2196821] - wifi: ath11k: Configure the FTM responder role using firmware capability flag (Inigo Huguet) [2196821] - wifi: ath11k: Optimize 6 GHz scan time (Inigo Huguet) [2196821] - wifi: mac80211: set EHT support flag in AP mode (Inigo Huguet) [2196821] - wifi: mac80211_hwsim: fix potential NULL deref in hwsim_pmsr_report_nl() (Inigo Huguet) [2196821] - wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: fix the order of TIMING_MEASUREMENT notifications (Inigo Huguet) [2196821] - bus: mhi: host: Use mhi_tryset_pm_state() for setting fw error state (Inigo Huguet) [2196821] - bus: mhi: host: Remove duplicate ee check for syserr (Inigo Huguet) [2196821] - bus: mhi: host: Avoid ringing EV DB if there are no elements to process (Inigo Huguet) [2196821] - net: rfkill-gpio: Add explicit include for of.h (Inigo Huguet) [2196821] - net: qrtr: correct types of trace event parameters (Inigo Huguet) [2196821] - wifi: rt2x00: Fix memory leak when handling surveys (Inigo Huguet) [2196821] - wifi: b43legacy: Remove the unused function prev_slot() (Inigo Huguet) [2196821] - wifi: rtw89: Remove redundant pci_clear_master (Inigo Huguet) [2196821] - wifi: rtw89: fix potential race condition between napi_init and napi_enable (Inigo Huguet) [2196821] - wifi: rtw89: config EDCCA threshold during scan to prevent TX failed (Inigo Huguet) [2196821] - wifi: rtw89: fix incorrect channel info during scan due to ppdu_sts filtering (Inigo Huguet) [2196821] - wifi: rtw89: remove superfluous H2C of join_info (Inigo Huguet) [2196821] - wifi: rtw89: set data lowest rate according to AP supported rate (Inigo Huguet) [2196821] - wifi: rtw89: add counters of register-based H2C/C2H (Inigo Huguet) [2196821] - wifi: rtw89: coex: Update Wi-Fi Bluetooth coexistence version to 7.0.1 (Inigo Huguet) [2196821] - wifi: rtw89: coex: Add report control v5 variation (Inigo Huguet) [2196821] - wifi: rtw89: coex: Update RTL8852B LNA2 hardware parameter (Inigo Huguet) [2196821] - wifi: rtw89: coex: Not to enable firmware report when WiFi is power saving (Inigo Huguet) [2196821] - wifi: rtw89: coex: Add LPS protocol radio state for RTL8852B (Inigo Huguet) [2196821] - bus: mhi: pci_generic: Add Foxconn T99W510 (Inigo Huguet) [2196821] - bus: mhi: host: Use ERANGE for BHIOFF/BHIEOFF range check (Inigo Huguet) [2196821] - bus: mhi: host: Range check CHDBOFF and ERDBOFF (Inigo Huguet) [2196821] - wifi: mwifiex: remove unused evt_buf variable (Inigo Huguet) [2196821] - wifi: brcmsmac: ampdu: remove unused suc_mpdu variable (Inigo Huguet) [2196821] - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() (Inigo Huguet) [2196821] - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() (Inigo Huguet) [2196821] - wifi: brcmsmac: remove unused has_5g variable (Inigo Huguet) [2196821] - wifi: b43legacy: remove unused freq_r3A_value function (Inigo Huguet) [2196821] - wifi: rtlwifi: Replace fake flex-array with flex-array member (Inigo Huguet) [2196821] - wifi: rtw88: Remove redundant pci_clear_master (Inigo Huguet) [2196821] - wifi: rndis_wlan: Replace fake flex-array with flexible-array member (Inigo Huguet) [2196821] - wifi: rndis_wlan: clean up a type issue (Inigo Huguet) [2196821] - wifi: rtw88: remove unused rtw_pci_get_tx_desc function (Inigo Huguet) [2196821] - wifi: rsi: Slightly simplify rsi_set_channel() (Inigo Huguet) [2196821] - wifi: ipw2x00: remove unused _ipw_read16 function (Inigo Huguet) [2196821] - wifi: mac80211: enable EHT mesh support (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: correctly use link in iwl_mvm_sta_del() (Inigo Huguet) [2196821] - wifi: iwlwifi: separate AP link management queues (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: free probe_resp_data later (Inigo Huguet) [2196821] - wifi: iwlwifi: bump FW API to 75 for AX devices (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: move max_agg_bufsize into host TLC lq_sta (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: send full STA during HW restart (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: rework active links counting (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: update mac config when assigning chanctx (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: use the correct link queue (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: clean up mac_id vs. link_id in MLD sta (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: fix station link data leak (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: initialize max_rc_amsdu_len per-link (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: use appropriate link for rate selection (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: use the new lockdep-checking macros (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: remove chanctx WARN_ON (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: avoid sending MAC context for idle (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: remove only link-specific AP keys (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: skip inactive links (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: adjust iwl_mvm_scan_respect_p2p_go_iter() for MLO (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: rxmq: report link ID to mac80211 (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: use bcast/mcast link station id (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: translate management frame address (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: implement mac80211 callback change_sta_links (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: use the link sta address (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: adjust rs init to MLO (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: adjust radar detection to MLO (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: adjust iwl_mvm_sec_key_remove_ap to MLO (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: make a few warnings only trigger once (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: coex: start handling multiple links (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: rs-fw: don't crash on missing channel (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: use STA link address (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: skip MEI update for MLO (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: fix narrow RU check for MLO (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: make some HW flags conditional (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: implement link change ops (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: adjust some cleanup functions to MLO (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: refactor iwl_mvm_mac_sta_state_common() (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: update iwl_mvm_tx_reclaim() for MLO (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: adjust to MLO assign/unassign/switch_vif_chanctx() (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: add fw link id allocation (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: adjust internal stations to MLO (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: replace bss_info_changed() with vif_cfg/link_info_changed() (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: add link_conf parameter for add/remove/change link (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: don't check dtim_period in new API (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: adjust SMPS for MLO (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: add set_hw_timestamp to mld ops (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: add link to firmware earlier (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: adjust some PS and PM methods to MLD (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: adjust mld_mac_ctxt_/beacon_changed() for MLO (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: adjust smart fifo configuration to MLO (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: align to the LINK cmd update in the FW (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: always use the sta->addr as the peers addr (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: modify link instead of removing it during csa (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: fix crash on queue removal for MLD API too (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: fix 'modify_mask' value in the link cmd. (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: add all missing ops to iwl_mvm_mld_ops (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: add support for post_channel_switch in MLD mode (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: unite sta_modify_disable_tx flows (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: add cancel/remain_on_channel for MLD mode (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: refactor iwl_mvm_roc() (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: add some new MLD ops (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: add sta handling flows for MLD mode (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: add an indication that the new MLD API is used (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: sta preparation for MLO (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: vif preparation for MLO (Inigo Huguet) [2196821] - wifi: nl80211: support advertising S1G capabilities (Inigo Huguet) [2196821] - wifi: mac80211: S1G capabilities information element in probe request (Inigo Huguet) [2196821] - mac80211: minstrel_ht: remove unused n_supported variable (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: Use 64-bit division helper in iwl_mvm_get_crosstimestamp_fw() (Inigo Huguet) [2196821] - wifi: carl9170: Replace fake flex-array with flexible-array member (Inigo Huguet) [2196821] - wifi: carl9170: Fix multiple -Warray-bounds warnings (Inigo Huguet) [2196821] ... IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-3594 CVE-2023-4194 CVE-2023-35825 CVE-2023-3141 CVE-2023-26545 CVE-2022-3565 CVE-2022-38457 CVE-2022-42895 CVE-2023-3161 CVE-2023-3358 CVE-2022-40133 CVE-2023-1074 CVE-2023-1076 CVE-2023-30456 CVE-2023-0597 CVE-2023-1073 CVE-2023-1075 CVE-2023-1249 CVE-2023-1989 CVE-2022-3523 CVE-2023-1206 CVE-2023-3773 CVE-2023-4155 CVE-2023-4207 CVE-2023-4208 CVE-2023-4273 CVE-2023-1855 CVE-2023-3212 CVE-2023-4128 CVE-2023-33203 CVE-2023-33952 CVE-2022-40982 CVE-2023-3268 CVE-2023-3609 CVE-2023-1252 CVE-2023-1652 CVE-2023-33951 CVE-2023-1079 CVE-2023-4206 CVE-2023-39191 CVE-2023-3772 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/o:oracle:linux:9:3:baseos_base cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [0.23.0-2] - Fix regression in handling OpenPGP cards - Fix CVE-2023-2977: buffer overrun in pkcs15init for cardos [0.23.0-1] - Rebase to latest 0.23.0 release (#2100409) - Use separate OpenSSL context to work better from inside of OpenSSL providers LOW Copyright 2023 Oracle, Inc. CVE-2023-2977 cpe:/o:oracle:linux:9:3:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [2.35.2-42.0.1] - Forward-port Oracle patches to 2.35.2-42. MODERATE Copyright 2023 Oracle, Inc. CVE-2022-4285 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/o:oracle:linux:9:3:baseos_base cpe:/a:oracle:linux:9::distro_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [20230516-999.27.git6c9e0ed5.el9] - Update firmware for qat_4xxx devices (Orabug: 35811008) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-40964 CVE-2022-27635 CVE-2023-20569 CVE-2022-38076 CVE-2022-36351 CVE-2022-46329 cpe:/o:oracle:linux:9:3:baseos_base cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [1:2.3.3op2-21] - bump the spec because the previous build was made with buildroot 9.2 [1:2.3.3op2-20] - CVE-2023-32360 cups: Information leak through Cups-Get-Document operation [1:2.3.3op2-19] - CVE-2023-34241 cups: use-after-free in cupsdAcceptClient() in scheduler/client.c - CVE-2023-32324 cups: heap buffer overflow may lead to DoS [1:2.3.3op2-19] - 2217177 - Delays printing to lpd when reserved ports are exhausted - 2217284 - The command 'cancel -x <job>' does not remove job files - 2217954 - Enlarge backlog queue for listen() in cupsd [1:2.3.3op2-18] - 2189919 - CGI scripts don't work with local Negotiate authentication [1:2.3.3op2-17] - RHEL-314 - Enable fmf tests in centos stream [1:2.3.3op2-17] - RHEL-317 - upstream test suite fails due uncorrect number of expected warnings MODERATE Copyright 2023 Oracle, Inc. CVE-2023-34241 CVE-2023-32324 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/o:oracle:linux:9:3:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [36.0.1-4] - Fix FTBFS caused by rsa_pkcs1_implicit_rejection OpenSSL feature, resolves rhbz#2203840 [36.0.1-3] - Fix CVE-2023-23931: Don't allow update_into to mutate immutable objects, resolves rhbz#2172399 - Fix FTBFS due to failing test_load_invalid_ec_key_from_pem and test_decrypt_invalid_decrypt MODERATE Copyright 2023 Oracle, Inc. CVE-2023-23931 cpe:/o:oracle:linux:9:3:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [1.3.3-13] - Applied patch for for CVE-2022-48468 (#2186677) MODERATE Copyright 2023 Oracle, Inc. CVE-2022-48468 cpe:/o:oracle:linux:9:3:baseos_base cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [2.68.4-11] - Really fix authentication failures when sd-bus clients connect to GDBus servers - Resolves: #2217771 [2.68.4-10] - Fix authentication failures when sd-bus clients connect to GDBus servers - Resolves: #2217771 [2.68.4-9] - Resolve s390x crashes introduced by fixes for CVE-2023-24593/CVE-2023-25180 - Related: #2181196 - Related: #2181200 [2.68.4-8] - Resolve use after free introduced by fixes for CVE-2023-24593/CVE-2023-25180 - Related: #2181196 - Related: #2181200 [2.68.4-7] - Fix CVE-2023-24593 and CVE-2023-25180 - Resolves: #2181196 - Resolves: #2181200 LOW Copyright 2023 Oracle, Inc. CVE-2023-32665 CVE-2023-32611 CVE-2023-29499 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/o:oracle:linux:9:3:baseos_base cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [2:4.9-8] - gpasswd: fix password leak. Resolves: #2215948 [2:4.9-7] - useradd: check if subid range exists for user. Resolves: #2179987 - find_new_[gu]id: Skip over IDs that are reserved for legacy reasons. Resolves: #2179988 LOW Copyright 2023 Oracle, Inc. CVE-2023-4641 cpe:/o:oracle:linux:9:3:baseos_base cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [1.19.1-1] - Resolves: rhbz#2209564 - CVE-2023-31124 c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation [rhel-9] - Resolves: rhbz#2209556 - CVE-2023-31130 c-ares: Buffer Underwrite in ares_inet_net_pton() [rhel-9] - Resolves: rhbz#2209550 - CVE-2023-31147 c-ares: Insufficient randomness in generation of DNS query IDs [rhel-9] - Resolves: rhbz#2209520 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service [rhel-9.3.0] - Resolves: rhbz#2210370 - Rebase c-ares for RHEL 9.3 [1.17.1-6] - Resolves: rhbz#2170868 - c-ares: buffer overflow in config_sortlist() due to missing string length check [rhel-9] MODERATE Copyright 2023 Oracle, Inc. CVE-2022-4904 CVE-2023-31130 CVE-2023-31147 CVE-2023-31124 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/o:oracle:linux:9:3:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [0.10.4-11] - Fix loglevel regression - Related: rhbz#2182252, rhbz#2189740 [0.10.4.10] - Fix null dereference issues found by covscan - Related: rhbz#2182252, rhbz#2189740 [0.10.4-9] - Fix CVE-2023-1667 and CVE-2023-2283 - Fix issues found by cosvcan - Resolves: rhbz#2182252, rhbz#2189740 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-2283 CVE-2023-1667 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/o:oracle:linux:9:3:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [3.9.18-1] - Update to 3.9.18 - Security fix for CVE-2023-40217 Resolves: RHEL-3043 [3.9.17-2] - Fix symlink handling in the fix for CVE-2023-24329 Resolves: rhbz#263261 [3.9.17-1] - Update to 3.9.17 - Security fix for CVE-2023-24329 Resolves: rhbz#2173917 [3.9.16-2] - Add filters for tarfile extraction (CVE-2007-4559, PEP-706) Resolves: rhbz#263261 MODERATE Copyright 2023 Oracle, Inc. CVE-2007-4559 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/o:oracle:linux:9:3:baseos_base cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [1:6.2.0-13] - Fix: previous commit removed one function from the library and thus broke the ABI - function gmpn_preinv_divrem_1 should now not be removed Related: rhbz#2044216 [1:6.2.0-12] - Add SIMD optimization patches for s390x (provided by the IBM) Resolves: rhbz#2044216 [1:6.2.0-11] Fix: Integer overflow and resultant buffer overflow via crafted input Resolves: CVE-2021-43618 LOW Copyright 2023 Oracle, Inc. CVE-2021-43618 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/o:oracle:linux:9:3:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 evolution-mapi [3.40.1-6] - Related: #2190415 (Rebuild against samba 4.18) openchange [2.3-41] - Related: #2190415 (Rebuild against samba 4.18) samba [4.18.6-100] - related: rhbz#2190415 - Update to version 4.18.6 - resolves: rhbz#2211617 - Fix the rpcclient dfsgetinfo command [4.18.5-100] - resolves: rhbz#2222895 - Fix CVE-2022-2127 CVE-2023-3347 CVE-2023-34966 CVE-2023-34967 CVE-2023-34968 [4.18.4-102] - resolves: rhbz#2222883 - Fix trust relationship between workstation and DC [4.18.4-101] - resolves: rhbz#2216712 - Fix broken symlink for libwbclient - resolves: rhbz#2214327 - Fix segfault of winbind child when listing users with winbind scan trusted domains = yes - resolves: rhbz#2211605 - Fix access of Samba share with veto files = /.*/ - resolves: rhbz#2207692 - Fix Python tarfile extraction to avoid a warning [4.18.4-100] - resolves: rhbz#2190415 - Update to version 4.18.4 [4.18.3-100] - resolves: rhbz#2190415 - Update to version 4.18.3 [4.18.2-101] - resolves: rhbz#2187313 - Fix weak dependencies in BaseOS [4.18.2-100] - resolves: rhbz#2190415 - Update to version 4.18.2 [4.17.5-104] - related: rhbz#2182163 - Rebuild for liburing rebase to version 2.3 [4.17.5-102] - resolves: rhbz#2169980 - Fix winbind memory leak - resolves: rhbz#2156056 - Fix Samba shares not accessible issue [4.17.5-101] - resolves: rhbz#2168534 - Create package samba-tools [4.17.5-100] - related: rhbz#2131993 - Update to version 4.17.5 [4.17.4-102] - related: rhbz#2131993 - Create package dc-libs also for 'non-dc build' [4.17.4-101] - related: rhbz#2131993 - Rebuild for MIT Kerberos 1.20.1 [4.17.4-100] - related: rhbz#2131993 - Update to version 4.17.4 - resolves: rhbz#2154373 - Fix CVE-2022-38023 - resolves: rhbz#2143196 - Fix %U include directive for share listing (netshareenum) - resolves: rhbz#2114884 - Fix id command to return new groups after successful user login - resolves: rhbz#2154885 - Fix Winbind to retrieve user groups from Active Directory [4.17.2-103] - Always add epoch to samba_depver to fix osci.brew-build.rpmdeplint.functional - related: rhbz#2131993 [4.17.2-102] - Fix CVE-2022-1615 GnuTLS gnutls_rnd() can fail and give predictable random values - resolves: rhbz#2126175 [4.17.2-101] - resolves: rhbz#2131993 - Update to version 4.17.2 [4.16.4-101] - resolves: rhbz#2121317 - Do not require samba package in python3-samba [4.16.4-100] - Rebase to version 4.16.4 - resolves: rhbz#2108332 - Fix CVE-2022-32742 [ 4.16.3-101] - related: rhbz#2077487 - Rebase Samba to 4.16.3 - resolves: rhbz#2097655 - The pcap background queue process should not be stopped - resolves: rhbz#2100105 - Fix net ads info LDAP server and LDAP server name [4.16.2-102] - resolves: rhbz#2106279 - Fix crash in rpcd_classic [4.16.2-101] - resolves: rhbz#2093833 - Fix weak dependency on logrotate - resolves: rhbz#2096813 - Fix printer displays only after 300 seconds timeout [4.16.2-100] - Fix rpminspect abidiff - related: rhbz#2077487 - Rebase Samba to 4.16.2 [4.16.1-100] - resolves: rhbz#2077487 - Rebase Samba to the the latest 4.16.x release [4.15.5-108] - resolves: rhbz#2078838 - Fix UPNs handling in lookup_name*() calls [4.15.5-106] - resolves: rhbz#2065376 - Fix 'create krb5 conf = yes when a KDC has a single IP address. - resolves: rhbz#2076504 - PAM Kerberos authentication fails with a clock skew error [4.15.5-105] - resolves: rhbz#2074891 - Fix username map for unix groups [4.15.5-104] - resolves: rhbz#2057500 - Fix winbind kerberos ticket refresh [4.15.5-103] - related: rhbz#2044231 - Fix typo in testparm output [4.15.5-102] - resolves: rhbz#2044231 - Improve idmap autorid sanity checks and documentation [4.15.5-101] - resolves: #2050111 - [RFE] Change change password change prompt phrasing - resolves: #2054110 - virusfilter_vfs_openat: Not scanned: Directory or special file [4.15.5-100] - related: rhbz#2013578 - Rebase Samba to the the latest 4.15.x release - resolves: #2046129 - Fix CVE-2021-44141 - resolves: #2046154 - Fix CVE-2021-44142 - resolves: #2044405 - Fix printing no longer works on Windows 7 - resolves: #2049485 - Fix systemd notifications - resolves: #2049604 - Disable NTLMSSP for ldap client connections [4.15.4-100] - related: rhbz#2013578 - Rebase Samba to the the latest 4.15.x release - resolves: #2039154 - Fix CVE-2021-20316 - resolves: #2044238 - Failed to authenticate users after upgrade samba package to release samba-4.14.5-7x - resolves: #2044239 - [smb] Segmentation fault when joining the domain - resolves: #2044241 - filename_convert_internal: open_pathref_fsp [xxx] failed: NT_STATUS_ACCESS_DENIED - resolves: #2044255 - Fix CVE-2021-43566 [4.15.3-1] - related: rhbz#2013578 - Rebase to Samba 4.15.3 - resolves: rhbz#2028026 - Fix possible null pointer dereference in winbind - resolves: rhbz#2033317 - Winexe: Kerberos Auth is respected via --use-kerberos=desired [4.15.2-3] - related: rhbz#2013578 - Remove unneeded lmdb dependency [4.15.2-2] - resolves: rhbz#2019675 - Fix CVE-2020-25717 [4.15.2-2] - resolves: rhbz#2019669 - Fix CVE-2021-23192 [4.15.2-2] - resolves: rhbz#2019663 - Fix CVE-2016-2124 [4.15.2-1] - resolves: rhbz#2013578 - Rebase to Samba 4.15.2 [4.14.5-103] - resolves: rhbz#1980356 - Fix winbind restart on package upgrade MODERATE Copyright 2023 Oracle, Inc. CVE-2023-34967 CVE-2023-34968 CVE-2023-34966 CVE-2022-2127 cpe:/a:oracle:linux:9::distro_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_base cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [7.76.1-26] - unify the upload/method handling (CVE-2023-28322) - fix host name wildcard checking (CVE-2023-28321) [7.76.1-25] - adapt the fix of CVE-2023-27535 for RHEL 9 curl [7.76.1-24] - fix SSH connection too eager reuse still (CVE-2023-27538) - fix GSS delegation too eager connection re-use (CVE-2023-27536) - fix FTP too eager connection reuse (CVE-2023-27535) - fix SFTP path ~ resolving discrepancy (CVE-2023-27534) - fix TELNET option IAC injection (CVE-2023-27533) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-27533 CVE-2023-27536 CVE-2023-27538 CVE-2023-27534 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/o:oracle:linux:9:3:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [3.2.2-2] - Remove misapplied license Resolves: rhbz#2160307 [3.2.2-1] - Rebase to 3.2.2 - Use systemd-sysusers to create user Resolves: CVE-2023-22745 Resolves: rhbz#2095479 Resolves: rhbz#2160307 Resolves: rhbz#2162613 LOW Copyright 2023 Oracle, Inc. CVE-2023-22745 cpe:/o:oracle:linux:9:3:baseos_base cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [21.2.3-7] - Use tarfile.data_filter for extracting (CVE-2007-4559, PEP-721, PEP-706) Resolves: RHBZ#2207997 MODERATE Copyright 2023 Oracle, Inc. CVE-2007-4559 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/o:oracle:linux:9:3:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [6.2-10.20210508] - ignore TERMINFO and HOME only if setuid/setgid/capability (#2211666) [6.2-9.20210508] - fix buffer overflow on terminfo with too many capabilities (CVE-2023-29491) - ignore TERMINFO and HOME environment variables if running as root (#2211666) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-29491 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/o:oracle:linux:9:3:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [1.21.1-1.0.1] - Fixed race condition in krb5_set_password() [Orabug: 33609767] [1.21.1-1] - New upstream version (1.21.1) - Fix double-free in KDC TGS processing (CVE-2023-39975) - Add support for 'pac_privsvr_enctype' KDB string attribute Resolves: rhbz#2060421 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-39975 CVE-2023-36054 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/o:oracle:linux:9:3:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [3.3.17-13.0.1] - ps: remove uptime integer conversion [Orabug: 35909347] - ps: improved three elapsed 'jiffies/tics' calculations [Orabug: 35909347] [3.3.17-13] - ps: mitigation of possible buffer overflow - Resolves: rhbz#2228504 [3.3.17-12] - sysctl: '-N' option shows values instead of names if '-p' - Resolves: rhbz#2222056 LOW Copyright 2023 Oracle, Inc. CVE-2023-4016 cpe:/o:oracle:linux:9:3:baseos_base cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [0.8-15] - Fix CVE-2023-1981 (#2186689) [0.8-14] - Fix CVE-2021-3502 (#1949949) [0.8-13] - Fix CVE-2021-3468 (#1944092) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-1981 CVE-2021-3502 CVE-2021-3468 cpe:/a:oracle:linux:9::distro_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_base cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [1:0.36.2-8] - Security fix for CVE-2022-40898 - Resolves: rhbz#2178881 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-40898 cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [9.54.0-14] - fix for CVE-2023-43115 - Resolves: RHEL-10184 [9.54.0-13] - fix for CVE-2023-38559 - Resolves: rhbz#2224372 [9.54.0-12] - fix for CVE-2023-36664 - Resolves: rhbz#2217810 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-43115 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1:21.0.1.0.12-2.0.1] - Add Oracle vendor bug URL [1:21.0.1.0.12-2] - Switch to using portable binaries built on RHEL 7 - Sync the copy of the portable specfile with the RHEL 7 version - Related: RHEL-12997 [1:21.0.1.0.12-1] - Update to jdk-21.0.1.0+12 (GA) - Update release notes to 21.0.1.0+12 - Sync the copy of the portable specfile with the latest update - Update openjdk_news script to specify subdirectory last - Add missing discover_trees script required by openjdk_news - Synchronise bundled versions with 21u sources (FreeType, LCMS, HarfBuzz, libpng) - Sync generate_tarball.sh with 11u & 17u version - Update bug URL for RHEL to point to the Red Hat customer portal - Fix upstream release URL for OpenJDK source - Following JDK-8005165, class data sharing can be enabled on all JIT architectures - Use tapsets from the misc tarball - Introduce 'prelease' for the portable release versioning, to handle EA builds - Make sure root installation directory is created first - Use in-place substitution for all but the first of the tapset changes - Synchronise runtime and buildtime tzdata requirements - Remove ghosts for binaries not in java-21-openjdk (pack200, rmid, unpack200) - Add missing jfr, jpackage and jwebserver alternative ghosts - Move jcmd to the headless package - Revert alt-java binary location to being within the JDK tree - Resolves: RHEL-12997 - Resolves: RHEL-14954 - Resolves: RHEL-14962 - Resolves: RHEL-14958 - Related: RHEL-14946 - Resolves: RHEL-14959 - Resolves: RHEL-14948 [1:21.0.1.0.12-1] - Exclude classes_nocoops.jsa on i686 and arm32 - Related: RHEL-14946 [1:21.0.1.0.12-1] - Fix packaging of CDS archives - Resolves: RHEL-14946 [1:21.0.0.0.35-2] - Update documentation (README.md) - Replace alt-java patch with a binary separate from the JDK - Drop stale patches that are of little use any more: - * nss.cfg has been disabled since early PKCS11 work and long superseded by FIPS work - * No accessibility subpackage to warrant RH1648242 & RH1648644 patches any more - * No use of system libjpeg turbo to warrant RH649512 patch any more - Replace RH1684077 pcsc-lite-libs patch with better JDK-8009550 fix being upstreamed - Adapt alt-java test to new binary where there is always a set_speculation function - Related: RHEL-12997 [1:21.0.0.0.35-1] - Update to jdk-21.0.0+35 - Update system crypto policy & FIPS patch from new fips-21u tree - Update generate_tarball.sh to sync with upstream vanilla script inc. no more ECC removal - Drop fakefeaturever now it is no longer needed - Change top_level_dir_name to use the VCS tag, matching new upstream release style tarball - Use upstream release URL for OpenJDK source - Re-enable tzdata tests now we are on the latest JDK and things are back in sync - Install jaxp.properties introduced by JDK-8303530 - Install lible.so introduced by JDK-8306983 - Related: RHEL-12997 [1:21.0.0.0.35-1] - Replace smoke test files used in the staticlibs test, as fdlibm was removed by JDK-8303798 - Related: RHEL-12997 [1:20.0.0.0.36-1] - Update to jdk-20.0.2+9 - Update release notes to 20.0.2+9 - Update system crypto policy & FIPS patch from new fips-20u tree - Update generate_tarball.sh ICEDTEA_VERSION - Update CLDR reference data following update to 42 (Rocky Mountain-Normalzeit => Rocky-Mountain-Normalzeit) - Related: RHEL-12997 [1:20.0.0.0.36-1] - Dropped JDK-8295447, JDK-8296239 & JDK-8299439 patches now upstream - Adapted rh1750419-redhat_alt_java.patch - Related: RHEL-12997 [1:19.0.1.0.10-1] - Update to jdk-19.0.2 release - Update release notes to 19.0.2 - Rebase FIPS patches from fips-19u branch - Remove references to sample directory removed by JDK-8284999 - Add local patch JDK-8295447 (javac NPE) which was accepted into 19u upstream but not in the GA tag - Add local patches for JDK-8296239 & JDK-8299439 (Croatia Euro update) which are present in 8u, 11u & 17u releases - Related: RHEL-12997 [1:18.0.2.0.9-1] - Update to jdk-18.0.2 release - Support JVM variant zero following JDK-8273494 no longer installing Zero's libjvm.so in the server directory - Rebase FIPS patches from fips-18u branch - Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch - Drop now unused fresh_libjvm, build_hotspot_first, bootjdk and buildjdkver variables, as we don't build a JDK here - Drop tzdata patches added for 17.0.7 which will eventually appear in the upstream tarball when we reach OpenJDK 21 - Disable tzdata tests until we are on the latest JDK and things are back in sync - Use empty nss.fips.cfg until it is again available via the FIPS patch - Related: RHEL-12997 [1:18.0.2.0.9-1] - Update to ea version of jdk18 - Add new slave jwebserver and corresponding manpage - Adjust rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch - Related: RHEL-12997 [1:18.0.2.0.9-1] - Add javaver- and origin-specific javadoc and javadoczip alternatives. - Related: RHEL-12997 [1:17.0.7.0.7-4] - Add files missed by centpkg import. - Related: rhbz#2192748 [1:17.0.7.0.7-3] - Create java-21-openjdk package based on java-17-openjdk - Related: rhbz#2192748 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-22025 CVE-2023-22081 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [4.18.6-101] - resolves: RHEL-11937 Fix CVE-2023-3961 - smbd must check the pipename - resolves: RHEL-11937 Fix CVE-2023-4091 - SMB clients can truncate files - resolves: RHEL-11937 Fix CVE-2023-42669 - Remove rpcecho server MODERATE Copyright 2023 Oracle, Inc. CVE-2023-3961 CVE-2023-4091 CVE-2023-42669 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [7.76.1-26.el9_3.2] - fix cookie injection with none file (CVE-2023-38546) [7.76.1-26.el9_3.1] - socks: return error if hostname too long for remote resolve (CVE-2023-38545) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-38546 CVE-2023-38545 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [1.43.0-5.1] - fix HTTP/2 Rapid Reset (CVE-2023-44487) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-44487 cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [7:5.5-6.1] - Resolves: RHEL-14819 - squid: squid: denial of Servicein FTP - Resolves: RHEL-14807 - squid: squid: Denial of Service in HTTP Digest Authentication - Resolves: RHEL-14780 - squid: squid: Request/Response smuggling in HTTP/1.1 and ICAP [7:5.5-6] - Resolves: #2231827 - Crash with half_closed_client on CRITICAL Copyright 2023 Oracle, Inc. CVE-2023-46847 CVE-2023-46846 CVE-2023-46848 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [8.0.100-2.0.1] - Update to .NET 8.0 [8.0.100~rc.2-0.1.0.1] - Add support for Oracle Linux [8.0.100~rc.2-0.1] - Update to .NET 8 RC 2 - Resolves: RHEL-13790 [8.0.100~rc.1-0.4] - Disable bootstrap - Related: RHEL-4074 [8.0.100~rc.1-0.3] - Add backported patches for additional s390x issues - Related: RHEL-4074 [8.0.100~rc.1-0.2] - Add patches to fix mono and arm64 issues - Include libmono-*.a files in the SDK - Fix CI configuration - Related: RHEL-4074 [8.0.100~rc.1-0.1] - Update to .NET SDK 8.0.100 RC 1 and Runtime 8.0.0 RC 1 - Resolves: RHEL-4074 [8.0.100~preview.7-0.2] - Add patch to work around TypeLoadException in Mono - Related: RHBZ#2224124 [8.0.100~preview.7-0.1] - Update to .NET SDK 8.0.100 Preview 7 and Runtime 8.0.0 Preview 7 [8.0.100~preview.6-0.2] - Remove lttng and other tracing-specific dependencies from the runtime package [8.0.100~preview.6-0.1] - Update to .NET SDK 8.0.100 Preview 6 and Runtime 8.0.0 Preview 6 [8.0.100~preview.5-0.2] - Fix release.json and sourcelink references [8.0.100~preview.5-0.1] - Update to .NET SDK 8.0.100 Preview 5 and Runtime 8.0.0 Preview 5 [8.0.100~preview.3-0.1] - Update to .NET SDK 8.0.100 Preview 3 and Runtime 8.0.0 Preview 3 [8.0.100~preview.2-0.1] - Update to .NET SDK 8.0.100 Preview 2 and Runtime 8.0.0 Preview 2 [8.0.100~preview.1-0.1] - Update to .NET SDK 8.0.100 Preview 1 and Runtime 8.0.0 Preview 1 [7.0.102-1] - Update to .NET SDK 7.0.102 and Runtime 7.0.2 [7.0.101-1] - Update to .NET SDK 7.0.101 and Runtime 7.0.1 [7.0.100-1] MODERATE Copyright 2023 Oracle, Inc. CVE-2023-36558 CVE-2023-36049 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [7.0.114-1.0.1] - Update to .NET SDK 7.0.114 and Runtime 7.0.14 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-36049 CVE-2023-36558 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [6.0.125-1.0.1] - Update to .NET SDK 6.0.125 and Runtime 6.0.25 - Add support for Oracle Linux MODERATE Copyright 2023 Oracle, Inc. CVE-2023-36558 CVE-2023-36049 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [12.2.5-3.0.1.2] - Address CVE-2023-34058 - BZ 2246963 - SAML token signature token bypass. - Address CVE-2023-34059 - BZ 2246962 - vmware-user-suid-wrapper IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-34058 CVE-2023-34059 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [- 7:5.5-6.2] - Fix: squid: DoS against HTTP and HTTPS (CVE-2023-5824) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-5824 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [115.5.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [115.5.0-1] - Update to 115.5.0 build1 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-6205 CVE-2023-6206 CVE-2023-6212 CVE-2023-6209 CVE-2023-6207 CVE-2023-6204 CVE-2023-6208 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [115.5.0-1.0.1] - Update to 115.5.0 build1 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-6205 CVE-2023-6212 CVE-2023-6208 CVE-2023-6209 CVE-2023-6206 CVE-2023-6204 CVE-2023-6207 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1.7.0-12] - fix integer bounds checking in apr_encode_* Resolves: RHEL-17123 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-24963 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [3.1.2-4] - Backport stricter seccomp jail Resolves: RHEL-12469 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-5557 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [2.40.5-1.1] - Add patch for CVE-2023-42917 Resolves: rhbz#2253058 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-42917 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [2.9.13-5] - Fix CVE-2023-39615 (RHEL-5180) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-39615 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [5.14.0-362.13.1.el9_3.OL9] - x86/retpoline: Document some thunk handling aspects (Borislav Petkov) {CVE-2023-20569} - objtool: Fix return thunk patching in retpolines (Josh Poimboeuf) {CVE-2023-20569} - x86/srso: Remove unnecessary semicolon (Yang Li) {CVE-2023-20569} - x86/calldepth: Rename __x86_return_skl() to call_depth_return_thunk() (Josh Poimboeuf) {CVE-2023-20569} - x86/nospec: Refactor UNTRAIN_RET[_*] (Josh Poimboeuf) {CVE-2023-20569} - x86/rethunk: Use SYM_CODE_START[_LOCAL]_NOALIGN macros (Josh Poimboeuf) {CVE-2023-20569} - x86/srso: Disentangle rethunk-dependent options (Josh Poimboeuf) {CVE-2023-20569} - x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (Josh Poimboeuf) {CVE-2023-20569} - x86/bugs: Remove default case for fully switched enums (Josh Poimboeuf) {CVE-2023-20569} - x86/srso: Remove 'pred_cmd' label (Josh Poimboeuf) {CVE-2023-20569} - x86/srso: Unexport untraining functions (Josh Poimboeuf) {CVE-2023-20569} - x86/srso: Improve i-cache locality for alias mitigation (Josh Poimboeuf) {CVE-2023-20569} - x86/srso: Fix unret validation dependencies (Josh Poimboeuf) {CVE-2023-20569} - x86/srso: Fix vulnerability reporting for missing microcode (Josh Poimboeuf) {CVE-2023-20569} - x86/srso: Print mitigation for retbleed IBPB case (Josh Poimboeuf) {CVE-2023-20569} - x86/srso: Print actual mitigation if requested mitigation isn't possible (Josh Poimboeuf) [RHEL-8594] {CVE-2023-20569} - x86/srso: Fix SBPB enablement for (possible) future fixed HW (Josh Poimboeuf) {CVE-2023-20569} - x86,static_call: Fix static-call vs return-thunk (Peter Zijlstra) {CVE-2023-20569} - x86/alternatives: Remove faulty optimization (Josh Poimboeuf) {CVE-2023-20569} - x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (Josh Poimboeuf) {CVE-2023-20569} - x86/srso: Don't probe microcode in a guest (Josh Poimboeuf) {CVE-2023-20569} - x86/srso: Set CPUID feature bits independently of bug or mitigation status (Josh Poimboeuf) {CVE-2023-20569} - x86/srso: Fix srso_show_state() side effect (Josh Poimboeuf) {CVE-2023-20569} - x86/cpu: Fix amd_check_microcode() declaration (Arnd Bergmann) {CVE-2023-20569} - x86/srso: Correct the mitigation status when SMT is disabled (Borislav Petkov) {CVE-2023-20569} - x86/static_call: Fix __static_call_fixup() (Peter Zijlstra) {CVE-2023-20569} - objtool/x86: Fixup frame-pointer vs rethunk (Peter Zijlstra) {CVE-2023-20569} - x86/srso: Explain the untraining sequences a bit more (Borislav Petkov) {CVE-2023-20569} - x86/cpu/kvm: Provide UNTRAIN_RET_VM (Peter Zijlstra) {CVE-2023-20569} - x86/cpu: Cleanup the untrain mess (Peter Zijlstra) {CVE-2023-20569} - x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (Peter Zijlstra) {CVE-2023-20569} - x86/cpu: Rename original retbleed methods (Peter Zijlstra) {CVE-2023-20569} - x86/cpu: Clean up SRSO return thunk mess (Peter Zijlstra) {CVE-2023-20569} - x86/alternative: Make custom return thunk unconditional (Peter Zijlstra) {CVE-2023-20569} - objtool/x86: Fix SRSO mess (Peter Zijlstra) {CVE-2023-20569} - x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (Peter Zijlstra) {CVE-2023-20569} - x86/cpu: Fix __x86_return_thunk symbol type (Peter Zijlstra) {CVE-2023-20569} - x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (Petr Pavlu) {CVE-2023-20569} - x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (Petr Pavlu) {CVE-2023-20569} - x86/srso: Disable the mitigation on unaffected configurations (Borislav Petkov) {CVE-2023-20569} - x86/CPU/AMD: Fix the DIV(0) initial fix attempt (Borislav Petkov) {CVE-2023-20588} - x86/retpoline: Don't clobber RFLAGS during srso_safe_ret() (Sean Christopherson) {CVE-2023-20569} - x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (Cristian Ciocaltea) {CVE-2023-20593} - driver core: cpu: Fix the fallback cpu_show_gds() name (Borislav Petkov) {CVE-2023-20569} - x86: Move gds_ucode_mitigated() declaration to header (Arnd Bergmann) {CVE-2023-20569} - x86/speculation: Add cpu_show_gds() prototype (Arnd Bergmann) {CVE-2023-20569} - driver core: cpu: Make cpu_show_not_affected() static (Borislav Petkov) {CVE-2023-20569} - x86/srso: Fix build breakage with the LLVM linker (Nick Desaulniers) {CVE-2023-20569} - Documentation/srso: Document IBPB aspect and fix formatting (Borislav Petkov) {CVE-2023-20569} - driver core: cpu: Unify redundant silly stubs (Borislav Petkov) {CVE-2023-20569} - Documentation/hw-vuln: Unify filename specification in index (Borislav Petkov) {CVE-2023-20569} - x86/CPU/AMD: Do not leak quotient data after a division by 0 (Borislav Petkov) {CVE-2023-20588} - x86/srso: Tie SBPB bit setting to microcode patch detection (Borislav Petkov) {CVE-2023-20569} - x86/srso: Add a forgotten NOENDBR annotation (Borislav Petkov) {CVE-2023-20569} - x86/srso: Fix return thunks in generated code (Josh Poimboeuf) {CVE-2023-20569} - x86/srso: Add IBPB on VMEXIT (Borislav Petkov) {CVE-2023-20569} - x86/srso: Add IBPB (Borislav Petkov) {CVE-2023-20569} - x86/srso: Add SRSO_NO support (Borislav Petkov) {CVE-2023-20569} - x86/srso: Add IBPB_BRTYPE support (Borislav Petkov) {CVE-2023-20569} - redhat/configs/x86: Enable CONFIG_CPU_SRSO (Borislav Petkov) {CVE-2023-20569} - x86/srso: Add a Speculative RAS Overflow mitigation (Borislav Petkov) {CVE-2023-20569} - x86/retbleed: Add __x86_return_thunk alignment checks (Borislav Petkov) {CVE-2023-20569} - x86/retbleed: Fix return thunk alignment (Borislav Petkov) {CVE-2023-20569} - x86/alternative: Optimize returns patching (Borislav Petkov) {CVE-2023-20569} - x86,objtool: Separate unret validation from unwind hints (Josh Poimboeuf) {CVE-2023-20569} - objtool: Add objtool_types.h (Josh Poimboeuf) {CVE-2023-20569} - objtool: Union instruction::{call_dest,jump_table} (Peter Zijlstra) {CVE-2023-20569} - x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (Peter Zijlstra) {CVE-2023-20569} - objtool: Fix SEGFAULT (Christophe Leroy) {CVE-2023-20569} - vmlinux.lds.h: add BOUNDED_SECTION* macros (Jim Cromie) {CVE-2023-20569} IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-5345 CVE-2023-20569 CVE-2023-1192 CVE-2023-45871 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [4.10.0-55.2] - python-certifi: Removal of e-Tugra root certificate (CVE-2023-37920) - python-urllib3: Cookie request header isn't stripped during cross-origin redirects (CVE-2023-43804) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-43804 CVE-2023-37920 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::addons Oracle Linux 9 [0.40.0-6] - Backport fix for CVE-2022-44638 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-44638 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [2:1.13.3-3] - Rebuild with golang 1.20.10 - Related: Jira:RHEL-2786 [2:1.13.3-2] - Rebuild with golang 1.21.3 - Related: Jira:RHEL-2786 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-29409 CVE-2023-39319 CVE-2023-39321 CVE-2023-39318 CVE-2023-39322 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [4:1.1.9-2] - Rebuild for CVEs: CVE-2023-39321 CVE-2023-39322 CVE-2023-29409 - Resolves: #2228743 - Resolves: #2237777 - Resolves: #2237778 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-39321 CVE-2023-29409 CVE-2023-39322 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1.31.3-2.0.1] - Rebuild for CVEs: CVE-2023-39318 CVE-2023-39319 CVE-2023-39321 CVE-2023-39322 CVE-2023-29409 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-29409 CVE-2023-39318 CVE-2023-39322 CVE-2023-39319 CVE-2023-39321 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [2:4.6.1-7.0.1] - Rebuild for following CVEs: CVE-2023-39318 CVE-2023-39319 CVE-2023-39321 CVE-2023-39322 CVE-2023-29409 - Resolves: #2228743 - Resolves: #2237773 - Resolves: #2237776 - Resolves: #2237777 - Resolves: #2237778 [2:4.6.1-6.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404] [2:4.6.1-6] - update to the latest content of https://github.com/containers/podman/tree/v4.6.1-rhel (https://github.com/containers/podman/commit/68e7ae0) - Related: Jira:RHEL-2112 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-39318 CVE-2023-29409 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1:1.3.0-6] - rebuild for following CVEs: CVE-2023-29409 CVE-2023-39318 CVE-2023-39319 CVE-2023-39321 CVE-2023-39322 - Resolves: #2228743 - Resolves: #2237773 - Resolves: #2237776 - Resolves: #2237777 - Resolves: #2237778 [1:1.3.0-5] - fix path to dhcp service - Resolves: #RHEL-3140 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-39318 CVE-2023-39319 CVE-2023-39321 CVE-2023-39322 CVE-2023-29409 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [13.13-1.0.1] - Update to 13.13 - Fixes CVE-2023-5868, CVE-2023-5869, CVE-2023-5870, and CVE-2023-39417 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-39417 CVE-2023-5868 CVE-2023-5869 CVE-2023-5870 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 pgaudit pg_repack postgres-decoderbufs postgresql [15.5-1] - update to 15.5 - Fixes CVE-2023-5868, CVE-2023-5869, CVE-2023-5870, CVE-2023-39417, and CVE-2023-39418 Resolves: RHEL-16100, RHEL-16124, RHEL-16139 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-5870 CVE-2023-5868 CVE-2023-5869 CVE-2023-39417 CVE-2023-39418 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9:2:appstream_patch Oracle Linux 9 [1.22.1-2] - Patch CVE-2023-44429: AV1 codec parser heap-based buffer overflow - Patch CVE-2023-44446: MXF demuxer use-after-free - Resolves: RHEL-17030, RHEL-17039 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-44446 CVE-2023-44429 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [0.23.0-3] - Fix file caching with different offsets (RHEL-4079) - Fix CVE-2023-40660: Potential PIN bypass - Fix CVE-2023-40661: Dynamic analyzers reports in pkcs15init - Fix CVE-2023-4535: Out-of-bounds read in MyEID driver handling encryption using symmetric keys - Fix CVE-2023-5992: Side-channel leaks while stripping encryption PKCS#1.5 padding MODERATE Copyright 2023 Oracle, Inc. CVE-2023-40661 CVE-2023-40660 CVE-2023-4535 cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [115.6.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Update to 115.6.0 build2 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-6858 CVE-2023-6859 CVE-2023-50762 CVE-2023-6861 CVE-2023-6864 CVE-2023-6857 CVE-2023-6860 CVE-2023-6856 CVE-2023-6863 CVE-2023-6862 CVE-2023-50761 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1.13.1-3.3] - xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty (CVE-2023-5367) - xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions (CVE-2023-6377) - xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty (CVE-2023-6478) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-5367 CVE-2023-6377 CVE-2023-6478 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [115.6.0-1.0.1] - Udate to 115.6.0 build1 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-6858 CVE-2023-6859 CVE-2023-6861 CVE-2023-6867 CVE-2023-6865 CVE-2023-6860 CVE-2023-6862 CVE-2023-6864 CVE-2023-6856 CVE-2023-6857 CVE-2023-6863 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [7:5.5-6.0.1.el9_3.5] - squid: Denial of Service in SSL Certificate validation (CVE-2023-46724) - squid: NULL pointer dereference in the gopher protocol code (CVE-2023-46728) - squid: Buffer over-read in the HTTP Message processing feature (CVE-2023-49285) - squid: Incorrect Check of Function Return Value In Helper Process management (CVE-2023-49286) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-46724 CVE-2023-49285 CVE-2023-46728 CVE-2023-49286 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [3.90.0-4] - CVE-2023-5388 nss: timing attack against RSA decryption. Make the final blinding multmod constant time. MODERATE Copyright 2024 Oracle, Inc. CVE-2023-5388 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [4.10.2-5.0.1] - Resolves: 2242828 Invalid CSRF protection (CVE-2023-5455) MODERATE Copyright 2024 Oracle, Inc. CVE-2023-5455 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [7.0.115-1.0.1] - Update to .NET SDK 7.0.115 and Runtime 7.0.15 [7.0.114-1.0.1] - Update to .NET SDK 7.0.114 and Runtime 7.0.14 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-0056 CVE-2024-0057 CVE-2024-21319 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [8.0.101-1.0.1] - Update to .NET SDK 8.0.101 and Runtime 8.0.1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-21319 CVE-2024-0056 CVE-2024-0057 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [6.0.126-1.0.1] - Add support for Oracle Linux [6.0.126-1] - Update to .NET SDK 6.0.126 and Runtime 6.0.26 [6.0.125-1] - Update to .NET SDK 6.0.125 and Runtime 6.0.25 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-0056 CVE-2024-0057 CVE-2024-21319 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1:21.0.2.0.13-1.0.1] - Add Oracle vendor bug URL [1:21.0.2.0.13-1] - Rebase to 21.0.2.0.13 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-20952 CVE-2024-20945 CVE-2024-20918 CVE-2024-20919 CVE-2024-20921 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 8 Oracle Linux 9 [1:1.8.0.402.b06-0.2.0.1] - Update to shenandoah-jdk8u402-b06 (GA) - Update release notes for shenandoah-8u402-b06. - Add Oracle vendor bug URL [Orabug: 34340155] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-20945 CVE-2024-20918 CVE-2024-20921 CVE-2024-20926 CVE-2024-20952 CVE-2024-20919 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 Oracle Linux 9 [1:11.0.22.0.7-2.0.1] - Update to openjdk-11.0.22+7 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-20918 CVE-2024-20921 CVE-2024-20919 CVE-2024-20926 CVE-2024-20945 CVE-2024-20952 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 Oracle Linux 9 [1:17.0.10.0.7-2.0.1] - Rebase to 17.0.10.0.7 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-20932 CVE-2024-20952 CVE-2024-20945 CVE-2024-20918 CVE-2024-20921 CVE-2024-20919 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 9 [1:3.0.7-25.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.7-25] - Provide relevant diagnostics when FIPS checksum is corrupted Resolves: RHEL-5317 - Don't limit using SHA1 in KDFs in non-FIPS mode. Resolves: RHEL-5295 - Provide empty evp_properties section in main OpenSSL configuration file Resolves: RHEL-11439 - Avoid implicit function declaration when building openssl Resolves: RHEL-1780 - Forbid explicit curves when created via EVP_PKEY_fromdata Resolves: RHEL-5304 - AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries (CVE-2023-2975) Resolves: RHEL-5302 - Excessive time spent checking DH keys and parameters (CVE-2023-3446) Resolves: RHEL-5306 - Excessive time spent checking DH q parameter value (CVE-2023-3817) Resolves: RHEL-5308 - Fix incorrect cipher key and IV length processing (CVE-2023-5363) Resolves: RHEL-13251 - Switch explicit FIPS indicator for RSA-OAEP to approved following clarification with CMVP Resolves: RHEL-14083 - Backport the check required by SP800-56Br2 6.4.1.2.1 (3.c) Resolves: RHEL-14083 - Add missing ECDH Public Key Check in FIPS mode Resolves: RHEL-15990 - Excessive time spent in DH check/generation with large Q parameter value (CVE-2023-5678) Resolves: RHEL-15954 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-5363 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 php [8.1.27-1] - rebase to 8.1.27 RHEL-19093 [8.1.14-1] - rebase to 8.1.14 [8.1.8-1] - update to 8.1.8 #2070040 [8.1.7-2] - clean unneeded dependency on useradd command [8.1.7-1] - update to 8.1.7 #2070040 [8.1.6-2] - add upstream patch to initialize pcre before mbstring - add upstream patch to use more sha256 in openssl tests [8.1.6-1] - update to 8.1.6 #2070040 php-pecl-apcu [5.1.21-1] - update to 5.1.21 for PHP 8.1 #2070040 php-pecl-rrd [2.0.3-4] - build for PHP 8.1 #2070040 php-pecl-xdebug3 [3.1.4-1] - update to 3.1.4 for PHP 8.1 #2070040 php-pecl-zip [1.20.1-1] - update to 1.20.1 for PHP 8.1 #2070040 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-0568 CVE-2023-0567 CVE-2023-3824 CVE-2023-3823 CVE-2023-3247 CVE-2023-0662 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [5.14.0-362.18.1.el9_3.OL9] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5.el9 - Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944] - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Disable unified kernel image package build - Add Oracle Linux IMA certificates [5.14.0] - Debranding patches copied from Rocky Linux (Louis Abel and Sherif Nagy from RESF) [5.14.0-362.18.1.el9_3] - nfp: fix use-after-free in area_cache_get() (Ricardo Robaina) [RHEL-19456 RHEL-19536 RHEL-6566 RHEL-7241] {CVE-2022-3545} - rtla: Fix uninitialized variable found (John Kacur) [RHEL-18360 RHEL-10079] - rtla/timerlat: Do not stop user-space if a cpu is offline (John Kacur) [RHEL-18360 RHEL-10079] - rtla/timerlat_aa: Fix previous IRQ delay for IRQs that happens after thread sample (John Kacur) [RHEL-18360 RHEL-10079] - rtla/timerlat_aa: Fix negative IRQ delay (John Kacur) [RHEL-18360 RHEL-10079] - rtla/timerlat_aa: Zero thread sum after every sample analysis (John Kacur) [RHEL-18360 RHEL-10079] - rtla/timerlat_hist: Add timerlat user-space support (John Kacur) [RHEL-18360 RHEL-10079] - rtla/timerlat_top: Add timerlat user-space support (John Kacur) [RHEL-18360 RHEL-10079] - rtla/hwnoise: Reduce runtime to 75% (John Kacur) [RHEL-18360 RHEL-10079] - rtla: Start the tracers after creating all instances (John Kacur) [RHEL-18360 RHEL-10079] - rtla/timerlat_hist: Add auto-analysis support (John Kacur) [RHEL-18360 RHEL-10079] - rtla/timerlat: Give timerlat auto analysis its own instance (John Kacur) [RHEL-18360 RHEL-10079] - rtla: Automatically move rtla to a house-keeping cpu (John Kacur) [RHEL-18360 RHEL-10079] - rtla: Change monitored_cpus from char * to cpu_set_t (John Kacur) [RHEL-18360 RHEL-10079] - rtla: Add --house-keeping option (John Kacur) [RHEL-18360 RHEL-10079] - rtla: Add -C cgroup support (John Kacur) [RHEL-18360 RHEL-10079] - ata: ahci: Add Intel Alder Lake-P AHCI controller to low power chipsets list (Tomas Henzl) [RHEL-19394 RHEL-10941] - fbcon: set_con2fb_map needs to set con2fb_map! (Jocelyn Falempe) [RHEL-1106 RHEL-1109 RHEL-12930 RHEL-13899] {CVE-2023-38409} - fbcon: Fix error paths in set_con2fb_map (Jocelyn Falempe) [RHEL-1106 RHEL-1109 RHEL-12930 RHEL-13899] {CVE-2023-38409} - net: tun: fix bugs for oversize packet when napi frags enabled (Ricardo Robaina) [RHEL-12495 RHEL-12496 RHEL-7186 RHEL-7264] {CVE-2023-3812} - netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR (Florian Westphal) [RHEL-10536 RHEL-10538 RHEL-10537 RHEL-10539] {CVE-2023-4015} - md: Put the right device in md_seq_next (Nigel Croxon) [RHEL-16363 RHEL-12455] - dpll: sanitize possible null pointer dereference in dpll_pin_parent_pin_set() (Michal Schmidt) [RHEL-19677 RHEL-19095] {CVE-2023-6679} - dpll: Fix potential msg memleak when genlmsg_put_reply failed (Michal Schmidt) [RHEL-19677 RHEL-19095] {CVE-2023-6679} - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (Bastien Nocera) [RHEL-19003 RHEL-2717] {CVE-2023-40283} - tcp: enforce receive buffer memory limits by allowing the tcp window to shrink (Felix Maurer) [RHEL-16129 RHEL-11592] - tcp: adjust rcv_ssthresh according to sk_reserved_mem (Felix Maurer) [RHEL-16129 RHEL-11592] - md: raid0: account for split bio in iostat accounting (Nigel Croxon) [RHEL-4082 RHEL-2718] - can: af_can: fix NULL pointer dereference in can_rcv_filter (Ricardo Robaina) [RHEL-19465 RHEL-19526 RHEL-6428 RHEL-7052] {CVE-2023-2166} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-2166 CVE-2023-5633 CVE-2023-3777 CVE-2023-6679 CVE-2023-46813 CVE-2023-4622 CVE-2023-4623 CVE-2023-40283 CVE-2023-42753 CVE-2022-3545 CVE-2023-2176 CVE-2023-3812 CVE-2023-5178 CVE-2023-4015 CVE-2022-41858 CVE-2023-38409 CVE-2022-36402 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [4.16.1.3-27] - TOCTOU race in checks for unsafe symlinks (CVE-2021-35937) - races with chown/chmod/capabilities calls during installation (CVE-2021-35938) - checks for unsafe symlinks are not performed for intermediary directories (CVE-2021-35939) MODERATE Copyright 2024 Oracle, Inc. CVE-2021-35937 CVE-2021-35939 CVE-2021-35938 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [1.26.5-3.0.1.1] - Security fix for CVE-2023-45803 Resolves: RHEL-16874 - Security fix for CVE-2023-43804 Resolves: RHEL-12001 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-45803 CVE-2023-43804 cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [3.34.1-7] - Fixes CVE-2023-7104 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-7104 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [3.9.18-1.1] - Security fix for CVE-2023-27043 Resolves: RHEL-20613 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-27043 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [2.06-70.0.2.2] - search command: add flag to only search root dev - Resolves: #CVE-2023-4001 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-4001 cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [1:9.0.62-37.el9_3.1] - Resolves: #2235370 CVE-2023-41080 tomcat: Open Redirect vulnerability in FORM authentication - Resolves: #2243749 CVE-2023-45648 tomcat: incorrectly parsed http trailer headers can cause request smuggling - Resolves: #2243751 CVE-2023-42794 tomcat: FileUpload: DoS due to accumulation of temporary files on Windows - Resolves: #2243752 CVE-2023-42795 tomcat: improper cleaning of recycled objects could lead to information leak MODERATE Copyright 2024 Oracle, Inc. CVE-2023-45648 CVE-2023-41080 CVE-2023-42795 CVE-2023-42794 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [8.3.1-11.2] - Add patches for CVE-2023-47235, CVE-2023-47234, CVE-2023-38406, CVE-2023-38407 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-47235 CVE-2023-38407 CVE-2023-47234 CVE-2023-38406 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [3.7.6-23.3] - Fixes for CVE-2023-5981, CVE-2024-0553, CVE-2024-0567 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-0553 CVE-2024-0567 CVE-2023-5981 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [1.13.1-3.6] - Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer overflow in DisableDevice Resolves: RHEL-20389 - Fix CVE-2024-21885 tigervnc: xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent Resolves: RHEL-20383 - Fix CVE-2024-0229 tigervnc: xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access Resolves: RHEL-20533 - Fix CVE-2023-6816 tigervnc: xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer Resolves: RHEL-21213 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-21885 CVE-2023-6816 CVE-2024-21886 CVE-2024-0229 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [115.7.0-1.0.1] - Update to 115.7.0 build1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-0742 CVE-2024-0749 CVE-2024-0747 CVE-2024-0750 CVE-2024-0755 CVE-2024-0751 CVE-2024-0741 CVE-2024-0746 CVE-2024-0753 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [115.7.0.1.0.1] - Update to 115.7.0 build 1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-0747 CVE-2024-0746 CVE-2024-0751 CVE-2024-0742 CVE-2024-0755 CVE-2024-0741 CVE-2024-0753 CVE-2024-0750 CVE-2024-0749 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [4:1.1.12-1] - update to https://github.com/opencontainers/runc/releases/tag/v1.1.12 - Related: RHEL-2112 [4:1.1.11-1] - update to https://github.com/opencontainers/runc/releases/tag/v1.1.11 - Related: RHEL-2112 [4:1.1.10-3] - Rebuild for CVEs: CVE-2023-39321 CVE-2023-39322 CVE-2023-29409 - Related: Jira:RHEL-2792 - Related: Jira:RHEL-7454 [4:1.1.10-2] - require container-selinux >= 2.224.0 for dmz feature - Related: Jira:RHEL-2112 [4:1.1.10-1] - update to https://github.com/opencontainers/runc/releases/tag/v1.1.10 - Related: RHEL-2112 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-21626 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [2:2.99.8-4] - fix CVE-2023-44441 - fix CVE-2023-44442 - fix CVE-2023-44443 - fix CVE-2023-44444 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-44442 CVE-2023-44441 CVE-2023-44443 CVE-2023-44444 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [3.90.0-6] - Fix ecc DER wrapping. [3.90.0-5] - Pick up validated constant time implementations of p256, p384, and p521 from upsream - More Fips indicator changes MODERATE Copyright 2024 Oracle, Inc. CVE-2023-6135 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [7.0.116-1.0.1] - Update to .NET SDK 7.0.116 and Runtime 7.0.16 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-21404 CVE-2024-21386 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [6.0.127-1.0.1] - Update to .NET SDK 6.0.127 and Runtime 6.0.27 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-21404 CVE-2024-21386 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 8 Oracle Linux 9 RHEL 9.3.0.Z ERRATUM [1.9.5p2-10] - CVE-2023-28487 sudo: Sudo does not escape control characters in sudoreplay output Resolves: RHEL-21834 - CVE-2023-28486 sudo: Sudo does not escape control characters in log messages Resolves: RHEL-21828 - CVE-2023-42465 sudo: Targeted Corruption of Register and Stack Variables Resolves: RHEL-21821 RHEL 8.9.0.Z ERRATUM [1.9.5p2-1] - Rebase to 1.9.5p2 - CVE-2023-28486 sudo: Sudo does not escape control characters in log messages Resolves: RHEL-21825 - CVE-2023-28487 sudo: Sudo does not escape control characters in sudoreplay output Resolves: RHEL-21831 - CVE-2023-42465 sudo: Targeted Corruption of Register and Stack Variables Resolves: RHEL-21820 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-28487 CVE-2023-28486 CVE-2023-42465 cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:8:9:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [8.0.102-2.0.1] - Update to .NET SDK 8.0.102 and Runtime 8.0.2 - Add -dbg subpackages for symbol files - Resolves: RHEL-23070 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-21386 CVE-2024-21404 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 pgaudit pg_repack postgres-decoderbufs postgresql [15.6-1] - update to 15.6 - Fixes CVE-2024-0985 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-0985 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9:2:appstream_patch Oracle Linux 9 [13.14-1.0.1] - Update to 13.14 - Fixes CVE-2024-0985 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-0985 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [115.8.0-1.0.1] - Update to 115.8.0 build 1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1548 CVE-2024-1550 CVE-2024-1552 CVE-2024-1549 CVE-2024-1553 CVE-2024-1546 CVE-2024-1547 CVE-2024-1551 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [115.8.0-1.0.1] - Add Oracle modifications [115.8.0-1] - Update to 115.8.0 build1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1549 CVE-2024-1552 CVE-2024-1548 CVE-2024-1553 CVE-2024-1546 CVE-2024-1550 CVE-2024-1547 CVE-2024-1551 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [0.23.0-4] - Fix CVE-2023-5992: Side-channel leaks while stripping encryption PKCS#1.5 padding MODERATE Copyright 2024 Oracle, Inc. CVE-2023-5992 cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [1.16.2-3.1] - Fix DNSSEC validation vulnerabilities which can lead to DoS in trivially orchestrated attacks (CVE-2023-50387 and CVE-2023-50868) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-50868 CVE-2023-50387 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [20230524-4.el9_3.2] - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Pa.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Add-Unit-tests-to-CI-and-create-Host-Test.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Un.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Pa.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Un.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Patc.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Unit.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Patc.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Unit.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p2.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p3.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p4.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Adds-a-SecurityFix.yaml-file.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Re.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Dhcp6Dxe-Removes-duplicate-check-and-repl.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Dhcp6Dxe-Packet-Length-is-not-updated-bef.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Updating-SecurityFixes.yaml.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - Resolves: RHEL-21841 (CVE-2023-45229 edk2: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message [rhel-9]) - Resolves: RHEL-21843 (CVE-2023-45230 edk2: Buffer overflow in the DHCPv6 client via a long Server ID option [rhel-9]) - Resolves: RHEL-21845 (CVE-2023-45231 edk2: Out of Bounds read when handling a ND Redirect message with truncated options [rhel-9]) - Resolves: RHEL-21847 (CVE-2023-45232 edk2: Infinite loop when parsing unknown options in the Destination Options header [rhel-9]) - Resolves: RHEL-21849 (TRIAGE CVE-2023-45233 edk2: Infinite loop when parsing a PadN option in the Destination Options header [rhel-9]) - Resolves: RHEL-21851 (CVE-2023-45234 edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message [rhel-9]) - Resolves: RHEL-21853 (TRIAGE CVE-2023-45235 edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message [rhel-9]) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-45230 CVE-2023-45234 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [7.76.1-26.el9_3.3] - cap SFTP packet size sent (RHEL-14697) - lowercase the domain names before PSL checks (CVE-2023-46218) MODERATE Copyright 2024 Oracle, Inc. CVE-2023-46218 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [8.7p1-34.3] - Fix Terrapin attack (CVE-2023-48795) Resolves: RHEL-19764 - Forbid shell metasymbols in username/hostname (CVE-2023-51385) Resolves: RHEL-19822 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-48795 CVE-2023-51385 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [1.20.12-1] - Rebase to 1.20.12 - Fix CVE-2023-45285 CVE-2023-39326 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-39326 CVE-2023-45285 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1:9.0.62-37.el9_3.2] - Resolves: #2252050 HTTP request smuggling via malformed trailer headers (CVE-2023-46589) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-46589 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [7.3.0-13] - Backport fix for CVE-2023-3674 Resolves: RHEL-21013 LOW Copyright 2024 Oracle, Inc. CVE-2023-3674 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [8.0.36-1] - Update to MySQL 8.0.36 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-22048 CVE-2023-22092 CVE-2023-22097 CVE-2023-21962 CVE-2023-21929 CVE-2024-20969 CVE-2024-20983 CVE-2024-20962 CVE-2024-20974 CVE-2024-20981 CVE-2024-20968 CVE-2023-21935 CVE-2023-22064 CVE-2023-22115 CVE-2023-21955 CVE-2023-22056 CVE-2024-20960 CVE-2023-22053 CVE-2023-22068 CVE-2024-20964 CVE-2023-21911 CVE-2023-21946 CVE-2023-21972 CVE-2023-22005 CVE-2023-22038 CVE-2023-22070 CVE-2023-22110 CVE-2023-22111 CVE-2024-20971 CVE-2024-20972 CVE-2024-20973 CVE-2024-20982 CVE-2023-21947 CVE-2023-21980 CVE-2023-21982 CVE-2023-22054 CVE-2023-22078 CVE-2024-20984 CVE-2024-20985 CVE-2023-21920 CVE-2023-21933 CVE-2023-22008 CVE-2023-22033 CVE-2023-22065 CVE-2024-20977 CVE-2024-20978 CVE-2023-21953 CVE-2023-21940 CVE-2023-21966 CVE-2023-21976 CVE-2023-21977 CVE-2023-22066 CVE-2023-22079 CVE-2023-22103 CVE-2024-20961 CVE-2024-20965 CVE-2024-20966 CVE-2024-20967 CVE-2024-20976 CVE-2023-22007 CVE-2023-22059 CVE-2023-22113 CVE-2023-21919 CVE-2023-21945 CVE-2023-22032 CVE-2023-22046 CVE-2023-22058 CVE-2023-22084 CVE-2024-20963 CVE-2022-4899 CVE-2023-22057 CVE-2023-22104 CVE-2023-22112 CVE-2023-22114 CVE-2024-20970 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [2.4.22-3] - Reject '#' as part of URI path component (CVE-2023-45539, RHEL-18169) [2.4.22-2] - Reject any empty content-length header value (CVE-2023-40225, RHEL-7736) MODERATE Copyright 2024 Oracle, Inc. CVE-2023-40225 CVE-2023-45539 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [2.6-21.0.1] - rear: creates a world-readable initrd (CVE-2024-23301) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-23301 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [2:1.13.3-4] - Rebuild with golang 1.20.12: golang:net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326) MODERATE Copyright 2024 Oracle, Inc. CVE-2023-39326 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1.31.4-1.0.1] - update to https://github.com/containers/buildah/releases/tag/v1.31 - https://github.com/containers/buildah/commit/11bbf33 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-48795 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 Oracle Linux 9 [37.0.2-5.0.1] - Fix CVE-2023-49083: NULL-dereference when loading PKCS7 certificates [Orabug: 36143834] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-49083 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:8::appstream Oracle Linux 8 Oracle Linux 9 [36.0.1-4.0.1] - Fix CVE-2023-49083: NULL-dereference when loading PKCS7 certificates [Orabug: 36119159] [36.0.1-4] - Fix FTBFS caused by rsa_pkcs1_implicit_rejection OpenSSL feature, resolves rhbz#2203840 [36.0.1-3] - Fix CVE-2023-23931: Don't allow update_into to mutate immutable objects, resolves rhbz#2172399 - Fix FTBFS due to failing test_load_invalid_ec_key_from_pem and test_decrypt_invalid_decrypt IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-49083 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:8::baseos_latest cpe:/o:oracle:linux:8:9:baseos_patch Oracle Linux 9 [1:3.0.7-25.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.7-25] - Provide relevant diagnostics when FIPS checksum is corrupted Resolves: RHEL-5317 - Don't limit using SHA1 in KDFs in non-FIPS mode. Resolves: RHEL-5295 - Provide empty evp_properties section in main OpenSSL configuration file Resolves: RHEL-11439 - Avoid implicit function declaration when building openssl Resolves: RHEL-1780 - Forbid explicit curves when created via EVP_PKEY_fromdata Resolves: RHEL-5304 - AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries (CVE-2023-2975) Resolves: RHEL-5302 - Excessive time spent checking DH keys and parameters (CVE-2023-3446) Resolves: RHEL-5306 - Excessive time spent checking DH q parameter value (CVE-2023-3817) Resolves: RHEL-5308 - Fix incorrect cipher key and IV length processing (CVE-2023-5363) Resolves: RHEL-13251 - Switch explicit FIPS indicator for RSA-OAEP to approved following clarification with CMVP Resolves: RHEL-14083 - Backport the check required by SP800-56Br2 6.4.1.2.1 (3.c) Resolves: RHEL-14083 - Add missing ECDH Public Key Check in FIPS mode Resolves: RHEL-15990 - Excessive time spent in DH check/generation with large Q parameter value (CVE-2023-5678) Resolves: RHEL-15954 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-5363 cpe:/a:oracle:linux:9::userspace_ksplice Oracle Linux 9 - [5.14.0-362.18.0.1_3.OL9] - nfp: fix use-after-free in area_cache_get() (Jialiang Wang) {CVE-2022-3545} - drivers: net: slip: fix NPD bug in sl_tx_timeout() (Duoming Zhou) {CVE-2022-41858} - can: af_can: fix NULL pointer dereference in can_rcv_filter (Oliver Hartkopp) {CVE-2023-2166} - RDMA/core: Fix resolve_prepare_src error cleanup (Patrisious Haddad) {CVE-2023-2176} - netfilter: nf_tables: skip bound chain on rule flush (Pablo Neira Ayuso} {CVE-2023-3777} - net: tun: fix bugs for oversize packet when napi frags enabled (Ziyang Xuan) {CVE-2023-3812} - netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR (Pablo Neira Ayuso) {CVE-2023-4015} - af_unix: Fix null-ptr-deref in unix_stream_sendpage(). (Kuniyuki Iwashima) {CVE-2023-4622} - nvmet-tcp: Fix a possible UAF in queue intialization setup (Sagi Grimberg) {CVE-2023-5178} - fbcon: set_con2fb_map needs to set con2fb_map! (Daniel Vetter) {CVE-2023-38409} - fbcon: Fix error paths in set_con2fb_map (Daniel Vetter) {CVE-2023-38409} - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (Sungwoo Kim) {CVE-2023-40283) - netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c (Kyle Zeng) {CVE-2023-42753} - x86/sev: Check IOBM for IOIO exceptions from user-space (Joerg Roedel) {CVE-2023-46813} - x86/sev: Disable MMIO emulation from user mode (Borislav Petkov) {CVE-2023-46813} - x86/sev: Check for user-space IOIO pointing to kernel space (Joerg Roedel) {CVE-2023-46813} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-40283 CVE-2023-4015 CVE-2023-3812 CVE-2023-5178 CVE-2022-3545 CVE-2023-2176 CVE-2023-3777 CVE-2022-41858 CVE-2023-2166 CVE-2023-4622 CVE-2023-42753 CVE-2023-46813 CVE-2023-38409 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [5.14.0-362.18.0.2] - net/sched: sch_hfsc: Ensure inner classes have fsc curve {CVE-2023-4623} - net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve {CVE-2023-4623} - dpll: core: Add DPLL framework base functions {CVE-2023-6679} - dpll: spec: Add Netlink spec in YAML {CVE-2023-6679} - dpll: netlink: Add DPLL framework base functions {CVE-2023-6679} - netdev: expose DPLL pin handle for netdevice {CVE-2023-6679} - netdev: Remove unneeded semicolon {CVE-2023-6679} - dpll: netlink/core: add support for pin-dpll signal phase offset/adjust {CVE-2023-6679} - dpll: netlink/core: change pin frequency set behavior {CVE-2023-6679} - dpll: Fix potential msg memleak when genlmsg_put_reply failed {CVE-2023-6679} - dpll: sanitize possible null pointer dereference in dpll_pin_parent_pin_set() {CVE-2023-6679} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-6679 CVE-2023-4623 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 8 Oracle Linux 9 [5.15.0-203.146.5.1] - Revert 'selftests/bpf: Test tail call counting with bpf2bpf and data on stack' (Samasth Norway Ananda) [Orabug: 36277693] - Revert 'tcp: fix excessive TLP and RACK timeouts from HZ rounding' (Sherry Yang) [Orabug: 36277684] [5.15.0-203.146.5] - i2c: core: Fix atomic xfer check for non-preempt config (Benjamin Bara) - keys, dns: Fix missing size check of V1 server-list header (Edward Adam Davis) - wifi: iwlwifi: pcie: don't synchronize IRQs from IRQ (Johannes Berg) - tracing/kprobes: Fix symbol counting logic by looking at modules as well (Andrii Nakryiko) [5.15.0-203.146.4] - rds: Handle pages in use when purging an RDS Message (Hakon Bugge) [Orabug: 36054361] - rds: ib: Consolidate per-cpu free list for siblings (Hakon Bugge) [Orabug: 35904643] - rds: ib: Make sure per-cpu recv cache structure is cache-line aligned (Hakon Bugge) [Orabug: 35904643] - sched/fair: Fix tg->load when offlining a CPU (Vincent Guittot) [Orabug: 36185206] [5.15.0-203.146.3] - thermal/of: Initialize trip points separately (Daniel Lezcano) [Orabug: 36178522] - thermal/of: Use thermal trips stored in the thermal zone (Daniel Lezcano) [Orabug: 36178522] - uek-container: strip symbols from vmlinux (Boris Ostrovsky) [Orabug: 36170888] - KSPLICE: make sure the stack is zeroed. (Gregory Herrero) [Orabug: 36155235] - nvme-tcp: don't access released socket during error recovery (Akinobu Mita) [Orabug: 36127728] - vhost-vdpa: fix use after free in vhost_vdpa_probe() (Dan Carpenter) [Orabug: 36072714] - vdpa_sim_blk: allocate the buffer zeroed (Stefano Garzarella) [Orabug: 36072714] - vdpa_sim: implement .reset_map support (Si-Wei Liu) [Orabug: 36072714] - vdpa/mlx5: implement .reset_map driver op (Si-Wei Liu) [Orabug: 36072714] - vhost-vdpa: clean iotlb map during reset for older userspace (Si-Wei Liu) [Orabug: 36072714] - vdpa: introduce .compat_reset operation callback (Si-Wei Liu) [Orabug: 36072714] - vhost-vdpa: introduce IOTLB_PERSIST backend feature bit (Si-Wei Liu) [Orabug: 36072714] - vhost-vdpa: reset vendor specific mapping to initial state in .release (Si-Wei Liu) [Orabug: 36072714] - vdpa: introduce .reset_map operation callback (Si-Wei Liu) [Orabug: 36072714] - vdpa: Update sysfs ABI documentation (Shawn.Shao) [Orabug: 36072714] - mlx5_vdpa: offer VHOST_BACKEND_F_ENABLE_AFTER_DRIVER_OK (Eugenio Perez) [Orabug: 36072714] - vdpa/mlx5: Update cvq iotlb mapping on ASID change (Dragos Tatulea) [Orabug: 36072714] - vdpa/mlx5: Make iotlb helper functions more generic (Dragos Tatulea) [Orabug: 36072714] - vdpa/mlx5: Enable hw support for vq descriptor mapping (Dragos Tatulea) [Orabug: 36072714] - vdpa/mlx5: Expose descriptor group mkey hw capability (Dragos Tatulea) [Orabug: 36072714] - vdpa/mlx5: Introduce mr for vq descriptor (Dragos Tatulea) [Orabug: 36072714] - vdpa/mlx5: Improve mr update flow (Dragos Tatulea) [Orabug: 36072714] - vdpa/mlx5: Move mr mutex out of mr struct (Dragos Tatulea) [Orabug: 36072714] - vdpa/mlx5: Allow creation/deletion of any given mr struct (Dragos Tatulea) [Orabug: 36072714] - vdpa/mlx5: Rename mr destroy functions (Dragos Tatulea) [Orabug: 36072714] - vdpa/mlx5: Collapse 'dvq' mr add/delete functions (Dragos Tatulea) [Orabug: 36072714] - vdpa/mlx5: Take cvq iotlb lock during refresh (Dragos Tatulea) [Orabug: 36072714] - vdpa/mlx5: Decouple cvq iotlb handling from hw mapping code (Dragos Tatulea) [Orabug: 36072714] - vdpa/mlx5: Create helper function for dma mappings (Dragos Tatulea) [Orabug: 36072714] - vhost-vdpa: uAPI to get dedicated descriptor group id (Si-Wei Liu) [Orabug: 36072714] - vhost-vdpa: introduce descriptor group backend feature (Si-Wei Liu) [Orabug: 36072714] - vdpa: introduce dedicated descriptor group for virtqueue (Si-Wei Liu) [Orabug: 36072714] - vdpa/mlx5: Fix firmware error on creation of 1k VQs (Dragos Tatulea) [Orabug: 36072714] - vdpa/mlx5: Fix double release of debugfs entry (Dragos Tatulea) [Orabug: 36072714] - vdpa_sim: offer VHOST_BACKEND_F_ENABLE_AFTER_DRIVER_OK (Eugenio Perez) [Orabug: 36072714] - vdpa: add get_backend_features vdpa operation (Eugenio Perez) [Orabug: 36072714] - vdpa: accept VHOST_BACKEND_F_ENABLE_AFTER_DRIVER_OK backend feature (Eugenio Perez) [Orabug: 36072714] - vdpa: add VHOST_BACKEND_F_ENABLE_AFTER_DRIVER_OK flag (Eugenio Perez) [Orabug: 36072714] - vdpa/mlx5: Remove unused function declarations (Yue Haibing) [Orabug: 36072714] - vdpa/mlx5: Delete control vq iotlb in destroy_mr only when necessary (Eugenio Perez) [Orabug: 36072714] - vdpa/mlx5: Fix mr->initialized semantics (Dragos Tatulea) [Orabug: 36072714] - vdpa/mlx5: Correct default number of queues when MQ is on (Dragos Tatulea) [Orabug: 36072714] - virtio-vdpa: Fix cpumask memory leak in virtio_vdpa_find_vqs() (Gal Pressman) [Orabug: 36072714] - vdpa: Enable strict validation for netlinks ops (Dragos Tatulea) [Orabug: 36072714] - vdpa: Add max vqp attr to vdpa_nl_policy for nlattr length check (Lin Ma) [Orabug: 36072714] - vdpa: Add queue index attr to vdpa_nl_policy for nlattr length check (Lin Ma) [Orabug: 36072714] - vdpa: Add features attr to vdpa_nl_policy for nlattr length check (Lin Ma) [Orabug: 36072714] - virtio-vdpa: Fix unchecked call to NULL set_vq_affinity (Dragos Tatulea) [Orabug: 36072714] - vhost_vdpa: tell vqs about the negotiated (Shannon Nelson) [Orabug: 36072714] - vdpa/mlx5: Fix hang when cvq commands are triggered during device unregister (Dragos Tatulea) [Orabug: 36072714] - vhost: use kzalloc() instead of kmalloc() followed by memset() (Prathu Baronia) [Orabug: 36072714] - vhost_vdpa: fix unmap process in no-batch mode (Cindy Lu) [Orabug: 36072714] - vdpa_sim: move buffer allocation in the devices (Stefano Garzarella) [Orabug: 36072714] - vdpa_sim_blk: add support for discard and write-zeroes (Stefano Garzarella) [Orabug: 36072714] - vdpa_sim_blk: use dev_dbg() to print errors (Stefano Garzarella) [Orabug: 36072714] - vringh: address kdoc warnings (Simon Horman) [Orabug: 36072714] - vdpa: address kdoc warnings (Simon Horman) [Orabug: 36072714] - vdpa_sim: add support for user VA (Stefano Garzarella) [Orabug: 36072714] - vdpa_sim: replace the spinlock with a mutex to protect the state (Stefano Garzarella) [Orabug: 36072714] - vdpa_sim: use kthread worker (Stefano Garzarella) [Orabug: 36072714] - vdpa_sim: make devices agnostic for work management (Stefano Garzarella) [Orabug: 36072714] - vringh: support VA with iotlb (Stefano Garzarella) [Orabug: 36072714] - fix 'direction' argument of iov_iter_{init,bvec}() (Al Viro) [Orabug: 36072714] - vringh: define the stride used for translation (Stefano Garzarella) [Orabug: 36072714] - vringh: replace kmap_atomic() with kmap_local_page() (Stefano Garzarella) [Orabug: 36072714] - vhost-vdpa: use bind_mm/unbind_mm device callbacks (Stefano Garzarella) [Orabug: 36072714] - vdpa: add bind_mm/unbind_mm callbacks (Stefano Garzarella) [Orabug: 36072714] - vringh: fix typos in the vringh_init_* documentation (Stefano Garzarella) [Orabug: 36072714] - virtio-vdpa: Support interrupt affinity spreading mechanism (Xie Yongji) [Orabug: 36072714] - vdpa: Add set/get_vq_affinity callbacks in vdpa_config_ops (Xie Yongji) [Orabug: 36072714] - vdpa/mlx5: Avoid losing link state updates (Eli Cohen) [Orabug: 36072714] - vdpa_sim_net: complete the initialization before register the device (Stefano Garzarella) [Orabug: 36072714] - vdpa/mlx5: Add and remove debugfs in setup/teardown driver (Eli Cohen) [Orabug: 36072714] - vdpa/mlx5: Add RX counters to debugfs (Eli Cohen) [Orabug: 36072714] - vdpa/mlx5: Add debugfs subtree (Eli Cohen) [Orabug: 36072714] - rds: Remove RDS FMR Code (William Kucharski) [Orabug: 35445338] [5.15.0-203.146.2] - LTS version: v5.15.146 (Vijayendra Suman) - bpf: Fix prog_array_map_poke_run map poke update (Jiri Olsa) - device property: Allow const parameter to dev_fwnode() (Andy Shevchenko) - dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata() (Mikulas Patocka) - ring-buffer: Fix slowpath of interrupted event (Steven Rostedt (Google)) - netfilter: nf_tables: skip set commit for deleted/destroyed sets (Pablo Neira Ayuso) - ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() (Namjae Jeon) - ring-buffer: Remove useless update to write_stamp in rb_try_to_discard() (Steven Rostedt (Google)) - tracing: Fix blocked reader of snapshot buffer (Steven Rostedt (Google)) - ring-buffer: Fix wake ups when buffer_percent is set to 100 (Steven Rostedt (Google)) - mm/filemap: avoid buffered read/write race to read inconsistent data (Baokun Li) - Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg (Hyunwoo Kim) - smb: client: fix OOB in smbCalcSize() (Paulo Alcantara) - smb: client: fix OOB in SMB2_query_info_init() (Paulo Alcantara) - iio: imu: adis16475: add spi_device_id table (Nuno Sa) - spi: Introduce spi_get_device_match_data() helper (Andy Shevchenko) - device property: Add const qualifier to device_get_match_data() parameter (Andy Shevchenko) - net: usb: ax88179_178a: avoid failed operations when device is disconnected (Jose Ignacio Tornos Martinez) - net: usb: ax88179_178a: wol optimizations (Justin Chen) - net: usb: ax88179_178a: clean up pm calls (Justin Chen) - usb: fotg210-hcd: delete an incorrect bounds test (Dan Carpenter) - ARM: dts: Fix occasional boot hang for am3 usb (Tony Lindgren) - ksmbd: fix wrong allocation size update in smb2_open() (Namjae Jeon) - ksmbd: avoid duplicate opinfo_put() call on error of smb21_lease_break_ack() (Namjae Jeon) - ksmbd: lazy v2 lease break on smb2_write() (Namjae Jeon) - ksmbd: send v2 lease break notification for directory (Namjae Jeon) - ksmbd: downgrade RWH lease caching state to RH for directory (Namjae Jeon) - ksmbd: set v2 lease capability (Namjae Jeon) - ksmbd: set epoch in create context v2 lease (Namjae Jeon) - ksmbd: have a dependency on cifs ARC4 (Namjae Jeon) - fuse: share lookup state between submount and its parent (Krister Johansen) - x86/alternatives: Sync core before enabling interrupts (Thomas Gleixner) - KVM: arm64: vgic: Force vcpu vgic teardown on vcpu destroy (Marc Zyngier) - lib/vsprintf: Fix %pfwf when current node refcount == 0 (Herve Codina) - gpio: dwapb: mask/unmask IRQ when disable/enale it (xiongxin) - bus: ti-sysc: Flush posted write only after srst_udelay (Tony Lindgren) - tracing / synthetic: Disable events after testing in synth_event_gen_test_init() (Steven Rostedt (Google)) - scsi: core: Always send batch on reset or error handling command (Alexander Atanasov) - dt-bindings: nvmem: mxs-ocotp: Document fsl,ocotp (Fabio Estevam) - net: ks8851: Fix TX stall caused by TX buffer overrun (Ronald Wahl) - net: rfkill: gpio: set GPIO direction (Rouven Czerwinski) - net: 9p: avoid freeing uninit memory in p9pdu_vreadf (Fedor Pchelkin) - Input: soc_button_array - add mapping for airplane mode button (Christoffer Sandberg) - Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE (Xiao Yao) - Bluetooth: L2CAP: Send reject on command corrupted request (Frederic Danis) - Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent (Luiz Augusto von Dentz) - USB: serial: option: add Quectel RM500Q R13 firmware support (Reinhard Speyerer) - USB: serial: option: add Foxconn T99W265 with new baseline (Slark Xiao) - USB: serial: option: add Quectel EG912Y module support (Alper Ak) - USB: serial: ftdi_sio: update Actisense PIDs constant names (Mark Glover) - wifi: cfg80211: fix certs build to not depend on file order (Johannes Berg) - wifi: cfg80211: Add my certificate (Chen-Yu Tsai) - ALSA: usb-audio: Increase delay in MOTU M quirk (Jeremie Knuesel) - iio: triggered-buffer: prevent possible freeing of wrong buffer (David Lechner) - iio: adc: ti_am335x_adc: Fix return value check of tiadc_request_dma() (Wadim Egorov) - iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table (Javier Carrasco) - scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() (Wei Yongjun) - Input: ipaq-micro-keys - add error handling for devm_kmemdup (Haoran Liu) - iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw (Su Hui) - interconnect: Treat xlate() returning NULL node as an error (Mike Tipton) - smb: client: fix OOB in smb2_query_reparse_point() (Paulo Alcantara) - smb: client: fix NULL deref in asn1_ber_decoder() (Paulo Alcantara) - drm/i915: Fix intel_atomic_setup_scalers() plane_state handling (Ville Syrjala) - drm/i915: Relocate intel_atomic_setup_scalers() (Ville Syrjala) - drm/i915/mtl: limit second scaler vertical scaling in ver >= 14 (Luca Coelho) - ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE (Namjae Jeon) - gpiolib: cdev: add gpio_device locking wrapper around gpio_ioctl() (Kent Gibson) - pinctrl: at91-pio4: use dedicated lock class for IRQ (Alexis Lothore) - i2c: aspeed: Handle the coalesced stop conditions with the start conditions. (Quan Nguyen) - ASoC: hdmi-codec: fix missing report for jack initial status (Jerome Brunet) - afs: Fix use-after-free due to get/remove race in volume tree (David Howells) - afs: Use refcount_t rather than atomic_t (David Howells) - afs: Fix overwriting of result of DNS query (David Howells) - keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry (David Howells) - net: check dev->gso_max_size in gso_features_check() (Eric Dumazet) - afs: Fix dynamic root lookup DNS check (David Howells) - afs: Fix the dynamic root's d_delete to always delete unused dentries (David Howells) - net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev() (Liu Jian) - net: mana: select PAGE_POOL (Yury Norov) - net/rose: fix races in rose_kill_by_device() (Eric Dumazet) - ethernet: atheros: fix a memleak in atl1e_setup_ring_resources (Zhipeng Lu) - net: sched: ife: fix potential use-after-free (Eric Dumazet) - net/mlx5e: Correct snprintf truncation handling for fw_version buffer used by representors (Rahul Rameshbabu) - net/mlx5: Fix fw tracer first block check (Moshe Shemesh) - net/mlx5e: fix a potential double-free in fs_udp_create_groups (Dinghao Liu) - net/mlx5e: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list() (Shifeng Li) - Revert 'net/mlx5e: fix double free of encap_header' (Vlad Buslov) - Revert 'net/mlx5e: fix double free of encap_header in update funcs' (Vlad Buslov) - wifi: mac80211: mesh_plink: fix matches_local logic (Johannes Berg) - wifi: iwlwifi: pcie: add another missing bh-disable for rxq->lock (Johannes Berg) - s390/vx: fix save/restore of fpu kernel context (Heiko Carstens) - reset: Fix crash when freeing non-existent optional resets (Geert Uytterhoeven) - ARM: OMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init (Kunwu Chan) - LTS version: v5.15.145 (Vijayendra Suman) - kasan: disable kasan_non_canonical_hook() for HW tags (Arnd Bergmann) - tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols (Francis Laniel) - Revert 'drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers' (Amit Pundir) - Revert 'drm/bridge: lt9611uxc: Register and attach our DSI device at probe' (Amit Pundir) - Revert 'drm/bridge: lt9611uxc: fix the race in the error path' (Amit Pundir) - ksmbd: don't update ->op_state as OPLOCK_STATE_NONE on error (Namjae Jeon) - ksmbd: move setting SMB2_FLAGS_ASYNC_COMMAND and AsyncId (Namjae Jeon) - ksmbd: release interim response after sending status pending response (Namjae Jeon) - ksmbd: move oplock handling after unlock parent dir (Namjae Jeon) - ksmbd: separately allocate ci per dentry (Namjae Jeon) - ksmbd: fix possible deadlock in smb2_open (Namjae Jeon) - ksmbd: prevent memory leak on error return (Zongmin Zhou) - ksmbd: handle malformed smb1 message (Namjae Jeon) - ksmbd: fix kernel-doc comment of ksmbd_vfs_kern_path_locked() (Namjae Jeon) - ksmbd: no need to wait for binded connection termination at logoff (Namjae Jeon) - ksmbd: add support for surrogate pair conversion (Namjae Jeon) - ksmbd: fix missing RDMA-capable flag for IPoIB device in ksmbd_rdma_capable_netdev() (Kangjing Huang) - ksmbd: fix recursive locking in vfs helpers (Marios Makassikis) - ksmbd: fix kernel-doc comment of ksmbd_vfs_setxattr() (Namjae Jeon) - ksmbd: reorganize ksmbd_iov_pin_rsp() (Namjae Jeon) - ksmbd: Remove unused field in ksmbd_user struct (Cheng-Han Wu) - ksmbd: fix potential double free on smb2_read_pipe() error path (Namjae Jeon) - ksmbd: fix Null pointer dereferences in ksmbd_update_fstate() (Namjae Jeon) - ksmbd: fix wrong error response status by using set_smb2_rsp_status() (Namjae Jeon) - ksmbd: fix race condition between tree conn lookup and disconnect (Namjae Jeon) - ksmbd: fix race condition from parallel smb2 lock requests (Namjae Jeon) - ksmbd: fix race condition from parallel smb2 logoff requests (Namjae Jeon) - ksmbd: fix race condition with fp (Namjae Jeon) - ksmbd: fix race condition between session lookup and expire (Namjae Jeon) - ksmbd: check iov vector index in ksmbd_conn_write() (Namjae Jeon) - ksmbd: return invalid parameter error response if smb2 request is invalid (Namjae Jeon) - ksmbd: fix passing freed memory 'aux_payload_buf' (Namjae Jeon) - ksmbd: remove unneeded mark_inode_dirty in set_info_sec() (Namjae Jeon) - ksmbd: remove experimental warning (Steve French) - ksmbd: add missing calling smb2_set_err_rsp() on error (Namjae Jeon) - ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob() (Namjae Jeon) - ksmbd: Fix one kernel-doc comment (Yang Li) - ksmbd: reduce descriptor size if remaining bytes is less than request size (Namjae Jeon) - ksmbd: fix force create mode' and force directory mode' (Atte Heikkila) - ksmbd: fix wrong interim response on compound (Namjae Jeon) - ksmbd: add support for read compound (Namjae Jeon) - ksmbd: switch to use kmemdup_nul() helper (Yang Yingliang) - ksmbd: fix out of bounds in init_smb2_rsp_hdr() (Namjae Jeon) - ksmbd: validate session id and tree id in compound request (Namjae Jeon) - ksmbd: check if a mount point is crossed during path lookup (Namjae Jeon) - ksmbd: Fix unsigned expression compared with zero (Wang Ming) - ksmbd: Replace one-element array with flexible-array member (Gustavo A. R. Silva) - ksmbd: Use struct_size() helper in ksmbd_negotiate_smb_dialect() (Gustavo A. R. Silva) - ksmbd: add missing compound request handing in some commands (Namjae Jeon) - ksmbd: fix out of bounds read in smb2_sess_setup (Namjae Jeon) - ksmbd: Replace the ternary conditional operator with min() (Lu Hongfei) - ksmbd: use kvzalloc instead of kvmalloc (Namjae Jeon) - ksmbd: Change the return value of ksmbd_vfs_query_maximal_access to void (Lu Hongfei) - ksmbd: return a literal instead of 'err' in ksmbd_vfs_kern_path_locked() (Namjae Jeon) - ksmbd: use kzalloc() instead of __GFP_ZERO (Namjae Jeon) - ksmbd: remove unused ksmbd_tree_conn_share function (Namjae Jeon) - ksmbd: add mnt_want_write to ksmbd vfs functions (Namjae Jeon) - ksmbd: validate smb request protocol id (Namjae Jeon) - ksmbd: check the validation of pdu_size in ksmbd_conn_handler_loop (Namjae Jeon) - ksmbd: fix posix_acls and acls dereferencing possible ERR_PTR() (Namjae Jeon) - ksmbd: fix out-of-bound read in parse_lease_state() (Namjae Jeon) - ksmbd: fix out-of-bound read in deassemble_neg_contexts() (Namjae Jeon) - ksmbd: call putname after using the last component (Namjae Jeon) - ksmbd: fix UAF issue from opinfo->conn (Namjae Jeon) - ksmbd: fix multiple out-of-bounds read during context decoding (Kuan-Ting Chen) - ksmbd: fix uninitialized pointer read in smb2_create_link() (Namjae Jeon) - ksmbd: fix uninitialized pointer read in ksmbd_vfs_rename() (Namjae Jeon) - ksmbd: fix racy issue under cocurrent smb2 tree disconnect (Namjae Jeon) - ksmbd: fix racy issue from smb2 close and logoff with multichannel (Namjae Jeon) - ksmbd: block asynchronous requests when making a delay on session setup (Namjae Jeon) - ksmbd: destroy expired sessions (Namjae Jeon) - ksmbd: fix racy issue from session setup and logoff (Namjae Jeon) - ksmbd: fix racy issue from using ->d_parent and ->d_name (Namjae Jeon) - fs: introduce lock_rename_child() helper (Al Viro) - ksmbd: remove unused compression negotiate ctx packing (David Disseldorp) - ksmbd: avoid duplicate negotiate ctx offset increments (David Disseldorp) - ksmbd: set NegotiateContextCount once instead of every inc (David Disseldorp) - ksmbd: avoid out of bounds access in decode_preauth_ctxt() (David Disseldorp) - ksmbd: fix slab-out-of-bounds in init_smb2_rsp_hdr (Namjae Jeon) - ksmbd: delete asynchronous work from list (Namjae Jeon) - ksmbd: remove unused is_char_allowed function (Tom Rix) - ksmbd: fix wrong signingkey creation when encryption is AES256 (Namjae Jeon) - ksmbd: fix possible memory leak in smb2_lock() (Hangyu Hua) - ksmbd: Fix parameter name and comment mismatch (Jiapeng Chong) - ksmbd: Fix spelling mistake 'excceed' -> 'exceeded' (Colin Ian King) - ksmbd: update Kconfig to note Kerberos support and fix indentation (Steve French) - ksmbd: Remove duplicated codes (Dawei Li) - ksmbd: fix typo, syncronous->synchronous (Dawei Li) - ksmbd: Implements sess->rpc_handle_list as xarray (Dawei Li) - ksmbd: Implements sess->ksmbd_chann_list as xarray (Dawei Li) - ksmbd: send proper error response in smb2_tree_connect() (Marios Makassikis) - ksmbd: Convert to use sysfs_emit()/sysfs_emit_at() APIs (ye xingchen) - ksmbd: Fix resource leak in smb2_lock() (Marios Makassikis) - ksmbd: use F_SETLK when unlocking a file (Jeff Layton) - ksmbd: set SMB2_SESSION_FLAG_ENCRYPT_DATA when enforcing data encryption for this share (Namjae Jeon) - ksmbd: replace one-element arrays with flexible-array members (Gustavo A. R. Silva) - ksmbd: validate share name from share config response (Atte Heikkila) - ksmbd: call ib_drain_qp when disconnected (Namjae Jeon) - ksmbd: make utf-8 file name comparison work in __caseless_lookup() (Atte Heikkila) - ksmbd: hide socket error message when ipv6 config is disable (Namjae Jeon) - ksmbd: reduce server smbdirect max send/receive segment sizes (Tom Talpey) - ksmbd: decrease the number of SMB3 smbdirect server SGEs (Tom Talpey) - ksmbd: set NTLMSSP_NEGOTIATE_SEAL flag to challenge blob (Namjae Jeon) - ksmbd: fix encryption failure issue for session logoff response (Namjae Jeon) - ksmbd: fill sids in SMB_FIND_FILE_POSIX_INFO response (Namjae Jeon) - ksmbd: set file permission mode to match Samba server posix extension behavior (Namjae Jeon) - ksmbd: change security id to the one samba used for posix extension (Namjae Jeon) - ksmbd: casefold utf-8 share names and fix ascii lowercase conversion (Atte Heikkila) - ksmbd: remove generic_fillattr use in smb2_open() (Namjae Jeon) - ksmbd: constify struct path (Al Viro) - ksmbd: don't open-code %pD (Al Viro) - ksmbd: don't open-code file_path() (Al Viro) - ksmbd: remove unnecessary generic_fillattr in smb2_open (Hyunchul Lee) - ksmbd: request update to stale share config (Atte Heikkila) - ksmbd: use wait_event instead of schedule_timeout() (Namjae Jeon) - ksmbd: remove unused ksmbd_share_configs_cleanup function (Namjae Jeon) - ksmbd: remove duplicate flag set in smb2_write (Hyunchul Lee) - ksmbd: smbd: Remove useless license text when SPDX-License-Identifier is already used (Christophe JAILLET) - ksmbd: smbd: relax the count of sges required (Hyunchul Lee) - ksmbd: smbd: fix connection dropped issue (Hyunchul Lee) - ksmbd: Fix some kernel-doc comments (Yang Li) - ksmbd: fix wrong smbd max read/write size check (Namjae Jeon) - ksmbd: smbd: handle multiple Buffer descriptors (Hyunchul Lee) - ksmbd: smbd: change the return value of get_sg_list (Hyunchul Lee) - ksmbd: smbd: simplify tracking pending packets (Hyunchul Lee) - ksmbd: smbd: introduce read/write credits for RDMA read/write (Hyunchul Lee) - ksmbd: smbd: change prototypes of RDMA read/write related functions (Hyunchul Lee) - ksmbd: validate length in smb2_write() (Namjae Jeon) - ksmbd: remove filename in ksmbd_file (Namjae Jeon) - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common (Steve French) - ksmbd: replace usage of found with dedicated list iterator variable (Jakob Koschel) - ksmbd: Remove a redundant zeroing of memory (Christophe JAILLET) - ksmbd: shorten experimental warning on loading the module (Steve French) - ksmbd: store fids as opaque u64 integers (Paulo Alcantara (SUSE)) - ksmbd: use netif_is_bridge_port (Tobias Klauser) - ksmbd: add support for key exchange (Namjae Jeon) - ksmbd: smbd: validate buffer descriptor structures (Hyunchul Lee) - ksmbd: smbd: fix missing client's memory region invalidation (Hyunchul Lee) - ksmbd: add smb-direct shutdown (Namjae Jeon) - ksmbd: smbd: change the default maximum read/write, receive size (Hyunchul Lee) - ksmbd: smbd: create MR pool (Hyunchul Lee) - ksmbd: smbd: call rdma_accept() under CM handler (Hyunchul Lee) - ksmbd: set 445 port to smbdirect port by default (Namjae Jeon) - ksmbd: register ksmbd ib client with ib_register_client() (Hyunchul Lee) - ksmbd: Fix smb2_get_name() kernel-doc comment (Yang Li) - ksmbd: Delete an invalid argument description in smb2_populate_readdir_entry() (Yang Li) - ksmbd: Fix smb2_set_info_file() kernel-doc comment (Yang Li) - ksmbd: Fix buffer_check_err() kernel-doc comment (Yang Li) - ksmbd: set both ipv4 and ipv6 in FSCTL_QUERY_NETWORK_INTERFACE_INFO (Namjae Jeon) - ksmbd: Remove unused fields from ksmbd_file struct definition (Marios Makassikis) - ksmbd: Remove unused parameter from smb2_get_name() (Marios Makassikis) - ksmbd: use oid registry functions to decode OIDs (Hyunchul Lee) - ksmbd: change LeaseKey data type to u8 array (Namjae Jeon) - ksmbd: remove smb2_buf_length in smb2_transform_hdr (Namjae Jeon) - ksmbd: remove smb2_buf_length in smb2_hdr (Namjae Jeon) - ksmbd: remove md4 leftovers (Namjae Jeon) - ksmbd: Remove redundant 'flush_workqueue()' calls (Christophe JAILLET) - ksmdb: use cmd helper variable in smb2_get_ksmbd_tcon() (Ralph Boehme) - LTS version: v5.15.144 (Vijayendra Suman) - r8152: fix the autosuspend doesn't work (Hayes Wang) - r8152: remove rtl_vendor_mode function (Hayes Wang) - r8152: avoid to change cfg for all devices (Hayes Wang) - powerpc/ftrace: Fix stack teardown in ftrace_no_trace (Naveen N Rao) - powerpc/ftrace: Create a dummy stackframe to fix stack unwind (Naveen N Rao) - RDMA/irdma: Prevent zero-length STAG registration (Christopher Bednarz) [Orabug: 36155612] {CVE-2023-25775} - USB: gadget: core: adjust uevent timing on gadget unbind (Roy Luo) - ring-buffer: Do not try to put back write_stamp (Steven Rostedt (Google)) - ring-buffer: Fix a race in rb_time_cmpxchg() for 32 bit archs (Steven Rostedt (Google)) - ring-buffer: Fix writing to the buffer with max_data_size (Steven Rostedt (Google)) - ring-buffer: Have saved event hold the entire event (Steven Rostedt (Google)) - ring-buffer: Do not update before stamp when switching sub-buffers (Steven Rostedt (Google)) - tracing: Update snapshot buffer on resize if it is allocated (Steven Rostedt (Google)) - ring-buffer: Fix memory leak of free page (Steven Rostedt (Google)) - drm/amdgpu/sdma5.2: add begin/end_use ring callbacks (Alex Deucher) - team: Fix use-after-free when an option instance allocation fails (Florent Revest) - arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify (James Houghton) - ext4: prevent the normalized size from exceeding EXT_MAX_BLOCKS (Baokun Li) - soundwire: stream: fix NULL pointer dereference for multi_link (Krzysztof Kozlowski) - btrfs: do not allow non subvolume root targets for snapshot (Josef Bacik) - HID: hid-asus: add const to read-only outgoing usb buffer (Denis Benato) - net: usb: qmi_wwan: claim interface 4 for ZTE MF290 (Lech Perczak) - asm-generic: qspinlock: fix queued_spin_value_unlocked() implementation (Linus Torvalds) - HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad (Aoba K) - HID: hid-asus: reset the backlight brightness level on resume (Denis Benato) - HID: add ALWAYS_POLL quirk for Apple kb (Oliver Neukum) - HID: glorious: fix Glorious Model I HID report (Brett Raye) - platform/x86: intel_telemetry: Fix kernel doc descriptions (Andy Shevchenko) - bcache: avoid NULL checking to c->root in run_cache_set() (Coly Li) - bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() (Coly Li) - bcache: remove redundant assignment to variable cur_idx (Colin Ian King) - bcache: avoid oversize memory allocation by small stripe_size (Coly Li) - blk-cgroup: bypass blkcg_deactivate_policy after destroying (Ming Lei) - blk-throttle: fix lockdep warning of 'cgroup_mutex or RCU read lock required!' (Ming Lei) - stmmac: dwmac-loongson: Add architecture dependency (Jean Delvare) - usb: aqc111: check packet for fixup for true limit (Oliver Neukum) - drm/mediatek: Add spinlock for setting vblank event in atomic_begin (Jason-JH.Lin) - PCI: loongson: Limit MRRS to 256 (Jiaxun Yang) - ALSA: hda/realtek: Apply mute LED quirk for HP15-db (Hartmut Knaack) - ALSA: hda/hdmi: add force-connect quirks for ASUSTeK Z170 variants (Kai Vehmanen) - ALSA: hda/hdmi: add force-connect quirk for NUC5CPYB (Kai Vehmanen) - fuse: dax: set fc->dax to NULL in fuse_dax_conn_free() (Hangyu Hua) - net: atlantic: fix double free in ring reinit logic (Igor Russkikh) - appletalk: Fix Use-After-Free in atalk_ioctl (Hyunwoo Kim) - net: stmmac: Handle disabled MDIO busses from devicetree (Andrew Halaney) - net: stmmac: use dev_err_probe() for reporting mdio bus registration failure (Rasmus Villemoes) - dpaa2-switch: fix size of the dma_unmap (Ioana Ciornei) - vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space() (Nikolay Kuratov) - sign-file: Fix incorrect return values check (Yusong Gao) - stmmac: dwmac-loongson: Make sure MDIO is initialized before use (Yanteng Si) - net: ena: Fix XDP redirection error (David Arinzon) - net: ena: Fix xdp drops handling due to multibuf packets (David Arinzon) - net: ena: Destroy correct number of xdp queues upon failure (David Arinzon) - net: Remove acked SYN flag from packet in the transmit queue correctly (Dong Chenchen) - qed: Fix a potential use-after-free in qed_cxt_tables_alloc (Dinghao Liu) - net/rose: Fix Use-After-Free in rose_ioctl (Hyunwoo Kim) - atm: Fix Use-After-Free in do_vcc_ioctl (Hyunwoo Kim) - octeontx2-af: Update RSS algorithm index (Hariprasad Kelam) - octeontx2-pf: Fix promisc mcam entry action (Hariprasad Kelam) - octeontx2-af: fix a use-after-free in rvu_nix_register_reporters (Zhipeng Lu) - net: fec: correct queue selection (Radu Bulie) - net: vlan: introduce skb_vlan_eth_hdr() (Vladimir Oltean) - atm: solos-pci: Fix potential deadlock on &tx_queue_lock (Chengfeng Ye) - atm: solos-pci: Fix potential deadlock on &cli_queue_lock (Chengfeng Ye) - qca_spi: Fix reset behavior (Stefan Wahren) - qca_debug: Fix ethtool -G iface tx behavior (Stefan Wahren) - qca_debug: Prevent crash on TX ring changes (Stefan Wahren) - HID: lenovo: Restrict detection of patched firmware only to USB cptkbd (Mikhail Khvainitski) - afs: Fix refcount underflow from error handling race (David Howells) - ksmbd: fix memory leak in smb2_lock() (Zizhi Wo) - MIPS: Loongson64: Handle more memory types passed from firmware (Jiaxun Yang) - memblock: allow to specify flags with memblock_add_node() (David Hildenbrand) - mm/memory_hotplug: handle memblock_add_node() failures in add_memory_resource() (David Hildenbrand) - netfilter: nf_tables: fix 'exist' matching on bigendian arches (Florian Westphal) - r8152: add vendor/device ID pair for ASUS USB-C2500 (Kelly Kane) - r8152: add vendor/device ID pair for D-Link DUB-E250 (Antonio Napolitano) - r8152: add USB device driver for config selection (Bjorn Mork) - LTS version: v5.15.143 (Jack Vogel) - devcoredump: Send uevent once devcd is ready (Mukesh Ojha) - devcoredump : Serialize devcd_del work (Mukesh Ojha) - smb: client: fix potential NULL deref in parse_dfs_referrals() (Paulo Alcantara) - cifs: Fix non-availability of dedup breaking generic/304 (David Howells) - Revert 'btrfs: add dmesg output for first mount and last unmount of a filesystem' (Greg Kroah-Hartman) - MIPS: Loongson64: Enable DMA noncoherent support (Jiaxun Yang) - MIPS: Loongson64: Reserve vgabios memory on boot (Jiaxun Yang) - KVM: SVM: Update EFER software model on CR0 trap for SEV-ES (Sean Christopherson) - KVM: s390/mm: Properly reset no-dat (Claudio Imbrenda) - x86/CPU/AMD: Check vendor in the AMD microcode callback (Borislav Petkov (AMD)) - serial: 8250_omap: Add earlycon support for the AM654 UART controller (Ronald Wahl) - serial: 8250: 8250_omap: Do not start RX DMA on THRI interrupt (Ronald Wahl) - serial: 8250: 8250_omap: Clear UART_HAS_RHR_IT_DIS bit (Ronald Wahl) - serial: sc16is7xx: address RX timeout interrupt errata (Daniel Mack) - ARM: PL011: Fix DMA support (Arnd Bergmann) - usb: typec: class: fix typec_altmode_put_partner to put plugs (RD Babiera) - Revert 'xhci: Loosen RPM as default policy to cover for AMD xHC 1.1' (Mathias Nyman) - parport: Add support for Brainboxes IX/UC/PX parallel cards (Cameron Williams) - usb: gadget: f_hid: fix report descriptor allocation (Konstantin Aladyshev) - drm/amdgpu: correct the amdgpu runtime dereference usage count (Prike Liang) - drm/amd/amdgpu: Fix warnings in amdgpu/amdgpu_display.c (Srinivasan Shanmugam) - gpiolib: sysfs: Fix error handling on failed export (Boerge Struempfel) - arm64: dts: mt8183: kukui: Fix underscores in node names (Hsin-Yi Wang) - arm64: dts: mediatek: add missing space before { (Krzysztof Kozlowski) - arm64: dts: mediatek: mt8183: Move thermal-zones to the root node (AngeloGioacchino Del Regno) - arm64: dts: mediatek: align thermal zone node names with dtschema (Krzysztof Kozlowski) - tools headers UAPI: Sync linux/perf_event.h with the kernel sources (Namhyung Kim) - docs/process/howto: Replace C89 with C11 (Akira Yokosawa) - platform/x86: asus-wmi: Fix kbd_dock_devid tablet-switch reporting (Hans de Goede) - netfilter: nft_set_pipapo: skip inactive elements during set walk (Florian Westphal) - io_uring/af_unix: disable sending io_uring over sockets (Pavel Begunkov) - mm: fix oops when filemap_map_pmd() without prealloc_pte (Hugh Dickins) - r8169: fix rtl8125b PAUSE frames blasting when suspended (ChunHao Lin) - tracing: Stop current tracer when resizing buffer (Steven Rostedt (Google)) - tracing: Set actual size after ring buffer resize (Zheng Yejian) - ring-buffer: Force absolute timestamp on discard of event (Steven Rostedt (Google)) - misc: mei: client.c: fix problem of return '-EOVERFLOW' in mei_cl_write (Su Hui) - misc: mei: client.c: return negative error code in mei_cl_write (Su Hui) - coresight: etm4x: Remove bogous __exit annotation for some functions (Uwe Kleine-Konig) - coresight: etm4x: Make etm4_remove_dev() return void (Uwe Kleine-Konig) - kallsyms: Make kallsyms_on_each_symbol generally available (Jiri Olsa) - binder: fix memory leaks of spam and pending work (Carlos Llamas) - arm64: dts: mediatek: mt8183: Fix unit address for scp reserved memory (AngeloGioacchino Del Regno) - arm64: dts: mediatek: mt8173-evb: Fix regulator-fixed node names (AngeloGioacchino Del Regno) - arm64: dts: mediatek: mt8183-kukui-jacuzzi: fix dsi unnecessary cells properties (Eugen Hristev) - arm64: dts: mediatek: mt7622: fix memory node warning check (Eugen Hristev) - platform/surface: aggregator: fix recv_buf() return value (Francesco Dolcini) - regmap: fix bogus error on regcache_sync success (Matthias Reichl) - packet: Move reference count in packet_sock to atomic_long_t (Daniel Borkmann) - tracing: Fix a possible race when disabling buffered events (Petr Pavlu) - tracing: Fix incomplete locking when disabling buffered events (Petr Pavlu) - tracing: Disable snapshot buffer when stopping instance tracers (Steven Rostedt (Google)) - tracing: Always update snapshot buffer size (Steven Rostedt (Google)) - checkstack: fix printed address (Heiko Carstens) - nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage() (Ryusuke Konishi) - nilfs2: fix missing error check for sb_set_blocksize call (Ryusuke Konishi) - ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5 (Bin Li) - ALSA: pcm: fix out-of-bounds in snd_pcm_state_names (Jason Zhang) - ALSA: usb-audio: Add Pioneer DJM-450 mixer controls (Sarah Grant) - io_uring: fix mutex_unlock with unreferenced ctx (Pavel Begunkov) - nvme-pci: Add sleep quirk for Kingston drives (Georg Gottleuber) - kprobes: consistent rcu api usage for kretprobe holder (JP Kobryn) - md: don't leave 'MD_RECOVERY_FROZEN' in error path of md_set_readonly() (Yu Kuai) - md: introduce md_ro_state (Ye Bin) - riscv: fix misaligned access handling of C.SWSP and C.SDSP (Clement Leger) - ARM: dts: imx28-xea: Pass the 'model' property (Fabio Estevam) - ARM: dts: imx7: Declare timers compatible with fsl,imx6dl-gpt (Philipp Zabel) - ARM: imx: Check return value of devm_kasprintf in imx_mmdc_perf_init (Kunwu Chan) - scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() (Dinghao Liu) - tracing: Fix a warning when allocating buffered events fails (Petr Pavlu) - ARM: dts: imx6ul-pico: Describe the Ethernet PHY clock (Fabio Estevam) - arm64: dts: imx8mp: imx8mq: Add parkmode-disable-ss-quirk on DWC3 (Nathan Rossi) - arm64: dts: imx8mq: drop usb3-resume-missing-cas from usb (Peng Fan) - RDMA/irdma: Avoid free the non-cqp_request scratch (Shifeng Li) - RDMA/core: Fix umem iterator when PAGE_SIZE is greater then HCA pgsz (Mike Marciniszyn) - ASoC: wm_adsp: fix memleak in wm_adsp_buffer_populate (Dinghao Liu) - hwmon: (nzxt-kraken2) Fix error handling path in kraken2_probe() (Christophe JAILLET) - hwmon: (acpi_power_meter) Fix 4.29 MW bug (Armin Wolf) - RDMA/bnxt_re: Correct module description string (Kalesh AP) - RDMA/rtrs-clt: Remove the warnings for req in_use check (Jack Wang) - RDMA/rtrs-clt: Fix the max_send_wr setting (Jack Wang) - RDMA/rtrs-srv: Destroy path files after making sure no IOs in-flight (Md Haris Iqbal) - RDMA/rtrs-srv: Free srv_mr iu only when always_invalidate is true (Md Haris Iqbal) - RDMA/rtrs-srv: Check return values while processing info request (Md Haris Iqbal) - RDMA/rtrs-clt: Start hb after path_up (Jack Wang) - RDMA/rtrs-srv: Do not unconditionally enable irq (Jack Wang) - arm64: dts: rockchip: Expand reg size of vdec node for RK3399 (Alex Bee) - RDMA/irdma: Add wait for suspend on SQD (Mustafa Ismail) - RDMA/irdma: Do not modify to SQD on error (Mustafa Ismail) - RDMA/hns: Fix unnecessary err return when using invalid congest control algorithm (Junxian Huang) - tee: optee: Fix supplicant based device enumeration (Sumit Garg) - drop_monitor: Require 'CAP_SYS_ADMIN' when joining 'events' group (Ido Schimmel) - net: add missing kdoc for struct genl_multicast_group::flags (Jakub Kicinski) - psample: Require 'CAP_NET_ADMIN' when joining 'packets' group (Ido Schimmel) - bpf: sockmap, updating the sg structure should also update curr (John Fastabend) - tcp: do not accept ACK of bytes we never sent (Eric Dumazet) - netfilter: xt_owner: Fix for unsafe access of sk->sk_socket (Phil Sutter) - netfilter: nf_tables: validate family when identifying table via handle (Pablo Neira Ayuso) - netfilter: nf_tables: bail out on mismatching dynset and set expressions (Pablo Neira Ayuso) [Orabug: 36155544] {CVE-2023-6622} - octeontx2-af: Update Tx link register range (Rahul Bhansali) - net: hns: fix fake link up on xge port (Yonglong Liu) - ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit() (Shigeru Yoshida) - ionic: Fix dim work handling in split interrupt mode (Brett Creeley) - ionic: fix snprintf format length warning (Shannon Nelson) - net: bnxt: fix a potential use-after-free in bnxt_init_tc (Dinghao Liu) - i40e: Fix unexpected MFS warning message (Ivan Vecera) - octeontx2-af: fix a use-after-free in rvu_npa_register_reporters (Zhipeng Lu) - net: stmmac: fix FPE events losing (Jianheng Zhang) - arcnet: restoring support for multiple Sohard Arcnet cards (Thomas Reichinger) - platform/mellanox: Check devm_hwmon_device_register_with_groups() return value (Kunwu Chan) - platform/mellanox: Add null pointer checks for devm_kasprintf() (Kunwu Chan) - mlxbf-bootctl: correctly identify secure boot with development keys (David Thompson) - r8152: Add RTL8152_INACCESSIBLE to r8153_aldps_en() (Douglas Anderson) - r8152: Add RTL8152_INACCESSIBLE to r8153_pre_firmware_1() (Douglas Anderson) - r8152: Add RTL8152_INACCESSIBLE to r8156b_wait_loading_flash() (Douglas Anderson) - r8152: Add RTL8152_INACCESSIBLE checks to more loops (Douglas Anderson) - r8152: Rename RTL8152_UNPLUG to RTL8152_INACCESSIBLE (Douglas Anderson) - hv_netvsc: rndis_filter needs to select NLS (Randy Dunlap) - octeontx2-af: Check return value of nix_get_nixlf before using nixlf (Subbaraya Sundeep) - octeontx2-pf: Add missing mutex lock in otx2_get_pauseparam (Subbaraya Sundeep) - ipv6: fix potential NULL deref in fib6_add() (Eric Dumazet) - platform/x86: wmi: Skip blocks with zero instances (Armin Wolf) - platform/x86: wmi: Allow duplicate GUIDs for drivers that use struct wmi_driver (Mario Limonciello) - of: dynamic: Fix of_reconfig_get_state_change() return value documentation (Luca Ceresoli) - platform/x86: asus-wmi: Move i8042 filter install to shared asus-wmi code (Hans de Goede) - platform/x86: asus-wmi: Simplify tablet-mode-switch handling (Hans de Goede) - platform/x86: asus-wmi: Simplify tablet-mode-switch probing (Hans de Goede) - platform/x86: asus-wmi: Add support for ROG X13 tablet mode (Luke D. Jones) - platform/x86: asus-wmi: Adjust tablet/lidflip handling to use enum (Luke D. Jones) - drm/amdgpu: correct chunk_ptr to a pointer to chunk. (YuanShang) - kconfig: fix memory leak from range properties (Masahiro Yamada) - tg3: Increment tx_dropped in tg3_tso_bug() (Alex Pakhunov) - tg3: Move the [rt]x_dropped counters to tg3_napi (Alex Pakhunov) - netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test (Jozsef Kadlecsik) - i2c: designware: Fix corrupted memory seen in the ISR (Jan Bottorff) - vdpa/mlx5: preserve CVQ vringh index (Steve Sistare) - LTS version: v5.15.142 (Jack Vogel) - iomap: update ki_pos a little later in iomap_dio_complete (Christoph Hellwig) - r8169: fix deadlock on RTL8125 in jumbo mtu mode (Heiner Kallweit) - r8169: disable ASPM in case of tx timeout (Heiner Kallweit) - mmc: sdhci-sprd: Fix vqmmc not shutting down after the card was pulled (Wenchao Chen) - mmc: core: add helpers mmc_regulator_enable/disable_vqmmc (Heiner Kallweit) - iommu/vt-d: Make context clearing consistent with context mapping (Lu Baolu) - iommu/vt-d: Omit devTLB invalidation requests when TES=0 (Lu Baolu) - cpufreq: imx6q: Don't disable 792 Mhz OPP unnecessarily (Christoph Niedermaier) - cpufreq: imx6q: don't warn for disabling a non-existing frequency (Christoph Niedermaier) - smb3: fix caching of ctime on setxattr (Steve French) - fs: add ctime accessors infrastructure (Jeff Layton) - fbdev: stifb: Make the STI next font pointer a 32-bit signed offset (Helge Deller) - ASoC: SOF: sof-pci-dev: Fix community key quirk detection (Mark Hasemeyer) - ASoC: SOF: sof-pci-dev: don't use the community key on APL Chromebooks (Pierre-Louis Bossart) - ASoC: SOF: sof-pci-dev: add parameter to override topology filename (Pierre-Louis Bossart) - ASoC: SOF: sof-pci-dev: use community key on all Up boards (Pierre-Louis Bossart) - ASoC: Intel: Move soc_intel_is_foo() helpers to a generic header (Hans de Goede) - smb3: fix touch -h of symlink (Steve French) - selftests/resctrl: Move _GNU_SOURCE define into Makefile (Ilpo Jarvinen) - selftests/resctrl: Add missing SPDX license to Makefile (Shaopeng Tan) - perf intel-pt: Fix async branch flags (Adrian Hunter) - net: ravb: Stop DMA in case of failures on ravb_open() (Claudiu Beznea) - net: ravb: Start TX queues after HW initialization succeeded (Claudiu Beznea) - net: ravb: Use pm_runtime_resume_and_get() (Claudiu Beznea) - net: ravb: Check return value of reset_control_deassert() (Claudiu Beznea) - ravb: Fix races between ravb_tx_timeout_work() and net related ops (Yoshihiro Shimoda) - r8169: prevent potential deadlock in rtl8169_close (Heiner Kallweit) - octeontx2-pf: Fix adding mbox work queue entry when num_vfs > 64 (Geetha sowjanya) - net: stmmac: xgmac: Disable FPE MMC interrupts (Furong Xu) - octeontx2-af: Fix possible buffer overflow (Elena Salomatkina) - selftests/net: ipsec: fix constant out of range (Willem de Bruijn) - uapi: propagate __struct_group() attributes to the container union (Dmitry Antipov) - dpaa2-eth: increase the needed headroom to account for alignment (Ioana Ciornei) - ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet (Zhengchao Shao) - usb: config: fix iteration issue in 'usb_get_bos_descriptor()' (Niklas Neronin) - USB: core: Change configuration warnings to notices (Alan Stern) - hv_netvsc: fix race of netvsc and VF register_netdevice (Haiyang Zhang) - rcu: Avoid tracing a few functions executed in stop machine (Patrick Wang) - vlan: move dev_put into vlan_dev_uninit (Xin Long) - vlan: introduce vlan_dev_free_egress_priority (Xin Long) - Input: xpad - add HyperX Clutch Gladiate Support (Max Nguyen) - btrfs: make error messages more clear when getting a chunk map (Filipe Manana) - btrfs: send: ensure send_fd is writable (Jann Horn) - btrfs: fix off-by-one when checking chunk map includes logical address (Filipe Manana) - btrfs: ref-verify: fix memory leaks in btrfs_ref_tree_mod() (Bragatheswaran Manickavel) - btrfs: add dmesg output for first mount and last unmount of a filesystem (Qu Wenruo) - parisc: Drop the HP-UX ENOSYM and EREMOTERELEASE error codes (Helge Deller) - powerpc: Don't clobber f0/vs0 during fp|altivec register save (Timothy Pearson) - iommu/vt-d: Add MTL to quirk list to skip TE disabling (Abdul Halim, Mohd Syazwan) - bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (Markus Weippert) - dm verity: don't perform FEC for failed readahead IO (Wu Bo) - dm-verity: align struct dm_verity_fec_io properly (Mikulas Patocka) - ALSA: hda/realtek: Add supported ALC257 for ChromeOS (Kailang Yang) - ALSA: hda/realtek: Headset Mic VREF to 100% (Kailang Yang) - ALSA: hda: Disable power-save on KONTRON SinglePC (Takashi Iwai) - mmc: block: Be sure to wait while busy in CQE error recovery (Adrian Hunter) - mmc: block: Do not lose cache flush during CQE error recovery (Adrian Hunter) - mmc: block: Retry commands in CQE error recovery (Adrian Hunter) - mmc: cqhci: Fix task clearing in CQE error recovery (Adrian Hunter) - mmc: cqhci: Warn of halt or task clear failure (Adrian Hunter) - mmc: cqhci: Increase recovery halt timeout (Adrian Hunter) - firewire: core: fix possible memory leak in create_units() (Yang Yingliang) - pinctrl: avoid reload of p state in list iteration (Maria Yu) - LTS version: v5.15.141 (Jack Vogel) - io_uring: fix off-by one bvec index (Keith Busch) - USB: dwc3: qcom: fix wakeup after probe deferral (Johan Hovold) - USB: dwc3: qcom: fix software node leak on probe errors (Johan Hovold) - usb: dwc3: set the dma max_seg_size (Ricardo Ribalda) - usb: dwc3: Fix default mode initialization (Alexander Stein) - USB: dwc2: write HCINT with INTMASK applied (Oliver Neukum) - usb: typec: tcpm: Skip hard reset when in error recovery (Badhri Jagan Sridharan) - USB: serial: option: don't claim interface 4 for ZTE MF290 (Lech Perczak) - USB: serial: option: fix FM101R-GL defines (Puliang Lu) - USB: serial: option: add Fibocom L7xx modules (Victor Fragoso) - usb: cdnsp: Fix deadlock issue during using NCM gadget (Pawel Laszczak) - bcache: fixup lock c->root error (Mingzhe Zou) - bcache: fixup init dirty data errors (Mingzhe Zou) - bcache: prevent potential division by zero error (Rand Deeb) - bcache: check return value from btree_node_alloc_replacement() (Coly Li) - dm-delay: fix a race between delay_presuspend and delay_bio (Mikulas Patocka) - hv_netvsc: Mark VF as slave before exposing it to user-mode (Long Li) - hv_netvsc: Fix race of register_netdevice_notifier and VF register (Haiyang Zhang) - USB: serial: option: add Luat Air72*U series products (Asuna Yang) - s390/dasd: protect device queue against concurrent access (Jan Hoppner) - io_uring/fs: consider link->flags when getting path for LINKAT (Charles Mirabile) - bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race (Mingzhe Zou) - md: fix bi_status reporting in md_end_clone_io (Song Liu) - bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() (Coly Li) - swiotlb-xen: provide the 'max_mapping_size' method (Keith Busch) - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA (Hans de Goede) - proc: sysctl: prevent aliased sysctls from getting passed to init (Krister Johansen) - ext4: make sure allocate pending entry not fail (Zhang Yi) - ext4: fix slab-use-after-free in ext4_es_insert_extent() (Baokun Li) - ext4: using nofail preallocation in ext4_es_insert_extent() (Baokun Li) - ext4: using nofail preallocation in ext4_es_insert_delayed_block() (Baokun Li) - ext4: using nofail preallocation in ext4_es_remove_extent() (Baokun Li) - ext4: use pre-allocated es in __es_remove_extent() (Baokun Li) - ext4: use pre-allocated es in __es_insert_extent() (Baokun Li) - ext4: factor out __es_alloc_extent() and __es_free_extent() (Baokun Li) - ext4: add a new helper to check if es must be kept (Baokun Li) - media: qcom: camss: Fix csid-gen2 for test pattern generator (Andrey Konovalov) - media: qcom: camss: Fix set CSI2_RX_CFG1_VC_MODE when VC is greater than 3 (Bryan O'Donoghue) - media: camss: sm8250: Virtual channels for CSID (Milen Mitkov) - media: camss: Replace hard coded value with parameter (Souptick Joarder (HPE)) - MIPS: KVM: Fix a build warning about variable set but not used (Huacai Chen) - lockdep: Fix block chain corruption (Peter Zijlstra) - USB: dwc3: qcom: fix ACPI platform device leak (Johan Hovold) - USB: dwc3: qcom: fix resource leaks on probe deferral (Johan Hovold) - nvmet: nul-terminate the NQNs passed in the connect command (Christoph Hellwig) - afs: Fix file locking on R/O volumes to operate in local mode (David Howells) - afs: Return ENOENT if no cell DNS record can be found (David Howells) - net: axienet: Fix check for partial TX checksum (Samuel Holland) - amd-xgbe: propagate the correct speed and duplex status (Raju Rangoju) - amd-xgbe: handle the corner-case during tx completion (Raju Rangoju) - amd-xgbe: handle corner-case during sfp hotplug (Raju Rangoju) - octeontx2-pf: Fix ntuple rule creation to direct packet to VF with higher Rx queue than its PF (Suman Ghosh) - arm/xen: fix xen_vcpu_info allocation alignment (Stefano Stabellini) - net/smc: avoid data corruption caused by decline (D. Wythe) - net: usb: ax88179_178a: fix failed operations during ax88179_reset (Jose Ignacio Tornos Martinez) - ipv4: Correct/silence an endian warning in __ip_do_redirect (Kunwu Chan) - HID: fix HID device resource race between HID core and debugging support (Charles Yi) - HID: core: store the unique system identifier in hid_device (Benjamin Tissoires) - drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full (Jonas Karlman) - ata: pata_isapnp: Add missing error check for devm_ioport_map() (Chen Ni) - octeontx2-pf: Fix memory leak during interface down (Suman Ghosh) - wireguard: use DEV_STATS_INC() (Eric Dumazet) - drm/panel: simple: Fix Innolux G101ICE-L01 timings (Marek Vasut) - drm/panel: simple: Fix Innolux G101ICE-L01 bus flags (Marek Vasut) - drm/panel: auo,b101uan08.3: Fine tune the panel power sequence (Xuxin Xiong) - drm/panel: boe-tv101wum-nl6: Fine tune the panel power sequence (Shuijing Li) - afs: Make error on cell lookup failure consistent with OpenAFS (David Howells) - afs: Fix afs_server_list to be cleaned up with RCU (David Howells) - LTS version: v5.15.140 (Jack Vogel) - driver core: Release all resources during unbind before updating device links (Saravana Kannan) - Input: xpad - add VID for Turtle Beach controllers (Vicki Pfau) - powerpc/powernv: Fix fortify source warnings in opal-prd.c (Michael Ellerman) - io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid (Jens Axboe) - drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox (Lewis Huang) - drm/amdgpu: fix error handling in amdgpu_bo_list_get() (Christian Konig) - drm/amdgpu: don't use ATRM for external devices (Alex Deucher) - drm/i915: Fix potential spectre vulnerability (Kunwu Chan) - drm/amd/pm: Handle non-terminated overdrive commands. (Bas Nieuwenhuizen) - ext4: add missed brelse in update_backups (Kemeng Shi) - ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks (Kemeng Shi) - ext4: correct the start block of counting reserved clusters (Zhang Yi) - ext4: correct return value of ext4_convert_meta_bg (Kemeng Shi) - ext4: correct offset of gdb backup in non meta_bg group to update_backups (Kemeng Shi) - ext4: apply umask if ACL support is disabled (Max Kellermann) - Revert 'net: r8169: Disable multicast filter for RTL8168H and RTL8107E' (Heiner Kallweit) - media: qcom: camss: Fix missing vfe_lite clocks check (Bryan O'Donoghue) - media: qcom: camss: Fix VFE-17x vfe_disable_output() (Bryan O'Donoghue) - media: qcom: camss: Fix vfe_get() error jump (Bryan O'Donoghue) - media: qcom: camss: Fix pm_domain_on sequence in probe (Bryan O'Donoghue) - mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of AER (Victor Shih) - r8169: fix network lost after resume on DASH systems (ChunHao Lin) - mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors (Roman Gushchin) - mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM L1.2 (Victor Shih) - riscv: kprobes: allow writing to x0 (Nam Cao) - nfsd: fix file memleak on client_opens_release (Mahmoud Adam) - media: ccs: Correctly initialise try compose rectangle (Sakari Ailus) - media: venus: hfi: add checks to handle capabilities from firmware (Vikash Garodia) - media: venus: hfi: fix the check to handle session buffer requirement (Vikash Garodia) - media: venus: hfi_parser: Add check to keep the number of codecs within range (Vikash Garodia) - media: sharp: fix sharp encoding (Sean Young) - media: lirc: drop trailing space from scancode transmit (Sean Young) - f2fs: avoid format-overflow warning (Su Hui) - i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (Heiner Kallweit) - net: phylink: initialize carrier state at creation (Klaus Kudielka) - net: dsa: lan9303: consequently nested-lock physical MDIO (Alexander Sverdlin) - net: ethtool: Fix documentation of ethtool_sprintf() (Andrew Lunn) - s390/ap: fix AP bus crash on early config change callback invocation (Harald Freudenberger) - i2c: designware: Disable TX_EMPTY irq while waiting for block length byte (Tam Nguyen) - lsm: fix default return value for inode_getsecctx (Ondrej Mosnacek) - lsm: fix default return value for vm_enough_memory (Ondrej Mosnacek) - Revert 'i2c: pxa: move to generic GPIO recovery' (Robert Marko) - powerpc/pseries/ddw: simplify enable_ddw() (Alexey Kardashevskiy) - arm64: dts: qcom: ipq6018: Fix tcsr_mutex register size (Vignesh Viswanathan) - arm64: dts: qcom: ipq6018: switch TCSR mutex to MMIO (Krzysztof Kozlowski) - ksmbd: fix slab out of bounds write in smb_inherit_dacl() (Namjae Jeon) - Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE (Guan Wentao) - Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables (Masum Reza) - bluetooth: Add device 13d3:3571 to device tables (Larry Finger) - bluetooth: Add device 0bda:887b to device tables (Larry Finger) - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559 (Artem Lukyanov) - cpufreq: stats: Fix buffer overflow detection in trans_stats() (Christian Marangi) - regmap: Ensure range selector registers are updated after cache sync (Mark Brown) - tty: serial: meson: fix hard LOCKUP on crtscts mode (Pavel Krasavin) - serial: meson: Use platform_get_irq() to get the interrupt (Lad Prabhakar) - ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC (Chandradeep Dey) - ALSA: hda/realtek - Add Dell ALC295 to pin fall back table (Kailang Yang) - ALSA: info: Fix potential deadlock at disconnection (Takashi Iwai) - xhci: Enable RPM on controllers that support low-power states (Basavaraj Natikar) - parisc/pgtable: Do not drop upper 5 address bits of physical address (Helge Deller) - parisc: Prevent booting 64-bit kernels on PA1.x machines (Helge Deller) - i3c: master: svc: fix SDA keep low when polling IBIWON timeout happen (Frank Li) - i3c: master: svc: fix check wrong status register in irq handler (Frank Li) - i3c: master: svc: fix ibi may not return mandatory data byte (Frank Li) - i3c: master: svc: fix wrong data return when IBI happen during start frame (Frank Li) - i3c: master: svc: fix race condition in ibi work thread (Frank Li) - i3c: master: cdns: Fix reading status register (Joshua Yeong) - mtd: cfi_cmdset_0001: Byte swap OTP info (Linus Walleij) - mm/memory_hotplug: use pfn math in place of direct struct page manipulation (Zi Yan) - mm/cma: use nth_page() in place of direct struct page manipulation (Zi Yan) - s390/cmma: fix detection of DAT pages (Heiko Carstens) - dmaengine: stm32-mdma: correct desc prep when channel running (Alain Volmat) - mcb: fix error handling for different scenarios when parsing (Sanjuan Garcia, Jorge) - tracing: Have the user copy of synthetic event address use correct context (Steven Rostedt (Google)) - i2c: core: Run atomic i2c xfer when !preemptible (Benjamin Bara) - kernel/reboot: emergency_restart: Set correct system_state (Benjamin Bara) - quota: explicitly forbid quota files from being encrypted (Eric Biggers) - jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev (Zhihao Cheng) - ASoC: codecs: wsa-macro: fix uninitialized stack variables with name prefix (Krzysztof Kozlowski) - selftests/resctrl: Reduce failures due to outliers in MBA/MBM tests (Ilpo Jarvinen) - selftests/resctrl: Remove duplicate feature check from CMT test (Ilpo Jarvinen) - netfilter: nf_tables: split async and sync catchall in two functions (Pablo Neira Ayuso) - netfilter: nf_tables: remove catchall element in GC sync path (Pablo Neira Ayuso) [Orabug: 36028059] {CVE-2023-6111} - PCI: keystone: Don't discard .probe() callback (Uwe Kleine-Konig) - PCI: keystone: Don't discard .remove() callback (Uwe Kleine-Konig) - KEYS: trusted: Rollback init_trusted() consistently (Jarkko Sakkinen) - genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware (Herve Codina) - mmc: meson-gx: Remove setting of CMD_CFG_ERROR (Rong Chen) - wifi: ath11k: fix htt pktlog locking (Johan Hovold) - wifi: ath11k: fix dfs radar event locking (Johan Hovold) - wifi: ath11k: fix temperature event locking (Johan Hovold) - ima: detect changes to the backing overlay file (Mimi Zohar) - ima: annotate iint mutex to avoid lockdep false positive warnings (Amir Goldstein) - ACPI: FPDT: properly handle invalid FPDT subtables (Vasily Khoruzhick) - firmware: qcom_scm: use 64-bit calling convention only when client is 64-bit (Kathiravan Thirumoorthy) - btrfs: don't arbitrarily slow down delalloc if we're committing (Josef Bacik) - rcu: kmemleak: Ignore kmemleak false positives when RCU-freeing objects (Catalin Marinas) - PM: hibernate: Clean up sync_read handling in snapshot_write_next() (Brian Geffon) - PM: hibernate: Use __get_safe_page() rather than touching the list (Brian Geffon) - arm64: dts: qcom: ipq6018: Fix hwlock index for SMEM (Vignesh Viswanathan) - rcu/tree: Defer setting of jiffies during stall reset (Joel Fernandes (Google)) - svcrdma: Drop connection after an RDMA Read error (Chuck Lever) - wifi: wilc1000: use vmm_table as array in wilc struct (Ajay Singh) - PCI: exynos: Don't discard .remove() callback (Uwe Kleine-Konig) - PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common() (Heiner Kallweit) - mmc: sdhci_am654: fix start loop index for TAP value parsing (Nitin Yadav) - mmc: vub300: fix an error code (Dan Carpenter) - clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks (Kathiravan Thirumoorthy) - clk: qcom: ipq8074: drop the CLK_SET_RATE_PARENT flag from PLL clocks (Kathiravan Thirumoorthy) - clk: socfpga: Fix undefined behavior bug in struct stratix10_clock_data (Gustavo A. R. Silva) - parisc/pdc: Add width field to struct pdc_model (Helge Deller) - arm64: Restrict CPU_BIG_ENDIAN to GNU as or LLVM IAS 15.x or newer (Nathan Chancellor) - ACPI: resource: Do IRQ override on TongFang GMxXGxx (Werner Sembach) - watchdog: move softlockup_panic back to early_param (Krister Johansen) - PCI/sysfs: Protect driver's D3cold preference from user space (Lukas Wunner) - hvc/xen: fix event channel handling for secondary consoles (David Woodhouse) - hvc/xen: fix error path in xen_hvc_init() to always register frontend driver (David Woodhouse) - hvc/xen: fix console unplug (David Woodhouse) - tty/sysrq: replace smp_processor_id() with get_cpu() (Muhammad Usama Anjum) - audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare() (Paul Moore) - audit: don't take task_lock() in audit_exe_compare() code path (Paul Moore) - KVM: x86: Ignore MSR_AMD64_TW_CFG access (Maciej S. Szmigiero) - KVM: x86: hyper-v: Don't auto-enable stimer on write from user-space (Nicolas Saenz Julienne) - x86/cpu/hygon: Fix the CPU topology evaluation for real (Pu Wen) - crypto: x86/sha - load modules based on CPU features (Roxana Nicolescu) - scsi: qla2xxx: Fix system crash due to bad pointer access (Quinn Tran) - scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for selected registers (Chandrakanth patil) - bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END (Shung-Hsi Yu) - bpf: Fix check_stack_write_fixed_off() to correctly spill imm (Hao Sun) - randstruct: Fix gcc-plugin performance mode to stay in group (Kees Cook) - powerpc/perf: Fix disabling BHRB and instruction sampling (Nicholas Piggin) - media: venus: hfi: add checks to perform sanity on queue pointers (Vikash Garodia) - i915/perf: Fix NULL deref bugs with drm_dbg() calls (Harshit Mogalapalli) - xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init() (Li Zetao) - xfs: fix memory leak in xfs_errortag_init (Zeng Heng) - xfs: fix exception caused by unexpected illegal bestcount in leaf dir (Guo Xuenan) - xfs: avoid a UAF when log intent item recovery fails (Darrick J. Wong) - xfs: fix inode reservation space for removing transaction (hexiaole) - xfs: Fix false ENOSPC when performing direct write on a delalloc extent in cow fork (Chandan Babu R) - xfs: fix intermittent hang during quotacheck (Darrick J. Wong) - xfs: don't leak memory when attr fork loading fails (Darrick J. Wong) - xfs: fix use-after-free in xattr node block inactivation (Darrick J. Wong) - xfs: flush inode gc workqueue before clearing agi bucket (Zhang Yi) - xfs: prevent a UAF when log IO errors race with unmount (Darrick J. Wong) - xfs: use invalidate_lock to check the state of mmap_lock (Kaixu Xia) - xfs: convert buf_cancel_table allocation to kmalloc_array (Darrick J. Wong) - xfs: don't leak xfs_buf_cancel structures when recovery fails (Darrick J. Wong) - xfs: refactor buffer cancellation table allocation (Darrick J. Wong) - cifs: fix check of rc in function generate_smb3signingkey (Ekaterina Esina) - cifs: spnego: add ';' in HOST_KEY_LEN (Anastasia Belova) - tools/power/turbostat: Enable the C-state Pre-wake printing (Chen Yu) - tools/power/turbostat: Fix a knl bug (Zhang Rui) - macvlan: Don't propagate promisc change to lower dev in passthru (Vlad Buslov) - net/mlx5e: Check return value of snprintf writing to fw_version buffer for representors (Rahul Rameshbabu) - net/mlx5e: Reduce the size of icosq_str (Saeed Mahameed) - net/mlx5e: Fix pedit endianness (Vlad Buslov) - net/mlx5e: fix double free of encap_header in update funcs (Gavin Li) - net/mlx5e: fix double free of encap_header (Dust Li) - net: stmmac: fix rx budget limit check (Baruch Siach) - netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() (Dan Carpenter) - netfilter: nf_tables: add and use BE register load-store helpers (Florian Westphal) - netfilter: nf_tables: use the correct get/put helpers (Florian Westphal) - netfilter: nf_conntrack_bridge: initialize err to 0 (Linkui Xiao) - af_unix: fix use-after-free in unix_stream_read_actor() (Eric Dumazet) - net: ethernet: cortina: Fix MTU max setting (Linus Walleij) - net: ethernet: cortina: Handle large frames (Linus Walleij) - net: ethernet: cortina: Fix max RX frame define (Linus Walleij) - bonding: stop the device in bond_setup_by_slave() (Eric Dumazet) - ptp: annotate data-race around q->head and q->tail (Eric Dumazet) - xen/events: fix delayed eoi list handling (Juergen Gross) - ppp: limit MRU to 64K (Willem de Bruijn) - tipc: Fix kernel-infoleak due to uninitialized TLV value (Shigeru Yoshida) - net: hns3: fix VF wrong speed and duplex issue (Jijie Shao) - net: hns3: fix VF reset fail issue (Jijie Shao) - net: hns3: fix variable may not initialized problem in hns3_init_mac_addr() (Yonglong Liu) - net: hns3: fix incorrect capability bit display for copper port (Jian Shen) - net: hns3: add barrier in vf mailbox reply process (Yonglong Liu) - net: hns3: add byte order conversion for PF to VF mailbox message (Jie Wang) - net: hns3: refine the definition for struct hclge_pf_to_vf_msg (Jian Shen) - net: hns3: fix add VLAN fail issue (Jian Shen) - tty: Fix uninit-value access in ppp_sync_receive() (Shigeru Yoshida) - ipvlan: add ipvlan_route_v6_outbound() helper (Eric Dumazet) - net: set SOCK_RCU_FREE before inserting socket into hashtable (Stanislav Fomichev) - gfs2: Silence 'suspicious RCU usage in gfs2_permission' warning (Andreas Gruenbacher) - SUNRPC: Fix RPC client cleaned up the freed pipefs dentries (felix) - NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO (Olga Kornievskaia) - SUNRPC: Add an IS_ERR() check back to where it was (Dan Carpenter) - SUNRPC: ECONNRESET might require a rebind (Trond Myklebust) - media: cec: meson: always include meson sub-directory in Makefile (Marek Szyprowski) - media: cadence: csi2rx: Unregister v4l2 async notifier (Pratyush Yadav) - sched/core: Optimize in_task() and in_interrupt() a bit (Finn Thain) - tracing/perf: Add interrupt_context_level() helper (Steven Rostedt (VMware)) - tracing: Reuse logic from perf's get_recursion_context() (Steven Rostedt (VMware)) - wifi: iwlwifi: Use FW rate for non-data frames (Miri Korenblit) - pwm: Fix double shift bug (Dan Carpenter) - drm/amdgpu: fix software pci_unplug on some chips (Vitaly Prosyak) - drm/qxl: prevent memory leak (Zongmin Zhou) - ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings (Tony Lindgren) - i2c: dev: copy userspace array safely (Philipp Stanner) - kgdb: Flush console before entering kgdb on panic (Douglas Anderson) - drm/amd/display: Avoid NULL dereference of timing generator (Wayne Lin) - media: imon: fix access to invalid resource for the second interface (Takashi Iwai) - media: ccs: Fix driver quirk struct documentation (Sakari Ailus) - media: cobalt: Use FIELD_GET() to extract Link Width (Ilpo Jarvinen) - gfs2: fix an oops in gfs2_permission (Al Viro) - gfs2: ignore negated quota changes (Bob Peterson) - media: vivid: avoid integer overflow (Hans Verkuil) - media: gspca: cpia1: shift-out-of-bounds in set_flicker (Rajeshwar R Shinde) - i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data. (Billy Tsai) - virtio-blk: fix implicit overflow on virtio_max_dma_size (zhenwei pi) - i2c: sun6i-p2wi: Prevent potential division by zero (Axel Lin) - i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler (Jarkko Nikula) - 9p: v9fs_listxattr: fix %s null argument warning (Dominique Martinet) - 9p/trans_fd: Annotate data-racy writes to file::f_flags (Marco Elver) - usb: gadget: f_ncm: Always set current gadget in ncm_bind() (Hardik Gajjar) - tty: vcc: Add check for kstrdup() in vcc_probe() (Yi Yang) - exfat: support handle zero-size directory (Yuezhang Mo) - HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W (Jiri Kosina) - PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk (Bjorn Helgaas) - misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller (Yoshihiro Shimoda) - PCI: Disable ATS for specific Intel IPU E2000 devices (Bartosz Pawlowski) - PCI: Extract ATS disabling to a helper function (Bartosz Pawlowski) - PCI: Use FIELD_GET() to extract Link Width (Ilpo Jarvinen) - scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (Wenchao Hao) - atm: iphase: Do PCI error checks on own line (Ilpo Jarvinen) - PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields (Ilpo Jarvinen) - ALSA: hda: Fix possible null-ptr-deref when assigning a stream (Cezary Rojewski) - ARM: 9320/1: fix stack depot IRQ stack filter (Vincent Whitchurch) - HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround (Mikhail Khvainitski) - jfs: fix array-index-out-of-bounds in diAlloc (Manas Ghandat) - jfs: fix array-index-out-of-bounds in dbFindLeaf (Manas Ghandat) - fs/jfs: Add validity check for db_maxag and db_agpref (Juntong Deng) - fs/jfs: Add check for negative db_l2nbperpage (Juntong Deng) - scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (Tyrel Datwyler) - scsi: hisi_sas: Set debugfs_dir pointer to NULL after removing debugfs (Yihang Li) - RDMA/hfi1: Use FIELD_GET() to extract Link Width (Ilpo Jarvinen) - crypto: pcrypt - Fix hungtask for PADATA_RESET (Lu Jialin) - ASoC: soc-card: Add storage for PCI SSID (Richard Fitzgerald) - selftests/efivarfs: create-read: fix a resource leak (zhujun2) - arm64: dts: ls208xa: use a pseudo-bus to constrain usb dma size (Laurentiu Tudor) - drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL (Qu Huang) - drm/amdkfd: Fix shift out-of-bounds issue (Jesse Zhang) - drm/panel: st7703: Pick different reset sequence (Ondrej Jirman) - drm/amdgpu/vkms: fix a possible null pointer dereference (Ma Ke) - drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (Ma Ke) - drm/panel: fix a possible null pointer dereference (Ma Ke) - drm/amdgpu: Fix potential null pointer derefernce (Stanley.Yang) - drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (Mario Limonciello) - drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (Mario Limonciello) - drm/msm/dp: skip validity check for DP CTS EDID checksum (Jani Nikula) - drm: vmwgfx_surface.c: copy user-array safely (Philipp Stanner) - kernel: watch_queue: copy user-array safely (Philipp Stanner) - kernel: kexec: copy user-array safely (Philipp Stanner) - string.h: add array-wrappers for (v)memdup_user() (Philipp Stanner) - drm/amd/display: use full update for clip size increase of large plane source (Wenjing Liu) - drm/amdkfd: Fix a race condition of vram buffer unref in svm code (Xiaogang Chen) - drm/komeda: drop all currently held locks if deadlock happens (baozhu.liu) - platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e (Olli Asikainen) - Bluetooth: Fix double free in hci_conn_cleanup (ZhengHan Wang) - Bluetooth: btusb: Add date->evt_skb is NULL check (youwan Wang) - wifi: ath10k: Don't touch the CE interrupt registers after power up (Douglas Anderson) - net: annotate data-races around sk->sk_dst_pending_confirm (Eric Dumazet) - net: annotate data-races around sk->sk_tx_queue_mapping (Eric Dumazet) - wifi: ath10k: fix clang-specific fortify warning (Dmitry Antipov) - wifi: ath9k: fix clang-specific fortify warnings (Dmitry Antipov) - bpf: Detect IP == ksym.end as part of BPF program (Kumar Kartikeya Dwivedi) - atl1c: Work around the DMA RX overflow issue (Sieng-Piaw Liew) - wifi: mac80211: don't return unset power in ieee80211_get_tx_power() (Ping-Ke Shih) - wifi: mac80211_hwsim: fix clang-specific fortify warning (Dmitry Antipov) - x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size (Mike Rapoport (IBM)) - workqueue: Provide one lock class key per work_on_cpu() callsite (Frederic Weisbecker) - clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware (Ronald Wahl) - clocksource/drivers/timer-imx-gpt: Fix potential memory leak (Jacky Bai) - perf/core: Bail out early if the request AUX area is out of bound (Shuai Xue) - locking/ww_mutex/test: Fix potential workqueue corruption (John Stultz) - LTS version: v5.15.139 (Jack Vogel) - btrfs: use u64 for buffer sizes in the tree search ioctls (Filipe Manana) - Revert 'mmc: core: Capture correct oemid-bits for eMMC cards' (Dominique Martinet) - tracing/kprobes: Fix the order of argument descriptions (Yujie Liu) - fbdev: fsl-diu-fb: mark wr_reg_wa() static (Arnd Bergmann) - fbdev: imsttfb: fix a resource leak in probe (Dan Carpenter) - fbdev: imsttfb: Fix error path of imsttfb_probe() (Helge Deller) - spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (Amit Kumar Mahapatra) - ASoC: hdmi-codec: register hpd callback on component probe (Jerome Brunet) - drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE (Erik Kurzinger) - netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses (Florian Westphal) - netfilter: nft_redir: use struct nf_nat_range2 throughout and deduplicate eval call-backs (Jeremy Sowden) - netfilter: xt_recent: fix (increase) ipv6 literal buffer length (Maciej Zenczykowski) - i2c: iproc: handle invalid slave state (Roman Bacik) - r8169: respect userspace disabling IFF_MULTICAST (Heiner Kallweit) - blk-core: use pr_warn_ratelimited() in bio_check_ro() (Yu Kuai) - block: remove unneeded return value of bio_check_ro() (Miaohe Lin) - tg3: power down device only on SYSTEM_POWER_OFF (George Shuklin) - net/smc: put sk reference if close work was canceled (D. Wythe) - net/smc: allow cdc msg send rather than drop it with NULL sndbuf_desc (D. Wythe) - net/smc: fix dangling sock under state SMC_APPFINCLOSEWAIT (D. Wythe) - selftests: pmtu.sh: fix result checking (Hangbin Liu) - net: stmmac: xgmac: Enable support for multiple Flexible PPS outputs (Furong Xu) - Fix termination state for idr_for_each_entry_ul() (NeilBrown) - net: r8169: Disable multicast filter for RTL8168H and RTL8107E (Patrick Thompson) - dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses. (Kuniyuki Iwashima) - dccp: Call security_inet_conn_request() after setting IPv4 addresses. (Kuniyuki Iwashima) - octeontx2-pf: Fix holes in error code (Ratheesh Kannoth) - octeontx2-pf: Fix error codes (Ratheesh Kannoth) - bpf: Check map->usercnt after timer->timer is assigned (Hou Tao) - tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (Shigeru Yoshida) - hsr: Prevent use after free in prp_create_tagged_frame() (Dan Carpenter) - llc: verify mac len before reading mac header (Willem de Bruijn) - Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (Dan Carpenter) - pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume (Florian Fainelli) - pwm: sti: Reduce number of allocations and drop usage of chip_data (Uwe Kleine-Konig) - regmap: prevent noinc writes from clobbering cache (Ben Wolsieffer) - media: cedrus: Fix clock/reset sequence (Jernej Skrabec) - media: vidtv: mux: Add check and kfree for kstrdup (Jiasheng Jiang) - media: vidtv: psi: Add check for kstrdup (Jiasheng Jiang) - media: s3c-camif: Avoid inappropriate kfree() (Katya Orlova) - media: bttv: fix use after free error due to btv->timeout timer (Zheng Wang) - media: i2c: max9286: Fix some redundant of_node_put() calls (Christophe JAILLET) - pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() (Yang Yingliang) - pcmcia: ds: fix refcount leak in pcmcia_device_add() (Yang Yingliang) - pcmcia: cs: fix possible hung task and memory leak pccardd() (Yang Yingliang) - rtc: pcf85363: fix wrong mask/val parameters in regmap_update_bits call (Javier Carrasco) - cxl/mem: Fix shutdown order (Dan Williams) - i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs (Dinghao Liu) - 9p/net: fix possible memory leak in p9_check_errors() (Hangyu Hua) - perf hist: Add missing puts to hist__account_cycles (Ian Rogers) - perf machine: Avoid out of bounds LBR memory read (Ian Rogers) - usb: host: xhci-plat: fix possible kernel oops while resuming (Sergey Shtylyov) - xhci: Loosen RPM as default policy to cover for AMD xHC 1.1 (Basavaraj Natikar) - powerpc/pseries: fix potential memory leak in init_cpu_associativity() (Wang Yufen) - powerpc/imc-pmu: Use the correct spinlock initializer. (Sebastian Andrzej Siewior) - powerpc/xive: Fix endian conversion size (Benjamin Gray) - powerpc/40x: Remove stale PTE_ATOMIC_UPDATES macro (Christophe Leroy) - modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host (Masahiro Yamada) - powerpc: Only define __parse_fpscr() when required (Christophe Leroy) - f2fs: fix to initialize map.m_pblk in f2fs_precache_extents() (Chao Yu) - dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() (Christophe JAILLET) - USB: usbip: fix stub_dev hub disconnect (Jonas Blixt) - tools: iio: iio_generic_buffer ensure alignment (Matti Vaittinen) - misc: st_core: Do not call kfree_skb() under spin_lock_irqsave() (Jinjie Ruan) - dmaengine: ti: edma: handle irq_of_parse_and_map() errors (Dan Carpenter) - usb: chipidea: Simplify Tegra DMA alignment code (Michal Miroslaw) - usb: chipidea: Fix DMA overwrite for Tegra (Michal Miroslaw) - usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency (Jia-Ju Bai) - dmaengine: idxd: Register dsa_bus_type before registering idxd sub-drivers (Fenghua Yu) - livepatch: Fix missing newline character in klp_resolve_symbols() (Zheng Yejian) - tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (Yi Yang) - f2fs: compress: fix to avoid redundant compress extension (Chao Yu) - f2fs: compress: fix to avoid use-after-free on dic (Chao Yu) - leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu' (Christophe JAILLET) - leds: pwm: Don't disable the PWM when the LED should be off (Uwe Kleine-Konig) - leds: turris-omnia: Do not use SMBUS calls (Marek Behun) - leds: turris-omnia: Drop unnecessary mutex locking (Marek Behun) - mfd: arizona-spi: Set pdata.hpdet_channel for ACPI enumerated devs (Hans de Goede) - mfd: dln2: Fix double put in dln2_probe (Dinghao Liu) - mfd: core: Ensure disabled devices are skipped without aborting (Herve Codina) - mfd: core: Un-constify mfd_cell.of_reg (Michal Miroslaw) - ASoC: ams-delta.c: use component after check (Kuninori Morimoto) - crypto: qat - fix deadlock in backlog processing (Giovanni Cabiddu) - padata: Fix refcnt handling in padata_free_shell() (WangJinchao) - ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails (Cezary Rojewski) - HID: logitech-hidpp: Move get_wireless_feature_index() check to hidpp_connect_event() (Hans de Goede) - HID: logitech-hidpp: Revert 'Don't restart communication if not necessary' (Hans de Goede) - HID: logitech-hidpp: Don't restart IO, instead defer hid_connect() only (Hans de Goede) - HID: logitech-hidpp: Remove HIDPP_QUIRK_NO_HIDINPUT quirk (Bastien Nocera) - Revert 'HID: logitech-hidpp: add a module parameter to keep firmware gestures' (Bastien Nocera) - sh: bios: Revive earlyprintk support (Geert Uytterhoeven) - hid: cp2112: Fix IRQ shutdown stopping polling for all IRQs on chip (Danny Kaehn) - RDMA/hfi1: Workaround truncation compilation error (Leon Romanovsky) - scsi: ufs: core: Leave space for '- ASoC: fsl: Fix PM disable depth imbalance in fsl_easrc_probe (Zhang Shurong) - RDMA/hns: The UD mode can only be configured with DCQCN (Luoyouming) - RDMA/hns: Fix signed-unsigned mixed comparisons (Chengchang Tang) - RDMA/hns: Fix uninitialized ucmd in hns_roce_create_qp_common() (Chengchang Tang) - IB/mlx5: Fix rdma counter binding for RAW QP (Patrisious Haddad) - ASoC: fsl: mpc5200_dma.c: Fix warning of Function parameter or member not described (Kuninori Morimoto) - ext4: move 'ix' sanity check to corrent position (Gou Hao) - ARM: 9321/1: memset: cast the constant byte to unsigned char (Kursad Oney) - hid: cp2112: Fix duplicate workqueue initialization (Danny Kaehn) - crypto: qat - increase size of buffers (Giovanni Cabiddu) - crypto: caam/jr - fix Chacha20 + Poly1305 self test failure (Gaurav Jain) - crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure (Gaurav Jain) - nd_btt: Make BTT lanes preemptible (Tomas Glozar) - libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and check its return value (Chen Ni) - scsi: ibmvfc: Fix erroneous use of rtas_busy_delay with hcall return code (Tyrel Datwyler) - RDMA/core: Use size_{add,sub,mul}() in calls to struct_size() (Gustavo A. R. Silva) - hwrng: geode - fix accessing registers (Jonas Gorski) - crypto: hisilicon/hpre - Fix a erroneous check after snprintf() (Christophe JAILLET) - selftests/resctrl: Ensure the benchmark commands fits to its array (Ilpo Jarvinen) - selftests/pidfd: Fix ksft print formats (Maciej Wieczor-Retman) - arm64: dts: imx8mn: Add sound-dai-cells to micfil node (Adam Ford) - arm64: dts: imx8mm: Add sound-dai-cells to micfil node (Adam Ford) - arm64: dts: imx8qm-ss-img: Fix jpegenc compatible entry (Fabio Estevam) - clk: scmi: Free scmi_clk allocated when the clocks with invalid info are skipped (Sudeep Holla) - firmware: arm_ffa: Assign the missing IDR allocation ID to the FFA device (Sudeep Holla) - firmware: ti_sci: Mark driver as non removable (Dhruva Gole) - soc: qcom: llcc: Handle a second device without data corruption (Uwe Kleine-Konig) - ARM: dts: qcom: mdm9615: populate vsdcc fixed regulator (Krzysztof Kozlowski) - arm64: dts: qcom: apq8016-sbc: Add missing ADV7533 regulators (Stephan Gerhold) - ARM64: dts: marvell: cn9310: Use appropriate label for spi1 pins (Chris Packham) - arm64: dts: qcom: sdm845-mtp: fix WiFi configuration (Dmitry Baryshkov) - arm64: dts: qcom: sc7280: Add missing LMH interrupts (Konrad Dybcio) - arm64: dts: qcom: msm8992-libra: drop duplicated reserved memory (Krzysztof Kozlowski) - arm64: dts: qcom: msm8916: Fix iommu local address range (Gaurav Kohli) - ARM: dts: renesas: blanche: Fix typo in GP_11_2 pin name (Geert Uytterhoeven) - perf: hisi: Fix use-after-free when register pmu fails (Junhao He) - drm: mediatek: mtk_dsi: Fix NO_EOT_PACKET settings/handling (AngeloGioacchino Del Regno) - drm/msm/dsi: use msm_gem_kernel_put to free TX buffer (Dmitry Baryshkov) - xen-pciback: Consider INTx disabled when MSI/MSI-X is enabled (Marek Marczykowski-Gorecki) - drm/rockchip: Fix type promotion bug in rockchip_gem_iommu_map() (Dan Carpenter) - drm/bridge: lt9611uxc: fix the race in the error path (Dmitry Baryshkov) - drm/bridge: lt9611uxc: Register and attach our DSI device at probe (Maxime Ripard) - drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers (Maxime Ripard) - drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() (Christophe JAILLET) - drm/mediatek: Fix iommu fault during crtc enabling (Jason-JH.Lin) - drm/mediatek: Fix iommu fault by swapping FBs after updating plane state (Jason-JH.Lin) - drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code (Xiaogang Chen) - drm/bridge: tc358768: Fix bit updates (Tomi Valkeinen) - drm/bridge: tc358768: Disable non-continuous clock mode (Dmitry Osipenko) - drm/bridge: tc358768: Fix use of uninitialized variable (Tomi Valkeinen) - drm/bridge: lt8912b: Add missing drm_bridge_attach call (Tomi Valkeinen) - drm/bridge: lt8912b: Manually disable HPD only if it was enabled (Tomi Valkeinen) - drm/bridge: lt8912b: Fix crash on bridge detach (Tomi Valkeinen) - drm/bridge: lt8912b: Fix bridge_detach (Tomi Valkeinen) - drm/bridge: lt8912b: Add hot plug detection (Stefan Eichenberger) - drm/bridge: lt8912b: Register and attach our DSI device at probe (Maxime Ripard) - drm/bridge: lt8912b: Switch to devm MIPI-DSI helpers (Maxime Ripard) - drm/mipi-dsi: Create devm device attachment (Maxime Ripard) - drm/mipi-dsi: Create devm device registration (Maxime Ripard) - drm/radeon: possible buffer overflow (Konstantin Meskhidze) - drm/rockchip: vop: Fix call to crtc reset helper (Jonas Karlman) - drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs (Jonas Karlman) - hwmon: (coretemp) Fix potentially truncated sysfs attribute name (Zhang Rui) - hwmon: (axi-fan-control) Fix possible NULL pointer dereference (Dragos Bogdan) - platform/x86: wmi: Fix opening of char device (Armin Wolf) - platform/x86: wmi: remove unnecessary initializations (Barnabas Pocze) - platform/x86: wmi: Fix probe failure when failing to register WMI devices (Armin Wolf) - clk: qcom: config IPQ_APSS_6018 should depend on QCOM_SMEM (Varadarajan Narayanan) - clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data (Jiasheng Jiang) - clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data (Jiasheng Jiang) - clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data (Jiasheng Jiang) - clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data (Jiasheng Jiang) - clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data (Jiasheng Jiang) - clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data (Jiasheng Jiang) - clk: npcm7xx: Fix incorrect kfree (Jonathan Neuschafer) - clk: ti: fix double free in of_ti_divider_clk_setup() (Dan Carpenter) - clk: ti: change ti_clk_register[_omap_hw]() API (Dario Binacchi) - clk: ti: Update component clocks to use ti_dt_clk_name() (Tony Lindgren) - clk: ti: Update pll and clockdomain clocks to use ti_dt_clk_name() (Tony Lindgren) - clk: ti: Add ti_dt_clk_name() helper to use clock-output-names (Tony Lindgren) - clk: keystone: pll: fix a couple NULL vs IS_ERR() checks (Dan Carpenter) - spi: nxp-fspi: use the correct ioremap function (Han Xu) - clk: renesas: rzg2l: Fix computation formula (Claudiu Beznea) - clk: renesas: rzg2l: Use FIELD_GET() for PLL register fields (Claudiu Beznea) - clk: renesas: rzg2l: Simplify multiplication/shift logic (Geert Uytterhoeven) - clk: imx: imx8qxp: Fix elcdif_pll clock (Robert Chiras) - clk: imx: imx8mq: correct error handling path (Peng Fan) - clk: imx: Select MXC_CLK for CLK_IMX8QXP (Abel Vesa) - clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src (Danila Tikhonov) - clk: qcom: mmcc-msm8998: Fix the SMMU GDSC (Konrad Dybcio) - clk: qcom: mmcc-msm8998: Don't check halt bit on some branch clks (Konrad Dybcio) - clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies (Devi Priya) - spi: tegra: Fix missing IRQ check in tegra_slink_probe() (Zhang Shurong) - regmap: debugfs: Fix a erroneous check after snprintf() (Christophe JAILLET) - ipvlan: properly track tx_errors (Eric Dumazet) - net: add DEV_STATS_READ() helper (Eric Dumazet) - ipv6: avoid atomic fragment on GSO packets (Yan Zhai) - ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() (Christophe JAILLET) - wifi: iwlwifi: empty overflow queue during flush (Miri Korenblit) - wifi: iwlwifi: pcie: synchronize IRQs before NAPI (Johannes Berg) - wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (Gregory Greenman) - iwlwifi: pcie: adjust to Bz completion descriptor (Johannes Berg) - tcp: fix cookie_init_timestamp() overflows (Eric Dumazet) - chtls: fix tp->rcv_tstamp initialization (Eric Dumazet) - r8169: fix rare issue with broken rx after link-down on RTL8125 (Heiner Kallweit) - r8169: use tp_to_dev instead of open code (Juhee Kang) - thermal: core: prevent potential string overflow (Dan Carpenter) - netfilter: nf_tables: Drop pointless memset when dumping rules (Phil Sutter) - PM / devfreq: rockchip-dfi: Make pmu regmap mandatory (Sascha Hauer) - can: dev: can_put_echo_skb(): don't crash kernel if can_priv::echo_skb is accessed out of bounds (Marc Kleine-Budde) - can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() (Marc Kleine-Budde) - can: dev: can_restart(): don't crash kernel if carrier is OK (Marc Kleine-Budde) - wifi: rtlwifi: fix EDCA limit set by BT coexistence (Dmitry Antipov) - tcp_metrics: do not create an entry from tcp_init_metrics() (Eric Dumazet) - tcp_metrics: properly set tp->snd_ssthresh in tcp_init_metrics() (Eric Dumazet) - tcp_metrics: add missing barriers on delete (Eric Dumazet) - wifi: mt76: mt7603: improve stuck beacon handling (Felix Fietkau) - mt76: pass original queue id from __mt76_tx_queue_skb to the driver (Felix Fietkau) - mt76: add support for overriding the device used for DMA mapping (Felix Fietkau) - mt76: dma: use kzalloc instead of devm_kzalloc for txwi (Felix Fietkau) - wifi: mt76: mt7603: rework/fix rx pse hang check (Felix Fietkau) - wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (Jinjie Ruan) - net: spider_net: Use size_add() in call to struct_size() (Gustavo A. R. Silva) - tipc: Use size_add() in calls to struct_size() (Gustavo A. R. Silva) - mlxsw: Use size_mul() in call to struct_size() (Gustavo A. R. Silva) - gve: Use size_add() in call to struct_size() (Gustavo A. R. Silva) - tcp: call tcp_try_undo_recovery when an RTOd TFO SYNACK is ACKed (Aananth V) - udp: add missing WRITE_ONCE() around up->encap_rcv (Eric Dumazet) - selftests/bpf: Correct map_fd to data_fd in tailcalls (Leon Hwang) - selftests/bpf: Test tail call counting with bpf2bpf and data on stack (Jakub Sitnicki) - i40e: fix potential memory leaks in i40e_remove() (Andrii Staikov) - genirq/matrix: Exclude managed interrupts in irq_matrix_allocated() (Chen Yu) - pstore/platform: Add check for kstrdup (Jiasheng Jiang) - x86/boot: Fix incorrect startup_gdt_descr.size (Yuntao Wang) - x86/sev-es: Allow copy_from_kernel_nofault() in earlier boot (Adam Dunlap) - x86: Share definition of __is_canonical_address() (Adrian Hunter) - futex: Don't include process MM in futex key on no-MMU (Ben Wolsieffer) - x86/srso: Fix SBPB enablement for (possible) future fixed HW (Josh Poimboeuf) - writeback, cgroup: switch inodes with dirty timestamps to release dying cgwbs (Jingbo Xu) - vfs: fix readahead(2) on block devices (Reuben Hawkins) - sched: Fix stop_one_cpu_nowait() vs hotplug (Peter Zijlstra) - sched/uclamp: Ignore (util == 0) optimization in feec() when p_util_max = 0 (Qais Yousef) - iov_iter, x86: Be consistent about the __user tag on copy_mc_to_user() (David Howells) - LTS version: v5.15.138 (Jack Vogel) - ALSA: hda: intel-dsp-config: Fix JSL Chromebook quirk detection (Mark Hasemeyer) - misc: pci_endpoint_test: Add deviceID for J721S2 PCIe EP device support (Siddharth Vadapalli) - tty: 8250: Add Brainboxes Oxford Semiconductor-based quirks (Cameron Williams) - tty: 8250: Add support for Intashield IX cards (Cameron Williams) - tty: 8250: Add support for additional Brainboxes PX cards (Cameron Williams) - tty: 8250: Fix up PX-803/PX-857 (Cameron Williams) - tty: 8250: Fix port count of PX-257 (Cameron Williams) - tty: 8250: Add support for Intashield IS-100 (Cameron Williams) - tty: 8250: Add support for Brainboxes UP cards (Cameron Williams) - tty: 8250: Add support for additional Brainboxes UC cards (Cameron Williams) - tty: 8250: Remove UC-257 and UC-431 (Cameron Williams) - tty: n_gsm: fix race condition in status line change on dead connections (Daniel Starke) - usb: raw-gadget: properly handle interrupted requests (Andrey Konovalov) - usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() (Jimmy Hu) - usb: storage: set 1.50 as the lower bcdDevice for older 'Super Top' compatibility (LihaSika) - PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device (Vicki Pfau) - drm/amd: Disable ASPM for VI w/ all Intel systems (Mario Limonciello) - drm/amd: Move helper for dynamic speed switch check out of smu13 (Mario Limonciello) - can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior (Oliver Hartkopp) - can: isotp: isotp_bind(): do not validate unused address information (Oliver Hartkopp) - can: isotp: add local echo tx processing and tx without FC (Oliver Hartkopp) - can: isotp: handle wait_event_interruptible() return values (Oliver Hartkopp) - can: isotp: check CAN address family in isotp_bind() (Oliver Hartkopp) - can: isotp: isotp_bind(): return -EINVAL on incorrect CAN ID formatting (Oliver Hartkopp) - can: isotp: set max PDU size to 64 kByte (Oliver Hartkopp) - powerpc/mm: Fix boot crash with FLATMEM (Michael Ellerman) - r8152: Check for unplug in r8153b_ups_en() / r8153c_ups_en() (Douglas Anderson) - r8152: Check for unplug in rtl_phy_patch_request() (Douglas Anderson) - net: chelsio: cxgb4: add an error code check in t4_load_phy_fw (Su Hui) - platform/mellanox: mlxbf-tmfifo: Fix a warning message (Liming Sun) - scsi: mpt3sas: Fix in error path (Tomas Henzl) - fbdev: uvesafb: Call cn_del_callback() at the end of uvesafb_exit() (Jorge Maidana) - drm/ttm: Reorder sys manager cleanup step (Karolina Stolarek) - ASoC: rt5650: fix the wrong result of key button (Shuming Fan) - netfilter: nfnetlink_log: silence bogus compiler warning (Florian Westphal) - spi: npcm-fiu: Fix UMA reads when dummy.nbytes == 0 (William A. Kennington III) - fs/ntfs3: Avoid possible memory leak (Su Hui) - fs/ntfs3: Fix directory element type detection (Gabriel Marcano) - fs/ntfs3: Fix NULL pointer dereference on error in attr_allocate_frame() (Konstantin Komarov) - fs/ntfs3: Fix possible NULL-ptr-deref in ni_readpage_cmpr() (Konstantin Komarov) - fs/ntfs3: Use kvmalloc instead of kmalloc(... __GFP_NOWARN) (Konstantin Komarov) - fs/ntfs3: Write immediately updated ntfs state (Konstantin Komarov) - fs/ntfs3: Add ckeck in ni_update_parent() (Konstantin Komarov) - fbdev: atyfb: only use ioremap_uc() on i386 and ia64 (Arnd Bergmann) - Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport (Dmitry Torokhov) - powerpc/85xx: Fix math emulation exception (Christophe Leroy) - dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe (Zhang Shurong) - irqchip/stm32-exti: add missing DT IRQ flag translation (Ben Wolsieffer) - irqchip/riscv-intc: Mark all INTC nodes as initialized (Anup Patel) - net: sched: cls_u32: Fix allocation size in u32_init() (Gustavo A. R. Silva) - ASoC: simple-card: fixup asoc_simple_probe() error handling (Kuninori Morimoto) - x86: Fix .brk attribute in linker script (Juergen Gross) - rpmsg: Fix possible refcount leak in rpmsg_register_device_override() (Hangyu Hua) - rpmsg: glink: Release driver_override (Bjorn Andersson) - rpmsg: Fix calling device_lock() on non-initialized device (Krzysztof Kozlowski) - rpmsg: Fix kfree() of static memory on setting driver_override (Krzysztof Kozlowski) - rpmsg: Constify local variable in field store macro (Krzysztof Kozlowski) - driver: platform: Add helper for safer setting of driver_override (Krzysztof Kozlowski) - objtool/x86: add missing embedded_insn check (John Sperbeck) - ext4: avoid overlapping preallocations due to overflow (Baokun Li) - ext4: fix BUG in ext4_mb_new_inode_pa() due to overflow (Baokun Li) - ext4: add two helper functions extent_logical_end() and pa_logical_end() (Baokun Li) - x86/mm: Fix RESERVE_BRK() for older binutils (Josh Poimboeuf) - x86/i8259: Skip probing when ACPI/MADT advertises PCAT compatibility (Thomas Gleixner) - gve: Fix GFP flags when allocing pages (Shailend Chand) - iio: afe: rescale: Accept only offset channels (Linus Walleij) - iio: afe: rescale: add offset support (Liam Beguin) - iio: afe: rescale: expose scale processing function (Liam Beguin) - iio: afe: rescale: reorder includes (Liam Beguin) - clk: Sanitize possible_parent_show to Handle Return Value of of_clk_get_parent_name (Alessandro Carminati) - sparc32: fix a braino in fault handling in csum_and_copy_..._user() (Al Viro) - perf/core: Fix potential NULL deref (Peter Zijlstra) - nvmem: imx: correct nregs for i.MX6UL (Peng Fan) - nvmem: imx: correct nregs for i.MX6SLL (Peng Fan) - nvmem: imx: correct nregs for i.MX6ULL (Peng Fan) - misc: fastrpc: Clean buffers on remote invocation failures (Ekansh Gupta) - tracing/kprobes: Fix the description of variable length arguments (Yujie Liu) - i2c: stm32f7: Fix PEC handling in case of SMBUS transfers (Alain Volmat) - i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() (Herve Codina) - i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() (Herve Codina) - i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() (Herve Codina) - iio: adc: xilinx-xadc: Correct temperature offset/scale for UltraScale (Robert Hancock) - iio: adc: xilinx-xadc: Don't clobber preset voltage/temperature thresholds (Robert Hancock) - iio: exynos-adc: request second interupt only when touchscreen mode is used (Marek Szyprowski) - kasan: print the original fault addr when access invalid shadow (Haibo Li) - i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR (Ivan Vecera) - gtp: fix fragmentation needed check with gso (Pablo Neira Ayuso) - gtp: uapi: fix GTPA_MAX (Pablo Neira Ayuso) - tcp: fix wrong RTO timeout when received SACK reneging (Fred Chen) - r8152: Release firmware if we have an error in probe (Douglas Anderson) - r8152: Cancel hw_phy_work if we have an error in probe (Douglas Anderson) - r8152: Run the unload routine if we have errors during probe (Douglas Anderson) - r8152: Increase USB control msg timeout to 5000ms as per spec (Douglas Anderson) - net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg (Shigeru Yoshida) - net: ieee802154: adf7242: Fix some potential buffer overflow in adf7242_stats_show() (Christophe JAILLET) - igc: Fix ambiguity in the ethtool advertising (Sasha Neftin) - neighbour: fix various data-races (Eric Dumazet) - igb: Fix potential memory leak in igb_add_ethtool_nfc_entry (Mateusz Palczewski) - treewide: Spelling fix in comment (Kunwu Chan) - r8169: fix the KCSAN reported data race in rtl_rx while reading desc->opts1 (Mirsad Goran Todorovac) - r8169: fix the KCSAN reported data-race in rtl_tx while reading TxDescArray[entry].opts1 (Mirsad Goran Todorovac) - r8169: fix the KCSAN reported data-race in rtl_tx() while reading tp->cur_tx (Mirsad Goran Todorovac) - drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper() (Lukasz Majczak) - vsock/virtio: initialize the_virtio_vsock before using VQs (Alexandru Matei) - vsock/virtio: add support for device suspend/resume (Stefano Garzarella) - vsock/virtio: factor our the code to initialize and delete VQs (Stefano Garzarella) - drm/i915/pmu: Check if pmu is closed before stopping event (Umesh Nerlige Ramappa) - nfsd: lock_rename() needs both directories to live on the same fs (Al Viro) - mm/migrate: fix do_pages_move for compat pointers (Gregory Price) - mm/page_alloc: correct start page when guard page debug is enabled (Kemeng Shi) - vhost: Allow null msg.size on VHOST_IOTLB_INVALIDATE (Eric Auger) - virtio_balloon: Fix endless deflation and inflation on arm64 (Gavin Shan) - mcb-lpc: Reallocate memory region to avoid memory overlapping (Rodriguez Barbarin, Jose Javier) - mcb: Return actual parsed size when reading chameleon table (Rodriguez Barbarin, Jose Javier) - mptcp: more conservative check for zero probes (Paolo Abeni) - tcp: cleanup tcp_remove_empty_skb() use (Eric Dumazet) - tcp: remove dead code from tcp_sendmsg_locked() (Eric Dumazet) - pinctrl: qcom: lpass-lpi: fix concurrent register updates (Krzysztof Kozlowski) - ASoC: codecs: wcd938x: fix runtime PM imbalance on remove (Johan Hovold) - ASoC: codecs: wcd938x: fix resource leaks on bind errors (Johan Hovold) - LTS version: v5.15.137 (Jack Vogel) - xfrm6: fix inet6_dev refcount underflow problem (Zhang Changzhong) - Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (Kees Cook) - Bluetooth: hci_sock: fix slab oob read in create_monitor_event (Edward AD) - phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (Tony Lindgren) - phy: mapphone-mdm6600: Fix runtime PM for remove (Tony Lindgren) - phy: mapphone-mdm6600: Fix runtime disable on probe (Tony Lindgren) - serial: 8250: omap: Move uart_write() inside PM section (Geert Uytterhoeven) - ASoC: pxa: fix a memory leak in probe() (Dan Carpenter) - gpio: vf610: set value before the direction to avoid a glitch (Haibo Chen) - platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (Hans de Goede) - platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (Hans de Goede) - platform/surface: platform_profile: Propagate error if profile registration fails (Armin Wolf) - s390/cio: fix a memleak in css_alloc_subchannel (Dinghao Liu) - selftests/ftrace: Add new test case which checks non unique symbol (Francis Laniel) - s390/pci: fix iommu bitmap allocation (Niklas Schnelle) - perf: Disallow mis-matched inherited group reads (Peter Zijlstra) - USB: serial: option: add Fibocom to DELL custom modem FM101R-GL (Puliang Lu) - USB: serial: option: add entry for Sierra EM9191 with new firmware (Benoit Monin) - USB: serial: option: add Telit LE910C4-WWX 0x1035 composition (Fabio Porcedda) - nvme-rdma: do not try to stop unallocated queues (Maurizio Lombardi) - nvme-pci: add BOGUS_NID for Intel 0a54 device (Keith Busch) - ACPI: irq: Fix incorrect return value in acpi_register_gsi() (Sunil V L) - pNFS: Fix a hang in nfs4_evict_inode() (Trond Myklebust) - Revert 'pinctrl: avoid unsafe code pattern in find_pinctrl()' (Andy Shevchenko) - mmc: core: Capture correct oemid-bits for eMMC cards (Avri Altman) - mmc: core: sdio: hold retuning if sdio in 1-bit mode (Haibo Chen) - mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (Pablo Sun) - mtd: physmap-core: Restore map_rom fallback (Geert Uytterhoeven) - mtd: spinand: micron: correct bitmask for ecc status (Martin Kurbanov) - mtd: rawnand: arasan: Ensure program page operations are successful (Miquel Raynal) - mtd: rawnand: marvell: Ensure program page operations are successful (Miquel Raynal) - mtd: rawnand: pl353: Ensure program page operations are successful (Miquel Raynal) - mtd: rawnand: qcom: Unmap the right resource upon probe failure (Bibek Kumar Patro) - net: fix ifname in netlink ntf during netns move (Jakub Kicinski) - net: move from strlcpy with unused retval to strscpy (Wolfram Sang) - net: introduce a function to check if a netdev name is in use (Antoine Tenart) - Bluetooth: hci_event: Fix using memcmp when comparing keys (Luiz Augusto von Dentz) - net/mlx5: Handle fw tracer change ownership event based on MTRC (Maher Sanalla) - platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (Renan Guilherme Lebre Ramos) - HID: multitouch: Add required quirk for Synaptics 0xcd7e device (Rahul Rameshbabu) - btrfs: error out when reallocating block for defrag using a stale transaction (Filipe Manana) - btrfs: error when COWing block from a root that is being deleted (Filipe Manana) - btrfs: error out when COWing block using a stale transaction (Filipe Manana) - btrfs: fix some -Wmaybe-uninitialized warnings in ioctl.c (Josef Bacik) - drm: panel-orientation-quirks: Add quirk for One Mix 2S (Kai Uwe Broulik) - ipv4/fib: send notify when delete source address routes (Hangbin Liu) - sky2: Make sure there is at least one frag_addr available (Kees Cook) - regulator/core: Revert 'fix kobject release warning and memory leak in regulator_register()' (Michal Miroslaw) - wifi: cfg80211: avoid leaking stack data into trace (Benjamin Berg) - wifi: mac80211: allow transmitting EAPOL frames with tainted key (Wen Gong) - wifi: cfg80211: Fix 6GHz scan configuration (Ilan Peer) - Bluetooth: hci_core: Fix build warnings (Luiz Augusto von Dentz) - Bluetooth: Avoid redundant authentication (Ying Hsu) - Bluetooth: btusb: add shutdown function for QCA6174 (Rocky Liao) - HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (Ma Ke) - wifi: iwlwifi: Ensure ack flag is properly cleared. (Ben Greear) - wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (Gustavo A. R. Silva) - tracing: relax trace_event_eval_update() execution with cond_resched() (Clement Leger) - ata: libata-eh: Fix compilation warning in ata_eh_link_report() (Damien Le Moal) - ata: libata-core: Fix compilation warning in ata_dev_config_ncq() (Damien Le Moal) - gpio: timberdale: Fix potential deadlock on &tgpio->lock (Chengfeng Ye) - overlayfs: set ctime when setting mtime and atime (Jeff Layton) - i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (Heiner Kallweit) - btrfs: initialize start_slot in btrfs_log_prealloc_extents (Josef Bacik) - btrfs: return -EUCLEAN for delayed tree ref with a ref count not equals to 1 (Filipe Manana) - fs-writeback: do not requeue a clean inode having skipped pages (Chunhai Guo) - ARM: dts: ti: omap: Fix noisy serial with overrun-throttle-ms for mapphone (Tony Lindgren) - ksmbd: not allow to open file if delelete on close bit is set (Namjae Jeon) - nfp: flower: avoid rmmod nfp crash issues (Yanguo Li) - mctp: perform route lookups under a RCU read-side lock (Jeremy Kerr) - mctp: Allow local delivery to the null EID (Jeremy Kerr) - powerpc/47x: Fix 47x syscall return crash (Michael Ellerman) - powerpc/32s: Do kuep_lock() and kuep_unlock() in assembly (Christophe Leroy) - powerpc/32s: Remove capability to disable KUEP at boottime (Christophe Leroy) - drm/atomic-helper: relax unregistered connector check (Simon Ser) - perf/x86/lbr: Filter vsyscall addresses (JP Kobryn) - iio: adc: ad7192: Correct reference voltage (Alisa-Dariana Roman) - iio: cros_ec: fix an use-after-free in cros_ec_sensors_push_data() (Tzung-Bi Shih) - iio: core: introduce iio_device_{claim|release}_buffer_mode() APIs (Nuno Sa) - iio: core: Hide read accesses to iio_dev->currentmode (Miquel Raynal) - iio: Un-inline iio_buffer_enabled() (Miquel Raynal) - serial: 8250_omap: Fix errors with no_console_suspend (Tony Lindgren) - serial: 8250: omap: Fix imprecise external abort for omap_8250_pm() (Tony Lindgren) - selftests/mm: fix awk usage in charge_reserved_hugetlb.sh and hugetlb_reparenting_test.sh that may cause error (Juntong Deng) - net: pktgen: Fix interface flags printing (Gavrilov Ilia) - netfilter: nf_tables: revert do not remove elements if set backend implements .abort (Pablo Neira Ayuso) - netfilter: nf_tables: do not remove elements if set backend implements .abort (Pablo Neira Ayuso) - netfilter: nft_set_rbtree: .deactivate fails if element has expired (Pablo Neira Ayuso) - neighbor: tracing: Move pin6 inside CONFIG_IPV6=y section (Geert Uytterhoeven) - bonding: Return pointer to data after pull on skb (Jiri Wiesner) - net: dsa: bcm_sf2: Fix possible memory leak in bcm_sf2_mdio_register() (Jinjie Ruan) - i40e: prevent crash on probe if hw registers have invalid values (Michal Schmidt) - net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (Dan Carpenter) - ipv4: fib: annotate races around nh->nh_saddr_genid and nh->nh_saddr (Eric Dumazet) - tun: prevent negative ifindex (Eric Dumazet) - tcp: tsq: relax tcp_small_queue_check() when rtx queue contains a single skb (Eric Dumazet) - tcp: fix excessive TLP and RACK timeouts from HZ rounding (Neal Cardwell) - net: rfkill: gpio: prevent value glitch during probe (Josua Mayer) - net: ipv6: fix return value check in esp_remove_trailer (Ma Ke) - net: ipv4: fix return value check in esp_remove_trailer (Ma Ke) - xfrm: interface: use DEV_STATS_INC() (Eric Dumazet) - xfrm: fix a data-race in xfrm_gen_index() (Eric Dumazet) - qed: fix LL2 RX buffer allocation (Manish Chopra) - ASoC: codecs: wcd938x: fix unbind tear down order (Johan Hovold) - ASoC: codecs: wcd938x: drop bogus bind error handling (Johan Hovold) - ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (Johan Hovold) - ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (Johan Hovold) - drm/i915: Retry gtt fault when out of fence registers (Ville Syrjala) - netfilter: nft_payload: fix wrong mac header matching (Florian Westphal) - fs/ntfs3: fix deadlock in mark_as_free_ex (Konstantin Komarov) - fs/ntfs3: fix panic about slab-out-of-bounds caused by ntfs_list_ea() (Zeng Heng) - fs/ntfs3: Fix possible null-pointer dereference in hdr_find_e() (Ziqi Zhao) - tcp: check mptcp-level constraints for backlog coalescing (Paolo Abeni) - x86/sev: Check for user-space IOIO pointing to kernel space (Joerg Roedel) [Orabug: 35959905] {CVE-2023-46813} - x86/sev: Check IOBM for IOIO exceptions from user-space (Joerg Roedel) [Orabug: 35959905] {CVE-2023-46813} - x86/sev: Disable MMIO emulation from user mode (Borislav Petkov (AMD)) - KVM: x86: Mask LVTPC when handling a PMI (Jim Mattson) - regmap: fix NULL deref on lookup (Johan Hovold) - nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (Krzysztof Kozlowski) - ice: reset first in crash dump kernels (Jesse Brandeburg) - ice: fix over-shifted variable (Jesse Brandeburg) - Bluetooth: avoid memcmp() out of bounds warning (Arnd Bergmann) - Bluetooth: hci_event: Fix coding style (Luiz Augusto von Dentz) - Bluetooth: vhci: Fix race when opening vhci device (Arkadiusz Bokowy) - Bluetooth: Fix a refcnt underflow problem for hci_conn (Ziyang Xuan) - Bluetooth: Reject connection with the device which has same BD_ADDR (Lee, Chun-Yi) [Orabug: 35959595] {CVE-2020-26555} - Bluetooth: hci_event: Ignore NULL link key (Lee, Chun-Yi) - xfs: don't expose internal symlink metadata buffers to the vfs (Darrick J. Wong) - Documentation: sysctl: align cells in second content column (Bagas Sanjaya) - lib/Kconfig.debug: do not enable DEBUG_PREEMPT by default (Hyeonggon Yoo) - LTS version: v5.15.136 (Jack Vogel) - eth: remove remaining copies of the NAPI_POLL_WEIGHT define (Jakub Kicinski) - usb: hub: Guard against accesses to uninitialized BOS descriptors (Ricardo Canuelo) - arm64: armv8_deprecated: fix unused-function error (Ren Zhijie) - arm64: armv8_deprecated: rework deprected instruction handling (Mark Rutland) - arm64: armv8_deprecated: move aarch32 helper earlier (Mark Rutland) - arm64: armv8_deprecated move emulation functions (Mark Rutland) - arm64: armv8_deprecated: fold ops into insn_emulation (Mark Rutland) - arm64: rework EL0 MRS emulation (Mark Rutland) - arm64: factor insn read out of call_undef_hook() (Mark Rutland) - arm64: factor out EL1 SSBS emulation hook (Mark Rutland) - arm64: split EL0/EL1 UNDEF handlers (Mark Rutland) - arm64: allow kprobes on EL0 handlers (Mark Rutland) - arm64: rework BTI exception handling (Mark Rutland) - arm64: rework FPAC exception handling (Mark Rutland) - arm64: consistently pass ESR_ELx to die() (Mark Rutland) - arm64: die(): pass 'err' as long (Mark Rutland) - arm64: report EL1 UNDEFs better (Mark Rutland) - powerpc/64e: Fix wrong test in __ptep_test_and_clear_young() (Christophe Leroy) - powerpc/8xx: Fix pte_access_permitted() for PAGE_NONE (Christophe Leroy) - dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (Duoming Zhou) - dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (Rex Zhang) - x86/alternatives: Disable KASAN in apply_alternatives() (Kirill A. Shutemov) - usb: cdnsp: Fixes issue with dequeuing not queued requests (Pawel Laszczak) - usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (Krishna Kurapati) - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (Piyush Mehta) - counter: microchip-tcb-capture: Fix the use of internal GCLK logic (Dharma Balasubiramani) - pinctrl: avoid unsafe code pattern in find_pinctrl() (Dmitry Torokhov) - cgroup: Remove duplicates in cgroup v1 tasks file (Michal Koutny) - tee: amdtee: fix use-after-free vulnerability in amdtee_close_session (Rijo Thomas) - Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case (Hans de Goede) - Input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table (Szilard Fabian) - Input: xpad - add PXN V900 support (Matthias Berndt) - Input: psmouse - fix fast_reconnect function for PS/2 mode (Jeffery Miller) - Input: powermate - fix use-after-free in powermate_config_complete (Javier Carrasco) - ceph: fix type promotion bug on 32bit systems (Dan Carpenter) - ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (Xiubo Li) - libceph: use kernel_connect() (Jordan Rife) - thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (Mika Westerberg) - thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge (Mika Westerberg) - mcb: remove is_added flag from mcb_device struct (Jorge Sanjuan Garcia) - x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (Borislav Petkov (AMD)) - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (Hans de Goede) - drm/amd/display: Don't set dpms_off for seamless boot (Daniel Miess) - drm/amdgpu: add missing NULL check (Christian Konig) - iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (Alexander Zangerl) - iio: pressure: dps310: Adjust Timeout Settings (Lakshmi Yadlapati) - iio: pressure: bmp280: Fix NULL pointer exception (Phil Elwell) - usb: musb: Modify the 'HWVers' register address (Xingxing Luo) - usb: musb: Get the musb_qh poniter after musb_giveback (Xingxing Luo) - usb: dwc3: Soft reset phy on probe for host (Thinh Nguyen) - net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (Javier Carrasco) - usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (Wesley Cheng) - xhci: Keep interrupt disabled in initialization until host is running. (Hongyu Xie) - dmaengine: stm32-mdma: abort resume if no ongoing transfer (Amelie Delaunay) - media: mtk-jpeg: Fix use after free bug due to uncanceled work (Zheng Wang) - workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask() (Waiman Long) - nfc: nci: assert requested protocol is valid (Jeremy Cline) - pinctrl: renesas: rzn1: Enable missing PINMUX (Ralph Siemsen) - net/smc: Fix pos miscalculation in statistics (Nils Hoppmann) - net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (Eric Dumazet) - net/mlx5e: Again mutually exclude RX-FCS and RX-port-timestamp (Will Mortensen) - ixgbe: fix crash with empty VF macvlan list (Dan Carpenter) - net: phy: mscc: macsec: reject PN update requests (Radu Pirea (NXP OSS)) - net: macsec: indicate next pn update when offloading (Radu Pirea (NXP OSS)) - bpf: Fix verifier log for async callback return values (David Vernet) - drm/vmwgfx: fix typo of sizeof argument (Konstantin Meskhidze) - riscv, bpf: Sign-extend return values (Bjorn Topel) - riscv, bpf: Factor out emit_call for kernel and bpf context (Pu Lehui) - xen-netback: use default TX queue size for vifs (Roger Pau Monne) - eth: remove copies of the NAPI_POLL_WEIGHT define (Jakub Kicinski) - mlxsw: fix mlxsw_sp2_nve_vxlan_learning_set() return type (Dan Carpenter) - ieee802154: ca8210: Fix a potential UAF in ca8210_probe (Dinghao Liu) - ravb: Fix use-after-free issue in ravb_tx_timeout_work() (Yoshihiro Shimoda) [Orabug: 35959875] {CVE-2023-35827} - ravb: Fix up dma_free_coherent() call in ravb_remove() (Yoshihiro Shimoda) - drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (Abhinav Kumar) - drm/msm/dsi: fix irq_of_parse_and_map() error checking (Dan Carpenter) - drm/msm/dsi: skip the wait for video mode done if not applicable (Abhinav Kumar) - drm/msm/dp: do not reinitialize phy unless retry during link training (Kuogee Hsieh) - KEYS: trusted: Remove redundant static calls usage (Sumit Garg) - KEYS: trusted: allow use of kernel RNG for key material (Ahmad Fatoum) - ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (WhaleChang) - HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (Hans de Goede) - platform/x86: hp-wmi:: Mark driver struct with __refdata to prevent section mismatch warning (Uwe Kleine-Konig) - platform/x86: think-lmi: Fix reference leak (Armin Wolf) - of: overlay: Reorder struct fragment fields kerneldoc (Geert Uytterhoeven) - perf/arm-cmn: Fix the unhandled overflow status of counter 4 to 7 (Jing Zhang) - RDMA/cxgb4: Check skb value for failure to allocate (Artem Chernyshev) - RDMA/srp: Do not call scsi_done() from srp_abort() (Bart Van Assche) - scsi: ib_srp: Call scsi_done() directly (Bart Van Assche) - scsi: core: Rename scsi_mq_done() into scsi_done() and export it (Bart Van Assche) - iommu/vt-d: Avoid memory allocation in iommu_suspend() (Zhang Rui) [5.15.0-203.135.1] - uek-rpm: Enable CONFIG_IPV6_SEG6_BPF in UEK7U2 (Harshit Mogalapalli) [Orabug: 35972825] - rds: ib: Make changes to fr_state global visible (Hakon Bugge) [Orabug: 35739203] - x86/cpu: Add Xeon Emerald Rapids to list of CPUs that support PPIN (Tony Luck) [Orabug: 35853636] - EDAC/i10nm: Add Intel Emerald Rapids server support (Qiuxu Zhuo) [Orabug: 35853636] - intel_idle: add Emerald Rapids Xeon support (Artem Bityutskiy) [Orabug: 35853636] - powercap: intel_rapl: add support for Emerald Rapids (Zhang Rui) [Orabug: 35853636] - perf/x86/intel/cstate: Add Emerald Rapids (Kan Liang) [Orabug: 35853636] - perf/x86/cstate: Add SAPPHIRERAPIDS_X CPU support (Zhang Rui) [Orabug: 35853636] - perf/x86/cstate: Add Raptor Lake support (Kan Liang) [Orabug: 35853636] - perf/x86/rapl: Add support for Intel Emerald Rapids (Zhang Rui) [Orabug: 35853636] - perf/x86/rapl: Add support for Intel Meteor Lake (Zhang Rui) [Orabug: 35853636] - perf/x86/rapl: Add support for Intel Raptor Lake (Zhang Rui) [Orabug: 35853636] - perf/x86/rapl: Add support for Intel AlderLake-N (Zhang Rui) [Orabug: 35853636] - platform/x86: intel-uncore-freq: add Emerald Rapids support (Artem Bityutskiy) [Orabug: 35853636] - platform/x86/intel/uncore-freq: Move to uncore-frequency folder (Srinivas Pandruvada) [Orabug: 35853636] - x86/cpu: Add CPU model numbers for Meteor Lake (Tony Luck) [Orabug: 35853636] - x86/cpu: Add new Raptor Lake CPU model number (Tony Luck) [Orabug: 35853636] - x86/cpu: Add new Alderlake and Raptorlake CPU model numbers (Tony Luck) [Orabug: 35853636] - x86/cpu: Drop spurious underscore from RAPTOR_LAKE #define (Tony Luck) [Orabug: 35853636] - x86/cpu: Add Raptor Lake to Intel family (Tony Luck) [Orabug: 35853636] - eth: bnxt: handle invalid Tx completions more gracefully (Jakub Kicinski) [Orabug: 36075753] - bonding: move IFLA_ARP_ALLSLAVES to the end of the enum list (Venkat Venkatsubra) [Orabug: 36083015] - bonding: add new option ns_ip6_target (Hangbin Liu) [Orabug: 36083015] - bonding: add new parameter ns_targets (Hangbin Liu) [Orabug: 36083015] - bonding: add extra field for bond_opt_value (Hangbin Liu) [Orabug: 36083015] - Bonding: split bond_handle_vlan from bond_arp_send (Hangbin Liu) [Orabug: 36083015] - ipv6: separate ndisc_ns_create() from ndisc_send_ns() (Hangbin Liu) [Orabug: 36083015] - uek-rpm: update all arch and OL kABI files for new symbols (Yifei Liu) [Orabug: 36090167] - xfs: try to avoid allocation blocking on busy extents (Mark Tinguely) [Orabug: 36096907] - iommu/amd: Do not flush IRTE when only updating isRun and destination fields (Suravee Suthikulpanit) [Orabug: 36101188] - tcp: Tunables for TCP delayed ack (min and max) timers (Venkat Venkatsubra) [Orabug: 36114420] - tcp: fix ambiguity for SACKed TLP retransmits with RTT < min_rtt (Neal Cardwell) [Orabug: 36114420] - vhost-scsi: add parentheses to macro of VHOST_SCSI_MAX_VQ (Dongli Zhang) [Orabug: 36119640] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2020-26555 CVE-2023-6111 CVE-2023-35827 CVE-2023-25775 CVE-2023-46813 CVE-2023-6622 cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:linux:8::UEKR7 cpe:/a:oracle:linux:9::UEKR7 cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 8 Oracle Linux 9 [5.15.0-204.147.6.2] - smb3: Replace smb2pdu 1-element arrays with flex-arrays (Kees Cook) [Orabug: 36353543] - hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed (Shradha Gupta) [Orabug: 36358874] - hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove (Souradeep Chakrabarti) - hv_netvsc: Calculate correct ring size when PAGE_SIZE is not 4 Kbytes (Michael Kelley) - netfilter: ipset: Missing gc cancellations fixed (Jozsef Kadlecsik) - netfilter: ipset: fix performance regression in swap operation (Jozsef Kadlecsik) - netfilter: nft_set_rbtree: skip end interval element from gc (Pablo Neira Ayuso) - netfilter: nf_tables: set dormant flag on hook register failure (Florian Westphal) [5.15.0-204.147.6.1] - arm64: Minimize tlb flush due to vttbr writes on AmpereOne (Ganapatrao Kulkarni) [Orabug: 36359078] [5.15.0-204.147.6] - keys, dns: Fix size check of V1 server-list header (David Howells) - net/rds: Supporting SIOCOUTQ to read pending sends (Devesh Sharma) [Orabug: 34460809] - KVM: x86: smm: preserve interrupt shadow in SMRAM (Maxim Levitsky) [Orabug: 36171472] [5.15.0-204.147.5] - tcp: fix excessive TLP and RACK timeouts from HZ rounding (Neal Cardwell) [Orabug: 36289786] - uek-rpm: Make few builtin options to modules back -- hardening (Harshit Mogalapalli) [Orabug: 36196579] - iommufd/iova_bitmap: Consider page offset for the pages to be pinned (Joao Martins) [Orabug: 36197723] - iommufd/iova_bitmap: Handle recording beyond the mapped pages (Joao Martins) [Orabug: 36197723] - iommufd/iova_bitmap: Switch iova_bitmap::bitmap to an u8 array (Joao Martins) [Orabug: 36197723] - iommufd/iova_bitmap: Bounds check mapped::pages access (Joao Martins) [Orabug: 36197723] - Revert 'iommu/amd: Improve dirty read io-pgtable walker' (Joao Martins) [Orabug: 36197723] [5.15.0-204.147.4] - uek-rpm: Disable MCORE2 in container kernel configs (Harshit Mogalapalli) [Orabug: 36267828] - md: fix regression for null-ptr-deference in __md_stop() (Yu Kuai) [Orabug: 36230125] - md: Free resources in __md_stop (Xiao Ni) [Orabug: 36230125] - md: Change active_io to percpu (Xiao Ni) [Orabug: 36230125] - md: Factor out is_md_suspended helper (Xiao Ni) [Orabug: 36230125] - hwmon: (opbmc) E6/AST2600 platform enabled (Jan Zdarek) [Orabug: 36222931] [5.15.0-204.147.3] - Revert 'tcp: fix excessive TLP and RACK timeouts from HZ rounding' (Sherry Yang) [Orabug: 36241828] - mm: avoid heavy swap lock contention when unmapping with padata (Anthony Yznaga) [Orabug: 36073084] - mm: use less threads when unmapping some large VMAs (Anthony Yznaga) [Orabug: 36073084] - crypto: qat - add NULL pointer check (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - fix mutex ordering in adf_rl (Damian Muszynski) [Orabug: 36156923] - crypto: qat - fix error path in add_update_sla() (Damian Muszynski) [Orabug: 36156923] - crypto: qat - add sysfs_added flag for rate limiting (Damian Muszynski) [Orabug: 36156923] - crypto: qat - add sysfs_added flag for ras (Damian Muszynski) [Orabug: 36156923] - crypto: qat - prevent underflow in rp2srv_store() (Dan Carpenter) [Orabug: 36156923] - Documentation: ABI: debugfs-driver-qat: fix fw_counters path (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - move adf_cfg_services (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - add num_rps sysfs attribute (Ciunas Bennett) [Orabug: 36156923] - crypto: qat - add rp2svc sysfs attribute (Ciunas Bennett) [Orabug: 36156923] - crypto: qat - add rate limiting sysfs interface (Ciunas Bennett) [Orabug: 36156923] - crypto: qat - add rate limiting feature to qat_4xxx (Damian Muszynski) [Orabug: 36156923] - units: add missing header (Andy Shevchenko) [Orabug: 36156923] - units: Add BYTES_PER_*BIT (Damian Muszynski) [Orabug: 36156923] - crypto: qat - add retrieval of fw capabilities (Damian Muszynski) [Orabug: 36156923] - crypto: qat - add bits.h to icp_qat_hw.h (Damian Muszynski) [Orabug: 36156923] - crypto: qat - move admin api (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - fix ring to service map for QAT GEN4 (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - use masks for AE groups (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - refactor fw config related functions (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - count QAT GEN4 errors (Shashank Gupta) [Orabug: 36156923] - crypto: qat - add error counters (Shashank Gupta) [Orabug: 36156923] - crypto: qat - add handling of errors from ERRSOU3 for QAT GEN4 (Shashank Gupta) [Orabug: 36156923] - crypto: qat - add adf_get_aram_base() helper function (Shashank Gupta) [Orabug: 36156923] - crypto: qat - add handling of compression related errors for QAT GEN4 (Shashank Gupta) [Orabug: 36156923] - crypto: qat - add handling of errors from ERRSOU2 for QAT GEN4 (Shashank Gupta) [Orabug: 36156923] - crypto: qat - add reporting of errors from ERRSOU1 for QAT GEN4 (Shashank Gupta) [Orabug: 36156923] - crypto: qat - add reporting of correctable errors for QAT GEN4 (Shashank Gupta) [Orabug: 36156923] - crypto: qat - add infrastructure for error reporting (Shashank Gupta) [Orabug: 36156923] - crypto: qat - fix double free during reset (Svyatoslav Pankratov) [Orabug: 36156923] - crypto: qat - add cnv_errors debugfs file (Lucas Segarra Fernandez) [Orabug: 36156923] - crypto: qat - add pm_status debugfs file (Lucas Segarra Fernandez) [Orabug: 36156923] - crypto: qat - refactor included headers (Lucas Segarra Fernandez) [Orabug: 36156923] - crypto: qat - add namespace to driver (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - Remove zlib-deflate (Herbert Xu) [Orabug: 36156923] - crypto: qat - enable dc chaining service (Adam Guerin) [Orabug: 36156923] - crypto: qat - consolidate services structure (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - fix unregistration of compression algorithms (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - fix unregistration of crypto algorithms (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - ignore subsequent state up commands (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - do not shadow error code (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - fix state machines cleanup paths (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - refactor deprecated strncpy (Justin Stitt) [Orabug: 36156923] - crypto: qat - Use list_for_each_entry() helper (Jinjie Ruan) [Orabug: 36156923] - crypto: qat - fix crypto capability detection for 4xxx (Adam Guerin) [Orabug: 36156923] - crypto: qat - Remove unused function declarations (Yue Haibing) [Orabug: 36156923] - crypto: qat - use kfree_sensitive instead of memset/kfree() (Yang Yingliang) [Orabug: 36156923] - crypto: qat - replace the if statement with min() (You Kangren) [Orabug: 36156923] - crypto: qat - add heartbeat counters check (Damian Muszynski) [Orabug: 36156923] - crypto: qat - add heartbeat feature (Damian Muszynski) [Orabug: 36156923] - crypto: qat - add measure clock frequency (Damian Muszynski) [Orabug: 36156923] - crypto: qat - drop obsolete heartbeat interface (Damian Muszynski) [Orabug: 36156923] - crypto: qat - add internal timer for qat 4xxx (Damian Muszynski) [Orabug: 36156923] - crypto: qat - add fw_counters debugfs file (Lucas Segarra Fernandez) [Orabug: 36156923] - crypto: qat - change value of default idle filter (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - do not export adf_init_admin_pm() (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - expose pm_idle_enabled through sysfs (Lucas Segarra Fernandez) [Orabug: 36156923] - crypto: qat - extend configuration for 4xxx (Adam Guerin) [Orabug: 36156923] - Documentation: qat: change kernel version (Meadhbh) [Orabug: 36156923] - Documentation: qat: rewrite description (Bagas Sanjaya) [Orabug: 36156923] - Documentation: qat: Use code block for qat sysfs example (Bagas Sanjaya) [Orabug: 36156923] - crypto: qat - refactor fw config logic for 4xxx (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - make fw images name constant (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - move returns to default case (Adam Guerin) [Orabug: 36156923] - crypto: qat - update slice mask for 4xxx devices (Karthikeyan Gopal) [Orabug: 36156923] - crypto: qat - set deprecated capabilities as reserved (Karthikeyan Gopal) [Orabug: 36156923] - crypto: qat - add missing function declaration in adf_dbgfs.h (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - move dbgfs init to separate file (Damian Muszynski) [Orabug: 36156923] - crypto: qat - Move driver to drivers/crypto/intel/qat (Tom Zanussi) [Orabug: 36156923] - crypto: qat - drop redundant adf_enable_aer() (Bjorn Helgaas) [Orabug: 36156923] - crypto: qat - simplify adf_enable_aer() (Uwe Kleine-Konig) [Orabug: 36156923] - crypto: qat - fix apply custom thread-service mapping for dc service (Shashank Gupta) [Orabug: 36156923] - crypto: qat - add support for 402xx devices (Damian Muszynski) [Orabug: 36156923] - crypto: qat - make state machine functions static (Shashank Gupta) [Orabug: 36156923] - crypto: qat - refactor device restart logic (Shashank Gupta) [Orabug: 36156923] - crypto: qat - replace state machine calls (Shashank Gupta) [Orabug: 36156923] - crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (Shashank Gupta) [Orabug: 36156923] - crypto: qat - fix concurrency issue when device state changes (Shashank Gupta) [Orabug: 36156923] - crypto: qat - expose device config through sysfs for 4xxx (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - delay sysfs initialization (Shashank Gupta) [Orabug: 36156923] - crypto: qat - Include algapi.h for low-level Crypto API (Herbert Xu) [Orabug: 36156923] - crypto: qat - Use request_complete helpers (Herbert Xu) [Orabug: 36156923] - crypto: qat - add qat_zlib_deflate (Lucas Segarra Fernandez) [Orabug: 36156923] - crypto: qat - extend buffer list logic interface (Lucas Segarra Fernandez) [Orabug: 36156923] - crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (Meadhbh Fitzpatrick) [Orabug: 36156923] - crypto: qat - add limit to linked list parsing (Adam Guerin) [Orabug: 36156923] - crypto: qat - add check to validate firmware images (Srinivas Kerekare) [Orabug: 36156923] - crypto: qat - relocate and rename adf_sriov_prepare_restart() (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - change behaviour of adf_cfg_add_key_value_param() (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - Removes the x86 dependency on the QAT drivers (Yoan Picchi) [Orabug: 36156923] - crypto: qat - Fix unsigned function returning negative constant (Haowen Bai) [Orabug: 36156923] - crypto: qat - remove line wrapping for pfvf_ops functions (Marco Chiappero) [Orabug: 36156923] - crypto: qat - use u32 variables in all GEN4 pfvf_ops (Marco Chiappero) [Orabug: 36156923] - crypto: qat - replace disable_vf2pf_interrupts() (Marco Chiappero) [Orabug: 36156923] - crypto: qat - leverage the GEN2 VF mask definiton (Marco Chiappero) [Orabug: 36156923] - crypto: qat - rework the VF2PF interrupt handling logic (Marco Chiappero) [Orabug: 36156923] - crypto: qat - fix off-by-one error in PFVF debug print (Marco Chiappero) [Orabug: 36156923] - crypto: qat - fix wording and formatting in code comment (Marco Chiappero) [Orabug: 36156923] - crypto: qat - test PFVF registers for spurious interrupts on GEN4 (Marco Chiappero) [Orabug: 36156923] - crypto: qat - add check for invalid PFVF protocol version 0 (Wojciech Ziemba) [Orabug: 36156923] - crypto: qat - add missing restarting event notification in VFs (Marco Chiappero) [Orabug: 36156923] - crypto: qat - remove unnecessary tests to detect PFVF support (Marco Chiappero) [Orabug: 36156923] - crypto: qat - remove unused PFVF stubs (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - remove unneeded braces (Marco Chiappero) [Orabug: 36156923] - crypto: qat - fix ETR sources enabled by default on GEN2 devices (Marco Chiappero) [Orabug: 36156923] - crypto: qat - stop using iommu_present() (Robin Murphy) [Orabug: 36156923] - crypto: qat - remove unneeded assignment (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - don't cast parameter in bit operations (Andy Shevchenko) [Orabug: 36156923] - Revert 'selftests/bpf: Test tail call counting with bpf2bpf and data on stack' (Samasth Norway Ananda) [Orabug: 36204961] - netfilter: nf_tables: check if catch-all set element is active in next generation (Pablo Neira Ayuso) [Orabug: 36250951] {CVE-2024-1085} [5.15.0-204.147.2] - LTS version: v5.15.147 (Vijayendra Suman) - net: usb: ax88179_178a: move priv to driver_priv (Justin Chen) - net: usb: ax88179_178a: remove redundant init code (Justin Chen) - tracing/kprobes: Fix symbol counting logic by looking at modules as well (Andrii Nakryiko) - kallsyms: Make module_kallsyms_on_each_symbol generally available (Jiri Olsa) - netfilter: nf_tables: Reject tables of unsupported family (Phil Sutter) - perf inject: Fix GEN_ELF_TEXT_OFFSET for jit (Adrian Hunter) - ipv6: remove max_size check inline with ipv4 (Jon Maxwell) - net: tls, update curr on splice as well (John Fastabend) - mmc: sdhci-sprd: Fix eMMC init failure after hw reset (Wenchao Chen) - mmc: core: Cancel delayed work before releasing host (Geert Uytterhoeven) - mmc: rpmb: fixes pause retune on all RPMB partitions. (Jorge Ramirez-Ortiz) - mmc: meson-mx-sdhc: Fix initialization frozen issue (Ziyang Huang) - mm: fix unmap_mapping_range high bits shift bug (Jiajun Xie) - x86/kprobes: fix incorrect return address calculation in kprobe_emulate_call_indirect (Jinghao Jia) - firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards (Takashi Sakamoto) - mm/memory-failure: check the mapcount of the precise page (Matthew Wilcox (Oracle)) - selftests: secretmem: floor the memory size to the multiple of page_size (Muhammad Usama Anjum) - net: Implement missing SO_TIMESTAMPING_NEW cmsg support (Thomas Lange) - bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters() (Michael Chan) - asix: Add check for usbnet_get_endpoints (Chen Ni) - octeontx2-af: Re-enable MAC TX in otx2_stop processing (Naveen Mamindlapalli) - octeontx2-af: Always configure NIX TX link credits based on max frame size (Naveen Mamindlapalli) - octeontx2-af: Set NIX link credits based on max LMAC (Sunil Goutham) - octeontx2-af: Don't enable Pause frames by default (Hariprasad Kelam) - net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues (Dinghao Liu) - igc: Fix hicredit calculation (Rodrigo Cataldo) - i40e: Restore VF MSI-X state during PCI reset (Andrii Staikov) - ASoC: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux (Mark Brown) - ASoC: meson: g12a-toacodec: Fix event generation (Mark Brown) - ASoC: meson: g12a-tohdmitx: Validate written enum values (Mark Brown) - ASoC: meson: g12a-toacodec: Validate written enum values (Mark Brown) - i40e: fix use-after-free in i40e_aqc_add_filters() (Ke Xiao) - net: Save and restore msg_namelen in sock_sendmsg (Marc Dionne) - netfilter: nft_immediate: drop chain reference counter on error (Pablo Neira Ayuso) - net: bcmgenet: Fix FCS generation for fragmented skbuffs (Adrian Cinal) - sfc: fix a double-free bug in efx_probe_filters (Zhipeng Lu) - ARM: sun9i: smp: Fix array-index-out-of-bounds read in sunxi_mc_smp_init (Stefan Wahren) - net-timestamp: extend SOF_TIMESTAMPING_OPT_ID to HW timestamps (Vadim Fedorenko) - can: raw: add support for SO_MARK (Marc Kleine-Budde) - can: raw: add support for SO_TXTIME/SCM_TXTIME (Marc Kleine-Budde) - net: Implement missing getsockopt(SO_TIMESTAMPING_NEW) (Jorn-Thorben Hinz) - r8169: Fix PCI error on system resume (Kai-Heng Feng) - net: sched: em_text: fix possible memory leak in em_text_destroy() (Hangyu Hua) - mlxbf_gige: fix receive packet race condition (David Thompson) - ASoC: fsl_rpmsg: Fix error handler with pm_runtime_enable (Chancel Liu) - igc: Check VLAN EtherType mask (Kurt Kanzenbach) - igc: Check VLAN TCI mask (Kurt Kanzenbach) - igc: Report VLAN EtherType matching back to user (Kurt Kanzenbach) - i40e: Fix filter input checks to prevent config with invalid values (Sudheer Mogilappagari) - drm/i915/dp: Fix passing the correct DPCD_REV for drm_dp_set_phy_test_pattern (Khaled Almahallawy) - octeontx2-af: Fix marking couple of structure as __packed (Suman Ghosh) - nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local (Siddh Raman Pant) - drm/bridge: ti-sn65dsi86: Never store more than msg->size bytes in AUX xfer (Douglas Anderson) - Revert 'PCI/ASPM: Remove pcie_aspm_pm_state_change()' (Bjorn Helgaas) - ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP ProBook 440 G6 (Siddhesh Dharme) - block: Don't invalidate pagecache for invalid falloc modes (Sarthak Kukreti) [5.15.0-204.146.1] - uek-rpm: Update the kABI files for new symbol (Yifei Liu) [Orabug: 36183477] - x86: KVM: SVM: refresh AVIC inhibition in svm_leave_nested() (Maxim Levitsky) [Orabug: 36183624] - KVM: x86: SVM: allow AVIC to co-exist with a nested guest running (Maxim Levitsky) [Orabug: 36183624] - KVM: x86: allow per cpu apicv inhibit reasons (Maxim Levitsky) [Orabug: 36183624] - rds: Add count for ready receive cache (Hans Westgaard Ry) [Orabug: 36186035] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1085 cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:linux:8::UEKR7 cpe:/a:oracle:linux:9::UEKR7 cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 conmon [2.1.3-8] - address CVE-2023-39326 cri-o [1.26.4-1] - Added Oracle Specific Files for cri-o - Cherry-picked upstream commits for OCPBUGS-17150: oci: simplify stopping code https://github.com/cri-o/cri-o/pull/7185 - Fixed CVE-2023-39325: bump golang.org/x/net to v0.17.0 cri-tools [1.26.1-4] - Address CVE-2023-39326 etcd [3.5.9-3] - Address CVE-2023-39326 by upgrading golang to version 1.20.12 flannel-cni-plugin [1.2.0-3] - Build for aarch64 [1.2.0-2] - Rebuild with golang 1.20.12 [1.2.0-1] - Added Oracle specific build files for Flannel CNI Plugins - Address CVE-2023-44487 and CVE-2023-39325 helm [3.12.0-4] - address CVE-2023-39326 by updating golang version to 1.20.12 istio [1.17.8-2] - Address CVE-2023-39326 kata [1.12.1-17] - Include OL9 for kernel-uek-container (currently in UEKR7_developer_preview) [1.12.1-16] - Rebuild with golang 1.20.12 [1.12.1-15] - Updated for kubernetes 1.27 and 1.28 kata-agent [1.12.1-11] - Rebuild with -11 tag [1.12.1-10] - Updated Golang to 1.20.12 to address CVE CVE-2023-39326 kata-image [1.12.1-11] - Rebuild with -11 tag [1.12.1-10] - Updated Golang to 1.20.12 to address CVE CVE-2023-39326 kata-ksm-throttler [1.12.1-11] - Rebuild with -11 tag [1.12.1-10] - Updated Golang to 1.20.12 to address CVE CVE-2023-39326 kata-proxy [1.12.1-11] - Rebuild with -11 tag [1.12.1-10] - Updated Golang to 1.20.12 to address CVE CVE-2023-39326 kata-runtime [1.12.1-11] - Rebuild with -11 tag [1.12.1-10] - Updated Golang to 1.20.12 to address CVE CVE-2023-39326 kata-shim [1.12.1-11] - Rebuild with -11 tag [1.12.1-10] - Updated Golang to 1.20.12 to address CVE CVE-2023-39326 kubernetes [1.26.10-3] - Build with golang 1.20.12 kubernetes-cni [1.1.2-4] - Address CVE-2023-39326, update golang version to 1.20.12 kubernetes-cni-plugins [1.2.0-6] - Rebuild with golang 1.20.12 [1.2.0-5] - update flannel-cni-plugin to 1.2.0 kubevirt [0.58.0-5] - Updated to address CVE-2023-39326 olcne [1.7.6-5] - Fix OLM upgrade failure [1.7.6-4] - Fixed unable to deploy new module(s) using config file containing already existing modules [1.7.6-2] - Corrected olcne repo version in the prompt text of the 'olcnectl provision' command [1.7.6-1] - Update kubernetes and components to address golang CVE-2023-39326 - Update istio and components to address golang CVE-2023-39326 - Update metallb, multus-cni, kubevirt, module-operator, calico, rook to address golang CVE-2023-39326 - Update cri-o to 1.26-4 patched - add conmon resource to kubernetes module [1.7.5-22] - Fix OLM upgrade failure - same version upgrade [1.7.5-21] - Migrate ModuleOperator from verrazzano-install to ocne-modules namespace [1.7.5-20] - Update module-operator to address CVE-2023-39326 [1.7.5-19] - Updated kubevirt 0.58.0 to address CVE-2023-39326 [1.7.5-18] - Back port rebuild of calico 3.25.1 yq [4.34.1-4] - Update Golang to 1.20.12 to address CVE-2023-39326 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-39326 cpe:/a:oracle:linux:9::olcne18 cpe:/a:oracle:linux:9::olcne17 Oracle Linux 8 Oracle Linux 9 [5.15.0-204.147.6.3] - netfilter: nf_tables: reject QUEUE/DROP verdict parameters (Florian Westphal) [Orabug: 36464807] {CVE-2024-1086} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1086 cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:linux:8::UEKR7 cpe:/a:oracle:linux:9::UEKR7 cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [1.8.1-2] - Cleanup spec file [1.8.1-1] - Fix OLM upgrade failure - upgrade from 0.17.0 to 0.23.1 failed due to a couple of crds missing - Add hostpathRequiresPrivilged value to rook template cr to be passed to module operator - Fixed Istio-1.18 and Istio-1.19 installation on aarch64 architecture - Fixed unable to deploy new module(s) using config file containing already existing modules - Corrected olcne repo version in the prompt text of the 'olcnectl provision' command - Update modules and components built with golang 1.20.12 to address CVE-2023-39326 - add conmon resource to kubernetes module - Fix OLM upgrade failure - same version upgrade failure - Migrate ModuleOperator from verrazzano-install to ocne-modules namespace - Fix multiple install during provision IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-39326 cpe:/a:oracle:linux:9::olcne18 Oracle Linux 9 [1.8.1-2] - Cleanup spec file [1.8.1-1] - Fix OLM upgrade failure - upgrade from 0.17.0 to 0.23.1 failed due to a couple of crds missing - Add hostpathRequiresPrivilged value to rook template cr to be passed to module operator - Fixed Istio-1.18 and Istio-1.19 installation on aarch64 architecture - Fixed unable to deploy new module(s) using config file containing already existing modules - Corrected olcne repo version in the prompt text of the 'olcnectl provision' command - Update modules and components built with golang 1.20.12 to address CVE-2023-39326 - add conmon resource to kubernetes module - Fix OLM upgrade failure - same version upgrade failure - Migrate ModuleOperator from verrazzano-install to ocne-modules namespace - Fix multiple install during provision IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-39326 cpe:/a:oracle:linux:9::olcne18 Oracle Linux 9 - [5.14.0-362.24.1.0.1_3.OL9] - netfilter: nf_tables: reject QUEUE/DROP verdict parameters [Orabug: 36461940 ] {CVE-2024-1086} - [5.14.0-362.24.1_3.OL9] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944] - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Disable unified kernel image package build - Add Oracle Linux IMA certificates IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1086 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [5.15.0-205.149.5.1] - KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Pawan Gupta) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Add BHI mitigation knob (Pawan Gupta) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Enumerate Branch History Injection (BHI) bug (Pawan Gupta) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Define SPEC_CTRL_BHI_DIS_S (Daniel Sneddon) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Add support for clearing branch history at syscall entry (Pawan Gupta) [Orabug: 36384802] {CVE-2024-2201} - x86/cpufeature: Add missing leaf enumeration (Daniel Sneddon) [Orabug: 36384802] {CVE-2024-2201} - KVM: x86: Use a switch statement and macros in __feature_translate() (Jim Mattson) [Orabug: 36384802] {CVE-2024-2201} - KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace (Jim Mattson) [Orabug: 36384802] {CVE-2024-2201} - KVM: x86: Update KVM-only leaf handling to allow for 100% KVM-only leafs (Sean Christopherson) [Orabug: 36384802] {CVE-2024-2201} - x86/bugs: Use sysfs_emit() (Borislav Petkov) [Orabug: 36384802] {CVE-2024-2201} - x86/cpu: Support AMD Automatic IBRS (Kim Phillips) [Orabug: 36384802] {CVE-2024-2201} - Documentation/hw-vuln: Update spectre doc (Lin Yujun) [Orabug: 36384802] {CVE-2024-2201} - x86/speculation: Reorder SRSO and GDS functions (Alexandre Chartre) [Orabug: 36384802] {CVE-2024-2201} [5.15.0-205.149.5] - uek-rpm: Bluefield 3: enable lockdown mode for secure boot (Dave Kleikamp) [Orabug: 36318788] - Documentation/x86: Update split lock documentation (Tony Luck) [Orabug: 36298291] - x86/split_lock: Add sysctl to control the misery mode (Guilherme G. Piccoli) [Orabug: 36298291] - x86/split-lock: Remove unused TIF_SLD bit (Tony Luck) [Orabug: 36298291] - x86/split_lock: Make life miserable for split lockers (Tony Luck) [Orabug: 36298291] [5.15.0-205.149.4] - Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST (Luiz Augusto von Dentz) - netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() (Ignat Korchagin) - ksmbd: free aux buffer if ksmbd_iov_pin_rsp_read fails (Fedor Pchelkin) - afs: Fix endless loop in directory parsing (David Howells) - PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() (Dan Carpenter) - Revert 'drm/bridge: lt8912b: Register and attach our DSI device at probe' (Max Krummenacher) - net: usb: dm9601: fix wrong return value in dm9601_mdio_read (Javier Carrasco) - usb: dwc3: gadget: Don't disconnect if not started (Thinh Nguyen) - platform/x86: intel-vbtn: Stop calling 'VBDL' from notify_handler (Hans de Goede) - Fix null ptr in rds_tcp_recv_path (Allison Henderson) [Orabug: 35587408] - cifs: fix mid leak during reconnection after timeout threshold (Shyam Prasad N) [Orabug: 36123597] - vfio/mlx5: Activate the chunk mode functionality (Yishai Hadas) [Orabug: 36298327] - vfio/mlx5: Add support for READING in chunk mode (Yishai Hadas) [Orabug: 36298327] - vfio/mlx5: Add support for SAVING in chunk mode (Yishai Hadas) [Orabug: 36298327] - vfio/mlx5: Pre-allocate chunks for the STOP_COPY phase (Yishai Hadas) [Orabug: 36298327] - vfio/mlx5: Rename some stuff to match chunk mode (Yishai Hadas) [Orabug: 36298327] - vfio/mlx5: Enable querying state size which is > 4GB (Yishai Hadas) [Orabug: 36298327] - vfio/mlx5: Refactor the SAVE callback to activate a work only upon an error (Yishai Hadas) [Orabug: 36298327] - vfio/mlx5: Wake up the reader post of disabling the SAVING migration file (Yishai Hadas) [Orabug: 36298327] - net/mlx5: Introduce ifc bits for migration in a chunk mode (Yishai Hadas) [Orabug: 36298327] - af_unix: Drop oob_skb ref before purging queue in GC. (Kuniyuki Iwashima) [Orabug: 36375407] - hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed (Shradha Gupta) [Orabug: 36379479] [5.15.0-205.149.3] - net/rds: print PPID/COMM of process doing user reset on RDS connection (Juan Garcia) [Orabug: 36248460] - platform/mellanox: mlxbf-pmc: Fix offset calculation for crspace events (Shravan Kumar Ramani) [Orabug: 36299543] - platform/mellanox: mlxbf-tmfifo: Drop Tx network packet when Tx TmFIFO is full (Liming Sun) [Orabug: 36299543] - platform/mellanox: mlxbf-tmfifo: Remove unnecessary bool conversion (Jules Irenge) [Orabug: 36299543] - power: reset: pwr-mlxbf: support graceful reboot instead of emergency reset (Asmaa Mnebhi) [Orabug: 36299543] - platform/mellanox: tmfifo: fix kernel-doc warnings (Randy Dunlap) [Orabug: 36299543] - platform/mellanox: mlxbf-tmfifo: Convert to platform remove callback returning void (Uwe Kleine-Konig) [Orabug: 36299543] - platform/mellanox: mlxbf-pmc: Add support for BlueField-3 (Shravan Kumar Ramani) [Orabug: 36299543] - pwr-mlxbf: extend Kconfig to include gpio-mlxbf3 dependency (David Thompson) [Orabug: 36299543] - pinctrl: mlxbf3: Remove gpio_disable_free() (Asmaa Mnebhi) [Orabug: 36299543] - gpio: mlxbf3: use capital 'OR' for multiple licenses in SPDX (Krzysztof Kozlowski) [Orabug: 36299543] - pinctrl: use capital 'OR' for multiple licenses in SPDX (Krzysztof Kozlowski) [Orabug: 36299543] - gpio: mlxbf3: Support add_pin_ranges() (Asmaa Mnebhi) [Orabug: 36299543] - uek: kabi: Add two new exported kABI symbols for ACFS and EDV (Saeed Mirzamohammadi) [Orabug: 36303821] - uek-rpm: Update the aarch64 kABI files for new symbol (Yifei Liu) [Orabug: 36323808] - arm64: Minimize tlb flush due to vttbr writes on AmpereOne (Ganapatrao Kulkarni) [Orabug: 36349790] [5.15.0-205.149.2] - LTS version: v5.15.149 (Vijayendra Suman) - usb: dwc3: gadget: Ignore End Transfer delay on teardown (Thinh Nguyen) - media: Revert 'media: rkisp1: Drop IRQF_SHARED' (Tomi Valkeinen) - usb: dwc3: gadget: Execute gadget stop after halting the controller (Wesley Cheng) - usb: dwc3: gadget: Don't delay End Transfer on delayed_status (Thinh Nguyen) - staging: fbtft: core: set smem_len before fb_deferred_io_init call (Peter Suti) - smb3: Replace smb2pdu 1-element arrays with flex-arrays (Kees Cook) - fs/ntfs3: Add null pointer checks (Konstantin Komarov) - net: bcmgenet: Fix EEE implementation (Florian Fainelli) - drm/msm/dsi: Enable runtime PM (Konrad Dybcio) - PM: runtime: Have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend() (Douglas Anderson) - dm: limit the number of targets and parameter size area (Mikulas Patocka) - nilfs2: replace WARN_ONs for invalid DAT metadata block requests (Ryusuke Konishi) - nilfs2: fix potential bug in end_buffer_async_write (Ryusuke Konishi) - sched/membarrier: reduce the ability to hammer on sys_membarrier (Linus Torvalds) - netfilter: ipset: Missing gc cancellations fixed (Jozsef Kadlecsik) - net: prevent mss overflow in skb_segment() (Eric Dumazet) - hrtimer: Ignore slack time for RT tasks in schedule_hrtimeout_range() (Davidlohr Bueso) - netfilter: ipset: fix performance regression in swap operation (Jozsef Kadlecsik) - scripts/decode_stacktrace.sh: optionally use LLVM utilities (Carlos Llamas) - scripts: decode_stacktrace: demangle Rust symbols (Miguel Ojeda) - scripts/decode_stacktrace.sh: support old bash version (Schspa Shi) - fbdev: flush deferred IO before closing (Nam Cao) - fbdev: Fix incorrect page mapping clearance at fb_deferred_io_release() (Takashi Iwai) - fbdev: Fix invalid page access after closing deferred I/O devices (Takashi Iwai) - fbdev: Rename pagelist to pagereflist for deferred I/O (Thomas Zimmermann) - fbdev: Track deferred-I/O pages in pageref struct (Thomas Zimmermann) - fbdev: defio: fix the pagelist corruption (Chuansheng Liu) - fbdev: Don't sort deferred-I/O pages by default (Thomas Zimmermann) - fbdev/defio: Early-out if page is already enlisted (Thomas Zimmermann) - serial: 8250_exar: Set missing rs485_supported flag (Lino Sanfilippo) - serial: 8250_exar: Fill in rs485_supported (Ilpo Jarvinen) - usb: dwc3: gadget: Queue PM runtime idle on disconnect event (Wesley Cheng) - usb: dwc3: gadget: Handle EP0 request dequeuing properly (Wesley Cheng) - usb: dwc3: gadget: Refactor EP0 forced stall/restart into a separate API (Wesley Cheng) - usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive (Wesley Cheng) - usb: dwc3: gadget: Submit endxfer command if delayed during disconnect (Wesley Cheng) - usb: dwc3: gadget: Force sending delayed status during soft disconnect (Wesley Cheng) - usb: dwc3: Fix ep0 handling when getting reset while doing control transfer (Mayank Rana) - usb: dwc3: gadget: Delay issuing End Transfer (Thinh Nguyen) - usb: dwc3: gadget: Only End Transfer for ep0 data phase (Thinh Nguyen) - usb: dwc3: ep0: Don't prepare beyond Setup stage (Thinh Nguyen) - usb: dwc3: gadget: Wait for ep0 xfers to complete during dequeue (Thinh Nguyen) - crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init (Tianjia Zhang) - bus: moxtet: Add spi device table (Sjoerd Simons) - dma-buf: add dma_fence_timestamp helper (Christian Konig) - af_unix: Fix task hung while purging oob_skb in GC. (Kuniyuki Iwashima) - tracing: Inform kmemleak of saved_cmdlines allocation (Steven Rostedt (Google)) - pmdomain: core: Move the unused cleanup to a _sync initcall (Konrad Dybcio) - can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) (Oleksij Rempel) - can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock (Ziqi Zhao) - of: property: fix typo in io-channels (Nuno Sa) - mm: hugetlb pages should not be reserved by shmat() if SHM_NORESERVE (Prakash Sangappa) - ceph: prevent use-after-free in encode_cap_msg() (Rishabh Dave) - net: ethernet: ti: cpsw_new: enable mac_managed_pm to fix mdio (Sinthu Raja) - s390/qeth: Fix potential loss of L3-IP@ in case of network issues (Alexandra Winter) - net: ethernet: ti: cpsw: enable mac_managed_pm to fix mdio (Sinthu Raja) - irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update (Marc Zyngier) - irqchip/irq-brcmstb-l2: Add write memory barrier before exit (Doug Berger) - wifi: mac80211: reload info pointer in ieee80211_tx_dequeue() (Johannes Berg) - nfp: flower: prevent re-adding mac index for bonded port (Daniel de Villiers) - nfp: use correct macro for LengthSelect in BAR config (Daniel Basilio) - crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked (Kim Phillips) - nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() (Ryusuke Konishi) - nilfs2: fix data corruption in dsync block recovery for small block sizes (Ryusuke Konishi) - ALSA: hda/conexant: Add quirk for SWS JS201D (bo liu) - mmc: slot-gpio: Allow non-sleeping GPIO ro (Alexander Stein) - x86/mm/ident_map: Use gbpages only where full GB page should be mapped. (Steve Wahl) - x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 (Aleksander Mazur) - powerpc/64: Set task pt_regs->link to the LR value on scv entry (Naveen N Rao) - serial: max310x: fail probe if clock crystal is unstable (Hugo Villeneuve) - serial: max310x: improve crystal stable clock detection (Hugo Villeneuve) - serial: max310x: set default value when reading clock ready bit (Hugo Villeneuve) - ring-buffer: Clean ring_buffer_poll_wait() error return (Vincent Donnefort) - hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove (Souradeep Chakrabarti) - drm/prime: Support page array >= 4GB (Philip Yang) - media: rc: bpf attach/detach requires write permission (Sean Young) - iio: accel: bma400: Fix a compilation problem (Mario Limonciello) - iio: core: fix memleak in iio_device_register_sysfs (Dinghao Liu) - iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC (zhili.liu) - staging: iio: ad5933: fix type mismatch regression (David Schiller) - tracing: Fix wasted memory in saved_cmdlines logic (Steven Rostedt (Google)) - ext4: fix double-free of blocks due to wrong extents moved_len (Baokun Li) - misc: fastrpc: Mark all sessions as invalid in cb_remove (Ekansh Gupta) - binder: signal epoll threads of self-work (Carlos Llamas) - ALSA: hda/cs8409: Suppress vmaster control for Dolphin models (Vitaly Rodionov) - ASoC: codecs: wcd938x: handle deferred probe (Krzysztof Kozlowski) - ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL (Edson Juliano Drosdeck) - xen-netback: properly sync TX responses (Jan Beulich) - net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame() (Nikita Zhandarovich) - nfc: nci: free rx_data_reassembly skb on NCI device cleanup (Fedor Pchelkin) - kbuild: Fix changing ELF file type for output of gen_btf for big endian (Nathan Chancellor) - firewire: core: correct documentation of fw_csr_string() kernel API (Takashi Sakamoto) - lsm: fix the logic in security_inode_getsecctx() (Ondrej Mosnacek) - Revert 'drm/amd: flush any delayed gfxoff on suspend entry' (Mario Limonciello) - scsi: Revert 'scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock' (Lee Duncan) - mptcp: fix data re-injection from stale subflow (Paolo Abeni) - modpost: trim leading spaces when processing source files list (Radek Krejci) - i2c: i801: Fix block process call transactions (Jean Delvare) - i2c: i801: Remove i801_set_block_buffer_mode (Heiner Kallweit) - powerpc/kasan: Fix addr error caused by page alignment (Jiangfeng Xiao) - media: ir_toy: fix a memleak in irtoy_tx (Zhipeng Lu) - usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend (Uttkarsh Aggarwal) - usb: f_mass_storage: forbid async queue when shutdown happen (yuan linyu) - USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT (Oliver Neukum) - usb: ucsi_acpi: Fix command completion handling (Christian A. Ehrhardt) - iio: hid-sensor-als: Return 0 for HID_USAGE_SENSOR_TIME_TIMESTAMP (Srinivas Pandruvada) - HID: wacom: Do not register input devices until after hid_hw_start (Jason Gerecke) - HID: wacom: generic: Avoid reporting a serial of '0' to userspace (Tatsunosuke Tobita) - HID: i2c-hid-of: fix NULL-deref on failed power up (Johan Hovold) - ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx (Luka Guzenko) - ALSA: hda/realtek: Fix the external mic not being recognised for Acer Swift 1 SF114-32 (David Senoner) - scsi: storvsc: Fix ring buffer size calculation (Michael Kelley) - mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again (Zach O'Keefe) - tracing/trigger: Fix to return error if failed to alloc snapshot (Masami Hiramatsu (Google)) - scs: add CONFIG_MMU dependency for vfree_atomic() (Samuel Holland) - i40e: Fix waiting for queues of all VSIs to be disabled (Ivan Vecera) - MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler (Guenter Roeck) path for statistics (Breno Leitao) - ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() (Alexey Khoroshilov) - spi: ppc4xx: Drop write-only variable (Uwe Kleine-Konig) - net: openvswitch: limit the number of recursions from action sets (Aaron Conole) - wifi: iwlwifi: Fix some error codes (Dan Carpenter) - of: unittest: Fix compile in the non-dynamic case (Christian A. Ehrhardt) - btrfs: send: return EOPNOTSUPP on unknown flags (David Sterba) - btrfs: forbid deleting live subvol qgroup (Boris Burkov) - btrfs: do not ASSERT() if the newly created subvolume already got read (Qu Wenruo) - btrfs: forbid creating subvol qgroups (Boris Burkov) - netfilter: nft_set_rbtree: skip end interval element from gc (Pablo Neira Ayuso) - net: stmmac: xgmac: fix a typo of register name in DPP safety handling (Furong Xu) - net: stmmac: xgmac: use #define for string constants (Simon Horman) - clocksource: Skip watchdog check for large watchdog intervals (Jiri Wiesner) - Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID (Hans de Goede) - Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU (Werner Sembach) - usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK (Prashanth K) - usb: dwc3: host: Set XHCI_SG_TRB_CACHE_SIZE_QUIRK (Prashanth K) - USB: serial: cp210x: add ID for IMST iM871A-USB (Leonard Dallmayr) - USB: serial: option: add Fibocom FM101-GL variant (Puliang Lu) - USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e (JackBB Wu) - ALSA: usb-audio: Add a quirk for Yamaha YIT-W12TX transmitter (Julian Sikorski) - drivers: lkdtm: fix clang -Wformat warning (Justin Stitt) - blk-iocost: Fix an UBSAN shift-out-of-bounds warning (Tejun Heo) - scsi: core: Move scsi_host_busy() out of host lock if it is for per-command (Ming Lei) - fs/ntfs3: Fix an NULL dereference bug (Dan Carpenter) - netfilter: nft_set_pipapo: remove scratch_aligned pointer (Florian Westphal) - netfilter: nft_set_pipapo: add helper to release pcpu scratch area (Florian Westphal) - netfilter: nft_set_pipapo: store index in scratch maps (Florian Westphal) - netfilter: nft_ct: reject direction for ct id (Pablo Neira Ayuso) - drm/amd/display: Implement bounds check for stream encoder creation in DCN301 (Srinivasan Shanmugam) - drm/amd/display: Fix multiple memory leaks reported by coverity (Anson Jacob) - netfilter: nft_compat: restrict match/target protocol to u16 (Pablo Neira Ayuso) - netfilter: nft_compat: reject unused compat flag (Pablo Neira Ayuso) - ppp_async: limit MRU to 64K (Eric Dumazet) - af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC. (Kuniyuki Iwashima) - tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (Shigeru Yoshida) - rxrpc: Fix response to PING RESPONSE ACKs to a dead call (David Howells) - inet: read sk->sk_family once in inet_recv_error() (Eric Dumazet) - hwmon: (coretemp) Fix bogus core_id to attr name mapping (Zhang Rui) - hwmon: (coretemp) Fix out-of-bounds memory access (Zhang Rui) - hwmon: (aspeed-pwm-tacho) mutex for tach reading (Loic Prylli) - octeontx2-pf: Fix a memleak otx2_sq_init (Zhipeng Lu) - atm: idt77252: fix a memleak in open_card_ubr0 (Zhipeng Lu) - tunnels: fix out of bounds access when building IPv6 PMTU error (Antoine Tenart) - selftests: net: avoid just another constant wait (Paolo Abeni) - selftests: net: cut more slack for gro fwd tests. (Paolo Abeni) - net: stmmac: xgmac: fix handling of DPP safety error for DMA channels (Furong Xu) - drm/msm/dp: return correct Colorimetry for DP_TEST_DYNAMIC_RANGE_CEA case (Kuogee Hsieh) - phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (Tony Lindgren) - dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV (Frank Li) - phy: renesas: rcar-gen3-usb2: Fix returning wrong error code (Yoshihiro Shimoda) - dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA (Christophe JAILLET) - dmaengine: fsl-qdma: Fix a memory leak related to the status queue DMA (Christophe JAILLET) - dmaengine: ti: k3-udma: Report short packet errors (Jai Luthra) - dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools (Guanhua Gao) - ASoC: codecs: lpass-wsa-macro: fix compander volume hack (Johan Hovold) - bonding: remove print in bond_verify_device_path (Zhengchao Shao) - HID: apple: Add 2021 magic keyboard FN key mapping (Benjamin Berg) - HID: apple: Add support for the 2021 Magic Keyboard (Alex Henrie) - gve: Fix use-after-free vulnerability (Praveen Kaligineedi) - arm64: irq: set the correct node for shadow call stack (Huang Shijie) path (Breno Leitao) - selftests: net: fix available tunnels detection (Paolo Abeni) - af_unix: fix lockdep positive in sk_diag_dump_icons() (Eric Dumazet) - net: ipv4: fix a memleak in ip_setup_cork (Zhipeng Lu) - netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations (Pablo Neira Ayuso) - netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger (Pablo Neira Ayuso) - netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV (Pablo Neira Ayuso) - bridge: mcast: fix disabled snooping after long uptime (Linus Lussing) - llc: call sock_orphan() at release time (Eric Dumazet) - ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (Helge Deller) - ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550() (Christophe JAILLET) - ixgbe: Refactor overtemp event handling (Jedrzej Jagielski) - ixgbe: Refactor returning internal error codes (Jedrzej Jagielski) - ixgbe: Remove non-inclusive language (Piotr Skajewski) - tcp: add sanity checks to rx zerocopy (Eric Dumazet) - ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() (Eric Dumazet) - ip6_tunnel: use dev_sw_netstats_rx_add() (Eric Dumazet) - selftests: net: give more time for GRO aggregation (Paolo Abeni) - scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler (Ming Lei) - scsi: isci: Fix an error code problem in isci_io_request_build() (Su Hui) - drm: using mul_u32_u32() requires linux/math64.h (Stephen Rothwell) - wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update (Edward Adam Davis) - perf: Fix the nr_addr_filters fix (Peter Zijlstra) - drm/amdkfd: Fix 'node' NULL check in 'svm_range_get_range_boundaries()' (Srinivasan Shanmugam) - drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()' (Srinivasan Shanmugam) - drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in 'get_platform_power_management_table()' (Srinivasan Shanmugam) - ceph: fix deadlock or deadcode of misusing dget() (Xiubo Li) - blk-mq: fix IO hang from sbitmap wakeup race (Ming Lei) - virtio_net: Fix ''%d' directive writing between 1 and 11 bytes into a region of size 10' warnings (Zhu Yanjun) - drm/amdkfd: Fix lock dependency warning (Felix Kuehling) - libsubcmd: Fix memory leak in uniq() (Ian Rogers) - PCI/AER: Decode Requester ID when no error info found (Bjorn Helgaas) - PCI: Fix 64GT/s effective data rate calculation (Ilpo Jarvinen) - fs/kernfs/dir: obey S_ISGID (Max Kellermann) - tty: allow TIOCSLCKTRMIOS with CAP_CHECKPOINT_RESTORE (Adrian Reber) - selftests/sgx: Fix linker script asserts (Jo Van Bulck) - usb: hub: Replace hardcoded quirk value with BIT() macro (Hardik Gajjar) - perf cs-etm: Bump minimum OpenCSD version to ensure a bugfix is present (James Clark) - PCI: switchtec: Fix stdev_release() crash after surprise hot remove (Daniel Stodden) - PCI: Only override AMD USB controller if required (Guilherme G. Piccoli) - mailbox: arm_mhuv2: Fix a bug for mhuv2_sender_interrupt (Xiaowu.ding) - mfd: ti_am335x_tscadc: Fix TI SoC dependencies (Peter Robinson) - xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import (Oleksandr Tyshchenko) - i3c: master: cdns: Update maximum prescaler value for i2c clock (Harshit Shah) - um: time-travel: fix time corruption (Johannes Berg) - um: net: Fix return type of uml_net_start_xmit() (Nathan Chancellor) - um: Don't use vfprintf() for os_info() (Benjamin Berg) - um: Fix naming clash between UML and scheduler (Anton Ivanov) - leds: trigger: panic: Don't register panic notifier if creating the trigger failed (Heiner Kallweit) - ALSA: hda/conexant: Fix headset auto detect fail in cx8070 and SN6140 (bo liu) - drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' (Srinivasan Shanmugam) - drm/amdgpu: Let KFD sync with VM fences (Felix Kuehling) - clk: imx: clk-imx8qxp: fix LVDS bypass, pixel and phy clocks (Alexander Stein) - clk: imx: scu: Fix memory leak in __imx_clk_gpr_scu() (Kuan-Wei Chiu) - watchdog: it87_wdt: Keep WDTCTRL bit 3 unmodified for IT8784/IT8786 (Werner Fischer) - clk: mmp: pxa168: Fix memory leak in pxa168_clk_init() (Kuan-Wei Chiu) - clk: hi3620: Fix memory leak in hi3620_mmc_clk_init() (Kuan-Wei Chiu) - drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap (Wang, Beyond) - drm/msm/dpu: Ratelimit framedone timeout msgs (Rob Clark) - media: i2c: imx335: Fix hblank min/max values (Kieran Bingham) - media: ddbridge: fix an error code problem in ddb_probe (Su Hui) - IB/ipoib: Fix mcast list locking (Daniel Vacek) - drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time (Douglas Anderson) - f2fs: fix to tag gcing flag on page during block migration (Chao Yu) - media: rkisp1: Drop IRQF_SHARED (Tomi Valkeinen) - ALSA: hda: intel-dspcfg: add filters for ARL-S and ARL (Pierre-Louis Bossart) - ALSA: hda: Intel: add HDA_ARL PCI ID support (Pierre-Louis Bossart) - PCI: add INTEL_HDA_ARL to pci_ids.h (Pierre-Louis Bossart) - media: rockchip: rga: fix swizzling for RGB formats (Michael Tretter) - media: stk1160: Fixed high volume of stk1160_dbg messages (Ghanshyam Agrawal) - drm/mipi-dsi: Fix detach call without attach (Tomi Valkeinen) - drm/framebuffer: Fix use of uninitialized variable (Tomi Valkeinen) - drm/drm_file: fix use of uninitialized variable (Tomi Valkeinen) - f2fs: fix write pointers on zoned device after roll forward (Jaegeuk Kim) - drm/amd/display: Fix tiled display misalignment (Meenakshikumar Somasundaram) - RDMA/IPoIB: Fix error code return in ipoib_mcast_join (Jack Wang) - fast_dput(): handle underflows gracefully (Al Viro) - ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument (Cristian Ciocaltea) - ALSA: hda: Refer to correct stream index at loops (Takashi Iwai) - f2fs: fix to check return value of f2fs_reserve_new_block() (Chao Yu) - octeontx2-af: Fix max NPC MCAM entry check while validating ref_entry (Suman Ghosh) - i40e: Fix VF disable behavior to block all traffic (Andrii Staikov) - bridge: cfm: fix enum typo in br_cc_ccm_tx_parse (Lin Ma) - Bluetooth: L2CAP: Fix possible multiple reject send (Frederic Danis) - Bluetooth: qca: Set both WIDEBAND_SPEECH and LE_STATES quirks for QCA2066 (Zijun Hu) - wifi: cfg80211: free beacon_ies when overridden from hidden BSS (Benjamin Berg) - wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() (Su Hui) - ALSA: usb-audio: Add delay quirk for MOTU M Series 2nd revision (Alexander Tsoy) - libbpf: Fix NULL pointer dereference in bpf_object__collect_prog_relos (Mingyi Zhang) - wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices (Zenm Chen) - arm64: dts: qcom: msm8998: Fix 'out-ports' is a required property (Mao Jinlong) - arm64: dts: qcom: msm8996: Fix 'in-ports' is a required property (Mao Jinlong) - md: Whenassemble the array, consult the superblock of the freshest device (Alex Lyakas) - block: prevent an integer overflow in bvec_try_merge_hw_page (Christoph Hellwig) - net: dsa: mv88e6xxx: Fix mv88e6352_serdes_get_stats error path (Tobias Waldekranz) - ARM: dts: imx23/28: Fix the DMA controller node name (Fabio Estevam) - ARM: dts: imx23-sansa: Use preferred i2c-gpios properties (Fabio Estevam) - ARM: dts: imx27-apf27dev: Fix LED name (Fabio Estevam) - ARM: dts: imx25/27: Pass timing0 (Fabio Estevam) - ARM: dts: imx25: Fix the iim compatible string (Fabio Estevam) - block/rnbd-srv: Check for unlikely string overflow (Kees Cook) - ionic: pass opcode to devcmd_wait (Shannon Nelson) - ARM: dts: imx1: Fix sram node (Fabio Estevam) - ARM: dts: imx27: Fix sram node (Fabio Estevam) - ARM: dts: imx: Use flash@0,0 pattern (Fabio Estevam) - ARM: dts: imx25/27-eukrea: Fix RTC node name (Fabio Estevam) - ARM: dts: rockchip: fix rk3036 hdmi ports node (Johan Jonker) - bpf: Set uattr->batch.count as zero before batched update or deletion (Hou Tao) - scsi: libfc: Fix up timeout error in fc_fcp_rec_error() (Hannes Reinecke) - scsi: libfc: Don't schedule abort twice (Hannes Reinecke) - bpf: Add map and need_defer parameters to .map_fd_put_ptr() (Hou Tao) - wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (Minsuk Kang) - ARM: dts: imx7s: Fix nand-controller #size-cells (Alexander Stein) - ARM: dts: imx7s: Fix lcdif compatible (Alexander Stein) - ARM: dts: imx7d: Fix coresight funnel ports (Alexander Stein) - scsi: arcmsr: Support new PCI device IDs 1883 and 1886 (ching Huang) - bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk (Zhengchao Shao) - PCI: Add no PM reset quirk for NVIDIA Spectrum devices (Ido Schimmel) - scsi: lpfc: Fix possible file string name overflow when updating firmware (Justin Tee) - selftests/bpf: Fix issues in setup_classid_environment() (Yafang Shao) - selftests/bpf: Fix pyperf180 compilation failure with clang18 (Yonghong Song) - selftests/bpf: satisfy compiler by having explicit return in btf test (Andrii Nakryiko) - wifi: rt2x00: restart beacon queue when hardware reset (Shiji Yang) - ext4: avoid online resizing failures due to oversized flex bg (Baokun Li) - ext4: remove unnecessary check from alloc_flex_gd() (Baokun Li) - ext4: unify the type of flexbg_size to unsigned int (Baokun Li) - ext4: fix inconsistent between segment fstrim and full fstrim (Ye Bin) - ecryptfs: Reject casefold directory inodes (Gabriel Krisman Bertazi) - SUNRPC: Fix a suspicious RCU usage warning (Anna Schumaker) - KVM: s390: fix setting of fpc register (Heiko Carstens) - s390/ptrace: handle setting of fpc register correctly (Heiko Carstens) - arch: consolidate arch_irq_work_raise prototypes (Arnd Bergmann) - jfs: fix array-index-out-of-bounds in diNewExt (Edward Adam Davis) - rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock() (Oleg Nesterov) - afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() (Oleg Nesterov) - afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu() (Oleg Nesterov) - crypto: stm32/crc32 - fix parsing list of devices (Thomas Bourgoin) - crypto: octeontx2 - Fix cptvf driver cleanup (Bharat Bhushan) - pstore/ram: Fix crash when setting number of cpus to an odd number (Weichen Chen) - jfs: fix uaf in jfs_evict_inode (Edward Adam Davis) - jfs: fix array-index-out-of-bounds in dbAdjTree (Manas Ghandat) - jfs: fix slab-out-of-bounds Read in dtSearch (Manas Ghandat) - UBSAN: array-index-out-of-bounds in dtSplitRoot (Osama Muhammad) - FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree (Osama Muhammad) - ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous events (Shuai Xue) - PM / devfreq: Synchronize devfreq_monitor_[start/stop] (Mukesh Ojha) - ACPI: extlog: fix NULL pointer dereference check (Prarit Bhargava) - PNP: ACPI: fix fortify warning (Dmitry Antipov) - ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop (Yuluo Qiu) - audit: Send netlink ACK before setting connection in auditd_set (Chris Riches) - regulator: core: Only increment use_count when enable_count changes (Rui Zhang) - debugobjects: Stop accessing objects after releasing hash bucket lock (Andrzej Hajda) - perf/core: Fix narrow startup race when creating the perf nr_addr_filters sysfs file (Greg KH) - x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel (Zhiquan Li) - powerpc/lib: Validate size for vector operations (Naveen N Rao) - powerpc: pmd_move_must_withdraw() is only needed for CONFIG_TRANSPARENT_HUGEPAGE (Stephen Rothwell) - x86/boot: Ignore NMIs during very early boot (Jun'ichi Nomura) - powerpc/64s: Fix CONFIG_NUMA=n build due to create_section_mapping() (Michael Ellerman) - powerpc/mm: Fix build failures due to arch_reserved_kernel_pages() (Michael Ellerman) - powerpc: Fix build error due to is_valid_bugaddr() (Michael Ellerman) - drivers/perf: pmuv3: don't expose SW_INCR event in sysfs (Mark Rutland) - arm64: irq: set the correct node for VMAP stack (Huang Shijie) - powerpc/mm: Fix null-pointer dereference in pgtable_cache_add (Kunwu Chan) - x86/entry/ia32: Ensure s32 is sign extended to s64 (Richard Palethorpe) - tick/sched: Preserve number of idle sleeps across CPU hotplug events (Tim Chen) - mips: Call lose_fpu(0) before initializing fcr31 in mips_set_personality_nan (Xi Ruoyao) - mtd: cfi: allow building spi-intel standalone (Arnd Bergmann) - spi: bcm-qspi: fix SFDP BFPT read by usig mspi read (Kamal Dasu) - block: Move checking GENHD_FL_NO_PART to bdev_add_partition() (Li Lingfeng) - gpio: eic-sprd: Clear interrupt after set the interrupt type (Wenhua Lin) - drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume (Fedor Pchelkin) - drm/exynos: fix accidental on-stack copy of exynos_drm_plane (Arnd Bergmann) - drm: panel-simple: add missing bus flags for Tianma tm070jvhg[30/33] (Markus Niebel) - cpufreq: intel_pstate: Refine computation of P-state for given frequency (Rafael J. Wysocki) - cpufreq: intel_pstate: Drop redundant intel_pstate_get_hwp_cap() call (Rafael J. Wysocki) - ksmbd: fix global oob in ksmbd_nl_policy (Lin Ma) - btrfs: add definition for EXTENT_TREE_V2 (Josef Bacik) - PM / devfreq: Fix buffer overflow in trans_stat_show (Christian Marangi) - mm/sparsemem: fix race in accessing memory_section->usage (Charan Teja Kalla) - mm: use __pfn_to_section() instead of open coding it (Rolf Eike Beer) - media: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run (Zheng Wang) - ARM: dts: qcom: sdx55: fix USB SS wakeup (Johan Hovold) - ARM: dts: qcom: sdx55: fix USB DP/DM HS PHY interrupts (Johan Hovold) - ARM: dts: qcom: sdx55: fix pdc '#interrupt-cells' (Johan Hovold) - ARM: dts: samsung: exynos4210-i9100: Unconditionally enable LDO12 (Paul Cercueil) - ARM: dts: qcom: sdx55: fix USB wakeup interrupt types (Johan Hovold) - pipe: wakeup wr_wait after setting max_usage (Lukas Schauer) - fs/pipe: move check to pipe_has_watch_queue() (Max Kellermann) - bus: mhi: host: Add alignment check for event ring read pointer (Krishna chaitanya chundru) - bus: mhi: host: Rename 'struct mhi_tre' to 'struct mhi_ring_element' (Manivannan Sadhasivam) - PM: sleep: Fix possible deadlocks in core system-wide PM code (Rafael J. Wysocki) - PM: core: Remove unnecessary (void *) conversions (Li zeming) - drm/bridge: nxp-ptn3460: simplify some error checking (Dan Carpenter) - drm/tidss: Fix atomic_flush check (Tomi Valkeinen) - drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking (Dan Carpenter) - drm: Don't unref the same fb many times by mistake due to deadlock handling (Ville Syrjala) - gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04 (Mario Limonciello) - xfs: read only mounts with fsopen mount API are busted (Dave Chinner) - firmware: arm_scmi: Check mailbox/SMT channel for consistency (Cristian Marussi) - netfilter: nf_tables: reject QUEUE/DROP verdict parameters (Florian Westphal) - netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain (Pablo Neira Ayuso) - hv_netvsc: Calculate correct ring size when PAGE_SIZE is not 4 Kbytes (Michael Kelley) - wifi: iwlwifi: fix a memory corruption (Emmanuel Grumbach) - exec: Fix error handling in begin_new_exec() (Bernd Edlinger) - rbd: don't move requests to the running list on errors (Ilya Dryomov) - btrfs: don't abort filesystem when attempting to snapshot deleted subvolume (Omar Sandoval) - btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args (Qu Wenruo) - btrfs: don't warn if discard range is not aligned to sector (David Sterba) - btrfs: tree-checker: fix inline ref size in error messages (Chung-Chiang Cheng) - btrfs: ref-verify: free ref cache before clearing mount opt (Fedor Pchelkin) - btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot of subvolume being deleted (Omar Sandoval) - btrfs: fix race between reading a directory and adding entries to it (Filipe Manana) - btrfs: refresh dir last index during a rewinddir(3) call (Filipe Manana) - btrfs: set last dir index to the current last index when opening dir (Filipe Manana) - btrfs: fix infinite directory reads (Filipe Manana) - net: fec: fix the unhandled context fault from smmu (Shenwei Wang) - fjes: fix memleaks in fjes_hw_setup (Zhipeng Lu) - selftests: netdevsim: fix the udp_tunnel_nic test (Jakub Kicinski) - net: mvpp2: clear BM pool before initialization (Jenishkumar Maheshbhai Patel) - net: stmmac: Wait a bit for the reset to take effect (Bernd Edlinger) - netfilter: nf_tables: validate NFPROTO_* family (Pablo Neira Ayuso) - netfilter: nf_tables: restrict anonymous set and map names to 16 bytes (Florian Westphal) - netfilter: nft_limit: reject configurations that cause integer overflow (Florian Westphal) - overflow: Allow mixed type arguments (Kees Cook) - net/mlx5e: fix a potential double-free in fs_any_create_groups (Dinghao Liu) - net/mlx5e: fix a double-free in arfs_create_groups (Zhipeng Lu) - net/mlx5: DR, Can't go to uplink vport on RX rule (Yevgeny Kliteynik) - net/mlx5: DR, Use the right GVMI number for drop action (Yevgeny Kliteynik) - ipv6: init the accept_queue's spinlocks in inet6_create (Zhengchao Shao) - netlink: fix potential sleeping issue in mqueue_flush_file (Zhengchao Shao) - tcp: Add memory barrier to tcp_push() (Salvatore Dipietro) - afs: Hide silly-rename files from userspace (David Howells) - tracing: Ensure visibility when inserting an element into tracing_map (Petr Pavlu) - net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv (Sharath Srinivasan) - llc: Drop support for ETH_P_TR_802_2. (Kuniyuki Iwashima) - llc: make llc_ui_sendmsg() more robust against bonding changes (Eric Dumazet) - vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING (Lin Ma) - bnxt_en: Wait for FLR to complete during probe (Michael Chan) - tcp: make sure init the accept_queue's spinlocks once (Zhengchao Shao) - net/smc: fix illegal rmb_desc access in SMC-D connection dump (Wen Gu) - ksmbd: Add missing set_freezable() for freezable kthread (Namjae Jeon) - ksmbd: send lease break notification on FILE_RENAME_INFORMATION (Namjae Jeon) - ksmbd: don't increment epoch if current state and request state are same (Namjae Jeon) - ksmbd: fix potential circular locking issue in smb2_set_ea() (Namjae Jeon) - ksmbd: set v2 lease version on lease upgrade (Namjae Jeon) - rename(): fix the locking of subdirectories (Al Viro) - ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path (Zhihao Cheng) - nouveau/vmm: don't set addr on the fail path to avoid warning (Dave Airlie) - rtc: Adjust failure return code for cmos_set_alarm() (Mario Limonciello) - mmc: mmc_spi: remove custom DMA mapped buffers (Andy Shevchenko) - mmc: core: Use mrq.sbc in close-ended ffu (Avri Altman) - scripts/get_abi: fix source path leak (Vegard Nossum) - lsm: new security_file_ioctl_compat() hook (Alfred Piccioni) - arm64: dts: qcom: sdm845: fix USB DP/DM HS PHY interrupts (Johan Hovold) - arm64: dts: qcom: sm8150: fix USB wakeup interrupt types (Johan Hovold) - arm64: dts: qcom: sdm845: fix USB wakeup interrupt types (Johan Hovold) - arm64: dts: qcom: sc7180: fix USB wakeup interrupt types (Johan Hovold) - async: Introduce async_schedule_dev_nocall() (Rafael J. Wysocki) - async: Split async_schedule_node_domain() (Rafael J. Wysocki) - parisc/firmware: Fix F-extend for PDC addresses (Helge Deller) - bus: mhi: host: Add spinlock to protect WP access when queueing TREs (Bhaumik Bhatt) - bus: mhi: host: Drop chan lock before queuing buffers (Qiang Yu) - mips: Fix max_mapnr being uninitialized on early stages (Serge Semin) - media: ov9734: Enable runtime PM before registering async sub-device (Bingbu Cao) - rpmsg: virtio: Free driver_override when rpmsg_remove() (Xiaolei Wang) - media: imx355: Enable runtime PM before registering async sub-device (Bingbu Cao) - crypto: s390/aes - Fix buffer overread in CTR mode (Herbert Xu) - hwrng: core - Fix page fault dead lock on mmap-ed hwrng (Herbert Xu) - PM: hibernate: Enforce ordering during image compression/decompression (Hongchen Zhang) - crypto: api - Disallow identical driver names (Herbert Xu) - btrfs: sysfs: validate scrub_speed_max value (David Disseldorp) - ext4: allow for the last group to be marked as trimmed (Suraj Jitindar Singh) - iio:adc:ad7091r: Move exports into IIO_AD7091R namespace. (Jonathan Cameron) - scsi: ufs: core: Remove the ufshcd_hba_exit() call from ufshcd_async_scan() (Bart Van Assche) - scsi: ufs: core: Simplify power management during async scan (Bart Van Assche) - dmaengine: fix NULL pointer in channel unregistration function (Amelie Delaunay) - iio: adc: ad7091r: Enable internal vref if external vref is not supplied (Marcelo Schmitt) - iio: adc: ad7091r: Allow users to configure device events (Marcelo Schmitt) - iio: adc: ad7091r: Set alert bit in config register (Marcelo Schmitt) - ksmbd: only v2 leases handle the directory (Namjae Jeon) - ksmbd: fix UAF issue in ksmbd_tcp_new_connection() (Namjae Jeon) - ksmbd: validate mech token in session setup (Namjae Jeon) - ksmbd: don't allow O_TRUNC open on read-only share (Namjae Jeon) - ksmbd: free ppace array on error in parse_dacl (Fedor Pchelkin) - LTS version: v5.15.148 (Vijayendra Suman) - Revert 'Revert 'md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d'' (Song Liu) - arm64: dts: armada-3720-turris-mox: set irq type for RTC (Sjoerd Simons) - netfilter: nft_quota: copy content when cloning expression (Pablo Neira Ayuso) - netfilter: nft_last: copy content when cloning expression (Pablo Neira Ayuso) - netfilter: nft_limit: Clone packet limits' cost value (Phil Sutter) - netfilter: nft_limit: fix stateful object memory leak (Florian Westphal) - netfilter: nft_connlimit: memleak if nf_ct_netns_get() fails (Pablo Neira Ayuso) - netfilter: nf_tables: typo NULL check in _clone() function (Pablo Neira Ayuso) - block: Remove special-casing of compound pages (Matthew Wilcox (Oracle)) - i2c: s3c24xx: fix transferring more than one message in polling mode (Marek Szyprowski) - i2c: s3c24xx: fix read transfers in polling mode (Marek Szyprowski) - ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work (Nikita Zhandarovich) - selftests: mlxsw: qos_pfc: Adjust the test to support 8 lanes (Amit Cohen) - mlxsw: spectrum_acl_tcam: Fix stack corruption (Ido Schimmel) - mlxsw: spectrum_acl_erp: Fix error flow of pool allocation failure (Amit Cohen) - ethtool: netlink: Add missing ethnl_ops_begin/complete (Ludvig Parsson) - kdb: Fix a potential buffer overflow in kdb_local() (Christophe JAILLET) - ipvs: avoid stat macros calls from preemptible context (Fedor Pchelkin) - netfilter: nf_tables: reject NFT_SET_CONCAT with not field length description (Pablo Neira Ayuso) - netfilter: nf_tables: skip dead set elements in netlink dump (Pablo Neira Ayuso) - netfilter: nf_tables: do not allow mismatch field size and set key length (Pablo Neira Ayuso) - netfilter: nft_limit: do not ignore unsupported flags (Pablo Neira Ayuso) - netfilter: nf_tables: memcg accounting for dynamically allocated objects (Vasily Averin) - netfilter: nft_limit: move stateful fields out of expression data (Pablo Neira Ayuso) - netfilter: nft_limit: rename stateful structure (Pablo Neira Ayuso) - netfilter: nft_quota: move stateful fields out of expression data (Pablo Neira Ayuso) - netfilter: nft_last: move stateful fields out of expression data (Pablo Neira Ayuso) - netfilter: nft_connlimit: move stateful fields out of expression data (Pablo Neira Ayuso) - netfilter: nf_tables: reject invalid set policy (Pablo Neira Ayuso) - net: dsa: vsc73xx: Add null pointer check to vsc73xx_gpio_probe (Kunwu Chan) - bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS (Hao Sun) - net: stmmac: ethtool: Fixed calltrace caused by unbalanced disable_irq_wake calls (Qiang Ma) - net: ravb: Fix dma_addr_t truncation in error case (Nikita Yushchenko) - mptcp: use OPTION_MPTCP_MPJ_SYN in subflow_check_req() (Eric Dumazet) - mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() (Eric Dumazet) - mptcp: strict validation before using mp_opt->hmac (Eric Dumazet) - mptcp: drop unused sk in mptcp_get_options (Geliang Tang) - mptcp: mptcp_parse_option() fix for MPTCPOPT_MP_JOIN (Eric Dumazet) - net: phy: micrel: populate .soft_reset for KSZ9131 (Claudiu Beznea) - net: ethernet: ti: am65-cpsw: Fix max mtu to fit ethernet frames (Sanjuan Garcia, Jorge) - net: qualcomm: rmnet: fix global oob in rmnet_policy (Lin Ma) - s390/pci: fix max size calculation in zpci_memcpy_toio() (Niklas Schnelle) - PCI: keystone: Fix race condition when initializing PHYs (Siddharth Vadapalli) - nvmet-tcp: Fix the H2C expected PDU len calculation (Maurizio Lombardi) - nvmet: re-fix tracing strncpy() warning (Arnd Bergmann) - serial: imx: Correct clock error message in function probe() (Christoph Niedermaier) - usb: xhci-mtk: fix a short packet issue of gen1 isoc-in transfer (Chunfeng Yun) - apparmor: avoid crash when parsed profile name is empty (Fedor Pchelkin) - perf env: Avoid recursively taking env->bpf_progs.lock (Ian Rogers) - nvmet-tcp: fix a crash in nvmet_req_complete() (Maurizio Lombardi) - nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length (Maurizio Lombardi) - usb: cdc-acm: return correct error code on unsupported break (Oliver Neukum) - tty: use 'if' in send_break() instead of 'goto' (Jiri Slaby (SUSE)) - tty: don't check for signal_pending() in send_break() (Jiri Slaby (SUSE)) - tty: early return from send_break() on TTY_DRIVER_HARDWARE_BREAK (Jiri Slaby (SUSE)) - tty: change tty_write_lock()'s ndelay parameter to bool (Jiri Slaby (SUSE)) - perf genelf: Set ELF program header addresses properly (Namhyung Kim) - iio: adc: ad9467: fix scale setting (Nuno Sa) - iio: adc: ad9467: don't ignore error codes (Nuno Sa) - iio: adc: ad9467: fix reset gpio handling (Nuno Sa) - iio: adc: ad9467: Benefit from devm_clk_get_enabled() to simplify (Uwe Kleine-Konig) - selftests/sgx: Skip non X86_64 platform (Zhao Mengmeng) - selftests/sgx: Fix uninitialized pointer dereference in error path (Jo Van Bulck) - serial: imx: fix tx statemachine deadlock (Paul Geurts) - software node: Let args be NULL in software_node_get_reference_args (Sakari Ailus) - libapi: Add missing linux/types.h header to get the __u64 type on io.h (Arnaldo Carvalho de Melo) - serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed (Uwe Kleine-Konig) - power: supply: bq256xx: fix some problem in bq256xx_hw_init (Su Hui) - power: supply: cw2015: correct time_to_empty units in sysfs (Jan Palus) - MIPS: Alchemy: Fix an out-of-bound access in db1550_dev_setup() (Christophe JAILLET) - MIPS: Alchemy: Fix an out-of-bound access in db1200_dev_setup() (Christophe JAILLET) - riscv: Fix module_alloc() that did not reset the linear mapping permissions (Alexandre Ghiti) - riscv: Check if the code to patch lies in the exit section (Alexandre Ghiti) - mips: Fix incorrect max_low_pfn adjustment (Serge Semin) - mips: dmi: Fix early remap on MIPS32 (Serge Semin) - mfd: intel-lpss: Fix the fractional clock divider flags (Andy Shevchenko) - leds: aw2013: Select missing dependency REGMAP_I2C (Dang Huynh) - mfd: syscon: Fix null pointer dereference in of_syscon_register() (Kunwu Chan) - ARM: 9330/1: davinci: also select PINCTRL (Randy Dunlap) - iommu/dma: Trace bounce buffer usage when mapping buffers (Isaac J. Manjarres) - serial: sc16is7xx: set safe default SPI clock frequency (Hugo Villeneuve) - serial: sc16is7xx: add check for unsupported SPI modes during probe (Hugo Villeneuve) - HID: wacom: Correct behavior when processing some confidence == false touches (Jason Gerecke) - iio: adc: ad7091r: Pass iio_dev to event handler (Marcelo Schmitt) - KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache (Oliver Upton) - KVM: arm64: vgic-v4: Restore pending state on host userspace write (Marc Zyngier) - x86/kvm: Do not try to disable kvmclock if it was not enabled (Kirill A. Shutemov) - PCI: mediatek: Clear interrupt status before dispatching handler (qizhong cheng) - PCI: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support (Niklas Cassel) - wifi: mwifiex: configure BSSID consistently when starting AP (David Lin) - wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors (Ilpo Jarvinen) - wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable code (Ilpo Jarvinen) - wifi: mt76: fix broken precal loading from MTD for mt7915 (Christian Marangi) - iommu/arm-smmu-qcom: Add missing GMU entry to match table (Rob Clark) - bpf: Fix re-attachment branch in bpf_tracing_prog_attach (Jiri Olsa) - Bluetooth: Fix atomicity violation in {min,max}_key_size_set (Gui-Dong Han) - rootfs: Fix support for rootfstype= when root= is given (Stefan Berger) - io_uring/rw: ensure io->bytes_done is always initialized (Jens Axboe) - pwm: jz4740: Don't use dev_err_probe() in .request() (Uwe Kleine-Konig) - block: add check that partition length needs to be aligned with block size (Min Li) - scsi: mpi3mr: Refresh sdev queue depth after controller reset (Chandrakanth patil) - fbdev: flush deferred work in fb_deferred_io_fsync() (Nam Cao) - ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq2xxx (Caghan Demir) - ALSA: oxygen: Fix right channel of capture volume mixer (Takashi Iwai) - serial: imx: Ensure that imx_uart_rs485_config() is called with enabled clock (Christoph Niedermaier) - usb: mon: Fix atomicity violation in mon_bin_vma_fault (Gui-Dong Han) - usb: typec: class: fix typec_altmode_put_partner to put plugs (RD Babiera) - Revert 'usb: typec: class: fix typec_altmode_put_partner to put plugs' (Heikki Krogerus) - usb: cdns3: Fix uvc fail when DMA cross 4k boundery since sg enabled (Frank Li) - usb: cdns3: fix iso transfer error when mult is not zero (Frank Li) - usb: cdns3: fix uvc failure work since sg support enabled (Frank Li) - usb: chipidea: wait controller resume finished for wakeup irq (Xu Yang) - Revert 'usb: dwc3: don't reset device side if dwc3 was configured as host-only' (Thinh Nguyen) - Revert 'usb: dwc3: Soft reset phy on probe for host' (Thinh Nguyen) - usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart (Uttkarsh Aggarwal) - usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host() (Xu Yang) - tick-sched: Fix idle and iowait sleeptime accounting vs CPU hotplug (Heiko Carstens) - binder: fix race between mmput() and do_exit() (Carlos Llamas) - xen-netback: don't produce zero-size SKB frags (Jan Beulich) - virtio-crypto: fix memory leak in virtio_crypto_alg_skcipher_close_session() (Wei Yongjun) - dma-mapping: Fix build error unused-value (Ren Zhijie) - Input: atkbd - use ab83 as id when skipping the getid command (Hans de Goede) - binder: fix unused alloc->free_async_space (Carlos Llamas) - binder: fix async space check for 0-sized buffers (Carlos Llamas) - selftests/bpf: Add assert for user stacks in test_task_stack (Jordan Rome) - of: unittest: Fix of_count_phandle_with_args() expected value message (Geert Uytterhoeven) - of: Fix double free in of_parse_phandle_with_args_map (Christian A. Ehrhardt) - ksmbd: validate the zero field of packet header (Li Nan) - drm/amd/pm/smu7: fix a memleak in smu7_hwmgr_backend_init (Zhipeng Lu) - IB/iser: Prevent invalidating wrong MR (Sergey Gorenko) - mmc: sdhci_omap: Fix TI SoC dependencies (Peter Robinson) - mmc: sdhci_am654: Fix TI SoC dependencies (Peter Robinson) - ALSA: scarlett2: Add clamp() in scarlett2_mixer_ctl_put() (Geoffrey D. Bennett) - ALSA: scarlett2: Add missing error checks to *_ctl_get() (Geoffrey D. Bennett) - ALSA: scarlett2: Allow passing any output to line_out_remap() (Geoffrey D. Bennett) - ALSA: scarlett2: Add missing error check to scarlett2_usb_set_config() (Geoffrey D. Bennett) - ALSA: scarlett2: Add missing error check to scarlett2_config_save() (Geoffrey D. Bennett) - ASoC: rt5645: Drop double EF20 entry from dmi_platform_data[] (Hans de Goede) - pwm: stm32: Fix enable count for clk in .probe() (Philipp Zabel) - pwm: stm32: Use hweight32 in stm32_pwm_detect_channels (Philipp Zabel) - pwm: stm32: Use regmap_clear_bits and regmap_set_bits where applicable (Uwe Kleine-Konig) - clk: fixed-rate: fix clk_hw_register_fixed_rate_with_accuracy_parent_hw (Theo Lebrun) - clk: fixed-rate: add devm_clk_hw_register_fixed_rate (Dmitry Baryshkov) - clk: asm9260: use parent index to link the reference clock (Dmitry Baryshkov) - clk: si5341: fix an error code problem in si5341_output_clk_set_rate (Su Hui) - watchdog: rti_wdt: Drop runtime pm reference count when watchdog is unused (Vignesh Raghavendra) - watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling (Stefan Wahren) - watchdog/hpwdt: Only claim UNKNOWN NMI if from iLO (Jerry Hoemann) - watchdog: set cdev owner before adding (Curtis Klein) - drivers: clk: zynqmp: update divider round rate logic (Jay Buddhabhatti) - clk: zynqmp: Add a check for NULL pointer (Shubhrajyoti Datta) - clk: zynqmp: make bestdiv unsigned (Shubhrajyoti Datta) - drivers: clk: zynqmp: calculate closest mux rate (Jay Buddhabhatti) - clk: qcom: videocc-sm8150: Add missing PLL config property (Satya Priya Kakitapalli) - clk: qcom: videocc-sm8150: Update the videocc resets (Satya Priya Kakitapalli) - dt-bindings: clock: Update the videocc resets for sm8150 (Satya Priya Kakitapalli) - gpu/drm/radeon: fix two memleaks in radeon_vm_init (Zhipeng Lu) - drivers/amd/pm: fix a use-after-free in kv_parse_power_table (Zhipeng Lu) - drm/amd/pm: fix a double-free in si_dpm_init (Zhipeng Lu) - drm/amdgpu/debugfs: fix error code when smc register accessors are NULL (Alex Deucher) - media: dvb-frontends: m88ds3103: Fix a memory leak in an error handling path of m88ds3103_probe() (Christophe JAILLET) - media: dvbdev: drop refcount on error path in dvb_device_open() (Dan Carpenter) - f2fs: fix the f2fs_file_write_iter tracepoint (Eric Biggers) - f2fs: fix to update iostat correctly in f2fs_filemap_fault() (Chao Yu) - f2fs: fix to check compress file in f2fs_move_file_range() (Chao Yu) - media: rkisp1: Disable runtime PM in probe error path (Laurent Pinchart) - clk: qcom: gpucc-sm8150: Update the gpu_cc_pll1 config (Satya Priya Kakitapalli) - media: cx231xx: fix a memleak in cx231xx_init_isoc (Zhipeng Lu) - drm/bridge: tc358767: Fix return value on error case (Tomi Valkeinen) - drm/bridge: cdns-mhdp8546: Fix use of uninitialized variable (Tomi Valkeinen) - drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table (Zhipeng Lu) - drm/radeon/dpm: fix a memleak in sumo_parse_power_table (Zhipeng Lu) - drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() (Yang Yingliang) - drm/drv: propagate errors from drm_modeset_register_all() (Dmitry Baryshkov) - drm/msm/dsi: Use pm_runtime_resume_and_get to prevent refcnt leaks (Konrad Dybcio) - drm/msm/mdp4: flush vblank event on disable (Dmitry Baryshkov) - ASoC: cs35l34: Fix GPIO name and drop legacy include (Linus Walleij) - ASoC: cs35l33: Fix GPIO name and drop legacy include (Linus Walleij) - drm/radeon: check return value of radeon_ring_lock() (Nikita Zhandarovich) - drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check() (Nikita Zhandarovich) - drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg() (Nikita Zhandarovich) - f2fs: fix to avoid dirent corruption (Chao Yu) - drm/bridge: Fix typo in post_disable() description (Dario Binacchi) - media: pvrusb2: fix use after free on context disconnection (Ricardo B. Marliere) - drm/tilcdc: Fix irq free on unload (Tomi Valkeinen) - drm/bridge: tpd12s015: Drop buggy __exit annotation for remove function (Uwe Kleine-Konig) - drm/nouveau/fence:: fix warning directly dereferencing a rcu pointer (Abhinav Singh) - drm/panel-elida-kd35t133: hold panel in reset for unprepare (Chris Morgan) - RDMA/hns: Fix inappropriate err code for unsupported operations (Junxian Huang) - RDMA/usnic: Silence uninitialized symbol smatch warnings (Leon Romanovsky) - Revert 'drm/omapdrm: Annotate dma-fence critical section in commit path' (Tomi Valkeinen) - Revert 'drm/tidss: Annotate dma-fence critical section in commit path' (Tomi Valkeinen) - ARM: davinci: always select CONFIG_CPU_ARM926T (Arnd Bergmann) - ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (Eric Dumazet) - mlxbf_gige: Enable the GigE port in mlxbf_gige_open (Asmaa Mnebhi) - mlxbf_gige: Fix intermittent no ip issue (Asmaa Mnebhi) - net/sched: act_ct: fix skb leak and crash on ooo frags (Tao Liu) - null_blk: don't cap max_hw_sectors to BLK_DEF_MAX_SECTORS (Christoph Hellwig) - block: make BLK_DEF_MAX_SECTORS unsigned (Keith Busch) - Bluetooth: btmtkuart: fix recv_buf() return value (Francesco Dolcini) - Bluetooth: Fix bogus check for re-auth no supported with non-ssp (Luiz Augusto von Dentz) - netfilter: nf_tables: mark newset as dead on transaction abort (Florian Westphal) - wifi: iwlwifi: mvm: send TX path flush in rfkill (Johannes Berg) - wifi: iwlwifi: mvm: set siso/mimo chains to 1 in FW SMPS request (Johannes Berg) - wifi: rtlwifi: rtl8192se: using calculate_bit_shift() (Su Hui) - wifi: rtlwifi: rtl8192ee: using calculate_bit_shift() (Su Hui) - wifi: rtlwifi: rtl8192de: using calculate_bit_shift() (Su Hui) - wifi: rtlwifi: rtl8192ce: using calculate_bit_shift() (Su Hui) - wifi: rtlwifi: rtl8192cu: using calculate_bit_shift() (Su Hui) - wifi: rtlwifi: rtl8192c: using calculate_bit_shift() (Su Hui) - wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift() (Su Hui) - wifi: rtlwifi: add calculate_bit_shift() (Su Hui) - arm64: dts: qcom: sc7280: Mark SDHCI hosts as cache-coherent (Konrad Dybcio) - block: add check of 'minors' and 'first_minor' in device_add_disk() (Li Nan) - arm64: dts: qcom: sm8150-hdk: fix SS USB regulators (Dmitry Baryshkov) - soc: qcom: llcc: Fix dis_cap_alloc and retain_on_pc configuration (Atul Dhudase) - dma-mapping: clear dev->dma_mem to NULL after freeing it (Joakim Zhang) - dma-mapping: Add dma_release_coherent_memory to DMA API (Mark-PK Tsai) - virtio/vsock: fix logic which reduces credit update messages (Arseniy Krasnov) - selftests/net: fix grep checking for fib_nexthop_multiprefix (Hangbin Liu) - scsi: hisi_sas: Correct the number of global debugfs registers (Yihang Li) - scsi: hisi_sas: Rollback some operations if FLR failed (Yihang Li) - scsi: hisi_sas: Replace with standard error code return value (Yihang Li) - scsi: hisi_sas: Prevent parallel FLR and controller reset (Qi Liu) - scsi: hisi_sas: Rename HISI_SAS_{RESET -> RESETTING}_BIT (Luo Jiaxing) - block: Set memalloc_noio to false on device_add_disk() error path (Li Nan) - bpf: Fix verification of indirect var-off stack access (Andrei Matei) - arm64: dts: qcom: sc7280: fix usb_2 wakeup interrupt types (Johan Hovold) - arm64: dts: qcom: sdm845-db845c: correct LED panic indicator (Krzysztof Kozlowski) - arm64: dts: qcom: qrb5165-rb5: correct LED panic indicator (Krzysztof Kozlowski) - scsi: fnic: Return error if vmalloc() failed (Artem Chernyshev) - bpf: fix check for attempt to corrupt spilled pointer (Andrii Nakryiko) - arm64: dts: qcom: sm8250: Make watchdog bark interrupt edge triggered (Douglas Anderson) - arm64: dts: qcom: sm8150: Make watchdog bark interrupt edge triggered (Douglas Anderson) - arm64: dts: qcom: sdm845: Make watchdog bark interrupt edge triggered (Douglas Anderson) - arm64: dts: qcom: sc7280: Make watchdog bark interrupt edge triggered (Douglas Anderson) - arm64: dts: qcom: sc7180: Make watchdog bark interrupt edge triggered (Douglas Anderson) - ARM: dts: qcom: sdx65: correct SPMI node name (Krzysztof Kozlowski) - bpf: enforce precision of R0 on callback return (Andrii Nakryiko) - arm64: dts: ti: k3-am65-main: Fix DSS irq trigger type (Tomi Valkeinen) - wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift behavior (Su Hui) - firmware: meson_sm: populate platform devices from sm device tree data (Dmitry Rokosov) - firmware: ti_sci: Fix an off-by-one in ti_sci_debugfs_create() (Christophe JAILLET) - net/ncsi: Fix netlink major/minor version numbers (Peter Delevoryas) - ARM: dts: qcom: apq8064: correct XOADC register address (Dmitry Baryshkov) - wifi: libertas: stop selecting wext (Arnd Bergmann) - wifi: ath11k: Defer on rproc_get failure (Luca Weiss) - bpf: Add crosstask check to __bpf_get_stack (Jordan Rome) - bpf, lpm: Fix check prefixlen before walking trie (Florian Lehner) - wifi: rtw88: fix RX filter in FIF_ALLMULTI flag (Chih-Kang Chang) - NFSv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT (Trond Myklebust) - blocklayoutdriver: Fix reference leak of pnfs_device_node (Benjamin Coddington) - crypto: scomp - fix req->dst buffer overflow (Chengming Zhou) - crypto: sahara - do not resize req->src when doing hash operations (Ovidiu Panait) - crypto: sahara - fix processing hash requests with req->nbytes < sg->length (Ovidiu Panait) - crypto: sahara - improve error handling in sahara_sha_process() (Ovidiu Panait) - crypto: sahara - fix wait_for_completion_timeout() error handling (Ovidiu Panait) - crypto: sahara - fix ahash reqsize (Ovidiu Panait) - crypto: sahara - handle zero-length aes requests (Ovidiu Panait) - crypto: sahara - avoid skcipher fallback code duplication (Ovidiu Panait) - crypto: virtio - Wait for tasklet to complete on device remove (wangyangxin) - gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump (Osama Muhammad) - fs: indicate request originates from old mount API (Christian Brauner) - pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() (Sergey Shtylyov) - crypto: sahara - fix error handling in sahara_hw_descriptor_create() (Ovidiu Panait) - crypto: sahara - fix processing requests with cryptlen < sg->length (Ovidiu Panait) - crypto: sahara - fix ahash selftest failure (Ovidiu Panait) - crypto: sahara - fix cbc selftest failure (Ovidiu Panait) - crypto: sahara - remove FLAGS_NEW_KEY logic (Ovidiu Panait) - crypto: af_alg - Disallow multiple in-flight AIO requests (Herbert Xu) - crypto: ccp - fix memleak in ccp_init_dm_workarea (Dinghao Liu) - crypto: sa2ul - Return crypto_aead_setkey to transfer the error (Chen Ni) - crypto: virtio - Handle dataq logic with tasklet (Gonglei (Arei)) - selinux: Fix error priority for bind with AF_UNSPEC on PF_INET6 socket (Mickael Salaun) - mtd: Fix gluebi NULL pointer dereference caused by ftl notifier (ZhaoLong Wang) - kunit: debugfs: Fix unchecked dereference in debugfs_print_results() (Richard Fitzgerald) - ACPI: extlog: Clear Extended Error Log status when RAS_CEC handled the error (Tony Luck) - ACPI: LPSS: Fix the fractional clock divider flags (Andy Shevchenko) - spi: sh-msiof: Enforce fixed DTDL for R-Car H3 (Wolfram Sang) - efivarfs: force RO when remounting if SetVariable is not supported (Ilias Apalodimas) - calipso: fix memory leak in netlbl_calipso_add_pass() (Gavrilov Ilia) - cpufreq: scmi: process the result of devm_of_clk_add_hw_provider() (Alexandra Diupina) - cpufreq: Use of_property_present() for testing DT property presence (Rob Herring) - of: Add of_property_present() helper (Rob Herring) - of: property: define of_property_read_u{8,16,32,64}_array() unconditionally (Michael Walle) - ACPI: LPIT: Avoid u32 multiplication overflow (Nikita Kiryushin) - ACPI: video: check for error while searching for backlight device parent (Nikita Kiryushin) - mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller response (Ronald Monthero) - spi: spi-zynqmp-gqspi: fix driver kconfig dependencies (Amit Kumar Mahapatra) - powerpc/imc-pmu: Add a null pointer check in update_events_in_group() (Kunwu Chan) - powerpc/powernv: Add a null pointer check in opal_powercap_init() (Kunwu Chan) - powerpc/powernv: Add a null pointer check in opal_event_init() (Kunwu Chan) - powerpc/powernv: Add a null pointer check to scom_debug_init_one() (Kunwu Chan) - selftests/powerpc: Fix error handling in FPU/VMX preemption tests (Michael Ellerman) - powerpc/pseries/memhp: Fix access beyond end of drmem array (Nathan Lynch) - powerpc/44x: select I2C for CURRITUCK (Randy Dunlap) - powerpc: add crtsavres.o to always-y instead of extra-y (Masahiro Yamada) - powerpc: remove checks for binutils older than 2.25 (Masahiro Yamada) - powerpc/toc: Future proof kernel toc (Alan Modra) - powerpc: Mark .opd section read-only (Christophe Leroy) - EDAC/thunderx: Fix possible out-of-bounds string access (Arnd Bergmann) - x86/lib: Fix overflow when counting digits (Colin Ian King) - coresight: etm4x: Fix width of CCITMIN field (James Clark) - PCI: Add ACS quirk for more Zhaoxin Root Ports (LeoLiuoc) - leds: ledtrig-tty: Free allocated ttyname buffer on deactivate (Florian Eckert) - parport: parport_serial: Add Brainboxes device IDs and geometry (Cameron Williams) - parport: parport_serial: Add Brainboxes BAR details (Cameron Williams) - uio: Fix use-after-free in uio_open (Guanghui Feng) - binder: fix comment on binder_alloc_new_buf() return value (Carlos Llamas) - binder: fix trivial typo of binder_free_buf_locked() (Carlos Llamas) - binder: fix use-after-free in shinker's callback (Carlos Llamas) - binder: use EPOLLERR from eventpoll.h (Carlos Llamas) - kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list (Masami Hiramatsu (Google)) - bpf: Add --skip_encoding_btf_inconsistent_proto, --btf_gen_optimized to pahole flags for v1.25 (Alan Maguire) - Revert 'ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek' (Greg Kroah-Hartman) - ACPI: resource: Add another DMI match for the TongFang GMxXGxx (Hans de Goede) - drm/crtc: fix uninitialized variable use (Jani Nikula) - ARM: sun9i: smp: fix return code check of of_property_match_string (Stefan Wahren) - net: qrtr: ns: Return 0 if server port is not present (Sarannya S) - ida: Fix crash in ida_free when the bitmap is empty (Matthew Wilcox (Oracle)) - i2c: rk3x: fix potential spinlock recursion on poll (Jensen Huang) - ASoC: Intel: bytcr_rt5640: Add quirk for the Medion Lifetab S10346 (Hans de Goede) - Input: xpad - add Razer Wolverine V2 support (Luca Weiss) - wifi: iwlwifi: pcie: avoid a NULL pointer dereference (Avraham Stern) - ARC: fix spare error (Vineet Gupta) - s390/scm: fix virtual vs physical address confusion (Vineeth Vijayan) - Input: i8042 - add nomux quirk for Acer P459-G2-M (Esther Shimanovich) - Input: atkbd - skip ATKBD_CMD_GETID in translated mode (Hans de Goede) - reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning (Krzysztof Kozlowski) - ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI (Steven Rostedt (Google)) - tracing: Fix uaf issue when open the hist or hist_debug file (Zheng Yejian) - MIPS: dts: loongson: drop incorrect dwmac fallback compatible (Krzysztof Kozlowski) - stmmac: dwmac-loongson: drop useless check for compatible fallback (Krzysztof Kozlowski) - tracing: Add size check when printing trace_marker output (Steven Rostedt (Google)) - tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing (Steven Rostedt (Google)) - jbd2: fix soft lockup in journal_finish_inode_data_buffers() (Ye Bin) - platform/x86: intel-vbtn: Fix missing tablet-mode-switch events (Hans de Goede) - neighbour: Don't let neigh_forced_gc() disable preemption for long (Judy Hsiao) - drm/crtc: Fix uninit-value bug in drm_mode_setcrtc (Ziqi Zhao) - jbd2: correct the printing of write_flags in jbd2_write_superblock() (Zhang Yi) - clk: rockchip: rk3128: Fix HCLK_OTG gate register (Weihao Li) - hwmon: (corsair-psu) Fix probe when built-in (Armin Wolf) - drm/exynos: fix a wrong error checking (Inki Dae) - drm/exynos: fix a potential error pointer dereference (Xiang Yang) - drm/amdgpu: Add NULL checks for function pointers (Lijo Lazar) - nvme: introduce helper function to get ctrl state (Keith Busch) - ASoC: ops: add correct range check for limiting volume (Srinivas Kandagatla) - ASoC: da7219: Support low DC impedance headset (David Rau) - net/tg3: fix race condition in tg3_reset_task() (Thinh Tran) - nouveau/tu102: flush all pdbs on vmm flush (Dave Airlie) - ASoC: rt5650: add mutex to avoid the jack detection failure (Shuming Fan) - ASoC: cs43130: Fix incorrect frame delay configuration (Maciej Strozek) - ASoC: cs43130: Fix the position of const qualifier (Maciej Strozek) - ASoC: Intel: Skylake: mem leak in skl register function (Kamil Duljas) - ASoC: nau8822: Fix incorrect type in assignment and cast to restricted __be16 (David Lin) - ASoC: Intel: Skylake: Fix mem leak in few functions (Kamil Duljas) - ASoC: wm8974: Correct boost mixer inputs (Charles Keepax) - nvme-core: check for too small lba shift (Keith Busch) - drm/amdgpu: Fix cat debugfs amdgpu_regs_didt causes kernel null pointer (Lu Yao) - debugfs: fix automount d_fsdata usage (Johannes Berg) - wifi: cfg80211: lock wiphy mutex for rfkill poll (Johannes Berg) - mptcp: fix uninit-value in mptcp_incoming_options (Edward Adam Davis) - ALSA: hda - Fix speaker and headset mic pin config for CHUWI CoreBook XPro (Vasiliy Kovalev) - pinctrl: lochnagar: Don't build on MIPS (Charles Keepax) - f2fs: explicitly null-terminate the xattr list (Eric Biggers) [5.15.0-205.147.1] - mm: avoid conflict between MADV_DOEXEC and upstream advice values (Anthony Yznaga) [Orabug: 36334308] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-2201 cpe:/a:oracle:linux:9::UEKR7 Oracle Linux 9 [3.21.0-9] - timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin) Resolves: RHEL-22792 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-0914 cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 - [5.14.0-362.24.1_3.OL9] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944] - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Disable unified kernel image package build - Add Oracle Linux IMA certificates [5.14.0-362.24.1_3] - RDMA/mlx5: Fix assigning access flags to cache mkeys (Mohammad Kabat) [RHEL-25242 RHEL-882] - drm/amdgpu: Fix potential fence use-after-free v2 (Jan Stancek) [RHEL-24501 RHEL-24504 RHEL-22506 RHEL-22507] {CVE-2023-51042} - ceph: defer stopping mdsc delayed_work (Xiubo Li) [RHEL-22256 RHEL-16415] - ceph: never send metrics if disable_send_metrics is set (Xiubo Li) [RHEL-22256 RHEL-16415] - ceph: don't let check_caps skip sending responses for revoke msgs (Xiubo Li) [RHEL-22256 RHEL-16415] - ceph: issue a cap release immediately if no cap exists (Xiubo Li) [RHEL-22256 RHEL-16415] - ceph: trigger to flush the buffer when making snapshot (Xiubo Li) [RHEL-22256 RHEL-16415] - ceph: fix blindly expanding the readahead windows (Xiubo Li) [RHEL-22256 RHEL-16415] - ceph: add a dedicated private data for netfs rreq (Xiubo Li) [RHEL-22256 RHEL-16415] - ceph: voluntarily drop Xx caps for requests those touch parent mtime (Xiubo Li) [RHEL-22256 RHEL-16415] - ceph: try to dump the msgs when decoding fails (Xiubo Li) [RHEL-22256 RHEL-16415] - ceph: only send metrics when the MDS rank is ready (Xiubo Li) [RHEL-22256 RHEL-16415] - x86/boot: Ignore NMIs during very early boot (Derek Barbosa) [RHEL-24449 RHEL-9380] - Documentation, mm/unaccepted: document accept_memory kernel parameter (Paolo Bonzini) [RHEL-20808 RHEL-10059] - proc/kcore: do not try to access unaccepted memory (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi/unaccepted: do not let /proc/vmcore try to access unaccepted memory (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/traps: Fix load_unaligned_zeropad() handling for shared TDX memory (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi/unaccepted: Fix off-by-one when checking for overlapping ranges (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/tdx: Zero out the missing RSI in TDX_HYPERCALL macro (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/kvm: Do not try to disable kvmclock if it was not enabled (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/tdx: Mark TSC reliable (Paolo Bonzini) [RHEL-20808 RHEL-10059] - RHEL: kABI fixup for struct zone (Paolo Bonzini) [RHEL-20808 RHEL-10059] - RHEL: introduce NR_VM_ZONE_STAT_ITEMS_ACTUAL for kABI-preserving zone stats (Paolo Bonzini) [RHEL-20808 RHEL-10059] - RHEL: 9.3 kABI fixup for struct efi (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/mm: Fix enc_status_change_finish_noop() (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/tdx: Fix race between set_memory_encrypted() and load_unaligned_zeropad() (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/mm: Allow guest.enc_status_change_prepare() to fail (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/coco: Mark cc_platform_has() and descendants noinstr (Paolo Bonzini) [RHEL-20808 RHEL-10059] - virt: sevguest: Add CONFIG_CRYPTO dependency (Paolo Bonzini) [RHEL-20808 RHEL-10059] - mm/page_alloc: make deferred page init free pages in MAX_ORDER blocks (Paolo Bonzini) [RHEL-20808 RHEL-10059] - mm/page_alloc: fix obsolete comment in deferred_pfn_valid() (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/sev: Change npages to unsigned long in snp_accept_memory() (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi/unaccepted: Fix soft lockups caused by parallel memory acceptance (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi/unaccepted: Make sure unaccepted table is mapped (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/efi: Safely enable unaccepted memory in UEFI (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/sev: Add SNP-specific unaccepted memory support (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/sev: Use large PSC requests if applicable (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/sev: Allow for use of the early boot GHCB for PSC requests (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/sev: Put PSC struct on the stack in prep for unaccepted memory support (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/sev: Fix calculation of end address based on number of pages (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/tdx: Wrap exit reason with hcall_func() (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/tdx: Add unaccepted memory support (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/tdx: Refactor try_accept_one() (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi/unaccepted: Avoid load_unaligned_zeropad() stepping into unaccepted memory (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi: Add unaccepted memory support (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/boot/compressed: Handle unaccepted memory (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi/unaccepted: Use ACPI reclaim memory for unaccepted memory table (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi/libstub: Implement support for unaccepted memory (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi/x86: Get full memory map in allocate_e820() (Paolo Bonzini) [RHEL-20808 RHEL-10059] - memblock tests: Fix compilation errors. (Paolo Bonzini) [RHEL-20808 RHEL-10059] - mm: Add support for unaccepted memory (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/boot: Centralize __pa()/__va() definitions (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/boot: Add an efi.h header for the decompressor (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/tdx: Make _tdx_hypercall() and __tdx_module_call() available in boot stub (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/tdx: Drop flags from __tdx_hypercall() (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/tdx: Disable NOTIFY_ENABLES (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/tdx: Relax SEPT_VE_DISABLE check for debug TD (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/tdx: Use ReportFatalError to report missing SEPT_VE_DISABLE (Paolo Bonzini) [RHEL-20808 RHEL-10059] - cpuidle, tdx: Make TDX code noinstr clean (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/tdx: Remove TDX_HCALL_ISSUE_STI (Paolo Bonzini) [RHEL-20808 RHEL-10059] - mm: add pageblock_aligned() macro (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi: memmap: Disregard bogus entries instead of returning them (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi: memmap: Move manipulation routines into x86 arch tree (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi: memmap: Move EFI fake memmap support into x86 arch tree (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi: libstub: install boot-time memory map as config table (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi: libstub: remove DT dependency from generic stub (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi: libstub: unify initrd loading between architectures (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi: libstub: remove pointless goto kludge (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi: libstub: simplify efi_get_memory_map() and struct efi_boot_memmap (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi: libstub: avoid efi_get_memory_map() for allocating the virt map (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi: libstub: drop pointless get_memory_map() call (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi/libstub: move efi_system_table global var into separate object (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi/x86: libstub: remove unused variable (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi: Correct comment on efi_memmap_alloc (Paolo Bonzini) [RHEL-20808 RHEL-10059] - drivers: fix typo in firmware/efi/memmap.c (Paolo Bonzini) [RHEL-20808 RHEL-10059] - netfilter: nf_tables: skip set commit for deleted/destroyed sets (Phil Sutter) [RHEL-20683 RHEL-20686 RHEL-20214 RHEL-20217] {CVE-2024-0193} - redhat: add missing -rt JIRAs (Jan Stancek) [5.14.0-362.23.1_3] - iommu/arm-smmu-v3: Fix soft lockup triggered by arm_smmu_mm_invalidate_range (Jerry Snitselaar) [RHEL-19382 RHEL-11590] - arm64/smmu: use TLBI ASID when invalidating entire range (Jerry Snitselaar) [RHEL-19382 RHEL-11590] - netfilter: nft_set_pipapo: skip inactive elements during set walk (Florian Westphal) [RHEL-20701 RHEL-20709 RHEL-19722 RHEL-19961] {CVE-2023-6817} - netfilter: nf_tables: split async and sync catchall in two functions (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: remove catchall element in GC sync path (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: expose opaque set element as struct nft_elem_priv (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: set backend .flush always succeeds (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nft_set_pipapo: no need to call pipapo_deactivate() from flush (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: work around newrule after chain binding (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: fix memleak when more than 255 elements expired (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: disable toggling dormant table state more than once (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: disallow element removal on anonymous sets (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: disallow rule removal from chain binding (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: defer gc run if previous batch is still pending (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: fix out of memory error handling (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: use correct lock to protect gc_list (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: GC transaction race with abort path (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: flush pending destroy work before netlink notifier (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nft_dynset: disallow object maps (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: GC transaction race with netns dismantle (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: don't fail inserts if duplicate has expired (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: deactivate catchall elements in next generation (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: fix kdoc warnings after gc rework (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: fix false-positive lockdep splat (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: remove busy mark and gc batch API (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nft_set_hash: mark set element as dead when deleting from packet path (Florian Westphal) [RHEL-22131 RHEL-22134 RHEL-1720 RHEL-1721] {CVE-2023-4244} - netfilter: nf_tables: adapt set backend to use GC transaction API (Florian Westphal) [RHEL-22131 RHEL-22134 RHEL-1720 RHEL-1721] {CVE-2023-4244} - netfilter: nft_set_rbtree: fix overlap expiration walk (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: GC transaction API to avoid race with control plane (Florian Westphal) [RHEL-22131 RHEL-22134 RHEL-1720 RHEL-1721] {CVE-2023-4244} - netfilter: nf_tables: don't skip expired elements during walk (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: skip bound chain in netns release path (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: fix spurious set element insertion failure (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: report use refcount overflow (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: fix underflow in chain reference counter (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: disallow timeout for anonymous sets (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: disallow updates of anonymous sets (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: reject unbound chain set before commit phase (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: reject unbound anonymous set before commit phase (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: disallow element updates of bound anonymous sets (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: fix underflow in object reference counter (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: drop map element references from preparation phase (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: validate variable length element extension (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nft_set_pipapo: .walk does not deal with generations (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: relax set/map validation checks (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: integrate pipapo into commit protocol (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: upfront validation of data via nft_data_init() (Florian Westphal) [RHEL-22131 RHEL-1720] - rbd: don't move requests to the running list on errors (Ilya Dryomov) [RHEL-23863 RHEL-21939] - ASoC: SOF: intel: hda: Clean up link DMA for IPC3 during stop (Jaroslav Kysela) [RHEL-24033 RHEL-13724] - platform/x86/intel-uncore-freq: Return error on write frequency (David Arcari) [RHEL-15751 2177013] - platform/x86: intel-uncore-freq: Add client processors (David Arcari) [RHEL-15751 2177013] - platform/x86: intel-uncore-freq: add Emerald Rapids support (David Arcari) [RHEL-15751 2177013] - platform/x86: intel-uncore-freq: Use sysfs_emit() to instead of scnprintf() (David Arcari) [RHEL-15751 2177013] - platform/x86: intel-uncore-freq: Prevent driver loading in guests (David Arcari) [RHEL-15751 2177013] - platform/x86: intel-uncore-freq: fix uncore_freq_common_init() error codes (David Arcari) [RHEL-15751 2177013] - Documentation: admin-guide: pm: Document uncore frequency scaling (David Arcari) [RHEL-15751 2177013] - platform/x86/intel-uncore-freq: Split common and enumeration part (David Arcari) [RHEL-15751 2177013] - platform/x86/intel/uncore-freq: Display uncore current frequency (David Arcari) [RHEL-15751 2177013] - platform/x86/intel/uncore-freq: Use sysfs API to create attributes (David Arcari) [RHEL-15751 2177013] - platform/x86/intel/uncore-freq: Move to uncore-frequency folder (David Arcari) [RHEL-15751 2177013] - platform/x86: intel-uncore-frequency: use default_groups in kobj_type (David Arcari) [RHEL-15751 2177013] - platform/x86: intel-uncore-frequency: Move to intel sub-directory (David Arcari) [RHEL-15751 2177013] - Revert 'platform/x86: intel-uncore-freq: add Emerald Rapids support' (David Arcari) [RHEL-15751 2177013] - iommu/iova: Manage the depot list size (Jay Shin) [RHEL-21517 RHEL-11148] - iommu/iova: Make the rcache depot scale better (Jay Shin) [RHEL-21517 RHEL-11148] - drm/amd/pm: Fix error of MACO flag setting code (Michel Danzer) [RHEL-16741 RHEL-16742 RHEL-14571 RHEL-15927] - drm/amd: Fix detection of _PR3 on the PCIe root port (Michel Danzer) [RHEL-16741 RHEL-16742 RHEL-14571 RHEL-15927] [5.14.0-362.22.1_3] - usb: typec: ucsi: Use GET_CAPABILITY attributes data to set power supply scope (Desnes Nunes) [RHEL-21838 RHEL-14573] - KVM: SVM: Do not use user return MSR support for virtualized TSC_AUX (Paolo Bonzini) [RHEL-20415 RHEL-16384] - KVM: SVM: Fix TSC_AUX virtualization setup (Paolo Bonzini) [RHEL-20415 RHEL-16384] - KVM: SVM: INTERCEPT_RDTSCP is never intercepted anyway (Paolo Bonzini) [RHEL-20415 RHEL-16384] - net: tls, update curr on splice as well (Sabrina Dubroca) [RHEL-22094 RHEL-22097 RHEL-19066 RHEL-19067] {CVE-2024-0646} - smb: client: fix OOB in smbCalcSize() (Scott Mayhew) [RHEL-21664 RHEL-21669 RHEL-18992 RHEL-18993] {CVE-2023-6606} - NFSv4.1: fixup use EXCHGID4_FLAG_USE_PNFS_DS for DS server (Jeffrey Layton) [RHEL-22284 RHEL-7936] - NFSv4.1: fix zero value filehandle in post open getattr (Jeffrey Layton) [RHEL-22284 RHEL-7936] - NFSv4.1: fix pnfs MDS=DS session trunking (Jeffrey Layton) [RHEL-22284 RHEL-7936] - NFSv4.1: use EXCHGID4_FLAG_USE_PNFS_DS for DS server (Jeffrey Layton) [RHEL-22284 RHEL-7936] - nvmet-tcp: Fix the H2C expected PDU len calculation (Maurizio Lombardi) [RHEL-22290 RHEL-22292 RHEL-22627 RHEL-22629 RHEL-22632 RHEL-22636 RHEL-19150 RHEL-19153 RHEL-19156 RHEL-19159 RHEL-19162 RHEL-19165] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536} - nvmet-tcp: remove boilerplate code (Maurizio Lombardi) [RHEL-22290 RHEL-22292 RHEL-22627 RHEL-22629 RHEL-22632 RHEL-22636 RHEL-19150 RHEL-19153 RHEL-19156 RHEL-19159 RHEL-19162 RHEL-19165] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536} - nvmet-tcp: fix a crash in nvmet_req_complete() (Maurizio Lombardi) [RHEL-22290 RHEL-22292 RHEL-22627 RHEL-22629 RHEL-22632 RHEL-22636 RHEL-19150 RHEL-19153 RHEL-19156 RHEL-19159 RHEL-19162 RHEL-19165] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536} - nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length (Maurizio Lombardi) [RHEL-22290 RHEL-22292 RHEL-22627 RHEL-22629 RHEL-22632 RHEL-22636 RHEL-19150 RHEL-19153 RHEL-19156 RHEL-19159 RHEL-19162 RHEL-19165] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536} - ice: dpll: fix phase offset value (Petr Oros) [RHEL-17652 RHEL-15789] - dpll: netlink/core: change pin frequency set behavior (Petr Oros) [RHEL-17652 RHEL-15789] - ice: dpll: implement phase related callbacks (Petr Oros) [RHEL-17652 RHEL-15789] - dpll: netlink/core: add support for pin-dpll signal phase offset/adjust (Petr Oros) [RHEL-17652 RHEL-15789] - dpll: spec: add support for pin-dpll signal phase offset/adjust (Petr Oros) [RHEL-17652 RHEL-15789] - dpll: docs: add support for pin signal phase offset/adjust (Petr Oros) [RHEL-17652 RHEL-15789] - netlink: specs: remove redundant type keys from attributes in subsets (Petr Oros) [RHEL-17652 RHEL-15789] - md/raid6: use valid sector values to determine if an I/O should wait on the reshape (Nigel Croxon) [RHEL-20933 RHEL-17276] [5.14.0-362.21.1_3] - x86/microcode: do not cache microcode if it will not be used (Paolo Bonzini) [RHEL-21567 RHEL-16225] - x86/hyperv: Move the code in ivm.c around to avoid unnecessary ifdef's (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Remove hv_isolation_type_en_snp (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Use TDX GHCI to access some MSRs in a TDX VM with the paravisor (Vitaly Kuznetsov) [RHEL-21441 2176350] - Drivers: hv: vmbus: Bring the post_msg_page back for TDX VMs with the paravisor (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Introduce a global variable hyperv_paravisor_present (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Add missing 'inline' to hv_snp_boot_ap() stub (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Mark hv_ghcb_terminate() as noreturn (Vitaly Kuznetsov) [RHEL-21441 2176350] - Drivers: hv: vmbus: Support >64 VPs for a fully enlightened TDX/SNP VM (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Fix serial console interrupts for fully enlightened TDX guests (Vitaly Kuznetsov) [RHEL-21441 2176350] - Drivers: hv: vmbus: Support fully enlightened TDX guests (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Support hypercalls for fully enlightened TDX guests (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Add hv_isolation_type_tdx() to detect TDX guests (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Fix undefined reference to isolation_type_en_snp without CONFIG_HYPERV (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Add hyperv-specific handling for VMMCALL under SEV-ES (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Add smp support for SEV-SNP guest (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Add VTL specific structs and hypercalls (Vitaly Kuznetsov) [RHEL-21441 2176350] - clocksource: hyper-v: Mark hyperv tsc page unencrypted in sev-snp enlightened guest (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Use vmmcall to implement Hyper-V hypercall in sev-snp enlightened guest (Vitaly Kuznetsov) [RHEL-21441 2176350] - drivers: hv: Mark percpu hvcall input arg page unencrypted in SEV-SNP enlightened guest (Vitaly Kuznetsov) [RHEL-21441 2176350] - Drivers: hv: vmbus: Remove the per-CPU post_msg_page (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Mark Hyper-V vp assist page unencrypted in SEV-SNP enlightened guest (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Set Virtual Trust Level in VMBus init message (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Add sev-snp enlightened guest static key (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/tdx: Do not corrupt frame-pointer in __tdx_hypercall() (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/tdx: Expand __tdx_hypercall() to handle more arguments (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/tdx: Refactor __tdx_hypercall() to allow pass down more arguments (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/tdx: Add more registers to struct tdx_hypercall_args (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/tdx: Fix typo in comment in __tdx_hypercall() (Vitaly Kuznetsov) [RHEL-21441 2176350] - blk-mq: don't count completed flush data request as inflight in case of quiesce (Ming Lei) [RHEL-19105 RHEL-18054] - NFS: Use parent's objective cred in nfs_access_login_time() (Jay Shin) [RHEL-22147 RHEL-16024] - s390/qeth: Don't call dev_close/dev_open (DOWN/UP) (Tobias Huschle) [RHEL-17887 RHEL-2412] - smb: client: fix potential OOB in smb2_dump_detail() (Scott Mayhew) [RHEL-19146 RHEL-21679 RHEL-19147 RHEL-21677] {CVE-2023-6610} - smb: client: fix potential OOB in cifs_dump_detail() (Scott Mayhew) [RHEL-19146 RHEL-21679 RHEL-19147 RHEL-21677] {CVE-2023-6610} - x86/sev: Do not handle #VC for DR7 read/write (Paolo Bonzini) [RHEL-21885 RHEL-15069] - x86/sev: Use the GHCB protocol when available for SNP CPUID requests (Paolo Bonzini) [RHEL-21885 RHEL-15069] [5.14.0-362.20.1_3] - s390/dasd: print copy pair message only for the correct error (Tobias Huschle) [RHEL-11980 RHEL-2833] - x86/microcode/AMD: Rip out static buffers (David Arcari) [RHEL-14590 RHEL-10030] - x86/microcode/AMD: Load late on both threads too (David Arcari) [RHEL-14590 RHEL-10030] - x86/microcode/amd: Remove unneeded pointer arithmetic (David Arcari) [RHEL-14590 RHEL-10030] - x86/microcode/AMD: Get rid of __find_equiv_id() (David Arcari) [RHEL-14590 RHEL-10030] - docs: move x86 documentation into Documentation/arch/ (David Arcari) [RHEL-14590 RHEL-10030] - x86/microcode/AMD: Handle multiple glued containers properly (David Arcari) [RHEL-14590 RHEL-10030] - mm: Fix copy_from_user_nofault(). (Waiman Long) [RHEL-18946 RHEL-18440] - redhat: rewrite genlog and support Y- tags (Jan Stancek) [5.14.0-362.19.1_3] - redhat: fix kernel changelog entry for RHEL-16560 (Jan Stancek) - perf/core: Fix potential NULL deref (Wander Lairson Costa) [RHEL-18087 RHEL-18088 RHEL-14984 RHEL-14985] {CVE-2023-5717} - perf: Disallow mis-matched inherited group reads (Wander Lairson Costa) [RHEL-18087 RHEL-18088 RHEL-14984 RHEL-14985] {CVE-2023-5717} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-0646 CVE-2023-6356 CVE-2023-6606 CVE-2023-5717 CVE-2023-4244 CVE-2023-6610 CVE-2023-6817 CVE-2024-0193 CVE-2023-6535 CVE-2023-6536 CVE-2023-51042 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [- 7.0.117-1.0.1] - Update to .NET SDK 7.0.117 and Runtime 7.0.17 - Port revert 'Disable implicit rejection for RSA PKCS#1 (#95217)' patch [- 7.0.116-1.0.1] - Update to .NET SDK 7.0.116 and Runtime 7.0.16 * Tue Jan 16 2024 Lukas Lipinsky - 7.0.115-1.0.1 - Update to .NET SDK 7.0.115 and Runtime 7.0.15 [7.0.114-1.0.1] - Update to .NET SDK 7.0.114 and Runtime 7.0.14 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-21392 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [- 8.0.103-2.0.1] - Update to .NET SDK 8.0.103 and Runtime 8.0.3 - Disable checking the signature of the last certificate in a chain if the certificate is supposedly self-signed. - Resolves: RHEL-25254 - Backport MSBuild locale fix - Resolves: RHEL-23936 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-21392 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [2.85-14.1] - Fix CVE 2023-50387 and CVE 2023-50868 - Resolves: RHEL-25674 - Resolves: RHEL-25638 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-50387 CVE-2023-50868 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [7:5.5-6.0.1.8] - Rebuild with release bump [7:5.5-6.8] - Resolves: RHEL-19555 - squid: denial of service in HTTP request parsing (CVE-2023-50269) [7:5.5-6.7] - Resolves: RHEL-28614 - squid: Denial of Service in HTTP Chunked Decoding (CVE-2024-25111) [7:5.5-6.6] - Resolves: RHEL-26091 - squid: denial of service in HTTP header parser (CVE-2024-25617) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-50269 CVE-2024-25111 CVE-2024-25617 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1:7.1.8.1-12.0.1] - Replace colors with Oracle colors [Orabug: 32120093] - Added the --with-hamcrest option to configure. [1:7.1.8.1-12] - Fix CVE-2023-6185 escape url passed to gstreamer - Fix CVE-2023-6186 check link target protocols IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-6186 CVE-2023-6185 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [42.2.28-1] - rebase to 42.2.28 - fix for CVE-2024-1597 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1597 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1:16.20.2-4.0.1] - reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks Resolves: CVE-2024-22019 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-22019 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1.20.12-2] - Fix CVE-2024-1394 - Resolves: RHEL-27189 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1394 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [115.9.1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding OpenELA file [115.9.1] - Add debranding patches (Mustafa Gezen) - Add OpenELA default preferences (Louis Abel) [115.9.1-1] - Update to 115.9.1 [115.9.0-2] - Update to 115.9.0 build2 [115.9.0-1] - Update to 115.9.0 build1 - Fix expat CVE-2023-52425 CRITICAL Copyright 2024 Oracle, Inc. CVE-2024-2616 CVE-2024-2611 CVE-2024-29944 CVE-2024-2612 CVE-2024-2614 CVE-2024-2608 CVE-2023-5388 CVE-2024-2607 CVE-2024-0743 CVE-2024-2610 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [115.9.0-1.0.1] - Add Oracle prefs [115.9.0-1] - Update to 115.9.0 build1 - Fix expat CVE-2023-52425 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-2611 CVE-2024-2612 CVE-2024-2607 CVE-2024-2610 CVE-2023-5388 CVE-2024-1936 CVE-2024-2608 CVE-2024-0743 CVE-2024-2614 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [9.2.10-8] - Rebuild with latest version of golang - resolve RHEL-24313 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1394 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [5.1.1-2] - Rebuild with latest version of golang - resolves CVE-CVE-2024-1394 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1394 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 nodejs [1:18.19.1-1] - Rebase to version 18.19.1 - Fixes: CVE-2024-21892 CVE-2024-22019 (high) - Fixes: CVE-2023-46809 (medium) nodejs-nodemon nodejs-packaging IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-46809 CVE-2024-22019 CVE-2024-21892 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [2.5.0-1.1] - CVE-2023-52425: Fix parsing of large tokens - CVE-2024-28757: Reject direct parameter entity recursion - Resolves: RHEL-29698 - Resolves: RHEL-29695 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-52425 CVE-2024-28757 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 ruby [3.1.4-143] - Upgrade to Ruby 3.1.4. Resolves: RHEL-5586 - Fix HTTP response splitting in CGI. Resolves: RHEL-5591 - Fix ReDos vulnerability in URI. Resolves: RHEL-28919 Resolves: RHEL-5612 - Fix ReDos vulnerability in Time. Resolves: RHEL-28920 - Make RDoc soft dependency in IRB. Resolves: RHEL-5613 [3.1.2-142] - Bypass git submodule test failure on Git >= 2.38.1. - Fix tests with Europe/Amsterdam pre-1970 time on tzdata version 2022b. - Fix for tzdata-2022g. - Fix OpenSSL.fips_mode and OpenSSL::PKey.read in OpenSSL 3 FIPS. Resolves: RHEL-5590 - ssl: use ffdhe2048 from RFC 7919 as the default DH group parameters Related: RHEL-5590 - Disable fiddle tests that use FFI closures. Related: RHEL-5590 rubygem-mysql2 [0.5.4-1] - New upstream release 0.5.4 by merging Fedora rawhide branch (commit: e21b5b9) Resolves: rhbz#2063773 [0.5.3-1] - New upstream release 0.5.3 by merging Fedora master branch (commit: 674d475) Resolves: rhbz#1817135 rubygem-pg [1.3.5-1] - Update to pg 1.3.5 Related: rhbz#2063773 [1.2.3-1] - Update to pg 1.2.3 by merging Fedora master branch (commit: 5db4d26) Resolves: rhbz#1817135 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-28755 CVE-2023-28756 CVE-2023-36617 CVE-2021-33621 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 nodejs [1:20.11.1-1] - Rebase to version 20.11.1 - Fixes: CVE-2024-21892 CVE-2024-21896 CVE-2024-22017 CVE-2024-22019 (high) - Fixes: CVE-2023-46809 CVE-2024-21890 CVE-2024-21891 (medium) nodejs-nodemon nodejs-packaging IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-46809 CVE-2024-21896 CVE-2024-21890 CVE-2024-22017 CVE-2024-22019 CVE-2024-21892 CVE-2024-21891 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [590-3] - Fix CVE-2022-48624 - Resolves: RHEL-26265 MODERATE Copyright 2024 Oracle, Inc. CVE-2022-48624 cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9::baseos_latest