Oracle Errata System Oracle Linux 5.11 2024-11-11T20:55:13 Oracle Linux 9 [3.0.1-43.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.1-43] - CVE-2022-3602: X.509 Email Address Buffer Overflow - running tests Resolves: CVE-2022-3602 [1:3.0.1-42] - CVE-2022-3602: X.509 Email Address Buffer Overflow Resolves: CVE-2022-3602 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-3786 CVE-2022-3602 cpe:/a:oracle:linux:9::userspace_ksplice Oracle Linux 9 [0.11.3-4] - Fixed ruby socket permissions - Resolves: rhbz#2116841 [0.11.3-3] - Fixed booth ticket mode value case insensitive - Fixed booth sync check whether /etc/booth exists - Resolves: rhbz#2026725 rhbz#2058243 [0.11.3-2] - Fixed 'pcs resource restart' traceback - Resolves: rhbz#2102663 [0.11.3-1] - Rebased to latest upstream sources (see CHANGELOG.md) - Updated pcs-web-ui - Updated bundled rubygems: rack - Resolves: rhbz#2059122 rhbz#2059177 rhbz#2059501 rhbz#2095695 rhbz#2096886 rhbz#2097730 rhbz#2097731 rhbz#2097732 rhbz#2097733 rhbz#2097778 [0.11.2-1] - Rebased to latest upstream sources (see CHANGELOG.md) - Updated pcs-web-ui - Updated bundled rubygems: backports, daemons, ethon ffi, ruby2_keywords, thin - Stopped bundling rubygem-rexml (use distribution package instead) - Resolves: rhbz#1301204 rhbz#2024522 rhbz#2026725 rhbz#2029844 rhbz#2039884 rhbz#2053177 rhbz#2054671 rhbz#2058243 rhbz#2058246 rhbz#2058247 rhbz#2058251 rhbz#2058252 rhbz#2059142 rhbz#2059145 rhbz#2059148 rhbz#2059149 rhbz#2059501 rhbz#2064818 rhbz#2068457 rhbz#2076585 [0.11.1-11] - Updated bundled rubygems: sinatra, rack-protection - Resolves: rhbz#2081334 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1049 cpe:/a:oracle:linux:9::addons Oracle Linux 8 Oracle Linux 9 [5.15.0-4.70.5.2] - Revert 'sched: Remove the limitation of WF_ON_CPU on wakelist if wakee cpu is idle' (Samasth Norway Ananda) [Orabug: 34783367] [5.15.0-4.70.5.1] - NFSv4: Fixes for nfs4_inode_return_delegation() (Trond Myklebust) [Orabug: 34751176] [5.15.0-4.70.5] - uek: kabi: update kABI files for new symbols (Saeed Mirzamohammadi) [Orabug: 34595591] - Revert 'scsi: lpfc: SLI path split: Refactor lpfc_iocbq' (John Donnelly) [Orabug: 34678989] - Revert 'scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4' (John Donnelly) [Orabug: 34678989] - Revert 'scsi: lpfc: SLI path split: Refactor SCSI paths' (John Donnelly) [Orabug: 34678989] - Revert 'scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID' (John Donnelly) [Orabug: 34678989] - Revert 'scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup()' (John Donnelly) [Orabug: 34678989] - Revert 'scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4()' (John Donnelly) [Orabug: 34678989] - Revert 'scsi: lpfc: Resolve some cleanup issues following SLI path refactoring' (John Donnelly) [Orabug: 34678989] - Revert 'scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input' (John Donnelly) [Orabug: 34678989] - Revert 'scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE' (John Donnelly) [Orabug: 34678989] - RDS/IB Fix allocation warning (Hans Westgaard Ry) [Orabug: 34684321] - fs: remove no_llseek (Jason A. Donenfeld) [Orabug: 34705082] - vfio: do not set FMODE_LSEEK flag (Jason A. Donenfeld) [Orabug: 34705082] - dma-buf: remove useless FMODE_LSEEK flag (Jason A. Donenfeld) [Orabug: 34705082] - fs: do not compare against ->llseek (Jason A. Donenfeld) [Orabug: 34705082] - fs: clear or set FMODE_LSEEK based on llseek function (Jason A. Donenfeld) [Orabug: 34705082] - hwmon: (opbmc) AST2600 SP reset driver adjustment (Jan Zdarek) [Orabug: 34710681] - hwmon: (opbmc) Driver message prefixes (Jan Zdarek) [Orabug: 34710681] - NFSD: fix use-after-free on source server when doing inter-server copy (Dai Ngo) [Orabug: 34716070] [5.15.0-4.70.4] - xen/ovmapi: Build OVM guest messaging driver (Jonah Palmer) [Orabug: 34512197] - net/rds: Send congestion map updates only via path zero (Anand Khoje) [Orabug: 34578048] - Revert 'RDS/IB: Fix RDS IB SRQ implementation and tune it' (Hans Westgaard Ry) [Orabug: 34662659] - RDMA/cma: Use output interface for net_dev check (Hakon Bugge) [Orabug: 34694979] - crypto: qat - add support for 401xx devices (Giovanni Cabiddu) [Orabug: 34686738] [5.15.0-4.70.3] - Revert 'Makefile: link with -z noexecstack --no-warn-rwx-segments' (Jack Vogel) - Revert 'x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments' (Jack Vogel) [5.15.0-4.70.2] - LTS version: v5.15.70 (Jack Vogel) - ALSA: hda/sigmatel: Fix unused variable warning for beep power change (Takashi Iwai) - KVM: SEV: add cache flush to solve SEV cache incoherency issues (Mingwei Zhang) - net: Find dst with sk's xfrm policy not ctl_sk (sewookseo) - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (Hyunwoo Kim) - mksysmap: Fix the mismatch of 'L0' symbols in System.map (Youling Tang) - drm/panfrost: devfreq: set opp to the recommended one to configure regulator (Clement Peron) - MIPS: OCTEON: irq: Fix octeon_irq_force_ciu_mapping() (Alexander Sverdlin) - afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked (David Howells) - net: usb: qmi_wwan: add Quectel RM520N (jerry.meng) - ALSA: hda/tegra: Align BDL entry to 4KB boundary (Mohan Kumar) - ALSA: hda/sigmatel: Keep power up while beep is enabled (Takashi Iwai) - wifi: mac80211_hwsim: check length for virtio packets (Soenke Huster) - rxrpc: Fix calc of resend age (David Howells) - rxrpc: Fix local destruction being repeated (David Howells) - scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (Hannes Reinecke) - regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (Xiaolei Wang) - ASoC: nau8824: Fix semaphore unbalance at error paths (Takashi Iwai) - arm64: dts: juno: Add missing MHU secure-irq (Jassi Brar) - video: fbdev: i740fb: Error out if 'pixclock' equals zero (Zheyu Ma) - binder: remove inaccurate mmap_assert_locked() (Carlos Llamas) - drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega (Alex Deucher) - drm/amdgpu: move nbio ih_doorbell_range() into ih code for vega (Alex Deucher) - drm/amdgpu: Don't enable LTR if not supported (Lijo Lazar) for parisc and xtensa (Ben Hutchings) - parisc: Allow CONFIG_64BIT with ARCH=parisc (Helge Deller) - cifs: always initialize struct msghdr smb_msg completely (Stefan Metzmacher) - cifs: don't send down the destination address to sendmsg for a SOCK_STREAM (Stefan Metzmacher) - cifs: revalidate mapping when doing direct writes (Ronnie Sahlberg) - of/device: Fix up of_dma_configure_id() stub (Thierry Reding) - parisc: ccio-dma: Add missing iounmap in error path in ccio_probe() (Yang Yingliang) - block: blk_queue_enter() / __bio_queue_enter() must return -EAGAIN for nowait (Stefan Roesch) - drm/meson: Fix OSD1 RGB to YCbCr coefficient (Stuart Menefy) - drm/meson: Correct OSD1 global alpha value (Stuart Menefy) - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (Pali Rohar) - NFSv4: Turn off open-by-filehandle and NFS re-export for NFSv4.0 (Trond Myklebust) - pinctrl: sunxi: Fix name for A100 R_PIO (Michael Wu) - pinctrl: rockchip: Enhance support for IRQ_TYPE_EDGE_BOTH (Joao H. Spies) - pinctrl: qcom: sc8180x: Fix wrong pin numbers (Molly Sophia) - pinctrl: qcom: sc8180x: Fix gpio_wakeirq_map (Molly Sophia) - of: fdt: fix off-by-one error in unflatten_dt_nodes() (Sergey Shtylyov) - tty: serial: atmel: Preserve previous USART mode if RS485 disabled (Sergiu Moga) - serial: atmel: remove redundant assignment in rs485_config (Lino Sanfilippo) - drm/tegra: vic: Fix build warning when CONFIG_PM=n (YueHaibing) - LTS version: v5.15.69 (Jack Vogel) - Input: goodix - add compatible string for GT1158 (Jarrah Gosbell) - RDMA/irdma: Use s/g array in post send only when its valid (Sindhu-Devale) - usb: gadget: f_uac2: fix superspeed transfer (Jing Leng) - usb: gadget: f_uac2: clean up some inconsistent indenting (Colin Ian King) - soc: fsl: select FSL_GUTS driver for DPIO (Mathew McBride) - mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region() (Jann Horn) to IGNORE_UAS (Hu Xiaoying) - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (Hans de Goede) - perf/arm_pmu_platform: fix tests for platform_get_irq() failure (Yu Zhe) - net: dsa: hellcreek: Print warning only once (Kurt Kanzenbach) - drm/amd/amdgpu: skip ucode loading if ucode_size == 0 (Chengming Gui) - nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() (Maurizio Lombardi) - Input: iforce - add support for Boeder Force Feedback Wheel (Greg Tulli) - ieee802154: cc2520: add rc code in cc2520_tx() (Li Qiong) - gpio: mockup: remove gpio debugfs when remove device (Wei Yongjun) - tg3: Disable tg3 device on system reboot to avoid triggering AER (Kai-Heng Feng) - hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (Even Xu) - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (Jason Wang) - dt-bindings: iio: gyroscope: bosch,bmg160: correct number of pins (Krzysztof Kozlowski) - drm/msm/rd: Fix FIFO-full deadlock (Rob Clark) - platform/surface: aggregator_registry: Add support for Surface Laptop Go 2 (Maximilian Luz) - Input: goodix - add support for GT1158 (Ondrej Jirman) - iommu/vt-d: Fix kdump kernels boot failure with scalable mode (Lu Baolu) - tracefs: Only clobber mode/uid/gid on remount if asked (Brian Norris) - tracing: hold caller_addr to hardirq_{enable,disable}_ip (Yipeng Zou) - task_stack, x86/cea: Force-inline stack helpers (Borislav Petkov) - x86/mm: Force-inline __phys_addr_nodebug() (Borislav Petkov) - lockdep: Fix -Wunused-parameter for _THIS_IP_ (Nick Desaulniers) - ARM: dts: at91: sama7g5ek: specify proper regulator output ranges (Claudiu Beznea) - ARM: dts: at91: fix low limit for CPU regulator (Claudiu Beznea) - ARM: dts: imx6qdl-kontron-samx6i: fix spi-flash compatible (Marco Felsch) - ARM: dts: imx: align SPI NOR node name with dtschema (Krzysztof Kozlowski) - ACPI: resource: skip IRQ override on AMD Zen platforms (Chuanhong Guo) - NFS: Fix WARN_ON due to unionization of nfs_inode.nrequests (Dave Wysochanski) - LTS version: v5.15.68 (Jack Vogel) - ARM: at91: ddr: remove CONFIG_SOC_SAMA7 dependency (Claudiu Beznea) - perf machine: Use path__join() to compose a path instead of snprintf(dir, '/', filename) (Arnaldo Carvalho de Melo) - drm/bridge: display-connector: implement bus fmts callbacks (Neil Armstrong) - arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly (Ionela Voinescu) - iommu/vt-d: Correctly calculate sagaw value of IOMMU (Lu Baolu) - arm64/bti: Disable in kernel BTI when cross section thunks are broken (Mark Brown) - Revert 'arm64: kasan: Revert 'arm64: mte: reset the page tag in page->flags'' (Sasha Levin) - hwmon: (mr75203) enable polling for all VM channels (Eliav Farber) - hwmon: (mr75203) fix multi-channel voltage reading (Eliav Farber) - hwmon: (mr75203) fix voltage equation for negative source input (Eliav Farber) - hwmon: (mr75203) update pvt->v_num and vm_num to the actual number of used sensors (Eliav Farber) - hwmon: (mr75203) fix VM sensor allocation when 'intel,vm-map' not defined (Eliav Farber) - s390/boot: fix absolute zero lowcore corruption on boot (Alexander Gordeev) - iommu/amd: use full 64-bit value in build_completion_wait() (John Sperbeck) - swiotlb: avoid potential left shift overflow (Chao Gao) - i40e: Fix ADQ rate limiting for PF (Przemyslaw Patynowski) - i40e: Refactor tc mqprio checks (Przemyslaw Patynowski) - kbuild: disable header exports for UML in a straightforward way (Masahiro Yamada) - MIPS: loongson32: ls1c: Fix hang during startup (Yang Ling) - ASoC: mchp-spdiftx: Fix clang -Wbitfield-constant-conversion (Nathan Chancellor) - ASoC: mchp-spdiftx: remove references to mchp_i2s_caps (Claudiu Beznea) - hwmon: (tps23861) fix byte order in resistance register (Alexandru Gagniuc) - perf script: Fix Cannot print 'iregs' field for hybrid systems (Zhengjun Xing) - sch_sfb: Also store skb len before calling child enqueue (Toke Hoiland-Jorgensen) - RDMA/irdma: Report RNR NAK generation in device caps (Sindhu-Devale) - RDMA/irdma: Return correct WC error for bind operation failure (Sindhu-Devale) - RDMA/irdma: Report the correct max cqes from query device (Sindhu-Devale) - nvmet: fix mar and mor off-by-one errors (Dennis Maisenbacher) - tcp: fix early ETIMEDOUT after spurious non-SACK RTO (Neal Cardwell) - nvme-tcp: fix regression that causes sporadic requests to time out (Sagi Grimberg) - nvme-tcp: fix UAF when detecting digest errors (Sagi Grimberg) - erofs: fix pcluster use-after-free on UP platforms (Gao Xiang) - RDMA/mlx5: Set local port to one when accessing counters (Chris Mi) - IB/core: Fix a nested dead lock as part of ODP flow (Yishai Hadas) - ipv6: sr: fix out-of-bounds read when setting HMAC data. (David Lebrun) - RDMA/siw: Pass a pointer to virt_to_page() (Linus Walleij) - xen-netback: only remove 'hotplug-status' when the vif is actually destroyed (Paul Durrant) - iavf: Detach device during reset task (Ivan Vecera) - i40e: Fix kernel crash during module removal (Ivan Vecera) - ice: use bitmap_free instead of devm_kfree (Michal Swiatkowski) - tcp: TX zerocopy should not sense pfmemalloc status (Eric Dumazet) - net: introduce __skb_fill_page_desc_noacc (Pavel Begunkov) - tipc: fix shift wrapping bug in map_get() (Dan Carpenter) - sch_sfb: Don't assume the skb is still around after enqueueing to child (Toke Hoiland-Jorgensen) - Revert 'net: phy: meson-gxl: improve link-up behavior' (Heiner Kallweit) - afs: Use the operation issue time instead of the reply time for callbacks (David Howells) - rxrpc: Fix an insufficiently large sglist in rxkad_verify_packet_2() (David Howells) - rxrpc: Fix ICMP/ICMP6 error handling (David Howells) - ALSA: usb-audio: Register card again for iface over delayed_register option (Takashi Iwai) - ALSA: usb-audio: Inform the delayed registration more properly (Takashi Iwai) - RDMA/srp: Set scmnd->result only when scmnd is not NULL (yangx.jy@fujitsu.com) - netfilter: nf_conntrack_irc: Fix forged IP logic (David Leadbeater) - netfilter: nf_tables: clean up hook list when offload flags check fails (Pablo Neira Ayuso) - netfilter: br_netfilter: Drop dst references before setting. (Harsh Modi) - ARM: dts: at91: sama5d2_icp: don't keep vdd_other enabled all the time (Claudiu Beznea) - ARM: dts: at91: sama5d27_wlsom1: don't keep ldo2 enabled all the time (Claudiu Beznea) - ARM: dts: at91: sama5d2_icp: specify proper regulator output ranges (Claudiu Beznea) - ARM: dts: at91: sama5d27_wlsom1: specify proper regulator output ranges (Claudiu Beznea) - ARM: at91: pm: fix DDR recalibration when resuming from backup and self-refresh (Claudiu Beznea) - ARM: at91: pm: fix self-refresh for sama7g5 (Claudiu Beznea) - wifi: wilc1000: fix DMA on stack objects (Ajay.Kathat@microchip.com) - RDMA/hns: Fix wrong fixed value of qp->rq.wqe_shift (Wenpeng Liang) - RDMA/hns: Fix supported page size (Chengchang Tang) - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs (Liang He) - RDMA/cma: Fix arguments order in net device validation (Michael Guralnik) - tee: fix compiler warning in tee_shm_register() (Jens Wiklander) - regulator: core: Clean up on enable failure (Andrew Halaney) - soc: imx: gpcv2: Assert reset before ungating clock (Marek Vasut) - ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node (Marco Felsch) - RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (Jack Wang) - RDMA/rtrs-clt: Use the right sg_cnt after ib_dma_map_sg (Jack Wang) - ASoC: qcom: sm8250: add missing module owner (Srinivas Kandagatla) - cgroup: Elide write-locking threadgroup_rwsem when updating csses on an empty subtree (Tejun Heo) - NFS: Fix another fsync() issue after a server reboot (Trond Myklebust) - NFS: Save some space in the inode (Trond Myklebust) - NFS: Further optimisations for 'ls -l' (Trond Myklebust) - scsi: lpfc: Add missing destroy_workqueue() in error path (Yang Yingliang) - scsi: mpt3sas: Fix use-after-free warning (Sreekanth Reddy) - drm/i915: Implement WaEdpLinkRateDataReload (Ville Syrjala) - nvmet: fix a use-after-free (Bart Van Assche) - drm/amd/display: fix memory leak when using debugfs_lookup() (Greg Kroah-Hartman) - sched/debug: fix dentry leak in update_sched_domain_debugfs (Greg Kroah-Hartman) - debugfs: add debugfs_lookup_and_remove() (Greg Kroah-Hartman) - kprobes: Prohibit probes in gate area (Christian A. Ehrhardt) - vfio/type1: Unpin zero pages (Alex Williamson) - btrfs: zoned: set pseudo max append zone limit in zone emulation mode (Shin'ichiro Kawasaki) - tracing: Fix to check event_mutex is held while accessing trigger list (Masami Hiramatsu (Google)) - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (Dongxiang Ke) - ALSA: usb-audio: Split endpoint setups for hw_params and prepare (Takashi Iwai) - ALSA: aloop: Fix random zeros in capture data when using jiffies timer (Pattara Teerapong) - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (Tasos Sahanidis) - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (Takashi Iwai) - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (Qu Huang) - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (Yang Yingliang) - fbdev: fbcon: Destroy mutex on freeing struct fb_info (Shigeru Yoshida) - md: Flush workqueue md_rdev_misc_wq in md_alloc() (David Sloan) - net/core/skbuff: Check the return value of skb_copy_bits() (lily) - cpufreq: check only freq_table in __resolve_freq() (Lukasz Luba) - netfilter: conntrack: work around exceeded receive window (Florian Westphal) - arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level (Sudeep Holla) - parisc: Add runtime check to prevent PA2.0 kernels on PA1.x machines (Helge Deller) - parisc: ccio-dma: Handle kmalloc failure in ccio_init_resources() (Li Qiong) - Revert 'parisc: Show error if wrong 32/64-bit compiler is being used' (Helge Deller) - scsi: ufs: core: Reduce the power mode change timeout (Bart Van Assche) - drm/radeon: add a force flush to delay work when radeon (Zhenneng Li) - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup. (Candice Li) - drm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device to psp_hw_fini (YiPeng Chai) - drm/gem: Fix GEM handle release errors (Jeffy Chen) - scsi: megaraid_sas: Fix double kfree() (Guixin Liu) - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (Tony Battersby) - Revert 'mm: kmemleak: take a full lowmem check in kmemleak_*_phys()' (Yee Lee) - fs: only do a memory barrier for the first set_buffer_uptodate() (Linus Torvalds) - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (Stanislaw Gruszka) - efi: capsule-loader: Fix use-after-free in efi_capsule_write (Hyunwoo Kim) - efi: libstub: Disable struct randomization (Ard Biesheuvel) - net: wwan: iosm: remove pointless null check (Jakub Kicinski) - LTS version: v5.15.67 (Jack Vogel) - kbuild: fix up permissions on scripts/pahole-flags.sh (Greg Kroah-Hartman) - LTS version: v5.15.66 (Jack Vogel) - USB: serial: ch341: fix disabled rx timer on older devices (Johan Hovold) - USB: serial: ch341: fix lost character on LCR updates (Johan Hovold) - usb: dwc3: disable USB core PHY management (Johan Hovold) - usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (Johan Hovold) - usb: dwc3: fix PHY disable sequence (Johan Hovold) - kbuild: Add skip_encoding_btf_enum64 option to pahole (Martin Rodriguez Reboredo) - kbuild: Unify options for BTF generation for vmlinux and modules (Jiri Olsa) - tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() (Mazin Al Haddad) - drm/i915: Skip wm/ddb readout for disabled pipes (Ville Syrjala) - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (Diego Santa Cruz) - ALSA: seq: Fix data-race at module auto-loading (Takashi Iwai) - ALSA: seq: oss: Fix data-race for max_midi_devs access (Takashi Iwai) - ALSA: hda/realtek: Add speaker AMP init for Samsung laptops with ALC298 (Kacper Michajlow) - net: mac802154: Fix a condition in the receive path (Miquel Raynal) - net: Use u64_stats_fetch_begin_irq() for stats fetch. (Sebastian Andrzej Siewior) - ip: fix triggering of 'icmp redirect' (Nicolas Dichtel) - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (Siddh Raman Pant) - wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected (Siddh Raman Pant) - driver core: Don't probe devices after bus_type.match() probe deferral (Isaac J. Manjarres) - usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (Krishna Kurapati) - usb: xhci-mtk: fix bandwidth release issue (Chunfeng Yun) - usb: xhci-mtk: relax TT periodic bandwidth allocation (Chunfeng Yun) - USB: core: Prevent nested device-reset calls (Alan Stern) - s390: fix nospec table alignments (Josh Poimboeuf) - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (Gerald Schaefer) - usb-storage: Add ignore-residue quirk for NXP PN7462AU (Witold Lipieta) - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (Thierry GUIBERT) - usb: cdns3: fix incorrect handling TRB_SMM flag for ISOC transfer (Pawel Laszczak) - usb: cdns3: fix issue with rearming ISO OUT endpoint (Pawel Laszczak) - usb: dwc2: fix wrong order of phy_power_on and phy_init (Heiner Kallweit) - usb: typec: tcpm: Return ENOTSUPP for power supply prop writes (Badhri Jagan Sridharan) - usb: typec: intel_pmc_mux: Add new ACPI ID for Meteor Lake IOM device (Utkarsh Patel) - usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles (Pablo Sun) - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (Slark Xiao) - USB: serial: option: add Quectel EM060K modem (Yonglin Tan) - USB: serial: option: add support for OPPO R11 diag port (Yan Xinyu) - USB: serial: cp210x: add Decagon UCA device id (Johan Hovold) - xhci: Add grace period after xHC start to prevent premature runtime suspend. (Mathias Nyman) - media: mceusb: Use new usb_control_msg_*() routines (Alan Stern) - usb: dwc3: pci: Add support for Intel Raptor Lake (Heikki Krogerus) - thunderbolt: Use the actual buffer in tb_async_error() (Mika Westerberg) - xen-blkfront: Cache feature_persistent value before advertisement (SeongJae Park) - xen-blkfront: Advertise feature-persistent as user requested (SeongJae Park) - xen-blkback: Advertise feature-persistent as user requested (SeongJae Park) - mm: pagewalk: Fix race between unmap and page walker (Steven Price) - xen/grants: prevent integer overflow in gnttab_dma_alloc_pages() (Dan Carpenter) - KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (Jim Mattson) - gpio: pca953x: Add mutex_lock for regcache sync in PM (Haibo Chen) - hwmon: (gpio-fan) Fix array out of bounds access (Armin Wolf) - clk: bcm: rpi: Add missing newline (Stefan Wahren) - clk: bcm: rpi: Prevent out-of-bounds access (Stefan Wahren) - clk: bcm: rpi: Use correct order for the parameters of devm_kcalloc() (Christophe JAILLET) - clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (Stefan Wahren) - Input: rk805-pwrkey - fix module autoloading (Peter Robinson) - clk: core: Fix runtime PM sequence in clk_core_unprepare() (Chen-Yu Tsai) - Revert 'clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops' (Stephen Boyd) - clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (Chen-Yu Tsai) - drm/i915/reg: Fix spelling mistake 'Unsupport' -> 'Unsupported' (Colin Ian King) - KVM: VMX: Heed the 'msr' argument in msr_write_intercepted() (Jim Mattson) - cifs: fix small mempool leak in SMB2_negotiate() (Enzo Matsumiya) - binder: fix alloc->vma_vm_mm null-ptr dereference (Carlos Llamas) - binder: fix UAF of ref->proc caused by race condition (Carlos Llamas) - mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage switch failure (Adrian Hunter) - mmc: core: Fix UHS-I SD 1.8V workaround branch (Adrian Hunter) - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (Niek Nooijens) - misc: fastrpc: fix memory corruption on open (Johan Hovold) - misc: fastrpc: fix memory corruption on probe (Johan Hovold) - iio: adc: mcp3911: use correct formula for AD conversion (Marcus Folkesson) - iio: ad7292: Prevent regulator double disable (Matti Vaittinen) - Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (Tetsuo Handa) - tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete (Sherry Sun) - musb: fix USB_MUSB_TUSB6010 dependency (Arnd Bergmann) - vt: Clear selection before changing the font (Helge Deller) - powerpc: align syscall table for ppc32 (Masahiro Yamada) - staging: r8188eu: add firmware dependency (Grzegorz Szymaszek) - staging: rtl8712: fix use after free bugs (Dan Carpenter) - serial: fsl_lpuart: RS485 RTS polariy is inverse (Shenwei Wang) - soundwire: qcom: fix device status array range (Srinivas Kandagatla) - net/smc: Remove redundant refcount increase (Yacan Liu) - Revert 'sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb' (Jakub Kicinski) - tcp: annotate data-race around challenge_timestamp (Eric Dumazet) - sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb (Toke Hoiland-Jorgensen) - kcm: fix strp_init() order and cleanup (Cong Wang) - mlxbf_gige: compute MDIO period based on i1clk (David Thompson) - ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler (Duoming Zhou) - net/sched: fix netdevice reference leaks in attach_default_qdiscs() (Wang Hai) - net: sched: tbf: don't call qdisc_put() while holding tree lock (Zhengchao Shao) - net: dsa: xrs700x: Use irqsave variant for u64 stats update (Sebastian Andrzej Siewior) - openvswitch: fix memory leak at failed datapath creation (Andrey Zhadchenko) - net: smsc911x: Stop and start PHY during suspend and resume (Florian Fainelli) - net: sparx5: fix handling uneven length packets in manual extraction (Casper Andersson) - Revert 'xhci: turn off port power in shutdown' (Mathias Nyman) - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (Dan Carpenter) - ALSA: hda: intel-nhlt: Correct the handling of fmt_config flexible array (Peter Ujfalusi) - ALSA: hda: intel-nhlt: remove use of __func__ in dev_dbg (Pierre-Louis Bossart) - drm/i915/display: avoid warnings when registering dual panel backlight (Arun R Murthy) - drm/i915/backlight: extract backlight code to a separate file (Jani Nikula) - ieee802154/adf7242: defer destroy_workqueue call (Lin Ma) - bpf, cgroup: Fix kernel BUG in purge_effective_progs (Pu Lehui) - bpf: Restrict bpf_sys_bpf to CAP_PERFMON (YiFei Zhu) - skmsg: Fix wrong last sg check in sk_msg_recvmsg() (Liu Jian) - iio: adc: mcp3911: make use of the sign bit (Marcus Folkesson) - platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (Andy Shevchenko) - drm/msm/dsi: Fix number of regulators for SDM660 (Douglas Anderson) - drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (Douglas Anderson) - drm/msm/dp: delete DP_RECOVERED_CLOCK_OUT_EN to fix tps4 (Kuogee Hsieh) - drm/msm/dsi: fix the inconsistent indenting (sunliming) - LTS version: v5.15.65 (Jack Vogel) - net: neigh: don't call kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - net/af_packet: check len when min_header_len equals to 0 (Zhengchao Shao) - android: binder: fix lockdep check on clearing vma (Liam Howlett) - btrfs: fix space cache corruption and potential double allocations (Omar Sandoval) - kprobes: don't call disarm_kprobe() for disabled kprobes (Kuniyuki Iwashima) - btrfs: tree-checker: check for overlapping extent items (Josef Bacik) - btrfs: fix lockdep splat with reloc root extent buffers (Josef Bacik) - btrfs: move lockdep class helpers to locking.c (Josef Bacik) - testing: selftests: nft_flowtable.sh: use random netns names (Florian Westphal) - netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y (Geert Uytterhoeven) - drm/amd/display: avoid doing vm_init multiple time (Charlene Liu) - drm/amdgpu: Increase tlb flush timeout for sriov (Dusica Milinkovic) - drm/amd/display: Fix pixel clock programming (Ilya Bakoulin) - drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid (Evan Quan) - ksmbd: don't remove dos attribute xattr on O_TRUNC open (Namjae Jeon) - s390/hypfs: avoid error message under KVM (Juergen Gross) - neigh: fix possible DoS due to net iface start/stop loop (Denis V. Lunev) - ksmbd: return STATUS_BAD_NETWORK_NAME error status if share is not configured (Namjae Jeon) - drm/amd/display: clear optc underflow before turn off odm clock (Fudong Wang) - drm/amd/display: For stereo keep 'FLIP_ANY_FRAME' (Alvin Lee) - drm/amd/display: Fix HDMI VSIF V3 incorrect issue (Leo Ma) - drm/amd/display: Avoid MPC infinite loop (Josip Pavic) - ASoC: sh: rz-ssi: Improve error handling in rz_ssi_probe() error path (Biju Das) - fs/ntfs3: Fix work with fragmented xattr (Konstantin Komarov) - btrfs: fix warning during log replay when bumping inode link count (Filipe Manana) - btrfs: add and use helper for unlinking inode during log replay (Filipe Manana) - btrfs: remove no longer needed logic for replaying directory deletes (Filipe Manana) - btrfs: remove root argument from btrfs_unlink_inode() (Filipe Manana) - mmc: sdhci-of-dwcmshc: Re-enable support for the BlueField-3 SoC (Liming Sun) - mmc: sdhci-of-dwcmshc: rename rk3568 to rk35xx (Sebastian Reichel) - mmc: sdhci-of-dwcmshc: add reset call back for rockchip Socs (Yifeng Zhao) - mmc: mtk-sd: Clear interrupts when cqe off/disable (Wenbin Mei) - drm/i915/gt: Skip TLB invalidations once wedged (Chris Wilson) - HID: thrustmaster: Add sparco wheel and fix array length (Michael Hubner) - HID: asus: ROG NKey: Ignore portion of 0x5a report (Josh Kilmer) - HID: AMD_SFH: Add a DMI quirk entry for Chromebooks (Akihiko Odaki) - HID: add Lenovo Yoga C630 battery quirk (Steev Klimaszewski) - ALSA: usb-audio: Add quirk for LH Labs Geek Out HD Audio 1V5 (Takashi Iwai) - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (Jann Horn) - bpf: Don't redirect packets with invalid pkt_len (Zhengchao Shao) - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (Yang Jihong) - fbdev: fb_pm2fb: Avoid potential divide by zero error (Letu Ren) - net: fix refcount bug in sk_psock_get (2) (Hawkins Jiawei) - HID: hidraw: fix memory leak in hidraw_release() (Karthik Alapati) - media: pvrusb2: fix memory leak in pvr_probe (Dongliang Mu) - udmabuf: Set the DMA mask for the udmabuf device (v2) (Vivek Kasireddy) - HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report (Lee Jones) - Revert 'PCI/portdrv: Don't disable AER reporting in get_port_device_capability()' (Greg Kroah-Hartman) - Bluetooth: L2CAP: Fix build errors in some archs (Luiz Augusto von Dentz) - kbuild: Fix include path in scripts/Makefile.modpost (Jing Leng) - io_uring: fix UAF due to missing POLLFREE handling (Pavel Begunkov) - io_uring: fix wrong arm_poll error handling (Pavel Begunkov) - io_uring: fail links when poll fails (Pavel Begunkov) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1184 cpe:/a:oracle:linux:8::UEKR7 cpe:/o:oracle:linux:9:1:baseos_patch cpe:/a:oracle:linux:9::UEKR7 cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 8 Oracle Linux 9 [5.15.0-5.76.5.1] - proc: proc_skip_spaces() shouldn't think it is working on C strings (Linus Torvalds) [Orabug: 34883037] {CVE-2022-4378} - proc: avoid integer type confusion in get_proc_long (Linus Torvalds) [Orabug: 34883037] {CVE-2022-4378} [5.15.0-5.76.5] - KVM: x86: Use SRCU to protect zap in __kvm_set_or_clear_apicv_inhibit() (Ben Gardon) [Orabug: 34817119] - KVM: x86: Don't inhibit APICv/AVIC if xAPIC ID mismatch is due to 32-bit ID (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Track xAPIC ID only on userspace SET, _after_ vAPIC is updated (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Process ICR on AVIC IPI delivery failure due to invalid target (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Flush the 'current' TLB when activating AVIC (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Purge 'highest ISR' cache when updating APICv state (Sean Christopherson) [Orabug: 34817119] - iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Add AVIC doorbell tracepoint (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: x86: Warning APICv inconsistency only when vcpu APIC mode is valid (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Introduce hybrid-AVIC mode (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Do not throw warning when calling avic_vcpu_load on a running vcpu (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Introduce logic to (de)activate x2AVIC mode (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Refresh AVIC configuration when changing APIC mode (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: x86: Deactivate APICv on vCPU with APIC disabled (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Do not virtualize MSR accesses for APIC LVTT register (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Fix x2APIC MSRs interception (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Adding support for configuring x2APIC MSRs interception (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Do not support updating APIC ID when in x2APIC mode (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Compute dest based on sender's x2APIC status for AVIC kick (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Update avic_kick_target_vcpus to support 32-bit APIC ID (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Update max number of vCPUs supported for x2AVIC mode (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Detect X2APIC virtualization (x2AVIC) support (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: x86: lapic: Rename [GET/SET]_APIC_DEST_FIELD to [GET/SET]_XAPIC_DEST_FIELD (Suravee Suthikulpanit) [Orabug: 34817119] - x86/cpufeatures: Introduce x2AVIC CPUID bit (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: x86: Blindly get current x2APIC reg value on 'nodecode write' traps (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Bug the VM if an accelerated x2APIC trap occurs on a 'bad' reg (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Do not block APIC write for non ICR registers (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: x86: Add support for vICR APIC-write VM-Exits in x2APIC mode (Zeng Guang) [Orabug: 34817119] - KVM: x86: disable preemption while updating apicv inhibition (Maxim Levitsky) [Orabug: 34817119] - KVM: SVM: Fix x2APIC Logical ID calculation for avic_kick_target_vcpus_fast (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: x86: SVM: fix avic_kick_target_vcpus_fast (Maxim Levitsky) [Orabug: 34817119] - KVM: x86: SVM: remove avic's broken code that updated APIC ID (Maxim Levitsky) [Orabug: 34817119] - KVM: x86: Don't inhibit APICv/AVIC on xAPIC ID 'change' if APIC is disabled (Sean Christopherson) [Orabug: 34817119] - KVM: x86: inhibit APICv/AVIC on changes to APIC ID or APIC base (Maxim Levitsky) [Orabug: 34817119] - KVM: x86: document AVIC/APICv inhibit reasons (Maxim Levitsky) [Orabug: 34817119] - KVM: x86: SVM: allow to force AVIC to be enabled (Maxim Levitsky) [Orabug: 34817119] - KVM: SVM: Introduce trace point for the slow-path of avic_kic_target_vcpus (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: SVM: Use target APIC ID to complete AVIC IRQs when possible (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: x86: Skip KVM_GUESTDBG_BLOCKIRQ APICv update if APICv is disabled (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Do not activate AVIC for SEV-enabled guest (Suravee Suthikulpanit) [Orabug: 34817119] - KVM: x86: Trace all APICv inhibit changes and capture overall status (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Add wrappers for setting/clearing APICv inhibits (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Make APICv inhibit reasons an enum and cleanup naming (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Disable preemption across AVIC load/put during APICv refresh (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Treat x2APIC's ICR as a 64-bit register, not two 32-bit regs (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Add helpers to handle 64-bit APIC MSR read/writes (Sean Christopherson) [Orabug: 34817119] - KVM: x86: WARN if KVM emulates an IPI without clearing the BUSY flag (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Don't rewrite guest ICR on AVIC IPI virtualization failure (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Use 'raw' APIC register read for handling APIC-write VM-Exit (Sean Christopherson) [Orabug: 34817119] - KVM: VMX: Handle APIC-write offset wrangling in VMX code (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Rename AVIC helpers to use 'avic' prefix instead of 'svm' (Sean Christopherson) [Orabug: 34817119] - KVM: VMX: Rename VMX functions to conform to kvm_x86_ops names (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Rename kvm_x86_ops pointers to align w/ preferred vendor names (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Drop export for .tlb_flush_current() static_call key (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Skip APICv update if APICv is disable at the module level (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Unexport __kvm_request_apicv_update() (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: fix race between interrupt delivery and AVIC inhibition (Maxim Levitsky) [Orabug: 34817119] - KVM: SVM: set IRR in svm_deliver_interrupt (Paolo Bonzini) [Orabug: 34817119] - KVM: SVM: extract avic_ring_doorbell (Maxim Levitsky) [Orabug: 34817119] - KVM: x86: SVM: move avic definitions from AMD's spec to svm.h (Maxim Levitsky) [Orabug: 34817119] - KVM: x86: lapic: don't touch irr_pending in kvm_apic_update_apicv when inhibiting it (Maxim Levitsky) [Orabug: 34817119] - KVM: x86: Move delivery of non-APICv interrupt into vendor code (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Drop AVIC's intermediate avic_set_running() helper (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Skip AVIC and IRTE updates when loading blocking vCPU (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Use kvm_vcpu_is_blocking() in AVIC load to handle preemption (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Remove unnecessary APICv/AVIC update in vCPU unblocking path (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Don't bother checking for 'running' AVIC when kicking for IPIs (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Signal AVIC doorbell iff vCPU is in guest mode (Sean Christopherson) [Orabug: 34817119] - KVM: x86: add a tracepoint for APICv/AVIC interrupt delivery (Maxim Levitsky) [Orabug: 34817119] - KVM: Add helpers to wake/query blocking vCPU (Sean Christopherson) [Orabug: 34817119] - KVM: SVM: Ensure target pCPU is read once when signalling AVIC doorbell (Sean Christopherson) [Orabug: 34817119] - KVM: ensure APICv is considered inactive if there is no APIC (Paolo Bonzini) [Orabug: 34817119] - KVM: x86: inhibit APICv when KVM_GUESTDBG_BLOCKIRQ active (Maxim Levitsky) [Orabug: 34817119] - KVM: x86: Use rw_semaphore for APICv lock to allow vCPU parallelism (Sean Christopherson) [Orabug: 34817119] - KVM: x86: Move SVM's APICv sanity check to common x86 (Sean Christopherson) [Orabug: 34817119] - rds: Remove the cp_rdsinfo_pending flag (Hakon Bugge) [Orabug: 34658657] - RDMA/mlx5: Change debug log level for remote access error syndromes (Arumugam Kolappan) [Orabug: 34798451] - uek-rpm: kernel-uek.spec: make -modules-extra depend on -modules (Todd Vierling) [Orabug: 34820756] - Feature: Add cmdline param sched_uek=[preempt,wakeidle] (Libo Chen) [Orabug: 34779451] - rds: ib: Fix cleanup of rds_ib_cache_gc_worker (Hakon Bugge) [Orabug: 34806076] - KVM: nVMX: Add tracepoint for nested VM-Enter (David Matlack) [Orabug: 34806794] - KVM: x86: Update trace function for nested VM entry to support VMX (Mingwei Zhang) [Orabug: 34806794] - KVM: nVMX: Allow VMREAD when Enlightened VMCS is in use (Vitaly Kuznetsov) [Orabug: 34806794] - KVM: nVMX: Implement evmcs_field_offset() suitable for handle_vmread() (Vitaly Kuznetsov) [Orabug: 34806794] - KVM: nVMX: Rename vmcs_to_field_offset{,_table} (Vitaly Kuznetsov) [Orabug: 34806794] - x86/kvm: Always inline evmcs_write64() (Peter Zijlstra) [Orabug: 34806794] - RDMA/uverbs: restrack shared PDs (Sharath Srinivasan) [Orabug: 34812520] [5.15.0-5.76.4] - x86: Ignore iommu=off for AMD cpus (Dave Kleikamp) [Orabug: 34211826] - virtio-net: use mtu size as buffer length for big packets (Gavin Li) [Orabug: 34756664] - virtio-net: introduce and use helper function for guest gso support checks (Gavin Li) [Orabug: 34756664] - vdpa/mlx5: Use consistent RQT size (Eli Cohen) [Orabug: 34756664] - vdpa: mlx5: synchronize driver status with CVQ (Jason Wang) [Orabug: 34756664] - vdpa: support exposing the count of vqs to userspace (Longpeng) [Orabug: 34756664] - vdpa: change the type of nvqs to u32 (Longpeng) [Orabug: 34756664] - vdpa: support exposing the config size to userspace (Longpeng) [Orabug: 34756664] - vdpa/mlx5: re-create forwarding rules after mac modified (Michael Qiu) [Orabug: 34756664] - Add definition of VIRTIO_F_IN_ORDER feature bit (Gautam Dawar) [Orabug: 34756664] - vdpa: factor out vdpa_set_features_unlocked for vdpa internal use (Si-Wei Liu) [Orabug: 34756664] - RDMA/cma: Use output interface for net_dev check (Hakon Bugge) [Orabug: 34774007] - Revert 'RDMA/cma: Use output interface for net_dev check' (Hakon Bugge) [Orabug: 34774007] - Revert 'rdmaip: Flush ARP cache after address has been cleared' (Sharath Srinivasan) [Orabug: 34783631] - Revert 'sched: Remove the limitation of WF_ON_CPU on wakelist if wakee cpu is idle' (Samasth Norway Ananda) [Orabug: 34807135] [5.15.0-5.76.3] - uek-rpm: Add Documentation to kernel-uek-devel (Somasundaram Krishnasamy) [Orabug: 34734127] - kfence: add sysfs interface to disable kfence for selected slabs. (Imran Khan) [Orabug: 34744270] - scsi: target: core: Silence the message about unknown VPD pages (Konstantin Shelekhin) [Orabug: 34764767] - x86/microcode/AMD: Apply the patch late on every logical thread (Mihai Carabas) [Orabug: 34765295] - perf/x86/intel: Hide Topdown metrics events if slots is not enumerated (Kan Liang) [Orabug: 34771183] [5.15.0-5.76.2] - LTS version: v5.15.76 (Jack Vogel) - mm: /proc/pid/smaps_rollup: fix no vma's null-deref (Seth Jenkins) - mmc: core: Add SD card quirk for broken discard (Avri Altman) - Makefile.debug: re-enable debug info for .S files (Nick Desaulniers) - x86/Kconfig: Drop check for -mabi=ms for CONFIG_EFI_STUB (Nathan Chancellor) - ACPI: video: Force backlight native for more TongFang devices (Werner Sembach) - perf: Skip and warn on unknown format 'configN' attrs (Rob Herring) - mmc: sdhci-tegra: Use actual clock rate for SW tuning correction (Prathamesh Shete) - tracing: Do not free snapshot if tracer is on cmdline (Steven Rostedt (Google)) - tracing: Simplify conditional compilation code in tracing_set_tracer() (sunliming) - ksmbd: fix incorrect handling of iterate_dir (Namjae Jeon) - ksmbd: handle smb2 query dir request for OutputBufferLength that is too small (Namjae Jeon) - arm64: mte: move register initialization to C (Peter Collingbourne) - fs: dlm: fix invalid derefence of sb_lvbptr (Alexander Aring) - iommu/vt-d: Clean up si_domain in the init_dmars() error path (Jerry Snitselaar) - iommu/vt-d: Allow NVS regions in arch_rmrr_sanity_check() (Charlotte Tan) - net: phy: dp83822: disable MDI crossover status change interrupt (Felix Riemann) - net: sched: fix race condition in qdisc_graft() (Eric Dumazet) - net: hns: fix possible memory leak in hnae_ae_register() (Yang Yingliang) - wwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new() (Yang Yingliang) - sfc: include vport_id in filter spec hash and equal() (Pieter Jansen van Vuuren) - net: sched: sfb: fix null pointer access issue when sfb_init() fails (Zhengchao Shao) - net: sched: delete duplicate cleanup of backlog and qlen (Zhengchao Shao) - net: sched: cake: fix null pointer access issue when cake_init() fails (Zhengchao Shao) - nvmet: fix workqueue MEM_RECLAIM flushing dependency (Sagi Grimberg) - nvme-hwmon: kmalloc the NVME SMART log buffer (Serge Semin) - nvme-hwmon: consistently ignore errors from nvme_hwmon_init (Christoph Hellwig) - netfilter: nf_tables: relax NFTA_SET_ELEM_KEY_END set flags requirements (Pablo Neira Ayuso) - ionic: catch NULL pointer issue on reconfig (Brett Creeley) - net: hsr: avoid possible NULL deref in skb_clone() (Eric Dumazet) - dm: remove unnecessary assignment statement in alloc_dev() (Genjian Zhang) - cifs: Fix xid leak in cifs_ses_add_channel() (Zhang Xiaoxu) - cifs: Fix xid leak in cifs_flock() (Zhang Xiaoxu) - cifs: Fix xid leak in cifs_copy_file_range() (Zhang Xiaoxu) - cifs: Fix xid leak in cifs_create() (Zhang Xiaoxu) - udp: Update reuse->has_conns under reuseport_lock. (Kuniyuki Iwashima) - scsi: lpfc: Fix memory leak in lpfc_create_port() (Rafael Mendonca) - net: phylink: add mac_managed_pm in phylink_config structure (Shenwei Wang) - net: phy: dp83867: Extend RX strap quirk for SGMII mode (Harini Katakam) - net/atm: fix proc_mpc_write incorrect return value (Xiaobo Liu) - sfc: Change VF mac via PF as first preference if available. (Jonathan Cooper) - HID: magicmouse: Do not set BTN_MOUSE on double report (Jose Exposito) - i40e: Fix DMA mappings leak (Jan Sokolowski) - tipc: fix an information leak in tipc_topsrv_kern_subscr (Alexander Potapenko) - tipc: Fix recognition of trial period (Mark Tomlinson) - ACPI: extlog: Handle multiple records (Tony Luck) - drm/vc4: Add module dependency on hdmi-codec (Maxime Ripard) - btrfs: fix processing of delayed tree block refs during backref walking (Filipe Manana) - btrfs: fix processing of delayed data refs during backref walking (Filipe Manana) - x86/topology: Fix duplicated core ID within a package (Zhang Rui) - x86/topology: Fix multiple packages shown on a single-package system (Zhang Rui) - media: venus: dec: Handle the case where find_format fails (Bryan O'Donoghue) - media: mceusb: set timeout to at least timeout provided (Sean Young) - media: ipu3-imgu: Fix NULL pointer dereference in active selection access (Sakari Ailus) - KVM: arm64: vgic: Fix exit condition in scan_its_table() (Eric Ren) - kvm: Add support for arch compat vm ioctls (Alexander Graf) - mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages (Rik van Riel) - drm/amdgpu: fix sdma doorbell init ordering on APUs (Alex Deucher) - cpufreq: qcom: fix memory leak in error path (Fabien Parent) - x86/resctrl: Fix min_cbm_bits for AMD (Babu Moger) - ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS (Kai-Heng Feng) - ata: ahci-imx: Fix MODULE_ALIAS (Alexander Stein) - hwmon/coretemp: Handle large core ID value (Zhang Rui) - x86/microcode/AMD: Apply the patch early on every logical thread (Borislav Petkov) - i2c: qcom-cci: Fix ordering of pm_runtime_xx and i2c_add_adapter (Bryan O'Donoghue) - cpufreq: qcom: fix writes in read-only memory region (Fabien Parent) - selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context() (GONG, Ruiqi) - ocfs2: fix BUG when iput after ocfs2_mknod fails (Joseph Qi) - ocfs2: clear dinode links count in case of error (Joseph Qi) - btrfs: enhance unsupported compat RO flags handling (Qu Wenruo) - perf/x86/intel/pt: Relax address filter validation (Adrian Hunter) - arm64: errata: Remove AES hwcap for COMPAT tasks (James Morse) - usb: gadget: uvc: improve sg exit condition (Michael Grzeschik) - usb: gadget: uvc: giveback vb2 buffer on req complete (Michael Grzeschik) - usb: gadget: uvc: rework uvcg_queue_next_buffer to uvcg_complete_buffer (Michael Grzeschik) - usb: gadget: uvc: use on returned header len in video_encode_isoc_sg (Michael Grzeschik) - usb: gadget: uvc: consistently use define for headerlen (Michael Grzeschik) - arm64/mm: Consolidate TCR_EL1 fields (Anshuman Khandual) - r8152: add PID for the Lenovo OneLink+ Dock (Jean-Francois Le Fillatre) - LTS version: v5.15.75 (Jack Vogel) - io-wq: Fix memory leak in worker creation (Rafael Mendonca) - gcov: support GCC 12.1 and newer compilers (Martin Liska) - thermal: intel_powerclamp: Use first online CPU as control_cpu (Rafael J. Wysocki) - ext4: continue to expand file system when the target size doesn't reach (Jerry Lee ) - lib/Kconfig.debug: Add check for non-constant .{s,u}leb128 support to DWARF5 (Nathan Chancellor) - Kconfig.debug: add toolchain checks for DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT (Masahiro Yamada) - Kconfig.debug: simplify the dependency of DEBUG_INFO_DWARF4/5 (Masahiro Yamada) - drm/amd/display: Fix build breakage with CONFIG_DEBUG_FS=n (Nathan Chancellor) - net/ieee802154: don't warn zero-sized raw_sendmsg() (Tetsuo Handa) - Revert 'net/ieee802154: reject zero-sized raw_sendmsg()' (Alexander Aring) - net: ethernet: ti: davinci_mdio: fix build for mdio bitbang uses (Randy Dunlap) - blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() (Yu Kuai) - ALSA: usb-audio: Fix last interface check for registration (Takashi Iwai) - net: ieee802154: return -EINVAL for unknown addr type (Alexander Aring) - mm: hugetlb: fix UAF in hugetlb_handle_userfault (Liu Shixin) - io_uring/rw: fix unexpected link breakage (Pavel Begunkov) - io_uring/rw: fix error'ed retry return values (Pavel Begunkov) - io_uring/rw: fix short rw error handling (Pavel Begunkov) - io_uring: correct pinned_vm accounting (Pavel Begunkov) - io_uring/af_unix: defer registered files gc to io_uring release (Pavel Begunkov) - perf intel-pt: Fix segfault in intel_pt_print_info() with uClibc (Adrian Hunter) - clk: bcm2835: Round UART input clock up (Ivan T. Ivanov) - clk: bcm2835: Make peripheral PLLC critical (Maxime Ripard) - usb: idmouse: fix an uninit-value in idmouse_open (Dongliang Mu) - nvmet-tcp: add bounds check on Transfer Tag (Varun Prakash) - nvme: copy firmware_rev on each init (Keith Busch) - ext2: Use kvmalloc() for group descriptor array (Jan Kara) - scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled (Arun Easi) - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (Xiaoke Wang) - staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw() (Xiaoke Wang) - Revert 'usb: storage: Add quirk for Samsung Fit flash' (sunghwan jung) - usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination error after resume bug (Piyush Mehta) - arm64: dts: imx8mp: Add snps,gfladj-refclk-lpm-sel quirk to USB nodes (Alexander Stein) - usb: musb: Fix musb_gadget.c rxstate overflow bug (Robin Guo) - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (Jianglei Nie) - md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (Logan Gunthorpe) - eventfd: guard wake_up in eventfd fs calls as well (Dylan Yudaken) - HID: roccat: Fix use-after-free in roccat_read() (Hyunwoo Kim) - soundwire: intel: fix error handling on dai registration issues (Pierre-Louis Bossart) - soundwire: cadence: Don't overwrite msg->buf during write commands (Richard Fitzgerald) - bcache: fix set_at_max_writeback_rate() for multiple attached devices (Coly Li) - ata: libahci_platform: Sanity check the DT child nodes number (Serge Semin) - blk-throttle: prevent overflow while calculating wait time (Yu Kuai) - staging: vt6655: fix potential memory leak (Nam Cao) - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (Wei Yongjun) - iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT device to identity (Yicong Yang) - nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (Shigeru Yoshida) - scsi: 3w-9xxx: Avoid disabling device if failing to enable it (Letu Ren) - dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow (Vaishnav Achath) - usb: host: xhci-plat: suspend/resume clks for brcm (Justin Chen) - usb: host: xhci-plat: suspend and resume clocks (Justin Chen) - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (Quanyang Wang) - media: platform: fix some double free in meson-ge2d and mtk-jpeg and s5p-mfc (Hangyu Hua) - media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (Zheyu Ma) - clk: zynqmp: Fix stack-out-of-bounds in strncpy (Ian Nam) - ARM: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n (Alex Sverdlin) - btrfs: don't print information about space cache or tree every remount (Maciej S. Szmigiero) - btrfs: scrub: try to fix super block errors (Qu Wenruo) - btrfs: dump extra info if one free space cache has more bitmaps than it should (Qu Wenruo) - arm64: dts: imx8mq-librem5: Add bq25895 as max17055's power supply (Sebastian Krzyszkowiak) - kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT (Mark Brown) - ARM: dts: imx6sx: add missing properties for sram (Alexander Stein) - ARM: dts: imx6sll: add missing properties for sram (Alexander Stein) - ARM: dts: imx6sl: add missing properties for sram (Alexander Stein) - ARM: dts: imx6qp: add missing properties for sram (Alexander Stein) - ARM: dts: imx6dl: add missing properties for sram (Alexander Stein) - ARM: dts: imx6q: add missing properties for sram (Alexander Stein) - ARM: dts: imx7d-sdb: config the max pressure for tsc2046 (Haibo Chen) - drm/amd/display: Remove interface for periodic interrupt 1 (Aric Cyr) - drm/dp: Don't rewrite link config when setting phy test pattern (Khaled Almahallawy) - mmc: sdhci-msm: add compatible string check for sdm670 (Richard Acayan) - drm/meson: explicitly remove aggregate driver at module unload time (Adrian Larumbe) - drm/meson: reorder driver deinit sequence to fix use-after-free bug (Adrian Larumbe) - drm/amdgpu: fix initial connector audio value (hongao) - ASoC: SOF: pci: Change DMI match info to support all Chrome platforms (Jairaj Arava) - platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (Hans de Goede) - platform/chrome: cros_ec: Notify the PM of wake events during resume (Jameson Thies) - drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (Maya Matuszczyk) - drm/vc4: vec: Fix timings for VEC modes (Mateusz Kwiatkowski) - ALSA: usb-audio: Register card at the last interface (Takashi Iwai) - drm: bridge: dw_hdmi: only trigger hotplug event on link change (Lucas Stach) - udmabuf: Set ubuf->sg = NULL if the creation of sg table fails (Vivek Kasireddy) - drm/amd/display: fix overflow on MIN_I64 definition (David Gow) - gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init() (Zeng Jingxiang) - drm/komeda: Fix handling of atomic commits in the atomic_commit_tail hook (Liviu Dudau) - drm: Prevent drm_copy_field() to attempt copying a NULL pointer (Javier Martinez Canillas) - drm: Use size_t type for len variable in drm_copy_field() (Javier Martinez Canillas) - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (Jianglei Nie) - r8152: Rate limit overflow messages (Andrew Gaul) - Bluetooth: L2CAP: Fix user-after-free (Luiz Augusto von Dentz) - net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory (Liu Jian) - hwmon: (sht4x) do not overflow clamping operation on 32-bit platforms (Jason A. Donenfeld) - wifi: rt2x00: correctly set BBP register 86 for MT7620 (Daniel Golle) - wifi: rt2x00: set SoC wmac clock register (Daniel Golle) - wifi: rt2x00: set VGC gain for both chains of MT7620 (Daniel Golle) - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (Daniel Golle) - wifi: rt2x00: don't run Rt5592 IQ calibration on MT7620 (Daniel Golle) - can: bcm: check the result of can_send() in bcm_can_tx() (Ziyang Xuan) - Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (Luiz Augusto von Dentz) - Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (Tetsuo Handa) - wifi: mt76: mt7921: reset msta->airtime_ac while clearing up hw value (Sean Wang) - regulator: core: Prevent integer underflow (Patrick Rudolph) - Bluetooth: btintel: Mark Intel controller to support LE_STATES quirk (Kiran K) - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (Alexander Coffin) - iavf: Fix race between iavf_close and iavf_reset_task (Michal Jaron) - xfrm: Update ipcomp_scratches with NULL when freed (Khalid Masum) - thunderbolt: Add back Intel Falcon Ridge end-to-end flow control workaround (Mika Westerberg) - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (Tetsuo Handa) - x86/mce: Retrieve poison range from hardware (Jane Chu) - tcp: annotate data-race around tcp_md5sig_pool_populated (Eric Dumazet) - openvswitch: Fix overreporting of drops in dropwatch (Mike Pattrick) - openvswitch: Fix double reporting of drops in dropwatch (Mike Pattrick) - net: ethernet: ti: davinci_mdio: Add workaround for errata i2329 (Ravi Gunasekaran) - ice: set tx_tstamps when creating new Tx rings via ethtool (Jacob Keller) - bpftool: Clear errno after libcap's checks (Quentin Monnet) - wifi: brcmfmac: fix invalid address access when enabling SCAN log level (Wright Feng) - NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data (Anna Schumaker) - x86/entry: Work around Clang __bdos() bug (Kees Cook) - ACPI: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable (Mario Limonciello) - ARM: decompressor: Include .data.rel.ro.local (Kees Cook) - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (Srinivas Pandruvada) - powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue (Chao Qin) - MIPS: BCM47XX: Cast memcmp() of function to (void *) (Kees Cook) - cpufreq: intel_pstate: Add Tigerlake support in no-HWP mode (Doug Smythies) - ACPI: tables: FPDT: Don't call acpi_os_map_memory() on invalid phys address (Hans de Goede) - ACPI: video: Add Toshiba Satellite/Portege Z830 quirk (Arvid Norlander) - rcu-tasks: Convert RCU_LOCKDEP_WARN() to WARN_ONCE() (Zqiang) - rcu: Back off upon fill_page_cache_func() allocation failure (Michal Hocko) - rcu: Avoid triggering strict-GP irq-work when RCU is idle (Zqiang) - fs: dlm: fix race in lowcomms (Alexander Aring) - selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle (Stefan Berger) - f2fs: fix to account FS_CP_DATA_IO correctly (Chao Yu) - f2fs: fix race condition on setting FI_NO_EXTENT flag (Zhang Qilong) - ACPI: APEI: do not add task_work to kernel thread to avoid memory leak (Shuai Xue) - thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id (Vincent Knecht) - crypto: cavium - prevent integer overflow loading firmware (Dan Carpenter) - crypto: marvell/octeontx - prevent integer overflows (Dan Carpenter) - kbuild: rpm-pkg: fix breakage when V=1 is used (Janis Schoetterl-Glausch) - kbuild: remove the target in signal traps when interrupted (Masahiro Yamada) - tracing/osnoise: Fix possible recursive locking in stop_per_cpu_kthreads (Nico Pache) - tracing: kprobe: Make gen test module work in arm and riscv (Yipeng Zou) - tracing: kprobe: Fix kprobe event gen test module on exit (Yipeng Zou) - iommu/iova: Fix module config properly (Robin Murphy) - cifs: return correct error in ->calc_signature() (Enzo Matsumiya) - crypto: qat - fix DMA transfer direction (Damian Muszynski) - crypto: inside-secure - Change swab to swab32 (Peter Harliman Liem) - crypto: ccp - Release dma channels before dmaengine unrgister (Koba Ko) - crypto: akcipher - default implementation for setting a private key (Ignat Korchagin) - iommu/omap: Fix buffer overflow in debugfs (Dan Carpenter) - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (Waiman Long) - crypto: hisilicon/qm - fix missing put dfx access (Weili Qian) - crypto: qat - fix default value of WDT timer (Lucas Segarra Fernandez) - hwrng: imx-rngc - Moving IRQ handler registering after imx_rngc_irq_mask_clear() (Kshitiz Varshney) - cgroup: Honor caller's cgroup NS when resolving path (Michal Koutny) - hwrng: arm-smccc-trng - fix NO_ENTROPY handling (James Cowgill) - crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (Ye Weihua) - crypto: sahara - don't sleep when in softirq (Zhengchao Shao) - powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL (Haren Myneni) - powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (Li Huafei) - powerpc: Fix SPE Power ISA properties for e500v1 platforms (Pali Rohar) - powerpc/64s: Fix GENERIC_CPU build flags for PPC970 / G5 (Nicholas Piggin) - x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition (Vitaly Kuznetsov) - powerpc: Fix fallocate and fadvise64_64 compat parameter combination (Rohan McLure) - powerpc/powernv: add missing of_node_put() in opal_export_attrs() (Zheng Yongjun) - powerpc/pci_dn: Add missing of_node_put() (Liang He) - powerpc/sysdev/fsl_msi: Add missing of_node_put() (Liang He) - powerpc/math_emu/efp: Include module.h (Nathan Chancellor) - powerpc/configs: Properly enable PAPR_SCM in pseries_defconfig (Michael Ellerman) - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (Jack Wang) - mailbox: mpfs: account for mbox offsets while sending (Conor Dooley) - mailbox: mpfs: fix handling of the reg property (Conor Dooley) - clk: ast2600: BCLK comes from EPLL (Joel Stanley) - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (Miaoqian Lin) - clk: imx: scu: fix memleak on platform_device_add() fails (Lin Yujun) - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (Stefan Wahren) - clk: baikal-t1: Add SATA internal ref clock buffer (Serge Semin) - clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent (Serge Semin) - clk: baikal-t1: Fix invalid xGMAC PTP clock divider (Serge Semin) - clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD (Serge Semin) - spmi: pmic-arb: correct duplicate APID to PPID mapping logic (David Collins) - usb: mtu3: fix failed runtime suspend in host only mode (Chunfeng Yun) - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (Dave Jiang) - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (Chen-Yu Tsai) - mfd: sm501: Add check for platform_driver_register() (Jiasheng Jiang) - mfd: fsl-imx25: Fix check for platform_get_irq() errors (Dan Carpenter) - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (Christophe JAILLET) - mfd: lp8788: Fix an error handling path in lp8788_probe() (Christophe JAILLET) - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (Christophe JAILLET) - mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (Christophe JAILLET) - fsi: core: Check error number after calling ida_simple_get (Jiasheng Jiang) - RDMA/rxe: Fix resize_finish() in rxe_queue.c (Bob Pearson) - clk: qcom: gcc-sm6115: Override default Alpha PLL regs (Adam Skladowski) - clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical (Robert Marko) - scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() (Mike Christie) - scsi: iscsi: Run recv path from workqueue (Mike Christie) - scsi: iscsi: Add recv workqueue helpers (Mike Christie) - scsi: iscsi: Rename iscsi_conn_queue_work() (Mike Christie) - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (Duoming Zhou) - serial: 8250: Fix restoring termios speed after suspend (Pali Rohar) - firmware: google: Test spinlock on panic path to avoid lockups (Guilherme G. Piccoli) - slimbus: qcom-ngd-ctrl: allow compile testing without QCOM_RPROC_COMMON (Krzysztof Kozlowski) - staging: vt6655: fix some erroneous memory clean-up loops (Nam Cao) - phy: qualcomm: call clk_disable_unprepare in the error handling (Dongliang Mu) - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (Sherry Sun) - serial: 8250: Toggle IER bits on only after irq has been set up (Ilpo Jarvinen) - drivers: serial: jsm: fix some leaks in probe (Dan Carpenter) - usb: gadget: function: fix dangling pnp_string in f_printer.c (Albert Briscoe) - xhci: Don't show warning for reinit on known broken suspend (Mario Limonciello) - IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers (Daisuke Matsuda) - RDMA/cm: Use SLID in the work completion as the DLID in responder side (Mark Zhang) - md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk() (David Sloan) - md/raid5: Ensure stripe_fill happens on non-read IO with journal (Logan Gunthorpe) - md: Replace snprintf with scnprintf (Saurabh Sengar) - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (Dan Carpenter) - ata: fix ata_id_has_dipm() (Niklas Cassel) - ata: fix ata_id_has_ncq_autosense() (Niklas Cassel) - ata: fix ata_id_has_devslp() (Niklas Cassel) - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (Niklas Cassel) - RDMA/siw: Fix QP destroy to wait for all references dropped. (Bernard Metzler) - RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall. (Bernard Metzler) - RDMA/srp: Fix srp_abort() (Bart Van Assche) - RDMA/irdma: Align AE id codes to correct flush code and event (Sindhu-Devale) - mtd: rawnand: fsl_elbc: Fix none ECC mode (Pali Rohar) - mtd: rawnand: intel: Remove undocumented compatible string (Martin Blumenstingl) - mtd: rawnand: intel: Read the chip-select line from the correct OF node (Martin Blumenstingl) - phy: phy-mtk-tphy: fix the phy type setting issue (Chunfeng Yun) - phy: amlogic: phy-meson-axg-mipi-pcie-analog: Hold reference returned by of_get_parent() (Liang He) - mtd: devices: docg3: check the return value of devm_ioremap() in the probe (William Dean) - clk: qcom: sm6115: Select QCOM_GDSC (Dang Huynh) - dyndbg: drop EXPORTed dynamic_debug_exec_queries (Jim Cromie) - dyndbg: let query-modname override actual module name (Jim Cromie) - dyndbg: fix module.dyndbg handling (Jim Cromie) - dyndbg: fix static_branch manipulation (Jim Cromie) - dmaengine: hisilicon: Add multi-thread support for a DMA channel (Jie Hai) - dmaengine: hisilicon: Fix CQ head update (Jie Hai) - dmaengine: hisilicon: Disable channels when unregister hisi_dma (Jie Hai) - fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (Dan Carpenter) - misc: ocxl: fix possible refcount leak in afu_ioctl() (Hangyu Hua) - RDMA/rxe: Fix the error caused by qp->sk (Zhu Yanjun) - RDMA/rxe: Fix 'kernel NULL pointer dereference' error (Zhu Yanjun) - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (Miaoqian Lin) - media: uvcvideo: Use entity get_cur in uvc_ctrl_set (Yunke Cao) - media: uvcvideo: Fix memory leak in uvc_gpio_parse (Jose Exposito) - media: meson: vdec: add missing clk_disable_unprepare on error in vdec_hevc_start() (Xu Qiang) - tty: xilinx_uartps: Fix the ignore_status (Shubhrajyoti Datta) - media: exynos4-is: fimc-is: Add of_node_put() when breaking out of loop (Liang He) - HSI: omap_ssi_port: Fix dma_map_sg error check (Jack Wang) - HSI: omap_ssi: Fix refcount leak in ssi_probe (Miaoqian Lin) - clk: tegra20: Fix refcount leak in tegra20_clock_init (Miaoqian Lin) - clk: tegra: Fix refcount leak in tegra114_clock_init (Miaoqian Lin) - clk: tegra: Fix refcount leak in tegra210_clock_init (Miaoqian Lin) - clk: sprd: Hold reference returned by of_get_parent() (Liang He) - clk: berlin: Add of_node_put() for of_get_parent() (Liang He) - clk: qoriq: Hold reference returned by of_get_parent() (Liang He) - clk: oxnas: Hold reference returned by of_get_parent() (Liang He) - clk: meson: Hold reference returned by of_get_parent() (Liang He) - usb: common: debug: Check non-standard control requests (Thinh Nguyen) - RDMA/mlx5: Don't compare mkey tags in DEVX indirect mkey (Aharon Landau) - iio: magnetometer: yas530: Change data type of hard_offsets to signed (Jakob Hauser) - iio: ABI: Fix wrong format of differential capacitance channel ABI. (Jonathan Cameron) - iio: inkern: fix return value in devm_of_iio_channel_get_by_name() (Nuno Sa) - iio: inkern: only release the device node when done with it (Nuno Sa) - iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume (Claudiu Beznea) - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (Claudiu Beznea) - iio: adc: at91-sama5d2_adc: check return status for pressure and touch (Claudiu Beznea) - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (Claudiu Beznea) - ARM: dts: exynos: fix polarity of VBUS GPIO of Origen (Dmitry Torokhov) - arm64: ftrace: fix module PLTs with mcount (Mark Rutland) - ext4: don't run ext4lazyinit for read-only filesystems (Josh Triplett) - ARM: Drop CMDLINE_* dependency on ATAGS (Geert Uytterhoeven) - ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family (Dmitry Torokhov) - arm64: dts: ti: k3-j7200: fix main pinmux range (Matt Ranostay) - soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA (Dmitry Osipenko) - ia64: export memory_add_physaddr_to_nid to fix cxl build error (Randy Dunlap) - ARM: dts: kirkwood: lsxl: remove first ethernet port (Michael Walle) - ARM: dts: kirkwood: lsxl: fix serial line (Michael Walle) - ARM: dts: turris-omnia: Fix mpp26 pin name and comment (Marek Behun) - ARM: dts: imx6qdl-kontron-samx6i: hook up DDC i2c bus (Lucas Stach) - soc: qcom: smem_state: Add refcounting for the 'state->of_node' (Liang He) - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (Liang He) - locks: fix TOCTOU race when granting write lease (Amir Goldstein) - memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() (Liang He) - memory: of: Fix refcount leak bug in of_get_ddr_timings() (Liang He) - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (Liang He) - ALSA: hda/hdmi: Don't skip notification handling during PM operation (Takashi Iwai) - ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (Zhang Qilong) - ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe (Zhang Qilong) - ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe (Zhang Qilong) - ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe (Zhang Qilong) - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (Christophe JAILLET) - ALSA: dmaengine: increment buffer pointer atomically (Andreas Pape) - ASoC: da7219: Fix an error handling path in da7219_register_dai_clks() (Christophe JAILLET) - ASoC: codecs: tx-macro: fix kcontrol put (Srinivas Kandagatla) - drm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl() (Rafael Mendonca) - drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa() (Kuogee Hsieh) - drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (Dmitry Baryshkov) - ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API (Liang He) - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (Christophe JAILLET) - drm/amdgpu: Fix memory leak in hpd_rx_irq_create_workqueue() (Rafael Mendonca) - drm/omap: dss: Fix refcount leak bugs (Liang He) - drm/bochs: fix blanking (Gerd Hoffmann) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-4378 CVE-2022-1184 cpe:/a:oracle:linux:8::UEKR7 cpe:/o:oracle:linux:9:1:baseos_patch cpe:/a:oracle:linux:9::UEKR7 cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [1:11.0.15.0.10-1] - Update to jdk-11.0.15.0+10 - Update release notes to 11.0.15.0+10 - Switch to GA mode for release - Rebase RH1996182 FIPS patch after JDK-8254410 - Resolves: rhbz#2073594 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21434 CVE-2022-21496 CVE-2022-21476 CVE-2022-21426 CVE-2022-21443 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1:17.0.3.0.7-1] - April 2022 security update to jdk 17.0.3+7 - Update to jdk-17.0.3.0+7 tarball - Update release notes to 17.0.3.0+7 - Add missing README.md and generate_source_tarball.sh - Resolves: rhbz#2073578 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21449 CVE-2022-21434 CVE-2022-21476 CVE-2022-21426 CVE-2022-21496 CVE-2022-21443 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1:1.8.0.332.b09-1] - Update to shenandoah-jdk8u332-b09 (GA) - Update release notes for 8u332-b09. - Resolves: rhbz#2074649 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21426 CVE-2022-21443 CVE-2022-21434 CVE-2022-21476 CVE-2022-21496 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 8 Oracle Linux 9 IMPORTANT Copyright 2022 Oracle, Inc. cpe:/a:oracle:linux:9::developer_UEKR7 cpe:/a:oracle:linux:8::developer_UEKR7 Oracle Linux 9 [1.10-9] - fix an arbitrary-file-write vulnerability in zgrep Resolves: CVE-2022-1271 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1271 cpe:/o:oracle:linux:9:0:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [1.2.11-31.1] - Fix CVE-2018-25032 Resolves: CVE-2018-25032 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2018-25032 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:0:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [6.0.105-1.0.1] - Add missing Oracle RIDs - Build all packages on source-build even when in servicing [6.0.105-1] - Update to .NET SDK 6.0.105 and Runtime 6.0.5 - Resolves: RHBZ#2082268 [6.0.104-1] - Update to .NET SDK 6.0.104 and Runtime 6.0.4 - Resolves: RHBZ#2080460 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-23267 CVE-2022-29145 CVE-2022-29117 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [91.9.0-3.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Reference oracle-indexhtml within Requires [Orabug: 33802044] [91.9.0-3] - Update to 91.9.0 build3 [91.9.0-2] - Update to 91.9.0 build2 [91.9.0-1] - Update to 91.9.0 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-29912 CVE-2022-29916 CVE-2022-29911 CVE-2022-29917 CVE-2022-29909 CVE-2022-29913 CVE-2022-1520 CVE-2022-29914 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [91.9.0-1.0.1] - Replaced upstream package with oracle-indexhtml [Orabug: 33802044] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Removed Upstream references [91.9.0-1] - Update to 91.9.0 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-29911 CVE-2022-29914 CVE-2022-29916 CVE-2022-29912 CVE-2022-29909 CVE-2022-29917 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1.14.1-5] - Fix for CVE-2022-24070 (#2076565) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-24070 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [3.2.3-9.1] - Resolves: #2074784 - A flaw found in zlib v1.2.2.2 through zlib v1.2.11 when compressing certain inputs IMPORTANT Copyright 2022 Oracle, Inc. CVE-2018-25032 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:0:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [91.9.1-1.0.1] - Replaced upstream package with oracle-indexhtml [Orabug: 33802044] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Removed Upstream references [91.9.1-1] - Update to 91.9.1 build1 CRITICAL Copyright 2022 Oracle, Inc. CVE-2022-1529 CVE-2022-1802 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [13.7-1] - Resolves: CVE-2022-1552 - Update to 13.7 - Release notes: https://www.postgresql.org/docs/release/13.7/ IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1552 cpe:/a:oracle:linux:9::distro_builder cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9::codeready_builder_developer Oracle Linux 9 [91.9.1-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Reference oracle-indexhtml within Requires [Orabug: 33802044] [91.9.1-1] - Update to 91.9.1 build1 CRITICAL Copyright 2022 Oracle, Inc. CVE-2022-1529 CVE-2022-1802 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [8.2102.0-101.1] - Address CVE-2022-24903, Heap-based overflow in TCP syslog server resolves: rhbz#2081402 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-24903 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [91.10.0-1.0.1] - Replaced upstream package with oracle-indexhtml [Orabug: 33802044] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Removed Upstream references [91.10.0-1] - Update to 91.10.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-31738 CVE-2022-31741 CVE-2022-31747 CVE-2022-31740 CVE-2022-31742 CVE-2022-31737 CVE-2022-31736 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [91.10.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Reference oracle-indexhtml within Requires [Orabug: 33802044] [91.10.0-1] - Update to 91.10.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-31747 CVE-2022-31741 CVE-2022-1834 CVE-2022-31737 CVE-2022-31738 CVE-2022-31742 CVE-2022-31736 CVE-2022-31740 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1:1.1.1k-4.0.1] - Backport upstream PRs 18446 and 18481 which update certificates used for the self-tests [Orabug: 34326055] [1:1.1.1k-4] - Fixes CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates Resolves: rhbz#2063147 - Disable FIPS mode; it does not work and will not be certified Resolves: rhbz#2091968 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-0778 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [5.2.5-8] - Fix arbitrary file write vulnerability Resolves: CVE-2022-1271 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1271 cpe:/o:oracle:linux:9:1:baseos_base cpe:/o:oracle:linux:9:0:baseos_patch cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9::baseos_developer cpe:/o:oracle:linux:9:3:baseos_base cpe:/o:oracle:linux:9:4:baseos_base cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base cpe:/o:oracle:linux:9:2:baseos_base Oracle Linux 9 [1:2.3.3op2-13.1] - CVE-2022-26691 cups: authorization bypass when using 'local' authorization IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-26691 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:0:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [6.0.106-1.0.1] - Add missing Oracle RIDs - Build all packages on source-build even when in servicing [6.0.106-1] - Update to .NET SDK 6.0.106 and Runtime 6.0.6 - Resolves: RHBZ#2093433 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-30184 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [2.06-27.0.5.el9_0.7] - Replaced bugzilla.oracle.com references [Orabug: 34202300] - Update provided certificate version to 202204 [JIRA: OLDIS-16371] - Various coverity fixes [JIRA: OLDIS-16371] - bump SBAT generation - Update bug url [Orabug: 34202300] - Revert provided certificate version back to 202102 [JIRA: OLDIS-16371] - Update signing certificate [JIRA: OLDIS-16371] - fix SBAT data [JIRA: OLDIS-16371] - Update requires [JIRA: OLDIS-16371] - Rebuild for SecureBoot signatures [Orabug: 33801813] - Do not add shim and grub certificate deps for aarch64 packages [Orabug: 32670033] - Update Oracle SBAT data [Orabug: 32670033] - Use new signing certificate [Orabug: 32670033] - honor /etc/sysconfig/kernel DEFAULTKERNEL setting for BLS [Orabug: 30643497] - set EFIDIR as redhat for additional grub2 tools [Orabug: 29875597] - Update upstream references [Orabug: 26388226] - Insert Unbreakable Enterprise Kernel text into BLS config file [Orabug: 29417955] - Put 'with' in menuentry instead of 'using' [Orabug: 18504756] - Use different titles for UEK and RHCK kernels [Orabug: 18504756] [2.06-27.el9_0.7] - CVE fixes for 2022-06-07 - CVE-2022-28736 CVE-2022-28735 CVE-2022-28734 CVE-2022-28733 - CVE-2021-3697 CVE-2021-3696 CVE-2021-3695 - Resolves: #2089810 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-3695 CVE-2022-28737 CVE-2022-28734 CVE-2022-28736 CVE-2021-3696 CVE-2021-3697 CVE-2022-28733 CVE-2022-28735 cpe:/o:oracle:linux:9:0:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [8.2.2637-16.0.1] - - Remove upstream references [Orabug: 31197557] [2:8.2.2637-16.2] - CVE-2022-1621 vim: heap buffer overflow - CVE-2022-1629 vim: buffer over-read [2:8.2.2637-16.1] - CVE-2022-0554 vim: Use of Out-of-range Pointer Offset in vim prior - CVE-2022-0943 vim: Heap-based Buffer Overflow occurs in vim - CVE-2022-1154 vim: use after free in utf_ptr2char - CVE-2022-1420 vim: Out-of-range Pointer Offset MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1621 CVE-2022-1154 CVE-2022-0943 CVE-2022-1629 CVE-2022-0554 CVE-2022-1420 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:0:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [ 2.2.10-12.2] - Improve fix for CVE-2022-25313 - Related: CVE-2022-25313 [ 2.2.10-12.1] - Fix multiple CVEs - Resolves: CVE-2022-25314 - Resolves: CVE-2022-25313 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-25313 CVE-2022-25314 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:0:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [7.76.1-14.el9_0.4] - fix too eager reuse of TLS and SSH connections (CVE-2022-27782) [7.76.1-14.el9_0.3] - fix leak of SRP credentials in redirects (CVE-2022-27774) [7.76.1-14.el9_0.2] - add missing tests to Makefile [7.76.1-14.el9_0.1] - fix credential leak on redirect (CVE-2022-27774) - fix auth/cookie leak on redirect (CVE-2022-27776) - fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-27774 CVE-2022-27782 CVE-2022-22576 CVE-2022-27776 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:0:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [5.14.0-70.17.1.0.1_0.OL9] - lockdown: also lock down previous kgdb use (Daniel Thompson) [Orabug: 34290418] {CVE-2022-21499} [5.14.0-70.17.1_0.OL9] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 < 15.3-1.0.4 - Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944] [5.14.0-70.17.1_0] - netfilter: nf_tables: disallow non-stateful expression in sets earlier (Phil Sutter) [2092994 2092995] {CVE-2022-1966} - thunderx nic: mark device as unmaintained (Inigo Huguet) [2092638 2060285] - pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init (Steve Best) [2092255 2067770] - perf: Fix sys_perf_event_open() race against self (Michael Petlan) [2087963 2087964] {CVE-2022-1729} - spec: Fix separate tools build (Jiri Olsa) [2090852 2054579] - mm: lru_cache_disable: replace work queue synchronization with synchronize_rcu (Marcelo Tosatti) [2086963 2033500] [5.14.0-70.16.1_0] - dm integrity: fix memory corruption when tag_size is less than digest size (Benjamin Marzinski) [2082187 2081778] [5.14.0-70.15.1_0] - CI: Use zstream builder image (Veronika Kabatova) - tcp: drop the hash_32() part from the index calculation (Guillaume Nault) [2087128 2064868] {CVE-2022-1012} - tcp: increase source port perturb table to 2^16 (Guillaume Nault) [2087128 2064868] {CVE-2022-1012} - tcp: dynamically allocate the perturb table used by source ports (Guillaume Nault) [2087128 2064868] {CVE-2022-1012} - tcp: add small random increments to the source port (Guillaume Nault) [2087128 2064868] {CVE-2022-1012} - tcp: resalt the secret every 10 seconds (Guillaume Nault) [2087128 2064868] {CVE-2022-1012} - tcp: use different parts of the port_offset for index and offset (Guillaume Nault) [2087128 2064868] {CVE-2022-1012} - secure_seq: use the 64 bits of the siphash for port offset calculation (Guillaume Nault) [2087128 2064868] {CVE-2022-1012} - Revert 'netfilter: conntrack: tag conntracks picked up in local out hook' (Florian Westphal) [2085480 2061850] - Revert 'netfilter: nat: force port remap to prevent shadowing well-known ports' (Florian Westphal) [2085480 2061850] - redhat/koji/Makefile: Decouple koji Makefile from Makefile.common (Andrea Claudi) - redhat: fix make {distg-brew,distg-koji} (Andrea Claudi) - esp: limit skb_page_frag_refill use to a single page (Sabrina Dubroca) [2082950 2082951] {CVE-2022-27666} - esp: Fix possible buffer overflow in ESP transformation (Sabrina Dubroca) [2082950 2082951] {CVE-2022-27666} - sctp: use the correct skb for security_sctp_assoc_request (Ondrej Mosnacek) [2084044 2078856] - security: implement sctp_assoc_established hook in selinux (Ondrej Mosnacek) [2084044 2078856] - security: add sctp_assoc_established hook (Ondrej Mosnacek) [2084044 2078856] - security: call security_sctp_assoc_request in sctp_sf_do_5_1D_ce (Ondrej Mosnacek) [2084044 2078856] - security: pass asoc to sctp_assoc_request and sctp_sk_clone (Ondrej Mosnacek) [2084044 2078856] [5.14.0-70.14.1_0] - PCI: hv: Propagate coherence from VMbus device to PCI device (Vitaly Kuznetsov) [2074830 2068432] - Drivers: hv: vmbus: Propagate VMbus coherence to each VMbus device (Vitaly Kuznetsov) [2074830 2068432] - redhat: rpminspect: disable 'patches' check for known empty patch files (Herton R. Krzesinski) - redhat/configs: make SHA512_arch algos and CRYPTO_USER built-ins (Vladis Dronov) [2072643 2070624] - CI: Drop baseline runs (Veronika Kabatova) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1966 CVE-2022-27666 CVE-2022-1729 CVE-2022-1012 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:0:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [2.9.13-1.1] - Fix CVE-2022-29824 (#2082299) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-29824 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:0:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [10.37-5] - Explicitly require uft subpackages in tools subpackage [10.37-4] - Resolves: CVE-2022-1586 CVE-2022-1587 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1587 CVE-2022-1586 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:0:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [3.5.3-2] - Resolves: CVE-2022-26280 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-26280 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:0:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [1.19.3-2] - CVE-2022-1215: fix a format string vulnerability (#2076816) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1215 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [6.2.0-11.el9_0.3] - kvm-RHEL-disable-seqpacket-for-vhost-vsock-device-in-rhe.patch [bz#2071102] - kvm-virtio-net-fix-map-leaking-on-error-during-receive.patch [bz#2075635] - kvm-vhost-vsock-detach-the-virqueue-element-in-case-of-e.patch [bz#2075640] - Resolves: bz#2071102 (RHEL 9.0 guest with vsock device migration failed from RHEL 9.0 > RHEL 8.6 [rhel-9.0.0.z]) - Resolves: bz#2075635 (CVE-2022-26353 qemu-kvm: QEMU: virtio-net: map leaking on error during receive [rhel-9] [rhel-9.0.0.z]) - Resolves: bz#2075640 (CVE-2022-26354 qemu-kvm: QEMU: vhost-vsock: missing virtqueue detach on error can lead to memory leak [rhel-9] [rhel-9.0.0.z]) [6.2.0-11.el9_0.2] - kvm-pci-expose-TYPE_XIO3130_DOWNSTREAM-name.patch [bz#2053584] - kvm-acpi-pcihp-pcie-set-power-on-cap-on-parent-slot.patch [bz#2053584] - kvm-vmxcap-Add-5-level-EPT-bit.patch [bz#2038051] - kvm-i386-Add-Icelake-Server-v6-CPU-model-with-5-level-EP.patch [bz#2038051] - kvm-acpi-fix-QEMU-crash-when-started-with-SLIC-table.patch [bz#2043531] - kvm-tests-acpi-whitelist-expected-blobs-before-changing-.patch [bz#2043531] - kvm-tests-acpi-add-SLIC-table-test.patch [bz#2043531] - kvm-tests-acpi-SLIC-update-expected-blobs.patch [bz#2043531] - kvm-tests-acpi-manually-pad-OEM_ID-OEM_TABLE_ID-for-test.patch [bz#2043531] - kvm-tests-acpi-whitelist-nvdimm-s-SSDT-and-FACP.slic-exp.patch [bz#2043531] - kvm-acpi-fix-OEM-ID-OEM-Table-ID-padding.patch [bz#2043531] - kvm-tests-acpi-update-expected-blobs.patch [bz#2043531] - kvm-tests-acpi-test-short-OEM_ID-OEM_TABLE_ID-values-in-.patch [bz#2043531] - kvm-rhel-workaround-for-lack-of-binary-patches-in-SRPM.patch [bz#2043531] - Resolves: bz#2053584 (watchdog: BUG: soft lockup - CPU#3 stuck for 22s! [cat:2843]) - Resolves: bz#2038051 (Win11 (q35+edk2) guest broke after install wsl2 through 'wsl --install -d Ubuntu-20.04') - Resolves: bz#2043531 (Guest can not start with SLIC acpi table) [6.2.0-11.el9_0.1] - kvm-RHEL-mark-old-machine-types-as-deprecated.patch [bz#2052050] - kvm-hw-virtio-vdpa-Fix-leak-of-host-notifier-memory-regi.patch [bz#2059786] - kvm-spec-Fix-obsolete-for-spice-subpackages.patch [bz#2059175 bz#2059146] - kvm-spec-Obsolete-old-usb-redir-subpackage.patch [bz#2059175 bz#2059146] - kvm-spec-Obsolete-ssh-driver.patch [bz#2059175 bz#2059146] MODERATE Copyright 2022 Oracle, Inc. CVE-2022-26354 CVE-2022-26353 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [91.11.0-2.0.1] - Replaced upstream package with oracle-indexhtml [Orabug: 33802044] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Removed Upstream references [91.11.0-2] - Update to 91.11.0 build2 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-2200 CVE-2022-34481 CVE-2022-31744 CVE-2022-34479 CVE-2022-34472 CVE-2022-34468 CVE-2022-34484 CVE-2022-34470 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [91.11.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Reference oracle-indexhtml within Requires [Orabug: 33802044] [91.11.0-2] - Update to 91.11.0 build2 [91.11.0-1] - Update to 91.11.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-31744 CVE-2022-34479 CVE-2022-34484 CVE-2022-34468 CVE-2022-34481 CVE-2022-2226 CVE-2022-2200 CVE-2022-34472 CVE-2022-34470 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [7:5.2-1.1] - Resolves: #2100784 - CVE-2021-46784 squid: DoS when processing gopher server responses IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-46784 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1:11.0.16.0.8-1.0.1] - Replace upstream references [Orabug: 34340155] [1:11.0.16.0.8-1] - Update to jdk-11.0.16+8 - Update release notes to 11.0.16+8 - Use same tarball naming style as java-17-openjdk and java-latest-openjdk - Drop JDK-8257794 patch now upstreamed - Print release file during build, which should now include a correct SOURCE value from .src-rev - Update tarball script with IcedTea GitHub URL and .src-rev generation - Use 'git apply' with patches in the tarball script to allow binary diffs - Include script to generate bug list for release notes - Update tzdata requirement to 2022a to match JDK-8283350 - Make use of the vendor version string to store our version & release rather than an upstream release date - Explicitly require crypto-policies during build and runtime for system security properties - Rebase FIPS patches from fips branch and simplify by using a single patch from that repository - * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage - * RH2090378: Revert to disabling system security properties and FIPS mode support together - Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch - Enable system security properties in the RPM (now disabled by default in the FIPS repo) - Improve security properties test to check both enabled and disabled behaviour - Run security properties test with property debugging on - Resolves: rhbz#2106516 - Resolves: rhbz#2099915 - Resolves: rhbz#2107868 [1:11.0.16.0.8-1] - Add additional patch during tarball generation to align tests with ECC changes - Related: rhbz#2106516 [1:11.0.16.0.8-1] - RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode - Resolves: rhbz#2107866 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-34169 CVE-2022-21541 CVE-2022-21540 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1.8.0.342.b07-1.0.1] - Replace upstream references [Orabug: 34340145] [1:1.8.0.342.b07-1] - Update to shenandoah-jdk8u342-b07 - Update release notes for shenandoah-8u342-b07. - Print release file during build, which should now include a correct SOURCE value from .src-rev - Update tarball script with IcedTea GitHub URL and .src-rev generation - Use 'git apply' with patches in the tarball script to allow binary diffs - Remove redundant 'REPOS' variable from tarball script - Include script to generate bug list for release notes - Update tzdata requirement to 2022a to match JDK-8283350 - Rebase FIPS patches from fips branch and simplify by using a single patch from that repository - * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage - * RH2090378: Revert to disabling system security properties and FIPS mode support together - Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch - Perform configuration changes (e.g. nss.cfg, nss.fips.cfg, tzdb.dat) in installjdk - Enable system security properties in the RPM (now disabled by default in the FIPS repo) - Improve security properties test to check both enabled and disabled behaviour - Run security properties test with property debugging on - Explicitly require crypto-policies during build and runtime for system security properties - Resolves: rhbz#2099916 - Resolves: rhbz#2107958 - Resolves: rhbz#2084776 - Resolves: rhbz#2106508 [1:1.8.0.332.b09-2] - RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode - Resolves: rhbz#2107956 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21541 CVE-2022-21540 CVE-2022-34169 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [7.5.11-5] - resolve CVE-2022-31107 grafana: OAuth account takeover IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-31107 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1:17.0.4.0.8-0.2.ea] - Revert the following changes until copy-java-configs has adapted to relative symlinks: - * Move cacerts replacement to install section and retain original of this and tzdb.dat - * Run tests on the installed image, rather than the build image - * Introduce variables to refer to the static library installation directories - * Use relative symlinks so they work within the image - * Run debug symbols check during build stage, before the install strips them - The move of turning on system security properties is retained so we don't ship with them off - Related: rhbz#2084779 [1:17.0.4.0.8-1] - Update to jdk-17.0.4.0+8 - Update release notes to 17.0.4.0+8 - Need to include the '.S' suffix in debuginfo checks after JDK-8284661 - Print release file during build, which should now include a correct SOURCE value from .src-rev - Update tarball script with IcedTea GitHub URL and .src-rev generation - Include script to generate bug list for release notes - Update tzdata requirement to 2022a to match JDK-8283350 - Move EA designator check to prep so failures can be caught earlier - Make EA designator check non-fatal while upstream is not maintaining it - Explicitly require crypto-policies during build and runtime for system security properties - Make use of the vendor version string to store our version & release rather than an upstream release date - Include a test in the RPM to check the build has the correct vendor information. - Rebase FIPS patches from fips-17u branch and simplify by using a single patch from that repository - * RH2094027: SunEC runtime permission for FIPS - * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage - * RH2090378: Revert to disabling system security properties and FIPS mode support together - Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch - Enable system security properties in the RPM (now disabled by default in the FIPS repo) - Improve security properties test to check both enabled and disabled behaviour - Run security properties test with property debugging on - Turn on system security properties as part of the build's install section - Move cacerts replacement to install section and retain original of this and tzdb.dat - Run tests on the installed image, rather than the build image - Introduce variables to refer to the static library installation directories - Use relative symlinks so they work within the image - Run debug symbols check during build stage, before the install strips them - Resolves: rhbz#2084779 - Resolves: rhbz#2099919 - Resolves: rhbz#2107943 - Resolves: rhbz#2107941 - Resolves: rhbz#2106523 [1:17.0.4.0.1-0.2.ea] - Fix issue where CheckVendor.java test erroneously passes when it should fail. - Add proper quoting so '&' is not treated as a special character by the shell. - Related: rhbz#2084779 [1:17.0.3.0.7-2] - RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode - Resolves: rhbz#2105395 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-34169 CVE-2022-21541 CVE-2022-21549 CVE-2022-21540 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [91.12.0-2.0.1] - Removed Upstream references [91.12.0-1] - Update to 91.12.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-36318 CVE-2022-2505 CVE-2022-36319 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [91.12.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Reference oracle-indexhtml within Requires [Orabug: 33802044] [91.12.0-1] - Update to 91.12.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-36318 CVE-2022-36319 CVE-2022-2505 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 golang [1.17.12-1] - Update Go to version 1.17.12 - Resolves: rhbz#2109183 [1.17.7-2] - Clean up dist-git patches - Resolves: rhbz#2109174 go-toolset [1.17.12-1] - Update Go to version 1.17.12 - Resolves: rhbz#2109183 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-1962 CVE-2022-28131 CVE-2022-30631 CVE-2022-32148 CVE-2022-1705 CVE-2022-30633 CVE-2022-30630 CVE-2022-30632 CVE-2022-30635 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [8.0.13-2] - fix password of excessive length triggers buffer overflow leading to RCE CVE-2022-31626 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-31626 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [8.2.2637-16.0.1.3] - Remove upstream references [Orabug: 31197557] [2:8.2.2637-16.3] - CVE-2022-1785 vim: Out-of-bounds Write - CVE-2022-1897 vim: out-of-bounds write in vim_regsub_both() in regexp.c - CVE-2022-1927 vim: buffer over-read in utf_ptr2char() in mbyte.c MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1785 CVE-2022-1897 CVE-2022-1927 cpe:/o:oracle:linux:9:1:baseos_base cpe:/o:oracle:linux:9:0:baseos_patch cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 galera [26.4.11-1.0.1] - Requirement to delete garbd-wrapper script and lp1184034 test case without using patches. Patches from previous release have been deleted - Drop nmap-ncat requirement. [Orabug: 34116228] - Added galera-skip-lp1184034-testcase.patch - Added backport-removes-nmap-probing-in-garbd-wrapper.patch [26.4.11-1] - Rebase to 26.4.11 mariadb [3:10.5.16-2] - Release bump for rebuild [3:10.5.16-1] - Rebase to 10.5.16 [3:10.5.15-1] - Rebase to 10.5.15 mysql-selinux [1.0.5-1] - Rebase to 1.0.5 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-46663 CVE-2022-27387 CVE-2022-27458 CVE-2022-27455 CVE-2022-24048 CVE-2021-46659 CVE-2021-46661 CVE-2021-46664 CVE-2021-46668 CVE-2022-24051 CVE-2022-27377 CVE-2022-27378 CVE-2022-27444 CVE-2022-27376 CVE-2022-27381 CVE-2022-27447 CVE-2022-27452 CVE-2022-24052 CVE-2021-46669 CVE-2022-27456 CVE-2022-31622 CVE-2022-27382 CVE-2021-46665 CVE-2022-27379 CVE-2022-27380 CVE-2022-27383 CVE-2022-27384 CVE-2022-27445 CVE-2022-27448 CVE-2022-27449 CVE-2022-24050 CVE-2022-27386 CVE-2022-27446 CVE-2022-27451 CVE-2022-27457 CVE-2022-31623 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::codeready_builder_developer Oracle Linux 9 [5.14.0-70.22.1.0.1_0.OL9] [lockdown: also lock down previous kgdb use (Daniel Thompson) [Orabug: 34290418] {CVE-2022-21499} [5.14.0-70.22.1_0.OL9] [Update Oracle Linux certificates (Kevin Lyons) [Disable signing for aarch64 (Ilya Okomin) [Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] [Update x509.genkey [Orabug: 24817676] [Conflict with shim-ia32 and shim-x64 < 15.3-1.0.4 [Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944] [5.14.0-70.22.1_0] [PCI: vmd: Revert 2565e5b69c44 ('PCI: vmd: Do not disable MSI-X remapping if interrupt remapping is enabled by IOMMU.') (Myron Stowe) [2109974 2084146] [PCI: vmd: Assign VMD IRQ domain before enumeration (Myron Stowe) [2109974 2084146] [rhel config: Set DMAR_UNITS_SUPPORTED (Jerry Snitselaar) [2105326 2094984] [iommu/vt-d: Make DMAR_UNITS_SUPPORTED a config setting (Jerry Snitselaar) [2105326 2094984] [5.14.0-70.21.1_0] [ibmvnic: fix race between xmit and reset (Gustavo Walbon) [2103085 2061556] [scsi: core: sysfs: Fix setting device state to SDEV_RUNNING (Chris Leech) [2098251 2095440] [scsi: core: sysfs: Fix hang when device state is set via sysfs (Chris Leech) [2098251 2095440] [5.14.0-70.20.1_0] [block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (Ming Lei) [2106024 2066297] {CVE-2022-0494} [ahci: Add a generic 'controller2' RAID id (Tomas Henzl) [2099740 2078880] [ahci: remove duplicated PCI device IDs (Tomas Henzl) [2099740 2042790] [gfs2: Stop using glock holder auto-demotion for now (Andreas Gruenbacher) [2097306 2082193] [gfs2: buffered write prefaulting (Andreas Gruenbacher) [2097306 2082193] [gfs2: Align read and write chunks to the page cache (Andreas Gruenbacher) [2097306 2082193] [gfs2: Pull return value test out of should_fault_in_pages (Andreas Gruenbacher) [2097306 2082193] [gfs2: Clean up use of fault_in_iov_iter_{read,write}able (Andreas Gruenbacher) [2097306 2082193] [gfs2: Variable rename (Andreas Gruenbacher) [2097306 2082193] [gfs2: Fix filesystem block deallocation for short writes (Andreas Gruenbacher) [2097306 2082193] [iomap: iomap_write_end cleanup (Andreas Gruenbacher) [2097306 2082193] [iomap: iomap_write_failed fix (Andreas Gruenbacher) [2097306 2082193] [gfs2: Don't re-check for write past EOF unnecessarily (Andreas Gruenbacher) [2097306 2082193] [gfs2: No short reads or writes upon glock contention (Andreas Gruenbacher) [2097306 2082193] [fs/iomap: Fix buffered write page prefaulting (Andreas Gruenbacher) [2097306 2082193] [gfs2: Make sure not to return short direct writes (Andreas Gruenbacher) [2097306 2082193] [gfs2: Remove dead code in gfs2_file_read_iter (Andreas Gruenbacher) [2097306 2082193] [gfs2: Fix gfs2_file_buffered_write endless loop workaround (Andreas Gruenbacher) [2097306 2082193] [gfs2: Minor retry logic cleanup (Andreas Gruenbacher) [2097306 2082193] [gfs2: Disable page faults during lockless buffered reads (Andreas Gruenbacher) [2097306 2082193] [gfs2: Fix should_fault_in_pages() logic (Andreas Gruenbacher) [2097306 2082193] [gfs2: Initialize gh_error in gfs2_glock_nq (Andreas Gruenbacher) [2097306 2082193] [gfs2: Make use of list_is_first (Andreas Gruenbacher) [2097306 2082193] [gfs2: Switch lock order of inode and iopen glock (Andreas Gruenbacher) [2097306 2082193] [gfs2: cancel timed-out glock requests (Andreas Gruenbacher) [2097306 2082193] [gfs2: Expect -EBUSY after canceling dlm locking requests (Andreas Gruenbacher) [2097306 2082193] [gfs2: gfs2_setattr_size error path fix (Andreas Gruenbacher) [2097306 2082193] [gfs2: assign rgrp glock before compute_bitstructs (Bob Peterson) [2097306 2082193] [5.14.0-70.19.1_0] [KVM: x86/mmu: make apf token non-zero to fix bug (Vitaly Kuznetsov) [2100903 2074832] [powerpc/64: Move paca allocation later in boot (Desnes A. Nunes do Rosario) [2092248 2055566] [powerpc: Set crashkernel offset to mid of RMA region (Desnes A. Nunes do Rosario) [2092248 2055566] [powerpc/64s/hash: Make hash faults work in NMI context (Desnes A. Nunes do Rosario) [2092253 2062762] [5.14.0-70.18.1_0] [NFSv4: Fix free of uninitialized nfs4_label on referral lookup. (Benjamin Coddington) [2101858 2086367] [NFSv4 only print the label when its queried (Benjamin Coddington) [2101854 2057327] [crypto: fips - make proc files report fips module name and version (Simo Sorce) [2093384 2080499] [net: sched: fix use-after-free in tc_new_tfilter() (Ivan Vecera) [2071707 2090410] {CVE-2022-1055} MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1055 CVE-2022-0494 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:0:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [6.0.108-1.0.1] - Add missing Oracle RIDs - Build all packages on source-build even when in servicing [6.0.108-1] - Update to .NET SDK 6.0.108 and Runtime 6.0.8 - Resolves: RHBZ#2112413 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-34716 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [7.76.1-14.el9_0.5] - fix unpreserved file permissions (CVE-2022-32207) - fix HTTP compression denial of service (CVE-2022-32206) - fix FTP-KRB bad message verification (CVE-2022-32208) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-32208 CVE-2022-32207 CVE-2022-32206 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:0:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [91.13.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Reference oracle-indexhtml within Requires [Orabug: 33802044] [91.13.0-1] - Update to 91.13.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-38473 CVE-2022-38478 CVE-2022-38472 CVE-2022-38476 CVE-2022-38477 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [91.13.0-1.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [91.13.0-1] - Update to 91.13.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-38478 CVE-2022-38472 CVE-2022-38476 CVE-2022-38473 CVE-2022-38477 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [3.2.3-9.2] - Resolves: #2111176 - remote arbitrary files write inside the directories of connecting peers IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-29154 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:0:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [3.0.1-41.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.1-41] - Zeroize public keys as required by FIPS 140-3 Resolves: rhbz#2115861 - Add FIPS indicator for HKDF Resolves: rhbz#2118388 [1:3.0.1-40] - Deal with DH keys in FIPS mode according FIPS-140-3 requirements Related: rhbz#2115856 - Deal with ECDH keys in FIPS mode according FIPS-140-3 requirements Related: rhbz#2115857 - Use signature for RSA pairwise test according FIPS-140-3 requirements Related: rhbz#2115858 - Reseed all the parent DRBGs in chain on reseeding a DRBG Related: rhbz#2115859 - Zeroization according to FIPS-140-3 requirements Related: rhbz#2115861 [1:3.0.1-39] - Use RSA-OAEP in FIPS RSA encryption/decryption FIPS self-test - Use Use digest_sign & digest_verify in FIPS signature self test - Use FFDHE2048 in Diffie-Hellman FIPS self-test Resolves: rhbz#2112978 [1:3.0.1-38] - Fix segfault in EVP_PKEY_Q_keygen() when OpenSSL was not previously initialized. Resolves: rhbz#2107530 - Improve AES-GCM performance on Power9 and Power10 ppc64le Resolves: rhbz#2103044 - Improve ChaCha20 performance on Power10 ppc64le Resolves: rhbz#2103044 [1:3.0.1-37] - CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 Resolves: CVE-2022-2097 [1:3.0.1-36] - Ciphersuites with RSAPSK KX should be filterd in FIPS mode - Related: rhbz#2091994 - FIPS provider should block RSA encryption for key transport. - Other RSA encryption options should still be available if key length is enough - Related: rhbz#2091977 - Improve diagnostics when passing unsupported groups in TLS - Related: rhbz#2086554 - Fix PPC64 Montgomery multiplication bug - Related: rhbz#2101346 - Strict certificates validation shouldn't allow explicit EC parameters - Related: rhbz#2085521 - CVE-2022-2068: the c_rehash script allows command injection - Related: rhbz#2098276 [1:3.0.1-35] - Add explicit indicators for signatures in FIPS mode and mark signature primitives as unapproved. Resolves: rhbz#2087234 [1:3.0.1-34] - Some OpenSSL test certificates are expired, updating - Resolves: rhbz#2095696 [1:3.0.1-33] - CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory - Resolves: rhbz#2089443 - CVE-2022-1343 openssl: Signer certificate verification returned inaccurate response when using OCSP_NOCHECKS - Resolves: rhbz#2089439 - CVE-2022-1292 openssl: c_rehash script allows command injection - Resolves: rhbz#2090361 - Revert 'Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode' Related: rhbz#2087234 - Use KAT for ECDSA signature tests, s390 arch - Resolves: rhbz#2086866 [1:3.0.1-32] - openssl ecparam -list_curves lists only FIPS-approved curves in FIPS mode - Resolves: rhbz#2091929 - Ciphersuites with RSA KX should be filterd in FIPS mode - Related: rhbz#2091994 - In FIPS mode, signature verification works with keys of arbitrary size above 2048 bit, and only with 1024, 1280, 1536, 1792 bits for keys below 2048 bits - Resolves: rhbz#2091938 [1:3.0.1-31] - Disable SHA-1 signature verification in FIPS mode - Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode Resolves: rhbz#2087234 [1:3.0.1-30] - Use KAT for ECDSA signature tests - Resolves: rhbz#2086866 [1:3.0.1-29] - -config argument of openssl app should work properly in FIPS mode - Resolves: rhbz#2085500 - openssl req defaults on PKCS#8 encryption changed to AES-256-CBC - Resolves: rhbz#2085499 [1:3.0.1-28] - OpenSSL should not accept custom elliptic curve parameters - Resolves rhbz#2085508 - OpenSSL should not accept explicit curve parameters in FIPS mode - Resolves rhbz#2085521 [1:3.0.1-27] - Change FIPS module version to include hash of specfile, patches and sources Resolves: rhbz#2082585 [1:3.0.1-26] - OpenSSL FIPS module should not build in non-approved algorithms Resolves: rhbz#2082584 [1:3.0.1-25] - FIPS provider should block RSA encryption for key transport. - Other RSA encryption options should still be available - Resolves: rhbz#2053289 [1:3.0.1-24] - Fix occasional internal error in TLS when DHE is used Resolves: rhbz#2080323 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1473 CVE-2022-1343 CVE-2022-2068 CVE-2022-2097 CVE-2022-1292 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:0:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [11.3.5-1.0.1.el9_0.1] - Fix spaces in vmware udev rule for scsi devices [Orabug: 24461968] - Fix vmware udev rule in 99-vmware-scsi-timeout.rules file. [Orabug: 22815019] - Increase timeout for scsi devices on VMWare guests by adding a udev rule. [Orabug: 21819156] [11.3.5-1.el9_0.1] - ovt-Properly-check-authorization-on-incoming-guestOps-re.patch [bz#2119285] - Resolves: bz#2119285 (CVE-2022-31676 open-vm-tools: local root privilege escalation in the virtual machine [rhel-9.0.0.z]) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-31676 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [6.0.109-1.0.1] - Add missing Oracle RIDs - Build all packages on source-build even when in servicing [6.0.109-1] - Update to .NET SDK 6.0.109 and Runtime 6.0.9 - Resolves: RHBZ#2123791 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-38013 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [3.0.4-160] - Upgrade to Ruby 3.0.4. Resolves: rhbz#2109428 - OpenSSL test suite fixes due to disabled SHA1. Related: rbhz#2109428 - Fix double free in Regexp compilation. Resolves: CVE-2022-28738 - Fix buffer overrun in String-to-Float conversion. Resolves: CVE-2022-28739 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-28739 CVE-2022-28738 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::codeready_builder_developer Oracle Linux 9 [8.0.30-3] - Release bump for rebuild [8.0.30-1] - Update to MySQL 8.0.30 - Remove patches now upstream: chain certs, OpenSSL 3, s390 and robin hood - Add a new plugin [8.0.29-1] - Update to MySQL 8.0.29 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-21444 CVE-2022-21534 CVE-2022-21478 CVE-2022-21556 CVE-2022-21547 CVE-2022-21435 CVE-2022-21531 CVE-2022-21539 CVE-2022-21459 CVE-2022-21509 CVE-2022-21526 CVE-2022-21418 CVE-2022-21452 CVE-2022-21414 CVE-2022-21530 CVE-2022-21417 CVE-2022-21436 CVE-2022-21423 CVE-2022-21455 CVE-2022-21527 CVE-2022-21528 CVE-2022-21537 CVE-2022-21427 CVE-2022-21437 CVE-2022-21440 CVE-2022-21522 CVE-2022-21569 CVE-2022-21412 CVE-2022-21413 CVE-2022-21415 CVE-2022-21451 CVE-2022-21454 CVE-2022-21425 CVE-2022-21479 CVE-2022-21517 CVE-2022-21525 CVE-2022-21538 CVE-2022-21438 CVE-2022-21457 CVE-2022-21460 CVE-2022-21462 CVE-2022-21515 CVE-2022-21529 CVE-2022-21553 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9::codeready_builder_developer Oracle Linux 9 nodejs [16.16.0-1] - Rebase to version 16.16.0 Resolves: RHBZ#2106290 Resolves: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 [16.14.0-5] - Decouple dependency bundling from bootstrapping nodejs-nodemon MODERATE Copyright 2022 Oracle, Inc. CVE-2020-7788 CVE-2022-32213 CVE-2022-29244 CVE-2021-33502 CVE-2022-32215 CVE-2022-33987 CVE-2022-32212 CVE-2020-28469 CVE-2021-3807 CVE-2022-32214 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::distro_builder cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [2.3.3-2] - Fix CVE-2022-34903 (#2108449) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-34903 cpe:/o:oracle:linux:9:0:baseos_patch cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base cpe:/o:oracle:linux:9::baseos_developer cpe:/o:oracle:linux:9:1:baseos_base cpe:/o:oracle:linux:9:2:baseos_base Oracle Linux 9 [28-5.1] - Fix a stack buffer over-read in the c-shquote library - Fix null pointer reference when supplying a malformed XML config file - Add gating.yaml Resolves: CVE-2022-31212 Resolves: CVE-2022-31213 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-31213 CVE-2022-31212 cpe:/o:oracle:linux:9:0:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [5.14.0-70.26.1.0.1_0.OL9] - lockdown: also lock down previous kgdb use (Daniel Thompson) [Orabug: 34290418] {CVE-2022-21499} [5.14.0-70.26.1_0.OL9] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 < 15.3-1.0.4 - Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944] [5.14.0-70.26.1_0] - redhat/configs enable CONFIG_ICE_HWTS (Petr Oros) [2108204 2037974] - redhat/configs enable CONFIG_ICE_SWITCHDEV (Petr Oros) [2108204 2037974] - ice: Fix VF not able to send tagged traffic with no VLAN filters (Petr Oros) [2119290 2116964] - ice: Ignore error message when setting same promiscuous mode (Petr Oros) [2119290 2116964] - ice: Fix clearing of promisc mode with bridge over bond (Petr Oros) [2119290 2116964] - ice: Ignore EEXIST when setting promisc mode (Petr Oros) [2119290 2116964] - ice: Fix double VLAN error when entering promisc mode (Petr Oros) [2119290 2116964] - ice: Fix promiscuous mode not turning off (Petr Oros) [2119290 2116964] - ice: Introduce enabling promiscuous mode on multiple VF's (Petr Oros) [2119290 2116964] - ice: do not setup vlan for loopback VSI (Petr Oros) [2119290 2116964] - ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS) (Petr Oros) [2119290 2116964] - ice: Fix VSIs unable to share unicast MAC (Petr Oros) [2119290 2116964] - ice: Fix max VLANs available for VF (Petr Oros) [2119290 2116964] - ice: change devlink code to read NVM in blocks (Petr Oros) [2119290 2116964] - ice: Fix memory corruption in VF driver (Petr Oros) [2108204 2037974] - ice: Fix queue config fail handling (Petr Oros) [2108204 2037974] - ice: Sync VLAN filtering features for DVM (Petr Oros) [2108204 2037974] - ice: Fix PTP TX timestamp offset calculation (Petr Oros) [2108204 2037974] - ice: Fix interrupt moderation settings getting cleared (Petr Oros) [2108204 2037974] - ice: fix possible under reporting of ethtool Tx and Rx statistics (Petr Oros) [2108204 2037974] - ice: fix crash when writing timestamp on RX rings (Petr Oros) [2108204 2037974] - ice: fix PTP stale Tx timestamps cleanup (Petr Oros) [2108204 2037974] - ice: clear stale Tx queue settings before configuring (Petr Oros) [2108204 2037974] - ice: Fix race during aux device (un)plugging (Petr Oros) [2108204 2037974] - ice: fix use-after-free when deinitializing mailbox snapshot (Petr Oros) [2108204 2037974] - ice: wait 5 s for EMP reset after firmware flash (Petr Oros) [2108204 2037974] - ice: Protect vf_state check by cfg_lock in ice_vc_process_vf_msg() (Petr Oros) [2108204 2037974] - ice: Fix incorrect locking in ice_vc_process_vf_msg() (Petr Oros) [2108204 2037974] - ice: Fix memory leak in ice_get_orom_civd_data() (Petr Oros) [2108204 2037974] - ice: fix crash in switchdev mode (Petr Oros) [2108204 2037974] - ice: allow creating VFs for !CONFIG_NET_SWITCHDEV (Petr Oros) [2108204 2037974] - ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (Petr Oros) [2108204 2037974] - ice: clear cmd_type_offset_bsz for TX rings (Petr Oros) [2108204 2037974] - ice: xsk: fix VSI state check in ice_xsk_wakeup() (Petr Oros) [2108204 2037974] - ice: synchronize_rcu() when terminating rings (Petr Oros) [2108204 2037974] - ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (Petr Oros) [2108204 2037974] - ice: Set txq_teid to ICE_INVAL_TEID on ring creation (Petr Oros) [2108204 2037974] - ice: Fix broken IFF_ALLMULTI handling (Petr Oros) [2108204 2037974] - ice: Fix MAC address setting (Petr Oros) [2108204 2037974] - ice: Clear default forwarding VSI during VSI release (Petr Oros) [2108204 2037974] - ice: xsk: Fix indexing in ice_tx_xsk_pool() (Petr Oros) [2108204 2037974] - ice: xsk: Stop Rx processing when ntc catches ntu (Petr Oros) [2108204 2037974] - ice: don't allow to run ice_send_event_to_aux() in atomic ctx (Petr Oros) [2108204 2037974] - ice: fix 'scheduling while atomic' on aux critical err interrupt (Petr Oros) [2108204 2037974] - ice: add trace events for tx timestamps (Petr Oros) [2108204 2037974] - ice: fix return value check in ice_gnss.c (Petr Oros) [2108204 2037974] - ice: destroy flow director filter mutex after releasing VSIs (Petr Oros) [2108204 2037974] - ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats() (Petr Oros) [2108204 2037974] - ice: remove PF pointer from ice_check_vf_init (Petr Oros) [2108204 2037974] - ice: introduce ice_virtchnl.c and ice_virtchnl.h (Petr Oros) [2108204 2037974] - ice: cleanup long lines in ice_sriov.c (Petr Oros) [2108204 2037974] - ice: introduce ICE_VF_RESET_LOCK flag (Petr Oros) [2108204 2037974] - ice: introduce ICE_VF_RESET_NOTIFY flag (Petr Oros) [2108204 2037974] - ice: convert ice_reset_vf to take flags (Petr Oros) [2108204 2037974] - ice: convert ice_reset_vf to standard error codes (Petr Oros) [2108204 2037974] - ice: make ice_reset_all_vfs void (Petr Oros) [2108204 2037974] - ice: drop is_vflr parameter from ice_reset_all_vfs (Petr Oros) [2108204 2037974] - ice: move reset functionality into ice_vf_lib.c (Petr Oros) [2108204 2037974] - ice: fix a long line warning in ice_reset_vf (Petr Oros) [2108204 2037974] - ice: introduce VF operations structure for reset flows (Petr Oros) [2108204 2037974] - ice: fix incorrect dev_dbg print mistaking 'i' for vf->vf_id (Petr Oros) [2108204 2037974] - ice: introduce ice_vf_lib.c, ice_vf_lib.h, and ice_vf_lib_private.h (Petr Oros) [2108204 2037974] - ice: use ice_is_vf_trusted helper function (Petr Oros) [2108204 2037974] - ice: log an error message when eswitch fails to configure (Petr Oros) [2108204 2037974] - ice: cleanup error logging for ice_ena_vfs (Petr Oros) [2108204 2037974] - ice: move ice_set_vf_port_vlan near other .ndo ops (Petr Oros) [2108204 2037974] - ice: refactor spoofchk control code in ice_sriov.c (Petr Oros) [2108204 2037974] - ice: rename ICE_MAX_VF_COUNT to avoid confusion (Petr Oros) [2108204 2037974] - ice: remove unused definitions from ice_sriov.h (Petr Oros) [2108204 2037974] - ice: convert vf->vc_ops to a const pointer (Petr Oros) [2108204 2037974] - ice: remove circular header dependencies on ice.h (Petr Oros) [2108204 2037974] - ice: rename ice_virtchnl_pf.c to ice_sriov.c (Petr Oros) [2108204 2037974] - ice: rename ice_sriov.c to ice_vf_mbx.c (Petr Oros) [2108204 2037974] - ice: Fix FV offset searching (Petr Oros) [2108204 2037974] - ice: Add support for outer dest MAC for ADQ tunnels (Petr Oros) [2108204 2037974] - ice: avoid XDP checks in ice_clean_tx_irq() (Petr Oros) [2108204 2037974] - ice: change 'can't set link' message to dbg level (Petr Oros) [2108204 2037974] - ice: Add slow path offload stats on port representor in switchdev (Petr Oros) [2108204 2037974] - ice: Add support for inner etype in switchdev (Petr Oros) [2108204 2037974] - ice: Fix curr_link_speed advertised speed (Petr Oros) [2108204 2037974] - ice: Don't use GFP_KERNEL in atomic context (Petr Oros) [2108204 2037974] - ice: stop disabling VFs due to PF error responses (Petr Oros) [2108204 2037974] - ice: convert VF storage to hash table with krefs and RCU (Petr Oros) [2108204 2037974] - ice: introduce VF accessor functions (Petr Oros) [2108204 2037974] - ice: factor VF variables to separate structure (Petr Oros) [2108204 2037974] - ice: convert ice_for_each_vf to include VF entry iterator (Petr Oros) [2108204 2037974] - ice: use ice_for_each_vf for iteration during removal (Petr Oros) [2108204 2037974] - ice: remove checks in ice_vc_send_msg_to_vf (Petr Oros) [2108204 2037974] - ice: move VFLR acknowledge during ice_free_vfs (Petr Oros) [2108204 2037974] - ice: move clear_malvf call in ice_free_vfs (Petr Oros) [2108204 2037974] - ice: pass num_vfs to ice_set_per_vf_res() (Petr Oros) [2108204 2037974] - ice: store VF pointer instead of VF ID (Petr Oros) [2108204 2037974] - ice: refactor unwind cleanup in eswitch mode (Petr Oros) [2108204 2037974] - ice: add TTY for GNSS module for E810T device (Petr Oros) [2108204 2037974] - ice: initialize local variable 'tlv' (Petr Oros) [2108204 2037974] - ice: check the return of ice_ptp_gettimex64 (Petr Oros) [2108204 2037974] - ice: fix concurrent reset and removal of VFs (Petr Oros) [2108204 2037974] - ice: fix setting l4 port flag when adding filter (Petr Oros) [2108204 2037974] - ice: Match on all profiles in slow-path (Petr Oros) [2108204 2037974] - ice: enable parsing IPSEC SPI headers for RSS (Petr Oros) [2108204 2037974] - ice: Simplify tracking status of RDMA support (Petr Oros) [2108204 2037974] - ice: fix IPIP and SIT TSO offload (Petr Oros) [2108204 2037974] - ice: fix an error code in ice_cfg_phy_fec() (Petr Oros) [2108204 2037974] - ice: Add ability for PF admin to enable VF VLAN pruning (Petr Oros) [2108204 2037974] - ice: Add support for 802.1ad port VLANs VF (Petr Oros) [2108204 2037974] - ice: Advertise 802.1ad VLAN filtering and offloads for PF netdev (Petr Oros) [2108204 2037974] - ice: Support configuring the device to Double VLAN Mode (Petr Oros) [2108204 2037974] - ice: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 (Petr Oros) [2108204 2037974] - ice: Add hot path support for 802.1Q and 802.1ad VLAN offloads (Petr Oros) [2108204 2037974] - ice: Add outer_vlan_ops and VSI specific VLAN ops implementations (Petr Oros) [2108204 2037974] - ice: Adjust naming for inner VLAN operations (Petr Oros) [2108204 2037974] - ice: Use the proto argument for VLAN ops (Petr Oros) [2108204 2037974] - ice: Refactor vf->port_vlan_info to use ice_vlan (Petr Oros) [2108204 2037974] - ice: Introduce ice_vlan struct (Petr Oros) [2108204 2037974] - ice: Add new VSI VLAN ops (Petr Oros) [2108204 2037974] - ice: Add helper function for adding VLAN 0 (Petr Oros) [2108204 2037974] - ice: Refactor spoofcheck configuration functions (Petr Oros) [2108204 2037974] - ice: Remove likely for napi_complete_done (Petr Oros) [2108204 2037974] - ice: add support for DSCP QoS for IDC (Petr Oros) [2108204 2037974] - ice: respect metadata on XSK Rx to skb (Petr Oros) [2108204 2037974] - ice: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (Petr Oros) [2108204 2037974] - ice: respect metadata in legacy-rx/ice_construct_skb() (Petr Oros) [2108204 2037974] - ice: Remove useless DMA-32 fallback configuration (Petr Oros) [2108204 2037974] - ice: Use bitmap_free() to free bitmap (Petr Oros) [2108204 2037974] - ice: Optimize a few bitmap operations (Petr Oros) [2108204 2037974] - ice: Slightly simply ice_find_free_recp_res_idx (Petr Oros) [2108204 2037974] - ice: improve switchdev's slow-path (Petr Oros) [2108204 2037974] - ice: replay advanced rules after reset (Petr Oros) [2108204 2037974] - net: fixup build after bpf header changes (Petr Oros) [2108204 2037974] - net: Don't include filter.h from net/sock.h (Petr Oros) [2108204 2037974] - ice: Add flow director support for channel mode (Petr Oros) [2108204 2037974] - ice: switch to napi_build_skb() (Petr Oros) [2108204 2037974] - ice: xsk: fix cleaned_count setting (Petr Oros) [2108204 2037974] - ice: xsk: allow empty Rx descriptors on XSK ZC data path (Petr Oros) [2108204 2037974] - ice: xsk: allocate separate memory for XDP SW ring (Petr Oros) [2108204 2037974] - ice: xsk: return xsk buffers back to pool when cleaning the ring (Petr Oros) [2108204 2037974] - ice: trivial: fix odd indenting (Petr Oros) [2108204 2037974] - ice: support crosstimestamping on E822 devices if supported (Petr Oros) [2108204 2037974] - ice: exit bypass mode once hardware finishes timestamp calibration (Petr Oros) [2108204 2037974] - ice: ensure the hardware Clock Generation Unit is configured (Petr Oros) [2108204 2037974] - ice: implement basic E822 PTP support (Petr Oros) [2108204 2037974] - ice: convert clk_freq capability into time_ref (Petr Oros) [2108204 2037974] - ice: introduce ice_ptp_init_phc function (Petr Oros) [2108204 2037974] - ice: use 'int err' instead of 'int status' in ice_ptp_hw.c (Petr Oros) [2108204 2037974] - ice: PTP: move setting of tstamp_config (Petr Oros) [2108204 2037974] - ice: introduce ice_base_incval function (Petr Oros) [2108204 2037974] - ice: Fix E810 PTP reset flow (Petr Oros) [2108204 2037974] - ice: Don't put stale timestamps in the skb (Petr Oros) [2108204 2037974] - ice: Use div64_u64 instead of div_u64 in adjfine (Petr Oros) [2108204 2037974] - ice: use modern kernel API for kick (Petr Oros) [2108204 2037974] - ice: tighter control over VSI_DOWN state (Petr Oros) [2108204 2037974] - ice: use prefetch methods (Petr Oros) [2108204 2037974] - ice: update to newer kernel API (Petr Oros) [2108204 2037974] - ice: support immediate firmware activation via devlink reload (Petr Oros) [2108204 2037974] - ice: reduce time to read Option ROM CIVD data (Petr Oros) [2108204 2037974] - ice: move ice_devlink_flash_update and merge with ice_flash_pldm_image (Petr Oros) [2108204 2037974] - ice: move and rename ice_check_for_pending_update (Petr Oros) [2108204 2037974] - ice: devlink: add shadow-ram region to snapshot Shadow RAM (Petr Oros) [2108204 2037974] - ice: Remove unused ICE_FLOW_SEG_HDRS_L2_MASK (Petr Oros) [2108204 2037974] - ice: Remove unnecessary casts (Petr Oros) [2108204 2037974] - ice: Propagate error codes (Petr Oros) [2108204 2037974] - ice: Remove excess error variables (Petr Oros) [2108204 2037974] - ice: Cleanup after ice_status removal (Petr Oros) [2108204 2037974] - ice: Remove enum ice_status (Petr Oros) [2108204 2037974] - ice: Use int for ice_status (Petr Oros) [2108204 2037974] - ice: Remove string printing for ice_status (Petr Oros) [2108204 2037974] - ice: Refactor status flow for DDP load (Petr Oros) [2108204 2037974] - ice: Refactor promiscuous functions (Petr Oros) [2108204 2037974] - ice: refactor PTYPE validating (Petr Oros) [2108204 2037974] - ice: Add package PTYPE enable information (Petr Oros) [2108204 2037974] - ice: safer stats processing (Petr Oros) [2108204 2037974] - ice: fix adding different tunnels (Petr Oros) [2108204 2037974] - ice: fix choosing UDP header type (Petr Oros) [2108204 2037974] - ice: ignore dropped packets during init (Petr Oros) [2108204 2037974] - ice: rearm other interrupt cause register after enabling VFs (Petr Oros) [2108204 2037974] - ice: fix FDIR init missing when reset VF (Petr Oros) [2108204 2037974] - net/ice: Remove unused enum (Petr Oros) [2108204 2037974] - net/ice: Fix boolean assignment (Petr Oros) [2108204 2037974] - ice: avoid bpf_prog refcount underflow (Petr Oros) [2108204 2037974] - ice: fix vsi->txq_map sizing (Petr Oros) [2108204 2037974] - net/ice: Add support for enable_iwarp and enable_roce devlink param (Petr Oros) [2108204 2037974] - ice: Hide bus-info in ethtool for PRs in switchdev mode (Petr Oros) [2108204 2037974] - ice: Clear synchronized addrs when adding VFs in switchdev mode (Petr Oros) [2108204 2037974] - ice: fix error return code in ice_get_recp_frm_fw() (Petr Oros) [2108204 2037974] - ice: Fix clang -Wimplicit-fallthrough in ice_pull_qvec_from_rc() (Petr Oros) [2108204 2037974] - ice: Add support to print error on PHY FW load failure (Petr Oros) [2108204 2037974] - ice: Add support for changing MTU on PR in switchdev mode (Petr Oros) [2108204 2037974] - ice: send correct vc status in switchdev (Petr Oros) [2108204 2037974] - ice: support for GRE in eswitch (Petr Oros) [2108204 2037974] - ice: low level support for tunnels (Petr Oros) [2108204 2037974] - ice: VXLAN and Geneve TC support (Petr Oros) [2108204 2037974] - ice: support for indirect notification (Petr Oros) [2108204 2037974] - ice: Add tc-flower filter support for channel (Petr Oros) [2108204 2037974] - ice: enable ndo_setup_tc support for mqprio_qdisc (Petr Oros) [2108204 2037974] - ice: Add infrastructure for mqprio support via ndo_setup_tc (Petr Oros) [2108204 2037974] - ice: fix an error code in ice_ena_vfs() (Petr Oros) [2108204 2037974] - ice: Refactor PR ethtool ops (Petr Oros) [2108204 2037974] - ice: Manage act flags for switchdev offloads (Petr Oros) [2108204 2037974] - ice: Forbid trusted VFs in switchdev mode (Petr Oros) [2108204 2037974] - ice: introduce XDP_TX fallback path (Petr Oros) [2108204 2037974] - ice: optimize XDP_TX workloads (Petr Oros) [2108204 2037974] - ice: propagate xdp_ring onto rx_ring (Petr Oros) [2108204 2037974] - ice: do not create xdp_frame on XDP_TX (Petr Oros) [2108204 2037974] - ice: unify xdp_rings accesses (Petr Oros) [2108204 2037974] - ice: ndo_setup_tc implementation for PR (Petr Oros) [2108204 2037974] - ice: ndo_setup_tc implementation for PF (Petr Oros) [2108204 2037974] - ice: Allow changing lan_en and lb_en on all kinds of filters (Petr Oros) [2108204 2037974] - ice: cleanup rules info (Petr Oros) [2108204 2037974] - ice: allow deleting advanced rules (Petr Oros) [2108204 2037974] - ice: allow adding advanced rules (Petr Oros) [2108204 2037974] - ice: create advanced switch recipe (Petr Oros) [2108204 2037974] - ice: manage profiles and field vectors (Petr Oros) [2108204 2037974] - ice: implement low level recipes functions (Petr Oros) [2108204 2037974] - ice: add port representor ethtool ops and stats (Petr Oros) [2108204 2037974] - ice: switchdev slow path (Petr Oros) [2108204 2037974] - ice: rebuild switchdev when resetting all VFs (Petr Oros) [2108204 2037974] - ice: enable/disable switchdev when managing VFs (Petr Oros) [2108204 2037974] - ice: introduce new type of VSI for switchdev (Petr Oros) [2108204 2037974] - ice: set and release switchdev environment (Petr Oros) [2108204 2037974] - ice: allow changing lan_en and lb_en on dflt rules (Petr Oros) [2108204 2037974] - ice: manage VSI antispoof and destination override (Petr Oros) [2108204 2037974] - ice: allow process VF opcodes in different ways (Petr Oros) [2108204 2037974] - ice: introduce VF port representor (Petr Oros) [2108204 2037974] - ice: Move devlink port to PF/VF struct (Petr Oros) [2108204 2037974] - ice: support basic E-Switch mode control (Petr Oros) [2108204 2037974] - ethernet: use eth_hw_addr_set() for dev->addr_len cases (Petr Oros) [2108204 2037974] - ethernet: use eth_hw_addr_set() instead of ether_addr_copy() (Petr Oros) [2108204 2037974] - ice: Use xdp_buf instead of rx_buf for xsk zero-copy (Petr Oros) [2108204 2037974] - ice: Only lock to update netdev dev_addr (Petr Oros) [2108204 2037974] - ice: restart periodic outputs around time changes (Petr Oros) [2108204 2037974] - ice: fix Tx queue iteration for Tx timestamp enablement (Petr Oros) [2108204 2037974] - devlink: Add 'enable_iwarp' generic device param (Petr Oros) [2108204 2037974] - i40e: Fix tunnel checksum offload with fragmented traffic (Ivan Vecera) [2119479 2037980] - i40e: Fix call trace in setup_tx_descriptors (Ivan Vecera) [2119479 2037980] - i40e: Fix calculating the number of queue pairs (Ivan Vecera) [2119479 2037980] - i40e: Fix adding ADQ filter to TC0 (Ivan Vecera) [2119479 2037980] - i40e: i40e_main: fix a missing check on list iterator (Ivan Vecera) [2119479 2037980] - i40e, xsk: Get rid of redundant 'fallthrough' (Ivan Vecera) [2119479 2037980] - i40e, xsk: Diversify return values from xsk_wakeup call paths (Ivan Vecera) [2119479 2037980] - i40e, xsk: Terminate Rx side of NAPI when XSK Rx queue gets full (Ivan Vecera) [2119479 2037980] - i40e: Add Ethernet Connection X722 for 10GbE SFP+ support (Ivan Vecera) [2119479 2037980] - i40e: Add vsi.tx_restart to i40e ethtool stats (Ivan Vecera) [2119479 2037980] - i40e: Add tx_stopped stat (Ivan Vecera) [2119479 2037980] - i40e: Add support for MPLS + TSO (Ivan Vecera) [2119479 2037980] - i40e: little endian only valid checksums (Ivan Vecera) [2119479 2037980] - i40e: stop disabling VFs due to PF error responses (Ivan Vecera) [2119479 2037980] - Revert 'i40e: Fix reset bw limit when DCB enabled with 1 TC' (Ivan Vecera) [2119479 2037980] - i40e: Add a stat for tracking busy rx pages (Ivan Vecera) [2119479 2037980] - i40e: Add a stat for tracking pages waived (Ivan Vecera) [2119479 2037980] - i40e: Add a stat tracking new RX page allocations (Ivan Vecera) [2119479 2037980] - i40e: Aggregate and export RX page reuse stat (Ivan Vecera) [2119479 2037980] - i40e: Remove rx page reuse double count (Ivan Vecera) [2119479 2037980] - i40e: Fix race condition while adding/deleting MAC/VLAN filters (Ivan Vecera) [2119479 2037980] - i40e: Add new version of i40e_aq_add_macvlan function (Ivan Vecera) [2119479 2037980] - i40e: Add new versions of send ASQ command functions (Ivan Vecera) [2119479 2037980] - i40e: Add sending commands in atomic context (Ivan Vecera) [2119479 2037980] - i40e: Remove unused RX realloc stat (Ivan Vecera) [2119479 2037980] - i40e: Disable hw-tc-offload feature on driver load (Ivan Vecera) [2119479 2037980] - i40e: Fix reset path while removing the driver (Ivan Vecera) [2119479 2037980] - i40e: Fix reset bw limit when DCB enabled with 1 TC (Ivan Vecera) [2119479 2037980] - i40e: respect metadata on XSK Rx to skb (Ivan Vecera) [2119479 2037980] - i40e: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (Ivan Vecera) [2119479 2037980] - i40e: Remove useless DMA-32 fallback configuration (Ivan Vecera) [2119479 2037980] - i40e: fix unsigned stat widths (Ivan Vecera) [2119479 2037980] - i40e: Fix for failed to init adminq while VF reset (Ivan Vecera) [2119479 2037980] - i40e: Fix queues reservation for XDP (Ivan Vecera) [2119479 2037980] - i40e: Fix issue when maximum queues is exceeded (Ivan Vecera) [2119479 2037980] - i40e: Increase delay to 1 s after global EMP reset (Ivan Vecera) [2119479 2037980] - i40e: remove variables set but not used (Ivan Vecera) [2119479 2037980] - i40e: Remove non-inclusive language (Ivan Vecera) [2119479 2037980] - i40e: Update FW API version (Ivan Vecera) [2119479 2037980] - i40e: Minimize amount of busy-waiting during AQ send (Ivan Vecera) [2119479 2037980] - i40e: Add ensurance of MacVlan resources for every trusted VF (Ivan Vecera) [2119479 2037980] - i40e: Fix incorrect netdev's real number of RX/TX queues (Ivan Vecera) [2119479 2037980] - i40e: Fix for displaying message regarding NVM version (Ivan Vecera) [2119479 2037980] - i40e: fix use-after-free in i40e_sync_filters_subtask() (Ivan Vecera) [2119479 2037980] - i40e: Fix to not show opcode msg on unsuccessful VF MAC change (Ivan Vecera) [2119479 2037980] - i40e: switch to napi_build_skb() (Ivan Vecera) [2119479 2037980] - i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc (Ivan Vecera) [2119479 2037980] - i40e: Fix pre-set max number of queues for VF (Ivan Vecera) [2119479 2037980] - i40e: Fix failed opcode appearing if handling messages from VF (Ivan Vecera) [2119479 2037980] - i40e: Fix display error code in dmesg (Ivan Vecera) [2119479 2037980] - i40e: Fix creation of first queue by omitting it if is not power of two (Ivan Vecera) [2119479 2037980] - i40e: Fix warning message and call stack during rmmod i40e driver (Ivan Vecera) [2119479 2037980] - i40e: Fix ping is lost after configuring ADq on VF (Ivan Vecera) [2119479 2037980] - i40e: Fix changing previously set num_queue_pairs for PFs (Ivan Vecera) [2119479 2037980] - i40e: Fix NULL ptr dereference on VSI filter sync (Ivan Vecera) [2119479 2037980] - i40e: Fix correct max_pkt_size on VF RX queue (Ivan Vecera) [2119479 2037980] - i40e: Fix freeing of uninitialized misc IRQ vector (Ivan Vecera) [2119479 2037980] - i40e: Fix spelling mistake 'dissable' -> 'disable' (Ivan Vecera) [2119479 2037980] - i40e: add support for PTP external synchronization clock (Ivan Vecera) [2119479 2037980] - i40e: improve locking of mac_filter_hash (Ivan Vecera) [2119479 2037980] - netfilter: nf_tables: sanitize nft_set_desc_concat_parse() (Florian Westphal) [2108199 2096401] {CVE-2022-1972} - netfilter: nf_tables: stricter validation of element data (Florian Westphal) [2104591 2104592] {CVE-2022-34918} [5.14.0-70.25.1_0] - powerpc/smp: Update cpu_core_map on all PowerPc systems (Diego Domingos) [2121719 2063682] - iavf: Fix deadlock in initialization (Ivan Vecera) [2119477 2037976] - iavf: Fix reset error handling (Ivan Vecera) [2119477 2037976] - iavf: Fix NULL pointer dereference in iavf_get_link_ksettings (Ivan Vecera) [2119477 2037976] - iavf: Fix adminq error handling (Ivan Vecera) [2119477 2037976] - iavf: Fix missing state logs (Ivan Vecera) [2119477 2037976] - iavf: Fix VLAN_V2 addition/rejection (Ivan Vecera) [2119477 2037976] - ethernet: use eth_hw_addr_set() instead of ether_addr_copy() (Ivan Vecera) [2119477 2037976] - iavf: Fix issue with MAC address of VF shown as zero (Ivan Vecera) [2119477 2037976] - Revert 'iavf: Fix deadlock occurrence during resetting VF interface' (Ivan Vecera) [2119477 2037976] - iavf: Fix hang during reboot/shutdown (Ivan Vecera) [2119477 2037976] - iavf: Fix double free in iavf_reset_task (Ivan Vecera) [2119477 2037976] - iavf: Fix adopting new combined setting (Ivan Vecera) [2119477 2037976] - iavf: Fix handling of vlan strip virtual channel messages (Ivan Vecera) [2119477 2037976] - iavf: Fix __IAVF_RESETTING state usage (Ivan Vecera) [2119477 2037976] - iavf: Fix missing check for running netdev (Ivan Vecera) [2119477 2037976] - iavf: Fix deadlock in iavf_reset_task (Ivan Vecera) [2119477 2037976] - iavf: Fix race in init state (Ivan Vecera) [2119477 2037976] - iavf: Fix locking for VIRTCHNL_OP_GET_OFFLOAD_VLAN_V2_CAPS (Ivan Vecera) [2119477 2037976] - iavf: Fix init state closure on remove (Ivan Vecera) [2119477 2037976] - iavf: Add waiting so the port is initialized in remove (Ivan Vecera) [2119477 2037976] - iavf: Rework mutexes for better synchronisation (Ivan Vecera) [2119477 2037976] - iavf: Remove non-inclusive language (Ivan Vecera) [2119477 2037976] - iavf: Fix incorrect use of assigning iavf_status to int (Ivan Vecera) [2119477 2037976] - iavf: stop leaking iavf_status as 'errno' values (Ivan Vecera) [2119477 2037976] - iavf: remove redundant ret variable (Ivan Vecera) [2119477 2037976] - iavf: Add usage of new virtchnl format to set default MAC (Ivan Vecera) [2119477 2037976] - iavf: refactor processing of VLAN V2 capability message (Ivan Vecera) [2119477 2037976] - iavf: Add support for 50G/100G in AIM algorithm (Ivan Vecera) [2119477 2037976] - iavf: Remove useless DMA-32 fallback configuration (Ivan Vecera) [2119477 2037976] - iavf: remove an unneeded variable (Ivan Vecera) [2119477 2037976] - iavf: Fix limit of total number of queues to active queues of VF (Ivan Vecera) [2119477 2037976] - iavf: switch to napi_build_skb() (Ivan Vecera) [2119477 2037976] - iavf: Restrict maximum VLAN filters for VIRTCHNL_VF_OFFLOAD_VLAN_V2 (Ivan Vecera) [2119477 2037976] - iavf: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 offload enable/disable (Ivan Vecera) [2119477 2037976] - iavf: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 hotpath (Ivan Vecera) [2119477 2037976] - iavf: Add support VIRTCHNL_VF_OFFLOAD_VLAN_V2 during netdev config (Ivan Vecera) [2119477 2037976] - iavf: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 negotiation (Ivan Vecera) [2119477 2037976] - virtchnl: Add support for new VLAN capabilities (Ivan Vecera) [2119477 2037976] - virtchnl: Use the BIT() macro for capability/offload flags (Ivan Vecera) [2119477 2037976] - virtchnl: Remove unused VIRTCHNL_VF_OFFLOAD_RSVD define (Ivan Vecera) [2119477 2037976] - iavf: do not override the adapter state in the watchdog task (again) (Ivan Vecera) [2119477 2037976] - iavf: missing unlocks in iavf_watchdog_task() (Ivan Vecera) [2119477 2037976] - iavf: Fix reporting when setting descriptor count (Ivan Vecera) [2119477 2037976] - iavf: restore MSI state on reset (Ivan Vecera) [2119477 2037976] - iavf: Fix displaying queue statistics shown by ethtool (Ivan Vecera) [2119477 2037976] - iavf: Refactor string format to avoid static analysis warnings (Ivan Vecera) [2119477 2037976] - iavf: Refactor text of informational message (Ivan Vecera) [2119477 2037976] - iavf: Fix static code analysis warning (Ivan Vecera) [2119477 2037976] - iavf: Refactor iavf_mac_filter struct memory usage (Ivan Vecera) [2119477 2037976] - iavf: Enable setting RSS hash key (Ivan Vecera) [2119477 2037976] - iavf: Add trace while removing device (Ivan Vecera) [2119477 2037976] - iavf: return errno code instead of status code (Ivan Vecera) [2119477 2037976] - iavf: Log info when VF is entering and leaving Allmulti mode (Ivan Vecera) [2119477 2037976] - iavf: Add change MTU message (Ivan Vecera) [2119477 2037976] - iavf: Fix VLAN feature flags after VFR (Ivan Vecera) [2119477 2037976] - iavf: Fix refreshing iavf adapter stats on ethtool request (Ivan Vecera) [2119477 2037976] - iavf: Fix deadlock occurrence during resetting VF interface (Ivan Vecera) [2119477 2037976] - iavf: Prevent changing static ITR values if adaptive moderation is on (Ivan Vecera) [2119477 2037976] - iavf: Restore VLAN filters after link down (Ivan Vecera) [2119477 2037976] - iavf: Fix for setting queues to 0 (Ivan Vecera) [2119477 2037976] - iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset (Ivan Vecera) [2119477 2037976] - iavf: validate pointers (Ivan Vecera) [2119477 2037976] - iavf: prevent accidental free of filter structure (Ivan Vecera) [2119477 2037976] - iavf: Fix failure to exit out from last all-multicast mode (Ivan Vecera) [2119477 2037976] - iavf: don't clear a lock we don't hold (Ivan Vecera) [2119477 2037976] - iavf: free q_vectors before queues in iavf_disable_vf (Ivan Vecera) [2119477 2037976] - iavf: check for null in iavf_fix_features (Ivan Vecera) [2119477 2037976] - iavf: Fix return of set the new channel count (Ivan Vecera) [2119477 2037976] - iavf: Fix kernel BUG in free_msi_irqs (Ivan Vecera) [2119477 2037976] - iavf: Add helper function to go from pci_dev to adapter (Ivan Vecera) [2119477 2037976] - iavf: Combine init and watchdog state machines (Ivan Vecera) [2119477 2037976] - iavf: Add __IAVF_INIT_FAILED state (Ivan Vecera) [2119477 2037976] - iavf: Refactor iavf state machine tracking (Ivan Vecera) [2119477 2037976] - iavf: fix double unlock of crit_lock (Ivan Vecera) [2119477 2037976] - iavf: use mutexes for locking of critical sections (Ivan Vecera) [2119477 2037976] - iavf: fix locking of critical sections (Ivan Vecera) [2119477 2037976] - iavf: do not override the adapter state in the watchdog task (Ivan Vecera) [2119477 2037976] - redhat: nvme/tcp mistakenly uses blk_mq_tag_to_rq(nvme_tcp_tagset(queue)) (John Meneghini) [2118698 2112031] - x86/platform/uv: Log gap hole end size (Frank Ramsay) [2107732 2074097] - x86/platform/uv: Update TSC sync state for UV5 (Frank Ramsay) [2107732 2074097] - x86/platform/uv: Update NMI Handler for UV5 (Frank Ramsay) [2107732 2074097] - cpufreq: intel_pstate: Add Ice Lake server to out-of-band IDs (Steve Best) [2099417 2072886] - [s390] RDMA/mlx5: Fix number of allocated XLT entries (Mete Durlu) [2092270 2088360] [5.14.0-70.24.1_0] - nvme: fix RCU hole that allowed for endless looping in multipath round robin (Gopal Tiwari) [2117756 2108624] - nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info (Gopal Tiwari) [2117756 2066146] - nvme: only call synchronize_srcu when clearing current path (Gopal Tiwari) [2117756 2066146] - nvme-multipath: revalidate paths during rescan (Gopal Tiwari) [2117756 2066146] - block: fix surprise removal for drivers calling blk_set_queue_dying (Gopal Tiwari) [2117755 2066146] - nvme-tcp: fix bogus request completion when failing to send AER (Gopal Tiwari) [2117755 2066146] - nvme: fix use after free when disconnecting a reconnecting ctrl (Gopal Tiwari) [2117755 2066146] - kvm: x86: Add CPUID support for Intel AMX (David Arcari) [2108203 1924149] [5.14.0-70.23.1_0] - block: limit request dispatch loop duration (Ming Lei) [2111395 2066297] - block: ensure plug merging checks the correct queue at least once (Ming Lei) [2111395 2066297] - net/mlx5e: Don't block routes with nexthop objects in SW (Mohammad Kabat) [2092535 2061799] - net/mlx5e: Fix wrong usage of fib_info_nh when routes with nexthop objects are used (Mohammad Kabat) [2092535 2049450] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-2078 CVE-2022-34918 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:0:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [2.36.7-1] - Update to 2.36.7 Related: #2123430 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-32893 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [102.3.0-6.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.3.0-6] - Update to 102.3.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-40958 CVE-2022-40957 CVE-2022-40962 CVE-2022-40959 CVE-2022-40960 CVE-2022-40956 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [102.3.0-3.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.3.0-3] - Update to 102.3.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-40956 CVE-2022-40958 CVE-2022-40960 CVE-2022-40962 CVE-2022-40959 CVE-2022-40957 CVE-2022-3032 CVE-2022-3034 CVE-2022-3033 CVE-2022-36059 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [32:9.16.23-1.1] - Fix possible serve-stale related crash (CVE-2022-3080) - Fix memory leak in ECDSA verify processing (CVE-2022-38177) - Fix memory leak in EdDSA verify processing (CVE-2022-38178) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-38177 CVE-2022-38178 CVE-2022-3080 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [ 2.2.10-12.3] - Ensure raw tagnames are safe exiting internalEntityParser - Resolves: CVE-2022-40674 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-40674 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:0:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [7:5.2-1.2] - Resolves: #2130251 - CVE-2022-41318 squid: buffer-over-read in SSPI and SMB authentication IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-41318 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 gnutls [3.7.6-12] - fips: mark PBKDF2 with short key and output sizes non-approved - fips: only mark HMAC as approved in PBKDF2 - fips: mark gnutls_key_generate with short key sizes non-approved - fips: fix checking on hash algorithm used in ECDSA - fips: preserve operation context around FIPS selftests API [3.7.6-11] - Supply --with{,out}-{zlib,brotli,zstd} explicitly [3.7.6-10] - Revert nettle version pinning as it doesn't work well in side-tag [3.7.6-9] - Pin nettle version in Requires when compiled with FIPS [3.7.6-8] - Bundle GMP to privatize memory functions - Disable certificate compression support by default [3.7.6-7] - Update gnutls-3.7.6-cpuid-fixes.patch [3.7.6-6] - Mark RSA SigVer operation approved for known modulus sizes (#2119770) - accelerated: clear AVX bits if it cannot be queried through XSAVE [3.7.6-5] - Block DES-CBC usage in decrypting PKCS#12 bag under FIPS (#2115314) - sysrng: reseed source DRBG for prediction resistance [3.7.6-4] - Make gnutls-cli work with KTLS for testing - Fix double-free in gnutls_pkcs7_verify (#2109789) [3.7.6-3] - Limit input size for AES-GCM according to SP800-38D (#2108635) - Do not treat GPG verification errors as fatal - Remove gnutls-3.7.6-libgnutlsxx-const.patch [3.7.6-2] - Allow enabling KTLS with config file (#2108532) [3.7.6-1] - Update to gnutls 3.7.6 (#2102591) [3.7.3-10] - Use only the first component of VERSION from /etc/os-release (#2076626) - Don't run power-on self-tests on DSA (#2076627) nettle [3.8-3] - Rebuild in new side-tag [3.8-2] - Bundle GMP to privatize memory functions - Zeroize stack allocated intermediate data [3.8-1] - Update to nettle 3.8 (#2100350) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-2509 cpe:/o:oracle:linux:9:1:baseos_base cpe:/o:oracle:linux:9:0:baseos_patch cpe:/a:oracle:linux:9::u3_security_validation cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_base cpe:/a:oracle:linux:9:1:appstream_base cpe:/o:oracle:linux:9::baseos_developer cpe:/a:oracle:linux:9:3:appstream_base cpe:/o:oracle:linux:9:2:baseos_base Oracle Linux 9 [6.0.110-1.0.1] - Add missing Oracle RIDs - Build all packages on source-build even when in servicing [6.0.110-1] - Update to .NET SDK 6.0.110 and Runtime 6.0.10 - Resolves: RHBZ#2131328 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-41032 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [16.17.1-1] - Rebase to version 16.17.1 Resolves: CVE-2022-35255 CVE-2022-35256 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-35256 CVE-2022-35255 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [1:17.0.5.0.8-2] - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 - Update CLDR data with Europe/Kyiv (JDK-8293834) - Drop JDK-8292223 patch which we found to be unnecessary - Update TestTranslations.java to use public API based on TimeZoneNamesTest upstream - Related: rhbz#2132934 [1:17.0.5.0.8-1] - Update to jdk-17.0.5+8 (GA) - Update release notes to 17.0.5+8 (GA) - Switch to GA mode for final release. - * This tarball is embargoed until 2022-10-18 @ 1pm PT. * - Resolves: rhbz#2132934 [1:17.0.5.0.7-0.1.ea] - Update to jdk-17.0.5+7 - Update release notes to 17.0.5+7 - Resolves: rhbz#2132934 [1:17.0.5.0.1-0.1.ea] - Update to jdk-17.0.5+1 - Update release notes to 17.0.5+1 - Switch to EA mode for 17.0.5 pre-release builds. - Related: rhbz#2132934 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-39399 CVE-2022-21619 CVE-2022-21626 CVE-2022-21624 CVE-2022-21618 CVE-2022-21628 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1.8.0.352.b08-2.0.1] - Replace upstream references [Orabug: 34340145] [1:1.8.0.352.b08-2] - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 - Add test to ensure timezones can be translated - Related: rhbz#2133695 [1:1.8.0.352.b08-1] - Update to shenandoah-jdk8u352-b08 (GA) - Update release notes for shenandoah-8u352-b08. - Rebase FIPS patch against 8u352-b07 - * This tarball is embargoed until 2022-10-18 @ 1pm PT. * - Resolves: rhbz#2133695 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-21626 CVE-2022-21619 CVE-2022-21624 CVE-2022-21628 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [11.0.17.0.8-2.0.1] - Replace upstream references [Orabug: 34340155] [1:11.0.17.0.8-2] - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 - Update CLDR data with Europe/Kyiv (JDK-8293834) - Drop JDK-8292223 patch which we found to be unnecessary - Update TestTranslations.java to use public API based on TimeZoneNamesTest upstream - Related: rhbz#2133695 [1:11.0.17.0.8-1] - Update to jdk-11.0.17+8 (GA) - Update release notes to 11.0.17+8 - Switch to GA mode for release - Resolves: rhbz#2133695 [1:11.0.17.0.7-0.1.ea] - Update to jdk-11.0.17+7 - Update release notes to 11.0.17+7 - Resolves: rhbz#2131865 [1:11.0.17.0.1-0.1.ea] - Update to jdk-11.0.17+1 - Update release notes to 11.0.17+1 - Switch to EA mode for 11.0.17 pre-release builds. - Related: rhbz#2131865 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-21618 CVE-2022-39399 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [102.3.0-7.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.3.0-7] - Fix for expat CVE-2022-40674 and non functional webrtc IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-40674 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [102.3.0-4.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.3.0-4] - Fix for expat CVE-2022-40674 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-40674 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [102.4.0-1.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.4.0-1] - Update to 102.4.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-42928 CVE-2022-42929 CVE-2022-42927 CVE-2022-42932 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1.5.1-5] - Fix for CVE-2022-3515 (#2135703) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-3515 cpe:/o:oracle:linux:9:0:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [102.4.0-1] - Update to 102.4.0 build1 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-39249 CVE-2022-42929 CVE-2022-42927 CVE-2022-39251 CVE-2022-39236 CVE-2022-42928 CVE-2022-42932 CVE-2022-39250 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [0.8.7-7.1] - Add 0044-multipathd-ignore-duplicated-multipathd-command-keys.patch - Resolves: bz #2133997 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-41974 cpe:/o:oracle:linux:9:0:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [3.0.1-43.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.1-43] - CVE-2022-3602: X.509 Email Address Buffer Overflow - running tests Resolves: CVE-2022-3602 [1:3.0.1-42] - CVE-2022-3602: X.509 Email Address Buffer Overflow Resolves: CVE-2022-3602 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-3602 CVE-2022-3786 cpe:/o:oracle:linux:9:1:baseos_base cpe:/o:oracle:linux:9:0:baseos_patch cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [1.2.11-32] - Fix heap-based buffer over-read or buffer overflow in inflate in inflate.c - Resolves: CVE-2022-37434 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-37434 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:0:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [5.14.0-70.30.1.0.1_0.OL9] - lockdown: also lock down previous kgdb use (Daniel Thompson) [Orabug: 34290418] {CVE-2022-21499} [5.14.0-70.30.1_0.OL9] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 < 15.3-1.0.4 - Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944] [5.14.0-70.30.1_0] - random: trigger reseeding DRBG on more occasions (Daiki Ueno) [2128970 2125257] - random: allow reseeding DRBG with getrandom (Daiki Ueno) [2121129 2114854] - nvme-tcp: handle number of queue changes (John Meneghini) [2131360 2112025] - nvmet: expose max queues to configfs (John Meneghini) [2131360 2112025] - nvme-fabrics: parse nvme connect Linux error codes (John Meneghini) [2131360 2112025] - nvmet: revert 'nvmet: make discovery NQN configurable' (Gopal Tiwari) [2131360 2066146] - vfio/type1: Unpin zero pages (Alex Williamson) [2128791 2121855] - cifs: fix bad fids sent over wire (Ronnie Sahlberg) [2127858 2088775] - SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (Ronnie Sahlberg) [2127858 2088775] - cifs: verify that tcon is valid before dereference in cifs_kill_sb (Ronnie Sahlberg) [2127858 2048823] - cifs: release cached dentries only if mount is complete (Ronnie Sahlberg) [2127858 2048823] - cifs: we do not need a spinlock around the tree access during umount (Ronnie Sahlberg) [2127858 2048823] - cifs: fix handlecache and multiuser (Ronnie Sahlberg) [2127858 2048823] - cifs: fix workstation_name for multiuser mounts (Ronnie Sahlberg) [2127858 2048823] - cifs: free ntlmsspblob allocated in negotiate (Ronnie Sahlberg) [2127858 2048823] - cifs: fix ntlmssp auth when there is no key exchange (Ronnie Sahlberg) [2127858 2048823] - cifs: send workstation name during ntlmssp session setup (Ronnie Sahlberg) [2127858 2048823] - cifs: Fix crash on unload of cifs_arc4.ko (Ronnie Sahlberg) [2127858 2048823] - Documentation, arch: Remove leftovers from CIFS_WEAK_PW_HASH (Ronnie Sahlberg) [2127858 2048823] - cifs: fix the cifs_reconnect path for DFS (Ronnie Sahlberg) [2127858 2048823] - cifs: sanitize multiple delimiters in prepath (Ronnie Sahlberg) [2127858 2048823] - cifs: ignore resource_id while getting fscache super cookie (Ronnie Sahlberg) [2127858 2048823] - cifs: avoid use of dstaddr as key for fscache client cookie (Ronnie Sahlberg) [2127858 2048823] - cifs: add server conn_id to fscache client cookie (Ronnie Sahlberg) [2127858 2048823] - cifs: wait for tcon resource_id before getting fscache super (Ronnie Sahlberg) [2127858 2048823] - cifs: fix missed refcounting of ipc tcon (Ronnie Sahlberg) [2127858 2048823] - cifs: update internal version number (Ronnie Sahlberg) [2127858 2048823] - smb2: clarify rc initialization in smb2_reconnect (Ronnie Sahlberg) [2127858 2048823] - cifs: populate server_hostname for extra channels (Ronnie Sahlberg) [2127858 2048823] - cifs: nosharesock should be set on new server (Ronnie Sahlberg) [2127858 2048823] - cifs: introduce cifs_ses_mark_for_reconnect() helper (Ronnie Sahlberg) [2127858 2048823] - cifs: protect srv_count with cifs_tcp_ses_lock (Ronnie Sahlberg) [2127858 2048823] - cifs: move debug print out of spinlock (Ronnie Sahlberg) [2127858 2048823] - cifs: do not duplicate fscache cookie for secondary channels (Ronnie Sahlberg) [2127858 2048823] - cifs: connect individual channel servers to primary channel server (Ronnie Sahlberg) [2127858 2048823] - cifs: protect session channel fields with chan_lock (Ronnie Sahlberg) [2127858 2048823] - cifs: do not negotiate session if session already exists (Ronnie Sahlberg) [2127858 2048823] - smb3: do not setup the fscache_super_cookie until fsinfo initialized (Ronnie Sahlberg) [2127858 2048823] - cifs: fix potential use-after-free bugs (Ronnie Sahlberg) [2127858 2048823] - cifs: fix memory leak of smb3_fs_context_dup::server_hostname (Ronnie Sahlberg) [2127858 2048823] - smb3: add additional null check in SMB311_posix_mkdir (Ronnie Sahlberg) [2127858 2048823] - cifs: release lock earlier in dequeue_mid error case (Ronnie Sahlberg) [2127858 2048823] - smb3: add additional null check in SMB2_tcon (Ronnie Sahlberg) [2127858 2048823] - smb3: add additional null check in SMB2_open (Ronnie Sahlberg) [2127858 2048823] - smb3: add additional null check in SMB2_ioctl (Ronnie Sahlberg) [2127858 2048823] - smb3: remove trivial dfs compile warning (Ronnie Sahlberg) [2127858 2048823] - cifs: support nested dfs links over reconnect (Ronnie Sahlberg) [2127858 2048823] - smb3: do not error on fsync when readonly (Ronnie Sahlberg) [2127858 2048823] - cifs: for compound requests, use open handle if possible (Ronnie Sahlberg) [2127858 2048823] - cifs: set a minimum of 120s for next dns resolution (Ronnie Sahlberg) [2127858 2048823] - cifs: split out dfs code from cifs_reconnect() (Ronnie Sahlberg) [2127858 2048823] - cifs: convert list_for_each to entry variant (Ronnie Sahlberg) [2127858 2048823] - cifs: introduce new helper for cifs_reconnect() (Ronnie Sahlberg) [2127858 2048823] - cifs: fix print of hdr_flags in dfscache_proc_show() (Ronnie Sahlberg) [2127858 2048823] - cifs: nosharesock should not share socket with future sessions (Ronnie Sahlberg) [2127858 2048823] - smb3: add dynamic trace points for socket connection (Ronnie Sahlberg) [2127858 2048823] - cifs: Move SMB2_Create definitions to the shared area (Ronnie Sahlberg) [2127858 2048823] - cifs: Move more definitions into the shared area (Ronnie Sahlberg) [2127858 2048823] - cifs: move NEGOTIATE_PROTOCOL definitions out into the common area (Ronnie Sahlberg) [2127858 2048823] - cifs: Create a new shared file holding smb2 pdu definitions (Ronnie Sahlberg) [2127858 2048823] - cifs: add mount parameter tcpnodelay (Ronnie Sahlberg) [2127858 2048823] - cifs: To match file servers, make sure the server hostname matches (Ronnie Sahlberg) [2127858 2048823] - cifs: fix incorrect check for null pointer in header_assemble (Ronnie Sahlberg) [2127858 2048823] - smb3: correct server pointer dereferencing check to be more consistent (Ronnie Sahlberg) [2127858 2048823] - smb3: correct smb3 ACL security descriptor (Ronnie Sahlberg) [2127858 2048823] - cifs: Clear modified attribute bit from inode flags (Ronnie Sahlberg) [2127858 2048823] - cifs: Deal with some warnings from W=1 (Ronnie Sahlberg) [2127858 2048823] - cifs: fix a sign extension bug (Ronnie Sahlberg) [2127858 2048823] - cifs: Not to defer close on file when lock is set (Ronnie Sahlberg) [2127858 2048823] - cifs: Fix soft lockup during fsstress (Ronnie Sahlberg) [2127858 2048823] - cifs: Deferred close performance improvements (Ronnie Sahlberg) [2127858 2048823] - cifs: fix incorrect kernel doc comments (Ronnie Sahlberg) [2127858 2048823] - cifs: remove pathname for file from SPDX header (Ronnie Sahlberg) [2127858 2048823] - cifs: properly invalidate cached root handle when closing it (Ronnie Sahlberg) [2127858 2048823] - cifs: move SMB FSCTL definitions to common code (Ronnie Sahlberg) [2127858 2048823] - cifs: rename cifs_common to smbfs_common (Ronnie Sahlberg) [2127858 2048823] - cifs: cifs_md4 convert to SPDX identifier (Ronnie Sahlberg) [2127858 2048823] - cifs: create a MD4 module and switch cifs.ko to use it (Ronnie Sahlberg) [2127858 2048823] - cifs: fork arc4 and create a separate module for it for cifs and other users (Ronnie Sahlberg) [2127858 2048823] - cifs: remove support for NTLM and weaker authentication algorithms (Ronnie Sahlberg) [2127858 2048823] - cifs: update FSCTL definitions (Ronnie Sahlberg) [2127858 2048823] - cifs: Do not leak EDEADLK to dgetents64 for STATUS_USER_SESSION_DELETED (Ronnie Sahlberg) [2127858 2048823] - cifs: enable fscache usage even for files opened as rw (Ronnie Sahlberg) [2127858 2048823] - smb3: fix posix extensions mount option (Ronnie Sahlberg) [2127858 2048823] - cifs: fix wrong release in sess_alloc_buffer() failed path (Ronnie Sahlberg) [2127858 2048823] - CIFS: Fix a potencially linear read overflow (Ronnie Sahlberg) [2127858 2048823] - drm/mgag200: Select clock in PLL update functions (Herton R. Krzesinski) [2112017 2043115] - mt76: mt7921: Fix the error handling path of mt7921_pci_probe() (Inigo Huguet) [2095653 2096777] - mt76: mt7921e: fix possible probe failure after reboot (Inigo Huguet) [2095653 2065633] [5.14.0-70.29.1_0] - configs: enable CONFIG_HP_ILO for aarch64 (Mark Salter) [2129453 2126153] - KVM: x86/mmu: Don't advance iterator after restart due to yielding (Nico Pache) [2127859 2055725] - scsi: csiostor: Add module softdep on cxgb4 (Rahul Lakkireddy) [2127857 1977553] - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (Oleg Nesterov) [2127875 2121271] {CVE-2022-30594} [5.14.0-70.28.1_0] - powerpc: Enable execve syscall exit tracepoint (Steve Best) [2106661 2095526] [5.14.0-70.27.1_0] - posix-cpu-timers: Cleanup CPU timers before freeing them during exec (Wander Lairson Costa) [2116967 2116968] {CVE-2022-2585} - fix race between exit_itimers() and /proc/pid/timers (Wander Lairson Costa) [2116967 2116968] {CVE-2022-2585} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-2585 CVE-2022-30594 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:0:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [3.9.10-3] - Security fix for CVE-2020-10735 - Fix the test suite support for Expat >= 2.4.5 Resolves: rhbz#1834423 MODERATE Copyright 2022 Oracle, Inc. CVE-2020-10735 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:0:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [11.0.6-1.0.1] - Replaced upstream graphical references [Orabug: 33952704] [11.0.6-1] - Bug #2107335 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE [rhel-9.0.0.z] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-2414 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [5.4.2-4.3] - Fix up CVE-2022-33099 patch [5.4.2-4.2] - Enable gating [5.4.2-4.1] - apply upstream fix for CVE-2022-33099 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-33099 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:0:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 cockpit-composer [41-1.0.1] - Make per page documentation links point to Oracle Linux [Orabug: 32013095], [Orabug:34398922] [41-1] - New upstream release [40-1] - New upstream release [39-1] - New upstream release [38-1] - New upstream release [37-1] - New upstream release [35-1] - New upstream release [34-1] - New upstream release [33-1] - Add support for OCI upload target - Update translations - Update dependencies [32-1] - Add Edge Raw, RHEL Installer, Edge Simplified Installer image types - Improve user account modal responsiveness - Update tests - Update minor NPM dependencies - Update translation files [31-1] - Add new ostree image types - Improve loading state when waiting for api responses - Improve notification system - Improve test stability - Update NPM dependencies - Update translations [30-3] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [30-2] - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 [30-1] - Add and update translations - Update NPM dependencies - Improve test reliability [28-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild [28-1] - Use sentence case rather than title case - Add and update tests - Update translations from weblate - Update minor NPM dependencies [27-1] - Improve test reliability - Update translations from weblate - Update minor NPM dependencies [26-1] - Add additional form validation for the Create Image Wizard - Improve page size dropdown styling - Update minor NPM dependencies - Improve code styling - Improve test reliability osbuild [65-1] - New upstream release [64-1] - New upstream release [63-1] - New upstream release [62-1] - New upstream release [61-1] - New upstream release [60-1] - New upstream release [59-1] - New upstream release [58-1] - New upstream release [57-1] - New upstream release [56-1] - New upstream release [55-1] - New upstream release [54-1] - New upstream release [53-1] - New upstream release [52-1] - New upstream release [50-1] - New upstream release [49-1] - New upstream release [48-1] - New upstream release [47-1] - New upstream release [46-1] - New upstream release [45-1] - New upstream release [44-1] - New upstream release [43-1] - New upstream release [42-1] - New upstream release [39-1] - New upstream release [35-1] - Upstream release 35 [34-1] - Upstream release 34 [33-1] - Upstream release 33 [32-1] - Upstream release 32 [31-1] - Upstream release 31 [30-1] - Upstream release 30 - Many new stages for building ostree-based raw images - Bootiso.mono stage was deprecated and split into smaller stages - Mounts are now represented as an array in a manifest - Various bug fixes and improvements to various stages [29-2] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [29-1] - Upstream release 29 - Adds host services - Adds modprobe and logind stage [27-3] - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 [27-2] - Include Fedora 35 runner (upstream commit 337e0f0) [27-1] - Upstream release 27 - Various bug fixes related to the new container and installer stages introdcued in version 25 and 26. [26-1] - Upstream release 26 - Support for building boot isos - Grub stage gained support for saved_entry to fix grub tooling [25-1] - Upstream release 25 - First tech preview of the new manifest format. Includes various new stages and inputs to be able to build ostree commits contained in a oci archive. [24-1] - Upstream release 24 - Turn on dependency generator for everything but runners - Include new input binaries [23-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild [23-1] - Upstream release 23 - Do not mangle shebangs for assemblers, runners & stages. [22-1] - Upstream release 22 [21-1] - Upstream reelase 21 osbuild-composer [62.1-1] - New upstream release [62-1] - New upstream release [60-1] - New upstream release [59-1] - New upstream release [58-1] - New upstream release [57-1] - New upstream release [55-1] - New upstream release [54-1] - New upstream release [53-1] - New upstream release [51-1] - New upstream release [46-1] - New upstream release [45-1] - New upstream release [44-1] - New upstream release [43-1] - New upstream release [42-1] - New upstream release [41-1] - New upstream release [40-1] - New upstream release [39-1] - New upstream release [38-1] - New upstream release * Tue Nov 02 2021 lavocatt - 37-1 - New upstream release [36-1] - New upstream release [33-1] - New upstream release [32-1] - New upstream release [31-1] - New upstream release [30-2] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [30-1] - New upstream release [29-3] - Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065 [29-2] - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 [29-1] - New upstream release [28-1] - New upstream release [27-1] - New upstream release [26-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild [26-2] - Fix the compatibility with a new golang-github-azure-storage-blob 0.12 [26-1] - New upstream release [25-1] - New upstream release [24-1] - New upstream release [23-1] - New upstream release [22-1] - New upstream release weldr-client [35.5-4] - tests: Add osbuild-composer repo file for RHEL 9.1 Related: rhbz#2118831 [35.5-3] - tests: Update tests for osbuild composer changes Resolves: rhbz#2118831 LOW Copyright 2022 Oracle, Inc. CVE-2022-32189 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [2:4.2.0-3.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404] [2:4.2.0-3] - fix dependency in test subpackage - Related: #2061316 [2:4.2.0-2] - readd catatonit - Related: #2061316 [2:4.2.0-1] - update to latest content of https://github.com/containers/podman/releases/tag/4.2.0 (https://github.com/containers/podman/commit/7fe5a419cfd2880df2028ad3d7fd9378a88a04f4) - Related: #2061316 [2:4.2.0-0.3rc3] - require catatonit for gating tests - Related: #2061316 [2:4.2.0-0.2rc3] - update to 4.2.0-rc3 - Related: #2061316 [2:4.2.0-0.1rc2] - update to 4.2.0-rc2 - Related: #2061316 [2:4.1.1-6] - convert catatonit dependency to soft dep as catatonit is no longer in Appstream but in CRB - Related: #2061316 [2:4.1.1-5] - rebuild for combined gating with catatonit - Related: #2097694 [2:4.1.1-4] - catatonit is now a standalone package - Related: #2097694 [2:4.1.1-3] - update to the latest content of https://github.com/containers/podman/tree/v4.1.1-rhel (https://github.com/containers/podman/commit/fa692a6) - Related: #2097694 [2:4.1.1-2] - be sure podman services/sockets are stopped upon package removal - Related: #2061316 MODERATE Copyright 2022 Oracle, Inc. CVE-2020-28851 CVE-2021-20291 CVE-2020-28852 CVE-2021-4024 CVE-2021-33197 CVE-2021-34558 CVE-2022-27191 CVE-2021-20199 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [2:1.9.2-1] - update to https://github.com/containers/skopeo/releases/tag/v1.9.2 - Related: #2061316 [2:1.9.1-1] - update to https://github.com/containers/skopeo/releases/tag/v1.9.1 - Related: #2061316 [2:1.9.0-1] - update to https://github.com/containers/skopeo/releases/tag/v1.9.0 - Related: #2061316 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-33198 CVE-2021-20291 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [1.48.4-2.0.1] - Add btrfs-progs to the packages installed in the appliance [Orabug: 34137448] - Replace upstream references from a description tag - Fix build on Oracle Linux [Orabug: 29319324] - Set DISTRO_ORACLE_LINUX correspeonding to ol [1:1.48.4-2] - Rebase to new stable branch version 1.48.4 resolves: rhbz#2059285 - Disable 5-level page tables when using -cpu max resolves: rhbz#2084568 - SELinux relabelling should not stop on ext4 immutable bits resolves: rhbz#1794518 - Ignore iface in add-drive variants resolves: rhbz#1844341 - Lift protocol limit on guestfs_readdir() resolves: rhbz#1674392 - Check return values from librpm calls (2089623) - Document limitations of encrypted RBD disks resolves: rhbz#2033247 - Fix lvm-set-filter failed in guestfish with the latest lvm2 package resolves: rhbz#1965941 - Enable PHP bindings resolves: rhbz#2097718 - Add support for Clevis & Tang resolves: rhbz#1809453 - Fix CVE-2022-2211 Denial of Service in --key parameter resolves: rhbz#2101281 - Add clevis-luks to BRs, required for Clevis & Tang related: rhbz#1809453 - Add zstd support to guestfs_file_architecture resolves: rhbz#2117004 [1:1.48.0-2] - Disable signature checking in librpm resolves: rhbz#2065172 [1:1.48.0-1] - Rebase to new stable branch version 1.48.0 resolves: rhbz#2059285 LOW Copyright 2022 Oracle, Inc. CVE-2022-2211 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [1.48.2-5] - Rebase to guestfs-tools 1.48.2 resolves: rhbz#2059286 - Default to --selinux-relabel in various tools resolves: rhbz#2075718, rhbz#2089748 - Add lvm system.devices cleanup operation to virt-sysprep resolves: rhbz#2072493 - Refactor virt-customize --install, --update options in common submodule - Add support for Clevis & Tang resolves: rhbz#1809453 - Fix CVE-2022-2211 Denial of Service in --key parameter resolves: rhbz#2102721 - Fix virt-sysprep and LUKS-on-LVM guests resolves: rhbz#2106286 LOW Copyright 2022 Oracle, Inc. CVE-2022-2211 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [7.0.0-13] - kvm-i386-reset-KVM-nested-state-upon-CPU-reset.patch [bz#2117546] - kvm-i386-do-kvm_put_msr_feature_control-first-thing-when.patch [bz#2117546] - Resolves: bz#2117546 ([RHEL9.1] Guests in VMX root operation fail to reboot with QEMUs system_reset command) [7.0.0-12] - kvm-scsi-generic-Fix-emulated-block-limits-VPD-page.patch [bz#2120275] - kvm-vhost-Get-vring-base-from-vq-not-svq.patch [bz#2114060] - kvm-vdpa-Skip-the-maps-not-in-the-iova-tree.patch [bz#2114060] - kvm-vdpa-do-not-save-failed-dma-maps-in-SVQ-iova-tree.patch [bz#2114060] - kvm-util-Return-void-on-iova_tree_remove.patch [bz#2114060] - kvm-util-accept-iova_tree_remove_parameter-by-value.patch [bz#2114060] - kvm-vdpa-Remove-SVQ-vring-from-iova_tree-at-shutdown.patch [bz#2114060] - kvm-vdpa-Make-SVQ-vring-unmapping-return-void.patch [bz#2114060] - kvm-vhost-Always-store-new-kick-fd-on-vhost_svq_set_svq_.patch [bz#2114060] - kvm-vdpa-Use-ring-hwaddr-at-vhost_vdpa_svq_unmap_ring.patch [bz#2114060] - kvm-vhost-stop-transfer-elem-ownership-in-vhost_handle_g.patch [bz#2114060] - kvm-vhost-use-SVQ-element-ndescs-instead-of-opaque-data-.patch [bz#2114060] - kvm-vhost-Delete-useless-read-memory-barrier.patch [bz#2114060] - kvm-vhost-Do-not-depend-on-NULL-VirtQueueElement-on-vhos.patch [bz#2114060] - kvm-vhost_net-Add-NetClientInfo-start-callback.patch [bz#2114060] - kvm-vhost_net-Add-NetClientInfo-stop-callback.patch [bz#2114060] - kvm-vdpa-add-net_vhost_vdpa_cvq_info-NetClientInfo.patch [bz#2114060] - kvm-vdpa-Move-command-buffers-map-to-start-of-net-device.patch [bz#2114060] - kvm-vdpa-extract-vhost_vdpa_net_cvq_add-from-vhost_vdpa_.patch [bz#2114060] - kvm-vhost_net-add-NetClientState-load-callback.patch [bz#2114060] - kvm-vdpa-Add-virtio-net-mac-address-via-CVQ-at-start.patch [bz#2114060] - kvm-vdpa-Delete-CVQ-migration-blocker.patch [bz#2114060] - kvm-virtio-scsi-fix-race-in-virtio_scsi_dataplane_start.patch [bz#2099541] - Resolves: bz#2120275 (Wrong max_sectors_kb and Maximum transfer length on the pass-through device [rhel-9.1]) - Resolves: bz#2114060 (vDPA state restore support through control virtqueue in Qemu) - Resolves: bz#2099541 (qemu coredump with error Assertion qemu_mutex_iothread_locked() failed when repeatly hotplug/unplug disks in pause status) [7.0.0-11] - kvm-QIOChannelSocket-Fix-zero-copy-flush-returning-code-.patch [bz#2107466] - kvm-Add-dirty-sync-missed-zero-copy-migration-stat.patch [bz#2107466] - kvm-migration-multifd-Report-to-user-when-zerocopy-not-w.patch [bz#2107466] - kvm-migration-Avoid-false-positive-on-non-supported-scen.patch [bz#2107466] - kvm-migration-add-remaining-params-has_-true-in-migratio.patch [bz#2107466] - kvm-QIOChannelSocket-Add-support-for-MSG_ZEROCOPY-IPV6.patch [bz#2107466] - kvm-pc-bios-s390-ccw-Fix-booting-with-logical-block-size.patch [bz#2112303] - kvm-vdpa-Fix-bad-index-calculus-at-vhost_vdpa_get_vring_.patch [bz#2116876] - kvm-vdpa-Fix-index-calculus-at-vhost_vdpa_svqs_start.patch [bz#2116876] - kvm-vdpa-Fix-memory-listener-deletions-of-iova-tree.patch [bz#2116876] - kvm-vdpa-Fix-file-descriptor-leak-on-get-features-error.patch [bz#2116876] - Resolves: bz#2107466 (zerocopy capability can be enabled when set migrate capabilities with multifd and compress/xbzrle together) - Resolves: bz#2112303 (virtio-blk: Cant boot fresh installation from used 512 cluster_size image under certain conditions) - Resolves: bz#2116876 (Fixes for vDPA control virtqueue support in Qemu) [7.0.0-10] - kvm-vhost-Track-descriptor-chain-in-private-at-SVQ.patch [bz#1939363] - kvm-vhost-Fix-device-s-used-descriptor-dequeue.patch [bz#1939363] - kvm-hw-virtio-Replace-g_memdup-by-g_memdup2.patch [bz#1939363] - kvm-vhost-Fix-element-in-vhost_svq_add-failure.patch [bz#1939363] - kvm-meson-create-have_vhost_-variables.patch [bz#1939363] - kvm-meson-use-have_vhost_-variables-to-pick-sources.patch [bz#1939363] - kvm-vhost-move-descriptor-translation-to-vhost_svq_vring.patch [bz#1939363] - kvm-virtio-net-Expose-MAC_TABLE_ENTRIES.patch [bz#1939363] - kvm-virtio-net-Expose-ctrl-virtqueue-logic.patch [bz#1939363] - kvm-vdpa-Avoid-compiler-to-squash-reads-to-used-idx.patch [bz#1939363] - kvm-vhost-Reorder-vhost_svq_kick.patch [bz#1939363] - kvm-vhost-Move-vhost_svq_kick-call-to-vhost_svq_add.patch [bz#1939363] - kvm-vhost-Check-for-queue-full-at-vhost_svq_add.patch [bz#1939363] - kvm-vhost-Decouple-vhost_svq_add-from-VirtQueueElement.patch [bz#1939363] - kvm-vhost-Add-SVQDescState.patch [bz#1939363] - kvm-vhost-Track-number-of-descs-in-SVQDescState.patch [bz#1939363] - kvm-vhost-add-vhost_svq_push_elem.patch [bz#1939363] - kvm-vhost-Expose-vhost_svq_add.patch [bz#1939363] - kvm-vhost-add-vhost_svq_poll.patch [bz#1939363] - kvm-vhost-Add-svq-avail_handler-callback.patch [bz#1939363] - kvm-vdpa-Export-vhost_vdpa_dma_map-and-unmap-calls.patch [bz#1939363] - kvm-vhost-net-vdpa-add-stubs-for-when-no-virtio-net-devi.patch [bz#1939363] - kvm-vdpa-manual-forward-CVQ-buffers.patch [bz#1939363] - kvm-vdpa-Buffer-CVQ-support-on-shadow-virtqueue.patch [bz#1939363] - kvm-vdpa-Extract-get-features-part-from-vhost_vdpa_get_m.patch [bz#1939363] - kvm-vdpa-Add-device-migration-blocker.patch [bz#1939363] - kvm-vdpa-Add-x-svq-to-NetdevVhostVDPAOptions.patch [bz#1939363] - kvm-redhat-Update-linux-headers-linux-kvm.h-to-v5.18-rc6.patch [bz#2111994] - kvm-target-s390x-kvm-Honor-storage-keys-during-emulation.patch [bz#2111994] - kvm-kvm-don-t-use-perror-without-useful-errno.patch [bz#2095608] - kvm-multifd-Copy-pages-before-compressing-them-with-zlib.patch [bz#2099934] - kvm-Revert-migration-Simplify-unqueue_page.patch [bz#2099934] - Resolves: bz#1939363 (vDPA control virtqueue support in Qemu) - Resolves: bz#2111994 (RHEL9: skey test in kvm_unit_test got failed) - Resolves: bz#2095608 (Please correct the error message when try to start qemu with -M kernel-irqchip=split) - Resolves: bz#2099934 (Guest reboot on destination host after postcopy migration completed) [7.0.0-9] - kvm-virtio-iommu-Add-bypass-mode-support-to-assigned-dev.patch [bz#2100106] - kvm-virtio-iommu-Use-recursive-lock-to-avoid-deadlock.patch [bz#2100106] - kvm-virtio-iommu-Add-an-assert-check-in-translate-routin.patch [bz#2100106] - kvm-virtio-iommu-Fix-the-partial-copy-of-probe-request.patch [bz#2100106] - kvm-virtio-iommu-Fix-migration-regression.patch [bz#2100106] - kvm-pc-bios-s390-ccw-virtio-Introduce-a-macro-for-the-DA.patch [bz#2098077] - kvm-pc-bios-s390-ccw-bootmap-Improve-the-guessing-logic-.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-blkdev-Simplify-fix-virtio_i.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-blkdev-Remove-virtio_assume_.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-Set-missing-status-bits-whil.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-Read-device-config-after-fea.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-Beautify-the-code-for-readin.patch [bz#2098077] - kvm-pc-bios-s390-ccw-Split-virtio-scsi-code-from-virtio_.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-blkdev-Request-the-right-fea.patch [bz#2098077] - kvm-pc-bios-s390-ccw-netboot.mak-Ignore-Clang-s-warnings.patch [bz#2098077] - kvm-hw-block-fdc-Prevent-end-of-track-overrun-CVE-2021-3.patch [bz#1951522] - kvm-tests-qtest-fdc-test-Add-a-regression-test-for-CVE-2.patch [bz#1951522] - Resolves: bz#2100106 (Fix virtio-iommu/vfio bypass) - Resolves: bz#2098077 (virtio-blk: Cant boot fresh installation from used virtio-blk dasd disk under certain conditions) - Resolves: bz#1951522 (CVE-2021-3507 qemu-kvm: QEMU: fdc: heap buffer overflow in DMA read data transfers [rhel-9.0]) [7.0.0-8] - kvm-tests-avocado-update-aarch64_virt-test-to-exercise-c.patch [bz#2060839] - kvm-RHEL-only-tests-avocado-Switch-aarch64-tests-from-a5.patch [bz#2060839] - kvm-RHEL-only-AArch64-Drop-unsupported-CPU-types.patch [bz#2060839] - kvm-target-i386-deprecate-CPUs-older-than-x86_64-v2-ABI.patch [bz#2060839] - kvm-target-s390x-deprecate-CPUs-older-than-z14.patch [bz#2060839] - kvm-target-arm-deprecate-named-CPU-models.patch [bz#2060839] - kvm-meson.build-Fix-docker-test-build-alpine-when-includ.patch [bz#1968509] - kvm-QIOChannel-Add-flags-on-io_writev-and-introduce-io_f.patch [bz#1968509] - kvm-QIOChannelSocket-Implement-io_writev-zero-copy-flag-.patch [bz#1968509] - kvm-migration-Add-zero-copy-send-parameter-for-QMP-HMP-f.patch [bz#1968509] - kvm-migration-Add-migrate_use_tls-helper.patch [bz#1968509] - kvm-multifd-multifd_send_sync_main-now-returns-negative-.patch [bz#1968509] - kvm-multifd-Send-header-packet-without-flags-if-zero-cop.patch [bz#1968509] - kvm-multifd-Implement-zero-copy-write-in-multifd-migrati.patch [bz#1968509] - kvm-QIOChannelSocket-Introduce-assert-and-reduce-ifdefs-.patch [bz#1968509] - kvm-QIOChannelSocket-Fix-zero-copy-send-so-socket-flush-.patch [bz#1968509] - kvm-migration-Change-zero_copy_send-from-migration-param.patch [bz#1968509] - kvm-migration-Allow-migrate-recover-to-run-multiple-time.patch [bz#2096143] - Resolves: bz#2060839 (Consider deprecating CPU models like kvm64 / qemu64 on RHEL 9) - Resolves: bz#1968509 (Use MSG_ZEROCOPY on QEMU Live Migration) - Resolves: bz#2096143 (The migration port is not released if use it again for recovering postcopy migration) [7.0.0-7] - kvm-coroutine-ucontext-use-QEMU_DEFINE_STATIC_CO_TLS.patch [bz#1952483] - kvm-coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch [bz#1952483] - kvm-coroutine-win32-use-QEMU_DEFINE_STATIC_CO_TLS.patch [bz#1952483] - kvm-Enable-virtio-iommu-pci-on-x86_64.patch [bz#2094252] - kvm-linux-aio-fix-unbalanced-plugged-counter-in-laio_io_.patch [bz#2092788] - kvm-linux-aio-explain-why-max-batch-is-checked-in-laio_i.patch [bz#2092788] - Resolves: bz#1952483 (RFE: QEMUs coroutines fail with CFLAGS=-flto on non-x86_64 architectures) - Resolves: bz#2094252 (Compile the virtio-iommu device on x86_64) - Resolves: bz#2092788 (Stalled IO Operations in VM) [7.0.0-6] - kvm-Introduce-event-loop-base-abstract-class.patch [bz#2031024] - kvm-util-main-loop-Introduce-the-main-loop-into-QOM.patch [bz#2031024] - kvm-util-event-loop-base-Introduce-options-to-set-the-th.patch [bz#2031024] - kvm-qcow2-Improve-refcount-structure-rebuilding.patch [bz#2072379] - kvm-iotests-108-Test-new-refcount-rebuild-algorithm.patch [bz#2072379] - kvm-qcow2-Add-errp-to-rebuild_refcount_structure.patch [bz#2072379] - kvm-iotests-108-Fix-when-missing-user_allow_other.patch [bz#2072379] - kvm-virtio-net-setup-vhost_dev-and-notifiers-for-cvq-onl.patch [bz#2070804] - kvm-virtio-net-align-ctrl_vq-index-for-non-mq-guest-for-.patch [bz#2070804] - kvm-vhost-vdpa-fix-improper-cleanup-in-net_init_vhost_vd.patch [bz#2070804] - kvm-vhost-net-fix-improper-cleanup-in-vhost_net_start.patch [bz#2070804] - kvm-vhost-vdpa-backend-feature-should-set-only-once.patch [bz#2070804] - kvm-vhost-vdpa-change-name-and-polarity-for-vhost_vdpa_o.patch [bz#2070804] - kvm-virtio-net-don-t-handle-mq-request-in-userspace-hand.patch [bz#2070804] - kvm-Revert-globally-limit-the-maximum-number-of-CPUs.patch [bz#2094270] - kvm-vfio-common-remove-spurious-warning-on-vfio_listener.patch [bz#2086262] - Resolves: bz#2031024 (Add support for fixing thread pool size [QEMU]) - Resolves: bz#2072379 (Fail to rebuild the reference count tables of qcow2 image on host block devices (e.g. LVs)) - Resolves: bz#2070804 (PXE boot crash qemu when using multiqueue vDPA) - Resolves: bz#2094270 (Do not set the hard vCPU limit to the soft vCPU limit in downstream qemu-kvm anymore) - Resolves: bz#2086262 ([Win11][tpm]vfio_listener_region_del received unaligned region) [7.0.0-5] - kvm-qemu-nbd-Pass-max-connections-to-blockdev-layer.patch [bz#1708300] - kvm-nbd-server-Allow-MULTI_CONN-for-shared-writable-expo.patch [bz#1708300] - Resolves: bz#1708300 (RFE: qemu-nbd vs NBD_FLAG_CAN_MULTI_CONN) [7.0.0-4] - kvm-qapi-machine.json-Add-cluster-id.patch [bz#2041823] - kvm-qtest-numa-test-Specify-CPU-topology-in-aarch64_numa.patch [bz#2041823] - kvm-hw-arm-virt-Consider-SMP-configuration-in-CPU-topolo.patch [bz#2041823] - kvm-qtest-numa-test-Correct-CPU-and-NUMA-association-in-.patch [bz#2041823] - kvm-hw-arm-virt-Fix-CPU-s-default-NUMA-node-ID.patch [bz#2041823] - kvm-hw-acpi-aml-build-Use-existing-CPU-topology-to-build.patch [bz#2041823] - kvm-coroutine-Rename-qemu_coroutine_inc-dec_pool_size.patch [bz#2079938] - kvm-coroutine-Revert-to-constant-batch-size.patch [bz#2079938] - kvm-virtio-scsi-fix-ctrl-and-event-handler-functions-in-.patch [bz#2079347] - kvm-virtio-scsi-don-t-waste-CPU-polling-the-event-virtqu.patch [bz#2079347] - kvm-virtio-scsi-clean-up-virtio_scsi_handle_event_vq.patch [bz#2079347] - kvm-virtio-scsi-clean-up-virtio_scsi_handle_ctrl_vq.patch [bz#2079347] - kvm-virtio-scsi-clean-up-virtio_scsi_handle_cmd_vq.patch [bz#2079347] - kvm-virtio-scsi-move-request-related-items-from-.h-to-.c.patch [bz#2079347] - kvm-Revert-virtio-scsi-Reject-scsi-cd-if-data-plane-enab.patch [bz#1995710] - kvm-migration-Fix-operator-type.patch [bz#2064530] - Resolves: bz#2041823 ([aarch64][numa] When there are at least 6 Numa nodes serial log shows arch topology borken) - Resolves: bz#2079938 (qemu coredump when boot with multi disks (qemu) failed to set up stack guard page: Cannot allocate memory) - Resolves: bz#2079347 (Guest boot blocked when scsi disks using same iothread and 100% CPU consumption) - Resolves: bz#1995710 (RFE: Allow virtio-scsi CD-ROM media change with IOThreads) - Resolves: bz#2064530 (Rebuild qemu-kvm with clang-14) [7.0.0-3] - kvm-hw-arm-virt-Remove-the-dtb-kaslr-seed-machine-option.patch [bz#2046029] - kvm-hw-arm-virt-Fix-missing-initialization-in-instance-c.patch [bz#2046029] - kvm-Enable-virtio-iommu-pci-on-aarch64.patch [bz#1477099] - kvm-sysemu-tpm-Add-a-stub-function-for-TPM_IS_CRB.patch [bz#2037612] - kvm-vfio-common-remove-spurious-tpm-crb-cmd-misalignment.patch [bz#2037612] - Resolves: bz#2046029 ([WRB] New machine type property - dtb-kaslr-seed) - Resolves: bz#1477099 (virtio-iommu (including ACPI, VHOST/VFIO integration, migration support)) - Resolves: bz#2037612 ([Win11][tpm][QL41112 PF] vfio_listener_region_add received unaligned region) [7.0.0-2] - kvm-configs-devices-aarch64-softmmu-Enable-CONFIG_VIRTIO.patch [bz#2044162] - kvm-target-ppc-cpu-models-Fix-ppc_cpu_aliases-list-for-R.patch [bz#2081022] - Resolves: bz#2044162 ([RHEL9.1] Enable virtio-mem as tech-preview on ARM64 QEMU) - Resolves: bz#2081022 (Build regression on ppc64le with c9s qemu-kvm 7.0.0-1 changes) [7.0.0-1] - Rebase to QEMU 7.0.0 [bz#2064757] - Do not build ssh block driver anymore [bz#2064500] - Removed hpet and parallel port support [bz#2065042] - Compatibility support [bz#2064782 bz#2064771] - Resolves: bz#2064757 (Rebase to QEMU 7.0.0) - Resolves: bz#2064500 (Install qemu-kvm-6.2.0-11.el9_0.1 failed as conflict with qemu-kvm-block-ssh-6.2.0-11.el9_0.1) - Resolves: bz#2065042 (Remove upstream-only devices from the qemu-kvm binary) - Resolves: bz#2064782 (Update machine type compatibility for QEMU 7.0.0 update [s390x]) - Resolves: bz#2064771 (Update machine type compatibility for QEMU 7.0.0 update [x86_64]) MODERATE Copyright 2022 Oracle, Inc. CVE-2021-3750 CVE-2021-3507 CVE-2021-3611 CVE-2021-4158 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [2.0.7-6.0.1] - Replaced bugzilla.oracle.com references [Orabug: 34202300] - replaced upstream references [Orabug:34089586] [1:2.0.7-6] - Install qemu-ga package during conversion resolves: rhbz#2028764 [1:2.0.7-5] - Remove LVM2 devices file during conversion resolves: rhbz#2112801 - Add support for Zstandard compressed kernel modules resolves: rhbz#2116811 [1:2.0.7-4] - Remove legacy crypto advice and replace with targeted mechanism resolves: rhbz#2062360 [1:2.0.7-3] - relax qemu64 VCPU feature checking in the libvirt output resolves rhbz#2107503 [1:2.0.7-2] - Rebase to stable branch version 2.0.7 resolves: rhbz#2059287, rhbz#1658126, rhbz#1788823, rhbz#1854275 - Fix openssh-clients dependency resolves: rhbz#2064178 - Fix security issue when running virt-v2v as root resolves: rhbz#2066773 - Remove -o json mode resolves: rhbz#2074026 - Allow conversion of guests with NVMe drives from VMX files resolves: rhbz#2070530 - Cleanly reject guests with snapshots when using -it ssh resolves: rhbz#1774386 - Document that vmx+ssh -ip auth doesnt cover ssh / scp shell commands resolves: rhbz#1854275 - Fix conversion if swap partition isnt encrypted with root directory resolves: rhbz#1658128 - Document permissions when importing OVA using RHV UI resolves: rhbz#2039597 - Multiple fixes for -o qemu mode resolves: rhbz#2074805 - Work around blocking bug in OpenStack resolves: rhbz#2074801 - If multiple open-vm-tools packages are installed, remove all (2076436) - For -o rhv-upload wait for VM creation task resolves: rhbz#1985830 - For -i vmx add full support for SATA hard disks resolves: rhbz#1883802 - Fix booting of RHEL 9.1 guests after conversion resolves: rhbz#2076013 - Fix -o qemu warning resolves: rhbz#2082603 - If listing RPM applications fails, rebuild DB and retry (2089623) - Document -i vmx -it ssh percent encoding in ssh URIs resolves: rhbz#1938954 - Document extra permissions needed for VMware 7 (1817050) - Remove osprober devices left around by grub2 resolves: rhbz#2003503 - Add Requires python3 / platform-python resolves: rhbz#2094779 - Fix CVE-2022-2211 Denial of Service in --key parameter resolves: rhbz#2102719 - Add -oo compressed support resolves: rhbz#2047660 - Limit the maximum of disks per guest resolves: rhbz#2051564 - Add support for LUKS encrypted guests using Clevis & Tang resolves: rhbz#1809453 - Fix remapping of nvme devices in /boot/grub2/device.map resolves: rhbz#2101665 - Improve documentation of vmx+ssh and -ip option resolves: rhbz#1854275 - Fix race condition when unmounting in -o rhv mode (1953286#c26) [1:1.45.99-1] - Rebase to upstream 1.45.99. - Add check for sufficient free space in the host resolves: rhbz#2051394 - Update documentation of -ip for conversions from VMware over HTTPS related: rhbz#1960087 - -o rhv-upload: Keep connections alive resolves: rhbz#2032324 - -o rhv-upload: Improve conversion performance resolves: rhbz#2039255 - -o rhv-upload: Replace -oo rhv-direct with -oo rhv-proxy resolves: rhbz#2033096 - Fix log line wrapping making log parsing difficult (1820221) [1:1.45.97-4] - v2v import from vCenter fails when using interactive password because cookie-script tries to be interactive (pick commit 8abc07a8589a) resolves: rhbz#1960087 - model=virtio-transitional is wrongly added when converting windows guest to local by rhel9 v2v (pick commit range commit range 8abc07a8589a..cacedec64072) resolves: rhbz#2043333 [1:1.45.97-3] - Rebase to upstream 1.45.97. resolves: rhbz#2011713 - Add virtio-transitional for older guests when converting to q35 resolves: rhbz#1942325 - Fix -o rhv mode resolves: rhbz#2027598 - input: xen: Fix assertion error when importing from remote block device resolves: rhbz#2041852 - output: -o json: Allow -oo (output options) to work resolves: rhbz#2041850 - Fix virt-v2v hang when given incorrect vpx:// URL resolves: rhbz#2041886 - Fix hang when converting with virt-p2v resolves: rhbz#2044911 - Send nbdinfo debugging information to stderr resolves: rhbz#2044922 - Explicitly require platform-python resolves: rhbz#2046178 [1:1.45.95-3] - output_rhv: restrict block status collection to the old RHV output - Rebase from upstream commit 702a511b7f33 to direct child commit 07b12fe99fb9 resolves: rhbz#2034240 [1:1.45.95-2] - Rebase to upstream 1.45.95. - Change video type to VGA (instead of QXL). - Remove --in-place support properly. - Remove -o glance support properly. - Fix quoting with openssh >= 8.7 (RHEL) / 8.8 - Fix q35 error IDE controllers are unsupported - Add virt-v2v and libvirt version in debug output - Fix -o rhv output mode showing no guests listed resolves: rhbz#2011713, rhbz#1961107, rhbz#2027673, rhbz#1637857, rhbz#2032112, rhbz#2027598 [1:1.45.3-3] - Fix conversion of Windows BitLocker guests resolves: rhbz#1994984 [1:1.45.3-2] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [1:1.45.3-1] - New upstream development version 1.45.3. - Rebase RHEL patches. resolves: rhbz#1950634 [1:1.45.2-1] - New upstream development version 1.45.2. - Remove --debug-overlays and --print-estimate options. - Remove -o glance option on RHEL 9 (RHBZ#1977539). - Remove support for RHEV-APT (RHBZ#1945549). [1:1.45.1-1.el9.1] - New upstream development version 1.45.1. - Require virtio-win on RHEL (RHBZ#1972644). - v2v-test-harness, virt-v2v-copy-to-local have been removed upstream. [1:1.44.0-2] - nbdkit-vddk-plugin dep only exists on x86-64. [1:1.44.0-1.el9.1] - Rebuild in RHEL 9 against libguestfs 1.45.5 resolves: rhbz#1959042 [1:1.44.0-1] - New upstream stable branch version 1.44.0. [1:1.43.5-1] - New upstream version 1.43.5. [1:1.43.4-5] - Add upstream patch to depend on xorriso. - Change libguestfs-tools-c -> guestfs-tools. [1:1.43.4-3] - Add downstream (RHEL-only) patches (RHBZ#1931724). [1:1.43.4-2] - Bump and rebuild for ocaml-gettext update. [1:1.43.4-1] - New upstream version 1.43.4. [1:1.43.3-4] - OCaml 4.12.0 build [1:1.43.3-3] - Add fix for OCaml 4.12. [1:1.43.3-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild [1:1.43.3-1] - New upstream version 1.43.3. [1:1.43.2-3] - Drop obsolete virt-v2v-copy-to-local tool for Fedora 34 and RHEL 9. [1:1.43.2-2] - Unify Fedora and RHEL spec files. [1:1.43.2-1] - New upstream version 1.43.2. LOW Copyright 2022 Oracle, Inc. CVE-2022-2211 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [3.14.0-13] - Rebuilt for test fixes [3.14.0-12] - Rebuilt for test fixes [3.14.0-11] - Applied patch for for CVE-2021-22570 (#2055641) MODERATE Copyright 2022 Oracle, Inc. CVE-2021-22570 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::codeready_builder_developer Oracle Linux 9 [2:2.99.8-3] - fix CVE-2022-30067 - fix CVE-2022-32990 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-32990 CVE-2022-30067 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [1.2.0-11] - CVE-2020-23903 speex: divide by zero in read_samples() via crafted WAV file - Resolves: CVE-2020-23903 LOW Copyright 2022 Oracle, Inc. CVE-2020-23903 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::codeready_builder_developer Oracle Linux 9 [8.5.0-7.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] [8.5.0-7] - security_selinux: Dont ignore NVMe disks when setting image label (rhbz#2121441) [8.5.0-6] - qemu_process: Destroy domains namespace after killing QEMU (rhbz#2121141) [8.5.0-5] - rpc: Pass OPENSSL_CONF through to ssh invocations (rhbz#2112348) [8.5.0-4] - qemu: Pass migration flags to qemuMigrationParamsApply (rhbz#2111070) - qemu_migration_params: Replace qemuMigrationParamTypes array (rhbz#2111070) - qemu_migration: Pass migParams to qemuMigrationSrcResume (rhbz#2111070) - qemu_migration: Apply max-postcopy-bandwidth on post-copy resume (rhbz#2111070) - qemu: Always assume support for QEMU_CAPS_MIGRATION_PARAM_XBZRLE_CACHE_SIZE (rhbz#2107892) - qemu_migration: Store original migration params in status XML (rhbz#2107892) - qemu_migration_params: Refactor qemuMigrationParamsApply (rhbz#2107892) - qemu_migration_params: Refactor qemuMigrationParamsReset (rhbz#2107892) - qemu_migration_params: Avoid deadlock in qemuMigrationParamsReset (rhbz#2107892) - qemu: Restore original memory locking limit on reconnect (rhbz#2107424) - qemu: Properly release job in qemuDomainSaveInternal (rhbz#1497907) - qemu: dont call qemuMigrationSrcIsAllowedHostdev() from qemuMigrationDstPrepareFresh() (rhbz#1497907) [8.5.0-3] - qemu: introduce capability QEMU_CAPS_MIGRATION_BLOCKED_REASONS (rhbz#2092833) - qemu: new function to retrieve migration blocker reasons from QEMU (rhbz#2092833) - qemu: query QEMU for migration blockers before our own harcoded checks (rhbz#2092833) - qemu: remove hardcoded migration fail for vDPA devices if we can ask QEMU (rhbz#2092833) - qemu_migration: Use EnterMonitorAsync in qemuDomainGetMigrationBlockers (rhbz#2092833) - qemu: dont try to query QEMU about migration blockers during offline migration (rhbz#2092833) - qemu_migration: Acquire correct job in qemuMigrationSrcIsAllowed (rhbz#2092833) - virsh: Require --xpath for *dumpxml (rhbz#2103524) - qemu: skip hardcoded hostdev migration check if QEMU can do it for us (rhbz#1497907) [8.5.0-2] - domain_conf: Format <defaultiothread/> more often (rhbz#2059511) - domain_conf: Format iothread IDs more often (rhbz#2059511) - qemu: Make IOThread changing more robust (rhbz#2059511) - qemuDomainSetIOThreadParams: Accept VIR_DOMAIN_AFFECT_CONFIG flag (rhbz#2059511) - virsh: Implement --config for iothreadset (rhbz#2059511) - docs: Document TPM portion of domcaps (rhbz#2103119) - virtpm: Introduce TPM-1.2 and TPM-2.0 capabilieis (rhbz#2103119) - domcaps: Introduce TPM backendVersion (rhbz#2103119) - qemu: Report supported TPM version in domcaps (rhbz#2103119) - vircpi: Add PCIe 5.0 and 6.0 link speeds (rhbz#2105231) [8.5.0-1] - Rebased to libvirt-8.5.0 (rhbz#2060313) - The rebase also fixes the following bugs: rhbz#1475431, rhbz#2026765, rhbz#2059511, rhbz#2089431, rhbz#2102009 LOW Copyright 2022 Oracle, Inc. CVE-2022-0897 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [1.27.0-2.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178] [1:1.27.0-2] - fix CVE-2022-2990 - Related: #2061316 [1:1.27.0-1] - update to https://github.com/containers/buildah/releases/tag/v1.27.0 - Related: #2061316 [1:1.26.4-2] - add buildah-tutorial to test subpackage - Related: #2061316 [1:1.26.4-1] - update to https://github.com/containers/buildah/releases/tag/v1.26.4 - Related: #2061316 [1:1.26.3-1] - update to https://github.com/containers/buildah/releases/tag/v1.26.3 - Related: #2061316 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-2990 CVE-2022-27191 CVE-2021-33195 CVE-2021-33197 CVE-2021-20291 CVE-2021-33198 CVE-2022-2989 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [1.0.10-6.el9.2] - Security fixes for CVE-2022-25308, CVE-2022-25309, CVE-2022-25310 Resolves: rhbz#2050086, rhbz#2050069, rhbz#2050063 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-25309 CVE-2022-25310 CVE-2022-25308 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [5.15.3-1] - 5.15.3 Resolves: bz#2061352 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-25255 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9::codeready_builder_developer Oracle Linux 9 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-26716 CVE-2022-26717 CVE-2022-22629 CVE-2022-26700 CVE-2022-22662 CVE-2022-26710 CVE-2022-26709 CVE-2022-26719 CVE-2022-22624 CVE-2022-22628 CVE-2022-30293 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [7.5.15-3] - resolve CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions - resolve CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header - resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working - resolve CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read - resolve CVE-2022-30630 golang: io/fs: stack exhaustion in Glob - resolve CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob - resolve CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode - resolve CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip - resolve CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal [7.5.15-2] - resolve CVE-2022-31107 grafana: OAuth account takeover [7.5.15-1] - update to 7.5.15 tagged upstream community sources, see CHANGELOG - resolve CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources - resolve CVE-2022-21702 grafana: XSS vulnerability in data source handling - resolve CVE-2022-21703 grafana: CSRF vulnerability can lead to privilege escalation - resolve CVE-2022-21713 grafana: IDOR vulnerability can lead to information disclosure - resolve CVE-2021-23648 sanitize-url: XSS - resolve CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter - declare Node.js dependencies of subpackages - make vendor and webpack tarballs reproducible [7.5.11-3] - use HMAC-SHA-256 instead of SHA-1 to generate password reset tokens - update FIPS tests in check phase [7.5.11-2] - resolve CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache - resolve CVE-2021-43813 grafana: directory traversal vulnerability for *.md files [7.5.11-1] - update to 7.5.11 tagged upstream community sources, see CHANGELOG - resolve CVE-2021-39226 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21698 CVE-2022-21713 CVE-2022-32148 CVE-2022-21673 CVE-2022-21702 CVE-2022-30630 CVE-2022-1962 CVE-2022-30631 CVE-2021-23648 CVE-2022-1705 CVE-2022-21703 CVE-2022-28131 CVE-2022-30635 CVE-2022-30632 CVE-2022-30633 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [1.16.2-2] - Require openssl tool for unbound-keygen (#2116802) [1.16.2-1] - Update to 1.16.2 (#2087120) [1.16.0-3] - Disable ED25519 and ED448 in FIPS mode (#2079548) [1.16.0-2] - Restart keygen service before every unbound start (#2094336) [1.16.0-1] - Update to 1.16.0 (#2087120) [1.15.0-1] - Update to 1.15.0 (#2030608) - Update icannbundle.pem [1.13.2-1] - Resolves: rhbz#1992985 unbound-1.13.2 is available - Use system-wide crypto policies [1.13.1-15] - Export unbound-devel to CRB repository (#2056116) [1.13.1-14] - Stop creating wrong devel manual pages (#2071943) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-30699 CVE-2022-30698 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [2.4.53-7.0.1] - Replace index.html with Oracles index page oracle_index.html. [2.4.53-7] - Resolves: #2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling - Resolves: #2097032 - CVE-2022-28615 httpd: out-of-bounds read in ap_strcmp_match() - Resolves: #2098248 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism - Resolves: #2097016 - CVE-2022-28614 httpd: out-of-bounds read via ap_rwrite() - Resolves: #2097452 - CVE-2022-29404 httpd: mod_lua: DoS in r:parsebody - Resolves: #2097459 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability - Resolves: #2097481 - CVE-2022-30556 httpd: mod_lua: Information disclosure with websockets [2.4.53-6] - Related: #2065677 - httpd minimisation for ubi-micro [2.4.53-5] - Resolves: #2098056 - mod_ldap: High CPU usage at apr_ldap_rebind_remove() [2.4.53-4] - Resolves: #2095838 - mod_mime_magic: invalid type 0 in mconvert() [2.4.53-3] - Resolves: #2065677 - httpd minimisation for ubi-micro - minimize httpd dependencies (new httpd-core package) - mod_systemd and mod_brotli are now packaged in the main httpd package [2.4.53-1] - new version 2.4.53 - Resolves: #2079939 - httpd rebase to 2.4.53 - Resolves: #2075406 - httpd.conf uses icon bomb.gif for all files/dirs ending with core [2.4.51-8] - Resolves: #2073459 - Cannot override LD_LIBARY_PATH in Apache HTTPD using SetEnv or PassEnv MODERATE Copyright 2022 Oracle, Inc. CVE-2022-26377 CVE-2022-28614 CVE-2022-30522 CVE-2022-23943 CVE-2022-30556 CVE-2022-22719 CVE-2022-28615 CVE-2022-29404 CVE-2022-31813 CVE-2022-22721 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [32:9.16.23-5] - Fix possible serve-stale related crash (CVE-2022-3080) - Fix memory leak in ECDSA verify processing (CVE-2022-38177) - Fix memory leak in EdDSA verify processing (CVE-2022-38178) [32:9.16.23-4] - Export bind-doc package (#2104863) [32:9.16.23-3] - Tighten cache protection against record from forwarders (CVE-2021-25220) - Include test of forwarders [32:9.16.23-2] - TCP connections with keep-response-order are properly close in all cases (CVE-2022-0396) MODERATE Copyright 2022 Oracle, Inc. CVE-2021-25220 CVE-2022-0396 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [2.85-5] - Prevent endless loop in forward_query (#2120711) [2.85-4] - Prevent use after free in dhcp6_no_relay (CVE-2022-0934) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-0934 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [1.3.3-10] - handle end-of-stream when encoding with verification (CVE-2021-0561) MODERATE Copyright 2022 Oracle, Inc. CVE-2021-0561 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9::codeready_builder_developer Oracle Linux 9 [4:1.1.4-1] - update to https://github.com/opencontainers/runc/releases/tag/v1.1.4 - Related: #2061316 LOW Copyright 2022 Oracle, Inc. CVE-2022-29162 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [6.2.7-1] - rebase to 6.2.7 #2083151 LOW Copyright 2022 Oracle, Inc. CVE-2022-24736 CVE-2022-24735 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [0.7.0-3.20211109gitb79fd91] - Disable OpenSSL FIPS mode to avoid libtpms failures Resolves: rhbz#2090219 [0.7.0-2.20211109gitb79fd91] - Add fix for CVE-2022-23645. Resolves: rhbz#2056518 LOW Copyright 2022 Oracle, Inc. CVE-2022-23645 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 * Tue Jun 14 2022 Michal Ruprich - 8.2.2-4 - Resolves: #2095404 - frr use systemd-sysusers [8.2.2-3] - Resolves: #2081304 - Enhanced TMT testing for centos-stream [8.2.2-2] - Resolves: #2069571 - the dynamic routing setup does not work any more [8.2.2-1] - Resolves: #2069563 - Rebase frr to version 8.2.2 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-26125 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [2.14.0-1] - New release - Add ignition-apply symlink - Add ignition-rmcfg symlink and ignition-delete-config.service [2.13.0-2] - Rename -validate-nonlinux subpackage to -validate-redistributable - Add static Linux binaries to -redistributable - Fix macro invocation in comment - Avoid kernel lockdown on VMware when running with secure boot MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1706 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [5.4.0-5] - CVE-2021-44269 wavpack: heap Out-of-bounds Read - Resolves: CVE-2021-44269 LOW Copyright 2022 Oracle, Inc. CVE-2021-44269 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::codeready_builder_developer Oracle Linux 9 [21.01.0-13] - Dont run out of file for Hints - Rebuild for #2096451 - Resolves: #2090970, #2096451 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-27337 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [2.1.3-4] - Bump version to 2.1.3-4 - Resolves: Bug 1872451 - Fix regression with dscreate template [2.1.3-3] - Bump version to 2.1.3-3 - Resolves: Bug 2118765 [2.1.3-2] - Bump version to 2.1.3-2 - Resolves: Bug 2118765 - SIGSEGV in sync_repl [2.1.3-1] - Bump version to 2.1.3-1 - Resolves: Bug 2061801 - rebase 389-ds-base to 2.1.3 - Resolves: Bug 1872451 - RFE - run as non-root - Resolves: Bug 2052527 - RFE - Provide an option to abort an Auto Member rebuild task - Resolves: Bug 2057056 - Import may break the replication because changelog starting csn may not be created - Resolves: Bug 2057063 - Add support for recursively deleting subentries - Resolves: Bug 2062778 - sending crafted message could result in DoS - Resolves: Bug 2064781 - expired password was still allowed to access the database - Resolves: Bug 2100337 - dsconf backend export userroot fails ldap.DECODING_ERROR [2.1.1-3] - Bump version to 2.1.1-3 - Resolves: Bug 2061801 - Fix nss-tools requirement [2.1.1-2] - Bump version to 2.1.1-2 - Resolves: Bug 2061801 - Fix lmdb-libs requirement [2.1.1-1] - Bump version to 2.1.1-1 - Resolves: Bug 2061801 - rebase 389-ds-base to 2.1.1 [2.1.0-1] - Bump version to 2.1.0-1 - Resolves: Bug 2061801 - rebase 389-ds-base to 2.1.0 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-2850 CVE-2022-0918 CVE-2022-0996 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::distro_builder cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [4.4.0-2] - Update to version 4.4.0 - Resolves: CVE-2022-0561 CVE-2022-0562 CVE-2022-22844 CVE-2022-0865 CVE-2022-0891 CVE-2022-0924 CVE-2022-0909 CVE-2022-0908 CVE-2022-1354 CVE-2022-1355 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1355 CVE-2022-1354 CVE-2022-0909 CVE-2022-0865 CVE-2022-0908 CVE-2022-22844 CVE-2022-0561 CVE-2022-0562 CVE-2022-0891 CVE-2022-0924 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [8.0.20-3] - snmp3 calls using authPriv or authNoPriv immediately return false #2104630 [8.0.20-2] - fix patch41 not applied (use system nikic/php-parser when available) [8.0.20-1] - rebase to 8.0.20 #2095752 - clean unneeded dependency on useradd command #2095447 - add upstream patch to initialize pcre before mbstring - retrieve tzdata version from /usr/share/zoneinfo/tzdata.zi MODERATE Copyright 2022 Oracle, Inc. CVE-2022-31625 CVE-2021-21708 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [2.4.0-7] - Fix CVE-2022-1122 LOW Copyright 2022 Oracle, Inc. CVE-2022-1122 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::codeready_builder_developer Oracle Linux 9 [1:2.3.16-7.0.1] - do not run systemd commands during leapp upgrade [Orabug: 34680501] [1:2.3.16-7] - fix possible privilege escalation when similar master and non-master passdbs are used (#2106232) [1:2.3.16-6] - fix possible nonzero return value of postinst script(#2053368) [1:2.3.16-5] - workaround sysuers macro defficiency (#2095399) [1:2.3.16-4] - use systemd-sysusers for user creation (#2095399) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-30550 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [5:2.2.6-1] - Rebase to upstream version 2.2.6 Resolves: CVE-2022-1328 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1328 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [1.20.11-11] - CVE fix for: CVE-2022-2319/ZDI-CAN-16062, CVE-2022-2320/ZDI-CAN-16070 Resolves: rhbz#2108157, rhbz#2108162 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-2319 CVE-2022-2320 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::distro_builder cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [21.1.3-3] - CVE fix for: CVE-2022-2319/ZDI-CAN-16062, CVE-2022-2320/ZDI-CAN-16070 Resolves: rhbz#2110440, rhbz#2110433 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-2320 CVE-2022-2319 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::distro_builder cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [4.6.5-3] - Security fix for CVE-2022-2309 - Resolves: rhbz#2107571 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-2309 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [3.2.0-3] - bump NVR MODERATE Copyright 2022 Oracle, Inc. CVE-2022-32148 CVE-2022-30635 CVE-2022-30630 CVE-2022-30631 CVE-2022-1705 CVE-2022-30632 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-24795 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9::codeready_builder_developer Oracle Linux 9 [21.11.2-1] - Rebase to 21.11.2 (#2126159) - Includes fixes for CVE-2022-2132 (#2107173) and CVE-2022-28199 (#2123616) [21.11.1-1] - Rebase to 21.11.1 (#2106856) - Includes fix for CVE-2021-3839 (#2026642) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-28199 CVE-2022-2132 CVE-2021-3839 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [5.14.0-162.6.1_1.OL9] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944] - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] [5.14.0-162.6.1_1] - kabi: add symbol yield to stablelist (cestmir Kalina) [2120286] - kabi: add symbol xa_find_after to stablelist (cestmir Kalina) [2120286] - kabi: add symbol xa_find to stablelist (cestmir Kalina) [2120286] - kabi: add symbol xa_destroy to stablelist (cestmir Kalina) [2120286] - kabi: add symbol x86_spec_ctrl_base to stablelist (cestmir Kalina) [2120286] - kabi: add symbol x86_cpu_to_apicid to stablelist (cestmir Kalina) [2120286] - kabi: add symbol wait_for_completion_interruptible to stablelist (cestmir Kalina) [2120286] - kabi: add symbol wait_for_completion to stablelist (cestmir Kalina) [2120286] - kabi: add symbol vsprintf to stablelist (cestmir Kalina) [2120286] - kabi: add symbol vsnprintf to stablelist (cestmir Kalina) [2120286] - kabi: add symbol vprintk to stablelist (cestmir Kalina) [2120286] - kabi: add symbol vmemmap_base to stablelist (cestmir Kalina) [2120286] - kabi: add symbol vmalloc_base to stablelist (cestmir Kalina) [2120286] - kabi: add symbol vmalloc to stablelist (cestmir Kalina) [2120286] - kabi: add symbol vm_zone_stat to stablelist (cestmir Kalina) [2120286] - kabi: add symbol vm_event_states to stablelist (cestmir Kalina) [2120286] - kabi: add symbol vfree to stablelist (cestmir Kalina) [2120286] - kabi: add symbol uv_undefined to stablelist (cestmir Kalina) [2120286] - kabi: add symbol uv_teardown_irq to stablelist (cestmir Kalina) [2120286] - kabi: add symbol uv_setup_irq to stablelist (cestmir Kalina) [2120286] - kabi: add symbol uv_possible_blades to stablelist (cestmir Kalina) [2120286] - kabi: add symbol uv_get_hubless_system to stablelist (cestmir Kalina) [2120286] - kabi: add symbol uv_bios_obj_count to stablelist (cestmir Kalina) [2120286] - kabi: add symbol uv_bios_install_heap to stablelist (cestmir Kalina) [2120286] - kabi: add symbol uv_bios_get_pci_topology to stablelist (cestmir Kalina) [2120286] - kabi: add symbol uv_bios_get_master_nasid to stablelist (cestmir Kalina) [2120286] - kabi: add symbol uv_bios_get_heapsize to stablelist (cestmir Kalina) [2120286] - kabi: add symbol uv_bios_get_geoinfo to stablelist (cestmir Kalina) [2120286] - kabi: add symbol uv_bios_enum_ports to stablelist (cestmir Kalina) [2120286] - kabi: add symbol uv_bios_enum_objs to stablelist (cestmir Kalina) [2120286] - kabi: add symbol up_write to stablelist (cestmir Kalina) [2120286] - kabi: add symbol up_read to stablelist (cestmir Kalina) [2120286] - kabi: add symbol up to stablelist (cestmir Kalina) [2120286] - kabi: add symbol unregister_reboot_notifier to stablelist (cestmir Kalina) [2120286] - kabi: add symbol unregister_nmi_handler to stablelist (cestmir Kalina) [2120286] - kabi: add symbol unregister_netdevice_notifier to stablelist (cestmir Kalina) [2120286] - kabi: add symbol unregister_chrdev_region to stablelist (cestmir Kalina) [2120286] - kabi: add symbol unregister_blkdev to stablelist (cestmir Kalina) [2120286] - kabi: add symbol tsc_khz to stablelist (cestmir Kalina) [2120286] - kabi: add symbol try_wait_for_completion to stablelist (cestmir Kalina) [2120286] - kabi: add symbol touch_softlockup_watchdog to stablelist (cestmir Kalina) [2120286] - kabi: add symbol time64_to_tm to stablelist (cestmir Kalina) [2120286] - kabi: add symbol this_cpu_off to stablelist (cestmir Kalina) [2120286] - kabi: add symbol tasklet_unlock_wait to stablelist (cestmir Kalina) [2120286] - kabi: add symbol tasklet_kill to stablelist (cestmir Kalina) [2120286] - kabi: add symbol tasklet_init to stablelist (cestmir Kalina) [2120286] - kabi: add symbol system_wq to stablelist (cestmir Kalina) [2120286] - kabi: add symbol system_freezing_cnt to stablelist (cestmir Kalina) [2120286] - kabi: add symbol sys_tz to stablelist (cestmir Kalina) [2120286] - kabi: add symbol synchronize_rcu to stablelist (cestmir Kalina) [2120286] - kabi: add symbol strstr to stablelist (cestmir Kalina) [2120286] - kabi: add symbol strsep to stablelist (cestmir Kalina) [2120286] - kabi: add symbol strrchr to stablelist (cestmir Kalina) [2120286] - kabi: add symbol strnlen to stablelist (cestmir Kalina) [2120286] - kabi: add symbol strncpy_from_user to stablelist (cestmir Kalina) [2120286] - kabi: add symbol strncpy to stablelist (cestmir Kalina) [2120286] - kabi: add symbol strncmp to stablelist (cestmir Kalina) [2120286] - kabi: add symbol strncasecmp to stablelist (cestmir Kalina) [2120286] - kabi: add symbol strlen to stablelist (cestmir Kalina) [2120286] - kabi: add symbol strlcpy to stablelist (cestmir Kalina) [2120286] - kabi: add symbol strlcat to stablelist (cestmir Kalina) [2120286] - kabi: add symbol strcpy to stablelist (cestmir Kalina) [2120286] - kabi: add symbol strcmp to stablelist (cestmir Kalina) [2120286] - kabi: add symbol strchr to stablelist (cestmir Kalina) [2120286] - kabi: add symbol sscanf to stablelist (cestmir Kalina) [2120286] - kabi: add symbol sprintf to stablelist (cestmir Kalina) [2120286] - kabi: add symbol sort to stablelist (cestmir Kalina) [2120286] - kabi: add symbol snprintf to stablelist (cestmir Kalina) [2120286] - kabi: add symbol sn_region_size to stablelist (cestmir Kalina) [2120286] - kabi: add symbol sn_partition_id to stablelist (cestmir Kalina) [2120286] - kabi: add symbol smp_call_function_single_async to stablelist (cestmir Kalina) [2120286] - kabi: add symbol smp_call_function_single to stablelist (cestmir Kalina) [2120286] - kabi: add symbol smp_call_function_many to stablelist (cestmir Kalina) [2120286] - kabi: add symbol sme_me_mask to stablelist (cestmir Kalina) [2120286] - kabi: add symbol simple_strtoull to stablelist (cestmir Kalina) [2120286] - kabi: add symbol simple_strtoul to stablelist (cestmir Kalina) [2120286] - kabi: add symbol simple_strtol to stablelist (cestmir Kalina) [2120286] - kabi: add symbol simple_read_from_buffer to stablelist (cestmir Kalina) [2120286] - kabi: add symbol set_freezable to stablelist (cestmir Kalina) [2120286] - kabi: add symbol set_current_groups to stablelist (cestmir Kalina) [2120286] - kabi: add symbol security_sb_eat_lsm_opts to stablelist (cestmir Kalina) [2120286] - kabi: add symbol security_free_mnt_opts to stablelist (cestmir Kalina) [2120286] - kabi: add symbol scsi_command_size_tbl to stablelist (cestmir Kalina) [2120286] - kabi: add symbol scnprintf to stablelist (cestmir Kalina) [2120286] - kabi: add symbol schedule_timeout to stablelist (cestmir Kalina) [2120286] - kabi: add symbol schedule to stablelist (cestmir Kalina) [2120286] - kabi: add symbol rtnl_is_locked to stablelist (cestmir Kalina) [2120286] - kabi: add symbol revert_creds to stablelist (cestmir Kalina) [2120286] - kabi: add symbol request_threaded_irq to stablelist (cestmir Kalina) [2120286] - kabi: add symbol remove_wait_queue to stablelist (cestmir Kalina) [2120286] - kabi: add symbol register_reboot_notifier to stablelist (cestmir Kalina) [2120286] - kabi: add symbol register_netdevice_notifier to stablelist (cestmir Kalina) [2120286] - kabi: add symbol register_chrdev_region to stablelist (cestmir Kalina) [2120286] - kabi: add symbol refcount_warn_saturate to stablelist (cestmir Kalina) [2120286] - kabi: add symbol recalc_sigpending to stablelist (cestmir Kalina) [2120286] - kabi: add symbol rcu_read_unlock_strict to stablelist (cestmir Kalina) [2120286] - kabi: add symbol rb_next to stablelist (cestmir Kalina) [2120286] - kabi: add symbol rb_first to stablelist (cestmir Kalina) [2120286] - kabi: add symbol radix_tree_delete to stablelist (cestmir Kalina) [2120286] - kabi: add symbol queue_work_on to stablelist (cestmir Kalina) [2120286] - kabi: add symbol queue_delayed_work_on to stablelist (cestmir Kalina) [2120286] - kabi: add symbol put_unused_fd to stablelist (cestmir Kalina) [2120286] - kabi: add symbol ptrs_per_p4d to stablelist (cestmir Kalina) [2120286] - kabi: add symbol printk to stablelist (cestmir Kalina) [2120286] - kabi: add symbol prepare_to_wait_exclusive to stablelist (cestmir Kalina) [2120286] - kabi: add symbol prepare_to_wait_event to stablelist (cestmir Kalina) [2120286] - kabi: add symbol prepare_to_wait to stablelist (cestmir Kalina) [2120286] - kabi: add symbol prepare_creds to stablelist (cestmir Kalina) [2120286] - kabi: add symbol posix_acl_valid to stablelist (cestmir Kalina) [2120286] - kabi: add symbol posix_acl_to_xattr to stablelist (cestmir Kalina) [2120286] - kabi: add symbol posix_acl_from_xattr to stablelist (cestmir Kalina) [2120286] - kabi: add symbol posix_acl_alloc to stablelist (cestmir Kalina) [2120286] - kabi: add symbol physical_mask to stablelist (cestmir Kalina) [2120286] - kabi: add symbol phys_base to stablelist (cestmir Kalina) [2120286] - kabi: add symbol pgdir_shift to stablelist (cestmir Kalina) [2120286] - kabi: add symbol percpu_ref_init to stablelist (cestmir Kalina) [2120286] - kabi: add symbol percpu_ref_exit to stablelist (cestmir Kalina) [2120286] - kabi: add symbol panic_notifier_list to stablelist (cestmir Kalina) [2120286] - kabi: add symbol panic to stablelist (cestmir Kalina) [2120286] - kabi: add symbol page_offset_base to stablelist (cestmir Kalina) [2120286] - kabi: add symbol override_creds to stablelist (cestmir Kalina) [2120286] - kabi: add symbol numa_node to stablelist (cestmir Kalina) [2120286] - kabi: add symbol nr_cpu_ids to stablelist (cestmir Kalina) [2120286] - kabi: add symbol node_states to stablelist (cestmir Kalina) [2120286] - kabi: add symbol mutex_unlock to stablelist (cestmir Kalina) [2120286] - kabi: add symbol mutex_trylock to stablelist (cestmir Kalina) [2120286] - kabi: add symbol mutex_lock to stablelist (cestmir Kalina) [2120286] - kabi: add symbol mutex_is_locked to stablelist (cestmir Kalina) [2120286] - kabi: add symbol msleep to stablelist (cestmir Kalina) [2120286] - kabi: add symbol memset to stablelist (cestmir Kalina) [2120286] - kabi: add symbol mempool_free_slab to stablelist (cestmir Kalina) [2120286] - kabi: add symbol mempool_free to stablelist (cestmir Kalina) [2120286] - kabi: add symbol mempool_destroy to stablelist (cestmir Kalina) [2120286] - kabi: add symbol mempool_create_node to stablelist (cestmir Kalina) [2120286] - kabi: add symbol mempool_create to stablelist (cestmir Kalina) [2120286] - kabi: add symbol mempool_alloc_slab to stablelist (cestmir Kalina) [2120286] - kabi: add symbol mempool_alloc to stablelist (cestmir Kalina) [2120286] - kabi: add symbol memparse to stablelist (cestmir Kalina) [2120286] - kabi: add symbol memory_read_from_buffer to stablelist (cestmir Kalina) [2120286] - kabi: add symbol memmove to stablelist (cestmir Kalina) [2120286] - kabi: add symbol memcpy to stablelist (cestmir Kalina) [2120286] - kabi: add symbol memcmp to stablelist (cestmir Kalina) [2120286] - kabi: add symbol mem_section to stablelist (cestmir Kalina) [2120286] - kabi: add symbol mds_idle_clear to stablelist (cestmir Kalina) [2120286] - kabi: add symbol lookup_bdev to stablelist (cestmir Kalina) [2120286] - kabi: add symbol ktime_get_ts64 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol ktime_get_real_ts64 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol ktime_get_coarse_real_ts64 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol ktime_get to stablelist (cestmir Kalina) [2120286] - kabi: add symbol kthread_should_stop to stablelist (cestmir Kalina) [2120286] - kabi: add symbol kstrtoull to stablelist (cestmir Kalina) [2120286] - kabi: add symbol kstrtoll to stablelist (cestmir Kalina) [2120286] - kabi: add symbol kmalloc_order_trace to stablelist (cestmir Kalina) [2120286] - kabi: add symbol kfree to stablelist (cestmir Kalina) [2120286] - kabi: add symbol kernel_sigaction to stablelist (cestmir Kalina) [2120286] - kabi: add symbol kernel_fpu_end to stablelist (cestmir Kalina) [2120286] - kabi: add symbol kernel_fpu_begin_mask to stablelist (cestmir Kalina) [2120286] - kabi: add symbol jiffies_64 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol jiffies to stablelist (cestmir Kalina) [2120286] - kabi: add symbol is_vmalloc_addr to stablelist (cestmir Kalina) [2120286] - kabi: add symbol is_uv_system to stablelist (cestmir Kalina) [2120286] - kabi: add symbol iounmap to stablelist (cestmir Kalina) [2120286] - kabi: add symbol ioremap to stablelist (cestmir Kalina) [2120286] - kabi: add symbol iomem_resource to stablelist (cestmir Kalina) [2120286] - kabi: add symbol init_wait_entry to stablelist (cestmir Kalina) [2120286] - kabi: add symbol init_timer_key to stablelist (cestmir Kalina) [2120286] - kabi: add symbol in_group_p to stablelist (cestmir Kalina) [2120286] - kabi: add symbol in_aton to stablelist (cestmir Kalina) [2120286] - kabi: add symbol in6_pton to stablelist (cestmir Kalina) [2120286] - kabi: add symbol in4_pton to stablelist (cestmir Kalina) [2120286] - kabi: add symbol hrtimer_start_range_ns to stablelist (cestmir Kalina) [2120286] - kabi: add symbol hrtimer_init to stablelist (cestmir Kalina) [2120286] - kabi: add symbol hrtimer_forward to stablelist (cestmir Kalina) [2120286] - kabi: add symbol hrtimer_cancel to stablelist (cestmir Kalina) [2120286] - kabi: add symbol groups_alloc to stablelist (cestmir Kalina) [2120286] - kabi: add symbol get_zeroed_page to stablelist (cestmir Kalina) [2120286] - kabi: add symbol get_unused_fd_flags to stablelist (cestmir Kalina) [2120286] - kabi: add symbol free_percpu to stablelist (cestmir Kalina) [2120286] - kabi: add symbol free_pages to stablelist (cestmir Kalina) [2120286] - kabi: add symbol free_irq to stablelist (cestmir Kalina) [2120286] - kabi: add symbol fortify_panic to stablelist (cestmir Kalina) [2120286] - kabi: add symbol flush_workqueue to stablelist (cestmir Kalina) [2120286] - kabi: add symbol finish_wait to stablelist (cestmir Kalina) [2120286] - kabi: add symbol elfcorehdr_addr to stablelist (cestmir Kalina) [2120286] - kabi: add symbol efi to stablelist (cestmir Kalina) [2120286] - kabi: add symbol dump_stack to stablelist (cestmir Kalina) [2120286] - kabi: add symbol downgrade_write to stablelist (cestmir Kalina) [2120286] - kabi: add symbol down_write_trylock to stablelist (cestmir Kalina) [2120286] - kabi: add symbol down_write to stablelist (cestmir Kalina) [2120286] - kabi: add symbol down_trylock to stablelist (cestmir Kalina) [2120286] - kabi: add symbol down_read_trylock to stablelist (cestmir Kalina) [2120286] - kabi: add symbol down_read to stablelist (cestmir Kalina) [2120286] - kabi: add symbol down_interruptible to stablelist (cestmir Kalina) [2120286] - kabi: add symbol down to stablelist (cestmir Kalina) [2120286] - kabi: add symbol dmi_get_system_info to stablelist (cestmir Kalina) [2120286] - kabi: add symbol devmap_managed_key to stablelist (cestmir Kalina) [2120286] - kabi: add symbol dev_base_lock to stablelist (cestmir Kalina) [2120286] - kabi: add symbol destroy_workqueue to stablelist (cestmir Kalina) [2120286] - kabi: add symbol delayed_work_timer_fn to stablelist (cestmir Kalina) [2120286] - kabi: add symbol del_timer_sync to stablelist (cestmir Kalina) [2120286] - kabi: add symbol default_wake_function to stablelist (cestmir Kalina) [2120286] - kabi: add symbol csum_partial to stablelist (cestmir Kalina) [2120286] - kabi: add symbol cpumask_next to stablelist (cestmir Kalina) [2120286] - kabi: add symbol cpufreq_quick_get to stablelist (cestmir Kalina) [2120286] - kabi: add symbol cpu_sibling_map to stablelist (cestmir Kalina) [2120286] - kabi: add symbol cpu_number to stablelist (cestmir Kalina) [2120286] - kabi: add symbol cpu_khz to stablelist (cestmir Kalina) [2120286] - kabi: add symbol cpu_info to stablelist (cestmir Kalina) [2120286] - kabi: add symbol cpu_bit_bitmap to stablelist (cestmir Kalina) [2120286] - kabi: add symbol congestion_wait to stablelist (cestmir Kalina) [2120286] - kabi: add symbol complete_and_exit to stablelist (cestmir Kalina) [2120286] - kabi: add symbol complete to stablelist (cestmir Kalina) [2120286] - kabi: add symbol commit_creds to stablelist (cestmir Kalina) [2120286] - kabi: add symbol clear_user to stablelist (cestmir Kalina) [2120286] - kabi: add symbol capable to stablelist (cestmir Kalina) [2120286] - kabi: add symbol cancel_delayed_work_sync to stablelist (cestmir Kalina) [2120286] - kabi: add symbol cancel_delayed_work to stablelist (cestmir Kalina) [2120286] - kabi: add symbol call_usermodehelper to stablelist (cestmir Kalina) [2120286] - kabi: add symbol call_rcu to stablelist (cestmir Kalina) [2120286] - kabi: add symbol cachemode2protval to stablelist (cestmir Kalina) [2120286] - kabi: add symbol boot_cpu_data to stablelist (cestmir Kalina) [2120286] - kabi: add symbol blk_stack_limits to stablelist (cestmir Kalina) [2120286] - kabi: add symbol bitmap_release_region to stablelist (cestmir Kalina) [2120286] - kabi: add symbol bitmap_find_free_region to stablelist (cestmir Kalina) [2120286] - kabi: add symbol avenrun to stablelist (cestmir Kalina) [2120286] - kabi: add symbol autoremove_wake_function to stablelist (cestmir Kalina) [2120286] - kabi: add symbol atomic_notifier_chain_unregister to stablelist (cestmir Kalina) [2120286] - kabi: add symbol atomic_notifier_chain_register to stablelist (cestmir Kalina) [2120286] - kabi: add symbol async_synchronize_full_domain to stablelist (cestmir Kalina) [2120286] - kabi: add symbol async_synchronize_full to stablelist (cestmir Kalina) [2120286] - kabi: add symbol alloc_workqueue to stablelist (cestmir Kalina) [2120286] - kabi: add symbol alloc_chrdev_region to stablelist (cestmir Kalina) [2120286] - kabi: add symbol add_wait_queue_exclusive to stablelist (cestmir Kalina) [2120286] - kabi: add symbol add_wait_queue to stablelist (cestmir Kalina) [2120286] - kabi: add symbol add_timer to stablelist (cestmir Kalina) [2120286] - kabi: add symbol abort_creds to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _totalram_pages to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_write_unlock_irqrestore to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_write_unlock_bh to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_write_lock_irqsave to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_write_lock_bh to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_spin_unlock_irqrestore to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_spin_unlock_irq to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_spin_unlock_bh to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_spin_unlock to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_spin_trylock_bh to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_spin_trylock to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_spin_lock_irqsave to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_spin_lock_irq to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_spin_lock_bh to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_spin_lock to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_read_unlock_irqrestore to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_read_unlock_bh to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_read_lock_irqsave to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _raw_read_lock_bh to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _find_next_bit to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _find_first_zero_bit to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _find_first_bit to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _ctype to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _copy_to_user to stablelist (cestmir Kalina) [2120286] - kabi: add symbol _copy_from_user to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __xa_insert to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __x86_indirect_thunk_rsi to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __x86_indirect_thunk_rdx to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __x86_indirect_thunk_rdi to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __x86_indirect_thunk_rcx to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __x86_indirect_thunk_rbx to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __x86_indirect_thunk_rbp to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __x86_indirect_thunk_rax to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __x86_indirect_thunk_r8 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __x86_indirect_thunk_r15 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __x86_indirect_thunk_r14 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __x86_indirect_thunk_r13 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __x86_indirect_thunk_r12 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __x86_indirect_thunk_r10 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __warn_printk to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __wake_up to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __vmalloc to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __uv_hub_info_list to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __uv_cpu_info to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __unregister_chrdev to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __udelay to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __tasklet_schedule to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __sw_hweight64 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __sw_hweight32 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __stack_chk_fail to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __request_region to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __release_region to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __register_nmi_handler to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __register_blkdev to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __refrigerator to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __rcu_read_unlock to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __rcu_read_lock to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __put_user_8 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __put_user_4 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __put_user_2 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __put_cred to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __preempt_count to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __per_cpu_offset to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __num_online_cpus to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __node_distance to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __ndelay to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __mutex_init to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __msecs_to_jiffies to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __list_del_entry_valid to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __list_add_valid to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __kmalloc to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __init_waitqueue_head to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __init_swait_queue_head to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __init_rwsem to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __hw_addr_init to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __get_user_2 to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __get_free_pages to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __fentry__ to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __cpu_possible_mask to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __cpu_online_mask to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __const_udelay to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __cond_resched to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __check_object_size to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __bitmap_weight to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __bitmap_intersects to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __bitmap_equal to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __bitmap_and to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __alloc_percpu to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __SCT__preempt_schedule to stablelist (cestmir Kalina) [2120286] - kabi: add symbol __SCT__might_resched to stablelist (cestmir Kalina) [2120286] - kabi: re-enable build-time kabi-checks (cestmir Kalina) [2120321] - sfc: fix null pointer dereference in efx_hard_start_xmit (Inigo Huguet) [2129287] - sfc: fix TX channel offset when using legacy interrupts (Inigo Huguet) [2129287] [5.14.0-162.5.1_1] - redhat: change default dist suffix for RHEL 9.1 (Patrick Talbert) - netfilter: nf_tables: clean up hook list when offload flags check fails (Florian Westphal) [2121393] - netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (Florian Westphal) [2121393] - netfilter: nf_conntrack_irc: Fix forged IP logic (Florian Westphal) [2121393] - netfilter: nf_conntrack_irc: Tighten matching on DCC message (Florian Westphal) [2121393] - netfilter: br_netfilter: Drop dst references before setting. (Florian Westphal) [2121393] - netfilter: flowtable: fix stuck flows on cleanup due to pending work (Florian Westphal) [2121393] - netfilter: flowtable: add function to invoke garbage collection immediately (Florian Westphal) [2121393] - netfilter: nf_tables: disallow binding to already bound chain (Florian Westphal) [2121393] - netfilter: nft_tunnel: restrict it to netdev family (Florian Westphal) [2121393] - netfilter: nf_tables: disallow updates of implicit chain (Florian Westphal) [2121393] - netfilter: nft_tproxy: restrict to prerouting hook (Florian Westphal) [2121393] - netfilter: ebtables: reject blobs that dont provide all entry points (Florian Westphal) [2121393] - netfilter: nf_tables: check NFT_SET_CONCAT flag if field_count is specified (Florian Westphal) [2121393] - netfilter: nf_tables: disallow NFT_SET_ELEM_CATCHALL and NFT_SET_ELEM_INTERVAL_END (Florian Westphal) [2121393] - netfilter: nf_tables: NFTA_SET_ELEM_KEY_END requires concat and interval flags (Florian Westphal) [2121393] - netfilter: nf_tables: validate NFTA_SET_ELEM_OBJREF based on NFT_SET_OBJECT flag (Florian Westphal) [2121393] - netfilter: nf_tables: possible module reference underflow in error path (Florian Westphal) [2121393] - netfilter: nf_tables: disallow NFTA_SET_ELEM_KEY_END with NFT_SET_ELEM_INTERVAL_END flag (Florian Westphal) [2121393] - netfilter: nf_tables: use READ_ONCE and WRITE_ONCE for shared generation id access (Florian Westphal) [2121393] - netfilter: nf_tables: fix null deref due to zeroed list head (Florian Westphal) [2121393] - netfilter: nf_tables: disallow jump to implicit chain from set element (Florian Westphal) [2121393] - netfilter: nfnetlink: re-enable conntrack expectation events (Florian Westphal) [2121393] [5.14.0-162.4.1] - iwlwifi: limit fw version for AC9560 to avoid fw crash (Inigo Huguet) [2096128] - configs: enable CONFIG_HP_ILO for aarch64 (Mark Salter) [2126153] [5.14.0-162.3.1] - scsi: restore setting of scmd->scsi_done() in EH and reset ioctl paths (Ewan D. Milne) [2120469] - x86/boot: Dont propagate uninitialized boot_params->cc_blob_address (Terry Bowman) [2124644] - ice: Allow operation with reduced device MSI-X (Petr Oros) [2107719] [5.14.0-162.2.1] - ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (Ken Cox) [2109871] - drm/hyperv : Removing the restruction of VRAM allocation with PCI bar size (Vitaly Kuznetsov) [2030922] - drm/nouveau/kms/nv140-: Disable interlacing (Lyude Paul) [2122068] [5.14.0-162.1.1] - drm/amdgpu: Only disable prefer_shadow on hawaii (Lyude Paul) [2120670] - i40e: Fix kernel crash during module removal (Ivan Vecera) [2070375] - Revert net: macsec: update SCI upon MAC address change. (Sabrina Dubroca) [2118139] - redhat: enable zstream release numbering for rhel 9.1 (Patrick Talbert) - redhat: add missing CVE reference to latest changelog entries (Patrick Talbert) [5.14.0-162] - Revert ixgbevf: Mailbox improvements (Ken Cox) [2120548] - Revert ixgbevf: Add support for new mailbox communication between PF and VF (Ken Cox) [2120548] - posix-cpu-timers: Cleanup CPU timers before freeing them during exec (Wander Lairson Costa) [2116968] {CVE-2022-2585} - fix race between exit_itimers() and /proc/pid/timers (Wander Lairson Costa) [2116968] {CVE-2022-2585} [5.14.0-161] - x86/ftrace: Use alternative RET encoding (Joe Lawrence) [2121368] - x86/ibt,ftrace: Make function-graph play nice (Joe Lawrence) [2121368] - x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() (Joe Lawrence) [2121368] - x86/text-patching: Make text_gen_insn() play nice with ANNOTATE_NOENDBR (Joe Lawrence) [2121368] - redhat: remove GL_DISTGIT_USER, RHDISTGIT and unify dist-git cloning (Frantisek Hrbata) - random: allow reseeding DRBG with getrandom (Daiki Ueno) [2114854] [5.14.0-160] - iavf: Fix VLAN_V2 addition/rejection (Ivan Vecera) [2119701] - gve: Recording rx queue before sending to napi (Jordan Kimbrough) [2022916] - gve: fix the wrong AdminQ buffer queue index check (Jordan Kimbrough) [2022916] - gve: Fix GFP flags when allocing pages (Jordan Kimbrough) [2022916] - gve: Add tx|rx-coalesce-usec for DQO (Jordan Kimbrough) [2022916] - gve: Add consumed counts to ethtool stats (Jordan Kimbrough) [2022916] - gve: Implement suspend/resume/shutdown (Jordan Kimbrough) [2022916] - gve: Add optional metadata descriptor type GVE_TXD_MTD (Jordan Kimbrough) [2022916] - gve: remove memory barrier around seqno (Jordan Kimbrough) [2022916] - gve: Update gve_free_queue_page_list signature (Jordan Kimbrough) [2022916] - gve: Move the irq db indexes out of the ntfy block struct (Jordan Kimbrough) [2022916] - gve: Correct order of processing device options (Jordan Kimbrough) [2022916] - gve: fix for null pointer dereference. (Jordan Kimbrough) [2022916] - gve: fix unmatched u64_stats_update_end() (Jordan Kimbrough) [2022916] - gve: Fix off by one in gve_tx_timeout() (Jordan Kimbrough) [2022916] - gve: Add a jumbo-frame device option. (Jordan Kimbrough) [2022916] - gve: Implement packet continuation for RX. (Jordan Kimbrough) [2022916] - gve: Add RX context. (Jordan Kimbrough) [2022916] - gve: Track RX buffer allocation failures (Jordan Kimbrough) [2022916] - gve: Allow pageflips on larger pages (Jordan Kimbrough) [2022916] - gve: Add netif_set_xps_queue call (Jordan Kimbrough) [2022916] - gve: Recover from queue stall due to missed IRQ (Jordan Kimbrough) [2022916] - gve: Do lazy cleanup in TX path (Jordan Kimbrough) [2022916] - gve: Add rx buffer pagecnt bias (Jordan Kimbrough) [2022916] - gve: Switch to use napi_complete_done (Jordan Kimbrough) [2022916] - gve: report 64bit tx_bytes counter from gve_handle_report_stats() (Jordan Kimbrough) [2022916] - gve: fix gve_get_stats() (Jordan Kimbrough) [2022916] - gve: Properly handle errors in gve_assign_qpl (Jordan Kimbrough) [2022916] - gve: Avoid freeing NULL pointer (Jordan Kimbrough) [2022916] - gve: Correct available tx qpl check (Jordan Kimbrough) [2022916] - gve: Use kvcalloc() instead of kvzalloc() (Jordan Kimbrough) [2022916] - gve: DQO: avoid unused variable warnings (Jordan Kimbrough) [2022916] - gve: fix the wrong AdminQ buffer overflow check (Jordan Kimbrough) [2022916] - ath9k: htc: clean up statistics macros (Jose Ignacio Tornos Martinez) [2084600] {CVE-2022-1679} - ath9k: hif_usb: simplify if-if to if-else (Jose Ignacio Tornos Martinez) [2084600] {CVE-2022-1679} - ath9k: fix use-after-free in ath9k_hif_usb_rx_cb (Jose Ignacio Tornos Martinez) [2084600] {CVE-2022-1679} - net: qcom/emac: Fix improper merge resolution in device_get_mac_address (Patrick Talbert) [2108539] - x86/speculation: Add LFENCE to RSB fill sequence (Waiman Long) [2115086] {CVE-2022-26373} - x86/speculation: Add RSB VM Exit protections (Waiman Long) [2115086] {CVE-2022-26373} - tools headers cpufeatures: Sync with the kernel sources (Waiman Long) [2115086] - x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (Waiman Long) [2115086] - lkdtm: Disable return thunks in rodata.c (Waiman Long) [2115086] - x86/amd: Use IBPB for firmware calls (Waiman Long) [2115086] - x86/bugs: Warn when ibrs mitigation is selected on Enhanced IBRS parts (Waiman Long) [2115086] - x86/alternative: Report missing return thunk details (Waiman Long) [2115086] - nvme-fc: restart admin queue if the caller needs to restart queue (Ewan D. Milne) [2104461] - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (Rahul Lakkireddy) [2109526] - scsi: csiostor: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (Rahul Lakkireddy) [2109526] MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1184 CVE-2022-28893 CVE-2022-23816 CVE-2022-21499 CVE-2022-39190 CVE-2022-2639 CVE-2022-21123 CVE-2021-3640 CVE-2022-0168 CVE-2022-1679 CVE-2022-21166 CVE-2022-36946 CVE-2022-2586 CVE-2022-20368 CVE-2020-36516 CVE-2022-0617 CVE-2022-28390 CVE-2022-21125 CVE-2022-23825 CVE-2022-26373 CVE-2022-1048 CVE-2022-1353 CVE-2022-1280 CVE-2022-1998 CVE-2022-29581 CVE-2022-29901 CVE-2022-0854 CVE-2022-24448 CVE-2022-29900 CVE-2022-1016 CVE-2022-1852 cpe:/o:oracle:linux:9:1:baseos_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [3.2.3-18] - Resolves: #2111177 - remote arbitrary files write inside the directories of connecting peers [3.2.3-17] - Resolves: #2116669 - zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field [3.2.3-16] - Related: #2081296 - Adding ci.fmf for separation of testing results [3.2.3-15] - Related: #2081296 - Disabling STI [3.2.3-14] - Resolves: #2071514 - A flaw found in zlib when compressing (not decompressing) certain inputs [3.2.3-13] - Resolves: #2079639 - rsync --atimes doesnt work [3.2.3-12] - Resolves: #2081296 - Enable fmf tests in centos stream [3.2.3-11] - Resolves: #2053198 - rsync segmentation fault [3.2.3-10] - Resolves: #2077431 - Read-only files that have changed xattrs fail to allow xattr changes MODERATE Copyright 2022 Oracle, Inc. CVE-2022-37434 cpe:/o:oracle:linux:9:1:baseos_base cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [7.76.1-19] - fix unpreserved file permissions (CVE-2022-32207) - fix HTTP compression denial of service (CVE-2022-32206) - fix FTP-KRB bad message verification (CVE-2022-32208) [7.76.1-18] - fix too eager reuse of TLS and SSH connections (CVE-2022-27782) [7.76.1-17] - fix leak of SRP credentials in redirects (CVE-2022-27774) [7.76.1-16] - add missing tests to Makefile [7.76.1-15] - fix credential leak on redirect (CVE-2022-27774) - fix auth/cookie leak on redirect (CVE-2022-27776) - fix bad local IPv6 connection reuse (CVE-2022-27775) - fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576) LOW Copyright 2022 Oracle, Inc. CVE-2022-27775 cpe:/o:oracle:linux:9:1:baseos_base cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [4.16.4-101] - resolves: rhbz#2121317 - Do not require samba package in python3-samba [4.16.4-100] - Rebase to version 4.16.4 - resolves: rhbz#2108332 - Fix CVE-2022-32742 [ 4.16.3-101] - related: rhbz#2077487 - Rebase Samba to 4.16.3 - resolves: rhbz#2097655 - The pcap background queue process should not be stopped - resolves: rhbz#2100105 - Fix net ads info LDAP server and LDAP server name [4.16.2-102] - resolves: rhbz#2106279 - Fix crash in rpcd_classic [4.16.2-101] - resolves: rhbz#2093833 - Fix weak dependency on logrotate - resolves: rhbz#2096813 - Fix printer displays only after 300 seconds timeout [4.16.2-100] - Fix rpminspect abidiff - related: rhbz#2077487 - Rebase Samba to 4.16.2 [4.16.1-100] - resolves: rhbz#2077487 - Rebase Samba to the the latest 4.16.x release MODERATE Copyright 2022 Oracle, Inc. CVE-2022-32742 cpe:/o:oracle:linux:9:1:baseos_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [2.5.2-1] - Rebase to version 2.5.2 - resolves: rhbz#2109017 - Fix CVE-2022-32746 [2.5.1-1] - related: rhbz#2077490 - Rebase to version 2.5.1 [2.5.0-1] - resolves: rhbz#2077490 - Rebase to version 2.5.0 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-32746 cpe:/o:oracle:linux:9:1:baseos_base cpe:/a:oracle:linux:9::distro_builder cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [2.10.4-9] - Guard face->size - Resolves: #2079280 [2.10.4-8] - Properly guard face_index - Resolves: #2079262 [2.10.4-7] - Avoid invalid face index - Resolves: #2079271 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-27406 CVE-2022-27404 CVE-2022-27405 cpe:/o:oracle:linux:9:1:baseos_base cpe:/a:oracle:linux:9::distro_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9::baseos_developer cpe:/o:oracle:linux:9:3:baseos_base cpe:/o:oracle:linux:9:4:baseos_base cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base cpe:/o:oracle:linux:9:2:baseos_base Oracle Linux 9 [3.9.14-1] - Update to 3.9.14 - Security fixes for CVE-2020-10735 and CVE-2021-28861 Resolves: rhbz#2120642, rhbz#1834423, rhbz#2128249 [3.9.13-3] - Fix test_get_ciphers in test_ssl.py for FIPS mode Resolves: rhbz#2058233 [3.9.13-2] - Security fix for CVE-2015-20107 Resolves: rhbz#2075390 [3.9.13-1] - Update to 3.9.13 Resolves: rhbz#2054702, rhbz#2059951 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-28861 CVE-2015-20107 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:1:baseos_base cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9:1:appstream_base Oracle Linux 9 [1.46.5-3] - Add sanity check to extent manipulation (#2073549) MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1304 cpe:/o:oracle:linux:9:1:baseos_base cpe:/a:oracle:linux:9::distro_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_base cpe:/a:oracle:linux:9:1:appstream_base cpe:/o:oracle:linux:9::baseos_developer cpe:/a:oracle:linux:9:3:appstream_base cpe:/o:oracle:linux:9:2:baseos_base Oracle Linux 9 [2.7.4-8] - Resolves:rh#2103849 - Update tests.yaml [2.7.4-7] - Resolves:rh#2103849 CVE-2022-33068 - Fix Covscan compiler warning for inclusion of parenthesis - Update tests.yaml [2.7.4-6] - Resolves:rh#2103849 CVE-2022-33068 harfbuzz: integer overflow in the component hb-ot-shape-fallback.c MODERATE Copyright 2022 Oracle, Inc. CVE-2022-33068 cpe:/o:oracle:linux:9:1:baseos_base cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_base cpe:/a:oracle:linux:9:1:appstream_base cpe:/o:oracle:linux:9::baseos_developer cpe:/a:oracle:linux:9:3:appstream_base cpe:/o:oracle:linux:9:2:baseos_base Oracle Linux 9 [12:4.4.2-17.b1] - omshell: add support for hmac-sha512 algorithm (#2083553) [12:4.4.2-16.b1] - Fix for CVE-2021-25220 MODERATE Copyright 2022 Oracle, Inc. CVE-2021-25220 cpe:/o:oracle:linux:9:1:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [3.18.0-7] - lockState: do not print error: when exit code is unaffected (#2090926) [3.18.0-6] - fix potential DoS from unprivileged users via the state file (CVE-2022-1348) * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [3.18.0-4] - make renamecopy and copytruncate override each other (#1934601) - unify documentation of copy/copytruncate/renamecopy (#1934629) - fix resource leaks reported by Coverity [3.18.0-3] - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 [3.18.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild [3.18.0-1] - new upstream version 3.18.0 [3.17.0-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [3.17.0-2] - Use make macros - https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro [3.17.0-1] - new upstream version 3.17.0 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-1348 cpe:/o:oracle:linux:9:1:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [1.3.3] - Rebased to libtirpc-1.3.3 (bz 2118157) MODERATE Copyright 2022 Oracle, Inc. CVE-2021-46828 cpe:/o:oracle:linux:9:1:baseos_base cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [12.0.1-11.2] - Bump release and rebuild resolves: rhbz#2096010 [12.0.1-11.1] - Rebase to Fedora Rawhide resolves: rhbz#2080170 LOW Copyright 2022 Oracle, Inc. CVE-2021-46195 cpe:/a:oracle:linux:9::distro_builder cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [2.70.1-2] - Rebuild for mingw-zlib update resolves: rhbz#2116278 LOW Copyright 2022 Oracle, Inc. CVE-2021-28153 cpe:/a:oracle:linux:9::codeready_builder_developer cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1.2.12-2] - Fix changelog Related: rhbz#2068371 [1.2.12-1] - Bump version to 1.2.12 to fix CVE-2018-25032 Related: rhbz#2068371 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2018-25032 cpe:/a:oracle:linux:9::codeready_builder_developer cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [4.2.0-7.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404] [2:4.2.0-7] - update to the latest content of https://github.com/containers/podman/tree/v4.2.0-rhel (https://github.com/containers/podman/commit/35c0df3) - Resolves: #2120436 [2:4.2.0-6] - update to the latest content of https://github.com/containers/podman/tree/v4.2.0-rhel (https://github.com/containers/podman/commit/d520a5c) - Resolves: #2136845 [2:4.2.0-5] - properly obsolete catatonit - Resolves: #2123319 [2:4.2.0-4] - update to the latest content of https://github.com/containers/podman/tree/v4.2.0-rhel (https://github.com/containers/podman/commit/4978898) - Resolves: #2124676 LOW Copyright 2022 Oracle, Inc. CVE-2022-2990 CVE-2022-2989 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [7.0.100-0.5.rc2.0.1] - Set TargetRid based on os release major version, add OL arm64 RuntimeIdentifier [Orabug: 34671152] [7.0.100-0.5.rc2] - Add lldb as a build dependency - Related: RHBZ#2134641 [7.0.100-0.4.rc2] - Enable ppc64le builds - Related: RHBZ#2134641 [7.0.100-0.3.rc2] - Update to .NET 7 RC 2 - Resolves: RHBZ#2134641 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-41032 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [6.5.1-1] - Update to 6.5.1 Resolves: CVE-2022-3500 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-3500 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [0.8.7-12.1] - Add 0062-multipathd-ignore-duplicated-multipathd-command-keys.patch - Resolves: bz #2133998 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-3787 cpe:/o:oracle:linux:9:1:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [3.9.14-1.1] - Fix for CVE-2022-42919 Resolves: rhbz#2138705 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-42919 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:1:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [102.5.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.5.0-2] - Update to 102.5.0 build2 [102.5.0-1] - Update to 102.5.0 build1 [102.4.0-1] - Update to 102.4.0 build1 [102.3.0-4] - Fix for expat CVE-2022-40674 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-45405 CVE-2022-45418 CVE-2022-45416 CVE-2022-45408 CVE-2022-45409 CVE-2022-45420 CVE-2022-45406 CVE-2022-45403 CVE-2022-45410 CVE-2022-45412 CVE-2022-45421 CVE-2022-45404 CVE-2022-45411 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [102.5.0-1.0.1] - Updated homepages to use https [Orabug: 34648274] [102.5.0-1] - Update to 102.5.0 build1 [102.4.0-1] - Update to 102.4.0 build1 [102.3.0-7] - Fix for expat CVE-2022-40674 and non functional webrtc IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-45421 CVE-2022-45416 CVE-2022-45406 CVE-2022-45403 CVE-2022-45408 CVE-2022-45405 CVE-2022-45411 CVE-2022-45409 CVE-2022-45404 CVE-2022-45410 CVE-2022-45412 CVE-2022-45418 CVE-2022-45420 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1.19.1-24.0.1] - Fixed race condition in krb5_set_password() [Orabug: 33609767] [1.19.1-24] - Fix integer overflows in PAC parsing (CVE-2022-42898) - Resolves: rhbz#2140970 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-42898 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:1:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [6.6.2-2.1] - Resolves: #2142095 - CVE-2022-45060 varnish: Request Forgery Vulnerability IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-45060 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 nodejs [1:18.12.1-1] - Rebase + CVEs - Resolves: #2142809 - Resolves: #2142830, #2142856 nodejs-nodemon [2.0.20-1] - Rebase to 2.0.20 Resolves: CVE-2022-3517 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-43548 CVE-2022-3517 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [102.6.0-1.0.1] - Updated homepages to use https [Orabug: 34648274] [102.6.0-1] - Update to 102.6.0 build1 [102.5.0-2] - Added libwebrtc screencast patch for newer features IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-46881 CVE-2022-46882 CVE-2022-46880 CVE-2022-46874 CVE-2022-46872 CVE-2022-46878 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [102.6.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.6.0-2] - Update to 102.6.0 build2 [102.6.0-1] - Update to 102.6.0 build1 [102.5.0-3] - Use openssl for the librnp crypto backend to enable the openpgp encryption IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-45414 CVE-2022-46882 CVE-2022-46881 CVE-2022-46872 CVE-2022-46880 CVE-2022-46878 CVE-2022-46874 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [0.11.1-10.el9_0.1] - Updated bundled rubygems: sinatra, rack-protection - Resolves: rhbz#2081333 [0.11.1-10] - Fixed snmp client - Fixed translating resource roles in colocation constraint - Resolves: rhbz#2048640 [0.11.1-9] - Fixed cluster destroy in web ui - Fixed covscan issue in web ui - Resolves: rhbz#2044409 [0.11.1-8] - Fixed 'pcs resource move' command - Fixed removing of unavailable fence-scsi storage device - Fixed ocf validation of ocf linbit drdb agent - Fixed creating empty cib - Updated pcs-web-ui - Resolves: rhbz#1990787 rhbz#2033248 rhbz#2039883 rhbz#2040420 [0.11.1-7] - Fixed enabling corosync-qdevice - Fixed resource update command when unable to get agent metadata - Fixed revert of disallowing to clone a group with a stonith - Resolves: rhbz#1811072 rhbz#2019836 rhbz#2032473 [0.11.1-6] - Rebased to latest upstream sources (see CHANGELOG.md) - Updated pcs web ui - Resolves: rhbz#1990787 rhbz#1997019 rhbz#2012129 rhbz#2024542 rhbz#2027678 rhbz#2027679 [0.11.1-5] - Rebased to latest upstream sources (see CHANGELOG.md) - Resolves: rhbz#1990787 rhbz#2018969 rhbz#2019836 rhbz#2023752 rhbz#2012129 [0.11.1-4] - Rebased to latest upstream sources (see CHANGELOG.md) - Updated pcs web ui - Enabled wui patching - Resolves: rhbz#1811072 rhbz#1945305 rhbz#1997019 rhbz#2012129 [0.11.1-1] - Rebased to latest upstream sources (see CHANGELOG.md) - Resolves: rhbz#1283805 rhbz#1910644 rhbz#1910645 rhbz#1956703 rhbz#1956706 rhbz#1985981 rhbz#1991957 rhbz#1996062 rhbz#1996067 [0.11.0.alpha.1-1] - Rebased to latest upstream sources (see CHANGELOG.md) - Updated pcs web ui - Resolves: rhbz#1283805 rhbz#1910644 rhbz#1910645 rhbz#1985981 rhbz#1991957 rhbz#1996067 [0.10.9-2] - Rebuilt for libffi 3.4.2 SONAME transition. Related: rhbz#1891914 [0.10.9-1] - Rebased to latest upstream sources (see CHANGELOG.md) - Resolves: rhbz#1991957 [0.10.8-11] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [0.10.8-10] - Rebased to latest upstream sources (see CHANGELOG.md) - Fixed web-ui build - Fixed tests for pacemaker 2.1 - Resolves: rhbz#1975440 rhbz#1922302 [0.10.8-9] - Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065 [0.10.8-8] - Rebuild with fixed gaiting tests - Stopped bundling rubygem-json (use distribution package instead) - Fixed patches - Resolves: rhbz#1881064 [0.10.8-7] - Fixed License tag - Rebuild with fixed dependency for gating tier0 tests - Resolves: rhbz#1881064 [0.10.8-6] - Rebased to latest upstream sources (see CHANGELOG.md) - Removed clufter related commands - Resolves: rhbz#1881064 [0.10.8-5] - Updated pcs web ui node modules - Fixed build issue on low memory build hosts - Resolves: rhbz#1951272 [0.10.8-4] - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 [0.10.8-3] - Replace pyOpenSSL with python-cryptography - Resolves: rhbz#1927404 [0.10.8-2] - Bundle rubygem depedencies and python3-tornado - Resolves: rhbz#1929710 [0.10.8-1] - Rebased to latest upstream sources (see CHANGELOG.md) - Updated pcs-web-ui - Updated bundled python dependency: dacite - Changed BuildRequires from git to git-core - Added conditional (Build)Requires: rubygem(rexml) - Added conditional Requires: rubygem(webrick) [0.10.7-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild [0.10.7-3] - Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_3.0 [0.10.7-2] - Python 3.10 related fix [0.10.7-1] - Rebased to latest upstream sources (see CHANGELOG.md) - Added dependency on python packages pyparsing and dateutil - Fixed virtual bundle provides for ember, handelbars, jquery and jquery-ui - Removed dependency on python3-clufter [0.10.6-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [0.10.6-1] - Rebased to latest upstream sources (see CHANGELOG.md) - Updated pcs-web-ui - Stopped bundling tornado (use distribution package instead) - Stopped bundling rubygem-tilt (use distribution package instead) - Removed rubygem bundling - Removed unneeded BuildRequires: execstack, gcc, gcc-c++ - Excluded some tests for tornado daemon [0.10.5-8] - Use make macros - https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro [0.10.5-7] - Use fixed upstream version of dacite with Python 3.9 support - Split upstream tests in gating into tiers [0.10.5-6] - Use patched version of dacite compatible with Python 3.9 - Resolves: rhbz#1838327 [0.10.5-5] - Rebuilt for Python 3.9 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-29970 cpe:/a:oracle:linux:9::addons Oracle Linux 8 Oracle Linux 9 [5.15.0-0.30.20] - floppy: use a statically allocated error counter (Willy Tarreau) [Orabug: 34218638] {CVE-2022-1652} - x86: Disable RET on kexec (Konrad Rzeszutek Wilk) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: do not enable IBPB-on-entry when IBPB is not supported (Thadeu Lima de Souza Cascardo) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - arm64: proton-pack: provide vulnerability file value for RETBleed (James Morse) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/cpu/amd: Enumerate BTC_NO (Andrew Cooper) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/common: Stamp out the stepping madness (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - KVM: VMX: Prevent RSB underflow before vmenter (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/speculation: Fill RSB on vmexit for IBRS (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - KVM: VMX: Fix IBRS handling after vmexit (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - KVM: VMX: Convert launched argument to flags (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - KVM: VMX: Flatten __vmx_vcpu_run() (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/speculation: Remove x86_spec_ctrl_mask (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/speculation: Fix SPEC_CTRL write on SMT state change (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/speculation: Fix firmware entry SPEC_CTRL handling (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/cpu/amd: Add Spectral Chicken (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - objtool: Add entry UNRET validation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Do IBPB fallback check only once (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Add retbleed=ibpb (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/xen: Rename SYS* entry points (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - objtool: Update Retpoline validation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - intel_idle: Disable IBRS during long idle (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Report Intel retbleed vulnerability (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS (Pawan Gupta) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Optimize SPEC_CTRL MSR writes (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/entry: Add kernel IBRS implementation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Enable STIBP for JMP2RET (Kim Phillips) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Add AMD retbleed= boot parameter (Alexandre Chartre) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/bugs: Report AMD retbleed vulnerability (Alexandre Chartre) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86: Add magic AMD return-thunk (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - objtool: Treat .text.__x86.* as noinstr (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86: Use return-thunk in asm code (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/sev: Avoid using __x86_return_thunk (Kim Phillips) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/kvm: Fix SETcc emulation for return thunks (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/bpf: Use alternative RET encoding (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/ftrace: Use alternative RET encoding (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86,static_call: Use alternative RET encoding (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86,objtool: Create .return_sites (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86: Undo return-thunk damage (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/retpoline: Use -mfunction-return (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/retpoline: Swizzle retpoline thunk (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/retpoline: Cleanup some #ifdefery (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/cpufeatures: Move RETPOLINE flags to word 11 (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/kvm/vmx: Make noinstr clean (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/entry: Remove skip_r11rcx (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/entry: Fix register corruption in compat syscall (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/entry: Use PUSH_AND_CLEAR_REGS for compat (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/entry: Simplify entry_INT80_compat() (Linus Torvalds) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/mm: Simplify RESERVE_BRK() (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - crypto: x86/poly1305 - Fixup SLS (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86,static_call: Fix __static_call_return0 for i386 (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - kvm/emulate: Fix SETcc emulation function offsets with SLS (Borislav Petkov) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - objtool: Default ignore INT3 for unreachable (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86: Add straight-line-speculation mitigation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - objtool: Add straight-line-speculation validation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86: Prepare inline-asm for straight-line-speculation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86: Prepare asm files for straight-line-speculation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/lib/atomic64_386_32: Rename things (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/alternative: Relax text_poke_bp() constraint (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - static_call,x86: Robustify trampoline patching (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} - x86/xen: Move hypercall_page to top of the file (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-29901 CVE-2022-23816 CVE-2022-1652 cpe:/o:oracle:linux:9:0:baseos_patch cpe:/a:oracle:linux:8::UEKR7 cpe:/a:oracle:linux:9::UEKR7 cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [2.06-27.0.6.el9_0.7] - Enable back btrfs grub module for EFI pre-built image [Orabug: 34360986] [2.06-27.0.5.el9_0.7] - Replaced bugzilla.oracle.com references [Orabug: 34202300] - Update provided certificate version to 202204 [JIRA: OLDIS-16371] - Various coverity fixes [JIRA: OLDIS-16371] - bump SBAT generation - Update bug url [Orabug: 34202300] - Revert provided certificate version back to 202102 [JIRA: OLDIS-16371] - Update signing certificate [JIRA: OLDIS-16371] - fix SBAT data [JIRA: OLDIS-16371] - Update requires [JIRA: OLDIS-16371] - Rebuild for SecureBoot signatures [Orabug: 33801813] - Do not add shim and grub certificate deps for aarch64 packages [Orabug: 32670033] - Update Oracle SBAT data [Orabug: 32670033] - Use new signing certificate [Orabug: 32670033] - honor /etc/sysconfig/kernel DEFAULTKERNEL setting for BLS [Orabug: 30643497] - set EFIDIR as redhat for additional grub2 tools [Orabug: 29875597] - Update upstream references [Orabug: 26388226] - Insert Unbreakable Enterprise Kernel text into BLS config file [Orabug: 29417955] - Put 'with' in menuentry instead of 'using' [Orabug: 18504756] - Use different titles for UEK and RHCK kernels [Orabug: 18504756] [2.06-27.el9_0.7] - CVE fixes for 2022-06-07 - CVE-2022-28736 CVE-2022-28735 CVE-2022-28734 CVE-2022-28733 - CVE-2021-3697 CVE-2021-3696 CVE-2021-3695 - Resolves: #2089810 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-3695 CVE-2022-28735 CVE-2021-3696 CVE-2022-28734 CVE-2021-3697 CVE-2022-28736 CVE-2022-28737 CVE-2022-28733 cpe:/o:oracle:linux:9:0:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 8 Oracle Linux 9 [5.15.0-0.30.20.1] - lockdown: Fix kexec lockdown bypass with ima policy (Eric Snowberg) [Orabug: 34386636] {CVE-2022-21505} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21505 cpe:/o:oracle:linux:9:0:baseos_patch cpe:/a:oracle:linux:8::UEKR7 cpe:/a:oracle:linux:9::UEKR7 cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [2.4.51-7.0.2] - mod_proxy: ap_proxy_http_request() to clear hop-by-hop first and fixup last [CVE-2022-31813][Orabug: 34381949] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-31813 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 Oracle Linux 9 [5.15.0-1.43.4.1] - net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460936] {CVE-2022-2588} [5.15.0-1.43.4] - Revert selftests/bpf: add tests verifying unprivileged bpf behaviour (Alan Maguire) [Orabug: 34399286] - Revert selftests/bpf: Add test for reg2btf_ids out of bounds access (Alan Maguire) [Orabug: 34399286] [5.15.0-1.43.3] - x86/alternative: The retpoline alternative is not applied (Alexandre Chartre) [Orabug: 34395937] - x86/ftrace: Do not copy ftrace_stub() in ftrace trampoline (Alexandre Chartre) [Orabug: 34395937] [5.15.0-100.43.0] - ocfs2: kill EBUSY from dlmfs_evict_inode (Junxiao Bi) [Orabug: 34364336] - ocfs2: dlmfs: dont clear USER_LOCK_ATTACHED when destroying lock (Junxiao Bi) [Orabug: 34364336] - ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (Junxiao Bi via Ocfs2-devel) [Orabug: 34364336] - net/rds: Fix a NULL dereference in rds_tcp_accept_one() (Harshit Mogalapalli) [Orabug: 34366723] - lockdown: Fix kexec lockdown bypass with ima policy (Eric Snowberg) [Orabug: 34393053] {CVE-2022-21505} [5.15.0-1.43.1] - LTS version: v5.15.43 (Jack Vogel) - mptcp: Do TCP fallback on early DSS checksum failure (Mat Martineau) - LTS version: v5.15.42 (Jack Vogel) - afs: Fix afs_getattr() to refetch file status if callback break occurred (David Howells) - i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (Yang Yingliang) - mt76: mt7921e: fix possible probe failure after reboot (Sean Wang) - dt-bindings: pinctrl: aspeed-g6: remove FWQSPID group (Jae Hyun Yoo) - Input: ili210x - fix reset timing (Marek Vasut) - arm64: Enable repeat tlbi workaround on KRYO4XX gold CPUs (Shreyas K K) - net: atlantic: verify hw_head_ lies within TX buffer ring (Grant Grundler) - net: atlantic: add check for MAX_SKB_FRAGS (Grant Grundler) - net: atlantic: reduce scope of is_rsc_complete (Grant Grundler) - net: atlantic: fix frag[0] not initialized (Grant Grundler) - net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe() (Yang Yingliang) - ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one() (Yang Yingliang) - nl80211: fix locking in nl80211_set_tx_bitrate_mask() (Johannes Berg) - net: fix wrong network header length (Lina Wang) - fbdev: Prevent possible use-after-free in fb_release() (Daniel Vetter) - Revert fbdev: Make fb_release() return -ENODEV if fbdev was unregistered (Javier Martinez Canillas) - selftests: add ping test with ping_group_range tuned (Nicolas Dichtel) - nl80211: validate S1G channel width (Kieran Frewen) - mac80211: fix rx reordering with non explicit / psmp ack policy (Felix Fietkau) - scsi: qla2xxx: Fix missed DMA unmap for aborted commands (Gleb Chesnokov) - scsi: scsi_dh_alua: Properly handle the ALUA transitioning state (Brian Bunker) - perf bench numa: Address compiler error on s390 (Thomas Richter) - perf regs x86: Fix arch__intr_reg_mask() for the hybrid platform (Kan Liang) - gpio: mvebu/pwm: Refuse requests with inverted polarity (Uwe Kleine-Konig) - gpio: gpio-vf610: do not touch other bits when set the target bit (Haibo Chen) - perf build: Fix check for btf__load_from_kernel_by_id() in libbpf (Arnaldo Carvalho de Melo) - scsi: ufs: core: Fix referencing invalid rsp field (Daejun Park) - riscv: dts: sifive: fu540-c000: align dma node name with dtschema (Krzysztof Kozlowski) - net: bridge: Clear offload_fwd_mark when passing frame up bridge interface. (Andrew Lunn) - netfilter: flowtable: move dst_check to packet path (Ritaro Takenaka) - netfilter: flowtable: pass flowtable to nf_flow_table_iterate() (Pablo Neira Ayuso) - netfilter: flowtable: fix TCP flow teardown (Pablo Neira Ayuso) - igb: skip phy status check where unavailable (Kevin Mitchell) - mptcp: fix checksum byte order (Paolo Abeni) - mptcp: reuse __mptcp_make_csum in validate_data_csum (Geliang Tang) - mptcp: change the parameter of __mptcp_make_csum (Geliang Tang) - ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 (Ard Biesheuvel) - ARM: 9196/1: spectre-bhb: enable for Cortex-A15 (Ard Biesheuvel) - net: af_key: add check for pfkey_broadcast in function pfkey_process (Jiasheng Jiang) - net/mlx5e: Properly block LRO when XDP is enabled (Maxim Mikityanskiy) - net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (Maor Dickman) - NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (Duoming Zhou) - net/qla3xxx: Fix a test in ql_reset_work() (Christophe JAILLET) - clk: at91: generated: consider range when calculating best rate (Codrin Ciubotariu) - ice: Fix interrupt moderation settings getting cleared (Michal Wilczynski) - ice: move ice_container_type onto ice_ring_container (Maciej Fijalkowski) - ice: fix possible under reporting of ethtool Tx and Rx statistics (Paul Greenwalt) - ice: fix crash when writing timestamp on RX rings (Arkadiusz Kubalewski) - net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (Zixuan Fu) - net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (Zixuan Fu) - net: systemport: Fix an error handling path in bcm_sysport_probe() (Christophe JAILLET) - Revert PCI: aardvark: Rewrite IRQ code to chained IRQ handler (Pali Rohar) - netfilter: nft_flow_offload: fix offload with pppoe + vlan (Felix Fietkau) - net: fix dev_fill_forward_path with pppoe + bridge (Felix Fietkau) - netfilter: nft_flow_offload: skip dst neigh lookup for ppp devices (Felix Fietkau) - netfilter: flowtable: fix excessive hw offload attempts after failure (Felix Fietkau) - net/sched: act_pedit: sanitize shift argument before usage (Paolo Abeni) - xfrm: fix disable_policy flag use when arriving from different devices (Eyal Birger) - xfrm: rework default policy structure (Nicolas Dichtel) - net: macb: Increment rx bd head after allocating skb and buffer (Harini Katakam) - net: ipa: record proper RX transaction count (Alex Elder) - ALSA: hda - fix unused Realtek function when PM is not enabled (Randy Dunlap) - pinctrl: mediatek: mt8365: fix IES control pins (Mattijs Korpershoek) - ARM: dts: aspeed: Add video engine to g6 (Howard Chiu) - ARM: dts: aspeed: Add secure boot controller node (Joel Stanley) - ARM: dts: aspeed: Add ADC for AST2600 and enable for Rainier and Everest (Eddie James) - ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group (Jae Hyun Yoo) - pinctrl: pinctrl-aspeed-g6: remove FWQSPID group in pinctrl (Jae Hyun Yoo) - ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi (Jae Hyun Yoo) - dma-buf: ensure unique directory name for dmabuf stats (Charan Teja Kalla) - dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (Jerome Pouiller) - drm/dp/mst: fix a possible memory leak in fetch_monitor_name() (Hangyu Hua) - drm/i915/dmc: Add MMIO range restrictions (Anusha Srivatsa) - drm/amd: Dont reset dGPUs if the system is going to s2idle (Mario Limonciello) - libceph: fix potential use-after-free on linger ping and resends (Ilya Dryomov) - crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ (Ondrej Mosnacek) - arm64: mte: Ensure the cleared tags are visible before setting the PTE (Catalin Marinas) - arm64: paravirt: Use RCU read locks to guard stolen_time (Prakruthi Deepak Heragu) - KVM: x86/mmu: Update number of zapped pages even if page list is stable (Sean Christopherson) - Revert can: m_can: pci: use custom bit timings for Elkhart Lake (Jarkko Nikula) - PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold (Rafael J. Wysocki) - Fix double fget() in vhost_net_set_backend() (Al Viro) - selinux: fix bad cleanup on error in hashtab_duplicate() (Ondrej Mosnacek) - ALSA: hda/realtek: Add quirk for TongFang devices with pop noise (Werner Sembach) - ALSA: wavefront: Proper check of get_user() error (Takashi Iwai) - ALSA: usb-audio: Restore Rane SL-1 quirk (Takashi Iwai) - nilfs2: fix lockdep warnings during disk space reclamation (Ryusuke Konishi) - nilfs2: fix lockdep warnings in page operations for btree nodes (Ryusuke Konishi) - ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame() (linyujun) - platform/chrome: cros_ec_debugfs: detach log reader wq from devm (Tzung-Bi Shih) - drbd: remove usage of list iterator variable after loop (Jakob Koschel) - MIPS: lantiq: check the return value of kzalloc() (Xiaoke Wang) - fs: fix an infinite loop in iomap_fiemap (Guo Xuenan) - rtc: mc146818-lib: Fix the AltCentury for AMD platforms (Mario Limonciello) - nvme-multipath: fix hang when disk goes live over reconnect (Anton Eidelman) - nvmet: use a private workqueue instead of the system workqueue (Sagi Grimberg) - tools/virtio: compile with -pthread (Michael S. Tsirkin) - vhost_vdpa: dont setup irq offloading when irq_num < 0 (Zhu Lingshan) - s390/pci: improve zpci_dev reference counting (Niklas Schnelle) - s390/traps: improve panic message for translation-specification exception (Heiko Carstens) - ALSA: hda/realtek: Enable headset mic on Lenovo P360 (Kai-Heng Feng) - crypto: x86/chacha20 - Avoid spurious jumps to other functions (Peter Zijlstra) - crypto: stm32 - fix reference leak in stm32_crc_remove (Zheng Yongjun) - rtc: sun6i: Fix time overflow handling (Andre Przywara) - gfs2: Disable page faults during lockless buffered reads (Andreas Gruenbacher) - nvme-pci: add quirks for Samsung X5 SSDs (Monish Kumar R) - Input: stmfts - fix reference leak in stmfts_input_open (Zheng Yongjun) - Input: add bounds checking to input_set_capability() (Jeff LaBundy) - um: Cleanup syscall_handler_t definition/cast, fix warning (David Gow) - rtc: pcf2127: fix bug when reading alarm registers (Hugo Villeneuve) - rtc: fix use-after-free on device removal (Vincent Whitchurch) - Revert drm/i915/opregion: check port number bounds for SWSCI display power state (Greg Thelen) - mm/kfence: reset PG_slab and memcg_data before freeing __kfence_pool (Hyeonggon Yoo) - Watchdog: sp5100_tco: Enable Family 17h+ CPUs (Terry Bowman) - Watchdog: sp5100_tco: Add initialization using EFCH MMIO (Terry Bowman) - Watchdog: sp5100_tco: Refactor MMIO base address initialization (Terry Bowman) - Watchdog: sp5100_tco: Move timer initialization into function (Terry Bowman) - i2c: piix4: Enable EFCH MMIO for Family 17h+ (Terry Bowman) - i2c: piix4: Add EFCH MMIO support for SMBus port select (Terry Bowman) - i2c: piix4: Add EFCH MMIO support to SMBus base address detect (Terry Bowman) - i2c: piix4: Add EFCH MMIO support to region request and release (Terry Bowman) - i2c: piix4: Move SMBus port selection into function (Terry Bowman) - i2c: piix4: Move SMBus controller base address detect into function (Terry Bowman) - i2c: piix4: Move port I/O region request/release code into functions (Terry Bowman) - i2c: piix4: Replace hardcoded memory map size with a #define (Terry Bowman) - kernel/resource: Introduce request_mem_region_muxed() (Terry Bowman) - io_uring: arm poll for non-nowait files (Pavel Begunkov) - usb: gadget: fix race when gadget driver register via ioctl (Schspa Shi) - LTS version: v5.15.41 (Jack Vogel) - usb: gadget: uvc: allow for application to cleanly shutdown (Dan Vacura) - usb: gadget: uvc: rename function to be more consistent (Michael Tretter) - ping: fix address binding wrt vrf (Nicolas Dichtel) - mm/hwpoison: use pr_err() instead of dump_page() in get_any_page() (Naoya Horiguchi) - dma-buf: call dma_buf_stats_setup after dmabuf is in valid list (Charan Teja Reddy) - Revert drm/amd/pm: keep the BACO feature enabled for suspend (Alex Deucher) - drm/vmwgfx: Initialize drm_mode_fb_cmd2 (Zack Rusin) - SUNRPC: Ensure that the gssproxy client can start in a connected state (Trond Myklebust) - net: phy: micrel: Pass .probe for KS8737 (Fabio Estevam) - net: phy: micrel: Do not use kszphy_suspend/resume for KSZ8061 (Fabio Estevam) - arm[64]/memremap: dont abuse pfn_valid() to ensure presence of linear map (Mike Rapoport) - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (Waiman Long) - writeback: Avoid skipping inode writeback (Jing Xia) - net: phy: Fix race condition on link status change (Francesco Dolcini) - net: atlantic: always deep reset on pm op, fixing up my null deref regression (Manuel Ullmann) - i40e: i40e_main: fix a missing check on list iterator (Xiaomeng Tong) - drm/nouveau/tegra: Stop using iommu_present() (Robin Murphy) - drm/vmwgfx: Disable command buffers on svga3 without gbobjects (Zack Rusin) - mm/huge_memory: do not overkill when splitting huge_zero_page (Xu Yu) - Revert mm/memory-failure.c: skip huge_zero_page in memory_failure() (Xu Yu) - ceph: fix setting of xattrs on async created inodes (Jeff Layton) - serial: 8250_mtk: Fix register address for XON/XOFF character (AngeloGioacchino Del Regno) - serial: 8250_mtk: Fix UART_EFR register address (AngeloGioacchino Del Regno) - fsl_lpuart: Dont enable interrupts too early (Indan Zupancic) - slimbus: qcom: Fix IRQ check in qcom_slim_probe (Miaoqian Lin) - USB: serial: option: add Fibocom MA510 modem (Sven Schwermer) - USB: serial: option: add Fibocom L610 modem (Sven Schwermer) - USB: serial: qcserial: add support for Sierra Wireless EM7590 (Ethan Yang) - USB: serial: pl2303: add device id for HP LM930 Display (Scott Chen) - usb: typec: tcpci_mt6360: Update for BMC PHY setting (ChiYuan Huang) - usb: typec: tcpci: Dont skip cleanup in .remove() on error (Uwe Kleine-Konig) - usb: cdc-wdm: fix reading stuck on device close (Sergey Ryazanov) - tty: n_gsm: fix mux activation issues in gsm_config() (Daniel Starke) - tty: n_gsm: fix buffer over-read in gsm_dlci_data() (Daniel Starke) - tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (Yang Yingliang) - x86/mm: Fix marking of unused sub-pmd ranges (Adrian-Ken Rueegsegger) - usb: xhci-mtk: fix fs isocs transfer error (Chunfeng Yun) - KVM: PPC: Book3S PR: Enable MSR_DR for switch_mmu_context() (Alexander Graf) - firmware_loader: use kernel credentials when reading firmware (Thiebaud Weksteen) - interconnect: Restore sync state by ignoring ipa-virt in provider count (Stephen Boyd) - tcp: drop the hash_32() part from the index calculation (Willy Tarreau) - tcp: increase source port perturb table to 2^16 (Willy Tarreau) - tcp: dynamically allocate the perturb table used by source ports (Willy Tarreau) - tcp: add small random increments to the source port (Willy Tarreau) - tcp: resalt the secret every 10 seconds (Eric Dumazet) - tcp: use different parts of the port_offset for index and offset (Willy Tarreau) - secure_seq: use the 64 bits of the siphash for port offset calculation (Willy Tarreau) - net: sfp: Add tx-fault workaround for Huawei MA5671A SFP ONT (Matthew Hagan) - net: emaclite: Dont advertise 1000BASE-T and do auto negotiation (Shravya Kumbham) - ASoC: SOF: Fix NULL pointer exception in sof_pci_probe callback (Ajit Kumar Pandey) - s390: disable -Warray-bounds (Sven Schnelle) - ASoC: ops: Validate input values in snd_soc_put_volsw_range() (Mark Brown) - ASoC: max98090: Generate notifications on changes for custom control (Mark Brown) - ASoC: max98090: Reject invalid values in custom control put() (Mark Brown) - iommu: arm-smmu: disable large page mappings for Nvidia arm-smmu (Ashish Mhetre) - RDMA/irdma: Fix deadlock in irdma_cleanup_cm_core() (Duoming Zhou) - hwmon: (f71882fg) Fix negative temperature (Ji-Ze Hong (Peter Hong)) - gfs2: Fix filesystem block deallocation for short writes (Andreas Gruenbacher) - drm/vmwgfx: Fix fencing on SVGAv3 (Zack Rusin) - tls: Fix context leak on tls_device_down (Maxim Mikityanskiy) - net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() (Taehee Yoo) - net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending (Guangguan Wang) - net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down() (Florian Fainelli) - drm/vc4: hdmi: Fix build error for implicit function declaration (Hui Tang) - net: bcmgenet: Check for Wake-on-LAN interrupt probe deferral (Florian Fainelli) - net: ethernet: mediatek: ppe: fix wrong size passed to memset() (Yang Yingliang) - net/sched: act_pedit: really ensure the skb is writable (Paolo Abeni) - s390/lcs: fix variable dereferenced before check (Alexandra Winter) - s390/ctcm: fix potential memory leak (Alexandra Winter) - s390/ctcm: fix variable dereferenced before check (Alexandra Winter) - virtio: fix virtio transitional ids (Shunsuke Mie) - arm64: vdso: fix makefile dependency on vdso.so (Joey Gouly) - selftests: vm: Makefile: rename TARGETS to VMTARGETS (Joel Savitz) - procfs: prevent unprivileged processes accessing fdinfo dir (Kalesh Singh) - hwmon: (ltq-cputemp) restrict it to SOC_XWAY (Randy Dunlap) - dim: initialize all struct fields (Jesse Brandeburg) - ionic: fix missing pci_release_regions() on error in ionic_probe() (Yang Yingliang) - nfs: fix broken handling of the softreval mount option (Dan Aloni) - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (Johannes Berg) - net: sfc: fix memory leak due to ptp channel (Taehee Yoo) - sfc: Use swap() instead of open coding it (Jiapeng Chong) - fbdev: efifb: Fix a use-after-free due early fb_info cleanup (Javier Martinez Canillas) - net: chelsio: cxgb4: Avoid potential negative array offset (Kees Cook) - netlink: do not reset transport header in netlink_recvmsg() (Eric Dumazet) - drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (Christophe JAILLET) - ipv4: drop dst in multicast routing path (Lokesh Dhoundiyal) - ice: fix PTP stale Tx timestamps cleanup (Michal Michalik) - ice: Fix race during aux device (un)plugging (Ivan Vecera) - platform/surface: aggregator: Fix initialization order when compiling as builtin module (Maximilian Luz) - fbdev: vesafb: Cleanup fb_info in .fb_destroy rather than .remove (Javier Martinez Canillas) - fbdev: efifb: Cleanup fb_info in .fb_destroy rather than .remove (Javier Martinez Canillas) - fbdev: simplefb: Cleanup fb_info in .fb_destroy rather than .remove (Javier Martinez Canillas) - net: mscc: ocelot: avoid corrupting hardware counters when moving VCAP filters (Vladimir Oltean) - net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0 (Vladimir Oltean) - net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups (Vladimir Oltean) - net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in hardware when deleted (Vladimir Oltean) - net: Fix features skip in for_each_netdev_feature() (Tariq Toukan) - mac80211: Reset MBSSID parameters upon connection (Manikanta Pubbisetty) - hwmon: (tmp401) Add OF device ID table (Camel Guo) - iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (Guenter Roeck) - batman-adv: Dont skb_split skbuffs with frag_list (Sven Eckelmann) - LTS version: v5.15.40 (Jack Vogel) - mm: fix invalid page pointer returned with FOLL_PIN gups (Peter Xu) - mm/mlock: fix potential imbalanced rlimit ucounts adjustment (Miaohe Lin) - mm/hwpoison: fix error page recovered but reported not recovered (Naoya Horiguchi) - mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic() (Muchun Song) - mm: shmem: fix missing cache flush in shmem_mfill_atomic_pte() (Muchun Song) - mm: hugetlb: fix missing cache flush in copy_huge_page_from_user() (Muchun Song) - mm: fix missing cache flush for all tail pages of compound page (Muchun Song) - udf: Avoid using stale lengthOfImpUse (Jan Kara) - rfkill: uapi: fix RFKILL_IOCTL_MAX_SIZE ioctl request definition (Gleb Fotengauer-Malinovskiy) - Bluetooth: Fix the creation of hdev->name (Itay Iellin) - tools arch: Update arch/x86/lib/mem{cpy,set}_64.S copies used in perf bench mem memcpy (Arnaldo Carvalho de Melo) - kbuild: move objtool_args back to scripts/Makefile.build (Masahiro Yamada) - LTS version: v5.15.39 (Jack Vogel) - PCI: aardvark: Update comment about link going down after link-up (Marek Behun) - PCI: aardvark: Drop __maybe_unused from advk_pcie_disable_phy() (Marek Behun) - PCI: aardvark: Dont mask irq when mapping (Pali Rohar) - PCI: aardvark: Remove irq_mask_ack() callback for INTx interrupts (Pali Rohar) - PCI: aardvark: Use separate INTA interrupt for emulated root bridge (Pali Rohar) - PCI: aardvark: Fix support for PME requester on emulated bridge (Pali Rohar) - PCI: aardvark: Add support for PME interrupts (Pali Rohar) - PCI: aardvark: Optimize writing PCI_EXP_RTCTL_PMEIE and PCI_EXP_RTSTA_PME on emulated bridge (Pali Rohar) - PCI: aardvark: Add support for ERR interrupt on emulated bridge (Pali Rohar) - PCI: aardvark: Enable MSI-X support (Pali Rohar) - PCI: aardvark: Fix setting MSI address (Pali Rohar) - PCI: aardvark: Add support for masking MSI interrupts (Pali Rohar) - PCI: aardvark: Refactor unmasking summary MSI interrupt (Pali Rohar) - PCI: aardvark: Use dev_fwnode() instead of of_node_to_fwnode(dev->of_node) (Marek Behun) - PCI: aardvark: Make msi_domain_info structure a static driver structure (Marek Behun) - PCI: aardvark: Make MSI irq_chip structures static driver structures (Marek Behun) - PCI: aardvark: Check return value of generic_handle_domain_irq() when processing INTx IRQ (Pali Rohar) - PCI: aardvark: Rewrite IRQ code to chained IRQ handler (Pali Rohar) - PCI: aardvark: Replace custom PCIE_CORE_INT_* macros with PCI_INTERRUPT_* (Pali Rohar) - PCI: aardvark: Disable common PHY when unbinding driver (Pali Rohar) - PCI: aardvark: Disable link training when unbinding driver (Pali Rohar) - PCI: aardvark: Assert PERST# when unbinding driver (Pali Rohar) - PCI: aardvark: Fix memory leak in driver unbind (Pali Rohar) - PCI: aardvark: Mask all interrupts when unbinding driver (Pali Rohar) - PCI: aardvark: Disable bus mastering when unbinding driver (Pali Rohar) - PCI: aardvark: Comment actions in driver remove method (Pali Rohar) - PCI: aardvark: Clear all MSIs at setup (Pali Rohar) - PCI: aardvark: Add support for DEVCAP2, DEVCTL2, LNKCAP2 and LNKCTL2 registers on emulated bridge (Pali Rohar) - PCI: pci-bridge-emul: Add definitions for missing capabilities registers (Pali Rohar) - PCI: pci-bridge-emul: Add description for class_revision field (Pali Rohar) - rcu: Apply callbacks processing time limit only on softirq (Frederic Weisbecker) - rcu: Fix callbacks processing time limit retaining cond_resched() (Frederic Weisbecker) - Revert parisc: Mark sched_clock unstable only if clocks are not syncronized (Helge Deller) - mmc: rtsx: add 74 Clocks in power on flow (Ricky WU) - selftest/vm: verify remap destination address in mremap_test (Sidhartha Kumar) - selftest/vm: verify mmap addr in mremap_test (Sidhartha Kumar) - KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (Wanpeng Li) - KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (Paolo Bonzini) - KVM: x86: Do not change ICR on write to APIC_SELF_IPI (Paolo Bonzini) - x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (Wanpeng Li) - KVM: selftests: Silence compiler warning in the kvm_page_table_test (Thomas Huth) - kvm: selftests: do not use bitfields larger than 32-bits for PTEs (Paolo Bonzini) - iommu/dart: Add missing module owner to ops structure (Hector Martin) - net/mlx5e: Lag, Dont skip fib events on current dst (Vlad Buslov) - net/mlx5e: Lag, Fix fib_info pointer assignment (Vlad Buslov) - net/mlx5e: Lag, Fix use-after-free in fib event handler (Vlad Buslov) - net/mlx5: Fix slab-out-of-bounds while reading resource dump menu (Aya Levin) - fbdev: Make fb_release() return -ENODEV if fbdev was unregistered (Javier Martinez Canillas) - kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (Sandipan Das) - gpio: mvebu: drop pwm base assignment (Baruch Siach) - drm/amdgpu: Ensure HDA function is suspended before ASIC reset (Kai-Heng Feng) - drm/amdgpu: dont set s3 and s0ix at the same time (Mario Limonciello) - drm/amdgpu: explicitly check for s0ix when evicting resources (Mario Limonciello) - drm/amdgpu: unify BO evicting method in amdgpu_ttm (Nirmoy Das) - btrfs: always log symlinks in full mode (Filipe Manana) - btrfs: force v2 space cache usage for subpage mount (Qu Wenruo) - smsc911x: allow using IRQ0 (Sergey Shtylyov) - selftests: ocelot: tc_flower_chains: specify conform-exceed action for policer (Vladimir Oltean) - bnxt_en: Fix unnecessary dropping of RX packets (Michael Chan) - bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (Somnath Kotur) - selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational (Ido Schimmel) - rxrpc: Enable IPv6 checksums on transport socket (David Howells) - mld: respect RCU rules in ip6_mc_source() and ip6_mc_msfilter() (Eric Dumazet) - hinic: fix bug of wq out of bound access (Qiao Ma) - btrfs: do not BUG_ON() on failure to update inode when setting xattr (Filipe Manana) - drm/msm/dp: remove fail safe mode related code (Kuogee Hsieh) - selftests/net: so_txtime: usage(): fix documentation of default clock (Marc Kleine-Budde) - selftests/net: so_txtime: fix parsing of start time stamp on 32 bit systems (Marc Kleine-Budde) - net: emaclite: Add error handling for of_address_to_resource() (Shravya Kumbham) - net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter() (Eric Dumazet) - net: cpsw: add missing of_node_put() in cpsw_probe_dt() (Yang Yingliang) - net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller (Niels Dossche) - net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux() (Yang Yingliang) - net: dsa: mt7530: add missing of_node_put() in mt7530_setup() (Yang Yingliang) - net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init() (Yang Yingliang) - NFSv4: Dont invalidate inode attributes on delegation return (Trond Myklebust) - RDMA/irdma: Fix possible crash due to NULL netdev in notifier (Mustafa Ismail) - RDMA/irdma: Reduce iWARP QP destroy time (Shiraz Saleem) - RDMA/irdma: Flush iWARP QP if modified to ERR from RTR state (Tatyana Nikolova) - RDMA/siw: Fix a condition race issue in MPA request processing (Cheng Xu) - SUNRPC release the transport of a relocated task with an assigned transport (Olga Kornievskaia) - selftests/seccomp: Dont call read() on TTY from background pgrp (Jann Horn) - net/mlx5: Fix deadlock in sync reset flow (Moshe Shemesh) - net/mlx5: Avoid double clear or set of sync reset requested (Moshe Shemesh) - net/mlx5e: Fix the calling of update_buffer_lossy() API (Mark Zhang) - net/mlx5e: CT: Fix queued up restore put() executing after relevant ft release (Paul Blakey) - net/mlx5e: Dont match double-vlan packets if cvlan is not set (Vlad Buslov) - net/mlx5e: Fix trust state reset in reload (Moshe Tal) - iommu/dart: check return value after calling platform_get_resource() (Yang Yingliang) - iommu/vt-d: Drop stop marker messages (Lu Baolu) - ASoC: soc-ops: fix error handling (Pierre-Louis Bossart) - ASoC: dmaengine: Restore NULL prepare_slave_config() callback (Codrin Ciubotariu) - hwmon: (pmbus) disable PEC if not enabled (Adam Wujek) - hwmon: (adt7470) Fix warning on module removal (Armin Wolf) - gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (Puyou Lu) - gpio: visconti: Fix fwnode of GPIO IRQ (Nobuhiro Iwamatsu) - NFC: netlink: fix sleep in atomic bug when firmware download timeout (Duoming Zhou) - nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (Duoming Zhou) - nfc: replace improper check device_is_registered() in netlink related functions (Duoming Zhou) - can: grcan: only use the NAPI poll budget for RX (Andreas Larsson) - can: grcan: grcan_probe(): fix broken system id check for errata workaround needs (Andreas Larsson) - can: grcan: use ofdev->dev when allocating DMA memory (Daniel Hellstrom) - can: isotp: remove re-binding of bound socket (Oliver Hartkopp) - can: grcan: grcan_close(): fix deadlock (Duoming Zhou) - s390/dasd: Fix read inconsistency for ESE DASD devices (Jan Hoppner) - s390/dasd: Fix read for ESE with blksize < 4k (Jan Hoppner) - s390/dasd: prevent double format of tracks for ESE devices (Stefan Haberland) - s390/dasd: fix data corruption for ESE devices (Stefan Haberland) - ASoC: meson: Fix event generation for AUI CODEC mux (Mark Brown) - ASoC: meson: Fix event generation for G12A tohdmi mux (Mark Brown) - ASoC: meson: Fix event generation for AUI ACODEC mux (Mark Brown) - ASoC: wm8958: Fix change notifications for DSP controls (Mark Brown) - ASoC: da7219: Fix change notifications for tone generator frequency (Mark Brown) - genirq: Synchronize interrupt thread startup (Thomas Pfaff) - net: stmmac: disable Split Header (SPH) for Intel platforms (Tan Tee Min) - firewire: core: extend card->lock in fw_core_handle_bus_reset (Niels Dossche) - firewire: remove check of list iterator against head past the loop body (Jakob Koschel) - firewire: fix potential uaf in outbound_phy_packet_callback() (Chengfeng Ye) - timekeeping: Mark NMI safe time accessors as notrace (Kurt Kanzenbach) - Revert SUNRPC: attempt AF_LOCAL connect on setup (Trond Myklebust) - RISC-V: relocate DTB if its outside memory region (Nick Kossifidis) - drm/amdgpu: do not use passthrough mode in Xen dom0 (Marek Marczykowski-Gorecki) - drm/amd/display: Avoid reading audio pattern past AUDIO_CHANNELS_COUNT (Harry Wentland) - iommu/arm-smmu-v3: Fix size calculation in arm_smmu_mm_invalidate_range() (Nicolin Chen) - iommu/vt-d: Calculate mask for non-aligned flushes (David Stevens) - KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id (Kyle Huey) - x86/fpu: Prevent FPU state corruption (Thomas Gleixner) - gpiolib: of: fix bounds check for gpio-reserved-ranges (Andrei Lalaev) - mmc: core: Set HS clock speed before sending HS CMD13 (Brian Norris) - mmc: sunxi-mmc: Fix DMA descriptors allocated above 32 bits (Samuel Holland) - mmc: sdhci-msm: Reset GCC_SDCC_BCR register for SDHC (Shaik Sajida Bhanu) - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (Takashi Sakamoto) - ALSA: hda/realtek: Add quirk for Yoga Duet 7 13ITL6 speakers (Zihao Wang) - parisc: Merge model and model name into one line in /proc/cpuinfo (Helge Deller) - MIPS: Fix CP0 counter erratum detection for R4k CPUs (Maciej W. Rozycki) - LTS version: v5.15.38 (Jack Vogel) - powerpc/64: Add UADDR64 relocation support (Alexey Kardashevskiy) - objtool: Fix type of reloc::addend (Peter Zijlstra) - objtool: Fix code relocs vs weak symbols (Peter Zijlstra) - eeprom: at25: Use DMA safe buffers (Christophe Leroy) - perf symbol: Remove arch__symbols__fixup_end() (Namhyung Kim) - tty: n_gsm: fix software flow control handling (Daniel Starke) - tty: n_gsm: fix incorrect UA handling (Daniel Starke) - tty: n_gsm: fix reset fifo race condition (Daniel Starke) - tty: n_gsm: fix missing tty wakeup in convergence layer type 2 (Daniel Starke) - tty: n_gsm: fix wrong signal octets encoding in MSC (Daniel Starke) - tty: n_gsm: fix wrong command frame length field encoding (Daniel Starke) - tty: n_gsm: fix wrong command retry handling (Daniel Starke) - tty: n_gsm: fix missing explicit ldisc flush (Daniel Starke) - tty: n_gsm: fix wrong DLCI release order (Daniel Starke) - tty: n_gsm: fix insufficient txframe size (Daniel Starke) - netfilter: nft_socket: only do sk lookups when indev is available (Florian Westphal) - tty: n_gsm: fix malformed counter for out of frame data (Daniel Starke) - tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (Daniel Starke) - tty: n_gsm: fix mux cleanup after unregister tty device (Daniel Starke) - tty: n_gsm: fix decoupled mux resource (Daniel Starke) - tty: n_gsm: fix restart handling via CLD command (Daniel Starke) - perf symbol: Update symbols__fixup_end() (Namhyung Kim) - perf symbol: Pass is_kallsyms to symbols__fixup_end() (Namhyung Kim) - x86/cpu: Load microcode during restore_processor_state() (Borislav Petkov) - ARM: dts: imx8mm-venice-gw{71xx,72xx,73xx}: fix OTG controller OC mode (Tim Harvey) - ARM: dts: at91: sama7g5ek: enable pull-up on flexcom3 console lines (Eugen Hristev) - btrfs: fix leaked plug after failure syncing log on zoned filesystems (Filipe Manana) - thermal: int340x: Fix attr.show callback prototype (Kees Cook) - ACPI: processor: idle: Avoid falling back to C3 type C-states (Ville Syrjala) - net: ethernet: stmmac: fix write to sgmii_adapter_base (Dinh Nguyen) - drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (Imre Deak) - drm/i915: Check EDID for HDR static metadata when choosing blc (Jouni Hogander) - netfilter: Update ip6_route_me_harder to consider L3 domain (Martin Willi) - mtd: rawnand: qcom: fix memory corruption that causes panic (Md Sadre Alam) - kasan: prevent cpu_quarantine corruption when CPU offline and cache shrink occur at same time (Zqiang) - zonefs: Clear inode information flags on inode creation (Damien Le Moal) - zonefs: Fix management of open zones (Damien Le Moal) - Revert ACPI: processor: idle: fix lockup regression on 32-bit ThinkPad T40 (Ville Syrjala) - selftest/vm: verify remap destination address in mremap_test (Sidhartha Kumar) - selftest/vm: verify mmap addr in mremap_test (Sidhartha Kumar) - powerpc/perf: Fix 32bit compile (Alexey Kardashevskiy) - drivers: net: hippi: Fix deadlock in rr_close() (Duoming Zhou) - cifs: destage any unwritten data to the server before calling copychunk_write (Ronnie Sahlberg) - x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (Mikulas Patocka) - bonding: do not discard lowest hash bit for non layer3+4 hashing (suresh kumar) - ksmbd: set fixed sector size to FS_SECTOR_SIZE_INFORMATION (Namjae Jeon) - ksmbd: increment reference count of parent fp (Namjae Jeon) - arch: xtensa: platforms: Fix deadlock in rs_close() (Duoming Zhou) - ext4: fix bug_on in start_this_handle during umount filesystem (Ye Bin) - ASoC: wm8731: Disable the regulator when probing fails (Zheyu Ma) - ASoC: Intel: soc-acpi: correct device endpoints for max98373 (Chao Song) - tcp: fix F-RTO may not work correctly when receiving DSACK (Pengcheng Yang) - Revert ibmvnic: Add ethtool private flag for driver-defined queue limits (Dany Madden) - ixgbe: ensure IPsec VF<->PF compatibility (Leon Romanovsky) - perf arm-spe: Fix addresses of synthesized SPE events (Timothy Hayes) - gfs2: No short reads or writes upon glock contention (Andreas Gruenbacher) - gfs2: Make sure not to return short direct writes (Andreas Gruenbacher) - gfs2: Minor retry logic cleanup (Andreas Gruenbacher) - gfs2: Prevent endless loops in gfs2_file_buffered_write (Andreas Gruenbacher) - net: fec: add missing of_node_put() in fec_enet_init_stop_mode() (Yang Yingliang) - bnx2x: fix napi API usage sequence (Manish Chopra) - tls: Skip tls_append_frag on zero copy size (Maxim Mikityanskiy) - drm/amd/display: Fix memory leak in dcn21_clock_source_create (Miaoqian Lin) - drm/amdkfd: Fix GWS queue count (David Yat Sin) - netfilter: conntrack: fix udp offload timeout sysctl (Volodymyr Mytnyk) - io_uring: check reserved fields for recv/recvmsg (Jens Axboe) - io_uring: check reserved fields for send/sendmsg (Jens Axboe) - net: dsa: lantiq_gswip: Dont set GSWIP_MII_CFG_RMII_CLK (Martin Blumenstingl) - drm/sun4i: Remove obsolete references to PHYS_OFFSET (Samuel Holland) - net: dsa: mv88e6xxx: Fix port_hidden_wait to account for port_base_addr (Nathan Rossi) - net: phy: marvell10g: fix return value on error (Baruch Siach) - net: bcmgenet: hide status block before TX timestamping (Jonathan Lemon) - cpufreq: qcom-cpufreq-hw: Clear dcvs interrupts (Vladimir Zapolskiy) - clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (Yang Yingliang) - bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (Christophe JAILLET) - tcp: make sure treq->af_specific is initialized (Eric Dumazet) - tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT (Eric Dumazet) - ip_gre, ip6_gre: Fix race condition on o_seqno in collect_md mode (Peilin Ye) - ip6_gre: Make o_seqno start from 0 in native mode (Peilin Ye) - ip_gre: Make o_seqno start from 0 in native mode (Peilin Ye) - net/smc: sync err code when tcp connection was refused (liuyacan) - net: hns3: add return value for mailbox handling in PF (Jian Shen) - net: hns3: add validity check for message data length (Jian Shen) - net: hns3: modify the return code of hclge_get_ring_chain_from_mbx (Jie Wang) - net: hns3: clear inited state and stop client after failed to register netdev (Jian Shen) - cpufreq: fix memory leak in sun50i_cpufreq_nvmem_probe (Xiaobing Luo) - pinctrl: pistachio: fix use of irq_of_parse_and_map() (Lv Ruyi) - arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock (Fabio Estevam) - ARM: dts: imx6ull-colibri: fix vqmmc regulator (Max Krummenacher) - sctp: check asoc strreset_chunk in sctp_generate_reconf_event (Xin Long) - wireguard: device: check for metadata_dst with skb_valid_dst() (Nikolay Aleksandrov) - tcp: ensure to use the most recently sent skb when filling the rate sample (Pengcheng Yang) - pinctrl: stm32: Keep pinctrl block clock enabled when LEVEL IRQ requested (Marek Vasut) - tcp: md5: incorrect tcp_header_len for incoming connections (Francesco Ruggeri) - pinctrl: rockchip: fix RK3308 pinmux bits (Luca Ceresoli) - bpf, lwt: Fix crash when using bpf_skb_set_tunnel_key() from bpf_xmit lwt hook (Eyal Birger) - netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (Pablo Neira Ayuso) - net: dsa: Add missing of_node_put() in dsa_port_link_register_of (Miaoqian Lin) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-2588 cpe:/o:oracle:linux:9:0:baseos_patch cpe:/a:oracle:linux:8::UEKR7 cpe:/a:oracle:linux:9::UEKR7 cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 8 Oracle Linux 9 [5.15.0-1.43.4.2] - rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 33981854] {CVE-2022-21385} IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21385 cpe:/o:oracle:linux:9:0:baseos_patch cpe:/a:oracle:linux:8::UEKR7 cpe:/a:oracle:linux:9::UEKR7 cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [3.0.1-41.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.1-41] - Zeroize public keys as required by FIPS 140-3 Resolves: rhbz#2115861 - Add FIPS indicator for HKDF Resolves: rhbz#2118388 [1:3.0.1-40] - Deal with DH keys in FIPS mode according FIPS-140-3 requirements Related: rhbz#2115856 - Deal with ECDH keys in FIPS mode according FIPS-140-3 requirements Related: rhbz#2115857 - Use signature for RSA pairwise test according FIPS-140-3 requirements Related: rhbz#2115858 - Reseed all the parent DRBGs in chain on reseeding a DRBG Related: rhbz#2115859 - Zeroization according to FIPS-140-3 requirements Related: rhbz#2115861 [1:3.0.1-39] - Use RSA-OAEP in FIPS RSA encryption/decryption FIPS self-test - Use Use digest_sign & digest_verify in FIPS signature self test - Use FFDHE2048 in Diffie-Hellman FIPS self-test Resolves: rhbz#2112978 [1:3.0.1-38] - Fix segfault in EVP_PKEY_Q_keygen() when OpenSSL was not previously initialized. Resolves: rhbz#2107530 - Improve AES-GCM performance on Power9 and Power10 ppc64le Resolves: rhbz#2103044 - Improve ChaCha20 performance on Power10 ppc64le Resolves: rhbz#2103044 [1:3.0.1-37] - CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 Resolves: CVE-2022-2097 [1:3.0.1-36] - Ciphersuites with RSAPSK KX should be filterd in FIPS mode - Related: rhbz#2091994 - FIPS provider should block RSA encryption for key transport. - Other RSA encryption options should still be available if key length is enough - Related: rhbz#2091977 - Improve diagnostics when passing unsupported groups in TLS - Related: rhbz#2086554 - Fix PPC64 Montgomery multiplication bug - Related: rhbz#2101346 - Strict certificates validation shouldn't allow explicit EC parameters - Related: rhbz#2085521 - CVE-2022-2068: the c_rehash script allows command injection - Related: rhbz#2098276 [1:3.0.1-35] - Add explicit indicators for signatures in FIPS mode and mark signature primitives as unapproved. Resolves: rhbz#2087234 [1:3.0.1-34] - Some OpenSSL test certificates are expired, updating - Resolves: rhbz#2095696 [1:3.0.1-33] - CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory - Resolves: rhbz#2089443 - CVE-2022-1343 openssl: Signer certificate verification returned inaccurate response when using OCSP_NOCHECKS - Resolves: rhbz#2089439 - CVE-2022-1292 openssl: c_rehash script allows command injection - Resolves: rhbz#2090361 - Revert 'Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode' Related: rhbz#2087234 - Use KAT for ECDSA signature tests, s390 arch - Resolves: rhbz#2086866 [1:3.0.1-32] - openssl ecparam -list_curves lists only FIPS-approved curves in FIPS mode - Resolves: rhbz#2091929 - Ciphersuites with RSA KX should be filterd in FIPS mode - Related: rhbz#2091994 - In FIPS mode, signature verification works with keys of arbitrary size above 2048 bit, and only with 1024, 1280, 1536, 1792 bits for keys below 2048 bits - Resolves: rhbz#2091938 [1:3.0.1-31] - Disable SHA-1 signature verification in FIPS mode - Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode Resolves: rhbz#2087234 [1:3.0.1-30] - Use KAT for ECDSA signature tests - Resolves: rhbz#2086866 [1:3.0.1-29] - -config argument of openssl app should work properly in FIPS mode - Resolves: rhbz#2085500 - openssl req defaults on PKCS#8 encryption changed to AES-256-CBC - Resolves: rhbz#2085499 [1:3.0.1-28] - OpenSSL should not accept custom elliptic curve parameters - Resolves rhbz#2085508 - OpenSSL should not accept explicit curve parameters in FIPS mode - Resolves rhbz#2085521 [1:3.0.1-27] - Change FIPS module version to include hash of specfile, patches and sources Resolves: rhbz#2082585 [1:3.0.1-26] - OpenSSL FIPS module should not build in non-approved algorithms Resolves: rhbz#2082584 [1:3.0.1-25] - FIPS provider should block RSA encryption for key transport. - Other RSA encryption options should still be available - Resolves: rhbz#2053289 [1:3.0.1-24] - Fix occasional internal error in TLS when DHE is used Resolves: rhbz#2080323 MODERATE Copyright 2022 Oracle, Inc. CVE-2022-2068 CVE-2022-2097 CVE-2022-1473 CVE-2022-1292 CVE-2022-1343 cpe:/a:oracle:linux:9::userspace_ksplice Oracle Linux 9 [0.11.1-10.el9_0.2] - Fixed ruby socket permissions - Resolves: rhbz#2116839 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-2735 cpe:/a:oracle:linux:9::addons Oracle Linux 8 Oracle Linux 9 [5.15.0-2.52.3] - posix-cpu-timers: Cleanup CPU timers before freeing them during exec (Thadeu Lima de Souza Cascardo) [Orabug: 34495548] {CVE-2022-2585} - fix race between exit_itimers() and /proc/pid/timers (Oleg Nesterov) [Orabug: 34495548] - rds: ib: Add preemption control when using per-cpu variables (Hakon Bugge) [Orabug: 34505120] - ocfs2: fix handle refcount leak in two exception handling paths (Chenyuan Mi) [Orabug: 34436530] - netfilter: nf_tables: do not allow RULE_ID to refer to another chain (Thadeu Lima de Souza Cascardo) [Orabug: 34495566] {CVE-2022-2586} - netfilter: nf_tables: do not allow CHAIN_ID to refer to another table (Thadeu Lima de Souza Cascardo) [Orabug: 34495566] {CVE-2022-2586} - netfilter: nf_tables: do not allow SET_ID to refer to another table (Thadeu Lima de Souza Cascardo) [Orabug: 34495566] {CVE-2022-2586} - rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 34510687] {CVE-2022-21385} - kernfs: Replace global kernfs_open_file_mutex with hashed mutexes. (Imran Khan) [Orabug: 34476940] - kernfs: Introduce interface to access global kernfs_open_file_mutex. (Imran Khan) [Orabug: 34476940] - kernfs: make ->attr.open RCU protected. (Imran Khan) [Orabug: 34476940] - kernfs: Rename kernfs_put_open_node to kernfs_unlink_open_file. (Imran Khan) [Orabug: 34476940] - kernfs: Remove reference counting for kernfs_open_node. (Imran Khan) [Orabug: 34476940] - Revert net/rds: Connect TCP backends deterministically (Gerd Rausch) [Orabug: 34476561] - rds/ib: handle posted ACK during connection shutdown (Rohit Nair) [Orabug: 34465808] - rds/ib: reap tx completions during connection shutdown (Rohit Nair) [Orabug: 34465808] - uek-rpm: Set CONFIG_VSOCKETS=m and CONFIG_VSOCKETS_DIAG=m (Victor Erminpour) [Orabug: 34461322] - scsi: target: Fix WRITE_SAME No Data Buffer crash (Mike Christie) [Orabug: 34419970] {CVE-2022-21546} - rds/rdma: destroy CQs during user initiated rds connection resets (Rohit Nair) [Orabug: 34414238] [5.15.0-2.52.2] - PCI: pciehp: Add quirk to handle spurious DLLSC on a x4x4 SSD (Thomas Tai) [Orabug: 34358322] - net/mlx5: E-Switch, change VFs default admin state to auto in switchdev (Maor Dickman) [Orabug: 34477072] - xen/manage: Use orderly_reboot() to reboot (Ross Lagerwall) [Orabug: 34480751] - net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34484536] {CVE-2022-2588} [5.15.0-2.52.1] - LTS version: v5.15.52 (Jack Vogel) - io_uring: fix not locked access to fixed buf table (Pavel Begunkov) - net: mscc: ocelot: allow unregistered IP multicast flooding to CPU (Vladimir Oltean) - rtw88: rtw8821c: enable rfe 6 devices (Ping-Ke Shih) - rtw88: 8821c: support RFE type4 wifi NIC (Guo-Feng Fan) - fs: account for group membership (Christian Brauner) - fs: fix acl translation (Christian Brauner) - fs: support mapped mounts of mapped filesystems (Christian Brauner) - fs: add i_user_ns() helper (Christian Brauner) - fs: port higher-level mapping helpers (Christian Brauner) - fs: remove unused low-level mapping helpers (Christian Brauner) - fs: use low-level mapping helpers (Christian Brauner) - docs: update mapping documentation (Christian Brauner) - fs: account for filesystem mappings (Christian Brauner) - fs: tweak fsuidgid_has_mapping() (Christian Brauner) - fs: move mapping helpers (Christian Brauner) - fs: add is_idmapped_mnt() helper (Christian Brauner) - powerpc/ftrace: Remove ftrace init tramp once kernel init is complete (Naveen N. Rao) - xfs: Fix the free logic of state in xfs_attr_node_hasname (Yang Xu) - xfs: use kmem_cache_free() for kmem_cache objects (Rustam Kovhaev) - bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (Coly Li) - tick/nohz: unexport __init-annotated tick_nohz_full_setup() (Masahiro Yamada) - LTS version: v5.15.51 (Jack Vogel) - powerpc/pseries: wire up rng during setup_arch() (Jason A. Donenfeld) - kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt) (Masahiro Yamada) - dma-direct: use the correct size for dma_set_encrypted() (Dexuan Cui) - perf build-id: Fix caching files with a wrong build ID (Adrian Hunter) - random: update comment from copy_to_user() -> copy_to_iter() (Jason A. Donenfeld) - ARM: dts: bcm2711-rpi-400: Fix GPIO line names (Stefan Wahren) - modpost: fix section mismatch check for exported init/exit sections (Masahiro Yamada) - ARM: cns3xxx: Fix refcount leak in cns3xxx_init (Miaoqian Lin) - memory: samsung: exynos5422-dmc: Fix refcount leak in of_get_dram_timings (Miaoqian Lin) - ARM: Fix refcount leak in axxia_boot_secondary (Miaoqian Lin) - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (Miaoqian Lin) - ARM: exynos: Fix refcount leak in exynos_map_pmu (Miaoqian Lin) - arm64: dts: ti: k3-am64-main: Remove support for HS400 speed mode (Aswath Govindraju) - ARM: dts: imx6qdl: correct PU regulator ramp delay (Lucas Stach) - ARM: dts: imx7: Move hsic_phy power domain to HSIC PHY node (Alexander Stein) - drm/msm/dp: Always clear mask bits to disable interrupts at dp_ctrl_reset_irq_ctrl() (Kuogee Hsieh) - powerpc/powernv: wire up rng during setup_arch (Jason A. Donenfeld) - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (Andrew Donnellan) - powerpc: Enable execve syscall exit tracepoint (Naveen N. Rao) - powerpc/microwatt: wire up rng during setup_arch() (Jason A. Donenfeld) - parisc: Enable ARCH_HAS_STRICT_MODULE_RWX (Helge Deller) - parisc/stifb: Fix fb_is_primary_device() only available with CONFIG_FB_STI (Helge Deller) - xtensa: Fix refcount leak bug in time.c (Liang He) - xtensa: xtfpga: Fix refcount leak bug in setup (Liang He) - iio: adc: ti-ads131e08: add missing fwnode_handle_put() in ads131e08_alloc_channels() (Jialin Zhang) - iio: adc: adi-axi-adc: Fix refcount leak in adi_axi_adc_attach_client (Miaoqian Lin) - iio: adc: rzg2l_adc: add missing fwnode_handle_put() in rzg2l_adc_parse_properties() (Jialin Zhang) - iio: adc: axp288: Override TS pin bias current for some models (Hans de Goede) - iio: adc: stm32: Fix IRQs on STM32F4 by removing custom spurious IRQs message (Yannick Brosseau) - iio: adc: stm32: Fix ADCs iteration in irq handler (Yannick Brosseau) - iio: afe: rescale: Fix boolean logic bug (Linus Walleij) - iio: imu: inv_icm42600: Fix broken icm42600 (chip id 0 value) (Jean-Baptiste Maneyrol) - iio: adc: stm32: fix maximum clock rate for stm32mp15x (Olivier Moysan) - iio: trigger: sysfs: fix use-after-free on remove (Vincent Whitchurch) - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (Zheyu Ma) - iio: accel: mma8452: ignore the return value of reset operation (Haibo Chen) - iio:accel:mxc4005: rearrange iio trigger get and register (Dmitry Rokosov) - iio:accel:bma180: rearrange iio trigger get and register (Dmitry Rokosov) - iio:accel:kxcjk-1013: rearrange iio trigger get and register (Dmitry Rokosov) - iio:chemical:ccs811: rearrange iio trigger get and register (Dmitry Rokosov) - iio:humidity:hts221: rearrange iio trigger get and register (Dmitry Rokosov) - f2fs: attach inline_data after setting compression (Jaegeuk Kim) - btrfs: fix deadlock with fsync+fiemap+transaction commit (Josef Bacik) - btrfs: dont set lock_owner when locking extent buffer for reading (Zygo Blaxell) - dt-bindings: usb: ehci: Increase the number of PHYs (Geert Uytterhoeven) - dt-bindings: usb: ohci: Increase the number of PHYs (Geert Uytterhoeven) - usb: chipidea: udc: check request status before setting device address (Xu Yang) - USB: gadget: Fix double-free bug in raw_gadget driver (Alan Stern) - usb: gadget: Fix non-unique driver names in raw-gadget driver (Alan Stern) - xhci-pci: Allow host runtime PM as default for Intel Meteor Lake xHCI (Utkarsh Patel) - xhci-pci: Allow host runtime PM as default for Intel Raptor Lake xHCI (Tanveer Alam) - xhci: turn off port power in shutdown (Mathias Nyman) - usb: typec: wcove: Drop wrong dependency to INTEL_SOC_PMIC (Andy Shevchenko) - iio: adc: vf610: fix conversion mode sysfs node name (Baruch Siach) - iio: magnetometer: yas530: Fix memchr_inv() misuse (Linus Walleij) - iio: mma8452: fix probe fail when device tree compatible is used. (Haibo Chen) - s390/cpumf: Handle events cycles and instructions identical (Thomas Richter) - gpio: winbond: Fix error code in winbond_gpio_get() (Dan Carpenter) - nvme: move the Samsung X5 quirk entry to the core quirks (Christoph Hellwig) - nvme-pci: add NO APST quirk for Kioxia device (Enzo Matsumiya) - sock: redo the psock vs ULP protection check (Jakub Kicinski) - Revert net/tls: fix tls_sk_proto_close executed repeatedly (Jakub Kicinski) - virtio_net: fix xdp_rxq_info bug after suspend/resume (Stephan Gerhold) - igb: Make DMA faster when CPU is active on the PCIe link (Kai-Heng Feng) - regmap-irq: Fix offset/index mismatch in read_sub_irq_data() (Aidan MacDonald) - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (Aidan MacDonald) - ice: ethtool: advertise 1000M speeds properly (Anatolii Gerasymenko) - afs: Fix dynamic root getattr (David Howells) - MIPS: Remove repetitive increase irq_err_count (huhai) - x86/xen: Remove undefined behavior in setup_features() (Julien Grall) - xen-blkfront: Handle NULL gendisk (Jason Andryuk) - selftests: netfilter: correct PKTGEN_SCRIPT_PATHS in nft_concat_range.sh (Jie2x Zhou) - udmabuf: add back sanity check (Gerd Hoffmann) - net/tls: fix tls_sk_proto_close executed repeatedly (Ziyang Xuan) - erspan: do not assume transport header is always set (Eric Dumazet) - perf arm-spe: Dont set data source if its not a memory operation (Leo Yan) - drm/msm/dp: force link training for display resolution change (Kuogee Hsieh) - drm/msm/dp: do not initialize phy until plugin interrupt received (Kuogee Hsieh) - drm/msm/dp: dp_link_parse_sink_count() return immediately if aux read failed (Kuogee Hsieh) - drm/msm/dp: Drop now unused hpd_high member (Bjorn Andersson) - drm/msm/dp: check core_initialized before disable interrupts at dp_display_unbind() (Kuogee Hsieh) - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (Miaoqian Lin) - net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (Peilin Ye) - ethtool: Fix get module eeprom fallback (Ivan Vecera) - bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (Jay Vosburgh) - igb: fix a use-after-free issue in igb_clean_tx_ring (Lorenzo Bianconi) - tipc: fix use-after-free Read in tipc_named_reinit (Hoang Le) - net: fix data-race in dev_isalive() (Eric Dumazet) - net: Write lock dev_base_lock without disabling bottom halves. (Sebastian Andrzej Siewior) - KVM: arm64: Prevent kmemleak from accessing pKVM memory (Quentin Perret) - phy: aquantia: Fix AN when higher speeds than 1G are not advertised (Claudiu Manoil) - scsi: storvsc: Correct reporting of Hyper-V I/O size limits (Saurabh Sengar) - bpf, x86: Fix tail call count offset calculation on bpf2bpf call (Jakub Sitnicki) - drm/sun4i: Fix crash during suspend after component bind failure (Samuel Holland) - bpf: Fix request_sock leak in sk lookup helpers (Jon Maxwell) - drm/msm: use for_each_sgtable_sg to iterate over scatterlist (Jonathan Marek) - xsk: Fix generic transmit when completion queue reservation fails (Ciara Loftus) - scsi: iscsi: Exclude zero from the endpoint ID range (Sergey Gorenko) - drm/msm: Switch ordering of runpm put vs devfreq_idle (Rob Clark) - scsi: scsi_debug: Fix zone transition to full condition (Damien Le Moal) - netfilter: use get_random_u32 instead of prandom (Florian Westphal) - drm/msm: Fix double pm_runtime_disable() call (Maximilian Luz) - drm/msm: Ensure mmap offset is initialized (Rob Clark) - USB: serial: option: add Quectel RM500K module support (Macpaul Lin) - USB: serial: option: add Quectel EM05-G modem (Yonglin Tan) - USB: serial: option: add Telit LE910Cx 0x1250 composition (Carlo Lobrano) - USB: serial: pl2303: add support for more HXN (G) types (Johan Hovold) - drm/i915: Implement w/a 22010492432 for adl-s (Ville Syrjala) - tracing/kprobes: Check whether get_kretprobe() returns NULL in kretprobe_dispatcher() (Masami Hiramatsu (Google)) - dm mirror log: clear log bits up to BITS_PER_LONG boundary (Mikulas Patocka) - dm era: commit metadata in postsuspend after worker stops (Nikos Tsironis) - ata: libata: add qc->flags in ata_qc_complete_template tracepoint (Edward Wu) - mtd: rawnand: gpmi: Fix setting busy timeout setting (Sascha Hauer) - MAINTAINERS: Add new IOMMU development mailing list (Joerg Roedel) - xen/gntdev: Avoid blocking in unmap_grant_pages() (Demi Marie Obenour) - mmc: mediatek: wait dma stop bit reset to 0 (Mengqi Zhang) - mmc: sdhci-pci-o2micro: Fix card detect by dealing with debouncing (Chevron Li) - scsi: ibmvfc: Allocate/free queue resource only during probe/remove (Tyrel Datwyler) - scsi: ibmvfc: Store vhost pointer during subcrq allocation (Tyrel Datwyler) - btrfs: add error messages to all unrecognized mount options (David Sterba) - btrfs: prevent remounting to v1 space cache for subpage mount (Qu Wenruo) - btrfs: fix hang during unmount when block group reclaim task is running (Filipe Manana) - 9p: fix fid refcount leak in v9fs_vfs_get_link (Dominique Martinet) - 9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl (Dominique Martinet) - 9p: Fix refcounting during full path walks for fid lookups (Tyler Hicks) - net: openvswitch: fix parsing of nw_proto for IPv6 fragments (Rosemarie ORiorden) - ALSA: hda/realtek: Add quirk for Clevo NS50PU (Tim Crawford) - ALSA: hda/realtek: Add quirk for Clevo PD70PNT (Tim Crawford) - ALSA: hda/realtek: Apply fixup for Lenovo Yoga Duet 7 properly (Takashi Iwai) - ALSA: hda/realtek - ALC897 headset MIC no sound (Kailang Yang) - ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (Soham Sen) - ALSA: hda/conexant: Fix missing beep setup (Takashi Iwai) - ALSA: hda/via: Fix missing beep setup (Takashi Iwai) - random: quiet urandom warning ratelimit suppression message (Jason A. Donenfeld) - random: schedule mix_interrupt_randomness() less often (Jason A. Donenfeld) - LTS version: v5.15.50 (Jack Vogel) - arm64: mm: Dont invalidate FROM_DEVICE buffers at start of DMA transfer (Will Deacon) - serial: core: Initialize rs485 RTS polarity already on probe (Lukas Wunner) - selftests/bpf: Add selftest for calling global functions from freplace (Toke Hoiland-Jorgensen) - bpf: Fix calling global functions from BPF_PROG_TYPE_EXT programs (Toke Hoiland-Jorgensen) - usb: gadget: u_ether: fix regression in setting fixed MAC address (Marian Postevca) - zonefs: fix zonefs_iomap_begin() for reads (Damien Le Moal) - drm/amd/display: Dont reinitialize DMCUB on s0ix resume (Nicholas Kazlauskas) - s390/mm: use non-quiescing sske for KVM switch to keyed guest (Christian Borntraeger) - LTS version: v5.15.49 (Jack Vogel) - clk: imx8mp: fix usb_root_clk parent (Peng Fan) (Masahiro Yamada) - virtio-pci: Remove wrong address verification in vp_del_vqs() (Murilo Opsfelder Araujo) - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (Andy Chi) - KVM: arm64: Dont read a HW interrupt pending state in user context (Marc Zyngier) - ext4: add reserved GDT blocks check (Zhang Yi) - ext4: make variable count signed (Ding Xiang) - ext4: fix bug_on ext4_mb_use_inode_pa (Baokun Li) - ext4: fix super block checksum incorrect after mount (Ye Bin) - cfi: Fix __cfi_slowpath_diag RCU usage with cpuidle (Sami Tolvanen) - drm/amd/display: Cap OLED brightness per max frame-average luminance (Roman Li) - dm mirror log: round up region bitmap size to BITS_PER_LONG (Mikulas Patocka) - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (Shinichiro Kawasaki) - serial: 8250: Store to lsr_save_flags after lsr read (Ilpo Jarvinen) - tty: n_gsm: Debug output allocation must use GFP_ATOMIC (Tony Lindgren) - usb: gadget: f_fs: change ep->ep safe in ffs_epfile_io() (Linyu Yuan) - usb: gadget: f_fs: change ep->status safe in ffs_epfile_io() (Linyu Yuan) - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (Miaoqian Lin) - usb: cdnsp: Fixed setting last_trb incorrectly (Jing Leng) - usb: dwc2: Fix memory leak in dwc2_hcd_init (Miaoqian Lin) - USB: serial: io_ti: add Agilent E5805A support (Robert Eckelmann) - USB: serial: option: add support for Cinterion MV31 with new baseline (Slark Xiao) - crypto: memneq - move into lib/ (Jason A. Donenfeld) - comedi: vmk80xx: fix expression for tx buffer size (Ian Abbott) - mei: me: add raptor lake point S DID (Alexander Usyskin) - mei: hbm: drop capability response on early shutdown (Alexander Usyskin) - i2c: designware: Use standard optional ref clock implementation (Serge Semin) - sched: Fix balance_push() vs __sched_setscheduler() (Peter Zijlstra) - irqchip/realtek-rtl: Fix refcount leak in map_interrupts (Miaoqian Lin) - irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions (Miaoqian Lin) - irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions (Miaoqian Lin) - irqchip/gic/realview: Fix refcount leak in realview_gic_of_init (Miaoqian Lin) - i2c: npcm7xx: Add check for platform_driver_register (Jiasheng Jiang) - faddr2line: Fix overlapping text section failures, the sequel (Josh Poimboeuf) - block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (Bart Van Assche) - init: Initialize noop_backing_dev_info early (Jan Kara) - certs/blacklist_hashes.c: fix const confusion in certs blacklist (Masahiro Yamada) - arm64: ftrace: consistently handle PLTs. (Mark Rutland) - arm64: ftrace: fix branch range checks (Mark Rutland) - net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (Duoming Zhou) - net: bgmac: Fix an erroneous kfree() in bgmac_remove() (Christophe JAILLET) - mlxsw: spectrum_cnt: Reorder counter pools (Petr Machata) - nvme: add device name to warning in uuid_show() (Thomas WeiBschuh) - rtc: ftrtc010: Use platform_get_irq() to get the interrupt (Lad Prabhakar) - rtc: ftrtc010: Use platform_get_irq() to get the interrupt (Lad Prabhakar) - rtc: mt6397: check return value after calling platform_get_resource() (Yang Yingliang) - ARM: dts: aspeed: ast2600-evb: Enable RX delay for MAC0/MAC1 (Howard Chiu) - clocksource/drivers/riscv: Events are stopped during CPU suspend (Samuel Holland) - soc: rockchip: Fix refcount leak in rockchip_grf_init (Miaoqian Lin) - extcon: ptn5150: Add queue work sync before driver release (Li Jun) - ksmbd: fix reference count leak in smb_check_perm_dacl() (Xin Xiong) - coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier (Guilherme G. Piccoli) - soundwire: intel: prevent pm_runtime resume prior to system suspend (Pierre-Louis Bossart) - export: fix string handling of namespace in EXPORT_SYMBOL_NS (Greg Kroah-Hartman) - serial: sifive: Report actual baud base rather than fixed 115200 (Maciej W. Rozycki) - power: supply: axp288_fuel_gauge: Drop BIOS version check from T3 MRD DMI quirk (Hans de Goede) - phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (Johan Hovold) - misc/pvpanic: Convert regular spinlock into trylock on panic path (Guilherme G. Piccoli) - pvpanic: Fix typos in the comments (Andy Shevchenko) - rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails (Krzysztof Kozlowski) - iio: adc: sc27xx: Fine tune the scale calibration values (Cixi Geng) - iio: adc: sc27xx: fix read big scale voltage not right (Cixi Geng) - iio: proximity: vl53l0x: Fix return value check of wait_for_completion_timeout (Miaoqian Lin) - iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (Miaoqian Lin) - rpmsg: virtio: Fix the unregistration of the device rpmsg_ctrl (Arnaud Pouliquen) - rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev() (Hangyu Hua) - rpmsg: virtio: Fix possible double free in rpmsg_probe() (Hangyu Hua) - usb: typec: mux: Check dev_set_name() return value (Bjorn Andersson) - firmware: stratix10-svc: fix a missing check on list iterator (Xiaomeng Tong) - misc: fastrpc: fix an incorrect NULL check on list iterator (Xiaomeng Tong) - usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) - usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (Wesley Cheng) - rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) - pwm: raspberrypi-poe: Fix endianness in firmware struct (Uwe Kleine-Konig) - pwm: lp3943: Fix duty calculation in case period was clamped (Uwe Kleine-Konig) - staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (Christophe JAILLET) - usb: musb: Fix missing of_node_put() in omap2430_probe (Miaoqian Lin) - USB: storage: karma: fix rio_karma_init return (Lin Ma) - usb: usbip: add missing device lock on tweak configuration cmd (Niels Dossche) - usb: usbip: fix a refcount leak in stub_probe() (Hangyu Hua) - remoteproc: imx_rproc: Ignore create mem entry for resource table (Peng Fan) - tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (Sherry Sun) - serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe (Miaoqian Lin) - tty: n_tty: Restore EOF push handling behavior (Daniel Gibson) - tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (Miaoqian Lin) - tty: goldfish: Use tty_port_destroy() to destroy port (Wang Weiyang) - lkdtm/bugs: Dont expect thread termination without CONFIG_UBSAN_TRAP (Christophe Leroy) - lkdtm/bugs: Check for the NULL pointer after calling kmalloc (Jiasheng Jiang) - iio: adc: ad7124: Remove shift from scan_type (Alexandru Tachici) - staging: greybus: codecs: fix type confusion of list iterator variable (Jakob Koschel) - pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (Randy Dunlap) - LTS version: v5.15.46 (Jack Vogel) - block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (Jan Kara) - pinctrl/rockchip: support setting input-enable param (Caleb Connolly) - md: bcache: check the return value of kzalloc() in detached_dev_do_request() (Jia-Ju Bai) - md: fix double free of io_acct_set bioset (Xiao Ni) - md: Dont set mddev private to NULL in raid0 pers->free (Xiao Ni) - fs/ntfs3: Fix invalid free in log_replay (Namjae Jeon) - exportfs: support idmapped mounts (Christian Brauner) - fs: add two trivial lookup helpers (Christian Brauner) - interconnect: qcom: icc-rpmh: Add BCMs to commit list in pre_aggregate (Mike Tipton) - interconnect: qcom: sc7180: Drop IP0 interconnects (Stephen Boyd) - ext4: only allow test_dummy_encryption when supported (Eric Biggers) - MIPS: IP30: Remove incorrect cpu_has_fpu override (Maciej W. Rozycki) - MIPS: IP27: Remove incorrect cpu_has_fpu override (Maciej W. Rozycki) - RDMA/rxe: Generate a completion for unsupported/invalid opcode (Xiao Yang) - RDMA/hns: Remove the num_cqc_timer variable (Yixing Liu) - staging: r8188eu: delete rtw_wx_read/write32() (Dan Carpenter) - Revert random: use static branch for crng_ready() (Jason A. Donenfeld) - list: test: Add a test for list_is_head() (David Gow) - kseltest/cgroup: Make test_stress.sh work if run interactively (Waiman Long) - net: ipa: fix page free in ipa_endpoint_replenish_one() (Alex Elder) - net: ipa: fix page free in ipa_endpoint_trans_release() (Alex Elder) - phy: qcom-qmp: fix reset-controller leak on probe errors (Johan Hovold) - coresight: core: Fix coresight device probe failure issue (Mao Jinlong) - blk-iolatency: Fix inflight count imbalances and IO hangs on offline (Tejun Heo) - vdpasim: allow to enable a vq repeatedly (Eugenio Perez) - dt-bindings: gpio: altera: correct interrupt-cells (Dinh Nguyen) - docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (Akira Yokosawa) - SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (Steve French) - ARM: pxa: maybe fix gpio lookup tables (Arnd Bergmann) - ARM: dts: s5pv210: Remove spi-cs-high on panel in Aries (Jonathan Bakker) - phy: qcom-qmp: fix struct clk leak on probe errors (Johan Hovold) - clk: tegra: Add missing reset deassertion (Diogo Ivo) - arm64: tegra: Add missing DFLL reset on Tegra210 (Diogo Ivo) - arm64: dts: qcom: ipq8074: fix the sleep clock frequency (Kathiravan T) - gma500: fix an incorrect NULL check on list iterator (Xiaomeng Tong) - tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (Xiaomeng Tong) - serial: pch: dont overwrite xmit->buf[0] by x_char (Jiri Slaby) - bcache: avoid journal no-space deadlock by reserving 1 journal bucket (Coly Li) - bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (Coly Li) - bcache: improve multithreaded bch_sectors_dirty_init() (Coly Li) - bcache: improve multithreaded bch_btree_check() (Coly Li) - stm: ltdc: fix two incorrect NULL checks on list iterator (Xiaomeng Tong) - carl9170: tx: fix an incorrect use of list iterator (Xiaomeng Tong) - ASoC: rt5514: Fix event generation for DSP Voice Wake Up control (Mark Brown) - rtl818x: Prevent using not initialized queues (Alexander Wetzel) - xtensa/simdisk: fix proc_read_simdisk() (Yi Yang) - mm/memremap: fix missing call to untrack_pfn() in pagemap_range() (Miaohe Lin) - hugetlb: fix huge_pmd_unshare address update (Mike Kravetz) - nodemask.h: fix compilation error with GCC12 (Christophe de Dinechin) - mm/page_alloc: always attempt to allocate at least one page during bulk allocation (Mel Gorman) - Revert mm/cma.c: remove redundant cma_mutex lock (Dong Aisheng) - iommu/dma: Fix iova map result check bug (Yunfei Wang) - iommu/msm: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) - ksmbd: fix outstanding credits related bugs (Hyunchul Lee) - ftrace: Clean up hash direct_functions on register failures (Song Liu) - kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (Naveen N. Rao) - um: Fix out-of-bounds read in LDT setup (Vincent Whitchurch) - um: chan_user: Fix winch_tramp() return value (Johannes Berg) - um: Use asm-generic/dma-mapping.h (Johannes Berg) - mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (Felix Fietkau) - cfg80211: declare MODULE_FIRMWARE for regulatory.db (Dimitri John Ledkov) - thermal: devfreq_cooling: use local ops instead of global ops (Kant Fan) - irqchip: irq-xtensa-mx: fix initial IRQ affinity (Max Filippov) - irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (Pali Rohar) - csky: patch_text: Fixup last cpu should be master (Guo Ren) - mmc: core: Allows to override the timeout value for ioctl() path (Bean Huo) - RDMA/hfi1: Fix potential integer multiplication overflow errors (Dennis Dalessandro) - Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug (Sean Christopherson) - ima: remove the IMA_TEMPLATE Kconfig option (GUO Zihua) - media: coda: Add more H264 levels for CODA960 (Nicolas Dufresne) - media: coda: Fix reported H264 profile (Nicolas Dufresne) - mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N (Tokunori Ikegami) - mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (Tokunori Ikegami) - md: fix an incorrect NULL check in md_reload_sb (Xiaomeng Tong) - md: fix an incorrect NULL check in does_sb_need_changing (Xiaomeng Tong) - drm/i915/dsi: fix VBT send packet port selection for ICL+ (Jani Nikula) - drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (Brian Norris) - drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (Xiaomeng Tong) - drm/nouveau/clk: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) - drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem (Lucas Stach) - drm/nouveau/subdev/bus: Ratelimit logging for fault errors (Lyude Paul) - drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. (Dave Airlie) - landlock: Fix same-layer rule unions (Mickael Salaun) - landlock: Create find_rule() from unmask_layers() (Mickael Salaun) - landlock: Reduce the maximum number of layers to 16 (Mickael Salaun) - landlock: Define access_mask_t to enforce a consistent access mask size (Mickael Salaun) - selftests/landlock: Test landlock_create_ruleset(2) argument check ordering (Mickael Salaun) - landlock: Change landlock_restrict_self(2) check ordering (Mickael Salaun) - landlock: Change landlock_add_rule(2) argument check ordering (Mickael Salaun) - selftests/landlock: Add tests for O_PATH (Mickael Salaun) - selftests/landlock: Fully test file rename with remove access (Mickael Salaun) - selftests/landlock: Extend access right tests to directories (Mickael Salaun) - selftests/landlock: Add tests for unknown access rights (Mickael Salaun) - selftests/landlock: Extend tests for minimal valid attribute size (Mickael Salaun) - selftests/landlock: Make tests build with old libc (Mickael Salaun) - landlock: Fix landlock_add_rule(2) documentation (Mickael Salaun) - samples/landlock: Format with clang-format (Mickael Salaun) - samples/landlock: Add clang-format exceptions (Mickael Salaun) - selftests/landlock: Format with clang-format (Mickael Salaun) - selftests/landlock: Normalize array assignment (Mickael Salaun) - selftests/landlock: Add clang-format exceptions (Mickael Salaun) - landlock: Format with clang-format (Mickael Salaun) - landlock: Add clang-format exceptions (Mickael Salaun) - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (Manivannan Sadhasivam) - scsi: dc395x: Fix a missing check on list iterator (Xiaomeng Tong) - dlm: fix missing lkb refcount handling (Alexander Aring) - dlm: uninitialized variable on error in dlm_listen_for_all() (Dan Carpenter) - dlm: fix plock invalid read (Alexander Aring) - s390/stp: clock_delta should be signed (Sven Schnelle) - s390/perf: obtain sie_block from the right address (Nico Boehr) - mm, compaction: fast_find_migrateblock() should return pfn in the target zone (Rei Yamamoto) - staging: r8188eu: prevent ->Ssid overflow in rtw_wx_set_scan() (Denis Efremov) - PCI: qcom: Fix unbalanced PHY init on probe errors (Johan Hovold) - PCI: qcom: Fix runtime PM imbalance on probe errors (Johan Hovold) - PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299 (Bjorn Helgaas) - drm/amdgpu: add beige goby PCI ID (Alex Deucher) - tracing: Initialize integer variable to prevent garbage return value (Gautam Menghani) - tracing: Fix potential double free in create_var_ref() (Keita Suzuki) - tty: goldfish: Introduce gf_ioread32()/gf_iowrite32() (Laurent Vivier) - ACPI: property: Release subnode properties with data nodes (Sakari Ailus) - ext4: avoid cycles in directory h-tree (Jan Kara) - ext4: verify dir block before splitting it (Jan Kara) - ext4: fix bug_on in __es_tree_search (Baokun Li) - ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state (Theodore Tso) - ext4: fix bug_on in ext4_writepages (Ye Bin) - ext4: fix warning in ext4_handle_inode_extension (Ye Bin) - ext4: fix race condition between ext4_write and ext4_convert_inline_data (Baokun Li) - ext4: fix use-after-free in ext4_rename_dir_prepare (Ye Bin) - ext4: mark group as trimmed only if it was fully scanned (Dmitry Monakhov) - bfq: Make sure bfqg for which we are queueing requests is online (Jan Kara) - bfq: Get rid of __bio_blkcg() usage (Jan Kara) - bfq: Track whether bfq_group is still online (Jan Kara) - bfq: Remove pointless bfq_init_rq() calls (Jan Kara) - bfq: Drop pointless unlock-lock pair (Jan Kara) - bfq: Update cgroup information before merging bio (Jan Kara) - bfq: Split shared queues on move between cgroups (Jan Kara) - bfq: Avoid merging queues with different parents (Jan Kara) - bfq: Avoid false marking of bic as stably merged (Jan Kara) - efi: Do not import certificates from UEFI Secure Boot for T2 Macs (Aditya Garg) - fs-writeback: writeback_sb_inodes:Recalculate wrote according skipped pages (Zhihao Cheng) - iwlwifi: mvm: fix assert 1F04 upon reconfig (Emmanuel Grumbach) - wifi: mac80211: fix use-after-free in chanctx code (Johannes Berg) - objtool: Fix symbol creation (Peter Zijlstra) - objtool: Fix objtool regression on x32 systems (Mikulas Patocka) - f2fs: fix to do sanity check for inline inode (Chao Yu) - f2fs: fix fallocate to use file_modified to update permissions consistently (Chao Yu) - f2fs: dont use casefolded comparison for . and .. (Eric Biggers) - f2fs: fix to do sanity check on total_data_blocks (Chao Yu) - f2fs: dont need inode lock for system hidden quota (Jaegeuk Kim) - f2fs: fix deadloop in foreground GC (Chao Yu) - f2fs: fix to clear dirty inode in f2fs_evict_inode() (Chao Yu) - f2fs: fix to do sanity check on block address in f2fs_do_zero_range() (Chao Yu) - f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count() (Chao Yu) - NFSv4.1 mark qualified async operations as MOVEABLE tasks (Olga Kornievskaia) - NFS: Convert GFP_NOFS to GFP_KERNEL (Trond Myklebust) - NFS: Create a new nfs_alloc_fattr_with_label() function (Anna Schumaker) - NFS: Always initialise fattr->label in nfs_fattr_alloc() (Trond Myklebust) - video: fbdev: vesafb: Fix a use-after-free due early fb_info cleanup (Javier Martinez Canillas) - perf jevents: Fix event syntax error caused by ExtSel (Zhengjun Xing) - perf c2c: Use stdio interface if slang is not supported (Leo Yan) - perf build: Fix btf__load_from_kernel_by_id() feature check (Jiri Olsa) - i2c: rcar: fix PM ref counts in probe error paths (Kuninori Morimoto) - i2c: npcm: Handle spurious interrupts (Tali Perry) - i2c: npcm: Correct register access width (Tyrone Ting) - i2c: npcm: Fix timeout calculation (Tali Perry) - iommu/amd: Increase timeout waiting for GA log enablement (Joerg Roedel) - dmaengine: stm32-mdma: fix chan initialization in stm32_mdma_irq_handler() (Amelie Delaunay) - dmaengine: stm32-mdma: remove GISR1 register (Amelie Delaunay) - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (Miaoqian Lin) - NFS: Further fixes to the writeback error handling (Trond Myklebust) - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (Trond Myklebust) - NFS: Dont report errors from nfs_pageio_complete() more than once (Trond Myklebust) - NFS: Do not report flush errors in nfs_write_end() (Trond Myklebust) - NFS: Dont report ENOSPC write errors twice (Trond Myklebust) - NFS: fsync() should report filesystem errors over EINTR/ERESTARTSYS (Trond Myklebust) - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (Trond Myklebust) - dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (Christophe JAILLET) - i2c: at91: Initialize dma_buf in at91_twi_xfer() (Nathan Chancellor) - iommu/mediatek: Fix NULL pointer dereference when printing dev_name (Miles Chen) - MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon (Guenter Roeck) - iommu/arm-smmu-v3-sva: Fix mm use-after-free (Jean-Philippe Brucker) - cpufreq: mediatek: Unregister platform device on exit (Rex-BC Chen) - cpufreq: mediatek: Use module_init and add module_exit (Jia-Wei Chang) - i2c: at91: use dma safe buffers (Michael Walle) - iommu/mediatek: Add mutex for m4u_group and m4u_dom in data (Yong Wu) - iommu/mediatek: Remove clk_disable in mtk_iommu_remove (Yong Wu) - iommu/mediatek: Add list_del in mtk_iommu_remove (Yong Wu) - iommu/mediatek: Fix 2 HW sharing pgtable issue (Yong Wu) - iommu/amd: Enable swiotlb in all cases (Mario Limonciello) - f2fs: fix dereference of stale list iterator after loop body (Jakob Koschel) - f2fs: fix to do sanity check on inline_dots inode (Chao Yu) - f2fs: support fault injection for dquot_initialize() (Chao Yu) - OPP: call of_node_put() on error path in _bandwidth_supported() (Dan Carpenter) - Input: stmfts - do not leave device disabled in stmfts_input_open (Dmitry Torokhov) - KVM: LAPIC: Drop pending LAPIC timer injection when canceling the timer (Wanpeng Li) - RDMA/hfi1: Prevent use of lock before it is initialized (Douglas Miller) - mailbox: forward the hrtimer if not queued and under a lock (Bjorn Ardo) - nfsd: destroy percpu stats counters after reply cache shutdown (Julian Schroeder) - mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() (Yang Yingliang) - powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup (Miaoqian Lin) - powerpc/xive: Fix refcount leak in xive_spapr_init (Miaoqian Lin) - powerpc/xive: Add some error handling code to xive_spapr_init() (Christophe JAILLET) - macintosh: via-pmu and via-cuda need RTC_LIB (Randy Dunlap) - powerpc/perf: Fix the threshold compare group constraint for power9 (Kajol Jain) - powerpc/perf: Fix the threshold compare group constraint for power10 (Kajol Jain) - powerpc/64: Only WARN if __pa()/__va() called with bad addresses (Michael Ellerman) - hwrng: omap3-rom - fix using wrong clk_disable() in omap_rom_rng_runtime_resume() (Yang Yingliang) - PCI: microchip: Fix potential race in interrupt handling (Daire McNamara) - PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (Kuppuswamy Sathyanarayanan) - Input: sparcspkr - fix refcount leak in bbc_beep_probe (Miaoqian Lin) - hugetlbfs: fix hugetlbfs_statfs() locking (Mina Almasry) - ARM: dts: at91: sama7g5: remove interrupt-parent from gic node (Eugen Hristev) - crypto: cryptd - Protect per-CPU resource by disabling BH. (Sebastian Andrzej Siewior) IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-2586 CVE-2022-21385 CVE-2022-2588 CVE-2022-34918 CVE-2022-2585 CVE-2022-21546 cpe:/o:oracle:linux:9:0:baseos_patch cpe:/a:oracle:linux:8::UEKR7 cpe:/a:oracle:linux:9::UEKR7 cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2021-4206 CVE-2022-26353 CVE-2022-0216 CVE-2021-4207 cpe:/a:oracle:linux:9::kvm_utils Oracle Linux 8 Oracle Linux 9 [5.15.0-3.60.5.1] - fs: remove no_llseek (Jason A. Donenfeld) [Orabug: 34721465] - vfio: do not set FMODE_LSEEK flag (Jason A. Donenfeld) [Orabug: 34721465] - dma-buf: remove useless FMODE_LSEEK flag (Jason A. Donenfeld) [Orabug: 34721465] - fs: do not compare against ->llseek (Jason A. Donenfeld) [Orabug: 34721465] - fs: clear or set FMODE_LSEEK based on llseek function (Jason A. Donenfeld) [Orabug: 34721465] [5.15.0-3.60.5] - hwmon: (opbmc) Add support for AST2600 based Pilot (Jan Zdarek) [Orabug: 34605427] - random: Fix incorrect type for 'rc' variable (Harshit Mogalapalli) [Orabug: 34596909] [5.15.0-3.60.4] - netfilter: ebtables: reject blobs that don't provide all entry points (Florian Westphal) [Orabug: 34513977] - uek-rpm: Disable CONFIG_CRYPTO_STREEBOG (Victor Erminpour) [Orabug: 34538054] - uek-rpm: Disable CONFIG_CRYPTO_SM3 (Victor Erminpour) [Orabug: 34538054] - uek-rpm: Disable CONFIG_CRYPTO_SM4 (Victor Erminpour) [Orabug: 34538054] - af_key: Do not call xfrm_probe_algs in parallel (Herbert Xu) [Orabug: 34566751] {CVE-2022-3028} - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() (Tetsuo Handa) [Orabug: 34567776] cpus_read_lock() deadlock (Tejun Heo) [Orabug: 34567776] [5.15.0-3.60.3] - audit: annotate branch direction for audit_in_mask() (Ankur Arora) [Orabug: 34544783] - audit: cache ctx->major in audit_filter_syscall() (Ankur Arora) [Orabug: 34544783] [5.15.0-3.60.2] - LTS version: v5.15.60 (Jack Vogel) - x86/speculation: Add LFENCE to RSB fill sequence (Pawan Gupta) - x86/speculation: Add RSB VM Exit protections (Daniel Sneddon) - macintosh/adb: fix oob read in do_adb_query() function (Ning Qiang) - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3586 (Hilda Wu) - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3587 (Hilda Wu) - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0CB8:0xC558 (Hilda Wu) - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04C5:0x1675 (Hilda Wu) - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04CA:0x4007 (Hilda Wu) - Bluetooth: btusb: Add support of IMC Networks PID 0x3568 (Aaron Ma) - dt-bindings: bluetooth: broadcom: Add BCM4349B1 DT binding (Ahmad Fatoum) - Bluetooth: hci_bcm: Add DT compatible for CYW55572 (Hakan Jansson) - Bluetooth: hci_bcm: Add BCM4349B1 variant (Ahmad Fatoum) - btrfs: zoned: fix critical section of relocation inode writeback (Naohiro Aota) - btrfs: zoned: prevent allocation from previous data relocation BG (Naohiro Aota) - arm64: set UXN on swapper page tables (Peter Collingbourne) - KVM: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user() (Mingwei Zhang) - selftests: KVM: Handle compiler optimizations in ucall (Raghavendra Rao Ananta) - tools/kvm_stat: fix display of error when multiple processes are found (Dmitry Klochkov) - KVM: selftests: Make hyperv_clock selftest more stable (Vitaly Kuznetsov) - KVM: x86: do not set st->preempted when going back to user space (Paolo Bonzini) - KVM: x86: do not report a vCPU as preempted outside instruction boundaries (Paolo Bonzini) [Orabug: 34571000] {CVE-2022-39189} - crypto: arm64/poly1305 - fix a read out-of-bound (GUO Zihua) - ACPI: APEI: Better fix to avoid spamming the console with old error logs (Tony Luck) - ACPI: video: Shortening quirk list by identifying Clevo by board_name only (Werner Sembach) - ACPI: video: Force backlight native for some TongFang devices (Werner Sembach) - tools/vm/slabinfo: Handle files in debugfs (Stephane Graber) - block: fix default IO priority handling again (Jan Kara) - selftests/bpf: Check dst_port only on the client socket (Jakub Sitnicki) - selftests/bpf: Extend verifier and bpf_sock tests for dst_port loads (Jakub Sitnicki) - x86/speculation: Make all RETbleed mitigations 64-bit only (Ben Hutchings) - LTS version: v5.15.59 (Jack Vogel) - x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (Thadeu Lima de Souza Cascardo) - docs/kernel-parameters: Update descriptions for 'mitigations=' param with retbleed (Eiichi Tsukata) - EDAC/ghes: Set the DIMM label unconditionally (Toshi Kani) - ARM: 9216/1: Fix MAX_DMA_ADDRESS overflow (Florian Fainelli) - page_alloc: fix invalid watermark check on a negative value (Jaewon Kim) - mm/hmm: fault non-owner device private entries (Ralph Campbell) - ARM: crypto: comment out gcc warning that breaks clang builds (Greg Kroah-Hartman) - sctp: leave the err path free in sctp_stream_init to sctp_stream_free (Xin Long) - sfc: disable softirqs for ptp TX (Alejandro Lucero) - perf symbol: Correct address for bss symbols (Leo Yan) - virtio-net: fix the race between refill work and close (Jason Wang) - netfilter: nf_queue: do not allow packet truncation below transport header offset (Florian Westphal) - octeontx2-pf: cn10k: Fix egress ratelimit configuration (Sunil Goutham) - sctp: fix sleep in atomic context bug in timer handlers (Duoming Zhou) - i40e: Fix interface init with MSI interrupts (no MSI-X) (Michal Maloszewski) - ipv4: Fix data-races around sysctl_fib_notify_on_flag_change. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_reflect_tos. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_comp_sack_nr. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_comp_sack_slack_ns. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_comp_sack_delay_ns. (Kuniyuki Iwashima) - net: Fix data-races around sysctl_[rw]mem(_offset)?. (Kuniyuki Iwashima) - tcp: Fix data-races around sk_pacing_rate. (Kuniyuki Iwashima) - net: mld: fix reference count leak in mld_{query | report}_work() (Taehee Yoo) - net: macsec: fix potential resource leak in macsec_add_rxsa() and macsec_add_txsa() (Jianglei Nie) - macsec: always read MACSEC_SA_ATTR_PN as a u64 (Sabrina Dubroca) - macsec: limit replay window size with XPN (Sabrina Dubroca) - macsec: fix error message in macsec_add_rxsa and _txsa (Sabrina Dubroca) - macsec: fix NULL deref in macsec_add_rxsa (Sabrina Dubroca) - Documentation: fix sctp_wmem in ip-sysctl.rst (Xin Long) - tcp: Fix a data-race around sysctl_tcp_invalid_ratelimit. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_autocorking. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_min_rtt_wlen. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_min_tso_segs. (Kuniyuki Iwashima) - net: sungem_phy: Add of_node_put() for reference returned by of_get_parent() (Liang He) - net: pcs: xpcs: propagate xpcs_read error to xpcs_get_state_c37_sgmii (Vladimir Oltean) - igmp: Fix data-races around sysctl_igmp_qrv. (Kuniyuki Iwashima) - net/tls: Remove the context from the list in tls_device_down (Maxim Mikityanskiy) - ipv6/addrconf: fix a null-ptr-deref bug for ip6_ptr (Ziyang Xuan) - net: ping6: Fix memleak in ipv6_renew_options(). (Kuniyuki Iwashima) - scsi: mpt3sas: Stop fw fault watchdog work item during system shutdown (David Jeffery) - tcp: Fix a data-race around sysctl_tcp_challenge_ack_limit. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_limit_output_bytes. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_moderate_rcvbuf. (Kuniyuki Iwashima) - octeontx2-pf: Fix UDP/TCP src and dst port tc filters (Subbaraya Sundeep) - Revert 'tcp: change pingpong threshold to 3' (Wei Wang) - scsi: ufs: host: Hold reference returned by of_parse_phandle() (Liang He) - ice: do not setup vlan for loopback VSI (Maciej Fijalkowski) - ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS) (Maciej Fijalkowski) - tcp: Fix data-races around sysctl_tcp_no_ssthresh_metrics_save. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_nometrics_save. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_frto. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_adv_win_scale. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_app_win. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_dsack. (Kuniyuki Iwashima) - watch_queue: Fix missing locking in add_watch_to_object() (Linus Torvalds) - watch_queue: Fix missing rcu annotation (David Howells) - drm/simpledrm: Fix return type of simpledrm_simple_display_pipe_mode_valid() (Nathan Chancellor) - nouveau/svm: Fix to migrate all requested pages (Alistair Popple) - s390/archrandom: prevent CPACF trng invocations in interrupt context (Harald Freudenberger) - asm-generic: remove a broken and needless ifdef conditional (Lukas Bulwahn) - hugetlb: fix memoryleak in hugetlb_mcopy_atomic_pte (Miaohe Lin) - mm: fix page leak with multiple threads mapping the same page (Josef Bacik) - secretmem: fix unhandled fault in truncate (Mike Rapoport) - fs: sendfile handles O_NONBLOCK of out_fd (Andrei Vagin) - ntfs: fix use-after-free in ntfs_ucsncmp() (ChenXiaoSong) - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (Luiz Augusto von Dentz) - LTS version: v5.15.58 (Jack Vogel) - drm/amd/display: Fix wrong format specifier in amdgpu_dm.c (Hayden Goodfellow) - x86/entry_32: Fix segment exceptions (Peter Zijlstra) - drm/amdgpu: Off by one in dm_dmub_outbox1_low_irq() (Dan Carpenter) - x86: drop bogus 'cc' clobber from __try_cmpxchg_user_asm() (Jan Beulich) - KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness (Maxim Levitsky) - x86/extable: Prefer local labels in .set directives (Nick Desaulniers) - drm/amd/display: invalid parameter check in dmub_hpd_callback (Jose Exposito) - drm/amd/display: Don't lock connection_mutex for DMUB HPD (Nicholas Kazlauskas) - watch-queue: remove spurious double semicolon (Linus Torvalds) - net: usb: ax88179_178a needs FLAG_SEND_ZLP (Jose Alonso) - tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() (Jiri Slaby) - tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push() (Jiri Slaby) - tty: drop tty_schedule_flip() (Jiri Slaby) - tty: the rest, stop using tty_schedule_flip() (Jiri Slaby) - tty: drivers/tty/, stop using tty_schedule_flip() (Jiri Slaby) - watchqueue: make sure to serialize 'wqueue->defunct' properly (Linus Torvalds) - drm/amd/display: Fix surface optimization regression on Carrizo (Nicholas Kazlauskas) - drm/amd/display: Optimize bandwidth on following fast update (Nicholas Kazlauskas) - drm/amd/display: Reset DMCUB before HW init (Nicholas Kazlauskas) - exfat: use updated exfat_chain directly during renaming (Sungjong Seo) - Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks (Luiz Augusto von Dentz) - Bluetooth: SCO: Fix sco_send_frame returning skb->len (Luiz Augusto von Dentz) - Bluetooth: Fix passing NULL to PTR_ERR (Luiz Augusto von Dentz) - Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg (Luiz Augusto von Dentz) - Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg (Luiz Augusto von Dentz) - Bluetooth: Add bt_skb_sendmmsg helper (Luiz Augusto von Dentz) - Bluetooth: Add bt_skb_sendmsg helper (Luiz Augusto von Dentz) - um: virtio_uml: Fix broken device handling in time-travel (Johannes Berg) - um: virtio_uml: Allow probing from devicetree (Vincent Whitchurch) - tracing: Fix return value of trace_pid_write() (Wonhyuk Yang) - tracing: Place trace_pid_list logic into abstract functions (Steven Rostedt (VMware)) - tracing: Have event format check not flag %p* on __get_dynamic_array() (Steven Rostedt (Google)) - exfat: fix referencing wrong parent directory information after renaming (Yuezhang Mo) - crypto: qat - re-enable registration of algorithms (Giovanni Cabiddu) - crypto: qat - add param check for DH (Giovanni Cabiddu) - crypto: qat - add param check for RSA (Giovanni Cabiddu) - crypto: qat - remove dma_free_coherent() for DH (Giovanni Cabiddu) - crypto: qat - remove dma_free_coherent() for RSA (Giovanni Cabiddu) - crypto: qat - fix memory leak in RSA (Giovanni Cabiddu) - crypto: qat - add backlog mechanism (Giovanni Cabiddu) - crypto: qat - refactor submission logic (Giovanni Cabiddu) - crypto: qat - use pre-allocated buffers in datapath (Giovanni Cabiddu) - crypto: qat - set to zero DH parameters before free (Giovanni Cabiddu) - iwlwifi: fw: uefi: add missing include guards (Johannes Berg) - mt76: fix use-after-free by removing a non-RCU wcid pointer (Felix Fietkau) - xhci: Set HCD flag to defer primary roothub registration (Kishon Vijay Abraham I) - xhci: dbc: Rename xhci_dbc_init and xhci_dbc_exit (Mathias Nyman) - xhci: dbc: create and remove dbc structure in dbgtty driver. (Mathias Nyman) - xhci: dbc: refactor xhci_dbc_init() (Mathias Nyman) - KVM: x86: Use __try_cmpxchg_user() to emulate atomic accesses (Sean Christopherson) - x86/extable: Extend extable functionality (Peter Zijlstra) - x86/entry_32: Remove .fixup usage (Peter Zijlstra) - bitfield.h: Fix 'type of reg too small for mask' test (Peter Zijlstra) - x86/extable: Provide EX_TYPE_DEFAULT_MCE_SAFE and EX_TYPE_FAULT_MCE_SAFE (Thomas Gleixner) - x86/extable: Rework the exception table mechanics (Thomas Gleixner) - x86/mce: Deduplicate exception handling (Thomas Gleixner) - x86/extable: Get rid of redundant macros (Thomas Gleixner) - x86/extable: Tidy up redundant handler functions (Thomas Gleixner) - x86/uaccess: Implement macros for CMPXCHG on user addresses (Peter Zijlstra) - dlm: fix pending remove if msg allocation fails (Alexander Aring) - sched/deadline: Fix BUG_ON condition for deboosted tasks (Juri Lelli) - bpf: Make sure mac_header was set before using it (Eric Dumazet) - mm/mempolicy: fix uninit-value in mpol_rebind_policy() (Wang Cheng) - KVM: Don't null dereference ops->destroy (Alexey Kardashevskiy) - spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA transfers (Marc Kleine-Budde) - KVM: selftests: Fix target thread to be migrated in rseq_test (Gavin Shan) - gpio: gpio-xilinx: Fix integer overflow (Srinivas Neeli) - tcp: Fix data-races around sysctl_tcp_max_reordering. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_abort_on_overflow. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_rfc1337. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_stdurg. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_retrans_collapse. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_slow_start_after_idle. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_recovery. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_early_retrans. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl knobs related to SYN option. (Kuniyuki Iwashima) - udp: Fix a data-race around sysctl_udp_l3mdev_accept. (Kuniyuki Iwashima) - ip: Fix data-races around sysctl_ip_prot_sock. (Kuniyuki Iwashima) - ipv4: Fix data-races around sysctl_fib_multipath_hash_fields. (Kuniyuki Iwashima) - ipv4: Fix data-races around sysctl_fib_multipath_hash_policy. (Kuniyuki Iwashima) - ipv4: Fix a data-race around sysctl_fib_multipath_use_neigh. (Kuniyuki Iwashima) - drm/imx/dcss: Add missing of_node_put() in fail path (Liang He) - net: dsa: vitesse-vsc73xx: silent spi_device_id warnings (Oleksij Rempel) - net: dsa: sja1105: silent spi_device_id warnings (Oleksij Rempel) - be2net: Fix buffer overflow in be_get_module_eeprom (Hristo Venev) - gpio: pca953x: use the correct register address when regcache sync during init (Haibo Chen) - gpio: pca953x: use the correct range when do regmap sync (Haibo Chen) - gpio: pca953x: only use single read/write for No AI mode (Haibo Chen) - net: stmmac: remove redunctant disable xPCS EEE call (Wong Vee Khee) - ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (Piotr Skajewski) - i40e: Fix erroneous adapter reinitialization during recovery process (Dawid Lukwinski) - pinctrl: armada-37xx: use raw spinlocks for regmap to avoid invalid wait context (Vladimir Oltean) - pinctrl: armada-37xx: Convert to use dev_err_probe() (Andy Shevchenko) - pinctrl: armada-37xx: Make use of the devm_platform_ioremap_resource() (Andy Shevchenko) - pinctrl: armada-37xx: Use temporary variable for struct device (Andy Shevchenko) - iavf: Fix handling of dummy receive descriptors (Przemyslaw Patynowski) - tcp: Fix data-races around sysctl_tcp_fastopen_blackhole_timeout. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_fastopen. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_max_syn_backlog. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_tw_reuse. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_notsent_lowat. (Kuniyuki Iwashima) - tcp: Fix data-races around some timeout sysctl knobs. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_reordering. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_migrate_req. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_syncookies. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_syn(ack)?_retries. (Kuniyuki Iwashima) - tcp: Fix data-races around keepalive sysctl knobs. (Kuniyuki Iwashima) - igmp: Fix data-races around sysctl_igmp_max_msf. (Kuniyuki Iwashima) - igmp: Fix a data-race around sysctl_igmp_max_memberships. (Kuniyuki Iwashima) - igmp: Fix data-races around sysctl_igmp_llm_reports. (Kuniyuki Iwashima) - net/tls: Fix race in TLS device down flow (Tariq Toukan) - net: stmmac: fix dma queue left shift overflow issue (Junxiao Chang) - perf tests: Fix Convert perf time to TSC test for hybrid (Adrian Hunter) - i2c: cadence: Change large transfer count reset logic to be unconditional (Robert Hancock) - i2c: mlxcpld: Fix register setting for 400KHz frequency (Vadim Pasternak) - net: ipv4: use kfree_skb_reason() in ip_rcv_finish_core() (Menglong Dong) - net: ipv4: use kfree_skb_reason() in ip_rcv_core() (Menglong Dong) - net: netfilter: use kfree_drop_reason() for NF_DROP (Menglong Dong) - net: skb_drop_reason: add document for drop reasons (Menglong Dong) - net: socket: rename SKB_DROP_REASON_SOCKET_FILTER (Menglong Dong) - net: skb: use kfree_skb_reason() in __udp4_lib_rcv() (Menglong Dong) - net: skb: use kfree_skb_reason() in tcp_v4_rcv() (Menglong Dong) - net: skb: introduce kfree_skb_reason() (Menglong Dong) - net: dsa: microchip: ksz_common: Fix refcount leak bug (Liang He) - mtd: rawnand: gpmi: Set WAIT_FOR_READY timeout based on program/erase times (Sascha Hauer) - mtd: rawnand: gpmi: validate controller clock rate (Dario Binacchi) - net: stmmac: fix unbalanced ptp clock issue in suspend/resume flow (Biao Huang) - net: stmmac: fix pm runtime issue in stmmac_dvr_remove() (Biao Huang) - tcp: Fix a data-race around sysctl_tcp_probe_interval. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_probe_threshold. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_mtu_probe_floor. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_min_snd_mss. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_base_mss. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_mtu_probing. (Kuniyuki Iwashima) - tcp: Fix data-races around sysctl_tcp_l3mdev_accept. (Kuniyuki Iwashima) - tcp: sk->sk_bound_dev_if once in inet_request_bound_dev_if() (Eric Dumazet) - tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept. (Kuniyuki Iwashima) - ip: Fix a data-race around sysctl_fwmark_reflect. (Kuniyuki Iwashima) - ip: Fix a data-race around sysctl_ip_autobind_reuse. (Kuniyuki Iwashima) - ip: Fix data-races around sysctl_ip_nonlocal_bind. (Kuniyuki Iwashima) - ip: Fix data-races around sysctl_ip_fwd_update_priority. (Kuniyuki Iwashima) - ip: Fix data-races around sysctl_ip_fwd_use_pmtu. (Kuniyuki Iwashima) - ip: Fix data-races around sysctl_ip_no_pmtu_disc. (Kuniyuki Iwashima) - igc: Reinstate IGC_REMOVED logic and implement it properly (Lennert Buytenhek) - Revert 'e1000e: Fix possible HW unit hang after an s0ix exit' (Sasha Neftin) - e1000e: Enable GPT clock before sending message to CSME (Sasha Neftin) - nvme: fix block device naming collision (Israel Rukshin) - nvme: check for duplicate identifiers earlier (Christoph Hellwig) - scsi: ufs: core: Drop loglevel of WriteBoost message (Bjorn Andersson) - scsi: megaraid: Clear READ queue map's nr_queues (Ming Lei) - drm/amd/display: Ignore First MST Sideband Message Return Error (Fangzhi Zuo) - drm/amdgpu/display: add quirk handling for stutter mode (Alex Deucher) - drm/amd/display: Fork thread to offload work of hpd_rx_irq (Wayne Lin) - drm/amd/display: Add option to defer works of hpd_rx_irq (Wayne Lin) - drm/amd/display: Support for DMUB HPD interrupt handling (Jude Shih) - tcp: Fix data-races around sysctl_tcp_ecn. (Kuniyuki Iwashima) - sysctl: move some boundary constants from sysctl.c to sysctl_vals (Xiaoming Ni) - mm/pagealloc: sysctl: change watermark_scale_factor max limit to 30% (Suren Baghdasaryan) - net: tun: split run_ebpf_filter() and pskb_trim() into different 'if statement' (Dongli Zhang) - ipv4/tcp: do not use per netns ctl sockets (Eric Dumazet) - perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() (Peter Zijlstra) - pinctrl: ralink: Check for null return of devm_kcalloc (William Dean) - pinctrl: ralink: rename pinctrl-rt2880 to pinctrl-ralink (Arinc UNAL) - pinctrl: ralink: rename MT7628(an) functions to MT76X8 (Arinc UNAL) - RDMA/irdma: Fix sleep from invalid context BUG (Mustafa Ismail) - RDMA/irdma: Do not advertise 1GB page size for x722 (Mustafa Ismail) - power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (Miaoqian Lin) - xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() (Hangyu Hua) - ip: Fix data-races around sysctl_ip_default_ttl. (Kuniyuki Iwashima) - r8152: fix a WOL issue (Hayes Wang) - xfs: fix perag reference leak on iteration race with growfs (Brian Foster) - xfs: terminate perag iteration reliably on agcount (Brian Foster) - xfs: rename the next_agno perag iteration variable (Brian Foster) - xfs: fold perag loop iteration logic into helper function (Brian Foster) - xfs: fix maxlevels comparisons in the btree staging code (Darrick J. Wong) - mt76: mt7921: Fix the error handling path of mt7921_pci_probe() (Christophe JAILLET) - mt76: mt7921e: fix possible probe failure after reboot (Sean Wang) - mt76: mt7921: use physical addr to unify register access (Sean Wang) - Revert 'mt76: mt7921e: fix possible probe failure after reboot' (Sean Wang) - Revert 'mt76: mt7921: Fix the error handling path of mt7921_pci_probe()' (Sean Wang) - batman-adv: Use netif_rx_any_context() any. (Sebastian Andrzej Siewior) - serial: mvebu-uart: correctly report configured baudrate value (Pali Rohar) - PCI: hv: Fix interrupt mapping for multi-MSI (Jeffrey Hugo) - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (Jeffrey Hugo) - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (Jeffrey Hugo) - PCI: hv: Fix multi-MSI to allow more than one MSI vector (Jeffrey Hugo) - Revert 'selftest/vm: verify mmap addr in mremap_test' (Oleksandr Tymoshenko) - Revert 'selftest/vm: verify remap destination address in mremap_test' (Oleksandr Tymoshenko) - bus: mhi: host: pci_generic: add Telit FN990 (Daniele Palmas) - bus: mhi: host: pci_generic: add Telit FN980 v1 hardware revision (Daniele Palmas) - drm/ttm: fix locking in vmap/vunmap TTM GEM helpers (Christian Konig) - mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication (Ido Schimmel) - riscv: add as-options for modules with assembly compontents (Ben Dooks) - pinctrl: stm32: fix optional IRQ support to gpios (Fabien Dessenne) - LTS version: v5.15.57 (Jack Vogel) - x86: Use -mindirect-branch-cs-prefix for RETPOLINE builds (Peter Zijlstra) - um: Add missing apply_returns() (Peter Zijlstra) - x86/asm/32: Fix ANNOTATE_UNRET_SAFE use on 32-bit (Jiri Slaby) - x86/xen: Fix initialisation in hypercall_page after rethunk (Ben Hutchings) - x86/static_call: Serialize __static_call_fixup() properly (Thomas Gleixner) - x86/speculation: Disable RRSBA behavior (Pawan Gupta) - x86/kexec: Disable RET on kexec (Konrad Rzeszutek Wilk) - x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported (Thadeu Lima de Souza Cascardo) - x86/entry: Move PUSH_AND_CLEAR_REGS() back into error_entry (Peter Zijlstra) - x86/bugs: Add Cannon lake to RETBleed affected CPU list (Pawan Gupta) - x86/retbleed: Add fine grained Kconfig knobs (Peter Zijlstra) - objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (Josh Poimboeuf) - objtool: Add entry UNRET validation (Peter Zijlstra) - x86/xen: Add UNTRAIN_RET (Peter Zijlstra) - intel_idle: Disable IBRS during long idle (Peter Zijlstra) - x86: Add magic AMD return-thunk (Peter Zijlstra) - x86/entry: Avoid very early RET (Peter Zijlstra) - x86/ftrace: Use alternative RET encoding (Peter Zijlstra) - objtool: skip non-text sections when adding return-thunk sites (Thadeu Lima de Souza Cascardo) - bpf,x86: Respect X86_FEATURE_RETPOLINE* (Peter Zijlstra) - bpf,x86: Simplify computing label offsets (Peter Zijlstra) - x86/alternative: Add debug prints to apply_retpolines() (Peter Zijlstra) - x86/alternative: Try inline spectre_v2=retpoline,amd (Peter Zijlstra) - x86/alternative: Handle Jcc __x86_indirect_thunk_ eg (Peter Zijlstra) - x86/alternative: Implement .retpoline_sites support (Peter Zijlstra) - x86/retpoline: Create a retpoline thunk array (Peter Zijlstra) - x86/retpoline: Move the retpoline thunk declarations to nospec-branch.h (Peter Zijlstra) - x86/asm: Fixup odd GEN-for-each-reg.h usage (Peter Zijlstra) - x86/asm: Fix register order (Peter Zijlstra) - x86/retpoline: Remove unused replacement symbols (Peter Zijlstra) - objtool: Introduce CFI hash (Peter Zijlstra) - objtool,x86: Replace alternatives with .retpoline_sites (Peter Zijlstra) - objtool: Shrink struct instruction (Peter Zijlstra) - objtool: Explicitly avoid self modifying code in .altinstr_replacement (Peter Zijlstra) - objtool: Fix SLS validation for kcov tail-call replacement (Peter Zijlstra) - objtool: Classify symbols (Peter Zijlstra) - x86/entry: Don't call error_entry() for XENPV (Lai Jiangshan) - x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (Lai Jiangshan) - x86/entry: Switch the stack after error_entry() returns (Lai Jiangshan) - x86/traps: Use pt_regs directly in fixup_bad_iret() (Lai Jiangshan) - LTS version: v5.15.56 (Jack Vogel) - drm/aperture: Run fbdev removal before internal helpers (Thomas Zimmermann) - x86/pat: Fix x86_has_pat_wp() (Juergen Gross) - serial: 8250: Fix PM usage_count for console handover (Ilpo Jarvinen) - serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (Ilpo Jarvinen) - serial: stm32: Clear prev values before setting RTS delays (Ilpo Jarvinen) - serial: 8250: fix return error code in serial8250_request_std_resource() (Yi Yang) - vt: fix memory overlapping when deleting chars in the buffer (Yangxi Xiang) - tty: serial: samsung_tty: set dma burst_size to 1 (Chanho Park) - usb: dwc3: gadget: Fix event pending check (Thinh Nguyen) - usb: typec: add missing uevent when partner support PD (Linyu Yuan) - USB: serial: ftdi_sio: add Belimo device ids (Lucien Buchmann) - signal handling: don't use BUG_ON() for debugging (Linus Torvalds) - nvme-pci: phison e16 has bogus namespace ids (Keith Busch) - ALSA: usb-audio: Add quirk for Fiero SC-01 (fw v1.0.0) (Egor Vorontsov) - ALSA: usb-audio: Add quirk for Fiero SC-01 (Egor Vorontsov) - ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices (John Veness) - Revert 'can: xilinx_can: Limit CANFD brp to 2' (Srinivas Neeli) - ARM: dts: stm32: use the correct clock source for CEC on stm32mp151 (Gabriel Fernandez) - soc: ixp4xx/npe: Fix unused match warning (Linus Walleij) - x86: Clear .brk area at early boot (Juergen Gross) - irqchip: or1k-pic: Undefine mask_ack for level triggered hardware (Stafford Horne) - ASoC: madera: Fix event generation for rate controls (Charles Keepax) - ASoC: madera: Fix event generation for OUT1 demux (Charles Keepax) - ASoC: cs47l15: Fix event generation for low power mux control (Charles Keepax) - ASoC: dapm: Initialise kcontrol data for mux/demux controls (Charles Keepax) - ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error (Shuming Fan) - ASoC: wm5110: Fix DRE control (Charles Keepax) - ASoC: Intel: bytcr_wm5102: Fix GPIO related probe-ordering problem (Hans de Goede) - ASoC: wcd938x: Fix event generation for some controls (Mark Brown) - ASoC: SOF: Intel: hda-loader: Clarify the cl_dsp_init() flow (Peter Ujfalusi) - ASoC: codecs: rt700/rt711/rt711-sdca: initialize workqueues in probe (Pierre-Louis Bossart) - ASoC: rt7*-sdw: harden jack_detect_handler (Pierre-Louis Bossart) - ASoC: rt711: fix calibrate mutex initialization (Pierre-Louis Bossart) - ASoC: Intel: sof_sdw: handle errors on card registration (Pierre-Louis Bossart) - ASoC: rt711-sdca-sdw: fix calibrate mutex initialization (Pierre-Louis Bossart) - ASoC: Realtek/Maxim SoundWire codecs: disable pm_runtime on remove (Pierre-Louis Bossart) - pinctrl: aspeed: Fix potential NULL dereference in aspeed_pinmux_set_mux() (Haowen Bai) - ASoC: ops: Fix off by one in range control validation (Mark Brown) - net: sfp: fix memory leak in sfp_probe() (Jianglei Nie) - nvme: fix regression when disconnect a recovering ctrl (Ruozhu Li) - nvme-tcp: always fail a request when sending it failed (Sagi Grimberg) - NFC: nxp-nci: don't print header length mismatch on i2c error (Michael Walle) - net: tipc: fix possible refcount leak in tipc_sk_create() (Hangyu Hua) - fbdev: Disable sysfb device registration when removing conflicting FBs (Javier Martinez Canillas) - firmware: sysfb: Add sysfb_disable() helper function (Javier Martinez Canillas) - firmware: sysfb: Make sysfb_create_simplefb() return a pdev pointer (Javier Martinez Canillas) - platform/x86: hp-wmi: Ignore Sanitization Mode event (Kai-Heng Feng) - cpufreq: pmac32-cpufreq: Fix refcount leak bug (Liang He) - scsi: hisi_sas: Limit max hw sectors for v3 HW (John Garry) - netfilter: br_netfilter: do not skip all hooks with 0 priority (Florian Westphal) - virtio_mmio: Restore guest page size on resume (Stephan Gerhold) - virtio_mmio: Add missing PM calls to freeze/restore (Stephan Gerhold) - vduse: Tie vduse mgmtdev and its device (Parav Pandit) - vdpa/mlx5: Initialize CVQ vringh only once (Eli Cohen) - powerpc/xive/spapr: correct bitmap allocation size (Nathan Lynch) - ksmbd: use SOCK_NONBLOCK type for kernel_accept() (Namjae Jeon) - btrfs: zoned: fix a leaked bioc in read_zone_info (Christoph Hellwig) - btrfs: rename btrfs_bio to btrfs_io_context (Qu Wenruo) - mm: sysctl: fix missing numa_stat when !CONFIG_HUGETLB_PAGE (Muchun Song) - ACPI: video: Fix acpi_video_handles_brightness_key_presses() (Hans de Goede) - net/tls: Check for errors in tls_device_init (Tariq Toukan) - KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op() (Vitaly Kuznetsov) - net: atlantic: remove aq_nic_deinit() when resume (Chia-Lin Kao (AceLan)) - net: atlantic: remove deep parameter on suspend/resume functions (Chia-Lin Kao (AceLan)) - sfc: fix kernel panic when creating VF (Inigo Huguet) - seg6: bpf: fix skb checksum in bpf_push_seg6_encap() (Andrea Mayer) - seg6: fix skb checksum in SRv6 End.B6 and End.B6.Encaps behaviors (Andrea Mayer) - seg6: fix skb checksum evaluation in SRH encapsulation/insertion (Andrea Mayer) - ceph: switch netfs read ops to use rreq->inode instead of rreq->mapping->host (Jeff Layton) - sfc: fix use after free when disabling sriov (Inigo Huguet) - drm/amd/pm: Prevent divide by zero (Yefim Barashkin) - drm/amd/display: Only use depth 36 bpp linebuffers on DCN display engines. (Mario Kleiner) - ima: Fix potential memory leak in ima_init_crypto() (Jianglei Nie) - ima: force signature verification when CONFIG_KEXEC_SIG is configured (Coiby Xu) - net: stmmac: fix leaks in probe (Dan Carpenter) - net: ftgmac100: Hold reference returned by of_get_child_by_name() (Liang He) - nexthop: Fix data-races around nexthop_compat_mode. (Kuniyuki Iwashima) - ipv4: Fix data-races around sysctl_ip_dynaddr. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_ecn_fallback. (Kuniyuki Iwashima) - raw: Fix a data-race around sysctl_raw_l3mdev_accept. (Kuniyuki Iwashima) - icmp: Fix a data-race around sysctl_icmp_ratemask. (Kuniyuki Iwashima) - icmp: Fix a data-race around sysctl_icmp_ratelimit. (Kuniyuki Iwashima) - icmp: Fix a data-race around sysctl_icmp_errors_use_inbound_ifaddr. (Kuniyuki Iwashima) - icmp: Fix a data-race around sysctl_icmp_ignore_bogus_error_responses. (Kuniyuki Iwashima) - icmp: Fix data-races around sysctl_icmp_echo_enable_probe. (Kuniyuki Iwashima) - sysctl: Fix data-races in proc_dointvec_ms_jiffies(). (Kuniyuki Iwashima) - sysctl: Fix data-races in proc_dou8vec_minmax(). (Kuniyuki Iwashima) - bnxt_en: Fix bnxt_refclk_read() (Pavan Chebbi) - bnxt_en: Fix bnxt_reinit_after_abort() code path (Michael Chan) - drm/i915: Require the vm mutex for i915_vma_bind() (Thomas Hellstrom) - drm/i915/uc: correctly track uc_fw init failure (Daniele Ceraolo Spurio) - drm/i915/gt: Serialize TLB invalidates with GT resets (Chris Wilson) - drm/i915/gt: Serialize GRDOM access between multiple engine resets (Chris Wilson) - drm/i915/dg2: Add Wa_22011100796 (Bruce Chang) - drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (Dan Carpenter) - tracing: Fix sleeping while atomic in kdb ftdump (Douglas Anderson) - lockd: fix nlm_close_files (Jeff Layton) - lockd: set fl_owner when unlocking files (Jeff Layton) - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (Demi Marie Obenour) - drm/i915/gvt: IS_ERR() vs NULL bug in intel_gvt_update_reg_whitelist() (Dan Carpenter) - netfilter: nf_tables: replace BUG_ON by element length check (Pablo Neira Ayuso) - netfilter: nf_log: incorrect offset to network header (Pablo Neira Ayuso) - arm64: dts: broadcom: bcm4908: Fix cpu node for smp boot (William Zhang) - arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC (William Zhang) - ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero (Michal Suchanek) - ARM: dts: at91: sama5d2: Fix typo in i2s1 node (Ryan Wanner) - ipv4: Fix a data-race around sysctl_fib_sync_mem. (Kuniyuki Iwashima) - icmp: Fix data-races around sysctl. (Kuniyuki Iwashima) - cipso: Fix data-races around sysctl. (Kuniyuki Iwashima) - net: Fix data-races around sysctl_mem. (Kuniyuki Iwashima) - inetpeer: Fix data-races around sysctl. (Kuniyuki Iwashima) - tcp: Fix a data-race around sysctl_tcp_max_orphans. (Kuniyuki Iwashima) - sysctl: Fix data races in proc_dointvec_jiffies(). (Kuniyuki Iwashima) - sysctl: Fix data races in proc_doulongvec_minmax(). (Kuniyuki Iwashima) - sysctl: Fix data races in proc_douintvec_minmax(). (Kuniyuki Iwashima) - sysctl: Fix data races in proc_dointvec_minmax(). (Kuniyuki Iwashima) - sysctl: Fix data races in proc_douintvec(). (Kuniyuki Iwashima) - sysctl: Fix data races in proc_dointvec(). (Kuniyuki Iwashima) - net: ethernet: ti: am65-cpsw: Fix devlink port register sequence (Siddharth Vadapalli) - net: stmmac: dwc-qos: Disable split header for Tegra194 (Jon Hunter) - ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array (Peter Ujfalusi) - ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks() (Peter Ujfalusi) - ASoC: tas2764: Fix amp gain register offset & default (Hector Martin) - ASoC: tas2764: Correct playback volume range (Hector Martin) - ASoC: tas2764: Fix and extend FSYNC polarity handling (Martin Poviser) - ASoC: tas2764: Add post reset delays (Martin Poviser) - ASoC: sgtl5000: Fix noise on shutdown/remove (Francesco Dolcini) - ima: Fix a potential integer overflow in ima_appraise_measurement (Huaxin Lu) - drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() (Hangyu Hua) - net/mlx5e: Ring the TX doorbell on DMA errors (Maxim Mikityanskiy) - net/mlx5e: Fix capability check for updating vnic env counters (Gal Pressman) - net/mlx5e: Fix enabling sriov while tc nic rules are offloaded (Paul Blakey) - net/mlx5e: kTLS, Fix build time constant test in RX (Tariq Toukan) - net/mlx5e: kTLS, Fix build time constant test in TX (Tariq Toukan) - ARM: 9210/1: Mark the FDT_FIXED sections as shareable (Zhen Lei) - ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle (Ard Biesheuvel) - spi: amd: Limit max transfer and message size (Cristian Ciocaltea) - ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count (Kris Bahnsen) - reset: Fix devm bulk optional exclusive control getter (Serge Semin) - xfs: drop async cache flushes from CIL commits. (Dave Chinner) - xfs: don't include bnobt blocks when reserving free block pool (Darrick J. Wong) - Revert 'evm: Fix memleak in init_desc' (Xiu Jianfeng) - sh: convert nommu io{re,un}map() to static inline functions (Geert Uytterhoeven) - nilfs2: fix incorrect masking of permission flags for symlinks (Ryusuke Konishi) - fs/remap: constrain dedupe of EOF blocks (Dave Chinner) - drm/panfrost: Fix shrinker list corruption by madvise IOCTL (Dmitry Osipenko) - drm/panfrost: Put mapping instead of shmem obj on panfrost_mmu_map_fault_addr() error (Dmitry Osipenko) - btrfs: return -EAGAIN for NOWAIT dio reads/writes on compressed and inline extents (Filipe Manana) - cgroup: Use separate src/dst nodes when preloading css_sets for migration (Tejun Heo) - wifi: mac80211: fix queue selection for mesh/OCB interfaces (Felix Fietkau) - ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction (Ard Biesheuvel) - ARM: 9213/1: Print message about disabled Spectre workarounds only once (Dmitry Osipenko) - ip: fix dflt addr selection for connected nexthop (Nicolas Dichtel) - net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (Steven Rostedt (Google)) - tracing/histograms: Fix memory leak problem (Zheng Yejian) - mm: split huge PUD on wp_huge_pud fallback (Gowans, James) - mm: userfaultfd: fix UFFDIO_CONTINUE on fallocated shmem pages (Axel Rasmussen) - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (Juergen Gross) - ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop (Meng Tang) - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 (Meng Tang) - ALSA: hda/realtek: fix mute/micmute LEDs for HP machines (Jeremy Szu) - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (Meng Tang) - ALSA: hda/realtek: Fix headset mic for Acer SF313-51 (Meng Tang) - ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (Meng Tang) - ALSA: hda - Add fixup for Dell Latitidue E5430 (Meng Tang) - LTS version: v5.15.55 (Jack Vogel) - Revert 'mtd: rawnand: gpmi: Fix setting busy timeout setting' (Greg Kroah-Hartman) - LTS version: v5.15.54 (Jack Vogel) - selftests/net: fix section name when using xdp_dummy.o (Hangbin Liu) - dmaengine: idxd: force wq context cleanup on device disable path (Dave Jiang) - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (Miaoqian Lin) - dmaengine: qcom: bam_dma: fix runtime PM underflow (Caleb Connolly) - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (Miaoqian Lin) - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (Michael Walle) - dmaengine: lgm: Fix an error handling path in intel_ldma_probe() (Christophe JAILLET) - dmaengine: pl330: Fix lockdep warning about non-static key (Dmitry Osipenko) - ida: don't use BUG_ON() for debugging (Linus Torvalds) - dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo (Samuel Holland) - Revert 'serial: 8250_mtk: Make sure to select the right FEATURE_SEL' (AngeloGioacchino Del Regno) - Revert 'mm/memory-failure.c: fix race with changing page compound again' (Naoya Horiguchi) - misc: rtsx_usb: set return value in rsp_buf alloc err path (Shuah Khan) - misc: rtsx_usb: use separate command and response buffers (Shuah Khan) - misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (Shuah Khan) - dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (Peter Robinson) - i2c: cadence: Unregister the clk notifier in error path (Satish Nagireddy) - r8169: fix accessing unset transport header (Heiner Kallweit) - selftests: forwarding: fix error message in learning_test (Vladimir Oltean) - selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT (Vladimir Oltean) - selftests: forwarding: fix flood_unicast_test when h2 supports IFF_UNICAST_FLT (Vladimir Oltean) - ibmvnic: Properly dispose of all skbs during a failover. (Rick Lindsley) - ARM: dts: stm32: add missing usbh clock and fix clk order on stm32mp15 (Fabrice Gasnier) - ARM: dts: stm32: use usbphyc ck_usbo_48m as USBH OHCI clock on stm32mp151 (Amelie Delaunay) - i40e: Fix VF's MAC Address change on VM (Norbert Zulinski) - i40e: Fix dropped jumbo frames statistics (Lukasz Cieplicki) - i2c: piix4: Fix a memory leak in the EFCH MMIO support (Jean Delvare) - xsk: Clear page contiguity bit when unmapping pool (Ivan Malov) - ARM: at91: fix soc detection for SAM9X60 SiPs (Mihai Sain) - ARM: dts: at91: sama5d2_icp: fix eeprom compatibles (Eugen Hristev) - ARM: dts: at91: sam9x60ek: fix eeprom compatible and size (Eugen Hristev) - ARM: at91: pm: use proper compatibles for sama7g5's rtc and rtt (Claudiu Beznea) - ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt (Claudiu Beznea) - ARM: at91: pm: use proper compatible for sama5d2's rtc (Claudiu Beznea) - arm64: dts: qcom: msm8992-*: Fix vdd_lvs1_2-supply typo (Stephan Gerhold) - pinctrl: sunxi: sunxi_pconf_set: use correct offset (Andrei Lalaev) - arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc settings (Peng Fan) - arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad settings (Peng Fan) - arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad settings (Peng Fan) - arm64: dts: imx8mp-evk: correct I2C3 pad settings (Peng Fan) - arm64: dts: imx8mp-evk: correct I2C1 pad settings (Peng Fan) - arm64: dts: imx8mp-evk: correct eqos pad settings (Peng Fan) - arm64: dts: imx8mp-evk: correct vbus pad settings (Peng Fan) - arm64: dts: imx8mp-evk: correct gpio-led pad settings (Peng Fan) - arm64: dts: imx8mp-evk: correct the uart2 pinctl value (Sherry Sun) - arm64: dts: imx8mp-evk: correct mmc pad settings (Peng Fan) - ARM: mxs_defconfig: Enable the framebuffer (Fabio Estevam) - arm64: dts: qcom: sdm845: use dispcc AHB clock for mdss node (Dmitry Baryshkov) - arm64: dts: qcom: msm8994: Fix CPU6/7 reg values (Konrad Dybcio) - ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in .set_jack_detect (Pierre-Louis Bossart) - ASoC: rt711-sdca: Add endianness flag in snd_soc_component_driver (Charles Keepax) - ASoC: rt711: Add endianness flag in snd_soc_component_driver (Charles Keepax) - pinctrl: sunxi: a83t: Fix NAND function name for some pins (Samuel Holland) - ARM: meson: Fix refcount leak in meson_smp_prepare_cpus (Miaoqian Lin) - tty: n_gsm: fix encoding of command/response bit (daniel.starke@siemens.com) - btrfs: fix use of uninitialized variable at rm device ioctl (Tom Rix) - virtio-blk: modify the value type of num in virtio_queue_rq() (Ye Guojin) - btrfs: fix error pointer dereference in btrfs_ioctl_rm_dev_v2() (Dan Carpenter) - Revert 'serial: sc16is7xx: Clear RS485 bits in the shutdown' (Hui Wang) - can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits (Jimmy Assarsson) - can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression (Jimmy Assarsson) - can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info (Jimmy Assarsson) - net: dsa: qca8k: reset cpu port on MTU change (Christian Marangi) - powerpc/powernv: delay rng platform device creation until later in boot (Jason A. Donenfeld) - video: of_display_timing.h: include errno.h (Hsin-Yi Wang) - memregion: Fix memregion_free() fallback definition (Dan Williams) - PM: runtime: Redefine pm_runtime_release_supplier() (Rafael J. Wysocki) - fbcon: Prevent that screen size is smaller than font size (Helge Deller) - fbcon: Disallow setting font bigger than screen size (Helge Deller) - fbmem: Check virtual screen sizes in fb_set_var() (Helge Deller) - fbdev: fbmem: Fix logo center image dx issue (Guiling Deng) - iommu/vt-d: Fix PCI bus rescan device hot add (Yian Chen) - module: fix [e_shstrndx].sh_size=0 OOB access (Alexey Dobriyan) - module: change to print useful messages from elf_validity_check() (Shuah Khan) - dt-bindings: soc: qcom: smd-rpm: Fix missing MSM8936 compatible (Bryan O'Donoghue) - dt-bindings: soc: qcom: smd-rpm: Add compatible for MSM8953 SoC (Vladimir Lypak) - rxrpc: Fix locking issue (David Howells) - irqchip/gic-v3: Refactor ISB + EOIR at ack time (Mark Rutland) - irqchip/gic-v3: Ensure pseudo-NMIs have an ISB between ack and handling (Mark Rutland) - io_uring: avoid io-wq -EAGAIN looping for !IOPOLL (Pavel Begunkov) - Bluetooth: btmtksdio: fix use-after-free at btmtksdio_recv_event (Sean Wang) - Bluetooth: protect le accept and resolv lists with hdev->lock (Niels Dossche) - drm/mediatek: Add vblank register/unregister callback functions (Rex-BC Chen) - drm/mediatek: Add cmdq_handle in mtk_crtc (Chun-Kuang Hu) - drm/mediatek: Detect CMDQ execution timeout (Chun-Kuang Hu) - drm/mediatek: Remove the pointer of struct cmdq_client (Chun-Kuang Hu) - drm/mediatek: Use mailbox rx_callback instead of cmdq_task_cb (Chun-Kuang Hu) - drm/i915: Fix a race between vma / object destruction and unbinding (Thomas Hellstrom) - drm/amdgpu: vi: disable ASPM on Intel Alder Lake based systems (Richard Gong) - drm/amd: Refactor amdgpu_aspm to be evaluated per device (Mario Limonciello) - tty: n_gsm: fix invalid gsmtty_write_room() result (Daniel Starke) - serial: 8250_mtk: Make sure to select the right FEATURE_SEL (AngeloGioacchino Del Regno) - tty: n_gsm: fix sometimes uninitialized warning in gsm_dlci_modem_output() (Daniel Starke) - tty: n_gsm: fix invalid use of MSC in advanced option (Daniel Starke) - mm/hwpoison: fix race between hugetlb free/demotion and memory_failure_hugetlb() (Naoya Horiguchi) - mm/memory-failure.c: fix race with changing page compound again (Miaohe Lin) - mm/hwpoison: avoid the impact of hwpoison_filter() return value on mce handler (luofei) - mm/hwpoison: mf_mutex for soft offline and unpoison (Naoya Horiguchi) - KVM: Initialize debugfs_dentry when a VM is created to avoid NULL deref (Sean Christopherson) - btrfs: zoned: use dedicated lock for data relocation (Naohiro Aota) - btrfs: zoned: encapsulate inode locking for zoned relocation (Johannes Thumshirn) - tty: n_gsm: fix missing update of modem controls after DLCI open (Daniel Starke) - ALSA: usb-audio: add mapping for MSI MAG X570S Torpedo MAX. (Maurizio Avogadro) - ALSA: usb-audio: add mapping for MSI MPG X570S Carbon Max Wifi. (Johannes Schickel) - tty: n_gsm: fix frame reception handling (Daniel Starke) - tty: n_gsm: Save dlci address open status when config requester (Zhenguo Zhao) - tty: n_gsm: Modify CR,PF bit when config requester (Zhenguo Zhao) - KVM: Don't create VM debugfs files outside of the VM directory (Oliver Upton) - drm/amd/vcn: fix an error msg on vcn 3.0 (tiancyin) - ASoC: rt5682: fix an incorrect NULL check on list iterator (Xiaomeng Tong) - ASoC: rt5682: move clk related code to rt5682_i2c_probe (Jack Yu) - uapi/linux/stddef.h: Add include guards (Tadeusz Struk) - stddef: Introduce DECLARE_FLEX_ARRAY() helper (Kees Cook) - bus: mhi: Fix pm_state conversion to string (Paul Davey) - bus: mhi: core: Use correctly sized arguments for bit field (Kees Cook) - serial: sc16is7xx: Clear RS485 bits in the shutdown (Hui Wang) - powerpc/tm: Fix more userspace r13 corruption (Nicholas Piggin) - powerpc: flexible GPR range save/restore macros (Nicholas Piggin) - powerpc/32: Don't use lmw/stmw for saving/restoring non volatile regs (Christophe Leroy) - scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test (Arun Easi) - KVM: s390x: fix SCK locking (Claudio Imbrenda) - btrfs: don't access possibly stale fs_info data in device_list_add (Dongliang Mu) - KVM: use __vcalloc for very large allocations (Paolo Bonzini) - mm: vmalloc: introduce array allocation functions (Paolo Bonzini) - Compiler Attributes: add __alloc_size() for better bounds checking (Kees Cook) - mtd: spi-nor: Skip erase logic when SPI_NOR_NO_ERASE is set (Tudor Ambarus) - batman-adv: Use netif_rx(). (Sebastian Andrzej Siewior) - iio: accel: mma8452: use the correct logic to get mma8452_data (Haibo Chen) - riscv/mm: Add XIP_FIXUP for riscv_pfn_base (Palmer Dabbelt) - NFSD: COMMIT operations must not return NFS?ERR_INVAL (Chuck Lever) - NFSD: De-duplicate net_generic(nf->nf_net, nfsd_net_id) (Chuck Lever) - drm/amd/display: Fix by adding FPU protection for dcn30_internal_validate_bw (CHANDAN VURDIGERE NATARAJ) - drm/amd/display: Set min dcfclk if pipe count is 0 (Michael Strauss) - drbd: fix an invalid memory access caused by incorrect use of list iterator (Xiaomeng Tong) - drbd: Fix double free problem in drbd_create_device (Wu Bo) - drbd: add error handling support for add_disk() (Luis Chamberlain) - btrfs: remove device item and update super block in the same transaction (Qu Wenruo) - btrfs: use btrfs_get_dev_args_from_path in dev removal ioctls (Josef Bacik) - btrfs: add a btrfs_get_dev_args_from_path helper (Josef Bacik) - btrfs: handle device lookup with btrfs_dev_lookup_args (Josef Bacik) - vdpa/mlx5: Avoid processing works if workqueue was destroyed (Eli Cohen) - gfs2: Fix gfs2_file_buffered_write endless loop workaround (Andreas Gruenbacher) - scsi: qla2xxx: Fix crash during module load unload test (Arun Easi) - scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe (Quinn Tran) - scsi: qla2xxx: Fix laggy FC remote port session recovery (Quinn Tran) - scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue (Manish Rangankar) - KVM: x86/mmu: Use common TDP MMU zap helper for MMU notifier unmap hook (Sean Christopherson) - KVM: x86/mmu: Use yield-safe TDP MMU root iter in MMU notifier unmapping (Sean Christopherson) - clk: renesas: r9a07g044: Update multiplier and divider values for PLL2/3 (Lad Prabhakar) - cxl/port: Hold port reference until decoder release (Dan Williams) - mt76: mt7921: do not always disable fw runtime-pm (Lorenzo Bianconi) - mt76: mt76_connac: fix MCU_CE_CMD_SET_ROC definition error (Sean Wang) - media: davinci: vpif: fix use-after-free on driver unbind (Johan Hovold) - media: omap3isp: Use struct_group() for memcpy() region (Kees Cook) - stddef: Introduce struct_group() helper macro (Kees Cook) - block: fix rq-qos breakage from skipping rq_qos_done_bio() (Tejun Heo) - block: only mark bio as tracked if it really is tracked (Jens Axboe) - block: use bdev_get_queue() in bio.c (Pavel Begunkov) - io_uring: ensure that fsnotify is always called (Jens Axboe) - virtio-blk: avoid preallocating big SGL for data (Max Gurtovoy) - ibmvnic: Allow queueing resets during probe (Sukadev Bhattiprolu) - ibmvnic: clear fop when retrying probe (Sukadev Bhattiprolu) - ibmvnic: init init_done_rc earlier (Sukadev Bhattiprolu) - s390/setup: preserve memory at OLDMEM_BASE and OLDMEM_SIZE (Alexander Egorenkov) - s390/setup: use physical pointers for memblock_reserve() (Alexander Gordeev) - s390/boot: allocate amode31 section in decompressor (Alexander Gordeev) - netfilter: nft_payload: don't allow th access for fragments (Florian Westphal) - netfilter: nft_payload: support for inner header matching / mangling (Pablo Neira Ayuso) - netfilter: nf_tables: convert pktinfo->tprot_set to flags field (Pablo Neira Ayuso) - ASoC: rt5682: Fix deadlock on resume (Peter Ujfalusi) - ASoC: rt5682: Re-detect the combo jack after resuming (Derek Fang) - ASoC: rt5682: Avoid the unexpected IRQ event during going to suspend (Derek Fang) - net/mlx5e: TC, Reject rules with forward and drop actions (Roi Dayan) - net/mlx5e: TC, Reject rules with drop and modify hdr action (Roi Dayan) - net/mlx5e: Split actions_match_supported() into a sub function (Roi Dayan) - net/mlx5e: Check action fwd/drop flag exists also for nic flows (Roi Dayan) - RISC-V: defconfigs: Set CONFIG_FB=y, for FB console (Palmer Dabbelt) - riscv: defconfig: enable DRM_NOUVEAU (Heinrich Schuchardt) - bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (Hou Tao) - bpf: Stop caching subprog index in the bpf_pseudo_func insn (Martin KaFai Lau) - mt76: mt7921: fix a possible race enabling/disabling runtime-pm (Lorenzo Bianconi) - mt76: mt7921: introduce mt7921_mcu_set_beacon_filter utility routine (Lorenzo Bianconi) - mt76: mt7921: get rid of mt7921_mac_set_beacon_filter (Lorenzo Bianconi) - platform/x86: wmi: Fix driver->notify() vs ->probe() race (Hans de Goede) - platform/x86: wmi: Replace read_takes_no_args with a flags field (Hans de Goede) - platform/x86: wmi: introduce helper to convert driver to WMI driver (Barnabas Pocze) - qed: Improve the stack space of filter_config() (Shai Malin) - ath11k: add hw_param for wakeup_mhi (Seevalamuthu Mariappan) - memory: renesas-rpc-if: Avoid unaligned bus access for HyperFlash (Andrew Gabbasov) - media: ir_toy: prevent device from hanging during transmit (Sean Young) - PCI: pciehp: Ignore Link Down/Up caused by error-induced Hot Reset (Lukas Wunner) - PCI/portdrv: Rename pm_iter() to pcie_port_device_iter() (Lukas Wunner) - drm/i915: Replace the unconditional clflush with drm_clflush_virt_range() (Ville Syrjala) - drm/i915/gt: Register the migrate contexts with their engines (Thomas Hellstrom) - drm/i915: Disable bonding on gen12+ platforms (Matthew Brost) - btrfs: fix deadlock between chunk allocation and chunk btree modifications (Filipe Manana) - dma-buf/poll: Get a file reference for outstanding fence callbacks (Michel Danzer) - Input: goodix - try not to touch the reset-pin on x86/ACPI devices (Hans de Goede) - Input: goodix - refactor reset handling (Hans de Goede) - Input: goodix - add a goodix.h header file (Hans de Goede) - Input: goodix - change goodix_i2c_write() len parameter type to int (Hans de Goede) - Input: cpcap-pwrbutton - handle errors from platform_get_irq() (Tang Bin) - btrfs: fix warning when freeing leaf after subvolume creation failure (Filipe Manana) - btrfs: fix invalid delayed ref after subvolume creation failure (Filipe Manana) - btrfs: add additional parameters to btrfs_init_tree_ref/btrfs_init_data_ref (Nikolay Borisov) - btrfs: rename btrfs_alloc_chunk to btrfs_create_chunk (Nikolay Borisov) - netfilter: nft_set_pipapo: release elements in clone from abort path (Pablo Neira Ayuso) - net: rose: fix UAF bug caused by rose_t0timer_expiry (Duoming Zhou) - usbnet: fix memory leak in error case (Oliver Neukum) - bpf: Fix insufficient bounds propagation from adjust_scalar_min_max_vals (Daniel Borkmann) - bpf: Fix incorrect verifier simulation around jmp32's jeq/jne (Daniel Borkmann) - can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround broken CRC on TBC register (Thomas Kopp) - can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround handling for mcp2517fd (Thomas Kopp) - can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp to full 32 bits (Marc Kleine-Budde) - can: m_can: m_can_chip_config(): actually enable internal timestamping (Marc Kleine-Budde) - can: gs_usb: gs_usb_open/close(): fix memory leak (Rhett Aultman) - can: grcan: grcan_probe(): remove extra of_node_get() (Liang He) - can: bcm: use call_rcu() instead of costly synchronize_rcu() (Oliver Hartkopp) - ALSA: cs46xx: Fix missing snd_card_free() call at probe error (Takashi Iwai) - ALSA: hda/realtek: Add quirk for Clevo L140PU (Tim Crawford) - ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD (Takashi Iwai) - Revert 'selftests/bpf: Add test for bpf_timer overwriting crash' (Po-Hsu Lin) - mm/filemap: fix UAF in find_lock_entries (Liu Shixin) - mm/slub: add missing TID updates on slab deactivation (Jann Horn) - LTS version: v5.15.53 (Jack Vogel) - hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails (Yang Yingliang) - hwmon: (occ) Prevent power cap command overwriting poll response (Eddie James) - hwmon: (occ) Remove sequence numbering and checksum calculation (Eddie James) - drm/fourcc: fix integer type usage in uapi header (Carlos Llamas) - platform/x86: panasonic-laptop: filter out duplicate volume up/down/mute keypresses (Hans de Goede) - platform/x86: panasonic-laptop: don't report duplicate brightness key-presses (Hans de Goede) - platform/x86: panasonic-laptop: revert 'Resolve hotkey double trigger bug' (Hans de Goede) - platform/x86: panasonic-laptop: sort includes alphabetically (Hans de Goede) - platform/x86: panasonic-laptop: de-obfuscate button codes (Stefan Seyfried) - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (Liang He) - drm/msm/gem: Fix error return on fence id alloc fail (Rob Clark) - drm/i915/gem: add missing else (katrinzhou) - net: fix IFF_TX_SKB_NO_LINEAR definition (Dan Carpenter) - fsi: occ: Force sequence numbering per OCC (Eddie James) - clocksource/drivers/ixp4xx: remove EXPORT_SYMBOL_GPL from ixp4xx_timer_setup() (Greg Kroah-Hartman) - net: usb: qmi_wwan: add Telit 0x1070 composition (Daniele Palmas) - xen/arm: Fix race in RB-tree based P2M accounting (Oleksandr Tyshchenko) - xen-netfront: restore __skb_queue_tail() positioning in xennet_get_responses() (Jan Beulich) - xen/blkfront: force data bouncing when backend is untrusted (Roger Pau Monne) - xen/netfront: force data bouncing when backend is untrusted (Roger Pau Monne) - xen/netfront: fix leaking data in shared pages (Roger Pau Monne) - xen/blkfront: fix leaking data in shared pages (Roger Pau Monne) - selftests/rseq: Change type of rseq_offset to ptrdiff_t (Mathieu Desnoyers) - selftests/rseq: x86-32: use %gs segment selector for accessing rseq thread area (Mathieu Desnoyers) - selftests/rseq: x86-64: use %fs segment selector for accessing rseq thread area (Mathieu Desnoyers) - selftests/rseq: Fix: work-around asm goto compiler bugs (Mathieu Desnoyers) - selftests/rseq: Remove arm/mips asm goto compiler work-around (Mathieu Desnoyers) - selftests/rseq: Fix warnings about #if checks of undefined tokens (Mathieu Desnoyers) - selftests/rseq: Fix ppc32 offsets by using long rather than off_t (Mathieu Desnoyers) - selftests/rseq: Fix ppc32 missing instruction selection 'u' and 'x' for load/store (Mathieu Desnoyers) - selftests/rseq: Fix ppc32: wrong rseq_cs 32-bit field pointer on big endian (Mathieu Desnoyers) - selftests/rseq: Uplift rseq selftests for compatibility with glibc-2.35 (Mathieu Desnoyers) - selftests/rseq: Introduce thread pointer getters (Mathieu Desnoyers) - selftests/rseq: Introduce rseq_get_abi() helper (Mathieu Desnoyers) - selftests/rseq: Remove volatile from __rseq_abi (Mathieu Desnoyers) - selftests/rseq: Remove useless assignment to cpu variable (Mathieu Desnoyers) - selftests/rseq: introduce own copy of rseq uapi header (Mathieu Desnoyers) - selftests/rseq: remove ARRAY_SIZE define from individual tests (Shuah Khan) - selftests/bpf: Add test_verifier support to fixup kfunc call insns (Kumar Kartikeya Dwivedi) - tcp: add a missing nf_reset_ct() in 3WHS handling (Eric Dumazet) - MAINTAINERS: add Leah as xfs maintainer for 5.15.y (Leah Rumancik) - net: tun: avoid disabling NAPI twice (Jakub Kicinski) - mlxsw: spectrum_router: Fix rollback in tunnel next hop init (Petr Machata) - ipv6: fix lockdep splat in in6_dump_addrs() (Eric Dumazet) - ipv6/sit: fix ipip6_tunnel_get_prl return value (katrinzhou) - tunnels: do not assume mac header is set in skb_tunnel_check_pmtu() (Eric Dumazet) - ACPI: video: Change how we determine if brightness key-presses are handled (Hans de Goede) - io_uring: ensure that send/sendmsg and recv/recvmsg check sqe->ioprio (Jens Axboe) - epic100: fix use after free on rmmod (Tong Zhang) - tipc: move bc link creation back to tipc_node_create (Xin Long) - NFC: nxp-nci: Don't issue a zero length i2c_master_read() (Michael Walle) - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) - powerpc/memhotplug: Add add_pages override for PPC (Aneesh Kumar K.V) - net: bonding: fix use-after-free after 802.3ad slave unbind (Yevhen Orlov) - net: phy: ax88772a: fix lost pause advertisement configuration (Oleksij Rempel) - net: bonding: fix possible NULL deref in rlb code (Eric Dumazet) - net: asix: fix 'can't send until first packet is send' issue (Oleksij Rempel) - net/sched: act_api: Notify user space if any actions were flushed before error (Victor Nogueira) - net/dsa/hirschmann: Add missing of_node_get() in hellcreek_led_setup() (Liang He) - netfilter: nft_dynset: restore set element counter when failing to update (Pablo Neira Ayuso) - s390: remove unneeded 'select BUILD_BIN2C' (Masahiro Yamada) - vdpa/mlx5: Update Control VQ callback information (Eli Cohen) - PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events (Miaoqian Lin) - caif_virtio: fix race between virtio_device_ready() and ndo_open() (Jason Wang) - vfs: fix copy_file_range() regression in cross-fs copies (Amir Goldstein) - NFSD: restore EINVAL error translation in nfsd_commit() (Alexey Khoroshilov) - net: ipv6: unexport __init-annotated seg6_hmac_net_init() (YueHaibing) - selftests: mptcp: more stable diag tests (Paolo Abeni) - usbnet: fix memory allocation in helpers (Oliver Neukum) - net: usb: asix: do not force pause frames support (Oleksij Rempel) - linux/dim: Fix divide by 0 in RDMA DIM (Tao Liu) - RDMA/cm: Fix memory leak in ib_cm_insert_listen (Miaoqian Lin) - RDMA/qedr: Fix reporting QP timeout attribute (Kamal Heib) - net: dp83822: disable rx error interrupt (Enguerrand de Ribaucourt) - net: dp83822: disable false carrier interrupt (Enguerrand de Ribaucourt) - net: tun: stop NAPI when detaching queues (Jakub Kicinski) - net: tun: unlink NAPI from device on destruction (Jakub Kicinski) - net: dsa: bcm_sf2: force pause link settings (Doug Berger) - selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test (Dimitris Michailidis) - virtio-net: fix race between ndo_open() and virtio_device_ready() (Jason Wang) - net: usb: ax88179_178a: Fix packet receiving (Jose Alonso) - net: rose: fix UAF bugs caused by timer handler (Duoming Zhou) - SUNRPC: Fix READ_PLUS crasher (Chuck Lever) - s390/archrandom: simplify back to earlier design and initialize earlier (Jason A. Donenfeld) - dm raid: fix KASAN warning in raid5_add_disks (Mikulas Patocka) - dm raid: fix accesses beyond end of raid member array (Heinz Mauelshagen) - powerpc/bpf: Fix use of user_pt_regs in uapi (Naveen N. Rao) - powerpc/book3e: Fix PUD allocation size in map_kernel_page() (Christophe Leroy) - powerpc/prom_init: Fix kernel config grep (Liam Howlett) - nvdimm: Fix badblocks clear off-by-one error (Chris Ye) - nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA IM2P33F8ABR1 (Lamarque Vieira Souza) - nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA XPG SX6000LNP (AKA SPECTRIX S40G) (Pablo Greco) - net: phy: Don't trigger state machine while in suspend (Lukas Wunner) - ipv6: take care of disable_policy when restoring routes (Nicolas Dichtel) - ksmbd: use vfs_llseek instead of dereferencing NULL (Jason A. Donenfeld) - ksmbd: check invalid FileOffset and BeyondFinalZero in FSCTL_ZERO_DATA (Namjae Jeon) - ksmbd: set the range of bytes to zero without extending file size in FSCTL_ZERO_DATA (Namjae Jeon) - drm/amdgpu: To flush tlb for MMHUB of RAVEN series (Ruili Ji) - Revert 'drm/amdgpu/display: set vblank_disable_immediate for DC' (Alex Deucher) - cpufreq:cppc_cpufreq: prevent crash on reading freqdomain_cpus (chris hyser) [Orabug: 34327463] - vmcoreinfo: add kallsyms_num_syms symbol (Stephen Brennan) [Orabug: 34475877] - vmcoreinfo: include kallsyms symbols (Stephen Brennan) [Orabug: 34475877] - kallsyms: move declarations to internal header (Stephen Brennan) [Orabug: 34475877] - Revert 'KVM: x86: Print error code in exception injection tracepoint iff valid' (Sherry Yang) [Orabug: 34539458] - uek-rpm: Enable IMA_APPRAISE_SB_BOOTPARAM (Eric Snowberg) [Orabug: 34549007] - integrity: Allow ima_appraise bootparam to be set when SB is enabled (Eric Snowberg) [Orabug: 34549007] - net/mlx5: E-Switch, change VFs default admin state to auto in switchdev (Maor Dickman) [Orabug: 34533007] - Revert 'net/mlx5: E-Switch, change VFs default admin state to auto in switchdev' (Devesh Sharma) [Orabug: 34532946] - uek-rpm: Install kernel-rpm-macros as build dependency (Somasundaram Krishnasamy) [Orabug: 34529696] [5.15.0-3.52.1] - rds: ib: Fix lfstack to acquire visibility to list head (Hakon Bugge) [Orabug: 34522536] - locking/atomic: Make test_and_*_bit() ordered on failure (Hector Martin) [Orabug: 34520178] - intel_idle: make SPR C1 and C1E be independent (Artem Bityutskiy) [Orabug: 34510397] - intel_idle: Add AlderLake support (Zhang Rui) [Orabug: 34510397] - intel_idle: Fix SPR C6 optimization (Artem Bityutskiy) [Orabug: 34510397] - intel_idle: Fix the 'preferred_cstates' module parameter (Artem Bityutskiy) [Orabug: 34510397] - cpuidle: intel_idle: Drop redundant backslash at line end (Rafael J. Wysocki) [Orabug: 34510397] - mlx4: Subscribe to PXM notifier (Konrad Rzeszutek Wilk) [Orabug: 27206634] [Orabug: 34509446] - xen/pci: Add PXM node notifier for PXM (NUMA) changes. (Konrad Rzeszutek Wilk) [Orabug: 27206634] [Orabug: 34509446] - xen/pcifront: Walk the PCI bus after XenStore notification (Konrad Rzeszutek Wilk) [Orabug: 27206634] [Orabug: 34509446] - xen-pcifront/hvm: Slurp up 'pxm' entry and set NUMA node on PCIe device. (V5) (Konrad Rzeszutek Wilk) [Orabug: 34509446] - scsi: core: Fix warning in scsi_alloc_sgtables() (Jason Yan) [Orabug: 33857787] IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-3028 cpe:/o:oracle:linux:9:1:baseos_base cpe:/o:oracle:linux:9:0:baseos_patch cpe:/a:oracle:linux:8::UEKR7 cpe:/a:oracle:linux:9::UEKR7 cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-32215 CVE-2022-21619 CVE-2022-32214 CVE-2022-32212 CVE-2022-21626 CVE-2022-21624 CVE-2022-32213 CVE-2022-35256 CVE-2022-35255 CVE-2022-2097 CVE-2022-21618 CVE-2022-21628 CVE-2022-32222 CVE-2022-39399 cpe:/a:oracle:linux:9::graalvm_community Oracle Linux 9 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-32214 CVE-2022-32212 CVE-2022-21618 CVE-2022-2097 CVE-2022-35256 CVE-2022-39399 CVE-2022-21628 CVE-2022-21624 CVE-2022-21626 CVE-2022-32215 CVE-2022-21619 CVE-2022-32222 CVE-2022-32213 CVE-2022-35255 cpe:/a:oracle:linux:9::graalvm_community Oracle Linux 9 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-32222 CVE-2022-39399 CVE-2022-2097 CVE-2022-21618 CVE-2022-21619 CVE-2022-21626 CVE-2022-32212 CVE-2022-21624 CVE-2022-35256 CVE-2022-32214 CVE-2022-35255 CVE-2022-21628 CVE-2022-32213 CVE-2022-32215 cpe:/a:oracle:linux:9::graalvm_community Oracle Linux 9 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-21628 CVE-2022-21624 CVE-2022-35256 CVE-2022-32214 CVE-2022-21626 CVE-2022-21619 CVE-2022-2097 CVE-2022-32215 CVE-2022-32212 CVE-2022-21618 CVE-2022-32213 CVE-2022-39399 CVE-2022-35255 CVE-2022-32222 cpe:/a:oracle:linux:9::graalvm_community Oracle Linux 9 [3.0.1-41.0.3] - Add units tests for CVE-2022-3786, CVE-2022-3602 patches [3.0.1-41.0.2] - Fix CVE-2022-3786, CVE-2022-3602 [3.0.1-41.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.1-41] - Zeroize public keys as required by FIPS 140-3 Resolves: rhbz#2115861 - Add FIPS indicator for HKDF Resolves: rhbz#2118388 [1:3.0.1-40] - Deal with DH keys in FIPS mode according FIPS-140-3 requirements Related: rhbz#2115856 - Deal with ECDH keys in FIPS mode according FIPS-140-3 requirements Related: rhbz#2115857 - Use signature for RSA pairwise test according FIPS-140-3 requirements Related: rhbz#2115858 - Reseed all the parent DRBGs in chain on reseeding a DRBG Related: rhbz#2115859 - Zeroization according to FIPS-140-3 requirements Related: rhbz#2115861 [1:3.0.1-39] - Use RSA-OAEP in FIPS RSA encryption/decryption FIPS self-test - Use Use digest_sign & digest_verify in FIPS signature self test - Use FFDHE2048 in Diffie-Hellman FIPS self-test Resolves: rhbz#2112978 [1:3.0.1-38] - Fix segfault in EVP_PKEY_Q_keygen() when OpenSSL was not previously initialized. Resolves: rhbz#2107530 - Improve AES-GCM performance on Power9 and Power10 ppc64le Resolves: rhbz#2103044 - Improve ChaCha20 performance on Power10 ppc64le Resolves: rhbz#2103044 [1:3.0.1-37] - CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 Resolves: CVE-2022-2097 [1:3.0.1-36] - Ciphersuites with RSAPSK KX should be filterd in FIPS mode - Related: rhbz#2091994 - FIPS provider should block RSA encryption for key transport. - Other RSA encryption options should still be available if key length is enough - Related: rhbz#2091977 - Improve diagnostics when passing unsupported groups in TLS - Related: rhbz#2086554 - Fix PPC64 Montgomery multiplication bug - Related: rhbz#2101346 - Strict certificates validation shouldn't allow explicit EC parameters - Related: rhbz#2085521 - CVE-2022-2068: the c_rehash script allows command injection - Related: rhbz#2098276 [1:3.0.1-35] - Add explicit indicators for signatures in FIPS mode and mark signature primitives as unapproved. Resolves: rhbz#2087234 [1:3.0.1-34] - Some OpenSSL test certificates are expired, updating - Resolves: rhbz#2095696 [1:3.0.1-33] - CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory - Resolves: rhbz#2089443 - CVE-2022-1343 openssl: Signer certificate verification returned inaccurate response when using OCSP_NOCHECKS - Resolves: rhbz#2089439 - CVE-2022-1292 openssl: c_rehash script allows command injection - Resolves: rhbz#2090361 - Revert 'Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode' Related: rhbz#2087234 - Use KAT for ECDSA signature tests, s390 arch - Resolves: rhbz#2086866 [1:3.0.1-32] - openssl ecparam -list_curves lists only FIPS-approved curves in FIPS mode - Resolves: rhbz#2091929 - Ciphersuites with RSA KX should be filterd in FIPS mode - Related: rhbz#2091994 - In FIPS mode, signature verification works with keys of arbitrary size above 2048 bit, and only with 1024, 1280, 1536, 1792 bits for keys below 2048 bits - Resolves: rhbz#2091938 [1:3.0.1-31] - Disable SHA-1 signature verification in FIPS mode - Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode Resolves: rhbz#2087234 [1:3.0.1-30] - Use KAT for ECDSA signature tests - Resolves: rhbz#2086866 [1:3.0.1-29] - -config argument of openssl app should work properly in FIPS mode - Resolves: rhbz#2085500 - openssl req defaults on PKCS#8 encryption changed to AES-256-CBC - Resolves: rhbz#2085499 [1:3.0.1-28] - OpenSSL should not accept custom elliptic curve parameters - Resolves rhbz#2085508 - OpenSSL should not accept explicit curve parameters in FIPS mode - Resolves rhbz#2085521 [1:3.0.1-27] - Change FIPS module version to include hash of specfile, patches and sources Resolves: rhbz#2082585 [1:3.0.1-26] - OpenSSL FIPS module should not build in non-approved algorithms Resolves: rhbz#2082584 [1:3.0.1-25] - FIPS provider should block RSA encryption for key transport. - Other RSA encryption options should still be available - Resolves: rhbz#2053289 [1:3.0.1-24] - Fix occasional internal error in TLS when DHE is used Resolves: rhbz#2080323 [1:3.0.1-23] - Update missing initialization patch with feedback from upstream Resolves: rhbz#2076654 [1:3.0.1-22] - Invocation of the missing initialization - Resolves: rhbz#2076654 [1:3.0.1-21] - Fix openssl curl error with LANG=tr_TR.utf8 - Resolves: rhbz#2076654 [1:3.0.1-20] - Fix acceptance of SHA-1 certificates with rh-allow-sha1-signatures = yes when no OpenSSL library context is set - Resolves: rhbz#2063306 [1:3.0.1-19] - Fix TLS connections with SHA1 signatures if rh-allow-sha1-signatures = yes - Resolves: rhbz#2063306 [1:3.0.1-18] - CVE-2022-0778 fix - Resolves: rhbz#2062314 [1:3.0.1-15.1] - Fix invocation of EVP_PKEY_CTX_set_rsa_padding(RSA_PKCS1_PSS_PADDING) before setting an allowed digest with EVP_PKEY_CTX_set_signature_md() - Resolves: rhbz#2061607 [1:3.0.1-14.1] - Allow SHA1 in SECLEVEL 2 if rh-allow-sha1-signatures = yes - Resolves: rhbz#2031742 [1:3.0.1-14] - Prevent use of SHA1 with ECDSA - Resolves: rhbz#2031742 [1:3.0.1-13] - OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters - Resolves: rhbz#1977867 [1:3.0.1-12] - Support KBKDF (NIST SP800-108) with an R value of 8bits - Resolves: rhbz#2027261 [1:3.0.1-11] - Allow SHA1 usage in MGF1 for RSASSA-PSS signatures - Resolves: rhbz#2031742 [1:3.0.1-10] - rebuilt [1:3.0.1-9] - Allow SHA1 usage in HMAC in TLS - Resolves: rhbz#2031742 [1:3.0.1-8] - OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters - Resolves: rhbz#1977867 - pkcs12 export broken in FIPS mode - Resolves: rhbz#2049265 [1:3.0.1-8] - Disable SHA1 signature creation and verification by default - Set rh-allow-sha1-signatures = yes to re-enable - Resolves: rhbz#2031742 [1:3.0.1-7] - s_server: correctly handle 2^14 byte long records - Resolves: rhbz#2042011 [1:3.0.1-6] - Adjust FIPS provider version - Related: rhbz#2026445 [1:3.0.1-5] - On the s390x, zeroize all the copies of TLS premaster secret - Related: rhbz#2040448 [1:3.0.1-4] - rebuilt [1:3.0.1-3] - KATS tests should be executed before HMAC verification - Restoring fips=yes for SHA1 - Related: rhbz#2026445, rhbz#2041994 [1:3.0.1-2] - Add enable-buildtest-c++ to the configure options. - Related: rhbz#1990814 [1:3.0.1-1] - Rebase to upstream version 3.0.1 - Fixes CVE-2021-4044 Invalid handling of X509_verify_cert() internal errors in libssl - Resolves: rhbz#2038910, rhbz#2035148 [1:3.0.0-7] - Remove algorithms we don't plan to certify from fips module - Remove native fipsmodule.cnf - Related: rhbz#2026445 [1:3.0.0-6] - openssl speed should run in FIPS mode - Related: rhbz#1977318 [1:3.0.0-5] - rebuilt for spec cleanup - Related: rhbz#1985362 [1:3.0.0-4] - Embed FIPS HMAC in fips.so - Enforce loading FIPS provider when FIPS kernel flag is on - Related: rhbz#1985362 [1:3.0.0-3] - Fix memory leak in s_client - Related: rhbz#1996092 [1:3.0.0-2] - Avoid double-free on error seeding the RNG. - KTLS and FIPS may interfere, so tests need to be tuned - Resolves: rhbz#1952844, rhbz#1961643 [1:3.0.0-1] - Rebase to upstream version 3.0.0 - Related: rhbz#1990814 [1:3.0.0-0.beta2.7] - Removes the dual-abi build as it not required anymore. The mass rebuild was completed and all packages are rebuilt against Beta version. - Resolves: rhbz#1984097 [1:3.0.0-0.beta2.6] - Correctly process CMS reading from /dev/stdin - Resolves: rhbz#1986315 [3.0.0-0.beta2.5] - Add instruction for loading legacy provider in openssl.cnf - Resolves: rhbz#1975836 [3.0.0-0.beta2.4] - Adds support for IDEA encryption. - Resolves: rhbz#1990602 [3.0.0-0.beta2.3] - Fixes core dump in openssl req -modulus - Fixes 'openssl req' to not ask for password when non-encrypted private key is used - cms: Do not try to check binary format on stdin and -rctform fix - Resolves: rhbz#1988137, rhbz#1988468, rhbz#1988137 [1:3.0.0-0.beta2.2.1] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [3.0.0-0.beta2.2] - When signature_algorithm extension is omitted, use more relevant alerts - Resolves: rhbz#1965017 [3.0.0-0.beta2.1] - Rebase to upstream version beta2 - Related: rhbz#1903209 [3.0.0-0.beta1.5] - Prevents creation of duplicate cert entries in PKCS #12 files - Resolves: rhbz#1978670 [3.0.0-0.beta1.4] - NVR bump to update to OpenSSL 3.0 Beta1 [3.0.0-0.beta1.3] - Update patch dual-abi.patch to add the #define macros in implementation files instead of public header files [3.0.0-0.beta1.2] - Removes unused patch dual-abi.patch [3.0.0-0.beta1.1] - Update to Beta1 version - Includes a patch to support dual-ABI, as Beta1 brekas ABI with alpha16 [3.0.0-0.alpha16.7] - Fixes override of openssl_conf in openssl.cnf - Use AI_ADDRCONFIG only when explicit host name is given - Temporarily remove fipsmodule.cnf for arch i686 - Fixes segmentation fault in BN_lebin2bn - Resolves: rhbz#1975847, rhbz#1976845, rhbz#1973477, rhbz#1975855 [3.0.0-0.alpha16.6] - Adds FIPS mode compatibility patch (sahana@redhat.com) - Related: rhbz#1977318 [3.0.0-0.alpha16.5] - Fixes system hang issue when booted in FIPS mode (sahana@redhat.com) - Temporarily disable downstream FIPS patches - Related: rhbz#1977318 [3.0.0-0.alpha16.4] - Speeding up building openssl (dbelyavs@redhat.com) Resolves: rhbz#1903209 [3.0.0-0.alpha16.3] - Fix reading SPKAC data from stdin - Fix incorrect OSSL_PKEY_PARAM_MAX_SIZE for ed25519 and ed448 - Return 0 after cleanup in OPENSSL_init_crypto() - Cleanup the peer point formats on regotiation - Fix default digest to SHA256 [3.0.0-0.alpha16.2] - Enable FIPS via config options [3.0.0-0.alpha16.1] - Update to alpha 16 version Resolves: rhbz#1952901 openssl sends alert after orderly connection close [3.0.0-0.alpha15.1] - Update to alpha 15 version Resolves: rhbz#1903209, rhbz#1952598, [1:3.0.0-0.alpha13.1.1] - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 [3.0.0-0.alpha13.1] - Update to new major release OpenSSL 3.0.0 alpha 13 Resolves: rhbz#1903209 IMPORTANT Copyright 2022 Oracle, Inc. CVE-2022-3786 CVE-2022-3602 cpe:/a:oracle:linux:9::userspace_ksplice Oracle Linux 9 [6.4.1-9] - Fix arbitrary bytecode produced via out-of-bounds writing - Resolves: CVE-2022-42920 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-42920 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [2.36.7-1.1] - Add patch for CVE-2022-42856 Resolves: #2153738 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-42856 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [6.0.113-1.0.1] - Add missing Oracle Linux Runtime IDs [6.0.113-1] - Update to .NET SDK 6.0.113 and Runtime 6.0.13 - Resolves: RHBZ#2154459 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-21538 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1:17.0.6.0.10-3.0.1] - Replace upstream references [Orabug: 34340155] [1:17.0.6.0.10-3] - Add missing release note for JDK-8295687 - Resolves: rhbz#2160111 [1:17.0.6.0.10-3] - Update FIPS support to bring in latest changes - * OJ1357: Fix issue on FIPS with a SecurityManager in place - Related: rhbz#2147476 [1:17.0.6.0.10-3] - Fix flatpak builds by disabling TestTranslations test due to missing tzdb.dat - Related: rhbz#2160111 [1:17.0.6.0.10-2] - Update to jdk-17.0.6.0+10 - Update release notes to 17.0.6.0+10 - Switch to GA mode for release - ** This tarball is embargoed until 2023-01-17 @ 1pm PT. ** - Related: rhbz#2153097 [1:17.0.6.0.9-0.2.ea] - Update to jdk-17.0.6+9 - Update release notes to 17.0.6+9 - Drop local copy of JDK-8293834 now this is upstream - Require tzdata 2022g due to inclusion of JDK-8296108, JDK-8296715 & JDK-8297804 - Update TestTranslations.java to test the new America/Ciudad_Juarez zone - Resolves: rhbz#2153097 [1:17.0.6.0.1-0.2.ea] - Update to jdk-17.0.6+1 - Update release notes to 17.0.6+1 - Switch to EA mode for 17.0.6 pre-release builds. - Re-enable EA upstream status check now it is being actively maintained. - Drop JDK-8294357 (tzdata2022d) & JDK-8295173 (tzdata2022e) local patches which are now upstream - Drop JDK-8275535 local patch now this has been accepted and backported upstream - Bump tzdata requirement to 2022e now the package is available in RHEL - Related: rhbz#2153097 [1:17.0.5.0.8-4] - Update FIPS support to bring in latest changes - * Add nss.fips.cfg support to OpenJDK tree - * RH2117972: Extend the support for NSS DBs (PKCS11) in FIPS mode - * Remove forgotten dead code from RH2020290 and RH2104724 - Drop local nss.fips.cfg.in handling now this is handled in the patched OpenJDK build - Resolves: rhbz#2147476 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-21835 CVE-2023-21843 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:2:appstream_base Oracle Linux 9 [11.0.18.0.10-2.0.1] - Replace upstream references [Orabug: 34340155] [1:11.0.18.0.10-2] - Update to jdk-11.0.18+10 (GA) - Update release notes to 11.0.18+10 - Switch to GA mode for release - ** This tarball is embargoed until 2023-01-17 @ 1pm PT. ** - Related: rhbz#2157798 [1:11.0.18.0.9-0.2.ea] - Update to jdk-11.0.18+9 - Update release notes to 11.0.18+9 - Drop local copy of JDK-8293834 now this is upstream - Require tzdata 2022g due to inclusion of JDK-8296108, JDK-8296715 & JDK-8297804 - Update TestTranslations.java to test the new America/Ciudad_Juarez zone - Resolves: rhbz#2157798 [1:11.0.18.0.1-0.2.ea] - Update to jdk-11.0.18+1 - Update release notes to 11.0.18+1 - Switch to EA mode for 11.0.18 pre-release builds. - Drop local copies of JDK-8294357 & JDK-8295173 now upstream contains tzdata 2022e - Drop local copy of JDK-8275535 which is finally upstream - Related: rhbz#2157798 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-21835 CVE-2023-21843 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:2:appstream_base Oracle Linux 9 [1.8.0.362.b09-2.0.1] - Replace upstream references [Orabug: 34340145] [1:1.8.0.362.b09-2] - Update cacerts patch to fix OPENJDK-1433 SecurityManager issue - Update to shenandoah-jdk8u352-b09 (GA) - Update release notes for shenandoah-8u352-b09. - Resolves: rhbz#2163594 [1:1.8.0.362.b08-2] - Update to shenandoah-jdk8u352-b08 (GA) - Update release notes for shenandoah-8u352-b08. - Fix broken links and missing release notes in older releases. - Drop RH1163501 patch which is not upstream or in 11, 17 & 19 packages and seems obsolete - Patch was broken by inclusion of 'JDK-8293554: Enhanced DH Key Exchanges' - Patch was added for a specific corner case of a 4096-bit DH key on a Fedora host that no longer exists - Fedora now appears to be using RSA and the JDK now supports ECC in preference to large DH keys - Resolves: rhbz#2160111 [1:1.8.0.362.b07-0.2.ea] - Update to shenandoah-jdk8u362-b07 (EA) - Update release notes for shenandoah-8u362-b07. - Switch to EA mode for 8u362 pre-release builds. - Drop JDK-8195607/PR3776/RH1760437 now this is upstream - Require tzdata 2022g due to inclusion of JDK-8296108, JDK-8296715 & JDK-8297804 - Drop tzdata patches for 2022d & 2022e (JDK-8294357 & JDK-8295173) which are now upstream - Update TestTranslations.java to test the new America/Ciudad_Juarez zone - Resolves: rhbz#2159912 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-21830 CVE-2023-21843 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:2:appstream_base Oracle Linux 9 [1.9.5p2-7.1] RHEL 9.1.0.Z ERRATUM - CVE-2023-22809 sudo: arbitrary file write with privileges of the RunAs user Resolves: rhbz#2161224 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-22809 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:1:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [102.7.0-1.0.1] - Updated homepages to use https [Orabug: 34648274] [102.7.0-1] - Update to 102.7.0 build1 [102.6.0-2] - Add firefox-x11 subpackage to allow explicit run of firefox under x11 on RHEL9 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-23603 CVE-2023-23605 CVE-2022-46877 CVE-2023-23601 CVE-2023-23599 CVE-2023-23598 CVE-2022-46871 CVE-2023-23602 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [4.4.0-5] - Bump release - Resolves: CVE-2022-2953 [4.4.0-4] - Resolves: CVE-2022-2519 CVE-2022-2520 CVE-2022-2521 [4.4.0-3] - Fix CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 - Resolves: #2106768 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-2057 CVE-2022-2521 CVE-2022-2519 CVE-2022-2056 CVE-2022-2520 CVE-2022-2953 CVE-2022-2058 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1.0.0-10.2] - Fix dbus memory leak on connection failure - Fix unauthorized access via D-bus Resolves: rhbz#2127877 MODERATE Copyright 2023 Oracle, Inc. CVE-2019-25058 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [7.1.8.1-8.0.1] - Replace colors with Oracle colors [Orabug: 32120093] - Build with --with-vendor='Oracle America, Inc.' - Added the --with-hamcrest option to configure. [1:7.1.8.1-8] - Resolves: rhbz#2134759 Untrusted Macros - Resolves: rhbz#2134757 Weak Master Keys - Resolves: rhbz#2134755 Static Initialization Vector - Resolves: rhbz#2134761 Macro URL arbitrary script execution MODERATE Copyright 2023 Oracle, Inc. CVE-2022-3140 CVE-2022-26307 CVE-2022-26305 CVE-2022-26306 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder_developer cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream_developer Oracle Linux 9 [42.2.18-6] - fix for CVE-2022-31197 * Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-31197 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 nodejs [1:16.18.1-3] - Update sources of undici WASM blobs Resolves: rhbz#2151617 [1:16.18.1-2] - Add back libs and v8-devel subpackages - Related: RHBZ#2121126 - Record previously fixed CVE - Resolves: CVE-2021-44906 [1:16.18.1-1] - Rebase + CVEs - Resolves: #2142808 - Resolves: #2142826, #2131745, #2142855 nodejs-nodemon [2.0.20-2] - Record CVE fixed in the current or previous upstream versions - Resolves: CVE-2021-44906 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-43548 CVE-2022-35256 CVE-2021-44906 CVE-2022-3517 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base Oracle Linux 9 golang [1.18.9-1] - Rebase to Go 1.18.9 - Enable big endian support for fips mode - Fix ppc64le linker issue - Resolves: rhbz#2144547 - Resolves: rhbz#2149311 go-toolset [1.18.9-1] - Rebase to Go 1.18.9 - Enable big endian support for fips mode - Fix ppc64le linker issue - Resolves: rhbz#2144547 - Resolves: rhbz#2149311 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-2880 CVE-2022-41715 CVE-2022-2879 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [7.76.1-19.el9_1.1] - fix POST following PUT confusion (CVE-2022-32221) MODERATE Copyright 2023 Oracle, Inc. CVE-2022-32221 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:1:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [5.14.0-162.12.1_1.OL9] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944] - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] [5.14.0-162.12.1_1] - x86/fpu: Drop fpregs lock before inheriting FPU permissions (Valentin Schneider) [2154407 2153181] - hv_netvsc: Fix race between VF offering and VF association message from host (Mohammed Gamal) [2151605 2149277] - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (Emanuele Giuseppe Esposito) [2150910 2092794] [5.14.0-162.11.1_1] - drm/i915: fix TLB invalidation for Gen12 video and compute engines (Wander Lairson Costa) [2148152 2148153] {CVE-2022-4139} - memcg: prohibit unconditional exceeding the limit of dying tasks (Chris von Recklinghausen) [2143976 2120352] - mm, oom: do not trigger out_of_memory from the #PF (Waiman Long) [2143976 2139747] - mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks (Chris von Recklinghausen) [2143976 2120352] - pipe: Fix missing lock in pipe_resize_ring() (Ian Kent) [2141631 2141632] {CVE-2022-2959} - net: usb: ax88179_178a: Fix packet receiving (Jose Ignacio Tornos Martinez) [2142722 2142723] {CVE-2022-2964} - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (Jose Ignacio Tornos Martinez) [2142722 2142723] {CVE-2022-2964} - NFSD: Protect against send buffer overflow in NFSv3 READ (Scott Mayhew) [2141769 2141770] {CVE-2022-43945} - NFSD: Protect against send buffer overflow in NFSv2 READ (Scott Mayhew) [2141769 2141770] {CVE-2022-43945} - NFSD: Protect against send buffer overflow in NFSv3 READDIR (Scott Mayhew) [2141769 2141770] {CVE-2022-43945} - NFSD: Protect against send buffer overflow in NFSv2 READDIR (Scott Mayhew) [2141769 2141770] {CVE-2022-43945} - SUNRPC: Fix svcxdr_init_encode's buflen calculation (Scott Mayhew) [2141769 2141770] {CVE-2022-43945} - SUNRPC: Fix svcxdr_init_decode's end-of-buffer calculation (Scott Mayhew) [2141769 2141770] {CVE-2022-43945} [5.14.0-162.10.1_1] - ice: Fix crash by keep old cfg when update TCs more than queues (Petr Oros) [2132070 2131953] - ice: Fix tunnel checksum offload with fragmented traffic (Petr Oros) [2132070 2131953] - ice: handle E822 generic device ID in PLDM header (Petr Oros) [2132070 2131953] - ice: ethtool: Prohibit improper channel config for DCB (Petr Oros) [2132070 2131953] - ice: ethtool: advertise 1000M speeds properly (Petr Oros) [2132070 2131953] - ice: Fix switchdev rules book keeping (Petr Oros) [2132070 2131953] - ice: fix access-beyond-end in the switch code (Petr Oros) [2132070 2131953] - eth: ice: silence the GCC 12 array-bounds warning (Petr Oros) [2132070 2131953] - ice: Expose RSS indirection tables for queue groups via ethtool (Petr Oros) [2132070 2131953] - Revert 'ice: Hide bus-info in ethtool for PRs in switchdev mode' (Petr Oros) [2132070 2131953] - ice: remove period on argument description in ice_for_each_vf (Petr Oros) [2132070 2131953] - ice: add a function comment for ice_cfg_mac_antispoof (Petr Oros) [2132070 2131953] - ice: fix wording in comment for ice_reset_vf (Petr Oros) [2132070 2131953] - ice: remove return value comment for ice_reset_all_vfs (Petr Oros) [2132070 2131953] - ice: always check VF VSI pointer values (Petr Oros) [2132070 2131953] - ice: add newline to dev_dbg in ice_vf_fdir_dump_info (Petr Oros) [2132070 2131953] - ice: get switch id on switchdev devices (Petr Oros) [2132070 2131953] - ice: return ENOSPC when exceeding ICE_MAX_CHAIN_WORDS (Petr Oros) [2132070 2131953] - ice: introduce common helper for retrieving VSI by vsi_num (Petr Oros) [2132070 2131953] - ice: use min_t() to make code cleaner in ice_gnss (Petr Oros) [2132070 2131953] - ice, xsk: Avoid refilling single Rx descriptors (Petr Oros) [2132070 2131953] - ice, xsk: Diversify return values from xsk_wakeup call paths (Petr Oros) [2132070 2131953] - ice, xsk: Terminate Rx side of NAPI when XSK Rx queue gets full (Petr Oros) [2132070 2131953] - ice, xsk: Decorate ICE_XDP_REDIR with likely() (Petr Oros) [2132070 2131953] - ice: Add mpls+tso support (Petr Oros) [2132070 2131953] - ice: switch: convert packet template match code to rodata (Petr Oros) [2132070 2131953] - ice: switch: use convenience macros to declare dummy pkt templates (Petr Oros) [2132070 2131953] - ice: switch: use a struct to pass packet template params (Petr Oros) [2132070 2131953] - ice: switch: unobscurify bitops loop in ice_fill_adv_dummy_packet() (Petr Oros) [2132070 2131953] - ice: switch: add and use u16[] aliases to ice_adv_lkup_elem::{h, m}_u (Petr Oros) [2132070 2131953] - ice: Support GTP-U and GTP-C offload in switchdev (Petr Oros) [2132070 2131953] - Documentation/admin-guide: Document nomodeset kernel parameter (Karol Herbst) [2145217 2143841] - drm: Move nomodeset kernel parameter to the DRM subsystem (Karol Herbst) [2145217 2143841] - selftests/bpf: Limit unroll_count for pyperf600 test (Frantisek Hrbata) [2144902 2139836] - nvme-fc: fix the fc_appid_store return value (Ewan D. Milne) [2136914 2113035] - ACPI: processor idle: Practically limit 'Dummy wait' workaround to old Intel systems (Wei Huang) [2142168 2130652] - CI: Drop c9s CI parts (Veronika Kabatova) - CI: Use GA builder container (Veronika Kabatova) [5.14.0-162.9.1_1] - CI: Remove deprecated variable (Veronika Kabatova) - drm: fix duplicated code in drm_connector_register (Karol Herbst) [2134619 2132575] - drm/mgag200: Fix PLL setup for G200_SE_A rev >=4 (Jocelyn Falempe) [2140153 1960467] - scsi: mpi3mr: Schedule IRQ kthreads only on non-RT kernels (Tomas Henzl) [2139213 2136223] [5.14.0-162.8.1_1] - redhat: fix the branch we pull from the documentation tree (Herton R. Krzesinski) - nvme-tcp: handle number of queue changes (John Meneghini) [2131359 2112025] - nvmet: expose max queues to configfs (John Meneghini) [2131359 2112025] - nvme-fabrics: parse nvme connect Linux error codes (John Meneghini) [2131359 2112025] - vfio/type1: Unpin zero pages (Alex Williamson) [2128514 2121855] - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (Oleg Nesterov) [2127881 2121271] {CVE-2022-30594} [5.14.0-162.7.1_1] - i2c: ismt: prevent memory corruption in ismt_access() (David Arcari) [2127532 2125582] {CVE-2022-3077} - x86/fpu: Prevent FPU state corruption (Oleksandr Natalenko) [2134588 2131667] - iavf: Fix reset error handling (Petr Oros) [2127884 2119712] - iavf: Fix NULL pointer dereference in iavf_get_link_ksettings (Petr Oros) [2127884 2119712] - iavf: Fix missing state logs (Petr Oros) [2127884 2119712] IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-4139 CVE-2022-3077 CVE-2022-2964 CVE-2022-43945 CVE-2022-2959 CVE-2022-30594 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:1:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [1.12.20-7.0.1] - fix netlink poll: error 4 (Zhenzhong Duan) [1:1.12.20-7] - Fix CVE-2022-42010 (#2133647) - Fix CVE-2022-42011 (#2133641) - Fix CVE-2022-42012 (#2133635) MODERATE Copyright 2023 Oracle, Inc. CVE-2022-42011 CVE-2022-42012 CVE-2022-42010 cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:1:baseos_patch cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9::baseos_developer cpe:/o:oracle:linux:9:2:baseos_base Oracle Linux 9 [250-12.0.2.el9_1.1] - Backport upstream pstore dmesg fix [Orabug: 34868110] - Remove upstream references [Orabug: 33995357] - Disable unprivileged BPF by default [Orabug: 32870980] - udev rules: fix memory hot add and remove [Orabug: 31310273] - set 'RemoveIPC=no' in logind.conf as default for OL7.2 [Orabug: 22224874] - allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469] - fix _netdev is missing for iscsi entry in /etc/fstab (tony.l.lam@oracle.com) [Orabug: 25897792] - shutdown: get only active md arrays. [Orabug: 34467234] [250-12.1] - time-util: fix buffer-over-run (#2139388) MODERATE Copyright 2023 Oracle, Inc. CVE-2022-3821 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:1:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [2.4.9-1.1] - CVE-2022-43680 expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate - Resolves: CVE-2022-43680 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-43680 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:1:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [2.9.13-3] - Fix CVE-2022-40303 (#2136564) - Fix CVE-2022-40304 (#2136569) MODERATE Copyright 2023 Oracle, Inc. CVE-2022-40303 CVE-2022-40304 cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:1:baseos_patch cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9::baseos_developer cpe:/o:oracle:linux:9:2:baseos_base Oracle Linux 9 [3.34.1-6] - Fixes CVE-2022-35737 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-35737 cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:1:baseos_patch cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_base cpe:/o:oracle:linux:9::baseos_developer cpe:/a:oracle:linux:9:3:appstream_base cpe:/o:oracle:linux:9:2:baseos_base Oracle Linux 9 [5.1.8-6] - Add a null check in parameter_brace_transform() function Resolves: CVE-2022-3715 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-3715 cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:1:baseos_patch cpe:/o:oracle:linux:9:3:baseos_base cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_developer cpe:/o:oracle:linux:9:2:baseos_base cpe:/a:oracle:linux:9::codeready_builder_developer Oracle Linux 9 [4.16.0-9] - Resolves: rhbz#2140602 MODERATE Copyright 2023 Oracle, Inc. CVE-2021-46848 cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:1:baseos_patch cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9::baseos_developer cpe:/o:oracle:linux:9:3:baseos_base cpe:/o:oracle:linux:9:4:baseos_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base cpe:/o:oracle:linux:9:2:baseos_base Oracle Linux 9 [3.5.13-8] - Fix CVE-2022-46285: infinite loop on unclosed comments (#2160230) - Fix CVE-2022-44617: runaway loop with width of 0 (#2160232) - Fix CVE-2022-4883: compression depends on /usr/local/bin:/usr/bin (#2160242) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-4883 CVE-2022-44617 CVE-2022-46285 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base Oracle Linux 9 [102.7.1-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.7.1-1] - Update to 102.7.1 build1 [102.7.0-1] - Update to 102.7.0 build1 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-46871 CVE-2023-23601 CVE-2023-23605 CVE-2023-23598 CVE-2023-23603 CVE-2023-23599 CVE-2022-46877 CVE-2023-23602 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [102.7.1-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.7.1-2] - Update to 102.7.1 build2 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-0430 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [2.31.1-3] - Fixes CVE-2022-23521 and CVE-2022-41903 - Tests: try harder to find open ports for apache, git, and svn - Resolves: #2162069 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-41903 CVE-2022-23521 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1.12.0-5] - xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation Resolves: bz#2167060 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-0494 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1.5.1-6] - Fix for CVE-2022-47629 (#2161571) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-47629 cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:1:baseos_patch cpe:/o:oracle:linux:9:3:baseos_base cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_developer cpe:/o:oracle:linux:9:2:baseos_base cpe:/a:oracle:linux:9::codeready_builder_developer cpe:/o:oracle:linux:9:4:baseos_base Oracle Linux 9 [2.06-46.0.4.el9_1.3] - Bump SBAT metadata for grub to 3 [Orabug: 34872719] - Fix CVE-2022-3775 [Orabug: 34871953] - Enable signing for aarch64 EFI - Fix signing certificate names - Enable back btrfs grub module for EFI pre-built image [Orabug: 34360986] - Replaced bugzilla.oracle.com references [Orabug: 34202300] - Update provided certificate version to 202204 [JIRA: OLDIS-16371] - Various coverity fixes [JIRA: OLDIS-16371] - bump SBAT generation - Update bug url [Orabug: 34202300] - Revert provided certificate version back to 202102 [JIRA: OLDIS-16371] - Update signing certificate [JIRA: OLDIS-16371] - fix SBAT data [JIRA: OLDIS-16371] - Update requires [JIRA: OLDIS-16371] - Rebuild for SecureBoot signatures [Orabug: 33801813] - Do not add shim and grub certificate deps for aarch64 packages [Orabug: 32670033] - Update Oracle SBAT data [Orabug: 32670033] - Use new signing certificate [Orabug: 32670033] - honor /etc/sysconfig/kernel DEFAULTKERNEL setting for BLS [Orabug: 30643497] - set EFIDIR as redhat for additional grub2 tools [Orabug: 29875597] - Update upstream references [Orabug: 26388226] - Insert Unbreakable Enterprise Kernel text into BLS config file [Orabug: 29417955] - Put 'with' in menuentry instead of 'using' [Orabug: 18504756] - Use different titles for UEK and RHCK kernels [Orabug: 18504756] [2.06-46.el9_1.3] - Give up on redhat-sb-certs - Resolves: CVE-2022-2601 [2.06-46.el9_1.2] - CVE update (actually 2.06-49) - Resolves: CVE-2022-2601 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-3775 CVE-2022-2601 cpe:/o:oracle:linux:9:1:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [102.8.0-2.0.1] - Updated homepages to use https [Orabug: 34648274] [102.8.0-2] - Update to 102.8.0 build2 [102.8.0-1] - Update to 102.8.0 build1 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-25732 CVE-2023-25739 CVE-2023-25737 CVE-2023-25742 CVE-2023-25743 CVE-2023-25735 CVE-2023-0767 CVE-2023-25729 CVE-2023-25728 CVE-2023-25730 CVE-2023-25744 CVE-2023-25746 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::appstream_developer Oracle Linux 9 [102.8.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.8.0-2] - Update to 102.8.0 build2 [102.8.0-1] - Update to 102.8.0 build1 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-25732 CVE-2023-25728 CVE-2023-25737 CVE-2023-25742 CVE-2023-25743 CVE-2023-25739 CVE-2023-0767 CVE-2023-25729 CVE-2023-25746 CVE-2023-25730 CVE-2023-0616 CVE-2023-25735 CVE-2023-25744 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::appstream_developer Oracle Linux 9 [2.36.7-1.2] - Add patch for CVE-2023-23529 Resolves: #2170000 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-23529 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [3.0.1-47.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.1-47] - Fixed X.509 Name Constraints Read Buffer Overflow Resolves: CVE-2022-4203 - Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed Double free after calling PEM_read_bio_ex Resolves: CVE-2022-4450 - Fixed Use-after-free following BIO_new_NDEF Resolves: CVE-2023-0215 - Fixed Invalid pointer dereference in d2i_PKCS7 functions Resolves: CVE-2023-0216 - Fixed NULL dereference validating DSA public key Resolves: CVE-2023-0217 - Fixed X.400 address type confusion in X.509 GeneralName Resolves: CVE-2023-0286 - Fixed NULL dereference during PKCS7 data verification Resolves: CVE-2023-0401 [1:3.0.1-46] - Refactor OpenSSL fips module MAC verification Resolves: rhbz#2158412 - Disallow SHAKE in RSA-OAEP decryption in FIPS mode Resolves: rhbz#2144010 [1:3.0.1-45] - Add support of X25519 and X448 'group' parameter in EVP_PKEY_CTX objects Resolves: rhbz#2149010 - Fix explicit indicator for PSS salt length in FIPS mode when used with negative magic values Resolves: rhbz#2144012 - Update change to default PSS salt length with patch state from upstream Related: rhbz#2144012 [1:3.0.1-44] - SHAKE-128/256 are not allowed with RSA in FIPS mode Resolves: rhbz#2144010 - Avoid memory leaks in TLS Resolves: rhbz#2144008 - FIPS RSA CRT tests must use correct parameters Resolves: rhbz#2144006 - FIPS-140-3 permits only SHA1, SHA256, and SHA512 for DRBG-HASH/DRBG-HMAC Resolves: rhbz#2144017 - Remove support for X9.31 signature padding in FIPS mode Resolves: rhbz#2144015 - Add explicit indicator for SP 800-108 KDFs with short key lengths Resolves: rhbz#2144019 - Add explicit indicator for HMAC with short key lengths Resolves: rhbz#2144000 - Set minimum password length for PBKDF2 in FIPS mode Resolves: rhbz#2144003 - Add explicit indicator for PSS salt length in FIPS mode Resolves: rhbz#2144012 - Clamp default PSS salt length to digest size for FIPS 186-4 compliance Related: rhbz#2144012 - Forbid short RSA keys for key encapsulation/decapsulation in FIPS mode Resolves: rhbz#2145170 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-0401 CVE-2022-4450 CVE-2023-0216 CVE-2022-4304 CVE-2023-0217 CVE-2022-4203 CVE-2023-0215 CVE-2023-0286 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:1:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 - [5.14.0-162.18.1_1.OL9] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944] - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] [5.14.0-162.18.1_1] - powerpc/pseries: Use lparcfg to reconfig VAS windows for DLPAR CPU (Steve Best) [2154305 2133101] - redhat/configs: Change the amd-pstate driver from builtin to loadable (David Arcari) [2151274 2143793] - powerpc/pseries/mobility: set NMI watchdog factor during an LPM (Steve Best) [2140085 2122830] - powerpc/watchdog: introduce a NMI watchdog's factor (Steve Best) [2140085 2122830] - watchdog: export lockup_detector_reconfigure (Steve Best) [2140085 2122830] - powerpc/mobility: wait for memory transfer to complete (Steve Best) [2140085 2122830] [5.14.0-162.17.1_1] - PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (Emanuele Giuseppe Esposito) [2155459 2100404] - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (Emanuele Giuseppe Esposito) [2155459 2100404] - PCI: hv: Fix interrupt mapping for multi-MSI (Emanuele Giuseppe Esposito) [2155459 2100404] - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (Emanuele Giuseppe Esposito) [2155459 2100404] - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (Emanuele Giuseppe Esposito) [2155459 2100404] - PCI: hv: Fix multi-MSI to allow more than one MSI vector (Emanuele Giuseppe Esposito) [2155459 2100404] - proc: proc_skip_spaces() shouldn't think it is working on C strings (Wander Lairson Costa) [2152580 2152581] {CVE-2022-4378} - proc: avoid integer type confusion in get_proc_long (Wander Lairson Costa) [2152580 2152581] {CVE-2022-4378} - blk-mq: run queue no matter whether the request is the last request (Ming Lei) [2162535 2118511] - netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits (Florian Westphal) [2161724 2161725] {CVE-2023-0179} - nvme-tcp: fix regression that causes sporadic requests to time out (Gopal Tiwari) [2161344 2124526] - netfs: Fix dodgy maths (Xiubo Li) [2161418 2138981] - netfs: Fix missing xas_retry() calls in xarray iteration (Xiubo Li) [2161418 2138981] [5.14.0-162.16.1_1] - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (Ricardo Robaina) [2152929 2152931] {CVE-2022-3564} - gitlab-ci: use CI templates from production branch (Michael Hofmann) [5.14.0-162.15.1_1] - KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (Thomas Huth) [2158815 2140899] - x86/fpu: Do not leak fpstate pointer on fork (Rafael Aquini) [2133083 2120448] - Revert 'usb: typec: ucsi: add a common function ucsi_unregister_connectors()' (Torez Smith) [2153277 2113003] - i2c: ismt: Fix an out-of-bounds bug in ismt_access() (David Arcari) [2154859 2119067] {CVE-2022-2873} [5.14.0-162.14.1_1] - NFSD: fix use-after-free in __nfs42_ssc_open() (Benjamin Coddington) [2152815 2152816] {CVE-2022-4379} - PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (Mohammed Gamal) [2155930 2155277] - PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (Mohammed Gamal) [2155930 2155277] - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (Mohammed Gamal) [2155930 2155277] - sched/core: Always flush pending blk_plug (Phil Auld) [2153792 2115520] [5.14.0-162.13.1_1] - scsi: qla2xxx: Fix crash when I/O abort times out (Nilesh Javali) [2152178 2115892] - net: mana: Fix race on per-CQ variable napi work_done (Emanuele Giuseppe Esposito) [2155145 2153431] IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-0179 CVE-2022-4378 CVE-2022-4379 CVE-2022-2873 CVE-2022-3564 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:1:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [53.0.0-10.1] - Security fix for CVE-2022-40897 Resolves: rhbz#2158559 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-40897 cpe:/o:oracle:linux:9:1:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [3.9.14-1.2] - Security fix for CVE-2022-45061 Resolves: rhbz#2144072 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-45061 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:1:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [250-12.0.2.3] - Backport upstream pstore dmesg fix [Orabug: 34868110] - Remove upstream references [Orabug: 33995357] - Disable unprivileged BPF by default [Orabug: 32870980] - udev rules: fix memory hot add and remove [Orabug: 31310273] - set 'RemoveIPC=no' in logind.conf as default for OL7.2 [Orabug: 22224874] - allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469] - fix _netdev is missing for iscsi entry in /etc/fstab (tony.l.lam@oracle.com) [Orabug: 25897792] - shutdown: get only active md arrays. [Orabug: 34467234] [250-12.3] - shared/json: allow json_variant_dump() to return an error (#2149074) - shared/json: use different return code for empty input (#2149074) - coredump: avoid deadlock when passing processed backtrace data (#2149074) - test: disable flaky subtests that require udevadm wait/lock (#2149074) [250-12.2] - coredump: adjust whitespace (#2155516) - basic: add STRERROR() wrapper for strerror_r() (#2155516) - coredump: do not allow user to access coredumps with changed uid/gid/capabilities (#2155516) - Packit: build SRPMs in Copr (#2155516) - test: support non-summer time (#2155516) - test: bump the base VM memory to 768M (#2155516) - test: don't overwrite existing (#2155516) MODERATE Copyright 2023 Oracle, Inc. CVE-2022-45873 CVE-2022-4415 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:1:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [5.4.4-2] - Resolves CVE-2021-43519 [5.4.4-1] - Rebase to lua 5.4.4 - Resolves CVE-2021-44964 [5.4.2-7] - Fix up CVE-2022-33099 patch [5.4.2-6] - Enable gating [5.4.2-5] - apply upstream fix for CVE-2022-33099 MODERATE Copyright 2023 Oracle, Inc. CVE-2021-43519 CVE-2021-44964 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:1:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [8.2.2637-20.0.1] - Remove upstream references [Orabug: 31197557] [2:8.2.2637-20] - CVE-2022-47024 vim: no check if the return value of XChangeGC() is NULL [2:8.2.2637-19] - CVE-2022-1785 vim: Out-of-bounds Write - CVE-2022-1897 vim: out-of-bounds write in vim_regsub_both() in regexp.c - CVE-2022-1927 vim: buffer over-read in utf_ptr2char() in mbyte.c [2:8.2.2637-18] - CVE-2022-1621 vim: heap buffer overflow - CVE-2022-1629 vim: buffer over-read [2:8.2.2637-17] - CVE-2022-1154 vim: use after free in utf_ptr2char - CVE-2022-1420 vim: Out-of-range Pointer Offset MODERATE Copyright 2023 Oracle, Inc. CVE-2022-47024 cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:1:baseos_patch cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9::baseos_developer cpe:/o:oracle:linux:9:3:baseos_base cpe:/o:oracle:linux:9:4:baseos_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base cpe:/o:oracle:linux:9:2:baseos_base Oracle Linux 9 [2:1.34-6] - Fix CVE-2022-48303 - Resolves: CVE-2022-48303 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-48303 cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:1:baseos_patch cpe:/o:oracle:linux:9:3:baseos_base cpe:/o:oracle:linux:9:4:baseos_base cpe:/o:oracle:linux:9::baseos_developer cpe:/o:oracle:linux:9:2:baseos_base Oracle Linux 9 [8.0.27-1] - rebase to 8.0.27 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-37454 CVE-2022-31631 CVE-2022-31629 CVE-2022-31628 CVE-2022-31630 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base Oracle Linux 9 [2.4.53-7.0.1] - Replace index.html with Oracle's index page oracle_index.html. [2.4.53-7.1] - Resolves: #2165975 - prevent sscg creating /dhparams.pem - Resolves: #2165970 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write of zero byte - Resolves: #2165973 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting - Resolves: #2165974 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request smuggling MODERATE Copyright 2023 Oracle, Inc. CVE-2022-37436 CVE-2022-36760 CVE-2006-20001 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [115-6.0.1] - Update Oracle Linux test certificates [Orabug: 31928433] [115-6] - Fix chmod invocation - Resolves: CVE-2022-3560 [115-5] - Deprecate pesign-authorize and drop ACL use - Resolves: CVE-2022-3560 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-3560 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_base Oracle Linux 9 [2.0.90-6] - Fix CVE-2021-46822 - Resolves: CVE-2021-46822 MODERATE Copyright 2023 Oracle, Inc. CVE-2021-46822 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::codeready_builder_developer Oracle Linux 9 [3.7.6-18] - Update gnutls-3.7.8-fips-pct-dh.patch to the upstream version (#2168610) [3.7.6-17] - Fix timing side-channel in TLS RSA key exchange (#2162600) [3.7.6-16] - fips: extend PCT to DH key generation (#2168610) [3.7.6-14] - fips: remove library path checking from FIPS integrity check (#2149638) - fips: rename hmac file to its previous name (#2149640) [3.7.6-13] - cipher: add restriction on CCM tag length under FIPS mode (#2144535) - nettle: mark non-compliant RSA-PSS salt length to be not-approved (#2144537) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-0361 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:1:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 8 Oracle Linux 9 [5.15.0-6.80.3.1] - Revert 'rds: ib: Enable FC by default' (Hakon Bugge) [Orabug: 34964359] [5.15.0-6.80.3] - net/mlx5: Suppress error logging on UCTX creation (Marina) [Orabug: 34888471] - rds: ib: Fix leaked MRs during kexec (Hakon Bugge) [Orabug: 34892082] - uek-rpm: Add ptp_kvm.ko to core rpm (Somasundaram Krishnasamy) [Orabug: 34901414] - Revert 'tracing/ring-buffer: Have polling block on watermark' (Harshit Mogalapalli) [Orabug: 34890999] [5.15.0-6.80.2] - scsi: mpi3mr: Remove unnecessary cast (Jules Irenge) [Orabug: 34640445] - scsi: mpi3mr: Update driver version to 8.2.0.3.0 (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Fix scheduling while atomic type bug (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Scan the devices during resume time (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Free enclosure objects during driver unload (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Handle 0xF003 Fault Code (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Graceful handling of surprise removal of PCIe HBA (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Schedule IRQ kthreads only on non-RT kernels (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Support new power management framework (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Update mpi3 header files (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Fix error code in mpi3mr_transport_smp_handler() (Dan Carpenter) [Orabug: 34640445] - scsi: mpi3mr: Fix error codes in mpi3mr_report_manufacture() (Dan Carpenter) [Orabug: 34640445] - scsi: mpi3mr: Block I/Os while refreshing target dev objects (Chandrakanth patil) [Orabug: 34640445] - scsi: mpi3mr: Refresh SAS ports during soft reset (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Support SAS transport class callbacks (Chandrakanth patil) [Orabug: 34640445] - scsi: mpi3mr: Add framework to issue MPT transport cmds (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Add SAS SATA end devices to STL (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Get target object based on rphy (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Add expander devices to STL (Chandrakanth patil) [Orabug: 34640445] - scsi: mpi3mr: Enable STL on HBAs where multipath is disabled (Chandrakanth patil) [Orabug: 34640445] - scsi: mpi3mr: Add helper functions to manage device's port (Chandrakanth patil) [Orabug: 34640445] - scsi: mpi3mr: Add helper functions to retrieve device objects (Chandrakanth patil) [Orabug: 34640445] - scsi: mpi3mr: Add framework to add phys to STL (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Enable Enclosure device add event (Chandrakanth patil) [Orabug: 34640445] - scsi: mpi3mr: Add helper functions to retrieve config pages (Chandrakanth patil) [Orabug: 34640445] - scsi: mpi3mr: Add framework to issue config requests (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Add config and transport related debug flags (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Delete a stray tab (Dan Carpenter) [Orabug: 34640445] - scsi: mpi3mr: Unlock on error path (Dan Carpenter) [Orabug: 34640445] - scsi: mpi3mr: Reduce VD queue depth on detecting throttling (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Resource Based Metering (Chandrakanth patil) [Orabug: 34640445] - scsi: mpi3mr: Increase cmd_per_lun to 128 (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Enable shared host tagset (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Fix kernel-doc (Chandrakanth patil) [Orabug: 34640445] - scsi: mpi3mr: Rework mrioc->bsg_device model to fix warnings (Sumit Saxena) [Orabug: 34640445] - scsi: mpi3mr: Add target device related sysfs (Chandrakanth patil) [Orabug: 34640445] - scsi: mpi3mr: Add shost related sysfs attributes (Chandrakanth patil) [Orabug: 34640445] - scsi: mpi3mr: Return error if dma_alloc_coherent() fails (Dan Carpenter) [Orabug: 34640445] - scsi: mpi3mr: Fix a NULL vs IS_ERR() bug in mpi3mr_bsg_init() (Dan Carpenter) [Orabug: 34640445] - scsi: mpi3mr: Return I/Os to an unrecoverable HBA with DID_ERROR (Chandrakanth patil) [Orabug: 34640445] - scsi: mpi3mr: Hidden drives not removed during soft reset (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Increase I/O timeout value to 60s (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Update driver version to 8.0.0.69.0 (Sumit Saxena) [Orabug: 34640445] - scsi: mpi3mr: Add support for NVMe passthrough (Sumit Saxena) [Orabug: 34640445] - scsi: mpi3mr: Expose adapter state to sysfs (Chandrakanth patil) [Orabug: 34640445] - scsi: mpi3mr: Add support for PEL commands (Sumit Saxena) [Orabug: 34640445] - scsi: mpi3mr: Add support for MPT commands (Sumit Saxena) [Orabug: 34640445] - scsi: mpi3mr: Move data structures/definitions from MPI headers to uapi header (Sumit Saxena) [Orabug: 34640445] - scsi: mpi3mr: Add support for driver commands (Sumit Saxena) [Orabug: 34640445] - scsi: mpi3mr: Add bsg device support (Sumit Saxena) [Orabug: 34640445] - scsi: mpi3mr: Fix flushing !WQ_MEM_RECLAIM events warning (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Bump driver version to 8.0.0.68.0 (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Update the copyright year (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Fix cmnd getting marked as in use forever (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Fix hibernation issue (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Update MPI3 headers (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Fix printing of pending I/O count (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Fix deadlock while canceling the fw event (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Fix formatting problems in some kernel-doc comments (Yang Li) [Orabug: 34640445] - scsi: mpi3mr: Fix some spelling mistakes (Colin Ian King) [Orabug: 34640445] - scsi: mpi3mr: Bump driver version to 8.0.0.61.0 (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Enhanced Task Management Support Reply handling (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Use TM response codes from MPI3 headers (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Add io_uring interface support in I/O-polled mode (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Print cable mngnt and temp threshold events (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Support Prepare for Reset event (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Add Event acknowledgment logic (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Gracefully handle online FW update operation (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Detect async reset that occurred in firmware (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Add IOC reinit function (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Handle offline FW activation in graceful manner (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Code refactor of IOC init - part2 (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Code refactor of IOC init - part1 (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Fault IOC when internal command gets timeout (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Display IOC firmware package version (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Handle unaligned PLL in unmap cmnds (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Increase internal cmnds timeout to 60s (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Do access status validation before adding devices (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Add support for PCIe Managed Switch SES device (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Update MPI3 headers - part2 (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Update MPI3 headers - part1 (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Don't reset IOC if cmnds flush with reset status (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Replace spin_lock() with spin_lock_irqsave() (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Add debug APIs based on logging_level bits (Sreekanth Reddy) [Orabug: 34640445] - scsi: mpi3mr: Use scnprintf() instead of snprintf() (Dan Carpenter) [Orabug: 34640445] - scsi: mpi3mr: Clean up mpi3mr_print_ioc_info() (Dan Carpenter) [Orabug: 34640445] - rds: ib: Remove unnecessary call to rds_ib_ring_unalloc (Hakon Bugge) [Orabug: 34768825] - rds: ib: Remove unnecessary i_flowctl term from conditions (Hakon Bugge) [Orabug: 34768825] - rds: ib: Remove unnesesarry variable initialization (Hakon Bugge) [Orabug: 34768825] - rds: ib: Make sure receives are posted before connection is up (Hakon Bugge) [Orabug: 34768825] - rds: ib: Fix the Retry counter dependency on RNR NAK Retry counter (Hakon Bugge) [Orabug: 34768825] - rds: Deduct one credit on the passive side (Hakon Bugge) [Orabug: 34768825] - rds: Use all eight bits for credit updates (Hakon Bugge) [Orabug: 34768825] - RDS/IB: Fix the misplaced counter update rdma dto path (Devesh Sharma) [Orabug: 34865847] - uek-rpm: Enable CONFIG_HP_ILO for aarch64 (Saeed Mirzamohammadi) [Orabug: 34869880] - uek-rpm: ol8: Choose right annobin plugin for UEK build (Somasundaram Krishnasamy) [Orabug: 34873882] - proc: proc_skip_spaces() shouldn't think it is working on C strings (Linus Torvalds) [Orabug: 34882775] {CVE-2022-4378} - proc: avoid integer type confusion in get_proc_long (Linus Torvalds) [Orabug: 34882775] {CVE-2022-4378} [5.15.0-6.80.1] - LTS version: v5.15.80 (Jack Vogel) - ntfs: check overflow when iterating ATTR_RECORDs (Hawkins Jiawei) - ntfs: fix out-of-bounds read in ntfs_attr_find() (Hawkins Jiawei) - ntfs: fix use-after-free in ntfs_attr_find() (Hawkins Jiawei) - net/9p: use a dedicated spinlock for trans_fd (Dominique Martinet) - mm: fs: initialize fsdata passed to write_begin/write_end interface (Alexander Potapenko) - wifi: wext: use flex array destination for memcpy() (Hawkins Jiawei) - 9p/trans_fd: always use O_NONBLOCK read/write (Tetsuo Handa) - gfs2: Switch from strlcpy to strscpy (Andreas Gruenbacher) - gfs2: Check sb_bsize_shift after reading superblock (Andrew Price) - 9p: trans_fd/p9_conn_cancel: drop client lock earlier (Dominique Martinet) - kcm: close race conditions on sk_receive_queue (Cong Wang) - kcm: avoid potential race in kcm_tx_work (Eric Dumazet) - tcp: cdg: allow tcp_cdg_release() to be called multiple times (Eric Dumazet) - macvlan: enforce a consistent minimal mtu (Eric Dumazet) - Input: i8042 - fix leaking of platform device on module removal (Chen Jun) - kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (Li Huafei) - scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (Yuan Can) - scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus() (Yang Yingliang) - net: use struct_group to copy ip/ipv6 header addresses (Hangbin Liu) - tracing: Fix warning on variable 'struct trace_array' (Aashish Sharma) - ring-buffer: Include dropped pages in counting dirty patches (Steven Rostedt (Google)) - perf: Improve missing SIGTRAP checking (Marco Elver) - serial: 8250_lpss: Use 16B DMA burst with Elkhart Lake (Ilpo Jarvinen) - nvme: ensure subsystem reset is single threaded (Keith Busch) - nvme: restrict management ioctls to admin (Keith Busch) - perf/x86/intel/pt: Fix sampling using single range output (Adrian Hunter) - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (Alexander Potapenko) - docs: update mediator contact information in CoC doc (Shuah Khan) - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (Xiongfeng Wang) - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (Chevron Li) - mmc: core: properly select voltage range without power cycle (Yann Gautier) - firmware: coreboot: Register bus in module init (Brian Norris) - iommu/vt-d: Set SRE bit only when hardware has SRS cap (Tina Zhang) - iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging entries (Tina Zhang) - scsi: zfcp: Fix double free of FSF request when qdio send fails (Benjamin Block) - net: phy: marvell: add sleep time after enabling the loopback bit (Aminuddin Jamaluddin) - maccess: Fix writing offset in case of fault in strncpy_from_kernel_nofault() (Alban Crequy) - Input: iforce - invert valid length check when fetching device IDs (Tetsuo Handa) - serial: 8250_lpss: Configure DMA also w/o DMA filter (Ilpo Jarvinen) - serial: 8250: Flush DMA Rx on RLSI (Ilpo Jarvinen) - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (Ilpo Jarvinen) - dm ioctl: fix misbehavior if list_versions races with module loading (Mikulas Patocka) - iio: pressure: ms5611: changed hardcoded SPI speed to value limited (Mitja Spes) - iio: adc: mp2629: fix potential array out of bound access (Saravanan Sekar) - iio: adc: mp2629: fix wrong comparison of channel (Saravanan Sekar) - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (Yang Yingliang) - iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (Yang Yingliang) - usb: typec: mux: Enter safe mode only when pins need to be reconfigured (Rajat Khandelwal) - usb: cdns3: host: fix endless superspeed hub port reset (Li Jun) - usb: chipidea: fix deadlock in ci_otg_del_timer (Duoming Zhou) - usb: add NO_LPM quirk for Realforce 87U Keyboard (Nicolas Dumazet) - USB: serial: option: add Fibocom FM160 0x0111 composition (Reinhard Speyerer) - USB: serial: option: add u-blox LARA-L6 modem (Davide Tronchin) - USB: serial: option: add u-blox LARA-R6 00B modem (Davide Tronchin) - USB: serial: option: remove old LARA-R6 PID (Davide Tronchin) - USB: serial: option: add Sierra Wireless EM9191 (Benoit Monin) - USB: bcma: Make GPIO explicitly optional (Linus Walleij) - speakup: fix a segfault caused by switching consoles (Mushahid Hussain) - slimbus: stream: correct presence rate frequencies (Krzysztof Kozlowski) - slimbus: qcom-ngd: Fix build error when CONFIG_SLIM_QCOM_NGD_CTRL=y && CONFIG_QCOM_RPROC_COMMON=m (Zheng Bin) - Revert 'usb: dwc3: disable USB core PHY management' (Johan Hovold) - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (Takashi Iwai) - ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro (Emil Flink) - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (Takashi Iwai) - drm/amd/display: Add HUBP surface flip interrupt handler (Rodrigo Siqueira) - tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit() (Shang XiaoJing) - tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit() (Shang XiaoJing) - tracing: Fix race where eprobes can be called before the event (Steven Rostedt (Google)) - tracing: Fix wild-memory-access in register_synth_event() (Shang XiaoJing) - tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event() (Shang XiaoJing) - tracing/ring-buffer: Have polling block on watermark (Steven Rostedt (Google)) - tracing: Fix memory leak in tracing_read_pipe() (Wang Yufen) - ring_buffer: Do not deactivate non-existant pages (Daniil Tatianin) - ftrace: Fix null pointer dereference in ftrace_add_mod() (Xiu Jianfeng) - ftrace: Optimize the allocation for mcount entries (Wang Wensheng) - ftrace: Fix the possible incorrect kernel message (Wang Wensheng) - cifs: add check for returning value of SMB2_set_info_init (Anastasia Belova) - net: thunderbolt: Fix error handling in tbnet_init() (Yuan Can) - net: microchip: sparx5: Fix potential null-ptr-deref in sparx_stats_init() and sparx5_start() (Shang XiaoJing) - cifs: Fix wrong return value checking when GETFLAGS (Zhang Xiaoxu) - net/x25: Fix skb leak in x25_lapb_receive_frame() (Wei Yongjun) - net: ag71xx: call phylink_disconnect_phy if ag71xx_hw_enable() fail in ag71xx_open() (Liu Jian) - cifs: add check for returning value of SMB2_close_init (Anastasia Belova) - platform/surface: aggregator: Do not check for repeated unsequenced packets (Maximilian Luz) - platform/x86/intel: pmc: Don't unconditionally attach Intel PMC when virtualized (Roger Pau Monne) - drbd: use after free in drbd_create_device() (Dan Carpenter) - bridge: switchdev: Fix memory leaks when changing VLAN protocol (Ido Schimmel) - net: hns3: fix setting incorrect phy link ksettings for firmware in resetting process (Guangbin Huang) - net: ena: Fix error handling in ena_init() (Yuan Can) - net: ionic: Fix error handling in ionic_init_module() (Yuan Can) - xen/pcpu: fix possible memory leak in register_pcpu() (Yang Yingliang) - net: dsa: make dsa_master_ioctl() see through port_hwtstamp_get() shims (Vladimir Oltean) - net: mhi: Fix memory leak in mhi_net_dellink() (Wei Yongjun) - bnxt_en: Remove debugfs when pci_register_driver failed (Gaosheng Cui) - net: caif: fix double disconnect client in chnl_net_open() (Zhengchao Shao) - net: macvlan: Use built-in RCU list checking (Chuang Wang) - mISDN: fix misuse of put_device() in mISDN_register_device() (Wang ShaoBo) - net: liquidio: release resources when liquidio driver open failed (Zhengchao Shao) - soc: imx8m: Enable OCOTP clock before reading the register (Xiaolei Wang) - net: stmmac: ensure tx function is not running in stmmac_xdp_release() (Mohd Faizal Abdul Rahim) - net: hinic: Fix error handling in hinic_module_init() (Yuan Can) - mISDN: fix possible memory leak in mISDN_dsp_element_register() (Yang Yingliang) - net: bgmac: Drop free_netdev() from bgmac_enet_remove() (Wei Yongjun) - bpf: Initialize same number of free nodes for each pcpu_freelist (Xu Kuohai) - MIPS: Loongson64: Add WARN_ON on kexec related kmalloc failed (Liao Chang) - MIPS: fix duplicate definitions for exported symbols (Rongwei Zhang) - nfp: change eeprom length to max length enumerators (Jaco Coetzee) - ata: libata-transport: fix error handling in ata_tdev_add() (Yang Yingliang) - ata: libata-transport: fix error handling in ata_tlink_add() (Yang Yingliang) - ata: libata-transport: fix error handling in ata_tport_add() (Yang Yingliang) - ata: libata-transport: fix double ata_host_put() in ata_tport_add() (Yang Yingliang) - arm64: dts: imx8mn: Fix NAND controller size-cells (Marek Vasut) - arm64: dts: imx8mm: Fix NAND controller size-cells (Marek Vasut) - ARM: dts: imx7: Fix NAND controller size-cells (Marek Vasut) - drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (Shang XiaoJing) - drm/drv: Fix potential memory leak in drm_dev_init() (Shang XiaoJing) - drm/panel: simple: set bpc field for logic technologies displays (Aishwarya Kothari) - drm/vc4: kms: Fix IS_ERR() vs NULL check for vc4_kms (Gaosheng Cui) - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (Zeng Heng) - parport_pc: Avoid FIFO port location truncation (Maciej W. Rozycki) - siox: fix possible memory leak in siox_device_add() (Yang Yingliang) - arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro (D Scott Phillips) - bpf: Fix memory leaks in __check_func_call (Wang Yufen) - block: sed-opal: kmalloc the cmd/resp buffers (Serge Semin) - scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (Yang Yingliang) - pinctrl: rockchip: list all pins in a possible mux route for PX30 (Quentin Schulz) - ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (Chen Zhongjin) - bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb() (Baisong Zhong) - tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send (Duoming Zhou) - serial: imx: Add missing .thaw_noirq hook (Shawn Guo) - serial: 8250: omap: Flush PM QOS work on remove (Tony Lindgren) - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (Tony Lindgren) - serial: 8250_omap: remove wait loop from Errata i202 workaround (Matthias Schiffer) - serial: 8250: omap: Fix missing PM runtime calls for omap8250_set_mctrl() (Tony Lindgren) - ARM: at91: pm: avoid soft resetting AC DLL (Claudiu Beznea) - ASoC: tas2764: Fix set_tdm_slot in case of single slot (Martin Poviser) - ASoC: tas2770: Fix set_tdm_slot in case of single slot (Martin Poviser) - ASoC: core: Fix use-after-free in snd_soc_exit() (Chen Zhongjin) - ARM: dts: at91: sama7g5: fix signal name of pin PB2 (Mihai Sain) - spi: stm32: Print summary 'callbacks suppressed' message (Marek Vasut) - arm64: dts: qcom: sm8350-hdk: Specify which LDO modes are allowed (Douglas Anderson) - arm64: dts: qcom: sm8250-xperia-edo: Specify which LDO modes are allowed (Douglas Anderson) - arm64: dts: qcom: sm8150-xperia-kumano: Specify which LDO modes are allowed (Douglas Anderson) - arm64: dts: qcom: sa8155p-adp: Specify which LDO modes are allowed (Douglas Anderson) - KVM: x86/pmu: Do not speculatively query Intel GP PMCs that don't exist yet (Like Xu) - spi: intel: Use correct mask for flash and protected regions (Mika Westerberg) - mtd: spi-nor: intel-spi: Disable write protection only if asked (Mika Westerberg) - ASoC: codecs: jz4725b: Fix spelling mistake 'Sourc' -> 'Source', 'Routee' -> 'Route' (Colin Ian King) - x86/cpu: Add several Intel server CPU model numbers (Tony Luck) - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (Luiz Augusto von Dentz) - btrfs: remove pointless and double ulist frees in error paths of qgroup tests (Filipe Manana) - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (Nathan Huckleberry) - i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (Nam Cao) - i2c: tegra: Allocate DMA memory for DMA engine (Thierry Reding) - firmware: arm_scmi: Cleanup the core driver removal callback (Cristian Marussi) - ACPI: x86: Add another system to quirk list for forcing StorageD3Enable (Mario Limonciello) - NFSv4: Retry LOCK on OLD_STATEID during delegation return (Benjamin Coddington) - btrfs: raid56: properly handle the error when unable to find the missing stripe (Qu Wenruo) - RDMA/efa: Add EFA 0xefa2 PCI ID (Michael Margolin) - ACPI: scan: Add LATT2021 to acpi_ignore_dep_ids[] (Hans de Goede) - drm/amd/display: Remove wrong pipe control lock (Rodrigo Siqueira) - ASoC: rt1308-sdw: add the default value of some registers (Shuming Fan) - selftests/intel_pstate: fix build for ARCH=x86_64 (Ricardo Canuelo) - selftests/futex: fix build for clang (Ricardo Canuelo) - ASoC: Intel: sof_sdw: add quirk variant for LAPBC710 NUC15 (Pierre-Louis Bossart) - ASoC: codecs: jz4725b: fix capture selector naming (Siarhei Volkau) - ASoC: codecs: jz4725b: use right control for Capture Volume (Siarhei Volkau) - ASoC: codecs: jz4725b: fix reported volume for Master ctl (Siarhei Volkau) - ASoC: codecs: jz4725b: add missed Line In power control bit (Siarhei Volkau) - spi: intel: Fix the offset to get the 64K erase opcode (Mauro Lima) - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (Xiaolei Wang) - ASoC: rt1019: Fix the TDM settings (Derek Fang) - ASoC: mt6660: Keep the pm_runtime enables before component stuff in mt6660_i2c_probe (Zhang Qilong) - ASoC: wm8997: Revert 'ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe' (Zhang Qilong) - ASoC: wm5110: Revert 'ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe' (Zhang Qilong) - ASoC: wm5102: Revert 'ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe' (Zhang Qilong) - LTS version: v5.15.79 (Jack Vogel) - x86/cpu: Restore AMD's DE_CFG MSR after resume (Borislav Petkov) - net: tun: call napi_schedule_prep() to ensure we own a napi (Eric Dumazet) - drm/amdkfd: Migrate in CPU page fault use current mm (Philip Yang) - marvell: octeontx2: build error: unknown type name 'u64' (Anders Roxell) - dmaengine: at_hdmac: Check return code of dma_async_device_register (Tudor Ambarus) - dmaengine: at_hdmac: Fix impossible condition (Tudor Ambarus) - dmaengine: at_hdmac: Don't allow CPU to reorder channel enable (Tudor Ambarus) - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (Tudor Ambarus) - dmaengine: at_hdmac: Fix descriptor handling when issuing it to hardware (Tudor Ambarus) - dmaengine: at_hdmac: Fix concurrency over the active list (Tudor Ambarus) - dmaengine: at_hdmac: Free the memset buf without holding the chan lock (Tudor Ambarus) - dmaengine: at_hdmac: Fix concurrency over descriptor (Tudor Ambarus) - dmaengine: at_hdmac: Fix concurrency problems by removing atc_complete_all() (Tudor Ambarus) - dmaengine: at_hdmac: Protect atchan->status with the channel lock (Tudor Ambarus) - dmaengine: at_hdmac: Do not call the complete callback on device_terminate_all (Tudor Ambarus) - dmaengine: at_hdmac: Fix premature completion of desc in issue_pending (Tudor Ambarus) - dmaengine: at_hdmac: Start transfer for cyclic channels in issue_pending (Tudor Ambarus) - dmaengine: at_hdmac: Don't start transactions at tx_submit level (Tudor Ambarus) - dmaengine: at_hdmac: Fix at_lli struct definition (Tudor Ambarus) - cert host tools: Stop complaining about deprecated OpenSSL functions (Linus Torvalds) - can: j1939: j1939_send_one(): fix missing CAN header initialization (Oliver Hartkopp) - mm/shmem: use page_mapping() to detect page cache for uffd continue (Peter Xu) - mm/memremap.c: map FS_DAX device memory as decrypted (Pankaj Gupta) - mm/damon/dbgfs: check if rm_contexts input is for a real context (SeongJae Park) - udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (ZhangPeng) - mms: sdhci-esdhc-imx: Fix SDHCI_RESET_ALL for CQHCI (Brian Norris) - btrfs: zoned: initialize device's zone info for seeding (Johannes Thumshirn) - btrfs: selftests: fix wrong error check in btrfs_free_dummy_root() (Zhang Xiaoxu) - btrfs: fix match incorrectly in dev_args_match_device (Liu Shixin) - wifi: ath11k: avoid deadlock during regulatory update in ath11k_regd_update() (Wen Gong) - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (Jorge Lopez) - drm/amdgpu: disable BACO on special BEIGE_GOBY card (Guchun Chen) - drm/i915/dmabuf: fix sg_table handling in map_dma_buf (Matthew Auld) - nilfs2: fix use-after-free bug of ns_writer on remount (Ryusuke Konishi) - nilfs2: fix deadlock in nilfs_count_free_blocks() (Ryusuke Konishi) - ata: libata-scsi: fix SYNCHRONIZE CACHE (16) command failure (Shin'ichiro Kawasaki) - vmlinux.lds.h: Fix placement of '.data..decrypted' section (Nathan Chancellor) - ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (Jussi Laako) - ALSA: usb-audio: Add quirk entry for M-Audio Micro (Takashi Iwai) - ALSA: usb-audio: Yet more regression for for the delayed card registration (Takashi Iwai) - ALSA: hda/realtek: Add Positivo C6300 model quirk (Edson Juliano Drosdeck) - ALSA: hda: fix potential memleak in 'add_widget_node' (Ye Bin) - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (Xian Wang) - ALSA: hda/hdmi - enable runtime pm for more AMD display audio (Evan Quan) - mmc: sdhci-esdhc-imx: use the correct host caps for MMC_CAP_8_BIT_DATA (Haibo Chen) - mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI (Brian Norris) - mmc: sdhci_am654: Fix SDHCI_RESET_ALL for CQHCI (Brian Norris) - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (Brian Norris) - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (Brian Norris) - MIPS: jump_label: Fix compat branch range check (Jiaxun Yang) - arm64: efi: Fix handling of misaligned runtime regions and drop warning (Ard Biesheuvel) - riscv: fix reserved memory setup (Conor Dooley) - riscv: vdso: fix build with llvm (Jisheng Zhang) - riscv: process: fix kernel info leakage (Jisheng Zhang) - net: macvlan: fix memory leaks of macvlan_common_newlink (Chuang Wang) - ethernet: tundra: free irq when alloc ring failed in tsi108_open() (Zhengchao Shao) - net: mv643xx_eth: disable napi when init rxq or txq failed in mv643xx_eth_open() (Zhengchao Shao) - ethernet: s2io: disable napi when start nic failed in s2io_card_up() (Zhengchao Shao) - net: atlantic: macsec: clear encryption keys from the stack (Antoine Tenart) - net: phy: mscc: macsec: clear encryption keys when freeing a flow (Antoine Tenart) - stmmac: dwmac-loongson: fix missing of_node_put() while module exiting (Yang Yingliang) - stmmac: dwmac-loongson: fix missing pci_disable_device() in loongson_dwmac_probe() (Yang Yingliang) - stmmac: dwmac-loongson: fix missing pci_disable_msi() while module exiting (Yang Yingliang) - cxgb4vf: shut down the adapter when t4vf_update_port_info() failed in cxgb4vf_open() (Zhengchao Shao) - mctp: Fix an error handling path in mctp_init() (Wei Yongjun) - stmmac: intel: Update PCH PTP clock rate from 200MHz to 204.8MHz (Tan, Tee Min) - stmmac: intel: Enable 2.5Gbps for Intel AlderLake-S (Wong Vee Khee) - net: cxgb3_main: disable napi when bind qsets failed in cxgb_up() (Zhengchao Shao) - net: cpsw: disable napi in cpsw_ndo_open() (Zhengchao Shao) - net/mlx5e: E-Switch, Fix comparing termination table instance (Roi Dayan) - net/mlx5: Allow async trigger completion execution on single CPU systems (Roy Novich) - net/mlx5: Bridge, verify LAG state when adding bond to bridge (Vlad Buslov) - net: wwan: iosm: fix memory leak in ipc_pcie_read_bios_cfg (M Chetan Kumar) - net: nixge: disable napi when enable interrupts failed in nixge_open() (Zhengchao Shao) - net: marvell: prestera: fix memory leak in prestera_rxtx_switch_init() (Zhengchao Shao) - netfilter: Cleanup nft_net->module_list from nf_tables_exit_net() (Shigeru Yoshida) - netfilter: nfnetlink: fix potential dead lock in nfnetlink_rcv_msg() (Ziyang Xuan) - perf tools: Add the include/perf/ directory to .gitignore (Donglin Peng) - perf stat: Fix printing os->prefix in CSV metrics output (Athira Rajeev) - drivers: net: xgene: disable napi when register irq failed in xgene_enet_open() (Zhengchao Shao) - net: lapbether: fix issue of invalid opcode in lapbeth_open() (Zhengchao Shao) - dmaengine: ti: k3-udma-glue: fix memory leak when register device fail (Yang Yingliang) - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (Christophe JAILLET) - dmaengine: pxa_dma: use platform_get_irq_optional (Doug Brown) - tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header (Xin Long) - net: broadcom: Fix BCMGENET Kconfig (YueHaibing) - net: stmmac: dwmac-meson8b: fix meson8b_devm_clk_prepare_enable() (Rasmus Villemoes) - can: af_can: fix NULL pointer dereference in can_rx_register() (Zhengchao Shao) - ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network (Alexander Potapenko) - tcp: prohibit TCP_REPAIR_OPTIONS if data was already sent (Lu Wei) - drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (Yuan Can) - net: wwan: mhi: fix memory leak in mhi_mbim_dellink (HW He) - net: wwan: iosm: fix memory leak in ipc_wwan_dellink (HW He) - hamradio: fix issue of dev reference count leakage in bpq_device_event() (Zhengchao Shao) - net: lapbether: fix issue of dev reference count leakage in lapbeth_device_event() (Zhengchao Shao) - KVM: s390: pv: don't allow userspace to set the clock under PV (Nico Boehr) - phy: ralink: mt7621-pci: add sentinel to quirks table (John Thomson) - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (Gaosheng Cui) - net: fman: Unregister ethernet device on removal (Sean Anderson) - bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer (Alex Barba) - bnxt_en: Fix possible crash in bnxt_hwrm_set_coal() (Michael Chan) - net: tun: Fix memory leaks of napi_get_frags (Wang Yufen) - octeontx2-pf: NIX TX overwrites SQ_CTX_HW_S[SQ_INT] (Ratheesh Kannoth) - octeontx2-pf: Use hardware register for CQE count (Geetha sowjanya) - macsec: clear encryption keys from the stack after setting up offload (Sabrina Dubroca) - macsec: fix detection of RXSCs when toggling offloading (Sabrina Dubroca) - macsec: fix secy->n_rx_sc accounting (Sabrina Dubroca) - macsec: delete new rxsc when offload fails (Sabrina Dubroca) - net: gso: fix panic on frag_list with mixed head alloc types (Jiri Benc) - bpf: Fix wrong reg type conversion in release_reference() (Youlin Li) - bpf: Add helper macro bpf_for_each_reg_in_vstate (Kumar Kartikeya Dwivedi) - bpf, sock_map: Move cancel_work_sync() out of sock lock (Cong Wang) - bpf: Fix sockmap calling sleepable function in teardown path (John Fastabend) - bpf, sockmap: Fix sk->sk_forward_alloc warn_on in sk_stream_kill_queues (Wang Yufen) - HID: hyperv: fix possible memory leak in mousevsc_probe() (Yang Yingliang) - bpftool: Fix NULL pointer dereference when pin {PROG, MAP, LINK} without FILE (Pu Lehui) - wifi: mac80211: Set TWT Information Frame Disabled bit as 1 (Howard Hsu) - bpf, sockmap: Fix the sk->sk_forward_alloc warning of sk_stream_kill_queues (Wang Yufen) - bpf, verifier: Fix memory leak in array reallocation for stack state (Kees Cook) - soundwire: qcom: check for outanding writes before doing a read (Srinivas Kandagatla) - soundwire: qcom: reinit broadcast completion (Srinivas Kandagatla) - wifi: cfg80211: fix memory leak in query_regdb_file() (Arend van Spriel) - wifi: cfg80211: silence a sparse RCU warning (Johannes Berg) - phy: stm32: fix an error code in probe (Dan Carpenter) - hwspinlock: qcom: correct MMIO max register for newer SoCs (Krzysztof Kozlowski) - drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram() (Yang Li) - drm/amdkfd: handle CPU fault on COW mapping (Philip Yang) - drm/amdkfd: avoid recursive lock in migrations back to RAM (Alex Sierra) - fuse: fix readdir cache race (Miklos Szeredi) - thunderbolt: Add DP OUT resource when DP tunnel is discovered (Sanjay R Mehta) - thunderbolt: Tear down existing tunnels when resuming from hibernate (Mika Westerberg) - LTS version: v5.15.78 (Jack Vogel) - wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker() (Dokyung Song) - drm/i915/sdvo: Setup DDC fully before output init (Ville Syrjala) - drm/i915/sdvo: Filter out invalid outputs more sensibly (Ville Syrjala) - drm/rockchip: dsi: Force synchronous probe (Brian Norris) - drm/rockchip: dsi: Clean up 'usage_mode' when failing to attach (Brian Norris) - cifs: fix regression in very old smb1 mounts (Ronnie Sahlberg) - ext4,f2fs: fix readahead of verity data (Matthew Wilcox (Oracle)) - tee: Fix tee_shm_register() for kernel TEE drivers (Sumit Garg) - KVM: x86: emulator: update the emulation mode after CR0 write (Maxim Levitsky) - KVM: x86: emulator: update the emulation mode after rsm (Maxim Levitsky) - KVM: x86: emulator: introduce emulator_recalc_and_set_mode (Maxim Levitsky) - KVM: x86: emulator: em_sysexit should update ctxt->mode (Maxim Levitsky) - KVM: arm64: Fix bad dereference on MTE-enabled systems (Ryan Roberts) - KVM: VMX: fully disable SGX if SECONDARY_EXEC_ENCLS_EXITING unavailable (Emanuele Giuseppe Esposito) - KVM: x86: Mask off reserved bits in CPUID.8000001FH (Jim Mattson) - KVM: x86: Mask off reserved bits in CPUID.80000001H (Jim Mattson) - KVM: x86: Mask off reserved bits in CPUID.80000008H (Jim Mattson) - KVM: x86: Mask off reserved bits in CPUID.8000001AH (Jim Mattson) - KVM: x86: Mask off reserved bits in CPUID.80000006H (Jim Mattson) - x86/syscall: Include asm/ptrace.h in syscall_wrapper header (Jiri Olsa) - ext4: fix BUG_ON() when directory entry has invalid rec_len (Luis Henriques) - ext4: fix warning in 'ext4_da_release_space' (Ye Bin) - parisc: Avoid printing the hardware path twice (Helge Deller) - parisc: Export iosapic_serial_irq() symbol for serial port driver (Helge Deller) - parisc: Make 8250_gsc driver dependend on CONFIG_PARISC (Helge Deller) - perf/x86/intel: Fix pebs event constraints for SPR (Kan Liang) - perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes[] (Kan Liang) - perf/x86/intel: Fix pebs event constraints for ICL (Kan Liang) - arm64: entry: avoid kprobe recursion (Mark Rutland) - efi: random: Use 'ACPI reclaim' memory for random seed (Ard Biesheuvel) - efi: random: reduce seed size to 32 bytes (Ard Biesheuvel) - fuse: add file_modified() to fallocate (Miklos Szeredi) - capabilities: fix potential memleak on error path from vfs_getxattr_alloc() (Gaosheng Cui) - tracing/histogram: Update document for KEYS_MAX size (Zheng Yejian) - tools/nolibc/string: Fix memcmp() implementation (Rasmus Villemoes) - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (Steven Rostedt (Google)) - kprobe: reverse kp->flags when arm_kprobe failed (Li Qiang) - tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd() (Shang XiaoJing) - tcp/udp: Make early_demux back namespacified. (Kuniyuki Iwashima) - ftrace: Fix use-after-free for dynamic ftrace_ops (Li Huafei) - btrfs: fix type of parameter generation in btrfs_get_dentry (David Sterba) - btrfs: fix tree mod log mishandling of reallocated nodes (Josef Bacik) - btrfs: fix lost file sync on direct IO write with nowait and dsync iocb (Filipe Manana) - fscrypt: fix keyring memory leak on mount failure (Eric Biggers) - fscrypt: stop using keyrings subsystem for fscrypt_master_key (Eric Biggers) - af_unix: Fix memory leaks of the whole sk due to OOB skb. (Kuniyuki Iwashima) - block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (Yu Kuai) - Bluetooth: L2CAP: Fix attempting to access uninitialized memory (Luiz Augusto von Dentz) {CVE-2022-42895} - Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (Luiz Augusto von Dentz) {CVE-2022-42896} - i2c: piix4: Fix adapter not be removed in piix4_remove() (Chen Zhongjin) - arm64: dts: juno: Add thermal critical trip points (Cristian Marussi) - firmware: arm_scmi: Fix devres allocation device in virtio transport (Cristian Marussi) - firmware: arm_scmi: Make Rx chan_setup fail on memory errors (Cristian Marussi) - firmware: arm_scmi: Suppress the driver's bind attributes (Cristian Marussi) - block: Fix possible memory leak for rq_wb on add_disk failure (Chen Zhongjin) - arm64: dts: ls208xa: specify clock frequencies for the MDIO controllers (Ioana Ciornei) - arm64: dts: ls1088a: specify clock frequencies for the MDIO controllers (Ioana Ciornei) - arm64: dts: lx2160a: specify clock frequencies for the MDIO controllers (Ioana Ciornei) - arm64: dts: imx8: correct clock order (Peng Fan) - ARM: dts: imx6qdl-gw59{10,13}: fix user pushbutton GPIO offset (Tim Harvey) - clk: qcom: Update the force mem core bit for GPU clocks (Taniya Das) - efi/tpm: Pass correct address to memblock_reserve (Jerry Snitselaar) - i2c: xiic: Add platform module alias (Martin Tuma) - drm/amdgpu: set vm_update_mode=0 as default for Sienna Cichlid in SRIOV case (Danijel Slivka) - HID: saitek: add madcatz variant of MMO7 mouse device ID (Samuel Bailey) - scsi: core: Restrict legal sdev_state transitions via sysfs (Uday Shankar) - ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init() (Ashish Kalra) - media: v4l: subdev: Fail graciously when getting try data for NULL state (Sakari Ailus) - media: meson: vdec: fix possible refcount leak in vdec_probe() (Hangyu Hua) - media: dvb-frontends/drxk: initialize err to 0 (Hans Verkuil) - media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE (Hans Verkuil) - media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (Hans Verkuil) - media: rkisp1: Zero v4l2_subdev_format fields in when validating links (Laurent Pinchart) - media: rkisp1: Use correct macro for gradient registers (Laurent Pinchart) - media: rkisp1: Initialize color space on resizer sink and source pads (Laurent Pinchart) - media: rkisp1: Don't pass the quantization to rkisp1_csm_config() (Laurent Pinchart) - s390/cio: fix out-of-bounds access on cio_ignore free (Peter Oberparleiter) - s390/cio: derive cdev information only for IO-subchannels (Vineeth Vijayan) - s390/boot: add secure boot trailer (Peter Oberparleiter) - s390/uaccess: add missing EX_TABLE entries to __clear_user() (Heiko Carstens) - mtd: parsers: bcm47xxpart: Fix halfblock reads (Linus Walleij) - mtd: parsers: bcm47xxpart: print correct offset on read error (Rafal Milecki) - fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards (Helge Deller) - video/fbdev/stifb: Implement the stifb_fillrect() function (Helge Deller) - drm/msm/hdmi: fix IRQ lifetime (Johan Hovold) - drm/msm/hdmi: Remove spurious IRQF_ONESHOT flag (Daniel Thompson) - vsock: fix possible infinite sleep in vsock_connectible_wait_data() (Dexuan Cui) - ipv6: fix WARNING in ip6_route_net_exit_late() (Zhengchao Shao) - net, neigh: Fix null-ptr-deref in neigh_table_clear() (Chen Zhongjin) - net/smc: Fix possible leaked pernet namespace in smc_init() (Chen Zhongjin) - stmmac: dwmac-loongson: fix invalid mdio_node (Liu Peibao) - ibmvnic: Free rwi on reset success (Nick Child) - net: mdio: fix undefined behavior in bit shift for __mdiobus_register (Gaosheng Cui) - Bluetooth: L2CAP: Fix memory leak in vhci_write (Hawkins Jiawei) - Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del() (Zhengchao Shao) - Bluetooth: virtio_bt: Use skb_put to set length (Soenke Huster) - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (Maxim Mikityanskiy) - netfilter: ipset: enforce documented limit to prevent allocating huge memory (Jozsef Kadlecsik) - btrfs: fix ulist leaks in error paths of qgroup self tests (Filipe Manana) - btrfs: fix inode list leak during backref walking at find_parent_nodes() (Filipe Manana) - btrfs: fix inode list leak during backref walking at resolve_indirect_refs() (Filipe Manana) - isdn: mISDN: netjet: fix wrong check of device registration (Yang Yingliang) - mISDN: fix possible memory leak in mISDN_register_device() (Yang Yingliang) - rose: Fix NULL pointer dereference in rose_send_frame() (Zhang Qilong) - ipvs: fix WARNING in ip_vs_app_net_cleanup() (Zhengchao Shao) - ipvs: fix WARNING in __ip_vs_cleanup_batch() (Zhengchao Shao) - ipvs: use explicitly signed chars (Jason A. Donenfeld) - netfilter: nf_tables: release flow rule object from commit path (Pablo Neira Ayuso) - netfilter: nf_tables: netlink notifier might race to release objects (Pablo Neira Ayuso) - net: tun: fix bugs for oversize packet when napi frags enabled (Ziyang Xuan) - net: sched: Fix use after free in red_enqueue() (Dan Carpenter) - ata: pata_legacy: fix pdc20230_set_piomode() (Sergey Shtylyov) - net: fec: fix improper use of NETDEV_TX_BUSY (Zhang Changzhong) - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (Shang XiaoJing) - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (Shang XiaoJing) - nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (Shang XiaoJing) - nfc: fdp: Fix potential memory leak in fdp_nci_send() (Shang XiaoJing) - net: dsa: fall back to default tagger if we can't load the one from DT (Vladimir Oltean) - RDMA/qedr: clean up work queue on failure in qedr_alloc_resources() (Dan Carpenter) - RDMA/core: Fix null-ptr-deref in ib_core_cleanup() (Chen Zhongjin) - net: dsa: Fix possible memory leaks in dsa_loop_init() (Chen Zhongjin) - nfs4: Fix kmemleak when allocate slot failed (Zhang Xiaoxu) - NFSv4.2: Fixup CLONE dest file size for zero-length count (Benjamin Coddington) - SUNRPC: Fix null-ptr-deref when xps sysfs alloc failed (Zhang Xiaoxu) - NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot (Trond Myklebust) - NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (Trond Myklebust) - NFSv4: Fix a potential state reclaim deadlock (Trond Myklebust) - RDMA/hns: Disable local invalidate operation (Yangyang Li) - RDMA/hns: Use hr_reg_xxx() instead of remaining roce_set_xxx() (Wenpeng Liang) - RDMA/hns: Remove magic number (Xinhao Liu) - IB/hfi1: Correctly move list in sc_disable() (Dean Luick) - KVM: x86: Add compat handler for KVM_X86_SET_MSR_FILTER (Alexander Graf) - KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter() (Alexander Graf) - KVM: x86: Protect the unused bits in MSR exiting flags (Aaron Lewis) - HID: playstation: add initial DualSense Edge controller support (Roderick Colenbrander) - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (Baolin Wang) - drm/amd/display: explicitly disable psr_feature_enable appropriately (Shirish S) - KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1) (Sean Christopherson) - serial: ar933x: Deassert Transmit Enable on ->rs485_config() (Lukas Wunner) - scsi: lpfc: Rework MIB Rx Monitor debug info logic (James Smart) - scsi: lpfc: Adjust CMF total bytes and rxmonitor (James Smart) - scsi: lpfc: Adjust bytes received vales during cmf timer interval (James Smart) - LTS version: v5.15.77 (Jack Vogel) - tcp/udp: Fix memory leak in ipv6_renew_options(). (Kuniyuki Iwashima) - serial: Deassert Transmit Enable on probe in driver-specific way (Lukas Wunner) - serial: core: move RS485 configuration tasks from drivers into core (Lino Sanfilippo) - can: rcar_canfd: rcar_canfd_handle_global_receive(): fix IRQ storm on global FIFO receive (Biju Das) - can: rcar_canfd: fix channel specific IRQ handling for RZ/G2L (Biju Das) - scsi: sd: Revert 'scsi: sd: Remove a local variable' (Yu Kuai) - arm64: Add AMPERE1 to the Spectre-BHB affected list (D Scott Phillips) - net: enetc: survive memory pressure without crashing (Vladimir Oltean) - kcm: do not sense pfmemalloc status in kcm_sendpage() (Eric Dumazet) - net: do not sense pfmemalloc status in skb_append_pagefrags() (Eric Dumazet) - net/mlx5: Fix crash during sync firmware reset (Suresh Devarakonda) - net/mlx5: Update fw fatal reporter state on PCI handlers successful recover (Roy Novich) - net/mlx5: Print more info on pci error handlers (Saeed Mahameed) - net/mlx5: Fix possible use-after-free in async command interface (Tariq Toukan) - net/mlx5e: Extend SKB room check to include PTP-SQ (Aya Levin) - net/mlx5e: Do not increment ESN when updating IPsec ESN state (Hyong Youb Kim) - netdevsim: remove dir in nsim_dev_debugfs_init() when creating ports dir failed (Zhengchao Shao) - net: broadcom: bcm4908_enet: update TX stats after actual transmission (Rafal Milecki) - net: broadcom: bcm4908enet: remove redundant variable bytes (Colin Ian King) - nh: fix scope used to find saddr when adding non gw nh (Nicolas Dichtel) - net: bcmsysport: Indicate MAC is in charge of PHY PM (Florian Fainelli) - net: ehea: fix possible memory leak in ehea_register_port() (Yang Yingliang) - openvswitch: switch from WARN to pr_warn (Aaron Conole) - ALSA: aoa: Fix I2S device accounting (Takashi Iwai) - ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (Yang Yingliang) - net: ethernet: ave: Fix MAC to be in charge of PHY PM (Kunihiko Hayashi) - net: fec: limit register access on i.MX6UL (Juergen Borleis) - perf vendor events arm64: Fix incorrect Hisi hip08 L3 metrics (Shang XiaoJing) - PM: domains: Fix handling of unavailable/disabled idle states (Sudeep Holla) - net: ksz884x: fix missing pci_disable_device() on error in pcidev_init() (Yang Yingliang) - i40e: Fix flow-type by setting GL_HASH_INSET registers (Slawomir Laba) - i40e: Fix VF hang when reset is triggered on another VF (Sylwester Dziedziuch) - i40e: Fix ethtool rx-flow-hash setting for X722 (Slawomir Laba) - ipv6: ensure sane device mtu in tunnels (Eric Dumazet) - perf vendor events power10: Fix hv-24x7 metric events (Kajol Jain) - media: vivid: set num_in/outputs to 0 if not supported (Hans Verkuil) - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (Hans Verkuil) - media: v4l2-dv-timings: add sanity checks for blanking values (Hans Verkuil) - media: vivid: dev->bitmap_cap wasn't freed in all cases (Hans Verkuil) - media: vivid: s_fbuf: add more sanity checks (Hans Verkuil) - PM: hibernate: Allow hybrid sleep to work with s2idle (Mario Limonciello) - can: mcp251x: mcp251x_can_probe(): add missing unregister_candev() in error path (Dongliang Mu) - can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (Dongliang Mu) - drm/amdkfd: Fix memory leak in kfd_mem_dmamap_userptr() (Rafael Mendonca) - net-memcg: avoid stalls when under memory pressure (Jakub Kicinski) - tcp: fix indefinite deferral of RTO with SACK reneging (Neal Cardwell) - tcp: fix a signed-integer-overflow bug in tcp_add_backlog() (Lu Wei) - tcp: minor optimization in tcp_add_backlog() (Eric Dumazet) - net: lantiq_etop: don't free skb when returning NETDEV_TX_BUSY (Zhang Changzhong) - net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed (Zhengchao Shao) - kcm: annotate data-races around kcm->rx_wait (Eric Dumazet) - kcm: annotate data-races around kcm->rx_psock (Eric Dumazet) - atlantic: fix deadlock at aq_nic_stop (Inigo Huguet) - drm/i915/dp: Reset frl trained flag before restarting FRL training (Ankit Nautiyal) - amd-xgbe: add the bit rate quirk for Molex cables (Raju Rangoju) - amd-xgbe: fix the SFP compliance codes check for DAC cables (Raju Rangoju) - x86/unwind/orc: Fix unreliable stack dump with gcov (Chen Zhongjin) - nfc: virtual_ncidev: Fix memory leak in virtual_nci_send() (Shang XiaoJing) - net: macb: Specify PHY PM management done by MAC (Sergiu Moga) - net: hinic: fix the issue of double release MBOX callback of VF (Zhengchao Shao) - net: hinic: fix the issue of CMDQ memory leaks (Zhengchao Shao) - net: hinic: fix memory leak when reading function table (Zhengchao Shao) - net: hinic: fix incorrect assignment issue in hinic_set_interrupt_cfg() (Zhengchao Shao) - net: netsec: fix error handling in netsec_register_mdio() (Yang Yingliang) - tipc: fix a null-ptr-deref in tipc_topsrv_accept (Xin Long) - perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of clear_cpu_cap() (Maxim Levitsky) - ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() (Yang Yingliang) - ASoC: qcom: lpass-cpu: Mark HDMI TX parity register as volatile (Srinivasa Rao Mandadapu) - mtd: rawnand: intel: Add missing of_node_put() in ebu_nand_probe() (Yang Yingliang) - arc: iounmap() arg is volatile (Randy Dunlap) - sched/core: Fix comparison in sched_group_cookie_match() (Lin Shengwang) - perf: Fix missing SIGTRAPs (Peter Zijlstra) - ASoC: qcom: lpass-cpu: mark HDMI TX registers as volatile (Srinivasa Rao Mandadapu) - KVM: selftests: Fix number of pages for memory slot in memslot_modification_stress_test (Gavin Shan) - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (Nathan Huckleberry) - media: atomisp: prevent integer overflow in sh_css_set_black_frame() (Dan Carpenter) - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (Alexander Stein) - net: ieee802154: fix error return code in dgram_bind() (Wei Yongjun) - ethtool: eeprom: fix null-deref on genl_info in dump (Xin Long) - mmc: block: Remove error check of hw_reset on reset (Christian Lohle) - s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (Heiko Carstens) - s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (Heiko Carstens) - perf auxtrace: Fix address filter symbol name match for modules (Adrian Hunter) - ARC: mm: fix leakage of memory allocated for PTE (Pavel Kozlov) - pinctrl: Ingenic: JZ4755 bug fixes (Siarhei Volkau) - kernfs: fix use-after-free in __kernfs_remove (Christian A. Ehrhardt) - counter: microchip-tcb-capture: Handle Signal1 read and Synapse (William Breathitt Gray) - mmc: sdhci-esdhc-imx: Propagate ESDHC_FLAG_HS400* only on 8bit bus (Sascha Hauer) - mmc: sdhci-pci-core: Disable ES for ASUS BIOS on Jasper Lake (Patrick Thompson) - mmc: core: Fix kernel panic when remove non-standard SDIO card (Matthew Ma) - mmc: sdhci_am654: 'select', not 'depends' REGMAP_MMIO (Brian Norris) - coresight: cti: Fix hang in cti_disable_hw() (James Clark) - drm/msm/dp: fix IRQ lifetime (Johan Hovold) - drm/msm/hdmi: fix memory corruption with too many bridges (Johan Hovold) - drm/msm/dsi: fix memory corruption with too many bridges (Johan Hovold) - drm/amdgpu: disallow gfxoff until GC IP blocks complete s2idle resume (Prike Liang) - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (Manish Rangankar) - mac802154: Fix LQI recording (Miquel Raynal) - exec: Copy oldsighand->action under spin-lock (Bernd Edlinger) - fs/binfmt_elf: Fix memory leak in load_elf_binary() (Li Zetao) - cpufreq: intel_pstate: hybrid: Use known scaling factor for P-cores (Rafael J. Wysocki) - cpufreq: intel_pstate: Read all MSRs on the target CPU (Rafael J. Wysocki) - fbdev: smscufx: Fix several use-after-free bugs (Hyunwoo Kim) - iio: adxl372: Fix unsafe buffer attributes (Matti Vaittinen) - iio: temperature: ltc2983: allocate iio channels once (Cosmin Tanislav) - iio: light: tsl2583: Fix module unloading (Shreeya Patel) - tools: iio: iio_utils: fix digit calculation (Matti Vaittinen) - xhci: Remove device endpoints from bandwidth list when freeing the device (Mathias Nyman) - xhci-pci: Set runtime PM as default policy on all xHC 1.2 or later devices (Mario Limonciello) - xhci: Add quirk to reset host back to default state at shutdown (Mathias Nyman) - mtd: rawnand: marvell: Use correct logic for nand-keep-config (Tony O'Brien) - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (Jens Glathe) - usb: bdc: change state when port disconnected (Justin Chen) - usb: dwc3: gadget: Don't set IMI for no_interrupt (Thinh Nguyen) - usb: dwc3: gadget: Stop processing more requests on IMI (Thinh Nguyen) - usb: gadget: uvc: fix sg handling during video encode (Jeff Vanhoof) - usb: gadget: uvc: fix sg handling in error case (Dan Vacura) - USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (Hannu Hartikainen) - ALSA: rme9652: use explicitly signed char (Jason A. Donenfeld) - ALSA: au88x0: use explicitly signed char (Jason A. Donenfeld) - ALSA: usb-audio: Add quirks for M-Audio Fast Track C400/600 (Takashi Iwai) - ALSA: Use del_timer_sync() before freeing timer (Steven Rostedt (Google)) - can: kvaser_usb: Fix possible completions during init_completion (Anssi Hannula) - can: j1939: transport: j1939_session_skb_drop_old(): spin_unlock_irqrestore() before kfree_skb() (Yang Yingliang) - NFSv4: Add an fattr allocation to _nfs4_discover_trunking() (Scott Mayhew) - NFSv4: Fix free of uninitialized nfs4_label on referral lookup. (Benjamin Coddington) - rds: ib: Enable FC by default (Hakon Bugge) [Orabug: 33930793] - Adding a new sysfs entry point -- forcepower -- to /sys/bus/pci/slots/X. (James Puthukattukaran) [Orabug: 34719459] - nvme: paring quiesce/unquiesce (Ming Lei) [Orabug: 34719459] - nvme: prepare for pairing quiescing and unquiescing (Ming Lei) [Orabug: 34719459] - nvme: apply nvme API to quiesce/unquiesce admin queue (Ming Lei) [Orabug: 34719459] - nvme: add APIs for stopping/starting admin queue (Ming Lei) [Orabug: 34719459] - hugetlbfs: don't delete error page from pagecache (James Houghton) [Orabug: 34772616] - mm: shmem: don't truncate page if memory failure happens (Yang Shi) [Orabug: 34772616] - mm: hwpoison: handle non-anonymous THP correctly (Yang Shi) [Orabug: 34772616] - mm: hwpoison: refactor refcount check handling (Yang Shi) [Orabug: 34772616] - net/rds: Quiesce heartbeat worker in rds_conn_path_destroy() (Sharath Srinivasan) [Orabug: 34815818] - net/rds: Add support for tracing RDS heartbeats (Sharath Srinivasan) [Orabug: 34815818] - net/rds: Enable RDS heartbeat by default (Sharath Srinivasan) [Orabug: 34815818] - uek-rpm: core.list: add VirtualBox guest drivers to core package (Todd Vierling) [Orabug: 34820755] - tools/power turbostat: fix SPR PC6 limits (Artem Bityutskiy) [Orabug: 34838996] - tools/power turbostat: separate SPR from ICX (Artem Bityutskiy) [Orabug: 34838996] - rds: ib: Fix incorrect error handling during QP creation (Hakon Bugge) [Orabug: 34857202] - Revert 'random: clear fast pool, crng, and batches in cpuhp bring up' (Somasundaram Krishnasamy) [Orabug: 34850847] IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-42896 CVE-2022-42895 CVE-2022-4378 cpe:/a:oracle:linux:8::UEKR7 cpe:/o:oracle:linux:9:1:baseos_patch cpe:/a:oracle:linux:9::UEKR7 cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [2.06-46.0.4] - Bump SBAT metadata for grub to 3 [Orabug: 34872719] [2.06-46.0.3] - Fix CVE-2022-2601 and CVE-2022-3775 [Orabug: 34871953] - Enable signing for aarch64 EFI IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-3775 CVE-2022-2601 cpe:/o:oracle:linux:9:1:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-21843 CVE-2023-21835 CVE-2023-21830 CVE-2022-43548 cpe:/a:oracle:linux:9::graalvm_community Oracle Linux 9 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-43548 CVE-2023-21830 CVE-2023-21843 CVE-2023-21835 cpe:/a:oracle:linux:9::graalvm_community Oracle Linux 9 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-21843 CVE-2023-21835 CVE-2022-43548 CVE-2023-21830 cpe:/a:oracle:linux:9::graalvm_community Oracle Linux 9 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-21830 CVE-2023-21843 CVE-2022-43548 CVE-2023-21835 cpe:/a:oracle:linux:9::graalvm_community Oracle Linux 8 Oracle Linux 9 [5.15.0-7.86.6.1] - net/rds: Delegate fan-out to a background worker (Gerd Rausch) [Orabug: 35051226] [5.15.0-7.86.6] - runtime revert of virtio_net: Stripe queue affinities across cores. (Konrad Rzeszutek Wilk) [Orabug: 35001044] - rds: ib: Make sure messages that errors out also get unmapped (Hakon Bugge) [Orabug: 35015598] - Ignore hot plug events when force powering off a device (James Puthukattukaran) [Orabug: 35015761] - mptcp: UEK: disable mptcp protocol (Jack Vogel) [Orabug: 34821286] [5.15.0-7.86.5] - uek-rpm: Enable HP watchdog for aarch64 (Saeed Mirzamohammadi) [Orabug: 34902069] - watchdog/hpwdt: Include nmi.h only if CONFIG_HPWDT_NMI_DECODING (Jerry Hoemann) [Orabug: 34902069] - watchdog/hpwdt: Enable HP_WATCHDOG for ARM64 systems. (Jerry Hoemann) [Orabug: 34902069] - Revert 'selftests/bpf: Add test for unstable CT lookup API' (Alan Maguire) [Orabug: 34951842] - uek-rpm: config-x86-64*: enable CONFIG_MT7921E (Todd Vierling) [Orabug: 34970472] - netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits (Pablo Neira Ayuso) [Orabug: 34978152] {CVE-2023-0179} - perf/x86/rapl: Use standard Energy Unit for SPR Dram RAPL domain (Zhang Rui) [Orabug: 34978296] - powercap: intel_rapl: support new layout of Psys PowerLimit Register on SPR (Zhang Rui) [Orabug: 34978296] - uek: kabi: enable aarch64 kABI checking (Saeed Mirzamohammadi) [Orabug: 34339132] [5.15.0-7.86.4] - net/rds: Fill in rds_exthdr_size gaps (Gerd Rausch) [Orabug: 34979170] - Revert 'uek: kabi: enable aarch64 kABI checking' (Jack Vogel) - Revert 'uek-rpm: Disable kABI checking for aarch64 64k builds' (Jack Vogel) [5.15.0-7.86.3] - uek-rpm: Disable kABI checking for aarch64 64k builds (Saeed Mirzamohammadi) [Orabug: 34339132] [5.15.0-7.86.2] - net/rds: Trigger rds_send_hs_ping() more than once (Gerd Rausch) [Orabug: 34607844] - Revert 'RDS: TCP: Track peer's connection generation number' (Gerd Rausch) [Orabug: 34700109] - net/rds: Use the first lane until RDS_EXTHDR_NPATHS arrives (Gerd Rausch) [Orabug: 34314502] - net/rds: Kick-start TCP receiver after accept (Gerd Rausch) [Orabug: 34600819] - net/rds: rds_tcp_conn_path_shutdown must not discard messages (Gerd Rausch) [Orabug: 34560700] - net/rds: Encode cp_index in TCP source port (Gerd Rausch) [Orabug: 34556036] - uek: kabi: enable aarch64 kABI checking (Saeed Mirzamohammadi) [Orabug: 34339132] - uek-rpm: Disable Promise SuperTrak EX series storage controllers (Somasundaram Krishnasamy) [Orabug: 34670747] - uek-rpm: ol9: Disable CONFIG_IR_MCEUSB from UEK7 OL9. (Harshit Mogalapalli) [Orabug: 34820237] - IB/mlx5: Add a signature check to received EQEs and CQEs (Rohit Nair) [Orabug: 34821073] - rds: ib: Avoid tear-down of caches unless already initialized (Hakon Bugge) [Orabug: 34826403] - KVM: SVM: Fix AVIC GATag to support max number of vCPUs (Suravee Suthikulpanit) [Orabug: 34961703] - Revert 'rds: ib: Enable FC by default' (Hakon Bugge) [Orabug: 34964359] - uek-rpm: Add nft_reject* modules to core rpm. (Somasundaram Krishnasamy) [Orabug: 34970060] - cpufreq: intel_pstate: Support Sapphire Rapids OOB mode (Srinivas Pandruvada) [Orabug: 34961609] [5.15.0-7.86.1] - LTS version: v5.15.86 (Jack Vogel) - pwm: tegra: Fix 32 bit build (Steven Price) - mfd: qcom_rpm: Use devm_of_platform_populate() to simplify code (Christophe JAILLET) - extcon: usbc-tusb320: Call the Type-C IRQ handler only if a port is registered (Yassine Oudjana) - media: dvbdev: fix refcnt bug (Lin Ma) - media: dvbdev: fix build warning due to comments (Lin Ma) - net: stmmac: fix errno when create_singlethread_workqueue() fails (Gaosheng Cui) - scsi: qla2xxx: Fix crash when I/O abort times out (Arun Easi) - btrfs: do not BUG_ON() on ENOMEM when dropping extent items for a range (Filipe Manana) - ovl: fix use inode directly in rcu-walk mode (Chen Zhongjin) - fbdev: fbcon: release buffer when fbcon_do_set_font() failed (Tetsuo Handa) - gcov: add support for checksum field (Rickard x Andersson) - floppy: Fix memory leak in do_floppy_init() (Yuan Can) - regulator: core: fix deadlock on regulator enable (Johan Hovold) - iio: adc128s052: add proper .data members in adc128_of_match table (Rasmus Villemoes) - iio: adc: ad_sigma_delta: do not use internal iio_dev lock (Nuno Sa) - iio: fix memory leak in iio_device_register_eventset() (Zeng Heng) - reiserfs: Add missing calls to reiserfs_security_free() (Roberto Sassu) - security: Restrict CONFIG_ZERO_CALL_USED_REGS to gcc or clang > 15.0.6 (Nathan Chancellor) - 9p: set req refcount to zero to avoid uninitialized usage (Schspa Shi) - loop: Fix the max_loop commandline argument treatment when it is set to 0 (Isaac J. Manjarres) - HID: mcp2221: don't connect hidraw (Enrik Berkhan) - HID: wacom: Ensure bootloader PID is usable in hidraw mode (Jason Gerecke) - xhci: Prevent infinite loop in transaction errors recovery for streams (Mathias Nyman) - usb: dwc3: core: defer probe on ulpi_read_id timeout (Ferry Toth) - usb: dwc3: Fix race between dwc3_set_mode and __dwc3_set_mode (Sven Peter) - arm64: dts: qcom: sm8250: fix USB-DP PHY registers (Johan Hovold) - usb: xhci-mtk: fix leakage of shared hcd when fail to set wakeup irq (Chunfeng Yun) - usb: cdnsp: fix lack of ZLP for ep0 (Pawel Laszczak) - ALSA: hda/hdmi: Add HP Device 0x8711 to force connect list (Jiao Zhou) - ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB (Edward Pacman) - ALSA: usb-audio: add the quirk for KT0206 device (wangdicheng) - ima: Simplify ima_lsm_copy_rule (GUO Zihua) - pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES (John Stultz) - afs: Fix lost servers_outstanding count (David Howells) - perf debug: Set debug_peo_args and redirect_to_stderr variable to correct values in perf_quiet_option() (Yang Jihong) - pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion (John Stultz) - LoadPin: Ignore the 'contents' argument of the LSM hooks (Kees Cook) - drm/i915/display: Don't disable DDI/Transcoder when setting phy test pattern (Khaled Almahallawy) - ASoC: rt5670: Remove unbalanced pm_runtime_put() (Hans de Goede) - ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume() (Wang Jingjin) - ASoC: wm8994: Fix potential deadlock (Marek Szyprowski) - ASoC: mediatek: mt8183: fix refcount leak in mt8183_mt6358_ts3a227_max98357_dev_probe() (Wang Yufen) - ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume() (Wang Jingjin) - ASoC: audio-graph-card: fix refcount leak of cpu_ep in __graph_for_each_link() (Wang Yufen) - ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe() (Wang Yufen) - ASoC: Intel: Skylake: Fix driver hang during shutdown (Cezary Rojewski) - ALSA: hda: add snd_hdac_stop_streams() helper (Pierre-Louis Bossart) - ALSA/ASoC: hda: move/rename snd_hdac_ext_stop_streams to hdac_stream.c (Pierre-Louis Bossart) - hwmon: (jc42) Fix missing unlock on error in jc42_write() (Yang Yingliang) - KVM: selftests: Fix build regression by using accessor function (Tyler Hicks) - tools/include: Add _RET_IP_ and math definitions to kernel.h (Karolina Drobnik) - orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init() (Zhang Xiaoxu) - orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string() (Zhang Xiaoxu) - drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid() (Nathan Chancellor) - drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid() (Nathan Chancellor) - hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param() (Hawkins Jiawei) - scsi: elx: libefc: Fix second parameter type in state callbacks (Nathan Chancellor) - scsi: ufs: Reduce the START STOP UNIT timeout (Bart Van Assche) - scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (Justin Tee) - crypto: hisilicon/hpre - fix resource leak in remove process (Zhiqi Song) - clk: st: Fix memory leak in st_of_quadfs_setup() (Xiu Jianfeng) - media: si470x: Fix use-after-free in si470x_int_in_callback() (Shigeru Yoshida) - mmc: renesas_sdhi: better reset from HS400 mode (Wolfram Sang) - mmc: f-sdh30: Add quirks for broken timeout clock capability (Kunihiko Hayashi) - wifi: mt76: do not run mt76u_status_worker if the device is not running (Lorenzo Bianconi) - regulator: core: fix use_count leakage when handling boot-on (Rui Zhang) - libbpf: Avoid enum forward-declarations in public API in C++ mode (Andrii Nakryiko) - drm/amd/display: Use the largest vready_offset in pipe group (Wesley Chalmers) - blk-mq: fix possible memleak when register 'hctx' failed (Ye Bin) - media: dvb-usb: fix memory leak in dvb_usb_adapter_init() (Mazin Al Haddad) - media: dvbdev: adopts refcnt to avoid UAF (Lin Ma) - media: dvb-frontends: fix leak of memory fw (Yan Lei) - ethtool: avoiding integer overflow in ethtool_phys_id() (Maxim Korotkov) - bpf: Prevent decl_tag from being referenced in func_proto arg (Stanislav Fomichev) - ppp: associate skb with a device at tx (Stanislav Fomichev) - mrp: introduce active flags to prevent UAF when applicant uninit (Schspa Shi) - ipv6/sit: use DEV_STATS_INC() to avoid data-races (Eric Dumazet) - net: add atomic_long_t to net_device_stats fields (Eric Dumazet) - drm/amd/display: fix array index out of bound error in bios parser (Aurabindo Pillai) - md/raid1: stop mdx_raid1 thread when raid1 array run failed (Jiang Li) - drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() (Li Zhong) - drm/mediatek: Fix return type of mtk_hdmi_bridge_mode_valid() (Nathan Chancellor) - drm/sti: Use drm_mode_copy() (Ville Syrjala) - drm/rockchip: Use drm_mode_copy() (Ville Syrjala) - drm/msm: Use drm_mode_copy() (Ville Syrjala) - s390/lcs: Fix return type of lcs_start_xmit() (Nathan Chancellor) - s390/netiucv: Fix return type of netiucv_tx() (Nathan Chancellor) - s390/ctcm: Fix return type of ctc{mp,}m_tx() (Nathan Chancellor) - drm/amdgpu: Fix type of second parameter in odn_edit_dpm_table() callback (Nathan Chancellor) - drm/amdgpu: Fix type of second parameter in trans_msg() callback (Nathan Chancellor) - igb: Do not free q_vector unless new one was allocated (Kees Cook) - wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() (Minsuk Kang) - hamradio: baycom_epp: Fix return type of baycom_send_packet() (Nathan Chancellor) - net: ethernet: ti: Fix return type of netcp_ndo_start_xmit() (Nathan Chancellor) - bpf: make sure skb->len != 0 when redirecting to a tunneling device (Stanislav Fomichev) - qed (gcc13): use u16 for fid to be big enough (Jiri Slaby (SUSE)) - Revert 'drm/amd/display: Limit max DSC target bpp for specific monitors' (Hamza Mahfooz) - drm/amd/display: prevent memory leak (gehao) - ipmi: fix memleak when unload ipmi driver (Zhang Yuchen) - ASoC: codecs: rt298: Add quirk for KBL-R RVP platform (Amadeusz Slawinski) - wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out (Shigeru Yoshida) - wifi: ath9k: verify the expected usb_endpoints are present (Fedor Pchelkin) - brcmfmac: return error when getting invalid max_flowrings from dongle (Wright Feng) - media: imx-jpeg: Disable useless interrupt to avoid kernel panic (Ming Qian) - drm/etnaviv: add missing quirks for GC300 (Doug Brown) - hfs: fix OOB Read in __hfs_brec_find (ZhangPeng) - acct: fix potential integer overflow in encode_comp_t() (Zheng Yejian) - nilfs2: fix shift-out-of-bounds due to too large exponent of block size (Ryusuke Konishi) - nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset() (Ryusuke Konishi) - ACPICA: Fix error code path in acpi_ds_call_control_method() (Rafael J. Wysocki) - fs: jfs: fix shift-out-of-bounds in dbDiscardAG (Hoi Pok Wu) - jfs: Fix fortify moan in symlink (Dr. David Alan Gilbert) - udf: Avoid double brelse() in udf_rename() (Shigeru Yoshida) - fs: jfs: fix shift-out-of-bounds in dbAllocAG (Dongliang Mu) - binfmt_misc: fix shift-out-of-bounds in check_special_flags (Liu Shixin) - x86/hyperv: Remove unregister syscore call from Hyper-V cleanup (Gaurav Kohli) - video: hyperv_fb: Avoid taking busy spinlock on panic path (Guilherme G. Piccoli) - arm64: make is_ttbrX_addr() noinstr-safe (Mark Rutland) - rcu: Fix __this_cpu_read() lockdep warning in rcu_force_quiescent_state() (Zqiang) - HID: amd_sfh: Add missing check for dma_alloc_coherent (Jiasheng Jiang) - net: stream: purge sk_error_queue in sk_stream_kill_queues() (Eric Dumazet) - myri10ge: Fix an error handling path in myri10ge_probe() (Christophe JAILLET) - rxrpc: Fix missing unlock in rxrpc_do_sendmsg() (David Howells) - net_sched: reject TCF_EM_SIMPLE case for complex ematch module (Cong Wang) - mailbox: zynq-ipi: fix error handling while device_register() fails (Yang Yingliang) - mailbox: arm_mhuv2: Fix return value check in mhuv2_probe() (Yang Yingliang) - mailbox: mpfs: read the system controller's status (Conor Dooley) - skbuff: Account for tail adjustment during pull operations (Subash Abhinov Kasiviswanathan) - arm64: dts: mt8183: Fix Mali GPU clock (Chen-Yu Tsai) - soc: mediatek: pm-domains: Fix the power glitch issue (Chun-Jie Chen) - openvswitch: Fix flow lookup to use unmasked key (Eelco Chaudron) - selftests: devlink: fix the fd redirect in dummy_reporter_test (Jakub Kicinski) - rtc: mxc_v2: Add missing clk_disable_unprepare() (GUO Zihua) - igc: Set Qbv start_time and end_time to end_time if not being configured in GCL (Tan Tee Min) - igc: Lift TAPRIO schedule restriction (Kurt Kanzenbach) - igc: recalculate Qbv end_time by considering cycle time (Tan Tee Min) - igc: allow BaseTime 0 enrollment for Qbv (Tan Tee Min) - igc: Add checking for basetime less than zero (Muhammad Husaini Zulkifli) - igc: Use strict cycles for Qbv scheduling (Vinicius Costa Gomes) - igc: Enhance Qbv scheduling by using first flag bit (Vinicius Costa Gomes) - r6040: Fix kmemleak in probe and remove (Li Zetao) - unix: Fix race in SOCK_SEQPACKET's unix_dgram_sendmsg() (Kirill Tkhai) - nfc: pn533: Clear nfc_target before being used (Minsuk Kang) - net: enetc: avoid buffer leaks on xdp_do_redirect() failure (Vladimir Oltean) - selftests/bpf: Add test for unstable CT lookup API (Kumar Kartikeya Dwivedi) - block, bfq: fix possible uaf for 'bfqq->bic' (Yu Kuai) - mISDN: hfcmulti: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - mISDN: hfcpci: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - mISDN: hfcsusb: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - net: macsec: fix net device access prior to holding a lock (Emeel Hakim) - nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (Dan Aloni) - rtc: pcf85063: fix pcf85063_clkout_control (Alexandre Belloni) - rtc: pic32: Move devm_rtc_allocate_device earlier in pic32_rtc_probe() (Gaosheng Cui) - rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe() (Gaosheng Cui) - netfilter: flowtable: really fix NAT IPv6 offload (Qingfang DENG) - mfd: pm8008: Fix return value check in pm8008_probe() (Yang Yingliang) - mfd: pm8008: Remove driver data structure pm8008_data (Lee Jones) - mfd: qcom_rpm: Fix an error handling path in qcom_rpm_probe() (Christophe JAILLET) - mfd: bd957x: Fix Kconfig dependency on REGMAP_IRQ (Matti Vaittinen) - powerpc/pseries/eeh: use correct API for error log size (Nathan Lynch) - powerpc/eeh: Drop redundant spinlock initialization (Haowen Bai) - remoteproc: qcom: q6v5: Fix missing clk_disable_unprepare() in q6v5_wcss_qcs404_power_on() (Shang XiaoJing) - remoteproc: qcom_q6v5_pas: Fix missing of_node_put() in adsp_alloc_memory_region() (Yuan Can) - remoteproc: qcom_q6v5_pas: detach power domains on remove (Luca Weiss) - remoteproc: qcom_q6v5_pas: disable wakeup on probe fail or remove (Luca Weiss) - remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5_wcss_init_mmio() (Shang XiaoJing) - remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev() (Gaosheng Cui) - pwm: mediatek: always use bus clock for PWM on MT7622 (Daniel Golle) - pwm: mtk-disp: Fix the parameters calculated by the enabled flag of disp_pwm (xinlei lee) - pwm: sifive: Call pwm_sifive_update_clock() while mutex is held (Uwe Kleine-Konig) - iommu/sun50i: Remove IOMMU_DOMAIN_IDENTITY (Jason Gunthorpe) - selftests/powerpc: Fix resource leaks (Miaoqian Lin) - powerpc/hv-gpci: Fix hv_gpci event list (Kajol Jain) - powerpc/83xx/mpc832x_rdb: call platform_device_put() in error case in of_fsl_spi_probe() (Yang Yingliang) - powerpc/perf: callchain validate kernel stack pointer bounds (Nicholas Piggin) - powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (Yang Yingliang) - powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds (Gustavo A. R. Silva) - cxl: Fix refcount leak in cxl_calc_capp_routing (Miaoqian Lin) - powerpc/52xx: Fix a resource leak in an error handling path (Christophe JAILLET) - macintosh/macio-adb: check the return value of ioremap() (Xie Shaowen) - macintosh: fix possible memory leak in macio_add_one_device() (Yang Yingliang) - iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe() (Yuan Can) - iommu/amd: Fix pci device refcount leak in ppr_notifier() (Yang Yingliang) - rtc: pcf85063: Fix reading alarm (Alexander Stein) - rtc: snvs: Allow a time difference on clock register read (Stefan Eichenberger) - rtc: cmos: Disable ACPI RTC event on removal (Rafael J. Wysocki) - rtc: cmos: Rename ACPI-related functions (Rafael J. Wysocki) - rtc: cmos: Eliminate forward declarations of some functions (Rafael J. Wysocki) - rtc: cmos: Call rtc_wake_setup() from cmos_do_probe() (Rafael J. Wysocki) - rtc: cmos: Call cmos_wake_setup() from cmos_do_probe() (Rafael J. Wysocki) - rtc: cmos: fix build on non-ACPI platforms (Alexandre Belloni) - rtc: cmos: Fix wake alarm breakage (Rafael J. Wysocki) - rtc: cmos: Fix event handler registration ordering issue (Rafael J. Wysocki) - rtc: rtc-cmos: Do not check ACPI_FADT_LOW_POWER_S0 (Rafael J. Wysocki) - dmaengine: idxd: Fix crc_val field for completion record (Fenghua Yu) - fs/ntfs3: Fix slab-out-of-bounds read in ntfs_trim_fs (Abdun Nihaal) - pwm: tegra: Improve required rate calculation (Jon Hunter) - include/uapi/linux/swab: Fix potentially missing __always_inline (Matt Redfearn) - phy: usb: s2 WoL wakeup_count not incremented for USB->Eth devices (Al Cooper) - iommu/rockchip: fix permission bits in page table entries v2 (Michael Riesch) - iommu/sun50i: Fix flush size (Jernej Skrabec) - iommu/sun50i: Fix R/W permission check (Jernej Skrabec) - iommu/sun50i: Consider all fault sources for reset (Jernej Skrabec) - iommu/sun50i: Fix reset release (Jernej Skrabec) - fs/ntfs3: Harden against integer overflows (Dan Carpenter) - overflow: Implement size_t saturating arithmetic helpers (Kees Cook) - fs/ntfs3: Avoid UBSAN error on true_sectors_per_clst() (Shigeru Yoshida) - RDMA/siw: Fix pointer cast warning (Arnd Bergmann) - perf stat: Do not delay the workload with --delay (Namhyung Kim) - perf stat: Refactor __run_perf_stat() common code (Adrian Herrera Arcila) - power: supply: fix null pointer dereferencing in power_supply_get_battery_info (ruanjinjie) - power: supply: ab8500: Fix error handling in ab8500_charger_init() (Yuan Can) - HSI: omap_ssi_core: Fix error handling in ssi_init() (Yuan Can) - power: supply: z2_battery: Fix possible memleak in z2_batt_probe() (Zhang Qilong) - perf symbol: correction while adjusting symbol (Ajay Kaher) - perf trace: Handle failure when trace point folder is missed (Leo Yan) - perf trace: Use macro RAW_SYSCALL_ARGS_NUM to replace number (Leo Yan) - perf trace: Return error if a system call doesn't exist (Leo Yan) - power: supply: fix residue sysfs file in error handle route of __power_supply_register() (Zeng Heng) - HSI: omap_ssi_core: fix possible memory leak in ssi_probe() (Yang Yingliang) - HSI: omap_ssi_core: fix unbalanced pm_runtime_disable() (Yang Yingliang) - fbdev: uvesafb: Fixes an error handling path in uvesafb_probe() (Christophe JAILLET) - fbdev: uvesafb: don't build on UML (Randy Dunlap) - fbdev: geode: don't build on UML (Randy Dunlap) - fbdev: ep93xx-fb: Add missing clk_disable_unprepare in ep93xxfb_probe() (Gaosheng Cui) - fbdev: vermilion: decrease reference count in error path (Xiongfeng Wang) - fbdev: via: Fix error in via_core_init() (Shang XiaoJing) - fbdev: pm2fb: fix missing pci_disable_device() (Yang Yingliang) - fbdev: ssd1307fb: Drop optional dependency (Andy Shevchenko) - thermal/drivers/qcom/lmh: Fix irq handler return value (Bjorn Andersson) - thermal/drivers/qcom/temp-alarm: Fix inaccurate warning for gen2 (Luca Weiss) - thermal/drivers/imx8mm_thermal: Validate temperature range (Marcus Folkesson) - samples: vfio-mdev: Fix missing pci_disable_device() in mdpy_fb_probe() (Shang XiaoJing) - ksmbd: Fix resource leak in ksmbd_session_rpc_open() (Xiu Jianfeng) - tracing/hist: Fix issue of losting command info in error_log (Zheng Yejian) - usb: storage: Add check for kcalloc (Jiasheng Jiang) - i2c: ismt: Fix an out-of-bounds bug in ismt_access() (Zheyu Ma) - i2c: mux: reg: check return value after calling platform_get_resource() (Yang Yingliang) - gpiolib: protect the GPIO device against being dropped while in use by user-space (Bartosz Golaszewski) - gpiolib: make struct comments into real kernel docs (Bartosz Golaszewski) - gpiolib: cdev: fix NULL-pointer dereferences (Bartosz Golaszewski) - gpiolib: Get rid of redundant 'else' (Andy Shevchenko) - vme: Fix error not catched in fake_init() (Chen Zhongjin) - staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor() (YueHaibing) - staging: rtl8192u: Fix use after free in ieee80211_rx() (Dan Carpenter) - i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe (Hui Tang) - chardev: fix error handling in cdev_device_add() (Yang Yingliang) - mcb: mcb-parse: fix error handing in chameleon_parse_gdd() (Yang Yingliang) - drivers: mcb: fix resource leak in mcb_probe() (Zhengchao Shao) - usb: gadget: f_hid: fix refcount leak on error path (John Keeping) - usb: gadget: f_hid: fix f_hidg lifetime vs cdev (John Keeping) - usb: roles: fix of node refcount leak in usb_role_switch_is_parent() (Yang Yingliang) - coresight: trbe: remove cpuhp instance node before remove cpuhp state (Yang Shen) - counter: stm32-lptimer-cnt: fix the check on arr and cmp registers update (Fabrice Gasnier) - iio: adis: add '__adis_enable_irq()' implementation (Ramona Bolboaca) - iio:imu:adis: Move exports into IIO_ADISLIB namespace (Jonathan Cameron) - iio: adis: stylistic changes (Nuno Sa) - iio: adis: handle devices that cannot unmask the drdy pin (Nuno Sa) - iio: temperature: ltc2983: make bulk write buffer DMA-safe (Cosmin Tanislav) - cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter() (Yang Yingliang) - cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter() (Yang Yingliang) - firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() (Yang Yingliang) - misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os (Zheng Wang) - misc: tifm: fix possible memory leak in tifm_7xx1_switch_media() (ruanjinjie) - ocxl: fix pci device refcount leak when calling get_function_0() (Yang Yingliang) - misc: ocxl: fix possible name leak in ocxl_file_register_afu() (Yang Yingliang) - test_firmware: fix memory leak in test_firmware_init() (Zhengchao Shao) - serial: sunsab: Fix error handling in sunsab_init() (Yuan Can) - serial: altera_uart: fix locking in polling mode (Gabriel Somlo) - tty: serial: altera_uart_{r,t}x_chars() need only uart_port (Jiri Slaby) - tty: serial: clean up stop-tx part in altera_uart_tx_chars() (Jiri Slaby) - serial: pch: Fix PCI device refcount leak in pch_request_dma() (Xiongfeng Wang) - serial: stm32: move dma_request_chan() before clk_prepare_enable() (Valentin Caron) - serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle. (delisun) - serial: amba-pl011: avoid SBSA UART accessing DMACR register (Jiamei Xie) - extcon: usbc-tusb320: Update state on probe even if no IRQ pending (Marek Vasut) - extcon: usbc-tusb320: Add USB TYPE-C support (Marek Vasut) - extcon: usbc-tusb320: Factor out extcon into dedicated functions (Marek Vasut) - usb: typec: Factor out non-PD fwnode properties (Samuel Holland) - extcon: usbc-tusb320: Add support for TUSB320L (Yassine Oudjana) - extcon: usbc-tusb320: Add support for mode setting and reset (Yassine Oudjana) - usb: typec: tipd: Fix spurious fwnode_handle_put in error path (Sven Peter) - usb: typec: tipd: Cleanup resources if devm_tps6598_psy_register fails (Sven Peter) - usb: typec: tcpci: fix of node refcount leak in tcpci_register_port() (Yang Yingliang) - usb: typec: Check for ops->exit instead of ops->enter in altmode_exit (Sven Peter) - staging: vme_user: Fix possible UAF in tsi148_dma_list_add (Gaosheng Cui) - usb: fotg210-udc: Fix ages old endianness issues (Linus Walleij) - uio: uio_dmem_genirq: Fix deadlock between irq config and handling (Rafael Mendonca) - uio: uio_dmem_genirq: Fix missing unlock in irq configuration (Rafael Mendonca) - vfio: platform: Do not pass return buffer to ACPI _RST method (Rafael Mendonca) - class: fix possible memory leak in __class_register() (Yang Yingliang) - serial: 8250_bcm7271: Fix error handling in brcmuart_init() (Yuan Can) - serial: tegra: Read DMA status before terminating (Kartik) - drivers: dio: fix possible memory leak in dio_init() (Yang Yingliang) - RISC-V: Align the shadow stack (Palmer Dabbelt) - IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces (Dragos Tatulea) - hwrng: geode - Fix PCI device refcount leak (Xiongfeng Wang) - hwrng: amd - Fix PCI device refcount leak (Xiongfeng Wang) - crypto: img-hash - Fix variable dereferenced before check 'hdev->req' (Gaosheng Cui) - RDMA/hns: Fix error code of CMD (Chengchang Tang) - RDMA/hns: Fix page size cap from firmware (Chengchang Tang) - RDMA/hns: Fix PBL page MTR find (Chengchang Tang) - RDMA/hns: Fix AH attr queried by query_qp (Chengchang Tang) - orangefs: Fix sysfs not cleanup when dev init failed (Zhang Xiaoxu) - PCI: mt7621: Add sentinel to quirks table (John Thomson) - PCI: mt7621: Rename mt7621_pci_ to mt7621_pcie_ (Bjorn Helgaas) - RDMA/srp: Fix error return code in srp_parse_options() (Wang Yufen) - RDMA/hfi1: Fix error return code in parse_platform_config() (Wang Yufen) - riscv/mm: add arch hook arch_clear_hugepage_flags (Tong Tiangen) - crypto: omap-sham - Use pm_runtime_resume_and_get() in omap_sham_probe() (Shang XiaoJing) - crypto: amlogic - Remove kcalloc without check (Christophe JAILLET) - RDMA/nldev: Fix failure to send large messages (Mark Zhang) - f2fs: avoid victim selection from previous victim section (Yonggil Song) - RDMA/nldev: Add checks for nla_nest_start() in fill_stat_counter_qps() (Yuan Can) - scsi: snic: Fix possible UAF in snic_tgt_create() (Gaosheng Cui) - scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (Chen Zhongjin) - scsi: ipr: Fix WARNING in ipr_init() (Shang XiaoJing) - scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (Yang Yingliang) - scsi: fcoe: Fix possible name leak when device_register() fails (Yang Yingliang) - scsi: scsi_debug: Fix a warning in resp_report_zones() (Harshit Mogalapalli) - scsi: scsi_debug: Fix a warning in resp_verify() (Harshit Mogalapalli) - scsi: efct: Fix possible memleak in efct_device_init() (Chen Zhongjin) - scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (Yang Yingliang) - scsi: hpsa: Fix error handling in hpsa_add_sas_host() (Yang Yingliang) - scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (Yang Yingliang) - padata: Fix list iterator in padata_do_serial() (Daniel Jordan) - padata: Always leave BHs disabled when running ->parallel() (Daniel Jordan) - crypto: tcrypt - Fix multibuffer skcipher speed test mem leak (Zhang Yiqun) - scsi: hpsa: Fix possible memory leak in hpsa_init_one() (Yuan Can) - dt-bindings: visconti-pcie: Fix interrupts array max constraints (Serge Semin) - dt-bindings: imx6q-pcie: Fix clock names for imx6sx and imx8mq (Serge Semin) - RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed (Zhang Xiaoxu) - RDMA/hns: fix memory leak in hns_roce_alloc_mr() (Zhengchao Shao) - crypto: ccree - Make cc_debugfs_global_fini() available for module init function (Uwe Kleine-Konig) - RDMA/hfi: Decrease PCI device reference count in error path (Xiongfeng Wang) - PCI: Check for alloc failure in pci_request_irq() (Zeng Heng) - RDMA/hns: Fix ext_sge num error when post send (Luoyouming) - RDMA/hns: Repacing 'dseg_len' by macros in fill_ext_sge_inl_data() (Luoyouming) - crypto: hisilicon/qm - add missing pci_dev_put() in q_num_set() (Xiongfeng Wang) - crypto: cryptd - Use request context instead of stack for sub-request (Herbert Xu) - crypto: ccree - Remove debugfs when platform_driver_register failed (Gaosheng Cui) - scsi: scsi_debug: Fix a warning in resp_write_scat() (Harshit Mogalapalli) - RDMA/siw: Set defined status for work completion with undefined status (Bernard Metzler) - RDMA/nldev: Return '-EAGAIN' if the cm_id isn't from expected port (Mark Zhang) - RDMA/core: Make sure 'ib_port' is valid when access sysfs node (Mark Zhang) - RDMA/restrack: Release MR restrack when delete (Mark Zhang) - PCI: vmd: Disable MSI remapping after suspend (Nirmal Patel) - IB/mad: Don't call to function that might sleep while in atomic context (Leonid Ravich) - RDMA/siw: Fix immediate work request flush to completion queue (Bernard Metzler) - scsi: qla2xxx: Fix set-but-not-used variable warnings (Bart Van Assche) - RDMA/irdma: Report the correct link speed (Shiraz Saleem) - f2fs: fix to destroy sbi->post_read_wq in error path of f2fs_fill_super() (Chao Yu) - f2fs: fix normal discard process (Dongdong Zhang) - f2fs: fix to invalidate dcc->f2fs_issue_discard in error path (Chao Yu) - apparmor: Fix memleak in alloc_ns() (Xiu Jianfeng) - crypto: rockchip - rework by using crypto_engine (Corentin Labbe) - crypto: rockchip - remove non-aligned handling (Corentin Labbe) - crypto: rockchip - better handle cipher key (Corentin Labbe) - crypto: rockchip - add fallback for ahash (Corentin Labbe) - crypto: rockchip - add fallback for cipher (Corentin Labbe) - crypto: rockchip - do not store mode globally (Corentin Labbe) - crypto: rockchip - do not do custom power management (Corentin Labbe) - f2fs: Fix the race condition of resize flag between resizefs (Zhang Qilong) - PCI: pci-epf-test: Register notifier if only core_init_notifier is enabled (Kunihiko Hayashi) - RDMA/core: Fix order of nldev_exit call (Leon Romanovsky) - PCI: dwc: Fix n_fts[] array overrun (Vidya Sagar) - apparmor: Use pointer to struct aa_label for lbs_cred (Xiu Jianfeng) - scsi: core: Fix a race between scsi_done() and scsi_timeout() (Bart Van Assche) - crypto: nitrox - avoid double free on error path in nitrox_sriov_init() (Natalia Petrova) - crypto: sun8i-ss - use dma_addr instead u32 (Corentin Labbe) - crypto: hisilicon/qm - fix missing destroy qp_idr (Weili Qian) - apparmor: Fix abi check to include v8 abi (John Johansen) - apparmor: fix lockdep warning when removing a namespace (John Johansen) - apparmor: fix a memleak in multi_transaction_new() (Gaosheng Cui) - net: dsa: tag_8021q: avoid leaking ctx on dsa_tag_8021q_register() error path (Vladimir Oltean) - i40e: Fix the inability to attach XDP program on downed interface (Bartosz Staszewski) - stmmac: fix potential division by 0 (Piergiorgio Beruto) - Bluetooth: RFCOMM: don't call kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - Bluetooth: hci_core: don't call kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - Bluetooth: hci_bcsp: don't call kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - Bluetooth: hci_h5: don't call kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - Bluetooth: hci_ll: don't call kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - Bluetooth: hci_qca: don't call kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - Bluetooth: btusb: don't call kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - Bluetooth: btintel: Fix missing free skb in btintel_setup_combined() (Wang ShaoBo) - Bluetooth: MGMT: Fix error report for ADD_EXT_ADV_PARAMS (Inga Stotland) - sctp: sysctl: make extra pointers netns aware (Firo Yang) - ntb_netdev: Use dev_kfree_skb_any() in interrupt context (Eric Pilmore) - net: lan9303: Fix read error execution path (Jerry Ray) - can: tcan4x5x: Fix use of register error status mask (Markus Schneider-Pargmann) - can: m_can: Call the RAM init directly from m_can_chip_config (Vivek Yadav) - can: tcan4x5x: Remove invalid write in clear_interrupts (Markus Schneider-Pargmann) - net: amd-xgbe: Check only the minimum speed for active/passive cables (Tom Lendacky) - net: amd-xgbe: Fix logic around active and passive cables (Tom Lendacky) - af_unix: call proto_unregister() in the error path in af_unix_init() (Yang Yingliang) - net: amd: lance: don't call dev_kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - hamradio: don't call dev_kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - net: ethernet: dnet: don't call dev_kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - net: emaclite: don't call dev_kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - net: apple: bmac: don't call dev_kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - net: apple: mace: don't call dev_kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - net/tunnel: wait until all sk_user_data reader finish before releasing the sock (Hangbin Liu) - net: farsync: Fix kmemleak when rmmods farsync (Li Zetao) - ethernet: s2io: don't call dev_kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - of: overlay: fix null pointer dereferencing in find_dup_cset_node_entry() and find_dup_cset_prop() (ruanjinjie) - drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init() (Yuan Can) - net: stmmac: fix possible memory leak in stmmac_dvr_probe() (Gaosheng Cui) - net: stmmac: selftests: fix potential memleak in stmmac_test_arpoffload() (Zhang Changzhong) - net: defxx: Fix missing err handling in dfx_init() (Yongqiang Liu) - net: vmw_vsock: vmci: Check memcpy_from_msg() (Artem Chernyshev) - clk: socfpga: Fix memory leak in socfpga_gate_init() (Xiu Jianfeng) - bpf: Do not zero-extend kfunc return values (Bjorn Topel) - blktrace: Fix output non-blktrace event when blk_classic option enabled (Yang Jihong) - wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware() (Wang Yufen) - wifi: rtl8xxxu: Fix the channel width reporting (Bitterblue Smith) - wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h (Bitterblue Smith) - spi: spi-gpio: Don't set MOSI as an input if not 3WIRE mode (Kris Bahnsen) - clk: samsung: Fix memory leak in _samsung_clk_register_pll() (Xiu Jianfeng) - media: coda: Add check for kmalloc (Jiasheng Jiang) - media: coda: Add check for dcoda_iram_alloc (Jiasheng Jiang) - media: c8sectpfe: Add of_node_put() when breaking out of loop (Liang He) - regulator: qcom-labibb: Fix missing of_node_put() in qcom_labibb_regulator_probe() (Yuan Can) - mmc: core: Normalize the error handling branch in sd_read_ext_regs() (Zhen Lei) - memstick/ms_block: Add check for alloc_ordered_workqueue (Jiasheng Jiang) - memstick: ms_block: Add error handling support for add_disk() (Luis Chamberlain) - mmc: renesas_sdhi: alway populate SCC pointer (Wolfram Sang) - mmc: mmci: fix return value check of mmc_add_host() (Yang Yingliang) - mmc: wbsd: fix return value check of mmc_add_host() (Yang Yingliang) - mmc: via-sdmmc: fix return value check of mmc_add_host() (Yang Yingliang) - mmc: meson-gx: fix return value check of mmc_add_host() (Yang Yingliang) - mmc: omap_hsmmc: fix return value check of mmc_add_host() (Yang Yingliang) - mmc: atmel-mci: fix return value check of mmc_add_host() (Yang Yingliang) - mmc: wmt-sdmmc: fix return value check of mmc_add_host() (Yang Yingliang) - mmc: vub300: fix return value check of mmc_add_host() (Yang Yingliang) - mmc: toshsd: fix return value check of mmc_add_host() (Yang Yingliang) - mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host() (Yang Yingliang) - mmc: rtsx_pci: fix return value check of mmc_add_host() (Yang Yingliang) - mmc: pxamci: fix return value check of mmc_add_host() (Yang Yingliang) - mmc: mxcmmc: fix return value check of mmc_add_host() (Yang Yingliang) - mmc: moxart: fix return value check of mmc_add_host() (Yang Yingliang) - mmc: alcor: fix return value check of mmc_add_host() (Yang Yingliang) - riscv, bpf: Emit fixed-length instructions for BPF_PSEUDO_FUNC (Pu Lehui) - NFSv4.x: Fail client initialisation if state manager thread can't run (Trond Myklebust) - SUNRPC: Fix missing release socket in rpc_sockname() (Wang ShaoBo) - xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (Zhang Xiaoxu) - ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt (Gaosheng Cui) - media: saa7164: fix missing pci_disable_device() (Liu Shixin) - ALSA: pcm: Set missing stop_operating flag at undoing trigger start (Takashi Iwai) - bpf, sockmap: fix race in sock_map_free() (Eric Dumazet) - hwmon: (jc42) Restore the min/max/critical temperatures on resume (Martin Blumenstingl) - hwmon: (jc42) Convert register access and caching to regmap/regcache (Martin Blumenstingl) - regulator: core: fix resource leak in regulator_register() (Yang Yingliang) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-0179 CVE-2022-4139 CVE-2022-45869 CVE-2022-3545 cpe:/a:oracle:linux:8::UEKR7 cpe:/o:oracle:linux:9:1:baseos_patch cpe:/a:oracle:linux:9::UEKR7 cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [0.11.3-4.el9_1.2] - Updated bundled rubygems: mustermann, rack, rack_protection, sinatra, tilt - Added license for rubygem ruby2_keywords - Resolves: rhbz#2159426 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-45442 cpe:/a:oracle:linux:9::addons Oracle Linux 9 [3.0.1-47.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.1-47] - Fixed X.509 Name Constraints Read Buffer Overflow Resolves: CVE-2022-4203 - Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed Double free after calling PEM_read_bio_ex Resolves: CVE-2022-4450 - Fixed Use-after-free following BIO_new_NDEF Resolves: CVE-2023-0215 - Fixed Invalid pointer dereference in d2i_PKCS7 functions Resolves: CVE-2023-0216 - Fixed NULL dereference validating DSA public key Resolves: CVE-2023-0217 - Fixed X.400 address type confusion in X.509 GeneralName Resolves: CVE-2023-0286 - Fixed NULL dereference during PKCS7 data verification Resolves: CVE-2023-0401 [1:3.0.1-46] - Refactor OpenSSL fips module MAC verification Resolves: rhbz#2158412 - Disallow SHAKE in RSA-OAEP decryption in FIPS mode Resolves: rhbz#2144010 [1:3.0.1-45] - Add support of X25519 and X448 'group' parameter in EVP_PKEY_CTX objects Resolves: rhbz#2149010 - Fix explicit indicator for PSS salt length in FIPS mode when used with negative magic values Resolves: rhbz#2144012 - Update change to default PSS salt length with patch state from upstream Related: rhbz#2144012 [1:3.0.1-44] - SHAKE-128/256 are not allowed with RSA in FIPS mode Resolves: rhbz#2144010 - Avoid memory leaks in TLS Resolves: rhbz#2144008 - FIPS RSA CRT tests must use correct parameters Resolves: rhbz#2144006 - FIPS-140-3 permits only SHA1, SHA256, and SHA512 for DRBG-HASH/DRBG-HMAC Resolves: rhbz#2144017 - Remove support for X9.31 signature padding in FIPS mode Resolves: rhbz#2144015 - Add explicit indicator for SP 800-108 KDFs with short key lengths Resolves: rhbz#2144019 - Add explicit indicator for HMAC with short key lengths Resolves: rhbz#2144000 - Set minimum password length for PBKDF2 in FIPS mode Resolves: rhbz#2144003 - Add explicit indicator for PSS salt length in FIPS mode Resolves: rhbz#2144012 - Clamp default PSS salt length to digest size for FIPS 186-4 compliance Related: rhbz#2144012 - Forbid short RSA keys for key encapsulation/decapsulation in FIPS mode Resolves: rhbz#2145170 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-0286 CVE-2022-4450 CVE-2023-0215 CVE-2022-4203 CVE-2022-4304 CVE-2023-0401 CVE-2023-0217 CVE-2023-0216 cpe:/a:oracle:linux:9::userspace_ksplice Oracle Linux 8 Oracle Linux 9 [5.15.0-8.91.4.1] - uek-rpm: Add opbmc to core rpm (Somasundaram Krishnasamy) [Orabug: 35157130] [5.15.0-8.91.4] - selftests/vm: remove ARRAY_SIZE define from individual tests (Shuah Khan) [Orabug: 35088471] - selftests: Provide local define of __cpuid_count() (Reinette Chatre) [Orabug: 35088471] - tools: fix ARRAY_SIZE defines in tools and selftests hdrs (Shuah Khan) [Orabug: 35088471] - uek-rpm: aarch64 enable DETECT_HUNG_TASK (Tom Saeger) [Orabug: 34580801] [5.15.0-8.91.3] - Update README with UEK Text Description (Somasundaram Krishnasamy) [Orabug: 35084845] - uek-rpm: config-x86-64*: Disable CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT (Alejandro Jimenez) [Orabug: 35059109] - Revert 'RDMA/irdma: Fix warning, move switch variable into case' (Jack Vogel) [Orabug: 35048858] - Revert 'RDMA/irdma: Move variable into switch case' (Jack Vogel) [Orabug: 35048858] - Revert 'ACPI/IORT: Move variables in switch, fix for build warnings.' (Jack Vogel) [Orabug: 35048858] [5.15.0-8.91.2] - RDMA/addr: Refresh neighbour entries upon rdma_resolve_addr() (Gerd Rausch) [Orabug: 35060575] - net/rds: Go back to alloc_ordered_workqueue() (Gerd Rausch) [Orabug: 35042697] - sched/core: Remove sched_uek cmdline parameter (Konrad Rzeszutek Wilk) [Orabug: 35049222] - uek-misc: Initial version (Konrad Rzeszutek Wilk) [Orabug: 35049222] - treewide: Move the definition in a global file (Konrad Rzeszutek Wilk) [Orabug: 35049222] - treewide: Rename wake_affine_idle_pull into on_exadata (Konrad Rzeszutek Wilk) [Orabug: 35049222] - sched/core: Remove sched_uek=preempt (Konrad Rzeszutek Wilk) [Orabug: 35049222] - perf/x86/uncore: Don't WARN_ON_ONCE() for a broken discovery table (Kan Liang) [Orabug: 35038311] - perf/x86/uncore: Add a quirk for UPI on SPR (Kan Liang) [Orabug: 35038311] - perf/x86/uncore: Ignore broken units in discovery table (Kan Liang) [Orabug: 35038311] - perf/x86/uncore: Fix potential NULL pointer in uncore_get_alias_name (Kan Liang) [Orabug: 35038311] - perf/x86/uncore: Factor out uncore_device_to_die() (Kan Liang) [Orabug: 35038311] - perf/x86/intel/uncore: Enable UPI topology discovery for Sapphire Rapids (Alexander Antonov) [Orabug: 35038311] - perf/x86/intel/uncore: Enable UPI topology discovery for Skylake Server (Alexander Antonov) [Orabug: 35038311] - perf/x86/intel/uncore: Generalize get_topology() for SKX PMUs (Alexander Antonov) [Orabug: 35038311] - perf/x86/intel/uncore: Introduce UPI topology type (Alexander Antonov) [Orabug: 35038311] - perf/x86/intel/uncore: Get UPI NodeID and GroupID (Alexander Antonov) [Orabug: 35038311] - perf/x86/intel/uncore: Enable UPI topology discovery for Icelake Server (Alexander Antonov) [Orabug: 35038311] - perf/x86/intel/uncore: Generalize IIO topology support (Alexander Antonov) [Orabug: 35038311] - net/rds: Delegate fan-out to a background worker (Gerd Rausch) [Orabug: 34994148] - i40e: Add basic support for I710 devices (Stanislaw Grzeszczak) [Orabug: 35059783] [5.15.0-8.91.1] - LTS version: v5.15.91 (Jack Vogel) - perf/x86/amd: fix potential integer overflow on shift of a int (Colin Ian King) - netfilter: conntrack: unify established states for SCTP paths (Sriram Yagnaraman) - x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (Thomas Gleixner) - block: fix and cleanup bio_check_ro (Christoph Hellwig) - kbuild: Allow kernel installation packaging to override pkg-config (Chun-Tse Shao) - cpufreq: governor: Use kobject release() method to free dbs_data (Kevin Hao) - cpufreq: Move to_gov_attr_set() to cpufreq.h (Kevin Hao) - Revert 'Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode' (Dmitry Torokhov) - tools: gpio: fix -c option of gpio-event-mon (Ivo Borisov Shopov) - treewide: fix up files incorrectly marked executable (Linus Torvalds) - net: mdio-mux-meson-g12a: force internal PHY off on mux switch (Jerome Brunet) - net/tg3: resolve deadlock in tg3_reset_task() during EEH (David Christensen) - thermal: intel: int340x: Add locking to int340x_thermal_get_trip_type() (Rafael J. Wysocki) - net: mctp: mark socks as dead on unhash, prevent re-add (Jeremy Kerr) - net: ravb: Fix possible hang if RIS2_QFF1 happen (Yoshihiro Shimoda) - net: ravb: Fix lack of register setting after system resumed for Gen3 (Yoshihiro Shimoda) - ravb: Rename 'no_ptp_cfg_active' and 'ptp_cfg_active' variables (Biju Das) - gpio: mxc: Unlock on error path in mxc_flip_edge() (Dan Carpenter) - nvme: fix passthrough csi check (Keith Busch) - riscv/kprobe: Fix instruction simulation of JALR (Liao Chang) - sctp: fail if no bound addresses can be used for a given scope (Marcelo Ricardo Leitner) - net/sched: sch_taprio: do not schedule in taprio_reset() (Eric Dumazet) - netrom: Fix use-after-free of a listening socket. (Kuniyuki Iwashima) - netfilter: conntrack: fix vtag checks for ABORT/SHUTDOWN_COMPLETE (Sriram Yagnaraman) - ipv4: prevent potential spectre v1 gadget in fib_metrics_match() (Eric Dumazet) - ipv4: prevent potential spectre v1 gadget in ip_metrics_convert() (Eric Dumazet) - netlink: annotate data races around sk_state (Eric Dumazet) - netlink: annotate data races around dst_portid and dst_group (Eric Dumazet) - netlink: annotate data races around nlk->portid (Eric Dumazet) - netfilter: nft_set_rbtree: skip elements in transaction from garbage collection (Pablo Neira Ayuso) - netfilter: nft_set_rbtree: Switch to node list walk for overlap detection (Pablo Neira Ayuso) - drm/i915/selftest: fix intel_selftest_modify_policy argument types (Arnd Bergmann) - net: fix UaF in netns ops registration error path (Paolo Abeni) - netlink: prevent potential spectre v1 gadgets (Eric Dumazet) - i2c: designware: use casting of u64 in clock multiplication to avoid overflow (Lareine Khawaly) - scsi: ufs: core: Fix devfreq deadlocks (Johan Hovold) - net: mana: Fix IRQ name - add PCI and queue number (Haiyang Zhang) - EDAC/qcom: Do not pass llcc_driv_data as edac_device_ctl_info's pvt_info (Manivannan Sadhasivam) - EDAC/device: Respect any driver-supplied workqueue polling value (Manivannan Sadhasivam) - ARM: 9280/1: mm: fix warning on phys_addr_t to void pointer assignment (Giulio Benetti) - ipv6: fix reachability confirmation with proxy_ndp (Gergely Risko) - thermal: intel: int340x: Protect trip temperature from concurrent updates (Srinivas Pandruvada) - KVM: arm64: GICv4.1: Fix race with doorbell on VPE activation/deactivation (Marc Zyngier) - KVM: x86/vmx: Do not skip segment attributes if unusable bit is set (Hendrik Borghorst) - ovl: fail on invalid uid/gid mapping at copy up (Miklos Szeredi) - ksmbd: limit pdu length size according to connection status (Namjae Jeon) - ksmbd: downgrade ndr version error message to debug (Namjae Jeon) - ksmbd: do not sign response to session request for guest login (Marios Makassikis) - ksmbd: add max connections parameter (Namjae Jeon) - ksmbd: add smbd max io size parameter (Namjae Jeon) - i2c: mv64xxx: Add atomic_xfer method to driver (Chris Morgan) - i2c: mv64xxx: Remove shutdown method from driver (Chris Morgan) - cifs: Fix oops due to uncleared server->smbd_conn in reconnect (David Howells) - ftrace/scripts: Update the instructions for ftrace-bisect.sh (Steven Rostedt (Google)) - trace_events_hist: add check for return value of 'create_hist_field' (Natalia Petrova) - tracing: Make sure trace_printk() can output as soon as it can be used (Steven Rostedt (Google)) - module: Don't wait for GOING modules (Petr Pavlu) - KVM: SVM: fix tsc scaling cache logic (Maxim Levitsky) - scsi: hpsa: Fix allocation size for scsi_host_alloc() (Alexey V. Vissarionov) - drm/amdgpu: complete gfxoff allow signal during suspend without delay (Harsh Jain) - Bluetooth: hci_sync: cancel cmd_timer if hci_open failed (Archie Pusaka) - exit: Use READ_ONCE() for all oops/warn limit reads (Kees Cook) - docs: Fix path paste-o for /sys/kernel/warn_count (Kees Cook) - panic: Expose 'warn_count' to sysfs (Kees Cook) - panic: Introduce warn_limit (Kees Cook) - panic: Consolidate open-coded panic_on_warn checks (Kees Cook) - exit: Allow oops_limit to be disabled (Kees Cook) - exit: Expose 'oops_count' to sysfs (Kees Cook) - exit: Put an upper limit on how often we can oops (Jann Horn) - panic: Separate sysctl logic from CONFIG_SMP (Kees Cook) - ia64: make IA64_MCA_RECOVERY bool instead of tristate (Randy Dunlap) - csky: Fix function name in csky_alignment() and die() (Nathan Chancellor) - h8300: Fix build errors from do_exit() to make_task_dead() transition (Nathan Chancellor) - hexagon: Fix function name in die() (Nathan Chancellor) - objtool: Add a missing comma to avoid string concatenation (Eric W. Biederman) - exit: Add and use make_task_dead. (Eric W. Biederman) - kasan: no need to unset panic_on_warn in end_report() (Tiezhu Yang) - ubsan: no need to unset panic_on_warn in ubsan_epilogue() (Tiezhu Yang) - panic: unset panic_on_warn inside panic() (Tiezhu Yang) - kernel/panic: move panic sysctls to its own file (tangmeng) - sysctl: add a new register_sysctl_init() interface (Xiaoming Ni) - fs: reiserfs: remove useless new_opts in reiserfs_remount (Dongliang Mu) - x86: ACPI: cstate: Optimize C3 entry on AMD CPUs (Deepak Sharma) - drm/i915: Remove unused variable (Nirmoy Das) - Revert 'selftests/bpf: check null propagation only neither reg is PTR_TO_BTF_ID' (Sasha Levin) - drm/i915: Allow switching away via vga-switcheroo if uninitialized (Thomas Zimmermann) - firmware: coreboot: Check size of table entry and use flex-array (Kees Cook) - lockref: stop doing cpu_relax in the cmpxchg loop (Mateusz Guzik) - platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK (Hans de Goede) - platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD (Michael Klein) - r8152: add vendor/device ID pair for Microsoft Devkit (Andre Przywara) - scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id (Yihang Li) - KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (Heiko Carstens) - spi: spidev: remove debug messages that access spidev->spi without locking (Bartosz Golaszewski) - ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets (Mark Brown) - ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC (Mark Brown) - cpufreq: armada-37xx: stop using 0 as NULL pointer (Miles Chen) - perf/x86/intel/uncore: Add Emerald Rapids (Kan Liang) - perf/x86/msr: Add Emerald Rapids (Kan Liang) - s390: expicitly align _edata and _end symbols on page boundary (Alexander Gordeev) - s390/debug: add _ASM_S390_ prefix to header guard (Niklas Schnelle) - drm: Add orientation quirk for Lenovo ideapad D330-10IGL (Patrick Thompson) - net: usb: cdc_ether: add support for Thales Cinterion PLS62-W modem (Hui Wang) - ASoC: fsl_micfil: Correct the number of steps on SX controls (Chancel Liu) - cpufreq: Add SM6375 to cpufreq-dt-platdev blocklist (Konrad Dybcio) - kcsan: test: don't put the expect array on the stack (Max Filippov) - cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist (Sumit Gupta) - scsi: iscsi: Fix multiple iSCSI session unbind events sent to userspace (Wenchao Hao) - tcp: fix rate_app_limited to default to 1 (David Morley) - net: stmmac: enable all safety features by default (Andrew Halaney) - thermal: core: call put_device() only after device_register() fails (Viresh Kumar) - thermal/core: fix error code in __thermal_cooling_device_register() (Dan Carpenter) - thermal: Validate new state in cur_state_store() (Viresh Kumar) - thermal/core: Rename 'trips' to 'num_trips' (Daniel Lezcano) - thermal/core: Remove duplicate information when an error occurs (Daniel Lezcano) - net: dsa: microchip: ksz9477: port map correction in ALU table entry register (Rakesh Sankaranarayanan) - selftests/net: toeplitz: fix race on tpacket_v3 block close (Willem de Bruijn) - driver core: Fix test_async_probe_init saves device in wrong array (Chen Zhongjin) - w1: fix WARNING after calling w1_process() (Yang Yingliang) - w1: fix deadloop in __w1_remove_master_device() (Yang Yingliang) - device property: fix of node refcount leak in fwnode_graph_get_next_endpoint() (Yang Yingliang) - ptdma: pt_core_execute_cmd() should use spinlock (Eric Pilmore) - octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt (Kevin Hao) - tcp: avoid the lookup process failing to get sk in ehash table (Jason Xing) - nvme-pci: fix timeout request state check (Keith Busch) - drm/amd/display: fix issues with driver unload (Hamza Mahfooz) - phy: phy-can-transceiver: Skip warning if no 'max-bitrate' (Geert Uytterhoeven) - dmaengine: xilinx_dma: call of_node_put() when breaking out of for_each_child_of_node() (Liu Shixin) - cifs: fix potential deadlock in cache_refresh_path() (Paulo Alcantara) - HID: betop: check shape of output reports (Pietro Borrello) - l2tp: prevent lockdep issue in l2tp_tunnel_register() (Eric Dumazet) - virtio-net: correctly enable callback during start_xmit (Jason Wang) - net: macb: fix PTP TX timestamp failure due to packet padding (Robert Hancock) - dmaengine: Fix double increment of client_count in dma_chan_get() (Koba Ko) - drm/panfrost: fix GENERIC_ATOMIC64 dependency (Arnd Bergmann) - net: mlx5: eliminate anonymous module_init & module_exit (Randy Dunlap) - net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (Maor Dickman) - net: ipa: disable ipa interrupt during suspend (Caleb Connolly) - Bluetooth: Fix possible deadlock in rfcomm_sk_state_change (Ying Hsu) - usb: gadget: f_fs: Ensure ep0req is dequeued before free_request (Udipto Goswami) - usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait (Udipto Goswami) - HID: revert CHERRY_MOUSE_000C quirk (Jiri Kosina) - pinctrl: rockchip: fix mux route data for rk3568 (Jonas Karlman) - net: stmmac: fix invalid call to mdiobus_get_phy() (Heiner Kallweit) - HID: check empty report_list in bigben_probe() (Pietro Borrello) - HID: check empty report_list in hid_validate_values() (Pietro Borrello) - net: mdio: validate parameter addr in mdiobus_get_phy() (Heiner Kallweit) - net: usb: sr9700: Handle negative len (Szymon Heidrich) - octeontx2-pf: Avoid use of GFP_KERNEL in atomic context (Geetha sowjanya) - l2tp: close all race conditions in l2tp_tunnel_register() (Cong Wang) - l2tp: convert l2tp_tunnel_list to idr (Cong Wang) - l2tp: Don't sleep and disable BH under writer-side sk_callback_lock (Jakub Sitnicki) - l2tp: Serialize access to sk_user_data with sk_callback_lock (Jakub Sitnicki) [Orabug: 34951574] {CVE-2022-4129} - net/sched: sch_taprio: fix possible use-after-free (Eric Dumazet) - net: stmmac: Fix queue statistics reading (Kurt Kanzenbach) - pinctrl: rockchip: fix reading pull type on rk3568 (Jonas Karlman) - pinctrl/rockchip: add error handling for pull/drive register getters (Sebastian Reichel) - pinctrl/rockchip: Use temporary variable for struct device (Andy Shevchenko) - wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid (Szymon Heidrich) [Orabug: 35037701] {CVE-2023-23559} - gpio: mxc: Always set GPIOs used as interrupt source to INPUT mode (Marek Vasut) - gpio: mxc: Protect GPIO irqchip RMW with bgpio spinlock (Marek Vasut) - gpio: use raw spinlock for gpio chip shadowed data (Schspa Shi) - sch_htb: Avoid grafting on htb_destroy_class_offload when destroying htb (Rahul Rameshbabu) - net: enetc: avoid deadlock in enetc_tx_onestep_tstamp() (Vladimir Oltean) - net: wan: Add checks for NULL for utdm in undo_uhdlc_init and unmap_si_regs (Esina Ekaterina) - net: nfc: Fix use-after-free in local_cleanup() (Jisoo Jang) - phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in rockchip_usb2phy_power_on() (Shang XiaoJing) - bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation (Luis Gerhorst) - amd-xgbe: Delay AN timeout during KR training (Raju Rangoju) - amd-xgbe: TX Flow Ctrl Registers are h/w ver dependent (Raju Rangoju) - ARM: dts: at91: sam9x60: fix the ddr clock for sam9x60 (Claudiu Beznea) - NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (Xingyuan Mo) - phy: ti: fix Kconfig warning and operator precedence (Randy Dunlap) - arm64: dts: qcom: msm8992-libra: Fix the memory map (Konrad Dybcio) - arm64: dts: qcom: msm8992-libra: Add CPU regulators (Konrad Dybcio) - arm64: dts: qcom: msm8992: Don't use sfpb mutex (Konrad Dybcio) - PM: AVS: qcom-cpr: Fix an error handling path in cpr_probe() (Christophe JAILLET) - affs: initialize fsdata in affs_truncate() (Alexander Potapenko) - IB/hfi1: Remove user expected buffer invalidate race (Dean Luick) - IB/hfi1: Immediately remove invalid memory from hardware (Dean Luick) - IB/hfi1: Fix expected receive setup error exit issues (Dean Luick) - IB/hfi1: Reserve user expected TIDs (Dean Luick) - IB/hfi1: Reject a zero-length user expected buffer (Dean Luick) - RDMA/core: Fix ib block iterator counter overflow (Yonatan Nachum) - tomoyo: fix broken dependency on *.conf.default (Masahiro Yamada) - firmware: arm_scmi: Harden shared memory access in fetch_notification (Cristian Marussi) - firmware: arm_scmi: Harden shared memory access in fetch_response (Cristian Marussi) - EDAC/highbank: Fix memory leak in highbank_mc_probe() (Miaoqian Lin) - reset: uniphier-glue: Fix possible null-ptr-deref (Hui Tang) - reset: uniphier-glue: Use reset_control_bulk API (Philipp Zabel) - soc: imx8m: Fix incorrect check for of_clk_get_by_name() (Miaoqian Lin) - arm64: dts: imx8mm-venice-gw7901: fix USB2 controller OC polarity (Tim Harvey) - HID: intel_ish-hid: Add check for ishtp_dma_tx_map (Jiasheng Jiang) - ARM: imx: add missing of_node_put() (Dario Binacchi) - arm64: dts: imx8mm-beacon: Fix ecspi2 pinmux (Adam Ford) - ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts' (Fabio Estevam) - ARM: dts: imx7d-pico: Use 'clock-frequency' (Fabio Estevam) - ARM: dts: imx6ul-pico-dwarf: Use 'clock-frequency' (Fabio Estevam) - arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (Fabio Estevam) - dmaengine: ti: k3-udma: Do conditional decrement of UDMA_CHAN_RT_PEER_BCNT_REG (Jayesh Choudhary) - memory: mvebu-devbus: Fix missing clk_disable_unprepare in mvebu_devbus_probe() (Gaosheng Cui) - memory: atmel-sdramc: Fix missing clk_disable_unprepare in atmel_ramc_probe() (Gaosheng Cui) - memory: tegra: Remove clients SID override programming (Ashish Mhetre) - LTS version: v5.15.90 (Jack Vogel) - io_uring/rw: remove leftover debug statement (Jens Axboe) - io_uring/rw: ensure kiocb_end_write() is always called (Jens Axboe) - io_uring: fix double poll leak on repolling (Pavel Begunkov) - io_uring: Clean up a false-positive warning from GCC 9.3.0 (Alviro Iskandar Setiawan) - mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma (Hugh Dickins) - soc: qcom: apr: Make qcom,protection-domain optional again (Stephan Gerhold) - Revert 'wifi: mac80211: fix memory leak in ieee80211_if_add()' (Eric Dumazet) - block: mq-deadline: Rename deadline_is_seq_writes() (Damien Le Moal) - net/mlx5: fix missing mutex_unlock in mlx5_fw_fatal_reporter_err_work() (Yang Yingliang) - net/ulp: use consistent error code when blocking ULP (Paolo Abeni) - io_uring/net: fix fast_iov assignment in io_setup_async_msg() (Stefan Metzmacher) - io_uring: io_kiocb_update_pos() should not touch file for non -1 offset (Jens Axboe) - tracing: Use alignof__(struct {type b;}) instead of offsetof() (Steven Rostedt (Google)) - x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (YingChi Long) - Revert 'drm/amdgpu: make display pinning more flexible (v2)' (Alex Deucher) - efi: rt-wrapper: Add missing include (Ard Biesheuvel) - arm64: efi: Execute runtime services from a dedicated stack (Ard Biesheuvel) - fs/ntfs3: Fix attr_punch_hole() null pointer derenference (Alon Zahavi) - drm/amdgpu: drop experimental flag on aldebaran (Alex Deucher) - drm/amd/display: Fix COLOR_SPACE_YCBCR2020_TYPE matrix (Joshua Ashton) - drm/amd/display: Calculate output_color_space after pixel encoding adjustment (Joshua Ashton) - drm/amd/display: Fix set scaling doesn's work (hongao) - drm/i915/display: Check source height is > 0 (Drew Davenport) - drm/i915: re-disable RC6p on Sandy Bridge (Sasa Dragic) - mei: me: add meteor lake point M DID (Alexander Usyskin) - gsmi: fix null-deref in gsmi_get_variable (Khazhismel Kumykov) - serial: atmel: fix incorrect baudrate setup (Tobias Schramm) - serial: amba-pl011: fix high priority character transmission in rs486 mode (Lino Sanfilippo) - dmaengine: idxd: Let probe fail when workqueue cannot be enabled (Reinette Chatre) - dmaengine: tegra210-adma: fix global intr clear (Mohan Kumar) - dmaengine: lgm: Move DT parsing after initialization (Peter Harliman Liem) - serial: pch_uart: Pass correct sg to dma_unmap_sg() (Ilpo Jarvinen) - dt-bindings: phy: g12a-usb3-pcie-phy: fix compatible string documentation (Heiner Kallweit) - dt-bindings: phy: g12a-usb2-phy: fix compatible string documentation (Heiner Kallweit) - usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210 (Juhyung Park) - usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() (Maciej zenczykowski) - usb: gadget: g_webcam: Send color matching descriptor per frame (Daniel Scally) - usb: typec: altmodes/displayport: Fix pin assignment calculation (Prashant Malani) - usb: typec: altmodes/displayport: Add pin assignment helper (Prashant Malani) - usb: typec: tcpm: Fix altmode re-registration causes sysfs create fail (ChiYuan Huang) - usb: host: ehci-fsl: Fix module alias (Alexander Stein) - usb: cdns3: remove fetched trb from cache before dequeuing (Pawel Laszczak) - USB: serial: cp210x: add SCALANCE LPE-9000 device id (Michael Adler) - USB: gadgetfs: Fix race between mounting and unmounting (Alan Stern) - tty: fix possible null-ptr-defer in spk_ttyio_release (Gaosheng Cui) - tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer (Krzysztof Kozlowski) - staging: mt7621-dts: change some node hex addresses to lower case (Sergio Paracuellos) - bpf: restore the ebpf program ID for BPF_AUDIT_UNLOAD and PERF_BPF_EVENT_PROG_UNLOAD (Paul Moore) - riscv: dts: sifive: fu740: fix size of pcie 32bit memory (Ben Dooks) - thunderbolt: Use correct function to calculate maximum USB3 link rate (Mika Westerberg) - cifs: do not include page data when checking signature (Enzo Matsumiya) - btrfs: fix race between quota rescan and disable leading to NULL pointer deref (Filipe Manana) - btrfs: do not abort transaction on failure to write log tree when syncing log (Filipe Manana) - mmc: sdhci-esdhc-imx: correct the tuning start tap and step setting (Haibo Chen) - mmc: sunxi-mmc: Fix clock refcount imbalance during unbind (Samuel Holland) - ACPI: PRM: Check whether EFI runtime is available (Ard Biesheuvel) - comedi: adv_pci1760: Fix PWM instruction handling (Ian Abbott) - usb: core: hub: disable autosuspend for TI TUSB8041 (Flavio Suligoi) - misc: fastrpc: Fix use-after-free race condition for maps (Ola Jeppsson) - misc: fastrpc: Don't remove map on creater_process and device_release (Abel Vesa) - USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100 (Greg Kroah-Hartman) - staging: vchiq_arm: fix enum vchiq_status return types (Arnd Bergmann) - USB: serial: option: add Quectel EM05CN modem (Duke Xin) - USB: serial: option: add Quectel EM05CN (SG) modem (Duke Xin) - USB: serial: option: add Quectel EC200U modem (Ali Mirghasemi) - USB: serial: option: add Quectel EM05-G (RS) modem (Duke Xin) - USB: serial: option: add Quectel EM05-G (CS) modem (Duke Xin) - USB: serial: option: add Quectel EM05-G (GR) modem (Duke Xin) - prlimit: do_prlimit needs to have a speculation check (Greg Kroah-Hartman) - xhci: Detect lpm incapable xHC USB3 roothub ports from ACPI tables (Mathias Nyman) - usb: acpi: add helper to check port lpm capability using acpi _DSM (Mathias Nyman) - xhci: Add a flag to disable USB3 lpm on a xhci root port level. (Mathias Nyman) - xhci: Add update_hub_device override for PCI xHCI hosts (Mathias Nyman) - xhci: Fix null pointer dereference when host dies (Mathias Nyman) - usb: xhci: Check endpoint is valid before dereferencing it (Jimmy Hu) - xhci-pci: set the dma max_seg_size (Ricardo Ribalda) - io_uring/rw: defer fsnotify calls to task context (Jens Axboe) - io_uring: do not recalculate ppos unnecessarily (Dylan Yudaken) - io_uring: update kiocb->ki_pos at execution time (Dylan Yudaken) - io_uring: remove duplicated calls to io_kiocb_ppos (Dylan Yudaken) - io_uring: ensure that cached task references are always put on exit (Jens Axboe) - io_uring: fix async accept on O_NONBLOCK sockets (Dylan Yudaken) - io_uring: allow re-poll if we made progress (Jens Axboe) - io_uring: support MSG_WAITALL for IORING_OP_SEND(MSG) (Jens Axboe) - io_uring: add flag for disabling provided buffer recycling (Jens Axboe) - io_uring: ensure recv and recvmsg handle MSG_WAITALL correctly (Jens Axboe) - io_uring: improve send/recv error handling (Pavel Begunkov) - io_uring: pass in EPOLL_URING_WAKE for eventfd signaling and wakeups (Jens Axboe) - eventfd: provide a eventfd_signal_mask() helper (Jens Axboe) - eventpoll: add EPOLL_URING_WAKE poll wakeup flag (Jens Axboe) - io_uring: don't gate task_work run on TIF_NOTIFY_SIGNAL (Jens Axboe) - hugetlb: unshare some PMDs when splitting VMAs (James Houghton) - drm/amd: Delay removal of the firmware framebuffer (Sasha Levin) - drm/amdgpu: disable runtime pm on several sienna cichlid cards(v2) (Guchun Chen) - ALSA: hda/realtek: fix mute/micmute LEDs don't work for a HP platform (Jeremy Szu) - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (Andy Chi) - efi: fix userspace infinite retry read efivars after EFI runtime services page fault (Ding Hui) - nilfs2: fix general protection fault in nilfs_btree_insert() (Ryusuke Konishi) - zonefs: Detect append writes at invalid locations (Damien Le Moal) - Add exception protection processing for vd in axi_chan_handle_err function (Shawn.Shao) - wifi: mac80211: sdata can be NULL during AMPDU start (Alexander Wetzel) - wifi: brcmfmac: fix regression for Broadcom PCIe wifi devices (Arend van Spriel) - Bluetooth: hci_qca: Fix driver shutdown on closed serdev (Krzysztof Kozlowski) - fbdev: omapfb: avoid stack overflow warning (Arnd Bergmann) - perf/x86/rapl: Treat Tigerlake like Icelake (Chris Wilson) - f2fs: let's avoid panic if extent_tree is not created (Jaegeuk Kim) - x86/asm: Fix an assembler warning with current binutils (Mikulas Patocka) - btrfs: always report error in run_one_delayed_ref() (Qu Wenruo) - RDMA/srp: Move large values to a new enum for gcc13 (Jiri Slaby (SUSE)) - r8169: move rtl_wol_enable_rx() and rtl_prepare_power_down() (Chunhao Lin) - net/ethtool/ioctl: return -EOPNOTSUPP if we have no phy stats (Daniil Tatianin) - vduse: Validate vq_num in vduse_validate_config() (Harshit Mogalapalli) - virtio_pci: modify ENOENT to EINVAL (Angus Chen) - tools/virtio: initialize spinlocks in vring_test.c (Ricardo Canuelo) - selftests/bpf: check null propagation only neither reg is PTR_TO_BTF_ID (Hao Sun) - pNFS/filelayout: Fix coalescing test for single DS (Olga Kornievskaia) - btrfs: fix trace event name typo for FLUSH_DELAYED_REFS (Naohiro Aota) - LTS version: v5.15.89 (Jack Vogel) - pinctrl: amd: Add dynamic debugging for active GPIOs (Mario Limonciello) - Revert 'usb: ulpi: defer ulpi_register on ulpi_read_id timeout' (Ferry Toth) - block: handle bio_split_to_limits() NULL return (Jens Axboe) - io_uring/io-wq: only free worker if it was allocated for creation (Jens Axboe) - io_uring/io-wq: free worker if task_work creation is canceled (Jens Axboe) - efi: fix NULL-deref in init error path (Johan Hovold) - arm64: cmpxchg_double*: hazard against entire exchange variable (Mark Rutland) - arm64: atomics: remove LL/SC trampolines (Mark Rutland) - arm64: atomics: format whitespace consistently (Mark Rutland) - io_uring: lock overflowing for IOPOLL (Pavel Begunkov) - KVM: x86: Do not return host topology information from KVM_GET_SUPPORTED_CPUID (Paolo Bonzini) - Documentation: KVM: add API issues section (Paolo Bonzini) - mm: Always release pages to the buddy allocator in memblock_free_late(). (Aaron Thompson) - platform/surface: aggregator: Add missing call to ssam_request_sync_free() (Maximilian Luz) - igc: Fix PPS delta between two synchronized end-points (Christopher S Hall) - perf build: Properly guard libbpf includes (Ian Rogers) - net/mlx5e: Don't support encap rules with gbp option (Gavin Li) - net/mlx5: Fix ptp max frequency adjustment range (Rahul Rameshbabu) - net/sched: act_mpls: Fix warning during failed attribute validation (Ido Schimmel) - tools/nolibc: fix the O_* fcntl/open macro definitions for riscv (Willy Tarreau) - tools/nolibc: restore mips branch ordering in the _start block (Willy Tarreau) - tools/nolibc: Remove .global _start from the entry point code (Ammar Faizi) - tools/nolibc/arch: mark the _start symbol as weak (Willy Tarreau) - tools/nolibc/arch: split arch-specific code into individual files (Willy Tarreau) - tools/nolibc/types: split syscall-specific definitions into their own files (Willy Tarreau) - tools/nolibc/std: move the standard type definitions to std.h (Willy Tarreau) - tools/nolibc: use pselect6 on RISCV (Willy Tarreau) - tools/nolibc: x86-64: Use mov 0,%eax instead of mov 0,%rax (Ammar Faizi) - tools/nolibc: x86: Remove r8, r9 and r10 from the clobber list (Ammar Faizi) - af_unix: selftest: Fix the size of the parameter to connect() (Mirsad Goran Todorovac) - nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() (Minsuk Kang) - hvc/xen: lock console list traversal (Roger Pau Monne) - octeontx2-af: Fix LMAC config in cgx_lmac_rx_tx_enable (Angela Czubak) - tipc: fix unexpected link reset due to discovery messages (Tung Nguyen) - ALSA: usb-audio: Relax hw constraints for implicit fb sync (Takashi Iwai) - ALSA: usb-audio: Make sure to stop endpoints before closing EPs (Takashi Iwai) - ASoC: wm8904: fix wrong outputs volume after power reactivation (Emanuele Ghidoli) - scsi: ufs: core: WLUN suspend SSU/enter hibern8 fail recovery (Peter Wang) - scsi: ufs: Stop using the clock scaling lock in the error handler (Bart Van Assche) - scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (Shin'ichiro Kawasaki) - regulator: da9211: Use irq handler when ready (Ricardo Ribalda) - x86/resctrl: Fix task CLOSID/RMID update race (Peter Newman) - EDAC/device: Fix period calculation in edac_device_reset_delay_period() (Eliav Farber) - x86/boot: Avoid using Intel mnemonics in AT&T syntax asm (Peter Zijlstra) - powerpc/imc-pmu: Fix use of mutex in IRQs disabled section (Kajol Jain) - netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function. (Gavrilov Ilia) - sched/core: Fix use-after-free bug in dup_user_cpus_ptr() (Waiman Long) - iommu/mediatek-v1: Fix an error handling path in mtk_iommu_v1_probe() (Christophe JAILLET) - iommu/iova: Fix alloc iova overflows issue (Yunfei Wang) - usb: ulpi: defer ulpi_register on ulpi_read_id timeout (Ferry Toth) - bus: mhi: host: Fix race between channel preparation and M0 event (Qiang Yu) - ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (Herbert Xu) [Orabug: 35005828] {CVE-2023-0394} - ixgbe: fix pci device refcount leak (Yang Yingliang) - platform/x86: sony-laptop: Don't turn off 0x153 keyboard backlight during probe (Hans de Goede) - dt-bindings: msm/dsi: Don't require vcca-supply on 14nm PHY (Konrad Dybcio) - dt-bindings: msm/dsi: Don't require vdds-supply on 10nm PHY (Konrad Dybcio) - drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer (Kuogee Hsieh) - platform/x86: ideapad-laptop: Add Legion 5 15ARH05 DMI id to set_fn_lock_led_list[] (Hans de Goede) - dt-bindings: msm: dsi-phy-28nm: Add missing qcom, dsi-phy-regulator-ldo-mode (Bryan O'Donoghue) - dt-bindings: msm: dsi-controller-main: Fix description of core clock (Bryan O'Donoghue) - dt-bindings: msm: dsi-controller-main: Fix power-domain constraint (Bryan O'Donoghue) - drm/msm/adreno: Make adreno quirks not overwrite each other (Konrad Dybcio) - dt-bindings: msm: dsi-controller-main: Fix operating-points-v2 constraint (Bryan O'Donoghue) - platform/x86: dell-privacy: Fix SW_CAMERA_LENS_COVER reporting (Hans de Goede) - platform/surface: aggregator: Ignore command messages not intended for us (Maximilian Luz) - platform/x86: dell-privacy: Only register SW_CAMERA_LENS_COVER if present (Hans de Goede) - cifs: Fix uninitialized memory read for smb311 posix symlink create (Volker Lendecke) - net/mlx5e: Set action fwd flag when parsing tc action goto (Roi Dayan) - drm/i915/gt: Reset twice (Chris Wilson) - drm/virtio: Fix GEM handle creation UAF (Rob Clark) - s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() (Heiko Carstens) - s390/cpum_sf: add READ_ONCE() semantics to compare and swap loops (Heiko Carstens) - ASoC: qcom: lpass-cpu: Fix fallback SD line index handling (Brian Norris) - s390/kexec: fix ipl report address for kdump (Alexander Egorenkov) - perf auxtrace: Fix address filter duplicate symbol selection (Adrian Hunter) - net: stmmac: add aux timestamps fifo clearance wait (Noor Azura Ahmad Tarmizi) - docs: Fix the docs build with Sphinx 6.0 (Jonathan Corbet) - efi: tpm: Avoid READ_ONCE() for accessing the event log (Ard Biesheuvel) - selftests: kvm: Fix a compile error in selftests/kvm/rseq_test.c (Jinrong Liang) - KVM: arm64: nvhe: Fix build with profile optimization (Denis Nikitin) - KVM: arm64: Fix S1PTW handling on RO memslots (Marc Zyngier) - ALSA: hda/realtek: Enable mute/micmute LEDs on HP Spectre x360 13-aw0xxx (Luka Guzenko) - ALSA: hda/realtek - Turn on power early (Yuchi Yang) - ALSA: control-led: use strscpy in set_led_id() (Jaroslav Kysela) - LTS version: v5.15.88 (Jack Vogel) - ALSA: hda - Enable headset mic on another Dell laptop with ALC3254 (Chris Chiu) - ALSA: hda/hdmi: Add a HP device 0x8715 to force connect list (Adrian Chan) - ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (Clement Lecigne) [Orabug: 34983525] {CVE-2023-0266} - net/ulp: prevent ULP without clone op from entering the LISTEN status (Paolo Abeni) - net: sched: disallow noqueue for qdisc classes (Frederick Lawler) [Orabug: 35005790] {CVE-2022-47929} - serial: fixup backport of 'serial: Deassert Transmit Enable on probe in driver-specific way' (Rasmus Villemoes) - selftests/vm/pkeys: Add a regression test for setting PKRU through ptrace (Kyle Huey) - x86/fpu: Emulate XRSTOR's behavior if the xfeatures PKRU bit is not set (Kyle Huey) - x86/fpu: Allow PKRU to be (once again) written by ptrace. (Kyle Huey) - x86/fpu: Add a pkru argument to copy_uabi_to_xstate() (Kyle Huey) - x86/fpu: Add a pkru argument to copy_uabi_from_kernel_to_xstate(). (Kyle Huey) - x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (Kyle Huey) - parisc: Align parisc MADV_XXX constants with all other architectures (Helge Deller) - LTS version: v5.15.87 (Jack Vogel) - drm/mgag200: Fix PLL setup for G200_SE_A rev >=4 (Jocelyn Falempe) - io_uring: Fix unsigned 'res' comparison with zero in io_fixup_rw_res() (Harshit Mogalapalli) - efi: random: combine bootloader provided RNG seed with RNG protocol output (Ard Biesheuvel) - mbcache: Avoid nesting of cache->c_list_lock under bit locks (Jan Kara) - net: hns3: fix return value check bug of rx copybreak (Jie Wang) - btrfs: make thaw time super block check to also verify checksum (Qu Wenruo) - selftests: set the BUILD variable to absolute path (Muhammad Usama Anjum) - ext4: don't allow journal inode to have encrypt flag (Eric Biggers) - mptcp: use proper req destructor for IPv6 (Matthieu Baerts) - mptcp: dedicated request sock for subflow in v6 (Matthieu Baerts) - Revert 'ACPI: PM: Add support for upcoming AMD uPEP HID AMDI007' (Mario Limonciello) - ksmbd: check nt_len to be at least CIFS_ENCPWD_SIZE in ksmbd_decode_ntlmssp_auth_blob (William Liu) - ksmbd: fix infinite loop in ksmbd_conn_handler_loop() (Namjae Jeon) - hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (Linus Torvalds) - hfs/hfsplus: use WARN_ON for sanity check (Arnd Bergmann) - drm/i915/gvt: fix vgpu debugfs clean in remove (Zhenyu Wang) - drm/i915/gvt: fix gvt debugfs destroy (Zhenyu Wang) - riscv, kprobes: Stricter c.jr/c.jalr decoding (Bjorn Topel) - riscv: uaccess: fix type of 0 variable on error in get_user() (Ben Dooks) - thermal: int340x: Add missing attribute for data rate base (Srinivas Pandruvada) - io_uring: fix CQ waiting timeout handling (Pavel Begunkov) - block: don't allow splitting of a REQ_NOWAIT bio (Jens Axboe) - fbdev: matroxfb: G200eW: Increase max memory from 1 MB to 16 MB (Paul Menzel) - nfsd: fix handling of readdir in v4root vs. mount upcall timeout (Jeff Layton) - x86/bugs: Flush IBP in ib_prctl_set() (Rodrigo Branco) - x86/kexec: Fix double-free of elf header buffer (Takashi Iwai) - btrfs: check superblock to ensure the fs was not modified at thaw time (Qu Wenruo) - nvme: also return I/O command effects from nvme_command_effects (Christoph Hellwig) - nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it (Christoph Hellwig) - io_uring: check for valid register opcode earlier (Jens Axboe) - nvme: fix multipath crash caused by flush request when blktrace is enabled (Yanjun Zhang) - ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet (Hans de Goede) - udf: Fix extension of the last extent in the file (Jan Kara) - caif: fix memory leak in cfctrl_linkup_request() (Zhengchao Shao) - drm/i915: unpin on error in intel_vgpu_shadow_mm_pin() (Dan Carpenter) - perf stat: Fix handling of --for-each-cgroup with --bpf-counters to match non BPF mode (Namhyung Kim) - usb: rndis_host: Secure rndis_query check against int overflow (Szymon Heidrich) - octeontx2-pf: Fix lmtst ID used in aura free (Geetha sowjanya) - drivers/net/bonding/bond_3ad: return when there's no aggregator (Daniil Tatianin) - fs/ntfs3: don't hold ni_lock when calling truncate_setsize() (Tetsuo Handa) - drm/imx: ipuv3-plane: Fix overlay plane width (Philipp Zabel) - perf tools: Fix resources leak in perf_data__open_dir() (Miaoqian Lin) - netfilter: ipset: Rework long task execution when adding/deleting entries (Jozsef Kadlecsik) - netfilter: ipset: fix hash:net,port,net hang with /0 subnet (Jozsef Kadlecsik) - net: sparx5: Fix reading of the MAC address (Horatiu Vultur) - net: sched: cbq: dont intepret cls results when asked to drop (Jamal Hadi Salim) [Orabug: 34983582] {CVE-2023-23454} - net: sched: atm: dont intepret cls results when asked to drop (Jamal Hadi Salim) [Orabug: 34983613] {CVE-2023-23455} - gpio: sifive: Fix refcount leak in sifive_gpio_probe (Miaoqian Lin) - ceph: switch to vfs_inode_has_locks() to fix file lock bug (Xiubo Li) - filelock: new helper: vfs_inode_has_locks (Jeff Layton) - drm/meson: Reduce the FIFO lines held when AFBC is not used (Carlo Caione) - RDMA/mlx5: Fix validation of max_rd_atomic caps for DC (Maor Gottlieb) - RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device (Shay Drory) - net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe (Miaoqian Lin) - net: ena: Update NUMA TPH hint register upon NUMA node update (David Arinzon) - net: ena: Set default value for RX interrupt moderation (David Arinzon) - net: ena: Fix rx_copybreak value update (David Arinzon) - net: ena: Use bitmask to indicate packet redirection (David Arinzon) - net: ena: Account for the number of processed bytes in XDP (David Arinzon) - net: ena: Don't register memory info on XDP exchange (David Arinzon) - net: ena: Fix toeplitz initial hash value (David Arinzon) - net: amd-xgbe: add missed tasklet_kill (Jiguang Xiao) - net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (Adham Faris) - net/mlx5e: Always clear dest encap in neigh-update-del (Chris Mi) - net/mlx5e: TC, Refactor mlx5e_tc_add_flow_mod_hdr() to get flow attr (Roi Dayan) - net/mlx5e: IPoIB, Don't allow CQE compression to be turned on by default (Dragos Tatulea) - net/mlx5: Avoid recovery in probe flows (Shay Drory) - net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (Jiri Pirko) - net/mlx5: E-Switch, properly handle ingress tagged packets on VST (Moshe Shemesh) - vdpa_sim: fix vringh initialization in vdpasim_queue_ready() (Stefano Garzarella) - vhost: fix range used in translate_desc() (Stefano Garzarella) - vringh: fix range used in iotlb_translate() (Stefano Garzarella) - vhost/vsock: Fix error handling in vhost_vsock_init() (Yuan Can) - vdpa_sim: fix possible memory leak in vdpasim_net_init() and vdpasim_blk_init() (ruanjinjie) - nfc: Fix potential resource leaks (Miaoqian Lin) - net: dsa: mv88e6xxx: depend on PTP conditionally (Johnny S. Lee) - qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure (Daniil Tatianin) - net: sched: fix memory leak in tcindex_set_parms (Hawkins Jiawei) - net: hns3: fix VF promisc mode not update when mac table full (Jian Shen) - net: hns3: fix miss L3E checking for rx packet (Jian Shen) - net: hns3: extract macro to simplify ring stats update code (Peng Li) - net: hns3: refactor hns3_nic_reuse_page() (Hao Chen) - net: hns3: add interrupts re-initialization while doing VF FLR (Jie Wang) - nfsd: shut down the NFSv4 state objects before the filecache (Jeff Layton) - veth: Fix race with AF_XDP exposing old or uninitialized descriptors (Shawn Bohrer) - netfilter: nf_tables: honor set timeout and garbage collection updates (Pablo Neira Ayuso) - vmxnet3: correctly report csum_level for encapsulated packet (Ronak Doshi) - netfilter: nf_tables: perform type checking for existing sets (Pablo Neira Ayuso) - netfilter: nf_tables: add function to create set stateful expressions (Pablo Neira Ayuso) - netfilter: nf_tables: consolidate set description (Pablo Neira Ayuso) - drm/panfrost: Fix GEM handle creation ref-counting (Steven Price) - bpf: pull before calling skb_postpull_rcsum() (Jakub Kicinski) - btrfs: fix an error handling path in btrfs_defrag_leaves() (Sasha Levin) - SUNRPC: ensure the matching upcall is in-flight upon downcall (minoura makoto) - drm/i915/migrate: fix length calculation (Matthew Auld) - drm/i915/migrate: fix offset calculation (Matthew Auld) - drm/i915/migrate: don't check the scratch page (Matthew Auld) - ext4: fix deadlock due to mbcache entry corruption (Jan Kara) - mbcache: automatically delete entries from cache on freeing (Jan Kara) - ext4: correct inconsistent error msg in nojournal mode (Baokun Li) - ext4: goto right label 'failed_mount3a' (Jason Yan) - ravb: Fix 'failed to switch device to config mode' message during unbind (Biju Das) - perf probe: Fix to get the DW_AT_decl_file and DW_AT_call_file as unsinged data (Masami Hiramatsu (Google)) - perf probe: Use dwarf_attr_integrate as generic DWARF attr accessor (Masami Hiramatsu (Google)) - media: s5p-mfc: Fix in register read and write for H264 (Smitha T Murthy) - media: s5p-mfc: Clear workbit to handle error condition (Smitha T Murthy) - media: s5p-mfc: Fix to handle reference queue during finishing (Smitha T Murthy) - x86/MCE/AMD: Clear DFR errors found in THR handler (Yazen Ghannam) - x86/mce: Get rid of msr_ops (Borislav Petkov) - btrfs: fix extent map use-after-free when handling missing device in read_one_chunk (void0red) - btrfs: move missing device handling in a dedicate function (Nikolay Borisov) - btrfs: replace strncpy() with strscpy() (Sasha Levin) - phy: qcom-qmp-combo: fix out-of-bounds clock access (Sasha Levin) - ARM: renumber bits related to _TIF_WORK_MASK (Jens Axboe) - ext4: fix off-by-one errors in fast-commit block filling (Eric Biggers) - ext4: fix unaligned memory access in ext4_fc_reserve_space() (Eric Biggers) - ext4: add missing validation of fast-commit record lengths (Eric Biggers) - ext4: don't set up encryption key during jbd2 transaction (Eric Biggers) - ext4: disable fast-commit of encrypted dir operations (Eric Biggers) - ext4: fix potential out of bound read in ext4_fc_replay_scan() (Eric Biggers) - ext4: factor out ext4_fc_get_tl() (Eric Biggers) - ext4: introduce EXT4_FC_TAG_BASE_LEN helper (Eric Biggers) - ext4: use ext4_debug() instead of jbd_debug() (Eric Biggers) - ext4: remove unused enum EXT4_FC_COMMIT_FAILED (Eric Biggers) - tracing: Fix issue of missing one synthetic field (Zheng Yejian) - block: mq-deadline: Fix dd_finish_request() for zoned devices (Damien Le Moal) - drm/amdgpu: make display pinning more flexible (v2) (Alex Deucher) - drm/amdgpu: handle polaris10/11 overlap asics (v2) (Alex Deucher) - ext4: allocate extended attribute value in vmalloc area (Ye Bin) - ext4: avoid unaccounted block allocation when expanding inode (Jan Kara) - ext4: initialize quota before expanding inode in setproject ioctl (Jan Kara) - ext4: fix inode leak in ext4_xattr_inode_create() on an error path (Ye Bin) - ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (Ye Bin) - ext4: avoid BUG_ON when creating xattrs (Jan Kara) - ext4: fix error code return to user-space in ext4_get_branch() (Luis Henriques) - ext4: fix corruption when online resizing a 1K bigalloc fs (Baokun Li) - ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline (Eric Whitney) - ext4: init quota for 'old.inode' in 'ext4_rename' (Ye Bin) - ext4: fix uninititialized value in 'ext4_evict_inode' (Ye Bin) - ext4: fix leaking uninitialized memory in fast-commit journal (Eric Biggers) - ext4: fix bug_on in __es_tree_search caused by bad boot loader inode (Baokun Li) - ext4: check and assert if marking an no_delete evicting inode dirty (Zhang Yi) - ext4: fix reserved cluster accounting in __es_remove_extent() (Ye Bin) - ext4: fix bug_on in __es_tree_search caused by bad quota inode (Baokun Li) - ext4: add helper to check quota inums (Baokun Li) - ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode (Baokun Li) - ext4: fix undefined behavior in bit shift for ext4_check_flag_values (Gaosheng Cui) - ext4: fix use-after-free in ext4_orphan_cleanup (Baokun Li) - fs: ext4: initialize fsdata in pagecache_write() (Alexander Potapenko) - ext4: remove trailing newline from ext4_msg() message (Luis Henriques) - ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop (Baokun Li) - ext4: silence the warning when evicting inode with dioread_nolock (Zhang Yi) - drm/ingenic: Fix missing platform_driver_unregister() call in ingenic_drm_init() (Yuan Can) - drm/i915/dsi: fix VBT send packet port selection for dual link DSI (Mikko Kovanen) - drm/vmwgfx: Validate the box size for the snooped cursor (Zack Rusin) - drm/connector: send hotplug uevent on connector cleanup (Simon Ser) - device_cgroup: Roll back to original exceptions after copy failure (Wang Weiyang) - parisc: led: Fix potential null-ptr-deref in start_task() (Shang XiaoJing) - remoteproc: core: Do pm_relax when in RPROC_OFFLINE state (Maria Yu) - iommu/amd: Fix ivrs_acpihid cmdline parsing code (Kim Phillips) - phy: qcom-qmp-combo: fix sc8180x reset (Johan Hovold) - driver core: Fix bus_type.match() error handling in __driver_attach() (Isaac J. Manjarres) - crypto: ccp - Add support for TEE for PCI ID 0x14CA (Mario Limonciello) - crypto: n2 - add missing hash statesize (Corentin Labbe) - riscv: mm: notify remote harts about mmu cache updates (Sergey Matyukevich) - riscv: stacktrace: Fixup ftrace_graph_ret_addr retp argument (Guo Ren) - PCI/sysfs: Fix double free in error path (Sascha Hauer) - PCI: Fix pci_device_is_present() for VFs by checking PF (Michael S. Tsirkin) - ipmi: fix use after free in _ipmi_destroy_user() (Dan Carpenter) - ima: Fix a potential NULL pointer access in ima_restore_measurement_list (Huaxin Lu) - mtd: spi-nor: Check for zero erase size in spi_nor_find_best_erase_type() (Alexander Sverdlin) - ipmi: fix long wait in unload when IPMI disconnect (Zhang Yuchen) - ipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection() (Maximilian Luz) - ASoC: jz4740-i2s: Handle independent FIFO flush bits (Aidan MacDonald) - wifi: wilc1000: sdio: fix module autoloading (Michael Walle) - efi: Add iMac Pro 2017 to uefi skip cert quirk (Aditya Garg) - md/bitmap: Fix bitmap chunk size overflow issues (Florian-Ewald Mueller) - block: mq-deadline: Do not break sequential write streams to zoned HDDs (Damien Le Moal) - rtc: ds1347: fix value written to century register (Ian Abbott) - cifs: fix missing display of three mount options (Steve French) - cifs: fix confusing debug message (Paulo Alcantara) - media: dvb-core: Fix UAF due to refcount races at releasing (Takashi Iwai) [Orabug: 34820628] {CVE-2022-41218} - media: dvb-core: Fix double free in dvb_register_device() (Keita Suzuki) - ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod (Nick Desaulniers) - staging: media: tegra-video: fix device_node use after free (Luca Ceresoli) - staging: media: tegra-video: fix chan->mipi value on error (Luca Ceresoli) - tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line (Yang Jihong) - tracing/probes: Handle system names with hyphens (Steven Rostedt (Google)) - tracing/hist: Fix wrong return value in parse_action_params() (Zheng Yejian) - tracing: Fix complicated dependency of CONFIG_TRACER_MAX_TRACE (Masami Hiramatsu (Google)) - tracing: Fix race where eprobes can be called before the event (Steven Rostedt (Google)) - x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (Masami Hiramatsu (Google)) - x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK (Masami Hiramatsu (Google)) - ftrace/x86: Add back ftrace_expected for ftrace bug reports (Steven Rostedt (Google)) - x86/microcode/intel: Do not retry microcode reloading on the APs (Ashok Raj) - KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1 (Sean Christopherson) - KVM: nVMX: Inject #GP, not #UD, if 'generic' VMXON CR0/CR4 check fails (Sean Christopherson) - KVM: VMX: Resume guest immediately when injecting #GP on ECREATE (Sean Christopherson) - of/kexec: Fix reading 32-bit 'linux,initrd-{start,end}' values (Rob Herring) - perf/core: Call LSM hook after copying perf_event_attr (Namhyung Kim) - tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx' (Zheng Yejian) - dm cache: set needs_check flag after aborting metadata (Mike Snitzer) - dm cache: Fix UAF in destroy() (Luo Meng) - dm clone: Fix UAF in clone_dtr() (Luo Meng) - dm integrity: Fix UAF in dm_integrity_dtr() (Luo Meng) - dm thin: Fix UAF in run_timer_softirq() (Luo Meng) - dm thin: resume even if in FAIL mode (Luo Meng) - dm thin: Use last transaction's pmd->root when commit failed (Zhihao Cheng) - dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (Zhihao Cheng) - dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (Mike Snitzer) - mptcp: remove MPTCP 'ifdef' in TCP SYN cookies (Matthieu Baerts) - mptcp: mark ops structures as ro_after_init (Florian Westphal) - fs: dlm: retry accept() until -EAGAIN or error returns (Alexander Aring) - fs: dlm: fix sock release if listen fails (Alexander Aring) - ALSA: hda/realtek: Apply dual codec fixup for Dell Latitude laptops (Chris Chiu) - ALSA: patch_realtek: Fix Dell Inspiron Plus 16 (Philipp Jungkamp) - cpufreq: Init completion before kobject_init_and_add() (Yongqiang Liu) - PM/devfreq: governor: Add a private governor_data for governor (Kant Fan) - selftests: Use optional USERCFLAGS and USERLDFLAGS (Mickael Salaun) - arm64: dts: qcom: sdm850-lenovo-yoga-c630: correct I2C12 pins drive strength (Krzysztof Kozlowski) - ARM: ux500: do not directly dereference __iomem (Jason A. Donenfeld) - btrfs: fix resolving backrefs for inline extent followed by prealloc (Boris Burkov) - mmc: sdhci-sprd: Disable CLK_AUTO when the clock is less than 400K (Wenchao Chen) - arm64: dts: qcom: sdm845-db845c: correct SPI2 pins drive strength (Krzysztof Kozlowski) - perf/x86/intel/uncore: Clear attr_update properly (Alexander Antonov) - perf/x86/intel/uncore: Disable I/O stacks to PMU mapping on ICX-D (Alexander Antonov) - jbd2: use the correct print format (Bixuan Cui) - ktest.pl minconfig: Unset configs instead of just removing them (Steven Rostedt) - kest.pl: Fix grub2 menu handling for rebooting (Steven Rostedt) - soc: qcom: Select REMAP_MMIO for LLCC driver (Manivannan Sadhasivam) - media: stv0288: use explicitly signed char (Jason A. Donenfeld) - net/af_packet: make sure to pull mac header (Eric Dumazet) - net/af_packet: add VLAN support for AF_PACKET SOCK_RAW GSO (Hangbin Liu) - rcu-tasks: Simplify trc_read_check_handler() atomic operations (Paul E. McKenney) - ASoC/SoundWire: dai: expand 'stream' concept beyond SoundWire (Pierre-Louis Bossart) - ASoC: Intel/SOF: use set_stream() instead of set_tdm_slots() for HDAudio (Pierre-Louis Bossart) - kcsan: Instrument memcpy/memset/memmove with newer Clang (Marco Elver) - SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails (Chuck Lever) - tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak (Hanjun Guo) - tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak (Hanjun Guo) - tpm: acpi: Call acpi_put_table() to fix memory leak (Hanjun Guo) - mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING (Deren Wu) - f2fs: allow to read node block after shutdown (Jaegeuk Kim) - f2fs: should put a page when checking the summary info (Pavel Machek) - mm, compaction: fix fast_isolate_around() to stay within boundaries (NARIBAYASHI Akira) - md: fix a crash in mempool_free (Mikulas Patocka) - mfd: mt6360: Add bounds checking in Regmap read/write call-backs (ChiYuan Huang) - pnode: terminate at peers of source (Christian Brauner) - ALSA: line6: fix stack overflow in line6_midi_transmit (Artem Egorkine) - ALSA: line6: correct midi status byte when receiving data from podxt (Artem Egorkine) - ovl: Use ovl mounter's fsuid and fsgid in ovl_link() (Zhang Tianci) - binfmt: Fix error return code in load_elf_fdpic_binary() (Wang Yufen) - hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (Aditya Garg) - pstore/zone: Use GFP_ATOMIC to allocate zone buffer (Qiujun Huang) - pstore: Properly assign mem_type property (Luca Stefani) - HID: plantronics: Additional PIDs for double volume key presses quirk (Terry Junge) - HID: multitouch: fix Asus ExpertBook P2 P2451FA trackpoint (Jose Exposito) - powerpc/rtas: avoid scheduling in rtas_os_term() (Nathan Lynch) - powerpc/rtas: avoid device tree lookups in rtas_os_term() (Nathan Lynch) - objtool: Fix SEGFAULT (Christophe Leroy) - fs/ntfs3: Fix slab-out-of-bounds in r_page (Yin Xiujiang) - fs/ntfs3: Delete duplicate condition in ntfs_read_mft() (Dan Carpenter) - fs/ntfs3: Use __GFP_NOWARN allocation at ntfs_fill_super() (Tetsuo Handa) - fs/ntfs3: Use __GFP_NOWARN allocation at wnd_init() (Tetsuo Handa) - fs/ntfs3: Validate index root when initialize NTFS security (Edward Lo) - soundwire: dmi-quirks: add quirk variant for LAPBC710 NUC15 (Pierre-Louis Bossart) - fs/ntfs3: Fix slab-out-of-bounds read in run_unpack (Hawkins Jiawei) - fs/ntfs3: Validate resident attribute name (Edward Lo) - fs/ntfs3: Validate buffer length while parsing index (Edward Lo) - fs/ntfs3: Validate attribute name offset (Edward Lo) - fs/ntfs3: Add null pointer check for inode operations (Edward Lo) - fs/ntfs3: Fix memory leak on ntfs_fill_super() error path (Shigeru Yoshida) - fs/ntfs3: Add null pointer check to attr_load_runs_vcn (Edward Lo) - fs/ntfs3: Validate data run offset (Edward Lo) - fs/ntfs3: Add overflow check for attribute size (edward lo) - fs/ntfs3: Validate BOOT record_size (edward lo) - nvmet: don't defer passthrough commands with trivial effects to the workqueue (Christoph Hellwig) - nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (Christoph Hellwig) - ata: ahci: Fix PCS quirk application for suspend (Adam Vodopjan) - block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq (Yu Kuai) - ACPI: resource: do IRQ override on Lenovo 14ALC7 (Adrian Freund) - ACPI: resource: do IRQ override on XMG Core 15 (Erik Schumacher) - ACPI: resource: do IRQ override on LENOVO IdeaPad (Jiri Slaby (SUSE)) - ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA (Tamim Khan) - nvme-pci: fix page size checks (Keith Busch) - nvme-pci: fix mempool alloc size (Keith Busch) - nvme-pci: fix doorbell buffer value endianness (Klaus Jensen) - cifs: fix oops during encryption (Paulo Alcantara) - usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init (Miaoqian Lin) - IB/mlx4: Implement backend callback for 'ib_get_vector_irqn' (Gerd Rausch) [Orabug: 34276618] - net/rds: Split send & receive vectors again (Gerd Rausch) [Orabug: 34276609] - drivers: base: cacheinfo: export symbol 'get_cpu_cacheinfo' (Gerd Rausch) [Orabug: 34276609] - net/rds: Bring tasklets back for better latency (Gerd Rausch) [Orabug: 34276240] - net/rds: Throttle check for CQ CPU affinity (Gerd Rausch) [Orabug: 34276240] - net/rds: Follow the observed CQ CPU affinity (Gerd Rausch) [Orabug: 34276240] - net/rds: Add 'preferred_cpu' option to 'rds_rdma.ko' (Gerd Rausch) [Orabug: 34276240] - net/mlx5: Add new verb 'ib_get_vector_irqn' (Gerd Rausch) [Orabug: 34276240] - net/rds: Use the preferred_cpu in rds_queue_{,delayed}_work (Gerd Rausch) [Orabug: 34276240] - net/rds: Make workers use the designated CPU (Gerd Rausch) [Orabug: 34276240] - net/rds: Put more CPU cores to work (Gerd Rausch) [Orabug: 34276240] - net/rds: Get rid of tasklets (Gerd Rausch) [Orabug: 34276240] - net/rds: Use the same vector for send & receive (Gerd Rausch) [Orabug: 34276240] - net/rds: Allocate rds_ib_{incoming,frag}_slab on HCA NUMA nodeid (Gerd Rausch) [Orabug: 34276240] - net/rds: Allocate pages on HCA NUMA nodeid (Gerd Rausch) [Orabug: 34276240] - uek-rpm: [act|cls]_bpf should be part of core (Alan Maguire) [Orabug: 34551630] - net/rds: Do not RESET_ALT_CONN if conn drops with DR_IB_DISCONNECTED_EVENT (Sharath Srinivasan) [Orabug: 34864406] - rds: ib: Keep IB MRs on clean_list unless we are tearing down the pool (Hakon Bugge) [Orabug: 34987233] - rds: ib: Add FRWR related statistics counters (Hakon Bugge) [Orabug: 34987233] - scsi: megaraid_sas: Skip syncing the RAID map on older controllers (Martin K. Petersen) [Orabug: 35028425] - iommu/amd: Don't block updates to GATag if guest mode is already on (Joao Martins) [Orabug: 34988288] - IB/core: Make GID table entry (gid_idx) available immediately (Konrad Rzeszutek Wilk) [Orabug: 35015836] - iommu/amd: Disable AVIC on certain systems BIOS (Joao Martins) [Orabug: 35018580] - xfs: fix incorrect i_nlink caused by inode racing (Long Li) [Orabug: 35021004] IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-23455 CVE-2022-4129 CVE-2023-23454 CVE-2023-0266 CVE-2023-23559 CVE-2023-0394 CVE-2022-41218 CVE-2022-47929 cpe:/a:oracle:linux:8::UEKR7 cpe:/o:oracle:linux:9:1:baseos_patch cpe:/a:oracle:linux:9::UEKR7 cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 8 Oracle Linux 9 [5.15.0-100.96.32] - crypto: Report fips module name and version for aarch64 (Saeed Mirzamohammadi) [Orabug: 35225251] - uek-rpm: Enable RFC7919 config for aarch64 (Saeed Mirzamohammadi) [Orabug: 35225251] [5.15.0-100.96.31] - uek-rpm: Update linux-firmware dependency (Somasundaram Krishnasamy) [Orabug: 35213423] - block: bio-integrity: Copy flags when bio_integrity_payload is cloned (Martin K. Petersen) [Orabug: 35209013] - scsi: qla2xxx: Synchronize the IOCB count to be in order (Quinn Tran) [Orabug: 35209013] - scsi: qla2xxx: Perform lockless command completion in abort path (Nilesh Javali) [Orabug: 35209013] [5.15.0-100.96.30] - perf/x86/uncore: Don't WARN_ON_ONCE() for a broken discovery table (Kan Liang) [Orabug: 35151818] - perf/x86/uncore: Add a quirk for UPI on SPR (Kan Liang) [Orabug: 35151818] - perf/x86/uncore: Ignore broken units in discovery table (Kan Liang) [Orabug: 35151818] - perf/x86/uncore: Fix potential NULL pointer in uncore_get_alias_name (Kan Liang) [Orabug: 35151818] - perf/x86/uncore: Factor out uncore_device_to_die() (Kan Liang) [Orabug: 35151818] - Revert 'perf/x86/uncore: Factor out uncore_device_to_die()' (Thomas Tai) [Orabug: 35151818] - Revert 'perf/x86/uncore: Fix potential NULL pointer in uncore_get_alias_name' (Thomas Tai) [Orabug: 35151818] - Revert 'perf/x86/uncore: Ignore broken units in discovery table' (Thomas Tai) [Orabug: 35151818] - Revert 'perf/x86/uncore: Add a quirk for UPI on SPR' (Thomas Tai) [Orabug: 35151818] - Revert 'perf/x86/uncore: Don't WARN_ON_ONCE() for a broken discovery table' (Thomas Tai) [Orabug: 35151818] - ionic: remove unnecessary void casts (Shannon Nelson) [Orabug: 35166570] - ionic: remove unnecessary indirection (Shannon Nelson) [Orabug: 35166570] - ionic: missed doorbell workaround (Allen Hubbe) [Orabug: 35166570] - ionic: refactor use of ionic_rx_fill() (Neel Patel) [Orabug: 35166570] - ionic: enable tunnel offloads (Neel Patel) [Orabug: 35166570] - ionic: new ionic device identity level and VF start control (Shannon Nelson) [Orabug: 35166570] - ionic: only save the user set VF attributes (Shannon Nelson) [Orabug: 35166570] - ionic: replay VF attributes after fw crash recovery (Shannon Nelson) [Orabug: 35166570] - ionic: change order of devlink port register and netdev register (Jiri Pirko) [Orabug: 35166570] - ionic: no transition while stopping (Shannon Nelson) [Orabug: 35166570] - ionic: use vmalloc include (Shannon Nelson) [Orabug: 35166570] - ionic: clean up comments and whitespace (Shannon Nelson) [Orabug: 35166570] - ionic: prefer strscpy over strlcpy (Shannon Nelson) [Orabug: 35166570] - ionic: Use vzalloc for large per-queue related buffers (Brett Creeley) [Orabug: 35166570] - ionic: catch transition back to RUNNING with fw_generation 0 (Shannon Nelson) [Orabug: 35166570] - ionic: replace set_vf data with union (Shannon Nelson) [Orabug: 35166570] - ionic: stretch heartbeat detection (Shannon Nelson) [Orabug: 35166570] - ionic: remove the dbid_inuse bitmap (Shannon Nelson) [Orabug: 35166570] - ionic: disable napi when ionic_lif_init() fails (Brett Creeley) [Orabug: 35166570] - ionic: Cleanups in the Tx hotpath code (Brett Creeley) [Orabug: 35166570] - ionic: Prevent filter add/del err msgs when the device is not available (Brett Creeley) [Orabug: 35166570] - ionic: Query FW when getting VF info via ndo_get_vf_config (Brett Creeley) [Orabug: 35166570] - ionic: Allow flexibility for error reporting on dev commands (Brett Creeley) [Orabug: 35166570] - ionic: Correctly print AQ errors if completions aren't received (Brett Creeley) [Orabug: 35166570] - ionic: fix up printing of timeout error (Shannon Nelson) [Orabug: 35166570] - ionic: better handling of RESET event (Shannon Nelson) [Orabug: 35166570] - ionic: add FW_STOPPING state (Shannon Nelson) [Orabug: 35166570] - ionic: separate function for watchdog init (Shannon Nelson) [Orabug: 35166570] - ionic: no devlink_unregister if not registered (Shannon Nelson) [Orabug: 35166570] - ionic: tame the filter no space message (Shannon Nelson) [Orabug: 35166570] - ionic: allow adminq requests to override default error message (Shannon Nelson) [Orabug: 35166570] - ionic: handle vlan id overflow (Shannon Nelson) [Orabug: 35166570] - ionic: generic filter delete (Shannon Nelson) [Orabug: 35166570] - ionic: generic filter add (Shannon Nelson) [Orabug: 35166570] - ionic: add generic filter search (Shannon Nelson) [Orabug: 35166570] - ionic: remove mac overflow flags (Shannon Nelson) [Orabug: 35166570] - ionic: move lif mac address functions (Shannon Nelson) [Orabug: 35166570] - ionic: add filterlist to debugfs (Shannon Nelson) [Orabug: 35166570] - ionic: add lif param to ionic_qcq_disable (Shannon Nelson) [Orabug: 35166570] - ionic: have ionic_qcq_disable decide on sending to hardware (Shannon Nelson) [Orabug: 35166570] - ionic: add polling to adminq wait (Shannon Nelson) [Orabug: 35166570] - ionic: move lif mutex setup and delete (Shannon Nelson) [Orabug: 35166570] - ionic: check for binary values in FW ver string (Shannon Nelson) [Orabug: 35166570] - ionic: remove debug stats (Shannon Nelson) [Orabug: 35166570] - ionic: Move devlink registration to be last devlink command (Leon Romanovsky) [Orabug: 35166570] - crypto: jitter - update max health test failure in FIPS mode (Saeed Mirzamohammadi) [Orabug: 35160891] - mm: use padata for copying page ranges in vma_dup() (Anthony Yznaga) [Orabug: 35054621] - mm: parallelize unmap_page_range() for some large VMAs (Anthony Yznaga) [Orabug: 35054621] - mm: fix VMA_BUG_ON_MM due to mmap_lock not held (Anthony Yznaga) [Orabug: 35054621] - mm: avoid early cow when copying ptes for MADV_DOEXEC (Anthony Yznaga) [Orabug: 35054621] - net/rds: serialize up+down-work to relax strict ordering (Gerd Rausch) [Orabug: 35094721] - nvme-pci: add NVME_QUIRK_BOGUS_NID for Samsung PM1733a (Saeed Mirzamohammadi) [Orabug: 35145945] - nvme-pci: add NVME_QUIRK_BOGUS_NID for Samsung PM173X (Saeed Mirzamohammadi) [Orabug: 35146608] - rds: ib: Fix non-parenthetical mutex/semaphore use (Hakon Bugge) [Orabug: 35155112] - Revert 'btrfs: free device in btrfs_close_devices for a single device filesystem' (Vijayendra Suman) [Orabug: 35161535] [5.15.0-100.96.29] - NFSD: register/unregister of nfsd-client shrinker at nfsd startup/shutdown time (Dai Ngo) [Orabug: 35059907] - NFSD: refactoring courtesy_client_reaper to a generic low memory shrinker (Dai Ngo) [Orabug: 35059907] - NFSD: unregister shrinker when nfsd_init_net() fails (Tetsuo Handa) [Orabug: 35059907] - NFSD: add shrinker to reap courtesy clients on low memory condition (Dai Ngo) [Orabug: 35059907] - NFSD: keep track of the number of courtesy clients in the system (Dai Ngo) [Orabug: 35059907] - crypto: drbg - oversampling of Jitter RNG (Saeed Mirzamohammadi) [Orabug: 35141114] - crypto: tcrypt - KAT for ffdhe* algorithms (Saeed Mirzamohammadi) [Orabug: 35141114] - crypto: jitter - panic on health test failure (Saeed Mirzamohammadi) [Orabug: 35141114] - scsi: qla2xxx: Update version to 10.02.08.100-k (Nilesh Javali) [Orabug: 35007285] - scsi: qla2xxx: Fix IOCB resource check warning (Nilesh Javali) [Orabug: 35007285] - scsi: qla2xxx: Remove increment of interface err cnt (Saurav Kashyap) [Orabug: 35007285] - scsi: qla2xxx: Fix erroneous link down (Quinn Tran) [Orabug: 35007285] - scsi: qla2xxx: Remove unintended flag clearing (Quinn Tran) [Orabug: 35007285] - scsi: qla2xxx: Fix stalled login (Quinn Tran) [Orabug: 35007285] - scsi: qla2xxx: Fix exchange oversubscription for management commands (Quinn Tran) [Orabug: 35007285] - scsi: qla2xxx: Fix exchange oversubscription (Quinn Tran) [Orabug: 35007285] - scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests (Arun Easi) [Orabug: 35007285] - scsi: qla2xxx: Fix link failure in NPIV environment (Quinn Tran) [Orabug: 35007285] - scsi: qla2xxx: Check if port is online before sending ELS (Shreyas Deodhar) [Orabug: 35007285] - scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV hosts (Gleb Chesnokov) [Orabug: 35007285] - scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization (Gleb Chesnokov) [Orabug: 35007285] - scsi: qla2xxx: Remove unused variable 'found_devs' (Colin Ian King) [Orabug: 35007285] - scsi: qla2xxx: Fix serialization of DCBX TLV data request (Rafael Mendonca) [Orabug: 35007285] - scsi: qla2xxx: Remove unused declarations for qla2xxx (Gaosheng Cui) [Orabug: 35007285] - scsi: qla2xxx: Fix spelling mistake 'definiton' -> 'definition' (Colin Ian King) [Orabug: 35007285] - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (Mike Christie) [Orabug: 35007285] - ACPI: processor: idle: Disable ACPI C-state probing for xen hvm guest (Joe Jin) [Orabug: 35043629] - uek-rpm: x86_64 enable CONFIG_SLS (Maciej S. Szmigiero) [Orabug: 35073535] - net: qede: Remove unnecessary synchronize_irq() before free_irq() (Minghao Chi) [Orabug: 34901373] - uek-rpm: Disable CONFIG_USB_NET_RNDIS_WLAN (Rhythm Mahajan) [Orabug: 35037701] - certs: Add FIPS selftests (David Howells) [Orabug: 35080500] - certs: Move load_certificate_list() to be with the asymmetric keys code (David Howells) [Orabug: 35080500] - uek-rpm: Enable RFC7919 config (Saeed Mirzamohammadi) [Orabug: 35080500] - Revert 'KVM: x86/xen: Maintain valid mapping of Xen shared_info page' (Vijayendra Suman) [Orabug: 34929435] - Revert 'KVM: x86: Fix wall clock writes in Xen shared_info not to mark page dirty' (Vijayendra Suman) [Orabug: 34929435] - Revert 'crypto: rsa - flag instantiations as FIPS compliant' (Saeed Mirzamohammadi) [Orabug: 35054646] - uek-rpm/config-aarch64: Enable CONFIG_CLK_RASPBERRYPI (Vijay Kumar) [Orabug: 35018498] - vfio/mlx5: Allow loading of larger images than 512 MB (Yishai Hadas) [Orabug: 35027279] - vfio/mlx5: Fix UBSAN note (Yishai Hadas) [Orabug: 35027279] - vfio/mlx5: error pointer dereference in error handling (Dan Carpenter) [Orabug: 35027279] - vfio/mlx5: fix error code in mlx5vf_precopy_ioctl() (Dan Carpenter) [Orabug: 35027279] - vfio/mlx5: Enable MIGRATION_PRE_COPY flag (Shay Drory) [Orabug: 35027279] - vfio/mlx5: Fallback to STOP_COPY upon specific PRE_COPY error (Shay Drory) [Orabug: 35027279] - vfio/mlx5: Introduce multiple loads (Yishai Hadas) [Orabug: 35027279] - vfio/mlx5: Consider temporary end of stream as part of PRE_COPY (Yishai Hadas) [Orabug: 35027279] - vfio/mlx5: Introduce vfio precopy ioctl implementation (Yishai Hadas) [Orabug: 35027279] - vfio/mlx5: Introduce SW headers for migration states (Yishai Hadas) [Orabug: 35027279] - vfio/mlx5: Introduce device transitions of PRE_COPY (Yishai Hadas) [Orabug: 35027279] - vfio/mlx5: Refactor to use queue based data chunks (Yishai Hadas) [Orabug: 35027279] - vfio/mlx5: Refactor migration file state (Yishai Hadas) [Orabug: 35027279] - vfio/mlx5: Refactor MKEY usage (Yishai Hadas) [Orabug: 35027279] - vfio/mlx5: Refactor PD usage (Yishai Hadas) [Orabug: 35027279] - vfio/mlx5: Enforce a single SAVE command at a time (Yishai Hadas) [Orabug: 35027279] - vfio: Extend the device migration protocol with PRE_COPY (Jason Gunthorpe) [Orabug: 35027279] - net/mlx5: Introduce ifc bits for pre_copy (Shay Drory) [Orabug: 35027279] - net/mlx5: Add the log_min_mkey_entity_size capability (Maxim Mikityanskiy) [Orabug: 35027279] - vfio/iova_bitmap: refactor iova_bitmap_set() to better handle page boundaries (Joao Martins) [Orabug: 35027279] - vfio/mlx5: Fix a typo in mlx5vf_cmd_load_vhca_state() (Yishai Hadas) [Orabug: 35027279] - vfio: Add an option to get migration data size (Yishai Hadas) [Orabug: 35027279] - vfio/mlx5: Switch to use module_pci_driver() macro (Shang XiaoJing) [Orabug: 35027279] - uek-rpm: core: Move few modules which are recently enabled to core. (Harshit Mogalapalli) [Orabug: 34774213] - tools arch x86: Sync the msr-index.h copy with the kernel sources (Arnaldo Carvalho de Melo) [Orabug: 34977257] - crypto: panic on PCT failure for dh and ecdh (Saeed Mirzamohammadi) [Orabug: 34971139] - uek-rpm: mod-extra: Move modules which are recently enabled to extras (Harshit Mogalapalli) [Orabug: 34774213] - Allow the ima keyring to trust all keys in the machine keyring (Eric Snowberg) [Orabug: 34873856] - Revert 'X.509: Parse Basic Constraints for CA' (Eric Snowberg) [Orabug: 34873856] - Revert 'KEYS: CA link restriction' (Eric Snowberg) [Orabug: 34873856] - Revert 'integrity: restrict INTEGRITY_KEYRING_MACHINE to restrict_link_by_ca' (Eric Snowberg) [Orabug: 34873856] - Revert 'integrity: change ima link restriction to trust the machine keyring' (Eric Snowberg) [Orabug: 34873856] - net/mlx5: Drain fw_reset when removing device (Shay Drory) [Orabug: 34816080] - net/mlx5e: CT: Fix setting flow_source for smfs ct tuples (Paul Blakey) [Orabug: 34816080] - net/mlx5e: CT: Fix support for GRE tuples (Paul Blakey) [Orabug: 34816080] - net/mlx5e: Remove HW-GRO from reported features (Gal Pressman) [Orabug: 34816080] - net/mlx5e: Properly block HW GRO when XDP is enabled (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Properly block LRO when XDP is enabled (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Block rx-gro-hw feature in switchdev mode (Aya Levin) [Orabug: 34816080] - net/mlx5e: Wrap mlx5e_trap_napi_poll into rcu_read_lock (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5: DR, Ignore modify TTL on RX if device doesn't support it (Yevgeny Kliteynik) [Orabug: 34816080] - net/mlx5: Initialize flow steering during driver probe (Shay Drory) [Orabug: 34816080] - mlxsw: Avoid warning during ip6gre device removal (Amit Cohen) [Orabug: 34816080] - net/mlx5: Fix matching on inner TTC (Mark Bloch) [Orabug: 34816080] - net/mlx5e: Avoid checking offload capability in post_parse action (Ariel Levkovich) [Orabug: 34816080] - net/mlx5e: TC, fix decap fallback to uplink when int port not supported (Ariel Levkovich) [Orabug: 34816080] - net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (Ariel Levkovich) [Orabug: 34816080] - net/mlx5e: Fix wrong source vport matching on tunnel rule (Ariel Levkovich) [Orabug: 34816080] - net: Handle l3mdev in ip_tunnel_init_flow (David Ahern) [Orabug: 34816080] - net/mlx5e: Fix build warning, detected write beyond size of field (Saeed Mahameed) [Orabug: 34816080] - net/mlx5e: HTB, remove unused function declaration (Saeed Mahameed) [Orabug: 34816080] - net/mlx5e: Statify function mlx5_cmd_trigger_completions (Tariq Toukan) [Orabug: 34816080] - net/mlx5e: Remove MLX5E_XDP_TX_DS_COUNT (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Permit XDP with non-linear legacy RQ (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Support multi buffer XDP_TX (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Unindent the else-block in mlx5e_xmit_xdp_buff (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Implement sending multi buffer XDP frames (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Don't prefill WQEs in XDP SQ in the multi buffer mode (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Remove assignment of inline_hdr.sz on XDP TX (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Move mlx5e_xdpi_fifo_push out of xmit_xdp_frame (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Store DMA address inside struct page (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Add XDP multi buffer support to the non-linear legacy RQ (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Use page-sized fragments with XDP multi buffer (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Use fragments of the same size in non-linear legacy RQ with XDP (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Prepare non-linear legacy RQ for XDP multi buffer support (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5: Remove unused fill page array API function (Tariq Toukan) [Orabug: 34816080] - net/mlx5: Remove unused exported contiguous coherent buffer allocation API (Tariq Toukan) [Orabug: 34816080] - net/mlx5: CT: Remove extra rhashtable remove on tuple entries (Paul Blakey) [Orabug: 34816080] - net/mlx5: DR, Remove hw_ste from mlx5dr_ste to reduce memory (Rongwei Liu) [Orabug: 34816080] - net/mlx5: DR, Remove 4 members from mlx5dr_ste_htbl to reduce memory (Rongwei Liu) [Orabug: 34816080] - net/mlx5: DR, Remove num_of_entries byte_size from struct mlx5_dr_icm_chunk (Rongwei Liu) [Orabug: 34816080] - net/mlx5: DR, Remove icm_addr from mlx5dr_icm_chunk to reduce memory (Rongwei Liu) [Orabug: 34816080] - net/mlx5: DR, Remove mr_addr rkey from struct mlx5dr_icm_chunk (Rongwei Liu) [Orabug: 34816080] - net/mlx5: DR, Adjust structure member to reduce memory hole (Rongwei Liu) [Orabug: 34816080] - net/mlx5e: Drop cqe_bcnt32 from mlx5e_skb_from_cqe_mpwrq_linear (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Drop the len output parameter from mlx5e_xdp_handle (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: RX, Test the XDP program existence out of the handler (Tariq Toukan) [Orabug: 34816080] - net/mlx5e: Build SKB in place over the first fragment in non-linear legacy RQ (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Add headroom only to the first fragment in legacy RQ (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Validate MTU when building non-linear legacy RQ fragments info (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: MPLSoUDP encap, support action vlan pop_eth explicitly (Maor Dickman) [Orabug: 34816080] - net/mlx5e: MPLSoUDP decap, use vlan push_eth instead of pedit (Maor Dickman) [Orabug: 34816080] - net/sched: add vlan push_eth and pop_eth action to the hardware IR (Maor Dickman) [Orabug: 34816080] - net: Add l3mdev index to flow struct and avoid oif reset for port devices (David Ahern) [Orabug: 34816080] - net/mlx5e: Fix use-after-free in mlx5e_stats_grp_sw_update_stats (Saeed Mahameed) [Orabug: 34816080] - net/mlx4_en: use kzalloc (Julia Lawall) [Orabug: 34816080] - net/mlx5: Parse module mapping using mlx5_ifc (Gal Pressman) [Orabug: 34816080] - net/mlx5: Query the maximum MCIA register read size from firmware (Gal Pressman) [Orabug: 34816080] - net/mlx5: CT: Create smfs dr matchers dynamically (Paul Blakey) [Orabug: 34816080] - net/mlx5: CT: Add software steering ct flow steering provider (Paul Blakey) [Orabug: 34816080] - net/mlx5: Add smfs lib to export direct steering API to CT (Paul Blakey) [Orabug: 34816080] - net/mlx5: DR, Add helper to get backing dr table from a mlx5 flow table (Paul Blakey) [Orabug: 34816080] - net/mlx5: CT: Introduce a platform for multiple flow steering providers (Paul Blakey) [Orabug: 34816080] - net/mlx5: Node-aware allocation for the doorbell pgdir (Tariq Toukan) [Orabug: 34816080] - net/mlx5: Node-aware allocation for UAR (Tariq Toukan) [Orabug: 34816080] - net/mlx5: Node-aware allocation for the EQs (Tariq Toukan) [Orabug: 34816080] - net/mlx5: Node-aware allocation for the EQ table (Tariq Toukan) [Orabug: 34816080] - net/mlx5: Node-aware allocation for the IRQ table (Tariq Toukan) [Orabug: 34816080] - net/mlx5: Delete useless module.h include (Leon Romanovsky) [Orabug: 34816080] - net/mlx4: Delete useless moduleparam include (Leon Romanovsky) [Orabug: 34816080] - net/mlx5: DR, Add support for ConnectX-7 steering (Yevgeny Kliteynik) [Orabug: 34816080] - net/mlx5: DR, Refactor ste_ctx handling for STE v0/1 (Yevgeny Kliteynik) [Orabug: 34816080] - net/mlx5: DR, Rename action modify fields to reflect naming in HW spec (Yevgeny Kliteynik) [Orabug: 34816080] - net/mlx5: DR, Fix handling of different actions on the same STE in STEv1 (Yevgeny Kliteynik) [Orabug: 34816080] - net/mlx5: DR, Remove unneeded comments (Yevgeny Kliteynik) [Orabug: 34816080] - net/mlx5: DR, Add support for matching on Internet Header Length (IHL) (Yevgeny Kliteynik) [Orabug: 34816080] - net/mlx5: DR, Align mlx5dv_dr API vport action with FW behavior (Shun Hao) [Orabug: 34816080] - net/mlx5: Add debugfs counters for page commands failures (Moshe Shemesh) [Orabug: 34816080] - net/mlx5: Add pages debugfs (Moshe Shemesh) [Orabug: 34816080] - net/mlx5: Move debugfs entries to separate struct (Moshe Shemesh) [Orabug: 34816080] - net/mlx5: Change release_all_pages cap bit location (Moshe Shemesh) [Orabug: 34816080] - net/mlx5: Remove redundant error on reclaim pages (Moshe Shemesh) [Orabug: 34816080] - net/mlx5: Remove redundant error on give pages (Moshe Shemesh) [Orabug: 34816080] - net/mlx5: Remove redundant notify fail on give pages (Moshe Shemesh) [Orabug: 34816080] - net/mlx5: Add command failures data to debugfs (Moshe Shemesh) [Orabug: 34816080] - net/mlx5e: TC, Fix use after free in mlx5e_clone_flow_attr_for_post_act() (Dan Carpenter) [Orabug: 34816080] - net/mlx5: Support GRE conntrack offload (Toshiaki Makita) [Orabug: 34816080] - mlxsw: Add support for IFLA_OFFLOAD_XSTATS_L3_STATS (Petr Machata) [Orabug: 34816080] - mlxsw: Extract classification of router-related events to a helper (Petr Machata) [Orabug: 34816080] - mlxsw: spectrum_router: Drop mlxsw_sp arg from counter alloc/free functions (Petr Machata) [Orabug: 34816080] - mlxsw: reg: Fix packing of router interface counters (Petr Machata) [Orabug: 34816080] - net: rtnetlink: Add UAPI toggle for IFLA_OFFLOAD_XSTATS_L3_STATS (Petr Machata) [Orabug: 34816080] - net: rtnetlink: Add RTM_SETSTATS (Petr Machata) [Orabug: 34816080] - net: rtnetlink: Add UAPI for obtaining L3 offload xstats (Petr Machata) [Orabug: 34816080] - net: dev: Add hardware stats support (Petr Machata) [Orabug: 34816080] - net: rtnetlink: Propagate extack to rtnl_offload_xstats_fill() (Petr Machata) [Orabug: 34816080] - net: rtnetlink: RTM_GETSTATS: Allow filtering inside nests (Petr Machata) [Orabug: 34816080] - net: rtnetlink: Stop assuming that IFLA_OFFLOAD_XSTATS_* are dev-backed (Petr Machata) [Orabug: 34816080] - net: rtnetlink: Namespace functions related to IFLA_OFFLOAD_XSTATS_* (Petr Machata) [Orabug: 34816080] - mlx5: add support for page_pool_get_stats (Joe Damato) [Orabug: 34816080] - flow_offload: reject offload for all drivers with invalid police parameters (Jianbo Liu) [Orabug: 34816080] - net: flow_offload: add tc police action parameters (Jianbo Liu) [Orabug: 34816080] - net/mlx5: Add clarification on sync reset failure (Moshe Shemesh) [Orabug: 34816080] - net/mlx5: Add reset_state field to MFRL register (Moshe Shemesh) [Orabug: 34816080] - net/mlx5: cmdif, Refactor error handling and reporting of async commands (Saeed Mahameed) [Orabug: 34816080] - net/mlx5: Use mlx5_cmd_do() in core create_{cq,dct} (Saeed Mahameed) [Orabug: 34816080] - net/mlx5: cmdif, Add new api for command execution (Saeed Mahameed) [Orabug: 34816080] - net/mlx5: cmdif, cmd_check refactoring (Saeed Mahameed) [Orabug: 34816080] - net/mlx5: cmdif, Return value improvements (Saeed Mahameed) [Orabug: 34816080] - net/mlx5: Lag, offload active-backup drops to hardware (Mark Bloch) [Orabug: 34816080] - net/mlx5: Lag, record inactive state of bond device (Mark Bloch) [Orabug: 34816080] - net/mlx5: Lag, don't use magic numbers for ports (Mark Bloch) [Orabug: 34816080] - net/mlx5: Lag, use local variable already defined to access E-Switch (Mark Bloch) [Orabug: 34816080] - net/mlx5: E-switch, add drop rule support to ingress ACL (Mark Bloch) [Orabug: 34816080] - net/mlx5: E-switch, remove special uplink ingress ACL handling (Mark Bloch) [Orabug: 34816080] - net/mlx5: E-Switch, reserve and use same uplink metadata across ports (Sunil Rani) [Orabug: 34816080] - net/mlx5: Add ability to insert to specific flow group (Mark Bloch) [Orabug: 34816080] - mlx5: remove unused static inlines (Jakub Kicinski) [Orabug: 34816080] - mlxsw: core: Add support for OSFP transceiver modules (Danielle Ratson) [Orabug: 34816080] - mlxsw: Remove resource query check (Ido Schimmel) [Orabug: 34816080] - mlxsw: core: Unify method of trap support validation (Vadim Pasternak) [Orabug: 34816080] - mlxsw: spectrum: Remove SP{1,2,3} defines for FW minor and subminor (Jiri Pirko) [Orabug: 34816080] - mlxsw: core: Remove unnecessary asserts (Vadim Pasternak) [Orabug: 34816080] - mlxsw: reg: Add 'mgpir_' prefix to MGPIR fields comments (Vadim Pasternak) [Orabug: 34816080] - mlxsw: core_thermal: Remove obsolete API for query resource (Vadim Pasternak) [Orabug: 34816080] - mlxsw: core_thermal: Rename labels according to naming convention (Vadim Pasternak) [Orabug: 34816080] - mlxsw: core_hwmon: Fix variable names for hwmon attributes (Vadim Pasternak) [Orabug: 34816080] - mlxsw: core_thermal: Avoid creation of virtual hwmon objects by thermal module (Vadim Pasternak) [Orabug: 34816080] - mlxsw: spectrum_span: Ignore VLAN entries not used by the bridge in mirroring (Ido Schimmel) [Orabug: 34816080] - mlxsw: core: Prevent trap group setting if driver does not support EMAD (Vadim Pasternak) [Orabug: 34816080] - mlxsw: spectrum: remove guards against !BRIDGE_VLAN_INFO_BRENTRY (Vladimir Oltean) [Orabug: 34816080] - net/mlx5e: TC, Allow sample action with CT (Roi Dayan) [Orabug: 34816080] - net/mlx5e: TC, Make post_act parse CT and sample actions (Roi Dayan) [Orabug: 34816080] - net/mlx5e: TC, Clean redundant counter flag from tc action parsers (Roi Dayan) [Orabug: 34816080] - net/mlx5e: Use multi table support for CT and sample actions (Roi Dayan) [Orabug: 34816080] - net/mlx5e: Create new flow attr for multi table actions (Roi Dayan) [Orabug: 34816080] - net/mlx5e: Add post act offload/unoffload API (Roi Dayan) [Orabug: 34816080] - net/mlx5e: Pass actions param to actions_match_supported() (Roi Dayan) [Orabug: 34816080] - net/mlx5e: TC, Move flow hashtable to be per rep (Paul Blakey) [Orabug: 34816080] - net/mlx5e: E-Switch, Add support for tx_port_ts in switchdev mode (Aya Levin) [Orabug: 34816080] - net/mlx5e: E-Switch, Add PTP counters for uplink representor (Aya Levin) [Orabug: 34816080] - net/mlx5e: RX, Restrict bulk size for small Striding RQs (Tariq Toukan) [Orabug: 34816080] - net/mlx5e: Default to Striding RQ when not conflicting with CQE compression (Tariq Toukan) [Orabug: 34816080] - net/mlx5e: Generalize packet merge error message (Tariq Toukan) [Orabug: 34816080] - net/mlx5e: Add support for using xdp->data_meta (Alex Liu) [Orabug: 34816080] - net/mlx5e: Fix spelling mistake 'supoported' -> 'supported' (Colin Ian King) [Orabug: 34816080] - net: rtnetlink: rtnl_stats_get(): Emit an extack for unset filter_mask (Petr Machata) [Orabug: 34816080] - net/mlx5e: Optimize the common case condition in mlx5e_select_queue (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Optimize modulo in mlx5e_select_queue (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Optimize mlx5e_select_queue (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Use READ_ONCE/WRITE_ONCE for DCBX trust state (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Move repeating code that gets TC prio into a function (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Use select queue parameters to sync with control flow (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Move mlx5e_select_queue to en/selq.c (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Introduce select queue parameters (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Sync txq2sq updates with mlx5e_xmit for HTB queues (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Use a barrier after updating txq2sq (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Cleanup of start/stop all queues (Maxim Mikityanskiy) [Orabug: 34816080] - net/mlx5e: Use FW limitation for max MPW WQEBBs (Aya Levin) [Orabug: 34816080] - net/mlx5e: Read max WQEBBs on the SQ from firmware (Aya Levin) [Orabug: 34816080] - net/mlx5e: Remove unused tstamp SQ field (Tariq Toukan) [Orabug: 34816080] - mlxsw: Support FLOW_ACTION_MANGLE for SIP and DIP IPv6 addresses (Danielle Ratson) [Orabug: 34816080] - mlxsw: Support FLOW_ACTION_MANGLE for SIP and DIP IPv4 addresses (Danielle Ratson) [Orabug: 34816080] - mlxsw: core_acl_flex_actions: Add SIP_DIP_ACTION (Danielle Ratson) [Orabug: 34816080] - mlxsw: spectrum_acl: Allocate default actions for internal TCAM regions (Ido Schimmel) [Orabug: 34816080] - mlxsw: spectrum: Guard against invalid local ports (Amit Cohen) [Orabug: 34816080] - mlxsw: core: Consolidate trap groups to a single event group (Jiri Pirko) [Orabug: 34816080] - mlxsw: core: Move functions to register/unregister array of traps to core.c (Jiri Pirko) [Orabug: 34816080] - mlxsw: core: Move basic trap group initialization from spectrum.c (Jiri Pirko) [Orabug: 34816080] - mlxsw: core: Move basic_trap_groups_set() call out of EMAD init code (Jiri Pirko) [Orabug: 34816080] - mlxsw: spectrum: Set basic trap groups from an array (Jiri Pirko) [Orabug: 34816080] - net/mlx5: VLAN push on RX, pop on TX (Dima Chumak) [Orabug: 34816080] - net/mlx5: Introduce software defined steering capabilities (Dima Chumak) [Orabug: 34816080] - net/mlx5: Remove unused TIR modify bitmask enums (Tariq Toukan) [Orabug: 34816080] - net/mlx5e: CT, Remove redundant flow args from tc ct calls (Roi Dayan) [Orabug: 34816080] - net/mlx5e: TC, Store mapped tunnel id on flow attr (Roi Dayan) [Orabug: 34816080] - net/mlx5e: Test CT and SAMPLE on flow attr (Roi Dayan) [Orabug: 34816080] - net/mlx5e: Refactor eswitch attr flags to just attr flags (Roi Dayan) [Orabug: 34816080] - net/mlx5e: CT, Don't set flow flag CT for ct clear flow (Roi Dayan) [Orabug: 34816080] - net/mlx5e: TC, Hold sample_attr on stack instead of pointer (Roi Dayan) [Orabug: 34816080] - net/mlx5e: TC, Reject rules with multiple CT actions (Roi Dayan) [Orabug: 34816080] - net/mlx5e: TC, Pass attr to tc_act can_offload() (Roi Dayan) [Orabug: 34816080] - net/mlx5e: TC, Split pedit offloads verify from alloc_tc_pedit_action() (Roi Dayan) [Orabug: 34816080] - net/mlx5e: TC, Move pedit_headers_action to parse_attr (Roi Dayan) [Orabug: 34816080] - net/mlx5e: Move counter creation call to alloc_flow_attr_counter() (Roi Dayan) [Orabug: 34816080] - net/mlx5e: Pass attr arg for attaching/detaching encaps (Roi Dayan) [Orabug: 34816080] - net/mlx5e: Move code chunk setting encap dests into its own function (Roi Dayan) [Orabug: 34816080] - mlxsw: spectrum_kvdl: Use struct_size() helper in kzalloc() (Gustavo A. R. Silva) [Orabug: 34816080] - mlxsw: core_env: Forbid module reset on RJ45 ports (Danielle Ratson) [Orabug: 34816080] - mlxsw: core_env: Forbid power mode set and get on RJ45 ports (Danielle Ratson) [Orabug: 34816080] - mlxsw: core_env: Forbid getting module EEPROM on RJ45 ports (Danielle Ratson) [Orabug: 34816080] - mlxsw: core_env: Query and store port module's type during initialization (Danielle Ratson) [Orabug: 34816080] - mlxsw: reg: Add Port Module Type Mapping register (Danielle Ratson) [Orabug: 34816080] - mlxsw: spectrum_ethtool: Add support for two new link modes (Danielle Ratson) [Orabug: 34816080] - mlxsw: Add netdev argument to mlxsw_env_get_module_info() (Danielle Ratson) [Orabug: 34816080] - mlxsw: core_env: Do not pass number of modules as argument (Ido Schimmel) [Orabug: 34816080] - mlxsw: spectrum_ethtool: Remove redundant variable (Ido Schimmel) [Orabug: 34816080] - bpf: introduce BPF_F_XDP_HAS_FRAGS flag in prog_flags loading the ebpf program (Lorenzo Bianconi) [Orabug: 34816080] - net: xdp: add xdp_update_skb_shared_info utility routine (Lorenzo Bianconi) [Orabug: 34816080] - xdp: introduce flags field in xdp_buff/xdp_frame (Lorenzo Bianconi) [Orabug: 34816080] - net: skbuff: add size metadata to skb_shared_info for xdp (Lorenzo Bianconi) [Orabug: 34816080] - flow_offload: allow user to offload tc action to net device (Baowen Zheng) [Orabug: 34816080] - flow_offload: add ops to tc_action_ops for flow action setup (Baowen Zheng) [Orabug: 34816080] - flow_offload: rename offload functions with offload instead of flow (Baowen Zheng) [Orabug: 34816080] - devlink: hold the instance lock during eswitch_mode callbacks (Jakub Kicinski) [Orabug: 34816080] - netdevsim: replace vfs_lock with devlink instance lock (Jakub Kicinski) [Orabug: 34816080] - netdevsim: fix uninit value in nsim_drv_configure_vfs() (Jakub Kicinski) [Orabug: 34816080] - netdevsim: replace port_list_lock with devlink instance lock (Jakub Kicinski) [Orabug: 34816080] - devlink: add explicitly locked flavor of the rate node APIs (Jakub Kicinski) [Orabug: 34816080] - bnxt: use the devlink instance lock to protect sriov (Jakub Kicinski) [Orabug: 34816080] - devlink: pass devlink_port to port_split / port_unsplit callbacks (Jakub Kicinski) [Orabug: 34816080] - devlink: hold the instance lock in port_split / port_unsplit callbacks (Jakub Kicinski) [Orabug: 34816080] - eth: mlxsw: switch to explicit locking for port registration (Jakub Kicinski) [Orabug: 34816080] - eth: nfp: replace driver's 'pf' lock with devlink instance lock (Jakub Kicinski) [Orabug: 34816080] - eth: nfp: wrap locking assertions in helpers (Jakub Kicinski) [Orabug: 34816080] - devlink: expose instance locking and add locked port registering (Jakub Kicinski) [Orabug: 34816080] - netdevsim: rename 'driver' entry points (Jakub Kicinski) [Orabug: 34816080] - netdevsim: move max vf config to dev (Jakub Kicinski) [Orabug: 34816080] - netdevsim: move details of vf config to dev (Jakub Kicinski) [Orabug: 34816080] - uek-rpm: Define CONFIG_MLX5_VFIO_PCI=m (Joao Martins) [Orabug: 34778256] - vfio/mlx5: Set VF as migratable (Yishai Hadas) [Orabug: 34778256] - net/mlx5: Introduce ifc bits for migratable (Yishai Hadas) [Orabug: 34778256] - vfio/iova_bitmap: Fix PAGE_SIZE unaligned bitmaps (Joao Martins) [Orabug: 34778256] - vfio/mlx5: Set the driver DMA logging callbacks (Yishai Hadas) [Orabug: 34778256] - vfio/mlx5: Manage error scenarios on tracker (Yishai Hadas) [Orabug: 34778256] - vfio/mlx5: Report dirty pages from tracker (Yishai Hadas) [Orabug: 34778256] - vfio/mlx5: Create and destroy page tracker object (Yishai Hadas) [Orabug: 34778256] - vfio/mlx5: Init QP based resources for dirty tracking (Yishai Hadas) [Orabug: 34778256] - vfio: Introduce the DMA logging feature support (Yishai Hadas) [Orabug: 34778256] - vfio: Add an IOVA bitmap support (Joao Martins) [Orabug: 34778256] - vfio: Introduce DMA logging uAPIs (Yishai Hadas) [Orabug: 34778256] - net/mlx5: Query ADV_VIRTUALIZATION capabilities (Yishai Hadas) [Orabug: 34778256] - net/mlx5: Introduce ifc bits for page tracker (Yishai Hadas) [Orabug: 34778256] - vfio: Move vfio.c to vfio_main.c (Jason Gunthorpe) [Orabug: 34778256] - net/mlx5: Use software VHCA id when it's supported (Yishai Hadas) [Orabug: 34778256] - net/mlx5: Introduce ifc bits for using software vhca id (Yishai Hadas) [Orabug: 34778256] - vfio: Split migration ops from main device ops (Yishai Hadas) [Orabug: 34778256] - vfio/mlx5: Protect mlx5vf_disable_fds() upon close device (Yishai Hadas) [Orabug: 34778256] - vfio/pci: Have all VFIO PCI drivers store the vfio_pci_core_device in drvdata (Jason Gunthorpe) [Orabug: 34778256] - vfio/mlx5: Run the SAVE state command in an async mode (Yishai Hadas) [Orabug: 34778256] - vfio/mlx5: Refactor to enable VFs migration in parallel (Yishai Hadas) [Orabug: 34778256] - vfio/mlx5: Manage the VF attach/detach callback from the PF (Yishai Hadas) [Orabug: 34778256] - net/mlx5: Expose mlx5_sriov_blocking_notifier_register / unregister APIs (Yishai Hadas) [Orabug: 34778256] - vfio/mlx5: Fix to not use 0 as NULL pointer (Yishai Hadas) [Orabug: 34778256] - vfio/mlx5: Use its own PCI reset_done error handler (Yishai Hadas) [Orabug: 34778256] - vfio/pci: Expose vfio_pci_core_aer_err_detected() (Yishai Hadas) [Orabug: 34778256] - vfio/mlx5: Implement vfio_pci driver for mlx5 devices (Yishai Hadas) [Orabug: 34778256] - vfio/mlx5: Expose migration commands over mlx5 device (Yishai Hadas) [Orabug: 34778256] - vfio: Remove migration protocol v1 documentation (Jason Gunthorpe) [Orabug: 34778256] - vfio: Extend the device migration protocol with RUNNING_P2P (Jason Gunthorpe) [Orabug: 34778256] - vfio: Define device migration protocol v2 (Jason Gunthorpe) [Orabug: 34778256] - vfio: Have the core code decode the VFIO_DEVICE_FEATURE ioctl (Jason Gunthorpe) [Orabug: 34778256] - net/mlx5: Add migration commands definitions (Yishai Hadas) [Orabug: 34778256] - net/mlx5: Introduce migration bits and structures (Yishai Hadas) [Orabug: 34778256] - net/mlx5: Expose APIs to get/put the mlx5 core device (Yishai Hadas) [Orabug: 34778256] - PCI/IOV: Add pci_iov_get_pf_drvdata() to allow VF reaching the drvdata of a PF (Jason Gunthorpe) [Orabug: 34778256] - net/mlx5: Disable SRIOV before PF removal (Yishai Hadas) [Orabug: 34778256] - net/mlx5: Reuse exported virtfn index function call (Leon Romanovsky) [Orabug: 34778256] - PCI/IOV: Add pci_iov_vf_id() to get VF index (Jason Gunthorpe) [Orabug: 34778256] - NFSv4.2: Fix up an invalid combination of memory allocation flags (Trond Myklebust) [Orabug: 34844640] - Add SecureBoot signing for aarch64 arch (Sherry Yang) [Orabug: 34845745] - uek-rpm: Fix 'make olddefconfig' BLAKE2S crypto warnings (Harshit Mogalapalli) [Orabug: 34644522] - RHCK 9.1 builtin option change to module for UEK7u1 (Vijayendra Suman) [Orabug: 34687867] - uek-rpm: Disable few config options that we enabled previously. (Harshit Mogalapalli) [Orabug: 34803318] - qlogic: qed: fix clang -Wformat warnings (Justin Stitt) [Orabug: 34789504] - qed: Use bitmap_empty() (Christophe JAILLET) [Orabug: 34789504] - qed: Use the bitmap API to allocate bitmaps (Christophe JAILLET) [Orabug: 34789504] - qlogic/qed: fix repeated words in comments (Jilin Yuan) [Orabug: 34789504] - qed: fix typos in comments (Julia Lawall) [Orabug: 34789504] - net: qed: fix typos in comments (Julia Lawall) [Orabug: 34789504] - RDMA/qedr: Remove unnecessary synchronize_irq() before free_irq() (Minghao Chi) [Orabug: 34789504] - qed: Remove unnecessary synchronize_irq() before free_irq() (Minghao Chi) [Orabug: 34789504] - qed: replace bitmap_weight with bitmap_empty in qed_roce_stop() (Yury Norov) [Orabug: 34789504] - qed: rework qed_rdma_bmap_free() (Yury Norov) [Orabug: 34789504] - qede: Reduce verbosity of ptp tx timestamp (Prabhakar Kushwaha) [Orabug: 34789504] - qed: Remove IP services API. (Guillaume Nault) [Orabug: 34789504] - qed: remove an unneed NULL check on list iterator (Xiaomeng Tong) [Orabug: 34789504] - qed: fix ethtool register dump (Manish Chopra) [Orabug: 34789504] - qed: remove unnecessary memset in qed_init_fw_funcs (Wan Jiabing) [Orabug: 34789504] - qed: prevent a fw assert during device shutdown (Venkata Sudheer Kumar Bhavaraju) [Orabug: 34789504] - qed: use msleep() in qed_mcp_cmd() and add qed_mcp_cmd_nosleep() for udelay. (Venkata Sudheer Kumar Bhavaraju) [Orabug: 34789504] - qed: Use dma_set_mask_and_coherent() and simplify code (Christophe JAILLET) [Orabug: 34789504] - qed*: esl priv flag support through ethtool (Manish Chopra) [Orabug: 34789504] - qed*: enhance tx timeout debug info (Manish Chopra) [Orabug: 34789504] - qed: Enhance rammod debug prints to provide pretty details (Prabhakar Kushwaha) [Orabug: 34789504] - net: qed: fix the array may be out of bound (zhangyue) [Orabug: 34789504] - qed: Use the bitmap API to simplify some functions (Christophe JAILLET) [Orabug: 34789504] - RDMA/qed: Use helper function to set GUIDs (Kamal Heib) [Orabug: 34789504] - net: qed_dev: fix check of true !rc expression (Jean Sacren) [Orabug: 34789504] - net: qed_ptp: fix check of true !rc expression (Jean Sacren) [Orabug: 34789504] - RDMA/qedr: Remove unsupported qedr_resize_cq callback (Kamal Heib) [Orabug: 34789504] - qed: Change the TCP common variable - 'iscsi_ooo' (Shai Malin) [Orabug: 34789504] - qed: Optimize the ll2 ooo flow (Shai Malin) [Orabug: 34789504] - net: qed_debug: fix check of false (grc_param < 0) expression (Jean Sacren) [Orabug: 34789504] - qed: Fix compilation for CONFIG_QED_SRIOV undefined scenario (Prabhakar Kushwaha) [Orabug: 34789504] - qed: Initialize debug string array (Tim Gardner) [Orabug: 34789504] - qed: Fix spelling mistake 'ctx_bsaed' -> 'ctx_based' (Colin Ian King) [Orabug: 34789504] - qed: fix ll2 establishment during load of RDMA driver (Manish Chopra) [Orabug: 34789504] - qed: Update the TCP active termination 2 MSL timer ('TIME_WAIT') (Prabhakar Kushwaha) [Orabug: 34789504] - qed: Update TCP silly-window-syndrome timeout for iwarp, scsi (Nikolay Assa) [Orabug: 34789504] - qed: Update debug related changes (Prabhakar Kushwaha) [Orabug: 34789504] - qed: Add '_GTT' suffix to the IRO RAM macros (Prabhakar Kushwaha) [Orabug: 34789504] - qed: Update FW init functions to support FW 8.59.1.0 (Omkar Kulkarni) [Orabug: 34789504] - qed: Use enum as per FW 8.59.1.0 in qed_iro_hsi.h (Prabhakar Kushwaha) [Orabug: 34789504] - qed: Update qed_hsi.h for fw 8.59.1.0 (Prabhakar Kushwaha) [Orabug: 34789504] - qed: Update qed_mfw_hsi.h for FW ver 8.59.1.0 (Prabhakar Kushwaha) [Orabug: 34789504] - qed: Update common_hsi for FW ver 8.59.1.0 (Prabhakar Kushwaha) [Orabug: 34789504] - qed: Split huge qed_hsi.h header file (Omkar Kulkarni) [Orabug: 34789504] - qed: Remove e4_ and _e4 from FW HSI (Shai Malin) [Orabug: 34789504] - pmem: fix a name collision (Jane Chu) [Orabug: 34670103] - pmem: implement pmem_recovery_write() (Jane Chu) [Orabug: 34670103] - pmem: refactor pmem_clear_poison() (Jane Chu) [Orabug: 34670103] - dax: add .recovery_write dax_operation (Jane Chu) [Orabug: 34670103] - dax: introduce DAX_RECOVERY_WRITE dax access mode (Jane Chu) [Orabug: 34670103] - dm-linear: add a linear_dax_pgoff helpe (Jane Chu) [Orabug: 34670103] - dm-log-writes: add a log_writes_dax_pgoff helper (Jane Chu) [Orabug: 34670103] - dm-stripe: add a stripe_dax_pgoff helper (Jane Chu) [Orabug: 34670103] - mce: fix set_mce_nospec to always unmap the whole page (Jane Chu) [Orabug: 34670103] - x86/mce: relocate set{clear}_mce_nospec() functions (Jane Chu) [Orabug: 34670103] - acpi/nfit: rely on mce->misc to determine poison granularity (Jane Chu) [Orabug: 34670103] - crypto: seqiv - flag instantiations as FIPS compliant (Vladis Dronov) [Orabug: 34711430] - crypto: rsa - flag instantiations as FIPS compliant (Saeed Mirzamohammadi) [Orabug: 34711430] - crypto: ecdh - implement FIPS PCT (Nicolai Stange) [Orabug: 34711430] - crypto: dh - implement FIPS PCT (Nicolai Stange) [Orabug: 34711430] - crypto: dh - calculate Q from P for the full public key verification (Nicolai Stange) [Orabug: 34711430] - lib/mpi: export mpi_rshift (Nicolai Stange) [Orabug: 34711430] - crypto: dh - allow for passing NULL to the ffdheXYZ(dh)s' ->set_secret() (Nicolai Stange) [Orabug: 34711430] - crypto: testmgr - add keygen tests for ffdheXYZ(dh) templates (Nicolai Stange) [Orabug: 34711430] - crypto: dh - implement private key generation primitive for ffdheXYZ(dh) (Nicolai Stange) [Orabug: 34711430] - crypto: testmgr - add known answer tests for ffdheXYZ(dh) templates (Nicolai Stange) [Orabug: 34711430] - crypto: dh - implement ffdheXYZ(dh) templates (Nicolai Stange) [Orabug: 34711430] - crypto: dh - introduce common code for built-in safe-prime group support (Nicolai Stange) [Orabug: 34711430] - crypto: dh - split out deserialization code from crypto_dh_decode() (Nicolai Stange) [Orabug: 34711430] - crypto: dh - constify struct dh's pointer members (Nicolai Stange) [Orabug: 34711430] - crypto: dh - remove struct dh's ->q member (Nicolai Stange) [Orabug: 34711430] - crypto: kpp - provide support for KPP spawns (Nicolai Stange) [Orabug: 34711430] - crypto: kpp - provide support for KPP template instances (Nicolai Stange) [Orabug: 34711430] - crypto: xts - restrict key lengths to approved values in FIPS mode (Nicolai Stange) [Orabug: 34711430] - crypto: hmac - disallow keys < 112 bits in FIPS mode (Stephan Muller) [Orabug: 34711430] - crypto: dh - limit key size to 2048 in FIPS mode (Stephan Muller) [Orabug: 34711430] - crypto: rsa - limit key size to 2048 in FIPS mode (Stephan Muller) [Orabug: 34711430] - crypto: HMAC - add fips_skip support (Stephan Muller) [Orabug: 34711430] - crypto: disallow drbg with sha384 hash in FIPS mode (Saeed Mirzamohammadi) [Orabug: 34711430] - crypto: des - disallow des3 in FIPS mode (Stephan Muller) [Orabug: 34711430] - crypto: dh - disallow plain 'dh' usage in FIPS mode (Nicolai Stange) [Orabug: 34711430] - crypto: ecdh - disallow plain 'ecdh' usage in FIPS mode (Saeed Mirzamohammadi) [Orabug: 34711430] - crypto: testmgr - disallow plain cbcmac(aes) and ghash in FIPS mode (Saeed Mirzamohammadi) [Orabug: 34711430] - crypto: api - allow algs only in specific constructions in FIPS mode (Nicolai Stange) [Orabug: 34711430] - NFSv4.2: Fix missing removal of SLAB_ACCOUNT on kmem_cache allocation (Muchun Song) [Orabug: 34717841] - slab: remove __alloc_size attribute from __kmalloc_track_caller (Greg Kroah-Hartman) [Orabug: 34717841] - mm: memcontrol: rename memcg_cache_id to memcg_kmem_id (Muchun Song) [Orabug: 34717841] - mm: list_lru: rename list_lru_per_memcg to list_lru_memcg (Muchun Song) [Orabug: 34717841] - mm: memcontrol: fix cannot alloc the maximum memcg ID (Muchun Song) [Orabug: 34717841] - mm: memcontrol: reuse memory cgroup ID for kmem ID (Muchun Song) [Orabug: 34717841] - mm: list_lru: replace linear array with xarray (Muchun Song) [Orabug: 34717841] - mm: list_lru: rename memcg_drain_all_list_lrus to memcg_reparent_list_lrus (Muchun Song) [Orabug: 34717841] - mm: list_lru: allocate list_lru_one only when needed (Muchun Song) [Orabug: 34717841] - mm: memcontrol: move memcg_online_kmem() to mem_cgroup_css_online() (Muchun Song) [Orabug: 34717841] - xarray: use kmem_cache_alloc_lru to allocate xa_node (Muchun Song) [Orabug: 34717841] - mm: dcache: use kmem_cache_alloc_lru() to allocate dentry (Muchun Song) [Orabug: 34717841] - f2fs: allocate inode by using alloc_inode_sb() (Muchun Song) [Orabug: 34717841] - fs: allocate inode by using alloc_inode_sb() (Muchun Song) [Orabug: 34717841] - fs: introduce alloc_inode_sb() to allocate filesystems specific inode (Muchun Song) [Orabug: 34717841] - mm: introduce kmem_cache_alloc_lru (Muchun Song) [Orabug: 34717841] - mm: list_lru: transpose the array of per-node per-memcg lru lists (Muchun Song) [Orabug: 34717841] - mm: list_lru: only add memcg-aware lrus to the global lru list (Muchun Song) [Orabug: 34717841] - mm: list_lru: fix the return value of list_lru_count_one() (Muchun Song) [Orabug: 34717841] - mm: list_lru: remove holding lru lock (Muchun Song) [Orabug: 34717841] - mm: memcontrol: remove the kmem states (Muchun Song) [Orabug: 34717841] - mm: memcontrol: remove kmemcg_id reparenting (Muchun Song) [Orabug: 34717841] - mm/memcg: remove obsolete memcg_free_kmem() (Waiman Long) [Orabug: 34717841] - memcg, kmem: further deprecate kmem.limit_in_bytes (Shakeel Butt) [Orabug: 34717841] - mm/list_lru.c: prefer struct_size over open coded arithmetic (Len Baker) [Orabug: 34717841] - slab: add __alloc_size attributes for better bounds checking (Kees Cook) [Orabug: 34717841] - slab: clean up function prototypes (Kees Cook) [Orabug: 34717841] - net/mlx5e: SHAMPO, reduce TIR indication (Ben Ben-Ishay) [Orabug: 34481188] - net/mlx5: Fix offloading with ESWITCH_IPV4_TTL_MODIFY_ENABLE (Dima Chumak) [Orabug: 34481188] - net/mlx5e: Fix VF min/max rate parameters interchange mistake (Gal Pressman) [Orabug: 34481188] - net/mlx5e: Add missing increment of count (Lama Kayal) [Orabug: 34481188] - net/mlx5e: Fix MPLSoUDP encap to use MPLS action information (Maor Dickman) [Orabug: 34481188] - net/mlx5e: Add feature check for set fec counters (Lama Kayal) [Orabug: 34481188] - net/mlx5e: TC, Skip redundant ct clear actions (Roi Dayan) [Orabug: 34481188] - net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte (Yevgeny Kliteynik) [Orabug: 34481188] - net/mlx5e: Avoid field-overflowing memcpy() (Kees Cook) [Orabug: 34481188] - net/mlx5e: Use struct_group() for memcpy() region (Kees Cook) [Orabug: 34481188] - net/mlx5e: Avoid implicit modify hdr for decap drop rule (Roi Dayan) [Orabug: 34481188] - net/mlx5e: Fix broken SKB allocation in HW-GRO (Khalid Manaa) [Orabug: 34481188] - net/mlx5e: Fix wrong calculation of header index in HW_GRO (Khalid Manaa) [Orabug: 34481188] - net/mlx5e: TC, Reject rules with forward and drop actions (Roi Dayan) [Orabug: 34481188] - net/mlx5e: TC, Reject rules with drop and modify hdr action (Roi Dayan) [Orabug: 34481188] - net/mlx5e: Fix build error in fec_set_block_stats() (Jakub Kicinski) [Orabug: 34481188] - mlxsw: spectrum: Extend to support Spectrum-4 ASIC (Amit Cohen) [Orabug: 34481188] - mlxsw: spectrum_acl_bloom_filter: Add support for Spectrum-4 calculation (Amit Cohen) [Orabug: 34481188] - mlxsw: Add operations structure for bloom filter calculation (Amit Cohen) [Orabug: 34481188] - mlxsw: spectrum_acl_bloom_filter: Rename Spectrum-2 specific objects for future use (Amit Cohen) [Orabug: 34481188] - mlxsw: spectrum_acl_bloom_filter: Make mlxsw_sp_acl_bf_key_encode() more flexible (Amit Cohen) [Orabug: 34481188] - mlxsw: spectrum_acl_bloom_filter: Reorder functions to make the code more aesthetic (Amit Cohen) [Orabug: 34481188] - mlxsw: Introduce flex key elements for Spectrum-4 (Amit Cohen) [Orabug: 34481188] - mlxsw: Rename virtual router flex key element (Amit Cohen) [Orabug: 34481188] - net/mlx5e: Fix nullptr on deleting mirroring rule (Dima Chumak) [Orabug: 34481188] - net/mlx5e: Add recovery flow in case of error CQE (Gal Pressman) [Orabug: 34481188] - net/mlx5e: TC, Remove redundant error logging (Roi Dayan) [Orabug: 34481188] - net/mlx5e: Refactor set_pflag_cqe_based_moder (Saeed Mahameed) [Orabug: 34481188] - net/mlx5e: Move HW-GRO and CQE compression check to fix features flow (Gal Pressman) [Orabug: 34481188] - net/mlx5e: Fix feature check per profile (Aya Levin) [Orabug: 34481188] - net/mlx5e: Expose FEC counters via ethtool (Lama Kayal) [Orabug: 34481188] - net/mlx5: SF, Use all available cpu for setting cpu affinity (Shay Drory) [Orabug: 34481188] - net/mlx5: Introduce API for bulk request and release of IRQs (Shay Drory) [Orabug: 34481188] - net/mlx5: Split irq_pool_affinity logic to new file (Shay Drory) [Orabug: 34481188] - net/mlx5: Move affinity assignment into irq_request (Shay Drory) [Orabug: 34481188] - net/mlx5: Introduce control IRQ request API (Shay Drory) [Orabug: 34481188] - net/mlx5: mlx5e_hv_vhca_stats_create return type to void (Saeed Mahameed) [Orabug: 34481188] - net: fixup build after bpf header changes (Jakub Kicinski) [Orabug: 34481188] - net/mlx5: CT: Set flow source hint from provided tuple device (Paul Blakey) [Orabug: 34481188] - net/mlx5: Set SMFS as a default steering mode if device supports it (Yevgeny Kliteynik) [Orabug: 34481188] - net/mlx5: DR, Ignore modify TTL if device doesn't support it (Yevgeny Kliteynik) [Orabug: 34481188] - net/mlx5: DR, Improve steering for empty or RX/TX-only matchers (Yevgeny Kliteynik) [Orabug: 34481188] - net/mlx5: DR, Add support for matching on geneve_tlv_option_0_exist field (Yevgeny Kliteynik) [Orabug: 34481188] - net/mlx5: DR, Support matching on tunnel headers 0 and 1 (Muhammad Sammar) [Orabug: 34481188] - net/mlx5: DR, Add misc5 to match_param structs (Muhammad Sammar) [Orabug: 34481188] - net/mlx5: Add misc5 flow table match parameters (Muhammad Sammar) [Orabug: 34481188] - net/mlx5: DR, Warn on failure to destroy objects due to refcount (Yevgeny Kliteynik) [Orabug: 34481188] - net/mlx5: DR, Add support for UPLINK destination type (Yevgeny Kliteynik) [Orabug: 34481188] - net/mlx5: DR, Add support for dumping steering info (Muhammad Sammar) [Orabug: 34481188] - net/mlx5: DR, Add missing reserved fields to dr_match_param (Muhammad Sammar) [Orabug: 34481188] - net/mlx5: DR, Add check for flex parser ID value (Yevgeny Kliteynik) [Orabug: 34481188] - net/mlx5: DR, Remove unused struct member in matcher (Yevgeny Kliteynik) [Orabug: 34481188] - net/mlx5: DR, Fix lower case macro prefix 'mlx5_' to 'MLX5_' (Yevgeny Kliteynik) [Orabug: 34481188] - net/mlx5: DR, Fix error flow in creating matcher (Yevgeny Kliteynik) [Orabug: 34481188] - mlxsw: spectrum_flower: Make vlan_id limitation more specific (Amit Cohen) [Orabug: 34481188] - net/mlx5e: Use auxiliary_device driver data helpers (David E. Box) [Orabug: 34481188] - driver core: auxiliary bus: Add driver data helpers (David E. Box) [Orabug: 34481188] - net/mlx5e: Take packet_merge params directly from the RX res struct (Tariq Toukan) [Orabug: 34481188] - net/mlx5e: Allocate per-channel stats dynamically at first usage (Lama Kayal) [Orabug: 34481188] - net/mlx5e: Use dynamic per-channel allocations in stats (Tariq Toukan) [Orabug: 34481188] - net/mlx5e: Allow profile-specific limitation on max num of channels (Tariq Toukan) [Orabug: 34481188] - net/mlx5e: Save memory by using dynamic allocation in netdev priv (Tariq Toukan) [Orabug: 34481188] - net/mlx5e: Add profile indications for PTP and QOS HTB features (Tariq Toukan) [Orabug: 34481188] - net/mlx5e: Use bitmap field for profile features (Tariq Toukan) [Orabug: 34481188] - net/mlx5: Remove the repeated declaration (Shaokun Zhang) [Orabug: 34481188] - net/mlx5: Let user configure max_macs generic param (Shay Drory) [Orabug: 34481188] - net/mlx5: Let user configure event_eq_size param (Shay Drory) [Orabug: 34481188] - devlink: Add new 'event_eq_size' generic device param (Shay Drory) [Orabug: 34481188] - net/mlx5: Let user configure io_eq_size param (Shay Drory) [Orabug: 34481188] - devlink: Add new 'io_eq_size' generic device param (Shay Drory) [Orabug: 34481188] - mlxsw: core: Extend devlink health reporter with new events and parameters (Danielle Ratson) [Orabug: 34481188] - mlxsw: reg: Extend MFDE register with new events and parameters (Danielle Ratson) [Orabug: 34481188] - mlxsw: core: Convert a series of if statements to switch case (Danielle Ratson) [Orabug: 34481188] - mlxsw: Fix naming convention of MFDE fields (Danielle Ratson) [Orabug: 34481188] - flow_offload: add index to flow_action_entry structure (Baowen Zheng) [Orabug: 34481188] - flow_offload: reject to offload tc actions in offload drivers (Baowen Zheng) [Orabug: 34481188] - net/mlx5: Introduce log_max_current_uc_list_wr_supported bit (Shay Drory) [Orabug: 34481188] - mlxsw: Add support for VxLAN with IPv6 underlay (Amit Cohen) [Orabug: 34481188] - mlxsw: spectrum_nve: Keep track of IPv6 addresses used by FDB entries (Amit Cohen) [Orabug: 34481188] - mlxsw: reg: Add a function to fill IPv6 unicast FDB entries (Amit Cohen) [Orabug: 34481188] - mlxsw: Split handling of FDB tunnel entries between address families (Amit Cohen) [Orabug: 34481188] - mlxsw: spectrum_nve_vxlan: Make VxLAN flags check per address family (Amit Cohen) [Orabug: 34481188] - mlxsw: spectrum_ipip: Use common hash table for IPv6 address mapping (Amit Cohen) [Orabug: 34481188] - mlxsw: spectrum: Add hash table for IPv6 address mapping (Amit Cohen) [Orabug: 34481188] - net/mlx5e: Move goto action checks into tc_action goto post parse op (Roi Dayan) [Orabug: 34481188] - net/mlx5e: Move vlan action chunk into tc action vlan post parse op (Roi Dayan) [Orabug: 34481188] - net/mlx5e: Add post_parse() op to tc action infrastructure (Roi Dayan) [Orabug: 34481188] - net/mlx5e: Move sample attr allocation to tc_action sample parse op (Roi Dayan) [Orabug: 34481188] - net/mlx5e: TC action parsing loop (Roi Dayan) [Orabug: 34481188] - net/mlx5e: Add redirect ingress to tc action infra (Roi Dayan) [Orabug: 34481188] - net/mlx5e: Add sample and ptype to tc_action infra (Roi Dayan) [Orabug: 34481188] - net/mlx5e: Add ct to tc action infra (Roi Dayan) [Orabug: 34481188] - net/mlx5e: Add mirred/redirect to tc action infra (Roi Dayan) [Orabug: 34481188] - net/mlx5e: Add mpls push/pop to tc action infra (Roi Dayan) [Orabug: 34481188] - net/mlx5e: Add vlan push/pop/mangle to tc action infra (Roi Dayan) [Orabug: 34481188] - net/mlx5e: Add pedit to tc action infra (Roi Dayan) [Orabug: 34481188] - net/mlx5e: Add csum to tc action infra (Roi Dayan) [Orabug: 34481188] - net/mlx5e: Add tunnel encap/decap to tc action infra (Roi Dayan) [Orabug: 34481188] - net/mlx5e: Add goto to tc action infra (Roi Dayan) [Orabug: 34481188] - net/mlx5e: Add tc action infrastructure (Roi Dayan) [Orabug: 34481188] - net_tstamp: add new flag HWTSTAMP_FLAG_BONDED_PHC_INDEX (Hangbin Liu) [Orabug: 34481188] - net/mlx5: Create more priorities for FDB bypass namespace (Maor Gottlieb) [Orabug: 34481188] - net/mlx5: Refactor mlx5_get_flow_namespace (Maor Gottlieb) [Orabug: 34481188] - net/mlx5: Separate FDB namespace (Maor Gottlieb) [Orabug: 34481188] - bpf: Let bpf_warn_invalid_xdp_action() report more info (Paolo Abeni) [Orabug: 34481188] - net/mlx4: Use irq_update_affinity_hint() (Nitesh Narayan Lal) [Orabug: 34481188] - net/mlx5: Use irq_set_affinity_and_hint() (Nitesh Narayan Lal) [Orabug: 34481188] - genirq: Provide new interfaces for affinity hints (Thomas Gleixner) [Orabug: 34481188] - net/mlx5: Dynamically resize flow counters query buffer (Avihai Horon) [Orabug: 34481188] - net/mlx5e: TC, Set flow attr ip_version earlier (Roi Dayan) [Orabug: 34481188] - net/mlx5e: TC, Move common flow_action checks into function (Roi Dayan) [Orabug: 34481188] - net/mlx5e: Remove redundant actions arg from vlan push/pop funcs (Roi Dayan) [Orabug: 34481188] - net/mlx5e: Remove redundant actions arg from validate_goto_chain() (Roi Dayan) [Orabug: 34481188] - net/mlx5e: TC, Remove redundant action stack var (Roi Dayan) [Orabug: 34481188] - net/mlx5e: Hide function mlx5e_num_channels_changed (Tariq Toukan) [Orabug: 34481188] - net/mlx5e: SHAMPO, clean MLX5E_MAX_KLM_PER_WQE macro (Ben Ben-Ishay) [Orabug: 34481188] - net/mlx5: SF, silence an uninitialized variable warning (Dan Carpenter) [Orabug: 34481188] - net/mlx5: Fix error return code in esw_qos_create() (Wei Yongjun) [Orabug: 34481188] - mlx5: fix mlx5i_grp_sw_update_stats() stack usage (Arnd Bergmann) [Orabug: 34481188] - mlx5: fix psample_sample_packet link error (Arnd Bergmann) [Orabug: 34481188] - mlxsw: Use Switch Multicast ID Register Version 2 (Amit Cohen) [Orabug: 34481188] - mlxsw: Use Switch Flooding Table Register Version 2 (Amit Cohen) [Orabug: 34481188] - mlxsw: Add support for more than 256 ports in SBSR register (Amit Cohen) [Orabug: 34481188] - mlxsw: Use u16 for local_port field instead of u8 (Amit Cohen) [Orabug: 34481188] - mlxsw: reg: Adjust PPCNT register to support local port 255 (Amit Cohen) [Orabug: 34481188] - mlxsw: reg: Increase 'port_num' field in PMTDB register (Amit Cohen) [Orabug: 34481188] - mlxsw: reg: Align existing registers to use extended local_port field (Amit Cohen) [Orabug: 34481188] - mlxsw: item: Add support for local_port field in a split form (Amit Cohen) [Orabug: 34481188] - mlxsw: reg: Remove unused functions (Amit Cohen) [Orabug: 34481188] - mlxsw: spectrum: Bump minimum FW version to xx.2010.1006 (Amit Cohen) [Orabug: 34481188] - devlink: Simplify devlink resources unregister call (Leon Romanovsky) [Orabug: 34481188] - mlxsw: spectrum_router: Remove deadcode in mlxsw_sp_rif_mac_profile_find (Danielle Ratson) [Orabug: 34481188] - devlink: Add 'enable_iwarp' generic device param (Shiraz Saleem) [Orabug: 34481188] - mlxsw: constify address in mlxsw_sp_port_dev_addr_set (Jakub Kicinski) [Orabug: 34481188] - stmmac: fix build due to brainos in trans_start changes (Alexander Lobakin) [Orabug: 34481188] - net: annotate accesses to queue->trans_start (Eric Dumazet) [Orabug: 34481188] - net/mlx5: E-switch, Create QoS on demand (Dmytro Linkin) [Orabug: 34481188] - net/mlx5: E-switch, Enable vport QoS on demand (Dmytro Linkin) [Orabug: 34481188] - net/mlx5: E-switch, move offloads mode callbacks to offloads file (Parav Pandit) [Orabug: 34481188] - net/mlx5: E-switch, Reuse mlx5_eswitch_set_vport_mac (Parav Pandit) [Orabug: 34481188] - net/mlx5: E-switch, Remove vport enabled check (Parav Pandit) [Orabug: 34481188] - net/mlx5e: Specify out ifindex when looking up decap route (Chris Mi) [Orabug: 34481188] - net/mlx5e: TC, Move comment about mod header flag to correct place (Roi Dayan) [Orabug: 34481188] - net/mlx5e: TC, Move kfree() calls after destroying all resources (Roi Dayan) [Orabug: 34481188] - net/mlx5e: TC, Destroy nic flow counter if exists (Roi Dayan) [Orabug: 34481188] - net/mlx5: TC, using swap() instead of tmp variable (Yihao Han) [Orabug: 34481188] - net/mlx5: CT: Allow static allocation of mod headers (Paul Blakey) [Orabug: 34481188] - net/mlx5e: Refactor mod header management API (Paul Blakey) [Orabug: 34481188] - net/mlx5: Avoid printing health buffer when firmware is unavailable (Aya Levin) [Orabug: 34481188] - net/mlx5: Fix format-security build warnings (Saeed Mahameed) [Orabug: 34481188] - net/mlx5e: Support ethtool cq mode (Saeed Mahameed) [Orabug: 34481188] - netdevsim: move vfconfig to nsim_dev (Jakub Kicinski) [Orabug: 34481188] - netdevsim: take rtnl_lock when assigning num_vfs (Jakub Kicinski) [Orabug: 34481188] - netdevsim: remove max_vfs dentry (Jakub Kicinski) [Orabug: 34481188] - virtio_net: introduce TX timeout watchdog (Tony Lu) [Orabug: 34481188] - net/mlx5e: TC, Fix memory leak with rules with internal port (Roi Dayan) [Orabug: 34481188] - net/mlx5: Fix some error handling paths in 'mlx5e_tc_add_fdb_flow()' (Christophe JAILLET) [Orabug: 34481188] - net/mlx5e: Fix skb memory leak when TC classifier action offloads are disabled (Gal Pressman) [Orabug: 34481188] - net/mlx5: Fix tc max supported prio for nic mode (Chris Mi) [Orabug: 34481188] - net/mlx5: Use first online CPU instead of hard coded CPU (Shay Drory) [Orabug: 34481188] - net/mlx5: DR, Fix querying eswitch manager vport for ECPF (Yevgeny Kliteynik) [Orabug: 34481188] - mlxsw: spectrum_router: Consolidate MAC profiles when possible (Danielle Ratson) [Orabug: 34481188] - net/mlx5e: SHAMPO, Fix constant expression result (Ben Ben-Ishay) [Orabug: 34481188] - net/mlx5: Fix access to a non-supported register (Aya Levin) [Orabug: 34481188] - net/mlx5: Fix too early queueing of log timestamp work (Gal Pressman) [Orabug: 34481188] - net/mlx5: Fix use after free in mlx5_health_wait_pci_up (Amir Tzin) [Orabug: 34481188] - net/mlx5: E-Switch, Use indirect table only if all destinations support it (Maor Dickman) [Orabug: 34481188] - net/mlx5: Lag, Fix recreation of VF LAG (Maor Gottlieb) [Orabug: 34481188] - mlxsw: spectrum: Allow driver to load with old firmware versions (Danielle Ratson) [Orabug: 34481188] - RDMA/nldev: Check stat attribute before accessing it (Leon Romanovsky) [Orabug: 34481188] - net/mlx5: Fix flow counters SF bulk query len (Avihai Horon) [Orabug: 34481188] - net/mlx5: DR, Fix check for unsupported fields in match param (Yevgeny Kliteynik) [Orabug: 34481188] - net/mlx5: DR, Handle eswitch manager and uplink vports separately (Yevgeny Kliteynik) [Orabug: 34481188] - net/mlx5: Lag, fix a potential Oops with mlx5_lag_create_definer() (Dan Carpenter) [Orabug: 34481188] - net/mlx5: Support internal port as decap route device (Ariel Levkovich) [Orabug: 34481188] - net/mlx5e: Term table handling of internal port rules (Ariel Levkovich) [Orabug: 34481188] - net/mlx5e: Add indirect tc offload of ovs internal port (Ariel Levkovich) [Orabug: 34481188] - net/mlx5e: Offload internal port as encap route device (Ariel Levkovich) [Orabug: 34481188] - net/mlx5e: Offload tc rules that redirect to ovs internal port (Ariel Levkovich) [Orabug: 34481188] - net/mlx5e: Accept action skbedit in the tc actions list (Ariel Levkovich) [Orabug: 34481188] - net/mlx5: E-Switch, Add ovs internal port mapping to metadata support (Ariel Levkovich) [Orabug: 34481188] - net/mlx5e: Use generic name for the forwarding dev pointer (Ariel Levkovich) [Orabug: 34481188] - net/mlx5e: Refactor rx handler of represetor device (Ariel Levkovich) [Orabug: 34481188] - net/mlx5: DR, Add check for unsupported fields in match param (Muhammad Sammar) [Orabug: 34481188] - net/mlx5: Allow skipping counter refresh on creation (Paul Blakey) [Orabug: 34481188] - net/mlx5: CT: Remove warning of ignore_flow_level support for VFs (Paul Blakey) [Orabug: 34481188] - net/mlx5: Add esw assignment back in mlx5e_tc_sample_unoffload() (Nathan Chancellor) [Orabug: 34481188] - net: mellanox: mlxbf_gige: Replace non-standard interrupt handling (Asmaa Mnebhi) [Orabug: 34481188] - mlxsw: spectrum_qdisc: Offload root TBF as port shaper (Petr Machata) [Orabug: 34481188] - RDMA/core: Fix missed initialization of rdma_hw_stats::lock (Mark Zhang) [Orabug: 34481188] - RDMA/umem: Allow pinned dmabuf umem usage (Gal Pressman) [Orabug: 34481188] - net/mlx5: Lag, Make mlx5_lag_is_multipath() be static inline (Maor Dickman) [Orabug: 34481188] - net/mlx5e: Prevent HW-GRO and CQE-COMPRESS features operate together (Khalid Manaa) [Orabug: 34481188] - net/mlx5e: Add HW-GRO offload (Khalid Manaa) [Orabug: 34481188] - net/mlx5e: Add HW_GRO statistics (Khalid Manaa) [Orabug: 34481188] - net/mlx5e: HW_GRO cqe handler implementation (Khalid Manaa) [Orabug: 34481188] - net/mlx5e: Add data path for SHAMPO feature (Ben Ben-Ishay) [Orabug: 34481188] - net/mlx5e: Add handle SHAMPO cqe support (Khalid Manaa) [Orabug: 34481188] - net/mlx5e: Add control path for SHAMPO feature (Ben Ben-Ishay) [Orabug: 34481188] - net/mlx5e: Add support to klm_umr_wqe (Ben Ben-Ishay) [Orabug: 34481188] - net/mlx5: Add SHAMPO caps, HW bits and enumerations (Ben Ben-Ishay) [Orabug: 34481188] - lib: bitmap: Introduce node-aware alloc API (Tariq Toukan) [Orabug: 34481188] - net/mlx5: remove the recent devlink params (Jakub Kicinski) [Orabug: 34481188] - mlxsw: spectrum_router: Expose RIF MAC profiles to devlink resource (Danielle Ratson) [Orabug: 34481188] - mlxsw: spectrum_router: Add RIF MAC profiles support (Danielle Ratson) [Orabug: 34481188] - mlxsw: spectrum_router: Propagate extack further (Danielle Ratson) [Orabug: 34481188] - mlxsw: resources: Add resource identifier for RIF MAC profiles (Danielle Ratson) [Orabug: 34481188] - mlxsw: reg: Add MAC profile ID field to RITR register (Danielle Ratson) [Orabug: 34481188] - net/mlx5: SF_DEV Add SF device trace points (Parav Pandit) [Orabug: 34481188] - net/mlx5: SF, Add SF trace points (Parav Pandit) [Orabug: 34481188] - net/mlx5: Let user configure max_macs param (Shay Drory) [Orabug: 34481188] - net/mlx5: Let user configure event_eq_size param (Shay Drory) [Orabug: 34481188] - net/mlx5: Let user configure io_eq_size param (Shay Drory) [Orabug: 34481188] - net/mlx5: Bridge, support replacing existing FDB entry (Vlad Buslov) [Orabug: 34481188] - net/mlx5: Bridge, extract code to lookup and del/notify entry (Vlad Buslov) [Orabug: 34481188] - net/mlx5: Add periodic update of host time to firmware (Aya Levin) [Orabug: 34481188] - net/mlx5: Print health buffer by log level (Aya Levin) [Orabug: 34481188] - net/mlx5: Extend health buffer dump (Aya Levin) [Orabug: 34481188] - net/mlx5: Reduce flow counters bulk query buffer size for SFs (Avihai Horon) [Orabug: 34481188] - net/mlx5: Fix unused function warning of mlx5i_flow_type_mask (Shay Drory) [Orabug: 34481188] - net/mlx5: Remove unnecessary checks for slow path flag (Paul Blakey) [Orabug: 34481188] - net/mlx5e: don't write directly to netdev->dev_addr (Jakub Kicinski) [Orabug: 34481188] - RDMA/mlx5: Use dev_addr_mod() (Jakub Kicinski) [Orabug: 34481188] - mlxsw: spectrum: Use 'bitmap_zalloc()' when applicable (Christophe JAILLET) [Orabug: 34481188] - dma-buf: move dma-buf symbols into the DMA_BUF module namespace (Greg Kroah-Hartman) [Orabug: 34481188] - net: convert users of bitmap_foo() to linkmode_foo() (Sean Anderson) [Orabug: 34481188] - mlx5: fix build after merge (Jakub Kicinski) [Orabug: 34481188] - ethernet: mlxsw: use eth_hw_addr_gen() (Jakub Kicinski) [Orabug: 34481188] - RDMA/mlx5: Move struct mlx5_core_mkey to mlx5_ib (Aharon Landau) [Orabug: 34481188] - RDMA/mlx5: Replace struct mlx5_core_mkey by u32 key (Aharon Landau) [Orabug: 34481188] - RDMA/mlx5: Remove pd from struct mlx5_core_mkey (Aharon Landau) [Orabug: 34481188] - RDMA/mlx5: Remove size from struct mlx5_core_mkey (Aharon Landau) [Orabug: 34481188] - RDMA/mlx5: Remove iova from struct mlx5_core_mkey (Aharon Landau) [Orabug: 34481188] - mlxsw: spectrum_qdisc: Make RED, TBF offloads classful (Petr Machata) [Orabug: 34481188] - mlxsw: spectrum_qdisc: Validate qdisc topology (Petr Machata) [Orabug: 34481188] - mlxsw: spectrum_qdisc: Clean stats recursively when priomap changes (Petr Machata) [Orabug: 34481188] - mlxsw: spectrum_qdisc: Unify graft validation (Petr Machata) [Orabug: 34481188] - mlxsw: spectrum_qdisc: Destroy children in mlxsw_sp_qdisc_destroy() (Petr Machata) [Orabug: 34481188] - mlxsw: spectrum_qdisc: Extract two helpers for handling future FIFOs (Petr Machata) [Orabug: 34481188] - mlxsw: spectrum_qdisc: Query tclass / priomap instead of caching it (Petr Machata) [Orabug: 34481188] - net/mlx5: E-Switch, Increase supported number of forward destinations to 32 (Maor Dickman) [Orabug: 34481188] - net/mlx5: E-Switch, Use dynamic alloc for dest array (Maor Dickman) [Orabug: 34481188] - net/mlx5: Lag, use steering to select the affinity port in LAG (Maor Gottlieb) [Orabug: 34481188] - net/mlx5: Lag, add support to create/destroy/modify port selection (Maor Gottlieb) [Orabug: 34481188] - net/mlx5: Lag, add support to create TTC tables for LAG port selection (Maor Gottlieb) [Orabug: 34481188] - net/mlx5: Lag, add support to create definers for LAG (Maor Gottlieb) [Orabug: 34481188] - net/mlx5: Lag, set match mask according to the traffic type bitmap (Maor Gottlieb) [Orabug: 34481188] - net/mlx5: Lag, set LAG traffic type mapping (Maor Gottlieb) [Orabug: 34481188] - net/mlx5: Lag, move lag files into directory (Maor Gottlieb) [Orabug: 34481188] - net/mlx5: Introduce new uplink destination type (Maor Gottlieb) [Orabug: 34481188] - net/mlx5: Add support to create match definer (Maor Gottlieb) [Orabug: 34481188] - net/mlx5: Introduce port selection namespace (Maor Gottlieb) [Orabug: 34481188] - net/mlx5: Support partial TTC rules (Maor Gottlieb) [Orabug: 34481188] - mlx5: prevent 64bit divide (Jakub Kicinski) [Orabug: 34481188] - habanalabs: add support for dma-buf exporter (Tomer Tayar) [Orabug: 34481188] - net/mlx5: Use system_image_guid to determine bonding (Rongwei Liu) [Orabug: 34481188] - net/mlx5: Use native_port_num as 1st option of device index (Rongwei Liu) [Orabug: 34481188] - net/mlx5: Introduce new device index wrapper (Rongwei Liu) [Orabug: 34481188] - net/mlx5: Check return status first when querying system_image_guid (Rongwei Liu) [Orabug: 34481188] - net/mlx5: DR, Prefer kcalloc over open coded arithmetic (Len Baker) [Orabug: 34481188] - net/mlx5e: Add extack msgs related to TC for better debug (Abhiram R N) [Orabug: 34481188] - net/mlx5: CT: Fix missing cleanup of ct nat table on init failure (Paul Blakey) [Orabug: 34481188] - net/mlx5: Disable roce at HCA level (Shay Drory) [Orabug: 34481188] - net/mlx5i: Enable Rx steering for IPoIB via ethtool (Moosa Baransi) [Orabug: 34481188] - net/mlx5: Bridge, provide flow source hints (Vlad Buslov) [Orabug: 34481188] - net/mlx5: Read timeout values from DTOR (Amir Tzin) [Orabug: 34481188] - net/mlx5: Read timeout values from init segment (Amir Tzin) [Orabug: 34481188] - net/mlx5: Add layout to support default timeouts register (Amir Tzin) [Orabug: 34481188] - ethernet: constify references to netdev->dev_addr in drivers (Jakub Kicinski) [Orabug: 34481188] - mlxsw: spectrum_qdisc: Introduce per-TC ECN counters (Petr Machata) [Orabug: 34481188] - mlxsw: reg: Add ecn_marked_tc to Per-TC Congestion Counters (Petr Machata) [Orabug: 34481188] - mlxsw: reg: Rename MLXSW_REG_PPCNT_TC_CONG_TC to _CNT (Petr Machata) [Orabug: 34481188] - mlxsw: reg: Fix a typo in a group heading (Petr Machata) [Orabug: 34481188] - devlink: Don't throw an error if flash notification sent before devlink visible (Leon Romanovsky) [Orabug: 34481188] - devlink: fix flexible_array.cocci warning (Guo Zhengkui) [Orabug: 34481188] - ethtool: don't drop the rtnl_lock half way thru the ioctl (Jakub Kicinski) [Orabug: 34481188] - devlink: expose get/put functions (Jakub Kicinski) [Orabug: 34481188] - ethtool: handle info/flash data copying outside rtnl_lock (Jakub Kicinski) [Orabug: 34481188] - ethtool: push the rtnl_lock into dev_ethtool() (Jakub Kicinski) [Orabug: 34481188] - devlink: make all symbols GPL-only (Jakub Kicinski) [Orabug: 34481188] - devlink: Simplify internal devlink params implementation (Leon Romanovsky) [Orabug: 34481188] IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-2196 cpe:/o:oracle:linux:9::baseos_developer cpe:/a:oracle:linux:8::UEKR7 cpe:/o:oracle:linux:9:1:baseos_patch cpe:/a:oracle:linux:9::UEKR7 cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [0.11.3-4.el9_1.3] - Fixed a vulnerability in pcs-web-ui-node-modules - Resolves: rhbz#2179900 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-28154 cpe:/a:oracle:linux:9::addons Oracle Linux 9 [22.1-7.0.3.el9_1] - Fix log file permission [Orabug: 35302969] [22.1-7.0.2.el9_1] - Fix CVE-2023-1786 [Orabug: 35302969] IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-1786 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 IMPORTANT Copyright 2023 Oracle, Inc. cpe:/a:oracle:linux:9::graalvm_community Oracle Linux 9 IMPORTANT Copyright 2023 Oracle, Inc. cpe:/a:oracle:linux:9::graalvm_community Oracle Linux 9 IMPORTANT Copyright 2023 Oracle, Inc. cpe:/a:oracle:linux:9::graalvm_community Oracle Linux 9 IMPORTANT Copyright 2023 Oracle, Inc. cpe:/a:oracle:linux:9::graalvm_community Oracle Linux 9 [6.1.1-6.el9] - Update changelog (Karl Heubaum) [Orabug: 35343538] - ebpf: fix compatibility with libbpf 1.0+ (Shreesh Adiga) [Orabug: 35268538] - ebpf: replace deprecated bpf_program__set_socket_filter (Haochen Tong) [Orabug: 35268538] - CVE-2023-1544 is not applicable to Oracle QEMU 6.1.1 (Karl Heubaum) [Orabug: 35305727] {CVE-2023-1544} - virtio-gpu: do not byteswap padding (Paolo Bonzini) [Orabug: 35304723] - KVM: x86: workaround invalid CPUID[0xD,9] info on some AMD processors (Paolo Bonzini) [Orabug: 35241527] - qemu-kvm.spec: fix Linux io_uring support (Mark Kanda) [Orabug: 35265200] - hw/intc/ioapic: Update KVM routes before redelivering IRQ, on RTE update (David Woodhouse) [Orabug: 35219290] [6.1.1-5.el9] - hw/pvrdma: Protect against buggy or malicious guest driver (Yuval Shaia) [Orabug: 35064352] {CVE-2022-1050} - hw/display/qxl: Assert memory slot fits in preallocated MemoryRegion (Philippe Mathieu-Daude) [Orabug: 35060182] - hw/display/qxl: Avoid buffer overrun in qxl_phys2virt (CVE-2022-4144) (Philippe Mathieu-Daude) [Orabug: 35060182] {CVE-2022-4144} - hw/display/qxl: Pass requested buffer size to qxl_phys2virt() (Philippe Mathieu-Daude) [Orabug: 35060182] - hw/display/qxl: Document qxl_phys2virt() (Philippe Mathieu-Daude) [Orabug: 35060182] - hw/display/qxl: Have qxl_log_command Return early if no log_cmd handler (Philippe Mathieu-Daude) [Orabug: 35060182] - ui/vnc-clipboard: fix integer underflow in vnc_client_cut_text_ext (Mauro Matteo Cascella) [Orabug: 35060115] {CVE-2022-3165} - hw/arm/virt: build SMBIOS 19 table (Mihai Carabas) - vl: Add an -action option to override MCE handling (Mark Kanda) [Orabug: 34779160] - hw/acpi/erst.c: Fix memory handling issues (Christian A. Ehrhardt) [Orabug: 34779541] {CVE-2022-4172} - target/i386: kvm: do not access uninitialized variable on older kernels (Paolo Bonzini) [Orabug: 34492975] - x86: Support XFD and AMX xsave data migration (Zeng Guang) [Orabug: 34492975] - x86: add support for KVM_CAP_XSAVE2 and AMX state migration (Jing Liu) [Orabug: 34492975] - x86: Add AMX CPUIDs enumeration (Jing Liu) [Orabug: 34492975] - x86: Add XFD faulting bit for state components (Jing Liu) [Orabug: 34492975] - x86: Grant AMX permission for guest (Yang Zhong) [Orabug: 34492975] - x86: Add AMX XTILECFG and XTILEDATA components (Jing Liu) [Orabug: 34492975] - x86: Fix the 64-byte boundary enumeration for extended state (Jing Liu) [Orabug: 34492975] - linux-headers: include missing changes from 5.17 (Paolo Bonzini) [Orabug: 34492975] - linux-headers: Update headers to v5.17-rc1 (Vivek Goyal) [Orabug: 34492975] - linux-headers: update to 5.16-rc1 (Paolo Bonzini) [Orabug: 34492975] - i386/pc: restrict AMD only enforcing of 1Tb hole to new machine type (Joao Martins) - i386/pc: relocate 4g start to 1T where applicable (Joao Martins) - i386/pc: bounds check phys-bits against max used GPA (Joao Martins) - i386/pc: factor out device_memory base/size to helper (Joao Martins) - i386/pc: factor out above-4g end to an helper (Joao Martins) - i386/pc: pass pci_hole64_size to pc_memory_init() (Joao Martins) - i386/pc: create pci-host qdev prior to pc_memory_init() (Joao Martins) - hw/i386: add 4g boundary start to X86MachineState (Joao Martins) - vhost-vdpa: fix assert !virtio_net_get_subqueue(nc)->async_tx.elem in virtio_net_reset (Si-Wei Liu) - net/vhost-vdpa.c: Fix clang compilation failure (Peter Maydell) - vhost-vdpa: allow passing opened vhostfd to vhost-vdpa (Si-Wei Liu) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-1544 cpe:/a:oracle:linux:9::kvm_utils Oracle Linux 8 Oracle Linux 9 [5.15.0-101.103.2.1] - Revert 'attr: use consistent sgid stripping checks' (Sherry Yang) [Orabug: 35346968] - Revert 'iommu: Force iommu shutdown on panic' (Boris Ostrovsky) [Orabug: 35346963] [5.15.0-101.103.2] - uek-rpm: mod-extra: Remove mt7921e.ko from extras list (Harshit Mogalapalli) [Orabug: 34999685] - crypto: allow ECDH and ECDSA algorithms in FIPS (Saeed Mirzamohammadi) [Orabug: 35230211] - uek-rpm: make CRYPTO_ECDSA builtin (Saeed Mirzamohammadi) [Orabug: 35230211] - KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode (Marc Zyngier) [Orabug: 35243389] - net/mlx5: Fix memory leak in error flow of port set buffer (Maher Sanalla) [Orabug: 35246355] - net/mlx5e: Update shared buffer along with device buffer changes (Maher Sanalla) [Orabug: 35246355] - net/mlx5e: Add API to query/modify SBPR and SBCM registers (Maher Sanalla) [Orabug: 35246355] - net/mlx5: Expose shared buffer registers bits and structs (Maher Sanalla) [Orabug: 35246355] - PCI: Work around Intel I210 ROM BAR overlap defect (Bjorn Helgaas) [Orabug: 35250975] - net/rds: Adding TCP stats for TCP keepalive timeout (Nagappan Ramasamy Palaniappan) [Orabug: 35254377] - rds: slight code cleanup of RDS checksum code (William Kucharski) [Orabug: 35262486] - x86/acpi/boot: Correct acpi_is_processor_usable() check (Eric DeVolder) [Orabug: 35274587] - x86/ACPI/boot: Use FADT version to check support for online capable (Mario Limonciello) [Orabug: 35274587] - x86/acpi/boot: Do not register processors that cannot be onlined for x2APIC (Kishon Vijay Abraham I) [Orabug: 35274587] - x86/ACPI: Don't add CPUs that are not online capable (Mario Limonciello) [Orabug: 35274587] - ACPICA: Add support for MADT online enabled bit (Mario Limonciello) [Orabug: 35274587] - net/rds: use appropriate reason while dropping a connection (Praveen Kumar Kannoju) [Orabug: 35278121] - KVM: nVMX: add missing consistency checks for CR0 and CR4 (Paolo Bonzini) [Orabug: 35278210] {CVE-2023-30456} - Revert 'scsi: megaraid_sas: Skip syncing the RAID map on older controllers' (Sherry Yang) [Orabug: 35285941] [5.15.0-101.103.1] - Revert 'Revert 'x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments'' (Tom Saeger) - Revert 'Revert 'Makefile: link with -z noexecstack --no-warn-rwx-segments'' (Tom Saeger) - LTS version: v5.15.103 (Jack Vogel) - Makefile: use -gdwarf-{4|5} for assembler for DEBUG_INFO_DWARF{4|5} (Nick Desaulniers) - KVM: VMX: Fix crash due to uninitialized current_vmcs (Alexandru Matei) - KVM: VMX: Introduce vmx_msr_bitmap_l01_changed() helper (Vitaly Kuznetsov) - KVM: nVMX: Don't use Enlightened MSR Bitmap for L3 (Vitaly Kuznetsov) - fs: hold writers when changing mount's idmapping (Christian Brauner) - UML: define RUNTIME_DISCARD_EXIT (Masahiro Yamada) - xfs: remove xfs_setattr_time() declaration (Gaosheng Cui) - KVM: fix memoryleak in kvm_init() (Miaohe Lin) - tools bpftool: Fix compilation error with new binutils (Andres Freund) - tools bpf_jit_disasm: Fix compilation error with new binutils (Andres Freund) - tools perf: Fix compilation error with new binutils (Andres Freund) - tools include: add dis-asm-compat.h to handle version differences (Andres Freund) - tools build: Add feature test for init_disassemble_info API changes (Andres Freund) - sh: define RUNTIME_DISCARD_EXIT (Tom Saeger) - s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU ld < 2.36 (Masahiro Yamada) - powerpc/vmlinux.lds: Don't discard .rela* for relocatable builds (Michael Ellerman) - powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT (Michael Ellerman) - arch: fix broken BuildID for arm64 and riscv (Masahiro Yamada) - ext4: block range must be validated before use in ext4_mb_clear_bb() (Lukas Czerner) - ext4: add strict range checks while freeing blocks (Ritesh Harjani) - ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid() (Ritesh Harjani) - ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb() (Ritesh Harjani) - filelocks: use mount idmapping for setlease permission check (Seth Forshee) - media: rc: gpio-ir-recv: add remove function (Li Jun) - media: ov5640: Fix analogue gain control (Paul Elder) - scripts: handle BrokenPipeError for python scripts (Masahiro Yamada) - PCI: Add SolidRun vendor ID (Alvaro Karsz) - macintosh: windfarm: Use unsigned type for 1-bit bitfields (Nathan Chancellor) - alpha: fix R_ALPHA_LITERAL reloc for large modules (Edward Humes) - powerpc/kcsan: Exclude udelay to prevent recursive instrumentation (Rohan McLure) - powerpc/iommu: fix memory leak with using debugfs_lookup() (Greg Kroah-Hartman) - MIPS: Fix a compilation issue (xurui) - fs: use consistent setgid checks in is_sxid() (Christian Brauner) - attr: use consistent sgid stripping checks (Christian Brauner) - attr: add setattr_should_drop_sgid() (Christian Brauner) - fs: move should_remove_suid() (Christian Brauner) - attr: add in_group_or_capable() (Christian Brauner) - fs: move S_ISGID stripping into the vfs_*() helpers (Yang Xu) - fs: add mode_strip_sgid() helper (Yang Xu) - xfs: set prealloc flag in xfs_alloc_file_space() (Dave Chinner) - xfs: fallocate() should call file_modified() (Dave Chinner) - xfs: remove XFS_PREALLOC_SYNC (Dave Chinner) - xfs: use setattr_copy to set vfs inode attributes (Darrick J. Wong) - tpm/eventlog: Don't abort tpm_read_log on faulty ACPI address (Morten Linderud) - watch_queue: fix IOC_WATCH_QUEUE_SET_SIZE alloc error paths (David Disseldorp) - staging: rtl8723bs: Fix key-store index handling (Hans de Goede) - staging: rtl8723bs: fix placement of braces (Hannes Braun) - Staging: rtl8723bs: Placing opening { braces in previous line (Jagath Jog J) - staging: rtl8723bs: clean up comparsions to NULL (Michael Straube) - iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter (Gavrilov Ilia) - iommu/amd: Fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (Kim Phillips) - iommu/amd: Add PCI segment support for ivrs_[ioapic/hpet/acpihid] commands (Suravee Suthikulpanit) - nbd: use the correct block_device in nbd_bdev_reset (Christoph Hellwig) - irqdomain: Fix mapping-creation race (Johan Hovold) - ext4: Fix deadlock during directory rename (Jan Kara) - RISC-V: Don't check text_mutex during stop_machine (Conor Dooley) - s390/ftrace: remove dead code (Heiko Carstens) - riscv: Use READ_ONCE_NOCHECK in imprecise unwinding stack mode (Alexandre Ghiti) - af_unix: fix struct pid leaks in OOB support (Eric Dumazet) - af_unix: Remove unnecessary brackets around CONFIG_AF_UNIX_OOB. (Kuniyuki Iwashima) - net: dsa: mt7530: permit port 5 to work without port 6 on MT7621 SoC (Vladimir Oltean) - SUNRPC: Fix a server shutdown leak (Benjamin Coddington) - octeontx2-af: Unlock contexts in the queue context cache in case of fault detection (Suman Ghosh) - net/smc: fix fallback failed while sendmsg with fastopen (D. Wythe) - platform: x86: MLX_PLATFORM: select REGMAP instead of depending on it (Randy Dunlap) - netfilter: conntrack: adopt safer max chain length (Eric Dumazet) - scsi: megaraid_sas: Update max supported LD IDs to 240 (Chandrakanth Patil) - net: ethernet: mtk_eth_soc: fix RX data corruption issue (Daniel Golle) - net: phy: smsc: fix link up detection in forced irq mode (Heiner Kallweit) - net: phy: smsc: Cache interrupt mask (Lukas Wunner) - btf: fix resolving BTF_KIND_VAR after ARRAY, STRUCT, UNION, PTR (Lorenz Bauer) - netfilter: tproxy: fix deadlock due to missing BH disable (Florian Westphal) - netfilter: ctnetlink: revert to dumping mark regardless of event type (Ivan Delalande) - bnxt_en: Avoid order-5 memory allocation for TPA data (Michael Chan) - net: phylib: get rid of unnecessary locking (Russell King (Oracle)) - net: stmmac: add to set device wake up flag when stmmac init phy (Rongguang Wei) - drm/msm/dpu: fix len of sc7180 ctl blocks (Dmitry Baryshkov) - bpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser() (Liu Jian) - ice: copy last block omitted in ice_get_module_eeprom() (Petr Oros) - net: caif: Fix use-after-free in cfusbl_device_notify() (Shigeru Yoshida) - net: lan78xx: fix accessing the LAN7800's internal phy specific registers from the MAC driver (Yuiko Oshino) - perf stat: Fix counting when initial delay configured (Changbin Du) - selftests: nft_nat: ensuring the listening side is up before starting the client (Hangbin Liu) - ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping() (Eric Dumazet) - powerpc: dts: t1040rdb: fix compatible string for Rev A boards (Vladimir Oltean) - nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties (Kang Chen) - bgmac: fix *initial* chip reset to support BCM5358 (Rafal Milecki) - drm/msm/a5xx: fix context faults during ring switch (Dmitry Baryshkov) - drm/msm/a5xx: fix the emptyness check in the preempt code (Dmitry Baryshkov) - drm/msm/a5xx: fix highest bank bit for a530 (Dmitry Baryshkov) - drm/msm/a5xx: fix setting of the CP_PREEMPT_ENABLE_LOCAL register (Dmitry Baryshkov) - drm/msm: Fix potential invalid ptr free (Rob Clark) - drm/nouveau/kms/nv50: fix nv50_wndw_new_ prototype (Jiri Slaby (SUSE)) - drm/nouveau/kms/nv50-: remove unused functions (Ben Skeggs) - ext4: Fix possible corruption when moving a directory (Jan Kara) - regulator: core: Use ktime_get_boottime() to determine how long a regulator was off (Matthias Kaehlcke) - regulator: core: Fix off-on-delay-us for always-on/boot-on regulators (Christian Kohlschutter) - regulator: Flag uncontrollable regulators as always_on (Mark Brown) - scsi: core: Remove the /proc/scsi/ directory earlier (Bart Van Assche) - riscv: Add header include guards to insn.h (Liao Chang) - riscv: Avoid enabling interrupts in die() (Mattias Nissler) - RISC-V: Avoid dereferening NULL regs in die() (Palmer Dabbelt) - arm64: efi: Make efi_rt_lock a raw_spinlock (Pierre Gondois) - brd: mark as nowait compatible (Jens Axboe) - block/brd: add error handling support for add_disk() (Luis Chamberlain) - iommu/vt-d: Fix PASID directory pointer coherency (Jacob Pan) - irqdomain: Refactor __irq_domain_alloc_irqs() (Johan Hovold) - f2fs: retry to update the inode page given data corruption (Jaegeuk Kim) - f2fs: do not bother checkpoint by f2fs_get_node_info (Jaegeuk Kim) - f2fs: avoid down_write on nat_tree_lock during checkpoint (Jaegeuk Kim) - udf: Fix off-by-one error when discarding preallocation (Jan Kara) - fs: dlm: start midcomms before scand (Alexander Aring) - fs: dlm: add midcomms init/start functions (Alexander Aring) - fs: dlm: fix log of lowcomms vs midcomms (Alexander Aring) - KVM: SVM: Process ICR on AVIC IPI delivery failure due to invalid target (Sean Christopherson) - KVM: SVM: Don't rewrite guest ICR on AVIC IPI virtualization failure (Sean Christopherson) - KVM: Register /dev/kvm as the _very_ last thing during initialization (Sean Christopherson) - KVM: Pre-allocate cpumasks for kvm_make_all_cpus_request_except() (Vitaly Kuznetsov) - KVM: Optimize kvm_make_vcpus_request_mask() a bit (Vitaly Kuznetsov) - nfc: change order inside nfc_se_io error path (Fedor Pchelkin) - ext4: zero i_disksize when initializing the bootloader inode (Zhihao Cheng) - ext4: fix WARNING in ext4_update_inline_data (Ye Bin) - ext4: move where set the MAY_INLINE_DATA flag is set (Ye Bin) - ext4: fix another off-by-one fsmap error on 1k block filesystems (Darrick J. Wong) - ext4: fix RENAME_WHITEOUT handling for inline directories (Eric Whitney) - ext4: fix cgroup writeback accounting with fs-layer encryption (Eric Biggers) - staging: rtl8723bs: Pass correct parameters to cfg80211_get_bss() (Hans de Goede) - drm/connector: print max_requested_bpc in state debugfs (Harry Wentland) - drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc15 (Alex Deucher) - x86/CPU/AMD: Disable XSAVES on AMD family 0x17 (Andrew Cooper) - fork: allow CLONE_NEWTIME in clone3 flags (Tobias Klauser) - perf inject: Fix --buildid-all not to eat up MMAP2 (Namhyung Kim) - btrfs: fix percent calculation for bg reclaim message (Johannes Thumshirn) - LTS version: v5.15.102 (Jack Vogel) - staging: rtl8192e: Remove call_usermodehelper starting RadioPower.sh (Philipp Hortmann) - staging: rtl8192e: Remove function ..dm_check_ac_dc_power calling a script (Philipp Hortmann) - wifi: cfg80211: Partial revert 'wifi: cfg80211: Fix use after free for wext' (Hector Martin) - LTS version: v5.15.101 (Jack Vogel) - Revert 'drm/i915: Don't use BAR mappings for ring buffers with LLC' (Greg Kroah-Hartman) - LTS version: v5.15.100 (Jack Vogel) - usb: gadget: uvc: fix missing mutex_unlock() if kstrtou8() fails (Yang Yingliang) - malidp: Fix NULL vs IS_ERR() checking (Miaoqian Lin) - scsi: mpt3sas: Remove usage of dma_get_required_mask() API (Sreekanth Reddy) - scsi: mpt3sas: re-do lost mpt3sas DMA mask fix (Sreekanth Reddy) - scsi: mpt3sas: Don't change DMA mask while reallocating pools (Sreekanth Reddy) - Revert 'scsi: mpt3sas: Fix return value check of dma_get_required_mask()' (Salvatore Bonaccorso) - drm/virtio: Fix error code in virtio_gpu_object_shmem_init() (Harshit Mogalapalli) - media: uvcvideo: Fix race condition with usb_kill_urb (Ricardo Ribalda) - Bluetooth: hci_sock: purge socket queues in the destruct() callback (Nguyen Dinh Phi) - drm/display/dp_mst: Fix down message handling after a packet reception error (Imre Deak) - drm/display/dp_mst: Fix down/up message handling after sink disconnect (Imre Deak) - x86/resctl: fix scheduler confusion with 'current' (Linus Torvalds) - net: tls: avoid hanging tasks on the tx_lock (Jakub Kicinski) - soundwire: cadence: Drain the RX FIFO after an IO timeout (Richard Fitzgerald) - soundwire: cadence: Remove wasted space in response_buf (Richard Fitzgerald) - phy: rockchip-typec: Fix unsigned comparison with less than zero (Jiapeng Chong) - PCI: Add ACS quirk for Wangxun NICs (Mengyuan Lou) - PCI: loongson: Add more devices that need MRRS quirk (Huacai Chen) - kernel/fail_function: fix memory leak with using debugfs_lookup() (Greg Kroah-Hartman) - drivers: base: dd: fix memory leak with using debugfs_lookup() (Greg Kroah-Hartman) - drivers: base: component: fix memory leak with using debugfs_lookup() (Greg Kroah-Hartman) - misc: vmw_balloon: fix memory leak with using debugfs_lookup() (Greg Kroah-Hartman) - tty: pcn_uart: fix memory leak with using debugfs_lookup() (Greg Kroah-Hartman) - PCI: Take other bus devices into account when distributing resources (Mika Westerberg) - PCI: Align extra resources for hotplug bridges properly (Mika Westerberg) - usb: gadget: uvc: Make bSourceID read/write (Daniel Scally) - usb: uvc: Enumerate valid values for color matching (Daniel Scally) - USB: ene_usb6250: Allocate enough memory for full object (Kees Cook) - usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math (Kees Cook) - USB: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup() (Greg Kroah-Hartman) - USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() (Greg Kroah-Hartman) - USB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup() (Greg Kroah-Hartman) - USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() (Greg Kroah-Hartman) - USB: gadget: gr_udc: fix memory leak with using debugfs_lookup() (Greg Kroah-Hartman) - USB: isp1362: fix memory leak with using debugfs_lookup() (Greg Kroah-Hartman) - USB: isp116x: fix memory leak with using debugfs_lookup() (Greg Kroah-Hartman) - USB: fotg210: fix memory leak with using debugfs_lookup() (Greg Kroah-Hartman) - USB: sl811: fix memory leak with using debugfs_lookup() (Greg Kroah-Hartman) - USB: uhci: fix memory leak with using debugfs_lookup() (Greg Kroah-Hartman) - USB: chipidea: fix memory leak with using debugfs_lookup() (Greg Kroah-Hartman) - USB: dwc3: fix memory leak with using debugfs_lookup() (Greg Kroah-Hartman) - PCI: loongson: Prevent LS7A MRRS increases (Huacai Chen) - soundwire: bus_type: Avoid lockdep assert in sdw_drv_probe() (Richard Fitzgerald) - iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word() (Harshit Mogalapalli) - iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word() (Harshit Mogalapalli) - tools/iio/iio_utils:fix memory leak (Yulong Zhang) - mei: bus-fixup:upon error print return values of send and receive (Alexander Usyskin) - serial: sc16is7xx: setup GPIO controller later in probe (Isaac True) - tty: serial: fsl_lpuart: disable the CTS when send break signal (Sherry Sun) - tty: fix out-of-bounds access in tty_driver_lookup_tty() (Sven Schnelle) - staging: emxx_udc: Add checks for dma_alloc_coherent() (Yuan Can) - USB: fix memory leak with using debugfs_lookup() (Greg Kroah-Hartman) - media: uvcvideo: Silence memcpy() run-time false positive warnings (Kees Cook) - media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910 (Ricardo Ribalda) - media: uvcvideo: Handle errors from calls to usb_string (Guenter Roeck) - media: uvcvideo: Handle cameras with invalid descriptors (Ricardo Ribalda) - media: uvcvideo: Remove format descriptions (Laurent Pinchart) - iommu/amd: Fix error handling for pdev_pri_ats_enable() (Vasant Hegde) - IB/hfi1: Update RMT size calculation (Dean Luick) - mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak (Liang He) - bootconfig: Increase max nodes of bootconfig from 1024 to 8192 for DCC support (Souradeep Chowdhury) - firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3 (Darrell Kavanagh) - kernel/printk/index.c: fix memory leak with using debugfs_lookup() (Greg Kroah-Hartman) - tracing: Add NULL checks for buffer in ring_buffer_free_read_page() (Jia-Ju Bai) - thermal: intel: BXT_PMIC: select REGMAP instead of depending on it (Randy Dunlap) - thermal: intel: quark_dts: fix error pointer dereference (Dan Carpenter) - ASoC: mediatek: mt8195: add missing initialization (Trevor Wu) - ASoC: zl38060 add gpiolib dependency (Arnd Bergmann) - ASoC: zl38060: Remove spurious gpiolib select (Mark Brown) - ASoC: adau7118: don't disable regulators on device unbind (Nuno Sa) - loop: loop_set_status_from_info() check before assignment (Zhong Jinghua) - rtc: allow rtc_read_alarm without read_alarm callback (Alexandre Belloni) - scsi: ipr: Work around fortify-string warning (Arnd Bergmann) - genirq: Add and use an irq_data_update_affinity helper (Samuel Holland) - genirq: Refactor accessors to use irq_data_get_affinity_mask (Samuel Holland) - rtc: sun6i: Always export the internal oscillator (Samuel Holland) - vc_screen: modify vcs_size() handling in vcs_read() (George Kennedy) - tcp: tcp_check_req() can be called from process context (Eric Dumazet) - ARM: dts: spear320-hmi: correct STMPE GPIO compatible (Krzysztof Kozlowski) - net/sched: act_sample: fix action bind logic (Pedro Tammela) - net/sched: act_mpls: fix action bind logic (Pedro Tammela) - net/sched: act_pedit: fix action bind logic (Pedro Tammela) - net/sched: transition act_pedit to rcu and percpu stats (Pedro Tammela) - nfc: fix memory leak of se_io context in nfc_genl_se_io (Fedor Pchelkin) - net/mlx5: Geneve, Fix handling of Geneve object id as error code (Maor Dickman) - net/mlx5e: Verify flow_source cap before using it (Roi Dayan) - 9p/rdma: unmap receive dma buffer in rdma_request()/post_recv() (Zhengchao Shao) - 9p/xen: fix connection sequence (Juergen Gross) - 9p/xen: fix version parsing (Juergen Gross) - net: fix __dev_kfree_skb_any() vs drop monitor (Eric Dumazet) - octeontx2-pf: Use correct struct reference in test condition (Deepak R Varma) - sctp: add a refcnt in sctp_stream_priorities to avoid a nested loop (Xin Long) - ipv6: Add lwtunnel encap size of all siblings in nexthop calculation (Lu Wei) - netfilter: x_tables: fix percpu counter block leak on error path when creating new netns (Pavel Tikhomirov) - netfilter: ebtables: fix table blob use-after-free (Florian Westphal) - netfilter: ctnetlink: fix possible refcount leak in ctnetlink_create_conntrack() (Hangyu Hua) - watchdog: sbsa_wdog: Make sure the timeout programming is within the limits (George Cherian) - watchdog: pcwd_usb: Fix attempting to access uninitialized memory (Li Hua) - watchdog: Fix kmemleak in watchdog_cdev_register (Chen Jun) - watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path (ruanjinjie) - um: virt-pci: properly remove PCI device from bus (Benjamin Berg) - um: virtio_uml: move device breaking into workqueue (Benjamin Berg) - um: virtio_uml: mark device as unregistered when breaking it (Benjamin Berg) - um: virtio_uml: free command if adding to virtqueue failed (Benjamin Berg) - x86: um: vdso: Add '%rcx' and '%r11' to the syscall clobber list (Ammar Faizi) - netfilter: nf_tables: allow to fetch set elements when table has an owner (Pablo Neira Ayuso) - ext4: use ext4_fc_tl_mem in fast-commit replay path (Eric Biggers) - f2fs: fix to avoid potential memory corruption in __update_iostat_latency() (Yangtao Li) - ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed (Zhihao Cheng) - ubi: Fix UAF wear-leveling entry in eraseblk_count_seq_show() (Zhihao Cheng) - ubi: fastmap: Fix missed fm_anchor PEB in wear-leveling after disabling fastmap (Zhihao Cheng) - ubifs: ubifs_writepage: Mark page dirty after writing inode failed (Zhihao Cheng) - ubifs: dirty_cow_znode: Fix memleak in error handling path (Zhihao Cheng) - ubifs: Re-statistic cleaned znode count if commit failed (Zhihao Cheng) - ubi: Fix possible null-ptr-deref in ubi_free_volume() (Yang Yingliang) - ubifs: Fix memory leak in alloc_wbufs() (Li Zetao) - ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume() (Li Zetao) - ubi: Fix use-after-free when volume resizing failed (Li Zetao) - ubifs: Reserve one leb for each journal head while doing budget (Zhihao Cheng) - ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1 (Zhihao Cheng) - ubifs: Fix wrong dirty space budget for dirty inode (Zhihao Cheng) - ubifs: Rectify space budget for ubifs_xrename() (Zhihao Cheng) - ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted (Zhihao Cheng) - ubifs: Fix build errors as symbol undefined (Li Hua) - ubi: ensure that VID header offset + VID header size <= alloc, size (George Kennedy) - um: vector: Fix memory leak in vector_config (Xiang Yang) - f2fs: allow set compression option of files without blocks (Yangtao Li) - fs: f2fs: initialize fsdata in pagecache_write() (Alexander Potapenko) - f2fs: use memcpy_{to,from}_page() where possible (Eric Biggers) - pwm: stm32-lp: fix the check on arr and cmp registers update (Fabrice Gasnier) - pwm: sifive: Always let the first pwm_apply_state succeed (Emil Renner Berthing) - pwm: sifive: Reduce time the controller lock is held (Uwe Kleine-Konig) - objtool: Fix memory leak in create_static_call_sections() (Miaoqian Lin) - fs/jfs: fix shift exponent db_agl2size negative (Liu Shixin via Jfs-discussion) - auxdisplay: hd44780: Fix potential memory leak in hd44780_remove() (Jianglei Nie) - LTS version: v5.15.99 (Jack Vogel) - kbuild: Port silent mode detection to future gnu make. (Dmitry Goncharov) - wifi: ath9k: use proper statements in conditionals (Arnd Bergmann) - arm64: dts: qcom: ipq8074: fix Gen2 PCIe QMP PHY (Robert Marko) - iommu/vt-d: Fix an unbalanced rcu_read_lock/rcu_read_unlock() (Christophe JAILLET) - media: uvcvideo: Fix memory leak of object map on error exit path (Colin Ian King) - qede: avoid uninitialized entries in coal_entry array (Michal Schmidt) - perf intel-pt: pkt-decoder: Add CFE and EVD packets (Adrian Hunter) - drm/edid: fix AVI infoframe aspect ratio handling (Jani Nikula) - drm/i915: Don't use BAR mappings for ring buffers with LLC (John Harrison) - drm/radeon: Fix eDP for single-display iMac11,2 (Mark Hawrylak) - drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv (Mavroudis Chatzilaridis) - vfio/type1: restore locked_vm (Steve Sistare) - vfio/type1: track locked_vm per dma (Steve Sistare) - vfio/type1: prevent underflow of locked_vm via exec() (Steve Sistare) - iommu/vt-d: Avoid superfluous IOTLB tracking in lazy mode (Jacob Pan) - PCI: Avoid FLR for AMD FCH AHCI adapters (Damien Le Moal) - PCI: hotplug: Allow marking devices as disconnected during bind/unbind (Lukas Wunner) - PCI/PM: Observe reset delay irrespective of bridge_d3 (Lukas Wunner) - MIPS: DTS: CI20: fix otg power gpio (H. Nikolaus Schaller) - riscv: ftrace: Reduce the detour code size to half (Guo Ren) - riscv: ftrace: Remove wasted nops for !RISCV_ISA_C (Guo Ren) - riscv, mm: Perform BPF exhandler fixup on page fault (Bjorn Topel) - riscv: jump_label: Fixup unaligned arch_static_branch function (Andy Chiu) - riscv: mm: fix regression due to update_mmu_cache change (Sergey Matyukevich) - RISC-V: add a spin_shadow_stack declaration (Conor Dooley) - scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() (Tomas Henzl) - scsi: ses: Fix possible desc_ptr out-of-bounds accesses (Tomas Henzl) - scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses (Tomas Henzl) - scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() (Tomas Henzl) - scsi: ses: Don't attach if enclosure has no components (James Bottomley) - tools/bootconfig: fix single & used for logical condition (Antonio Alvarez Feijoo) - ring-buffer: Handle race between rb_move_tail and rb_check_pages (Mukesh Ojha) - ktest.pl: Add RUN_TIMEOUT option with default unlimited (Steven Rostedt) - ktest.pl: Fix missing 'end_monitor' when machine check fails (Steven Rostedt) - ktest.pl: Give back console on Ctrt^C on monitor (Steven Rostedt) - mm/thp: check and bail out if page in deferred queue already (Yin Fengwei) - mm: memcontrol: deprecate charge moving (Johannes Weiner) - docs: gdbmacros: print newest record (John Ogness) - remoteproc/mtk_scp: Move clk ops outside send_lock (Chen-Yu Tsai) - media: ipu3-cio2: Fix PM runtime usage_count in driver unbind (Sakari Ailus) - mips: fix syscall_get_nr (Elvira Khabirova) - dax/kmem: Fix leak of memory-hotplug resources (Dan Williams) - alpha: fix FEN fault handling (Al Viro) - ceph: update the time stamps and try to drop the suid/sgid (Xiubo Li) - rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails (Ilya Dryomov) - fuse: add inode/permission checks to fileattr_get/fileattr_set (Alexander Mikhalitsyn) - ARM: dts: exynos: correct TMU phandle in Odroid HC1 (Krzysztof Kozlowski) - ARM: dts: exynos: correct TMU phandle in Odroid XU (Krzysztof Kozlowski) - ARM: dts: exynos: correct TMU phandle in Exynos5250 (Krzysztof Kozlowski) - ARM: dts: exynos: correct TMU phandle in Odroid XU3 family (Krzysztof Kozlowski) - ARM: dts: exynos: correct TMU phandle in Exynos4 (Krzysztof Kozlowski) - ARM: dts: exynos: correct TMU phandle in Exynos4210 (Krzysztof Kozlowski) - ARM: dts: qcom: sdx55: Add Qcom SMMU-500 as the fallback for IOMMU node (Manivannan Sadhasivam) - dm flakey: fix a bug with 32-bit highmem systems (Mikulas Patocka) - dm flakey: don't corrupt the zero page (Mikulas Patocka) - dm flakey: fix logic when corrupting a bio (Mikulas Patocka) - thermal: intel: powerclamp: Fix cur_state for multi package system (Srinivas Pandruvada) - qede: fix interrupt coalescing configuration (Manish Chopra) - wifi: cfg80211: Fix use after free for wext (Alexander Wetzel) - wifi: ath11k: allow system suspend to survive ath11k (Len Brown) - wifi: rtl8xxxu: Use a longer retry limit of 48 (Bitterblue Smith) - dm: add cond_resched() to dm_wq_work() (Pingfan Liu) - dm: send just one event on resize, not two (Mikulas Patocka) - mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type (Louis Rannou) - mtd: spi-nor: spansion: Consider reserved bits in CFR5 register (Tudor Ambarus) - mtd: spi-nor: sfdp: Fix index value for SCCR dwords (Takahiro Kuwano) - ext4: refuse to create ea block when umounted (Jun Nie) - ext4: optimize ea_inode block expansion (Jun Nie) - jbd2: fix data missing when reusing bh which is ready to be checkpointed (Zhihao Cheng) - ALSA: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC (Lukasz Stelmach) - ALSA: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls() (Dmitry Fomin) - io_uring/poll: allow some retries for poll triggering spuriously (Jens Axboe) - io_uring: remove MSG_NOSIGNAL from recvmsg (David Lamparter) - io_uring/rsrc: disallow multi-source reg buffers (Pavel Begunkov) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-30456 cpe:/a:oracle:linux:8::UEKR7 cpe:/a:oracle:linux:9::u3_security_validation cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:1:baseos_patch cpe:/a:oracle:linux:9::UEKR7 cpe:/o:oracle:linux:9:2:baseos_base Oracle Linux 8 Oracle Linux 9 [5.15.0-102.110.5] - RISC-V: Fix up a cherry-pick warning in setup_vm_final() (Alexandre Ghiti) - Revert 'Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work' (Liu Jian) - riscv: mm: remove redundant parameter of create_fdt_early_page_table (Song Shuai) - kernfs: change kernfs_rename_lock into a read-write lock. (Imran Khan) [Orabug: 35257584] - kernfs: Use a per-fs rwsem to protect per-fs list of kernfs_super_info. (Imran Khan) [Orabug: 35257584] - kernfs: Introduce separate rwsem to protect inode attributes. (Imran Khan) [Orabug: 35257584] - debugfs: allow access blktrace trace files in lockdown mode (Junxiao Bi) [Orabug: 35275017] - rds: Add time_spent and payload info for send_cqe handler (Rohit Nair) [Orabug: 35302534] - KVM: x86: Always enable legacy FP/SSE in allowed user XFEATURES (Dr. David Alan Gilbert) [Orabug: 35309074] - KVM: x86: Reinstate kvm_vcpu_arch.guest_supported_xcr0 (Sean Christopherson) [Orabug: 35309074] - x86/kvm: Fix compilation warning in non-x86_64 builds (Leonardo Bras) [Orabug: 35309074] - x86/kvm/fpu: Remove kvm_vcpu_arch.guest_supported_xcr0 (Leonardo Bras) [Orabug: 35309074] - x86/kvm/fpu: Limit guest user_xfeatures to supported bits of XCR0 (Leonardo Bras) [Orabug: 35309074] - KVM: x86: Move CPUID.(EAX=0x12,ECX=1) mangling to __kvm_update_cpuid_runtime() (Vitaly Kuznetsov) [Orabug: 35309074] - KVM: x86: Remove defunct setting of XCR0 for guest during vCPU create (Sean Christopherson) [Orabug: 35309074] - netfilter: nf_tables: deactivate anonymous set from preparation phase (Pablo Neira Ayuso) [Orabug: 35382083] {CVE-2023-32233} - uek-rpm: Enable CONFIG_VIRTIO_FS in UEK7 (Harshit Mogalapalli) [Orabug: 35383136] - drm/hyperv: Add ratelimit on error message (Saurabh Sengar) [Orabug: 35388012] - drm/hyperv: Don't overwrite dirt_needed value set by host (Saurabh Sengar) [Orabug: 35388012] - SUNRPC: remove the maximum number of retries in call_bind_status (Dai Ngo) [Orabug: 35397524] - scsi: target: iscsi: Handle abort for WRITE_PENDING cmds (Dmitry Bogdanov) [Orabug: 35404019] - scsi: target: iscsit: Fix TAS handling during conn cleanup (Mike Christie) [Orabug: 35404019] - scsi: target: Fix multiple LUN_RESET handling (Mike Christie) [Orabug: 35404019] - scsi: target: iscsit: Free cmds before session free (Dmitry Bogdanov) [Orabug: 35404019] - scsi: target: iscsit: Stop/wait on cmds during conn close (Mike Christie) [Orabug: 35404019] - scsi: target: iscsit: isert: Alloc per conn cmd counter (Mike Christie) [Orabug: 35404019] - scsi: target: Pass in cmd counter to use during cmd setup (Mike Christie) [Orabug: 35404019] - scsi: target: Move cmd counter allocation (Mike Christie) [Orabug: 35404019] - scsi: target: Move sess cmd counter to new struct (Mike Christie) [Orabug: 35404019] - net/rds: Fix copy&paste error (Gerd Rausch) [Orabug: 35416946] [5.15.0-102.110.4] - vdpa/mlx5: Extend driver support for new features (Eli Cohen) [Orabug: 35210565] - vdpa/mlx5: Make VIRTIO_NET_F_MRG_RXBUF off by default (Eli Cohen) [Orabug: 35210565] - vhost-vdpa: free iommu domain after last use during cleanup (Gautam Dawar) [Orabug: 35210565] - vdpa/mlx5: should not activate virtq object when suspended (Si-Wei Liu) [Orabug: 35210565] - vp_vdpa: fix the crash in hot unplug with vp_vdpa (Cindy Lu) [Orabug: 35210565] - vdpa/mlx5: support device features provisioning (Si-Wei Liu) [Orabug: 35210565] - vdpa/mlx5: make MTU/STATUS presence conditional on feature bits (Si-Wei Liu) [Orabug: 35210565] - vdpa: validate device feature provisioning against supported class (Si-Wei Liu) [Orabug: 35210565] - vdpa: validate provisioned device features against specified attribute (Si-Wei Liu) [Orabug: 35210565] - vdpa: conditionally read STATUS in config space (Si-Wei Liu) [Orabug: 35210565] - vdpa: fix improper error message when adding vdpa dev (Si-Wei Liu) [Orabug: 35210565] - vdpa/mlx5: Initialize CVQ iotlb spinlock (Eli Cohen) [Orabug: 35210565] - vdpa/mlx5: Don't clear mr struct on destroy MR (Eli Cohen) [Orabug: 35210565] - vdpa/mlx5: Directly assign memory key (Eli Cohen) [Orabug: 35210565] - vhost-vdpa: print warning when vhost_vdpa_alloc_domain fails (Alvaro Karsz) [Orabug: 35210565] - vdpa: Fix a couple of spelling mistakes in some messages (Colin Ian King) [Orabug: 35210565] - vdpa: mlx5: support per virtqueue dma device (Jason Wang) [Orabug: 35210565] - vdpa: set dma mask for vDPA device (Jason Wang) [Orabug: 35210565] - virtio-vdpa: support per vq dma device (Jason Wang) [Orabug: 35210565] - vdpa: introduce get_vq_dma_device() (Jason Wang) [Orabug: 35210565] - virtio_ring: per virtqueue dma device (Jason Wang) [Orabug: 35210565] - vhost: remove unused paramete (Liming Wu) [Orabug: 35210565] - vhost-test: remove meaningless debug info (Liming Wu) [Orabug: 35210565] - vdpa_sim: get rid of DMA ops (Jason Wang) [Orabug: 35210565] - vdpa_sim_net: vendor satistics (Jason Wang) [Orabug: 35210565] - vdpa_sim: support vendor statistics (Jason Wang) [Orabug: 35210565] - vdpasim: customize allocation size (Jason Wang) [Orabug: 35210565] - vdpa_sim: switch to use __vdpa_alloc_device() (Jason Wang) [Orabug: 35210565] - vdpa_sim: use weak barriers (Jason Wang) [Orabug: 35210565] - vdpa_sim: Implement resume vdpa op (Sebastien Boeuf) [Orabug: 35210565] - vhost-vdpa: uAPI to resume the device (Sebastien Boeuf) [Orabug: 35210565] - vhost-vdpa: Introduce RESUME backend feature bit (Sebastien Boeuf) [Orabug: 35210565] - vdpa: Add resume operation (Sebastien Boeuf) [Orabug: 35210565] - vdpa_sim_net: Offer VIRTIO_NET_F_STATUS (Eugenio Perez) [Orabug: 35210565] - vdpa/mlx5: Move some definitions to a new header file (Eli Cohen) [Orabug: 35210565] - vdpa_sim_net: should not drop the multicast/broadcast packet (Cindy Lu) [Orabug: 35210565] - vdpasim: fix memory leak when freeing IOTLBs (Jason Wang) [Orabug: 35210565] - vdpa: conditionally fill max max queue pair for stats (Jason Wang) [Orabug: 35210565] - vdpa/vp_vdpa: fix kfree a wrong pointer in vp_vdpa_remove (Rong Wang) [Orabug: 35210565] - vhost_vdpa: fix the crash in unmap a large memory (Cindy Lu) [Orabug: 35210565] - vhost-vdpa: fix an iotlb memory leak (Stefano Garzarella) [Orabug: 35210565] - RDMA/mlx5: remove variable i (Colin Ian King) [Orabug: 35210565] - vdpa/mlx5: Avoid overwriting CVQ iotlb (Eli Cohen) [Orabug: 35210565] - vdpa/mlx5: Avoid using reslock in event_handler (Eli Cohen) [Orabug: 35210565] - vdpa/mlx5: Fix wrong mac address deletion (Eli Cohen) [Orabug: 35210565] - vdpa/mlx5: Return error on vlan ctrl commands if not supported (Eli Cohen) [Orabug: 35210565] - vdpa/mlx5: Fix rule forwarding VLAN to TIR (Eli Cohen) [Orabug: 35210565] - vdpa: merge functionally duplicated dev_features attributes (Si-Wei Liu) [Orabug: 35210565] - vDPA: conditionally read MTU and MAC in dev cfg space (Zhu Lingshan) [Orabug: 35210565] - vDPA: fix spars cast warning in vdpa_dev_net_mq_config_fill (Zhu Lingshan) [Orabug: 35210565] - vDPA: check virtio device features to detect MQ (Zhu Lingshan) [Orabug: 35210565] - vDPA: check VIRTIO_NET_F_RSS for max_virtqueue_paris's presence (Zhu Lingshan) [Orabug: 35210565] - vDPA: only report driver features if FEATURES_OK is set (Zhu Lingshan) [Orabug: 35210565] - vDPA: allow userspace to query features of a vDPA device (Zhu Lingshan) [Orabug: 35210565] - vp_vdpa: support feature provisioning (Jason Wang) [Orabug: 35210565] - vdpa_sim_net: support feature provisioning (Jason Wang) [Orabug: 35210565] - vdpa: device feature provisioning (Jason Wang) [Orabug: 35210565] - virtio: drop vp_legacy_set_queue_size (Michael S. Tsirkin) [Orabug: 35210565] - vdpa/mlx5: Fix MQ to support non power of two num queues (Eli Cohen) [Orabug: 35210565] - vdpa/mlx5: Fix possible uninitialized return value (Eli Cohen) [Orabug: 35210565] - vdpa/mlx5: Support different address spaces for control and data (Eli Cohen) [Orabug: 35210565] - vdpa/mlx5: Implement susupend virtqueue callback (Eli Cohen) [Orabug: 35210565] - vdpa/mlx5: Use eth_broadcast_addr() to assign broadcast address (Xu Qiang) [Orabug: 35210565] - vdpa_sim: Implement suspend vdpa op (Eugenio Perez) [Orabug: 35210565] - vhost-vdpa: uAPI to suspend the device (Eugenio Perez) [Orabug: 35210565] - vhost-vdpa: introduce SUSPEND backend feature bit (Eugenio Perez) [Orabug: 35210565] - vdpa: Add suspend operation (Eugenio Perez) [Orabug: 35210565] - vhost-vdpa: Call ida_simple_remove() when failed (Bo Liu) [Orabug: 35210565] - vDPA: fix 'cast to restricted le16' warnings in vdpa.c (Zhu Lingshan) [Orabug: 35210565] - vDPA: !FEATURES_OK should not block querying device config space (Zhu Lingshan) [Orabug: 35210565] - vdpa_sim: use max_iotlb_entries as a limit in vhost_iotlb_init (Stefano Garzarella) [Orabug: 35210565] - vringh: iterate on iotlb_translate to handle large translations (Stefano Garzarella) [Orabug: 35210565] - vhost-vdpa: call vhost_vdpa_cleanup during the release (Stefano Garzarella) [Orabug: 35210565] - vdpa/mlx5: Add RX MAC VLAN filter support (Eli Cohen) [Orabug: 35210565] - vdpa/mlx5: Remove flow counter from steering (Eli Cohen) [Orabug: 35210565] - vhost-vdpa: return -EFAULT on copy_to_user() failure (Dan Carpenter) [Orabug: 35210565] - vdpasim: Off by one in vdpasim_set_group_asid() (Dan Carpenter) [Orabug: 35210565] - vdpa/vp_vdpa : add vdpa tool support in vp_vdpa (Cindy Lu) [Orabug: 35210565] - vdpasim: control virtqueue support (Gautam Dawar) [Orabug: 35210565] - vdpa_sim: filter destination mac address (Gautam Dawar) [Orabug: 35210565] - vdpa_sim: factor out buffer completion logic (Gautam Dawar) [Orabug: 35210565] - vdpa_sim: advertise VIRTIO_NET_F_MTU (Gautam Dawar) [Orabug: 35210565] - vhost-vdpa: support ASID based IOTLB API (Gautam Dawar) [Orabug: 35210565] - vhost-vdpa: introduce uAPI to set group ASID (Gautam Dawar) [Orabug: 35210565] - vhost-vdpa: uAPI to get virtqueue group id (Gautam Dawar) [Orabug: 35210565] - vhost-vdpa: introduce uAPI to get the number of address spaces (Gautam Dawar) [Orabug: 35210565] - vhost-vdpa: introduce uAPI to get the number of virtqueue groups (Gautam Dawar) [Orabug: 35210565] - vhost-vdpa: introduce asid based IOTLB (Gautam Dawar) [Orabug: 35210565] - vhost: support ASID in IOTLB API (Gautam Dawar) [Orabug: 35210565] - vhost_iotlb: split out IOTLB initialization (Gautam Dawar) [Orabug: 35210565] - vdpa: introduce config operations for associating ASID to a virtqueue group (Gautam Dawar) [Orabug: 35210565] - vdpa: multiple address spaces support (Gautam Dawar) [Orabug: 35210565] - vdpa: introduce virtqueue groups (Gautam Dawar) [Orabug: 35210565] - vhost-vdpa: switch to use vhost-vdpa specific IOTLB (Gautam Dawar) [Orabug: 35210565] - vhost-vdpa: passing iotlb to IOMMU mapping helpers (Gautam Dawar) [Orabug: 35210565] - virtio-vdpa: don't set callback if virtio doesn't need it (Gautam Dawar) [Orabug: 35210565] - vhost: move the backend feature bits to vhost_types.h (Gautam Dawar) [Orabug: 35210565] - vdpa/mlx5: Use readers/writers semaphore instead of mutex (Eli Cohen) [Orabug: 35210565] - vdpa/mlx5: Add support for reading descriptor statistics (Eli Cohen) [Orabug: 35210565] - net/vdpa: Use readers/writers semaphore instead of cf_mutex (Eli Cohen) [Orabug: 35210565] - net/vdpa: Use readers/writers semaphore instead of vdpa_dev_mutex (Eli Cohen) [Orabug: 35210565] - vdpa: Add support for querying vendor statistics (Eli Cohen) [Orabug: 35210565] - net/mlx5: Add support for configuring max device MTU (Eli Cohen) [Orabug: 35210565] - uek-rpm: Install dtb files under /lib/modules (Dave Kleikamp) [Orabug: 35333240] - Revert 'mm: track driver pinned pages across exec' (Anthony Yznaga) [Orabug: 35346656] - Revert 'cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset' (Tom Hromatka) [Orabug: 35361250] - Revert 'rds: ib: Fix non-parenthetical mutex/semaphore use' (Hakon Bugge) [Orabug: 35377399] [5.15.0-102.110.3] - uek-rpm: Fix the core lists to match changes in qrtr build. (Jack Vogel) - Revert 'KVM: arm64: PMU: Restore the guest's EL0 event counting after migration' (Jack Vogel) [5.15.0-102.110.2] - LTS version: v5.15.110 (Jack Vogel) - riscv: No need to relocate the dtb as it lies in the fixmap region (Alexandre Ghiti) - riscv: Do not set initial_boot_params to the linear address of the dtb (Alexandre Ghiti) - riscv: Move early dtb mapping into the fixmap region (Alexandre Ghiti) - selftests: mptcp: join: fix 'invalid address, ADD_ADDR timeout' (Matthieu Baerts) - driver core: Don't require dynamic_debug for initcall_debug probe timing (Stephen Boyd) - USB: serial: option: add UNISOC vendor and TOZED LT70C product (Ar?nc UNAL) - bluetooth: Perform careful capability checks in hci_sock_ioctl() (Ruihan Li) - drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var (Daniel Vetter) - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (Jisoo Jang) - KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() (Dan Carpenter) - KVM: arm64: Retry fault if vma_lookup() results become invalid (David Matlack) - selftests/kselftest/runner/run_one(): allow running non-executable files (SeongJae Park) - PCI/ASPM: Remove pcie_aspm_pm_state_change() (Kai-Heng Feng) - LTS version: v5.15.109 (Jack Vogel) - soc: sifive: l2_cache: fix missing of_node_put() in sifive_l2_init() (Yang Yingliang) - soc: sifive: l2_cache: fix missing free_irq() in error path in sifive_l2_init() (Yang Yingliang) - soc: sifive: l2_cache: fix missing iounmap() in error path in sifive_l2_init() (Yang Yingliang) - ASN.1: Fix check for strdup() success (Ekaterina Orlova) - ASoC: fsl_asrc_dma: fix potential null-ptr-deref (Nikita Zhandarovich) - mm/page_alloc: fix potential deadlock on zonelist_update_seq seqlock (Tetsuo Handa) - iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() (Dan Carpenter) - counter: 104-quad-8: Fix race condition between FLAG and CNTR reads (William Breathitt Gray) - pwm: hibvt: Explicitly set .polarity in .get_state() (Uwe Kleine-Konig) - pwm: iqs620a: Explicitly set .polarity in .get_state() (Uwe Kleine-Konig) - pwm: meson: Explicitly set .polarity in .get_state() (Uwe Kleine-Konig) - sctp: Call inet6_destroy_sock() via sk->sk_destruct(). (Kuniyuki Iwashima) - dccp: Call inet6_destroy_sock() via sk->sk_destruct(). (Kuniyuki Iwashima) - inet6: Remove inet6_destroy_sock() in sk->sk_prot->destroy(). (Kuniyuki Iwashima) - tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct(). (Kuniyuki Iwashima) - udp: Call inet6_destroy_sock() in setsockopt(IPV6_ADDRFORM). (Kuniyuki Iwashima) - fuse: fix deadlock between atomic O_TRUNC and page invalidation (Miklos Szeredi) - fuse: always revalidate rename target dentry (Jiachen Zhang) - fuse: fix attr version comparison in fuse_read_update_size() (Miklos Szeredi) - purgatory: fix disabling debug info (Alyssa Ross) - docs: futex: Fix kernel-doc references after code split-up preparation (Salvatore Bonaccorso) - MIPS: Define RUNTIME_DISCARD_EXIT in LD script (Jiaxun Yang) - sched/fair: Fixes for capacity inversion detection (Qais Yousef) - sched/uclamp: Fix a uninitialized variable warnings (Qais Yousef) - sched/fair: Consider capacity inversion in util_fits_cpu() (Qais Yousef) - sched/fair: Detect capacity inversion (Qais Yousef) - sched/uclamp: Cater for uclamp in find_energy_efficient_cpu()'s early exit condition (Qais Yousef) - sched/uclamp: Make cpu_overutilized() use util_fits_cpu() (Qais Yousef) - sched/uclamp: Fix fits_capacity() check in feec() (Qais Yousef) - mm: page_alloc: skip regions with hugetlbfs pages when allocating 1G pages (Mel Gorman) - mm/khugepaged: check again on anon uffd-wp during isolation (Peter Xu) - drm/i915: Fix fast wake AUX sync len (Ville Syrjala) - mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25 (Bhavya Kapoor) - kernel/sys.c: fix and improve control flow in __sys_setres[ug]id() (Ondrej Mosnacek) - memstick: fix memory leak if card device is never registered (Greg Kroah-Hartman) - nilfs2: initialize unused bytes in segment summary blocks (Ryusuke Konishi) - iio: light: tsl2772: fix reading proximity-diodes from device tree (Brian Masney) - rtmutex: Add acquire semantics for rtmutex lock acquisition slow path (Mel Gorman) - platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE (Hans de Goede) - xen/netback: use same error messages for same errors (Juergen Gross) - nvme-tcp: fix a possible UAF when failing to allocate an io queue (Sagi Grimberg) - s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (Heiko Carstens) - net: dsa: b53: mmap: add phy ops (Alvaro Fernandez Rojas) - scsi: core: Improve scsi_vpd_inquiry() checks (Damien Le Moal) - scsi: megaraid_sas: Fix fw_crash_buffer_show() (Tomas Henzl) - selftests: sigaltstack: fix -Wuninitialized (Nick Desaulniers) - platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2 (Frank Crawford) - Input: i8042 - add quirk for Fujitsu Lifebook A574/H (Jonathan Denose) - f2fs: Fix f2fs_truncate_partial_nodes ftrace event (Douglas Raillard) - e1000e: Disable TSO on i219-LM card to increase speed (Sebastian Basierski) - bpf: Fix incorrect verifier pruning due to missing register precision taints (Daniel Borkmann) - spi: spi-rockchip: Fix missing unwind goto in rockchip_sfc_probe() (Li Lanzhe) - mlxsw: pci: Fix possible crash during initialization (Ido Schimmel) - net: rpl: fix rpl header size calculation (Alexander Aring) - bonding: Fix memory leak when changing bond type to Ethernet (Ido Schimmel) - mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() (Nikita Zhandarovich) - bnxt_en: Do not initialize PTP on older P3/P4 chips (Michael Chan) - netfilter: nf_tables: tighten netlink attribute requirements for catch-all elements (Pablo Neira Ayuso) - netfilter: nf_tables: validate catch-all set elements (Pablo Neira Ayuso) - i40e: fix i40e_setup_misc_vector() error handling (Aleksandr Loktionov) - i40e: fix accessing vsi->active_filters without holding lock (Aleksandr Loktionov) - netfilter: nf_tables: fix ifdef to also consider nf_tables=m (Florian Westphal) - sfc: Fix use-after-free due to selftest_work (Ding Hui) - sfc: Split STATE_READY in to STATE_NET_DOWN and STATE_NET_UP. (Jonathan Cooper) - virtio_net: bugfix overflow inside xdp_linearize_page() (Xuan Zhuo) - net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg (Gwangun Jung) - regulator: fan53555: Fix wrong TCS_SLEW_MASK (Cristian Ciocaltea) - regulator: fan53555: Explicitly include bits header (Cristian Ciocaltea) - netfilter: br_netfilter: fix recent physdev match breakage (Florian Westphal) - arm64: dts: imx8mm-evk: correct pmic clock source (Peng Fan) - arm64: dts: meson-g12-common: specify full DMC range (Marc Gonzalez) - arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node (Dmitry Baryshkov) - ARM: dts: rockchip: fix a typo error for rk3288 spdif node (Jianqun Xu) - LTS version: v5.15.108 (Jack Vogel) - nvme-pci: avoid the deepest sleep state on ZHITAI TiPro5000 SSDs (Xi Ruoyao) - counter: Add the necessary colons and indents to the comments of counter_compi (Yanteng Si) - counter: fix docum. build problems after filename change (Randy Dunlap) - panic, kexec: make __crash_kexec() NMI safe (Valentin Schneider) - kexec: turn all kexec_mutex acquisitions into trylocks (Valentin Schneider) - nvme-pci: add NVME_QUIRK_BOGUS_NID for T-FORCE Z330 SSD (Duy Truong) - nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN (Juraj Pecigos) - nvme-pci: add NVME_QUIRK_BOGUS_NID for Lexar NM760 (Abhijit) - nvme-pci: add NVME_QUIRK_BOGUS_NID for Lexar NM610 (Shyamin Ayesh) - nvme-pci: Crucial P2 has bogus namespace ids (Tobias Gruetzmacher) - nvme-pci: avoid the deepest sleep state on ZHITAI TiPro7000 SSDs (Ning Wang) - nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA XPG GAMMIX S50 (Stefan Reiter) - i2c: ocores: generate stop condition after timeout in polling mode (Gregor Herburger) - x86/rtc: Remove __init for runtime functions (Matija Glavinic Pecotic) - sched/fair: Fix imbalance overflow (Vincent Guittot) - sched/fair: Move calculate of avg_load to a better location (zgpeng) - powerpc/papr_scm: Update the NUMA distance table for the target node (Aneesh Kumar K.V) - ubi: Fix deadlock caused by recursively holding work_sem (ZhaoLong Wang) - ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size (Zhihao Cheng) - mptcp: stricter state check in mptcp_worker (Paolo Abeni) - mptcp: use mptcp_schedule_work instead of open-coding it (Paolo Abeni) - cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach() (Waiman Long) - x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot (Basavaraj Natikar) - scsi: ses: Handle enclosure with just a primary component gracefully (Jiri Kosina) - net: phy: nxp-c45-tja11xx: fix unsigned long multiplication overflow (Radu Pirea (OSS)) - net: phy: nxp-c45-tja11xx: add remove callback (Radu Pirea (OSS)) - net: sfp: initialize sfp->i2c_block_size at sfp allocation (Ivan Bornyakov) - riscv: add icache flush for nommu sigreturn trampoline (Mathis Salmen) - drm/i915: fix race condition UAF in i915_perf_add_config_ioctl (Min Li) - i915/perf: Replace DRM_DEBUG with driver specific drm_dbg call (Umesh Nerlige Ramappa) - tracing: Have tracing_snapshot_instance_cond() write errors to the appropriate instance (Steven Rostedt (Google)) - tracing: Add trace_array_puts() to write into instance (Steven Rostedt (Google)) - counter: 104-quad-8: Fix Synapse action reported for Index signals (William Breathitt Gray) - counter: Internalize sysfs interface code (William Breathitt Gray) - counter: stm32-timer-cnt: Provide defines for slave mode selection (William Breathitt Gray) - counter: stm32-lptimer-cnt: Provide defines for clock polarities (William Breathitt Gray) - ACPI: resource: Add Medion S17413 to IRQ override quirk (Aymeric Wibo) - wifi: iwlwifi: mvm: fix mvmtxq->stopped handling (Johannes Berg) - asymmetric_keys: log on fatal failures in PE/pkcs7 (Robbie Harwood) - verify_pefile: relax wrapper length check (Robbie Harwood) - drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F (Hans de Goede) - efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L (Hans de Goede) - i2c: hisi: Avoid redundant interrupts (Yicong Yang) - i2c: imx-lpi2c: clean rx/tx buffers upon new message (Alexander Stein) - wifi: mwifiex: mark OF related data as maybe unused (Krzysztof Kozlowski) - power: supply: cros_usbpd: reclassify 'default case!' as debug (Grant Grundler) - ARM: 9290/1: uaccess: Fix KASAN false-positives (Andrew Jeffery) - libbpf: Fix single-line struct definition output in btf_dump (Andrii Nakryiko) - skbuff: Fix a race between coalescing and releasing SKBs (Liang Chen) - net: macb: fix a memory corruption in extended buffer descriptor mode (Roman Gushchin) - udp6: fix potential access to stale information (Eric Dumazet) - RDMA/core: Fix GID entry ref leak when create_ah fails (Saravanan Vajravel) - sctp: fix a potential overflow in sctp_ifwdtsn_skip (Xin Long) - net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume() (Ziyang Xuan) - qlcnic: check pci_reset_function result (Denis Plotnikov) - drm/armada: Fix a potential double free in an error handling path (Christophe JAILLET) - tcp: restrict net.ipv4.tcp_app_win (YueHaibing) - niu: Fix missing unwind goto in niu_alloc_channels() (Harshit Mogalapalli) - 9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition (Zheng Wang) - bpf: tcp: Use sock_gen_put instead of sock_put in bpf_iter_tcp (Martin KaFai Lau) - IB/mlx5: Add support for 400G_8X lane speed (Maher Sanalla) - RDMA/irdma: Add ipv4 check to irdma_find_listener() (Tatyana Nikolova) - RDMA/irdma: Increase iWARP CM default rexmit count (Mustafa Ismail) - RDMA/irdma: Fix memory leak of PBLE objects (Mustafa Ismail) - clk: sprd: set max_register according to mapping range (Chunyan Zhang) - drm/i915/dsi: fix DSS CTL register offsets for TGL+ (Jani Nikula) - KVM: arm64: PMU: Restore the guest's EL0 event counting after migration (Reiji Watanabe) - mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min (Christophe Kerello) - mtd: rawnand: stm32_fmc2: remove unsupported EDO mode (Christophe Kerello) - mtd: rawnand: meson: fix bitmask for length in command word (Arseniy Krasnov) - mtdblock: tolerate corrected bit-flips (Bang Li) - fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace (Daniel Vetter) - btrfs: fix fast csum implementation detection (Christoph Hellwig) - btrfs: print checksum type and implementation at mount time (David Sterba) - Bluetooth: Fix race condition in hidp_session_thread (Min Li) - Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} (Luiz Augusto von Dentz) - ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards (Oswald Buddenhagen) - ALSA: emu10k1: don't create old pass-through playback device on Audigy (Oswald Buddenhagen) - ALSA: firewire-tascam: add missing unwind goto in snd_tscm_stream_start_duplex() (Xu Biang) - ALSA: i2c/cs8427: fix iec958 mixer control deactivation (Oswald Buddenhagen) - ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard (Oswald Buddenhagen) - ALSA: emu10k1: fix capture interrupt handler unlinking (Oswald Buddenhagen) - Revert 'pinctrl: amd: Disable and mask interrupts on resume' (Kornel Duleba) - LTS version: v5.15.107 (Jack Vogel) - bpftool: Print newline before '}' for struct with padding only fields (Eduard Zingerman) - ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown (Heming Zhao) - kbuild: fix single directory build (Masahiro Yamada) - mm: take a page reference when removing device exclusive entries (Alistair Popple) - drm/bridge: lt9611: Fix PLL being unable to lock (Robert Foss) - mm/swap: fix swap_info_struct race between swapoff and get_swap_pages() (Rongwei Wang) - ring-buffer: Fix race while reader and writer are on the same page (Zheng Yejian) - drm/nouveau/disp: Support more modes by checking with lower bpc (Karol Herbst) - drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path (Boris Brezillon) - mm: vmalloc: avoid warn_alloc noise caused by fatal signal (Yafang Shao) - ASoC: hdac_hdmi: use set_stream() instead of set_tdm_slots() (Jason Montleon) - tracing: Free error logs of tracing instances (Steven Rostedt (Google)) - can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events (Michal Sojka) - can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access (Oleksij Rempel) - fs: drop peer group ids under namespace lock (Christian Brauner) - ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct() (Zheng Yejian) - ftrace: Mark get_lock_parent_ip() __always_inline (John Keeping) - perf/core: Fix the same task check in perf_event_set_output (Kan Liang) - cifs: sanitize paths in cifs_update_super_prepath. (Thiago Rafael Becker) - smb3: lower default deferred close timeout to address perf regression (Steve French) - smb3: allow deferred close timeout to be configurable (Steve French) - scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() (Zhong Jinghua) - scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() (Li Zetao) - iio: adc: ad7791: fix IRQ flags (Nuno Sa) - coresight-etm4: Fix for() loop drvdata->nr_addr_cmp range bug (Steve Clevenger) - coresight: etm4x: Do not access TRCIDR1 for identification (Suzuki K Poulose) - ALSA: hda/realtek: Add quirk for Clevo X370SNW (Jeremy Soller) - ksmbd: do not call kvmalloc() with __GFP_NORETRY | __GFP_NO_WARN (Marios Makassikis) - dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs (Geert Uytterhoeven) - nilfs2: fix sysfs interface lifetime (Ryusuke Konishi) - nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() (Ryusuke Konishi) - tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty (Sherry Sun) - tty: serial: sh-sci: Fix Rx on RZ/G2L SCI (Biju Das) - tty: serial: sh-sci: Fix transmit end interrupt handler (Biju Das) - iio: light: cm32181: Unregister second I2C client if present (Kai-Heng Feng) - iio: dac: cio-dac: Fix max DAC write value check for 12-bit (William Breathitt Gray) - iio: adc: ti-ads7950: Set can_sleep flag for GPIO chip (Lars-Peter Clausen) - iio: adis16480: select CONFIG_CRC32 (Arnd Bergmann) - USB: serial: option: add Quectel RM500U-CN modem (Bj?rn Mork) - USB: serial: option: add Telit FE990 compositions (Enrico Sau) - usb: typec: altmodes/displayport: Fix configure initial pin assignment (RD Babiera) - USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (Kees Jan Koster) - usb: dwc3: pci: add support for the Intel Meteor Lake-S (Heikki Krogerus) - usb: cdnsp: Fixes error: uninitialized symbol 'len' (Pawel Laszczak) - xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu (D Scott Phillips) - usb: xhci: tegra: fix sleep in atomic call (Wayne Chang) - kbuild: refactor single builds of *.ko (Masahiro Yamada) - gve: Secure enough bytes in the first TX desc for all TCP pkts (Shailend Chand) - ethtool: reset #lanes when lanes is omitted (Andy Roulin) - ice: Reset FDIR counter in FDIR init stage (Lingyu Liu) - ice: fix wrong fallback logic for FDIR (Simei Su) - NFSD: callback request does not use correct credential for AUTH_SYS (Dai Ngo) - sunrpc: only free unix grouplist after RCU settles (Jeff Layton) - net: stmmac: fix up RX flow hash indirection table when setting channels (Corinna Vinschen) - net: ethernet: ti: am65-cpsw: Fix mdio cleanup in probe (Siddharth Vadapalli) - gpio: davinci: Add irq chip flag to skip set wake (Dhruva Gole) - platform/x86: think-lmi: Clean up display of current_value on Thinkstation (Mark Pearson) - platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings (Mark Pearson) - platform/x86: think-lmi: Fix memory leak when showing current settings (Armin Wolf) - ipv6: Fix an uninit variable access bug in __ip6_make_skb() (Ziyang Xuan) - net: qrtr: Do not do DEL_SERVER broadcast after DEL_CLIENT (Sricharan Ramabadhran) - sctp: check send stream number after wait_for_sndbuf (Xin Long) - net: dsa: mv88e6xxx: Reset mv88e6393x force WD event bit (Gustav Ekelund) - net: don't let netpoll invoke NAPI if in xmit context (Jakub Kicinski) - icmp: guard against too small mtu (Eric Dumazet) - NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL (Chuck Lever) - net: qrtr: Fix a refcount bug in qrtr_recvmsg() (Ziyang Xuan) - net: qrtr: combine nameservice into main module (Luca Weiss) - wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta (Felix Fietkau) - KVM: s390: pv: fix external interruption loop not always detected (Nico Boehr) - pwm: sprd: Explicitly set .polarity in .get_state() (Uwe Kleine-Konig) - pwm: cros-ec: Explicitly set .polarity in .get_state() (Uwe Kleine-Konig) - Drivers: vmbus: Check for channel allocation before looking up relids (Mohammed Gamal) - gpio: GPIO_REGMAP: select REGMAP instead of depending on it (Randy Dunlap) - bpf: hash map, avoid deadlock with suitable hash mask (Tonghao Zhang) - serial: exar: Add support for Sealevel 7xxxC serial cards (Matthew Howell) - serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O cards (Andy Shevchenko) - iavf/iavf_main: actually log ->src mask when talking about it (Daniil Tatianin) - iavf: return errno code instead of status code (Jacob Keller) - platform/x86: int3472/discrete: Ensure the clk/power enable pins are in output mode (Hans de Goede) - platform/x86: int3472: Split into 2 drivers (Hans de Goede) - RDMA/irdma: Do not request 2-level PBLEs for CQ alloc (Mustafa Ismail) - NFSD: pass range end to vfs_fsync_range() instead of count (Brian Foster) - NFSD: Fix sparse warning (Chuck Lever) - ocfs2: fix memory leak in ocfs2_mount_volume() (Li Zetao) - ocfs2: rewrite error handling of ocfs2_fill_super (Heming Zhao via Ocfs2-devel) - ocfs2: ocfs2_mount_volume does cleanup job before return error (Heming Zhao via Ocfs2-devel) - LTS version: v5.15.106 (Jack Vogel) - x86/PVH: avoid 32-bit build warning when obtaining VGA console info (Jan Beulich) - hsr: ratelimit only when errors are printed (Matthieu Baerts) - libbpf: Fix btf_dump's packed struct determination (Andrii Nakryiko) - selftests/bpf: Add few corner cases to test padding handling of btf_dump (Andrii Nakryiko) - libbpf: Fix BTF-to-C converter's padding logic (Andrii Nakryiko) - selftests/bpf: Test btf dump for struct with padding only fields (Eduard Zingerman) - zonefs: Fix error message in zonefs_file_dio_append() (Damien Le Moal) hrtimer dance to common x86 (Sean Christopherson) - s390/uaccess: add missing earlyclobber annotations to __clear_user() (Heiko Carstens) - KVM: arm64: Disable interrupts while walking userspace PTs (Marc Zyngier) - drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub (Fangzhi Zuo) - drm/etnaviv: fix reference leak when mmaping imported buffer (Lucas Stach) - rcu: Fix rcu_torture_read ftrace event (Douglas Raillard) - xtensa: fix KASAN report for show_stack (Max Filippov) - ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z (huangwenhui) - ALSA: hda/realtek: Add quirks for some Clevo laptops (Tim Crawford) - ALSA: usb-audio: Fix regression on detection of Roland VS-100 (Takashi Iwai) - ALSA: hda/conexant: Partial revert of a quirk for Lenovo (Takashi Iwai) - NFSv4: Fix hangs when recovering open state after a server reboot (Trond Myklebust) - powerpc: Don't try to copy PPR for task with NULL pt_regs (Jens Axboe) - pinctrl: at91-pio4: fix domain name assignment (Johan Hovold) - pinctrl: amd: Disable and mask interrupts on resume (Kornel Duleba) - net: phy: dp83869: fix default value for tx-/rx-internal-delay (Josua Mayer) - xen/netback: don't do grant copy across page boundary (Juergen Gross) - can: j1939: prevent deadlock by moving j1939_sk_errqueue() (Oleksij Rempel) - zonefs: Always invalidate last cached page on append write (Damien Le Moal) - btrfs: scan device in non-exclusive mode (Anand Jain) - btrfs: fix race between quota disable and quota assign ioctls (Filipe Manana) - Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table (Hans de Goede) - cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (David Disseldorp) - cifs: prevent infinite recursion in CIFSGetDFSRefer() (Paulo Alcantara) - Input: focaltech - use explicitly signed char type (Jason A. Donenfeld) - Input: alps - fix compatibility with -funsigned-char (msizanoen) - iommu/vt-d: Allow zero SAGAW if second-stage not supported (Lu Baolu) - pinctrl: ocelot: Fix alt mode for ocelot (Horatiu Vultur) - net: ethernet: mtk_eth_soc: fix flow block refcounting logic (Felix Fietkau) - net: dsa: mv88e6xxx: Enable IGMP snooping on user ports only (Steffen Batz) - bnxt_en: Add missing 200G link speed reporting (Michael Chan) - bnxt_en: Fix typo in PCI id to device description string mapping (Kalesh AP) - bnxt_en: Fix reporting of test result in ethtool selftest (Kalesh AP) - i40e: fix registers dump after run ethtool adapter self test (Radoslaw Tyl) - net: ipa: compute DMA pool size properly (Alex Elder) - ALSA: ymfpci: Fix BUG_ON in probe function (Tasos Sahanidis) - ALSA: ymfpci: Create card with device-managed snd_devm_card_new() (Tasos Sahanidis) - ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (Jakob Koschel) - ice: add profile conflict check for AVF FDIR (Junfeng Guo) - smsc911x: avoid PHY being resumed when interface is not up (Wolfram Sang) - net: mvpp2: parser fix PPPoE (Sven Auhagen) - net: mvpp2: parser fix QinQ (Sven Auhagen) - net: mvpp2: classifier flow fix fragmentation flags (Sven Auhagen) - loop: LOOP_CONFIGURE: send uevents for partitions (Alyssa Ross) - loop: suppress uevents while reconfiguring the device (Christoph Hellwig) - s390/vfio-ap: fix memory leak in vfio_ap device driver (Tony Krowiak) - can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (Ivan Orlov) - platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix (Rajvi Jingar) - drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state (Imre Deak) - net: stmmac: don't reject VLANs when IFF_PROMISC is set (Vladimir Oltean) - net/net_failover: fix txq exceeding warning (Faicker Mo) - regulator: Handle deferred clk (Christophe JAILLET) - r8169: fix RTL8168H and RTL8107E rx crc error (ChunHao Lin) - net: dsa: microchip: ksz8863_smi: fix bulk access (Oleksij Rempel) - ptp_qoriq: fix memory leak in probe() (SongJingyi) - scsi: mpt3sas: Don't print sense pool info twice (Jerry Snitselaar) - scsi: megaraid_sas: Fix crash after a double completion (Tomas Henzl) - sfc: ef10: don't overwrite offload features at NIC reset (Inigo Huguet) - SUNRPC: fix shutdown of NFS TCP client socket (Siddharth Kawar) - mtd: rawnand: meson: invalidate cache on polling ECC bit (Arseniy Krasnov) - platform/x86: think-lmi: Add possible_values for ThinkStation (Mark Pearson) - platform/x86: think-lmi: only display possible_values if available (Mark Pearson) - platform/x86: think-lmi: use correct possible_values delimiters (Mark Pearson) - platform/x86: think-lmi: add missing type attribute (Mark Pearson) - ALSA: usb-audio: Fix recursive locking at XRUN during syncing (Takashi Iwai) - mips: bmips: BCM6358: disable RAC flush for TP1 (Alvaro Fernandez Rojas) - ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() (Harshit Mogalapalli) - tracing: Fix wrong return in kprobe_event_gen_test.c (Anton Gusev) - tools/power turbostat: fix decoding of HWP_STATUS (Antti Laakso) - tools/power turbostat: Fix /dev/cpu_dma_latency warnings (Prarit Bhargava) - fbdev: au1200fb: Fix potential divide by zero (Wei Chen) - fbdev: lxfb: Fix potential divide by zero (Wei Chen) - fbdev: intelfb: Fix potential divide by zero (Wei Chen) - fbdev: nvidia: Fix potential divide by zero (Wei Chen) - sched_getaffinity: don't assume 'cpumask_size()' is fully initialized (Linus Torvalds) - fbdev: tgafb: Fix potential divide by zero (Wei Chen) - ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() (Kuninori Morimoto) - ALSA: asihpi: check pao in control_message() (Kuninori Morimoto) - net: hsr: Don't log netdev_err message on unknown prp dst node (Kristian Overskeid) - x86/PVH: obtain VGA console info in Dom0 (Jan Beulich) - md: avoid signed overflow in slot_store() (NeilBrown) - ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds (Ravulapati Vishnu Vardhan Rao) - xfrm: Zero padding when dumping algos and encap (Herbert Xu) - bus: imx-weim: fix branch condition evaluates to a garbage value (Ivan Bornyakov) - ksmbd: don't terminate inactive sessions after a few seconds (Namjae Jeon) - kcsan: avoid passing -g for test (Marco Elver) - kernel: kcsan: kcsan_test: build without structleak plugin (Anders Roxell) - usb: dwc3: gadget: Add 1ms delay after end transfer command without IOC (Wesley Cheng) - usb: dwc3: gadget: move cmd_endtransfer to extra function (Michael Grzeschik) - fsverity: don't drop pagecache at end of FS_IOC_ENABLE_VERITY (Eric Biggers) - LTS version: v5.15.105 (Jack Vogel) - NFSD: fix use-after-free in __nfs42_ssc_open() (Dai Ngo) - ocfs2: fix data corruption after failed write (Jan Kara via Ocfs2-devel) - mm: kfence: fix using kfence_metadata without initialization in show_object() (Muchun Song) - sched/fair: Sanitize vruntime of entity being migrated (Vincent Guittot) - sched/fair: sanitize vruntime of entity being placed (Zhang Qiao) - dm crypt: avoid accessing uninitialized tasklet (Mike Snitzer) - dm crypt: add cond_resched() to dmcrypt_write() (Mikulas Patocka) - dm stats: check for and propagate alloc_percpu failure (Jiasheng Jiang) - i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (Wei Chen) - firmware: arm_scmi: Fix device node validation for mailbox transport (Cristian Marussi) - tee: amdtee: fix race condition in amdtee_open_session (Rijo Thomas) - riscv: Handle zicsr/zifencei issues between clang and binutils (Nathan Chancellor) - riscv: mm: Fix incorrect ASID argument when flushing TLB (Dylan Jhong) - drm/i915: Preserve crtc_state->inherited during state clearing (Ville Syrjala) - drm/i915/active: Fix missing debug object activation (Nirmoy Das) - drm/amdgpu/nv: Apply ASPM quirk on Intel ADL + AMD Navi (Kai-Heng Feng) - drm/meson: fix missing component unbind on bind errors (Johan Hovold) - drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found (Matheus Castello) - nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() (Ryusuke Konishi) - wifi: mac80211: fix qos on mesh interfaces (Felix Fietkau) - ksmbd: return unsupported error on smb1 mount (Namjae Jeon) - ksmbd: return STATUS_NOT_SUPPORTED on unsupported smb2.0 dialect (Namjae Jeon) - ksmbd: set FILE_NAMED_STREAMS attribute in FS_ATTRIBUTE_INFORMATION (Namjae Jeon) - KVM: x86: hyper-v: Avoid calling kvm_make_vcpus_request_mask() with vcpu_mask==NULL (Vitaly Kuznetsov) - kfence: avoid passing -g for test (Marco Elver) - usb: ucsi: Fix NULL pointer deref in ucsi_connector_change() (Hans de Goede) - usb: chipidea: core: fix possible concurrent when switch role (Xu Yang) - usb: chipdea: core: fix return -EINVAL if request role is the same with current role (Xu Yang) - usb: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver (Pawel Laszczak) - usb: cdnsp: Fixes issue with redundant Status Stage (Pawel Laszczak) - usb: cdns3: Fix issue with using incorrect PCI device function (Pawel Laszczak) - usb: typec: tcpm: fix warning when handle discover_identity message (Xu Yang) - dm thin: fix deadlock when swapping to thin device (Coly Li) - igb: revert rtnl_lock() that causes deadlock (Lin Ma) - arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name (Krzysztof Kozlowski) - lockd: set file_lock start and end when decoding nlm4 testargs (Jeff Layton) - fsverity: Remove WQ_UNBOUND from fsverity read workqueue (Nathan Huckleberry) - fscrypt: destroy keyring after security_sb_delete() (Eric Biggers) - mm/slab: Fix undefined init_cache_node_node() for NUMA and !SMP (Geert Uytterhoeven) - efi: sysfb_efi: Fix DMI quirks not working for simpledrm (Hans de Goede) - usb: gadget: u_audio: don't let userspace block driver unbind (Alvin Sipraga) - usb: dwc2: fix a devres leak in hw_enable upon suspend resume (Fabrice Gasnier) - scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR (Joel Selvaraj) - cifs: print session id while listing open files (Shyam Prasad N) - cifs: empty interface list when server doesn't support query interfaces (Shyam Prasad N) - act_mirred: use the backlog for nested calls to mirred ingress (Davide Caratti) - net/sched: act_mirred: better wording on protection against excessive stack growth (Davide Caratti) - sh: sanitize the flags on sigreturn (Al Viro) - net: usb: qmi_wwan: add Telit 0x1080 composition (Enrico Sau) - net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 (Enrico Sau) - scsi: storvsc: Handle BlockSize change in Hyper-V VHD/VHDX file (Michael Kelley) - scsi: lpfc: Avoid usage of list iterator variable after loop (Jakob Koschel) - scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() (Justin Tee) - scsi: ufs: core: Add soft dependency on governor_simpleondemand (Adrien Thierry) - scsi: hisi_sas: Check devm_add_action() return value (Kang Chen) - scsi: target: iscsi: Fix an error message in iscsi_check_key() (Maurizio Lombardi) - selftests/bpf: check that modifier resolves after pointer (Lorenz Bauer) - m68k: Only force 030 bus error if PC not in exception table (Michael Schmitz) - HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (Reka Norman) - ca8210: fix mac_len negative array access (Alexander Aring) - HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded (Danny Kaehn) - drm/cirrus: NULL-check pipe->plane.state->fb in cirrus_pipe_update() (Alexandr Sapozhnikov) - riscv: Bump COMMAND_LINE_SIZE value to 1024 (Alexandre Ghiti) - ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable (Mario Limonciello) - thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit (Tom Rix) - thunderbolt: Use const qualifier for ring_interrupt_index (Mario Limonciello) - thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access (Gil Fine) - thunderbolt: Disable interrupt auto clear for rings (Mario Limonciello) - thunderbolt: Call tb_check_quirks() after initializing adapters (Mika Westerberg) - thunderbolt: Use scale field when allocating USB3 bandwidth (Mika Westerberg) - uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (Yaroslav Furman) - hwmon (it87): Fix voltage scaling for chips with 10.9mV ADCs (Frank Crawford) - hwmon: fix potential sensor registration fail if of_node is missing (Phinex Hung) - entry/rcu: Check TIF_RESCHED _after_ delayed RCU wake-up (Frederic Weisbecker) - entry: Snapshot thread flags (Mark Rutland) - thread_info: Add helpers to snapshot thread flags (Mark Rutland) - platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl (Tzung-Bi Shih) - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (Zheng Wang) - Bluetooth: L2CAP: Fix responding with wrong PDU type (Luiz Augusto von Dentz) - Bluetooth: btqcomsmd: Fix command timeout after setting BD address (Stephan Gerhold) - net: mdio: thunder: Add missing fwnode_handle_put() (Liang He) - net: dsa: mt7530: move setting ssc_delta to PHY_INTERFACE_MODE_TRGMII case (Ar?nc UNAL) - net: dsa: mt7530: move lowering TRGMII driving to mt7530_setup() (Ar?nc UNAL) - net: dsa: mt7530: move enabling disabling core clock to mt7530_pll_setup() (Ar?nc UNAL) - gve: Cache link_speed value from device (Joshua Washington) - ksmbd: fix possible refcount leak in smb2_open() (ChenXiaoSong) - ksmbd: add low bound validation to FSCTL_QUERY_ALLOCATED_RANGES (Namjae Jeon) - ksmbd: add low bound validation to FSCTL_SET_ZERO_DATA (Namjae Jeon) - hvc/xen: prevent concurrent accesses to the shared ring (Roger Pau Monne) - nvme-tcp: fix nvme_tcp_term_pdu to match spec (Caleb Sander) - net/sonic: use dma_mapping_error() for error check (Zhang Changzhong) - erspan: do not use skb_mac_header() in ndo_start_xmit() (Eric Dumazet) - atm: idt77252: fix kmemleak when rmmod idt77252 (Li Zetao) - net: dsa: tag_brcm: legacy: fix daisy-chained switches (Alvaro Fernandez Rojas) - net/mlx5: E-Switch, Fix an Oops in error handling code (Dan Carpenter) - net/mlx5: Read the TC mapping of all priorities on ETS query (Maher Sanalla) - net/mlx5: Fix steering rules cleanup (Lama Kayal) - net/mlx5e: Set uplink rep as NETNS_LOCAL (Gavin Li) - bpf: Adjust insufficient default bpf_jit_limit (Daniel Borkmann) - i40e: fix flow director packet filter programming (Radoslaw Tyl) - iavf: fix hang on reboot with ice (Stefan Assmann) - keys: Do not cache key in task struct if key is requested from kernel thread (David Howells) - bootconfig: Fix testcase to increase max node (Masami Hiramatsu (Google)) - octeontx2-vf: Add missing free for alloc_percpu (Jiasheng Jiang) - net/ps3_gelic_net: Use dma_mapping_error (Geoff Levand) - net/ps3_gelic_net: Fix RX sk_buff length (Geoff Levand) - net: qcom/emac: Fix use after free bug in emac_remove due to race condition (Zheng Wang) - drm/i915/gt: perform uc late init after probe error injection (Andrzej Hajda) - net: mdio: fix owner field for mdio buses registered using ACPI (Florian Fainelli) - net: mdio: fix owner field for mdio buses registered using device-tree (Maxime Bizon) - net: phy: Ensure state transitions are processed from phy_stop() (Florian Fainelli) - xirc2ps_cs: Fix use after free bug in xirc2ps_detach (Zheng Wang) - qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (Daniil Tatianin) - net: usb: smsc95xx: Limit packet length to skb->len (Szymon Heidrich) - net: dsa: b53: mmap: fix device tree support (Alvaro Fernandez Rojas) - scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() (Yu Kuai) - i2c: hisi: Only use the completion interrupt to finish the transfer (Yicong Yang) - i2c: imx-lpi2c: check only for enabled interrupt flags (Alexander Stein) - igc: fix the validation logic for taprio's gate list (AKASHI Takahiro) - igbvf: Regard vf reset nack as success (Akihiko Odaki) - intel/igbvf: free irq on the error path in igbvf_request_msix() (Gaosheng Cui) - iavf: fix non-tunneled IPv6 UDP packet type and hashing (Alexander Lobakin) - iavf: fix inverted Rx hash condition leading to disabled hash (Alexander Lobakin) - xsk: Add missing overflow check in xdp_umem_reg (Kal Conley) - arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes (Marek Vasut) - ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl (Peng Fan) - ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl (Peng Fan) - power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (Zheng Wang) - power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition (Zheng Wang) - power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (Minghao Chi) - net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() (Hangyu Hua) - trace/hwlat: Do not start per-cpu thread if it is already running (Tero Kristo) - trace/hwlat: make use of the helper function kthread_run_on_cpu() (Cai Huoqing) - kthread: add the helper function kthread_run_on_cpu() (Cai Huoqing) - serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it (Randy Dunlap) - serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED (Geert Uytterhoeven) - tty: serial: fsl_lpuart: fix race on RX DMA shutdown (Alexander Sverdlin) - tty: serial: fsl_lpuart: switch to new dmaengine_terminate_* API (Sherry Sun) - serial: fsl_lpuart: Fix comment typo (Jason Wang) - tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr (Costa Shulyupin) - perf: fix perf_event_context->time (Song Liu) - perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output (Yang Jihong) - interconnect: qcom: osm-l3: fix icc_onecell_data allocation (Dmitry Baryshkov) - LTS version: v5.15.104 (Jack Vogel) - perf: Fix check before add_event_to_groups() in perf_group_detach() (Budimir Markovic) - HID: uhid: Over-ride the default maximum data buffer value with our own (Lee Jones) - HID: core: Provide new max_buffer_size attribute to over-ride the default (Lee Jones) - PCI/DPC: Await readiness of secondary bus after reset (Lukas Wunner) - PCI: Unify delay handling for reset and resume (Lukas Wunner) - io_uring: avoid null-ptr-deref in io_arm_poll_handler (Fedor Pchelkin) - drm/i915/active: Fix misuse of non-idle barriers as fence trackers (Janusz Krzysztofik) - drm/i915: Don't use stolen memory for ring buffers with LLC (John Harrison) - x86/resctrl: Clear staged_config[] before and after it is used (Shawn Wang) - x86/mm: Fix use of uninitialized buffer in sme_enable() (Nikita Zhandarovich) - x86/mce: Make sure logged MCEs are processed after sysfs update (Yazen Ghannam) - cpuidle: psci: Iterate backwards over list in psci_pd_remove() (Shawn Guo) - net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit (Radu Pirea (OSS)) - trace/hwlat: Do not wipe the contents of per-cpu thread data (Tero Kristo) - fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks (Helge Deller) - mmc: sdhci_am654: lower power-on failed message severity (Francesco Dolcini) - mm/userfaultfd: propagate uffd-wp bit when PTE-mapping the huge zeropage (David Hildenbrand) - ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (Dave Ertman) - nvme-pci: add NVME_QUIRK_BOGUS_NID for Netac NV3000 (Elmer Miroslav Mosher Golovin) - ftrace: Fix invalid address access in lookup_rec() when index is 0 (Chen Zhongjin) - mptcp: fix lockdep false positive in mptcp_pm_nl_create_listen_socket() (Paolo Abeni) - mptcp: avoid setting TCP_CLOSE state twice (Matthieu Baerts) - mptcp: add ro_after_init for tcp{,v6}_prot_override (Geliang Tang) - mptcp: fix possible deadlock in subflow_error_report (Paolo Abeni) - drm/amd/pm: Fix sienna cichlid incorrect OD volage after resume (Blazej Szczygiel) - drm/sun4i: fix missing component unbind on bind errors (Johan Hovold) - drm/shmem-helper: Remove another errant put in error path (Dmitry Osipenko) - riscv: asid: Fixup stale TLB entry cause application crash (Guo Ren) - Revert 'riscv: mm: notify remote harts about mmu cache updates' (Sergey Matyukevich) - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro (Hamidreza H. Fard) - ALSA: hda: intel-dsp-config: add MTL PCI id (Bard Liao) - cifs: Fix smb2_set_path_size() (Volker Lendecke) - tracing: Make tracepoint lockdep check actually test something (Steven Rostedt (Google)) - tracing: Check field value in hist_field_name() (Steven Rostedt (Google)) - tracing: Make splice_read available again (Sung-hun Kim) - interconnect: exynos: fix node leak in probe PM QoS error path (Johan Hovold) - interconnect: fix mem leak when freeing nodes (Johan Hovold) - s390/ipl: add missing intersection check to ipl_report handling (Sven Schnelle) - firmware: xilinx: don't make a sleepable memory allocation from an atomic context (Roman Gushchin) - serial: 8250_fsl: fix handle_irq locking (Johan Hovold) - serial: 8250_em: Fix UART port type (Biju Das) - tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted (Sherry Sun) - ext4: fix possible double unlock when moving a directory (Theodore Ts'o) - drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes (Alex Hung) - sh: intc: Avoid spurious sizeof-pointer-div warning (Michael Karcher) - net/9p: fix bug in client create for .L (Eric Van Hensbergen) - drm/amdkfd: Fix an illegal memory access (Qu Huang) - ext4: fix task hung in ext4_xattr_delete_inode (Baokun Li) - ext4: update s_journal_inum if it changes after journal replay (Baokun Li) - ext4: fail ext4_iget if special inode unallocated (Baokun Li) - jffs2: correct logic when creating a hole in jffs2_write_begin (Yifei Liu) - mmc: atmel-mci: fix race between stop command and start of next command (Tobias Schramm) - media: m5mols: fix off-by-one loop termination error (Linus Torvalds) - hwmon: (ltc2992) Set can_sleep flag for GPIO chip (Lars-Peter Clausen) - hwmon: (adm1266) Set can_sleep flag for GPIO chip (Lars-Peter Clausen) - kconfig: Update config changed flag before calling callback (Jurica Vukadin) - hwmon: tmp512: drop of_match_ptr for ID table (Krzysztof Kozlowski) - hwmon: (ucd90320) Add minimum delay between bus accesses (Lars-Peter Clausen) - hwmon: (ina3221) return prober error code (Marcus Folkesson) - hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition (Zheng Wang) - hwmon: (adt7475) Fix masking of hysteresis registers (Tony O'Brien) - hwmon: (adt7475) Display smoothing attributes in correct order (Tony O'Brien) - bonding: restore bond's IFF_SLAVE flag if a non-eth dev enslave fails (Nikolay Aleksandrov) - bonding: restore IFF_MASTER/SLAVE flags on bond enslave ether type change (Nikolay Aleksandrov) - ethernet: sun: add check for the mdesc_grab() (Liang He) - qed/qed_mng_tlv: correctly zero out ->min instead of ->hour (Daniil Tatianin) - selftests: net: devlink_port_split.py: skip test if no suitable device available (Po-Hsu Lin) - net/iucv: Fix size of interrupt data (Alexandra Winter) - net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (Szymon Heidrich) - ipv4: Fix incorrect table ID in IOCTL path (Ido Schimmel) - sh_eth: avoid PHY being resumed when interface is not up (Wolfram Sang) - ravb: avoid PHY being resumed when interface is not up (Wolfram Sang) - net: dsa: mv88e6xxx: fix max_mtu of 1492 on 6165, 6191, 6220, 6250, 6290 (Vladimir Oltean) - ice: xsk: disable txq irq before flushing hw (Maciej Fijalkowski) - block: sunvdc: add check for mdesc_grab() returning NULL (Liang He) - nvmet: avoid potential UAF in nvmet_req_complete() (Damien Le Moal) - nvme: fix handling single range discard request (Ming Lei) - block: null_blk: Fix handling of fake timeout request (Damien Le Moal) - drm/bridge: Fix returned array size name for atomic_get_input_bus_fmts kdoc (Liu Ying) - net: usb: smsc75xx: Limit packet length to skb->len (Szymon Heidrich) - net/smc: fix deadlock triggered by cancel_delayed_work_syn() (Wenjia Zhang) - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (Zheng Wang) - net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails (Heiner Kallweit) - net: tunnels: annotate lockless accesses to dev->needed_headroom (Eric Dumazet) - loop: Fix use-after-free issues (Bart Van Assche) - net: dsa: mt7530: set PLL frequency and trgmii only when trgmii is used (Ar?nc UNAL) - net: dsa: mt7530: remove now incorrect comment regarding port 5 (Ar?nc UNAL) - qed/qed_dev: guard against a possible division by zero (Daniil Tatianin) - net/smc: fix NULL sndbuf_desc in smc_cdc_tx_handler() (D. Wythe) - drm/i915/psr: Use calculated io and fast wake lines (Jouni Hogander) - drm/i915/display: clean up comments (Tom Rix) - drm/i915/display/psr: Handle plane and pipe restrictions at every page flip (Jose Roberto de Souza) - drm/i915/display/psr: Use drm damage helpers to calculate plane damaged area (Jose Roberto de Souza) - drm/i915/display: Workaround cursor left overs with PSR2 selective fetch enabled (Jose Roberto de Souza) - PCI: s390: Fix use-after-free of PCI resources with per-function hotplug (Niklas Schnelle) - vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready (Eugenio Perez) - vdpa_sim: not reset state in vdpasim_queue_ready (Eugenio Perez) - i40e: Fix kernel crash during reboot when adapter is in recovery mode (Ivan Vecera) - ipvlan: Make skb->skb_iif track skb->dev for l3s mode (Jianguo Wu) - nfc: pn533: initialize struct pn533_out_arg properly (Fedor Pchelkin) - tcp: tcp_make_synack() can be called from process context (Breno Leitao) - scsi: core: Fix a procfs host directory removal regression (Bart Van Assche) - netfilter: nft_redir: correct value of inet type .maxattrs (Jeremy Sowden) - netfilter: nft_redir: correct length for loading protocol registers (Jeremy Sowden) - netfilter: nft_masq: correct length for loading protocol registers (Jeremy Sowden) - netfilter: nft_nat: correct length for loading protocol registers (Jeremy Sowden) - ALSA: hda: Match only Intel devices with CONTROLLER_IN_GPU() (Bjorn Helgaas) - scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() (Wenchao Hao) - docs: Correct missing 'd_' prefix for dentry_operations member d_weak_revalidate (Glenn Washburn) - clk: HI655X: select REGMAP instead of depending on it (Randy Dunlap) - drm/meson: fix 1px pink line on GXM when scaling video overlay (Christian Hewitt) - cifs: Move the in_send statistic to __smb_send_rqst() (Zhang Xiaoxu) - drm/panfrost: Don't sync rpm suspension after mmu flushing (Dmitry Osipenko) - xfrm: Allow transport-mode states with AF_UNSPEC selector (Herbert Xu) - net: mana: Fix accessing freed irq affinity_hint (Haiyang Zhang) [Orabug: 35097498] - net: mana: Assign interrupts to CPUs based on NUMA nodes (Saurabh Sengar) [Orabug: 35097498] - crypto: qat - drop log level of msg in get_instance_node() (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - add resubmit logic for decompression (Giovanni Cabiddu) [Orabug: 35177771] - crypto: acomp - define max size for destination (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - enable deflate for QAT GEN4 (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - expose deflate through acomp api for QAT GEN2 (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - rename and relocate GEN2 config function (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - relocate qat_algs_alloc_flags() (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - relocate backlog related structures (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - extend buffer list interface (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - generalize crypto request buffers (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - change bufferlist logic interface (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - rename bufferlist functions (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - relocate bufferlist logic (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - fix error return code in adf_probe (Wang Yufen) [Orabug: 35177771] - crypto: qat - expose device state through sysfs for 4xxx (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - fix initialization of pfvf rts_map_msg structures (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - fix initialization of pfvf cap_msg structures (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - enable power management for QAT GEN4 (Wojciech Ziemba) [Orabug: 35177771] - crypto: qat - move and rename GEN4 error register definitions (Wojciech Ziemba) [Orabug: 35177771] - crypto: qat - add misc workqueue (Wojciech Ziemba) [Orabug: 35177771] - crypto: qat - fix access to PFVF interrupt registers for GEN4 (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - fix a signedness bug in get_service_enabled() (Dan Carpenter) [Orabug: 35177771] - crypto: qat - fix definition of ring reset results (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - add support for compression for 4xxx (Tomasz Kowalik) [Orabug: 35177771] - crypto: qat - allow detection of dc capabilities for 4xxx (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - add PFVF support to enable the reset of ring pairs (Marco Chiappero) [Orabug: 35177771] - crypto: qat - add PFVF support to the GEN4 host driver (Marco Chiappero) [Orabug: 35177771] - crypto: qat - config VFs based on ring-to-svc mapping (Marco Chiappero) [Orabug: 35177771] - crypto: qat - exchange ring-to-service mappings over PFVF (Marco Chiappero) [Orabug: 35177771] - crypto: qat - support fast ACKs in the PFVF protocol (Marco Chiappero) [Orabug: 35177771] - crypto: qat - exchange device capabilities over PFVF (Marco Chiappero) [Orabug: 35177771] - crypto: qat - introduce support for PFVF block messages (Marco Chiappero) [Orabug: 35177771] - crypto: qat - store the ring-to-service mapping (Marco Chiappero) [Orabug: 35177771] - crypto: qat - store the PFVF protocol version of the endpoints (Marco Chiappero) [Orabug: 35177771] - crypto: qat - improve the ACK timings in PFVF send (Marco Chiappero) [Orabug: 35177771] - crypto: qat - leverage read_poll_timeout in PFVF send (Marco Chiappero) [Orabug: 35177771] - crypto: qat - leverage bitfield.h utils for PFVF messages (Marco Chiappero) [Orabug: 35177771] - crypto: qat - abstract PFVF messages with struct pfvf_message (Marco Chiappero) [Orabug: 35177771] - crypto: qat - set PFVF_MSGORIGIN just before sending (Marco Chiappero) [Orabug: 35177771] - crypto: qat - make PFVF send and receive direction agnostic (Marco Chiappero) [Orabug: 35177771] - crypto: qat - make PFVF message construction direction agnostic (Marco Chiappero) [Orabug: 35177771] - crypto: qat - add the adf_get_pmisc_base() helper function (Marco Chiappero) [Orabug: 35177771] - crypto: qat - support the reset of ring pairs on PF (Marco Chiappero) [Orabug: 35177771] - crypto: qat - extend crypto capability detection for 4xxx (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - get compression extended capabilities (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - improve logging of PFVF messages (Marco Chiappero) [Orabug: 35177771] - crypto: qat - fix VF IDs in PFVF log messages (Marco Chiappero) [Orabug: 35177771] - crypto: qat - do not rely on min version (Marco Chiappero) [Orabug: 35177771] - crypto: qat - refactor pfvf version request messages (Marco Chiappero) [Orabug: 35177771] - crypto: qat - pass the PF2VF responses back to the callers (Marco Chiappero) [Orabug: 35177771] - crypto: qat - use enums for PFVF protocol codes (Marco Chiappero) [Orabug: 35177771] - crypto: qat - reorganize PFVF protocol definitions (Marco Chiappero) [Orabug: 35177771] - crypto: qat - reorganize PFVF code (Marco Chiappero) [Orabug: 35177771] - crypto: qat - abstract PFVF receive logic (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - abstract PFVF send function (Marco Chiappero) [Orabug: 35177771] - crypto: qat - differentiate between pf2vf and vf2pf offset (Marco Chiappero) [Orabug: 35177771] - crypto: qat - add pfvf_ops (Marco Chiappero) [Orabug: 35177771] - crypto: qat - relocate PFVF disabled function (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - relocate PFVF VF related logic (Marco Chiappero) [Orabug: 35177771] - crypto: qat - relocate PFVF PF related logic (Marco Chiappero) [Orabug: 35177771] - crypto: qat - handle retries due to collisions in adf_iov_putmsg() (Marco Chiappero) [Orabug: 35177771] - crypto: qat - split PFVF message decoding from handling (Marco Chiappero) [Orabug: 35177771] - crypto: qat - re-enable interrupts for legacy PFVF messages (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - change PFVF ACK behaviour (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - move interrupt code out of the PFVF handler (Marco Chiappero) [Orabug: 35177771] - crypto: qat - move VF message handler to adf_vf2pf_msg.c (Marco Chiappero) [Orabug: 35177771] - crypto: qat - move vf2pf interrupt helpers (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - refactor PF top half for PFVF (Marco Chiappero) [Orabug: 35177771] - crypto: qat - fix undetected PFVF timeout in ACK loop (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - do not handle PFVF sources for qat_4xxx (Giovanni Cabiddu) [Orabug: 35177771] - crypto: testmgr - Only disable migration in crypto_disable_simd_for_test() (Sebastian Andrzej Siewior) [Orabug: 35177771] - crypto: qat - share adf_enable_pf2vf_comms() from adf_pf2vf_msg.c (Marco Chiappero) [Orabug: 35177771] - crypto: qat - extract send and wait from adf_vf2pf_request_version() (Marco Chiappero) [Orabug: 35177771] - crypto: qat - add VF and PF wrappers to common send function (Marco Chiappero) [Orabug: 35177771] - crypto: qat - rename pfvf collision constants (Marco Chiappero) [Orabug: 35177771] - crypto: qat - move pfvf collision detection values (Marco Chiappero) [Orabug: 35177771] - crypto: qat - make pfvf send message direction agnostic (Marco Chiappero) [Orabug: 35177771] - crypto: qat - use hweight for bit counting (Giovanni Cabiddu) [Orabug: 35177771] - crypto: qat - remove duplicated logic across GEN2 drivers (Marco Chiappero) [Orabug: 35177771] - crypto: qat - fix handling of VF to PF interrupts (Marco Chiappero) [Orabug: 35177771] - crypto: qat - remove unneeded packed attribute (Giovanni Cabiddu) [Orabug: 35177771] - Revert 'crypto: qat - make pfvf send message direction agnostic' (Thomas Tai) [Orabug: 35177771] - Revert 'crypto: qat - fix undetected PFVF timeout in ACK loop' (Thomas Tai) [Orabug: 35177771] - uek: kabi: Add with_kabichk flag to control kABI checking (Saeed Mirzamohammadi) [Orabug: 35241564] - rds: Fix incorrect error pointer reference (William Kucharski) [Orabug: 35315449] - Revert 'attr: use consistent sgid stripping checks' (Sherry Yang) [Orabug: 35335373] [5.15.0-102.103.1] - Revert 'iommu: Force iommu shutdown on panic' (Boris Ostrovsky) [Orabug: 35317719] - perf/arm-cmn: Add more bits to child node address offset field (Ilkka Koskinen) [Orabug: 35289157] - char: misc: Increase the maximum number of dynamic misc devices to 1048448 (D Scott Phillips) [Orabug: 35289110] - net/rds: use appropriate return code while dropping a connection (Praveen Kumar Kannoju) [Orabug: 35279326] - mm, hugepages: add hugetlb vma mremap() test (Mina Almasry) [Orabug: 35176740] - mm: hugetlb: considering PMD sharing when flushing cache/TLBs (Baolin Wang) [Orabug: 35176740] - mm: mremap: fix sign for EFAULT error return value (Niels Dossche) [Orabug: 35176740] - mm/hugetlb: fix kernel crash with hugetlb mremap (Aneesh Kumar K.V) [Orabug: 35176740] - hugetlbfs: flush before unlock on move_hugetlb_page_tables() (Nadav Amit) [Orabug: 35176740] - hugetlb: fix hugetlb cgroup refcounting during mremap (Bui Quang Minh) [Orabug: 35176740] - mm, hugepages: add mremap() support for hugepage backed vma (Mina Almasry) [Orabug: 35176740] IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-32233 cpe:/a:oracle:linux:8::UEKR7 cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch cpe:/a:oracle:linux:8::developer_UEKR7 cpe:/a:oracle:linux:9::UEKR7 cpe:/a:oracle:linux:9::developer_UEKR7 Oracle Linux 9 [0.11.4-7] - Fix displaying differences between configuration checkpoints in "pcs config checkpoint diff" command - Fix "pcs stonith update-scsi-devices" command which was broken since Pacemaker-2.1.5-rc1 - Fixed loading of cluster status in the web interface when fencing levels are configured - Fixed a vulnerability in pcs-web-ui-node-modules - Updated bundled rubygem rack - Resolves: rhbz#2179901 rhbz#2180697 rhbz#2180704 rhbz#2180708 rhbz#2180978 rhbz#2183180 [0.11.4-6] - Fixed broken filtering in create resource/fence device wizards in the web interface - Added BuildRequires: pam - needed for tier0 tests during build - Resolves: rhbz#2167471 [0.11.4-5] - Fixed enabling/disabling sbd when cluster is not running - Resolves: rhbz#2166249 [0.11.4-4] - Rebuilt with fixed patches - Resolves: rhbz#2158790 rhbz#2159454 [0.11.4-3] - Allow time values in stonith-watchdog-time property - Resource/stonith agent self-validation of instance attributes is now disabled by default, as many agents do not work with it properly. - Updated bundled rubygems: rack, rack-protection, sinatra - Added license for ruby2_keywords - Resolves: rhbz#2158790 rhbz#2159454 [0.11.4-2] - Fixed stopping of pcsd service using systemctl stop pcsd command - Fixed smoke test execution during gating - Added warning when omitting validation of misconfigured resource - Fixed displaying of bool and integer values in pcs resource config command - Updated bundled rubygems: ethon, rack-protection, sinatra - Resolves: rhbz#2148124 rhbz#2151164 rhbz#2151524 [0.11.4-1] - Rebased to latest upstream sources (see CHANGELOG.md) - Updated pcs-web-ui - Resolves: rhbz#1620043 rhbz#2019464 rhbz#2099653 rhbz#2109633 rhbz#2112293 rhbz#2116295 rhbz#2117600 rhbz#2117601 [0.11.3-5] - Rebased to latest upstream sources (see CHANGELOG.md) - Updated pcs-web-ui - Added bundled rubygem: childprocess - Removed bundled rubygem: open4 - Updated bundled rubygems: mustermann, rack, rack-protection, rack-test, sinatra, tilt - Resolves: rhbz#1493416 rhbz#1796827 rhbz#2059147 rhbz#2092950 rhbz#2112079 rhbz#2112270 rhbz#2112293 rhbz#2117599 rhbz#2117601 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-27530 CVE-2023-27539 CVE-2023-2319 cpe:/a:oracle:linux:9::addons Oracle Linux 9 [20230516-999.20.git6c9e0ed5.el9] - cd72938cb480 linux-firmware: Update AMD fam17h cpu microcode - 92624e57af69 linux-firmware: Update AMD cpu microcode [20230516-999.19.git6c9e0ed5.el9] - Rebase to upstream - Revert removal of old iwlwifi firmwares (Orabug: 35260375) CRITICAL Copyright 2023 Oracle, Inc. CVE-2023-20593 cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 IMPORTANT Copyright 2023 Oracle, Inc. cpe:/a:oracle:linux:9::graalvm_community Oracle Linux 9 IMPORTANT Copyright 2023 Oracle, Inc. cpe:/a:oracle:linux:9::graalvm_community Oracle Linux 9 IMPORTANT Copyright 2023 Oracle, Inc. cpe:/a:oracle:linux:9::graalvm_community Oracle Linux 9 IMPORTANT Copyright 2023 Oracle, Inc. cpe:/a:oracle:linux:9::graalvm_community Oracle Linux 9 IMPORTANT Copyright 2023 Oracle, Inc. cpe:/a:oracle:linux:9::graalvm_community Oracle Linux 9 IMPORTANT Copyright 2023 Oracle, Inc. cpe:/a:oracle:linux:9::graalvm_community Oracle Linux 9 IMPORTANT Copyright 2023 Oracle, Inc. cpe:/a:oracle:linux:9::graalvm_community Oracle Linux 9 IMPORTANT Copyright 2023 Oracle, Inc. cpe:/a:oracle:linux:9::graalvm_community Oracle Linux 9 [20230516-999.23.git6c9e0ed5.el9] - Firmware files need to be uncompressed for early kernel load to work - Resolves 'Zenbleed' (Orabug: 35650345) {CVE-2023-20593} [20230516-999.22.git6c9e0ed5.el9] - Move the README removal, it needs to happen during build (Orabug: 35650021) - Resolves 'Zenbleed' (Orabug: 35650345) {CVE-2023-20593} [20230516-999.21.git6c9e0ed5.el9] - remove amd-ucode/README (Orabug: 35645306) CRITICAL Copyright 2023 Oracle, Inc. CVE-2023-20593 cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [20230516-999.25.git6c9e0ed5.el9] - Add missing amd-ucode/ files to nano and core rpm (Orabug: 35642190) - Add posttrans scriptlet to reload microcode on AMD (Orabug: 35636951) - Recreate initramfs for AMD systems (Orabug: 35636951) [20230516-999.24.git6c9e0ed5.el7] - 8a07fa49 linux-firmware: Update AMD fam19h cpu microcode (Orabug: 35659485) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-20569 cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [4:20220809-2.20230214.1.0.3] - update 06-55-04 to 0x2007006 - update 06-55-06 to 0x4003604 - update 06-55-07 to 0x5003604 - update 06-6a-06 to 0xd0003a5 - Resolves for Oracle hardware: {CVE-2022-40982} [Orabug: 35692740] MODERATE Copyright 2023 Oracle, Inc. CVE-2022-40982 cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [3.0.7-16.0.1] - Replace upstream references [Orabug: 34340177] IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-1255 CVE-2023-0464 CVE-2023-2650 CVE-2023-0465 CVE-2023-0466 cpe:/a:oracle:linux:9::userspace_ksplice Oracle Linux 9 istio [1.17.5-1] - Addresses CVE CVE-2023-35941, CVE-2023-35942, CVE-2023-35943, CVE-2023-35944. kubevirt [0.58.0-3] - Ensure that selinux build tags are set for all Go builds olcne [1.7.2-2] - Update kubevirt image versions fixing selinux=enforce not being supported [1.7.2-1] - Add Istio-1.17.5 and Istio-1.16.7 to address CVE's - CVE-2023-35941 - CVE-2023-35942 - CVE-2023-35943 - CVE-2023-35944 [1.7.0-10] - Remove worker-nodes enforcement from olcnectl provision [1.7.0-9] - Add resolutions for jenkins build failures IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-35943 CVE-2023-35944 CVE-2023-35941 CVE-2023-35942 cpe:/a:oracle:linux:9::olcne17 Oracle Linux 9 Oracle Linux 8 gcc [el8] [8.5.0-18.0.5] - CVE-2023-4039 GCC mitigation. Orabug 35751743. Includes removal of aarch64-preserve-args.patch. - CVE-2022-40982 'Intel Downfall' mitigation. Orabug 35751810. Add two patches originally from GCC upstream releases/gcc-11 branch. with major adjustment. gcc11-downfall-disable-gather-in-vec.patch gcc11-downfall-support-mno-gather.patch Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> gcc [el9] [11.3.1-4.3.0.4] - CVE-2023-4039 GCC mitigation. Orabug 35751837. - CVE-2022-40982 'Intel Downfall' mitigation. Orabug 35751842. Add two patches originally from GCC upstream releases/gcc-11 branch. gcc11-downfall-disable-gather-in-vec.patch gcc11-downfall-support-mno-gather.patch Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> gcc-toolset-11-gcc [el8] [11.2.1-9.1.0.6] - CVE-2023-4039 GCC mitigation. Orabug 35751885. - CVE-2022-40982 'Intel Downfall' mitigation. Orabug 35751901. Add two patches originally from GCC upstream releases/gcc-11 branch. gcc11-downfall-disable-gather-in-vec.patch gcc11-downfall-support-mno-gather.patch Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> gcc-toolset-12-gcc [el8/el9] [12.2.1-7.4.0.2] - CVE-2023-4039 GCC mitigation. Orabug 35751931. - CVE-2022-40982 'Intel Downfall' mitigation. Orabug 35751938. Add two patches originally from GCC upstream releases/gcc-11 branch. gcc12-downfall-disable-gather-in-vec.patch gcc12-downfall-support-mno-gather.patch - Introduce 'oracle_release' into .spec file. Echo it to gcc/DEV-PHASE. LOW Copyright 2023 Oracle, Inc. CVE-2023-4039 CVE-2022-40982 cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:8:8:baseos_patch cpe:/o:oracle:linux:9:2:baseos_patch cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:8:9:appstream_base cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 cpe:/a:oracle:linux:8::codeready_builder cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 Oracle Linux 8 Oracle Linux 9 [5.15.0-105.125.6.2.1] - rds: Fix lack of reentrancy for connection reset with dst addr zero (Haakon Bugge) [Orabug: 35713695] {CVE-2023-22024} IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-22024 cpe:/a:oracle:linux:8::UEKR7 cpe:/a:oracle:linux:9::UEKR7 cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 8 Oracle Linux 9 [5.15.0-105.125.6.2.2] - netfilter: nfnetlink_osf: avoid OOB read (Wander Lairson Costa) [Orabug: 35824297] - netfilter: nftables: exthdr: fix 4-byte stack OOB write (Florian Westphal) [Orabug: 35824297] - netfilter: xt_sctp: validate the flag_info count (Wander Lairson Costa) [Orabug: 35824297] - netfilter: xt_u32: validate user space input (Wander Lairson Costa) [Orabug: 35824297] - netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c (Kyle Zeng) [Orabug: 35824297] {CVE-2023-42753} IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-42753 cpe:/a:oracle:linux:8::UEKR7 cpe:/a:oracle:linux:9::UEKR7 cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [5.14.0-284.30.1.el9_2] - x86/microcode/intel: Expose collect_cpu_info_early() for IFS - x86/cpu: Load microcode during restore_processor_state() - x86/microcode: Rip out the OLD_INTERFACE - x86/microcode: Default-disable late loading - x86/microcode: Taint and warn on late loading - x86/microcode: Remove unnecessary perf callback - x86/microcode: Print previous version of microcode after reload - x86/microcode: Rip out the subsys interface gunk - x86/microcode: Simplify init path even more - x86/microcode/AMD: Rename a couple of functions {CVE-2023-20593} - x86/microcode: Add a parameter to microcode_check() to store CPU capabilities {CVE-2023-20593} - x86/microcode: Check CPU capabilities after late microcode update correctly {CVE-2023-20593} - x86/microcode: Adjust late loading result reporting message {CVE-2023-20593} - x86/amd: Cache debug register values in percpu variables {CVE-2023-20593} - x86/microcode: Remove ->request_microcode_user() - x86/microcode: Kill refresh_fw - x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter {CVE-2023-20593} - x86/microcode: Drop struct ucode_cpu_info.valid - x86/microcode/AMD: Add a @cpu parameter to the reloading functions {CVE-2023-20593} - x86/microcode/AMD: Track patch allocation size explicitly - x86/microcode/AMD: Fix mixed steppings support {CVE-2023-20593} - x86/microcode/core: Return an error only when necessary {CVE-2023-20593} - x86/apic: Don't disable x2APIC if locked - x86/cpu/amd: Move the errata checking functionality up {CVE-2023-20593} - x86/cpu: Remove redundant extern x86_read_arch_cap_msr() - x86/cpu, kvm: Add support for CPUID_80000021_EAX - KVM: x86: Advertise that the SMM_CTL MSR is not supported - KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code - x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 - x86/cpu: Support AMD Automatic IBRS - x86/CPU/AMD: Make sure EFER[AIBRSE] is set - x86/cpu/amd: Add a Zenbleed fix {CVE-2023-20593} IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-20593 CVE-2023-3610 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [2.34-60.0.3] - CVE-2023-4911: tunables: Terminate immediately if end of input is reached Reviewed by: Jose E. Marchesi <jose.marchesi@oracle.com> IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-4911 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [2.34-60.0.3] - CVE-2023-4911: tunables: Terminate immediately if end of input is reached Reviewed by: Jose E. Marchesi <jose.marchesi@oracle.com> IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-4911 cpe:/a:oracle:linux:9::userspace_ksplice Oracle Linux 8 Oracle Linux 9 [5.15.0-106.131.4] - jbd2: check 'jh->b_transaction' before removing it from checkpoint (Zhihao Cheng) - jbd2: fix checkpoint cleanup performance regression (Zhang Yi) - scsi: qla2xxx: Fix TMF leak through (Quinn Tran) - scsi: qla2xxx: Fix command flush during TMF (Quinn Tran) - scsi: qla2xxx: Limit TMF to 8 per function (Quinn Tran) - Revert 'drm/amdgpu: install stub fence into potential unused fence pointers' (Greg Kroah-Hartman) - dlm: fix plock lookup when using multiple lockspaces (Alexander Aring) - Revert 'scsi: qla2xxx: Fix buffer overrun' (Nilesh Javali) - media: dvb: symbol fixup for dvb_attach() (Greg Kroah-Hartman) - PCI: rockchip: Use 64-bit mask on MSI 64-bit PCI address (Rick Wertenbroek) - x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (Dave Hansen) - clk: qcom: reset: Use the correct type of sleep/delay based on length (Konrad Dybcio) - ALSA: ac97: Fix possible error value of *rac97 (Su Hui) - md/raid0: Fix performance regression for large sequential writes (Jan Kara) - md/raid0: Factor out helper for mapping and submitting a bio (Jan Kara) - md: add error_handlers for raid0 and linear (Mariusz Tkaczyk) - md: Set MD_BROKEN for RAID1 and RAID10 (Mariusz Tkaczyk) - LTS version: v5.15.131 (Jack Vogel) - usb: typec: tcpci: clear the fault status bit (Marco Felsch) - usb: typec: tcpci: move tcpci.h to include/linux/usb/ (Xin Ji) - pinctrl: amd: Don't show Invalid config param errors (Mario Limonciello) - nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse (Ryusuke Konishi) - nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers() (Ryusuke Konishi) - tcpm: Avoid soft reset when partner does not support get_status (Badhri Jagan Sridharan) - fsi: master-ast-cf: Add MODULE_FIRMWARE macro (Juerg Haefliger) - firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (Wang Ming) - serial: sc16is7xx: fix bug when first setting GPIO direction (Hugo Villeneuve) - serial: sc16is7xx: fix broken port 0 uart init (Hugo Villeneuve) - serial: qcom-geni: fix opp vote on shutdown (Johan Hovold) - wifi: mt76: mt7921: do not support one stream on secondary antenna only (Deren Wu) - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (Zheng Wang) - staging: rtl8712: fix race condition (Nam Cao) - HID: wacom: remove the battery when the EKR is off (Aaron Armstrong Skomra) - usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (Xu Yang) - usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (Luke Lu) - ALSA: usb-audio: Fix init call orders for UAC1 (Takashi Iwai) - USB: serial: option: add FOXCONN T99W368/T99W373 product (Slark Xiao) - USB: serial: option: add Quectel EM05G variant (0x030e) (Martin Kohn) - modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules (Christoph Hellwig) - rtc: ds1685: use EXPORT_SYMBOL_GPL for ds1685_rtc_poweroff (Christoph Hellwig) - net: enetc: use EXPORT_SYMBOL_GPL for enetc_phc_index (Christoph Hellwig) - mmc: au1xmmc: force non-modular build and remove symbol_get usage (Christoph Hellwig) - ARM: pxa: remove use of symbol_get() (Arnd Bergmann) - ksmbd: replace one-element array with flex-array member in struct smb2_ea_info (Namjae Jeon) - ksmbd: fix wrong DataOffset validation of create context (Namjae Jeon) - erofs: ensure that the post-EOF tails are all zeroed (Gao Xiang) - netfilter: nfnetlink_osf: avoid OOB read (Wander Lairson Costa) [Orabug: 35824286] - netfilter: nftables: exthdr: fix 4-byte stack OOB write (Florian Westphal) [Orabug: 35824286] - netfilter: xt_sctp: validate the flag_info count (Wander Lairson Costa) [Orabug: 35824286] - netfilter: xt_u32: validate user space input (Wander Lairson Costa) [Orabug: 35824286] - netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c (Kyle Zeng) [Orabug: 35824286] {CVE-2023-42753} - rds: Fix lack of reentrancy for connection reset with dst addr zero (Hakon Bugge) [Orabug: 35655833] {CVE-2023-22024} - attr: use consistent sgid stripping checks (Christian Brauner) [Orabug: 35520042] - Revert 'perf build-ids: Fall back to debuginfod query if debuginfo not found' (Samasth Norway Ananda) [Orabug: 35617848] - KEYS: use kfree_sensitive with key (Saeed Mirzamohammadi) [Orabug: 35746757] - kernfs: fix missing kernfs_iattr_rwsem locking (Ian Kent) [Orabug: 35796770] - scsi: megaraid_sas: Fix deadlock on firmware crashdump (Junxiao Bi) [Orabug: 35819592] [5.15.0-106.130.3] - KVM: arm64: Skip instruction after emulating write to TCR_EL1 (Oliver Upton) [Orabug: 35677037] - uek-rpm: aarch64: enable ACPI_AGDI (Mihai Carabas) [Orabug: 35761254] - arm64: sdei: abort running SDEI handlers during crash (D Scott Phillips) [Orabug: 35761254] - ACPI: AGDI: Fix missing prototype warning for acpi_agdi_init() (Ilkka Koskinen) [Orabug: 35761254] - ACPI: AGDI: Add driver for Arm Generic Diagnostic Dump and Reset device (Ilkka Koskinen) [Orabug: 35761254] - ACPI: tables: Add AGDI to the list of known table signatures (Ilkka Koskinen) [Orabug: 35761254] - ACPICA: iASL: Add suppport for AGDI table (Ilkka Koskinen) [Orabug: 35761254] - net/rds: Avoid unpin_user_pages_dirty_lock() in tasklets (Gerd Rausch) [Orabug: 35765163] - x86/CPU/AMD: Fix the DIV(0) initial fix attempt (Borislav Petkov (AMD)) [Orabug: 35776935] {CVE-2023-20588} - x86/CPU/AMD: Do not leak quotient data after a division by 0 (Borislav Petkov (AMD)) [Orabug: 35776935] {CVE-2023-20588} - x86: change default to spec_store_bypass_disable=prctl spectre_v2_user=prctl (Andrea Arcangeli) [Orabug: 35778852] [5.15.0-106.130.2] - LTS version: v5.15.130 (Jack Vogel) - rcu-tasks: Add trc_inspect_reader() checks for exiting critical section (Paul E. McKenney) - rcu-tasks: Wait for trc_read_check_handler() IPIs (Paul E. McKenney) - rcu-tasks: Fix IPI failure handling in trc_wait_for_one_reader (Neeraj Upadhyay) - rcu: Prevent expedited GP from enabling tick on offline CPU (Paul E. McKenney) - ARM: module: Use module_init_layout_section() to spot init sections (James Morse) - arm64: module: Use module_init_layout_section() to spot init sections (James Morse) - arm64: module-plts: inline linux/moduleloader.h (Arnd Bergmann) - module: Expose module_init_layout_section() (James Morse) - ACPI: thermal: Drop nocrt parameter (Mario Limonciello) - LTS version: v5.15.129 (Jack Vogel) - mm,ima,kexec,of: use memblock_free_late from ima_free_kexec_buffer (Rik van Riel) - mm: memory-failure: fix unexpected return value in soft_offline_page() (Miaohe Lin) - mm: memory-failure: kill soft_offline_free_page() (Kefeng Wang) - dma-buf/sw_sync: Avoid recursive lock during fence signal (Rob Clark) - pinctrl: renesas: rza2: Add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} (Biju Das) - clk: Fix undefined reference to clk_rate_exclusive_{get,put}' (Biju Das) - scsi: core: raid_class: Remove raid_component_add() (Zhu Wang) - scsi: snic: Fix double free in snic_tgt_create() (Zhu Wang) - can: raw: add missing refcount for memory leak fix (Oliver Hartkopp) - drm/i915: Fix premature release of request's reusable memory (Janusz Krzysztofik) - cgroup/cpuset: Free DL BW in case can_attach() fails (Dietmar Eggemann) - sched/deadline: Create DL BW alloc, free & check overflow interface (Dietmar Eggemann) - cgroup/cpuset: Iterate only if DEADLINE tasks are present (Juri Lelli) - sched/cpuset: Keep track of SCHED_DEADLINE task in cpusets (Juri Lelli) - sched/cpuset: Bring back cpuset_mutex (Juri Lelli) - cgroup/cpuset: Rename functions dealing with DEADLINE accounting (Juri Lelli) - torture: Fix hang during kthread shutdown phase (Joel Fernandes (Google)) - nfsd: use vfs setgid helper (Christian Brauner) - nfs: use vfs setgid helper (Christian Brauner) - x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 (Feng Tang) - x86/fpu: Invalidate FPU state correctly on exec() (Rick Edgecombe) - drm/display/dp: Fix the DP DSC Receiver cap size (Ankit Nautiyal) - drm/vmwgfx: Fix shader stage validation (Zack Rusin) - PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus (Igor Mammedov) - media: vcodec: Fix potential array out-of-bounds in encoder queue_setup (Wei Chen) - of: dynamic: Refactor action prints to not use '%pOF' inside devtree_lock (Rob Herring) - of: unittest: Fix EXPECT for parse_phandle_with_args_map() test (Rob Herring) - radix tree: remove unused variable (Arnd Bergmann) - lib/clz_ctz.c: Fix __clzdi2() and __ctzdi2() for 32-bit kernels (Helge Deller) - batman-adv: Hold rtnl lock during MTU update via netlink (Sven Eckelmann) - batman-adv: Fix batadv_v_ogm_aggr_send memory leak (Remi Pommarel) - batman-adv: Fix TT global entry leak when client roamed back (Remi Pommarel) - batman-adv: Do not get eth header before batadv_check_management_packet (Remi Pommarel) - batman-adv: Don't increase MTU when set by user (Sven Eckelmann) - batman-adv: Trigger events for auto adjusted MTU (Sven Eckelmann) - selinux: set next pointer before attaching to list (Christian Gottsche) - nfsd: Fix race to FREE_STATEID and cl_revoked (Benjamin Coddington) - NFS: Fix a use after free in nfs_direct_join_group() (Trond Myklebust) - mm: add a call to flush_cache_vmap() in vmap_pfn() (Alexandre Ghiti) - ALSA: ymfpci: Fix the missing snd_card_free() call at probe error (Takashi Iwai) - clk: Fix slab-out-of-bounds error in devm_clk_release() (Andrey Skvortsov) - NFSv4: Fix dropped lock for racing OPEN and delegation return (Benjamin Coddington) - ibmveth: Use dcbf rather than dcbfl (Michael Ellerman) - Revert 'KVM: x86: enable TDP MMU by default' (Sean Christopherson) - net/ncsi: change from ndo_set_mac_address to dev_set_mac_address (Ivan Mikhaylov) - net/ncsi: make one oem_gma function for all mfr id (Ivan Mikhaylov) - bonding: fix macvlan over alb bond support (Hangbin Liu) - net: remove bond_slave_has_mac_rcu() (Jakub Kicinski) - rtnetlink: Reject negative ifindexes in RTM_NEWLINK (Ido Schimmel) - rtnetlink: return ENODEV when ifname does not exist and group is given (Florent Fourcot) - netfilter: nf_tables: fix out of memory error handling (Florian Westphal) - netfilter: nf_tables: flush pending destroy work before netlink notifier (Pablo Neira Ayuso) - net/sched: fix a qdisc modification with ambiguous command request (Jamal Hadi Salim) - igc: Fix the typo in the PTM Control macro (Sasha Neftin) - igb: Avoid starting unnecessary workqueues (Alessio Igor Bogani) - ice: fix receive buffer size miscalculation (Jesse Brandeburg) - net: validate veth and vxcan peer ifindexes (Jakub Kicinski) - net: bcmgenet: Fix return value check for fixed_phy_register() (Ruan Jinjie) - net: bgmac: Fix return value check for fixed_phy_register() (Ruan Jinjie) - ipvlan: Fix a reference count leak warning in ipvlan_ns_exit() (Lu Wei) - dccp: annotate data-races in dccp_poll() (Eric Dumazet) - sock: annotate data-races around prot->memory_pressure (Eric Dumazet) - octeontx2-af: SDP: fix receive link config (Hariprasad Kelam) - tracing: Fix memleak due to race between current_tracer and trace (Zheng Yejian) - tracing: Fix cpu buffers unavailable due to 'record_disabled' missed (Zheng Yejian) - can: raw: fix lockdep issue in raw_release() (Eric Dumazet) - drm/amd/display: check TG is non-null before checking if enabled (Taimur Hassan) - drm/amd/display: do not wait for mpc idle if tg is disabled (Josip Pavic) - can: raw: fix receiver memory leak (Ziyang Xuan) - jbd2: fix a race when checking checkpoint buffer busy (Zhang Yi) - jbd2: remove journal_clean_one_cp_list() (Zhang Yi) - jbd2: remove t_checkpoint_io_list (Zhang Yi) - ALSA: pcm: Fix potential data race at PCM memory allocation helpers (Takashi Iwai) - fbdev: fix potential OOB read in fast_imageblit() (Zhang Shurong) - fbdev: Fix sys_imageblit() for arbitrary image widths (Thomas Zimmermann) - fbdev: Improve performance of sys_imageblit() (Thomas Zimmermann) - MIPS: cpu-features: Use boot_cpu_type for CPU type based features (Jiaxun Yang) - MIPS: cpu-features: Enable octeon_cache by cpu_type (Jiaxun Yang) - fs: dlm: fix mismatch of plock results from userspace (Alexander Aring) - fs: dlm: use dlm_plock_info for do_unlock_close (Alexander Aring) - fs: dlm: change plock interrupted message to debug again (Alexander Aring) - fs: dlm: add pid to debug log (Alexander Aring) - dlm: replace usage of found with dedicated list iterator variable (Jakob Koschel) - dlm: improve plock logging if interrupted (Alexander Aring) - PCI: acpiphp: Reassign resources on bridge if necessary (Igor Mammedov) - xprtrdma: Remap Receive buffers after a reconnect (Chuck Lever) - NFSv4: fix out path in __nfs4_get_acl_uncached (Fedor Pchelkin) - NFSv4.2: fix error handling in nfs42_proc_getxattr (Fedor Pchelkin) - objtool/x86: Fix SRSO mess (Peter Zijlstra) - LTS version: v5.15.128 (Jack Vogel) - x86/srso: Correct the mitigation status when SMT is disabled (Borislav Petkov (AMD)) - objtool/x86: Fixup frame-pointer vs rethunk (Peter Zijlstra) - x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (Petr Pavlu) - x86/srso: Disable the mitigation on unaffected configurations (Borislav Petkov (AMD)) - x86/retpoline: Don't clobber RFLAGS during srso_safe_ret() (Sean Christopherson) - x86/static_call: Fix __static_call_fixup() (Peter Zijlstra) - x86/srso: Explain the untraining sequences a bit more (Borislav Petkov (AMD)) - x86/cpu: Cleanup the untrain mess (Peter Zijlstra) - x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (Peter Zijlstra) - x86/cpu: Rename original retbleed methods (Peter Zijlstra) - x86/cpu: Clean up SRSO return thunk mess (Peter Zijlstra) - x86/ibt: Add ANNOTATE_NOENDBR (Peter Zijlstra) - objtool: Add frame-pointer-specific function ignore (Josh Poimboeuf) - x86/alternative: Make custom return thunk unconditional (Peter Zijlstra) - x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (Peter Zijlstra) - x86/cpu: Fix __x86_return_thunk symbol type (Peter Zijlstra) - mmc: f-sdh30: fix order of function calls in sdhci_f_sdh30_remove (Yangtao Li) - net: fix the RTO timer retransmitting skb every 1ms if linear option is enabled (Jason Xing) - virtio-net: set queues after driver_ok (Jason Wang) - af_unix: Fix null-ptr-deref in unix_stream_sendpage(). (Kuniyuki Iwashima) - arm64: dts: rockchip: Disable HS400 for eMMC on ROCK Pi 4 (Christopher Obbard) - exfat: check if filename entries exceeds max filename length (Namjae Jeon) - netfilter: set default timeout to 3 secs for sctp shutdown send and recv state (Xin Long) - drm/amd: flush any delayed gfxoff on suspend entry (Mario Limonciello) - drm/qxl: fix UAF on handle creation (Wander Lairson Costa) - mmc: block: Fix in_flight[issue_type] value error (Yibin Ding) - mmc: wbsd: fix double mmc_free_host() in wbsd_init() (Yang Yingliang) - cifs: Release folio lock on fscache read hit. (Russell Harmon via samba-technical) - ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces. (dengxiang) - serial: 8250: Fix oops for port->pm on uart_change_pm() (Tony Lindgren) - riscv: uaccess: Return the number of bytes effectively not copied (Alexandre Ghiti) - ALSA: hda/realtek - Remodified 3k pull low procedure (Kailang Yang) - soc: aspeed: socinfo: Add kfree for kstrdup (Jiasheng Jiang) - ASoC: meson: axg-tdm-formatter: fix channel slot allocation (Jerome Brunet) - ASoC: rt5665: add missed regulator_bulk_disable (Zhang Shurong) - ARM: dts: imx: Set default tuning step for imx6sx usdhc (Xiaolei Wang) - arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (Dmitry Baryshkov) - bus: ti-sysc: Flush posted write on enable before reset (Tony Lindgren) - net: do not allow gso_size to be set to GSO_BY_FRAGS (Eric Dumazet) - sock: Fix misuse of sk_under_memory_pressure() (Abel Wu) - net: dsa: mv88e6xxx: Wait for EEPROM done before HW reset (Alfred Lee) - i40e: fix misleading debug logs (Andrii Staikov) - iavf: fix FDIR rule fields masks validation (Piotr Gardocki) - team: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves (Ziyang Xuan) - net: phy: broadcom: stub c45 read/write for 54810 (Justin Chen) - netfilter: nft_dynset: disallow object maps (Pablo Neira Ayuso) - ipvs: fix racy memcpy in proc_do_sync_threshold (Sishuai Gong) - netfilter: nf_tables: deactivate catchall elements in next generation (Florian Westphal) - netfilter: nf_tables: fix false-positive lockdep splat (Florian Westphal) - drm/panel: simple: Fix AUO G121EAN01 panel timings according to the docs (Luca Ceresoli) - selftests: mirror_gre_changes: Tighten up the TTL test match (Petr Machata) - net: phy: fix IRQ-based wake-on-lan over hibernate / power off (Russell King (Oracle)) - xfrm: add forgotten nla_policy for XFRMA_MTIMER_THRESH (Lin Ma) - xfrm: add NULL check in xfrm_update_ae_params (Lin Ma) - ip_vti: fix potential slab-use-after-free in decode_session6 (Zhengchao Shao) - ip6_vti: fix slab-use-after-free in decode_session6 (Zhengchao Shao) - xfrm: fix slab-use-after-free in decode_session6 (Zhengchao Shao) - net: xfrm: Amend XFRMA_SEC_CTX nla_policy structure (Lin Ma) - net: af_key: fix sadb_x_filter validation (Lin Ma) - net: xfrm: Fix xfrm_address_filter OOB read (Lin Ma) - i2c: designware: Handle invalid SMBus block data response length value (Tam Nguyen) - i2c: designware: Correct length byte validation logic (Quan Nguyen) - btrfs: fix BUG_ON condition in btrfs_cancel_balance (xiaoshoukui) - tty: serial: fsl_lpuart: Clear the error flags by writing 1 for lpuart32 platforms (Sherry Sun) - tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux (Yi Yang) - powerpc/rtas_flash: allow user copy to flash block cache objects (Nathan Lynch) - fbdev: mmp: fix value check in mmphw_probe() (Yuanjun Gong) - i2c: hisi: Only handle the interrupt of the driver's transfer (Yicong Yang) - i2c: bcm-iproc: Fix bcm_iproc_i2c_isr deadlock issue (Chengfeng Ye) - cifs: fix potential oops in cifs_oplock_break (Steve French) - vduse: Use proper spinlock for IRQ injection (Maxime Coquelin) - virtio-mmio: don't break lifecycle of vm_dev (Wolfram Sang) - btrfs: move out now unused BG from the reclaim list (Naohiro Aota) - ARM: dts: nxp/imx6sll: fix wrong property name in usbphy node (Xu Yang) - ARM: dts: imx6sll: fixup of operating points (Andreas Kemnade) - mmc: sunxi: fix deferred probing (Sergey Shtylyov) - mmc: bcm2835: fix deferred probing (Sergey Shtylyov) - USB: dwc3: fix use-after-free on core driver unbind (Johan Hovold) - USB: dwc3: qcom: fix NULL-deref on suspend (Johan Hovold) - tty: serial: fsl_lpuart: reduce RX watermark to 0 on LS1028A (Robert Hodaszi) - tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms (Sherry Sun) - tty: serial: fsl_lpuart: Add i.MXRT1050 support (Jesse Taube) - usb: dwc3: gadget: Improve dwc3_gadget_suspend() and dwc3_gadget_resume() (Roger Quadros) - USB: dwc3: gadget: drop dead hibernation code (Johan Hovold) - usb: dwc3: Fix typos in gadget.c (Kushagra Verma) - usb: dwc3: Remove DWC3 locking during gadget suspend/resume (Wesley Cheng) - usb: dwc3: gadget: Synchronize IRQ between soft connect/disconnect (Wesley Cheng) - drm/amd/display: fix access hdcp_workqueue assert (Hersen Wu) - drm/amd/display: phase3 mst hdcp for multiple displays (hersen wu) - drm/amd/display: save restore hdcp state when display is unplugged from mst hub (hersen wu) - ARM: dts: aspeed: asrock: Correct firmware flash SPI clocks (Zev Weiss) - igc: read before write to SRRCTL register (Song Yoong Siang) - iio: addac: stx104: Fix race condition when converting analog-to-digital (William Breathitt Gray) - iio: addac: stx104: Fix race condition for stx104_write_raw() (William Breathitt Gray) - iio: stx104: Move to addac subdirectory (William Breathitt Gray) - iio: adc: stx104: Implement and utilize register structures (William Breathitt Gray) - iio: adc: stx104: Utilize iomap interface (William Breathitt Gray) - iio: add addac subdirectory (Cosmin Tanislav) - ring-buffer: Do not swap cpu_buffer during resize process (Chen Lin) - powerpc/kasan: Disable KCOV in KASAN code (Benjamin Gray) - ALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() (Tuo Li) - ALSA: hda/realtek: Add quirks for Unis H3C Desktop B760 & Q760 (dengxiang) - fs/ntfs3: Mark ntfs dirty when on-disk struct is corrupted (Konstantin Komarov) - fs: ntfs3: Fix possible null-pointer dereferences in mi_read() (Jia-Ju Bai) - fs/ntfs3: Enhance sanity check while generating attr_list (Edward Lo) - drm/amdgpu: Fix potential fence use-after-free v2 (shanzhulig) - Bluetooth: btusb: Add MT7922 bluetooth ID for the Asus Ally (Matthew Anderson) - Bluetooth: L2CAP: Fix use-after-free (Zhengping Jiang) - watchdog: sp5100_tco: support Hygon FCH/SCH (Server Controller Hub) (Yuechao Zhao) - firewire: net: fix use after free in fwnet_finish_incoming_packet() (Zhang Shurong) - pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() (Armin Wolf) - gfs2: Fix possible data races in gfs2_show_options() (Tuo Li) - usb: chipidea: imx: add missing USB PHY DPDM wakeup setting (Xu Yang) - usb: chipidea: imx: don't request QoS for imx8ulp (Xu Yang) - thunderbolt: Read retimer NVM authentication status prior tb_retimer_set_inbound_sbtx() (Mika Westerberg) - media: platform: mediatek: vpu: fix NULL ptr dereference (Hans Verkuil) - usb: gadget: u_serial: Avoid spinlock recursion in __gs_console_push (Prashanth K) - media: v4l2-mem2mem: add lock to protect parameter num_rdy (Yunfei Dong) - smb: client: fix warning in cifs_smb3_do_mount() (Paulo Alcantara) - ovl: check type and offset of struct vfsmount in ovl_entry (Christian Brauner) - RDMA/mlx5: Return the firmware result upon destroying QP/RQ (Patrisious Haddad) - HID: add quirk for 03f0:464a HP Elite Presenter Mouse (Marco Morandini) - drm/amdgpu: install stub fence into potential unused fence pointers (Lang Yu) - HID: logitech-hidpp: Add USB and Bluetooth IDs for the Logitech G915 TKL Keyboard (stuarthayhurst) - dma-remap: use kvmalloc_array/kvfree for larger dma memory remap (gaoxu) - ASoC: SOF: Intel: fix SoundWire/HDaudio mutual exclusion (Pierre-Louis Bossart) - iopoll: Call cpu_relax() in busy loops (Geert Uytterhoeven) - ARM: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix USB related warnings (Oleksij Rempel) - PCI: tegra194: Fix possible array out of bounds access (Sumit Gupta) - net: tls: avoid discarding data on record close (Jakub Kicinski) - net/tls: Multi-threaded calls to TX tls_dev_del (Tariq Toukan) - net/tls: Perform immediate device ctx cleanup when possible (Tariq Toukan) - macsec: use DEV_STATS_INC() (Eric Dumazet) - macsec: Fix traffic counters/statistics (Clayton Yager) - selftests: forwarding: tc_actions: Use ncat instead of nc (Ido Schimmel) - selftests: forwarding: tc_actions: cleanup temporary files when test is aborted (Davide Caratti) - mmc: sdhci-f-sdh30: Replace with sdhci_pltfm (Kunihiko Hayashi) - LTS version: v5.15.127 (Jack Vogel) - timers/nohz: Last resort update jiffies on nohz_full IRQ entry (Frederic Weisbecker) - timers/nohz: Switch to ONESHOT_STOPPED in the low-res handler when the tick is stopped (Nicholas Piggin) - tick: Detect and fix jiffies update stall (Frederic Weisbecker) - sch_netem: fix issues in netem_change() vs get_dist_table() (Eric Dumazet) - alpha: remove __init annotation from exported page_is_ram() (Masahiro Yamada) - scsi: qedf: Fix firmware halt over suspend and resume (Nilesh Javali) - scsi: qedi: Fix firmware halt over suspend and resume (Nilesh Javali) - scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (Karan Tilak Kumar) - scsi: core: Fix possible memory leak if device_add() fails (Zhu Wang) - scsi: snic: Fix possible memory leak if device_add() fails (Zhu Wang) - scsi: 53c700: Check that command slot is not NULL (Alexandra Diupina) - scsi: storvsc: Fix handling of virtual Fibre Channel timeouts (Michael Kelley) - scsi: core: Fix legacy /proc parsing buffer overflow (Tony Battersby) - netfilter: nf_tables: report use refcount overflow (Pablo Neira Ayuso) - nvme-rdma: fix potential unbalanced freeze & unfreeze (Ming Lei) - nvme-tcp: fix potential unbalanced freeze & unfreeze (Ming Lei) - btrfs: set cache_block_group_error if we find an error (Josef Bacik) - btrfs: reject invalid reloc tree root keys with stack dump (Qu Wenruo) - btrfs: exit gracefully if reloc roots don't match (Qu Wenruo) - btrfs: don't stop integrity writeback too early (Christoph Hellwig) - ibmvnic: Handle DMA unmapping of login buffs in release functions (Nick Child) - ibmvnic: Unmap DMA login rsp buffer on send login fail (Nick Child) - ibmvnic: Enforce stronger sanity checks on login response (Nick Child) - net/mlx5: Skip clock update work when device is in error state (Moshe Shemesh) - net/mlx5: Allow 0 for total host VFs (Daniel Jurgens) - dmaengine: mcf-edma: Fix a potential un-allocated memory access (Christophe JAILLET) - nexthop: Fix infinite nexthop bucket dump when using maximum nexthop ID (Ido Schimmel) - nexthop: Make nexthop bucket dump more efficient (Ido Schimmel) - nexthop: Fix infinite nexthop dump when using maximum nexthop ID (Ido Schimmel) - net: hns3: add wait until mac link down (Jie Wang) - net: hns3: refactor hclge_mac_link_status_wait for interface reuse (Jie Wang) - net: phy: at803x: remove set/get wol callbacks for AR8032 (Li Yang) - RDMA/umem: Set iova in ODP flow (Michael Guralnik) - wifi: cfg80211: fix sband iftype data lookup for AP_VLAN (Felix Fietkau) - drm/rockchip: Don't spam logs in atomic check (Daniel Stone) - IB/hfi1: Fix possible panic during hotplug remove (Douglas Miller) - iavf: fix potential races for FDIR filters (Piotr Gardocki) - drivers: net: prevent tun_build_skb() to exceed the packet size limit (Andrew Kanner) - dccp: fix data-race around dp->dccps_mss_cache (Eric Dumazet) - bonding: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves (Ziyang Xuan) - xsk: fix refcount underflow in error path (Magnus Karlsson) - tunnels: fix kasan splat when generating ipv4 pmtu error (Florian Westphal) - net/packet: annotate data-races around tp->status (Eric Dumazet) - mISDN: Update parameter type of dsp_cmx_send() (Nathan Chancellor) - bpf, sockmap: Fix bug that strp_done cannot be called (Xu Kuohai) - bpf, sockmap: Fix map type error in sock_map_del_link (Xu Kuohai) - net: core: remove unnecessary frame_sz check in bpf_xdp_adjust_tail() (Andrew Kanner) - selftests: forwarding: tc_flower: Relax success criterion (Ido Schimmel) - selftests: forwarding: Switch off timeout (Ido Schimmel) - selftests: forwarding: Skip test when no interfaces are specified (Ido Schimmel) - selftests: forwarding: ethtool_extended_state: Skip when using veth pairs (Ido Schimmel) - selftests: forwarding: ethtool: Skip when using veth pairs (Ido Schimmel) - selftests: forwarding: Add a helper to skip test when using veth pairs (Ido Schimmel) - selftests/rseq: Fix build with undefined __weak (Mark Brown) - drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes (Karol Herbst) - x86: Move gds_ucode_mitigated() declaration to header (Arnd Bergmann) - x86/speculation: Add cpu_show_gds() prototype (Arnd Bergmann) - x86/mm: Fix VDSO and VVAR placement on 5-level paging machines (Kirill A. Shutemov) - x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (Cristian Ciocaltea) - x86/srso: Fix build breakage with the LLVM linker (Nick Desaulniers) - usb: typec: tcpm: Fix response to vsafe0V event (Badhri Jagan Sridharan) - usb: common: usb-conn-gpio: Prevent bailing out if initial role is none (Prashanth K) - usb: dwc3: Properly handle processing of pending events (Elson Roy Serrao) - usb-storage: alauda: Fix uninit-value in alauda_check_media() (Alan Stern) - misc: rtsx: judge ASPM Mode to set PETXCFG Reg (Ricky WU) - binder: fix memory leak in binder_init() (Qi Zheng) - iio: adc: ina2xx: avoid NULL pointer dereference on OF device match (Alvin Sipraga) - iio: cros_ec: Fix the allocation size for cros_ec_command (Yiyuan Guo) - io_uring: correct check for O_TMPFILE (Aleksa Sarai) - selftests/bpf: Fix sk_assign on s390x (Ilya Leoshkevich) - selftests/bpf: Workaround verification failure for fexit_bpf2bpf/func_replace_return_code (Yonghong Song) - selftests/bpf: make test_align selftest more robust (Andrii Nakryiko) - bpf: aggressively forget precise markings during state checkpointing (Andrii Nakryiko) - bpf: stop setting precise in current state (Andrii Nakryiko) - bpf: allow precision tracking for programs with subprogs (Andrii Nakryiko) - nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (Ryusuke Konishi) - radix tree test suite: fix incorrect allocation size for pthreads (Colin Ian King) - hwmon: (pmbus/bel-pfe) Enable PMBUS_SKIP_STATUS_CHECK for pfe1100 (Tao Ren) - drm/amd/display: check attr flag before set cursor degamma on DCN3+ (Melissa Wen) - drm/shmem-helper: Reset vma->vm_ops before calling dma_buf_mmap() (Boris Brezillon) - drm/nouveau/gr: enable memory loads on helper invocation on all channels (Karol Herbst) - riscv,mmio: Fix readX()-to-delay() ordering (Andrea Parri) - dmaengine: pl330: Return DMA_PAUSED when transaction is paused (Ilpo Jarvinen) - ipv6: adjust ndisc_is_useropt() to also return true for PIO (Maciej Zenczykowski) - mmc: moxart: read scr register without changing byte order (Sergei Antonov) - wireguard: allowedips: expand maximum node depth (Jason A. Donenfeld) - ksmbd: fix wrong next length validation of ea buffer in smb2_set_ea() (Namjae Jeon) - ksmbd: validate command request size (Long Li) - LTS version v5.15.126 (Jack Vogel) - PM: sleep: wakeirq: fix wake irq arming (Johan Hovold) - PM / wakeirq: support enabling wake-up irq after runtime_suspend called (Chunfeng Yun) - soundwire: fix enumeration completion (Johan Hovold) - soundwire: bus: pm_runtime_request_resume on peripheral attachment (Pierre-Louis Bossart) - selftests/rseq: Play nice with binaries statically linked against glibc 2.35+ (Sean Christopherson) - selftests/rseq: check if libc rseq support is registered (Michael Jeanson) - drm/imx/ipuv3: Fix front porch adjustment upon hactive aligning (Alexander Stein) - powerpc/mm/altmap: Fix altmap boundary check (Aneesh Kumar K.V) - mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op() (Christophe JAILLET) - mtd: rawnand: rockchip: Align hwecc vs. raw page helper layouts (Johan Jonker) - mtd: rawnand: rockchip: fix oobfree offset and description (Johan Jonker) - mtd: rawnand: omap_elm: Fix incorrect type in assignment (Roger Quadros) - ext2: Drop fragment support (Jan Kara) - fs: Protect reconfiguration of sb read-write from racing writes (Jan Kara) - net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb (Alan Stern) - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (Sungwoo Kim) - fs/sysv: Null check to prevent null-ptr-deref bug (Prince Kumar Maurya) - fs/ntfs3: Use __GFP_NOWARN allocation at ntfs_load_attr_list() (Tetsuo Handa) - file: reinstate f_pos locking optimization for regular files (Linus Torvalds) - bpf, cpumap: Make sure kthread is running before map update returns (Hou Tao) - drm/ttm: check null pointer before accessing when swapping (Guchun Chen) - open: make RESOLVE_CACHED correctly test for O_TMPFILE (Aleksa Sarai) - bpf: Disable preemption in bpf_event_output (Jiri Olsa) - rbd: prevent busy loop when requesting exclusive lock (Ilya Dryomov) - wifi: mt76: mt7615: do not advertise 5 GHz on first phy of MT7615D (DBDC) (Paul Fertser) - net: tap_open(): set sk_uid from current_fsuid() (Laszlo Ersek) - net: tun_chr_open(): set sk_uid from current_fsuid() (Laszlo Ersek) - arm64: dts: stratix10: fix incorrect I2C property for SCL signal (Dinh Nguyen) - mtd: rawnand: meson: fix OOB available bytes for ECC (Arseniy Krasnov) - mtd: spinand: toshiba: Fix ecc_get_status (Olivier Maignial) - exfat: release s_lock before calling dir_emit() (Sungjong Seo) - exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree (gaoming) - firmware: arm_scmi: Drop OF node reference in the transport channel setup (Krzysztof Kozlowski) - ceph: defer stopping mdsc delayed_work (Xiubo Li) - USB: zaurus: Add ID for A-300/B-500/C-700 (Ross Maynard) - libceph: fix potential hang in ceph_osdc_notify() (Ilya Dryomov) - scsi: storvsc: Limit max_sectors for virtual Fibre Channel devices (Michael Kelley) - scsi: zfcp: Defer fc_rport blocking until after ADISC response (Steffen Maier) - tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen (Eric Dumazet) - tcp_metrics: annotate data-races around tm->tcpm_net (Eric Dumazet) - tcp_metrics: annotate data-races around tm->tcpm_vals[] (Eric Dumazet) - tcp_metrics: annotate data-races around tm->tcpm_lock (Eric Dumazet) - tcp_metrics: annotate data-races around tm->tcpm_stamp (Eric Dumazet) - tcp_metrics: fix addr_same() helper (Eric Dumazet) - prestera: fix fallback to previous version on same major version (Jonas Gorski) - net/mlx5: fs_core: Skip the FTs in the same FS_TYPE_PRIO_CHAINS fs_prio (Jianbo Liu) - net/mlx5: fs_core: Make find_closest_ft more generic (Jianbo Liu) - vxlan: Fix nexthop hash size (Benjamin Poirier) - ip6mr: Fix skb_under_panic in ip6mr_cache_report() (Yue Haibing) - s390/qeth: Don't call dev_close/dev_open (DOWN/UP) (Alexandra Winter) - net: dcb: choose correct policy to parse DCB_ATTR_BCN (Lin Ma) - net: netsec: Ignore 'phy-mode' on SynQuacer in DT mode (Mark Brown) - net: korina: handle clk prepare error in korina_probe() (Yuanjun Gong) - net: ll_temac: fix error checking of irq_of_parse_and_map() (Dan Carpenter) - net: ll_temac: Switch to use dev_err_probe() helper (Yang Yingliang) - bpf: sockmap: Remove preempt_disable in sock_map_sk_acquire (Tomas Glozar) - net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free (valis) - net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free (valis) - net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free (valis) - bpf, cpumap: Handle skb as well when clean up ptr_ring (Hou Tao) - net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX. (Kuniyuki Iwashima) - net: add missing data-race annotation for sk_ll_usec (Eric Dumazet) - net: add missing data-race annotations around sk->sk_peek_off (Eric Dumazet) - net: add missing READ_ONCE(sk->sk_rcvbuf) annotation (Eric Dumazet) - net: add missing READ_ONCE(sk->sk_sndbuf) annotation (Eric Dumazet) - net: add missing READ_ONCE(sk->sk_rcvlowat) annotation (Eric Dumazet) - net: annotate data-races around sk->sk_max_pacing_rate (Eric Dumazet) - qed: Fix scheduling in a tasklet while getting stats (Konstantin Khorenko) - mISDN: hfcpci: Fix potential deadlock on &hc->lock (Chengfeng Ye) - net: sched: cls_u32: Fix match key mis-addressing (Jamal Hadi Salim) - perf test uprobe_from_different_cu: Skip if there is no gcc (Georg Muller) - net: dsa: fix value check in bcm_sf2_sw_probe() (Yuanjun Gong) - rtnetlink: let rtnl_bridge_setlink checks IFLA_BRIDGE_MODE length (Lin Ma) - bpf: Add length check for SK_DIAG_BPF_STORAGE_REQ_MAP_FD parsing (Lin Ma) - net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer() (Yuanjun Gong) - net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx (Zhengchao Shao) - wifi: cfg80211: Fix return value in scan logic (Ilan Peer) - KVM: s390: fix sthyi error handling (Heiko Carstens) - word-at-a-time: use the same return type for has_zero regardless of endianness (ndesaulniers@google.com) - arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux (Hugo Villeneuve) - iommu/arm-smmu-v3: Document nesting-related errata (Robin Murphy) - iommu/arm-smmu-v3: Add explicit feature for nesting (Robin Murphy) - iommu/arm-smmu-v3: Document MMU-700 erratum 2812531 (Robin Murphy) - iommu/arm-smmu-v3: Work around MMU-600 erratum 1076982 (Robin Murphy) - net/mlx5: Free irqs only on shutdown callback (Shay Drory) - perf: Fix function pointer case (Peter Zijlstra) - io_uring: gate iowait schedule on having pending requests (Jens Axboe) - net: mana: Use the correct WQE count for ringing RQ doorbell (Long Li) [Orabug: 35555552] - net: mana: Batch ringing RX queue doorbell on receiving packets (Long Li) [Orabug: 35555552] - devlink: report devlink_port_type_warn source device (Petr Oros) [Orabug: 35727899] - scsi: mpi3mr: Update driver version to 8.5.0.0.0 (Ranjan Kumar) [Orabug: 35729632] - scsi: mpi3mr: Enhance handling of devices removed after controller reset (Ranjan Kumar) [Orabug: 35729632] - scsi: mpi3mr: WRITE SAME implementation (Ranjan Kumar) [Orabug: 35729632] - scsi: mpi3mr: Add support for more than 1MB I/O (Ranjan Kumar) [Orabug: 35729632] - scsi: mpi3mr: Update MPI Headers to version 3.00.28 (Ranjan Kumar) [Orabug: 35729632] - scsi: mpi3mr: Invoke soft reset upon TSU or event ack time out (Ranjan Kumar) [Orabug: 35729632] - scsi: mpi3mr: Propagate sense data for admin queue SCSI I/O (Sathya Prakash) [Orabug: 35729632] - scsi: mpi3mr: Fix the type used for pointers to bitmap (Christophe JAILLET) [Orabug: 35729632] - scsi: mpi3mr: Use -ENOMEM instead of -1 in mpi3mr_expander_add() (Harshit Mogalapalli) [Orabug: 35729632] - scsi: mpi3mr: Use IRQ save variants of spinlock to protect chain frame allocation (Ranjan Kumar) [Orabug: 35729632] - scsi: mpi3mr: Handle soft reset in progress fault code (0xF002) (Ranjan Kumar) [Orabug: 35729632] - scsi: mpi3mr: Update copyright year (Ranjan Kumar) [Orabug: 35729632] - scsi: mpi3mr: Fix W=1 compilation warnings (Ranjan Kumar) [Orabug: 35729632] - scsi: mpi3mr: Update MPI Headers to revision 27 (Ranjan Kumar) [Orabug: 35729632] - scsi: mpi3mr: Modify MUR timeout value to 120 seconds (Ranjan Kumar) [Orabug: 35729632] - scsi: mpi3mr: Fix admin queue memory leak upon soft reset (Ranjan Kumar) [Orabug: 35729632] - scsi: mpi3mr: Successive VD delete and add causes FW fault (Ranjan Kumar) [Orabug: 35729632] - scsi: mpi3mr: Fix expander node leak in mpi3mr_remove() (Tomas Henzl) [Orabug: 35729632] - scsi: mpi3mr: Fix memory leaks in mpi3mr_init_ioc() (Tomas Henzl) [Orabug: 35729632] - scsi: mpi3mr: Fix sas_hba.phy memory leak in mpi3mr_remove() (Tomas Henzl) [Orabug: 35729632] - scsi: mpi3mr: Fix mpi3mr_hba_port memory leak in mpi3mr_remove() (Tomas Henzl) [Orabug: 35729632] - scsi: mpi3mr: Fix config page DMA memory leak (Tomas Henzl) [Orabug: 35729632] - scsi: mpi3mr: Fix throttle_groups memory leak (Tomas Henzl) [Orabug: 35729632] - scsi: mpi3mr: Bad drive in topology results kernel crash (Ranjan Kumar) [Orabug: 35729632] - scsi: mpi3mr: NVMe command size greater than 8K fails (Ranjan Kumar) [Orabug: 35729632] - scsi: mpi3mr: Return proper values for failures in firmware init path (Ranjan Kumar) [Orabug: 35729632] - scsi: mpi3mr: Wait for diagnostic save during controller init (Ranjan Kumar) [Orabug: 35729632] - scsi: mpi3mr: Driver unload crashes host when enhanced logging is enabled (Ranjan Kumar) [Orabug: 35729632] - scsi: mpi3mr: ioctl timeout when disabling/enabling interrupt (Ranjan Kumar) [Orabug: 35729632] - scsi: mpi3mr: Remove unneeded version.h include (Jesper Juhl) [Orabug: 35729632] - scsi: mpi3mr: Fix missing mrioc->evtack_cmds initialization (Shin'ichiro Kawasaki) [Orabug: 35729632] - scsi: mpi3mr: Use number of bits to manage bitmap sizes (Shin'ichiro Kawasaki) [Orabug: 35729632] - scsi: mpi3mr: Remove unnecessary memcpy() to alltgt_info->dmi (Shin'ichiro Kawasaki) [Orabug: 35729632] - scsi: mpi3mr: Fix issues in mpi3mr_get_all_tgt_info() (Shin'ichiro Kawasaki) [Orabug: 35729632] - scsi: mpi3mr: Fix an issue found by KASAN (Tomas Henzl) [Orabug: 35729632] - scsi: mpi3mr: Remove usage of dma_get_required_mask() API (Sreekanth Reddy) [Orabug: 35729632] - scsi: mpi3mr: Suppress command reply debug prints (Shin'ichiro Kawasaki) [Orabug: 35729632] - scsi: mpi3mr: Select CONFIG_SCSI_SAS_ATTRS (Michal Kubecek) [Orabug: 35729632] - vhost-scsi: Fix alignment handling with windows (Mike Christie) [Orabug: 35769316] - selftests/bpf: fix static assert compilation issue for test_cls_*.c (Alan Maguire) [Orabug: 35773339] [5.15.0-106.125.1] - smp: Reduce NMI traffic from CSD waiters to CSD destination (Imran Khan) [Orabug: 35752500] - smp: Reduce logging due to dump_stack of CSD waiters (Imran Khan) [Orabug: 35752500] - block: Sysfs option to change ioticks granularity (Gulam Mohamed) [Orabug: 34977356] - uek: kabi: update x86_64 kABI files for new symbols (Saeed Mirzamohammadi) [Orabug: 35501675] - uek: kabi: update aarch64 kABI files for new symbols (Saeed Mirzamohammadi) [Orabug: 35553840] - rpmbuild: fixed missing _kernel_cc macros to allow alternate compilers (Mark Nicholson) [Orabug: 35729326] - scsi: megaraid_sas: Driver version update to 07.725.01.00-rc1 (Chandrakanth Patil) [Orabug: 35729651] - scsi: megaraid_sas: Add crash dump mode capability bit in MFI capabilities (Chandrakanth Patil) [Orabug: 35729651] - scsi: megaraid_sas: Add flexible array member for SGLs (Kees Cook) [Orabug: 35729651] - scsi: megaraid_sas: Fix some spelling mistakes in comment (Yu Zhe) [Orabug: 35729651] - scsi: megaraid_sas: Move megasas_dbg_lvl init to megasas_init() (Guixin Liu) [Orabug: 35729651] - scsi: megaraid_sas: Remove unnecessary memset() (Guixin Liu) [Orabug: 35729651] - scsi: megaraid_sas: Simplify megasas_update_device_list (Guixin Liu) [Orabug: 35729651] - scsi: megaraid_sas: Correct an error message (Guixin Liu) [Orabug: 35729651] - scsi: megaraid_sas: Correct value passed to scsi_device_lookup() (Guixin Liu) [Orabug: 35729651] - scsi: megaraid: Convert sysfs snprintf() to sysfs_emit() (Xuezhi Zhang) [Orabug: 35729651] - scsi: megaraid_sas: Use struct_size() in code related to struct MR_PD_CFG_SEQ_NUM_SYNC (Gustavo A. R. Silva) [Orabug: 35729651] - scsi: megaraid_sas: Use struct_size() in code related to struct MR_FW_RAID_MAP (Gustavo A. R. Silva) [Orabug: 35729651] - scsi: megaraid_sas: Replace one-element array with flexible-array member in MR_PD_CFG_SEQ_NUM_SYNC (Gustavo A. R. Silva) [Orabug: 35729651] - scsi: megaraid_sas: Replace one-element array with flexible-array member in MR_DRV_RAID_MAP (Gustavo A. R. Silva) [Orabug: 35729651] - scsi: megaraid_sas: Replace one-element array with flexible-array member in MR_FW_RAID_MAP_DYNAMIC (Gustavo A. R. Silva) [Orabug: 35729651] - scsi: megaraid_sas: Replace one-element array with flexible-array member in MR_FW_RAID_MAP (Gustavo A. R. Silva) [Orabug: 35729651] - scsi: megaraid: Remove redundant assignment to variable mfiStatus (Colin Ian King) [Orabug: 35729651] - scsi: megaraid_sas: Remove unnecessary kfree() (Guixin Liu) [Orabug: 35729651] - scsi: megaraid_sas: Remove redundant variable cmd_type (Colin Ian King) [Orabug: 35729651] - scsi: megaraid: Remove the static variable initialisation (Jason Wang) [Orabug: 35729651] - scsi: megaraid_sas: Clean up some inconsistent indenting (Jiapeng Chong) [Orabug: 35729651] - scsi: megaraid_sas: Remove redundant memset() statement (Harshit Mogalapalli) [Orabug: 35729651] - scsi: megaraid_sas: Remove unnecessary memset (Wan Jiabing) [Orabug: 35729651] - scsi: megasas: Clean up some inconsistent indenting (Yang Li) [Orabug: 35729651] - scsi: megasas: Stop using the SCSI pointer (Bart Van Assche) [Orabug: 35729651] - scsi: megaraid_sas: Use irq_set_affinity_and_hint() (Nitesh Narayan Lal) [Orabug: 35729651] - scsi: megaraid_sas: Driver version update to 07.719.03.00-rc1 (Sumit Saxena) [Orabug: 35729651] - scsi: megaraid_sas: Add helper functions for irq_context (Sumit Saxena) [Orabug: 35729651] - scsi: mpt3sas: Fix an issue when driver is being removed (Tomas Henzl) [Orabug: 35729658] - scsi: mpt3sas: Remove HBA BIOS version in the kernel log (Ranjan Kumar) [Orabug: 35729658] - scsi: mpt3sas: Drop redundant pci_enable_pcie_error_reporting() (Bjorn Helgaas) [Orabug: 35729658] - scsi: mpt3sas: Demote log level for trace buffer allocation to info (Paul Menzel) [Orabug: 35729658] - scsi: mpt3sas: Update driver version to 43.100.00.00 (Sreekanth Reddy) [Orabug: 35729658] - scsi: mpt3sas: Increase cmd_per_lun to 128 (Sreekanth Reddy) [Orabug: 35729658] - scsi: mpt3sas: Fix trace buffer registration failed (Sreekanth Reddy) [Orabug: 35729658] - scsi: mpt3sas: Disable MPI2_FUNCTION_FW_DOWNLOAD for ATTO devices (Bradley Grove) [Orabug: 35729658] - scsi: mpt3sas: Add support for ATTO ExpressSAS H12xx GT devices (Bradley Grove) [Orabug: 35729658] - scsi: mpt3sas: Remove flush_scheduled_work() call (Tetsuo Handa) [Orabug: 35729658] - scsi: mpt3sas: Fix whitespace and spelling mistake (Zhang Jiaming) [Orabug: 35729658] - scsi: mpt3sas: Fix typo in comment (Ren Yu) [Orabug: 35729658] - scsi: mpt3sas: Fix junk chars displayed while printing ChipName (Sreekanth Reddy) [Orabug: 35729658] - scsi: mpt3sas: Use cached ATA Information VPD page (Martin K. Petersen) [Orabug: 35729658] - scsi: mpt3sas: Fix adapter replyPostRegisterIndex declaration (Damien Le Moal) [Orabug: 35729658] - scsi: mpt3sas: Fix event callback log_code value handling (Damien Le Moal) [Orabug: 35729658] - scsi: mpt3sas: Fix _ctl_set_task_mid() TaskMID check (Damien Le Moal) [Orabug: 35729658] - scsi: mpt3sas: Fix mpt3sas_check_same_4gb_region() kdoc comment (Damien Le Moal) [Orabug: 35729658] - scsi: mpt3sas: Convert to flexible arrays (Kees Cook) [Orabug: 35729658] - scsi: mpt3sas: Update persistent trigger pages from sysfs interface (Suganath Prabu S) [Orabug: 35729658] - KVM: selftests: vmx_pmu_msrs_test: Drop tests mangling guest visible CPUIDs (Vitaly Kuznetsov) [Orabug: 35730650] - rds: Remove gratuitous include of time.h from rds.h (Mark Haywood) [Orabug: 35742760] - uek-rpm: Removing pre scriptlet to not allow firmware downgrade (Samasth Norway Ananda) [Orabug: 35756462] IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-20588 CVE-2023-22024 CVE-2023-42753 CVE-2023-6546 cpe:/a:oracle:linux:8::UEKR7 cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch cpe:/a:oracle:linux:8::developer_UEKR7 cpe:/a:oracle:linux:9::UEKR7 cpe:/a:oracle:linux:9::developer_UEKR7 Oracle Linux 9 [2.34-60.0.3.7] - CVE-2023-4527: Stack read overflow in getaddrinfo in no-aaa mode (#2234716). - CVE-2203-4806: potential use-after-free in getaddrinfo. - CVE-2023-4813: potential use-after-free in gaih_inet. Reviewed by: Jose E. Marchesi <jose.marchesi@oracle.com> [2.34-60.0.3] - CVE-2023-4911: tunables: Terminate immediately if end of input is reached Reviewed by: Jose E. Marchesi <jose.marchesi@oracle.com> IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-4806 CVE-2023-4911 CVE-2023-4527 CVE-2023-4813 cpe:/a:oracle:linux:9::userspace_ksplice Oracle Linux 9 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-30589 CVE-2023-22067 CVE-2023-30590 CVE-2023-30588 CVE-2023-22081 cpe:/a:oracle:linux:9::graalvm_community Oracle Linux 9 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-30589 CVE-2023-22081 CVE-2023-22067 CVE-2023-30588 CVE-2023-30590 cpe:/a:oracle:linux:9::graalvm_community Oracle Linux 9 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-30590 CVE-2023-22067 CVE-2023-30589 CVE-2023-22081 CVE-2023-30588 cpe:/a:oracle:linux:9::graalvm_community Oracle Linux 9 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-22081 CVE-2023-22067 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 cpe:/a:oracle:linux:9::graalvm_community Oracle Linux 9 [4:20230808-2.0.2] - update 06-6a-06 to 0xd0003b9 {CVE-2023-23583} IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-23583 cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [20230821] - Create new 20230821 release for OL9 which includes the following fixed CVEs: CVE-2019-14560 - Update to OpenSSL 1.1.1v which includes the following fixed CVEs: CVE-2023-3817 CVE-2023-3446 CVE-2023-2650 CVE-2023-0465 CVE-2023-0466 CVE-2023-0464 CVE-2023-0286 CVE-2023-0215 CVE-2022-4450 CVE-2022-4304 CVE-2022-2097 CVE-2022-2068 CVE-2022-1292 CVE-2022-0778 CVE-2021-4160 CVE-2021-3712 CVE-2021-3711 CVE-2021-3450 CVE-2021-3449 CVE-2021-23841 CVE-2021-23840 CVE-2020-1971 CVE-2020-1967 CVE-2019-1551 CVE-2019-1563 CVE-2019-1549 CVE-2019-1547 CVE-2019-1552 CVE-2019-1543 CVE-2018-0734 CVE-2018-0735 [20230613] - Create new 20230613.cvm release for OL9 [20230227] - Create new 20230227.cvm release for OL9 which includes the following fixed CVEs: CVE-2021-38578 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-0215 CVE-2022-4304 CVE-2022-4450 CVE-2023-0286 cpe:/a:oracle:linux:9::developer_kvm_utils cpe:/a:oracle:linux:9::kvm_utils Oracle Linux 8 Oracle Linux 9 [5.15.0-201.135.6] - Revert ncsi: Propagate carrier gain/loss events to the NCSI controller (Johnathan Mantey) - netfilter: nf_tables: split async and sync catchall in two functions (Pablo Neira Ayuso) - netfilter: nf_tables: remove catchall element in GC sync path (Pablo Neira Ayuso) - scsi: mpt3sas: Fix loop logic (Ranjan Kumar) - Revert 'md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d' (Junxiao Bi) [Orabug: 36050011] - md: bypass block throttle for superblock update (Junxiao Bi) [Orabug: 36050011] - tracing: Have trace_event_file have ref counters (Steven Rostedt (Google)) [Orabug: 36059972] - Revert 'PCI: acpiphp: Reassign resources on bridge if necessary' (Dongli Zhang) [Orabug: 36039006] - Revert 'PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus' (Dongli Zhang) [Orabug: 36039006] - audit: Apply special optimizations (Hakon Bugge) [Orabug: 36038149] - audit: Vary struct audit_entry alignment (Hakon Bugge) [Orabug: 36038149] - Revert 'Revert 'printk: Consolidate console deferred printing'' (Hakon Bugge) [Orabug: 36038149] [5.15.0-201.135.5] - media: dvb-usb-v2: af9035: fix missing unlock (Hans Verkuil) - i2c: aspeed: Fix i2c bus hang in slave read (Jian Zhang) - i40e: Fix I40E_FLAG_VF_VLAN_PRUNING value (Ivan Vecera) - firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels() (Hao Ge) - virtio-mmio: fix memory leak of vm_dev (Maximilian Heyne) - NFSv4.1: fixup use EXCHGID4_FLAG_USE_PNFS_DS for DS server (Olga Kornievskaia) - net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve (Pedro Tammela) - Revert 'kernel/sched: Modify initial boot task idle setup' (Greg Kroah-Hartman) - usb: cdns3: Modify the return value of cdns_set_active () to void when CONFIG_PM_SLEEP is disabled (Xiaolei Wang) - quota: Fix slow quotaoff (Jan Kara) - lib/test_meminit: fix off-by-one error in test_pages() (Greg Kroah-Hartman) - nvmet-tcp: Fix a possible UAF in queue intialization setup (Sagi Grimberg) [Orabug: 36028025] {CVE-2023-5178} [5.15.0-201.135.4] - uek-rpm: Enable PDS_CORE and PDS_VFIO drivers (Joao Martins) [Orabug: 35424097] - pds_core: use correct index to mask irq (Shannon Nelson) [Orabug: 35424097] - amd/pds_core: core: No need for Null pointer check before kfree (Bragatheswaran Manickavel) [Orabug: 35424097] - pds_core: add an error code check in pdsc_dl_info_get (Su Hui) [Orabug: 35424097] - pds_core: devlink health: use retained error fmsg API (Przemek Kitszel) [Orabug: 35424097] - pds_core: add attempts to fix broken PCI (Shannon Nelson) [Orabug: 35424097] - pds_core: implement pci reset handlers (Shannon Nelson) [Orabug: 35424097] - pds_core: keep viftypes table across reset (Shannon Nelson) [Orabug: 35424097] - pds_core: check health in devcmd wait (Shannon Nelson) [Orabug: 35424097] - vfio/pds: Use proper PF device access helper (Shixiong Ou) [Orabug: 35424097] - vfio/pds: Add missing PCI_IOV depends (Shixiong Ou) [Orabug: 35424097] - pds_core: pass opcode to devcmd_wait (Shannon Nelson) [Orabug: 35424097] - pds_core: check for work queue before use (Shannon Nelson) [Orabug: 35424097] - pds_core: no reset command for VF (Shannon Nelson) [Orabug: 35424097] - pds_core: no health reporter in VF (Shannon Nelson) [Orabug: 35424097] - pds_core: protect devlink callbacks from fw_down state (Shannon Nelson) [Orabug: 35424097] - vfio/pds: Send type for SUSPEND_STATUS command (Brett Creeley) [Orabug: 35424097] - Revert 'pds_core: Fix some kernel-doc comments' (Jakub Kicinski) [Orabug: 35424097] - pds_core: Fix some kernel-doc comments (Yang Li) [Orabug: 35424097] - pds_core: remove redundant pci_clear_master() (Yu Liao) [Orabug: 35424097] - vfio/pds: fix return value in pds_vfio_get_lm_file() (Yang Yingliang) [Orabug: 35424097] - pds_core: Fix function header descriptions (Brett Creeley) [Orabug: 35424097] - vfio/pds: Add Kconfig and documentation (Brett Creeley) [Orabug: 35424097] - vfio/pds: Add support for firmware recovery (Brett Creeley) [Orabug: 35424097] - vfio/pds: Add support for dirty page tracking (Brett Creeley) [Orabug: 35424097] - vfio/pds: Add VFIO live migration support (Brett Creeley) [Orabug: 35424097] - vfio/pds: register with the pds_core PF (Brett Creeley) [Orabug: 35424097] - pds_core: Require callers of register/unregister to pass PF drvdata (Brett Creeley) [Orabug: 35424097] - vfio/pds: Initial support for pds VFIO driver (Brett Creeley) [Orabug: 35424097] - vfio: Commonize combine_ranges for use in other VFIO drivers (Brett Creeley) [Orabug: 35424097] - pds_core: Fix documentation for pds_client_register (Brett Creeley) [Orabug: 35424097] - pds_core: Fix FW recovery detection (Brett Creeley) [Orabug: 35424097] - pds_core: fix mutex double unlock in error path (Shannon Nelson) [Orabug: 35424097] - pds_core: add AUXILIARY_BUS and NET_DEVLINK to Kconfig (Shannon Nelson) [Orabug: 35424097] - pds_core: remove CONFIG_DEBUG_FS from makefile (Shannon Nelson) [Orabug: 35424097] - pds_core: Kconfig and pds_core.rst (Shannon Nelson) [Orabug: 35424097] - pds_core: publish events to the clients (Shannon Nelson) [Orabug: 35424097] - pds_core: add the aux client API (Shannon Nelson) [Orabug: 35424097] - pds_core: devlink params for enabling VIF support (Shannon Nelson) [Orabug: 35424097] - pds_core: add auxiliary_bus devices (Shannon Nelson) [Orabug: 35424097] - pds_core: add initial VF device handling (Shannon Nelson) [Orabug: 35424097] - pds_core: set up the VIF definitions and defaults (Shannon Nelson) [Orabug: 35424097] - pds_core: add FW update feature to devlink (Shannon Nelson) [Orabug: 35424097] - pds_core: Add adminq processing and commands (Shannon Nelson) [Orabug: 35424097] - pds_core: set up device and adminq (Shannon Nelson) [Orabug: 35424097] - pds_core: add devlink health facilities (Shannon Nelson) [Orabug: 35424097] - pds_core: health timer and workqueue (Shannon Nelson) [Orabug: 35424097] - pds_core: add devcmd device interfaces (Shannon Nelson) [Orabug: 35424097] - pds_core: initial framework for pds_core PF driver (Shannon Nelson) [Orabug: 35424097] - vfio/mlx5: Use the new device life cycle helpers (Yi Liu) [Orabug: 35424097] - vfio/pci: Use the new device life cycle helpers (Yi Liu) [Orabug: 35424097] - vfio: Add helpers for unifying vfio_device life cycle (Kevin Tian) [Orabug: 35424097] - net/rds: Always cancel heartbeat worker thread during conn destroy (Sharath Srinivasan) [Orabug: 35739389] - x86: KVM: SVM: always update the x2avic msr interception (Maxim Levitsky) [Orabug: 35857365] {CVE-2023-5090} - net/rds: Use proper peer port number even when not connected (Greg Jumper) [Orabug: 35896266] - hugetlb: disable HVO in Xen (Jane Chu) [Orabug: 35904478] - hugetlb: check for hugetlb folio before vmemmap_restore (Mike Kravetz) [Orabug: 35904478] - hugetlb: batch TLB flushes when restoring vmemmap (Mike Kravetz) [Orabug: 35904478] - hugetlb: batch TLB flushes when freeing vmemmap (Joao Martins) [Orabug: 35904478] - hugetlb: batch PMD split for bulk vmemmap dedup (Joao Martins) [Orabug: 35904478] - hugetlb: batch freeing of vmemmap pages (Mike Kravetz) [Orabug: 35904478] - hugetlb: perform vmemmap restoration on a list of pages (Mike Kravetz) [Orabug: 35904478] - hugetlb: perform vmemmap optimization on a list of pages (Mike Kravetz) [Orabug: 35904478] - hugetlb: restructure pool allocations (Mike Kravetz) [Orabug: 35904478] - hugetlb: optimize update_and_free_pages_bulk to avoid lock cycles (Mike Kravetz) [Orabug: 35904478] - mm: hugetlb: skip initialization of gigantic tail struct pages if freed by HVO (Usama Arif) [Orabug: 35904478] - memblock: introduce MEMBLOCK_RSRV_NOINIT flag (Usama Arif) [Orabug: 35904478] - mm: pass nid to reserve_bootmem_region() (Yajun Deng) [Orabug: 35904478] - mm/page_alloc: invert logic for early page initialisation checks (Mike Rapoport (IBM)) [Orabug: 35904478] - memblock: add missing argument definition (Usama Arif) [Orabug: 35904478] - memblock: pass memblock_type to memblock_setclr_flag (Usama Arif) [Orabug: 35904478] - mm: hugetlb_vmemmap: use nid of the head page to reallocate it (Usama Arif) [Orabug: 35904478] - mm: hugetlb_vmemmap: allow alloc vmemmap pages fallback to other nodes (Yuan Can) [Orabug: 35904478] - mm: hugetlb_vmemmap: fix hugetlb page number decrease failed on movable nodes (Yuan Can) [Orabug: 35904478] - hugetlb: set hugetlb page flag before optimizing vmemmap (Mike Kravetz) [Orabug: 35904478] - hugetlb: do not clear hugetlb dtor until allocating vmemmap (Mike Kravetz) [Orabug: 35904478] - mm/vmemmap optimization: split hugetlb and devdax vmemmap optimization (Aneesh Kumar K.V) [Orabug: 35904478] - mm/vmemmap: improve vmemmap_can_optimize and allow architectures to override (Aneesh Kumar K.V) [Orabug: 35904478] - mm: hugetlb_vmemmap: fix a race between vmemmap pmd split (Muchun Song) [Orabug: 35904478] - mm: hugetlb_vmemmap: provide stronger vmemmap allocation guarantees (Pasha Tatashin) [Orabug: 35904478] - mm/hugetlb_vmemmap: rename ARCH_WANT_HUGETLB_PAGE_OPTIMIZE_VMEMMAP (Aneesh Kumar K.V) [Orabug: 35904478] - mm/vmemmap/devdax: fix kernel crash when probing devdax devices (Aneesh Kumar K.V) [Orabug: 35904478] - mm/hugetlb_vmemmap: fix hugetlb_vmemmap_sysctls.maxlen (Jane Chu) [Orabug: 35904478] - mm: move most of core MM initialization to mm/mm_init.c (Mike Rapoport (IBM)) [Orabug: 35904478] - memblock: Disable mirror feature if kernelcore is not specified (Ma Wupeng) [Orabug: 35904478] - mm: hugetlb_vmemmap: simplify hugetlb_vmemmap_init() a bit (Muchun Song) [Orabug: 35904478] - mm/hugetlb_vmemmap: remap head page to newly allocated page (Joao Martins) [Orabug: 35904478] - mm: hugetlb_vmemmap: remove redundant list_del() (Muchun Song) [Orabug: 35904478] - mm: hugetlb_vmemmap: include missing linux/moduleparam.h (Vasily Gorbik) [Orabug: 35904478] - hugetlb: freeze allocated pages before creating hugetlb pages (Mike Kravetz) [Orabug: 35904478] - mm: hugetlb_vmemmap: simplify reset_struct_pages() (Muchun Song) [Orabug: 35904478] - mm/hugetlb: make detecting shared pte more reliable (Miaohe Lin) [Orabug: 35904478] - mm/hugetlb: fix sysfs group leak in hugetlb_unregister_node() (Miaohe Lin) [Orabug: 35904478] - mm: hugetlb_vmemmap: add missing smp_wmb() before set_pte_at() (Miaohe Lin) [Orabug: 35904478] - mm/hugetlb: fix missing call to restore_reserve_on_error() (Miaohe Lin) [Orabug: 35904478] - mm/hugetlb: fix WARN_ON(!kobj) in sysfs_create_group() (Miaohe Lin) [Orabug: 35904478] - mm/hugetlb: fix incorrect update of max_huge_pages (Miaohe Lin) [Orabug: 35904478] - mm: hugetlb_vmemmap: use PTRS_PER_PTE instead of PMD_SIZE / PAGE_SIZE (Muchun Song) [Orabug: 35904478] - mm: hugetlb_vmemmap: move code comments to vmemmap_dedup.rst (Muchun Song) [Orabug: 35904478] - mm: hugetlb_vmemmap: improve hugetlb_vmemmap code readability (Muchun Song) [Orabug: 35904478] - mm: hugetlb_vmemmap: replace early_param() with core_param() (Muchun Song) [Orabug: 35904478] - mm: hugetlb_vmemmap: move vmemmap code related to HugeTLB to hugetlb_vmemmap.c (Muchun Song) [Orabug: 35904478] - mm: hugetlb_vmemmap: introduce the name HVO (Muchun Song) [Orabug: 35904478] - mm: hugetlb_vmemmap: optimize vmemmap_optimize_mode handling (Muchun Song) [Orabug: 35904478] - mm: hugetlb_vmemmap: delete hugetlb_optimize_vmemmap_enabled() (Muchun Song) [Orabug: 35904478] - mm: memory_hotplug: make hugetlb_optimize_vmemmap compatible with memmap_on_memory (Muchun Song) [Orabug: 35904478] - mm: memory_hotplug: enumerate all supported section flags (Muchun Song) [Orabug: 35904478] - mm: hugetlb_vmemmap: fix CONFIG_HUGETLB_PAGE_FREE_VMEMMAP_DEFAULT_ON (Muchun Song) [Orabug: 35904478] - mm: hugetlb_vmemmap: add hugetlb_optimize_vmemmap sysctl (Muchun Song) [Orabug: 35904478] - mm: hugetlb_vmemmap: use kstrtobool for hugetlb_vmemmap param parsing (Muchun Song) [Orabug: 35904478] - mm: memory_hotplug: override memmap_on_memory when hugetlb_free_vmemmap=on (Muchun Song) [Orabug: 35904478] - mm: hugetlb_vmemmap: disable hugetlb_optimize_vmemmap when struct page crosses page boundaries (Muchun Song) [Orabug: 35904478] - mm/hugetlb_vmemmap: move comment block to Documentation/vm (Joao Martins) [Orabug: 35904478] - uek-rpm/ol8[9]: config switch update to keep default vmemmap optimization behavior (Jane Chu) [Orabug: 35904478] - mm: hugetlb_vmemmap: cleanup CONFIG_HUGETLB_PAGE_FREE_VMEMMAP* (Muchun Song) [Orabug: 35904478] - mm: hugetlb_vmemmap: cleanup hugetlb_free_vmemmap_enabled* (Muchun Song) [Orabug: 35904478] - mm: hugetlb_vmemmap: cleanup hugetlb_vmemmap related functions (Muchun Song) [Orabug: 35904478] - arm64: mm: hugetlb: enable HUGETLB_PAGE_FREE_VMEMMAP for arm64 (Muchun Song) [Orabug: 35904478] - mm: hugetlb_vmemmap: introduce ARCH_WANT_HUGETLB_PAGE_FREE_VMEMMAP (Muchun Song) [Orabug: 35904478] - Consider inflight IO in io accounting for high latency devices (Gulam Mohamed) [Orabug: 35922334] - EDAC/amd64: Add support for AMD family 1Ah models 00h-1Fh and 40h-4Fh (Avadhut Naik) [Orabug: 35925125] - hwmon: (k10temp) Add thermal support for AMD Family 1Ah-based models (Avadhut Naik) [Orabug: 35925125] - x86/amd_nb: Add PCI IDs for AMD Family 1Ah-based models (Avadhut Naik) [Orabug: 35925125] - EDAC/amd64: Add get_err_info() to pvt->ops (Muralidhara M K) [Orabug: 35925125] - EDAC/amd64: Split dump_misc_regs() into dct/umc functions (Muralidhara M K) [Orabug: 35925125] - EDAC/amd64: Split init_csrows() into dct/umc functions (Muralidhara M K) [Orabug: 35925125] - EDAC/amd64: Split determine_edac_cap() into dct/umc functions (Muralidhara M K) [Orabug: 35925125] - EDAC/amd64: Rename f17h_determine_edac_ctl_cap() (Yazen Ghannam) [Orabug: 35925125] - EDAC/amd64: Split setup_mci_misc_attrs() into dct/umc functions (Muralidhara M K) [Orabug: 35925125] - EDAC/amd64: Split ecc_enabled() into dct/umc functions (Muralidhara M K) [Orabug: 35925125] - EDAC/amd64: Split read_mc_regs() into dct/umc functions (Muralidhara M K) [Orabug: 35925125] - EDAC/amd64: Split determine_memory_type() into dct/umc functions (Muralidhara M K) [Orabug: 35925125] - EDAC/amd64: Split read_base_mask() into dct/umc functions (Muralidhara M K) [Orabug: 35925125] - EDAC/amd64: Split prep_chip_selects() into dct/umc functions (Muralidhara M K) [Orabug: 35925125] - EDAC/amd64: Rework hw_info_{get,put} (Yazen Ghannam) [Orabug: 35925125] - EDAC/amd64: Merge struct amd64_family_type into struct amd64_pvt (Muralidhara M K) [Orabug: 35925125] - EDAC/amd64: Do not discover ECC symbol size for Family 17h and later (Yazen Ghannam) [Orabug: 35925125] - EDAC/amd64: Drop dbam_to_cs() for Family 17h and later (Yazen Ghannam) [Orabug: 35925125] - EDAC/amd64: Split get_csrow_nr_pages() into dct/umc functions (Yazen Ghannam) [Orabug: 35925125] - EDAC/amd64: Rename debug_display_dimm_sizes() (Yazen Ghannam) [Orabug: 35925125] - EDAC/amd64: Shut up an -Werror,-Wsometimes-uninitialized clang false positive (Yazen Ghannam) [Orabug: 35925125] - EDAC/amd64: Remove early_channel_count() (Yazen Ghannam) [Orabug: 35925125] - EDAC/amd64: Remove PCI Function 0 (Yazen Ghannam) [Orabug: 35925125] - EDAC/amd64: Remove PCI Function 6 (Yazen Ghannam) [Orabug: 35925125] - EDAC/amd64: Remove scrub rate control for Family 17h and later (Yazen Ghannam) [Orabug: 35925125] - EDAC/amd64: Don't set up EDAC PCI control on Family 17h+ (Yazen Ghannam) [Orabug: 35925125] - x86/amd_nb: Unexport amd_cache_northbridges() (Muralidhara M K) [Orabug: 35925125] - EDAC/amd64: Add new register offset support and related changes (Yazen Ghannam) [Orabug: 35925125] - EDAC/amd64: Set memory type per DIMM (Yazen Ghannam) [Orabug: 35925125] - EDAC/amd64: Add support for family 19h, models 50h-5fh (Marc Bevand) [Orabug: 35925125] - EDAC/amd64: Add context struct (Yazen Ghannam) [Orabug: 35925125] - EDAC/amd64: Allow for DF Indirect Broadcast reads (Yazen Ghannam) [Orabug: 35925125] - x86/amd_nb, EDAC/amd64: Move DF Indirect Read to AMD64 EDAC (Yazen Ghannam) [Orabug: 35925125] - x86/microcode/AMD: Rip out static buffers (Borislav Petkov (AMD)) [Orabug: 35925125] - x86/microcode/amd: Remove unneeded pointer arithmetic (Nathan Fontenot) [Orabug: 35925125] - x86/microcode/AMD: Get rid of __find_equiv_id() (Borislav Petkov (AMD)) [Orabug: 35925125] - x86/microcode/AMD: Rename a couple of functions (Borislav Petkov) [Orabug: 35925125] - crypto: ccp - Add support for PCI device 0x156E (John Allen) [Orabug: 35925125] - crypto: ccp - Add support for PCI device 0x17E0 (Mario Limonciello) [Orabug: 35925125] - sbsa_gwdt: Calculate timeout with 64-bit math (Darren Hart) [Orabug: 35968810] - uek-rpm: Enable CONFIG_USBIP_VHCI_HCD and CONFIG_USBIP_HOST in UEK7 (Harshit Mogalapalli) [Orabug: 35994192] - vfio/type1: Parameterize pgsize bitmap (Joao Martins) [Orabug: 36002436] - vfio/type1: Parallel dirty scans with padata (Joao Martins) [Orabug: 36002436] - iommu/iova_bitmap: Add remote mm_struct for iova_bitmap (Joao Martins) [Orabug: 36002436] - vfio/type1: Advertise IOMMU dirty tracking support (Joao Martins) [Orabug: 36002436] - vfio/type1: Avoid perpectual dirty when iommu supports (Joao Martins) [Orabug: 36002436] - vfio/type1: Report dirty info from IOMMU (Joao Martins) [Orabug: 36002436] - vfio/type1: Add hardware dirty tracking start/stop support (Joao Martins) [Orabug: 36002436] - vfio/type1: Move start/stop dirty tracking to helpers (Joao Martins) [Orabug: 36002436] - iommu/amd: Improve dirty read io-pgtable walker (Joao Martins) [Orabug: 36002436] - iommu/amd: Access/Dirty bit support in IOPTEs (Joao Martins) [Orabug: 36002436] - iommu: Add iommu_domain ops for dirty tracking (Joao Martins) [Orabug: 36002436] - vfio: Move iova_bitmap into iommufd (Joao Martins) [Orabug: 36002436] [5.15.0-201.135.3] - Revert 'printk: Consolidate console deferred printing' (Sherry Yang) [Orabug: 35955850] [5.15.0-201.135.2] - LTS Version: v5.15.135 (Jack Vogel) - xen/events: replace evtchn_rwlock with RCU (Juergen Gross) - parisc: Restore __ldcw_align for PA-RISC 2.0 processors (John David Anglin) - ksmbd: fix uaf in smb20_oplock_break_ack (luosili) - RDMA/mlx5: Fix NULL string error (Shay Drory) - RDMA/siw: Fix connection failure handling (Bernard Metzler) - RDMA/uverbs: Fix typo of sizeof argument (Konstantin Meskhidze) - RDMA/cma: Fix truncation compilation warning in make_cma_ports (Leon Romanovsky) - RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (Mark Zhang) - gpio: pxa: disable pinctrl calls for MMP_GPIO (Duje Mihanovic) - gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (Bartosz Golaszewski) - IB/mlx4: Fix the size of a buffer in add_port_entries() (Christophe JAILLET) - of: dynamic: Fix potential memory leak in of_changeset_action() (Dan Carpenter) - RDMA/core: Require admin capabilities to set system parameters (Leon Romanovsky) - dm zoned: free dmz->ddev array in dmz_put_zoned_devices (Fedor Pchelkin) - HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (Srinivas Pandruvada) - HID: sony: remove duplicate NULL check before calling usb_free_urb() (Jiri Kosina) - sctp: update hb timer immediately after users change hb_interval (Xin Long) - sctp: update transport state when processing a dupcook packet (Xin Long) - tcp: fix delayed ACKs for MSS boundary condition (Neal Cardwell) - tcp: fix quick-ack counting to count actual ACKs of new data (Neal Cardwell) - tipc: fix a potential deadlock on &tx->lock (Chengfeng Ye) - net: stmmac: dwmac-stm32: fix resume on STM32 MCU (Ben Wolsieffer) - ipv4: Set offload_failed flag in fibmatch results (Benjamin Poirier) - netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure (Florian Westphal) - netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp (Xin Long) - ibmveth: Remove condition to recompute TCP header checksum. (David Wilder) - net: ethernet: ti: am65-cpsw: Fix error code in am65_cpsw_nuss_init_tx_chns() (Dan Carpenter) - net: nfc: llcp: Add lock when modifying device list (Jeremy Cline) - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (Shigeru Yoshida) - net: dsa: mv88e6xxx: Avoid EEPROM timeout when EEPROM is absent (Fabio Estevam) - ptp: ocp: Fix error handling in ptp_ocp_device_init (Dinghao Liu) - ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() (David Howells) - net: fix possible store tearing in neigh_periodic_work() (Eric Dumazet) - modpost: add missing else to the 'of' check (Mauricio Faria de Oliveira) - bpf, sockmap: Reject sk_msg egress redirects to non-TCP sockets (Jakub Sitnicki) - NFSv4: Fix a nfs4_state_manager() race (Trond Myklebust) - ima: rework CONFIG_IMA dependency block (Arnd Bergmann) - ima: Finish deprecation of IMA_TRUSTED_KEYRING Kconfig (Oleksandr Tymoshenko) - regmap: rbtree: Fix wrong register marked as in-cache when creating new node (Richard Fitzgerald) - wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (Felix Fietkau) - drivers/net: process the result of hdlc_open() and add call of hdlc_close() in uhdlc_close() (Alexandra Diupina) - bpf: Fix tr dereferencing (Leon Hwang) - wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (Pin-yen Lin) - wifi: iwlwifi: mvm: Fix a memory corruption issue (Christophe JAILLET) - iwlwifi: avoid void pointer arithmetic (Johannes Berg) - wifi: iwlwifi: dbg_ini: fix structure packing (Arnd Bergmann) - ubi: Refuse attaching if mtd's erasesize is 0 (Zhihao Cheng) - HID: sony: Fix a potential memory leak in sony_probe() (Christophe JAILLET) - arm64: Add Cortex-A520 CPU part definition (Rob Herring) - drm/amd: Fix detection of _PR3 on the PCIe root port (Mario Limonciello) - net: prevent rewrite of msg_name in sock_sendmsg() (Jordan Rife) - net: replace calls to sock->ops->connect() with kernel_connect() (Jordan Rife) - wifi: mwifiex: Fix tlv_buf_left calculation (Gustavo A. R. Silva) - qed/red_ll2: Fix undefined behavior bug in struct qed_ll2_info (Gustavo A. R. Silva) - vringh: don't use vringh_kiov_advance() in vringh_iov_xfer() (Stefano Garzarella) - scsi: zfcp: Fix a double put in zfcp_port_enqueue() (Dinghao Liu) - Revert 'clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz' (Greg Kroah-Hartman) - block: fix use-after-free of q->q_usage_counter (Ming Lei) - rbd: take header_rwsem in rbd_dev_refresh() only when updating (Ilya Dryomov) - rbd: decouple parent info read-in from updating rbd_dev (Ilya Dryomov) - rbd: decouple header read-in from updating rbd_dev->header (Ilya Dryomov) - rbd: move rbd_dev_refresh() definition (Ilya Dryomov) - iommu/arm-smmu-v3: Avoid constructing invalid range commands (Robin Murphy) - iommu/arm-smmu-v3: Set TTL invalidation hint better (Robin Murphy) - arm64: Avoid repeated AA64MMFR1_EL1 register read on pagefault path (Gabriel Krisman Bertazi) - ring-buffer: Fix bytes info in per_cpu buffer stats (Zheng Yejian) - ring-buffer: remove obsolete comment for free_buffer_page() (Vlastimil Babka) - NFSv4: Fix a state manager thread deadlock regression (Trond Myklebust) - NFS: rename nfs_client_kset to nfs_kset (Benjamin Coddington) - NFS: Cleanup unused rpc_clnt variable (Benjamin Coddington) - ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (Sameer Pujar) - ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (Sameer Pujar) - spi: zynqmp-gqspi: fix clock imbalance on probe failure (Johan Hovold) - spi: zynqmp-gqspi: Convert to platform remove callback returning void (Uwe Kleine-Konig) - LTS Version: v5.15.134 (Jack Vogel) - netfilter: nf_tables: fix kdoc warnings after gc rework (Florian Westphal) - drm/meson: fix memory leak on ->hpd_notify callback (Jani Nikula) - fs: binfmt_elf_efpic: fix personality for ELF-FDPIC (Greg Ungerer) - ata: libata-sata: increase PMP SRST timeout to 10s (Matthias Schiffer) - ata: libata-core: Do not register PM operations for SAS ports (Damien Le Moal) - ata: libata-core: Fix port and device removal (Damien Le Moal) - ata: libata-core: Fix ata_port_request_pm() locking (Damien Le Moal) - net: thunderbolt: Fix TCPv6 GSO checksum calculation (Mika Westerberg) - bpf: Fix BTF_ID symbol generation collision in tools/ (Nick Desaulniers) - bpf: Fix BTF_ID symbol generation collision (Jiri Olsa) - btrfs: properly report 0 avail for very full file systems (Josef Bacik) - proc: nommu: /proc/<pid>/maps: release mmap read lock (Ben Wolsieffer) - Revert 'SUNRPC dont update timeout value on connection reset' (Trond Myklebust) - io_uring/fs: remove sqe->rw_flags checking from LINKAT (Jens Axboe) - sched/rt: Fix live lock between select_fallback_rq() and RT push (Joel Fernandes (Google)) - kernel/sched: Modify initial boot task idle setup (Liam R. Howlett) - i2c: i801: unregister tco_pdev in i801_probe() error path (Heiner Kallweit) - ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (Niklas Cassel) - ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (Kailang Yang) - netfilter: nf_tables: disallow rule removal from chain binding (Pablo Neira Ayuso) [Orabug: 35865117] {CVE-2023-5197} - nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (Pan Bian) - serial: 8250_port: Check IRQ data before use (Andy Shevchenko) - Revert 'tty: n_gsm: fix UAF in gsm_cleanup_mux' (Daniel Starke) - misc: rtsx: Fix some platforms can not boot and move the l1ss judgment to probe (Ricky WU) - x86/srso: Add SRSO mitigation for Hygon processors (Pu Wen) - iommu/arm-smmu-v3: Fix soft lockup triggered by arm_smmu_mm_invalidate_range (Nicolin Chen) - Smack:- Use overlay inode label in smack_inode_copy_up() (Vishal Goel) - smack: Retrieve transmuting information in smack_inode_getsecurity() (Roberto Sassu) - smack: Record transmuting in smk_transmuted (Roberto Sassu) - nvme-pci: always return an ERR_PTR from nvme_pci_alloc_dev (Irvin Cote) - i40e: fix potential NULL pointer dereferencing of pf->vf i40e_sync_vsi_filters() (Andrii Staikov) - watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (Mika Westerberg) - watchdog: iTCO_wdt: No need to stop the timer in probe (Mika Westerberg) - nvme-pci: do not set the NUMA node of device if it has none (Pratyush Yadav) - nvme-pci: factor out a nvme_pci_alloc_dev helper (Christoph Hellwig) - nvme-pci: factor the iod mempool creation into a helper (Christoph Hellwig) - cgroup: Fix suspicious rcu_dereference_check() usage warning (Chengming Zhou) - sched/cpuacct: Optimize away RCU read lock (Chengming Zhou) - perf build: Define YYNOMEM as YYNOABORT for bison < 3.81 (Arnaldo Carvalho de Melo) - fbdev/sh7760fb: Depend on FB=y (Thomas Zimmermann) - ncsi: Propagate carrier gain/loss events to the NCSI controller (Johnathan Mantey) - powerpc/watchpoints: Annotate atomic context in more places (Benjamin Gray) - powerpc/watchpoint: Disable pagefaults when getting user instruction (Benjamin Gray) - powerpc/watchpoints: Disable preemption in thread_change_pc() (Benjamin Gray) - media: vb2: frame_vector.c: replace WARN_ONCE with a comment (Hans Verkuil) - ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (Chancel Liu) - bpf: Clarify error expectations from bpf_clone_redirect (Stanislav Fomichev) - ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (Shengjiu Wang) - spi: stm32: add a delay before SPI disable (Valentin Caron) - spi: nxp-fspi: reset the FLSHxCR1 registers (Han Xu) - ata: libata-eh: do not clear ATA_PFLAG_EH_PENDING in ata_eh_reset() (Niklas Cassel) - smb3: correct places where ENOTSUPP is used instead of preferred EOPNOTSUPP (Steve French) - scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command (Michal Grzedzicki) - scsi: pm80xx: Use phy-specific SAS address when sending PHY_START command (Michal Grzedzicki) - drm/amdgpu: Handle null atom context in VBIOS info ioctl (David Francis) - drm/amd/display: Don't check registers, if using AUX BL control (Swapnil Patel) - platform/mellanox: mlxbf-bootctl: add NET dependency into Kconfig (David Thompson) - ring-buffer: Do not attempt to read past 'commit' (Steven Rostedt (Google)) - selftests: fix dependency checker script (Ricardo B. Marliere) - btrfs: improve error message after failure to add delayed dir index item (Filipe Manana) - ring-buffer: Avoid softlockup in ring_buffer_resize() (Zheng Yejian) - selftests/ftrace: Correctly enable event in instance-event.tc (Zheng Yejian) - scsi: ufs: core: Move __ufshcd_send_uic_cmd() outside host_lock (Kiwoong Kim) - scsi: qedf: Add synchronization between I/O completions and abort (Javed Hasan) - parisc: irq: Make irq_stack_union static to avoid sparse warning (Helge Deller) - parisc: drivers: Fix sparse warning (Helge Deller) - parisc: iosapic.c: Fix sparse warnings (Helge Deller) - parisc: sba: Fix compile warning wrt list of SBA devices (Helge Deller) - spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain (Tobias Schramm) - spi: sun6i: reduce DMA RX transfer width to single byte (Tobias Schramm) - dma-debug: don't call __dma_entry_alloc_check_leak() under free_entries_lock (Sergey Senozhatsky) - i2c: npcm7xx: Fix callback completion ordering (William A. Kennington III) - gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (Wenhua Lin) - soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (Nathan Rossi) - xtensa: boot/lib: fix function prototypes (Max Filippov) - xtensa: boot: don't add include-dirs (Randy Dunlap) - xtensa: iss/network: make functions static (Randy Dunlap) - xtensa: add default definition for XCHAL_HAVE_DIV32 (Max Filippov) - firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels() (Christophe JAILLET) - power: supply: ucs1002: fix error code in ucs1002_get_property() (Dan Carpenter) - bus: ti-sysc: Fix SYSC_QUIRK_SWSUP_SIDLE_ACT handling for uart wake-up (Tony Lindgren) - ARM: dts: ti: omap: motorola-mapphone: Fix abe_clkctrl warning on boot (Tony Lindgren) - ARM: dts: ti: omap: Fix bandgap thermal cells addressing for omap3/4 (Tony Lindgren) - ARM: dts: omap: correct indentation (Krzysztof Kozlowski) - treewide: Replace GPLv2 boilerplate/reference with SPDX - gpl-2.0_56.RULE (part 1) (Thomas Gleixner) - clk: tegra: fix error return case for recalc_rate (Timo Alho) - bus: ti-sysc: Fix missing AM35xx SoC matching (Adam Ford) - bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (Julien Panis) - drm/bridge: ti-sn65dsi83: Do not generate HFP/HBP/HSA and EOT packet (Marek Vasut) - MIPS: Alchemy: only build mmc support helpers if au1xmmc is enabled (Christoph Hellwig) - btrfs: reset destination buffer when read_extent_buffer() gets invalid range (Qu Wenruo) - ata: ahci: Add Elkhart Lake AHCI controller (Werner Fischer) - ata: ahci: Rename board_ahci_mobile (Mario Limonciello) - ata: ahci: Add support for AMD A85 FCH (Hudson D4) (Paul Menzel) - ata: libata: Rename link flag ATA_LFLAG_NO_DB_DELAY (Paul Menzel) - netfilter: nft_exthdr: Fix non-linear header modification (Xiao Liang) - netfilter: exthdr: add support for tcp option removal (Florian Westphal) - Input: i8042 - add quirk for TUXEDO Gemini 17 Gen1/Clevo PD70PN (Werner Sembach) - Input: i8042 - rename i8042-x86ia64io.h to i8042-acpipnpio.h (Huacai Chen) - xfs: fix xfs_inodegc_stop racing with mod_delayed_work (Darrick J. Wong) - xfs: disable reaping in fscounters scrub (Darrick J. Wong) - xfs: check that per-cpu inodegc workers actually run on that cpu (Darrick J. Wong) - xfs: explicitly specify cpu when forcing inodegc delayed work to run immediately (Darrick J. Wong) - xfs: introduce xfs_inodegc_push() (Dave Chinner) - xfs: bound maximum wait time for inodegc work (Dave Chinner) - i2c: mux: gpio: Add missing fwnode_handle_put() (Liang He) - i2c: mux: gpio: Replace custom acpi_get_local_address() (Andy Shevchenko) - i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (Xiaoke Wang) - gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (Christophe JAILLET) - Fix up backport of 136191703038 ('interconnect: Teach lockdep about icc_bw_lock order') (Sasha Levin) - igc: Expose tx-usecs coalesce setting to user (Muhammad Husaini Zulkifli) - bnxt_en: Flush XDP for bnxt_poll_nitroa0()'s NAPI (Sebastian Andrzej Siewior) - net: ena: Flush XDP packets on error. (Sebastian Andrzej Siewior) - locking/seqlock: Do the lockdep annotation before locking in do_write_seqcount_begin_nested() (Sebastian Andrzej Siewior) - netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP (Jozsef Kadlecsik) [Orabug: 35865151] {CVE-2023-42756} - netfilter: nf_tables: disable toggling dormant table state more than once (Florian Westphal) - team: fix null-ptr-deref when team device type is changed (Ziyang Xuan) - net: bridge: use DEV_STATS_INC() (Eric Dumazet) - net: hns3: add 5ms delay before clear firmware reset irq source (Jie Wang) - net: hns3: fix fail to delete tc flower rules during reset issue (Jijie Shao) - net: hns3: only enable unicast promisc when mac table full (Jian Shen) - net: hns3: fix GRE checksum offload issue (Jie Wang) - x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (Josh Poimboeuf) - x86/srso: Fix srso_show_state() side effect (Josh Poimboeuf) - platform/x86: intel_scu_ipc: Fail IPC send if still busy (Stephen Boyd) - platform/x86: intel_scu_ipc: Don't override scu in intel_scu_ipc_dev_simple_command() (Stephen Boyd) - platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (Stephen Boyd) - platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (Stephen Boyd) - dccp: fix dccp_v4_err()/dccp_v6_err() again (Eric Dumazet) - powerpc/perf/hv-24x7: Update domain value check (Kajol Jain) - ipv4: fix null-deref in ipv4_link_failure (Kyle Zeng) - igc: Fix infinite initialization loop with early XDP redirect (Vinicius Costa Gomes) - ionic: fix 16bit math issue when PAGE_SIZE >= 64KB (David Christensen) - i40e: Fix VF VLAN offloading when port VLAN is configured (Ivan Vecera) - i40e: Add VF VLAN pruning (Mateusz Palczewski) - iavf: do not process adminq tasks when __IAVF_IN_REMOVE_TASK is set (Radoslaw Tyl) - ASoC: imx-audmix: Fix return error with devm_clk_get() (Shengjiu Wang) - net/core: Fix ETH_P_1588 flow dissector (Sasha Neftin) - selftests: tls: swap the TX and RX sockets in some tests (Sabrina Dubroca) - bpf: Avoid deadlock when using queue and stack maps from NMI (Toke Hoiland-Jorgensen) - netfilter: nf_tables: disallow element removal on anonymous sets (Pablo Neira Ayuso) - ASoC: meson: spdifin: start hw on dai probe (Jerome Brunet) - netfilter: nf_tables: fix memleak when more than 255 elements expired (Florian Westphal) - netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (Pablo Neira Ayuso) - netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails (Pablo Neira Ayuso) - netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC (Pablo Neira Ayuso) - netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention (Pablo Neira Ayuso) - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction (Pablo Neira Ayuso) [Orabug: 35814389] {CVE-2023-4244} - netfilter: nf_tables: defer gc run if previous batch is still pending (Florian Westphal) - netfilter: nf_tables: use correct lock to protect gc_list (Pablo Neira Ayuso) - netfilter: nf_tables: GC transaction race with abort path (Pablo Neira Ayuso) - netfilter: nf_tables: GC transaction race with netns dismantle (Pablo Neira Ayuso) - netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path (Pablo Neira Ayuso) - netfilter: nf_tables: don't fail inserts if duplicate has expired (Florian Westphal) - netfilter: nf_tables: remove busy mark and gc batch API (Pablo Neira Ayuso) - netfilter: nft_set_hash: mark set element as dead when deleting from packet path (Pablo Neira Ayuso) - netfilter: nf_tables: adapt set backend to use GC transaction API (Pablo Neira Ayuso) [Orabug: 35814389] {CVE-2023-4244} - netfilter: nf_tables: GC transaction API to avoid race with control plane (Pablo Neira Ayuso) - netfilter: nf_tables: don't skip expired elements during walk (Florian Westphal) - tracing: Have event inject files inc the trace array ref count (Steven Rostedt (Google)) - ext4: do not let fstrim block system suspend (Jan Kara) - ext4: move setting of trimmed bit into ext4_try_to_trim_range() (Jan Kara) - ext4: replace the traditional ternary conditional operator with with max()/min() (Kemeng Shi) - ext4: change s_last_trim_minblks type to unsigned long (Lukas Czerner) - ext4: scope ret locally in ext4_try_to_trim_range() (Lukas Bulwahn) - ata: libahci: clear pending interrupt status (Szuying Chen) - ata: ahci: Drop pointless VPRINTK() calls and convert the remaining ones (Hannes Reinecke) - tracing: Increase trace array ref count on enable and filter files (Steven Rostedt (Google)) - tracing: Make trace_marker{,_raw} stream-like (John Keeping) - NFSv4.1: fix pnfs MDS=DS session trunking (Olga Kornievskaia) - NFSv4.1: use EXCHGID4_FLAG_USE_PNFS_DS for DS server (Olga Kornievskaia) - SUNRPC: Mark the cred for revalidation if the server rejects it (Trond Myklebust) - NFS/pNFS: Report EINVAL errors from connect() to the server (Trond Myklebust) - NFS: More fixes for nfs_direct_write_reschedule_io() (Trond Myklebust) - NFS: Use the correct commit info in nfs_join_page_group() (Trond Myklebust) - LTS version: v5.15.133 (Jack Vogel) - interconnect: Teach lockdep about icc_bw_lock order (Rob Clark) - drm/amd/display: enable cursor degamma for DCN3+ DRM legacy gamma (Melissa Wen) - drm/amdgpu: fix amdgpu_cs_p1_user_fence (Christian Konig) - drm/amd/display: fix the white screen issue when >= 64GB DRAM (Yifan Zhang) - ext4: fix rec_len verify error (Shida Zhang) - scsi: pm8001: Setup IRQs on resume (Damien Le Moal) - ata: libata: disallow dev-initiated LPM transitions to unsupported states (Niklas Cassel) - i2c: aspeed: Reset the i2c controller when timeout occurs (Tommy Huang) - tracefs: Add missing lockdown check to tracefs_create_dir() (Steven Rostedt (Google)) - nfsd: fix change_info in NFSv4 RENAME replies (Jeff Layton) - tracing: Have option files inc the trace array ref count (Steven Rostedt (Google)) - tracing: Have current_trace inc the trace array ref count (Steven Rostedt (Google)) - tracing: Have tracing_max_latency inc the trace array ref count (Steven Rostedt (Google)) - btrfs: release path before inode lookup during the ino lookup ioctl (Filipe Manana) - btrfs: fix lockdep splat and potential deadlock after failure running delayed items (Filipe Manana) - ovl: fix incorrect fdput() on aio completion (Amir Goldstein) - ovl: fix failed copyup of fileattr on a symlink (Amir Goldstein) - attr: block mode changes of symlinks (Christian Brauner) - md/raid1: fix error: ISO C90 forbids mixed declarations (Nigel Croxon) - samples/hw_breakpoint: fix building without module unloading (Arnd Bergmann) - x86/purgatory: Remove LTO flags (Song Liu) - x86/boot/compressed: Reserve more memory for page tables (Kirill A. Shutemov) - scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (Jinjie Ruan) - selftests: tracing: Fix to unmount tracefs for recovering environment (Masami Hiramatsu (Google)) - scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (Jinjie Ruan) - drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (Jinjie Ruan) - btrfs: compare the correct fsid/metadata_uuid in btrfs_validate_super (Anand Jain) - btrfs: add a helper to read the superblock metadata_uuid (Anand Jain) - btrfs: move btrfs_pinned_by_swapfile prototype into volumes.h (Josef Bacik) - perf test shell stat_bpf_counters: Fix test on Intel (Namhyung Kim) - perf test: Remove bash construct from stat_bpf_counters.sh test (James Clark) - MIPS: Use 'grep -E' instead of 'egrep' (Tiezhu Yang) - mtd: rawnand: brcmnand: Fix ECC level field setting for v7.2 controller (William Zhang) - mtd: rawnand: brcmnand: Allow SoC to provide I/O operations (Florian Fainelli) - jbd2: correct the end of the journal recovery scan range (Zhang Yi) - jbd2: rename jbd_debug() to jbd2_debug() (Jan Kara) - jbd2: kill t_handle_lock transaction spinlock (Ritesh Harjani) - jbd2: fix use-after-free of transaction_t race (Ritesh Harjani) - jbd2: refactor wait logic for transaction updates into a common function (Ritesh Harjani) - printk: Consolidate console deferred printing (John Ogness) - interconnect: Fix locking for runpm vs reclaim (Rob Clark) - kobject: Add sanity check for kset->kobj.ktype in kset_register() (Zhen Lei) - media: pci: ipu3-cio2: Initialise timing struct to avoid a compiler warning (Sakari Ailus) - usb: ehci: add workaround for chipidea PORTSC.PEC bug (Xu Yang) - serial: cpm_uart: Avoid suspicious locking (Christophe Leroy) - scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (Konstantin Shelekhin) - tools: iio: iio_generic_buffer: Fix some integer type and calculation (Chenyuan Mi) - usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc (Ma Ke) - usb: cdns3: Put the cdns set active part outside the spin lock (Xiaolei Wang) - media: pci: cx23885: replace BUG with error return (Hans Verkuil) - media: tuners: qt1010: replace BUG_ON with a regular error (Hans Verkuil) - media: dvb-usb-v2: gl861: Fix null-ptr-deref in gl861_i2c_master_xfer (Zhang Shurong) - media: az6007: Fix null-ptr-deref in az6007_i2c_xfer() (Zhang Shurong) - media: anysee: fix null-ptr-deref in anysee_master_xfer (Zhang Shurong) - media: af9005: Fix null-ptr-deref in af9005_i2c_xfer (Zhang Shurong) - media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer() (Zhang Shurong) - media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer (Zhang Shurong) - PCI: fu740: Set the number of MSI vectors (Yong-Xuan Wang) - powerpc/pseries: fix possible memory leak in ibmebus_bus_init() (ruanjinjie) - ARM: 9317/1: kexec: Make smp stop calls asynchronous (Marten Lindahl) - jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount (Liu Shixin via Jfs-discussion) - fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount() (Andrew Kanner) - ext2: fix datatype of block number in ext2_xattr_set2() (Georg Ottinger) - md: raid1: fix potential OOB in raid1_remove_disk() (Zhang Shurong) - bus: ti-sysc: Configure uart quirks for k3 SoC (Tony Lindgren) - drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable() (Tuo Li) - drm/amd/display: Blocking invalid 420 modes on HDMI TMDS for DCN31 (Leo Chen) - ALSA: hda: intel-dsp-cfg: add LunarLake support (Pierre-Louis Bossart) - samples/hw_breakpoint: Fix kernel BUG 'invalid opcode: 0000' (Rong Tao) - arm64: dts: qcom: sm8250-edo: correct ramoops pmsg-size (Krzysztof Kozlowski) - arm64: dts: qcom: sm8150-kumano: correct ramoops pmsg-size (Krzysztof Kozlowski) - arm64: dts: qcom: sm6125-pdx201: correct ramoops pmsg-size (Krzysztof Kozlowski) - drm/bridge: tc358762: Instruct DSI host to generate HSE packets (Marek Vasut) - wifi: mac80211_hwsim: drop short frames (Johannes Berg) - netfilter: ebtables: fix fortify warnings in size_entry_mwt() (GONG, Ruiqi) - wifi: mac80211: check S1G action frame size (Johannes Berg) - alx: fix OOB-read compiler warning (GONG, Ruiqi) - mmc: sdhci-esdhc-imx: improve ESDHC_FLAG_ERR010450 (Giulio Benetti) - tpm_tis: Resend command to recover from data transfer errors (Alexander Steffen) - crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui() (Mark O'Donovan) - wifi: wil6210: fix fortify warnings (Dmitry Antipov) - wifi: mwifiex: fix fortify warning (Dmitry Antipov) - wifi: ath9k: fix printk specifier (Dongliang Mu) - wifi: ath9k: fix fortify warnings (Dmitry Antipov) - crypto: lrw,xts - Replace strlcpy with strscpy (Azeem Shaikh) - devlink: remove reload failed checks in params get/set callbacks (Jiri Pirko) - ACPI: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects (Mario Limonciello) - hw_breakpoint: fix single-stepping when using bpf_overflow_handler (Tomislav Novak) - perf/imx_ddr: speed up overflow frequency of cycle (Xu Yang) - perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09 (Yicong Yang) - ACPI: video: Add backlight=native DMI quirk for Lenovo Ideapad Z470 (Jiri Slaby (SUSE)) - scftorture: Forgive memory-allocation failure if KASAN (Paul E. McKenney) - rcuscale: Move rcu_scale_writer() schedule_timeout_uninterruptible() to _idle() (Zqiang) - kernel/fork: beware of __put_task_struct() calling context (Wander Lairson Costa) - ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer (Abhishek Mainkar) - locks: fix KASAN: use-after-free in trace_event_raw_event_filelock_lock (Will Shiu) - btrfs: output extra debug info if we failed to find an inline backref (Qu Wenruo) - autofs: fix memory leak of waitqueues in autofs_catatonic_mode (Fedor Pchelkin) - LTS version: v5.15.132 (Jack Vogel) - pcd: fix error codes in pcd_init_unit() (Dan Carpenter) - drm/amd/display: Fix a bug when searching for insert_above_mpcc (Wesley Chalmers) - MIPS: Only fiddle with CHECKFLAGS if need-compiler' (Maciej W. Rozycki) - kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg(). (Kuniyuki Iwashima) - ixgbe: fix timestamp configuration code (Vadim Fedorenko) - ipv6: fix ip6_sock_set_addr_preferences() typo (Eric Dumazet) - net/tls: do not free tls_rec on async operation in bpf_exec_tx_verdict() (Liu Jian) - platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (Shravan Kumar Ramani) - platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (Shravan Kumar Ramani) - platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (Liming Sun) - platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors (Liming Sun) - kcm: Fix memory leak in error path of kcm_sendmsg() (Shigeru Yoshida) - r8152: check budget for r8152_poll() (Hayes Wang) - net: dsa: sja1105: hide all multicast addresses from 'bridge fdb show' (Vladimir Oltean) - hsr: Fix uninit-value access in fill_frame_info() (Ziyang Xuan) - net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_get_fdir_all() (Hangyu Hua) - net: ethernet: mvpp2_main: fix possible OOB write in mvpp2_ethtool_get_rxnfc() (Hangyu Hua) - net/smc: use smc_lgr_list.lock to protect smc_lgr_list.list iterate in smcr_port_add (Guangguan Wang) - kselftest/runner.sh: Propagate SIGTERM to runner child (Bjorn Topel) - net: ipv4: fix one memleak in __inet_del_ifa() (Liu Jian) - ARM: dts: BCM5301X: Extend RAM to full 256MB for Linksys EA6500 V2 (Aleksey Nasibulin) - ARM: dts: samsung: exynos4210-i9100: Fix LCD screen's physical size (Paul Cercueil) - block: don't add or resize partition on the disk with GENHD_FL_NO_PART (Li Lingfeng) - block: rename GENHD_FL_NO_PART_SCAN to GENHD_FL_NO_PART (Christoph Hellwig) - block: move GENHD_FL_BLOCK_EVENTS_ON_EXCL_WRITE to disk->event_flags (Christoph Hellwig) - block: move GENHD_FL_NATIVE_CAPACITY to disk->state (Christoph Hellwig) - pcd: cleanup initialization (Christoph Hellwig) - pcd: move the identify buffer into pcd_identify (Christoph Hellwig) - perf hists browser: Fix the number of entries for 'e' key (Namhyung Kim) - perf tools: Handle old data in PERF_RECORD_ATTR (Namhyung Kim) - perf hists browser: Fix hierarchy mode header (Namhyung Kim) - MIPS: Fix CONFIG_CPU_DADDI_WORKAROUNDS modules_install' regression (Maciej W. Rozycki) - drm/amd/display: prevent potential division by zero errors (Hamza Mahfooz) - mtd: rawnand: brcmnand: Fix potential false time out warning (William Zhang) - mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write (William Zhang) - mtd: rawnand: brcmnand: Fix crash during the panic_write (William Zhang) - btrfs: use the correct superblock to compare fsid in btrfs_validate_super (Anand Jain) - btrfs: don't start transaction when joining with TRANS_JOIN_NOSTART (Filipe Manana) - btrfs: free qgroup rsv on io failure (Boris Burkov) - fuse: nlookup missing decrement in fuse_direntplus_link (ruanmeisi) - ata: pata_ftide010: Add missing MODULE_DESCRIPTION (Damien Le Moal) - ata: sata_gemini: Add missing MODULE_DESCRIPTION (Damien Le Moal) - ata: pata_falcon: fix IO base selection for Q40 (Michael Schmitz) - lib: test_scanf: Add explicit type cast to result initialization in test_number_prefix() (Nathan Chancellor) - ext4: add correct group descriptors and reserved GDT blocks to system zone (Wang Jianjian) - dmaengine: sh: rz-dmac: Fix destination and source data size setting (Hien Huynh) - ARC: atomics: Add compiler barrier to atomic operations... (Pavel Kozlov) - sh: boards: Fix CEU buffer size passed to dma_declare_coherent_memory() (Petr Tesarik) - net: hns3: remove GSO partial feature bit (Jie Wang) - net: hns3: fix the port information display when sfp is absent (Yisen Zhuang) - net: hns3: fix invalid mutex between tc qdisc and dcb ets command issue (Jijie Shao) - net: hns3: fix debugfs concurrency issue between kfree buffer and read (Hao Chen) - net: hns3: fix byte order conversion issue in hclge_dbg_fd_tcam_read() (Hao Chen) - net: dsa: sja1105: complete tc-cbs offload support on SJA1110 (Vladimir Oltean) - net: dsa: sja1105: fix -ENOSPC when replacing the same tc-cbs too many times (Vladimir Oltean) - net: dsa: sja1105: fix bandwidth discrepancy between tc-cbs software and offload (Vladimir Oltean) - ip_tunnels: use DEV_STATS_INC() (Eric Dumazet) - idr: fix param name in idr_alloc_cyclic() doc (Ariel Marcovitch) - s390/zcrypt: don't leak memory if dev_set_name() fails (Andy Shevchenko) - igb: Change IGB_MIN to allow set rx/tx value between 64 and 80 (Olga Zaborska) - igbvf: Change IGBVF_MIN to allow set rx/tx value between 64 and 80 (Olga Zaborska) - igc: Change IGC_MIN to allow set rx/tx value between 64 and 80 (Olga Zaborska) - octeontx2-af: Fix truncation of smq in CN10K NIX AQ enqueue mbox handler (Geetha sowjanya) - kcm: Destroy mutex in kcm_exit_net() (Shigeru Yoshida) - net: sched: sch_qfq: Fix UAF in qfq_dequeue() (valis) [Orabug: 35814453] {CVE-2023-4921} - af_unix: Fix data race around sk->sk_err. (Kuniyuki Iwashima) - af_unix: Fix data-races around sk->sk_shutdown. (Kuniyuki Iwashima) - af_unix: Fix data-race around unix_tot_inflight. (Kuniyuki Iwashima) - af_unix: Fix data-races around user->unix_inflight. (Kuniyuki Iwashima) - net: phy: micrel: Correct bit assignments for phy_device flags (Oleksij Rempel) - net: ipv6/addrconf: avoid integer underflow in ipv6_create_tempaddr (Alex Henrie) - veth: Fixing transmit return status for dropped packets (Liang Chen) - igb: disable virtualization features on 82580 (Corinna Vinschen) - ipv4: ignore dst hint for multipath routes (Sriram Yagnaraman) - drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (Sean Christopherson) - xsk: Fix xsk_diag use-after-free error during socket cleanup (Magnus Karlsson) - net: fib: avoid warn splat in flow dissector (Florian Westphal) - net: read sk->sk_family once in sk_mc_loop() (Eric Dumazet) - ipv4: annotate data-races around fi->fib_dead (Eric Dumazet) - sctp: annotate data-races around sk->sk_wmem_queued (Eric Dumazet) - net/sched: fq_pie: avoid stalls in fq_pie_timer() (Eric Dumazet) - pwm: lpc32xx: Remove handling of PWM channels (Vladimir Zapolskiy) - watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (Raag Jadav) - perf top: Don't pass an ERR_PTR() directly to perf_session__delete() (Arnaldo Carvalho de Melo) - perf vendor events: Drop some of the JSON/events for power10 platform (Kajol Jain) - perf vendor events: Update the JSON/events descriptions for power10 platform (Kajol Jain) - x86/virt: Drop unnecessary check on extended CPUID level in cpu_has_svm() (Sean Christopherson) - perf annotate bpf: Don't enclose non-debug code with an assert() (Arnaldo Carvalho de Melo) - Input: tca6416-keypad - fix interrupt enable disbalance (Dmitry Torokhov) - Input: tca6416-keypad - always expect proper IRQ number in i2c client (Dmitry Torokhov) - backlight: gpio_backlight: Drop output GPIO direction check for initial power state (Ying Liu) - pwm: atmel-tcb: Fix resource freeing in error path and remove (Uwe Kleine-Konig) - pwm: atmel-tcb: Harmonize resource allocation order (Uwe Kleine-Konig) - pwm: atmel-tcb: Convert to platform remove callback returning void (Uwe Kleine-Konig) - perf trace: Really free the evsel->priv area (Arnaldo Carvalho de Melo) - perf trace: Use zfree() to reduce chances of use after free (Arnaldo Carvalho de Melo) - kconfig: fix possible buffer overflow (Konstantin Meskhidze) - gfs2: low-memory forced flush fixes (Andreas Gruenbacher) - gfs2: Switch to wait_event in gfs2_logd (Andreas Gruenbacher) - kbuild: do not run depmod for 'make modules_sign' (Masahiro Yamada) - bus: mhi: host: Skip MHI reset if device is in RDDM (Qiang Yu) - NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (Fedor Pchelkin) - NFS: Fix a potential data corruption (Trond Myklebust) - clk: qcom: mss-sc7180: fix missing resume during probe (Johan Hovold) - clk: qcom: q6sstop-qcs404: fix missing resume during probe (Johan Hovold) - soc: qcom: qmi_encdec: Restrict string length in decode (Chris Lew) - clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (Dmitry Baryshkov) - clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz (Ahmad Fatoum) - dt-bindings: clock: xlnx,versal-clk: drop select:false (Krzysztof Kozlowski) - pinctrl: cherryview: fix address_space_handler() argument (Raag Jadav) - parisc: led: Reduce CPU overhead for disk & lan LED computation (Helge Deller) - parisc: led: Fix LAN receive and transmit LEDs (Helge Deller) - lib/test_meminit: allocate pages up to order MAX_ORDER (Andrew Donnellan) - clk: qcom: turingcc-qcs404: fix missing resume during probe (Johan Hovold) - drm/ast: Fix DRAM init on AST2200 (Thomas Zimmermann) - clk: qcom: camcc-sc7180: fix async resume during probe (Johan Hovold) - fbdev/ep93xx-fb: Do not assign to struct fb_info.dev (Thomas Zimmermann) - io_uring: break iopolling on signal (Pavel Begunkov) - io_uring: break out of iowq iopoll on teardown (Pavel Begunkov) - io_uring: always lock in io_apoll_task_func (Pavel Begunkov) - net/ipv6: SKB symmetric hash should incorporate transport ports (Quan Tian) - udf: initialize newblock to 0 (Tom Rix) - md/md-bitmap: remove unnecessary local variable in backlog_store() (Yu Kuai) - tracing: Zero the pipe cpumask on alloc to avoid spurious -EBUSY (Brian Foster) - perf/x86/uncore: Correct the number of CHAs on EMR (Kan Liang) - x86/sgx: Break up long non-preemptible delays in sgx_vepc_release() (Jack Wang) - USB: core: Fix oversight in SuperSpeed initialization (Alan Stern) - USB: core: Fix race by not overwriting udev->descriptor in hub_port_init() (Alan Stern) - USB: core: Change usb_get_device_descriptor() API (Alan Stern) - USB: core: Unite old scheme and new scheme descriptor reads (Alan Stern) - usb: typec: bus: verify partner exists in typec_altmode_attention (RD Babiera) - usb: typec: tcpm: set initial svdm version based on pd revision (RD Babiera) - cpufreq: brcmstb-avs-cpufreq: Fix -Warray-bounds bug (Gustavo A. R. Silva) - crypto: stm32 - fix loop iterating through scatterlist for DMA (Thomas Bourgoin) - s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (Sven Schnelle) - pstore/ram: Check start of empty przs during init (Enlin Mu) - mmc: renesas_sdhi: register irqs before registering controller (Wolfram Sang) - fsverity: skip PKCS#7 parser when keyring is empty (Eric Biggers) - net: handle ARPHRD_PPP in dev_is_mac_header_xmit() (Nicolas Dichtel) - X.509: if signature is unsupported skip validation (Thore Sommer) - dccp: Fix out of bounds access in DCCP error handler (Jann Horn) - parisc: Fix /proc/cpuinfo output for lscpu (Helge Deller) - procfs: block chmod on /proc/thread-self/comm (Aleksa Sarai) - Revert 'PCI: Mark NVIDIA T4 GPUs to avoid bus reset' (Bjorn Helgaas) - ntb: Fix calculation ntb_transport_tx_free_entry() (Dave Jiang) - ntb: Clean up tx tail index on link down (Dave Jiang) - ntb: Drop packets when qp link is down (Dave Jiang) - scsi: mpt3sas: Perform additional retries if doorbell read returns 0 (Ranjan Kumar) - media: venus: hfi_venus: Write to VIDC_CTRL_INIT after unmasking interrupts (Konrad Dybcio) - arm64: csum: Fix OoB access in IP checksum code for negative lengths (Will Deacon) - i3c: master: svc: fix probe failure when no i3c device exist (Frank Li) - xtensa: PMU: fix base address for the newer hardware (Max Filippov) - backlight/lv5207lp: Compare against struct fb_info.device (Thomas Zimmermann) - backlight/bd6107: Compare against struct fb_info.device (Thomas Zimmermann) - backlight/gpio_backlight: Compare against struct fb_info.device (Thomas Zimmermann) - ARM: OMAP2+: Fix -Warray-bounds warning in _pwrdm_state_switch() (Gustavo A. R. Silva) - ipmi_si: fix a memleak in try_smi_init() (Yi Yang) - media: i2c: ccs: Check rules is non-NULL (Sakari Ailus) - mm/vmalloc: add a safer version of find_vm_area() for debug (Joel Fernandes (Google)) - scsi: core: Fix the scsi_set_resid() documentation (Bart Van Assche) - printk: ringbuffer: Fix truncating buffer size min_t cast (Kees Cook) - rcu: dump vmalloc memory info safely (Zqiang) - ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl (Takashi Iwai) - PM / devfreq: Fix leak in devfreq_dev_release() (Boris Brezillon) - igb: set max size RX buffer when store bad packet is enabled (Radoslaw Tyl) [Orabug: 35924095] {CVE-2023-45871} - skbuff: skb_segment, Call zero copy functions before using skbuff frags (Mohamed Khalfella) - igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU (Eric Dumazet) [Orabug: 35923998] {CVE-2023-42752} - virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (Yuan Yao) - cpufreq: Fix the race condition while updating the transition_task of policy (Liao Chang) - dmaengine: ste_dma40: Add missing IRQ check in d40_probe (ruanjinjie) - um: Fix hostaudio build errors (Randy Dunlap) - mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (Yi Yang) - mtd: spi-nor: Check bus width while setting QE bit (Hsin-Yi Wang) - leds: trigger: tty: Do not use LED_ON/OFF constants, use led_blink_set_oneshot instead (Marek Behun) - leds: multicolor: Use rounded division when calculating color components (Marek Behun) - leds: pwm: Fix error code in led_pwm_create_fwnode() (Dan Carpenter) - rpmsg: glink: Add check for kstrdup (Jiasheng Jiang) - phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (Jonas Karlman) - phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (Zheng Yang) - phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (Jonas Karlman) - mtd: rawnand: brcmnand: Fix mtd oobsize (William Zhang) - tracing: Fix race issue between cpu buffer write and swap (Zheng Yejian) - tracing: Remove extra space at the end of hwlat_detector/mode (Mikhail Kobuk) - HID: multitouch: Correct devm device reference for hidinput input_dev name (Rahul Rameshbabu) - HID: logitech-dj: Fix error handling in logi_dj_recv_switch_to_dj_mode() (Nikita Zhandarovich) - Revert 'IB/isert: Fix incorrect release of isert connection' (Leon Romanovsky) - amba: bus: fix refcount leak (Peng Fan) - serial: tegra: handle clk prepare error in tegra_uart_hw_init() (Yi Yang) - scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock (Chengfeng Ye) - scsi: core: Use 32-bit hostnum in scsi_host_lookup() (Tony Battersby) - cgroup:namespace: Remove unused cgroup_namespaces_init() (Lu Jialin) - media: i2c: rdacm21: Fix uninitialized value (Jacopo Mondi) - media: ov2680: Fix regulators being left enabled on ov2680_power_on() errors (Hans de Goede) - media: ov2680: Fix ov2680_set_fmt() which == V4L2_SUBDEV_FORMAT_TRY not working (Hans de Goede) - media: ov2680: Add ov2680_fill_format() helper function (Hans de Goede) - media: ov2680: Don't take the lock for try_fmt calls (Hans de Goede) - media: ov2680: Remove VIDEO_V4L2_SUBDEV_API ifdef-s (Hans de Goede) - media: ov2680: Fix vflip / hflip set functions (Hans de Goede) - media: ov2680: Fix ov2680_bayer_order() (Hans de Goede) - media: ov2680: Remove auto-gain and auto-exposure controls (Hans de Goede) - media: i2c: ov2680: Set V4L2_CTRL_FLAG_MODIFY_LAYOUT on flips (Dave Stevenson) - media: ov5640: Enable MIPI interface in ov5640_set_power_mipi() (Marek Vasut) - USB: gadget: f_mass_storage: Fix unused variable warning (Alan Stern) - media: venus: hfi_venus: Only consider sys_idle_indicator on V1 (Konrad Dybcio) - media: go7007: Remove redundant if statement (Colin Ian King) - platform/x86: dell-sysman: Fix reference leak (Armin Wolf) - iommu/vt-d: Fix to flush cache of PASID directory table (Yanfei Xu) - iommu/qcom: Disable and reset context bank before programming (AngeloGioacchino Del Regno) - fsi: aspeed: Reset master errors after CFAM reset (Eddie James) - IB/uverbs: Fix an potential error pointer dereference (Xiang Yang) - RDMA/hns: Fix CQ and QP cache affinity (Chengchang Tang) - RDMA/hns: Fix incorrect post-send with direct wqe of wr-list (Junxian Huang) - RDMA/hns: Fix port active speed (Chengchang Tang) - iommu/sprd: Add missing force_aperture (Jason Gunthorpe) - driver core: test_async: fix an error code (Dan Carpenter) - dma-buf/sync_file: Fix docs syntax (Rob Clark) - coresight: tmc: Explicit type conversions to prevent integer overflow (Ruidong Tian) - RDMA/irdma: Replace one-element array with flexible-array member (Gustavo A. R. Silva) - scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly (Oleksandr Natalenko) - scsi: qedf: Do not touch __user pointer in qedf_dbg_debug_cmd_read() directly (Oleksandr Natalenko) - scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly (Oleksandr Natalenko) - x86/APM: drop the duplicate APM_MINOR_DEV macro (Randy Dunlap) - serial: sprd: Fix DMA buffer leak issue (Chunyan Zhang) - serial: sprd: Assign sprd_port after initialized to avoid wrong access (Chunyan Zhang) - scsi: qla4xxx: Add length check when parsing nlattrs (Lin Ma) - scsi: be2iscsi: Add length check when parsing nlattrs (Lin Ma) - scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() (Lin Ma) - scsi: iscsi: Add length check for nlattr payload (Lin Ma) - scsi: iscsi: Rename iscsi_set_param() to iscsi_if_set_param() (Wenchao Hao) - scsi: RDMA/srp: Fix residual handling (Bart Van Assche) - usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (Xu Yang) - media: mediatek: vcodec: Return NULL if no vdec_fb is found (Irui Wang) - media: rkvdec: increase max supported height for H.264 (Benjamin Gaignard) - scsi: hisi_sas: Fix normally completed I/O analysed as failed (Xingui Yang) - scsi: hisi_sas: Fix warnings detected by sparse (Xingui Yang) - scsi: hisi_sas: Modify v3 HW SATA completion error processing (Xingui Yang) - scsi: hisi_sas: Modify v3 HW SSP underflow error processing (Xingui Yang) - media: cx24120: Add retval check for cx24120_message_send() (Daniil Dulov) - media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() (Christophe JAILLET) - media: dib7000p: Fix potential division by zero (Daniil Dulov) - drivers: usb: smsusb: fix error handling code in smsusb_init_device (Dongliang Mu) - iommu: rockchip: Fix directory table address encoding (Jonas Karlman) - iommu/amd/iommu_v2: Fix pasid_state refcount dec hit 0 warning on pasid unbind (Daniel Marcovitch) - media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link() (Christophe JAILLET) - media: i2c: tvp5150: check return value of devm_kasprintf() (Claudiu Beznea) - media: ad5820: Drop unsupported ad5823 from i2c_ and of_device_id tables (Hans de Goede) - RDMA/qedr: Remove a duplicate assignment in irdma_query_ah() (Minjie Du) - pNFS: Fix assignment of xprtdata.cred (Anna Schumaker) - NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (Olga Kornievskaia) - NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (Benjamin Coddington) - NFSD: da_addr_body field missing in some GETDEVICEINFO replies (Chuck Lever) - fs: lockd: avoid possible wrong NULL parameter (Su Hui) - jfs: validate max amount of blocks before allocation. (Alexei Filippov) - ext4: fix unttached inode after power cut with orphan file feature enabled (Zhihao Cheng) - powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (Russell Currey) - nfs/blocklayout: Use the passed in gfp flags (Dan Carpenter) - powerpc/pseries: Rework lppaca_shared_proc() to avoid DEBUG_PREEMPT (Russell Currey) - powerpc: Don't include lppaca.h in paca.h (Michael Ellerman) - PCI: layerscape: Add workaround for lost link capabilities during reset (Xiaowei Bao) - PCI: layerscape: Add the endpoint linkup notifier support (Frank Li) - PCI: dwc: Add start_link/stop_link inlines (Serge Semin) - wifi: ath10k: Use RMW accessors for changing LNKCTL (Ilpo Jarvinen) - wifi: ath11k: Use RMW accessors for changing LNKCTL (Ilpo Jarvinen) - net/mlx5: Use RMW accessors for changing LNKCTL (Ilpo Jarvinen) - drm/radeon: Use RMW accessors for changing LNKCTL (Ilpo Jarvinen) - drm/amdgpu: Use RMW accessors for changing LNKCTL (Ilpo Jarvinen) - powerpc/perf: Convert fsl_emb notifier to state machine callbacks (Christophe Leroy) - powerpc/fadump: reset dump area size if fadump memory reserve fails (Sourabh Jain) - vfio/type1: fix cap_migration information leak (Stefan Hajnoczi) - powerpc/radix: Move some functions into #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE (Christophe Leroy) - clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (Ahmad Fatoum) - clk: imx8mp: fix sai4 clock (Marco Felsch) - PCI/ASPM: Use RMW accessors for changing LNKCTL (Ilpo Jarvinen) - PCI: pciehp: Use RMW accessors for changing LNKCTL (Ilpo Jarvinen) - pinctrl: mcp23s08: check return value of devm_kasprintf() (Claudiu Beznea) - PCI: Mark NVIDIA T4 GPUs to avoid bus reset (Wu Zongyong) - PCI: microchip: Correct the DED and SEC interrupt bit offsets (Daire McNamara) - clk: qcom: gcc-sm6350: Fix gcc_sdcc2_apps_clk_src (Luca Weiss) - clk: qcom: gcc-sm8250: Fix gcc_sdcc2_apps_clk_src (Patrick Whewell) - ext4: avoid potential data overflow in next_linear_group (Kemeng Shi) - ext4: correct grp validation in ext4_mb_good_group (Kemeng Shi) - EDAC/igen6: Fix the issue of no error events (Qiuxu Zhuo) - clk: qcom: gcc-sc7180: Fix up gcc_sdcc2_apps_clk_src (David Wronek) - clk: sunxi-ng: Modify mismatched function name (Zhang Jianhua) - drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init() (Minjie Du) - ipmi:ssif: Fix a memory leak when scanning for an adapter (Corey Minyard) - ipmi:ssif: Add check for kstrdup (Jiasheng Jiang) - of: unittest: Fix overlay type in apply/revert check (Geert Uytterhoeven) - of: overlay: Call of_changeset_init() early (Geert Uytterhoeven) - md: raid0: account for split bio in iostat accounting (David Jeffery) - bus: ti-sysc: Fix cast to enum warning (Tony Lindgren) - arm64: dts: qcom: apq8016-sbc: Fix ov5640 regulator supply names (Bryan O'Donoghue) - drm/mediatek: Fix potential memory leak if vmap() fail (Sui Jingfeng) - drm/mediatek: Remove freeing not dynamic allocated memory (Jason-JH.Lin) - bus: ti-sysc: Fix build warning for 64-bit build (Tony Lindgren) - io_uring: fix drain stalls by invalid SQE (Pavel Begunkov) - audit: fix possible soft lockup in __audit_inode_child() (Gaosheng Cui) - drm/msm/a2xx: Call adreno_gpu_init() earlier (Fabio Estevam) - drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() (Yang Wang) - smackfs: Prevent underflow in smk_set_cipso() (Dan Carpenter) - firmware: meson_sm: fix to avoid potential NULL pointer dereference (Zhang Shurong) - drm/msm/mdp5: Don't leak some plane state (Daniel Vetter) - drm: xlnx: zynqmp_dpsub: Add missing check for dma_set_mask (Jiasheng Jiang) - ima: Remove deprecated IMA_TRUSTED_KEYRING Kconfig (Nayna Jain) - drm/panel: simple: Add missing connector type and pixel format for AUO T215HVN01 (Marek Vasut) - drm/armada: Fix off-by-one error in armada_overlay_get_property() (Geert Uytterhoeven) - arm64: dts: qcom: sm8150: Fix the I2C7 interrupt (Zeyan Li) - of: unittest: fix null pointer dereferencing in of_unittest_find_node_by_name() (Ruan Jinjie) - drm/tegra: dpaux: Fix incorrect return value of platform_get_irq (Yangtao Li) - drm/msm: Update dev core dump to not print backwards (Ryan McCann) - md/md-bitmap: hold 'reconfig_mutex' in backlog_store() (Yu Kuai) - md/bitmap: don't set max_write_behind if there is no write mostly device (Guoqing Jiang) - md/raid10: use dereference_rdev_and_rrdev() to get devices (Li Nan) - md/raid10: factor out dereference_rdev_and_rrdev() (Li Nan) - drm/amdgpu: Update min() to min_t() in 'amdgpu_info_ioctl' (Srinivasan Shanmugam) - arm64: dts: qcom: sdm845: Fix the min frequency of 'ice_core_clk' (Manivannan Sadhasivam) - arm64: dts: qcom: sdm845: Add missing RPMh power domain to GCC (Manivannan Sadhasivam) - ARM: dts: BCM53573: Fix Ethernet info for Luxul devices (Rafal Milecki) - drm: adv7511: Fix low refresh rate register for ADV7533/5 (Bogdan Togorean) - ARM: dts: samsung: s5pv210-smdkv210: correct ethernet reg addresses (split) (Krzysztof Kozlowski) - ARM: dts: s5pv210: add dummy 5V regulator for backlight on SMDKv210 (Krzysztof Kozlowski) - ARM: dts: samsung: s3c6410-mini6410: correct ethernet reg addresses (split) (Krzysztof Kozlowski) - ARM: dts: s3c64xx: align pinctrl with dtschema (Krzysztof Kozlowski) - x86/mm: Fix PAT bit missing from page protection modify mask (Janusz Krzysztofik) - drm/etnaviv: fix dumping of active MMU context (Lucas Stach) - arm64: dts: qcom: pmi8994: Add missing OVP interrupt (Konrad Dybcio) - arm64: dts: qcom: Move WLED num-strings from pmi8994 to sony-xperia-tone (Marijn Suijten) - arm64: dts: qcom: pmi8994: Remove hardcoded linear WLED enabled-strings (Marijn Suijten) - arm64: dts: qcom: pm660l: Add missing short interrupt (Konrad Dybcio) - arm64: dts: qcom: correct SPMI WLED register range encoding (Krzysztof Kozlowski) - arm64: dts: qcom: pmi8998: Add node for WLED (AngeloGioacchino Del Regno) - arm64: dts: qcom: sm8250-sony-xperia: correct GPIO keys wakeup again (Krzysztof Kozlowski) - ARM: dts: BCM53573: Use updated 'spi-gpio' binding properties (Rafal Milecki) - ARM: dts: BCM53573: Add cells sizes to PCIe node (Rafal Milecki) - drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() (Arnd Bergmann) - arm64: dts: qcom: sm8250: Mark PCIe hosts as DMA coherent (Konrad Dybcio) - arm64: dts: qcom: pmk8350: fix ADC-TM compatible string (Dmitry Baryshkov) - arm64: dts: qcom: sm8350: Use proper CPU compatibles (Konrad Dybcio) - arm64: dts: qcom: sm8350: Add missing LMH interrupts to cpufreq (Konrad Dybcio) - arm64: dts: qcom: msm8996: Add missing interrupt to the USB2 controller (Konrad Dybcio) - arm64: dts: qcom: sm8250-edo: Rectify gpio-keys (Konrad Dybcio) - arm64: dts: qcom: sm8250-edo: Add GPIO line names for PMIC GPIOs (Konrad Dybcio) - arm64: dts: qcom: sm8250-edo: Add gpio line names for TLMM (Konrad Dybcio) - arm64: dts: qcom: sm8250: correct dynamic power coefficients (Vincent Guittot) - soc: qcom: ocmem: Fix NUM_PORTS & NUM_MACROS macros (Luca Weiss) - soc: qcom: ocmem: Add OCMEM hardware version print (Luca Weiss) - ASoC: stac9766: fix build errors with REGMAP_AC97 (Randy Dunlap) - quota: fix dqput() to follow the guarantees dquot_srcu should provide (Baokun Li) - quota: add new helper dquot_active() (Baokun Li) - quota: rename dquot_active() to inode_quota_active() (Baokun Li) - quota: factor out dquot_write_dquot() (Baokun Li) - drm/bridge: tc358764: Fix debug print parameter order (Marek Vasut) - netrom: Deny concurrent connect(). (Kuniyuki Iwashima) - net/sched: sch_hfsc: Ensure inner classes have fsc curve (Budimir Markovic) [Orabug: 35810514] {CVE-2023-4623} - hwmon: (tmp513) Fix the channel number in tmp51x_is_visible() (Biju Das) - mlxsw: i2c: Limit single transaction buffer size (Vadim Pasternak) - mlxsw: i2c: Fix chunk size setting in output mailbox buffer (Vadim Pasternak) - net: arcnet: Do not call kfree_skb() under local_irq_disable() (Jinjie Ruan) - wifi: ath9k: use IS_ERR() with debugfs_create_dir() (Wang Ming) - Bluetooth: btusb: Do not call kfree_skb() under spin_lock_irqsave() (Jinjie Ruan) - wifi: mwifiex: avoid possible NULL skb pointer dereference (Dmitry Antipov) - wifi: nl80211/cfg80211: add forgotten nla_policy for BSS color attribute (Lin Ma) - wifi: ath9k: protect WMI command response buffer replacement with a lock (Fedor Pchelkin) - wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (Fedor Pchelkin) - samples/bpf: fix broken map lookup probe (Daniel T. Lee) - wifi: mwifiex: Fix missed return in oob checks failed path (Polaris Pi) - wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (Dmitry Antipov) - fs: ocfs2: namei: check return value of ocfs2_add_entry() (Artem Chernyshev) - lwt: Check LWTUNNEL_XMIT_CONTINUE strictly (Yan Zhai) - lwt: Fix return values of BPF xmit ops (Yan Zhai) - hwrng: iproc-rng200 - Implement suspend and resume calls (Florian Fainelli) - crypto: caam - fix unchecked return value error (Gaurav Jain) - ice: ice_aq_check_events: fix off-by-one check when filling buffer (Przemek Kitszel) - net-memcg: Fix scope of sockmem pressure indicators (Abel Wu) - selftests/bpf: Clean up fmod_ret in bench_rename test script (Yipeng Zou) - net: tcp: fix unexcepted socket die when snd_wnd is 0 (Menglong Dong) - Bluetooth: Fix potential use-after-free when clear keys (Min Li) - Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (Yuanjun Gong) - crypto: stm32 - Properly handle pm_runtime_get failing (Uwe Kleine-Konig) - wifi: mwifiex: fix error recovery in PCIE buffer descriptor management (Dmitry Antipov) - wifi: mwifiex: Fix OOB and integer underflow when rx packets (Polaris Pi) - wifi: mt76: mt7915: fix power-limits while chan_switch (Ryder Lee) - can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM (Marc Kleine-Budde) - spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (Zhang Shurong) - wifi: mt76: testmode: add nla_policy for MT76_TM_ATTR_TX_LENGTH (Lin Ma) - ipv6: Add reasons for skb drops to __udp6_lib_rcv (David Ahern) - bpf: reject unhashed sockets in bpf_sk_assign (Lorenz Bauer) - udp: re-score reuseport groups when connected sockets are present (Lorenz Bauer) - regmap: rbtree: Use alloc_flags for memory allocations (Dan Carpenter) - hwrng: pic32 - use devm_clk_get_enabled (Martin Kaiser) - hwrng: nomadik - keep clock enabled while hwrng is registered (Martin Kaiser) - tcp: tcp_enter_quickack_mode() should be static (Eric Dumazet) - bpf: Clear the probe_addr for uprobe (Yafang Shao) - bpftool: Use a local bpf_perf_event_value to fix accessing its fields (Alexander Lobakin) - cpufreq: powernow-k8: Use related_cpus instead of cpus in driver.exit() (Liao Chang) - x86/efistub: Fix PCI ROM preservation in mixed mode (Mikel Rychliski) - ACPI: x86: s2idle: Fix a logic error parsing AMD constraints table (Mario Limonciello) - ACPI: x86: s2idle: Post-increment variables when getting constraints (Mario Limonciello) - s390/paes: fix PKEY_TYPE_EP11_AES handling for secure keyblobs (Holger Dengler) - s390/pkey: fix/harmonize internal keyblob headers (Holger Dengler) - selftests/futex: Order calls to futex_lock_pi (Nysal Jan K.A) - perf/imx_ddr: don't enable counter0 if none of 4 counters are used (Xu Yang) - x86/decompressor: Don't rely on upper 32 bits of GPRs being preserved (Ard Biesheuvel) - selftests/resctrl: Close perf value read fd on errors (Ilpo Jarvinen) - selftests/resctrl: Unmount resctrl FS if child fails to run benchmark (Ilpo Jarvinen) - selftests/resctrl: Don't leak buffer in fill_cache() (Ilpo Jarvinen) - selftests/resctrl: Add resctrl.h into build deps (Ilpo Jarvinen) - selftests/resctrl: Make resctrl_tests run using kselftest framework (Shaopeng Tan) - OPP: Fix passing 0 to PTR_ERR in _opp_attach_genpd() (Manivannan Sadhasivam) - refscale: Fix uninitalized use of wait_queue_head_t (Waiman Long) - ARM: ptrace: Restore syscall skipping for tracers (Kees Cook) - ARM: ptrace: Restore syscall restart tracing (Kees Cook) - selftests/harness: Actually report SKIP for signal tests (Kees Cook) - tmpfs: verify {g,u}id mount options correctly (Christian Brauner) - fs: Fix error checking for d_hash_and_lookup() (Wang Ming) - eventfd: prevent underflow for eventfd semaphores (Wen Yang) - reiserfs: Check the return value from __getblk() (Matthew Wilcox) - Revert 'net: macsec: preserve ingress frame ordering' (Sabrina Dubroca) - udf: Handle error when adding extent to a file (Jan Kara) - udf: Check consistency of Space Bitmap Descriptor (Vladislav Efanov) - of: kexec: Mark ima_{free,stable}_kexec_buffer() as __init (Nathan Chancellor) - net: Avoid address overwrite in kernel_connect (Jordan Rife) - arm64: lib: Import latest version of Arm Optimized Routines' strncmp (Joey Gouly) - crypto: rsa-pkcs1pad - Use helper to set reqsize (Herbert Xu) - tracing: Introduce pipe_cpumask to avoid race on trace_pipes (Zheng Yejian) - ALSA: seq: oss: Fix racy open/close of MIDI devices (Takashi Iwai) - scsi: lpfc: Fix incorrect big endian type assignment in bsg loopback path (Justin Tee) - scsi: storvsc: Always set no_report_opcodes (Michael Kelley) - sctp: handle invalid error codes without calling BUG() (Dan Carpenter) - bnx2x: fix page fault following EEH recovery (David Christensen) - netlabel: fix shift wrapping bug in netlbl_catmap_setlong() (Dmitry Mastykin) - drm/amdgpu: Match against exact bootloader status (Lijo Lazar) - net: hns3: restore user pause configure when disable autoneg (Jian Shen) - scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (Chengfeng Ye) - scsi: lpfc: Remove reftag check in DIF paths (Justin Tee) - idmaengine: make FSL_EDMA and INTEL_IDMA64 depends on HAS_IOMEM (Baoquan He) - wifi: brcmfmac: Fix field-spanning write in brcmf_scan_params_v2_to_v1() (Hans de Goede) - net: usb: qmi_wwan: add Quectel EM05GV2 (Martin Kohn) - vmbus_testing: fix wrong python syntax for integer value comparison (Ani Sinha) - clk: fixed-mmio: make COMMON_CLK_FIXED_MMIO depend on HAS_IOMEM (Baoquan He) - kprobes: Prohibit probing on CFI preamble symbol (Masami Hiramatsu (Google)) - security: keys: perform capable check only on privileged operations (Christian Gottsche) - ata: pata_arasan_cf: Use dev_err_probe() instead dev_err() in data_xfer() (Minjie Du) - drm/amd/display: Exit idle optimizations before attempt to access PHY (Leo Chen) - platform/x86: huawei-wmi: Silence ambient light sensor (Konstantin Shelekhin) - platform/x86/intel/hid: Add HP Dragonfly G2 to VGBS DMI quirks (Maxim Mikityanskiy) - platform/x86: intel: hid: Always call BTNL ACPI method (Hans de Goede) - ASoC: atmel: Fix the 8K sample parameter in I2SC master (Guiting Shen) - ASoC: rt711-sdca: fix for JD event handling in ClockStop Mode0 (Shuming Fan) - ASoC: rt711: fix for JD event handling in ClockStop Mode0 (Shuming Fan) - ASoc: codecs: ES8316: Fix DMIC config (Edgar) - ASoC: rt5682-sdw: fix for JD event handling in ClockStop Mode0 (Shuming Fan) - fs/nls: make load_nls() take a const parameter (Winston Wen) - s390/dasd: fix hanging device after request requeue (Stefan Haberland) - s390/dasd: use correct number of retries for ERP requests (Stefan Haberland) - m68k: Fix invalid .section syntax (Ben Hutchings) - vxlan: generalize vxlan_parse_gpe_hdr and remove unused args (Jiri Benc) - ethernet: atheros: fix return value check in atl1c_tso_csum() (Yuanjun Gong) - ASoC: da7219: Check for failure reading AAD IRQ events (Dmytro Maluka) - ASoC: da7219: Flush pending AAD IRQ when suspending (Dmytro Maluka) - ksmbd: no response from compound read (Namjae Jeon) - ksmbd: fix out of bounds in smb3_decrypt_req() (Namjae Jeon) - 9p: virtio: make sure 'offs' is initialized in zc_request (Dominique Martinet) - media: pci: cx23885: fix error handling for cx23885 ATSC boards (Nikolay Burykin) - media: pulse8-cec: handle possible ping error (Dmitry Antipov) - phy: qcom-snps-femto-v2: use qcom_snps_hsphy_suspend/resume error code (Adrien Thierry) - ARM: dts: imx: Set default tuning step for imx7d usdhc (Xiaolei Wang) - ARM: dts: imx: Adjust dma-apbh node name (Stefan Wahren) - ARM: dts: imx7s: Drop dma-apb interrupt-names (Marek Vasut) - ARM: dts: imx: update sdma node name format (Joy Zou) - rds: Put back pages on the CPU that allocated them (Hakon Bugge) [Orabug: 35768363] - mm: fix munmap() of reserved va ranges (Anthony Yznaga) [Orabug: 35843808] - mm: fix mmap() of reserved va ranges (Anthony Yznaga) [Orabug: 35843808] - mm: reinstall placeholder mappings before downgrading mmap lock (Anthony Yznaga) [Orabug: 35843808] - mm: fix hang after mapping over a mapped reserved va range (Anthony Yznaga) [Orabug: 35843808] - mm: fix update of total_vm for reserved va placeholders (Anthony Yznaga) [Orabug: 35843808] - mm: enable merging of reserved va placeholders (Anthony Yznaga) [Orabug: 35843808] - genetlink: initialize resv_start_op using existing enum values on uek7-u2 (Qing Huang) [Orabug: 35857093] - rds: Provision to allow all trace points at module load time (Arumugam Kolappan) [Orabug: 35916077] - rds/ib: Preserve dest qp num in the connect request (Arumugam Kolappan) [Orabug: 35926164] - Crash: add lock to serialize crash hotplug handling (Baoquan He) [Orabug: 35778906] - x86/crash: optimize CPU changes (Eric DeVolder) [Orabug: 35778906] - crash: change crash_prepare_elf64_headers() to for_each_possible_cpu() (Eric DeVolder) [Orabug: 35778906] - crash: hotplug support for kexec_load() (Eric DeVolder) [Orabug: 35778906] - x86/crash: add x86 crash hotplug support (Eric DeVolder) [Orabug: 35778906] - crash: memory and CPU hotplug sysfs attributes (Eric DeVolder) [Orabug: 35778906] - kexec: exclude elfcorehdr from the segment digest (Eric DeVolder) [Orabug: 35778906] - crash: add generic infrastructure for crash hotplug support (Eric DeVolder) [Orabug: 35778906] - crash: move a few code bits to setup support of crash hotplug (Eric DeVolder) [Orabug: 35778906] - remove ARCH_DEFAULT_KEXEC from Kconfig.kexec (Eric DeVolder) [Orabug: 35778906] - kexec: rename ARCH_HAS_KEXEC_PURGATORY (Eric DeVolder) [Orabug: 35778906] - sh/kexec: refactor for kernel/Kconfig.kexec (Eric DeVolder) [Orabug: 35778906] - s390/kexec: refactor for kernel/Kconfig.kexec (Eric DeVolder) [Orabug: 35778906] - riscv/kexec: refactor for kernel/Kconfig.kexec (Eric DeVolder) [Orabug: 35778906] - powerpc/kexec: refactor for kernel/Kconfig.kexec (Eric DeVolder) [Orabug: 35778906] - parisc/kexec: refactor for kernel/Kconfig.kexec (Eric DeVolder) [Orabug: 35778906] - mips/kexec: refactor for kernel/Kconfig.kexec (Eric DeVolder) [Orabug: 35778906] - m68k/kexec: refactor for kernel/Kconfig.kexec (Eric DeVolder) [Orabug: 35778906] - arm64/kexec: refactor for kernel/Kconfig.kexec (Eric DeVolder) [Orabug: 35778906] - ia64/kexec: refactor for kernel/Kconfig.kexec (Eric DeVolder) [Orabug: 35778906] - arm/kexec: refactor for kernel/Kconfig.kexec (Eric DeVolder) [Orabug: 35778906] - x86/kexec: refactor for kernel/Kconfig.kexec (Eric DeVolder) [Orabug: 35778906] - kexec: consolidate kexec and crash options into kernel/Kconfig.kexec (Eric DeVolder) [Orabug: 35778906] [5.15.0-201.131.1] - net/rds: report pending-messages count in RDS_INQ response (Devesh Sharma) [Orabug: 35596047] - uek-rpm: Disable kernel support for CONFIG_FIREWIRE in OL9 (Yifei Liu) [Orabug: 35493648] {CVE-2023-3159} - rds: Add proper refcnt when an RDS MR references an RDS Socket (Hakon Bugge) [Orabug: 35817900] - rds: Check for UAF in rds_destroy_mr (Hakon Bugge) [Orabug: 35817900] - uek-rpm: Enable Microsoft recommended Hyper-V flags for ARM (Harshvardhan Jha) [Orabug: 35823292] - xfs: reserve less log space when recovering log intent items (Darrick J. Wong) [Orabug: 35871839] - scsi: target: core: Fix deadlock due to recursive locking (Junxiao Bi) [Orabug: 35886688] IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-42752 CVE-2023-3159 CVE-2023-4244 CVE-2023-42756 CVE-2023-4623 CVE-2023-4921 CVE-2023-5090 CVE-2023-45871 CVE-2023-5178 CVE-2023-5197 cpe:/a:oracle:linux:8::UEKR7 cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:8::developer_UEKR7 cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:linux:9::UEKR7 cpe:/a:oracle:linux:9::developer_UEKR7 Oracle Linux 9 - [5.14.0-362.13.0.1_3.OL9] - cifs: Fix UAF in cifs_demultiplex_thread() (Zhang Xiaoxu) (Steve French) {CVE-2023-1192} - fs/smb/client: Reset password pointer to NULL (Quang Le) (Steve French) {CVE-2023-5345} - igb: set max size RX buffer when store bad packet is enabled (Tony Nguyen) (David S. Miller) {CVE-2023-45871} - [5.14.0-362.8.1_3.OL9] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944] - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Disable unified kernel image package build - Add Oracle Linux IMA certificates - 5.14.0 - Debranding patches copied from Rocky Linux (Louis Abel and Sherif Nagy from RESF) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-1192 CVE-2023-5345 CVE-2023-45871 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 conmon [2.1.3-7] - Resolve CVE-2023-39325 [2.1.3-6] - Add ol8_baseos_latest, and ol9_baseos_latest, to Jenkinsfile [2.1.3-5] - Add systemd-devel as build requirement [2.1.3-4] - Add support ARM build cri-o [1.26.3-3] - Resolve CVE-2023-39325 [1.26.3-2] - Add support for ARM build cri-tools [1.26.1-3] - Resolve CVE-2023-39325 [1.26.1-2] - Add ARM build support etcd [3.5.9-2] - Bump up version [3.5.9-1] - Added Oracle specific build files flannel-cni-plugin [1.1.2-3] - Resolve CVE-2023-44487 and CVE-2023-39325 [1.1.2-2] - Add ARM build support helm [3.12.0-3] - address CVE-2023-44487 and CVE-2023-39325 [-] - Add support for ARM build istio [1.17.8-1] - Added Oracle specific files for 1.17.8-1 kata [1.12.1-14] - Updated to address CVE-2023-44487 and CVE-2023-39325 [1.12.1-13] - Rebuild kata to fix timestamp issue [1.12.1-12] - Add support for ARM build kata-agent [1.12.1-9] - Updated to address CVE-2023-44487 and CVE-2023-39325 [1.12.1-8] - Remove build_date global variable in kata-image specfile [1.12.1-7] - Add support for ARM build kata-image [1.12.1-9] - Updated to address CVE-2023-44487 and CVE-2023-39325 [1.12.1-8] - Remove build_date global variable in specfile [1.12.1-7] - Add support for ARM build kata-ksm-throttler [1.12.1-9] - Updated to address CVE-2023-44487 and CVE-2023-39325 [1.12.1-8] - Bump release inline with other kata packages for fixing timestamp issue [1.12.1-7] - Add support for ARM build kata-proxy [1.12.1-9] - Updated to address CVE-2023-44487 and CVE-2023-39325 [1.12.1-8] - Bump release inline with other kata packages for fixing timestamp issue [1.12.1-7] - Add support for ARM build kata-runtime [1.12.1-9] - Updated to address CVE-2023-44487 and CVE-2023-39325 [1.12.1-8] - Bump release inline with other kata packages for fixing timestamp issue [1.12.1-7] - Add support for ARM build kata-shim [1.12.1-9] - Updated to address CVE-2023-44487 and CVE-2023-39325 [1.12.1-8] - Bump release inline with other kata packages for fixing timestamp issue [1.12.1-7] - Add support for ARM build kubernetes [1.26.10-2] - Allow dashes DNS image [1.26.10-1] - Added Oracle specific build files for Kubernetes kubernetes-cni [1.1.2-3] - Resolve CVE-2023-44487 and CVE-2023-39325 [1.1.2-2] - Add support for ARM build kubernetes-cni-plugins [1.2.0-4] - Fix go.mod [1.2.0-3] - Resolve CVE-2023-44487 and CVE-2023-39325 [1.2.0-2] - Add support for ARM build [1.2.0-1] - Added Oracle specific build files for Kubernetes CNI Plugins kubevirt [0.58.0-4] - Updated to address CVE-2023-44487 and CVE-2023-39325 olcne [1.7.5-17] - Fix update issue from 1.6.x -> 1.7.5 [1.7.5-16] - Pass imagetag to the metallb tool that converts configmap to crs [1.7.5-15] - Fix metallb upgrade failure when proxy is needed [1.7.5-14] - Update conmon to 2.1.3-7 in scripts [1.7.5-13] - Update module-operator to address CVE-2023-44487, CVE-2023-39325 [1.7.5-12] - Update multus-cni 3.9.3 to address CVE-2023-44487 and CVE-2023-39325 [1.7.5-11] - Update multus-cni 4.0.1 to address CVE-2023-44487 and CVE-2023-39325 [1.7.5-10] - Update metallb 0.13.9 to address CVE-2023-44487 and CVE-2023-39325 [1.7.5-9] - Update externalip-webhook 1.0.0 to address CVE-2023-44487 and CVE-2023-39325 [1.7.5-8] - Update calico-3.25.0 and 3.25.1 to address CVE-2023-44487, CVE-2023-39325 [1.7.5-7] - Update rook-1.10.9 and 1.11.6 to address golang CVE-2023-44487, CVE-2023-39325 [1.7.5-6] - update configmap-registry to 1.28.0 and update olm 0.23.1 to address CVE-2023-44487 and CVE-2023-39325 [1.7.5-5] - Update Istio, Grafana, Prometheus, and Kubernetes-dashboard to address CVE's - CVE-2023-44487 - CVE-2023-39325 [1.7.5-4] - update helm 3.12.0 to Address CVE-2023-44487 and CVE-2023-39325 [1.7.5-3] - Update kubernetes and components to address golang CVE-2023-44487, CVE-2023-39325 [1.7.5-2] - Add olm 0.23.1 charts [1.7.5-1] - Update kubevirt 0.58.0 to address CVE-2023-44487 and CVE-2023-39325 yq [4.34.1-3] - address CVE-2023-44487 and CVE-2023-3932A [4.34.1-2] - Add support for ARM build IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-39325 CVE-2023-44487 cpe:/a:oracle:linux:9::olcne18 cpe:/a:oracle:linux:9::olcne17 Oracle Linux 9 [102.9.0-3.0.1] - Updated homepages to use https [Orabug: 34648274] [102.9.0-3] - Update to 102.9.0 build2 [102.9.0-2] - removed disable-openh264-download [102.9.0-1] - Update to 102.9.0 build1 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-28164 CVE-2023-25751 CVE-2023-25752 CVE-2023-28176 CVE-2023-28162 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_base Oracle Linux 9 [3.79.0-17] - fix consistency return errors. We shouldn't lock the FIPS token if the application asked for invalid DH parameters on on keygen. [3.79.0-16] - Add check for RSA PSS Salt required by FIPS - Update fips_algorithms.sh according to the review. [3.79.0-15] - Fix CVE-2023-0767 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-0767 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [102.9.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.9.0-1] - Update to 102.9.0 build1 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-25751 CVE-2023-28162 CVE-2023-25752 CVE-2023-28164 CVE-2023-28176 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_base Oracle Linux 9 - [5.14.0-162.22.2_1.OL9] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944] - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] [5.14.0-162.22.2_1] - tun: avoid double free in tun_free_netdev (Jon Maloy) [2156373] {CVE-2022-4744} [5.14.0-162.22.1_1] - ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (Jaroslav Kysela) [2163390 2125540] {CVE-2023-0266} [5.14.0-162.21.1_1] - s390/boot: add secure boot trailer (Tobias Huschle) [2151528 2141966] - s390/kexec: fix ipl report address for kdump (Tobias Huschle) [2166903 2161327] - s390/qeth: cache link_info for ethtool (Tobias Huschle) [2166304 2110436] - scsi: zfcp: Fix missing auto port scan and thus missing target ports (Tobias Huschle) [2127880 2121088] [5.14.0-162.20.1_1] - cgroup/cpuset: remove unreachable code (Waiman Long) [2161105 1946801] - kselftest/cgroup: Add cpuset v2 partition root state test (Waiman Long) [2161105 1946801] - cgroup/cpuset: Update description of cpuset.cpus.partition in cgroup-v2.rst (Waiman Long) [2161105 1946801] - cgroup/cpuset: Make partition invalid if cpumask change violates exclusivity rule (Waiman Long) [2161105 1946801] - cgroup/cpuset: Relocate a code block in validate_change() (Waiman Long) [2161105 1946801] - cgroup/cpuset: Show invalid partition reason string (Waiman Long) [2161105 1946801] - cgroup/cpuset: Add a new isolated cpus.partition type (Waiman Long) [2161105 1946801] - cgroup/cpuset: Relax constraints to partition & cpus changes (Waiman Long) [2161105 1946801] - cgroup/cpuset: Allow no-task partition to have empty cpuset.cpus.effective (Waiman Long) [2161105 1946801] - cgroup/cpuset: Miscellaneous cleanups & add helper functions (Waiman Long) [2161105 1946801] - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (Waiman Long) [2161105 1946801] - cpuset: convert 'allowed' in __cpuset_node_allowed() to be boolean (Waiman Long) [2161105 1946801] - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (Waiman Long) [2161105 1946801] - cgroup: cleanup comments (Waiman Long) [2161105 1946801] - act_mirred: use the backlog for nested calls to mirred ingress (Davide Caratti) [2164655 2150278] {CVE-2022-4269} - net/sched: act_mirred: better wording on protection against excessive stack growth (Davide Caratti) [2164655 2150278] {CVE-2022-4269} - scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (Emanuele Giuseppe Esposito) [2170227 2150660] [5.14.0-162.19.1_1] - sched/core: Use kfree_rcu() in do_set_cpus_allowed() (Waiman Long) [2160614 2143847] - sched/core: Fix use-after-free bug in dup_user_cpus_ptr() (Waiman Long) [2160614 2143847] - sched: Always clear user_cpus_ptr in do_set_cpus_allowed() (Waiman Long) [2143766 2107354] - sched: Enforce user requested affinity (Waiman Long) [2143766 2107354] - sched: Always preserve the user requested cpumask (Waiman Long) [2143766 2107354] - sched: Introduce affinity_context (Waiman Long) [2143766 2107354] - sched: Add __releases annotations to affine_move_task() (Waiman Long) [2143766 2107354] - x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (Dean Nelson) [2168382 2122851] - x86/fpu: Exclude dynamic states from init_fpstate (Dean Nelson) [2168382 2122851] - x86/fpu: Fix the init_fpstate size check with the actual size (Dean Nelson) [2168382 2122851] - x86/fpu: Configure init_fpstate attributes orderly (Dean Nelson) [2168382 2122851] - x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (Dean Nelson) [2168382 2122851] IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-4269 CVE-2022-4744 CVE-2023-0266 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:1:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [1.12.0-5.2] - xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability Resolves: bz#2180308 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-1393 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 httpd [2.4.53-7.0.1.5] - Replace index.html with Oracle's index page oracle_index.html. [2.4.53-7.5] - Resolves: #2177751 - CVE-2023-25690 httpd: HTTP request splitting with mod_rewrite and mod_proxy mod_http2 [1.15.19-3.5] - Resolves: #2177751 - CVE-2023-25690 httpd: HTTP request splitting with mod_rewrite and mod_proxy [1.15.19-3] - Resolves: #2066311 - CVE-2021-44224 httpd: possible NULL dereference or SSRF in forward proxy configurations IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-25690 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [13.10-1] - Update to 13.10 - Resolves: #2114734 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-2625 CVE-2022-41862 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:2:appstream_base Oracle Linux 9 [2.4.17-3.2] - Reject empty http header field names (CVE-2023-25725, #2174174) [2.4.17-3.1] - Refuse interim responses with end-stream flag set (CVE-2023-0056, #2174172) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-25725 CVE-2023-0056 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [7.76.1-19.el9_1.2] - fix HTTP multi-header compression denial of service (CVE-2023-23916) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-23916 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:1:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 - [5.14.0-162.23.1_1.OL9] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944] - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] [5.14.0-162.23.1_1] - ovl: fail on invalid uid/gid mapping at copy up (Miklos Szeredi) [2165344 2165345] {CVE-2023-0386} - intel_idle: make SPR C1 and C1E be independent (David Arcari) [2168361 2125352] - intel_idle: Add a new flag to initialize the AMX state (David Arcari) [2168361 2117766] - x86/fpu: Add a helper to prepare AMX state for low-power CPU idle (David Arcari) [2168361 2117766] - x86/insn: Add AMX instructions to the x86 instruction decoder (Michael Petlan) [2168361 2140492] - futex: Resend potentially swallowed owner death notification (Rafael Aquini) [2168836 2161817] - tun: avoid double free in tun_free_netdev (Jon Maloy) [2156373 2156374] {CVE-2022-4744} IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-0386 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:1:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [102.10.0-1.0.1] - Updated homepages to use https [Orabug: 34648274] [102.10.0-1] - Update to 102.10.0 build1 [102.9.0-4] - Update to 102.9.0 build2 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-1945 CVE-2023-29539 CVE-2023-29541 CVE-2023-29533 CVE-2023-29550 CVE-2023-29536 CVE-2023-29535 CVE-2023-29548 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [102.10.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.10.0-2] - Update to 102.10.0 build2 [102.10.0-1] - Update to 102.10.0 build1 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-1945 CVE-2023-28427 CVE-2023-29541 CVE-2023-29550 CVE-2023-29533 CVE-2023-29539 CVE-2023-29535 CVE-2023-29536 CVE-2023-29479 CVE-2023-0547 CVE-2023-29548 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [17.0.7.0.7-1.0.1] - Replace upstream references [Orabug: 34340155] [1:17.0.7.0.7-1] - Update to jdk-17.0.7.0+7 - Update release notes to 17.0.7.0+7 - Require tzdata 2023c due to local inclusion of JDK-8274864 & JDK-8305113 - Update generate_tarball.sh to add support for passing a boot JDK to the configure run - Add POSIX-friendly error codes to generate_tarball.sh and fix whitespace - Remove .jcheck and GitHub support when generating tarballs, as done in upstream release tarballs - Update FIPS support against 17.0.7+6 and bring in latest changes: - * RH2134669: Add missing attributes when registering services in FIPS mode. - * test/jdk/sun/security/pkcs11/fips/VerifyMissingAttributes.java: fixed jtreg main class - * RH1940064: Enable XML Signature provider in FIPS mode - * RH2173781: Avoid calling C_GetInfo() too early, before cryptoki is initialized - ** This tarball is embargoed until 2023-04-18 @ 1pm PT. ** - Resolves: rhbz#2185182 - Resolves: rhbz#2186804 - Resolves: rhbz#2186811 - Resolves: rhbz#2186807 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-21967 CVE-2023-21930 CVE-2023-21954 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21968 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [11.0.19.0.7-1.0.1] - Replace upstream references [Orabug: 34340155] [1:11.0.19.0.7-1] - Update to jdk-11.0.19.0+7 - Update release notes to 11.0.19.0+7 - Require tzdata 2023c due to local inclusion of JDK-8274864 & JDK-8305113 - Update generate_tarball.sh to add support for passing a boot JDK to the configure run - Add POSIX-friendly error codes to generate_tarball.sh and fix whitespace - Remove .jcheck and GitHub support when generating tarballs, as done in upstream release tarballs - Rebase FIPS support against 11.0.19+6 - Rebase RH1750419 alt-java patch against 11.0.19+6 - ** This tarball is embargoed until 2023-04-18 @ 1pm PT. ** - Resolves: rhbz#2185182 [1:11.0.18.0.10-3] - Add missing release note for JDK-8295687 - Resolves: rhbz#2160111 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-21938 CVE-2023-21939 CVE-2023-21930 CVE-2023-21954 CVE-2023-21968 CVE-2023-21937 CVE-2023-21967 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1.8.0.372.b07-1.0.1] - Replace upstream references [Orabug: 34340145] [1:1.8.0.372.b07-1] - Update to shenandoah-jdk8u372-b07 (GA) - Update release notes for shenandoah-8u372-b07. - Require tzdata 2023c due to inclusion of JDK-8305113 in 8u372-b07 - Reintroduce jconsole-plugin.patch from RHEL 9 - Update generate_tarball.sh to add support for passing a boot JDK to the configure run - Add POSIX-friendly error codes to generate_tarball.sh and fix whitespace - Remove .jcheck and GitHub support when generating tarballs, as done in upstream release tarballs - Drop JDK-8275535/RH2053256 patch which is now upstream - Include JDK-8271199 backport early ahead of 8u382 (RH2175317) - ** This tarball is embargoed until 2023-04-18 @ 1pm PT. ** - Resolves: rhbz#2185182 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-21954 CVE-2023-21967 CVE-2023-21968 CVE-2023-21939 CVE-2023-21937 CVE-2023-21930 CVE-2023-21938 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [2.36.7-1.3] - Add patch for CVE-2023-28205 Resolves: #2185744 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-28205 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1:27.2-6.1] - Fix ob-latex.el command injection vulnerability (#2180589) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-28617 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1.2.0-6] - Fix tools subpackage dependency [1.2.0-4] - Added fix for mzbz#1819244 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-1999 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [4.6-3.0.1] - Add libreswan-oracle.patch to detect Oracle Linux distro [4.6-3.1] - Resolves: rhbz#2187170 fix handling of IKEv1 aggressive mode packets IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-30570 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [4.16.4-103.0.1] - Fix memleak in _nss_winbind_initgroups_dyn [Orabug: 34994509] [4.16.4-103] - related: rhbz#2154372 - Add additional patches for CVE-2022-38023 [4.16.4-102] - Fix CVE-2022-38023 - resolves: rhbz#2154372 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-38023 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:1:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [4.10.0-43] - fence_vmware_soap: set login_timeout lower than default pcmk_monitor_timeout (20s) to remove tmp dirs Resolves: rhbz#2122944 [4.10.0-42] - fencing/fence_wti: add --plug-separator to be able to avoid characters that are in node name(s) Resolves: rhbz#2152107 [4.10.0-41] - fence_scsi: skip key generation during validate-all action Resolves: rhbz#2160480 [4.10.0-40] - fence_virtd: add info about multiple uuid/ip entries to manpage Resolves: rhbz#2149655 [4.10.0-39] - fence_virtd: warn if config or key file(s) are not mode 600 Resolves: rhbz#2144531 [4.10.0-37] - Upgrade bundled python-oauthlib Resolves: rhbz#2128564 [4.10.0-36] - fence_virtd: add link to uri examples and uri w/socket path example for when VMS are run as non-root user to manpage Resolves: rhbz#2138823 [4.10.0-35] - fence_ibm_powervs: improve defaults Resolves: rhbz#2136191 [4.10.0-34] - fence_lpar: only output additional output info on DEBUG level Resolves: rhbz#2134015 [4.10.0-33] - fence_virt: add note that reboot-action doesnt power on nodes that are powered off Resolves: rhbz#2132008 [4.10.0-32] - add azure-identity and dependencies Resolves: rhbz#2121546 [4.10.0-31] - fence_ibm_vpc: add token cache support Resolves: rhbz#2111998 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-36087 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::distro_builder cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::addons Oracle Linux 9 [7.2.0-14] - Rebuild for 9.2 release - Resolves: bz#2173590 (bugs in emulation of BMI instructions (for libguestfs without KVM)) - Resolves: bz#2156876 ([virtual network][rhel7.9_guest] qemu-kvm: vhost vring error in virtqueue 1: Invalid argument (22)) [7.2.0-13] - kvm-target-i386-fix-operand-size-of-unary-SSE-operations.patch [bz#2173590] - kvm-tests-tcg-i386-Introduce-and-use-reg_t-consistently.patch [bz#2173590] - kvm-target-i386-Fix-BEXTR-instruction.patch [bz#2173590] - kvm-target-i386-Fix-C-flag-for-BLSI-BLSMSK-BLSR.patch [bz#2173590] - kvm-target-i386-fix-ADOX-followed-by-ADCX.patch [bz#2173590] - kvm-target-i386-Fix-32-bit-AD-CO-X-insns-in-64-bit-mode.patch [bz#2173590] - kvm-target-i386-Fix-BZHI-instruction.patch [bz#2173590] - kvm-intel-iommu-fail-DEVIOTLB_UNMAP-without-dt-mode.patch [bz#2156876] - Resolves: bz#2173590 (bugs in emulation of BMI instructions (for libguestfs without KVM)) - Resolves: bz#2156876 ([virtual network][rhel7.9_guest] qemu-kvm: vhost vring error in virtqueue 1: Invalid argument (22)) [7.2.0-12] - kvm-scsi-protect-req-aiocb-with-AioContext-lock.patch [bz#2155748] - kvm-dma-helpers-prevent-dma_blk_cb-vs-dma_aio_cancel-rac.patch [bz#2155748] - kvm-virtio-scsi-reset-SCSI-devices-from-main-loop-thread.patch [bz#2155748] - kvm-qatomic-add-smp_mb__before-after_rmw.patch [bz#2175660] - kvm-qemu-thread-posix-cleanup-fix-document-QemuEvent.patch [bz#2175660] - kvm-qemu-thread-win32-cleanup-fix-document-QemuEvent.patch [bz#2175660] - kvm-edu-add-smp_mb__after_rmw.patch [bz#2175660] - kvm-aio-wait-switch-to-smp_mb__after_rmw.patch [bz#2175660] - kvm-qemu-coroutine-lock-add-smp_mb__after_rmw.patch [bz#2175660] - kvm-physmem-add-missing-memory-barrier.patch [bz#2175660] - kvm-async-update-documentation-of-the-memory-barriers.patch [bz#2175660] - kvm-async-clarify-usage-of-barriers-in-the-polling-case.patch [bz#2175660] - Resolves: bz#2155748 (qemu crash on void blk_drain(BlockBackend *): Assertion qemu_in_main_thread() failed) - Resolves: bz#2175660 (Guest hangs when starting or rebooting) [7.2.0-11] - kvm-hw-smbios-fix-field-corruption-in-type-4-table.patch [bz#2169904] - Resolves: bz#2169904 ([SVVP] job 'Check SMBIOS Table Specific Requirements' failed on win2022) [7.2.0-10] - kvm-block-temporarily-hold-the-new-AioContext-of-bs_top-.patch [bz#2168209] - Resolves: bz#2168209 (Qemu coredump after do snapshot of mirrored top image and its converted base image(iothread enabled)) [7.2.0-9] - kvm-tests-qtest-netdev-test-stream-and-dgram-backends.patch [bz#2169232] - kvm-net-stream-add-a-new-option-to-automatically-reconne.patch [bz#2169232] - kvm-linux-headers-Update-to-v6.1.patch [bz#2158704] - kvm-util-userfaultfd-Add-uffd_open.patch [bz#2158704] - kvm-util-userfaultfd-Support-dev-userfaultfd.patch [bz#2158704] - kvm-io-Add-support-for-MSG_PEEK-for-socket-channel.patch [bz#2169732] - kvm-migration-check-magic-value-for-deciding-the-mapping.patch [bz#2169732] - kvm-target-s390x-arch_dump-Fix-memory-corruption-in-s390.patch [bz#2168172] - Resolves: bz#2169232 (RFE: reconnect option for stream socket back-end) - Resolves: bz#2158704 (RFE: Prefer /dev/userfaultfd over userfaultfd(2) syscall) - Resolves: bz#2169732 (Multifd migration fails under a weak network/socket ordering race) - Resolves: bz#2168172 ([s390x] qemu-kvm coredumps when SE crashes) [7.2.0-8] - kvm-qcow2-Fix-theoretical-corruption-in-store_bitmap-err.patch [bz#2150180] - kvm-qemu-img-commit-Report-errors-while-closing-the-imag.patch [bz#2150180] - kvm-qemu-img-bitmap-Report-errors-while-closing-the-imag.patch [bz#2150180] - kvm-qemu-iotests-Test-qemu-img-bitmap-commit-exit-code-o.patch [bz#2150180] - kvm-accel-tcg-Test-CPUJumpCache-in-tb_jmp_cache_clear_pa.patch [bz#2165280] - kvm-block-Improve-empty-format-specific-info-dump.patch [bz#1860292] - kvm-block-file-Add-file-specific-image-info.patch [bz#1860292] - kvm-block-vmdk-Change-extent-info-type.patch [bz#1860292] - kvm-block-Split-BlockNodeInfo-off-of-ImageInfo.patch [bz#1860292] - kvm-qemu-img-Use-BlockNodeInfo.patch [bz#1860292] - kvm-block-qapi-Let-bdrv_query_image_info-recurse.patch [bz#1860292] - kvm-block-qapi-Introduce-BlockGraphInfo.patch [bz#1860292] - kvm-block-qapi-Add-indentation-to-bdrv_node_info_dump.patch [bz#1860292] - kvm-iotests-Filter-child-node-information.patch [bz#1860292] - kvm-iotests-106-214-308-Read-only-one-size-line.patch [bz#1860292] - kvm-qemu-img-Let-info-print-block-graph.patch [bz#1860292] - kvm-qemu-img-Change-info-key-names-for-protocol-nodes.patch [bz#1860292] - kvm-Revert-vhost-user-Monitor-slave-channel-in-vhost_use.patch [bz#2155173] - kvm-Revert-vhost-user-Introduce-nested-event-loop-in-vho.patch [bz#2155173] - kvm-virtio-rng-pci-fix-transitional-migration-compat-for.patch [bz#2162569] - Resolves: bz#2150180 (qemu-img finishes successfully while having errors in commit or bitmaps operations) - Resolves: bz#2165280 ([kvm-unit-tests] debug-wp-migration fails) - Resolves: bz#1860292 (RFE: add extent_size_hint information to qemu-img info) - Resolves: bz#2155173 ([vhost-user] unable to start vhost net: 71: falling back on userspace) - Resolves: bz#2162569 ([transitional device][virtio-rng-pci-transitional]Stable Guest ABI failed between RHEL 8.6 to RHEL 9.2) [7.2.0-7] - kvm-vdpa-use-v-shadow_vqs_enabled-in-vhost_vdpa_svqs_sta.patch [bz#2104412] - kvm-vhost-set-SVQ-device-call-handler-at-SVQ-start.patch [bz#2104412] - kvm-vhost-allocate-SVQ-device-file-descriptors-at-device.patch [bz#2104412] - kvm-vhost-move-iova_tree-set-to-vhost_svq_start.patch [bz#2104412] - kvm-vdpa-add-vhost_vdpa_net_valid_svq_features.patch [bz#2104412] - kvm-vdpa-request-iova_range-only-once.patch [bz#2104412] - kvm-vdpa-move-SVQ-vring-features-check-to-net.patch [bz#2104412] - kvm-vdpa-allocate-SVQ-array-unconditionally.patch [bz#2104412] - kvm-vdpa-add-asid-parameter-to-vhost_vdpa_dma_map-unmap.patch [bz#2104412] - kvm-vdpa-store-x-svq-parameter-in-VhostVDPAState.patch [bz#2104412] - kvm-vdpa-add-shadow_data-to-vhost_vdpa.patch [bz#2104412] - kvm-vdpa-always-start-CVQ-in-SVQ-mode-if-possible.patch [bz#2104412] - kvm-vdpa-fix-VHOST_BACKEND_F_IOTLB_ASID-flag-check.patch [bz#2104412] - kvm-spec-Disable-VDUSE.patch [bz#2128222] - Resolves: bz#2104412 (vDPA ASID support in Qemu) - Resolves: bz#2128222 (VDUSE block export should be disabled in builds for now) [7.2.0-6] - kvm-virtio_net-Modify-virtio_net_get_config-to-early-ret.patch [bz#2141088] - kvm-virtio_net-copy-VIRTIO_NET_S_ANNOUNCE-if-device-mode.patch [bz#2141088] - kvm-vdpa-handle-VIRTIO_NET_CTRL_ANNOUNCE-in-vhost_vdpa_n.patch [bz#2141088] - kvm-vdpa-do-not-handle-VIRTIO_NET_F_GUEST_ANNOUNCE-in-vh.patch [bz#2141088] - kvm-s390x-pv-Implement-a-CGS-check-helper.patch [bz#2122523] - kvm-s390x-pci-coalesce-unmap-operations.patch [bz#2163701] - kvm-s390x-pci-shrink-DMA-aperture-to-be-bound-by-vfio-DM.patch [bz#2163701] - kvm-s390x-pci-reset-ISM-passthrough-devices-on-shutdown-.patch [bz#2163701] - kvm-qga-linux-add-usb-support-to-guest-get-fsinfo.patch [bz#2149191] - Resolves: bz#2141088 (vDPA SVQ guest announce support) - Resolves: bz#2122523 (Secure guest can't boot with maximal number of vcpus (248)) - Resolves: bz#2163701 ([s390x] VM fails to start with ISM passed through) - Resolves: bz#2149191 ([RFE][guest-agent] - USB bus type support) [7.2.0-5] - kvm-virtio-introduce-macro-VIRTIO_CONFIG_IRQ_IDX.patch [bz#1905805] - kvm-virtio-pci-decouple-notifier-from-interrupt-process.patch [bz#1905805] - kvm-virtio-pci-decouple-the-single-vector-from-the-inter.patch [bz#1905805] - kvm-vhost-introduce-new-VhostOps-vhost_set_config_call.patch [bz#1905805] - kvm-vhost-vdpa-add-support-for-config-interrupt.patch [bz#1905805] - kvm-virtio-add-support-for-configure-interrupt.patch [bz#1905805] - kvm-vhost-add-support-for-configure-interrupt.patch [bz#1905805] - kvm-virtio-net-add-support-for-configure-interrupt.patch [bz#1905805] - kvm-virtio-mmio-add-support-for-configure-interrupt.patch [bz#1905805] - kvm-virtio-pci-add-support-for-configure-interrupt.patch [bz#1905805] - kvm-s390x-s390-virtio-ccw-Activate-zPCI-features-on-s390.patch [bz#2159408] - kvm-vhost-fix-vq-dirty-bitmap-syncing-when-vIOMMU-is-ena.patch [bz#2124856] - kvm-block-drop-bdrv_remove_filter_or_cow_child.patch [bz#2155112] - kvm-qed-Don-t-yield-in-bdrv_qed_co_drain_begin.patch [bz#2155112] - kvm-test-bdrv-drain-Don-t-yield-in-.bdrv_co_drained_begi.patch [bz#2155112] - kvm-block-Revert-.bdrv_drained_begin-end-to-non-coroutin.patch [bz#2155112] - kvm-block-Remove-drained_end_counter.patch [bz#2155112] - kvm-block-Inline-bdrv_drain_invoke.patch [bz#2155112] - kvm-block-Fix-locking-for-bdrv_reopen_queue_child.patch [bz#2155112] - kvm-block-Drain-individual-nodes-during-reopen.patch [bz#2155112] - kvm-block-Don-t-use-subtree-drains-in-bdrv_drop_intermed.patch [bz#2155112] - kvm-stream-Replace-subtree-drain-with-a-single-node-drai.patch [bz#2155112] - kvm-block-Remove-subtree-drains.patch [bz#2155112] - kvm-block-Call-drain-callbacks-only-once.patch [bz#2155112] - kvm-block-Remove-ignore_bds_parents-parameter-from-drain.patch [bz#2155112] - kvm-block-Drop-out-of-coroutine-in-bdrv_do_drained_begin.patch [bz#2155112] - kvm-block-Don-t-poll-in-bdrv_replace_child_noperm.patch [bz#2155112] - kvm-block-Remove-poll-parameter-from-bdrv_parent_drained.patch [bz#2155112] - kvm-accel-introduce-accelerator-blocker-API.patch [bz#1979276] - kvm-KVM-keep-track-of-running-ioctls.patch [bz#1979276] - kvm-kvm-Atomic-memslot-updates.patch [bz#1979276] - Resolves: bz#1905805 (support config interrupt in vhost-vdpa qemu) - Resolves: bz#2159408 ([s390x] VMs with ISM passthrough don't autostart after leapp upgrade from RHEL 8) - Resolves: bz#2124856 (VM with virtio interface and iommu=on will crash when try to migrate) - Resolves: bz#2155112 (Qemu coredump after do snapshot of mirrored top image and its converted base image(iothread enabled)) - Resolves: bz#1979276 (SVM: non atomic memslot updates cause boot failure with seabios and cpu-pm=on) [7.2.0-4] - kvm-virtio-rng-pci-fix-migration-compat-for-vectors.patch [bz#2155749] - kvm-Update-QGA-service-for-new-command-line.patch [bz#2156515] - Resolves: bz#2155749 ([regression][stable guest abi][qemu-kvm7.2]Migration failed due to virtio-rng device between RHEL8.8 and RHEL9.2/MSI-X) - Resolves: bz#2156515 ([guest-agent] Replace '-blacklist' to '-block-rpcs' in qemu-ga config file) [7.2.0-3] - kvm-hw-arm-virt-Introduce-virt_set_high_memmap-helper.patch [bz#2113840] - kvm-hw-arm-virt-Rename-variable-size-to-region_size-in-v.patch [bz#2113840] - kvm-hw-arm-virt-Introduce-variable-region_base-in-virt_s.patch [bz#2113840] - kvm-hw-arm-virt-Introduce-virt_get_high_memmap_enabled-h.patch [bz#2113840] - kvm-hw-arm-virt-Improve-high-memory-region-address-assig.patch [bz#2113840] - kvm-hw-arm-virt-Add-compact-highmem-property.patch [bz#2113840] - kvm-hw-arm-virt-Add-properties-to-disable-high-memory-re.patch [bz#2113840] - kvm-hw-arm-virt-Enable-compat-high-memory-region-address.patch [bz#2113840] - Resolves: bz#2113840 ([RHEL9.2] Memory mapping optimization for virt machine) [7.2.0-2] - Fix updating from 7.1.0 - kvm-redhat-fix-virt-rhel9.2.0-compat-props.patch[bz#2154640] - Resolves: bz#2154640 ([aarch64] qemu fails to load 'efi-virtio.rom' romfile when creating virtio-net-pci) [7.2.0-1] - Rebase to QEMU 7.2.0 [bz#2135806] - Resolves: bz#2135806 (Rebase to QEMU 7.2 for RHEL 9.2.0) [7.1.0-7] - kvm-hw-acpi-erst.c-Fix-memory-handling-issues.patch [bz#2149108] - Resolves: bz#2149108 (CVE-2022-4172 qemu-kvm: QEMU: ACPI ERST: memory corruption issues in read_erst_record and write_erst_record [rhel-9]) [7.1.0-6] - kvm-block-move-bdrv_qiov_is_aligned-to-file-posix.patch [bz#2143170] - kvm-block-use-the-request-length-for-iov-alignment.patch [bz#2143170] - Resolves: bz#2143170 (The installation can not start when install files (iso) locate on a 4k disk) [7.1.0-5] - kvm-rtl8139-Remove-unused-variable.patch [bz#2141218] - kvm-qemu-img-remove-unused-variable.patch [bz#2141218] - kvm-host-libusb-Remove-unused-variable.patch [bz#2141218] - Resolves: bz#2141218 (qemu-kvm build fails with clang 15.0.1 due to false unused variable error) [7.1.0-4] - kvm-Revert-intel_iommu-Fix-irqchip-X2APIC-configuration-.patch [bz#2126095] - Resolves: bz#2126095 ([rhel9.2][intel_iommu]Booting guest with '-device intel-iommu,intremap=on,device-iotlb=on,caching-mode=on' causes kernel call trace) [7.1.0-3] - kvm-target-i386-kvm-fix-kvmclock_current_nsec-Assertion-.patch [bz#2108531] - Resolves: bz#2108531 (Windows guest reboot after migration with wsl2 installed inside) [7.1.0-2] - kvm-vdpa-Skip-the-maps-not-in-the-iova-tree.patch [RHELX-57] - kvm-vdpa-do-not-save-failed-dma-maps-in-SVQ-iova-tree.patch [RHELX-57] - kvm-util-accept-iova_tree_remove_parameter-by-value.patch [RHELX-57] - kvm-vdpa-Remove-SVQ-vring-from-iova_tree-at-shutdown.patch [RHELX-57] - kvm-vdpa-Make-SVQ-vring-unmapping-return-void.patch [RHELX-57] - kvm-vhost-Always-store-new-kick-fd-on-vhost_svq_set_svq_.patch [RHELX-57] - kvm-vdpa-Use-ring-hwaddr-at-vhost_vdpa_svq_unmap_ring.patch [RHELX-57] - kvm-vhost-stop-transfer-elem-ownership-in-vhost_handle_g.patch [RHELX-57] - kvm-vhost-use-SVQ-element-ndescs-instead-of-opaque-data-.patch [RHELX-57] - kvm-vhost-Delete-useless-read-memory-barrier.patch [RHELX-57] - kvm-vhost-Do-not-depend-on-NULL-VirtQueueElement-on-vhos.patch [RHELX-57] - kvm-vhost_net-Add-NetClientInfo-start-callback.patch [RHELX-57] - kvm-vhost_net-Add-NetClientInfo-stop-callback.patch [RHELX-57] - kvm-vdpa-add-net_vhost_vdpa_cvq_info-NetClientInfo.patch [RHELX-57] - kvm-vdpa-Move-command-buffers-map-to-start-of-net-device.patch [RHELX-57] - kvm-vdpa-extract-vhost_vdpa_net_cvq_add-from-vhost_vdpa_.patch [RHELX-57] - kvm-vhost_net-add-NetClientState-load-callback.patch [RHELX-57] - kvm-vdpa-Add-virtio-net-mac-address-via-CVQ-at-start.patch [RHELX-57] - kvm-vdpa-Delete-CVQ-migration-blocker.patch [RHELX-57] - kvm-vdpa-Make-VhostVDPAState-cvq_cmd_in_buffer-control-a.patch [RHELX-57] - kvm-vdpa-extract-vhost_vdpa_net_load_mac-from-vhost_vdpa.patch [RHELX-57] - kvm-vdpa-Add-vhost_vdpa_net_load_mq.patch [RHELX-57] - kvm-vdpa-validate-MQ-CVQ-commands.patch [RHELX-57] - kvm-virtio-net-Update-virtio-net-curr_queue_pairs-in-vdp.patch [RHELX-57] - kvm-vdpa-Allow-MQ-feature-in-SVQ.patch [RHELX-57] - kvm-i386-reset-KVM-nested-state-upon-CPU-reset.patch [bz#2125281] - kvm-i386-do-kvm_put_msr_feature_control-first-thing-when.patch [bz#2125281] - kvm-Revert-Re-enable-capstone-internal-build.patch [bz#2127825] - kvm-spec-Use-capstone-package.patch [bz#2127825] - Resolves: RHELX-57 (vDPA SVQ Multiqueue support ) - Resolves: bz#2125281 ([RHEL9.1] Guests in VMX root operation fail to reboot with QEMU's 'system_reset' command [rhel-9.2.0]) - Resolves: bz#2127825 (Use capstone for qemu-kvm build) [7.1.0-1] - Rebase to QEMU 7.1.0 [bz#2111769] - Resolves: bz#2111769 (Rebase to QEMU 7.1.0) [7.0.0-11] - kvm-QIOChannelSocket-Fix-zero-copy-flush-returning-code-.patch [bz#2107466] - kvm-Add-dirty-sync-missed-zero-copy-migration-stat.patch [bz#2107466] - kvm-migration-multifd-Report-to-user-when-zerocopy-not-w.patch [bz#2107466] - kvm-migration-Avoid-false-positive-on-non-supported-scen.patch [bz#2107466] - kvm-migration-add-remaining-params-has_-true-in-migratio.patch [bz#2107466] - kvm-QIOChannelSocket-Add-support-for-MSG_ZEROCOPY-IPV6.patch [bz#2107466] - kvm-pc-bios-s390-ccw-Fix-booting-with-logical-block-size.patch [bz#2112303] - kvm-vdpa-Fix-bad-index-calculus-at-vhost_vdpa_get_vring_.patch [bz#2116876] - kvm-vdpa-Fix-index-calculus-at-vhost_vdpa_svqs_start.patch [bz#2116876] - kvm-vdpa-Fix-memory-listener-deletions-of-iova-tree.patch [bz#2116876] - kvm-vdpa-Fix-file-descriptor-leak-on-get-features-error.patch [bz#2116876] - Resolves: bz#2107466 (zerocopy capability can be enabled when set migrate capabilities with multifd and compress/xbzrle together) - Resolves: bz#2112303 (virtio-blk: Can't boot fresh installation from used 512 cluster_size image under certain conditions) - Resolves: bz#2116876 (Fixes for vDPA control virtqueue support in Qemu) [7.0.0-10] - kvm-vhost-Track-descriptor-chain-in-private-at-SVQ.patch [bz#1939363] - kvm-vhost-Fix-device-s-used-descriptor-dequeue.patch [bz#1939363] - kvm-hw-virtio-Replace-g_memdup-by-g_memdup2.patch [bz#1939363] - kvm-vhost-Fix-element-in-vhost_svq_add-failure.patch [bz#1939363] - kvm-meson-create-have_vhost_-variables.patch [bz#1939363] - kvm-meson-use-have_vhost_-variables-to-pick-sources.patch [bz#1939363] - kvm-vhost-move-descriptor-translation-to-vhost_svq_vring.patch [bz#1939363] - kvm-virtio-net-Expose-MAC_TABLE_ENTRIES.patch [bz#1939363] - kvm-virtio-net-Expose-ctrl-virtqueue-logic.patch [bz#1939363] - kvm-vdpa-Avoid-compiler-to-squash-reads-to-used-idx.patch [bz#1939363] - kvm-vhost-Reorder-vhost_svq_kick.patch [bz#1939363] - kvm-vhost-Move-vhost_svq_kick-call-to-vhost_svq_add.patch [bz#1939363] - kvm-vhost-Check-for-queue-full-at-vhost_svq_add.patch [bz#1939363] - kvm-vhost-Decouple-vhost_svq_add-from-VirtQueueElement.patch [bz#1939363] - kvm-vhost-Add-SVQDescState.patch [bz#1939363] - kvm-vhost-Track-number-of-descs-in-SVQDescState.patch [bz#1939363] - kvm-vhost-add-vhost_svq_push_elem.patch [bz#1939363] - kvm-vhost-Expose-vhost_svq_add.patch [bz#1939363] - kvm-vhost-add-vhost_svq_poll.patch [bz#1939363] - kvm-vhost-Add-svq-avail_handler-callback.patch [bz#1939363] - kvm-vdpa-Export-vhost_vdpa_dma_map-and-unmap-calls.patch [bz#1939363] - kvm-vhost-net-vdpa-add-stubs-for-when-no-virtio-net-devi.patch [bz#1939363] - kvm-vdpa-manual-forward-CVQ-buffers.patch [bz#1939363] - kvm-vdpa-Buffer-CVQ-support-on-shadow-virtqueue.patch [bz#1939363] - kvm-vdpa-Extract-get-features-part-from-vhost_vdpa_get_m.patch [bz#1939363] - kvm-vdpa-Add-device-migration-blocker.patch [bz#1939363] - kvm-vdpa-Add-x-svq-to-NetdevVhostVDPAOptions.patch [bz#1939363] - kvm-redhat-Update-linux-headers-linux-kvm.h-to-v5.18-rc6.patch [bz#2111994] - kvm-target-s390x-kvm-Honor-storage-keys-during-emulation.patch [bz#2111994] - kvm-kvm-don-t-use-perror-without-useful-errno.patch [bz#2095608] - kvm-multifd-Copy-pages-before-compressing-them-with-zlib.patch [bz#2099934] - kvm-Revert-migration-Simplify-unqueue_page.patch [bz#2099934] - Resolves: bz#1939363 (vDPA control virtqueue support in Qemu) - Resolves: bz#2111994 (RHEL9: skey test in kvm_unit_test got failed) - Resolves: bz#2095608 (Please correct the error message when try to start qemu with '-M kernel-irqchip=split') - Resolves: bz#2099934 (Guest reboot on destination host after postcopy migration completed) [7.0.0-9] - kvm-virtio-iommu-Add-bypass-mode-support-to-assigned-dev.patch [bz#2100106] - kvm-virtio-iommu-Use-recursive-lock-to-avoid-deadlock.patch [bz#2100106] - kvm-virtio-iommu-Add-an-assert-check-in-translate-routin.patch [bz#2100106] - kvm-virtio-iommu-Fix-the-partial-copy-of-probe-request.patch [bz#2100106] - kvm-virtio-iommu-Fix-migration-regression.patch [bz#2100106] - kvm-pc-bios-s390-ccw-virtio-Introduce-a-macro-for-the-DA.patch [bz#2098077] - kvm-pc-bios-s390-ccw-bootmap-Improve-the-guessing-logic-.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-blkdev-Simplify-fix-virtio_i.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-blkdev-Remove-virtio_assume_.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-Set-missing-status-bits-whil.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-Read-device-config-after-fea.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-Beautify-the-code-for-readin.patch [bz#2098077] - kvm-pc-bios-s390-ccw-Split-virtio-scsi-code-from-virtio_.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-blkdev-Request-the-right-fea.patch [bz#2098077] - kvm-pc-bios-s390-ccw-netboot.mak-Ignore-Clang-s-warnings.patch [bz#2098077] - kvm-hw-block-fdc-Prevent-end-of-track-overrun-CVE-2021-3.patch [bz#1951522] - kvm-tests-qtest-fdc-test-Add-a-regression-test-for-CVE-2.patch [bz#1951522] - Resolves: bz#2100106 (Fix virtio-iommu/vfio bypass) - Resolves: bz#2098077 (virtio-blk: Can't boot fresh installation from used virtio-blk dasd disk under certain conditions) - Resolves: bz#1951522 (CVE-2021-3507 qemu-kvm: QEMU: fdc: heap buffer overflow in DMA read data transfers [rhel-9.0]) [7.0.0-8] - kvm-tests-avocado-update-aarch64_virt-test-to-exercise-c.patch [bz#2060839] - kvm-RHEL-only-tests-avocado-Switch-aarch64-tests-from-a5.patch [bz#2060839] - kvm-RHEL-only-AArch64-Drop-unsupported-CPU-types.patch [bz#2060839] - kvm-target-i386-deprecate-CPUs-older-than-x86_64-v2-ABI.patch [bz#2060839] - kvm-target-s390x-deprecate-CPUs-older-than-z14.patch [bz#2060839] - kvm-target-arm-deprecate-named-CPU-models.patch [bz#2060839] - kvm-meson.build-Fix-docker-test-build-alpine-when-includ.patch [bz#1968509] - kvm-QIOChannel-Add-flags-on-io_writev-and-introduce-io_f.patch [bz#1968509] - kvm-QIOChannelSocket-Implement-io_writev-zero-copy-flag-.patch [bz#1968509] - kvm-migration-Add-zero-copy-send-parameter-for-QMP-HMP-f.patch [bz#1968509] - kvm-migration-Add-migrate_use_tls-helper.patch [bz#1968509] - kvm-multifd-multifd_send_sync_main-now-returns-negative-.patch [bz#1968509] - kvm-multifd-Send-header-packet-without-flags-if-zero-cop.patch [bz#1968509] - kvm-multifd-Implement-zero-copy-write-in-multifd-migrati.patch [bz#1968509] - kvm-QIOChannelSocket-Introduce-assert-and-reduce-ifdefs-.patch [bz#1968509] - kvm-QIOChannelSocket-Fix-zero-copy-send-so-socket-flush-.patch [bz#1968509] - kvm-migration-Change-zero_copy_send-from-migration-param.patch [bz#1968509] - kvm-migration-Allow-migrate-recover-to-run-multiple-time.patch [bz#2096143] - Resolves: bz#2060839 (Consider deprecating CPU models like 'kvm64' / 'qemu64' on RHEL 9) - Resolves: bz#1968509 (Use MSG_ZEROCOPY on QEMU Live Migration) - Resolves: bz#2096143 (The migration port is not released if use it again for recovering postcopy migration) [7.0.0-7] - kvm-coroutine-ucontext-use-QEMU_DEFINE_STATIC_CO_TLS.patch [bz#1952483] - kvm-coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch [bz#1952483] - kvm-coroutine-win32-use-QEMU_DEFINE_STATIC_CO_TLS.patch [bz#1952483] - kvm-Enable-virtio-iommu-pci-on-x86_64.patch [bz#2094252] - kvm-linux-aio-fix-unbalanced-plugged-counter-in-laio_io_.patch [bz#2092788] - kvm-linux-aio-explain-why-max-batch-is-checked-in-laio_i.patch [bz#2092788] - Resolves: bz#1952483 (RFE: QEMU's coroutines fail with CFLAGS=-flto on non-x86_64 architectures) - Resolves: bz#2094252 (Compile the virtio-iommu device on x86_64) - Resolves: bz#2092788 (Stalled IO Operations in VM) [7.0.0-6] - kvm-Introduce-event-loop-base-abstract-class.patch [bz#2031024] - kvm-util-main-loop-Introduce-the-main-loop-into-QOM.patch [bz#2031024] - kvm-util-event-loop-base-Introduce-options-to-set-the-th.patch [bz#2031024] - kvm-qcow2-Improve-refcount-structure-rebuilding.patch [bz#2072379] - kvm-iotests-108-Test-new-refcount-rebuild-algorithm.patch [bz#2072379] - kvm-qcow2-Add-errp-to-rebuild_refcount_structure.patch [bz#2072379] - kvm-iotests-108-Fix-when-missing-user_allow_other.patch [bz#2072379] - kvm-virtio-net-setup-vhost_dev-and-notifiers-for-cvq-onl.patch [bz#2070804] - kvm-virtio-net-align-ctrl_vq-index-for-non-mq-guest-for-.patch [bz#2070804] - kvm-vhost-vdpa-fix-improper-cleanup-in-net_init_vhost_vd.patch [bz#2070804] - kvm-vhost-net-fix-improper-cleanup-in-vhost_net_start.patch [bz#2070804] - kvm-vhost-vdpa-backend-feature-should-set-only-once.patch [bz#2070804] - kvm-vhost-vdpa-change-name-and-polarity-for-vhost_vdpa_o.patch [bz#2070804] - kvm-virtio-net-don-t-handle-mq-request-in-userspace-hand.patch [bz#2070804] - kvm-Revert-globally-limit-the-maximum-number-of-CPUs.patch [bz#2094270] - kvm-vfio-common-remove-spurious-warning-on-vfio_listener.patch [bz#2086262] - Resolves: bz#2031024 (Add support for fixing thread pool size [QEMU]) - Resolves: bz#2072379 (Fail to rebuild the reference count tables of qcow2 image on host block devices (e.g. LVs)) - Resolves: bz#2070804 (PXE boot crash qemu when using multiqueue vDPA) - Resolves: bz#2094270 (Do not set the hard vCPU limit to the soft vCPU limit in downstream qemu-kvm anymore) - Resolves: bz#2086262 ([Win11][tpm]vfio_listener_region_del received unaligned region) [7.0.0-5] - kvm-qemu-nbd-Pass-max-connections-to-blockdev-layer.patch [bz#1708300] - kvm-nbd-server-Allow-MULTI_CONN-for-shared-writable-expo.patch [bz#1708300] - Resolves: bz#1708300 (RFE: qemu-nbd vs NBD_FLAG_CAN_MULTI_CONN) [7.0.0-4] - kvm-qapi-machine.json-Add-cluster-id.patch [bz#2041823] - kvm-qtest-numa-test-Specify-CPU-topology-in-aarch64_numa.patch [bz#2041823] - kvm-hw-arm-virt-Consider-SMP-configuration-in-CPU-topolo.patch [bz#2041823] - kvm-qtest-numa-test-Correct-CPU-and-NUMA-association-in-.patch [bz#2041823] - kvm-hw-arm-virt-Fix-CPU-s-default-NUMA-node-ID.patch [bz#2041823] - kvm-hw-acpi-aml-build-Use-existing-CPU-topology-to-build.patch [bz#2041823] - kvm-coroutine-Rename-qemu_coroutine_inc-dec_pool_size.patch [bz#2079938] - kvm-coroutine-Revert-to-constant-batch-size.patch [bz#2079938] - kvm-virtio-scsi-fix-ctrl-and-event-handler-functions-in-.patch [bz#2079347] - kvm-virtio-scsi-don-t-waste-CPU-polling-the-event-virtqu.patch [bz#2079347] - kvm-virtio-scsi-clean-up-virtio_scsi_handle_event_vq.patch [bz#2079347] - kvm-virtio-scsi-clean-up-virtio_scsi_handle_ctrl_vq.patch [bz#2079347] - kvm-virtio-scsi-clean-up-virtio_scsi_handle_cmd_vq.patch [bz#2079347] - kvm-virtio-scsi-move-request-related-items-from-.h-to-.c.patch [bz#2079347] - kvm-Revert-virtio-scsi-Reject-scsi-cd-if-data-plane-enab.patch [bz#1995710] - kvm-migration-Fix-operator-type.patch [bz#2064530] - Resolves: bz#2041823 ([aarch64][numa] When there are at least 6 Numa nodes serial log shows 'arch topology borken') - Resolves: bz#2079938 (qemu coredump when boot with multi disks (qemu) failed to set up stack guard page: Cannot allocate memory) - Resolves: bz#2079347 (Guest boot blocked when scsi disks using same iothread and 100% CPU consumption) - Resolves: bz#1995710 (RFE: Allow virtio-scsi CD-ROM media change with IOThreads) - Resolves: bz#2064530 (Rebuild qemu-kvm with clang-14) [7.0.0-3] - kvm-hw-arm-virt-Remove-the-dtb-kaslr-seed-machine-option.patch [bz#2046029] - kvm-hw-arm-virt-Fix-missing-initialization-in-instance-c.patch [bz#2046029] - kvm-Enable-virtio-iommu-pci-on-aarch64.patch [bz#1477099] - kvm-sysemu-tpm-Add-a-stub-function-for-TPM_IS_CRB.patch [bz#2037612] - kvm-vfio-common-remove-spurious-tpm-crb-cmd-misalignment.patch [bz#2037612] - Resolves: bz#2046029 ([WRB] New machine type property - dtb-kaslr-seed) - Resolves: bz#1477099 (virtio-iommu (including ACPI, VHOST/VFIO integration, migration support)) - Resolves: bz#2037612 ([Win11][tpm][QL41112 PF] vfio_listener_region_add received unaligned region) [7.0.0-2] - kvm-configs-devices-aarch64-softmmu-Enable-CONFIG_VIRTIO.patch [bz#2044162] - kvm-target-ppc-cpu-models-Fix-ppc_cpu_aliases-list-for-R.patch [bz#2081022] - Resolves: bz#2044162 ([RHEL9.1] Enable virtio-mem as tech-preview on ARM64 QEMU) - Resolves: bz#2081022 (Build regression on ppc64le with c9s qemu-kvm 7.0.0-1 changes) [7.0.0-1] - Rebase to QEMU 7.0.0 [bz#2064757] - Do not build ssh block driver anymore [bz#2064500] - Removed hpet and parallel port support [bz#2065042] - Compatibility support [bz#2064782 bz#2064771] - Resolves: bz#2064757 (Rebase to QEMU 7.0.0) - Resolves: bz#2064500 (Install qemu-kvm-6.2.0-11.el9_0.1 failed as conflict with qemu-kvm-block-ssh-6.2.0-11.el9_0.1) - Resolves: bz#2065042 (Remove upstream-only devices from the qemu-kvm binary) - Resolves: bz#2064782 (Update machine type compatibility for QEMU 7.0.0 update [s390x]) - Resolves: bz#2064771 (Update machine type compatibility for QEMU 7.0.0 update [x86_64]) [6.2.0-13] - kvm-RHEL-disable-seqpacket-for-vhost-vsock-device-in-rhe.patch [bz#2065589] - Resolves: bz#2065589 (RHEL 9.0 guest with vsock device migration failed from RHEL 9.0 > RHEL 8.6 [rhel-9.1.0]) [6.2.0-12] - kvm-RHEL-mark-old-machine-types-as-deprecated.patch [bz#2062813] - kvm-hw-virtio-vdpa-Fix-leak-of-host-notifier-memory-regi.patch [bz#2062828] - kvm-spec-Fix-obsolete-for-spice-subpackages.patch [bz#2062819 bz#2062817] - kvm-spec-Obsolete-old-usb-redir-subpackage.patch [bz#2062819] - kvm-spec-Obsolete-ssh-driver.patch [bz#2062817] - Resolves: bz#2062828 ([virtual network][rhel9][vDPA] qemu crash after hot unplug vdpa device [rhel-9.1.0]) - Resolves: bz#2062819 (Broken upgrade path due to qemu-kvm-hw-usbredir rename [rhel-9.1.0]) - Resolves: bz#2062817 (Missing qemu-kvm-block-ssh obsolete breaks upgrade path [rhel-9.1.0]) - Resolves: bz#2062813 (Mark all RHEL-8 and earlier machine types as deprecated [rhel-9.1.0]) [6.2.0-11] - kvm-spec-Remove-qemu-virtiofsd.patch [bz#2055284] - Resolves: bz#2055284 (Remove the qemu-virtiofsd subpackage) [6.2.0-10] - kvm-Revert-ui-clipboard-Don-t-use-g_autoptr-just-to-free.patch [bz#2042820] - kvm-ui-avoid-compiler-warnings-from-unused-clipboard-inf.patch [bz#2042820] - kvm-ui-clipboard-fix-use-after-free-regression.patch [bz#2042820] - kvm-ui-vnc.c-Fixed-a-deadlock-bug.patch [bz#2042820] - kvm-memory-Fix-incorrect-calls-of-log_global_start-stop.patch [bz#2044818] - kvm-memory-Fix-qemu-crash-on-starting-dirty-log-twice-wi.patch [bz#2044818] - Resolves: bz#2042820 (qemu crash when try to copy and paste contents from client to VM) - Resolves: bz#2044818 (Qemu Core Dumped when migrate -> migrate_cancel -> migrate again during guest is paused) [6.2.0-9] - kvm-block-Lock-AioContext-for-drain_end-in-blockdev-reop.patch [bz#2046659] - kvm-iotests-Test-blockdev-reopen-with-iothreads-and-thro.patch [bz#2046659] - kvm-block-nbd-Delete-reconnect-delay-timer-when-done.patch [bz#2033626] - kvm-block-nbd-Assert-there-are-no-timers-when-closed.patch [bz#2033626] - kvm-iotests.py-Add-QemuStorageDaemon-class.patch [bz#2033626] - kvm-iotests-281-Test-lingering-timers.patch [bz#2033626] - kvm-block-nbd-Move-s-ioc-on-AioContext-change.patch [bz#2033626] - kvm-iotests-281-Let-NBD-connection-yield-in-iothread.patch [bz#2033626] - Resolves: bz#2046659 (qemu crash after execute blockdev-reopen with iothread) - Resolves: bz#2033626 (Qemu core dump when start guest with nbd node or do block jobs to nbd node) [6.2.0-8] - kvm-numa-Enable-numa-for-SGX-EPC-sections.patch [bz#2033708] - kvm-numa-Support-SGX-numa-in-the-monitor-and-Libvirt-int.patch [bz#2033708] - kvm-doc-Add-the-SGX-numa-description.patch [bz#2033708] - kvm-Enable-SGX-RH-Only.patch [bz#2033708] - kvm-qapi-Cleanup-SGX-related-comments-and-restore-sectio.patch [bz#2033708] - kvm-block-io-Update-BSC-only-if-want_zero-is-true.patch [bz#2041461] - kvm-iotests-block-status-cache-New-test.patch [bz#2041461] - kvm-iotests-Test-qemu-img-convert-of-zeroed-data-cluster.patch [bz#1882917] - kvm-qemu-img-make-is_allocated_sectors-more-efficient.patch [bz#1882917] - kvm-block-backend-prevent-dangling-BDS-pointers-across-a.patch [bz#2040123] - kvm-iotests-stream-error-on-reset-New-test.patch [bz#2040123] - kvm-hw-arm-smmuv3-Fix-device-reset.patch [bz#2042481] - Resolves: bz#2033708 ([Intel 9.0 Feat] qemu-kvm: SGX 1.5 (SGX1 + Flexible Launch Control) support) - Resolves: bz#2041461 (Inconsistent block status reply in qemu-nbd) - Resolves: bz#1882917 (the target image size is incorrect when converting a badly fragmented file) - Resolves: bz#2040123 (Qemu core dumped when do block-stream to a snapshot node on non-enough space storage) - Resolves: bz#2042481 ([aarch64] Launch guest with 'default-bus-bypass-iommu=off,iommu=smmuv3' and 'iommu_platform=on', guest hangs after system_reset) [6.2.0-7] - kvm-qemu-storage-daemon-Add-vhost-user-blk-help.patch [bz#1962088] - kvm-qemu-storage-daemon-Fix-typo-in-vhost-user-blk-help.patch [bz#1962088] - kvm-virtiofsd-Drop-membership-of-all-supplementary-group.patch [bz#2046201] - kvm-block-rbd-fix-handling-of-holes-in-.bdrv_co_block_st.patch [bz#2034791] - kvm-block-rbd-workaround-for-ceph-issue-53784.patch [bz#2034791] - Resolves: bz#1962088 ([QSD] wrong help message for the fuse) - Resolves: bz#2046201 (CVE-2022-0358 qemu-kvm: QEMU: virtiofsd: potential privilege escalation via CVE-2018-13405 [rhel-9.0]) - Resolves: bz#2034791 (Booting from Local Snapshot Core Dumped Whose Backing File Is Based on RBD) [6.2.0-6] - Moving feature support out of qemu-kvm-core to separate packages (can cause loss of functionality when using only qemu-kvm-core - qemu-kvm keeps same feature set). - kvm-spec-Rename-qemu-kvm-hw-usbredir-to-qemu-kvm-device-.patch [bz#2022847] - kvm-spec-Split-qemu-kvm-ui-opengl.patch [bz#2022847] - kvm-spec-Introduce-packages-for-virtio-gpu-modules.patch [bz#2022847] - kvm-spec-Introduce-device-display-virtio-vga-packages.patch [bz#2022847] - kvm-spec-Move-usb-host-module-to-separate-package.patch [bz#2022847] - kvm-spec-Move-qtest-accel-module-to-tests-package.patch [bz#2022847] - kvm-spec-Extend-qemu-kvm-core-description.patch [bz#2022847] - Resolves: bz#2022847 (qemu-kvm: Align package split with Fedora) [6.2.0-5] - kvm-x86-Add-q35-RHEL-8.6.0-machine-type.patch [bz#1945666] - kvm-x86-Add-q35-RHEL-9.0.0-machine-type.patch [bz#1945666] - kvm-softmmu-fix-device-deletion-events-with-device-JSON-.patch [bz#2036669] - Resolves: bz#1945666 (9.0: x86 machine types) - Resolves: bz#2036669 (DEVICE_DELETED event is not delivered for device frontend if -device is configured via JSON) [6.2.0-4] - kvm-block-nvme-fix-infinite-loop-in-nvme_free_req_queue_.patch [bz#2024544] - kvm-rhel-machine-types-x86-set-prefer_sockets.patch [bz#2028623] - Resolves: bz#2024544 (Fio workers hangs when running fio with 32 jobs iodepth 32 and QEMU's userspace NVMe driver) - Resolves: bz#2028623 ([9.0] machine types: 6.2: Fix prefer_sockets) [6.2.0-3] - kvm-hw-arm-virt-Register-iommu-as-a-class-property.patch [bz#2031044] - kvm-hw-arm-virt-Register-its-as-a-class-property.patch [bz#2031044] - kvm-hw-arm-virt-Rename-default_bus_bypass_iommu.patch [bz#2031044] - kvm-hw-arm-virt-Expose-the-RAS-option.patch [bz#2031044] - kvm-hw-arm-virt-Add-9.0-machine-type-and-remove-8.5-one.patch [bz#2031044] - kvm-hw-arm-virt-Check-no_tcg_its-and-minor-style-changes.patch [bz#2031044] - Resolves: bz#2031044 (Add rhel-9.0.0 machine types for RHEL 9.0 [aarch64]) [6.2.0-2] - kvm-redhat-Add-rhel8.6.0-and-rhel9.0.0-machine-types-for.patch [bz#2008060] - kvm-redhat-Enable-virtio-mem-as-tech-preview-on-x86-64.patch [bz#2014484] - Resolves: bz#2008060 (Fix CPU Model for new IBM Z Hardware - qemu part) - Resolves: bz#2014484 ([RHEL9] Enable virtio-mem as tech-preview on x86-64 - QEMU) [6.2.0-1] - Rebase to QEMU 6.2.0 [bz#2027697] - Resolves: bz#2027697 (Rebase to QEMU 6.2.0) [6.1.0-8] - kvm-Move-ksmtuned-files-to-separate-package.patch [bz#1971678] - Resolves: bz#1971678 (Split out ksmtuned package from qemu-kvm) [6.1.0-7] - kvm-migration-Make-migration-blocker-work-for-snapshots-.patch [bz#1996609] - kvm-migration-Add-migrate_add_blocker_internal.patch [bz#1996609] - kvm-dump-guest-memory-Block-live-migration.patch [bz#1996609] - kvm-spec-Build-the-VDI-block-driver.patch [bz#2013331] - kvm-spec-Explicitly-include-compress-filter.patch [bz#1980035] - Resolves: bz#1996609 (Qemu hit core dump when dump guest memory during live migration) - Resolves: bz#2013331 (RFE: qemu-img cannot convert from vdi format) - Resolves: bz#1980035 (RFE: Enable compress filter so we can create new, compressed qcow2 files via qemu-nbd) [6.1.0-6] - kvm-hw-arm-virt-Add-hw_compat_rhel_8_5-to-8.5-machine-ty.patch [bz#1998942] - Resolves: bz#1998942 (Add machine type compatibility update for 6.1 rebase [aarch64]) [6.1.0-5] - kvm-virtio-balloon-Fix-page-poison-subsection-name.patch [bz#1984401] - kvm-spec-Remove-block-curl-and-block-ssh-dependency.patch [bz#2010985] - Resolves: bz#1984401 (fails to revert snapshot of a VM [balloon/page-poison]) - Resolves: bz#2010985 (Remove dependency on qemu-kvm-block-curl and qemu-kvm-block-ssh [rhel-9.0.0]) [6.1.0-4] - kvm-redhat-Define-hw_compat_rhel_8_5.patch [bz#1998943] - kvm-redhat-Add-s390x-machine-type-compatibility-update-f.patch [bz#1998943] - Resolves: bz#1998943 (Add machine type compatibility update for 6.1 rebase [s390x]) [6.1.0-3] - kvm-disable-sga-device.patch [bz#2000845] - kvm-tools-virtiofsd-Add-fstatfs64-syscall-to-the-seccomp.patch [bz#2005026] - Resolves: bz#2000845 (RFE: Remove SGA, deprecate cirrus, and set defaults for QEMU machine-types in RHEL9) - Resolves: bz#2005026 ([s390][virtio-fs] Umount virtiofs shared folder failure from guest side [rhel-9.0.0]) [6.1.0-2] - kvm-hw-arm-virt-Remove-9.0-machine-type.patch [bz#2002937] - kvm-remove-sgabios-dependency.patch [bz#2000845] - kvm-enable-pulseaudio.patch [bz#1997725] - kvm-spec-disable-use-of-gcrypt-for-crypto-backends-in-fa.patch [bz#1990068] - Resolves: bz#2002937 ([qemu][aarch64] Remove 9.0 machine types in arm virt for 9-Beta) - Resolves: bz#2000845 (RFE: Remove SGA, deprecate cirrus, and set defaults for QEMU machine-types in RHEL9) - Resolves: bz#1997725 (RFE: enable pulseaudio backend on QEMU) - Resolves: bz#1990068 (Disable use of gcrypt for crypto backends in favour of gnutls) [6.1.0-1] - Rebase to QEMU 6.1.0 [bz#1997408] - Resolves: #bz#1997408 (Rebase to QEMU 6.1.0) [6.0.0-13] - kvm-qcow2-Deprecation-warning-when-opening-v2-images-rw.patch [bz#1951814] - kvm-disable-ac97-audio.patch [bz#1995819] - kvm-redhat-Disable-LTO-on-non-x86-architectures.patch [bz#1950192] - kvm-redhat-Enable-the-test-block-iothread-test-again.patch [bz#1950192] - Resolves: bz#1951814 (RFE: Warning when using qcow2-v2 (compat=0.10)) - Resolves: bz#1995819 (RFE: Remove ac97 audio support from QEMU) - Resolves: bz#1950192 (RHEL9: when ioeventfd=off and 8.4guest, (qemu) qemu-kvm: ../util/qemu-coroutine-lock.c:57: qemu_co_queue_wait_impl: Assertion qemu_in_coroutine()' failed.) [6.0.0-12.el9] - kvm-migration-Move-yank-outside-qemu_start_incoming_migr.patch [bz#1974683] - kvm-migration-Allow-reset-of-postcopy_recover_triggered-.patch [bz#1974683] - kvm-Remove-RHEL-7.0.0-machine-type.patch [bz#1968519] - kvm-Remove-RHEL-7.1.0-machine-type.patch [bz#1968519] - kvm-Remove-RHEL-7.2.0-machine-type.patch [bz#1968519] - kvm-Remove-RHEL-7.3.0-machine-types.patch [bz#1968519] - kvm-Remove-RHEL-7.4.0-machine-types.patch [bz#1968519] - kvm-Remove-RHEL-7.5.0-machine-types.patch [bz#1968519] - kvm-acpi-pc-revert-back-to-v5.2-PCI-slot-enumeration.patch [bz#1957194] - kvm-migration-failover-reset-partially_hotplugged.patch [bz#1957194] - kvm-hmp-Fix-loadvm-to-resume-the-VM-on-success-instead-o.patch [bz#1957194] - kvm-migration-Move-bitmap_mutex-out-of-migration_bitmap_.patch [bz#1957194] - kvm-i386-cpu-Expose-AVX_VNNI-instruction-to-guest.patch [bz#1957194] - kvm-ratelimit-protect-with-a-mutex.patch [bz#1957194] - kvm-Update-Linux-headers-to-5.13-rc4.patch [bz#1957194] - kvm-i386-Add-ratelimit-for-bus-locks-acquired-in-guest.patch [bz#1957194] - kvm-iothread-generalize-iothread_set_param-iothread_get_.patch [bz#1957194] - kvm-iothread-add-aio-max-batch-parameter.patch [bz#1957194] - kvm-linux-aio-limit-the-batch-size-using-aio-max-batch-p.patch [bz#1957194] - kvm-block-nvme-Fix-VFIO_MAP_DMA-failed-No-space-left-on-.patch [bz#1957194] - kvm-migration-move-wait-unplug-loop-to-its-own-function.patch [bz#1957194] - kvm-migration-failover-continue-to-wait-card-unplug-on-e.patch [bz#1957194] - kvm-aarch64-Add-USB-storage-devices.patch [bz#1957194] - kvm-iotests-Improve-and-rename-test-291-to-qemu-img-bitm.patch [bz#1957194] - kvm-qemu-img-Fail-fast-on-convert-bitmaps-with-inconsist.patch [bz#1957194] - kvm-qemu-img-Add-skip-broken-bitmaps-for-convert-bitmaps.patch [bz#1957194] - kvm-audio-Never-send-migration-section.patch [bz#1957194] - kvm-pc-bios-s390-ccw-bootmap-Silence-compiler-warning-fr.patch [bz#1939509 bz#1940132] - kvm-pc-bios-s390-ccw-Use-reset_psw-pointer-instead-of-ha.patch [bz#1939509 bz#1940132] - kvm-pc-bios-s390-ccw-netboot-Use-Wl-prefix-to-pass-param.patch [bz#1939509 bz#1940132] - kvm-pc-bios-s390-ccw-Silence-warning-from-Clang-by-marki.patch [bz#1939509 bz#1940132] - kvm-pc-bios-s390-ccw-Fix-the-cc-option-macro-in-the-Make.patch [bz#1939509 bz#1940132] - kvm-pc-bios-s390-ccw-Silence-GCC-11-stringop-overflow-wa.patch [bz#1939509 bz#1940132] - kvm-pc-bios-s390-ccw-Allow-building-with-Clang-too.patch [bz#1939509 bz#1940132] - kvm-pc-bios-s390-ccw-Fix-inline-assembly-for-older-versi.patch [bz#1939509 bz#1940132] - kvm-configure-Fix-endianess-test-with-LTO.patch [bz#1939509 bz#1940132] - kvm-spec-Switch-toolchain-to-Clang-LLVM.patch [bz#1939509 bz#1940132] - kvm-spec-Use-safe-stack-for-x86_64.patch [bz#1939509 bz#1940132] - kvm-spec-Reenable-write-support-for-VMDK-etc.-in-tools.patch [bz#1989841] - Resolves: bz#1974683 (Fail to set migrate incoming for 2nd time after the first time failed) - Resolves: bz#1968519 (Remove all the old 7.0-7.5 machine types) - Resolves: bz#1957194 (Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta) - Resolves: bz#1939509 (QEMU: enable SafeStack) - Resolves: bz#1940132 (QEMU: switch build toolchain to Clang/LLVM) - Resolves: bz#1989841 (RFE: qemu-img cannot convert images into vmdk and vpc formats) [17:6.0.0-11.1] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [6.0.0-11] - kvm-arm-virt-Register-iommu-as-a-class-property.patch [bz#1838608] - kvm-arm-virt-Register-its-as-a-class-property.patch [bz#1838608] - kvm-arm-virt-Enable-ARM-RAS-support.patch [bz#1838608] - kvm-block-Fix-in_flight-leak-in-request-padding-error-pa.patch [bz#1972079] - kvm-spec-Remove-buildldflags.patch [bz#1973029] - kvm-spec-Use-make_build-macro.patch [bz#1973029] - kvm-spec-Drop-make-install-sharedir-and-datadir-usage.patch [bz#1973029] - kvm-spec-use-make_install-macro.patch [bz#1973029] - kvm-spec-parallelize-make-check.patch [bz#1973029] - kvm-spec-Drop-explicit-build-id.patch [bz#1973029] - kvm-spec-use-build_ldflags.patch [bz#1973029] - kvm-Move-virtiofsd-to-separate-package.patch [bz#1979728] - kvm-Utilize-firmware-configure-option.patch [bz#1980139] - Resolves: bz#1838608 (aarch64: Enable ARMv8 RAS virtualization support) - Resolves: bz#1972079 (Windows Installation blocked on 4k disk when using blk+raw+iothread) - Resolves: bz#1973029 (Spec file cleanups) - Resolves: bz#1979728 (Split out virtiofsd subpackage) - Resolves: bz#1980139 (Use configure --firmwarepath more) [6.0.0-10] - kvm-s390x-css-Introduce-an-ESW-struct.patch [bz#1957194] - kvm-s390x-css-Split-out-the-IRB-sense-data.patch [bz#1957194] - kvm-s390x-css-Refactor-IRB-construction.patch [bz#1957194] - kvm-s390x-css-Add-passthrough-IRB.patch [bz#1957194] - kvm-vhost-user-blk-Fail-gracefully-on-too-large-queue-si.patch [bz#1957194] - kvm-vhost-user-blk-Make-sure-to-set-Error-on-realize-fai.patch [bz#1957194] - kvm-vhost-user-blk-Don-t-reconnect-during-initialisation.patch [bz#1957194] - kvm-vhost-user-blk-Improve-error-reporting-in-realize.patch [bz#1957194] - kvm-vhost-user-blk-Get-more-feature-flags-from-vhost-dev.patch [bz#1957194] - kvm-virtio-Fail-if-iommu_platform-is-requested-but-unsup.patch [bz#1957194] - kvm-vhost-user-blk-Check-that-num-queues-is-supported-by.patch [bz#1957194] - kvm-vhost-user-Fix-backends-without-multiqueue-support.patch [bz#1957194] - kvm-file-posix-fix-max_iov-for-dev-sg-devices.patch [bz#1957194] - kvm-scsi-generic-pass-max_segments-via-max_iov-field-in-.patch [bz#1957194] - kvm-osdep-provide-ROUND_DOWN-macro.patch [bz#1957194] - kvm-block-backend-align-max_transfer-to-request-alignmen.patch [bz#1957194] - kvm-block-add-max_hw_transfer-to-BlockLimits.patch [bz#1957194] - kvm-file-posix-try-BLKSECTGET-on-block-devices-too-do-no.patch [bz#1957194] - kvm-block-Add-option-to-use-driver-whitelist-even-in-too.patch [bz#1957782] - kvm-spec-Restrict-block-drivers-in-tools.patch [bz#1957782] - kvm-Move-tools-to-separate-package.patch [bz#1972285] - kvm-Split-qemu-pr-helper-to-separate-package.patch [bz#1972300] - kvm-spec-RPM_BUILD_ROOT-buildroot.patch [bz#1973029] - kvm-spec-More-use-of-name-instead-of-qemu-kvm.patch [bz#1973029] - kvm-spec-Use-qemu-pr-helper.service-from-qemu.git.patch [bz#1973029] - kvm-spec-Use-_sourcedir-for-referencing-sources.patch [bz#1973029] - kvm-spec-Add-tools_only.patch [bz#1973029] - kvm-spec-build-Add-run_configure-helper.patch [bz#1973029] - kvm-spec-build-Disable-more-bits-with-disable_everything.patch [bz#1973029] - kvm-spec-build-Add-macros-for-some-configure-parameters.patch [bz#1973029] - kvm-spec-files-Move-qemu-guest-agent-and-qemu-img-earlie.patch [bz#1973029] - kvm-spec-install-Remove-redundant-bits.patch [bz#1973029] - kvm-spec-install-Add-modprobe_kvm_conf-macro.patch [bz#1973029] - kvm-spec-install-Remove-qemu-guest-agent-etc-qemu-kvm-us.patch [bz#1973029] - kvm-spec-install-clean-up-qemu-ga-section.patch [bz#1973029] - kvm-spec-install-Use-a-single-tools_only-section.patch [bz#1973029] - kvm-spec-Make-tools_only-not-cross-spec-sections.patch [bz#1973029] - kvm-spec-install-Limit-time-spent-in-qemu_kvm_build.patch [bz#1973029] - kvm-spec-misc-syntactic-merges-with-Fedora.patch [bz#1973029] - kvm-spec-Use-Fedora-s-pattern-for-specifying-rc-version.patch [bz#1973029] - kvm-spec-files-don-t-use-fine-grained-docs-file-list.patch [bz#1973029] - kvm-spec-files-Add-licenses-to-qemu-common-too.patch [bz#1973029] - kvm-spec-install-Drop-python3-shebang-fixup.patch [bz#1973029] - Resolves: bz#1957194 (Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta) - Resolves: bz#1957782 (VMDK support should be read-only) - Resolves: bz#1972285 (Split out a qemu-kvm-tools subpackage) - Resolves: bz#1972300 (Split out a qemu-pr-helper subpackage) - Resolves: bz#1973029 (Spec file cleanups) [6.0.0-9] - kvm-s390x-cpumodel-add-3931-and-3932.patch [bz#1932191] - kvm-spapr-Fix-EEH-capability-issue-on-KVM-guest-for-PCI-.patch [bz#1957194] - kvm-ppc-pef.c-initialize-cgs-ready-in-kvmppc_svm_init.patch [bz#1957194] - kvm-redhat-Move-qemu-kvm-docs-dependency-to-qemu-kvm.patch [bz#1957194] - kvm-redhat-introducting-qemu-kvm-hw-usbredir.patch [bz#1957194] - kvm-redhat-use-the-standard-vhost-user-JSON-path.patch [bz#1957194] - Resolves: bz#1932191 ([IBM 9.0 FEAT] CPU Model for new IBM Z Hardware - qemu part (kvm)) - Resolves: bz#1957194 (Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta) [6.0.0-8] - kvm-Disable-TPM-passthrough.patch [bz#1978911] - kvm-redhat-Replace-the-kvm-setup.service-with-a-etc-modu.patch [bz#1978837] - Resolves: bz#1978911 (Remove TPM Passthrough option from RHEL 9) - Resolves: bz#1978837 (Remove/replace kvm-setup.service) [6.0.0-7] - kvm-aarch64-rh-devices-add-CONFIG_PXB.patch [bz#1967502] - kvm-virtio-gpu-handle-partial-maps-properly.patch [bz#1974795] - kvm-x86-Add-x86-rhel8.5-machine-types.patch [bz#1957194] - kvm-redhat-x86-Enable-kvm-asyncpf-int-by-default.patch [bz#1957194] - kvm-block-backend-add-drained_poll.patch [bz#1957194] - kvm-nbd-server-Use-drained-block-ops-to-quiesce-the-serv.patch [bz#1957194] - kvm-disable-CONFIG_USB_STORAGE_BOT.patch [bz#1957194] - kvm-doc-Fix-some-mistakes-in-the-SEV-documentation.patch [bz#1957194] - kvm-docs-Add-SEV-ES-documentation-to-amd-memory-encrypti.patch [bz#1957194] - kvm-docs-interop-firmware.json-Add-SEV-ES-support.patch [bz#1957194] - kvm-qga-drop-StandardError-syslog.patch [bz#1947977] - kvm-Remove-iscsi-support.patch [bz#1967133] - Resolves: bz#1967502 ([aarch64] [qemu] Compile the PCIe expander bridge) - Resolves: bz#1974795 ([RHEL9-beta] [aarch64] Launch guest with virtio-gpu-pci and virtual smmu causes 'virtio_gpu_dequeue_ctrl_func' ERROR) - Resolves: bz#1957194 (Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta) - Resolves: bz#1947977 (remove StandardError=syslog from qemu-guest-agent.service) - Resolves: bz#1967133 (QEMU: disable libiscsi in RHEL-9) [6.0.0-6] - kvm-yank-Unregister-function-when-using-TLS-migration.patch [bz#1972462] - kvm-pc-bios-s390-ccw-don-t-try-to-read-the-next-block-if.patch [bz#1957194] - kvm-redhat-Install-the-s390-netboot.img-that-we-ve-built.patch [bz#1957194] - kvm-sockets-update-SOCKET_ADDRESS_TYPE_FD-listen-2-backl.patch [bz#1957194] - kvm-target-i386-sev-add-support-to-query-the-attestation.patch [bz#1957194] - kvm-spapr-Don-t-hijack-current_machine-boot_order.patch [bz#1957194] - kvm-target-i386-Add-CPU-model-versions-supporting-xsaves.patch [bz#1957194] - kvm-spapr-Remove-stale-comment-about-power-saving-LPCR-b.patch [bz#1957194] - kvm-spapr-Set-LPCR-to-current-AIL-mode-when-starting-a-n.patch [bz#1957194] - Specfile cleanup [bz#1973029] - Resolves: bz#1972462 (QEMU core dump when doing TLS migration via TCP) - Resolves: bz#1957194 (Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta) - Resolves: bz#1973029 (Spec file cleanups) [6.0.0-5] - kvm-arm-virt-Register-highmem-and-gic-version-as-class-p.patch [bz#1952449] - kvm-hw-arm-virt-Add-8.5-and-9.0-machine-types-and-remove.patch [bz#1952449] - kvm-aarch64-rh-devices-add-CONFIG_PVPANIC_PCI.patch [bz#1747467] - kvm-spec-Do-not-build-qemu-kvm-block-gluster.patch [bz#1964795] - kvm-spec-Do-not-link-pcnet-and-ne2k_pci-roms.patch [bz#1965961] - kvm-redhat-s390x-add-rhel-8.5.0-compat-machine.patch [bz#1957194] - kvm-redhat-add-missing-entries-in-hw_compat_rhel_8_4.patch [bz#1957194] - kvm-redhat-Define-pseries-rhel8.5.0-machine-type.patch [bz#1957194] - kvm-virtio-net-failover-add-missing-remove_migration_sta.patch [bz#1957194] - kvm-hw-arm-virt-Disable-PL011-clock-migration-through-hw.patch [bz#1957194] - kvm-virtio-blk-Fix-rollback-path-in-virtio_blk_data_plan.patch [bz#1957194] - kvm-virtio-blk-Configure-all-host-notifiers-in-a-single-.patch [bz#1957194] - kvm-virtio-scsi-Set-host-notifiers-and-callbacks-separat.patch [bz#1957194] - kvm-virtio-scsi-Configure-all-host-notifiers-in-a-single.patch [bz#1957194] - kvm-hw-arm-smmuv3-Another-range-invalidation-fix.patch [bz#1957194] - Resolves: bz#1952449 ([aarch64] define RHEL9 machine types) - Resolves: bz#1747467 ([aarch64] [qemu] PVPANIC support) - Resolves: bz#1964795 (Remove qemu-kvm-block-gluster package) - Resolves: bz#1965961 (Remove links to not build roms) - Resolves: bz#1957194 (Synchronize RHEL-AV 8.5.0 changes to RHEL 9.0.0 Beta) [6.0.0-4] - kvm-s390x-redhat-disable-experimental-3270-device.patch - Resolves: bz#1962479 (Disable the 'x-terminal3270' device in qemu-kvm on s390x) [6.0.0-3] - kvm-hw-s390x-Remove-the-RHEL7-only-machine-type.patch [bz#1944730] - Resolves: bz#1944730 (Remove RHEL7 machine type (s390-ccw-virtio-rhel7.5.0)) [6.0.0-2] - kvm-Remove-message-with-running-VM-count.patch [bz#1914461] - kvm-Remove-SPICE-and-QXL-from-x86_64-rh-devices.mak.patch [bz#1906168] - kvm-spec-file-build-qemu-kvm-without-SPICE-and-QXL.patch [bz#1906168] - kvm-spec-file-Obsolete-qemu-kvm-ui-spice.patch [bz#1906168] - Resolves: bz#1914461 (Remove KVM guest count and limit info message) - Resolves: bz#1906168 ([RHEL-9] qemu-kvm spec-file: Do not BuildRequire spice) [6.0.0-1] - Rebase to QEMU 6.0 - Resolves: bz#1872569 [5.2.0-16] - kvm-Limit-build-on-Power-to-qemu-img-and-qemu-ga-only.patch [bz#1944056] - Resolves: bz#1944056 (Do not build qemu-kvm for Power) [15:5.2.0-15] - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 [5.2.0-14.el8] - kvm-vhost-user-blk-fix-blkcfg-num_queues-endianness.patch [bz#1937004] - kvm-block-export-fix-blk_size-double-byteswap.patch [bz#1937004] - kvm-block-export-use-VIRTIO_BLK_SECTOR_BITS.patch [bz#1937004] - kvm-block-export-fix-vhost-user-blk-export-sector-number.patch [bz#1937004] - kvm-block-export-port-virtio-blk-discard-write-zeroes-in.patch [bz#1937004] - kvm-block-export-port-virtio-blk-read-write-range-check.patch [bz#1937004] - kvm-spec-ui-spice-sub-package.patch [bz#1936373] - kvm-spec-ui-opengl-sub-package.patch [bz#1936373] - Resolves: bz#1937004 (vhost-user-blk server endianness and input validation fixes) - Resolves: bz#1936373 (move spice & opengl modules to rpm subpackages) MODERATE Copyright 2023 Oracle, Inc. CVE-2022-3165 CVE-2022-4172 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_base Oracle Linux 9 [20221207gitfff6d81270b5-9] - edk2-remove-amd-sev-feature-flag-from-secure-boot-builds-.patch [bz#2169247] - Resolves: bz#2169247 ([edk2] Install a sev guest with enrolled secure boot failed) [20221207gitfff6d81270b5-8] - edk2-OvmfPkg-disable-dynamic-mmio-window-rhel-only.patch [bz#2174605] - Resolves: bz#2174605 ([EDK2] disable dynamic mmio window) [20221207gitfff6d81270b5-7] - edk2-Revert-MdeModulePkg-TerminalDxe-add-other-text-resol.patch [bz#2162307] - Resolves: bz#2162307 (Broken GRUB output on a serial console) [20221207gitfff6d81270b5-6] - edk2-update-build-script-rhel-only.patch [bz#2168046] - edk2-update-build-config-rhel-only.patch [bz#2168046] - edk2-add-release-date-to-builds-rh-only.patch [bz#2168046] - edk2-openssl-update.patch [bz#2164534 bz#2164550 bz#2164565 bz#2164583] - edk2-rh-openssl-add-crypto-bn-rsa_sup_mul.c-to-file-list.patch [bz#2164534 bz#2164550 bz#2164565 bz#2164583] - Resolves: bz#2168046 ([SVVP] job 'Check SMBIOS Table Specific Requirements' failed on win2022) - Resolves: bz#2164534 (CVE-2023-0286 edk2: openssl: X.400 address type confusion in X.509 GeneralName [rhel-9]) - Resolves: bz#2164550 (CVE-2022-4304 edk2: openssl: timing attack in RSA Decryption implementation [rhel-9]) - Resolves: bz#2164565 (CVE-2023-0215 edk2: openssl: use-after-free following BIO_new_NDEF [rhel-9]) - Resolves: bz#2164583 (CVE-2022-4450 edk2: openssl: double free after calling PEM_read_bio_ex [rhel-9]) [20221207gitfff6d81270b5-5] - edk2-Revert-ArmVirtPkg-ArmVirtQemu-enable-initial-ID-map-.patch [bz#2157656] - Resolves: bz#2157656 ([edk2] [aarch64] Unable to initialize EFI firmware when using edk2-aarch64-20221207gitfff6d81270b5-1.el9 in some hardwares) [20221207gitfff6d81270b5-4] - edk2-ArmVirt-don-t-use-unaligned-CopyMem-on-NOR-flash.patch [bz#2158173] - Resolves: bz#2158173 ([aarch64][numa] Failed to create 2 numa nodes in some hardwares) [20221207gitfff6d81270b5-3] - edk2-OvmfPkg-VirtNorFlashDxe-map-flash-memory-as-uncachea.patch [bz#2158173] - edk2-MdePkg-Remove-Itanium-leftover-data-structure-RH-onl.patch [bz#1983086] - Resolves: bz#2158173 ([aarch64][numa] Failed to create 2 numa nodes in some hardwares) - Resolves: bz#1983086 (Assertion failure when creating 1024 VCPU VM: [...]UefiCpuPkg/CpuMpPei/CpuBist.c(186): !EFI_ERROR (Status)) [20221207gitfff6d81270b5-2] - edk2-use-rpm-build-flags-rh-only.patch [RHEL-177] - Resolves: RHEL-177 (Enable GNU_RELRO security protection) [20221207gitfff6d81270b5-1] - Rebase to edk2-stable202211 tag Resolves: RHEL-119 (rebase edk2 to edk2-stable202211) - Resolves: RHEL-75 (edk2 builds should show the build version) - Resolves: bz#2132951 (edk2: Sort traditional virtualization builds before Confidential Computing builds) [20220826gitba0e0e4c6a-2] - edk2-MdeModulePkg-PiSmmCore-SmmEntryPoint-underflow-CVE-2.patch [bz#1989857] - Resolves: bz#1989857 (CVE-2021-38578 edk2: integer underflow in SmmEntryPoint function leads to potential SMM privilege escalation [rhel-9.0]) [ 0220826gitba0e0e4c6a-1] - Rebase to edk2-stable202208 tag [RHELX-59] Resolves: RHELX-59 (rebase edk2 to 2022-08 stable tag) [20220526git16779ede2d36-4] - edk2-OvmfPkg-QemuVideoDxe-fix-bochs-mode-init.patch [RHELX-58] - Resolves: RHELX-58 (Guest console turns black with uefi rhel guests and stdvga) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2021-38578 CVE-2022-4450 CVE-2023-0286 CVE-2023-0215 CVE-2022-4304 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:2:appstream_base Oracle Linux 9 [3.0.21-37] - Fix defect found by covscan Resolves: #2151705 [3.0.21-36] - Fix multiple CVEs Resolves: #2151705 Resolves: #2151703 Resolves: #2151707 [3.0.21-35] - Rebuild to add subpackages to CRB report Resolves: #2126380 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-41860 CVE-2022-41859 CVE-2022-41861 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder_developer cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream_developer Oracle Linux 9 [9.0.9-2] - resolve CVE-2022-39229 grafana: Using email as a username can prevent other users from signing in - resolve CVE-2022-2880 CVE-2022-41715 grafana: various flaws [9.0.9-1] - update to 9.0.9 tagged upstream community sources, see CHANGELOG - resolve CVE-2022-35957 grafana: Escalation from admin to server admin when auth proxy is used (rhbz#2125530) [9.0.8-2] - bump NVR [9.0.8-1] - update to 9.0.8 tagged upstream community sources, see CHANGELOG - do not list /usr/share/grafana/conf twice - drop makefile in favor of create_bundles.sh script - sync provides/obsoletes with CentOS versions - drop husky patch MODERATE Copyright 2023 Oracle, Inc. CVE-2022-41715 CVE-2022-39229 CVE-2022-2880 CVE-2022-27664 CVE-2022-35957 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base Oracle Linux 9 [5.1.1-1] - update to 5.1.1 tagged upstream community sources, see CHANGELOG - resolve CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY [5.0.0-4] - update to 5.0.0 tagged upstream community sources, see CHANGELOG - install plugin in /usr/share and create symlink from /var using systemd-tmpfiles to work on rpm-ostree based distributions - revert the breaking change (change of internal plugin IDs) of upstream v5.0.0, i.e. there are no breaking changes when performing this upgrade - enable Go modules in build process - make vendor and webpack tarballs reproducible - drop makefile in favor of create_bundles.sh script MODERATE Copyright 2023 Oracle, Inc. CVE-2022-27664 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base Oracle Linux 9 [9.2-1] - Rebase to ntfs-3g 2022.5.17 - Fixes: CVE-2021-46790, CVE-2022-30783, CVE-2022-30784, CVE-2022-30785, CVE-2022-30786, CVE-2022-30787, CVE-2022-30788, CVE-2022-30789 resolves: rhbz#2127235 rhbz#2127242 (also 2127264 2127250 2127257) MODERATE Copyright 2023 Oracle, Inc. CVE-2021-46790 CVE-2022-30788 CVE-2022-30789 CVE-2022-30784 CVE-2022-30786 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base Oracle Linux 9 [8.3.1-5] - Resolves: #2147522 - It is not possible to run FRR as a non-root user [8.3.1-4] - Resolves: #2144500 - AVC error when reloading FRR with provided reload script [8.3.1-3] - Related: #2129743 - Adding missing rules for vtysh and other daemons [8.3.1-2] - Resolves: #2128738 - out-of-bounds read in the BGP daemon may lead to information disclosure or denial of service [8.3.1-1] - Resolves: #2129731 - Rebase FRR to the latest version - Resolves: #2129743 - Add targeted SELinux policy for FRR - Resolves: #2127494 - BGP incorrectly withdraws routes on graceful restart capable routers MODERATE Copyright 2023 Oracle, Inc. CVE-2022-37032 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base Oracle Linux 9 cockpit-composer [45-1.0.1] - Make per page documentation links point to Oracle Linux [Orabug: 32013095], [Orabug:34398922] [45-1] - New upstream release [44-1] - New upstream release [43-1] - New upstream release [42-1] - New upstream release osbuild [81-1] - New upstream release [80-1] - New upstream release [79-1] - New upstream release [78-1] - New upstream release [77-1] - New upstream release [76-1] - New upstream release [75-1] - New upstream release [74-1] - New upstream release [73-1] - New upstream release [72-1] - New upstream release [71-1] - New upstream release [70-1] - New upstream release [69-1] - New upstream release osbuild-composer [76-2] - distro/rhel: add payload repos to os package set (rhbz#2177699) - Manifest: always set kernel options in grub2 stage (rhbz#2162299) [76-1] - New upstream release [75-1] - New upstream release [74-1] - New upstream release [73-1] - New upstream release [72-1] - New upstream release [71-1] - New upstream release [70-1] - New upstream release [69-1] - New upstream release [68-1] - New upstream release [67-2] - Fix functional tests to make them pass in RHEL-9.2 gating [67-1] - New upstream release [62-1] - New upstream release [60-1] - New upstream release [59-1] - New upstream release [58-1] - New upstream release [57-1] - New upstream release [55-1] - New upstream release [54-1] - New upstream release [53-1] - New upstream release [51-1] - New upstream release [46-1] - New upstream release [45-1] - New upstream release [44-1] - New upstream release [43-1] - New upstream release [42-1] - New upstream release [41-1] - New upstream release [40-1] - New upstream release [39-1] - New upstream release [38-1] - New upstream release * Tue Nov 02 2021 lavocatt - 37-1 - New upstream release [36-1] - New upstream release [33-1] - New upstream release [32-1] - New upstream release [31-1] - New upstream release [30-2] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [30-1] - New upstream release [29-3] - Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065 [29-2] - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 weldr-client [35.9-1] - Copy rhel-92.json test repository from osbuild-composer - Update osbuild-composer test repositories from osbuild-composer - New release: 35.9 (bcl) Resolves: rhbz#2164560 - tests: Replace os.MkdirTemp with t.TempDir (bcl) - blueprint save: Allow overriding bad blueprint names (bcl) - tests: Clean up checking err in tests (bcl) - composer-cli: Implement blueprints diff (bcl) - saveBlueprint: Return the filename to the caller (bcl) - composer-cli: Add tests for using --commit with old servers (bcl) - weldr: Return error about the blueprints change route (bcl) - weldr: Save the http status code as part of APIResponse (bcl) - Add --commit support to blueprints save (bcl) - Add --commit to blueprints show (bcl) - gitleaks: Exclude the test password used in tests (bcl) - ci: add tags to AWS instances (tlavocat) - Update github.com/BurntSushi/toml to 1.2.1 - Update github.com/stretchr/testify to 1.8.1 - Update bump github.com/spf13/cobra to 1.6.1 - New release: 35.8 (bcl) - completion: Remove providers from bash completion script (bcl) - completion: Filter out new headers from compose list (bcl) - docs: Remove unneeded Long descriptions (bcl) - docs: Use a custom help template (bcl) - docs: Add more command documentation (bcl) - cmdline: Add package glob support to modules list command (bcl) - workflow: Add govulncheck on go v1.18 (bcl) - tests: Update to use golangci-lint 1.49.0 (bcl) - New release: 35.7 (bcl) - spec: Move %gometa macro above %gourl (bcl) - weldr: When starting a compose pass size as bytes, not MiB (bcl) - tests: Use correct size value in bytes for test (bcl) - workflow: Add Go 1.18 to text matrix (bcl) - Replace deprecated ioutil functions (bcl) - New release: 35.6 (bcl) - tests: Update tests for osbuild-composer changes (bcl) - CMD: Compose status format (eloy.coto) - CMD: Compose list format (eloy.coto) - tests: Update tests to check for JSON list output (bcl) - composer-cli: Change JSON output to be a list of objects (bcl) - weldr: Simplify the old ComposeLog, etc. functions (bcl) - composer-cli: Add --filename to blueprints freeze save command (bcl) - composer-cli: Add --filename to blueprints save command (bcl) - composer-cli: Add --filename to compose logs command (bcl) - composer-cli: Add --filename to compose image command (bcl) - composer-cli: Add --filename to compose metadata command (bcl) - composer-cli: Add --filename to compose results command (bcl) - weldr: Add saving to a new filename to GetFilePath function (bcl) - github: Fix issue with codecov and forced pushes in PRs (bcl) - Use golangci-lint 1.45.2 in workflow (bcl) - Run workflow tests for go 1.16.x and 1.17.x (bcl) - Move go.mod to go 1.16 (bcl) - workflows/trigger-gitlab: run Gitlab CI in new image-builder project (jrusz) - Update GitHub actions/setup-go to 3 - Update GitHub actions/checkout to 3 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-41715 CVE-2022-27664 CVE-2022-2879 CVE-2022-2880 CVE-2022-41717 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base Oracle Linux 9 [2.42.6-3] - Backport fixes for CVE-2021-46829 and CVE-2021-44648 - Resolves: rhbz#2115213 - Resolves: rhbz#2044346 MODERATE Copyright 2023 Oracle, Inc. CVE-2021-46829 CVE-2021-44648 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [2:2.1.7-1] - update to https://github.com/containers/conmon/releases/tag/v2.1.7 - Resolves: #2173697 [2:2.1.6-1] - update to https://github.com/containers/conmon/releases/tag/v2.1.6 - Related: #2124478 [2:2.1.5-1] - update to https://github.com/containers/conmon/releases/tag/v2.1.5 - Related: #2124478 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-41717 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_base Oracle Linux 9 [12.5.4-5.0.1] - add mpstat -H option to also display physically hotplugged vCPUs [Orabug: 34683087] [12.5.4-5] - Fix --dec argument validation (rhbz#2080650) [12.5.4-4] - arithmetic overflow in allocate_structures() on 32 bit systems (CVE-2022-39377) MODERATE Copyright 2023 Oracle, Inc. CVE-2022-39377 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base Oracle Linux 9 [1.20.11-17] - Fix xvfb-run script with --listen-tcp Resolves: rhbz#2172116 [1.20.11-16] - CVE-2023-0494 (#2166973) [1.20.11-15] - Follow-up fix for CVE-2022-46340 (#2151776) [1.20.11-14] - CVE fix for: CVE-2022-4283 (#2151801), CVE-2022-46340 (#2151776), CVE-2022-46341 (#2151781), CVE-2022-46342 (#2151788), CVE-2022-46343 (#2151791), CVE-2022-46344 (#2151798) [1.20.11-13] - Drop dependency on xorg-x11-font-utils, it was only there for one pkgconfig query for a variable that never changes value (#2148292) [1.20.11-12] - Fix CVE-2022-3550, CVE-2022-3551 Resolves: rhbz#2140768, rhbz#2140773 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-46343 CVE-2023-0494 CVE-2022-3551 CVE-2022-46341 CVE-2022-46342 CVE-2022-46344 CVE-2022-3550 CVE-2022-46340 CVE-2022-4283 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder_developer cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream_developer Oracle Linux 9 [21.1.3-7] - Fix CVE-2023-0494 (#2166974) [21.1.3-6] - Follow-up fix for CVE-2022-46340 (#2151778) [21.1.3-5] - CVE fix for: CVE-2022-4283 (#2151803), CVE-2022-46340 (#2151778), CVE-2022-46341 (#2151783), CVE-2022-46342 (#2151786), CVE-2022-46343 (#2151793), CVE-2022-46344 (#2151796) [ 21.1.3-4] - Fix CVE-2022-3550, CVE-2022-3551 Resolves: rhbz#2140769, rhbz#2140771 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-0494 CVE-2022-46342 CVE-2022-3550 CVE-2022-46344 CVE-2022-46343 CVE-2022-46340 CVE-2022-4283 CVE-2022-3551 CVE-2022-46341 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::distro_builder cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base Oracle Linux 9 [1.29.1-1.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178] [1:1.29.1-1] - update to the latest content of https://github.com/containers/buildah/tree/release-1.29 (https://github.com/containers/buildah/commit/7fa17a8) - Related: #2124478 [1:1.29.0-3] - update to the latest content of https://github.com/containers/buildah/tree/release-1.29 (https://github.com/containers/buildah/commit/c822cc6) - Related: #2124478 [1:1.29.0-2] - update to the latest content of https://github.com/containers/buildah/tree/release-1.29 (https://github.com/containers/buildah/commit/94b723c) - Related: #2124478 [1:1.29.0-1] - update to the latest content of https://github.com/containers/buildah/tree/release-1.29.0 (https://github.com/containers/buildah/commit/94b723c) - Related: #2124478 [1:1.29.0-0.4] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/078a7ff) - Related: #2124478 [1:1.29.0-0.3] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/4b72f05) - Related: #2124478 [1:1.29.0-0.2] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/c541c35) - Related: #2124478 [1:1.29.0-0.1] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/8ca903b) - Related: #2124478 [1:1.28.2-3] - update to the latest content of https://github.com/containers/buildah/tree/release-1.28 (https://github.com/containers/buildah/commit/cfefbb6) - fixes segmentation fault on s390x - Resolves: #2150429 [1:1.28.2-2] - update to the latest content of https://github.com/containers/buildah/tree/release-1.28 (https://github.com/containers/buildah/commit/7e4d9dd) - Resolves: #2151247 [1:1.28.2-1] - update to https://github.com/containers/buildah/releases/tag/v1.28.2 - Related: #2124478 [1:1.28.0-2] - pull in crun by default - Resolves: #2142494 [1:1.28.0-1] - update to https://github.com/containers/buildah/releases/tag/v1.28.0 - Related: #2124478 [1:1.27.0-2] - fix CVE-2022-2990 - Related: #2061316 [1:1.27.0-1] - update to https://github.com/containers/buildah/releases/tag/v1.27.0 - Related: #2061316 [1:1.26.4-2] - add buildah-tutorial to test subpackage - Related: #2061316 [1:1.26.4-1] - update to https://github.com/containers/buildah/releases/tag/v1.26.4 - Related: #2061316 [1:1.26.3-1] - update to https://github.com/containers/buildah/releases/tag/v1.26.3 - Related: #2061316 [1:1.26.2-1] - update to https://github.com/containers/buildah/releases/tag/v1.26.2 - Related: #2061316 [1:1.26.1-4] - Re-enable LTO and debuginfo - Related: #2061316 [1:1.26.1-3] - BuildRequires: /usr/bin/go-md2man - Related: #2061316 [1:1.26.1-2] - Add missing container networking dependencies (thanks to Neal Gompa) - Related: #2061316 [1:1.26.1-1] - update to https://github.com/containers/buildah/releases/tag/v1.26.1 - Related: #2061316 [1:1.25.1-1] - update to https://github.com/containers/buildah/releases/tag/v1.25.1 - Related: #2061316 [1:1.25.0-1] - update to https://github.com/containers/buildah/releases/tag/v1.25.0 - Related: #2061316 [1:1.24.2-2] - Add patch to fix bash symtax for gating tests - Upstream PR: https://github.com/containers/buildah/pull/3792 - Related: #2000051 [1:1.24.2-1] - update to https://github.com/containers/buildah/releases/tag/v1.24.2 - Related: #2000051 [1:1.24.1-1] - update to https://github.com/containers/buildah/releases/tag/v1.24.1 - Related: #2000051 [1:1.24.0-1] - update to https://github.com/containers/buildah/releases/tag/v1.24.0 - Related: #2000051 [1:1.24.0-0.52] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/718f2b4) - Related: #2000051 [1:1.24.0-0.51] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/2189882) - Related: #2000051 [1:1.24.0-0.50] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/4b3aaee) - Related: #2000051 [1:1.24.0-0.49] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/da00c99) - Related: #2000051 [1:1.24.0-0.48] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/7bcca21) - Related: #2000051 [1:1.24.0-0.47] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/60880a7) - Related: #2000051 [1:1.24.0-0.46] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/031e72c) - Related: #2000051 [1:1.24.0-0.45] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/b3798a1) - Related: #2000051 [1:1.24.0-0.44] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/4b22fc5) - Related: #2000051 [1:1.24.0-0.43] - add required test files - Related: #2000051 [1:1.24.0-0.42] - basically, bring in from RHEL8 container-tools module, remove podman & skopeo, and bang at it until it works. (Ed Santiago) - Related: #2000051 [1:1.24.0-0.41] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/9591a8d) - Related: #2000051 [1:1.24.0-0.40] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/0bd4dd1) - Related: #2000051 [1:1.24.0-0.39] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/c5ef5c0) - Related: #2000051 [1:1.24.0-0.38] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/c7e45ed) - Related: #2000051 [1:1.24.0-0.37] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/1f1b960) - Related: #2000051 [1:1.24.0-0.36] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/de86fab) - Related: #2000051 [1:1.24.0-0.35] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/6d01253) - Related: #2000051 [1:1.24.0-0.34] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/2711b85) - Related: #2000051 [1:1.24.0-0.33] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/dc7625a) - Related: #2000051 [1:1.24.0-0.32] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/8b79d8b) - Related: #2000051 [1:1.24.0-0.31] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/b768318) - Related: #2000051 [1:1.24.0-0.30] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/78a1d08) - Related: #2000051 [1:1.24.0-0.29] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/68cd602) - Related: #2000051 [1:1.24.0-0.28] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/50ebc90) - Related: #2000051 [1:1.24.0-0.27] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/e3283ab) - Related: #2000051 [1:1.24.0-0.26] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/96e1871) - Related: #2000051 [1:1.24.0-0.25] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/ecd7474) - Related: #2000051 [1:1.24.0-0.24] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/a381063) - Related: #2000051 [1:1.24.0-0.23] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/f36d1f2) - Related: #2000051 [1:1.24.0-0.22] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/639320e) - Related: #2000051 [1:1.24.0-0.21] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/762cf6f) - Related: #2000051 [1:1.24.0-0.20] - respect Epoch in subpackage dependencies - Related: #2000051 [1:1.24.0-0.19] - bump Epoch to preserve upgrade path - Related: #2000051 [1.24.0-0.18] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/982717a) - Related: #2000051 [1.24.0-0.17] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/e47f4a1) - Related: #2000051 [1.24.0-0.16] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/211972a) - Related: #2000051 [1.24.0-0.15] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/c044ad6) - Related: #2000051 [1.24.0-0.14] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/7807a0e) - Related: #2000051 [1.24.0-0.13] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/0cd9445) - Related: #2000051 [1.24.0-0.12] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/954c481) - Related: #2000051 [1.24.0-0.11] - include all man pages - Related: #2000051 [1.24.0-0.10] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/d2ef199) - Related: #2000051 [1.24.0-0.9] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/455f2f1) - Related: #2000051 [1.24.0-0.8] - add gating.yaml - Related: #2000051 [1.24.0-0.7] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/5b0de7b) - Related: #2000051 [1.24.0-0.6] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/9a49348) - Related: #2000051 [1.24.0-0.5] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/a72aad4) - Related: #2000051 [1.24.0-0.4] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/b8757e9) - Related: #2000051 [1.24.0-0.3] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/4c287d1) - Related: #2000051 [1.24.0-0.2] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/753716a) - Related: #2000051 [1.24.0-0.1] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/69b3e56) - Related: #2000051 [1.23.0-0.3] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/8657d7e) - Related: #2000051 [1.23.0-0.2] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/0346b38) - Related: #2000051 [1.23.0-0.1] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/a5aba5c) - Related: #2000051 [1.22.3-1] - update to the latest content of https://github.com/containers/buildah/tree/release-1.22 (https://github.com/containers/buildah/commit/4d20222) - Related: #2000051 [1.22.0-3] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [1.22.0-2] - update to the latest content of https://github.com/containers/buildah/tree/release-1.22 (https://github.com/containers/buildah/commit/71b8003) - Related: #1970747 [1.22.0-1] - update to 1.22.0 release and switch to the release-1.22 maint branch - Related: #1970747 [1.22.0-0.4] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/56ff12f) - Related: #1970747 [1.22.0-0.3] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/f517d85) - Related: #1970747 [1.22.0-0.2] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/42dbc97) - Related: #1970747 [1.22.0-0.1] - switch to main branch - Related: #1970747 [1.21.4-2] - add buildah-copy helper - Related: #1970747 [1.21.4-1] - update to the latest content of https://github.com/containers/buildah/tree/release-1.21 (https://github.com/containers/buildah/commit/9c83683) - Related: #1970747 [1.21.3-2] - update to the latest content of https://github.com/containers/buildah/tree/release-1.21 (https://github.com/containers/buildah/commit/30a10f3) - Related: #1970747 [1.21.3-1] - update to the latest content of https://github.com/containers/buildah/tree/release-1.21 (https://github.com/containers/buildah/commit/7f9540d) - Related: #1970747 [1.21.1-1] - update to buildah 1.21.1 from the release-1.21 upstream branch - Related: #1970747 [1.22.0-0.17] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/ecfcde2) - Related: #1970747 [1.22.0-0.16] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/3ed5d8e) - Related: #1970747 [1.22.0-0.15] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/c7d828f) - Related: #1970747 [1.22.0-0.14] - 'buildah version' produces correct output - Related: #1970747 [1.22.0-0.13] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/6bc611d) - Related: #1970747 [1.22.0-0.12] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/3a0b52f) - Related: #1970747 [1.22.0-0.11] - switch master -> main - Related: #1970747 [1.22.0-0.10] - update to the latest content of https://github.com/containers/buildah/tree/master (https://github.com/containers/buildah/commit/6d5d1ae) - Related: #1970747 [1.22.0-0.9] - Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065 [1.22.0-0.8] - update to the latest content of https://github.com/containers/buildah/tree/master (https://github.com/containers/buildah/commit/802a904) - Related: #1970747 [1.22.0-0.7] - update to the latest content of https://github.com/containers/buildah/tree/master (https://github.com/containers/buildah/commit/5181b9c) - Related: #1970747 [1.22.0-0.6] - update to the latest content of https://github.com/containers/buildah/tree/master (https://github.com/containers/buildah/commit/814868e) - Related: #1970747 [1.22.0-0.5] - update to the latest content of https://github.com/containers/buildah/tree/master (https://github.com/containers/buildah/commit/30c07b7) - Related: #1970747 [1.22.0-0.4] - update to the latest content of https://github.com/containers/buildah/tree/master (https://github.com/containers/buildah/commit/d99221f) - Related: #1970747 [1.22.0-0.3] - update to the latest content of https://github.com/containers/buildah/tree/master (https://github.com/containers/buildah/commit/8d08247) - Related: #1970747 [1.22.0-0.2] - update buildah - Related: #1970747 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-41717 CVE-2022-30629 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_base Oracle Linux 9 [2.38.5-1] - Update to 2.38.5 Related: #2127467 [2.38.4-1] - Update to 2.38.4 Related: #2127467 [2.38.3-1] - Update to 2.38.3 Related: #2127467 [2.38.2-1] - Update to 2.38.2 Related: #2127467 [2.38.1-2] - Fix use with aarch64 64 KiB page size Related: #2127467 [2.38.1-1] - Update to 2.38.1 Resolves: #2127467 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-32923 CVE-2022-42799 CVE-2023-23517 CVE-2022-32888 CVE-2022-42824 CVE-2022-46691 CVE-2022-42823 CVE-2022-46698 CVE-2023-25358 CVE-2022-32886 CVE-2022-42826 CVE-2022-42852 CVE-2022-46699 CVE-2022-46700 CVE-2023-25363 CVE-2022-46692 CVE-2023-25360 CVE-2023-25361 CVE-2023-23518 CVE-2022-42867 CVE-2022-42863 CVE-2023-25362 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base Oracle Linux 9 [1.12.0-13] - xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability Resolves: bz#2180309 [1.12.0-12] - SELinux: allow vncsession create .vnc directory Resolves: bz#2164703 [1.12.0-11] - Add sanity check when cleaning up keymap changes Resolves: bz#2169965 [1.12.0-10] - xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation Resolves: bz#2167061 [1.12.0-9] - Rebuild for xorg-x11-server CVE-2022-46340 follow up fix [1.12.0-8] - Rebuild for xorg-x11-server CVEs Resolves: CVE-2022-4283 (bz#2154234) Resolves: CVE-2022-46340 (bz#2154221) Resolves: CVE-2022-46341 (bz#2154224) Resolves: CVE-2022-46342 (bz#2154226) Resolves: CVE-2022-46343 (bz#2154228) Resolves: CVE-2022-46344 (bz#2154230) [1.12.0-7] - x0vncserver: add new keysym in case we don't find matching keycode + actually apply the patch Resolves: bz#2119017 [1.12.0-6] - x0vncserver: add new keysym in case we don't find matching keycode Resolves: bz#2119017 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-46340 CVE-2022-4283 CVE-2022-46341 CVE-2022-46342 CVE-2022-46343 CVE-2022-46344 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_base Oracle Linux 9 [1.1.4-6] - Fix CVE-2022-40023 (#2133606) MODERATE Copyright 2023 Oracle, Inc. CVE-2022-40023 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [21.01.0-14] - Check for overflow when computing number of symbols - in JBIG2 text region - Resolves: #2126364 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-38784 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder_developer cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream_developer Oracle Linux 9 [1.18.4-6] - Fixes for CVE-2022-1920, CVE-2022-1921, CVE-2022-1922, CVE-2022-1923, CVE-2022-1924, CVE-2022-1925, CVE-2022-2122 Resolves: rhbz#2131034, rhbz#2131039, rhbz#2131045, rhbz#2131049, rhbz#2131054, rhbz#2131060, rhbz#2131064 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-1921 CVE-2022-1920 CVE-2022-1925 CVE-2022-1924 CVE-2022-1922 CVE-2022-1923 CVE-2022-2122 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base Oracle Linux 9 [32:9.16.23-11] - Correct backport issue in statistics rendering fix (#2126912) [32:9.16.23-10] - Handle subtle difference between upstream and rhel (CVE-2022-3094) [32:9.16.23-9] - Prevent flooding with UPDATE requests (CVE-2022-3094) - Handle RRSIG queries when server-stale is active (CVE-2022-3736) - Fix crash when soft-quota is reached and serve-stale is active (CVE-2022-3924) [32:9.16.23-8] - Correct regression preventing bind-dyndb-ldap build (#2162795) [32:9.16.23-7] - Prevent freeing zone during statistics rendering (#2101712) [32:9.16.23-6] - Bound the amount of work performed for delegations (CVE-2022-2795) - Add /usr/lib64/named to bind-chroot (#2129466) MODERATE Copyright 2023 Oracle, Inc. CVE-2022-3924 CVE-2022-2795 CVE-2022-3094 CVE-2022-3736 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder_developer cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream_developer Oracle Linux 9 [4.4.1-3.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404] [2:4.4.1-3] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel (https://github.com/containers/podman/commit/e1703bb) - Related: #2124478 [2:4.4.1-2] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel (https://github.com/containers/podman/commit/0b38633) - Related: #2124478 [2:4.4.1-1] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel (https://github.com/containers/podman/commit/d4e285a) - Related: #2124478 [2:4.4.1-0.1] - update to the latest content of https://github.com/containers/podman/tree/v4.4 (https://github.com/containers/podman/commit/f5670f0) - Related: #2124478 [2:4.4.0-1] - update to podman-4.4 release - Related: #2124478 [2:4.4.0-0.10] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/68bbdc2) - Related: #2124478 [2:4.4.0-0.9] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/323b515) - Related: #2124478 [2:4.4.0-0.8] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/c35e74f) - Related: #2124478 [2:4.4.0-0.7] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/ce504bb) - Related: #2124478 [2:4.4.0-0.6] - add quadlet to tests - Related: #2124478 [2:4.4.0-0.5] - obsolete podman-catatonit in order to not to file conflict with catatonit - Related: #2124478 [2:4.4.0-0.4] - build v4.4.0-rc2 - Related: #2124478 [2:4.4.0-0.3] - remove podman-machine-cni, it is now part of podman 4.0 or newer - Related: #2124478 [2:4.4.0-0.2] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/07ba51d) - update gvisor-tap-vsock to 0.5.0 - Related: #2124478 [2:4.4.0-0.1] - podman-4.4.0-rc1 - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/f1af5b3) - Related: #2124478 [2:4.3.1-4] - podman shouldn't provide and file conflict with catatonit in CRB - Resolves: #2151322 [2:4.3.1-3] - fix 'podman manifest add' is not concurrent safe - Resolves: #2105173 [2:4.3.1-2] - properly obsolete catatonit - Resolves: #2123319 [2:4.3.1-1] - update to https://github.com/containers/podman/releases/tag/v4.3.1 - Related: #2124478 [2:4.3.0-2] - rebuild to fix CVE-2022-30629 - Related: #2102994 [2:4.3.0-1] - update to https://github.com/containers/podman/releases/tag/v4.3.0 - Related: #2124478 [2:4.2.0-3] - fix dependency in test subpackage - Related: #2061316 [2:4.2.0-2] - readd catatonit - Related: #2061316 [2:4.2.0-1] - update to latest content of https://github.com/containers/podman/releases/tag/4.2.0 (https://github.com/containers/podman/commit/7fe5a419cfd2880df2028ad3d7fd9378a88a04f4) - Related: #2061316 [2:4.2.0-0.3rc3] - require catatonit for gating tests - Related: #2061316 [2:4.2.0-0.2rc3] - update to 4.2.0-rc3 - Related: #2061316 [2:4.2.0-0.1rc2] - update to 4.2.0-rc2 - Related: #2061316 [2:4.1.1-6] - convert catatonit dependency to soft dep as catatonit is no longer in Appstream but in CRB - Related: #2061316 [2:4.1.1-5] - rebuild for combined gating with catatonit - Related: #2097694 [2:4.1.1-4] - catatonit is now a standalone package - Related: #2097694 [2:4.1.1-3] - update to the latest content of https://github.com/containers/podman/tree/v4.1.1-rhel (https://github.com/containers/podman/commit/fa692a6) - Related: #2097694 [2:4.1.1-2] - be sure podman services/sockets are stopped upon package removal - Related: #2061316 [2:4.1.1-1] - update to https://github.com/containers/podman/releases/tag/v4.1.1 - Related: #2061316 [2:4.1.0-4] - don't require runc and Recommends: crun - Related: #2061316 [2:4.1.0-3] - Re-enable LTO and debuginfo - Related: #2061316 [2:4.1.0-2] - update gvisor-tap-vsock to 0.2.0 to fix compilation with golang 1.18 - Related: #2061316 [2:4.1.0-1] - update to https://github.com/containers/podman/releases/tag/v4.1.0 - Related: #2061316 [2:4.0.3-2] - require netavark and move CNI to soft dependencies - Related: #2061316 [2:4.0.3-1] - update to https://github.com/containers/podman/releases/tag/v4.0.3 - Related: #2061316 [2:4.0.2-3] - bump minimal libseccomp version requirement - Related: #2061316 [2:4.0.2-2] - rebuilt with golang >= 1.17.5 (CVE-2021-44716, CVE-2021-44717) - Related: #2061316 [2:4.0.2-1] - update to https://github.com/containers/podman/releases/tag/v4.0.2 - Related: #2059681 [2:4.0.1-1] - update to https://github.com/containers/podman/releases/tag/v4.0.1 - Related: #2000051 [2:4.0.0-6] - set catatonit cflags after configure step, don't explicitly set ldflags - Related: #2054115 [2:4.0.0-5] - revert previous change and run set_build_flags before the build process - Related: #2054115 [2:4.0.0-4] - add -D_FORTIFY_SOURCE=2 for podman-catatonit - Related: #2054115 [2:4.0.0-3] - depend on containers-common >= 2:1-28 - Related: #2000051 [2:4.0.0-2] - use correct commit 49f8da72 for podman, previous commit said 4.0.1-dev - Related: #2000051 [2:4.0.0-1] - update to podman-4.0.0 release - Related: #2000051 [2:4.0.0-0.32] - update to the latest content of https://github.com/containers/podman/tree/v4.0 (https://github.com/containers/podman/commit/a34f279) - Related: #2000051 [2:4.0.0-0.31] - update to the latest content of https://github.com/containers/podman/tree/v4.0 (https://github.com/containers/podman/commit/ab3e566) - Related: #2000051 [2:4.0.0-0.30] - fix linker flags to assure -D_FORTIFY_SOURCE=2 is present at the command line - Related: #2000051 [2:4.0.0-0.29] - update to the latest content of https://github.com/containers/podman/tree/v4.0 (https://github.com/containers/podman/commit/b0a445e) - Related: #2000051 [2:4.0.0-0.28] - update to the latest content of https://github.com/containers/podman/tree/v4.0 (https://github.com/containers/podman/commit/c4a9aa7) - Related: #2000051 [2:4.0.0-0.27] - update to the latest content of https://github.com/containers/podman/tree/v4.0 (https://github.com/containers/podman/commit/5b2d96f) - Related: #2000051 [2:4.0.0-0.26] - set CGO_CFLAGS explicitly - Related: #2000051 [2:4.0.0-0.25] - bump to 0.25 to have highest NVR - Related: #2000051 [2:4.0.0-0.4] - rebuilt - Related: #2000051 [2:4.0.0-0.3] - update to the latest content of https://github.com/containers/podman/tree/v4.0 (https://github.com/containers/podman/commit/2dca7b2) - Related: #2000051 [2:4.0.0-0.2] - update to the latest content of https://github.com/containers/podman/tree/v4.0 (https://github.com/containers/podman/commit/4ad9e00) - Related: #2000051 [2:4.0.0-0.1] - update to the latest content of https://github.com/containers/podman/tree/v4.0 (https://github.com/containers/podman/commit/337f706) - Related: #2000051 [2:3.4.5-0.8] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/a54320a) - Related: #2000051 [2:3.4.5-0.7] - add rootless_role (Ed Santiago) - Related: #2000051 [2:3.4.5-0.6] - add git-daemon to test subpackage (https://github.com/containers/podman/issues/12851) - Related: #2000051 [2:3.4.5-0.5] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/63134a1) - Related: #2000051 [2:3.4.5-0.4] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/3f57b6e) - Related: #2000051 [2:3.4.5-0.3] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/17788ed) - Related: #2000051 [2:3.4.5-0.2] - incorporate gating test fixes from Ed Santiago: - remove buildah and skopeo (unused) - bump BATS from v1.1 to v1.5 - rename 'nonroot' to 'rootless' - Related: #2000051 [2:3.4.5-0.1] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/b8fde5c) - Related: #2000051 [2:3.4.4-0.1] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/49f589d) - Related: #2000051 [2:3.4.3-0.11] - remove downstream patch already applied upstream - Related: #2000051 [2:3.4.3-0.10] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/fe44757) - Related: #2000051 [2:3.4.3-0.9] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/815f36a) - Related: #2000051 [2:3.4.3-0.8] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/31bc358) - Related: #2000051 [2:3.4.3-0.7] - bump Epoch to not to pull in older versions built off upstream main branch - Related: #2000051 [1:3.4.3-0.6] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/e3a7a74) - add libsubid_tag.sh into BUILDTAGS - Related: #2000051 [1:3.4.3-0.5] - do not put patch URL as the backported patch will get overwritten when 'spectool -g -f' is executed - Related: #2000051 [1:3.4.3-0.4] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/7203178) - Related: #2000051 [1:3.4.3-0.3] - remove -t 0 from podman gating test - Related: #2000051 [1:3.4.3-0.2] - add BuildRequires: shadow-utils-subid-devel - Related: #2000051 [1:3.4.3-0.1] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/4808a63) - Related: #2000051 [1:3.4.2-0.8] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/fd010ad) - Related: #2000051 [1:3.4.2-0.7] - backport https://github.com/containers/podman/pull/12118 to 3.4 in attempt to fix gating tests - Related: #2000051 [1:3.4.2-0.6] - add Requires: gnupg (https://github.com/containers/podman/pull/12270) - Related: #2000051 [1:3.4.2-0.5] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/8de9950) - Related: #2000051 [1:3.4.2-0.4] - update catatonit to 1.7 - Related: #2000051 [1:3.4.2-0.3] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/75023e9) - Related: #2000051 [1:3.4.2-0.2] - compile catatonit library as PIE - Related: #2000051 [1:3.4.2-0.1] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/09aade7) - Related: #2000051 [1:3.4.1-2] - more dependency tightening - thanks to Michael Rochefort for noticing - Related: #2000051 [1:3.4.1-1] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/c15c154) - Related: #2000051 [1:4.0.0-0.24] - respect Epoch in subpackage dependencies - Related: #2000051 [1:4.0.0-0.23] - bump Epoch to preserve upgrade path from RHEL8 - Related: #2000051 [4.0.0-0.22] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/ea86893) - Related: #2000051 [4.0.0-0.21] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/14c0fcc) - Related: #2000051 [4.0.0-0.20] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/bfb904b) - Related: #2000051 [4.0.0-0.19] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/8bcc086) - Related: #2000051 [4.0.0-0.18] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/c963a50) - Related: #2000051 [4.0.0-0.17] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/b9d8c63) - Related: #2000051 [4.0.0-0.16] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/317e20a) - Related: #2000051 [4.0.0-0.15] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/b187dfe) - Related: #2000051 [4.0.0-0.14] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/cd10304) - Related: #2000051 [4.0.0-0.13] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/e19a09c) - Related: #2000051 [4.0.0-0.12] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/800d594) - Related: #2000051 [4.0.0-0.11] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/1dba601) - Related: #2000051 [4.0.0-0.10] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/8e2d25e) - Related: #2000051 [4.0.0-0.9] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/b925d70) - Related: #2000051 [4.0.0-0.8] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/6cf13c3) - Related: #2000051 [4.0.0-0.7] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/5f41ffd) - update to https://github.com/containers/podman-machine-cni/releases/tag/v0.2.0 - Related: #2000051 [4.0.0-0.6] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/4b6ffda) - Related: #2000051 [4.0.0-0.5] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/323fe36) - Related: #2000051 [4.0.0-0.4] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/b603c7a) - Related: #2000051 [4.0.0-0.3] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/0f3d3bd) - Related: #2000051 [4.0.0-0.2] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/63f6656) - Related: #2000051 [4.0.0-0.1] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/26c8549) - Related: #2000051 [3.3.1-1] - update to the latest content of https://github.com/containers/podman/tree/v3.3.1-rhel (https://github.com/containers/podman/commit/405507a) - Related: #2000051 - mark ghost dir correctly [3.3.0-4] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [3.3.0-3] - update to the latest content of https://github.com/containers/podman/tree/v3.3 (https://github.com/containers/podman/commit/57422d2) - Related: #1970747 [3.3.0-2] - update to the latest content of https://github.com/containers/podman/tree/v3.3 (https://github.com/containers/podman/commit/b1d3875) - Related: #1970747 [3.3.0-1] - update to 3.3.0 release and switch to the v3.3 maint branch - Related: #1970747 [3.3.0-0.27] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/4244288) - Related: #1970747 [3.3.0-0.26] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/f17b810) - Related: #1970747 [3.3.0-0.25] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/2041731) - Related: #1970747 [3.3.0-0.24] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/f9395dd) - Related: #1970747 [3.3.0-0.23] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/a5de831) - Related: #1970747 [3.3.0-0.22] - bump version to follow the 3.3.0 upgrade path - Related: #1970747 [3.3.0-0.9] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/4f5b19c) - Related: #1970747 [3.2.3-0.8] - update to the latest content of https://github.com/containers/podman/tree/v3.2.3-rhel (https://github.com/containers/podman/commit/78f0bd7) - Related: #1970747 [3.2.3-0.7] - switch to v3.2.3-rhel branch - Related: #1970747 [3.2.3-0.6] - update to the latest content of https://github.com/containers/podman/tree/v3.2 (https://github.com/containers/podman/commit/2eea7fe) - Related: #1970747 [3.2.3-0.5] - update to the latest content of https://github.com/containers/podman/tree/v3.2 (https://github.com/containers/podman/commit/4136f8b) - Related: #1970747 [3.2.3-0.4] - update product version in gating.yaml - update to the latest content of https://github.com/containers/podman/tree/v3.2 (https://github.com/containers/podman/commit/60d12f7) - Related: #1970747 [3.2.3-0.3] - update to the latest content of https://github.com/containers/podman/tree/v3.2 (https://github.com/containers/podman/commit/275b0d8) - Related: #1970747 [3.2.3-0.2] - put 87-podman-bridge.conflist to main podman package not podman-remote - Related: #1970747 [3.2.3-0.1] - update to the latest content of https://github.com/containers/podman/tree/v3.2 (https://github.com/containers/podman/commit/6f0bf16) - Related: #1970747 [3.2.2-2] - remove missing unit files - Related: #1970747 [3.2.2-1] - consume content from v3.2 upstream branch - Related: #1970747 [3.3.0-0.21] - fix build - Related: #1970747 [3.3.0-0.20] - update install targets - Related: #1970747 [3.3.0-0.19] - update to the latest content of https://github.com/containers/podman/tree/master (https://github.com/containers/podman/commit/1846070) - Related: #1970747 [3.3.0-0.18] - update to the latest content of https://github.com/containers/podman/tree/master (https://github.com/containers/podman/commit/c260cbd) - Related: #1970747 [3.3.0-0.17] - update to the latest content of https://github.com/containers/podman/tree/master (https://github.com/containers/podman/commit/0a0ade3) - Related: #1970747 [3.3.0-0.16] - update to the latest content of https://github.com/containers/podman/tree/master (https://github.com/containers/podman/commit/d1f57a0) - Related: #1970747 [3.3.0-0.15] - update to the latest content of https://github.com/containers/podman/tree/master (https://github.com/containers/podman/commit/fc34f35) - Related: #1970747 [3.3.0-0.14] - update to the latest content of https://github.com/containers/podman/tree/master (https://github.com/containers/podman/commit/d3afc6b) - Related: #1970747 [3.3.0-0.13] - Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065 [3.3.0-0.12] - update to the latest content of https://github.com/containers/podman/tree/master (https://github.com/containers/podman/commit/be15e69) - Related: #1970747 [3.3.0-0.11] - update to the latest content of https://github.com/containers/podman/tree/master (https://github.com/containers/podman/commit/928687e) - Resolves: #1970747 [3.3.0-0.10] - update to the latest content of https://github.com/containers/podman/tree/master (https://github.com/containers/podman/commit/ce04a3e) - Resolves: #1970747 [3.3.0-0.9] - update to the latest content of https://github.com/containers/podman/tree/master (https://github.com/containers/podman/commit/814a8b6) - Resolves: #1970747 [3.3.0-0.8] - add new systemd unit files - Related: #1970747 [3.3.0-0.7] - update to the latest content of https://github.com/containers/podman/tree/master (https://github.com/containers/podman/commit/092b2ec) - Related: #1970747 [3.3.0-0.6] - update to the latest content of https://github.com/containers/podman/tree/master (https://github.com/containers/podman/commit/e2f51ee) - Related: #1970747 [3.3.0-0.5] - update to the latest content of https://github.com/containers/podman/tree/master (https://github.com/containers/podman/commit/e549ca5) - Related: #1970747 [3.3.0-0.4] - update podman - Related: #1970747 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-30629 CVE-2022-41717 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_base Oracle Linux 9 [2:1.11.2-0.1] - update to the latest content of https://github.com/containers/skopeo/tree/release-1.11 (https://github.com/containers/skopeo/commit/3f98753) - Related: #2124478 [2:1.11.1-1] - update to https://github.com/containers/skopeo/releases/tag/v1.11.1 - Related: #2124478 [2:1.11.0-1] - update to 1.11.0 release - Related: #2124478 [2:1.11.0-0.4] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/b3b2c73) - Related: #2124478 [2:1.11.0-0.3] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/fe15a36) - Related: #2124478 [2:1.11.0-0.2] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/8e09e64) - Related: #2124478 [2:1.11.0-0.1] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/2817510) - Related: #2124478 [2:1.10.0-1] - update to https://github.com/containers/skopeo/releases/tag/v1.10.0 - Related: #2124478 [2:1.9.3-1] - update to https://github.com/containers/skopeo/releases/tag/v1.9.3 - Related: #2124478 [2:1.9.2-1] - update to https://github.com/containers/skopeo/releases/tag/v1.9.2 - Related: #2061316 [2:1.9.1-1] - update to https://github.com/containers/skopeo/releases/tag/v1.9.1 - Related: #2061316 [2:1.9.0-1] - update to https://github.com/containers/skopeo/releases/tag/v1.9.0 - Related: #2061316 [2:1.8.0-4] - Re-enable debuginfo - Related: #2061316 [2:1.8.0-3] - BuildRequires: /usr/bin/go-md2man - Related: #2061316 [2:1.8.0-2] - enable LTO - Related: #1988128 [2:1.8.0-1] - update to https://github.com/containers/skopeo/releases/tag/v1.8.0 - Related: #2061316 [2:1.7.0-1] - update to https://github.com/containers/skopeo/releases/tag/v1.7.0 - Related: #2061316 [2:1.6.1-4] - add tags: classic (Ed Santiago) - Related: #2061316 [2:1.6.1-3] - remove BATS from required packages (Ed Santiago) - Related: #2061316 [2:1.6.1-2] - be sure to install BATS before gating tests are executed (thanks to Ed Santiago) - Related: #2061316 [2:1.6.1-1] - update to https://github.com/containers/skopeo/releases/tag/v1.6.1 - Related: #2000051 [2:1.6.0-1] - update to https://github.com/containers/skopeo/releases/tag/v1.6.0 - Related: #2000051 [2:1.5.2-1] - update to https://github.com/containers/skopeo/releases/tag/v1.5.2 - Related: #2000051 [2:1.5.1-1] - update to https://github.com/containers/skopeo/releases/tag/v1.5.1 - Related: #2000051 [2:1.5.1-0.9] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/4acc9f0) - Related: #2000051 [2:1.5.1-0.8] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/c2732cb) - Related: #2000051 [2:1.5.1-0.7] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/01e58f8) - Related: #2000051 [2:1.5.1-0.6] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/8f64c04) - Related: #2000051 [2:1.5.1-0.5] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/8182255) - Related: #2000051 [2:1.5.1-0.4] - bump Epoch to preserve upgrade patch from RHEL8 - Related: #2000051 [1:1.5.1-0.3] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/9c9a9f3) - Related: #2000051 [1:1.5.1-0.2] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/116e75f) - Related: #2000051 [1:1.5.1-0.1] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/fc81803) - Related: #2000051 [1:1.4.1-0.14] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/ff88d3f) - Related: #2000051 [1:1.4.1-0.13] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/a95b0cc) - Related: #2000051 [1:1.4.1-0.12] - add skopeo tests from Fedora - Related: #2000051 [1:1.4.1-0.11] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/53cf287) - Related: #2000051 [1:1.4.1-0.10] - add gating.yaml - Related: #2000051 [1:1.4.1-0.9] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/86fa758) - Related: #2000051 [1:1.4.1-0.8] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/2c2e5b7) - Related: #2000051 [1:1.4.1-0.7] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/25d3e7b) - Related: #2000051 [1:1.4.1-0.6] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/c5a5199) - Related: #2000051 [1:1.4.1-0.5] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/db1e814) - Related: #2000051 [1:1.4.1-0.4] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/31b8981) - Related: #2000051 [1:1.4.1-0.3] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/177443f) - Related: #2000051 [1:1.4.1-0.2] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/30f208e) - Related: #2000051 [1:1.4.1-0.1] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/47b8082) - Related: #2000051 [1:1.4.1-1] - rebuild with containers-common dep fixed - Related: #2000051 [1:1.4.0-7] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [1:1.4.0-6] - be sure short-name-mode is permissive in RHEL8 - Related: #1970747 [1:1.4.0-5] - don't define short-name-mode in RHEL8 - Related: #1970747 [1:1.4.0-4] - put both RHEL8 and RHEL9 conditional configurations into update.sh - Related: #1970747 [1:1.4.0-3] - update vendored components - always require runc on RHEL8 or lesser - Related: #1970747 [1:1.4.0-2] - update to the latest content of https://github.com/containers/skopeo/tree/release-1.4 (https://github.com/containers/skopeo/commit/a44da44) - Related: #1970747 [1:1.4.0-1] - update to 1.4.0 release and switch to the release-1.4 maint branch - Related: #1970747 [1:1.4.0-0.2] - update vendored components - ship /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release only on non-RHEL and CentOS distros - Related: #1970747 [1:1.4.0-0.1] - switch to the main branch of skopeo - Related: #1970747 [1:1.3.1-9] - Add support for signed RHEL images, enabled by default - Related: #1970747 [1:1.3.1-8] - update seccomp.json from Fedora to allow clone3 to pass - Related: #1970747 [1:1.3.1-7] - update shortnames from Pyxis - put RHEL9/UBI9 images into overrides - Related: #1970747 [1:1.3.1-6] - correct name of the option is 'short-name-mode' not 'short-names-mode' - Related: #1970747 [1:1.3.1-5] - handle CentOS Stream while updating vendored components - Related: #1970747 [1:1.3.1-4] - update to the latest content of https://github.com/containers/skopeo/tree/release-1.3 (https://github.com/containers/skopeo/commit/038f70e) - Related: #1970747 [1:1.3.1-3] - update registries.conf to be consistent with upstream - Related: #1970747 [1:1.3.1-2] - consume content from the release-1.3 upstream branch - Related: #1970747 [1:1.3.1-1] - update to https://github.com/containers/skopeo/releases/tag/v1.3.1 - Related: #1970747 [1:1.3.0-7] - Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065 [1:1.3.0-6] - set short-names-mode = 'enforcing' in registries.conf - Resolves: #1971752 [1:1.3.0-5] - configure for RHEL9 - Related: #1970747 [1:1.3.0-4] - add missing containers-mounts.conf.5.md file to git - don't list/install the same doc twice - Related: #1970747 [1:1.3.0-3] - update to new versions of vendored components - fail is there is an issue in communication with Pyxis API - understand devel branch in update.sh script, use pkg wrapper - sync with Pyxis - use containers-mounts.conf.5.md from containers/common - Related: #1970747 [1:1.2.2-4] - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 [1:1.2.2-3] - disable LTO again [1:1.2.2-2] - use rhel-shortnames only from trusted registries - sync with config files from current versions of vendored projects MODERATE Copyright 2023 Oracle, Inc. CVE-2022-30629 CVE-2022-41717 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_base Oracle Linux 9 jss [5.3.0-1] - Rebase to JSS 5.3.0 [5.3.0-0.3.beta2] - Rebase to JSS 5.3.0-beta2 - Bug 2017098 - pki pkcs12-cert-add command failing with 'Unable to validate PKCS #12 file: Digests do not match' exception [5.3.0-0.2.beta1] - Rebase to JSS 5.3.0-beta1 ldapjdk [5.3.0-1] - Rebase to LDAP SDK 5.3.0 [5.3.0-0.2.beta1] - Rebase to LDAP SDK 5.3.0-beta1 pki-core [11.3.0-1.0.1] - Replaced upstream graphical references [Orabug: 33952704] [11.3.0-1] - Rebase to PKI 11.3.0 - Bug #2091993 - IdM Install fails on RHEL 8.5 Beta when DISA STIG is applied - Bug #2122409 - pki-tomcat/kra unable to decrypt when using RSA-OAEP padding in RHEL9 with FIPS enabled [11.3.0-0.2.beta1] - Rebase to PKI 11.3.0-beta1 - Bug #1849834 - [RFE] Provide EST Responder (RFC 7030) - Bug #1883477 - [RFE] Automatic expired certificate purging - Bug #2091999 - Error displayed should be user friendly in case RSNv3 certificate serial number collision - Bug #2106452 - softhsm2: Unable to create cert: Private key not found - Bug #2106459 - CVE-2022-2393 pki-core: Improper authentication/authorization with caServerKeygen_DirUserCert profile [11.2.1-1] - Rebase to PKI 11.2.1 - Bug #2107336 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE [rhel-9.1.0] [11.2.0-1] - Rebase to PKI 11.2.0 - Bug #2084639 ipa cert-request ssl error - Bug #2099312 SKI field is not reflected back in generated CSR - Bug #2095197 PKI cert-fix operation failing [11.2.0-0.4.beta3] - Rebase to PKI 11.2.0-beta3 - Bug #2062808 Drop SHA-1 use from authentication challenges [rhel-9.1.0] [11.2.0-0.3.beta2] - Rebase to PKI 11.2.0-beta2 - Rename packages to idm-pki [11.2.0-0.2.beta1] - Rebase to PKI 11.2.0-beta1 [11.0.3-1] - Bug #2033109 Invalid certificates with creation of subCA (pkispawn single step)[rhel-9.0.0] - Bug #2013141 kra-key-retrieve failed to accept xml input format to generate .p12 key through cli - Bug #2029838 SHA1withRSA being listed in signing certificates while approving certificate via Agent page in browser [11.0.1-3] - Change gcc compiler flags to fix annobin gating failures [11.0.1-2] - Rebase to PKI 11.0.1 [11.0.0-1] - Rebase to PKI 11.0.0 [11.0.0-0.6.beta1] - Rebase to PKI 11.0.0-beta1 - Bug #1999052 - pki instance creation fails for IPA server [11.0.0-0.5.alpha1] - Drop BuildRequires and Requires on glassfish-jaxb-api and jaxb-impl Resolves #2002594 [11.0.0-0.4.alpha1] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [11.0.0-0.3] - Drop sudo dependency [11.0.0-0.2] - Resolves: rhbz#1975406 - IPA installation fails during pki-tomcatd setup. [11.0.0-0.1] - Rebase to PKI 11.0.0-alpha1 [10.11.0-0.1] - Rebase to PKI 10.11.0-alpha1 tomcatjss [8.3.0-1] - Rebase to Tomcat JSS 8.3.0 [8.3.0-0.2.beta1] - Rebase to Tomcat JSS 8.3.0-beta1 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-2393 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base Oracle Linux 9 jackson-annotations [2.14.1-1] - Update to version 2.14.1 - Resolves: #2070122 jackson-core [2.14.1-1] - Update to version 2.14.1 - Resolves: #2070122 jackson-databind [2.14.1-1] - Update to version 2.14.1 - Resolves: #2070122 jackson-jaxrs-providers [2.14.1-1] - Update to version 2.14.1 - Resolves: #2070122 jackson-modules-base [2.14.1-1] - Update to version 2.14.1 - Resolves: #2070122 MODERATE Copyright 2023 Oracle, Inc. CVE-2020-36518 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-39253 CVE-2022-24765 CVE-2022-29187 CVE-2022-39260 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base Oracle Linux 9 [2:2.4.1-5] - Fix 'implicit declaration of function' errors (#2136155, #2145140) [- 2:2.4.1-4] - CVE-2022-39282: Fix length checks in parallel driver (#2136152) - CVE-2022-39283: Add missing length check in video channel (#2136154) - CVE-2022-39316, CVE-2022-39317: Add missing length checks in zgfx (#2145140) - CVE-2022-39318: Fix division by zero in urbdrc channel (#2145140) - CVE-2022-39319: Add missing length checks in urbdrc channel (#2145140) - CVE-2022-39320: Ensure urb_create_iocompletion uses size_t (#2145140) - CVE-2022-39347: Fix path validation in drive channel (#2145140) - CVE-2022-41877: Add missing length check in drive channel (#2145140) MODERATE Copyright 2023 Oracle, Inc. CVE-2022-39316 CVE-2022-39319 CVE-2022-39320 CVE-2022-39282 CVE-2022-41877 CVE-2022-39283 CVE-2022-39318 CVE-2022-39347 CVE-2022-39317 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::codeready_builder_developer Oracle Linux 9 [4.4.0-7] - Fix CVE-2022-3970 - Resolves: CVE-2022-3970 [4.4.0-6] - Fix CVE-2022-3597 CVE-2022-3626 CVE-2022-3599 CVE-2022-3570 CVE-2022-3598 CVE-2022-3627 - Resolves: CVE-2022-3597 CVE-2022-3626 CVE-2022-3599 CVE-2022-3570 CVE-2022-3598 CVE-2022-3627 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-3570 CVE-2022-3597 CVE-2022-3627 CVE-2022-3970 CVE-2022-4645 CVE-2022-3599 CVE-2023-30774 CVE-2022-3626 CVE-2023-30775 CVE-2022-3598 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder_developer cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream_developer Oracle Linux 9 [3.2.0-1] - Update to 3.2.0 - Resolves: #2139383 [2.13.3-4] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [2.13.3-3] - Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065 [2.13.3-2] - Fixed name of source tarball - Fixed date in the latest changelog entry - Related: #1952517 [2.13.3-1] - Update to latest version - Resolves: #1952517 [2.13.0-2] - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 [2.13.0-1] - Enable bundling - Update to latest version MODERATE Copyright 2023 Oracle, Inc. CVE-2022-27664 CVE-2022-30632 CVE-2022-32189 CVE-2022-1705 CVE-2022-30630 CVE-2022-32148 CVE-2022-30635 CVE-2022-41715 CVE-2022-2880 CVE-2022-41717 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base Oracle Linux 9 [1:27.2-8] - Use a 64KB page size for pdump (#1979804) [1:27.2-7] - Fix ctags local command execute vulnerability (#2149387) MODERATE Copyright 2023 Oracle, Inc. CVE-2022-45939 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base Oracle Linux 9 [1:1.2.0-1] - update to https://github.com/containernetworking/plugins/releases/tag/v1.2.0 - Related: #2124478 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-30629 CVE-2022-41717 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base Oracle Linux 9 [1.16.2-3] - Fix NRDelegation attack leading to uncontrolled resource consumption (CVE-2022-3204) MODERATE Copyright 2023 Oracle, Inc. CVE-2022-3204 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::codeready_builder_developer Oracle Linux 9 [1:3.4.10-4] - Resolves: #2152064 - CVE-2022-3190 wireshark: f5ethtrailer Infinite loop in legacy style dissector [1:3.4.10-3] - Resolves: #2083581 - capinfos aborts in FIPS [1:3.4.10-2] - Resolves: #2160648 - Enhanced TMT testing for centos-stream MODERATE Copyright 2023 Oracle, Inc. CVE-2022-3190 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder_developer cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream_developer Oracle Linux 9 [42.2.27-1] - rebase to 42.2.27 - fix for CVE-2022-41946 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-41946 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base Oracle Linux 9 php-pecl-apcu [5.1.21-1] - update to 5.1.21 for PHP 8.1 #2070040 php-pecl-rrd [2.0.3-4] - build for PHP 8.1 #2070040 php-pecl-xdebug3 [3.1.4-1] - update to 3.1.4 for PHP 8.1 #2070040 php-pecl-zip [1.20.1-1] - update to 1.20.1 for PHP 8.1 #2070040 php [8.1.14-1] - rebase to 8.1.14 [8.1.8-1] - update to 8.1.8 #2070040 [8.1.7-2] - clean unneeded dependency on useradd command [8.1.7-1] - update to 8.1.7 #2070040 [8.1.6-2] - add upstream patch to initialize pcre before mbstring - add upstream patch to use more sha256 in openssl tests [8.1.6-1] - update to 8.1.6 #2070040 [8.0.13-1] - rebase to 8.0.13 #2032429 - refresh configuration files from upstream [8.0.12-1] - rebase to 8.0.12 #2017111 #1981423 - build using system libxcrypt #2015903 [8.0.10-1] - rebase to 8.0.10 #1992513 - compatibility with OpenSSL 3.0 #1992492 - snmp: add sha256 / sha512 security protocol #1936635 - phar: implement openssl_256 and openssl_512 for phar signatures - phar: use sha256 signature by default [8.0.6-9] - Rebuilt for libffi 3.4.2 SONAME transition. Related: rhbz#1891914 [8.0.6-8] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [8.0.6-7] - Rebuild to pick up new build flags from redhat-rpm-config (#1984652) [8.0.6-6] - Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065 [8.0.6-5] - fix build with net-snmp without DES #1953492 [8.0.6-4] - fix build with openssl 3.0 #1953492 [8.0.6-3] - get rid of inet_addr and gethostbyaddr calls [8.0.6-2] - get rid of inet_ntoa and inet_aton calls [8.0.6-1] - Update to 8.0.6 - http://www.php.net/releases/8_0_6.php [8.0.5-1] - Update to 8.0.5 - http://www.php.net/releases/8_0_5.php [8.0.5~RC1-1] - update to 8.0.5RC1 [8.0.4~RC1-2] - make libdb usage conditional default: on for Fedora, off for RHEL [8.0.4~RC1-1] - update to 8.0.4RC1 [8.0.3-2] - clean conditions [8.0.3-1] - Update to 8.0.3 - http://www.php.net/releases/8_0_3.php - see https://fedoraproject.org/wiki/Changes/php80 - drop xmlrpc extension - drop json subpackage, extension always there - enchant: use libenchant-2 instead of libenchant [7.4.16-1] - Update to 7.4.16 - http://www.php.net/releases/7_4_16.php [7.4.15-3] - drop php-imap, fix #1929640 [7.4.15-2] - rebuild for libpq ABI fix rhbz#1908268 [7.4.15-1] - Update to 7.4.15 - http://www.php.net/releases/7_4_15.php - add upstream patch for https://bugs.php.net/80682 fix opcache doesn't honour pcre.jit option [7.4.15~RC2-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild [7.4.15~RC2-1] - update to 7.4.15RC2 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-31629 CVE-2022-31630 CVE-2022-31628 CVE-2022-31631 CVE-2022-37454 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [1:5.9.1-9.0.1] - fix error index value when snmpget is used a proxy pass [Orabug: 35010262] [1:5.9.1-9] - fix CVE-2022-44792 and CVE-2022-44793 (#2141902) and (#2141906) - fix memory leak when ipv6 disable set to 1 (#2151540) [1:5.9.1-8] - fix default snmpd.conf file content (#2067954) MODERATE Copyright 2023 Oracle, Inc. CVE-2022-44793 CVE-2022-44792 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base Oracle Linux 9 [0.9.1-3.20211126git1ff6fe1f43] - Backport 'tpm2: Check size of buffer before accessing it' (CVE-2023-1017 & CVE-2023-1018) Resolves: rhbz#2173960 Resolves: rhbz#2173967 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-1018 CVE-2023-1017 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::distro_builder cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-3567 CVE-2022-47929 CVE-2022-1462 CVE-2022-3028 CVE-2022-3640 CVE-2022-3522 CVE-2022-3628 CVE-2022-42721 CVE-2022-42896 CVE-2022-39189 CVE-2021-33655 CVE-2022-3623 CVE-2021-26341 CVE-2022-21505 CVE-2023-1195 CVE-2022-3619 CVE-2022-20141 CVE-2022-42703 CVE-2022-3524 CVE-2022-2663 CVE-2022-3707 CVE-2022-43750 CVE-2022-3625 CVE-2023-0590 CVE-2022-42722 CVE-2022-1882 CVE-2022-3435 CVE-2022-3566 CVE-2023-1382 CVE-2022-1789 CVE-2022-4129 CVE-2023-0461 CVE-2022-2196 CVE-2022-28388 CVE-2022-33743 CVE-2022-39188 CVE-2022-4128 CVE-2022-42720 CVE-2023-0394 CVE-2022-41674 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_base cpe:/o:oracle:linux:9:2:baseos_base cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [0.8.7-20] - Add 0083-multipath.rules-fix-smart-bug-with-failed-valid-path.patch - Add 0084-libmultipath-limit-paths-that-can-get-wwid-from-envi.patch - Change how the installation dir for kpartx_id is specified - Resolves: bz #1926147 [0.8.7-19] - Fix bugzilla linked to the changes (was previously linked to the wrong bug, 2162536) - Resolves: bz #2166467 [0.8.7-18] - Add 0079-libmultipath-use-select_reload_action-in-select_acti.patch - Add 0080-libmultipath-select-resize-action-even-if-reload-is-.patch - Add 0081-libmultipath-cleanup-ACT_CREATE-code-in-select_actio.patch - Add 0082-libmultipath-keep-renames-from-stopping-other-multip.patch - Resolves: bz #2166467 [0.8.7-17] - Add 0077-libmultipath-don-t-leak-memory-on-invalid-strings.patch - Add 0078-libmutipath-validate-the-argument-count-of-config-st.patch - Resolves: bz #2145225 [0.8.7-16] - Add 0076-multipath.conf-5-remove-io-affinity-information.patch - Resolves: bz #2143125 [0.8.7-15] - Add 0067-kpartx-hold-device-open-until-partitions-have-been-c.patch * Fixes bz #2141860 - Add 0068-libmultipath-cleanup-remove_feature.patch - Add 0069-libmultipath-cleanup-add_feature.patch - Add 0070-multipath-tests-tests-for-adding-and-removing-featur.patch - Add 0071-libmultipath-fix-queue_mode-feature-handling.patch - Add 0072-multipath-tests-tests-for-reconcile_features_with_qu.patch - Add 0073-libmultipath-prepare-proto_id-for-use-by-non-scsi-de.patch - Add 0074-libmultipath-get-nvme-path-transport-protocol.patch - Add 0075-libmultipath-enforce-queue_mode-bio-for-nmve-tcp-pat.patch * Fixes bz #2033080 - Resolves: bz #2033080, #2141860 [0.8.7-14] - Add 0065-multipathd-ignore-duplicated-multipathd-command-keys.patch * Fixes bz #2133999 - Add 0066-multipath-tools-use-run-instead-of-dev-shm.patch * Fixes bz #2133989 - Resolves: bz #2133989, #2133999 [0.8.7-13] - Add 0062-multipathd-factor-out-the-code-to-flush-a-map-with-n.patch - Add 0063-libmultipath-return-success-if-we-raced-to-remove-a-.patch - Add 0064-multipathd-Handle-losing-all-path-in-update_map.patch - Resolves: bz #2125357 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-41973 cpe:/o:oracle:linux:9::baseos_developer cpe:/o:oracle:linux:9:2:baseos_base cpe:/a:oracle:linux:9::codeready_builder_developer cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [7.76.1-23] - fix HTTP multi-header compression denial of service (CVE-2023-23916) [7.76.1-22] - smb/telnet: fix use-after-free when HTTP proxy denies tunnel (CVE-2022-43552) [7.76.1-21] - fix POST following PUT confusion (CVE-2022-32221) [7.76.1-20] - control code in cookie denial of service (CVE-2022-35252) LOW Copyright 2023 Oracle, Inc. CVE-2022-43552 CVE-2022-35252 cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9::baseos_developer cpe:/o:oracle:linux:9:2:baseos_base Oracle Linux 9 [1.8.10-2.0.1] - Drop pesign.service restart in postun [Orabug: 34760075] - Update signing certificate [JIRA: OLDIS-16371] - Rebuild for SecureBoot signatures [Orabug: 33801813] - Build with the updated Oracle certificate - Use oraclesecureboot301 as certdir [Orabug: 29881368] - Use new signing certificate (Alex Burmashev) - Update SBAT data to include Oracle [Oracle: 33072886] [1.8.10-2] - Rebuild because distrobaker did entirely the wrong thing. - Resolves: rhbz#2128384, needed for rhbz#2119436 and rhbz#2128384 [1.8.10-1] - Rebase to latest upstream release to fix multiple ESP detection problems - Resolves: rhbz#2128384, needed for rhbz#2119436 and rhbz#2128384 [1.7.10-1] - New upstream release - Resolves: rhbz#2129280 [1.7.9-2] - Include the new dbx updates on the filesystem; clients typically do not have LVFS enabled. - Resolves: rhbz#2120708 [1.7.8-1] - New upstream release - Resolves: rhbz#2059075 [1.7.4-3] - Disable the Logitech bulkcontroller plugin to avoid adding a dep to protobuf-c which lives in AppStream, not BaseOS. - Use the efi_vendor variable from EFI-RPM - Resolves: rhbz#2064904 [1.7.4-1] - New upstream release - Backport Fedora 34 changes - Include support for Lenovo TBT4 Docking stations - Do not cause systemd-modules-load failures - Build against a new enough pesign - Resolves: rhbz#2007520 [1.7.1-1] - New upstream release - Backport Fedora 34 changes - Include support for Dell TBT4 Docking stations - Resolves: rhbz#1974347 - Resolves: rhbz#1991426 [1.5.9-4] - Rebuilt to use redhatsecureboot503 signatures - Undo last Fedora sync to use the RHEL-specific patches - Resolves: rhbz#2007520 [1.5.9-3] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [1.5.9-2] - Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065 [1.5.9-1] - Rebase to include the SBAT metadata section to allow fixing BootHole - Resolves: rhbz#1951030 [1.5.5-4] - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 [1.5.5-3] - Backport a patch from master to drop the python3-pillow dep - Resolves: rhbz#1935838 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-34301 CVE-2022-34302 CVE-2022-3287 CVE-2022-34303 cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_developer cpe:/o:oracle:linux:9:2:baseos_base cpe:/a:oracle:linux:9::codeready_builder_developer Oracle Linux 9 [12:4.4.2-18.b1] - Fix for CVE-2022-2928 - Fix for CVE-2022-2929 - Use systemd-sysusers for dhcp user and group (#2095396) MODERATE Copyright 2023 Oracle, Inc. CVE-2022-2928 CVE-2022-2929 cpe:/o:oracle:linux:9::baseos_developer cpe:/o:oracle:linux:9:2:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 evolution-mapi [3.40.1-5] - Related: #2131993 (Rebuild against samba 4.17) openchange [2.3-40] - Related: #2131993 (Rebuild against samba 4.17) samba [4.17.5-102.0.1] - Fix memleak in _nss_winbind_initgroups_dyn [Orabug: 34994509] [4.17.5-102] - resolves: rhbz#2169980 - Fix winbind memory leak - resolves: rhbz#2156056 - Fix Samba shares not accessible issue [4.17.5-101] - resolves: rhbz#2168534 - Create package samba-tools [4.17.5-100] - related: rhbz#2131993 - Update to version 4.17.5 [4.17.4-102] - related: rhbz#2131993 - Create package dc-libs also for 'non-dc build' [4.17.4-101] - related: rhbz#2131993 - Rebuild for MIT Kerberos 1.20.1 [4.17.4-100] - related: rhbz#2131993 - Update to version 4.17.4 - resolves: rhbz#2154373 - Fix CVE-2022-38023 - resolves: rhbz#2143196 - Fix %U include directive for share listing (netshareenum) - resolves: rhbz#2114884 - Fix id command to return new groups after successful user login - resolves: rhbz#2154885 - Fix Winbind to retrieve user groups from Active Directory [4.17.2-103] - Always add epoch to samba_depver to fix osci.brew-build.rpmdeplint.functional - related: rhbz#2131993 [4.17.2-102] - Fix CVE-2022-1615 GnuTLS gnutls_rnd() can fail and give predictable random values - resolves: rhbz#2126175 [4.17.2-101] - resolves: rhbz#2131993 - Update to version 4.17.2 [4.16.4-101] - resolves: rhbz#2121317 - Do not require samba package in python3-samba [4.16.4-100] - Rebase to version 4.16.4 - resolves: rhbz#2108332 - Fix CVE-2022-32742 [ 4.16.3-101] - related: rhbz#2077487 - Rebase Samba to 4.16.3 - resolves: rhbz#2097655 - The pcap background queue process should not be stopped - resolves: rhbz#2100105 - Fix net ads info LDAP server and LDAP server name [4.16.2-102] - resolves: rhbz#2106279 - Fix crash in rpcd_classic [4.16.2-101] - resolves: rhbz#2093833 - Fix weak dependency on logrotate - resolves: rhbz#2096813 - Fix printer displays only after 300 seconds timeout [4.16.2-100] - Fix rpminspect abidiff - related: rhbz#2077487 - Rebase Samba to 4.16.2 [4.16.1-100] - resolves: rhbz#2077487 - Rebase Samba to the the latest 4.16.x release [4.15.5-108] - resolves: rhbz#2078838 - Fix UPNs handling in lookup_name*() calls [4.15.5-106] - resolves: rhbz#2065376 - Fix 'create krb5 conf = yes when a KDC has a single IP address. - resolves: rhbz#2076504 - PAM Kerberos authentication fails with a clock skew error [4.15.5-105] - resolves: rhbz#2074891 - Fix username map for unix groups [4.15.5-104] - resolves: rhbz#2057500 - Fix winbind kerberos ticket refresh [4.15.5-103] - related: rhbz#2044231 - Fix typo in testparm output [4.15.5-102] - resolves: rhbz#2044231 - Improve idmap autorid sanity checks and documentation [4.15.5-101] - resolves: #2050111 - [RFE] Change change password change prompt phrasing - resolves: #2054110 - virusfilter_vfs_openat: Not scanned: Directory or special file [4.15.5-100] - related: rhbz#2013578 - Rebase Samba to the the latest 4.15.x release - resolves: #2046129 - Fix CVE-2021-44141 - resolves: #2046154 - Fix CVE-2021-44142 - resolves: #2044405 - Fix printing no longer works on Windows 7 - resolves: #2049485 - Fix systemd notifications - resolves: #2049604 - Disable NTLMSSP for ldap client connections [4.15.4-100] - related: rhbz#2013578 - Rebase Samba to the the latest 4.15.x release - resolves: #2039154 - Fix CVE-2021-20316 - resolves: #2044238 - Failed to authenticate users after upgrade samba package to release samba-4.14.5-7x - resolves: #2044239 - [smb] Segmentation fault when joining the domain - resolves: #2044241 - filename_convert_internal: open_pathref_fsp [xxx] failed: NT_STATUS_ACCESS_DENIED - resolves: #2044255 - Fix CVE-2021-43566 [4.15.3-1] - related: rhbz#2013578 - Rebase to Samba 4.15.3 - resolves: rhbz#2028026 - Fix possible null pointer dereference in winbind - resolves: rhbz#2033317 - Winexe: Kerberos Auth is respected via --use-kerberos=desired [4.15.2-3] - related: rhbz#2013578 - Remove unneeded lmdb dependency [4.15.2-2] - resolves: rhbz#2019675 - Fix CVE-2020-25717 [4.15.2-2] - resolves: rhbz#2019669 - Fix CVE-2021-23192 [4.15.2-2] - resolves: rhbz#2019663 - Fix CVE-2016-2124 [4.15.2-1] - resolves: rhbz#2013578 - Rebase to Samba 4.15.2 [4.14.5-103] - resolves: rhbz#1980356 - Fix winbind restart on package upgrade [0:4.14.5-102] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [4.14.5-101] - related: rhbz#1975690 - Create a subpackage for vfs-iouring [4.14.5-100] - related: rhbz#1954531 - Make sure upgrades to RHEL9 will work [4.14.5-0] - related: rhbz#1954531 - Update to Samba 4.14.5 [4.14.4-7] - related: rhbz#1954531 - Fix build issues with gcc - resolves: rhbz#1959712 - Add iouring vfs module [4.14.4-5] * related: rhbz#1954531 - Add rpminspect.yaml [4.14.4-2] - related: rhbz#1954531 - Remove obsolete /var/spool/samba [4.14.4-1] - resolves: rhbz#1954531 - Update to Samba 4.14.4 - resolves: rhbz#1949446 - Fix CVE-2021-20254 - resolves: rhbz#1942378 - Disable nis support [0:4.14.2-0.1] - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 LOW Copyright 2023 Oracle, Inc. CVE-2022-1615 cpe:/a:oracle:linux:9::distro_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_developer cpe:/o:oracle:linux:9:2:baseos_base cpe:/a:oracle:linux:9::codeready_builder_developer Oracle Linux 9 [3.0.7-6.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.7-6] - Fixes RNG slowdown in FIPS mode Resolves: rhbz#2168224 [1:3.0.7-5] - Fixed X.509 Name Constraints Read Buffer Overflow Resolves: CVE-2022-4203 - Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed Double free after calling PEM_read_bio_ex Resolves: CVE-2022-4450 - Fixed Use-after-free following BIO_new_NDEF Resolves: CVE-2023-0215 - Fixed Invalid pointer dereference in d2i_PKCS7 functions Resolves: CVE-2023-0216 - Fixed NULL dereference validating DSA public key Resolves: CVE-2023-0217 - Fixed X.400 address type confusion in X.509 GeneralName Resolves: CVE-2023-0286 - Fixed NULL dereference during PKCS7 data verification Resolves: CVE-2023-0401 [1:3.0.7-4] - Disallow SHAKE in RSA-OAEP decryption in FIPS mode Resolves: rhbz#2142121 [1:3.0.7-3] - Refactor OpenSSL fips module MAC verification Resolves: rhbz#2157965 [1:3.0.7-2] - Various provider-related imrovements necessary for PKCS#11 provider correct operations Resolves: rhbz#2142517 - We should export 2 versions of OPENSSL_str[n]casecmp to be compatible with upstream Resolves: rhbz#2133809 - Removed recommended package for openssl-libs Resolves: rhbz#2093804 - Adjusting include for the FIPS_mode macro Resolves: rhbz#2083879 - Backport of ppc64le Montgomery multiply enhancement Resolves: rhbz#2130708 - Fix explicit indicator for PSS salt length in FIPS mode when used with negative magic values Resolves: rhbz#2142087 - Update change to default PSS salt length with patch state from upstream Related: rhbz#2142087 [1:3.0.7-1] - Rebasing to OpenSSL 3.0.7 Resolves: rhbz#2129063 [1:3.0.1-44] - SHAKE-128/256 are not allowed with RSA in FIPS mode Resolves: rhbz#2144010 - Avoid memory leaks in TLS Resolves: rhbz#2144008 - FIPS RSA CRT tests must use correct parameters Resolves: rhbz#2144006 - FIPS-140-3 permits only SHA1, SHA256, and SHA512 for DRBG-HASH/DRBG-HMAC Resolves: rhbz#2144017 - Remove support for X9.31 signature padding in FIPS mode Resolves: rhbz#2144015 - Add explicit indicator for SP 800-108 KDFs with short key lengths Resolves: rhbz#2144019 - Add explicit indicator for HMAC with short key lengths Resolves: rhbz#2144000 - Set minimum password length for PBKDF2 in FIPS mode Resolves: rhbz#2144003 - Add explicit indicator for PSS salt length in FIPS mode Resolves: rhbz#2144012 - Clamp default PSS salt length to digest size for FIPS 186-4 compliance Related: rhbz#2144012 - Forbid short RSA keys for key encapsulation/decapsulation in FIPS mode Resolves: rhbz#2145170 [1:3.0.1-43] - CVE-2022-3602: X.509 Email Address Buffer Overflow - CVE-2022-3786: X.509 Email Address Buffer Overflow Resolves: CVE-2022-3602 [1:3.0.1-42] - CVE-2022-3602: X.509 Email Address Buffer Overflow Resolves: CVE-2022-3602 (rhbz#2137723) [1:3.0.1-41] - Zeroize public keys as required by FIPS 140-3 Related: rhbz#2102542 - Add FIPS indicator for HKDF Related: rhbz#2114772 [1:3.0.1-40] - Deal with DH keys in FIPS mode according FIPS-140-3 requirements Related: rhbz#2102536 - Deal with ECDH keys in FIPS mode according FIPS-140-3 requirements Related: rhbz#2102537 - Use signature for RSA pairwise test according FIPS-140-3 requirements Related: rhbz#2102540 - Reseed all the parent DRBGs in chain on reseeding a DRBG Related: rhbz#2102541 [1:3.0.1-39] - Use RSA-OAEP in FIPS RSA encryption/decryption FIPS self-test - Use Use digest_sign & digest_verify in FIPS signature self test - Use FFDHE2048 in Diffie-Hellman FIPS self-test Resolves: rhbz#2102535 [1:3.0.1-38] - Fix segfault in EVP_PKEY_Q_keygen() when OpenSSL was not previously initialized. Resolves: rhbz#2103289 - Improve AES-GCM performance on Power9 and Power10 ppc64le Resolves: rhbz#2051312 - Improve ChaCha20 performance on Power10 ppc64le Resolves: rhbz#2051312 [1:3.0.1-37] - CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 Resolves: CVE-2022-2097 [1:3.0.1-36] - Ciphersuites with RSAPSK KX should be filterd in FIPS mode - Related: rhbz#2085088 - FIPS provider should block RSA encryption for key transport. - Other RSA encryption options should still be available if key length is enough - Related: rhbz#2053289 - Improve diagnostics when passing unsupported groups in TLS - Related: rhbz#2070197 - Fix PPC64 Montgomery multiplication bug - Related: rhbz#2098199 - Strict certificates validation shouldn't allow explicit EC parameters - Related: rhbz#2058663 - CVE-2022-2068: the c_rehash script allows command injection - Related: rhbz#2098277 [1:3.0.1-35] - Add explicit indicators for signatures in FIPS mode and mark signature primitives as unapproved. Resolves: rhbz#2087147 [1:3.0.1-34] - Some OpenSSL test certificates are expired, updating - Resolves: rhbz#2092456 [1:3.0.1-33] - CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory - Resolves: rhbz#2089444 - CVE-2022-1343 openssl: Signer certificate verification returned inaccurate response when using OCSP_NOCHECKS - Resolves: rhbz#2087911 - CVE-2022-1292 openssl: c_rehash script allows command injection - Resolves: rhbz#2090362 - Revert 'Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode' Related: rhbz#2087147 - Use KAT for ECDSA signature tests, s390 arch - Resolves: rhbz#2069235 [1:3.0.1-32] - openssl ecparam -list_curves lists only FIPS-approved curves in FIPS mode - Resolves: rhbz#2083240 - Ciphersuites with RSA KX should be filterd in FIPS mode - Related: rhbz#2085088 - In FIPS mode, signature verification works with keys of arbitrary size above 2048 bit, and only with 1024, 1280, 1536, 1792 bits for keys below 2048 bits - Resolves: rhbz#2077884 [1:3.0.1-31] - Disable SHA-1 signature verification in FIPS mode - Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode Resolves: rhbz#2087147 [1:3.0.1-30] - Use KAT for ECDSA signature tests - Resolves: rhbz#2069235 [1:3.0.1-29] - -config argument of openssl app should work properly in FIPS mode - Resolves: rhbz#2083274 - openssl req defaults on PKCS#8 encryption changed to AES-256-CBC - Resolves: rhbz#2063947 [1:3.0.1-28] - OpenSSL should not accept custom elliptic curve parameters - Resolves rhbz#2066412 - OpenSSL should not accept explicit curve parameters in FIPS mode - Resolves rhbz#2058663 [1:3.0.1-27] - Change FIPS module version to include hash of specfile, patches and sources Resolves: rhbz#2070550 [1:3.0.1-26] - OpenSSL FIPS module should not build in non-approved algorithms - Resolves: rhbz#2081378 [1:3.0.1-25] - FIPS provider should block RSA encryption for key transport. - Other RSA encryption options should still be available - Resolves: rhbz#2053289 [1:3.0.1-24] - Fix regression in evp_pkey_name2type caused by tr_TR locale fix Resolves: rhbz#2071631 [1:3.0.1-23] - Fix openssl curl error with LANG=tr_TR.utf8 - Resolves: rhbz#2071631 [1:3.0.1-22] - FIPS provider should block RSA encryption for key transport - Resolves: rhbz#2053289 [1:3.0.1-21] - Fix occasional internal error in TLS when DHE is used - Resolves: rhbz#2004915 [1:3.0.1-20] - Fix acceptance of SHA-1 certificates with rh-allow-sha1-signatures = yes when no OpenSSL library context is set - Resolves: rhbz#2065400 [1:3.0.1-19] - Fix TLS connections with SHA1 signatures if rh-allow-sha1-signatures = yes - Resolves: rhbz#2065400 [1:3.0.1-18] - CVE-2022-0778 fix - Resolves: rhbz#2062315 [1:3.0.1-17] - Fix invocation of EVP_PKEY_CTX_set_rsa_padding(RSA_PKCS1_PSS_PADDING) before setting an allowed digest with EVP_PKEY_CTX_set_signature_md() - Skipping 3.0.1-16 due to version numbering confusion with the RHEL-9.0 branch - Resolves: rhbz#2062640 [1:3.0.1-15] - Allow SHA1 in SECLEVEL 2 if rh-allow-sha1-signatures = yes - Resolves: rhbz#2060510 [1:3.0.1-14] - Prevent use of SHA1 with ECDSA - Resolves: rhbz#2031742 [1:3.0.1-13] - OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters - Resolves: rhbz#1977867 [1:3.0.1-12] - Support KBKDF (NIST SP800-108) with an R value of 8bits - Resolves: rhbz#2027261 [1:3.0.1-11] - Allow SHA1 usage in MGF1 for RSASSA-PSS signatures - Resolves: rhbz#2031742 [1:3.0.1-10] - rebuilt [1:3.0.1-9] - Allow SHA1 usage in HMAC in TLS - Resolves: rhbz#2031742 [1:3.0.1-8] - OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters - Resolves: rhbz#1977867 - pkcs12 export broken in FIPS mode - Resolves: rhbz#2049265 [1:3.0.1-8] - Disable SHA1 signature creation and verification by default - Set rh-allow-sha1-signatures = yes to re-enable - Resolves: rhbz#2031742 [1:3.0.1-7] - s_server: correctly handle 2^14 byte long records - Resolves: rhbz#2042011 [1:3.0.1-6] - Adjust FIPS provider version - Related: rhbz#2026445 [1:3.0.1-5] - On the s390x, zeroize all the copies of TLS premaster secret - Related: rhbz#2040448 [1:3.0.1-4] - rebuilt [1:3.0.1-3] - KATS tests should be executed before HMAC verification - Restoring fips=yes for SHA1 - Related: rhbz#2026445, rhbz#2041994 [1:3.0.1-2] - Add enable-buildtest-c++ to the configure options. - Related: rhbz#1990814 [1:3.0.1-1] - Rebase to upstream version 3.0.1 - Fixes CVE-2021-4044 Invalid handling of X509_verify_cert() internal errors in libssl - Resolves: rhbz#2038910, rhbz#2035148 [1:3.0.0-7] - Remove algorithms we don't plan to certify from fips module - Remove native fipsmodule.cnf - Related: rhbz#2026445 [1:3.0.0-6] - openssl speed should run in FIPS mode - Related: rhbz#1977318 [1:3.0.0-5] - rebuilt for spec cleanup - Related: rhbz#1985362 [1:3.0.0-4] - Embed FIPS HMAC in fips.so - Enforce loading FIPS provider when FIPS kernel flag is on - Related: rhbz#1985362 [1:3.0.0-3] - Fix memory leak in s_client - Related: rhbz#1996092 [1:3.0.0-2] - Avoid double-free on error seeding the RNG. - KTLS and FIPS may interfere, so tests need to be tuned - Resolves: rhbz#1952844, rhbz#1961643 [1:3.0.0-1] - Rebase to upstream version 3.0.0 - Related: rhbz#1990814 [1:3.0.0-0.beta2.7] - Removes the dual-abi build as it not required anymore. The mass rebuild was completed and all packages are rebuilt against Beta version. - Resolves: rhbz#1984097 [1:3.0.0-0.beta2.6] - Correctly process CMS reading from /dev/stdin - Resolves: rhbz#1986315 [3.0.0-0.beta2.5] - Add instruction for loading legacy provider in openssl.cnf - Resolves: rhbz#1975836 [3.0.0-0.beta2.4] - Adds support for IDEA encryption. - Resolves: rhbz#1990602 [3.0.0-0.beta2.3] - Fixes core dump in openssl req -modulus - Fixes 'openssl req' to not ask for password when non-encrypted private key is used - cms: Do not try to check binary format on stdin and -rctform fix - Resolves: rhbz#1988137, rhbz#1988468, rhbz#1988137 [1:3.0.0-0.beta2.2.1] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [3.0.0-0.beta2.2] - When signature_algorithm extension is omitted, use more relevant alerts - Resolves: rhbz#1965017 [3.0.0-0.beta2.1] - Rebase to upstream version beta2 - Related: rhbz#1903209 [3.0.0-0.beta1.5] - Prevents creation of duplicate cert entries in PKCS #12 files - Resolves: rhbz#1978670 [3.0.0-0.beta1.4] - NVR bump to update to OpenSSL 3.0 Beta1 [3.0.0-0.beta1.3] - Update patch dual-abi.patch to add the #define macros in implementation files instead of public header files [3.0.0-0.beta1.2] - Removes unused patch dual-abi.patch [3.0.0-0.beta1.1] - Update to Beta1 version - Includes a patch to support dual-ABI, as Beta1 brekas ABI with alpha16 [3.0.0-0.alpha16.7] - Fixes override of openssl_conf in openssl.cnf - Use AI_ADDRCONFIG only when explicit host name is given - Temporarily remove fipsmodule.cnf for arch i686 - Fixes segmentation fault in BN_lebin2bn - Resolves: rhbz#1975847, rhbz#1976845, rhbz#1973477, rhbz#1975855 [3.0.0-0.alpha16.6] - Adds FIPS mode compatibility patch (sahana@redhat.com) - Related: rhbz#1977318 [3.0.0-0.alpha16.5] - Fixes system hang issue when booted in FIPS mode (sahana@redhat.com) - Temporarily disable downstream FIPS patches - Related: rhbz#1977318 [3.0.0-0.alpha16.4] - Speeding up building openssl (dbelyavs@redhat.com) Resolves: rhbz#1903209 [3.0.0-0.alpha16.3] - Fix reading SPKAC data from stdin - Fix incorrect OSSL_PKEY_PARAM_MAX_SIZE for ed25519 and ed448 - Return 0 after cleanup in OPENSSL_init_crypto() - Cleanup the peer point formats on regotiation - Fix default digest to SHA256 [3.0.0-0.alpha16.2] - Enable FIPS via config options [3.0.0-0.alpha16.1] - Update to alpha 16 version Resolves: rhbz#1952901 openssl sends alert after orderly connection close LOW Copyright 2023 Oracle, Inc. CVE-2022-3358 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:2:baseos_base cpe:/a:oracle:linux:9:2:appstream_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [3.5.3-4] - Resolves: CVE-2022-36227 LOW Copyright 2023 Oracle, Inc. CVE-2022-36227 cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9::baseos_developer cpe:/o:oracle:linux:9:3:baseos_base cpe:/o:oracle:linux:9:4:baseos_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base cpe:/o:oracle:linux:9:2:baseos_base cpe:/a:oracle:linux:9::codeready_builder_developer cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1.20.1-8.0.1] - Fixed race condition in krb5_set_password() [Orabug: 33609767] [1.20.1-8] - Fix datetime parsing in kadmin on s390x - Resolves: rhbz#2169985 [1.20.1-7] - Fix double free on kdb5_util key creation failure - Resolves: rhbz#2166603 [1.20.1-6] - Add support for MS-PAC extended KDC signature (CVE-2022-37967) - Resolves: rhbz#2165827 [1.20.1-5] - Bypass FIPS restrictions to use KRB5KDF in case AES SHA-1 HMAC is enabled - Lazily load MD4/5 from OpenSSL if using RADIUS or RC4 enctype in FIPS mode - Resolves: rhbz#2162461 [1.20.1-4] - Set aes256-cts-hmac-sha384-192 as EXAMLE.COM master key in kdc.conf - Add AES SHA-2 HMAC family as EXAMPLE.COM supported etypes in kdc.conf - Resolves: rhbz#2068535 [1.20.1-2] - Strip debugging data from ksu executable file - Resolves: rhbz#2159643 [1.20.1-1] - Make tests compatible with sssd-client - Resolves: rhbz#2151513 - Remove invalid password expiry warning - Resolves: rhbz#2121099 - Update error checking for OpenSSL CMS_verify - Resolves: rhbz#2063838 - New upstream version (1.20.1) - Resolves: rhbz#2016312 - Fix integer overflows in PAC parsing (CVE-2022-42898) - Resolves: rhbz#2140971 [1.19.1-23] - Fix kprop for propagating dump files larger than 4GB - Resolves: rhbz#2133014 [1.19.1-22] - Restore 'supportedCMSTypes' attribute in PKINIT preauth requests - Set SHA-512 or SHA-256 with RSA as preferred CMS signature algorithms - Resolves: rhbz#2068935 [1.19.1-21] - Fix libkrad client cleanup - Allow use of larger RADIUS attributes in krad library - Resolves: rhbz#2100351 [1.19.1-20] - Fix OpenSSL 3 MD5 encyption in FIPS mode - Allow libkrad UDP/TCP connection to localhost in FIPS mode - Resolves: rhbz#2068458 [1.19.1-19] - Use p11-kit as default PKCS11 module - Resolves: rhbz#2030981 [1.19.1-18] - Try harder to avoid password change replay errors - Resolves: rhbz#2075186 [1.19.1-15] - Use SHA-256 instead of SHA-1 for PKINIT CMS digest [1.19.1-14] - Bypass FIPS restrictions to use KRB5KDF in case AES SHA-1 HMAC is enabled - Lazily load MD4/5 from OpenSSL if using RADIUS or RC4 enctype in FIPS mode [1.19.1-13] - Remove -specs= from krb5-config output - Resolves #1997021 [1.19.1-12] - Fix KDC null deref on TGS inner body null server (CVE-2021-37750) - Resolves: #1997602 [1.19.1-11.1] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [1.19.1-11] - Fix KDC null deref on bad encrypted challenge (CVE-2021-36222) - Resolves: #1983733 [1.19.1-10] - Update OpenSSL 3 provider handling to clean up properly - Resolves: #1955873 [1.19.1-9] - Sync openssl3 patches with upstream - Resolves: #1955873 [1.19.1-8] - Rebuild for rpminspect and mass rebuild cleanup; no code changes - Resolves: #1967505 [1.19.1-7] - Fix several fallback canonicalization problems - Resolves: #1967505 [1.19.1-6.1] - Rebuilt for RHEL 9 BETA for openssl 3.0 - Resolves: rhbz#1971065 [1.19.1-6] - Backport KCM retrieval fixes - Resolves: #1956403 [1.19.1-5] - Fix DES3 mention in KDFs - Resolves: #1955873 [1.19.1-4] - Port to OpenSSL 3 (alpha 15) - Resolves: #1955873 [1.19.1-3.1] - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 MODERATE Copyright 2023 Oracle, Inc. CVE-2020-17049 cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9::baseos_developer cpe:/o:oracle:linux:9:2:baseos_base Oracle Linux 9 [5.4.4-3] - Apply upstream patch for CVE-2022-28805 LOW Copyright 2023 Oracle, Inc. CVE-2022-28805 cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_developer cpe:/o:oracle:linux:9:2:baseos_base cpe:/a:oracle:linux:9::codeready_builder_developer Oracle Linux 9 [0.31.1-65] - Resolves: rhbz#2121828 Fix the gating tests by using only local test Upstream testsuite will not work as this package code is very old [0.31.1-64] - Resolves: rhbz#2121828 CVE-2022-32323 - heap-buffer overflow via the ReadImage() at input-bmp.c MODERATE Copyright 2023 Oracle, Inc. CVE-2022-32323 cpe:/a:oracle:linux:9::codeready_builder_developer cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [2.0.2-4] - fix RHEL9.2 build - thanks to Debarshi Ray - Related: #2124478 [2.0.2-3] - rebuild - Resolves: #2037812 [2.0.2-2] - limit to golang arches only - Related: #2061316 * Thu Aug 04 2022 Jindrich Novy <jnovy@redhat.com> - update to 2.0.2 - Related: #2061316 [2.0.0-18.gitaf8da76] - fix gating.yaml as we have no functional gating tests - Related: #2000051 [2.0.0-17.gitaf8da76] - update gating.yaml and rebuild - Related: #2000051 [2.0.0-16.gitaf8da76] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 [2.0.0-15.gitaf8da76] - Resolves: #1975362 - enable additional hardening flags [2.0.0-14.gitaf8da76] - Resolves: #1975362 - enable full cf-protection for x86_64 [2.0.0-13.gitaf8da76] - Resolves: #1975362 - use latest upstream commit [2.0.0-12] - Resolves: #1975362 - add -fcf-protection to CGO_CFLAGS [2.0.0-11] - Resolves: #1975362 - add gating.yaml [2.0.0-10] - Resolves: #1975362 - build with CGO_CFLAGS defined MODERATE Copyright 2023 Oracle, Inc. CVE-2022-41715 cpe:/a:oracle:linux:9::codeready_builder_developer cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [8.0.32-1] - Update to MySQL 8.0.32 [8.0.31-1] - Update to MySQL 8.0.31 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-21865 CVE-2023-21880 CVE-2023-21883 CVE-2022-21604 CVE-2023-21867 CVE-2022-21640 CVE-2022-39400 CVE-2023-21871 CVE-2023-21881 CVE-2022-21625 CVE-2023-21917 CVE-2023-21887 CVE-2022-21611 CVE-2023-21864 CVE-2023-21869 CVE-2023-21870 CVE-2023-21873 CVE-2022-21608 CVE-2022-39408 CVE-2022-39410 CVE-2023-21877 CVE-2023-21912 CVE-2022-21594 CVE-2022-21599 CVE-2023-21874 CVE-2023-21836 CVE-2023-21868 CVE-2023-21878 CVE-2022-21617 CVE-2022-21633 CVE-2023-21875 CVE-2023-21876 CVE-2023-21882 CVE-2022-21632 CVE-2023-21863 CVE-2023-21879 CVE-2022-21637 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1:27.2-8.1] - Fix etags local command injection vulnerability (#2184369) - Fix htmlfontify.el command injection vulnerability (#2184368) - Fix ruby-mode.el local command injection vulnerability (#2184367) - Fix ob-latex.el command injection vulnerability (#2184377) [1:27.2-8] - Use a 64KB page size for pdump (#1979804) [1:27.2-7] - Fix ctags local command execute vulnerability (#2149387) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-48338 CVE-2023-2491 CVE-2022-48339 CVE-2022-48337 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base Oracle Linux 9 [4.9-2.0.1] - Add libreswan-oracle.patch to detect Oracle Linux distro [4.9-2] - Fix CVE-2023-23009: remote DoS via crafted TS payload with an incorrect selector length (rhbz#2173674) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-23009 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch Oracle Linux 9 [8.7p1-29] - Resolve possible self-DoS with some clients Resolves: rhbz#2186473 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-25136 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [7.76.1-23.el9_2.1] - fix FTP too eager connection reuse (CVE-2023-27535) [7.76.1-23] - fix HTTP multi-header compression denial of service (CVE-2023-23916) [7.76.1-22] - smb/telnet: fix use-after-free when HTTP proxy denies tunnel (CVE-2022-43552) [7.76.1-21] - fix POST following PUT confusion (CVE-2022-32221) [7.76.1-20] - control code in cookie denial of service (CVE-2022-35252) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-27535 cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch cpe:/o:oracle:linux:9::baseos_developer cpe:/o:oracle:linux:9:2:baseos_base Oracle Linux 9 [2.38.5-1.1] - Add patch for CVE-2023-28205 Resolves: #2185745 [2.38.5-1] - Update to 2.38.5 Related: #2127467 [2.38.4-1] - Update to 2.38.4 Related: #2127467 [2.38.3-1] - Update to 2.38.3 Related: #2127467 [2.38.2-1] - Update to 2.38.2 Related: #2127467 [2.38.1-2] - Fix use with aarch64 64 KiB page size Related: #2127467 [2.38.1-1] - Update to 2.38.1 Resolves: #2127467 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-2203 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base Oracle Linux 9 nodejs [1:18.14.2-2] - Provide simduft - Resolves: #2159389 [1:18.14.2-1] - Rebase to 18.14.2 - Resolves: #2159389 - Resolves: CVE-2022-25881, CVE-2022-4904, CVE-2023-23936, CVE-2023-24807 - Resolves: CVE-2023-23918, CVE-2023-23919, CVE-2023-23920 nodejs-nodemon [2.0.20-2] - Patch bundled glob-parent - Resolves: CVE-2021-35065 nodejs-packaging MODERATE Copyright 2023 Oracle, Inc. CVE-2021-35065 CVE-2023-23936 CVE-2023-23918 CVE-2022-25881 CVE-2022-4904 CVE-2023-23919 CVE-2023-23920 CVE-2023-24807 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 nodejs [1:16.19.1-1] - Rebase to 16.19.1 - Resolves: rhbz#2153714 - Resolves: CVE-2023-23918 CVE-2023-23919 CVE-2023-23936 CVE-2023-24807 CVE-2023-23920 - Resolves: CVE-2022-25881 CVE-2022-4904 nodejs-nodemon [2.0.20-3] - Patch bundled glob-parent - Resolves: CVE-2021-35065 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-25881 CVE-2023-24807 CVE-2023-23918 CVE-2022-4904 CVE-2023-23920 CVE-2023-23936 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 8 Oracle Linux 9 [12.1.1-2.0.4] - CVE-2023-4039 mitigation. Orabug 35752028. - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> LOW Copyright 2023 Oracle, Inc. CVE-2023-4039 cpe:/a:oracle:linux:9::developer cpe:/a:oracle:linux:8::developer Oracle Linux 9 [102.11.0-2.0.1] - Updated homepages to use https [Orabug: 34648274] [102.11.0-2] - Update to 102.11.0 build2 [102.11.0-1] - Update to 102.11.0 build1 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-32207 CVE-2023-32215 CVE-2023-32212 CVE-2023-32213 CVE-2023-32205 CVE-2023-32206 CVE-2023-32211 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch Oracle Linux 9 [1.6.1-20.1] - Resolves: #2196575 - CVE-2022-25147 apr-util: out-of-bounds writes in the apr_base64 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-25147 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch Oracle Linux 9 [4.9-4.0.1] - Add libreswan-oracle.patch to detect Oracle Linux distro [4.9-4] - Just bumping up the version as an incorrect 9.3 build was created. - Related: rhbz#2187171 [4.9-3] - Fix CVE-2023-30570:Malicious IKEv1 Aggressive Mode packets can crash libreswan - Resolves: rhbz#2187171 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-2295 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch Oracle Linux 9 [102.11.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.11.0-1] - Update to 102.11.0 build1 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-32213 CVE-2023-32215 CVE-2023-32205 CVE-2023-32212 CVE-2023-32206 CVE-2023-32211 CVE-2023-32207 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch Oracle Linux 9 [2.39.3-1] - Update to 2.39.3 - Resolves: #2188352, #2188361, #2189976, #2189977 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-25815 CVE-2023-25652 CVE-2023-22490 CVE-2023-23946 CVE-2023-29007 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9:2:appstream_patch Oracle Linux 9 [20230821] - Create new 20230821 release for OL9 which includes the following fixed CVEs: CVE-2019-14560 - Update to OpenSSL 1.1.1v which includes the following fixed CVEs: CVE-2023-3817 CVE-2023-3446 CVE-2023-2650 CVE-2023-0465 CVE-2023-0466 CVE-2023-0464 CVE-2023-0286 CVE-2023-0215 CVE-2022-4450 CVE-2022-4304 CVE-2022-2097 CVE-2022-2068 CVE-2022-1292 CVE-2022-0778 CVE-2021-4160 CVE-2021-3712 CVE-2021-3711 CVE-2021-3450 CVE-2021-3449 CVE-2021-23841 CVE-2021-23840 CVE-2020-1971 CVE-2020-1967 CVE-2019-1551 CVE-2019-1563 CVE-2019-1549 CVE-2019-1547 CVE-2019-1552 CVE-2019-1543 CVE-2018-0734 CVE-2018-0735 [20230613] - Create new 20230613.cvm release for OL9 [20230227] - Create new 20230227.cvm release for OL9 which includes the following fixed CVEs: CVE-2021-38578 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 CVE-2022-4304 cpe:/a:oracle:linux:9::developer_kvm_utils cpe:/a:oracle:linux:9::kvm_utils Oracle Linux 9 golang [1.19.9-2] - Fix TestEncryptOAEP and TLS failures in FIPS mode - Resolves: rhbz#2204476 [1.19.9-1] - Rebase to Go 1.19.9 - Resolves: rhbz#2204476 go-toolset [1.19.9-1] - Update to Go 1.19.9 - Related: rhbz#2204476 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-24540 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch Oracle Linux 9 [1.28.7-11.0.1] - header/footer not being printed in banner page. [Orabug: 28265099] (isaac.chen@oracle.com) - Fixes [Orabug: 29163824] source indentation not following convention (isaac.chen@oracle.com) [1.28.7-11.1] - CVE-2023-24805 cups-filters: remote code execution in cups-filters, beh CUPS backend IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-24805 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [2.38.5-1.2] - Add patch for CVE-2023-28204 Resolves: #2209747 - Add patch for CVE-2023-32373 Resolves: #2209730 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-32373 CVE-2023-28204 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch Oracle Linux 9 [1.17.1-5.1] - Resolves: rhbz#2209519 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service [rhel-9.2.0.z] IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-32067 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 nodejs [1:18.14.2-3] - Update bundled c-ares to 1.19.1 Resolves: CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-31130 CVE-2023-32067 CVE-2023-31147 CVE-2023-31124 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [6.0.118-1.0.1] - Add missing Oracle Linux Runtime IDs [6.0.118-1] - Update to .NET SDK 6.0.118 and Runtime 6.0.18 - Resolves: RHBZ#2212379 [6.0.117-1] - Update to .NET SDK 6.0.117 and Runtime 6.0.17 - Resolves: RHBZ#2190264 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-24936 CVE-2023-29337 CVE-2023-33128 CVE-2023-29331 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [3.11.2-2.1] - Security fix for CVE-2023-24329 Resolves: rhbz#2173917 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-24329 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1:16.19.1-2] - Update bundled c-ares to 1.19.1 Resolves: CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 [1:16.19.1-1] - Rebase to 16.19.1 - Resolves: rhbz#2153714 - Resolves: CVE-2023-23918 CVE-2023-23919 CVE-2023-23936 CVE-2023-24807 CVE-2023-23920 - Resolves: CVE-2022-25881 CVE-2022-4904 [1:16.18.1-3] - Update sources of undici WASM blobs Resolves: rhbz#2151617 [1:16.18.1-2] - Add back libs and v8-devel subpackages - Related: RHBZ#2121126 - Record previously fixed CVE - Resolves: CVE-2021-44906 [1:16.18.1-1] - Rebase + CVEs - Resolves: #2142808 - Resolves: #2142826, #2131745, #2142855 [16.17.1-1] - Rebase to version 16.17.1 Resolves: CVE-2022-35255 CVE-2022-35256 [16.16.0-1] - Rebase to version 16.16.0 Resolves: RHBZ#2106290 Resolves: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 Resolves: CVE-2022-29244 [16.14.0-5] - Decouple dependency bundling from bootstrapping IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-31124 CVE-2023-32067 CVE-2023-31147 CVE-2023-31130 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch Oracle Linux 9 [102.12.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.12.0-1] - Update to 102.12.0 build1 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-34414 CVE-2023-34416 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch Oracle Linux 9 [102.12.0-1.0.1] - Updated homepages to use https [Orabug: 34648274] [102.12.0-1] - Update to 102.12.0 build1 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-34416 CVE-2023-34414 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch Oracle Linux 9 [7.0.107-1.0.1] - Set TargetRid based on os release major version, add OL arm64 RuntimeIdentifier [Orabug: 34671152] [7.0.107-1] - Update to .NET SDK 7.0.107 and Runtime 7.0.7 - Resolves: RHBZ#2211877 [7.0.106-1] - Update to .NET SDK 7.0.106 and Runtime 7.0.6 - Resolves: RHBZ#2190269 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-24936 CVE-2023-32032 CVE-2023-29337 CVE-2023-29331 CVE-2023-33128 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [3.9.16-1.1] - Security fix for CVE-2023-24329 Resolves: rhbz#2173917 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-24329 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 8 Oracle Linux 9 [9:20200406-26] - Resolves: #2209872, CVE-2023-32700 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-32700 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 9 [4.4.0-8] - Fix CVE-2023-0800 CVE-2023-0801 CVE-2023-0802 CVE-2023-0803 CVE-2023-0804 CVE-2023-0795 CVE-2023-0796 CVE-2023-0797 CVE-2023-0798 CVE-2023-0799 CVE-2022-48281 - Resolves: CVE-2023-0800 CVE-2023-0801 CVE-2023-0802 CVE-2023-0803 CVE-2023-0804 CVE-2023-0795 CVE-2023-0796 CVE-2023-0797 CVE-2023-0798 CVE-2023-0799 CVE-2022-48281 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-0800 CVE-2023-0802 CVE-2023-0796 CVE-2023-0795 CVE-2023-0804 CVE-2023-0803 CVE-2023-0797 CVE-2023-0798 CVE-2023-0799 CVE-2022-48281 CVE-2023-0801 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [13.11-1.0.1] - Fixed postgresql port binding issue during bootup [Orabug: 35420628] [13.11-1] - Update to 13.11 - Resolves: #2207935 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-2454 CVE-2023-2455 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [9.0.0-10.2.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] [9.0.0-10.2.el9_2] - virpci: Resolve leak in virPCIVirtualFunctionList cleanup (CVE-2023-2700, rhbz#2208596) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-2700 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [3.0.7-16.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.7-16] - Fix possible DoS translating ASN.1 object identifiers Resolves: CVE-2023-2650 - Release the DRBG in global default libctx early Resolves: rhbz#2211396 [1:3.0.7-15.1] - Re-enable DHX keys in FIPS mode, disable FIPS 186-4 parameter validation and generation in FIPS mode Resolves: rhbz#2178030 [1:3.0.7-15] - Enforce using EMS in FIPS mode - alerts tuning Related: rhbz#2157951 [1:3.0.7-14] - Input buffer over-read in AES-XTS implementation on 64 bit ARM Resolves: rhbz#2188554 [1:3.0.7-13] - Enforce using EMS in FIPS mode Resolves: rhbz#2157951 - Fix excessive resource usage in verifying X509 policy constraints Resolves: rhbz#2186661 - Fix invalid certificate policies in leaf certificates check Resolves: rhbz#2187429 - Certificate policy check not enabled Resolves: rhbz#2187431 - OpenSSL rsa_verify_recover key length checks in FIPS mode Resolves: rhbz#2186819 [1:3.0.7-12] - Change explicit FIPS indicator for RSA decryption to unapproved Resolves: rhbz#2179379 [1:3.0.7-11] - Add missing reference to patchfile to add explicit FIPS indicator to RSA encryption and RSASVE and fix the gettable parameter list for the RSA asymmetric cipher implementation. Resolves: rhbz#2179379 [1:3.0.7-10] - Add explicit FIPS indicator to RSA encryption and RSASVE Resolves: rhbz#2179379 [1:3.0.7-9] - Fix explicit FIPS indicator for X9.42 KDF when used with output lengths < 14 bytes Resolves: rhbz#2175864 [1:3.0.7-8] - Fix Wpointer-sign compiler warning Resolves: rhbz#2178034 [1:3.0.7-7] - Add explicit FIPS indicators to key derivation functions Resolves: rhbz#2175860 rhbz#2175864 - Zeroize FIPS module integrity check MAC after check Resolves: rhbz#2175873 - Add explicit FIPS indicator for IV generation in AES-GCM Resolves: rhbz#2175868 - Add explicit FIPS indicator for PBKDF2, use test vector with FIPS-compliant salt in PBKDF2 FIPS self-test Resolves: rhbz#2178137 - Limit RSA_NO_PADDING for encryption and signature in FIPS mode Resolves: rhbz#2178029 - Pairwise consistency tests should use Digest+Sign/Verify Resolves: rhbz#2178034 - Forbid DHX keys import in FIPS mode Resolves: rhbz#2178030 - DH PCT should abort on failure Resolves: rhbz#2178039 - Increase RNG seeding buffer size to 32 Related: rhbz#2168224 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-2650 CVE-2023-0465 CVE-2023-0464 CVE-2023-0466 CVE-2023-1255 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 - [5.14.0-284.18.1_2] - cifs: fix wrong unlock before return from cifs_tree_connect() - docs: Remove the unnecessary unicode character - perf vendor events intel: Refresh ivytown metrics and events - perf vendor events: Update Intel ivytown - perf vendor events intel: Refresh jaketown metrics and events - perf vendor events: Update Intel jaketown - NFSD: RHEL-only bug introduced in fix for COMMIT and NFS4ERR_DELAY loop - NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop - workqueue: Fix isolated CPUs interference problem - sched/core: Fix arch_scale_freq_tick() on tickless systems - ice: no busy waiting in GNSS thread and for SQ commands - wdat_wdt: avoid watchdog timeout during reboot - hugetlbfs: don't delete error page from pagecache - mm/filemap: fix page end in filemap_get_read_batch - isched/deadline: Add more reschedule cases to prio_changed_dl() - sched/rt: Fix bad task migration for rt tasks - blk-mq: directly poll requests - KVM: VMX: Fix crash due to uninitialized current_vmcs - wifi: iwlwifi: mvm: protect TXQ list manipulation - crypto: jitter - permanent and intermittent health errors - cpufreq: intel_pstate: hybrid: Use known scaling factor for P-cores - cpufreq: intel_pstate: Read all MSRs on the target CPU - cpufreq: intel_pstate: Enable HWP IO boost for all servers - crypto: qat: Update QAT drivers upto v6.2 - info/owners.yaml: Adjust intel_qat subsystem entry - net: tls: fix possible race condition between do_tls_getsockopt_conf and do_tls_setsockopt_conf() {CVE-2023-28466} - i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() {CVE-2023-2194} - xfs: verify buffer contents when we skip log replay {CVE-2023-2124} - bluetooth: Perform careful capability checks in hci_sock_ioctl() {CVE-2023-2002} - netfilter: nf_tables: deactivate anonymous set from preparation phase {CVE-2023-32233} - perf: Fix check before add_event_to_groups() in perf_group_detach() {CVE-2023-2235} IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-2235 CVE-2023-2194 CVE-2023-2124 CVE-2023-28466 CVE-2023-2002 CVE-2023-32233 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [590-2] - Fix CVE-2022-46663 - Resolves: CVE-2022-46663 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-46663 cpe:/o:oracle:linux:9:3:baseos_base cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 golang [1.19.10-1.0.1] - New Go version 1.19.10 [CVE-2023-29402] [CVE-2023-29403] [CVE-2023-29404] [CVE-2023-29405] go-toolset [1.19.10-1.0.1] - New Go version 1.19.10 [CVE-2023-29402] [CVE-2023-29403] [CVE-2023-29404] [CVE-2023-29405] CRITICAL Copyright 2023 Oracle, Inc. CVE-2023-29402 CVE-2023-29405 CVE-2023-29403 CVE-2023-29404 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch Oracle Linux 9 [12.1.5-1.0.2] - [CISA Major Incident] CVE-2023-20867 open-vm-tools: authentication bypass vulnerability in the vgauth module LOW Copyright 2023 Oracle, Inc. CVE-2023-20867 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch Oracle Linux 9 [9.0.9-3] - resolve CVE-2023-3128 grafana: Remove Email Lookup from oauth integrations (rhbz#2213701 rhbz#2213626) CRITICAL Copyright 2023 Oracle, Inc. CVE-2023-3128 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch Oracle Linux 9 [7.0.109-1.0.1] - Set TargetRid based on os release major version, add OL arm64 RuntimeIdentifier [Orabug: 34671152] [7.0.109-1] - Update to .NET SDK 7.0.109 and Runtime 7.0.9 - Resolves: RHBZ#2219632 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-33170 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [6.0.120-1.0.1] - Add missing Oracle Linux Runtime IDs [6.0.120-1] - Update to .NET SDK 6.0.120 and Runtime 6.0.20 - Resolves: RHBZ#2219637 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-33170 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [102.13.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.13.0-2] - Update to 102.13.0 build2 [102.13.0-1] - Update to 102.13.0 build1 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-37207 CVE-2023-37201 CVE-2023-37211 CVE-2023-37208 CVE-2023-37202 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch Oracle Linux 9 [102.13.0-2.0.1] - Updated homepages to use https [Orabug: 34648274] [102.13.0-2] - Update to 102.13.0 build2 [102.13.0-1] - Update to 102.13.0 build1 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-37207 CVE-2023-37211 CVE-2023-37202 CVE-2023-37208 CVE-2023-37201 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch Oracle Linux 9 [32:9.16.23-11.1] - Improve RBT overmem cache cleaning (CVE-2023-2828) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-2828 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1:11.0.20.0.8-2.0.1] - Add Oracle vendor bug URL [Orabug: 34340155] - Fix tzdata requirement copy-and-paste error that led to two BuildRequires and no Requires [1:11.0.20.0.8-2] - Bump release number so we are newer than 9.0 - Related: rhbz#2221106 [1:11.0.20.0.8-1] - Update to jdk-11.0.20.0+8 (GA) - Update release notes to 11.0.20.0+8 - Drop local inclusion of JDK-8274864 & JDK-8305113 as they are included in 11.0.20+1 - Bump tzdata requirement to 2023c now it is available in the buildroot - Bump bundled LCMS version to 2.15 as in jdk-11.0.20+1. - Bump bundled HarfBuzz version to 7.0.1 as in jdk-11.0.20+7 - Use tapsets from the misc tarball - Introduce 'prelease' for the portable release versioning, to handle EA builds - Make sure root installation directory is created first - Use in-place substitution for all but the first of the tapset changes - Sync the copy of the portable specfile with the latest update - Add note at top of spec file about rebuilding - ** This tarball is embargoed until 2023-07-18 @ 1pm PT. ** - Resolves: rhbz#2217715 - Resolves: rhbz#2221106 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-22036 CVE-2023-22041 CVE-2023-22049 CVE-2023-22006 CVE-2023-25193 CVE-2023-22045 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1:17.0.8.0.7-2.0.1] - OpenJDK: ZIP file parsing infinite loop (8302483) (CVE-2023-22036) - OpenJDK: weakness in AES implementation (8308682) (CVE-2023-22041) - OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049) - harfbuzz: OpenJDK: O(n^2) growth via consecutive marks (CVE-2023-25193) - OpenJDK: HTTP client insufficient file name validation (8302475) (CVE-2023-22006) - OpenJDK: modulo operator array indexing issue (8304460) (CVE-2023-22044) - OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045) - Add Oracle vendor bug URL [Orabug: 34340155] [1:17.0.8.0.6-0.1.ea] - Update to jdk-17.0.8+6 (EA) - Sync the copy of the portable specfile with the latest update - Resolves: rhbz#2217716 [1:17.0.8.0.1-0.1.ea] - Update to jdk-17.0.8+1 (EA) - Update release notes to 17.0.8+1 - Switch to EA mode - Drop local inclusion of JDK-8274864 & JDK-8305113 as they are included in 17.0.8+1 - Bump bundled LCMS version to 2.15 as in jdk-17.0.8+1. - Bump bundled HarfBuzz version to 7.0.1 as in jdk-17.0.8+1 - Use tapsets from the misc tarball - Introduce 'prelease' for the portable release versioning, to handle EA builds - Make sure root installation directory is created first - Use in-place substitution for all but the first of the tapset changes - Related: rhbz#2217716 [1:17.0.7.0.7-4] - Introduce vm_variant global for consistency with future JDK builds - Related: rhbz#2203412 [1:17.0.7.0.7-4] - Exclude classes_nocoops.jsa on i686 and arm32 - Related: rhbz#2203412 [1:17.0.7.0.7-4] - Following JDK-8005165, class data sharing can be enabled on all JIT architectures - Related: rhbz#2203412 [1:17.0.7.0.7-4] - Fix packaging of CDS archives - Resolves: rhbz#2203412 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-22045 CVE-2023-22036 CVE-2023-22049 CVE-2023-22006 CVE-2023-22041 CVE-2023-22044 CVE-2023-25193 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1:1.8.0.382.b05-2.0.1] - Add Oracle vendor bug URL [Orabug: 34340155] [1:1.8.0.382.b05-2] - CVE-2023-22045 and CVE-2023-22049 fixed - Release bump for Oracle rebuild [1:1.8.0.382.b05-1] - Update to shenandoah-jdk8u372-b05 (GA) - Update release notes for shenandoah-8u372-b05. - ** This tarball is embargoed until 2023-07-18 @ 1pm PT. ** - Resolves: rhbz#2221106 [1:1.8.0.382.b04-0.1.ea] - Update to shenandoah-jdk8u382-b04 (EA) - Update release notes for shenandoah-8u382-b04. - Related: rhbz#2221106 [1:1.8.0.382.b01-0.1.ea] - Update to shenandoah-jdk8u382-b01 (EA) - Update release notes for shenandoah-8u382-b01. - Switch to EA mode. - Remove JDK-8271199 patch which is now upstream. - Related: rhbz#2221106 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-22045 CVE-2023-22049 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [2.38.5-1.3] - Disable JIT (CVE-2023-32435, CVE-2023-32439) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-32439 CVE-2023-32435 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch Oracle Linux 9 [4.17.5-103.0.1] - Fix memleak in _nss_winbind_initgroups_dyn [Orabug: 34994509] [4.17.5-103] - resolves: rhbz#2223600 - Fix trust relationship between workstation and DC - resolves: rhbz#2222895 - Fix CVE-2023-3347 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-3347 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 pgaudit pg_repack postgres-decoderbufs postgresql [15.3-1] - update to 15.3 - Fixes CVE-2023-2454 and CVE-2023-2455 Resolves: #2214875 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-2455 CVE-2023-2454 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 nodejs [1:18.16.1-1] - Rebase to 18.16.1 Resolves: rhbz#2188292 rhbz#2187683 Resolves: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 - Replace /usr/etc/npmrc symlink with builtin configuration Resolves: rhbz#2222285 nodejs-nodemon nodejs-packaging MODERATE Copyright 2023 Oracle, Inc. CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 CVE-2023-30581 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [1:16.20.1-1] - Rebase to 16.20.1 Resolves: rhbz#2188291 Resolves: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 - Replace /usr/etc/npmrc symlink with builtin configuration Resolves: rhbz#2177781 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-30588 CVE-2023-30581 CVE-2023-30590 CVE-2023-30589 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch Oracle Linux 9 [0.4.1-3] - Fix stack-based buffer overflow in read_file(). Resolves: #2212467 (CVE-2023-22652) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-22652 cpe:/o:oracle:linux:9:3:baseos_base cpe:/a:oracle:linux:9::distro_builder cpe:/o:oracle:linux:9:4:baseos_base cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [2.9.13-3.1] - Fix CVE-2023-28484 (#2186694) - Fix CVE-2023-29469 (#2186694) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-29469 CVE-2023-28484 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [2.25.1-7] - Security fix for CVE-2023-32681 Resolves: rhbz#2209469 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-32681 cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_base cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [7.76.1-23.el9_2.2] - unify the upload/method handling (CVE-2023-28322) - fix host name wildcard checking (CVE-2023-28321) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-28321 CVE-2023-28322 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [5.14.0-284.25.1.0.1_2] - Fix KVM: x86/mmu: Fix race condition in direct_page_fault [Orabug: 35673032] {CVE-2022-45869} [5.14.0-284.25.1_2] - KVM: x86/mmu: Fix race condition in direct_page_fault - prlimit: do_prlimit needs to have a speculation check {CVE-2023-0458} - x86/speculation: Allow enabling STIBP with legacy IBRS {CVE-2023-1998} - ipvlan: Fix out of bounds caused by unclear skb->cb {CVE-2023-3090} - net/sched: flower: fix possible OOB write in fl_set_geneve_opt {CVE-2023-35788} IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-0458 CVE-2023-35788 CVE-2022-45869 CVE-2023-3090 CVE-2023-1998 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [0.6.1-13] - CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE Resolves: rhbz#2223308 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-37464 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch Oracle Linux 9 [8.7p1-30] - Avoid remote code execution in ssh-agent PKCS#11 support Resolves: CVE-2023-38408 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-38408 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [102.14.0-1.0.1] - Updated homepages to use https [Orabug: 34648274] [102.14.0-1] - Update to 102.14.0 build1 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-4047 CVE-2023-4057 CVE-2023-4050 CVE-2023-4048 CVE-2023-4056 CVE-2023-4049 CVE-2023-4046 CVE-2023-4055 CVE-2023-4045 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch Oracle Linux 9 [102.14.0-1.0.1] - Update to 102.14.0 build1 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-4049 CVE-2023-4056 CVE-2023-4046 CVE-2023-4047 CVE-2023-4057 CVE-2023-4045 CVE-2023-4050 CVE-2023-3417 CVE-2023-4048 CVE-2023-4055 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch Oracle Linux 9 [1:1.12.20-7.0.1.1] - Fix CVE-2023-34969 (#2213402) [1.12.20-7.0.1] - fix netlink poll: error 4 (Zhenzhong Duan) [1:1.12.20-7] - Fix CVE-2022-42010 (#2133647) - Fix CVE-2022-42011 (#2133641) - Fix CVE-2022-42012 (#2133635) [1:1.12.20-6] - Override upstream sysusers.d confguration (#2118226) [1:1.12.20-5] - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-34969 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [3.9-10] - Fixes CVE-2023-38403 Resolves: rhbz#2223676 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-38403 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [1.66.1-2] - rust-cargo: cargo does not respect the umask when extracting dependencies (CVE-2023-38497) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-38497 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [7.0.110-1.0.1] - Update to .NET SDK 7.0.110 and Runtime 7.0.10 - Resolves: RHBZ#2228571 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-38180 CVE-2023-35390 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [6.0.121-1.0.1] - Update to .NET SDK 6.0.121 and Runtime 6.0.21 - Resolves: RHBZ#2228567 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-35390 CVE-2023-38180 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1:2.3.3op2-16.1] - CVE-2023-32360 cups: Information leak through Cups-Get-Document operation IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-32360 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [102.15.0-1.0.1] - Update to 102.15.0 build1 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-4573 CVE-2023-4577 CVE-2023-4578 CVE-2023-4051 CVE-2023-4581 CVE-2023-4583 CVE-2023-4574 CVE-2023-4585 CVE-2023-4053 CVE-2023-4580 CVE-2023-4575 CVE-2023-4584 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [102.15.0-1.0.1] - Update to 102.15.0 build2 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-4573 CVE-2023-4585 CVE-2023-4574 CVE-2023-4578 CVE-2023-4583 CVE-2023-4051 CVE-2023-4577 CVE-2023-4581 CVE-2023-4580 CVE-2023-4584 CVE-2023-4053 CVE-2023-4575 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1.3.3-10.el9_2.1] - don't free memory that is still used after realloc() error (CVE-2020-22219) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2020-22219 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [1:3.3-7.1] - Resolves: CVE-2023-30630 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-30630 cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [20230516-999.27.git6c9e0ed5.el9] - Update firmware for qat_4xxx devices (Orabug: 35811008) [20230516-999.26.git6c9e0ed5.el9] - Run dracut -f in %posttrans instead of %post (Orabug: 35661938) - Drop latest AMD microcode commits to family 19 file to include Milan microcode but not Genoa (Orabug: 35708511) [20230516-999.25.git6c9e0ed5.el9] - Add missing amd-ucode/ files to nano and core rpm (Orabug: 35642190) - Add posttrans scriptlet to reload microcode on AMD (Orabug: 35636951) - Recreate initramfs for AMD systems (Orabug: 35636951) [20230516-999.24.git6c9e0ed5.el7] - 8a07fa49 linux-firmware: Update AMD fam19h cpu microcode (Orabug: 35659485) [20230516-999.23.git6c9e0ed5.el9] - Firmware files need to be uncompressed for early kernel load to work - Resolves Zenbleed (Orabug: 35650345) {CVE-2023-20593} MODERATE Copyright 2023 Oracle, Inc. CVE-2023-20593 cpe:/o:oracle:linux:9:3:baseos_base cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 - [5.14.0-284.30.0.1_2.OL9] - x86/tsx: Add a feature bit for TSX control MSR support {CVE-2023-1637} - x86/speculation: Restore speculation related MSRs {CVE-2023-1637} - x86/pm: Save the MSR validity status at context setup {CVE-2023-1637} - x86/pm: Fix false positive kmemleak report in msr_build_context() {CVE-2023-1637} - x86/cpu: Restore AMD's DE_CFG MSR after resume {CVE-2023-1637} - x86/pm: Add enumeration check before spec MSRs {CVE-2023-1637} - arm64: efi: Execute runtime services from a dedicated {CVE-2023-21102} - netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE {CVE-2023-3390} - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain {CVE-2023-3390} - netfilter: nf_tables: unbind non-anonymous set if rule construction fails {CVE-2023-3390} - netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID {CVE-2023-4147} - netfilter: nf_tables: do not ignore genmask when looking up chain by id {CVE-2023-31248} - netfilter: nf_tables: prevent OOB access in nft_byteorder_eval {CVE-2023-35001} - netfilter: nft_set_pipapo: fix improper element removal {CVE-2023-4004} - net/sched: cls_fw: Fix improper refcount update leads to use-after-free {CVE-2023-3776} IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-1637 CVE-2023-3776 CVE-2023-21102 CVE-2023-4147 CVE-2023-3390 CVE-2023-31248 CVE-2023-4004 CVE-2023-35001 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [2.48-9] - Fix integer overflow in _libcap_strdup() (CVE-2023-2603) Resolves: rhbz#2210638 - Correctly check pthread_create() return value to avoid memory leak (CVE-2023-2602) Resolves: rhbz#2222198 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-2602 CVE-2023-2603 cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_base cpe:/o:oracle:linux:9:4:baseos_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [6.5.2-6] - Fix registrar is subject to a DoS against SSL (CVE-2023-38200) Resolves: rhbz#2222694 - Fix challenge-protocol bypass during agent registration (CVE-2023-38201) Resolves: rhbz#2222695 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-38201 CVE-2023-38200 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [2.50.7-1.el9_2.1] - Fix CVE-2023-38633 (#2224947) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-38633 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [7.2.0-14.el9_2.5] - rhel guest failed boot with multi disks on error Failed to start udev Wait for Complete Device Initialization - CVE-2023-3354 QEMU: VNC: improper I/O watch removal in TLS handshake can lead to remote unauthenticated denial of service - hotplug/hotunplug mlx vdpa device to the occupied addr port, then qemu core dump occurs after shutdown guest IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-3354 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [6.0.122-1.0.1] - Update to .NET SDK 6.0.122 and Runtime 6.0.22 - Resolves: RHEL-1997 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-36799 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [7.0.111-1.0.1] - Update to .NET SDK 7.0.111 and Runtime 7.0.11 - Resolves: RHEL-2000 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-36799 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [8.3.1-5.2] - Fix for CVE-2023-38802 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-38802 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [102.15.1-1.0.1] - Update to 102.15.1 build2 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-4863 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1.2.0-7] - Added fix for CVE-2023-4863 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-4863 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [102.15.1-1.0.1] - Update to 102.15.1 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-4863 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [12.1.5-1.0.2.3] - Resolves: RHEL-4584 (CVE-2023-20900 open-vm-tools: SAML token signature bypass IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-20900 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 nodejs [1:18.17.1-1] - Rebase to version 18.17.1 Resolves: rhbz#2228940 Resolves: CVE-2023-32002 CVE-2023-32006 CVE-2023-32559 - Specify proper OpenSSL configuration section build Related: rhbz#2226726 nodejs-nodemon [3.0.1-1] - Rebase to 3.0.1 - Resolves: CVE-2022-25883 nodejs-packaging IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-32006 CVE-2023-32002 CVE-2022-25883 CVE-2023-32559 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [115.3.1-1.0.1] - Update to 115.3.1 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-5169 CVE-2023-5176 CVE-2023-3600 CVE-2023-5217 CVE-2023-5171 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [115.3.1-1.0.1] - Update to 115.3.1 build1 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-5169 CVE-2023-5217 CVE-2023-5171 CVE-2023-5176 CVE-2023-3600 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [2.34-60.0.3.7] - CVE-2023-4527: Stack read overflow in getaddrinfo in no-aaa mode (#2234716). - CVE-2203-4806: potential use-after-free in getaddrinfo. - CVE-2023-4813: potential use-after-free in gaih_inet. Reviewed by: Jose E. Marchesi <jose.marchesi@oracle.com> IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-4813 CVE-2023-4806 CVE-2023-4527 CVE-2023-4911 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [3.11.2-2.2] - Security fix for CVE-2023-40217 Resolves: rhbz#2235789 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-40217 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [9.54.0-10] - fix for CVE-2023-36664 - Resolves: rhbz#2217798 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-36664 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [3.9.16-1.2] - Security fix for CVE-2023-40217 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-40217 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [1:16.20.2-1] - Update to 16.20.2-1 Resolves CVE-2023-32002 CVE-2023-32006 CVE-2023-32559 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-32002 CVE-2023-32006 CVE-2023-32559 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1.9.0-7] - Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217) Resolves: rhbz#2241191 - crash related to VP9 encoding in libvpx (CVE-2023-44488) Resolves: rhbz#2241806 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-44488 CVE-2023-5217 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 galera [26.4.14-1.0.1] - Rebase to 26.4.14 [26.4.13-1.0.1] - Rebase to 26.4.13 [26.4.12-1.0.1] - Rebase to 26.4.12 mariadb [3:10.5.22-1] - Rebase to 10.5.22 [3:10.5.21-1] - Rebase to version 10.5.21 [3:10.5.20-2] - Use _fortify_level to disable fortification in debug builds [3:10.5.20-1] - Rebase to version 10.5.20 [3:10.5.18-1] - Rebase to 10.5.18 - OpenSSL 3 patch upstreamed IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-32081 CVE-2022-47015 CVE-2022-32089 CVE-2022-32082 CVE-2023-5157 CVE-2022-38791 CVE-2022-32084 CVE-2022-32091 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [32:9.16.23-11.2] - stack exhaustion in control channel code may lead to DoS (CVE-2023-3341) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-3341 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [6.0.123-1.0.1] - Update to .NET SDK 6.0.123 and Runtime 6.0.23 - Resolves: RHEL-11696 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-44487 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1:1.20.1-14.0.1.1] - Resolves: RHEL-12518 - nginx: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-44487 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [1:1.8.0.392.b08-3.0.1] - Update to shenandoah-jdk8u392-b08 (GA) - OpenJDK: segmentation fault in ciMethodBlocks (CVE-2022-40433) - OpenJDK: IOR deserialization issue in CORBA (8303384) (CVE-2023-22067) - OpenJDK: certificate path validation issue during client authentication (8309966) (CVE-2023-22081) - A maximum signature file size property, jdk.jar.maxSignatureFileSize, was introduced in the 8u382 release of OpenJDK by JDK-8300596, with a default of 8 MB. This default proved to be too small for some JAR files. This release, 8u392, increases it to 16 MB. (RHEL-13593) MODERATE Copyright 2023 Oracle, Inc. CVE-2022-40433 CVE-2023-22081 CVE-2023-22067 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 golang [1.19.13-1] - Update to go 1.19.13 [CVE-2023-44487] [CVE-2023-39325] [CVE-2023-29409] go-toolset [1.19.13-1] - Update to Go version 1.19.13 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-39325 CVE-2023-29409 CVE-2023-44487 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1:11.0.21.0.9-2.0.1] - Add Oracle vendor bug URL [Orabug: 34340155] - Update to jdk-11.0.21+9 (GA) - Update release notes to 11.0.21+9 - OpenJDK: certificate path validation issue during client authentication (8309966) (CVE-2023-22081) - OpenJDK: Additional zip64 files validation (8313765) (RHBZ#2237170) - OpenJDK: Print an exception when encountering null addresses while producing thread dumps (8243210) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-22081 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [7.0.112-1.0.1] - Update to .NET SDK 7.0.112 and Runtime 7.0.12 - Resolves: RHEL-11698 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-44487 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1:17.0.9.0.9-2.0.1] - Update to jdk-17.0.9+9 (GA) - Update release notes to 17.0.9+9 - OpenJDK: memory corruption issue on x86_64 with AVX-512 (JDK-8317121) (CVE-2023-22025) - OpenJDK: certificate path validation issue during client authentication (JDK-8309966) (CVE-2023-22081) - OpenJDK: Additional zip64 files validation (JDK-8313765) (RHBZ#2237170) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-22081 CVE-2023-22025 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [7.76.1-23.el9_2.4] - curl: a heap-based buffer overflow in the SOCKS5 proxy handshake (CVE-2023-38545) - curl: cookie injection with none file (CVE-2023-38546) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-38546 CVE-2023-38545 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [1:16.20.2-3.0.1] - Update nghttp2 to 1.57.0 Resolves: CVE-2023-44487 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-44487 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [1.43.0-5.1] - fix HTTP/2 Rapid Reset (CVE-2023-44487) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-44487 cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 nodejs [1:18.18.2-2] - Rebase to version 18.18.2 Resolves: CVE-2023-44487 CVE-2023-45143 CVE-2023-38552 CVE-2023-39333 nodejs-nodemon [3.0.1-1] - Rebase to 3.0.1 - Resolves: CVE-2022-25883 nodejs-packaging [2021.06-4] - NPM bundler: also find namespaced bundled dependencies [2021.06-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild [2021.06-2] - Fix hard-coded output directory in the bundler [2021.06-1] - Update to 2021.06-1 - bundler: Handle archaic license metadata - bundler: Warn about bundled dependencies with no license metadata [2021.01-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild [2021.01-2] - nodejs-packaging-bundler improvements to handle uncommon characters [2021.01] - Add nodejs-packaging-bundler and update README.md [2020.09-1] - Move to dist-git as the upstream [25-1] - Fix incorrect bundled library detection for Requires [24-1] - Check node_modules_prod for bundled dependencies [23-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [23-3] - Drop Requires: nodejs(engine) [23-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-44487 CVE-2023-39333 CVE-2023-38552 CVE-2023-45143 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [9.0.9-4] - Resolve CVE-2023-44487 Rapid Reset Attack - Resolve CVE-2023-39325 rapid stream resets can cause excessive work MODERATE Copyright 2023 Oracle, Inc. CVE-2023-39325 CVE-2023-44487 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [6.6.2-3.el9_2.1] - Add parameters h2_rst_allowance and h2_rst_allowance_period to mitigate CVE-2023-44487 - Resolves: RHEL-12818 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-44487 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [8.0.30-1] - rebase to 8.0.30 - Resolves: RHEL-11946 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-0567 CVE-2023-0662 CVE-2023-0568 CVE-2023-3247 CVE-2023-3823 CVE-2023-3824 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [1:9.0.62-11.3] - HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-44487 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1:1.22.1-3.0.1.1] - Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (CVE-2023-44487) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-44487 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [9.2-2] - Rebase to ntfs-3g 2022.10.3 - Fixes: CVE-2022-40284 - resolves: rhbz#2236130 LOW Copyright 2023 Oracle, Inc. CVE-2022-40284 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [115.4.0-1.0.1] - Update to 115.4.0 build1 - Add fix for CVE-2023-44488 - Set homepage from os-release HOME_URL IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-5732 CVE-2023-5725 CVE-2023-5730 CVE-2023-5728 CVE-2023-5721 CVE-2023-5724 CVE-2023-44488 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [115.4.1-1.0.1] - Update to 115.4.1 build1 - Add fix for CVE-2023-44488 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-5721 CVE-2023-5730 CVE-2023-5725 CVE-2023-5728 CVE-2023-5732 CVE-2023-44488 CVE-2023-5724 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [6.0.124-1.0.1] - Update to .NET SDK 6.0.124 and Runtime 6.0.24 - Resolves: RHEL-14462 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-36799 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [7.0.113-1.0.1] - Update to .NET SDK 7.0.113 and Runtime 7.0.13 - Resolves: RHEL-14467 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-36799 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [9.54.0-11] - fix for CVE-2023-43115 - Resolves: rhbz#2241108 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-43115 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [7:5.5-5.el9_2.1] - Improve HTTP chunked encoding compliance (CVE-2023-46846) - Fix stack buffer overflow when parsing Digest Authorization (CVE-2023-46847) - Fix userinfo percent-encoding (CVE-2023-46848) CRITICAL Copyright 2023 Oracle, Inc. CVE-2023-46847 CVE-2023-46848 CVE-2023-46846 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [0.11.6-3] - Refreshing any page in pcs-web-ui no longer causes it to display a blank page - Resolves: rhbz#2222788 [0.11.6-2] - Added BuildRequires: debugedit - for generating MiniDebugInfo - triggered by removing find-debuginfo.sh from rpm - Make use of filters when extracting tarballs to enhance security if provided by Python (pcs config restore command) - Exporting constraints with rules in form of pcs commands now escapes # and fixes spaces in dates to make the commands valid - Constraints containing options unsupported by pcs are not exported and a warning is printed instead - Using spaces in dates in location constraint rules is deprecated - Resolves: rhbz#2163953 rhbz#2216434 rhbz#2217850 rhbz#2219407 [0.11.6-1] - Rebased to the latest upstream sources (see CHANGELOG.md) - Updated bundled rubygems: puma, tilt - Resolves: rhbz#1465829 rhbz#2163440 rhbz#2168155 [0.11.5-2] - Fixed a regression causing crash in pcs resource move command (broken since pcs-0.11.5) - Resolves: rhbz#2210855 [0.11.5-1] - Rebased to the latest upstream sources (see CHANGELOG.md) - Updated pcs-web-ui - Updated bundled dependencies: tornado, dacite - Added bundled rubygems: nio4r, puma - Removed bundled rubygems: daemons, eventmachine, thin, webrick - Updated bundled rubygems: backports, rack, rack-protection, rack-test, sinatra, tilt - Added dependency nss-tools - for working with qdevice certificates - Resolves: rhbz#1423473 rhbz#1860626 rhbz#2160664 rhbz#2163440 rhbz#2163914 rhbz#2163953 rhbz#2168155 rhbz#2168617 rhbz#2174735 rhbz#2174829 rhbz#2175881 rhbz#2177996 rhbz#2178701 rhbz#2178714 rhbz#2179902 rhbz#2180379 rhbz#2182810 LOW Copyright 2023 Oracle, Inc. CVE-2022-38900 cpe:/a:oracle:linux:9::addons Oracle Linux 9 [22.3.1-4] - Use tarfile.data_filter for extracting (CVE-2007-4559, PEP-721, PEP-706) Resolves: RHBZ#2218247 [22.3.1-3] - Fix changelog to contain Fedora contributors Resolves: RHEL-232 MODERATE Copyright 2023 Oracle, Inc. CVE-2007-4559 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [20230524-3] - edk2-OvmfPkg-AmdSev-fix-BdsPlatform.c-assertion-failure-d.patch [bz#2190244] - edk2-OvmfPkg-IoMmuDxe-add-locking-to-IoMmuAllocateBounceB.patch [bz#2211060] - edk2-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch [bz#2218196] - Resolves: bz#2190244 ([EDK2] [AMDSERVER 9.3 Bug] OVMF AP Creation Fixes) - Resolves: bz#2211060 (SEV-es guest randomly stuck at boot to hard drive screen from powerdown and boot again) - Resolves: bz#2218196 (Add vtpm devices with OVMF.amdsev.fd causes VM reset) [20230524-2] - edk2-ArmVirt-add-VirtioSerialDxe-to-ArmVirtQemu-builds.patch [RHEL-643] - edk2-ArmVirt-PlatformBootManagerLib-factor-out-IsVirtio.patch [RHEL-643] - edk2-ArmVirt-PlatformBootManagerLib-factor-out-IsVirtioPc.patch [RHEL-643] - edk2-ArmVirt-PlatformBootManagerLib-set-up-virtio-serial-.patch [RHEL-643] - edk2-OvmfPkg-VirtioSerialDxe-use-TPL_NOTIFY.patch [RHEL-643] - edk2-OvmfPkg-VirtioSerialDxe-Remove-noisy-debug-print-on-.patch [RHEL-643] - edk2-OvmfPkg-PlatformInitLib-limit-phys-bits-to-46.patch [bz#2174749] - edk2-Revert-OvmfPkg-disable-dynamic-mmio-window-rhel-only.patch [bz#2174749] - edk2-UefiCpuPkg-MpInitLib-fix-apic-mode-for-cpu-hotplug.patch [bz#2124143] - edk2-OvmfPkg-PlatformInitLib-check-PcdUse1GPageTable.patch [RHEL-644] - edk2-OvmfPkg-OvmfPkgIa32X64-enable-1G-pages.patch [RHEL-644] - edk2-OvmfPkg-MicrovmX64-enable-1G-pages.patch [RHEL-644] - Resolves: RHEL-643 (add virtio serial support to armvirt) - Resolves: bz#2174749 ([edk2] re-enable dynamic mmio window) - Resolves: bz#2124143 (ovmf must consider max cpu count not boot cpu count for apic mode [rhel-9]) - Resolves: RHEL-644 (enable gigabyte pages) [20230524-1] - Rebase to edk2-stable202305 tag [RHEL-585] Resolves: RHEL-585 ([rhel-9.3] rebase EDK2 to edk2-stable202305) [20230301gitf80f052277c8-5] - edk2-dbx-update-2023-05-09-black-lotus-edition.patch [RHEL-470] - edk2-json-descriptors-explicitly-set-mode-split.patch [RHEL-469] - Resolves: RHEL-470 (edk2: update variable store with latest dbx updates (may 9, black lotus edition)) - Resolves: RHEL-469 (explicitly set mode = split in firmware json description files) [20230301gitf80f052277c8-4] - edk2-OvmfPkg-Clarify-invariants-for-NestedInterruptTplLib.patch [bz#2189136] - edk2-OvmfPkg-Relax-assertion-that-interrupts-do-not-occur.patch [bz#2189136] - Resolves: bz#2189136 (windows 11 installation broken with edk2-20230301gitf80f052277c8-1.el9) [20230301gitf80f052277c8-3] - edk2-add-aarch64-qcow2-images.patch [bz#2186754] - edk2-update-json-files.patch [bz#2186754] - edk2-add-libvirt-version-conflict.patch [bz#2186754] - edk2-add-dbx-update-blob-rh-only.patch [RHEL-377] - edk2-spec-apply-dbx-update-rh-only.patch [RHEL-377] - Resolves: bz#2186754 (edk2: Add firmware images in qcow2 format) - Resolves: RHEL-377 (edk2: ship secure build variable store with latest dbx updates) [20230301gitf80f052277c8-2] - edk2-build-script-update.patch [bz#2183230] - edk2-PcdDxeNxMemoryProtectionPolicy-update.patch [bz#2183230] - Resolves: bz#2183230 ([edk2] Instruction abort exception when booting a VM) [20230301gitf80f052277c8-1] - Rebase to edk2-stable202302 [RHEL-266] - Resolves: RHEL-266 (rebase edk2 to 2023-02 stable tag) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-2650 CVE-2019-14560 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1.20.11-19] - Backport fix for a deadlock with DRI3 Resolves: rhbz#2192550 [1.20.11-18] - CVE fix for: CVE-2023-1393 Resolves: rhbz#2180297 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-1393 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [22.1.9-2] - Rebuild (#2158761) [22.1.9-1] - xwayland 22.1.9 (#2158761) [21.1.3-8] - Fix CVE-2023-1393 (#2180299) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-1393 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::distro_builder Oracle Linux 9 [0.20.2-6] - Fix CVE-2021-32142 Resolves: #2172140 MODERATE Copyright 2023 Oracle, Inc. CVE-2021-32142 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::distro_builder cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [2:1.13.3-1] - update to https://github.com/containers/skopeo/releases/tag/v1.13.3 - Related: #2176063 [2:1.13.2-1] - update to https://github.com/containers/skopeo/releases/tag/v1.13.2 - Related: #2176063 [2:1.13.1-1] - update to https://github.com/containers/skopeo/releases/tag/v1.13.1 - Related: #2176063 [2:1.13.0-1] - update to https://github.com/containers/skopeo/releases/tag/v1.13.0 - Related: #2176063 [2:1.12.0-3] - rebuild for following CVEs: CVE-2022-41724 CVE-2022-41725 CVE-2023-24537 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539 CVE-2023-24540 CVE-2023-29400 - Resolves: #2179967 - Resolves: #2187323 - Resolves: #2187384 - Resolves: #2203703 - Resolves: #2207523 [2:1.12.0-2] - remove fakeroot from skopeo-tests - Related: #2176063 [2:1.12.0-1] - update to 1.12.0 - Related: #2176063 [2:1.11.3-0.1] - update to the latest content of https://github.com/containers/skopeo/tree/release-1.11 (https://github.com/containers/skopeo/commit/d79588e) - Related: #2176063 [2:1.11.2-0.2] - update to the latest content of https://github.com/containers/skopeo/tree/release-1.11 (https://github.com/containers/skopeo/commit/8191ef3) - Related: #2176063 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-24536 CVE-2023-24538 CVE-2022-41723 CVE-2023-24540 CVE-2022-41724 CVE-2023-29406 CVE-2023-24534 CVE-2023-24537 CVE-2022-41725 CVE-2023-24539 CVE-2023-29400 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [2.4.9.4-4] Resolves: rhbz#2189268 - auth_openidc.conf mode 0640 by default [2.4.9.4-3] - Resolves: rhbz#2184145 - CVE-2023-28625 NULL pointer dereference when OIDCStripCookies is set and a crafted Cookie header is supplied [2.4.9.4-2] - Resolves: rhbz#2153656 - CVE-2022-23527 - Open Redirect in oidc_validate_redirect_url() using tab character MODERATE Copyright 2023 Oracle, Inc. CVE-2023-28625 CVE-2022-23527 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [8.0.0-16.el9_3] - kvm-migration-Add-migration-prefix-to-functions-in-targe.patch [bz#2229868] - kvm-migration-Move-more-initializations-to-migrate_init.patch [bz#2229868] - kvm-migration-Add-.save_prepare-handler-to-struct-SaveVM.patch [bz#2229868] - kvm-vfio-migration-Block-VFIO-migration-with-postcopy-mi.patch [bz#2229868] - Resolves: bz#2229868 ([vfio migration]Disable postcopy for VM with migratable vfio device) [8.0.0-15.el9_3] - kvm-io-remove-io-watch-if-TLS-channel-is-closed-during-h.patch [bz#2216504] - Resolves: bz#2216504 (CVE-2023-3354 qemu-kvm: QEMU: VNC: improper I/O watch removal in TLS handshake can lead to remote unauthenticated denial of service [rhel-9.3.0]) [8.0.0-13] - kvm-vdpa-return-errno-in-vhost_vdpa_get_vring_group-erro.patch [RHEL-923] - kvm-vdpa-move-CVQ-isolation-check-to-net_init_vhost_vdpa.patch [RHEL-923] - kvm-vdpa-use-first-queue-SVQ-state-for-CVQ-default.patch [RHEL-923] - kvm-vdpa-export-vhost_vdpa_set_vring_ready.patch [RHEL-923] - kvm-vdpa-rename-vhost_vdpa_net_load-to-vhost_vdpa_net_cv.patch [RHEL-923] - kvm-vdpa-move-vhost_vdpa_set_vring_ready-to-the-caller.patch [RHEL-923] - kvm-vdpa-remove-net-cvq-migration-blocker.patch [RHEL-923] - Resolves: RHEL-923 (vhost shadow virtqueue: state restore through CVQ) [8.0.0-12] - kvm-target-i386-allow-versioned-CPUs-to-specify-new-cach.patch [bz#2094913] - kvm-target-i386-Add-new-EPYC-CPU-versions-with-updated-c.patch [bz#2094913] - kvm-target-i386-Add-a-couple-of-feature-bits-in-8000_000.patch [bz#2094913] - kvm-target-i386-Add-feature-bits-for-CPUID_Fn80000021_EA.patch [bz#2094913] - kvm-target-i386-Add-missing-feature-bits-in-EPYC-Milan-m.patch [bz#2094913] - kvm-target-i386-Add-VNMI-and-automatic-IBRS-feature-bits.patch [bz#2094913] - kvm-target-i386-Add-EPYC-Genoa-model-to-support-Zen-4-pr.patch [bz#2094913] - Resolves: bz#2094913 (Add EPYC-Genoa CPU model in qemu) [8.0.0-11] - kvm-block-blkio-enable-the-completion-eventfd.patch [bz#2225354 bz#2225439] - kvm-block-blkio-do-not-use-open-flags-in-qemu_open.patch [bz#2225354 bz#2225439] - kvm-block-blkio-move-blkio_connect-in-the-drivers-functi.patch [bz#2225354 bz#2225439] - kvm-block-blkio-retry-blkio_connect-if-it-fails-using-fd.patch [bz#2225354 bz#2225439] - kvm-block-blkio-fall-back-on-using-path-when-fd-setting-.patch [bz#2225354 bz#2225439] - kvm-block-blkio-use-blkio_set_int-fd-to-check-fd-support.patch [bz#2225354 bz#2225439] - kvm-hw-virtio-iommu-Fix-potential-OOB-access-in-virtio_i.patch [bz#2229133] - kvm-virtio-iommu-Standardize-granule-extraction-and-form.patch [bz#2229133] - kvm-hw-arm-smmu-Handle-big-endian-hosts-correctly.patch [bz#2229133] - kvm-qapi-i386-sev-Change-the-reduced-phys-bits-value-fro.patch [bz#2214839] - kvm-qemu-options.hx-Update-the-reduced-phys-bits-documen.patch [bz#2214839] - kvm-i386-sev-Update-checks-and-information-related-to-re.patch [bz#2214839] - kvm-i386-cpu-Update-how-the-EBX-register-of-CPUID-0x8000.patch [bz#2214839] - kvm-Provide-elf2dmp-binary-in-qemu-tools.patch [bz#2165917] - Resolves: bz#2225354 ([vdpa-blk] The new driver virtio-blk-vhost-user not work in VM booting) - Resolves: bz#2225439 ([vdpa-blk] read-only=on option not work on driver virtio-blk-vhost-vdpa) - Resolves: bz#2229133 (Backport some virtio-iommu and smmu fixes) - Resolves: bz#2214839 ([AMDSERVER 9.3 Bug] Qemu SEV reduced-phys-bits fixes) - Resolves: bz#2165917 (qemu-kvm: contrib/elf2dmp: Windows Server 2022 support) [8.0.0-10] - kvm-util-iov-Make-qiov_slice-public.patch [bz#2174676] - kvm-block-Collapse-padded-I-O-vecs-exceeding-IOV_MAX.patch [bz#2174676] - kvm-util-iov-Remove-qemu_iovec_init_extended.patch [bz#2174676] - kvm-iotests-iov-padding-New-test.patch [bz#2174676] - kvm-block-Fix-pad_request-s-request-restriction.patch [bz#2174676] - kvm-vdpa-do-not-block-migration-if-device-has-cvq-and-x-.patch [RHEL-573] - kvm-virtio-net-correctly-report-maximum-tx_queue_size-va.patch [bz#2040509] - kvm-hw-pci-Disable-PCI_ERR_UNCOR_MASK-reg-for-machine-ty.patch [bz#2223691] - kvm-vhost-vdpa-mute-unaligned-memory-error-report.patch [bz#2141965] - Resolves: bz#2174676 (Guest hit EXT4-fs error on host 4K disk when repeatedly hot-plug/unplug running IO disk [RHEL9]) - Resolves: RHEL-573 ([mlx vhost_vdpa][rhel 9.3]live migration fail with 'net vdpa cannot migrate with CVQ feature') - Resolves: bz#2040509 ([RFE]:Add support for changing 'tx_queue_size' to a setable value) - Resolves: bz#2223691 ([machine type 9.2]Failed to migrate VM from RHEL 9.3 to RHEL 9.2) - Resolves: bz#2141965 ([TPM][vhost-vdpa][rhel9.2]Boot a guest with 'vhost-vdpa + TPM emulator', qemu output: qemu-kvm: vhost_vdpa_listener_region_add received unaligned region) [8.0.0-9] - kvm-scsi-fetch-unit-attention-when-creating-the-request.patch [bz#2176702] - kvm-scsi-cleanup-scsi_clear_unit_attention.patch [bz#2176702] - kvm-scsi-clear-unit-attention-only-for-REPORT-LUNS-comma.patch [bz#2176702] - kvm-s390x-ap-Wire-up-the-device-request-notifier-interfa.patch [RHEL-794] - kvm-multifd-Create-property-multifd-flush-after-each-sec.patch [bz#2196295] - kvm-multifd-Protect-multifd_send_sync_main-calls.patch [bz#2196295] - kvm-multifd-Only-flush-once-each-full-round-of-memory.patch [bz#2196295] - kvm-net-socket-prepare-to-cleanup-net_init_socket.patch [RHEL-582] - kvm-net-socket-move-fd-type-checking-to-its-own-function.patch [RHEL-582] - kvm-net-socket-remove-net_init_socket.patch [RHEL-582] - kvm-pcie-Add-hotplug-detect-state-register-to-cmask.patch [bz#2215819] - kvm-spec-Build-DBUS-display.patch [bz#2207940] - Resolves: bz#2176702 ([RHEL9][virtio-scsi] scsi-hd cannot hot-plug successfully after hot-plug it repeatly) - Resolves: RHEL-794 (Backport s390x fixes from QEMU 8.1) - Resolves: bz#2196295 (Multifd flushes its channels 10 times per second) - Resolves: RHEL-582 ([passt][rhel 9.3] qemu core dump occurs when guest is shutdown after hotunplug/hotplug a passt interface) - Resolves: bz#2215819 (Migration test failed while guest with PCIe devices) - Resolves: bz#2207940 ([RFE] Enable qemu-ui-dbus subpackage) [8.0.0-8] - kvm-virtio-iommu-Fix-64kB-host-page-size-VFIO-device-ass.patch [bz#2211609 bz#2211634] - kvm-virtio-iommu-Rework-the-traces-in-virtio_iommu_set_p.patch [bz#2211609 bz#2211634] - kvm-vfio-pci-add-support-for-VF-token.patch [bz#2192818] - kvm-vfio-migration-Skip-log_sync-during-migration-SETUP-.patch [bz#2192818] - kvm-vfio-pci-Static-Resizable-BAR-capability.patch [bz#2192818] - kvm-vfio-pci-Fix-a-use-after-free-issue.patch [bz#2192818] - kvm-util-vfio-helpers-Use-g_file_read_link.patch [bz#2192818] - kvm-migration-Make-all-functions-check-have-the-same-for.patch [bz#2192818] - kvm-migration-Move-migration_properties-to-options.c.patch [bz#2192818] - kvm-migration-Add-switchover-ack-capability.patch [bz#2192818] - kvm-migration-Implement-switchover-ack-logic.patch [bz#2192818] - kvm-migration-Enable-switchover-ack-capability.patch [bz#2192818] - kvm-vfio-migration-Refactor-vfio_save_block-to-return-sa.patch [bz#2192818] - kvm-vfio-migration-Store-VFIO-migration-flags-in-VFIOMig.patch [bz#2192818] - kvm-vfio-migration-Add-VFIO-migration-pre-copy-support.patch [bz#2192818] - kvm-vfio-migration-Add-support-for-switchover-ack-capabi.patch [bz#2192818] - kvm-vfio-Implement-a-common-device-info-helper.patch [bz#2192818] - kvm-hw-vfio-pci-quirks-Support-alternate-offset-for-GPUD.patch [bz#2192818] - kvm-vfio-pci-Call-vfio_prepare_kvm_msi_virq_batch-in-MSI.patch [bz#2192818] - kvm-vfio-migration-Reset-bytes_transferred-properly.patch [bz#2192818] - kvm-vfio-migration-Make-VFIO-migration-non-experimental.patch [bz#2192818] - kvm-vfio-pci-Fix-a-segfault-in-vfio_realize.patch [bz#2192818] - kvm-vfio-pci-Free-leaked-timer-in-vfio_realize-error-pat.patch [bz#2192818] - kvm-hw-vfio-pci-quirks-Sanitize-capability-pointer.patch [bz#2192818] - kvm-vfio-pci-Disable-INTx-in-vfio_realize-error-path.patch [bz#2192818] - kvm-vfio-migration-Change-vIOMMU-blocker-from-global-to-.patch [bz#2192818] - kvm-vfio-migration-Free-resources-when-vfio_migration_re.patch [bz#2192818] - kvm-vfio-migration-Remove-print-of-Migration-disabled.patch [bz#2192818] - kvm-vfio-migration-Return-bool-type-for-vfio_migration_r.patch [bz#2192818] - kvm-vfio-Fix-null-pointer-dereference-bug-in-vfio_bars_f.patch [bz#2192818] - kvm-pc-bios-s390-ccw-Makefile-Use-z-noexecstack-to-silen.patch [bz#2220866] - kvm-pc-bios-s390-ccw-Fix-indentation-in-start.S.patch [bz#2220866] - kvm-pc-bios-s390-ccw-Provide-space-for-initial-stack-fra.patch [bz#2220866] - kvm-pc-bios-s390-ccw-Don-t-use-__bss_start-with-the-larl.patch [bz#2220866] - kvm-ui-Fix-pixel-colour-channel-order-for-PNG-screenshot.patch [bz#2222579] - kvm-block-blkio-fix-module_block.py-parsing.patch [bz#2213317] - kvm-Fix-virtio-blk-vhost-vdpa-typo-in-spec-file.patch [bz#2213317] - Resolves: bz#2211609 (With virtio-iommu and vfio-pci, qemu reports 'warning: virtio-iommu page mask 0xfffffffffffff000 does not match 0x40201000') - Resolves: bz#2211634 ([aarch64] With virtio-iommu and vfio-pci, qemu coredump when host using kernel-64k package) - Resolves: bz#2192818 ([VFIO LM] Live migration) - Resolves: bz#2220866 (Misaligned symbol for s390-ccw image during qemu-kvm build) - Resolves: bz#2222579 (PNG screendump doesn't save screen correctly) - Resolves: bz#2213317 (Enable libblkio-based block drivers in QEMU) [8.0.0-7] - kvm-numa-Validate-cluster-and-NUMA-node-boundary-if-requ.patch [bz#2171363] - kvm-hw-arm-Validate-cluster-and-NUMA-node-boundary.patch [bz#2171363] - kvm-hw-arm-virt-Validate-cluster-and-NUMA-node-boundary-.patch [bz#2171363] - kvm-vhost-fix-vhost_dev_enable_notifiers-error-case.patch [RHEL-330] - kvm-kvm-reuse-per-vcpu-stats-fd-to-avoid-vcpu-interrupti.patch [bz#2218644] - kvm-vhost-vdpa-do-not-cleanup-the-vdpa-vhost-net-structu.patch [bz#2128929] - Resolves: bz#2171363 ([aarch64] Kernel hits Call trace with irregular CPU-to-NUMA association) - Resolves: RHEL-330 ([virtual network][qemu-kvm-8.0.0-rc1]qemu core dump: qemu-kvm: ../softmmu/memory.c:2592: void memory_region_del_eventfd(MemoryRegion *, hwaddr, unsigned int, _Bool, uint64_t, EventNotifier *): Assertion i != mr->ioeventfd_nb' failed) - Resolves: bz#2218644 (query-stats QMP command interrupts vcpus, the Max Latencies could be more than 100us (rhel 9.3.0 clone)) - Resolves: bz#2128929 ([rhel9.2] hotplug/hotunplug mlx vdpa device to the occupied addr port, then qemu core dump occurs after shutdown guest) [8.0.0-6] - kvm-target-i386-add-support-for-FLUSH_L1D-feature.patch [bz#2216201] - kvm-target-i386-add-support-for-FB_CLEAR-feature.patch [bz#2216201] - kvm-block-blkio-use-qemu_open-to-support-fd-passing-for-.patch [bz#2180076] - kvm-qapi-add-fdset-feature-for-BlockdevOptionsVirtioBlkV.patch [bz#2180076] - kvm-Enable-libblkio-block-drivers.patch [bz#2213317] - Resolves: bz#2216201 ([qemu-kvm]VM reports vulnerabilty to mmio_stale_data on patched host with microcode) - Resolves: bz#2180076 ([qemu-kvm] support fd passing for libblkio QEMU BlockDrivers) - Resolves: bz#2213317 (Enable libblkio-based block drivers in QEMU) [8.0.0-5] - kvm-block-compile-out-assert_bdrv_graph_readable-by-defa.patch [bz#2186725] - kvm-graph-lock-Disable-locking-for-now.patch [bz#2186725] - kvm-nbd-server-Fix-drained_poll-to-wake-coroutine-in-rig.patch [bz#2186725] - kvm-iotests-Test-commit-with-iothreads-and-ongoing-I-O.patch [bz#2186725] - kvm-memory-prevent-dma-reentracy-issues.patch [RHEL-516] - kvm-async-Add-an-optional-reentrancy-guard-to-the-BH-API.patch [RHEL-516] - kvm-checkpatch-add-qemu_bh_new-aio_bh_new-checks.patch [RHEL-516] - kvm-hw-replace-most-qemu_bh_new-calls-with-qemu_bh_new_g.patch [RHEL-516] - kvm-lsi53c895a-disable-reentrancy-detection-for-script-R.patch [RHEL-516] - kvm-bcm2835_property-disable-reentrancy-detection-for-io.patch [RHEL-516] - kvm-raven-disable-reentrancy-detection-for-iomem.patch [RHEL-516] - kvm-apic-disable-reentrancy-detection-for-apic-msi.patch [RHEL-516] - kvm-async-avoid-use-after-free-on-re-entrancy-guard.patch [RHEL-516] - kvm-loongarch-mark-loongarch_ipi_iocsr-re-entrnacy-safe.patch [RHEL-516] - kvm-memory-stricter-checks-prior-to-unsetting-engaged_in.patch [RHEL-516] - kvm-lsi53c895a-disable-reentrancy-detection-for-MMIO-reg.patch [RHEL-516] - kvm-hw-scsi-lsi53c895a-Fix-reentrancy-issues-in-the-LSI-.patch [RHEL-516] - kvm-hw-pci-Disable-PCI_ERR_UNCOR_MASK-register-for-machi.patch [bz#2189423] - kvm-multifd-Fix-the-number-of-channels-ready.patch [bz#2196289] - kvm-util-async-teardown-wire-up-query-command-line-optio.patch [bz#2168500] - kvm-s390x-pv-Fix-spurious-warning-with-asynchronous-tear.patch [bz#2168500] - Resolves: bz#2186725 (Qemu hang when commit during fio running(iothread enable)) - Resolves: RHEL-516 (CVE-2023-2680 qemu-kvm: QEMU: hcd-ehci: DMA reentrancy issue (incomplete fix for CVE-2021-3750) [rhel-9]) - Resolves: bz#2189423 (Failed to migrate VM from rhel 9.3 to rhel 9.2) - Resolves: bz#2196289 (Fix number of ready channels on multifd) - Resolves: bz#2168500 ([IBM 9.3 FEAT] KVM: Improve memory reclaiming for z15 Secure Execution guests - qemu part) [8.0.0-4] - kvm-migration-Attempt-disk-reactivation-in-more-failure-.patch [bz#2058982] - kvm-util-mmap-alloc-qemu_fd_getfs.patch [bz#2057267] - kvm-vl.c-Create-late-backends-before-migration-object.patch [bz#2057267] - kvm-migration-postcopy-Detect-file-system-on-dest-host.patch [bz#2057267] - kvm-migration-mark-mixed-functions-that-can-suspend.patch [bz#2057267] - kvm-postcopy-ram-do-not-use-qatomic_mb_read.patch [bz#2057267] - kvm-migration-remove-extra-whitespace-character-for-code.patch [bz#2057267] - kvm-migration-Merge-ram_counters-and-ram_atomic_counters.patch [bz#2057267] - kvm-migration-Update-atomic-stats-out-of-the-mutex.patch [bz#2057267] - kvm-migration-Make-multifd_bytes-atomic.patch [bz#2057267] - kvm-migration-Make-dirty_sync_missed_zero_copy-atomic.patch [bz#2057267] - kvm-migration-Make-precopy_bytes-atomic.patch [bz#2057267] - kvm-migration-Make-downtime_bytes-atomic.patch [bz#2057267] - kvm-migration-Make-dirty_sync_count-atomic.patch [bz#2057267] - kvm-migration-Make-postcopy_requests-atomic.patch [bz#2057267] - kvm-migration-Rename-duplicate-to-zero_pages.patch [bz#2057267] - kvm-migration-Rename-normal-to-normal_pages.patch [bz#2057267] - kvm-migration-rename-enabled_capabilities-to-capabilitie.patch [bz#2057267] - kvm-migration-Pass-migrate_caps_check-the-old-and-new-ca.patch [bz#2057267] - kvm-migration-move-migration_global_dump-to-migration-hm.patch [bz#2057267] - kvm-spice-move-client_migrate_info-command-to-ui.patch [bz#2057267] - kvm-migration-Create-migrate_cap_set.patch [bz#2057267] - kvm-migration-Create-options.c.patch [bz#2057267] - kvm-migration-Move-migrate_colo_enabled-to-options.c.patch [bz#2057267] - kvm-migration-Move-migrate_use_compression-to-options.c.patch [bz#2057267] - kvm-migration-Move-migrate_use_events-to-options.c.patch [bz#2057267] - kvm-migration-Move-migrate_use_multifd-to-options.c.patch [bz#2057267] - kvm-migration-Move-migrate_use_zero_copy_send-to-options.patch [bz#2057267] - kvm-migration-Move-migrate_use_xbzrle-to-options.c.patch [bz#2057267] - kvm-migration-Move-migrate_use_block-to-options.c.patch [bz#2057267] - kvm-migration-Move-migrate_use_return-to-options.c.patch [bz#2057267] - kvm-migration-Create-migrate_rdma_pin_all-function.patch [bz#2057267] - kvm-migration-Move-migrate_caps_check-to-options.c.patch [bz#2057267] - kvm-migration-Move-qmp_query_migrate_capabilities-to-opt.patch [bz#2057267] - kvm-migration-Move-qmp_migrate_set_capabilities-to-optio.patch [bz#2057267] - kvm-migration-Move-migrate_cap_set-to-options.c.patch [bz#2057267] - kvm-migration-Move-parameters-functions-to-option.c.patch [bz#2057267] - kvm-migration-Use-migrate_max_postcopy_bandwidth.patch [bz#2057267] - kvm-migration-Move-migrate_use_block_incremental-to-opti.patch [bz#2057267] - kvm-migration-Create-migrate_throttle_trigger_threshold.patch [bz#2057267] - kvm-migration-Create-migrate_checkpoint_delay.patch [bz#2057267] - kvm-migration-Create-migrate_max_cpu_throttle.patch [bz#2057267] - kvm-migration-Move-migrate_announce_params-to-option.c.patch [bz#2057267] - kvm-migration-Create-migrate_cpu_throttle_initial-to-opt.patch [bz#2057267] - kvm-migration-Create-migrate_cpu_throttle_increment-func.patch [bz#2057267] - kvm-migration-Create-migrate_cpu_throttle_tailslow-funct.patch [bz#2057267] - kvm-migration-Move-migrate_postcopy-to-options.c.patch [bz#2057267] - kvm-migration-Create-migrate_max_bandwidth-function.patch [bz#2057267] - kvm-migration-Move-migrate_use_tls-to-options.c.patch [bz#2057267] - kvm-migration-Move-qmp_migrate_set_parameters-to-options.patch [bz#2057267] - kvm-migration-Allow-postcopy_ram_supported_by_host-to-re.patch [bz#2057267] - kvm-block-bdrv-blk_co_unref-for-calls-in-coroutine-conte.patch [bz#2185688] - kvm-block-Don-t-call-no_coroutine_fns-in-qmp_block_resiz.patch [bz#2185688] - kvm-iotests-Use-alternative-CPU-type-that-is-not-depreca.patch [bz#2185688] - kvm-iotests-Test-resizing-image-attached-to-an-iothread.patch [bz#2185688] - kvm-Enable-Linux-io_uring.patch [bz#1947230] - Resolves: bz#2058982 (Qemu core dump if cut off nfs storage during migration) - Resolves: bz#2057267 (Migration with postcopy fail when vm set with shared memory) - Resolves: bz#2185688 ([qemu-kvm] no response with QMP command block_resize) - Resolves: bz#1947230 (Enable QEMU support for io_uring in RHEL9) [8.0.0-3] - kvm-migration-Handle-block-device-inactivation-failures-.patch [bz#2058982] - kvm-migration-Minor-control-flow-simplification.patch [bz#2058982] - Resolves: bz#2058982 (Qemu core dump if cut off nfs storage during migration) [8.0.0-2] - kvm-acpi-pcihp-allow-repeating-hot-unplug-requests.patch [bz#2087047] - kvm-hw-acpi-limit-warning-on-acpi-table-size-to-pc-machi.patch [bz#1934134] - kvm-hw-acpi-Mark-acpi-blobs-as-resizable-on-RHEL-pc-mach.patch [bz#1934134] - Resolves: bz#2087047 (Disk detach is unsuccessful while the guest is still booting) - Resolves: bz#1934134 (ACPI table limits warning when booting guest with 512 VCPUs) [8.0.0-1] - Rebase to QEMU 8.0.0 - Resolves: bz#2180898 (Rebase to QEMU 8.0.0 for RHEL 9.3.0) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-2680 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 adwaita-qt [1.4.2-1] - 1.4.2 Resolves: bz#2175754 python-pyqt5-sip [12.11.1-1] - 12.11.1 Resolves: bz#2188589 python-qt5 [5.15.9-1] - 5.15.9 Resolves: bz#2175758 qgnomeplatform [0.9.0-1] - 0.9.0 Resolves: bz#2175753 qt5 [5.15.9-1] - 5.15.9 Resolves: bz#2175724 qt5-doc [5.15.9-1] - 5.15.9 Resolves: bz#2175726 qt5-qt3d [5.15.9-1] - 5.15.9 Resolves: bz#2175729 qt5-qtbase [5.15.9-7] - Fix infinite loops in QXmlStreamReader (CVE-2023-38197) Resolves: bz#2222771 [5.15.9-6] - Don't allow remote attacker to bypass security restrictions caused by flaw in certificate validation (CVE-2023-34410) (version #2) Resolves: bz#2212754 [5.15.9-5] - Don't allow remote attacker to bypass security restrictions caused by flaw in certificate validation (CVE-2023-34410) Resolves: bz#2212754 [5.15.9-4] - Fix specific overflow in qtextlayout - Fix incorrect parsing of the strict-transport-security (HSTS) header - Fix buffer over-read via a crafted reply from a DNS server Resolves: bz#2209492 [5.15.9-3] - Rebuild (elfutils#2188064) Resolves: bz#2175727 [5.15.9-2] - Disable tests failing in gating Resolves: bz#2175727 [5.15.9-1] - 5.15.9 + sync with Fedora Resolves: bz#2175727 qt5-qtconnectivity [5.15.9-2] - Rebuild (elfutils#2188064) Resolves: bz#2175730 [5.15.9-1] - 5.15.9 Resolves: bz#2175730 qt5-qtdeclarative [5.15.9-3] - Rebuild (elfutils#2188064) Resolves: bz#2175728 [5.15.9-2] - Disable tests failing in gating Resolves: bz#2175728 [5.15.9-1] - 5.15.9 + sync with Fedora Resolves: bz#2178624 Resolves: bz#2175728 qt5-qtdoc [5.15.9-1] - 5.15.9 Resolves: bz#2175731 qt5-qtgraphicaleffects [5.15.9-1] - 5.15.9 Resolves: bz#2175733 qt5-qtimageformats [5.15.9-1] - 5.15.9 Resolves: bz#2175734 qt5-qtlocation [5.15.9-1] - 5.15.9 Resolves: bz#2175735 qt5-qtmultimedia [5.15.9-1] - 5.15.9 Resolves: bz#2175736 qt5-qtquickcontrols2 [5.15.9-1] - 5.15.9 Resolves: bz#2175738 qt5-qtquickcontrols [5.15.9-1] - 5.15.9 Resolves: bz#2175737 qt5-qtscript [5.15.9-1] - 5.15.9 Resolves: bz#2175745 qt5-qtsensors [5.15.9-1] - 5.15.9 Resolves: bz#2175739 qt5-qtserialbus [5.15.9-1] - 5.15.9 Resolves: bz#2175740 qt5-qtserialport [5.15.9-1] - 5.15.9 Resolves: bz#2175741 qt5-qtsvg [5.15.9-2] - Fix uninitialized variable usage in m_unitsPerEm (CVE-2023-32573) Resolves: bz#2208140 [5.15.9-1] - 5.15.9 Resolves: bz#2175742 qt5-qttools [5.15.9-3] - Rebuild (LLVM-16) Resolves: bz#2192954 [5.15.9-2] - Rebuild (elfutils#2188064) Resolves: bz#2175743 [5.15.9-1] - 5.15.9 Resolves: bz#2175743 qt5-qttranslations [5.15.9-1] - 5.15.9 Resolves: bz#2175744 qt5-qtwayland [5.15.9-1] - 5.15.9 Resolves: bz#2175746 qt5-qtwebchannel [5.15.9-1] - 5.15.9 Resolves: bz#2175747 qt5-qtwebsockets [5.15.9-2] - Move QML imports out of -devel subpackage Resolves: bz#2175749 [5.15.9-1] - 5.15.9 Resolves: bz#2175749 qt5-qtx11extras [5.15.9-1] - 5.15.9 Resolves: bz#2175750 qt5-qtxmlpatterns [5.15.9-2] - Rebuild (elfutils#2188064) Resolves: bz#2175751 [5.15.9-1] - 5.15.9 Resolves: bz#2175751 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-38197 CVE-2023-33285 CVE-2023-32573 CVE-2023-37369 CVE-2023-34410 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::distro_builder cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [23.1.1-11.0.2] - Fix Oracle Datasource network and getdata methods for OCI OL [Orabug: 35950168] [23.1.1-11.0.1] - Increase retry value and add timeout for OCI [Orabug: 35329883] - Fix log file permission [Orabug: 35302969] - Update detection logic for OL distros in config template [Orabug: 34845400] - Added missing services in rhel/systemd/cloud-init.service [Orabug: 32183938] - Added missing services in cloud-init.service.tmpl for sshd [Orabug: 32183938] - Forward port applicable cloud-init 18.4-2.0.3 changes to cloud-init-18-5 [Orabug: 30435672] - limit permissions [Orabug: 31352433] - Changes to ignore all enslaved interfaces [Orabug: 30092148] - Make Oracle datasource detect dracut based config files [Orabug: 29956753] - add modified version of enable-ec2_utils-to-stop-retrying-to-get-ec2-metadata.patch: 1. Enable ec2_utils.py having a way to stop retrying to get ec2 metadata 2. Apply stop retrying to get ec2 metadata to helper/openstack.py MetadataReader Resolves: Oracle-Bug:41660 (Bugzilla) - added OL to list of known distros [23.1.1-11] - Resolves: bz#2232296 [23.1.1-10] - Resolves: bz#2229660 bz#2229952 [23.1.1-9] - 0030-NM-renderer-set-default-IPv6-addr-gen-mode-for-all-i.patch [bz#2188388] - Resolves: bz#2188388 [23.1.1-8] - 0022-test-fixes-update-tests-to-reflect-AUTOCONNECT_PRIOR.patch [bz#2217865] - 0023-test-fixes-remove-NM_CONTROLLED-no-from-tests.patch [bz#2217865] - 0024-Revert-limit-permissions-on-def_log_file.patch [bz#2217865] - 0025-test-fixes-changes-to-apply-RHEL-specific-config-set.patch [bz#2217865] - 0026-Enable-SUSE-based-distros-for-ca-handling-2036.patch [bz#2217865] - 0027-Handle-non-existent-ca-cert-config-situation-2073.patch [bz#2217865] - 0028-logging-keep-current-file-mode-of-log-file-if-its-st.patch [bz#2222498] - 0029-DS-VMware-modify-a-few-log-level-4284.patch [bz#2225374] - Resolves: bz#2217865 bz#2222498 bz#2225374 [23.1.1-7] - 0020-Revert-Set-default-renderer-as-sysconfig-for-c9s-RHE.patch - 0021-Set-default-renderer-as-sysconfig-for-centos-rhel-41.patch [bz#2209349] - Resolves: bz#2209349 [23.1.1-6] - 0011-Revert-Manual-revert-Use-Network-Manager-and-Netplan.patch - 0012-Revert-Revert-Add-native-NetworkManager-support-1224.patch - 0013-net-sysconfig-do-not-use-the-highest-autoconnect-pri.patch - 0014-net-sysconfig-cosmetic-fix-tox-formatting.patch - 0015-nm-generate-ipv6-stateful-dhcp-config-at-par-with-sy.patch [bz#2207716] - 0016-network_manager-add-a-method-for-ipv6-static-IP-conf.patch [bz#2196284] - 0017-net-sysconfig-enable-sysconfig-renderer-if-network-m.patch [bz#2194050] - 0018-network-manager-Set-higher-autoconnect-priority-for-.patch [bz#2196231] - 0019-Set-default-renderer-as-sysconfig-for-c9s-RHEL-9.patch [bz#2209349] - Resolves: bz#2118235 bz#2194050 bz#2196231 bz#2196284 bz#2207716 bz#2209349 [23.1.1-5] - 0010-Do-not-generate-dsa-and-ed25519-key-types-when-crypt.patch [bz#2187164] - Resolves: bz#2187164 [23.1.1-4] - 0009-Make-user-vendor-data-sensitive-and-remove-log-permi.patch [bz#2190083] - Resolves: bz#2190083 [23.1.1-3] - 0008-Don-t-change-permissions-of-netrules-target-2076.patch [bz#2182948] - Resolves: bz#2182948 [23.1.1-2] - 0007-rhel-make-sure-previous-hostname-file-ends-with-a-ne.patch [bz#2184608] - Resolves: bz#2184608 [23.1.1-1] - Rebase to 23.1.1 [bz#2172811] - Resolves: bz#2172811 [22.1-9] - ci-Allow-growpart-to-resize-encrypted-partitions-1316.patch [bz#2166245] - Resolves: bz#2166245 (Add support for resizing encrypted root volume) [22.1-8] - ci-cc_set_hostname-ignore-var-lib-cloud-data-set-hostna.patch [bz#2140893] - Resolves: bz#2140893 (systemd[1]: Failed to start Initial cloud-init job after reboot system via sysrq 'b') [22.1-7] - ci-Ensure-network-ready-before-cloud-init-service-runs-.patch [bz#2152100] - Resolves: bz#2152100 ([RHEL-9] Ensure network ready before cloud-init service runs on RHEL) [22.1-6] - ci-cloud.cfg.tmpl-make-sure-centos-settings-are-identic.patch [bz#2115565] - Resolves: bz#2115565 (cloud-init configures user 'centos' or 'rhel' instead of 'cloud-user' with cloud-init-22.1) [22.1-5] - ci-Revert-Add-native-NetworkManager-support-1224.patch [bz#2107463 bz#2104389 bz#2117532 bz#2098501] - ci-Revert-Use-Network-Manager-and-Netplan-as-default-re.patch [bz#2107463 bz#2104389 bz#2117532 bz#2098501] - ci-Revert-Revert-Setting-highest-autoconnect-priority-f.patch [bz#2107463 bz#2104389 bz#2117532 bz#2098501] - Resolves: bz#2107463 ([RHEL-9.1] Cannot run sysconfig when changing the priority of network renderers) - Resolves: bz#2104389 ([RHEL-9.1]Failed to config static IP and IPv6 according to VMware Customization Config File) - Resolves: bz#2117532 ([RHEL9.1] Revert patch of configuring networking by NM keyfiles) - Resolves: bz#2098501 ([RHEL-9.1] IPv6 not workable when cloud-init configure network using NM keyfiles) [22.1-4] - ci-Honor-system-locale-for-RHEL-1355.patch [bz#2061604] - ci-cloud-init.spec-adjust-path-for-66-azure-ephemeral.r.patch [bz#2096270] - ci-setup.py-adjust-udev-rules-default-path-1513.patch [bz#2096270] - Resolves: bz#2061604 (cloud-config will change /etc/locale.conf back to en_US.UTF-8 on rhel-guest-image-9.0) - Resolves: bz#2096270 (Adjust udev/rules default path[rhel-9]) [22.1-3] - ci-Support-EC2-tags-in-instance-metadata-1309.patch [bz#2091640] - ci-cc_set_hostname-do-not-write-localhost-when-no-hostn.patch [bz#1980403] - Resolves: bz#2091640 ([cloud][init] Add support for reading tags from instance metadata) - Resolves: bz#1980403 ([RHV] RHEL 9 VM with cloud-init without hostname set doesn't result in the FQDN as hostname) [22.1-2] - ci-Add-native-NetworkManager-support-1224.patch [bz#2056964] - ci-Use-Network-Manager-and-Netplan-as-default-renderers.patch [bz#2056964] - ci-Revert-Setting-highest-autoconnect-priority-for-netw.patch [bz#2056964] - ci-Align-rhel-custom-files-with-upstream-1431.patch [bz#2088448] - ci-Remove-rhel-specific-files.patch [bz#2088448] - Resolves: bz#2056964 ([RHEL-9]Rebase cloud-init from Fedora so it can configure networking using NM keyfiles) - Resolves: bz#2088448 (Align cloud.cfg file and systemd with cloud-init upstream .tmpl files) [22.1-1] - Rebase to 22.1 [bz#2065548] - Resolves: bz#2065548 ([RHEL-9.1] cloud-init rebase to 22.1) [21.1-19] - ci-Fix-IPv6-netmask-format-for-sysconfig-1215.patch [bz#2053546] - ci-Adding-_netdev-to-the-default-mount-configuration.patch [bz#1998445] - ci-Setting-highest-autoconnect-priority-for-network-scr.patch [bz#2036060] - Resolves: bz#2053546 (cloud-init writes route6- config with a HEX netmask. ip route does not like : Error: inet6 prefix is expected rather than 'fd00:fd00:fd00::/ffff:ffff:ffff:ffff::'.) - Resolves: bz#1998445 ([Azure][RHEL-9] ordering cycle exists after reboot) - Resolves: bz#2036060 ([cloud-init][ESXi][RHEL-9] Failed to config static IP according to VMware Customization Config File) [21.1-18] - ci-Add-_netdev-option-to-mount-Azure-ephemeral-disk-121.patch [bz#1998445] - Resolves: bz#1998445 ([Azure][RHEL-9] ordering cycle exists after reboot) [21.1-17] - ci-Add-flexibility-to-IMDS-api-version-793.patch [bz#2042351] - ci-Azure-helper-Ensure-Azure-http-handler-sleeps-betwee.patch [bz#2042351] - ci-azure-Removing-ability-to-invoke-walinuxagent-799.patch [bz#2042351] - ci-Azure-eject-the-provisioning-iso-before-reporting-re.patch [bz#2042351] - ci-Azure-Retrieve-username-and-hostname-from-IMDS-865.patch [bz#2042351] - ci-Azure-Retry-net-metadata-during-nic-attach-for-non-t.patch [bz#2042351] - ci-Azure-adding-support-for-consuming-userdata-from-IMD.patch [bz#2042351] - Resolves: bz#2042351 ([RHEL-9] Support for provisioning Azure VM with userdata) [21.1-16] - ci-Datasource-for-VMware-953.patch [bz#2040090] - ci-Change-netifaces-dependency-to-0.10.4-965.patch [bz#2040090] - ci-Update-dscheck_VMware-s-rpctool-check-970.patch [bz#2040090] - ci-Revert-unnecesary-lcase-in-ds-identify-978.patch [bz#2040090] - ci-Add-netifaces-package-as-a-Requires-in-cloud-init.sp.patch [bz#2040090] - Resolves: bz#2040090 ([cloud-init][RHEL9] Support for cloud-init datasource 'cloud-init-vmware-guestinfo') [21.1-15] - ci-Add-gdisk-and-openssl-as-deps-to-fix-UEFI-Azure-init.patch [bz#2032524] - Resolves: bz#2032524 ([RHEL9] [Azure] cloud-init fails to configure the system) [21.1-14] - ci-cloudinit-net-handle-two-different-routes-for-the-sa.patch [bz#2028031] - Resolves: bz#2028031 ([RHEL-9] Above 19.2 of cloud-init fails to configure routes when configuring static and default routes to the same destination IP) [21.1-13] - ci-fix-error-on-upgrade-caused-by-new-vendordata2-attri.patch [bz#2028381] - Resolves: bz#2028381 (cloud-init.service fails to start after package update) [21.1-12] - ci-remove-unnecessary-EOF-string-in-disable-sshd-keygen.patch [bz#2016305] - Resolves: bz#2016305 (disable-sshd-keygen-if-cloud-init-active.conf:8: Missing '=', ignoring line) [21.1-11] - ci-cc_ssh.py-fix-private-key-group-owner-and-permission.patch [bz#2015974] - Resolves: bz#2015974 (cloud-init fails to set host key permissions correctly) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-1786 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [10.2.11.0.1] - Merge Oracle patches for ol9 Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> [10.2-11.el9] - Backport 'libiberty: prevent buffer overflow when decoding user input' (Luis Ferreira, RHBZ2132600) * Mon Mar 27 2023 Bruno Larsen <blarsen@redhat.com> - Backport '[gdb/breakpoint] Fix assert in jit_event_handler' (Tom de Vries, RHBZ 2130624) * Thu Mar 23 2023 Bruno Larsen <blarsen@redhat.com> - Bakport 'Fix assertion failure in copy_type' (Tom Tromey, RHBZ 2155439) - Bakport '[gdb/testsuite] Fix PR20630 regression test in gdb.base/printcmds.exp' (Tom de Vries) LOW Copyright 2023 Oracle, Inc. CVE-2021-3826 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [4:1.1.9-1] - update to https://github.com/opencontainers/runc/releases/tag/v1.1.9 - Related: #2176063 [4:1.1.8-1] - update to https://github.com/opencontainers/runc/releases/tag/v1.1.8 - Related: #2176063 [4:1.1.7-2] - rebuild for following CVEs: CVE-2021-43784 CVE-2022-41724 CVE-2023-28642 - Resolves: #2033659 - Resolves: #2179973 - Resolves: #2183103 [4:1.1.7-1] - update to https://github.com/opencontainers/runc/releases/tag/v1.1.7 - Related: #2176063 [4:1.1.6-1] - update to https://github.com/opencontainers/runc/releases/tag/v1.1.6 - Related: #2176063 [4:1.1.5-2] - runc 1.1.5 resolves CVE-2023-25809 and CVE-2023-27561 - Resolves: #2176110 - Resolves: #2183098 [4:1.1.5-1] - update to https://github.com/opencontainers/runc/releases/tag/v1.1.5 - Related: #2176063 [4:1.1.4-2] - rebuild - Resolves: #2102995 MODERATE Copyright 2023 Oracle, Inc. CVE-2021-43784 CVE-2023-27561 CVE-2023-28642 CVE-2023-25809 CVE-2022-41724 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [3.16.1-5] - Fix CVE-2023-26767 (#2181147) - Fix CVE-2023-26768 (#2181151) - Fix CVE-2023-26769 (#2181149) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-26769 CVE-2023-26767 CVE-2023-26768 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::distro_builder cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [1:1.3.0-4] - add Epoch in Provides - Related: #2176063 [1:1.3.0-3] - remove no_openssl for FIPS compliance - Related: #2176063 [1:1.3.0-2] - rebuild for following CVEs: CVE-2022-41724 CVE-2022-41725 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539 CVE-2023-24540 CVE-2023-29400 - Resolves: #2179960 - Resolves: #2187333 - Resolves: #2187376 - Resolves: #2203705 - Resolves: #2207519 [1:1.3.0-1] - update to https://github.com/containernetworking/plugins/releases/tag/v1.3.0 - Related: #2176063 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-24534 CVE-2022-41725 CVE-2023-24540 CVE-2023-24539 CVE-2022-41724 CVE-2023-29400 CVE-2023-24536 CVE-2023-24538 CVE-2023-29406 CVE-2022-41723 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 httpd [2.4.57-5.0.1] - Replace index.html with Oracle's index page oracle_index.html. [2.4.57-5] - Fix issue found by covscan - Related: #2222001 [2.4.57-4] - Resolves: #2217726 - Make PROPFIND tolerant of deletion race [2.4.57-3] - Resolves: #2222001 - mod_status lists BusyWorkers IdleWorkers keys twice [2.4.57-2] - Resolves: #2186645 - Fix issue found by covscan in httpd package - Resolves: #2173295 - Include Apache httpd module mod_authnz_fcgi [2.4.57-1] - Resolves: #2184403 - rebase httpd to 2.4.57 - Resolves: #2177753 - CVE-2023-25690 httpd: HTTP request splitting with mod_rewrite and mod_proxy mod_http2 [1.15.19-5] - Resolves: #2177753 - CVE-2023-25690 httpd: HTTP request splitting with mod_rewrite and mod_proxy MODERATE Copyright 2023 Oracle, Inc. CVE-2023-27522 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [9.5.0-7.0.1] - The path to the guest agent socket file can become too long and cause problems.(rhbz#2233744) - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] [9.5.0-7] - util: use 'stubDriverType' instead of just 'stubDriver' (rhbz#2074209) - util: add stub driver name to virPCIDevice object (rhbz#2074209) - util: rename virPCIDeviceGetDriverPathAndName (rhbz#2074209) - util: permit existing binding to VFIO variant driver (rhbz#2074209) - util: probe stub driver from within function that binds to stub driver (rhbz#2074209) - util: honor stubDriverName when probing/binding stub driver for a device (rhbz#2074209) - node_device: support binding other drivers with virNodeDeviceDetachFlags() (rhbz#2074209) - qemu: turn two multiline log messages into single line (rhbz#2074209) - docs: update description of virsh nodedev-detach --driver option (rhbz#2074209) - rpm: Fix typo in daemon name (rhbz#2236057) - rpm: Recommend libvirt-daemon for with_modular_daemons distros (rhbz#2236500) [9.5.0-6] - tests: Use DO_TEST_CAPS_*_ABI_UPDATE() for ppc64 (rhbz#2196178) - tests: Switch to firmware autoselection for hvf (rhbz#2196178) - tests: Use virt-4.0 machine type for aarch64 (rhbz#2196178) - tests: Consistently use /path/to/guest_VARS.fd (rhbz#2196178) - tests: Turn abi-update.xml into a symlink (rhbz#2196178) - tests: Rename firmware-auto-efi-nvram-path (rhbz#2196178) - qemu: Fix return value for qemuFirmwareFillDomainLegacy() (rhbz#2196178) - qemu: Fix lookup against stateless/combined pflash (rhbz#2196178) - tests: Add some more DO_TEST*ABI_UPDATE* macros (rhbz#2196178) - tests: Add more tests for firmware selection (rhbz#2196178) - tests: Update firmware descriptor files (rhbz#2196178) - tests: Drop tags from BIOS firmware descriptor (rhbz#2196178) - tests: Include microvm in firmwaretest (rhbz#2196178) - qemu: Don't overwrite NVRAM template for legacy firmware (rhbz#2196178) - qemu: Generate NVRAM path in more cases (rhbz#2196178) - qemu: Filter firmware based on loader.readonly (rhbz#2196178) - qemu: Match NVRAM template extension for new domains (rhbz#2196178) - conf: Don't default to raw format for loader/NVRAM (rhbz#2196178) - tests: Rename firmware-auto-efi-format-loader-qcow2-nvram-path (rhbz#2196178) - tests: Reintroduce firmware-auto-efi-format-mismatch (rhbz#2196178) - rpm: Reorder scriptlets (rhbz#2210058) - rpm: Reduce use of with_modular_daemons (rhbz#2210058) - rpm: Remove custom libvirtd restart logic (rhbz#2210058) - rpm: Introduce new macros for handling of systemd units (rhbz#2210058) - rpm: Switch to new macros for handling of systemd units (rhbz#2210058) - rpm: Delete unused macros (rhbz#2210058) [9.5.0-5] - Revert 'qemu_passt: Actually use @logfd' (rhbz#2209191) - Revert 'qemu_passt: Precreate passt logfile' (rhbz#2209191) [9.5.0-4] - storage: Fix returning of locked objects from 'virStoragePoolObjListSearch' (CVE-2023-3750, rhbz#2221851) [9.5.0-3] - tests: remove acpi support from s390x ccw hotplug tests (rhbz#2168499) - tests: add capabilities for QEMU 8.1.0 on s390x (rhbz#2168499) - qemu: add run-with async-teardown capability (rhbz#2168499) - qemu: allow use of async teardown in domain (rhbz#2168499) - conf: domcaps: Add 'async-teardown' domain capability (rhbz#2168499) - qemu: S390 does not provide physical address size (rhbz#2224016) - nodedev: report mdev persistence properly (rhbz#2143158) - node_device: Don't leak error message buffer from virMdevctlListDefined|Active (rhbz#2143158) [9.5.0-2] - nodedev: transient mdev update on nodeDeviceCreateXML (rhbz#2143158) - nodedev: refactor mdevctl thread functions (rhbz#2143158) - nodedev: update mdevs from the mdevctl thread (rhbz#2143158) [9.5.0-1] - Rebased to libvirt-9.5.0 (rhbz#2175785) [9.5.0-0rc1.1] - Rebased to libvirt-9.5.0-rc1 (rhbz#2175785) - The rebase also fixes the following bugs: rhbz#2160356, rhbz#2209191, rhbz#2210287, rhbz#2209853, rhbz#2171860 rhbz#2138150, rhbz#2171384 [9.4.0-1] - Rebased to libvirt-9.4.0 (rhbz#2175785) - The rebase also fixes the following bugs: rhbz#2119007, rhbz#2193315, rhbz#2209658, rhbz#2143158, rhbz#2208946 rhbz#2138150, rhbz#2203657, rhbz#2180679, rhbz#2203709 [9.3.0-2] - qemu_domin: Account for NVMe disks when calculating memlock limit on hotplug (rhbz#2014030) [9.3.0-1] - Rebased to libvirt-9.3.0 (rhbz#2175785) - The rebase also fixes the following bugs: rhbz#2181235, rhbz#2176215, rhbz#2187133, rhbz#2178885, rhbz#2174700 rhbz#2160435, rhbz#2184966, rhbz#2187278, rhbz#2014030, rhbz#2185184 rhbz#2156300 [9.2.0-1] - Rebased to libvirt-9.2.0 (rhbz#2175785) - The rebase also fixes the following bugs: rhbz#2178885, rhbz#2000410, rhbz#2175582, rhbz#2154750, rhbz#2175449 rhbz#2181234, rhbz#2078693, rhbz#2176924, rhbz#2156300, rhbz#2173142 rhbz#2171973, rhbz#2178866, rhbz#2182961, rhbz#2174397, rhbz#2179030 rhbz#2161965, rhbz#2035985 [9.1.0-1] - Rebased to libvirt-9.1.0 (rhbz#2175785) - The rebase also fixes the following bugs: rhbz#2004850, rhbz#2137346, rhbz#2166235, rhbz#1961326 [9.0.0-7] - qemu_snapshot: remove memory snapshot when deleting external snapshot (rhbz#2170826) - qemu_snapshot: refactor qemuSnapshotDeleteExternalPrepare (rhbz#2170826) [9.0.0-6] - rpc: client: Don't check return value of virNetMessageNew (rhbz#2145188) - rpc: Don't warn about 'max_client_requests' in single-threaded daemons (rhbz#2145188) [9.0.0-5] - qemu_extdevice: Do cleanup host only for VIR_DOMAIN_TPM_TYPE_EMULATOR (rhbz#2168762) - qemu: blockjob: Handle 'pending' blockjob state only when we need it (rhbz#2168769) [9.0.0-4] - qemuProcessStop: Fix detection of outgoing migration for external devices (rhbz#2161557) - qemuExtTPMStop: Restore TPM state label more often (rhbz#2161557) - qemuProcessLaunch: Tighten rules for external devices wrt incoming migration (rhbz#2161557) - qemu_process: Produce better debug message wrt domain namespaces (rhbz#2167302) - qemu_namespace: Deal with nested mounts when umount()-ing /dev (rhbz#2167302) - qemuProcessRefreshDisks: Don't skip filling of disk information if tray state didn't change (rhbz#2166411) [9.0.0-3] - src: Don't use virReportSystemError() on virProcessGetStatInfo() failure (rhbz#2148266) - qemu: Provide virDomainGetCPUStats() implementation for session connection (rhbz#2148266) - virsh: Make domif-setlink work more than once (rhbz#2165466) - qemu_fd: Remove declaration for 'qemuFDPassNewDirect' (rhbz#2040272) - qemuStorageSourcePrivateDataFormat: Rename 'tmp' to 'objectsChildBuf' (rhbz#2040272) - qemu: command: Handle FD passing commandline via qemuBuildBlockStorageSourceAttachDataCommandline (rhbz#2040272) - qemuFDPassTransferCommand: Mark that FD was passed (rhbz#2040272) - qemu: fd: Add helpers allowing storing FD set data in status XML (rhbz#2040272) - qemu: domain: Store fdset ID for disks passed to qemu via FD (rhbz#2040272) - qemu: block: Properly handle FD-passed disk hot-(un-)plug (rhbz#2040272) [9.0.0-2] - vircgroupv2: fix cpu.weight limits check (rhbz#2037998) - domain_validate: drop cpu.shares cgroup check (rhbz#2037998) - docs: document correct cpu shares limits with both cgroups v1 and v2 (rhbz#2037998) - qemu_interface: Fix managed='no' case when creating an ethernet interface (rhbz#2144738) - conf: clarify some external TPM error messages (rhbz#2063723) - qemu: hotplug: Remove legacy quirk for 'dimm' address generation (rhbz#2158701) - qemu: alias: Remove 'oldAlias' argument of qemuAssignDeviceMemoryAlias (rhbz#2158701) - qemu: Remove 'memAliasOrderMismatch' field from VM private data (rhbz#2158701) - rpc: Fix error message in virNetServerSetClientLimits (rhbz#2033879) [9.0.0-1] - Rebased to libvirt-9.0.0 (rhbz#2124466) - The rebase also fixes the following bugs: rhbz#2151064, rhbz#1874163, rhbz#2130192, rhbz#2111948, rhbz#1824722 rhbz#2150455, rhbz#2063723, rhbz#1717611, rhbz#2160448, rhbz#2151869 rhbz#2040272, rhbz#2144738, rhbz#2159851, rhbz#2156289, rhbz#2033879 rhbz#1820437, rhbz#2151202 [8.10.0-2] - qemu_process: Document qemuProcessPrepare{Domain,Host}() order (rhbz#2150760) - qemu_extdevice: Init paths in qemuExtDevicesPrepareDomain() (rhbz#2150760) - qemu_extdevice: Expose qemuExtDevicesInitPaths() (rhbz#2150760) - qemu: Init ext devices paths on reconnect (rhbz#2150760) [8.10.0-1] - Rebased to libvirt-8.10.0 (rhbz#2124466) - The rebase also fixes the following bugs: rhbz#2128993, rhbz#2143235, rhbz#2143840, rhbz#1874163, rhbz#2000075 rhbz#2143838, rhbz#2104919, rhbz#2072204, rhbz#2137298 [8.9.0-2] - RHEL: rpminspect: Disable abidiff inspection (rhbz#2124466) - spec: Fix python3-libvirt requirement in client-qemu package (rhbz#2124466) [8.9.0-1] - Rebased to libvirt-8.9.0 (rhbz#2124466) - The rebase also fixes the following bugs: rhbz#2074559, rhbz#2134009, rhbz#1777212, rhbz#2013523, rhbz#2114866 rhbz#1964855 [8.8.0-1] - Rebased to libvirt-8.8.0 (rhbz#2124466) - The rebase also fixes the following bugs: rhbz#2122534, rhbz#2121262, rhbz#2130089, rhbz#2121276, rhbz#2121627 rhbz#2125111, rhbz#2129239, rhbz#1964855, rhbz#2114866 [8.7.0-1] - Rebased to libvirt-8.7.0 (rhbz#2124466) - The rebase also fixes the following bugs: rhbz#2084046, rhbz#2108483, rhbz#2123371, rhbz#2101633, rhbz#1988211 rhbz#2086677, rhbz#2103132, rhbz#2078805, rhbz#2111301, rhbz#2094641 [8.5.0-5] - rpc: Pass OPENSSL_CONF through to ssh invocations (rhbz#2112348) [8.5.0-4] - qemu: Pass migration flags to qemuMigrationParamsApply (rhbz#2111070) - qemu_migration_params: Replace qemuMigrationParamTypes array (rhbz#2111070) - qemu_migration: Pass migParams to qemuMigrationSrcResume (rhbz#2111070) - qemu_migration: Apply max-postcopy-bandwidth on post-copy resume (rhbz#2111070) - qemu: Always assume support for QEMU_CAPS_MIGRATION_PARAM_XBZRLE_CACHE_SIZE (rhbz#2107892) - qemu_migration: Store original migration params in status XML (rhbz#2107892) - qemu_migration_params: Refactor qemuMigrationParamsApply (rhbz#2107892) - qemu_migration_params: Refactor qemuMigrationParamsReset (rhbz#2107892) - qemu_migration_params: Avoid deadlock in qemuMigrationParamsReset (rhbz#2107892) - qemu: Restore original memory locking limit on reconnect (rhbz#2107424) - qemu: Properly release job in qemuDomainSaveInternal (rhbz#1497907) - qemu: don't call qemuMigrationSrcIsAllowedHostdev() from qemuMigrationDstPrepareFresh() (rhbz#1497907) [8.5.0-3] - qemu: introduce capability QEMU_CAPS_MIGRATION_BLOCKED_REASONS (rhbz#2092833) - qemu: new function to retrieve migration blocker reasons from QEMU (rhbz#2092833) - qemu: query QEMU for migration blockers before our own harcoded checks (rhbz#2092833) - qemu: remove hardcoded migration fail for vDPA devices if we can ask QEMU (rhbz#2092833) - qemu_migration: Use EnterMonitorAsync in qemuDomainGetMigrationBlockers (rhbz#2092833) - qemu: don't try to query QEMU about migration blockers during offline migration (rhbz#2092833) - qemu_migration: Acquire correct job in qemuMigrationSrcIsAllowed (rhbz#2092833) - virsh: Require --xpath for *dumpxml (rhbz#2103524) - qemu: skip hardcoded hostdev migration check if QEMU can do it for us (rhbz#1497907) [8.5.0-2] - domain_conf: Format <defaultiothread/> more often (rhbz#2059511) - domain_conf: Format iothread IDs more often (rhbz#2059511) - qemu: Make IOThread changing more robust (rhbz#2059511) - qemuDomainSetIOThreadParams: Accept VIR_DOMAIN_AFFECT_CONFIG flag (rhbz#2059511) - virsh: Implement --config for iothreadset (rhbz#2059511) - docs: Document TPM portion of domcaps (rhbz#2103119) - virtpm: Introduce TPM-1.2 and TPM-2.0 capabilieis (rhbz#2103119) - domcaps: Introduce TPM backendVersion (rhbz#2103119) - qemu: Report supported TPM version in domcaps (rhbz#2103119) - vircpi: Add PCIe 5.0 and 6.0 link speeds (rhbz#2105231) [8.5.0-1] - Rebased to libvirt-8.5.0 (rhbz#2060313) - The rebase also fixes the following bugs: rhbz#1475431, rhbz#2026765, rhbz#2059511, rhbz#2089431, rhbz#2102009 [8.4.0-3] - qemu: fd: Fix monitor usage of qemuFDPassDirectGetPath (rhbz#2092856) [8.4.0-2] - Revert 'RHEL: Fix virConnectGetMaxVcpus output' (rhbz#2095260) [8.4.0-1] - Rebased to libvirt-8.4.0 (rhbz#2060313) - The rebase also fixes the following bugs: rhbz#2057768, rhbz#2081981, rhbz#2035163, rhbz#2075837, rhbz#2082540 rhbz#2075383 [8.3.0-1] - Rebased to libvirt-8.3.0 (rhbz#2060313) - The rebase also fixes the following bugs: rhbz#1653327, rhbz#2075765, rhbz#2075464, rhbz#2078274, rhbz#2070380 rhbz#2073887, rhbz#2073867 [8.2.0-1] - Rebased to libvirt-8.2.0 (rhbz#2060313) - The rebase also fixes the following bugs: rhbz#1866400, rhbz#2065381, rhbz#2063903, rhbz#1901394, rhbz#2065399 [8.1.0-1] - Rebased to libvirt-8.1.0 (rhbz#2060313) - The rebase also fixes the following bugs: rhbz#1643868, rhbz#2045953, rhbz#1910856, rhbz#2051451, rhbz#1745868 rhbz#2040548, rhbz#2041665, rhbz#1999372, rhbz#2038045, rhbz#2045959 rhbz#2046024, rhbz#2040555, rhbz#2057067, rhbz#2037146, rhbz#2036300 [8.0.0-5] - Make systemd unit ordering more robust (rhbz#1868537) - util: Fix machined servicename (rhbz#1868537) [8.0.0-4] - qemu_command: Generate memory only after controllers (rhbz#2047271) - qemu: Validate domain definition even on migration (rhbz#2048435) [8.0.0-3] - qemuDomainSetupDisk: Initialize 'targetPaths' (rhbz#2046170) [8.0.0-2] - build: Only install libvirt-guests when building libvirtd (rhbz#2042529) - docs: Add man page for libvirt-guests (rhbz#2042529) - remove sysconfig files (rhbz#2042529) - spec: Run pre/post-install stuff on 'daemon-driver-storage-core' (rhbz#2025644) - qemu: fix inactive snapshot revert (rhbz#2039136) - Revert 'report error when virProcessGetStatInfo() is unable to parse data' (rhbz#2043579) [8.0.0-1] - Rebased to libvirt-8.0.0 (rhbz#2001507) - The rebase also fixes the following bugs: rhbz#2039246, rhbz#2039652, rhbz#2039651, rhbz#2039131 [8.0.0-0rc1.1] - Rebased to libvirt-8.0.0-rc1 (rhbz#2001507) - The rebase also fixes the following bugs: rhbz#2034539, rhbz#2027400, rhbz#1945420, rhbz#1851249, rhbz#2032410 rhbz#2026812, rhbz#2032365, rhbz#2035888, rhbz#2036895, rhbz#2026537 [7.10.0-1] - Rebased to libvirt-7.10.0 (rhbz#2001507) - The rebase also fixes the following bugs: rhbz#2024098, rhbz#1964223, rhbz#2018488, rhbz#2021437, rhbz#2022589 rhbz#2023605, rhbz#1431589, rhbz#2024435, rhbz#2016599, rhbz#1945501 rhbz#2023674 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-3750 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [9.2.10-7] - bump release number for rebuild with fixed gating.yaml file [9.2.10-6] - resolve RHEL-12665 - resolve CVE-2023-39325 CVE-2023-44487 rapid stream resets can cause excessive work - testing is turned off due to test failures caused by testing date mismatch [9.2.10-5] - resolve CVE-2023-3128 grafana: account takeover possible when using Azure AD OAuth [9.2.10-3] - bumps exporter-toolkit to v0.7.3, sanitize-url@npm to 6.0.2, skip problematic s390 tests, License AGPL-3.0-only. [9.2.10-2] - Update to 9.2.10 [9.2.10-1] - Update to 9.2.10 [9.0.9-2] - resolve CVE-2022-39229 grafana: Using email as a username can prevent other users from signing in - resolve CVE-2022-2880 CVE-2022-41715 grafana: various flaws [9.0.9-1] - update to 9.0.9 tagged upstream community sources, see CHANGELOG - resolve CVE-2022-35957 grafana: Escalation from admin to server admin when auth proxy is used (rhbz#2125530) [9.0.8-2] - bump NVR [9.0.8-1] - update to 9.0.8 tagged upstream community sources, see CHANGELOG - do not list /usr/share/grafana/conf twice - drop makefile in favor of create_bundles.sh script - sync provides/obsoletes with CentOS versions - drop husky patch [7.5.15-3] - resolve CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions - resolve CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header - resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working - resolve CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read - resolve CVE-2022-30630 golang: io/fs: stack exhaustion in Glob - resolve CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob - resolve CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode - resolve CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip - resolve CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal [7.5.15-2] - resolve CVE-2022-31107 grafana: OAuth account takeover [7.5.15-1] - update to 7.5.15 tagged upstream community sources, see CHANGELOG - resolve CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources - resolve CVE-2022-21702 grafana: XSS vulnerability in data source handling - resolve CVE-2022-21703 grafana: CSRF vulnerability can lead to privilege escalation - resolve CVE-2022-21713 grafana: IDOR vulnerability can lead to information disclosure - resolve CVE-2021-23648 sanitize-url: XSS - resolve CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter - declare Node.js dependencies of subpackages - make vendor and webpack tarballs reproducible [7.5.11-3] - use HMAC-SHA-256 instead of SHA-1 to generate password reset tokens - update FIPS tests in check phase [7.5.11-2] - resolve CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache - resolve CVE-2021-43813 grafana: directory traversal vulnerability for *.md files MODERATE Copyright 2023 Oracle, Inc. CVE-2022-23552 CVE-2022-39201 CVE-2022-39307 CVE-2022-39306 CVE-2022-39324 CVE-2022-41717 CVE-2023-24534 CVE-2022-31123 CVE-2022-31130 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [13.11-1] - Update to 13.11 Resolves: #2171370 LOW Copyright 2023 Oracle, Inc. CVE-2022-41862 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [0.99.9-5] - Rebuild Resolves: rhbz#2227786 [0.99.9-4] - Address CVE-2020-12762 Resolves: rhbz#2203172 MODERATE Copyright 2023 Oracle, Inc. CVE-2020-12762 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [8.3.1-11] - Resolves: RHEL-2263 - bgpd: Do not explicitly print MAXTTL value for ebgp-multihop vty output [8.3.1-10] - Related: #2216912 - adding sys_admin to capabilities [8.3.1-9] - Resolves: #2215346 - frr policy does not allow the execution of /usr/sbin/ipsec [8.3.1-8] - Resolves: #2216912 - SELinux is preventing FRR-Zebra to access to network namespaces [8.3.1-7] - Resolves: #2168855 - BFD not working through VRF [8.3.1-6] - Resolves: #2184870 - Reachable assertion in peek_for_as4_capability function - Resolves: #2196795 - denial of service by crafting a BGP OPEN message with an option of type 0xff - Resolves: #2196796 - denial of service by crafting a BGP OPEN message with an option of type 0xff - Resolves: #2196794 - out-of-bounds read exists in the BGP daemon of FRRouting MODERATE Copyright 2023 Oracle, Inc. CVE-2022-40302 CVE-2022-40318 CVE-2022-36440 CVE-2022-43681 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [1:3.4.10-6] - Resolves: #2211413 - XRA dissector infinite loop [1:3.4.10-5] - Resolves: #2210864 - Candump log file parser crash Resolves: #2210865 - VMS TCPIPtrace file parser crash Resolves: #2210868 - NetScaler file parser crash Resolves: #2210870 - RTPS dissector crash Resolves: #2210871 - IEEE C37.118 Synchrophasor dissector crash MODERATE Copyright 2023 Oracle, Inc. CVE-2023-2952 CVE-2023-0666 CVE-2023-2855 CVE-2023-2856 CVE-2023-2858 CVE-2023-0668 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [1.31.3-1.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178] [1:1.31.3-1] - update to https://github.com/containers/buildah/releases/tag/v1.31.3 - Related: #2176063 [1:1.31.2-1] - update to https://github.com/containers/buildah/releases/tag/v1.31.2 - Related: #2176063 [1:1.31.1-2] - build buildah off main branch for early testing of zstd compression - Related: #2176063 [1:1.31.1-1] - update to https://github.com/containers/buildah/releases/tag/v1.31.1 - Related: #2176063 [1:1.31.0-1] - update to https://github.com/containers/buildah/releases/tag/v1.31.0 - Related: #2176063 [1:1.30.0-2] - rebuild for following CVEs: CVE-2023-25173 CVE-2022-41724 CVE-2022-41725 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539 CVE-2023-24540 CVE-2023-29400 - Resolves: #2175073 - Resolves: #2179958 - Resolves: #2187332 - Resolves: #2187375 - Resolves: #2203696 - Resolves: #2207518 [1:1.30.0-1] - update to 1.30.0 - Related: #2176063 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-41723 CVE-2023-24534 CVE-2022-41725 CVE-2023-24536 CVE-2023-25173 CVE-2023-29400 CVE-2023-29406 CVE-2023-24540 CVE-2023-24539 CVE-2023-24538 CVE-2022-41724 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [2:4.6.1-5.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404] [2:4.6.1-5] - update to the latest content of https://github.com/containers/podman/tree/v4.6.1-rhel (https://github.com/containers/podman/commit/ea33dce) - Related: #2176063 [2:4.6.1-4] - amend podmansh provides - Related: #2176063 [2:4.6.1-3] - update to the latest content of https://github.com/containers/podman/tree/v4.6.1-rhel (https://github.com/containers/podman/commit/8bb0204) - Related: #2176063 [2:4.6.1-2] - update to the latest content of https://github.com/containers/podman/tree/v4.6.1-rhel (https://github.com/containers/podman/commit/1b2fadd) - Resolves: #2232127 [2:4.6.1-1] - update to latest content of https://github.com/containers/podman/releases/tag/4.6.1 - Related: #2176063 [2:4.6.0-3] - build podman 4.6.0 off main branch for early testing of zstd compression - Related: #2176063 [2:4.6.0-2] - update license token to be SPDX compatible - Related: #2176063 [2:4.6.0-1] - update to latest content of https://github.com/containers/podman/releases/tag/4.6.0 (https://github.com/containers/podman/commit/38e6fab9664c6e59b66e73523b307a56130316ae) [2:4.6.0-0.3] - rebuild with the new bats - Related: #2176063 [2:4.6.0-0.2] - update to 4.6.0-rc2 - Related: #2176063 [2:4.6.0-0.1] - update to 4.6.0-rc1 - Related: #2176063 [2:4.5.1-5] - rebuild for following CVEs: CVE-2023-25173 CVE-2022-41724 CVE-2022-41725 CVE-2023-24537 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539 CVE-2023-24540 CVE-2023-29400 - Resolves: #2175071 - Resolves: #2179950 - Resolves: #2187318 - Resolves: #2187366 - Resolves: #2203681 - Resolves: #2207512 [2:4.5.1-4] - update to https://github.com/containers/gvisor-tap-vsock/releases/tag/v0.6.1 - Related: #2176063 [2:4.5.1-3] - rebuild for following CVEs: CVE-2023-25173 CVE-2022-41724 CVE-2022-41725 CVE-2023-24537 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539 CVE-2023-24540 CVE-2023-29400 - Resolves: #2175074 - Resolves: #2179966 - Resolves: #2187322 - Resolves: #2187383 - Resolves: #2203702 - Resolves: #2207522 [2:4.5.1-2] - rebuild - Resolves: #2177611 [2:4.5.1-1] - update to https://github.com/containers/podman/releases/tag/v4.5.1 - Related: #2176063 [2:4.5.0-1] - update to 4.5.0 - Related: #2176063 [2:4.4.1-10] - build and add missing docker man pages - Resolves: #2187187 [2:4.4.1-9] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel (https://github.com/containers/podman/commit/fd0ea3b) - Resolves: #2173089 [2:4.4.1-8] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel (https://github.com/containers/podman/commit/05037d3) - Resolves: #2178263 [2:4.4.1-7] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel (https://github.com/containers/podman/commit/67f7e1e) - Related: #2176063 [2:4.4.1-6] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel (https://github.com/containers/podman/commit/4461c9c) - Related: #2176063 [2:4.4.1-5] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel (https://github.com/containers/podman/commit/bf400bd) - Related: #2176063 [2:4.4.1-4] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel (https://github.com/containers/podman/commit/ffc2614) - Resolves: #2179450 [2:4.4.1-3] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel (https://github.com/containers/podman/commit/e1703bb) - Related: #2124478 [2:4.4.1-2] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel (https://github.com/containers/podman/commit/0b38633) - Related: #2124478 [2:4.4.1-1] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel (https://github.com/containers/podman/commit/d4e285a) - Related: #2124478 [2:4.4.1-0.1] - update to the latest content of https://github.com/containers/podman/tree/v4.4 (https://github.com/containers/podman/commit/f5670f0) - Related: #2124478 [2:4.4.0-1] - update to podman-4.4 release - Related: #2124478 [2:4.4.0-0.10] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/68bbdc2) - Related: #2124478 [2:4.4.0-0.9] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/323b515) - Related: #2124478 [2:4.4.0-0.8] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/c35e74f) - Related: #2124478 [2:4.4.0-0.7] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/ce504bb) - Related: #2124478 [2:4.4.0-0.6] - add quadlet to tests - Related: #2124478 [2:4.4.0-0.5] - obsolete podman-catatonit in order to not to file conflict with catatonit - Related: #2124478 [2:4.4.0-0.4] - build v4.4.0-rc2 - Related: #2124478 [2:4.4.0-0.3] - remove podman-machine-cni, it is now part of podman 4.0 or newer - Related: #2124478 [2:4.4.0-0.2] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/07ba51d) - update gvisor-tap-vsock to 0.5.0 - Related: #2124478 [2:4.4.0-0.1] - podman-4.4.0-rc1 - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/f1af5b3) - Related: #2124478 [2:4.3.1-4] - podman shouldn't provide and file conflict with catatonit in CRB - Resolves: #2151322 [2:4.3.1-3] - fix 'podman manifest add' is not concurrent safe - Resolves: #2105173 [2:4.3.1-2] - properly obsolete catatonit - Resolves: #2123319 [2:4.3.1-1] - update to https://github.com/containers/podman/releases/tag/v4.3.1 - Related: #2124478 [2:4.3.0-2] - rebuild to fix CVE-2022-30629 - Related: #2102994 [2:4.3.0-1] - update to https://github.com/containers/podman/releases/tag/v4.3.0 - Related: #2124478 [2:4.2.0-3] - fix dependency in test subpackage - Related: #2061316 [2:4.2.0-2] - readd catatonit - Related: #2061316 [2:4.2.0-1] - update to latest content of https://github.com/containers/podman/releases/tag/4.2.0 (https://github.com/containers/podman/commit/7fe5a419cfd2880df2028ad3d7fd9378a88a04f4) - Related: #2061316 [2:4.2.0-0.3rc3] - require catatonit for gating tests - Related: #2061316 [2:4.2.0-0.2rc3] - update to 4.2.0-rc3 - Related: #2061316 [2:4.2.0-0.1rc2] - update to 4.2.0-rc2 - Related: #2061316 [2:4.1.1-6] - convert catatonit dependency to soft dep as catatonit is no longer in Appstream but in CRB - Related: #2061316 [2:4.1.1-5] - rebuild for combined gating with catatonit - Related: #2097694 [2:4.1.1-4] - catatonit is now a standalone package - Related: #2097694 [2:4.1.1-3] - update to the latest content of https://github.com/containers/podman/tree/v4.1.1-rhel (https://github.com/containers/podman/commit/fa692a6) - Related: #2097694 [2:4.1.1-2] - be sure podman services/sockets are stopped upon package removal - Related: #2061316 [2:4.1.1-1] - update to https://github.com/containers/podman/releases/tag/v4.1.1 - Related: #2061316 [2:4.1.0-4] - don't require runc and Recommends: crun - Related: #2061316 [2:4.1.0-3] - Re-enable LTO and debuginfo - Related: #2061316 [2:4.1.0-2] - update gvisor-tap-vsock to 0.2.0 to fix compilation with golang 1.18 - Related: #2061316 [2:4.1.0-1] - update to https://github.com/containers/podman/releases/tag/v4.1.0 - Related: #2061316 [2:4.0.3-2] - require netavark and move CNI to soft dependencies - Related: #2061316 [2:4.0.3-1] - update to https://github.com/containers/podman/releases/tag/v4.0.3 - Related: #2061316 [2:4.0.2-3] - bump minimal libseccomp version requirement - Related: #2061316 [2:4.0.2-2] - rebuilt with golang >= 1.17.5 (CVE-2021-44716, CVE-2021-44717) - Related: #2061316 [2:4.0.2-1] - update to https://github.com/containers/podman/releases/tag/v4.0.2 - Related: #2059681 [2:4.0.1-1] - update to https://github.com/containers/podman/releases/tag/v4.0.1 - Related: #2000051 [2:4.0.0-6] - set catatonit cflags after configure step, don't explicitly set ldflags - Related: #2054115 [2:4.0.0-5] - revert previous change and run set_build_flags before the build process - Related: #2054115 [2:4.0.0-4] - add -D_FORTIFY_SOURCE=2 for podman-catatonit - Related: #2054115 [2:4.0.0-3] - depend on containers-common >= 2:1-28 - Related: #2000051 [2:4.0.0-2] - use correct commit 49f8da72 for podman, previous commit said 4.0.1-dev - Related: #2000051 [2:4.0.0-1] - update to podman-4.0.0 release - Related: #2000051 [2:4.0.0-0.32] - update to the latest content of https://github.com/containers/podman/tree/v4.0 (https://github.com/containers/podman/commit/a34f279) - Related: #2000051 [2:4.0.0-0.31] - update to the latest content of https://github.com/containers/podman/tree/v4.0 (https://github.com/containers/podman/commit/ab3e566) - Related: #2000051 [2:4.0.0-0.30] - fix linker flags to assure -D_FORTIFY_SOURCE=2 is present at the command line - Related: #2000051 [2:4.0.0-0.29] - update to the latest content of https://github.com/containers/podman/tree/v4.0 (https://github.com/containers/podman/commit/b0a445e) - Related: #2000051 [2:4.0.0-0.28] - update to the latest content of https://github.com/containers/podman/tree/v4.0 (https://github.com/containers/podman/commit/c4a9aa7) - Related: #2000051 [2:4.0.0-0.27] - update to the latest content of https://github.com/containers/podman/tree/v4.0 (https://github.com/containers/podman/commit/5b2d96f) - Related: #2000051 [2:4.0.0-0.26] - set CGO_CFLAGS explicitly - Related: #2000051 [2:4.0.0-0.25] - bump to 0.25 to have highest NVR - Related: #2000051 [2:4.0.0-0.4] - rebuilt - Related: #2000051 [2:4.0.0-0.3] - update to the latest content of https://github.com/containers/podman/tree/v4.0 (https://github.com/containers/podman/commit/2dca7b2) - Related: #2000051 [2:4.0.0-0.2] - update to the latest content of https://github.com/containers/podman/tree/v4.0 (https://github.com/containers/podman/commit/4ad9e00) - Related: #2000051 [2:4.0.0-0.1] - update to the latest content of https://github.com/containers/podman/tree/v4.0 (https://github.com/containers/podman/commit/337f706) - Related: #2000051 [2:3.4.5-0.8] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/a54320a) - Related: #2000051 [2:3.4.5-0.7] - add rootless_role (Ed Santiago) - Related: #2000051 [2:3.4.5-0.6] - add git-daemon to test subpackage (https://github.com/containers/podman/issues/12851) - Related: #2000051 [2:3.4.5-0.5] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/63134a1) - Related: #2000051 [2:3.4.5-0.4] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/3f57b6e) - Related: #2000051 [2:3.4.5-0.3] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/17788ed) - Related: #2000051 [2:3.4.5-0.2] - incorporate gating test fixes from Ed Santiago: - remove buildah and skopeo (unused) - bump BATS from v1.1 to v1.5 - rename 'nonroot' to 'rootless' - Related: #2000051 [2:3.4.5-0.1] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/b8fde5c) - Related: #2000051 [2:3.4.4-0.1] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/49f589d) - Related: #2000051 [2:3.4.3-0.11] - remove downstream patch already applied upstream - Related: #2000051 [2:3.4.3-0.10] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/fe44757) - Related: #2000051 [2:3.4.3-0.9] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/815f36a) - Related: #2000051 [2:3.4.3-0.8] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/31bc358) - Related: #2000051 [2:3.4.3-0.7] - bump Epoch to not to pull in older versions built off upstream main branch - Related: #2000051 [1:3.4.3-0.6] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/e3a7a74) - add libsubid_tag.sh into BUILDTAGS - Related: #2000051 [1:3.4.3-0.5] - do not put patch URL as the backported patch will get overwritten when 'spectool -g -f' is executed - Related: #2000051 [1:3.4.3-0.4] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/7203178) - Related: #2000051 [1:3.4.3-0.3] - remove -t 0 from podman gating test - Related: #2000051 [1:3.4.3-0.2] - add BuildRequires: shadow-utils-subid-devel - Related: #2000051 [1:3.4.3-0.1] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/4808a63) - Related: #2000051 [1:3.4.2-0.8] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/fd010ad) - Related: #2000051 [1:3.4.2-0.7] - backport https://github.com/containers/podman/pull/12118 to 3.4 in attempt to fix gating tests - Related: #2000051 [1:3.4.2-0.6] - add Requires: gnupg (https://github.com/containers/podman/pull/12270) - Related: #2000051 [1:3.4.2-0.5] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/8de9950) - Related: #2000051 [1:3.4.2-0.4] - update catatonit to 1.7 - Related: #2000051 [1:3.4.2-0.3] - update to the latest content of https://github.com/containers/podman/tree/v3.4 (https://github.com/containers/podman/commit/75023e9) - Related: #2000051 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-41725 CVE-2022-41723 CVE-2023-29400 CVE-2023-24534 CVE-2023-24539 CVE-2023-3978 CVE-2023-24536 CVE-2023-24537 CVE-2023-24540 CVE-2023-25173 CVE-2022-41724 CVE-2023-24538 CVE-2023-29406 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [0.11.0-7] - add missing gating.yaml - fix rpminspect issue Related: #2215766 [0.11.0-6] - Resolves: #2215766, insecure credentials submission MODERATE Copyright 2023 Oracle, Inc. CVE-2023-35789 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [14-2] - Fix service start up [14-1] - New upstream release - v14. Resolves: rhbz#2182411 Resolves: CVE-2023-1672 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-1672 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [3.11.5-1] - Rebase to 3.11.5 - Security fixes for CVE-2023-40217 and CVE-2023-41105 Resolves: RHEL-3045, RHEL-3269 [3.11.4-3] - Fix symlink handling in the fix for CVE-2023-24329 Resolves: rhbz#263261 [3.11.4-2] - Security fix for CVE-2007-4559 Resolves: rhbz#263261 [3.11.4-1] - Update to 3.11.4 - Security fix for CVE-2023-24329 Resolves: rhbz#2173917 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-41105 CVE-2007-4559 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [2.4.22-1] - Update to 2.4.22 (#2196530) [2.4.17-7] - Fix uninitizalized resevered bytes (CVE-2023-0836, #2180861) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-0836 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [1.7.0-8] - CVE fix for: CVE-2023-3138 Resolve: rhbz#2213763 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-3138 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [7.1.8.1-11.0.1] - Replace colors with Oracle colors [Orabug: 32120093] - Build with --with-vendor='Oracle America, Inc.' - Added the --with-hamcrest option to configure. [1:7.1.8.1-11] - Resolves: rhbz#2210193 CVE-2023-0950 Array Index UnderFlow in Calc Formula Parsing - Resolves: rhbz#2210197 CVE-2023-2255 libreoffice: Remote documents loaded without prompt via IFrame - Resolves: rhbz#2208510 CVE-2023-1183 libreoffice: Arbitrary File Write [1:7.1.8.1-10] - Fix erroneous libreoffice-ure dependencies [1:7.1.8.1-9] - Resolves: rhbz#2182392 CVE-2022-38745 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-1183 CVE-2022-38745 CVE-2023-0950 CVE-2023-2255 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1.12.8-1] - Update to 1.12.8 (CVE-2023-28100, CVE-2023-28101) Resolves: #2180312, #2221792 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-28100 CVE-2023-28101 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [6.1.0-9] - Fix an open redirect in StaticFileHandler Resolves: CVE-2023-28370 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-28370 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [2.85-14] - Backport Coverity fix to hide detected issue (#2156789) [2.85-13] - Rebuild with modified gating settings [2.85-12] - Make create logfile writeable by root (#2156789) [2.85-11] - Do not create and search --local and --address=/x/# domains (#2209031) [2.85-10] - Fix also dynamically set resolvers over dbus (#2186481) [2.85-9] - Properly initialize domain parameter in dnssec mode (#2182342) [2.85-8] - Correct possible crashes when server=/example.net/# is used (#2188712) [2.85-7] - Limit offered EDNS0 size 1232 (CVE-2023-28450) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-28450 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [2.40.5-1] - Update to 2.40.5 Related: #2176270 [2.40.4-1] - Update to 2.40.4 Related: #2176270 [2.40.3-2] - Disable JIT Related: #2176270 [2.40.3-1] - Update to 2.40.3 Related: #2176270 [2.40.2-1] - Update to 2.40.2 Related: #2176270 [2.40.1-1] - Upgrade to 2.40.1 Resolves: #2176270 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-38611 CVE-2023-32370 CVE-2023-32393 CVE-2023-38600 CVE-2023-40451 CVE-2023-27954 CVE-2023-38599 CVE-2023-38592 CVE-2023-40397 CVE-2023-38133 CVE-2023-38572 CVE-2023-38597 CVE-2022-32885 CVE-2023-39434 CVE-2023-38594 CVE-2023-38595 CVE-2023-27932 CVE-2023-28198 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [2.29-3] - Resolves: rhbz#2218907 - Fix CVE-2023-31484 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-31484 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [0.076-461] - Changes the verify_SSL default parameter from 0 to 1 - CVE-2023-31486 - Resolves: rhbz#2228412 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-31486 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [9.54.0-13] - fix for CVE-2023-38559 - Resolves: rhbz#2224372 [9.54.0-12] - fix for CVE-2023-36664 - Resolves: rhbz#2217810 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-28879 CVE-2023-38559 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [4.12-1.0.1] - Add libreswan-oracle.patch to detect Oracle Linux distro [4.12-1] - Update to 4.12 to fix CVE-2023-38710, CVE-2023-38711, CVE-2023-38712 - Resolves: rhbz#2215956 [4.9-5] - Just bumping up the version to include bugs for CVE-2023-2295. There is no code fix for it. Fix for it is including the code fix for CVE-2023-30570. - Fix CVE-2023-2295 Regression of CVE-2023-30570 fixes in the Red Hat Enterprise Linux - Resolves: rhbz#2189777, rhbz#2190148 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-38712 CVE-2023-38711 CVE-2023-38710 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [2.1.0-22] - fix CVE-2023-33460 - Resolves: #2221253 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-33460 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [1:0.9.72-5] - Add cve-2023-27371.patch Related: rhbz#2174640 CVE-2023-27371 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-27371 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [12.5.4-7.0.1] - add mpstat -H option to also display physically hotplugged vCPUs [Orabug: 34683087] [12.5.4-7] - add description of UMASK to man/systat.in (rhbz#2216805) [12.5.4-6] - fix the arithmetic overflow in allocate_structures() that is still possible on some 32 bit systems (CVE-2023-33204) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-33204 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [1:9.0.62-37] - Resolves: RHEL-12551 - Remove JDK subpackges which are unused [1:9.0.62-16] - Related: #2184133 Declare file conflicts [1:9.0.62-15] - Resolves: #2184133 Fix bug in Obsoletes [1:9.0.62-14] - Resolves: #2210632 CVE-2023-28709 tomcat [1:9.0.62-13] - Resolves: #2189675 Missing Tomcat POM files in RHEL 9.3 [1:9.0.62-12] - Resolves: #2189675 Missing Tomcat POM files in RHEL 9.3 - Resolves: #2173872 Remove java-11-openjdk-headles as a tomcat dependency - Resolves: #2181461 CVE-2023-28708 tomcat: not including the secure attribute causes information - Resolves: #2210632 CVE-2023-28709 - Resolves: #2184133 Add Obsoletes to tomcat package - Update patch command - Update source to include the CVE fixes MODERATE Copyright 2023 Oracle, Inc. CVE-2023-28708 CVE-2023-28709 CVE-2023-24998 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [4.4.0-10] - Fix CVE-2023-26965 CVE-2023-3316 CVE-2023-26966 CVE-2023-3576 - Resolves: CVE-2023-26965 CVE-2023-3316 CVE-2023-26966 CVE-2023-3576 [4.4.0-9] - Fix CVE-2023-2731 - Resolves: CVE-2023-2731 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-3316 CVE-2023-3576 CVE-2023-26965 CVE-2023-2731 CVE-2023-26966 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [2.0.6-4] - bump rpm version for rhel-exception build Resolves: rhbz#2230712 [2.0.6-3] - blackbox: fix buffer overflow with long log lines Resolves: rhbz#2236171 [2.0.6-1] - ipc: Retry receiving credentials if the the message is short Resolves: rhbz2149647 [2.0.6-1] - Rebase to 2.0.6 Resolves: rhbz#2072903 [2.0.3-8] - Fix negative errno in qb_ipcc_connect (introduced in 2.0.3-4) Resolves: rhbz#2057527 [2.0.3-7] - Bump soname for async-connect API addition Resolves: rhbz#bz2031865 [2.0.3-6] - Fix gating.yaml for RHEL-9 Resolves: rhbz#bz2031865 [2.0.3-5] - Add gating.yaml from RHEL Resolves: rhbz#bz2031865 [2.0.3-4] - Add async connect call for Pacemaker Resolves: rhbz#bz2031865 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-39976 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::distro_builder Oracle Linux 9 - [5.14.0-362.8.1_3.OL9] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944] - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Disable unified kernel image package build - Add Oracle Linux IMA certificates [5.14.0-362.8.1_3] - Revert 'cnic: don't pass bogus GFP_ flags to dma_alloc_coherent' (Chris Leech) [RHEL-2542] - Revert 'dma-mapping: reject __GFP_COMP in dma_alloc_attrs' (Chris Leech) [RHEL-2542] [5.14.0-362.7.1_3] - drm/amd: flush any delayed gfxoff on suspend entry (Mika Penttila) [2232662] - drm/amdgpu: skip fence GFX interrupts disable/enable for S0ix (Mika Penttila) [2232662] - drm/amd/pm: skip the RLC stop when S0i3 suspend for SMU v13.0.4/11 (Mika Penttila) [2232662] - Revert 'net/mlx5e: Switch to using napi_build_skb()' (Mohammad Kabat) [RHEL-1267] [5.14.0-362.6.1_3] - kabi: enable check-kabi (Cestmir Kalina) [RHEL-8864] - kabi: add symbol zlib_inflate_workspacesize to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol zlib_inflateInit2 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol zlib_inflateEnd to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol zlib_inflate to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol zalloc_cpumask_var to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol yield to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol xz_dec_run to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol xz_dec_init to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol xz_dec_end to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol xa_store to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol xas_find to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol xa_set_mark to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol xa_load to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __xa_insert to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol xa_get_mark to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol xa_find_after to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol xa_find to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol xa_erase to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol xa_destroy to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol xa_clear_mark to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __xa_alloc_cyclic to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __xa_alloc to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol x86_spec_ctrl_base to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __x86_return_thunk to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __x86_indirect_thunk_rsi to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __x86_indirect_thunk_rdx to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __x86_indirect_thunk_rdi to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __x86_indirect_thunk_rcx to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __x86_indirect_thunk_rbx to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __x86_indirect_thunk_rbp to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __x86_indirect_thunk_rax to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __x86_indirect_thunk_r9 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __x86_indirect_thunk_r8 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __x86_indirect_thunk_r15 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __x86_indirect_thunk_r14 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __x86_indirect_thunk_r13 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __x86_indirect_thunk_r12 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __x86_indirect_thunk_r11 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __x86_indirect_thunk_r10 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol x86_cpu_to_apicid to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __write_overflow_field to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __warn_printk to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __wake_up to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol wait_for_completion_timeout to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol wait_for_completion_interruptible to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol wait_for_completion to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol vzalloc to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol vsprintf to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol vsnprintf to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol vprintk to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol vm_zone_stat to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol vm_munmap to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol vm_event_states to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol vmemmap_base to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol vmalloc_to_page to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol vmalloc_node to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol vmalloc_base to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol vmalloc_32 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol vmalloc to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __vmalloc to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __virt_addr_valid to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol vfree to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __var_waitqueue to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol uv_undefined to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol uv_teardown_irq to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol uv_setup_irq to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol uv_possible_blades to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __uv_hub_info_list to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol uv_get_hubless_system to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __uv_cpu_info to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol uv_bios_obj_count to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol uv_bios_install_heap to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol uv_bios_get_pci_topology to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol uv_bios_get_master_nasid to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol uv_bios_get_heapsize to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol uv_bios_get_geoinfo to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol uv_bios_enum_ports to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol uv_bios_enum_objs to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol usleep_range_state to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol up_write to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol up_read to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol up to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol unregister_shrinker to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol unregister_reboot_notifier to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol unregister_nmi_handler to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol unregister_kprobe to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol unregister_chrdev_region to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __unregister_chrdev to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol unregister_blkdev to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __udelay to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol tty_termios_encode_baud_rate to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol tty_std_termios to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol tsc_khz to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol try_wait_for_completion to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol trace_seq_putc to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol trace_seq_printf to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol trace_print_flags_seq to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol trace_handle_return to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol touch_softlockup_watchdog to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _totalram_pages to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol timer_delete_sync to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol timer_delete to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol timecounter_read to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol timecounter_init to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol timecounter_cyc2time to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol time64_to_tm to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol this_cpu_off to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol tasklet_unlock_wait to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol tasklet_setup to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __tasklet_schedule to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol tasklet_kill to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol tasklet_init to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __tasklet_hi_schedule to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol sys_tz to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol system_wq to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol system_state to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol system_freezing_cnt to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol sysfs_streq to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol sysfs_emit to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol synchronize_rcu to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol synchronize_irq to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __symbol_put to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __symbol_get to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __sw_hweight64 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __sw_hweight32 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol strstr to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol strsep to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol strscpy_pad to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol strscpy to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol strrchr to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol strnlen_user to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol strnlen to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol strncpy_from_user to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol strncpy to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol strncmp to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol strncasecmp to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol strlen to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol strlcpy to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol strlcat to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol strim to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol strcspn to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol strcpy to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol strcmp to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol strchr to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol strcat to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol static_key_slow_inc to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol static_key_slow_dec to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol static_key_count to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __stack_chk_fail to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol sscanf to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol sprintf to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol sort to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol sn_region_size to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol snprintf to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol sn_partition_id to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol smp_call_function_single_async to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol smp_call_function_single to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol smp_call_function_many to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol sme_me_mask to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol simple_write_to_buffer to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol simple_strtoull to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol simple_strtoul to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol simple_strtol to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol simple_read_from_buffer to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol si_meminfo to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol sigprocmask to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __sg_page_iter_start to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __sg_page_iter_dma_next to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol sg_next to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol set_normalized_timespec64 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol set_freezable to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol set_current_groups to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol security_sb_eat_lsm_opts to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol security_free_mnt_opts to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __SCT__tp_func_xdp_exception to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __SCT__preempt_schedule_notrace to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __SCT__preempt_schedule to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __SCT__might_resched to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __SCT__cond_resched to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol scsilun_to_int to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol scsi_command_size_tbl to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol scnprintf to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol schedule_timeout to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol schedule to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol sched_clock_cpu to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol sched_clock to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol round_jiffies to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol rht_bucket_nested_insert to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol rht_bucket_nested to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __rht_bucket_nested to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol rhltable_init to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol rhashtable_insert_slow to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol rhashtable_init to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol rhashtable_free_and_destroy to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol rhashtable_destroy to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol request_threaded_irq to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __request_region to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __request_module to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol remove_wait_queue to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __release_region to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol release_firmware to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol register_shrinker to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol register_reboot_notifier to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __register_nmi_handler to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol register_kprobe to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol register_chrdev_region to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __register_blkdev to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __refrigerator to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol refcount_warn_saturate to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol refcount_dec_if_one to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol refcount_dec_and_mutex_lock to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol recalc_sigpending to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __read_overflow2_field to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol rcu_read_unlock_strict to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __rcu_read_unlock to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __rcu_read_lock to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol rcu_barrier to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol rb_next to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol rb_insert_color to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol rb_first to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol rb_erase to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_write_unlock_irqrestore to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_write_unlock_irq to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_write_unlock_bh to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_write_unlock to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_write_trylock to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_write_lock_irqsave to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_write_lock_irq to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_write_lock_bh to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_write_lock to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_spin_unlock_irqrestore to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_spin_unlock_irq to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_spin_unlock_bh to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_spin_unlock to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_spin_trylock_bh to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_spin_trylock to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_spin_lock_irqsave to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_spin_lock_irq to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_spin_lock_bh to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_spin_lock to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_read_unlock_irqrestore to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_read_unlock_irq to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_read_unlock_bh to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_read_unlock to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_read_lock_irqsave to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_read_lock_irq to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_read_lock_bh to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _raw_read_lock to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol ___ratelimit to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol radix_tree_tag_set to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol radix_tree_next_chunk to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol radix_tree_lookup to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol radix_tree_insert to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol radix_tree_delete to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol queue_work_on to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol queue_delayed_work_on to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol qed_put_iscsi_ops to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol qed_put_eth_ops to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __put_user_8 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __put_user_4 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __put_user_2 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol put_unused_fd to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol ptrs_per_p4d to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol proc_dostring to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol proc_dointvec_minmax to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol proc_dointvec to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __printk_ratelimit to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _printk to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol print_hex_dump to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol prepare_to_wait_exclusive to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol prepare_to_wait_event to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol prepare_to_wait to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol prandom_u32 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol posix_acl_alloc to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol physical_mask to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol phys_base to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol pgprot_writecombine to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol pgdir_shift to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol perf_trace_buf_alloc to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol percpu_ref_init to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol percpu_ref_exit to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __per_cpu_offset to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol panic_notifier_list to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol panic to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol page_offset_base to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol page_frag_free to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol on_each_cpu_cond_mask to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __num_online_cpus to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol numa_node to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol ns_to_timespec64 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol nr_cpu_ids to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol node_to_cpumask_map to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol node_states to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __node_distance to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __ndelay to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol mutex_unlock to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol mutex_trylock to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol mutex_lock_interruptible to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol mutex_lock to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol mutex_is_locked to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __mutex_init to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol msleep_interruptible to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol msleep to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __msecs_to_jiffies to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol mod_timer to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol mod_delayed_work_on to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol memset to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol mem_section to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol mempool_free_slab to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol mempool_free to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol mempool_destroy to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol mempool_create_node to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol mempool_create to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol mempool_alloc_slab to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol mempool_alloc to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol memparse to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol memory_read_from_buffer to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol memmove to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol memdup_user to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol memcpy to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol memcmp to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol memchr_inv to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol mds_idle_clear to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol loops_per_jiffy to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol lookup_bdev to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol lockref_get to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __local_bh_enable_ip to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol llist_add_batch to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __list_del_entry_valid to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __list_add_valid to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kvmalloc_node to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kvfree_call_rcu to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kvfree to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol ktime_get_with_offset to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol ktime_get_ts64 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol ktime_get_real_ts64 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol ktime_get_real_seconds to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol ktime_get_coarse_real_ts64 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol ktime_get to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kthread_should_stop to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kthread_delayed_work_timer_fn to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kthread_complete_and_exit to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kstrtoull to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kstrtouint to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kstrtou8 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kstrtou16 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kstrtoll to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kstrtoint to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kstrtobool to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kstrdup to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol krealloc to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kmemdup to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kmem_cache_create_usercopy to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kmem_cache_create to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kmalloc_order_trace to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __kmalloc_node to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __kmalloc to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kfree to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kexec_crash_loaded to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kernel_sigaction to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kernel_fpu_end to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kernel_fpu_begin_mask to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol kasprintf to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol jiffies_to_usecs to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol jiffies_to_msecs to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol jiffies_64 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol jiffies to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol is_vmalloc_addr to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol is_uv_system to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol iscsi_boot_create_host_kset to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol irq_set_affinity_notifier to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol irq_poll_enable to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol irq_poll_disable to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol irq_cpu_rmap_add to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __irq_apply_affinity_hint to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol iowrite32be to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol iounmap to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol ioremap_wc to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol ioremap to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol ioread8 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol ioread32be to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol ioread16be to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol iomem_resource to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol int_to_scsilun to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol int_pow to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol init_wait_var_entry to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __init_waitqueue_head to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol init_wait_entry to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol init_timer_key to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __init_swait_queue_head to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __init_rwsem to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol in_group_p to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol in_aton to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol in6_pton to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol in4_pton to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol idr_remove to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol idr_preload to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol idr_get_next_ul to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol idr_find to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol idr_destroy to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol idr_alloc_u32 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol idr_alloc to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol ida_free to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol ida_destroy to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol ida_alloc_range to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __hw_addr_init to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol hugetlb_optimize_vmemmap_key to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol hrtimer_start_range_ns to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol hrtimer_init to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol hrtimer_forward to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol hrtimer_cancel to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol groups_free to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol groups_alloc to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol get_zeroed_page to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __get_user_nocheck_1 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __get_user_2 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __get_user_1 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol get_unused_fd_flags to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol get_random_bytes to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __get_free_pages to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol gcd to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol free_percpu to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol free_pages to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol free_irq_cpu_rmap to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol free_irq to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol free_cpumask_var to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol fortify_panic to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __flush_workqueue to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol flush_work to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol finish_wait to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _find_next_zero_bit to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _find_next_bit to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _find_last_bit to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _find_first_zero_bit to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _find_first_bit to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __fentry__ to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol enable_irq to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol empty_zero_page to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol emergency_restart to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol elfcorehdr_addr to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol efi to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __dynamic_pr_debug to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol dump_stack to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol dql_reset to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol dql_completed to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol down_write_trylock to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol down_write to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol down_trylock to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol down_read_trylock to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol down_read to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol down_interruptible to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol downgrade_write to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol down to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol dmi_get_system_info to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol dmi_find_device to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol dma_pool_free to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol dma_pool_destroy to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol dma_pool_alloc to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol disable_irq to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol devmap_managed_key to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol dev_base_lock to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol destroy_workqueue to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol delayed_work_timer_fn to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __delay to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol default_wake_function to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol dca_unregister_notify to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol dca_register_notify to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol current_umask to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _ctype to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol csum_partial to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol csum_ipv6_magic to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol crc32_le to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol cpu_sibling_map to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __cpu_present_mask to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __cpu_possible_mask to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __cpu_online_mask to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol cpu_number to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol cpumask_local_spread to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol cpu_khz to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol cpu_info to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __cpuhp_setup_state to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __cpuhp_remove_state to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol cpufreq_quick_get to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol cpu_bit_bitmap to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol copy_user_generic_unrolled to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol copy_user_generic_string to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _copy_to_user to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __copy_overflow to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _copy_from_user to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __const_udelay to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol congestion_wait to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __cond_resched to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol complete_all to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol complete to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol clock_t_to_jiffies to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __check_object_size to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol cdev_alloc to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol cc_mkdec to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol capable to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol cancel_work_sync to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol cancel_work to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol cancel_delayed_work_sync to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol cancel_delayed_work to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol call_usermodehelper to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol call_srcu to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol call_rcu to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol cachemode2protval to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol boot_cpu_data to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol blocking_notifier_call_chain to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol blk_status_to_errno to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol blk_stack_limits to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol blk_mq_map_queues to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol blkdev_get_by_path to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol blkdev_get_by_dev to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __blk_alloc_disk to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol bitmap_zalloc_node to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol bitmap_zalloc to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __bitmap_xor to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __bitmap_weight to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __bitmap_subset to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __bitmap_set to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol bitmap_release_region to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol bitmap_print_to_pagebuf to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol bitmap_parselist to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __bitmap_or to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __bitmap_intersects to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol bitmap_from_arr32 to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol bitmap_free to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol bitmap_find_free_region to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __bitmap_equal to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __bitmap_clear to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __bitmap_andnot to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __bitmap_and to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol bio_kmalloc to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol bin2hex to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol avenrun to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol autoremove_wake_function to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol atomic_notifier_call_chain to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol _atomic_dec_and_lock to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol async_synchronize_full_domain to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol async_synchronize_full to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol argv_split to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol argv_free to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol arch_touch_nmi_watchdog to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol alloc_workqueue to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __alloc_percpu to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol alloc_pages to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol __alloc_pages to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol alloc_cpu_rmap to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol alloc_cpumask_var to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol alloc_chrdev_region to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol add_wait_queue_exclusive to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol add_wait_queue to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol add_timer to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol acpi_get_table to stablelist (Cestmir Kalina) [RHEL-8864] - kabi: add symbol acpi_disabled to stablelist (Cestmir Kalina) [RHEL-8864] - scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (Paul Ely) [RHEL-2604] - scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (Paul Ely) [RHEL-2604] [5.14.0-362.5.1_3] - x86/mce: Add support for Extended Physical Address MCA changes (Aristeu Rozanski) [2164637] - x86/mce: Define a function to extract ErrorAddr from MCA_ADDR (Aristeu Rozanski) [2164637] - x86/mce: Avoid unnecessary padding in struct mce_bank (Aristeu Rozanski) [2164637] - net/mlx5e: TC, Remove sample and ct limitation (Amir Tzin) [2229736] - net/mlx5e: TC, Remove mirror and ct limitation (Amir Tzin) [2229736] - net/mlx5e: TC, Remove tuple rewrite and ct limitation (Amir Tzin) [2229736] - net/mlx5e: TC, Remove multiple ct actions limitation (Amir Tzin) [2229736] - net/mlx5e: TC, Remove CT action reordering (Amir Tzin) [2229736] - net/mlx5e: CT: Use per action stats (Amir Tzin) [2229736] - net/mlx5e: TC, Move main flow attribute cleanup to helper func (Amir Tzin) [2229736] - net/mlx5e: TC, Remove unused vf_tun variable (Amir Tzin) [2229736] - net/mlx5e: Set default can_offload action (Amir Tzin) [2229736] [5.14.0-362.4.1_3] - Revert 'net: macsec: preserve ingress frame ordering' (Sabrina Dubroca) [RHEL-2248] - nfsd: fix change_info in NFSv4 RENAME replies (Jeffrey Layton) [2218844] - drm/amd/display: fix the white screen issue when >= 64GB DRAM (Mika Penttila) [2231925] [5.14.0-362.3.1_3] - blk-throttle: Fix io statistics for cgroup v1 (Ming Lei) [2208905] - block: make sure local irq is disabled when calling __blkcg_rstat_flush (Ming Lei) [2208905] - blk-cgroup: Flush stats before releasing blkcg_gq (Ming Lei) [2208905] - blk-cgroup: hold queue_lock when removing blkg->q_node (Ming Lei) [2217205] [5.14.0-362.2.1_3] - PCI: hv: Fix a crash in hv_pci_restore_msi_msg() during hibernation (Vitaly Kuznetsov) [2211797] - rhel: Re-add can-dev features that were removed accidentally (Radu Rendec) [2213891] - EDAC/amd64: Add support for ECC on family 19h model 60h-7Fh (Aristeu Rozanski) [2218686] - EDAC/amd64: Remove PCI Function 0 (Aristeu Rozanski) [2218686] - EDAC/amd64: Remove PCI Function 6 (Aristeu Rozanski) [2218686] - EDAC/amd64: Remove scrub rate control for Family 17h and later (Aristeu Rozanski) [2218686] - EDAC/amd64: Don't set up EDAC PCI control on Family 17h+ (Aristeu Rozanski) [2218686] - net/sched: cls_fw: Fix improper refcount update leads to use-after-free (Davide Caratti) [2225102] {CVE-2023-3776} [5.14.0-362.1.1_3] - dlm: fix plock lookup when using multiple lockspaces (Alexander Aring) [2234868] - redhat: enable zstream release numbering for rhel 9.3 (Jan Stancek) - redhat: change default dist suffix for RHEL 9.3 (Jan Stancek) - thunderbolt: Fix Thunderbolt 3 display flickering issue on 2nd hot plug onwards (Desnes Nunes) [2233967] - Revert 'firmware: raspberrypi: Fix a leak in 'rpi_firmware_get()'' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Relax base protocol sanity checks on the protocol list' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Fix incorrect error propagation in scmi_voltage_descriptors_get' (Lenny Szubowicz) [2234390] - Revert 'pstore: Add priv field to pstore_record for backend specific use' (Lenny Szubowicz) [2234390] - Revert 'efi: vars: Don't drop lock in the middle of efivar_init()' (Lenny Szubowicz) [2234390] - Revert 'efi: vars: Add thin wrapper around EFI get/set variable interface' (Lenny Szubowicz) [2234390] - Revert 'efi: pstore: Omit efivars caching EFI varstore access layer' (Lenny Szubowicz) [2234390] - Revert 'efi: vars: Use locking version to iterate over efivars linked lists' (Lenny Szubowicz) [2234390] - Revert 'efi: vars: Drop __efivar_entry_iter() helper which is no longer used' (Lenny Szubowicz) [2234390] - Revert 'efi: vars: Remove deprecated 'efivars' sysfs interface' (Lenny Szubowicz) [2234390] - Revert 'efi: vars: Switch to new wrapper layer' (Lenny Szubowicz) [2234390] - Revert 'efi: avoid efivars layer when loading SSDTs from variables' (Lenny Szubowicz) [2234390] - Revert 'efi: vars: Move efivar caching layer into efivarfs' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Add SCMI v3.1 System Power extensions' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Add devm_protocol_acquire helper' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Add SCMI System Power Control driver' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Add SCMI v3.1 powercap protocol basic support' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Generalize the fast channel support' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Add SCMI v3.1 powercap fast channels support' (Lenny Szubowicz) [2234390] - Revert 'include: trace: Add SCMI fast channel tracing' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Use fast channel tracing' (Lenny Szubowicz) [2234390] - Revert 'efi: Fix efi_power_off() not being run before acpi_power_off() when necessary' (Lenny Szubowicz) [2234390] - Revert 'cpufreq: scmi: Use .register_em() to register with energy model' (Lenny Szubowicz) [2234390] - Revert 'cpufreq: scmi: Support the power scale in micro-Watts in SCMI v3.1' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Get detailed power scale from perf' (Lenny Szubowicz) [2234390] - Revert 'firmware: dmi: Use the proper accessor for the version field' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Fix missing kernel-doc in optee' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Improve checks in the info_get operations' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Harden accesses to the sensor domains' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Harden accesses to the reset domains' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Fix the asynchronous reset requests' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Add SCMI PM driver remove routine' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: Disable struct randomization' (Lenny Szubowicz) [2234390] - Revert 'efi/x86: libstub: remove unused variable' (Lenny Szubowicz) [2234390] - Revert 'efi: capsule-loader: Fix use-after-free in efi_capsule_write' (Lenny Szubowicz) [2234390] - Revert 'efi/libstub: add some missing EFI prototypes' (Lenny Szubowicz) [2234390] - Revert 'efi/libstub: use EFI provided memcpy/memset routines' (Lenny Szubowicz) [2234390] - Revert 'efi/libstub: move efi_system_table global var into separate object' (Lenny Szubowicz) [2234390] - Revert 'efi/dev-path-parser: Refactor _UID handling to use acpi_dev_uid_to_integer()' (Lenny Szubowicz) [2234390] - Revert 'efi/libstub: implement generic EFI zboot' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: fix type confusion for load_options_size' (Lenny Szubowicz) [2234390] - Revert 'efi: efibc: avoid efivar API for setting variables' (Lenny Szubowicz) [2234390] - Revert 'efi: efibc: Guard against allocation failure' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: drop pointless get_memory_map() call' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: check Shim mode using MokSBStateRT' (Lenny Szubowicz) [2234390] - Revert 'Revert 'firmware: arm_scmi: Add clock management to the SCMI power domain'' (Lenny Szubowicz) [2234390] - Revert 'firmware: dmi: Fortify entry point length checks' (Lenny Szubowicz) [2234390] - Revert 'psci: Fix the function type for psci_initcall_t' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: avoid efi_get_memory_map() for allocating the virt map' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: simplify efi_get_memory_map() and struct efi_boot_memmap' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: remove pointless goto kludge' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: unify initrd loading between architectures' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: remove DT dependency from generic stub' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: install boot-time memory map as config table' (Lenny Szubowicz) [2234390] - Revert 'efi/libstub: refactor the initrd measuring functions' (Lenny Szubowicz) [2234390] - Revert 'efi/libstub: measure EFI LoadOptions' (Lenny Szubowicz) [2234390] - Revert 'efi/arm: libstub: move ARM specific code out of generic routines' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: fix up the last remaining open coded boot service call' (Lenny Szubowicz) [2234390] - Revert 'efi: zboot: create MemoryMapped() device path for the parent if needed' (Lenny Szubowicz) [2234390] - Revert 'efi/arm64: libstub: avoid SetVirtualAddressMap() when possible' (Lenny Szubowicz) [2234390] - Revert 'firmware: raspberrypi: Use dev_err_probe() to simplify code' (Lenny Szubowicz) [2234390] - Revert 'efi: pstore: Follow convention for the efi-pstore backend name' (Lenny Szubowicz) [2234390] - Revert 'efi/cper: Export several helpers for ghes_edac to use' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: Remove zboot signing from build options' (Lenny Szubowicz) [2234390] - Revert 'efi: ssdt: Don't free memory if ACPI table was loaded successfully' (Lenny Szubowicz) [2234390] - Revert 'efi: efivars: Fix variable writes without query_variable_store()' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: Give efi_main() asmlinkage qualification' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: Fix incorrect payload size in zboot header' (Lenny Szubowicz) [2234390] - Revert 'efi: runtime: Don't assume virtual mappings are missing if VA == PA == 0' (Lenny Szubowicz) [2234390] - Revert 'firmware: imx: scu-pd: add missed USB_1_PHY pd' (Lenny Szubowicz) [2234390] - Revert 'efi: random: reduce seed size to 32 bytes' (Lenny Szubowicz) [2234390] - Revert 'efi: random: Use 'ACPI reclaim' memory for random seed' (Lenny Szubowicz) [2234390] - Revert 'firmware: raspberrypi: Introduce rpi_firmware_find_node()' (Lenny Szubowicz) [2234390] - Revert 'firmware: ti_sci: Switch transport to polled mode during system suspend' (Lenny Szubowicz) [2234390] - Revert 'firmware: ti_sci: Use the bitmap API to allocate bitmaps' (Lenny Szubowicz) [2234390] - Revert 'firmware: ti_sci: Use the non-atomic bitmap API when applicable' (Lenny Szubowicz) [2234390] - Revert 'firmware: ti_sci: Fix polled mode during system suspend' (Lenny Szubowicz) [2234390] - Revert 'efi: efivars: Fix variable writes with unsupported query_variable_store()' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Cleanup the core driver removal callback' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Suppress the driver's bind attributes' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Fix devres allocation device in virtio transport' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Fix deferred_tx_wq release on error paths' (Lenny Szubowicz) [2234390] - Revert 'firmware: ti_sci: Use devm_bitmap_zalloc when applicable' (Lenny Szubowicz) [2234390] - Revert 'ARM: 9255/1: efi/dump UEFI runtime page tables for ARM' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: Drop randomization of runtime memory map' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: Drop handling of EFI properties table' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: Deduplicate ftrace command line argument filtering' (Lenny Szubowicz) [2234390] - Revert 'arm64: efi: Move dcache cleaning of loaded image out of efi_enter_kernel()' (Lenny Szubowicz) [2234390] - Revert 'arm64: efi: Avoid dcache_clean_poc() altogether in efi_enter_kernel()' (Lenny Szubowicz) [2234390] - Revert 'arm64: efi: Move efi-entry.S into the libstub source directory' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: Use local strncmp() implementation unconditionally' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: Clone memcmp() into the stub' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: Enable efi_printk() in zboot decompressor' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: Move screen_info handling to common code' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: Provide local implementations of strrchr() and memchr()' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: Factor out EFI stub entrypoint into separate file' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: Add image code and data size to the zimage metadata' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: Factor out min alignment and preferred kernel load address' (Lenny Szubowicz) [2234390] - Revert 'efi/arm64: libstub: Split off kernel image relocation for builtin stub' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: Merge zboot decompressor with the ordinary stub' (Lenny Szubowicz) [2234390] - Revert 'arm64: unwind: add asynchronous unwind tables to kernel and modules' (Lenny Szubowicz) [2234390] - Revert 'arm64: efi: Force the use of SetVirtualAddressMap() on Altra machines' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: use EFI_LOADER_CODE region when moving the kernel in memory' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: Implement devicepath support for initrd commandline loader' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: Permit mixed mode return types other than efi_status_t' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: Add mixed mode support to command line initrd loader' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: Undeprecate the command line initrd loader' (Lenny Szubowicz) [2234390] - Revert 'efi: memmap: Move EFI fake memmap support into x86 arch tree' (Lenny Szubowicz) [2234390] - Revert 'efi: Correct comment on efi_memmap_alloc' (Lenny Szubowicz) [2234390] - Revert 'drivers: fix typo in firmware/efi/memmap.c' (Lenny Szubowicz) [2234390] - Revert 'efi: memmap: Move manipulation routines into x86 arch tree' (Lenny Szubowicz) [2234390] - Revert 'efi: pstore: Add module parameter for setting the record size' (Lenny Szubowicz) [2234390] - Revert 'efi: random: combine bootloader provided RNG seed with RNG protocol output' (Lenny Szubowicz) [2234390] - Revert 'firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe()' (Lenny Szubowicz) [2234390] - Revert 'efi: stub: use random seed from EFI variable' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: Always enable initrd command line loader and bump version' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_ffa: Move constants to header file' (Lenny Szubowicz) [2234390] - Revert 'efi: Put Linux specific magic number in the DOS header' (Lenny Szubowicz) [2234390] - Revert 'efi: fix NULL-deref in init error path' (Lenny Szubowicz) [2234390] - Revert 'efi: fix userspace infinite retry read efivars after EFI runtime services page fault' (Lenny Szubowicz) [2234390] - Revert 'firmware/sysfb: Fix EFI/VESA format selection' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Clear stale xfer->hdr.status' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Harden shared memory access in fetch_response' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Harden shared memory access in fetch_notification' (Lenny Szubowicz) [2234390] - Revert 'firmware: arm_scmi: Fix virtio channels cleanup on shutdown' (Lenny Szubowicz) [2234390] - Revert 'efi/earlycon: Replace open coded strnchrnul()' (Lenny Szubowicz) [2234390] - Revert 'firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle' (Lenny Szubowicz) [2234390] - Revert 'efi: memmap: Disregard bogus entries instead of returning them' (Lenny Szubowicz) [2234390] - Revert 'efi: verify that variable services are supported' (Lenny Szubowicz) [2234390] - Revert 'efi: efivars: prevent double registration' (Lenny Szubowicz) [2234390] - Revert 'efi/libstub: Add memory attribute protocol definitions' (Lenny Szubowicz) [2234390] - Revert 'efi: Accept version 2 of memory attributes table' (Lenny Szubowicz) [2234390] - Revert 'efi: fix potential NULL deref in efi_mem_reserve_persistent' (Lenny Szubowicz) [2234390] - Revert 'efi: zboot: Use EFI protocol to remap code/data with the right attributes' (Lenny Szubowicz) [2234390] - Revert 'efi: Use standard format for printing the EFI revision' (Lenny Szubowicz) [2234390] - Revert 'efi: Discover BTI support in runtime services regions' (Lenny Szubowicz) [2234390] - Revert 'arm64: efi: Force the use of SetVirtualAddressMap() on eMAG and Altra Max machines' (Lenny Szubowicz) [2234390] - Revert 'efi/libstub: zboot: Mark zboot EFI application as NX compatible' (Lenny Szubowicz) [2234390] - Revert 'efi: earlycon: Reprobe after parsing config tables' (Lenny Szubowicz) [2234390] - Revert 'efi/libstub: smbios: Use length member instead of record struct size' (Lenny Szubowicz) [2234390] - Revert 'arm64: efi: Use SMBIOS processor version to key off Ampere quirk' (Lenny Szubowicz) [2234390] - Revert 'efi/libstub: smbios: Drop unused 'recsize' parameter' (Lenny Szubowicz) [2234390] - Revert 'efi: sysfb_efi: Fix DMI quirks not working for simpledrm' (Lenny Szubowicz) [2234390] - Revert 'efi/libstub: zboot: Add compressed image to make targets' (Lenny Szubowicz) [2234390] - Revert 'efi/libstub: randomalloc: Return EFI_OUT_OF_RESOURCES on failure' (Lenny Szubowicz) [2234390] - Revert 'efi: Bump stub image version for macOS HVF compatibility' (Lenny Szubowicz) [2234390] - Revert 'firmware/sysfb: Fix VESA format selection' (Lenny Szubowicz) [2234390] - Revert 'redhat/configs: update firmware configs' (Lenny Szubowicz) [2234390] - Revert 'ACPI: power: Switch to sys-off handler API' (Lenny Szubowicz) [2234390] - Revert 'gsmi: fix null-deref in gsmi_get_variable' (Lenny Szubowicz) [2234390] - Revert 'efi: efivars: drop kobject from efivars_register()' (Lenny Szubowicz) [2234390] - Revert 'efi: libstub: fix efi_load_initrd_dev_path() kernel-doc comment' (Lenny Szubowicz) [2234390] - Revert 'notifier: Add atomic_notifier_call_chain_is_empty()' (Lenny Szubowicz) [2234390] - Revert 'kernel/reboot: Wrap legacy power-off callbacks into sys-off handlers' (Lenny Szubowicz) [2234390] - Revert 'kernel/reboot: Add do_kernel_power_off()' (Lenny Szubowicz) [2234390] - Revert 'kernel/reboot: Add stub for pm_power_off' (Lenny Szubowicz) [2234390] - Revert 'kernel/reboot: Add kernel_can_power_off()' (Lenny Szubowicz) [2234390] - Revert 'kernel/reboot: Add register_platform_power_off()' (Lenny Szubowicz) [2234390] - Revert 'reboot: Remove pm_power_off_prepare()' (Lenny Szubowicz) [2234390] - Revert 'kernel/reboot: Change registration order of legacy power-off handler' (Lenny Szubowicz) [2234390] - Revert 'kernel/reboot: Use static handler for register_platform_power_off()' (Lenny Szubowicz) [2234390] - Revert 'kernel/reboot: Fix powering off using a non-syscall code paths' (Lenny Szubowicz) [2234390] - Revert 'PM: hibernate: Use kernel_can_power_off()' (Lenny Szubowicz) [2234390] - x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (Waiman Long) [2227917] - Documentation/hw-vuln: Document the interaction between IBRS and STIBP (Waiman Long) [2227917] - x86/CPU/AMD: Make sure EFER[AIBRSE] is set (Waiman Long) [2227917] - sched/core: Use empty mask to reset cpumasks in sched_setaffinity() (Waiman Long) [2219681] - cgroup/cpuset: Extend test_cpuset_prs.sh to test remote partition (Waiman Long) [2174568] - cgroup/cpuset: Documentation update for partition (Waiman Long) [2174568] - cgroup/cpuset: Check partition conflict with housekeeping setup (Waiman Long) [2174568] - cgroup/cpuset: Introduce remote partition (Waiman Long) [2174568] - cgroup/cpuset: Add cpuset.cpus.exclusive for v2 (Waiman Long) [2174568] - cgroup/cpuset: Add cpuset.cpus.exclusive.effective for v2 (Waiman Long) [2174568] - cgroup/cpuset: simplify the percpu kthreads check in update_tasks_cpumask() (Waiman Long) [2174568] - cgroup/cpuset: Allow suppression of sched domain rebuild in update_cpumasks_hier() (Waiman Long) [2174568] - cgroup/cpuset: Improve temporary cpumasks handling (Waiman Long) [2174568] - cgroup/cpuset: Extract out CS_CPU_EXCLUSIVE & CS_SCHED_LOAD_BALANCE handling (Waiman Long) [2174568] - cgroup/cpuset: Inherit parent's load balance state in v2 (Waiman Long) [2174568] - cgroup/cpuset: Free DL BW in case can_attach() fails (Waiman Long) [2174568] - sched/deadline: Create DL BW alloc, free & check overflow interface (Waiman Long) [2174568] - cgroup/cpuset: Iterate only if DEADLINE tasks are present (Waiman Long) [2174568] - sched/cpuset: Keep track of SCHED_DEADLINE task in cpusets (Waiman Long) [2174568] - sched/cpuset: Bring back cpuset_mutex (Waiman Long) [2174568] - cgroup/cpuset: Rename functions dealing with DEADLINE accounting (Waiman Long) [2174568] - cgroup/cpuset: Minor updates to test_cpuset_prs.sh (Waiman Long) [2174568] - cgroup/cpuset: Include offline CPUs when tasks' cpumasks in top_cpuset are updated (Waiman Long) [2174568] - cgroup/cpuset: Skip task update if hotplug doesn't affect current cpuset (Waiman Long) [2174568] - kselftest/cgroup: Add cleanup() to test_cpuset_prs.sh (Waiman Long) [2174568] - kselftest/cgroup: Fix gathering number of CPUs (Waiman Long) [2174568] - redhat: configs: Disable CONFIG_CRYPTO_STATS since performance issue for storage (Herbert Xu) [2227964] - redhat: list Z-Jiras in the changelog before Y-Jiras (Herton R. Krzesinski) [5.14.0-362] - smb: client: fix null auth (Scott Mayhew) [2223247] - ice: Fix NULL pointer deref during VF reset (Petr Oros) [2217304] - gfs2: conversion deadlock do_promote bypass (Bob Peterson) [2226861] - gfs2: do_promote cleanup (Andreas Gruenbacher) [2226861] - scsi: lpfc: Remove reftag check in DIF paths (Paul Ely) [2227947] - scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (Paul Ely) [2227947] - scsi: lpfc: Make fabric zone discovery more robust when handling unsolicited LOGO (Paul Ely) [2227947] - scsi: lpfc: Set Establish Image Pair service parameter only for Target Functions (Paul Ely) [2227947] - scsi: lpfc: Revise ndlp kref handling for dev_loss_tmo_callbk and lpfc_drop_node (Paul Ely) [2227947] - scsi: lpfc: Qualify ndlp discovery state when processing RSCN (Paul Ely) [2227947] - ext4: drop dio overwrite only flag and associated warning (Brian Foster) [2228056] - sched/core: Add __always_inline to schedule_loop() (Crystal Wood) [2232098] - net: openvswitch: add misc error drop reasons (Adrian Moreno) [2232283] - net: openvswitch: add meter drop reason (Adrian Moreno) [2232283] - net: openvswitch: add explicit drop action (Adrian Moreno) [2232283] - net: openvswitch: add action error drop reason (Adrian Moreno) [2232283] - net: openvswitch: add last-action drop reason (Adrian Moreno) [2232283] - net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free (Davide Caratti) [2225513] {CVE-2023-4128} - net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free (Davide Caratti) [2225513] {CVE-2023-4128} - net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free (Davide Caratti) [2225513] {CVE-2023-4128} - x86/kasan: Populate shadow for shared chunk of the CPU entry area (Rafael Aquini) [2233699] - x86/kasan: Add helpers to align shadow addresses up and down (Rafael Aquini) [2233699] - x86/kasan: Rename local CPU_ENTRY_AREA variables to shorten names (Rafael Aquini) [2233699] - x86/mm: Populate KASAN shadow for entire per-CPU range of CPU entry area (Rafael Aquini) [2233699] - x86/mm: Recompute physical address for every page of per-CPU CEA mapping (Rafael Aquini) [2233699] [5.14.0-361] - watch_queue: Free the page array when watch_queue is dismantled (Carlos Maiolino) [2231268] - watch_queue: Actually free the watch (Carlos Maiolino) [2231268] - Update tree for CI (kpet-db) to autosd-rt from autosd-rhivos-rt (bgrech) - x86/sev: Do not try to parse for the CC blob on non-AMD hardware (Tao Liu) [2182562] - gfs2: Fix freeze consistency check in gfs2_trans_add_meta (Andreas Gruenbacher) [2228849] - gfs2: gfs2_freeze_lock_shared cleanup (Andreas Gruenbacher) [2228849] - gfs2: Replace sd_freeze_state with SDF_FROZEN flag (Andreas Gruenbacher) [2228849] - gfs2: Rework freeze / thaw logic (Andreas Gruenbacher) [2228849] - gfs2: Rename SDF_{FS_FROZEN => FREEZE_INITIATOR} (Andreas Gruenbacher) [2228849] - gfs2: Reconfiguring frozen filesystem already rejected (Andreas Gruenbacher) [2228849] - gfs2: Rename gfs2_freeze_lock{ => _shared } (Andreas Gruenbacher) [2228849] - gfs2: Rename the {freeze,thaw}_super callbacks (Andreas Gruenbacher) [2228849] - gfs2: Rename remaining 'transaction' glock references (Andreas Gruenbacher) [2228849] - net: mana: Use the correct WQE count for ringing RQ doorbell (Bandan Das) [2220940] - net: mana: Batch ringing RX queue doorbell on receiving packets (Bandan Das) [2220940] - net: mana: use vmalloc_array and vcalloc (Bandan Das) [2220940] - net: mana: Add support for vlan tagging (Bandan Das) [2220940] - net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters (Bandan Das) [2220940] - net: mana: Check if netdev/napi_alloc_frag returns single page (Bandan Das) [2220940] - net: mana: Rename mana_refill_rxoob and remove some empty lines (Bandan Das) [2220940] - net: mana: Add support for jumbo frame (Bandan Das) [2220940] - net: mana: Enable RX path to handle various MTU sizes (Bandan Das) [2220940] - net: mana: Refactor RX buffer allocation code to prepare for various MTU (Bandan Das) [2220940] - net: mana: Use napi_build_skb in RX path (Bandan Das) [2220940] - net: mana: Remove redundant pci_clear_master (Bandan Das) [2220940] - net: mana: Add new MANA VF performance counters for easier troubleshooting (Bandan Das) [2220940] [5.14.0-360] - PM: hibernate: Use kernel_can_power_off() (Sebastian Ott) [2183343] - kernel/reboot: Fix powering off using a non-syscall code paths (Sebastian Ott) [2183343] - kernel/reboot: Use static handler for register_platform_power_off() (Sebastian Ott) [2183343] - kernel/reboot: Change registration order of legacy power-off handler (Sebastian Ott) [2183343] - reboot: Remove pm_power_off_prepare() (Sebastian Ott) [2183343] - kernel/reboot: Add register_platform_power_off() (Sebastian Ott) [2183343] - kernel/reboot: Add kernel_can_power_off() (Sebastian Ott) [2183343] - kernel/reboot: Add stub for pm_power_off (Sebastian Ott) [2183343] - kernel/reboot: Add do_kernel_power_off() (Sebastian Ott) [2183343] - kernel/reboot: Wrap legacy power-off callbacks into sys-off handlers (Sebastian Ott) [2183343] - notifier: Add atomic_notifier_call_chain_is_empty() (Sebastian Ott) [2183343] - efi: libstub: fix efi_load_initrd_dev_path() kernel-doc comment (Sebastian Ott) [2183343] - efi: efivars: drop kobject from efivars_register() (Sebastian Ott) [2183343] - gsmi: fix null-deref in gsmi_get_variable (Sebastian Ott) [2183343] - ACPI: power: Switch to sys-off handler API (Sebastian Ott) [2183343] - redhat/configs: update firmware configs (Sebastian Ott) [2183343] - firmware/sysfb: Fix VESA format selection (Sebastian Ott) [2183343] - efi: Bump stub image version for macOS HVF compatibility (Sebastian Ott) [2183343] - efi/libstub: randomalloc: Return EFI_OUT_OF_RESOURCES on failure (Sebastian Ott) [2183343] - efi/libstub: zboot: Add compressed image to make targets (Sebastian Ott) [2183343] - efi: sysfb_efi: Fix DMI quirks not working for simpledrm (Sebastian Ott) [2183343] - efi/libstub: smbios: Drop unused 'recsize' parameter (Sebastian Ott) [2183343] - arm64: efi: Use SMBIOS processor version to key off Ampere quirk (Sebastian Ott) [2183343] - efi/libstub: smbios: Use length member instead of record struct size (Sebastian Ott) [2183343] - efi: earlycon: Reprobe after parsing config tables (Sebastian Ott) [2183343] - efi/libstub: zboot: Mark zboot EFI application as NX compatible (Sebastian Ott) [2183343] - arm64: efi: Force the use of SetVirtualAddressMap() on eMAG and Altra Max machines (Sebastian Ott) [2183343] - efi: Discover BTI support in runtime services regions (Sebastian Ott) [2183343] - efi: Use standard format for printing the EFI revision (Sebastian Ott) [2183343] - efi: zboot: Use EFI protocol to remap code/data with the right attributes (Sebastian Ott) [2183343] - efi: fix potential NULL deref in efi_mem_reserve_persistent (Sebastian Ott) [2183343] - efi: Accept version 2 of memory attributes table (Sebastian Ott) [2183343] - efi/libstub: Add memory attribute protocol definitions (Sebastian Ott) [2183343] - efi: efivars: prevent double registration (Sebastian Ott) [2183343] - efi: verify that variable services are supported (Sebastian Ott) [2183343] - efi: memmap: Disregard bogus entries instead of returning them (Sebastian Ott) [2183343] - firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle (Sebastian Ott) [2183343] - efi/earlycon: Replace open coded strnchrnul() (Sebastian Ott) [2183343] - firmware: arm_scmi: Fix virtio channels cleanup on shutdown (Sebastian Ott) [2183343] - firmware: arm_scmi: Harden shared memory access in fetch_notification (Sebastian Ott) [2183343] - firmware: arm_scmi: Harden shared memory access in fetch_response (Sebastian Ott) [2183343] - firmware: arm_scmi: Clear stale xfer->hdr.status (Sebastian Ott) [2183343] - firmware/sysfb: Fix EFI/VESA format selection (Sebastian Ott) [2183343] - efi: fix userspace infinite retry read efivars after EFI runtime services page fault (Sebastian Ott) [2183343] - efi: fix NULL-deref in init error path (Sebastian Ott) [2183343] - efi: Put Linux specific magic number in the DOS header (Sebastian Ott) [2183343] - firmware: arm_ffa: Move constants to header file (Sebastian Ott) [2183343] - efi: libstub: Always enable initrd command line loader and bump version (Sebastian Ott) [2183343] - efi: stub: use random seed from EFI variable (Sebastian Ott) [2183343] - firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() (Sebastian Ott) [2183343] - efi: random: combine bootloader provided RNG seed with RNG protocol output (Sebastian Ott) [2183343] - efi: pstore: Add module parameter for setting the record size (Sebastian Ott) [2183343] - efi: memmap: Move manipulation routines into x86 arch tree (Sebastian Ott) [2183343] - drivers: fix typo in firmware/efi/memmap.c (Sebastian Ott) [2183343] - efi: Correct comment on efi_memmap_alloc (Sebastian Ott) [2183343] - efi: memmap: Move EFI fake memmap support into x86 arch tree (Sebastian Ott) [2183343] - efi: libstub: Undeprecate the command line initrd loader (Sebastian Ott) [2183343] - efi: libstub: Add mixed mode support to command line initrd loader (Sebastian Ott) [2183343] - efi: libstub: Permit mixed mode return types other than efi_status_t (Sebastian Ott) [2183343] - efi: libstub: Implement devicepath support for initrd commandline loader (Sebastian Ott) [2183343] - efi: libstub: use EFI_LOADER_CODE region when moving the kernel in memory (Sebastian Ott) [2183343] - arm64: efi: Force the use of SetVirtualAddressMap() on Altra machines (Sebastian Ott) [2183343] - arm64: unwind: add asynchronous unwind tables to kernel and modules (Sebastian Ott) [2183343] - efi: libstub: Merge zboot decompressor with the ordinary stub (Sebastian Ott) [2183343] - efi/arm64: libstub: Split off kernel image relocation for builtin stub (Sebastian Ott) [2183343] - efi: libstub: Factor out min alignment and preferred kernel load address (Sebastian Ott) [2183343] - efi: libstub: Add image code and data size to the zimage metadata (Sebastian Ott) [2183343] - efi: libstub: Factor out EFI stub entrypoint into separate file (Sebastian Ott) [2183343] - efi: libstub: Provide local implementations of strrchr() and memchr() (Sebastian Ott) [2183343] - efi: libstub: Move screen_info handling to common code (Sebastian Ott) [2183343] - efi: libstub: Enable efi_printk() in zboot decompressor (Sebastian Ott) [2183343] - efi: libstub: Clone memcmp() into the stub (Sebastian Ott) [2183343] - efi: libstub: Use local strncmp() implementation unconditionally (Sebastian Ott) [2183343] - arm64: efi: Move efi-entry.S into the libstub source directory (Sebastian Ott) [2183343] - arm64: efi: Avoid dcache_clean_poc() altogether in efi_enter_kernel() (Sebastian Ott) [2183343] - arm64: efi: Move dcache cleaning of loaded image out of efi_enter_kernel() (Sebastian Ott) [2183343] - efi: libstub: Deduplicate ftrace command line argument filtering (Sebastian Ott) [2183343] - efi: libstub: Drop handling of EFI properties table (Sebastian Ott) [2183343] - efi: libstub: Drop randomization of runtime memory map (Sebastian Ott) [2183343] - ARM: 9255/1: efi/dump UEFI runtime page tables for ARM (Sebastian Ott) [2183343] - firmware: ti_sci: Use devm_bitmap_zalloc when applicable (Sebastian Ott) [2183343] - firmware: arm_scmi: Fix deferred_tx_wq release on error paths (Sebastian Ott) [2183343] - firmware: arm_scmi: Fix devres allocation device in virtio transport (Sebastian Ott) [2183343] - firmware: arm_scmi: Suppress the driver's bind attributes (Sebastian Ott) [2183343] - firmware: arm_scmi: Cleanup the core driver removal callback (Sebastian Ott) [2183343] - efi: efivars: Fix variable writes with unsupported query_variable_store() (Sebastian Ott) [2183343] - firmware: ti_sci: Fix polled mode during system suspend (Sebastian Ott) [2183343] - firmware: ti_sci: Use the non-atomic bitmap API when applicable (Sebastian Ott) [2183343] - firmware: ti_sci: Use the bitmap API to allocate bitmaps (Sebastian Ott) [2183343] - firmware: ti_sci: Switch transport to polled mode during system suspend (Sebastian Ott) [2183343] - firmware: raspberrypi: Introduce rpi_firmware_find_node() (Sebastian Ott) [2183343] - efi: random: Use 'ACPI reclaim' memory for random seed (Sebastian Ott) [2183343] - efi: random: reduce seed size to 32 bytes (Sebastian Ott) [2183343] - firmware: imx: scu-pd: add missed USB_1_PHY pd (Sebastian Ott) [2183343] - efi: runtime: Don't assume virtual mappings are missing if VA == PA == 0 (Sebastian Ott) [2183343] - efi: libstub: Fix incorrect payload size in zboot header (Sebastian Ott) [2183343] - efi: libstub: Give efi_main() asmlinkage qualification (Sebastian Ott) [2183343] - efi: efivars: Fix variable writes without query_variable_store() (Sebastian Ott) [2183343] - efi: ssdt: Don't free memory if ACPI table was loaded successfully (Sebastian Ott) [2183343] - efi: libstub: Remove zboot signing from build options (Sebastian Ott) [2183343] - efi/cper: Export several helpers for ghes_edac to use (Sebastian Ott) [2183343] - efi: pstore: Follow convention for the efi-pstore backend name (Sebastian Ott) [2183343] - firmware: raspberrypi: Use dev_err_probe() to simplify code (Sebastian Ott) [2183343] - efi/arm64: libstub: avoid SetVirtualAddressMap() when possible (Sebastian Ott) [2183343] - efi: zboot: create MemoryMapped() device path for the parent if needed (Sebastian Ott) [2183343] - efi: libstub: fix up the last remaining open coded boot service call (Sebastian Ott) [2183343] - efi/arm: libstub: move ARM specific code out of generic routines (Sebastian Ott) [2183343] - efi/libstub: measure EFI LoadOptions (Sebastian Ott) [2183343] - efi/libstub: refactor the initrd measuring functions (Sebastian Ott) [2183343] - efi: libstub: install boot-time memory map as config table (Sebastian Ott) [2183343] - efi: libstub: remove DT dependency from generic stub (Sebastian Ott) [2183343] - efi: libstub: unify initrd loading between architectures (Sebastian Ott) [2183343] - efi: libstub: remove pointless goto kludge (Sebastian Ott) [2183343] - efi: libstub: simplify efi_get_memory_map() and struct efi_boot_memmap (Sebastian Ott) [2183343] - efi: libstub: avoid efi_get_memory_map() for allocating the virt map (Sebastian Ott) [2183343] - psci: Fix the function type for psci_initcall_t (Sebastian Ott) [2183343] - firmware: dmi: Fortify entry point length checks (Sebastian Ott) [2183343] - Revert 'firmware: arm_scmi: Add clock management to the SCMI power domain' (Sebastian Ott) [2183343] - efi: libstub: check Shim mode using MokSBStateRT (Sebastian Ott) [2183343] - efi: libstub: drop pointless get_memory_map() call (Sebastian Ott) [2183343] - efi: efibc: Guard against allocation failure (Sebastian Ott) [2183343] - efi: efibc: avoid efivar API for setting variables (Sebastian Ott) [2183343] - efi: libstub: fix type confusion for load_options_size (Sebastian Ott) [2183343] - efi/libstub: implement generic EFI zboot (Sebastian Ott) [2183343] - efi/dev-path-parser: Refactor _UID handling to use acpi_dev_uid_to_integer() (Sebastian Ott) [2183343] - efi/libstub: move efi_system_table global var into separate object (Sebastian Ott) [2183343] - efi/libstub: use EFI provided memcpy/memset routines (Sebastian Ott) [2183343] - efi/libstub: add some missing EFI prototypes (Sebastian Ott) [2183343] - efi: capsule-loader: Fix use-after-free in efi_capsule_write (Sebastian Ott) [2183343] - efi/x86: libstub: remove unused variable (Sebastian Ott) [2183343] - efi: libstub: Disable struct randomization (Sebastian Ott) [2183343] - firmware: arm_scmi: Add SCMI PM driver remove routine (Sebastian Ott) [2183343] - firmware: arm_scmi: Fix the asynchronous reset requests (Sebastian Ott) [2183343] - firmware: arm_scmi: Harden accesses to the reset domains (Sebastian Ott) [2183343] - firmware: arm_scmi: Harden accesses to the sensor domains (Sebastian Ott) [2183343] - firmware: arm_scmi: Improve checks in the info_get operations (Sebastian Ott) [2183343] - firmware: arm_scmi: Fix missing kernel-doc in optee (Sebastian Ott) [2183343] - firmware: dmi: Use the proper accessor for the version field (Sebastian Ott) [2183343] - firmware: arm_scmi: Get detailed power scale from perf (Sebastian Ott) [2183343] - cpufreq: scmi: Support the power scale in micro-Watts in SCMI v3.1 (Sebastian Ott) [2183343] - cpufreq: scmi: Use .register_em() to register with energy model (Sebastian Ott) [2183343] - efi: Fix efi_power_off() not being run before acpi_power_off() when necessary (Sebastian Ott) [2183343] - firmware: arm_scmi: Use fast channel tracing (Sebastian Ott) [2183343] - include: trace: Add SCMI fast channel tracing (Sebastian Ott) [2183343] - firmware: arm_scmi: Add SCMI v3.1 powercap fast channels support (Sebastian Ott) [2183343] - firmware: arm_scmi: Generalize the fast channel support (Sebastian Ott) [2183343] - firmware: arm_scmi: Add SCMI v3.1 powercap protocol basic support (Sebastian Ott) [2183343] - firmware: arm_scmi: Add SCMI System Power Control driver (Sebastian Ott) [2183343] - firmware: arm_scmi: Add devm_protocol_acquire helper (Sebastian Ott) [2183343] - firmware: arm_scmi: Add SCMI v3.1 System Power extensions (Sebastian Ott) [2183343] - firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (Sebastian Ott) [2183343] - efi: vars: Move efivar caching layer into efivarfs (Sebastian Ott) [2183343] - efi: avoid efivars layer when loading SSDTs from variables (Sebastian Ott) [2183343] - efi: vars: Switch to new wrapper layer (Sebastian Ott) [2183343] - efi: vars: Remove deprecated 'efivars' sysfs interface (Sebastian Ott) [2183343] - efi: vars: Drop __efivar_entry_iter() helper which is no longer used (Sebastian Ott) [2183343] - efi: vars: Use locking version to iterate over efivars linked lists (Sebastian Ott) [2183343] - efi: pstore: Omit efivars caching EFI varstore access layer (Sebastian Ott) [2183343] - efi: vars: Add thin wrapper around EFI get/set variable interface (Sebastian Ott) [2183343] - efi: vars: Don't drop lock in the middle of efivar_init() (Sebastian Ott) [2183343] - pstore: Add priv field to pstore_record for backend specific use (Sebastian Ott) [2183343] - firmware: arm_scmi: Fix incorrect error propagation in scmi_voltage_descriptors_get (Sebastian Ott) [2183343] - firmware: arm_scmi: Relax base protocol sanity checks on the protocol list (Sebastian Ott) [2183343] - firmware: raspberrypi: Fix a leak in 'rpi_firmware_get()' (Sebastian Ott) [2183343] - redhat: stop tainting the kernel with virtio-mem (David Hildenbrand) [2228379] - x86/mm: Ease W^X enforcement back to just a warning (Ani Sinha) [2228318] - x86/mm: Disable W^X detection and enforcement on 32-bit (Ani Sinha) [2228318] - x86/mm/32: Fix W^X detection when page tables do not support NX (Ani Sinha) [2228318] - drm/nouveau/nvkm/dp: Add workaround to fix DP 1.3+ DPCD issues (Karol Herbst) [2229988] - redhat/configs: enable CONFIG_INET_DIAG_DESTROY (Andrea Claudi) [RHEL-212] - KVM: VMX: Don't fudge CR0 and CR4 for restricted L2 guest (Maxim Levitsky) [2225079] - KVM: x86: Disallow KVM_SET_SREGS{2} if incoming CR0 is invalid (Maxim Levitsky) [2225079] - KVM: Grab a reference to KVM for VM and vCPU stats file descriptors (Maxim Levitsky) [2225079] - Revert 'KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid' (Maxim Levitsky) [2225079] - KVM: x86: Acquire SRCU read lock when handling fastpath MSR writes (Maxim Levitsky) [2225079] - KVM: x86/irq: Conditionally register IRQ bypass consumer again (Maxim Levitsky) [2225079] - KVM: X86: Use GFP_KERNEL_ACCOUNT for pid_table in ipiv (Maxim Levitsky) [2225079] - KVM: x86: check the kvm_cpu_get_interrupt result before using it (Maxim Levitsky) [2225079] - KVM: x86: VMX: set irr_pending in kvm_apic_update_irr (Maxim Levitsky) [2225079] - KVM: x86: VMX: __kvm_apic_update_irr must update the IRR atomically (Maxim Levitsky) [2225079] - KVM: SVM: WARN, but continue, if misc_cg_set_capacity() fails (Maxim Levitsky) [2225079] - KVM: x86/cpuid: Add AMD CPUID ExtPerfMonAndDbg leaf 0x80000022 (Maxim Levitsky) [2225079] - KVM: x86/svm/pmu: Add AMD PerfMonV2 support (Maxim Levitsky) [2225079] - KVM: x86/cpuid: Add a KVM-only leaf to redirect AMD PerfMonV2 flag (Maxim Levitsky) [2225079] - KVM: x86/pmu: Constrain the num of guest counters with kvm_pmu_cap (Maxim Levitsky) [2225079] - KVM: x86/pmu: Advertise PERFCTR_CORE iff the min nr of counters is met (Maxim Levitsky) [2225079] - KVM: x86/pmu: Disable vPMU if the minimum num of counters isn't met (Maxim Levitsky) [2225079] - KVM: x86: Explicitly zero cpuid '0xa' leaf when PMU is disabled (Maxim Levitsky) [2225079] - KVM: x86/pmu: Provide Intel PMU's pmc_is_enabled() as generic x86 code (Maxim Levitsky) [2225079] - KVM: x86/pmu: Move handling PERF_GLOBAL_CTRL and friends to common x86 (Maxim Levitsky) [2225079] - KVM: x86/pmu: Reject userspace attempts to set reserved GLOBAL_STATUS bits (Maxim Levitsky) [2225079] - KVM: x86/pmu: Move reprogram_counters() to pmu.h (Maxim Levitsky) [2225079] - KVM: x86/pmu: Rename global_ovf_ctrl_mask to global_status_mask (Maxim Levitsky) [2225079] - KVM: SVM: enhance info printk's in SEV init (Maxim Levitsky) [2225079] - KVM: selftests: Add test for race in kvm_recalculate_apic_map() (Maxim Levitsky) [2225079] - KVM: x86: Bail from kvm_recalculate_phys_map() if x2APIC ID is out-of-bounds (Maxim Levitsky) [2225079] - KVM: SVM: Invoke trace_kvm_exit() for fastpath VM-Exits (Maxim Levitsky) [2225079] - KVM: x86: Account fastpath-only VM-Exits in vCPU stats (Maxim Levitsky) [2225079] - KVM: SVM: vNMI pending bit is V_NMI_PENDING_MASK not V_NMI_BLOCKING_MASK (Maxim Levitsky) [2225079] - KVM: x86/mmu: Grab memslot for correct address space in NX recovery worker (Maxim Levitsky) [2225079] - KVM: VMX: Inject #GP, not #UD, if SGX2 ENCLS leafs are unsupported (Maxim Levitsky) [2225079] - KVM: VMX: Inject #GP on ENCLS if vCPU has paging disabled (CR0.PG==0) (Maxim Levitsky) [2225079] - KVM: VMX: restore vmx_vmexit alignment (Maxim Levitsky) [2225079] - KVM: Don't kfree(NULL) on kzalloc() failure in kvm_assign_ioeventfd_idx() (Maxim Levitsky) [2225079] - KVM: SVM: Remove TSS reloading code after VMEXIT (Maxim Levitsky) [2225079] - KVM: Clean up kvm_vm_ioctl_create_vcpu() (Maxim Levitsky) [2225079] - KVM: allow KVM_BUG/KVM_BUG_ON to handle 64-bit cond (Maxim Levitsky) [2225079] - KVM: VMX: Use proper accessor to read guest CR4 in handle_desc() (Maxim Levitsky) [2225079] - KVM: VMX: Treat UMIP as emulated if and only if the host doesn't have UMIP (Maxim Levitsky) [2225079] - KVM: VMX: add MSR_IA32_TSX_CTRL into msrs_to_save (Maxim Levitsky) [2225079] - KVM: x86: Don't adjust guest's CPUID.0x12.1 (allowed SGX enclave XFRM) (Maxim Levitsky) [2225079] - KVM: VMX: Don't rely _only_ on CPUID to enforce XCR0 restrictions for ECREATE (Maxim Levitsky) [2225079] - KVM: VMX: Fix header file dependency of asm/vmx.h (Maxim Levitsky) [2225079] - KVM: x86: Filter out XTILE_CFG if XTILE_DATA isn't permitted (Maxim Levitsky) [2225079] - KVM: x86: Add a helper to handle filtering of unpermitted XCR0 features (Maxim Levitsky) [2225079] - KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted (Maxim Levitsky) [2225079] - KVM: x86/pmu: Prevent the PMU from counting disallowed events (Maxim Levitsky) [2225079] - KVM: x86/pmu: Rewrite reprogram_counters() to improve performance (Maxim Levitsky) [2225079] - KVM: VMX: Refactor intel_pmu_{g,}set_msr() to align with other helpers (Maxim Levitsky) [2225079] - KVM: x86/pmu: Rename pmc_is_enabled() to pmc_is_globally_enabled() (Maxim Levitsky) [2225079] - KVM: x86/pmu: Disallow legacy LBRs if architectural LBRs are available (Maxim Levitsky) [2225079] - KVM: x86/pmu: Zero out pmu->all_valid_pmc_idx each time it's refreshed (Maxim Levitsky) [2225079] - KVM: VMX: Use is_64_bit_mode() to check 64-bit mode in SGX handler (Maxim Levitsky) [2225079] - KVM: x86: Assert that the emulator doesn't load CS with garbage in !RM (Maxim Levitsky) [2225079] - KVM: nSVM: Implement support for nested VNMI (Maxim Levitsky) [2225079] - KVM: x86: Add support for SVM's Virtual NMI (Maxim Levitsky) [2225079] - KVM: x86: Route pending NMIs from userspace through process_nmi() (Maxim Levitsky) [2225079] - KVM: SVM: Add definitions for new bits in VMCB::int_ctrl related to vNMI (Maxim Levitsky) [2225079] - x86/cpufeatures: Redefine synthetic virtual NMI bit as AMD's 'real' vNMI (Maxim Levitsky) [2225079] - KVM: x86: Save/restore all NMIs when multiple NMIs are pending (Maxim Levitsky) [2225079] - KVM: x86: Tweak the code and comment related to handling concurrent NMIs (Maxim Levitsky) [2225079] - KVM: x86: Raise an event request when processing NMIs if an NMI is pending (Maxim Levitsky) [2225079] - KVM: SVM: add wrappers to enable/disable IRET interception (Maxim Levitsky) [2225079] - KVM: nSVM: Raise event on nested VM exit if L1 doesn't intercept IRQs (Maxim Levitsky) [2225079] - KVM: nSVM: Disable intercept of VINTR if saved L1 host RFLAGS.IF is 0 (Maxim Levitsky) [2225079] - KVM: nSVM: Don't sync vmcb02 V_IRQ back to vmcb12 if KVM (L0) is intercepting VINTR (Maxim Levitsky) [2225079] - KVM: x86: Use boolean return value for is_{pae,pse,paging}() (Maxim Levitsky) [2225079] - KVM: SVM: Fix benign 'bool vs. int' comparison in svm_set_cr0() (Maxim Levitsky) [2225079] - KVM: PPC: Make KVM_CAP_IRQFD_RESAMPLE platform dependent (Maxim Levitsky) [2225079] - KVM: Ensure lockdep knows about kvm->lock vs. vcpu->mutex ordering rule (Maxim Levitsky) [2225079] - KVM: selftests: Build access_tracking_perf_test for arm64 (Maxim Levitsky) [2225079] - virtio-pci: Fix legacy device flag setting error in probe (Cindy Lu) [RHEL-814] - vdpa/mlx5: Fix crash on shutdown for when no ndev exists (Cindy Lu) [RHEL-814] - vdpa/mlx5: Delete control vq iotlb in destroy_mr only when necessary (Cindy Lu) [RHEL-814] - vdpa/mlx5: Fix mr->initialized semantics (Cindy Lu) [RHEL-814] [5.14.0-359] - vxlan: fix GRO with VXLAN-GPE (Jiri Benc) [2209627] - vxlan: generalize vxlan_parse_gpe_hdr and remove unused args (Jiri Benc) [2209627] - vxlan: calculate correct header length for GPE (Jiri Benc) [2209627] - redhat/configs: turn on the framework for SPI NOR for ARM (Steve Best) [2223027] - dm cache policy smq: ensure IO doesn't prevent cleaner policy progress (Benjamin Marzinski) [2159623] - selftests: mptcp: join: fix 'implicit EP' test (Andrea Claudi) [2109139] - selftests: mptcp: join: fix 'delete and re-add' test (Andrea Claudi) [2109139] - net: tap_open(): set sk_uid from current_fsuid() (Laszlo Ersek) [2229506] {CVE-2023-4194} - net: tun_chr_open(): set sk_uid from current_fsuid() (Laszlo Ersek) [2229506] {CVE-2023-4194} - scsi: storvsc: Remove errant duplicate code (Cathy Avery) [2224931] - scsi: storvsc: Limit max_sectors for virtual Fibre Channel devices (Cathy Avery) [2224931] - net/mlx5: Register a unique thermal zone per device (Mohammad Kabat) [2210257] - net/mlx5: Implement thermal zone (Mohammad Kabat) [2210257] - redhat/configs: enable Tegra114 SPI controller (Mark Salter) [2232430] - redhat: add IMA certificates (Coiby Xu) [1870705] - locking: 9.3 KRTS JiraReadiness exercise (John B. Wyatt IV) [RHEL-981] [5.14.0-358] - KVM: SEV: remove ghcb variable declarations (Vitaly Kuznetsov) [2213808] - KVM: SEV: only access GHCB fields once (Vitaly Kuznetsov) [2213808] {CVE-2023-4155} - KVM: SEV: snapshot the GHCB before accessing it (Vitaly Kuznetsov) [2213808] {CVE-2023-4155} - usb: typec: ucsi: Mark dGPUs as DEVICE scope (Desnes Nunes) [2222462] - i2c: designware-pci: Switch to use i2c_new_ccgx_ucsi() (Desnes Nunes) [2222462] - i2c: nvidia-gpu: Convert to use dev_err_probe() (Desnes Nunes) [2222462] - i2c: nvidia-gpu: Use temporary variable for struct device (Desnes Nunes) [2222462] - i2c: nvidia-gpu: Switch to use i2c_new_ccgx_ucsi() (Desnes Nunes) [2222462] - i2c: Introduce common module to instantiate CCGx UCSI (Desnes Nunes) [2222462] - power: supply: Fix logic checking if system is running from battery (Desnes Nunes) [2222462] - hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition (Chris von Recklinghausen) [2184581] {CVE-2023-1855} - netfilter: nf_tables: unbind non-anonymous set if rule construction fails (Phil Sutter) [2213271] {CVE-2023-3390} - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (Phil Sutter) [2213271] {CVE-2023-3390} - netfilter: nf_tables: fix chain binding transaction logic (Phil Sutter) [2213271] {CVE-2023-3390} - netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE (Phil Sutter) [2213271] {CVE-2023-3390} - wifi: rtw88: unlock on error path in rtw_ops_add_interface() (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: check only affected links (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: send time sync only if needed (Inigo Huguet) [2196821] - wifi: clean up erroneously introduced file (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: Handle return value for iwl_mvm_sta_init (Inigo Huguet) [2196821] - wifi: rtw88: delete timer and free skb queue when unloading (Inigo Huguet) [2196821] - wifi: cfg80211: Fix return value in scan logic (Inigo Huguet) [2196821] - Revert 'wifi: ath11k: Enable threaded NAPI' (Inigo Huguet) [2196821] - wifi: cfg80211: fix receiving mesh packets without RFC1042 header (Inigo Huguet) [2196821] - wifi: mt76: mt7921e: fix init command fail with enabled device (Inigo Huguet) [2196821] - wifi: ath9k: convert msecs to jiffies where needed (Inigo Huguet) [2196821] - wifi: ath11k: Add missing check for ioremap (Inigo Huguet) [2196821] - wifi: ath11k: fix memory leak in WMI firmware stats (Inigo Huguet) [2196821] - wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() (Inigo Huguet) [2196821] - wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: avoid baid size integer overflow (Inigo Huguet) [2196821] - wifi: rtw88: process VO packets without workqueue to avoid PTK rekey failed (Inigo Huguet) [2196821] - wifi: rtw88: Fix action frame transmission fail before association (Inigo Huguet) [2196821] - wifi: iwlwifi: add a few rate index validity checks (Inigo Huguet) [2196821] - wifi: iwlwifi: Validate slots_num before allocating memory (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: Validate tid is in valid range before using it (Inigo Huguet) [2196821] - wifi: iwlwifi: pcie: fix NULL pointer dereference in iwl_pcie_irq_rx_msix_handler() (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: check link during TX (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: add a NULL pointer check (Inigo Huguet) [2196821] - wifi: iwlwifi: pull from TXQs with softirqs disabled (Inigo Huguet) [2196821] - wifi: iwlwifi: Correctly indicate support for VHT TX STBC (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: Add NULL check before dereferencing the pointer (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: fix potential array out of bounds access (Inigo Huguet) [2196821] - wifi: rtw88: add missing unwind goto for __rtw_download_firmware() (Inigo Huguet) [2196821] - wifi: iwlwifi: disable RX STBC when a device doesn't support it (Inigo Huguet) [2196821] - wifi: iwlwifi: don't silently ignore missing suspend or resume ops (Inigo Huguet) [2196821] - wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx (Inigo Huguet) [2196821] - wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation (Inigo Huguet) [2196821] - wifi: rtw89: pci: fix interrupt enable mask for HALT C2H of RTL8851B (Inigo Huguet) [2196821] - wifi: rtw89: fix rtw89_read_chip_ver() for RTL8852B and RTL8851B (Inigo Huguet) [2196821] - wifi: rtw88: fix incorrect error codes in rtw_debugfs_set_* (Inigo Huguet) [2196821] - wifi: rtw88: fix incorrect error codes in rtw_debugfs_copy_from_user (Inigo Huguet) [2196821] - wifi: mac80211: report all unusable beacon frames (Inigo Huguet) [2196821] - wifi: iwlwifi: pcie: Handle SO-F device for PCI id 0x7AF0 (Inigo Huguet) [2196821] - config: wifi: debug configs for ath11k, brcm80211 and iwlwifi (Inigo Huguet) [2196821] - config: wifi: set RTL8821CS, RTL8822BS and RTL8822CS as disabled (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: spin_lock_bh() to fix lockdep regression (Inigo Huguet) [2196821] - wifi: mac80211: fragment per STA profile correctly (Inigo Huguet) [2196821] - wifi: mac80211: Use active_links instead of valid_links in Tx (Inigo Huguet) [2196821] - wifi: cfg80211: remove links only on AP (Inigo Huguet) [2196821] - wifi: mac80211: take lock before setting vif links (Inigo Huguet) [2196821] - wifi: cfg80211: fix link del callback to call correct handler (Inigo Huguet) [2196821] - wifi: mac80211: fix link activation settings order (Inigo Huguet) [2196821] - wifi: cfg80211: fix double lock bug in reg_wdev_chan_valid() (Inigo Huguet) [2196821] - wifi: cfg80211: fix locking in regulatory disconnect (Inigo Huguet) [2196821] - wifi: cfg80211: fix locking in sched scan stop work (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: Fix -Warray-bounds bug in iwl_mvm_wait_d3_notif() (Inigo Huguet) [2196821] - wifi: mac80211: fix switch count in EMA beacons (Inigo Huguet) [2196821] - wifi: mac80211: don't translate beacon/presp addrs (Inigo Huguet) [2196821] - wifi: mac80211: mlme: fix non-inheritence element (Inigo Huguet) [2196821] - wifi: cfg80211: reject bad AP MLD address (Inigo Huguet) [2196821] - wifi: mac80211: use correct iftype HE cap (Inigo Huguet) [2196821] - wifi: mt76: mt7996: fix possible NULL pointer dereference in mt7996_mac_write_txwi() (Inigo Huguet) [2196821] - wifi: rtw89: remove redundant check of entering LPS (Inigo Huguet) [2196821] - wifi: rtw89: correct PS calculation for SUPPORTS_DYNAMIC_PS (Inigo Huguet) [2196821] - wifi: rtw88: correct PS calculation for SUPPORTS_DYNAMIC_PS (Inigo Huguet) [2196821] - wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll (Inigo Huguet) [2196821] - wifi: b43: fix incorrect __packed annotation (Inigo Huguet) [2196821] - wifi: rtw88: sdio: Always use two consecutive bytes for word operations (Inigo Huguet) [2196821] - mac80211_hwsim: fix memory leak in hwsim_new_radio_nl (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: Add locking to the rate read flow (Inigo Huguet) [2196821] - wifi: iwlwifi: Don't use valid_links to iterate sta links (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: don't trust firmware n_channels (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: fix OEM's name in the tas approved list (Inigo Huguet) [2196821] - wifi: iwlwifi: fix OEM's name in the ppag approved list (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: fix initialization of a return value (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: fix access to fw_id_to_mac_id (Inigo Huguet) [2196821] - wifi: iwlwifi: fw: fix DBGI dump (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: fix number of concurrent link checks (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: don't double-init spinlock (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: always free dup_data (Inigo Huguet) [2196821] - wifi: mac80211: recalc chanctx mindef before assigning (Inigo Huguet) [2196821] - wifi: mac80211: consider reserved chanctx for mindef (Inigo Huguet) [2196821] - wifi: mac80211: simplify chanctx allocation (Inigo Huguet) [2196821] - wifi: mac80211: Abort running color change when stopping the AP (Inigo Huguet) [2196821] - wifi: mac80211: fix min center freq offset tracing (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: rfi: disable RFI feature (Inigo Huguet) [2196821] - wifi: mac80211: Fix puncturing bitmap handling in __ieee80211_csa_finalize() (Inigo Huguet) [2196821] - wifi: mac80211: fortify the spinlock against deadlock by interrupt (Inigo Huguet) [2196821] - wifi: cfg80211: Drop entries with invalid BSSIDs in RNR (Inigo Huguet) [2196821] - wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value (Inigo Huguet) [2196821] - wifi: brcmfmac: Check for probe() id argument being NULL (Inigo Huguet) [2196821] - wifi: rtw88: correct qsel_to_ep[] type as int (Inigo Huguet) [2196821] - wifi: rtw88: use work to update rate to avoid RCU warning (Inigo Huguet) [2196821] - wifi: rtw89: 8852b: adjust quota to avoid SER L1 caused by access null page (Inigo Huguet) [2196821] - wifi: mt76: connac: fix stats->tx_bytes calculation (Inigo Huguet) [2196821] - wifi: mt76: mt7996: fix endianness of MT_TXD6_TX_RATE (Inigo Huguet) [2196821] - mac80211: use the new drop reasons infrastructure (Inigo Huguet) [2196821] - wifi: rtw88: Update spelling in main.h (Inigo Huguet) [2196821] - wifi: airo: remove ISA_DMA_API dependency (Inigo Huguet) [2196821] - wifi: rtl8xxxu: Simplify setting the initial gain (Inigo Huguet) [2196821] - wifi: rtl8xxxu: Add rtl8xxxu_write{8,16,32}_{set,clear} (Inigo Huguet) [2196821] - wifi: rtl8xxxu: Don't print the vendor/product/serial (Inigo Huguet) [2196821] - wifi: rtw88: Fix memory leak in rtw88_usb (Inigo Huguet) [2196821] - wifi: rtw88: call rtw8821c_switch_rf_set() according to chip variant (Inigo Huguet) [2196821] - wifi: rtw88: set pkg_type correctly for specific rtw8821c variants (Inigo Huguet) [2196821] - wifi: rtw88: rtw8821c: Fix rfe_option field width (Inigo Huguet) [2196821] - wifi: rtw88: usb: fix priority queue to endpoint mapping (Inigo Huguet) [2196821] - wifi: rtw88: 8822c: add iface combination (Inigo Huguet) [2196821] - wifi: rtw88: handle station mode concurrent scan with AP mode (Inigo Huguet) [2196821] - wifi: rtw88: prevent scan abort with other VIFs (Inigo Huguet) [2196821] - wifi: rtw88: refine reserved page flow for AP mode (Inigo Huguet) [2196821] - wifi: rtw88: disallow PS during AP mode (Inigo Huguet) [2196821] - wifi: rtw88: 8822c: extend reserved page number (Inigo Huguet) [2196821] - wifi: rtw88: add port switch for AP mode (Inigo Huguet) [2196821] - wifi: rtw88: add bitmap for dynamic port settings (Inigo Huguet) [2196821] - wifi: rtw89: mac: use regular int as return type of DLE buffer request (Inigo Huguet) [2196821] - wifi: mac80211: remove return value check of debugfs_create_dir() (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: fix RFKILL report when driver is going down (Inigo Huguet) [2196821] - wifi: iwlwifi: mei: re-ask for ownership after it was taken by CSME (Inigo Huguet) [2196821] - wifi: iwlwifi: mei: make mei filtered scan more aggressive (Inigo Huguet) [2196821] - wifi: iwlwifi: modify scan request and results when in link protection (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: enable support for MLO APIs (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: prefer RCU_INIT_POINTER() (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: fix potential memory leak (Inigo Huguet) [2196821] - wifi: iwlwifi: fw: fix argument to efi.get_variable (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: fix MIC removal confusion (Inigo Huguet) [2196821] - wifi: iwlwifi: fw: fix memory leak in debugfs (Inigo Huguet) [2196821] - wifi: iwlwifi: Update support for b0 version (Inigo Huguet) [2196821] - wifi: ath11k: Remove disabling of 80+80 and 160 MHz (Inigo Huguet) [2196821] - wifi: ath11k: Fix SKB corruption in REO destination ring (Inigo Huguet) [2196821] - wifi: ath11k: Fix incorrect update of radiotap fields (Inigo Huguet) [2196821] - wifi: ath11k: fix tx status reporting in encap offload mode (Inigo Huguet) [2196821] - wifi: ath11k: add peer mac information in failure cases (Inigo Huguet) [2196821] - wifi: ath11k: Prevent REO cmd failures (Inigo Huguet) [2196821] - wifi: ath11k: fix double free of peer rx_tid during reo cmd failure (Inigo Huguet) [2196821] - wifi: mt76: mt7996: fill txd by host driver (Inigo Huguet) [2196821] - wifi: mt76: set NL80211_EXT_FEATURE_CAN_REPLACE_PTK0 on supported drivers (Inigo Huguet) [2196821] - wifi: mt76: dma: use napi_build_skb (Inigo Huguet) [2196821] - wifi: mt76: mt7615: increase eeprom size for mt7663 (Inigo Huguet) [2196821] - wifi: mt76: mt7996: enable mesh HW amsdu/de-amsdu support (Inigo Huguet) [2196821] - wifi: mt76: mt7996: enable configured beacon tx rate (Inigo Huguet) [2196821] - wifi: mt76: mt7996: enable BSS_CHANGED_MCAST_RATE support (Inigo Huguet) [2196821] - wifi: mt76: mt7996: enable BSS_CHANGED_BASIC_RATES support (Inigo Huguet) [2196821] - wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace (Inigo Huguet) [2196821] - wifi: mac80211: remove ieee80211_tx_status_8023 (Inigo Huguet) [2196821] - wifi: iwlwifi: bump FW API to 78 for AX devices (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: check firmware response size (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: add MLO support to SF - use sta pointer (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: configure TLC on link activation (Inigo Huguet) [2196821] - wifi: iwlwifi: fix iwl_mvm_max_amsdu_size() for MLO (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: remove RS rate init update argument (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: initialize per-link STA ratescale data (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: rs-fw: properly access sband->iftype_data (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: only clients can be 20MHz-only (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: fix iwl_mvm_sta_rc_update for MLO (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: remove per-STA MFP setting (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: allow NL80211_EXT_FEATURE_SCAN_MIN_PREQ_CONTENT (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: use BSSID when building probe requests (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: update mac id management (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: adopt the latest firmware API (Inigo Huguet) [2196821] - wifi: mt76: connac: add nss calculation into mt76_connac2_mac_tx_rate_val() (Inigo Huguet) [2196821] - wifi: mt76: connac: fix txd multicast rate setting (Inigo Huguet) [2196821] - wifi: mt76: mt7921e: stop chip reset worker in unregister hook (Inigo Huguet) [2196821] - wifi: mt76: mt7921e: improve reliability of dma reset (Inigo Huguet) [2196821] - wifi: mt76: mt7921: fix missing unwind goto in mt7921u_probe (Inigo Huguet) [2196821] - mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data (Inigo Huguet) [2196821] - wifi: mt76: move mcu_uni_event and mcu_reg_event in common code (Inigo Huguet) [2196821] - wifi: mt76: mt7996: enable coredump support (Inigo Huguet) [2196821] - wifi: mt76: mt7996: add full system reset knobs into debugfs (Inigo Huguet) [2196821] - wifi: mt76: mt7996: enable full system reset support (Inigo Huguet) [2196821] - wifi: mt76: mt7921: enable p2p support (Inigo Huguet) [2196821] - wifi: mt76: mt7921: Replace fake flex-arrays with flexible-array members (Inigo Huguet) [2196821] - wifi: mt76: Replace zero-length array with flexible-array member (Inigo Huguet) [2196821] - wifi: mt76: mt7921: add Netgear AXE3000 (A8000) support (Inigo Huguet) [2196821] - wifi: mt76: mt7915: drop redundant prefix of mt7915_txpower_puts() (Inigo Huguet) [2196821] - wifi: mt76: fix 6GHz high channel not be scanned (Inigo Huguet) [2196821] - wifi: mt76: mt7921e: fix probe timeout after reboot (Inigo Huguet) [2196821] - wifi: mt76: move shared mac definitions in mt76_connac2_mac.h (Inigo Huguet) [2196821] - wifi: mt76: mt7921: get rid of eeprom.h (Inigo Huguet) [2196821] - wifi: mt76: add mt76_connac_gen_ppe_thresh utility routine (Inigo Huguet) [2196821] - wifi: mt76: get rid of unused sta_ps callbacks (Inigo Huguet) [2196821] - wifi: mt76: add mt76_connac_irq_enable utility routine (Inigo Huguet) [2196821] - wifi: mt76: move irq_tasklet in mt76_dev struct (Inigo Huguet) [2196821] - wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset (Inigo Huguet) [2196821] - wifi: mt76: mt7921: use driver flags rather than mac80211 flags to mcu (Inigo Huguet) [2196821] - wifi: mt76: mt7921: introduce mt7921_get_mac80211_ops utility routine (Inigo Huguet) [2196821] - wifi: mt76: mt7996: fix eeprom tx path bitfields (Inigo Huguet) [2196821] - wifi: mt76: mt7996: remove mt7996_mcu_set_pm() (Inigo Huguet) [2196821] - wifi: mt76: mt7996: init mpdu density cap (Inigo Huguet) [2196821] - wifi: mt76: mt7996: fix pointer calculation in ie countdown event (Inigo Huguet) [2196821] - wifi: mt76: mt7996: remove unused eeprom band selection (Inigo Huguet) [2196821] - wifi: mt76: mt7996: let non-bufferable MMPDUs use correct hw queue (Inigo Huguet) [2196821] - wifi: mt76: mt7996: add eht rx rate support (Inigo Huguet) [2196821] - wifi: mt76: mt7996: remove mt7996_mcu_beacon_check_caps() (Inigo Huguet) [2196821] - wifi: mt76: mt7915: remove mt7915_mcu_beacon_check_caps() (Inigo Huguet) [2196821] - wifi: mt76: connac: refresh tx session timer for WED device (Inigo Huguet) [2196821] - wifi: mt76: add missing locking to protect against concurrent rx/status calls (Inigo Huguet) [2196821] - wifi: mt76: handle failure of vzalloc in mt7615_coredump_work (Inigo Huguet) [2196821] - wifi: mt76: drop the incorrect scatter and gather frame (Inigo Huguet) [2196821] - wifi: mt76: mt7915: rework init flow in mt7915_thermal_init() (Inigo Huguet) [2196821] - wifi: mt76: mt7915: add dev->hif2 support for mt7916 WED device (Inigo Huguet) [2196821] - wifi: mt76: mt7915: expose device tree match table (Inigo Huguet) [2196821] - wifi: mt76: dynamic channel bandwidth changes in AP mode (Inigo Huguet) [2196821] - wifi: mt76: mt7996: fix radiotap bitfield (Inigo Huguet) [2196821] - wifi: mt76: mt7915: unlock on error in mt7915_thermal_temp_store() (Inigo Huguet) [2196821] - wifi: mt76: mt7996: Remove unneeded semicolon (Inigo Huguet) [2196821] - wifi: mt76: mt7921: fix PCI DMA hang after reboot (Inigo Huguet) [2196821] - wifi: mt76: mt7921: fix wrong command to set STA channel (Inigo Huguet) [2196821] - wifi: mt76: remove redundent MCU_UNI_CMD_* definitions (Inigo Huguet) [2196821] - wifi: ath9k: fix per-packet TX-power cap for TPC (Inigo Huguet) [2196821] - wifi: ath11k: fix undefined behavior with __fls in dp (Inigo Huguet) [2196821] - wifi: ath11k: Ignore frags from uninitialized peer in dp. (Inigo Huguet) [2196821] - wifi: ath11k: print a warning when crypto_alloc_shash() fails (Inigo Huguet) [2196821] - wifi: ath11k: pci: Add more MODULE_FIRMWARE() entries (Inigo Huguet) [2196821] - wifi: ath11k: enable SAR support on WCN6750 (Inigo Huguet) [2196821] - wifi: ath11k: Disable Spectral scan upon removing interface (Inigo Huguet) [2196821] - wifi: rtw89: add support of concurrent mode (Inigo Huguet) [2196821] - wifi: rtw89: Disallow power save with multiple stations (Inigo Huguet) [2196821] - wifi: rtw89: update statistics to FW for fine-tuning performance (Inigo Huguet) [2196821] - wifi: rtw89: use struct instead of macros to set H2C command of hardware scan (Inigo Huguet) [2196821] - wifi: rtw89: refine scan function after chanctx (Inigo Huguet) [2196821] - wifi: rtw89: prohibit enter IPS during HW scan (Inigo Huguet) [2196821] - wifi: rtw89: coex: send more hardware module info to firmware for 8851B (Inigo Huguet) [2196821] - wifi: rtw89: coex: Update function to get BT RSSI and hardware counter (Inigo Huguet) [2196821] - wifi: rtw89: coex: Add path control register to monitor list (Inigo Huguet) [2196821] - wifi: rtw89: coex: Enable Wi-Fi RX gain control for free run solution (Inigo Huguet) [2196821] - wifi: rtw89: fix power save function in WoWLAN mode (Inigo Huguet) [2196821] - wifi: rtw89: support WoWLAN mode for 8852be (Inigo Huguet) [2196821] - wifi: iwlwifi: move debug buffer allocation failure to info verbosity (Inigo Huguet) [2196821] - wifi: iwlwifi: make the loop for card preparation effective (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: allow number of beacons from FW (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: implement key link switching (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: implement BAID link switching (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: track station mask for BAIDs (Inigo Huguet) [2196821] - wifi: iwlwifi: bump FW API to 77 for AX devices (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: use correct sta mask to remove queue (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: avoid iterating over an un-initialized list (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: factor out iwl_mvm_sta_fw_id_mask() (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: properly implement HE AP support (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: Fix _iwl_mvm_get_scan_type() (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: fix getting lowest TX rate for MLO (Inigo Huguet) [2196821] - wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (Inigo Huguet) [2196821] - wifi: iwlwifi: nvm-parse: add full BW UL MU-MIMO support (Inigo Huguet) [2196821] - wifi: rtl8xxxu: Support devices with 5-6 out endpoints (Inigo Huguet) [2196821] - wifi: rtl8xxxu: Clean up some messy ifs (Inigo Huguet) [2196821] - wifi: brcmfmac: add Cypress 43439 SDIO ids (Inigo Huguet) [2196821] - wifi: rtw89: fix crash due to null pointer of sta in AP mode (Inigo Huguet) [2196821] - wifi: rtw89: correct 5 MHz mask setting (Inigo Huguet) [2196821] - wifi: rtw89: 8851b: add tables for RFK (Inigo Huguet) [2196821] - wifi: rtw89: 8851b: add BB and RF tables (2 of 2) (Inigo Huguet) [2196821] - wifi: rtw89: 8851b: add BB and RF tables (1 of 2) (Inigo Huguet) [2196821] - wifi: rtw89: pci: update PCI related settings to support 8851B (Inigo Huguet) [2196821] - wifi: rtw89: mac: update MAC settings to support 8851b (Inigo Huguet) [2196821] - wifi: rtw89: 8851b: fix TX path to path A for one RF path chip (Inigo Huguet) [2196821] - wifi: rtw89: read version of analog hardware (Inigo Huguet) [2196821] - wifi: rtw89: use hardware CFO to improve performance (Inigo Huguet) [2196821] - wifi: rtw89: support parameter tables by RFE type (Inigo Huguet) [2196821] - wifi: rtw89: add firmware format version to backward compatible with older drivers (Inigo Huguet) [2196821] - wifi: rtw89: use schedule_work to request firmware (Inigo Huguet) [2196821] - wifi: rtw89: fw: use generic flow to set/check features (Inigo Huguet) [2196821] - wifi: rtw89: fix authentication fail during scan (Inigo Huguet) [2196821] - wifi: rtw89: add flag check for power state (Inigo Huguet) [2196821] - wifi: rtw89: add ieee80211::remain_on_channel ops (Inigo Huguet) [2196821] - wifi: rtw89: add function to wait for completion of TX skbs (Inigo Huguet) [2196821] - wifi: rtw89: 8852c: add beacon filter and CQM support (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: tx: remove misleading if statement (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: Fix setting the rate for non station cases (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: validate station properly in flush (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: set STA mask for keys in MLO (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: fix ptk_pn memory leak (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: make iwl_mvm_mac_ctxt_send_beacon() static (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: track AP STA pointer and use it for MFP (Inigo Huguet) [2196821] - wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf (Inigo Huguet) [2196821] - wifi: iwlwifi: fw: move memset before early return (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: initialize seq variable (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: Fix spelling mistake 'Gerenal' -> 'General' (Inigo Huguet) [2196821] - wifi: iwlwifi: Fix spelling mistake 'upto' -> 'up to' (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: enable new MLD FW API (Inigo Huguet) [2196821] - wifi: iwlwifi: add a new PCI device ID for BZ device (Inigo Huguet) [2196821] - wifi: iwlwifi: Add RF Step Type for BZ device (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: scan legacy bands and UHB channels with same antenna (Inigo Huguet) [2196821] - wifi: iwlwifi: yoyo: Fix possible division by zero (Inigo Huguet) [2196821] - wifi: iwlwifi: yoyo: skip dump correctly on hw error (Inigo Huguet) [2196821] - wifi: iwlwifi: pcie: fix possible NULL pointer dereference (Inigo Huguet) [2196821] - wifi: iwlwifi: Fix the duplicate dump name (Inigo Huguet) [2196821] - wifi: iwlwifi: pcie: work around ROM bug on AX210 integrated (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: add DSM_FUNC_ENABLE_6E value to debugfs (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: cleanup beacon_inject_active during hw restart (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: support wowlan info notification version 2 (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: make HLTK configuration for PASN station optional (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: request limiting to 8 MSDUs per A-MSDU (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: fix shift-out-of-bounds (Inigo Huguet) [2196821] - wifi: iwlwifi: acpi: support modules with high antenna gain (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: don't drop unencrypted MCAST frames (Inigo Huguet) [2196821] - wifi: iwlwifi: dbg: print pc register data once fw dump occurred (Inigo Huguet) [2196821] - wifi: mac80211: add flush_sta method (Inigo Huguet) [2196821] - wifi: mac80211: flush queues on STA removal (Inigo Huguet) [2196821] - wifi: ieee80211: correctly mark FTM frames non-bufferable (Inigo Huguet) [2196821] - wifi: ieee80211: clean up public action codes (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: don't set CHECKSUM_COMPLETE for unsupported protocols (Inigo Huguet) [2196821] - wifi: iwlwifi: trans: don't trigger d3 interrupt twice (Inigo Huguet) [2196821] - wifi: iwlwifi: Update configurations for Bnj-a0 and specific rf devices (Inigo Huguet) [2196821] - wifi: iwlwifi: Update init sequence if tx diversity supported (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: move function sequence (Inigo Huguet) [2196821] - wifi: iwlwifi: nvm: Update HE capabilities on 6GHz band for EHT device (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: refactor TX csum mode check (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: fix A-MSDU checks (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: enable bz hw checksum from c step (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: use OFDM rate if IEEE80211_TX_CTL_NO_CCK_RATE is set (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: convert TID to FW value on queue remove (Inigo Huguet) [2196821] - wifi: iwlwifi: Update configuration for SO,SOF MAC and HR RF (Inigo Huguet) [2196821] - wifi: iwlwifi: add a validity check of queue_id in iwl_txq_reclaim (Inigo Huguet) [2196821] - wifi: iwlwifi: nvm-parse: enable 160/320 MHz for AP mode (Inigo Huguet) [2196821] - wifi: iwlwifi: debug: fix crash in __iwl_err() (Inigo Huguet) [2196821] - wifi: rtw88: Add support for the SDIO based RTL8821CS chipset (Inigo Huguet) [2196821] - wifi: rtw88: Add support for the SDIO based RTL8822CS chipset (Inigo Huguet) [2196821] - wifi: rtw88: Add support for the SDIO based RTL8822BS chipset (Inigo Huguet) [2196821] - wifi: rtw88: main: Reserve 8 bytes of extra TX headroom for SDIO cards (Inigo Huguet) [2196821] - wifi: rtw88: main: Add the {cpwm,rpwm}_addr for SDIO based chipsets (Inigo Huguet) [2196821] - wifi: rtw88: mac: Support SDIO specific bits in the power on sequence (Inigo Huguet) [2196821] - wifi: rtw88: sdio: Add HCI implementation for SDIO based chipsets (Inigo Huguet) [2196821] - wifi: rtw88: Clear RTW_FLAG_POWERON early in rtw_mac_power_switch() (Inigo Huguet) [2196821] - wifi: ath12k: Remove redundant pci_clear_master (Inigo Huguet) [2196821] - wifi: ath10k: Remove redundant pci_clear_master (Inigo Huguet) [2196821] - wifi: ath11k: Remove redundant pci_clear_master (Inigo Huguet) [2196821] - wifi: ath11k: Send 11d scan start before WMI_START_SCAN_CMDID (Inigo Huguet) [2196821] - wifi: ath11k: fix writing to unintended memory region (Inigo Huguet) [2196821] - wifi: ath11k: Fix invalid management rx frame length issue (Inigo Huguet) [2196821] - wifi: ath11k: fix rssi station dump not updated in QCN9074 (Inigo Huguet) [2196821] - wifi: ath11k: Configure the FTM responder role using firmware capability flag (Inigo Huguet) [2196821] - wifi: ath11k: Optimize 6 GHz scan time (Inigo Huguet) [2196821] - wifi: mac80211: set EHT support flag in AP mode (Inigo Huguet) [2196821] - wifi: mac80211_hwsim: fix potential NULL deref in hwsim_pmsr_report_nl() (Inigo Huguet) [2196821] - wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: fix the order of TIMING_MEASUREMENT notifications (Inigo Huguet) [2196821] - bus: mhi: host: Use mhi_tryset_pm_state() for setting fw error state (Inigo Huguet) [2196821] - bus: mhi: host: Remove duplicate ee check for syserr (Inigo Huguet) [2196821] - bus: mhi: host: Avoid ringing EV DB if there are no elements to process (Inigo Huguet) [2196821] - net: rfkill-gpio: Add explicit include for of.h (Inigo Huguet) [2196821] - net: qrtr: correct types of trace event parameters (Inigo Huguet) [2196821] - wifi: rt2x00: Fix memory leak when handling surveys (Inigo Huguet) [2196821] - wifi: b43legacy: Remove the unused function prev_slot() (Inigo Huguet) [2196821] - wifi: rtw89: Remove redundant pci_clear_master (Inigo Huguet) [2196821] - wifi: rtw89: fix potential race condition between napi_init and napi_enable (Inigo Huguet) [2196821] - wifi: rtw89: config EDCCA threshold during scan to prevent TX failed (Inigo Huguet) [2196821] - wifi: rtw89: fix incorrect channel info during scan due to ppdu_sts filtering (Inigo Huguet) [2196821] - wifi: rtw89: remove superfluous H2C of join_info (Inigo Huguet) [2196821] - wifi: rtw89: set data lowest rate according to AP supported rate (Inigo Huguet) [2196821] - wifi: rtw89: add counters of register-based H2C/C2H (Inigo Huguet) [2196821] - wifi: rtw89: coex: Update Wi-Fi Bluetooth coexistence version to 7.0.1 (Inigo Huguet) [2196821] - wifi: rtw89: coex: Add report control v5 variation (Inigo Huguet) [2196821] - wifi: rtw89: coex: Update RTL8852B LNA2 hardware parameter (Inigo Huguet) [2196821] - wifi: rtw89: coex: Not to enable firmware report when WiFi is power saving (Inigo Huguet) [2196821] - wifi: rtw89: coex: Add LPS protocol radio state for RTL8852B (Inigo Huguet) [2196821] - bus: mhi: pci_generic: Add Foxconn T99W510 (Inigo Huguet) [2196821] - bus: mhi: host: Use ERANGE for BHIOFF/BHIEOFF range check (Inigo Huguet) [2196821] - bus: mhi: host: Range check CHDBOFF and ERDBOFF (Inigo Huguet) [2196821] - wifi: mwifiex: remove unused evt_buf variable (Inigo Huguet) [2196821] - wifi: brcmsmac: ampdu: remove unused suc_mpdu variable (Inigo Huguet) [2196821] - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() (Inigo Huguet) [2196821] - wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() (Inigo Huguet) [2196821] - wifi: brcmsmac: remove unused has_5g variable (Inigo Huguet) [2196821] - wifi: b43legacy: remove unused freq_r3A_value function (Inigo Huguet) [2196821] - wifi: rtlwifi: Replace fake flex-array with flex-array member (Inigo Huguet) [2196821] - wifi: rtw88: Remove redundant pci_clear_master (Inigo Huguet) [2196821] - wifi: rndis_wlan: Replace fake flex-array with flexible-array member (Inigo Huguet) [2196821] - wifi: rndis_wlan: clean up a type issue (Inigo Huguet) [2196821] - wifi: rtw88: remove unused rtw_pci_get_tx_desc function (Inigo Huguet) [2196821] - wifi: rsi: Slightly simplify rsi_set_channel() (Inigo Huguet) [2196821] - wifi: ipw2x00: remove unused _ipw_read16 function (Inigo Huguet) [2196821] - wifi: mac80211: enable EHT mesh support (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: correctly use link in iwl_mvm_sta_del() (Inigo Huguet) [2196821] - wifi: iwlwifi: separate AP link management queues (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: free probe_resp_data later (Inigo Huguet) [2196821] - wifi: iwlwifi: bump FW API to 75 for AX devices (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: move max_agg_bufsize into host TLC lq_sta (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: send full STA during HW restart (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: rework active links counting (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: update mac config when assigning chanctx (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: use the correct link queue (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: clean up mac_id vs. link_id in MLD sta (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: fix station link data leak (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: initialize max_rc_amsdu_len per-link (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: use appropriate link for rate selection (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: use the new lockdep-checking macros (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: remove chanctx WARN_ON (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: avoid sending MAC context for idle (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: remove only link-specific AP keys (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: skip inactive links (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: adjust iwl_mvm_scan_respect_p2p_go_iter() for MLO (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: rxmq: report link ID to mac80211 (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: use bcast/mcast link station id (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: translate management frame address (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: implement mac80211 callback change_sta_links (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: use the link sta address (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: adjust rs init to MLO (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: adjust radar detection to MLO (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: adjust iwl_mvm_sec_key_remove_ap to MLO (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: make a few warnings only trigger once (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: coex: start handling multiple links (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: rs-fw: don't crash on missing channel (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: use STA link address (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: skip MEI update for MLO (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: fix narrow RU check for MLO (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: make some HW flags conditional (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: implement link change ops (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: adjust some cleanup functions to MLO (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: refactor iwl_mvm_mac_sta_state_common() (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: update iwl_mvm_tx_reclaim() for MLO (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: adjust to MLO assign/unassign/switch_vif_chanctx() (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: add fw link id allocation (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: adjust internal stations to MLO (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: replace bss_info_changed() with vif_cfg/link_info_changed() (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: add link_conf parameter for add/remove/change link (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: don't check dtim_period in new API (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: adjust SMPS for MLO (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: add set_hw_timestamp to mld ops (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: add link to firmware earlier (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: adjust some PS and PM methods to MLD (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: adjust mld_mac_ctxt_/beacon_changed() for MLO (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: adjust smart fifo configuration to MLO (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: align to the LINK cmd update in the FW (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: always use the sta->addr as the peers addr (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: modify link instead of removing it during csa (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: fix crash on queue removal for MLD API too (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: fix 'modify_mask' value in the link cmd. (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: add all missing ops to iwl_mvm_mld_ops (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: add support for post_channel_switch in MLD mode (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: unite sta_modify_disable_tx flows (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: add cancel/remain_on_channel for MLD mode (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: refactor iwl_mvm_roc() (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: add some new MLD ops (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: add sta handling flows for MLD mode (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: add an indication that the new MLD API is used (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: sta preparation for MLO (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: vif preparation for MLO (Inigo Huguet) [2196821] - wifi: nl80211: support advertising S1G capabilities (Inigo Huguet) [2196821] - wifi: mac80211: S1G capabilities information element in probe request (Inigo Huguet) [2196821] - mac80211: minstrel_ht: remove unused n_supported variable (Inigo Huguet) [2196821] - wifi: iwlwifi: mvm: Use 64-bit division helper in iwl_mvm_get_crosstimestamp_fw() (Inigo Huguet) [2196821] - wifi: carl9170: Replace fake flex-array with flexible-array member (Inigo Huguet) [2196821] - wifi: carl9170: Fix multiple -Warray-bounds warnings (Inigo Huguet) [2196821] ... IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-3594 CVE-2023-4194 CVE-2023-35825 CVE-2023-3141 CVE-2023-26545 CVE-2022-3565 CVE-2022-38457 CVE-2022-42895 CVE-2023-3161 CVE-2023-3358 CVE-2022-40133 CVE-2023-1074 CVE-2023-1076 CVE-2023-30456 CVE-2023-0597 CVE-2023-1073 CVE-2023-1075 CVE-2023-1249 CVE-2023-1989 CVE-2022-3523 CVE-2023-1206 CVE-2023-3773 CVE-2023-4155 CVE-2023-4207 CVE-2023-4208 CVE-2023-4273 CVE-2023-1855 CVE-2023-3212 CVE-2023-4128 CVE-2023-33203 CVE-2023-33952 CVE-2022-40982 CVE-2023-3268 CVE-2023-3609 CVE-2023-1252 CVE-2023-1652 CVE-2023-33951 CVE-2023-1079 CVE-2023-4206 CVE-2023-39191 CVE-2023-3772 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/o:oracle:linux:9:3:baseos_base cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [0.23.0-2] - Fix regression in handling OpenPGP cards - Fix CVE-2023-2977: buffer overrun in pkcs15init for cardos [0.23.0-1] - Rebase to latest 0.23.0 release (#2100409) - Use separate OpenSSL context to work better from inside of OpenSSL providers LOW Copyright 2023 Oracle, Inc. CVE-2023-2977 cpe:/o:oracle:linux:9:3:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [2.35.2-42.0.1] - Forward-port Oracle patches to 2.35.2-42. MODERATE Copyright 2023 Oracle, Inc. CVE-2022-4285 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/o:oracle:linux:9:3:baseos_base cpe:/a:oracle:linux:9::distro_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [20230516-999.27.git6c9e0ed5.el9] - Update firmware for qat_4xxx devices (Orabug: 35811008) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2022-40964 CVE-2022-27635 CVE-2023-20569 CVE-2022-38076 CVE-2022-36351 CVE-2022-46329 cpe:/o:oracle:linux:9:3:baseos_base cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:2:baseos_patch Oracle Linux 9 [1:2.3.3op2-21] - bump the spec because the previous build was made with buildroot 9.2 [1:2.3.3op2-20] - CVE-2023-32360 cups: Information leak through Cups-Get-Document operation [1:2.3.3op2-19] - CVE-2023-34241 cups: use-after-free in cupsdAcceptClient() in scheduler/client.c - CVE-2023-32324 cups: heap buffer overflow may lead to DoS [1:2.3.3op2-19] - 2217177 - Delays printing to lpd when reserved ports are exhausted - 2217284 - The command 'cancel -x <job>' does not remove job files - 2217954 - Enlarge backlog queue for listen() in cupsd [1:2.3.3op2-18] - 2189919 - CGI scripts don't work with local Negotiate authentication [1:2.3.3op2-17] - RHEL-314 - Enable fmf tests in centos stream [1:2.3.3op2-17] - RHEL-317 - upstream test suite fails due uncorrect number of expected warnings MODERATE Copyright 2023 Oracle, Inc. CVE-2023-34241 CVE-2023-32324 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/o:oracle:linux:9:3:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [36.0.1-4] - Fix FTBFS caused by rsa_pkcs1_implicit_rejection OpenSSL feature, resolves rhbz#2203840 [36.0.1-3] - Fix CVE-2023-23931: Don't allow update_into to mutate immutable objects, resolves rhbz#2172399 - Fix FTBFS due to failing test_load_invalid_ec_key_from_pem and test_decrypt_invalid_decrypt MODERATE Copyright 2023 Oracle, Inc. CVE-2023-23931 cpe:/o:oracle:linux:9:3:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [1.3.3-13] - Applied patch for for CVE-2022-48468 (#2186677) MODERATE Copyright 2023 Oracle, Inc. CVE-2022-48468 cpe:/o:oracle:linux:9:3:baseos_base cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_base Oracle Linux 9 [2.68.4-11] - Really fix authentication failures when sd-bus clients connect to GDBus servers - Resolves: #2217771 [2.68.4-10] - Fix authentication failures when sd-bus clients connect to GDBus servers - Resolves: #2217771 [2.68.4-9] - Resolve s390x crashes introduced by fixes for CVE-2023-24593/CVE-2023-25180 - Related: #2181196 - Related: #2181200 [2.68.4-8] - Resolve use after free introduced by fixes for CVE-2023-24593/CVE-2023-25180 - Related: #2181196 - Related: #2181200 [2.68.4-7] - Fix CVE-2023-24593 and CVE-2023-25180 - Resolves: #2181196 - Resolves: #2181200 LOW Copyright 2023 Oracle, Inc. CVE-2023-32665 CVE-2023-32611 CVE-2023-29499 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/o:oracle:linux:9:3:baseos_base cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [2:4.9-8] - gpasswd: fix password leak. Resolves: #2215948 [2:4.9-7] - useradd: check if subid range exists for user. Resolves: #2179987 - find_new_[gu]id: Skip over IDs that are reserved for legacy reasons. Resolves: #2179988 LOW Copyright 2023 Oracle, Inc. CVE-2023-4641 cpe:/o:oracle:linux:9:3:baseos_base cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_base Oracle Linux 9 [1.19.1-1] - Resolves: rhbz#2209564 - CVE-2023-31124 c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation [rhel-9] - Resolves: rhbz#2209556 - CVE-2023-31130 c-ares: Buffer Underwrite in ares_inet_net_pton() [rhel-9] - Resolves: rhbz#2209550 - CVE-2023-31147 c-ares: Insufficient randomness in generation of DNS query IDs [rhel-9] - Resolves: rhbz#2209520 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service [rhel-9.3.0] - Resolves: rhbz#2210370 - Rebase c-ares for RHEL 9.3 [1.17.1-6] - Resolves: rhbz#2170868 - c-ares: buffer overflow in config_sortlist() due to missing string length check [rhel-9] MODERATE Copyright 2023 Oracle, Inc. CVE-2022-4904 CVE-2023-31130 CVE-2023-31147 CVE-2023-31124 cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_base cpe:/o:oracle:linux:9:4:baseos_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [0.10.4-11] - Fix loglevel regression - Related: rhbz#2182252, rhbz#2189740 [0.10.4.10] - Fix null dereference issues found by covscan - Related: rhbz#2182252, rhbz#2189740 [0.10.4-9] - Fix CVE-2023-1667 and CVE-2023-2283 - Fix issues found by cosvcan - Resolves: rhbz#2182252, rhbz#2189740 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-2283 CVE-2023-1667 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/o:oracle:linux:9:3:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [3.9.18-1] - Update to 3.9.18 - Security fix for CVE-2023-40217 Resolves: RHEL-3043 [3.9.17-2] - Fix symlink handling in the fix for CVE-2023-24329 Resolves: rhbz#263261 [3.9.17-1] - Update to 3.9.17 - Security fix for CVE-2023-24329 Resolves: rhbz#2173917 [3.9.16-2] - Add filters for tarfile extraction (CVE-2007-4559, PEP-706) Resolves: rhbz#263261 MODERATE Copyright 2023 Oracle, Inc. CVE-2007-4559 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/o:oracle:linux:9:3:baseos_base cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [1:6.2.0-13] - Fix: previous commit removed one function from the library and thus broke the ABI - function gmpn_preinv_divrem_1 should now not be removed Related: rhbz#2044216 [1:6.2.0-12] - Add SIMD optimization patches for s390x (provided by the IBM) Resolves: rhbz#2044216 [1:6.2.0-11] Fix: Integer overflow and resultant buffer overflow via crafted input Resolves: CVE-2021-43618 LOW Copyright 2023 Oracle, Inc. CVE-2021-43618 cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_base cpe:/o:oracle:linux:9:4:baseos_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 evolution-mapi [3.40.1-6] - Related: #2190415 (Rebuild against samba 4.18) openchange [2.3-41] - Related: #2190415 (Rebuild against samba 4.18) samba [4.18.6-100] - related: rhbz#2190415 - Update to version 4.18.6 - resolves: rhbz#2211617 - Fix the rpcclient dfsgetinfo command [4.18.5-100] - resolves: rhbz#2222895 - Fix CVE-2022-2127 CVE-2023-3347 CVE-2023-34966 CVE-2023-34967 CVE-2023-34968 [4.18.4-102] - resolves: rhbz#2222883 - Fix trust relationship between workstation and DC [4.18.4-101] - resolves: rhbz#2216712 - Fix broken symlink for libwbclient - resolves: rhbz#2214327 - Fix segfault of winbind child when listing users with winbind scan trusted domains = yes - resolves: rhbz#2211605 - Fix access of Samba share with veto files = /.*/ - resolves: rhbz#2207692 - Fix Python tarfile extraction to avoid a warning [4.18.4-100] - resolves: rhbz#2190415 - Update to version 4.18.4 [4.18.3-100] - resolves: rhbz#2190415 - Update to version 4.18.3 [4.18.2-101] - resolves: rhbz#2187313 - Fix weak dependencies in BaseOS [4.18.2-100] - resolves: rhbz#2190415 - Update to version 4.18.2 [4.17.5-104] - related: rhbz#2182163 - Rebuild for liburing rebase to version 2.3 [4.17.5-102] - resolves: rhbz#2169980 - Fix winbind memory leak - resolves: rhbz#2156056 - Fix Samba shares not accessible issue [4.17.5-101] - resolves: rhbz#2168534 - Create package samba-tools [4.17.5-100] - related: rhbz#2131993 - Update to version 4.17.5 [4.17.4-102] - related: rhbz#2131993 - Create package dc-libs also for 'non-dc build' [4.17.4-101] - related: rhbz#2131993 - Rebuild for MIT Kerberos 1.20.1 [4.17.4-100] - related: rhbz#2131993 - Update to version 4.17.4 - resolves: rhbz#2154373 - Fix CVE-2022-38023 - resolves: rhbz#2143196 - Fix %U include directive for share listing (netshareenum) - resolves: rhbz#2114884 - Fix id command to return new groups after successful user login - resolves: rhbz#2154885 - Fix Winbind to retrieve user groups from Active Directory [4.17.2-103] - Always add epoch to samba_depver to fix osci.brew-build.rpmdeplint.functional - related: rhbz#2131993 [4.17.2-102] - Fix CVE-2022-1615 GnuTLS gnutls_rnd() can fail and give predictable random values - resolves: rhbz#2126175 [4.17.2-101] - resolves: rhbz#2131993 - Update to version 4.17.2 [4.16.4-101] - resolves: rhbz#2121317 - Do not require samba package in python3-samba [4.16.4-100] - Rebase to version 4.16.4 - resolves: rhbz#2108332 - Fix CVE-2022-32742 [ 4.16.3-101] - related: rhbz#2077487 - Rebase Samba to 4.16.3 - resolves: rhbz#2097655 - The pcap background queue process should not be stopped - resolves: rhbz#2100105 - Fix net ads info LDAP server and LDAP server name [4.16.2-102] - resolves: rhbz#2106279 - Fix crash in rpcd_classic [4.16.2-101] - resolves: rhbz#2093833 - Fix weak dependency on logrotate - resolves: rhbz#2096813 - Fix printer displays only after 300 seconds timeout [4.16.2-100] - Fix rpminspect abidiff - related: rhbz#2077487 - Rebase Samba to 4.16.2 [4.16.1-100] - resolves: rhbz#2077487 - Rebase Samba to the the latest 4.16.x release [4.15.5-108] - resolves: rhbz#2078838 - Fix UPNs handling in lookup_name*() calls [4.15.5-106] - resolves: rhbz#2065376 - Fix 'create krb5 conf = yes when a KDC has a single IP address. - resolves: rhbz#2076504 - PAM Kerberos authentication fails with a clock skew error [4.15.5-105] - resolves: rhbz#2074891 - Fix username map for unix groups [4.15.5-104] - resolves: rhbz#2057500 - Fix winbind kerberos ticket refresh [4.15.5-103] - related: rhbz#2044231 - Fix typo in testparm output [4.15.5-102] - resolves: rhbz#2044231 - Improve idmap autorid sanity checks and documentation [4.15.5-101] - resolves: #2050111 - [RFE] Change change password change prompt phrasing - resolves: #2054110 - virusfilter_vfs_openat: Not scanned: Directory or special file [4.15.5-100] - related: rhbz#2013578 - Rebase Samba to the the latest 4.15.x release - resolves: #2046129 - Fix CVE-2021-44141 - resolves: #2046154 - Fix CVE-2021-44142 - resolves: #2044405 - Fix printing no longer works on Windows 7 - resolves: #2049485 - Fix systemd notifications - resolves: #2049604 - Disable NTLMSSP for ldap client connections [4.15.4-100] - related: rhbz#2013578 - Rebase Samba to the the latest 4.15.x release - resolves: #2039154 - Fix CVE-2021-20316 - resolves: #2044238 - Failed to authenticate users after upgrade samba package to release samba-4.14.5-7x - resolves: #2044239 - [smb] Segmentation fault when joining the domain - resolves: #2044241 - filename_convert_internal: open_pathref_fsp [xxx] failed: NT_STATUS_ACCESS_DENIED - resolves: #2044255 - Fix CVE-2021-43566 [4.15.3-1] - related: rhbz#2013578 - Rebase to Samba 4.15.3 - resolves: rhbz#2028026 - Fix possible null pointer dereference in winbind - resolves: rhbz#2033317 - Winexe: Kerberos Auth is respected via --use-kerberos=desired [4.15.2-3] - related: rhbz#2013578 - Remove unneeded lmdb dependency [4.15.2-2] - resolves: rhbz#2019675 - Fix CVE-2020-25717 [4.15.2-2] - resolves: rhbz#2019669 - Fix CVE-2021-23192 [4.15.2-2] - resolves: rhbz#2019663 - Fix CVE-2016-2124 [4.15.2-1] - resolves: rhbz#2013578 - Rebase to Samba 4.15.2 [4.14.5-103] - resolves: rhbz#1980356 - Fix winbind restart on package upgrade MODERATE Copyright 2023 Oracle, Inc. CVE-2023-34967 CVE-2023-34968 CVE-2023-34966 CVE-2022-2127 cpe:/a:oracle:linux:9::distro_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_base cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [7.76.1-26] - unify the upload/method handling (CVE-2023-28322) - fix host name wildcard checking (CVE-2023-28321) [7.76.1-25] - adapt the fix of CVE-2023-27535 for RHEL 9 curl [7.76.1-24] - fix SSH connection too eager reuse still (CVE-2023-27538) - fix GSS delegation too eager connection re-use (CVE-2023-27536) - fix FTP too eager connection reuse (CVE-2023-27535) - fix SFTP path ~ resolving discrepancy (CVE-2023-27534) - fix TELNET option IAC injection (CVE-2023-27533) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-27533 CVE-2023-27536 CVE-2023-27538 CVE-2023-27534 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/o:oracle:linux:9:3:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [3.2.2-2] - Remove misapplied license Resolves: rhbz#2160307 [3.2.2-1] - Rebase to 3.2.2 - Use systemd-sysusers to create user Resolves: CVE-2023-22745 Resolves: rhbz#2095479 Resolves: rhbz#2160307 Resolves: rhbz#2162613 LOW Copyright 2023 Oracle, Inc. CVE-2023-22745 cpe:/o:oracle:linux:9:3:baseos_base cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_base Oracle Linux 9 [21.2.3-7] - Use tarfile.data_filter for extracting (CVE-2007-4559, PEP-721, PEP-706) Resolves: RHBZ#2207997 MODERATE Copyright 2023 Oracle, Inc. CVE-2007-4559 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/o:oracle:linux:9:3:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [6.2-10.20210508] - ignore TERMINFO and HOME only if setuid/setgid/capability (#2211666) [6.2-9.20210508] - fix buffer overflow on terminfo with too many capabilities (CVE-2023-29491) - ignore TERMINFO and HOME environment variables if running as root (#2211666) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-29491 cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_base cpe:/o:oracle:linux:9:4:baseos_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [1.21.1-1.0.1] - Fixed race condition in krb5_set_password() [Orabug: 33609767] [1.21.1-1] - New upstream version (1.21.1) - Fix double-free in KDC TGS processing (CVE-2023-39975) - Add support for 'pac_privsvr_enctype' KDB string attribute Resolves: rhbz#2060421 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-39975 CVE-2023-36054 cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_base cpe:/o:oracle:linux:9:4:baseos_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [3.3.17-13.0.1] - ps: remove uptime integer conversion [Orabug: 35909347] - ps: improved three elapsed 'jiffies/tics' calculations [Orabug: 35909347] [3.3.17-13] - ps: mitigation of possible buffer overflow - Resolves: rhbz#2228504 [3.3.17-12] - sysctl: '-N' option shows values instead of names if '-p' - Resolves: rhbz#2222056 LOW Copyright 2023 Oracle, Inc. CVE-2023-4016 cpe:/o:oracle:linux:9:3:baseos_base cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [0.8-15] - Fix CVE-2023-1981 (#2186689) [0.8-14] - Fix CVE-2021-3502 (#1949949) [0.8-13] - Fix CVE-2021-3468 (#1944092) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-1981 CVE-2021-3502 CVE-2021-3468 cpe:/a:oracle:linux:9::distro_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_base cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [1:0.36.2-8] - Security fix for CVE-2022-40898 - Resolves: rhbz#2178881 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-40898 cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [9.54.0-14] - fix for CVE-2023-43115 - Resolves: RHEL-10184 [9.54.0-13] - fix for CVE-2023-38559 - Resolves: rhbz#2224372 [9.54.0-12] - fix for CVE-2023-36664 - Resolves: rhbz#2217810 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-43115 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1:21.0.1.0.12-2.0.1] - Add Oracle vendor bug URL [1:21.0.1.0.12-2] - Switch to using portable binaries built on RHEL 7 - Sync the copy of the portable specfile with the RHEL 7 version - Related: RHEL-12997 [1:21.0.1.0.12-1] - Update to jdk-21.0.1.0+12 (GA) - Update release notes to 21.0.1.0+12 - Sync the copy of the portable specfile with the latest update - Update openjdk_news script to specify subdirectory last - Add missing discover_trees script required by openjdk_news - Synchronise bundled versions with 21u sources (FreeType, LCMS, HarfBuzz, libpng) - Sync generate_tarball.sh with 11u & 17u version - Update bug URL for RHEL to point to the Red Hat customer portal - Fix upstream release URL for OpenJDK source - Following JDK-8005165, class data sharing can be enabled on all JIT architectures - Use tapsets from the misc tarball - Introduce 'prelease' for the portable release versioning, to handle EA builds - Make sure root installation directory is created first - Use in-place substitution for all but the first of the tapset changes - Synchronise runtime and buildtime tzdata requirements - Remove ghosts for binaries not in java-21-openjdk (pack200, rmid, unpack200) - Add missing jfr, jpackage and jwebserver alternative ghosts - Move jcmd to the headless package - Revert alt-java binary location to being within the JDK tree - Resolves: RHEL-12997 - Resolves: RHEL-14954 - Resolves: RHEL-14962 - Resolves: RHEL-14958 - Related: RHEL-14946 - Resolves: RHEL-14959 - Resolves: RHEL-14948 [1:21.0.1.0.12-1] - Exclude classes_nocoops.jsa on i686 and arm32 - Related: RHEL-14946 [1:21.0.1.0.12-1] - Fix packaging of CDS archives - Resolves: RHEL-14946 [1:21.0.0.0.35-2] - Update documentation (README.md) - Replace alt-java patch with a binary separate from the JDK - Drop stale patches that are of little use any more: - * nss.cfg has been disabled since early PKCS11 work and long superseded by FIPS work - * No accessibility subpackage to warrant RH1648242 & RH1648644 patches any more - * No use of system libjpeg turbo to warrant RH649512 patch any more - Replace RH1684077 pcsc-lite-libs patch with better JDK-8009550 fix being upstreamed - Adapt alt-java test to new binary where there is always a set_speculation function - Related: RHEL-12997 [1:21.0.0.0.35-1] - Update to jdk-21.0.0+35 - Update system crypto policy & FIPS patch from new fips-21u tree - Update generate_tarball.sh to sync with upstream vanilla script inc. no more ECC removal - Drop fakefeaturever now it is no longer needed - Change top_level_dir_name to use the VCS tag, matching new upstream release style tarball - Use upstream release URL for OpenJDK source - Re-enable tzdata tests now we are on the latest JDK and things are back in sync - Install jaxp.properties introduced by JDK-8303530 - Install lible.so introduced by JDK-8306983 - Related: RHEL-12997 [1:21.0.0.0.35-1] - Replace smoke test files used in the staticlibs test, as fdlibm was removed by JDK-8303798 - Related: RHEL-12997 [1:20.0.0.0.36-1] - Update to jdk-20.0.2+9 - Update release notes to 20.0.2+9 - Update system crypto policy & FIPS patch from new fips-20u tree - Update generate_tarball.sh ICEDTEA_VERSION - Update CLDR reference data following update to 42 (Rocky Mountain-Normalzeit => Rocky-Mountain-Normalzeit) - Related: RHEL-12997 [1:20.0.0.0.36-1] - Dropped JDK-8295447, JDK-8296239 & JDK-8299439 patches now upstream - Adapted rh1750419-redhat_alt_java.patch - Related: RHEL-12997 [1:19.0.1.0.10-1] - Update to jdk-19.0.2 release - Update release notes to 19.0.2 - Rebase FIPS patches from fips-19u branch - Remove references to sample directory removed by JDK-8284999 - Add local patch JDK-8295447 (javac NPE) which was accepted into 19u upstream but not in the GA tag - Add local patches for JDK-8296239 & JDK-8299439 (Croatia Euro update) which are present in 8u, 11u & 17u releases - Related: RHEL-12997 [1:18.0.2.0.9-1] - Update to jdk-18.0.2 release - Support JVM variant zero following JDK-8273494 no longer installing Zero's libjvm.so in the server directory - Rebase FIPS patches from fips-18u branch - Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch - Drop now unused fresh_libjvm, build_hotspot_first, bootjdk and buildjdkver variables, as we don't build a JDK here - Drop tzdata patches added for 17.0.7 which will eventually appear in the upstream tarball when we reach OpenJDK 21 - Disable tzdata tests until we are on the latest JDK and things are back in sync - Use empty nss.fips.cfg until it is again available via the FIPS patch - Related: RHEL-12997 [1:18.0.2.0.9-1] - Update to ea version of jdk18 - Add new slave jwebserver and corresponding manpage - Adjust rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch - Related: RHEL-12997 [1:18.0.2.0.9-1] - Add javaver- and origin-specific javadoc and javadoczip alternatives. - Related: RHEL-12997 [1:17.0.7.0.7-4] - Add files missed by centpkg import. - Related: rhbz#2192748 [1:17.0.7.0.7-3] - Create java-21-openjdk package based on java-17-openjdk - Related: rhbz#2192748 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-22025 CVE-2023-22081 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [4.18.6-101] - resolves: RHEL-11937 Fix CVE-2023-3961 - smbd must check the pipename - resolves: RHEL-11937 Fix CVE-2023-4091 - SMB clients can truncate files - resolves: RHEL-11937 Fix CVE-2023-42669 - Remove rpcecho server MODERATE Copyright 2023 Oracle, Inc. CVE-2023-3961 CVE-2023-4091 CVE-2023-42669 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [7.76.1-26.el9_3.2] - fix cookie injection with none file (CVE-2023-38546) [7.76.1-26.el9_3.1] - socks: return error if hostname too long for remote resolve (CVE-2023-38545) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-38546 CVE-2023-38545 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [1.43.0-5.1] - fix HTTP/2 Rapid Reset (CVE-2023-44487) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-44487 cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_base Oracle Linux 9 [7:5.5-6.1] - Resolves: RHEL-14819 - squid: squid: denial of Servicein FTP - Resolves: RHEL-14807 - squid: squid: Denial of Service in HTTP Digest Authentication - Resolves: RHEL-14780 - squid: squid: Request/Response smuggling in HTTP/1.1 and ICAP [7:5.5-6] - Resolves: #2231827 - Crash with half_closed_client on CRITICAL Copyright 2023 Oracle, Inc. CVE-2023-46847 CVE-2023-46846 CVE-2023-46848 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [8.0.100-2.0.1] - Update to .NET 8.0 [8.0.100~rc.2-0.1.0.1] - Add support for Oracle Linux [8.0.100~rc.2-0.1] - Update to .NET 8 RC 2 - Resolves: RHEL-13790 [8.0.100~rc.1-0.4] - Disable bootstrap - Related: RHEL-4074 [8.0.100~rc.1-0.3] - Add backported patches for additional s390x issues - Related: RHEL-4074 [8.0.100~rc.1-0.2] - Add patches to fix mono and arm64 issues - Include libmono-*.a files in the SDK - Fix CI configuration - Related: RHEL-4074 [8.0.100~rc.1-0.1] - Update to .NET SDK 8.0.100 RC 1 and Runtime 8.0.0 RC 1 - Resolves: RHEL-4074 [8.0.100~preview.7-0.2] - Add patch to work around TypeLoadException in Mono - Related: RHBZ#2224124 [8.0.100~preview.7-0.1] - Update to .NET SDK 8.0.100 Preview 7 and Runtime 8.0.0 Preview 7 [8.0.100~preview.6-0.2] - Remove lttng and other tracing-specific dependencies from the runtime package [8.0.100~preview.6-0.1] - Update to .NET SDK 8.0.100 Preview 6 and Runtime 8.0.0 Preview 6 [8.0.100~preview.5-0.2] - Fix release.json and sourcelink references [8.0.100~preview.5-0.1] - Update to .NET SDK 8.0.100 Preview 5 and Runtime 8.0.0 Preview 5 [8.0.100~preview.3-0.1] - Update to .NET SDK 8.0.100 Preview 3 and Runtime 8.0.0 Preview 3 [8.0.100~preview.2-0.1] - Update to .NET SDK 8.0.100 Preview 2 and Runtime 8.0.0 Preview 2 [8.0.100~preview.1-0.1] - Update to .NET SDK 8.0.100 Preview 1 and Runtime 8.0.0 Preview 1 [7.0.102-1] - Update to .NET SDK 7.0.102 and Runtime 7.0.2 [7.0.101-1] - Update to .NET SDK 7.0.101 and Runtime 7.0.1 [7.0.100-1] MODERATE Copyright 2023 Oracle, Inc. CVE-2023-36558 CVE-2023-36049 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [7.0.114-1.0.1] - Update to .NET SDK 7.0.114 and Runtime 7.0.14 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-36049 CVE-2023-36558 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [6.0.125-1.0.1] - Update to .NET SDK 6.0.125 and Runtime 6.0.25 - Add support for Oracle Linux MODERATE Copyright 2023 Oracle, Inc. CVE-2023-36558 CVE-2023-36049 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [12.2.5-3.0.1.2] - Address CVE-2023-34058 - BZ 2246963 - SAML token signature token bypass. - Address CVE-2023-34059 - BZ 2246962 - vmware-user-suid-wrapper IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-34058 CVE-2023-34059 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [- 7:5.5-6.2] - Fix: squid: DoS against HTTP and HTTPS (CVE-2023-5824) IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-5824 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [115.5.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [115.5.0-1] - Update to 115.5.0 build1 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-6205 CVE-2023-6206 CVE-2023-6212 CVE-2023-6209 CVE-2023-6207 CVE-2023-6204 CVE-2023-6208 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [115.5.0-1.0.1] - Update to 115.5.0 build1 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-6205 CVE-2023-6212 CVE-2023-6208 CVE-2023-6209 CVE-2023-6206 CVE-2023-6204 CVE-2023-6207 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1.7.0-12] - fix integer bounds checking in apr_encode_* Resolves: RHEL-17123 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-24963 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [3.1.2-4] - Backport stricter seccomp jail Resolves: RHEL-12469 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-5557 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [2.40.5-1.1] - Add patch for CVE-2023-42917 Resolves: rhbz#2253058 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-42917 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [2.9.13-5] - Fix CVE-2023-39615 (RHEL-5180) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-39615 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9:4:baseos_base cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [5.14.0-362.13.1.el9_3.OL9] - x86/retpoline: Document some thunk handling aspects (Borislav Petkov) {CVE-2023-20569} - objtool: Fix return thunk patching in retpolines (Josh Poimboeuf) {CVE-2023-20569} - x86/srso: Remove unnecessary semicolon (Yang Li) {CVE-2023-20569} - x86/calldepth: Rename __x86_return_skl() to call_depth_return_thunk() (Josh Poimboeuf) {CVE-2023-20569} - x86/nospec: Refactor UNTRAIN_RET[_*] (Josh Poimboeuf) {CVE-2023-20569} - x86/rethunk: Use SYM_CODE_START[_LOCAL]_NOALIGN macros (Josh Poimboeuf) {CVE-2023-20569} - x86/srso: Disentangle rethunk-dependent options (Josh Poimboeuf) {CVE-2023-20569} - x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (Josh Poimboeuf) {CVE-2023-20569} - x86/bugs: Remove default case for fully switched enums (Josh Poimboeuf) {CVE-2023-20569} - x86/srso: Remove 'pred_cmd' label (Josh Poimboeuf) {CVE-2023-20569} - x86/srso: Unexport untraining functions (Josh Poimboeuf) {CVE-2023-20569} - x86/srso: Improve i-cache locality for alias mitigation (Josh Poimboeuf) {CVE-2023-20569} - x86/srso: Fix unret validation dependencies (Josh Poimboeuf) {CVE-2023-20569} - x86/srso: Fix vulnerability reporting for missing microcode (Josh Poimboeuf) {CVE-2023-20569} - x86/srso: Print mitigation for retbleed IBPB case (Josh Poimboeuf) {CVE-2023-20569} - x86/srso: Print actual mitigation if requested mitigation isn't possible (Josh Poimboeuf) [RHEL-8594] {CVE-2023-20569} - x86/srso: Fix SBPB enablement for (possible) future fixed HW (Josh Poimboeuf) {CVE-2023-20569} - x86,static_call: Fix static-call vs return-thunk (Peter Zijlstra) {CVE-2023-20569} - x86/alternatives: Remove faulty optimization (Josh Poimboeuf) {CVE-2023-20569} - x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (Josh Poimboeuf) {CVE-2023-20569} - x86/srso: Don't probe microcode in a guest (Josh Poimboeuf) {CVE-2023-20569} - x86/srso: Set CPUID feature bits independently of bug or mitigation status (Josh Poimboeuf) {CVE-2023-20569} - x86/srso: Fix srso_show_state() side effect (Josh Poimboeuf) {CVE-2023-20569} - x86/cpu: Fix amd_check_microcode() declaration (Arnd Bergmann) {CVE-2023-20569} - x86/srso: Correct the mitigation status when SMT is disabled (Borislav Petkov) {CVE-2023-20569} - x86/static_call: Fix __static_call_fixup() (Peter Zijlstra) {CVE-2023-20569} - objtool/x86: Fixup frame-pointer vs rethunk (Peter Zijlstra) {CVE-2023-20569} - x86/srso: Explain the untraining sequences a bit more (Borislav Petkov) {CVE-2023-20569} - x86/cpu/kvm: Provide UNTRAIN_RET_VM (Peter Zijlstra) {CVE-2023-20569} - x86/cpu: Cleanup the untrain mess (Peter Zijlstra) {CVE-2023-20569} - x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (Peter Zijlstra) {CVE-2023-20569} - x86/cpu: Rename original retbleed methods (Peter Zijlstra) {CVE-2023-20569} - x86/cpu: Clean up SRSO return thunk mess (Peter Zijlstra) {CVE-2023-20569} - x86/alternative: Make custom return thunk unconditional (Peter Zijlstra) {CVE-2023-20569} - objtool/x86: Fix SRSO mess (Peter Zijlstra) {CVE-2023-20569} - x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (Peter Zijlstra) {CVE-2023-20569} - x86/cpu: Fix __x86_return_thunk symbol type (Peter Zijlstra) {CVE-2023-20569} - x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (Petr Pavlu) {CVE-2023-20569} - x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (Petr Pavlu) {CVE-2023-20569} - x86/srso: Disable the mitigation on unaffected configurations (Borislav Petkov) {CVE-2023-20569} - x86/CPU/AMD: Fix the DIV(0) initial fix attempt (Borislav Petkov) {CVE-2023-20588} - x86/retpoline: Don't clobber RFLAGS during srso_safe_ret() (Sean Christopherson) {CVE-2023-20569} - x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (Cristian Ciocaltea) {CVE-2023-20593} - driver core: cpu: Fix the fallback cpu_show_gds() name (Borislav Petkov) {CVE-2023-20569} - x86: Move gds_ucode_mitigated() declaration to header (Arnd Bergmann) {CVE-2023-20569} - x86/speculation: Add cpu_show_gds() prototype (Arnd Bergmann) {CVE-2023-20569} - driver core: cpu: Make cpu_show_not_affected() static (Borislav Petkov) {CVE-2023-20569} - x86/srso: Fix build breakage with the LLVM linker (Nick Desaulniers) {CVE-2023-20569} - Documentation/srso: Document IBPB aspect and fix formatting (Borislav Petkov) {CVE-2023-20569} - driver core: cpu: Unify redundant silly stubs (Borislav Petkov) {CVE-2023-20569} - Documentation/hw-vuln: Unify filename specification in index (Borislav Petkov) {CVE-2023-20569} - x86/CPU/AMD: Do not leak quotient data after a division by 0 (Borislav Petkov) {CVE-2023-20588} - x86/srso: Tie SBPB bit setting to microcode patch detection (Borislav Petkov) {CVE-2023-20569} - x86/srso: Add a forgotten NOENDBR annotation (Borislav Petkov) {CVE-2023-20569} - x86/srso: Fix return thunks in generated code (Josh Poimboeuf) {CVE-2023-20569} - x86/srso: Add IBPB on VMEXIT (Borislav Petkov) {CVE-2023-20569} - x86/srso: Add IBPB (Borislav Petkov) {CVE-2023-20569} - x86/srso: Add SRSO_NO support (Borislav Petkov) {CVE-2023-20569} - x86/srso: Add IBPB_BRTYPE support (Borislav Petkov) {CVE-2023-20569} - redhat/configs/x86: Enable CONFIG_CPU_SRSO (Borislav Petkov) {CVE-2023-20569} - x86/srso: Add a Speculative RAS Overflow mitigation (Borislav Petkov) {CVE-2023-20569} - x86/retbleed: Add __x86_return_thunk alignment checks (Borislav Petkov) {CVE-2023-20569} - x86/retbleed: Fix return thunk alignment (Borislav Petkov) {CVE-2023-20569} - x86/alternative: Optimize returns patching (Borislav Petkov) {CVE-2023-20569} - x86,objtool: Separate unret validation from unwind hints (Josh Poimboeuf) {CVE-2023-20569} - objtool: Add objtool_types.h (Josh Poimboeuf) {CVE-2023-20569} - objtool: Union instruction::{call_dest,jump_table} (Peter Zijlstra) {CVE-2023-20569} - x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (Peter Zijlstra) {CVE-2023-20569} - objtool: Fix SEGFAULT (Christophe Leroy) {CVE-2023-20569} - vmlinux.lds.h: add BOUNDED_SECTION* macros (Jim Cromie) {CVE-2023-20569} IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-5345 CVE-2023-20569 CVE-2023-1192 CVE-2023-45871 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [4.10.0-55.2] - python-certifi: Removal of e-Tugra root certificate (CVE-2023-37920) - python-urllib3: Cookie request header isn't stripped during cross-origin redirects (CVE-2023-43804) MODERATE Copyright 2023 Oracle, Inc. CVE-2023-43804 CVE-2023-37920 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::addons Oracle Linux 9 [0.40.0-6] - Backport fix for CVE-2022-44638 MODERATE Copyright 2023 Oracle, Inc. CVE-2022-44638 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [2:1.13.3-3] - Rebuild with golang 1.20.10 - Related: Jira:RHEL-2786 [2:1.13.3-2] - Rebuild with golang 1.21.3 - Related: Jira:RHEL-2786 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-29409 CVE-2023-39319 CVE-2023-39321 CVE-2023-39318 CVE-2023-39322 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [4:1.1.9-2] - Rebuild for CVEs: CVE-2023-39321 CVE-2023-39322 CVE-2023-29409 - Resolves: #2228743 - Resolves: #2237777 - Resolves: #2237778 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-39321 CVE-2023-29409 CVE-2023-39322 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1.31.3-2.0.1] - Rebuild for CVEs: CVE-2023-39318 CVE-2023-39319 CVE-2023-39321 CVE-2023-39322 CVE-2023-29409 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-29409 CVE-2023-39318 CVE-2023-39322 CVE-2023-39319 CVE-2023-39321 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [2:4.6.1-7.0.1] - Rebuild for following CVEs: CVE-2023-39318 CVE-2023-39319 CVE-2023-39321 CVE-2023-39322 CVE-2023-29409 - Resolves: #2228743 - Resolves: #2237773 - Resolves: #2237776 - Resolves: #2237777 - Resolves: #2237778 [2:4.6.1-6.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404] [2:4.6.1-6] - update to the latest content of https://github.com/containers/podman/tree/v4.6.1-rhel (https://github.com/containers/podman/commit/68e7ae0) - Related: Jira:RHEL-2112 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-39318 CVE-2023-39321 CVE-2023-39322 CVE-2023-29409 CVE-2023-39319 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1:1.3.0-6] - rebuild for following CVEs: CVE-2023-29409 CVE-2023-39318 CVE-2023-39319 CVE-2023-39321 CVE-2023-39322 - Resolves: #2228743 - Resolves: #2237773 - Resolves: #2237776 - Resolves: #2237777 - Resolves: #2237778 [1:1.3.0-5] - fix path to dhcp service - Resolves: #RHEL-3140 MODERATE Copyright 2023 Oracle, Inc. CVE-2023-39318 CVE-2023-39319 CVE-2023-39321 CVE-2023-39322 CVE-2023-29409 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [13.13-1.0.1] - Update to 13.13 - Fixes CVE-2023-5868, CVE-2023-5869, CVE-2023-5870, and CVE-2023-39417 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-39417 CVE-2023-5868 CVE-2023-5869 CVE-2023-5870 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 pgaudit pg_repack postgres-decoderbufs postgresql [15.5-1] - update to 15.5 - Fixes CVE-2023-5868, CVE-2023-5869, CVE-2023-5870, CVE-2023-39417, and CVE-2023-39418 Resolves: RHEL-16100, RHEL-16124, RHEL-16139 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-5870 CVE-2023-5868 CVE-2023-5869 CVE-2023-39417 CVE-2023-39418 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [1.22.1-2] - Patch CVE-2023-44429: AV1 codec parser heap-based buffer overflow - Patch CVE-2023-44446: MXF demuxer use-after-free - Resolves: RHEL-17030, RHEL-17039 IMPORTANT Copyright 2023 Oracle, Inc. CVE-2023-44446 CVE-2023-44429 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [0.23.0-3] - Fix file caching with different offsets (RHEL-4079) - Fix CVE-2023-40660: Potential PIN bypass - Fix CVE-2023-40661: Dynamic analyzers reports in pkcs15init - Fix CVE-2023-4535: Out-of-bounds read in MyEID driver handling encryption using symmetric keys - Fix CVE-2023-5992: Side-channel leaks while stripping encryption PKCS#1.5 padding MODERATE Copyright 2023 Oracle, Inc. CVE-2023-40661 CVE-2023-40660 CVE-2023-4535 cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [115.6.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Update to 115.6.0 build2 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-6858 CVE-2023-6859 CVE-2023-50762 CVE-2023-6861 CVE-2023-6864 CVE-2023-6857 CVE-2023-6860 CVE-2023-6856 CVE-2023-6863 CVE-2023-6862 CVE-2023-50761 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1.13.1-3.3] - xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty (CVE-2023-5367) - xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions (CVE-2023-6377) - xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty (CVE-2023-6478) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-5367 CVE-2023-6377 CVE-2023-6478 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [115.6.0-1.0.1] - Udate to 115.6.0 build1 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-6858 CVE-2023-6859 CVE-2023-6861 CVE-2023-6867 CVE-2023-6865 CVE-2023-6860 CVE-2023-6862 CVE-2023-6864 CVE-2023-6856 CVE-2023-6857 CVE-2023-6863 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [7:5.5-6.0.1.el9_3.5] - squid: Denial of Service in SSL Certificate validation (CVE-2023-46724) - squid: NULL pointer dereference in the gopher protocol code (CVE-2023-46728) - squid: Buffer over-read in the HTTP Message processing feature (CVE-2023-49285) - squid: Incorrect Check of Function Return Value In Helper Process management (CVE-2023-49286) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-46724 CVE-2023-49285 CVE-2023-46728 CVE-2023-49286 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [3.90.0-4] - CVE-2023-5388 nss: timing attack against RSA decryption. Make the final blinding multmod constant time. MODERATE Copyright 2024 Oracle, Inc. CVE-2023-5388 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [4.10.2-5.0.1] - Resolves: 2242828 Invalid CSRF protection (CVE-2023-5455) MODERATE Copyright 2024 Oracle, Inc. CVE-2023-5455 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [7.0.115-1.0.1] - Update to .NET SDK 7.0.115 and Runtime 7.0.15 [7.0.114-1.0.1] - Update to .NET SDK 7.0.114 and Runtime 7.0.14 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-0056 CVE-2024-0057 CVE-2024-21319 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [8.0.101-1.0.1] - Update to .NET SDK 8.0.101 and Runtime 8.0.1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-21319 CVE-2024-0056 CVE-2024-0057 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [6.0.126-1.0.1] - Add support for Oracle Linux [6.0.126-1] - Update to .NET SDK 6.0.126 and Runtime 6.0.26 [6.0.125-1] - Update to .NET SDK 6.0.125 and Runtime 6.0.25 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-0056 CVE-2024-0057 CVE-2024-21319 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1:21.0.2.0.13-1.0.1] - Add Oracle vendor bug URL [1:21.0.2.0.13-1] - Rebase to 21.0.2.0.13 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-20952 CVE-2024-20945 CVE-2024-20918 CVE-2024-20919 CVE-2024-20921 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 8 Oracle Linux 9 [1:1.8.0.402.b06-0.2.0.1] - Update to shenandoah-jdk8u402-b06 (GA) - Update release notes for shenandoah-8u402-b06. - Add Oracle vendor bug URL [Orabug: 34340155] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-20945 CVE-2024-20918 CVE-2024-20921 CVE-2024-20926 CVE-2024-20952 CVE-2024-20919 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 Oracle Linux 9 [1:11.0.22.0.7-2.0.1] - Update to openjdk-11.0.22+7 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-20918 CVE-2024-20921 CVE-2024-20919 CVE-2024-20926 CVE-2024-20945 CVE-2024-20952 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 Oracle Linux 9 [1:17.0.10.0.7-2.0.1] - Rebase to 17.0.10.0.7 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-20932 CVE-2024-20952 CVE-2024-20945 CVE-2024-20918 CVE-2024-20921 CVE-2024-20919 cpe:/a:oracle:linux:8:10:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 9 [1:3.0.7-25.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.7-25] - Provide relevant diagnostics when FIPS checksum is corrupted Resolves: RHEL-5317 - Don't limit using SHA1 in KDFs in non-FIPS mode. Resolves: RHEL-5295 - Provide empty evp_properties section in main OpenSSL configuration file Resolves: RHEL-11439 - Avoid implicit function declaration when building openssl Resolves: RHEL-1780 - Forbid explicit curves when created via EVP_PKEY_fromdata Resolves: RHEL-5304 - AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries (CVE-2023-2975) Resolves: RHEL-5302 - Excessive time spent checking DH keys and parameters (CVE-2023-3446) Resolves: RHEL-5306 - Excessive time spent checking DH q parameter value (CVE-2023-3817) Resolves: RHEL-5308 - Fix incorrect cipher key and IV length processing (CVE-2023-5363) Resolves: RHEL-13251 - Switch explicit FIPS indicator for RSA-OAEP to approved following clarification with CMVP Resolves: RHEL-14083 - Backport the check required by SP800-56Br2 6.4.1.2.1 (3.c) Resolves: RHEL-14083 - Add missing ECDH Public Key Check in FIPS mode Resolves: RHEL-15990 - Excessive time spent in DH check/generation with large Q parameter value (CVE-2023-5678) Resolves: RHEL-15954 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-5363 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 php [8.1.27-1] - rebase to 8.1.27 RHEL-19093 [8.1.14-1] - rebase to 8.1.14 [8.1.8-1] - update to 8.1.8 #2070040 [8.1.7-2] - clean unneeded dependency on useradd command [8.1.7-1] - update to 8.1.7 #2070040 [8.1.6-2] - add upstream patch to initialize pcre before mbstring - add upstream patch to use more sha256 in openssl tests [8.1.6-1] - update to 8.1.6 #2070040 php-pecl-apcu [5.1.21-1] - update to 5.1.21 for PHP 8.1 #2070040 php-pecl-rrd [2.0.3-4] - build for PHP 8.1 #2070040 php-pecl-xdebug3 [3.1.4-1] - update to 3.1.4 for PHP 8.1 #2070040 php-pecl-zip [1.20.1-1] - update to 1.20.1 for PHP 8.1 #2070040 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-0568 CVE-2023-0567 CVE-2023-3824 CVE-2023-3823 CVE-2023-3247 CVE-2023-0662 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [5.14.0-362.18.1.el9_3.OL9] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5.el9 - Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944] - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Disable unified kernel image package build - Add Oracle Linux IMA certificates [5.14.0] - Debranding patches copied from Rocky Linux (Louis Abel and Sherif Nagy from RESF) [5.14.0-362.18.1.el9_3] - nfp: fix use-after-free in area_cache_get() (Ricardo Robaina) [RHEL-19456 RHEL-19536 RHEL-6566 RHEL-7241] {CVE-2022-3545} - rtla: Fix uninitialized variable found (John Kacur) [RHEL-18360 RHEL-10079] - rtla/timerlat: Do not stop user-space if a cpu is offline (John Kacur) [RHEL-18360 RHEL-10079] - rtla/timerlat_aa: Fix previous IRQ delay for IRQs that happens after thread sample (John Kacur) [RHEL-18360 RHEL-10079] - rtla/timerlat_aa: Fix negative IRQ delay (John Kacur) [RHEL-18360 RHEL-10079] - rtla/timerlat_aa: Zero thread sum after every sample analysis (John Kacur) [RHEL-18360 RHEL-10079] - rtla/timerlat_hist: Add timerlat user-space support (John Kacur) [RHEL-18360 RHEL-10079] - rtla/timerlat_top: Add timerlat user-space support (John Kacur) [RHEL-18360 RHEL-10079] - rtla/hwnoise: Reduce runtime to 75% (John Kacur) [RHEL-18360 RHEL-10079] - rtla: Start the tracers after creating all instances (John Kacur) [RHEL-18360 RHEL-10079] - rtla/timerlat_hist: Add auto-analysis support (John Kacur) [RHEL-18360 RHEL-10079] - rtla/timerlat: Give timerlat auto analysis its own instance (John Kacur) [RHEL-18360 RHEL-10079] - rtla: Automatically move rtla to a house-keeping cpu (John Kacur) [RHEL-18360 RHEL-10079] - rtla: Change monitored_cpus from char * to cpu_set_t (John Kacur) [RHEL-18360 RHEL-10079] - rtla: Add --house-keeping option (John Kacur) [RHEL-18360 RHEL-10079] - rtla: Add -C cgroup support (John Kacur) [RHEL-18360 RHEL-10079] - ata: ahci: Add Intel Alder Lake-P AHCI controller to low power chipsets list (Tomas Henzl) [RHEL-19394 RHEL-10941] - fbcon: set_con2fb_map needs to set con2fb_map! (Jocelyn Falempe) [RHEL-1106 RHEL-1109 RHEL-12930 RHEL-13899] {CVE-2023-38409} - fbcon: Fix error paths in set_con2fb_map (Jocelyn Falempe) [RHEL-1106 RHEL-1109 RHEL-12930 RHEL-13899] {CVE-2023-38409} - net: tun: fix bugs for oversize packet when napi frags enabled (Ricardo Robaina) [RHEL-12495 RHEL-12496 RHEL-7186 RHEL-7264] {CVE-2023-3812} - netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR (Florian Westphal) [RHEL-10536 RHEL-10538 RHEL-10537 RHEL-10539] {CVE-2023-4015} - md: Put the right device in md_seq_next (Nigel Croxon) [RHEL-16363 RHEL-12455] - dpll: sanitize possible null pointer dereference in dpll_pin_parent_pin_set() (Michal Schmidt) [RHEL-19677 RHEL-19095] {CVE-2023-6679} - dpll: Fix potential msg memleak when genlmsg_put_reply failed (Michal Schmidt) [RHEL-19677 RHEL-19095] {CVE-2023-6679} - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (Bastien Nocera) [RHEL-19003 RHEL-2717] {CVE-2023-40283} - tcp: enforce receive buffer memory limits by allowing the tcp window to shrink (Felix Maurer) [RHEL-16129 RHEL-11592] - tcp: adjust rcv_ssthresh according to sk_reserved_mem (Felix Maurer) [RHEL-16129 RHEL-11592] - md: raid0: account for split bio in iostat accounting (Nigel Croxon) [RHEL-4082 RHEL-2718] - can: af_can: fix NULL pointer dereference in can_rcv_filter (Ricardo Robaina) [RHEL-19465 RHEL-19526 RHEL-6428 RHEL-7052] {CVE-2023-2166} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-2166 CVE-2023-5633 CVE-2023-3777 CVE-2023-6679 CVE-2023-46813 CVE-2023-4622 CVE-2023-4623 CVE-2023-40283 CVE-2023-42753 CVE-2022-3545 CVE-2023-2176 CVE-2023-3812 CVE-2023-5178 CVE-2023-4015 CVE-2022-41858 CVE-2023-38409 CVE-2022-36402 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [4.16.1.3-27] - TOCTOU race in checks for unsafe symlinks (CVE-2021-35937) - races with chown/chmod/capabilities calls during installation (CVE-2021-35938) - checks for unsafe symlinks are not performed for intermediary directories (CVE-2021-35939) MODERATE Copyright 2024 Oracle, Inc. CVE-2021-35937 CVE-2021-35939 CVE-2021-35938 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [1.26.5-3.0.1.1] - Security fix for CVE-2023-45803 Resolves: RHEL-16874 - Security fix for CVE-2023-43804 Resolves: RHEL-12001 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-45803 CVE-2023-43804 cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [3.34.1-7] - Fixes CVE-2023-7104 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-7104 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9:4:baseos_base cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [3.9.18-1.1] - Security fix for CVE-2023-27043 Resolves: RHEL-20613 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-27043 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [2.06-70.0.2.2] - search command: add flag to only search root dev - Resolves: #CVE-2023-4001 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-4001 cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [1:9.0.62-37.el9_3.1] - Resolves: #2235370 CVE-2023-41080 tomcat: Open Redirect vulnerability in FORM authentication - Resolves: #2243749 CVE-2023-45648 tomcat: incorrectly parsed http trailer headers can cause request smuggling - Resolves: #2243751 CVE-2023-42794 tomcat: FileUpload: DoS due to accumulation of temporary files on Windows - Resolves: #2243752 CVE-2023-42795 tomcat: improper cleaning of recycled objects could lead to information leak MODERATE Copyright 2024 Oracle, Inc. CVE-2023-45648 CVE-2023-41080 CVE-2023-42795 CVE-2023-42794 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [8.3.1-11.2] - Add patches for CVE-2023-47235, CVE-2023-47234, CVE-2023-38406, CVE-2023-38407 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-47235 CVE-2023-38407 CVE-2023-47234 CVE-2023-38406 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [3.7.6-23.3] - Fixes for CVE-2023-5981, CVE-2024-0553, CVE-2024-0567 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-0553 CVE-2024-0567 CVE-2023-5981 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [1.13.1-3.6] - Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer overflow in DisableDevice Resolves: RHEL-20389 - Fix CVE-2024-21885 tigervnc: xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent Resolves: RHEL-20383 - Fix CVE-2024-0229 tigervnc: xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access Resolves: RHEL-20533 - Fix CVE-2023-6816 tigervnc: xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer Resolves: RHEL-21213 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-21885 CVE-2023-6816 CVE-2024-21886 CVE-2024-0229 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [115.7.0-1.0.1] - Update to 115.7.0 build1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-0742 CVE-2024-0749 CVE-2024-0747 CVE-2024-0750 CVE-2024-0755 CVE-2024-0751 CVE-2024-0741 CVE-2024-0746 CVE-2024-0753 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [115.7.0.1.0.1] - Update to 115.7.0 build 1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-0747 CVE-2024-0746 CVE-2024-0751 CVE-2024-0742 CVE-2024-0755 CVE-2024-0741 CVE-2024-0753 CVE-2024-0750 CVE-2024-0749 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [4:1.1.12-1] - update to https://github.com/opencontainers/runc/releases/tag/v1.1.12 - Related: RHEL-2112 [4:1.1.11-1] - update to https://github.com/opencontainers/runc/releases/tag/v1.1.11 - Related: RHEL-2112 [4:1.1.10-3] - Rebuild for CVEs: CVE-2023-39321 CVE-2023-39322 CVE-2023-29409 - Related: Jira:RHEL-2792 - Related: Jira:RHEL-7454 [4:1.1.10-2] - require container-selinux >= 2.224.0 for dmz feature - Related: Jira:RHEL-2112 [4:1.1.10-1] - update to https://github.com/opencontainers/runc/releases/tag/v1.1.10 - Related: RHEL-2112 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-21626 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [2:2.99.8-4] - fix CVE-2023-44441 - fix CVE-2023-44442 - fix CVE-2023-44443 - fix CVE-2023-44444 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-44442 CVE-2023-44441 CVE-2023-44443 CVE-2023-44444 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [3.90.0-6] - Fix ecc DER wrapping. [3.90.0-5] - Pick up validated constant time implementations of p256, p384, and p521 from upsream - More Fips indicator changes MODERATE Copyright 2024 Oracle, Inc. CVE-2023-6135 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [7.0.116-1.0.1] - Update to .NET SDK 7.0.116 and Runtime 7.0.16 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-21404 CVE-2024-21386 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [6.0.127-1.0.1] - Update to .NET SDK 6.0.127 and Runtime 6.0.27 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-21404 CVE-2024-21386 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 8 Oracle Linux 9 RHEL 9.3.0.Z ERRATUM [1.9.5p2-10] - CVE-2023-28487 sudo: Sudo does not escape control characters in sudoreplay output Resolves: RHEL-21834 - CVE-2023-28486 sudo: Sudo does not escape control characters in log messages Resolves: RHEL-21828 - CVE-2023-42465 sudo: Targeted Corruption of Register and Stack Variables Resolves: RHEL-21821 RHEL 8.9.0.Z ERRATUM [1.9.5p2-1] - Rebase to 1.9.5p2 - CVE-2023-28486 sudo: Sudo does not escape control characters in log messages Resolves: RHEL-21825 - CVE-2023-28487 sudo: Sudo does not escape control characters in sudoreplay output Resolves: RHEL-21831 - CVE-2023-42465 sudo: Targeted Corruption of Register and Stack Variables Resolves: RHEL-21820 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-28487 CVE-2023-28486 CVE-2023-42465 cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:8:10:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ol8 cpe:/o:oracle:linux:8:9:baseos_patch cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ol8 cpe:/o:oracle:linux:9:4:baseos_base cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ol8 cpe:/a:oracle:linux:9:4:appstream_base cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ol8 cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 Oracle Linux 9 [8.0.102-2.0.1] - Update to .NET SDK 8.0.102 and Runtime 8.0.2 - Add -dbg subpackages for symbol files - Resolves: RHEL-23070 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-21386 CVE-2024-21404 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 pgaudit pg_repack postgres-decoderbufs postgresql [15.6-1] - update to 15.6 - Fixes CVE-2024-0985 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-0985 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [13.14-1.0.1] - Update to 13.14 - Fixes CVE-2024-0985 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-0985 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::distro_builder cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [115.8.0-1.0.1] - Update to 115.8.0 build 1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1548 CVE-2024-1550 CVE-2024-1552 CVE-2024-1549 CVE-2024-1553 CVE-2024-1546 CVE-2024-1547 CVE-2024-1551 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [115.8.0-1.0.1] - Add Oracle modifications [115.8.0-1] - Update to 115.8.0 build1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1549 CVE-2024-1552 CVE-2024-1548 CVE-2024-1553 CVE-2024-1546 CVE-2024-1550 CVE-2024-1547 CVE-2024-1551 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [0.23.0-4] - Fix CVE-2023-5992: Side-channel leaks while stripping encryption PKCS#1.5 padding MODERATE Copyright 2024 Oracle, Inc. CVE-2023-5992 cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9:4:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [1.16.2-3.1] - Fix DNSSEC validation vulnerabilities which can lead to DoS in trivially orchestrated attacks (CVE-2023-50387 and CVE-2023-50868) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-50868 CVE-2023-50387 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [20230524-4.el9_3.2] - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Pa.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Add-Unit-tests-to-CI-and-create-Host-Test.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Un.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Pa.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Un.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Patc.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Unit.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Patc.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Unit.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p2.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p3.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p4.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Adds-a-SecurityFix.yaml-file.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Re.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Dhcp6Dxe-Removes-duplicate-check-and-repl.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Dhcp6Dxe-Packet-Length-is-not-updated-bef.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Updating-SecurityFixes.yaml.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - Resolves: RHEL-21841 (CVE-2023-45229 edk2: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message [rhel-9]) - Resolves: RHEL-21843 (CVE-2023-45230 edk2: Buffer overflow in the DHCPv6 client via a long Server ID option [rhel-9]) - Resolves: RHEL-21845 (CVE-2023-45231 edk2: Out of Bounds read when handling a ND Redirect message with truncated options [rhel-9]) - Resolves: RHEL-21847 (CVE-2023-45232 edk2: Infinite loop when parsing unknown options in the Destination Options header [rhel-9]) - Resolves: RHEL-21849 (TRIAGE CVE-2023-45233 edk2: Infinite loop when parsing a PadN option in the Destination Options header [rhel-9]) - Resolves: RHEL-21851 (CVE-2023-45234 edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message [rhel-9]) - Resolves: RHEL-21853 (TRIAGE CVE-2023-45235 edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message [rhel-9]) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-45230 CVE-2023-45234 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [7.76.1-26.el9_3.3] - cap SFTP packet size sent (RHEL-14697) - lowercase the domain names before PSL checks (CVE-2023-46218) MODERATE Copyright 2024 Oracle, Inc. CVE-2023-46218 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [8.7p1-34.3] - Fix Terrapin attack (CVE-2023-48795) Resolves: RHEL-19764 - Forbid shell metasymbols in username/hostname (CVE-2023-51385) Resolves: RHEL-19822 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-48795 CVE-2023-51385 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [1.20.12-1] - Rebase to 1.20.12 - Fix CVE-2023-45285 CVE-2023-39326 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-39326 CVE-2023-45285 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1:9.0.62-37.el9_3.2] - Resolves: #2252050 HTTP request smuggling via malformed trailer headers (CVE-2023-46589) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-46589 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [7.3.0-13] - Backport fix for CVE-2023-3674 Resolves: RHEL-21013 LOW Copyright 2024 Oracle, Inc. CVE-2023-3674 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [8.0.36-1] - Update to MySQL 8.0.36 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-22048 CVE-2023-22092 CVE-2023-22097 CVE-2023-21962 CVE-2023-21929 CVE-2024-20969 CVE-2024-20983 CVE-2024-20962 CVE-2024-20974 CVE-2024-20981 CVE-2024-20968 CVE-2023-21935 CVE-2023-22064 CVE-2023-22115 CVE-2023-21955 CVE-2023-22056 CVE-2024-20960 CVE-2023-22053 CVE-2023-22068 CVE-2024-20964 CVE-2023-21911 CVE-2023-21946 CVE-2023-21972 CVE-2023-22005 CVE-2023-22038 CVE-2023-22070 CVE-2023-22110 CVE-2023-22111 CVE-2024-20971 CVE-2024-20972 CVE-2024-20973 CVE-2024-20982 CVE-2023-21947 CVE-2023-21980 CVE-2023-21982 CVE-2023-22054 CVE-2023-22078 CVE-2024-20984 CVE-2024-20985 CVE-2023-21920 CVE-2023-21933 CVE-2023-22008 CVE-2023-22033 CVE-2023-22065 CVE-2024-20977 CVE-2024-20978 CVE-2023-21953 CVE-2023-21940 CVE-2023-21966 CVE-2023-21976 CVE-2023-21977 CVE-2023-22066 CVE-2023-22079 CVE-2023-22103 CVE-2024-20961 CVE-2024-20965 CVE-2024-20966 CVE-2024-20967 CVE-2024-20976 CVE-2023-22007 CVE-2023-22059 CVE-2023-22113 CVE-2023-21919 CVE-2023-21945 CVE-2023-22032 CVE-2023-22046 CVE-2023-22058 CVE-2023-22084 CVE-2024-20963 CVE-2022-4899 CVE-2023-22057 CVE-2023-22104 CVE-2023-22112 CVE-2023-22114 CVE-2024-20970 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [2.4.22-3] - Reject '#' as part of URI path component (CVE-2023-45539, RHEL-18169) [2.4.22-2] - Reject any empty content-length header value (CVE-2023-40225, RHEL-7736) MODERATE Copyright 2024 Oracle, Inc. CVE-2023-40225 CVE-2023-45539 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [2.6-21.0.1] - rear: creates a world-readable initrd (CVE-2024-23301) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-23301 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [2:1.13.3-4] - Rebuild with golang 1.20.12: golang:net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326) MODERATE Copyright 2024 Oracle, Inc. CVE-2023-39326 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1.31.4-1.0.1] - update to https://github.com/containers/buildah/releases/tag/v1.31 - https://github.com/containers/buildah/commit/11bbf33 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-48795 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 Oracle Linux 9 [37.0.2-5.0.1] - Fix CVE-2023-49083: NULL-dereference when loading PKCS7 certificates [Orabug: 36143834] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-49083 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:8::appstream Oracle Linux 8 Oracle Linux 9 [36.0.1-4.0.1] - Fix CVE-2023-49083: NULL-dereference when loading PKCS7 certificates [Orabug: 36119159] [36.0.1-4] - Fix FTBFS caused by rsa_pkcs1_implicit_rejection OpenSSL feature, resolves rhbz#2203840 [36.0.1-3] - Fix CVE-2023-23931: Don't allow update_into to mutate immutable objects, resolves rhbz#2172399 - Fix FTBFS due to failing test_load_invalid_ec_key_from_pem and test_decrypt_invalid_decrypt IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-49083 cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ol8 cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ol8 cpe:/o:oracle:linux:8:9:baseos_patch cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ol8 cpe:/o:oracle:linux:9:4:baseos_base cpe:/a:oracle:exadata_dbserver:23.1.11.0.0::ol8 cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ol8 cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ol8 Oracle Linux 9 [1:3.0.7-25.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.7-25] - Provide relevant diagnostics when FIPS checksum is corrupted Resolves: RHEL-5317 - Don't limit using SHA1 in KDFs in non-FIPS mode. Resolves: RHEL-5295 - Provide empty evp_properties section in main OpenSSL configuration file Resolves: RHEL-11439 - Avoid implicit function declaration when building openssl Resolves: RHEL-1780 - Forbid explicit curves when created via EVP_PKEY_fromdata Resolves: RHEL-5304 - AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries (CVE-2023-2975) Resolves: RHEL-5302 - Excessive time spent checking DH keys and parameters (CVE-2023-3446) Resolves: RHEL-5306 - Excessive time spent checking DH q parameter value (CVE-2023-3817) Resolves: RHEL-5308 - Fix incorrect cipher key and IV length processing (CVE-2023-5363) Resolves: RHEL-13251 - Switch explicit FIPS indicator for RSA-OAEP to approved following clarification with CMVP Resolves: RHEL-14083 - Backport the check required by SP800-56Br2 6.4.1.2.1 (3.c) Resolves: RHEL-14083 - Add missing ECDH Public Key Check in FIPS mode Resolves: RHEL-15990 - Excessive time spent in DH check/generation with large Q parameter value (CVE-2023-5678) Resolves: RHEL-15954 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-5363 cpe:/a:oracle:linux:9::userspace_ksplice Oracle Linux 9 - [5.14.0-362.18.0.1_3.OL9] - nfp: fix use-after-free in area_cache_get() (Jialiang Wang) {CVE-2022-3545} - drivers: net: slip: fix NPD bug in sl_tx_timeout() (Duoming Zhou) {CVE-2022-41858} - can: af_can: fix NULL pointer dereference in can_rcv_filter (Oliver Hartkopp) {CVE-2023-2166} - RDMA/core: Fix resolve_prepare_src error cleanup (Patrisious Haddad) {CVE-2023-2176} - netfilter: nf_tables: skip bound chain on rule flush (Pablo Neira Ayuso} {CVE-2023-3777} - net: tun: fix bugs for oversize packet when napi frags enabled (Ziyang Xuan) {CVE-2023-3812} - netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR (Pablo Neira Ayuso) {CVE-2023-4015} - af_unix: Fix null-ptr-deref in unix_stream_sendpage(). (Kuniyuki Iwashima) {CVE-2023-4622} - nvmet-tcp: Fix a possible UAF in queue intialization setup (Sagi Grimberg) {CVE-2023-5178} - fbcon: set_con2fb_map needs to set con2fb_map! (Daniel Vetter) {CVE-2023-38409} - fbcon: Fix error paths in set_con2fb_map (Daniel Vetter) {CVE-2023-38409} - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (Sungwoo Kim) {CVE-2023-40283) - netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c (Kyle Zeng) {CVE-2023-42753} - x86/sev: Check IOBM for IOIO exceptions from user-space (Joerg Roedel) {CVE-2023-46813} - x86/sev: Disable MMIO emulation from user mode (Borislav Petkov) {CVE-2023-46813} - x86/sev: Check for user-space IOIO pointing to kernel space (Joerg Roedel) {CVE-2023-46813} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-40283 CVE-2023-4015 CVE-2023-3812 CVE-2023-5178 CVE-2022-3545 CVE-2023-2176 CVE-2023-3777 CVE-2022-41858 CVE-2023-2166 CVE-2023-4622 CVE-2023-42753 CVE-2023-46813 CVE-2023-38409 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [5.14.0-362.18.0.2] - net/sched: sch_hfsc: Ensure inner classes have fsc curve {CVE-2023-4623} - net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve {CVE-2023-4623} - dpll: core: Add DPLL framework base functions {CVE-2023-6679} - dpll: spec: Add Netlink spec in YAML {CVE-2023-6679} - dpll: netlink: Add DPLL framework base functions {CVE-2023-6679} - netdev: expose DPLL pin handle for netdevice {CVE-2023-6679} - netdev: Remove unneeded semicolon {CVE-2023-6679} - dpll: netlink/core: add support for pin-dpll signal phase offset/adjust {CVE-2023-6679} - dpll: netlink/core: change pin frequency set behavior {CVE-2023-6679} - dpll: Fix potential msg memleak when genlmsg_put_reply failed {CVE-2023-6679} - dpll: sanitize possible null pointer dereference in dpll_pin_parent_pin_set() {CVE-2023-6679} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-6679 CVE-2023-4623 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 8 Oracle Linux 9 [5.15.0-203.146.5.1] - Revert 'selftests/bpf: Test tail call counting with bpf2bpf and data on stack' (Samasth Norway Ananda) [Orabug: 36277693] - Revert 'tcp: fix excessive TLP and RACK timeouts from HZ rounding' (Sherry Yang) [Orabug: 36277684] [5.15.0-203.146.5] - i2c: core: Fix atomic xfer check for non-preempt config (Benjamin Bara) - keys, dns: Fix missing size check of V1 server-list header (Edward Adam Davis) - wifi: iwlwifi: pcie: don't synchronize IRQs from IRQ (Johannes Berg) - tracing/kprobes: Fix symbol counting logic by looking at modules as well (Andrii Nakryiko) [5.15.0-203.146.4] - rds: Handle pages in use when purging an RDS Message (Hakon Bugge) [Orabug: 36054361] - rds: ib: Consolidate per-cpu free list for siblings (Hakon Bugge) [Orabug: 35904643] - rds: ib: Make sure per-cpu recv cache structure is cache-line aligned (Hakon Bugge) [Orabug: 35904643] - sched/fair: Fix tg->load when offlining a CPU (Vincent Guittot) [Orabug: 36185206] [5.15.0-203.146.3] - thermal/of: Initialize trip points separately (Daniel Lezcano) [Orabug: 36178522] - thermal/of: Use thermal trips stored in the thermal zone (Daniel Lezcano) [Orabug: 36178522] - uek-container: strip symbols from vmlinux (Boris Ostrovsky) [Orabug: 36170888] - KSPLICE: make sure the stack is zeroed. (Gregory Herrero) [Orabug: 36155235] - nvme-tcp: don't access released socket during error recovery (Akinobu Mita) [Orabug: 36127728] - vhost-vdpa: fix use after free in vhost_vdpa_probe() (Dan Carpenter) [Orabug: 36072714] - vdpa_sim_blk: allocate the buffer zeroed (Stefano Garzarella) [Orabug: 36072714] - vdpa_sim: implement .reset_map support (Si-Wei Liu) [Orabug: 36072714] - vdpa/mlx5: implement .reset_map driver op (Si-Wei Liu) [Orabug: 36072714] - vhost-vdpa: clean iotlb map during reset for older userspace (Si-Wei Liu) [Orabug: 36072714] - vdpa: introduce .compat_reset operation callback (Si-Wei Liu) [Orabug: 36072714] - vhost-vdpa: introduce IOTLB_PERSIST backend feature bit (Si-Wei Liu) [Orabug: 36072714] - vhost-vdpa: reset vendor specific mapping to initial state in .release (Si-Wei Liu) [Orabug: 36072714] - vdpa: introduce .reset_map operation callback (Si-Wei Liu) [Orabug: 36072714] - vdpa: Update sysfs ABI documentation (Shawn.Shao) [Orabug: 36072714] - mlx5_vdpa: offer VHOST_BACKEND_F_ENABLE_AFTER_DRIVER_OK (Eugenio Perez) [Orabug: 36072714] - vdpa/mlx5: Update cvq iotlb mapping on ASID change (Dragos Tatulea) [Orabug: 36072714] - vdpa/mlx5: Make iotlb helper functions more generic (Dragos Tatulea) [Orabug: 36072714] - vdpa/mlx5: Enable hw support for vq descriptor mapping (Dragos Tatulea) [Orabug: 36072714] - vdpa/mlx5: Expose descriptor group mkey hw capability (Dragos Tatulea) [Orabug: 36072714] - vdpa/mlx5: Introduce mr for vq descriptor (Dragos Tatulea) [Orabug: 36072714] - vdpa/mlx5: Improve mr update flow (Dragos Tatulea) [Orabug: 36072714] - vdpa/mlx5: Move mr mutex out of mr struct (Dragos Tatulea) [Orabug: 36072714] - vdpa/mlx5: Allow creation/deletion of any given mr struct (Dragos Tatulea) [Orabug: 36072714] - vdpa/mlx5: Rename mr destroy functions (Dragos Tatulea) [Orabug: 36072714] - vdpa/mlx5: Collapse 'dvq' mr add/delete functions (Dragos Tatulea) [Orabug: 36072714] - vdpa/mlx5: Take cvq iotlb lock during refresh (Dragos Tatulea) [Orabug: 36072714] - vdpa/mlx5: Decouple cvq iotlb handling from hw mapping code (Dragos Tatulea) [Orabug: 36072714] - vdpa/mlx5: Create helper function for dma mappings (Dragos Tatulea) [Orabug: 36072714] - vhost-vdpa: uAPI to get dedicated descriptor group id (Si-Wei Liu) [Orabug: 36072714] - vhost-vdpa: introduce descriptor group backend feature (Si-Wei Liu) [Orabug: 36072714] - vdpa: introduce dedicated descriptor group for virtqueue (Si-Wei Liu) [Orabug: 36072714] - vdpa/mlx5: Fix firmware error on creation of 1k VQs (Dragos Tatulea) [Orabug: 36072714] - vdpa/mlx5: Fix double release of debugfs entry (Dragos Tatulea) [Orabug: 36072714] - vdpa_sim: offer VHOST_BACKEND_F_ENABLE_AFTER_DRIVER_OK (Eugenio Perez) [Orabug: 36072714] - vdpa: add get_backend_features vdpa operation (Eugenio Perez) [Orabug: 36072714] - vdpa: accept VHOST_BACKEND_F_ENABLE_AFTER_DRIVER_OK backend feature (Eugenio Perez) [Orabug: 36072714] - vdpa: add VHOST_BACKEND_F_ENABLE_AFTER_DRIVER_OK flag (Eugenio Perez) [Orabug: 36072714] - vdpa/mlx5: Remove unused function declarations (Yue Haibing) [Orabug: 36072714] - vdpa/mlx5: Delete control vq iotlb in destroy_mr only when necessary (Eugenio Perez) [Orabug: 36072714] - vdpa/mlx5: Fix mr->initialized semantics (Dragos Tatulea) [Orabug: 36072714] - vdpa/mlx5: Correct default number of queues when MQ is on (Dragos Tatulea) [Orabug: 36072714] - virtio-vdpa: Fix cpumask memory leak in virtio_vdpa_find_vqs() (Gal Pressman) [Orabug: 36072714] - vdpa: Enable strict validation for netlinks ops (Dragos Tatulea) [Orabug: 36072714] - vdpa: Add max vqp attr to vdpa_nl_policy for nlattr length check (Lin Ma) [Orabug: 36072714] - vdpa: Add queue index attr to vdpa_nl_policy for nlattr length check (Lin Ma) [Orabug: 36072714] - vdpa: Add features attr to vdpa_nl_policy for nlattr length check (Lin Ma) [Orabug: 36072714] - virtio-vdpa: Fix unchecked call to NULL set_vq_affinity (Dragos Tatulea) [Orabug: 36072714] - vhost_vdpa: tell vqs about the negotiated (Shannon Nelson) [Orabug: 36072714] - vdpa/mlx5: Fix hang when cvq commands are triggered during device unregister (Dragos Tatulea) [Orabug: 36072714] - vhost: use kzalloc() instead of kmalloc() followed by memset() (Prathu Baronia) [Orabug: 36072714] - vhost_vdpa: fix unmap process in no-batch mode (Cindy Lu) [Orabug: 36072714] - vdpa_sim: move buffer allocation in the devices (Stefano Garzarella) [Orabug: 36072714] - vdpa_sim_blk: add support for discard and write-zeroes (Stefano Garzarella) [Orabug: 36072714] - vdpa_sim_blk: use dev_dbg() to print errors (Stefano Garzarella) [Orabug: 36072714] - vringh: address kdoc warnings (Simon Horman) [Orabug: 36072714] - vdpa: address kdoc warnings (Simon Horman) [Orabug: 36072714] - vdpa_sim: add support for user VA (Stefano Garzarella) [Orabug: 36072714] - vdpa_sim: replace the spinlock with a mutex to protect the state (Stefano Garzarella) [Orabug: 36072714] - vdpa_sim: use kthread worker (Stefano Garzarella) [Orabug: 36072714] - vdpa_sim: make devices agnostic for work management (Stefano Garzarella) [Orabug: 36072714] - vringh: support VA with iotlb (Stefano Garzarella) [Orabug: 36072714] - fix 'direction' argument of iov_iter_{init,bvec}() (Al Viro) [Orabug: 36072714] - vringh: define the stride used for translation (Stefano Garzarella) [Orabug: 36072714] - vringh: replace kmap_atomic() with kmap_local_page() (Stefano Garzarella) [Orabug: 36072714] - vhost-vdpa: use bind_mm/unbind_mm device callbacks (Stefano Garzarella) [Orabug: 36072714] - vdpa: add bind_mm/unbind_mm callbacks (Stefano Garzarella) [Orabug: 36072714] - vringh: fix typos in the vringh_init_* documentation (Stefano Garzarella) [Orabug: 36072714] - virtio-vdpa: Support interrupt affinity spreading mechanism (Xie Yongji) [Orabug: 36072714] - vdpa: Add set/get_vq_affinity callbacks in vdpa_config_ops (Xie Yongji) [Orabug: 36072714] - vdpa/mlx5: Avoid losing link state updates (Eli Cohen) [Orabug: 36072714] - vdpa_sim_net: complete the initialization before register the device (Stefano Garzarella) [Orabug: 36072714] - vdpa/mlx5: Add and remove debugfs in setup/teardown driver (Eli Cohen) [Orabug: 36072714] - vdpa/mlx5: Add RX counters to debugfs (Eli Cohen) [Orabug: 36072714] - vdpa/mlx5: Add debugfs subtree (Eli Cohen) [Orabug: 36072714] - rds: Remove RDS FMR Code (William Kucharski) [Orabug: 35445338] [5.15.0-203.146.2] - LTS version: v5.15.146 (Vijayendra Suman) - bpf: Fix prog_array_map_poke_run map poke update (Jiri Olsa) - device property: Allow const parameter to dev_fwnode() (Andy Shevchenko) - dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata() (Mikulas Patocka) - ring-buffer: Fix slowpath of interrupted event (Steven Rostedt (Google)) - netfilter: nf_tables: skip set commit for deleted/destroyed sets (Pablo Neira Ayuso) - ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() (Namjae Jeon) - ring-buffer: Remove useless update to write_stamp in rb_try_to_discard() (Steven Rostedt (Google)) - tracing: Fix blocked reader of snapshot buffer (Steven Rostedt (Google)) - ring-buffer: Fix wake ups when buffer_percent is set to 100 (Steven Rostedt (Google)) - mm/filemap: avoid buffered read/write race to read inconsistent data (Baokun Li) - Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg (Hyunwoo Kim) - smb: client: fix OOB in smbCalcSize() (Paulo Alcantara) - smb: client: fix OOB in SMB2_query_info_init() (Paulo Alcantara) - iio: imu: adis16475: add spi_device_id table (Nuno Sa) - spi: Introduce spi_get_device_match_data() helper (Andy Shevchenko) - device property: Add const qualifier to device_get_match_data() parameter (Andy Shevchenko) - net: usb: ax88179_178a: avoid failed operations when device is disconnected (Jose Ignacio Tornos Martinez) - net: usb: ax88179_178a: wol optimizations (Justin Chen) - net: usb: ax88179_178a: clean up pm calls (Justin Chen) - usb: fotg210-hcd: delete an incorrect bounds test (Dan Carpenter) - ARM: dts: Fix occasional boot hang for am3 usb (Tony Lindgren) - ksmbd: fix wrong allocation size update in smb2_open() (Namjae Jeon) - ksmbd: avoid duplicate opinfo_put() call on error of smb21_lease_break_ack() (Namjae Jeon) - ksmbd: lazy v2 lease break on smb2_write() (Namjae Jeon) - ksmbd: send v2 lease break notification for directory (Namjae Jeon) - ksmbd: downgrade RWH lease caching state to RH for directory (Namjae Jeon) - ksmbd: set v2 lease capability (Namjae Jeon) - ksmbd: set epoch in create context v2 lease (Namjae Jeon) - ksmbd: have a dependency on cifs ARC4 (Namjae Jeon) - fuse: share lookup state between submount and its parent (Krister Johansen) - x86/alternatives: Sync core before enabling interrupts (Thomas Gleixner) - KVM: arm64: vgic: Force vcpu vgic teardown on vcpu destroy (Marc Zyngier) - lib/vsprintf: Fix %pfwf when current node refcount == 0 (Herve Codina) - gpio: dwapb: mask/unmask IRQ when disable/enale it (xiongxin) - bus: ti-sysc: Flush posted write only after srst_udelay (Tony Lindgren) - tracing / synthetic: Disable events after testing in synth_event_gen_test_init() (Steven Rostedt (Google)) - scsi: core: Always send batch on reset or error handling command (Alexander Atanasov) - dt-bindings: nvmem: mxs-ocotp: Document fsl,ocotp (Fabio Estevam) - net: ks8851: Fix TX stall caused by TX buffer overrun (Ronald Wahl) - net: rfkill: gpio: set GPIO direction (Rouven Czerwinski) - net: 9p: avoid freeing uninit memory in p9pdu_vreadf (Fedor Pchelkin) - Input: soc_button_array - add mapping for airplane mode button (Christoffer Sandberg) - Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE (Xiao Yao) - Bluetooth: L2CAP: Send reject on command corrupted request (Frederic Danis) - Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent (Luiz Augusto von Dentz) - USB: serial: option: add Quectel RM500Q R13 firmware support (Reinhard Speyerer) - USB: serial: option: add Foxconn T99W265 with new baseline (Slark Xiao) - USB: serial: option: add Quectel EG912Y module support (Alper Ak) - USB: serial: ftdi_sio: update Actisense PIDs constant names (Mark Glover) - wifi: cfg80211: fix certs build to not depend on file order (Johannes Berg) - wifi: cfg80211: Add my certificate (Chen-Yu Tsai) - ALSA: usb-audio: Increase delay in MOTU M quirk (Jeremie Knuesel) - iio: triggered-buffer: prevent possible freeing of wrong buffer (David Lechner) - iio: adc: ti_am335x_adc: Fix return value check of tiadc_request_dma() (Wadim Egorov) - iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table (Javier Carrasco) - scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() (Wei Yongjun) - Input: ipaq-micro-keys - add error handling for devm_kmemdup (Haoran Liu) - iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw (Su Hui) - interconnect: Treat xlate() returning NULL node as an error (Mike Tipton) - smb: client: fix OOB in smb2_query_reparse_point() (Paulo Alcantara) - smb: client: fix NULL deref in asn1_ber_decoder() (Paulo Alcantara) - drm/i915: Fix intel_atomic_setup_scalers() plane_state handling (Ville Syrjala) - drm/i915: Relocate intel_atomic_setup_scalers() (Ville Syrjala) - drm/i915/mtl: limit second scaler vertical scaling in ver >= 14 (Luca Coelho) - ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE (Namjae Jeon) - gpiolib: cdev: add gpio_device locking wrapper around gpio_ioctl() (Kent Gibson) - pinctrl: at91-pio4: use dedicated lock class for IRQ (Alexis Lothore) - i2c: aspeed: Handle the coalesced stop conditions with the start conditions. (Quan Nguyen) - ASoC: hdmi-codec: fix missing report for jack initial status (Jerome Brunet) - afs: Fix use-after-free due to get/remove race in volume tree (David Howells) - afs: Use refcount_t rather than atomic_t (David Howells) - afs: Fix overwriting of result of DNS query (David Howells) - keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry (David Howells) - net: check dev->gso_max_size in gso_features_check() (Eric Dumazet) - afs: Fix dynamic root lookup DNS check (David Howells) - afs: Fix the dynamic root's d_delete to always delete unused dentries (David Howells) - net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev() (Liu Jian) - net: mana: select PAGE_POOL (Yury Norov) - net/rose: fix races in rose_kill_by_device() (Eric Dumazet) - ethernet: atheros: fix a memleak in atl1e_setup_ring_resources (Zhipeng Lu) - net: sched: ife: fix potential use-after-free (Eric Dumazet) - net/mlx5e: Correct snprintf truncation handling for fw_version buffer used by representors (Rahul Rameshbabu) - net/mlx5: Fix fw tracer first block check (Moshe Shemesh) - net/mlx5e: fix a potential double-free in fs_udp_create_groups (Dinghao Liu) - net/mlx5e: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list() (Shifeng Li) - Revert 'net/mlx5e: fix double free of encap_header' (Vlad Buslov) - Revert 'net/mlx5e: fix double free of encap_header in update funcs' (Vlad Buslov) - wifi: mac80211: mesh_plink: fix matches_local logic (Johannes Berg) - wifi: iwlwifi: pcie: add another missing bh-disable for rxq->lock (Johannes Berg) - s390/vx: fix save/restore of fpu kernel context (Heiko Carstens) - reset: Fix crash when freeing non-existent optional resets (Geert Uytterhoeven) - ARM: OMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init (Kunwu Chan) - LTS version: v5.15.145 (Vijayendra Suman) - kasan: disable kasan_non_canonical_hook() for HW tags (Arnd Bergmann) - tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols (Francis Laniel) - Revert 'drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers' (Amit Pundir) - Revert 'drm/bridge: lt9611uxc: Register and attach our DSI device at probe' (Amit Pundir) - Revert 'drm/bridge: lt9611uxc: fix the race in the error path' (Amit Pundir) - ksmbd: don't update ->op_state as OPLOCK_STATE_NONE on error (Namjae Jeon) - ksmbd: move setting SMB2_FLAGS_ASYNC_COMMAND and AsyncId (Namjae Jeon) - ksmbd: release interim response after sending status pending response (Namjae Jeon) - ksmbd: move oplock handling after unlock parent dir (Namjae Jeon) - ksmbd: separately allocate ci per dentry (Namjae Jeon) - ksmbd: fix possible deadlock in smb2_open (Namjae Jeon) - ksmbd: prevent memory leak on error return (Zongmin Zhou) - ksmbd: handle malformed smb1 message (Namjae Jeon) - ksmbd: fix kernel-doc comment of ksmbd_vfs_kern_path_locked() (Namjae Jeon) - ksmbd: no need to wait for binded connection termination at logoff (Namjae Jeon) - ksmbd: add support for surrogate pair conversion (Namjae Jeon) - ksmbd: fix missing RDMA-capable flag for IPoIB device in ksmbd_rdma_capable_netdev() (Kangjing Huang) - ksmbd: fix recursive locking in vfs helpers (Marios Makassikis) - ksmbd: fix kernel-doc comment of ksmbd_vfs_setxattr() (Namjae Jeon) - ksmbd: reorganize ksmbd_iov_pin_rsp() (Namjae Jeon) - ksmbd: Remove unused field in ksmbd_user struct (Cheng-Han Wu) - ksmbd: fix potential double free on smb2_read_pipe() error path (Namjae Jeon) - ksmbd: fix Null pointer dereferences in ksmbd_update_fstate() (Namjae Jeon) - ksmbd: fix wrong error response status by using set_smb2_rsp_status() (Namjae Jeon) - ksmbd: fix race condition between tree conn lookup and disconnect (Namjae Jeon) - ksmbd: fix race condition from parallel smb2 lock requests (Namjae Jeon) - ksmbd: fix race condition from parallel smb2 logoff requests (Namjae Jeon) - ksmbd: fix race condition with fp (Namjae Jeon) - ksmbd: fix race condition between session lookup and expire (Namjae Jeon) - ksmbd: check iov vector index in ksmbd_conn_write() (Namjae Jeon) - ksmbd: return invalid parameter error response if smb2 request is invalid (Namjae Jeon) - ksmbd: fix passing freed memory 'aux_payload_buf' (Namjae Jeon) - ksmbd: remove unneeded mark_inode_dirty in set_info_sec() (Namjae Jeon) - ksmbd: remove experimental warning (Steve French) - ksmbd: add missing calling smb2_set_err_rsp() on error (Namjae Jeon) - ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob() (Namjae Jeon) - ksmbd: Fix one kernel-doc comment (Yang Li) - ksmbd: reduce descriptor size if remaining bytes is less than request size (Namjae Jeon) - ksmbd: fix force create mode' and force directory mode' (Atte Heikkila) - ksmbd: fix wrong interim response on compound (Namjae Jeon) - ksmbd: add support for read compound (Namjae Jeon) - ksmbd: switch to use kmemdup_nul() helper (Yang Yingliang) - ksmbd: fix out of bounds in init_smb2_rsp_hdr() (Namjae Jeon) - ksmbd: validate session id and tree id in compound request (Namjae Jeon) - ksmbd: check if a mount point is crossed during path lookup (Namjae Jeon) - ksmbd: Fix unsigned expression compared with zero (Wang Ming) - ksmbd: Replace one-element array with flexible-array member (Gustavo A. R. Silva) - ksmbd: Use struct_size() helper in ksmbd_negotiate_smb_dialect() (Gustavo A. R. Silva) - ksmbd: add missing compound request handing in some commands (Namjae Jeon) - ksmbd: fix out of bounds read in smb2_sess_setup (Namjae Jeon) - ksmbd: Replace the ternary conditional operator with min() (Lu Hongfei) - ksmbd: use kvzalloc instead of kvmalloc (Namjae Jeon) - ksmbd: Change the return value of ksmbd_vfs_query_maximal_access to void (Lu Hongfei) - ksmbd: return a literal instead of 'err' in ksmbd_vfs_kern_path_locked() (Namjae Jeon) - ksmbd: use kzalloc() instead of __GFP_ZERO (Namjae Jeon) - ksmbd: remove unused ksmbd_tree_conn_share function (Namjae Jeon) - ksmbd: add mnt_want_write to ksmbd vfs functions (Namjae Jeon) - ksmbd: validate smb request protocol id (Namjae Jeon) - ksmbd: check the validation of pdu_size in ksmbd_conn_handler_loop (Namjae Jeon) - ksmbd: fix posix_acls and acls dereferencing possible ERR_PTR() (Namjae Jeon) - ksmbd: fix out-of-bound read in parse_lease_state() (Namjae Jeon) - ksmbd: fix out-of-bound read in deassemble_neg_contexts() (Namjae Jeon) - ksmbd: call putname after using the last component (Namjae Jeon) - ksmbd: fix UAF issue from opinfo->conn (Namjae Jeon) - ksmbd: fix multiple out-of-bounds read during context decoding (Kuan-Ting Chen) - ksmbd: fix uninitialized pointer read in smb2_create_link() (Namjae Jeon) - ksmbd: fix uninitialized pointer read in ksmbd_vfs_rename() (Namjae Jeon) - ksmbd: fix racy issue under cocurrent smb2 tree disconnect (Namjae Jeon) - ksmbd: fix racy issue from smb2 close and logoff with multichannel (Namjae Jeon) - ksmbd: block asynchronous requests when making a delay on session setup (Namjae Jeon) - ksmbd: destroy expired sessions (Namjae Jeon) - ksmbd: fix racy issue from session setup and logoff (Namjae Jeon) - ksmbd: fix racy issue from using ->d_parent and ->d_name (Namjae Jeon) - fs: introduce lock_rename_child() helper (Al Viro) - ksmbd: remove unused compression negotiate ctx packing (David Disseldorp) - ksmbd: avoid duplicate negotiate ctx offset increments (David Disseldorp) - ksmbd: set NegotiateContextCount once instead of every inc (David Disseldorp) - ksmbd: avoid out of bounds access in decode_preauth_ctxt() (David Disseldorp) - ksmbd: fix slab-out-of-bounds in init_smb2_rsp_hdr (Namjae Jeon) - ksmbd: delete asynchronous work from list (Namjae Jeon) - ksmbd: remove unused is_char_allowed function (Tom Rix) - ksmbd: fix wrong signingkey creation when encryption is AES256 (Namjae Jeon) - ksmbd: fix possible memory leak in smb2_lock() (Hangyu Hua) - ksmbd: Fix parameter name and comment mismatch (Jiapeng Chong) - ksmbd: Fix spelling mistake 'excceed' -> 'exceeded' (Colin Ian King) - ksmbd: update Kconfig to note Kerberos support and fix indentation (Steve French) - ksmbd: Remove duplicated codes (Dawei Li) - ksmbd: fix typo, syncronous->synchronous (Dawei Li) - ksmbd: Implements sess->rpc_handle_list as xarray (Dawei Li) - ksmbd: Implements sess->ksmbd_chann_list as xarray (Dawei Li) - ksmbd: send proper error response in smb2_tree_connect() (Marios Makassikis) - ksmbd: Convert to use sysfs_emit()/sysfs_emit_at() APIs (ye xingchen) - ksmbd: Fix resource leak in smb2_lock() (Marios Makassikis) - ksmbd: use F_SETLK when unlocking a file (Jeff Layton) - ksmbd: set SMB2_SESSION_FLAG_ENCRYPT_DATA when enforcing data encryption for this share (Namjae Jeon) - ksmbd: replace one-element arrays with flexible-array members (Gustavo A. R. Silva) - ksmbd: validate share name from share config response (Atte Heikkila) - ksmbd: call ib_drain_qp when disconnected (Namjae Jeon) - ksmbd: make utf-8 file name comparison work in __caseless_lookup() (Atte Heikkila) - ksmbd: hide socket error message when ipv6 config is disable (Namjae Jeon) - ksmbd: reduce server smbdirect max send/receive segment sizes (Tom Talpey) - ksmbd: decrease the number of SMB3 smbdirect server SGEs (Tom Talpey) - ksmbd: set NTLMSSP_NEGOTIATE_SEAL flag to challenge blob (Namjae Jeon) - ksmbd: fix encryption failure issue for session logoff response (Namjae Jeon) - ksmbd: fill sids in SMB_FIND_FILE_POSIX_INFO response (Namjae Jeon) - ksmbd: set file permission mode to match Samba server posix extension behavior (Namjae Jeon) - ksmbd: change security id to the one samba used for posix extension (Namjae Jeon) - ksmbd: casefold utf-8 share names and fix ascii lowercase conversion (Atte Heikkila) - ksmbd: remove generic_fillattr use in smb2_open() (Namjae Jeon) - ksmbd: constify struct path (Al Viro) - ksmbd: don't open-code %pD (Al Viro) - ksmbd: don't open-code file_path() (Al Viro) - ksmbd: remove unnecessary generic_fillattr in smb2_open (Hyunchul Lee) - ksmbd: request update to stale share config (Atte Heikkila) - ksmbd: use wait_event instead of schedule_timeout() (Namjae Jeon) - ksmbd: remove unused ksmbd_share_configs_cleanup function (Namjae Jeon) - ksmbd: remove duplicate flag set in smb2_write (Hyunchul Lee) - ksmbd: smbd: Remove useless license text when SPDX-License-Identifier is already used (Christophe JAILLET) - ksmbd: smbd: relax the count of sges required (Hyunchul Lee) - ksmbd: smbd: fix connection dropped issue (Hyunchul Lee) - ksmbd: Fix some kernel-doc comments (Yang Li) - ksmbd: fix wrong smbd max read/write size check (Namjae Jeon) - ksmbd: smbd: handle multiple Buffer descriptors (Hyunchul Lee) - ksmbd: smbd: change the return value of get_sg_list (Hyunchul Lee) - ksmbd: smbd: simplify tracking pending packets (Hyunchul Lee) - ksmbd: smbd: introduce read/write credits for RDMA read/write (Hyunchul Lee) - ksmbd: smbd: change prototypes of RDMA read/write related functions (Hyunchul Lee) - ksmbd: validate length in smb2_write() (Namjae Jeon) - ksmbd: remove filename in ksmbd_file (Namjae Jeon) - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common (Steve French) - ksmbd: replace usage of found with dedicated list iterator variable (Jakob Koschel) - ksmbd: Remove a redundant zeroing of memory (Christophe JAILLET) - ksmbd: shorten experimental warning on loading the module (Steve French) - ksmbd: store fids as opaque u64 integers (Paulo Alcantara (SUSE)) - ksmbd: use netif_is_bridge_port (Tobias Klauser) - ksmbd: add support for key exchange (Namjae Jeon) - ksmbd: smbd: validate buffer descriptor structures (Hyunchul Lee) - ksmbd: smbd: fix missing client's memory region invalidation (Hyunchul Lee) - ksmbd: add smb-direct shutdown (Namjae Jeon) - ksmbd: smbd: change the default maximum read/write, receive size (Hyunchul Lee) - ksmbd: smbd: create MR pool (Hyunchul Lee) - ksmbd: smbd: call rdma_accept() under CM handler (Hyunchul Lee) - ksmbd: set 445 port to smbdirect port by default (Namjae Jeon) - ksmbd: register ksmbd ib client with ib_register_client() (Hyunchul Lee) - ksmbd: Fix smb2_get_name() kernel-doc comment (Yang Li) - ksmbd: Delete an invalid argument description in smb2_populate_readdir_entry() (Yang Li) - ksmbd: Fix smb2_set_info_file() kernel-doc comment (Yang Li) - ksmbd: Fix buffer_check_err() kernel-doc comment (Yang Li) - ksmbd: set both ipv4 and ipv6 in FSCTL_QUERY_NETWORK_INTERFACE_INFO (Namjae Jeon) - ksmbd: Remove unused fields from ksmbd_file struct definition (Marios Makassikis) - ksmbd: Remove unused parameter from smb2_get_name() (Marios Makassikis) - ksmbd: use oid registry functions to decode OIDs (Hyunchul Lee) - ksmbd: change LeaseKey data type to u8 array (Namjae Jeon) - ksmbd: remove smb2_buf_length in smb2_transform_hdr (Namjae Jeon) - ksmbd: remove smb2_buf_length in smb2_hdr (Namjae Jeon) - ksmbd: remove md4 leftovers (Namjae Jeon) - ksmbd: Remove redundant 'flush_workqueue()' calls (Christophe JAILLET) - ksmdb: use cmd helper variable in smb2_get_ksmbd_tcon() (Ralph Boehme) - LTS version: v5.15.144 (Vijayendra Suman) - r8152: fix the autosuspend doesn't work (Hayes Wang) - r8152: remove rtl_vendor_mode function (Hayes Wang) - r8152: avoid to change cfg for all devices (Hayes Wang) - powerpc/ftrace: Fix stack teardown in ftrace_no_trace (Naveen N Rao) - powerpc/ftrace: Create a dummy stackframe to fix stack unwind (Naveen N Rao) - RDMA/irdma: Prevent zero-length STAG registration (Christopher Bednarz) [Orabug: 36155612] {CVE-2023-25775} - USB: gadget: core: adjust uevent timing on gadget unbind (Roy Luo) - ring-buffer: Do not try to put back write_stamp (Steven Rostedt (Google)) - ring-buffer: Fix a race in rb_time_cmpxchg() for 32 bit archs (Steven Rostedt (Google)) - ring-buffer: Fix writing to the buffer with max_data_size (Steven Rostedt (Google)) - ring-buffer: Have saved event hold the entire event (Steven Rostedt (Google)) - ring-buffer: Do not update before stamp when switching sub-buffers (Steven Rostedt (Google)) - tracing: Update snapshot buffer on resize if it is allocated (Steven Rostedt (Google)) - ring-buffer: Fix memory leak of free page (Steven Rostedt (Google)) - drm/amdgpu/sdma5.2: add begin/end_use ring callbacks (Alex Deucher) - team: Fix use-after-free when an option instance allocation fails (Florent Revest) - arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify (James Houghton) - ext4: prevent the normalized size from exceeding EXT_MAX_BLOCKS (Baokun Li) - soundwire: stream: fix NULL pointer dereference for multi_link (Krzysztof Kozlowski) - btrfs: do not allow non subvolume root targets for snapshot (Josef Bacik) - HID: hid-asus: add const to read-only outgoing usb buffer (Denis Benato) - net: usb: qmi_wwan: claim interface 4 for ZTE MF290 (Lech Perczak) - asm-generic: qspinlock: fix queued_spin_value_unlocked() implementation (Linus Torvalds) - HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad (Aoba K) - HID: hid-asus: reset the backlight brightness level on resume (Denis Benato) - HID: add ALWAYS_POLL quirk for Apple kb (Oliver Neukum) - HID: glorious: fix Glorious Model I HID report (Brett Raye) - platform/x86: intel_telemetry: Fix kernel doc descriptions (Andy Shevchenko) - bcache: avoid NULL checking to c->root in run_cache_set() (Coly Li) - bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() (Coly Li) - bcache: remove redundant assignment to variable cur_idx (Colin Ian King) - bcache: avoid oversize memory allocation by small stripe_size (Coly Li) - blk-cgroup: bypass blkcg_deactivate_policy after destroying (Ming Lei) - blk-throttle: fix lockdep warning of 'cgroup_mutex or RCU read lock required!' (Ming Lei) - stmmac: dwmac-loongson: Add architecture dependency (Jean Delvare) - usb: aqc111: check packet for fixup for true limit (Oliver Neukum) - drm/mediatek: Add spinlock for setting vblank event in atomic_begin (Jason-JH.Lin) - PCI: loongson: Limit MRRS to 256 (Jiaxun Yang) - ALSA: hda/realtek: Apply mute LED quirk for HP15-db (Hartmut Knaack) - ALSA: hda/hdmi: add force-connect quirks for ASUSTeK Z170 variants (Kai Vehmanen) - ALSA: hda/hdmi: add force-connect quirk for NUC5CPYB (Kai Vehmanen) - fuse: dax: set fc->dax to NULL in fuse_dax_conn_free() (Hangyu Hua) - net: atlantic: fix double free in ring reinit logic (Igor Russkikh) - appletalk: Fix Use-After-Free in atalk_ioctl (Hyunwoo Kim) - net: stmmac: Handle disabled MDIO busses from devicetree (Andrew Halaney) - net: stmmac: use dev_err_probe() for reporting mdio bus registration failure (Rasmus Villemoes) - dpaa2-switch: fix size of the dma_unmap (Ioana Ciornei) - vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space() (Nikolay Kuratov) - sign-file: Fix incorrect return values check (Yusong Gao) - stmmac: dwmac-loongson: Make sure MDIO is initialized before use (Yanteng Si) - net: ena: Fix XDP redirection error (David Arinzon) - net: ena: Fix xdp drops handling due to multibuf packets (David Arinzon) - net: ena: Destroy correct number of xdp queues upon failure (David Arinzon) - net: Remove acked SYN flag from packet in the transmit queue correctly (Dong Chenchen) - qed: Fix a potential use-after-free in qed_cxt_tables_alloc (Dinghao Liu) - net/rose: Fix Use-After-Free in rose_ioctl (Hyunwoo Kim) - atm: Fix Use-After-Free in do_vcc_ioctl (Hyunwoo Kim) - octeontx2-af: Update RSS algorithm index (Hariprasad Kelam) - octeontx2-pf: Fix promisc mcam entry action (Hariprasad Kelam) - octeontx2-af: fix a use-after-free in rvu_nix_register_reporters (Zhipeng Lu) - net: fec: correct queue selection (Radu Bulie) - net: vlan: introduce skb_vlan_eth_hdr() (Vladimir Oltean) - atm: solos-pci: Fix potential deadlock on &tx_queue_lock (Chengfeng Ye) - atm: solos-pci: Fix potential deadlock on &cli_queue_lock (Chengfeng Ye) - qca_spi: Fix reset behavior (Stefan Wahren) - qca_debug: Fix ethtool -G iface tx behavior (Stefan Wahren) - qca_debug: Prevent crash on TX ring changes (Stefan Wahren) - HID: lenovo: Restrict detection of patched firmware only to USB cptkbd (Mikhail Khvainitski) - afs: Fix refcount underflow from error handling race (David Howells) - ksmbd: fix memory leak in smb2_lock() (Zizhi Wo) - MIPS: Loongson64: Handle more memory types passed from firmware (Jiaxun Yang) - memblock: allow to specify flags with memblock_add_node() (David Hildenbrand) - mm/memory_hotplug: handle memblock_add_node() failures in add_memory_resource() (David Hildenbrand) - netfilter: nf_tables: fix 'exist' matching on bigendian arches (Florian Westphal) - r8152: add vendor/device ID pair for ASUS USB-C2500 (Kelly Kane) - r8152: add vendor/device ID pair for D-Link DUB-E250 (Antonio Napolitano) - r8152: add USB device driver for config selection (Bjorn Mork) - LTS version: v5.15.143 (Jack Vogel) - devcoredump: Send uevent once devcd is ready (Mukesh Ojha) - devcoredump : Serialize devcd_del work (Mukesh Ojha) - smb: client: fix potential NULL deref in parse_dfs_referrals() (Paulo Alcantara) - cifs: Fix non-availability of dedup breaking generic/304 (David Howells) - Revert 'btrfs: add dmesg output for first mount and last unmount of a filesystem' (Greg Kroah-Hartman) - MIPS: Loongson64: Enable DMA noncoherent support (Jiaxun Yang) - MIPS: Loongson64: Reserve vgabios memory on boot (Jiaxun Yang) - KVM: SVM: Update EFER software model on CR0 trap for SEV-ES (Sean Christopherson) - KVM: s390/mm: Properly reset no-dat (Claudio Imbrenda) - x86/CPU/AMD: Check vendor in the AMD microcode callback (Borislav Petkov (AMD)) - serial: 8250_omap: Add earlycon support for the AM654 UART controller (Ronald Wahl) - serial: 8250: 8250_omap: Do not start RX DMA on THRI interrupt (Ronald Wahl) - serial: 8250: 8250_omap: Clear UART_HAS_RHR_IT_DIS bit (Ronald Wahl) - serial: sc16is7xx: address RX timeout interrupt errata (Daniel Mack) - ARM: PL011: Fix DMA support (Arnd Bergmann) - usb: typec: class: fix typec_altmode_put_partner to put plugs (RD Babiera) - Revert 'xhci: Loosen RPM as default policy to cover for AMD xHC 1.1' (Mathias Nyman) - parport: Add support for Brainboxes IX/UC/PX parallel cards (Cameron Williams) - usb: gadget: f_hid: fix report descriptor allocation (Konstantin Aladyshev) - drm/amdgpu: correct the amdgpu runtime dereference usage count (Prike Liang) - drm/amd/amdgpu: Fix warnings in amdgpu/amdgpu_display.c (Srinivasan Shanmugam) - gpiolib: sysfs: Fix error handling on failed export (Boerge Struempfel) - arm64: dts: mt8183: kukui: Fix underscores in node names (Hsin-Yi Wang) - arm64: dts: mediatek: add missing space before { (Krzysztof Kozlowski) - arm64: dts: mediatek: mt8183: Move thermal-zones to the root node (AngeloGioacchino Del Regno) - arm64: dts: mediatek: align thermal zone node names with dtschema (Krzysztof Kozlowski) - tools headers UAPI: Sync linux/perf_event.h with the kernel sources (Namhyung Kim) - docs/process/howto: Replace C89 with C11 (Akira Yokosawa) - platform/x86: asus-wmi: Fix kbd_dock_devid tablet-switch reporting (Hans de Goede) - netfilter: nft_set_pipapo: skip inactive elements during set walk (Florian Westphal) - io_uring/af_unix: disable sending io_uring over sockets (Pavel Begunkov) - mm: fix oops when filemap_map_pmd() without prealloc_pte (Hugh Dickins) - r8169: fix rtl8125b PAUSE frames blasting when suspended (ChunHao Lin) - tracing: Stop current tracer when resizing buffer (Steven Rostedt (Google)) - tracing: Set actual size after ring buffer resize (Zheng Yejian) - ring-buffer: Force absolute timestamp on discard of event (Steven Rostedt (Google)) - misc: mei: client.c: fix problem of return '-EOVERFLOW' in mei_cl_write (Su Hui) - misc: mei: client.c: return negative error code in mei_cl_write (Su Hui) - coresight: etm4x: Remove bogous __exit annotation for some functions (Uwe Kleine-Konig) - coresight: etm4x: Make etm4_remove_dev() return void (Uwe Kleine-Konig) - kallsyms: Make kallsyms_on_each_symbol generally available (Jiri Olsa) - binder: fix memory leaks of spam and pending work (Carlos Llamas) - arm64: dts: mediatek: mt8183: Fix unit address for scp reserved memory (AngeloGioacchino Del Regno) - arm64: dts: mediatek: mt8173-evb: Fix regulator-fixed node names (AngeloGioacchino Del Regno) - arm64: dts: mediatek: mt8183-kukui-jacuzzi: fix dsi unnecessary cells properties (Eugen Hristev) - arm64: dts: mediatek: mt7622: fix memory node warning check (Eugen Hristev) - platform/surface: aggregator: fix recv_buf() return value (Francesco Dolcini) - regmap: fix bogus error on regcache_sync success (Matthias Reichl) - packet: Move reference count in packet_sock to atomic_long_t (Daniel Borkmann) - tracing: Fix a possible race when disabling buffered events (Petr Pavlu) - tracing: Fix incomplete locking when disabling buffered events (Petr Pavlu) - tracing: Disable snapshot buffer when stopping instance tracers (Steven Rostedt (Google)) - tracing: Always update snapshot buffer size (Steven Rostedt (Google)) - checkstack: fix printed address (Heiko Carstens) - nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage() (Ryusuke Konishi) - nilfs2: fix missing error check for sb_set_blocksize call (Ryusuke Konishi) - ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5 (Bin Li) - ALSA: pcm: fix out-of-bounds in snd_pcm_state_names (Jason Zhang) - ALSA: usb-audio: Add Pioneer DJM-450 mixer controls (Sarah Grant) - io_uring: fix mutex_unlock with unreferenced ctx (Pavel Begunkov) - nvme-pci: Add sleep quirk for Kingston drives (Georg Gottleuber) - kprobes: consistent rcu api usage for kretprobe holder (JP Kobryn) - md: don't leave 'MD_RECOVERY_FROZEN' in error path of md_set_readonly() (Yu Kuai) - md: introduce md_ro_state (Ye Bin) - riscv: fix misaligned access handling of C.SWSP and C.SDSP (Clement Leger) - ARM: dts: imx28-xea: Pass the 'model' property (Fabio Estevam) - ARM: dts: imx7: Declare timers compatible with fsl,imx6dl-gpt (Philipp Zabel) - ARM: imx: Check return value of devm_kasprintf in imx_mmdc_perf_init (Kunwu Chan) - scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() (Dinghao Liu) - tracing: Fix a warning when allocating buffered events fails (Petr Pavlu) - ARM: dts: imx6ul-pico: Describe the Ethernet PHY clock (Fabio Estevam) - arm64: dts: imx8mp: imx8mq: Add parkmode-disable-ss-quirk on DWC3 (Nathan Rossi) - arm64: dts: imx8mq: drop usb3-resume-missing-cas from usb (Peng Fan) - RDMA/irdma: Avoid free the non-cqp_request scratch (Shifeng Li) - RDMA/core: Fix umem iterator when PAGE_SIZE is greater then HCA pgsz (Mike Marciniszyn) - ASoC: wm_adsp: fix memleak in wm_adsp_buffer_populate (Dinghao Liu) - hwmon: (nzxt-kraken2) Fix error handling path in kraken2_probe() (Christophe JAILLET) - hwmon: (acpi_power_meter) Fix 4.29 MW bug (Armin Wolf) - RDMA/bnxt_re: Correct module description string (Kalesh AP) - RDMA/rtrs-clt: Remove the warnings for req in_use check (Jack Wang) - RDMA/rtrs-clt: Fix the max_send_wr setting (Jack Wang) - RDMA/rtrs-srv: Destroy path files after making sure no IOs in-flight (Md Haris Iqbal) - RDMA/rtrs-srv: Free srv_mr iu only when always_invalidate is true (Md Haris Iqbal) - RDMA/rtrs-srv: Check return values while processing info request (Md Haris Iqbal) - RDMA/rtrs-clt: Start hb after path_up (Jack Wang) - RDMA/rtrs-srv: Do not unconditionally enable irq (Jack Wang) - arm64: dts: rockchip: Expand reg size of vdec node for RK3399 (Alex Bee) - RDMA/irdma: Add wait for suspend on SQD (Mustafa Ismail) - RDMA/irdma: Do not modify to SQD on error (Mustafa Ismail) - RDMA/hns: Fix unnecessary err return when using invalid congest control algorithm (Junxian Huang) - tee: optee: Fix supplicant based device enumeration (Sumit Garg) - drop_monitor: Require 'CAP_SYS_ADMIN' when joining 'events' group (Ido Schimmel) - net: add missing kdoc for struct genl_multicast_group::flags (Jakub Kicinski) - psample: Require 'CAP_NET_ADMIN' when joining 'packets' group (Ido Schimmel) - bpf: sockmap, updating the sg structure should also update curr (John Fastabend) - tcp: do not accept ACK of bytes we never sent (Eric Dumazet) - netfilter: xt_owner: Fix for unsafe access of sk->sk_socket (Phil Sutter) - netfilter: nf_tables: validate family when identifying table via handle (Pablo Neira Ayuso) - netfilter: nf_tables: bail out on mismatching dynset and set expressions (Pablo Neira Ayuso) [Orabug: 36155544] {CVE-2023-6622} - octeontx2-af: Update Tx link register range (Rahul Bhansali) - net: hns: fix fake link up on xge port (Yonglong Liu) - ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit() (Shigeru Yoshida) - ionic: Fix dim work handling in split interrupt mode (Brett Creeley) - ionic: fix snprintf format length warning (Shannon Nelson) - net: bnxt: fix a potential use-after-free in bnxt_init_tc (Dinghao Liu) - i40e: Fix unexpected MFS warning message (Ivan Vecera) - octeontx2-af: fix a use-after-free in rvu_npa_register_reporters (Zhipeng Lu) - net: stmmac: fix FPE events losing (Jianheng Zhang) - arcnet: restoring support for multiple Sohard Arcnet cards (Thomas Reichinger) - platform/mellanox: Check devm_hwmon_device_register_with_groups() return value (Kunwu Chan) - platform/mellanox: Add null pointer checks for devm_kasprintf() (Kunwu Chan) - mlxbf-bootctl: correctly identify secure boot with development keys (David Thompson) - r8152: Add RTL8152_INACCESSIBLE to r8153_aldps_en() (Douglas Anderson) - r8152: Add RTL8152_INACCESSIBLE to r8153_pre_firmware_1() (Douglas Anderson) - r8152: Add RTL8152_INACCESSIBLE to r8156b_wait_loading_flash() (Douglas Anderson) - r8152: Add RTL8152_INACCESSIBLE checks to more loops (Douglas Anderson) - r8152: Rename RTL8152_UNPLUG to RTL8152_INACCESSIBLE (Douglas Anderson) - hv_netvsc: rndis_filter needs to select NLS (Randy Dunlap) - octeontx2-af: Check return value of nix_get_nixlf before using nixlf (Subbaraya Sundeep) - octeontx2-pf: Add missing mutex lock in otx2_get_pauseparam (Subbaraya Sundeep) - ipv6: fix potential NULL deref in fib6_add() (Eric Dumazet) - platform/x86: wmi: Skip blocks with zero instances (Armin Wolf) - platform/x86: wmi: Allow duplicate GUIDs for drivers that use struct wmi_driver (Mario Limonciello) - of: dynamic: Fix of_reconfig_get_state_change() return value documentation (Luca Ceresoli) - platform/x86: asus-wmi: Move i8042 filter install to shared asus-wmi code (Hans de Goede) - platform/x86: asus-wmi: Simplify tablet-mode-switch handling (Hans de Goede) - platform/x86: asus-wmi: Simplify tablet-mode-switch probing (Hans de Goede) - platform/x86: asus-wmi: Add support for ROG X13 tablet mode (Luke D. Jones) - platform/x86: asus-wmi: Adjust tablet/lidflip handling to use enum (Luke D. Jones) - drm/amdgpu: correct chunk_ptr to a pointer to chunk. (YuanShang) - kconfig: fix memory leak from range properties (Masahiro Yamada) - tg3: Increment tx_dropped in tg3_tso_bug() (Alex Pakhunov) - tg3: Move the [rt]x_dropped counters to tg3_napi (Alex Pakhunov) - netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test (Jozsef Kadlecsik) - i2c: designware: Fix corrupted memory seen in the ISR (Jan Bottorff) - vdpa/mlx5: preserve CVQ vringh index (Steve Sistare) - LTS version: v5.15.142 (Jack Vogel) - iomap: update ki_pos a little later in iomap_dio_complete (Christoph Hellwig) - r8169: fix deadlock on RTL8125 in jumbo mtu mode (Heiner Kallweit) - r8169: disable ASPM in case of tx timeout (Heiner Kallweit) - mmc: sdhci-sprd: Fix vqmmc not shutting down after the card was pulled (Wenchao Chen) - mmc: core: add helpers mmc_regulator_enable/disable_vqmmc (Heiner Kallweit) - iommu/vt-d: Make context clearing consistent with context mapping (Lu Baolu) - iommu/vt-d: Omit devTLB invalidation requests when TES=0 (Lu Baolu) - cpufreq: imx6q: Don't disable 792 Mhz OPP unnecessarily (Christoph Niedermaier) - cpufreq: imx6q: don't warn for disabling a non-existing frequency (Christoph Niedermaier) - smb3: fix caching of ctime on setxattr (Steve French) - fs: add ctime accessors infrastructure (Jeff Layton) - fbdev: stifb: Make the STI next font pointer a 32-bit signed offset (Helge Deller) - ASoC: SOF: sof-pci-dev: Fix community key quirk detection (Mark Hasemeyer) - ASoC: SOF: sof-pci-dev: don't use the community key on APL Chromebooks (Pierre-Louis Bossart) - ASoC: SOF: sof-pci-dev: add parameter to override topology filename (Pierre-Louis Bossart) - ASoC: SOF: sof-pci-dev: use community key on all Up boards (Pierre-Louis Bossart) - ASoC: Intel: Move soc_intel_is_foo() helpers to a generic header (Hans de Goede) - smb3: fix touch -h of symlink (Steve French) - selftests/resctrl: Move _GNU_SOURCE define into Makefile (Ilpo Jarvinen) - selftests/resctrl: Add missing SPDX license to Makefile (Shaopeng Tan) - perf intel-pt: Fix async branch flags (Adrian Hunter) - net: ravb: Stop DMA in case of failures on ravb_open() (Claudiu Beznea) - net: ravb: Start TX queues after HW initialization succeeded (Claudiu Beznea) - net: ravb: Use pm_runtime_resume_and_get() (Claudiu Beznea) - net: ravb: Check return value of reset_control_deassert() (Claudiu Beznea) - ravb: Fix races between ravb_tx_timeout_work() and net related ops (Yoshihiro Shimoda) - r8169: prevent potential deadlock in rtl8169_close (Heiner Kallweit) - octeontx2-pf: Fix adding mbox work queue entry when num_vfs > 64 (Geetha sowjanya) - net: stmmac: xgmac: Disable FPE MMC interrupts (Furong Xu) - octeontx2-af: Fix possible buffer overflow (Elena Salomatkina) - selftests/net: ipsec: fix constant out of range (Willem de Bruijn) - uapi: propagate __struct_group() attributes to the container union (Dmitry Antipov) - dpaa2-eth: increase the needed headroom to account for alignment (Ioana Ciornei) - ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet (Zhengchao Shao) - usb: config: fix iteration issue in 'usb_get_bos_descriptor()' (Niklas Neronin) - USB: core: Change configuration warnings to notices (Alan Stern) - hv_netvsc: fix race of netvsc and VF register_netdevice (Haiyang Zhang) - rcu: Avoid tracing a few functions executed in stop machine (Patrick Wang) - vlan: move dev_put into vlan_dev_uninit (Xin Long) - vlan: introduce vlan_dev_free_egress_priority (Xin Long) - Input: xpad - add HyperX Clutch Gladiate Support (Max Nguyen) - btrfs: make error messages more clear when getting a chunk map (Filipe Manana) - btrfs: send: ensure send_fd is writable (Jann Horn) - btrfs: fix off-by-one when checking chunk map includes logical address (Filipe Manana) - btrfs: ref-verify: fix memory leaks in btrfs_ref_tree_mod() (Bragatheswaran Manickavel) - btrfs: add dmesg output for first mount and last unmount of a filesystem (Qu Wenruo) - parisc: Drop the HP-UX ENOSYM and EREMOTERELEASE error codes (Helge Deller) - powerpc: Don't clobber f0/vs0 during fp|altivec register save (Timothy Pearson) - iommu/vt-d: Add MTL to quirk list to skip TE disabling (Abdul Halim, Mohd Syazwan) - bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (Markus Weippert) - dm verity: don't perform FEC for failed readahead IO (Wu Bo) - dm-verity: align struct dm_verity_fec_io properly (Mikulas Patocka) - ALSA: hda/realtek: Add supported ALC257 for ChromeOS (Kailang Yang) - ALSA: hda/realtek: Headset Mic VREF to 100% (Kailang Yang) - ALSA: hda: Disable power-save on KONTRON SinglePC (Takashi Iwai) - mmc: block: Be sure to wait while busy in CQE error recovery (Adrian Hunter) - mmc: block: Do not lose cache flush during CQE error recovery (Adrian Hunter) - mmc: block: Retry commands in CQE error recovery (Adrian Hunter) - mmc: cqhci: Fix task clearing in CQE error recovery (Adrian Hunter) - mmc: cqhci: Warn of halt or task clear failure (Adrian Hunter) - mmc: cqhci: Increase recovery halt timeout (Adrian Hunter) - firewire: core: fix possible memory leak in create_units() (Yang Yingliang) - pinctrl: avoid reload of p state in list iteration (Maria Yu) - LTS version: v5.15.141 (Jack Vogel) - io_uring: fix off-by one bvec index (Keith Busch) - USB: dwc3: qcom: fix wakeup after probe deferral (Johan Hovold) - USB: dwc3: qcom: fix software node leak on probe errors (Johan Hovold) - usb: dwc3: set the dma max_seg_size (Ricardo Ribalda) - usb: dwc3: Fix default mode initialization (Alexander Stein) - USB: dwc2: write HCINT with INTMASK applied (Oliver Neukum) - usb: typec: tcpm: Skip hard reset when in error recovery (Badhri Jagan Sridharan) - USB: serial: option: don't claim interface 4 for ZTE MF290 (Lech Perczak) - USB: serial: option: fix FM101R-GL defines (Puliang Lu) - USB: serial: option: add Fibocom L7xx modules (Victor Fragoso) - usb: cdnsp: Fix deadlock issue during using NCM gadget (Pawel Laszczak) - bcache: fixup lock c->root error (Mingzhe Zou) - bcache: fixup init dirty data errors (Mingzhe Zou) - bcache: prevent potential division by zero error (Rand Deeb) - bcache: check return value from btree_node_alloc_replacement() (Coly Li) - dm-delay: fix a race between delay_presuspend and delay_bio (Mikulas Patocka) - hv_netvsc: Mark VF as slave before exposing it to user-mode (Long Li) - hv_netvsc: Fix race of register_netdevice_notifier and VF register (Haiyang Zhang) - USB: serial: option: add Luat Air72*U series products (Asuna Yang) - s390/dasd: protect device queue against concurrent access (Jan Hoppner) - io_uring/fs: consider link->flags when getting path for LINKAT (Charles Mirabile) - bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race (Mingzhe Zou) - md: fix bi_status reporting in md_end_clone_io (Song Liu) - bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() (Coly Li) - swiotlb-xen: provide the 'max_mapping_size' method (Keith Busch) - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA (Hans de Goede) - proc: sysctl: prevent aliased sysctls from getting passed to init (Krister Johansen) - ext4: make sure allocate pending entry not fail (Zhang Yi) - ext4: fix slab-use-after-free in ext4_es_insert_extent() (Baokun Li) - ext4: using nofail preallocation in ext4_es_insert_extent() (Baokun Li) - ext4: using nofail preallocation in ext4_es_insert_delayed_block() (Baokun Li) - ext4: using nofail preallocation in ext4_es_remove_extent() (Baokun Li) - ext4: use pre-allocated es in __es_remove_extent() (Baokun Li) - ext4: use pre-allocated es in __es_insert_extent() (Baokun Li) - ext4: factor out __es_alloc_extent() and __es_free_extent() (Baokun Li) - ext4: add a new helper to check if es must be kept (Baokun Li) - media: qcom: camss: Fix csid-gen2 for test pattern generator (Andrey Konovalov) - media: qcom: camss: Fix set CSI2_RX_CFG1_VC_MODE when VC is greater than 3 (Bryan O'Donoghue) - media: camss: sm8250: Virtual channels for CSID (Milen Mitkov) - media: camss: Replace hard coded value with parameter (Souptick Joarder (HPE)) - MIPS: KVM: Fix a build warning about variable set but not used (Huacai Chen) - lockdep: Fix block chain corruption (Peter Zijlstra) - USB: dwc3: qcom: fix ACPI platform device leak (Johan Hovold) - USB: dwc3: qcom: fix resource leaks on probe deferral (Johan Hovold) - nvmet: nul-terminate the NQNs passed in the connect command (Christoph Hellwig) - afs: Fix file locking on R/O volumes to operate in local mode (David Howells) - afs: Return ENOENT if no cell DNS record can be found (David Howells) - net: axienet: Fix check for partial TX checksum (Samuel Holland) - amd-xgbe: propagate the correct speed and duplex status (Raju Rangoju) - amd-xgbe: handle the corner-case during tx completion (Raju Rangoju) - amd-xgbe: handle corner-case during sfp hotplug (Raju Rangoju) - octeontx2-pf: Fix ntuple rule creation to direct packet to VF with higher Rx queue than its PF (Suman Ghosh) - arm/xen: fix xen_vcpu_info allocation alignment (Stefano Stabellini) - net/smc: avoid data corruption caused by decline (D. Wythe) - net: usb: ax88179_178a: fix failed operations during ax88179_reset (Jose Ignacio Tornos Martinez) - ipv4: Correct/silence an endian warning in __ip_do_redirect (Kunwu Chan) - HID: fix HID device resource race between HID core and debugging support (Charles Yi) - HID: core: store the unique system identifier in hid_device (Benjamin Tissoires) - drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full (Jonas Karlman) - ata: pata_isapnp: Add missing error check for devm_ioport_map() (Chen Ni) - octeontx2-pf: Fix memory leak during interface down (Suman Ghosh) - wireguard: use DEV_STATS_INC() (Eric Dumazet) - drm/panel: simple: Fix Innolux G101ICE-L01 timings (Marek Vasut) - drm/panel: simple: Fix Innolux G101ICE-L01 bus flags (Marek Vasut) - drm/panel: auo,b101uan08.3: Fine tune the panel power sequence (Xuxin Xiong) - drm/panel: boe-tv101wum-nl6: Fine tune the panel power sequence (Shuijing Li) - afs: Make error on cell lookup failure consistent with OpenAFS (David Howells) - afs: Fix afs_server_list to be cleaned up with RCU (David Howells) - LTS version: v5.15.140 (Jack Vogel) - driver core: Release all resources during unbind before updating device links (Saravana Kannan) - Input: xpad - add VID for Turtle Beach controllers (Vicki Pfau) - powerpc/powernv: Fix fortify source warnings in opal-prd.c (Michael Ellerman) - io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid (Jens Axboe) - drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox (Lewis Huang) - drm/amdgpu: fix error handling in amdgpu_bo_list_get() (Christian Konig) - drm/amdgpu: don't use ATRM for external devices (Alex Deucher) - drm/i915: Fix potential spectre vulnerability (Kunwu Chan) - drm/amd/pm: Handle non-terminated overdrive commands. (Bas Nieuwenhuizen) - ext4: add missed brelse in update_backups (Kemeng Shi) - ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks (Kemeng Shi) - ext4: correct the start block of counting reserved clusters (Zhang Yi) - ext4: correct return value of ext4_convert_meta_bg (Kemeng Shi) - ext4: correct offset of gdb backup in non meta_bg group to update_backups (Kemeng Shi) - ext4: apply umask if ACL support is disabled (Max Kellermann) - Revert 'net: r8169: Disable multicast filter for RTL8168H and RTL8107E' (Heiner Kallweit) - media: qcom: camss: Fix missing vfe_lite clocks check (Bryan O'Donoghue) - media: qcom: camss: Fix VFE-17x vfe_disable_output() (Bryan O'Donoghue) - media: qcom: camss: Fix vfe_get() error jump (Bryan O'Donoghue) - media: qcom: camss: Fix pm_domain_on sequence in probe (Bryan O'Donoghue) - mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of AER (Victor Shih) - r8169: fix network lost after resume on DASH systems (ChunHao Lin) - mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors (Roman Gushchin) - mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM L1.2 (Victor Shih) - riscv: kprobes: allow writing to x0 (Nam Cao) - nfsd: fix file memleak on client_opens_release (Mahmoud Adam) - media: ccs: Correctly initialise try compose rectangle (Sakari Ailus) - media: venus: hfi: add checks to handle capabilities from firmware (Vikash Garodia) - media: venus: hfi: fix the check to handle session buffer requirement (Vikash Garodia) - media: venus: hfi_parser: Add check to keep the number of codecs within range (Vikash Garodia) - media: sharp: fix sharp encoding (Sean Young) - media: lirc: drop trailing space from scancode transmit (Sean Young) - f2fs: avoid format-overflow warning (Su Hui) - i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (Heiner Kallweit) - net: phylink: initialize carrier state at creation (Klaus Kudielka) - net: dsa: lan9303: consequently nested-lock physical MDIO (Alexander Sverdlin) - net: ethtool: Fix documentation of ethtool_sprintf() (Andrew Lunn) - s390/ap: fix AP bus crash on early config change callback invocation (Harald Freudenberger) - i2c: designware: Disable TX_EMPTY irq while waiting for block length byte (Tam Nguyen) - lsm: fix default return value for inode_getsecctx (Ondrej Mosnacek) - lsm: fix default return value for vm_enough_memory (Ondrej Mosnacek) - Revert 'i2c: pxa: move to generic GPIO recovery' (Robert Marko) - powerpc/pseries/ddw: simplify enable_ddw() (Alexey Kardashevskiy) - arm64: dts: qcom: ipq6018: Fix tcsr_mutex register size (Vignesh Viswanathan) - arm64: dts: qcom: ipq6018: switch TCSR mutex to MMIO (Krzysztof Kozlowski) - ksmbd: fix slab out of bounds write in smb_inherit_dacl() (Namjae Jeon) - Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE (Guan Wentao) - Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables (Masum Reza) - bluetooth: Add device 13d3:3571 to device tables (Larry Finger) - bluetooth: Add device 0bda:887b to device tables (Larry Finger) - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559 (Artem Lukyanov) - cpufreq: stats: Fix buffer overflow detection in trans_stats() (Christian Marangi) - regmap: Ensure range selector registers are updated after cache sync (Mark Brown) - tty: serial: meson: fix hard LOCKUP on crtscts mode (Pavel Krasavin) - serial: meson: Use platform_get_irq() to get the interrupt (Lad Prabhakar) - ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC (Chandradeep Dey) - ALSA: hda/realtek - Add Dell ALC295 to pin fall back table (Kailang Yang) - ALSA: info: Fix potential deadlock at disconnection (Takashi Iwai) - xhci: Enable RPM on controllers that support low-power states (Basavaraj Natikar) - parisc/pgtable: Do not drop upper 5 address bits of physical address (Helge Deller) - parisc: Prevent booting 64-bit kernels on PA1.x machines (Helge Deller) - i3c: master: svc: fix SDA keep low when polling IBIWON timeout happen (Frank Li) - i3c: master: svc: fix check wrong status register in irq handler (Frank Li) - i3c: master: svc: fix ibi may not return mandatory data byte (Frank Li) - i3c: master: svc: fix wrong data return when IBI happen during start frame (Frank Li) - i3c: master: svc: fix race condition in ibi work thread (Frank Li) - i3c: master: cdns: Fix reading status register (Joshua Yeong) - mtd: cfi_cmdset_0001: Byte swap OTP info (Linus Walleij) - mm/memory_hotplug: use pfn math in place of direct struct page manipulation (Zi Yan) - mm/cma: use nth_page() in place of direct struct page manipulation (Zi Yan) - s390/cmma: fix detection of DAT pages (Heiko Carstens) - dmaengine: stm32-mdma: correct desc prep when channel running (Alain Volmat) - mcb: fix error handling for different scenarios when parsing (Sanjuan Garcia, Jorge) - tracing: Have the user copy of synthetic event address use correct context (Steven Rostedt (Google)) - i2c: core: Run atomic i2c xfer when !preemptible (Benjamin Bara) - kernel/reboot: emergency_restart: Set correct system_state (Benjamin Bara) - quota: explicitly forbid quota files from being encrypted (Eric Biggers) - jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev (Zhihao Cheng) - ASoC: codecs: wsa-macro: fix uninitialized stack variables with name prefix (Krzysztof Kozlowski) - selftests/resctrl: Reduce failures due to outliers in MBA/MBM tests (Ilpo Jarvinen) - selftests/resctrl: Remove duplicate feature check from CMT test (Ilpo Jarvinen) - netfilter: nf_tables: split async and sync catchall in two functions (Pablo Neira Ayuso) - netfilter: nf_tables: remove catchall element in GC sync path (Pablo Neira Ayuso) [Orabug: 36028059] {CVE-2023-6111} - PCI: keystone: Don't discard .probe() callback (Uwe Kleine-Konig) - PCI: keystone: Don't discard .remove() callback (Uwe Kleine-Konig) - KEYS: trusted: Rollback init_trusted() consistently (Jarkko Sakkinen) - genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware (Herve Codina) - mmc: meson-gx: Remove setting of CMD_CFG_ERROR (Rong Chen) - wifi: ath11k: fix htt pktlog locking (Johan Hovold) - wifi: ath11k: fix dfs radar event locking (Johan Hovold) - wifi: ath11k: fix temperature event locking (Johan Hovold) - ima: detect changes to the backing overlay file (Mimi Zohar) - ima: annotate iint mutex to avoid lockdep false positive warnings (Amir Goldstein) - ACPI: FPDT: properly handle invalid FPDT subtables (Vasily Khoruzhick) - firmware: qcom_scm: use 64-bit calling convention only when client is 64-bit (Kathiravan Thirumoorthy) - btrfs: don't arbitrarily slow down delalloc if we're committing (Josef Bacik) - rcu: kmemleak: Ignore kmemleak false positives when RCU-freeing objects (Catalin Marinas) - PM: hibernate: Clean up sync_read handling in snapshot_write_next() (Brian Geffon) - PM: hibernate: Use __get_safe_page() rather than touching the list (Brian Geffon) - arm64: dts: qcom: ipq6018: Fix hwlock index for SMEM (Vignesh Viswanathan) - rcu/tree: Defer setting of jiffies during stall reset (Joel Fernandes (Google)) - svcrdma: Drop connection after an RDMA Read error (Chuck Lever) - wifi: wilc1000: use vmm_table as array in wilc struct (Ajay Singh) - PCI: exynos: Don't discard .remove() callback (Uwe Kleine-Konig) - PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common() (Heiner Kallweit) - mmc: sdhci_am654: fix start loop index for TAP value parsing (Nitin Yadav) - mmc: vub300: fix an error code (Dan Carpenter) - clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks (Kathiravan Thirumoorthy) - clk: qcom: ipq8074: drop the CLK_SET_RATE_PARENT flag from PLL clocks (Kathiravan Thirumoorthy) - clk: socfpga: Fix undefined behavior bug in struct stratix10_clock_data (Gustavo A. R. Silva) - parisc/pdc: Add width field to struct pdc_model (Helge Deller) - arm64: Restrict CPU_BIG_ENDIAN to GNU as or LLVM IAS 15.x or newer (Nathan Chancellor) - ACPI: resource: Do IRQ override on TongFang GMxXGxx (Werner Sembach) - watchdog: move softlockup_panic back to early_param (Krister Johansen) - PCI/sysfs: Protect driver's D3cold preference from user space (Lukas Wunner) - hvc/xen: fix event channel handling for secondary consoles (David Woodhouse) - hvc/xen: fix error path in xen_hvc_init() to always register frontend driver (David Woodhouse) - hvc/xen: fix console unplug (David Woodhouse) - tty/sysrq: replace smp_processor_id() with get_cpu() (Muhammad Usama Anjum) - audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare() (Paul Moore) - audit: don't take task_lock() in audit_exe_compare() code path (Paul Moore) - KVM: x86: Ignore MSR_AMD64_TW_CFG access (Maciej S. Szmigiero) - KVM: x86: hyper-v: Don't auto-enable stimer on write from user-space (Nicolas Saenz Julienne) - x86/cpu/hygon: Fix the CPU topology evaluation for real (Pu Wen) - crypto: x86/sha - load modules based on CPU features (Roxana Nicolescu) - scsi: qla2xxx: Fix system crash due to bad pointer access (Quinn Tran) - scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for selected registers (Chandrakanth patil) - bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END (Shung-Hsi Yu) - bpf: Fix check_stack_write_fixed_off() to correctly spill imm (Hao Sun) - randstruct: Fix gcc-plugin performance mode to stay in group (Kees Cook) - powerpc/perf: Fix disabling BHRB and instruction sampling (Nicholas Piggin) - media: venus: hfi: add checks to perform sanity on queue pointers (Vikash Garodia) - i915/perf: Fix NULL deref bugs with drm_dbg() calls (Harshit Mogalapalli) - xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init() (Li Zetao) - xfs: fix memory leak in xfs_errortag_init (Zeng Heng) - xfs: fix exception caused by unexpected illegal bestcount in leaf dir (Guo Xuenan) - xfs: avoid a UAF when log intent item recovery fails (Darrick J. Wong) - xfs: fix inode reservation space for removing transaction (hexiaole) - xfs: Fix false ENOSPC when performing direct write on a delalloc extent in cow fork (Chandan Babu R) - xfs: fix intermittent hang during quotacheck (Darrick J. Wong) - xfs: don't leak memory when attr fork loading fails (Darrick J. Wong) - xfs: fix use-after-free in xattr node block inactivation (Darrick J. Wong) - xfs: flush inode gc workqueue before clearing agi bucket (Zhang Yi) - xfs: prevent a UAF when log IO errors race with unmount (Darrick J. Wong) - xfs: use invalidate_lock to check the state of mmap_lock (Kaixu Xia) - xfs: convert buf_cancel_table allocation to kmalloc_array (Darrick J. Wong) - xfs: don't leak xfs_buf_cancel structures when recovery fails (Darrick J. Wong) - xfs: refactor buffer cancellation table allocation (Darrick J. Wong) - cifs: fix check of rc in function generate_smb3signingkey (Ekaterina Esina) - cifs: spnego: add ';' in HOST_KEY_LEN (Anastasia Belova) - tools/power/turbostat: Enable the C-state Pre-wake printing (Chen Yu) - tools/power/turbostat: Fix a knl bug (Zhang Rui) - macvlan: Don't propagate promisc change to lower dev in passthru (Vlad Buslov) - net/mlx5e: Check return value of snprintf writing to fw_version buffer for representors (Rahul Rameshbabu) - net/mlx5e: Reduce the size of icosq_str (Saeed Mahameed) - net/mlx5e: Fix pedit endianness (Vlad Buslov) - net/mlx5e: fix double free of encap_header in update funcs (Gavin Li) - net/mlx5e: fix double free of encap_header (Dust Li) - net: stmmac: fix rx budget limit check (Baruch Siach) - netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() (Dan Carpenter) - netfilter: nf_tables: add and use BE register load-store helpers (Florian Westphal) - netfilter: nf_tables: use the correct get/put helpers (Florian Westphal) - netfilter: nf_conntrack_bridge: initialize err to 0 (Linkui Xiao) - af_unix: fix use-after-free in unix_stream_read_actor() (Eric Dumazet) - net: ethernet: cortina: Fix MTU max setting (Linus Walleij) - net: ethernet: cortina: Handle large frames (Linus Walleij) - net: ethernet: cortina: Fix max RX frame define (Linus Walleij) - bonding: stop the device in bond_setup_by_slave() (Eric Dumazet) - ptp: annotate data-race around q->head and q->tail (Eric Dumazet) - xen/events: fix delayed eoi list handling (Juergen Gross) - ppp: limit MRU to 64K (Willem de Bruijn) - tipc: Fix kernel-infoleak due to uninitialized TLV value (Shigeru Yoshida) - net: hns3: fix VF wrong speed and duplex issue (Jijie Shao) - net: hns3: fix VF reset fail issue (Jijie Shao) - net: hns3: fix variable may not initialized problem in hns3_init_mac_addr() (Yonglong Liu) - net: hns3: fix incorrect capability bit display for copper port (Jian Shen) - net: hns3: add barrier in vf mailbox reply process (Yonglong Liu) - net: hns3: add byte order conversion for PF to VF mailbox message (Jie Wang) - net: hns3: refine the definition for struct hclge_pf_to_vf_msg (Jian Shen) - net: hns3: fix add VLAN fail issue (Jian Shen) - tty: Fix uninit-value access in ppp_sync_receive() (Shigeru Yoshida) - ipvlan: add ipvlan_route_v6_outbound() helper (Eric Dumazet) - net: set SOCK_RCU_FREE before inserting socket into hashtable (Stanislav Fomichev) - gfs2: Silence 'suspicious RCU usage in gfs2_permission' warning (Andreas Gruenbacher) - SUNRPC: Fix RPC client cleaned up the freed pipefs dentries (felix) - NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO (Olga Kornievskaia) - SUNRPC: Add an IS_ERR() check back to where it was (Dan Carpenter) - SUNRPC: ECONNRESET might require a rebind (Trond Myklebust) - media: cec: meson: always include meson sub-directory in Makefile (Marek Szyprowski) - media: cadence: csi2rx: Unregister v4l2 async notifier (Pratyush Yadav) - sched/core: Optimize in_task() and in_interrupt() a bit (Finn Thain) - tracing/perf: Add interrupt_context_level() helper (Steven Rostedt (VMware)) - tracing: Reuse logic from perf's get_recursion_context() (Steven Rostedt (VMware)) - wifi: iwlwifi: Use FW rate for non-data frames (Miri Korenblit) - pwm: Fix double shift bug (Dan Carpenter) - drm/amdgpu: fix software pci_unplug on some chips (Vitaly Prosyak) - drm/qxl: prevent memory leak (Zongmin Zhou) - ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings (Tony Lindgren) - i2c: dev: copy userspace array safely (Philipp Stanner) - kgdb: Flush console before entering kgdb on panic (Douglas Anderson) - drm/amd/display: Avoid NULL dereference of timing generator (Wayne Lin) - media: imon: fix access to invalid resource for the second interface (Takashi Iwai) - media: ccs: Fix driver quirk struct documentation (Sakari Ailus) - media: cobalt: Use FIELD_GET() to extract Link Width (Ilpo Jarvinen) - gfs2: fix an oops in gfs2_permission (Al Viro) - gfs2: ignore negated quota changes (Bob Peterson) - media: vivid: avoid integer overflow (Hans Verkuil) - media: gspca: cpia1: shift-out-of-bounds in set_flicker (Rajeshwar R Shinde) - i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data. (Billy Tsai) - virtio-blk: fix implicit overflow on virtio_max_dma_size (zhenwei pi) - i2c: sun6i-p2wi: Prevent potential division by zero (Axel Lin) - i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler (Jarkko Nikula) - 9p: v9fs_listxattr: fix %s null argument warning (Dominique Martinet) - 9p/trans_fd: Annotate data-racy writes to file::f_flags (Marco Elver) - usb: gadget: f_ncm: Always set current gadget in ncm_bind() (Hardik Gajjar) - tty: vcc: Add check for kstrdup() in vcc_probe() (Yi Yang) - exfat: support handle zero-size directory (Yuezhang Mo) - HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W (Jiri Kosina) - PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk (Bjorn Helgaas) - misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller (Yoshihiro Shimoda) - PCI: Disable ATS for specific Intel IPU E2000 devices (Bartosz Pawlowski) - PCI: Extract ATS disabling to a helper function (Bartosz Pawlowski) - PCI: Use FIELD_GET() to extract Link Width (Ilpo Jarvinen) - scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (Wenchao Hao) - atm: iphase: Do PCI error checks on own line (Ilpo Jarvinen) - PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields (Ilpo Jarvinen) - ALSA: hda: Fix possible null-ptr-deref when assigning a stream (Cezary Rojewski) - ARM: 9320/1: fix stack depot IRQ stack filter (Vincent Whitchurch) - HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround (Mikhail Khvainitski) - jfs: fix array-index-out-of-bounds in diAlloc (Manas Ghandat) - jfs: fix array-index-out-of-bounds in dbFindLeaf (Manas Ghandat) - fs/jfs: Add validity check for db_maxag and db_agpref (Juntong Deng) - fs/jfs: Add check for negative db_l2nbperpage (Juntong Deng) - scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (Tyrel Datwyler) - scsi: hisi_sas: Set debugfs_dir pointer to NULL after removing debugfs (Yihang Li) - RDMA/hfi1: Use FIELD_GET() to extract Link Width (Ilpo Jarvinen) - crypto: pcrypt - Fix hungtask for PADATA_RESET (Lu Jialin) - ASoC: soc-card: Add storage for PCI SSID (Richard Fitzgerald) - selftests/efivarfs: create-read: fix a resource leak (zhujun2) - arm64: dts: ls208xa: use a pseudo-bus to constrain usb dma size (Laurentiu Tudor) - drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL (Qu Huang) - drm/amdkfd: Fix shift out-of-bounds issue (Jesse Zhang) - drm/panel: st7703: Pick different reset sequence (Ondrej Jirman) - drm/amdgpu/vkms: fix a possible null pointer dereference (Ma Ke) - drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (Ma Ke) - drm/panel: fix a possible null pointer dereference (Ma Ke) - drm/amdgpu: Fix potential null pointer derefernce (Stanley.Yang) - drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (Mario Limonciello) - drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (Mario Limonciello) - drm/msm/dp: skip validity check for DP CTS EDID checksum (Jani Nikula) - drm: vmwgfx_surface.c: copy user-array safely (Philipp Stanner) - kernel: watch_queue: copy user-array safely (Philipp Stanner) - kernel: kexec: copy user-array safely (Philipp Stanner) - string.h: add array-wrappers for (v)memdup_user() (Philipp Stanner) - drm/amd/display: use full update for clip size increase of large plane source (Wenjing Liu) - drm/amdkfd: Fix a race condition of vram buffer unref in svm code (Xiaogang Chen) - drm/komeda: drop all currently held locks if deadlock happens (baozhu.liu) - platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e (Olli Asikainen) - Bluetooth: Fix double free in hci_conn_cleanup (ZhengHan Wang) - Bluetooth: btusb: Add date->evt_skb is NULL check (youwan Wang) - wifi: ath10k: Don't touch the CE interrupt registers after power up (Douglas Anderson) - net: annotate data-races around sk->sk_dst_pending_confirm (Eric Dumazet) - net: annotate data-races around sk->sk_tx_queue_mapping (Eric Dumazet) - wifi: ath10k: fix clang-specific fortify warning (Dmitry Antipov) - wifi: ath9k: fix clang-specific fortify warnings (Dmitry Antipov) - bpf: Detect IP == ksym.end as part of BPF program (Kumar Kartikeya Dwivedi) - atl1c: Work around the DMA RX overflow issue (Sieng-Piaw Liew) - wifi: mac80211: don't return unset power in ieee80211_get_tx_power() (Ping-Ke Shih) - wifi: mac80211_hwsim: fix clang-specific fortify warning (Dmitry Antipov) - x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size (Mike Rapoport (IBM)) - workqueue: Provide one lock class key per work_on_cpu() callsite (Frederic Weisbecker) - clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware (Ronald Wahl) - clocksource/drivers/timer-imx-gpt: Fix potential memory leak (Jacky Bai) - perf/core: Bail out early if the request AUX area is out of bound (Shuai Xue) - locking/ww_mutex/test: Fix potential workqueue corruption (John Stultz) - LTS version: v5.15.139 (Jack Vogel) - btrfs: use u64 for buffer sizes in the tree search ioctls (Filipe Manana) - Revert 'mmc: core: Capture correct oemid-bits for eMMC cards' (Dominique Martinet) - tracing/kprobes: Fix the order of argument descriptions (Yujie Liu) - fbdev: fsl-diu-fb: mark wr_reg_wa() static (Arnd Bergmann) - fbdev: imsttfb: fix a resource leak in probe (Dan Carpenter) - fbdev: imsttfb: Fix error path of imsttfb_probe() (Helge Deller) - spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (Amit Kumar Mahapatra) - ASoC: hdmi-codec: register hpd callback on component probe (Jerome Brunet) - drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE (Erik Kurzinger) - netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses (Florian Westphal) - netfilter: nft_redir: use struct nf_nat_range2 throughout and deduplicate eval call-backs (Jeremy Sowden) - netfilter: xt_recent: fix (increase) ipv6 literal buffer length (Maciej Zenczykowski) - i2c: iproc: handle invalid slave state (Roman Bacik) - r8169: respect userspace disabling IFF_MULTICAST (Heiner Kallweit) - blk-core: use pr_warn_ratelimited() in bio_check_ro() (Yu Kuai) - block: remove unneeded return value of bio_check_ro() (Miaohe Lin) - tg3: power down device only on SYSTEM_POWER_OFF (George Shuklin) - net/smc: put sk reference if close work was canceled (D. Wythe) - net/smc: allow cdc msg send rather than drop it with NULL sndbuf_desc (D. Wythe) - net/smc: fix dangling sock under state SMC_APPFINCLOSEWAIT (D. Wythe) - selftests: pmtu.sh: fix result checking (Hangbin Liu) - net: stmmac: xgmac: Enable support for multiple Flexible PPS outputs (Furong Xu) - Fix termination state for idr_for_each_entry_ul() (NeilBrown) - net: r8169: Disable multicast filter for RTL8168H and RTL8107E (Patrick Thompson) - dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses. (Kuniyuki Iwashima) - dccp: Call security_inet_conn_request() after setting IPv4 addresses. (Kuniyuki Iwashima) - octeontx2-pf: Fix holes in error code (Ratheesh Kannoth) - octeontx2-pf: Fix error codes (Ratheesh Kannoth) - bpf: Check map->usercnt after timer->timer is assigned (Hou Tao) - tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (Shigeru Yoshida) - hsr: Prevent use after free in prp_create_tagged_frame() (Dan Carpenter) - llc: verify mac len before reading mac header (Willem de Bruijn) - Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (Dan Carpenter) - pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume (Florian Fainelli) - pwm: sti: Reduce number of allocations and drop usage of chip_data (Uwe Kleine-Konig) - regmap: prevent noinc writes from clobbering cache (Ben Wolsieffer) - media: cedrus: Fix clock/reset sequence (Jernej Skrabec) - media: vidtv: mux: Add check and kfree for kstrdup (Jiasheng Jiang) - media: vidtv: psi: Add check for kstrdup (Jiasheng Jiang) - media: s3c-camif: Avoid inappropriate kfree() (Katya Orlova) - media: bttv: fix use after free error due to btv->timeout timer (Zheng Wang) - media: i2c: max9286: Fix some redundant of_node_put() calls (Christophe JAILLET) - pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() (Yang Yingliang) - pcmcia: ds: fix refcount leak in pcmcia_device_add() (Yang Yingliang) - pcmcia: cs: fix possible hung task and memory leak pccardd() (Yang Yingliang) - rtc: pcf85363: fix wrong mask/val parameters in regmap_update_bits call (Javier Carrasco) - cxl/mem: Fix shutdown order (Dan Williams) - i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs (Dinghao Liu) - 9p/net: fix possible memory leak in p9_check_errors() (Hangyu Hua) - perf hist: Add missing puts to hist__account_cycles (Ian Rogers) - perf machine: Avoid out of bounds LBR memory read (Ian Rogers) - usb: host: xhci-plat: fix possible kernel oops while resuming (Sergey Shtylyov) - xhci: Loosen RPM as default policy to cover for AMD xHC 1.1 (Basavaraj Natikar) - powerpc/pseries: fix potential memory leak in init_cpu_associativity() (Wang Yufen) - powerpc/imc-pmu: Use the correct spinlock initializer. (Sebastian Andrzej Siewior) - powerpc/xive: Fix endian conversion size (Benjamin Gray) - powerpc/40x: Remove stale PTE_ATOMIC_UPDATES macro (Christophe Leroy) - modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host (Masahiro Yamada) - powerpc: Only define __parse_fpscr() when required (Christophe Leroy) - f2fs: fix to initialize map.m_pblk in f2fs_precache_extents() (Chao Yu) - dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() (Christophe JAILLET) - USB: usbip: fix stub_dev hub disconnect (Jonas Blixt) - tools: iio: iio_generic_buffer ensure alignment (Matti Vaittinen) - misc: st_core: Do not call kfree_skb() under spin_lock_irqsave() (Jinjie Ruan) - dmaengine: ti: edma: handle irq_of_parse_and_map() errors (Dan Carpenter) - usb: chipidea: Simplify Tegra DMA alignment code (Michal Miroslaw) - usb: chipidea: Fix DMA overwrite for Tegra (Michal Miroslaw) - usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency (Jia-Ju Bai) - dmaengine: idxd: Register dsa_bus_type before registering idxd sub-drivers (Fenghua Yu) - livepatch: Fix missing newline character in klp_resolve_symbols() (Zheng Yejian) - tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (Yi Yang) - f2fs: compress: fix to avoid redundant compress extension (Chao Yu) - f2fs: compress: fix to avoid use-after-free on dic (Chao Yu) - leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu' (Christophe JAILLET) - leds: pwm: Don't disable the PWM when the LED should be off (Uwe Kleine-Konig) - leds: turris-omnia: Do not use SMBUS calls (Marek Behun) - leds: turris-omnia: Drop unnecessary mutex locking (Marek Behun) - mfd: arizona-spi: Set pdata.hpdet_channel for ACPI enumerated devs (Hans de Goede) - mfd: dln2: Fix double put in dln2_probe (Dinghao Liu) - mfd: core: Ensure disabled devices are skipped without aborting (Herve Codina) - mfd: core: Un-constify mfd_cell.of_reg (Michal Miroslaw) - ASoC: ams-delta.c: use component after check (Kuninori Morimoto) - crypto: qat - fix deadlock in backlog processing (Giovanni Cabiddu) - padata: Fix refcnt handling in padata_free_shell() (WangJinchao) - ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails (Cezary Rojewski) - HID: logitech-hidpp: Move get_wireless_feature_index() check to hidpp_connect_event() (Hans de Goede) - HID: logitech-hidpp: Revert 'Don't restart communication if not necessary' (Hans de Goede) - HID: logitech-hidpp: Don't restart IO, instead defer hid_connect() only (Hans de Goede) - HID: logitech-hidpp: Remove HIDPP_QUIRK_NO_HIDINPUT quirk (Bastien Nocera) - Revert 'HID: logitech-hidpp: add a module parameter to keep firmware gestures' (Bastien Nocera) - sh: bios: Revive earlyprintk support (Geert Uytterhoeven) - hid: cp2112: Fix IRQ shutdown stopping polling for all IRQs on chip (Danny Kaehn) - RDMA/hfi1: Workaround truncation compilation error (Leon Romanovsky) - scsi: ufs: core: Leave space for '- ASoC: fsl: Fix PM disable depth imbalance in fsl_easrc_probe (Zhang Shurong) - RDMA/hns: The UD mode can only be configured with DCQCN (Luoyouming) - RDMA/hns: Fix signed-unsigned mixed comparisons (Chengchang Tang) - RDMA/hns: Fix uninitialized ucmd in hns_roce_create_qp_common() (Chengchang Tang) - IB/mlx5: Fix rdma counter binding for RAW QP (Patrisious Haddad) - ASoC: fsl: mpc5200_dma.c: Fix warning of Function parameter or member not described (Kuninori Morimoto) - ext4: move 'ix' sanity check to corrent position (Gou Hao) - ARM: 9321/1: memset: cast the constant byte to unsigned char (Kursad Oney) - hid: cp2112: Fix duplicate workqueue initialization (Danny Kaehn) - crypto: qat - increase size of buffers (Giovanni Cabiddu) - crypto: caam/jr - fix Chacha20 + Poly1305 self test failure (Gaurav Jain) - crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure (Gaurav Jain) - nd_btt: Make BTT lanes preemptible (Tomas Glozar) - libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and check its return value (Chen Ni) - scsi: ibmvfc: Fix erroneous use of rtas_busy_delay with hcall return code (Tyrel Datwyler) - RDMA/core: Use size_{add,sub,mul}() in calls to struct_size() (Gustavo A. R. Silva) - hwrng: geode - fix accessing registers (Jonas Gorski) - crypto: hisilicon/hpre - Fix a erroneous check after snprintf() (Christophe JAILLET) - selftests/resctrl: Ensure the benchmark commands fits to its array (Ilpo Jarvinen) - selftests/pidfd: Fix ksft print formats (Maciej Wieczor-Retman) - arm64: dts: imx8mn: Add sound-dai-cells to micfil node (Adam Ford) - arm64: dts: imx8mm: Add sound-dai-cells to micfil node (Adam Ford) - arm64: dts: imx8qm-ss-img: Fix jpegenc compatible entry (Fabio Estevam) - clk: scmi: Free scmi_clk allocated when the clocks with invalid info are skipped (Sudeep Holla) - firmware: arm_ffa: Assign the missing IDR allocation ID to the FFA device (Sudeep Holla) - firmware: ti_sci: Mark driver as non removable (Dhruva Gole) - soc: qcom: llcc: Handle a second device without data corruption (Uwe Kleine-Konig) - ARM: dts: qcom: mdm9615: populate vsdcc fixed regulator (Krzysztof Kozlowski) - arm64: dts: qcom: apq8016-sbc: Add missing ADV7533 regulators (Stephan Gerhold) - ARM64: dts: marvell: cn9310: Use appropriate label for spi1 pins (Chris Packham) - arm64: dts: qcom: sdm845-mtp: fix WiFi configuration (Dmitry Baryshkov) - arm64: dts: qcom: sc7280: Add missing LMH interrupts (Konrad Dybcio) - arm64: dts: qcom: msm8992-libra: drop duplicated reserved memory (Krzysztof Kozlowski) - arm64: dts: qcom: msm8916: Fix iommu local address range (Gaurav Kohli) - ARM: dts: renesas: blanche: Fix typo in GP_11_2 pin name (Geert Uytterhoeven) - perf: hisi: Fix use-after-free when register pmu fails (Junhao He) - drm: mediatek: mtk_dsi: Fix NO_EOT_PACKET settings/handling (AngeloGioacchino Del Regno) - drm/msm/dsi: use msm_gem_kernel_put to free TX buffer (Dmitry Baryshkov) - xen-pciback: Consider INTx disabled when MSI/MSI-X is enabled (Marek Marczykowski-Gorecki) - drm/rockchip: Fix type promotion bug in rockchip_gem_iommu_map() (Dan Carpenter) - drm/bridge: lt9611uxc: fix the race in the error path (Dmitry Baryshkov) - drm/bridge: lt9611uxc: Register and attach our DSI device at probe (Maxime Ripard) - drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers (Maxime Ripard) - drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() (Christophe JAILLET) - drm/mediatek: Fix iommu fault during crtc enabling (Jason-JH.Lin) - drm/mediatek: Fix iommu fault by swapping FBs after updating plane state (Jason-JH.Lin) - drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code (Xiaogang Chen) - drm/bridge: tc358768: Fix bit updates (Tomi Valkeinen) - drm/bridge: tc358768: Disable non-continuous clock mode (Dmitry Osipenko) - drm/bridge: tc358768: Fix use of uninitialized variable (Tomi Valkeinen) - drm/bridge: lt8912b: Add missing drm_bridge_attach call (Tomi Valkeinen) - drm/bridge: lt8912b: Manually disable HPD only if it was enabled (Tomi Valkeinen) - drm/bridge: lt8912b: Fix crash on bridge detach (Tomi Valkeinen) - drm/bridge: lt8912b: Fix bridge_detach (Tomi Valkeinen) - drm/bridge: lt8912b: Add hot plug detection (Stefan Eichenberger) - drm/bridge: lt8912b: Register and attach our DSI device at probe (Maxime Ripard) - drm/bridge: lt8912b: Switch to devm MIPI-DSI helpers (Maxime Ripard) - drm/mipi-dsi: Create devm device attachment (Maxime Ripard) - drm/mipi-dsi: Create devm device registration (Maxime Ripard) - drm/radeon: possible buffer overflow (Konstantin Meskhidze) - drm/rockchip: vop: Fix call to crtc reset helper (Jonas Karlman) - drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs (Jonas Karlman) - hwmon: (coretemp) Fix potentially truncated sysfs attribute name (Zhang Rui) - hwmon: (axi-fan-control) Fix possible NULL pointer dereference (Dragos Bogdan) - platform/x86: wmi: Fix opening of char device (Armin Wolf) - platform/x86: wmi: remove unnecessary initializations (Barnabas Pocze) - platform/x86: wmi: Fix probe failure when failing to register WMI devices (Armin Wolf) - clk: qcom: config IPQ_APSS_6018 should depend on QCOM_SMEM (Varadarajan Narayanan) - clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data (Jiasheng Jiang) - clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data (Jiasheng Jiang) - clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data (Jiasheng Jiang) - clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data (Jiasheng Jiang) - clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data (Jiasheng Jiang) - clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data (Jiasheng Jiang) - clk: npcm7xx: Fix incorrect kfree (Jonathan Neuschafer) - clk: ti: fix double free in of_ti_divider_clk_setup() (Dan Carpenter) - clk: ti: change ti_clk_register[_omap_hw]() API (Dario Binacchi) - clk: ti: Update component clocks to use ti_dt_clk_name() (Tony Lindgren) - clk: ti: Update pll and clockdomain clocks to use ti_dt_clk_name() (Tony Lindgren) - clk: ti: Add ti_dt_clk_name() helper to use clock-output-names (Tony Lindgren) - clk: keystone: pll: fix a couple NULL vs IS_ERR() checks (Dan Carpenter) - spi: nxp-fspi: use the correct ioremap function (Han Xu) - clk: renesas: rzg2l: Fix computation formula (Claudiu Beznea) - clk: renesas: rzg2l: Use FIELD_GET() for PLL register fields (Claudiu Beznea) - clk: renesas: rzg2l: Simplify multiplication/shift logic (Geert Uytterhoeven) - clk: imx: imx8qxp: Fix elcdif_pll clock (Robert Chiras) - clk: imx: imx8mq: correct error handling path (Peng Fan) - clk: imx: Select MXC_CLK for CLK_IMX8QXP (Abel Vesa) - clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src (Danila Tikhonov) - clk: qcom: mmcc-msm8998: Fix the SMMU GDSC (Konrad Dybcio) - clk: qcom: mmcc-msm8998: Don't check halt bit on some branch clks (Konrad Dybcio) - clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies (Devi Priya) - spi: tegra: Fix missing IRQ check in tegra_slink_probe() (Zhang Shurong) - regmap: debugfs: Fix a erroneous check after snprintf() (Christophe JAILLET) - ipvlan: properly track tx_errors (Eric Dumazet) - net: add DEV_STATS_READ() helper (Eric Dumazet) - ipv6: avoid atomic fragment on GSO packets (Yan Zhai) - ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() (Christophe JAILLET) - wifi: iwlwifi: empty overflow queue during flush (Miri Korenblit) - wifi: iwlwifi: pcie: synchronize IRQs before NAPI (Johannes Berg) - wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (Gregory Greenman) - iwlwifi: pcie: adjust to Bz completion descriptor (Johannes Berg) - tcp: fix cookie_init_timestamp() overflows (Eric Dumazet) - chtls: fix tp->rcv_tstamp initialization (Eric Dumazet) - r8169: fix rare issue with broken rx after link-down on RTL8125 (Heiner Kallweit) - r8169: use tp_to_dev instead of open code (Juhee Kang) - thermal: core: prevent potential string overflow (Dan Carpenter) - netfilter: nf_tables: Drop pointless memset when dumping rules (Phil Sutter) - PM / devfreq: rockchip-dfi: Make pmu regmap mandatory (Sascha Hauer) - can: dev: can_put_echo_skb(): don't crash kernel if can_priv::echo_skb is accessed out of bounds (Marc Kleine-Budde) - can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() (Marc Kleine-Budde) - can: dev: can_restart(): don't crash kernel if carrier is OK (Marc Kleine-Budde) - wifi: rtlwifi: fix EDCA limit set by BT coexistence (Dmitry Antipov) - tcp_metrics: do not create an entry from tcp_init_metrics() (Eric Dumazet) - tcp_metrics: properly set tp->snd_ssthresh in tcp_init_metrics() (Eric Dumazet) - tcp_metrics: add missing barriers on delete (Eric Dumazet) - wifi: mt76: mt7603: improve stuck beacon handling (Felix Fietkau) - mt76: pass original queue id from __mt76_tx_queue_skb to the driver (Felix Fietkau) - mt76: add support for overriding the device used for DMA mapping (Felix Fietkau) - mt76: dma: use kzalloc instead of devm_kzalloc for txwi (Felix Fietkau) - wifi: mt76: mt7603: rework/fix rx pse hang check (Felix Fietkau) - wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (Jinjie Ruan) - net: spider_net: Use size_add() in call to struct_size() (Gustavo A. R. Silva) - tipc: Use size_add() in calls to struct_size() (Gustavo A. R. Silva) - mlxsw: Use size_mul() in call to struct_size() (Gustavo A. R. Silva) - gve: Use size_add() in call to struct_size() (Gustavo A. R. Silva) - tcp: call tcp_try_undo_recovery when an RTOd TFO SYNACK is ACKed (Aananth V) - udp: add missing WRITE_ONCE() around up->encap_rcv (Eric Dumazet) - selftests/bpf: Correct map_fd to data_fd in tailcalls (Leon Hwang) - selftests/bpf: Test tail call counting with bpf2bpf and data on stack (Jakub Sitnicki) - i40e: fix potential memory leaks in i40e_remove() (Andrii Staikov) - genirq/matrix: Exclude managed interrupts in irq_matrix_allocated() (Chen Yu) - pstore/platform: Add check for kstrdup (Jiasheng Jiang) - x86/boot: Fix incorrect startup_gdt_descr.size (Yuntao Wang) - x86/sev-es: Allow copy_from_kernel_nofault() in earlier boot (Adam Dunlap) - x86: Share definition of __is_canonical_address() (Adrian Hunter) - futex: Don't include process MM in futex key on no-MMU (Ben Wolsieffer) - x86/srso: Fix SBPB enablement for (possible) future fixed HW (Josh Poimboeuf) - writeback, cgroup: switch inodes with dirty timestamps to release dying cgwbs (Jingbo Xu) - vfs: fix readahead(2) on block devices (Reuben Hawkins) - sched: Fix stop_one_cpu_nowait() vs hotplug (Peter Zijlstra) - sched/uclamp: Ignore (util == 0) optimization in feec() when p_util_max = 0 (Qais Yousef) - iov_iter, x86: Be consistent about the __user tag on copy_mc_to_user() (David Howells) - LTS version: v5.15.138 (Jack Vogel) - ALSA: hda: intel-dsp-config: Fix JSL Chromebook quirk detection (Mark Hasemeyer) - misc: pci_endpoint_test: Add deviceID for J721S2 PCIe EP device support (Siddharth Vadapalli) - tty: 8250: Add Brainboxes Oxford Semiconductor-based quirks (Cameron Williams) - tty: 8250: Add support for Intashield IX cards (Cameron Williams) - tty: 8250: Add support for additional Brainboxes PX cards (Cameron Williams) - tty: 8250: Fix up PX-803/PX-857 (Cameron Williams) - tty: 8250: Fix port count of PX-257 (Cameron Williams) - tty: 8250: Add support for Intashield IS-100 (Cameron Williams) - tty: 8250: Add support for Brainboxes UP cards (Cameron Williams) - tty: 8250: Add support for additional Brainboxes UC cards (Cameron Williams) - tty: 8250: Remove UC-257 and UC-431 (Cameron Williams) - tty: n_gsm: fix race condition in status line change on dead connections (Daniel Starke) - usb: raw-gadget: properly handle interrupted requests (Andrey Konovalov) - usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() (Jimmy Hu) - usb: storage: set 1.50 as the lower bcdDevice for older 'Super Top' compatibility (LihaSika) - PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device (Vicki Pfau) - drm/amd: Disable ASPM for VI w/ all Intel systems (Mario Limonciello) - drm/amd: Move helper for dynamic speed switch check out of smu13 (Mario Limonciello) - can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior (Oliver Hartkopp) - can: isotp: isotp_bind(): do not validate unused address information (Oliver Hartkopp) - can: isotp: add local echo tx processing and tx without FC (Oliver Hartkopp) - can: isotp: handle wait_event_interruptible() return values (Oliver Hartkopp) - can: isotp: check CAN address family in isotp_bind() (Oliver Hartkopp) - can: isotp: isotp_bind(): return -EINVAL on incorrect CAN ID formatting (Oliver Hartkopp) - can: isotp: set max PDU size to 64 kByte (Oliver Hartkopp) - powerpc/mm: Fix boot crash with FLATMEM (Michael Ellerman) - r8152: Check for unplug in r8153b_ups_en() / r8153c_ups_en() (Douglas Anderson) - r8152: Check for unplug in rtl_phy_patch_request() (Douglas Anderson) - net: chelsio: cxgb4: add an error code check in t4_load_phy_fw (Su Hui) - platform/mellanox: mlxbf-tmfifo: Fix a warning message (Liming Sun) - scsi: mpt3sas: Fix in error path (Tomas Henzl) - fbdev: uvesafb: Call cn_del_callback() at the end of uvesafb_exit() (Jorge Maidana) - drm/ttm: Reorder sys manager cleanup step (Karolina Stolarek) - ASoC: rt5650: fix the wrong result of key button (Shuming Fan) - netfilter: nfnetlink_log: silence bogus compiler warning (Florian Westphal) - spi: npcm-fiu: Fix UMA reads when dummy.nbytes == 0 (William A. Kennington III) - fs/ntfs3: Avoid possible memory leak (Su Hui) - fs/ntfs3: Fix directory element type detection (Gabriel Marcano) - fs/ntfs3: Fix NULL pointer dereference on error in attr_allocate_frame() (Konstantin Komarov) - fs/ntfs3: Fix possible NULL-ptr-deref in ni_readpage_cmpr() (Konstantin Komarov) - fs/ntfs3: Use kvmalloc instead of kmalloc(... __GFP_NOWARN) (Konstantin Komarov) - fs/ntfs3: Write immediately updated ntfs state (Konstantin Komarov) - fs/ntfs3: Add ckeck in ni_update_parent() (Konstantin Komarov) - fbdev: atyfb: only use ioremap_uc() on i386 and ia64 (Arnd Bergmann) - Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport (Dmitry Torokhov) - powerpc/85xx: Fix math emulation exception (Christophe Leroy) - dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe (Zhang Shurong) - irqchip/stm32-exti: add missing DT IRQ flag translation (Ben Wolsieffer) - irqchip/riscv-intc: Mark all INTC nodes as initialized (Anup Patel) - net: sched: cls_u32: Fix allocation size in u32_init() (Gustavo A. R. Silva) - ASoC: simple-card: fixup asoc_simple_probe() error handling (Kuninori Morimoto) - x86: Fix .brk attribute in linker script (Juergen Gross) - rpmsg: Fix possible refcount leak in rpmsg_register_device_override() (Hangyu Hua) - rpmsg: glink: Release driver_override (Bjorn Andersson) - rpmsg: Fix calling device_lock() on non-initialized device (Krzysztof Kozlowski) - rpmsg: Fix kfree() of static memory on setting driver_override (Krzysztof Kozlowski) - rpmsg: Constify local variable in field store macro (Krzysztof Kozlowski) - driver: platform: Add helper for safer setting of driver_override (Krzysztof Kozlowski) - objtool/x86: add missing embedded_insn check (John Sperbeck) - ext4: avoid overlapping preallocations due to overflow (Baokun Li) - ext4: fix BUG in ext4_mb_new_inode_pa() due to overflow (Baokun Li) - ext4: add two helper functions extent_logical_end() and pa_logical_end() (Baokun Li) - x86/mm: Fix RESERVE_BRK() for older binutils (Josh Poimboeuf) - x86/i8259: Skip probing when ACPI/MADT advertises PCAT compatibility (Thomas Gleixner) - gve: Fix GFP flags when allocing pages (Shailend Chand) - iio: afe: rescale: Accept only offset channels (Linus Walleij) - iio: afe: rescale: add offset support (Liam Beguin) - iio: afe: rescale: expose scale processing function (Liam Beguin) - iio: afe: rescale: reorder includes (Liam Beguin) - clk: Sanitize possible_parent_show to Handle Return Value of of_clk_get_parent_name (Alessandro Carminati) - sparc32: fix a braino in fault handling in csum_and_copy_..._user() (Al Viro) - perf/core: Fix potential NULL deref (Peter Zijlstra) - nvmem: imx: correct nregs for i.MX6UL (Peng Fan) - nvmem: imx: correct nregs for i.MX6SLL (Peng Fan) - nvmem: imx: correct nregs for i.MX6ULL (Peng Fan) - misc: fastrpc: Clean buffers on remote invocation failures (Ekansh Gupta) - tracing/kprobes: Fix the description of variable length arguments (Yujie Liu) - i2c: stm32f7: Fix PEC handling in case of SMBUS transfers (Alain Volmat) - i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() (Herve Codina) - i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() (Herve Codina) - i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() (Herve Codina) - iio: adc: xilinx-xadc: Correct temperature offset/scale for UltraScale (Robert Hancock) - iio: adc: xilinx-xadc: Don't clobber preset voltage/temperature thresholds (Robert Hancock) - iio: exynos-adc: request second interupt only when touchscreen mode is used (Marek Szyprowski) - kasan: print the original fault addr when access invalid shadow (Haibo Li) - i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR (Ivan Vecera) - gtp: fix fragmentation needed check with gso (Pablo Neira Ayuso) - gtp: uapi: fix GTPA_MAX (Pablo Neira Ayuso) - tcp: fix wrong RTO timeout when received SACK reneging (Fred Chen) - r8152: Release firmware if we have an error in probe (Douglas Anderson) - r8152: Cancel hw_phy_work if we have an error in probe (Douglas Anderson) - r8152: Run the unload routine if we have errors during probe (Douglas Anderson) - r8152: Increase USB control msg timeout to 5000ms as per spec (Douglas Anderson) - net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg (Shigeru Yoshida) - net: ieee802154: adf7242: Fix some potential buffer overflow in adf7242_stats_show() (Christophe JAILLET) - igc: Fix ambiguity in the ethtool advertising (Sasha Neftin) - neighbour: fix various data-races (Eric Dumazet) - igb: Fix potential memory leak in igb_add_ethtool_nfc_entry (Mateusz Palczewski) - treewide: Spelling fix in comment (Kunwu Chan) - r8169: fix the KCSAN reported data race in rtl_rx while reading desc->opts1 (Mirsad Goran Todorovac) - r8169: fix the KCSAN reported data-race in rtl_tx while reading TxDescArray[entry].opts1 (Mirsad Goran Todorovac) - r8169: fix the KCSAN reported data-race in rtl_tx() while reading tp->cur_tx (Mirsad Goran Todorovac) - drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper() (Lukasz Majczak) - vsock/virtio: initialize the_virtio_vsock before using VQs (Alexandru Matei) - vsock/virtio: add support for device suspend/resume (Stefano Garzarella) - vsock/virtio: factor our the code to initialize and delete VQs (Stefano Garzarella) - drm/i915/pmu: Check if pmu is closed before stopping event (Umesh Nerlige Ramappa) - nfsd: lock_rename() needs both directories to live on the same fs (Al Viro) - mm/migrate: fix do_pages_move for compat pointers (Gregory Price) - mm/page_alloc: correct start page when guard page debug is enabled (Kemeng Shi) - vhost: Allow null msg.size on VHOST_IOTLB_INVALIDATE (Eric Auger) - virtio_balloon: Fix endless deflation and inflation on arm64 (Gavin Shan) - mcb-lpc: Reallocate memory region to avoid memory overlapping (Rodriguez Barbarin, Jose Javier) - mcb: Return actual parsed size when reading chameleon table (Rodriguez Barbarin, Jose Javier) - mptcp: more conservative check for zero probes (Paolo Abeni) - tcp: cleanup tcp_remove_empty_skb() use (Eric Dumazet) - tcp: remove dead code from tcp_sendmsg_locked() (Eric Dumazet) - pinctrl: qcom: lpass-lpi: fix concurrent register updates (Krzysztof Kozlowski) - ASoC: codecs: wcd938x: fix runtime PM imbalance on remove (Johan Hovold) - ASoC: codecs: wcd938x: fix resource leaks on bind errors (Johan Hovold) - LTS version: v5.15.137 (Jack Vogel) - xfrm6: fix inet6_dev refcount underflow problem (Zhang Changzhong) - Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (Kees Cook) - Bluetooth: hci_sock: fix slab oob read in create_monitor_event (Edward AD) - phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (Tony Lindgren) - phy: mapphone-mdm6600: Fix runtime PM for remove (Tony Lindgren) - phy: mapphone-mdm6600: Fix runtime disable on probe (Tony Lindgren) - serial: 8250: omap: Move uart_write() inside PM section (Geert Uytterhoeven) - ASoC: pxa: fix a memory leak in probe() (Dan Carpenter) - gpio: vf610: set value before the direction to avoid a glitch (Haibo Chen) - platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (Hans de Goede) - platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (Hans de Goede) - platform/surface: platform_profile: Propagate error if profile registration fails (Armin Wolf) - s390/cio: fix a memleak in css_alloc_subchannel (Dinghao Liu) - selftests/ftrace: Add new test case which checks non unique symbol (Francis Laniel) - s390/pci: fix iommu bitmap allocation (Niklas Schnelle) - perf: Disallow mis-matched inherited group reads (Peter Zijlstra) - USB: serial: option: add Fibocom to DELL custom modem FM101R-GL (Puliang Lu) - USB: serial: option: add entry for Sierra EM9191 with new firmware (Benoit Monin) - USB: serial: option: add Telit LE910C4-WWX 0x1035 composition (Fabio Porcedda) - nvme-rdma: do not try to stop unallocated queues (Maurizio Lombardi) - nvme-pci: add BOGUS_NID for Intel 0a54 device (Keith Busch) - ACPI: irq: Fix incorrect return value in acpi_register_gsi() (Sunil V L) - pNFS: Fix a hang in nfs4_evict_inode() (Trond Myklebust) - Revert 'pinctrl: avoid unsafe code pattern in find_pinctrl()' (Andy Shevchenko) - mmc: core: Capture correct oemid-bits for eMMC cards (Avri Altman) - mmc: core: sdio: hold retuning if sdio in 1-bit mode (Haibo Chen) - mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (Pablo Sun) - mtd: physmap-core: Restore map_rom fallback (Geert Uytterhoeven) - mtd: spinand: micron: correct bitmask for ecc status (Martin Kurbanov) - mtd: rawnand: arasan: Ensure program page operations are successful (Miquel Raynal) - mtd: rawnand: marvell: Ensure program page operations are successful (Miquel Raynal) - mtd: rawnand: pl353: Ensure program page operations are successful (Miquel Raynal) - mtd: rawnand: qcom: Unmap the right resource upon probe failure (Bibek Kumar Patro) - net: fix ifname in netlink ntf during netns move (Jakub Kicinski) - net: move from strlcpy with unused retval to strscpy (Wolfram Sang) - net: introduce a function to check if a netdev name is in use (Antoine Tenart) - Bluetooth: hci_event: Fix using memcmp when comparing keys (Luiz Augusto von Dentz) - net/mlx5: Handle fw tracer change ownership event based on MTRC (Maher Sanalla) - platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (Renan Guilherme Lebre Ramos) - HID: multitouch: Add required quirk for Synaptics 0xcd7e device (Rahul Rameshbabu) - btrfs: error out when reallocating block for defrag using a stale transaction (Filipe Manana) - btrfs: error when COWing block from a root that is being deleted (Filipe Manana) - btrfs: error out when COWing block using a stale transaction (Filipe Manana) - btrfs: fix some -Wmaybe-uninitialized warnings in ioctl.c (Josef Bacik) - drm: panel-orientation-quirks: Add quirk for One Mix 2S (Kai Uwe Broulik) - ipv4/fib: send notify when delete source address routes (Hangbin Liu) - sky2: Make sure there is at least one frag_addr available (Kees Cook) - regulator/core: Revert 'fix kobject release warning and memory leak in regulator_register()' (Michal Miroslaw) - wifi: cfg80211: avoid leaking stack data into trace (Benjamin Berg) - wifi: mac80211: allow transmitting EAPOL frames with tainted key (Wen Gong) - wifi: cfg80211: Fix 6GHz scan configuration (Ilan Peer) - Bluetooth: hci_core: Fix build warnings (Luiz Augusto von Dentz) - Bluetooth: Avoid redundant authentication (Ying Hsu) - Bluetooth: btusb: add shutdown function for QCA6174 (Rocky Liao) - HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (Ma Ke) - wifi: iwlwifi: Ensure ack flag is properly cleared. (Ben Greear) - wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (Gustavo A. R. Silva) - tracing: relax trace_event_eval_update() execution with cond_resched() (Clement Leger) - ata: libata-eh: Fix compilation warning in ata_eh_link_report() (Damien Le Moal) - ata: libata-core: Fix compilation warning in ata_dev_config_ncq() (Damien Le Moal) - gpio: timberdale: Fix potential deadlock on &tgpio->lock (Chengfeng Ye) - overlayfs: set ctime when setting mtime and atime (Jeff Layton) - i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (Heiner Kallweit) - btrfs: initialize start_slot in btrfs_log_prealloc_extents (Josef Bacik) - btrfs: return -EUCLEAN for delayed tree ref with a ref count not equals to 1 (Filipe Manana) - fs-writeback: do not requeue a clean inode having skipped pages (Chunhai Guo) - ARM: dts: ti: omap: Fix noisy serial with overrun-throttle-ms for mapphone (Tony Lindgren) - ksmbd: not allow to open file if delelete on close bit is set (Namjae Jeon) - nfp: flower: avoid rmmod nfp crash issues (Yanguo Li) - mctp: perform route lookups under a RCU read-side lock (Jeremy Kerr) - mctp: Allow local delivery to the null EID (Jeremy Kerr) - powerpc/47x: Fix 47x syscall return crash (Michael Ellerman) - powerpc/32s: Do kuep_lock() and kuep_unlock() in assembly (Christophe Leroy) - powerpc/32s: Remove capability to disable KUEP at boottime (Christophe Leroy) - drm/atomic-helper: relax unregistered connector check (Simon Ser) - perf/x86/lbr: Filter vsyscall addresses (JP Kobryn) - iio: adc: ad7192: Correct reference voltage (Alisa-Dariana Roman) - iio: cros_ec: fix an use-after-free in cros_ec_sensors_push_data() (Tzung-Bi Shih) - iio: core: introduce iio_device_{claim|release}_buffer_mode() APIs (Nuno Sa) - iio: core: Hide read accesses to iio_dev->currentmode (Miquel Raynal) - iio: Un-inline iio_buffer_enabled() (Miquel Raynal) - serial: 8250_omap: Fix errors with no_console_suspend (Tony Lindgren) - serial: 8250: omap: Fix imprecise external abort for omap_8250_pm() (Tony Lindgren) - selftests/mm: fix awk usage in charge_reserved_hugetlb.sh and hugetlb_reparenting_test.sh that may cause error (Juntong Deng) - net: pktgen: Fix interface flags printing (Gavrilov Ilia) - netfilter: nf_tables: revert do not remove elements if set backend implements .abort (Pablo Neira Ayuso) - netfilter: nf_tables: do not remove elements if set backend implements .abort (Pablo Neira Ayuso) - netfilter: nft_set_rbtree: .deactivate fails if element has expired (Pablo Neira Ayuso) - neighbor: tracing: Move pin6 inside CONFIG_IPV6=y section (Geert Uytterhoeven) - bonding: Return pointer to data after pull on skb (Jiri Wiesner) - net: dsa: bcm_sf2: Fix possible memory leak in bcm_sf2_mdio_register() (Jinjie Ruan) - i40e: prevent crash on probe if hw registers have invalid values (Michal Schmidt) - net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (Dan Carpenter) - ipv4: fib: annotate races around nh->nh_saddr_genid and nh->nh_saddr (Eric Dumazet) - tun: prevent negative ifindex (Eric Dumazet) - tcp: tsq: relax tcp_small_queue_check() when rtx queue contains a single skb (Eric Dumazet) - tcp: fix excessive TLP and RACK timeouts from HZ rounding (Neal Cardwell) - net: rfkill: gpio: prevent value glitch during probe (Josua Mayer) - net: ipv6: fix return value check in esp_remove_trailer (Ma Ke) - net: ipv4: fix return value check in esp_remove_trailer (Ma Ke) - xfrm: interface: use DEV_STATS_INC() (Eric Dumazet) - xfrm: fix a data-race in xfrm_gen_index() (Eric Dumazet) - qed: fix LL2 RX buffer allocation (Manish Chopra) - ASoC: codecs: wcd938x: fix unbind tear down order (Johan Hovold) - ASoC: codecs: wcd938x: drop bogus bind error handling (Johan Hovold) - ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (Johan Hovold) - ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (Johan Hovold) - drm/i915: Retry gtt fault when out of fence registers (Ville Syrjala) - netfilter: nft_payload: fix wrong mac header matching (Florian Westphal) - fs/ntfs3: fix deadlock in mark_as_free_ex (Konstantin Komarov) - fs/ntfs3: fix panic about slab-out-of-bounds caused by ntfs_list_ea() (Zeng Heng) - fs/ntfs3: Fix possible null-pointer dereference in hdr_find_e() (Ziqi Zhao) - tcp: check mptcp-level constraints for backlog coalescing (Paolo Abeni) - x86/sev: Check for user-space IOIO pointing to kernel space (Joerg Roedel) [Orabug: 35959905] {CVE-2023-46813} - x86/sev: Check IOBM for IOIO exceptions from user-space (Joerg Roedel) [Orabug: 35959905] {CVE-2023-46813} - x86/sev: Disable MMIO emulation from user mode (Borislav Petkov (AMD)) - KVM: x86: Mask LVTPC when handling a PMI (Jim Mattson) - regmap: fix NULL deref on lookup (Johan Hovold) - nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (Krzysztof Kozlowski) - ice: reset first in crash dump kernels (Jesse Brandeburg) - ice: fix over-shifted variable (Jesse Brandeburg) - Bluetooth: avoid memcmp() out of bounds warning (Arnd Bergmann) - Bluetooth: hci_event: Fix coding style (Luiz Augusto von Dentz) - Bluetooth: vhci: Fix race when opening vhci device (Arkadiusz Bokowy) - Bluetooth: Fix a refcnt underflow problem for hci_conn (Ziyang Xuan) - Bluetooth: Reject connection with the device which has same BD_ADDR (Lee, Chun-Yi) [Orabug: 35959595] {CVE-2020-26555} - Bluetooth: hci_event: Ignore NULL link key (Lee, Chun-Yi) - xfs: don't expose internal symlink metadata buffers to the vfs (Darrick J. Wong) - Documentation: sysctl: align cells in second content column (Bagas Sanjaya) - lib/Kconfig.debug: do not enable DEBUG_PREEMPT by default (Hyeonggon Yoo) - LTS version: v5.15.136 (Jack Vogel) - eth: remove remaining copies of the NAPI_POLL_WEIGHT define (Jakub Kicinski) - usb: hub: Guard against accesses to uninitialized BOS descriptors (Ricardo Canuelo) - arm64: armv8_deprecated: fix unused-function error (Ren Zhijie) - arm64: armv8_deprecated: rework deprected instruction handling (Mark Rutland) - arm64: armv8_deprecated: move aarch32 helper earlier (Mark Rutland) - arm64: armv8_deprecated move emulation functions (Mark Rutland) - arm64: armv8_deprecated: fold ops into insn_emulation (Mark Rutland) - arm64: rework EL0 MRS emulation (Mark Rutland) - arm64: factor insn read out of call_undef_hook() (Mark Rutland) - arm64: factor out EL1 SSBS emulation hook (Mark Rutland) - arm64: split EL0/EL1 UNDEF handlers (Mark Rutland) - arm64: allow kprobes on EL0 handlers (Mark Rutland) - arm64: rework BTI exception handling (Mark Rutland) - arm64: rework FPAC exception handling (Mark Rutland) - arm64: consistently pass ESR_ELx to die() (Mark Rutland) - arm64: die(): pass 'err' as long (Mark Rutland) - arm64: report EL1 UNDEFs better (Mark Rutland) - powerpc/64e: Fix wrong test in __ptep_test_and_clear_young() (Christophe Leroy) - powerpc/8xx: Fix pte_access_permitted() for PAGE_NONE (Christophe Leroy) - dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (Duoming Zhou) - dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (Rex Zhang) - x86/alternatives: Disable KASAN in apply_alternatives() (Kirill A. Shutemov) - usb: cdnsp: Fixes issue with dequeuing not queued requests (Pawel Laszczak) - usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (Krishna Kurapati) - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (Piyush Mehta) - counter: microchip-tcb-capture: Fix the use of internal GCLK logic (Dharma Balasubiramani) - pinctrl: avoid unsafe code pattern in find_pinctrl() (Dmitry Torokhov) - cgroup: Remove duplicates in cgroup v1 tasks file (Michal Koutny) - tee: amdtee: fix use-after-free vulnerability in amdtee_close_session (Rijo Thomas) - Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case (Hans de Goede) - Input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table (Szilard Fabian) - Input: xpad - add PXN V900 support (Matthias Berndt) - Input: psmouse - fix fast_reconnect function for PS/2 mode (Jeffery Miller) - Input: powermate - fix use-after-free in powermate_config_complete (Javier Carrasco) - ceph: fix type promotion bug on 32bit systems (Dan Carpenter) - ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (Xiubo Li) - libceph: use kernel_connect() (Jordan Rife) - thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (Mika Westerberg) - thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge (Mika Westerberg) - mcb: remove is_added flag from mcb_device struct (Jorge Sanjuan Garcia) - x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (Borislav Petkov (AMD)) - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (Hans de Goede) - drm/amd/display: Don't set dpms_off for seamless boot (Daniel Miess) - drm/amdgpu: add missing NULL check (Christian Konig) - iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (Alexander Zangerl) - iio: pressure: dps310: Adjust Timeout Settings (Lakshmi Yadlapati) - iio: pressure: bmp280: Fix NULL pointer exception (Phil Elwell) - usb: musb: Modify the 'HWVers' register address (Xingxing Luo) - usb: musb: Get the musb_qh poniter after musb_giveback (Xingxing Luo) - usb: dwc3: Soft reset phy on probe for host (Thinh Nguyen) - net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (Javier Carrasco) - usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (Wesley Cheng) - xhci: Keep interrupt disabled in initialization until host is running. (Hongyu Xie) - dmaengine: stm32-mdma: abort resume if no ongoing transfer (Amelie Delaunay) - media: mtk-jpeg: Fix use after free bug due to uncanceled work (Zheng Wang) - workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask() (Waiman Long) - nfc: nci: assert requested protocol is valid (Jeremy Cline) - pinctrl: renesas: rzn1: Enable missing PINMUX (Ralph Siemsen) - net/smc: Fix pos miscalculation in statistics (Nils Hoppmann) - net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (Eric Dumazet) - net/mlx5e: Again mutually exclude RX-FCS and RX-port-timestamp (Will Mortensen) - ixgbe: fix crash with empty VF macvlan list (Dan Carpenter) - net: phy: mscc: macsec: reject PN update requests (Radu Pirea (NXP OSS)) - net: macsec: indicate next pn update when offloading (Radu Pirea (NXP OSS)) - bpf: Fix verifier log for async callback return values (David Vernet) - drm/vmwgfx: fix typo of sizeof argument (Konstantin Meskhidze) - riscv, bpf: Sign-extend return values (Bjorn Topel) - riscv, bpf: Factor out emit_call for kernel and bpf context (Pu Lehui) - xen-netback: use default TX queue size for vifs (Roger Pau Monne) - eth: remove copies of the NAPI_POLL_WEIGHT define (Jakub Kicinski) - mlxsw: fix mlxsw_sp2_nve_vxlan_learning_set() return type (Dan Carpenter) - ieee802154: ca8210: Fix a potential UAF in ca8210_probe (Dinghao Liu) - ravb: Fix use-after-free issue in ravb_tx_timeout_work() (Yoshihiro Shimoda) [Orabug: 35959875] {CVE-2023-35827} - ravb: Fix up dma_free_coherent() call in ravb_remove() (Yoshihiro Shimoda) - drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (Abhinav Kumar) - drm/msm/dsi: fix irq_of_parse_and_map() error checking (Dan Carpenter) - drm/msm/dsi: skip the wait for video mode done if not applicable (Abhinav Kumar) - drm/msm/dp: do not reinitialize phy unless retry during link training (Kuogee Hsieh) - KEYS: trusted: Remove redundant static calls usage (Sumit Garg) - KEYS: trusted: allow use of kernel RNG for key material (Ahmad Fatoum) - ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (WhaleChang) - HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (Hans de Goede) - platform/x86: hp-wmi:: Mark driver struct with __refdata to prevent section mismatch warning (Uwe Kleine-Konig) - platform/x86: think-lmi: Fix reference leak (Armin Wolf) - of: overlay: Reorder struct fragment fields kerneldoc (Geert Uytterhoeven) - perf/arm-cmn: Fix the unhandled overflow status of counter 4 to 7 (Jing Zhang) - RDMA/cxgb4: Check skb value for failure to allocate (Artem Chernyshev) - RDMA/srp: Do not call scsi_done() from srp_abort() (Bart Van Assche) - scsi: ib_srp: Call scsi_done() directly (Bart Van Assche) - scsi: core: Rename scsi_mq_done() into scsi_done() and export it (Bart Van Assche) - iommu/vt-d: Avoid memory allocation in iommu_suspend() (Zhang Rui) [5.15.0-203.135.1] - uek-rpm: Enable CONFIG_IPV6_SEG6_BPF in UEK7U2 (Harshit Mogalapalli) [Orabug: 35972825] - rds: ib: Make changes to fr_state global visible (Hakon Bugge) [Orabug: 35739203] - x86/cpu: Add Xeon Emerald Rapids to list of CPUs that support PPIN (Tony Luck) [Orabug: 35853636] - EDAC/i10nm: Add Intel Emerald Rapids server support (Qiuxu Zhuo) [Orabug: 35853636] - intel_idle: add Emerald Rapids Xeon support (Artem Bityutskiy) [Orabug: 35853636] - powercap: intel_rapl: add support for Emerald Rapids (Zhang Rui) [Orabug: 35853636] - perf/x86/intel/cstate: Add Emerald Rapids (Kan Liang) [Orabug: 35853636] - perf/x86/cstate: Add SAPPHIRERAPIDS_X CPU support (Zhang Rui) [Orabug: 35853636] - perf/x86/cstate: Add Raptor Lake support (Kan Liang) [Orabug: 35853636] - perf/x86/rapl: Add support for Intel Emerald Rapids (Zhang Rui) [Orabug: 35853636] - perf/x86/rapl: Add support for Intel Meteor Lake (Zhang Rui) [Orabug: 35853636] - perf/x86/rapl: Add support for Intel Raptor Lake (Zhang Rui) [Orabug: 35853636] - perf/x86/rapl: Add support for Intel AlderLake-N (Zhang Rui) [Orabug: 35853636] - platform/x86: intel-uncore-freq: add Emerald Rapids support (Artem Bityutskiy) [Orabug: 35853636] - platform/x86/intel/uncore-freq: Move to uncore-frequency folder (Srinivas Pandruvada) [Orabug: 35853636] - x86/cpu: Add CPU model numbers for Meteor Lake (Tony Luck) [Orabug: 35853636] - x86/cpu: Add new Raptor Lake CPU model number (Tony Luck) [Orabug: 35853636] - x86/cpu: Add new Alderlake and Raptorlake CPU model numbers (Tony Luck) [Orabug: 35853636] - x86/cpu: Drop spurious underscore from RAPTOR_LAKE #define (Tony Luck) [Orabug: 35853636] - x86/cpu: Add Raptor Lake to Intel family (Tony Luck) [Orabug: 35853636] - eth: bnxt: handle invalid Tx completions more gracefully (Jakub Kicinski) [Orabug: 36075753] - bonding: move IFLA_ARP_ALLSLAVES to the end of the enum list (Venkat Venkatsubra) [Orabug: 36083015] - bonding: add new option ns_ip6_target (Hangbin Liu) [Orabug: 36083015] - bonding: add new parameter ns_targets (Hangbin Liu) [Orabug: 36083015] - bonding: add extra field for bond_opt_value (Hangbin Liu) [Orabug: 36083015] - Bonding: split bond_handle_vlan from bond_arp_send (Hangbin Liu) [Orabug: 36083015] - ipv6: separate ndisc_ns_create() from ndisc_send_ns() (Hangbin Liu) [Orabug: 36083015] - uek-rpm: update all arch and OL kABI files for new symbols (Yifei Liu) [Orabug: 36090167] - xfs: try to avoid allocation blocking on busy extents (Mark Tinguely) [Orabug: 36096907] - iommu/amd: Do not flush IRTE when only updating isRun and destination fields (Suravee Suthikulpanit) [Orabug: 36101188] - tcp: Tunables for TCP delayed ack (min and max) timers (Venkat Venkatsubra) [Orabug: 36114420] - tcp: fix ambiguity for SACKed TLP retransmits with RTT < min_rtt (Neal Cardwell) [Orabug: 36114420] - vhost-scsi: add parentheses to macro of VHOST_SCSI_MAX_VQ (Dongli Zhang) [Orabug: 36119640] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2020-26555 CVE-2023-6111 CVE-2023-35827 CVE-2023-25775 CVE-2023-46813 CVE-2023-6622 cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:linux:8::UEKR7 cpe:/a:oracle:linux:9::UEKR7 cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 8 Oracle Linux 9 [5.15.0-204.147.6.2] - smb3: Replace smb2pdu 1-element arrays with flex-arrays (Kees Cook) [Orabug: 36353543] - hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed (Shradha Gupta) [Orabug: 36358874] - hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove (Souradeep Chakrabarti) - hv_netvsc: Calculate correct ring size when PAGE_SIZE is not 4 Kbytes (Michael Kelley) - netfilter: ipset: Missing gc cancellations fixed (Jozsef Kadlecsik) - netfilter: ipset: fix performance regression in swap operation (Jozsef Kadlecsik) - netfilter: nft_set_rbtree: skip end interval element from gc (Pablo Neira Ayuso) - netfilter: nf_tables: set dormant flag on hook register failure (Florian Westphal) [5.15.0-204.147.6.1] - arm64: Minimize tlb flush due to vttbr writes on AmpereOne (Ganapatrao Kulkarni) [Orabug: 36359078] [5.15.0-204.147.6] - keys, dns: Fix size check of V1 server-list header (David Howells) - net/rds: Supporting SIOCOUTQ to read pending sends (Devesh Sharma) [Orabug: 34460809] - KVM: x86: smm: preserve interrupt shadow in SMRAM (Maxim Levitsky) [Orabug: 36171472] [5.15.0-204.147.5] - tcp: fix excessive TLP and RACK timeouts from HZ rounding (Neal Cardwell) [Orabug: 36289786] - uek-rpm: Make few builtin options to modules back -- hardening (Harshit Mogalapalli) [Orabug: 36196579] - iommufd/iova_bitmap: Consider page offset for the pages to be pinned (Joao Martins) [Orabug: 36197723] - iommufd/iova_bitmap: Handle recording beyond the mapped pages (Joao Martins) [Orabug: 36197723] - iommufd/iova_bitmap: Switch iova_bitmap::bitmap to an u8 array (Joao Martins) [Orabug: 36197723] - iommufd/iova_bitmap: Bounds check mapped::pages access (Joao Martins) [Orabug: 36197723] - Revert 'iommu/amd: Improve dirty read io-pgtable walker' (Joao Martins) [Orabug: 36197723] [5.15.0-204.147.4] - uek-rpm: Disable MCORE2 in container kernel configs (Harshit Mogalapalli) [Orabug: 36267828] - md: fix regression for null-ptr-deference in __md_stop() (Yu Kuai) [Orabug: 36230125] - md: Free resources in __md_stop (Xiao Ni) [Orabug: 36230125] - md: Change active_io to percpu (Xiao Ni) [Orabug: 36230125] - md: Factor out is_md_suspended helper (Xiao Ni) [Orabug: 36230125] - hwmon: (opbmc) E6/AST2600 platform enabled (Jan Zdarek) [Orabug: 36222931] [5.15.0-204.147.3] - Revert 'tcp: fix excessive TLP and RACK timeouts from HZ rounding' (Sherry Yang) [Orabug: 36241828] - mm: avoid heavy swap lock contention when unmapping with padata (Anthony Yznaga) [Orabug: 36073084] - mm: use less threads when unmapping some large VMAs (Anthony Yznaga) [Orabug: 36073084] - crypto: qat - add NULL pointer check (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - fix mutex ordering in adf_rl (Damian Muszynski) [Orabug: 36156923] - crypto: qat - fix error path in add_update_sla() (Damian Muszynski) [Orabug: 36156923] - crypto: qat - add sysfs_added flag for rate limiting (Damian Muszynski) [Orabug: 36156923] - crypto: qat - add sysfs_added flag for ras (Damian Muszynski) [Orabug: 36156923] - crypto: qat - prevent underflow in rp2srv_store() (Dan Carpenter) [Orabug: 36156923] - Documentation: ABI: debugfs-driver-qat: fix fw_counters path (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - move adf_cfg_services (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - add num_rps sysfs attribute (Ciunas Bennett) [Orabug: 36156923] - crypto: qat - add rp2svc sysfs attribute (Ciunas Bennett) [Orabug: 36156923] - crypto: qat - add rate limiting sysfs interface (Ciunas Bennett) [Orabug: 36156923] - crypto: qat - add rate limiting feature to qat_4xxx (Damian Muszynski) [Orabug: 36156923] - units: add missing header (Andy Shevchenko) [Orabug: 36156923] - units: Add BYTES_PER_*BIT (Damian Muszynski) [Orabug: 36156923] - crypto: qat - add retrieval of fw capabilities (Damian Muszynski) [Orabug: 36156923] - crypto: qat - add bits.h to icp_qat_hw.h (Damian Muszynski) [Orabug: 36156923] - crypto: qat - move admin api (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - fix ring to service map for QAT GEN4 (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - use masks for AE groups (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - refactor fw config related functions (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - count QAT GEN4 errors (Shashank Gupta) [Orabug: 36156923] - crypto: qat - add error counters (Shashank Gupta) [Orabug: 36156923] - crypto: qat - add handling of errors from ERRSOU3 for QAT GEN4 (Shashank Gupta) [Orabug: 36156923] - crypto: qat - add adf_get_aram_base() helper function (Shashank Gupta) [Orabug: 36156923] - crypto: qat - add handling of compression related errors for QAT GEN4 (Shashank Gupta) [Orabug: 36156923] - crypto: qat - add handling of errors from ERRSOU2 for QAT GEN4 (Shashank Gupta) [Orabug: 36156923] - crypto: qat - add reporting of errors from ERRSOU1 for QAT GEN4 (Shashank Gupta) [Orabug: 36156923] - crypto: qat - add reporting of correctable errors for QAT GEN4 (Shashank Gupta) [Orabug: 36156923] - crypto: qat - add infrastructure for error reporting (Shashank Gupta) [Orabug: 36156923] - crypto: qat - fix double free during reset (Svyatoslav Pankratov) [Orabug: 36156923] - crypto: qat - add cnv_errors debugfs file (Lucas Segarra Fernandez) [Orabug: 36156923] - crypto: qat - add pm_status debugfs file (Lucas Segarra Fernandez) [Orabug: 36156923] - crypto: qat - refactor included headers (Lucas Segarra Fernandez) [Orabug: 36156923] - crypto: qat - add namespace to driver (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - Remove zlib-deflate (Herbert Xu) [Orabug: 36156923] - crypto: qat - enable dc chaining service (Adam Guerin) [Orabug: 36156923] - crypto: qat - consolidate services structure (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - fix unregistration of compression algorithms (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - fix unregistration of crypto algorithms (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - ignore subsequent state up commands (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - do not shadow error code (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - fix state machines cleanup paths (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - refactor deprecated strncpy (Justin Stitt) [Orabug: 36156923] - crypto: qat - Use list_for_each_entry() helper (Jinjie Ruan) [Orabug: 36156923] - crypto: qat - fix crypto capability detection for 4xxx (Adam Guerin) [Orabug: 36156923] - crypto: qat - Remove unused function declarations (Yue Haibing) [Orabug: 36156923] - crypto: qat - use kfree_sensitive instead of memset/kfree() (Yang Yingliang) [Orabug: 36156923] - crypto: qat - replace the if statement with min() (You Kangren) [Orabug: 36156923] - crypto: qat - add heartbeat counters check (Damian Muszynski) [Orabug: 36156923] - crypto: qat - add heartbeat feature (Damian Muszynski) [Orabug: 36156923] - crypto: qat - add measure clock frequency (Damian Muszynski) [Orabug: 36156923] - crypto: qat - drop obsolete heartbeat interface (Damian Muszynski) [Orabug: 36156923] - crypto: qat - add internal timer for qat 4xxx (Damian Muszynski) [Orabug: 36156923] - crypto: qat - add fw_counters debugfs file (Lucas Segarra Fernandez) [Orabug: 36156923] - crypto: qat - change value of default idle filter (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - do not export adf_init_admin_pm() (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - expose pm_idle_enabled through sysfs (Lucas Segarra Fernandez) [Orabug: 36156923] - crypto: qat - extend configuration for 4xxx (Adam Guerin) [Orabug: 36156923] - Documentation: qat: change kernel version (Meadhbh) [Orabug: 36156923] - Documentation: qat: rewrite description (Bagas Sanjaya) [Orabug: 36156923] - Documentation: qat: Use code block for qat sysfs example (Bagas Sanjaya) [Orabug: 36156923] - crypto: qat - refactor fw config logic for 4xxx (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - make fw images name constant (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - move returns to default case (Adam Guerin) [Orabug: 36156923] - crypto: qat - update slice mask for 4xxx devices (Karthikeyan Gopal) [Orabug: 36156923] - crypto: qat - set deprecated capabilities as reserved (Karthikeyan Gopal) [Orabug: 36156923] - crypto: qat - add missing function declaration in adf_dbgfs.h (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - move dbgfs init to separate file (Damian Muszynski) [Orabug: 36156923] - crypto: qat - Move driver to drivers/crypto/intel/qat (Tom Zanussi) [Orabug: 36156923] - crypto: qat - drop redundant adf_enable_aer() (Bjorn Helgaas) [Orabug: 36156923] - crypto: qat - simplify adf_enable_aer() (Uwe Kleine-Konig) [Orabug: 36156923] - crypto: qat - fix apply custom thread-service mapping for dc service (Shashank Gupta) [Orabug: 36156923] - crypto: qat - add support for 402xx devices (Damian Muszynski) [Orabug: 36156923] - crypto: qat - make state machine functions static (Shashank Gupta) [Orabug: 36156923] - crypto: qat - refactor device restart logic (Shashank Gupta) [Orabug: 36156923] - crypto: qat - replace state machine calls (Shashank Gupta) [Orabug: 36156923] - crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (Shashank Gupta) [Orabug: 36156923] - crypto: qat - fix concurrency issue when device state changes (Shashank Gupta) [Orabug: 36156923] - crypto: qat - expose device config through sysfs for 4xxx (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - delay sysfs initialization (Shashank Gupta) [Orabug: 36156923] - crypto: qat - Include algapi.h for low-level Crypto API (Herbert Xu) [Orabug: 36156923] - crypto: qat - Use request_complete helpers (Herbert Xu) [Orabug: 36156923] - crypto: qat - add qat_zlib_deflate (Lucas Segarra Fernandez) [Orabug: 36156923] - crypto: qat - extend buffer list logic interface (Lucas Segarra Fernandez) [Orabug: 36156923] - crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (Meadhbh Fitzpatrick) [Orabug: 36156923] - crypto: qat - add limit to linked list parsing (Adam Guerin) [Orabug: 36156923] - crypto: qat - add check to validate firmware images (Srinivas Kerekare) [Orabug: 36156923] - crypto: qat - relocate and rename adf_sriov_prepare_restart() (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - change behaviour of adf_cfg_add_key_value_param() (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - Removes the x86 dependency on the QAT drivers (Yoan Picchi) [Orabug: 36156923] - crypto: qat - Fix unsigned function returning negative constant (Haowen Bai) [Orabug: 36156923] - crypto: qat - remove line wrapping for pfvf_ops functions (Marco Chiappero) [Orabug: 36156923] - crypto: qat - use u32 variables in all GEN4 pfvf_ops (Marco Chiappero) [Orabug: 36156923] - crypto: qat - replace disable_vf2pf_interrupts() (Marco Chiappero) [Orabug: 36156923] - crypto: qat - leverage the GEN2 VF mask definiton (Marco Chiappero) [Orabug: 36156923] - crypto: qat - rework the VF2PF interrupt handling logic (Marco Chiappero) [Orabug: 36156923] - crypto: qat - fix off-by-one error in PFVF debug print (Marco Chiappero) [Orabug: 36156923] - crypto: qat - fix wording and formatting in code comment (Marco Chiappero) [Orabug: 36156923] - crypto: qat - test PFVF registers for spurious interrupts on GEN4 (Marco Chiappero) [Orabug: 36156923] - crypto: qat - add check for invalid PFVF protocol version 0 (Wojciech Ziemba) [Orabug: 36156923] - crypto: qat - add missing restarting event notification in VFs (Marco Chiappero) [Orabug: 36156923] - crypto: qat - remove unnecessary tests to detect PFVF support (Marco Chiappero) [Orabug: 36156923] - crypto: qat - remove unused PFVF stubs (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - remove unneeded braces (Marco Chiappero) [Orabug: 36156923] - crypto: qat - fix ETR sources enabled by default on GEN2 devices (Marco Chiappero) [Orabug: 36156923] - crypto: qat - stop using iommu_present() (Robin Murphy) [Orabug: 36156923] - crypto: qat - remove unneeded assignment (Giovanni Cabiddu) [Orabug: 36156923] - crypto: qat - don't cast parameter in bit operations (Andy Shevchenko) [Orabug: 36156923] - Revert 'selftests/bpf: Test tail call counting with bpf2bpf and data on stack' (Samasth Norway Ananda) [Orabug: 36204961] - netfilter: nf_tables: check if catch-all set element is active in next generation (Pablo Neira Ayuso) [Orabug: 36250951] {CVE-2024-1085} [5.15.0-204.147.2] - LTS version: v5.15.147 (Vijayendra Suman) - net: usb: ax88179_178a: move priv to driver_priv (Justin Chen) - net: usb: ax88179_178a: remove redundant init code (Justin Chen) - tracing/kprobes: Fix symbol counting logic by looking at modules as well (Andrii Nakryiko) - kallsyms: Make module_kallsyms_on_each_symbol generally available (Jiri Olsa) - netfilter: nf_tables: Reject tables of unsupported family (Phil Sutter) - perf inject: Fix GEN_ELF_TEXT_OFFSET for jit (Adrian Hunter) - ipv6: remove max_size check inline with ipv4 (Jon Maxwell) - net: tls, update curr on splice as well (John Fastabend) - mmc: sdhci-sprd: Fix eMMC init failure after hw reset (Wenchao Chen) - mmc: core: Cancel delayed work before releasing host (Geert Uytterhoeven) - mmc: rpmb: fixes pause retune on all RPMB partitions. (Jorge Ramirez-Ortiz) - mmc: meson-mx-sdhc: Fix initialization frozen issue (Ziyang Huang) - mm: fix unmap_mapping_range high bits shift bug (Jiajun Xie) - x86/kprobes: fix incorrect return address calculation in kprobe_emulate_call_indirect (Jinghao Jia) - firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards (Takashi Sakamoto) - mm/memory-failure: check the mapcount of the precise page (Matthew Wilcox (Oracle)) - selftests: secretmem: floor the memory size to the multiple of page_size (Muhammad Usama Anjum) - net: Implement missing SO_TIMESTAMPING_NEW cmsg support (Thomas Lange) - bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters() (Michael Chan) - asix: Add check for usbnet_get_endpoints (Chen Ni) - octeontx2-af: Re-enable MAC TX in otx2_stop processing (Naveen Mamindlapalli) - octeontx2-af: Always configure NIX TX link credits based on max frame size (Naveen Mamindlapalli) - octeontx2-af: Set NIX link credits based on max LMAC (Sunil Goutham) - octeontx2-af: Don't enable Pause frames by default (Hariprasad Kelam) - net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues (Dinghao Liu) - igc: Fix hicredit calculation (Rodrigo Cataldo) - i40e: Restore VF MSI-X state during PCI reset (Andrii Staikov) - ASoC: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux (Mark Brown) - ASoC: meson: g12a-toacodec: Fix event generation (Mark Brown) - ASoC: meson: g12a-tohdmitx: Validate written enum values (Mark Brown) - ASoC: meson: g12a-toacodec: Validate written enum values (Mark Brown) - i40e: fix use-after-free in i40e_aqc_add_filters() (Ke Xiao) - net: Save and restore msg_namelen in sock_sendmsg (Marc Dionne) - netfilter: nft_immediate: drop chain reference counter on error (Pablo Neira Ayuso) - net: bcmgenet: Fix FCS generation for fragmented skbuffs (Adrian Cinal) - sfc: fix a double-free bug in efx_probe_filters (Zhipeng Lu) - ARM: sun9i: smp: Fix array-index-out-of-bounds read in sunxi_mc_smp_init (Stefan Wahren) - net-timestamp: extend SOF_TIMESTAMPING_OPT_ID to HW timestamps (Vadim Fedorenko) - can: raw: add support for SO_MARK (Marc Kleine-Budde) - can: raw: add support for SO_TXTIME/SCM_TXTIME (Marc Kleine-Budde) - net: Implement missing getsockopt(SO_TIMESTAMPING_NEW) (Jorn-Thorben Hinz) - r8169: Fix PCI error on system resume (Kai-Heng Feng) - net: sched: em_text: fix possible memory leak in em_text_destroy() (Hangyu Hua) - mlxbf_gige: fix receive packet race condition (David Thompson) - ASoC: fsl_rpmsg: Fix error handler with pm_runtime_enable (Chancel Liu) - igc: Check VLAN EtherType mask (Kurt Kanzenbach) - igc: Check VLAN TCI mask (Kurt Kanzenbach) - igc: Report VLAN EtherType matching back to user (Kurt Kanzenbach) - i40e: Fix filter input checks to prevent config with invalid values (Sudheer Mogilappagari) - drm/i915/dp: Fix passing the correct DPCD_REV for drm_dp_set_phy_test_pattern (Khaled Almahallawy) - octeontx2-af: Fix marking couple of structure as __packed (Suman Ghosh) - nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local (Siddh Raman Pant) - drm/bridge: ti-sn65dsi86: Never store more than msg->size bytes in AUX xfer (Douglas Anderson) - Revert 'PCI/ASPM: Remove pcie_aspm_pm_state_change()' (Bjorn Helgaas) - ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP ProBook 440 G6 (Siddhesh Dharme) - block: Don't invalidate pagecache for invalid falloc modes (Sarthak Kukreti) [5.15.0-204.146.1] - uek-rpm: Update the kABI files for new symbol (Yifei Liu) [Orabug: 36183477] - x86: KVM: SVM: refresh AVIC inhibition in svm_leave_nested() (Maxim Levitsky) [Orabug: 36183624] - KVM: x86: SVM: allow AVIC to co-exist with a nested guest running (Maxim Levitsky) [Orabug: 36183624] - KVM: x86: allow per cpu apicv inhibit reasons (Maxim Levitsky) [Orabug: 36183624] - rds: Add count for ready receive cache (Hans Westgaard Ry) [Orabug: 36186035] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1085 cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:linux:8::UEKR7 cpe:/a:oracle:linux:9::UEKR7 cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 conmon [2.1.3-8] - address CVE-2023-39326 cri-o [1.26.4-1] - Added Oracle Specific Files for cri-o - Cherry-picked upstream commits for OCPBUGS-17150: oci: simplify stopping code https://github.com/cri-o/cri-o/pull/7185 - Fixed CVE-2023-39325: bump golang.org/x/net to v0.17.0 cri-tools [1.26.1-4] - Address CVE-2023-39326 etcd [3.5.9-3] - Address CVE-2023-39326 by upgrading golang to version 1.20.12 flannel-cni-plugin [1.2.0-3] - Build for aarch64 [1.2.0-2] - Rebuild with golang 1.20.12 [1.2.0-1] - Added Oracle specific build files for Flannel CNI Plugins - Address CVE-2023-44487 and CVE-2023-39325 helm [3.12.0-4] - address CVE-2023-39326 by updating golang version to 1.20.12 istio [1.17.8-2] - Address CVE-2023-39326 kata [1.12.1-17] - Include OL9 for kernel-uek-container (currently in UEKR7_developer_preview) [1.12.1-16] - Rebuild with golang 1.20.12 [1.12.1-15] - Updated for kubernetes 1.27 and 1.28 kata-agent [1.12.1-11] - Rebuild with -11 tag [1.12.1-10] - Updated Golang to 1.20.12 to address CVE CVE-2023-39326 kata-image [1.12.1-11] - Rebuild with -11 tag [1.12.1-10] - Updated Golang to 1.20.12 to address CVE CVE-2023-39326 kata-ksm-throttler [1.12.1-11] - Rebuild with -11 tag [1.12.1-10] - Updated Golang to 1.20.12 to address CVE CVE-2023-39326 kata-proxy [1.12.1-11] - Rebuild with -11 tag [1.12.1-10] - Updated Golang to 1.20.12 to address CVE CVE-2023-39326 kata-runtime [1.12.1-11] - Rebuild with -11 tag [1.12.1-10] - Updated Golang to 1.20.12 to address CVE CVE-2023-39326 kata-shim [1.12.1-11] - Rebuild with -11 tag [1.12.1-10] - Updated Golang to 1.20.12 to address CVE CVE-2023-39326 kubernetes [1.26.10-3] - Build with golang 1.20.12 kubernetes-cni [1.1.2-4] - Address CVE-2023-39326, update golang version to 1.20.12 kubernetes-cni-plugins [1.2.0-6] - Rebuild with golang 1.20.12 [1.2.0-5] - update flannel-cni-plugin to 1.2.0 kubevirt [0.58.0-5] - Updated to address CVE-2023-39326 olcne [1.7.6-5] - Fix OLM upgrade failure [1.7.6-4] - Fixed unable to deploy new module(s) using config file containing already existing modules [1.7.6-2] - Corrected olcne repo version in the prompt text of the 'olcnectl provision' command [1.7.6-1] - Update kubernetes and components to address golang CVE-2023-39326 - Update istio and components to address golang CVE-2023-39326 - Update metallb, multus-cni, kubevirt, module-operator, calico, rook to address golang CVE-2023-39326 - Update cri-o to 1.26-4 patched - add conmon resource to kubernetes module [1.7.5-22] - Fix OLM upgrade failure - same version upgrade [1.7.5-21] - Migrate ModuleOperator from verrazzano-install to ocne-modules namespace [1.7.5-20] - Update module-operator to address CVE-2023-39326 [1.7.5-19] - Updated kubevirt 0.58.0 to address CVE-2023-39326 [1.7.5-18] - Back port rebuild of calico 3.25.1 yq [4.34.1-4] - Update Golang to 1.20.12 to address CVE-2023-39326 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-39326 cpe:/a:oracle:linux:9::olcne19 cpe:/a:oracle:linux:9::olcne18 cpe:/a:oracle:linux:9::olcne17 Oracle Linux 8 Oracle Linux 9 [5.15.0-204.147.6.3] - netfilter: nf_tables: reject QUEUE/DROP verdict parameters (Florian Westphal) [Orabug: 36464807] {CVE-2024-1086} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1086 cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:linux:8::UEKR7 cpe:/a:oracle:linux:9::UEKR7 cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [1.8.1-2] - Cleanup spec file [1.8.1-1] - Fix OLM upgrade failure - upgrade from 0.17.0 to 0.23.1 failed due to a couple of crds missing - Add hostpathRequiresPrivilged value to rook template cr to be passed to module operator - Fixed Istio-1.18 and Istio-1.19 installation on aarch64 architecture - Fixed unable to deploy new module(s) using config file containing already existing modules - Corrected olcne repo version in the prompt text of the 'olcnectl provision' command - Update modules and components built with golang 1.20.12 to address CVE-2023-39326 - add conmon resource to kubernetes module - Fix OLM upgrade failure - same version upgrade failure - Migrate ModuleOperator from verrazzano-install to ocne-modules namespace - Fix multiple install during provision IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-39326 cpe:/a:oracle:linux:9::olcne18 Oracle Linux 9 [1.8.1-2] - Cleanup spec file [1.8.1-1] - Fix OLM upgrade failure - upgrade from 0.17.0 to 0.23.1 failed due to a couple of crds missing - Add hostpathRequiresPrivilged value to rook template cr to be passed to module operator - Fixed Istio-1.18 and Istio-1.19 installation on aarch64 architecture - Fixed unable to deploy new module(s) using config file containing already existing modules - Corrected olcne repo version in the prompt text of the 'olcnectl provision' command - Update modules and components built with golang 1.20.12 to address CVE-2023-39326 - add conmon resource to kubernetes module - Fix OLM upgrade failure - same version upgrade failure - Migrate ModuleOperator from verrazzano-install to ocne-modules namespace - Fix multiple install during provision IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-39326 cpe:/a:oracle:linux:9::olcne18 Oracle Linux 9 - [5.14.0-362.24.1.0.1_3.OL9] - netfilter: nf_tables: reject QUEUE/DROP verdict parameters [Orabug: 36461940 ] {CVE-2024-1086} - [5.14.0-362.24.1_3.OL9] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944] - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Disable unified kernel image package build - Add Oracle Linux IMA certificates IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1086 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 8 Oracle Linux 9 [5.15.0-205.149.5.1] - KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Pawan Gupta) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Add BHI mitigation knob (Pawan Gupta) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Enumerate Branch History Injection (BHI) bug (Pawan Gupta) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Define SPEC_CTRL_BHI_DIS_S (Daniel Sneddon) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Add support for clearing branch history at syscall entry (Pawan Gupta) [Orabug: 36384802] {CVE-2024-2201} - x86/cpufeature: Add missing leaf enumeration (Daniel Sneddon) [Orabug: 36384802] {CVE-2024-2201} - KVM: x86: Use a switch statement and macros in __feature_translate() (Jim Mattson) [Orabug: 36384802] {CVE-2024-2201} - KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace (Jim Mattson) [Orabug: 36384802] {CVE-2024-2201} - KVM: x86: Update KVM-only leaf handling to allow for 100% KVM-only leafs (Sean Christopherson) [Orabug: 36384802] {CVE-2024-2201} - x86/bugs: Use sysfs_emit() (Borislav Petkov) [Orabug: 36384802] {CVE-2024-2201} - x86/cpu: Support AMD Automatic IBRS (Kim Phillips) [Orabug: 36384802] {CVE-2024-2201} - Documentation/hw-vuln: Update spectre doc (Lin Yujun) [Orabug: 36384802] {CVE-2024-2201} - x86/speculation: Reorder SRSO and GDS functions (Alexandre Chartre) [Orabug: 36384802] {CVE-2024-2201} [5.15.0-205.149.5] - uek-rpm: Bluefield 3: enable lockdown mode for secure boot (Dave Kleikamp) [Orabug: 36318788] - Documentation/x86: Update split lock documentation (Tony Luck) [Orabug: 36298291] - x86/split_lock: Add sysctl to control the misery mode (Guilherme G. Piccoli) [Orabug: 36298291] - x86/split-lock: Remove unused TIF_SLD bit (Tony Luck) [Orabug: 36298291] - x86/split_lock: Make life miserable for split lockers (Tony Luck) [Orabug: 36298291] [5.15.0-205.149.4] - Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST (Luiz Augusto von Dentz) - netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() (Ignat Korchagin) - ksmbd: free aux buffer if ksmbd_iov_pin_rsp_read fails (Fedor Pchelkin) - afs: Fix endless loop in directory parsing (David Howells) - PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() (Dan Carpenter) - Revert 'drm/bridge: lt8912b: Register and attach our DSI device at probe' (Max Krummenacher) - net: usb: dm9601: fix wrong return value in dm9601_mdio_read (Javier Carrasco) - usb: dwc3: gadget: Don't disconnect if not started (Thinh Nguyen) - platform/x86: intel-vbtn: Stop calling 'VBDL' from notify_handler (Hans de Goede) - Fix null ptr in rds_tcp_recv_path (Allison Henderson) [Orabug: 35587408] - cifs: fix mid leak during reconnection after timeout threshold (Shyam Prasad N) [Orabug: 36123597] - vfio/mlx5: Activate the chunk mode functionality (Yishai Hadas) [Orabug: 36298327] - vfio/mlx5: Add support for READING in chunk mode (Yishai Hadas) [Orabug: 36298327] - vfio/mlx5: Add support for SAVING in chunk mode (Yishai Hadas) [Orabug: 36298327] - vfio/mlx5: Pre-allocate chunks for the STOP_COPY phase (Yishai Hadas) [Orabug: 36298327] - vfio/mlx5: Rename some stuff to match chunk mode (Yishai Hadas) [Orabug: 36298327] - vfio/mlx5: Enable querying state size which is > 4GB (Yishai Hadas) [Orabug: 36298327] - vfio/mlx5: Refactor the SAVE callback to activate a work only upon an error (Yishai Hadas) [Orabug: 36298327] - vfio/mlx5: Wake up the reader post of disabling the SAVING migration file (Yishai Hadas) [Orabug: 36298327] - net/mlx5: Introduce ifc bits for migration in a chunk mode (Yishai Hadas) [Orabug: 36298327] - af_unix: Drop oob_skb ref before purging queue in GC. (Kuniyuki Iwashima) [Orabug: 36375407] - hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed (Shradha Gupta) [Orabug: 36379479] [5.15.0-205.149.3] - net/rds: print PPID/COMM of process doing user reset on RDS connection (Juan Garcia) [Orabug: 36248460] - platform/mellanox: mlxbf-pmc: Fix offset calculation for crspace events (Shravan Kumar Ramani) [Orabug: 36299543] - platform/mellanox: mlxbf-tmfifo: Drop Tx network packet when Tx TmFIFO is full (Liming Sun) [Orabug: 36299543] - platform/mellanox: mlxbf-tmfifo: Remove unnecessary bool conversion (Jules Irenge) [Orabug: 36299543] - power: reset: pwr-mlxbf: support graceful reboot instead of emergency reset (Asmaa Mnebhi) [Orabug: 36299543] - platform/mellanox: tmfifo: fix kernel-doc warnings (Randy Dunlap) [Orabug: 36299543] - platform/mellanox: mlxbf-tmfifo: Convert to platform remove callback returning void (Uwe Kleine-Konig) [Orabug: 36299543] - platform/mellanox: mlxbf-pmc: Add support for BlueField-3 (Shravan Kumar Ramani) [Orabug: 36299543] - pwr-mlxbf: extend Kconfig to include gpio-mlxbf3 dependency (David Thompson) [Orabug: 36299543] - pinctrl: mlxbf3: Remove gpio_disable_free() (Asmaa Mnebhi) [Orabug: 36299543] - gpio: mlxbf3: use capital 'OR' for multiple licenses in SPDX (Krzysztof Kozlowski) [Orabug: 36299543] - pinctrl: use capital 'OR' for multiple licenses in SPDX (Krzysztof Kozlowski) [Orabug: 36299543] - gpio: mlxbf3: Support add_pin_ranges() (Asmaa Mnebhi) [Orabug: 36299543] - uek: kabi: Add two new exported kABI symbols for ACFS and EDV (Saeed Mirzamohammadi) [Orabug: 36303821] - uek-rpm: Update the aarch64 kABI files for new symbol (Yifei Liu) [Orabug: 36323808] - arm64: Minimize tlb flush due to vttbr writes on AmpereOne (Ganapatrao Kulkarni) [Orabug: 36349790] [5.15.0-205.149.2] - LTS version: v5.15.149 (Vijayendra Suman) - usb: dwc3: gadget: Ignore End Transfer delay on teardown (Thinh Nguyen) - media: Revert 'media: rkisp1: Drop IRQF_SHARED' (Tomi Valkeinen) - usb: dwc3: gadget: Execute gadget stop after halting the controller (Wesley Cheng) - usb: dwc3: gadget: Don't delay End Transfer on delayed_status (Thinh Nguyen) - staging: fbtft: core: set smem_len before fb_deferred_io_init call (Peter Suti) - smb3: Replace smb2pdu 1-element arrays with flex-arrays (Kees Cook) - fs/ntfs3: Add null pointer checks (Konstantin Komarov) - net: bcmgenet: Fix EEE implementation (Florian Fainelli) - drm/msm/dsi: Enable runtime PM (Konrad Dybcio) - PM: runtime: Have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend() (Douglas Anderson) - dm: limit the number of targets and parameter size area (Mikulas Patocka) - nilfs2: replace WARN_ONs for invalid DAT metadata block requests (Ryusuke Konishi) - nilfs2: fix potential bug in end_buffer_async_write (Ryusuke Konishi) - sched/membarrier: reduce the ability to hammer on sys_membarrier (Linus Torvalds) - netfilter: ipset: Missing gc cancellations fixed (Jozsef Kadlecsik) - net: prevent mss overflow in skb_segment() (Eric Dumazet) - hrtimer: Ignore slack time for RT tasks in schedule_hrtimeout_range() (Davidlohr Bueso) - netfilter: ipset: fix performance regression in swap operation (Jozsef Kadlecsik) - scripts/decode_stacktrace.sh: optionally use LLVM utilities (Carlos Llamas) - scripts: decode_stacktrace: demangle Rust symbols (Miguel Ojeda) - scripts/decode_stacktrace.sh: support old bash version (Schspa Shi) - fbdev: flush deferred IO before closing (Nam Cao) - fbdev: Fix incorrect page mapping clearance at fb_deferred_io_release() (Takashi Iwai) - fbdev: Fix invalid page access after closing deferred I/O devices (Takashi Iwai) - fbdev: Rename pagelist to pagereflist for deferred I/O (Thomas Zimmermann) - fbdev: Track deferred-I/O pages in pageref struct (Thomas Zimmermann) - fbdev: defio: fix the pagelist corruption (Chuansheng Liu) - fbdev: Don't sort deferred-I/O pages by default (Thomas Zimmermann) - fbdev/defio: Early-out if page is already enlisted (Thomas Zimmermann) - serial: 8250_exar: Set missing rs485_supported flag (Lino Sanfilippo) - serial: 8250_exar: Fill in rs485_supported (Ilpo Jarvinen) - usb: dwc3: gadget: Queue PM runtime idle on disconnect event (Wesley Cheng) - usb: dwc3: gadget: Handle EP0 request dequeuing properly (Wesley Cheng) - usb: dwc3: gadget: Refactor EP0 forced stall/restart into a separate API (Wesley Cheng) - usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive (Wesley Cheng) - usb: dwc3: gadget: Submit endxfer command if delayed during disconnect (Wesley Cheng) - usb: dwc3: gadget: Force sending delayed status during soft disconnect (Wesley Cheng) - usb: dwc3: Fix ep0 handling when getting reset while doing control transfer (Mayank Rana) - usb: dwc3: gadget: Delay issuing End Transfer (Thinh Nguyen) - usb: dwc3: gadget: Only End Transfer for ep0 data phase (Thinh Nguyen) - usb: dwc3: ep0: Don't prepare beyond Setup stage (Thinh Nguyen) - usb: dwc3: gadget: Wait for ep0 xfers to complete during dequeue (Thinh Nguyen) - crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init (Tianjia Zhang) - bus: moxtet: Add spi device table (Sjoerd Simons) - dma-buf: add dma_fence_timestamp helper (Christian Konig) - af_unix: Fix task hung while purging oob_skb in GC. (Kuniyuki Iwashima) - tracing: Inform kmemleak of saved_cmdlines allocation (Steven Rostedt (Google)) - pmdomain: core: Move the unused cleanup to a _sync initcall (Konrad Dybcio) - can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) (Oleksij Rempel) - can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock (Ziqi Zhao) - of: property: fix typo in io-channels (Nuno Sa) - mm: hugetlb pages should not be reserved by shmat() if SHM_NORESERVE (Prakash Sangappa) - ceph: prevent use-after-free in encode_cap_msg() (Rishabh Dave) - net: ethernet: ti: cpsw_new: enable mac_managed_pm to fix mdio (Sinthu Raja) - s390/qeth: Fix potential loss of L3-IP@ in case of network issues (Alexandra Winter) - net: ethernet: ti: cpsw: enable mac_managed_pm to fix mdio (Sinthu Raja) - irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update (Marc Zyngier) - irqchip/irq-brcmstb-l2: Add write memory barrier before exit (Doug Berger) - wifi: mac80211: reload info pointer in ieee80211_tx_dequeue() (Johannes Berg) - nfp: flower: prevent re-adding mac index for bonded port (Daniel de Villiers) - nfp: use correct macro for LengthSelect in BAR config (Daniel Basilio) - crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked (Kim Phillips) - nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() (Ryusuke Konishi) - nilfs2: fix data corruption in dsync block recovery for small block sizes (Ryusuke Konishi) - ALSA: hda/conexant: Add quirk for SWS JS201D (bo liu) - mmc: slot-gpio: Allow non-sleeping GPIO ro (Alexander Stein) - x86/mm/ident_map: Use gbpages only where full GB page should be mapped. (Steve Wahl) - x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 (Aleksander Mazur) - powerpc/64: Set task pt_regs->link to the LR value on scv entry (Naveen N Rao) - serial: max310x: fail probe if clock crystal is unstable (Hugo Villeneuve) - serial: max310x: improve crystal stable clock detection (Hugo Villeneuve) - serial: max310x: set default value when reading clock ready bit (Hugo Villeneuve) - ring-buffer: Clean ring_buffer_poll_wait() error return (Vincent Donnefort) - hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove (Souradeep Chakrabarti) - drm/prime: Support page array >= 4GB (Philip Yang) - media: rc: bpf attach/detach requires write permission (Sean Young) - iio: accel: bma400: Fix a compilation problem (Mario Limonciello) - iio: core: fix memleak in iio_device_register_sysfs (Dinghao Liu) - iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC (zhili.liu) - staging: iio: ad5933: fix type mismatch regression (David Schiller) - tracing: Fix wasted memory in saved_cmdlines logic (Steven Rostedt (Google)) - ext4: fix double-free of blocks due to wrong extents moved_len (Baokun Li) - misc: fastrpc: Mark all sessions as invalid in cb_remove (Ekansh Gupta) - binder: signal epoll threads of self-work (Carlos Llamas) - ALSA: hda/cs8409: Suppress vmaster control for Dolphin models (Vitaly Rodionov) - ASoC: codecs: wcd938x: handle deferred probe (Krzysztof Kozlowski) - ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL (Edson Juliano Drosdeck) - xen-netback: properly sync TX responses (Jan Beulich) - net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame() (Nikita Zhandarovich) - nfc: nci: free rx_data_reassembly skb on NCI device cleanup (Fedor Pchelkin) - kbuild: Fix changing ELF file type for output of gen_btf for big endian (Nathan Chancellor) - firewire: core: correct documentation of fw_csr_string() kernel API (Takashi Sakamoto) - lsm: fix the logic in security_inode_getsecctx() (Ondrej Mosnacek) - Revert 'drm/amd: flush any delayed gfxoff on suspend entry' (Mario Limonciello) - scsi: Revert 'scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock' (Lee Duncan) - mptcp: fix data re-injection from stale subflow (Paolo Abeni) - modpost: trim leading spaces when processing source files list (Radek Krejci) - i2c: i801: Fix block process call transactions (Jean Delvare) - i2c: i801: Remove i801_set_block_buffer_mode (Heiner Kallweit) - powerpc/kasan: Fix addr error caused by page alignment (Jiangfeng Xiao) - media: ir_toy: fix a memleak in irtoy_tx (Zhipeng Lu) - usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend (Uttkarsh Aggarwal) - usb: f_mass_storage: forbid async queue when shutdown happen (yuan linyu) - USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT (Oliver Neukum) - usb: ucsi_acpi: Fix command completion handling (Christian A. Ehrhardt) - iio: hid-sensor-als: Return 0 for HID_USAGE_SENSOR_TIME_TIMESTAMP (Srinivas Pandruvada) - HID: wacom: Do not register input devices until after hid_hw_start (Jason Gerecke) - HID: wacom: generic: Avoid reporting a serial of '0' to userspace (Tatsunosuke Tobita) - HID: i2c-hid-of: fix NULL-deref on failed power up (Johan Hovold) - ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx (Luka Guzenko) - ALSA: hda/realtek: Fix the external mic not being recognised for Acer Swift 1 SF114-32 (David Senoner) - scsi: storvsc: Fix ring buffer size calculation (Michael Kelley) - mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again (Zach O'Keefe) - tracing/trigger: Fix to return error if failed to alloc snapshot (Masami Hiramatsu (Google)) - scs: add CONFIG_MMU dependency for vfree_atomic() (Samuel Holland) - i40e: Fix waiting for queues of all VSIs to be disabled (Ivan Vecera) - MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler (Guenter Roeck) path for statistics (Breno Leitao) - ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() (Alexey Khoroshilov) - spi: ppc4xx: Drop write-only variable (Uwe Kleine-Konig) - net: openvswitch: limit the number of recursions from action sets (Aaron Conole) - wifi: iwlwifi: Fix some error codes (Dan Carpenter) - of: unittest: Fix compile in the non-dynamic case (Christian A. Ehrhardt) - btrfs: send: return EOPNOTSUPP on unknown flags (David Sterba) - btrfs: forbid deleting live subvol qgroup (Boris Burkov) - btrfs: do not ASSERT() if the newly created subvolume already got read (Qu Wenruo) - btrfs: forbid creating subvol qgroups (Boris Burkov) - netfilter: nft_set_rbtree: skip end interval element from gc (Pablo Neira Ayuso) - net: stmmac: xgmac: fix a typo of register name in DPP safety handling (Furong Xu) - net: stmmac: xgmac: use #define for string constants (Simon Horman) - clocksource: Skip watchdog check for large watchdog intervals (Jiri Wiesner) - Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID (Hans de Goede) - Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU (Werner Sembach) - usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK (Prashanth K) - usb: dwc3: host: Set XHCI_SG_TRB_CACHE_SIZE_QUIRK (Prashanth K) - USB: serial: cp210x: add ID for IMST iM871A-USB (Leonard Dallmayr) - USB: serial: option: add Fibocom FM101-GL variant (Puliang Lu) - USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e (JackBB Wu) - ALSA: usb-audio: Add a quirk for Yamaha YIT-W12TX transmitter (Julian Sikorski) - drivers: lkdtm: fix clang -Wformat warning (Justin Stitt) - blk-iocost: Fix an UBSAN shift-out-of-bounds warning (Tejun Heo) - scsi: core: Move scsi_host_busy() out of host lock if it is for per-command (Ming Lei) - fs/ntfs3: Fix an NULL dereference bug (Dan Carpenter) - netfilter: nft_set_pipapo: remove scratch_aligned pointer (Florian Westphal) - netfilter: nft_set_pipapo: add helper to release pcpu scratch area (Florian Westphal) - netfilter: nft_set_pipapo: store index in scratch maps (Florian Westphal) - netfilter: nft_ct: reject direction for ct id (Pablo Neira Ayuso) - drm/amd/display: Implement bounds check for stream encoder creation in DCN301 (Srinivasan Shanmugam) - drm/amd/display: Fix multiple memory leaks reported by coverity (Anson Jacob) - netfilter: nft_compat: restrict match/target protocol to u16 (Pablo Neira Ayuso) - netfilter: nft_compat: reject unused compat flag (Pablo Neira Ayuso) - ppp_async: limit MRU to 64K (Eric Dumazet) - af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC. (Kuniyuki Iwashima) - tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (Shigeru Yoshida) - rxrpc: Fix response to PING RESPONSE ACKs to a dead call (David Howells) - inet: read sk->sk_family once in inet_recv_error() (Eric Dumazet) - hwmon: (coretemp) Fix bogus core_id to attr name mapping (Zhang Rui) - hwmon: (coretemp) Fix out-of-bounds memory access (Zhang Rui) - hwmon: (aspeed-pwm-tacho) mutex for tach reading (Loic Prylli) - octeontx2-pf: Fix a memleak otx2_sq_init (Zhipeng Lu) - atm: idt77252: fix a memleak in open_card_ubr0 (Zhipeng Lu) - tunnels: fix out of bounds access when building IPv6 PMTU error (Antoine Tenart) - selftests: net: avoid just another constant wait (Paolo Abeni) - selftests: net: cut more slack for gro fwd tests. (Paolo Abeni) - net: stmmac: xgmac: fix handling of DPP safety error for DMA channels (Furong Xu) - drm/msm/dp: return correct Colorimetry for DP_TEST_DYNAMIC_RANGE_CEA case (Kuogee Hsieh) - phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (Tony Lindgren) - dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV (Frank Li) - phy: renesas: rcar-gen3-usb2: Fix returning wrong error code (Yoshihiro Shimoda) - dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA (Christophe JAILLET) - dmaengine: fsl-qdma: Fix a memory leak related to the status queue DMA (Christophe JAILLET) - dmaengine: ti: k3-udma: Report short packet errors (Jai Luthra) - dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools (Guanhua Gao) - ASoC: codecs: lpass-wsa-macro: fix compander volume hack (Johan Hovold) - bonding: remove print in bond_verify_device_path (Zhengchao Shao) - HID: apple: Add 2021 magic keyboard FN key mapping (Benjamin Berg) - HID: apple: Add support for the 2021 Magic Keyboard (Alex Henrie) - gve: Fix use-after-free vulnerability (Praveen Kaligineedi) - arm64: irq: set the correct node for shadow call stack (Huang Shijie) path (Breno Leitao) - selftests: net: fix available tunnels detection (Paolo Abeni) - af_unix: fix lockdep positive in sk_diag_dump_icons() (Eric Dumazet) - net: ipv4: fix a memleak in ip_setup_cork (Zhipeng Lu) - netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations (Pablo Neira Ayuso) - netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger (Pablo Neira Ayuso) - netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV (Pablo Neira Ayuso) - bridge: mcast: fix disabled snooping after long uptime (Linus Lussing) - llc: call sock_orphan() at release time (Eric Dumazet) - ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (Helge Deller) - ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550() (Christophe JAILLET) - ixgbe: Refactor overtemp event handling (Jedrzej Jagielski) - ixgbe: Refactor returning internal error codes (Jedrzej Jagielski) - ixgbe: Remove non-inclusive language (Piotr Skajewski) - tcp: add sanity checks to rx zerocopy (Eric Dumazet) - ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() (Eric Dumazet) - ip6_tunnel: use dev_sw_netstats_rx_add() (Eric Dumazet) - selftests: net: give more time for GRO aggregation (Paolo Abeni) - scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler (Ming Lei) - scsi: isci: Fix an error code problem in isci_io_request_build() (Su Hui) - drm: using mul_u32_u32() requires linux/math64.h (Stephen Rothwell) - wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update (Edward Adam Davis) - perf: Fix the nr_addr_filters fix (Peter Zijlstra) - drm/amdkfd: Fix 'node' NULL check in 'svm_range_get_range_boundaries()' (Srinivasan Shanmugam) - drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()' (Srinivasan Shanmugam) - drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in 'get_platform_power_management_table()' (Srinivasan Shanmugam) - ceph: fix deadlock or deadcode of misusing dget() (Xiubo Li) - blk-mq: fix IO hang from sbitmap wakeup race (Ming Lei) - virtio_net: Fix ''%d' directive writing between 1 and 11 bytes into a region of size 10' warnings (Zhu Yanjun) - drm/amdkfd: Fix lock dependency warning (Felix Kuehling) - libsubcmd: Fix memory leak in uniq() (Ian Rogers) - PCI/AER: Decode Requester ID when no error info found (Bjorn Helgaas) - PCI: Fix 64GT/s effective data rate calculation (Ilpo Jarvinen) - fs/kernfs/dir: obey S_ISGID (Max Kellermann) - tty: allow TIOCSLCKTRMIOS with CAP_CHECKPOINT_RESTORE (Adrian Reber) - selftests/sgx: Fix linker script asserts (Jo Van Bulck) - usb: hub: Replace hardcoded quirk value with BIT() macro (Hardik Gajjar) - perf cs-etm: Bump minimum OpenCSD version to ensure a bugfix is present (James Clark) - PCI: switchtec: Fix stdev_release() crash after surprise hot remove (Daniel Stodden) - PCI: Only override AMD USB controller if required (Guilherme G. Piccoli) - mailbox: arm_mhuv2: Fix a bug for mhuv2_sender_interrupt (Xiaowu.ding) - mfd: ti_am335x_tscadc: Fix TI SoC dependencies (Peter Robinson) - xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import (Oleksandr Tyshchenko) - i3c: master: cdns: Update maximum prescaler value for i2c clock (Harshit Shah) - um: time-travel: fix time corruption (Johannes Berg) - um: net: Fix return type of uml_net_start_xmit() (Nathan Chancellor) - um: Don't use vfprintf() for os_info() (Benjamin Berg) - um: Fix naming clash between UML and scheduler (Anton Ivanov) - leds: trigger: panic: Don't register panic notifier if creating the trigger failed (Heiner Kallweit) - ALSA: hda/conexant: Fix headset auto detect fail in cx8070 and SN6140 (bo liu) - drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' (Srinivasan Shanmugam) - drm/amdgpu: Let KFD sync with VM fences (Felix Kuehling) - clk: imx: clk-imx8qxp: fix LVDS bypass, pixel and phy clocks (Alexander Stein) - clk: imx: scu: Fix memory leak in __imx_clk_gpr_scu() (Kuan-Wei Chiu) - watchdog: it87_wdt: Keep WDTCTRL bit 3 unmodified for IT8784/IT8786 (Werner Fischer) - clk: mmp: pxa168: Fix memory leak in pxa168_clk_init() (Kuan-Wei Chiu) - clk: hi3620: Fix memory leak in hi3620_mmc_clk_init() (Kuan-Wei Chiu) - drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap (Wang, Beyond) - drm/msm/dpu: Ratelimit framedone timeout msgs (Rob Clark) - media: i2c: imx335: Fix hblank min/max values (Kieran Bingham) - media: ddbridge: fix an error code problem in ddb_probe (Su Hui) - IB/ipoib: Fix mcast list locking (Daniel Vacek) - drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time (Douglas Anderson) - f2fs: fix to tag gcing flag on page during block migration (Chao Yu) - media: rkisp1: Drop IRQF_SHARED (Tomi Valkeinen) - ALSA: hda: intel-dspcfg: add filters for ARL-S and ARL (Pierre-Louis Bossart) - ALSA: hda: Intel: add HDA_ARL PCI ID support (Pierre-Louis Bossart) - PCI: add INTEL_HDA_ARL to pci_ids.h (Pierre-Louis Bossart) - media: rockchip: rga: fix swizzling for RGB formats (Michael Tretter) - media: stk1160: Fixed high volume of stk1160_dbg messages (Ghanshyam Agrawal) - drm/mipi-dsi: Fix detach call without attach (Tomi Valkeinen) - drm/framebuffer: Fix use of uninitialized variable (Tomi Valkeinen) - drm/drm_file: fix use of uninitialized variable (Tomi Valkeinen) - f2fs: fix write pointers on zoned device after roll forward (Jaegeuk Kim) - drm/amd/display: Fix tiled display misalignment (Meenakshikumar Somasundaram) - RDMA/IPoIB: Fix error code return in ipoib_mcast_join (Jack Wang) - fast_dput(): handle underflows gracefully (Al Viro) - ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument (Cristian Ciocaltea) - ALSA: hda: Refer to correct stream index at loops (Takashi Iwai) - f2fs: fix to check return value of f2fs_reserve_new_block() (Chao Yu) - octeontx2-af: Fix max NPC MCAM entry check while validating ref_entry (Suman Ghosh) - i40e: Fix VF disable behavior to block all traffic (Andrii Staikov) - bridge: cfm: fix enum typo in br_cc_ccm_tx_parse (Lin Ma) - Bluetooth: L2CAP: Fix possible multiple reject send (Frederic Danis) - Bluetooth: qca: Set both WIDEBAND_SPEECH and LE_STATES quirks for QCA2066 (Zijun Hu) - wifi: cfg80211: free beacon_ies when overridden from hidden BSS (Benjamin Berg) - wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() (Su Hui) - ALSA: usb-audio: Add delay quirk for MOTU M Series 2nd revision (Alexander Tsoy) - libbpf: Fix NULL pointer dereference in bpf_object__collect_prog_relos (Mingyi Zhang) - wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices (Zenm Chen) - arm64: dts: qcom: msm8998: Fix 'out-ports' is a required property (Mao Jinlong) - arm64: dts: qcom: msm8996: Fix 'in-ports' is a required property (Mao Jinlong) - md: Whenassemble the array, consult the superblock of the freshest device (Alex Lyakas) - block: prevent an integer overflow in bvec_try_merge_hw_page (Christoph Hellwig) - net: dsa: mv88e6xxx: Fix mv88e6352_serdes_get_stats error path (Tobias Waldekranz) - ARM: dts: imx23/28: Fix the DMA controller node name (Fabio Estevam) - ARM: dts: imx23-sansa: Use preferred i2c-gpios properties (Fabio Estevam) - ARM: dts: imx27-apf27dev: Fix LED name (Fabio Estevam) - ARM: dts: imx25/27: Pass timing0 (Fabio Estevam) - ARM: dts: imx25: Fix the iim compatible string (Fabio Estevam) - block/rnbd-srv: Check for unlikely string overflow (Kees Cook) - ionic: pass opcode to devcmd_wait (Shannon Nelson) - ARM: dts: imx1: Fix sram node (Fabio Estevam) - ARM: dts: imx27: Fix sram node (Fabio Estevam) - ARM: dts: imx: Use flash@0,0 pattern (Fabio Estevam) - ARM: dts: imx25/27-eukrea: Fix RTC node name (Fabio Estevam) - ARM: dts: rockchip: fix rk3036 hdmi ports node (Johan Jonker) - bpf: Set uattr->batch.count as zero before batched update or deletion (Hou Tao) - scsi: libfc: Fix up timeout error in fc_fcp_rec_error() (Hannes Reinecke) - scsi: libfc: Don't schedule abort twice (Hannes Reinecke) - bpf: Add map and need_defer parameters to .map_fd_put_ptr() (Hou Tao) - wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (Minsuk Kang) - ARM: dts: imx7s: Fix nand-controller #size-cells (Alexander Stein) - ARM: dts: imx7s: Fix lcdif compatible (Alexander Stein) - ARM: dts: imx7d: Fix coresight funnel ports (Alexander Stein) - scsi: arcmsr: Support new PCI device IDs 1883 and 1886 (ching Huang) - bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk (Zhengchao Shao) - PCI: Add no PM reset quirk for NVIDIA Spectrum devices (Ido Schimmel) - scsi: lpfc: Fix possible file string name overflow when updating firmware (Justin Tee) - selftests/bpf: Fix issues in setup_classid_environment() (Yafang Shao) - selftests/bpf: Fix pyperf180 compilation failure with clang18 (Yonghong Song) - selftests/bpf: satisfy compiler by having explicit return in btf test (Andrii Nakryiko) - wifi: rt2x00: restart beacon queue when hardware reset (Shiji Yang) - ext4: avoid online resizing failures due to oversized flex bg (Baokun Li) - ext4: remove unnecessary check from alloc_flex_gd() (Baokun Li) - ext4: unify the type of flexbg_size to unsigned int (Baokun Li) - ext4: fix inconsistent between segment fstrim and full fstrim (Ye Bin) - ecryptfs: Reject casefold directory inodes (Gabriel Krisman Bertazi) - SUNRPC: Fix a suspicious RCU usage warning (Anna Schumaker) - KVM: s390: fix setting of fpc register (Heiko Carstens) - s390/ptrace: handle setting of fpc register correctly (Heiko Carstens) - arch: consolidate arch_irq_work_raise prototypes (Arnd Bergmann) - jfs: fix array-index-out-of-bounds in diNewExt (Edward Adam Davis) - rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock() (Oleg Nesterov) - afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() (Oleg Nesterov) - afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu() (Oleg Nesterov) - crypto: stm32/crc32 - fix parsing list of devices (Thomas Bourgoin) - crypto: octeontx2 - Fix cptvf driver cleanup (Bharat Bhushan) - pstore/ram: Fix crash when setting number of cpus to an odd number (Weichen Chen) - jfs: fix uaf in jfs_evict_inode (Edward Adam Davis) - jfs: fix array-index-out-of-bounds in dbAdjTree (Manas Ghandat) - jfs: fix slab-out-of-bounds Read in dtSearch (Manas Ghandat) - UBSAN: array-index-out-of-bounds in dtSplitRoot (Osama Muhammad) - FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree (Osama Muhammad) - ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous events (Shuai Xue) - PM / devfreq: Synchronize devfreq_monitor_[start/stop] (Mukesh Ojha) - ACPI: extlog: fix NULL pointer dereference check (Prarit Bhargava) - PNP: ACPI: fix fortify warning (Dmitry Antipov) - ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop (Yuluo Qiu) - audit: Send netlink ACK before setting connection in auditd_set (Chris Riches) - regulator: core: Only increment use_count when enable_count changes (Rui Zhang) - debugobjects: Stop accessing objects after releasing hash bucket lock (Andrzej Hajda) - perf/core: Fix narrow startup race when creating the perf nr_addr_filters sysfs file (Greg KH) - x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel (Zhiquan Li) - powerpc/lib: Validate size for vector operations (Naveen N Rao) - powerpc: pmd_move_must_withdraw() is only needed for CONFIG_TRANSPARENT_HUGEPAGE (Stephen Rothwell) - x86/boot: Ignore NMIs during very early boot (Jun'ichi Nomura) - powerpc/64s: Fix CONFIG_NUMA=n build due to create_section_mapping() (Michael Ellerman) - powerpc/mm: Fix build failures due to arch_reserved_kernel_pages() (Michael Ellerman) - powerpc: Fix build error due to is_valid_bugaddr() (Michael Ellerman) - drivers/perf: pmuv3: don't expose SW_INCR event in sysfs (Mark Rutland) - arm64: irq: set the correct node for VMAP stack (Huang Shijie) - powerpc/mm: Fix null-pointer dereference in pgtable_cache_add (Kunwu Chan) - x86/entry/ia32: Ensure s32 is sign extended to s64 (Richard Palethorpe) - tick/sched: Preserve number of idle sleeps across CPU hotplug events (Tim Chen) - mips: Call lose_fpu(0) before initializing fcr31 in mips_set_personality_nan (Xi Ruoyao) - mtd: cfi: allow building spi-intel standalone (Arnd Bergmann) - spi: bcm-qspi: fix SFDP BFPT read by usig mspi read (Kamal Dasu) - block: Move checking GENHD_FL_NO_PART to bdev_add_partition() (Li Lingfeng) - gpio: eic-sprd: Clear interrupt after set the interrupt type (Wenhua Lin) - drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume (Fedor Pchelkin) - drm/exynos: fix accidental on-stack copy of exynos_drm_plane (Arnd Bergmann) - drm: panel-simple: add missing bus flags for Tianma tm070jvhg[30/33] (Markus Niebel) - cpufreq: intel_pstate: Refine computation of P-state for given frequency (Rafael J. Wysocki) - cpufreq: intel_pstate: Drop redundant intel_pstate_get_hwp_cap() call (Rafael J. Wysocki) - ksmbd: fix global oob in ksmbd_nl_policy (Lin Ma) - btrfs: add definition for EXTENT_TREE_V2 (Josef Bacik) - PM / devfreq: Fix buffer overflow in trans_stat_show (Christian Marangi) - mm/sparsemem: fix race in accessing memory_section->usage (Charan Teja Kalla) - mm: use __pfn_to_section() instead of open coding it (Rolf Eike Beer) - media: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run (Zheng Wang) - ARM: dts: qcom: sdx55: fix USB SS wakeup (Johan Hovold) - ARM: dts: qcom: sdx55: fix USB DP/DM HS PHY interrupts (Johan Hovold) - ARM: dts: qcom: sdx55: fix pdc '#interrupt-cells' (Johan Hovold) - ARM: dts: samsung: exynos4210-i9100: Unconditionally enable LDO12 (Paul Cercueil) - ARM: dts: qcom: sdx55: fix USB wakeup interrupt types (Johan Hovold) - pipe: wakeup wr_wait after setting max_usage (Lukas Schauer) - fs/pipe: move check to pipe_has_watch_queue() (Max Kellermann) - bus: mhi: host: Add alignment check for event ring read pointer (Krishna chaitanya chundru) - bus: mhi: host: Rename 'struct mhi_tre' to 'struct mhi_ring_element' (Manivannan Sadhasivam) - PM: sleep: Fix possible deadlocks in core system-wide PM code (Rafael J. Wysocki) - PM: core: Remove unnecessary (void *) conversions (Li zeming) - drm/bridge: nxp-ptn3460: simplify some error checking (Dan Carpenter) - drm/tidss: Fix atomic_flush check (Tomi Valkeinen) - drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking (Dan Carpenter) - drm: Don't unref the same fb many times by mistake due to deadlock handling (Ville Syrjala) - gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04 (Mario Limonciello) - xfs: read only mounts with fsopen mount API are busted (Dave Chinner) - firmware: arm_scmi: Check mailbox/SMT channel for consistency (Cristian Marussi) - netfilter: nf_tables: reject QUEUE/DROP verdict parameters (Florian Westphal) - netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain (Pablo Neira Ayuso) - hv_netvsc: Calculate correct ring size when PAGE_SIZE is not 4 Kbytes (Michael Kelley) - wifi: iwlwifi: fix a memory corruption (Emmanuel Grumbach) - exec: Fix error handling in begin_new_exec() (Bernd Edlinger) - rbd: don't move requests to the running list on errors (Ilya Dryomov) - btrfs: don't abort filesystem when attempting to snapshot deleted subvolume (Omar Sandoval) - btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args (Qu Wenruo) - btrfs: don't warn if discard range is not aligned to sector (David Sterba) - btrfs: tree-checker: fix inline ref size in error messages (Chung-Chiang Cheng) - btrfs: ref-verify: free ref cache before clearing mount opt (Fedor Pchelkin) - btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot of subvolume being deleted (Omar Sandoval) - btrfs: fix race between reading a directory and adding entries to it (Filipe Manana) - btrfs: refresh dir last index during a rewinddir(3) call (Filipe Manana) - btrfs: set last dir index to the current last index when opening dir (Filipe Manana) - btrfs: fix infinite directory reads (Filipe Manana) - net: fec: fix the unhandled context fault from smmu (Shenwei Wang) - fjes: fix memleaks in fjes_hw_setup (Zhipeng Lu) - selftests: netdevsim: fix the udp_tunnel_nic test (Jakub Kicinski) - net: mvpp2: clear BM pool before initialization (Jenishkumar Maheshbhai Patel) - net: stmmac: Wait a bit for the reset to take effect (Bernd Edlinger) - netfilter: nf_tables: validate NFPROTO_* family (Pablo Neira Ayuso) - netfilter: nf_tables: restrict anonymous set and map names to 16 bytes (Florian Westphal) - netfilter: nft_limit: reject configurations that cause integer overflow (Florian Westphal) - overflow: Allow mixed type arguments (Kees Cook) - net/mlx5e: fix a potential double-free in fs_any_create_groups (Dinghao Liu) - net/mlx5e: fix a double-free in arfs_create_groups (Zhipeng Lu) - net/mlx5: DR, Can't go to uplink vport on RX rule (Yevgeny Kliteynik) - net/mlx5: DR, Use the right GVMI number for drop action (Yevgeny Kliteynik) - ipv6: init the accept_queue's spinlocks in inet6_create (Zhengchao Shao) - netlink: fix potential sleeping issue in mqueue_flush_file (Zhengchao Shao) - tcp: Add memory barrier to tcp_push() (Salvatore Dipietro) - afs: Hide silly-rename files from userspace (David Howells) - tracing: Ensure visibility when inserting an element into tracing_map (Petr Pavlu) - net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv (Sharath Srinivasan) - llc: Drop support for ETH_P_TR_802_2. (Kuniyuki Iwashima) - llc: make llc_ui_sendmsg() more robust against bonding changes (Eric Dumazet) - vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING (Lin Ma) - bnxt_en: Wait for FLR to complete during probe (Michael Chan) - tcp: make sure init the accept_queue's spinlocks once (Zhengchao Shao) - net/smc: fix illegal rmb_desc access in SMC-D connection dump (Wen Gu) - ksmbd: Add missing set_freezable() for freezable kthread (Namjae Jeon) - ksmbd: send lease break notification on FILE_RENAME_INFORMATION (Namjae Jeon) - ksmbd: don't increment epoch if current state and request state are same (Namjae Jeon) - ksmbd: fix potential circular locking issue in smb2_set_ea() (Namjae Jeon) - ksmbd: set v2 lease version on lease upgrade (Namjae Jeon) - rename(): fix the locking of subdirectories (Al Viro) - ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path (Zhihao Cheng) - nouveau/vmm: don't set addr on the fail path to avoid warning (Dave Airlie) - rtc: Adjust failure return code for cmos_set_alarm() (Mario Limonciello) - mmc: mmc_spi: remove custom DMA mapped buffers (Andy Shevchenko) - mmc: core: Use mrq.sbc in close-ended ffu (Avri Altman) - scripts/get_abi: fix source path leak (Vegard Nossum) - lsm: new security_file_ioctl_compat() hook (Alfred Piccioni) - arm64: dts: qcom: sdm845: fix USB DP/DM HS PHY interrupts (Johan Hovold) - arm64: dts: qcom: sm8150: fix USB wakeup interrupt types (Johan Hovold) - arm64: dts: qcom: sdm845: fix USB wakeup interrupt types (Johan Hovold) - arm64: dts: qcom: sc7180: fix USB wakeup interrupt types (Johan Hovold) - async: Introduce async_schedule_dev_nocall() (Rafael J. Wysocki) - async: Split async_schedule_node_domain() (Rafael J. Wysocki) - parisc/firmware: Fix F-extend for PDC addresses (Helge Deller) - bus: mhi: host: Add spinlock to protect WP access when queueing TREs (Bhaumik Bhatt) - bus: mhi: host: Drop chan lock before queuing buffers (Qiang Yu) - mips: Fix max_mapnr being uninitialized on early stages (Serge Semin) - media: ov9734: Enable runtime PM before registering async sub-device (Bingbu Cao) - rpmsg: virtio: Free driver_override when rpmsg_remove() (Xiaolei Wang) - media: imx355: Enable runtime PM before registering async sub-device (Bingbu Cao) - crypto: s390/aes - Fix buffer overread in CTR mode (Herbert Xu) - hwrng: core - Fix page fault dead lock on mmap-ed hwrng (Herbert Xu) - PM: hibernate: Enforce ordering during image compression/decompression (Hongchen Zhang) - crypto: api - Disallow identical driver names (Herbert Xu) - btrfs: sysfs: validate scrub_speed_max value (David Disseldorp) - ext4: allow for the last group to be marked as trimmed (Suraj Jitindar Singh) - iio:adc:ad7091r: Move exports into IIO_AD7091R namespace. (Jonathan Cameron) - scsi: ufs: core: Remove the ufshcd_hba_exit() call from ufshcd_async_scan() (Bart Van Assche) - scsi: ufs: core: Simplify power management during async scan (Bart Van Assche) - dmaengine: fix NULL pointer in channel unregistration function (Amelie Delaunay) - iio: adc: ad7091r: Enable internal vref if external vref is not supplied (Marcelo Schmitt) - iio: adc: ad7091r: Allow users to configure device events (Marcelo Schmitt) - iio: adc: ad7091r: Set alert bit in config register (Marcelo Schmitt) - ksmbd: only v2 leases handle the directory (Namjae Jeon) - ksmbd: fix UAF issue in ksmbd_tcp_new_connection() (Namjae Jeon) - ksmbd: validate mech token in session setup (Namjae Jeon) - ksmbd: don't allow O_TRUNC open on read-only share (Namjae Jeon) - ksmbd: free ppace array on error in parse_dacl (Fedor Pchelkin) - LTS version: v5.15.148 (Vijayendra Suman) - Revert 'Revert 'md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d'' (Song Liu) - arm64: dts: armada-3720-turris-mox: set irq type for RTC (Sjoerd Simons) - netfilter: nft_quota: copy content when cloning expression (Pablo Neira Ayuso) - netfilter: nft_last: copy content when cloning expression (Pablo Neira Ayuso) - netfilter: nft_limit: Clone packet limits' cost value (Phil Sutter) - netfilter: nft_limit: fix stateful object memory leak (Florian Westphal) - netfilter: nft_connlimit: memleak if nf_ct_netns_get() fails (Pablo Neira Ayuso) - netfilter: nf_tables: typo NULL check in _clone() function (Pablo Neira Ayuso) - block: Remove special-casing of compound pages (Matthew Wilcox (Oracle)) - i2c: s3c24xx: fix transferring more than one message in polling mode (Marek Szyprowski) - i2c: s3c24xx: fix read transfers in polling mode (Marek Szyprowski) - ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work (Nikita Zhandarovich) - selftests: mlxsw: qos_pfc: Adjust the test to support 8 lanes (Amit Cohen) - mlxsw: spectrum_acl_tcam: Fix stack corruption (Ido Schimmel) - mlxsw: spectrum_acl_erp: Fix error flow of pool allocation failure (Amit Cohen) - ethtool: netlink: Add missing ethnl_ops_begin/complete (Ludvig Parsson) - kdb: Fix a potential buffer overflow in kdb_local() (Christophe JAILLET) - ipvs: avoid stat macros calls from preemptible context (Fedor Pchelkin) - netfilter: nf_tables: reject NFT_SET_CONCAT with not field length description (Pablo Neira Ayuso) - netfilter: nf_tables: skip dead set elements in netlink dump (Pablo Neira Ayuso) - netfilter: nf_tables: do not allow mismatch field size and set key length (Pablo Neira Ayuso) - netfilter: nft_limit: do not ignore unsupported flags (Pablo Neira Ayuso) - netfilter: nf_tables: memcg accounting for dynamically allocated objects (Vasily Averin) - netfilter: nft_limit: move stateful fields out of expression data (Pablo Neira Ayuso) - netfilter: nft_limit: rename stateful structure (Pablo Neira Ayuso) - netfilter: nft_quota: move stateful fields out of expression data (Pablo Neira Ayuso) - netfilter: nft_last: move stateful fields out of expression data (Pablo Neira Ayuso) - netfilter: nft_connlimit: move stateful fields out of expression data (Pablo Neira Ayuso) - netfilter: nf_tables: reject invalid set policy (Pablo Neira Ayuso) - net: dsa: vsc73xx: Add null pointer check to vsc73xx_gpio_probe (Kunwu Chan) - bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS (Hao Sun) - net: stmmac: ethtool: Fixed calltrace caused by unbalanced disable_irq_wake calls (Qiang Ma) - net: ravb: Fix dma_addr_t truncation in error case (Nikita Yushchenko) - mptcp: use OPTION_MPTCP_MPJ_SYN in subflow_check_req() (Eric Dumazet) - mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() (Eric Dumazet) - mptcp: strict validation before using mp_opt->hmac (Eric Dumazet) - mptcp: drop unused sk in mptcp_get_options (Geliang Tang) - mptcp: mptcp_parse_option() fix for MPTCPOPT_MP_JOIN (Eric Dumazet) - net: phy: micrel: populate .soft_reset for KSZ9131 (Claudiu Beznea) - net: ethernet: ti: am65-cpsw: Fix max mtu to fit ethernet frames (Sanjuan Garcia, Jorge) - net: qualcomm: rmnet: fix global oob in rmnet_policy (Lin Ma) - s390/pci: fix max size calculation in zpci_memcpy_toio() (Niklas Schnelle) - PCI: keystone: Fix race condition when initializing PHYs (Siddharth Vadapalli) - nvmet-tcp: Fix the H2C expected PDU len calculation (Maurizio Lombardi) - nvmet: re-fix tracing strncpy() warning (Arnd Bergmann) - serial: imx: Correct clock error message in function probe() (Christoph Niedermaier) - usb: xhci-mtk: fix a short packet issue of gen1 isoc-in transfer (Chunfeng Yun) - apparmor: avoid crash when parsed profile name is empty (Fedor Pchelkin) - perf env: Avoid recursively taking env->bpf_progs.lock (Ian Rogers) - nvmet-tcp: fix a crash in nvmet_req_complete() (Maurizio Lombardi) - nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length (Maurizio Lombardi) - usb: cdc-acm: return correct error code on unsupported break (Oliver Neukum) - tty: use 'if' in send_break() instead of 'goto' (Jiri Slaby (SUSE)) - tty: don't check for signal_pending() in send_break() (Jiri Slaby (SUSE)) - tty: early return from send_break() on TTY_DRIVER_HARDWARE_BREAK (Jiri Slaby (SUSE)) - tty: change tty_write_lock()'s ndelay parameter to bool (Jiri Slaby (SUSE)) - perf genelf: Set ELF program header addresses properly (Namhyung Kim) - iio: adc: ad9467: fix scale setting (Nuno Sa) - iio: adc: ad9467: don't ignore error codes (Nuno Sa) - iio: adc: ad9467: fix reset gpio handling (Nuno Sa) - iio: adc: ad9467: Benefit from devm_clk_get_enabled() to simplify (Uwe Kleine-Konig) - selftests/sgx: Skip non X86_64 platform (Zhao Mengmeng) - selftests/sgx: Fix uninitialized pointer dereference in error path (Jo Van Bulck) - serial: imx: fix tx statemachine deadlock (Paul Geurts) - software node: Let args be NULL in software_node_get_reference_args (Sakari Ailus) - libapi: Add missing linux/types.h header to get the __u64 type on io.h (Arnaldo Carvalho de Melo) - serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed (Uwe Kleine-Konig) - power: supply: bq256xx: fix some problem in bq256xx_hw_init (Su Hui) - power: supply: cw2015: correct time_to_empty units in sysfs (Jan Palus) - MIPS: Alchemy: Fix an out-of-bound access in db1550_dev_setup() (Christophe JAILLET) - MIPS: Alchemy: Fix an out-of-bound access in db1200_dev_setup() (Christophe JAILLET) - riscv: Fix module_alloc() that did not reset the linear mapping permissions (Alexandre Ghiti) - riscv: Check if the code to patch lies in the exit section (Alexandre Ghiti) - mips: Fix incorrect max_low_pfn adjustment (Serge Semin) - mips: dmi: Fix early remap on MIPS32 (Serge Semin) - mfd: intel-lpss: Fix the fractional clock divider flags (Andy Shevchenko) - leds: aw2013: Select missing dependency REGMAP_I2C (Dang Huynh) - mfd: syscon: Fix null pointer dereference in of_syscon_register() (Kunwu Chan) - ARM: 9330/1: davinci: also select PINCTRL (Randy Dunlap) - iommu/dma: Trace bounce buffer usage when mapping buffers (Isaac J. Manjarres) - serial: sc16is7xx: set safe default SPI clock frequency (Hugo Villeneuve) - serial: sc16is7xx: add check for unsupported SPI modes during probe (Hugo Villeneuve) - HID: wacom: Correct behavior when processing some confidence == false touches (Jason Gerecke) - iio: adc: ad7091r: Pass iio_dev to event handler (Marcelo Schmitt) - KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache (Oliver Upton) - KVM: arm64: vgic-v4: Restore pending state on host userspace write (Marc Zyngier) - x86/kvm: Do not try to disable kvmclock if it was not enabled (Kirill A. Shutemov) - PCI: mediatek: Clear interrupt status before dispatching handler (qizhong cheng) - PCI: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support (Niklas Cassel) - wifi: mwifiex: configure BSSID consistently when starting AP (David Lin) - wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors (Ilpo Jarvinen) - wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable code (Ilpo Jarvinen) - wifi: mt76: fix broken precal loading from MTD for mt7915 (Christian Marangi) - iommu/arm-smmu-qcom: Add missing GMU entry to match table (Rob Clark) - bpf: Fix re-attachment branch in bpf_tracing_prog_attach (Jiri Olsa) - Bluetooth: Fix atomicity violation in {min,max}_key_size_set (Gui-Dong Han) - rootfs: Fix support for rootfstype= when root= is given (Stefan Berger) - io_uring/rw: ensure io->bytes_done is always initialized (Jens Axboe) - pwm: jz4740: Don't use dev_err_probe() in .request() (Uwe Kleine-Konig) - block: add check that partition length needs to be aligned with block size (Min Li) - scsi: mpi3mr: Refresh sdev queue depth after controller reset (Chandrakanth patil) - fbdev: flush deferred work in fb_deferred_io_fsync() (Nam Cao) - ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq2xxx (Caghan Demir) - ALSA: oxygen: Fix right channel of capture volume mixer (Takashi Iwai) - serial: imx: Ensure that imx_uart_rs485_config() is called with enabled clock (Christoph Niedermaier) - usb: mon: Fix atomicity violation in mon_bin_vma_fault (Gui-Dong Han) - usb: typec: class: fix typec_altmode_put_partner to put plugs (RD Babiera) - Revert 'usb: typec: class: fix typec_altmode_put_partner to put plugs' (Heikki Krogerus) - usb: cdns3: Fix uvc fail when DMA cross 4k boundery since sg enabled (Frank Li) - usb: cdns3: fix iso transfer error when mult is not zero (Frank Li) - usb: cdns3: fix uvc failure work since sg support enabled (Frank Li) - usb: chipidea: wait controller resume finished for wakeup irq (Xu Yang) - Revert 'usb: dwc3: don't reset device side if dwc3 was configured as host-only' (Thinh Nguyen) - Revert 'usb: dwc3: Soft reset phy on probe for host' (Thinh Nguyen) - usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart (Uttkarsh Aggarwal) - usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host() (Xu Yang) - tick-sched: Fix idle and iowait sleeptime accounting vs CPU hotplug (Heiko Carstens) - binder: fix race between mmput() and do_exit() (Carlos Llamas) - xen-netback: don't produce zero-size SKB frags (Jan Beulich) - virtio-crypto: fix memory leak in virtio_crypto_alg_skcipher_close_session() (Wei Yongjun) - dma-mapping: Fix build error unused-value (Ren Zhijie) - Input: atkbd - use ab83 as id when skipping the getid command (Hans de Goede) - binder: fix unused alloc->free_async_space (Carlos Llamas) - binder: fix async space check for 0-sized buffers (Carlos Llamas) - selftests/bpf: Add assert for user stacks in test_task_stack (Jordan Rome) - of: unittest: Fix of_count_phandle_with_args() expected value message (Geert Uytterhoeven) - of: Fix double free in of_parse_phandle_with_args_map (Christian A. Ehrhardt) - ksmbd: validate the zero field of packet header (Li Nan) - drm/amd/pm/smu7: fix a memleak in smu7_hwmgr_backend_init (Zhipeng Lu) - IB/iser: Prevent invalidating wrong MR (Sergey Gorenko) - mmc: sdhci_omap: Fix TI SoC dependencies (Peter Robinson) - mmc: sdhci_am654: Fix TI SoC dependencies (Peter Robinson) - ALSA: scarlett2: Add clamp() in scarlett2_mixer_ctl_put() (Geoffrey D. Bennett) - ALSA: scarlett2: Add missing error checks to *_ctl_get() (Geoffrey D. Bennett) - ALSA: scarlett2: Allow passing any output to line_out_remap() (Geoffrey D. Bennett) - ALSA: scarlett2: Add missing error check to scarlett2_usb_set_config() (Geoffrey D. Bennett) - ALSA: scarlett2: Add missing error check to scarlett2_config_save() (Geoffrey D. Bennett) - ASoC: rt5645: Drop double EF20 entry from dmi_platform_data[] (Hans de Goede) - pwm: stm32: Fix enable count for clk in .probe() (Philipp Zabel) - pwm: stm32: Use hweight32 in stm32_pwm_detect_channels (Philipp Zabel) - pwm: stm32: Use regmap_clear_bits and regmap_set_bits where applicable (Uwe Kleine-Konig) - clk: fixed-rate: fix clk_hw_register_fixed_rate_with_accuracy_parent_hw (Theo Lebrun) - clk: fixed-rate: add devm_clk_hw_register_fixed_rate (Dmitry Baryshkov) - clk: asm9260: use parent index to link the reference clock (Dmitry Baryshkov) - clk: si5341: fix an error code problem in si5341_output_clk_set_rate (Su Hui) - watchdog: rti_wdt: Drop runtime pm reference count when watchdog is unused (Vignesh Raghavendra) - watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling (Stefan Wahren) - watchdog/hpwdt: Only claim UNKNOWN NMI if from iLO (Jerry Hoemann) - watchdog: set cdev owner before adding (Curtis Klein) - drivers: clk: zynqmp: update divider round rate logic (Jay Buddhabhatti) - clk: zynqmp: Add a check for NULL pointer (Shubhrajyoti Datta) - clk: zynqmp: make bestdiv unsigned (Shubhrajyoti Datta) - drivers: clk: zynqmp: calculate closest mux rate (Jay Buddhabhatti) - clk: qcom: videocc-sm8150: Add missing PLL config property (Satya Priya Kakitapalli) - clk: qcom: videocc-sm8150: Update the videocc resets (Satya Priya Kakitapalli) - dt-bindings: clock: Update the videocc resets for sm8150 (Satya Priya Kakitapalli) - gpu/drm/radeon: fix two memleaks in radeon_vm_init (Zhipeng Lu) - drivers/amd/pm: fix a use-after-free in kv_parse_power_table (Zhipeng Lu) - drm/amd/pm: fix a double-free in si_dpm_init (Zhipeng Lu) - drm/amdgpu/debugfs: fix error code when smc register accessors are NULL (Alex Deucher) - media: dvb-frontends: m88ds3103: Fix a memory leak in an error handling path of m88ds3103_probe() (Christophe JAILLET) - media: dvbdev: drop refcount on error path in dvb_device_open() (Dan Carpenter) - f2fs: fix the f2fs_file_write_iter tracepoint (Eric Biggers) - f2fs: fix to update iostat correctly in f2fs_filemap_fault() (Chao Yu) - f2fs: fix to check compress file in f2fs_move_file_range() (Chao Yu) - media: rkisp1: Disable runtime PM in probe error path (Laurent Pinchart) - clk: qcom: gpucc-sm8150: Update the gpu_cc_pll1 config (Satya Priya Kakitapalli) - media: cx231xx: fix a memleak in cx231xx_init_isoc (Zhipeng Lu) - drm/bridge: tc358767: Fix return value on error case (Tomi Valkeinen) - drm/bridge: cdns-mhdp8546: Fix use of uninitialized variable (Tomi Valkeinen) - drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table (Zhipeng Lu) - drm/radeon/dpm: fix a memleak in sumo_parse_power_table (Zhipeng Lu) - drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() (Yang Yingliang) - drm/drv: propagate errors from drm_modeset_register_all() (Dmitry Baryshkov) - drm/msm/dsi: Use pm_runtime_resume_and_get to prevent refcnt leaks (Konrad Dybcio) - drm/msm/mdp4: flush vblank event on disable (Dmitry Baryshkov) - ASoC: cs35l34: Fix GPIO name and drop legacy include (Linus Walleij) - ASoC: cs35l33: Fix GPIO name and drop legacy include (Linus Walleij) - drm/radeon: check return value of radeon_ring_lock() (Nikita Zhandarovich) - drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check() (Nikita Zhandarovich) - drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg() (Nikita Zhandarovich) - f2fs: fix to avoid dirent corruption (Chao Yu) - drm/bridge: Fix typo in post_disable() description (Dario Binacchi) - media: pvrusb2: fix use after free on context disconnection (Ricardo B. Marliere) - drm/tilcdc: Fix irq free on unload (Tomi Valkeinen) - drm/bridge: tpd12s015: Drop buggy __exit annotation for remove function (Uwe Kleine-Konig) - drm/nouveau/fence:: fix warning directly dereferencing a rcu pointer (Abhinav Singh) - drm/panel-elida-kd35t133: hold panel in reset for unprepare (Chris Morgan) - RDMA/hns: Fix inappropriate err code for unsupported operations (Junxian Huang) - RDMA/usnic: Silence uninitialized symbol smatch warnings (Leon Romanovsky) - Revert 'drm/omapdrm: Annotate dma-fence critical section in commit path' (Tomi Valkeinen) - Revert 'drm/tidss: Annotate dma-fence critical section in commit path' (Tomi Valkeinen) - ARM: davinci: always select CONFIG_CPU_ARM926T (Arnd Bergmann) - ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (Eric Dumazet) - mlxbf_gige: Enable the GigE port in mlxbf_gige_open (Asmaa Mnebhi) - mlxbf_gige: Fix intermittent no ip issue (Asmaa Mnebhi) - net/sched: act_ct: fix skb leak and crash on ooo frags (Tao Liu) - null_blk: don't cap max_hw_sectors to BLK_DEF_MAX_SECTORS (Christoph Hellwig) - block: make BLK_DEF_MAX_SECTORS unsigned (Keith Busch) - Bluetooth: btmtkuart: fix recv_buf() return value (Francesco Dolcini) - Bluetooth: Fix bogus check for re-auth no supported with non-ssp (Luiz Augusto von Dentz) - netfilter: nf_tables: mark newset as dead on transaction abort (Florian Westphal) - wifi: iwlwifi: mvm: send TX path flush in rfkill (Johannes Berg) - wifi: iwlwifi: mvm: set siso/mimo chains to 1 in FW SMPS request (Johannes Berg) - wifi: rtlwifi: rtl8192se: using calculate_bit_shift() (Su Hui) - wifi: rtlwifi: rtl8192ee: using calculate_bit_shift() (Su Hui) - wifi: rtlwifi: rtl8192de: using calculate_bit_shift() (Su Hui) - wifi: rtlwifi: rtl8192ce: using calculate_bit_shift() (Su Hui) - wifi: rtlwifi: rtl8192cu: using calculate_bit_shift() (Su Hui) - wifi: rtlwifi: rtl8192c: using calculate_bit_shift() (Su Hui) - wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift() (Su Hui) - wifi: rtlwifi: add calculate_bit_shift() (Su Hui) - arm64: dts: qcom: sc7280: Mark SDHCI hosts as cache-coherent (Konrad Dybcio) - block: add check of 'minors' and 'first_minor' in device_add_disk() (Li Nan) - arm64: dts: qcom: sm8150-hdk: fix SS USB regulators (Dmitry Baryshkov) - soc: qcom: llcc: Fix dis_cap_alloc and retain_on_pc configuration (Atul Dhudase) - dma-mapping: clear dev->dma_mem to NULL after freeing it (Joakim Zhang) - dma-mapping: Add dma_release_coherent_memory to DMA API (Mark-PK Tsai) - virtio/vsock: fix logic which reduces credit update messages (Arseniy Krasnov) - selftests/net: fix grep checking for fib_nexthop_multiprefix (Hangbin Liu) - scsi: hisi_sas: Correct the number of global debugfs registers (Yihang Li) - scsi: hisi_sas: Rollback some operations if FLR failed (Yihang Li) - scsi: hisi_sas: Replace with standard error code return value (Yihang Li) - scsi: hisi_sas: Prevent parallel FLR and controller reset (Qi Liu) - scsi: hisi_sas: Rename HISI_SAS_{RESET -> RESETTING}_BIT (Luo Jiaxing) - block: Set memalloc_noio to false on device_add_disk() error path (Li Nan) - bpf: Fix verification of indirect var-off stack access (Andrei Matei) - arm64: dts: qcom: sc7280: fix usb_2 wakeup interrupt types (Johan Hovold) - arm64: dts: qcom: sdm845-db845c: correct LED panic indicator (Krzysztof Kozlowski) - arm64: dts: qcom: qrb5165-rb5: correct LED panic indicator (Krzysztof Kozlowski) - scsi: fnic: Return error if vmalloc() failed (Artem Chernyshev) - bpf: fix check for attempt to corrupt spilled pointer (Andrii Nakryiko) - arm64: dts: qcom: sm8250: Make watchdog bark interrupt edge triggered (Douglas Anderson) - arm64: dts: qcom: sm8150: Make watchdog bark interrupt edge triggered (Douglas Anderson) - arm64: dts: qcom: sdm845: Make watchdog bark interrupt edge triggered (Douglas Anderson) - arm64: dts: qcom: sc7280: Make watchdog bark interrupt edge triggered (Douglas Anderson) - arm64: dts: qcom: sc7180: Make watchdog bark interrupt edge triggered (Douglas Anderson) - ARM: dts: qcom: sdx65: correct SPMI node name (Krzysztof Kozlowski) - bpf: enforce precision of R0 on callback return (Andrii Nakryiko) - arm64: dts: ti: k3-am65-main: Fix DSS irq trigger type (Tomi Valkeinen) - wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift behavior (Su Hui) - firmware: meson_sm: populate platform devices from sm device tree data (Dmitry Rokosov) - firmware: ti_sci: Fix an off-by-one in ti_sci_debugfs_create() (Christophe JAILLET) - net/ncsi: Fix netlink major/minor version numbers (Peter Delevoryas) - ARM: dts: qcom: apq8064: correct XOADC register address (Dmitry Baryshkov) - wifi: libertas: stop selecting wext (Arnd Bergmann) - wifi: ath11k: Defer on rproc_get failure (Luca Weiss) - bpf: Add crosstask check to __bpf_get_stack (Jordan Rome) - bpf, lpm: Fix check prefixlen before walking trie (Florian Lehner) - wifi: rtw88: fix RX filter in FIF_ALLMULTI flag (Chih-Kang Chang) - NFSv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT (Trond Myklebust) - blocklayoutdriver: Fix reference leak of pnfs_device_node (Benjamin Coddington) - crypto: scomp - fix req->dst buffer overflow (Chengming Zhou) - crypto: sahara - do not resize req->src when doing hash operations (Ovidiu Panait) - crypto: sahara - fix processing hash requests with req->nbytes < sg->length (Ovidiu Panait) - crypto: sahara - improve error handling in sahara_sha_process() (Ovidiu Panait) - crypto: sahara - fix wait_for_completion_timeout() error handling (Ovidiu Panait) - crypto: sahara - fix ahash reqsize (Ovidiu Panait) - crypto: sahara - handle zero-length aes requests (Ovidiu Panait) - crypto: sahara - avoid skcipher fallback code duplication (Ovidiu Panait) - crypto: virtio - Wait for tasklet to complete on device remove (wangyangxin) - gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump (Osama Muhammad) - fs: indicate request originates from old mount API (Christian Brauner) - pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() (Sergey Shtylyov) - crypto: sahara - fix error handling in sahara_hw_descriptor_create() (Ovidiu Panait) - crypto: sahara - fix processing requests with cryptlen < sg->length (Ovidiu Panait) - crypto: sahara - fix ahash selftest failure (Ovidiu Panait) - crypto: sahara - fix cbc selftest failure (Ovidiu Panait) - crypto: sahara - remove FLAGS_NEW_KEY logic (Ovidiu Panait) - crypto: af_alg - Disallow multiple in-flight AIO requests (Herbert Xu) - crypto: ccp - fix memleak in ccp_init_dm_workarea (Dinghao Liu) - crypto: sa2ul - Return crypto_aead_setkey to transfer the error (Chen Ni) - crypto: virtio - Handle dataq logic with tasklet (Gonglei (Arei)) - selinux: Fix error priority for bind with AF_UNSPEC on PF_INET6 socket (Mickael Salaun) - mtd: Fix gluebi NULL pointer dereference caused by ftl notifier (ZhaoLong Wang) - kunit: debugfs: Fix unchecked dereference in debugfs_print_results() (Richard Fitzgerald) - ACPI: extlog: Clear Extended Error Log status when RAS_CEC handled the error (Tony Luck) - ACPI: LPSS: Fix the fractional clock divider flags (Andy Shevchenko) - spi: sh-msiof: Enforce fixed DTDL for R-Car H3 (Wolfram Sang) - efivarfs: force RO when remounting if SetVariable is not supported (Ilias Apalodimas) - calipso: fix memory leak in netlbl_calipso_add_pass() (Gavrilov Ilia) - cpufreq: scmi: process the result of devm_of_clk_add_hw_provider() (Alexandra Diupina) - cpufreq: Use of_property_present() for testing DT property presence (Rob Herring) - of: Add of_property_present() helper (Rob Herring) - of: property: define of_property_read_u{8,16,32,64}_array() unconditionally (Michael Walle) - ACPI: LPIT: Avoid u32 multiplication overflow (Nikita Kiryushin) - ACPI: video: check for error while searching for backlight device parent (Nikita Kiryushin) - mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller response (Ronald Monthero) - spi: spi-zynqmp-gqspi: fix driver kconfig dependencies (Amit Kumar Mahapatra) - powerpc/imc-pmu: Add a null pointer check in update_events_in_group() (Kunwu Chan) - powerpc/powernv: Add a null pointer check in opal_powercap_init() (Kunwu Chan) - powerpc/powernv: Add a null pointer check in opal_event_init() (Kunwu Chan) - powerpc/powernv: Add a null pointer check to scom_debug_init_one() (Kunwu Chan) - selftests/powerpc: Fix error handling in FPU/VMX preemption tests (Michael Ellerman) - powerpc/pseries/memhp: Fix access beyond end of drmem array (Nathan Lynch) - powerpc/44x: select I2C for CURRITUCK (Randy Dunlap) - powerpc: add crtsavres.o to always-y instead of extra-y (Masahiro Yamada) - powerpc: remove checks for binutils older than 2.25 (Masahiro Yamada) - powerpc/toc: Future proof kernel toc (Alan Modra) - powerpc: Mark .opd section read-only (Christophe Leroy) - EDAC/thunderx: Fix possible out-of-bounds string access (Arnd Bergmann) - x86/lib: Fix overflow when counting digits (Colin Ian King) - coresight: etm4x: Fix width of CCITMIN field (James Clark) - PCI: Add ACS quirk for more Zhaoxin Root Ports (LeoLiuoc) - leds: ledtrig-tty: Free allocated ttyname buffer on deactivate (Florian Eckert) - parport: parport_serial: Add Brainboxes device IDs and geometry (Cameron Williams) - parport: parport_serial: Add Brainboxes BAR details (Cameron Williams) - uio: Fix use-after-free in uio_open (Guanghui Feng) - binder: fix comment on binder_alloc_new_buf() return value (Carlos Llamas) - binder: fix trivial typo of binder_free_buf_locked() (Carlos Llamas) - binder: fix use-after-free in shinker's callback (Carlos Llamas) - binder: use EPOLLERR from eventpoll.h (Carlos Llamas) - kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list (Masami Hiramatsu (Google)) - bpf: Add --skip_encoding_btf_inconsistent_proto, --btf_gen_optimized to pahole flags for v1.25 (Alan Maguire) - Revert 'ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek' (Greg Kroah-Hartman) - ACPI: resource: Add another DMI match for the TongFang GMxXGxx (Hans de Goede) - drm/crtc: fix uninitialized variable use (Jani Nikula) - ARM: sun9i: smp: fix return code check of of_property_match_string (Stefan Wahren) - net: qrtr: ns: Return 0 if server port is not present (Sarannya S) - ida: Fix crash in ida_free when the bitmap is empty (Matthew Wilcox (Oracle)) - i2c: rk3x: fix potential spinlock recursion on poll (Jensen Huang) - ASoC: Intel: bytcr_rt5640: Add quirk for the Medion Lifetab S10346 (Hans de Goede) - Input: xpad - add Razer Wolverine V2 support (Luca Weiss) - wifi: iwlwifi: pcie: avoid a NULL pointer dereference (Avraham Stern) - ARC: fix spare error (Vineet Gupta) - s390/scm: fix virtual vs physical address confusion (Vineeth Vijayan) - Input: i8042 - add nomux quirk for Acer P459-G2-M (Esther Shimanovich) - Input: atkbd - skip ATKBD_CMD_GETID in translated mode (Hans de Goede) - reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning (Krzysztof Kozlowski) - ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI (Steven Rostedt (Google)) - tracing: Fix uaf issue when open the hist or hist_debug file (Zheng Yejian) - MIPS: dts: loongson: drop incorrect dwmac fallback compatible (Krzysztof Kozlowski) - stmmac: dwmac-loongson: drop useless check for compatible fallback (Krzysztof Kozlowski) - tracing: Add size check when printing trace_marker output (Steven Rostedt (Google)) - tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing (Steven Rostedt (Google)) - jbd2: fix soft lockup in journal_finish_inode_data_buffers() (Ye Bin) - platform/x86: intel-vbtn: Fix missing tablet-mode-switch events (Hans de Goede) - neighbour: Don't let neigh_forced_gc() disable preemption for long (Judy Hsiao) - drm/crtc: Fix uninit-value bug in drm_mode_setcrtc (Ziqi Zhao) - jbd2: correct the printing of write_flags in jbd2_write_superblock() (Zhang Yi) - clk: rockchip: rk3128: Fix HCLK_OTG gate register (Weihao Li) - hwmon: (corsair-psu) Fix probe when built-in (Armin Wolf) - drm/exynos: fix a wrong error checking (Inki Dae) - drm/exynos: fix a potential error pointer dereference (Xiang Yang) - drm/amdgpu: Add NULL checks for function pointers (Lijo Lazar) - nvme: introduce helper function to get ctrl state (Keith Busch) - ASoC: ops: add correct range check for limiting volume (Srinivas Kandagatla) - ASoC: da7219: Support low DC impedance headset (David Rau) - net/tg3: fix race condition in tg3_reset_task() (Thinh Tran) - nouveau/tu102: flush all pdbs on vmm flush (Dave Airlie) - ASoC: rt5650: add mutex to avoid the jack detection failure (Shuming Fan) - ASoC: cs43130: Fix incorrect frame delay configuration (Maciej Strozek) - ASoC: cs43130: Fix the position of const qualifier (Maciej Strozek) - ASoC: Intel: Skylake: mem leak in skl register function (Kamil Duljas) - ASoC: nau8822: Fix incorrect type in assignment and cast to restricted __be16 (David Lin) - ASoC: Intel: Skylake: Fix mem leak in few functions (Kamil Duljas) - ASoC: wm8974: Correct boost mixer inputs (Charles Keepax) - nvme-core: check for too small lba shift (Keith Busch) - drm/amdgpu: Fix cat debugfs amdgpu_regs_didt causes kernel null pointer (Lu Yao) - debugfs: fix automount d_fsdata usage (Johannes Berg) - wifi: cfg80211: lock wiphy mutex for rfkill poll (Johannes Berg) - mptcp: fix uninit-value in mptcp_incoming_options (Edward Adam Davis) - ALSA: hda - Fix speaker and headset mic pin config for CHUWI CoreBook XPro (Vasiliy Kovalev) - pinctrl: lochnagar: Don't build on MIPS (Charles Keepax) - f2fs: explicitly null-terminate the xattr list (Eric Biggers) [5.15.0-205.147.1] - mm: avoid conflict between MADV_DOEXEC and upstream advice values (Anthony Yznaga) [Orabug: 36334308] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-26679 CVE-2024-2201 cpe:/a:oracle:linux:8::UEKR7 cpe:/a:oracle:linux:9::distro_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:linux:9::UEKR7 cpe:/o:oracle:linux:9:4:baseos_base Oracle Linux 9 [3.7.6-23.4_fips] - Add FIPS package change: add fips suffix to Release and set Epoch to 10 [Orabug: 35925409] - Update FIPS module name for Oracle Linux [Orabug: 35925409] - Verify salt length and iteration count for PBKDF [Orabug: 35925409] [3.7.6-23.4] - Fix timing side-channel in deterministic ECDSA (RHEL-28958) - Fix potential crash during chain building/verification (RHEL-28953) [3.7.6-23.3] - x509: detect loop in certificate chain (RHEL-21759) - fips: Zeroize temporary values in integrity check (RHEL-21870) [3.7.6-23.2] - auth/rsa_psk: minimize branching after decryption [3.7.6-23.1] - auth/rsa_psk: side-step potential side-channel (RHEL-16755) [3.7.6-23] - Mark SHA-1 signature verification non-approved in FIPS (#2102751) [3.7.6-22] - Skip KTLS test on old kernel if host and target arches are different MODERATE Copyright 2024 Oracle, Inc. CVE-2024-0553 CVE-2024-28835 CVE-2024-0567 CVE-2024-28834 CVE-2023-5981 cpe:/a:oracle:linux:9::u3_security_validation Oracle Linux 9 [3.90.0-6_fips] - Add FIPS package change: add fips suffix to Release and set Epoch to 10 [Orabug: 35862190] - Update FIPS module name for Oracle Linux [Orabug: 35862190] [3.90.0-6] - Fix ecc DER wrapping. [3.90.0-5] - Pick up validated constant time implementations of p256, p384, and p521 from upsream - More Fips indicator changes [3.90.0-4] - FIPS review changes - add PORT_SafeZero to avoid compiler optimizing a way zeroing memory. - update the indicators for this release - allow hashing of longer than int32 values in a single PKCS #11 call. [3.90.0-3.3] - Fix expired certs in tests - Fix CVE-2023-5388 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-6135 cpe:/a:oracle:linux:9::u3_security_validation Oracle Linux 9 cri-o [1.26.4-2] - Address CVE-2024-24786 cri-tools [1.26.1-5] - Address CVE-2024-24786 etcd [3.5.10-3] - Address protobuf [CVE-2024-24786] [3.5.10-1] - Added Oracle specific build files istio [1.17.8-3] - Address protobuf [CVE-2024-24786] - Backport from 1.19.7 to address CVE-2024-23322, CVE-2024-23323, CVE-2024-23324, CVE-2024-23325, CVE-2024-23327 kubernetes [1.26.15-1] - Added Oracle specific build files for Kubernetes olcne [1.7.7-2] - Fixed unable to deploy new module(s) using config file containing already existing modules - Update Istio-1.17.8 to address CVE-2024-24786, CVE-2024-23322, CVE-2024-23323, CVE-2024-23324, CVE-2024-23325, CVE-2024-23327 - Update Kubernetes-1.26.15 and components to address CVE-2024-24786 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-23327 CVE-2024-24786 cpe:/a:oracle:linux:9::olcne19 cpe:/a:oracle:linux:9::olcne18 cpe:/a:oracle:linux:9::olcne17 Oracle Linux 9 [3.8.3-4_fips] - Add FIPS package change: add fips suffix to Release and set Epoch to 10 [Orabug: 35925409] - Update FIPS module name for Oracle Linux [Orabug: 35925409] [3.8.3-4] - Bump release to ensure el9 package is greater than el9_* packages [3.8.3-3] - Bump release to ensure el9 package is greater than el9_* packages [3.8.3-2] - Fix timing side-channel in deterministic ECDSA (RHEL-28959) - Fix potential crash during chain building/verification (RHEL-28954) [3.8.3-1] - Update to gnutls 3.8.3 (RHEL-14891) [3.8.2-3] - Skip KTLS test exercising ChaCha20-Poly1305 in TLS 1.3 as well (RHEL-18498) [3.8.2-2] - Bump nettle dependency to 3.9.1 - Skip KTLS test exercising ChaCha20-Poly1305 in TLS 1.2 (RHEL-18498) [3.8.2-1] - Update to gnutls 3.8.2 (RHEL-14891) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-28834 CVE-2024-28835 cpe:/a:oracle:linux:9::u3_security_validation Oracle Linux 8 Oracle Linux 9 [5.15.0-206.153.7] - mmc: core: Initialize mmc_blk_ioc_data (Mikko Rapeli) - ahci: asm1064: asm1166: don't limit reported ports (Conrad Kostecki) - mmc: core: Fix switch on gp3 partition (Dominique Martinet) - Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory (Michael Kelley) - bpf: Protect against int overflow for stack access size (Andrei Matei) - fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion (Bart Van Assche) - module: fix init_module_from_file() error handling (Linus Torvalds) [Orabug: 36381490] - modules: catch concurrent module loads, treat them as idempotent (Linus Torvalds) [Orabug: 36381490] - module: split up 'finit_module()' into init_module_from_file() helper (Linus Torvalds) [Orabug: 36381490] - module: avoid allocation if module is already present and ready (Luis Chamberlain) [Orabug: 36381490] - module: extract patient module check into helper (Luis Chamberlain) [Orabug: 36381490] - module: move early sanity checks into a helper (Luis Chamberlain) [Orabug: 36381490] - module: Move all into module/ (Aaron Tomlin) [Orabug: 36381490] - fbdev: fix incorrect address computation in deferred IO (Nam Cao) [Orabug: 36427407] - io_uring: ensure '0' is returned on file registration success (Jens Axboe) [Orabug: 36544518] - io_uring: don't save/restore iowait state (Jens Axboe) [Orabug: 36544518] - io_uring: drop any code related to SCM_RIGHTS (Jens Axboe) [Orabug: 36544518] - io_uring/unix: drop usage of io_uring socket (Jens Axboe) [Orabug: 36544518] - Revert 'selftests: mm: fix map_hugetlb failure on 64K page size systems' (Harshit Mogalapalli) [Orabug: 36585256] - genirq/cpuhotplug: Retry with cpu_online_mask when migration fails (Dongli Zhang) [Orabug: 36591489] - rds: Add garbage collection for receive ready cache (Hans Westgaard Ry) [Orabug: 36382723] - exec, elf: ignore malformed note segments (Anthony Yznaga) [Orabug: 36524976] - vfio/pds: Refactor/simplify reset logic (Brett Creeley) [Orabug: 36525705] - vfio/pds: Make sure migration file isn't accessed after reset (Brett Creeley) [Orabug: 36525705] - vfio/pds: Always clear the save/restore FDs on reset (Brett Creeley) [Orabug: 36525705] - vfio/pds: Move seq/ack bitmaps into region struct (Brett Creeley) [Orabug: 36525705] - vfio/pds: Pass region info to relevant functions (Brett Creeley) [Orabug: 36525705] - vfio/pds: Move and rename region specific info (Brett Creeley) [Orabug: 36525705] - vfio/pds: Only use a single SGL for both seq and ack (Brett Creeley) [Orabug: 36525705] - vfio/pds: Fix calculations in pds_vfio_dirty_sync (Brett Creeley) [Orabug: 36525705] - vfio/pds: Fix possible sleep while in atomic context (Brett Creeley) [Orabug: 36525705] - vfio/pds: Fix mutex lock->magic != lock warning (Brett Creeley) [Orabug: 36525705] - RDMA/cm: Print the old state when cm_destroy_id gets timeout (Mark Zhang) [Orabug: 36546711] - igb: free up irq resources in device shutdown path. (Imran Khan) [Orabug: 36547249] - net: rds: use maybe_get_net() when acquiring refcount on TCP sockets (Tetsuo Handa) [Orabug: 34695506] - net: rds: acquire refcount on TCP sockets (Tetsuo Handa) [Orabug: 34695506] - net: make sock_inuse_add() available (Eric Dumazet) [Orabug: 34695506] - rds: Optimize rds_cfu_cache_do_gc (Hans Westgaard Ry) [Orabug: 36195145] - rds: Optimize rds_percpu_caches garbage-collection (Hans Westgaard Ry) [Orabug: 36195145] - rds: Add lfstack_pop_all (Hans Westgaard Ry) [Orabug: 36195145] - KVM: arm64: Avoid soft lockups due to I-cache maintenance (Oliver Upton) [Orabug: 36227024] - KVM: arm64: Drop is_kernel_in_hyp_mode() from __invalidate_icache_guest_page() (Marc Zyngier) [Orabug: 36227024] - arm64: tlbflush: Rename MAX_TLBI_OPS (Oliver Upton) [Orabug: 36227024] - uek-rpm: aarch64: Build the ampere-cspmu driver (Dave Kleikamp) [Orabug: 36227024] - perf: arm_cspmu: Reject events meant for other PMUs (Ilkka Koskinen) [Orabug: 36227024] - docs/perf: Add ampere_cspmu to toctree to fix a build warning (Ilkka Koskinen) [Orabug: 36227024] - perf: arm_cspmu: ampere_cspmu: Add support for Ampere SoC PMU (Ilkka Koskinen) [Orabug: 36227024] - perf: arm_cspmu: Support implementation specific validation (Ilkka Koskinen) [Orabug: 36227024] - perf: arm_cspmu: Support implementation specific filters (Ilkka Koskinen) [Orabug: 36227024] - perf: arm_cspmu: Split 64-bit write to 32-bit writes (Ilkka Koskinen) [Orabug: 36227024] - perf: arm_cspmu: Separate Arm and vendor module (Besar Wicaksono) [Orabug: 36227024] - perf/arm_cspmu: Decouple APMT dependency (Robin Murphy) [Orabug: 36227024] - ACPI/APMT: Don't register invalid resource (Robin Murphy) [Orabug: 36227024] - perf: arm_cspmu: Add missing MODULE_DEVICE_TABLE (Ilkka Koskinen) [Orabug: 36227024] - perf/arm_cspmu: Fix event attribute type (Robin Murphy) [Orabug: 36227024] - perf: arm_cspmu: Set irq affinitiy only if overflow interrupt is used (Ilkka Koskinen) [Orabug: 36227024] - perf: arm_cspmu: Fix variable dereference warning (Besar Wicaksono) [Orabug: 36227024] - perf: arm_cspmu: Fix module cyclic dependency (Besar Wicaksono) [Orabug: 36227024] - perf: arm_cspmu: Fix build failure on x86_64 (Besar Wicaksono) [Orabug: 36227024] - perf: arm_cspmu: Fix modular builds due to missing MODULE_LICENSE()s (Will Deacon) [Orabug: 36227024] - ACPI: APMT: Fix kerneldoc and indentation (Besar Wicaksono) [Orabug: 36227024] - perf: arm_cspmu: Add support for NVIDIA SCF and MCF attribute (Besar Wicaksono) [Orabug: 36227024] - perf: arm_cspmu: Add support for ARM CoreSight PMU driver (Besar Wicaksono) [Orabug: 36227024] - ACPI: ARM Performance Monitoring Unit Table (APMT) initial support (Besar Wicaksono) [Orabug: 36227024] - ACPICA: Add support for ARM Performance Monitoring Unit Table. (Besar Wicaksono) [Orabug: 36227024] - cpufreq: CPPC: Add per_cpu efficiency_class (Pierre Gondois) [Orabug: 36227024] - bonding: rate-limit bonding driver inspect messages (Praveen Kumar Kannoju) [Orabug: 36250567] - mlxbf_gige: stop interface during shutdown (David Thompson) [Orabug: 36525636] - mlxbf_gige: call request_irq() after NAPI initialized (David Thompson) [Orabug: 36525636] - mlxbf_gige: stop PHY during open() error paths (David Thompson) [Orabug: 36525636] - mlxbf_gige: add support to display pause frame counters (David Thompson) [Orabug: 36525636] - uek-rpm: Bluefield 3: Add missing mtd_blkdev module (Thomas Tai) [Orabug: 36530434] [5.15.0-206.153.6] - rds/rdma: Fix congestion value for userspace consumption (Juan Garcia) [Orabug: 36264651] - rds: Include transport protocol name in rds-info -k output (Juan Garcia) [Orabug: 36264651] - rds/ib: Disable WARN_ON() when system is going down (Hans Westgaard Ry) [Orabug: 36394501] - ipvlan: handle NETDEV_DOWN event (Venkat Venkatsubra) [Orabug: 36500076] [5.15.0-206.153.5] - KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36509092] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Pawan Gupta) [Orabug: 36509092] {CVE-2024-2201} - x86/bhi: Add BHI mitigation knob (Pawan Gupta) [Orabug: 36509092] {CVE-2024-2201} - x86/bhi: Enumerate Branch History Injection (BHI) bug (Pawan Gupta) [Orabug: 36509092] {CVE-2024-2201} - x86/bhi: Define SPEC_CTRL_BHI_DIS_S (Daniel Sneddon) [Orabug: 36509092] {CVE-2024-2201} - x86/bhi: Add support for clearing branch history at syscall entry (Pawan Gupta) [Orabug: 36509092] {CVE-2024-2201} - x86/cpufeature: Add missing leaf enumeration (Daniel Sneddon) [Orabug: 36509092] {CVE-2024-2201} - KVM: x86: Use a switch statement and macros in __feature_translate() (Jim Mattson) [Orabug: 36509092] {CVE-2024-2201} - KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace (Jim Mattson) [Orabug: 36509092] {CVE-2024-2201} - KVM: x86: Update KVM-only leaf handling to allow for 100% KVM-only leafs (Sean Christopherson) [Orabug: 36509092] {CVE-2024-2201} - x86/bugs: Use sysfs_emit() (Borislav Petkov) [Orabug: 36509092] {CVE-2024-2201} - x86/cpu: Support AMD Automatic IBRS (Kim Phillips) [Orabug: 36509092] {CVE-2024-2201} - Documentation/hw-vuln: Update spectre doc (Lin Yujun) [Orabug: 36509092] {CVE-2024-2201} - x86/speculation: Reorder SRSO and GDS functions (Alexandre Chartre) [Orabug: 36509092] {CVE-2024-2201} - rds/rdma: print connection up/down time while dropping/connecting (Juan Garcia) [Orabug: 36264673] [5.15.0-206.153.4] - LTS version: v5.15.153 (Vijayendra Suman) - remoteproc: stm32: fix incorrect optional pointers (Arnd Bergmann) - regmap: Add missing map->bus check (Marek Vasut) - spi: spi-mt65xx: Fix NULL pointer access in interrupt handler (Fei Shao) - net: dsa: mt7530: fix handling of all link-local frames (Arinc UNAL) - net: dsa: mt7530: fix link-local frames that ingress vlan filtering ports (Arinc UNAL) - net: dsa: mt7530: fix handling of 802.1X PAE frames (Arinc UNAL) - net: dsa: mt7530: fix handling of LLDP frames (Arinc UNAL) - bpf: report RCU QS in cpumap kthread (Yan Zhai) - net: report RCU QS on threaded NAPI repolling (Yan Zhai) - rcu: add a helper to report consolidated flavor QS (Yan Zhai) - netfilter: nf_tables: do not compare internal table flags on updates (Pablo Neira Ayuso) - netfilter: nft_set_pipapo: release elements in clone only from destroy path (Pablo Neira Ayuso) - octeontx2-af: Use separate handlers for interrupts (Subbaraya Sundeep) - net/bnx2x: Prevent access to a freed page in page_pool (Thinh Tran) - net: phy: fix phy_read_poll_timeout argument type in genphy_loopback (Nikita Kiryushin) - hsr: Handle failures in module init (Felix Maurer) - wireguard: receive: annotate data-race around receiving_counter.counter (Nikita Zhandarovich) - vdpa/mlx5: Allow CVQ size changes (Jonah Palmer) - net: dsa: mt7530: prevent possible incorrect XTAL frequency selection (Arinc UNAL) - net: veth: do not manipulate GRO when using XDP (Ignat Korchagin) - packet: annotate data-races around ignore_outgoing (Eric Dumazet) - net: ethernet: mtk_eth_soc: fix PPE hanging issue (Daniel Golle) - net: mediatek: mtk_eth_soc: clear MAC_MCR_FORCE_LINK only when MAC is up (Daniel Golle) - net: mtk_eth_soc: move MAC_MCR setting to mac_finish() (Russell King (Oracle)) - hsr: Fix uninit-value access in hsr_get_node() (Shigeru Yoshida) - soc: fsl: dpio: fix kcalloc() argument order (Arnd Bergmann) - s390/vtime: fix average steal time calculation (Mete Durlu) - octeontx2-af: Use matching wake_up API variant in CGX command interface (Linu Cherian) - nouveau: reset the bo resource bus info after an eviction (Dave Airlie) - usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin (Colin Ian King) - staging: greybus: fix get_channel_from_mode() failure path (Dan Carpenter) - serial: 8250_exar: Don't remove GPIO device on suspend (Andy Shevchenko) - rtc: mt6397: select IRQ_DOMAIN instead of depending on it (Randy Dunlap) - kconfig: fix infinite loop when expanding a macro at the end of file (Masahiro Yamada) - arm64: dts: broadcom: bcmbca: bcm4908: drop invalid switch cells (Rafal Milecki) - tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT (Tudor Ambarus) - serial: max310x: fix syntax error in IRQ error message (Hugo Villeneuve) - tty: vt: fix 20 vs 0x20 typo in EScsiignore (Jiri Slaby (SUSE)) - remoteproc: stm32: Fix incorrect type assignment returned by stm32_rproc_get_loaded_rsc_tablef (Arnaud Pouliquen) - remoteproc: stm32: Fix incorrect type in assignment for va (Arnaud Pouliquen) - remoteproc: stm32: use correct format strings on 64-bit (Arnd Bergmann) - comedi: comedi_test: Prevent timers rescheduling during deletion (Ian Abbott) - afs: Revert 'afs: Hide silly-rename files from userspace' (David Howells) - f2fs: compress: fix reserve_cblocks counting error when out of space (Xiuhong Wang) - NFS: Fix an off by one in root_nfs_cat() (Christophe JAILLET) - watchdog: stm32_iwdg: initialize default timeout (Ben Wolsieffer) - NFSv4.2: fix listxattr maximum XDR buffer size (Jorge Mora) - NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 (Jorge Mora) - net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr() (Christophe JAILLET) - scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn (Arnd Bergmann) - RDMA/rtrs-clt: Check strnlen return len in sysfs mpath_policy_store() (Alexey Kodanev) - RDMA/device: Fix a race between mad_client and cm_client init (Shifeng Li) - scsi: csiostor: Avoid function pointer casts (Arnd Bergmann) - f2fs: compress: fix to check unreleased compressed cluster (Sheng Yong) - f2fs: compress: fix to cover normal cluster write with cp_rwsem (Chao Yu) - f2fs: reduce stack memory cost by using bitfield in struct f2fs_io_info (Chao Yu) - f2fs: invalidate meta pages only for post_read required inode (Chao Yu) - f2fs: fix to invalidate META_MAPPING before DIO write (Chao Yu) - f2fs: replace congestion_wait() calls with io_schedule_timeout() (NeilBrown) - f2fs: invalidate META_MAPPING before IPU/DIO write (Hyeong-Jun Kim) - f2fs: multidevice: support direct IO (Chao Yu) - RDMA/srpt: Do not register event handler until srpt device is fully setup (William Kucharski) - ALSA: usb-audio: Stop parsing channels bits when all channels are found. (Johan Carlsson) - ALSA: hda/realtek: fix ALC285 issues on HP Envy x360 laptops (Athaariq Ardhiansyah) - clk: zynq: Prevent null pointer dereference caused by kmalloc failure (Duoming Zhou) - clk: Fix clk_core_get NULL dereference (Bryan O'Donoghue) - sparc32: Fix section mismatch in leon_pci_grpci (Sam Ravnborg) - backlight: lp8788: Fully initialize backlight_properties during probe (Daniel Thompson) - backlight: lm3639: Fully initialize backlight_properties during probe (Daniel Thompson) - backlight: da9052: Fully initialize backlight_properties during probe (Daniel Thompson) - backlight: lm3630a: Don't set bl->props.brightness in get_brightness (Luca Weiss) - backlight: lm3630a: Initialize backlight_properties on init (Luca Weiss) - leds: sgm3140: Add missing timer cleanup and flash gpio control (Ondrej Jirman) - leds: aw2013: Unlock mutex before destroying it (George Stark) - powerpc/embedded6xx: Fix no previous prototype for avr_uart_send() etc. (Michael Ellerman) - modules: wait do_free_init correctly (Changbin Du) - module: Add support for default value for module async_probe (Saravana Kannan) - drm/msm/dpu: add division of drm_display_mode's hskew parameter (Paloma Arellano) - powerpc/hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value checks (Kajol Jain) - drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip (Hsin-Yi Wang) - media: mediatek: vcodec: avoid -Wcast-function-type-strict warning (Arnd Bergmann) - media: ttpci: fix two memleaks in budget_av_attach (Zhipeng Lu) - media: go7007: fix a memleak in go7007_load_encoder (Zhipeng Lu) - media: dvb-frontends: avoid stack overflow warnings with clang (Arnd Bergmann) - media: pvrusb2: fix uaf in pvr2_context_set_notify (Edward Adam Davis) - drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int() (Srinivasan Shanmugam) - HID: amd_sfh: Update HPD sensor structure elements (Basavaraj Natikar) - ASoC: meson: axg-tdm-interface: add frame rate constraint (Jerome Brunet) - ASoC: meson: axg-tdm-interface: fix mclk setup without mclk-fs (Jerome Brunet) - mtd: rawnand: lpc32xx_mlc: fix irq handler prototype (Arnd Bergmann) - mtd: maps: physmap-core: fix flash size larger than 32-bit (Baruch Siach) - drm/tidss: Fix initial plane zpos values (Tomi Valkeinen) - crypto: arm/sha - fix function cast warnings (Arnd Bergmann) - mfd: altera-sysmgr: Call of_node_put() only when of_parse_phandle() takes a ref (Peter Griffin) - mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref (Peter Griffin) - drm/tegra: put drm_gem_object ref on error in tegra_fb_create (Fedor Pchelkin) - clk: hisilicon: hi3559a: Fix an erroneous devm_kfree() (Christophe JAILLET) - clk: hisilicon: hi3519: Release the correct number of gates in hi3519_clk_unregister() (Christophe JAILLET) - PCI: Mark 3ware-9650SE Root Port Extended Tags as broken (Jorg Wedekind) - drm/mediatek: dsi: Fix DSI RGB666 formats and definitions (AngeloGioacchino Del Regno) - clk: qcom: dispcc-sdm845: Adjust internal GDSC wait times (Konrad Dybcio) - media: pvrusb2: fix pvr2_stream_callback casts (Arnd Bergmann) - media: pvrusb2: remove redundant NULL check (Daniil Dulov) - media: go7007: add check of return value of go7007_read_addr() (Daniil Dulov) - media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak (Lucas Stach) - media: sun8i-di: Fix chroma difference threshold (Jernej Skrabec) - media: sun8i-di: Fix power on/off sequences (Jernej Skrabec) - media: sun8i-di: Fix coefficient writes (Jernej Skrabec) - NTB: fix possible name leak in ntb_register_device() (Yang Yingliang) - NTB: EPF: fix possible memory leak in pci_vntb_probe() (ruanjinjie) - PCI: endpoint: Support NTB transfer between RC and EP (Frank Li) - powerpc: Force inlining of arch_vmap_p{u/m}d_supported() (Christophe Leroy) - ASoC: meson: t9015: fix function pointer type mismatch (Jerome Brunet) - ASoC: meson: aiu: fix function pointer type mismatch (Jerome Brunet) - ASoC: meson: Use dev_err_probe() helper (Kuninori Morimoto) - perf stat: Avoid metric-only segv (Ian Rogers) - ALSA: seq: fix function cast warnings (Takashi Iwai) - drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode() (Nikita Zhandarovich) - perf thread_map: Free strlist on normal path in thread_map__new_by_tid_str() (Yang Jihong) - crypto: xilinx - call finalize with bh disabled (Quanyang Wang) - PCI: switchtec: Fix an error handling path in switchtec_pci_probe() (Christophe JAILLET) - PCI/P2PDMA: Fix a sleeping issue in a RCU read section (Christophe JAILLET) - quota: Fix rcu annotations of inode dquot pointers (Jan Kara) - quota: Fix potential NULL pointer dereference (Wang Jianjian) - quota: simplify drop_dquot_ref() (Baokun Li) - clk: qcom: reset: Ensure write completion on reset de/assertion (Konrad Dybcio) - clk: qcom: reset: Commonize the de/assert functions (Konrad Dybcio) - pinctrl: mediatek: Drop bogus slew rate register range for MT8192 (Chen-Yu Tsai) - media: edia: dvbdev: fix a use-after-free (Zhipeng Lu) - media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity (Zhipeng Lu) - media: v4l2-tpg: fix some memleaks in tpg_alloc (Zhipeng Lu) - media: em28xx: annotate unchecked call to media_device_register() (Nikita Zhandarovich) - clk: meson: Add missing clocks to axg_clk_regmaps (Igor Prusov) - perf evsel: Fix duplicate initialization of data->id in evsel__parse_sample() (Yang Jihong) - drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()' (Srinivasan Shanmugam) - drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()' (Srinivasan Shanmugam) - HID: lenovo: Add middleclick_workaround sysfs knob for cptkbd (Mikhail Khvainitski) - perf record: Fix possible incorrect free in record__switch_output() (Yang Jihong) - PCI/DPC: Print all TLP Prefixes, not just the first (Ilpo Jarvinen) - media: tc358743: register v4l2 async device only after successful setup (Alexander Stein) - dmaengine: tegra210-adma: Update dependency to ARCH_TEGRA (Peter Robinson) - drm/lima: fix a memleak in lima_heap_alloc (Zhipeng Lu) - drm/rockchip: lvds: do not print scary message when probing defer (Quentin Schulz) - drm/rockchip: lvds: do not overwrite error code (Quentin Schulz) - drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node (Zhipeng Lu) - drm/ttm: add ttm_resource_fini v2 (Christian Konig) - drm: Don't treat 0 as -1 in drm_fixp2int_ceil (Harry Wentland) - drm/rockchip: inno_hdmi: Fix video timing (Alex Bee) - drm/tegra: output: Fix missing i2c_put_adapter() in the error handling paths of tegra_output_probe() (Christophe JAILLET) - drm/tegra: rgb: Fix missing clk_put() in the error handling paths of tegra_dc_rgb_probe() (Christophe JAILLET) - drm/tegra: rgb: Fix some error handling paths in tegra_dc_rgb_probe() (Christophe JAILLET) - drm/tegra: dc: rgb: Allow changing PLLD rate on Tegra30+ (Dmitry Osipenko) - drm/tegra: dsi: Fix missing pm_runtime_disable() in the error handling path of tegra_dsi_probe() (Christophe JAILLET) - drm/tegra: dsi: Fix some error handling paths in tegra_dsi_probe() (Christophe JAILLET) - drm/tegra: dsi: Make use of the helper function dev_err_probe() (Cai Huoqing) - drm/tegra: dpaux: Fix PM disable depth imbalance in tegra_dpaux_probe (Zhang Shurong) - drm/tegra: dpaux: Populate AUX bus (Thierry Reding) - drm/tegra: dsi: Add missing check for of_find_device_by_node (Chen Ni) - dm: call the resume method on internal suspend (Mikulas Patocka) - dm raid: fix false positive for requeue needed during reshape (Ming Lei) - nfp: flower: handle acti_netdevs allocation failure (Duoming Zhou) - net/x25: fix incorrect parameter validation in the x25_getsockopt() function (Gavrilov Ilia) - net: kcm: fix incorrect parameter validation in the kcm_getsockopt) function (Gavrilov Ilia) - udp: fix incorrect parameter validation in the udp_lib_getsockopt() function (Gavrilov Ilia) - l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (Gavrilov Ilia) - ipmr: fix incorrect parameter validation in the ip_mroute_getsockopt() function (Gavrilov Ilia) - bpf: net: Change do_ip_getsockopt() to take the sockptr_t argument (Martin KaFai Lau) - bpf: net: Change sk_getsockopt() to take the sockptr_t argument (Martin KaFai Lau) - net: Change sock_getsockopt() to take the sk ptr instead of the sock ptr (Martin KaFai Lau) - tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (Gavrilov Ilia) - OPP: debugfs: Fix warning around icc_get_name() (Viresh Kumar) - net: phy: dp83822: Fix RGMII TX delay configuration (Tim Pambor) - net: phy: DP83822: enable rgmii mode if phy_interface_is_rgmii (Tommaso Merciai) - net: hns3: fix port duplex configure error in IMP reset (Jie Wang) - net: hns3: fix kernel crash when 1588 is received on HIP08 devices (Yonglong Liu) - net: phy: fix phy_get_internal_delay accessing an empty array (Kevin L'hopital) - net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv() (Eric Dumazet) - ipv6: fib6_rules: flush route cache when rule is changed (Shiming Cheng) - bpf: Fix stackmap overflow check on 32-bit arches (Toke Hoiland-Jorgensen) - bpf: Fix hashtab overflow check on 32-bit arches (Toke Hoiland-Jorgensen) - bpf: Fix DEVMAP_HASH overflow check on 32-bit arches (Toke Hoiland-Jorgensen) - sr9800: Add check for usbnet_get_endpoints (Chen Ni) - Bluetooth: hci_core: Fix possible buffer overflow (Luiz Augusto von Dentz) - Bluetooth: hci_qca: don't use IS_ERR_OR_NULL() with gpiod_get_optional() (Bartosz Golaszewski) - Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6855 (Steev Klimaszewski) - Bluetooth: Remove superfluous call to hci_conn_check_pending() (Jonas Dressler) - igb: Fix missing time sync events (Vinicius Costa Gomes) - igb: move PEROUT and EXTTS isr logic to separate functions (Ruud Bos) - iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected (Ethan Zhao) - PCI: Make pci_dev_is_disconnected() helper public for other drivers (Ethan Zhao) - wifi: rtw88: 8821c: Fix false alarm count (Bitterblue Smith) - mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function (Christophe JAILLET) - SUNRPC: fix some memleaks in gssx_dec_option_array (Zhipeng Lu) - x86, relocs: Ignore relocations in .notes section (Kees Cook) - ACPI: scan: Fix device check notification handling (Rafael J. Wysocki) - ACPI: resource: Add MAIBENBEN X577 to irq1_edge_low_force_override (Maxim Kudinov) - ACPI: resource: Do IRQ override on Lunnen Ground laptops (Alexey I. Froloff) - ACPI: resource: Add Infinity laptops to irq1_edge_low_force_override (David McFarland) - arm64: dts: marvell: reorder crypto interrupts on Armada SoCs (Rafal Milecki) - ARM: dts: imx6dl-yapp4: Move the internal switch PHYs under the switch node (Michal Vokac) - ARM: dts: imx6dl-yapp4: Fix typo in the QCA switch register address (Michal Vokac) - ARM: dts: imx6dl-yapp4: Move phy reset into switch node (Michal Vokac) - arm64: dts: renesas: r8a779a0: Correct avb[01] reg sizes (Geert Uytterhoeven) - arm64: dts: renesas: r8a779a0: Update to R-Car Gen4 compatible values (Geert Uytterhoeven) - ARM: dts: arm: realview: Fix development chip ROM compatible value (Geert Uytterhoeven) - net: ena: Remove ena_select_queue (Kamal Heib) - wifi: brcmsmac: avoid function pointer casts (Arnd Bergmann) - iommu/amd: Mark interrupt as managed (Mario Limonciello) - bus: tegra-aconnect: Update dependency to ARCH_TEGRA (Peter Robinson) - ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() (Armin Wolf) - wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces (Alexis Lothore) - wireless: Remove redundant 'flush_workqueue()' calls (Christophe JAILLET) - bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly (Yonghong Song) - arm64: dts: mediatek: mt7622: add missing 'device_type' to memory nodes (Rafal Milecki) - arm64: dts: mt8183: Move CrosEC base detection node to kukui-based DTs (Nicolas F. R. A. Prado) - arm64: dts: mt8183: kukui: Split out keyboard node and describe detachables (Hsin-Yi Wang) - arm64: dts: mt8183: kukui: Add Type C node (Prashant Malani) - ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down() (Eric Dumazet) - s390/vdso: drop '-fPIC' from LDFLAGS (Nathan Chancellor) - wifi: iwlwifi: mvm: don't set replay counters to 0xff (Johannes Berg) - pwm: sti: Fix capture for st,pwm-num-chan < st,capture-num-chan (Uwe Kleine-Konig) - pwm: sti: Implement .apply() callback (Uwe Kleine-Konig) - wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() (Zhipeng Lu) - net: blackhole_dev: fix build warning for ethh set but not used (Breno Leitao) - pwm: atmel-hlcdc: Fix clock imbalance related to suspend support (Uwe Kleine-Konig) - pwm: atmel-hlcdc: Use consistent variable naming (Uwe Kleine-Konig) - pwm: atmel-hlcdc: Convert to platform remove callback returning void (Uwe Kleine-Konig) - arm64: dts: imx8mm-venice-gw71xx: fix USB OTG VBUS (Tim Harvey) - wifi: iwlwifi: fix EWRD table validity check (Miri Korenblit) - wifi: iwlwifi: dbg-tlv: ensure NUL termination (Johannes Berg) - wifi: iwlwifi: mvm: report beacon protection failures (Johannes Berg) - wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete (Toke Hoiland-Jorgensen) - arm64: dts: imx8mm-kontron: Disable pull resistors for SD card signals on BL board (Frieder Schrempf) - arm64: dts: imx8mm-kontron: Use the VSELECT signal to switch SD card IO voltage (Frieder Schrempf) - arm64: dts: imx8mm-kontron: Add support for ultra high speed modes on SD card (Frieder Schrempf) - arm64: dts: imx8mm-kontron: Disable pullups for onboard UART signals on BL board (Frieder Schrempf) - arm64: dts: imx8mm-kontron: Disable pullups for I2C signals on SL/BL i.MX8MM (Frieder Schrempf) - cpufreq: mediatek-hw: Don't error out if supply is not found (Nicolas F. R. A. Prado) - af_unix: Annotate data-race of gc_in_progress in wait_for_unix_gc(). (Kuniyuki Iwashima) - bpftool: Silence build warning about calloc() (Tiezhu Yang) - inet_diag: annotate data-races around inet_diag_table[] (Eric Dumazet) - sock_diag: annotate data-races around sock_diag_handlers[family] (Eric Dumazet) - cpufreq: mediatek-hw: Wait for CPU supplies before probing (Nicolas F. R. A. Prado) - cpufreq: Explicitly include correct DT includes (Rob Herring) - wifi: mwifiex: debugfs: Drop unnecessary error check for debugfs_create_dir() (Jinjie Ruan) - wifi: wilc1000: fix multi-vif management when deleting a vif (Ajay Singh) - wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work (Martin Kaistra) - wifi: wilc1000: fix RCU usage in connect path (Alexis Lothore) - wifi: wilc1000: fix declarations ordering (Alexis Lothore) - wifi: b43: Disable QoS for bcm4331 (Rahul Rameshbabu) - wifi: b43: Stop correct queue in DMA worker when QoS is disabled (Rahul Rameshbabu) - wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled (Rahul Rameshbabu) - wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled (Rahul Rameshbabu) - wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (Xingyuan Mo) - sched/fair: Take the scheduling domain into account in select_idle_core() (Keisuke Nishimura) - timekeeping: Fix cross-timestamp interpolation for non-x86 (Peter Hilber) - timekeeping: Fix cross-timestamp interpolation corner case decision (Peter Hilber) - timekeeping: Fix cross-timestamp interpolation on counter wrap (Peter Hilber) - aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts (Chun-Yi Lee) - rtc: test: Fix invalid format specifier. (David Gow) - time: test: Fix incorrect format specifier (David Gow) - lib/cmdline: Fix an invalid format specifier in an assertion msg (David Gow) - md: Don't clear MD_CLOSING when the raid is about to stop (Li Nan) - fs/select: rework stack allocation hack for clang (Arnd Bergmann) - s390/dasd: fix double module refcount decrement (Miroslav Franc) - s390/dasd: Use dev_*() for device log messages (Jan Hoppner) - s390/dasd: add autoquiesce feature (Stefan Haberland) - s390/dasd: add copy pair setup (Stefan Haberland) - s390/dasd: add query PPRC function (Stefan Haberland) - s390/dasd: put block allocation in separate function (Stefan Haberland) - do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak (Nikita Zhandarovich) - ASoC: wm8962: Fix up incorrect error message in wm8962_set_fll (Stuart Henderson) - ASoC: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode (Stuart Henderson) - ASoC: wm8962: Enable oscillator if selecting WM8962_FLL_OSC (Stuart Henderson) - Input: gpio_keys_polled - suppress deferred probe error for gpio (Uwe Kleine-Konig) - ASoC: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet (Alban Boye) - firewire: core: use long bus reset on gap count error (Takashi Sakamoto) - Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security (Yuxuan Hu) - drm/amdgpu: Enable gpu reset for S3 abort cases on Raven series (Prike Liang) - ALSA: hda/realtek - ALC285 reduce pop noise from Headphone port (Kailang Yang) - scsi: mpt3sas: Prevent sending diag_reset when the controller is ready (Ranjan Kumar) - dm-verity, dm-crypt: align 'struct bvec_iter' correctly (Mikulas Patocka) - block: sed-opal: handle empty atoms when parsing response (Greg Joyce) - parisc/ftrace: add missing CONFIG_DYNAMIC_FTRACE check (Max Kellermann) - net/iucv: fix the allocation size of iucv_path_table array (Alexander Gordeev) - x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() (Hou Tao) - x86/mm: Move is_vsyscall_vaddr() into asm/vsyscall.h (Hou Tao) - riscv: dts: sifive: add missing #interrupt-cells to pmic (Conor Dooley) - RDMA/mlx5: Relax DEVX access upon modify commands (Yishai Hadas) - RDMA/mlx5: Fix fortify source warning while accessing Eth segment (Leon Romanovsky) - gen_compile_commands: fix invalid escape sequence warning (Andrew Ballance) - HID: multitouch: Add required quirk for Synaptics 0xcddc device (Manuel Fombuena) - MIPS: Clear Cause.BD in instruction_pointer_set (Jiaxun Yang) - x86/xen: Add some null pointer checking to smp.c (Kunwu Chan) - ASoC: rt5645: Make LattePanda board DMI match more precise (Hans de Goede) - selftests: tls: use exact comparison in recv_partial (Jakub Kicinski) - rcu-tasks: Provide rcu_trace_implies_rcu_gp() (Paul E. McKenney) - LTS version: v5.15.152 (Vijayendra Suman) - serial: max310x: fix IO data corruption in batched operations (Jan Kundrat) - serial: max310x: make accessing revision id interface-agnostic (Cosmin Tanislav) - regmap: Add bulk read/write callbacks into regmap_config (Marek Vasut) - regmap: allow to define reg_update_bits for no bus configuration (Ansuel Smith) - ALSA: usb-audio: Sort quirk table entries (Takashi Iwai) - ALSA: usb-audio: Add FIXED_RATE quirk for JBL Quantum610 Wireless (Takashi Iwai) - ALSA: usb-audio: Always initialize fixed_rate in snd_usb_find_implicit_fb_sync_format() (Jaroslav Kysela) - ALSA: usb-audio: Fix wrong kfree issue in snd_usb_endpoint_free_all (Wan Jiabing) - fs/proc: do_task_stat: move thread_group_cputime_adjusted() outside of lock_task_sighand() (Oleg Nesterov) - proc: Use task_is_running() for wchan in /proc//stat (Kees Cook) - getrusage: use sig->stats_lock rather than lock_task_sighand() (Oleg Nesterov) - getrusage: use __for_each_thread() (Oleg Nesterov) - getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand() (Oleg Nesterov) - getrusage: add the 'signal_struct *sig' local variable (Oleg Nesterov) - drm/amd/display: Increase frame-larger-than for all display_mode_vba files (Nathan Chancellor) - drm/amd/display: remove DML Makefile duplicate lines (Magali Lemes) - drm/amd/display: move calcs folder into DML (Isabella Basso) - drm/amd/display: Re-arrange FPU code structure for dcn2x (Qingqing Zhuo) - selftests: mptcp: decrease BW in simult flows (Matthieu Baerts (NGI0)) - drm/amdgpu: Reset IH OVERFLOW_CLEAR bit (Friedrich Vock) - drm/amd/pm: do not expose the API used internally only in kv_dpm.c (Evan Quan) - serial: max310x: prevent infinite while() loop in port startup (Hugo Villeneuve) - serial: max310x: use a separate regmap for each port (Cosmin Tanislav) - serial: max310x: use regmap methods for SPI batch operations (Cosmin Tanislav) - xhci: handle isoc Babble and Buffer Overrun events properly (Michal Pecio) - xhci: process isoc TD properly when there was a transaction error mid TD. (Mathias Nyman) - selftests: mm: fix map_hugetlb failure on 64K page size systems (Nico Pache) - selftests/mm: switch to bash from sh (Muhammad Usama Anjum) - nfp: flower: add hardware offload check for post ct entry (Hui Zhou) - nfp: flower: add goto_chain_index for ct entry (Wentao Jia) - drm/amd/display: Fix uninitialized variable usage in core_link_ 'read_dpcd() & write_dpcd()' functions (Srinivasan Shanmugam) - ALSA: usb-audio: add quirk for RODE NT-USB+ (Sean Young) - ALSA: usb-audio: Fix microphone sound on Nexigo webcam. (Christos Skevis) - ALSA: usb-audio: Add new quirk FIXED_RATE for JBL Quantum810 Wireless (Jaroslav Kysela) - ALSA: usb-audio: Add quirk for Tascam Model 12 (John Keeping) - ALSA: usb-audio: Avoid superfluous endpoint setup (Takashi Iwai) - ALSA: usb-audio: Correct the return code from snd_usb_endpoint_set_params() (Takashi Iwai) - ALSA: usb-audio: Apply mutex around snd_usb_endpoint_set_params() (Takashi Iwai) - ALSA: usb-audio: Properly refcounting clock rate (Takashi Iwai) - ALSA: usb-audio: Split endpoint setups for hw_params and prepare (take#2) (Takashi Iwai) - ALSA: usb-audio: Clear fixed clock rate at closing EP (Takashi Iwai) - ALSA: usb-audio: Refcount multiple accesses on the single clock (Takashi Iwai) - netrom: Fix data-races around sysctl_net_busy_read (Jason Xing) - netrom: Fix a data-race around sysctl_netrom_link_fails_count (Jason Xing) - netrom: Fix a data-race around sysctl_netrom_routing_control (Jason Xing) - netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout (Jason Xing) - netrom: Fix a data-race around sysctl_netrom_transport_requested_window_size (Jason Xing) - netrom: Fix a data-race around sysctl_netrom_transport_busy_delay (Jason Xing) - netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay (Jason Xing) - netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries (Jason Xing) - netrom: Fix a data-race around sysctl_netrom_transport_timeout (Jason Xing) - netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser (Jason Xing) - netrom: Fix a data-race around sysctl_netrom_obsolescence_count_initialiser (Jason Xing) - netrom: Fix a data-race around sysctl_netrom_default_path_quality (Jason Xing) - erofs: apply proper VMA alignment for memory mapped files on THP (Gao Xiang) - netfilter: nf_conntrack_h323: Add protection for bmp length out of range (Lena Wang) - netfilter: nft_ct: fix l3num expectations with inet pseudo family (Florian Westphal) - cpumap: Zero-initialise xdp_rxq_info struct before running XDP program (Toke Hoiland-Jorgensen) - net/ipv6: avoid possible UAF in ip6_route_mpath_notify() (Eric Dumazet) - net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() (Rand Deeb) - net: sparx5: Fix use after free inside sparx5_del_mact_entry (Horatiu Vultur) - geneve: make sure to pull inner header in geneve_rx() (Eric Dumazet) - tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string (Steven Rostedt (Google)) - i40e: disable NAPI right after disabling irqs when handling xsk_pool (Maciej Fijalkowski) - ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able (Maciej Fijalkowski) - net: lan78xx: fix runtime PM count underflow on link stop (Oleksij Rempel) - mmc: mmci: stm32: fix DMA API overlapping mappings warning (Christophe Kerello) - mmc: mmci: stm32: use a buffer for unaligned DMA requests (Yann Gautier) - LTS version: v5.15.151 (Vijayendra Suman) - mptcp: fix double-free on socket dismantle (Davide Caratti) - Revert 'tls: rx: move counting TlsDecryptErrors for sync' (Gal Pressman) - net: tls: fix async vs NIC crypto offload (Jakub Kicinski) - bpf: Derive source IP addr via bpf_*_fib_lookup() (Martynas Pumputis) - bpf: Add table ID to bpf_fib_lookup BPF helper (Louis DeLosSantos) - bpf: Add BPF_FIB_LOOKUP_SKIP_NEIGH for bpf_fib_lookup (Martin KaFai Lau) - Revert 'interconnect: Teach lockdep about icc_bw_lock order' (Greg Kroah-Hartman) - Revert 'interconnect: Fix locking for runpm vs reclaim' (Greg Kroah-Hartman) - gpio: fix resource unwinding order in error path (Bartosz Golaszewski) - gpiolib: Fix the error path order in gpiochip_add_data_with_key() (Andy Shevchenko) - gpio: 74x164: Enable output pins after registers are reset (Arturas Moskvinas) - fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super (Oscar Salvador) - cachefiles: fix memory leak in cachefiles_add_cache() (Baokun Li) - mptcp: fix possible deadlock in subflow diag (Paolo Abeni) - mptcp: push at DSS boundaries (Paolo Abeni) - mptcp: add needs_id for netlink appending addr (Geliang Tang) - mptcp: clean up harmless false expressions (Jean Sacren) - selftests: mptcp: add missing kconfig for NF Filter in v6 (Matthieu Baerts (NGI0)) - selftests: mptcp: add missing kconfig for NF Filter (Matthieu Baerts (NGI0)) - mptcp: rename timer related helper to less confusing names (Paolo Abeni) - mptcp: process pending subflow error on close (Paolo Abeni) - mptcp: move __mptcp_error_report in protocol.c (Paolo Abeni) - x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (Paolo Bonzini) - pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation (Bjorn Andersson) - mmc: sdhci-xenon: fix PHY init clock stability (Elad Nachman) - mmc: sdhci-xenon: add timeout for PHY init complete (Elad Nachman) - mmc: core: Fix eMMC initialization with 1-bit bus connection (Ivan Semenov) - dmaengine: fsl-qdma: init irq after reg initialization (Curtis Klein) - dmaengine: ptdma: use consistent DMA masks (Tadeusz Struk) - dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read (Peng Ma) - btrfs: dev-replace: properly validate device names (David Sterba) - wifi: nl80211: reject iftype change with mesh ID change (Johannes Berg) - gtp: fix use-after-free and null-ptr-deref in gtp_newlink() (Alexander Ofitserov) - ALSA: firewire-lib: fix to check cycle continuity (Takashi Sakamoto) - tomoyo: fix UAF write bug in tomoyo_write_control() (Tetsuo Handa) - riscv: Sparse-Memory/vmemmap out-of-bounds fix (Dimitris Vlachos) - fbcon: always restore the old font data in fbcon_do_set_font() (Jiri Slaby (SUSE)) - ALSA: Drop leftover snd-rtctimer stuff from Makefile (Takashi Iwai) - power: supply: bq27xxx-i2c: Do not free non existing IRQ (Hans de Goede) - efi/capsule-loader: fix incorrect allocation size (Arnd Bergmann) - tls: decrement decrypt_pending if no async completion will be called (Sabrina Dubroca) - tls: rx: use async as an in-out argument (Jakub Kicinski) - tls: rx: assume crypto always calls our callback (Jakub Kicinski) - tls: rx: move counting TlsDecryptErrors for sync (Jakub Kicinski) - tls: rx: don't track the async count (Jakub Kicinski) - tls: rx: factor out writing ContentType to cmsg (Jakub Kicinski) - tls: rx: wrap decryption arguments in a structure (Jakub Kicinski) - tls: rx: don't report text length from the bowels of decrypt (Jakub Kicinski) - tls: rx: drop unnecessary arguments from tls_setup_from_iter() (Jakub Kicinski) - tls: hw: rx: use return value of tls_device_decrypted() to carry status (Jakub Kicinski) - tls: rx: refactor decrypt_skb_update() (Jakub Kicinski) - tls: rx: don't issue wake ups when data is decrypted (Jakub Kicinski) - tls: rx: don't store the decryption status in socket context (Jakub Kicinski) - tls: rx: don't store the record type in socket context (Jakub Kicinski) - igb: extend PTP timestamp adjustments to i211 (Oleksij Rempel) - rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back (Lin Ma) - netfilter: bridge: confirm multicast packets before passing them up the stack (Florian Westphal) - netfilter: let reset rules clean out conntrack entries (Florian Westphal) - netfilter: make function op structures const (Florian Westphal) - netfilter: core: move ip_ct_attach indirection to struct nf_ct_hook (Florian Westphal) - netfilter: nfnetlink_queue: silence bogus compiler warning (Florian Westphal) - Bluetooth: Enforce validation on max value of connection interval (Kai-Heng Feng) - Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR (Zijun Hu) - Bluetooth: Avoid potential use-after-free in hci_error_reset (Ying Hsu) - stmmac: Clear variable when destroying workqueue (Jakub Raczynski) - uapi: in6: replace temporary label with rfc9486 (Justin Iurman) - veth: try harder when allocating queue memory (Jakub Kicinski) - net: enable memcg accounting for veth queues (Vasily Averin) - lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected (Oleksij Rempel) - ipv6: fix potential 'struct net' leak in inet6_rtm_getaddr() (Eric Dumazet) - net: veth: clear GRO when clearing XDP even when down (Jakub Kicinski) - cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call back (Doug Smythies) - tun: Fix xdp_rxq_info's queue_index when detaching (Yunjian Wang) - net: ip_tunnel: prevent perpetual headroom growth (Florian Westphal) - netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter (Ryosuke Yasuoka) - mtd: spinand: gigadevice: Fix the get ecc status issue (Han Xu) - netfilter: nf_tables: disallow timeout for anonymous sets (Pablo Neira Ayuso) - LTS version: v5.15.150 (Vijayendra Suman) - r8169: use new PM macros (Heiner Kallweit) - netfilter: nf_tables: can't schedule in nft_chain_validate (Florian Westphal) - ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks() (Baokun Li) - ext4: regenerate buddy after block freeing failed if under fc replay (Baokun Li) - netfilter: nf_tables: fix scheduling-while-atomic splat (Florian Westphal) - fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio (Bart Van Assche) - i2c: imx: when being a target, mark the last read as processed (Corey Minyard) - i2c: imx: Add timer for handling the stop condition (Corey Minyard) - drm/amd/display: Fix memory leak in dm_sw_fini() (Armin Wolf) - drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set (Erik Kurzinger) - netfilter: nft_flow_offload: release dst in case direct xmit path is used (Pablo Neira Ayuso) - netfilter: nft_flow_offload: reset dst in route object after setting up flow (Pablo Neira Ayuso) - netfilter: flowtable: simplify route logic (Pablo Neira Ayuso) - netfilter: nf_tables: set dormant flag on hook register failure (Florian Westphal) - tls: stop recv() if initial process_rx_list gave us non-DATA (Sabrina Dubroca) - tls: rx: drop pointless else after goto (Jakub Kicinski) - tls: rx: jump to a more appropriate label (Jakub Kicinski) - s390: use the correct count for __iowrite64_copy() (Jason Gunthorpe) - octeontx2-af: Consider the action set by PF (Subbaraya Sundeep) - drm/nouveau/instmem: fix uninitialized_var.cocci warning (Guo Zhengkui) - packet: move from strlcpy with unused retval to strscpy (Wolfram Sang) - ipv6: sr: fix possible use-after-free and null-ptr-deref (Vasiliy Kovalev) - afs: Increase buffer size in afs_update_volume_status() (Daniil Dulov) - bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel (Martin KaFai Lau) - ata: ahci_ceva: fix error handling for Xilinx GT PHY support (Radhey Shyam Pandey) - ata: libahci_platform: Introduce reset assertion/deassertion methods (Serge Semin) - ata: libahci_platform: Convert to using devm bulk clocks API (Serge Semin) - ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (Eric Dumazet) - ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid (Eric Dumazet) - net: stmmac: Fix incorrect dereference in interrupt handlers (Pavel Sakharov) - nouveau: fix function cast warnings (Arnd Bergmann) - scsi: jazz_esp: Only build if SCSI core is builtin (Randy Dunlap) - bpf, scripts: Correct GPL license name (Gianmarco Lusvardi) - RDMA/srpt: fix function pointer cast warnings (Arnd Bergmann) - arm64: dts: rockchip: set num-cs property for spi on px30 (Heiko Stuebner) - RDMA/qedr: Fix qedr_create_user_qp error flow (Kamal Heib) - RDMA/srpt: Support specifying the srpt_service_guid parameter (Bart Van Assche) - RDMA/irdma: Add AE for too many RNRS (Mustafa Ismail) - RDMA/irdma: Set the CQ read threshold for GEN 1 (Mustafa Ismail) - RDMA/irdma: Validate max_send_wr and max_recv_wr (Shiraz Saleem) - RDMA/irdma: Fix KASAN issue with tasklet (Mike Marciniszyn) - RDMA/bnxt_re: Return error for SRQ resize (Kalesh AP) - IB/hfi1: Fix a memleak in init_credit_return (Zhipeng Lu) - cifs: add a warning when the in-flight count goes negative (Shyam Prasad N) - xhci: track port suspend state correctly in unsuccessful resume cases (Mathias Nyman) - xhci: decouple usb2 port resume and get_port_status request handling (Mathias Nyman) - xhci: clear usb2 resume related variables in one place. (Mathias Nyman) - xhci: rename resume_done to resume_timestamp (Mathias Nyman) - xhci: move port specific items such as state completions to port structure (Mathias Nyman) - xhci: cleanup xhci_hub_control port references (Mathias Nyman) - ACPI: resource: Skip IRQ override on ASUS ExpertBook B1502CBA (Paul Menzel) - ACPI: resource: Skip IRQ override on Asus Expertbook B2402CBA (Tamim Khan) - ACPI: resource: Add Asus ExpertBook B2502 to Asus quirks (Hans de Goede) - ACPI: resource: Skip IRQ override on Asus Vivobook S5602ZA (Tamim Khan) - ACPI: resource: Add ASUS model S5402ZA to quirks (Kellen Renshaw) - ACPI: video: Add backlight=native DMI quirk for Apple iMac12,1 and iMac12,2 (Hans de Goede) - ARM: dts: BCM53573: Describe on-SoC BCM53125 rev 4 switch (Rafal Milecki) - arm64: dts: rockchip: add SPDIF node for ROCK Pi 4 (Alex Bee) - arm64: dts: rockchip: add ES8316 codec for ROCK Pi 4 (Alex Bee) - arm64: dts: rockchip: fix regulator name on rk3399-rock-4 (FUKAUMI Naoki) - exfat: support dynamic allocate bh for exfat_entry_set_cache (Yuezhang Mo) - wifi: iwlwifi: mvm: avoid baid size integer overflow (Johannes Berg) - igb: Fix igb_down hung on surprise removal (Ying Hsu) - wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point() (Gustavo A. R. Silva) - bpf: Address KCSAN report on bpf_lru_list (Martin KaFai Lau) - wifi: ath11k: fix registration of 6Ghz-only phy without the full channel range (Maxime Bizon) - sched/fair: Don't balance task to its current running CPU (Yicong Yang) - arm64: mm: fix VA-range sanity check (Mark Rutland) - arm64: set __exception_irq_entry with __irq_entry as a default (Youngmin Nam) - ACPI: video: Add backlight=native DMI quirk for Lenovo ThinkPad X131e (3371 AMD version) (Hans de Goede) - ACPI: video: Add backlight=native DMI quirk for Apple iMac11,3 (Hans de Goede) - ACPI: button: Add lid disable DMI quirk for Nextbook Ares 8A (Hans de Goede) - btrfs: add xxhash to fast checksum implementations (David Sterba) - posix-timers: Ensure timer ID search-loop limit is valid (Thomas Gleixner) - md/raid10: prevent soft lockup while flush writes (Yu Kuai) - md: fix data corruption for raid456 when reshape restart while grow up (Yu Kuai) - nbd: Add the maximum limit of allocated index in nbd_dev_add (Zhong Jinghua) - debugobjects: Recheck debug_objects_enabled before reporting (Tetsuo Handa) - netfilter: nf_tables: add rescheduling points during loop detection walks (Florian Westphal) - net/sched: Refactor qdisc_graft() for ingress and clsact Qdiscs (Peilin Ye) - Input: iqs269a - do not poll during ATI (Jeff LaBundy) - Input: iqs269a - do not poll during suspend or resume (Jeff LaBundy) - Input: iqs269a - switch to DEFINE_SIMPLE_DEV_PM_OPS() and pm_sleep_ptr() (Jonathan Cameron) - PM: core: Remove static qualifier in DEFINE_SIMPLE_DEV_PM_OPS macro (Paul Cercueil) - mmc: mxc: Use the new PM macros (Paul Cercueil) - mmc: jz4740: Use the new PM macros (Paul Cercueil) - PM: core: Add new *_PM_OPS macros, deprecate old ones (Paul Cercueil) - PM: core: Redefine pm_ptr() macro (Paul Cercueil) - powerpc/eeh: Set channel state after notifying the drivers (Ganesh Goudar) - powerpc/eeh: Small refactor of eeh_handle_normal_event() (Daniel Axtens) - powerpc/rtas: ensure 4KB alignment for rtas_data_buf (Nathan Lynch) - powerpc/rtas: make all exports GPL (Nathan Lynch) - net: ethernet: ti: add missing of_node_put before return (Wang Qing) - dt-bindings: clocks: imx8mp: Add ID for usb suspend clock (Li Jun) - clk: imx8mp: add clkout1/2 support (Lucas Stach) - clk: imx8mp: Add DISP2 pixel clock (Marek Vasut) - serial: 8250: Remove serial_rs485 sanitization from em485 (Ilpo Jarvinen) - cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl() (Enzo Matsumiya) - kernel/sched: Remove dl_boosted flag comment (Hui Su) - drm/i915/dg1: Update DMC_DEBUG3 register (Chuansheng Liu) - f2fs: write checkpoint during FG_GC (Byungki Lee) - f2fs: don't set GC_FAILURE_PIN for background GC (Chao Yu) - drm/amdgpu: init iommu after amdkfd device init (Yifan Zhang) - tools/virtio: fix build (Stefano Garzarella) - perf beauty: Update copy of linux/socket.h with the kernel sources (Arnaldo Carvalho de Melo) - tools headers UAPI: Sync linux/fscrypt.h with the kernel sources (Arnaldo Carvalho de Melo) - ARM: dts: BCM53573: Drop nonexistent 'default-off' LED trigger (Rafal Milecki) - acpi: property: Let args be NULL in __acpi_node_get_property_reference (Sakari Ailus) - platform/x86: asus-wmi: Document the dgpu_disable sysfs attribute (Luke D. Jones) - clk: linux/clk-provider.h: fix kernel-doc warnings and typos (Randy Dunlap) - RDMA/siw: Correct wrong debug message (Guoqing Jiang) - RDMA/siw: Balance the reference of cep->kref in the error path (Guoqing Jiang) - ARM: dts: BCM53573: Drop nonexistent #usb-cells (Rafal Milecki) - selftests: net: vrf-xfrm-tests: change authentication and encryption algos (Magali Lemes) - MIPS: vpe-mt: drop physical_memsize (Randy Dunlap) - MIPS: SMP-CPS: fix build error when HOTPLUG_CPU not set (Randy Dunlap) - powerpc/pseries/lpar: add missing RTAS retry status handling (Nathan Lynch) - powerpc/perf/hv-24x7: add missing RTAS retry status handling (Nathan Lynch) - powerpc/pseries/lparcfg: add missing RTAS retry status handling (Nathan Lynch) - clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() (Chen-Yu Tsai) - clk: qcom: gpucc-sdm845: fix clk_dis_wait being programmed for CX GDSC (Dmitry Baryshkov) - clk: qcom: gpucc-sc7180: fix clk_dis_wait being programmed for CX GDSC (Dmitry Baryshkov) - powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (Frederic Barrat) - Input: ads7846 - don't check penirq immediately for 7845 (Luca Ellero) - Input: ads7846 - always set last command to PWRDOWN (Luca Ellero) - clk: imx: avoid memory leak (Peng Fan) - clk: renesas: cpg-mssr: Remove superfluous check in resume code (Geert Uytterhoeven) - Input: ads7846 - don't report pressure for ads7845 (Luca Ellero) - clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed (Alexey Khoroshilov) - Input: iqs269a - increase interrupt handler return delay (Jeff LaBundy) - Input: iqs269a - configure device with a single block write (Jeff LaBundy) - Input: iqs269a - drop unused device node references (Jeff LaBundy) - RISC-V: fix funct4 definition for c.jalr in parse_asm.h (Heiko Stuebner) - mtd: rawnand: sunxi: Fix the size of the last OOB region (Samuel Holland) - clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents (Dmitry Baryshkov) - clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents (Dmitry Baryshkov) - clk: imx: imx8mp: add shared clk gate for usb suspend clk (Li Jun) - mptcp: fix lockless access in subflow ULP diag (Paolo Abeni) - usb: roles: don't get/set_role() when usb_role_switch is unregistered (Xu Yang) - usb: roles: fix NULL pointer issue when put module's reference (Xu Yang) - usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs (Krishna Kurapati) - usb: cdns3: fix memory double free when handle zero packet (Frank Li) - usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() (Frank Li) - usb: cdnsp: fixed issue with incorrect detecting CDNSP family controllers (Pawel Laszczak) - usb: cdnsp: blocked some cdns3 specific code (Pawel Laszczak) - serial: amba-pl011: Fix DMA transmission in RS485 mode (Lino Sanfilippo) - x86/alternative: Make custom return thunk unconditional (Peter Zijlstra) - Revert 'x86/alternative: Make custom return thunk unconditional' (Borislav Petkov (AMD)) - x86/returnthunk: Allow different return thunks (Peter Zijlstra) - x86/ftrace: Use alternative RET encoding (Peter Zijlstra) - x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() (Peter Zijlstra) - x86/text-patching: Make text_gen_insn() play nice with ANNOTATE_NOENDBR (Peter Zijlstra) - Revert 'x86/ftrace: Use alternative RET encoding' (Borislav Petkov (AMD)) - ARM: ep93xx: Add terminator to gpiod_lookup_table (Nikita Shubin) - l2tp: pass correct message length to ip6_append_data (Tom Parkin) - PCI/MSI: Prevent MSI hardware interrupt number truncation (Vidya Sagar) - gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() (Vasiliy Kovalev) - KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() (Oliver Upton) - KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler (Oliver Upton) - platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names (Hans de Goede) - dm-crypt: don't modify the data when using authenticated encryption (Mikulas Patocka) - drm/ttm: Fix an invalid freeing on already freed page in error path (Thomas Hellstrom) - IB/hfi1: Fix sdma.h tx->num_descs off-by-one error (Daniel Vacek) - erofs: fix lz4 inplace decompression (Gao Xiang) - pmdomain: renesas: r8a77980-sysc: CR7 must be always on (Geert Uytterhoeven) - pmdomain: mediatek: fix race conditions with genpd (Eugen Hristev) - virtio-blk: Ensure no requests in virtqueues before deleting vqs. (Yi Sun) - drm/amdgpu: reset gpu for s3 suspend abort case (Prike Liang) - drm/amdgpu: skip to program GFXDEC registers for suspend abort (Prike Liang) - firewire: core: send bus reset promptly on gap count error (Takashi Sakamoto) - scsi: lpfc: Use unsigned type for num_sge (Hannes Reinecke) - hwmon: (coretemp) Enlarge per package core count limit (Zhang Rui) - efi: Don't add memblocks for soft-reserved memory (Andrew Bresticker) - efi: runtime: Fix potential overflow of soft-reserved region size (Andrew Bresticker) - wifi: mac80211: adding missing drv_mgd_complete_tx() call (Johannes Berg) - fs/ntfs3: Fix oob in ntfs_listxattr (Edward Adam Davis) - fs/ntfs3: Update inode->i_size after success write into compressed file (Konstantin Komarov) - fs/ntfs3: Correct function is_rst_area_valid (Konstantin Komarov) - fs/ntfs3: Prevent generic message 'attempt to access beyond end of device' (Konstantin Komarov) - fs/ntfs3: use non-movable memory for ntfs3 MFT buffer cache (Ism Hong) - fs/ntfs3: Disable ATTR_LIST_ENTRY size check (Konstantin Komarov) - fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame() (Konstantin Komarov) - fs/ntfs3: Fix detected field-spanning write (size 8) of single field 'le->name' (Konstantin Komarov) - fs/ntfs3: Print warning while fixing hard links count (Konstantin Komarov) - fs/ntfs3: Correct hard links updating when dealing with DOS names (Konstantin Komarov) - fs/ntfs3: Improve ntfs_dir_count (Konstantin Komarov) - fs/ntfs3: Modified fix directory element type detection (Konstantin Komarov) - Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table (Szilard Fabian) - ext4: correct the hole length returned by ext4_map_blocks() (Zhang Yi) - nvmet-fc: take ref count on tgtport before delete assoc (Daniel Wagner) - nvmet-fc: avoid deadlock on delete association path (Daniel Wagner) - nvmet-fc: abort command when there is no binding (Daniel Wagner) - nvmet-fc: hold reference on hostport match (Daniel Wagner) - nvmet-fc: defer cleanup using RCU properly (Daniel Wagner) - nvmet-fc: release reference on target port (Daniel Wagner) - nvmet-fcloop: swap the list_add_tail arguments (Daniel Wagner) - nvme-fc: do not wait in vain when unloading module (Daniel Wagner) - ALSA: usb-audio: Ignore clock selector errors for single connection (Alexander Tsoy) - netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new (Xin Long) - Input: xpad - add Lenovo Legion Go controllers (Brenton Simpson) - spi: sh-msiof: avoid integer overflow in constants (Wolfram Sang) - ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 (Chen-Yu Tsai) - ALSA: usb-audio: Check presence of valid altsetting control (Alexander Tsoy) - nvmet-tcp: fix nvme tcp ida memory leak (Guixin Liu) - regulator: pwm-regulator: Add validity checks in continuous .get_voltage (Martin Blumenstingl) - dmaengine: ti: edma: Add some null pointer checks to the edma_probe (Kunwu Chan) - ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (Baokun Li) - ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() (Baokun Li) - ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt (Baokun Li) - platform/x86: touchscreen_dmi: Add info for the TECLAST X16 Plus tablet (Phoenix Chen) - MIPS: reserve exception vector space ONLY ONCE (Huang Pei) - ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers (Lennert Buytenhek) - ahci: asm1166: correct count of reported ports (Conrad Kostecki) - spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected (Devyn Liu) - fbdev: sis: Error out if pixclock equals zero (Fullway Wang) - fbdev: savage: Error out if pixclock equals zero (Fullway Wang) - wifi: mac80211: fix race condition on enabling fast-xmit (Felix Fietkau) - wifi: cfg80211: fix missing interfaces when dumping (Michal Kazior) - dmaengine: fsl-qdma: increase size of 'irq_name' (Vinod Koul) - dmaengine: shdma: increase size of 'dev_id' (Vinod Koul) - scsi: target: core: Add TMF to tmr_list handling (Dmitry Bogdanov) - sched/rt: Disallow writing invalid values to sched_rt_period_us (Cyril Hrubis) - sched/rt: Fix sysctl_sched_rr_timeslice intial value (Cyril Hrubis) - userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb (Lokesh Gidra) - bpf: Remove trace_printk_lock (Jiri Olsa) - bpf: Do cleanup in bpf_bprintf_cleanup only when needed (Jiri Olsa) - bpf: Add struct for bin_args arg in bpf_bprintf_prepare (Jiri Olsa) - bpf: Merge printk and seq_printf VARARG max macros (Dave Marchevsky) - sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset (Cyril Hrubis) - smb: client: fix parsing of SMB3.1.1 POSIX create context (Paulo Alcantara) - smb: client: fix potential OOBs in smb2_parse_contexts() (Paulo Alcantara) - smb: client: fix OOB in receive_encrypted_standard() (Paulo Alcantara) [5.15.0-206.149.3] - RDMA/cm: add timeout to cm_destroy_id wait (Manjunath Patil) [Orabug: 36280585] - net/mlx5: Query hca_cap_2 only when supported (Maher Sanalla) [Orabug: 36466318] [5.15.0-206.149.2] - tracing/kprobes: Remove CONFIG_LIVEPATCH for module symbol counting logic (Vijayendra Suman) [Orabug: 36395538] [5.15.0-206.149.1] - rds: ib: Use fastreg QP if conn is down and handle FRWR CQE timeout (Hakon Bugge) [Orabug: 36236371] - rds: ib: Tear down QP when FRWR WRs fails (Hakon Bugge) [Orabug: 36236371] - rds: ib: Poll fastreg CQ before destroying (Hakon Bugge) [Orabug: 36236371] - rds: Fix WARN_ON in rds_ib_destroy_mr_pool() (Hans Westgaard Ry) [Orabug: 36332964] - ext4: fix corruption during on-line resize (Maximilian Heyne) [Orabug: 36342901] - Revert 'x86/mm/ident_map: Use gbpages only where full GB page should be mapped.' (Sherry Yang) [Orabug: 36442401] - dmapool: create/destroy cleanup (Keith Busch) [Orabug: 36095510] - dmapool: link blocks across pages (Keith Busch) [Orabug: 36095510] - dmapool: don't memset on free twice (Keith Busch) [Orabug: 36095510] - dmapool: simplify freeing (Keith Busch) [Orabug: 36095510] - dmapool: consolidate page initialization (Keith Busch) [Orabug: 36095510] - dmapool: rearrange page alloc failure handling (Keith Busch) [Orabug: 36095510] - dmapool: move debug code to own functions (Keith Busch) [Orabug: 36095510] - dmapool: speedup DMAPOOL_DEBUG with init_on_alloc (Tony Battersby) [Orabug: 36095510] - dmapool: cleanup integer types (Tony Battersby) [Orabug: 36095510] - dmapool: use sysfs_emit() instead of scnprintf() (Tony Battersby) [Orabug: 36095510] - dmapool: remove checks for dev == NULL (Tony Battersby) [Orabug: 36095510] - mm/dmapool.c: revert 'make dma pool to use kmalloc_node' (Christian Konig) [Orabug: 36095510] - ice: Don't dereference NULL in ice_gnss_read error path (Simon Horman) [Orabug: 36390519] - ice: make writes to /dev/gnssX synchronous (Michal Schmidt) [Orabug: 36390519] - ice: do not busy-wait to read GNSS data (Michal Schmidt) [Orabug: 36390519] - ice: use GNSS subsystem instead of TTY (Arkadiusz Kubalewski) [Orabug: 36390519] - ice: Add check for kzalloc (Jiasheng Jiang) [Orabug: 36390519] - ice: Fix potential memory leak in ice_gnss_tty_write() (Yuan Can) [Orabug: 36390519] - uek-rpm: Bluefield 3: Enable KASAN runtime memory debugger in the debug config (Thomas Tai) [Orabug: 36441787] - Revert 'mmc: core: Use mrq.sbc in close-ended ffu' (Thomas Tai) [Orabug: 36441787] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-2201 cpe:/a:oracle:linux:8::UEKR7 cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:8::developer_UEKR7 cpe:/a:oracle:linux:9::UEKR7 cpe:/o:oracle:linux:9:4:baseos_patch cpe:/a:oracle:linux:9::developer_UEKR7 Oracle Linux 9 [3.21.0-9] - timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin) Resolves: RHEL-22792 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-0914 cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 libvirt [9.0.0-5.el9] - Fix off-by-one error in udevListInterfacesByStatus (Martin Kletzander) [Orabug: 36364464] {CVE-2024-1441} libvirt-python [9.0.0-5.el9] - Update to libvirt 9.0.0-5 (Karl Heubaum) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-1441 cpe:/a:oracle:linux:9::kvm_utils Oracle Linux 9 [7.2.0-11.el9] - vfio/migration: Add a note about migration rate limiting (Avihai Horon) [Orabug: 36329758] - vfio/migration: Refactor vfio_save_state() return value (Avihai Horon) [Orabug: 36329758] - migration: Don't serialize devices in qemu_savevm_state_iterate() (Avihai Horon) [Orabug: 36329758] - ui/clipboard: add asserts for update and request (Fiona Ebner) [Orabug: 36323175] {CVE-2023-6683} - ui/clipboard: mark type as not available when there is no data (Fiona Ebner) [Orabug: 36323175] {CVE-2023-6683} - virtio-net: correctly copy vnet header when flushing TX (Jason Wang) [Orabug: 36154459] {CVE-2023-6693} - esp: restrict non-DMA transfer length to that of available data (Mark Cave-Ayland) [Orabug: 36322141] {CVE-2024-24474} - vhost: Perform memory section dirty scans once per iteration (Si-Wei Liu) - vhost: dirty log should be per backend type (Si-Wei Liu) - net: Update MemReentrancyGuard for NIC (Akihiko Odaki) [Orabug: 35644197] {CVE-2023-3019} - net: Provide MemReentrancyGuard * to qemu_new_nic() (Akihiko Odaki) [Orabug: 35644197] {CVE-2023-3019} - lsi53c895a: disable reentrancy detection for MMIO region, too (Thomas Huth) [Orabug: 33774027] {CVE-2021-3750} - memory: stricter checks prior to unsetting engaged_in_io (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - async: avoid use-after-free on re-entrancy guard (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - apic: disable reentrancy detection for apic-msi (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - raven: disable reentrancy detection for iomem (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - bcm2835_property: disable reentrancy detection for iomem (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - lsi53c895a: disable reentrancy detection for script RAM (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - hw: replace most qemu_bh_new calls with qemu_bh_new_guarded (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - checkpatch: add qemu_bh_new/aio_bh_new checks (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - async: Add an optional reentrancy guard to the BH API (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - memory: prevent dma-reentracy issues (Alexander Bulekov) [Orabug: 33774027] {CVE-2021-3750} - hw/acpi: propagate vcpu hotplug after switch to modern interface (Aaron Young) - migration: Fix use-after-free of migration state object (Fabiano Rosas) [Orabug: 36242218] - kvm: Fix crash due to access uninitialized kvm_state (Gavin Shan) [Orabug: 36269244] - migration: Avoid usage of static variable inside tracepoint (Joao Martins) - migration: Add tracepoints for downtime checkpoints (Peter Xu) - migration: migration_stop_vm() helper (Peter Xu) - migration: Add per vmstate downtime tracepoints (Peter Xu) - migration: Add migration_downtime_start|end() helpers (Peter Xu) - migration: Set downtime_start even for postcopy (Peter Xu) - hv-balloon: implement pre-Glib 2.68 compatibility (Maciej S. Szmigiero) - hw/i386/pc: Support hv-balloon (Maciej S. Szmigiero) - qapi: Add HV_BALLOON_STATUS_REPORT event and its QMP query command (Maciej S. Szmigiero) - qapi: Add query-memory-devices support to hv-balloon (Maciej S. Szmigiero) - Add Hyper-V Dynamic Memory Protocol driver (hv-balloon) hot-add support (Maciej S. Szmigiero) - Add Hyper-V Dynamic Memory Protocol driver (hv-balloon) base (Maciej S. Szmigiero) - Add Hyper-V Dynamic Memory Protocol definitions (Maciej S. Szmigiero) - memory-device: Drop size alignment check (David Hildenbrand) - memory-device: Support empty memory devices (David Hildenbrand) - memory,vhost: Allow for marking memory device memory regions unmergeable (David Hildenbrand) - memory: Clarify mapping requirements for RamDiscardManager (David Hildenbrand) - memory-device,vhost: Support automatic decision on the number of memslots (David Hildenbrand) - vhost: Add vhost_get_max_memslots() (David Hildenbrand) - kvm: Add stub for kvm_get_max_memslots() (David Hildenbrand) - memory-device,vhost: Support memory devices that dynamically consume memslots (David Hildenbrand) - memory-device: Track required and actually used memslots in DeviceMemoryState (David Hildenbrand) - stubs: Rename qmp_memory_device.c to memory_device.c (David Hildenbrand) - memory-device: Support memory devices with multiple memslots (David Hildenbrand) - vhost: Return number of free memslots (David Hildenbrand) - kvm: Return number of free memslots (David Hildenbrand) - vhost: Remove vhost_backend_can_merge() callback (David Hildenbrand) - vhost: Rework memslot filtering and fix 'used_memslot' tracking (David Hildenbrand) - virtio-md-pci: New parent type for virtio-mem-pci and virtio-pmem-pci (David Hildenbrand) - migration/ram: Expose ramblock_is_ignored() as migrate_ram_is_ignored() (David Hildenbrand) - virtio-mem: Skip most of virtio_mem_unplug_all() without plugged memory (David Hildenbrand) - softmmu/physmem: Warn with ram_block_discard_range() on MAP_PRIVATE file mapping (David Hildenbrand) - memory-device: Track used region size in DeviceMemoryState (David Hildenbrand) - memory-device: Refactor memory_device_pre_plug() (David Hildenbrand) - hw/i386/pc: Remove PC_MACHINE_DEVMEM_REGION_SIZE (David Hildenbrand) - hw/i386/acpi-build: Rely on machine->device_memory when building SRAT (David Hildenbrand) - hw/i386/pc: Use machine_memory_devices_init() (David Hildenbrand) - hw/loongarch/virt: Use machine_memory_devices_init() (David Hildenbrand) - hw/ppc/spapr: Use machine_memory_devices_init() (David Hildenbrand) - hw/arm/virt: Use machine_memory_devices_init() (David Hildenbrand) - memory-device: Introduce machine_memory_devices_init() (David Hildenbrand) - memory-device: Unify enabled vs. supported error messages (David Hildenbrand) - hw/scsi/scsi-disk: Disallow block sizes smaller than 512 [CVE-2023-42467] (Thomas Huth) [Orabug: 35808564] {CVE-2023-42467} - tests/qtest: ahci-test: add test exposing reset issue with pending callback (Fiona Ebner) [Orabug: 35977245] {CVE-2023-5088} - hw/ide: reset: cancel async DMA operation before resetting state (Fiona Ebner) [Orabug: 35977245] {CVE-2023-5088} [7.2.0-7.el9] - vfio/common: Probe type1 iommu dirty tracking support (Joao Martins) [Orabug: 36024839] - vfio/common: Allow disabling device dirty page tracking (Joao Martins) [Orabug: 36024839] MODERATE Copyright 2024 Oracle, Inc. CVE-2023-6693 CVE-2023-5088 CVE-2024-24474 CVE-2023-3019 CVE-2023-42467 CVE-2021-3750 CVE-2023-6683 cpe:/a:oracle:linux:9::kvm_utils Oracle Linux 9 * Tue Feb 27 2024 Aaron Young <aaron.young@oracle.com> - Create new 20240227 release for OL9 which includes the following fixed CVEs: {CVE-2023-45229} {CVE-2023-45230} {CVE-2023-45231} {CVE-2023-45232} {CVE-2023-45233} {CVE-2023-45234} {CVE-2023-45235} {CVE-2022-36763} {CVE-2022-36764} {CVE-2022-36765} - Update to OpenSSL 3.0.10 which includes the following fixed CVEs: {CVE-2023-2975} {CVE-2023-1255} {CVE-2023-0401} {CVE-2023-0217} {CVE-2023-0216} {CVE-2023-0215} {CVE-2022-4203} {CVE-2022-3996} {CVE-2022-3602} {CVE-2022-3786} {CVE-2022-3358} {CVE-2022-2274} {CVE-2022-1473} {CVE-2022-1434} {CVE-2022-1343} {CVE-2021-4044} {CVE-2021-23839} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-45229 CVE-2023-45235 CVE-2022-36763 CVE-2022-36765 CVE-2023-45230 CVE-2023-45231 CVE-2023-45232 CVE-2023-45233 CVE-2022-36764 CVE-2023-45234 cpe:/a:oracle:linux:9::developer_kvm_utils cpe:/a:oracle:linux:9::kvm_utils Oracle Linux 8 Oracle Linux 9 [5.15.0-207.156.6] - uek-container: Add advanced routing options (Boris Ostrovsky) [Orabug: 36691279] - slub: use count_partial_free_approx() in slab_out_of_memory() (Jianfeng Wang) [Orabug: 36655468] - slub: introduce count_partial_free_approx() (Jianfeng Wang) [Orabug: 36655468] - Revert 'lockd: introduce safe async lock op' (Chuck Lever) - Revert 'tracing/trigger: Fix to return error if failed to alloc snapshot' (Siddh Raman Pant) - x86/bugs: Fix BHI retpoline check (Josh Poimboeuf) - keys: Fix overwrite of key expiration on instantiation (Silvio Gissi) - af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc(). (Kuniyuki Iwashima) - Revert 'usb: cdc-wdm: close race between read and workqueue' (Greg Kroah-Hartman) - Revert 'crypto: api - Disallow identical driver names' (Greg Kroah-Hartman) - netfilter: br_netfilter: skip conntrack input hook for promisc packets (Pablo Neira Ayuso) - Revert 'Revert 'ACPI: CPPC: Use access_width over bit_width for system memory accesses'' (Easwar Hariharan) - btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() (Dominique Martinet) - usb: dwc2: host: Fix dereference issue in DDMA completion flow. (Minas Harutyunyan) - Reapply 'drm/qxl: simplify qxl_fence_wait' (Linus Torvalds) - bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS (Matthew Wilcox (Oracle)) [5.15.0-207.156.5] - cpu: Re-enable CPU mitigations by default for !X86 architectures (Sean Christopherson) [Orabug: 36682142] [5.15.0-207.156.4] - net/rds: mod reconnect delay on sendmsg() (Sharath Srinivasan) [Orabug: 36531127] - net/rds: Extend exponential backoff for rds reconnects (Sharath Srinivasan) [Orabug: 36531127] - genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline (Dongli Zhang) [Orabug: 36674308] - uek-rpm: re-enable HP_WMI and HP_ACCEL (Stephen Brennan) [Orabug: 36632743] - mmc: core: Avoid negative index with array access (Mikko Rapeli) [Orabug: 36554507] - Revert 'Revert 'mmc: core: Use mrq.sbc in close-ended ffu'' (Thomas Tai) [Orabug: 36554507] - uek-rpm: Enable FUNCTION_GRAPH_RETVAL in UEK7 (Jianfeng Wang) [Orabug: 36460674] - fgraph: Add declaration of 'struct fgraph_ret_regs' (Steven Rostedt (Google)) [Orabug: 36460674] - x86/ftrace: Enable HAVE_FUNCTION_GRAPH_RETVAL (Donglin Peng) [Orabug: 36460674] - arm64: ftrace: Enable HAVE_FUNCTION_GRAPH_RETVAL (Donglin Peng) [Orabug: 36460674] - tracing: Add documentation for funcgraph-retval and funcgraph-retval-hex (Donglin Peng) [Orabug: 36460674] - function_graph: Support recording and printing the return value of function (Donglin Peng) [Orabug: 36460674] - net/rds: Get RDS statistics for each possible CPU (Anand Khoje) [Orabug: 35830448] [5.15.0-207.156.3] - scripts/gdb: Fix gdb 'lx-symbols' command (Khalid Masum) [Orabug: 36651773] - module: Fix prefix for module.sig_enforce module param (Saravana Kannan) [Orabug: 36651773] [5.15.0-207.156.2] - LTS version: v5.15.156 (Vijayendra Suman) - drm/i915/cdclk: Fix CDCLK programming order when pipes are active (Ville Syrjala) - irqflags: Explicitly ignore lockdep_hrtimer_exit() argument (Arnd Bergmann) - x86/apic: Force native_apic_mem_read() to use the MOV instruction (Adam Dunlap) - selftests: timers: Fix abs() warning in posix_timers test (John Stultz) - x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n (Sean Christopherson) - perf/x86: Fix out of range data (Namhyung Kim) - vhost: Add smp_rmb() in vhost_vq_avail_empty() (Gavin Shan) - drm/client: Fully protect modes[] with dev->mode_config.mutex (Ville Syrjala) - btrfs: qgroup: correctly model root qgroup rsv in convert (Boris Burkov) - iommu/vt-d: Allocate local memory for page request queue (Jacob Pan) - tracing: hide unused ftrace_event_id_fops (Arnd Bergmann) - net: ena: Fix incorrect descriptor free behavior (David Arinzon) - net: ena: Wrong missing IO completions check order (David Arinzon) - net: ena: Fix potential sign extension issue (David Arinzon) - af_unix: Fix garbage collector racing against connect() (Michal Luczaj) - af_unix: Do not use atomic ops for unix_sk(sk)->inflight. (Kuniyuki Iwashima) - net: dsa: mt7530: trap link-local frames regardless of ST Port State (Arinc UNAL) - net: sparx5: fix wrong config being used when reconfiguring PCS (Daniel Machon) - net/mlx5: Properly link new fs rules into the tree (Cosmin Ratiu) - netfilter: complete validation of user input (Eric Dumazet) - ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr (Jiri Benc) - ipv4/route: avoid unused-but-set-variable warning (Arnd Bergmann) - ipv6: fib: hide unused 'pn' variable (Arnd Bergmann) - octeontx2-af: Fix NIX SQ mode and BP config (Geetha sowjanya) - af_unix: Clear stale u->oob_skb. (Kuniyuki Iwashima) - geneve: fix header validation in geneve[6]_xmit_skb (Eric Dumazet) - xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (Eric Dumazet) - u64_stats: Disable preemption on 32bit UP+SMP PREEMPT_RT during updates. (Sebastian Andrzej Siewior) - net: openvswitch: fix unwanted error log on timeout policy probing (Ilya Maximets) - scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() (Dan Carpenter) - nouveau: fix function cast warning (Arnd Bergmann) - Revert 'drm/qxl: simplify qxl_fence_wait' (Alex Constantino) - arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order (Frank Li) - media: cec: core: remove length check of Timer Status (Nini Song) - Bluetooth: Fix memory leak in hci_req_sync_complete() (Dmitry Antipov) - ring-buffer: Only update pages_touched when a new page is touched (Steven Rostedt (Google)) - batman-adv: Avoid infinite loop trying to resize local TT (Sven Eckelmann) - LTS version: v5.15.155 (Vijayendra Suman) - Revert 'ACPI: CPPC: Use access_width over bit_width for system memory accesses' (Greg Kroah-Hartman) - VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() (Vasiliy Kovalev) - Bluetooth: btintel: Fixe build regression (Luiz Augusto von Dentz) - platform/x86: intel-vbtn: Update tablet mode switch at end of probe (Gwendal Grignou) - randomize_kstack: Improve entropy diffusion (Kees Cook) - x86/mm/pat: fix VM_PAT handling in COW mappings (David Hildenbrand) - virtio: reenable config if freezing device failed (David Hildenbrand) - gcc-plugins/stackleak: Avoid .head.text section (Ard Biesheuvel) - gcc-plugins/stackleak: Ignore .noinstr.text and .entry.text (Kees Cook) - tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (Thadeu Lima de Souza Cascardo) - netfilter: nf_tables: discard table flag update with pending basechain deletion (Pablo Neira Ayuso) - netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path (Pablo Neira Ayuso) - netfilter: nf_tables: release batch on table validation from abort path (Pablo Neira Ayuso) - fbmon: prevent division by zero in fb_videomode_from_videomode() (Roman Smirnov) - drivers/nvme: Add quirks for device 126f:2262 (Jiawei Fu (iBug)) - fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 (Aleksandr Burakov) - ASoC: soc-core.c: Skip dummy codec when adding platforms (Chancel Liu) - usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined (Colin Ian King) - usb: typec: tcpci: add generic tcpci fallback compatible (Marco Felsch) - tools: iio: replace seekdir() in iio_generic_buffer (Petre Rodan) - ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment (linke li) - ktest: force = 1 for 'make_warnings_file' test type (Ricardo B. Marliere) - platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet (Alban Boye) - Input: allocate keycode for Display refresh rate toggle (Gergo Koteles) - block: prevent division by zero in blk_rq_stat_sum() (Roman Smirnov) - libperf evlist: Avoid out-of-bounds access (Ian Rogers) - Revert 'ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default' (Daniel Drake) - SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int (Dai Ngo) - drm/amd/display: Fix nanosec stat overflow (Aric Cyr) - ext4: forbid commit inconsistent quota data when errors=remount-ro (Ye Bin) - ext4: add a hint for block bitmap corrupt state in mb_groups (Zhang Yi) - ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter (Takashi Sakamoto) - media: sta2x11: fix irq handler cast (Arnd Bergmann) - isofs: handle CDs with bad root inode but good Joliet root directory (Alex Henrie) - scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() (Justin Tee) - sysv: don't call sb_bread() with pointers_lock held (Tetsuo Handa) - pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs (Geert Uytterhoeven) - Input: synaptics-rmi4 - fail probing if memory allocation for 'phys' fails (Kunwu Chan) - Bluetooth: btintel: Fix null ptr deref in btintel_read_version (Edward Adam Davis) - net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() (Eric Dumazet) - btrfs: send: handle path ref underflow in header iterate_inode_ref() (David Sterba) - btrfs: export: handle invalid inode or root reference in btrfs_get_parent() (David Sterba) - btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() (David Sterba) - wifi: ath11k: decrease MHI channel buffer length to 8KB (Baochen Qiang) - net: pcs: xpcs: Return EINVAL in the internal methods (Serge Semin) - tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() (Samasth Norway Ananda) - pstore/zone: Add a null pointer check to the psz_kmsg_read (Kunwu Chan) - ionic: set adminq irq affinity (Shannon Nelson) - arm64: dts: rockchip: fix rk3399 hdmi ports node (Johan Jonker) - arm64: dts: rockchip: fix rk3328 hdmi ports node (Johan Jonker) - cpuidle: Avoid potential overflow in integer multiplication (C Cheng) - panic: Flush kernel log buffer at the end (John Ogness) - VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() (Harshit Mogalapalli) - wifi: ath9k: fix LNA selection in ath_ant_try_scan() (Dmitry Antipov) - net: dsa: fix panic when DSA master device unbinds on shutdown (Vladimir Oltean) - amdkfd: use calloc instead of kzalloc to avoid integer overflow (Dave Airlie) - LTS version: v5.15.154 (Vijayendra Suman) - gro: fix ownership transfer (Antoine Tenart) - mm/secretmem: fix GUP-fast succeeding on secretmem folios (David Hildenbrand) - mptcp: don't account accept() of non-MPC client as fallback to TCP (Davide Caratti) - x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO (Borislav Petkov (AMD)) - x86/bugs: Fix the SRSO mitigation on Zen3/4 (Borislav Petkov (AMD)) - riscv: process: Fix kernel gp leakage (Stefan O'Rear) - riscv: Fix spurious errors from __get/put_kernel_nofault (Samuel Holland) - s390/entry: align system call table on 8 bytes (Sumanth Korikkar) - x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (Borislav Petkov (AMD)) - of: dynamic: Synchronize of_changeset_destroy() with the devlink removals (Herve Codina) - driver core: Introduce device_link_wait_removal() (Herve Codina) - ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone (I Gede Agastya Darma Laksana) - fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() (Jann Horn) - openrisc: Fix pagewalk usage in arch_dma_{clear, set}_uncached (Jann Horn) - HID: uhid: Use READ_ONCE()/WRITE_ONCE() for ->running (Jann Horn) - nfsd: hold a lighter-weight client reference over CB_RECALL_ANY (Jeff Layton) - ata: sata_mv: Fix PCI device ID table declaration compilation warning (Arnd Bergmann) - scsi: mylex: Fix sysfs buffer lengths (Arnd Bergmann) - ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit (Arnd Bergmann) - ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw (Stephen Lee) - ASoC: rt711-sdw: fix locking sequence (Pierre-Louis Bossart) - ASoC: rt711-sdca: fix locking sequence (Pierre-Louis Bossart) - ASoC: rt5682-sdw: fix locking sequence (Pierre-Louis Bossart) - net: ravb: Always process TX descriptor ring (Paul Barker) - net: fec: Set mac_managed_pm during probe (Wei Fang) - drivers: net: convert to boolean for the mac_managed_pm flag (Denis Kirjanov) - net: usb: asix: suspend embedded PHY if external is used (Oleksij Rempel) - i40e: Enforce software interrupt during busy-poll exit (Ivan Vecera) - i40e: Remove _t suffix from enum type names (Ivan Vecera) - i40e: Store the irq number in i40e_q_vector (Joe Damato) - Revert 'usb: phy: generic: Get the vbus supply' (Alexander Stein) - scsi: qla2xxx: Update manufacturer detail (Bikash Hazarika) - i40e: fix vf may be used uninitialized in this function warning (Aleksandr Loktionov) - i40e: fix i40e_count_filters() to count only active/new filters (Aleksandr Loktionov) - octeontx2-pf: check negative error code in otx2_open() (Su Hui) - octeontx2-af: Fix issue with loading coalesced KPU profiles (Hariprasad Kelam) - udp: prevent local UDP tunnel packets from being GROed (Antoine Tenart) - udp: do not transition UDP GRO fraglist partial checksums to unnecessary (Antoine Tenart) - udp: do not accept non-tunnel GSO skbs landing in a tunnel (Antoine Tenart) - ipv6: Fix infinite recursion in fib6_dump_done(). (Kuniyuki Iwashima) - selftests: reuseaddr_conflict: add missing new line at the end of the output (Jakub Kicinski) - erspan: make sure erspan_base_hdr is present in skb->head (Eric Dumazet) - selftests: net: gro fwd: update vxlan GRO test expectations (Antoine Tenart) - net: stmmac: fix rx queue priority assignment (Piotr Wejman) - net/sched: act_skbmod: prevent kernel-infoleak (Eric Dumazet) - bpf, sockmap: Prevent lock inversion deadlock in map delete elem (Jakub Sitnicki) - vboxsf: Avoid an spurious warning if load_nls_xxx() fails (Christophe JAILLET) - netfilter: validate user input for expected length (Eric Dumazet) - netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (Ziyang Xuan) - netfilter: nf_tables: flush pending destroy work before exit_net release (Pablo Neira Ayuso) - netfilter: nf_tables: reject new basechain after table flag update (Pablo Neira Ayuso) - KVM: x86: Mark target gfn of emulated atomic instruction as dirty (Sean Christopherson) - KVM: x86: Bail to userspace if emulation of atomic user access faults (Sean Christopherson) - thermal: devfreq_cooling: Fix perf state when calculate dfc res_util (Ye Zhang) - mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations (Vlastimil Babka) - locking/rwsem: Disable preemption while trying for rwsem lock (Gokul krishna Krishnakumar) - xen-netfront: Add missing skb_mark_for_recycle (Jesper Dangaard Brouer) - Bluetooth: Fix TOCTOU in HCI debugfs implementation (Bastien Nocera) - Bluetooth: hci_event: set the conn encrypted before conn establishes (Hui Wang) - arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken (Johan Hovold) - x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word (Sean Christopherson) - r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d (Heiner Kallweit) - dm integrity: fix out-of-range warning (Arnd Bergmann) - Octeontx2-af: fix pause frame configuration in GMP mode (Hariprasad Kelam) - ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() (Nikita Kiryushin) - tcp: properly terminate timers for kernel sockets (Eric Dumazet) - s390/qeth: handle deferred cc1 (Alexandra Winter) - ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() (Przemek Kitszel) - wifi: iwlwifi: mvm: rfi: fix potential response leaks (Johannes Berg) - iwlwifi: mvm: rfi: use kmemdup() to replace kzalloc + memcpy (Bixuan Cui) - nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet (Ryosuke Yasuoka) - USB: UAS: return ENODEV when submit urbs fail with device not attached (Weitao Wang) - scsi: usb: Stop using the SCSI pointer (Bart Van Assche) - scsi: usb: Call scsi_done() directly (Bart Van Assche) - USB: core: Fix deadlock in usb_deauthorize_interface() (Alan Stern) - scsi: lpfc: Correct size for wqe for memset() (Muhammad Usama Anjum) - PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports (Mika Westerberg) - x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (Kim Phillips) - scsi: qla2xxx: Delay I/O Abort on PCI error (Quinn Tran) - scsi: qla2xxx: Change debug message during driver unload (Saurav Kashyap) - scsi: qla2xxx: Fix double free of fcport (Saurav Kashyap) - scsi: qla2xxx: Fix command flush on cable pull (Quinn Tran) - scsi: qla2xxx: NVME|FCP prefer flag not being honored (Quinn Tran) - scsi: qla2xxx: Split FCE|EFT trace control (Quinn Tran) - scsi: qla2xxx: Fix N2N stuck connection (Quinn Tran) - scsi: qla2xxx: Prevent command send on chip reset (Quinn Tran) - usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset (Christian A. Ehrhardt) - usb: typec: ucsi: Ack unsupported commands (Christian A. Ehrhardt) - usb: udc: remove warning when queue disabled ep (yuan linyu) - usb: dwc2: gadget: LPM flow fix (Minas Harutyunyan) - usb: dwc2: gadget: Fix exiting from clock gating (Minas Harutyunyan) - usb: dwc2: host: Fix ISOC flow in DDMA mode (Minas Harutyunyan) - usb: dwc2: host: Fix hibernation flow (Minas Harutyunyan) - usb: dwc2: host: Fix remote wakeup from hibernation (Minas Harutyunyan) - USB: core: Add hub_get() and hub_put() routines (Alan Stern) - staging: vc04_services: fix information leak in create_component() (Dan Carpenter) - staging: vc04_services: changen strncpy() to strscpy_pad() (Arnd Bergmann) - scsi: core: Fix unremoved procfs host directory regression (Guilherme G. Piccoli) - ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs (Duoming Zhou) - drm/amd/display: Preserve original aspect ratio in create stream (Tom Chung) - drm/amdgpu: Use drm_mode_copy() (Ville Syrjala) - usb: cdc-wdm: close race between read and workqueue (Oliver Neukum) - drm/i915/gt: Reset queue_priority_hint on parking (Chris Wilson) - net: ll_temac: platform_get_resource replaced by wrong function (Claus Hansen Ries) - hexagon: vmlinux.lds.S: handle attributes section (Nathan Chancellor) - exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() (Max Filippov) - wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes (Felix Fietkau) - btrfs: zoned: use zone aware sb location for scrub (Johannes Thumshirn) - init: open /initrd.image with O_LARGEFILE (John Sperbeck) - mm/migrate: set swap entry values of THP tail pages properly. (Zi Yan) - serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO (Hugo Villeneuve) - vfio/fsl-mc: Block calling interrupt handler without trigger (Alex Williamson) - vfio/platform: Create persistent IRQ handlers (Alex Williamson) - vfio/pci: Create persistent INTx handler (Alex Williamson) - vfio: Introduce interface to flush virqfd inject workqueue (Alex Williamson) - vfio/pci: Lock external INTx masking ops (Alex Williamson) - vfio/pci: Disable auto-enable of exclusive INTx IRQ (Alex Williamson) - selftests: mptcp: diag: return KSFT_FAIL not test_cnt (Geliang Tang) - powerpc: xor_vmx: Add '-mhard-float' to CFLAGS (Nathan Chancellor) - efivarfs: Request at most 512 bytes for variable names (Tim Schumacher) - perf/core: Fix reentry problem in perf_output_read_group() (Yang Jihong) - nfsd: Fix a regression in nfsd_setattr() (Trond Myklebust) - nfsd: don't call locks_release_private() twice concurrently (NeilBrown) - nfsd: don't take fi_lock in nfsd_break_deleg_cb() (NeilBrown) - nfsd: fix RELEASE_LOCKOWNER (NeilBrown) - nfsd: drop the nfsd_put helper (Jeff Layton) - nfsd: call nfsd_last_thread() before final nfsd_put() (NeilBrown) - lockd: introduce safe async lock op (Alexander Aring) - NFSD: fix possible oops when nfsd/pool_stats is closed. (NeilBrown) - Documentation: Add missing documentation for EXPORT_OP flags (Chuck Lever) - nfsd: separate nfsd_last_thread() from nfsd_put() (NeilBrown) - nfsd: Simplify code around svc_exit_thread() call in nfsd() (NeilBrown) - nfsd: Fix creation time serialization order (Tavian Barnes) - NFSD: Add an nfsd4_encode_nfstime4() helper (Chuck Lever) - lockd: drop inappropriate svc_get() from locked_get() (NeilBrown) - nfsd: fix double fget() bug in __write_ports_addfd() (Dan Carpenter) - nfsd: make a copy of struct iattr before calling notify_change (Jeff Layton) - NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop (Dai Ngo) - nfsd: simplify the delayed disposal list code (Jeff Layton) - NFSD: Convert filecache to rhltable (Chuck Lever) - nfsd: allow reaping files still under writeback (Jeff Layton) - nfsd: update comment over __nfsd_file_cache_purge (Jeff Layton) - nfsd: don't take/put an extra reference when putting a file (Jeff Layton) - nfsd: add some comments to nfsd_file_do_acquire (Jeff Layton) - nfsd: don't kill nfsd_files because of lease break error (Jeff Layton) - nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator (Jeff Layton) - nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries (Jeff Layton) - nfsd: don't open-code clear_and_wake_up_bit (Jeff Layton) - nfsd: call op_release, even when op_func returns an error (Jeff Layton) - nfsd: don't replace page in rq_pages if it's a continuation of last page (Jeff Layton) - NFSD: Protect against filesystem freezing (Chuck Lever) - NFSD: copy the whole verifier in nfsd_copy_write_verifier (Chuck Lever) - nfsd: don't fsync nfsd_files on last close (Jeff Layton) - nfsd: fix courtesy client with deny mode handling in nfs4_upgrade_open (Jeff Layton) - NFSD: fix problems with cleanup on errors in nfsd4_copy (Dai Ngo) - nfsd: don't hand out delegation on setuid files being opened for write (Jeff Layton) - NFSD: fix leaked reference count of nfsd4_ssc_umount_item (Dai Ngo) - nfsd: clean up potential nfsd_file refcount leaks in COPY codepath (Jeff Layton) - nfsd: allow nfsd_file_get to sanely handle a NULL pointer (Jeff Layton) - NFSD: enhance inter-server copy cleanup (Dai Ngo) - nfsd: don't destroy global nfs4_file table in per-net shutdown (Jeff Layton) - nfsd: don't free files unconditionally in __nfsd_file_cache_purge (Jeff Layton) - NFSD: replace delayed_work with work_struct for nfsd_client_shrinker (Dai Ngo) - NFSD: register/unregister of nfsd-client shrinker at nfsd startup/shutdown time (Dai Ngo) - NFSD: Use set_bit(RQ_DROPME) (Chuck Lever) - Revert 'SUNRPC: Use RMW bitops in single-threaded hot paths' (Chuck Lever) - nfsd: fix handling of cached open files in nfsd4_open codepath (Jeff Layton) - nfsd: rework refcounting in filecache (Jeff Layton) - NFSD: Avoid clashing function prototypes (Kees Cook) - NFSD: Use only RQ_DROPME to signal the need to drop a reply (Chuck Lever) - NFSD: add CB_RECALL_ANY tracepoints (Dai Ngo) - NFSD: add delegation reaper to react to low memory condition (Dai Ngo) - NFSD: add support for sending CB_RECALL_ANY (Dai Ngo) - NFSD: refactoring courtesy_client_reaper to a generic low memory shrinker (Dai Ngo) - trace: Relocate event helper files (Chuck Lever) - lockd: fix file selection in nlmsvc_cancel_blocked (Jeff Layton) - lockd: ensure we use the correct file descriptor when unlocking (Jeff Layton) - lockd: set missing fl_flags field when retrieving args (Jeff Layton) - NFSD: Use struct_size() helper in alloc_session() (Xiu Jianfeng) - nfsd: return error if nfs4_setacl fails (Jeff Layton) - NFSD: Add an nfsd_file_fsync tracepoint (Chuck Lever) - nfsd: fix up the filecache laundrette scheduling (Jeff Layton) - filelock: add a new locks_inode_context accessor function (Jeff Layton) - nfsd: reorganize filecache.c (Jeff Layton) - nfsd: remove the pages_flushed statistic from filecache (Jeff Layton) - NFSD: Fix licensing header in filecache.c (Chuck Lever) - NFSD: Use rhashtable for managing nfs4_file objects (Chuck Lever) - NFSD: Refactor find_file() (Chuck Lever) - NFSD: Clean up find_or_add_file() (Chuck Lever) - NFSD: Add a nfsd4_file_hash_remove() helper (Chuck Lever) - NFSD: Clean up nfsd4_init_file() (Chuck Lever) - NFSD: Update file_hashtbl() helpers (Chuck Lever) - NFSD: Use const pointers as parameters to fh_ helpers (Chuck Lever) - NFSD: Trace delegation revocations (Chuck Lever) - NFSD: Trace stateids returned via DELEGRETURN (Chuck Lever) - NFSD: Clean up nfs4_preprocess_stateid_op() call sites (Chuck Lever) - NFSD: Flesh out a documenting comment for filecache.c (Chuck Lever) - NFSD: Add an NFSD_FILE_GC flag to enable nfsd_file garbage collection (Chuck Lever) - NFSD: Revert 'NFSD: NFSv4 CLOSE should release an nfsd_file immediately' (Chuck Lever) - NFSD: Pass the target nfsd_file to nfsd_commit() (Chuck Lever) - exportfs: use pr_debug for unreachable debug statements (David Disseldorp) - nfsd: allow disabling NFSv2 at compile time (Jeff Layton) - nfsd: move nfserrno() to vfs.c (Jeff Layton) - nfsd: ignore requests to disable unsupported versions (Jeff Layton) - NFSD: Finish converting the NFSv3 GETACL result encoder (Chuck Lever) - NFSD: Remove redundant assignment to variable host_err (Colin Ian King) - NFSD: Simplify READ_PLUS (Anna Schumaker) - nfsd: use locks_inode_context helper (Jeff Layton) - lockd: use locks_inode_context helper (Jeff Layton) - NFSD: Fix reads with a non-zero offset that don't end on a page boundary (Chuck Lever) - NFSD: Fix trace_nfsd_fh_verify_err() crasher (Chuck Lever) - nfsd: put the export reference in nfsd4_verify_deleg_dentry (Jeff Layton) - nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint (Jeff Layton) - nfsd: fix net-namespace logic in __nfsd_file_cache_purge (Jeff Layton) - nfsd: ensure we always call fh_verify_error tracepoint (Jeff Layton) - NFSD: unregister shrinker when nfsd_init_net() fails (Tetsuo Handa) - nfsd: rework hashtable handling in nfsd_do_file_acquire (Jeff Layton) - nfsd: fix nfsd_file_unhash_and_dispose (Jeff Layton) - fanotify: Remove obsoleted fanotify_event_has_path() (Gaosheng Cui) - fsnotify: remove unused declaration (Gaosheng Cui) - fs/notify: constify path (Al Viro) - nfsd: extra checks when freeing delegation stateids (Jeff Layton) - nfsd: make nfsd4_run_cb a bool return function (Jeff Layton) - nfsd: fix comments about spinlock handling with delegations (Jeff Layton) - nfsd: only fill out return pointer on success in nfsd4_lookup_stateid (Jeff Layton) - NFSD: Cap rsize_bop result based on send buffer size (Chuck Lever) - NFSD: Rename the fields in copy_stateid_t (Chuck Lever) - nfsd: use DEFINE_SHOW_ATTRIBUTE to define nfsd_file_cache_stats_fops (ChenXiaoSong) - nfsd: use DEFINE_SHOW_ATTRIBUTE to define nfsd_reply_cache_stats_fops (ChenXiaoSong) - nfsd: use DEFINE_SHOW_ATTRIBUTE to define client_info_fops (ChenXiaoSong) - nfsd: use DEFINE_SHOW_ATTRIBUTE to define export_features_fops and supported_enctypes_fops (ChenXiaoSong) - nfsd: use DEFINE_PROC_SHOW_ATTRIBUTE to define nfsd_proc_ops (ChenXiaoSong) - NFSD: Pack struct nfsd4_compoundres (Chuck Lever) - NFSD: Remove unused nfsd4_compoundargs::cachetype field (Chuck Lever) - NFSD: Remove 'inline' directives on op_rsize_bop helpers (Chuck Lever) - NFSD: Clean up nfs4svc_encode_compoundres() (Chuck Lever) - NFSD: Clean up WRITE arg decoders (Chuck Lever) - NFSD: Use xdr_inline_decode() to decode NFSv3 symlinks (Chuck Lever) - NFSD: Refactor common code out of dirlist helpers (Chuck Lever) - NFSD: Reduce amount of struct nfsd4_compoundargs that needs clearing (Chuck Lever) - SUNRPC: Parametrize how much of argsize should be zeroed (Chuck Lever) - NFSD: add shrinker to reap courtesy clients on low memory condition (Dai Ngo) - NFSD: keep track of the number of courtesy clients in the system (Dai Ngo) - NFSD: Make nfsd4_remove() wait before returning NFS4ERR_DELAY (Chuck Lever) - NFSD: Make nfsd4_rename() wait before returning NFS4ERR_DELAY (Chuck Lever) - NFSD: Make nfsd4_setattr() wait before returning NFS4ERR_DELAY (Chuck Lever) - NFSD: Refactor nfsd_setattr() (Chuck Lever) - NFSD: Add a mechanism to wait for a DELEGRETURN (Chuck Lever) - NFSD: Add tracepoints to report NFSv4 callback completions (Chuck Lever) - NFSD: Trace NFSv4 COMPOUND tags (Chuck Lever) - NFSD: Replace dprintk() call site in fh_verify() (Chuck Lever) - nfsd: remove nfsd4_prepare_cb_recall() declaration (Gaosheng Cui) - nfsd: clean up mounted_on_fileid handling (Jeff Layton) - NFSD: drop fname and flen args from nfsd_create_locked() (NeilBrown) - NFSD: Increase NFSD_MAX_OPS_PER_COMPOUND (Chuck Lever) - nfsd: Propagate some error code returned by memdup_user() (Christophe JAILLET) - nfsd: Avoid some useless tests (Christophe JAILLET) - NFSD: remove redundant variable status (Jinpeng Cui) - NFSD enforce filehandle check for source file in COPY (Olga Kornievskaia) - lockd: move from strlcpy with unused retval to strscpy (Wolfram Sang) - NFSD: move from strlcpy with unused retval to strscpy (Wolfram Sang) - nfsd_splice_actor(): handle compound pages (Al Viro) - NFSD: fix regression with setting ACLs. (NeilBrown) - NFSD: discard fh_locked flag and fh_lock/fh_unlock (NeilBrown) - NFSD: use (un)lock_inode instead of fh_(un)lock for file operations (NeilBrown) - NFSD: use explicit lock/unlock for directory ops (NeilBrown) - NFSD: reduce locking in nfsd_lookup() (NeilBrown) - NFSD: only call fh_unlock() once in nfsd_link() (NeilBrown) - NFSD: always drop directory lock in nfsd_unlink() (NeilBrown) - NFSD: change nfsd_create()/nfsd_symlink() to unlock directory before returning. (NeilBrown) - NFSD: add posix ACLs to struct nfsd_attrs (NeilBrown) - NFSD: add security label to struct nfsd_attrs (NeilBrown) - NFSD: set attributes when creating symlinks (NeilBrown) - NFSD: introduce struct nfsd_attrs (NeilBrown) - NFSD: verify the opened dentry after setting a delegation (Jeff Layton) - NFSD: drop fh argument from alloc_init_deleg (Jeff Layton) - NFSD: Move copy offload callback arguments into a separate structure (Chuck Lever) - NFSD: Add nfsd4_send_cb_offload() (Chuck Lever) - NFSD: Remove kmalloc from nfsd4_do_async_copy() (Chuck Lever) - NFSD: Refactor nfsd4_do_copy() (Chuck Lever) - NFSD: Refactor nfsd4_cleanup_inter_ssc() (2/2) (Chuck Lever) - NFSD: Refactor nfsd4_cleanup_inter_ssc() (1/2) (Chuck Lever) - NFSD: Replace boolean fields in struct nfsd4_copy (Chuck Lever) - NFSD: Make nfs4_put_copy() static (Chuck Lever) - NFSD: Reorder the fields in struct nfsd4_op (Chuck Lever) - NFSD: Shrink size of struct nfsd4_copy (Chuck Lever) - NFSD: Shrink size of struct nfsd4_copy_notify (Chuck Lever) - NFSD: nfserrno(-ENOMEM) is nfserr_jukebox (Chuck Lever) - NFSD: Fix strncpy() fortify warning (Chuck Lever) - NFSD: Clean up nfsd4_encode_readlink() (Chuck Lever) - NFSD: Use xdr_pad_size() (Chuck Lever) - NFSD: Simplify starting_len (Chuck Lever) - NFSD: Optimize nfsd4_encode_readv() (Chuck Lever) - NFSD: Add an nfsd4_read::rd_eof field (Chuck Lever) - NFSD: Clean up SPLICE_OK in nfsd4_encode_read() (Chuck Lever) - NFSD: Optimize nfsd4_encode_fattr() (Chuck Lever) - NFSD: Optimize nfsd4_encode_operation() (Chuck Lever) - nfsd: silence extraneous printk on nfsd.ko insertion (Jeff Layton) - NFSD: limit the number of v4 clients to 1024 per 1GB of system memory (Dai Ngo) - NFSD: keep track of the number of v4 clients in the system (Dai Ngo) - NFSD: refactoring v4 specific code to a helper in nfs4state.c (Dai Ngo) - NFSD: Ensure nf_inode is never dereferenced (Chuck Lever) - NFSD: NFSv4 CLOSE should release an nfsd_file immediately (Chuck Lever) - NFSD: Move nfsd_file_trace_alloc() tracepoint (Chuck Lever) - NFSD: Separate tracepoints for acquire and create (Chuck Lever) - NFSD: Clean up unused code after rhashtable conversion (Chuck Lever) - NFSD: Convert the filecache to use rhashtable (Chuck Lever) - NFSD: Set up an rhashtable for the filecache (Chuck Lever) - NFSD: Replace the 'init once' mechanism (Chuck Lever) - NFSD: Remove nfsd_file::nf_hashval (Chuck Lever) - NFSD: nfsd_file_hash_remove can compute hashval (Chuck Lever) - NFSD: Refactor __nfsd_file_close_inode() (Chuck Lever) - NFSD: nfsd_file_unhash can compute hashval from nf->nf_inode (Chuck Lever) - NFSD: Remove lockdep assertion from unhash_and_release_locked() (Chuck Lever) - NFSD: No longer record nf_hashval in the trace log (Chuck Lever) - NFSD: Never call nfsd_file_gc() in foreground paths (Chuck Lever) - NFSD: Fix the filecache LRU shrinker (Chuck Lever) - NFSD: Leave open files out of the filecache LRU (Chuck Lever) - NFSD: Trace filecache LRU activity (Chuck Lever) - NFSD: WARN when freeing an item still linked via nf_lru (Chuck Lever) - NFSD: Hook up the filecache stat file (Chuck Lever) - NFSD: Zero counters when the filecache is re-initialized (Chuck Lever) - NFSD: Record number of flush calls (Chuck Lever) - NFSD: Report the number of items evicted by the LRU walk (Chuck Lever) - NFSD: Refactor nfsd_file_lru_scan() (Chuck Lever) - NFSD: Refactor nfsd_file_gc() (Chuck Lever) - NFSD: Add nfsd_file_lru_dispose_list() helper (Chuck Lever) - NFSD: Report average age of filecache items (Chuck Lever) - NFSD: Report count of freed filecache items (Chuck Lever) - NFSD: Report count of calls to nfsd_file_acquire() (Chuck Lever) - NFSD: Report filecache LRU size (Chuck Lever) - NFSD: Demote a WARN to a pr_warn() (Chuck Lever) - nfsd: remove redundant assignment to variable len (Colin Ian King) - NFSD: Fix space and spelling mistake (Zhang Jiaming) - NFSD: Instrument fh_verify() (Chuck Lever) - NLM: Defend against file_lock changes after vfs_test_lock() (Benjamin Coddington) - fsnotify: Fix comment typo (Xin Gao) - fanotify: introduce FAN_MARK_IGNORE (Amir Goldstein) - fanotify: cleanups for fanotify_mark() input validations (Amir Goldstein) - fanotify: prepare for setting event flags in ignore mask (Amir Goldstein) - fs: inotify: Fix typo in inotify comment (Oliver Ford) - NFSD: Decode NFSv4 birth time attribute (Chuck Lever) - fanotify: refine the validation checks on non-dir inode mask (Amir Goldstein) - NFS: restore module put when manager exits. (NeilBrown) - NFSD: Fix potential use-after-free in nfsd_file_put() (Chuck Lever) - NFSD: nfsd_file_put() can sleep (Chuck Lever) - NFSD: Add documenting comment for nfsd4_release_lockowner() (Chuck Lever) - NFSD: Modernize nfsd4_release_lockowner() (Chuck Lever) - nfsd: Fix null-ptr-deref in nfsd_fill_super() (Zhang Xiaoxu) - nfsd: Unregister the cld notifier when laundry_wq create failed (Zhang Xiaoxu) - SUNRPC: Use RMW bitops in single-threaded hot paths (Chuck Lever) - NFSD: Trace filecache opens (Chuck Lever) - NFSD: Move documenting comment for nfsd4_process_open2() (Chuck Lever) - NFSD: Fix whitespace (Chuck Lever) - NFSD: Remove dprintk call sites from tail of nfsd4_open() (Chuck Lever) - NFSD: Instantiate a struct file when creating a regular NFSv4 file (Chuck Lever) - NFSD: Clean up nfsd_open_verified() (Chuck Lever) - NFSD: Remove do_nfsd_create() (Chuck Lever) - NFSD: Refactor NFSv4 OPEN(CREATE) (Chuck Lever) - NFSD: Refactor NFSv3 CREATE (Chuck Lever) - NFSD: Refactor nfsd_create_setattr() (Chuck Lever) - NFSD: Avoid calling fh_drop_write() twice in do_nfsd_create() (Chuck Lever) - NFSD: Clean up nfsd3_proc_create() (Chuck Lever) - NFSD: Show state of courtesy client in client info (Dai Ngo) - NFSD: add support for lock conflict to courteous server (Dai Ngo) - fs/lock: add 2 callbacks to lock_manager_operations to resolve conflict (Dai Ngo) - fs/lock: add helper locks_owner_has_blockers to check for blockers (Dai Ngo) - NFSD: move create/destroy of laundry_wq to init_nfsd and exit_nfsd (Dai Ngo) - NFSD: add support for share reservation conflict to courteous server (Dai Ngo) - NFSD: add courteous server support for thread with only delegation (Dai Ngo) - NFSD: Clean up nfsd_splice_actor() (Chuck Lever) - fanotify: fix incorrect fmode_t casts (Vasily Averin) - fsnotify: consistent behavior for parent not watching children (Amir Goldstein) - fsnotify: introduce mark type iterator (Amir Goldstein) - fanotify: enable 'evictable' inode marks (Amir Goldstein) - fanotify: use fsnotify group lock helpers (Amir Goldstein) - fanotify: implement 'evictable' inode marks (Amir Goldstein) - fanotify: factor out helper fanotify_mark_update_flags() (Amir Goldstein) - fanotify: create helper fanotify_mark_user_flags() (Amir Goldstein) - fsnotify: allow adding an inode mark without pinning inode (Amir Goldstein) - dnotify: use fsnotify group lock helpers (Amir Goldstein) - nfsd: use fsnotify group lock helpers (Amir Goldstein) - inotify: use fsnotify group lock helpers (Amir Goldstein) - fsnotify: create helpers for group mark_mutex lock (Amir Goldstein) - fsnotify: make allow_dups a property of the group (Amir Goldstein) - fsnotify: pass flags argument to fsnotify_alloc_group() (Amir Goldstein) - inotify: move control flags from mask to mark flags (Amir Goldstein) - fs/lock: documentation cleanup. Replace inode->i_lock with flc_lock. (Dai Ngo) - fanotify: do not allow setting dirent events in mask of non-dir (Amir Goldstein) - nfsd: Clean up nfsd_file_put() (Trond Myklebust) - nfsd: Fix a write performance regression (Trond Myklebust) - fsnotify: remove redundant parameter judgment (Bang Li) - fsnotify: optimize FS_MODIFY events with no ignored masks (Amir Goldstein) - fsnotify: fix merge with parent's ignored mask (Amir Goldstein) - nfsd: fix using the correct variable for sizeof() (Jakob Koschel) - NFSD: Clean up _lm_ operation names (Chuck Lever) - NFSD: Remove CONFIG_NFSD_V3 (Chuck Lever) - NFSD: Move svc_serv_ops::svo_function into struct svc_serv (Chuck Lever) - NFSD: Remove svc_serv_ops::svo_module (Chuck Lever) - SUNRPC: Remove svc_shutdown_net() (Chuck Lever) - SUNRPC: Rename svc_close_xprt() (Chuck Lever) - SUNRPC: Rename svc_create_xprt() (Chuck Lever) - SUNRPC: Remove svo_shutdown method (Chuck Lever) - SUNRPC: Merge svc_do_enqueue_xprt() into svc_enqueue_xprt() (Chuck Lever) - SUNRPC: Remove the .svo_enqueue_xprt method (Chuck Lever) - NFSD: Remove NFSD_PROC_ARGS_* macros (Chuck Lever) - NFSD: Streamline the rare 'found' case (Chuck Lever) - NFSD: Skip extra computation for RC_NOCACHE case (Chuck Lever) - orDate: Thu Sep 30 19:19:57 2021 -0400 (Chuck Lever) - nfsd: Add support for the birth time attribute (Ondrej Valousek) - NFSD: Deprecate NFS_OFFSET_MAX (Chuck Lever) - fsnotify: invalidate dcache before IN_DELETE event (Amir Goldstein) - NFSD: Move fill_pre_wcc() and fill_post_wcc() (Chuck Lever) - NFSD: Trace boot verifier resets (Chuck Lever) - NFSD: Rename boot verifier functions (Chuck Lever) - NFSD: Clean up the nfsd_net::nfssvc_boot field (Chuck Lever) - NFSD: Write verifier might go backwards (Chuck Lever) - nfsd: Add a tracepoint for errors in nfsd4_clone_file_range() (Trond Myklebust) - NFSD: De-duplicate net_generic(SVC_NET(rqstp), nfsd_net_id) (Chuck Lever) - NFSD: Clean up nfsd_vfs_write() (Chuck Lever) - nfsd: Retry once in nfsd_open on an -EOPENSTALE return (Jeff Layton) - nfsd: Add errno mapping for EREMOTEIO (Jeff Layton) - nfsd: map EBADF (Peng Tao) - nfsd4: add refcount for nfsd4_blocked_lock (Vasily Averin) - nfs: block notification on fs with its own ->lock (J. Bruce Fields) - NFSD: De-duplicate nfsd4_decode_bitmap4() (Chuck Lever) - nfsd: improve stateid access bitmask documentation (J. Bruce Fields) - NFSD: Combine XDR error tracepoints (Chuck Lever) - NFSD: simplify per-net file cache management (NeilBrown) - NFSD: Fix inconsistent indenting (Jiapeng Chong) - NFSD: Remove be32_to_cpu() from DRC hash function (Chuck Lever) - NFS: switch the callback service back to non-pooled. (NeilBrown) - lockd: use svc_set_num_threads() for thread start and stop (NeilBrown) - SUNRPC: always treat sv_nrpools==1 as 'not pooled' (NeilBrown) - SUNRPC: move the pool_map definitions (back) into svc.c (NeilBrown) - lockd: rename lockd_create_svc() to lockd_get() (NeilBrown) - lockd: introduce lockd_put() (NeilBrown) - lockd: move svc_exit_thread() into the thread (NeilBrown) - lockd: move lockd_start_svc() call into lockd_create_svc() (NeilBrown) - lockd: simplify management of network status notifiers (NeilBrown) - lockd: introduce nlmsvc_serv (NeilBrown) - NFSD: simplify locking for network notifier. (NeilBrown) - SUNRPC: discard svo_setup and rename svc_set_num_threads_sync() (NeilBrown) - NFSD: Make it possible to use svc_set_num_threads_sync (NeilBrown) - NFSD: narrow nfsd_mutex protection in nfsd thread (NeilBrown) - SUNRPC: use sv_lock to protect updates to sv_nrthreads. (NeilBrown) - nfsd: make nfsd_stats.th_cnt atomic_t (NeilBrown) - SUNRPC: stop using ->sv_nrthreads as a refcount (NeilBrown) - SUNRPC/NFSD: clean up get/put functions. (NeilBrown) - SUNRPC: change svc_get() to return the svc. (NeilBrown) - NFSD: handle errors better in write_ports_addfd() (NeilBrown) - exit: Rename module_put_and_exit to module_put_and_kthread_exit (Eric W. Biederman) - exit: Implement kthread_exit (Eric W. Biederman) - fanotify: wire up FAN_RENAME event (Amir Goldstein) - fanotify: report old and/or new parent+name in FAN_RENAME event (Amir Goldstein) - fanotify: record either old name new name or both for FAN_RENAME (Amir Goldstein) - fanotify: record old and new parent and name in FAN_RENAME event (Amir Goldstein) - fanotify: support secondary dir fh and name in fanotify_info (Amir Goldstein) - fanotify: use helpers to parcel fanotify_info buffer (Amir Goldstein) - fanotify: use macros to get the offset to fanotify_info buffer (Amir Goldstein) - fsnotify: generate FS_RENAME event with rich information (Amir Goldstein) - fanotify: introduce group flag FAN_REPORT_TARGET_FID (Amir Goldstein) - fsnotify: separate mark iterator type from object type enum (Amir Goldstein) - fsnotify: clarify object type argument (Amir Goldstein) - ext4: fix error code saved on super block during file system abort (Gabriel Krisman Bertazi) - nfsd4: remove obselete comment (J. Bruce Fields) - NFSD:fix boolreturn.cocci warning (Changcheng Deng) - nfsd: update create verifier comment (J. Bruce Fields) - SUNRPC: Change return value type of .pc_encode (Chuck Lever) - SUNRPC: Replace the '__be32 *p' parameter to .pc_encode (Chuck Lever) - NFSD: Save location of NFSv4 COMPOUND status (Chuck Lever) - SUNRPC: Change return value type of .pc_decode (Chuck Lever) - SUNRPC: Replace the '__be32 *p' parameter to .pc_decode (Chuck Lever) - NFSD: Initialize pointer ni with NULL and not plain integer 0 (Colin Ian King) - NFSD: simplify struct nfsfh (NeilBrown) - NFSD: drop support for ancient filehandles (NeilBrown) - NFSD: move filehandle format declarations out of 'uapi'. (NeilBrown) - NFSD: Optimize DRC bucket pruning (Chuck Lever) - NFS: Move NFS protocol display macros to global header (Chuck Lever) - NFS: Move generic FS show macros to global header (Chuck Lever) - SUNRPC: Tracepoints should display tk_pid and cl_clid as a fixed-size field (Chuck Lever) - NFS: Remove unnecessary TRACE_DEFINE_ENUM()s (Chuck Lever) - docs: Document the FAN_FS_ERROR event (Gabriel Krisman Bertazi) - ext4: Send notifications on error (Gabriel Krisman Bertazi) - fanotify: Allow users to request FAN_FS_ERROR events (Gabriel Krisman Bertazi) - fanotify: Emit generic error info for error event (Gabriel Krisman Bertazi) - fanotify: Report fid info for file related file system errors (Gabriel Krisman Bertazi) - fanotify: WARN_ON against too large file handles (Gabriel Krisman Bertazi) - fanotify: Add helpers to decide whether to report FID/DFID (Gabriel Krisman Bertazi) - fanotify: Wrap object_fh inline space in a creator macro (Gabriel Krisman Bertazi) - fanotify: Support merging of error events (Gabriel Krisman Bertazi) - fanotify: Support enqueueing of error events (Gabriel Krisman Bertazi) - fanotify: Pre-allocate pool of error events (Gabriel Krisman Bertazi) - fanotify: Reserve UAPI bits for FAN_FS_ERROR (Gabriel Krisman Bertazi) - fsnotify: Support FS_ERROR event type (Gabriel Krisman Bertazi) - fanotify: Require fid_mode for any non-fd event (Gabriel Krisman Bertazi) - fanotify: Encode empty file handle when no inode is provided (Gabriel Krisman Bertazi) - fanotify: Allow file handle encoding for unhashed events (Gabriel Krisman Bertazi) - fanotify: Support null inode event in fanotify_dfid_inode (Gabriel Krisman Bertazi) - fsnotify: Pass group argument to free_event (Gabriel Krisman Bertazi) - fsnotify: Protect fsnotify_handle_inode_event from no-inode events (Gabriel Krisman Bertazi) - fsnotify: Retrieve super block from the data field (Gabriel Krisman Bertazi) - fsnotify: Add wrapper around fsnotify_add_event (Gabriel Krisman Bertazi) - fsnotify: Add helper to detect overflow_event (Gabriel Krisman Bertazi) - inotify: Don't force FS_IN_IGNORED (Gabriel Krisman Bertazi) - fanotify: Split fsid check from other fid mode checks (Gabriel Krisman Bertazi) - fanotify: Fold event size calculation to its own function (Gabriel Krisman Bertazi) - fsnotify: Don't insert unmergeable events in hashtable (Gabriel Krisman Bertazi) - fsnotify: clarify contract for create event hooks (Amir Goldstein) - fsnotify: pass dentry instead of inode data (Amir Goldstein) - fsnotify: pass data_type to fsnotify_name() (Amir Goldstein) - x86/static_call: Add support for Jcc tail-calls (Peter Zijlstra) {CVE-2022-29901} {CVE-2022-23816} - x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 instructions (Peter Zijlstra) - x86/alternatives: Introduce int3_emulate_jcc() (Peter Zijlstra) - x86/asm: Differentiate between code and function alignment (Thomas Gleixner) - arch: Introduce CONFIG_FUNCTION_ALIGNMENT (Peter Zijlstra) - KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests (Pawan Gupta) - x86/rfds: Mitigate Register File Data Sampling (RFDS) (Pawan Gupta) - Documentation/hw-vuln: Add documentation for RFDS (Pawan Gupta) - x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set (Pawan Gupta) - KVM/VMX: Move VERW closer to VMentry for MDS mitigation (Pawan Gupta) - KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (Sean Christopherson) - x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (Pawan Gupta) - x86/entry_32: Add VERW just before userspace transition (Pawan Gupta) - x86/entry_64: Add VERW just before userspace transition (Pawan Gupta) - x86/bugs: Add asm helpers for executing VERW (Pawan Gupta) - x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (H. Peter Anvin (Intel)) - KVM: arm64: Limit stage2_apply_range() batch size to largest block (Oliver Upton) - KVM: arm64: Work out supported block level at compile time (Oliver Upton) - tty: serial: imx: Fix broken RS485 (Rickard x Andersson) - printk: Update @console_may_schedule in console_trylock_spinning() (John Ogness) - iommu/dma: Force swiotlb_max_mapping_size on an untrusted device (Nicolin Chen) - dma-iommu: add iommu_dma_opt_mapping_size() (John Garry) - dma-mapping: add dma_opt_mapping_size() (John Garry) - swiotlb: Fix alignment checks when both allocation and DMA masks are present (Will Deacon) - minmax: add umin(a, b) and umax(a, b) (David Laight) - entry: Respect changes to system call number by trace_sys_enter() (Andre Rosti) - clocksource/drivers/arm_global_timer: Fix maximum prescaler value (Martin Blumenstingl) - ACPI: CPPC: Use access_width over bit_width for system memory accesses (Jarred White) - xen/events: close evtchn after mapping cleanup (Maximilian Heyne) - i2c: i801: Avoid potential double call to gpiod_remove_lookup_table (Heiner Kallweit) - tee: optee: Fix kernel panic caused by incorrect error handling (Sumit Garg) - vt: fix unicode buffer corruption when deleting characters (Nicolas Pitre) - mei: me: add arrow lake point H DID (Alexander Usyskin) - mei: me: add arrow lake point S DID (Alexander Usyskin) - tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled (Sherry Sun) - usb: port: Don't try to peer unused USB ports based on location (Mathias Nyman) - usb: gadget: ncm: Fix handling of zero block length packets (Krishna Kurapati) - USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command (Alan Stern) - ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform (Kailang Yang) - drm/i915: Check before removing mm notifier (Nirmoy Das) - tracing: Use .flush() call to wake up readers (Steven Rostedt (Google)) - KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() (Sean Christopherson) - xfrm: Avoid clang fortify warning in copy_to_user_tmpl() (Nathan Chancellor) - netfilter: nf_tables: reject constant set with timeout (Pablo Neira Ayuso) - netfilter: nf_tables: disallow anonymous set with timeout flag (Pablo Neira Ayuso) - netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (Pablo Neira Ayuso) - cpufreq: brcmstb-avs-cpufreq: fix up 'add check for cpufreq_cpu_get's return value' (Greg Kroah-Hartman) - net: ravb: Add R-Car Gen4 support (Geert Uytterhoeven) - x86/pm: Work around false positive kmemleak report in msr_build_context() (Anton Altaparmakov) - dm snapshot: fix lockup in dm_exception_table_exit (Mikulas Patocka) - drm/amd/display: Fix noise issue on HDMI AV mute (Leo Ma) - drm/amd/display: Return the correct HDCP error code (Rodrigo Siqueira) - drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag (Philip Yang) - ahci: asm1064: asm1166: don't limit reported ports (Conrad Kostecki) - ahci: asm1064: correct count of reported ports (Andrey Jr. Melnikov) - wireguard: netlink: access device through ctx instead of peer (Jason A. Donenfeld) - wireguard: netlink: check for dangling peer via is_dead instead of empty list (Jason A. Donenfeld) - net: hns3: tracing: fix hclgevf trace event strings (Steven Rostedt (Google)) - NFSD: Fix nfsd_clid_class use of __string_len() macro (Steven Rostedt (Google)) - x86/CPU/AMD: Update the Zenbleed microcode revisions (Borislav Petkov (AMD)) - cpufreq: dt: always allocate zeroed cpumask (Marek Szyprowski) - nilfs2: prevent kernel bug at submit_bh_wbc() (Ryusuke Konishi) - nilfs2: fix failure to detect DAT corruption in btree and direct mappings (Ryusuke Konishi) - memtest: use {READ,WRITE}_ONCE in memory scanning (Qiang Zhang) - drm/vc4: hdmi: do not return negative values from .get_modes() (Jani Nikula) - drm/imx/ipuv3: do not return negative values from .get_modes() (Jani Nikula) - drm/exynos: do not return negative values from .get_modes() (Jani Nikula) - drm/panel: do not return negative error codes from drm_panel_get_modes() (Jani Nikula) - s390/zcrypt: fix reference counting on zcrypt card objects (Harald Freudenberger) - soc: fsl: qbman: Use raw spinlock for cgr_lock (Sean Anderson) - soc: fsl: qbman: Add CGR update function (Sean Anderson) - soc: fsl: qbman: Add helper for sanity checking cgr ops (Sean Anderson) - soc: fsl: qbman: Always disable interrupts when taking cgr_lock (Sean Anderson) - ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() (Steven Rostedt (Google)) - ring-buffer: Fix full_waiters_pending in poll (Steven Rostedt (Google)) - ring-buffer: Fix resetting of shortest_full (Steven Rostedt (Google)) - ring-buffer: Do not set shortest_full when full target is hit (Steven Rostedt (Google)) - ring-buffer: Fix waking up ring buffer readers (Steven Rostedt (Google)) - ring-buffer: Update 'shortest_full' in polling (Steven Rostedt (Google)) - tracing/ring-buffer: Have polling block on watermark (Steven Rostedt (Google)) - ksmbd: retrieve number of blocks using vfs_getattr in set_file_allocation_info (Marios Makassikis) - vfio/platform: Disable virqfds on cleanup (Alex Williamson) - PCI: dwc: endpoint: Fix advertised resizable BAR size (Niklas Cassel) - kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 (Nathan Chancellor) - nfs: fix UAF in direct writes (Josef Bacik) - PCI/AER: Block runtime suspend when handling errors (Stanislaw Gruszka) - speakup: Fix 8bit characters from direct synth (Samuel Thibault) - usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic (Wayne Chang) - phy: tegra: xusb: Add API to retrieve the port number of phy (Wayne Chang) - slimbus: core: Remove usage of the deprecated ida_simple_xx() API (Christophe JAILLET) - nvmem: meson-efuse: fix function pointer type mismatch (Jerome Brunet) - hwmon: (amc6821) add of_match table (Josua Mayer) - landlock: Warn once if a Landlock action is requested while disabled (Mickael Salaun) - drm/etnaviv: Restore some id values (Christian Gmeiner) - mm: swap: fix race between free_swap_and_cache() and swapoff() (Ryan Roberts) - swap: comments get_swap_device() with usage rule (Huang Ying) - mac802154: fix llsec key resources release in mac802154_llsec_key_del (Fedor Pchelkin) - dm-raid: fix lockdep waring in 'pers->hot_add_disk' (Yu Kuai) - PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports (Paul Menzel) - PCI/DPC: Quirk PIO log size for certain Intel Root Ports (Mika Westerberg) - PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited (Mika Westerberg) - PCI/PM: Drain runtime-idle callbacks before driver removal (Rafael J. Wysocki) - PCI: Drop pci_device_remove() test of pci_dev->driver (Uwe Kleine-Konig) - btrfs: fix off-by-one chunk length calculation at contains_pending_extent() (Filipe Manana) - serial: Lock console when calling into driver before registration (Peter Collingbourne) - printk/console: Split out code that enables default console (Petr Mladek) - usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros (Jameson Thies) - fuse: don't unhash root (Miklos Szeredi) - fuse: fix root lookup with nonzero generation (Miklos Szeredi) - mmc: tmio: avoid concurrent runs of mmc_request_done() (Wolfram Sang) - PM: sleep: wakeirq: fix wake irq warning in system suspend (Qingliang Li) - USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M (Toru Katagiri) - USB: serial: option: add MeiG Smart SLM320 product (Aurelien Jacobs) - USB: serial: cp210x: add ID for MGP Instruments PDS100 (Christian Haggstrom) - USB: serial: add device ID for VeriFone adapter (Cameron Williams) - USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB (Daniel Vogelbacher) - powerpc/fsl: Fix mfpmr build errors with newer binutils (Michael Ellerman) - usb: xhci: Add error handling in xhci_map_urb_for_dma (Prashanth K) - clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays (Gabor Juhos) - clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays (Gabor Juhos) - clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays (Gabor Juhos) - clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays (Gabor Juhos) - PM: suspend: Set mem_sleep_current during kernel command line setup (Maulik Shah) - parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds (Guenter Roeck) - parisc: Fix csum_ipv6_magic on 64-bit systems (Guenter Roeck) - parisc: Fix csum_ipv6_magic on 32-bit systems (Guenter Roeck) - parisc: Fix ip_fast_csum (Guenter Roeck) - parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros (John David Anglin) - mtd: rawnand: meson: fix scrambling mode value in command macro (Arseniy Krasnov) - ubi: correct the calculation of fastmap size (Zhang Yi) - ubi: Check for too small LEB size in VTBL code (Richard Weinberger) - ubifs: Set page uptodate in the correct place (Matthew Wilcox (Oracle)) - fat: fix uninitialized field in nostale filehandles (Jan Kara) - bounds: support non-power-of-two CONFIG_NR_CPUS (Matthew Wilcox (Oracle)) - kasan/test: avoid gcc warning for intentional overflow (Arnd Bergmann) - kasan: test: add memcpy test that avoids out-of-bounds write (Peter Collingbourne) - block: Clear zone limits for a non-zoned stacked queue (Damien Le Moal) - ext4: correct best extent lstart adjustment logic (Baokun Li) - selftests/mqueue: Set timeout to 180 seconds (SeongJae Park) - crypto: qat - resolve race condition during AER recovery (Damian Muszynski) - sparc: vDSO: fix return value of __setup handler (Randy Dunlap) - sparc64: NMI watchdog: fix return value of __setup handler (Randy Dunlap) - KVM: Always flush async #PF workqueue when vCPU is being destroyed (Sean Christopherson) - media: xc4000: Fix atomicity violation in xc4000_get_frequency (Gui-Dong Han) - pci_iounmap(): Fix MMIO mapping leak (Philipp Stanner) - drm/vmwgfx: Fix possible null pointer derefence with invalid contexts (Zack Rusin) - arm: dts: marvell: Fix maxium->maxim typo in brownstone dts (Duje Mihanovic) - smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() (Roberto Sassu) - smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() (Roberto Sassu) - clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd (Amit Pundir) - media: staging: ipu3-imgu: Set fields before media_entity_pads_init() (Hidenori Kobayashi) - wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach (Zheng Wang) - timers: Use del_timer_sync() even on UP (Thomas Gleixner) - timers: Update kernel-doc for various functions (Thomas Gleixner) - Revert 'NFSD: add courteous server support for thread with only delegation' (Vijayendra Suman) - Revert 'NFSD: add support for share reservation conflict to courteous server' (Vijayendra Suman) - Revert 'NFSD: move create/destroy of laundry_wq to init_nfsd and exit_nfsd' (Vijayendra Suman) - Revert 'fs/lock: add helper locks_owner_has_blockers to check for blockers' (Vijayendra Suman) - Revert 'fs/lock: add 2 callbacks to lock_manager_operations to resolve conflict' (Vijayendra Suman) - Revert 'NFSD: Clean up _lm_ operation names' (Vijayendra Suman) - Revert 'NFSD: add support for lock conflict to courteous server' (Vijayendra Suman) - Revert 'NFSD: Show state of courtesy client in client info' (Vijayendra Suman) - Revert 'NFSD: refactoring v4 specific code to a helper in nfs4state.c' (Vijayendra Suman) - Revert 'NFSD: keep track of the number of v4 clients in the system' (Vijayendra Suman) - Revert 'NFSD: limit the number of v4 clients to 1024 per 1GB of system memory' (Vijayendra Suman) - Revert 'NFSD: keep track of the number of courtesy clients in the system' (Vijayendra Suman) - Revert 'NFSD: add shrinker to reap courtesy clients on low memory condition' (Vijayendra Suman) - Revert 'NFSD: unregister shrinker when nfsd_init_net() fails' (Vijayendra Suman) - Revert 'NFSD: refactoring courtesy_client_reaper to a generic low memory shrinker' (Vijayendra Suman) - Revert 'NFSD: register/unregister of nfsd-client shrinker at nfsd startup/shutdown time' (Vijayendra Suman) - igb: fix __free_irq warnings seen during module unload. (Imran Khan) [Orabug: 36612014] - RDS/IB: Remove incorrect clearing of RDS_IB_CQ_ERR in rds_ib_conn_path_shutdown_final() (Hans Westgaard Ry) [Orabug: 36610478] - block: fix io util% for exadata disk with 1 hw queue (Gulam Mohamed) [Orabug: 36589636] - Revert 'Consider inflight IO in io accounting for high latency devices' (Gulam Mohamed) [Orabug: 36589636] - kprobe/ftrace: bail out if ftrace was killed (Stephen Brennan) [Orabug: 36557721] - uek: kabi: Enable the size checks and fix broken APIs (Saeed Mirzamohammadi) [Orabug: 36545482] - uek: kabi: Introduce new APIs to check for size (Saeed Mirzamohammadi) [Orabug: 36545482] [5.15.0-207.153.1] - kallsyms: add kallsyms_seqs_of_names to list of special symbols (Arnd Bergmann) [Orabug: 36475635] - kallsyms: Reduce the memory occupied by kallsyms_seqs_of_names[] (Zhen Lei) [Orabug: 36475635] - kallsyms: Improve the performance of kallsyms_lookup_name() (Zhen Lei) [Orabug: 36475635] - RDMA/mlx5: Fix port number for counter query in multi-port configuration (Michael Guralnik) [Orabug: 36546028] - x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI (Josh Poimboeuf) [Orabug: 36584722] - x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (Josh Poimboeuf) [Orabug: 36584722] - x86/bugs: Clarify that syscall hardening isn't a BHI mitigation (Josh Poimboeuf) [Orabug: 36584722] - x86/bugs: Fix BHI handling of RRSBA (Josh Poimboeuf) [Orabug: 36584722] - x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' (Ingo Molnar) [Orabug: 36584722] - x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES (Josh Poimboeuf) [Orabug: 36584722] - x86/bugs: Fix BHI documentation (Josh Poimboeuf) [Orabug: 36584722] - x86/bugs: Fix return type of spectre_bhi_state() (Daniel Sneddon) [Orabug: 36584722] - x86/bhi: Update BHI mitigation (Alexandre Chartre) [Orabug: 36584722] - x86/syscall: Don't force use of indirect calls for system calls (Linus Torvalds) [Orabug: 36584722] - x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file (Josh Poimboeuf) [Orabug: 36584722] - cpufreq: intel_pstate: Add Emerald Rapids support in no-HWP mode (Zhenguo Yao) [Orabug: 36588243] - cpufreq: intel_pstate: Add Sapphire Rapids support in no-HWP mode (Giovanni Gherdovich) [Orabug: 36588243] - tools/power turbostat: Introduce support for EMR (Zhang Rui) [Orabug: 36588243] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2022-23816 CVE-2022-29901 cpe:/a:oracle:linux:8::UEKR7 cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:8::developer_UEKR7 cpe:/a:oracle:linux:9::UEKR7 cpe:/o:oracle:linux:9:4:baseos_patch cpe:/a:oracle:linux:9::developer_UEKR7 Oracle Linux 9 [8.7p1-38.0.2] - Restore dropped earlier ifdef condition for safe _exit(1) call in sshsigdie() [Orabug: 36783468] Resolves CVE-2024-6387 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-6387 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [2.34-100.0.1.2] - Forward-port Oracle patches for ol9-u4 Reviewed by: Jose E. Marchesi <jose.marchesi@oracle.com> Oracle history: April-30-2024 Cupertino Miranda <cupertino.miranda@oracle.com> - 2.34-100.0.1 - Forward-port Oracle patches for ol9-u4 Reviewed by: Indu Bhagat <indu.bhagat@oracle.com> March-28-2024 Cupertino Miranda <cupertino.miranda@oracle.com> - 2.34-100.0.1 - Forward-port Oracle patches for ol9-u4-beta Reviewed by: Jose E. Marchesi <jose.marchesi@oracle.com> March 15 2024 Cupertino Miranda <cupertino.miranda@oracle.com> - 2.34-83.0.2.12 - Forward-port Oracle patches for ol9 Reviewed by: Jose E. Marchesi <jose.marchesi@oracle.com> February-26-2024 Cupertino Miranda <cupertino.miranda@oracle.com> - 2.34-83.0.2.7 - OraBug 36322437 getaddrinfo does not return correct ipv6 address and family Reviewed by: Jose E. Marchesi <jose.marchesi@oracle.com> October-24-2023 Cupertino Miranda <cupertino.miranda@oracle.com> - 2.34-83.0.1.7 - Forward-port Oracle patches for ol9 Reviewed by: Jose E. Marchesi <jose.marchesi@oracle.com> October-4-2023 Cupertino Miranda <cupertino.miranda@oracle.com> - 2.34-82.0.1 - Forward-port Oracle patches for ol9 Reviewed by: Jose E. Marchesi <jose.marchesi@oracle.com> April-18-2023 Cupertino Miranda <cupertino.miranda@oracle.com> - 2.34-60.0.2 - OraBug 35305078 Glibc tunable to disable huge pages on pthread_create stacks - Created tunable glibc.pthread.stack_hugetlb to control when hugepages can be used for stack allocation. - In case THP are enabled and glibc.pthread.stack_hugetlb is set to 0, glibc will madvise the kernel not to use allow hugepages for stack allocations. Reviewed by: Jose E. Marchesi <jose.marchesi@oracle.com> March-28-2023 Cupertino Miranda <cupertino.miranda@oracle.com> - 2.34-60.0.1 - Merge Oracle patches for ol9-u2 beta Reviewed by: Jose E. Marchesi <jose.marchesi@oracle.com> September-28-2022 Patrick McGehearty <patrick.mcgehearty@oracle.com> - 2.34-40.0.1 - Merge Oracle patches for ol9-u1 beta Reviewed by: Jose E. Marchesi <jose.marchesi@oracle.com> April-25-2022 Patrick McGehearty <patrick.mcgehearty@oracle.com> - 2.34-28.0.1 - Merge Oracle patches with ol9 beta - Reviewed-by: Jose E. Marchesi <jose.marchesi@oracle.com> [2.34-100.2] - CVE-2024-33599: nscd: buffer overflow in netgroup cache (RHEL-34318) - CVE-2024-33600: nscd: null pointer dereferences in netgroup cache - CVE-2024-33601: nscd: crash on out-of-memory condition - CVE-2024-33602: nscd: memory corruption with NSS netgroup modules [2.34-100.1] - CVE-2024-2961: Out of bounds write in iconv conversion to ISO-2022-CN-EXT (RHEL-32480) [2.34-100] - manual: fix order of arguments of memalign and aligned_alloc (RHEL-21556) [2.34-99] - getaddrinfo: Return correct error EAI_MEMORY when out-of-memory (RHEL-19444) [2.34-98] - getaddrinfo: Fix occasionally empty result due to nscd cache order (RHEL-16643) [2.34-97] - Re-enable output buffering for wide stdio streams (RHEL-19862) [2.34-96] - Fix TLS corruption during dlopen()/dlclose() sequences (RHEL-17465) [2.34-95] - Improve compatibility between underlinking and IFUNC resolvers (RHEL-17319) [2.34-94] - Update syscall-names.list for Linux 6.6. (RHEL-16016) [2.34-93] - malloc: Use __get_nprocs on arena_get2. (RHEL-17157) [2.34-92] - Improve test coverage for wcsdup, strdup and strndup. (RHEL-15343) [2.34-91] - fstat performance enhancement (RHEL-2338) [2.34-90] - ldconfig should skip temporary files created by RPM (RHEL-14383) [2.34-89] - Fix force-first handling in dlclose (RHEL-2491) [2.34-88] - nscd: Refer to /run instead of /var/run in systemd socket file (RHEL-16275) [2.34-87] - Fix slow tls access after dlopen (RHEL-2123) [2.34-86] - Add /usr/share/doc/glibc/gai.conf to glibc-doc (RHEL-14545) [2.34-85] - nscd: Skip unusable entries in first pass in prune_cache (RHEL-3397) [2.34-84] - x86-64: Report non-zero cache sizes under TDX hypervisors (RHEL-1191) [2.34-83.7] - Fix memory leak regression in getaddrinfo (RHEL-2426) [2.34-83.6] - CVE-2023-4911 glibc: buffer overflow in ld.so leading to privilege escalation (RHEL-3000) [2.34-83.5] - Revert: Always call destructors in reverse constructor order (RHEL-2491) [2.34-83.4] - CVE-2023-4806 glibc: potential use-after-free in getaddrinfo (RHEL-2426) [2.34-83.3] - CVE-2023-4813: potential use-after-free in gaih_inet (RHEL-2438) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-2961 CVE-2024-33601 CVE-2024-33602 CVE-2024-33599 CVE-2024-33600 cpe:/a:oracle:linux:9::userspace_ksplice Oracle Linux 9 - [5.14.0-362.24.1_3.OL9] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944] - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Disable unified kernel image package build - Add Oracle Linux IMA certificates [5.14.0-362.24.1_3] - RDMA/mlx5: Fix assigning access flags to cache mkeys (Mohammad Kabat) [RHEL-25242 RHEL-882] - drm/amdgpu: Fix potential fence use-after-free v2 (Jan Stancek) [RHEL-24501 RHEL-24504 RHEL-22506 RHEL-22507] {CVE-2023-51042} - ceph: defer stopping mdsc delayed_work (Xiubo Li) [RHEL-22256 RHEL-16415] - ceph: never send metrics if disable_send_metrics is set (Xiubo Li) [RHEL-22256 RHEL-16415] - ceph: don't let check_caps skip sending responses for revoke msgs (Xiubo Li) [RHEL-22256 RHEL-16415] - ceph: issue a cap release immediately if no cap exists (Xiubo Li) [RHEL-22256 RHEL-16415] - ceph: trigger to flush the buffer when making snapshot (Xiubo Li) [RHEL-22256 RHEL-16415] - ceph: fix blindly expanding the readahead windows (Xiubo Li) [RHEL-22256 RHEL-16415] - ceph: add a dedicated private data for netfs rreq (Xiubo Li) [RHEL-22256 RHEL-16415] - ceph: voluntarily drop Xx caps for requests those touch parent mtime (Xiubo Li) [RHEL-22256 RHEL-16415] - ceph: try to dump the msgs when decoding fails (Xiubo Li) [RHEL-22256 RHEL-16415] - ceph: only send metrics when the MDS rank is ready (Xiubo Li) [RHEL-22256 RHEL-16415] - x86/boot: Ignore NMIs during very early boot (Derek Barbosa) [RHEL-24449 RHEL-9380] - Documentation, mm/unaccepted: document accept_memory kernel parameter (Paolo Bonzini) [RHEL-20808 RHEL-10059] - proc/kcore: do not try to access unaccepted memory (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi/unaccepted: do not let /proc/vmcore try to access unaccepted memory (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/traps: Fix load_unaligned_zeropad() handling for shared TDX memory (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi/unaccepted: Fix off-by-one when checking for overlapping ranges (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/tdx: Zero out the missing RSI in TDX_HYPERCALL macro (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/kvm: Do not try to disable kvmclock if it was not enabled (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/tdx: Mark TSC reliable (Paolo Bonzini) [RHEL-20808 RHEL-10059] - RHEL: kABI fixup for struct zone (Paolo Bonzini) [RHEL-20808 RHEL-10059] - RHEL: introduce NR_VM_ZONE_STAT_ITEMS_ACTUAL for kABI-preserving zone stats (Paolo Bonzini) [RHEL-20808 RHEL-10059] - RHEL: 9.3 kABI fixup for struct efi (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/mm: Fix enc_status_change_finish_noop() (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/tdx: Fix race between set_memory_encrypted() and load_unaligned_zeropad() (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/mm: Allow guest.enc_status_change_prepare() to fail (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/coco: Mark cc_platform_has() and descendants noinstr (Paolo Bonzini) [RHEL-20808 RHEL-10059] - virt: sevguest: Add CONFIG_CRYPTO dependency (Paolo Bonzini) [RHEL-20808 RHEL-10059] - mm/page_alloc: make deferred page init free pages in MAX_ORDER blocks (Paolo Bonzini) [RHEL-20808 RHEL-10059] - mm/page_alloc: fix obsolete comment in deferred_pfn_valid() (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/sev: Change npages to unsigned long in snp_accept_memory() (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi/unaccepted: Fix soft lockups caused by parallel memory acceptance (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi/unaccepted: Make sure unaccepted table is mapped (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/efi: Safely enable unaccepted memory in UEFI (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/sev: Add SNP-specific unaccepted memory support (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/sev: Use large PSC requests if applicable (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/sev: Allow for use of the early boot GHCB for PSC requests (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/sev: Put PSC struct on the stack in prep for unaccepted memory support (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/sev: Fix calculation of end address based on number of pages (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/tdx: Wrap exit reason with hcall_func() (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/tdx: Add unaccepted memory support (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/tdx: Refactor try_accept_one() (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi/unaccepted: Avoid load_unaligned_zeropad() stepping into unaccepted memory (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi: Add unaccepted memory support (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/boot/compressed: Handle unaccepted memory (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi/unaccepted: Use ACPI reclaim memory for unaccepted memory table (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi/libstub: Implement support for unaccepted memory (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi/x86: Get full memory map in allocate_e820() (Paolo Bonzini) [RHEL-20808 RHEL-10059] - memblock tests: Fix compilation errors. (Paolo Bonzini) [RHEL-20808 RHEL-10059] - mm: Add support for unaccepted memory (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/boot: Centralize __pa()/__va() definitions (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/boot: Add an efi.h header for the decompressor (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/tdx: Make _tdx_hypercall() and __tdx_module_call() available in boot stub (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/tdx: Drop flags from __tdx_hypercall() (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/tdx: Disable NOTIFY_ENABLES (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/tdx: Relax SEPT_VE_DISABLE check for debug TD (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/tdx: Use ReportFatalError to report missing SEPT_VE_DISABLE (Paolo Bonzini) [RHEL-20808 RHEL-10059] - cpuidle, tdx: Make TDX code noinstr clean (Paolo Bonzini) [RHEL-20808 RHEL-10059] - x86/tdx: Remove TDX_HCALL_ISSUE_STI (Paolo Bonzini) [RHEL-20808 RHEL-10059] - mm: add pageblock_aligned() macro (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi: memmap: Disregard bogus entries instead of returning them (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi: memmap: Move manipulation routines into x86 arch tree (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi: memmap: Move EFI fake memmap support into x86 arch tree (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi: libstub: install boot-time memory map as config table (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi: libstub: remove DT dependency from generic stub (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi: libstub: unify initrd loading between architectures (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi: libstub: remove pointless goto kludge (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi: libstub: simplify efi_get_memory_map() and struct efi_boot_memmap (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi: libstub: avoid efi_get_memory_map() for allocating the virt map (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi: libstub: drop pointless get_memory_map() call (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi/libstub: move efi_system_table global var into separate object (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi/x86: libstub: remove unused variable (Paolo Bonzini) [RHEL-20808 RHEL-10059] - efi: Correct comment on efi_memmap_alloc (Paolo Bonzini) [RHEL-20808 RHEL-10059] - drivers: fix typo in firmware/efi/memmap.c (Paolo Bonzini) [RHEL-20808 RHEL-10059] - netfilter: nf_tables: skip set commit for deleted/destroyed sets (Phil Sutter) [RHEL-20683 RHEL-20686 RHEL-20214 RHEL-20217] {CVE-2024-0193} - redhat: add missing -rt JIRAs (Jan Stancek) [5.14.0-362.23.1_3] - iommu/arm-smmu-v3: Fix soft lockup triggered by arm_smmu_mm_invalidate_range (Jerry Snitselaar) [RHEL-19382 RHEL-11590] - arm64/smmu: use TLBI ASID when invalidating entire range (Jerry Snitselaar) [RHEL-19382 RHEL-11590] - netfilter: nft_set_pipapo: skip inactive elements during set walk (Florian Westphal) [RHEL-20701 RHEL-20709 RHEL-19722 RHEL-19961] {CVE-2023-6817} - netfilter: nf_tables: split async and sync catchall in two functions (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: remove catchall element in GC sync path (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: expose opaque set element as struct nft_elem_priv (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: set backend .flush always succeeds (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nft_set_pipapo: no need to call pipapo_deactivate() from flush (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: work around newrule after chain binding (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: fix memleak when more than 255 elements expired (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: disable toggling dormant table state more than once (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: disallow element removal on anonymous sets (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: disallow rule removal from chain binding (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: defer gc run if previous batch is still pending (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: fix out of memory error handling (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: use correct lock to protect gc_list (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: GC transaction race with abort path (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: flush pending destroy work before netlink notifier (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nft_dynset: disallow object maps (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: GC transaction race with netns dismantle (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: don't fail inserts if duplicate has expired (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: deactivate catchall elements in next generation (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: fix kdoc warnings after gc rework (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: fix false-positive lockdep splat (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: remove busy mark and gc batch API (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nft_set_hash: mark set element as dead when deleting from packet path (Florian Westphal) [RHEL-22131 RHEL-22134 RHEL-1720 RHEL-1721] {CVE-2023-4244} - netfilter: nf_tables: adapt set backend to use GC transaction API (Florian Westphal) [RHEL-22131 RHEL-22134 RHEL-1720 RHEL-1721] {CVE-2023-4244} - netfilter: nft_set_rbtree: fix overlap expiration walk (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: GC transaction API to avoid race with control plane (Florian Westphal) [RHEL-22131 RHEL-22134 RHEL-1720 RHEL-1721] {CVE-2023-4244} - netfilter: nf_tables: don't skip expired elements during walk (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: skip bound chain in netns release path (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: fix spurious set element insertion failure (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: report use refcount overflow (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: fix underflow in chain reference counter (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: disallow timeout for anonymous sets (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: disallow updates of anonymous sets (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: reject unbound chain set before commit phase (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: reject unbound anonymous set before commit phase (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: disallow element updates of bound anonymous sets (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: fix underflow in object reference counter (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: drop map element references from preparation phase (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: validate variable length element extension (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nft_set_pipapo: .walk does not deal with generations (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: relax set/map validation checks (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: integrate pipapo into commit protocol (Florian Westphal) [RHEL-22131 RHEL-1720] - netfilter: nf_tables: upfront validation of data via nft_data_init() (Florian Westphal) [RHEL-22131 RHEL-1720] - rbd: don't move requests to the running list on errors (Ilya Dryomov) [RHEL-23863 RHEL-21939] - ASoC: SOF: intel: hda: Clean up link DMA for IPC3 during stop (Jaroslav Kysela) [RHEL-24033 RHEL-13724] - platform/x86/intel-uncore-freq: Return error on write frequency (David Arcari) [RHEL-15751 2177013] - platform/x86: intel-uncore-freq: Add client processors (David Arcari) [RHEL-15751 2177013] - platform/x86: intel-uncore-freq: add Emerald Rapids support (David Arcari) [RHEL-15751 2177013] - platform/x86: intel-uncore-freq: Use sysfs_emit() to instead of scnprintf() (David Arcari) [RHEL-15751 2177013] - platform/x86: intel-uncore-freq: Prevent driver loading in guests (David Arcari) [RHEL-15751 2177013] - platform/x86: intel-uncore-freq: fix uncore_freq_common_init() error codes (David Arcari) [RHEL-15751 2177013] - Documentation: admin-guide: pm: Document uncore frequency scaling (David Arcari) [RHEL-15751 2177013] - platform/x86/intel-uncore-freq: Split common and enumeration part (David Arcari) [RHEL-15751 2177013] - platform/x86/intel/uncore-freq: Display uncore current frequency (David Arcari) [RHEL-15751 2177013] - platform/x86/intel/uncore-freq: Use sysfs API to create attributes (David Arcari) [RHEL-15751 2177013] - platform/x86/intel/uncore-freq: Move to uncore-frequency folder (David Arcari) [RHEL-15751 2177013] - platform/x86: intel-uncore-frequency: use default_groups in kobj_type (David Arcari) [RHEL-15751 2177013] - platform/x86: intel-uncore-frequency: Move to intel sub-directory (David Arcari) [RHEL-15751 2177013] - Revert 'platform/x86: intel-uncore-freq: add Emerald Rapids support' (David Arcari) [RHEL-15751 2177013] - iommu/iova: Manage the depot list size (Jay Shin) [RHEL-21517 RHEL-11148] - iommu/iova: Make the rcache depot scale better (Jay Shin) [RHEL-21517 RHEL-11148] - drm/amd/pm: Fix error of MACO flag setting code (Michel Danzer) [RHEL-16741 RHEL-16742 RHEL-14571 RHEL-15927] - drm/amd: Fix detection of _PR3 on the PCIe root port (Michel Danzer) [RHEL-16741 RHEL-16742 RHEL-14571 RHEL-15927] [5.14.0-362.22.1_3] - usb: typec: ucsi: Use GET_CAPABILITY attributes data to set power supply scope (Desnes Nunes) [RHEL-21838 RHEL-14573] - KVM: SVM: Do not use user return MSR support for virtualized TSC_AUX (Paolo Bonzini) [RHEL-20415 RHEL-16384] - KVM: SVM: Fix TSC_AUX virtualization setup (Paolo Bonzini) [RHEL-20415 RHEL-16384] - KVM: SVM: INTERCEPT_RDTSCP is never intercepted anyway (Paolo Bonzini) [RHEL-20415 RHEL-16384] - net: tls, update curr on splice as well (Sabrina Dubroca) [RHEL-22094 RHEL-22097 RHEL-19066 RHEL-19067] {CVE-2024-0646} - smb: client: fix OOB in smbCalcSize() (Scott Mayhew) [RHEL-21664 RHEL-21669 RHEL-18992 RHEL-18993] {CVE-2023-6606} - NFSv4.1: fixup use EXCHGID4_FLAG_USE_PNFS_DS for DS server (Jeffrey Layton) [RHEL-22284 RHEL-7936] - NFSv4.1: fix zero value filehandle in post open getattr (Jeffrey Layton) [RHEL-22284 RHEL-7936] - NFSv4.1: fix pnfs MDS=DS session trunking (Jeffrey Layton) [RHEL-22284 RHEL-7936] - NFSv4.1: use EXCHGID4_FLAG_USE_PNFS_DS for DS server (Jeffrey Layton) [RHEL-22284 RHEL-7936] - nvmet-tcp: Fix the H2C expected PDU len calculation (Maurizio Lombardi) [RHEL-22290 RHEL-22292 RHEL-22627 RHEL-22629 RHEL-22632 RHEL-22636 RHEL-19150 RHEL-19153 RHEL-19156 RHEL-19159 RHEL-19162 RHEL-19165] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536} - nvmet-tcp: remove boilerplate code (Maurizio Lombardi) [RHEL-22290 RHEL-22292 RHEL-22627 RHEL-22629 RHEL-22632 RHEL-22636 RHEL-19150 RHEL-19153 RHEL-19156 RHEL-19159 RHEL-19162 RHEL-19165] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536} - nvmet-tcp: fix a crash in nvmet_req_complete() (Maurizio Lombardi) [RHEL-22290 RHEL-22292 RHEL-22627 RHEL-22629 RHEL-22632 RHEL-22636 RHEL-19150 RHEL-19153 RHEL-19156 RHEL-19159 RHEL-19162 RHEL-19165] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536} - nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length (Maurizio Lombardi) [RHEL-22290 RHEL-22292 RHEL-22627 RHEL-22629 RHEL-22632 RHEL-22636 RHEL-19150 RHEL-19153 RHEL-19156 RHEL-19159 RHEL-19162 RHEL-19165] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536} - ice: dpll: fix phase offset value (Petr Oros) [RHEL-17652 RHEL-15789] - dpll: netlink/core: change pin frequency set behavior (Petr Oros) [RHEL-17652 RHEL-15789] - ice: dpll: implement phase related callbacks (Petr Oros) [RHEL-17652 RHEL-15789] - dpll: netlink/core: add support for pin-dpll signal phase offset/adjust (Petr Oros) [RHEL-17652 RHEL-15789] - dpll: spec: add support for pin-dpll signal phase offset/adjust (Petr Oros) [RHEL-17652 RHEL-15789] - dpll: docs: add support for pin signal phase offset/adjust (Petr Oros) [RHEL-17652 RHEL-15789] - netlink: specs: remove redundant type keys from attributes in subsets (Petr Oros) [RHEL-17652 RHEL-15789] - md/raid6: use valid sector values to determine if an I/O should wait on the reshape (Nigel Croxon) [RHEL-20933 RHEL-17276] [5.14.0-362.21.1_3] - x86/microcode: do not cache microcode if it will not be used (Paolo Bonzini) [RHEL-21567 RHEL-16225] - x86/hyperv: Move the code in ivm.c around to avoid unnecessary ifdef's (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Remove hv_isolation_type_en_snp (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Use TDX GHCI to access some MSRs in a TDX VM with the paravisor (Vitaly Kuznetsov) [RHEL-21441 2176350] - Drivers: hv: vmbus: Bring the post_msg_page back for TDX VMs with the paravisor (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Introduce a global variable hyperv_paravisor_present (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Add missing 'inline' to hv_snp_boot_ap() stub (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Mark hv_ghcb_terminate() as noreturn (Vitaly Kuznetsov) [RHEL-21441 2176350] - Drivers: hv: vmbus: Support >64 VPs for a fully enlightened TDX/SNP VM (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Fix serial console interrupts for fully enlightened TDX guests (Vitaly Kuznetsov) [RHEL-21441 2176350] - Drivers: hv: vmbus: Support fully enlightened TDX guests (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Support hypercalls for fully enlightened TDX guests (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Add hv_isolation_type_tdx() to detect TDX guests (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Fix undefined reference to isolation_type_en_snp without CONFIG_HYPERV (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Add hyperv-specific handling for VMMCALL under SEV-ES (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Add smp support for SEV-SNP guest (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Add VTL specific structs and hypercalls (Vitaly Kuznetsov) [RHEL-21441 2176350] - clocksource: hyper-v: Mark hyperv tsc page unencrypted in sev-snp enlightened guest (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Use vmmcall to implement Hyper-V hypercall in sev-snp enlightened guest (Vitaly Kuznetsov) [RHEL-21441 2176350] - drivers: hv: Mark percpu hvcall input arg page unencrypted in SEV-SNP enlightened guest (Vitaly Kuznetsov) [RHEL-21441 2176350] - Drivers: hv: vmbus: Remove the per-CPU post_msg_page (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Mark Hyper-V vp assist page unencrypted in SEV-SNP enlightened guest (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Set Virtual Trust Level in VMBus init message (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/hyperv: Add sev-snp enlightened guest static key (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/tdx: Do not corrupt frame-pointer in __tdx_hypercall() (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/tdx: Expand __tdx_hypercall() to handle more arguments (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/tdx: Refactor __tdx_hypercall() to allow pass down more arguments (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/tdx: Add more registers to struct tdx_hypercall_args (Vitaly Kuznetsov) [RHEL-21441 2176350] - x86/tdx: Fix typo in comment in __tdx_hypercall() (Vitaly Kuznetsov) [RHEL-21441 2176350] - blk-mq: don't count completed flush data request as inflight in case of quiesce (Ming Lei) [RHEL-19105 RHEL-18054] - NFS: Use parent's objective cred in nfs_access_login_time() (Jay Shin) [RHEL-22147 RHEL-16024] - s390/qeth: Don't call dev_close/dev_open (DOWN/UP) (Tobias Huschle) [RHEL-17887 RHEL-2412] - smb: client: fix potential OOB in smb2_dump_detail() (Scott Mayhew) [RHEL-19146 RHEL-21679 RHEL-19147 RHEL-21677] {CVE-2023-6610} - smb: client: fix potential OOB in cifs_dump_detail() (Scott Mayhew) [RHEL-19146 RHEL-21679 RHEL-19147 RHEL-21677] {CVE-2023-6610} - x86/sev: Do not handle #VC for DR7 read/write (Paolo Bonzini) [RHEL-21885 RHEL-15069] - x86/sev: Use the GHCB protocol when available for SNP CPUID requests (Paolo Bonzini) [RHEL-21885 RHEL-15069] [5.14.0-362.20.1_3] - s390/dasd: print copy pair message only for the correct error (Tobias Huschle) [RHEL-11980 RHEL-2833] - x86/microcode/AMD: Rip out static buffers (David Arcari) [RHEL-14590 RHEL-10030] - x86/microcode/AMD: Load late on both threads too (David Arcari) [RHEL-14590 RHEL-10030] - x86/microcode/amd: Remove unneeded pointer arithmetic (David Arcari) [RHEL-14590 RHEL-10030] - x86/microcode/AMD: Get rid of __find_equiv_id() (David Arcari) [RHEL-14590 RHEL-10030] - docs: move x86 documentation into Documentation/arch/ (David Arcari) [RHEL-14590 RHEL-10030] - x86/microcode/AMD: Handle multiple glued containers properly (David Arcari) [RHEL-14590 RHEL-10030] - mm: Fix copy_from_user_nofault(). (Waiman Long) [RHEL-18946 RHEL-18440] - redhat: rewrite genlog and support Y- tags (Jan Stancek) [5.14.0-362.19.1_3] - redhat: fix kernel changelog entry for RHEL-16560 (Jan Stancek) - perf/core: Fix potential NULL deref (Wander Lairson Costa) [RHEL-18087 RHEL-18088 RHEL-14984 RHEL-14985] {CVE-2023-5717} - perf: Disallow mis-matched inherited group reads (Wander Lairson Costa) [RHEL-18087 RHEL-18088 RHEL-14984 RHEL-14985] {CVE-2023-5717} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-0646 CVE-2023-6356 CVE-2023-6606 CVE-2023-6610 CVE-2024-0193 CVE-2023-5717 CVE-2023-6817 CVE-2023-4244 CVE-2023-6535 CVE-2023-6536 CVE-2023-51042 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 8 Oracle Linux 9 [5.15.0-208.159.3.2] - net/mlx5e: drop shorter ethernet frames (Manjunath Patil) [Orabug: 36660755] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-41090 CVE-2024-41091 cpe:/a:oracle:linux:8::UEKR7 cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9::UEKR7 Oracle Linux 9 [7.2.0-13.el9] - vfio/migration: Enhance VFIO migration state tracing (Avihai Horon) - vfio/migration: Don't emit STOP_COPY VFIO migration QAPI event twice (Avihai Horon) - vfio/migration: Emit VFIO migration QAPI event (Avihai Horon) - qapi/vfio: Add VFIO migration QAPI event (Avihai Horon) - migration/multifd: solve zero page causing multiple page faults (Yuan Liu) [Orabug: 36727051] - multifd: Add the ramblock to MultiFDRecvParams (Lukas Straub) [Orabug: 36727051] - migration: Fix qmp_query_migrate mbps value (Fabiano Rosas) [Orabug: 36727104] - migration: Allow user to specify available switchover bandwidth (Peter Xu) [Orabug: 35636284] - migration/dirtyrate: Fix precision losses and g_usleep overshoot (Andrei Gudkov) [Orabug: 36727091] - Use new created qemu_target_pages_to_MiB() (Juan Quintela) [Orabug: 36727091] - softmmu: Create qemu_target_pages_to_MiB() (Juan Quintela) [Orabug: 36727091] - migration/calc-dirty-rate: replaced CRC32 with xxHash (Andrei Gudkov) [Orabug: 36727063] - migration/multifd: Enable multifd zero page checking by default. (Hao Xiang) [Orabug: 34131170] - migration/multifd: Implement ram_save_target_page_multifd to handle multifd version of MigrationOps::ram_save_target_page. (Hao Xiang) [Orabug: 34131170] - migration/multifd: Implement zero page transmission on the multifd thread. (Hao Xiang) [Orabug: 34131170] - migration/multifd: Add new migration option zero-page-detection. (Hao Xiang) [Orabug: 34131170] - migration: Make ram_save_target_page() a pointer (Juan Quintela) [Orabug: 34131170] - migration: Yield bitmap_mutex properly when sending/sleeping (Peter Xu) [Orabug: 34131170] - migration/multifd: Add a synchronization point for channel creation (Fabiano Rosas) [Orabug: 34131170] - migration/multifd: Unify multifd and TLS connection paths (Fabiano Rosas) [Orabug: 34131170] - migration/multifd: Move multifd_send_setup into migration thread (Fabiano Rosas) [Orabug: 34131170] - migration/multifd: Move multifd_send_setup error handling in to the function (Fabiano Rosas) [Orabug: 34131170] - migration/multifd: Remove p->running (Fabiano Rosas) [Orabug: 34131170] - migration/multifd: Optimize sender side to be lockless (Peter Xu) [Orabug: 34131170] - migration/multifd: Join the TLS thread (Fabiano Rosas) [Orabug: 34131170] - migration/multifd: Fix MultiFDSendParams.packet_num race (Peter Xu) [Orabug: 34131170] - migration/multifd: Stick with send/recv on function names (Peter Xu) [Orabug: 34131170] - migration/multifd: Cleanup multifd_load_cleanup() (Peter Xu) [Orabug: 34131170] - migration/multifd: Cleanup multifd_save_cleanup() (Peter Xu) [Orabug: 34131170] - migration/multifd: Rewrite multifd_queue_page() (Peter Xu) [Orabug: 34131170] - migration/multifd: Change retval of multifd_send_pages() (Peter Xu) [Orabug: 34131170] - migration/multifd: Change retval of multifd_queue_page() (Peter Xu) [Orabug: 34131170] - migration/multifd: Split multifd_send_terminate_threads() (Peter Xu) [Orabug: 34131170] - migration/multifd: Forbid spurious wakeups (Peter Xu) [Orabug: 34131170] - migration/multifd: Move header prepare/fill into send_prepare() (Peter Xu) [Orabug: 34131170] - migration/multifd: multifd_send_prepare_header() (Peter Xu) [Orabug: 34131170] - migration/multifd: Move trace_multifd_send|recv() (Peter Xu) [Orabug: 34131170] - migration/multifd: Move total_normal_pages accounting (Peter Xu) [Orabug: 34131170] - migration/multifd: Rename p->num_packets and clean it up (Peter Xu) [Orabug: 34131170] - migration/multifd: Drop pages->num check in sender thread (Peter Xu) [Orabug: 34131170] - migration/multifd: Simplify locking in sender thread (Peter Xu) [Orabug: 34131170] - migration/multifd: Separate SYNC request with normal jobs (Peter Xu) [Orabug: 34131170] - migration/multifd: Drop MultiFDSendParams.normal[] array (Peter Xu) [Orabug: 34131170] - migration/multifd: Postpone reset of MultiFDPages_t (Peter Xu) [Orabug: 34131170] - migration/multifd: Remove MultiFDPages_t::packet_num (Fabiano Rosas) [Orabug: 34131170] - migration/multifd: Drop MultiFDSendParams.quit, cleanup error paths (Peter Xu) [Orabug: 34131170] - migration/multifd: multifd_send_kick_main() (Peter Xu) [Orabug: 34131170] - migration/multifd: Fix leaking of Error in TLS error flow (Avihai Horon) [Orabug: 34131170] - migration/ram: Merge save_zero_page functions (Fabiano Rosas) [Orabug: 34131170] - migration/ram: Move xbzrle zero page handling into save_zero_page (Fabiano Rosas) [Orabug: 34131170] - migration/multifd: Stop setting p->ioc before connecting (Fabiano Rosas) [Orabug: 34131170] - migration: Centralize BH creation and dispatch (Fabiano Rosas) [Orabug: 34131170] - migration: Add a wrapper to qemu_bh_schedule (Fabiano Rosas) [Orabug: 34131170] - migration: Remove transferred atomic counter (Juan Quintela) [Orabug: 35636284] - migration: Use migration_transferred_bytes() (Juan Quintela) [Orabug: 35636284] - migration: migration_rate_limit_reset() don't need the QEMUFile (Juan Quintela) [Orabug: 35636284] - migration: migration_transferred_bytes() don't need the QEMUFile (Juan Quintela) [Orabug: 35636284] - multifd: reset next_packet_len after sending pages (Elena Ufimtseva) [Orabug: 35636284] - multifd: fix counters in multifd_send_thread (Elena Ufimtseva) [Orabug: 35636284] - migration/multifd: Compute transferred bytes correctly (Juan Quintela) [Orabug: 35636284] - migration: check for rate_limit_max for RATE_LIMIT_DISABLED (Elena Ufimtseva) [Orabug: 35636284] - migration: Use the number of transferred bytes directly (Juan Quintela) [Orabug: 35636284] - qemu_file: Use a stat64 for qemu_file_transferred (Juan Quintela) [Orabug: 35636284] - migration: set file error on subsection loading (Marc-Andre Lureau) [Orabug: 35636284] - migration: Receiving a zero page non zero is an error (Juan Quintela) [Orabug: 35636284] - migration/multifd: Stop checking p->quit in multifd_send_thread (Fabiano Rosas) [Orabug: 35636284] - migration/multifd: Clarify Error usage in multifd_channel_connect (Fabiano Rosas) [Orabug: 35636284] - multifd: cleanup the function multifd_channel_connect (Li Zhang) [Orabug: 35636284] - migration/multifd: Unify multifd_send_thread error paths (Fabiano Rosas) [Orabug: 35636284] - migration: Non multifd migration don't care about multifd flushes (Juan Quintela) [Orabug: 35636284] - migration: fix RAMBlock add NULL check (Dmitry Frolov) [Orabug: 35829153] - migration: We don't need the field rate_limit_used anymore (Juan Quintela) [Orabug: 35636284] - migration: Use migration_transferred_bytes() to calculate rate_limit (Juan Quintela) [Orabug: 35636284] - migration: Add a trace for migration_transferred_bytes (Juan Quintela) [Orabug: 35636284] - migration: Move migration_total_bytes() to migration-stats.c (Juan Quintela) [Orabug: 35636284] - qemu-file: Remove total from qemu_file_total_transferred_*() (Juan Quintela) [Orabug: 35636284] - migration: Move rate_limit_max and rate_limit_used to migration_stats (Juan Quintela) [Orabug: 35636284] - qemu-file: Account for rate_limit usage on qemu_fflush() (Juan Quintela) [Orabug: 35636284] - migration: Don't use INT64_MAX for unlimited rate (Juan Quintela) [Orabug: 35636284] - qemu-file: Make rate_limit_used an uint64_t (Juan Quintela) [Orabug: 35636284] - qemu-file: make qemu_file_[sg]et_rate_limit() use an uint64_t (Juan Quintela) [Orabug: 35636284] - migration: We set the rate_limit by a second (Juan Quintela) [Orabug: 35829153] - migration: A rate limit value of 0 is valid (Juan Quintela) [Orabug: 35636284] - qemu-file: Make ram_control_save_page() use accessors for rate_limit (Juan Quintela) [Orabug: 35636284] - qemu-file: Make total_transferred an uint64_t (Juan Quintela) [Orabug: 35636284] - qemu-file: No need to check for shutdown in qemu_file_rate_limit (Juan Quintela) [Orabug: 35636284] - migration: Document all migration_stats (Juan Quintela) [Orabug: 35636284] - multifd: We already account for this packet on the multifd thread (Juan Quintela) [Orabug: 35636284] - migration: Make dirty_bytes_last_sync atomic (Juan Quintela) [Orabug: 35636284] - migration: Make dirty_pages_rate atomic (Juan Quintela) [Orabug: 35636284] - stat64: Add stat64_set() operation (Paolo Bonzini) [Orabug: 35636284] - multifd: Only flush once each full round of memory (Juan Quintela) [Orabug: 35636284] - migration: Make find_dirty_block() return a single parameter (Juan Quintela) [Orabug: 35636284] - migration: Simplify ram_find_and_save_block() (Juan Quintela) [Orabug: 35636284] - multifd: Protect multifd_send_sync_main() calls (Juan Quintela) [Orabug: 35636284] - multifd: Create property multifd-flush-after-each-section (Juan Quintela) [Orabug: 35636284] - multifd: Fix the number of channels ready (Juan Quintela) [Orabug: 35636284] - migration: Rename normal to normal_pages (Juan Quintela) [Orabug: 35636284] - migration: Rename duplicate to zero_pages (Juan Quintela) [Orabug: 35636284] - migration: Make dirty_sync_count atomic (Juan Quintela) [Orabug: 35636284] - migration: Make downtime_bytes atomic (Juan Quintela) [Orabug: 35636284] - migration: Make precopy_bytes atomic (Juan Quintela) [Orabug: 35636284] - migration: Make dirty_sync_missed_zero_copy atomic (Juan Quintela) [Orabug: 35636284] - migration: Make multifd_bytes atomic (Juan Quintela) [Orabug: 35636284] - migration: Update atomic stats out of the mutex (Juan Quintela) [Orabug: 35636284] - migration: Merge ram_counters and ram_atomic_counters (Juan Quintela) [Orabug: 35636284] - migration/multifd: correct multifd_send_thread to trace the flags (Wei Wang) [Orabug: 35636284] - ram: Document migration ram flags (Juan Quintela) [Orabug: 35636284] - migration: Calculate ram size once (Juan Quintela) [Orabug: 35636284] - multifd: Fix a race on reading MultiFDPages_t.block (Zhenzhong Duan) [Orabug: 35636284] - migration: Use atomic ops properly for page accountings (Peter Xu) [Orabug: 35636284] - migration: Export ram_release_page() (Juan Quintela) [Orabug: 35636284] - migration: Export ram_transferred_ram() (Juan Quintela) [Orabug: 35636284] - multifd: Create page_count fields into both MultiFD{Recv,Send}Params (Juan Quintela) [Orabug: 35636284] - multifd: Create page_size fields into both MultiFD{Recv,Send}Params (Juan Quintela) [Orabug: 35636284] - migration: Fix migration_channel_read_peek() error path () (Avihai Horon) [Orabug: 36726827] - migration/multifd: Remove error_setg() in migration_ioc_process_incoming() (Avihai Horon) [Orabug: 36726827] - migration: Refactor migration_incoming_setup() (Avihai Horon) [Orabug: 36726827] - migration: check magic value for deciding the mapping of channels (manish.mishra) [Orabug: 36726827] - io: Add support for MSG_PEEK for socket channel (manish.mishra) [Orabug: 36726827] - hw/sd/sdhci: Do not update TRNMOD when Command Inhibit (DAT) is set (hilippe Mathieu-Daude) [Orabug: 36575206] {CVE-2024-3447} - block: lock AioContext in bdrv_replace_child_noperm() when in non-coroutine context (Mark Kanda) [Orabug: 36514180] - hw/scsi/scsi-generic: Fix io_timeout property not applying (Lorenz Brun) [Orabug: 36637684] - target/i386/monitor: synchronize cpu state for lapic info (Dongli Zhang) [Orabug: 36607747] - qemu_init: increase NOFILE soft limit on POSIX (Fiona Ebner) [Orabug: 36416389] MODERATE Copyright 2024 Oracle, Inc. CVE-2024-3447 cpe:/a:oracle:linux:9::kvm_utils Oracle Linux 9 [20240715-999.34.git4c8fb21e.el9] - Rebase to latest upstream [Orabug: 36826157] MODERATE Copyright 2024 Oracle, Inc. CVE-2023-31315 cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 8 Oracle Linux 9 [5.15.0-209.161.7] - loop: Fix a race between loop detach and loop open (Gulam Mohamed) [Orabug: 36865975] [5.15.0-209.161.6] - net/mlx5e: drop shorter ethernet frames (Manjunath Patil) [Orabug: 36879156] {CVE-2024-41090} {CVE-2024-41091} - x86/bhi: Do not enable unnecessary BHI mitigation in OCI and Exadata VMs (Alexandre Chartre) [Orabug: 36672479] - KVM: SVM: fix build error when CONFIG_HYPERV is unset (Simran Singh) [Orabug: 36508934] - x86/bhi: Avoid warning in #DB handler due to BHI mitigation (Alexandre Chartre) - Revert 'mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again' (Jan Kara) - mm: prevent derefencing NULL ptr in pfn_section_valid() (Waiman Long) [5.15.0-209.161.5] - rds/ib: decrement ib_rx_total_incs after releasing associated cache (Arumugam Kolappan) [Orabug: 36760266] [5.15.0-209.161.4] - rds/rdma: Send info to userspace, even if connnection is down. (Juan Garcia) [Orabug: 36529561] - KVM: x86: Advertise AVX-NE-CONVERT CPUID to user space (Jiaxi Chen) [Orabug: 36810714] - KVM: x86: Advertise AVX-VNNI-INT8 CPUID to user space (Jiaxi Chen) [Orabug: 36810714] - x86: KVM: Advertise AVX-IFMA CPUID to user space (Jiaxi Chen) [Orabug: 36810714] - x86: KVM: Advertise AMX-FP16 CPUID to user space (Chang S. Bae) [Orabug: 36810714] - x86: KVM: Advertise CMPccXADD CPUID to user space (Jiaxi Chen) [Orabug: 36810714] - x86/cpufeatures: Put the AMX macros in the word 18 block (Jim Mattson) [Orabug: 36810714] - intel_idle: add Sierra Forest SoC support (Artem Bityutskiy) [Orabug: 36810714] - intel_idle: add Grand Ridge SoC support (Artem Bityutskiy) [Orabug: 36810714] - perf/x86/intel/uncore: Support Sierra Forest and Grand Ridge (Kan Liang) [Orabug: 36810714] - perf/x86/intel/uncore: Support IIO free-running counters on GNR (Kan Liang) [Orabug: 36810714] - perf/x86/intel/uncore: Support Granite Rapids (Kan Liang) [Orabug: 36810714] - perf/x86/uncore: Use u64 to replace unsigned for the uncore offsets array (Kan Liang) [Orabug: 36810714] - perf/x86/intel/uncore: Generic uncore_get_uncores and MMIO format of SPR (Kan Liang) [Orabug: 36810714] - Documentation/x86: Document resctrl's new sparse_masks (Fenghua Yu) [Orabug: 36810714] - x86/resctrl: Add sparse_masks file in info (Fenghua Yu) [Orabug: 36810714] - x86/resctrl: Enable non-contiguous CBMs in Intel CAT (Maciej Wieczor-Retman) [Orabug: 36810714] - x86/resctrl: Rename arch_has_sparse_bitmaps (Maciej Wieczor-Retman) [Orabug: 36810714] - x86/cpu: Fix Crestmont uarch (Peter Zijlstra) [Orabug: 36810714] - x86/cpu: Fix Gracemont uarch (Peter Zijlstra) [Orabug: 36810714] - powercap: RAPL: fix invalid initialization for pl4_supported field (Sumeet Pawnikar) [Orabug: 36810714] - perf/x86/intel/uncore: Add events for Intel SPR IMC PMU (Stephane Eranian) [Orabug: 36810714] - EDAC/i10nm: Add Intel Sierra Forest server support (Qiuxu Zhuo) [Orabug: 36810714] - perf/x86/msr: Add Granite Rapids (Kan Liang) [Orabug: 36810714] - platform/x86: ISST: Add support for MSR 0x54 (Srinivas Pandruvada) [Orabug: 36810714] - powercap: RAPL: Add Power Limit4 support for Meteor Lake SoC (Sumeet Pawnikar) [Orabug: 36810714] - EDAC/i10nm: Add Intel Granite Rapids server support (Qiuxu Zhuo) [Orabug: 36810714] - EDAC/i10nm: Make more configurations CPU model specific (Qiuxu Zhuo) [Orabug: 36810714] - powercap: intel_rapl: add support for Meteor Lake (Zhang Rui) [Orabug: 36810714] - perf/x86/msr: Add Meteor Lake support (Kan Liang) [Orabug: 36810714] - perf/x86: Add Meteor Lake support (Kan Liang) [Orabug: 36810714] - perf: Add PMU_FORMAT_ATTR_SHOW (Kan Liang) [Orabug: 36810714] - platform/x86: intel/pmc: Replace all the reg_map with init functions (Gayatri Kammela) [Orabug: 36810714] - thermal: intel: intel_tcc_cooling: Add TCC cooling support for RaptorLake-S (Zhang Rui) [Orabug: 36810714] - x86/intel_epb: Set Alder Lake N and Raptor Lake P normal EPB (Srinivas Pandruvada) [Orabug: 36810714] - perf/x86/msr: Add new Raptor Lake S support (Kan Liang) [Orabug: 36810714] - perf/x86: Add new Raptor Lake S support (Kan Liang) [Orabug: 36810714] - x86/resctrl: Remove arch_has_empty_bitmaps (Babu Moger) [Orabug: 36810714] - intel_idle: Add AlderLake-N support (Zhang Rui) [Orabug: 36810714] - platform/x86/intel: pmc/core: Add Raptor Lake support to pmc core driver (Gayatri Kammela) [Orabug: 36810714] - tools/power turbostat: Add support for RPL-S (Zhang Rui) [Orabug: 36810714] - perf/x86/intel: Fix unchecked MSR access error for Alder Lake N (Kan Liang) [Orabug: 36810714] - powercap: intel_rapl: Add support for RAPTORLAKE_S (Zhang Rui) [Orabug: 36810714] - thermal: intel: Add TCC cooling support for Alder Lake-N and Raptor Lake-P (Sumeet Pawnikar) [Orabug: 36810714] - powercap: RAPL: Add Power Limit4 support for Alder Lake-N and Raptor Lake-P (Sumeet Pawnikar) [Orabug: 36810714] - EDAC/i10nm: Print an extra register set of retry_rd_err_log (Qiuxu Zhuo) [Orabug: 36810714] - EDAC/i10nm: Retrieve and print retry_rd_err_log registers for HBM (Qiuxu Zhuo) [Orabug: 36810714] - EDAC/skx_common: Add ChipSelect ADXL component (Qiuxu Zhuo) [Orabug: 36810714] - perf/x86/intel: Fix PEBS data source encoding for ADL (Kan Liang) [Orabug: 36810714] - perf/x86/intel: Fix PEBS memory access info encoding for ADL (Kan Liang) [Orabug: 36810714] - platform/x86: intel/pmc: Add Alder Lake N support to PMC core driver (Gayatri Kammela) [Orabug: 36810714] - platform/x86/intel: pmc: Support Intel Raptorlake P (George D Sworo) [Orabug: 36810714] - tools/power turbostat: Support RAPTORLAKE P (George D Sworo) [Orabug: 36810714] - powercap: intel_rapl: Add support for RAPTORLAKE_P (George D Sworo) [Orabug: 36810714] - tools/power turbostat: add support for ALDERLAKE_N (Zhang Rui) [Orabug: 36810714] - powercap: intel_rapl: add support for ALDERLAKE_N (Zhang Rui) [Orabug: 36810714] - powercap: RAPL: Add Power Limit4 support for RaptorLake (Sumeet Pawnikar) [Orabug: 36810714] - thermal: intel_tcc_cooling: Add TCC cooling support for RaptorLake (Sumeet Pawnikar) [Orabug: 36810714] - perf/x86/uncore: Add new Alder Lake and Raptor Lake support (Kan Liang) [Orabug: 36810714] - perf/x86/uncore: Clean up uncore_pci_ids[] (Kan Liang) [Orabug: 36810714] - perf/x86/msr: Add new Alder Lake and Raptor Lake support (Kan Liang) [Orabug: 36810714] - perf/x86: Add new Alder Lake and Raptor Lake support (Kan Liang) [Orabug: 36810714] - powercap: intel_rapl: add support for RaptorLake (Zhang Rui) [Orabug: 36810714] - tools/power turbostat: Introduce support for RaptorLake (Zhang Rui) [Orabug: 36810714] - perf/x86/uncore: Add Raptor Lake uncore support (Kan Liang) [Orabug: 36810714] - perf/x86/msr: Add Raptor Lake CPU support (Kan Liang) [Orabug: 36810714] - perf/x86: Add Intel Raptor Lake support (Kan Liang) [Orabug: 36810714] - perf/x86/intel/uncore: Add IMC uncore support for ADL (Kan Liang) [Orabug: 36810714] - x86: intel_epb: Allow model specific normal EPB value (Srinivas Pandruvada) [Orabug: 36810714] - drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found (Marek Szyprowski) - netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type (Jozsef Kadlecsik) - tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() (Yunseong Kim) - Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ (Luiz Augusto von Dentz) - vxlan: Fix regression when dropping packets due to invalid src addresses (Daniel Borkmann) [5.15.0-209.161.3] - pci: add hotplug patch support for SOLIDIGM Aura10 AIC 0x025e:0x0b60 (Alan Adamson) [Orabug: 36771374] - iommufd/iova_bitmap: Remove iterator logic (Joao Martins) [Orabug: 36785489] - iommufd/iova_bitmap: Dynamic pinning on iova_bitmap_set() (Joao Martins) [Orabug: 36785489] - iommufd/iova_bitmap: Consolidate iova_bitmap_set exit conditionals (Joao Martins) [Orabug: 36785489] - iommufd/iova_bitmap: Move initial pinning to iova_bitmap_for_each() (Joao Martins) [Orabug: 36785489] - iommufd/iova_bitmap: Cache mapped length in iova_bitmap_map struct (Joao Martins) [Orabug: 36785489] - iommufd/iova_bitmap: Check iova_bitmap_done() after set ahead (Joao Martins) [Orabug: 36785489] [5.15.0-209.161.2] - LTS version: v5.15.161 (Vijayendra Suman) - scsi: ufs: ufs-qcom: Clear qunipro_g4_sel for HW major version > 5 (Neil Armstrong) - NFS: Fix READ_PLUS when server doesn't support OP_READ_PLUS (Anna Schumaker) - nfs: fix undefined behavior in nfs_block_bits() (Sergey Shtylyov) - EDAC/igen6: Convert PCIBIOS_* return codes to errnos (Ilpo Jarvinen) - i3c: master: svc: fix invalidate IBI type and miss call client IBI handler (Frank Li) - s390/cpacf: Make use of invalid opcode produce a link error (Harald Freudenberger) - s390/cpacf: Split and rework cpacf query functions (Harald Freudenberger) - s390/ap: Fix crash in AP internal function modify_bitmap() (Harald Freudenberger) - ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (Baokun Li) - ext4: set type of ac_groups_linear_remaining to __u32 to avoid overflow (Baokun Li) - sparc: move struct termio to asm/termios.h (Mike Gilbert) - net: fix __dst_negative_advice() race (Eric Dumazet) - kdb: Use format-specifiers rather than memset() for padding in kdb_read() (Daniel Thompson) - kdb: Merge identical case statements in kdb_read() (Daniel Thompson) - kdb: Fix console handling when editing and tab-completing commands (Daniel Thompson) - kdb: Use format-strings rather than '- kdb: Fix buffer overflow during tab-complete (Daniel Thompson) - watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin (Judith Mendez) - sparc64: Fix number of online CPUs (Sam Ravnborg) - intel_th: pci: Add Meteor Lake-S CPU support (Alexander Shishkin) - net/9p: fix uninit-value in p9_client_rpc() (Nikita Zhandarovich) - net/ipv6: Fix route deleting failure when metric equals 0 (xu xin) - crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak (Herbert Xu) - crypto: ecrdsa - Fix module auto-load on add_key (Vitaly Chikunov) - crypto: ecdsa - Fix module auto-load on add-key (Stefan Berger) - KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode (Marc Zyngier) - KVM: arm64: Fix AArch32 register narrowing on userspace write (Marc Zyngier) - drm/amdgpu/atomfirmware: add intergrated info v2.3 table (Li Ma) - fbdev: savage: Handle err return when savagefb_check_var failed (Cai Xinchen) - mmc: sdhci-acpi: Disable write protect detection on Toshiba WT10-A (Hans de Goede) - mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot not working (Hans de Goede) - mmc: sdhci-acpi: Sort DMI quirks alphabetically (Hans de Goede) - mmc: core: Add mmc_gpiod_set_cd_config() function (Hans de Goede) - media: v4l2-core: hold videodev_lock until dev reg, finishes (Hans Verkuil) - media: mxl5xx: Move xpt structures off stack (Nathan Chancellor) - media: mc: mark the media devnode as registered from the, start (Hans Verkuil) - arm64: dts: hi3798cv200: fix the size of GICR (Yang Xiwen) - wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path (Bitterblue Smith) - wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE (Bitterblue Smith) - wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU (Bitterblue Smith) - arm64: dts: qcom: qcs404: fix bluetooth device address (Johan Hovold) - arm64: tegra: Correct Tegra132 I2C alias (Krzysztof Kozlowski) - ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx (Christoffer Sandberg) - soc: qcom: rpmh-rsc: Enhance check for VRM in-flight request (Maulik Shah) - thermal/drivers/qcom/lmh: Check for SCM availability at probe (Konrad Dybcio) - ata: pata_legacy: make legacy_exit() work again (Sergey Shtylyov) - drm/amdgpu: add error handle to avoid out-of-bounds (Bob Zhou) - media: lgdt3306a: Add a check against null-pointer-def (Zheyu Ma) - f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() (Chao Yu) - sunrpc: exclude from freezer when waiting for requests: (NeilBrown) - scripts/gdb: fix SB_* constants parsing (Florian Fainelli) - net: dsa: tag_sja1105: always prefer source port information from INCL_SRCPT (Vladimir Oltean) - net: dsa: sja1105: always enable the INCL_SRCPT option (Vladimir Oltean) - mptcp: fix full TCP keep-alive support (Matthieu Baerts (NGI0)) - nilfs2: fix use-after-free of timer for log writer thread (Ryusuke Konishi) - afs: Don't cross .backup mountpoint from backup volume (Marc Dionne) - io_uring: fail NOP if non-zero op flags is passed in (Ming Lei) - mmc: core: Do not force a retune before RPMB switch (Jorge Ramirez-Ortiz) - drm: Check polling initialized before enabling in drm_helper_probe_single_connector_modes (Shradha Gupta) - drm: Check output polling initialized before disabling (Shradha Gupta) - SUNRPC: Fix loop termination condition in gss_free_in_token_pages() (Chuck Lever) - media: cec: core: add adap_nb_transmit_canceled() callback (Hans Verkuil) - net: ena: Fix DMA syncing in XDP path when SWIOTLB is on (David Arinzon) - KVM: x86: Don't advertise guest.MAXPHYADDR as host.MAXPHYADDR in CPUID (Gerd Hoffmann) - ALSA: timer: Set lower bound of start tick time (Takashi Iwai) - hwmon: (shtc1) Fix property misspelling (Guenter Roeck) - ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound (Yue Haibing) - net: ena: Fix redundant device NUMA node override (Shay Agroskin) - net: ena: Reduce lines with longer column width boundary (David Arinzon) - net: ena: Add dynamic recycling mechanism for rx buffers (David Arinzon) - net: ena: Do not waste napi skb cache (Hyeonggon Yoo) - net: ena: Extract recurring driver reset code into a function (Arthur Kiyanovski) - net: ena: Add capabilities field with support for ENI stats capability (Arthur Kiyanovski) - spi: stm32: Don't warn about spurious interrupts (Uwe Kleine-Konig) - kconfig: fix comparison to constant symbols, 'm', 'n' (Masahiro Yamada) - netfilter: tproxy: bail out if IP has been disabled on the device (Florian Westphal) - netfilter: nft_payload: skbuff vlan metadata mangle support (Pablo Neira Ayuso) - netfilter: nft_payload: rebuild vlan header on h_proto access (Florian Westphal) - netfilter: nft_payload: rebuild vlan header when needed (Pablo Neira Ayuso) - netfilter: nft_payload: move struct nft_payload_set definition where it belongs (Pablo Neira Ayuso) - net:fec: Add fec_enet_deinit() (Xiaolei Wang) - net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM (Parthiban Veerasooran) - enic: Validate length of nl attributes in enic_set_vf_port (Roded Zats) - bpf: Fix potential integer overflow in resolve_btfids (Friedrich Vock) - dma-buf/sw-sync: don't enable IRQ from sync_print_obj() (Tetsuo Handa) - net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion (Carolina Jubran) - net/mlx5e: Fix IPsec tunnel mode offload feature check (Rahul Rameshbabu) - net: phy: micrel: set soft_reset callback to genphy_soft_reset for KSZ8061 (Mathieu Othacehe) - nvmet: fix ns enable/disable possible hang (Sagi Grimberg) - dma-mapping: benchmark: handle NUMA_NO_NODE correctly (Fedor Pchelkin) - dma-mapping: benchmark: fix node id validation (Fedor Pchelkin) - spi: Don't mark message DMA mapped when no transfer in it is (Andy Shevchenko) - netfilter: nft_payload: restore vlan q-in-q match support (Pablo Neira Ayuso) - netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (Eric Dumazet) - ice: Interpret .set_channels() input differently (Larysa Zaremba) - nfc: nci: Fix handling of zero-length payload packets in nci_rx_work() (Ryosuke Yasuoka) - nfc: nci: Fix kcov check in nci_rx_work() (Tetsuo Handa) - tls: fix missing memory barrier in tls_init (Dae R. Jeong) - net: fec: avoid lock evasion when reading pps_enable (Wei Fang) - riscv: stacktrace: fixed walk_stackframe() (Matthew Bystrin) - riscv: stacktrace: Make walk_stackframe cross pt_regs frame (Guo Ren) - virtio: delete vq in vp_find_vqs_msix() when request_irq() fails (Jiri Pirko) - arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY (Jiangfeng Xiao) - openvswitch: Set the skbuff pkt_type for proper pmtud support. (Aaron Conole) - tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). (Kuniyuki Iwashima) - ipv6: sr: fix memleak in seg6_hmac_init_algo (Hangbin Liu) - rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL (Dan Aloni) - sunrpc: fix NFSACL RPC retry on soft mount (Dan Aloni) - NFSv4: Fixup smatch warning for ambiguous return (Benjamin Coddington) - ASoC: tas2552: Add TX path for capturing AUDIO-OUT data (Shenghao Ding) - nfc: nci: Fix uninit-value in nci_rx_work (Ryosuke Yasuoka) - ipv6: sr: fix missing sk_buff release in seg6_input_core (Andrea Mayer) - net: Always descend into dsa/ folder with CONFIG_NET_DSA enabled (Florian Fainelli) - x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y (Masahiro Yamada) - regulator: bd71828: Don't overwrite runtime voltages (Matti Vaittinen) - ASoC: mediatek: mt8192: fix register configuration for tdm (Hsin-Te Yuan) - null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (Zhu Yanjun) - media: cec: core: avoid confusing 'transmit timed out' message (Hans Verkuil) - media: cec: core: avoid recursive cec_claim_log_addrs (Hans Verkuil) - media: cec-adap.c: drop activate_cnt, use state info instead (Hans Verkuil) - media: cec: use call_op and check for !unregistered (Hans Verkuil) - media: cec: correctly pass on reply results (Hans Verkuil) - media: cec: abort if the current transmit was canceled (Hans Verkuil) - media: cec: call enable_adap on s_log_addrs (Hans Verkuil) - media: cec: cec-api: add locking in cec_release() (Hans Verkuil) - media: cec: cec-adap: always cancel work in cec_transmit_msg_fh (Hans Verkuil) - um: Fix the -Wmissing-prototypes warning for __switch_mm (Tiwei Bie) - powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp (Shrikanth Hegde) - media: flexcop-usb: fix sanity check of bNumEndpoints (Dongliang Mu) - media: flexcop-usb: clean up endpoint sanity checks (Johan Hovold) - Input: cyapa - add missing input core locking to suspend/resume functions (Marek Szyprowski) - media: stk1160: fix bounds checking in stk1160_copy_video() (Dan Carpenter) - drm/bridge: tc358775: fix support for jeida-18 and jeida-24 (Michael Walle) - fs/ntfs3: Use variable length array instead of fixed size (Konstantin Komarov) - fs/ntfs3: Use 64 bit variable to avoid 32 bit overflow (Konstantin Komarov) - um: vector: fix bpfflash parameter evaluation (Johannes Berg) - um: Add winch to winch_handlers before registering winch IRQ (Roberto Sassu) - um: Fix return value in ubd_init() (Duoming Zhou) - drm/msm/dpu: Always flush the slave INTF on the CTL (Marijn Suijten) - drm/msm/dsi: Print dual-DSI-adjusted pclk instead of original mode pclk (Marijn Suijten) - Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation (Fenglin Wu) - mmc: sdhci_am654: Fix ITAPDLY for HS400 timing (Judith Mendez) - mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock (Judith Mendez) - mmc: sdhci_am654: Add OTAP/ITAP delay enable (Judith Mendez) - mmc: sdhci_am654: Drop lookup for deprecated ti,otap-del-sel (Vignesh Raghavendra) - mmc: sdhci_am654: Write ITAPDLY for DDR52 timing (Judith Mendez) - mmc: sdhci_am654: Add tuning algorithm for delay chain (Judith Mendez) - Input: ioc3kbd - add device table (Karel Balej) - Input: ioc3kbd - convert to platform remove callback returning void (Uwe Kleine-Konig) - Input: ims-pcu - fix printf string overflow (Arnd Bergmann) - s390/boot: Remove alt_stfle_fac_list from decompressor (Sven Schnelle) - s390/ipl: Fix incorrect initialization of nvme dump block (Alexander Egorenkov) - s390/ipl: Fix incorrect initialization of len fields in nvme reipl block (Alexander Egorenkov) - s390/vdso: Use standard stack frame layout (Heiko Carstens) - s390/vdso: Generate unwind information for C modules (Jens Remus) - s390/vdso64: filter out munaligned-symbols flag for vdso (Sumanth Korikkar) - s390/vdso: filter out mno-pic-data-is-text-relative cflag (Sumanth Korikkar) - libsubcmd: Fix parse-options memory leak (Ian Rogers) - serial: sh-sci: protect invalidating RXDMA on shutdown (Wolfram Sang) - f2fs: compress: don't allow unaligned truncation on released compress inode (Chao Yu) - f2fs: fix to release node block count in error path of f2fs_new_node_page() (Chao Yu) - f2fs: compress: fix to cover {reserve,release}_compress_blocks() w/ cp_rwsem lock (Chao Yu) - PCI/EDR: Align EDR_PORT_LOCATE_DSM with PCI Firmware r3.3 (Kuppuswamy Sathyanarayanan) - PCI/EDR: Align EDR_PORT_DPC_ENABLE_DSM with PCI Firmware r3.3 (Kuppuswamy Sathyanarayanan) - extcon: max8997: select IRQ_DOMAIN instead of depending on it (Randy Dunlap) - ppdev: Add an error check in register_device (Huai-Yuan Liu) - ppdev: Remove usage of the deprecated ida_simple_xx() API (Christophe JAILLET) - stm class: Fix a double free in stm_register_device() (Dan Carpenter) - usb: gadget: u_audio: Clear uac pointer when freed. (Chris Wulff) - watchdog: bd9576: Drop 'always-running' property (Matti Vaittinen) - watchdog: bd9576_wdt: switch to using devm_fwnode_gpiod_get() (Dmitry Torokhov) - dt-bindings: pinctrl: mediatek: mt7622: fix array properties (Rafal Milecki) - microblaze: Remove early printk call from cpuinfo-static.c (Michal Simek) - microblaze: Remove gcc flag for non existing early_printk.c file (Michal Simek) - fpga: region: add owner module and take its refcount (Marco Pagani) - fpga: region: Use standard dev_release for class driver (Russ Weight) - coresight: etm4x: Fix access to resource selector registers (Suzuki K Poulose) - coresight: etm4x: Safe access for TRCQCLTR (Suzuki K Poulose) - coresight: etm4x: Cleanup TRCIDR0 register accesses (James Clark) - coresight: no-op refactor to make INSTP0 check more idiomatic (James Clark) - coresight: etm4x: Do not save/restore Data trace control registers (Suzuki K Poulose) - coresight: etm4x: Do not hardcode IOMEM access for register restore (Suzuki K Poulose) - iio: pressure: dps310: support negative temperature values (Thomas Haemmerle) - coresight: etm4x: Fix unbalanced pm_runtime_enable() (Anshuman Khandual) - f2fs: fix to check pinfile flag in f2fs_move_file_range() (Chao Yu) - f2fs: fix to relocate check condition in f2fs_fallocate() (Chao Yu) - f2fs: fix typos in comments (Jinyoung CHOI) - f2fs: do not allow partial truncation on pinned file (Jaegeuk Kim) - f2fs: compress: fix to relocate check condition in f2fs_ioc_{,de}compress_file() (Chao Yu) - f2fs: convert to use sbi directly (Yangtao Li) - f2fs: compress: fix to relocate check condition in f2fs_{release,reserve}_compress_blocks() (Chao Yu) - dt-bindings: PCI: rcar-pci-host: Add missing IOMMU properties (Geert Uytterhoeven) - dt-bindings: PCI: rcar-pci-host: Add optional regulators (Wolfram Sang) - serial: sc16is7xx: add proper sched.h include for sched_set_fifo() (Hugo Villeneuve) - PCI: tegra194: Fix probe path for Endpoint mode (Vidya Sagar) - greybus: arche-ctrl: move device table to its right location (Arnd Bergmann) - serial: max3100: Fix bitwise types (Andy Shevchenko) - serial: max3100: Update uart_driver_registered on driver removal (Andy Shevchenko) - serial: max3100: Lock port->lock when calling uart_handle_cts_change() (Andy Shevchenko) - firmware: dmi-id: add a release callback function (Arnd Bergmann) - dmaengine: idma64: Add check for dma_set_max_seg_size (Chen Ni) - soundwire: cadence: fix invalid PDI offset (Pierre-Louis Bossart) - f2fs: fix to wait on page writeback in __clone_blkaddrs() (Chao Yu) - f2fs: Delete f2fs_copy_page() and replace with memcpy_page() (Fabio M. De Francesco) - greybus: lights: check return of get_channel_from_mode (Rui Miguel Silva) - sched/core: Fix incorrect initialization of the 'burst' parameter in cpu_max_write() (Cheng Yu) - sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level (Vitalii Bursov) - af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (Eric Dumazet) - netrom: fix possible dead-lock in nr_rt_ioctl() (Eric Dumazet) - net: qrtr: ns: Fix module refcnt (Chris Lew) - selftests: net: bridge: increase IGMP/MLD exclude timeout membership interval (Nikolay Aleksandrov) - RDMA/IPoIB: Fix format truncation compilation errors (Leon Romanovsky) - selftests/kcmp: remove unused open mode (Edward Liaw) - selftests/kcmp: Make the test output consistent and clear (Gautam Menghani) - SUNRPC: Fix gss_free_in_token_pages() (Chuck Lever) - ext4: fix potential unnitialized variable (Dan Carpenter) - ext4: remove unused parameter from ext4_mb_new_blocks_simple() (Kemeng Shi) - ext4: try all groups in ext4_mb_new_blocks_simple (Kemeng Shi) - ext4: fix unit mismatch in ext4_mb_new_blocks_simple (Kemeng Shi) - ext4: simplify calculation of blkoff in ext4_mb_new_blocks_simple (Kemeng Shi) - sunrpc: removed redundant procp check (Aleksandr Aprelkov) - drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() (David Hildenbrand) - virt: acrn: stop using follow_pfn (Christoph Hellwig) - virt: acrn: Prefer array_size and struct_size over open coded arithmetic (Len Baker) - ext4: avoid excessive credit estimate in ext4_tmpfile() (Jan Kara) - x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map (Adrian Hunter) - clk: qcom: mmcc-msm8998: fix venus clock issue (Marc Gonzalez) - RDMA/hns: Modify the print level of CQE error (Chengchang Tang) - RDMA/hns: Use complete parentheses in macros (Chengchang Tang) - RDMA/hns: Fix GMV table pagesize (Chengchang Tang) - RDMA/hns: Fix deadlock on SRQ async events. (Chengchang Tang) - RDMA/hns: Fix return value in hns_roce_map_mr_sg (Zhengchao Shao) - RDMA/mlx5: Adding remote atomic access flag to updatable flags (Or Har-Toov) - drm/mipi-dsi: use correct return type for the DSC functions (Dmitry Baryshkov) - drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector (Marek Vasut) - drm/bridge: tc358775: Don't log an error when DSI host can't be found (Nicolas F. R. A. Prado) - drm/bridge: lt9611: Don't log an error when DSI host can't be found (Nicolas F. R. A. Prado) - drm/bridge: lt8912b: Don't log an error when DSI host can't be found (Nicolas F. R. A. Prado) - ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value (Steven Rostedt) - drm: vc4: Fix possible null pointer dereference (Aleksandr Mishin) - drm/arm/malidp: fix a possible null pointer dereference (Huai-Yuan Liu) - media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries (Zhipeng Lu) - fbdev: sh7760fb: allow modular build (Randy Dunlap) - media: dt-bindings: ovti,ov2680: Fix the power supply names (Fabio Estevam) - media: ipu3-cio2: Request IRQ earlier (Sakari Ailus) - media: ipu3-cio2: Use temporary storage for struct device pointer (Andy Shevchenko) - drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference (Aleksandr Mishin) - media: radio-shark2: Avoid led_names truncations (Ricardo Ribalda) - media: ngene: Add dvb_ca_en50221_init return value check (Aleksandr Burakov) - fbdev: sisfb: hide unused variables (Arnd Bergmann) - powerpc/fsl-soc: hide unused const variable (Arnd Bergmann) - drm/mediatek: Add 0 size check to mtk_drm_gem_obj (Justin Green) - drm/meson: vclk: fix calculation of 59.94 fractional rates (Christian Hewitt) - ASoC: kirkwood: Fix potential NULL dereference (Aleksandr Mishin) - fbdev: shmobile: fix snprintf truncation (Arnd Bergmann) - mtd: rawnand: hynix: fixed typo (Maxim Korotkov) - mtd: core: Report error if first mtd_otp_size() call fails in mtd_otp_nvmem_add() (Aapo Vienamo) - ASoC: Intel: Disable route checks for Skylake boards (Cezary Rojewski) - drm/amd/display: Fix potential index out of bounds in color transformation function (Srinivasan Shanmugam) - dev_printk: Add and use dev_no_printk() (Geert Uytterhoeven) - printk: Let no_printk() use _printk() (Geert Uytterhoeven) - mptcp: SO_KEEPALIVE: fix getsockopt support (Matthieu Baerts (NGI0)) - s390/bpf: Emit a barrier for BPF_FETCH instructions (Ilya Leoshkevich) - net/mlx5: Discard command completions in internal error (Akiva Goldberger) - ipv6: sr: fix invalid unregister error path (Hangbin Liu) - ipv6: sr: add missing seg6_local_exit (Hangbin Liu) - net: openvswitch: fix overwriting ct original tuple for ICMPv6 (Ilya Maximets) - net: usb: smsc95xx: stop lying about skb->truesize (Eric Dumazet) - af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (Breno Leitao) - net: ethernet: cortina: Locking fixes (Linus Walleij) - eth: sungem: remove .ndo_poll_controller to avoid deadlocks (Jakub Kicinski) - net: ipv6: fix wrong start position when receive hop-by-hop fragment (gaoxingwang) - m68k: mac: Fix reboot hang on Mac IIci (Finn Thain) - m68k: Fix spinlock race in kernel thread creation (Michael Schmitz) - net: usb: sr9700: stop lying about skb->truesize (Eric Dumazet) - usb: aqc111: stop lying about skb->truesize (Eric Dumazet) - wifi: mwl8k: initialize cmd->addr[] properly (Dan Carpenter) - scsi: qla2xxx: Fix debugfs output for fw_resource_count (Himanshu Madhani) - scsi: qedf: Ensure the copied buf is NUL terminated (Bui Quang Minh) - scsi: bfa: Ensure the copied buf is NUL terminated (Bui Quang Minh) - HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors (Chen Ni) - selftests/resctrl: fix clang build failure: use LOCAL_HDRS (John Hubbard) - selftests/binderfs: use the Makefile's rules, not Make's implicit rules (John Hubbard) - Revert 'sh: Handle calling csum_partial with misaligned data' (Guenter Roeck) - sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe() (Geert Uytterhoeven) - wifi: ar5523: enable proper endpoint verification (Nikita Zhandarovich) - wifi: carl9170: add a proper sanity check for endpoints (Nikita Zhandarovich) - macintosh/via-macii: Fix 'BUG: sleeping function called from invalid context' (Finn Thain) - net: give more chances to rcu in netdev_wait_allrefs_any() (Eric Dumazet) - pwm: sti: Simplify probe function using devm functions (Uwe Kleine-Konig) - pwm: sti: Prepare removing pwm_chip from driver data (Uwe Kleine-Konig) - pwm: sti: Convert to platform remove callback returning void (Uwe Kleine-Konig) - tcp: avoid premature drops in tcp_add_backlog() (Eric Dumazet) - net: dsa: mv88e6xxx: Avoid EEPROM timeout without EEPROM on 88E6250-family switches (Matthias Schiffer) - net: dsa: mv88e6xxx: Add support for model-specific pre- and post-reset handlers (Matthias Schiffer) - wifi: ath10k: populate board data for WCN3990 (Dmitry Baryshkov) - wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() (Su Hui) - thermal/drivers/tsens: Fix null pointer dereference (Aleksandr Mishin) - x86/purgatory: Switch to the position-independent small code model (Ard Biesheuvel) - scsi: hpsa: Fix allocation size for Scsi_Host private data (Yuri Karpov) - scsi: libsas: Fix the failure of adding phy with zero-address to port (Xingui Yang) - cppc_cpufreq: Fix possible null pointer dereference (Aleksandr Mishin) - udp: Avoid call to compute_score on multiple sites (Gabriel Krisman Bertazi) - net: remove duplicate reuseport_lookup functions (Lorenz Bauer) - net: export inet_lookup_reuseport and inet6_lookup_reuseport (Lorenz Bauer) - cpufreq: exit() callback is optional (Viresh Kumar) - cpufreq: Rearrange locking in cpufreq_remove_dev() (Rafael J. Wysocki) - cpufreq: Split cpufreq_offline() (Rafael J. Wysocki) - cpufreq: Reorganize checks in cpufreq_offline() (Rafael J. Wysocki) - selftests/bpf: Fix umount cgroup2 error in test_sockmap (Geliang Tang) - gfs2: Fix 'ignore unlock failures after withdraw' (Andreas Gruenbacher) - gfs2: Don't forget to complete delayed withdraw (Andreas Gruenbacher) - ACPI: disable -Wstringop-truncation (Arnd Bergmann) - irqchip/loongson-pch-msi: Fix off-by-one on allocation error path (Zenghui Yu) - irqchip/alpine-msi: Fix off-by-one in allocation error path (Zenghui Yu) - scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL (Andrew Halaney) - scsi: ufs: core: Perform read back after disabling interrupts (Andrew Halaney) - scsi: ufs: cdns-pltfrm: Perform read back after writing HCLKDIV (Andrew Halaney) - scsi: ufs: qcom: Perform read back after writing CGC enable (Andrew Halaney) - scsi: ufs: qcom: Perform read back after writing unipro mode (Andrew Halaney) - scsi: ufs: ufs-qcom: Clear qunipro_g4_sel for HW version major 5 (Abel Vesa) - scsi: ufs: ufs-qcom: Fix the Qcom register name for offset 0xD0 (Manivannan Sadhasivam) - scsi: ufs: qcom: Perform read back after writing REG_UFS_SYS1CLK_1US (Andrew Halaney) - scsi: ufs: qcom: Perform read back after writing reset bit (Andrew Halaney) - bpf: Pack struct bpf_fib_lookup (Anton Protopopov) - qed: avoid truncating work queue length (Arnd Bergmann) - sched/fair: Add EAS checks before updating root_domain::overutilized (Shrikanth Hegde) - wifi: ath10k: poll service ready message before failing (Baochen Qiang) - md: fix resync softlockup when bitmap size is less than array size (Yu Kuai) - null_blk: Fix missing mutex_destroy() at module removal (Zhu Yanjun) - soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE (Chun-Kuang Hu) - jffs2: prevent xattr node from overflowing the eraseblock (Ilya Denisyev) - s390/cio: fix tracepoint subchannel type field (Peter Oberparleiter) - crypto: x86/sha512-avx2 - add missing vzeroupper (Eric Biggers) - crypto: x86/sha256-avx2 - add missing vzeroupper (Eric Biggers) - crypto: x86/nh-avx2 - add missing vzeroupper (Eric Biggers) - crypto: ccp - drop platform ifdef checks (Arnd Bergmann) - parisc: add missing export of __cmpxchg_u8() (Al Viro) - nilfs2: fix out-of-range warning (Arnd Bergmann) - ecryptfs: Fix buffer size for tag 66 packet (Brian Kubisiak) - firmware: raspberrypi: Use correct device for DMA mappings (Laurent Pinchart) - mm/slub, kunit: Use inverted data to corrupt kmem cache (Guenter Roeck) - crypto: bcm - Fix pointer arithmetic (Aleksandr Mishin) - openpromfs: finish conversion to the new mount API (Eric Sandeen) - epoll: be better about file lifetimes (Linus Torvalds) - nvme: find numa distance only if controller has valid numa id (Nilay Shroff) - x86/mm: Remove broken vsyscall emulation code from the page fault code (Linus Torvalds) - drm/amdkfd: Flush the process wq before creating a kfd_process (Lancelot SIX) - ASoC: da7219-aad: fix usage of device_get_named_child_node() (Pierre-Louis Bossart) - softirq: Fix suspicious RCU usage in __do_softirq() (Zqiang) - ASoC: rt715-sdca: volume step modification (Jack Yu) - ASoC: rt715: add vendor clear control register (Jack Yu) - regulator: vqmmc-ipq4019: fix module autoloading (Krzysztof Kozlowski) - ASoC: dt-bindings: rt5645: add cbj sleeve gpio property (Derek Fang) - ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating (Derek Fang) - regulator: irq_helpers: duplicate IRQ name (Matti Vaittinen) - selftests: sud_test: return correct emulated syscall value on RISC-V (Clement Leger) - drm/amd/display: Set color_mgmt_changed to true on unsuspend (Joshua Ashton) - net: usb: qmi_wwan: add Telit FN920C04 compositions (Daniele Palmas) - dt-bindings: rockchip: grf: Add missing type to 'pcie-phy' node (Rob Herring) - wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class (Igor Artemiev) - ALSA: Fix deadlocks with kctl removals at disconnection (Takashi Iwai) - ALSA: core: Fix NULL module pointer assignment at card init (Takashi Iwai) - fs/ntfs3: Break dir enumeration if directory contents error (Konstantin Komarov) - fs/ntfs3: Fix case when index is reused during tree transformation (Konstantin Komarov) - fs/ntfs3: Taking DOS names into account during link counting (Konstantin Komarov) - fs/ntfs3: Remove max link count info display during driver init (Konstantin Komarov) - nilfs2: fix potential hang in nilfs_detach_log_writer() (Ryusuke Konishi) - nilfs2: fix unexpected freezing of nilfs_segctor_sync() (Ryusuke Konishi) - net: smc91x: Fix m68k kernel compilation for ColdFire CPU (Thorsten Blum) - tools/latency-collector: Fix -Wformat-security compile warns (Shuah Khan) - ring-buffer: Fix a race between readers and resize checks (Petr Pavlu) - r8169: Fix possible ring buffer corruption on fragmented Tx packets. (Ken Milmore) - Revert 'r8169: don't try to disable interrupts if NAPI is, scheduled already' (Heiner Kallweit) - serial: 8250_bcm7271: use default_mux_rate if possible (Doug Berger) - speakup: Fix sizeof() vs ARRAY_SIZE() bug (Dan Carpenter) - tty: n_gsm: fix missing receive state reset after mode switch (Daniel Starke) - tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (Daniel Starke) - x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (Daniel J Blueman) - LTS version: v5.15.160 (Vijayendra Suman) - docs: kernel_include.py: Cope with docutils 0.21 (Akira Yokosawa) - admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET (Thomas Weissschuh) - KEYS: trusted: Do not use WARN when encode fails (Jarkko Sakkinen) - remoteproc: mediatek: Make sure IPI buffer fits in L2TCM (AngeloGioacchino Del Regno) - serial: kgdboc: Fix NMI-safety problems from keyboard reset code (Daniel Thompson) - usb: typec: ucsi: displayport: Fix potential deadlock (Heikki Krogerus) - binder: fix max_thread type inconsistency (Carlos Llamas) - drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() (Srinivasan Shanmugam) - KVM: x86: Clear 'has_error_code', not 'error_code', for RM exception injection (Sean Christopherson) - netlink: annotate data-races around sk->sk_err (Eric Dumazet) - netlink: annotate lockless accesses to nlk->max_recvmsg_len (Eric Dumazet) - net: tls: handle backlogging of crypto requests (Jakub Kicinski) - tls: fix race between async notify and socket close (Jakub Kicinski) - net: tls: factor out tls_*crypt_async_wait() (Jakub Kicinski) - tls: extract context alloc/initialization out of tls_set_sw_offload (Sabrina Dubroca) - tls: rx: simplify async wait (Jakub Kicinski) - net: bcmgenet: synchronize UMAC_CMD access (Doug Berger) - net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access (Doug Berger) - KEYS: trusted: Fix memory leak in tpm2_key_encode() (Jarkko Sakkinen) - nfsd: don't allow nfsd threads to be signalled. (NeilBrown) - pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin() (Sergey Shtylyov) - drm/amd/display: Fix division by zero in setup_dsc_config (Jose Fernandez) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-41091 CVE-2024-41090 cpe:/a:oracle:linux:8::UEKR7 cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9::UEKR7 Oracle Linux 8 Oracle Linux 9 [5.15.0-210.163.7] - crypto: qat - specify firmware files for 402xx (Giovanni Cabiddu) [Orabug: 37030280] [5.15.0-210.163.6] - Revert 'Fix userfaultfd_api to return EINVAL as expected' (Vijayendra Suman) [Orabug: 37004422] [5.15.0-210.163.5] - Revert 'bpf: Allow reads from uninit stack' (Vijayendra Suman) [Orabug: 36992948] - selftests/vm: Fix build issue with pkey_sighandler_tests.c (Aruna Ramakrishna) [Orabug: 36992941] [5.15.0-210.163.4] - driver core: Fix uevent_show() vs driver detach race (Dan Williams) - ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (Jerome Brunet) - kdb: Use the passed prompt in kdb_position_cursor() (Douglas Anderson) - MIPS: Octeron: remove source file executable bit (Dominique Martinet) - sched: act_ct: take care of padding in struct zones_ht_key (Eric Dumazet) - ipvs: Avoid unnecessary calls to skb_is_gso_sctp (Ismael Luceno) - drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() (Dan Carpenter) - KVM: x86: check the kvm_cpu_get_interrupt result before using it (Maxim Levitsky) [Orabug: 36893301] - KVM: x86: VMX: set irr_pending in kvm_apic_update_irr (Maxim Levitsky) [Orabug: 36893301] - KVM: x86: VMX: __kvm_apic_update_irr must update the IRR atomically (Maxim Levitsky) [Orabug: 36893301] - KVM: x86: Allow APICv APIC ID inhibit to be cleared (Greg Edwards) [Orabug: 36839768] - printk: add kthread for long-running print (Stephen Brennan) [Orabug: 36456581] [5.15.0-210.163.3] - selftests/net: remove extra argument domain for do_recv_completions() (Samasth Norway Ananda) [Orabug: 36949448] - selftests/mm: Add new testcases for pkeys (Keith Lucas) [Orabug: 36943199] - x86/pkeys: Restore altstack access in sigreturn() (Aruna Ramakrishna) [Orabug: 36943199] - x86/pkeys: Update PKRU to enable all pkeys before XSAVE (Aruna Ramakrishna) [Orabug: 36943199] - x86/pkeys: Add helper functions to update PKRU on the sigframe (Aruna Ramakrishna) [Orabug: 36943199] - x86/pkeys: Add PKRU as a parameter in signal handling functions (Aruna Ramakrishna) [Orabug: 36943199] - x86/signal/64: Move 64-bit signal code to its own file (Brian Gerst) [Orabug: 36943199] - x86/signal/32: Merge native and compat 32-bit signal code (Brian Gerst) [Orabug: 36943199] - x86/signal: Add ABI prefixes to frame setup functions (Brian Gerst) [Orabug: 36943199] - x86/signal: Merge get_sigframe() (Brian Gerst) [Orabug: 36943199] - x86: Remove __USER32_DS (Brian Gerst) [Orabug: 36943199] - signal/compat: Remove compat_sigset_t override (Brian Gerst) [Orabug: 36943199] - x86/signal: Remove sigset_t parameter from frame setup functions (Brian Gerst) [Orabug: 36943199] - x86/signal: Remove sig parameter from frame setup functions (Brian Gerst) [Orabug: 36943199] [5.15.0-210.163.2] - fsnotify: clear PARENT_WATCHED flags lazily (Amir Goldstein) [Orabug: 36922239] - net: mana: Fix possible double free in error handling path (Ma Ke) [Orabug: 36897038] {CVE-2024-42069} - x86/aperfmperf: Dont wake idle CPUs in arch_freq_get_on_cpu() (Thomas Gleixner) [Orabug: 35773810] - xfs: fix agf/agfl verification on v4 filesystems (Mark Tinguely) [Orabug: 35623655] [5.15.0-210.163.1] - net: relax socket state check at accept time. (Paolo Abeni) [Orabug: 36768888] {CVE-2024-36484} - LTS version: v5.15.163 (Vijayendra Suman) - i2c: rcar: fix error code in probe() (Dan Carpenter) - kbuild: Make ld-version.sh more robust against version string changes (Nathan Chancellor) - x86/entry/64: Remove obsolete comment on tracing vs. SYSRET (Brian Gerst) - i2c: rcar: clear NO_RXDMA flag after resetting (Wolfram Sang) - i2c: testunit: avoid re-issued work after read message (Wolfram Sang) - i2c: rcar: ensure Gen3+ reset does not disturb local targets (Wolfram Sang) - i2c: rcar: introduce Gen4 devices (Wolfram Sang) - i2c: rcar: reset controller is mandatory for Gen3+ (Wolfram Sang) - i2c: rcar: Add R-Car Gen4 support (Geert Uytterhoeven) - i2c: mark HostNotify target address as used (Wolfram Sang) - i2c: rcar: bring hardware to known state when probing (Wolfram Sang) - nilfs2: fix kernel bug on rename operation of broken directory (Ryusuke Konishi) [Orabug: 36896820] {CVE-2024-41034} - bpf: Allow reads from uninit stack (Eduard Zingerman) - ipv6: prevent NULL dereference in ip6_output() (Eric Dumazet) [Orabug: 36683273] {CVE-2024-36901} - ipv6: annotate data-races around cnf.disable_ipv6 (Eric Dumazet) - wireguard: send: annotate intentional data race in checking empty queue (Jason A. Donenfeld) - wireguard: queueing: annotate intentional data race in cpu round robin (Jason A. Donenfeld) - wireguard: allowedips: avoid unaligned 64-bit memory accesses (Helge Deller) [Orabug: 36930166] {CVE-2024-42247} - libceph: fix race between delayed_work() and ceph_monc_stop() (Ilya Dryomov) [Orabug: 36930127] {CVE-2024-42232} - Fix userfaultfd_api to return EINVAL as expected (Audra Mitchell) [Orabug: 36896804] {CVE-2024-41027} - ALSA: hda/realtek: Limit mic boost on VAIO PRO PX (Edson Juliano Drosdeck) - ALSA: hda/realtek: Enable Mute LED on HP 250 G7 (Nazar Bilinskyi) - ALSA: hda/realtek: add quirk for Clevo V5[46]0TU (Michal Kopec) - nvmem: core: only change name to fram for current attribute (Thomas Weissschuh) - nvmem: meson-efuse: Fix return value of nvmem callbacks (Joy Chakraborty) - nvmem: rmem: Fix return value of rmem_read() (Joy Chakraborty) - hpet: Support 32-bit userspace (He Zhe) - USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (Alan Stern) [Orabug: 36896825] {CVE-2024-41035} - usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() (Lee Jones) [Orabug: 36930137] {CVE-2024-42236} - USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k (WangYuli) - USB: serial: mos7840: fix crash on resume (Dmitry Smirnov) [Orabug: 36930153] {CVE-2024-42244} - USB: serial: option: add Rolling RW350-GL variants (Vanillan Wang) - USB: serial: option: add Netprisma LCUK54 series modules (Mank Wang) - USB: serial: option: add support for Foxconn T99W651 (Slark Xiao) - USB: serial: option: add Fibocom FM350-GL (Bjorn Mork) - USB: serial: option: add Telit FN912 rmnet compositions (Daniele Palmas) - USB: serial: option: add Telit generic core-dump composition (Daniele Palmas) - net: ks8851: Fix potential TX stall after interface reopen (Ronald Wahl) - tcp: avoid too many retransmit packets (Eric Dumazet) [Orabug: 36841815] {CVE-2024-41007} - tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() (Eric Dumazet) - octeontx2-af: fix issue with IPv4 match for RSS (Satheesh Paul) - octeontx2-af: fix issue with IPv6 ext match for RSS (Kiran Kumar K) - octeontx2-af: extend RSS supported offload types (Kiran Kumar K) - octeontx2-af: fix detection of IP layer (Michal Mazur) - octeontx2-af: fix a issue with cpt_lf_alloc mailbox (Srujana Challa) - octeontx2-af: update cpt lf alloc mailbox (Srujana Challa) - octeontx2-af: replace cpt slot with lf id on reg write (Nithin Dabilpuram) - ARM: davinci: Convert comma to semicolon (Chen Ni) - s390: Mark psw in __load_psw_mask() as __unitialized (Sven Schnelle) - net/sched: Fix UAF when resolving a clash (Chengen Du) [Orabug: 36896837] {CVE-2024-41040} - udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). (Kuniyuki Iwashima) [Orabug: 36896841] {CVE-2024-41041} - ethtool: netlink: do not return SQI value if link is down (Oleksij Rempel) - ppp: reject claimed-as-LCP but actually malformed packets (Dmitry Antipov) [Orabug: 36896855] {CVE-2024-41044} - net: ethernet: mtk-star-emac: set mac_managed_pm when probing (Jian Hui Lee) - net: ethernet: lantiq_etop: fix double free in detach (Aleksander Jan Bajkowski) [Orabug: 36896862] {CVE-2024-41046} - net: lantiq_etop: add blank line after declaration (Aleksander Jan Bajkowski) - i40e: Fix XDP program unloading while removing the driver (Michal Kubiak) [Orabug: 36896869] {CVE-2024-41047} - net: fix rc7's __skb_datagram_iter() (Hugh Dickins) - octeontx2-af: Fix incorrect value output on error path in rvu_check_rsrc_availability() (Aleksandr Mishin) - skmsg: Skip zero length skb in sk_msg_recvmsg (Geliang Tang) [Orabug: 36896872] {CVE-2024-41048} - tcp: fix incorrect undo caused by DSACK of TLP retransmit (Neal Cardwell) - vfs: don't mod negative dentry count when on shrinker list (Brian Foster) - fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading (linke li) - filelock: fix potential use-after-free in posix_lock_inode (Jeff Layton) [Orabug: 36896875] {CVE-2024-41049} - nilfs2: fix incorrect inode allocation from reserved inodes (Ryusuke Konishi) - null_blk: Do not allow runt zone with zone capacity smaller then zone size (Damien Le Moal) - nfc/nci: Add the inconsistency check between the input data length and count (Edward Adam Davis) [Orabug: 36897796] {CVE-2024-42130} - kbuild: fix short log for AS in link-vmlinux.sh (Masahiro Yamada) - nvmet: fix a possible leak when destroy a ctrl during qp establishment (Sagi Grimberg) [Orabug: 36897901] {CVE-2024-42152} - platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro (hmtheboy154) - platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6' tablet (hmtheboy154) - regmap-i2c: Subtract reg size from max_write (Jim Wylder) - nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset (Kundan Kumar) - dma-mapping: benchmark: avoid needless copy_to_user if benchmark fails (Fedor Pchelkin) - nvme-multipath: find NUMA path only for online numa-node (Nilay Shroff) - ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 (Jian-Hong Pan) - fs/ntfs3: Mark volume as dirty if xattr is broken (Konstantin Komarov) - i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr (Piotr Wojtaszczyk) [Orabug: 36897908] {CVE-2024-42153} - clk: qcom: gcc-sm6350: Fix gpll6* & gpll7 parents (Luca Weiss) - media: dw2102: fix a potential buffer overflow (Mauro Carvalho Chehab) - ima: Avoid blocking in RCU read-side critical section (GUO Zihua) [Orabug: 36835827] {CVE-2024-40947} - bnx2x: Fix multiple UBSAN array-index-out-of-bounds (Ghadi Elie Rahme) [Orabug: 36897884] {CVE-2024-42148} - mtd: rawnand: rockchip: ensure NVDDR timings are rejected (Val Packett) - mtd: rawnand: Bypass a couple of sanity checks during NAND identification (Miquel Raynal) - mtd: rawnand: Ensure ECC configuration is propagated to upper layers (Miquel Raynal) - drm/amdgpu/atomfirmware: silence UBSAN warning (Alex Deucher) - drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (Ma Ke) [Orabug: 36897639] {CVE-2024-42101} - fsnotify: Do not generate events for O_PATH file descriptors (Jan Kara) - can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct (Jimmy Assarsson) - Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot (Zijun Hu) [Orabug: 36897825] {CVE-2024-42137} - btrfs: fix adding block group to a reclaim list and the unused list during reclaim (Naohiro Aota) [Orabug: 36934739] {CVE-2024-42103} - mm: avoid overflows in dirty throttling logic (Jan Kara) [Orabug: 36897802] {CVE-2024-42131} - mm: optimize the redundant loop of mm_update_owner_next() (Jinliang Zheng) - nilfs2: add missing check for inode numbers on directory entries (Ryusuke Konishi) [Orabug: 36897651] {CVE-2024-42104} - nilfs2: fix inode number range checks (Ryusuke Konishi) [Orabug: 36897657] {CVE-2024-42105} - Revert 'igc: fix a log entry using uninitialized netdev' (Sasha Neftin) - gpiolib: of: add polarity quirk for TSC2005 (Dmitry Torokhov) - gpiolib: of: add a quirk for reset line polarity for Himax LCDs (Dmitry Torokhov) - gpiolib: of: factor out code overriding gpio line polarity (Dmitry Torokhov) - inet_diag: Initialize pad field in struct inet_diag_req_v2 (Shigeru Yoshida) [Orabug: 36897665] {CVE-2024-42106} - selftests: make order checking verbose in msg_zerocopy selftest (Zijian Zhang) - selftests: fix OOM in msg_zerocopy selftest (Zijian Zhang) - bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (Sam Sun) [Orabug: 36825247] {CVE-2024-39487} - netfilter: nf_tables: unconditionally flush pending work before notifier (Florian Westphal) [Orabug: 36897676] {CVE-2024-42109} - riscv: kexec: Avoid deadlock in kexec crash path (Song Shuai) [Orabug: 36897831] {CVE-2024-42140} - wifi: wilc1000: fix ies_len type in connect path (Jozef Hopko) - net: allow skb_datagram_iter to be called from any context (Sagi Grimberg) - e1000e: Fix S0ix residency on corporate systems (Dima Ruinskiy) - KVM: s390: fix LPSWEY handling (Christian Borntraeger) - tcp_metrics: validate source addr length (Jakub Kicinski) [Orabug: 36897914] {CVE-2024-42154} - UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (Neal Cardwell) - tools/power turbostat: Remember global max_die_id (Len Brown) - s390/pkey: Wipe sensitive data on failure (Holger Dengler) [Orabug: 36897933] {CVE-2024-42157} - jffs2: Fix potential illegal address access in jffs2_free_inode (Wang Yong) [Orabug: 36897693] {CVE-2024-42115} - bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD (Jose E. Marchesi) [Orabug: 36897964] {CVE-2024-42161} - igc: fix a log entry using uninitialized netdev (Corinna Vinschen) [Orabug: 36897705] {CVE-2024-42116} - powerpc/xmon: Check cpu id in commands 'c#', 'dp#' and 'dx#' (Greg Kurz) - kunit: Fix timeout message (Mickael Salaun) - orangefs: fix out-of-bounds fsid access (Mike Marshall) [Orabug: 36897836] {CVE-2024-42143} - powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n (Michael Ellerman) - i2c: i801: Annotate apanel_addr as __ro_after_init (Heiner Kallweit) - media: dvb-frontends: tda10048: Fix integer overflow (Ricardo Ribalda) [Orabug: 36897975] {CVE-2024-42223} - media: s2255: Use refcount_t instead of atomic_t for num_channels (Ricardo Ribalda) - media: dvb-frontends: tda18271c2dd: Remove casting during div (Ricardo Ribalda) - net: dsa: mv88e6xxx: Correct check for empty list (Simon Horman) [Orabug: 36897981] {CVE-2024-42224} - wifi: mt76: replace skb_put with skb_put_zero (Felix Fietkau) [Orabug: 36897988] {CVE-2024-42225} - Input: ff-core - prefer struct_size over open coded arithmetic (Erick Archer) - firmware: dmi: Stop decoding on broken entry (Jean Delvare) - sctp: prefer struct_size over open coded arithmetic (Erick Archer) - media: dw2102: Don't translate i2c read into write (Michael Bunk) - drm/amd/display: Skip finding free audio for unknown engine_id (Alex Hung) [Orabug: 36897725] {CVE-2024-42119} - drm/amd/display: Check pipe offset before setting vblank (Alex Hung) [Orabug: 36897731] {CVE-2024-42120} - drm/amd/display: Check index msg_id before read or write (Alex Hung) [Orabug: 36897738] {CVE-2024-42121} - drm/amdgpu: Initialize timestamp for some legacy SOCs (Ma Jun) - crypto: aead,cipher - zeroize key buffer after use (Hailey Mothershead) [Orabug: 36898013] {CVE-2024-42229} - scsi: qedf: Make qedf_execute_tmf() non-preemptible (John Meneghini) [Orabug: 36897759] {CVE-2024-42124} - IB/core: Implement a limit on UMAD receive List (Michael Guralnik) [Orabug: 36897846] {CVE-2024-42145} - media: dvb-usb: dib0700_devices: Add missing release_firmware() (Ricardo Ribalda) - media: dvb: as102-fe: Fix as10x_register_addr packing (Ricardo Ribalda) - drm/lima: fix shared irq handling on driver remove (Erico Nunes) [Orabug: 36897778] {CVE-2024-42127} - locking/mutex: Introduce devm_mutex_init() (George Stark) - Compiler Attributes: Add __uninitialized macro (Heiko Carstens) - LTS version: v5.15.162 (Vijayendra Suman) - serial: 8250_omap: Fix Errata i2310 with RX FIFO level check (Udit Kumar) - arm64: dts: rockchip: Add sound-dai-cells for RK3368 (Alex Bee) - arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E (FUKAUMI Naoki) - ARM: dts: rockchip: rk3066a: add #sound-dai-cells to hdmi node (Johan Jonker) - KVM: arm64: vgic-v4: Make the doorbell request robust w.r.t preemption (Marc Zyngier) - efi/x86: Free EFI memory map only when installing a new one. (Ard Biesheuvel) - efi: xen: Set EFI_PARAVIRT for Xen dom0 boot on all architectures (Ard Biesheuvel) - efi: memmap: Move manipulation routines into x86 arch tree (Ard Biesheuvel) - efi: Correct comment on efi_memmap_alloc (Liu Zixian) - drivers: fix typo in firmware/efi/memmap.c (Zheng Zhi Yuan) - tcp: Fix data races around icsk->icsk_af_ops. (Kuniyuki Iwashima) [Orabug: 34719865] {CVE-2022-3566} - ipv6: Fix data races around sk->sk_prot. (Kuniyuki Iwashima) [Orabug: 34719905] {CVE-2022-3567} - ipv6: annotate some data-races around sk->sk_prot (Eric Dumazet) - nfs: Leave pages in the pagecache if readpage failed (Matthew Wilcox (Oracle)) - pwm: stm32: Refuse too small period requests (Uwe Kleine-Konig) - syscalls: fix sys_fanotify_mark prototype (Arnd Bergmann) - syscalls: fix compat_sys_io_pgetevents_time64 usage (Arnd Bergmann) - ftruncate: pass a signed offset (Arnd Bergmann) [Orabug: 36897557] {CVE-2024-42084} - ata: libata-core: Fix double free on error (Niklas Cassel) [Orabug: 36897373] {CVE-2024-41087} - ata: ahci: Clean up sysfs file on error (Niklas Cassel) - batman-adv: Don't accept TT entries for out-of-spec VIDs (Sven Eckelmann) - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (Ma Ke) [Orabug: 36897379] {CVE-2024-41089} - drm/i915/gt: Fix potential UAF by revoke of fence registers (Janusz Krzysztofik) [Orabug: 36897385] {CVE-2024-41092} - drm/amdgpu: avoid using null object of framebuffer (Julia Zhang) [Orabug: 36897435] {CVE-2024-41093} - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (Ma Ke) [Orabug: 36897442] {CVE-2024-41095} - hexagon: fix fadvise64_64 calling conventions (Arnd Bergmann) - csky, hexagon: fix broken sys_sync_file_range (Arnd Bergmann) - sh: rework sync_file_range ABI (Arnd Bergmann) - kbuild: Install dtb files as 0644 in Makefile.dtbinst (Dragan Simic) - cpu/hotplug: Fix dynstate assignment in __cpuhp_setup_state_cpuslocked() (Yuntao Wang) - net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new (Oleksij Rempel) - net: can: j1939: recover socket queue on CAN bus error during BAM transmission (Oleksij Rempel) - net: can: j1939: Initialize unused data in j1939_send_one() (Shigeru Yoshida) [Orabug: 36897515] {CVE-2024-42076} - tty: mcf: MCF54418 has 10 UARTS (Jean-Michel Hautbois) - serial: 8250_omap: Implementation of Errata i2310 (Udit Kumar) [Orabug: 36897613] {CVE-2024-42095} - usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock (Meng Li) [Orabug: 36897563] {CVE-2024-42085} - usb: atm: cxacru: fix endpoint checking in cxacru_bind() (Nikita Zhandarovich) [Orabug: 36897450] {CVE-2024-41097} - usb: musb: da8xx: fix a resource leak in probe() (Dan Carpenter) - usb: gadget: printer: fix races against disable (Oliver Neukum) - usb: gadget: printer: SS+ support (Oliver Neukum) - net: usb: ax88179_178a: improve link status logs (Jose Ignacio Tornos Martinez) - iio: chemical: bme680: Fix sensor data read operation (Vasileios Amoiridis) - iio: chemical: bme680: Fix overflows in compensate() functions (Vasileios Amoiridis) [Orabug: 36897565] {CVE-2024-42086} - iio: chemical: bme680: Fix calibration data variable (Vasileios Amoiridis) - iio: chemical: bme680: Fix pressure value output (Vasileios Amoiridis) - iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF (Alexander Sverdlin) - iio: adc: ad7266: Fix variable checking bug (Fernando Yang) - i2c: testunit: discard write requests while old command is running (Wolfram Sang) - i2c: testunit: don't erase registers after STOP (Wolfram Sang) - mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() (Adrian Hunter) - mmc: sdhci: Do not invert write-protect twice (Adrian Hunter) - mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos (Ilpo Jarvinen) - ocfs2: fix DIO failure due to insufficient transaction credits (Jan Kara) [Orabug: 36897528] {CVE-2024-42077} - parisc: use generic sys_fanotify_mark implementation (Arnd Bergmann) - x86: stop playing stack games in profile_pc() (Linus Torvalds) [Orabug: 36897615] {CVE-2024-42096} - gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1) (Kent Gibson) - gpio: davinci: Validate the obtained number of IRQs (Aleksandr Mishin) [Orabug: 36897598] {CVE-2024-42092} - drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA (Liu Ying) - nvme: fixup comment for nvme RDMA Provider Type (Hannes Reinecke) - drm/radeon/radeon_display: Decrease the size of allocated memory (Erick Archer) - soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message (Andrew Davis) - media: dvbdev: Initialize sbuf (Ricardo Ribalda) - ALSA: emux: improve patch ioctl data validation (Oswald Buddenhagen) [Orabug: 36897623] {CVE-2024-42097} - crypto: ecdh - explicitly zeroize private_key (Joachim Vandersmissen) [Orabug: 36897630] {CVE-2024-42098} - net/dpaa2: Avoid explicit cpumask var allocation on stack (Dawei Li) [Orabug: 36897601] {CVE-2024-42093} - net/iucv: Avoid explicit cpumask var allocation on stack (Dawei Li) [Orabug: 36897607] {CVE-2024-42094} - RDMA/restrack: Fix potential invalid address access (Wenchao Hao) [Orabug: 36897540] {CVE-2024-42080} - bpf: Add a check for struct bpf_fib_lookup size (Anton Protopopov) - mtd: partitions: redboot: Added conversion of operands to a larger type (Denis Arefev) - x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup (Uros Bizjak) - vduse: Temporarily fail if control queue feature requested (Maxime Coquelin) - vduse: validate block features only with block devices (Maxime Coquelin) - drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep (Laurent Pinchart) [Orabug: 36897569] {CVE-2024-42087} - bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro() (Christophe Leroy) [Orabug: 36897491] {CVE-2024-42068} - netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (Pablo Neira Ayuso) [Orabug: 36897499] {CVE-2024-42070} - tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (Neal Cardwell) - parisc: use correct compat recv/recvfrom syscalls (Arnd Bergmann) - sparc: fix compat recv/recvfrom syscalls (Arnd Bergmann) - sparc: fix old compat_sys_select() (Arnd Bergmann) - Fix race for duplicate reqsk on identical SYN (luoxuanqiang) - xdp: Remove WARN() from __xdp_reg_mem_model() (Daniil Dulov) [Orabug: 36897553] {CVE-2024-42082} - net: phy: micrel: add Microchip KSZ 9477 to the device table (Enguerrand de Ribaucourt) - ibmvnic: Free any outstanding tx skbs during scrq reset (Nick Child) - net: dsa: microchip: fix initial port flush problem (Tristram Ha) - ASoC: fsl-asoc-card: set priv->pdev before using it (Elinor Montmasson) [Orabug: 36897577] {CVE-2024-42089} - net: stmmac: Assign configured channel value to EXTTS event (Oleksij Rempel) - net: mdio: add helpers to extract clause 45 regad and devad fields (Russell King (Oracle)) - drm/amdgpu: fix UBSAN warning in kv_dpm.c (Alex Deucher) [Orabug: 36835991] {CVE-2024-40987} - cifs: fix typo in module parameter enable_gcm_256 (Steve French) - pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set (Huang-Huang Bao) - pinctrl: rockchip: use dedicated pinctrl type for RK3328 (Huang-Huang Bao) - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins (Huang-Huang Bao) - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins (Huang-Huang Bao) - pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (Hagar Hemdan) [Orabug: 36897585] {CVE-2024-42090} - Input: ili210x - fix ili251x_read_touch_data() return value (John Keeping) - gve: Clear napi->skb before dev_kfree_skb_any() (Ziwei Xiao) [Orabug: 36835798] {CVE-2024-40937} - gve: Add RX context. (David Awogbemila) - ACPI: x86: Force StorageD3Enable on more products (Mario Limonciello) - ACPI: x86: utils: Add Picasso to the list for forcing StorageD3Enable (Mario Limonciello) - smb: client: fix deadlock in smb2_find_smb_tcon() (Enzo Matsumiya) [Orabug: 36774640] {CVE-2024-39468} - x86/amd_nb: Check for invalid SMN reads (Yazen Ghannam) - PCI: Add PCI_ERROR_RESPONSE and related definitions (Naveen Naidu) - perf/core: Fix missing wakeup when waiting for context reference (Haifeng Xu) - riscv: fix overlap of allocated page and PTR_ERR (Nam Cao) - riscv: mm: init: try best to use IS_ENABLED(CONFIG_64BIT) instead of #ifdef (Jisheng Zhang) - kheaders: explicitly define file modes for archived headers (Matthias Maennich) - Revert 'kheaders: substituting --sort in archive creation' (Masahiro Yamada) - drm/i915/gt: Disarm breadcrumbs if engines are already idle (Chris Wilson) - drm/i915/gt: Only kick the signal worker if there's been an update (Chris Wilson) - ksmbd: ignore trailing slashes in share paths (Nandor Kracser) - x86/cpu: Fix x86_match_cpu() to match just X86_VENDOR_INTEL (Tony Luck) - x86/cpu/vfm: Add new macros to work with (vendor/family/model) values (Tony Luck) - tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test (Jeff Johnson) - bcache: fix variable length array abuse in btree_iter (Matthew Mirvish) [Orabug: 36809293] {CVE-2024-39482} - pmdomain: ti-sci: Fix duplicate PD referrals (Tomi Valkeinen) - wifi: rtlwifi: rtl8192de: Fix 5 GHz TX power (Bitterblue Smith) - rtlwifi: rtl8192de: Style clean-ups (Kees Cook) - ARM: dts: samsung: smdk4412: fix keypad no-autorepeat (Krzysztof Kozlowski) - ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat (Krzysztof Kozlowski) - ARM: dts: samsung: smdkv310: fix keypad no-autorepeat (Krzysztof Kozlowski) - perf script: Show also errors for --insn-trace option (Adrian Hunter) - perf: script: add raw|disasm arguments to --insn-trace option (Changbin Du) - drm/amd/display: revert Exit idle optimizations before HDCP execution (Martin Leung) - arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc (Frank Li) - dt-bindings: i2c: google,cros-ec-i2c-tunnel: correct path to i2c-controller schema (Krzysztof Kozlowski) - i2c: ocores: set IACK bit after core is enabled (Grygorii Tertychnyi) - tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack() (Eric Dumazet) - kcov: don't lose track of remote references during softirqs (Aleksandr Nogikh) - gcov: add support for GCC 14 (Peter Oberparleiter) - drm/radeon: fix UBSAN warning in kv_dpm.c (Alex Deucher) [Orabug: 36835996] {CVE-2024-40988} - drm/i915/mso: using joiner is not possible with eDP MSO (Jani Nikula) - ALSA: hda/realtek: Limit mic boost on N14AP7 (Edson Juliano Drosdeck) - KVM: x86: Always sync PIR to IRR prior to scanning I/O APIC routes (Sean Christopherson) - btrfs: retry block group reclaim without infinite loop (Boris Burkov) - net: do not leave a dangling sk pointer, when socket creation fails (Ignat Korchagin) - serial: stm32: rework RX over DMA (Erwan Le Ray) - RDMA/mlx5: Add check for srq max_sge attribute (Patrisious Haddad) [Orabug: 36836003] {CVE-2024-40990} - ACPICA: Revert 'ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.' (Raju Rangoju) - regulator: bd71815: fix ramp values (Kalle Niemi) - dmaengine: ioatdma: Fix missing kmem_cache_destroy() (Nikita Shubin) - dmaengine: ioatdma: Fix kmemleak in ioat_pci_probe() (Nikita Shubin) - dmaengine: ioatdma: Fix error path in ioat3_dma_probe() (Nikita Shubin) - dmaengine: ioat: use PCI core macros for PCIe Capability (Bjorn Helgaas) - dmaengine: ioatdma: Fix leaking on version mismatch (Nikita Shubin) - dmaengine: ioat: Drop redundant pci_enable_pcie_error_reporting() (Bjorn Helgaas) - dmaengine: ioat: switch from 'pci_' to 'dma_' API (Qing Wang) - dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (Li RongQing) [Orabug: 36835844] {CVE-2024-40956} - regulator: core: Fix modpost error 'regulator_get_regmap' undefined (Biju Das) - net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings (Oliver Neukum) - bnxt_en: Restore PTP tx_avail count in case of skb_pad() error (Pavan Chebbi) - seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors (Jianguo Wu) [Orabug: 36835846] {CVE-2024-40957} - netfilter: ipset: Fix suspicious rcu_dereference_protected() (Jozsef Kadlecsik) [Orabug: 36836326] {CVE-2024-40993} - octeontx2-pf: Add error handling to VLAN unoffload handling (Simon Horman) - virtio_net: checksum offloading handling fix (Heng Qi) - net: stmmac: No need to calculate speed divider when offload is disabled (Xiaolei Wang) - ptp: fix integer overflow in max_vclocks_store (Dan Carpenter) [Orabug: 36836016] {CVE-2024-40994} - sched: act_ct: add netns into the key of tcf_ct_flow_table (Xin Long) - net/sched: act_ct: set 'net' pointer when creating new nf_flow_table (Vlad Buslov) - tipc: force a dst refcount before doing decryption (Xin Long) [Orabug: 36835980] {CVE-2024-40983} - net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (David Ruth) [Orabug: 36836018] {CVE-2024-40995} - net/sched: act_api: rely on rcu in tcf_idr_check_alloc (Pedro Tammela) - qca_spi: Make interrupt remembering atomic (Stefan Wahren) - netns: Make get_net_ns() handle zero refcount net (Yue Haibing) [Orabug: 36835848] {CVE-2024-40958} - xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (Eric Dumazet) [Orabug: 36835851] {CVE-2024-40959} - ipv6: prevent possible NULL dereference in rt6_probe() (Eric Dumazet) [Orabug: 36835856] {CVE-2024-40960} - ipv6: prevent possible NULL deref in fib6_nh_init() (Eric Dumazet) [Orabug: 36835861] {CVE-2024-40961} - netrom: Fix a memory leak in nr_heartbeat_expiry() (Gavrilov Ilia) [Orabug: 36836085] {CVE-2024-41006} - cipso: fix total option length computation (Ondrej Mosnacek) - tracing: Build event generation tests only as modules (Masami Hiramatsu (Google)) - mips: bmips: BCM6358: make sure CBR is correctly set (Christian Marangi) [Orabug: 36835869] {CVE-2024-40963} - MIPS: Routerboard 532: Fix vendor retry check code (Ilpo Jarvinen) - serial: exar: adding missing CTI and Exar PCI ids (Parker Newman) - serial: imx: Introduce timeout when waiting on transmitter empty (Esben Haabendal) [Orabug: 36835886] {CVE-2024-40967} - MIPS: Octeon: Add PCIe link status check (Songyang Li) [Orabug: 36835892] {CVE-2024-40968} - PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (Mario Limonciello) - udf: udftime: prevent overflow in udf_disk_stamp_to_time() (Roman Smirnov) - Avoid hw_desc array overrun in dw-axi-dmac (Joao Pinto) [Orabug: 36835903] {CVE-2024-40970} - usb: misc: uss720: check for incompatible versions of the Belkin F5U002 (Alex Henrie) - f2fs: remove clear SB_INLINECRYPT flag in default_options (Yunlei He) [Orabug: 36835908] {CVE-2024-40971} - iommu/arm-smmu-v3: Free MSIs in case of ENOMEM (Aleksandr Aprelkov) - power: supply: cros_usbpd: provide ID table for avoiding fallback match (Tzung-Bi Shih) - powerpc/io: Avoid clang null pointer arithmetic warnings (Michael Ellerman) - powerpc/pseries: Enforce hcall result buffer validity and size (Nathan Lynch) [Orabug: 36835925] {CVE-2024-40974} - drm/lima: mask irqs in timeout path before hard reset (Erico Nunes) [Orabug: 36835935] {CVE-2024-40976} - drm/lima: add mask irq callback to gp and pp (Erico Nunes) - drm/amd/display: Exit idle optimizations before HDCP execution (Nicholas Kazlauskas) - Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl (Uri Arev) - ACPI: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7 (Takashi Iwai) - HID: Add quirk for Logitech Casa touchpad (Sean O'Brien) - netpoll: Fix race condition in netpoll_owner_active (Breno Leitao) [Orabug: 36836079] {CVE-2024-41005} - kselftest: arm64: Add a null pointer check (Kunwu Chan) - scsi: qedi: Fix crash while reading debugfs attribute (Manish Rangankar) [Orabug: 36835946] {CVE-2024-40978} - drop_monitor: replace spin_lock by raw_spin_lock (Wander Lairson Costa) [Orabug: 36835959] {CVE-2024-40980} - af_packet: avoid a false positive warning in packet_setsockopt() (Eric Dumazet) - wifi: ath9k: work around memset overflow warning (Arnd Bergmann) - batman-adv: bypass empty buckets in batadv_purge_orig_ref() (Eric Dumazet) [Orabug: 36835965] {CVE-2024-40981} - selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (Yonghong Song) - selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (Alessandro Carminati (Red Hat)) - block/ioctl: prefer different overflow check (Justin Stitt) [Orabug: 36836043] {CVE-2024-41000} - rcutorture: Fix invalid context warning when enable srcu barrier testing (Zqiang) - rcutorture: Make stall-tasks directly exit when rcutorture tests end (Zqiang) - rcutorture: Fix rcu_torture_one_read() pipe_count overflow comment (Paul E. McKenney) - crypto: hisilicon/sec - Fix memory leak for sec resource release (Chenghai Huang) [Orabug: 36836053] {CVE-2024-41002} - padata: Disable BH when taking works lock on MT path (Herbert Xu) - Bluetooth: qca: fix info leak when fetching board id (Johan Hovold) [Orabug: 36934735] {CVE-2024-36033} - Bluetooth: qca: Fix error code in qca_read_fw_build_info() (Dan Carpenter) - zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING (Oleg Nesterov) - i2c: designware: Fix the functionality flags of the slave-only interface (Jean Delvare) - i2c: at91: Fix the functionality flags of the slave-only interface (Jean Delvare) - usb-storage: alauda: Check whether the media is initialized (Shichao Lai) [Orabug: 36753733] {CVE-2024-38619} - greybus: Fix use-after-free bug in gb_interface_release due to race condition. (Sicong Huang) [Orabug: 36835563] {CVE-2024-39495} - kbuild: Remove support for Clang's ThinLTO caching (Nathan Chancellor) - mptcp: pm: update add_addr counters after connect (YonglongLi) - mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (YonglongLi) - hugetlb_encode.h: fix undefined behaviour (34 << 26) (Matthias Goergens) - serial: 8250_pxa: Configure tx_loadsz to match FIFO IRQ level (Doug Brown) - mm/huge_memory: don't unpoison huge_zero_folio (Miaohe Lin) [Orabug: 36835742] {CVE-2024-40914} - scsi: mpi3mr: Fix ATA NCQ priority support (Damien Le Moal) - tick/nohz_full: Don't abuse smp_call_function_single() in tick_setup_device() (Oleg Nesterov) - nilfs2: fix potential kernel bug due to lack of writeback flag waiting (Ryusuke Konishi) [Orabug: 36774570] {CVE-2024-37078} - intel_th: pci: Add Lunar Lake support (Alexander Shishkin) - intel_th: pci: Add Meteor Lake-S support (Alexander Shishkin) - intel_th: pci: Add Sapphire Rapids SOC support (Alexander Shishkin) - intel_th: pci: Add Granite Rapids SOC support (Alexander Shishkin) - intel_th: pci: Add Granite Rapids support (Alexander Shishkin) - dmaengine: axi-dmac: fix possible race in remove() (Nuno Sa) - PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id (Rick Wertenbroek) - ocfs2: fix races between hole punching and AIO+DIO (Su Yue) [Orabug: 36835816] {CVE-2024-40943} - ocfs2: use coarse time for new created files (Su Yue) - fs/proc: fix softlockup in __read_vmcore (Rik van Riel) - knfsd: LOOKUP can return an illegal error value (Trond Myklebust) - spmi: hisi-spmi-controller: Do not override device identifier (Vamshi Gajjela) - vmci: prevent speculation leaks by sanitizing event in event_deliver() (Hagar Gamal Halim Hemdan) [Orabug: 36835581] {CVE-2024-39499} - sock_map: avoid race between sock_map_close and sk_psock_put (Thadeu Lima de Souza Cascardo) [Orabug: 36835586] {CVE-2024-39500} - null_blk: Print correct max open zones limit in null_init_zoned_dev() (Damien Le Moal) - tracing/selftests: Fix kprobe event name test for .isra. functions (Steven Rostedt (Google)) - mptcp: ensure snd_una is properly initialized on connect (Paolo Abeni) [Orabug: 36835783] {CVE-2024-40931} - drm/exynos/vidi: fix memory leak in .get_modes() (Jani Nikula) [Orabug: 36835785] {CVE-2024-40932} - drivers: core: synchronize really_probe() and dev_uevent() (Dirk Behme) [Orabug: 36835588] {CVE-2024-39501} - iio: imu: inv_icm42600: delete unneeded update watermark call (Jean-Baptiste Maneyrol) - iio: dac: ad5592r: fix temperature channel scaling value (Marc Ferland) - iio: adc: ad9467: fix scan type sign (David Lechner) - af_unix: Read with MSG_PEEK loops if the first unread byte is OOB (Rao Shoaib) - ionic: fix use after netif_napi_del() (Taehee Yoo) [Orabug: 36835594] {CVE-2024-39502} - net/ipv6: Fix the RT cache flush via sysctl using a previous delay (Petr Pavlu) - net: stmmac: replace priv->speed with the portTransmitRate from the tc-cbs parameters (Xiaolei Wang) - net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets (Gal Pressman) - tcp: fix race in tcp_v6_syn_recv_sock() (Eric Dumazet) - drm/bridge/panel: Fix runtime warning on panel bridge release (Adam Miotk) - drm/komeda: check for error-valued pointer (Amjad Ouled-Ameur) [Orabug: 36835673] {CVE-2024-39505} - liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet (Aleksandr Mishin) [Orabug: 36835676] {CVE-2024-39506} - net: hns3: add cond_resched() to hns3 ring buffer init process (Jie Wang) - net: hns3: fix kernel crash problem in concurrent scenario (Yonglong Liu) [Orabug: 36835679] {CVE-2024-39507} - net: sfp: Always call sfp_sm_mod_remove() on remove (Csokas, Bence) - drm/vmwgfx: 3D disabled should not effect STDU memory limits (Ian Forbes) - HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() (Jose Exposito) [Orabug: 36835792] {CVE-2024-40934} - iommu: Return right value in iommu_sva_bind_device() (Lu Baolu) [Orabug: 36835823] {CVE-2024-40945} - iommu/amd: Fix sysfs leak in iommu init (Kun(llfl)) - iommu/amd: Introduce pci segment structure (Vasant Hegde) - HID: core: remove unnecessary WARN_ON() in implement() (Nikita Zhandarovich) [Orabug: 36835688] {CVE-2024-39509} - gpio: tqmx86: store IRQ trigger type and unmask status separately (Matthias Schiffer) - gpio: tqmx86: fix typo in Kconfig label (Gregor Herburger) - platform/x86: dell-smbios: Fix wrong token data in sysfs (Armin Wolf) - platform/x86: dell-smbios-base: Use sysfs_emit() (ye xingchen) - SUNRPC: return proper error from gss_wrap_req_priv (Chen Hanxiao) - clk: sifive: Do not register clkdevs for PRCI clocks (Samuel Holland) - Input: try trimming too long modalias strings (Dmitry Torokhov) - powerpc/uaccess: Fix build errors seen with GCC 13/14 (Michael Ellerman) - scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (Breno Leitao) [Orabug: 36835695] {CVE-2024-40901} - xhci: Apply broken streams quirk to Etron EJ188 xHCI host (Kuangyi Chiang) - xhci: Handle TD clearing for multiple streams case (Hector Martin) [Orabug: 36835772] {CVE-2024-40927} - xhci: Apply reset resume quirk to Etron EJ188 xHCI host (Kuangyi Chiang) - xhci: Set correct transferred length for cancelled bulk transfers (Mathias Nyman) - jfs: xattr: fix buffer overflow for invalid xattr (Greg Kroah-Hartman) [Orabug: 36835700] {CVE-2024-40902} - mei: me: release irq in mei_me_pci_resume error path (Tomas Winkler) - usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state (Kyle Tso) - USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (Alan Stern) [Orabug: 36835708] {CVE-2024-40904} - nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors (Ryusuke Konishi) [Orabug: 36774645] {CVE-2024-39469} - nilfs2: return the mapped address from nilfs_get_page() (Matthew Wilcox (Oracle)) - nilfs2: Remove check for PageError (Matthew Wilcox (Oracle)) - btrfs: fix leak of qgroup extent records after transaction abort (Filipe Manana) - wifi: ath10k: fix QCOM_RPROC_COMMON dependency (Dmitry Baryshkov) - selftests/mm: compaction_test: fix bogus test success on Aarch64 (Dev Jain) - selftests/mm: conform test to TAP format output (Muhammad Usama Anjum) - selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages (Dev Jain) - mm/cma: drop incorrect alignment check in cma_init_reserved_mem (Frank van der Linden) - cma: factor out minimum alignment requirement (David Hildenbrand) - i2c: acpi: Unbind mux adapters before delete (Hamish Martin) [Orabug: 36774617] {CVE-2024-39362} - i2c: add fwnode APIs (Russell King (Oracle)) - mmc: davinci: Don't strip remove function when driver is builtin (Uwe Kleine-Konig) [Orabug: 36809300] {CVE-2024-39484} - mmc: davinci_mmc: Convert to platform remove callback returning void (Yangtao Li) - ftrace: Fix possible use-after-free issue in ftrace_location() (Zheng Yejian) [Orabug: 36753573] {CVE-2024-38588} - x86/ibt,ftrace: Search for __fentry__ location (Peter Zijlstra) - serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler (Hugo Villeneuve) - serial: sc16is7xx: replace hardcoded divisor value with BIT() macro (Hugo Villeneuve) - Bluetooth: qca: fix info leak when fetching fw build id (Johan Hovold) [Orabug: 36683103] {CVE-2024-36032} - Bluetooth: qca: add support for QCA2066 (Tim Jiang) - Bluetooth: qca: use switch case for soc type behavior (Neil Armstrong) - Bluetooth: btqca: Add WCN3988 support (Luca Weiss) - Bluetooth: btqca: use le32_to_cpu for ver.soc_id (Min-Hua Chen) - Bluetooth: hci_qca: mark OF related data as maybe unused (Krzysztof Kozlowski) - skbuff: introduce skb_pull_data (Luiz Augusto von Dentz) - misc/pvpanic-pci: register attributes via pci_driver (Thomas Weissschuh) - misc/pvpanic: deduplicate common code (Thomas Weissschuh) - pvpanic: Indentation fixes here and there (Andy Shevchenko) - pvpanic: Keep single style across modules (Andy Shevchenko) - drm/amd/display: Fix incorrect DSC instance for MST (Hersen Wu) - drm/amd/display: drop unnecessary NULL checks in debugfs (Alexey Kodanev) - drm/amd/display: Clean up some inconsistent indenting (Jiapeng Chong) - drm/amd/display: Handle Y carry-over in VCP X.Y calculation (George Shen) - iio: accel: mxc4005: Reset chip on probe() and resume() (Hans de Goede) - usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (Wesley Cheng) [Orabug: 36683254] {CVE-2024-36894} - usb: gadget: f_fs: use io_data->status consistently (John Keeping) - ipv6: fix possible race in __fib6_drop_pcpu_from() (Eric Dumazet) [Orabug: 36835713] {CVE-2024-40905} - af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill(). (Kuniyuki Iwashima) - af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen(). (Kuniyuki Iwashima) - af_unix: Use skb_queue_empty_lockless() in unix_release_sock(). (Kuniyuki Iwashima) - af_unix: annotate lockless accesses to sk->sk_err (Eric Dumazet) - af_unix: Use unix_recvq_full_lockless() in unix_stream_connect(). (Kuniyuki Iwashima) - af_unix: Annotate data-race of net->unx.sysctl_max_dgram_qlen. (Kuniyuki Iwashima) - af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG. (Kuniyuki Iwashima) - af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb(). (Kuniyuki Iwashima) - af_unix: Annotate data-races around sk->sk_state in sendmsg() and recvmsg(). (Kuniyuki Iwashima) - af_unix: Annotate data-race of sk->sk_state in unix_stream_connect(). (Kuniyuki Iwashima) - af_unix: Annotate data-races around sk->sk_state in unix_write_space() and poll(). (Kuniyuki Iwashima) - af_unix: Annotate data-race of sk->sk_state in unix_inq_len(). (Kuniyuki Iwashima) - af_unix: Annodate data-races around sk->sk_state for writers. (Kuniyuki Iwashima) - af_unix: Set sk->sk_state under unix_state_lock() for truly disconencted peer. (Kuniyuki Iwashima) - ptp: Fix error message on failed pin verification (Karol Kolacinski) - net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (Eric Dumazet) [Orabug: 36748168] {CVE-2024-36974} - tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (Jason Xing) - net: sched: sch_multiq: fix possible OOB write in multiq_tune() (Hangyu Hua) [Orabug: 36748175] {CVE-2024-36978} - octeontx2-af: Always allocate PF entries from low prioriy zone (Subbaraya Sundeep) - bpf: Set run context for rawtp test_run callback (Jiri Olsa) [Orabug: 36835722] {CVE-2024-40908} - ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (Eric Dumazet) - net/ncsi: Fix the multi thread manner of NCSI driver (DelphineCCChiu) - net/ncsi: Simplify Kconfig/dts control flow (Peter Delevoryas) - wifi: mac80211: correctly parse Spatial Reuse Parameter Set element (Lingbo Kong) - wifi: iwlwifi: mvm: don't read past the mfuart notifcation (Emmanuel Grumbach) [Orabug: 36835807] {CVE-2024-40941} - wifi: iwlwifi: mvm: check n_ssids before accessing the ssids (Miri Korenblit) [Orabug: 36835779] {CVE-2024-40929} - wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef (Shahar S Matityahu) - wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 (Johannes Berg) - wifi: cfg80211: pmsr: use correct nla_get_uX functions (Lin Ma) - wifi: cfg80211: Lock wiphy in cfg80211_get_station (Remi Pommarel) [Orabug: 36835729] {CVE-2024-40911} - wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() (Remi Pommarel) [Orabug: 36835734] {CVE-2024-40912} - wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects (Nicolas Escande) [Orabug: 36835811] {CVE-2024-40942} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-40911 CVE-2024-40947 CVE-2024-40978 CVE-2024-40981 CVE-2024-41027 CVE-2024-42070 CVE-2024-42090 CVE-2024-42153 CVE-2024-42092 CVE-2024-42095 CVE-2024-40908 CVE-2024-40942 CVE-2024-40961 CVE-2024-41041 CVE-2024-41046 CVE-2024-42247 CVE-2024-40927 CVE-2024-40974 CVE-2024-42087 CVE-2024-42093 CVE-2024-39502 CVE-2024-39507 CVE-2024-40934 CVE-2024-40968 CVE-2024-40988 CVE-2024-41002 CVE-2024-41087 CVE-2024-42068 CVE-2024-42098 CVE-2024-42131 CVE-2024-40945 CVE-2024-40904 CVE-2024-41005 CVE-2024-41034 CVE-2024-42089 CVE-2024-39362 CVE-2024-40912 CVE-2024-41097 CVE-2024-42082 CVE-2024-42244 CVE-2022-3567 CVE-2024-40958 CVE-2024-36978 CVE-2024-40987 CVE-2024-40995 CVE-2024-42096 CVE-2024-42109 CVE-2024-36974 CVE-2024-39487 CVE-2024-41006 CVE-2024-39500 CVE-2024-39505 CVE-2024-42121 CVE-2024-36894 CVE-2024-40902 CVE-2022-3566 CVE-2024-36033 CVE-2024-36484 CVE-2024-38619 CVE-2024-40937 CVE-2024-41035 CVE-2024-42094 CVE-2024-41049 CVE-2024-42097 CVE-2024-42105 CVE-2024-42143 CVE-2024-39482 CVE-2024-36032 CVE-2024-42148 CVE-2024-42161 CVE-2024-41089 CVE-2024-42103 CVE-2024-40914 CVE-2024-40990 CVE-2024-39484 CVE-2024-41093 CVE-2024-38588 CVE-2024-40905 CVE-2024-40957 CVE-2024-42152 CVE-2024-40929 CVE-2024-40971 CVE-2024-40993 CVE-2024-42225 CVE-2024-42232 CVE-2024-42236 CVE-2024-41048 CVE-2024-36901 CVE-2024-42154 CVE-2024-39509 CVE-2024-40931 CVE-2024-40959 CVE-2024-40963 CVE-2024-41040 CVE-2024-41047 CVE-2024-40941 CVE-2024-40960 CVE-2024-42069 CVE-2024-42101 CVE-2024-42104 CVE-2024-42115 CVE-2024-42106 CVE-2024-39495 CVE-2024-42119 CVE-2024-42224 CVE-2024-39468 CVE-2024-42124 CVE-2024-40901 CVE-2024-39469 CVE-2024-40943 CVE-2024-42140 CVE-2024-40970 CVE-2024-40980 CVE-2024-40994 CVE-2024-40967 CVE-2024-42116 CVE-2024-42080 CVE-2024-42157 CVE-2024-40932 CVE-2024-39499 CVE-2024-41092 CVE-2024-42076 CVE-2024-42137 CVE-2024-40976 CVE-2024-41044 CVE-2024-40983 CVE-2024-42229 CVE-2024-41007 CVE-2024-41095 CVE-2024-42120 CVE-2024-42223 CVE-2024-42086 CVE-2024-42145 CVE-2024-40956 CVE-2024-37078 CVE-2024-39506 CVE-2024-39501 CVE-2024-41000 CVE-2024-42077 CVE-2024-42085 CVE-2024-42127 CVE-2024-42130 CVE-2024-42084 cpe:/a:oracle:linux:8::UEKR7 cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:8::developer_UEKR7 cpe:/a:oracle:linux:9::UEKR7 cpe:/o:oracle:linux:9:4:baseos_patch cpe:/a:oracle:linux:9::developer_UEKR7 Oracle Linux 9 libvirt [9.0.0-6.el9] - rpc: ensure temporary GSource is removed from client event loop (Daniel P. Berrange) [Orabug: 36821472] {CVE-2024-4418} - rpc: Don't warn about 'max_client_requests' in single-threaded daemons (Peter Krempa) [Orabug: 36422853] libvirt-python [9.0.0-6.el9] - Update to libvirt 9.0.0-6 (Karl Heubaum) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-4418 cpe:/a:oracle:linux:9::kvm_utils Oracle Linux 9 [7.2.0-15.el9] - migration: abort on destination if switchover limit exceeded (Elena Ufimtseva) - migration: introduce strict switchover SLA (Elena Ufimtseva) - migration: add error to MigrationIncomingState (Elena Ufimtseva) - migration: Set migration status early in incoming side (Fabiano Rosas) - tests/qtest: migration: Use migrate_incoming_qmp where appropriate (Fabiano Rosas) - tests/qtest: migration: Add migrate_incoming_qmp helper (Fabiano Rosas) - tests/qtest: migration: Expose migrate_set_capability (Fabiano Rosas) - vfio/migration: Multifd device state transfer support - send side (Maciej S. Szmigiero) - vfio/migration: Add x-orcl-migration-multifd-transfer VFIO property (Maciej S. Szmigiero) - vfio/migration: Multifd device state transfer support - receive side (Maciej S. Szmigiero) - migration/multifd: Add migration_has_device_state_support() (Maciej S. Szmigiero) - migration/multifd: Device state transfer support - send side (Maciej S. Szmigiero) - migration/multifd: Convert multifd_send_pages::next_channel to atomic (Maciej S. Szmigiero) - migration/multifd: Device state transfer support - receive side (Maciej S. Szmigiero) - migration: Add load_finish handler and associated functions (Maciej S. Szmigiero) - migration: Add qemu_loadvm_load_state_buffer() and its handler (Maciej S. Szmigiero) - migration: Add save_live_complete_precopy_{begin,end} handlers (Maciej S. Szmigiero) - migration/multifd: Zero p->flags before starting filling a packet (Maciej S. Szmigiero) - migration/ram: Add load start trace event (Maciej S. Szmigiero) - vfio/migration: Add save_{iterate,complete_precopy}_started trace events (Maciej S. Szmigiero) - hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs (Philippe Mathieu-Daude) [Orabug: 36869694] {CVE-2024-3446} - hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs (Philippe Mathieu-Daude) [Orabug: 36869694] {CVE-2024-3446} - hw/display/virtio-gpu: Protect from DMA re-entrancy bugs (Philippe Mathieu-Daude) [Orabug: 36869694] {CVE-2024-3446} - hw/virtio: Introduce virtio_bh_new_guarded() helper (Philippe Mathieu-Daude) [Orabug: 36869694] {CVE-2024-3446} - pcie_sriov: Validate NumVFs (Akihiko Odaki) [Orabug: 36314082] {CVE-2024-26327} - hw/nvme: Use pcie_sriov_num_vfs() (Akihiko Odaki) [Orabug: 36314111] {CVE-2024-26328} - pcie: Introduce pcie_sriov_num_vfs (Akihiko Odaki) [Orabug: 36314111] {CVE-2024-26328} - qcow2: Don't open data_file with BDRV_O_NO_IO (Kevin Wolf) [Orabug: 36801853] {CVE-2024-4467} - target/i386: drop AMD machine check bits from Intel CPUID (Paolo Bonzini) [Orabug: 36785079] - target/i386: pass X86CPU to x86_cpu_get_supported_feature_word (Paolo Bonzini) [Orabug: 36785079] - migration: prevent migration when VM has poisoned memory (William Roche) [Orabug: 35533097] - i386: Add support for overflow recovery (John Allen) [Orabug: 34691766] - i386: Add support for SUCCOR feature (John Allen) [Orabug: 34691766] - i386: Fix MCE support for AMD hosts (John Allen) [Orabug: 34691766] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-26328 CVE-2024-26327 CVE-2024-3446 CVE-2024-4467 cpe:/a:oracle:linux:9::kvm_utils Oracle Linux 9 [3.0.7-28.0.1_fips] - Replace upstream references in fips man pages [Orabug: 35824276] - Add FIPS package change: add fips suffix to Release and set Epoch to 10 [Orabug: 35824276] - Update FIPS module name and remove upstream references from fips_module_indicators manpage [Orabug: 35824276] [3.0.7-28.0.1] - Drop OpenELA branding, apply Oracle branding patches - Enable openssl-fips-provider dependency [Orabug: 36504822] - Temporary disable openssl-fips-provider dependency [Orabug: 36504822] - Replace upstream references [Orabug: 34340177] [1:3.0.7-28] - Patch for CVE-2024-6119 Resolves: RHEL-55340 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-6119 cpe:/a:oracle:linux:9::u3_security_validation Oracle Linux 8 Oracle Linux 9 [5.15.0-300.163.18] - crypto: qat - specify firmware files for 402xx (Giovanni Cabiddu) [Orabug: 37044631] [5.15.0-300.163.17] - KVM/x86: Do not clear SIPI while in SMM (Boris Ostrovsky) [Orabug: 36955051] - Revert 'Fix userfaultfd_api to return EINVAL as expected' (Vijayendra Suman) [Orabug: 36992217] [5.15.0-300.163.16] - Revert 'bpf: Allow reads from uninit stack' (Vijayendra Suman) [Orabug: 36977604] - platform/x86/amd/hsmp: Check HSMP support on AMD family of processors (Suma Hegde) [Orabug: 36965024] - platform/x86/amd/hsmp: switch to use device_add_groups() (Greg Kroah-Hartman) [Orabug: 36965024] - platform/x86/amd/hsmp: Change devm_kzalloc() to devm_kcalloc() (Suma Hegde) [Orabug: 36965024] - platform/x86/amd/hsmp: Remove extra parenthesis and add a space (Suma Hegde) [Orabug: 36965024] - platform/x86/amd/hsmp: Check num_sockets against MAX_AMD_SOCKETS (Suma Hegde) [Orabug: 36965024] - platform/x86/amd/hsmp: Non-ACPI support for AMD F1A_M00~0Fh (Suma Hegde) [Orabug: 36965024] - platform/x86/amd/hsmp: Add support for ACPI based probing (Suma Hegde) [Orabug: 36965024] - platform/x86/amd/hsmp: Restructure sysfs group creation (Suma Hegde) [Orabug: 36965024] - platform/x86/amd/hsmp: Move dev from platdev to hsmp_socket (Suma Hegde) [Orabug: 36965024] - platform/x86/amd/hsmp: Define a struct to hold mailbox regs (Suma Hegde) [Orabug: 36965024] - platform/x86/amd/hsmp: Create static func to handle platdev (Suma Hegde) [Orabug: 36965024] - platform/x86/amd/hsmp: Cache pci_dev in struct hsmp_socket (Suma Hegde) [Orabug: 36965024] - platform/x86/amd/hsmp: Move hsmp_test to probe (Suma Hegde) [Orabug: 36965024] - uek-rpm/core-x86_64.list: Add amd_hsmp.ko in kernel-uek-core (Vijay Kumar) [Orabug: 36970850] - mtd: use refcount to prevent corruption (Tomas Winkler) [Orabug: 36975228] - mtd: core: clear out unregistered devices a bit more (Zev Weiss) [Orabug: 36975228] - mtd: core: Drop duplicate NULL checks around nvmem_unregister() (Andy Shevchenko) [Orabug: 36975228] - mtd: core: Fix refcount error in del_mtd_device() (Shang XiaoJing) [Orabug: 36975228] - mips: add pte_unmap() to balance pte_offset_map() (Hugh Dickins) [Orabug: 36975237] - selftests/vm: Fix build issue with pkey_sighandler_tests.c (Aruna Ramakrishna) [Orabug: 36976755] - Revert 'igb: free up irq resources in device shutdown path.' (Yifei Liu) [Orabug: 36948889] - Revert 'igb: fix __free_irq warnings seen during module unload.' (Yifei Liu) [Orabug: 36948889] - SUNRPC: Improve accuracy of socket ENOBUFS determination (Trond Myklebust) [Orabug: 36834328] - SUNRPC: Replace internal use of SOCKWQ_ASYNC_NOSPACE (Trond Myklebust) [Orabug: 36834328] - uek-rpm: mips: Disable CONFIG_CRYPTO_FIPS for kdump kernel (Dave Kleikamp) [Orabug: 36935921] - MIPS: Octeon: Add PCIe link status check (Dave Kleikamp) [Orabug: 36948261] - fwctl/mlx5: Add INTERNAL_DEV_RES uctx capability (Avihai Horon) [Orabug: 36863219] - uek-rpm: build the fwctl mlx5 driver on UEK (Qing Huang) [Orabug: 36466726] - fwctl: Adapt code for UEK7 (Mikhael Goikhman) [Orabug: 36466726] - taint: Add TAINT_FWCTL (Jason Gunthorpe) [Orabug: 36466726] - mm/slab: make __free(kfree) accept error pointers (Dan Carpenter) [Orabug: 36466726] - mlx5: Create an auxiliary device for fwctl_mlx5 (Saeed Mahameed) [Orabug: 36466726] - fwctl/mlx5: Support for communicating with mlx5 fw (Saeed Mahameed) [Orabug: 36466726] - fwctl: FWCTL_RPC to execute a Remote Procedure Call to device firmware (Jason Gunthorpe) [Orabug: 36466726] - fwctl: FWCTL_INFO to return basic information about the device (Jason Gunthorpe) [Orabug: 36466726] - fwctl: Basic ioctl dispatch for the character device (Jason Gunthorpe) [Orabug: 36466726] - fwctl: Add basic structure for a class subsystem with a cdev (Jason Gunthorpe) [Orabug: 36466726] - cleanup: Add conditional guard support (Peter Zijlstra) [Orabug: 36466726] - cleanup: Make no_free_ptr() __must_check (Peter Zijlstra) [Orabug: 36466726] - locking: Introduce __cleanup() based infrastructure (Peter Zijlstra) [Orabug: 36466726] - dmaengine: ioat: Free up __cleanup() name (Peter Zijlstra) [Orabug: 36466726] - container_of: Update header inclusions (Andy Shevchenko) [Orabug: 36466726] - container_of: add container_of_const() that preserves const-ness of the pointer (Greg Kroah-Hartman) [Orabug: 36466726] - linux/container_of.h: Warn about loss of constness (Sakari Ailus) [Orabug: 36466726] - container_of: remove container_of_safe() (Greg Kroah-Hartman) [Orabug: 36466726] - dmaengine: ioat: Fix spelling mistake 'idel' -> 'idle' (Colin Ian King) [Orabug: 36466726] - preempt: Provide preempt_[dis|en]able_nested() (Thomas Gleixner) [Orabug: 36466726] - locking: Detect includes rwlock.h outside of spinlock.h (Sebastian Andrzej Siewior) [Orabug: 36466726] - tracepoint: Allow trace events in modules with TAINT_TEST (Alison Schofield) [Orabug: 36466726] - panic: Taint kernel if tests are run (David Gow) [Orabug: 36466726] - linux/container_of.h: switch to static_assert (Rasmus Villemoes) [Orabug: 36466726] - kernel.h: split out container_of() and typeof_member() macros (Andy Shevchenko) [Orabug: 36466726] - uek-rpm: add CONFIG_NETDEVSIM=m build flag (Qing Huang) [Orabug: 36836285] - Revert 'net: netdevsim: use mock PHC driver' (Qing Huang) [Orabug: 36836285] - Revert 'net: netdevsim: mimic tc-taprio offload' (Qing Huang) [Orabug: 36836285] - Revert 'net: netdevsim: don't try to destroy PHC on VFs' (Qing Huang) [Orabug: 36836285] - xfrm: call xfrm_dev_policy_delete when kill policy (Jianbo Liu) [Orabug: 36848687] - xfrm: fix netdev reference count imbalance (Jianbo Liu) [Orabug: 36848687] - xfrm: don't skip free of empty state in acquire policy (Leon Romanovsky) [Orabug: 36848687] - xfrm: delete offloaded policy (Leon Romanovsky) [Orabug: 36848687] - Revert 'arch/arm64/boot/dts: psci support' (Joe Dobosenski) [Orabug: 36911826] - uek-rpm: mips: Config changes for fips (Dave Kleikamp) [Orabug: 36912607] - uek-rpm: Fix a missing closing parenthesis in spec file (Harshit Mogalapalli) [Orabug: 36899944] - scsi: mpt3sas: Avoid possible run-time warning with long manufacturer strings (Kees Cook) [Orabug: 36892249] - uek-rpm: Enable CONFIG_GNSS for GNSS receiver support (Harshvardhan Jha) [Orabug: 36741354] - uek-rpm: Move ieee802154.ko out of extras, it is in core already (Harshit Mogalapalli) [Orabug: 36769995] - tools/power/turbostat: Add initial support for GraniteRapids (Zhang Rui) [Orabug: 36812907] - perf/x86/cstate: Add Granite Rapids support (Artem Bityutskiy) [Orabug: 36812907] - perf/x86/intel: Add Granite Rapids (Kan Liang) [Orabug: 36812907] - ACPI: APEI: EINJ: Add CXL error types (Tony Luck) [Orabug: 36812907] - ACPI: APEI: EINJ: Refactor available_error_type_show() (Thomas Tai) [Orabug: 36812907] - KVM: x86: Advertise PREFETCHIT0/1 CPUID to user space (Jiaxi Chen) [Orabug: 36812907] - ntb: intel: add GNR support for Intel PCIe gen5 NTB (Dave Jiang) [Orabug: 36812907] - scsi: mpi3mr: Driver version update (Sumit Saxena) [Orabug: 36822033] - scsi: mpi3mr: Prevent PCI writes from driver during PCI error recovery (Sumit Saxena) [Orabug: 36822033] - scsi: mpi3mr: Support PCI Error Recovery callback handlers (Sumit Saxena) [Orabug: 36822033] - scsi: mpi3mr: Correct a test in mpi3mr_sas_port_add() (Tomas Henzl) [Orabug: 36822033] - scsi: mpi3mr: Update driver version to 8.9.1.0.50 (Ranjan Kumar) [Orabug: 36822033] - scsi: mpi3mr: Add ioctl support for HDB (Ranjan Kumar) [Orabug: 36822033] - scsi: mpi3mr: Trigger support (Ranjan Kumar) [Orabug: 36822033] - scsi: mpi3mr: HDB allocation and posting for hardware and firmware buffers (Ranjan Kumar) [Orabug: 36822033] - scsi: mpi3mr: Sanitise num_phys (Tomas Henzl) [Orabug: 36822033] - scsi: mpi3mr: Driver version update to 8.8.1.0.50 (Ranjan Kumar) [Orabug: 36822033] - scsi: mpi3mr: Update MPI Headers to revision 31 (Ranjan Kumar) [Orabug: 36822033] - scsi: mpi3mr: Debug ability improvements (Ranjan Kumar) [Orabug: 36822033] - scsi: mpi3mr: Set the WriteSame Divert Capability in the IOCInit MPI Request (Ranjan Kumar) [Orabug: 36822033] - scsi: mpi3mr: Clear ioctl blocking flag for an unresponsive controller (Ranjan Kumar) [Orabug: 36822033] - scsi: mpi3mr: Set MPI request flags appropriately (Ranjan Kumar) [Orabug: 36822033] - scsi: mpi3mr: Block devices are not removed even when VDs are offlined (Ranjan Kumar) [Orabug: 36822033] - scsi: mpi3mr: Avoid memcpy field-spanning write WARNING (Shin'ichiro Kawasaki) [Orabug: 36822033] - scsi: mpi3mr: Replace deprecated strncpy() with assignments (Justin Stitt) [Orabug: 36822033] - scsi: mpi3mr: Reduce stack usage in mpi3mr_refresh_sas_ports() (Arnd Bergmann) [Orabug: 36822033] - scsi: mpi3mr: Use ida to manage mrioc ID (Guixin Liu) [Orabug: 36822033] - scsi: mpi3mr: Fix mpi3mr_fw.c kernel-doc warnings (Randy Dunlap) [Orabug: 36822033] - scsi: mpi3mr: Fix printk() format strings (Arnd Bergmann) [Orabug: 36822033] - scsi: mpi3mr: Update driver version to 8.5.1.0.0 (Chandrakanth patil) [Orabug: 36822033] - scsi: mpi3mr: Support for preallocation of SGL BSG data buffers part-3 (Chandrakanth patil) [Orabug: 36822033] - scsi: mpi3mr: Support for preallocation of SGL BSG data buffers part-2 (Chandrakanth patil) [Orabug: 36822033] - scsi: mpi3mr: Support for preallocation of SGL BSG data buffers part-1 (Chandrakanth patil) [Orabug: 36822033] - scsi: mpi3mr: Fetch correct device dev handle for status reply descriptor (Chandrakanth patil) [Orabug: 36822033] - scsi: mpi3mr: Block PEL Enable Command on Controller Reset and Unrecoverable State (Chandrakanth patil) [Orabug: 36822033] - scsi: mpi3mr: Clean up block devices post controller reset (Chandrakanth patil) [Orabug: 36822033] - scsi: mpi3mr: driver version upgrade to 8.5.0.0.50 (Sumit Saxena) [Orabug: 36822033] - scsi: mpi3mr: Add support for status reply descriptor (Sumit Saxena) [Orabug: 36822033] - scsi: mpi3mr: Increase maximum number of PHYs to 64 from 32 (Sumit Saxena) [Orabug: 36822033] - scsi: mpi3mr: Add PCI checks where SAS5116 diverges from SAS4116 (Sumit Saxena) [Orabug: 36822033] - scsi: mpi3mr: Add support for SAS5116 PCI IDs (Sumit Saxena) [Orabug: 36822033] - scsi: mpi3mr: Split off bus_reset function from host_reset (Hannes Reinecke) [Orabug: 36822033] - bnxt_en: Make PTP timestamp HWRM more silent (Breno Leitao) [Orabug: 36826374] - bnxt_en: Fix possible crash after creating sw mqprio TCs (Michael Chan) [Orabug: 36826374] - bnxt_en: Fix RSS table entries calculation for P5_PLUS chips (Michael Chan) [Orabug: 36826374] - bnxt_en: Fix memory leak in bnxt_hwrm_get_rings() (Michael Chan) [Orabug: 36826374] - bnxt_en: Make PTP TX timestamp HWRM query silent (Pavan Chebbi) [Orabug: 36826374] - bnxt_en: Skip nic close/open when configuring tstamp filters (Pavan Chebbi) [Orabug: 36826374] - bnxt_en: add rx_filter_miss extended stats (Damodharam Ammepalli) [Orabug: 36826374] - bnxt_en: Configure UDP tunnel TPA (Michael Chan) [Orabug: 36826374] - bnxt_en: Add support for VXLAN GPE (Michael Chan) [Orabug: 36826374] - bnxt_en: Use proper TUNNEL_DST_PORT_ALLOC* commands (Michael Chan) [Orabug: 36826374] - bnxt_en: Support TX coalesced completion on 5760X chips (Michael Chan) [Orabug: 36826374] - bnxt_en: Prevent TX timeout with a very small TX ring (Michael Chan) [Orabug: 36826374] - bnxt_en: Fix TX ring indexing logic (Michael Chan) [Orabug: 36826374] - bnxt_en: Fix AGG ring check logic in bnxt_check_rings() (Somnath Kotur) [Orabug: 36826374] - bnxt_en: Fix trimming of P5 RX and TX rings (Michael Chan) [Orabug: 36826374] - bnxt_en: Fix HWTSTAMP_FILTER_ALL packet timestamp logic (Michael Chan) [Orabug: 36826374] - bnxt_en: Fix wrong return value check in bnxt_close_nic() (Kalesh AP) [Orabug: 36826374] - bnxt_en: Fix skb recycling logic in bnxt_deliver_skb() (Sreekanth Reddy) [Orabug: 36826374] - bnxt_en: Clear resource reservation during resume (Somnath Kotur) [Orabug: 36826374] - bnxt_en: Add 5760X (P7) PCI IDs (Michael Chan) [Orabug: 36826374] - bnxt_en: Report the new ethtool link modes in the new firmware interface (Michael Chan) [Orabug: 36826374] - bnxt_en: Support force speed using the new HWRM fields (Michael Chan) [Orabug: 36826374] - bnxt_en: Support new firmware link parameters (Michael Chan) [Orabug: 36826374] - bnxt_en: Refactor ethtool speeds logic (Michael Chan) [Orabug: 36826374] - bnxt_en: Add support for new RX and TPA_START completion types for P7 (Michael Chan) [Orabug: 36826374] - bnxt_en: Refactor and refine bnxt_tpa_start() and bnxt_tpa_end(). (Michael Chan) [Orabug: 36826374] - bnxt_en: Refactor RX VLAN acceleration logic. (Michael Chan) [Orabug: 36826374] - bnxt_en: Add new P7 hardware interface definitions (Michael Chan) [Orabug: 36826374] - bnxt_en: Refactor RSS capability fields (Ajit Khaparde) [Orabug: 36826374] - bnxt_en: Implement the new toggle bit doorbell mechanism on P7 chips (Michael Chan) [Orabug: 36826374] - bnxt_en: Consolidate DB offset calculation (Hongguang Gao) [Orabug: 36826374] - bnxt_en: Define basic P7 macros (Michael Chan) [Orabug: 36826374] - bnxt_en: Update firmware interface to 1.10.3.15 (Michael Chan) [Orabug: 36826374] - bnxt_en: Update HW interface headers (Chandramohan Akula) [Orabug: 36826374] - bnxt_en: Fix backing store V2 logic (Michael Chan) [Orabug: 36826374] - bnxt_en: Rename some macros for the P5 chips (Randy Schacher) [Orabug: 36826374] - bnxt_en: Modify the NAPI logic for the new P7 chips (Michael Chan) [Orabug: 36826374] - bnxt_en: Modify RX ring indexing logic. (Michael Chan) [Orabug: 36826374] - bnxt_en: Modify TX ring indexing logic. (Michael Chan) [Orabug: 36826374] - bnxt_en: Add db_ring_mask and related macro to bnxt_db_info struct. (Michael Chan) [Orabug: 36826374] - bnxt_en: Add support for HWRM_FUNC_BACKING_STORE_CFG_V2 firmware calls (Michael Chan) [Orabug: 36826374] - bnxt_en: Add support for new backing store query firmware API (Michael Chan) [Orabug: 36826374] - bnxt_en: Add bnxt_setup_ctxm_pg_tbls() helper function (Michael Chan) [Orabug: 36826374] - bnxt_en: Use the pg_info field in bnxt_ctx_mem_type struct (Michael Chan) [Orabug: 36826374] - bnxt_en: Add page info to struct bnxt_ctx_mem_type (Michael Chan) [Orabug: 36826374] - bnxt_en: Restructure context memory data structures (Michael Chan) [Orabug: 36826374] - bnxt_en: Free bp->ctx inside bnxt_free_ctx_mem() (Michael Chan) [Orabug: 36826374] - bnxt_en: The caller of bnxt_alloc_ctx_mem() should always free bp->ctx (Michael Chan) [Orabug: 36826374] - bnxt_en: Optimize xmit_more TX path (Michael Chan) [Orabug: 36826374] - bnxt_en: Use existing MSIX vectors for all mqprio TX rings (Michael Chan) [Orabug: 36826374] - bnxt_en: Add macros related to TC and TX rings (Michael Chan) [Orabug: 36826374] - bnxt_en: Add helper to get the number of CP rings required for TX rings (Michael Chan) [Orabug: 36826374] - bnxt_en: Support up to 8 TX rings per MSIX (Michael Chan) [Orabug: 36826374] - bnxt_en: Refactor bnxt_hwrm_set_coal() (Michael Chan) [Orabug: 36826374] - bnxt_en: New encoding for the TX opaque field (Michael Chan) [Orabug: 36826374] - bnxt_en: Refactor bnxt_tx_int() (Michael Chan) [Orabug: 36826374] - bnxt_en: Remove BNXT_RX_HDL and BNXT_TX_HDL (Michael Chan) [Orabug: 36826374] - bnxt_en: Add completion ring pointer in TX and RX ring structures (Michael Chan) [Orabug: 36826374] - bnxt_en: Restructure cp_ring_arr in struct bnxt_cp_ring_info (Michael Chan) [Orabug: 36826374] - bnxt_en: Add completion ring pointer in TX and RX ring structures (Michael Chan) [Orabug: 36826374] - bnxt_en: Put the TX producer information in the TX BD opaque field (Michael Chan) [Orabug: 36826374] - bnxt_en: Fix 2 stray ethtool -S counters (Michael Chan) [Orabug: 36826374] - bnxt_en: extend media types to supported and autoneg modes (Edwin Peer) [Orabug: 36826374] - bnxt_en: convert to linkmode_set_bit() API (Edwin Peer) [Orabug: 36826374] - bnxt_en: Refactor NRZ/PAM4 link speed related logic (Michael Chan) [Orabug: 36826374] - bnxt_en: refactor speed independent ethtool modes (Edwin Peer) [Orabug: 36826374] - bnxt_en: support lane configuration via ethtool (Edwin Peer) [Orabug: 36826374] - bnxt_en: add infrastructure to lookup ethtool link mode (Edwin Peer) [Orabug: 36826374] - eth: bnxt: take the bit to set as argument of bnxt_queue_sp_work() (Saeed Mirzamohammadi) [Orabug: 36826374] - eth: bnxt: move and rename reset helpers (Jakub Kicinski) [Orabug: 36826374] - bnxt_en: use dev_consume_skb_any() in bnxt_tx_int (Menglong Dong) [Orabug: 36826374] - bnxt_en: Link representors to PCI device (Ivan Vecera) [Orabug: 36826374] - bnxt_en: Prevent kernel panic when receiving unexpected PHC_UPDATE event (Pavan Chebbi) [Orabug: 36826374] - bnxt_en: Skip firmware fatal error recovery if chip is not accessible (Vikas Gupta) [Orabug: 36826374] - bnxt_en: Fix bnxt_hwrm_update_rss_hash_cfg() (Pavan Chebbi) [Orabug: 36826374] - bnxt_en: introduce initial link state of unknown (Edwin Peer) [Orabug: 36826374] - bnxt_en: Fix invoking hwmon_notify_event (Kalesh AP) [Orabug: 36826374] - bnxt_en: Do not call sleeping hwmon_notify_event() from NAPI (Kalesh AP) [Orabug: 36826374] - bnxt_en: devlink health: use retained error fmsg API (Przemek Kitszel) [Orabug: 36826374] - eth: bnxt: fix backward compatibility with older devices (Jakub Kicinski) [Orabug: 36826374] - bnxt_en: Update VNIC resource calculation for VFs (Vikas Gupta) [Orabug: 36826374] - bnxt_en: Event handler for Thermal event (Kalesh AP) [Orabug: 36826374] - bnxt_en: Use non-standard attribute to expose shutdown temperature (Kalesh AP) [Orabug: 36826374] - bnxt_en: Expose threshold temperatures through hwmon (Kalesh AP) [Orabug: 36826374] - bnxt_en: Modify the driver to use hwmon_device_register_with_info (Kalesh AP) [Orabug: 36826374] - bnxt_en: Move hwmon functions into a dedicated file (Kalesh AP) [Orabug: 36826374] - bnxt_en: Enhance hwmon temperature reporting (Kalesh AP) [Orabug: 36826374] - bnxt_en: Update firmware interface to 1.10.2.171 (Michael Chan) [Orabug: 36826374] - bnxt: use the NAPI skb allocation cache (Jakub Kicinski) [Orabug: 36826374] - bnxt_en: Add tx_resets ring counter (Michael Chan) [Orabug: 36826374] - bnxt_en: Display the ring error counters under ethtool -S (Michael Chan) [Orabug: 36826374] - bnxt_en: Save ring error counters across reset (Michael Chan) [Orabug: 36826374] - bnxt_en: Increment rx_resets counter in bnxt_disable_napi() (Michael Chan) [Orabug: 36826374] - bnxt_en: Let the page pool manage the DMA mapping (Somnath Kotur) [Orabug: 36826374] - bnxt_en: Use the unified RX page pool buffers for XDP and non-XDP (Somnath Kotur) [Orabug: 36826374] - bnxt_en: Fix W=stringop-overflow warning in bnxt_dcb.c (Michael Chan) [Orabug: 36826374] - bnxt_en: Fix W=1 warning in bnxt_dcb.c from fortify memcpy() (Michael Chan) [Orabug: 36826374] - bnxt_en: Fix max_mtu setting for multi-buf XDP (Michael Chan) [Orabug: 36826374] - bnxt_en: Fix page pool logic for page size >= 64K (Somnath Kotur) [Orabug: 36826374] - bnxt: don't handle XDP in netpoll (Jakub Kicinski) [Orabug: 36826374] - bnxt: use READ_ONCE/WRITE_ONCE for ring indexes (Jakub Kicinski) [Orabug: 36826374] - eth: bnxt: fix warning for define in struct_group (Jakub Kicinski) [Orabug: 36826374] - eth: bnxt: fix one of the W=1 warnings about fortified memcpy() (Jakub Kicinski) [Orabug: 36826374] - bnxt_en: Use struct_group_attr() for memcpy() region (Kees Cook) [Orabug: 36826374] - bnxt_en: Share the bar0 address with the RoCE driver (Chandramohan Akula) [Orabug: 36826374] - RDMA/bnxt_re: Update HW interface headers (Selvin Xavier) [Orabug: 36826374] - bnxt: Enforce PTP software freq adjustments only when in non-RTC mode (Pavan Chebbi) [Orabug: 36826374] - bnxt: Defer PTP initialization to after querying function caps (Pavan Chebbi) [Orabug: 36826374] - bnxt: Change fw_cap to u64 to accommodate more capability bits (Pavan Chebbi) [Orabug: 36826374] - bnxt_en: reset PHC frequency in free-running mode (Vadim Fedorenko) [Orabug: 36826374] - bnxt_en: Fix the double free during device removal (Selvin Xavier) [Orabug: 36826374] - bnxt_en: Remove runtime interrupt vector allocation (Ajit Khaparde) [Orabug: 36826374] - RDMA/bnxt_re: Remove the sriov config callback (Ajit Khaparde) [Orabug: 36826374] - bnxt_en: Remove struct bnxt access from RoCE driver (Hongguang Gao) [Orabug: 36826374] - bnxt_en: Use auxiliary bus calls over proprietary calls (Ajit Khaparde) [Orabug: 36826374] - bnxt_en: Use direct API instead of indirection (Ajit Khaparde) [Orabug: 36826374] - bnxt_en: Remove usage of ulp_id (Ajit Khaparde) [Orabug: 36826374] - RDMA/bnxt_re: Use auxiliary driver interface (Ajit Khaparde) [Orabug: 36826374] - bnxt_en: Add auxiliary driver support (Ajit Khaparde) [Orabug: 36826374] - RDMA/bnxt_re: Use separate response buffer for stat_ctx_free (Edwin Peer) [Orabug: 36826374] - RDMA/bnxt_re: Use GFP_KERNEL in non atomic context (Selvin Xavier) [Orabug: 36826374] - bnxt: Do not read past the end of test names (Kees Cook) [Orabug: 36826374] - bnxt: report FEC block stats via standard interface (Jakub Kicinski) [Orabug: 36826374] - bnxt_en: fix the handling of PCIE-AER (Vikas Gupta) [Orabug: 36826374] - bnxt_en: refactor bnxt_cancel_reservations() (Vikas Gupta) [Orabug: 36826374] - bnxt_en: fix memory leak in bnxt_nvm_test() (Vikas Gupta) [Orabug: 36826374] - bnxt_en: Remove duplicated include bnxt_devlink.c (Yang Li) [Orabug: 36826374] - bnxt_en: implement callbacks for devlink selftests (vikas) [Orabug: 36826374] - bnxt_en: fix livepatch query (Vikas Gupta) [Orabug: 36826374] - bnxt_en: Do not destroy health reporters during reset (Edwin Peer) [Orabug: 36826374] - bnxt_en: Fix devlink fw_activate (Kalesh AP) [Orabug: 36826374] - bnxt_en: Restore the resets_reliable flag in bnxt_open() (Kalesh AP) [Orabug: 36826374] - bnxt_en: Fix compile error regression when CONFIG_BNXT_SRIOV is not set (Michael Chan) [Orabug: 36826374] - bnxt_en: fix format specifier in live patch error message (Edwin Peer) [Orabug: 36826374] - bnxt_en: extend RTNL to VF check in devlink driver_reinit (Edwin Peer) [Orabug: 36826374] - bnxt_en: avoid newline at end of message in NL_SET_ERR_MSG_MOD (Wan Jiabing) [Orabug: 36826374] - bnxt_en: Remove not used other ULP define (Leon Romanovsky) [Orabug: 36826374] - bnxt_en: Provide stored devlink 'fw' version on older firmware (Vikas Gupta) [Orabug: 36826374] - bnxt_en: implement firmware live patching (Edwin Peer) [Orabug: 36826374] - bnxt_en: implement dump callback for fw health reporter (Edwin Peer) [Orabug: 36826374] - bnxt_en: extract coredump command line from current task (Edwin Peer) [Orabug: 36826374] - bnxt_en: Retrieve coredump and crashdump size via FW command (Vasundhara Volam) [Orabug: 36826374] - bnxt_en: Add compression flags information in coredump segment header (Vasundhara Volam) [Orabug: 36826374] - bnxt_en: improve fw diagnose devlink health messages (Edwin Peer) [Orabug: 36826374] - bnxt_en: consolidate fw devlink health reporters (Edwin Peer) [Orabug: 36826374] - bnxt_en: remove fw_reset devlink health reporter (Edwin Peer) [Orabug: 36826374] - bnxt_en: improve error recovery information messages (Edwin Peer) [Orabug: 36826374] - bnxt_en: add enable_remote_dev_reset devlink parameter (Edwin Peer) [Orabug: 36826374] - bnxt_en: implement devlink dev reload fw_activate (Edwin Peer) [Orabug: 36826374] - bnxt_en: implement devlink dev reload driver_reinit (Edwin Peer) [Orabug: 36826374] - bnxt_en: improve firmware timeout messaging (Edwin Peer) [Orabug: 36826374] - bnxt_en: improve VF error messages when PF is unavailable (Edwin Peer) [Orabug: 36826374] - bnxt_en: add dynamic debug support for HWRM messages (Edwin Peer) [Orabug: 36826374] - bnxt_en: refactor cancellation of resource reservations (Edwin Peer) [Orabug: 36826374] - scsi: smartpqi: Replace deprecated strncpy() with strscpy() (Justin Stitt) [Orabug: 36837224] - scsi: smartpqi: Fix disable_managed_interrupts (Don Brace) [Orabug: 36837224] - scsi: smartpqi: Bump driver version to 2.1.26-030 (Don Brace) [Orabug: 36837224] - scsi: smartpqi: Fix logical volume rescan race condition (Mahesh Rajashekhara) [Orabug: 36837224] - scsi: smartpqi: Add new controller PCI IDs (David Strahan) [Orabug: 36837224] - scsi: smartpqi: Change driver version to 2.1.24-046 (Don Brace) [Orabug: 36837224] - scsi: smartpqi: Enhance error messages (Mahesh Rajashekhara) [Orabug: 36837224] - scsi: smartpqi: Enhance controller offline notification (David Strahan) [Orabug: 36837224] - scsi: smartpqi: Enhance shutdown notification (David Strahan) [Orabug: 36837224] - scsi: smartpqi: Simplify lun_number assignment (David Strahan) [Orabug: 36837224] - scsi: smartpqi: Rename pciinfo to pci_info (Kevin Barnett) [Orabug: 36837224] - scsi: smartpqi: Rename MACRO to clarify purpose (Kevin Barnett) [Orabug: 36837224] - scsi: smartpqi: Add abort handler (Kevin Barnett) [Orabug: 36837224] - scsi: smartpqi: Replace one-element arrays with flexible-array members (Gustavo A. R. Silva) [Orabug: 36837224] - scsi: smartpqi: Replace all non-returning strlcpy() with strscpy() (Azeem Shaikh) [Orabug: 36837224] - scsi: smartpqi: Update version to 2.1.22-040 (Don Brace) [Orabug: 36837224] - scsi: smartpqi: Update copyright to 2023 (Don Brace) [Orabug: 36837224] - scsi: smartpqi: Add sysfs entry for NUMA node in /sys/block/sdX/device (Don Brace) [Orabug: 36837224] - scsi: smartpqi: Stop sending driver-initiated TURs (Kevin Barnett) [Orabug: 36837224] - scsi: smartpqi: Fix byte aligned writew for ARM servers (Don Brace) [Orabug: 36837224] - scsi: smartpqi: Add support for RAID NCQ priority (Gilbert Wu) [Orabug: 36837224] - scsi: smartpqi: Validate block layer host tag (Murthy Bhat) [Orabug: 36837224] - scsi: smartpqi: Remove contention for raid_bypass_cnt (Mike McGowen) [Orabug: 36837224] - scsi: smartpqi: Fix rare SAS transport memory leak (Don Brace) [Orabug: 36837224] - scsi: smartpqi: Remove NULL pointer check (Kevin Barnett) [Orabug: 36837224] - scsi: smartpqi: Add new controller PCI IDs (David Strahan) [Orabug: 36837224] - scsi: smartpqi: Map full length of PCI BAR 0 (Mike McGowen) [Orabug: 36837224] - scsi: smartpqi: Replace one-element array with flexible-array member (Gustavo A. R. Silva) [Orabug: 36837224] - scsi: smartpqi: Change version to 2.1.20-035 (Don Brace) [Orabug: 36837224] - scsi: smartpqi: Initialize feature section info (Don Brace) [Orabug: 36837224] - scsi: smartpqi: Add controller cache flush during rmmod (Gilbert Wu) [Orabug: 36837224] - scsi: smartpqi: Correct device removal for multi-actuator devices (Kumar Meiyappan) [Orabug: 36837224] - scsi: smartpqi: Change sysfs raid_level attribute to N/A for controllers (Kevin Barnett) [Orabug: 36837224] - scsi: smartpqi: Correct max LUN number (Kevin Barnett) [Orabug: 36837224] - scsi: smartpqi: Add new controller PCI IDs (Mike McGowen) [Orabug: 36837224] - scsi: smartpqi: Convert to host_tagset (Don Brace) [Orabug: 36837224] - scsi: smartpqi: Update version to 2.1.18-045 (Don Brace) [Orabug: 36837224] - scsi: smartpqi: Update copyright to current year (Don Brace) [Orabug: 36837224] - scsi: smartpqi: Add ctrl ready timeout module parameter (Kevin Barnett) [Orabug: 36837224] - scsi: smartpqi: Update deleting a LUN via sysfs (Kevin Barnett) [Orabug: 36837224] - scsi: smartpqi: Add module param to disable managed ints (Mike McGowen) [Orabug: 36837224] - scsi: smartpqi: Fix RAID map race condition (Kevin Barnett) [Orabug: 36837224] - scsi: smartpqi: Stop logging spurious PQI reset failures (Kevin Barnett) [Orabug: 36837224] - scsi: smartpqi: Add PCI IDs for Lenovo controllers (Mike McGowen) [Orabug: 36837224] - scsi: smartpqi: Add PCI ID for Adaptec SmartHBA 2100-8i (Mike McGowen) [Orabug: 36837224] - scsi: smartpqi: Fix PCI control linkdown system hang (Sagar Biradar) [Orabug: 36837224] - scsi: smartpqi: Add driver support for multi-LUN devices (Kumar Meiyappan) [Orabug: 36837224] - scsi: smartpqi: Close write read holes (Mike McGowen) [Orabug: 36837224] - scsi: smartpqi: Add PCI IDs for ramaxel controllers (Murthy Bhat) [Orabug: 36837224] - scsi: smartpqi: Add controller fw version to console log (Gilbert Wu) [Orabug: 36837224] - scsi: smartpqi: Shorten drive visibility after removal (Mike McGowen) [Orabug: 36837224] - scsi: smartpqi: Fix typo in comment (Julia Lawall) [Orabug: 36837224] - scsi: smartpqi: Stop using the SCSI pointer (Bart Van Assche) [Orabug: 36837224] - scsi: smartpqi: Fix unused variable pqi_pm_ops for clang (Don Brace) [Orabug: 36837224] - scsi: smartpqi: Update version to 2.1.14-035 (Don Brace) [Orabug: 36837224] - scsi: smartpqi: Fix lsscsi -t SAS addresses (Kevin Barnett) [Orabug: 36837224] - scsi: smartpqi: Fix hibernate and suspend (Kevin Barnett) [Orabug: 36837224] - scsi: smartpqi: Fix BUILD_BUG_ON() statements (Mike McGowen) [Orabug: 36837224] - scsi: smartpqi: Fix NUMA node not updated during init (Mike McGowen) [Orabug: 36837224] - scsi: smartpqi: Expose SAS address for SATA drives (Kevin Barnett) [Orabug: 36837224] - scsi: smartpqi: Speed up RAID 10 sequential reads (Mike McGowen) [Orabug: 36837224] - scsi: smartpqi: Update volume size after expansion (Mahesh Rajashekhara) [Orabug: 36837224] - scsi: smartpqi: Avoid drive spin-down during suspend (Sagar Biradar) [Orabug: 36837224] - scsi: smartpqi: Resolve delay issue with PQI_HZ value (Balsundar P) [Orabug: 36837224] - scsi: smartpqi: Fix a typo in func pqi_aio_submit_io() (Kevin Barnett) [Orabug: 36837224] - scsi: smartpqi: Fix a name typo and cleanup code (Kevin Barnett) [Orabug: 36837224] - scsi: smartpqi: Quickly propagate path failures to SCSI midlayer (Murthy Bhat) [Orabug: 36837224] - scsi: smartpqi: Eliminate drive spin down on warm boot (Sagar Biradar) [Orabug: 36837224] - scsi: smartpqi: Enable SATA NCQ priority in sysfs (Gilbert Wu) [Orabug: 36837224] - scsi: smartpqi: Add PCI IDs (Don Brace) [Orabug: 36837224] - scsi: smartpqi: Fix rmmod stack trace (Don Brace) [Orabug: 36837224] - scsi: smartpqi: Call scsi_done() directly (Bart Van Assche) [Orabug: 36837224] - scsi: smartpqi: Update version to 2.1.12-055 (Don Brace) [Orabug: 36837224] - scsi: smartpqi: Add 3252-8i PCI id (Mike McGowen) [Orabug: 36837224] - scsi: smartpqi: Fix duplicate device nodes for tape changers (Kevin Barnett) [Orabug: 36837224] - scsi: smartpqi: Fix boot failure during LUN rebuild (Mike McGowen) [Orabug: 36837224] - scsi: smartpqi: Add extended report physical LUNs (Mike McGowen) [Orabug: 36837224] - scsi: smartpqi: Avoid failing I/Os for offline devices (Mahesh Rajashekhara) [Orabug: 36837224] - scsi: smartpqi: Add TEST UNIT READY check for SANITIZE operation (Don Brace) [Orabug: 36837224] - scsi: smartpqi: Update LUN reset handler (Kevin Barnett) [Orabug: 36837224] - scsi: smartpqi: Capture controller reason codes (Murthy Bhat) [Orabug: 36837224] - scsi: smartpqi: Update device removal management (Don Brace) [Orabug: 36837224] - scsi: qla2xxx: Convert comma to semicolon (Chen Ni) [Orabug: 36842785] - scsi: qla2xxx: Update version to 10.02.09.300-k (Nilesh Javali) [Orabug: 36842785] - scsi: qla2xxx: Avoid possible run-time warning with long model_num (Kees Cook) [Orabug: 36842785] - scsi: qla2xxx: Indent help text (Prasad Pandit) [Orabug: 36842785] - scsi: qla2xxx: Drop driver owner assignment (Krzysztof Kozlowski) [Orabug: 36842785] - scsi: qla2xxx: Use QP lock to search for bsg (Quinn Tran) [Orabug: 36842785] - scsi: qla2xxx: Reduce fabric scan duplicate code (Quinn Tran) [Orabug: 36842785] - scsi: qla2xxx: Fix optrom version displayed in FDMI (Shreyas Deodhar) [Orabug: 36842785] - scsi: qla2xxx: During vport delete send async logout explicitly (Manish Rangankar) [Orabug: 36842785] - scsi: qla2xxx: Complete command early within lock (Shreyas Deodhar) [Orabug: 36842785] - scsi: qla2xxx: Fix flash read failure (Quinn Tran) [Orabug: 36842785] - scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds (Saurav Kashyap) [Orabug: 36842785] - scsi: qla2xxx: Fix for possible memory corruption (Shreyas Deodhar) [Orabug: 36842785] - scsi: qla2xxx: validate nvme_local_port correctly (Nilesh Javali) [Orabug: 36842785] - scsi: qla2xxx: Unable to act on RSCN for port online (Quinn Tran) [Orabug: 36842785] - string.h: Introduce memtostr() and memtostr_pad() (Kees Cook) [Orabug: 36842785] - uek-rpm/ol9: Remove linux-firmware dependency from embedded kernel (Vijay Kumar) [Orabug: 36869776] - mips/cavium-octeon: Donot disable CPU0 for Cavium Octeon (Vijay Kumar) [Orabug: 36869776] - Octeon/ethernet: Fix Random MAC address assignment (Vijay Kumar) [Orabug: 36869776] - Add Micron devices in the SPI device table (Vijay Kumar) [Orabug: 36869776] - WARNING in rds_ib_dev_free (William Kucharski) [Orabug: 36877039] - vdpa/mlx5: Fix crash on shutdown for when no ndev exists (Dragos Tatulea) [Orabug: 36622300] - vdpa/mlx5: Support interrupt bypassing (Eli Cohen) [Orabug: 36622300] - genirq: Allow irq_chip registration functions to take a const irq_chip (Marc Zyngier) [Orabug: 36725623] - net/ethernet/octeon: convert unsupported .adjfreq to .adjfine (Dave Kleikamp) [Orabug: 36725623] - uek-rpm: Clean up mips64 config files (Dave Kleikamp) [Orabug: 36725623] - uek-rpm: mips: build kdump kernel (Dave Kleikamp) [Orabug: 36725623] - Always define hugepage_scan_file and hugepage_vma_check (Dave Kleikamp) [Orabug: 36725623] - KSPLICE: mips: clear the stack before going in the freezer. (Quentin Casasnovas) [Orabug: 36725623] - KSPLICE: mips: signals the freezer when we're coming from the entry code. (Quentin Casasnovas) [Orabug: 36725623] - MIPS: octeon: shared_cpu_map cacheinfo (Henry Willard) [Orabug: 36725623] - mips64: drivers/watchdog: Add IRQF_NOBALANCING when requesting irq (Thomas Tai) [Orabug: 36725623] - MIPS: Don't clear _PAGE_SPECIAL in _PAGE_CHG_MASK (Henry Willard) [Orabug: 36725623] - netdev, octeon3-ethernet: increase num_packet_buffers to 4096 (Dave Kleikamp) [Orabug: 36725623] - mips: Octeon: PCI console code was incorrectly finding the tty port (Dave Kleikamp) [Orabug: 36725623] - mips64: Fix X.509 certificates parsing (Eric Saint-Etienne) [Orabug: 36725623] - thermal: support for Marvell Octeon TX SoC temperature sensors (Eric Saint-Etienne) [Orabug: 36725623] - netdev, octeon3-ethernet: move timecounter init to network driver probe() (Dave Aldridge) [Orabug: 36725623] - mips64/octeon: Initialize netdevice in octeon_pow struct (Vijay Kumar) [Orabug: 36725623] - MIPS: Add syscall auditing support (Ralf Baechle) [Orabug: 36725623] - net/ethernet/octeon: Add ptp_dbg_group module param in octeon-pow-ethernet (Vijay Kumar) [Orabug: 36725623] - net/ethernet/octeon: Set max/min mtu of pow equivalent to Octeon eth device (Vijay Kumar) [Orabug: 36725623] - arch/mips: Discard the contents of the PCI console if the buffer is full for more than 10 milliseconds (Victor Michel) [Orabug: 36725623] - MIPS: octeon: Suppress early_init_dt_scan_memory damage. (Henry Willard) [Orabug: 36725623] - mips: Fails to create /sys/firmware/fdt during bootup (Vijay Kumar) [Orabug: 36725623] - MIPS: probe_kernel_read() should not panic (Rob Gardner) [Orabug: 36725623] - mips/cavium-octeon: Change access permission for /proc/pcie_reset to write (Vijay Kumar) [Orabug: 36725623] - MIPS: OCTEON: OCTEON III build and configuration option (Dave Kleikamp) [Orabug: 36725623] - uek-rpm: mips: Enable T73 options (Dave Kleikamp) [Orabug: 36725623] - Removing the octeon_boot header file (Anagha K J) [Orabug: 36725623] - OCTEON watchdog to check CIU3 feature rather than CN78XX model (Anagha K J) [Orabug: 36725623] - Change OCTEON_WDT from tristate to boolean (Anagha K J) [Orabug: 36725623] - Add compatible string 'micrel,ksz9031' for Micrel PHYs driver (Anagha K J) [Orabug: 36725623] - Try harder to register mdio phy device (Anagha K J) [Orabug: 36725623] - Export skb_release_head_state and check the SKB field cvm_info (Anagha K J) [Orabug: 36725623] - Config options for builtin ethernet, OCTEON III PKI/PKO,SRIO,POW (Anagha K J) [Orabug: 36725623] - Makefile for the Cavium network device drivers (Anagha K J) [Orabug: 36725623] - Octeon POW Ethernet Driver (Anagha K J) [Orabug: 36725623] - Modified and added workarounds for Octeon MII (management) port Network Driver (Anagha K J) [Orabug: 36725623] - External interface for the Cavium Octeon ethernet driver (Anagha K J) [Orabug: 36725623] - Cavium Networks common ethernet nexus driver (Anagha K J) [Orabug: 36725623] - Common Network Driver (Anagha K J) [Orabug: 36725623] - Cavium Networks BGX Ethernet MAC driver (Anagha K J) [Orabug: 36725623] - Cavium Networks BGX MAC Nexus driver (Anagha K J) [Orabug: 36725623] - Declared function pointers for bgx port. (Anagha K J) [Orabug: 36725623] - Cavium Networks PKI/PKO Ethernet driver (Anagha K J) [Orabug: 36725623] - Enables output qos and set number of queues per PKO port to 8 (Anagha K J) [Orabug: 36725623] - OCTEON ethernet transmit functions (Anagha K J) [Orabug: 36725623] - Setup SPI network device operations (Anagha K J) [Orabug: 36725623] - Implements SGMII network device operations (Anagha K J) [Orabug: 36725623] - Octeon ethernet receiver initialization, interrupt handler, SSO initialization (Anagha K J) [Orabug: 36725623] - Implements RGMII interface operations (Anagha K J) [Orabug: 36725623] - Implements NAPI poll function (Anagha K J) [Orabug: 36725623] - Functions for allocating,releasing and filling FPA pool. (Anagha K J) [Orabug: 36725623] - Cavium Octeon ethernet tool operations (Anagha K J) [Orabug: 36725623] - Add a few defines to control the operation of ethernet driver (Anagha K J) [Orabug: 36725623] - Implements Cavium Networks Octeon ethernet driver (Anagha K J) [Orabug: 36725623] - In cvm_mmc_interrupt, exit if the interrupt has been previously handled (Anagha K J) [Orabug: 36725623] - OCTEON gpio fixes (Anagha K J) [Orabug: 36725623] - OCTEON EDAC PC fixes (Anagha K J) [Orabug: 36725623] - OCTEON EDAC LMC fixes (Anagha K J) [Orabug: 36725623] - OCTEON EDAC L2 fixes (Anagha K J) [Orabug: 36725623] - Add OCTEON hotplug attributes to cpu_root_attrs (Anagha K J) [Orabug: 36725623] - Replaced BUG_ON with WARN_ON macro (Anagha K J) [Orabug: 36725623] - Add SATA PMP quirk (Anagha K J) [Orabug: 36725623] - Documentation on Cortina CS4321 dual RXAIU/quad XAUI 10G Ethernet PHYs (Anagha K J) [Orabug: 36725623] - OCTEON MSI enhancements (Anagha K J) [Orabug: 36725623] - OCTEON TLB handling (Anagha K J) [Orabug: 36725623] - Replace flush_icache_all with local_flush_icache_all in the get new mmu context (Anagha K J) [Orabug: 36725623] - Declares local_flush_icache_all function pointer and exports it. (Anagha K J) [Orabug: 36725623] - Updates to arch/mips/kernel/vmlinux.lds.S based on PHYSADDR (Anagha K J) [Orabug: 36725623] - mips: improve unaligned pointer handling (Anagha K J) [Orabug: 36725623] - Functions for plugging/unplugging the CPU (Anagha K J) [Orabug: 36725623] - Kernel config updates for Octeon SOC (Anagha K J) [Orabug: 36725623] - Added header file for the hotplug APIs (Anagha K J) [Orabug: 36725623] - Changes the DEFINE_PER_CPU variable scope from static to global scope (Anagha K J) [Orabug: 36725623] - Modify the set/get functions for ptrace watch registers and arch_ptrace functions (Anagha K J) [Orabug: 36725623] - Updates to arch/mips/kernel/octeon_switch.S (Anagha K J) [Orabug: 36725623] - Octeon support for arch/mips/kernel/genex.S (Anagha K J) [Orabug: 36725623] - ftrace: add in_kernel_space function to use in place of core_kernel_text (Anagha K J) [Orabug: 36725623] - Crash dump improvements (Anagha K J) [Orabug: 36725623] - Add octeon_irq_core_inhibit_bit fucntion (Anagha K J) [Orabug: 36725623] - Device specific IOCTL interface for the Cavium Octeon ethernet driver. (Anagha K J) [Orabug: 36725623] - Interface to Octeon boot structure (Anagha K J) [Orabug: 36725623] - Return UCTL USB registers address based on the Octeon model (Anagha K J) [Orabug: 36725623] - Add Octeon stxx control and status registers (Anagha K J) [Orabug: 36725623] - Add Octeon srxx control and status registers (Anagha K J) [Orabug: 36725623] - Add Octeon spxx control and status registers (Anagha K J) [Orabug: 36725623] - Spinlock improvements (Anagha K J) [Orabug: 36725623] - Added comments and CSR definitions Octeon led for multiple SOCs (Anagha K J) [Orabug: 36725623] - Added L2 Tag ECC SEC/DED Errors and Interrupt Enable register. (Anagha K J) [Orabug: 36725623] - Add Octeon iob CSR definitions (Anagha K J) [Orabug: 36725623] - Removed cvmx_bootinfo structure (Anagha K J) [Orabug: 36725623] - Implement CVMX_ENABLE_CSR_ADDRESS_CHECKING in cvmx-asxx-defs.h (Anagha K J) [Orabug: 36725623] - Modified the physical address of CKSEGx / XKPHYS address (Anagha K J) [Orabug: 36725623] - Added IPI handler functions and modified other smp functions (Anagha K J) [Orabug: 36725623] - Defined and exported dump_send_ipi function if CONFIG_KEXEC is defined. (Anagha K J) [Orabug: 36725623] - Changed the Platform file based on the CAVIUM_OCTEON_SOC configuration. (Anagha K J) [Orabug: 36725623] - oct_ilm enhancements (Anagha K J) [Orabug: 36725623] - Module for injecting errors. (Anagha K J) [Orabug: 36725623] - Modified the Makefile to compile octeon specific code changes. (Anagha K J) [Orabug: 36725623] - Octeon ehnancement to kernel config (Anagha K J) [Orabug: 36725623] - mips: Improve exception handling (Anagha K J) [Orabug: 36725623] - OCTEON3 cache error handling (Anagha K J) [Orabug: 36725623] - Add instructions for insn_zcb,insn_zcbt opcodes (Anagha K J) [Orabug: 36725623] - Add octeon-cpu.o and to Makefile (Anagha K J) [Orabug: 36725623] - Initialized cnmips cu2 setup (Anagha K J) [Orabug: 36725623] - Implement octeon_i2c_cvmx2i2c, modify hardware re-initialization of i2c. (Anagha K J) [Orabug: 36725623] - Updates for Octeon error handling (Anagha K J) [Orabug: 36725623] - Performace counter access code updates for Octeon (Anagha K J) [Orabug: 36725623] - T73 support in arch/mips/mm/page.c (Anagha K J) [Orabug: 36725623] - Modified the Octeon PCIe controllers functions. (Anagha K J) [Orabug: 36725623] - Driver for the Octeon III Free Pool Unit (Anagha K J) [Orabug: 36725623] - /proc interface to PCIe reset (Anagha K J) [Orabug: 36725623] - Interface for controlling power throttling on OCTEON II based platforms (Anagha K J) [Orabug: 36725623] - Modified the CSR type definitions for Octeon lmcx (Anagha K J) [Orabug: 36725623] - /proc interface to the Octeon Performance Counters (Anagha K J) [Orabug: 36725623] - Implement PCI console (Anagha K J) [Orabug: 36725623] - Functions for accessing /proc/octeon_info file (Anagha K J) [Orabug: 36725623] - Constructing, adding and removing octeon_hw_status_roots, their trees and nodes. (Anagha K J) [Orabug: 36725623] - Set the output of the gpio pin of the corresponding octeon model (Anagha K J) [Orabug: 36725623] - Add CVMX_ENABLE_CSR_ADDRESS_CHECKING flag to check if the CSR is valid (Anagha K J) [Orabug: 36725623] - Enable,clear and disable interrupt on different cores. (Anagha K J) [Orabug: 36725623] - Platform driver for Octeon SOC. (Anagha K J) [Orabug: 36725623] - Workarounds for initializing the bootmem allocator and setting up initrd related data (Anagha K J) [Orabug: 36725623] - Updates to various mips header files (Anagha K J) [Orabug: 36725623] - Module to support operations on core such as TLB config. (Anagha K J) [Orabug: 36725623] - Implement CVMX_ENABLE_CSR_ADDRESS_CHECKING for Octeon pescx and pexp (Anagha K J) [Orabug: 36725623] - CSR definitions for different SOCS for Octeon npei and Octeon npi. (Anagha K J) [Orabug: 36725623] - Utility functions for endian swapping (Anagha K J) [Orabug: 36725623] - Octeon pcie endpoint and VF configuration and status register definitions (Anagha K J) [Orabug: 36725623] - CSR type definitions for Octeon dtx (Anagha K J) [Orabug: 36725623] - Configuration and status register type definitions for Octeon xcv (Anagha K J) [Orabug: 36725623] - Configuration and status register (CSR) type definitions for Octeon lbk (Anagha K J) [Orabug: 36725623] - Updates to cvmx-pcsxx-defs.h (Anagha K J) [Orabug: 36725623] - Updates to cvmx-pcsx-defs.h (Anagha K J) [Orabug: 36725623] - Interface to the SMI/MDIO hardware (Anagha K J) [Orabug: 36725623] - Octeon smix and Octeon spemx Configuration and status register definitions. (Anagha K J) [Orabug: 36725623] - Functions for skipping, exporting and importing the app configuration (Anagha K J) [Orabug: 36725623] - Updates to octeon.h (Anagha K J) [Orabug: 36725623] - Octeon rst CSR definitions (Anagha K J) [Orabug: 36725623] - Modified functions for reading and writing processor local scratch memory (Anagha K J) [Orabug: 36725623] - CSRs for interrupts for Octeon ciu,ciu2,ciu3 in different Octeon SOCs (Anagha K J) [Orabug: 36725623] - Comments and CSRs for different SOCs for octeon pci and pciercx. (Anagha K J) [Orabug: 36725623] - Defined the Octeon pemx CSR for different SOCs. (Anagha K J) [Orabug: 36725623] - Configuration and status register (CSR) type definitions for Octeon gserx. (Anagha K J) [Orabug: 36725623] - Check if CVMX_DBG_DATA is supported and modify the Debug Data Register. (Anagha K J) [Orabug: 36725623] - CSR definitions for Octeon sriox (Anagha K J) [Orabug: 36725623] - Octeon sriomaintx control and status register definitions (Anagha K J) [Orabug: 36725623] - Functions for AGL (RGMII) common initialization, configuration (Anagha K J) [Orabug: 36725623] - Configuration and status register (CSR) type definitions for Octeon bgxx (Anagha K J) [Orabug: 36725623] - Provides atomic operations (Anagha K J) [Orabug: 36725623] - Configuration and status register (CSR) type definitions for Octeon sso (Anagha K J) [Orabug: 36725623] - Added comments and workarounds for the arch setup (Anagha K J) [Orabug: 36725623] - Modified and added new structures for hardware scheduling unit (Anagha K J) [Orabug: 36725623] - Added Interface to the hardware Fetch and Add Unit (Anagha K J) [Orabug: 36725623] - Interface to the hardware Packet Output unit. (Anagha K J) [Orabug: 36725623] - Octeon l2d Configuration and status register (CSR) type definitions (Anagha K J) [Orabug: 36725623] - Add pki buffer pointer union (Anagha K J) [Orabug: 36725623] - New functions for hardware Packet Input Processing unit interface (Anagha K J) [Orabug: 36725623] - Add interface to the GMX hardware and SOC CSR definitions for Octeon gmxx (Anagha K J) [Orabug: 36725623] - Update the WQE Error levels, error codes and data structure (Anagha K J) [Orabug: 36725623] - Helper functions for FPA setup (Anagha K J) [Orabug: 36725623] - CSR type definitions for Octeon tim and Octeon uahcx (Anagha K J) [Orabug: 36725623] - Added Octeon rnm CSR definitions for more SOCs. (Anagha K J) [Orabug: 36725623] - Modified CSR type definitions for Octeon (Anagha K J) [Orabug: 36725623] - Header file for simple executive application initialization. (Anagha K J) [Orabug: 36725623] - Implemented fast access to the thread pointer from userspace (Anagha K J) [Orabug: 36725623] - Definitions for enumerations used with Octeon CSRs (Anagha K J) [Orabug: 36725623] - Module to support operations on bitmap of cores. (Anagha K J) [Orabug: 36725623] - Added more ASM primitives definitions for the executive (Anagha K J) [Orabug: 36725623] - Updates to octeon header files (Anagha K J) [Orabug: 36725623] - Updates to mips header files (Anagha K J) [Orabug: 36725623] - Funtions to get core number, processor ID, node number (Anagha K J) [Orabug: 36725623] - Modified the cflags based on the config options enabled (Anagha K J) [Orabug: 36725623] - Added different Octeon model IDs and macros to compare them. (Anagha K J) [Orabug: 36725623] - Modified functions for working with different Octeon models. (Anagha K J) [Orabug: 36725623] - Added and modified checks for different Octeon features. (Anagha K J) [Orabug: 36725623] - Update Makefile for cavium specific drivers (Anagha K J) [Orabug: 36725623] - Added interface to the TWSI / I2C bus (Anagha K J) [Orabug: 36725623] - Provide system/board/application information obtained by the bootloader (Anagha K J) [Orabug: 36725623] - Functions for reserving and releasing SSO resources (Anagha K J) [Orabug: 36725623] - Interface to SRIO (Anagha K J) [Orabug: 36725623] - Support library for the SPI4000 card (Anagha K J) [Orabug: 36725623] - Functions for reserving a memory range (Anagha K J) [Orabug: 36725623] - File contains the QLM JTAG structure for different SOCs (Anagha K J) [Orabug: 36725623] - Added helper utilities for qlm. (Anagha K J) [Orabug: 36725623] - Allocate and initialize PKO internal ports (Anagha K J) [Orabug: 36725623] - Workarounds for Octeon PKO (Anagha K J) [Orabug: 36725623] - Allocate and initialize PKO resources. (Anagha K J) [Orabug: 36725623] - Registering ,mapping channels and queue scheduling in PKO3 (Anagha K J) [Orabug: 36725623] - Initialization and configuration of PKO3 (Anagha K J) [Orabug: 36725623] - Adding CSR type definitions for Octeon pki (Anagha K J) [Orabug: 36725623] - Adding PKI support (Anagha K J) [Orabug: 36725623] - Added interface to PCIe as a host(RC) or target(EP) (Anagha K J) [Orabug: 36725623] - Added support library for the OSM. (Anagha K J) [Orabug: 36725623] - Add interface to the On Chip Logic Analyzer (OCLA) (Anagha K J) [Orabug: 36725623] - Support library for the LAP interface (Anagha K J) [Orabug: 36725623] - Level 2 Cache (L2C) control, measurement and debugging facilities (Anagha K J) [Orabug: 36725623] - IPD support (Anagha K J) [Orabug: 36725623] - Remove cvmx-interrupt-decodes.c and cvmx-interrupt-rsl.c (Anagha K J) [Orabug: 36725623] - Added Support library for the ILK interface. (Anagha K J) [Orabug: 36725623] - Configure the ILA-LA interface and CSR definitions for ILA interface (Anagha K J) [Orabug: 36725623] - XAUI initialization, configuration and monitoring (Anagha K J) [Orabug: 36725623] - Map interface numbers to IPD ports (Anagha K J) [Orabug: 36725623] - SRIO initialization, configuration and monitoring (Anagha K J) [Orabug: 36725623] - Modify the cvmx spi enumerate function (Anagha K J) [Orabug: 36725623] - Modify SGMII initialization, configuration and monitoring (Anagha K J) [Orabug: 36725623] - Workarounds for RGMII/GMII/MII (Anagha K J) [Orabug: 36725623] - Helper functions for PKO and PKOv3 (Anagha K J) [Orabug: 36725623] - Helper functions for PKI (Anagha K J) [Orabug: 36725623] - Workaround for probing and enabling NPI interface for different SOCs (Anagha K J) [Orabug: 36725623] - Make loop interface probing dependent on octeon model (Anagha K J) [Orabug: 36725623] - QLM JTAG improvements (Anagha K J) [Orabug: 36725623] - Added helper functions for IPD (Anagha K J) [Orabug: 36725623] - ILK initialization, configuration and monitoring (Anagha K J) [Orabug: 36725623] - Workaround for errata PKI-100 (Anagha K J) [Orabug: 36725623] - Helper Functions for the Configuration Framework (Anagha K J) [Orabug: 36725623] - Add more helper functions for common complicated tasks (Anagha K J) [Orabug: 36725623] - Add helper functions (Anagha K J) [Orabug: 36725623] - AGL (RGMII) initialization, configuration and monitoring (Anagha K J) [Orabug: 36725623] - Adding APIs for global resources (Anagha K J) [Orabug: 36725623] - Modified the interface to the hardware Free Pool Allocator (Anagha K J) [Orabug: 36725623] - Workarounds for managing command queues used for various hardware blocks. (Anagha K J) [Orabug: 36725623] - Interface to Core, IO and DDR Clock (Anagha K J) [Orabug: 36725623] - Add macros for bootmem (Anagha K J) [Orabug: 36725623] - Functions to configure the BGX MAC (Anagha K J) [Orabug: 36725623] - Functions for importing/exporting app configurations (Anagha K J) [Orabug: 36725623] - RGMII support (Anagha K J) [Orabug: 36725623] - Add additional checks for cpu type in plat_swiotlb_setup (Anagha K J) [Orabug: 36725623] - Implemented Octeon PTP clock (Anagha K J) [Orabug: 36725623] - Clean up clocksource code (Anagha K J) [Orabug: 36725623] - Replace octeon_has_crypto() with octeon_has_feature() (Anagha K J) [Orabug: 36725623] - Remove arch/mips/cavium-octeon/cpu.c (Anagha K J) [Orabug: 36725623] - Add syscall to for timer events (Anagha K J) [Orabug: 36725623] - Remove Cavium Networks Octeon ethernet driver files from drivers/staging/octeon (Anagha K J) [Orabug: 36725623] - Removed building of octeon in Makefile (Anagha K J) [Orabug: 36725623] - Removed 'drivers/staging/octeon/Kconfig' source (Anagha K J) [Orabug: 36725623] - uek-rpm: Build mips embedded kernel for ol9 (Dave Kleikamp) [Orabug: 36725623] - include/uapi: Hide kabi magic from user space (Dave Kleikamp) [Orabug: 36725623] - kbuild: linker should be called with KBUILD_LDFLAGS (Dave Kleikamp) [Orabug: 36725623] - Provide thread_info flags for KSPLICE freezer support (Rob Gardner) [Orabug: 36725623] - mips: mm: define MADV_DOEXEC and MADV_DONTEXEC (Dave Kleikamp) [Orabug: 36725623] - mips: add PROT_RESERVED (Dave Kleikamp) [Orabug: 36725623] - mips: add clear_page_uncached() (Dave Kleikamp) [Orabug: 36725623] - dmaengine: idxd: add a write() method for applications to submit work (Nikhil Rao) [Orabug: 36770955] {CVE-2024-21823} - dmaengine: idxd: add a new security check to deal with a hardware erratum (Arjan van de Ven) [Orabug: 36770955] {CVE-2024-21823} - VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist (Arjan van de Ven) [Orabug: 36770955] {CVE-2024-21823} - dmaengine: idxd: Avoid unnecessary destruction of file_ida (Fenghua Yu) [Orabug: 36747435] - dmaengine: idxd: Convert spinlock to mutex to lock evl workqueue (Rex Zhang) [Orabug: 36747435] - dmaengine: idxd: Check for driver name match before sva user feature (Jerry Snitselaar) [Orabug: 36747435] - dmaengine: idxd: constify the struct device_type usage (Ricardo B. Marliere) [Orabug: 36747435] - dmaengine: idxd: Ensure safe user copy of completion record (Fenghua Yu) [Orabug: 36747435] - dmaengine: idxd: Remove shadow Event Log head stored in idxd (Fenghua Yu) [Orabug: 36747435] - dmaengine: idxd: Move dma_free_coherent() out of spinlocked context (Rex Zhang) [Orabug: 36747435] - dmaengine: idxd: Remove usage of the deprecated ida_simple_xx() API (Christophe JAILLET) [Orabug: 36747435] - dmaengine: idxd: Add support for device/wq defaults (Tom Zanussi) [Orabug: 36747435] - dmaengine: idxd: add callback support for iaa crypto (Tom Zanussi) [Orabug: 36747435] - dmaengine: idxd: Add wq private data accessors (Tom Zanussi) [Orabug: 36747435] - dmaengine: idxd: Export wq resource management functions (Tom Zanussi) [Orabug: 36747435] - dmaengine: idxd: Export descriptor management functions (Tom Zanussi) [Orabug: 36747435] - dmaengine: idxd: Rename drv_enable/disable_wq to idxd_drv_enable/disable_wq, and export (Tom Zanussi) [Orabug: 36747435] - dmaengine: idxd: add external module driver support for dsa_bus_type (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: Fix incorrect descriptions for GRPCFG register (Guanjun) [Orabug: 36747435] - dmaengine: idxd: Protect int_handle field in hw descriptor (Guanjun) [Orabug: 36747435] - dmaengine: idxd: add wq driver name support for accel-config user tool (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: rate limit printk in misc interrupt thread (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: Fix issues with PRS disable sysfs knob (Fenghua Yu) [Orabug: 36747435] - dmaengine: idxd: Allow ATS disable update only for configurable devices (Fenghua Yu) [Orabug: 36747435] - dmaengine: idxd: Remove unused declarations (Yue Haibing) [Orabug: 36747435] - dmaengine: idxd: Clear PRS disable flag when disabling IDXD device (Fenghua Yu) [Orabug: 36747435] - dmaengine: idxd: Expose ATS disable knob only when WQ ATS is supported (Fenghua Yu) [Orabug: 36747435] - dmaengine: idxd: Simplify WQ attribute visibility checks (Fenghua Yu) [Orabug: 36747435] - dmaengine: idxd: No need to clear memory after a dma_alloc_coherent() call (Christophe JAILLET) [Orabug: 36747435] - dmaengine: idxd: Modify ABI documentation for attribute pasid_enabled (Rex Zhang) [Orabug: 36747435] - dmaengine: idxd: Modify the dependence of attribute pasid_enabled (Rex Zhang) [Orabug: 36747435] - dmaengine: idxd: Fix passing freed memory in idxd_cdev_open() (Harshit Mogalapalli) [Orabug: 36747435] - dmaengine: idxd: Add enable/disable device IOPF feature (Lu Baolu) [Orabug: 36747435] - dmaengine: idxd: add per wq PRS disable (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: add pid to exported sysfs attribute for opened file (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: expose fault counters to sysfs (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: add a device to represent the file opened (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: add per file user counters for completion record faults (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: process batch descriptor completion record faults (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: add descs_completed field for completion record (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: process user page faults for completion record (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: add idxd_copy_cr() to copy user completion record during page fault handling (Fenghua Yu) [Orabug: 36747435] - dmaengine: idxd: create kmem cache for event log fault items (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: add per DSA wq workqueue for processing cr faults (Dave Jiang) [Orabug: 36747435] - dmanegine: idxd: add debugfs for event log dump (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: add interrupt handling for event log (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: setup event log configuration (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: add event log size sysfs attribute (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: make misc interrupt one shot (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: expose IAA CAP register via sysfs knob (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: reformat swerror output to standard Linux bitmap output (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: Add descriptor definitions for translation fetch operation (Fenghua Yu) [Orabug: 36747435] - dmaengine: idxd: Add descriptor definitions for DIX generate operation (Fenghua Yu) [Orabug: 36747435] - dmaengine: idxd: Add descriptor definitions for 16 bytes of pattern in memory fill operation (Fenghua Yu) [Orabug: 36747435] - dmaengine: idxd: use const struct bus_type * (Greg Kroah-Hartman) [Orabug: 36747435] - dmaengine: idxd: Remove unnecessary aer.h include (Bjorn Helgaas) [Orabug: 36747435] - dmaengine: idxd: Fix default allowed read buffers value in group (Fenghua Yu) [Orabug: 36747435] - dmaengine: idxd: Do not call DMX TX callbacks during workqueue disable (Reinette Chatre) [Orabug: 36747435] - dmaengine: idxd: Prevent use after free on completion memory (Reinette Chatre) [Orabug: 36747435] - dmaengine: idxd: Remove the unused function set_completion_address() (Jiapeng Chong) [Orabug: 36747435] - dmaengine: idxd: Remove linux/msi.h include (Thomas Gleixner) [Orabug: 36747435] - dmaengine: idxd: fix RO device state error after been disabled/reset (Fengqian Gao) [Orabug: 36747435] - dmaengine: idxd: Fix max batch size for Intel IAA (Xiaochen Shen) [Orabug: 36747435] - dmaengine: idxd: Make read buffer sysfs attributes invisible for Intel IAA (Xiaochen Shen) [Orabug: 36747435] - dmaengine: idxd: Make max batch size attributes in sysfs invisible for Intel IAA (Xiaochen Shen) [Orabug: 36747435] - dmaengine: idxd: Do not enable user type Work Queue without Shared Virtual Addressing (Fenghua Yu) [Orabug: 36747435] - dmaengine: idxd: add configuration for concurrent batch descriptor processing (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: add configuration for concurrent work descriptor processing (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: add WQ operation cap restriction support (Dave Jiang) [Orabug: 36747435] - dmanegine: idxd: reformat opcap output to match bitmap_parse() input (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: convert ats_dis to a wq flag (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: Remove unused struct idxd_fault (Yuan Can) [Orabug: 36747435] - dmaengine: idxd: track enabled workqueues in bitmap (Jerry Snitselaar) [Orabug: 36747435] - dmaengine: idxd: Set wq state to disabled in idxd_wq_disable_cleanup() (Jerry Snitselaar) [Orabug: 36747435] - dmaengine: idxd: avoid deadlock in process_misc_interrupts() (Jerry Snitselaar) [Orabug: 36747435] - dmaengine: idxd: Correct IAX operation code names (Fenghua Yu) [Orabug: 36747435] - dmaengine: idxd: Only call idxd_enable_system_pasid() if succeeded in enabling SVA feature (Jerry Snitselaar) [Orabug: 36747435] - dmaengine: idxd: make idxd_wq_enable() return 0 if wq is already enabled (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: Remove unnecessary synchronize_irq() before free_irq() (Minghao Chi) [Orabug: 36747435] - dmaengine: idxd: skip irq free when wq type is not kernel (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: make idxd_register/unregister_dma_channel() static (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: free irq before wq type is reset (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: fix lockdep warning on device driver removal (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: Separate user and kernel pasid enabling (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: refactor wq driver enable/disable operations (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: move wq irq enabling to after device enable (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: fix retry value to be constant for duration of function call (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: match type for retries var in idxd_enqcmds() (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: set max_xfer and max_batch for RO device (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: update IAA definitions for user header (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: remove trailing white space on input str for wq name (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: don't load pasid config until needed (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: Remove useless DMA-32 fallback configuration (Christophe JAILLET) [Orabug: 36747435] - dmaengine: idxd: deprecate token sysfs attributes for read buffers (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: change MSIX allocation based on per wq activation (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: fix descriptor flushing locking (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: embed irq_entry in idxd_wq struct (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: add knob for enqcmds retries (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: set defaults for wq configs (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: handle interrupt handle revoked event (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: handle invalid interrupt handle descriptors (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: create locked version of idxd_quiesce() call (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: add helper for per interrupt handle drain (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: move interrupt handle assignment (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: int handle management refactoring (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: rework descriptor free path on failure (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: cleanup completion record allocation (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: Use list_move_tail instead of list_del/list_add_tail (Bixuan Cui) [Orabug: 36747435] - dmaengine: idxd: remove kernel wq type set when load configuration (Dave Jiang) [Orabug: 36747435] - dmaengine: idxd: remove gen cap field per spec 1.2 update (Dave Jiang) [Orabug: 36747435] - scsi: lpfc: Copyright updates for 14.4.0.2 patches (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Update lpfc version to 14.4.0.2 (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Add support for 32 byte CDBs (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Change lpfc_hba hba_flag member into a bitmask (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Introduce rrq_list_lock to protect active_rrq_list (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Clear deferred RSCN processing flag when driver is unloading (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Update logging of protection type for T10 DIF I/O (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Change default logging level for unsolicited CT MIB commands (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Copyright updates for 14.4.0.1 patches (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Update lpfc version to 14.4.0.1 (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Define types in a union for generic void *context3 ptr (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Define lpfc_dmabuf type for ctx_buf ptr (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Define lpfc_nodelist type for ctx_ndlp ptr (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Use a dedicated lock for ras_fwlog state (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Remove unnecessary log message in queuecommand path (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Correct size for cmdwqe/rspwqe for memset() (Muhammad Usama Anjum) [Orabug: 36816944] - scsi: lpfc: Replace deprecated strncpy() with strscpy() (Justin Stitt) [Orabug: 36816944] - scsi: lpfc: Copyright updates for 14.4.0.0 patches (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Update lpfc version to 14.4.0.0 (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Change lpfc_vport load_flag member into a bitmask (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Change lpfc_vport fc_flag member into a bitmask (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Protect vport fc_nodes list with an explicit spin lock (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Change nlp state statistic counters into atomic_t (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Remove shost_lock protection for fc_host_port shost APIs (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Move handling of reset congestion statistics events (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Save FPIN frequency statistics upon receipt of peer cgn notifications (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Add condition to delete ndlp object after sending BLS_RJT to an ABTS (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Fix failure to delete vports when discovery is in progress (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Remove NLP_RCV_PLOGI early return during RSCN processing for ndlps (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Allow lpfc_plogi_confirm_nport() logic to execute for Fabric nodes (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Remove D_ID swap log message from trace event logger (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Use sg_dma_len() API to get struct scatterlist's length (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Initialize status local variable in lpfc_sli4_repost_sgl_list() (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Update lpfc version to 14.2.0.17 (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Move determination of vmid_flag after VMID reinitialization completes (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Reinitialize an NPIV's VMID data structures after FDISC (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Change VMID driver load time parameters to read only (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Use PCI_HEADER_TYPE_MFD instead of literal (Ilpo Jarvinen) [Orabug: 36816944] - PCI: Add PCI_HEADER_TYPE_MFD definition (Ilpo Jarvinen) [Orabug: 36816944] - scsi: lpfc: Copyright updates for 14.2.0.16 patches (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Update lpfc version to 14.2.0.16 (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Enhance driver logging for selected discovery events (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Refactor and clean up mailbox command memory free (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Return early in lpfc_poll_eratt() when the driver is unloading (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Eliminate unnecessary relocking in lpfc_check_nlp_post_devloss() (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Fix list_entry null check warning in lpfc_cmpl_els_plogi() (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Correct maximum PCI function value for RAS fw logging (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Update lpfc version to 14.2.0.15 (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Introduce LOG_NODE_VERBOSE messaging flag (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Validate ELS LS_ACC completion payload (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Reject received PRLIs with only initiator fcn role for NPIV ports (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Treat IOERR_SLI_DOWN I/O completion status the same as pci offline (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Remove unnecessary zero return code assignment in lpfc_sli4_hba_setup (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (Andy Shevchenko) [Orabug: 36816944] - scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Copyright updates for 14.2.0.14 patches (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Update lpfc version to 14.2.0.14 (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Clean up SLI-4 sysfs resource reporting (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Refactor cpu affinity assignment paths (Justin Tee) [Orabug: 36816944] - cpumask: fix incorrect cpumask scanning result checks (Linus Torvalds) [Orabug: 36816944] - scsi: lpfc: Abort outstanding ELS cmds when mailbox timeout error is detected (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Make fabric zone discovery more robust when handling unsolicited LOGO (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Set Establish Image Pair service parameter only for Target Functions (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Revise ndlp kref handling for dev_loss_tmo_callbk and lpfc_drop_node (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Qualify ndlp discovery state when processing RSCN (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Remove extra ndlp kref decrement in FLOGI cmpl for loop topology (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Simplify fcp_abort transport callback log message (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Pull out fw diagnostic dump log message from driver's trace buffer (Justin Tee) [Orabug: 36816944] - scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan() (Tuo Li) [Orabug: 36816944] - scsi: lpfc: Fix lpfc_name struct packing (Arnd Bergmann) [Orabug: 36816944] - scsi: lpfc: Avoid -Wstringop-overflow warning (Gustavo A. R. Silva) [Orabug: 36816944] - net: mana: Add support for page sizes other than 4KB on ARM64 (Haiyang Zhang) [Orabug: 36821477] - net: mana: Fix the extra HZ in mana_hwc_send_request (Souradeep Chakrabarti) [Orabug: 36821477] - net: mana: Enable MANA driver on ARM64 with 4K page size (Haiyang Zhang) [Orabug: 36821477] - net: mana: Annotate struct hwc_dma_buf with __counted_by (Kees Cook) [Orabug: 36821477] - net: mana: Annotate struct mana_rxq with __counted_by (Kees Cook) [Orabug: 36821477] - net: mana: Avoid open coded arithmetic (Erick Archer) [Orabug: 36821477] - net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (Erick Archer) [Orabug: 36821477] - net: mana: Fix Rx DMA datasize and skb_over_panic (Haiyang Zhang) [Orabug: 36821477] - net: mana: add msix index sharing between EQs (Konstantin Taranov) [Orabug: 36821477] - net: mana: Fix spelling mistake 'enforecement' -> 'enforcement' (Colin Ian King) [Orabug: 36821477] - net :mana :Add remaining GDMA stats for MANA to ethtool (Shradha Gupta) [Orabug: 36821477] - net: mana: Use xdp_set_features_flag instead of direct assignment (Konstantin Taranov) [Orabug: 36821477] - net: mana: Fix oversized sge0 for GSO packets (Haiyang Zhang) [Orabug: 36821477] - net: mana: Fix the tso_bytes calculation (Haiyang Zhang) [Orabug: 36821477] - net: mana: Fix TX CQE error handling (Haiyang Zhang) [Orabug: 36821477] - net: mana: Add gdma stats to ethtool output for mana (Shradha Gupta) [Orabug: 36821477] - net: mana: Configure hwc timeout from hardware (Souradeep Chakrabarti) [Orabug: 36821477] - uek-rpm/config-x86_64: Add the IAA CRYPTO DEV to config (Jack Vogel) [Orabug: 36822729] - crypto: iaa - Add Intel IAA Compression Accelerator crypto driver core (Tom Zanussi) [Orabug: 36822729] - crypto: iaa - Add IAA Compression Accelerator Documentation (Tom Zanussi) [Orabug: 36822729] - tools/objtool: Check for use of the ENQCMD instruction in the kernel (Fenghua Yu) [Orabug: 36822729] - x86/cpufeatures: Re-enable ENQCMD (Fenghua Yu) [Orabug: 36822729] - uek-rpm/config-x86_64: Enable IDXD SVM config (Jack Vogel) [Orabug: 36822729] - scsi: mpt3sas: Replace deprecated strncpy() with strscpy() (Justin Stitt) [Orabug: 36826103] - scsi: mpt3sas: Update driver version to 48.100.00.00 (Ranjan Kumar) [Orabug: 36826103] - scsi: mpt3sas: Reload SBR without rebooting HBA (Ranjan Kumar) [Orabug: 36826103] - scsi: mpt3sas: Suppress a warning in debug kernel (Tomas Henzl) [Orabug: 36826103] - scsi: mpt3sas: Replace dynamic allocations with local variables (James Seo) [Orabug: 36826103] - scsi: mpt3sas: Replace a dynamic allocation with a local variable (James Seo) [Orabug: 36826103] - scsi: mpt3sas: Fix typo of 'TRIGGER' (James Seo) [Orabug: 36826103] - scsi: mpt3sas: Fix an outdated comment (James Seo) [Orabug: 36826103] - scsi: mpt3sas: Remove the iounit_pg8 member of the per-adapter struct (James Seo) [Orabug: 36826103] - scsi: mpt3sas: Use struct_size() for struct size calculations (James Seo) [Orabug: 36826103] - scsi: mpt3sas: Make MPI26_CONFIG_PAGE_PIOUNIT_1::PhyData[] a flexible array (James Seo) [Orabug: 36826103] - scsi: mpt3sas: Make MPI2_CONFIG_PAGE_SASIOUNIT_1::PhyData[] a flexible array (James Seo) [Orabug: 36826103] - scsi: mpt3sas: Make MPI2_CONFIG_PAGE_SASIOUNIT_0::PhyData[] a flexible array (James Seo) [Orabug: 36826103] - scsi: mpt3sas: Make MPI2_CONFIG_PAGE_RAID_VOL_0::PhysDisk[] a flexible array (James Seo) [Orabug: 36826103] - scsi: mpt3sas: Make MPI2_CONFIG_PAGE_IO_UNIT_8::Sensor[] a flexible array (James Seo) [Orabug: 36826103] - scsi: mpt3sas: Use flexible arrays when obviously possible (James Seo) [Orabug: 36826103] - scsi: megaraid_sas: Driver version update to 07.727.03.00-rc1 (Chandrakanth patil) [Orabug: 36807009] - scsi: megaraid_sas: Call scsi_done() directly (Bart Van Assche) [Orabug: 36807009] - scsi: megaraid_sas: Convert union megasas_sgl to flex-arrays (Kees Cook) [Orabug: 36807009] - scsi: megaraid_sas: Use pci_dev_id() to simplify the code (Jialin Zhang) [Orabug: 36807009] - scsi: megaraid_sas: Log message when controller reset is requested but not issued (Chandrakanth patil) [Orabug: 36807009] - uek-rpm: build embedded2 kernel (Joe Dobosenski) [Orabug: 36721455] - uek-rpm: pensando: create uek7 config file for elba (Joe Dobosenski) [Orabug: 36721455] - arm64: pensando: Suppress tree-loop-distribute-patterns optimization (Henry Willard) [Orabug: 36721455] - Pensando: kexec: support kexec on elba (Joe Dobosenski) [Orabug: 34091165] [Orabug: 36721455] - net/ethernet/pensando: Add out-of-tree network drivers (Joe Dobosenski) [Orabug: 36721455] - drivers/soc/pensando: kpcimgr driver. (Joe Dobosenski) [Orabug: 36721455] - arm64/configs: Add CONFIG_IP6_NF_IPTABLES for elba (David Clear) [Orabug: 36721455] - drivers/soc/pensando: penfw driver (David Clear) [Orabug: 36721455] - arch/arm64/boot/dts: psci support (David Clear) [Orabug: 36721455] - drivers/soc/pensando: boot_count to sysfs for kdump.log (David Clear) [Orabug: 36721455] - drivers/soc/pensando sbus driver (David Clear) [Orabug: 36721455] - dts/pensando: add mnet and mcrypt devices, with reserved dma memory (David Clear) [Orabug: 36721455] - soc/pensando: pcie driver (David Clear) [Orabug: 36721455] - drivers/soc/pensando: Add the Reset Cause driver (David Clear) [Orabug: 36721455] - drivers/soc/pensando: crash dump driver. (David Clear) [Orabug: 36721455] - drivers/pensando/soc: Boot State Machine (BSM) integration. (David Clear) [Orabug: 36721455] - drivers/uio: UIO drivers for Elba (David Clear) [Orabug: 36721455] - Interrupt domain controllers for Elba ASIC. (David Clear) [Orabug: 36721455] - drivers/soc/pensando: /dev/capmem driver. (David Clear) [Orabug: 36721455] - drivers/edac: Add Elba EDAC support (David Clear) [Orabug: 36721455] - dts/pensnado: Elba flash partitions (David Clear) [Orabug: 36721455] - drivers/reset: Add emmc hardware reset (David Clear) [Orabug: 36721455] - arch/arm64: Initial support for the Pensando Elba SoC (David Clear) [Orabug: 36721455] - drivers/mtd/spi-nor: Winbond w25q02nw flash support. (David Clear) [Orabug: 36721455] - spi-dw: Support Pensando Elba custom chip-select (David Clear) [Orabug: 36721455] - drivers/mmc/host: Pensando Elba support in the Cadence EMMC host controller (David Clear) [Orabug: 36721455] - drivers/spi/spi-cadence-quadspi.c: add quirks for the Pensando controller (David Clear) [Orabug: 36721455] - arm64/traps: Call platform handler for do_serror (David Clear) [Orabug: 36721455] - i2c: Add Lattice RD1173 I2C controller driver. (David Clear) [Orabug: 36721455] - i2c-designware: Support stuck SDA line recovery. (David Clear) [Orabug: 36721455] - drivers/hwmon: Adding support LTC3888 (David Clear) [Orabug: 36721455] - hwmon/pmbus: Add support for the TI TPS53659 (David Clear) [Orabug: 36721455] - uek-rpm: Run olddefconfig for UEK7 update 3 (Harshit Mogalapalli) [Orabug: 36633514] - net/mlx5: Use mlx5_ipsec_rx_status_destroy to correctly delete status rules (Rahul Rameshbabu) [Orabug: 36680931] - net/mlx5e: RSS, Block changing channels number when RXFH is configured (Carolina Jubran) [Orabug: 36680931] - net/mlx5e: Use a memory barrier to enforce PTP WQ xmit submission tracking occurs after populating the metadata_map (Rahul Rameshbabu) [Orabug: 36680931] - net/mlx5: Fix fw reporter diagnose output (Aya Levin) [Orabug: 36680931] - Revert 'net/mlx5e: Check the number of elements before walk TC rhashtable' (Saeed Mahameed) [Orabug: 36680931] - net/mlx5: DPLL, Fix possible use after free after delayed work timer triggers (Jiri Pirko) [Orabug: 36680931] - net/mlx5e: Fix inconsistent hairpin RQT sizes (Tariq Toukan) [Orabug: 36680931] - net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context (Rahul Rameshbabu) [Orabug: 36680931] - net/mlx5e: Fix error codes in alloc_branch_attr() (Dan Carpenter) [Orabug: 36680931] - net/mlx5e: Fix error code in mlx5e_tc_action_miss_mapping_get() (Dan Carpenter) [Orabug: 36680931] - net/mlx5: Refactor mlx5_flow_destination->rep pointer to vport num (Vlad Buslov) [Orabug: 36680931] - net/mlx5e: XDP, Drop fragmented packets larger than MTU size (Carolina Jubran) [Orabug: 36680931] - net/mlx5e: Decrease num_block_tc when unblock tc offload (Chris Mi) [Orabug: 36680931] - net/mlx5e: Fix a race in command alloc flow (Shifeng Li) [Orabug: 36680931] - net/mlx5e: fix double free of encap_header (Vlad Buslov) [Orabug: 36680931] - net/mlx5: Fix a NULL vs IS_ERR() check (Dan Carpenter) [Orabug: 36680931] - net/mlx5e: Check netdev pointer before checking its net ns (Gavin Li) [Orabug: 36680931] - net/mlx5e: TC, Don't offload post action rule if not supported (Chris Mi) [Orabug: 36680931] - net/mlx5e: Fix possible deadlock on mlx5e_tx_timeout_work (Moshe Shemesh) [Orabug: 36680931] - net/mlx5e: Disable IPsec offload support if not FW steering (Chris Mi) [Orabug: 36680931] - net/mlx5e: Check the number of elements before walk TC rhashtable (Jianbo Liu) [Orabug: 36680931] - net/mlx5e: Reduce eswitch mode_lock protection context (Jianbo Liu) [Orabug: 36680931] - net/mlx5e: Tidy up IPsec NAT-T SA discovery (Leon Romanovsky) [Orabug: 36680931] - net/mlx5e: Add IPsec and ASO syndromes check in HW (Patrisious Haddad) [Orabug: 36680931] - net/mlx5e: Remove exposure of IPsec RX flow steering struct (Leon Romanovsky) [Orabug: 36680931] - net/mlx5e: Unify esw and normal IPsec status table creation/destruction (Patrisious Haddad) [Orabug: 36680931] - net/mlx5e: Ensure that IPsec sequence packet number starts from 1 (Leon Romanovsky) [Orabug: 36680931] - net/mlx5e: Honor user choice of IPsec replay window size (Leon Romanovsky) [Orabug: 36680931] - netdevsim: Don't accept device bound programs (Stanislav Fomichev) [Orabug: 36680931] - net/mlx5: Increase size of irq name buffer (Rahul Rameshbabu) [Orabug: 36680931] - net/mlx5e: Update doorbell for port timestamping CQ before the software counter (Rahul Rameshbabu) [Orabug: 36680931] - net/mlx5e: Track xmit submission to PTP WQ after populating metadata map (Rahul Rameshbabu) [Orabug: 36680931] - net/mlx5e: Avoid referencing skb after free-ing in drop path of mlx5e_sq_xmit_wqe (Rahul Rameshbabu) [Orabug: 36680931] - net/mlx5e: Don't modify the peer sent-to-vport rules for IPSec offload (Jianbo Liu) [Orabug: 36680931] - net/mlx5: Decouple PHC .adjtime and .adjphase implementations (Rahul Rameshbabu) [Orabug: 36680931] - net/mlx5: DR, Allow old devices to use multi destination FTE (Erez Shitrit) [Orabug: 36680931] - Revert 'net/mlx5: DR, Supporting inline WQE when possible' (Itamar Gozlan) [Orabug: 36680931] - IB/mlx5: Fix init stage error handling to avoid double free of same QP and UAF (George Kennedy) [Orabug: 36680931] - net: fill in MODULE_DESCRIPTION()s in kuba@'s modules (Jakub Kicinski) [Orabug: 36680931] - netdevsim: Block until all devices are released (Ido Schimmel) [Orabug: 36680931] - net/mlx5: fix uninit value use (Przemek Kitszel) [Orabug: 36680931] - RDMA/mlx5: Change the key being sent for MPV device affiliation (Patrisious Haddad) [Orabug: 36680931] - mlxsw: spectrum: Set SW LAG mode on Spectrum>1 (Petr Machata) [Orabug: 36680931] - mlxsw: spectrum: Allocate LAG table when in SW LAG mode (Petr Machata) [Orabug: 36680931] - mlxsw: spectrum_pgt: Generalize PGT allocation (Petr Machata) [Orabug: 36680931] - mlxsw: spectrum_fid: Allocate PGT for the whole FID family in one go (Petr Machata) [Orabug: 36680931] - mlxsw: pci: Permit toggling LAG mode (Petr Machata) [Orabug: 36680931] - mlxsw: core, pci: Add plumbing related to LAG mode (Petr Machata) [Orabug: 36680931] - mlxsw: cmd: Add QUERY_FW.lag_mode_support (Petr Machata) [Orabug: 36680931] - mlxsw: cmd: Add CONFIG_PROFILE.{set_, }lag_mode (Petr Machata) [Orabug: 36680931] - mlxsw: cmd: Fix omissions in CONFIG_PROFILE field names in comments (Petr Machata) [Orabug: 36680931] - mlxsw: reg: Add SGCR.lag_lookup_pgt_base (Petr Machata) [Orabug: 36680931] - mlxsw: reg: Drop SGCR.llb (Petr Machata) [Orabug: 36680931] - net/mlx5: devlink health: use retained error fmsg API (Przemek Kitszel) [Orabug: 36680931] - mlxsw: core: devlink health: use retained error fmsg API (Przemek Kitszel) [Orabug: 36680931] - net/mlx5e: Allow IPsec soft/hard limits in bytes (Leon Romanovsky) [Orabug: 36680931] - net/mlx5e: Increase max supported channels number to 256 (Adham Faris) [Orabug: 36680931] - net/mlx5e: Preparations for supporting larger number of channels (Adham Faris) [Orabug: 36680931] - net/mlx5e: Refactor mlx5e_rss_init() and mlx5e_rss_free() API's (Adham Faris) [Orabug: 36680931] - net/mlx5e: Refactor mlx5e_rss_set_rxfh() and mlx5e_rss_get_rxfh() (Adham Faris) [Orabug: 36680931] - net/mlx5e: Refactor rx_res_init() and rx_res_free() APIs (Adham Faris) [Orabug: 36680931] - net/mlx5e: Use PTR_ERR_OR_ZERO() to simplify code (Yu Liao) [Orabug: 36680931] - net/mlx5: Use PTR_ERR_OR_ZERO() to simplify code (Jinjie Ruan) [Orabug: 36680931] - net/mlx5: fix config name in Kconfig parameter documentation (Lukas Bulwahn) [Orabug: 36680931] - net/mlx5: Remove unused declaration (Yue Haibing) [Orabug: 36680931] - net/mlx5: Replace global mlx5_intf_lock with HCA devcom component lock (Shay Drory) [Orabug: 36680931] - net/mlx5: Refactor LAG peer device lookout bus logic to mlx5 devcom (Shay Drory) [Orabug: 36680931] - net/mlx5: Avoid false positive lockdep warning by adding lock_class_key (Shay Drory) [Orabug: 36680931] - net/mlx5: Redesign SF active work to remove table_lock (Wei Zhang) [Orabug: 36680931] - net/mlx5: Parallelize vhca event handling (Wei Zhang) [Orabug: 36680931] - net/mlx4_core: replace deprecated strncpy with strscpy (Justin Stitt) [Orabug: 36680931] - mlxsw: pci: Allocate skbs using GFP_KERNEL during initialization (Ido Schimmel) [Orabug: 36680931] - mlxsw: spectrum_ethtool: Fix -Wformat-truncation warning (Ido Schimmel) [Orabug: 36680931] - mlxsw: core_thermal: Fix -Wformat-truncation warning (Ido Schimmel) [Orabug: 36680931] - platform: mellanox: Fix misspelling error in routine name (Vadim Pasternak) [Orabug: 36680931] - platform: mellanox: Rename some init()/exit() functions for consistent naming (Vadim Pasternak) [Orabug: 36680931] - mlxsw: core_acl_flex_keys: Fill blocks with high entropy first (Amit Cohen) [Orabug: 36680931] - mlxsw: core_acl_flex_keys: Save chosen elements in all blocks per search (Amit Cohen) [Orabug: 36680931] - mlxsw: core_acl_flex_keys: Save chosen elements per block (Amit Cohen) [Orabug: 36680931] - mlxsw: core_acl_flex_keys: Add a bitmap to save which blocks are chosen (Amit Cohen) [Orabug: 36680931] - mlxsw: Mark high entropy key blocks (Amit Cohen) [Orabug: 36680931] - mlx5: Fix type of mode parameter in mlx5_dpll_device_mode_get() (Nathan Chancellor) [Orabug: 36680931] - mlxsw: spectrum_span: Annotate struct mlxsw_sp_span with __counted_by (Kees Cook) [Orabug: 36680931] - mlxsw: spectrum_router: Annotate struct mlxsw_sp_nexthop_group_info with __counted_by (Kees Cook) [Orabug: 36680931] - mlxsw: spectrum: Annotate struct mlxsw_sp_counter_pool with __counted_by (Kees Cook) [Orabug: 36680931] - mlxsw: core: Annotate struct mlxsw_env with __counted_by (Kees Cook) [Orabug: 36680931] - mlxsw: Annotate struct mlxsw_linecards with __counted_by (Kees Cook) [Orabug: 36680931] - IB/hfi1: Annotate struct tid_rb_node with __counted_by (Kees Cook) [Orabug: 36680931] - net/mlx5: Handle IPsec steering upon master unbind/bind (Patrisious Haddad) [Orabug: 36680931] - net/mlx5: Configure IPsec steering for ingress RoCEv2 MPV traffic (Patrisious Haddad) [Orabug: 36680931] - net/mlx5: Configure IPsec steering for egress RoCEv2 MPV traffic (Patrisious Haddad) [Orabug: 36680931] - net/mlx5: Add create alias flow table function to ipsec roce (Patrisious Haddad) [Orabug: 36680931] - net/mlx5: Implement alias object allow and create functions (Patrisious Haddad) [Orabug: 36680931] - net/mlx5: Add alias flow table bits (Patrisious Haddad) [Orabug: 36680931] - net/mlx5: Store devcom pointer inside IPsec RoCE (Patrisious Haddad) [Orabug: 36680931] - net/mlx5: Register mlx5e priv to devcom in MPV mode (Patrisious Haddad) [Orabug: 36680931] - RDMA/mlx5: Send events from IB driver about device affiliation state (Patrisious Haddad) [Orabug: 36680931] - mlxsw: i2c: Utilize standard macros for dividing buffer into chunks (Vadim Pasternak) [Orabug: 36680931] - mlxsw: core: Extend allowed list of external cooling devices for thermal zone binding (Vadim Pasternak) [Orabug: 36680931] - mlxsw: reg: Limit MTBR register payload to a single data record (Vadim Pasternak) [Orabug: 36680931] - platform/x86: mlx-platform: Convert to platform remove callback returning void (Uwe Kleine-Konig) [Orabug: 36680931] - platform/mellanox: nvsw-sn2201: Convert to platform remove callback returning void (Uwe Kleine-Konig) [Orabug: 36680931] - platform/mellanox: mlxreg-lc: Convert to platform remove callback returning void (Uwe Kleine-Konig) [Orabug: 36680931] - platform/mellanox: mlxreg-io: Convert to platform remove callback returning void (Uwe Kleine-Konig) [Orabug: 36680931] - platform/mellanox: mlxreg-hotplug: Convert to platform remove callback returning void (Uwe Kleine-Konig) [Orabug: 36680931] - platform/mellanox: mlxbf-bootctl: Convert to platform remove callback returning void (Uwe Kleine-Konig) [Orabug: 36680931] - RDMA/ipoib: Add support for XDR speed in ethtool (Patrisious Haddad) [Orabug: 36680931] - IB/mlx5: Adjust mlx5 rate mapping to support 800Gb (Patrisious Haddad) [Orabug: 36680931] - IB/mlx5: Rename 400G_8X speed to comply to naming convention (Patrisious Haddad) [Orabug: 36680931] - IB/mlx5: Add support for 800G_8X lane speed (Patrisious Haddad) [Orabug: 36680931] - IB/mlx5: Expose XDR speed through MAD (Or Har-Toov) [Orabug: 36680931] - IB/core: Add support for XDR link speed (Or Har-Toov) [Orabug: 36680931] - mlxsw: Edit IPv6 key blocks to use one less block for multicast forwarding (Amit Cohen) [Orabug: 36680931] - mlxsw: spectrum_acl_flex_keys: Add 'ipv4_5b' flex key (Amit Cohen) [Orabug: 36680931] - mlxsw: Add 'ipv4_5' flex key (Amit Cohen) [Orabug: 36680931] - net: ethernet: mellanox: Convert to platform remove callback returning void (Uwe Kleine-Konig) [Orabug: 36680931] - net/mlx5: Enable 4 ports multiport E-switch (Shay Drory) [Orabug: 36680931] - net/mlx5: Add a health error syndrome for pci data poisoned (Moshe Shemesh) [Orabug: 36680931] - net/mlx5: DR, Handle multi destination action in the right order (Erez Shitrit) [Orabug: 36680931] - net/mlx5: DR, Add check for multi destination FTE (Erez Shitrit) [Orabug: 36680931] - net/mlx5: Bridge, Enable mcast in smfs steering mode (Erez Shitrit) [Orabug: 36680931] - net/mlx5e: Check police action rate for matchall filter (Jianbo Liu) [Orabug: 36680931] - net/mlx5e: Consider aggregated port speed during rate configuration (Jianbo Liu) [Orabug: 36680931] - net/mlx5: Remove redundant max_sfs check and field from struct mlx5_sf_dev_table (Jiri Pirko) [Orabug: 36680931] - net/mlx5: Remove SF table reference counting (Jiri Pirko) [Orabug: 36680931] - net/mlx5: Push common deletion code into mlx5_sf_del() (Jiri Pirko) [Orabug: 36680931] - net/mlx5: Rename mlx5_sf_deactivate_all() to mlx5_sf_del_all() (Jiri Pirko) [Orabug: 36680931] - net/mlx5: Move state lock taking into mlx5_sf_dealloc() (Jiri Pirko) [Orabug: 36680931] - net/mlx5: Convert SF port_indices xarray to function_ids xarray (Jiri Pirko) [Orabug: 36680931] - net/mlx5: Use devlink port pointer to get the pointer of container SF struct (Jiri Pirko) [Orabug: 36680931] - net/mlx5: Call mlx5_sf_id_erase() once in mlx5_sf_dealloc() (Jiri Pirko) [Orabug: 36680931] - net/mlx5e: Set en auxiliary devlink instance as nested (Jiri Pirko) [Orabug: 36680931] - net/mlx5: SF, Implement peer devlink set for SF representor devlink port (Jiri Pirko) [Orabug: 36680931] - net/mlx5: Lift reload limitation when SFs are present (Jiri Pirko) [Orabug: 36680931] - net/mlx5: Disable eswitch as the first thing in mlx5_unload() (Jiri Pirko) [Orabug: 36680931] - mlx5: Implement SyncE support using DPLL infrastructure (Jiri Pirko) [Orabug: 36680931] - uapi: stddef.h: Fix header guard location (Alexey Dobriyan) [Orabug: 36680931] - Compiler Attributes: counted_by: Adjust name and identifier expansion (Kees Cook) [Orabug: 36680931] - Compiler Attributes: Add __counted_by macro (Kees Cook) [Orabug: 36680931] - netdevsim: fix memory leak in nsim_bus_dev_new() (Zhengchao Shao) [Orabug: 36680931] - IB/mlx5: Expose NDR speed through MAD (Maher Sanalla) [Orabug: 36680931] - devlink: Fix length of eswitch inline-mode (William Tu) [Orabug: 36680931] - devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (Jiri Pirko) [Orabug: 36680931] - tools: ynl-gen: always construct struct ynl_req_state (Jakub Kicinski) [Orabug: 36680931] - tools: ynl: fix duplicate op name in devlink (Jakub Kicinski) [Orabug: 36680931] - netlink: specs: devlink: add forgotten port function caps enum values (Jiri Pirko) [Orabug: 36680931] - netlink: specs: devlink: add the remaining command to generate complete split_ops (Jiri Pirko) [Orabug: 36680931] - netlink: specs: remove redundant type keys from attributes in subsets (Jiri Pirko) [Orabug: 36680931] - devlink: remove netlink small_ops (Jiri Pirko) [Orabug: 36680931] - devlink: remove duplicated netlink callback prototypes (Jiri Pirko) [Orabug: 36680931] - devlink: rename netlink callback to be aligned with the generated ones (Jiri Pirko) [Orabug: 36680931] - devlink: make devlink_flash_overwrite enum named one (Jiri Pirko) [Orabug: 36680931] - netlink: specs: devlink: make dont-validate single line (Jiri Pirko) [Orabug: 36680931] - netlink: specs: devlink: remove reload-action from devlink-get cmd reply (Jiri Pirko) [Orabug: 36680931] - tools: ynl-gen: render rsp_parse() helpers if cmd has only dump op (Jiri Pirko) [Orabug: 36680931] - genetlink: don't merge dumpit split op for different cmds into single iter (Jiri Pirko) [Orabug: 36680931] - Revert 'tools: ynl-gen: always construct struct ynl_req_state' (Qing Huang) [Orabug: 36680931] - staging: qlge: devlink health: use retained error fmsg API (Przemek Kitszel) [Orabug: 36680931] - qed: devlink health: use retained error fmsg API (Przemek Kitszel) [Orabug: 36680931] - octeontx2-af: devlink health: use retained error fmsg API (Przemek Kitszel) [Orabug: 36680931] - hinic: devlink health: use retained error fmsg API (Przemek Kitszel) [Orabug: 36680931] - netdevsim: devlink health: use retained error fmsg API (Przemek Kitszel) [Orabug: 36680931] - devlink: retain error in struct devlink_fmsg (Przemek Kitszel) [Orabug: 36680931] - devlink: document devlink_rel_nested_in_notify() function (Jiri Pirko) [Orabug: 36680931] - Documentation: devlink: add a note about RTNL lock into locking section (Jiri Pirko) [Orabug: 36680931] - Documentation: devlink: add nested instance section (Jiri Pirko) [Orabug: 36680931] - devlink: don't take instance lock for nested handle put (Jiri Pirko) [Orabug: 36680931] - devlink: take device reference for devlink object (Jiri Pirko) [Orabug: 36680931] - devlink: call peernet2id_alloc() with net pointer under RCU read lock (Jiri Pirko) [Orabug: 36680931] - net: treat possible_net_t net pointer as an RCU one and add read_pnet_rcu() (Jiri Pirko) [Orabug: 36680931] - devlink: introduce possibility to expose info about nested devlinks (Jiri Pirko) [Orabug: 36680931] - devlink: convert linecard nested devlink to new rel infrastructure (Jiri Pirko) [Orabug: 36680931] - devlink: expose peer SF devlink instance (Jiri Pirko) [Orabug: 36680931] - devlink: introduce object and nested devlink relationship infra (Jiri Pirko) [Orabug: 36680931] - devlink: extend devlink_nl_put_nested_handle() with attrtype arg (Jiri Pirko) [Orabug: 36680931] - devlink: move devlink_nl_put_nested_handle() into netlink.c (Jiri Pirko) [Orabug: 36680931] - devlink: put netnsid to nested handle (Jiri Pirko) [Orabug: 36680931] - devlink: move linecard struct into linecard.c (Jiri Pirko) [Orabug: 36680931] - netdev: replace napi_reschedule with napi_schedule (Christian Marangi) [Orabug: 36680931] - net: macb: simplify/cleanup NAPI reschedule checking (Robert Hancock) [Orabug: 36680931] - docs: networking: document NAPI (Jakub Kicinski) [Orabug: 36680931] - ice: Fix broken link in ice NAPI doc (Michal Wilczynski) [Orabug: 36680931] - netdev: make napi_schedule return bool on NAPI successful schedule (Christian Marangi) [Orabug: 36680931] - netdev: replace simple napi_schedule_prep/__napi_schedule to napi_schedule (Christian Marangi) [Orabug: 36680931] - net: Tree wide: Replace xdp_do_flush_map() with xdp_do_flush(). (Sebastian Andrzej Siewior) [Orabug: 36680931] - leds: Convert all platform drivers to return void (Uwe Kleine-Konig) [Orabug: 36680931] - Revert 'net/mlx5e: Fix a race in command alloc flow' (Qing Huang) [Orabug: 36680931] - net/mlx5: E-switch, Change flow rule destination checking (Jianbo Liu) [Orabug: 36680940] - RDMA/mlx5: Expose register c0 for RDMA device (Mark Bloch) [Orabug: 36680940] - net/mlx5: E-Switch, expose eswitch manager vport (Mark Bloch) [Orabug: 36680940] - SUNRPC: add a missing rpc_stat for TCP TLS (Olga Kornievskaia) [Orabug: 36755424] - net/mlx5: offset comp irq index in name by one (Michael Liang) [Orabug: 36760315] - uek-rpm: Enable cluster scheduling domain level in aarch64 kconfig files (Libo Chen) [Orabug: 36473714] - arm64/uek-misc: add a new boot parameter uek=cls to turn on/off CLS sched domain at boot time (Libo Chen) [Orabug: 36473714] - topology: Remove unused cpu_cluster_mask() (Dietmar Eggemann) [Orabug: 36473714] - topology: make core_mask include at least cluster_siblings (Darren Hart) [Orabug: 36473714] - topology/sysfs: export cluster attributes only if an architectures has support (Heiko Carstens) [Orabug: 36473714] - sched: Add cluster scheduler level in core and related Kconfig for ARM64 (Barry Song) [Orabug: 36473714] - topology: Represent clusters of CPUs within a die (Jonathan Cameron) [Orabug: 36473714] - IB/core: Fix off-by-one attr index in setup_hw_port_stats (Sharath Srinivasan) [Orabug: 36722740] - genirq/msi: msi_desc::msi_index KABI fix for out-of-tree drivers (Qing Huang) [Orabug: 36727160] - mm: Incorrect argument for PAGEFLAG_FALSE (Vijay Kumar) [Orabug: 36101034] - Revert 'RDMA/mlx5: Set MR cache limit for both PF and VF' (Qing Huang) [Orabug: 36466391] - Revert 'net/mlx5: Disable mr_cache for SFs' (Qing Huang) [Orabug: 36466391] - {IB,net}/mlx5: Spread IB CQs more evenly over EQs (Parav Pandit) [Orabug: 26790181] [Orabug: 31556116] [Orabug: 31556117] [Orabug: 36385281] - rds: ib: fix non-determinism when comp_vector is zero (Hakon Bugge) [Orabug: 33679626] [Orabug: 36385281] - net/mlx4: fix non-determinism when comp_vector is zero (Hakon Bugge) [Orabug: 33679626] [Orabug: 36385281] - IB/core: Introduce IB_CQ_FORCE_ZERO_CV (Hakon Bugge) [Orabug: 33679626] [Orabug: 36385281] - net: netdevsim: don't try to destroy PHC on VFs (Jakub Kicinski) [Orabug: 36385281] - tools: ynl: don't ignore errors in NLMSG_DONE messages (Jakub Kicinski) [Orabug: 36385281] - platform/x86: mlx-platform: Add dependency on PCI to Kconfig (Vadim Pasternak) [Orabug: 36385281] - net/mlx5: Free used cpus mask when an IRQ is released (Maher Sanalla) [Orabug: 36385281] - RDMA/mlx5: Fix mkey cache WQ flush (Moshe Shemesh) [Orabug: 36385281] - net/mlx5e: Fix VF representors reporting zero counters to 'ip -s' command (Amir Tzin) [Orabug: 36385281] - net/mlx5e: Don't offload internal port if filter device is out device (Jianbo Liu) [Orabug: 36385281] - net/mlx5: Bridge, fix peer entry ageing in LAG mode (Vlad Buslov) [Orabug: 36385281] - net/mlx5: E-switch, register event handler before arming the event (Shay Drory) [Orabug: 36385281] - net/mlx5: Perform DMA operations in the right locations (Shay Drory) [Orabug: 36385281] - net/mlx5e: macsec: use update_pn flag instead of PN comparation (Radu Pirea (NXP OSS)) [Orabug: 36385281] - platform: mellanox: Fix a resource leak in an error handling path in probing flow (Vadim Pasternak) [Orabug: 36385281] - RDMA/mlx5: Remove not-used cache disable flag (Leon Romanovsky) [Orabug: 36385281] - RDMA/mlx5: Implement mkeys management via LIFO queue (Shay Drory) [Orabug: 36385281] - RDMA/mlx5: Fix mkey cache possible deadlock on cleanup (Shay Drory) [Orabug: 36385281] - RDMA/mlx5: Fix mutex unlocking on error flow for steering anchor creation (Hamdan Igbaria) [Orabug: 36385281] - power: reset: use capital 'OR' for multiple licenses in SPDX (Krzysztof Kozlowski) [Orabug: 36385281] - platform/mellanox: NVSW_SN2201 should depend on ACPI (Geert Uytterhoeven) [Orabug: 36385281] - mlx5/core: E-Switch, Create ACL FT for eswitch manager in switchdev mode (Bodong Wang) [Orabug: 36385281] - net/mlx5e: Clear mirred devices array if the rule is split (Jianbo Liu) [Orabug: 36385281] - net/mlx5: Implement devlink port function cmds to control ipsec_packet (Dima Chumak) [Orabug: 36385281] - net/mlx5: Implement devlink port function cmds to control ipsec_crypto (Dima Chumak) [Orabug: 36385281] - net/mlx5: Provide an interface to block change of IPsec capabilities (Leon Romanovsky) [Orabug: 36385281] - net/mlx5: Add IFC bits to support IPsec enable/disable (Leon Romanovsky) [Orabug: 36385281] - net/mlx5e: Rewrite IPsec vs. TC block interface (Leon Romanovsky) [Orabug: 36385281] - net/mlx5: Drop extra layer of locks in IPsec (Leon Romanovsky) [Orabug: 36385281] - i2c: mlxcpld: Add support for extended transaction length (Vadim Pasternak) [Orabug: 36385281] - mlxsw: core_hwmon: Adjust module label names based on MTCAP sensor counter (Vadim Pasternak) [Orabug: 36385281] - platform: mellanox: nvsw-sn2201: change fans i2c busses. (Michael Shych) [Orabug: 36385281] - platform: mellanox: mlxreg-hotplug: Extend condition for notification callback processing (Vadim Pasternak) [Orabug: 36385281] - platform: mellanox: Add initial support for PCIe based programming logic device (Vadim Pasternak) [Orabug: 36385281] - platform: mellanox: mlx-platform: Get interrupt line through ACPI (Vadim Pasternak) [Orabug: 36385281] - platform: mellanox: mlx-platform: Introduce ACPI init flow (Vadim Pasternak) [Orabug: 36385281] - platform: mellanox: mlx-platform: Prepare driver to allow probing through ACPI infrastructure (Vadim Pasternak) [Orabug: 36385281] - platform: mellanox: mlx-platform: Add reset callback (Vadim Pasternak) [Orabug: 36385281] - platform: mellanox: Cosmetic changes (Vadim Pasternak) [Orabug: 36385281] - platform: mellanox: mlx-platform: Modify power off callback (Vadim Pasternak) [Orabug: 36385281] - platform: mellanox: mlx-platform: add support for additional CPLD (Vadim Pasternak) [Orabug: 36385281] - platform: mellanox: mlx-platform: Add reset cause attribute (Vadim Pasternak) [Orabug: 36385281] - platform: mellanox: mlx-platform: Modify health and power hotplug action (Vadim Pasternak) [Orabug: 36385281] - platform: mellanox: Modify reset causes description (Vadim Pasternak) [Orabug: 36385281] - platform: mellanox: Add field upgrade capability register (Vadim Pasternak) [Orabug: 36385281] - platform: mellanox: Add new attributes (Vadim Pasternak) [Orabug: 36385281] - mlx4: Delete custom device management logic (Petr Pavlu) [Orabug: 36385281] - mlx4: Connect the infiniband part to the auxiliary bus (Petr Pavlu) [Orabug: 36385281] - mlx4: Connect the ethernet part to the auxiliary bus (Petr Pavlu) [Orabug: 36385281] - mlx4: Register mlx4 devices to an auxiliary virtual bus (Petr Pavlu) [Orabug: 36385281] - mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (Petr Pavlu) [Orabug: 36385281] - mlx4: Move the bond work to the core driver (Petr Pavlu) [Orabug: 36385281] - mlx4: Get rid of the mlx4_interface.activate callback (Petr Pavlu) [Orabug: 36385281] - mlx4: Replace the mlx4_interface.event callback with a notifier (Petr Pavlu) [Orabug: 36385281] - mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (Petr Pavlu) [Orabug: 36385281] - mlx4: Rename member mlx4_en_dev.nb to netdev_nb (Petr Pavlu) [Orabug: 36385281] - mlx4: Get rid of the mlx4_interface.get_dev callback (Petr Pavlu) [Orabug: 36385281] - net/mlx5e: Support IPsec upper TCP protocol selector (Leon Romanovsky) [Orabug: 36385281] - net/mlx5e: Support IPsec upper protocol selector field offload for RX (Emeel Hakim) [Orabug: 36385281] - net/mlx5: Store vport in struct mlx5_devlink_port and use it in port ops (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Check vhca_resource_manager capability in each op and add extack msg (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Relax mlx5_devlink_eswitch_get() return value checking (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Return -EOPNOTSUPP in mlx5_devlink_port_fn_migratable_set() directly (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Reduce number of vport lookups passing vport pointer instead of index (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Embed struct devlink_port into driver structure (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Don't register ops for non-PF/VF/SF port and avoid checks in ops (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Remove no longer used mlx5_esw_offloads_sf_vport_enable/disable() (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Introduce mlx5_eswitch_load/unload_sf_vport() and use it from SF code (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Allow mlx5_esw_offloads_devlink_port_register() to register SFs (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Push devlink port PF/VF init/cleanup calls out of devlink_port_register/unregister() (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Push out SF devlink port init and cleanup code to separate helpers (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Rework devlink port alloc/free into init/cleanup (Jiri Pirko) [Orabug: 36385281] - RDMA/mlx5: Fix trailing */ formatting in block comment (Rohit Chavan) [Orabug: 36385281] - net/mlx5: Convert PCI error values to generic errnos (Ilpo Jarvinen) [Orabug: 36385281] - net/mlx5: Devcom, only use devcom after NULL check in mlx5_devcom_send_event() (Li Zetao) [Orabug: 36385281] - net/mlx5: DR, Supporting inline WQE when possible (Itamar Gozlan) [Orabug: 36385281] - net/mlx5: Rename devlink port ops struct for PFs/VFs (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Remove VPORT_UPLINK handling from devlink_port.c (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Call mlx5_esw_offloads_rep_load/unload() for uplink port directly (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Update dead links in Kconfig documentation (Rahul Rameshbabu) [Orabug: 36385281] - net/mlx5: Remove health syndrome enum duplication (Gal Pressman) [Orabug: 36385281] - net/mlx5: DR, Remove unneeded local variable (Yevgeny Kliteynik) [Orabug: 36385281] - net/mlx5: DR, Fix code indentation (Yevgeny Kliteynik) [Orabug: 36385281] - net/mlx5: IRQ, consolidate irq and affinity mask allocation (Saeed Mahameed) [Orabug: 36385281] - net/mlx5e: Fix spelling mistake 'Faided' -> 'Failed' (Colin Ian King) [Orabug: 36385281] - net/mlx5e: aRFS, Introduce ethtool stats (Adham Faris) [Orabug: 36385281] - net/mlx5e: aRFS, Warn if aRFS table does not exist for aRFS rule (Adham Faris) [Orabug: 36385281] - net/mlx5e: aRFS, Prevent repeated kernel rule migrations requests (Adham Faris) [Orabug: 36385281] - RDMA/mlx5: Handles RoCE MACsec steering rules addition and deletion (Patrisious Haddad) [Orabug: 36385281] - net/mlx5: Add RoCE MACsec steering infrastructure in core (Patrisious Haddad) [Orabug: 36385281] - net/mlx5: Configure MACsec steering for ingress RoCEv2 traffic (Patrisious Haddad) [Orabug: 36385281] - net/mlx5: Configure MACsec steering for egress RoCEv2 traffic (Patrisious Haddad) [Orabug: 36385281] - net/mlx5: Add MACsec priorities in RDMA namespaces (Patrisious Haddad) [Orabug: 36385281] - RDMA/mlx5: Implement MACsec gid addition and deletion (Patrisious Haddad) [Orabug: 36385281] - net/mlx5: Maintain fs_id xarray per MACsec device inside macsec steering (Patrisious Haddad) [Orabug: 36385281] - net/mlx5: Remove netdevice from MACsec steering (Patrisious Haddad) [Orabug: 36385281] - net/mlx5e: Move MACsec flow steering and statistics database from ethernet to core (Patrisious Haddad) [Orabug: 36385281] - net/mlx5e: Rename MACsec flow steering functions/parameters to suit core naming style (Patrisious Haddad) [Orabug: 36385281] - net/mlx5: Remove dependency of macsec flow steering on ethernet (Patrisious Haddad) [Orabug: 36385281] - net/mlx5e: Move MACsec flow steering operations to be used as core library (Patrisious Haddad) [Orabug: 36385281] - RDMA/mlx4: Copy union directly (Gustavo A. R. Silva) [Orabug: 36385281] - mmc: sdhci-of-dwcmshc: Convert to platform remove callback returning void (Yangtao Li) [Orabug: 36385281] - net/mlx5: Don't query MAX caps twice (Shay Drory) [Orabug: 36385281] - net/mlx5: Remove unused MAX HCA capabilities (Shay Drory) [Orabug: 36385281] - net/mlx5: Remove unused CAPs (Shay Drory) [Orabug: 36385281] - net/mlx5: Fix error message in mlx5_sf_dev_state_change_handler() (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Remove redundant check of mlx5_vhca_event_supported() (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Use mlx5_sf_start_function_id() helper instead of directly calling MLX5_CAP_GEN() (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Remove redundant SF supported check from mlx5_sf_hw_table_init() (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Use auxiliary_device_uninit() instead of device_put() (Jiri Pirko) [Orabug: 36385281] - net/mlx5: E-switch, Add checking for flow rule destinations (Jianbo Liu) [Orabug: 36385281] - net/mlx5: Check with FW that sync reset completed successfully (Moshe Shemesh) [Orabug: 36385281] - net/mlx5: Expose max possible SFs via devlink resource (Shay Drory) [Orabug: 36385281] - net/mlx5e: Add recovery flow for tx devlink health reporter for unhealthy PTP SQ (Rahul Rameshbabu) [Orabug: 36385281] - net/mlx5e: Make tx_port_ts logic resilient to out-of-order CQEs (Rahul Rameshbabu) [Orabug: 36385281] - net/mlx5: Consolidate devlink documentation in devlink/mlx5.rst (Rahul Rameshbabu) [Orabug: 36385281] - i2c: mlxbf: Use devm_platform_get_and_ioremap_resource() (Yangtao Li) [Orabug: 36385281] - mlxsw: spectrum: Stop ignoring learning notifications from redirected traffic (Ido Schimmel) [Orabug: 36385281] - mlxsw: spectrum_flower: Disable learning and security lookup when redirecting (Ido Schimmel) [Orabug: 36385281] - mlxsw: core_acl_flex_actions: Add IGNORE_ACTION (Ido Schimmel) [Orabug: 36385281] - i2c: mlxbf: Use dev_err_probe in probe function (Liao Chang) [Orabug: 36385281] - net: netdevsim: mimic tc-taprio offload (Vladimir Oltean) [Orabug: 36385281] - net: netdevsim: use mock PHC driver (Vladimir Oltean) [Orabug: 36385281] - net/mlx5: Expose NIC temperature via hardware monitoring kernel API (Adham Faris) [Orabug: 36385281] - net/mlx5: Expose port.c/mlx5_query_module_num() function (Adham Faris) [Orabug: 36385281] - selftests: mlxsw: router_bridge_lag: Add a new selftest (Petr Machata) [Orabug: 36385281] - mlxsw: Set port STP state on bridge enslavement (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum_switchdev: Use is_zero_ether_addr() instead of ether_addr_equal() (Ruan Jinjie) [Orabug: 36385281] - mlxbf_gige: Remove two unused function declarations (Yue Haibing) [Orabug: 36385281] - rtnetlink: remove redundant checks for nlattr IFLA_BRIDGE_MODE (Lin Ma) [Orabug: 36385281] - net/mlx5: Bridge, Only handle registered netdev bridge events (Roi Dayan) [Orabug: 36385281] - net/mlx5: E-Switch, Remove redundant arg ignore_flow_lvl (Roi Dayan) [Orabug: 36385281] - net/mlx5: Fix typo reminder -> remainder (Gal Pressman) [Orabug: 36385281] - net/mlx5: remove many unnecessary NULL values (Ruan Jinjie) [Orabug: 36385281] - net/mlx5: Allocate completion EQs dynamically (Maher Sanalla) [Orabug: 36385281] - net/mlx5: Handle SF IRQ request in the absence of SF IRQ pool (Maher Sanalla) [Orabug: 36385281] - net/mlx5: Rename mlx5_comp_vectors_count() to mlx5_comp_vectors_max() (Maher Sanalla) [Orabug: 36385281] - net/mlx5: Add IRQ vector to CPU lookup function (Maher Sanalla) [Orabug: 36385281] - net/mlx5: Introduce mlx5_cpumask_default_spread (Maher Sanalla) [Orabug: 36385281] - net/mlx5: Implement single completion EQ create/destroy methods (Maher Sanalla) [Orabug: 36385281] - net/mlx5: Use xarray to store and manage completion EQs (Maher Sanalla) [Orabug: 36385281] - net/mlx5: Refactor completion IRQ request/release handlers in EQ layer (Maher Sanalla) [Orabug: 36385281] - net/mlx5: Use xarray to store and manage completion IRQs (Maher Sanalla) [Orabug: 36385281] - net/mlx5: Refactor completion IRQ request/release API (Maher Sanalla) [Orabug: 36385281] - net/mlx5: Track the current number of completion EQs (Maher Sanalla) [Orabug: 36385281] - mlxsw: spectrum: Remove unused function declarations (Yue Haibing) [Orabug: 36385281] - net/mlx4: Remove many unnecessary NULL values (Ruan Jinjie) [Orabug: 36385281] - net/mlx5e: Make TC and IPsec offloads mutually exclusive on a netdev (Jianbo Liu) [Orabug: 36385281] - net/mlx5e: Add get IPsec offload stats for uplink representor (Jianbo Liu) [Orabug: 36385281] - net/mlx5e: Modify and restore TC rules for IPSec TX rules (Jianbo Liu) [Orabug: 36385281] - net/mlx5e: Make IPsec offload work together with eswitch and TC (Jianbo Liu) [Orabug: 36385281] - net/mlx5: Compare with old_dest param to modify rule destination (Jianbo Liu) [Orabug: 36385281] - net/mlx5e: Support IPsec packet offload for TX in switchdev mode (Jianbo Liu) [Orabug: 36385281] - net/mlx5e: Refactor IPsec TX tables creation (Jianbo Liu) [Orabug: 36385281] - net/mlx5e: Handle IPsec offload for RX datapath in switchdev mode (Jianbo Liu) [Orabug: 36385281] - net/mlx5e: Support IPsec packet offload for RX in switchdev mode (Jianbo Liu) [Orabug: 36385281] - net/mlx5e: Refactor IPsec RX tables creation and destruction (Jianbo Liu) [Orabug: 36385281] - net/mlx5e: Prepare IPsec packet offload for switchdev mode (Jianbo Liu) [Orabug: 36385281] - net/mlx5e: Change the parameter of IPsec RX skb handle function (Jianbo Liu) [Orabug: 36385281] - net/mlx5e: Add function to get IPsec offload namespace (Jianbo Liu) [Orabug: 36385281] - selftests: mlxsw: rif_bridge: Add a new selftest (Petr Machata) [Orabug: 36385281] - selftests: mlxsw: rif_lag_vlan: Add a new selftest (Petr Machata) [Orabug: 36385281] - selftests: mlxsw: rif_lag: Add a new selftest (Petr Machata) [Orabug: 36385281] - IB/mlx5: Add HW counter called rx_dct_connect (Shetu Ayalew) [Orabug: 36385281] - RDMA/mlx: Remove unnecessary variable initializations (Ruan Jinjie) [Orabug: 36385281] - mlxsw: spectrum_router: IPv6 events: Use tracker helpers to hold & put netdevices (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum_router: RIF: Use tracker helpers to hold & put netdevices (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum_router: hw_stats: Use tracker helpers to hold & put netdevices (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum_router: FIB: Use tracker helpers to hold & put netdevices (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum_switchdev: Use tracker helpers to hold & put netdevices (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum_nve: Do not take reference when looking up netdevice (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum: Drop unused functions mlxsw_sp_port_lower_dev_hold/_put() (Petr Machata) [Orabug: 36385281] - leds: Explicitly include correct DT includes (Rob Herring) [Orabug: 36385281] - net/mlx5: Fix flowhash key set/get for custom RSS (Joe Damato) [Orabug: 36385281] - net/mlx5: Give esw_offloads_load/unload_rep() 'mlx5_' prefix (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Make mlx5_eswitch_load/unload_vport() static (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Make mlx5_esw_offloads_rep_load/unload() static (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Remove pointless devlink_rate checks (Jiri Pirko) [Orabug: 36385281] - net/mlx5: Don't check vport->enabled in port ops (Jiri Pirko) [Orabug: 36385281] - net/mlx5e: Make flow classification filters static (Parav Pandit) [Orabug: 36385281] - net/mlx5e: Remove duplicate code for user flow (Parav Pandit) [Orabug: 36385281] - net/mlx5: Allocate command stats with xarray (Shay Drory) [Orabug: 36385281] - net/mlx5: split mlx5_cmd_init() to probe and reload routines (Shay Drory) [Orabug: 36385281] - net/mlx5: Remove redundant cmdif revision check (Shay Drory) [Orabug: 36385281] - net/mlx5: Re-organize mlx5_cmd struct (Shay Drory) [Orabug: 36385281] - net/mlx5e: E-Switch, Allow devcom initialization on more vports (Roi Dayan) [Orabug: 36385281] - net/mlx5e: E-Switch, Register devcom device with switch id key (Roi Dayan) [Orabug: 36385281] - net/mlx5: Devcom, Infrastructure changes (Roi Dayan) [Orabug: 36385281] - net/mlx5: Use shared code for checking lag is supported (Roi Dayan) [Orabug: 36385281] - net/mlx4: clean up a type issue (Dan Carpenter) [Orabug: 36385281] - mlxsw: core_env: Read transceiver module EEPROM in 128 bytes chunks (Ido Schimmel) [Orabug: 36385281] - mlxsw: reg: Increase Management Cable Info Access Register length (Ido Schimmel) [Orabug: 36385281] - mlxsw: reg: Remove unused function argument (Ido Schimmel) [Orabug: 36385281] - mlxsw: reg: Add Management Capabilities Mask Register (Amit Cohen) [Orabug: 36385281] - mlxsw: reg: Move 'mpsc' definition in 'mlxsw_reg_infos' (Amit Cohen) [Orabug: 36385281] - platform: Explicitly include correct DT includes (Rob Herring) [Orabug: 36385281] - net/mlx5e: Support IPsec NAT-T functionality (Leon Romanovsky) [Orabug: 36385281] - net/mlx5e: Check for IPsec NAT-T support (Leon Romanovsky) [Orabug: 36385281] - net/mlx5: Add relevant capabilities bits to support NAT-T (Leon Romanovsky) [Orabug: 36385281] - sch_htb: Allow HTB quantum parameter in offload mode (Naveen Mamindlapalli) [Orabug: 36385281] - mlxsw: spectrum: Permit enslavement to netdevices with uppers (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum_router: Replay IP NETDEV_UP on device deslavement (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum_router: Replay IP NETDEV_UP on device enslavement (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum_router: Replay neighbours when RIF is made (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum_router: Replay MACVLANs when RIF is made (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum_router: Offload ethernet nexthops when RIF is made (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum_router: Join RIFs of LAG upper VLANs (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum_switchdev: Replay switchdev objects on port join (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum: On port enslavement to a LAG, join upper's bridges (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum: Add a replay_deslavement argument to event handlers (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum: Allow event handlers to check unowned bridges (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum: Split a helper out of mlxsw_sp_netdevice_event() (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum_router: Extract a helper to schedule neighbour work (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum_router: Allow address handlers to run on bridge ports (Petr Machata) [Orabug: 36385281] - selftests: mlxsw: rtnetlink: Drop obsolete tests (Petr Machata) [Orabug: 36385281] - net: switchdev: Add a helper to replay objects on a bridge port (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum_switchdev: Manage RIFs on PVID change (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum_router: mlxsw_sp_inetaddr_bridge_event: Add an argument (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum_router: Adjust mlxsw_sp_inetaddr_vlan_event() coding style (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum_router: Take VID for VLAN FIDs from RIF params (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum_router: Pass struct mlxsw_sp_rif_params to fid_get (Petr Machata) [Orabug: 36385281] - mlxsw: spectrum_switchdev: Pass extack to mlxsw_sp_br_ban_rif_pvid_change() (Petr Machata) [Orabug: 36385281] - netdevsim: add dummy macsec offload (Sabrina Dubroca) [Orabug: 36385281] - selftests: mlxsw: Test port range registers' occupancy (Ido Schimmel) [Orabug: 36385281] - selftests: mlxsw: Add scale test for port ranges (Ido Schimmel) [Orabug: 36385281] - mlxsw: spectrum_flower: Add ability to match on port ranges (Ido Schimmel) [Orabug: 36385281] - mlxsw: spectrum_acl: Pass main driver structure to mlxsw_sp_acl_rulei_destroy() (Ido Schimmel) [Orabug: 36385281] - mlxsw: spectrum_acl: Add port range key element (Ido Schimmel) [Orabug: 36385281] - mlxsw: spectrum_port_range: Add devlink resource support (Ido Schimmel) [Orabug: 36385281] - mlxsw: spectrum_port_range: Add port range core (Ido Schimmel) [Orabug: 36385281] - mlxsw: resource: Add resource identifier for port range registers (Ido Schimmel) [Orabug: 36385281] - mlxsw: reg: Add Policy-Engine Port Range Register (Ido Schimmel) [Orabug: 36385281] - RDMA/mlx5: align MR mem allocation size to power-of-two (Yuanyuan Zhong) [Orabug: 36385281] - RDMA/mlx5: Fix Q-counters query in LAG mode (Patrisious Haddad) [Orabug: 36385281] - RDMA/mlx5: Remove vport Q-counters dependency on normal Q-counters (Patrisious Haddad) [Orabug: 36385281] - RDMA/mlx5: Fix Q-counters per vport allocation (Patrisious Haddad) [Orabug: 36385281] - RDMA/mlx5: Expand switchdev Q-counters to expose representor statistics (Patrisious Haddad) [Orabug: 36385281] - RDMA/mlx5: Use query_special_contexts for mkeys (Or Har-Toov) [Orabug: 36385281] - platform_data/mlxreg: Add field with mapped resource address (Vadim Pasternak) [Orabug: 36385281] - RDMA/mlx4: Remove NULL check before dev_{put, hold} (zhang songyi) [Orabug: 36385281] - platform/chrome: cros_ec: sort header inclusion alphabetically (Tzung-Bi Shih) [Orabug: 36385281] - Documentation: devlink: mlx5.rst: Fix htmldoc build warning (Saeed Mahameed) [Orabug: 36385281] - RDMA/mlx5: Print wc status on CQE error and dump needed (Dust Li) [Orabug: 36385281] - RDMA/mlx4: Use bitmap_alloc() when applicable (Christophe JAILLET) [Orabug: 36385281] - RDMA/mlx5: fix build error with INFINIBAND_USER_ACCESS=n (Arnd Bergmann) [Orabug: 36385281] - RDMA/mlx5: Add optional counter support in get_hw_stats callback (Aharon Landau) [Orabug: 36385281] - RDMA/mlx5: Add modify_op_stat() support (Aharon Landau) [Orabug: 36385281] - RDMA/mlx5: Support optional counters in hw_stats initialization (Aharon Landau) [Orabug: 36385281] - tools: ynl: fix setting presence bits in simple nests (Jakub Kicinski) [Orabug: 36385281] - net: flow_dissector: Use 64bits for used_keys (Ratheesh Kannoth) [Orabug: 36385281] - netfilter: flowtable: Support GRE (Toshiaki Makita) [Orabug: 36385281] - tools: ynl: fix handling of multiple mcast groups (Jakub Kicinski) [Orabug: 36385281] - tools: ynl: don't leak mcast_groups on init error (Jakub Kicinski) [Orabug: 36385281] - tools: ynl: make sure we always pass yarg to mnl_cb_run (Jakub Kicinski) [Orabug: 36385281] - tools: ynl-gen: always construct struct ynl_req_state (Jakub Kicinski) [Orabug: 36385281] - netlink: specs: devlink: fix reply command values (Jiri Pirko) [Orabug: 36385281] - devlink: move devlink_notify_register/unregister() to dev.c (Jiri Pirko) [Orabug: 36385281] - devlink: move small_ops definition into netlink.c (Jiri Pirko) [Orabug: 36385281] - devlink: move tracepoint definitions into core.c (Jiri Pirko) [Orabug: 36385281] - devlink: push linecard related code into separate file (Jiri Pirko) [Orabug: 36385281] - devlink: push rate related code into separate file (Jiri Pirko) [Orabug: 36385281] - devlink: Allow for devlink-rate nodes parent reassignment (Michal Wilczynski) [Orabug: 36385281] - devlink: Introduce new attribute 'tx_weight' to devlink-rate (Michal Wilczynski) [Orabug: 36385281] - devlink: Introduce new attribute 'tx_priority' to devlink-rate (Michal Wilczynski) [Orabug: 36385281] - devlink: push trap related code into separate file (Jiri Pirko) [Orabug: 36385281] - devlink: use tracepoint_enabled() helper (Jiri Pirko) [Orabug: 36385281] - devlink: push region related code into separate file (Jiri Pirko) [Orabug: 36385281] - devlink: push param related code into separate file (Jiri Pirko) [Orabug: 36385281] - devlink: push resource related code into separate file (Jiri Pirko) [Orabug: 36385281] - devlink: push dpipe related code into separate file (Jiri Pirko) [Orabug: 36385281] - devlink: move and rename devlink_dpipe_send_and_alloc_skb() helper (Jiri Pirko) [Orabug: 36385281] - devlink: push shared buffer related code into separate file (Jiri Pirko) [Orabug: 36385281] - devlink: push port related code into separate file (Jiri Pirko) [Orabug: 36385281] - devlink: push object register/unregister notifications into separate helpers (Jiri Pirko) [Orabug: 36385281] - devlink: Expose port function commands to control IPsec packet offloads (Dima Chumak) [Orabug: 36385281] - devlink: Expose port function commands to control IPsec crypto offloads (Dima Chumak) [Orabug: 36385281] - genetlink: add genlmsg_iput() API (Jakub Kicinski) [Orabug: 36385281] - genetlink: add a family pointer to struct genl_info (Jakub Kicinski) [Orabug: 36385281] - genetlink: use attrs from struct genl_info (Jakub Kicinski) [Orabug: 36385281] - genetlink: add struct genl_info to struct genl_dumpit_info (Jakub Kicinski) [Orabug: 36385281] - genetlink: remove userhdr from struct genl_info (Jakub Kicinski) [Orabug: 36385281] - genetlink: make genl_info->nlhdr const (Jakub Kicinski) [Orabug: 36385281] - genetlink: push conditional locking into dumpit/done (Jakub Kicinski) [Orabug: 36385281] - net: ethtool: don't require empty header nests (Jakub Kicinski) [Orabug: 36385281] - netlink: support extack in dump ->start() (Jakub Kicinski) [Orabug: 36385281] - netlink: specs: devlink: extend health reporter dump attributes by port index (Jiri Pirko) [Orabug: 36385281] - devlink: extend health reporter dump selector by port index (Jiri Pirko) [Orabug: 36385281] - netlink: specs: devlink: extend per-instance dump commands to accept instance attributes (Jiri Pirko) [Orabug: 36385281] - devlink: allow user to narrow per-instance dumps by passing handle attrs (Jiri Pirko) [Orabug: 36385281] - devlink: remove converted commands from small ops (Jiri Pirko) [Orabug: 36385281] - devlink: remove duplicate temporary netlink callback prototypes (Jiri Pirko) [Orabug: 36385281] - netlink: specs: devlink: add commands that do per-instance dump (Jiri Pirko) [Orabug: 36385281] - devlink: pass flags as an arg of dump_one() callback (Jiri Pirko) [Orabug: 36385281] - devlink: introduce dumpit callbacks for split ops (Jiri Pirko) [Orabug: 36385281] - devlink: rename doit callbacks for per-instance dump commands (Jiri Pirko) [Orabug: 36385281] - devlink: introduce devlink_nl_pre_doit_port*() helper functions (Jiri Pirko) [Orabug: 36385281] - devlink: parse rate attrs in doit() callbacks (Jiri Pirko) [Orabug: 36385281] - devlink: parse linecard attr in doit() callbacks (Jiri Pirko) [Orabug: 36385281] - devlink: clear flag on port register error path (Jiri Pirko) [Orabug: 36385281] - devlink: Remove unused devlink_dpipe_table_resource_set() declaration (Yue Haibing) [Orabug: 36385281] - devlink: use generated split ops and remove duplicated commands from small ops (Jiri Pirko) [Orabug: 36385281] - devlink: include the generated netlink header (Jiri Pirko) [Orabug: 36385281] - devlink: add split ops generated according to spec (Jiri Pirko) [Orabug: 36385281] - netlink: specs: devlink: add info-get dump op (Jiri Pirko) [Orabug: 36385281] - devlink: un-static devlink_nl_pre/post_doit() (Jiri Pirko) [Orabug: 36385281] - devlink: introduce couple of dumpit callbacks for split ops (Jiri Pirko) [Orabug: 36385281] - devlink: rename couple of doit netlink callbacks to match generated names (Jiri Pirko) [Orabug: 36385281] - devlink: rename devlink_nl_ops to devlink_nl_small_ops (Jiri Pirko) [Orabug: 36385281] - devlink: Remove unused extern declaration devlink_port_region_destroy() (Yue Haibing) [Orabug: 36385281] - devlink: add forgotten devlink instance lock assertion to devl_param_driverinit_value_set() (Jiri Pirko) [Orabug: 36385281] - devlink: convert param list to xarray (Jiri Pirko) [Orabug: 36385281] - devlink: use xa_for_each_start() helper in devlink_nl_cmd_port_get_dump_one() (Jiri Pirko) [Orabug: 36385281] - devlink: fix the name of value arg of devl_param_driverinit_value_get() (Jiri Pirko) [Orabug: 36385281] - devlink: make sure driver does not read updated driverinit param before reload (Jiri Pirko) [Orabug: 36385281] - devlink: don't use strcpy() to copy param value (Jiri Pirko) [Orabug: 36385281] - tools: ynl-gen: fix enum index in _decode_enum(..) (Arkadiusz Kubalewski) [Orabug: 36385281] - tools: ynl-gen: support / skip pads on the way to kernel (Jakub Kicinski) [Orabug: 36385281] - tools: ynl-gen: don't pass op_name to RenderInfo (Jakub Kicinski) [Orabug: 36385281] - tools: ynl-gen: support code gen for events (Jakub Kicinski) [Orabug: 36385281] - tools: ynl-gen: sanitize notification tracking (Jakub Kicinski) [Orabug: 36385281] - tools: ynl: regen: stop generating common notification handlers (Jakub Kicinski) [Orabug: 36385281] - tools: ynl-gen: stop generating common notification handlers (Jakub Kicinski) [Orabug: 36385281] - tools: ynl: regen: regenerate the if ladders (Jakub Kicinski) [Orabug: 36385281] - tools: ynl-gen: get attr type outside of if() (Jakub Kicinski) [Orabug: 36385281] ... IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-36920 CVE-2024-36281 CVE-2024-42159 CVE-2024-26858 CVE-2024-36890 CVE-2024-36907 CVE-2023-52626 CVE-2023-52532 CVE-2024-44952 CVE-2024-42289 CVE-2024-38629 CVE-2024-21823 CVE-2024-35991 CVE-2024-41022 CVE-2024-42272 CVE-2024-42286 CVE-2024-26587 CVE-2024-36924 CVE-2024-42287 CVE-2024-26746 CVE-2024-42288 CVE-2024-26742 cpe:/a:oracle:linux:8::UEKR7 cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9::UEKR7 Oracle Linux 9 [3.0.7-28.0.1] - Drop OpenELA branding, apply Oracle branding patches - Enable openssl-fips-provider dependency [Orabug: 36504822] - Temporary disable openssl-fips-provider dependency [Orabug: 36504822] - Replace upstream references [Orabug: 34340177] [1:3.0.7-28] - Patch for CVE-2024-6119 Resolves: RHEL-55340 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-6119 cpe:/a:oracle:linux:9::userspace_ksplice Oracle Linux 8 Oracle Linux 9 [5.15.0-300.163.18.1] - vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (Haoran Zhang) [Orabug: 37132350] IMPORTANT Copyright 2024 Oracle, Inc. cpe:/a:oracle:linux:8::UEKR7 cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9::UEKR7 Oracle Linux 8 Oracle Linux 9 [5.15.0-301.163.5.2] - mm: avoid leaving partial pfn mappings around in error case (Linus Torvalds) [Orabug: 37174198] {CVE-2024-47674} - Revert 'Documentation/admin-guide/acpi: Move information out of shell script comments' (Dave Kleikamp) [Orabug: 37144820] - Revert 'irqchip/gic-v3: Move partition_create_desc() work to a helper' (Dave Kleikamp) [Orabug: 37144820] - Revert 'irqchip/gic: Collect GIC_IRQ_TYPE definitions into one place' (Dave Kleikamp) [Orabug: 37144820] - Revert 'ACPI / irq: Allow a compile-time arg0 for acpi_register_gsi()'s fwspec' (Dave Kleikamp) [Orabug: 37144820] - Revert 'irqchip/gic, gic-v3: Translate fwspec for DT and ACPI systems in the same way' (Dave Kleikamp) [Orabug: 37144820] - Revert 'ACPI / PPTT: Provide a helper to walk processor containers' (Dave Kleikamp) [Orabug: 37144820] - Revert 'ACPI / PPTT: Add a helper to build a cpumask from a cpu_node' (Dave Kleikamp) [Orabug: 37144820] - Revert 'irqchip/gic-v3: Print DT partitions in the same way as APCI' (Dave Kleikamp) [Orabug: 37144820] - Revert 'irqchip/gic-v3: Build PPI partitions on ACPI systems' (Dave Kleikamp) [Orabug: 37144820] - Revert 'irqchip/gic-v3: select and translate the partition domain' (Dave Kleikamp) [Orabug: 37144820] - Revert 'ACPI / irq: Add acpi_register_partitioned_percpu_gsi()' (Dave Kleikamp) [Orabug: 37144820] - Revert 'ACPI / PPTT: Find PPTT cache level by ID' (Dave Kleikamp) [Orabug: 37144820] - Revert 'ACPI / PPTT: Add a helper to fill a cpumask from a processor container' (Dave Kleikamp) [Orabug: 37144820] - Revert 'ACPI / PPTT: Add a helper to fill a cpumask from a cache_id' (Dave Kleikamp) [Orabug: 37144820] - Revert 'drivers: base: cacheinfo: Check per_cpu_cacheinfo() is allocated' (Dave Kleikamp) [Orabug: 37144820] - Revert 'drivers: base: cacheinfo: Add helper to find the cache size from cpu+level' (Dave Kleikamp) [Orabug: 37144820] - Revert 'cacheinfo: Allow for >32-bit cache 'id'' (Dave Kleikamp) [Orabug: 37144820] - Revert 'cacheinfo: Set cache 'id' based on DT data' (Dave Kleikamp) [Orabug: 37144820] - Revert 'cacheinfo: Expose the code to generate a cache-id from a device_node' (Dave Kleikamp) [Orabug: 37144820] [5.15.0-301.163.5.1] - vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (Haoran Zhang) [Orabug: 37142443] [5.15.0-301.163.5] - netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init(). (Kuniyuki Iwashima) [Orabug: 36964003] {CVE-2024-42270} - netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init(). (Kuniyuki Iwashima) [Orabug: 36964001] {CVE-2024-42269} - Revert 'arm64: Allow 512K irqs' (Harshit Mogalapalli) [Orabug: 37117987] [5.15.0-301.163.4] - pds_core: Prevent race issues involving the adminq (Brett Creeley) [Orabug: 36529980] {CVE-2024-26623} - netdevsim: avoid potential loop in nsim_dev_trap_report_work() (Eric Dumazet) [Orabug: 36530387] {CVE-2024-26681} - devlink: fix possible use-after-free and memory leaks in devlink_init() (Vasiliy Kovalev) [Orabug: 36530666] {CVE-2024-26734} - x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (Adamos Ttofari) [Orabug: 36642225] {CVE-2024-35801} - net/mlx5e: Fix mlx5e_priv_init() cleanup flow (Carolina Jubran) [Orabug: 36643379] {CVE-2024-35959} - uek-rpm: correctly set DEFAULTKERNEL after removal of uek kernels (Rhythm Mahajan) [Orabug: 36709294] - RDMA: Flip the meaning of '-1' and '0' in ibv_create_cq / ib_create_cq (Gerd Rausch) [Orabug: 36822216] - Revert 'rds: ib: fix non-determinism when comp_vector is zero' (Gerd Rausch) [Orabug: 36822216] - net/mlx5: Fix tainted pointer delete is case of flow rules creation fail (Aleksandr Mishin) [Orabug: 36835804] {CVE-2024-40940} - xfrm: Remove documentation WARN_ON to limit return values for offloaded SA (Patrisious Haddad) [Orabug: 37080855] - perf/x86/amd: Fix crash due to race between amd_pmu_enable_all, perf NMI and throttling (Ravi Bangoria) [Orabug: 37088496] [5.15.0-301.163.3] - uek-rpm: T93: enable xxhash crypto module for fips (Dave Kleikamp) [Orabug: 37075386] - mm: ioremap: Add ioremap/iounmap_allowed() (Kefeng Wang) [Orabug: 37061929] - netfilter: nf_tables: use timestamp to check for set element timeout (Pablo Neira Ayuso) [Orabug: 36630431] {CVE-2024-27397} - uek-rpm: Enable CONFIG_DEVICE_PRIVATE for the 64K page kernel (Dave Kleikamp) [Orabug: 36670372] - uek-rpm: Config changes to support Grace Hopper (Dave Kleikamp) [Orabug: 36670372] - arm64: Allow 512K irqs (Dave Kleikamp) [Orabug: 36670372] - tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer (Matthew R. Ochs) [Orabug: 36670372] - firmware: smccc: Fix use of uninitialised results structure (Punit Agrawal) [Orabug: 36670372] - i2c: smbus: Check for parent device before dereference (Andy Shevchenko) [Orabug: 36670372] - gpio: tegra186: remove unneeded loop in tegra186_gpio_init_route_mapping() (Tom Rix) [Orabug: 36670372] - dt-bindings: gpio: Remove FSI domain ports on Tegra234 (Prathamesh Shete) [Orabug: 36670372] - i2c: tegra: Do not mark ACPI devices as irq safe (Breno Leitao) [Orabug: 36670372] - tpm_tis_spi: Add hardware wait polling (Krishna Yarlagadda) [Orabug: 36670372] - spi: tegra210-quad: Enable TPM wait polling (Krishna Yarlagadda) [Orabug: 36670372] - spi: Add TPM HW flow flag (Krishna Yarlagadda) [Orabug: 36670372] - spi: tegra210-quad: set half duplex flag (Krishna Yarlagadda) [Orabug: 36670372] - spi: tegra210-quad: Fix iterator outside loop (Krishna Yarlagadda) [Orabug: 36670372] - spi: tegra210-quad: Fix validate combined sequence (Krishna Yarlagadda) [Orabug: 36670372] - ACPI/IORT: Update SMMUv3 DeviceID support (Robin Murphy) [Orabug: 36670372] - spi: tegra210-quad: Fix duplicate resource error (Krishna Yarlagadda) [Orabug: 36670372] - spi: tegra210-quad: Don't initialise DMA if not supported (Jon Hunter) [Orabug: 36670372] - spi: tegra210-quad: Fix combined sequence (Krishna Yarlagadda) [Orabug: 36670372] - irqchip/gicv3: Workaround for NVIDIA erratum T241-FABRIC-4 (Shanker Donthineni) [Orabug: 36670372] - irqchip/gicv3: Handle resource request failure consistently (Robin Murphy) [Orabug: 36670372] - irqchip/gic-v3: Claim iomem resources (Robin Murphy) [Orabug: 36670372] - i2c: tegra: Fix PEC support for SMBUS block read (Akhil R) [Orabug: 36670372] - i2c: tegra: Set ACPI node as primary fwnode (Akhil R) [Orabug: 36670372] - arm64: tegra: Enable Tegra SPI & QSPI in deconfig (Krishna Yarlagadda) [Orabug: 36670372] - spi: tegra210-quad: Multi-cs support (Krishna Yarlagadda) [Orabug: 36670372] - i2c: tegra: Add SMBus block read function (Akhil R) [Orabug: 36670372] - spi: tegra210-quad: use device_reset method (Krishna Yarlagadda) [Orabug: 36670372] - i2c: smbus: Use device_*() functions instead of of_*() (Akhil R) [Orabug: 36670372] - spi: tegra210-quad: add acpi support (Krishna Yarlagadda) [Orabug: 36670372] - docs: firmware-guide: ACPI: Add named interrupt doc (Akhil R) [Orabug: 36670372] - device property: Add fwnode_irq_get_byname (Akhil R) [Orabug: 36670372] - device property: Add fwnode_iomap() (Anand Ashok Dumbre) [Orabug: 36670372] - spi: tegra210-quad: combined sequence mode (Krishna Yarlagadda) [Orabug: 36670372] - spi: tegra210-quad: add new chips to compatible (Krishna Yarlagadda) [Orabug: 36670372] - gpio: tegra186: Add IRQ per bank for Tegra241 (Akhil R) [Orabug: 36670372] - spi: tegra210-quad: use devm call for cdata memory (Krishna Yarlagadda) [Orabug: 36670372] - gpio: tegra186: Add support for Tegra241 (Akhil R) [Orabug: 36670372] - gpio: tegra186: Add support for Tegra234 (Prathamesh Shete) [Orabug: 36670372] - gpio: tegra186: Support multiple interrupts per bank (Thierry Reding) [Orabug: 36670372] - gpio: tegra186: Force one interrupt per bank (Thierry Reding) [Orabug: 36670372] - dt-bindings: gpio: Add Tegra241 support (Akhil R) [Orabug: 36670372] - dt-bindings: gpio: Add Tegra234 support (Prathamesh Shete) [Orabug: 36670372] - dt-bindings: gpio: tegra186: Convert to json-schema (Thierry Reding) [Orabug: 36670372] - i2c: tegra: use i2c_timings for bus clock freq (Akhil R) [Orabug: 36670372] - i2c: tegra: Add the ACPI support (Akhil R) [Orabug: 36670372] - net/mlx5: Stop waiting for PCI if pci channel is offline (Moshe Shemesh) [Orabug: 36955683] - Revert 'crypto: ecc - Move ecc.h to include/crypto/internal' (Dave Kleikamp) [Orabug: 37062541] - Revert 'crypto: ecc - Export additional functions from crypto/ecc.c' (Dave Kleikamp) [Orabug: 37062541] - Revert 'crypto: add ECDSA signature generation support' (Dave Kleikamp) [Orabug: 37062541] - Revert 'crypto: add ECDSA test vectors from RFC 6979' (Dave Kleikamp) [Orabug: 37062541] - Revert 'crypto: make RFC6979 test vectors generic to all drivers' (Dave Kleikamp) [Orabug: 37062541] - Revert 'crypto: ecdsa - export ecdsa signature ASN.1 parser' (Dave Kleikamp) [Orabug: 37062541] - Revert 'crypto: ecdsa - export ecdsa privkey ASN.1 parser' (Dave Kleikamp) [Orabug: 37062541] - Revert 'crypto: octeontx2: add support for ECDSA P192, P256 and P384' (Dave Kleikamp) [Orabug: 37062541] - Revert 'crypto: octeontx2: add support for DH' (Dave Kleikamp) [Orabug: 37062541] - Revert 'crypto: octeontx2: fix opcode incase of SGv2' (Dave Kleikamp) [Orabug: 37062541] - i40e: Change user notification of non-SFP module in i40e_get_module_info() (Andrii Staikov) [Orabug: 37069948] [5.15.0-301.163.2] - x86/efistub: Branch straight to kernel entry point from C code (Ard Biesheuvel) [Orabug: 36943196] - x86/efi: Make the deprecated EFI handover protocol optional (Ard Biesheuvel) [Orabug: 36943196] - efi: fix panic in kdump kernel (Oleksandr Tymoshenko) [Orabug: 36943196] - efi: verify that variable services are supported (Johan Hovold) [Orabug: 36943196] - efi: libstub: Give efi_main() asmlinkage qualification (Ard Biesheuvel) [Orabug: 36943196] - x86/boot/compressed: Simplify IDT/GDT preserve/restore in the EFI thunk (Ard Biesheuvel) [Orabug: 36943196] - x86/boot/compressed, efi: Merge multiple definitions of image_offset into one (Ard Biesheuvel) [Orabug: 36943196] - x86/boot/compressed: Move efi32_pe_entry() out of head_64.S (Ard Biesheuvel) [Orabug: 36943196] - x86/boot/compressed: Move efi32_entry out of head_64.S (Ard Biesheuvel) [Orabug: 36943196] - x86/boot/compressed: Move efi32_pe_entry into .text section (Ard Biesheuvel) [Orabug: 36943196] - x86/boot/compressed: Move bootargs parsing out of 32-bit startup code (Ard Biesheuvel) [Orabug: 36943196] - x86/boot/compressed: Move 32-bit entrypoint code into .text section (Ard Biesheuvel) [Orabug: 36943196] - x86/boot/compressed: Rename efi_thunk_64.S to efi-mixed.S (Ard Biesheuvel) [Orabug: 36943196] - efi: libstub: use EFI_LOADER_CODE region when moving the kernel in memory (Ard Biesheuvel) [Orabug: 36943196] - efi/x86: libstub: Make DXE calls mixed mode safe (Ard Biesheuvel) [Orabug: 36943196] - efi: libstub: ensure allocated memory to be executable (Baskov Evgeniy) [Orabug: 36943196] - efi: libstub: declare DXE services table (Baskov Evgeniy) [Orabug: 36943196] - x86/compressed: Export and rename add_identity_map() (Michael Roth) [Orabug: 36943196] - x86/compressed/64: Detect/setup SEV/SME features earlier during boot (Michael Roth) [Orabug: 36943196] - x86/boot: Use MSR read/write helpers instead of inline assembly (Michael Roth) [Orabug: 36943196] - x86/boot: Introduce helpers for MSR reads/writes (Michael Roth) [Orabug: 36943196] - x86/compressed/acpi: Move EFI detection to helper (Michael Roth) [Orabug: 36943196] - efi/libstub: add prototype of efi_tcg2_protocol::hash_log_extend_event() (Ard Biesheuvel) [Orabug: 36943196] - efi/libstub: x86/mixed: increase supported argument count (Ard Biesheuvel) [Orabug: 36943196] - uek: kabi: update x86_64 kABI files for new symbols (Yifei Liu) [Orabug: 37033066] - crypto/octeontx2: Use dynamic allocated memory region for lmtst (Bharat Bhushan) [Orabug: 36725601] - crypto/octeontx2: Initialize cptlfs device info once (Bharat Bhushan) [Orabug: 36725601] - octeontx2-bphy-netdev: fix rsfec stats reading (Baha Mesleh) [Orabug: 36725601] - octeontx2-pf: Add NIXLF error/poison interrupt handlers (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-af: dbg: Add debug prints for NIX AF interrupts (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-af: poll for tx link credits before link mode change (Naveen Mamindlapalli) [Orabug: 36725601] - drivers: gpio: thunderx: Do not support irq config for both edge (Suneel Garapati) [Orabug: 36725601] - octeontx2-af: Knobs for NPC default rule counters (Linu Cherian) [Orabug: 36725601] - octeontx2-af: debugfs: Add Channel info to RPM map (Linu Cherian) [Orabug: 36725601] - Octeontx2-af: Skip overlap check for SPI field (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Modify SMQ flush sequence to drop packets (Naveen Mamindlapalli) [Orabug: 36725601] - drivers: spi-cadence-xspi: Add error check for xfer logic register base (Petr Malat) [Orabug: 36725601] - octeontx2-af: Fix issue with GRE parsing (Kiran Kumar K) [Orabug: 36725601] - octeontx2-af: add shutdown function (Dave Kleikamp) [Orabug: 36725601] - uek-rpm: Build T93 embedded kernel (Dave Kleikamp) [Orabug: 36725601] - driver: soc: marvell: add cpss drivers (Dave Kleikamp) [Orabug: 36725601] - PCI: boot time optimization (Harman Kalra) [Orabug: 36725601] - octeontx_edac: Fix mcc_edac failure at boot (Thomas Tai) [Orabug: 36725601] - soc: Only try to build Marvell SOC code on aarch64 (Dave Kleikamp) [Orabug: 36725601] - efi/Marvell: Work-around for bootefi memmap errors (Henry Willard) [Orabug: 36725601] - octeontx2-af: add max_vfs module param (Tom Saeger) [Orabug: 36725601] - arm64: Fix compiler warning when CONFIG_MRVL_OCTEONTX_EL0_INTR is undefined. (Tom Saeger) [Orabug: 36725601] - thermal: add CN98XX support for Marvell Octeon TX2 SoC temperature sensors (Dave Kleikamp) [Orabug: 36725601] - thermal: support for Marvell Octeon TX2 SoC temperature sensors (Eric Saint-Etienne) [Orabug: 36725601] - crypto: octeontx2: let the core report the driver name instead of the drivers (Dave Kleikamp) [Orabug: 36725601] - octeontx2-pf: extend ringparam setting/getting API with rx_buf_len (Dave Kleikamp) [Orabug: 36725601] - octeontx2-pf: Fix arguments to bpf_warn_invalid_xdp_action() (Dave Kleikamp) [Orabug: 36725601] - octeontx2-af: fix bitmap_weight formatting (Dave Kleikamp) [Orabug: 36725601] - octeontx2-bphy-netdev: Support for eCPRI MsgType5 timestamping (Sai Krishna) [Orabug: 36725601] - octeontx2-bphy-netdev: Use correct netdev priv structure for debugging (Baha Mesleh) [Orabug: 36725601] - gpio: thunder: Fix invalid object pointer in kfree. (Szymon Balcerak) [Orabug: 36725601] - soc: marvell: bert: BERT support for CN10k (Piyush Malgujar) [Orabug: 36725601] - drivers: soc: marvell: octeontx_info: Fix parsing of two fdt properties (Felix Manlunas) [Orabug: 36725601] - octeontx2-af: Add validation before accessing fwdata (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Add support to parse more VLAN headers (Kiran Kumar K) [Orabug: 36725601] - drivers: octeontx-edac: Add gic error decoder (Jayanthi Annadurai) [Orabug: 36725601] - drivers: pci-octeon-pem: Remove unused variables (Suneel Garapati) [Orabug: 36725601] - octeontx2-af: Add debugfs support to dump NIX TM registers (Anshumali Gaur) [Orabug: 36725601] - driver: edac: octeontx: offline/poison page on fatal/UE (Wladislav Wiebe) [Orabug: 36725601] - gpio: thunderx: Fixed 'pin-cfg' values collection. (Szymon Balcerak) [Orabug: 36725601] - octeontx2-bphy-netdev: disable CPRI RX on cleanup (Baha Mesleh) [Orabug: 36725601] - octeontx2-bphy-netdev: ignore mcs untagged error (Baha Mesleh) [Orabug: 36725601] - driver: i2c: mv64xxx: cn9130 bus lockup issue (Narendra Hadke) [Orabug: 36725601] - Calculate delay-element (Aaron Williams) [Orabug: 36725601] - Disable enhanced strobe if not selected (Aaron Williams) [Orabug: 36725601] - Fix clock timing for MMC DDR modes (Aaron Williams) [Orabug: 36725601] - soc: marvell: hw_access: fix modpost error (Satheesh Paul) [Orabug: 36725601] - octeontx2-af: Fix issue with IPV6 GRE and multi VLAN (Kiran Kumar K) [Orabug: 36725601] - octeontx2-af: Add KPU changes to parse fabric path header (Kiran Kumar K) [Orabug: 36725601] - xhci: Use more than one Event Ring segment (Jonathan Bell) [Orabug: 36725601] - xhci: Set DESI bits in ERDP register correctly (Lukas Wunner) [Orabug: 36725601] - soc: marvell: hw_access: add ioctl to get link info (Satheesh Paul) [Orabug: 36725601] - mdio: mdio-thunder: Fix driver build when ACPI disabled. (Szymon Balcerak) [Orabug: 36725601] - mdio: mdio-thunder: Add ACPI support. (Szymon Balcerak) [Orabug: 36725601] - gpio: thunderx: Add ACPI support. (Szymon Balcerak) [Orabug: 36725601] - octeontx2-pf: Check for DMAC extraction support before setting DMAC based hardware filter for a VF (Suman Ghosh) [Orabug: 36725601] - octeontx2-pf: Do not use HW TSO when gso_size < 16bytes (Geetha sowjanya) [Orabug: 36725601] - drivers: spi: xspi: Modify HW xfer workaround (Witold Sadowski) [Orabug: 36725601] - octeontx2-af: Added debugfs support to dump NIX TM topology (Anshumali Gaur) [Orabug: 36725601] - octeontx2-af: reveal only TIM params that are available (Shijith Thotton) [Orabug: 36725601] - octeontx2-bphy-netdev: disable rx on RFOEs on exit (Baha Mesleh) [Orabug: 36725601] - soc: marvell: otx2: Add dependency in Kconfig for GHES BERT (Piyush Malgujar) [Orabug: 36725601] - octeontx2-cpt: Wake up waiting process as last step (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-pf: Send UP messages to VF only when VF is up. (Subbaraya Sundeep) [Orabug: 36725601] - crypto: octeontx2: Honor irqaffinity passed via bootargs (Bharat Bhushan) [Orabug: 36725601] - octeontx2-af: fix mcam hit counter (Ankur Dwivedi) [Orabug: 36725601] - octeontx2-af: Fix default entries mcam entry action (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: map management port always to first PF (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: configure 802.3 pause frames in SGMII/QSGMII mode (Hariprasad Kelam) [Orabug: 36725601] - FWLOG: Correct read length with ppos (Mikko Suni) [Orabug: 36725601] - octeontx2-pf: Reorder tearing down of PTP RX info work queue, mailbox (Sai Krishna) [Orabug: 36725601] - octeontx2-af: Fix Support of FDSA tag (George Cherian) [Orabug: 36725601] - octeontx2-bphy-netdev: release psm queues on exit (Baha Mesleh) [Orabug: 36725601] - octeontx2-bphy-netdev: ignore MCS bypass errors (Baha Mesleh) [Orabug: 36725601] - MMC: Fix for SD card support in cadence driver (Paul Way) [Orabug: 36725601] - octeontx2-bphy-netdev: Add cpri busrt packet limiter (Naveen Mamindlapalli) [Orabug: 36725601] - genirq: Export irqaffinity_default (Sunil Goutham) [Orabug: 36725601] - octeontx2-bphy-netdev: Add SW workaround for Zero padding (Sai Krishna) [Orabug: 36725601] - octeontx2-af: Add new devlink param to configure maximum usable NIX LFs (Suman Ghosh) [Orabug: 36725601] - octeontx2-pf: Honor irqaffinity passed via bootargs (Sunil Goutham) [Orabug: 36725601] - octeontx2-af: add TIM error af interrupt handlers (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: clear state on TIM ring disable (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: disable preemption when enabling TIM (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-vf: Fix VF mbox up message error on PTP RX enable (Sai Krishna) [Orabug: 36725601] - drivers: spi-cadence-xspi: Change xfer logic base (Suneel Garapati) [Orabug: 36725601] - soc: marvell: otx2: Add Kconfig option for otx2-ghes-init file. (Piyush Malgujar) [Orabug: 36725601] - driver: edac: octeontx: Improvements to GIC RAS handler (Chandrakala Chavva) [Orabug: 36725601] - edac: octeontx: Add support for GIC RAS reporting (Jayanthi Annadurai) [Orabug: 36725601] - octeontx2-af: Dump hw register state on error (Geetha sowjanya) [Orabug: 36725601] - Change struct octeontx2_pcie_console_nexus (Ray Asbury) [Orabug: 36725601] - octeontx2-af: account for cycle wraparound (Pavan Nikhilesh) [Orabug: 36725601] - drivers: spi: cadence-xspi: Export chip select gpio conditionally (Suneel Garapati) [Orabug: 36725601] - spi: cadence: Improve MRVL locking mechanism (Witold Sadowski) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix PTP PHC sw timecounter reset ioctl (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-af: prevent TIM register read reorder (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-dpi: fix incorrect chunk size config (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-dpi: configure dma engine FIFO (Amit Prakash Shukla) [Orabug: 36725601] - octeontx2-pf: ethtool: support multi advertise mode (Hariprasad Kelam) [Orabug: 36725601] - octeontx-pf: Update SGMII mode mapping (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-pf: ethtool: Remove dependency of phyad (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: enable rxc with lookaside cpt lf (Vidya Sagar Velumuri) [Orabug: 36725601] - octeontx2-af: add mbox to capture counters (Pavan Nikhilesh) [Orabug: 36725601] - crypto: octeontx2: increase timeout value of load_fvc CPT instruction poll (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2: increase timeout value of load_fvc CPT instruction poll (Srujana Challa) [Orabug: 36725601] - octeontx2-dpi: extend sysfs to dump DPI PF registers (Satha Rao) [Orabug: 36725601] - octeontx2-af: reduce cpt flt interrupt vectors for cn10kb (Srujana Challa) [Orabug: 36725601] - octeontx2-pf: Fix updating PFC configuration during running traffic (Suman Ghosh) [Orabug: 36725601] - drivers: pci: probe: Read after write fixup for PBUS register (Suneel Garapati) [Orabug: 36725601] - genirq: Increase the number of interrupters (George Cherian) [Orabug: 36725601] - drivers: spi-cadence-xspi: Fix clock divisor change logic (Suneel Garapati) [Orabug: 36725601] - driver: mmc: sdhci-cadence: ACPI support added for eMMC driver for CN10K (Piyush Malgujar) [Orabug: 36725601] - driver: mmc: sdhci: Add ACPI check (Piyush Malgujar) [Orabug: 36725601] - octeontx2-af: Add debug logs. (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-pf: Add more debug messages (Geetha sowjanya) [Orabug: 36725601] - octeontx2-pf: Fix dangling pointers in the netdev qset (Geetha sowjanya) [Orabug: 36725601] - drivers: cadence-xspi: Optimize workaround logic (Suneel Garapati) [Orabug: 36725601] - edac: octeontx: Add error syndrome (Jayanthi Annadurai) [Orabug: 36725601] - drivers: i2c-octeon-core: Add recovery for WDOG_TOUT error status (Suneel Garapati) [Orabug: 36725601] - soc: marvell: otx2: Add CN10 check (Piyush Malgujar) [Orabug: 36725601] - octeontx2: Improve mailbox tracepoints for debugging (Subbaraya Sundeep) [Orabug: 36725601] - crypto: octeontx2: add timeout for load_fvc completion poll (Srujana Challa) [Orabug: 36725601] - octeontx2-af: avoid RXC register access in FLR on CN10KB (Nithin Dabilpuram) [Orabug: 36725601] - drivers: i2c-octeon-core: Add error state recovery (Bruno Matic) [Orabug: 36725601] - octeontx2-bphy-netdev: Add an ioctl to reset PTP PHC sw timecounter offset (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-af: Remove MAC address validation check (Suman Ghosh) [Orabug: 36725601] - octeontx2-pf: Use TL2 level for egress match all configuration (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-af: Add a new mbox to read/write MCAM hit status (Suman Ghosh) [Orabug: 36725601] - crypto: octeontx2: fix devlink params get callback (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2: fix opcode incase of SGv2 (Srujana Challa) [Orabug: 36725601] - ptp_clockmatrix: print driver version during probe (Naveen Mamindlapalli) [Orabug: 36725601] - driver: mfd/misc/ptp: update renasas smu drivers to v1.0 tag (Naveen Mamindlapalli) [Orabug: 36725601] - driver: edac: octeontx: Init MC grain (Vasyl Gomonovych) [Orabug: 36725601] - rqchip/gic-v3: Use raw_spin_lock in irq context (Geetha sowjanya) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: don't drop packets with macsec errors (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix register offset definitions (Naveen Mamindlapalli) [Orabug: 36725601] - drivers: spi: cadence: Reconfigure xSPI config to STIG Mode (Witold Sadowski) [Orabug: 36725601] - spi: Add xfer() function for cadence xSPI (Suneel Garapati) [Orabug: 36725601] - drivers: spi: Add arbitration support for Cadence SPI (Suneel Garapati) [Orabug: 36725601] - watchdog: sbsa_gwdt: Apply the Errata workaround seen on CN10K Processors (George Cherian) [Orabug: 36725601] - driver: spi: cadence: Remove unused variables (Geetha sowjanya) [Orabug: 36725601] - octeontx2-af: Flush WQ before destroy (Geetha sowjanya) [Orabug: 36725601] - octeontx2-pf: Check address for Null before free (Geetha sowjanya) [Orabug: 36725601] - octeontx2-pf: Detach LF resources on probe cleanup (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-af: add validation checks for function arguments (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2: Fix klockwork issues in BPHY and SSO (Suman Ghosh) [Orabug: 36725601] - octeontx2: Fix klockwork issues. (Suman Ghosh) [Orabug: 36725601] - octeontx2-af: Free NIX_AF_INT_VEC_GEN interrupt too (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-af: utilize hardware FLR support in SSO (Shijith Thotton) [Orabug: 36725601] - drivers: marvell: Fix klockwork issues (Suman Ghosh) [Orabug: 36725601] - arm64: smccc: Add trace events to SMC calls. (Rakesh Babu Saladi) [Orabug: 36725601] - crypto: octeontx2: add support for AES_GMAC (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2: add support for DH (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2: add support for ccm(aes) (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2: support md5 and hmac(md5) (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2: support sha1, sha256, sha384 and sha512 (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2: add support for ECDSA P192, P256 and P384 (Srujana Challa) [Orabug: 36725601] - crypto: ecdsa - export ecdsa privkey ASN.1 parser (Srujana Challa) [Orabug: 36725601] - crypto: ecdsa - export ecdsa signature ASN.1 parser (Srujana Challa) [Orabug: 36725601] - driver: serdes_debugfs: add support for debugfs (anthony chan-MA Eng_IC) [Orabug: 36725601] - octeontx2-af: fix to get different rq mask (Rakesh Kudurumalla) [Orabug: 36725601] - crypto: make RFC6979 test vectors generic to all drivers (Srujana Challa) [Orabug: 36725601] - crypto: add ECDSA test vectors from RFC 6979 (Srujana Challa) [Orabug: 36725601] - crypto: add ECDSA signature generation support (Srujana Challa) [Orabug: 36725601] - crypto: ecc - Export additional functions from crypto/ecc.c (Srujana Challa) [Orabug: 36725601] - octeontx2-af: update TIM adjust GTI errata silicons (Shijith Thotton) [Orabug: 36725601] - octeontx2-af: fix accessing of CPT register on 105xx. (Srujana Challa) [Orabug: 36725601] - octeontx2-pf: Using compound/head page ref count (Geetha sowjanya) [Orabug: 36725601] - octeontx2-bphy-netdev: Fixed sparse errors (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-pf: Remove source port check while adding ntuple rule for GTP-U/C (Suman Ghosh) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix ptp timestamp conversion when using external clock (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: don't modify pps threshold when sw timecounter is not used (Naveen Mamindlapalli) [Orabug: 36725601] - crypto: octeontx2: add devlink option to set max_rxc_icb_cnt (Srujana Challa) [Orabug: 36725601] - octeontx2-pf: Define new ethtool modes for CN10KB (Hariprasad Kelam) [Orabug: 36725601] - driver: spi: cadence: Add ACPI support (Piyush Malgujar) [Orabug: 36725601] - Octeontx2-pf: Fix error condition for GTP-U/C rule insertion (Suman Ghosh) [Orabug: 36725601] - drivers:spi:cadence-xspi: Switch to polling mode when in panic (Gowthami Thiagarajan) [Orabug: 36725601] - drivers:spi:cadence-xspi: Add low-level changes to support kmsg panic/oops write (Gowthami Thiagarajan) [Orabug: 36725601] - spi: spi-nor: Fix the spi_nor_panic_write (Gowthami Thiagarajan) [Orabug: 36725601] - drivers: mtd: spi-nor: Support kmsg dumper based on pstore/blk (Gowthami Thiagarajan) [Orabug: 36725601] - octeontx2-sdp: add CN10kB for using correct mask (Radha Mohan Chintakuntla) [Orabug: 36725601] - ptm-ep: Add PTM requestor driver (Radha Mohan Chintakuntla) [Orabug: 36725601] - octeontx2-af: mcs: Remove SA stats support (Geetha sowjanya) [Orabug: 36725601] - octeontx2-af: fix CPT ctx flush (Srujana Challa) [Orabug: 36725601] - octeontx2-af: fix issue with spitosa table teardown (Nithin Dabilpuram) [Orabug: 36725601] - scmi: mailbox: Increase message slots (Piyush Malgujar) [Orabug: 36725601] - octeontx2-af: Update minimum receive frame size (Sathesh Edara) [Orabug: 36725601] - watchdog: sbsa_gwdt: Enable the WDOG_STOP_ON_PANIC (George Cherian) [Orabug: 36725601] - drivers: watchdog: Add support for panic notifier callback (George Cherian) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: Poll for timestamp to commit into PTP ring (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-pf: Use 1 TL4 queue per SDP output queue, enable SDP backpressure (Roy Franz) [Orabug: 36725601] - spi: cadence: Clear interrupt status before enabling interrupts (Witold Sadowski) [Orabug: 36725601] - octeontx2-dpi: queue reset of DPI VF during initialization (Sibaranjan Pattnayak) [Orabug: 36725601] - spi: cadence: Add support for xfer operation. (Witold Sadowski) [Orabug: 36725601] - octeontx-bphy-netdev: dev_ioctl: split out ndo_eth_ioctl (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix OTX2_RFOE_IOCTL_RX_IND_CFG in case of CNF10K (Janne Kukkonen) [Orabug: 36725601] - octeontx2-af: consider mode when using cpt base channel for bp (Nithin Dabilpuram) [Orabug: 36725601] - octeontx2-af: update SSO FLR routine (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: Add additional checks to validate user-def field value for GTP-u and GTP-C (Suman Ghosh) [Orabug: 36725601] - octeontx2-dpi: add sysfs for communication from userspace (Sibaranjan Pattnayak) [Orabug: 36725601] - octeontx2-sdp: Fix programming EPF_RINFO (Radha Mohan Chintakuntla) [Orabug: 36725601] - octeontx2-bphy-netdev: debugfs: remove debugfs entries. (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix updating host ptp offset multiple times (Naveen Mamindlapalli) [Orabug: 36725601] - drivers: mmc: sdhci-cadence: Change command delay value (Chandrakala Chavva) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix rfoe ptp clock cleanup (Baha Mesleh) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix issue of using incorrect netdev priv (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: fix link carrier state update for cnf10k (Baha Mesleh) [Orabug: 36725601] - octeontx2-bphy-netdev: Avoid kernel crash when psw jd_ptr is NULL (Mikko Suni) [Orabug: 36725601] - drivers: pci-octeon-pem: Rectify resetting PEM (Ray Asbury) [Orabug: 36725601] - drivers: pci-octeon-pem: Rectify RC link recover work (Suneel Garapati) [Orabug: 36725601] - drivers: pci: octeon-pem: Fix hardware issue (Suneel Garapati) [Orabug: 36725601] - drivers: pci: octeon-pem: Check on MSI-X vector count (Suneel Garapati) [Orabug: 36725601] - drivers: pci: controller: Add Octeon PEM driver (Suneel Garapati) [Orabug: 36725601] - drivers: pci: probe: Add fixup for Marvell PCIeRC bridge (Suneel Garapati) [Orabug: 36725601] - PCI: marvell-cnxk-ep: rename driver macro name string (Radha Mohan Chintakuntla) [Orabug: 36725601] - watchdog: sbsa_wdog: Make sure to program a larger timeout value (George Cherian) [Orabug: 36725601] - soc: marvell: hw_access: add dependency OCTEONTX2_AF (Jia Ma) [Orabug: 36725601] - octeontx2-af: debugfs: fix undefined SSO register access (Shijith Thotton) [Orabug: 36725601] - octeontx2-af: fix inline inbound IPsec configuration (Srujana Challa) [Orabug: 36725601] - octeontx2-bphy: Generate PPS OUT on PHC PTP_CLK_REQ_PEROUT (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: update TIM adjust GTI errata silicons (Shijith Thotton) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix ioctl OTX2_CPRI_IOCTL_LINK_EVENT cpri context (Janne Kukkonen) [Orabug: 36725601] - driver: edac: octeontx: Add revision check for new pass of the chip (Chandrakala Chavva) [Orabug: 36725601] - drivers: spi: cadence: Fix clock operations (Witold Sadowski) [Orabug: 36725601] - octeontx2-bphy-netdev: Remove ptp list processing (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-bphy-netdev: Use two send queues for cnf10k (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-bphy-netdev: Use separate xmit function for PTP (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-bphy-netdev: Simplify job submission to hardware (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-bphy-netdev: Simplify error checks and updating stats (Subbaraya Sundeep) [Orabug: 36725601] - drivers: soc: Removed Below Warning message for generic header file on CN8XX platform. (sdonelli) [Orabug: 36725601] - octeontx2-dpi: configure writing DMA result to an offset of the event (Sibaranjan Pattnayak) [Orabug: 36725601] - PCI: add misc character device for BAR4 mem access (Satananda Burla) [Orabug: 36725601] - cacheinfo: Expose the code to generate a cache-id from a device_node (James Morse) [Orabug: 36725601] - cacheinfo: Set cache 'id' based on DT data (Rob Herring) [Orabug: 36725601] - cacheinfo: Allow for >32-bit cache 'id' (Rob Herring) [Orabug: 36725601] - drivers: base: cacheinfo: Add helper to find the cache size from cpu+level (James Morse) [Orabug: 36725601] - drivers: base: cacheinfo: Check per_cpu_cacheinfo() is allocated (James Morse) [Orabug: 36725601] - ACPI / PPTT: Add a helper to fill a cpumask from a cache_id (James Morse) [Orabug: 36725601] - ACPI / PPTT: Add a helper to fill a cpumask from a processor container (James Morse) [Orabug: 36725601] - ACPI / PPTT: Find PPTT cache level by ID (James Morse) [Orabug: 36725601] - ACPI / irq: Add acpi_register_partitioned_percpu_gsi() (James Morse) [Orabug: 36725601] - irqchip/gic-v3: select and translate the partition domain (James Morse) [Orabug: 36725601] - irqchip/gic-v3: Build PPI partitions on ACPI systems (James Morse) [Orabug: 36725601] - irqchip/gic-v3: Print DT partitions in the same way as APCI (James Morse) [Orabug: 36725601] - ACPI / PPTT: Add a helper to build a cpumask from a cpu_node (James Morse) [Orabug: 36725601] - ACPI / PPTT: Provide a helper to walk processor containers (James Morse) [Orabug: 36725601] - irqchip/gic, gic-v3: Translate fwspec for DT and ACPI systems in the same way (James Morse) [Orabug: 36725601] - ACPI / irq: Allow a compile-time arg0 for acpi_register_gsi()'s fwspec (James Morse) [Orabug: 36725601] - irqchip/gic: Collect GIC_IRQ_TYPE definitions into one place (James Morse) [Orabug: 36725601] - irqchip/gic-v3: Move partition_create_desc() work to a helper (James Morse) [Orabug: 36725601] - Documentation/admin-guide/acpi: Move information out of shell script comments (James Morse) [Orabug: 36725601] - arm64: Add workaround for Cavium erratum 36890 (Andrew Pinski) [Orabug: 36725601] - octeontx2-pf: Fix coverity issues (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-af: Add NPC support to filter GTP-U and GTP-C packets based on TEID (Suman Ghosh) [Orabug: 36725601] - PCI: controller: Add Marvell OcteonTx2 PCIe Endpoint driver (Radha Mohan Chintakuntla) [Orabug: 36725601] - soc: octeontx2-dpi: Add DPI DMA PF driver (Radha Mohan Chintakuntla) [Orabug: 36725601] - soc: octeontx2-sdp: Add CN10K SDP support (Radha Mohan Chintakuntla) [Orabug: 36725601] - soc: octeontx2-sdp: Fix SDP output backpressure (Radha Mohan Chintakuntla) [Orabug: 36725601] - soc: octeontx2-sdp: add multi-PF support in SDP (Radha Mohan Chintakuntla) [Orabug: 36725601] - soc: octeontx2-sdp: setup the SDP channel configuration (Radha Mohan Chintakuntla) [Orabug: 36725601] - soc: octeontx2-sdp: Add FLR handling support (Radha Mohan Chintakuntla) [Orabug: 36725601] - soc: octeontx2-sdp: Add mailbox support (Radha Mohan Chintakuntla) [Orabug: 36725601] - soc: octeontx2-sdp: Add SDP PF driver support (Radha Mohan Chintakuntla) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: Enable FORCE_COND_CLK_EN only for applicable chips. (Rakesh Babu Saladi) [Orabug: 36725601] - drivers: soc: marvell: Add PCI console driver (Rick Farrington) [Orabug: 36725601] - firmware: octeontx2: Move AVS reset control to MUB bus (sdonelli) [Orabug: 36725601] - octeontx2-bphy-netdev: fix coverity issues (Naveen Mamindlapalli) [Orabug: 36725601] - KVM: arm64: Extend timer errata-38627 to kvm (Bharat Bhushan) [Orabug: 36725601] - clocksource: Add Marvell Errata-38627 workaround (Bharat Bhushan) [Orabug: 36725601] - EDAC: Octeon: Init SDEI (Vasyl Gomonovych) [Orabug: 36725601] - drives: soc: marvell: Using struct proc_ops instead of file_operations (Piyush Malgujar) [Orabug: 36725601] - drives: soc: marvell: Update octtx_info to display sdk-version (Chandrakala Chavva) [Orabug: 36725601] - drives: soc: marvell: Fix issues reported by static code analysis (Wojciech Bartczak) [Orabug: 36725601] - drives: soc: marvell: update to support to print reset counters (Selvam Venkatachalam) [Orabug: 36725601] - drives: soc: marvell: Remove unnecessary warnings about reset counters (Wojciech Bartczak) [Orabug: 36725601] - drives: soc: marvell: support to print reset counters (Selvam Venkatachalam) [Orabug: 36725601] - drives: soc: marvell: Fixes conversion for BOARD-MAC-ADDRESS-ID-NUM in octeontx_info (Wojciech Bartczak) [Orabug: 36725601] - drives: soc: marvell: Fixes unnecessary logging from octeontx info driver (Wojciech Bartczak) [Orabug: 36725601] - drives: soc: marvell: Fix OcteonTX info driver (Wojciech Bartczak) [Orabug: 36725601] - drives: soc: marvell: Adds MAC addressess overview to board info (Wojciech Bartczak) [Orabug: 36725601] - drives: soc: marvell: Display version information for flash components (Aaron Williams) [Orabug: 36725601] - drives: soc: marvell: publish no of macs in octeontx_info node (Sujeet Baranwal) [Orabug: 36725601] - drives: soc: marvell: Alter ways of mac address parsing (Sujeet Baranwal) [Orabug: 36725601] - drives: soc: marvell: Board info logic reorg (Sujeet Baranwal) [Orabug: 36725601] - drives: soc: marvell: Board information made available (Sujeet Baranwal) [Orabug: 36725601] - octeontx2-pf: disable preemption while using per_cpu pointer (Geetha sowjanya) [Orabug: 36725601] - octeontx2-pf: Dereference only a valid pointer (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-pf: Allow pkts of size morethan MTU to be transmitted (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-pf: Skip dma map and unmap when IOMMU is bypassed (Sunil Goutham) [Orabug: 36725601] - octeontx2-pf: Add missing changes in otx2_ethtool.c (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-sdpvf: Fix PTP options for SDP interfaces (Roy Franz) [Orabug: 36725601] - octeontx2-vf: Add partial ethtool support for SDP VFs (Radha Mohan Chintakuntla) [Orabug: 36725601] - octeontx2-pf: Support to enable EDSA/Higig2 pkts parsing (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-pf: Add ethtool -m option support. (Christina Jacob) [Orabug: 36725601] - octeontx2-pf: Avoid null pointer dereference (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-vf: Export symbol 'otx2_config_serdes_link_state' (Rakesh Babu) [Orabug: 36725601] - octeontx2-pf: devlink param support to modify physical interface links. (Rakesh Babu) [Orabug: 36725601] - octeontx2-pf: Add devlink param to vary rbuf size (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-pf: Add devlink param to vary cqe size (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-pf: Add devlink support to configure TL1 RR_PRIO (Hariprasad Kelam) [Orabug: 36725601] - soc: marvell: otx2: Fix initcall funciton should return an 'int' (Vasyl Gomonovych) [Orabug: 36725601] - soc: marvell: otx2: Fix old kzfree (Vasyl Gomonovych) [Orabug: 36725601] - octeontx2-af: support for custom L2 header (Satheesh Paul A) [Orabug: 36725601] - octeontx2-af: Add mbox to alloc/free BPIDs (Geetha sowjanya) [Orabug: 36725601] - octeontx2-af: Dynamically allocate bpids for CPT and LBK (Geetha sowjanya) [Orabug: 36725601] - octeontx2-af: add programming SDP BPID in cn10k (Radha Mohan Chintakuntla) [Orabug: 36725601] - octeontx2-af: Fix BPID calculation for SDP (Radha Mohan Chintakuntla) [Orabug: 36725601] - crypto: octeontx2: add ctx_val workaround (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2: fix rsa verify (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2: fix dma unmap issue with ahash (Srujana Challa) [Orabug: 36725601] - arm64: Enable Spectre BHB mitigation for Marvell OcteonTx2 cpus (Linu Cherian) [Orabug: 36725601] - mtd: spi-nor: winbond: Update w25q256fw flash memory to use 4B opcodes (Witold Sadowski) [Orabug: 36725601] - mtd: spi-nor: macronix: Add support for mx25um51245g (Witold Sadowski) [Orabug: 36725601] - mailbox: mvl-mhu: update copyright note (Wojciech Zmuda) [Orabug: 36725601] - scmi: mailbox: increase timeout for rx response (Jayanthi Annadurai) [Orabug: 36725601] - clk: control device frequency using sysfs (Wojciech Bartczak) [Orabug: 36725601] - scmi: perf: octtx2: round off OPP frequencies to neaest 100 (Sujeet Baranwal) [Orabug: 36725601] - scmi: mailbox: modifies rx buffer size and timeout for rx response (Wojciech Bartczak) [Orabug: 36725601] - driver: mailbox: Cleanup dead code (Wojciech Bartczak) [Orabug: 36725601] - mailbox: marvell: Initialize interrupts only if there's client for data (Wojciech Bartczak) [Orabug: 36725601] - driver: mailbox: Reject non-configured CPC instances (Wojciech Bartczak) [Orabug: 36725601] - driver: mailbox: Add support for LPI/SPI interrupt configuration in MHU (Wojciech Bartczak) [Orabug: 36725601] - driver: mailbox: Remove superfluous mutex in MHU implementation (Wojciech Bartczak) [Orabug: 36725601] - driver: MHU: Driver adjustment for 10x based octeontx platforms (Wojciech Bartczak) [Orabug: 36725601] - Marvell MHU: Fixes locking mechanism in MHU driver (Wojciech Bartczak) [Orabug: 36725601] - mailbox: add OcteonTX2 MHU mailbox driver (Wojciech Bartczak) [Orabug: 36725601] - soc: marvell: otx2: Enable MSI-X interrupts (Vasyl Gomonovych) [Orabug: 36725601] - soc: marvell: otx2: Add error injection interface (Vasyl Gomonovych) [Orabug: 36725601] - soc: marvell: otx2: Add BERT support for OTX2 (Vasyl Gomonovych) [Orabug: 36725601] - EDAC: Octeon: Add Marvell's OcteonTx2 SoC and CN10KA SoC EDAC driver (Vasyl Gomonovych) [Orabug: 36725601] - mmc: octeontx2: ACPI support added for eMMC driver for T9x. (Piyush Malgujar) [Orabug: 36725601] - mmc: octeontx2: Resolve issues reported by static analysis (Wojciech Bartczak) [Orabug: 36725601] - mmc: octeontx2: Removes static variables in tuning code (Wojciech Bartczak) [Orabug: 36725601] - mmc: octeontx2: Add MMC polling method to support kmsg panic/oops write (Bhaskara Budiredla) [Orabug: 36725601] - mmc: octeontx2: cleanup mmc_oops driver (Bhaskara Budiredla) [Orabug: 36725601] - mmc: octeontx2: Adds CMD tuning for eMMC HS200 mode (Wojciech Bartczak) [Orabug: 36725601] - mmc: octeontx2: Cleans up mmc code and prepare it for HS200 tuning update (Wojciech Bartczak) [Orabug: 36725601] - mmc: octeontx2: Adds device tree entries to control eMMC input timings (Wojciech Bartczak) [Orabug: 36725601] - mmc: octeontx2: Adds a way to dynamically control eMMC bus input timings (Wojciech Bartczak) [Orabug: 36725601] - mmc: octeontx2: Adds new overrides for eMMC bus output timings (Wojciech Bartczak) [Orabug: 36725601] - mmc: octeontx2: Adds mechanism to modify output timings for MMC bus (Wojciech Bartczak) [Orabug: 36725601] - mmc: octeontx2: enables mmc polling for pstore path (Bhaskara Budiredla) [Orabug: 36725601] - mmc: octeontx2: fix handling calibration glitch (Aaron Williams) [Orabug: 36725601] - mmc: octeontx2: Configure flags for T96 pass B0 (Chandrakala Chavva) [Orabug: 36725601] - mmc: octeontx2: Use flags for hardware differences (Aaron Williams) [Orabug: 36725601] - mmc: octeontx2: Fix tuning for T96 C0 (Chandrakala Chavva) [Orabug: 36725601] - mmc: octeontx2: Add tuning support for HS400 mode (Aaron Williams) [Orabug: 36725601] - mmc: octeontx2: speed limit for tx2-c0 (Sujeet Baranwal) [Orabug: 36725601] - mmc: octeontx2: use calibrated timing taps (Peter Swain) [Orabug: 36725601] - mmc: octeontx2: do not drop bus lock in tuning (Peter Swain) [Orabug: 36725601] - mmc: octeontx2: slot switch by vqmmc/gpio (Peter Swain) [Orabug: 36725601] - mmc: octeontx2: reorganize before vqmmc switching (Peter Swain) [Orabug: 36725601] - mmc: octeontx2: cmd and data out values fixture (Sujeet Baranwal) [Orabug: 36725601] - mmc: octeontx2: amend hs400 tuning (Peter Swain) [Orabug: 36725601] - mmc: octeontx2: correct clock divisor (Peter Swain) [Orabug: 36725601] - mmc: octeontx2: fix swiotlb buffer is full (Peter Swain) [Orabug: 36725601] - mmc: octeontx2: avoid single-slot startup issues (Peter Swain) [Orabug: 36725601] - mmc: octeontx2: execute_tuning for octeontx2 (Peter Swain) [Orabug: 36725601] - mmc: octeontx2: track & apply CMD6 bus changes ASAP (Peter Swain) [Orabug: 36725601] - mmc: octeontx2: cn96xx HS200-8wide-100MHz (Peter Swain) [Orabug: 36725601] - mmc: octeontx2: CMD19/21 type correction (Peter Swain) [Orabug: 36725601] - mmc: octeontx2: finish_dma_single() should teardown/unmap (Peter Swain) [Orabug: 36725601] - mmc: octeontx2: use device tree entries (Sujeet Baranwal) [Orabug: 36725601] - mmc: octeontx2: emmc tuning for delay (Sujeet Baranwal) [Orabug: 36725601] - mmc: octeontx2: skip unavailable slots (Peter Swain) [Orabug: 36725601] - mmc: octeontx2: calibrate tap delay (Sujeet Baranwal) [Orabug: 36725601] - mmc: octeontx2: incorporate hw interface io ctl params (Sujeet Baranwal) [Orabug: 36725601] - mmc: octeontx2: interrupt addition for ncb fault (Sujeet Baranwal) [Orabug: 36725601] - mmc: octeontx2: emmc operation limited to 100 MHz (Sujeet Baranwal) [Orabug: 36725601] - mmc: octeontx2: fix shutdown deadlock with active sd-card (Peter Swain) [Orabug: 36725601] - mmc: octeontx2: Configure sample command and data directly (Sujeet Baranwal) [Orabug: 36725601] - mmc: octeontx2: Use proper register to clear interrupts (Chandrakala Chavva) [Orabug: 36725601] - mmc: octeontx2: add check for 8/9xxx chips (Sujeet Baranwal) [Orabug: 36725601] - firmware: octeontx2: sfp-info: Update sfp_info_data (Piyush Malgujar) [Orabug: 36725601] - firmware: octeontx2: sfp-info: check supported platforms first (Damian Eppel) [Orabug: 36725601] - firmware: octeontx2: sfp-info: added support for t9x (Damian Eppel) [Orabug: 36725601] - firmware: octeontx2: sysfs driver for dumping sfp info (Damian Eppel) [Orabug: 36725601] - misc: bphy: disable ctr module on non-BPHY boards (Jakub Palider) [Orabug: 36725601] - misc: bphy: prevent out-of-bound array iteration (Jakub Palider) [Orabug: 36725601] - misc: bphy: Restore static resource allocation (Jakub Palider) [Orabug: 36725601] - misc: bphy: Fix resource release sequence (Jakub Palider) [Orabug: 36725601] - misc: bphy: Add ioctl to get BPHY irqs bitmask (Jakub Palider) [Orabug: 36725601] - misc: bphy: Get max irq number from firmware (Jakub Palider) [Orabug: 36725601] - misc: bphy: Add ioctl to get max irq number (Jakub Palider) [Orabug: 36725601] - drivers: cleanup el3 handler only if parent process exits (Radha Mohan Chintakuntla) [Orabug: 36725601] - misc: otx_bphy_ctr: Add OcteonTx2 BPHY control driver (Radha Mohan Chintakuntla) [Orabug: 36725601] - spi: cadence: Add Marvell IP modification changes (Witold Sadowski) [Orabug: 36725601] - spi: cadence: Add read access size switch (Witold Sadowski) [Orabug: 36725601] - spi: cadence: Change dt-bindings documentation for Cadence XSPI controller (Witold Sadowski) [Orabug: 36725601] - spi: cadence: Add polling mode support (Witold Sadowski) [Orabug: 36725601] - spi: cadence: Change dt-bindings documentation for Cadence XSPI controller (Witold Sadowski) [Orabug: 36725601] - Firmware: mub: Add Marvell Utility Bus. (sdonelli) [Orabug: 36725601] - soc: marvell: PHY diagnostics: minor updates (Srikanth Pidugu) [Orabug: 36725601] - soc: marvell: PHY diagnostics: more debug capabilities (Srikanth Pidugu) [Orabug: 36725601] - soc: marvell: PHY diagnostics: unified SoC check (Damian Eppel) [Orabug: 36725601] - soc: marvell: PHY diagnostics: page access support (Damian Eppel) [Orabug: 36725601] - soc: marvell: PHY diagnostics: driver update (Damian Eppel) [Orabug: 36725601] - soc: marvell: PHY diagnostics debugfs driver (Damian Eppel) [Orabug: 36725601] - soc: marvell: mvmdio_uio: paged access support (Damian Eppel) [Orabug: 36725601] - soc: marvell: mvmdio_uio: lock on accessing mdio bus (Damian Eppel) [Orabug: 36725601] - soc: marvell: MDIO uio driver (Damian Eppel) [Orabug: 36725601] - octeontx2-bphy-netdev: use ioremap() instead of ioremap_nocache (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: update ethtool drop stats when mbt erros are set (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: debugfs: Added FEC stats in debugfs. (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: update ethtool drop stats (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Add new secondary BCN offset for slave (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: enable skb list processing for delay_request. (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: Add new fields in ethtool stats (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: Set external_clock_rate for all RFOE interfaces. (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev:cnf10k: Share RFOE PTP offset with host (Roy Franz) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: Avoid ptp skb list processing in 1-step mode (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: update drop stats when psw errors are set (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: check psm queue space for ptp queue (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: Use atomic update feature to update PTP clock (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: Enable force_cond_clk_en bit (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: Recalculate UDP checksum. (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix updating rx byte stats (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: debugfs: new entry to dump RPM stats (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: debugfs: new entry to dump timestamp ring (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: debugfs: new entry to dump jdt ring (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: debugfs: Add new debugfs root entry (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: fix for PTP BCN delta (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: Use PTP ring tail index to read timestamp (Baha Mesleh) [Orabug: 36725601] - octeontx2-bphy-netdev: PTP 1-step improvements (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev:: Share RFOE PTP offset with host (Roy Franz) [Orabug: 36725601] - octeontx2-bphy-netdev: PTP BCN synchronization support for CNF10k platforms. (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: Add cnf10k rfoe debugfs (Baha Mesleh) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf105xxn: fix ptp timestamp in master mode (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: convert MIO_PTP_TIMESTAMP value to nsecs (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix updating JD pkt length and blocksize (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix improper names used for IRQs. (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: IOCTL to read input clock parameters. (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix cnf10k link state set (Baha Mesleh) [Orabug: 36725601] - otx2-bphy-netdev: synchronize BCN to PTP slave clock. (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: stop pkt transmission when psm queue is disabled (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf95n: fix ptp timestamp in master mode (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: fix compilation warning (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: use platform_get_irq_optional for PSM GPINT2 (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: Fix incorrect PTP clock frequency. (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf95n: ptp: use 950MHz clock for ptp slave (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf95n: ptp: Fix ptp clock counter read (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix ethtool stats string order (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf95n: add PTP slave support. (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: Fix ptp hardware clock counter conversion (Naveen Mamindlapalli) [Orabug: 36725601] - cnf10k-rfoe: skb shinfo falls on a different cacheline, avoid reading it (Sunil Goutham) [Orabug: 36725601] - cnf10k-rfoe: Adjust structure elements to reduce cache misses (Sunil Goutham) [Orabug: 36725601] - cnf10k-rfoe: Avoid costly iova_to_virt of packet dma address in xmit (Sunil Goutham) [Orabug: 36725601] - cnf10k-rfoe: Cleanup packet stats maintenance (Sunil Goutham) [Orabug: 36725601] - cnf10k-rfoe: Optimize packet length retrieval for non-ecpri packets (Sunil Goutham) [Orabug: 36725601] - cnf10k-rfoe: Remove duplicate error checking (Sunil Goutham) [Orabug: 36725601] - octeontx2-bphy-netdev: use sw timecounter for ptp phc (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: Add PTP 2S legacy mode support. (Rakesh Babu Saladi) [Orabug: 36725601] - oceontx2-bphy-netdev: cnf10k: Fix 1S sync timestamp fields. (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: re-enable cpri gpint when interface is stopped (Baha Mesleh) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix cpri interrupt handling (Baha Mesleh) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10kb: 1-step PTP support for CNF10KB. (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: cpri: Add missing ethtool stats (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: Fix CNF10K_CPRIX_ETH_UL_INT clearing (Janne Kukkonen) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: Modify PTP timestamp format. (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix cnf10k ecpri rx packet issue (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10kb: Add PTP slave support for CNF10KB. (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: add cpri netdev support (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: add prefix for cnf10k registers (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: move duplicate code to common headers (Naveen Mamindlapalli) [Orabug: 36725601] - cnf10k-rfoe: Prepend 8-byte PTP header to packets in PTP queue. (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf95: add jumbo frame support (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: 1-step PTP and slave support. (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: rfoe netdev cleanup (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: convert psw ptp timestamp to cpu byte order (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: fix missing ioctls on CNF10K (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: move common ptp structures to rfoe_common.h (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy: Fix issues reported by static analysis. (Rakesh Babu Saladi) [Orabug: 36725601] - cnf10k: rfoe: add jumbo frame support to cnf10k (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: rfoe: fix ptp4l bad message issue (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy: Add PTP slave and external PTP input clock support in RFOE PHC driver. (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: fix tx ptp ring entry format change (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix cpri rx packet handling (Baha Mesleh) [Orabug: 36725601] - octeontx2-bphy-netdev: ptp: Fix ptp timestamp reading across lmacs (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: cnf10k: Fix incorrect ptp tstamp entry size (Naveen Mamindlapalli) [Orabug: 36725601] - otx2-bphy-netdev: cnf10kb: add support for psm gpint2 interrupt (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: fix possibility of processing the mbt multiple times (Baha Mesleh) [Orabug: 36725601] - octeontx2-bphy-netdev: fix link carrier state update (Baha Mesleh) [Orabug: 36725601] - octeontx2-bphy-netdev: limit cpri error logging rate (Baha Mesleh) [Orabug: 36725601] - otx2-bphy-netdev: cn10k: fix NULL pointer dereference (Naveen Mamindlapalli) [Orabug: 36725601] - otx2-bphy-netdev: fix offset of cn10k registers (Naveen Mamindlapalli) [Orabug: 36725601] - otx2-bphy-netdev: remove unwanted debug message (Naveen Mamindlapalli) [Orabug: 36725601] - otx2-bphy-netdev: added cnf10k bphy netdev functionality (Naveen Mamindlapalli) [Orabug: 36725601] - otx2-bphy-netdev: separate bphy common code into separate files (Naveen Mamindlapalli) [Orabug: 36725601] - otx2-bphy-netdev: disable cpri code when cpri hw is not present (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: add debugfs support (Baha Mesleh) [Orabug: 36725601] - octeontx2-bphy-netdev: don't process a packet when psw indicates error (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: cpri: fix compilation warnings (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Add rfoe rx vlan forwarding configuration (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: avoid multiple kfree of common lmac objects (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix common lmac resource free (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: fix cleanup sequence in char device release (Baha Mesleh) [Orabug: 36725601] - octeontx2-bphy-netdev: remove unnecessary check when setting INTF_DOWN flag (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Add timeout to ptp transmit timestamp polling (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix napi schedule issue when intf is down (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix ptp tx processing race condition (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Added RFOE LMAC stats to ethtool (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Add PTP hardware clock support to rfoe interfaces (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix list_entry usage in the code (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Added ioctl to set low level link state (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix ptp pending skb list processing (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix kernel crash with ioctl trying to add timer (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Set minimum length of Tx packets to 64 bytes (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Enable accessing RFOE_RX_IND regs before odp netdev init (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Enable MSIXEN bit in IOCTL handler (Naveen Mamindlapalli) [Orabug: 36725601] - otx2-bphy-netdev: Add support for registering both rfoe and cpri netdev intf (Naveen Mamindlapalli) [Orabug: 36725601] - otx2-bphy-netdev: Add support for configurable PTP clock rate (Naveen Mamindlapalli) [Orabug: 36725601] - octeonx2-bphy-netdev: Add support for switching mode from RFOE to CPRI (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Add support for CPRI Ethernet packet processing (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: segregate chardev specific code (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Fix NULL pointer dereference (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Enable MSIXEN bit in MSIX CAP HDR (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Added PTP BCN offset algorithm (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Added ioctl to access RFOE_RX_IND registers (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: Added support for configurable packet types (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: netdev cleanup in char dev close (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: fix napi scheduling issue when interface is down (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-bphy-netdev: added full packet dump of mbt buffer (Naveen Mamindlapalli) [Orabug: 36725601] - OcteonTX2 BPHY RFOE netdev driver initial version (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-af: extend context reading capability (Harman Kalra) [Orabug: 36725601] - soc: marvell: hw_access: add mapping for mcs registers (Ankur Dwivedi) [Orabug: 36725601] - soc: marvell: hw-access: register access via debugfs (Sumit Gaur) [Orabug: 36725601] - soc: marvell: hw_access: fix pci resource leak (Harman Kalra) [Orabug: 36725601] - soc: marvell: hw_access: fix csr mapping range (Harman Kalra) [Orabug: 36725601] - soc: marvell: hw_access: Extend available ranges (Jakub Palider) [Orabug: 36725601] - soc: marvell: hw_access: add support to read aura/pool context (Ashwin Sekhar T K) [Orabug: 36725601] - soc: marvell: hw_access: get cgx info (Harman Kalra) [Orabug: 36725601] - soc: marvell: hw_access: add hw context reading support (Harman Kalra) [Orabug: 36725601] - soc: marvell: hw_access: cleaning up existing hw access driver (Harman Kalra) [Orabug: 36725601] - soc: marvell: hw_access: renaming to hw access driver (Harman Kalra) [Orabug: 36725601] - soc: marvell: Driver to access and modify device CSRs. (Rakesh Babu) [Orabug: 36725601] - drivers: soc: fwlog: use max_t instead of max (Pragnesh Patel) [Orabug: 36725601] - fwlog: fix invalid pointers and copy size in wraparound case (Aaro Koskinen) [Orabug: 36725601] - drivers: soc: fwlog: fix mapped size (Pragnesh Patel) [Orabug: 36725601] - drivers: soc: fwlog: Add firmware bootlog support (Pragnesh Patel) [Orabug: 36725601] - drivers: mmc: sdhci-cadence: Interrupt handling workaround (Jayanthi Annadurai) [Orabug: 36725601] - drivers: soc: Adds common Marvell OcteonTX header for SMC calls (sdonelli) [Orabug: 36725601] - octeontx2-af: Update HW workarounds for 96xx C0, 98xx and F95xx B0 chips (Geetha sowjanya) [Orabug: 36725601] - octeontx2-af: add TIM adjust GTI errata workaround (Shijith Thotton) [Orabug: 36725601] - octeontx2-af: cn10k: devlink params to configure TIM (Shijith Thotton) [Orabug: 36725601] - octeontx2-af: add support for changing vlan tpid (Nithin Dabilpuram) [Orabug: 36725601] - octeontx2-af: rvu: enable mcs fips mailboxes (Ankur Dwivedi) [Orabug: 36725601] - octeontx2-af: Check the msix offset return value (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-af: NDC sync op af mbox support (Nithin Dabilpuram) [Orabug: 36725601] - octeontx2-af: Move QMEM allocations from GFP_KERNEL to ATOMIC (Sunil Goutham) [Orabug: 36725601] - octeontx2-af: sync kernel structures with firmware (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: mcs: Add missing stats (Geetha sowjanya) [Orabug: 36725601] - octeontx2-af: mcs: add mailboxes for fips (Ankur Dwivedi) [Orabug: 36725601] - octeontx2-af: convert dev_dbg to tracepoint in mbox (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-af: Introducing REE block for 98xx (Smadar Fuks) [Orabug: 36725601] - octeontx2-af: Add support for SPI to SA index translation (Kiran Kumar K) [Orabug: 36725601] - drivers: sdhci: Add option to configure sdhci timeout (Jayanthi Annadurai) [Orabug: 36725601] - mmc: sdhci-cadence: Add debug option for SD6 controller (Jayanthi Annadurai) [Orabug: 36725601] - dt-bindings: mmc: sdhci-cadence: SD6 support (Jayanthi Annadurai) [Orabug: 36725601] - mmc: sdhci-cadence: enable MMC_SDHCI_IO_ACCESSORS support (Jayanthi Annadurai) [Orabug: 36725601] - mmc: sdhci-cadence: SD6 controller support (Dhananjay Kangude) [Orabug: 36725601] - mmc: sdhci-cadence: Restructure the code (Dhananjay Kangude) [Orabug: 36725601] - mmc: sdhci-cadence: Rename functions/structures to SD4 specific (Dhananjay Kangude) [Orabug: 36725601] - drivers: gpio: thunderx: Change GPIO level interrupt handler to handle_level_irq (Piyush Malgujar) [Orabug: 36725601] - drivers: gpio: thunderx: extend PIN_SEL to cover cn96xx (Piyush Malgujar) [Orabug: 36725601] - drivers: gpio: thunderx: Configure pin function at probe (Piyush Malgujar) [Orabug: 36725601] - drivers: gpio: thunderx: avoid potential deadlock (Piyush Malgujar) [Orabug: 36725601] - drivers: spi: octeontx2: ACPI support for SPI driver (Piyush Malgujar) [Orabug: 36725601] - drivers: spi: octeontx2: Resolve issues detected in static code analysis (Piyush Malgujar) [Orabug: 36725601] - drivers: spi: octeontx2: Add fix for hw issue (Piyush Malgujar) [Orabug: 36725601] - drivers: spi: octeontx2: use read after write for MPI_CFG (Piyush Malgujar) [Orabug: 36725601] - drivers: spi: octeontx2: set tritx in config register (Piyush Malgujar) [Orabug: 36725601] - drivers: spi: octeontx2: Support for octeontx2 spi controller (Piyush Malgujar) [Orabug: 36725601] - octeontx2-pf: Add support for creating netdev interfaces for SDP VFs (Radha Mohan Chintakuntla) [Orabug: 36725601] - octeontx2-af: add support for CPT second pass (Rakesh Kudurumalla) [Orabug: 36725601] - octeontx2-af: support overriding aura to zero for second pass (Nithin Dabilpuram) [Orabug: 36725601] - crypto: octeontx2: add support for ECDH (Srujana Challa) [Orabug: 36725601] - octeontx2-pf: notify VF about ptp event (Harman Kalra) [Orabug: 36725601] - octeontx2-af: Sending tsc value to the userspace (Harman Kalra) [Orabug: 36725601] - octeontx2-af: extend npa context reading capability (Ashwin Sekhar T K) [Orabug: 36725601] - octeontx2-af: allow second pass pkts via default ucast entry (Nithin Dabilpuram) [Orabug: 36725601] - octeontx2-af: suppress kpu profile loading warning (Harman Kalra) [Orabug: 36725601] - octeontx2-af: use cpt channel mask in flow install path (Nithin Dabilpuram) [Orabug: 36725601] - octeontx2-af: fix arguments passed to XAQ aura deinit (Shijith Thotton) [Orabug: 36725601] - octeontx2-af: Support for FDSA tag (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Code placement for cgx.c (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Gracefully skip the cgx_probe for unmapped devices. (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: link mode mapping (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: cn10k: Limit number of CGX blocks (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: rvu_cgx code placement (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Support for PTP notification to PF (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Add programmed macaddr to RVU pfvf (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Show count of dropped packets by DMAC filters (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Skip CGX probe if not connected to NIX (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: RPM extend csr address for T105N (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: cn10k: new Interface modes support (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Do not allow VFs to overwrite PKIND config (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Put CGX LMAC also in Higig2 mode (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Add new CGX_CMDs to set and get PHY modulation type (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Handle physical link state change requests (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: update address of global CGX RX_STATS (Hariprasad Kelam) [Orabug: 36725601] - crypto: octeontx: enable driver (Harman Kalra) [Orabug: 36725601] - crypto: octeontx-83: enable crypto device in domain (Harman Kalra) [Orabug: 36725601] - arm64: Add support for ASID locking (Alex Belits) [Orabug: 36725601] - kernel/exit.c: Add task cleanup callbacks (Alex Belits) [Orabug: 36725601] - PCI: octeontx-83: add new quirks (Harman Kalra) [Orabug: 36725601] - octeontx2-af: add new mbox to support sync cycle on rx path (Satha Rao) [Orabug: 36725601] - octeontx2-af: add mbox to enable or disable BP on CPT link (Nithin Dabilpuram) [Orabug: 36725601] - octeontx2-af: fix LBK backpressure config (Nithin Dabilpuram) [Orabug: 36725601] - octeontx2-af: set default min and max rx len for CPT link (Nithin Dabilpuram) [Orabug: 36725601] - crypto: octeontx2: add support for CPT1 in VF driver (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2: add support for rsa sign and verify (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2: add support for gcm(aes) (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2: add support for akcipher rsa (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2: add support for hash algorithms (Srujana Challa) [Orabug: 36725601] - octeontx2-af: TIM: Set conditional clock always on (Geetha sowjanya) [Orabug: 36725601] - octeontx2-af: Apply relevant HW issue workarounds for 96xx B0 silicon (Sunil Goutham) [Orabug: 36725601] - octeontx2-af: add NIX mbox message to get HW info (Shijith Thotton) [Orabug: 36725601] - octeontx2-af: sync changes missed from tim (Shijith Thotton) [Orabug: 36725601] - octeontx2-af: ignore sso lf count when checking pffunc validity (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: fix TIM disable lf sequence (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: use clock source to compute start cycle (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: reduce TIM TENNS clock source interval (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: cn10k: fix incorrect TIM interval array size (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: cn10k: update clock source offset (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: cn10k: track timer ring intervals (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: Setup edge used for GPIO timing (Michal Mazur) [Orabug: 36725601] - octeontx2-af: fix TIM slot to lf lookup (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: add TIM LF teardown (Stanislaw Kardach) [Orabug: 36725601] - octeontx2-af: fix TIM block address usage (Stanislaw Kardach) [Orabug: 36725601] - octeontx2-af: update TIM 10ns clk source min interval (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: Verify NPA/SSO/NIX PF_FUNC mapping (Sunil Goutham) [Orabug: 36725601] - octeontx2-af: add workaround for TIM reverse lookup (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: Add TIM unit support. (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: sync changes missed from sso (Shijith Thotton) [Orabug: 36725601] - octeontx2-af: serialize bar2 alias access (Srujana Challa) [Orabug: 36725601] - octeontx2-af: add read back of AF_BAR2_SEL register (Srujana Challa) [Orabug: 36725601] - octeontx2-af: add support for SSO WQE stashing (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: add SSO XAQ AURA access errata workaround (Shijith Thotton) [Orabug: 36725601] - octeontx2-af: timeout while draining SSO queues (Shijith Thotton) [Orabug: 36725601] - octeontx2-af: cycle through SSO queues to drain work (Shijith Thotton) [Orabug: 36725601] - octeontx2-af: use SSO HWS AF invalidate instead of LF invalidate (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: fix atomic load on NPA LF registers (Harman Kalra) [Orabug: 36725601] - octeontx2-af: drain XAQ buffers before lf teardown (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: fix implitit variable array (Stanislaw Kardach) [Orabug: 36725601] - octeontx2-af: add intradevice FLR handling (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: add additional description to irqs (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: add ratelimit to limit the asynchronous err messages (Shijith Thotton) [Orabug: 36725601] - octeontx2-af: add debugfs support for sso (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: remove support to limit xaq depth (Shijith Thotton) [Orabug: 36725601] - octeontx2-af: allow lower threshold in sso group qos mbox (Shijith Thotton) [Orabug: 36725601] - octeontx2-af: update SSO HWS invalidate mbox definition (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: add mbox to configure SSO group mask (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: enable SSO work interrupt periodic counter (Nithin Dabilpuram) [Orabug: 36725601] - octeontx2-af: invalidate GWC before accessing workslot (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: cn10k: enable getwork prefetching (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: ratelimit digest prints (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: add mbox to configure SSO LSW (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: fixes for SSO FLR (Shijith Thotton) [Orabug: 36725601] - octeontx2-af: enhance SSO FLR for CN10K (Shijith Thotton) [Orabug: 36725601] - octeontx2-af: add SSO mbox message to release XAQ aura (Shijith Thotton) [Orabug: 36725601] - octeontx2-af: reset HWS group mask during FLR (Michal Mazur) [Orabug: 36725601] - octeontx2-af: Fix reading SSOW_LF_GWS_TAG after rvu_poll_reg() (Radha Mohan Chintakuntla) [Orabug: 36725601] - octeontx2-af: Make SSO/SSOW LF teardown less CPU intensive (Radha Mohan Chintakuntla) [Orabug: 36725601] - octeontx2-af: add sso error af interrupt handlers (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: fix rvu_sso_ggrp_taq_flush (Angela Czubak) [Orabug: 36725601] - octeontx2-af: drain xaq before reconfiguring aura (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: restore sso hwgrp default thresholds (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: manually dain partially consumed TAQ buffers (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: update SSO HWGRP teardown sequence (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: update SSO GWS teardown sequence (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: add mbox to get SSO GWS/GGRP stats (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: add mbox to configure thresholds per HWGRP (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: Add SSO unit support to the AF driver (Radha Mohan Chintakuntla) [Orabug: 36725601] - irqchip/gicv3-its: Workaround for Marvell errata 35443 for 9xx (Geetha sowjanya) [Orabug: 36725601] - irqchip/gic-v3: Extend workaround for interrupt loss on IPI (Linu Cherian) [Orabug: 36725601] - irqchip/gic-v3: Add workaround for interrupt loss on IPI (Linu Cherian) [Orabug: 36725601] - iommu/arm-smmu-v3: Force 32 byte command queue memory reads (Linu Cherian) [Orabug: 36725601] - octeontx2-pf: Add ucast filter count configurability via devlink. (Sai Krishna) [Orabug: 36725601] - devlink: add documentation for octeontx2 driver (Subbaraya Sundeep) [Orabug: 36725601] - crypto: ecc - Move ecc.h to include/crypto/internal (Daniele Alessandrelli) [Orabug: 36725601] - arm64: cpufeature: Add missing .field_width for GIC system registers (Mark Brown) [Orabug: 36725601] - octeontx2-af: Fix devlink params (Sunil Goutham) [Orabug: 36725601] - octeontx2-af: fix the double free in rvu_npc_freemem() (Su Hui) [Orabug: 36725601] - octeontx2-af: Fix multicast/mirror group lock/unlock issue (Suman Ghosh) [Orabug: 36725601] - net: flower: fix stack-out-of-bounds in fl_set_key_cfm() (Eric Dumazet) [Orabug: 36725601] - Watchdog: marvell_gti_wdt: Remove redundant dev_err_probe() for platform_get_irq() (Jinjie Ruan) [Orabug: 36725601] - watchdog: marvell_gti_wdt: Fix error code in probe() (Dan Carpenter) [Orabug: 36725601] - crypto: octeontx2 - add missing check for dma_map_single (Chen Ni) [Orabug: 36725601] - i2c: xgene-slimpro: Fix wrong pointer passed to PTR_ERR() (Wei Yongjun) [Orabug: 36725601] - octeontx2-af: Initialize 'cntr_val' to fix uninitialized symbol error (Suman Ghosh) [Orabug: 36725601] - octeontx2-pf: Fix transmit scheduler resource leak (Hariprasad Kelam) [Orabug: 36725601] - Octeontx2-pf: Free send queue buffers incase of leaf to inner (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-pf: fix FLOW_DIS_IS_FRAGMENT implementation (Asbjorn Sloth Tonnesen) [Orabug: 36725601] - crypto: octeontx2 - select CONFIG_NET_DEVLINK (Shijith Thotton) [Orabug: 36725601] - perf/smmuv3: Fix unused variable warning when CONFIG_OF=n (Will Deacon) [Orabug: 36725601] - net: octeontx2-pf: mcs: consider MACSEC setting (Randy Dunlap) [Orabug: 36725601] - octeontx2-pf: mcs: Fix NULL pointer dereferences (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-pf: mcs: Clear stats before freeing resource (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-pf: mcs: Do not reset PN while updating secy (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-pf: mcs: update PN only when update_pn is true (Radu Pirea (NXP OSS)) [Orabug: 36725601] - octeontx2-pf: Fix pfc_alloc_status array overflow (Suman Ghosh) [Orabug: 36725601] - octeontx2-pf: Fix linking objects into multiple modules (Geetha sowjanya) [Orabug: 36725601] - octeontx2-pf: Do xdp_do_flush() after redirects. (Sebastian Andrzej Siewior) [Orabug: 36725601] - crypto: ecc - Export additional helper functions (Daniele Alessandrelli) [Orabug: 36725601] - arm64: cpufeature: Always specify and use a field width for capabilities (Mark Brown) [Orabug: 36725601] - octeontx2-pf: TC flower offload support for mirror (Suman Ghosh) [Orabug: 36725601] - octeontx2-pf: Add TC flower offload support for TCP flags (Sai Krishna) [Orabug: 36725601] - octeontx2-pf: TC flower offload support for ICMP type and code (Geetha sowjanya) [Orabug: 36725601] - octeontx2-pf: Tc flower offload support for MPLS (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Harden rule validation. (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-pf: TC flower offload support for SPI field (Ratheesh Kannoth) [Orabug: 36725601] - net: flow_dissector: Add IPSEC dissector (Ratheesh Kannoth) [Orabug: 36725601] - net: flow_dissector: add support for cfm packets (Zahari Doychev) [Orabug: 36725601] - flow_dissector: Add support for HSRv0 (Kurt Kanzenbach) [Orabug: 36725601] - flow_dissector: Add support for HSR (Kurt Kanzenbach) [Orabug: 36725601] - octeontx2-af: Initialize maps. (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-af: Fix a double free issue (Suman Ghosh) [Orabug: 36725601] - Octeontx2-af: Fix an issue in firmware shared data reserved space (Hariprasad Kelam) [Orabug: 36725601] - Octeontx2-af: Fetch MAC channel info from firmware (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-pf: Send UP messages to VF only when VF is up. (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-af: CN10KB: Fix FIFO length calculation for RPM2 (Nithin Dabilpuram) [Orabug: 36725601] - crypto: octeontx2 - By default allocate one CPT LF per CPT VF (Bharat Bhushan) [Orabug: 36725601] - octeontx2-af: Fix pause frame configuration (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Add new devlink param to configure maximum usable NIX block LFs (Suman Ghosh) [Orabug: 36725601] - drivers: watchdog: marvell_gti: fix zero pretimeout handling (Bharat Bhushan) [Orabug: 36725601] - octeontx2-pf: Add support for offload tc with skbedit mark action (Geetha sowjanya) [Orabug: 36725601] - octeontx2-pf: Use default max_active works instead of one (Subbaraya Sundeep) [Orabug: 36725601] - net: octeontx2: Use alloc_ordered_workqueue() to create ordered workqueues (Tejun Heo) [Orabug: 36725601] - octeontx2-pf: Wait till detach_resources msg is complete (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-af: Add new mbox to support multicast/mirror offload (Suman Ghosh) [Orabug: 36725601] - octeontx2-pf: Fix page pool frag allocation warning (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-af: update type of prof fields in nix_aw_enq_req (Simon Horman) [Orabug: 36725601] - octeontx2-pf: Fix page pool cache index corruption. (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-pf: fix page_pool creation fail for rings > 32k (Ratheesh Kannoth) [Orabug: 36725601] - tc: flower: Enable offload support IPSEC SPI field. (Ratheesh Kannoth) [Orabug: 36725601] - tc: flower: support for SPI (Ratheesh Kannoth) [Orabug: 36725601] - net: flower: add support for matching cfm fields (Zahari Doychev) [Orabug: 36725601] - net/sched: flower: Helper function for vlan ethtype checks (Boris Sukholitko) [Orabug: 36725601] - net/sched: flower: Allow matching on layer 2 miss (Ido Schimmel) [Orabug: 36725601] - net/sched: flower: Add L2TPv3 filter (Wojciech Drewek) [Orabug: 36725601] - net/sched: flower: Add PPPoE filter (Wojciech Drewek) [Orabug: 36725601] - net/sched: flower: Add number of vlan tags filter (Boris Sukholitko) [Orabug: 36725601] - octeontx2-af: Move validation of ptp pointer before its usage (Sai Krishna) [Orabug: 36725601] - octeontx2-af: CN10KB: fix PFC configuration (Hariprasad Kelam) [Orabug: 36725601] - drivers: watchdog: marvell_gti: Program the max_hw_heartbeat_ms (George Cherian) [Orabug: 36725601] - octeontx2-pf: mcs: Generate hash key using ecb(aes) (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-af: Promisc enable/disable through mbox (Ratheesh Kannoth) [Orabug: 36725601] - crypto: octeontx2 - support setting ctx ilen for inline CPT LF (Nithin Dabilpuram) [Orabug: 36725601] - octeontx2-pf: Fix graceful exit during PFC configuration failure (Suman Ghosh) [Orabug: 36725601] - cteonxt2-pf: Fix backpressure config for multiple PFC priorities to work simultaneously (Suman Ghosh) [Orabug: 36725601] - octeontx2-pf: TC flower offload support for rxqueue mapping (Ratheesh Kannoth) [Orabug: 36725601] - act_skbedit: skbedit queue mapping for receive queue (Amritha Nambiar) [Orabug: 36725601] - net/sched: act_skbedit: Add extack messages for offload failure (Ido Schimmel) [Orabug: 36725601] - octeontx2-af: TC flower offload support for inner VLAN (Suman Ghosh) [Orabug: 36725601] - octeontx2-af: Code restructure to handle TC outer VLAN offload (Suman Ghosh) [Orabug: 36725601] - dt-bindings: watchdog: marvell GTI system watchdog driver (Bharat Bhushan) [Orabug: 36725601] - octeontx2-pf: Add support for page pool (Ratheesh Kannoth) [Orabug: 36725601] - Watchdog: Add marvell GTI watchdog driver (Bharat Bhushan) [Orabug: 36725601] - octeontx2-af: Fix promiscuous mode (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-af: Remove the PF_FUNC validation for NPC transmit rules (Subbaraya Sundeep) [Orabug: 36725601] - crypto: octeontx2 - add devlink option to set t106 mode (Srujana Challa) [Orabug: 36725601] - ptp: idt82p33: remove PEROUT_ENABLE_OUTPUT_MASK (Min Li) [Orabug: 36725601] - ptp: idt82p33: Add PTP_CLK_REQ_EXTTS support (Min Li) [Orabug: 36725601] - ptp: ptp_clockmatrix: return -EBUSY if phase pull-in is in progress (Min Li) [Orabug: 36725601] - ptp: ptp_clockmatrix: fix is_single_shot (Min Li) [Orabug: 36725601] - ptp: ptp_clockmatrix: Add PTP_CLK_REQ_EXTTS support (Min Li) [Orabug: 36725601] - ptp: idt82p33: use rsmu driver to access i2c/spi bus (Min Li) [Orabug: 36725601] - ptp: ptp_clockmatrix: repair non-kernel-doc comment (Randy Dunlap) [Orabug: 36725601] - ptp: clockmatrix: use rsmu driver to access i2c/spi bus (Min Li) [Orabug: 36725601] - ptp: ptp_clockmatrix: Add support for pll_mode=0 and manual ref switch of WF and WP (Min Li) [Orabug: 36725601] - ptp: ptp_clockmatrix: Add support for FW 5.2 (8A34005) (Min Li) [Orabug: 36725601] - ptp: ptp_clockmatrix: Remove idtcm_enable_tod_sync() (Min Li) [Orabug: 36725601] - octeontx2-af: Fix mcs sa cam entries size (Geetha sowjanya) [Orabug: 36725601] - octeontx2-pf: Remove xdp queues on program detach (Geetha sowjanya) [Orabug: 36725601] - octeontx2-pf: ethtool expose qos stats (Hariprasad Kelam) [Orabug: 36725601] - macsec: Use helper macsec_netdev_priv for offload drivers (Subbaraya Sundeep) [Orabug: 36725601] - macsec: Don't rely solely on the dst MAC address to identify destination MACsec device (Emeel Hakim) [Orabug: 36725601] - vlan: Add MACsec offload operations for VLAN interface (Emeel Hakim) [Orabug: 36725601] - octeontx2-pf: mcs: Support VLAN in clear text (Subbaraya Sundeep) [Orabug: 36725601] - ethtool: add support to set/get completion queue event size (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-af: Adjust Tx credits when MCS external bypass is disabled (Nithin Dabilpuram) [Orabug: 36725601] - crypto: octeontx2 - register error interrupts for inline cptlf (Nithin Dabilpuram) [Orabug: 36725601] - octeontx2-af: mcs: Fix MCS block interrupt (Geetha sowjanya) [Orabug: 36725601] - irqchip/gic-v3: Detect LPI invalidation MMIO registers (Marc Zyngier) [Orabug: 36725601] - irqchip/gic-v3: Exposes bit values for GICR_CTLR.{IR, CES} (Marc Zyngier) [Orabug: 36725601] - octeontx2-af: Enable hardware timestamping for VFs (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-af: Fix hash extraction enable configuration (Suman Ghosh) [Orabug: 36725601] - octeontx2-pf: Restore TC ingress police rules when interface is up (Subbaraya Sundeep) [Orabug: 36725601] - crypto: octeontx2 - add LF reset on queue disable (Srujana Challa) [Orabug: 36725601] - octeontx2-pf: mcs: Fix shared counters logic (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-pf: mcs: Match macsec ethertype along with DMAC (Subbaraya Sundeep) [Orabug: 36725601] - octeonxt2-af: mcs: Fix per port bypass config (Geetha sowjanya) [Orabug: 36725601] - octeontx2-af: mcs: Write TCAM_DATA and TCAM_MASK registers at once (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-af: Fix issues with NPC field hash extract (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-pf: Fix PFC TX scheduler free (Suman Ghosh) [Orabug: 36725601] - octeontx2-af: print error message incase of invalid pf mapping (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Fix depth of cam and mem table. (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-af: Fix start and end bit for scan config (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-af: Update correct mask to filter IPv4 fragments (Suman Ghosh) [Orabug: 36725601] - octeontx2-af: debugfs: update CQ context fields (Nithin Dabilpuram) [Orabug: 36725601] - octeontx2-pf: mcs: Offload extended packet number(XPN) feature (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-af: Add devlink option to adjust mcam high prio zone entries (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-af: Update/Fix NPC field hash extract feature (Ratheesh Kannoth) [Orabug: 36725601] - crypto: octeontx2 - remove errata workaround for CN10KB or CN10KA B0 chip. (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2 - add ctx_val workaround (Srujana Challa) [Orabug: 36725601] - perf/uapi: Define PERF_MEM_SNOOPX_PEER in kernel header file (Ravi Bangoria) [Orabug: 36725601] - octeontx2-af: cn10kb: fix interrupt csr addresses (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: mcs: Config parser to skip 8B header (Geetha sowjanya) [Orabug: 36725601] - net: macsec: remove the prepare flag from the MACsec offloading context (Antoine Tenart) [Orabug: 36725601] - net: atlantic: macsec: remove checks on the prepare phase (Antoine Tenart) [Orabug: 36725601] - net: phy: mscc: macsec: remove checks on the prepare phase (Antoine Tenart) [Orabug: 36725601] - net: macsec: remove the prepare phase when offloading (Antoine Tenart) [Orabug: 36725601] - net: atlantic: macsec: make the prepare phase a noop (Antoine Tenart) [Orabug: 36725601] - net: phy: mscc: macsec: make the prepare phase a noop (Antoine Tenart) [Orabug: 36725601] - octeontx2-af: CN10KB: Add USGMII LMAC mode (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Set XOFF on other child transmit schedulers during SMQ flush (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-pf: Enable PTP PPS output support (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-pf: Use PTP HW timestamp counter atomic update feature (Sai Krishna) [Orabug: 36725601] - octeontx2: Remove unnecessary ternary operators (Ruan Jinjie) [Orabug: 36725601] - arm64: mm: Convert to GENERIC_IOREMAP (Kefeng Wang) [Orabug: 36725601] - mm: ioremap: Use more sensible name in ioremap_prot() (Kefeng Wang) [Orabug: 36725601] - mailbox: pcc: Use PCC mailbox channel pointer instead of standard (Sudeep Holla) [Orabug: 36725601] - mailbox: pcc: Add pcc_mbox_chan structure to hold shared memory region info (Sudeep Holla) [Orabug: 36725601] - mailbox: pcc: Consolidate subspace doorbell register parsing (Sudeep Holla) [Orabug: 36725601] - mailbox: pcc: Consolidate subspace interrupt information parsing (Sudeep Holla) [Orabug: 36725601] - mailbox: pcc: Refactor all PCC channel information into a structure (Sudeep Holla) [Orabug: 36725601] - mailbox: pcc: Fix kernel doc warnings (Sudeep Holla) [Orabug: 36725601] - of: Add of_get_cpu_hwid() to read hardware ID from CPU nodes (Rob Herring) [Orabug: 36725601] - genirq: GENERIC_IRQ_EFFECTIVE_AFF_MASK depends on SMP (Samuel Holland) [Orabug: 36725601] - ACPI: irq: Allow acpi_gsi_to_irq() to have an arch-specific fallback (Marc Zyngier) [Orabug: 36725601] - ACPI: irq: Fix some kernel-doc issues (Xiongfeng Wang) [Orabug: 36725601] - APCI: irq: Add support for multiple GSI domains (Marc Zyngier) [Orabug: 36725601] - octeontx2-af: Add validation for lmac type (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Fix devlink unregister (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-pf: consider both Rx and Tx packet stats for adaptive interrupt coalescing (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-pf: Free pending and dropped SQEs (Geetha sowjanya) [Orabug: 36725601] - octeontx2: Detect the mbox up or down message via register (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-af: Install TC filter rules in hardware based on priority (Suman Ghosh) [Orabug: 36725601] - octeontx2-pf: Increase the size of dmac filter flows (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-pf: Allow both ntuple and TC features on the interface (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-pf: Prepare for QOS offload (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-pf: htb offload support for Round Robin scheduling (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-pf: implement transmit schedular allocation algorithm (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-pf: Add support for HTB offload (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-pf: Fix resource leakage in VF driver unbind (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-pf: Refactor schedular queue alloc/free calls (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-pf: qos send queues management (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-pf: Fix SQE threshold checking (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-pf: Rename tot_tx_queues to non_qos_queues (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Add filter profiles in hardware to extract packet headers (Suman Ghosh) [Orabug: 36725601] - octeontx2-af: cn10k: mcs: Fix a resource leak in the probe and remove functions (Christophe JAILLET) [Orabug: 36725601] - spi: cadence: Ensure data lines set to low during dummy-cycle period (Witold Sadowski) [Orabug: 36725601] - spi: cadence: Fix busy cycles calculation (Witold Sadowski) [Orabug: 36725601] - spi: cadence: Remove redundant dev_err call (Shang XiaoJing) [Orabug: 36725601] - spi: cadence: fix platform_get_irq.cocci warning (Yihao Han) [Orabug: 36725601] - spi: cadence: Add of_node_put() before return (Wan Jiabing) [Orabug: 36725601] - spi: cadence: fix static checker warning (Parshuram Thombare) [Orabug: 36725601] - spi: cadence: Fix spelling mistake 'nunber' -> 'number' (Colin Ian King) [Orabug: 36725601] - spi: cadence: add support for Cadence XSPI controller (Parshuram Thombare) [Orabug: 36725601] - spi: cadence: add dt-bindings documentation for Cadence XSPI controller (Parshuram Thombare) [Orabug: 36725601] - Documentation: arm64: Document PMU counters access from userspace (Raphael Gault) [Orabug: 36725601] - octeontx2-af: Add missing mcs flr handler call (Geetha sowjanya) [Orabug: 36725601] - octeontx2-af: Fix mcs stats register address (Geetha sowjanya) [Orabug: 36725601] - i2c: octeon: Handle watchdog timeout (Suneel Garapati) [Orabug: 36725601] - i2c: octeon: Add platform prefix to macros (Piyush Malgujar) [Orabug: 36725601] - i2c: thunderx: Support for High speed mode (Suneel Garapati) [Orabug: 36725601] - i2c: thunderx: Clock divisor logic changes (Suneel Garapati) [Orabug: 36725601] - octeontx2-af: cn10k: Set NIX DWRR MTU for CN10KB silicon (Sunil Goutham) [Orabug: 36725601] - octeontx2-af: cn10k: Increase outstanding LMTST transactions (Pavan Nikhilesh) [Orabug: 36725601] - octeontx2-af: cn10k: mcs: Fix copy and paste bug in mcs_bbe_intr_handler() (Dan Carpenter) [Orabug: 36725601] - octeontx2-pf: Recalculate UDP checksum for ptp 1-step sync packet (Geetha sowjanya) [Orabug: 36725601] - octeontx2-pf: Add support to filter packet based on IP fragment (Suman Ghosh) [Orabug: 36725601] - octeontx2-pf: Add additional checks while configuring ucast/bcast/mcast rules (Suman Ghosh) [Orabug: 36725601] - octeontx2-af: Allow mkex profile without DMAC and add L2M/L2B header extraction support (Suman Ghosh) [Orabug: 36725601] - octeontx2-af: Don't treat lack of CGX interfaces as error (Sunil Goutham) [Orabug: 36725601] - octeontx2-pf: Reset MAC stats during probe (Sai Krishna) [Orabug: 36725601] - octeontx2-af: Reset MAC features in FLR (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Add FEC stats for RPM/RPM_USX block (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: cn10kb: Add RPM_USX MAC support (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Support variable number of lmacs (Rakesh Babu Saladi) [Orabug: 36725601] - net: thunderx: remove null check after call container_of() (Haowen Bai) [Orabug: 36725601] - octeontx2-af: Removed unnecessary debug messages. (Sunil Goutham) [Orabug: 36725601] - octeontx2-af: Enable LBK links only when switch mode is on. (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-af: Add NIX Errata workaround on CN10K silicon (Geetha sowjanya) [Orabug: 36725601] - octeontx2-af: add option to toggle DROP_RE enable in rx cfg (Nithin Dabilpuram) [Orabug: 36725601] - crypto: octeontx2 - update CPT inbound inline IPsec mailbox (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2 - add support for AF to CPT PF uplink mbox (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2 - add SGv2 support for CN10KB or CN10KA B0 (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2 - hardware configuration for inline IPsec (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2 - Fix objects shared between several modules (Alexander Lobakin) [Orabug: 36725601] - crypto: octeontx2 - remove CPT block reset (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2 - increase CPT HW instruction queue length (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2 - Remove the unneeded result variable (ye xingchen) [Orabug: 36725601] - crypto: octeontx2 - simplify the return expression of otx2_cpt_aead_cbc_aes_sha_setkey() (Minghao Chi) [Orabug: 36725601] - crypto: octeontx2 - use swap() to make code cleaner (chiminghao) [Orabug: 36725601] - crypto: drivers - move from strlcpy with unused retval to strscpy (Wolfram Sang) [Orabug: 36725601] - crypto: octeontx2 - fix potential null pointer access (Shijith Thotton) [Orabug: 36725601] - crypto: octeontx2 - add firmware version in devlink info (Shijith Thotton) [Orabug: 36725601] - crypto: octeontx2 - disable DMA black hole on an DMA fault (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2 - CN10K CPT to RNM workaround (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2 - Use swap() instead of swap_engines() (Jiapeng Chong) [Orabug: 36725601] - crypto: octeontx2 - Avoid stack variable overflow (Kees Cook) [Orabug: 36725601] - crypto: octeontx2 - out of bounds access in otx2_cpt_dl_custom_egrp_delete() (Dan Carpenter) [Orabug: 36725601] - crypto: octeontx2 - add apis for custom engine groups (Srujana Challa) [Orabug: 36725601] - crypto: octeontx2 - fix missing unlock (Yang Yingliang) [Orabug: 36725601] - crypto: octeontx2 - add synchronization between mailbox accesses (Harman Kalra) [Orabug: 36725601] - crypto: octeontx2 - parameters for custom engine groups (Srujana Challa) [Orabug: 36725601] - octeontx2-af: update CPT inbound inline IPsec config mailbox (Srujana Challa) [Orabug: 36725601] - octeontx2-af: restore rxc conf after teardown sequence (Nithin Dabilpuram) [Orabug: 36725601] - octeontx2-af: add mbox to return CPT_AF_FLT_INT info (Srujana Challa) [Orabug: 36725601] - octeontx2-af: optimize cpt pf identification (Srujana Challa) [Orabug: 36725601] - octeontx2-af: modify FLR sequence for CPT (Srujana Challa) [Orabug: 36725601] - octeontx2-af: add mbox for CPT LF reset (Srujana Challa) [Orabug: 36725601] - octeontx2-af: recover CPT engine when it gets fault (Srujana Challa) [Orabug: 36725601] - arm64: Declare non global symbols as static (Linu Cherian) [Orabug: 36725601] - arm64: Add cavium_erratum_23154_cpus missing sentinel (Marc Zyngier) [Orabug: 36725601] - irqchip/gic-v3: Workaround Marvell erratum 38545 when reading IAR (Linu Cherian) [Orabug: 36725601] - arm64: re-enable CAVIUM_ERRATUM_23154, disable CAVIUM_ERRATUM_27456 (Dave Kleikamp) [Orabug: 36725601] - dt-bindings: perf: marvell: cn10k ddr performance monitor (Bharat Bhushan) [Orabug: 36725601] - hwrng: cavium - fix NULL but dereferenced coccicheck error (Wan Jiabing) [Orabug: 36725601] - perf/smmuv3: Add devicetree support (Jean-Philippe Brucker) [Orabug: 36725601] - ethernet: marvell: octeontx2 Fix resource not freed after malloc (Manank Patel) [Orabug: 36725601] - octeontx2-pf: mcs: fix possible memory leak in otx2_probe() (Yang Yingliang) [Orabug: 36725601] - octeontx2-af: cn10k: mcs: Fix error return code in mcs_register_interrupts() (Yang Yingliang) [Orabug: 36725601] - octeontx2-pf: mcs: fix missing unlock in some error paths (Yang Yingliang) [Orabug: 36725601] - octeontx2-pf: mcs: remove unneeded semicolon (Yang Li) [Orabug: 36725601] - octeontx2-pf: mcs: Introduce MACSEC hardware offloading (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-af: cn10k: mcs: Add debugfs support (Geetha sowjanya) [Orabug: 36725601] - octeontx2-af: cn10k: mcs: Handle MCS block interrupts (Geetha sowjanya) [Orabug: 36725601] - octeontx2-af: cn10k: mcs: Support for stats collection (Geetha sowjanya) [Orabug: 36725601] - octeontx2-af: cn10k: mcs: Install a default TCAM for normal traffic (Geetha sowjanya) [Orabug: 36725601] - octeontx2-af: cn10k: mcs: Manage the MCS block hardware resources (Geetha sowjanya) [Orabug: 36725601] - octeontx2-af: cn10k: mcs: Add mailboxes for port related operations (Geetha sowjanya) [Orabug: 36725601] - octeontx2-af: cn10k: Introduce driver for macsec block. (Geetha sowjanya) [Orabug: 36725601] - octeontx2-pf: Fix unused variable build error (Ren Zhijie) [Orabug: 36725601] - octeontx2-af: Initialize PTP_SEC_ROLLOVER register properly (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-af: Add PTP PPS Errata workaround on CN10K silicon (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-pf: Add support for ptp 1-step mode on CN10K silicon (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: return correct ptp timestamp for CN10K silicon (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-pf: Add egress PFC support (Suman Ghosh) [Orabug: 36725601] - octeontx2-pf: Reduce minimum mtu size to 60 (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-af: Fixes static warnings (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-af: Limit link bringup time at firmware (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: returning uninitialized variable (Sebin Sebastian) [Orabug: 36725601] - octeontx2-af: Remove duplicate include (Jiapeng Chong) [Orabug: 36725601] - octeontx2-af: Skip CGX/RPM probe incase of zero lmac count (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Enable Exact match flag in kex profile (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-pf: Add support for exact match table. (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-af: Invoke exact match functions if supported (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-af: Wrapper functions for MAC addr add/del/update/reset (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2: Modify mbox request and response structures (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-af: Debugsfs support for exact match. (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-af: Drop rules for NPC MCAM (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-af: FLR handler for exact match table. (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-af: devlink configuration support (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-af: Exact match scan from kex profile (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-af: Exact match support (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-af: Use hashed field in MCAM key (Ratheesh Kannoth) [Orabug: 36725601] - octeontx2-af: Don't reset previous pfc config (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: fix operand size in bitwise operation (Shijith Thotton) [Orabug: 36725601] - marvell/octeontx2/af: fix repeated words in comments (Jilin Yuan) [Orabug: 36725601] - octeontx2-vf: Add support for adaptive interrupt coalescing (Suman Ghosh) [Orabug: 36725601] - octeontx2-pf: Add support for adaptive interrupt coalescing (Suman Ghosh) [Orabug: 36725601] - octeontx2-pf: Vary completion queue event size (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-pf: Change receive buffer size using ethtool (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-pf: Remove unnecessary synchronize_irq() before free_irq() (Minghao Chi) [Orabug: 36725601] - octeontx2-af: debugfs: fix error return of allocations (Niels Dossche) [Orabug: 36725601] - octeontx2-pf: replace bitmap_weight with bitmap_empty where appropriate (Yury Norov) [Orabug: 36725601] - octeontx2-af: cn10k: add workaround for ptp errata (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-pf: cn10k: add support for new ptp timestamp format (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-af: fix array bound error (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-pf: Add TC feature for VFs (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-pf: PFC config support with DCBx (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Flow control resource management (Hariprasad Kelam) [Orabug: 36725601] - octeontx2-af: Priority flow control configuration support (Sunil Kumar Kori) [Orabug: 36725601] - octeontx2-af: Fix interrupt name strings (Sunil Goutham) [Orabug: 36725601] - octeontx2-nicvf: Free VF PTP resources. (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-af: debugfs: don't corrupt user memory (Dan Carpenter) [Orabug: 36725601] - octeontx2-nicvf: fix ioctl callback (Arnd Bergmann) [Orabug: 36725601] - octeontx2-af: use swap() to make code cleaner (Yang Guang) [Orabug: 36725601] - octeontx2-af: debugfs: Add channel and channel mask. (Rakesh Babu) [Orabug: 36725601] - octeontx2-af: cn10k: debugfs for dumping LMTST map table (Harman Kalra) [Orabug: 36725601] - octeontx2-af: debugfs: Minor changes. (Rakesh Babu Saladi) [Orabug: 36725601] - octeontx2-af: Increase number of reserved entries in KPU (Kiran Kumar K) [Orabug: 36725601] - octeontx2-nic: fix mixed module build (Arnd Bergmann) [Orabug: 36725601] - octeontx2-af: Add support to flush full CPT CTX cache (Srujana Challa) [Orabug: 36725601] - octeontx2-af: Perform cpt lf teardown in non FLR path (Nithin Dabilpuram) [Orabug: 36725601] - octeontx2-af: Enable CPT HW interrupts (Srujana Challa) [Orabug: 36725601] - octeontx2-pf: Simplify the receive buffer size calculation (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2-af: Remove redundant initialization of variable pin (Colin Ian King) [Orabug: 36725601] - octeontx2-pf: Add XDP support to netdev PF (Geetha sowjanya) [Orabug: 36725601] - octeontx2-nicvf: Add PTP hardware clock support to NIX VF (Naveen Mamindlapalli) [Orabug: 36725601] - octeontx2-af: Add external ptp input clock (Yi Guo) [Orabug: 36725601] - octeontx2-af: Use ptp input clock info from firmware data (Subbaraya Sundeep) [Orabug: 36725601] - octeontx2: Move devlink registration to be last devlink command (Leon Romanovsky) [Orabug: 36725601] - octeontx2-af: Limit KPU parsing for GTPU packets (Kiran Kumar K) [Orabug: 36725601] - octeontx2-af: Remove redundant initialization of variable blkaddr (Colin Ian King) [Orabug: 36725601] - octeontx2-af: Fix uninitialized variable val (Colin Ian King) [Orabug: 36725601] - octeontx2-af: Hardware configuration for inline IPsec (Srujana Challa) [Orabug: 36725601] - octeontx2-pf: CN10K: Hide RPM stats over ethtool (Hariprasad Kelam) [Orabug: 36725601] - uek-rpm: Add skx_edac_common.ko to core-x86_64.list (Sherry Yang) [Orabug: 37033806] - EDAC, i10nm: make skx_common.o a separate module (Arnd Bergmann) [Orabug: 37033806] - VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (David Fernandez Gonzalez) [Orabug: 37037203] - uek-rpm: Enable CONFIG_BLK_DEV_DRBD (Vijayendra Suman) [Orabug: 36930383] - crypto: qat - specify firmware files for 402xx (Giovanni Cabiddu) [Orabug: 37041628] [5.15.0-301.163.1] - mm/memory-failure: send SIGBUS in the event of thp split fail (Jane Chu) [Orabug: 36307960] - mm/memory-failure: move hwpoison_filter() higher up (Jane Chu) [Orabug: 36307960] - mm/memory-failure: improve memory failure action_result messages (Jane Chu) [Orabug: 36307960] - mm/hwpoison: put page in already hwpoisoned case with MF_COUNT_INCREASED (Naoya Horiguchi) [Orabug: 36307960] - mm/madvise: add MF_ACTION_REQUIRED to madvise(MADV_HWPOISON) (Jane Chu) [Orabug: 36307960] - mm/memory-failure: try to send SIGBUS even if unmap failed (Jane Chu) [Orabug: 36307960] - mm: memory-failure: cleanup try_to_split_thp_page() (Kefeng Wang) [Orabug: 36307960] - fwctl: Allow up to 4k devices (Saeed Mahameed) [Orabug: 36970896] - net/mlx5: Fix IPsec RoCE MPV trace call (Patrisious Haddad) [Orabug: 37000459] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-35959 CVE-2024-42269 CVE-2024-47674 CVE-2024-42270 CVE-2024-26623 CVE-2024-26681 CVE-2024-35801 CVE-2024-26734 CVE-2024-40940 CVE-2024-27397 cpe:/a:oracle:linux:8::UEKR7 cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9::UEKR7 Oracle Linux 7 Oracle Linux 8 Oracle Linux 9 [20241003-999.35.git95bfe086.el8] - Rebase to latest upstream [Orabug: 37132142] - Fix build error in ol7 due to linking in copy-firmware.sh [Orabug: 37132515] - Bring back drirectory structure qcom/sc8280xp [Orabug: 37132142] MODERATE Copyright 2024 Oracle, Inc. CVE-2023-31356 CVE-2023-20584 cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:7::latest cpe:/o:oracle:linux:8:10:baseos_patch cpe:/o:oracle:linux:9:4:baseos_patch cpe:/a:oracle:linux:7::optional_latest cpe:/o:oracle:linux:8::baseos_latest cpe:/a:oracle:linux:7:9:patch Oracle Linux 9 [5.15.0-302.167.6] - ice: Add a per-VF limit on number of FDIR filters (Ahmed Zaki) [Orabug: 36964088] {CVE-2024-42291} - scsi: lpfc: Fix a possible null pointer dereference (Huai-Yuan Liu) [Orabug: 36964437] {CVE-2024-43821} - power: reset: pwr-mlxbf: support graceful shutdown (Asmaa Mnebhi) [Orabug: 37208029] - gpio: mlxbf3: Support shutdown() function (Asmaa Mnebhi) [Orabug: 37208029] - sdhci-of-dwcmshc: disable PM runtime in dwcmshc_remove() (Liming Sun) [Orabug: 37208029] - ocfs2: reserve space for inline xattr before attaching reflink tree (Gautham Ananthakrishna) [Orabug: 37199019] - Revert 'ocfs2: ocfs2 crash due to invalid h_next_leaf_blk value in extent block' (Gautham Ananthakrishna) [Orabug: 37199019] [5.15.0-302.167.5] - mm/hugetlb: fix adjusting poison page flag in non-HVO scenario (Jane Chu) [Orabug: 37182268] - x86/bugs: Adjust SRSO mitigation to new features (Boris Ostrovsky) [Orabug: 37145844] - net/mlx5: disable the 'fast unload' feature on Exadata systems (Qing Huang) [Orabug: 37093170] - NFS: remove revoked delegation from server's delegation list (Dai Ngo) [Orabug: 36990366] - perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology() (Alexander Antonov) [Orabug: 36882937] {CVE-2023-52450} [5.15.0-302.167.4] - LTS version: v5.15.167 (Vijayendra Suman) - udp: fix receiving fraglist GSO packets (Felix Fietkau) - memcg: protect concurrent access to mem_cgroup_idr (Shakeel Butt) [Orabug: 36993003] {CVE-2024-43892} - btrfs: fix race between direct IO write and fsync when using same fd (Filipe Manana) [Orabug: 37195092] {CVE-2024-46734} - net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket (Daniel Borkmann) - x86/mm: Fix PTI for i386 some more (Thomas Gleixner) - net: drop bad gso csum_start and offset in virtio_net_hdr (Willem de Bruijn) [Orabug: 37195028] {CVE-2024-43897} - gso: fix dodgy bit handling for GSO_UDP_L4 (Yan Zhai) - net: change maximum number of UDP segments to 128 (Yuri Benditovich) - net: more strict VIRTIO_NET_HDR_GSO_UDP_L4 validation (Willem de Bruijn) - gpio: rockchip: fix OF node leak in probe() (Krzysztof Kozlowski) - drm/i915/fence: Mark debug_fence_free() with __maybe_unused (Andy Shevchenko) - drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused (Andy Shevchenko) - ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode (Matteo Martelli) - nvmet-tcp: fix kernel crash if commands allocation fails (Maurizio Lombardi) [Orabug: 37074464] {CVE-2024-46737} - arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (Jonathan Cameron) [Orabug: 37116411] {CVE-2024-46822} - arm64: acpi: Move get_cpu_for_acpi_id() to a header (James Morse) - ACPI: processor: Fix memory leaks in error paths of processor_add() (Jonathan Cameron) - ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() (Jonathan Cameron) - workqueue: Improve scalability of workqueue watchdog touch (Nicholas Piggin) [Orabug: 37116487] {CVE-2024-46839} - workqueue: wq_watchdog_touch is always called with valid CPU (Nicholas Piggin) - nilfs2: protect references to superblock parameters exposed in sysfs (Ryusuke Konishi) [Orabug: 37074676] {CVE-2024-46780} - nilfs2: replace snprintf in show functions with sysfs_emit (Qing Wang) - ksmbd: Unlock on in ksmbd_tcp_set_interfaces() (Dan Carpenter) - ksmbd: unset the binding mark of a reused connection (Namjae Jeon) [Orabug: 37074716] {CVE-2024-46795} - perf/aux: Fix AUX buffer serialization (Peter Zijlstra) [Orabug: 37070802] {CVE-2024-46713} - uprobes: Use kzalloc to allocate xol area (Sven Schnelle) - clocksource/drivers/timer-of: Remove percpu irq related code (Daniel Lezcano) - clocksource/drivers/imx-tpm: Fix next event not taking effect sometime (Jacky Bai) - clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX (Jacky Bai) - Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic (Naman Jain) - uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (Saurabh Sengar) [Orabug: 37074472] {CVE-2024-46739} - nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc (Geert Uytterhoeven) - binder: fix UAF caused by offsets overwrite (Carlos Llamas) [Orabug: 37074476] {CVE-2024-46740} - usb: dwc3: core: update LC timer as per USB Spec V3.2 (Faisal Hassan) - iio: adc: ad7124: fix chip ID mismatch (Dumitru Ceclan) - iio: adc: ad7124: fix config comparison (Dumitru Ceclan) - iio: fix scale application in iio_convert_raw_to_processed_unlocked (Matteo Martelli) - iio: buffer-dmaengine: fix releasing dma channel on error (David Lechner) - staging: iio: frequency: ad9834: Validate frequency parameter value (Aleksandr Mishin) [Orabug: 37159727] {CVE-2024-47663} - cifs: Check the lease context if we actually got a lease (Ronnie Sahlberg) - NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations (Trond Myklebust) - ata: pata_macio: Use WARN instead of BUG (Michael Ellerman) - MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed (Jiaxun Yang) [Orabug: 37116454] {CVE-2024-46832} - lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (Kent Overstreet) [Orabug: 37159756] {CVE-2024-47668} - of/irq: Prevent device address out-of-bounds read in interrupt map walk (Stefan Wiehler) [Orabug: 37074487] {CVE-2024-46743} - Squashfs: sanity check symbolic link size (Phillip Lougher) [Orabug: 37074494] {CVE-2024-46744} - usbnet: ipheth: race between ipheth_close and error handling (Oliver Neukum) - Input: uinput - reject requests with unreasonable number of slots (Dmitry Torokhov) [Orabug: 37074502] {CVE-2024-46745} - HID: amd_sfh: free driver_data after destroying hid device (Olivier Sobrie) [Orabug: 37074507] {CVE-2024-46746} - HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup (Camila Alvarez) [Orabug: 37074512] {CVE-2024-46747} - s390/vmlinux.lds.S: Move ro_after_init section behind rodata section (Heiko Carstens) - btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() (David Sterba) - kselftests: dmabuf-heaps: Ensure the driver name is null-terminated (Zenghui Yu) - i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup (Jarkko Nikula) [Orabug: 37159737] {CVE-2024-47665} - net: dpaa: avoid on-stack arrays of NR_CPUS elements (Vladimir Oltean) - PCI: Add missing bridge lock to pci_bus_lock() (Dan Williams) [Orabug: 37074530] {CVE-2024-46750} - riscv: set trap vector earlier (yang.zhang) - btrfs: replace BUG_ON() with error handling at update_ref_for_cow() (Filipe Manana) [Orabug: 37074542] {CVE-2024-46752} - btrfs: clean up our handling of refs == 0 in snapshot delete (Josef Bacik) [Orabug: 37116493] {CVE-2024-46840} - btrfs: replace BUG_ON with ASSERT in walk_down_proc() (Josef Bacik) - fs/ntfs3: Check more cases when directory is corrupted (Konstantin Komarov) - smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu() (Zqiang) - wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (Sascha Hauer) [Orabug: 37074560] {CVE-2024-46755} - dma-mapping: benchmark: Don't starve others when doing the test (Yicong Yang) - ext4: fix possible tid_t sequence overflows (Luis Henriques (SUSE)) - drm/amdgpu: Set no_hw_access when VF request full GPU fails (Yifan Zha) - libbpf: Add NULL checks to bpf_object__{prev_map,next_map} (Andreas Ziegler) - hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074565] {CVE-2024-46756} - hwmon: (nct6775-core) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074570] {CVE-2024-46757} - hwmon: (lm95234) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074578] {CVE-2024-46758} - hwmon: (adc128d818) Fix underflows seen when writing limit attributes (Guenter Roeck) [Orabug: 37074583] {CVE-2024-46759} - pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (Krishna Kumar) [Orabug: 37074594] {CVE-2024-46761} - devres: Initialize an uninitialized struct member (Zijun Hu) - um: line: always fill *error_out in setup_one_line() (Johannes Berg) [Orabug: 37116517] {CVE-2024-46844} - cgroup: Protect css->cgroup write under css_set_lock (Waiman Long) - iommu/vt-d: Handle volatile descriptor status read (Jacob Pan) - dm init: Handle minors larger than 255 (Benjamin Marzinski) - ASoC: topology: Properly initialize soc_enum values (Amadeusz Slawinski) - net: dsa: vsc73xx: fix possible subblocks range of CAPT block (Pawel Dembicki) - net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN (Jonas Gorski) - fou: Fix null-ptr-deref in GRO. (Kuniyuki Iwashima) [Orabug: 37074606] {CVE-2024-46763} - gro: remove rcu_read_lock/rcu_read_unlock from gro_complete handlers (Eric Dumazet) - gro: remove rcu_read_lock/rcu_read_unlock from gro_receive handlers (Eric Dumazet) - bareudp: Fix device stats updates. (Guillaume Nault) - usbnet: modern method to get random MAC (Oliver Neukum) - net: usb: don't write directly to netdev->dev_addr (Jakub Kicinski) - ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (Larysa Zaremba) - igc: Unlock on error in igc_io_resume() (Dan Carpenter) - tcp_bpf: fix return value of tcp_bpf_sendmsg() (Cong Wang) [Orabug: 37074692] {CVE-2024-46783} - platform/x86: dell-smbios: Fix error path in dell_smbios_init() (Aleksandr Mishin) - igb: Fix not clearing TimeSync interrupts for 82580 (Daiwei Li) - can: m_can: Release irq on error in m_can_open (Simon Horman) - can: bcm: Remove proc entry when dev is unregistered. (Kuniyuki Iwashima) [Orabug: 37074624] {CVE-2024-46771} - drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 (Marek Olsak) - pcmcia: Use resource_size function on resource object (Jules Irenge) - media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse (Chen Ni) - PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) (Kishon Vijay Abraham I) [Orabug: 37159749] {CVE-2024-47667} - media: vivid: don't set HDMI TX controls if there are no HDMI outputs (Hans Verkuil) - drm/amd/display: Check HDCP returned status (Alex Hung) - usb: uas: set host status byte on data completion error (Shantanu Goel) - wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 (Arend van Spriel) - leds: spi-byte: Call of_node_put() on error path (Andy Shevchenko) - media: vivid: fix wrong sizeimage value for mplane (Hans Verkuil) - udf: Avoid excessive partition lengths (Jan Kara) [Orabug: 37074664] {CVE-2024-46777} - netfilter: nf_conncount: fix wrong variable type (Yunjian Wang) - iommu: sun50i: clear bypass register (Jernej Skrabec) - af_unix: Remove put_pid()/put_cred() in copy_peercred(). (Kuniyuki Iwashima) - irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 (Pali Rohar) - smack: unix sockets: fix accept()ed socket label (Konstantin Andreev) - ALSA: hda: Add input value sanity checks to HDMI channel map controls (Takashi Iwai) - mptcp: pm: send ACK on an active subflow (Matthieu Baerts (NGI0)) - mptcp: pr_debug: add missing at the end (Matthieu Baerts (NGI0)) - mptcp: pm: skip connecting to already established sf (Matthieu Baerts (NGI0)) - mptcp: pm: do not remove already closed subflows (Matthieu Baerts (NGI0)) - mptcp: pm: ADD_ADDR 0 is not a new address (Matthieu Baerts (NGI0)) - mptcp: close subflow when receiving TCP+FIN (Matthieu Baerts (NGI0)) - mptcp: avoid duplicated SUB_CLOSED events (Matthieu Baerts (NGI0)) - mptcp: pm: avoid possible UaF when selecting endp (Matthieu Baerts (NGI0)) - mptcp: constify a bunch of of helpers (Paolo Abeni) - mptcp: pm: fullmesh: select the right ID later (Matthieu Baerts (NGI0)) - mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (Matthieu Baerts (NGI0)) - mptcp: pm: only decrement add_addr_accepted for MPJ req (Matthieu Baerts (NGI0)) - mptcp: pm: re-using ID of unused flushed subflows (Matthieu Baerts (NGI0)) - nilfs2: fix state management in error path of log writing function (Ryusuke Konishi) [Orabug: 37159764] {CVE-2024-47669} - nilfs2: fix missing cleanup on rollforward recovery error (Ryusuke Konishi) [Orabug: 37074683] {CVE-2024-46781} - sched: sch_cake: fix bulk flow accounting logic for host fairness (Toke Hoiland-Jorgensen) [Orabug: 37116442] {CVE-2024-46828} - ila: call nf_unregister_net_hooks() sooner (Eric Dumazet) [Orabug: 37074688] {CVE-2024-46782} - tracing: Avoid possible softlockup in tracing_iter_reset() (Zheng Yejian) - can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open (Simon Arlott) [Orabug: 37074711] {CVE-2024-46791} - clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API (Satya Priya Kakitapalli) - clk: qcom: clk-alpha-pll: Fix the pll post div mask (Satya Priya Kakitapalli) - fuse: use unsigned type for getxattr/listxattr size truncation (Jann Horn) - fuse: update stats for pages in dropped aux writeback list (Joanne Koong) - mmc: cqhci: Fix checking of CQHCI_HALT state (Seunghwan Baek) - mmc: sdhci-of-aspeed: fix module autoloading (Liao Chen) - mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K (Sam Protsenko) - Bluetooth: MGMT: Ignore keys being loaded with invalid type (Luiz Augusto von Dentz) - Revert 'Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE' (Luiz Augusto von Dentz) - nvme-pci: Add sleep quirk for Samsung 990 Evo (Georg Gottleuber) - rtmutex: Drop rt_mutex::wait_lock before scheduling (Roland Xu) [Orabug: 37116445] {CVE-2024-46829} - irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init() (Ma Ke) - ata: libata: Fix memory leak for error path in ata_host_alloc() (Zheng Qixing) - ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx (Maximilien Perreault) - ALSA: hda/realtek: add patch for internal mic in Lenovo V145 (Terry Cheong) - ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices (Christoffer Sandberg) - KVM: SVM: Don't advertise Bus Lock Detect to guest if SVM support is missing (Ravi Bangoria) - KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE (Maxim Levitsky) - ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (robelin) [Orabug: 37074721] {CVE-2024-46798} - sch/netem: fix use after free in netem_dequeue (Stephen Hemminger) [Orabug: 37074725] {CVE-2024-46800} - i2c: Use IS_REACHABLE() for substituting empty ACPI functions (Richard Fitzgerald) - ext4: handle redirtying in ext4_bio_write_page() (Jan Kara) - udf: Limit file size to 4TB (Jan Kara) - ext4: reject casefold inode flag without casefold feature (Eric Biggers) - rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow (Nikita Kiryushin) [Orabug: 36753533] {CVE-2024-38577} - virtio_net: Fix napi_skb_cache_put warning (Breno Leitao) [Orabug: 36964473] {CVE-2024-43835} - drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr (Bob Zhou) [Orabug: 36993065] {CVE-2024-43905} - media: uvcvideo: Enforce alignment of frame and interval (Ricardo Ribalda) - drm/amd/display: Skip wbscl_set_scaler_filter if filter is null (Alex Hung) [Orabug: 37073031] {CVE-2024-46714} - block: remove the blk_flush_integrity call in blk_integrity_unregister (Christoph Hellwig) - wifi: cfg80211: make hash table duplicates more survivable (Johannes Berg) - drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ (Marek Vasut) [Orabug: 37116336] {CVE-2024-46810} - drm/meson: plane: Add error handling (Haoran Liu) - smack: tcp: ipv4, fix incorrect labeling (Casey Schaufler) - usb: typec: ucsi: Fix null pointer dereference in trace (Abhishek Pandit-Subedi) [Orabug: 37073064] {CVE-2024-46719} - usbip: Don't submit special requests twice (Simon Holesch) - rcu/nocb: Remove buggy bypass lock contention mitigation (Frederic Weisbecker) - ionic: fix potential irq name truncation (Shannon Nelson) - RDMA/efa: Properly handle unexpected AQ completions (Michael Margolin) - hwspinlock: Introduce hwspin_lock_bust() (Richard Maina) - PCI: al: Check IORESOURCE_BUS existence during probe (Aleksandr Mishin) - cpufreq: scmi: Avoid overflow of target_freq in fast switch (Jagadeesh Kona) - wifi: iwlwifi: remove fw_running op (Shahar S Matityahu) - drm/amdgpu: update type of buf size to u32 for eeprom functions (Tao Zhou) - drm/amd/pm: check negtive return for table entries (Jesse Zhang) - drm/amdgpu: the warning dereferencing obj for nbio_v7_4 (Jesse Zhang) [Orabug: 37116393] {CVE-2024-46819} - drm/amd/pm: check specific index for aldebaran (Jesse Zhang) - drm/amdgpu: fix the waring dereferencing hive (Jesse Zhang) [Orabug: 37116300] {CVE-2024-46805} - drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs (Ma Jun) - apparmor: fix possible NULL pointer dereference (Leesoo Ahn) [Orabug: 37073077] {CVE-2024-46721} - drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device (Michael Chen) - drm/amdgpu: fix mc_data out-of-bounds read warning (Tim Huang) [Orabug: 37073082] {CVE-2024-46722} - drm/amdgpu: fix ucode out-of-bounds read warning (Tim Huang) [Orabug: 37073087] {CVE-2024-46723} - drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number (Ma Jun) [Orabug: 37073093] {CVE-2024-46724} - drm/amdgpu: Fix out-of-bounds write warning (Ma Jun) [Orabug: 37073098] {CVE-2024-46725} - drm/amdgpu/pm: Fix uninitialized variable agc_btc_response (Ma Jun) - drm/amdgpu/pm: Fix uninitialized variable warning for smu10 (Ma Jun) - drm/amd/amdgpu: Check tbo resource pointer (Asad Kamal) [Orabug: 37116315] {CVE-2024-46807} - drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create (Hersen Wu) - drm/amd/display: Check msg_id before processing transcation (Alex Hung) [Orabug: 37116360] {CVE-2024-46814} - drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] (Alex Hung) [Orabug: 37116365] {CVE-2024-46815} - drm/amd/display: Add array index check for hdcp ddc access (Hersen Wu) [Orabug: 37116295] {CVE-2024-46804} - drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (Hersen Wu) [Orabug: 37116375] {CVE-2024-46817} - drm/amd/display: Check gpio_id before used as array index (Alex Hung) [Orabug: 37116384] {CVE-2024-46818} - drm/amdgpu: avoid reading vf2pf info size from FB (Zhigang Luo) - drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr (Tim Huang) - drm/amdgpu: fix uninitialized scalar variable warning (Tim Huang) - drm/amd/pm: fix the Out-of-bounds read warning (Jesse Zhang) [Orabug: 37073129] {CVE-2024-46731} - drm/amd/pm: fix warning using uninitialized value of max_vid_step (Jesse Zhang) - drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr (Tim Huang) - drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc (Ma Jun) - drm/amdgpu: fix overflowed array index read warning (Tim Huang) - drm/amd/display: Assign linear_pitch_alignment even for VM (Alvin Lee) [Orabug: 37073135] {CVE-2024-46732} - drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr (Ma Jun) - net: usb: qmi_wwan: add MeiG Smart SRM825L (ZHANG Yuntian) - dma-debug: avoid deadlock between dma debug vs printk and netconsole (Rik van Riel) - i2c: Fix conditional for substituting empty ACPI functions (Richard Fitzgerald) - ALSA: hda/conexant: Mute speakers at suspend / shutdown (Takashi Iwai) - ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown (Takashi Iwai) - drm: panel-orientation-quirks: Add quirk for OrangePi Neo (Philip Mueller) - LTS version: v5.15.166 (Vijayendra Suman) - apparmor: fix policy_unpack_test on big endian systems (Guenter Roeck) - scsi: aacraid: Fix double-free on probe failure (Ben Hutchings) [Orabug: 37070699] {CVE-2024-46673} - igc: Fix qbv tx latency by setting gtxoffset (Faizal Rahim) - igc: Fix reset adapter logics when tx mode change (Faizal Rahim) - phy: zynqmp: Enable reference clock correctly (Sean Anderson) - usb: cdnsp: fix for Link TRB with TC (Pawel Laszczak) - usb: cdnsp: fix incorrect index in cdnsp_get_hw_deq function (Pawel Laszczak) - usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() (Zijun Hu) - usb: dwc3: st: add missing depopulate in probe error path (Krzysztof Kozlowski) - usb: dwc3: st: fix probed platform device ref count on probe error path (Krzysztof Kozlowski) [Orabug: 37070704] {CVE-2024-46674} - usb: dwc3: core: Prevent USB core invalid event buffer address access (Selvarasu Ganesan) [Orabug: 37070709] {CVE-2024-46675} - usb: dwc3: omap: add missing depopulate in probe error path (Krzysztof Kozlowski) - USB: serial: option: add MeiG Smart SRM825L (ZHANG Yuntian) - cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (Ian Ray) - soc: qcom: cmd-db: Map shared memory as WC, not WB (Volodymyr Babchuk) - nfc: pn533: Add poll mod list filling check (Aleksandr Mishin) [Orabug: 37070716] {CVE-2024-46676} - net: busy-poll: use ktime_get_ns() instead of local_clock() (Eric Dumazet) - gtp: fix a potential NULL pointer dereference (Cong Wang) [Orabug: 37070721] {CVE-2024-46677} - ethtool: check device is present when getting link settings (Jamie Bainbridge) [Orabug: 37070727] {CVE-2024-46679} - dmaengine: dw: Add memory bus width verification (Serge Semin) - dmaengine: dw: Add peripheral bus width verification (Serge Semin) - phy: xilinx: phy-zynqmp: Fix SGMII linkup failure on resume (Piyush Mehta) - phy: xilinx: phy-zynqmp: dynamic clock support for power-save (Piyush Mehta) - phy: xilinx: add runtime PM support (Piyush Mehta) - PM: runtime: Add DEFINE_RUNTIME_DEV_PM_OPS() macro (Paul Cercueil) - PM: core: Add EXPORT[_GPL]_SIMPLE_DEV_PM_OPS macros (Paul Cercueil) - PM: core: Remove DEFINE_UNIVERSAL_DEV_PM_OPS() macro (Paul Cercueil) - soundwire: stream: fix programming slave ports for non-continous port maps (Krzysztof Kozlowski) - cgroup/cpuset: Prevent UAF in proc_cpuset_show() (Chen Ridong) [Orabug: 36964509] {CVE-2024-43853} - ata: libata-core: Fix null pointer dereference on error (Niklas Cassel) [Orabug: 36897456] {CVE-2024-41098} - drm/amdkfd: don't allow mapping the MMIO HDP page with large pages (Alex Deucher) [Orabug: 36867630] {CVE-2024-41011} - Revert 'MIPS: Loongson64: reset: Prioritise firmware service' (Greg Kroah-Hartman) - mptcp: sched: check both backup in retrans (Matthieu Baerts (NGI0)) - net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response (Haiyang Zhang) - wifi: mwifiex: duplicate static structs used in driver instances (Sascha Hauer) - pinctrl: single: fix potential NULL dereference in pcs_get_function() (Ma Ke) [Orabug: 37070743] {CVE-2024-46685} - pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins (Huang-Huang Bao) - btrfs: run delayed iputs when flushing delalloc (Josef Bacik) - drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (Jesse Zhang) [Orabug: 36898008] {CVE-2024-42228} (Alexander Lobakin) - Input: MT - limit max slots (Tetsuo Handa) [Orabug: 37029136] {CVE-2024-45008} - Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO (Lee, Chun-Yi) [Orabug: 35358656] {CVE-2023-31083} - mm/numa: no task_numa_fault() call if PTE is changed (Zi Yan) - mm/numa: no task_numa_fault() call if PMD is changed (Zi Yan) - ALSA: timer: Relax start tick time check for slave timer elements (Takashi Iwai) - hwmon: (ltc2992) Fix memory leak in ltc2992_parse_dt() (Javier Carrasco) - Revert 'drm/amd/display: Validate hw_points_num before using it' (Alex Hung) - mmc: dw_mmc: allow biu and ciu clocks to defer (Ben Whitten) - KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 (Marc Zyngier) [Orabug: 37070792] {CVE-2024-46707} - cxgb4: add forgotten u64 ivlan cast before shift (Nikolay Kuratov) - HID: microsoft: Add rumble support to latest xbox controllers (Siarhei Vishniakou) - HID: wacom: Defer calculation of resolution until resolution_code is known (Jason Gerecke) - MIPS: Loongson64: Set timer mode in cpu-probe (Jiaxun Yang) - scsi: core: Fix the return value of scsi_logical_block_count() (Chaotian Jing) - Bluetooth: MGMT: Add error handling to pair_device() (Griffin Kroah-Hartman) [Orabug: 36992975] {CVE-2024-43884} - mmc: mmc_test: Fix NULL dereference on allocation failure (Dan Carpenter) [Orabug: 37070690] {CVE-2024-45028} - drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails (Dmitry Baryshkov) [Orabug: 37029059] {CVE-2024-44982} - drm/msm/dp: reset the link phy params before link training (Abhinav Kumar) - drm/msm/dpu: don't play tricks with debug macros (Dmitry Baryshkov) - net: xilinx: axienet: Fix dangling multicast addresses (Sean Anderson) - net: xilinx: axienet: Always disable promiscuous mode (Sean Anderson) - netfilter: flowtable: validate vlan header (Pablo Neira Ayuso) [Orabug: 37029063] {CVE-2024-44983} - ipv6: prevent possible UAF in ip6_xmit() (Eric Dumazet) [Orabug: 37029066] {CVE-2024-44985} - ipv6: fix possible UAF in ip6_finish_output2() (Eric Dumazet) [Orabug: 37029068] {CVE-2024-44986} - ipv6: prevent UAF in ip6_send_skb() (Eric Dumazet) [Orabug: 37029075] {CVE-2024-44987} - netem: fix return value if duplicate enqueue fails (Stephen Hemminger) [Orabug: 37070659] {CVE-2024-45016} - net: dsa: mv88e6xxx: Fix out-of-bound access (Joseph Huang) [Orabug: 37029081] {CVE-2024-44988} - net: dsa: mv88e6xxx: replace ATU violation prints with trace points (Vladimir Oltean) - net: dsa: mv88e6xxx: read FID when handling ATU violations (Hans J. Schultz) - dpaa2-switch: Fix error checking in dpaa2_switch_seed_bp() (Dan Carpenter) - ice: fix ICE_LAST_OFFSET formula (Maciej Fijalkowski) - bonding: fix xfrm state handling when clearing active slave (Nikolay Aleksandrov) - bonding: fix xfrm real_dev null pointer dereference (Nikolay Aleksandrov) [Orabug: 37029084] {CVE-2024-44989} - bonding: fix null pointer deref in bond_ipsec_offload_ok (Nikolay Aleksandrov) [Orabug: 37029087] {CVE-2024-44990} - bonding: fix bond_ipsec_offload_ok return type (Nikolay Aleksandrov) - ip6_tunnel: Fix broken GRO (Thomas Bogendoerfer) - netfilter: nft_counter: Synchronize nft_counter_reset() against reader. (Sebastian Andrzej Siewior) - netfilter: nft_counter: Disable BH in nft_counter_offload_stats(). (Sebastian Andrzej Siewior) - kcm: Serialise kcm_sendmsg() for the same socket. (Kuniyuki Iwashima) [Orabug: 37013760] {CVE-2024-44946} - tc-testing: don't access non-existent variable on exception (Simon Horman) - Bluetooth: SMP: Fix assumption of Central always being Initiator (Luiz Augusto von Dentz) - Bluetooth: hci_core: Fix LE quote calculation (Luiz Augusto von Dentz) - platform/surface: aggregator: Fix warning when controller is destroyed in probe (Maximilian Luz) - net: mana: Fix doorbell out of order violation and avoid unnecessary doorbell rings (Long Li) - dm suspend: return -ERESTARTSYS instead of -EINTR (Mikulas Patocka) - media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) (Aurelien Jarno) - nfsd: make svc_stat per-network namespace instead of global (Josef Bacik) - nfsd: remove nfsd_stats, make th_cnt a global counter (Josef Bacik) - nfsd: make all of the nfsd stats per-network namespace (Josef Bacik) - nfsd: expose /proc/net/sunrpc/nfsd in net namespaces (Josef Bacik) - nfsd: rename NFSD_NET_* to NFSD_STATS_* (Josef Bacik) - sunrpc: use the struct net as the svc proc private (Josef Bacik) - sunrpc: remove ->pg_stats from svc_program (Josef Bacik) - sunrpc: pass in the sv_stats struct through svc_create_pooled (Josef Bacik) - nfsd: stop setting ->pg_stats for unused stats (Josef Bacik) - sunrpc: don't change ->sv_stats if it doesn't exist (Josef Bacik) - NFSD: Fix frame size warning in svc_export_parse() (Chuck Lever) - NFSD: Rewrite synopsis of nfsd_percpu_counters_init() (Chuck Lever) - NFSD: Refactor the duplicate reply cache shrinker (Chuck Lever) - NFSD: Replace nfsd_prune_bucket() (Chuck Lever) - NFSD: Rename nfsd_reply_cache_alloc() (Chuck Lever) - NFSD: Refactor nfsd_reply_cache_free_locked() (Chuck Lever) - nfsd: move init of percpu reply_cache_stats counters back to nfsd_init_net (Jeff Layton) - nfsd: move reply cache initialization into nfsd startup (Jeff Layton) - block: use 'unsigned long' for blk_validate_block_size(). (Tetsuo Handa) - gtp: pull network headers in gtp_dev_xmit() (Eric Dumazet) [Orabug: 37029110] {CVE-2024-44999} - hrtimer: Prevent queuing of hrtimer without a function callback (Phil Chang) - nvmet-rdma: fix possible bad dereference when freeing rsps (Sagi Grimberg) - ext4: set the type of max_zeroout to unsigned int to avoid overflow (Baokun Li) - irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc (Guanrui Huang) - usb: dwc3: core: Skip setting event buffers for host only controllers (Krishna Kurapati) - platform/x86: lg-laptop: fix %s null argument warning (Gergo Koteles) - clocksource: Make watchdog and suspend-timing multiplication overflow safe (Adrian Hunter) - s390/iucv: fix receive buffer virtual vs physical address confusion (Alexander Gordeev) - openrisc: Call setup_memory() earlier in the init sequence (Oreoluwa Babatunde) - NFS: avoid infinite loop in pnfs_update_layout. (NeilBrown) - nvmet-tcp: do not continue for invalid icreq (Hannes Reinecke) - net: hns3: add checking for vf id of mailbox (Jian Shen) - Bluetooth: bnep: Fix out-of-bound access (Luiz Augusto von Dentz) - usb: gadget: fsl: Increase size of name buffer for endpoints (Uwe Kleine-Konig) - f2fs: fix to do sanity check in update_sit_entry (Zhiguo Niu) - btrfs: delete pointless BUG_ON check on quota root in btrfs_qgroup_account_extent() (David Sterba) - btrfs: change BUG_ON to assertion in tree_move_down() (David Sterba) - btrfs: send: handle unexpected data in header buffer in begin_cmd() (David Sterba) - btrfs: handle invalid root reference found in may_destroy_subvol() (David Sterba) - btrfs: change BUG_ON to assertion when checking for delayed_node root (David Sterba) - powerpc/boot: Only free if realloc() succeeds (Michael Ellerman) - powerpc/boot: Handle allocation failure in simple_realloc() (Li zeming) - parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367 (Helge Deller) - memory: stm32-fmc2-ebi: check regmap_read return value (Christophe Kerello) - x86: Increase brk randomness entropy for 64-bit systems (Kees Cook) - md: clean up invalid BUG_ON in md_ioctl (Li Nan) - netlink: hold nlk->cb_mutex longer in __netlink_dump_start() (Eric Dumazet) - clocksource/drivers/arm_global_timer: Guard against division by zero (Martin Blumenstingl) - virtiofs: forbid newlines in tags (Stefan Hajnoczi) - drm/lima: set gp bus_stop bit before hard reset (Erico Nunes) - net/sun3_82586: Avoid reading past buffer in debug output (Kees Cook) - media: drivers/media/dvb-core: copy user arrays safely (Philipp Stanner) - fs: binfmt_elf_efpic: don't use missing interpreter's properties (Max Filippov) - media: pci: cx23885: check cx23885_vdev_init() return (Hans Verkuil) - quota: Remove BUG_ON from dqget() (Jan Kara) - fuse: fix UAF in rcu pathwalks (Al Viro) - afs: fix __afs_break_callback() / afs_drop_open_mmap() race (Al Viro) - ext4: do not trim the group with corrupted block bitmap (Baokun Li) - nvmet-trace: avoid dereferencing pointer too early (Daniel Wagner) - powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu (Kunwu Chan) - memory: tegra: Skip SID programming if SID registers aren't set (Ashish Mhetre) - arm64: Fix KASAN random tag seed initialization (Samuel Holland) - hwmon: (ltc2992) Avoid division by zero (Antoniu Miclaus) - IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock (Chengfeng Ye) - wifi: iwlwifi: fw: Fix debugfs command sending (Mukesh Sisodiya) - wifi: iwlwifi: abort scan when rfkill on but device enabled (Miri Korenblit) - gfs2: setattr_chown: Add missing initialization (Andreas Gruenbacher) - scsi: spi: Fix sshdr use (Mike Christie) - media: qcom: venus: fix incorrect return value (Hans Verkuil) - binfmt_misc: cleanup on filesystem umount (Christian Brauner) - staging: ks7010: disable bh on tx_dev_lock (Chengfeng Ye) - drm/amd/display: Validate hw_points_num before using it (Alex Hung) - staging: iio: resolver: ad2s1210: fix use before initialization (David Lechner) - media: radio-isa: use dev_name to fill in bus_info (Hans Verkuil) - i3c: mipi-i3c-hci: Do not unmap region not mapped for transfer (Jarkko Nikula) - i3c: mipi-i3c-hci: Remove BUG() when Ring Abort request times out (Jarkko Nikula) - s390/smp,mcck: fix early IPI handling (Heiko Carstens) - RDMA/rtrs: Fix the problem of variable not initialized fully (Zhu Yanjun) - i2c: riic: avoid potential division by zero (Wolfram Sang) - wifi: cw1200: Avoid processing an invalid TIM IE (Jeff Johnson) - wifi: mac80211: fix BA session teardown race (Johannes Berg) - wifi: cfg80211: check wiphy mutex is held for wdev mutex (Johannes Berg) - ssb: Fix division by zero issue in ssb_calc_clock_rate (Rand Deeb) - ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 (Parsa Poorshikhian) - net: hns3: fix a deadlock problem when config TC during resetting (Jie Wang) [Orabug: 37029097] {CVE-2024-44995} - net: hns3: fix wrong use of semaphore up (Jie Wang) - netfilter: nf_queue: drop packets with cloned unconfirmed conntracks (Florian Westphal) - netfilter: flowtable: initialise extack before use (Donald Hunter) [Orabug: 37070666] {CVE-2024-45018} - netfilter: allow ipv6 fragments to arrive on different devices (Tom Hughes) - mptcp: correct MPTCP_SUBFLOW_ATTR_SSN_OFFSET reserved size (Eugene Syromiatnikov) - mlxbf_gige: disable RX filters until RX path initialized (David Thompson) - net: dsa: vsc73xx: check busy flag in MDIO operations (Pawel Dembicki) - net: dsa: vsc73xx: use read_poll_timeout instead delay loop (Pawel Dembicki) - net: dsa: vsc73xx: pass value in phy_write operation (Pawel Dembicki) - net: axienet: Fix register defines comment description (Radhey Shyam Pandey) - atm: idt77252: prevent use after free in dequeue_rx() (Dan Carpenter) [Orabug: 37029103] {CVE-2024-44998} - net/mlx5e: Correctly report errors for ethtool rx flows (Cosmin Ratiu) - igc: Fix packet still tx after gate close by reducing i226 MAC retry buffer (Faizal Rahim) - igc: remove I226 Qbv BaseTime restriction (Muhammad Husaini Zulkifli) - igc: Correct the launchtime offset (Muhammad Husaini Zulkifli) - s390/uv: Panic for set and remove shared access UVC errors (Claudio Imbrenda) - drm/amdgpu/jpeg2: properly set atomics vmid field (Alex Deucher) - memcg_write_event_control(): fix a user-triggerable oops (Al Viro) [Orabug: 37070671] {CVE-2024-45021} - drm/amdgpu: Actually check flags for all context ops. (Bas Nieuwenhuizen) - btrfs: tree-checker: add dev extent item checks (Qu Wenruo) - selinux: fix potential counting error in avc_add_xperms_decision() (Zhen Lei) - fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (Al Viro) [Orabug: 37070679] {CVE-2024-45025} - bitmap: introduce generic optimized bitmap_size() (Alexander Lobakin) - btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits() (Alexander Lobakin) - s390/cio: rename bitmap_size() -> idset_bitmap_size() (Alexander Lobakin) - fs/ntfs3: add prefix to bitmap_size() and use BITS_TO_U64() (Alexander Lobakin) - vfs: Don't evict inode under the inode lru traversing context (Zhihao Cheng) [Orabug: 37029118] {CVE-2024-45003} - dm persistent data: fix memory allocation failure (Mikulas Patocka) - dm resume: don't return EINVAL when signalled (Khazhismel Kumykov) - arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to NUMA_NO_NODE (Haibo Xu) - s390/dasd: fix error recovery leading to data corruption on ESE devices (Stefan Haberland) [Orabug: 37070686] {CVE-2024-45026} - thunderbolt: Mark XDomain as unplugged when router is removed (Mika Westerberg) [Orabug: 37070774] {CVE-2024-46702} - xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration (Mathias Nyman) [Orabug: 37029124] {CVE-2024-45006} - ALSA: usb-audio: Support Yamaha P-125 quirk entry (Juan Jose Arboleda) - ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET (Lianqin Hu) - char: xillybus: Check USB endpoints when probing device (Eli Billauer) [Orabug: 37070649] {CVE-2024-45011} - char: xillybus: Refine workqueue handling (Eli Billauer) - char: xillybus: Don't destroy workqueue from work item running on it (Eli Billauer) [Orabug: 37029128] {CVE-2024-45007} - fuse: Initialize beyond-EOF page contents before setting uptodate (Jann Horn) [Orabug: 37017950] {CVE-2024-44947} - LTS version: v5.15.165 (Vijayendra Suman) - Revert 'ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error' (Niklas Cassel) - media: Revert 'media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()' (Sean Young) - ARM: dts: imx6qdl-kontron-samx6i: fix phy-mode (Michael Walle) - wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (Eric Dumazet) [Orabug: 36897690] {CVE-2024-42114} - binfmt_flat: Fix corruption when not offsetting data start (Kees Cook) [Orabug: 37029015] {CVE-2024-44966} - usb: gadget: u_audio: Check return codes from usb_ep_enable and config_ep_by_speed. (Chris Wulff) - nvme/pci: Add APST quirk for Lenovo N60z laptop (WangYuli) - exec: Fix ToCToU between perm check and set-uid/gid usage (Kees Cook) [Orabug: 36984016] {CVE-2024-43882} - arm64: cpufeature: Fix the visibility of compat hwcaps (Amit Daniel Kachhap) - arm64: dts: qcom: msm8996: correct #clock-cells for QMP PHY nodes (Dmitry Baryshkov) - powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt. (Mahesh Salgaonkar) [Orabug: 36897773] {CVE-2024-42126} - drm/i915/gem: Fix Virtual Memory mapping boundaries calculation (Andi Shyti) [Orabug: 36953968] {CVE-2024-42259} - mptcp: fully established after ADD_ADDR echo on MPJ (Matthieu Baerts (NGI0)) - wifi: mac80211: check basic rates validity (Johannes Berg) - PCI: dwc: Restore MSI Receiver mask during resume (Jisheng Zhang) - net: stmmac: Enable mac_managed_pm phylink config (Shenwei Wang) - netfilter: nf_tables: prefer nft_chain_validate (Florian Westphal) [Orabug: 36896845] {CVE-2024-41042} - netfilter: nf_tables: allow clone callbacks to sleep (Florian Westphal) - netfilter: nf_tables: bail out if stateful expression provides no .clone (Pablo Neira Ayuso) - netfilter: nf_tables: set element extended ACK reporting support (Pablo Neira Ayuso) - tls: fix race between tx work scheduling and socket close (Jakub Kicinski) [Orabug: 36529710] {CVE-2024-26585} - PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal (Lukas Wunner) [Orabug: 36964228] {CVE-2024-42302} - btrfs: fix double inode unlock for direct IO sync writes (Filipe Manana) [Orabug: 37195039] {CVE-2024-43885} - xfs: fix log recovery buffer allocation for the legacy h_size fixup (Christoph Hellwig) [Orabug: 36809257] {CVE-2024-39472} - btrfs: fix corruption after buffer fault in during direct IO append write (Filipe Manana) - selftests: mptcp: join: check backup support in signal endp (Matthieu Baerts (NGI0)) - selftests: mptcp: join: validate backup in MPJ (Matthieu Baerts (NGI0)) - mptcp: pm: fix backup support in signal endpoints (Matthieu Baerts (NGI0)) - mptcp: export local_address (Geliang Tang) - mptcp: pm: only set request_bkup flag when sending MP_PRIO (Matthieu Baerts (NGI0)) - mptcp: fix bad RCVPRUNED mib accounting (Paolo Abeni) - mptcp: mib: count MPJ with backup flag (Matthieu Baerts (NGI0)) - mptcp: fix NL PM announced address accounting (Paolo Abeni) - mptcp: distinguish rcv vs sent backup flag in requests (Matthieu Baerts (NGI0)) - mptcp: sched: check both directions for backup (Matthieu Baerts (NGI0)) - drm/mgag200: Set DDC timeout in milliseconds (Thomas Zimmermann) - drm/bridge: analogix_dp: properly handle zero sized AUX transactions (Lucas Stach) - sched/smt: Fix unbalance sched_smt_present dec/inc (Yang Yingliang) [Orabug: 37028981] {CVE-2024-44958} - sched/smt: Introduce sched_smt_present_inc/dec() helper (Yang Yingliang) - x86/mtrr: Check if fixed MTRRs exist before saving them (Andi Kleen) [Orabug: 37028935] {CVE-2024-44948} - padata: Fix possible divide-by-0 panic in padata_mt_helper() (Waiman Long) [Orabug: 36992992] {CVE-2024-43889} - tracing: Fix overflow in get_free_elt() (Tze-nan Wu) [Orabug: 36992997] {CVE-2024-43890} - power: supply: axp288_charger: Round constant_charge_voltage writes down (Hans de Goede) - power: supply: axp288_charger: Fix constant_charge_voltage writes (Hans de Goede) - genirq/irqdesc: Honor caller provided affinity in alloc_desc() (Shay Drory) - irqchip/xilinx: Fix shift out of bounds (Radhey Shyam Pandey) - kcov: properly check for softirq context (Andrey Konovalov) - serial: core: check uartclk for zero to avoid divide by zero (George Kennedy) [Orabug: 36993008] {CVE-2024-43893} - timekeeping: Fix bogus clock_was_set() invocation in do_adjtimex() (Thomas Gleixner) - ntp: Safeguard against time_constant overflow (Justin Stitt) - irqchip/meson-gpio: Convert meson_gpio_irq_controller::lock to 'raw_spinlock_t' (Arseniy Krasnov) - irqchip/meson-gpio: support more than 8 channels gpio irq (Qianggui Song) - clocksource: Fix brown-bag boolean thinko in cs_watchdog_read() (Paul E. McKenney) - clocksource: Scale the watchdog read retries automatically (Feng Tang) - torture: Enable clocksource watchdog with 'tsc=watchdog' (Paul E. McKenney) - clocksource: Reduce the default clocksource_watchdog() retries to 2 (Waiman Long) - ntp: Clamp maxerror and esterror to operating range (Justin Stitt) - vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler (Jason Wang) - tick/broadcast: Move per CPU pointer access into the atomic section (Thomas Gleixner) [Orabug: 37195086] {CVE-2024-44968} - scsi: ufs: core: Fix hba->last_dme_cmd_tstamp timestamp updating logic (Vamshi Gajjela) - scsi: mpi3mr: Avoid IOMMU page faults on REPORT ZONES (Damien Le Moal) - usb: gadget: u_serial: Set start_delayed during suspend (Prashanth K) - usb: gadget: core: Check for unset descriptor (Chris Wulff) [Orabug: 37028987] {CVE-2024-44960} - USB: serial: debug: do not echo input by default (Marek Marczykowski-Gorecki) - usb: vhci-hcd: Do not drop references before new references are gained (Oliver Neukum) [Orabug: 36992970] {CVE-2024-43883} - ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (Takashi Iwai) - ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (Steven 'Steve' Kendall) - ALSA: line6: Fix racy access to midibuf (Takashi Iwai) [Orabug: 37028956] {CVE-2024-44954} - drm/client: fix null pointer dereference in drm_client_modeset_probe (Ma Ke) [Orabug: 36993013] {CVE-2024-43894} - ALSA: usb-audio: Re-add ScratchAmp quirk entries (Takashi Iwai) - spi: spi-fsl-lpspi: Fix scldiv calculation (Stefan Wahren) - kprobes: Fix to check symbol prefixes correctly (Masami Hiramatsu (Google)) - bpf: kprobe: remove unused declaring of bpf_kprobe_override (Menglong Dong) - i2c: smbus: Send alert notifications to all devices if source not found (Guenter Roeck) - spi: spidev: Add missing spi_device_id for bh2228fv (Geert Uytterhoeven) - ASoC: codecs: wsa881x: Correct Soundwire ports mask (Krzysztof Kozlowski) - ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (Krzysztof Kozlowski) - i2c: smbus: Improve handling of stuck alerts (Guenter Roeck) - arm64: cputype: Add Cortex-A725 definitions (Mark Rutland) - arm64: cputype: Add Cortex-X1C definitions (Mark Rutland) - arm64: cputype: Add Cortex-X925 definitions (Mark Rutland) - arm64: cputype: Add Cortex-A720 definitions (Mark Rutland) - arm64: cputype: Add Cortex-X3 definitions (Mark Rutland) - arm64: cputype: Add Neoverse-V3 definitions (Mark Rutland) - arm64: cputype: Add Cortex-X4 definitions (Mark Rutland) - arm64: barrier: Restore spec_bar() macro (Mark Rutland) - arm64: Add Neoverse-V2 part (Besar Wicaksono) - arm64: cpufeature: Force HWCAP to be based on the sysreg visible to user-space (James Morse) - ext4: fix wrong unit use in ext4_mb_find_by_goal (Kemeng Shi) - sched/cputime: Fix mul_u64_u64_div_u64() precision for cputime (Zheng Zucheng) - scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES (Damien Le Moal) - profiling: remove profile=sleep support (Tetsuo Handa) - SUNRPC: Fix a race to wake a sync task (Benjamin Coddington) - s390/sclp: Prevent release of buffer in I/O (Peter Oberparleiter) [Orabug: 37029019] {CVE-2024-44969} - jbd2: avoid memleak in jbd2_journal_write_metadata_buffer (Kemeng Shi) - ext4: fix uninitialized variable in ext4_inlinedir_to_tree (Xiaxi Shen) - media: uvcvideo: Fix the bandwdith quirk on USB 3.x (Michal Pecio) - media: uvcvideo: Ignore empty TS packets (Ricardo Ribalda) - drm/amd/display: Add null checker before passing variables (Alex Hung) [Orabug: 36993047] {CVE-2024-43902} - drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules (Ma Jun) [Orabug: 36993077] {CVE-2024-43907} - drm/amdgpu: Fix the null pointer dereference to ras_manager (Ma Jun) [Orabug: 36993083] {CVE-2024-43908} - drm/amdgpu/pm: Fix the null pointer dereference for smu7 (Ma Jun) [Orabug: 36993089] {CVE-2024-43909} - btrfs: fix bitmap leak when loading free space cache on duplicate entry (Filipe Manana) - wifi: nl80211: don't give key data to userspace (Johannes Berg) - udf: prevent integer overflow in udf_bitmap_free_blocks() (Roman Smirnov) - PCI: Add Edimax Vendor ID to pci_ids.h (FUJITA Tomonori) - selftests/bpf: Fix send_signal test with nested CONFIG_PARAVIRT (Yonghong Song) - ACPI: SBS: manage alarm sysfs attribute through psy core (Thomas Weissschuh) - ACPI: battery: create alarm sysfs attribute atomically (Thomas Weissschuh) - clocksource/drivers/sh_cmt: Address race condition for clock events (Niklas Soderlund) - md/raid5: avoid BUG_ON() while continue reshape after reassembling (Yu Kuai) [Orabug: 36993126] {CVE-2024-43914} - md: do not delete safemode_timer in mddev_suspend (Li Nan) - rcutorture: Fix rcu_torture_fwd_cb_cr() data race (Paul E. McKenney) - net: fec: Stop PPS on driver remove (Csokas, Bence) - l2tp: fix lockdep splat (James Chapman) - net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (Joe Hattori) [Orabug: 37029031] {CVE-2024-44971} - Bluetooth: l2cap: always unlock channel in l2cap_conless_channel() (Dmitry Antipov) - net: linkwatch: use system_unbound_wq (Eric Dumazet) - net: bridge: mcast: wait for previous gc cycles when removing port (Nikolay Aleksandrov) [Orabug: 36993143] {CVE-2024-44934} - net: usb: qmi_wwan: fix memory leak for not ip packets (Daniele Palmas) [Orabug: 36983958] {CVE-2024-43861} - sctp: Fix null-ptr-deref in reuseport_add_sock(). (Kuniyuki Iwashima) [Orabug: 36993146] {CVE-2024-44935} - sctp: move hlist_node and hashent out of sctp_ep_common (Xin Long) - x86/mm: Fix pti_clone_entry_text() for i386 (Peter Zijlstra) - x86/mm: Fix pti_clone_pgtable() alignment assumption (Peter Zijlstra) [Orabug: 37029011] {CVE-2024-44965} - irqchip/mbigen: Fix mbigen node address layout (Yipeng Zou) - netfilter: ipset: Add list flush to cancel_gc (Alexander Maltsev) - mptcp: fix duplicate data handling (Paolo Abeni) - r8169: don't increment tx_dropped in case of NETDEV_TX_BUSY (Heiner Kallweit) - net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (Ma Ke) - drm/vmwgfx: Fix a deadlock in dma buf fence polling (Zack Rusin) [Orabug: 36983964] {CVE-2024-43863} - Revert 'ALSA: firewire-lib: operate for period elapse event in process context' (Edmund Raile) - Revert 'ALSA: firewire-lib: obsolete workqueue for period update' (Edmund Raile) - ALSA: hda/realtek: Add quirk for Acer Aspire E5-574G (Mavroudis Chatzilazaridis) - ALSA: usb-audio: Correct surround channels in UAC1 channel map (Takashi Iwai) - protect the fetch of ->fd[fd] in do_dup2() from mispredictions (Al Viro) [Orabug: 36963807] {CVE-2024-42265} - HID: wacom: Modify pen IDs (Tatsunosuke Tobita) - platform/chrome: cros_ec_proto: Lock device when updating MKBP version (Patryk Duda) - power: supply: bq24190_charger: replace deprecated strncpy with strscpy (Justin Stitt) - riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error() (Zhe Qiao) [Orabug: 36963814] {CVE-2024-42267} - ipv6: fix ndisc_is_useropt() handling for PIO (Maciej Zenczykowski) - net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys (Shahar Shitrit) - net: mvpp2: Don't re-use loop iterator (Dan Carpenter) - net/iucv: fix use after free in iucv_sock_close() (Alexandra Winter) [Orabug: 36964005] {CVE-2024-42271} - rtnetlink: Don't ignore IFLA_TARGET_NETNSID when ifname is specified in rtnl_dellink(). (Kuniyuki Iwashima) - rtnetlink: enable alt_ifname for setlink/newlink (Florent Fourcot) - ALSA: hda: conexant: Fix headset auto detect fail in the polling mode (songxiebing) - drm/vmwgfx: Fix overlay when using Screen Targets (Ian Forbes) - drm/nouveau: prime: fix refcount underflow (Danilo Krummrich) [Orabug: 36983978] {CVE-2024-43867} - MIPS: dts: loongson: Fix ls2k1000-rtc interrupt (Jiaxun Yang) - MIPS: dts: loongson: Fix liointc IRQ polarity (Jiaxun Yang) - MIPS: Loongson64: DTS: Fix PCIe port nodes for ls7a (Jiaxun Yang) - MIPS: Loongson64: DTS: Add RTC support to Loongson-2K1000 (Binbin Zhou) - remoteproc: imx_rproc: Fix refcount mistake in imx_rproc_addr_init (Aleksandr Mishin) - drm/dp_mst: Fix all mstb marked as not probed after suspend/resume (Wayne Lin) - irqchip/imx-irqsteer: Handle runtime power management correctly (Shenwei Wang) [Orabug: 36964084] {CVE-2024-42290} - irqchip/imx-irqsteer: Add runtime PM support (Lucas Stach) - irqchip/imx-irqsteer: Constify irq_chip struct (Lucas Stach) - irqdomain: Fixed unbalanced fwnode get and put (Herve Codina) - leds: triggers: Flush pending brightness before activating trigger (Thomas Weissschuh) - leds: trigger: Call synchronize_rcu() before calling trig->activate() (Hans de Goede) - leds: trigger: Store brightness set by led_trigger_event() (Heiner Kallweit) - leds: trigger: Remove unused function led_trigger_rename_static() (Heiner Kallweit) - leds: trigger: use RCU to protect the led_cdevs list (Johannes Berg) - drivers: soc: xilinx: check return status of get_api_version() (Jay Buddhabhatti) - soc: xilinx: move PM_INIT_FINALIZE to zynqmp_pm_domains driver (Michael Tretter) - ext4: check the extent status again before inserting delalloc block (Zhang Yi) - ext4: factor out a common helper to query extent map (Zhang Yi) - ext4: convert to exclusive lock while inserting delalloc extents (Zhang Yi) - ext4: refactor ext4_da_map_blocks() (Zhang Yi) - ext4: make ext4_es_insert_extent() return void (Baokun Li) - sysctl: always initialize i_uid/i_gid (Thomas Weissschuh) [Orabug: 36964269] {CVE-2024-42312} - arm64: dts: qcom: ipq8074: Disable SS instance in Parkmode for USB (Krishna Kurapati) - arm64: dts: qcom: msm8998: Disable SS instance in Parkmode for USB (Krishna Kurapati) - arm64: dts: qcom: msm8998: switch USB QMP PHY to new style of bindings (Dmitry Baryshkov) - arm64: dts: qcom: msm8998: drop USB PHY clock index (Johan Hovold) - arm64: dts: qcom: msm8996: Move '#clock-cells' to QMP PHY child node (Shawn Guo) - powerpc/configs: Update defconfig with now user-visible CONFIG_FSL_IFC (Esben Haabendal) - fs: don't allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT (Seth Forshee (DigitalOcean)) - nvme-pci: add missing condition check for existence of mapped data (Leon Romanovsky) [Orabug: 36964021] {CVE-2024-42276} - nvme: separate command prep and issue (Jens Axboe) - nvme: split command copy into a helper (Jens Axboe) - iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en (Artem Chernyshev) [Orabug: 36964025] {CVE-2024-42277} - ceph: fix incorrect kmalloc size of pagevec mempool (ethanwu) - ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is reachable (Pierre-Louis Bossart) - spi: spidev: add correct compatible for Rohm BH2228FV (Conor Dooley) - spi: spidev: order compatibles alphabetically (Krzysztof Kozlowski) - spidev: Add Silicon Labs EM3581 device compatible (Vincent Tremblay) - spi: spidev: Replace OF specific code by device property API (Andy Shevchenko) - spi: spidev: Replace ACPI specific code by device_get_match_data() (Andy Shevchenko) - spi: spidev: Make probe to fail early if a spidev compatible is used (Javier Martinez Canillas) - lirc: rc_dev_get_from_fd(): fix file leak (Al Viro) - powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() (Al Viro) - apparmor: Fix null pointer deref when receiving skb during sock creation (Xiao Liang) - mISDN: Fix a use after free in hfcmulti_tx() (Dan Carpenter) [Orabug: 36964031] {CVE-2024-42280} - bpf: Fix a segment issue when downgrading gso_size (Fred Li) [Orabug: 36964037] {CVE-2024-42281} - net: nexthop: Initialize all fields in dumped nexthops (Petr Machata) [Orabug: 36964043] {CVE-2024-42283} - net: stmmac: Correct byte order of perfect_match (Simon Horman) - tipc: Return non-zero value from tipc_udp_addr2str() on error (Shigeru Yoshida) [Orabug: 36964046] {CVE-2024-42284} - netfilter: nft_set_pipapo_avx2: disable softinterrupts (Florian Westphal) - net: bonding: correctly annotate RCU in bond_should_notify_peers() (Johannes Berg) - ipv4: Fix incorrect source address in Record Route option (Ido Schimmel) - MIPS: SMP-CPS: Fix address for GCR_ACCESS register for CM3 and later (Gregory CLEMENT) - bpf, events: Use prog to emit ksymbol event for main program (Hou Tao) - dma: fix call order in dmam_free_coherent (Lance Richardson) [Orabug: 36964522] {CVE-2024-43856} - libbpf: Fix no-args func prototype BTF dumping syntax (Andrii Nakryiko) - um: time-travel: fix signal blocking race/hang (Johannes Berg) - um: time-travel: fix time-travel-start option (Johannes Berg) - phy: cadence-torrent: Check return value on register read (Ma Ke) - dmaengine: ti: k3-udma: Fix BCHAN count with UHC and HC channels (Vignesh Raghavendra) - jfs: Fix array-index-out-of-bounds in diFree (Jeongjun Park) [Orabug: 36964529] {CVE-2024-43858} - kdb: address -Wformat-security warnings (Arnd Bergmann) - kernel: rerun task_work while freezing in get_signal() (Pavel Begunkov) - io_uring/io-wq: limit retrying worker initialisation (Pavel Begunkov) - nilfs2: handle inconsistent state in nilfs_btnode_create_block() (Ryusuke Konishi) [Orabug: 36964202] {CVE-2024-42295} - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 (WangYuli) - Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables (Hilda Wu) - rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings (Ilya Dryomov) - rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (Ilya Dryomov) - drm/panfrost: Mark simple_ondemand governor as softdep (Dragan Simic) - MIPS: Loongson64: Test register availability before use (Jiaxun Yang) - MIPS: Loongson64: reset: Prioritise firmware service (Jiaxun Yang) - MIPS: Loongson64: Remove memory node for builtin-dtb (Jiaxun Yang) - MIPS: Loongson64: env: Hook up Loongsson-2K (Jiaxun Yang) - MIPS: dts: loongson: Fix GMAC phy node (Jiaxun Yang) - MIPS: ip30: ip30-console: Add missing include (Jiaxun Yang) - remoteproc: imx_rproc: Skip over memory region when node value is NULL (Aleksandr Mishin) [Orabug: 36964536] {CVE-2024-43860} - remoteproc: stm32_rproc: Fix mailbox interrupts queuing (Gwenael Treuveur) - rbd: don't assume rbd_is_lock_owner() for exclusive mappings (Ilya Dryomov) - selftests/sigaltstack: Fix ppc64 GCC build (Michael Ellerman) - RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (Bart Van Assche) [Orabug: 36964053] {CVE-2024-42285} - platform: mips: cpu_hwmon: Disable driver on unsupported hardware (Jiaxun Yang) - watchdog/perf: properly initialize the turbo mode timestamp and rearm counter (Thomas Gleixner) - rtc: isl1208: Fix return value of nvmem callbacks (Joy Chakraborty) - drm/i915/dp: Reset intel_dp->link_trained before retraining the link (Imre Deak) - drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell (Alex Deucher) - drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8 (Nitin Gote) - perf/x86/intel/pt: Fix a topa_entry base address calculation (Adrian Hunter) - perf/x86/intel/pt: Fix topa_entry base length (Marco Cavenati) - perf/x86/intel/uncore: Fix the bits of the CHA extended umask for SPR (Kan Liang) - perf: Fix event leak upon exit (Frederic Weisbecker) [Orabug: 36983986] {CVE-2024-43870} - rtc: cmos: Fix return value of nvmem callbacks (Joy Chakraborty) - mm/numa_balancing: teach mpol_to_str about the balancing mode (Tvrtko Ursulin) - devres: Fix memory leakage caused by driver API devm_free_percpu() (Zijun Hu) [Orabug: 36983990] {CVE-2024-43871} - devres: Fix devm_krealloc() wasting memory (Zijun Hu) - gve: Fix an edge case for TSO skb validity check (Bailey Forrest) - kobject_uevent: Fix OOB access within zap_modalias_env() (Zijun Hu) [Orabug: 37203371] {CVE-2024-42292} - kbuild: Fix '-S -c' in x86 stack protector scripts (Nathan Chancellor) - decompress_bunzip2: fix rare decompression failure (Ross Lagerwall) - ubi: eba: properly rollback inside self_check_eba (Fedor Pchelkin) - clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use (Bastien Curutchet) - fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed (Huacai Chen) [Orabug: 36964218] {CVE-2024-42299} - dev/parport: fix the array out-of-bounds risk (tuhaowen) [Orabug: 36964222] {CVE-2024-42301} - binder: fix hang of unregistered readers (Carlos Llamas) - PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio (Manivannan Sadhasivam) - PCI: dw-rockchip: Fix initial PERST# GPIO value (Niklas Cassel) - PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (Wei Liu) - hwrng: amd - Convert PCIBIOS_* return codes to errnos (Ilpo Jarvinen) - tools/memory-model: Fix bug in lock.cat (Alan Stern) - ALSA: usb-audio: Add a quirk for Sonix HD USB Camera (wangdicheng) - ALSA: usb-audio: Move HD Webcam quirk to the right place (Takashi Iwai) - ALSA: usb-audio: Fix microphone sound on HD webcam. (wangdicheng) - KVM: VMX: Split out the non-virtualization part of vmx_interrupt_blocked() (Sean Christopherson) - media: uvcvideo: Fix integer overflow calculating timestamp (Ricardo Ribalda) - jbd2: make jbd2_journal_get_max_txn_bufs() internal (Jan Kara) - leds: ss4200: Convert PCIBIOS_* return codes to errnos (Ilpo Jarvinen) - wifi: mwifiex: Fix interface type change (Rafael Beims) - selftests/landlock: Add cred_transfer test (Mickael Salaun) - io_uring: tighten task exit cancellations (Pavel Begunkov) - ext4: make sure the first directory block is not a hole (Baokun Li) [Orabug: 36964231] {CVE-2024-42304} - ext4: check dot and dotdot of dx_root before making dir indexed (Baokun Li) [Orabug: 36964236] {CVE-2024-42305} - m68k: amiga: Turn off Warp1260 interrupts during boot (Paolo Pisati) - udf: Avoid using corrupted block bitmap buffer (Jan Kara) [Orabug: 36964241] {CVE-2024-42306} - task_work: Introduce task_work_cancel() again (Frederic Weisbecker) - task_work: s/task_work_cancel()/task_work_cancel_func()/ (Frederic Weisbecker) - apparmor: use kvfree_sensitive to free data->data (Fedor Pchelkin) - sched/fair: Use all little CPUs for CPU-bound workloads (Pierre Gondois) - drm/amd/display: Check for NULL pointer (Sung Joon Kim) [Orabug: 36964246] {CVE-2024-42308} - drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (Ma Ke) [Orabug: 36964252] {CVE-2024-42309} - drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (Ma Ke) [Orabug: 36964258] {CVE-2024-42310} - ext2: Verify bitmap and itable block numbers before using them (Jan Kara) - hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (Chao Yu) [Orabug: 36964264] {CVE-2024-42311} - ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error (Igor Pylypiv) - media: venus: fix use after free in vdec_close (Dikshita Agarwal) [Orabug: 36964274] {CVE-2024-42313} - char: tpm: Fix possible memory leak in tpm_bios_measurements_open() (Joe Hattori) - fuse: verify {g,u}id mount options correctly (Eric Sandeen) - sched/fair: set_load_weight() must also call reweight_task() for SCHED_IDLE tasks (Tejun Heo) - ipv6: take care of scope when choosing the src addr (Nicolas Dichtel) - af_packet: Handle outgoing VLAN packets without hardware offloading (Chengen Du) - net: netconsole: Disable target before netpoll cleanup (Breno Leitao) - tick/broadcast: Make takeover of broadcast hrtimer reliable (Yu Liao) - dt-bindings: thermal: correct thermal zone node name limit (Krzysztof Kozlowski) - mm: mmap_lock: replace get_memcg_path_buf() with on-stack buffer (Tetsuo Handa) - mm/hugetlb: fix possible recursive locking detected warning (Miaohe Lin) - landlock: Don't lose track of restrictions on cred_transfer (Jann Horn) [Orabug: 36964283] {CVE-2024-42318} - fs/ntfs3: Missed error return (Konstantin Komarov) - rtc: interface: Add RTC offset to alarm after fix-up (Csokas, Bence) - nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro (Ryusuke Konishi) - fs/proc/task_mmu: indicate PM_FILE for PMD-mapped file THP (David Hildenbrand) - fs/ntfs3: Fix field-spanning write in INDEX_HDR (Konstantin Komarov) - fs/ntfs3: Replace inode_trylock with inode_lock (Konstantin Komarov) - pinctrl: freescale: mxs: Fix refcount of child (Peng Fan) - pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails (Yang Yingliang) - pinctrl: ti: ti-iodelay: Drop if block with always false condition (Uwe Kleine-Konig) - pinctrl: single: fix possible memory leak when pinctrl_enable() fails (Yang Yingliang) - pinctrl: core: fix possible memory leak when pinctrl_enable() fails (Yang Yingliang) - pinctrl: rockchip: update rk3308 iomux routes (Dmitry Yashin) - fs/ntfs3: Fix getting file type (Konstantin Komarov) - fs/ntfs3: Missed NI_FLAG_UPDATE_PARENT setting (Konstantin Komarov) - fs/ntfs3: Fix transform resident to nonresident for compressed files (Konstantin Komarov) - fs/ntfs3: Merge synonym COMPRESSION_UNIT and NTFS_LZNT_CUNIT (Konstantin Komarov) - fs/ntfs3: Use ALIGN kernel macro (Konstantin Komarov) - net: dsa: b53: Limit chip-wide jumbo frame config to CPU ports (Martin Willi) - net: dsa: mv88e6xxx: Limit chip-wide frame size config to CPU ports (Martin Willi) - netfilter: nf_set_pipapo: fix initial map fill (Florian Westphal) - netfilter: nft_set_pipapo: constify lookup fn args where possible (Florian Westphal) - netfilter: ctnetlink: use helper function to calculate expect ID (Pablo Neira Ayuso) [Orabug: 37013754] {CVE-2024-44944} - bnxt_re: Fix imm_data endianness (Jack Wang) - RDMA/hns: Fix insufficient extend DB for VFs. (Chengchang Tang) - RDMA/hns: Fix undifined behavior caused by invalid max_sge (Chengchang Tang) - RDMA/hns: Fix missing pagesize and alignment check in FRMR (Chengchang Tang) - macintosh/therm_windtunnel: fix module unload. (Nick Bowler) - powerpc/xmon: Fix disassembly CPU feature checks (Michael Ellerman) - net: missing check virtio (Denis Arefev) [Orabug: 36964424] {CVE-2024-43817} - vhost/vsock: always initialize seqpacket_allow (Michael S. Tsirkin) [Orabug: 36983999] {CVE-2024-43873} - PCI: endpoint: Clean up error handling in vpci_scan_bus() (Dan Carpenter) [Orabug: 36984004] {CVE-2024-43875} - Input: elan_i2c - do not leave interrupt disabled on suspend failure (Dmitry Torokhov) - RDMA/device: Return error earlier if port in not valid (Leon Romanovsky) - mtd: make mtd_test.c a separate module (Arnd Bergmann) - ASoC: max98088: Check for clk_prepare_enable() error (Chen Ni) - RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs (Honggang LI) - RDMA/mlx4: Fix truncated output warning in alias_GUID.c (Leon Romanovsky) - RDMA/mlx4: Fix truncated output warning in mad.c (Leon Romanovsky) - Input: qt1050 - handle CHIP_ID reading error (Andrei Lalaev) - RDMA/cache: Release GID table even if leak is detected (Leon Romanovsky) - RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE (Chiara Meiohas) - coresight: Fix ref leak when of_coresight_parse_endpoint() fails (James Clark) - clk: qcom: gcc-sc7280: Update force mem core bit for UFS ICE clock (Taniya Das) - clk: qcom: branch: Add helper functions for setting retain bits (Konrad Dybcio) - PCI: Fix resource double counting on remove & rescan (Ilpo Jarvinen) - SUNRPC: Fixup gss_status tracepoint error output (Benjamin Coddington) - sparc64: Fix incorrect function signature and add prototype for prom_cif_init (Andreas Larsson) - ext4: avoid writing unitialized memory to disk in EA inodes (Jan Kara) - ext4: don't track ranges in fast_commit if inode has inlined data (Luis Henriques (SUSE)) - ext4: return early for non-eligible fast_commit track events (Ritesh Harjani) - NFSv4.1 another fix for EXCHGID4_FLAG_USE_PNFS_DS for DS server (Olga Kornievskaia) - SUNRPC: avoid soft lockup when transmitting UDP to reachable server. (NeilBrown) - xprtrdma: Fix rpcrdma_reqs_reset() (Chuck Lever) - mfd: omap-usb-tll: Use struct_size to allocate tll (Javier Carrasco) - mfd: rsmu: Split core code into separate module (Arnd Bergmann) - perf intel-pt: Fix exclude_guest setting (Adrian Hunter) - perf intel-pt: Fix aux_watermark calculation for 64-bit size (Adrian Hunter) - media: venus: flush all buffers in output plane streamoff (Dikshita Agarwal) - ext4: fix infinite loop when replaying fast_commit (Luis Henriques (SUSE)) - Revert 'leds: led-core: Fix refcount leak in of_led_get()' (Luca Ceresoli) - drm/qxl: Add check for drm_cvt_mode (Chen Ni) [Orabug: 36964455] {CVE-2024-43829} - drm/etnaviv: fix DMA direction handling for cached RW buffers (Lucas Stach) - perf report: Fix condition in sort__sym_cmp() (Namhyung Kim) - leds: trigger: Unregister sysfs attributes before calling deactivate() (Hans de Goede) [Orabug: 36964458] {CVE-2024-43830} - drm/mediatek: Add DRM_MODE_ROTATE_0 to rotation property (Hsiao Chien Sung) - drm/mediatek: Add missing plane settings when async update (Hsiao Chien Sung) - media: renesas: vsp1: Store RPF partition configuration per RPF instance (Laurent Pinchart) - media: renesas: vsp1: Fix _irqsave and _irq mix (Laurent Pinchart) - media: uvcvideo: Override default flags (Daniel Schaefer) - saa7134: Unchecked i2c_transfer function result fixed (Aleksandr Burakov) - media: i2c: Fix imx412 exposure control (Bryan O'Donoghue) - media: imon: Fix race getting ictx->lock (Ricardo Ribalda) - media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() (Zheng Yejian) - drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() (Douglas Anderson) - drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators (Douglas Anderson) - drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit (Friedrich Vock) - drm/amd/pm: Fix aldebaran pcie speed reporting (Lijo Lazar) - xdp: fix invalid wait context of page_pool_destroy() (Taehee Yoo) [Orabug: 36964469] {CVE-2024-43834} - selftests: forwarding: devlink_lib: Wait for udev events after reloading (Amit Cohen) - bpf: Eliminate remaining 'make W=1' warnings in kernel/bpf/btf.o (Alan Maguire) - bna: adjust 'name' buf size of bna_tcb and bna_ccb structures (Alexey Kodanev) [Orabug: 36964479] {CVE-2024-43839} - bpf: annotate BTF show functions with __printf (Alan Maguire) - selftests/bpf: Close fd in error path in drop_on_reuseport (Geliang Tang) - locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (John Stultz) - wifi: virt_wifi: don't use strlen() in const context (Johannes Berg) - gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey (Gaosheng Cui) - wifi: virt_wifi: avoid reporting connection success with wrong SSID (En-Wei Wu) [Orabug: 36964486] {CVE-2024-43841} - perf: Fix default aux_watermark calculation (Adrian Hunter) - perf: Prevent passing zero nr_pages to rb_alloc_aux() (Adrian Hunter) - perf: Fix perf_aux_size() for greater-than 32-bit size (Adrian Hunter) - perf/x86/intel/pt: Fix pt_topa_entry_for_page() address calculation (Adrian Hunter) - netfilter: nf_tables: rise cap on SELinux secmark context (Pablo Neira Ayuso) - libbpf: Checking the btf_type kind when fixing variable offsets (Donglin Peng) - net: fec: Fix FEC_ECR_EN1588 being cleared on link-down (Csokas, Bence) - net: fec: Refactor: #define magic constants (Csokas Bence) - wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (Baochen Qiang) [Orabug: 36984009] {CVE-2024-43879} - wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() (Baochen Qiang) - wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers (Baochen Qiang) - mlxsw: spectrum_acl: Fix ACL scale regression and firmware errors (Ido Schimmel) - mlxsw: spectrum_acl_erp: Fix object nesting warning (Ido Schimmel) [Orabug: 36984012] {CVE-2024-43880} - lib: objagg: Fix general protection fault (Ido Schimmel) [Orabug: 36964494] {CVE-2024-43846} - selftests/bpf: Check length of recv in test_sockmap (Geliang Tang) - net/smc: set rmb's SG_MAX_SINGLE_ALLOC limitation only when CONFIG_ARCH_NO_SG_CHAIN is defined (Guangguan Wang) - tcp: fix races in tcp_v[46]_err() (Eric Dumazet) - tcp: fix race in tcp_write_err() (Eric Dumazet) - tcp: add tcp_done_with_error() helper (Eric Dumazet) - tcp: annotate lockless access to sk->sk_err (Eric Dumazet) - tcp: annotate lockless accesses to sk->sk_err_soft (Eric Dumazet) - net: esp: cleanup esp_output_tail_tcp() in case of unsupported ESPINTCP (Hagar Hemdan) - selftests/bpf: Fix prog numbers in test_sockmap (Geliang Tang) - wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device (Samasth Norway Ananda) - firmware: turris-mox-rwtm: Initialize completion before mailbox (Marek Behun) - firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() (Marek Behun) - firmware: turris-mox-rwtm: Do not complete if there are no waiters (Marek Behun) - vmlinux.lds.h: catch .bss..L* sections into BSS') (Christophe Leroy) - ARM: spitz: fix GPIO assignment for backlight (Dmitry Torokhov) - ARM: pxa: spitz: use gpio descriptors for audio (Arnd Bergmann) - m68k: cmpxchg: Fix return value for default case in __arch_xchg() (Thorsten Blum) - x86/xen: Convert comma to semicolon (Chen Ni) - m68k: atari: Fix TT bootup freeze / unexpected (SCU) interrupt messages (Eero Tamminen) - arm64: dts: amlogic: gx: correct hdmi clocks (Jerome Brunet) - arm64: dts: mediatek: mt8183-kukui-jacuzzi: Add ports node for anx7625 (Chen-Yu Tsai) - arm64: dts: mediatek: mt7622: fix 'emmc' pinctrl mux (Rafal Milecki) - arm64: dts: mediatek: mt8183-kukui: Drop bogus output-enable property (Chen-Yu Tsai) - ARM: dts: imx6qdl-kontron-samx6i: fix PCIe reset polarity (Michael Walle) - ARM: dts: imx6qdl-kontron-samx6i: fix SPI0 chip selects (Michael Walle) - ARM: dts: imx6qdl-kontron-samx6i: fix board reset (Michael Walle) - ARM: dts: imx6qdl-kontron-samx6i: fix PHY reset (Michael Walle) - ARM: dts: imx6qdl-kontron-samx6i: move phy reset into phy-node (Marco Felsch) - arm64: dts: rockchip: Increase VOP clk rate on RK3328 (Jonas Karlman) - soc: qcom: pdr: fix parsing of domains lists (Dmitry Baryshkov) - soc: qcom: pdr: protect locator_addr with the main mutex (Dmitry Baryshkov) [Orabug: 36964502] {CVE-2024-43849} - memory: fsl_ifc: Make FSL_IFC config visible and selectable (Esben Haabendal) - arm64: dts: qcom: msm8996: specify UFS core_clk frequencies (Dmitry Baryshkov) - soc: qcom: rpmh-rsc: Ensure irqs aren't disabled by rpmh_rsc_send_data() callers (Stephen Boyd) - arm64: dts: qcom: sm8250: add power-domain to UFS PHY (Dmitry Baryshkov) - arm64: dts: qcom: sm8250: switch UFS QMP PHY to new style of bindings (Dmitry Baryshkov) - arm64: dts: qcom: sdm845: add power-domain to UFS PHY (Dmitry Baryshkov) - hwmon: (max6697) Fix swapped temp{1,8} critical alarms (Guenter Roeck) - hwmon: (max6697) Fix underflow when writing limit attributes (Guenter Roeck) - drm/meson: fix canvas release in bind function (Yao Zi) - pwm: stm32: Always do lazy disabling (Uwe Kleine-Konig) - hwmon: (adt7475) Fix default duty on fan is disabled (Wayne Tung) - x86/platform/iosf_mbi: Convert PCIBIOS_* return codes to errnos (Ilpo Jarvinen) - x86/pci/xen: Fix PCIBIOS_* return code handling (Ilpo Jarvinen) - x86/pci/intel_mid_pci: Fix PCIBIOS_* return code handling (Ilpo Jarvinen) - x86/of: Return consistent error type from x86_of_pci_irq_enable() (Ilpo Jarvinen) - hfsplus: fix to avoid false alarm of circular locking (Chao Yu) - block: initialize integrity buffer to zero before writing it to media (Christoph Hellwig) [Orabug: 36964514] {CVE-2024-43854} - block: cleanup bio_integrity_prep (Jinyoung Choi) - block: refactor to use helper (Nitesh Shetty) - platform/chrome: cros_ec_debugfs: fix wrong EC message version (Tzung-Bi Shih) - f2fs: fix to don't dirty inode for readonly filesystem (Chao Yu) [Orabug: 36964212] {CVE-2024-42297} - f2fs: fix return value of f2fs_convert_inline_inode() (Chao Yu) [Orabug: 36964207] {CVE-2024-42296} - LTS version: v5.15.164 (Vijayendra Suman) - tap: add missing verification for short frame (Si-Wei Liu) [Orabug: 36879156] {CVE-2024-41090} - tun: add missing verification for short frame (Dongli Zhang) [Orabug: 36879156] {CVE-2024-41091} - wifi: rt2x00: use explicitly signed or unsigned types (Jason A. Donenfeld) - filelock: Fix fcntl/close race recovery compat path (Jann Horn) [Orabug: 36874755] {CVE-2024-41012} {CVE-2024-41020} - ALSA: pcm_dmaengine: Don't synchronize DMA channel when DMA is paused (Shengjiu Wang) - arm64: dts: qcom: sdm630: Disable SS instance in Parkmode for USB (Krishna Kurapati) - arm64: dts: qcom: msm8996: Disable SS instance in Parkmode for USB (Krishna Kurapati) - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (Seunghun Han) - ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 (Edson Juliano Drosdeck) - fs/ntfs3: Validate ff offset (lei lu) [Orabug: 36891672] {CVE-2024-41019} - jfs: don't walk off the end of ealist (lei lu) [Orabug: 36891666] {CVE-2024-41017} - ocfs2: add bounds checking to ocfs2_check_dir_entry() (lei lu) [Orabug: 36891654] {CVE-2024-41015} - Add gitignore file for samples/fanotify/ subdirectory (Linus Torvalds) - docs: Fix formatting of literal sections in fanotify docs (Gabriel Krisman Bertazi) - samples: Make fs-monitor depend on libc and headers (Gabriel Krisman Bertazi) - samples: Add fs error monitoring example (Gabriel Krisman Bertazi) - wifi: mac80211: disable softirqs for queued frame handling (Johannes Berg) - mm/damon/core: merge regions aggressively when max_nr_regions is unmet (SeongJae Park) - minmax: relax check to allow comparison between unsigned arguments and signed constants (David Laight) - minmax: allow comparisons of 'int' against 'unsigned char/short' (David Laight) - minmax: allow min()/max()/clamp() if the arguments have the same signedness. (David Laight) - minmax: fix header inclusions (Andy Shevchenko) - minmax: clamp more efficiently by avoiding extra comparison (Jason A. Donenfeld) - minmax: sanity check constant bounds when clamping (Jason A. Donenfeld) - tracing: Define the is_signed_type() macro once (Bart Van Assche) - spi: mux: set ctlr->bits_per_word_mask (David Lechner) - hfsplus: fix uninit-value in copy_name (Edward Adam Davis) [Orabug: 36896968] {CVE-2024-41059} - selftests/vDSO: fix clang build errors and warnings (John Hubbard) - spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices (Uwe Kleine-Konig) - riscv: stacktrace: fix usage of ftrace_graph_ret_addr() (Puranjay Mohan) - fs: better handle deep ancestor chains in is_subdir() (Christian Brauner) - drm/radeon: check bo_va->bo is non-NULL before using it (Pierre-Eric Pelloux-Prayer) [Orabug: 36896974] {CVE-2024-41060} - Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (Tetsuo Handa) [Orabug: 36896993] {CVE-2024-41063} - scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed (Xingui Yang) - powerpc/eeh: avoid possible crash when edev->pdev changes (Ganesh Goudar) [Orabug: 36897001] {CVE-2024-41064} - powerpc/pseries: Whitelist dtl slub object for copying to userspace (Anjali K) [Orabug: 36897008] {CVE-2024-41065} - net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() (Yunshui Jiang) - net: usb: qmi_wwan: add Telit FN912 compositions (Daniele Palmas) - ALSA: dmaengine_pcm: terminate dmaengine before synchronize (Shengjiu Wang) - ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx (Aivaz Latypov) - btrfs: qgroup: fix quota root leak after quota disable failure (Filipe Manana) [Orabug: 36897343] {CVE-2024-41078} - platform/x86: lg-laptop: Use ACPI device handle when evaluating WMAB/WMBB (Armin Wolf) - platform/x86: lg-laptop: Change ACPI device id (Armin Wolf) - platform/x86: lg-laptop: Remove LGEX0815 hotkey handling (Armin Wolf) - platform/x86: wireless-hotkey: Add support for LG Airplane Button (Armin Wolf) - s390/sclp: Fix sclp_init() cleanup on failure (Heiko Carstens) [Orabug: 36897031] {CVE-2024-41068} - can: kvaser_usb: fix return value for hif_usb_send_regout (Chen Ni) - ASoC: ti: omap-hdmi: Fix too long driver name (Primoz Fiser) - ASoC: ti: davinci-mcasp: Set min period size using FIFO config (Jai Luthra) - ALSA: dmaengine: Synchronize dma channel after drop() (Jai Luthra) - bytcr_rt5640 : inverse jack detect for Archos 101 cesium (Thomas GENTY) - Input: i8042 - add Ayaneo Kun to i8042 quirk table (Tobias Jakobi) - Input: elantech - fix touchpad state on resume for Lenovo N24 (Jonathan Denose) - mips: fix compat_sys_lseek syscall (Arnd Bergmann) - ALSA: hda/realtek: Add more codec ID to no shutup pins list (Kailang Yang) - drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency (Alexey Makhalov) - KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (Michael Ellerman) [Orabug: 36897047] {CVE-2024-41070} - wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (Dmitry Antipov) [Orabug: 36897311] {CVE-2024-41072} - nvme: avoid double free special payload (Chunguang Xu) [Orabug: 36897316] {CVE-2024-41073} - mei: demote client disconnect warning on suspend to debug (Alexander Usyskin) - fs/file: fix the check in find_next_fd() (Yuntao Wang) - kconfig: remove wrong expr_trans_bool() (Masahiro Yamada) - kconfig: gconf: give a proper initial state to the Save button (Masahiro Yamada) - null_blk: fix validation of block size (Andreas Hindborg) [Orabug: 36897338] {CVE-2024-41077} - arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (Wei Li) - ila: block BH in ila_output() (Eric Dumazet) [Orabug: 36897359] {CVE-2024-41081} - net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (Eric Dumazet) - Input: silead - Always support 10 fingers (Hans de Goede) - selftests/openat2: Fix build warnings on ppc64 (Michael Ellerman) - wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() (Dmitry Antipov) - wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option (Ayala Beker) - wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd (Yedidya Benshimol) - wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup (Yedidya Benshimol) - wifi: mac80211: handle tasklet frames before stopping (Johannes Berg) - wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata (Nicolas Escande) - tools/power/cpupower: Fix Pstate frequency reporting on AMD Family 1Ah CPUs (Dhananjay Ugwekar) - ACPI: EC: Avoid returning AE_OK on errors in address space handler (Armin Wolf) - ACPI: EC: Abort address space access upon error (Armin Wolf) - scsi: qedf: Set qed_slowpath_params to zero before use (Saurav Kashyap) - scsi: qedf: Wait for stag work during unload (Saurav Kashyap) - scsi: qedf: Don't process stag work during unload and recovery (Saurav Kashyap) - scsi: core: alua: I/O errors for ALUA state transitions (Martin Wilck) - scsi: core: Fix a use-after-free (Bart Van Assche) - bpf: Fix overrunning reservations in ringbuf (Daniel Borkmann) [Orabug: 36850238] {CVE-2024-41009} - ACPI: processor_idle: Fix invalid comparison with insertion sort for latency (Kuan-Wei Chiu) - ARM: 9324/1: fix get_user() broken with veneer (Masahiro Yamada) - filelock: Remove locks reliably when fcntl/close race is detected (Jann Horn) [Orabug: 36874755] {CVE-2024-41012} {CVE-2024-41020} - gcc-plugins: Rename last_stmt() for GCC 14+ (Kees Cook) [5.15.0-302.163.3] - uek-rpm: T93: Enable CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER (Thomas Tai) [Orabug: 37174880] - mm: avoid leaving partial pfn mappings around in error case (Linus Torvalds) [Orabug: 37174198] {CVE-2024-47674} - rds/ib: Count memory consumed by rds_page_frag (Hans Westgaard Ry) [Orabug: 37162157] - uek-rpm: Set CONFIG_CRYPTO_FIPS_NAME properly in embedded kernels (Dave Kleikamp) [Orabug: 37160327] - fs/dcache: allow fractional values in fs.negative-dentry-limit (Gautham Ananthakrishna) [Orabug: 37156522] - Revert 'Documentation/admin-guide/acpi: Move information out of shell script comments' (Dave Kleikamp) [Orabug: 37144820] - Revert 'irqchip/gic-v3: Move partition_create_desc() work to a helper' (Dave Kleikamp) [Orabug: 37144820] - Revert 'irqchip/gic: Collect GIC_IRQ_TYPE definitions into one place' (Dave Kleikamp) [Orabug: 37144820] - Revert 'ACPI / irq: Allow a compile-time arg0 for acpi_register_gsi()'s fwspec' (Dave Kleikamp) [Orabug: 37144820] - Revert 'irqchip/gic, gic-v3: Translate fwspec for DT and ACPI systems in the same way' (Dave Kleikamp) [Orabug: 37144820] - Revert 'ACPI / PPTT: Provide a helper to walk processor containers' (Dave Kleikamp) [Orabug: 37144820] - Revert 'ACPI / PPTT: Add a helper to build a cpumask from a cpu_node' (Dave Kleikamp) [Orabug: 37144820] - Revert 'irqchip/gic-v3: Print DT partitions in the same way as APCI' (Dave Kleikamp) [Orabug: 37144820] - Revert 'irqchip/gic-v3: Build PPI partitions on ACPI systems' (Dave Kleikamp) [Orabug: 37144820] - Revert 'irqchip/gic-v3: select and translate the partition domain' (Dave Kleikamp) [Orabug: 37144820] - Revert 'ACPI / irq: Add acpi_register_partitioned_percpu_gsi()' (Dave Kleikamp) [Orabug: 37144820] - Revert 'ACPI / PPTT: Find PPTT cache level by ID' (Dave Kleikamp) [Orabug: 37144820] - Revert 'ACPI / PPTT: Add a helper to fill a cpumask from a processor container' (Dave Kleikamp) [Orabug: 37144820] - Revert 'ACPI / PPTT: Add a helper to fill a cpumask from a cache_id' (Dave Kleikamp) [Orabug: 37144820] - Revert 'drivers: base: cacheinfo: Check per_cpu_cacheinfo() is allocated' (Dave Kleikamp) [Orabug: 37144820] - Revert 'drivers: base: cacheinfo: Add helper to find the cache size from cpu+level' (Dave Kleikamp) [Orabug: 37144820] - Revert 'cacheinfo: Allow for >32-bit cache 'id'' (Dave Kleikamp) [Orabug: 37144820] - Revert 'cacheinfo: Set cache 'id' based on DT data' (Dave Kleikamp) [Orabug: 37144820] - Revert 'cacheinfo: Expose the code to generate a cache-id from a device_node' (Dave Kleikamp) [Orabug: 37144820] - KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (Kim Phillips) [Orabug: 37126702] - x86/cpu, kvm: Add the SMM_CTL MSR not present feature (Kim Phillips) [Orabug: 37126702] - x86/cpu, kvm: Add the Null Selector Clears Base feature (Kim Phillips) [Orabug: 37126702] - x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (Kim Phillips) [Orabug: 37126702] - x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (Kim Phillips) [Orabug: 37126702] - KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (Kim Phillips) [Orabug: 37126702] - KVM: x86: Advertise that the SMM_CTL MSR is not supported (Jim Mattson) [Orabug: 37126702] - KVM: x86: synthesize CPUID leaf 0x80000021h if useful (Paolo Bonzini) [Orabug: 37126702] - KVM: x86: skip host CPUID call for hypervisor leaves (Paolo Bonzini) [Orabug: 37126702] - KVM: x86: add support for CPUID leaf 0x80000021 (Paolo Bonzini) [Orabug: 37126702] - amd_hsmp: Update PwrEfficiencyModeSelection message (Suma Hegde) [Orabug: 37123833] - amd_hsmp: Add support for new error codes returned from firmware (Suma Hegde) [Orabug: 37123833] - amd_hsmp: Add new HSMP messages of protocol version 7 (Suma Hegde) [Orabug: 37123833] - IB/mlx5: Fix mlx5_ib_get_vector_irqn() after dynamic IRQ allocation change (Gerd Rausch) [Orabug: 37069671] - arm64: kdump: increase crashkernel reservation size for crashkernel=auto (Brian Maly) [Orabug: 36949800] - rds: Support rds-pings with payload (Hakon Bugge) [Orabug: 36847470] - mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() (Miaohe Lin) [Orabug: 36683092] {CVE-2024-36028} - mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled (Miaohe Lin) [Orabug: 36597930] {CVE-2024-26987} [5.15.0-302.163.2] - uek: kabi: Introduce APIs to hide/fake inclusion of headers (Saeed Mirzamohammadi) [Orabug: 37144803] - uek-rpm: Enable config for Mediatek mt7915E wireless driver (Saeed Mirzamohammadi) [Orabug: 37123534] - uek-rpm: Update the x86 kABI files for new symbol (Yifei Liu) [Orabug: 37108651] - KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked (Sean Christopherson) [Orabug: 36809298] {CVE-2024-39483} - net: bridge: xmit: make sure we have at least eth header len bytes (Nikolay Aleksandrov) [Orabug: 36753371] {CVE-2024-38538} - net: add pskb_may_pull_reason() helper (Eric Dumazet) [Orabug: 36753371] {CVE-2024-38538} [5.15.0-302.163.1] - vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (Haoran Zhang) [Orabug: 37035557] {CVE-2024-49863} - kpcimgr: Add dynamic memory region allocation feature (Joe Dobosenski) [Orabug: 36983477] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-39472 CVE-2024-41019 CVE-2024-43821 CVE-2024-43849 CVE-2024-43870 CVE-2024-43883 CVE-2024-45026 CVE-2024-46752 CVE-2024-46814 CVE-2024-26585 CVE-2024-41011 CVE-2024-42284 CVE-2024-42295 CVE-2024-42302 CVE-2024-42305 CVE-2024-44946 CVE-2024-44971 CVE-2024-44982 CVE-2024-44995 CVE-2024-45003 CVE-2024-45006 CVE-2024-45028 CVE-2024-46677 CVE-2024-46714 CVE-2024-46739 CVE-2024-46755 CVE-2024-46763 CVE-2024-46791 CVE-2024-46807 CVE-2024-47669 CVE-2024-43846 CVE-2024-43853 CVE-2024-43875 CVE-2024-43884 CVE-2024-46724 CVE-2024-46844 CVE-2024-47668 CVE-2024-41017 CVE-2024-41072 CVE-2024-42126 CVE-2024-43856 CVE-2024-43860 CVE-2024-43863 CVE-2024-43897 CVE-2024-43908 CVE-2024-43914 CVE-2024-44960 CVE-2024-44983 CVE-2024-46674 CVE-2024-46702 CVE-2024-46713 CVE-2024-46721 CVE-2024-46725 CVE-2024-46737 CVE-2024-46805 CVE-2024-46822 CVE-2024-49863 CVE-2023-52450 CVE-2024-41070 CVE-2024-42114 CVE-2024-42265 CVE-2024-42301 CVE-2024-42311 CVE-2024-43880 CVE-2024-43882 CVE-2024-43902 CVE-2024-44947 CVE-2024-44986 CVE-2024-45016 CVE-2024-46722 CVE-2024-46723 CVE-2024-46743 CVE-2024-46756 CVE-2024-46815 CVE-2024-47663 CVE-2024-36028 CVE-2024-41009 CVE-2024-41015 CVE-2024-41078 CVE-2024-42290 CVE-2024-42313 CVE-2024-44935 CVE-2024-44968 CVE-2024-46676 CVE-2024-46707 CVE-2024-46744 CVE-2024-46750 CVE-2024-46795 CVE-2024-44934 CVE-2024-44969 CVE-2024-44989 CVE-2024-45008 CVE-2024-46761 CVE-2024-41012 CVE-2024-41064 CVE-2024-42296 CVE-2024-42306 CVE-2024-43830 CVE-2024-43873 CVE-2024-43894 CVE-2024-43905 CVE-2024-44948 CVE-2024-44954 CVE-2024-44966 CVE-2024-44990 CVE-2024-46740 CVE-2024-46746 CVE-2024-46777 CVE-2024-46780 CVE-2024-46819 CVE-2024-47667 CVE-2024-47674 CVE-2024-41042 CVE-2024-41068 CVE-2024-41081 CVE-2024-42228 CVE-2024-42267 CVE-2024-42297 CVE-2024-42310 CVE-2024-42318 CVE-2024-43834 CVE-2024-43858 CVE-2024-44944 CVE-2024-44958 CVE-2024-44987 CVE-2024-44998 CVE-2024-46758 CVE-2024-46800 CVE-2024-46810 CVE-2024-41090 CVE-2024-42280 CVE-2024-42283 CVE-2024-42309 CVE-2024-43829 CVE-2024-43871 CVE-2024-44965 CVE-2024-46719 CVE-2024-46783 CVE-2024-46817 CVE-2024-46828 CVE-2024-46832 CVE-2024-38538 CVE-2024-39483 CVE-2024-41020 CVE-2024-41065 CVE-2024-41077 CVE-2024-42259 CVE-2024-42276 CVE-2024-42277 CVE-2024-42308 CVE-2024-43835 CVE-2024-43879 CVE-2024-43889 CVE-2024-43909 CVE-2024-45025 CVE-2024-46675 CVE-2024-46679 CVE-2024-46759 CVE-2024-46771 CVE-2024-47665 CVE-2023-31083 CVE-2024-41091 CVE-2024-42299 CVE-2024-43817 CVE-2024-43861 CVE-2024-44988 CVE-2024-45011 CVE-2024-45018 CVE-2024-46731 CVE-2024-46781 CVE-2024-46829 CVE-2024-46839 CVE-2024-41073 CVE-2024-41098 CVE-2024-42271 CVE-2024-43885 CVE-2024-43890 CVE-2024-43892 CVE-2024-44999 CVE-2024-45007 CVE-2024-46685 CVE-2024-46757 CVE-2024-46798 CVE-2024-46818 CVE-2024-46840 CVE-2024-26987 CVE-2024-38577 CVE-2024-42304 CVE-2024-43839 CVE-2024-43854 CVE-2024-43867 CVE-2024-43893 CVE-2024-44985 CVE-2024-46745 CVE-2024-46747 CVE-2024-46782 CVE-2024-41059 CVE-2024-41060 CVE-2024-41063 CVE-2024-42281 CVE-2024-42285 CVE-2024-42291 CVE-2024-42292 CVE-2024-42312 CVE-2024-43841 CVE-2024-43907 CVE-2024-45021 CVE-2024-46673 CVE-2024-46732 CVE-2024-46734 CVE-2024-46804 cpe:/a:oracle:linux:9::UEKR7 Oracle Linux 9 [- 7.0.117-1.0.1] - Update to .NET SDK 7.0.117 and Runtime 7.0.17 - Port revert 'Disable implicit rejection for RSA PKCS#1 (#95217)' patch [- 7.0.116-1.0.1] - Update to .NET SDK 7.0.116 and Runtime 7.0.16 * Tue Jan 16 2024 Lukas Lipinsky - 7.0.115-1.0.1 - Update to .NET SDK 7.0.115 and Runtime 7.0.15 [7.0.114-1.0.1] - Update to .NET SDK 7.0.114 and Runtime 7.0.14 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-21392 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [- 8.0.103-2.0.1] - Update to .NET SDK 8.0.103 and Runtime 8.0.3 - Disable checking the signature of the last certificate in a chain if the certificate is supposedly self-signed. - Resolves: RHEL-25254 - Backport MSBuild locale fix - Resolves: RHEL-23936 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-21392 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [2.85-14.1] - Fix CVE 2023-50387 and CVE 2023-50868 - Resolves: RHEL-25674 - Resolves: RHEL-25638 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-50387 CVE-2023-50868 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [7:5.5-6.0.1.8] - Rebuild with release bump [7:5.5-6.8] - Resolves: RHEL-19555 - squid: denial of service in HTTP request parsing (CVE-2023-50269) [7:5.5-6.7] - Resolves: RHEL-28614 - squid: Denial of Service in HTTP Chunked Decoding (CVE-2024-25111) [7:5.5-6.6] - Resolves: RHEL-26091 - squid: denial of service in HTTP header parser (CVE-2024-25617) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-50269 CVE-2024-25111 CVE-2024-25617 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1:7.1.8.1-12.0.1] - Replace colors with Oracle colors [Orabug: 32120093] - Added the --with-hamcrest option to configure. [1:7.1.8.1-12] - Fix CVE-2023-6185 escape url passed to gstreamer - Fix CVE-2023-6186 check link target protocols IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-6186 CVE-2023-6185 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [42.2.28-1] - rebase to 42.2.28 - fix for CVE-2024-1597 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1597 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [1:16.20.2-4.0.1] - reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks Resolves: CVE-2024-22019 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-22019 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [1.20.12-2] - Fix CVE-2024-1394 - Resolves: RHEL-27189 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1394 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [115.9.1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding OpenELA file [115.9.1] - Add debranding patches (Mustafa Gezen) - Add OpenELA default preferences (Louis Abel) [115.9.1-1] - Update to 115.9.1 [115.9.0-2] - Update to 115.9.0 build2 [115.9.0-1] - Update to 115.9.0 build1 - Fix expat CVE-2023-52425 CRITICAL Copyright 2024 Oracle, Inc. CVE-2024-2616 CVE-2024-2611 CVE-2024-29944 CVE-2024-2612 CVE-2024-2614 CVE-2024-2608 CVE-2023-5388 CVE-2024-2607 CVE-2024-0743 CVE-2024-2610 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [115.9.0-1.0.1] - Add Oracle prefs [115.9.0-1] - Update to 115.9.0 build1 - Fix expat CVE-2023-52425 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-2611 CVE-2024-2612 CVE-2024-2607 CVE-2024-2610 CVE-2023-5388 CVE-2024-1936 CVE-2024-2608 CVE-2024-0743 CVE-2024-2614 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [9.2.10-8] - Rebuild with latest version of golang - resolve RHEL-24313 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1394 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [5.1.1-2] - Rebuild with latest version of golang - resolves CVE-CVE-2024-1394 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1394 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 nodejs [1:18.19.1-1] - Rebase to version 18.19.1 - Fixes: CVE-2024-21892 CVE-2024-22019 (high) - Fixes: CVE-2023-46809 (medium) nodejs-nodemon nodejs-packaging IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-46809 CVE-2024-22019 CVE-2024-21892 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [2.5.0-1.1] - CVE-2023-52425: Fix parsing of large tokens - CVE-2024-28757: Reject direct parameter entity recursion - Resolves: RHEL-29698 - Resolves: RHEL-29695 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-52425 CVE-2024-28757 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 ruby [3.1.4-143] - Upgrade to Ruby 3.1.4. Resolves: RHEL-5586 - Fix HTTP response splitting in CGI. Resolves: RHEL-5591 - Fix ReDos vulnerability in URI. Resolves: RHEL-28919 Resolves: RHEL-5612 - Fix ReDos vulnerability in Time. Resolves: RHEL-28920 - Make RDoc soft dependency in IRB. Resolves: RHEL-5613 [3.1.2-142] - Bypass git submodule test failure on Git >= 2.38.1. - Fix tests with Europe/Amsterdam pre-1970 time on tzdata version 2022b. - Fix for tzdata-2022g. - Fix OpenSSL.fips_mode and OpenSSL::PKey.read in OpenSSL 3 FIPS. Resolves: RHEL-5590 - ssl: use ffdhe2048 from RFC 7919 as the default DH group parameters Related: RHEL-5590 - Disable fiddle tests that use FFI closures. Related: RHEL-5590 rubygem-mysql2 [0.5.4-1] - New upstream release 0.5.4 by merging Fedora rawhide branch (commit: e21b5b9) Resolves: rhbz#2063773 [0.5.3-1] - New upstream release 0.5.3 by merging Fedora master branch (commit: 674d475) Resolves: rhbz#1817135 rubygem-pg [1.3.5-1] - Update to pg 1.3.5 Related: rhbz#2063773 [1.2.3-1] - Update to pg 1.2.3 by merging Fedora master branch (commit: 5db4d26) Resolves: rhbz#1817135 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-28755 CVE-2023-28756 CVE-2023-36617 CVE-2021-33621 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 nodejs [1:20.11.1-1] - Rebase to version 20.11.1 - Fixes: CVE-2024-21892 CVE-2024-21896 CVE-2024-22017 CVE-2024-22019 (high) - Fixes: CVE-2023-46809 CVE-2024-21890 CVE-2024-21891 (medium) nodejs-nodemon nodejs-packaging IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-46809 CVE-2024-21896 CVE-2024-21890 CVE-2024-22017 CVE-2024-22019 CVE-2024-21892 CVE-2024-21891 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:4:appstream_patch cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [6.6.2-4.1] - Resolves: RHEL-30387 - varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156) [6.6.2-4] - Add parameters h2_rst_allowance and h2_rst_allowance_period to mitigate CVE-2023-44487 - Resolves: RHEL-12817 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-30156 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [590-3] - Fix CVE-2022-48624 - Resolves: RHEL-26265 MODERATE Copyright 2024 Oracle, Inc. CVE-2022-48624 cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9:4:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [1.16.2-3.5] - Rebuilt again with z-stream target [1.16.2-3.4] - Correct typo in new config file [1.16.2-3.3] - Ensure group access correction reaches also updated configs (CVE-2024-1488) [1.16.2-3.2] - Ensure only unbound group can change configuration (CVE-2024-1488) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1488 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 bind [32:9.16.23-14.4] - Rebuild with correct z-stream tag again [32:9.16.23-14.3] - Rebuild together with bind-dyndb-ldap to adjust ABI changes [32:9.16.23-14.2] - Import tests for large DNS messages fix - Add downstream change complementing CVE-2023-50387 [32:9.16.23-14.1] - Prevent increased CPU load on large DNS messages (CVE-2023-4408) - Prevent assertion failure when nxdomain-redirect is used with RFC 1918 reverse zones (CVE-2023-5517) - Prevent assertion failure if DNS64 and serve-stale is used (CVE-2023-5679) - Specific recursive query patterns may lead to an out-of-memory condition (CVE-2023-6516) - Prevent increased CPU consumption in DNSSEC validator (CVE-2023-50387 CVE-2023-50868) bind-dyndb-ldap [11.9-8.3] - Rebuild with correct z-stream tag again [11.9-8.2] - Rebuild required for BIND changes for KeyTrap change (CVE-2023-50387) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-5517 CVE-2023-5679 CVE-2023-50387 CVE-2023-50868 CVE-2023-4408 CVE-2023-6516 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 8 Oracle Linux 9 [1:1.8.0.412.b08-2.0.1] - Add Oracle vendor bug URL [Orabug: 34340155] MODERATE Copyright 2024 Oracle, Inc. CVE-2024-21011 CVE-2024-21094 CVE-2024-21068 CVE-2024-21085 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 Oracle Linux 9 [1:11.0.23.0.9-3.0.1] - Add Oracle vendor bug URL [Orabug: 34340155] [1:11.0.23.0.9-2] - Fix 11.0.22 release date in NEWS [1:11.0.23.0.9-1] - Update to jdk-11.0.23+9 (GA) - Update release notes to 11.0.23+9 - Switch to GA mode for release - Require tzdata 2024a due to upstream inclusion of JDK-8322725 - Only require tzdata 2023d for now as 2024a is unavailable in buildroot - ** This tarball is embargoed until 2024-04-16 @ 1pm PT. ** - Resolves: RHEL-30920 [1:11.0.23.0.1-0.1.ea] - Update to jdk-11.0.23+1 (EA) - Update release notes to 11.0.23+1 - Switch to EA mode MODERATE Copyright 2024 Oracle, Inc. CVE-2024-21094 CVE-2024-21012 CVE-2024-21085 CVE-2024-21068 CVE-2024-21011 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 Oracle Linux 9 [17.0.11.0.9-2.0.1] - Add Oracle vendor bug URL [1:17.0.11.0.9-2] - Update to jdk-17.0.11+9 (GA) - Add openjdk-17.0.11+9.tar.xz to .gitignore - Sync java-17-openjdk-portable.specfile from openjdk-portable-rhel-8 - Update buildver from 7 to 9 - Update portablerelease from 1 to 3 - Change is_ga from 0 to 1 to enable GA mode for release - Update tzdata Requires comment to mention that 2024a is not yet in the buildroot - Update tzdata BuildRequires comment to mention that 2024a is not yet in the buildroot - Update tzdata BuildRequires fro 2023c to 2023d - Update sources from openjdk-17.0.11+7-ea.tar.xz to openjdk-17.0.11+9.tar.xz - Resolves: RHEL-27137 - ** This tarball is embargoed until 2024-04-16 @ 1pm PT. ** [1:17.0.11.0.7-0.2.ea] - Update to jdk-17.0.11+7 (EA) - Sync java-17-openjdk-portable.specfile - Sync java-17-openjdk-portable.specfile again to mention OPENJDK-2730 - Related: RHEL-27137 [1:17.0.11.0.6-0.2.ea] - Update to jdk-17.0.11+6 (EA) - Sync java-17-openjdk-portable.specfile - Update buildjdkver to match the featurever - Use featurever macro to specify fips patch - Explain patchN syntax situation in a comment - generate_source_tarball.sh: Fix whitespace - generate_source_tarball.sh: Skip -ga tags - generate_source_tarball.sh: Get -ea suffix from version-numbers.conf - generate_source_tarball.sh: Use git archive to generate tarball - generate_source_tarball.sh: Update version in comment - generate_source_tarball.sh: Remove trailing period in echo - generate_source_tarball.sh: Add indentation instructions for Emacs - Require tzdata 2023d (JDK-8322725) - generate_source_tarball.sh: Add license - openjdk_news.sh: Use grep -E instead of egrep - Remove RH1649512 patch for libjpeg-turbo FAR macro - Move pcsc-lite-libs patch to in-need-of-upstreaming section - Related: RHEL-27137 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-21011 CVE-2024-21012 CVE-2024-21068 CVE-2024-21094 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 Oracle Linux 9 [1:21.0.3.0.9-1.0.1] - Add Oracle vendor bug URL [Orabug: 34340155] [1:21.0.3.0.9-1] - Update to jdk-21.0.3+9 (GA) - Update release notes to 21.0.3+9 - Switch to GA mode. - Sync the copy of the portable specfile with the latest update - ** This tarball is embargoed until 2024-04-16 @ 1pm PT. ** - Resolves: RHEL-32405 [1:21.0.3.0.7-0.1.ea] - Update to jdk-21.0.3+7 (EA) - Update release notes to 21.0.3+7 - Require tzdata 2024a due to upstream inclusion of JDK-8322725 - Only require tzdata 2023d for now as 2024a is unavailable in buildroot - Drop JDK-8009550 which is now available upstream - Re-generate FIPS patch against 21.0.3+7 following backport of JDK-8325254 - Resolves: RHEL-30944 [1:21.0.3.0.1-0.2.ea] - Invoke xz in multi-threaded mode - generate_source_tarball.sh: Add WITH_TEMP environment variable - generate_source_tarball.sh: Multithread xz on all available cores - generate_source_tarball.sh: Add OPENJDK_LATEST environment variable - generate_source_tarball.sh: Update comment about tarball naming - generate_source_tarball.sh: Reformat comment header - generate_source_tarball.sh: Reformat and update help output - generate_source_tarball.sh: Do a shallow clone, for speed - generate_source_tarball.sh: Append -ea designator when required - generate_source_tarball.sh: Eliminate some removal prompting - generate_source_tarball.sh: Make tarball reproducible - generate_source_tarball.sh: Prefix temporary directory with temp- - generate_source_tarball.sh: Remove temporary directory exit conditions - generate_source_tarball.sh: Fix -ea logic to add dash - generate_source_tarball.sh: Set compile-command in Emacs - generate_source_tarball.sh: Remove REPO_NAME from FILE_NAME_ROOT - generate_source_tarball.sh: Move PROJECT_NAME and REPO_NAME checks - generate_source_tarball.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) - generate_source_tarball.sh: shellcheck: Double-quote variable references (SC2086) - generate_source_tarball.sh: shellcheck: Do not use -a (SC2166) - generate_source_tarball.sh: shellcheck: Do not use $ on arithmetic variables (SC2004) - Use backward-compatible patch syntax - generate_source_tarball.sh: Ignore -ga tags with OPENJDK_LATEST - generate_source_tarball.sh: Fix whitespace - generate_source_tarball.sh: Remove trailing period in echo - generate_source_tarball.sh: Use long-style argument to grep - generate_source_tarball.sh: Add license - generate_source_tarball.sh: Add indentation instructions for Emacs - Related: RHEL-30944 [1:21.0.3.0.1-0.2.ea] - Install alt-java man page from the misc tarball as it is no longer in the JDK image - generate_source_tarball.sh: Update examples in header for clarity - generate_source_tarball.sh: Cleanup message issued when checkout already exists - generate_source_tarball.sh: Create directory in TMPDIR when using WITH_TEMP - generate_source_tarball.sh: Only add --depth=1 on non-local repositories - Move maintenance scripts to a scripts subdirectory - discover_trees.sh: Set compile-command and indentation instructions for Emacs - discover_trees.sh: shellcheck: Do not use -o (SC2166) - discover_trees.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) - discover_trees.sh: shellcheck: Double-quote variable references (SC2086) - generate_source_tarball.sh: Add authorship - icedtea_sync.sh: Set compile-command and indentation instructions for Emacs - icedtea_sync.sh: shellcheck: Double-quote variable references (SC2086) - icedtea_sync.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) - openjdk_news.sh: Set compile-command and indentation instructions for Emacs - openjdk_news.sh: shellcheck: Double-quote variable references (SC2086) - openjdk_news.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) - openjdk_news.sh: shellcheck: Remove deprecated egrep usage (SC2196) - generate_source_tarball.sh: Output values of new options WITH_TEMP and OPENJDK_LATEST - generate_source_tarball.sh: Double-quote DEPTH reference (SC2086) - generate_source_tarball.sh: Avoid empty DEPTH reference while still appeasing shellcheck - Related: RHEL-30944 [1:21.0.3.0.1-0.1.ea] - Update to jdk-21.0.3+1 (EA) - Update release notes to 21.0.3+1 - Switch to EA mode - Require tzdata 2023d due to upstream inclusion of JDK-8322725 - Bump FreeType version to 2.13.2 following JDK-8316028 - Related: RHEL-30944 [1:21.0.2.0.13-2] - Sync the copy of the portable specfile with the latest update - Define portablesuffix according to whether pkgos is defined or not - Related: RHEL-30944 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-21068 CVE-2024-21012 CVE-2024-21011 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 9 [1.15.19-5.1] - Resolves: RHEL-29826 - mod_http2: httpd: CONTINUATION frames DoS (CVE-2024-27316) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-27316 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [3.7.6-23.4] - Fix timing side-channel in deterministic ECDSA (RHEL-28958) - Fix potential crash during chain building/verification (RHEL-28953) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-28835 CVE-2024-28834 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [15.8-1.0.3] - Update shimx64.efi and shimaa64.efi v15.8 signed by Microsoft [Orabug: 36072879] - Update shim fb and mm binaries to match unsigned releases [Orabug: 36072879] [15.8-1.0.2] - Use binaries with correct shim.ol generation [Orabug: 36072879] - Set SBAT_AUTOMATIC_DATE=2021030218 [Orabug: 36072879] [15.8-1.0.1] - Update to 15.8 [Orabug: 36072879] - fix CVE-2023-40546, CVE-2023-40547, CVE-2023-40548, CVE-2023-40549, CVE-2023-40550, CVE-2023-40551 [Orabug: 36072879] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-40551 CVE-2023-40548 CVE-2023-40549 CVE-2023-40546 CVE-2023-40550 CVE-2023-40547 cpe:/o:oracle:linux:9:3:baseos_patch cpe:/o:oracle:linux:9:4:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [115.10.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [115.10.0-1] - Update to 115.10.0 build1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-3852 CVE-2024-2609 CVE-2024-3857 CVE-2024-3859 CVE-2024-3854 CVE-2024-3864 CVE-2024-3861 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [115.10.0-2.0.1] - Add Oracle prefs - Add OpenELA debranding [115.10.0-2] - Update to 115.10.0 build2 [115.10.0-1] - Update to 115.10.0 build1 - Revert expat CVE-2023-52425 fix LOW Copyright 2024 Oracle, Inc. CVE-2024-3302 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1.20.12-4] - Rebuild for z-stream - Related: RHEL-28939 [1.20.12-3] - Fix CVE-2023-45288 - Resolves: RHEL-28939 - Temporarily disable FIPS tests (RHELBLD-14822) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-45288 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [4.12-1.0.1.1] - Add libreswan-oracle.patch to detect Oracle Linux distro [4.12-1.1] - Fix CVE-2024-2357 (RHEL-29734) - x509: unpack IPv6 general names based on length (RHEL-32719) [4.12-1] - Update to 4.12 to fix CVE-2023-38710, CVE-2023-38711, CVE-2023-38712 - Resolves: rhbz#2215956 [4.9-5] - Just bumping up the version to include bugs for CVE-2023-2295. There is no code fix for it. Fix for it is including the code fix for CVE-2023-30570. - Fix CVE-2023-2295 Regression of CVE-2023-30570 fixes in the Red Hat Enterprise Linux - Resolves: rhbz#2189777, rhbz#2190148 [4.9-4] - Just bumping up the version as an incorrect 9.3 build was created. - Related: rhbz#2187171 [4.9-3] - Fix CVE-2023-30570:Malicious IKEv1 Aggressive Mode packets can crash libreswan - Resolves: rhbz#2187171 [4.9-2] - Fix CVE-2023-23009: remote DoS via crafted TS payload with an incorrect selector length (rhbz#2173674) [4.9-1] - Update to 4.9. Resolves: rhbz#2128669 - Switch to using %autopatch as in Fedora MODERATE Copyright 2024 Oracle, Inc. CVE-2024-2357 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1.31.5-1.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178] [1:1.31.5-1] - update to the latest content of https://github.com/containers/buildah/tree/release-1.31 (https://github.com/containers/buildah/commit/5fd539c) - Resolves: RHEL-26775 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1753 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [0.11.7-2] - Fixed CVE-2024-25126, CVE-2024-26141, CVE-2024-26146 in bundled dependency rack Resolves: RHEL-26446, RHEL-26448, RHEL-26450 [0.11.7-1] - Rebased to the latest sources (see CHANGELOG.md) Resolves: RHEL-7740 [0.11.6-6] - Rebased to the latest upstream sources (see CHANGELOG.md) Resolves: RHEL-7582, RHEL-7583, RHEL-7669, RHEL-7672, RHEL-7697, RHEL-7698, RHEL-7700, RHEL-7703, RHEL-7719, RHEL-7725, RHEL-7730, RHEL-7738, RHEL-7739, RHEL-7740, RHEL-7744, RHEL-7746 - TLS cipher setting in pcsd now follows system-wide crypto policies by default Resolves: RHEL-7724 - Tightened permissions of bundled rubygems to be 755 or stricter Resolves: RHEL-7716 [0.11.6-5] - No changes, fixing an error in a new quality control process - Resolves: RHEL-15217 [0.11.6-4] - No changes, testing a new quality control process - Resolves: RHEL-15217 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-26146 CVE-2024-25126 CVE-2024-26141 cpe:/a:oracle:linux:9::addons Oracle Linux 9 osbuild [110-1] - New upstream release [109-1] - New upstream release [106-1] - New upstream release [105-1] - New upstream release [104-2] - Fix unit tests in RHEL CI by backporting upstream fixes [104-1] - New upstream release [103-1] - New upstream release [102-1] - New upstream release [101-2] - Change unit-test timeout from 3h to 4h - Rebuild after failed gating [101-1] - New upstream release [100-1] - New upstream release [99-1] - New upstream release [98-1] - New upstream release [97-1] - New upstream release [96-1] - New upstream release [95-1] - New upstream release [94-1] - New upstream release osbuild-composer [101-1] - New upstream release [100-1] - New upstream release [99-1] - New upstream release [98-1] - New upstream release [96-1] - New upstream release [95-1] - New upstream release [94-1] - New upstream release [93-1] - New upstream release [92-1] - New upstream release [91-1] - New upstream release [89-1] - New upstream release [88-1] - New upstream release [87-1] - New upstream release [86-1] - New upstream release [85-1] - New upstream release [84-1] - New upstream release [82-1] - New upstream release [80-1] - New upstream release [79-1] - New upstream release [77-1] - New upstream release [76-1] - New upstream release [75-1] - New upstream release [74-1] - New upstream release [73-1] - New upstream release [72-1] - New upstream release [71-1] - New upstream release [70-1] - New upstream release [69-1] - New upstream release [68-1] - New upstream release [67-2] - Fix functional tests to make them pass in RHEL-9.2 gating [67-1] - New upstream release [62-1] - New upstream release [60-1] - New upstream release [59-1] - New upstream release [58-1] - New upstream release [57-1] - New upstream release [55-1] - New upstream release [54-1] - New upstream release [53-1] - New upstream release [51-1] - New upstream release [46-1] - New upstream release MODERATE Copyright 2024 Oracle, Inc. CVE-2024-2307 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [2.42.5-1] - Update to 2.42.5 Resolves: RHEL-3960 [2.42.4-1] - Update to 2.42.4 Resolves: RHEL-3960 Resolves: RHEL-19366 [2.42.3-1] - Update to 2.42.3 Resolves: RHEL-3960 [2.42.2-1] - Update to 2.42.2 Resolves: RHEL-3960 [2.42.1-1] - Update to 2.42.1 Resolves: RHEL-3960 [2.42.0-1] - Upgrade to 2.42.0 Resolves: RHEL-3960 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2014-1745 CVE-2023-41983 CVE-2023-39928 CVE-2024-23213 CVE-2024-23206 CVE-2023-40414 CVE-2023-32359 CVE-2023-42890 CVE-2023-42883 CVE-2023-42852 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [4.10.0-62] - bundled urllib3: fix CVE-2023-45803 Resolves: RHEL-18139 - bundled pycryptodome: fix CVE-2023-52323 Resolves: RHEL-20917 - bundled jinja2: fix CVE-2024-22195 Resolves: RHEL-21345 [4.10.0-61] - fence_zvmip: document required user permissions in metadata/manpage Resolves: RHEL-14344 [4.10.0-60] - all agents: update metadata in non-I/O agents to Power or Network fencing Resolves: RHEL-14030 [4.10.0-57] - bundled urllib3: fix CVE-2023-43804 Resolves: RHEL-11999 [4.10.0-56] - fence_scsi: fix registration handling if ISID conflicts Resolves: RHEL-5396 - bundled certifi: fix CVE-2023-37920 Resolves: RHEL-9446 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-22195 CVE-2023-45803 CVE-2023-52323 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::addons Oracle Linux 9 [8.2.0-11] - kvm-coroutine-cap-per-thread-local-pool-size.patch [RHEL-28947] - kvm-coroutine-reserve-5-000-mappings.patch [RHEL-28947] - Resolves: RHEL-28947 (Qemu crashing with 'failed to set up stack guard page: Cannot allocate memory') [8.2.0-10] - kvm-chardev-lower-priority-of-the-HUP-GSource-in-socket-.patch [RHEL-24614] - kvm-Revert-chardev-char-socket-Fix-TLS-io-channels-sendi.patch [RHEL-24614] - kvm-Revert-chardev-use-a-child-source-for-qio-input-sour.patch [RHEL-24614] - Resolves: RHEL-24614 ([RHEL9][chardev] qemu hit core dump while using TLS server from host to guest) [8.2.0-9] - kvm-mirror-Don-t-call-job_pause_point-under-graph-lock.patch [RHEL-28125] - kvm-nbd-server-Fix-race-in-draining-the-export.patch [RHEL-28125] - kvm-iotests-Add-test-for-reset-AioContext-switches-with-.patch [RHEL-28125] - kvm-pc-smbios-fixup-manufacturer-product-version-to-matc.patch [RHEL-21705] - Resolves: RHEL-28125 (RHEL9.4 - KVM : Live migration of guest with multiple qcow devices remains incomplete.) - Resolves: RHEL-21705 (pc-q35-rhel9.4.0 does not provide proper computer information) [8.2.0-8] - kvm-ui-clipboard-mark-type-as-not-available-when-there-i.patch [RHEL-19629] - kvm-ui-clipboard-add-asserts-for-update-and-request.patch [RHEL-19629] - kvm-hw-i386-pc-Defer-smbios_set_defaults-to-machine_done.patch [RHEL-21705] - kvm-Implement-base-of-SMBIOS-type-9-descriptor.patch [RHEL-21705] - kvm-Implement-SMBIOS-type-9-v2.6.patch [RHEL-21705] - kvm-smbios-cleanup-smbios_get_tables-from-legacy-handlin.patch [RHEL-21705] - kvm-smbios-get-rid-of-smbios_smp_sockets-global.patch [RHEL-21705] - kvm-smbios-get-rid-of-smbios_legacy-global.patch [RHEL-21705] - kvm-smbios-avoid-mangling-user-provided-tables.patch [RHEL-21705] - kvm-smbios-don-t-check-type4-structures-in-legacy-mode.patch [RHEL-21705] - kvm-smbios-add-smbios_add_usr_blob_size-helper.patch [RHEL-21705] - kvm-smbios-rename-expose-structures-bitmaps-used-by-both.patch [RHEL-21705] - kvm-smbios-build-legacy-mode-code-only-for-pc-machine.patch [RHEL-21705] - kvm-smbios-handle-errors-consistently.patch [RHEL-21705] - kvm-smbios-get-rid-of-global-smbios_ep_type.patch [RHEL-21705] - kvm-smbios-clear-smbios_type4_count-before-building-tabl.patch [RHEL-21705] - kvm-smbios-extend-smbios-entry-point-type-with-auto-valu.patch [RHEL-21705] - kvm-smbios-in-case-of-entry-point-is-auto-try-to-build-v.patch [RHEL-21705] - kvm-smbios-error-out-when-building-type-4-table-is-not-p.patch [RHEL-21705] - kvm-pc-q35-set-SMBIOS-entry-point-type-to-auto-by-defaul.patch [RHEL-21705] - Resolves: RHEL-19629 (CVE-2023-6683 qemu-kvm: QEMU: VNC: NULL pointer dereference in qemu_clipboard_request() [rhel-9]) - Resolves: RHEL-21705 (pc-q35-rhel9.4.0 does not provide proper computer information) [8.2.0-7] - kvm-qemu_init-increase-NOFILE-soft-limit-on-POSIX.patch [RHEL-26049] - kvm-chardev-char-socket-Fix-TLS-io-channels-sending-too-.patch [RHEL-24614] - Resolves: RHEL-26049 (When max vcpu is greater than or equal to 246, qemu unable to init event notifier) - Resolves: RHEL-24614 ([RHEL9][chardev][s390x] qemu hit core dump while using TLS server from host to guest) [8.2.0-6] - kvm-virtio-scsi-Attach-event-vq-notifier-with-no_poll.patch [RHEL-3934] - kvm-virtio-Re-enable-notifications-after-drain.patch [RHEL-3934] - kvm-virtio-blk-Use-ioeventfd_attach-in-start_ioeventfd.patch [RHEL-3934] - kvm-virtio-blk-avoid-using-ioeventfd-state-in-irqfd-cond.patch [RHEL-15394] - kvm-hw-arm-virt-deprecate-virt-rhel9.-0-2-.0-machine-typ.patch [RHEL-24988] - Resolves: RHEL-3934 ([qemu-kvm] Failed on repeatedly hotplug/unplug disk iothread enabled ) - Resolves: RHEL-15394 (virtio-blk: qemu hang on 'no response on QMP query-status' when write data to disk without enough space) - Resolves: RHEL-24988 (Mark virt-rhel9.{0,2}.0 machine types as deprecated) [8.2.0-5] - kvm-hv-balloon-use-get_min_alignment-to-express-32-GiB-a.patch [RHEL-20341] - kvm-memory-device-reintroduce-memory-region-size-check.patch [RHEL-20341] - kvm-block-backend-Allow-concurrent-context-changes.patch [RHEL-24593] - kvm-scsi-Await-request-purging.patch [RHEL-24593] - kvm-string-output-visitor-show-structs-as-omitted.patch [RHEL-17369 RHEL-20764 RHEL-7356] - kvm-string-output-visitor-Fix-pseudo-struct-handling.patch [RHEL-17369 RHEL-20764 RHEL-7356] - kvm-qdev-properties-alias-all-object-class-properties.patch [RHEL-17369 RHEL-20764 RHEL-7356] - kvm-qdev-add-IOThreadVirtQueueMappingList-property-type.patch [RHEL-17369 RHEL-20764 RHEL-7356] - kvm-virtio-blk-add-iothread-vq-mapping-parameter.patch [RHEL-17369 RHEL-20764 RHEL-7356] - kvm-virtio-blk-Fix-potential-nullpointer-read-access-in-.patch [RHEL-17369 RHEL-20764 RHEL-7356] - kvm-iotests-add-filter_qmp_generated_node_ids.patch [RHEL-17369 RHEL-20764 RHEL-7356] - kvm-iotests-port-141-to-Python-for-reliable-QMP-testing.patch [RHEL-17369 RHEL-20764 RHEL-7356] - kvm-monitor-only-run-coroutine-commands-in-qemu_aio_cont.patch [RHEL-17369 RHEL-20764 RHEL-7356] - kvm-virtio-blk-move-dataplane-code-into-virtio-blk.c.patch [RHEL-17369 RHEL-20764 RHEL-7356] - kvm-virtio-blk-rename-dataplane-create-destroy-functions.patch [RHEL-17369 RHEL-20764 RHEL-7356] - kvm-virtio-blk-rename-dataplane-to-ioeventfd.patch [RHEL-17369 RHEL-20764 RHEL-7356] - kvm-virtio-blk-restart-s-rq-reqs-in-vq-AioContexts.patch [RHEL-17369 RHEL-20764 RHEL-7356] - kvm-virtio-blk-tolerate-failure-to-set-BlockBackend-AioC.patch [RHEL-17369 RHEL-20764 RHEL-7356] - kvm-virtio-blk-always-set-ioeventfd-during-startup.patch [RHEL-17369 RHEL-20764 RHEL-7356] - kvm-tests-unit-Bump-test-replication-timeout-to-60-secon.patch [RHEL-17369 RHEL-20764 RHEL-7356] - kvm-iotests-iothreads-stream-Use-the-right-TimeoutError.patch [RHEL-17369 RHEL-20764 RHEL-7356] - kvm-virtio-mem-default-enable-dynamic-memslots.patch [RHEL-24045] - Resolves: RHEL-20341 (memory-device size alignment check invalid in QEMU 8.2) - Resolves: RHEL-24593 (qemu crash blk_get_aio_context(BlockBackend *): Assertion ctx == blk->ctx' when repeatedly hotplug/unplug disk) - Resolves: RHEL-17369 ([nfv virt][rt][post-copy migration] qemu-kvm: ../block/qcow2.c:5263: ImageInfoSpecific *qcow2_get_specific_info(BlockDriverState *, Error **): Assertion false' failed.) - Resolves: RHEL-20764 ([qemu-kvm] Enable qemu multiqueue block layer support) - Resolves: RHEL-7356 ([qemu-kvm] no response with QMP command device_add when repeatedly hotplug/unplug virtio disks [RHEL-9]) - Resolves: RHEL-24045 (QEMU: default-enable dynamically using multiple memslots for virtio-mem) [8.2.0-4] - kvm-vfio-pci-Clear-MSI-X-IRQ-index-always.patch [RHEL-21293] - Resolves: RHEL-21293 ([emulated igb] Failed to set up TRIGGER eventfd signaling for interrupt INTX-0: VFIO_DEVICE_SET_IRQS failure: Invalid argument) [8.2.0-3] - kvm-hw-arm-virt-Add-properties-to-disable-high-memory-re.patch [RHEL-19738] - kvm-vfio-Introduce-base-object-for-VFIOContainer-and-tar.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Introduce-a-empty-VFIOIOMMUOps.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Switch-to-dma_map-unmap-API.patch [RHEL-19302 RHEL-21057] - kvm-vfio-common-Introduce-vfio_container_init-destroy-he.patch [RHEL-19302 RHEL-21057] - kvm-vfio-common-Move-giommu_list-in-base-container.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Move-space-field-to-base-container.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Switch-to-IOMMU-BE-set_dirty_page_tra.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Move-per-container-device-list-in-bas.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Convert-functions-to-base-container.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Move-pgsizes-and-dma_max_mappings-to-.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Move-vrdl_list-to-base-container.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Move-listener-to-base-container.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Move-dirty_pgsizes-and-max_dirty_bitm.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Move-iova_ranges-to-base-container.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Implement-attach-detach_device.patch [RHEL-19302 RHEL-21057] - kvm-vfio-spapr-Introduce-spapr-backend-and-target-interf.patch [RHEL-19302 RHEL-21057] - kvm-vfio-spapr-switch-to-spapr-IOMMU-BE-add-del_section_.patch [RHEL-19302 RHEL-21057] - kvm-vfio-spapr-Move-prereg_listener-into-spapr-container.patch [RHEL-19302 RHEL-21057] - kvm-vfio-spapr-Move-hostwin_list-into-spapr-container.patch [RHEL-19302 RHEL-21057] - kvm-backends-iommufd-Introduce-the-iommufd-object.patch [RHEL-19302 RHEL-21057] - kvm-util-char_dev-Add-open_cdev.patch [RHEL-19302 RHEL-21057] - kvm-vfio-common-return-early-if-space-isn-t-empty.patch [RHEL-19302 RHEL-21057] - kvm-vfio-iommufd-Implement-the-iommufd-backend.patch [RHEL-19302 RHEL-21057] - kvm-vfio-iommufd-Relax-assert-check-for-iommufd-backend.patch [RHEL-19302 RHEL-21057] - kvm-vfio-iommufd-Add-support-for-iova_ranges-and-pgsizes.patch [RHEL-19302 RHEL-21057] - kvm-vfio-pci-Extract-out-a-helper-vfio_pci_get_pci_hot_r.patch [RHEL-19302 RHEL-21057] - kvm-vfio-pci-Introduce-a-vfio-pci-hot-reset-interface.patch [RHEL-19302 RHEL-21057] - kvm-vfio-iommufd-Enable-pci-hot-reset-through-iommufd-cd.patch [RHEL-19302 RHEL-21057] - kvm-vfio-pci-Allow-the-selection-of-a-given-iommu-backen.patch [RHEL-19302 RHEL-21057] - kvm-vfio-pci-Make-vfio-cdev-pre-openable-by-passing-a-fi.patch [RHEL-19302 RHEL-21057] - kvm-vfio-platform-Allow-the-selection-of-a-given-iommu-b.patch [RHEL-19302 RHEL-21057] - kvm-vfio-platform-Make-vfio-cdev-pre-openable-by-passing.patch [RHEL-19302 RHEL-21057] - kvm-vfio-ap-Allow-the-selection-of-a-given-iommu-backend.patch [RHEL-19302 RHEL-21057] - kvm-vfio-ap-Make-vfio-cdev-pre-openable-by-passing-a-fil.patch [RHEL-19302 RHEL-21057] - kvm-vfio-ccw-Allow-the-selection-of-a-given-iommu-backen.patch [RHEL-19302 RHEL-21057] - kvm-vfio-ccw-Make-vfio-cdev-pre-openable-by-passing-a-fi.patch [RHEL-19302 RHEL-21057] - kvm-vfio-Make-VFIOContainerBase-poiner-parameter-const-i.patch [RHEL-19302 RHEL-21057] - kvm-hw-arm-Activate-IOMMUFD-for-virt-machines.patch [RHEL-19302 RHEL-21057] - kvm-kconfig-Activate-IOMMUFD-for-s390x-machines.patch [RHEL-19302 RHEL-21057] - kvm-hw-i386-Activate-IOMMUFD-for-q35-machines.patch [RHEL-19302 RHEL-21057] - kvm-vfio-pci-Move-VFIODevice-initializations-in-vfio_ins.patch [RHEL-19302 RHEL-21057] - kvm-vfio-platform-Move-VFIODevice-initializations-in-vfi.patch [RHEL-19302 RHEL-21057] - kvm-vfio-ap-Move-VFIODevice-initializations-in-vfio_ap_i.patch [RHEL-19302 RHEL-21057] - kvm-vfio-ccw-Move-VFIODevice-initializations-in-vfio_ccw.patch [RHEL-19302 RHEL-21057] - kvm-vfio-Introduce-a-helper-function-to-initialize-VFIOD.patch [RHEL-19302 RHEL-21057] - kvm-docs-devel-Add-VFIO-iommufd-backend-documentation.patch [RHEL-19302 RHEL-21057] - kvm-hw-ppc-Kconfig-Imply-VFIO_PCI.patch [RHEL-19302 RHEL-21057] - kvm-vfio-spapr-Extend-VFIOIOMMUOps-with-a-release-handle.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Introduce-vfio_legacy_setup-for-furth.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Initialize-VFIOIOMMUOps-under-vfio_in.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Introduce-a-VFIOIOMMU-QOM-interface.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Introduce-a-VFIOIOMMU-legacy-QOM-inte.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Intoduce-a-new-VFIOIOMMUClass-setup-h.patch [RHEL-19302 RHEL-21057] - kvm-vfio-spapr-Introduce-a-sPAPR-VFIOIOMMU-QOM-interface.patch [RHEL-19302 RHEL-21057] - kvm-vfio-iommufd-Introduce-a-VFIOIOMMU-iommufd-QOM-inter.patch [RHEL-19302 RHEL-21057] - kvm-vfio-spapr-Only-compile-sPAPR-IOMMU-support-when-nee.patch [RHEL-19302 RHEL-21057] - kvm-vfio-iommufd-Remove-CONFIG_IOMMUFD-usage.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Replace-basename-with-g_path_get_base.patch [RHEL-19302 RHEL-21057] - kvm-hw-vfio-fix-iteration-over-global-VFIODevice-list.patch [RHEL-19302 RHEL-21057] - kvm-vfio-iommufd-Remove-the-use-of-stat-to-check-file-ex.patch [RHEL-19302 RHEL-21057] - kvm-vfio-container-Rename-vfio_init_container-to-vfio_se.patch [RHEL-19302 RHEL-21057] - kvm-vfio-migration-Add-helper-function-to-set-state-or-r.patch [RHEL-19302 RHEL-21057] - kvm-backends-iommufd-Remove-check-on-number-of-backend-u.patch [RHEL-19302 RHEL-21057] - kvm-backends-iommufd-Remove-mutex.patch [RHEL-19302 RHEL-21057] - kvm-Compile-IOMMUFD-object-on-aarch64.patch [RHEL-19302 RHEL-21057] - kvm-Compile-IOMMUFD-on-s390x.patch [RHEL-19302 RHEL-21057] - kvm-Compile-IOMMUFD-on-x86_64.patch [RHEL-19302 RHEL-21057] - kvm-target-s390x-kvm-pv-Provide-some-more-useful-informa.patch [RHEL-18212] - kvm-nbd-server-avoid-per-NBDRequest-nbd_client_get-put.patch [RHEL-15965] - kvm-nbd-server-only-traverse-NBDExport-clients-from-main.patch [RHEL-15965] - kvm-nbd-server-introduce-NBDClient-lock-to-protect-field.patch [RHEL-15965] - kvm-block-file-posix-set-up-Linux-AIO-and-io_uring-in-th.patch [RHEL-15965] - kvm-virtio-blk-add-lock-to-protect-s-rq.patch [RHEL-15965] - kvm-virtio-blk-don-t-lock-AioContext-in-the-completion-c.patch [RHEL-15965] - kvm-virtio-blk-don-t-lock-AioContext-in-the-submission-c.patch [RHEL-15965] - kvm-scsi-only-access-SCSIDevice-requests-from-one-thread.patch [RHEL-15965] - kvm-virtio-scsi-don-t-lock-AioContext-around-virtio_queu.patch [RHEL-15965] - kvm-scsi-don-t-lock-AioContext-in-I-O-code-path.patch [RHEL-15965] - kvm-dma-helpers-don-t-lock-AioContext-in-dma_blk_cb.patch [RHEL-15965] - kvm-virtio-scsi-replace-AioContext-lock-with-tmf_bh_lock.patch [RHEL-15965] - kvm-scsi-assert-that-callbacks-run-in-the-correct-AioCon.patch [RHEL-15965] - kvm-tests-remove-aio_context_acquire-tests.patch [RHEL-15965] - kvm-aio-make-aio_context_acquire-aio_context_release-a-n.patch [RHEL-15965] - kvm-graph-lock-remove-AioContext-locking.patch [RHEL-15965] - kvm-block-remove-AioContext-locking.patch [RHEL-15965] - kvm-block-remove-bdrv_co_lock.patch [RHEL-15965] - kvm-scsi-remove-AioContext-locking.patch [RHEL-15965] - kvm-aio-wait-draw-equivalence-between-AIO_WAIT_WHILE-and.patch [RHEL-15965] - kvm-aio-remove-aio_context_acquire-aio_context_release-A.patch [RHEL-15965] - kvm-docs-remove-AioContext-lock-from-IOThread-docs.patch [RHEL-15965] - kvm-scsi-remove-outdated-AioContext-lock-comment.patch [RHEL-15965] - kvm-job-remove-outdated-AioContext-locking-comments.patch [RHEL-15965] - kvm-block-remove-outdated-AioContext-locking-comments.patch [RHEL-15965] - kvm-block-coroutine-wrapper-use-qemu_get_current_aio_con.patch [RHEL-15965] - kvm-s390x-pci-avoid-double-enable-disable-of-aif.patch [RHEL-21169] - kvm-s390x-pci-refresh-fh-before-disabling-aif.patch [RHEL-21169] - kvm-s390x-pci-drive-ISM-reset-from-subsystem-reset.patch [RHEL-21169] - kvm-include-ui-rect.h-fix-qemu_rect_init-mis-assignment.patch [RHEL-21570] - kvm-virtio-gpu-block-migration-of-VMs-with-blob-true.patch [RHEL-7565] - kvm-spec-Enable-zstd.patch [RHEL-7361] - Resolves: RHEL-19738 (Enable properties allowing to disable high memory regions) - Resolves: RHEL-19302 (NVIDIA:Grace-Hopper Backport QEMU IOMMUFD Backend) - Resolves: RHEL-21057 (Request backport of 9353b6da430f90e47f352dbf6dc31120c8914da6) - Resolves: RHEL-18212 ([RHEL9][Secure-execution][s390x] The error message is not clear when boot up a SE guest with wrong encryption) - Resolves: RHEL-15965 ( [qemu-kvm] Remove AioContext lock (no response with QMP command block_resize)) - Resolves: RHEL-21169 ([s390x] VM fails to start with ISM passed through QEMU 8.2) - Resolves: RHEL-21570 (Critical performance degradation for input devices in virtio vnc session) - Resolves: RHEL-7565 (qemu crashed when migrate guest with blob resources enabled) - Resolves: RHEL-7361 ([qemu-kvm] Enable zstd support for qcow2 files) [8.2.0-2] - kvm-hw-arm-virt-Fix-compats.patch [RHEL-17168] - Resolves: RHEL-17168 (Introduce virt-rhel9.4.0 arm-virt machine type [aarch64]) [8.2.0-1] - Rebase to QEMU 8.2.0 [RHEL-14111] - Fix machine type compatibility [RHEL-17067 RHEL-17068] - Add 9.4.0 machine type [RHEL-17168 RHEL-19117 RHEL-19119] - Resolves: RHEL-14111 (Rebase qemu-kvm to QEMU 8.2.0) - Resolves: RHEL-17067 (Check/fix machine type compatibility for qemu-kvm 8.2.0 [s390x]) - Resolves: RHEL-17068 (Check/fix machine type compatibility for qemu-kvm 8.2.0 [x86_64]) - Resolves: RHEL-17168 (Introduce virt-rhel9.4.0 arm-virt machine type [aarch64]) - Resolves: RHEL-19117 (Introduce virt-rhel9.4.0 arm-virt machine type [x86_64]) - Resolves: RHEL-19119 (Introduce virt-rhel9.4.0 arm-virt machine type [s390x]) [8.1.0-5] - kvm-Preparation-for-using-allow-rpcs-list-in-guest-agent.patch [RHEL-955] - kvm-Use-allow-rpcs-instead-of-block-rpcs-in-guest-agent..patch [RHEL-955] - Resolves: RHEL-955 (Use allow-rpcs instead of block-rpcs in guest-agent.service) [8.1.0-4] - kvm-hw-scsi-scsi-disk-Disallow-block-sizes-smaller-than-.patch [RHEL-2828] - kvm-Enable-igb-on-x86_64.patch [RHEL-1308] - kvm-host-include-generic-host-atomic128-Fix-compilation-.patch [RHEL-12991] - kvm-Enable-qemu-kvm-device-usb-redirec-for-aarch64.patch [RHEL-7561] - Resolves: RHEL-2828 (CVE-2023-42467 qemu-kvm: qemu: denial of service due to division by zero [rhel-9]) - Resolves: RHEL-1308 ([RFE] iGB: Add an emulated SR-IOV network card) - Resolves: RHEL-12991 (qemu-kvm fails to build on s390x with clang-17) - Resolves: RHEL-7561 (Missing the rpm package qemu-kvm-device-usb-redirect on Arm64 platform) [8.1.0-3] - kvm-migration-Fix-race-that-dest-preempt-thread-close-to.patch [RHEL-11219] - kvm-migration-Fix-possible-race-when-setting-rp_state.er.patch [RHEL-11219] - kvm-migration-Fix-possible-races-when-shutting-down-the-.patch [RHEL-11219] - kvm-migration-Fix-possible-race-when-shutting-down-to_ds.patch [RHEL-11219] - kvm-migration-Remove-redundant-cleanup-of-postcopy_qemuf.patch [RHEL-11219] - kvm-migration-Consolidate-return-path-closing-code.patch [RHEL-11219] - kvm-migration-Replace-the-return-path-retry-logic.patch [RHEL-11219] - kvm-migration-Move-return-path-cleanup-to-main-migration.patch [RHEL-11219] - kvm-file-posix-Clear-bs-bl.zoned-on-error.patch [RHEL-7360] - kvm-file-posix-Check-bs-bl.zoned-for-zone-info.patch [RHEL-7360] - kvm-file-posix-Fix-zone-update-in-I-O-error-path.patch [RHEL-7360] - kvm-file-posix-Simplify-raw_co_prw-s-out-zone-code.patch [RHEL-7360] - kvm-tests-file-io-error-New-test.patch [RHEL-7360] - Resolves: RHEL-11219 (migration tests failing for RHEL 9.4 sometimes) - Resolves: RHEL-7360 (Qemu Core Dumped When Writing Larger Size Than The Size of A Data Disk) [8.1.0-2] - kvm-virtio-Drop-out-of-coroutine-context-in-virtio_load.patch [RHEL-832] - Resolves: RHEL-832 (qemu-kvm crashed when migrating guest with failover vf) [8.1.0-1] - Rebase to QEMU 8.1 [RHEL-870] - Resolves: RHEL-870 (Rebase qemu-kvm to QEMU 8.1.0) [8.0.0-13] - kvm-vdpa-return-errno-in-vhost_vdpa_get_vring_group-erro.patch [RHEL-923] - kvm-vdpa-move-CVQ-isolation-check-to-net_init_vhost_vdpa.patch [RHEL-923] - kvm-vdpa-use-first-queue-SVQ-state-for-CVQ-default.patch [RHEL-923] - kvm-vdpa-export-vhost_vdpa_set_vring_ready.patch [RHEL-923] - kvm-vdpa-rename-vhost_vdpa_net_load-to-vhost_vdpa_net_cv.patch [RHEL-923] - kvm-vdpa-move-vhost_vdpa_set_vring_ready-to-the-caller.patch [RHEL-923] - kvm-vdpa-remove-net-cvq-migration-blocker.patch [RHEL-923] - Resolves: RHEL-923 (vhost shadow virtqueue: state restore through CVQ) [8.0.0-12] - kvm-target-i386-allow-versioned-CPUs-to-specify-new-cach.patch [bz#2094913] - kvm-target-i386-Add-new-EPYC-CPU-versions-with-updated-c.patch [bz#2094913] - kvm-target-i386-Add-a-couple-of-feature-bits-in-8000_000.patch [bz#2094913] - kvm-target-i386-Add-feature-bits-for-CPUID_Fn80000021_EA.patch [bz#2094913] - kvm-target-i386-Add-missing-feature-bits-in-EPYC-Milan-m.patch [bz#2094913] - kvm-target-i386-Add-VNMI-and-automatic-IBRS-feature-bits.patch [bz#2094913] - kvm-target-i386-Add-EPYC-Genoa-model-to-support-Zen-4-pr.patch [bz#2094913] - Resolves: bz#2094913 (Add EPYC-Genoa CPU model in qemu) [8.0.0-11] - kvm-block-blkio-enable-the-completion-eventfd.patch [bz#2225354 bz#2225439] - kvm-block-blkio-do-not-use-open-flags-in-qemu_open.patch [bz#2225354 bz#2225439] - kvm-block-blkio-move-blkio_connect-in-the-drivers-functi.patch [bz#2225354 bz#2225439] - kvm-block-blkio-retry-blkio_connect-if-it-fails-using-fd.patch [bz#2225354 bz#2225439] - kvm-block-blkio-fall-back-on-using-path-when-fd-setting-.patch [bz#2225354 bz#2225439] - kvm-block-blkio-use-blkio_set_int-fd-to-check-fd-support.patch [bz#2225354 bz#2225439] - kvm-hw-virtio-iommu-Fix-potential-OOB-access-in-virtio_i.patch [bz#2229133] - kvm-virtio-iommu-Standardize-granule-extraction-and-form.patch [bz#2229133] - kvm-hw-arm-smmu-Handle-big-endian-hosts-correctly.patch [bz#2229133] - kvm-qapi-i386-sev-Change-the-reduced-phys-bits-value-fro.patch [bz#2214839] - kvm-qemu-options.hx-Update-the-reduced-phys-bits-documen.patch [bz#2214839] - kvm-i386-sev-Update-checks-and-information-related-to-re.patch [bz#2214839] - kvm-i386-cpu-Update-how-the-EBX-register-of-CPUID-0x8000.patch [bz#2214839] - kvm-Provide-elf2dmp-binary-in-qemu-tools.patch [bz#2165917] - Resolves: bz#2225354 ([vdpa-blk] The new driver virtio-blk-vhost-user not work in VM booting) - Resolves: bz#2225439 ([vdpa-blk] read-only=on option not work on driver virtio-blk-vhost-vdpa) - Resolves: bz#2229133 (Backport some virtio-iommu and smmu fixes) - Resolves: bz#2214839 ([AMDSERVER 9.3 Bug] Qemu SEV reduced-phys-bits fixes) - Resolves: bz#2165917 (qemu-kvm: contrib/elf2dmp: Windows Server 2022 support) [8.0.0-10] - kvm-util-iov-Make-qiov_slice-public.patch [bz#2174676] - kvm-block-Collapse-padded-I-O-vecs-exceeding-IOV_MAX.patch [bz#2174676] - kvm-util-iov-Remove-qemu_iovec_init_extended.patch [bz#2174676] - kvm-iotests-iov-padding-New-test.patch [bz#2174676] - kvm-block-Fix-pad_request-s-request-restriction.patch [bz#2174676] - kvm-vdpa-do-not-block-migration-if-device-has-cvq-and-x-.patch [RHEL-573] - kvm-virtio-net-correctly-report-maximum-tx_queue_size-va.patch [bz#2040509] - kvm-hw-pci-Disable-PCI_ERR_UNCOR_MASK-reg-for-machine-ty.patch [bz#2223691] - kvm-vhost-vdpa-mute-unaligned-memory-error-report.patch [bz#2141965] - Resolves: bz#2174676 (Guest hit EXT4-fs error on host 4K disk when repeatedly hot-plug/unplug running IO disk [RHEL9]) - Resolves: RHEL-573 ([mlx vhost_vdpa][rhel 9.3]live migration fail with 'net vdpa cannot migrate with CVQ feature') - Resolves: bz#2040509 ([RFE]:Add support for changing 'tx_queue_size' to a setable value) - Resolves: bz#2223691 ([machine type 9.2]Failed to migrate VM from RHEL 9.3 to RHEL 9.2) - Resolves: bz#2141965 ([TPM][vhost-vdpa][rhel9.2]Boot a guest with 'vhost-vdpa + TPM emulator', qemu output: qemu-kvm: vhost_vdpa_listener_region_add received unaligned region) [8.0.0-9] - kvm-scsi-fetch-unit-attention-when-creating-the-request.patch [bz#2176702] - kvm-scsi-cleanup-scsi_clear_unit_attention.patch [bz#2176702] - kvm-scsi-clear-unit-attention-only-for-REPORT-LUNS-comma.patch [bz#2176702] - kvm-s390x-ap-Wire-up-the-device-request-notifier-interfa.patch [RHEL-794] - kvm-multifd-Create-property-multifd-flush-after-each-sec.patch [bz#2196295] - kvm-multifd-Protect-multifd_send_sync_main-calls.patch [bz#2196295] - kvm-multifd-Only-flush-once-each-full-round-of-memory.patch [bz#2196295] - kvm-net-socket-prepare-to-cleanup-net_init_socket.patch [RHEL-582] - kvm-net-socket-move-fd-type-checking-to-its-own-function.patch [RHEL-582] - kvm-net-socket-remove-net_init_socket.patch [RHEL-582] - kvm-pcie-Add-hotplug-detect-state-register-to-cmask.patch [bz#2215819] - kvm-spec-Build-DBUS-display.patch [bz#2207940] - Resolves: bz#2176702 ([RHEL9][virtio-scsi] scsi-hd cannot hot-plug successfully after hot-plug it repeatly) - Resolves: RHEL-794 (Backport s390x fixes from QEMU 8.1) - Resolves: bz#2196295 (Multifd flushes its channels 10 times per second) - Resolves: RHEL-582 ([passt][rhel 9.3] qemu core dump occurs when guest is shutdown after hotunplug/hotplug a passt interface) - Resolves: bz#2215819 (Migration test failed while guest with PCIe devices) - Resolves: bz#2207940 ([RFE] Enable qemu-ui-dbus subpackage) [8.0.0-8] - kvm-virtio-iommu-Fix-64kB-host-page-size-VFIO-device-ass.patch [bz#2211609 bz#2211634] - kvm-virtio-iommu-Rework-the-traces-in-virtio_iommu_set_p.patch [bz#2211609 bz#2211634] - kvm-vfio-pci-add-support-for-VF-token.patch [bz#2192818] - kvm-vfio-migration-Skip-log_sync-during-migration-SETUP-.patch [bz#2192818] - kvm-vfio-pci-Static-Resizable-BAR-capability.patch [bz#2192818] - kvm-vfio-pci-Fix-a-use-after-free-issue.patch [bz#2192818] - kvm-util-vfio-helpers-Use-g_file_read_link.patch [bz#2192818] - kvm-migration-Make-all-functions-check-have-the-same-for.patch [bz#2192818] - kvm-migration-Move-migration_properties-to-options.c.patch [bz#2192818] - kvm-migration-Add-switchover-ack-capability.patch [bz#2192818] - kvm-migration-Implement-switchover-ack-logic.patch [bz#2192818] - kvm-migration-Enable-switchover-ack-capability.patch [bz#2192818] - kvm-vfio-migration-Refactor-vfio_save_block-to-return-sa.patch [bz#2192818] - kvm-vfio-migration-Store-VFIO-migration-flags-in-VFIOMig.patch [bz#2192818] - kvm-vfio-migration-Add-VFIO-migration-pre-copy-support.patch [bz#2192818] - kvm-vfio-migration-Add-support-for-switchover-ack-capabi.patch [bz#2192818] - kvm-vfio-Implement-a-common-device-info-helper.patch [bz#2192818] - kvm-hw-vfio-pci-quirks-Support-alternate-offset-for-GPUD.patch [bz#2192818] - kvm-vfio-pci-Call-vfio_prepare_kvm_msi_virq_batch-in-MSI.patch [bz#2192818] - kvm-vfio-migration-Reset-bytes_transferred-properly.patch [bz#2192818] - kvm-vfio-migration-Make-VFIO-migration-non-experimental.patch [bz#2192818] - kvm-vfio-pci-Fix-a-segfault-in-vfio_realize.patch [bz#2192818] - kvm-vfio-pci-Free-leaked-timer-in-vfio_realize-error-pat.patch [bz#2192818] - kvm-hw-vfio-pci-quirks-Sanitize-capability-pointer.patch [bz#2192818] - kvm-vfio-pci-Disable-INTx-in-vfio_realize-error-path.patch [bz#2192818] - kvm-vfio-migration-Change-vIOMMU-blocker-from-global-to-.patch [bz#2192818] - kvm-vfio-migration-Free-resources-when-vfio_migration_re.patch [bz#2192818] - kvm-vfio-migration-Remove-print-of-Migration-disabled.patch [bz#2192818] - kvm-vfio-migration-Return-bool-type-for-vfio_migration_r.patch [bz#2192818] - kvm-vfio-Fix-null-pointer-dereference-bug-in-vfio_bars_f.patch [bz#2192818] - kvm-pc-bios-s390-ccw-Makefile-Use-z-noexecstack-to-silen.patch [bz#2220866] - kvm-pc-bios-s390-ccw-Fix-indentation-in-start.S.patch [bz#2220866] - kvm-pc-bios-s390-ccw-Provide-space-for-initial-stack-fra.patch [bz#2220866] - kvm-pc-bios-s390-ccw-Don-t-use-__bss_start-with-the-larl.patch [bz#2220866] - kvm-ui-Fix-pixel-colour-channel-order-for-PNG-screenshot.patch [bz#2222579] - kvm-block-blkio-fix-module_block.py-parsing.patch [bz#2213317] - kvm-Fix-virtio-blk-vhost-vdpa-typo-in-spec-file.patch [bz#2213317] - Resolves: bz#2211609 (With virtio-iommu and vfio-pci, qemu reports 'warning: virtio-iommu page mask 0xfffffffffffff000 does not match 0x40201000') - Resolves: bz#2211634 ([aarch64] With virtio-iommu and vfio-pci, qemu coredump when host using kernel-64k package) - Resolves: bz#2192818 ([VFIO LM] Live migration) - Resolves: bz#2220866 (Misaligned symbol for s390-ccw image during qemu-kvm build) - Resolves: bz#2222579 (PNG screendump doesn't save screen correctly) - Resolves: bz#2213317 (Enable libblkio-based block drivers in QEMU) [8.0.0-7] - kvm-numa-Validate-cluster-and-NUMA-node-boundary-if-requ.patch [bz#2171363] - kvm-hw-arm-Validate-cluster-and-NUMA-node-boundary.patch [bz#2171363] - kvm-hw-arm-virt-Validate-cluster-and-NUMA-node-boundary-.patch [bz#2171363] - kvm-vhost-fix-vhost_dev_enable_notifiers-error-case.patch [RHEL-330] - kvm-kvm-reuse-per-vcpu-stats-fd-to-avoid-vcpu-interrupti.patch [bz#2218644] - kvm-vhost-vdpa-do-not-cleanup-the-vdpa-vhost-net-structu.patch [bz#2128929] - Resolves: bz#2171363 ([aarch64] Kernel hits Call trace with irregular CPU-to-NUMA association) - Resolves: RHEL-330 ([virtual network][qemu-kvm-8.0.0-rc1]qemu core dump: qemu-kvm: ../softmmu/memory.c:2592: void memory_region_del_eventfd(MemoryRegion *, hwaddr, unsigned int, _Bool, uint64_t, EventNotifier *): Assertion i != mr->ioeventfd_nb' failed) - Resolves: bz#2218644 (query-stats QMP command interrupts vcpus, the Max Latencies could be more than 100us (rhel 9.3.0 clone)) - Resolves: bz#2128929 ([rhel9.2] hotplug/hotunplug mlx vdpa device to the occupied addr port, then qemu core dump occurs after shutdown guest) [8.0.0-6] - kvm-target-i386-add-support-for-FLUSH_L1D-feature.patch [bz#2216201] - kvm-target-i386-add-support-for-FB_CLEAR-feature.patch [bz#2216201] - kvm-block-blkio-use-qemu_open-to-support-fd-passing-for-.patch [bz#2180076] - kvm-qapi-add-fdset-feature-for-BlockdevOptionsVirtioBlkV.patch [bz#2180076] - kvm-Enable-libblkio-block-drivers.patch [bz#2213317] - Resolves: bz#2216201 ([qemu-kvm]VM reports vulnerabilty to mmio_stale_data on patched host with microcode) - Resolves: bz#2180076 ([qemu-kvm] support fd passing for libblkio QEMU BlockDrivers) - Resolves: bz#2213317 (Enable libblkio-based block drivers in QEMU) [8.0.0-5] - kvm-block-compile-out-assert_bdrv_graph_readable-by-defa.patch [bz#2186725] - kvm-graph-lock-Disable-locking-for-now.patch [bz#2186725] - kvm-nbd-server-Fix-drained_poll-to-wake-coroutine-in-rig.patch [bz#2186725] - kvm-iotests-Test-commit-with-iothreads-and-ongoing-I-O.patch [bz#2186725] - kvm-memory-prevent-dma-reentracy-issues.patch [RHEL-516] - kvm-async-Add-an-optional-reentrancy-guard-to-the-BH-API.patch [RHEL-516] - kvm-checkpatch-add-qemu_bh_new-aio_bh_new-checks.patch [RHEL-516] - kvm-hw-replace-most-qemu_bh_new-calls-with-qemu_bh_new_g.patch [RHEL-516] - kvm-lsi53c895a-disable-reentrancy-detection-for-script-R.patch [RHEL-516] - kvm-bcm2835_property-disable-reentrancy-detection-for-io.patch [RHEL-516] - kvm-raven-disable-reentrancy-detection-for-iomem.patch [RHEL-516] - kvm-apic-disable-reentrancy-detection-for-apic-msi.patch [RHEL-516] - kvm-async-avoid-use-after-free-on-re-entrancy-guard.patch [RHEL-516] - kvm-loongarch-mark-loongarch_ipi_iocsr-re-entrnacy-safe.patch [RHEL-516] - kvm-memory-stricter-checks-prior-to-unsetting-engaged_in.patch [RHEL-516] - kvm-lsi53c895a-disable-reentrancy-detection-for-MMIO-reg.patch [RHEL-516] - kvm-hw-scsi-lsi53c895a-Fix-reentrancy-issues-in-the-LSI-.patch [RHEL-516] - kvm-hw-pci-Disable-PCI_ERR_UNCOR_MASK-register-for-machi.patch [bz#2189423] - kvm-multifd-Fix-the-number-of-channels-ready.patch [bz#2196289] - kvm-util-async-teardown-wire-up-query-command-line-optio.patch [bz#2168500] - kvm-s390x-pv-Fix-spurious-warning-with-asynchronous-tear.patch [bz#2168500] - Resolves: bz#2186725 (Qemu hang when commit during fio running(iothread enable)) - Resolves: RHEL-516 (CVE-2023-2680 qemu-kvm: QEMU: hcd-ehci: DMA reentrancy issue (incomplete fix for CVE-2021-3750) [rhel-9]) - Resolves: bz#2189423 (Failed to migrate VM from rhel 9.3 to rhel 9.2) - Resolves: bz#2196289 (Fix number of ready channels on multifd) - Resolves: bz#2168500 ([IBM 9.3 FEAT] KVM: Improve memory reclaiming for z15 Secure Execution guests - qemu part) [8.0.0-4] - kvm-migration-Attempt-disk-reactivation-in-more-failure-.patch [bz#2058982] - kvm-util-mmap-alloc-qemu_fd_getfs.patch [bz#2057267] - kvm-vl.c-Create-late-backends-before-migration-object.patch [bz#2057267] - kvm-migration-postcopy-Detect-file-system-on-dest-host.patch [bz#2057267] - kvm-migration-mark-mixed-functions-that-can-suspend.patch [bz#2057267] - kvm-postcopy-ram-do-not-use-qatomic_mb_read.patch [bz#2057267] - kvm-migration-remove-extra-whitespace-character-for-code.patch [bz#2057267] - kvm-migration-Merge-ram_counters-and-ram_atomic_counters.patch [bz#2057267] - kvm-migration-Update-atomic-stats-out-of-the-mutex.patch [bz#2057267] - kvm-migration-Make-multifd_bytes-atomic.patch [bz#2057267] - kvm-migration-Make-dirty_sync_missed_zero_copy-atomic.patch [bz#2057267] - kvm-migration-Make-precopy_bytes-atomic.patch [bz#2057267] - kvm-migration-Make-downtime_bytes-atomic.patch [bz#2057267] - kvm-migration-Make-dirty_sync_count-atomic.patch [bz#2057267] - kvm-migration-Make-postcopy_requests-atomic.patch [bz#2057267] - kvm-migration-Rename-duplicate-to-zero_pages.patch [bz#2057267] - kvm-migration-Rename-normal-to-normal_pages.patch [bz#2057267] - kvm-migration-rename-enabled_capabilities-to-capabilitie.patch [bz#2057267] - kvm-migration-Pass-migrate_caps_check-the-old-and-new-ca.patch [bz#2057267] - kvm-migration-move-migration_global_dump-to-migration-hm.patch [bz#2057267] - kvm-spice-move-client_migrate_info-command-to-ui.patch [bz#2057267] - kvm-migration-Create-migrate_cap_set.patch [bz#2057267] - kvm-migration-Create-options.c.patch [bz#2057267] - kvm-migration-Move-migrate_colo_enabled-to-options.c.patch [bz#2057267] - kvm-migration-Move-migrate_use_compression-to-options.c.patch [bz#2057267] - kvm-migration-Move-migrate_use_events-to-options.c.patch [bz#2057267] - kvm-migration-Move-migrate_use_multifd-to-options.c.patch [bz#2057267] - kvm-migration-Move-migrate_use_zero_copy_send-to-options.patch [bz#2057267] - kvm-migration-Move-migrate_use_xbzrle-to-options.c.patch [bz#2057267] - kvm-migration-Move-migrate_use_block-to-options.c.patch [bz#2057267] - kvm-migration-Move-migrate_use_return-to-options.c.patch [bz#2057267] - kvm-migration-Create-migrate_rdma_pin_all-function.patch [bz#2057267] - kvm-migration-Move-migrate_caps_check-to-options.c.patch [bz#2057267] - kvm-migration-Move-qmp_query_migrate_capabilities-to-opt.patch [bz#2057267] - kvm-migration-Move-qmp_migrate_set_capabilities-to-optio.patch [bz#2057267] - kvm-migration-Move-migrate_cap_set-to-options.c.patch [bz#2057267] - kvm-migration-Move-parameters-functions-to-option.c.patch [bz#2057267] - kvm-migration-Use-migrate_max_postcopy_bandwidth.patch [bz#2057267] - kvm-migration-Move-migrate_use_block_incremental-to-opti.patch [bz#2057267] - kvm-migration-Create-migrate_throttle_trigger_threshold.patch [bz#2057267] - kvm-migration-Create-migrate_checkpoint_delay.patch [bz#2057267] - kvm-migration-Create-migrate_max_cpu_throttle.patch [bz#2057267] - kvm-migration-Move-migrate_announce_params-to-option.c.patch [bz#2057267] - kvm-migration-Create-migrate_cpu_throttle_initial-to-opt.patch [bz#2057267] - kvm-migration-Create-migrate_cpu_throttle_increment-func.patch [bz#2057267] - kvm-migration-Create-migrate_cpu_throttle_tailslow-funct.patch [bz#2057267] - kvm-migration-Move-migrate_postcopy-to-options.c.patch [bz#2057267] - kvm-migration-Create-migrate_max_bandwidth-function.patch [bz#2057267] - kvm-migration-Move-migrate_use_tls-to-options.c.patch [bz#2057267] - kvm-migration-Move-qmp_migrate_set_parameters-to-options.patch [bz#2057267] - kvm-migration-Allow-postcopy_ram_supported_by_host-to-re.patch [bz#2057267] - kvm-block-bdrv-blk_co_unref-for-calls-in-coroutine-conte.patch [bz#2185688] - kvm-block-Don-t-call-no_coroutine_fns-in-qmp_block_resiz.patch [bz#2185688] - kvm-iotests-Use-alternative-CPU-type-that-is-not-depreca.patch [bz#2185688] - kvm-iotests-Test-resizing-image-attached-to-an-iothread.patch [bz#2185688] - kvm-Enable-Linux-io_uring.patch [bz#1947230] - Resolves: bz#2058982 (Qemu core dump if cut off nfs storage during migration) - Resolves: bz#2057267 (Migration with postcopy fail when vm set with shared memory) - Resolves: bz#2185688 ([qemu-kvm] no response with QMP command block_resize) - Resolves: bz#1947230 (Enable QEMU support for io_uring in RHEL9) [8.0.0-3] - kvm-migration-Handle-block-device-inactivation-failures-.patch [bz#2058982] - kvm-migration-Minor-control-flow-simplification.patch [bz#2058982] - Resolves: bz#2058982 (Qemu core dump if cut off nfs storage during migration) [8.0.0-2] - kvm-acpi-pcihp-allow-repeating-hot-unplug-requests.patch [bz#2087047] - kvm-hw-acpi-limit-warning-on-acpi-table-size-to-pc-machi.patch [bz#1934134] - kvm-hw-acpi-Mark-acpi-blobs-as-resizable-on-RHEL-pc-mach.patch [bz#1934134] - Resolves: bz#2087047 (Disk detach is unsuccessful while the guest is still booting) - Resolves: bz#1934134 (ACPI table limits warning when booting guest with 512 VCPUs) [8.0.0-1] - Rebase to QEMU 8.0.0 - Resolves: bz#2180898 (Rebase to QEMU 8.0.0 for RHEL 9.3.0) [7.2.0-14] - Rebuild for 9.2 release - Resolves: bz#2173590 (bugs in emulation of BMI instructions (for libguestfs without KVM)) - Resolves: bz#2156876 ([virtual network][rhel7.9_guest] qemu-kvm: vhost vring error in virtqueue 1: Invalid argument (22)) [7.2.0-13] - kvm-target-i386-fix-operand-size-of-unary-SSE-operations.patch [bz#2173590] - kvm-tests-tcg-i386-Introduce-and-use-reg_t-consistently.patch [bz#2173590] - kvm-target-i386-Fix-BEXTR-instruction.patch [bz#2173590] - kvm-target-i386-Fix-C-flag-for-BLSI-BLSMSK-BLSR.patch [bz#2173590] - kvm-target-i386-fix-ADOX-followed-by-ADCX.patch [bz#2173590] - kvm-target-i386-Fix-32-bit-AD-CO-X-insns-in-64-bit-mode.patch [bz#2173590] - kvm-target-i386-Fix-BZHI-instruction.patch [bz#2173590] - kvm-intel-iommu-fail-DEVIOTLB_UNMAP-without-dt-mode.patch [bz#2156876] - Resolves: bz#2173590 (bugs in emulation of BMI instructions (for libguestfs without KVM)) - Resolves: bz#2156876 ([virtual network][rhel7.9_guest] qemu-kvm: vhost vring error in virtqueue 1: Invalid argument (22)) [7.2.0-12] - kvm-scsi-protect-req-aiocb-with-AioContext-lock.patch [bz#2155748] - kvm-dma-helpers-prevent-dma_blk_cb-vs-dma_aio_cancel-rac.patch [bz#2155748] - kvm-virtio-scsi-reset-SCSI-devices-from-main-loop-thread.patch [bz#2155748] - kvm-qatomic-add-smp_mb__before-after_rmw.patch [bz#2175660] - kvm-qemu-thread-posix-cleanup-fix-document-QemuEvent.patch [bz#2175660] - kvm-qemu-thread-win32-cleanup-fix-document-QemuEvent.patch [bz#2175660] - kvm-edu-add-smp_mb__after_rmw.patch [bz#2175660] - kvm-aio-wait-switch-to-smp_mb__after_rmw.patch [bz#2175660] - kvm-qemu-coroutine-lock-add-smp_mb__after_rmw.patch [bz#2175660] - kvm-physmem-add-missing-memory-barrier.patch [bz#2175660] - kvm-async-update-documentation-of-the-memory-barriers.patch [bz#2175660] - kvm-async-clarify-usage-of-barriers-in-the-polling-case.patch [bz#2175660] - Resolves: bz#2155748 (qemu crash on void blk_drain(BlockBackend *): Assertion qemu_in_main_thread() failed) - Resolves: bz#2175660 (Guest hangs when starting or rebooting) [7.2.0-11] - kvm-hw-smbios-fix-field-corruption-in-type-4-table.patch [bz#2169904] - Resolves: bz#2169904 ([SVVP] job 'Check SMBIOS Table Specific Requirements' failed on win2022) [7.2.0-10] - kvm-block-temporarily-hold-the-new-AioContext-of-bs_top-.patch [bz#2168209] - Resolves: bz#2168209 (Qemu coredump after do snapshot of mirrored top image and its converted base image(iothread enabled)) [7.2.0-9] - kvm-tests-qtest-netdev-test-stream-and-dgram-backends.patch [bz#2169232] - kvm-net-stream-add-a-new-option-to-automatically-reconne.patch [bz#2169232] - kvm-linux-headers-Update-to-v6.1.patch [bz#2158704] - kvm-util-userfaultfd-Add-uffd_open.patch [bz#2158704] - kvm-util-userfaultfd-Support-dev-userfaultfd.patch [bz#2158704] - kvm-io-Add-support-for-MSG_PEEK-for-socket-channel.patch [bz#2169732] - kvm-migration-check-magic-value-for-deciding-the-mapping.patch [bz#2169732] - kvm-target-s390x-arch_dump-Fix-memory-corruption-in-s390.patch [bz#2168172] - Resolves: bz#2169232 (RFE: reconnect option for stream socket back-end) - Resolves: bz#2158704 (RFE: Prefer /dev/userfaultfd over userfaultfd(2) syscall) - Resolves: bz#2169732 (Multifd migration fails under a weak network/socket ordering race) - Resolves: bz#2168172 ([s390x] qemu-kvm coredumps when SE crashes) [7.2.0-8] - kvm-qcow2-Fix-theoretical-corruption-in-store_bitmap-err.patch [bz#2150180] - kvm-qemu-img-commit-Report-errors-while-closing-the-imag.patch [bz#2150180] - kvm-qemu-img-bitmap-Report-errors-while-closing-the-imag.patch [bz#2150180] - kvm-qemu-iotests-Test-qemu-img-bitmap-commit-exit-code-o.patch [bz#2150180] - kvm-accel-tcg-Test-CPUJumpCache-in-tb_jmp_cache_clear_pa.patch [bz#2165280] - kvm-block-Improve-empty-format-specific-info-dump.patch [bz#1860292] - kvm-block-file-Add-file-specific-image-info.patch [bz#1860292] - kvm-block-vmdk-Change-extent-info-type.patch [bz#1860292] - kvm-block-Split-BlockNodeInfo-off-of-ImageInfo.patch [bz#1860292] - kvm-qemu-img-Use-BlockNodeInfo.patch [bz#1860292] - kvm-block-qapi-Let-bdrv_query_image_info-recurse.patch [bz#1860292] - kvm-block-qapi-Introduce-BlockGraphInfo.patch [bz#1860292] - kvm-block-qapi-Add-indentation-to-bdrv_node_info_dump.patch [bz#1860292] - kvm-iotests-Filter-child-node-information.patch [bz#1860292] - kvm-iotests-106-214-308-Read-only-one-size-line.patch [bz#1860292] - kvm-qemu-img-Let-info-print-block-graph.patch [bz#1860292] - kvm-qemu-img-Change-info-key-names-for-protocol-nodes.patch [bz#1860292] - kvm-Revert-vhost-user-Monitor-slave-channel-in-vhost_use.patch [bz#2155173] - kvm-Revert-vhost-user-Introduce-nested-event-loop-in-vho.patch [bz#2155173] - kvm-virtio-rng-pci-fix-transitional-migration-compat-for.patch [bz#2162569] - Resolves: bz#2150180 (qemu-img finishes successfully while having errors in commit or bitmaps operations) - Resolves: bz#2165280 ([kvm-unit-tests] debug-wp-migration fails) - Resolves: bz#1860292 (RFE: add extent_size_hint information to qemu-img info) - Resolves: bz#2155173 ([vhost-user] unable to start vhost net: 71: falling back on userspace) - Resolves: bz#2162569 ([transitional device][virtio-rng-pci-transitional]Stable Guest ABI failed between RHEL 8.6 to RHEL 9.2) [7.2.0-7] - kvm-vdpa-use-v-shadow_vqs_enabled-in-vhost_vdpa_svqs_sta.patch [bz#2104412] - kvm-vhost-set-SVQ-device-call-handler-at-SVQ-start.patch [bz#2104412] - kvm-vhost-allocate-SVQ-device-file-descriptors-at-device.patch [bz#2104412] - kvm-vhost-move-iova_tree-set-to-vhost_svq_start.patch [bz#2104412] - kvm-vdpa-add-vhost_vdpa_net_valid_svq_features.patch [bz#2104412] - kvm-vdpa-request-iova_range-only-once.patch [bz#2104412] - kvm-vdpa-move-SVQ-vring-features-check-to-net.patch [bz#2104412] - kvm-vdpa-allocate-SVQ-array-unconditionally.patch [bz#2104412] - kvm-vdpa-add-asid-parameter-to-vhost_vdpa_dma_map-unmap.patch [bz#2104412] - kvm-vdpa-store-x-svq-parameter-in-VhostVDPAState.patch [bz#2104412] - kvm-vdpa-add-shadow_data-to-vhost_vdpa.patch [bz#2104412] - kvm-vdpa-always-start-CVQ-in-SVQ-mode-if-possible.patch [bz#2104412] - kvm-vdpa-fix-VHOST_BACKEND_F_IOTLB_ASID-flag-check.patch [bz#2104412] - kvm-spec-Disable-VDUSE.patch [bz#2128222] - Resolves: bz#2104412 (vDPA ASID support in Qemu) - Resolves: bz#2128222 (VDUSE block export should be disabled in builds for now) [7.2.0-6] - kvm-virtio_net-Modify-virtio_net_get_config-to-early-ret.patch [bz#2141088] - kvm-virtio_net-copy-VIRTIO_NET_S_ANNOUNCE-if-device-mode.patch [bz#2141088] - kvm-vdpa-handle-VIRTIO_NET_CTRL_ANNOUNCE-in-vhost_vdpa_n.patch [bz#2141088] - kvm-vdpa-do-not-handle-VIRTIO_NET_F_GUEST_ANNOUNCE-in-vh.patch [bz#2141088] - kvm-s390x-pv-Implement-a-CGS-check-helper.patch [bz#2122523] - kvm-s390x-pci-coalesce-unmap-operations.patch [bz#2163701] - kvm-s390x-pci-shrink-DMA-aperture-to-be-bound-by-vfio-DM.patch [bz#2163701] - kvm-s390x-pci-reset-ISM-passthrough-devices-on-shutdown-.patch [bz#2163701] - kvm-qga-linux-add-usb-support-to-guest-get-fsinfo.patch [bz#2149191] - Resolves: bz#2141088 (vDPA SVQ guest announce support) - Resolves: bz#2122523 (Secure guest can't boot with maximal number of vcpus (248)) - Resolves: bz#2163701 ([s390x] VM fails to start with ISM passed through) - Resolves: bz#2149191 ([RFE][guest-agent] - USB bus type support) [7.2.0-5] - kvm-virtio-introduce-macro-VIRTIO_CONFIG_IRQ_IDX.patch [bz#1905805] - kvm-virtio-pci-decouple-notifier-from-interrupt-process.patch [bz#1905805] - kvm-virtio-pci-decouple-the-single-vector-from-the-inter.patch [bz#1905805] - kvm-vhost-introduce-new-VhostOps-vhost_set_config_call.patch [bz#1905805] - kvm-vhost-vdpa-add-support-for-config-interrupt.patch [bz#1905805] - kvm-virtio-add-support-for-configure-interrupt.patch [bz#1905805] - kvm-vhost-add-support-for-configure-interrupt.patch [bz#1905805] - kvm-virtio-net-add-support-for-configure-interrupt.patch [bz#1905805] - kvm-virtio-mmio-add-support-for-configure-interrupt.patch [bz#1905805] - kvm-virtio-pci-add-support-for-configure-interrupt.patch [bz#1905805] - kvm-s390x-s390-virtio-ccw-Activate-zPCI-features-on-s390.patch [bz#2159408] - kvm-vhost-fix-vq-dirty-bitmap-syncing-when-vIOMMU-is-ena.patch [bz#2124856] - kvm-block-drop-bdrv_remove_filter_or_cow_child.patch [bz#2155112] - kvm-qed-Don-t-yield-in-bdrv_qed_co_drain_begin.patch [bz#2155112] - kvm-test-bdrv-drain-Don-t-yield-in-.bdrv_co_drained_begi.patch [bz#2155112] - kvm-block-Revert-.bdrv_drained_begin-end-to-non-coroutin.patch [bz#2155112] - kvm-block-Remove-drained_end_counter.patch [bz#2155112] - kvm-block-Inline-bdrv_drain_invoke.patch [bz#2155112] - kvm-block-Fix-locking-for-bdrv_reopen_queue_child.patch [bz#2155112] - kvm-block-Drain-individual-nodes-during-reopen.patch [bz#2155112] - kvm-block-Don-t-use-subtree-drains-in-bdrv_drop_intermed.patch [bz#2155112] - kvm-stream-Replace-subtree-drain-with-a-single-node-drai.patch [bz#2155112] - kvm-block-Remove-subtree-drains.patch [bz#2155112] - kvm-block-Call-drain-callbacks-only-once.patch [bz#2155112] - kvm-block-Remove-ignore_bds_parents-parameter-from-drain.patch [bz#2155112] - kvm-block-Drop-out-of-coroutine-in-bdrv_do_drained_begin.patch [bz#2155112] - kvm-block-Don-t-poll-in-bdrv_replace_child_noperm.patch [bz#2155112] - kvm-block-Remove-poll-parameter-from-bdrv_parent_drained.patch [bz#2155112] - kvm-accel-introduce-accelerator-blocker-API.patch [bz#1979276] - kvm-KVM-keep-track-of-running-ioctls.patch [bz#1979276] - kvm-kvm-Atomic-memslot-updates.patch [bz#1979276] - Resolves: bz#1905805 (support config interrupt in vhost-vdpa qemu) - Resolves: bz#2159408 ([s390x] VMs with ISM passthrough don't autostart after leapp upgrade from RHEL 8) - Resolves: bz#2124856 (VM with virtio interface and iommu=on will crash when try to migrate) - Resolves: bz#2155112 (Qemu coredump after do snapshot of mirrored top image and its converted base image(iothread enabled)) - Resolves: bz#1979276 (SVM: non atomic memslot updates cause boot failure with seabios and cpu-pm=on) [7.2.0-4] - kvm-virtio-rng-pci-fix-migration-compat-for-vectors.patch [bz#2155749] - kvm-Update-QGA-service-for-new-command-line.patch [bz#2156515] - Resolves: bz#2155749 ([regression][stable guest abi][qemu-kvm7.2]Migration failed due to virtio-rng device between RHEL8.8 and RHEL9.2/MSI-X) - Resolves: bz#2156515 ([guest-agent] Replace '-blacklist' to '-block-rpcs' in qemu-ga config file) [7.2.0-3] - kvm-hw-arm-virt-Introduce-virt_set_high_memmap-helper.patch [bz#2113840] - kvm-hw-arm-virt-Rename-variable-size-to-region_size-in-v.patch [bz#2113840] - kvm-hw-arm-virt-Introduce-variable-region_base-in-virt_s.patch [bz#2113840] - kvm-hw-arm-virt-Introduce-virt_get_high_memmap_enabled-h.patch [bz#2113840] - kvm-hw-arm-virt-Improve-high-memory-region-address-assig.patch [bz#2113840] - kvm-hw-arm-virt-Add-compact-highmem-property.patch [bz#2113840] - kvm-hw-arm-virt-Add-properties-to-disable-high-memory-re.patch [bz#2113840] - kvm-hw-arm-virt-Enable-compat-high-memory-region-address.patch [bz#2113840] - Resolves: bz#2113840 ([RHEL9.2] Memory mapping optimization for virt machine) [7.2.0-2] - Fix updating from 7.1.0 - kvm-redhat-fix-virt-rhel9.2.0-compat-props.patch[bz#2154640] - Resolves: bz#2154640 ([aarch64] qemu fails to load 'efi-virtio.rom' romfile when creating virtio-net-pci) [7.2.0-1] - Rebase to QEMU 7.2.0 [bz#2135806] - Resolves: bz#2135806 (Rebase to QEMU 7.2 for RHEL 9.2.0) [7.1.0-7] - kvm-hw-acpi-erst.c-Fix-memory-handling-issues.patch [bz#2149108] - Resolves: bz#2149108 (CVE-2022-4172 qemu-kvm: QEMU: ACPI ERST: memory corruption issues in read_erst_record and write_erst_record [rhel-9]) [7.1.0-6] - kvm-block-move-bdrv_qiov_is_aligned-to-file-posix.patch [bz#2143170] - kvm-block-use-the-request-length-for-iov-alignment.patch [bz#2143170] - Resolves: bz#2143170 (The installation can not start when install files (iso) locate on a 4k disk) [7.1.0-5] - kvm-rtl8139-Remove-unused-variable.patch [bz#2141218] - kvm-qemu-img-remove-unused-variable.patch [bz#2141218] - kvm-host-libusb-Remove-unused-variable.patch [bz#2141218] - Resolves: bz#2141218 (qemu-kvm build fails with clang 15.0.1 due to false unused variable error) [7.1.0-4] - kvm-Revert-intel_iommu-Fix-irqchip-X2APIC-configuration-.patch [bz#2126095] - Resolves: bz#2126095 ([rhel9.2][intel_iommu]Booting guest with '-device intel-iommu,intremap=on,device-iotlb=on,caching-mode=on' causes kernel call trace) [7.1.0-3] - kvm-target-i386-kvm-fix-kvmclock_current_nsec-Assertion-.patch [bz#2108531] - Resolves: bz#2108531 (Windows guest reboot after migration with wsl2 installed inside) [7.1.0-2] - kvm-vdpa-Skip-the-maps-not-in-the-iova-tree.patch [RHELX-57] - kvm-vdpa-do-not-save-failed-dma-maps-in-SVQ-iova-tree.patch [RHELX-57] - kvm-util-accept-iova_tree_remove_parameter-by-value.patch [RHELX-57] - kvm-vdpa-Remove-SVQ-vring-from-iova_tree-at-shutdown.patch [RHELX-57] - kvm-vdpa-Make-SVQ-vring-unmapping-return-void.patch [RHELX-57] - kvm-vhost-Always-store-new-kick-fd-on-vhost_svq_set_svq_.patch [RHELX-57] - kvm-vdpa-Use-ring-hwaddr-at-vhost_vdpa_svq_unmap_ring.patch [RHELX-57] - kvm-vhost-stop-transfer-elem-ownership-in-vhost_handle_g.patch [RHELX-57] - kvm-vhost-use-SVQ-element-ndescs-instead-of-opaque-data-.patch [RHELX-57] - kvm-vhost-Delete-useless-read-memory-barrier.patch [RHELX-57] - kvm-vhost-Do-not-depend-on-NULL-VirtQueueElement-on-vhos.patch [RHELX-57] - kvm-vhost_net-Add-NetClientInfo-start-callback.patch [RHELX-57] - kvm-vhost_net-Add-NetClientInfo-stop-callback.patch [RHELX-57] - kvm-vdpa-add-net_vhost_vdpa_cvq_info-NetClientInfo.patch [RHELX-57] - kvm-vdpa-Move-command-buffers-map-to-start-of-net-device.patch [RHELX-57] - kvm-vdpa-extract-vhost_vdpa_net_cvq_add-from-vhost_vdpa_.patch [RHELX-57] - kvm-vhost_net-add-NetClientState-load-callback.patch [RHELX-57] - kvm-vdpa-Add-virtio-net-mac-address-via-CVQ-at-start.patch [RHELX-57] - kvm-vdpa-Delete-CVQ-migration-blocker.patch [RHELX-57] - kvm-vdpa-Make-VhostVDPAState-cvq_cmd_in_buffer-control-a.patch [RHELX-57] - kvm-vdpa-extract-vhost_vdpa_net_load_mac-from-vhost_vdpa.patch [RHELX-57] - kvm-vdpa-Add-vhost_vdpa_net_load_mq.patch [RHELX-57] - kvm-vdpa-validate-MQ-CVQ-commands.patch [RHELX-57] - kvm-virtio-net-Update-virtio-net-curr_queue_pairs-in-vdp.patch [RHELX-57] - kvm-vdpa-Allow-MQ-feature-in-SVQ.patch [RHELX-57] - kvm-i386-reset-KVM-nested-state-upon-CPU-reset.patch [bz#2125281] - kvm-i386-do-kvm_put_msr_feature_control-first-thing-when.patch [bz#2125281] - kvm-Revert-Re-enable-capstone-internal-build.patch [bz#2127825] - kvm-spec-Use-capstone-package.patch [bz#2127825] - Resolves: RHELX-57 (vDPA SVQ Multiqueue support ) - Resolves: bz#2125281 ([RHEL9.1] Guests in VMX root operation fail to reboot with QEMU's 'system_reset' command [rhel-9.2.0]) - Resolves: bz#2127825 (Use capstone for qemu-kvm build) [7.1.0-1] - Rebase to QEMU 7.1.0 [bz#2111769] - Resolves: bz#2111769 (Rebase to QEMU 7.1.0) [7.0.0-11] - kvm-QIOChannelSocket-Fix-zero-copy-flush-returning-code-.patch [bz#2107466] - kvm-Add-dirty-sync-missed-zero-copy-migration-stat.patch [bz#2107466] - kvm-migration-multifd-Report-to-user-when-zerocopy-not-w.patch [bz#2107466] - kvm-migration-Avoid-false-positive-on-non-supported-scen.patch [bz#2107466] - kvm-migration-add-remaining-params-has_-true-in-migratio.patch [bz#2107466] - kvm-QIOChannelSocket-Add-support-for-MSG_ZEROCOPY-IPV6.patch [bz#2107466] - kvm-pc-bios-s390-ccw-Fix-booting-with-logical-block-size.patch [bz#2112303] - kvm-vdpa-Fix-bad-index-calculus-at-vhost_vdpa_get_vring_.patch [bz#2116876] - kvm-vdpa-Fix-index-calculus-at-vhost_vdpa_svqs_start.patch [bz#2116876] - kvm-vdpa-Fix-memory-listener-deletions-of-iova-tree.patch [bz#2116876] - kvm-vdpa-Fix-file-descriptor-leak-on-get-features-error.patch [bz#2116876] - Resolves: bz#2107466 (zerocopy capability can be enabled when set migrate capabilities with multifd and compress/xbzrle together) - Resolves: bz#2112303 (virtio-blk: Can't boot fresh installation from used 512 cluster_size image under certain conditions) - Resolves: bz#2116876 (Fixes for vDPA control virtqueue support in Qemu) [7.0.0-10] - kvm-vhost-Track-descriptor-chain-in-private-at-SVQ.patch [bz#1939363] - kvm-vhost-Fix-device-s-used-descriptor-dequeue.patch [bz#1939363] - kvm-hw-virtio-Replace-g_memdup-by-g_memdup2.patch [bz#1939363] - kvm-vhost-Fix-element-in-vhost_svq_add-failure.patch [bz#1939363] - kvm-meson-create-have_vhost_-variables.patch [bz#1939363] - kvm-meson-use-have_vhost_-variables-to-pick-sources.patch [bz#1939363] - kvm-vhost-move-descriptor-translation-to-vhost_svq_vring.patch [bz#1939363] - kvm-virtio-net-Expose-MAC_TABLE_ENTRIES.patch [bz#1939363] - kvm-virtio-net-Expose-ctrl-virtqueue-logic.patch [bz#1939363] - kvm-vdpa-Avoid-compiler-to-squash-reads-to-used-idx.patch [bz#1939363] - kvm-vhost-Reorder-vhost_svq_kick.patch [bz#1939363] - kvm-vhost-Move-vhost_svq_kick-call-to-vhost_svq_add.patch [bz#1939363] - kvm-vhost-Check-for-queue-full-at-vhost_svq_add.patch [bz#1939363] - kvm-vhost-Decouple-vhost_svq_add-from-VirtQueueElement.patch [bz#1939363] - kvm-vhost-Add-SVQDescState.patch [bz#1939363] - kvm-vhost-Track-number-of-descs-in-SVQDescState.patch [bz#1939363] - kvm-vhost-add-vhost_svq_push_elem.patch [bz#1939363] - kvm-vhost-Expose-vhost_svq_add.patch [bz#1939363] - kvm-vhost-add-vhost_svq_poll.patch [bz#1939363] - kvm-vhost-Add-svq-avail_handler-callback.patch [bz#1939363] - kvm-vdpa-Export-vhost_vdpa_dma_map-and-unmap-calls.patch [bz#1939363] - kvm-vhost-net-vdpa-add-stubs-for-when-no-virtio-net-devi.patch [bz#1939363] - kvm-vdpa-manual-forward-CVQ-buffers.patch [bz#1939363] - kvm-vdpa-Buffer-CVQ-support-on-shadow-virtqueue.patch [bz#1939363] - kvm-vdpa-Extract-get-features-part-from-vhost_vdpa_get_m.patch [bz#1939363] - kvm-vdpa-Add-device-migration-blocker.patch [bz#1939363] - kvm-vdpa-Add-x-svq-to-NetdevVhostVDPAOptions.patch [bz#1939363] - kvm-redhat-Update-linux-headers-linux-kvm.h-to-v5.18-rc6.patch [bz#2111994] - kvm-target-s390x-kvm-Honor-storage-keys-during-emulation.patch [bz#2111994] - kvm-kvm-don-t-use-perror-without-useful-errno.patch [bz#2095608] - kvm-multifd-Copy-pages-before-compressing-them-with-zlib.patch [bz#2099934] - kvm-Revert-migration-Simplify-unqueue_page.patch [bz#2099934] - Resolves: bz#1939363 (vDPA control virtqueue support in Qemu) - Resolves: bz#2111994 (RHEL9: skey test in kvm_unit_test got failed) - Resolves: bz#2095608 (Please correct the error message when try to start qemu with '-M kernel-irqchip=split') - Resolves: bz#2099934 (Guest reboot on destination host after postcopy migration completed) [7.0.0-9] - kvm-virtio-iommu-Add-bypass-mode-support-to-assigned-dev.patch [bz#2100106] - kvm-virtio-iommu-Use-recursive-lock-to-avoid-deadlock.patch [bz#2100106] - kvm-virtio-iommu-Add-an-assert-check-in-translate-routin.patch [bz#2100106] - kvm-virtio-iommu-Fix-the-partial-copy-of-probe-request.patch [bz#2100106] - kvm-virtio-iommu-Fix-migration-regression.patch [bz#2100106] - kvm-pc-bios-s390-ccw-virtio-Introduce-a-macro-for-the-DA.patch [bz#2098077] - kvm-pc-bios-s390-ccw-bootmap-Improve-the-guessing-logic-.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-blkdev-Simplify-fix-virtio_i.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-blkdev-Remove-virtio_assume_.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-Set-missing-status-bits-whil.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-Read-device-config-after-fea.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-Beautify-the-code-for-readin.patch [bz#2098077] - kvm-pc-bios-s390-ccw-Split-virtio-scsi-code-from-virtio_.patch [bz#2098077] - kvm-pc-bios-s390-ccw-virtio-blkdev-Request-the-right-fea.patch [bz#2098077] - kvm-pc-bios-s390-ccw-netboot.mak-Ignore-Clang-s-warnings.patch [bz#2098077] - kvm-hw-block-fdc-Prevent-end-of-track-overrun-CVE-2021-3.patch [bz#1951522] - kvm-tests-qtest-fdc-test-Add-a-regression-test-for-CVE-2.patch [bz#1951522] - Resolves: bz#2100106 (Fix virtio-iommu/vfio bypass) - Resolves: bz#2098077 (virtio-blk: Can't boot fresh installation from used virtio-blk dasd disk under certain conditions) - Resolves: bz#1951522 (CVE-2021-3507 qemu-kvm: QEMU: fdc: heap buffer overflow in DMA read data transfers [rhel-9.0]) [7.0.0-8] - kvm-tests-avocado-update-aarch64_virt-test-to-exercise-c.patch [bz#2060839] - kvm-RHEL-only-tests-avocado-Switch-aarch64-tests-from-a5.patch [bz#2060839] - kvm-RHEL-only-AArch64-Drop-unsupported-CPU-types.patch [bz#2060839] - kvm-target-i386-deprecate-CPUs-older-than-x86_64-v2-ABI.patch [bz#2060839] - kvm-target-s390x-deprecate-CPUs-older-than-z14.patch [bz#2060839] - kvm-target-arm-deprecate-named-CPU-models.patch [bz#2060839] - kvm-meson.build-Fix-docker-test-build-alpine-when-includ.patch [bz#1968509] - kvm-QIOChannel-Add-flags-on-io_writev-and-introduce-io_f.patch [bz#1968509] - kvm-QIOChannelSocket-Implement-io_writev-zero-copy-flag-.patch [bz#1968509] - kvm-migration-Add-zero-copy-send-parameter-for-QMP-HMP-f.patch [bz#1968509] - kvm-migration-Add-migrate_use_tls-helper.patch [bz#1968509] - kvm-multifd-multifd_send_sync_main-now-returns-negative-.patch [bz#1968509] - kvm-multifd-Send-header-packet-without-flags-if-zero-cop.patch [bz#1968509] - kvm-multifd-Implement-zero-copy-write-in-multifd-migrati.patch [bz#1968509] - kvm-QIOChannelSocket-Introduce-assert-and-reduce-ifdefs-.patch [bz#1968509] - kvm-QIOChannelSocket-Fix-zero-copy-send-so-socket-flush-.patch [bz#1968509] - kvm-migration-Change-zero_copy_send-from-migration-param.patch [bz#1968509] - kvm-migration-Allow-migrate-recover-to-run-multiple-time.patch [bz#2096143] - Resolves: bz#2060839 (Consider deprecating CPU models like 'kvm64' / 'qemu64' on RHEL 9) - Resolves: bz#1968509 (Use MSG_ZEROCOPY on QEMU Live Migration) - Resolves: bz#2096143 (The migration port is not released if use it again for recovering postcopy migration) [7.0.0-7] - kvm-coroutine-ucontext-use-QEMU_DEFINE_STATIC_CO_TLS.patch [bz#1952483] - kvm-coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch [bz#1952483] - kvm-coroutine-win32-use-QEMU_DEFINE_STATIC_CO_TLS.patch [bz#1952483] - kvm-Enable-virtio-iommu-pci-on-x86_64.patch [bz#2094252] - kvm-linux-aio-fix-unbalanced-plugged-counter-in-laio_io_.patch [bz#2092788] - kvm-linux-aio-explain-why-max-batch-is-checked-in-laio_i.patch [bz#2092788] - Resolves: bz#1952483 (RFE: QEMU's coroutines fail with CFLAGS=-flto on non-x86_64 architectures) - Resolves: bz#2094252 (Compile the virtio-iommu device on x86_64) - Resolves: bz#2092788 (Stalled IO Operations in VM) [7.0.0-6] - kvm-Introduce-event-loop-base-abstract-class.patch [bz#2031024] - kvm-util-main-loop-Introduce-the-main-loop-into-QOM.patch [bz#2031024] - kvm-util-event-loop-base-Introduce-options-to-set-the-th.patch [bz#2031024] - kvm-qcow2-Improve-refcount-structure-rebuilding.patch [bz#2072379] - kvm-iotests-108-Test-new-refcount-rebuild-algorithm.patch [bz#2072379] - kvm-qcow2-Add-errp-to-rebuild_refcount_structure.patch [bz#2072379] - kvm-iotests-108-Fix-when-missing-user_allow_other.patch [bz#2072379] - kvm-virtio-net-setup-vhost_dev-and-notifiers-for-cvq-onl.patch [bz#2070804] - kvm-virtio-net-align-ctrl_vq-index-for-non-mq-guest-for-.patch [bz#2070804] - kvm-vhost-vdpa-fix-improper-cleanup-in-net_init_vhost_vd.patch [bz#2070804] - kvm-vhost-net-fix-improper-cleanup-in-vhost_net_start.patch [bz#2070804] - kvm-vhost-vdpa-backend-feature-should-set-only-once.patch [bz#2070804] - kvm-vhost-vdpa-change-name-and-polarity-for-vhost_vdpa_o.patch [bz#2070804] - kvm-virtio-net-don-t-handle-mq-request-in-userspace-hand.patch [bz#2070804] - kvm-Revert-globally-limit-the-maximum-number-of-CPUs.patch [bz#2094270] - kvm-vfio-common-remove-spurious-warning-on-vfio_listener.patch [bz#2086262] - Resolves: bz#2031024 (Add support for fixing thread pool size [QEMU]) - Resolves: bz#2072379 (Fail to rebuild the reference count tables of qcow2 image on host block devices (e.g. LVs)) - Resolves: bz#2070804 (PXE boot crash qemu when using multiqueue vDPA) - Resolves: bz#2094270 (Do not set the hard vCPU limit to the soft vCPU limit in downstream qemu-kvm anymore) - Resolves: bz#2086262 ([Win11][tpm]vfio_listener_region_del received unaligned region) [7.0.0-5] - kvm-qemu-nbd-Pass-max-connections-to-blockdev-layer.patch [bz#1708300] - kvm-nbd-server-Allow-MULTI_CONN-for-shared-writable-expo.patch [bz#1708300] - Resolves: bz#1708300 (RFE: qemu-nbd vs NBD_FLAG_CAN_MULTI_CONN) [7.0.0-4] - kvm-qapi-machine.json-Add-cluster-id.patch [bz#2041823] - kvm-qtest-numa-test-Specify-CPU-topology-in-aarch64_numa.patch [bz#2041823] - kvm-hw-arm-virt-Consider-SMP-configuration-in-CPU-topolo.patch [bz#2041823] - kvm-qtest-numa-test-Correct-CPU-and-NUMA-association-in-.patch [bz#2041823] - kvm-hw-arm-virt-Fix-CPU-s-default-NUMA-node-ID.patch [bz#2041823] - kvm-hw-acpi-aml-build-Use-existing-CPU-topology-to-build.patch [bz#2041823] - kvm-coroutine-Rename-qemu_coroutine_inc-dec_pool_size.patch [bz#2079938] - kvm-coroutine-Revert-to-constant-batch-size.patch [bz#2079938] - kvm-virtio-scsi-fix-ctrl-and-event-handler-functions-in-.patch [bz#2079347] - kvm-virtio-scsi-don-t-waste-CPU-polling-the-event-virtqu.patch [bz#2079347] - kvm-virtio-scsi-clean-up-virtio_scsi_handle_event_vq.patch [bz#2079347] - kvm-virtio-scsi-clean-up-virtio_scsi_handle_ctrl_vq.patch [bz#2079347] - kvm-virtio-scsi-clean-up-virtio_scsi_handle_cmd_vq.patch [bz#2079347] - kvm-virtio-scsi-move-request-related-items-from-.h-to-.c.patch [bz#2079347] - kvm-Revert-virtio-scsi-Reject-scsi-cd-if-data-plane-enab.patch [bz#1995710] - kvm-migration-Fix-operator-type.patch [bz#2064530] - Resolves: bz#2041823 ([aarch64][numa] When there are at least 6 Numa nodes serial log shows 'arch topology borken') - Resolves: bz#2079938 (qemu coredump when boot with multi disks (qemu) failed to set up stack guard page: Cannot allocate memory) - Resolves: bz#2079347 (Guest boot blocked when scsi disks using same iothread and 100% CPU consumption) - Resolves: bz#1995710 (RFE: Allow virtio-scsi CD-ROM media change with IOThreads) - Resolves: bz#2064530 (Rebuild qemu-kvm with clang-14) [7.0.0-3] - kvm-hw-arm-virt-Remove-the-dtb-kaslr-seed-machine-option.patch [bz#2046029] - kvm-hw-arm-virt-Fix-missing-initialization-in-instance-c.patch [bz#2046029] - kvm-Enable-virtio-iommu-pci-on-aarch64.patch [bz#1477099] - kvm-sysemu-tpm-Add-a-stub-function-for-TPM_IS_CRB.patch [bz#2037612] - kvm-vfio-common-remove-spurious-tpm-crb-cmd-misalignment.patch [bz#2037612] - Resolves: bz#2046029 ([WRB] New machine type property - dtb-kaslr-seed) - Resolves: bz#1477099 (virtio-iommu (including ACPI, VHOST/VFIO integration, migration support)) - Resolves: bz#2037612 ([Win11][tpm][QL41112 PF] vfio_listener_region_add received unaligned region) [7.0.0-2] - kvm-configs-devices-aarch64-softmmu-Enable-CONFIG_VIRTIO.patch [bz#2044162] - kvm-target-ppc-cpu-models-Fix-ppc_cpu_aliases-list-for-R.patch [bz#2081022] - Resolves: bz#2044162 ([RHEL9.1] Enable virtio-mem as tech-preview on ARM64 QEMU) - Resolves: bz#2081022 (Build regression on ppc64le with c9s qemu-kvm 7.0.0-1 changes) [7.0.0-1] - Rebase to QEMU 7.0.0 [bz#2064757] - Do not build ssh block driver anymore [bz#2064500] - Removed hpet and parallel port support [bz#2065042] - Compatibility support [bz#2064782 bz#2064771] - Resolves: bz#2064757 (Rebase to QEMU 7.0.0) - Resolves: bz#2064500 (Install qemu-kvm-6.2.0-11.el9_0.1 failed as conflict with qemu-kvm-block-ssh-6.2.0-11.el9_0.1) - Resolves: bz#2065042 (Remove upstream-only devices from the qemu-kvm binary) - Resolves: bz#2064782 (Update machine type compatibility for QEMU 7.0.0 update [s390x]) - Resolves: bz#2064771 (Update machine type compatibility for QEMU 7.0.0 update [x86_64]) [6.2.0-13] - kvm-RHEL-disable-seqpacket-for-vhost-vsock-device-in-rhe.patch [bz#2065589] - Resolves: bz#2065589 (RHEL 9.0 guest with vsock device migration failed from RHEL 9.0 > RHEL 8.6 [rhel-9.1.0]) MODERATE Copyright 2024 Oracle, Inc. CVE-2023-5088 CVE-2023-6683 CVE-2023-42467 CVE-2023-3019 CVE-2023-3255 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [0.21.1-1] - 0.21.1 - Include the fix for CVE-2023-1729 from Fedora Resolves: RHEL-768 LOW Copyright 2024 Oracle, Inc. CVE-2023-1729 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::distro_builder cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1.7.0-9] - Fix CVE-2023-43785: out-of-bounds memory access in _XkbReadKeySyms() - Fix CVE-2023-43786: stack exhaustion from infinite recursion in PutSubImage() - Fix CVE-2023-43787: integer overflow in XCreateImage() leading to a heap overflow MODERATE Copyright 2024 Oracle, Inc. CVE-2023-43786 CVE-2023-43787 CVE-2023-43785 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [3.5.13-10] - Drop hardening patches from previous version to keep ABI compatibility [3.5.13-9] - CVE-2023-43786 libX11: stack exhaustion from infinite recursion in PutSubImage() - CVE-2023-43787 libX11: integer overflow in XCreateImage() leading to a heap overflow - CVE-2023-43788 libXpm: out of bounds read in XpmCreateXpmImageFromBuffer() - CVE-2023-43789 libXpm: out of bounds read on XPM with corrupted colormap MODERATE Copyright 2024 Oracle, Inc. CVE-2023-43788 CVE-2023-43789 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [4.11.0-9.0.1] - Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674] - Add bind to ipa-server-common Requires [Orabug: 36518596] [4.11.0-9] - Resolves: RHEL-28258 vault fails on non-fips client if server is in FIPS mode - Resolves: RHEL-26154 ipa: freeipa: specially crafted HTTP requests potentially lead to DoS or data exposure [4.11.0-8] - Resolves: RHEL-12143 'ipa vault-add is failing with ipa: ERROR: an internal error has occurred in FIPS mode - Resolves: RHEL-25738 ipa-kdb: Cannot determine if PAC generator is available [4.11.0-7] - Resolves: RHEL-25260 tier-1-upstream-dns-locations failed on RHEL8.8 gating - Resolves: RHEL-25738 ipa-kdb: Cannot determine if PAC generator is available - Resolves: RHEL-25815 Backport latest test fixes in python3-ipatests [4.11.0-6] - Resolves: RHEL-23627 IPA stops working if HTTP/... service principal was created before FreeIPA 4.4.0 and never modified - Resolves: RHEL-23625 sidgen plugin does not ignore staged users - Resolves: RHEL-23621 session cookie can't be read - Resolves: RHEL-22372 Gating-DL1 test failure in test_integration/test_dns_locations.py::TestDNSLocations::()::test_ipa_ca_records - Resolves: RHEL-21809 CA less servers are failing to be added in topology segment for domain suffix - Resolves: RHEL-17996 Memory leak in IdM's KDC [4.11.0-5] - Resolves: RHEL-12589 ipa: Invalid CSRF protection - Resolves: RHEL-19748 ipa hbac-test did not report that it hit an arbitrary search limit - Resolves: RHEL-21059 'DogtagCertsConfigCheck' fails, displaying the error message 'Malformed directive: ca.signing.certnickname=caSigningCert cert-pki-ca' - Resolves: RHEL-21804 ipa client 4.10.2 - Failed to obtain host TGT - Resolves: RHEL-21809 CA less servers are failing to be added in topology segment for domain suffix - Resolves: RHEL-21810 ipa-client-install --automount-location does not work - Resolves: RHEL-21811 Handle change in behavior of pki-server ca-config-show in pki 11.5.0 - Resolves: RHEL-21812 Backport latest test fixes in ipa - Resolves: RHEL-21813 krb5kdc fails to start when pkinit and otp auth type is enabled in ipa - Resolves: RHEL-21815 IPA 389ds plugins need to have better logging and tracing - Resolves: RHEL-21937 Make sure a default NetBIOS name is set if not passed in by ADTrust instance constructor [4.11.0-4] - Resolves: RHEL-16985 Handle samba 4.19 changes in samba.security.dom_sid() [4.11.0-3] - Resolves: RHEL-14428 healthcheck reports nsslapd-accesslog-logbuffering is set to 'off' [4.11.0-2] - Resolves: RHEL-14292 Backport latest test fixes in python3-ipatests - Resolves: RHEL-15443 Server install: failure to install with externally signed CA because of timezone issue - Resolves: RHEL-15444 Minimum length parameter in pwpolicy cannot be removed with empty string - Resolves: RHEL-14842 Upstream xmlrpc tests are failing in RHEL9.4 [4.11.0-1] - Resolves: RHEL-11652 Rebase ipa to latest 4.11.x version for RHEL 9.4 [4.10.2-4] - Resolves: rhbz#2231847 RHEL 8.8 & 9.2 fails to create AD trust with STIG applied - Resolves: rhbz#2232056 Include latest test fixes in python3-ipatests [4.10.2-3] - Resolves: rhbz#2229712 Delete operation protection for admin user - Resolves: rhbz#2227831 Interrupt request processing in ipadb_fill_info3() if connection to 389ds is lost - Resolves: rhbz#2227784 libipa_otp_lasttoken plugin memory leak - Resolves: rhbz#2224570 Improved error messages are needed when attempting to add a non-existing idp to a user - Resolves: rhbz#2230251 Backport latest test fixes to python3-ipatests [4.10.2-2] - Resolves: rhbz#2192969 Better handling of the command line and web UI cert search and/or list features - Resolves: rhbz#2214933 Uninstalling of the IPA server is encountering a failure during the unconfiguration of the CA (Unconfiguring CA) - Resolves: rhbz#2216114 After updating the RHEL from 8.7 to 8.8, IPA services fails to start - Resolves: rhbz#2216549 Upgrade to 4.9.10-6.0.1 fails: attributes are managed by topology plugin - Resolves: rhbz#2216611 Backport latest test fixes in python3-ipatests - Resolves: rhbz#2216872 User authentication failing on OTP validation using multiple tokens, succeeds with password only [4.10.2-1] - Resolves: rhbz#2196426 [Rebase] Rebase ipa to latest 4.10.x release for RHEL 9.3 - Resolves: rhbz#2192969 Better handling of the command line and web UI cert search and/or list features - Resolves: rhbz#2192625 Better catch of the IPA web UI event 'IPA Error 4301:CertificateOperationError', and IPA httpd error CertificateOperationError - Resolves: rhbz#2188567 IPA client Kerberos configuration incompatible with java - Resolves: rhbz#2182683 Tolerate absence of PAC ticket signature depending of domain and servers capabilities [rhel-9] - Resolves: rhbz#2180914 Sequence processing failures for group_add using server context - Resolves: rhbz#2165880 Add RBCD support to IPA - Resolves: rhbz#2160399 get_ranges - [file ipa_sidgen_common.c, line 276]: Failed to convert LDAP entry to range struct [4.10.1-6] - Resolves: rhbz#2169632 Backport latest test fixes in python3-ipatests [4.10.1-5] - Resolves: rhbz#2162656 Passwordless (GSSAPI) SSH not working for subdomain - Resolves: rhbz#2166326 Removing the last DNS type for ipa-ca does not work - Resolves: rhbz#2167473 RFE - Add a warning note about possible performance impact of the Auto Member rebuild task - Resolves: rhbz#2168244 requestsearchtimelimit=0 doesn't seems to be work with ipa-acme-manage pruning command [4.10.1-4] - Resolves: rhbz#2161284 'ERROR Could not remove /tmp/tmpbkw6hawo.ipabkp' can be seen prior to 'ipa-client-install' command was successful - Resolves: rhbz#2164403 ipa-trust-add with --range-type=ipa-ad-trust-posix fails while creating an ID range - Resolves: rhbz#2162677 RFE: Implement support for PKI certificate and request pruning - Resolves: rhbz#2167312 - Backport latest test fixes in python3-ipatests [4.10.1-3] - Rebuild against krb5 1.20.1 ABI - Resolves: rhbz#2155425 [4.10.1-2] - Resolves: rhbz#2148887 MemberManager with groups fails - Resolves: rhbz#2150335 idm:client is missing dependency on krb5-pkinit [4.10.1-1] - Resolves: rhbz#2141315 [Rebase] Rebase ipa to latest 4.10.x release for RHEL 9.2 - Resolves: rhbz#2094673 ipa-client-install should just use system wide CA store and do not specify TLS_CACERT in ldap.conf - Resolves: rhbz#2117167 After leapp upgrade on ipa-client ipa-server package installation failed. (REQ_FULL_WITH_MEMBERS returns object from wrong domain) - Resolves: rhbz#2127833 Password Policy Grace login limit allows invalid maximum value - Resolves: rhbz#2143224 [RFE] add certificate support to ipa-client instead of one time password - Resolves: rhbz#2144736 vault interoperability with older RHEL systems is broken - Resolves: rhbz#2148258 ipa-client-install does not maintain server affinity during installation - Resolves: rhbz#2148379 Add warning for empty targetattr when creating ACI with RBAC - Resolves: rhbz#2148380 OTP token sync always returns OK even with random numbers - Resolves: rhbz#2148381 Deprecated feature idnssoaserial in IdM appears when creating reverse dns zones - Resolves: rhbz#2148382 Introduction of URI records for kerberos breaks location functionality [4.10.0-7] - Resolves: rhbz#2124547 Attempt to log in as 'root' user with admin's password in Web UI does not properly fail - Resolves: rhbz#2137555 Attempt to log in as 'root' user with admin's password in Web UI does not properly fail [rhel-9.1.0.z] [4.10.0-6] - Resolves: rhbz#2110014 ldap bind occurs when admin user changes password with gracelimit=0 - Resolves: rhbz#2112901 RFE: Allow grace login limit to be set in IPA WebUI - Resolves: rhbz#2115495 group password policy by default does not allow grace logins - Resolves: rhbz#2116966 ipa-replica-manage displays traceback: Unexpected error: 'bool' object has no attribute 'lower' [4.10.0-5] - Resolves: rhbz#2109645 - Rebuild for samba-4.16.3-101.el9 [4.10.0-4] - Resolves: rhbz#2109645 - Rebuild for samba-4.16.3-100.el9 [4.10.0-3] - Resolves: rhbz#2105294 IdM WebUI Pagination Size should not allow empty value [4.10.0-2] - Resolves: rhbz#2091988 [RFE] Add code to check password expiration on ldap bind [4.10.0-1] - Resolves: rhbz#747959 [RFE] Support random serial numbers in IPA certificates - Resolves: rhbz#2100227 [UX] Preserving a user account produces output saying it was deleted [4.9.10-1] - Resolves: rhbz#2079469 [Rebase] Rebase ipa to latest 4.9.x release - Resolves: rhbz#2012911 named journalctl logs shows 'zone testrealm.test/IN: serial (serialnumber) write back to LDAP failed.' - Resolves: rhbz#2069202 [RFE] add support for authenticating against external IdP services using OAUTH2 preauthenticaiton mechanism provided by SSSD - Resolves: rhbz#2083218 ipa-dnskeysyncd floods /var/log/messages with DEBUG messages - Resolves: rhbz#2089750 RFE: Improve error message with more detail for ipa-replica-install command - Resolves: rhbz#2091988 [RFE] Add code to check password expiration on ldap bind - Resolves: rhbz#2094400 [RFE] ipa-client-install should provide option to enable subid: sss in /etc/nsswitch.conf - Resolves: rhbz#2096922 secret in ipa-pki-proxy.conf is not changed if new requiredSecret value is present in /etc/pki/pki-tomcat/server.xml MODERATE Copyright 2024 Oracle, Inc. CVE-2024-1481 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [8.5.3-4] - Resolves: RHEL-14825 - crafted BGP UPDATE message leading to a crash [8.5.3-3] - Resolves: RHEL-14822 - mishandled malformed data leading to a crash [8.5.3-2] - Resolves: RHEL-15915 - crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message - Resolves: RHEL-15918 - crash from malformed EOR-containing BGP UPDATE message [8.5.3-1] - Resolves: RHEL-15291 - Rebase FRR to version 8.5.3 in RHEL9 [8.3.1-12] - Resolves: RHEL-3541 - Incorrect handling of a error in parsing of an invalid section of a BGP update can de-peer a router MODERATE Copyright 2024 Oracle, Inc. CVE-2023-41358 CVE-2023-46753 CVE-2023-31489 CVE-2023-41360 CVE-2023-31490 CVE-2023-41359 CVE-2023-41909 CVE-2023-46752 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [1.26.12-2] - Security fix for CVE-2023-43804 Resolves: RHEL-12003 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-43804 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [1.20.4-24] - Fix use after free related to CVE-2024-21886 [1.20.11-23] - CVE fix for: CVE-2023-6816, CVE-2024-0229, CVE-2024-21885, CVE-2024-21886, CVE-2024-0408 and CVE-2024-0409 Resolves: https://issues.redhat.com/browse/RHEL-21203 Resolves: https://issues.redhat.com/browse/RHEL-20531 Resolves: https://issues.redhat.com/browse/RHEL-20380 Resolves: https://issues.redhat.com/browse/RHEL-20386 Resolves: https://issues.redhat.com/browse/RHEL-21193 Resolves: https://issues.redhat.com/browse/RHEL-21200 [1.20.11-22] - CVE fix for: CVE-2023-6377, CVE-2023-6478 Resolves: https://issues.redhat.com/browse/RHEL-18322 Resolves: https://issues.redhat.com/browse/RHEL-18329 [1.20.11-20] - CVE fix for: CVE-2023-5380 Resolves: https://issues.redhat.com/browse/RHEL-14062 [1.20.11-20] - CVE fix for: CVE-2023-5367 Resolves: https://issues.redhat.com/browse/RHEL-13430 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-5380 CVE-2024-0229 CVE-2024-21886 CVE-2024-0409 CVE-2024-21885 CVE-2023-5367 CVE-2023-6478 CVE-2023-6816 CVE-2024-0408 CVE-2023-6377 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [21.1.9-5] Fix for CVE-2023-6816, CVE-2024-0229, CVE-2024-21885, CVE-2024-21886, CVE-2024-0408, CVE-2024-0409 [21.1.9-4] - Fix for CVE-2023-6377, CVE-2023-6478 [22.1.9-3] - Fix for CVE-2023-5367 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-6816 CVE-2024-0408 CVE-2024-0409 CVE-2024-0229 CVE-2023-6478 CVE-2023-6377 CVE-2024-21885 CVE-2024-21886 CVE-2023-5367 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::distro_builder Oracle Linux 9 [4:1.1.12-2] - Switch dependency on criu to Recommends - Resolves: RHEL-25116 MODERATE Copyright 2024 Oracle, Inc. CVE-2022-30630 CVE-2022-30632 CVE-2023-45287 CVE-2022-30631 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [1.0.31-8] - fix integer overflows causing CVE-2022-33065 (#RHEL-3751) MODERATE Copyright 2024 Oracle, Inc. CVE-2022-33065 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [2:4.9.4-0.1.0.1] - Add devices on container startup, not on creation - Backport fast gzip for compression [Orabug: 36420418] - overlay: Put should ignore ENINVAL for Unmount [Orabug: 36234694] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404] [2:4.9.4-0.1] - update to the latest content of https://github.com/containers/podman/tree/v4.9 (https://github.com/containers/podman/commit/4b69d93) - Related: RHEL-2112 [2:4.9.3-0.1] - update to the latest content of https://github.com/containers/podman/tree/v4.9 (https://github.com/containers/podman/commit/b8a887c) - Related: RHEL-2112 [2:4.9.2-1] - update to the latest content of https://github.com/containers/podman/tree/v4.9 (https://github.com/containers/podman/commit/4c14019) - Related: RHEL-2112 [2:4.9.1-1] - switch to v4.9.1-rhel branch - update dnsname to the latest commit - Related: Jira:RHEL-2112 [2:4.9.0-1] - update to https://github.com/containers/podman/releases/tag/v4.9.0 - Related: RHEL-2112 [2:4.8.3-1] - update to https://github.com/containers/podman/releases/tag/v4.8.3 - Related: RHEL-2112 [2:4.8.2-1] - update to https://github.com/containers/podman/releases/tag/v4.8.2 - Related: RHEL-2112 [2:4.8.1-1] - update to latest content of https://github.com/containers/podman/releases/tag/4.8.1 - Related: Jira:RHEL-2112 [2:4.7.2-3] - Rebuild for following CVEs: CVE-2023-39318 CVE-2023-39319 CVE-2023-39321 CVE-2023-39322 - Related: Jira:RHEL-2785 [2:4.7.2-2] - update to latest content of https://github.com/containers/podman/releases/tag/4.7.2 (https://github.com/containers/podman/commit/750b4c3a7c31f6573350f0b3f1b787f26e0fe1e3) - Related: Jira:RHEL-2112 [2:4.7.2-1] - update to https://github.com/containers/podman/releases/tag/v4.7.2 - remove gvisor from podman and depend on external one - Related: Jira:RHEL-2112 [2:4.6.1-6] - update to the latest content of https://github.com/containers/podman/tree/v4.6.1-rhel (https://github.com/containers/podman/commit/68e7ae0) - Related: Jira:RHEL-2112 [2:4.6.1-5] - update to the latest content of https://github.com/containers/podman/tree/v4.6.1-rhel (https://github.com/containers/podman/commit/ea33dce) - Related: #2176063 [2:4.6.1-4] - amend podmansh provides - Related: #2176063 [2:4.6.1-3] - update to the latest content of https://github.com/containers/podman/tree/v4.6.1-rhel (https://github.com/containers/podman/commit/8bb0204) - Related: #2176063 [2:4.6.1-2] - update to the latest content of https://github.com/containers/podman/tree/v4.6.1-rhel (https://github.com/containers/podman/commit/1b2fadd) - Resolves: #2232127 [2:4.6.1-1] - update to latest content of https://github.com/containers/podman/releases/tag/4.6.1 - Related: #2176063 [2:4.6.0-3] - build podman 4.6.0 off main branch for early testing of zstd compression - Related: #2176063 [2:4.6.0-2] - update license token to be SPDX compatible - Related: #2176063 [2:4.6.0-1] - update to latest content of https://github.com/containers/podman/releases/tag/4.6.0 (https://github.com/containers/podman/commit/38e6fab9664c6e59b66e73523b307a56130316ae) [2:4.6.0-0.3] - rebuild with the new bats - Related: #2176063 [2:4.6.0-0.2] - update to 4.6.0-rc2 - Related: #2176063 [2:4.6.0-0.1] - update to 4.6.0-rc1 - Related: #2176063 [2:4.5.1-5] - rebuild for following CVEs: CVE-2023-25173 CVE-2022-41724 CVE-2022-41725 CVE-2023-24537 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539 CVE-2023-24540 CVE-2023-29400 - Resolves: #2175071 - Resolves: #2179950 - Resolves: #2187318 - Resolves: #2187366 - Resolves: #2203681 - Resolves: #2207512 [2:4.5.1-4] - update to https://github.com/containers/gvisor-tap-vsock/releases/tag/v0.6.1 - Related: #2176063 [2:4.5.1-3] - rebuild for following CVEs: CVE-2023-25173 CVE-2022-41724 CVE-2022-41725 CVE-2023-24537 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539 CVE-2023-24540 CVE-2023-29400 - Resolves: #2175074 - Resolves: #2179966 - Resolves: #2187322 - Resolves: #2187383 - Resolves: #2203702 - Resolves: #2207522 [2:4.5.1-2] - rebuild - Resolves: #2177611 [2:4.5.1-1] - update to https://github.com/containers/podman/releases/tag/v4.5.1 - Related: #2176063 [2:4.5.0-1] - update to 4.5.0 - Related: #2176063 [2:4.4.1-10] - build and add missing docker man pages - Resolves: #2187187 [2:4.4.1-9] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel (https://github.com/containers/podman/commit/fd0ea3b) - Resolves: #2173089 [2:4.4.1-8] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel (https://github.com/containers/podman/commit/05037d3) - Resolves: #2178263 [2:4.4.1-7] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel (https://github.com/containers/podman/commit/67f7e1e) - Related: #2176063 [2:4.4.1-6] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel (https://github.com/containers/podman/commit/4461c9c) - Related: #2176063 [2:4.4.1-5] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel (https://github.com/containers/podman/commit/bf400bd) - Related: #2176063 [2:4.4.1-4] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel (https://github.com/containers/podman/commit/ffc2614) - Resolves: #2179450 [2:4.4.1-3] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel (https://github.com/containers/podman/commit/e1703bb) - Related: #2124478 [2:4.4.1-2] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel (https://github.com/containers/podman/commit/0b38633) - Related: #2124478 [2:4.4.1-1] - update to the latest content of https://github.com/containers/podman/tree/v4.4.1-rhel (https://github.com/containers/podman/commit/d4e285a) - Related: #2124478 [2:4.4.1-0.1] - update to the latest content of https://github.com/containers/podman/tree/v4.4 (https://github.com/containers/podman/commit/f5670f0) - Related: #2124478 [2:4.4.0-1] - update to podman-4.4 release - Related: #2124478 [2:4.4.0-0.10] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/68bbdc2) - Related: #2124478 [2:4.4.0-0.9] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/323b515) - Related: #2124478 [2:4.4.0-0.8] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/c35e74f) - Related: #2124478 [2:4.4.0-0.7] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/ce504bb) - Related: #2124478 [2:4.4.0-0.6] - add quadlet to tests - Related: #2124478 [2:4.4.0-0.5] - obsolete podman-catatonit in order to not to file conflict with catatonit - Related: #2124478 [2:4.4.0-0.4] - build v4.4.0-rc2 - Related: #2124478 [2:4.4.0-0.3] - remove podman-machine-cni, it is now part of podman 4.0 or newer - Related: #2124478 [2:4.4.0-0.2] - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/07ba51d) - update gvisor-tap-vsock to 0.5.0 - Related: #2124478 [2:4.4.0-0.1] - podman-4.4.0-rc1 - update to the latest content of https://github.com/containers/podman/tree/main (https://github.com/containers/podman/commit/f1af5b3) - Related: #2124478 [2:4.3.1-4] - podman shouldn't provide and file conflict with catatonit in CRB - Resolves: #2151322 [2:4.3.1-3] - fix 'podman manifest add' is not concurrent safe - Resolves: #2105173 [2:4.3.1-2] - properly obsolete catatonit - Resolves: #2123319 [2:4.3.1-1] - update to https://github.com/containers/podman/releases/tag/v4.3.1 - Related: #2124478 [2:4.3.0-2] - rebuild to fix CVE-2022-30629 - Related: #2102994 [2:4.3.0-1] - update to https://github.com/containers/podman/releases/tag/v4.3.0 - Related: #2124478 [2:4.2.0-3] - fix dependency in test subpackage - Related: #2061316 [2:4.2.0-2] - readd catatonit - Related: #2061316 [2:4.2.0-1] - update to latest content of https://github.com/containers/podman/releases/tag/4.2.0 (https://github.com/containers/podman/commit/7fe5a419cfd2880df2028ad3d7fd9378a88a04f4) - Related: #2061316 [2:4.2.0-0.3rc3] - require catatonit for gating tests - Related: #2061316 [2:4.2.0-0.2rc3] - update to 4.2.0-rc3 - Related: #2061316 [2:4.2.0-0.1rc2] - update to 4.2.0-rc2 - Related: #2061316 [2:4.1.1-6] - convert catatonit dependency to soft dep as catatonit is no longer in Appstream but in CRB - Related: #2061316 [2:4.1.1-5] - rebuild for combined gating with catatonit - Related: #2097694 [2:4.1.1-4] - catatonit is now a standalone package - Related: #2097694 [2:4.1.1-3] - update to the latest content of https://github.com/containers/podman/tree/v4.1.1-rhel (https://github.com/containers/podman/commit/fa692a6) - Related: #2097694 [2:4.1.1-2] - be sure podman services/sockets are stopped upon package removal - Related: #2061316 [2:4.1.1-1] - update to https://github.com/containers/podman/releases/tag/v4.1.1 - Related: #2061316 [2:4.1.0-4] - don't require runc and Recommends: crun - Related: #2061316 [2:4.1.0-3] - Re-enable LTO and debuginfo - Related: #2061316 [2:4.1.0-2] - update gvisor-tap-vsock to 0.2.0 to fix compilation with golang 1.18 - Related: #2061316 [2:4.1.0-1] - update to https://github.com/containers/podman/releases/tag/v4.1.0 - Related: #2061316 [2:4.0.3-2] - require netavark and move CNI to soft dependencies - Related: #2061316 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-45287 CVE-2023-39326 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [3.2.3-5] - Add pmix_test - Resolves: RHEL-3693 [3.2.3-4] - Fix CVE-2023-41915 - Resolves: RHEL-3693 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-41915 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1.18.1-3] - Backport unit test of recent libnbd API addition resolves: RHEL-16292 [1.18.1-2] - Fix assertion in ext-mode BLOCK_STATUS (CVE-2023-5871) resolves: RHEL-15143 [1.18.1-1] - Rebase to 1.18.1 resolves: RHEL-14476 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-5871 CVE-2023-5215 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [2:2.11.2-1] - Update to 2.11.2 (RHEL-4290, RHEL-4292, RHEL-4296, RHEL-4298, RHEL-4300, RHEL-4302, RHEL-4304, RHEL-4306, RHEL-4308, RHEL-4310, RHEL-4312, RHEL-10060) MODERATE Copyright 2024 Oracle, Inc. CVE-2023-39351 CVE-2023-39352 CVE-2023-40569 CVE-2023-39356 CVE-2023-40567 CVE-2023-39350 CVE-2023-40186 CVE-2023-39353 CVE-2023-39354 CVE-2023-40181 CVE-2023-40188 CVE-2023-40589 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [14:4.99.0-9] - Resolves: RHEL-21558 - tcpslice: use-after-free in extract_slice() [14:4.99.0-8] - Resolves: RHEL-10714 - Fix PGM option printing MODERATE Copyright 2024 Oracle, Inc. CVE-2021-41043 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [6.2.0-1.0.1] - Fixed libpcp derived metric issue for ol9 [Orabug: 36538820] [6.2.0-1] - Rebase to latest stable version of PCP (RHEL-2317) [6.1.1-4] - Fix pcp-ss(1) handling of UDP packet states (RHEL-17649) [6.1.1-2] - Fix pcp-ss(1) default handling of listen state (RHEL-17335) - Added pcp package dependency on diffutils for diffstat(1) [6.1.1-1] - Improve pmlogcheck performance with compressed archives (RHEL-3930) - Fix pcp-ss(1) utility handling of duplicate sources (RHEL-7498) - Fine-tune PCP python wrapper path resolution (RHEL-7509) - Rebase to latest stable version of PCP (RHEL-2317) [6.1.0-1] - Use absolute path in default PCP_PYTHON_PROG (BZ 2227011) - Update to latest PCP sources. MODERATE Copyright 2024 Oracle, Inc. CVE-2023-6917 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [2.3.4-28] - Fix CVE-2023-43788: out of bounds read in XpmCreateXpmImageFromBuffer() - Fix CVE-2023-43789: out of bounds read on XPM with corrupted colormap MODERATE Copyright 2024 Oracle, Inc. CVE-2023-43788 CVE-2023-43789 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [4:5.32.1-481] - Fixes: CVE-2023-47038 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-47038 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [10.0.0-6.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] [10.0.0-6] - qemu: virtiofs: do not crash if cgroups are missing (RHEL-7386) - qemu: virtiofs: set correct label when creating the socket (RHEL-7386) - qemu: virtiofs: error out if getting the group or user name fails (RHEL-7386) [10.0.0-5] - cpu: x86: Add support for adding features to existing CPU models (RHEL-25995) - qemu: domain: Check arch in qemuDomainMakeCPUMigratable (RHEL-25995) - conf: cpu: Introduce virCPUDefListFeatures (RHEL-25995) - qemu: domain: Drop added features from migratable CPU (RHEL-25995) - Add vmx-* features to Broadwell* (RHEL-25995) - Add vmx-* features to Cascadelake* (RHEL-25995) - Add vmx-* features to Conroe (RHEL-25995) - Add vmx-* features to Cooperlake (RHEL-25995) - Add vmx-* features to core{,2}duo (RHEL-25995) - Add vmx-* features to Haswell* (RHEL-25995) - Add vmx-* features to Icelake* (RHEL-25995) - Add vmx-* features to IvyBridge* (RHEL-25995) - Add vmx-* features to kvm* (RHEL-25995) - Add vmx-* features to Nehalem* (RHEL-25995) - Add vmx-* features to Penryn (RHEL-25995) - Add vmx-* features to SandyBridge* (RHEL-25995) - Add vmx-* features to SapphireRapids (RHEL-25995) - Add vmx-* features to Skylake* (RHEL-25995) - Add vmx-* features to Snowridge (RHEL-25995) - Add vmx-* features to Westmere* (RHEL-25995) [10.0.0-4] - Set stubDriverName from hostdev driver model attribute during pci device setup (RHEL-25858) - qemuMigrationDstPrepareStorage: Use 'switch' statement to include all storage types (RHEL-24825) - qemuMigrationDstPrepareStorage: Properly consider path for 'vdpa' devices (RHEL-24825) - domain_validate: Account for NVDIMM label size properly when checking for memory conflicts (RHEL-4452) [10.0.0-3] - remote_driver: Restore special behavior of remoteDomainGetBlockIoTune() (RHEL-22800) - conf: Introduce dynamicMemslots attribute for virtio-mem (RHEL-15316) - qemu_capabilities: Add QEMU_CAPS_DEVICE_VIRTIO_MEM_PCI_DYNAMIC_MEMSLOTS capability (RHEL-15316) - qemu_validate: Check capability for virtio-mem dynamicMemslots (RHEL-15316) - qemu_command: Generate cmd line for virtio-mem dynamicMemslots (RHEL-15316) - qemu_snapshot: fix detection if non-leaf snapshot isn't in active chain (RHEL-23212) - qemu_snapshot: create: refactor external snapshot detection (RHEL-22797) - qemu_snapshot: create: don't require disk-only flag for offline external snapshot (RHEL-22797) - remoteDispatchAuthPolkit: Fix lock ordering deadlock if client closes connection during auth (RHEL-20337) - util: virtportallocator: Add VIR_DEBUG statements for port allocations and release (RHEL-21543) - qemu: migration: Properly handle reservation of manually specified NBD port (RHEL-21543) - qemuMigrationDstStartNBDServer: Refactor cleanup (RHEL-21543) - virPCIVPDResourceIsValidTextValue: Adjust comment to reflect actual code (RHEL-22314) - util: pcivpd: Refactor virPCIVPDResourceIsValidTextValue (RHEL-22314) - virNodeDeviceCapVPDFormatCustom*: Escape unsanitized strings (RHEL-22314) - virNodeDeviceCapVPDFormat: Properly escape system-originated strings (RHEL-22314) - schema: nodedev: Adjust allowed characters in 'vpdFieldValueFormat' (RHEL-22314) - tests: Test the previously mishandled PCI VPD characters (RHEL-22314) - Don't overwrite error message from 'virXPathNodeSet' (RHEL-22314) - tests: virpcivpdtest: Remove 'testVirPCIVPDReadVPDBytes' case (RHEL-22314) - util: virpcivpd: Unexport 'virPCIVPDReadVPDBytes' (RHEL-22314) - util: pcivpd: Unexport virPCIVPDParseVPDLargeResourceFields (RHEL-22314) - tests: virpcivpd: Remove 'testVirPCIVPDParseVPDStringResource' case (RHEL-22314) - util: virpcivpd: Unexport 'virPCIVPDParseVPDLargeResourceString' (RHEL-22314) - virPCIVPDResourceGetKeywordPrefix: Fix logging (RHEL-22314) - util: virpcivpd: Remove return value from virPCIVPDResourceCustomUpsertValue (RHEL-22314) - conf: virNodeDeviceCapVPDParse*: Remove pointless NULL checks (RHEL-22314) - virpcivpdtest: testPCIVPDResourceBasic: Remove tests for uninitialized 'ro'/'rw' section (RHEL-22314) - util: virPCIVPDResourceUpdateKeyword: Remove impossible checks (RHEL-22314) - conf: node_device: Refactor 'virNodeDeviceCapVPDParseCustomFields' to fix error reporting (RHEL-22314) - virNodeDeviceCapVPDParseXML: Fix error reporting (RHEL-22314) - util: virpcivpd: Remove return value from virPCIVPDResourceUpdateKeyword (RHEL-22314) - virPCIDeviceHasVPD: Refactor 'debug' messages (RHEL-22314) - virPCIDeviceGetVPD: Fix multiple error handling bugs (RHEL-22314) - virPCIDeviceGetVPD: Handle errors in callers (RHEL-22314) - virPCIVPDReadVPDBytes: Refactor error handling (RHEL-22314) - virPCIVPDParseVPDLargeResourceString: Properly report errors (RHEL-22314) - virPCIVPDParseVPDLargeResourceFields: Merge logic conditions (RHEL-22314) - virPCIVPDParseVPDLargeResourceFields: Remove impossible 'default' switch case (RHEL-22314) - virPCIVPDParseVPDLargeResourceFields: Refactor processing of read data (RHEL-22314) - virPCIVPDParseVPDLargeResourceFields: Refactor return logic (RHEL-22314) - virPCIVPDParseVPDLargeResourceFields: Report proper errors (RHEL-22314) - virPCIVPDParse: Do reasonable error reporting (RHEL-22314) - virt-admin: Add warning when connection to default daemon fails (RHEL-23170) [10.0.0-2] - tests: Add hostcpudata for machine with CPU clusters (RHEL-7043) - conf: Report CPU clusters in capabilities XML (RHEL-7043) - conf: Allow specifying CPU clusters (RHEL-7043) - qemu: Introduce QEMU_CAPS_SMP_CLUSTERS (RHEL-7043) - qemu: Use CPU clusters for guests (RHEL-7043) - tests: Add test case for CPU clusters (RHEL-7043) - qemu: Make monitor aware of CPU clusters (RHEL-7043) - tests: Verify handling of CPU clusters in QMP data (RHEL-7043) - build: Make daemons depend on generated *_protocol.[ch] (RHEL-15267) - domain_validate: Check for domain address conflicts fully (RHEL-4452) - qemu_hotplug: Don't lose 'created' flag in qemuDomainChangeNet() (RHEL-22714) [10.0.0-1] - Rebased to libvirt-10.0.0 (RHEL-15267) - The rebase also fixes the following bugs: RHEL-18782, RHEL-735, RHEL-18165, RHEL-4607, RHEL-700 RHEL-7100, RHEL-15480, RHEL-7416, RHEL-20609, RHEL-7570 RHEL-20444, RHEL-17596, RHEL-7569 [9.10.0-1] - Rebased to libvirt-9.10.0 (rhbz#RHEL-15267) - The rebase also fixes the following bugs: rhbz#RHEL-16878, rhbz#RHEL-14611, rhbz#RHEL-7384, rhbz#RHEL-16870, rhbz#RHEL-18439 rhbz#RHEL-16751, rhbz#RHEL-4452, rhbz#RHEL-17841, rhbz#RHEL-15288, rhbz#RHEL-7040 [9.9.0-1] - Rebased to libvirt-9.9.0 (rhbz#RHEL-15267) - The rebase also fixes the following bugs: rhbz#RHEL-7525, rhbz#RHEL-7570, rhbz#RHEL-7542, rhbz#RHEL-7568, rhbz#RHEL-7545 rhbz#RHEL-3231, rhbz#RHEL-7382, rhbz#RHEL-7345, rhbz#RHEL-1717, rhbz#RHEL-7528 rhbz#RHEL-1833, rhbz#RHEL-7569, rhbz#RHEL-4432, rhbz#RHEL-974, rhbz#RHEL-4994 rhbz#RHEL-7419 [9.5.0-6] - tests: Use DO_TEST_CAPS_*_ABI_UPDATE() for ppc64 (rhbz#2196178) - tests: Switch to firmware autoselection for hvf (rhbz#2196178) - tests: Use virt-4.0 machine type for aarch64 (rhbz#2196178) - tests: Consistently use /path/to/guest_VARS.fd (rhbz#2196178) - tests: Turn abi-update.xml into a symlink (rhbz#2196178) - tests: Rename firmware-auto-efi-nvram-path (rhbz#2196178) - qemu: Fix return value for qemuFirmwareFillDomainLegacy() (rhbz#2196178) - qemu: Fix lookup against stateless/combined pflash (rhbz#2196178) - tests: Add some more DO_TEST*ABI_UPDATE* macros (rhbz#2196178) - tests: Add more tests for firmware selection (rhbz#2196178) - tests: Update firmware descriptor files (rhbz#2196178) - tests: Drop tags from BIOS firmware descriptor (rhbz#2196178) - tests: Include microvm in firmwaretest (rhbz#2196178) - qemu: Don't overwrite NVRAM template for legacy firmware (rhbz#2196178) - qemu: Generate NVRAM path in more cases (rhbz#2196178) - qemu: Filter firmware based on loader.readonly (rhbz#2196178) - qemu: Match NVRAM template extension for new domains (rhbz#2196178) - conf: Don't default to raw format for loader/NVRAM (rhbz#2196178) - tests: Rename firmware-auto-efi-format-loader-qcow2-nvram-path (rhbz#2196178) - tests: Reintroduce firmware-auto-efi-format-mismatch (rhbz#2196178) - rpm: Reorder scriptlets (rhbz#2210058) - rpm: Reduce use of with_modular_daemons (rhbz#2210058) - rpm: Remove custom libvirtd restart logic (rhbz#2210058) - rpm: Introduce new macros for handling of systemd units (rhbz#2210058) - rpm: Switch to new macros for handling of systemd units (rhbz#2210058) - rpm: Delete unused macros (rhbz#2210058) [9.5.0-5] - Revert 'qemu_passt: Actually use @logfd' (rhbz#2209191) - Revert 'qemu_passt: Precreate passt logfile' (rhbz#2209191) [9.5.0-4] - storage: Fix returning of locked objects from 'virStoragePoolObjListSearch' (CVE-2023-3750, rhbz#2221851) [9.5.0-3] - tests: remove acpi support from s390x ccw hotplug tests (rhbz#2168499) - tests: add capabilities for QEMU 8.1.0 on s390x (rhbz#2168499) - qemu: add run-with async-teardown capability (rhbz#2168499) - qemu: allow use of async teardown in domain (rhbz#2168499) - conf: domcaps: Add 'async-teardown' domain capability (rhbz#2168499) - qemu: S390 does not provide physical address size (rhbz#2224016) - nodedev: report mdev persistence properly (rhbz#2143158) - node_device: Don't leak error message buffer from virMdevctlListDefined|Active (rhbz#2143158) [9.5.0-2] - nodedev: transient mdev update on nodeDeviceCreateXML (rhbz#2143158) - nodedev: refactor mdevctl thread functions (rhbz#2143158) - nodedev: update mdevs from the mdevctl thread (rhbz#2143158) [9.5.0-1] - Rebased to libvirt-9.5.0 (rhbz#2175785) [9.5.0-0rc1.1] - Rebased to libvirt-9.5.0-rc1 (rhbz#2175785) - The rebase also fixes the following bugs: rhbz#2160356, rhbz#2209191, rhbz#2210287, rhbz#2209853, rhbz#2171860 rhbz#2138150, rhbz#2171384 [9.4.0-1] - Rebased to libvirt-9.4.0 (rhbz#2175785) - The rebase also fixes the following bugs: rhbz#2119007, rhbz#2193315, rhbz#2209658, rhbz#2143158, rhbz#2208946 rhbz#2138150, rhbz#2203657, rhbz#2180679, rhbz#2203709 [9.3.0-2] - qemu_domin: Account for NVMe disks when calculating memlock limit on hotplug (rhbz#2014030) [9.3.0-1] - Rebased to libvirt-9.3.0 (rhbz#2175785) - The rebase also fixes the following bugs: rhbz#2181235, rhbz#2176215, rhbz#2187133, rhbz#2178885, rhbz#2174700 rhbz#2160435, rhbz#2184966, rhbz#2187278, rhbz#2014030, rhbz#2185184 rhbz#2156300 [9.2.0-1] - Rebased to libvirt-9.2.0 (rhbz#2175785) - The rebase also fixes the following bugs: rhbz#2178885, rhbz#2000410, rhbz#2175582, rhbz#2154750, rhbz#2175449 rhbz#2181234, rhbz#2078693, rhbz#2176924, rhbz#2156300, rhbz#2173142 rhbz#2171973, rhbz#2178866, rhbz#2182961, rhbz#2174397, rhbz#2179030 rhbz#2161965, rhbz#2035985 [9.1.0-1] - Rebased to libvirt-9.1.0 (rhbz#2175785) - The rebase also fixes the following bugs: rhbz#2004850, rhbz#2137346, rhbz#2166235, rhbz#1961326 [9.0.0-7] - qemu_snapshot: remove memory snapshot when deleting external snapshot (rhbz#2170826) - qemu_snapshot: refactor qemuSnapshotDeleteExternalPrepare (rhbz#2170826) [9.0.0-6] - rpc: client: Don't check return value of virNetMessageNew (rhbz#2145188) - rpc: Don't warn about 'max_client_requests' in single-threaded daemons (rhbz#2145188) [9.0.0-5] - qemu_extdevice: Do cleanup host only for VIR_DOMAIN_TPM_TYPE_EMULATOR (rhbz#2168762) - qemu: blockjob: Handle 'pending' blockjob state only when we need it (rhbz#2168769) [9.0.0-4] - qemuProcessStop: Fix detection of outgoing migration for external devices (rhbz#2161557) - qemuExtTPMStop: Restore TPM state label more often (rhbz#2161557) - qemuProcessLaunch: Tighten rules for external devices wrt incoming migration (rhbz#2161557) - qemu_process: Produce better debug message wrt domain namespaces (rhbz#2167302) - qemu_namespace: Deal with nested mounts when umount()-ing /dev (rhbz#2167302) - qemuProcessRefreshDisks: Don't skip filling of disk information if tray state didn't change (rhbz#2166411) [9.0.0-3] - src: Don't use virReportSystemError() on virProcessGetStatInfo() failure (rhbz#2148266) - qemu: Provide virDomainGetCPUStats() implementation for session connection (rhbz#2148266) - virsh: Make domif-setlink work more than once (rhbz#2165466) - qemu_fd: Remove declaration for 'qemuFDPassNewDirect' (rhbz#2040272) - qemuStorageSourcePrivateDataFormat: Rename 'tmp' to 'objectsChildBuf' (rhbz#2040272) - qemu: command: Handle FD passing commandline via qemuBuildBlockStorageSourceAttachDataCommandline (rhbz#2040272) - qemuFDPassTransferCommand: Mark that FD was passed (rhbz#2040272) - qemu: fd: Add helpers allowing storing FD set data in status XML (rhbz#2040272) - qemu: domain: Store fdset ID for disks passed to qemu via FD (rhbz#2040272) - qemu: block: Properly handle FD-passed disk hot-(un-)plug (rhbz#2040272) [9.0.0-2] - vircgroupv2: fix cpu.weight limits check (rhbz#2037998) - domain_validate: drop cpu.shares cgroup check (rhbz#2037998) - docs: document correct cpu shares limits with both cgroups v1 and v2 (rhbz#2037998) - qemu_interface: Fix managed='no' case when creating an ethernet interface (rhbz#2144738) - conf: clarify some external TPM error messages (rhbz#2063723) - qemu: hotplug: Remove legacy quirk for 'dimm' address generation (rhbz#2158701) - qemu: alias: Remove 'oldAlias' argument of qemuAssignDeviceMemoryAlias (rhbz#2158701) - qemu: Remove 'memAliasOrderMismatch' field from VM private data (rhbz#2158701) - rpc: Fix error message in virNetServerSetClientLimits (rhbz#2033879) [9.0.0-1] - Rebased to libvirt-9.0.0 (rhbz#2124466) - The rebase also fixes the following bugs: rhbz#2151064, rhbz#1874163, rhbz#2130192, rhbz#2111948, rhbz#1824722 rhbz#2150455, rhbz#2063723, rhbz#1717611, rhbz#2160448, rhbz#2151869 rhbz#2040272, rhbz#2144738, rhbz#2159851, rhbz#2156289, rhbz#2033879 rhbz#1820437, rhbz#2151202 [8.10.0-2] - qemu_process: Document qemuProcessPrepare{Domain,Host}() order (rhbz#2150760) - qemu_extdevice: Init paths in qemuExtDevicesPrepareDomain() (rhbz#2150760) - qemu_extdevice: Expose qemuExtDevicesInitPaths() (rhbz#2150760) - qemu: Init ext devices paths on reconnect (rhbz#2150760) [8.10.0-1] - Rebased to libvirt-8.10.0 (rhbz#2124466) - The rebase also fixes the following bugs: rhbz#2128993, rhbz#2143235, rhbz#2143840, rhbz#1874163, rhbz#2000075 rhbz#2143838, rhbz#2104919, rhbz#2072204, rhbz#2137298 [8.9.0-2] - RHEL: rpminspect: Disable abidiff inspection (rhbz#2124466) - spec: Fix python3-libvirt requirement in client-qemu package (rhbz#2124466) [8.9.0-1] - Rebased to libvirt-8.9.0 (rhbz#2124466) - The rebase also fixes the following bugs: rhbz#2074559, rhbz#2134009, rhbz#1777212, rhbz#2013523, rhbz#2114866 rhbz#1964855 [8.8.0-1] - Rebased to libvirt-8.8.0 (rhbz#2124466) - The rebase also fixes the following bugs: rhbz#2122534, rhbz#2121262, rhbz#2130089, rhbz#2121276, rhbz#2121627 rhbz#2125111, rhbz#2129239, rhbz#1964855, rhbz#2114866 [8.7.0-1] - Rebased to libvirt-8.7.0 (rhbz#2124466) - The rebase also fixes the following bugs: rhbz#2084046, rhbz#2108483, rhbz#2123371, rhbz#2101633, rhbz#1988211 rhbz#2086677, rhbz#2103132, rhbz#2078805, rhbz#2111301, rhbz#2094641 [8.5.0-5] - rpc: Pass OPENSSL_CONF through to ssh invocations (rhbz#2112348) [8.5.0-4] - qemu: Pass migration flags to qemuMigrationParamsApply (rhbz#2111070) - qemu_migration_params: Replace qemuMigrationParamTypes array (rhbz#2111070) - qemu_migration: Pass migParams to qemuMigrationSrcResume (rhbz#2111070) - qemu_migration: Apply max-postcopy-bandwidth on post-copy resume (rhbz#2111070) - qemu: Always assume support for QEMU_CAPS_MIGRATION_PARAM_XBZRLE_CACHE_SIZE (rhbz#2107892) - qemu_migration: Store original migration params in status XML (rhbz#2107892) - qemu_migration_params: Refactor qemuMigrationParamsApply (rhbz#2107892) - qemu_migration_params: Refactor qemuMigrationParamsReset (rhbz#2107892) - qemu_migration_params: Avoid deadlock in qemuMigrationParamsReset (rhbz#2107892) - qemu: Restore original memory locking limit on reconnect (rhbz#2107424) - qemu: Properly release job in qemuDomainSaveInternal (rhbz#1497907) - qemu: don't call qemuMigrationSrcIsAllowedHostdev() from qemuMigrationDstPrepareFresh() (rhbz#1497907) [8.5.0-3] - qemu: introduce capability QEMU_CAPS_MIGRATION_BLOCKED_REASONS (rhbz#2092833) - qemu: new function to retrieve migration blocker reasons from QEMU (rhbz#2092833) - qemu: query QEMU for migration blockers before our own harcoded checks (rhbz#2092833) - qemu: remove hardcoded migration fail for vDPA devices if we can ask QEMU (rhbz#2092833) - qemu_migration: Use EnterMonitorAsync in qemuDomainGetMigrationBlockers (rhbz#2092833) - qemu: don't try to query QEMU about migration blockers during offline migration (rhbz#2092833) - qemu_migration: Acquire correct job in qemuMigrationSrcIsAllowed (rhbz#2092833) - virsh: Require --xpath for *dumpxml (rhbz#2103524) - qemu: skip hardcoded hostdev migration check if QEMU can do it for us (rhbz#1497907) [8.5.0-2] - domain_conf: Format <defaultiothread/> more often (rhbz#2059511) - domain_conf: Format iothread IDs more often (rhbz#2059511) - qemu: Make IOThread changing more robust (rhbz#2059511) - qemuDomainSetIOThreadParams: Accept VIR_DOMAIN_AFFECT_CONFIG flag (rhbz#2059511) - virsh: Implement --config for iothreadset (rhbz#2059511) - docs: Document TPM portion of domcaps (rhbz#2103119) - virtpm: Introduce TPM-1.2 and TPM-2.0 capabilieis (rhbz#2103119) - domcaps: Introduce TPM backendVersion (rhbz#2103119) - qemu: Report supported TPM version in domcaps (rhbz#2103119) - vircpi: Add PCIe 5.0 and 6.0 link speeds (rhbz#2105231) [8.5.0-1] - Rebased to libvirt-8.5.0 (rhbz#2060313) - The rebase also fixes the following bugs: rhbz#1475431, rhbz#2026765, rhbz#2059511, rhbz#2089431, rhbz#2102009 [8.4.0-3] - qemu: fd: Fix monitor usage of qemuFDPassDirectGetPath (rhbz#2092856) [8.4.0-2] - Revert 'RHEL: Fix virConnectGetMaxVcpus output' (rhbz#2095260) [8.4.0-1] - Rebased to libvirt-8.4.0 (rhbz#2060313) - The rebase also fixes the following bugs: rhbz#2057768, rhbz#2081981, rhbz#2035163, rhbz#2075837, rhbz#2082540 rhbz#2075383 [8.3.0-1] - Rebased to libvirt-8.3.0 (rhbz#2060313) - The rebase also fixes the following bugs: rhbz#1653327, rhbz#2075765, rhbz#2075464, rhbz#2078274, rhbz#2070380 rhbz#2073887, rhbz#2073867 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-2496 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [2:1.14.3-0.1] - update to the latest content of https://github.com/containers/skopeo/tree/release-1.14 (https://github.com/containers/skopeo/commit/1c2ab99) - Related: RHEL-2112 [2:1.14.1-2] - Switch to the maint branch - Related: Jira:RHEL-2112 [2:1.14.1-1] - update to https://github.com/containers/skopeo/releases/tag/v1.14.1 - Related: RHEL-2112 [2:1.14.0-1] - bump to v1.14.0 - Related: Jira:RHEL-2112 [2:1.13.3-3] - Rebuild with golang 1.20.10 - Related: Jira:RHEL-2786 [2:1.13.3-2] - Rebuild with golang 1.21.3 - Related: Jira:RHEL-2786 [2:1.13.3-1] - update to https://github.com/containers/skopeo/releases/tag/v1.13.3 - Related: #2176063 [2:1.13.2-1] - update to https://github.com/containers/skopeo/releases/tag/v1.13.2 - Related: #2176063 [2:1.13.1-1] - update to https://github.com/containers/skopeo/releases/tag/v1.13.1 - Related: #2176063 [2:1.13.0-1] - update to https://github.com/containers/skopeo/releases/tag/v1.13.0 - Related: #2176063 [2:1.12.0-3] - rebuild for following CVEs: CVE-2022-41724 CVE-2022-41725 CVE-2023-24537 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539 CVE-2023-24540 CVE-2023-29400 - Resolves: #2179967 - Resolves: #2187323 - Resolves: #2187384 - Resolves: #2203703 - Resolves: #2207523 [2:1.12.0-2] - remove fakeroot from skopeo-tests - Related: #2176063 [2:1.12.0-1] - update to 1.12.0 - Related: #2176063 [2:1.11.3-0.1] - update to the latest content of https://github.com/containers/skopeo/tree/release-1.11 (https://github.com/containers/skopeo/commit/d79588e) - Related: #2176063 [2:1.11.2-0.2] - update to the latest content of https://github.com/containers/skopeo/tree/release-1.11 (https://github.com/containers/skopeo/commit/8191ef3) - Related: #2176063 [2:1.11.2-0.1] - update to the latest content of https://github.com/containers/skopeo/tree/release-1.11 (https://github.com/containers/skopeo/commit/3f98753) - Related: #2124478 [2:1.11.1-1] - update to https://github.com/containers/skopeo/releases/tag/v1.11.1 - Related: #2124478 [2:1.11.0-1] - update to 1.11.0 release - Related: #2124478 [2:1.11.0-0.4] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/b3b2c73) - Related: #2124478 [2:1.11.0-0.3] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/fe15a36) - Related: #2124478 [2:1.11.0-0.2] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/8e09e64) - Related: #2124478 [2:1.11.0-0.1] - update to the latest content of https://github.com/containers/skopeo/tree/main (https://github.com/containers/skopeo/commit/2817510) - Related: #2124478 [2:1.10.0-1] - update to https://github.com/containers/skopeo/releases/tag/v1.10.0 - Related: #2124478 [2:1.9.3-1] - update to https://github.com/containers/skopeo/releases/tag/v1.9.3 - Related: #2124478 [2:1.9.2-1] - update to https://github.com/containers/skopeo/releases/tag/v1.9.2 - Related: #2061316 [2:1.9.1-1] - update to https://github.com/containers/skopeo/releases/tag/v1.9.1 - Related: #2061316 [2:1.9.0-1] - update to https://github.com/containers/skopeo/releases/tag/v1.9.0 - Related: #2061316 [2:1.8.0-4] - Re-enable debuginfo - Related: #2061316 [2:1.8.0-3] - BuildRequires: /usr/bin/go-md2man - Related: #2061316 [2:1.8.0-2] - enable LTO - Related: #1988128 [2:1.8.0-1] - update to https://github.com/containers/skopeo/releases/tag/v1.8.0 - Related: #2061316 [2:1.7.0-1] - update to https://github.com/containers/skopeo/releases/tag/v1.7.0 - Related: #2061316 [2:1.6.1-4] - add tags: classic (Ed Santiago) - Related: #2061316 [2:1.6.1-3] - remove BATS from required packages (Ed Santiago) - Related: #2061316 [2:1.6.1-2] - be sure to install BATS before gating tests are executed (thanks to Ed Santiago) - Related: #2061316 [2:1.6.1-1] - update to https://github.com/containers/skopeo/releases/tag/v1.6.1 - Related: #2000051 [2:1.6.0-1] - update to https://github.com/containers/skopeo/releases/tag/v1.6.0 - Related: #2000051 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-45287 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [1.33.6-2.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178] [2:1.33.6-2] - update tags for systemd libsubid - Resolves: RHEL-26594 [2:1.33.6-1] - update to the latest content of https://github.com/containers/buildah/tree/release-1.33 (https://github.com/containers/buildah/commit/f843563) - Related: RHEL-2112 [2:1.33.5-1] - update to the latest content of https://github.com/containers/buildah/tree/release-1.33 (https://github.com/containers/buildah/commit/70b792d) - Related: RHEL-2112 [2:1.33.4-1] - revert back to 1.33.4 - Related: Jira:RHEL-2112 [1:1.34.0-1] - update to https://github.com/containers/buildah/releases/tag/v1.34.0 - Related: RHEL-2112 [1:1.33.2-1] - Bump to v1.33.2 - Related: Jira:RHEL-2112 [1:1.33.1-3] - Rebuild for CVEs: CVE-2023-39318 CVE-2023-39319 CVE-2023-39321 CVE-2023-39322 - Related: Jira:RHEL-2779 [1:1.33.1-2] - Fix gating issues in tests/tests.yml - Related: RHEL-2112 [1:1.33.1-1] - update to https://github.com/containers/buildah/releases/tag/v1.33.1 - Related: RHEL-2112 [1:1.32.2-1] - update to https://github.com/containers/buildah/releases/tag/v1.32.2 - Related: RHEL-2112 [1:1.32.1-1] - update to https://github.com/containers/buildah/releases/tag/v1.32.1 - Related: RHEL-2112 [1:1.32.0-1] - update to https://github.com/containers/buildah/releases/tag/v1.32.0 - Related: Jira:RHEL-2112 [1:1.31.3-1] - update to https://github.com/containers/buildah/releases/tag/v1.31.3 - Related: #2176063 [1:1.31.2-1] - update to https://github.com/containers/buildah/releases/tag/v1.31.2 - Related: #2176063 [1:1.31.1-2] - build buildah off main branch for early testing of zstd compression - Related: #2176063 [1:1.31.1-1] - update to https://github.com/containers/buildah/releases/tag/v1.31.1 - Related: #2176063 [1:1.31.0-1] - update to https://github.com/containers/buildah/releases/tag/v1.31.0 - Related: #2176063 [1:1.30.0-2] - rebuild for following CVEs: CVE-2023-25173 CVE-2022-41724 CVE-2022-41725 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539 CVE-2023-24540 CVE-2023-29400 - Resolves: #2175073 - Resolves: #2179958 - Resolves: #2187332 - Resolves: #2187375 - Resolves: #2203696 - Resolves: #2207518 [1:1.30.0-1] - update to 1.30.0 - Related: #2176063 [1:1.29.1-2] - update to the latest content of https://github.com/containers/buildah/tree/release-1.29 (https://github.com/containers/buildah/commit/f07d2c9) - Resolves: #2178263 [1:1.29.1-1] - update to the latest content of https://github.com/containers/buildah/tree/release-1.29 (https://github.com/containers/buildah/commit/7fa17a8) - Related: #2124478 [1:1.29.0-3] - update to the latest content of https://github.com/containers/buildah/tree/release-1.29 (https://github.com/containers/buildah/commit/c822cc6) - Related: #2124478 [1:1.29.0-2] - update to the latest content of https://github.com/containers/buildah/tree/release-1.29 (https://github.com/containers/buildah/commit/94b723c) - Related: #2124478 [1:1.29.0-1] - update to the latest content of https://github.com/containers/buildah/tree/release-1.29.0 (https://github.com/containers/buildah/commit/94b723c) - Related: #2124478 [1:1.29.0-0.4] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/078a7ff) - Related: #2124478 [1:1.29.0-0.3] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/4b72f05) - Related: #2124478 [1:1.29.0-0.2] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/c541c35) - Related: #2124478 [1:1.29.0-0.1] - update to the latest content of https://github.com/containers/buildah/tree/main (https://github.com/containers/buildah/commit/8ca903b) - Related: #2124478 [1:1.28.2-3] - update to the latest content of https://github.com/containers/buildah/tree/release-1.28 (https://github.com/containers/buildah/commit/cfefbb6) - fixes segmentation fault on s390x - Resolves: #2150429 [1:1.28.2-2] - update to the latest content of https://github.com/containers/buildah/tree/release-1.28 (https://github.com/containers/buildah/commit/7e4d9dd) - Resolves: #2151247 [1:1.28.2-1] - update to https://github.com/containers/buildah/releases/tag/v1.28.2 - Related: #2124478 [1:1.28.0-2] - pull in crun by default - Resolves: #2142494 [1:1.28.0-1] - update to https://github.com/containers/buildah/releases/tag/v1.28.0 - Related: #2124478 [1:1.27.0-2] - fix CVE-2022-2990 - Related: #2061316 [1:1.27.0-1] - update to https://github.com/containers/buildah/releases/tag/v1.27.0 - Related: #2061316 [1:1.26.4-2] - add buildah-tutorial to test subpackage - Related: #2061316 [1:1.26.4-1] - update to https://github.com/containers/buildah/releases/tag/v1.26.4 - Related: #2061316 [1:1.26.3-1] - update to https://github.com/containers/buildah/releases/tag/v1.26.3 - Related: #2061316 [1:1.26.2-1] - update to https://github.com/containers/buildah/releases/tag/v1.26.2 - Related: #2061316 [1:1.26.1-4] - Re-enable LTO and debuginfo - Related: #2061316 [1:1.26.1-3] - BuildRequires: /usr/bin/go-md2man - Related: #2061316 [1:1.26.1-2] - Add missing container networking dependencies (thanks to Neal Gompa) - Related: #2061316 [1:1.26.1-1] - update to https://github.com/containers/buildah/releases/tag/v1.26.1 - Related: #2061316 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-45287 CVE-2023-39326 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [1:2.14.14-1] - ansible-core 2.14.14 release (RHEL-23783) - Fix CVE-2024-0690 (possible information leak in tasks that ignore ANSIBLE_NO_LOG configuration) (RHEL-22124) [1:2.14.13-1] - ansible-core 2.14.13 release (RHEL-19298) [1:2.14.12-1] - ansible-core 2.14.12 release (RHEL-18950) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-0690 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [20231122-6.0.1] - Replace upstream references [Orabug:36569119] [20231122-6] - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Pa.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Add-Unit-tests-to-CI-and-create-Host-Test.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Un.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Pa.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Un.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Patc.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Unit.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Patc.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Unit.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p2.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p3.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p4.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Adds-a-SecurityFix.yaml-file.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Re.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Dhcp6Dxe-Removes-duplicate-check-and-repl.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Dhcp6Dxe-Packet-Length-is-not-updated-bef.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Updating-SecurityFixes.yaml.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - Resolves: RHEL-21841 (CVE-2023-45229 edk2: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message [rhel-9]) - Resolves: RHEL-21843 (CVE-2023-45230 edk2: Buffer overflow in the DHCPv6 client via a long Server ID option [rhel-9]) - Resolves: RHEL-21845 (CVE-2023-45231 edk2: Out of Bounds read when handling a ND Redirect message with truncated options [rhel-9]) - Resolves: RHEL-21847 (CVE-2023-45232 edk2: Infinite loop when parsing unknown options in the Destination Options header [rhel-9]) - Resolves: RHEL-21849 (TRIAGE CVE-2023-45233 edk2: Infinite loop when parsing a PadN option in the Destination Options header [rhel-9]) - Resolves: RHEL-21851 (CVE-2023-45234 edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message [rhel-9]) - Resolves: RHEL-21853 (TRIAGE CVE-2023-45235 edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message [rhel-9]) [20231122-5] - edk2-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-4118.patch [RHEL-21157] - edk2-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-4118.patch [RHEL-21157] - edk2-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-411-2.patch [RHEL-21157] - edk2-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-411-3.patch [RHEL-21157] - edk2-SecurityPkg-Updating-SecurityFixes.yaml-after-symbol.patch [RHEL-21157] - edk2-OvmfPkg-Sec-Setup-MTRR-early-in-the-boot-process.patch [RHEL-21704] - edk2-MdePkg-ArchitecturalMsr.h-add-defines-for-MTRR-cache.patch [RHEL-21704] - edk2-UefiCpuPkg-MtrrLib.h-use-cache-type-defines-from-Arc.patch [RHEL-21704] - edk2-OvmfPkg-Sec-use-cache-type-defines-from-Architectura.patch [RHEL-21704] - Resolves: RHEL-21157 (CVE-2022-36764 edk2: heap buffer overflow in Tcg2MeasurePeImage() [rhel-9]) - Resolves: RHEL-21704 (vGPU VM take several minutes to show tianocore logo if firmware is ovmf) [20231122-4] - edk2-OvmfPkg-VirtNorFlashDxe-add-casts-to-UINTN-and-UINT3.patch [RHEL-20963] - edk2-OvmfPkg-VirtNorFlashDxe-clarify-block-write-logic-fi.patch [RHEL-20963] - edk2-OvmfPkg-VirtNorFlashDxe-add-a-loop-for-NorFlashWrite.patch [RHEL-20963] - edk2-OvmfPkg-VirtNorFlashDxe-allow-larger-writes-without-.patch [RHEL-20963] - edk2-OvmfPkg-VirtNorFlashDxe-ValidateFvHeader-unwritten-s.patch [RHEL-20963] - edk2-OvmfPkg-VirtNorFlashDxe-move-DoErase-code-block-into.patch [RHEL-20963] - Resolves: RHEL-20963 ([rhel9] guest fails to boot due to ASSERT error) [20231122-3] - edk2-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-411.patch [RHEL-21155] - edk2-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-4117.patch [RHEL-21155] - edk2-SecurityPkg-Adding-CVE-2022-36763-to-SecurityFixes.y.patch [RHEL-21155] - Resolves: RHEL-21155 (CVE-2022-36763 edk2: heap buffer overflow in Tcg2MeasureGptTable() [rhel-9]) [20231122-2] - edk2-OvmfPkg-RiscVVirt-use-gEfiAuthenticatedVariableGuid-.patch [RHEL-20963] - edk2-OvmfPkg-VirtNorFlashDxe-stop-accepting-gEfiVariableG.patch [RHEL-20963] - edk2-OvmfPkg-VirtNorFlashDxe-sanity-check-variables.patch [RHEL-20963] - Resolves: RHEL-20963 ([rhel9] guest fails to boot due to ASSERT error) [20231122-1] - Rebase to edk2-stable202311 [RHEL-12323] - Switch to OpenSSL 3.0 [RHEL-49] - Resolves: RHEL-12323 (Rebase EDK2 for RHEL 9.4) - Resolves: RHEL-49 (consume / bundle RHEL-9 OpenSSL (version 3.0.x) in RHEL-9 edk2) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2022-36764 CVE-2022-36763 CVE-2023-3446 CVE-2023-45231 CVE-2023-45229 CVE-2023-45233 CVE-2023-45232 CVE-2023-45235 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1:1.4.0-2] - rebuild - Related: RHEL-18372 [1:1.4.0-1] - update to https://github.com/containernetworking/plugins/releases/tag/v1.4.0 - Related: RHEL-2112 [1:1.3.0-5] - fix path to dhcp service - Resolves: #RHEL-3140 [1:1.3.0-4] - add Epoch in Provides - Related: #2176063 [1:1.3.0-3] - remove no_openssl for FIPS compliance - Related: #2176063 [1:1.3.0-2] - rebuild for following CVEs: CVE-2022-41724 CVE-2022-41725 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539 CVE-2023-24540 CVE-2023-29400 - Resolves: #2179960 - Resolves: #2187333 - Resolves: #2187376 - Resolves: #2203705 - Resolves: #2207519 [1:1.3.0-1] - update to https://github.com/containernetworking/plugins/releases/tag/v1.3.0 - Related: #2176063 [1:1.2.0-1] - update to https://github.com/containernetworking/plugins/releases/tag/v1.2.0 - Related: #2124478 [1:1.1.1-3] - Re-enable LTO and debuginfo - Related: #2061316 [1:1.1.1-2] - BuildRequires: /usr/bin/go-md2man - Related: #2061316 [1:1.1.1-1] - update to https://github.com/containernetworking/plugins/releases/tag/v1.1.1 - Related: #2061316 [1:1.1.0-1] - update to https://github.com/containernetworking/plugins/releases/tag/v1.1.0 - Related: #2061316 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-45287 CVE-2023-39326 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [5.15.9-9] - Fix CVE-2024-25580: potential buffer overflow when reading KTX images Resolves: RHEL-25726 [5.15.9-8] - Fix incorrect integer overflow check in HTTP2 implementation Resolves: RHEL-20239 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-25580 CVE-2023-51714 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [2.4.57-8.0.1] - Replace index.html with Oracle's index page oracle_index.html. [2.4.57-8] - mod_xml2enc: fix media type handling Resolves: RHEL-17686 - mod_dav: add DavBasePath Resolves: RHEL-6600 [2.4.57-7] - Resolves: RHEL-14447 - httpd: mod_macro: out-of-bounds read vulnerability (CVE-2023-31122) [2.4.57-6] - Resolves: RHEL-5071 - mod_dav_fs: add DavLockDBType - mod_dav_fs: add global mutex around lockdb interaction MODERATE Copyright 2024 Oracle, Inc. CVE-2023-31122 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [1.22.1-4] - CVE-2023-40474: Integer overflow leading to heap overwrite in MXF - CVE-2023-40475: Integer overflow leading to heap overwrite in MXF - CVE-2023-40476: Integer overflow in H.265 video parser - ZDI-CAN-22300: buffer overflow vulnerability - Resolves: RHEL-19501, RHEL-19505, RHEL-19506, RHEL-20201 [1.22.1-3] - Bump version - Resolves: RHEL-16795, RHEL-16788 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-40475 CVE-2023-50186 CVE-2023-40474 CVE-2023-40476 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [4.4.0-12] - Fix CVE-2023-6228 - Resolves: RHEL-10084 [4.4.0-11] - Fix CVE-2023-40090 CVE-2023-3618 CVE-2023-40745 CVE-2023-41175 - Resolves: RHEL-5458 RHEL-5455 RHEL-5405 RHEL-5450 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-6228 CVE-2023-40745 CVE-2023-41175 CVE-2023-3618 CVE-2022-40090 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [5:2.2.6-2] - Fix for: CVE-2023-4874 CVE-2023-4875 - Resolves: RHEL-2812 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-4874 CVE-2023-4875 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [3.11.7-1] - Rebase to 3.11.7 Resolves: RHEL-20233 [3.11.5-2] - Security fix for CVE-2023-27043 Resolves: RHEL-21325 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-27043 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [2.0.90.7] - Fix CVE-2021-29390 - Resolves: RHEL-5413 MODERATE Copyright 2024 Oracle, Inc. CVE-2021-29390 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1.13.1-8] - Fix copy/paste error in the DeviceStateNotify Resolves: RHEL-20533 [1.13.1-7] - Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer overflow in DisableDevice Resolves: RHEL-20389 - Fix CVE-2024-21885 tigervnc: xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent Resolves: RHEL-20383 - Fix CVE-2024-0229 tigervnc: xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access Resolves: RHEL-20533 - Fix CVE-2023-6816 tigervnc: xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer Resolves: RHEL-21213 [1.13.1-6] - Use dup() to get available file descriptor when using -inetd option Resolves: RHEL-19858 [1.13.1-5] - Fix CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions Resolves: RHEL-18414 - Fix CVE-2023-6478 tigervnc: xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty Resolves: RHEL-18426 [1.13.1-4] - Fix CVE-2023-5380 tigervnc: xorg-x11-server: Use-after-free bug in DestroyWindow Resolves: RHEL-15237 - Fix CVE-2023-5367 tigervnc: xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty Resolves: RHEL-15249 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-5574 CVE-2023-5380 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [1.22.1-2] - CVE-2023-37328: heap overwrite in subtitle parsing - Resolves: RHEL-19475 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-37328 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [1.22.1-2] - CVE-2023-37327: integer overflow leading to heap overwrite in FLAC image tag handling - Resolves: RHEL-19471 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-37327 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 * Tue Feb 27 2024 Aaron Young - Create new 20240227 release for OL9 which includes the following fixed CVEs: {CVE-2023-45229} {CVE-2023-45230} {CVE-2023-45231} {CVE-2023-45232} {CVE-2023-45233} {CVE-2023-45234} {CVE-2023-45235} {CVE-2022-36763} {CVE-2022-36764} {CVE-2022-36765} - Update to OpenSSL 3.0.10 which includes the following fixed CVEs: {CVE-2023-2975} {CVE-2023-1255} {CVE-2023-0401} {CVE-2023-0217} {CVE-2023-0216} {CVE-2023-0215} {CVE-2022-4203} {CVE-2022-3996} {CVE-2022-3602} {CVE-2022-3786} {CVE-2022-3358} {CVE-2022-2274} {CVE-2022-1473} {CVE-2022-1434} {CVE-2022-1343} {CVE-2021-4044} {CVE-2021-23839} * Tue Aug 22 2023 Aaron Young - Create new 20230822.cvm release for OL9 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-45231 CVE-2022-36763 CVE-2023-45230 CVE-2022-36765 CVE-2022-36764 CVE-2023-45229 CVE-2023-45232 CVE-2023-45234 CVE-2023-45233 CVE-2023-45235 cpe:/a:oracle:linux:9::developer_kvm_utils cpe:/a:oracle:linux:9::kvm_utils Oracle Linux 9 [37.0.2-6] - Security fix for CVE-2023-49083 - Resolves: RHEL-19832 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-49083 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [2.11.3-5] - Security fix for CVE-2024-22195 Resolves: RHEL-21349 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-22195 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 mingw-binutils [2.41-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild [2.41-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild [2.41-1] - Update to 2.41 [2.40-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild mingw-crt * Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild [11.0.1-1] - Update to 11.0.1 * Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild mingw-filesystem [148-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild [148-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild [148-1] - Add pkgconfig provides [147-3] - Add dependency on cmake-rpm-macros [147-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild mingw-gcc [13.2.1-7] - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild [13.2.1-6] - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild [13.2.1-1] - Update to 13.2.1 (20230728) [13.1.1-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild mingw-headers [11.0.1-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild [11.0.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild [11.0.1-1] - Update to 11.0.1 [11.0.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild mingw-libffi [3.4.4-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild [3.4.4-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild mingw-w64-tools [11.0.1-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild [11.0.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild [11.0.1-1] - Update to 11.0.1 mingw-winpthreads [11.0.1-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild [11.0.1-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild [11.0.1-1] - Update to 11.0.1 [11.0.0-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild mingw-zlib [1.3.1-1] - Update to 1.3.1 [1.2.13-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild [1.2.13-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild [1.2.13-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild MODERATE Copyright 2024 Oracle, Inc. CVE-2023-1579 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::distro_builder cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [3.2.1-10] - Fix CVE-2024-24258 and CVE-2024-24259 Resolves: https://issues.redhat.com/browse/RHEL-25176 Resolves: https://issues.redhat.com/browse/RHEL-25178 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-24259 CVE-2024-24258 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [2.0.26-1] - Resolves: RHEL-14691 - mod_http2 rebase to 2.0.26 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-45802 CVE-2023-43622 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [0.13.71-11] - Fix CVE-2020-18770 Previous patch was causing segfault Resolves: RHEL-14967 [0.13.71-10] - Fix CVE-2020-18770 Resolves: RHEL-14967 MODERATE Copyright 2024 Oracle, Inc. CVE-2020-18770 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 mod_jk [1.2.49-1] - Related: RHEL-27511 - Rebase to upstream 1.2.49 release mod_proxy_cluster [1.3.20-1] - Rebase mod_cluster to upstream 1.3.20.Final tag - Related: RHEL-27497 - Rebase to upstream 1.3.20.Final release MODERATE Copyright 2024 Oracle, Inc. CVE-2023-6710 CVE-2023-41081 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base Oracle Linux 9 [5.14.0-427.13.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates - 5.14.0 - Debranding patches copied from Rocky Linux (Louis Abel and Sherif Nagy from RESF) [5.14.0-427.13.1_4] - ice: fix enabling RX VLAN filtering (Petr Oros) [RHEL-28837] [5.14.0-427.12.1_4] - mm/sparsemem: fix race in accessing memory_section->usage (Waiman Long) [RHEL-28877 RHEL-28878] {CVE-2023-52489} - Revert '[redhat] kabi: add symbol __scsi_execute to stablelist' (Ewan D. Milne) [RHEL-30725] [5.14.0-427.11.1_4] - xfs: fix SEEK_HOLE/DATA for regions with active COW extents (Bill O'Donnell) [RHEL-29365] [5.14.0-427.10.1_4] - NFS: remove sync_mode test from nfs_writepage_locked() (Jeffrey Layton) [RHEL-28630] - nfs: Remove writepage (Jeffrey Layton) [RHEL-28630] [5.14.0-427.9.1_4] - blk-mq: don't schedule block kworker on isolated CPUs (Ming Lei) [RHEL-13920] [5.14.0-427.8.1_4] - dm-integrity: align the outgoing bio in integrity_recheck (Benjamin Marzinski) [RHEL-29679] - dm-integrity: fix a memory leak when rechecking the data (Benjamin Marzinski) [RHEL-29679] - NFSv4: fairly test all delegations on a SEQ4_ revocation (Benjamin Coddington) [RHEL-7976] [5.14.0-427.7.1_4] - NFS: Read unlock folio on nfs_page_create_from_folio() error (Benjamin Coddington) [RHEL-18029] - i40e: Fix VF MAC filter removal (Ivan Vecera) [RHEL-15701] - i40e: Fix firmware version comparison function (Ivan Vecera) [RHEL-15701] - i40e: disable NAPI right after disabling irqs when handling xsk_pool (Ivan Vecera) [RHEL-15701] - i40e: take into account XDP Tx queues when stopping rings (Ivan Vecera) [RHEL-15701] - i40e: avoid double calling i40e_pf_rxq_wait() (Ivan Vecera) [RHEL-15701] - i40e: Fix wrong mask used during DCB config (Ivan Vecera) [RHEL-15701] - i40e: Fix waiting for queues of all VSIs to be disabled (Ivan Vecera) [RHEL-15701] - i40e: Do not allow untrusted VF to remove administratively set MAC (Ivan Vecera) [RHEL-15701] - net: intel: fix old compiler regressions (Ivan Vecera) [RHEL-15701] - i40e: update xdp_rxq_info::frag_size for ZC enabled Rx queue (Ivan Vecera) [RHEL-15701] - i40e: set xdp_rxq_info::frag_size (Ivan Vecera) [RHEL-15701] - intel: xsk: initialize skb_frag_t::bv_offset in ZC drivers (Ivan Vecera) [RHEL-15701] - i40e: handle multi-buffer packets that are shrunk by xdp prog (Ivan Vecera) [RHEL-15701] - i40e: Include types.h to some headers (Ivan Vecera) [RHEL-15701] - i40e: Restore VF MSI-X state during PCI reset (Ivan Vecera) [RHEL-15701] - i40e: fix use-after-free in i40e_aqc_add_filters() (Ivan Vecera) [RHEL-15701] - i40e: Avoid unnecessary use of comma operator (Ivan Vecera) [RHEL-15701] - i40e: Fix VF disable behavior to block all traffic (Ivan Vecera) [RHEL-15701] - i40e: Fix filter input checks to prevent config with invalid values (Ivan Vecera) [RHEL-15701] - i40e: field get conversion (Ivan Vecera) [RHEL-15701] - i40e: field prep conversion (Ivan Vecera) [RHEL-15701] - intel: add bit macro includes where needed (Ivan Vecera) [RHEL-15701] - i40e: remove fake support of rx-frames-irq (Ivan Vecera) [RHEL-15701] - i40e: Fix ST code value for Clause 45 (Ivan Vecera) [RHEL-15701] - i40e: Fix unexpected MFS warning message (Ivan Vecera) [RHEL-15701] - i40e: Remove queue tracking fields from i40e_adminq_ring (Ivan Vecera) [RHEL-15701] - i40e: Remove AQ register definitions for VF types (Ivan Vecera) [RHEL-15701] - i40e: Delete unused and useless i40e_pf fields (Ivan Vecera) [RHEL-15701] - i40e: Fix adding unsupported cloud filters (Ivan Vecera) [RHEL-15701] - i40e: Delete unused i40e_mac_info fields (Ivan Vecera) [RHEL-15701] - i40e: Move inline helpers to i40e_prototype.h (Ivan Vecera) [RHEL-15701] - i40e: Remove VF MAC types (Ivan Vecera) [RHEL-15701] - i40e: Use helpers to check running FW and AQ API versions (Ivan Vecera) [RHEL-15701] - i40e: Add other helpers to check version of running firmware and AQ API (Ivan Vecera) [RHEL-15701] - i40e: Move i40e_is_aq_api_ver_ge helper (Ivan Vecera) [RHEL-15701] - i40e: Initialize hardware capabilities at single place (Ivan Vecera) [RHEL-15701] - i40e: Consolidate hardware capabilities (Ivan Vecera) [RHEL-15701] - i40e: Use DECLARE_BITMAP for flags field in i40e_hw (Ivan Vecera) [RHEL-15701] - i40e: Use DECLARE_BITMAP for flags and hw_features fields in i40e_pf (Ivan Vecera) [RHEL-15701] - i40e: Remove _t suffix from enum type names (Ivan Vecera) [RHEL-15701] - i40e: Remove unused flags (Ivan Vecera) [RHEL-15701] - i40e: add an error code check in i40e_vsi_setup (Ivan Vecera) [RHEL-15701] - i40e: increase max descriptors for XL710 (Ivan Vecera) [RHEL-15701] - i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR (Ivan Vecera) [RHEL-15701] - i40e: sync next_to_clean and next_to_process for programming status desc (Ivan Vecera) [RHEL-15701] - i40e: Fix I40E_FLAG_VF_VLAN_PRUNING value (Ivan Vecera) [RHEL-15701] - i40e: xsk: remove count_mask (Ivan Vecera) [RHEL-15701] - i40e: use scnprintf over strncpy+strncat (Ivan Vecera) [RHEL-15701] - intel: fix format warnings (Ivan Vecera) [RHEL-15701] - i40e: Refactor and rename i40e_read_pba_string() (Ivan Vecera) [RHEL-15701] - i40e: Split and refactor i40e_nvm_version_str() (Ivan Vecera) [RHEL-15701] - i40e: prevent crash on probe if hw registers have invalid values (Ivan Vecera) [RHEL-15701] - i40e: Move DDP specific macros and structures to i40e_ddp.c (Ivan Vecera) [RHEL-15701] - i40e: Remove circular header dependencies and fix headers (Ivan Vecera) [RHEL-15701] - i40e: Split i40e_osdep.h (Ivan Vecera) [RHEL-15701] - i40e: Move memory allocation structures to i40e_alloc.h (Ivan Vecera) [RHEL-15701] - i40e: Simplify memory allocation functions (Ivan Vecera) [RHEL-15701] - i40e: Refactor I40E_MDIO_CLAUSE* macros (Ivan Vecera) [RHEL-15701] - i40e: Move I40E_MASK macro to i40e_register.h (Ivan Vecera) [RHEL-15701] - i40e: Remove back pointer from i40e_hw structure (Ivan Vecera) [RHEL-15701] - i40e: Add rx_missed_errors for buffer exhaustion (Ivan Vecera) [RHEL-15701] - net: Tree wide: Replace xdp_do_flush_map() with xdp_do_flush(). (Ivan Vecera) [RHEL-15701] - i40e: fix potential memory leaks in i40e_remove() (Ivan Vecera) [RHEL-15701] - i40e: fix potential NULL pointer dereferencing of pf->vf i40e_sync_vsi_filters() (Ivan Vecera) [RHEL-15701] - i40e: fix misleading debug logs (Ivan Vecera) [RHEL-15701] - i40e: Replace one-element array with flex-array member in struct i40e_profile_aq_section (Ivan Vecera) [RHEL-15701] - i40e: Replace one-element array with flex-array member in struct i40e_section_table (Ivan Vecera) [RHEL-15701] - i40e: Replace one-element array with flex-array member in struct i40e_profile_segment (Ivan Vecera) [RHEL-15701] - i40e: Replace one-element array with flex-array member in struct i40e_package_header (Ivan Vecera) [RHEL-15701] - i40e: Remove unused function declarations (Ivan Vecera) [RHEL-15701] - i40e: remove i40e_status (Ivan Vecera) [RHEL-15701] - i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir() (Ivan Vecera) [RHEL-15701] - i40e: xsk: add TX multi-buffer support (Ivan Vecera) [RHEL-15701] - i40e: xsk: add RX multi-buffer support (Ivan Vecera) [RHEL-15701] - i40e, xsk: fix comment typo (Ivan Vecera) [RHEL-15701] - i40e: remove unnecessary check for old MAC == new MAC (Ivan Vecera) [RHEL-15701] - i40e: fix i40e_setup_misc_vector() error handling (Ivan Vecera) [RHEL-15701] - i40e: fix accessing vsi->active_filters without holding lock (Ivan Vecera) [RHEL-15701] - i40e: Add support for VF to specify its primary MAC address (Ivan Vecera) [RHEL-15701] - i40e: fix registers dump after run ethtool adapter self test (Ivan Vecera) [RHEL-15701] - i40e: fix flow director packet filter programming (Ivan Vecera) [RHEL-15701] - i40e: add support for XDP multi-buffer Rx (Ivan Vecera) [RHEL-15701] - i40e: add xdp_buff to i40e_ring struct (Ivan Vecera) [RHEL-15701] - i40e: introduce next_to_process to i40e_ring (Ivan Vecera) [RHEL-15701] - i40e: use frame_sz instead of recalculating truesize for building skb (Ivan Vecera) [RHEL-15701] - i40e: Change size to truesize when using i40e_rx_buffer_flip() (Ivan Vecera) [RHEL-15701] - i40e: add pre-xdp page_count in rx_buffer (Ivan Vecera) [RHEL-15701] - i40e: change Rx buffer size for legacy-rx to support XDP multi-buffer (Ivan Vecera) [RHEL-15701] - i40e: consolidate maximum frame size calculation for vsi (Ivan Vecera) [RHEL-15701] - i40e: check vsi type before setting xdp_features flag (Ivan Vecera) [RHEL-15701] - drivers: net: turn on XDP features (Ivan Vecera) [RHEL-15701] - i40e: add xdp frags support to ndo_xdp_xmit (Ivan Vecera) [RHEL-15701] - dmaengine: idxd: Ensure safe user copy of completion record (Jerry Snitselaar) [RHEL-28511] - dmaengine: idxd: Remove shadow Event Log head stored in idxd (Jerry Snitselaar) [RHEL-28511] - dmaengine: idxd: Move dma_free_coherent() out of spinlocked context (Jerry Snitselaar) [RHEL-28511] [5.14.0-427.6.1_4] - IB/hfi1: Fix sdma.h tx->num_descs off-by-one error (Daniel Vacek) [RHEL-26063] - ASoC: Intel: soc-acpi: rt713+rt1316, no sdw-dmic config (Jaroslav Kysela) [RHEL-26456] - hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed (Maxim Levitsky) [RHEL-26435] - hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove (Maxim Levitsky) [RHEL-26435] - mlxsw: spectrum_acl_tcam: Fix stack corruption (Ivan Vecera) [RHEL-26463 RHEL-26465] {CVE-2024-26586} [5.14.0-427.5.1_4] - i2c: i801: Fix block process call transactions (David Arcari) [RHEL-26479 RHEL-26481] {CVE-2024-26593} - sched/membarrier: reduce the ability to hammer on sys_membarrier (Wander Lairson Costa) [RHEL-23428 RHEL-23429] {CVE-2024-26602} [5.14.0-427.4.1_4] - redhat/configs: enable pwr-mlxbf (Nirmala Dalvi) [RHEL-21119] - power: reset: pwr-mlxbf: support graceful reboot instead of emergency reset (Nirmala Dalvi) [RHEL-21119] - power: reset: use capital 'OR' for multiple licenses in SPDX (Nirmala Dalvi) [RHEL-21119] - power: reset: pwr-mlxbf: change rst_pwr_hid and low_pwr_hid from global to local variables (Nirmala Dalvi) [RHEL-21119] - power: reset: pwr-mlxbf: add missing include (Nirmala Dalvi) [RHEL-21119] - power: reset: pwr-mlxbf: add BlueField SoC power control driver (Nirmala Dalvi) [RHEL-21119] - redhat/configs: enable pinctrl_mlxbf3 This driver is required to support the pinctrl device on the Bluefield-3 card. (Nirmala Dalvi) [RHEL-21115] - pinctrl: mlxbf3: Remove gpio_disable_free() (Nirmala Dalvi) [RHEL-21115] - pinctrl: use capital 'OR' for multiple licenses in SPDX (Nirmala Dalvi) [RHEL-21115] - pinctrl: mlxbf3: set varaiable mlxbf3_pmx_funcs storage-class-specifier to static (Nirmala Dalvi) [RHEL-21115] - pinctrl: mlxbf3: Add pinctrl driver support (Nirmala Dalvi) [RHEL-21115] - redhat/configs: enable gpio_mlxbf3 (Nirmala Dalvi) [RHEL-21113] - gpio: mlxbf3: add an error code check in mlxbf3_gpio_probe (Nirmala Dalvi) [RHEL-21113] - gpio: mlxbf3: use capital 'OR' for multiple licenses in SPDX (Nirmala Dalvi) [RHEL-21113] - gpio: mlxbf3: Support add_pin_ranges() (Nirmala Dalvi) [RHEL-21113] - gpio: mlxbf3: Add gpio driver support (Nirmala Dalvi) [RHEL-21113] - redhat/configs: enable mlxbf-pmc (Luiz Capitulino) [RHEL-21122] - platform/mellanox: mlxbf-pmc: Ignore unsupported performance blocks (Luiz Capitulino) [RHEL-21122] - platform/mellanox: mlxbf-pmc: mlxbf_pmc_event_list(): make size ptr optional (Luiz Capitulino) [RHEL-21122] - platform/mellanox: mlxbf-pmc: Cleanup signed/unsigned mix-up (Luiz Capitulino) [RHEL-21122] - platform/mellanox: mlxbf-pmc: Replace uintN_t with kernel-style types (Luiz Capitulino) [RHEL-21122] - platform/mellanox: mlxbf-pmc: Fix offset calculation for crspace events (Luiz Capitulino) [RHEL-21122] - platform/mellanox: Check devm_hwmon_device_register_with_groups() return value (Luiz Capitulino) [RHEL-21122] - platform/mellanox: Add null pointer checks for devm_kasprintf() (Luiz Capitulino) [RHEL-21122] - platform/mellanox: mlxbf-pmc: Add support for BlueField-3 (Luiz Capitulino) [RHEL-21122] - platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (Luiz Capitulino) [RHEL-21122] - platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (Luiz Capitulino) [RHEL-21122] - platform/mellanox: mlxbf-pmc: fix sscanf() error checking (Luiz Capitulino) [RHEL-21122] - platform/mellanox: mlxbf-pmc: fix kernel-doc notation (Luiz Capitulino) [RHEL-21122] - SUNRPC: Remove stale comments (Jeffrey Layton) [RHEL-22860] - NFSD: Remove BUG_ON in nfsd4_process_cb_update() (Jeffrey Layton) [RHEL-22860] - NFSD: Replace comment with lockdep assertion (Jeffrey Layton) [RHEL-22860] - NFSD: Remove unused @reason argument (Jeffrey Layton) [RHEL-22860] - NFSD: Add callback operation lifetime trace points (Jeffrey Layton) [RHEL-22860] - NFSD: Rename nfsd_cb_state trace point (Jeffrey Layton) [RHEL-22860] - NFSD: Replace dprintks in nfsd4_cb_sequence_done() (Jeffrey Layton) [RHEL-22860] - NFSD: Add nfsd_seq4_status trace event (Jeffrey Layton) [RHEL-22860] - NFSD: Retransmit callbacks after client reconnects (Jeffrey Layton) [RHEL-22860] - NFSD: Reschedule CB operations when backchannel rpc_clnt is shut down (Jeffrey Layton) [RHEL-22860] - NFSD: Convert the callback workqueue to use delayed_work (Jeffrey Layton) [RHEL-22860] - NFSD: Reset cb_seq_status after NFS4ERR_DELAY (Jeffrey Layton) [RHEL-22860] - NFSv4, NFSD: move enum nfs_cb_opnum4 to include/linux/nfs4.h (Jeffrey Layton) [RHEL-22860] - tls: fix use-after-free on failed backlog decryption (Sabrina Dubroca) [RHEL-26410 RHEL-26415] {CVE-2024-26584} - tls: separate no-async decryption request handling from async (Sabrina Dubroca) [RHEL-26410 RHEL-26415] {CVE-2024-26584} - tls: decrement decrypt_pending if no async completion will be called (Sabrina Dubroca) [RHEL-26416 RHEL-26421] {CVE-2024-26583} - net: tls: fix use-after-free with partial reads and async decrypt (Sabrina Dubroca) [RHEL-26398 RHEL-26401] {CVE-2024-26582} - net: tls: handle backlogging of crypto requests (Sabrina Dubroca) [RHEL-26410 RHEL-26415] {CVE-2024-26584} - tls: fix race between tx work scheduling and socket close (Sabrina Dubroca) [RHEL-26361 RHEL-26363] {CVE-2024-26585} - tls: fix race between async notify and socket close (Sabrina Dubroca) [RHEL-26416 RHEL-26421] {CVE-2024-26583} - net: tls: factor out tls_*crypt_async_wait() (Sabrina Dubroca) [RHEL-26416 RHEL-26421] {CVE-2024-26583} - i2c: mlxbf: Use devm_platform_get_and_ioremap_resource() (Luiz Capitulino) [RHEL-21116] - I2C: Explicitly include correct DT includes (Luiz Capitulino) [RHEL-21116] - i2c: mlxbf: Use dev_err_probe in probe function (Luiz Capitulino) [RHEL-21116] - i2c: Convert to platform remove callback returning void (Luiz Capitulino) [RHEL-21116] - i2c: mlxbf: depend on ACPI; clean away ifdeffage (Luiz Capitulino) [RHEL-21116] - i2c: mlxbf: remove device tree support (Luiz Capitulino) [RHEL-21116] - i2c: mlxbf: support BlueField-3 SoC (Luiz Capitulino) [RHEL-21116] - i2c: mlxbf: add multi slave functionality (Luiz Capitulino) [RHEL-21116] - i2c: mlxbf: support lock mechanism (Luiz Capitulino) [RHEL-21116] - i2c: mlxbf: Fix frequency calculation (Luiz Capitulino) [RHEL-21116] - i2c: mlxbf: Refactor _UID handling to use acpi_dev_uid_to_integer() (Luiz Capitulino) [RHEL-21116] - i2c: mlxbf: remove IRQF_ONESHOT (Luiz Capitulino) [RHEL-21116] - i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() (Luiz Capitulino) [RHEL-21116] - i2c: mlxbf: incorrect base address passed during io write (Luiz Capitulino) [RHEL-21116] [5.14.0-427.3.1_4] - SEV: disable SEV-ES DebugSwap by default (Paolo Bonzini) [RHEL-22997] - dm-integrity, dm-verity: reduce stack usage for recheck (Benjamin Marzinski) [RHEL-20912] - dm-crypt: recheck the integrity tag after a failure (Benjamin Marzinski) [RHEL-20912] - dm-crypt: don't modify the data when using authenticated encryption (Benjamin Marzinski) [RHEL-20912] - dm-verity: recheck the hash after a failure (Benjamin Marzinski) [RHEL-20912] - dm-integrity: recheck the integrity tag after a failure (Benjamin Marzinski) [RHEL-20912] - tracing/timerlat: Move hrtimer_init to timerlat_fd open() (John Kacur) [RHEL-26665] - gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump (Andrew Price) [RHEL-26500 RHEL-26502] {CVE-2023-52448} - NFSv4: Always ask for type with READDIR (Benjamin Coddington) [RHEL-15843] - sunrpc: have svc tasks sleep in TASK_INTERRUPTIBLE instead of TASK_IDLE (Jeffrey Layton) [RHEL-22742] - smb: client: fix OOB in receive_encrypted_standard() (Scott Mayhew) [RHEL-21687 RHEL-21688] {CVE-2024-0565} - EDAC/amd64: Add support for family 0x19, models 0x90-9f devices (Aristeu Rozanski) [RHEL-10022] - EDAC/mc: Add support for HBM3 memory type (Aristeu Rozanski) [RHEL-10022] - x86/MCE/AMD: Add new MA_LLC, USR_DP, and USR_CP bank types (Aristeu Rozanski) [RHEL-10022] - EDAC/mce_amd: Remove SMCA Extended Error code descriptions (Aristeu Rozanski) [RHEL-10022] - x86/mce/amd, EDAC/mce_amd: Move long names to decoder module (Aristeu Rozanski) [RHEL-10022] - EDAC/amd64: Cache and use GPU node map (Aristeu Rozanski) [RHEL-10022] - EDAC/amd64: Add support for AMD heterogeneous Family 19h Model 30h-3Fh (Aristeu Rozanski) [RHEL-10022] - EDAC/amd64: Document heterogeneous system enumeration (Aristeu Rozanski) [RHEL-10022] - x86/MCE/AMD, EDAC/mce_amd: Decode UMC_V2 ECC errors (Aristeu Rozanski) [RHEL-10022] - EDAC/amd64: Fix indentation in umc_determine_edac_cap() (Aristeu Rozanski) [RHEL-10022] - EDAC: Sanitize MODULE_AUTHOR strings (Aristeu Rozanski) [RHEL-10022] - EDAC/amd64: Add get_err_info() to pvt->ops (Aristeu Rozanski) [RHEL-10022] - EDAC/amd64: Split dump_misc_regs() into dct/umc functions (Aristeu Rozanski) [RHEL-10022] - EDAC/amd64: Split init_csrows() into dct/umc functions (Aristeu Rozanski) [RHEL-10022] - EDAC/amd64: Split determine_edac_cap() into dct/umc functions (Aristeu Rozanski) [RHEL-10022] - fprobe: Ensure running fprobe_exit_handler() finished before calling rethook_free() (Viktor Malik) [RHEL-26131] - fprobe: Release rethook after the ftrace_ops is unregistered (Viktor Malik) [RHEL-26131] - fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super {CVE-2024-0841} (Audra Mitchell) [RHEL-20615 RHEL-20617] {CVE-2024-0841} - smb: client: fix parsing of SMB3.1.1 POSIX create context (Paulo Alcantara) [RHEL-26242 RHEL-26244] {CVE-2023-52434} - smb: client: fix potential OOBs in smb2_parse_contexts() (Paulo Alcantara) [RHEL-26242 RHEL-26244] {CVE-2023-52434} [5.14.0-427.2.1_4] - x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (Paolo Bonzini) [RHEL-23426] - x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (Paolo Bonzini) [RHEL-23426] - x86/boot: Move x86_cache_alignment initialization to correct spot (Paolo Bonzini) [RHEL-23426] - x86/sev-es: Set x86_virt_bits to the correct value straight away, instead of a two-phase approach (Paolo Bonzini) [RHEL-23426] - KVM: x86: make KVM_REQ_NMI request iff NMI pending for vcpu (Prasad Pandit) [RHEL-2815] - drm/tegra: Remove existing framebuffer only if we support display (Robert Foss) [RHEL-26130] - Deprecate qla4xxx in RHEL-9 (Chris Leech) [RHEL-1241] - dm-bufio: fix no-sleep mode (Benjamin Marzinski) [RHEL-23968] - selftests: rtnetlink: add MACsec offload tests (Sabrina Dubroca) [RHEL-24616] - netdevsim: add dummy macsec offload (Sabrina Dubroca) [RHEL-24616] - selftests: rtnetlink: Make the set of tests to run configurable (Sabrina Dubroca) [RHEL-24616] [5.14.0-427.1.1_4] - config: wifi: enable MT7925E card (Jose Ignacio Tornos Martinez) [RHEL-14693] - shmem: support idmapped mounts for tmpfs (Giuseppe Scrivano) [RHEL-23900] - iommu/vt-d: Fix incorrect cache invalidation for mm notification (Jerry Snitselaar) [RHEL-26541] - mmu_notifiers: rename invalidate_range notifier (Jerry Snitselaar) [RHEL-26541] - mmu_notifiers: don't invalidate secondary TLBs as part of mmu_notifier_invalidate_range_end() (Jerry Snitselaar) [RHEL-26541] - mmu_notifiers: call invalidate_range() when invalidating TLBs (Jerry Snitselaar) [RHEL-26541] - mmu_notifiers: fixup comment in mmu_interval_read_begin() (Jerry Snitselaar) [RHEL-26541] - mlxbf_gige: Enable the GigE port in mlxbf_gige_open (Luiz Capitulino) [RHEL-21118] - mlxbf_gige: Fix intermittent no ip issue (Luiz Capitulino) [RHEL-21118] - mlxbf_gige: fix receive packet race condition (Luiz Capitulino) [RHEL-21118] - net: ethernet: mellanox: Convert to platform remove callback returning void (Luiz Capitulino) [RHEL-21118] - mlxbf_gige: Remove two unused function declarations (Luiz Capitulino) [RHEL-21118] - net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure (Luiz Capitulino) [RHEL-21118] - mlxbf_gige: fix white space in mlxbf_gige_eth_ioctl (Luiz Capitulino) [RHEL-21118] - mlxbf_gige: add 'set_link_ksettings' ethtool callback (Luiz Capitulino) [RHEL-21118] - mlxbf_gige: support 10M/100M/1G speeds on BlueField-3 (Luiz Capitulino) [RHEL-21118] - mlxbf_gige: add MDIO support for BlueField-3 (Luiz Capitulino) [RHEL-21118] - net/mlxbf_gige: Fix an IS_ERR() vs NULL bug in mlxbf_gige_mdio_probe (Luiz Capitulino) [RHEL-21118] - mlxbf_gige: clear MDIO gateway lock after read (Luiz Capitulino) [RHEL-21118] - mlxbf_gige: compute MDIO period based on i1clk (Luiz Capitulino) [RHEL-21118] - mlxbf_gige: remove own module name define and use KBUILD_MODNAME instead (Luiz Capitulino) [RHEL-21118] - net/mlxbf_gige: use eth_zero_addr() to clear mac address (Luiz Capitulino) [RHEL-21118] - mlxbf_gige: remove driver-managed interrupt counts (Luiz Capitulino) [RHEL-21118] - mlxbf_gige: increase MDIO polling rate to 5us (Luiz Capitulino) [RHEL-21118] - net: mellanox: mlxbf_gige: Replace non-standard interrupt handling (Luiz Capitulino) [RHEL-21118] - mlxbf_gige: clear valid_polarity upon open (Luiz Capitulino) [RHEL-21118] - net/mlxbf_gige: Make use of devm_platform_ioremap_resourcexxx() (Luiz Capitulino) [RHEL-21118] - redhat: update self-test data (Scott Weaver) - redhat: enable zstream release numbering for RHEL 9.4 (Scott Weaver) - redhat: set default dist suffix for RHEL 9.4 (Scott Weaver) [5.14.0-427] - scsi: smartpqi: Fix disable_managed_interrupts (Tomas Henzl) [RHEL-26145] - redhat/configs: Enable Intel IAA Compression Accelerator for x86 (Vladis Dronov) [RHEL-20145] - crypto: iaa - Account for cpu-less numa nodes (Vladis Dronov) [RHEL-20145] - crypto: iaa - remove unneeded semicolon (Vladis Dronov) [RHEL-20145] - crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (Vladis Dronov) [RHEL-20145] - crypto: iaa - Change desc->priv to 0 (Vladis Dronov) [RHEL-20145] - dmaengine: idxd: Add support for device/wq defaults (Vladis Dronov) [RHEL-20145] - crypto: iaa - Add IAA Compression Accelerator stats (Vladis Dronov) [RHEL-20145] - crypto: iaa - Add irq support for the crypto async interface (Vladis Dronov) [RHEL-20145] - crypto: iaa - Add support for deflate-iaa compression algorithm (Vladis Dronov) [RHEL-20145] - crypto: iaa - Add compression mode management along with fixed mode (Vladis Dronov) [RHEL-20145] - crypto: iaa - Add per-cpu workqueue table with rebalancing (Vladis Dronov) [RHEL-20145] - crypto: iaa - Add Intel IAA Compression Accelerator crypto driver core (Vladis Dronov) [RHEL-20145] - crypto: iaa - Add IAA Compression Accelerator Documentation (Vladis Dronov) [RHEL-20145] - dmaengine: idxd: add callback support for iaa crypto (Vladis Dronov) [RHEL-20145] - dmaengine: idxd: Add wq private data accessors (Vladis Dronov) [RHEL-20145] - dmaengine: idxd: Export wq resource management functions (Vladis Dronov) [RHEL-20145] - dmaengine: idxd: Export descriptor management functions (Vladis Dronov) [RHEL-20145] - dmaengine: idxd: Rename drv_enable/disable_wq to idxd_drv_enable/disable_wq, and export (Vladis Dronov) [RHEL-20145] - dmaengine: idxd: add external module driver support for dsa_bus_type (Vladis Dronov) [RHEL-20145] - dmaengine: idxd: add wq driver name support for accel-config user tool (Vladis Dronov) [RHEL-20145] [5.14.0-426] - firmware: arm_ffa: Assign the missing IDR allocation ID to the FFA device (Mark Salter) [RHEL-16037] - firmware: arm_ffa: Allow the FF-A drivers to use 32bit mode of messaging (Mark Salter) [RHEL-16037] - optee: fix uninited async notif value (Mark Salter) [RHEL-16037] - KEYS: trusted: tee: Refactor register SHM usage (Mark Salter) [RHEL-16037] - redhat/configs: enable ARM_FFA_TRANSPORT (Mark Salter) [RHEL-16037] - firmware: arm_ffa: Don't set the memory region attributes for MEM_LEND (Mark Salter) [RHEL-16037] - firmware: arm_ffa: Set handle field to zero in memory descriptor (Mark Salter) [RHEL-16037] - firmware: arm_ffa: Set reserved/MBZ fields to zero in the memory descriptors (Mark Salter) [RHEL-16037] - firmware: arm_ffa: Fix FFA device names for logical partitions (Mark Salter) [RHEL-16037] - firmware: arm_ffa: Fix usage of partition info get count flag (Mark Salter) [RHEL-16037] - firmware: arm_ffa: Check if ffa_driver remove is present before executing (Mark Salter) [RHEL-16037] - tee: optee: Add SMC for loading OP-TEE image (Mark Salter) [RHEL-16037] - optee: add per cpu asynchronous notification (Mark Salter) [RHEL-16037] - tee: optee: Fix typo Unuspported -> Unsupported (Mark Salter) [RHEL-16037] - tee: amdtee: fix race condition in amdtee_open_session (Mark Salter) [RHEL-16037] - firmware: arm_ffa: Move comment before the field it is documenting (Mark Salter) [RHEL-16037] - optee: Add __init/__exit annotations to module init/exit funcs (Mark Salter) [RHEL-16037] - tee: optee: fix possible memory leak in optee_register_device() (Mark Salter) [RHEL-16037] - firmware: arm_ffa: Split up ffa_ops into info, message and memory operations (Mark Salter) [RHEL-16037] - firmware: arm_ffa: Set up 32bit execution mode flag using partiion property (Mark Salter) [RHEL-16037] - firmware: arm_ffa: Add v1.1 get_partition_info support (Mark Salter) [RHEL-16037] - firmware: arm_ffa: Rename ffa_dev_ops as ffa_ops (Mark Salter) [RHEL-16037] - firmware: arm_ffa: Make memory apis ffa_device independent (Mark Salter) [RHEL-16037] - tee: optee: Drop ffa_ops in optee_ffa structure using ffa_dev->ops directly (Mark Salter) [RHEL-16037] - tee: fix compiler warning in tee_shm_register() (Mark Salter) [RHEL-16037] - tee: add overflow check in register_shm_helper() (Mark Salter) [RHEL-16037] - tee: tee_get_drvdata(): fix description of return value (Mark Salter) [RHEL-16037] - optee: Remove duplicate 'of' in two places. (Mark Salter) [RHEL-16037] - optee: smc_abi.c: fix wrong pointer passed to IS_ERR/PTR_ERR() (Mark Salter) [RHEL-16037] - tee: optee: Pass a pointer to virt_addr_valid() (Mark Salter) [RHEL-16037] - tee: optee: Use ffa_dev_get_drvdata to fetch driver_data (Mark Salter) [RHEL-16037] - tee: remove flags TEE_IOCTL_SHM_MAPPED and TEE_IOCTL_SHM_DMA_BUF (Mark Salter) [RHEL-16037] - tee: remove tee_shm_va2pa() and tee_shm_pa2va() (Mark Salter) [RHEL-16037] - optee: cache argument shared memory structs (Mark Salter) [RHEL-16037] - optee: add FF-A capability OPTEE_FFA_SEC_CAP_ARG_OFFSET (Mark Salter) [RHEL-16037] - optee: add OPTEE_SMC_CALL_WITH_RPC_ARG and OPTEE_SMC_CALL_WITH_REGD_ARG (Mark Salter) [RHEL-16037] - optee: rename rpc_arg_count to rpc_param_count (Mark Salter) [RHEL-16037] - tee: make tee_shm_register_kernel_buf vmalloc supported (Mark Salter) [RHEL-16037] - tee: combine 'config' and 'menu' for TEE's menuconfig (Mark Salter) [RHEL-16037] - tee: optee: add missing mutext_destroy in optee_ffa_probe (Mark Salter) [RHEL-16037] - tee: refactor TEE_SHM_* flags (Mark Salter) [RHEL-16037] - tee: replace tee_shm_register() (Mark Salter) [RHEL-16037] - KEYS: trusted: tee: use tee_shm_register_kernel_buf() (Mark Salter) [RHEL-16037] - tee: add tee_shm_register_{user,kernel}_buf() (Mark Salter) [RHEL-16037] - optee: add optee_pool_op_free_helper() (Mark Salter) [RHEL-16037] - tee: replace tee_shm_alloc() (Mark Salter) [RHEL-16037] - tee: simplify shm pool handling (Mark Salter) [RHEL-16037] - tee: add tee_shm_alloc_user_buf() (Mark Salter) [RHEL-16037] - tee: remove unused tee_shm_pool_alloc_res_mem() (Mark Salter) [RHEL-16037] - hwrng: optee-rng: use tee_shm_alloc_kernel_buf() (Mark Salter) [RHEL-16037] - tee: amdtee: Make use of the helper macro LIST_HEAD() (Mark Salter) [RHEL-16037] - tee: optee: fix error return code in probe function (Mark Salter) [RHEL-16037] - optee: use driver internal tee_context for some rpc (Mark Salter) [RHEL-16037] - optee: add error checks in optee_ffa_do_call_with_arg() (Mark Salter) [RHEL-16037] - optee: Use bitmap_free() to free bitmap (Mark Salter) [RHEL-16037] - optee: Fix NULL but dereferenced coccicheck error (Mark Salter) [RHEL-16037] - optee: add asynchronous notifications (Mark Salter) [RHEL-16037] - optee: separate notification functions (Mark Salter) [RHEL-16037] - tee: export teedev_open() and teedev_close_context() (Mark Salter) [RHEL-16037] - tee: fix put order in teedev_close_context() (Mark Salter) [RHEL-16037] - optee: Suppress false positive kmemleak report in optee_handle_rpc() (Mark Salter) [RHEL-16037] - tee: amdtee: fix an IS_ERR() vs NULL bug (Mark Salter) [RHEL-16037] - optee: fix kfree NULL pointer (Mark Salter) [RHEL-16037] - optee: Fix spelling mistake 'reclain' -> 'reclaim' (Mark Salter) [RHEL-16037] - optee: add FF-A support (Mark Salter) [RHEL-16037] - firmware: arm_ffa: Add ffa_dev_get_drvdata helper function (Mark Salter) [RHEL-16037] - firmware: arm_ffa: Use FFA_FEATURES to detect if native versions are supported (Mark Salter) [RHEL-16037] - firmware: arm_ffa: Add support for querying FF-A features (Mark Salter) [RHEL-16037] - firmware: arm_ffa: Remove ffa_dev_ops_get() (Mark Salter) [RHEL-16037] - firmware: arm_ffa: Add pointer to the ffa_dev_ops in struct ffa_dev (Mark Salter) [RHEL-16037] - PCI: Fix active state requirement in PME polling (Alex Williamson) [RHEL-25125] [5.14.0-425] - cgroup/cpuset: Include isolated cpuset CPUs in cpu_is_isolated() check (Waiman Long) [RHEL-21798] - cgroup/cpuset: Expose cpuset.cpus.isolated (Waiman Long) [RHEL-21798] - cgroup/cpuset: Take isolated CPUs out of workqueue unbound cpumask (Waiman Long) [RHEL-21798] - cgroup/cpuset: Keep track of CPUs in isolated partitions (Waiman Long) [RHEL-21798] - selftests/cgroup: Minor code cleanup and reorganization of test_cpuset_prs.sh (Waiman Long) [RHEL-21798] - workqueue: Move workqueue_set_unbound_cpumask() and its helpers inside CONFIG_SYSFS (Waiman Long) [RHEL-21798] - workqueue: Add workqueue_unbound_exclude_cpumask() to exclude CPUs from wq_unbound_cpumask (Waiman Long) [RHEL-21798] - workqueue: Make sure that wq_unbound_cpumask is never empty (Waiman Long) [RHEL-21798] - workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask() (Waiman Long) [RHEL-21798] - workqueue: add cmdline parameter workqueue.unbound_cpus to further constrain wq_unbound_cpumask at boot time (Waiman Long) [RHEL-21798] - ovl: mark xwhiteouts directory with overlay.opaque='x' (Alexander Larsson) [RHEL-25807] - ovl: Add documentation on nesting of overlayfs mounts (Alexander Larsson) [RHEL-25807] - Enable CONFIG_PWRSEQ_{SIMPLIE,EMMC} on aarch64 (Charles Mirabile) [RHEL-21062] - mmc: pwrseq: Convert to platform remove callback returning void (Charles Mirabile) [RHEL-21062] - mmc: pwrseq_simple: Convert to platform remove callback returning void (Charles Mirabile) [RHEL-21062] - mmc: pwrseq_simple: include deferred probe reasons (Charles Mirabile) [RHEL-21062] - mmc: pwrseq: Use bitmap_free() to free bitmap (Charles Mirabile) [RHEL-21062] - crypto: ccp - fix memleak in ccp_init_dm_workarea (Vladis Dronov) [RHEL-14851] - crypto: ccp/sp - Convert to platform remove callback returning void (Vladis Dronov) [RHEL-14851] - crypto: ccp - Dump SEV command buffer registers on SEV command error (Vladis Dronov) [RHEL-14851] - crypto: ccp - Add support for DBC over PSP mailbox (Vladis Dronov) [RHEL-14851] - crypto: ccp - Add a macro to check capabilities register (Vladis Dronov) [RHEL-14851] - crypto: ccp - Add a communication path abstraction for DBC (Vladis Dronov) [RHEL-14851] - crypto: ccp - Add support for extended PSP mailbox commands (Vladis Dronov) [RHEL-14851] - crypto: ccp - Move direct access to some PSP registers out of TEE (Vladis Dronov) [RHEL-14851] - crypto: ccp - Get a free page to use while fetching initial nonce (Vladis Dronov) [RHEL-14851] - crypto: ccp - Add support for getting and setting DBC parameters (Vladis Dronov) [RHEL-14851] - crypto: ccp - Add support for setting user ID for dynamic boost control (Vladis Dronov) [RHEL-14851] - crypto: ccp - Add support for fetching a nonce for dynamic boost control (Vladis Dronov) [RHEL-14851] - crypto: ccp - move setting PSP master to earlier in the init (Vladis Dronov) [RHEL-14851] - crypto: ccp - Add bootloader and TEE version offsets (Vladis Dronov) [RHEL-14851] - crypto: ccp - Add support for displaying PSP firmware versions (Vladis Dronov) [RHEL-14851] - crypto: ccp - Rename macro for security attributes (Vladis Dronov) [RHEL-14851] - sched/core: Make sched_setaffinity() always return -EINVAL on empty cpumask (Waiman Long) [RHEL-21440] - i2c: designware: Disable TX_EMPTY irq while waiting for block length byte (Charles Mirabile) [RHEL-24020] - bpf: sockmap, updating the sg structure should also update curr (Felix Maurer) [RHEL-21459] - bpf, x64: Fix tailcall infinite loop (Felix Maurer) [RHEL-21459] - tty: n_gsm: initialize more members at gsm_alloc_mux() (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix race condition in gsmld_write() (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix resource allocation order in gsm_activate_mux() (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix race condition in status line change on dead connections (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix flow control handling in tx path (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: Debug output allocation must use GFP_ATOMIC (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix sometimes uninitialized warning in gsm_dlci_modem_output() (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix NULL pointer access due to DLCI release (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: name the debug bits (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: replace use of gsm_read_ea() with gsm_read_ea_val() (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix missing tty wakeup in convergence layer type 2 (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix wrong signal octets encoding in MSC (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix buffer over-read in gsm_dlci_data() (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix wrong modem processing in convergence layer type 2 (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix user open not possible at responder until initiator open (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: Delete gsmtty open SABM frame when config requester (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix deadlock and link starvation in outgoing data path (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix non flow control frames during mux flow off (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix reset fifo race condition (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix missing explicit ldisc flush (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix deadlock in gsmtty_open() (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: Modify CR,PF bit printk info when config requester (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix SW flow control encoding/handling (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: add parameters used with parameter negotiation (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix wrong command retry handling (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: introduce macro for minimal unit size (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix insufficient txframe size (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: introduce gsm_control_command() function (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix invalid use of MSC in advanced option (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix wrong command frame length field encoding (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix wrong tty control line for flow control (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix missing timer to handle stalled links (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix wrong queuing behavior in gsm_dlci_data_output() (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: add parameter negotiation support (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix tty registration before control channel open (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix software flow control handling (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: Fix packet data hex dump output (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: Don't ignore write return value in gsmld_output() (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: name gsm tty device minors (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: stop using alloc_tty_driver (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: don't store semi-state into tty drivers (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - hvsi: don't panic on tty_register_driver failure (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - amiserial: switch rs_table to a single state (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - amiserial: expand 'custom' (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - amiserial: remove serial_* strings (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - amiserial: use memset to zero serial_state (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - Revert 'tty: n_gsm: fix UAF in gsm_cleanup_mux' (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix encoding of command/response bit (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix broken virtual tty handling (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix missing update of modem controls after DLCI open (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix frame reception handling (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: clean up indenting in gsm_queue() (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: Save dlci address open status when config requester (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: Modify CR,PF bit when config requester (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix UAF in gsm_cleanup_mux (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix wrong DLCI release order (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix mux cleanup after unregister tty device (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix decoupled mux resource (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: fix restart handling via CLD command (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - tty: n_gsm: Modify gsmtty driver register method when config requester (Wander Lairson Costa) [RHEL-19959 RHEL-19971] {CVE-2023-6546} - config: wifi: enable RTL 8852CE card (Jose Ignacio Tornos Martinez) [RHEL-22603] [5.14.0-424] - tunnels: fix out of bounds access when building IPv6 PMTU error (Antoine Tenart) [RHEL-21839] - Revert 'efi/arm64: libstub: avoid SetVirtualAddressMap() when possible' (Paolo Bonzini) [RHEL-23382] - Revert 'arm64: efi: Force the use of SetVirtualAddressMap() on Altra machines' (Paolo Bonzini) [RHEL-23382] - Revert 'arm64: efi: Force the use of SetVirtualAddressMap() on eMAG and Altra Max machines' (Paolo Bonzini) [RHEL-23382] - Revert 'arm64: efi: Use SMBIOS processor version to key off Ampere quirk' (Paolo Bonzini) [RHEL-23382] - Revert 'efi/libstub: smbios: Drop unused 'recsize' parameter' (Paolo Bonzini) [RHEL-23382] - crypto: rsa - restrict plaintext/ciphertext values more (Vladis Dronov) [RHEL-24869] - crypto: rsa - add a check for allocation failure (Vladis Dronov) [RHEL-24869] - crypto: rsa - allow only odd e and restrict value in FIPS mode (Vladis Dronov) [RHEL-24869] - dm-crypt, dm-verity: disable tasklets (Benjamin Marzinski) [RHEL-23572] - dm verity: initialize fec io before freeing it (Benjamin Marzinski) [RHEL-23572] - dm-verity: don't use blocking calls from tasklets (Benjamin Marzinski) [RHEL-23572] - netfilter: nf_tables: bail out on mismatching dynset and set expressions (Florian Westphal) [RHEL-19016 RHEL-19017] {CVE-2023-6622} - memory: tegra: Add Tegra234 clients for RCE and VI (Joel Slebodnick) [RHEL-16714] - cpufreq: tegra194: remove redundant AND with cpu_online_mask (Joel Slebodnick) [RHEL-16714] - cpufreq: tegra194: use refclk delta based loop instead of udelay (Joel Slebodnick) [RHEL-16714] - cpufreq: tegra194: save CPU data to avoid repeated SMP calls (Joel Slebodnick) [RHEL-16714] - i2c: tegra: Fix i2c-tegra DMA config option processing (Joel Slebodnick) [RHEL-16714] - i2c: tegra: Fix failure during probe deferral cleanup (Joel Slebodnick) [RHEL-16714] - firmware: tegra: bpmp: Add support for DRAM MRQ GSCs (Joel Slebodnick) [RHEL-16714] - gpio: tegra186: Check PMC driver status before any request (Joel Slebodnick) [RHEL-16714] - soc/tegra: fuse: Fix Tegra234 fuse size (Joel Slebodnick) [RHEL-16714] - soc/tegra: pmc: Add AON SW Wake support for Tegra234 (Joel Slebodnick) [RHEL-16714] - gpio: tegra186: Check GPIO pin permission before access. (Joel Slebodnick) [RHEL-16714] - soc/tegra: fuse: Add support for Tegra264 (Joel Slebodnick) [RHEL-16714] - soc/tegra: bpmp: Actually free memory on error path (Joel Slebodnick) [RHEL-16714] - firmware: tegra: bpmp: Fix error paths in debugfs (Joel Slebodnick) [RHEL-16714] - netfilter: nf_tables: check if catch-all set element is active in next generation (Florian Westphal) [RHEL-23505 RHEL-23511] {CVE-2024-1085} - netfilter: nf_tables: reject QUEUE/DROP verdict parameters (Florian Westphal) [RHEL-23502 RHEL-23508] {CVE-2024-1086} - RHEL: re-enable CONFIG_TCP_CONG_ILLINOIS (Davide Caratti) [RHEL-5736] - KVM: selftests: Fix a semaphore imbalance in the dirty ring logging test (Eric Auger) [RHEL-16671 RHEL-24620] - KVM: arm64: Add missing memory barriers when switching to pKVM's hyp pgd (Eric Auger) [RHEL-24620] - KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache (Eric Auger) [RHEL-24620] - KVM: arm64: vgic-v3: Reinterpret user ISPENDR writes as I{C,S}PENDR (Eric Auger) [RHEL-24620] - KVM: arm64: vgic: Use common accessor for writes to ICPENDR (Eric Auger) [RHEL-24620] - KVM: arm64: vgic: Use common accessor for writes to ISPENDR (Eric Auger) [RHEL-24620] - KVM: arm64: vgic-v4: Restore pending state on host userspace write (Eric Auger) [RHEL-24620] - KVM: arm64: Update and fix FGT register masks (Eric Auger) [RHEL-24620] - IB: Use capital 'OR' for multiple licenses in SPDX (Izabela Bakollari) [RHEL-10363] - RDMA/rdmavt: Delete unnecessary NULL check (Izabela Bakollari) [RHEL-10363] - IB/rdmavt: Fix target union member for rvt_post_one_wr() (Izabela Bakollari) [RHEL-10363] - ice: add CGU info to devlink info callback (Petr Oros) [RHEL-22620] - nvme: start keep-alive after admin queue setup (Maurizio Lombardi) [RHEL-25203] - perf list: Fix JSON segfault by setting the used skip_duplicate_pmus callback (Michael Petlan) [RHEL-17626] - libbpf: Use OPTS_SET() macro in bpf_xdp_query() (Viktor Malik) [RHEL-24445] - ovl: remove privs in ovl_fallocate() (Miklos Szeredi) [RHEL-17368] - ovl: remove privs in ovl_copyfile() (Miklos Szeredi) [RHEL-17368] - nvme-host: fix the updating of the firmware version (Maurizio Lombardi) [RHEL-25086] - devlink: Expose port function commands to control IPsec packet offloads (Petr Oros) [RHEL-24425] - devlink: Expose port function commands to control IPsec crypto offloads (Petr Oros) [RHEL-24425] [5.14.0-423] - Bluetooth: Add support for Gale Peak (8087:0036) (Jose Ignacio Tornos Martinez) [RHEL-24999] - Bluetooth: btintel: Add support for Gale Peak (Jose Ignacio Tornos Martinez) [RHEL-24999] - mlxbf-bootctl: correctly identify secure boot with development keys (Luiz Capitulino) [RHEL-21120] - platform/mellanox: mlxbf-bootctl: Convert to platform remove callback returning void (Luiz Capitulino) [RHEL-21120] - mlxbf-bootctl: Support sysfs entries for MFG fields (Luiz Capitulino) [RHEL-21120] - mlxbf-bootctl: Support setting the ARM boot state to 'OS up' (Luiz Capitulino) [RHEL-21120] - mlxbf-bootctl: Support the large icmc write/read (Luiz Capitulino) [RHEL-21120] - mlxbf-bootctl: Add sysfs file for BlueField boot log (Luiz Capitulino) [RHEL-21120] - mlxbf-bootctl: Add sysfs file for BlueField boot fifo (Luiz Capitulino) [RHEL-21120] - platform/mellanox: add firmware reset support (Luiz Capitulino) [RHEL-21120] - tpm: Enable hwrng only for Pluton on AMD CPUs (Stepan Horacek) [RHEL-18985] - redhat: hsr: Mark as tech preview (Felix Maurer) [RHEL-24972] - Bluetooth: Add more enc key size check (Bastien Nocera) [RHEL-19668 RHEL-19669] {CVE-2023-24023} - netfilter: xt_recent: fix (increase) ipv6 literal buffer length (Florian Westphal) [RHEL-21163] - netfilter: xt_owner: Fix for unsafe access of sk->sk_socket (Florian Westphal) [RHEL-21163] - netfilter: xt_u32: validate user space input (Florian Westphal) [RHEL-21163] - keys, dns: Fix size check of V1 server-list header (Davide Caratti) [RHEL-21582] - keys, dns: Fix missing size check of V1 server-list header (Davide Caratti) [RHEL-21582] - keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry (Davide Caratti) [RHEL-21582] - net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev() (Davide Caratti) [RHEL-21582] - psample: Require 'CAP_NET_ADMIN' when joining 'packets' group (Davide Caratti) [RHEL-21582] - llc: verify mac len before reading mac header (Davide Caratti) [RHEL-21582] - ceph: add ceph_cap_unlink_work to fire check_caps() immediately (Ilya Dryomov) [RHEL-22252] - ceph: always queue a writeback when revoking the Fb caps (Ilya Dryomov) [RHEL-22252] - ceph: always check dir caps asynchronously (Ilya Dryomov) [RHEL-22252] - ice: Add check for lport extraction to LAG init (Petr Oros) [RHEL-21561] - ice: stop trashing VF VSI aggregator node ID information (Petr Oros) [RHEL-21561] - pmdomain: xilinx: Move Kconfig option to the pmdomain subsystem (Radu Rendec) [RHEL-25420] - pmdomain: ti: Move and add Kconfig options to the pmdomain subsystem (Radu Rendec) [RHEL-25420] - pmdomain: tegra: Move Kconfig option to the pmdomain subsystem (Radu Rendec) [RHEL-25420] - pmdomain: st: Add a Kconfig option for the ux500 power domain (Radu Rendec) [RHEL-25420] - pmdomain: samsung: Move Kconfig option to the pmdomain subsystem (Radu Rendec) [RHEL-25420] - pmdomain: rockchip: Move Kconfig option to the pmdomain subsystem (Radu Rendec) [RHEL-25420] - pmdomain: renesas: Move Kconfig options to the pmdomain subsystem (Radu Rendec) [RHEL-25420] - pmdomain: qcom: Move Kconfig options to the pmdomain subsystem (Radu Rendec) [RHEL-25420] - pmdomain: mediatek: Move Kconfig options to the pmdomain subsystem (Radu Rendec) [RHEL-25420] - pmdomain: imx: Move Kconfig options to the pmdomain subsystem (Radu Rendec) [RHEL-25420] - pmdomain: bcm: Move Kconfig options to the pmdomain subsystem (Radu Rendec) [RHEL-25420] - pmdomain: amlogic: Move Kconfig options to the pmdomain subsystem (Radu Rendec) [RHEL-25420] - pmdomain: actions: Move Kconfig file to the pmdomain subsystem (Radu Rendec) [RHEL-25420] - pmdomain: Prepare to move Kconfig files into the pmdomain subsystem (Radu Rendec) [RHEL-25420] - pmdomain: Rename the genpd subsystem to pmdomain (Radu Rendec) [RHEL-25420] - genpd: imx: relocate scu-pd under genpd (Radu Rendec) [RHEL-25420] - genpd: move owl-sps-helper.c from drivers/soc (Radu Rendec) [RHEL-25420] - genpd: Makefile: build imx (Radu Rendec) [RHEL-25420] - ARM: ux500: Move power-domain driver to the genpd dir (Radu Rendec) [RHEL-25420] - ARM: ux500: Convert power-domain code into a regular platform driver (Radu Rendec) [RHEL-25420] - soc: xilinx: Move power-domain driver to the genpd dir (Radu Rendec) [RHEL-25420] - soc: ti: Mover power-domain drivers to the genpd dir (Radu Rendec) [RHEL-25420] - soc: tegra: Move powergate-bpmp driver to the genpd dir (Radu Rendec) [RHEL-25420] - soc: samsung: Move power-domain driver to the genpd dir (Radu Rendec) [RHEL-25420] - soc: rockchip: Mover power-domain driver to the genpd dir (Radu Rendec) [RHEL-25420] - soc: renesas: Move power-domain drivers to the genpd dir (Radu Rendec) [RHEL-25420] - soc: qcom: Move power-domain drivers to the genpd dir (Radu Rendec) [RHEL-25420] - soc: mediatek: Move power-domain drivers to the genpd dir (Radu Rendec) [RHEL-25420] - soc: imx: Move power-domain drivers to the genpd dir (Radu Rendec) [RHEL-25420] - soc: bcm: Move power-domain drivers to the genpd dir (Radu Rendec) [RHEL-25420] - soc: amlogic: Move power-domain drivers to the genpd dir (Radu Rendec) [RHEL-25420] - soc: actions: Move power-domain driver to the genpd dir (Radu Rendec) [RHEL-25420] - genpd: Create a new subsystem directory to host genpd providers (Radu Rendec) [RHEL-25420] - soc: mediatek: Let PMIC Wrapper and SCPSYS depend on OF (Radu Rendec) [RHEL-25420] - ARM: ux500: Drop unused register file (Radu Rendec) [RHEL-25420] - redhat/confgs: enable sdhci-of-dwcmshc (Luiz Capitulino) [RHEL-21121] - mmc: sdhci-of-dwcmshc: Add runtime PM operations (Luiz Capitulino) [RHEL-21121] - mmc: sdhci-of-dwcmshc: Add error handling in dwcmshc_resume (Luiz Capitulino) [RHEL-21121] - mmc: sdhci-of-dwcmshc: Convert to platform remove callback returning void (Luiz Capitulino) [RHEL-21121] - mmc: sdhci-of-dwcmshc: Explicitly include correct DT includes (Luiz Capitulino) [RHEL-21121] - mmc: sdhci-of-dwcmshc: properly determine max clock on Rockchip (Luiz Capitulino) [RHEL-21121] - mmc: sdhci-of-dwcmshc: add the missing device table IDs for acpi (Luiz Capitulino) [RHEL-21121] - mmc: sdhci-of-dwcmshc: Update DLL and pre-change delay for rockchip platform (Luiz Capitulino) [RHEL-21121] - mmc: sdhci-of-dwcmshc: enable host V4 support for BlueField-3 SoC (Luiz Capitulino) [RHEL-21121] - mmc: sdhci-of-dwcmshc: Re-enable support for the BlueField-3 SoC (Luiz Capitulino) [RHEL-21121] - mmc: sdhci-of-dwcmshc: add support for rk3588 (Luiz Capitulino) [RHEL-21121] - mmc: sdhci-of-dwcmshc: rename rk3568 to rk35xx (Luiz Capitulino) [RHEL-21121] - mmc: sdhci-of-dwcmshc: add reset call back for rockchip Socs (Luiz Capitulino) [RHEL-21121] - netfilter: nft_set_pipapo: prefer gfp_kernel allocation (Florian Westphal) [RHEL-21443] - netfilter: nf_tables: mark newset as dead on transaction abort (Florian Westphal) [RHEL-21443] - netfilter: nft_immediate: drop chain reference counter on error (Florian Westphal) [RHEL-21443] - netfilter: nf_tables: skip set commit for deleted/destroyed sets (Florian Westphal) [RHEL-21443] - netfilter: nf_tables: set transport offset from mac header for netdev/egress (Florian Westphal) [RHEL-21443] - netfilter: nf_tables: validate family when identifying table via handle (Florian Westphal) [RHEL-21443] - netfilter: nf_tables: fix 'exist' matching on bigendian arches (Florian Westphal) [RHEL-21443] - netfilter: nf_tables: bogus ENOENT when destroying element which does not exist (Florian Westphal) [RHEL-21443] - netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() (Florian Westphal) [RHEL-21443] - netfilter: nft_set_rbtree: .deactivate fails if element has expired (Florian Westphal) [RHEL-21443] - netfilter: nft_payload: fix wrong mac header matching (Florian Westphal) [RHEL-21443] - netfilter: nf_tables: do not refresh timeout when resetting element (Florian Westphal) [RHEL-21443] - netfilter: nf_tables: uapi: Describe NFTA_RULE_CHAIN_ID (Florian Westphal) [RHEL-21443] - netfilter: nftables: exthdr: fix 4-byte stack OOB write (Florian Westphal) [RHEL-21443] - netfilter: nft_exthdr: Fix non-linear header modification (Florian Westphal) [RHEL-21443] - redhat: add nvidia oot signing key (David Airlie) [RHEL-18051] - RDMA/efa: Fix wrong resources deallocation order (Izabela Bakollari) [RHEL-17697] - RDMA/efa: Add RDMA write HW statistics counters (Izabela Bakollari) [RHEL-17697] - RDMA/efa: Fix unsupported page sizes in device (Izabela Bakollari) [RHEL-17697] - RDMA/efa: Add rdma write capability to device caps (Izabela Bakollari) [RHEL-17697] - RDMA/efa: Add data polling capability feature bit (Izabela Bakollari) [RHEL-17697] - md: partially revert 'md/raid6: use valid sector values to determine if an I/O should wait on the reshape' (Benjamin Marzinski) [RHEL-24489] - ipvs: fix racy memcpy in proc_do_sync_threshold (Florian Westphal) [RHEL-21166] - ipvs: align inner_mac_header for encapsulation (Florian Westphal) [RHEL-21166] - x86/mce: Prevent duplicate error records (Aristeu Rozanski) [RHEL-24447] [5.14.0-422] - sfc: Check firmware supports Ethernet PTP filter (Izabela Bakollari) [RHEL-11017] - sfc: allocate a big enough SKB for loopback selftest packet (Izabela Bakollari) [RHEL-11017] - sfc: fix field-spanning memcpy in selftest (Izabela Bakollari) [RHEL-11017] - sfc: Remove vfdi.h (Izabela Bakollari) [RHEL-11017] - sfc: Cleanups in io.h (Izabela Bakollari) [RHEL-11017] - sfc: Miscellaneous comment removals (Izabela Bakollari) [RHEL-11017] - sfc: Remove struct efx_special_buffer (Izabela Bakollari) [RHEL-11017] - sfc: Filter cleanups for Falcon and Siena (Izabela Bakollari) [RHEL-11017] - sfc: Remove some NIC type indirections that are no longer needed (Izabela Bakollari) [RHEL-11017] - sfc: Remove PTP code for Siena (Izabela Bakollari) [RHEL-11017] - sfc: Remove EFX_REV_SIENA_A0 (Izabela Bakollari) [RHEL-11017] - sfc: Remove support for siena high priority queue (Izabela Bakollari) [RHEL-11017] - sfc: Remove siena_nic_data and stats (Izabela Bakollari) [RHEL-11017] - sfc: Remove falcon references (Izabela Bakollari) [RHEL-11017] - sfc: support for devlink port requires MAE access (Izabela Bakollari) [RHEL-11017] - sfc: falcon: use padding to fix alignment in loopback test (Izabela Bakollari) [RHEL-11017] - sfc: siena: use padding to fix alignment in loopback test (Izabela Bakollari) [RHEL-11017] - sfc: use padding to fix alignment in loopback test (Izabela Bakollari) [RHEL-11017] - sfc: fix crash when reading stats while NIC is resetting (Izabela Bakollari) [RHEL-11017] - sfc: keep alive neighbour entries while a TC encap action is using them (Izabela Bakollari) [RHEL-11017] - sfc: fix uninitialized variable use (Izabela Bakollari) [RHEL-11017] - sfc: add CONFIG_INET dependency for TC offload (Izabela Bakollari) [RHEL-11017] - sfc: do not try to call tc functions when CONFIG_SFC_SRIOV=n (Izabela Bakollari) [RHEL-11017] - sfc: Add devlink dev info support for EF10 (Izabela Bakollari) [RHEL-11017] - sfc: generate encap headers for TC offload (Izabela Bakollari) [RHEL-11017] - sfc: neighbour lookup for TC encap action offload (Izabela Bakollari) [RHEL-11017] - sfc: MAE functions to create/update/delete encap headers (Izabela Bakollari) [RHEL-11017] - sfc: add function to atomically update a rule in the MAE (Izabela Bakollari) [RHEL-11017] - sfc: some plumbing towards TC encap action offload (Izabela Bakollari) [RHEL-11017] - sfc: add fallback action-set-lists for TC offload (Izabela Bakollari) [RHEL-11017] - sfc: fix error unwinds in TC offload (Izabela Bakollari) [RHEL-11017] - sfc: handle VI shortage on ef100 by readjusting the channels (Izabela Bakollari) [RHEL-11017] - sfc: fix devlink info error handling (Izabela Bakollari) [RHEL-11017] - sfc: populate enc_ip_tos matches in MAE outer rules (Izabela Bakollari) [RHEL-11017] - sfc: release encap match in efx_tc_flow_free() (Izabela Bakollari) [RHEL-11017] - sfc: disable RXFCS and RXALL features by default (Izabela Bakollari) [RHEL-11017] - sfc: add offloading of 'foreign' TC (decap) rules (Izabela Bakollari) [RHEL-11017] - sfc: add code to register and unregister encap matches (Izabela Bakollari) [RHEL-11017] - sfc: add functions to insert encap matches into the MAE (Izabela Bakollari) [RHEL-11017] - sfc: handle enc keys in efx_tc_flower_parse_match() (Izabela Bakollari) [RHEL-11017] - sfc: add notion of match on enc keys to MAE machinery (Izabela Bakollari) [RHEL-11017] - sfc: document TC-to-EF100-MAE action translation concepts (Izabela Bakollari) [RHEL-11017] - sfc: support offloading TC VLAN push/pop actions to the MAE (Izabela Bakollari) [RHEL-11017] - sfc: move xdp_features configuration in efx_pci_probe_post_io() (Izabela Bakollari) [RHEL-11017] - redhat: configs: ccimx93-dvk: enable eth network (Eric Chanudet) [RHEL-20495] - redhat: configs: ccimx93-dvk enablement (Eric Chanudet) [RHEL-20495] - net/mlx5: Consider VLAN interface in MACsec TX steering rules (Amir Tzin) [RHEL-20930] - net/mlx5: Support MACsec over VLAN (Amir Tzin) [RHEL-20930] - net/mlx5: Enable MACsec offload feature for VLAN interface (Amir Tzin) [RHEL-20930] - firmware: arm_scmi: Specify the performance level when adding an OPP (Steve Dunnagan) [RHEL-9668] - OPP: Extend dev_pm_opp_data with a level (Steve Dunnagan) [RHEL-9668] - OPP: Add dev_pm_opp_add_dynamic() to allow more flexibility (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Fix frequency truncation by promoting multiplier type (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Fix possible frequency truncation when using level indexing mode (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Drop redundant ->device_domain_id() from perf ops (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Align perf ops to use domain-id as in-parameter (Steve Dunnagan) [RHEL-9668] - cpufreq: scmi: Prepare to move OF parsing of domain-id to cpufreq (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Extend perf protocol ops to get information of a domain (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Extend perf protocol ops to get number of domains (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add SCMI v3.1 System Power extensions (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add qcom smc/hvc transport support (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Convert u32 to unsigned long to align with arm_smccc_1_1_invoke() (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add support for clock parents (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Simplify error path in scmi_dvfs_device_opps_add() (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Rename scmi_{msg_,}clock_config_{get,set}_{2,21} (Steve Dunnagan) [RHEL-9668] - redhat/configs: add ARM SCMI configs (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add clock OEM config clock operations (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add clock .state_get support to pre-v3.2 (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add v3.2 clock CONFIG_GET support (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add clock v3.2 CONFIG_SET support (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Simplify enable/disable clock operations (Steve Dunnagan) [RHEL-9668] - clk: scmi: Support atomic clock enable/disable API (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Fixup perf power-cost/microwatt support (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add v3.2 perf level indexing mode support (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Harden perf domain info access (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Fix chan_free cleanup on SMC (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Drop OF node reference in the transport channel setup (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Fix signed error return values handling (Steve Dunnagan) [RHEL-9668] - firmware: smccc: Fix use of uninitialised results structure (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Augment SMC/HVC to allow optional parameters (Steve Dunnagan) [RHEL-9668] - arm64: cpuidle: fix #ifdef for acpi functions (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Fix incorrect alloc_workqueue() invocation (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add support for unidirectional mailbox channels (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Fix xfers allocation on Rx channel (Steve Dunnagan) [RHEL-9668] - firmware: Use of_property_present() for testing DT property presence (Steve Dunnagan) [RHEL-9668] - firmware/psci: demote suspend-mode warning to info level (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Use the bitmap API to allocate bitmaps (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Fix device node validation for mailbox transport (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Fix raw coexistence mode behaviour on failure path (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Remove duplicate include header inclusion (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Return a literal instead of a variable (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Clean up a return statement in scmi_probe (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add per-channel raw injection support (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add the raw mode co-existence support (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Call raw mode hooks from the core stack (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Reject SCMI drivers when configured in raw mode (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add core raw transmission support (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Populate a common SCMI debugfs root (Steve Dunnagan) [RHEL-9668] - include: trace: Add platform and channel instance references (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add internal platform/channel identifiers (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Move errors defs and code to common.h (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add xfer helpers to provide raw access (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add flags field to xfer (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Refactor scmi_wait_for_message_response (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Refactor polling helpers (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Refactor xfer in-flight registration routines (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Split bus and driver into distinct modules (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Introduce a new lifecycle for protocol devices (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Refactor device create/destroy helpers (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Move handle get/set helpers (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Refactor protocol device creation (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add common notifier helpers (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Move protocol registration helpers (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Use dedicated devices to initialize channels (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Simplify chan_available transport operation (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Set fwnode for the scmi_device (Steve Dunnagan) [RHEL-9668] - cpuidle: drivers: firmware: psci: Dont instrument suspend code (Steve Dunnagan) [RHEL-9668] - firmware/psci: Don't register with debugfs if PSCI isn't available (Steve Dunnagan) [RHEL-9668] - firmware/psci: Fix MEM_PROTECT_RANGE function numbers (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Make Rx chan_setup fail on memory errors (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Make tx_prepare time out eventually (Steve Dunnagan) [RHEL-9668] - firmware/psci: Add debugfs support to ease debugging (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Harmonize SCMI tracing message format (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Support only one single system power device (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Use new SCMI full message tracing (Steve Dunnagan) [RHEL-9668] - include: trace: Add SCMI full message tracing (Steve Dunnagan) [RHEL-9668] - arm64: cpuidle: remove generic cpuidle support (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Remove usage of the deprecated ida_simple_xxx API (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Fix response size warning for OPTEE transport (Steve Dunnagan) [RHEL-9668] - cpufreq: scmi: Support the power scale in micro-Watts in SCMI v3.1 (Steve Dunnagan) [RHEL-9668] - cpufreq: scmi: Use .register_em() to register with energy model (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Do not use !! on boolean when setting msg->flags (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add Powercap protocol enable support (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Refactor the internal powercap get/set helpers (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add debugfs ABI documentation for raw mode (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Fix virtio channels cleanup on shutdown (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Harden shared memory access in fetch_response (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Harden shared memory access in fetch_notification (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Clear stale xfer->hdr.status (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Fix deferred_tx_wq release on error paths (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Fix devres allocation device in virtio transport (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Suppress the driver's bind attributes (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Cleanup the core driver removal callback (Steve Dunnagan) [RHEL-9668] - psci: Fix the function type for psci_initcall_t (Steve Dunnagan) [RHEL-9668] - Revert 'firmware: arm_scmi: Add clock management to the SCMI power domain' (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Fix the asynchronous reset requests (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add SCMI PM driver remove routine (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Harden accesses to the reset domains (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Harden accesses to the sensor domains (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Improve checks in the info_get operations (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Fix missing kernel-doc in optee (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Get detailed power scale from perf (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Use fast channel tracing (Steve Dunnagan) [RHEL-9668] - include: trace: Add SCMI fast channel tracing (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add devm_protocol_acquire helper (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add SCMI v3.1 powercap fast channels support (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add SCMI v3.1 powercap protocol basic support (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Generalize the fast channel support (Steve Dunnagan) [RHEL-9668] - firmware: arm_scmi: Add SCMI System Power Control driver (Steve Dunnagan) [RHEL-9668] - net: wwan: move wwan_hwsim to internals rpm (Jose Ignacio Tornos Martinez) [RHEL-24618] - Enable Intel MEI engine proxy for i915 (Mika Penttila) [RHEL-1351] - mei: gsc_proxy: add gsc proxy driver (Mika Penttila) [RHEL-1351] - mei: me: add meteor lake point M DID (Mika Penttila) [RHEL-1351] - mei: bus: fix unlink on bus in error path (Mika Penttila) [RHEL-1351] - misc/mei/hdcp: Use correct macros to initialize uuid_le (Mika Penttila) [RHEL-1351] - mei: pxp: Use correct macros to initialize uuid_le (Mika Penttila) [RHEL-1351] - mei: bus-fixup:upon error print return values of send and receive (Mika Penttila) [RHEL-1351] - mei: bus-fixup: change pxp mode only if message was sent (Mika Penttila) [RHEL-1351] - mei: add timeout to send (Mika Penttila) [RHEL-1351] - drm: bridge: samsung-dsim: Don't use FORCE_STOP_STATE (Mika Penttila) [RHEL-1351] - drm/bridge: anx7625: Ensure bridge is suspended in disable() (Mika Penttila) [RHEL-1351] - drm/bridge: parade-ps8640: Make sure we drop the AUX mutex in the error case (Mika Penttila) [RHEL-1351] - drm/bridge: parade-ps8640: Ensure bridge is suspended in .post_disable() (Mika Penttila) [RHEL-1351] - drm/bridge: sii902x: Fix audio codec unregistration (Mika Penttila) [RHEL-1351] - drm/bridge: sii902x: Fix probing race issue (Mika Penttila) [RHEL-1351] - drm/panel: samsung-s6d7aa0: drop DRM_BUS_FLAG_DE_HIGH for lsl080al02 (Mika Penttila) [RHEL-1351] - drm: panel-simple: add missing bus flags for Tianma tm070jvhg[30/33] (Mika Penttila) [RHEL-1351] - drm/bridge: parade-ps8640: Wait for HPD when doing an AUX transfer (Mika Penttila) [RHEL-1351] - drm/amdgpu/gfx11: set UNORD_DISPATCH in compute MQDs (Mika Penttila) [RHEL-1351] - drm/amdgpu/gfx10: set UNORD_DISPATCH in compute MQDs (Mika Penttila) [RHEL-1351] - drm/panel-edp: drm/panel-edp: Fix AUO B116XTN02 name (Mika Penttila) [RHEL-1351] - drm/panel-edp: drm/panel-edp: Fix AUO B116XAK01 name and timing (Mika Penttila) [RHEL-1351] - drm/panel-edp: Add AUO B116XTN02, BOE NT116WHM-N21,836X2, NV116WHM-N49 V8.0 (Mika Penttila) [RHEL-1351] - drm/i915/psr: Only allow PSR in LPSP mode on HSW non-ULT (Mika Penttila) [RHEL-1351] - drm/i915/lnl: Remove watchdog timers for PSR (Mika Penttila) [RHEL-1351] - drm/amd/display: Fix uninitialized variable usage in core_link_ 'read_dpcd() & write_dpcd()' functions (Mika Penttila) [RHEL-1351] - drm/amdgpu/pm: Fix the power source flag error (Mika Penttila) [RHEL-1351] - drm/amd/display: Fix late derefrence 'dsc' check in 'link_set_dsc_pps_packet()' (Mika Penttila) [RHEL-1351] - drm/amd/display: Align the returned error code with legacy DP (Mika Penttila) [RHEL-1351] - drm/amd/display: Port DENTIST hang and TDR fixes to OTG disable W/A (Mika Penttila) [RHEL-1351] - drm/amd/display: Fix variable deferencing before NULL check in edp_setup_replay() (Mika Penttila) [RHEL-1351] - drm/amdgpu: correct the cu count for gfx v11 (Mika Penttila) [RHEL-1351] - drm/bridge: nxp-ptn3460: simplify some error checking (Mika Penttila) [RHEL-1351] - Revert 'drm/amd/display: fix bandwidth validation failure on DCN 2.1' (Mika Penttila) [RHEL-1351] - drm/amd/display: Disable PSR-SU on Parade 0803 TCON again (Mika Penttila) [RHEL-1351] - drm/amd/display: fix bandwidth validation failure on DCN 2.1 (Mika Penttila) [RHEL-1351] - drm: Allow drivers to indicate the damage helpers to ignore damage clips (Mika Penttila) [RHEL-1351] - drm/virtio: Disable damage clipping if FB changed since last page-flip (Mika Penttila) [RHEL-1351] - drm: Disable the cursor plane on atomic contexts with virtualized drivers (Mika Penttila) [RHEL-1351] - drm/tidss: Fix atomic_flush check (Mika Penttila) [RHEL-1351] - drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking (Mika Penttila) [RHEL-1351] - drm: Don't unref the same fb many times by mistake due to deadlock handling (Mika Penttila) [RHEL-1351] - Revert 'drm/i915/dsi: Do display on sequence later on icl+' (Mika Penttila) [RHEL-1351] - drm/amdgpu: Fix the null pointer when load rlc firmware (Mika Penttila) [RHEL-1351] - Revert 'drm/amd: Enable PCIe PME from D3' (Mika Penttila) [RHEL-1351] - nouveau/vmm: don't set addr on the fail path to avoid warning (Mika Penttila) [RHEL-1351] - drm/amdgpu: fall back to INPUT power for AVG power via INFO IOCTL (Mika Penttila) [RHEL-1351] - drm/amdkfd: fixes for HMM mem allocation (Mika Penttila) [RHEL-1351] - drm/amd: Enable PCIe PME from D3 (Mika Penttila) [RHEL-1351] - Revert 'drm/amdkfd: Relocate TBA/TMA to opposite side of VM hole' (Mika Penttila) [RHEL-1351] - drm/amd/display: avoid stringop-overflow warnings for dp_decide_lane_settings() (Mika Penttila) [RHEL-1351] - drm/amd/pm/smu7: fix a memleak in smu7_hwmgr_backend_init (Mika Penttila) [RHEL-1351] - drm/amdkfd: Confirm list is non-empty before utilizing list_first_entry in kfd_topology.c (Mika Penttila) [RHEL-1351] - drm/amdkfd: Fix type of 'dbg_flags' in 'struct kfd_process' (Mika Penttila) [RHEL-1351] - drm/amd/pm: fix a double-free in amdgpu_parse_extended_power_table (Mika Penttila) [RHEL-1351] - gpu/drm/radeon: fix two memleaks in radeon_vm_init (Mika Penttila) [RHEL-1351] - drivers/amd/pm: fix a use-after-free in kv_parse_power_table (Mika Penttila) [RHEL-1351] - drm/amd/pm: fix a double-free in si_dpm_init (Mika Penttila) [RHEL-1351] - drm/amdgpu/debugfs: fix error code when smc register accessors are NULL (Mika Penttila) [RHEL-1351] - drm/panel: st7701: Fix AVCL calculation (Mika Penttila) [RHEL-1351] - drm/bridge: tc358767: Fix return value on error case (Mika Penttila) [RHEL-1351] - drm/bridge: cdns-mhdp8546: Fix use of uninitialized variable (Mika Penttila) [RHEL-1351] - drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table (Mika Penttila) [RHEL-1351] - drm/radeon/dpm: fix a memleak in sumo_parse_power_table (Mika Penttila) [RHEL-1351] - drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() (Mika Penttila) [RHEL-1351] - drm/drv: propagate errors from drm_modeset_register_all() (Mika Penttila) [RHEL-1351] - drm/radeon: check return value of radeon_ring_lock() (Mika Penttila) [RHEL-1351] - drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check() (Mika Penttila) [RHEL-1351] - drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg() (Mika Penttila) [RHEL-1351] - drm/bridge: Fix typo in post_disable() description (Mika Penttila) [RHEL-1351] - drm/bridge: tpd12s015: Drop buggy __exit annotation for remove function (Mika Penttila) [RHEL-1351] - drm/nouveau/fence:: fix warning directly dereferencing a rcu pointer (Mika Penttila) [RHEL-1351] - drm/panel-elida-kd35t133: hold panel in reset for unprepare (Mika Penttila) [RHEL-1351] - drm/panel: nv3051d: Hold panel in reset for unprepare (Mika Penttila) [RHEL-1351] - drm/dp_mst: Fix fractional DSC bpp handling (Mika Penttila) [RHEL-1351] - drm/amd/display: Pass pwrseq inst for backlight and ABM (Mika Penttila) [RHEL-1351] - drm/crtc: fix uninitialized variable use (Mika Penttila) [RHEL-1351] - drm/amd/display: get dprefclk ss info from integration info table (Mika Penttila) [RHEL-1351] - drm/amd/display: Add case for dcn35 to support usb4 dmub hpd event (Mika Penttila) [RHEL-1351] - drm/amdkfd: svm range always mapped flag not working on APU (Mika Penttila) [RHEL-1351] - drm/crtc: Fix uninit-value bug in drm_mode_setcrtc (Mika Penttila) [RHEL-1351] - drm/amdgpu: Add NULL checks for function pointers (Mika Penttila) [RHEL-1351] - drm/amd/display: Add monitor patch for specific eDP (Mika Penttila) [RHEL-1351] - nouveau/tu102: flush all pdbs on vmm flush (Mika Penttila) [RHEL-1351] - Revert 'drm/prime: Unexport helpers for fd/handle conversion' (Mika Penttila) [RHEL-1351] - drm/amdgpu: Use another offset for GC 9.4.3 remap (Mika Penttila) [RHEL-1351] - drm/amdkfd: Free gang_ctx_bo and wptr_bo in pqm_uninit (Mika Penttila) [RHEL-1351] - drm/amdgpu: Fix cat debugfs amdgpu_regs_didt causes kernel null pointer (Mika Penttila) [RHEL-1351] - drm/amd/display: update dcn315 lpddr pstate latency (Mika Penttila) [RHEL-1351] - drm/amdkfd: Use common function for IP version check (Mika Penttila) [RHEL-1351] - drm/amdgpu: Do not issue gpu reset from nbio v7_9 bif interrupt (Mika Penttila) [RHEL-1351] - drm/amd/display: Fix sending VSC (+ colorimetry) packets for DP/eDP displays without PSR (Mika Penttila) [RHEL-1351] - drm/amd/display: add nv12 bounding box (Mika Penttila) [RHEL-1351] - drm/amdgpu: skip gpu_info fw loading on navi12 (Mika Penttila) [RHEL-1351] - drm/amd/display: Increase frame warning limit with KASAN or KCSAN in dml (Mika Penttila) [RHEL-1351] - drm/amd/display: Increase num voltage states to 40 (Mika Penttila) [RHEL-1351] - drm/i915: Call intel_pre_plane_updates() also for pipes getting enabled (Mika Penttila) [RHEL-1351] - drm/i915/perf: Update handling of MMIO triggered reports (Mika Penttila) [RHEL-1351] - drm/i915/dp: Fix passing the correct DPCD_REV for drm_dp_set_phy_test_pattern (Mika Penttila) [RHEL-1351] - drm/bridge: ps8640: Fix size mismatch warning w/ len (Mika Penttila) [RHEL-1351] - drm/bridge: ti-sn65dsi86: Never store more than msg->size bytes in AUX xfer (Mika Penttila) [RHEL-1351] - drm/bridge: parade-ps8640: Never store more than msg->size bytes in AUX xfer (Mika Penttila) [RHEL-1351] - drm/mgag200: Fix gamma lut not initialized for G200ER, G200EV, G200SE (Mika Penttila) [RHEL-1351] - drm/amd/display: pbn_div need be updated for hotplug event (Mika Penttila) [RHEL-1351] - drm/i915/dmc: Don't enable any pipe DMC events (Mika Penttila) [RHEL-1351] - drm/i915: Reject async flips with bigjoiner (Mika Penttila) [RHEL-1351] - drm/amdgpu: re-create idle bo's PTE during VM state machine reset (Mika Penttila) [RHEL-1351] - drm/i915/mtl: Fix HDMI/DP PLL clock selection (Mika Penttila) [RHEL-1351] - drm/i915/hwmon: Fix static analysis tool reported issues (Mika Penttila) [RHEL-1351] - drm: Fix FD ownership check in drm_master_check_perm() (Mika Penttila) [RHEL-1351] - drm: Update file owner during use (Mika Penttila) [RHEL-1351] - drm/i915/edp: don't write to DP_LINK_BW_SET when using rate select (Mika Penttila) [RHEL-1351] - drm/i915: Introduce crtc_state->enhanced_framing (Mika Penttila) [RHEL-1351] - drm/i915: Fix FEC state dump (Mika Penttila) [RHEL-1351] - drm/amd/display: fix hw rotated modes when PSR-SU is enabled (Mika Penttila) [RHEL-1351] - drm/i915: Fix remapped stride with CCS on ADL+ (Mika Penttila) [RHEL-1351] - drm/i915: Fix intel_atomic_setup_scalers() plane_state handling (Mika Penttila) [RHEL-1351] - drm/i915: Fix ADL+ tiled plane stride when the POT stride is smaller than the original (Mika Penttila) [RHEL-1351] - drm/amd/display: Restore guard against default backlight value < 1 nit (Mika Penttila) [RHEL-1351] - drm/edid: also call add modes in EDID connector update fallback (Mika Penttila) [RHEL-1351] - drm/amdgpu: fix tear down order in amdgpu_vm_pt_free (Mika Penttila) [RHEL-1351] - drm/amdgpu/sdma5.2: add begin/end_use ring callbacks (Mika Penttila) [RHEL-1351] - drm/i915: Use internal class when counting engine resets (Mika Penttila) [RHEL-1351] - drm/i915/selftests: Fix engine reset count storage for multi-tile (Mika Penttila) [RHEL-1351] - drm/amdgpu: Restrict extended wait to PSP v13.0.6 (Mika Penttila) [RHEL-1351] - drm/amdgpu: update retry times for psp BL wait (Mika Penttila) [RHEL-1351] - drm/amdgpu: Fix refclk reporting for SMU v13.0.6 (Mika Penttila) [RHEL-1351] - drm/amdgpu: disable MCBP by default (Mika Penttila) [RHEL-1351] - drm/i915: Skip some timing checks on BXT/GLK DSI transcoders (Mika Penttila) [RHEL-1351] - drm/i915/mst: Reject modes that require the bigjoiner (Mika Penttila) [RHEL-1351] - drm/i915/mst: Fix .mode_valid_ctx() return values (Mika Penttila) [RHEL-1351] - drm/atomic-helpers: Invoke end_fb_access while owning plane state (Mika Penttila) [RHEL-1351] - drm/amdkfd: get doorbell's absolute offset based on the db_size (Mika Penttila) [RHEL-1351] - drm/amd/amdgpu/amdgpu_doorbell_mgr: Correct misdocumented param 'doorbell_index' (Mika Penttila) [RHEL-1351] - drm/amdgpu: correct chunk_ptr to a pointer to chunk. (Mika Penttila) [RHEL-1351] - drm/amdgpu: finalizing mem_partitions at the end of GMC v9 sw_fini (Mika Penttila) [RHEL-1351] - drm/amdgpu: Do not program VF copy regs in mmhub v1.8 under SRIOV (v2) (Mika Penttila) [RHEL-1351] - nouveau: use an rwlock for the event lock. (Mika Penttila) [RHEL-1351] - drm/amd/display: Fix MPCC 1DLUT programming (Mika Penttila) [RHEL-1351] - drm/amd/display: Simplify brightness initialization (Mika Penttila) [RHEL-1351] - drm/amd/display: Reduce default backlight min from 5 nits to 1 nits (Mika Penttila) [RHEL-1351] - drm/amd/display: refactor ILR to make it work (Mika Penttila) [RHEL-1351] - drm/amd/pm: fix a memleak in aldebaran_tables_init (Mika Penttila) [RHEL-1351] - drm/panel: nt36523: fix return value check in nt36523_probe() (Mika Penttila) [RHEL-1351] - drm/panel: starry-2081101qfh032011-53g: Fine tune the panel power sequence (Mika Penttila) [RHEL-1351] - drm/i915/gsc: Mark internal GSC engine with reserved uabi class (Mika Penttila) [RHEL-1351] - drm/amd/display: Remove power sequencing check (Mika Penttila) [RHEL-1351] - drm/amd/display: Refactor edp power control (Mika Penttila) [RHEL-1351] - dma-buf: fix check in dma_resv_add_fence (Mika Penttila) [RHEL-1351] - nouveau: find the smallest page allocation to cover a buffer alloc. (Mika Penttila) [RHEL-1351] - drm/amd/display: force toggle rate wa for first link training for a retimer (Mika Penttila) [RHEL-1351] - drm/amd/display: fix ABM disablement (Mika Penttila) [RHEL-1351] - drm/amd/display: Update min Z8 residency time to 2100 for DCN314 (Mika Penttila) [RHEL-1351] - drm/amd/display: Use DRAM speed from validation for dummy p-state (Mika Penttila) [RHEL-1351] - drm/amd/display: Remove min_dst_y_next_start check for Z8 (Mika Penttila) [RHEL-1351] - drm/amd/display: Include udelay when waiting for INBOX0 ACK (Mika Penttila) [RHEL-1351] - drm/amdgpu: Update EEPROM I2C address for smu v13_0_0 (Mika Penttila) [RHEL-1351] - drm/amdgpu: fix memory overflow in the IB test (Mika Penttila) [RHEL-1351] - drm/amdgpu: Force order between a read and write to the same address (Mika Penttila) [RHEL-1351] - drm/amdgpu: correct the amdgpu runtime dereference usage count (Mika Penttila) [RHEL-1351] - drm/amd: Enable PCIe PME from D3 (Mika Penttila) [RHEL-1351] - drm/i915: Also check for VGA converter in eDP probe (Mika Penttila) [RHEL-1351] - drm/ast: Disconnect BMC if physical connector is connected (Mika Penttila) [RHEL-1351] - drm/panel: boe-tv101wum-nl6: Fine tune Himax83102-j02 panel HFP and HBP (Mika Penttila) [RHEL-1351] - drm/i915: do not clean GT table on error path (Mika Penttila) [RHEL-1351] - drm/panel: simple: Fix Innolux G101ICE-L01 timings (Mika Penttila) [RHEL-1351] - drm/panel: simple: Fix Innolux G101ICE-L01 bus flags (Mika Penttila) [RHEL-1351] - drm/panel: auo,b101uan08.3: Fine tune the panel power sequence (Mika Penttila) [RHEL-1351] - drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox (Mika Penttila) [RHEL-1351] - drm/amd/display: Clear dpcd_sink_ext_caps if not set (Mika Penttila) [RHEL-1351] - drm/amd/display: Enable fast plane updates on DCN3.2 and above (Mika Penttila) [RHEL-1351] - drm/amd/display: fix a NULL pointer dereference in amdgpu_dm_i2c_xfer() (Mika Penttila) [RHEL-1351] - drm/amd/display: Fix DSC not Enabled on Direct MST Sink (Mika Penttila) [RHEL-1351] - drm/amd/display: Guard against invalid RPTR/WPTR being set (Mika Penttila) [RHEL-1351] - drm/amdgpu: Fix possible null pointer dereference (Mika Penttila) [RHEL-1351] - drm/amdgpu: lower CS errors to debug severity (Mika Penttila) [RHEL-1351] - drm/amdgpu: fix error handling in amdgpu_bo_list_get() (Mika Penttila) [RHEL-1351] - drm/amdgpu: fix error handling in amdgpu_vm_init (Mika Penttila) [RHEL-1351] - drm/amdgpu: don't use ATRM for external devices (Mika Penttila) [RHEL-1351] - drm/amdgpu: add a retry for IP discovery init (Mika Penttila) [RHEL-1351] - drm/amdgpu: fix GRBM read timeout when do mes_self_test (Mika Penttila) [RHEL-1351] - drm/amdgpu/smu13: drop compute workload workaround (Mika Penttila) [RHEL-1351] - drm/amd/pm: Fix error of MACO flag setting code (Mika Penttila) [RHEL-1351] - drm/i915: Flush WC GGTT only on required platforms (Mika Penttila) [RHEL-1351] - drm/i915: Fix potential spectre vulnerability (Mika Penttila) [RHEL-1351] - drm/i915: Bump GLK CDCLK frequency when driving multiple pipes (Mika Penttila) [RHEL-1351] - drm/amd/display: Add Null check for DPP resource (Mika Penttila) [RHEL-1351] - drm: bridge: it66121: ->get_edid callback must not return err pointers (Mika Penttila) [RHEL-1351] - drm/amd/pm: Handle non-terminated overdrive commands. (Mika Penttila) [RHEL-1351] - drm/amd/display: enable dsc_clk even if dsc_pg disabled (Mika Penttila) [RHEL-1351] - i915/perf: Fix NULL deref bugs with drm_dbg() calls (Mika Penttila) [RHEL-1351] - drm/i915/tc: Fix -Wformat-truncation in intel_tc_port_init (Mika Penttila) [RHEL-1351] - drm/amdgpu: fix software pci_unplug on some chips (Mika Penttila) [RHEL-1351] - drm/qxl: prevent memory leak (Mika Penttila) [RHEL-1351] - drm/amd/display: Avoid NULL dereference of timing generator (Mika Penttila) [RHEL-1351] - drm/amd: check num of link levels when update pcie param (Mika Penttila) [RHEL-1351] - drm/amd/display: fix num_ways overflow error (Mika Penttila) [RHEL-1351] - drm/amd: Disable PP_PCIE_DPM_MASK when dynamic speed switching not supported (Mika Penttila) [RHEL-1351] - drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL (Mika Penttila) [RHEL-1351] - drm/amdkfd: Fix shift out-of-bounds issue (Mika Penttila) [RHEL-1351] - drm/panel: st7703: Pick different reset sequence (Mika Penttila) [RHEL-1351] - drm/amdgpu/vkms: fix a possible null pointer dereference (Mika Penttila) [RHEL-1351] - drm/radeon: fix a possible null pointer dereference (Mika Penttila) [RHEL-1351] - drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (Mika Penttila) [RHEL-1351] - drm/panel: fix a possible null pointer dereference (Mika Penttila) [RHEL-1351] - drm/amdgpu: Fix potential null pointer derefernce (Mika Penttila) [RHEL-1351] - drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (Mika Penttila) [RHEL-1351] - drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (Mika Penttila) [RHEL-1351] - drm/amd/display: use full update for clip size increase of large plane source (Mika Penttila) [RHEL-1351] - drm/amd: Update update_pcie_parameters functions to use uint8_t arguments (Mika Penttila) [RHEL-1351] - drm/amdgpu: update retry times for psp vmbx wait (Mika Penttila) [RHEL-1351] - drm/amdkfd: Fix a race condition of vram buffer unref in svm code (Mika Penttila) [RHEL-1351] - drm/amdgpu: not to save bo in the case of RAS err_event_athub (Mika Penttila) [RHEL-1351] - drm/edid: Fixup h/vsync_end instead of h/vtotal (Mika Penttila) [RHEL-1351] - drm/amd/display: add seamless pipe topology transition check (Mika Penttila) [RHEL-1351] - drm/amd/display: Don't lock phantom pipe on disabling (Mika Penttila) [RHEL-1351] - drm/amd/display: Blank phantom OTG before enabling (Mika Penttila) [RHEL-1351] - drm/amdkfd: ratelimited SQ interrupt messages (Mika Penttila) [RHEL-1351] - drm/gma500: Fix call trace when psb_gem_mm_init() fails (Mika Penttila) [RHEL-1351] - drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE (Mika Penttila) [RHEL-1351] - drm/amdgpu: don't put MQDs in VRAM on ARM | ARM64 (Mika Penttila) [RHEL-1351] - drm/amdgpu/gfx10,11: use memcpy_to/fromio for MQDs (Mika Penttila) [RHEL-1351] - drm/amd/pm: Fix a memory leak on an error path (Mika Penttila) [RHEL-1351] - drm/bridge: lt9611uxc: fix the race in the error path (Mika Penttila) [RHEL-1351] - gpu: host1x: Correct allocated size for contexts (Mika Penttila) [RHEL-1351] - drm/amd/display: Bail from dm_check_crtc_cursor if no relevant change (Mika Penttila) [RHEL-1351] - drm/amd/display: Refactor dm_get_plane_scale helper (Mika Penttila) [RHEL-1351] - drm/amd/display: Check all enabled planes in dm_check_crtc_cursor (Mika Penttila) [RHEL-1351] - drm/amd/display: Fix null pointer dereference in error message (Mika Penttila) [RHEL-1351] - drm/amdkfd: Handle errors from svm validate and map (Mika Penttila) [RHEL-1351] - drm/amdkfd: Remove svm range validated_once flag (Mika Penttila) [RHEL-1351] - drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code (Mika Penttila) [RHEL-1351] - drm/amdgpu: Increase IH soft ring size for GFX v9.4.3 dGPU (Mika Penttila) [RHEL-1351] - drm/bridge: tc358768: Fix tc358768_ns_to_cnt() (Mika Penttila) [RHEL-1351] - drm/bridge: tc358768: Clean up clock period code (Mika Penttila) [RHEL-1351] - drm/bridge: tc358768: Rename dsibclk to hsbyteclk (Mika Penttila) [RHEL-1351] - drm/bridge: tc358768: Use dev for dbg prints, not priv->dev (Mika Penttila) [RHEL-1351] - drm/bridge: tc358768: Print logical values, not raw register values (Mika Penttila) [RHEL-1351] - drm/bridge: tc358768: Use struct videomode (Mika Penttila) [RHEL-1351] - drm/bridge: tc358768: Fix bit updates (Mika Penttila) [RHEL-1351] - drm/bridge: tc358768: Fix use of uninitialized variable (Mika Penttila) [RHEL-1351] - drm/bridge: lt8912b: Add missing drm_bridge_attach call (Mika Penttila) [RHEL-1351] - drm/bridge: lt8912b: Manually disable HPD only if it was enabled (Mika Penttila) [RHEL-1351] - drm/bridge: lt8912b: Fix crash on bridge detach (Mika Penttila) [RHEL-1351] - drm/bridge: lt8912b: Fix bridge_detach (Mika Penttila) [RHEL-1351] - drm: bridge: it66121: Fix invalid connector dereference (Mika Penttila) [RHEL-1351] - drm/radeon: Remove the references of radeon_gem_ pread & pwrite ioctls (Mika Penttila) [RHEL-1351] - drm/radeon: possible buffer overflow (Mika Penttila) [RHEL-1351] - drm: bridge: for GENERIC_PHY_MIPI_DPHY also select GENERIC_PHY (Mika Penttila) [RHEL-1351] - drm: bridge: samsung-dsim: Initialize ULPS EXIT for i.MX8M DSIM (Mika Penttila) [RHEL-1351] - drm/amd/display: Don't use fsleep for PSR exit waits (Mika Penttila) [RHEL-1351] [5.14.0-421] - ida: Fix crash in ida_free when the bitmap is empty (Wander Lairson Costa) [RHEL-19683 RHEL-19684] {CVE-2023-6915} - drm/virtio: Set segment size for virtio_gpu device (Sebastian Ott) [RHEL-22710] - arm64: module: Fix PLT counting when CONFIG_RANDOMIZE_BASE=n (Jennifer Berringer) [RHEL-1687] - arm64: module: rework module VA range selection (Jennifer Berringer) [RHEL-1687] - Documentation/arm64: update memory layout table. (Jennifer Berringer) [RHEL-1687] - arm64: module: mandate MODULE_PLTS (Jennifer Berringer) [RHEL-1687] - arm64: ftrace: fix module PLTs with mcount (Jennifer Berringer) [RHEL-1687] - arm64: ftrace: consistently handle PLTs. (Jennifer Berringer) [RHEL-1687] - arm64: ftrace: fix branch range checks (Jennifer Berringer) [RHEL-1687] - arm64: module: move module randomization to module.c (Jennifer Berringer) [RHEL-1687] - arm64: kaslr: split kaslr/module initialization (Jennifer Berringer) [RHEL-1687] - arm64: module: remove old !KASAN_VMALLOC logic (Jennifer Berringer) [RHEL-1687] - netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new (Xin Long) [RHEL-22341] - ALSA: hda: Fix possible null-ptr-deref when assigning a stream (Jaroslav Kysela) [RHEL-21053] - ALSA: hda: intel-nhlt: Ignore vbps when looking for DMIC 32 bps format (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: ipc4-loader: remove the CPC check warnings (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: topology: Use partial match for disconnecting DAI link and DAI widget (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: topology: Fix mem leak in sof_dai_load() (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: ipc4-topology: Add deep buffer size to debug prints (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: Intel: hda-codec: Delay the codec device registration (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: ipc4-topology: Correct data structures for the GAIN module (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: ipc4-topology: Correct data structures for the SRC module (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: sof-audio: Modify logic for enabling/disabling topology cores (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: ipc4-topology: Add core_mask in struct snd_sof_pipeline (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: Intel: hda-dsp: Make sure that no irq handler is pending before suspend (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: Intel: Move binding to display driver outside of deferred probe (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: Intel: Fix error handling in hda_init() (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: Intel: hda: start splitting the probe (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: core: Add probe_early and remove_late callbacks (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: IPC4: sort pipeline based on priority (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: IPC4: get pipeline priority from topology (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: sof-pci-dev: Update the ipc_type module parameter description (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: ipc4-control: Add support for ALSA enum control (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: ipc4-control: Add support for ALSA switch control (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: ipc4-topology: Add definition for generic switch/enum control (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: Intel: hda-loader: Add support for split library loading (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: ipc4: Add new message type: SOF_IPC4_GLB_LOAD_LIBRARY_PREPARE (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: Intel: hda: Add definition for SDxFIFOS.FIFOS mask (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: ipc4: Convert status code 2 and 15 to -EOPNOTSUPP (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: ipc4-pcm: fixup dailink based on copier format (Jaroslav Kysela) [RHEL-21053] - ASoC: SOF: ipc4-topology: export sof_ipc4_copier_is_single_format (Jaroslav Kysela) [RHEL-21053] - objtool: Add __kunit_abort() to noreturns (Nico Pache) [RHEL-19099] - config: wifi: enable new kunit configuration options (Jose Ignacio Tornos Martinez) [RHEL-19746] - config: wifi: disable new unsupported configuration options (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: fix a memory corruption (Jose Ignacio Tornos Martinez) [RHEL-10297 RHEL-19746] - wifi: iwlwifi: change link id in time event to s8 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: skip adding debugfs symlink for reconfig (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: use deflink and fix typo in link ID check (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: rely on mac80211 debugfs handling for vif (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: cfg80211: parse all ML elements in an ML probe response (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: cfg80211: correct comment about MLD ID (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: fix advertised TTLM scheduling (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: assign phy_ctxt before eSR activation (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: fix out of bound copy_from_user (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: Do not warn if valid link pair was not found (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: fix the error handler of rfkill config (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7921: fix wrong 6Ghz power type (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7921: fix CLC command timeout when suspend/resume (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7996: fix mt7996_mcu_all_sta_info_event struct packing (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7915: also MT7981 is 3T3R but nss2 on 5 GHz band (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7915: fix EEPROM offset of TSSI flag on MT7981 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7996: fix alignment of sta info event (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: fix typo in mt76_get_of_eeprom_from_nvmem function (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7996: fix uninitialized variable in parsing txfree (Jose Ignacio Tornos Martinez) [RHEL-19746] - net: qrtr: ns: Return 0 if server port is not present (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: add/remove driver debugfs entries as appropriate (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: do not re-add debugfs entries during resume (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: pcie: don't synchronize IRQs from IRQ (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: cfg80211: fix certs build to not depend on file order (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: fix crash with WED rx support enabled (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: pcie: avoid a NULL pointer dereference (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: mesh_plink: fix matches_local logic (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: mesh: check element parsing succeeded (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: check defragmentation succeeded (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: don't re-add debugfs during reconfig (Jose Ignacio Tornos Martinez) [RHEL-19746] - net: rfkill: gpio: set GPIO direction (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: check if the existing link config remains unchanged (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: cfg80211: Add my certificate (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: pcie: add another missing bh-disable for rxq->lock (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ieee80211: don't require protected vendor action frames (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: handle 320 MHz in ieee80211_ht_cap_ie_to_sta_ht_cap (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: avoid offset calculation on NULL pointer (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: cfg80211: hold wiphy mutex for send_interface (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: cfg80211: lock wiphy mutex for rfkill poll (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: cfg80211: fix CQM for non-range use (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: do not pass AP_VLAN vif pointer to drivers during flush (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: fix an error code in iwl_mvm_mld_add_sta() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7925: fix typo in mt7925_init_he_caps (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: fix system commands group ordering (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7921: fix 6GHz disabled by the missing default CLC config (Jose Ignacio Tornos Martinez) [RHEL-19746] - net: fill in MODULE_DESCRIPTION()s in kuba@'s modules (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ray_cs: Remove unnecessary (void*) conversions (Jose Ignacio Tornos Martinez) [RHEL-19746] - Revert 'wifi: ath11k: call ath11k_mac_fils_discovery() without condition' (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: Introduce and use ath12k_sta_to_arsta() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: fix htt mlo-offset event locking (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: fix dfs-radar and temperature event locking (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: fix gtk offload status event locking (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: fix htt pktlog locking (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: fix dfs radar event locking (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: fix temperature event locking (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: rename the sc naming convention to ab (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: rename the wmi_sc naming convention to wmi_ab (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: add firmware-2.bin support (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: qmi: refactor ath11k_qmi_m3_load() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: cleanup firmware elements parsing (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rt2x00: rework MT7620 PA/LNA RF calibration (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rt2x00: rework MT7620 channel config function (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rt2x00: improve MT7620 register initialization (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7921: fix kernel panic by accessing invalid 6GHz channel info (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rt2x00: fix rt2800 watchdog function (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath9k_htc: fix format-truncation warning (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: brcmfmac: fix format-truncation warnings (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: drop robust action frames before assoc (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: cfg80211: Allow AP/P2PGO to indicate port authorization to peer STA/P2PClient (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: bump FW API to 86 for AX/BZ/SC devices (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: read DSM func 2 for specific RF types (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: show dump even for pldr_sync (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: cycle FW link on chanctx removal (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: trace full frames with TX status request (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: empty overflow queue during flush (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: fw: Add support for UATS table in UHB (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: add a print when sending RLC command (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: debugfs for fw system stats (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: implement new firmware API for statistics (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: fix regdb initialization (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: update IGTK in mvmvif upon D3 resume (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: simplify the reorder buffer (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: disable multi rx queue for 9000 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: Return success if link could not be removed (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: fix size check for fw_link_id (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: pcie: synchronize IRQs before NAPI (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: add support for SNPS DPHYIP region type (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: fix netif csum flags (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: remove set_tim callback for MLD ops (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: api: fix center_freq label in PHY diagram (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: support link id in SESSION_PROTECTION_NOTIF (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: support link_id in SESSION_PROTECTION cmd (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: make time_events MLO aware (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: rename struct cfg80211_rx_assoc_resp to cfg80211_rx_assoc_resp_data (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: rename ieee80211_tx_status() to ieee80211_tx_status_skb() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: add support for activating UNII-1 in WW via BIOS (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: remove TDLS stations from FW (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: fix iwl_mvm_mac_flush_sta() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: change iwl_mvm_flush_sta() API (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: extend alive timeout to 2 seconds (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: fix the PHY context resolution for p2p device (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: fold the ref++ into iwl_mvm_phy_ctxt_add (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: don't add dummy phy context (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: cleanup MLO and non-MLO unification code (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: implement ROC version 3 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: send EDT table to FW (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: Fix key flags for IGTK on AP interface (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlmvm: fw: Add new OEM vendor to tas approved list (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: Fix unreachable code path (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: add new RF support for wifi7 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: fw: increase fw_version string size (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: fix change_address deadlock during unregister (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: Add __counted_by for struct ieee802_11_elems and use struct_size() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: check for kmemdup() return value in iwl_parse_tlv_firmware() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: remove unused argument of ieee80211_get_tdls_action() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: Correctly set link configuration (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: fix the rf step and flavor bits range (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: fw: Fix debugfs command sending (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: advertise support for SCS traffic description (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: Don't always bind/link the P2P Device interface (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: add start mac ctdp sum calculation debugfs handler (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: abort scan when rfkill on but device enabled (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: Add basic link selection logic (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mei: return error from register when not built (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: fix SB CFG check (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: add a per-link debugfs (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: rework debugfs handling (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: yoyo: swap cdb and jacket bits values (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: add support for new ini region types (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: Extract common prph mac/phy regions data dump logic (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: nl80211: fix doc typos (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: fix header kernel-doc typos (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: cfg80211: fix header kernel-doc typos (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: add link id to mgd_prepare_tx() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: Check if we had first beacon with relevant links (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: flush STA queues on unauthorization (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: purge TX queues in flush_queues flow (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: cfg80211: wext: convert return value to kernel-doc (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: fix a expired vs. cancel race in roc (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: make mgd_protect_tdls_discover MLO-aware (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: cfg80211: Fix typo in documentation (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: Fix setting vif links (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: cfg80211: Handle specific BSSID in 6GHz scanning (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: mesh: fix some kdoc warnings (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: cfg80211: Include operating class 137 in 6GHz band (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: Rename and update IEEE80211_VIF_DISABLE_SMPS_OVERRIDE (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: handle debugfs when switching to/from MLO (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: add a driver callback to add vif debugfs (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: don't recreate driver link debugfs in reconfig (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: cleanup auth_data only if association continues (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: bump FW API to 84 for AX/BZ/SC devices (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: use correct sta ID for IGTK/BIGTK (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: offload IGTK in AP if BIGTK is supported (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: fix removing pasn station for responder (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: pcie: clean up WFPM control bits (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: fix opmode start/stop race (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: skip opmode start retries on dead transport (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: pcie: propagate iwl_pcie_gen2_apm_init() error (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: update station's MFP flag after association (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: wilc1000: use vmm_table as array in wilc struct (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtlwifi: drop chk_switch_dmdp() from HAL interface (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtlwifi: drop fill_fake_txdesc() from HAL interface (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtlwifi: drop pre_fill_tx_bd_desc() from HAL interface (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: move software DCFO compensation setting to proper position (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: correct the DCFO tracking flow to improve CFO compensation (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: modify the register setting and the flow of CFO tracking (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: phy: generalize valid bit of BSS color (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: phy: change naming related BT coexistence functions (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw88: dump firmware debug information in abnormal state (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw88: debug: add to check if debug mask is enabled (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtlwifi: cleanup struct rtl_ps_ctl (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: rename the sc naming convention to ab (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: rename the wmi_sc naming convention to wmi_ab (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: Remove ath12k_base::bd_api (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: Remove ath11k_base::bd_api (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: Enable Mesh support for QCN9274 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: register EHT mesh capabilities (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: Use device_get_match_data() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: mac: do bf_monitor only if WiFi 6 chips (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: mac: set bf_assoc capabilities according to chip gen (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: mac: set bfee_ctrl() according to chip gen (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: mac: add registers of MU-EDCA parameters for WiFi 7 chips (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: mac: generalize register of MU-EDCA switch according to chip gen (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: mac: update RTS threshold according to chip gen (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtlwifi: simplify TX command fill callbacks (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: Introduce and use ath11k_sta_to_arsta() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: Remove unused struct ath11k_htc_frame (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: fix invalid m3 buffer address (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: add ath12k_qmi_free_resource() for recovery (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: configure RDDM size to MHI for device recovery (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: add parsing of phy bitmap for reg rules (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: add parsing of phy bitmap for reg rules (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: ath11k_debugfs_register(): fix format-truncation warning (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: coex: add annotation __counted_by() to struct rtw89_btc_btf_set_mon_reg (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: coex: add annotation __counted_by() for struct rtw89_btc_btf_set_slot_table (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: add EHT radiotap in monitor mode (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: show EHT rate in debugfs (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: parse TX EHT rate selected by firmware from RA C2H report (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: Add EHT rate mask as parameters of RA H2C command (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: parse EHT information from RX descriptor and PPDU status packet (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: radiotap: add bandwidth definition of EHT U-SIG (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtlwifi: use convenient list_count_nodes() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: brcmfmac: fweh: Add __counted_by for struct brcmf_fweh_queue_item and use struct_size() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw88: Remove duplicate NULL check before calling usb_kill/free_urb() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: Consistently use ath12k_vif_to_arvif() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: call ath11k_mac_fils_discovery() without condition (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: remove redundant memset() in ath12k_hal_reo_qdesc_setup() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtlwifi: use unsigned long for bt_coexist_8723 timestamp (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw88: 8821c: tweak CCK TX filter setting for SRRC regulation (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw88: regd: update regulatory map to R64-R42 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw88: 8822c: update TX power limit to V70 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw88: 8821c: update TX power limit to V67 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw88: regd: configure QATAR and UK (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtlwifi: remove unreachable code in rtl92d_dm_check_edca_turbo() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: debug: txpwr table supports Wi-Fi 7 chips (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: debug: show txpwr table according to chip gen (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: phy: set TX power RU limit according to chip gen (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: phy: set TX power limit according to chip gen (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: phy: set TX power offset according to chip gen (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: phy: set TX power by rate according to chip gen (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: mac: get TX power control register according to chip gen (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: fix debug messages (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: fix Tx power value during active CAC (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: fix CAC running state during virtual interface start (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath10k: simplify ath10k_peer_create() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtlwifi: use unsigned long for rtl_bssid_entry timestamp (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtlwifi: fix EDCA limit set by BT coexistence (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rt2x00: fix MT7620 low RSSI issue (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: refine bandwidth 160MHz uplink OFDMA performance (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: refine uplink trigger based control mechanism (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: 8851b: update TX power tables to R34 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: 8852b: update TX power tables to R35 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: 8852c: update TX power tables to R67 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: regd: configure Thailand in regulation type (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath10k: indicate to mac80211 scan complete with aborted flag for ATH10K_SCAN_STARTING state (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath: dfs_pattern_detector: Use flex array to simplify code (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath: dfs_pattern_detector: Fix a memory initialization issue (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath10k: Don't touch the CE interrupt registers after power up (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath10k: consistently use kstrtoX_from_user() functions (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: add keep backward compatibility of PHY mode to avoid firmware crash (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: add read variant from SMBIOS for download board data (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: do not drop data frames from unassociated stations (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: mhi: fix potential memory leak in ath12k_mhi_register() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: Annotate struct mt76_rx_tid with __counted_by (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7921: update the channel usage when the regd domain changed (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7921: get regulatory information from the clc event (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7921: add 6GHz power type support for clc (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7921: enable set txpower for UNII-4 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7921: move connac nic capability handling to mt7921 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: reduce spin_lock_bh held up in mt76_dma_rx_cleanup (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7996: remove periodic MPDU TXS request (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7996: enable PPDU-TxS to host (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7996: Add mcu commands for getting sta tx statistic (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7996: get tx_retries and tx_failed from txfree (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt792x: move some common usb code in mt792x module (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt792x: move mt7921_skb_add_usb_sdio_hdr in mt792x module (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7915 add tc offloading support (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7925: add Mediatek Wi-Fi7 driver for mt7925 chips (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7921: fix the wrong rate selected in fw for the chanctx driver (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7921: fix the wrong rate pickup for the chanctx driver (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: move struct ieee80211_chanctx_conf up to struct mt76_vif (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: Drop unnecessary error check for debugfs_create_dir() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7915: fix beamforming availability check (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7915: update mpdu density capability (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: check vif type before reporting cca and csa (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: fix per-band IEEE80211_CONF_MONITOR flag comparison (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: get rid of false alamrs of tx emission issues (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: fix potential memory leak of beacon commands (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: check sta rx control frame to multibss capability (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: update beacon size limitation (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: connac: add MBSSID support for mt7996 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: fix clang-specific fortify warnings (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7921e: Support MT7992 IP in Xiaomi Redmibook 15 Pro (2023) (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: Use PTR_ERR_OR_ZERO() to simplify code (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7996: support per-band LED control (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7996: support more options for mt7996_set_bitrate_mask() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7996: only set vif teardown cmds at remove interface (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7996: fix TWT command format (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7996: fix rx rate report for CBW320-2 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7996: fix wmm queue mapping (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7996: fix beamformee ss subfield in EHT PHY cap (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7996: fix beamform mcu cmd configuration (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7996: set correct wcid in txp (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: connac: add more unified event IDs (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: connac: add more unified command IDs (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: connac: add data field in struct tlv (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: connac: add eht support for tx power (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: connac: add eht support for phy mode config (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: connac: export functions for mt7925 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt792x: support mt7925 chip init (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: connac: introduce helper for mt7925 chipset (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7915: fix monitor mode issues (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: add DMA mapping error check in mt76_alloc_txwi() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: remove unused error path in mt76_connac_tx_complete_skb (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: fix race condition related to checking tx queue fill status (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: use atomic iface iteration for pre-TBTT work (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7603: disable A-MSDU tx support on MT7628 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7603: add missing register initialization for MT7628 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7603: improve stuck beacon handling (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7603: improve watchdog reset reliablity (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mt76: mt7603: rework/fix rx pse hang check (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: add back SPDX identifier (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: fix ieee80211_drop_unencrypted_mgmt return type/value (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtlwifi: cleanup few rtlxxxx_set_hw_reg() routines (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: declare MCC in interface combination (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: 8852c: declare to support two chanctx (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: pause/proceed MCC for ROC and HW scan (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rtw89: mcc: fix NoA start time when GO is auxiliary (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: rt2x00: remove redundant check if u8 array element is less than zero (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: mac: fix struct ieee80211_sband_iftype_data handling (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: fix ath11k_mac_op_remain_on_channel() stack usage (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: add msdu_end structure for WCN7850 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: Set default beacon mode to burst mode (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: call ath12k_mac_fils_discovery() without condition (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: remove unnecessary (void*) conversions (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: enable IEEE80211_HW_SINGLE_SCAN_ON_ALL_BANDS for WCN7850 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: change to treat alpha code na as world wide regdomain (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: indicate scan complete for scan canceled when scan running (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: indicate to mac80211 scan complete with aborted flag for ATH12K_SCAN_STARTING state (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: fix recovery fail while firmware crash when doing channel switch (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath12k: add support for hardware rfkill for WCN7850 (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ath11k: use kstrtoul_from_user() where appropriate (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: expand __ieee80211_data_to_8023() status (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: split ieee80211_drop_unencrypted_mgmt() return value (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: remove RX_DROP_UNUSABLE (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: fix check for unusable RX result (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: cfg80211: add local_state_change to deauth trace (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: cfg80211: OWE DH IE handling offload (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: ieee80211: add UL-bandwidth definition of trigger frame (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: add mapping of a periphery register crf for WH RF (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: check for iwl_mvm_mld_update_sta() errors (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: support injection antenna control (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: refactor TX rate handling (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: make pldr_sync AX210 specific (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: fail NIC access fast on dead NIC (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: add support for new wowlan_info_notif (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: pcie: (re-)assign BAR0 on driver bind (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: implement enable/disable for China 2022 regulatory (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: handle link-STA allocation in restart (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: iterate active links for STA queues (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: iwlwifi: mvm: support set_antenna() (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: reject MLO channel configuration if not supported (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: report per-link error during association (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: cfg80211: report per-link errors during association (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: support antenna control in injection (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: support handling of advertised TID-to-link mapping (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: add support for parsing TID to Link mapping element (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211_hwsim: Handle BSS_CHANGED_VALID_LINKS (Jose Ignacio Tornos Martinez) [RHEL-19746] - wifi: mac80211: Notify the low level driver on change in MLO valid links (Jose Ignacio Tornos Martinez) [RHEL-19746] ... IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-45863 CVE-2023-31083 CVE-2023-39194 CVE-2023-51043 CVE-2023-52610 CVE-2023-6040 CVE-2023-28464 CVE-2022-0480 CVE-2023-6915 CVE-2023-39193 CVE-2023-25775 CVE-2023-52522 CVE-2023-42754 CVE-2022-45934 CVE-2023-6932 CVE-2023-28866 CVE-2023-39198 CVE-2023-52581 CVE-2024-26583 CVE-2023-6931 CVE-2023-39189 CVE-2023-37453 CVE-2023-52434 CVE-2024-26633 CVE-2024-0565 CVE-2023-52574 CVE-2024-26582 CVE-2023-52448 CVE-2023-52620 CVE-2024-26602 CVE-2024-0841 CVE-2024-26586 CVE-2024-26609 CVE-2023-52489 CVE-2023-24023 CVE-2023-52529 CVE-2024-26584 CVE-2023-4133 CVE-2023-6531 CVE-2023-6176 CVE-2023-42756 CVE-2023-6121 CVE-2023-52578 CVE-2022-38096 CVE-2023-46862 CVE-2023-6546 CVE-2024-1085 CVE-2024-26593 CVE-2023-51780 CVE-2023-3567 CVE-2024-26585 CVE-2020-26555 CVE-2023-52580 CVE-2024-1086 CVE-2023-6622 CVE-2023-51779 CVE-2023-52476 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_base Oracle Linux 9 [4.4-10.git1] - CVE-2021-41072 squashfs-tools: additional write outside destination directory exploit fix CVE-2021-40153 squashfs-tools: unvalidated filepaths allow writing outside of destination rhbz#2007304 RHEL-7763 [4.4-9.git1] - CVE-2021-40153 squashfs-tools: unvalidated filepaths allow writing outside of destination rhbz#2000638 MODERATE Copyright 2024 Oracle, Inc. CVE-2021-40153 CVE-2021-41072 cpe:/o:oracle:linux:9:4:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [2.7.4-10] - Resolves:RHEL-2268 Fix CI tests results [2.7.4-9] - Resolves:RHEL-2268 CVE-2023-25193 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-25193 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/o:oracle:linux:9:4:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [0.8-20] - Fix CVE-2023-38469 (RHEL-5637) [0.8-19] - Fix CVE-2023-38471 (RHEL-5642) [0.8-18] - Fix CVE-2023-38472 (RHEL-5645) [0.8-17] - Fix CVE-2023-38470 (RHEL-5641) [0.8-16] - Fix CVE-2023-38473 (RHEL-5729) MODERATE Copyright 2024 Oracle, Inc. CVE-2023-38470 CVE-2023-38472 CVE-2023-38469 CVE-2023-38471 CVE-2023-38473 cpe:/a:oracle:linux:9::distro_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:4:appstream_base cpe:/o:oracle:linux:9:4:baseos_base Oracle Linux 9 [1.2.2-2] - Backport fixes for issues found by OpenScanHub - Related: RHEL-7945 [1.2.2-1] - Rebase to upstream v1.2.2 - Related: RHEL-15865 - Related: RHEL-14995 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-45897 cpe:/o:oracle:linux:9:4:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [1.3.1-19.0.1] - pam_limits: fix use after free in pam_sm_open_session [Orabug: 36406534] [1.3.1-19] - pam_namespace: protect_dir(): use O_DIRECTORY to prevent local DoS situations. CVE-2024-22365. Resolves: RHEL-21244 [1.3.1-18] - libpam: use getlogin() from libc and not utmp. Resolves: RHEL-16727 - pam_access: handle hostnames in access.conf. Resolves: RHEL-22300 [1.5.1-17] - pam_faillock: create tallydir before creating tallyfile. Resolves: RHEL-20943 [1.5.1-16] - libpam: use close_range() to close file descriptors. Resolves: RHEL-5099 - fix formatting of audit messages. Resolves: RHEL-5100 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-22365 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/o:oracle:linux:9:4:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 openssl [1:3.0.7-27.0.3] - Enable openssl-fips-provider dependency [Orabug: 36504822] [1:3.0.7-27.0.2] - Temporary disable openssl-fips-provider dependency [Orabug: 36504822] [1:3.0.7-27.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.7-27] - Use certified FIPS module instead of freshly built one in Red Hat distribution Related: RHEL-23474 [1:3.0.7-26] - Avoid implicit function declaration when building openssl Related: RHEL-1780 - In FIPS mode, prevent any other operations when rsa_keygen_pairwise_test fails Resolves: RHEL-17104 - Add a directory for OpenSSL providers configuration Resolves: RHEL-17193 - Eliminate memory leak in OpenSSL when setting elliptic curves on SSL context Resolves: RHEL-19515 - POLY1305 MAC implementation corrupts vector registers on PowerPC (CVE-2023-6129) Resolves: RHEL-21151 - Excessive time spent checking invalid RSA public keys (CVE-2023-6237) Resolves: RHEL-21654 - SSL ECDHE Kex fails when pkcs11 engine is set in config file Resolves: RHEL-20249 - Denial of service via null dereference in PKCS#12 Resolves: RHEL-22486 - Use certified FIPS module instead of freshly built one in Red Hat distribution Resolves: RHEL-23474 openssl-fips-provider [3.0.7-2.0.1] - Add bundle with Oracle Linux 9 OpenSSL FIPS Provider module files [Orabug: 36504822] - Replace upstream references [Orabug: 34340177] [3.0.7-2] - Denote conflict with old versions of openssl-libs package Related: RHEL-23474 [3.0.7-1] Initial packaging LOW Copyright 2024 Oracle, Inc. CVE-2023-6237 CVE-2023-3817 CVE-2023-6129 CVE-2024-0727 CVE-2023-2975 CVE-2023-5678 CVE-2023-3446 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::userspace_ksplice cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_base Oracle Linux 9 [2.06-77.0.1] - Support setting custom kernels as default kernels [Orabug: 36043978] - Bump SBAT metadata for grub to 3 [Orabug: 34872719] - Fix CVE-2022-3775 [Orabug: 34871953] - Enable signing for aarch64 EFI - Fix signing certificate names - Enable back btrfs grub module for EFI pre-built image [Orabug: 34360986] - Replaced bugzilla.oracle.com references [Orabug: 34202300] - Update provided certificate version to 202204 [JIRA: OLDIS-16371] - Various coverity fixes [JIRA: OLDIS-16371] - bump SBAT generation - Update bug url [Orabug: 34202300] - Revert provided certificate version back to 202102 [JIRA: OLDIS-16371] - Update signing certificate [JIRA: OLDIS-16371] - fix SBAT data [JIRA: OLDIS-16371] - Update requires [JIRA: OLDIS-16371] - Rebuild for SecureBoot signatures [Orabug: 33801813] - Do not add shim and grub certificate deps for aarch64 packages [Orabug: 32670033] - Update Oracle SBAT data [Orabug: 32670033] - Use new signing certificate [Orabug: 32670033] - honor /etc/sysconfig/kernel DEFAULTKERNEL setting for BLS [Orabug: 30643497] - set EFIDIR as redhat for additional grub2 tools [Orabug: 29875597] - Update upstream references [Orabug: 26388226] - Insert Unbreakable Enterprise Kernel text into BLS config file [Orabug: 29417955] - Put 'with' in menuentry instead of 'using' [Orabug: 18504756] - Use different titles for UEK and RHCK kernels [Orabug: 18504756] [2.06-77] - kern/dl: grub_dl_set_mem_attrs()/grub_dl_load_segments() fixes - Resolves: #RHEL-26322 [2.06-76] - fs/ntfs: OOB write fix - (CVE-2023-4692) - Resolves: #RHEL-11567 [2.06-75] - grub-set-bootflag: Fix for CVE-2024-1048 - (CVE-2024-1048) - Resolves: #RHEL-20747 [2.06-74] - Don't run 20-grub.install for UKIs - Resolves: #RHEL-21368 [2.06-73] - search command: add flag to only search root dev - Resolves: #RHEL-20526 - Resolves: #CVE-2023-4001 [2.06-72] - normal: Remove grub_env_set prefix in grub_try_normal_prefix - Resolves: #RHEL-1601 [2.06-71] - kern/ieee1275/init: ppc64: Restrict high memory in presence of fadump - Resolves: #RHEL-14282 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-4693 CVE-2024-1048 CVE-2023-4692 cpe:/o:oracle:linux:9:4:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [252-32.0.2] - Due to a new [Orabug: 36564551] filed on April 29 2024, reverting from back to - previous Tony Lam patch [Orabug: 25897792] until issue with [Orabug: 36564551] is resolved. - Re-Added 1001-Fix-missing-netdev-for-iscsi-entry-in-fstab.patch [Orabug: 25897792] - Removed the following, associated with [Orabug: 36269319]: - 1A) Remove 1001-systemd-fstab-generator-reload-targets.patch - 1B) Remove Fix local-fs and remote-fs targets during system boot [Orabug: 36269319] - 1C) Remove 'systemd-fstab-generator-reload-targets.service' file [Orabug: 36269319] - 1D) Remove required rpms for correct kickstart/systemd functionality within systemd.spec [Orabug: 36269319] - 1E) Remove Important: Review 1001-systemd-fstab-generator-reload-targets.patch for important build details/steps [Orabug: 36269319] [252-32.0.1] - Backport upstream pstore dmesg fix [Orabug: 34868110] - Remove upstream references [Orabug: 33995357] - Disable unprivileged BPF by default [Orabug: 32870980] - udev rules: fix memory hot add and remove [Orabug: 31310273] - set 'RemoveIPC=no' in logind.conf as default for OL7.2 [Orabug: 22224874] - allow dm remove ioctl to co-operate with UEK3 [Orabug: 18467469] - shutdown: get only active md arrays. [Orabug: 34467234] - Wait for an extra configurable time before udevd kills a worker [Orabug: 36017407] - Removed unneeded patches from the systemd.spec - 1001-Fix-missing-netdev-for-iscsi-entry-in-fstab.patch [Orabug: 25897792] - 1004-orabug34272490-0001-core-device-ignore-DEVICE_FOUND_UDEV-bit-on-switchin.patch [Orabug: 34272490] - 1005-orabug34272490-0002-core-device-drop-unnecessary-condition.patch [Orabug: 34272490] - 1007-orabug34868110-pstore-fixes-for-dmesg.txt-reconstruction.patch [Orabug: 34868110] [252-32] - rebase rhel-net-naming-sysattrs to v0.5 [252-31] - bootctl: rework random seed logic to use open_mkdir_at() and openat() (RHEL-16952) - bootctl: properly sync fs before/after moving random seed file into place (RHEL-16952) - bootctl: when updating EFI random seed file, hash old seed with new one (RHEL-16952) - sha256: add helper than hashes a buffer *and* its size (RHEL-16952) - random-seed: don't refresh EFI random seed from random-seed.c anymore (RHEL-16952) - bootctl: downgrade graceful messages to LOG_NOTICE (RHEL-16952) - units: rename/rework systemd-boot-system-token.service -> systemd-boot-random-seed.service (RHEL-16952) - bootctl: split out setting of system token into function of its own (RHEL-16952) [252-30] - resolved: limit the number of signature validations in a transaction (RHEL-26643) - resolved: reduce the maximum nsec3 iterations to 100 (RHEL-26643) - efi: alignment of the PE file has to be at least 512 bytes (RHEL-26133) - units: change assert to condition to skip running in initrd/os (RHEL-16182) - ci: add configuration for regression sniffer GA (RHEL-1086) [252-29] - units: fix typo in Condition in systemd-boot-system-token (RHEL-16952) [252-28] - random-seed: shorten a bit may_credit() (RHEL-16952) - random-seed: make one more use of random_write_entropy() (RHEL-16952) - random-seed: use getopt() (RHEL-16952) - random-seed: make the logic to calculate the number of bytes read from the random seed file clearer (RHEL-16952) - random-seed: no need to pass 'mode' argument when opening /dev/urandom (RHEL-16952) - random-seed: split out run() (RHEL-16952) - random_seed: minor improvement in run() (RHEL-16952) - random-seed: downgrade some messages (RHEL-16952) - random-seed: clarify one comment (RHEL-16952) - random-seed: make sure to load machine id even if the seed file is missing (RHEL-16952) - chase-symlinks: add new flag for prohibiting any following of symlinks (RHEL-16952) - bootctl,bootspec: make use of CHASE_PROHIBIT_SYMLINKS whenever we access the ESP/XBOOTLDR (RHEL-16952) - boot: implement kernel EFI RNG seed protocol with proper hashing (RHEL-16952) - random-seed: refresh EFI boot seed when writing a new seed (RHEL-16952) - random-seed: handle post-merge review nits (RHEL-16952) - boot: do not truncate random seed file (RHEL-16952) - bootctl: install system token on virtualized systems (RHEL-16952) - boot: remove random-seed-mode (RHEL-16952) - stub: handle random seed like sd-boot does (RHEL-16952) - efi: add efi_guid_equal() helper (RHEL-16952) - efi: add common implementation for loop finding EFI configuration tables (RHEL-16952) - boot: Detect hypervisors using SMBIOS info (RHEL-16952) - boot: Skip soft-brick warning when in a VM (RHEL-16952) - boot: Replace UINTN with size_t (RHEL-16952) - boot: Use unsigned for beep counting (RHEL-16952) - boot: Use unicode literals (RHEL-16952) - macro: add generic IS_ALIGNED32() anf friends (RHEL-16952) - meson: use 0|1 for SD_BOOT (RHEL-16952) - boot: Add printf functions (RHEL-16952) - boot: Use printf for error logging (RHEL-16952) - boot: Introduce log_wait (RHEL-16952) - boot: Add log_trace debugging helper (RHEL-16952) - tree-wide: Use __func__ in asserts (RHEL-16952) - boot: Drop use of xpool_print/SPrint (RHEL-16952) - boot: Drop use of Print (RHEL-16952) - boot: Rework GUID handling (RHEL-16952) - efi-string: Fix strchr() null byte handling (RHEL-16952) - efi-string: Add startswith8() (RHEL-16952) - efi-string: Add efi_memchr() (RHEL-16952) - vmm: Add more const (RHEL-16952) - vmm: Add smbios_find_oem_string() (RHEL-16952) - stub: Read extra kernel command line items from SMBIOS (RHEL-16952) - vmm: Modernize get_smbios_table() (RHEL-16952) - stub: measure SMBIOS kernel-cmdline-extra in PCR12 (RHEL-16952) - efi: support passing empty cmdline to mangle_stub_cmdline() (RHEL-16952) - efi: set EFIVAR to stop Shim from uninstalling its protocol (RHEL-16952) - ukify: use empty stub for addons (RHEL-16952) - stub: allow loading and verifying cmdline addons (RHEL-16952) - TODO: remove fixed item (RHEL-16952) - fix: do not check/verify slice units if recursive errors are to be ignored (RHEL-1086) [252-27] - test: merge TEST-20-MAINPIDGAMES into TEST-07-PID1 (fixup) (RHEL-1086) - test: use the default nsec3-iterations value (RHEL-1086) - test: explicitly set nsec3-iterations to 0 (RHEL-1086) - core: mount namespaces: Remove auxiliary bind mounts directory after unit termination (RHEL-19483) - ci: deploy systemd man to GitHub Pages (RHEL-1086) - doc: add missing <listitem> to systemd.net-naming-scheme.xml (RHEL-7026) - man: reorder the list of supported naming schemes (RHEL-7026) - tree-wide: fix return value handling of base64mem() (RHEL-16182) - Consolidate various TAKE_* into TAKE_GENERIC(), add TAKE_STRUCT() (RHEL-16182) - pcrphase: add env var for overriding stub check (RHEL-16182) - pcrphase: gracefully exit if TPM2 support is incomplete (RHEL-16182) - tpm2-util: split out code that derives 'good' TPM2 banks into an strv from pcrphase and generalize it in tpm2-util.c (RHEL-16182) - tpm2-util: split out code that extends a PCR from pcrphase (RHEL-16182) - tpm2-util: optionally do HMAC in tpm2_extend_bytes() in case we process sensitive data (RHEL-16182) - cryptsetup: add tpm2-measure-pcr= and tpm2-measure-bank= crypttab options (RHEL-16182) - man: document the new crypttab measurement options (RHEL-16182) - gpt-auto-generator: automatically measure root/var volume keys into PCR 15 (RHEL-16182) - blkid-util: define enum for blkid_do_safeprobe() return values (RHEL-16182) - pcrphase: make tool more generic, reuse for measuring machine id/fs uuids (RHEL-16182) - units: measure /etc/machine-id into PCR 15 during early boot (RHEL-16182) - generators: optionally, measure file systems at boot (RHEL-16182) - tpm2: add common helper for checking if we are running on UKI with TPM measurements (RHEL-16182) - man: document new machine-id/fs measurement options (RHEL-16182) - test: add simple integration test for checking PCR extension works as it should (RHEL-16182) - update TODO (RHEL-16182) - cryptsetup: retry TPM2 unseal operation if it fails with TPM2_RC_PCR_CHANGED (RHEL-16182) - boot: Simplify object erasure (RHEL-16182) - tree-wide: use CLEANUP_ERASE() at various places (RHEL-16182) - dlfcn: add new safe_dclose() helper (RHEL-16182) - tpm2: rename tpm2 alg id<->string functions (RHEL-16182) - tpm2: rename struct tpm2_context to Tpm2Context (RHEL-16182) - tpm2: use ref counter for Tpm2Context (RHEL-16182) - tpm2: use Tpm2Context* instead of ESYS_CONTEXT* (RHEL-16182) - tpm2: add Tpm2Handle with automatic cleanup (RHEL-16182) - tpm2: simplify tpm2_seal() blob creation (RHEL-16182) - tpm2: add salt to pin (RHEL-16182) - basic/macro: add macro to iterate variadic args (RHEL-16182) - test/test-macro: add tests for FOREACH_VA_ARGS() (RHEL-16182) - basic/bitfield: add bitfield operations (RHEL-16182) - test/test-bitfield: add tests for bitfield macros (RHEL-16182) - tpm2: add tpm2_get_policy_digest() (RHEL-16182) - tpm2: add TPM2_PCR_VALID() (RHEL-16182) - tpm2: add/rename functions to manage pcr selections (RHEL-16182) - test/test-tpm2: add tests for pcr selection functions (RHEL-16182) - tpm2: add tpm2_pcr_read() (RHEL-16182) - tpm2: move openssl-required ifdef code out of policy-building function (RHEL-16182) - tpm2: add tpm2_is_encryption_session() (RHEL-16182) - tpm2: move policy building out of policy session creation (RHEL-16182) - tpm2: add support for a trusted SRK (RHEL-16182) - tpm2: fix nits from PR #26185 (RHEL-16182) - tpm2: replace magic number (RHEL-16182) - tpm2: add tpm2_digest_*() functions (RHEL-16182) - tpm2: replace hash_pin() with tpm2_digest_*() functions (RHEL-16182) - tpm2: add tpm2_set_auth() (RHEL-16182) - tpm2: add tpm2_get_name() (RHEL-16182) - tpm2: rename pcr_values_size vars to n_pcr_values (RHEL-16182) - tpm2: add tpm2_policy_pcr() (RHEL-16182) - tpm2: add tpm2_policy_auth_value() (RHEL-16182) - tpm2: add tpm2_policy_authorize() (RHEL-16182) - tpm2: use tpm2_policy_authorize() (RHEL-16182) - tpm2: add tpm2_calculate_sealing_policy() (RHEL-16182) - tpm: remove external calls to dlopen_tpm2() (RHEL-16182) - tpm2: remove all extern tpm2-tss symbols (RHEL-16182) - tpm2: add tpm2_get_capability(), tpm2_cache_capabilities(), tpm2_capability_pcrs() (RHEL-16182) - tpm2: verify symmetric parms in tpm2_context_new() (RHEL-16182) - tpm2: replace _cleanup_tpm2_* macros with _cleanup_() (RHEL-16182) - tpm2-util: use compound initialization when allocating tpm2 objects (RHEL-16182) - tpm2: add tpm2_get_capability_handle(), tpm2_esys_handle_from_tpm_handle() (RHEL-16182) - tpm2: add tpm2_read_public() (RHEL-16182) - tpm2: add tpm2_get_legacy_template() and tpm2_get_srk_template() (RHEL-16182) - tpm2: add tpm2_load() (RHEL-16182) - tpm2: add tpm2_load_external() (RHEL-16182) - tpm2: move local vars in tpm2_seal() to point of use (RHEL-16182) - tpm2: replace magic number in hmac_sensitive initialization (RHEL-16182) - tpm2: add tpm2_create() (RHEL-16182) - tpm2: replace tpm2_capability_pcrs() macro with direct c->capaiblity_pcrs use (RHEL-16182) - basic/alloc-util: add greedy_realloc_append() (RHEL-16182) - tpm2: cache the TPM supported commands, add tpm2_supports_command() (RHEL-16182) - tpm2: cache TPM algorithms (RHEL-16182) - tpm2: add tpm2_persist_handle() (RHEL-16182) - tpm2: add tpm2_get_or_create_srk() (RHEL-16182) - tpm2: move local vars in tpm2_unseal() to point of use (RHEL-16182) - tpm2: remove tpm2_make_primary() (RHEL-16182) - tpm2: use CreatePrimary() to create primary keys instead of Create() (RHEL-16182) - cryptsetup: downgrade a bunch of log messages that to LOG_WARNING (RHEL-16182) - boot/measure: replace TPM PolicyPCR session with calculation (RHEL-16182) - core: imply DeviceAllow=/dev/tpmrm0 with LoadCredentialEncrypted (RHEL-16182) - added more test cases (RHEL-16182) - test: fixed negative checks in TEST-70-TPM2. Use in-line error handling rather than redirections. Follow up on #27020 (RHEL-16182) - systemd-cryptenroll: add string aliases for tpm2 PCRs Fixes #26697. RFE. (RHEL-16182) - cryptenroll: fix an assertion with weak passwords (RHEL-16182) - man/systemd-cryptenroll: update list of PCRs, link to uapi docs (RHEL-16182) - tpm2: add debug logging to functions converting hash or asym algs to/from strings or ids (RHEL-16182) - tpm2: add tpm2_hash_alg_to_size() (RHEL-16182) - tpm2: change tpm2_tpm*_pcr_selection_to_mask() to return mask (RHEL-16182) - tpm2: add more helper functions for managing TPML_PCR_SELECTION and TPMS_PCR_SELECTION (RHEL-16182) - tpm2: add Tpm2PCRValue struct and associated functions (RHEL-16182) - tpm2: move declared functions in header lower down (RHEL-16182) - tpm2: declare tpm2_log_debug_*() functions in tpm2_util.h (RHEL-16182) - tpm2: change tpm2_calculate_policy_pcr(), tpm2_calculate_sealing_policy() to use Tpm2PCRValue array (RHEL-16182) - tpm2: change tpm2_parse_pcr_argument() parameters to parse to Tpm2PCRValue array (RHEL-16182) - tpm2: add TPM2B_*_MAKE(), TPM2B_*_CHECK_SIZE() macros (RHEL-16182) - tpm2: add tpm2_pcr_read_missing_values() (RHEL-16182) - openssl: add openssl_pkey_from_pem() (RHEL-16182) - openssl: add rsa_pkey_new(), rsa_pkey_from_n_e(), rsa_pkey_to_n_e() (RHEL-16182) - openssl: add ecc_pkey_new(), ecc_pkey_from_curve_x_y(), ecc_pkey_to_curve_x_y() (RHEL-16182) - test: add DEFINE_HEX_PTR() helper function (RHEL-16182) - openssl: add test-openssl (RHEL-16182) - tpm2: add functions to convert TPM2B_PUBLIC to/from openssl pkey or PEM (RHEL-16182) - tpm2: move policy calculation out of tpm2_seal() (RHEL-16182) - man: update systemd-cryptenroll man page with details on --tpm2-pcrs format change (RHEL-16182) - tpm2: update TEST-70-TPM2 to test passing PCR value to systemd-cryptenroll (RHEL-16182) - tpm2: change *alg_to_* functions to use switch() (RHEL-16182) - tpm2: lowercase TPM2_PCR_VALUE[S]_VALID functions (RHEL-16182) - tpm2: move cast from lhs to rhs in uint16_t/int comparison (RHEL-16182) - tpm2: in validator functions, return false instead of assert failure (RHEL-16182) - tpm2: in tpm2_pcr_values_valid() use FOREACH_ARRAY() (RHEL-16182) - tpm2: use SIZE_MAX instead of strlen() for unhexmem() (RHEL-16182) - tpm2: put !isempty() check inside previous !isempty() check (RHEL-16182) - tpm2: simplify call to asprintf() (RHEL-16182) - tpm2: check pcr value hash != 0 before looking up hash algorithm name (RHEL-16182) - tpm2: use strempty() (RHEL-16182) - tpm2: split TPM2_PCR_VALUE_MAKE() over multiple lines (RHEL-16182) - tpm2: remove ret_ prefix from input/output params (RHEL-16182) - tpm2: use memcpy_safe() instead of memcpy() (RHEL-16182) - openssl: use new(char, size) instead of malloc(size) (RHEL-16182) - tpm2: use table for openssl<->tpm2 ecc curve id mappings (RHEL-16182) - tpm2: use switch() instead of if-else (RHEL-16182) - tpm2: make logging level consistent at debug for some functions (RHEL-16182) - tpm2: remove unnecessary void* cast (RHEL-16182) - tpm2: add tpm2_pcr_values_has_(any|all)_values() functions (RHEL-16182) - tpm2: wrap (7) in UINT32_C() (RHEL-16182) - cryptenroll: change man page example to remove leading 0x and lowercase hex (RHEL-16182) - openssl: add log_openssl_errors() (RHEL-16182) - openssl: add openssl_digest_size() (RHEL-16182) - openssl: add openssl_digest_many() (RHEL-16182) - openssl: replace openssl_hash() with openssl_digest() (RHEL-16182) - openssl: add openssl_hmac_many() (RHEL-16182) - openssl: add rsa_oaep_encrypt_bytes() (RHEL-16182) - openssl: add kdf_kb_hmac_derive() (RHEL-16182) - openssl: add openssl_cipher_many() (RHEL-16182) - openssl: add ecc_edch() (RHEL-16182) - openssl: add kdf_ss_derive() (RHEL-16182) - dlfcn-util: add static asserts ensuring our sym_xyz() func ptrs match the types from the official headers (RHEL-16182) - tpm2: add tpm2_marshal_blob() and tpm2_unmarshal_blob() (RHEL-16182) - tpm2: add tpm2_serialize() and tpm2_deserialize() (RHEL-16182) - tpm2: add tpm2_index_to_handle() and tpm2_index_from_handle() (RHEL-16182) - tpm2: fix build failure without openssl (RHEL-16182) - tpm2-util: look for tpm2-pcr-signature.json directly in /.extra/ (RHEL-16182) - tpm2: downgrade most log functions from error to debug (RHEL-16182) - tpm2: handle older tpm enrollments without a saved pcr bank (RHEL-16182) - tpm2: allow tpm2_make_encryption_session() without bind key (RHEL-16182) - tpm2: update tpm2 test for supported commands (RHEL-16182) - tpm2: use GREEDY_REALLOC_APPEND() in tpm2_get_capability_handles(), cap max value (RHEL-16182) - tpm2: change tpm2_unseal() to accept Tpm2Context instead of device string (RHEL-16182) - tpm2: cache TPM's supported ECC curves (RHEL-16182) - tpm2-util: make tpm2_marshal_blob()/tpm2_unmarshal_blob() static (RHEL-16182) - tpm2-util: make tpm2_read_public() static, as we use it only internally in tpm2-util.c (RHEL-16182) - cryptenroll: allow specifying handle index of key to use for sealing (RHEL-16182) - test: add tests for systemd-cryptenroll --tpm2-seal-key-handle (RHEL-16182) - tpm2: do not call Esys_TR_Close() (RHEL-16182) - tpm2: don't use GetCapability() to check transient handles (RHEL-16182) - tpm2-util: pick up a few new symbols from tpm2-tss (RHEL-16182) - tpm2: add tpm2_get_pin_auth() (RHEL-16182) - tpm2: instead of adjusting authValue trailing 0(s), trim them as required by tpm spec (RHEL-16182) - tpm2-util: rename tpm2_calculate_name() -> tpm2_calculate_pubkey_name() (RHEL-16182) - cryptenroll: do not implicitly verify with default tpm policy signature (RHEL-16182) - cryptenroll: drop deadcode (RHEL-16182) - tpm2: allow using tpm2_get_srk_template() without tpm (RHEL-16182) - tpm2: add test to verify srk templates (RHEL-16182) - tpm2: add tpm2_sym_alg_*_string() and tpm2_sym_mode_*_string() (RHEL-16182) - tpm2: add tpm2_calculate_seal() and helper functions (RHEL-16182) - tpm2: update test-tpm2 for tpm2_calculate_seal() (RHEL-16182) - cryptenroll: add support for calculated TPM2 enrollment (RHEL-16182) - test: update TEST-70 with systemd-cryptenroll calculated TPM2 enrollment (RHEL-16182) - openssl-util: avoid freeing invalid pointer (RHEL-16182) - creds-util: check for CAP_DAC_READ_SEARCH (RHEL-16182) - creds-util: do not try TPM2 if there is not support (RHEL-16182) - creds-util: merge the TPM2 detection for initrd (RHEL-16182) - cryptenroll: fix a memory leak (RHEL-16182) - sd-journal: introduce sd_journal_step_one() (RHEL-11591) - test: modernize test-journal-flush (RHEL-11591) - journal-file-util: do not fail when journal_file_set_offline() called more than once (RHEL-11591) - journal-file-util: Prefer punching holes instead of truncating (RHEL-11591) - test: add reproducer for SIGBUS issue caused by journal truncation (RHEL-11591) [252-26] - spec: update rhel-net-naming-sysattrs to v0.4 (RHEL-22278) [252-25] - spec: add new package with RHEL-specific network naming sysattrs (RHEL-22278) [252-24] - ci: use source-git-automation composite Action (RHEL-1086) - ci: increase the cron interval to 45 minutes (RHEL-1086) - ci: add all Z-Stream versions to array of allowed versions (RHEL-1086) - udev/net_id: introduce naming scheme for RHEL-9.4 (RHEL-22427) - basic/errno-util: add wrappers which only accept negative errno (RHEL-22443) - errno-util: allow ERRNO_IS_* to accept types wider than int (RHEL-22443) - udev: add new builtin net_driver (RHEL-22443) - udev/net_id: introduce naming scheme for RHEL-8.10 (RHEL-22427) [252-23] - logind: don't setup idle session watch for lock-screen and greeter (RHEL-20757) - logind: don't make idle action timer accuracy more coarse than timeout (RHEL-20757) - logind: do TTY idle logic only for sessions marked as 'tty' (RHEL-20757) - meson: Properly install 90-uki-copy.install (RHEL-16354) [252-22] - Revert 'man: mention System Administrator's Guide in systemctl manpage' (RHEL-19436) - man: mention RHEL documentation in systemctl's man page (RHEL-19436) - resolved: actually check authenticated flag of SOA transaction (RHEL-6216) - udev: allow/denylist for reading sysfs attributes when composing a NIC name (RHEL-1317) - man: environment value -> udev property (RHEL-1317) [252-21] - meson: fix installation of ukify (RHEL-13199) - sd-id128: introduce id128_hash_ops_free (RHEL-5988) - udevadm-trigger: allow to fallback without synthetic UUID only first time (RHEL-5988) - udevadm-trigger: settle with synthetic UUID if the kernel support it (RHEL-5988) - udevadm-trigger: also check with the original syspath if device is renamed (RHEL-5988) - test: use 'udevadm trigger --settle' even if device is renamed (RHEL-5988) - sd-event: don't mistake USEC_INFINITY passed in for overflow (RHEL-6090) - pid1: rework service_arm_timer() to optionally take a relative time value (RHEL-6090) - manager: add one more assert() (RHEL-6090) - pid1: add new Type=notify-reload service type (RHEL-6090) - man: document Type=notify-reload (RHEL-6090) - pid1: make sure we send our calling service manager RELOADING=1 when reloading (RHEL-6090) - networkd: implement Type=notify-reload protocol (RHEL-6090) - udevd: implement the full Type=notify-reload protocol (RHEL-6090) - logind: implement Type=notify-reload protocol properly (RHEL-6090) - notify: add --stopping + --reloading switches (RHEL-6090) - test: add Type=notify-reload testcase (RHEL-6090) - update TODO (RHEL-6090) - core: check for SERVICE_RELOAD_NOTIFY in manager_dbus_is_running (RHEL-6090) [252-20] - udev/net: allow new link name as an altname before renaming happens (RHEL-5988) - sd-netlink: do not swap old name and alternative name (RHEL-5988) - sd-netlink: restore altname on error in rtnl_set_link_name (RHEL-5988) - udev: attempt device rename even if interface is up (RHEL-5988) - sd-netlink: add a test for rtnl_set_link_name() (RHEL-5988) - test-network: add a test for renaming device to current altname (RHEL-5988) - udev: align table (RHEL-5988) - sd-device: make device_set_syspath() clear sysname and sysnum (RHEL-5988) - sd-device: do not directly access entry in sd-device object (RHEL-5988) - udev: move device_rename() from device-private.c (RHEL-5988) - udev: restore syspath and properties on failure (RHEL-5988) - sd-device: introduce device_get_property_int() (RHEL-5988) - core/device: downgrade log level for ignored errors (RHEL-5988) - core/device: ignore failed uevents (RHEL-5988) - test: add tests for failure in renaming network interface (RHEL-5988) - test: modernize test-netlink.c (RHEL-5988) - test-netlink: use dummy interface to test assigning new interface name (RHEL-5988) - udev: use SYNTHETIC_ERRNO() at one more place (RHEL-5988) - udev: make udev_builtin_run() take UdevEvent* (RHEL-5988) - udev/net: verify ID_NET_XYZ before trying to assign it as an alternative name (RHEL-5988) - udev/net: generate new network interface name only on add uevent (RHEL-5988) - sd-netlink: make rtnl_set_link_name() optionally append alternative names (RHEL-5988) - udev/net: assign alternative names only on add uevent (RHEL-5988) - test: add tests for renaming network interface (RHEL-5988) - Backport ukify from upstream (RHEL-13199) - bootctl: make --json output normal json (RHEL-13199) - test: replace readfp() with read_file() (RHEL-13199) - stub/measure: document and measure .uname UKI section (RHEL-13199) - boot: measure .sbat section (RHEL-13199) - Revert 'test_ukify: no stinky root needed for signing' (RHEL-13199) - ukify: move to /usr/bin and mark as non non-experimental (RHEL-13199) - kernel-install: Add uki layout (RHEL-16354) - kernel-install: remove math slang from man page (RHEL-16354) - kernel-install: handle uki installs automatically (RHEL-16354) - 90-uki-copy.install: create /EFI/Linux directory if needed (RHEL-16354) - kernel-install: Log location that uki is installed in (RHEL-16354) - bootctl: fix errno logging (RHEL-16354) - bootctl: add kernel-identity command (RHEL-16354) - bootctl: add kernel-inspect command (RHEL-16354) - bootctl: add kernel-inspect to --help text (RHEL-16354) - bootctl: drop full stop at end of --help texts (RHEL-16354) - bootctl: change section title for kernel image commands (RHEL-16354) - bootctl: remove space that should not be there (RHEL-16354) - bootctl: kernel-inspect: print os info (RHEL-16354) - bootctl-uki: several coding style fixlets (RHEL-16354) - tree-wide: unify how we pick OS pretty name to display (RHEL-16354) - bootctl-uki: several follow-ups for inspect_osrel() (RHEL-16354) - bootctl: Add missing %m (RHEL-16354) - bootctl: tweak DOS header magic check (RHEL-16354) [252-19] - ci: Extend source-git-automation (RHEL-1086) - netif-naming-scheme: let's also include rhel8 schemes (RHEL-7026) - systemd-analyze: Add table and JSON output implementation to plot (RHEL-5070) - systemd-analyze: Update man/systemd-analyze.xml with Plot JSON and table (RHEL-5070) - systemd-analyze: Add tab complete logic for plot (RHEL-5070) - systemd-analyze: Add --json=, --table and -no-legend tests for plot (RHEL-5070) - ci: enable source-git automation to validate reviews and ci results (RHEL-1086) - ci: remove Mergify config - replaced by Pull Request Validator (RHEL-1086) - ci: enable auto-merge GH Action (RHEL-1086) - ci: add missing permissions (RHEL-1086) - ci: permissions: write-all (RHEL-1086) - ci(lint): exclude .in files from ShellCheck lint (RHEL-1086) - udev: raise RLIMIT_NOFILE as high as we can (RHEL-11040) MODERATE Copyright 2024 Oracle, Inc. CVE-2023-7008 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_base Oracle Linux 9 [3:2.1.0-18] - add gating.yaml [3:2.1.0-17] - fix improper command line parsing (CVE-2023-46316) MODERATE Copyright 2024 Oracle, Inc. CVE-2023-46316 cpe:/o:oracle:linux:9:4:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [0.10.4-13] - Bump up the version so that the version in 9.3 is lower. - Resolves: RHEL-19310, RHEL-19691, RHEL-17245 LOW Copyright 2024 Oracle, Inc. CVE-2023-6918 CVE-2023-6004 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/o:oracle:linux:9:4:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [5.39-16] - Fix stack-based buffer over-read in file_copystr() (CVE-2022-48554) [5.39-15] - Fix segfault in python3-file-magic concurrent method calls LOW Copyright 2024 Oracle, Inc. CVE-2022-48554 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_base Oracle Linux 9 [1:2.10-5] - Support macsec HW offload. Resolves: RHEL-22440 - Backport fix for PEAP client (CVE-2023-52160) MODERATE Copyright 2024 Oracle, Inc. CVE-2023-52160 cpe:/o:oracle:linux:9:4:baseos_base cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [0.42.2-3] - Bump pixman version 0.42.2 - Drop DesktopQE gating - Fix CVEs: CVE-2022-44638 - Resolves: RHEL-5013 MODERATE Copyright 2024 Oracle, Inc. CVE-2022-44638 cpe:/a:oracle:linux:9::distro_builder cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [2.78.0-1] - Bump glib2 version 2.78.0 - Drop DesktopQE gating - Fix CVEs: CVE-2023-32636, CVE-2023-29499, CVE-2023-32611, CVE-2023-32665, DoS - Resolves: RHEL-5019 - Resolves: RHEL-5020 - Resolves: RHEL-5092 - Resolves: RHEL-5093 - Resolves: RHEL-5094 LOW Copyright 2024 Oracle, Inc. CVE-2023-32611 CVE-2023-32665 CVE-2023-29499 CVE-2023-32636 cpe:/a:oracle:linux:9::distro_builder cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [4.9.4-3.0.1] - Add devices on container startup, not on creation - Backport fast gzip for compression [Orabug: 36420418] - overlay: Put should ignore ENINVAL for Unmount [Orabug: 36234694] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404] [4:4.9.4-3] - rebuild - Related: RHEL-28234 [4:4.9.4-2] - bump Epoch to 4 to preserve upgrade path from rhel 8.10 - bump release tag or else it refuses to build - Resolves: RHEL-28234 [4:4.9.4-1] - bump Epoch to 4 to preserve upgrade path from rhel 8.10 - Resolves: RHEL-28234 [3:4.9.4-1] - update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/7752c56) - Resolves: RHEL-28234 [3:4.9.3-3] - update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/5f872ae) - Resolves: RHEL-28234 [3:4.9.3-2] - update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/06e4598) - Resolves: RHEL-28636 [2:4.9.3-1] - update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/c82fdc8) - Resolves: RHEL-28633 RHEL-28629 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-1753 CVE-2024-24786 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [2:1.14.3-2] - update to the latest content of https://github.com/containers/skopeo/tree/release-1.14 (https://github.com/containers/skopeo/commit/5f2b9af) - Resolves: RHEL-28736 [2:1.14.3-1] - update to the latest content of https://github.com/containers/skopeo/tree/release-1.14 (https://github.com/containers/skopeo/commit/4a2bc3a) - Resolves: RHEL-28235 [2:1.14.3-0.2] - update to the latest content of https://github.com/containers/skopeo/tree/release-1.14 (https://github.com/containers/skopeo/commit/d0a0f1a) - Resolves: RHEL-28235 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-28180 CVE-2024-24786 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [1.33.7-1.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178] [2:1.33.7-1] - update to the latest content of https://github.com/containers/buildah/tree/release-1.33 (https://github.com/containers/buildah/commit/b95e962) - Resolves: RHEL-28230 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-24786 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 bind [9.16.23-18.0.1] - Fix warning when changing device file permissions [Orabug: 36518580] [32:9.16.23-18.1] - Rebuild with correct z-stream tag again [32:9.16.23-18] - Prevent crashing at masterformat system test (CVE-2023-6516) [32:9.16.23-17] - Import tests for large DNS messages fix - Add downstream change complementing CVE-2023-50387 [32:9.16.23-16] - Prevent increased CPU load on large DNS messages (CVE-2023-4408) - Prevent assertion failure when nxdomain-redirect is used with RFC 1918 reverse zones (CVE-2023-5517) - Prevent assertion failure if DNS64 and serve-stale is used (CVE-2023-5679) - Specific recursive query patterns may lead to an out-of-memory condition (CVE-2023-6516) - Prevent increased CPU consumption in DNSSEC validator (CVE-2023-50387 CVE-2023-50868) bind-dyndb-ldap [11.9-9] - Rebuild required for BIND changes for KeyTrap change (CVE-2023-50387) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-4408 CVE-2023-5517 CVE-2023-50868 CVE-2023-50387 CVE-2023-5679 CVE-2023-6516 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [0.8-5] - Address potential DoS with high compression ratio Resolves: RHEL-28698 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-28102 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [10.0.0-6.2.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] [10.0.0-6.2.el9_4] - qemu: Fix migration with custom XML (RHEL-32654) [10.0.0-6.1.el9_4] - Fix off-by-one error in udevListInterfacesByStatus (CVE-2024-1441, RHEL-25081) - remote: check for negative array lengths before allocation (CVE-2024-2494) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-2494 CVE-2024-1441 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [1.21.9-2] - Rebuilt for z-stream - Related: RHEL-24312 - Related: RHEL-28940 [1.21.9-1] - Fix CVE-2024-1394 - Fix CVE-2023-45288 - Resolves RHEL-24312 - Resolves RHEL-28940 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-45290 CVE-2024-24785 CVE-2024-1394 CVE-2024-24783 CVE-2023-45289 CVE-2024-24784 CVE-2023-45288 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [2.0.26-2] - Resolves: RHEL-31855 - mod_http2: httpd: CONTINUATION frames DoS (CVE-2024-27316) [2.0.26-1] - Resolves: RHEL-14691 - mod_http2 rebase to 2.0.26 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-27316 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [4.12-2.0.1] - Add libreswan-oracle.patch to detect Oracle Linux distro [4.12-2] - Fix CVE-2024-2357 (RHEL-32761) - x509: unpack IPv6 general names based on length (RHEL-32718) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-2357 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [6.2.0-2.0.1] - Fixed libpcp derived metric issue for ol9 [Orabug: 36538820] [6.2.0-2] - Disable RESP proxying by default in pmproxy (RHEL-30719) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-3019 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [9.2.10-16] - Check OrdID is correct before deleting snapshot - fix CVE-2024-1313 - fix CVE-2024-1394 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-1394 CVE-2024-1313 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [5.1.1-2] - fix CVE-2024-1394 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1394 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [3.8.3-4] - Bump release to ensure el9 package is greater than el9_* packages [3.8.3-3] - Bump release to ensure el9 package is greater than el9_* packages [3.8.3-2] - Fix timing side-channel in deterministic ECDSA (RHEL-28959) - Fix potential crash during chain building/verification (RHEL-28954) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-28834 CVE-2024-28835 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [2.9.4-6.0.1] - Restore default debug level for sss_cache [Orabug: 32810448] [2.9.4-6] - Resolves: RHEL-27209 - Race condition during authorization leads to GPO policies functioning inconsistently [rhel-9.4.0] [2.9.4-5] - Resolves: RHEL-28161 - Passkey cannot fall back to password [2.9.4-4] - Resolves: RHEL-28161 - Passkey cannot fall back to password [2.9.4-3] - Resolves: RHEL-22340 - socket leak - Resolves: RHEL-28161 - Passkey cannot fall back to password MODERATE Copyright 2024 Oracle, Inc. CVE-2023-3758 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_patch Oracle Linux 9 [1.13.1-8.3] - Rebuild (z-stream target) Resolves: RHEL-30985 Resolves: RHEL-31015 [1.13.1-8.2] - Fix crash caused by fix for CVE-2024-31083 Resolves: RHEL-30985 [1.13.1-8.1] - Fix CVE-2024-31080 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents Resolves: RHEL-31015 - Fix CVE-2024-31083 tigervnc: xorg-x11-server: User-after-free in ProcRenderAddGlyphs Resolves: RHEL-30985 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-31080 CVE-2024-31081 CVE-2024-31083 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [2.9.13-6] - Fix CVE-2024-25062 (RHEL-29196) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-25062 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [3.4.1-2] - Rebuild with new Golang - Resolves: RHEL-32570, RHEL-28385, RHEL-28402, RHEL-28432 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-24783 CVE-2023-45289 CVE-2023-45290 CVE-2023-45288 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [5.14.0-427.16.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates [5.14.0-427.16.1_4] - memory: tegra: Skip SID programming if SID registers aren't set (Robert Foss) [RHEL-32675 RHEL-23656] - memory: tegra: Add SID override programming for MC clients (Robert Foss) [RHEL-32675 RHEL-23656] - iommu: Don't reserve 0-length IOVA region (Robert Foss) [RHEL-32675 RHEL-23656] [5.14.0-427.15.1_4] - ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (Michal Schmidt) [RHEL-30110 RHEL-19000] - ice: avoid the PTP hardware semaphore in gettimex64 path (Michal Schmidt) [RHEL-30110 RHEL-19000] - ice: add ice_adapter for shared data across PFs on the same NIC (Michal Schmidt) [RHEL-30110 RHEL-19000] - crypto: iaa - mark tech preview (Vladis Dronov) [RHEL-32242 RHEL-29685] - crypto: iaa - Fix nr_cpus < nr_iaa case (Vladis Dronov) [RHEL-32242 RHEL-29685] - crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (Vladis Dronov) [RHEL-32242 RHEL-29685] - crypto: iaa - Fix comp/decomp delay statistics (Vladis Dronov) [RHEL-32242 RHEL-29685] - crypto: iaa - Fix async_disable descriptor leak (Vladis Dronov) [RHEL-32242 RHEL-29685] - crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() (Vladis Dronov) [RHEL-32242 RHEL-29685] - crypto: iaa - Remove header table code (Vladis Dronov) [RHEL-32242 RHEL-29685] - cgroup: cgroup-v1: do not exclude cgrp_dfl_root (Laurent Vivier) [RHEL-32716 RHEL-31381] - x86/sev: Harden #VC instruction emulation somewhat (Vitaly Kuznetsov) [RHEL-30030 RHEL-30031] {CVE-2024-25743 CVE-2024-25742} [5.14.0-427.14.1_4] - crypto: dh - implement FIPS PCT (Vladis Dronov) [RHEL-27009 RHEL-25845] - crypto: tcrypt - add ffdhe2048(dh) test (Vladis Dronov) [RHEL-27009 RHEL-25845] - crypto: dh - Make public key test FIPS-only (Vladis Dronov) [RHEL-27009 RHEL-25845] - printk: allow disabling printk per-console device kthreads at boot (Luis Claudio R. Goncalves) [RHEL-30678 RHEL-17709] - mm, vmscan: remove ISOLATE_UNMAPPED (Nico Pache) [RHEL-29235 RHEL-28667] - trace-vmscan-postprocess: sync with tracepoints updates (Nico Pache) [RHEL-29235 RHEL-28667] - tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (Nico Pache) [RHEL-29235 RHEL-28667] - mm/mglru: skip special VMAs in lru_gen_look_around() (Nico Pache) [RHEL-29235 RHEL-28667] - mm/mglru: reclaim offlined memcgs harder (Nico Pache) [RHEL-29235 RHEL-28667] - mm/mglru: try to stop at high watermarks (Nico Pache) [RHEL-29235 RHEL-28667] - mm/mglru: fix underprotected page cache (Nico Pache) [RHEL-29235 RHEL-28667] - mm: multi-gen LRU: reuse some legacy trace events (Nico Pache) [RHEL-29235 RHEL-28667] - mm: multi-gen LRU: improve design doc (Nico Pache) [RHEL-29235 RHEL-28667] - mm: multi-gen LRU: clean up sysfs code (Nico Pache) [RHEL-29235 RHEL-28667] - cpu/hotplug: Do not bail-out in DYING/STARTING sections (David Arcari) [RHEL-29673 RHEL-19514] - crypto: akcipher - Disable signing and decryption (Herbert Xu) [RHEL-29079 RHEL-17113] {CVE-2023-6240} MODERATE Copyright 2024 Oracle, Inc. CVE-2024-25742 CVE-2023-6240 CVE-2024-25743 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_patch Oracle Linux 9 nodejs [1:18.20.2-2] - Removes .ps1 files - Rebase to 18.20.2 - Fixes: CVE-2024-27983, CVE-2024-28182, CVE-2024-27982, CVE-2024-25629 nodejs-nodemon nodejs-packaging IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-28182 CVE-2024-25629 CVE-2024-27982 CVE-2024-27983 CVE-2024-22025 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [8.0.105-1.0.1] - Add support for Oracle Linux [8.0.105-1] - Update to .NET SDK 8.0.105 and Runtime 8.0.5 - Resolves: RHEL-35317 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-30046 CVE-2024-30045 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [7.0.119-1.0.1] - Add OracleLinux support IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-30045 CVE-2024-30046 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 nodejs [1:20.12.2-2] - Backport nghttp2 patch for CVE-2024-28182 [1:20.12.2-1] - Rebase to version 20.12.0 Fixes: CVE-2024-27983 CVE-2024-27982 CVE-2024-22025 (node) Fixes: CVE-2024-25629 (c-ares) nodejs-nodemon nodejs-packaging IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-25629 CVE-2024-27983 CVE-2024-27982 CVE-2024-28182 CVE-2024-22025 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:4:appstream_patch cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [115.11.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [115.11.0-1] - Update to 115.11.0 build1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-4777 CVE-2024-4367 CVE-2024-4767 CVE-2024-4768 CVE-2024-4770 CVE-2024-4769 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [115.11.0-1.0.1] - Add Oracle prefs [115.11.0-1] - Update to 115.11.0 build2 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-4777 CVE-2024-4770 CVE-2024-4367 CVE-2024-4767 CVE-2024-4769 CVE-2024-4768 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [1:16.20.2-8.0.1] - Fix CVE-2024-28182, CVE-2024-22025, CVE-2024-25629, CVE-2024-27982, CVE-2024-27983 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-25629 CVE-2024-22025 CVE-2024-28182 CVE-2024-27982 CVE-2024-27983 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [5.14.0-427.18.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates [5.14.0-427.18.1_4] - netfilter: nf_tables: disallow anonymous set with timeout flag (Phil Sutter) [RHEL-32971 RHEL-30082] {CVE-2024-26642} - netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (Phil Sutter) [RHEL-33070 RHEL-30078] {CVE-2024-26643} - netfilter: nft_ct: fix l3num expectations with inet pseudo family (Phil Sutter) [RHEL-32963 RHEL-31345] {CVE-2024-26673} - netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations (Phil Sutter) [RHEL-32963 RHEL-31345] {CVE-2024-26673} - arm64: tlb: Fix TLBI RANGE operand (Shaoqin Huang) [RHEL-33412 RHEL-26259] - arm64/mm: Modify range-based tlbi to decrement scale (Shaoqin Huang) [RHEL-33412 RHEL-26259] - rh_messages.h: mark mlx5 on Bluefield-3 as unmaintained (Scott Weaver) [RHEL-35878 RHEL-33061] - net: ip_tunnel: prevent perpetual headroom growth (Guillaume Nault) [RHEL-33934 RHEL-31816] {CVE-2024-26804} - gitlab-ci: use zstream builder container image (Michael Hofmann) - selftests: net: gro fwd: update vxlan GRO test expectations (Antoine Tenart) [RHEL-30910 RHEL-19729] - udp: prevent local UDP tunnel packets from being GROed (Antoine Tenart) [RHEL-30910 RHEL-19729] - udp: do not transition UDP GRO fraglist partial checksums to unnecessary (Antoine Tenart) [RHEL-30910 RHEL-19729] - gro: fix ownership transfer (Antoine Tenart) [RHEL-30910 RHEL-19729] - udp: do not accept non-tunnel GSO skbs landing in a tunnel (Antoine Tenart) [RHEL-30910 RHEL-19729] - bpf, tcx: Get rid of tcx_link_const (Felix Maurer) [RHEL-33062 RHEL-28590] - selftests/bpf: Add additional mprog query test coverage (Felix Maurer) [RHEL-33062 RHEL-28590] - selftests/bpf: Make seen_tc* variable tests more robust (Felix Maurer) [RHEL-33062 RHEL-28590] - selftests/bpf: Test query on empty mprog and pass revision into attach (Felix Maurer) [RHEL-33062 RHEL-28590] - selftests/bpf: Adapt assert_mprog_count to always expect 0 count (Felix Maurer) [RHEL-33062 RHEL-28590] - selftests/bpf: Test bpf_mprog query API via libbpf and raw syscall (Felix Maurer) [RHEL-33062 RHEL-28590] - selftest/bpf: Add various selftests for program limits (Felix Maurer) [RHEL-33062 RHEL-28590] - bpf: Refuse unused attributes in bpf_prog_{attach,detach} (Felix Maurer) [RHEL-33062 RHEL-28590] - bpf: Handle bpf_mprog_query with NULL entry (Felix Maurer) [RHEL-33062 RHEL-28590] - net: Fix skb consume leak in sch_handle_egress (Felix Maurer) [RHEL-33062 RHEL-28590] - selftests/bpf: Add various more tcx test cases (Felix Maurer) [RHEL-33062 RHEL-28590] - selftests/bpf: Add test for detachment on empty mprog entry (Felix Maurer) [RHEL-33062 RHEL-28590] - tcx: Fix splat during dev unregister (Felix Maurer) [RHEL-33062 RHEL-28590] - tcx: Fix splat in ingress_destroy upon tcx_entry_free (Felix Maurer) [RHEL-33062 RHEL-28590] - selftests/bpf: Add mprog API tests for BPF tcx links (Felix Maurer) [RHEL-33062 RHEL-28590] - selftests/bpf: Add mprog API tests for BPF tcx opts (Felix Maurer) [RHEL-33062 RHEL-28590] - bpf: Add fd-based tcx multi-prog infra with link support (Felix Maurer) [RHEL-33062 RHEL-28590] - bpftool: Implement link show support for tcx (Artem Savkov) [RHEL-33062 RHEL-23643] - bpftool: Extend net dump with tcx progs (Artem Savkov) [RHEL-33062 RHEL-23643] - bpf: fix precision backtracking instruction iteration (Jay Shin) [RHEL-35230 RHEL-23643] [5.14.0-427.17.1_4] - ceph: switch to use cap_delay_lock for the unlink delay list (Jay Shin) [RHEL-33003 RHEL-32997] - ceph: remove useless session parameter for check_caps() (Xiubo Li) [RHEL-33003 RHEL-19813] - ceph: flush the dirty caps immediatelly when quota is approaching (Xiubo Li) [RHEL-33003 RHEL-19813] - vhost: Add smp_rmb() in vhost_enable_notify() (Gavin Shan) [RHEL-31839 RHEL-26104] - vhost: Add smp_rmb() in vhost_vq_avail_empty() (Gavin Shan) [RHEL-31839 RHEL-26104] - iommu/vt-d: Support enforce_cache_coherency only for empty domains (Jerry Snitselaar) [RHEL-32793 RHEL-31083] - iommu/vt-d: Add MTL to quirk list to skip TE disabling (Jerry Snitselaar) [RHEL-32793 RHEL-31083] - iommu/vt-d: Make context clearing consistent with context mapping (Jerry Snitselaar) [RHEL-32793 RHEL-31083] - iommu/vt-d: Disable PCI ATS in legacy passthrough mode (Jerry Snitselaar) [RHEL-32793 RHEL-31083] - iommu/vt-d: Omit devTLB invalidation requests when TES=0 (Jerry Snitselaar) [RHEL-32793 RHEL-31083] - PCI/MSI: Prevent MSI hardware interrupt number truncation (Myron Stowe) [RHEL-33656 RHEL-21453] MODERATE Copyright 2024 Oracle, Inc. CVE-2024-26643 CVE-2024-26642 CVE-2024-26804 CVE-2024-26673 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_patch Oracle Linux 9 [1:9.0.87-1.el9_4.1] - Resolves: RHEL-34815 - Rebase tomcat to version 9.0.87 - Resolves: RHEL-31048 tomcat: Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) - Resolves: RHEL-31032 tomcat: : Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) - Resolves: RHEL-35328 - Amend tomcat's changelog (CVE-2023-46589, CVE-2023-45648, CVE-2023-42795, CVE-2023-42794, CVE-2023-44487, CVE-2023-41080) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-23672 CVE-2024-24549 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [2.34-100.0.1.2] - Forward-port Oracle patches for ol9-u4 Reviewed by: Jose E. Marchesi IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-2961 CVE-2024-33599 CVE-2024-33601 CVE-2024-33600 CVE-2024-33602 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_patch Oracle Linux 9 [1.43.0-5.2] - fix CONTINUATION frames DoS (CVE-2024-28182, CVE-2024-27316) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-28182 cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_patch Oracle Linux 9 [590-4] - Fix CVE-2024-32487 - Resolves: RHEL-33773 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-32487 cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 - [5.14.0-427.20.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates [5.14.0-427.20.1_4] - ipv6: sr: fix possible use-after-free and null-ptr-deref (Hangbin Liu) [RHEL-33968 RHEL-31732] {CVE-2024-26735} - idpf: fix kernel panic on unknown packet types (Michal Schmidt) [RHEL-36145 RHEL-29035] - idpf: refactor some missing field get/prep conversions (Michal Schmidt) [RHEL-36145 RHEL-29035] - PCI: Fix pci_rh_check_status() call semantics (Luiz Capitulino) [RHEL-36541 RHEL-35032] - cxgb4: Properly lock TX queue for the selftest. (John B. Wyatt IV) [RHEL-36530 RHEL-31990 RHEL-9354] [5.14.0-427.19.1_4] - x86/mce: Cleanup mce_usable_address() (Prarit Bhargava) [RHEL-33810 RHEL-25415] - x86/mce: Define amd_mce_usable_address() (Prarit Bhargava) [RHEL-33810 RHEL-25415] - x86/MCE/AMD: Split amd_mce_is_memory_error() (Prarit Bhargava) [RHEL-33810 RHEL-25415] - fs: sysfs: Fix reference leak in sysfs_break_active_protection() (Ewan D. Milne) [RHEL-35302 RHEL-35078] {CVE-2024-26993} MODERATE Copyright 2024 Oracle, Inc. CVE-2024-26735 CVE-2024-26993 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_patch Oracle Linux 9 ruby [3.1.5-144] - Upgrade to Ruby 3.1.5. Resolves: RHEL-33978 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-34129 - Fix RCE vulnerability with .rdoc_options in RDoc. Resolves: RHEL-34121 - Fix arbitrary memory address read vulnerability with Regex search. Resolves: RHEL-33871 [3.1.4-143] - Upgrade to Ruby 3.1.4. Resolves: RHEL-5586 - Fix HTTP response splitting in CGI. Resolves: RHEL-5591 - Fix ReDos vulnerability in URI. Resolves: RHEL-28919 Resolves: RHEL-5612 - Fix ReDos vulnerability in Time. Resolves: RHEL-28920 - Make RDoc soft dependency in IRB. Resolves: RHEL-5613 [3.1.2-142] - Bypass git submodule test failure on Git >= 2.38.1. - Fix tests with Europe/Amsterdam pre-1970 time on tzdata version 2022b. - Fix for tzdata-2022g. - Fix OpenSSL.fips_mode and OpenSSL::PKey.read in OpenSSL 3 FIPS. Resolves: RHEL-5590 - ssl: use ffdhe2048 from RFC 7919 as the default DH group parameters Related: RHEL-5590 - Disable fiddle tests that use FFI closures. Related: RHEL-5590 [3.1.2-141] - Upgrade to Ruby 3.1.2 by merging Fedora Rawhide branch (commit: b7b5473). Resolves: rhbz#2063773 rubygem-mysql2 [0.5.4-1] - New upstream release 0.5.4 by merging Fedora rawhide branch (commit: e21b5b9) Resolves: rhbz#2063773 [0.5.3-1] - New upstream release 0.5.3 by merging Fedora master branch (commit: 674d475) Resolves: rhbz#1817135 rubygem-pg * Thu May 26 2022 Jarek Prokop - 1.3.5-1 - Update to pg 1.3.5 Related: rhbz#2063773 [1.2.3-1] - Update to pg 1.2.3 by merging Fedora master branch (commit: 5db4d26) Resolves: rhbz#1817135 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-27280 CVE-2024-27281 CVE-2024-27282 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 ruby [3.3.1-2] - Upgrade to Ruby 3.3.1. Resolves: RHEL-37697 - Fix buffer overread vulnerability in StringIO. (CVE-2024-27280) Resolves: RHEL-37699 - Fix RCE vulnerability with .rdoc_options in RDoc. (CVE-2024-27281) Resolves: RHEL-37696 - Fix Arbitrary memory address read vulnerability with Regex search. (CVE-2024-27282) Resolves: RHEL-37698 rubygem-mysql2 [0.5.5-1] - Upgrade to mysql2 0.5.5. Related: RHEL-17089 rubygem-pg [1.5.4-1] - Upgrade to pg 1.5.4. Related: RHEL-17089 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-27280 CVE-2024-27282 CVE-2024-27281 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [4.11.0-15.0.1] - Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674] - Add bind to ipa-server-common Requires [Orabug: 36518596] [4.11.0-15] - Resolves: RHEL-32231 CVE-2024-3183 ipa: freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force - Resolves: RHEL-31409 CVE-2024-2698 ipa: freeipa: delegation rules allow a proxy service to impersonate any user to access another target service IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-3183 CVE-2024-2698 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [4.10.0-62.3] - bundled jinja2: fix CVE-2024-34064 Resolves: RHEL-36482 [4.10.0-62.2] - fence_eps: add fence_epsr2 for ePowerSwitch R2 and newer Resolves: RHEL-35273 [4.10.0-62.1] - ha-cloud-support: upgrade bundled pyroute2 libs to fix issue in gcp-vpc-move-route's stop-action Resolves: RHEL-29668 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-34064 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::distro_builder cpe:/a:oracle:linux:9:4:appstream_patch cpe:/a:oracle:linux:9::addons Oracle Linux 9 [2024.3-3] - Backport https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6 Resolves: #RHEL-31852 [2024.3-2] - Backport https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6 Resolves: #RHEL-31852 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-2905 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [4.9.4-4.0.1] - Improved saving remote build context to tarfile in Podman daemon [Orabug: 36495655] - Add devices on container startup, not on creation - Backport fast gzip for compression [Orabug: 36420418] - overlay: Put should ignore ENINVAL for Unmount [Orabug: 36234694] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404] [4:4.9.4-4] - update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/4afc71a) - Resolves: RHEL-28735 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-28176 CVE-2024-28180 CVE-2023-45290 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [1.33.7-2.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178] [2:1.33.7-2] - update to the latest content of https://github.com/containers/buildah/tree/release-1.33 (https://github.com/containers/buildah/commit/997beea) - Resolves: RHEL-28731 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-45290 CVE-2024-28180 CVE-2024-28176 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [6:0.7.3-3] - rebuild for CVE-2023-45290 - Resolves: RHEL-28388 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-45290 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [1:1.4.0-3] - rebuild for CVE-2023-45290 - Resolves: RHEL-28384 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-45290 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [2.42.6-4] - Backport fixes for CVE-2022-48622 - Resolves: RHEL-36432 MODERATE Copyright 2024 Oracle, Inc. CVE-2022-48622 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [7.1.8.1-12.0.1] - Replace colors with Oracle colors [Orabug: 32120093] - Added the --with-hamcrest option to configure. [7.1.8.1] - Remove Red Hat branding - Change vendor to RESF [1:7.1.8.1-12] - Fix CVE-2023-6185 escape url passed to gstreamer - Fix CVE-2023-6186 check link target protocols [1:7.1.8.1-11] - Resolves: rhbz#2210193 CVE-2023-0950 Array Index UnderFlow in Calc Formula Parsing - Resolves: rhbz#2210197 CVE-2023-2255 libreoffice: Remote documents loaded without prompt via IFrame - Resolves: rhbz#2208510 CVE-2023-1183 libreoffice: Arbitrary File Write [1:7.1.8.1-10] - Fix erroneous libreoffice-ure dependencies [1:7.1.8.1-9] - Resolves: rhbz#2182392 CVE-2022-38745 [1:7.1.8.1-8] - Resolves: rhbz#2134759 Untrusted Macros - Resolves: rhbz#2134757 Weak Master Keys - Resolves: rhbz#2134755 Static Initialization Vector - Resolves: rhbz#2134761 Macro URL arbitrary script execution IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-6185 CVE-2023-6186 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [2.4.5-8] - Bump version to 2.4.5-8 - Fix License tag [2.4.5-7] - Bump version to 2.4.5-7 - Resolves: RHEL-34819 - redhat-ds:11/389-ds-base: Malformed userPassword may cause crash at do_modify in slapd/modify.c - Resolves: RHEL-34825 - redhat-ds:11/389-ds-base: potential denial of service via specially crafted kerberos AS-REQ requ IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-3657 CVE-2024-2199 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [3.0.7-162] - Upgrade to Ruby 3.0.7. Resolves: RHEL-35740 - Fix HTTP response splitting in CGI. Resolves: RHEL-35741 - Fix ReDoS vulnerability in URI. Resolves: RHEL-35742 - Fix ReDoS vulnerability in Time. Resolves: RHEL-35743 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-35744 - Fix RCE vulnerability with .rdoc_options in RDoc. Resolves: RHEL-35746 - Fix arbitrary memory address read vulnerability with Regex search. Resolves: RHEL-35747 [3.0.4-161] - Fix OpenSSL.fips_mode and OpenSSL::PKey.read in OpenSSL 3 FIPS. Resolves: RHEL-12724 - ssl: use ffdhe2048 from RFC 7919 as the default DH group parameters Related: RHEL-12724 [3.0.4-160] - Bypass git submodule test failure on Git >= 2.38.1. - Fix tests with Europe/Amsterdam pre-1970 time on tzdata version 2022b. - Fix for tzdata-2022g. - Fix File.utime test. [3.0.4-160] - Upgrade to Ruby 3.0.4. Resolves: rhbz#2096347 - OpenSSL test suite fixes due to disabled SHA1. Resolves: rbhz#2107696 - Fix double free in Regexp compilation. Resolves: CVE-2022-28738 - Fix buffer overrun in String-to-Float conversion. Resolves: CVE-2022-28739 MODERATE Copyright 2024 Oracle, Inc. CVE-2021-33621 CVE-2024-27281 CVE-2023-28756 CVE-2024-27282 CVE-2024-27280 CVE-2023-28755 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [1.19.1-2] - Resolves: RHEL-26529 - Out of bounds read in ares__read_line() [rhel-9] LOW Copyright 2024 Oracle, Inc. CVE-2024-25629 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [311.2-1.0.1] - Replaced upstream urls in documentation with oracle links [Orabug: 36528753] - Drop subscription-manager-cockpit requirement for ol [Orabug: 34681110] - Remove duplicate reference to server in cockpit [Orabug: 34030494] - Update documentation links [Orabug: 30271413], [Orabug: 32013095], [Orabug: 32795691], [Orabug: 34398512], [Orabug: 34742876] - Update spec file for new release [311.2] - Remove recommends on subscription-manager-cockpit if applicable [311.2-1] - sosreport: Fix command injection with crafted report names [CVE-2024-2947] (jira#RHEL-31074) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-2947 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [2.10-7.0.1.1] - Rebuild with release bump [2.10-7.1] - Security fix for CVE-2024-3651 Resolves: RHEL-33464 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-3651 cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [115.12.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [115.12.0-1] - Update to 115.12.0 build1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-5700 CVE-2024-5702 CVE-2024-5688 CVE-2024-5691 CVE-2024-5693 CVE-2024-5696 CVE-2024-5690 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [1.12.9-1] - Update to 1.12.9 (CVE-2024-32462) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-32462 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [9.54.0-16] - RHEL-39110 fix regression discovered in OPVP device [9.54.0-15] - RHEL-39110 CVE-2024-33871 ghostscript: OPVP device arbitrary code execution via custom Driver library IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-33871 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [115.12.1-1.0.1] - Add Oracle prefs [115.12.1] - Add OpenELA debranding [115.12.1-1] - Update to 115.12.1 build1 [115.12.0-2] - Update to 115.12.0 build2 [115.12.0-1] - Update to 115.12.0 build1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-5696 CVE-2024-5700 CVE-2024-5702 CVE-2024-5691 CVE-2024-5693 CVE-2024-5690 CVE-2024-5688 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [4.12-2.0.1.1] - Add libreswan-oracle.patch to detect Oracle Linux distro [4.12-2.1] - Fix CVE-2024-3652 (RHEL-40102) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-3652 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [3.11.7-1.1] - Security fix for CVE-2023-6597 - Fix tests for XMLPullParser with Expat with fixed CVE Resolves: RHEL-33884 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-6597 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [3.9.18-3.1] - Security fixes for CVE-2023-6597 and CVE-2024-0450 - Fix tests for XMLPullParser with Expat with fixed CVE Resolves: RHEL-33887, RHEL-34287 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-0450 CVE-2023-6597 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_patch Oracle Linux 9 [2.43.5-1] - Update to 2.43.5 - Related: RHEL-36402, RHEL-36414 [2.43.4-1] - Update to 2.43.4 - Resolves: RHEL-36402, RHEL-36414 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-32002 CVE-2024-32020 CVE-2024-32465 CVE-2024-32004 CVE-2024-32021 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [11.5.0-2.0.1] - Replaced upstream graphical references [Orabug: 33952704] [11.5.0-2] - RHEL-9916 CVE-2023-4727 pki-core: dogtag ca: token authentication bypass vulnerability IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-4727 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [1.21.11-1] - Update to Go 1.21.11 that fixes CVE-2024-24789 and CVE-2024-24790 - Resolves: RHEL-40275 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-24789 CVE-2024-24790 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [8.2.0-11.el9_4.4] - Fixing CVE-2024-4467 - Resolves: RHEL-35610 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-4467 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [8.7p1-38.0.2.1] - Update upstream references [Orabug: 36564626] [8.7p1-38.1] - Possible remote code execution due to a race condition (CVE-2024-6387) Resolves: RHEL-45347 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-6387 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 - [5.14.0-427.24.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates [5.14.0-427.24.1_4] - net/bnx2x: Prevent access to a freed page in page_pool (Michal Schmidt) [RHEL-43272 RHEL-23117] - bnx2x: new flag for track HW resource allocation (Michal Schmidt) [RHEL-43272 RHEL-23117] - bnx2x: fix page fault following EEH recovery (Michal Schmidt) [RHEL-43272 RHEL-23117] - bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending() (Michal Schmidt) [RHEL-43272 RHEL-23117] - bnx2x: fix potential memory leak in bnx2x_tpa_stop() (Michal Schmidt) [RHEL-43272 RHEL-23117] - xen-netfront: Add missing skb_mark_for_recycle (Vitaly Kuznetsov) [RHEL-37626 RHEL-36573] {CVE-2024-27393} - tools/power/turbostat: Fix uncore frequency file string (David Arcari) [RHEL-34953 RHEL-29239] - tools/power turbostat: Expand probe_intel_uncore_frequency() (David Arcari) [RHEL-34953 RHEL-29239] - net/mlx5e: fix a potential double-free in fs_any_create_groups (Kamal Heib) [RHEL-38972 RHEL-37093] {CVE-2023-52667} - crypto: qat - Fix typo (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak (Vladis Dronov) [RHEL-38546 RHEL-35816] {CVE-2024-26974} - crypto: qat - specify firmware files for 402xx (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - validate slices count returned by FW (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - improve error logging to be consistent across features (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - improve error message in adf_get_arbiter_mapping() (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - implement dh fallback for primes > 4K (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - Fix spelling mistake 'Invalide' -> 'Invalid' (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - implement interface for live migration (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - add interface for live migration (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - add bank save and restore flows (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - expand CSR operations for QAT GEN4 devices (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - rename get_sla_arr_of_type() (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - relocate CSR access code (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - move PFVF compat checker to a function (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - relocate and rename 4xxx PF2VM definitions (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - adf_get_etr_base() helper (Vladis Dronov) [RHEL-38546 RHEL-35816] - redhat/configs: Add CONFIG_CRYPTO_DEV_QAT_420XX (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - make ring to service map common for QAT GEN4 (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - fix ring to service map for dcc in 420xx (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - fix ring to service map for dcc in 4xxx (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - fix comment structure (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - remove unnecessary description from comment (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - remove double initialization of value (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - avoid division by zero (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - removed unused macro in adf_cnv_dbgfs.c (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - remove unused macros in qat_comp_alg.c (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - uninitialized variable in adf_hb_error_inject_write() (Vladis Dronov) [RHEL-38546 RHEL-35816] - Documentation: qat: fix auto_reset section (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - resolve race condition during AER recovery (Vladis Dronov) [RHEL-38546 RHEL-35816] {CVE-2024-26974} - crypto: qat - change SLAs cleanup flow at shutdown (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - improve aer error reset handling (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - limit heartbeat notifications (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - add auto reset on error (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - add fatal error notification (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - re-enable sriov after pf reset (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - update PFVF protocol for recovery (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - disable arbitration before reset (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - add fatal error notify method (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - add heartbeat error simulator (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - use kcalloc_node() instead of kzalloc_node() (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - avoid memcpy() overflow warning (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - generate dynamically arbiter mappings (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - add support for ring pair level telemetry (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - add support for device telemetry (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - add admin msgs for telemetry (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - include pci.h for GET_DEV() (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - add support for 420xx devices (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - move fw config related structures (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - relocate portions of qat_4xxx code (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - change signature of uof_get_num_objs() (Vladis Dronov) [RHEL-38546 RHEL-35816] - crypto: qat - relocate and rename get_service_enabled() (Vladis Dronov) [RHEL-38546 RHEL-35816] - seq_file: add helper macro to define attribute for rw file (Vladis Dronov) [RHEL-38546 RHEL-35816] - minmax: Introduce {min,max}_array() (Vladis Dronov) [RHEL-38546 RHEL-35816] [5.14.0-427.23.1_4] - net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context (Kamal Heib) [RHEL-34050 RHEL-30492] {CVE-2023-52626} - blk-mq: add helper for checking if one CPU is mapped to specified hctx (Ming Lei) [RHEL-38595 RHEL-36684] - net/sched: flower: Add lock protection when remove filter handle (Petr Oros) [RHEL-35672 RHEL-33379] - Bluetooth: Avoid potential use-after-free in hci_error_reset (David Marlin) [RHEL-33913 RHEL-31828] {CVE-2024-26801} - net: hns3: do not allow call hns3_nic_net_open repeatedly (Jose Ignacio Tornos Martinez) [RHEL-38933 RHEL-37707] {CVE-2021-47400} - tmpfs: fix Documentation of noswap and huge mount options (Nico Pache) [RHEL-38252 RHEL-31975] - shmem: add support to ignore swap (Chris von Recklinghausen) [RHEL-38252 RHEL-31975] - shmem: update documentation (Chris von Recklinghausen) [RHEL-38252 RHEL-31975] - shmem: skip page split if we're not reclaiming (Chris von Recklinghausen) [RHEL-38252 RHEL-31975] - shmem: move reclaim check early on writepages() (Chris von Recklinghausen) [RHEL-38252 RHEL-31975] - shmem: set shmem_writepage() variables early (Chris von Recklinghausen) [RHEL-38252 RHEL-31975] - shmem: remove check for folio lock on writepage() (Chris von Recklinghausen) [RHEL-38252 RHEL-31975] - ice: Add automatic VF reset on Tx MDD events (Petr Oros) [RHEL-39083 RHEL-36317] - net/ipv6: SKB symmetric hash should incorporate transport ports (Ivan Vecera) [RHEL-37641 RHEL-36218] - ipv6: sr: fix memleak in seg6_hmac_init_algo (Hangbin Liu) [RHEL-37669 RHEL-37511] - ipv6: sr: fix missing sk_buff release in seg6_input_core (Hangbin Liu) [RHEL-37669 RHEL-37511] - ipv6: sr: fix invalid unregister error path (Hangbin Liu) [RHEL-37669 RHEL-37511] - ipv6: sr: fix incorrect unregister order (Hangbin Liu) [RHEL-37669 RHEL-37511] - ipv6: sr: add missing seg6_local_exit (Hangbin Liu) [RHEL-37669 RHEL-37511] - block: fix q->blkg_list corruption during disk rebind (Ming Lei) [RHEL-36687 RHEL-33577] - ice: fix uninitialized dplls mutex usage (Petr Oros) [RHEL-36716 RHEL-36283] - ice: fix pin phase adjust updates on PF reset (Petr Oros) [RHEL-36716 RHEL-36283] - ice: fix dpll periodic work data updates on PF reset (Petr Oros) [RHEL-36716 RHEL-36283] - ice: fix dpll and dpll_pin data access on PF reset (Petr Oros) [RHEL-36716 RHEL-36283] - ice: fix dpll input pin phase_adjust value updates (Petr Oros) [RHEL-36716 RHEL-36283] - ice: fix connection state of DPLL and out pin (Petr Oros) [RHEL-36716 RHEL-36283] - redhat: remove the merge subtrees script (Derek Barbosa) - redhat: rhdocs: delete .get_maintainer.conf (Derek Barbosa) - redhat: rhdocs: Remove the rhdocs directory (Derek Barbosa) - net/mlx5: Properly link new fs rules into the tree (Kamal Heib) [RHEL-38954 RHEL-37422] {CVE-2024-35960} - smb: client: fix UAF in smb2_reconnect_server() (Jay Shin) [RHEL-28943 RHEL-40177 RHEL-37273 RHEL-7986] {CVE-2024-35870} - smb: client: remove extra @chan_count check in __cifs_put_smb_ses() (Jay Shin) [RHEL-28943 RHEL-31245] - RHEL: enable CONFIG_AMD_ATL (Aristeu Rozanski) [RHEL-36220 RHEL-26704] - EDAC/amd64: Use new AMD Address Translation Library (Aristeu Rozanski) [RHEL-36220 RHEL-26704] - RAS: Introduce AMD Address Translation Library (Aristeu Rozanski) [RHEL-36220 RHEL-26704] MODERATE Copyright 2024 Oracle, Inc. CVE-2024-27393 CVE-2024-35870 CVE-2023-52626 CVE-2024-26801 CVE-2024-26974 CVE-2024-35960 CVE-2023-52667 CVE-2021-47400 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_patch Oracle Linux 9 [1.33.7-3.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178] [2:1.33.7-3] - rebuild for CVE-2024-1394 - Resolves: RHEL-24307 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1394 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [4.9.4-5.0.1] - Fixes issue of podman execvp error while using podmansh [Orabug: 36073625] - Improved saving remote build context to tarfile in Podman daemon [Orabug: 36495655] - Add devices on container startup, not on creation - Backport fast gzip for compression [Orabug: 36420418] - overlay: Put should ignore ENINVAL for Unmount [Orabug: 36234694] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404] [4:4.9.4-5] - rebuild for CVE-2024-1394 - Resolves: RHEL-40793 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1394 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [6:0.7.3-4] - rebuild for CVE-2024-1394 - Resolves: RHEL-24315 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1394 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [4.10.0-62.4] - bundled urllib3: fix CVE-2024-37891 Resolves: RHEL-43956 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-37891 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch cpe:/a:oracle:linux:9::addons Oracle Linux 9 [6.0.132-1.0.1] - Add support for Oracle Linux [6.0.132-1] - Update to .NET SDK 6.0.132 and Runtime 6.0.32 - Resolves: RHEL-45321 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-38095 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [8.0.107-1.0.1] - Add support for Oracle Linux [8.0.107-1] - Update to .NET SDK 8.0.107 and Runtime 8.0.7 - Resolves: RHEL-45324 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-35264 CVE-2024-38095 CVE-2024-30105 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [8.7p1-38.0.2.4] - Possible remote code execution due to a race condition (CVE-2024-6409) Resolves: RHEL-45741 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-6409 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [115.13.0-3.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [115.13.0] - Add debranding patches (Mustafa Gezen) - Add OpenELA default preferences (Louis Abel) [115.13.0-3] - Update to 115.13.0 build3 [115.13.0-2] - Update to 115.13.0 build2 [115.13.0-1] - Update to 115.13.0 build1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-6601 CVE-2024-6603 CVE-2024-6604 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [2:1.14.3-3] - golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1394 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 8 Oracle Linux 9 [1.8.0.422.b05-2.0.1] - Add Oracle vendor bug URL [Orabug: 34340155] [1:1.8.0.422.b05-1.1] - Update to shenandoah-jdk8u422-b05 (GA) - Update release notes for shenandoah-8u422-b05. - Rebase PR2462 patch following patched hunk being removed by JDK-8322106 - Switch to GA mode. - Sync the copy of the portable specfile with the latest update - Actually require tzdata 2024a now it is available in the buildroot - Add missing build dependencies on zlib-devel and tar - Update LCMS version to match JDK-8245400 - ** This tarball is embargoed until 2024-07-16 @ 1pm PT. ** - Resolves: RHEL-46866 - Resolves: RHEL-47001 [1:1.8.0.422.b01-0.1.ea] - Update to shenandoah-jdk8u422-b01 (EA) - Update release notes for shenandoah-8u422-b01. - Switch to EA mode. - Sync the copy of the portable specfile with the latest update - Restore NEWS file and rename remove-intree-libraries.sh so portable can be rebuilt - Document policy repacking script and rename to correct spelling and style - Limit Java only tests to one architecture using jdk_test_arch - Related: RHEL-46866 - Resolves: RHEL-47067 - Resolves: RHEL-47087 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-21131 CVE-2024-21138 CVE-2024-21140 CVE-2024-21144 CVE-2024-21145 CVE-2024-21147 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 9 Oracle Linux 8 [11.0.24.0.8-2.0.1] - Add Oracle vendor bug URL [Orabug: 34340155] [1:11.0.24.0.8-1] - Update to jdk-11.0.24+8 (GA) - Update release notes to 11.0.24+8 - Adjusted DTLS & RPATH NEWS entries to match OpenJDK 17 & 21 release notes - Switch to GA mode for release - Fix Provides to reflect up to date component versions - Add zlib build required or bundled version (1.3.1), depending on system_libs setting - Resolves: RHEL-45202 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-21131 CVE-2024-21147 CVE-2024-21144 CVE-2024-21138 CVE-2024-21145 CVE-2024-21140 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 Oracle Linux 9 [1:17.0.12.0.7-2.0.1] - Add Oracle vendor bug URL [1:17.0.12.0.7-2] - Update to jdk-17.0.12+7 (GA) - Update .gitignore to ignore openjdk-17.0.12+7.tar.xz - Sync java-17-openjdk-portable.specfile - Set buildver to 7 - Set portablerelease 1 - Set is_ga to 1 - Update sources to openjdk-17.0.12+7.tar.xz - Resolves: RHEL-46641 - Resolves: RHEL-47019 - ** This tarball is embargoed until 2024-07-16 @ 1pm PT. ** [1:17.0.12.0.6-0.1.ea] - Add debuginfo section to rpminspect.yaml (OPENJDK-2904) - Add unicode section to rpminspect.yaml (OPENJDK-2904) [1:17.0.12.0.6-0.1.ea] - Add upstream patch that removes illegal RLO Unicode characters (JDK-8332174) - Sync the copy of the portable specfile with the latest update [1:17.0.12.0.6-0.1.ea] - Delete fips-17u-d63771ea660.patch - Add fips-17u-e893be00150.patch - Update fipsver to e893be00150 [1:17.0.12.0.6-0.1.ea] - generate_source_tarball.sh: Use tar exclude options for VCS files - generate_source_tarball.sh: Improve VCS exclusion [1:17.0.12.0.6-0.1.ea] - generate_source_tarball.sh: Update examples in header for clarity - generate_source_tarball.sh: Cleanup message issued when checkout already exists - generate_source_tarball.sh: Create directory in TMPDIR when using WITH_TEMP - generate_source_tarball.sh: Only add --depth=1 on non-local repositories - icedtea_sync.sh: Reinstate from rhel-8.9.0 branch - Move maintenance scripts to a scripts subdirectory - discover_trees.sh: Set compile-command and indentation instructions for Emacs - discover_trees.sh: shellcheck: Do not use -o (SC2166) - discover_trees.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) - discover_trees.sh: shellcheck: Double-quote variable references (SC2086) - generate_source_tarball.sh: Add authorship - icedtea_sync.sh: Set compile-command and indentation instructions for Emacs - icedtea_sync.sh: shellcheck: Double-quote variable references (SC2086) - icedtea_sync.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) - openjdk_news.sh: Set compile-command and indentation instructions for Emacs - openjdk_news.sh: shellcheck: Double-quote variable references (SC2086) - openjdk_news.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) - openjdk_news.sh: shellcheck: Remove deprecated egrep usage (SC2196) - generate_source_tarball.sh: Output values of new options WITH_TEMP and OPENJDK_LATEST - generate_source_tarball.sh: Double-quote DEPTH reference (SC2086) - generate_source_tarball.sh: Avoid empty DEPTH reference while still appeasing shellcheck [1:17.0.12.0.6-0.1.ea] - Update to jdk-17.0.12+6 (EA) - Add openjdk-17.0.12+6-ea.tar.xz to .gitignore - Set updatever to 12 - Set buildver to 6 - Set rpmrelease to 1 - Set is_ga to 0 - Update sources to openjdk-17.0.12+6-ea.tar.xz - Require tzdata-java 2024a at runtime and for build (JDK-8325150) - Update lcms2 bundled provides to 2.16.0 - Add zlib 1.3.1 bundled provides and zlib-devel build requirement (OPENJDK-3065) - Label as error a designator mismatch - Change a fix-me comment to a note instead - Sync generate_source_tarball.sh from Fedora rawhide IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-21131 CVE-2024-21140 CVE-2024-21145 CVE-2024-21138 CVE-2024-21147 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 Oracle Linux 9 [1:21.0.4.0.7-1.0.1] - Add Oracle vendor bug URL [Orabug: 34340155] [1:21.0.4.0.7-1] - Update to jdk-21.0.4+7 (GA) - Update release notes to 21.0.4+7 - Switch to GA mode. - Sync the copy of the portable specfile with the latest update - Add missing section headers in NEWS - ** This tarball is embargoed until 2024-07-16 @ 1pm PT. ** - Resolves: RHEL-47022 [1:21.0.4.0.5-0.1.ea] - Update to jdk-21.0.4+5 (EA) - Update release notes to 21.0.4+5 - Limit Java only tests to one architecture using jdk_test_arch - Actually require tzdata 2024a now it is available in the buildroot - Resolves: RHEL-45356 - Resolves: RHEL-47399 [1:21.0.4.0.1-0.1.ea] - Update to jdk-21.0.4+1 (EA) - Update release notes to 21.0.4+1 - Switch to EA mode - Bump LCMS 2 version to 2.16.0 following JDK-8321489 - Add zlib build requirement or bundled version (1.3.1), depending on system_libs setting - Restore NEWS file so portable can be rebuilt - Sync the copy of the portable specfile with the latest update - Related: RHEL-45356 - Resolves: RHEL-46028 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-21131 CVE-2024-21138 CVE-2024-21145 CVE-2024-21147 CVE-2024-21140 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 9 - [5.14.0-427.26.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates [5.14.0-427.26.1_4] - net: ena: Fix incorrect descriptor free behavior (Kamal Heib) [RHEL-39217 RHEL-37430] {CVE-2024-35958} - tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). (Guillaume Nault) [RHEL-41749 RHEL-39837] {CVE-2024-36904} - mm/mglru: Revert 'don't sync disk for each aging cycle' (Waiman Long) [RHEL-44418] - tipc: fix UAF in error path (Xin Long) [RHEL-34848 RHEL-34280] {CVE-2024-36886} - selftest/cgroup: Update test_cpuset_prs.sh to match changes (Waiman Long) [RHEL-45139] - cgroup/cpuset: Make cpuset.cpus.exclusive independent of cpuset.cpus (Waiman Long) [RHEL-45139] - cgroup/cpuset: Delay setting of CS_CPU_EXCLUSIVE until valid partition (Waiman Long) [RHEL-45139] - selftest/cgroup: Fix test_cpuset_prs.sh problems reported by test robot (Waiman Long) [RHEL-45139] - cgroup/cpuset: Fix remote root partition creation problem (Waiman Long) [RHEL-45139] - cgroup/cpuset: Optimize isolated partition only generate_sched_domains() calls (Waiman Long) [RHEL-45139] - cgroup/cpuset: Fix retval in update_cpumask() (Waiman Long) [RHEL-45139] - cgroup/cpuset: Fix a memory leak in update_exclusive_cpumask() (Waiman Long) [RHEL-45139] - ice: implement AQ download pkg retry (Petr Oros) [RHEL-38907 RHEL-17318] - redhat: include resolve_btfids in kernel-devel (Viktor Malik) [RHEL-43426 RHEL-40707] - blk-cgroup: fix list corruption from resetting io stat (cki-backport-bot) [RHEL-44977] {CVE-2024-38663} - misc: rtsx: do clear express reg every SD_INT (David Arcari) [RHEL-39985 RHEL-33706] - misc: rtsx: Fix rts5264 driver status incorrect when card removed (David Arcari) [RHEL-39985 RHEL-33706] - netfilter: tproxy: bail out if IP has been disabled on the device (cki-backport-bot) [RHEL-44371] {CVE-2024-36270} - lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure (cki-backport-bot) [RHEL-44263 RHEL-44261] {CVE-2024-38543} - r8169: Fix possible ring buffer corruption on fragmented Tx packets. (cki-backport-bot) [RHEL-44039] {CVE-2024-38586} - net: micrel: Fix receiving the timestamp in the frame for lan8841 (cki-backport-bot) [RHEL-43996] {CVE-2024-38593} - vt: fix memory overlapping when deleting chars in the buffer (Waiman Long) [RHEL-43379 RHEL-27780] {CVE-2022-48627} - net/mlx5e: Use a memory barrier to enforce PTP WQ xmit submission tracking occurs after populating the metadata_map (Kamal Heib) [RHEL-42728 RHEL-34192] {CVE-2024-26858} - locking/atomic: Make test_and_*_bit() ordered on failure (Paolo Bonzini) [RHEL-45896] - mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index (Rafael Aquini) [RHEL-42659 RHEL-31840] {CVE-2024-26783} - can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock (Jose Ignacio Tornos Martinez) [RHEL-42379 RHEL-31530] {CVE-2023-52638} - ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() (Ken Cox) [RHEL-42226 RHEL-38715] {CVE-2021-47548} [5.14.0-427.25.1_4] - nvme: fix reconnection fail due to reserved tag allocation (Maurizio Lombardi) [RHEL-42896 RHEL-36896] {CVE-2024-27435} - net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg (cki-backport-bot) [RHEL-43625] {CVE-2021-47596} - scsi: sg: Avoid race in error handling & drop bogus warn (Ewan D. Milne) [RHEL-36106 RHEL-35659] - scsi: sg: Avoid sg device teardown race (Ewan D. Milne) [RHEL-36106 RHEL-35659] - netfilter: nf_tables: use timestamp to check for set element timeout (Florian Westphal) [RHEL-38032 RHEL-33985] {CVE-2024-27397} - netfilter: nft_set_rbtree: Remove unused variable nft_net (Florian Westphal) [RHEL-38032 RHEL-33985] - netfilter: nft_set_rbtree: prefer sync gc to async worker (Florian Westphal) [RHEL-38032 RHEL-33985] - netfilter: nft_set_rbtree: rename gc deactivate+erase function (Florian Westphal) [RHEL-38032 RHEL-33985] - netfilter: nf_tables: de-constify set commit ops function argument (Florian Westphal) [RHEL-38032 RHEL-33985] - octeontx2-af: avoid off-by-one read from userspace (Kamal Heib) [RHEL-40486 RHEL-39873] {CVE-2024-36957} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2021-47548 CVE-2023-52638 CVE-2024-27397 CVE-2024-35958 CVE-2024-36270 CVE-2024-38586 CVE-2024-38593 CVE-2024-38663 CVE-2021-47596 CVE-2024-36957 CVE-2024-36904 CVE-2024-27435 CVE-2024-26858 CVE-2024-38543 CVE-2022-48627 CVE-2024-36886 CVE-2024-26783 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_patch Oracle Linux 9 [5.15.9-10] - HTTP2: Delay any communication until encrypted() can be responded to Resolves: RHEL-46348 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-39936 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [115.13.0-3.0.1] - Add Oracle prefs [115.13.0] - Add OpenELA debranding [115.13.0-3] - Update to 115.13.0 build5 [115.13.0-2] - Update to 115.13.0 build3 [115.13.0-1] - Update to 115.13.0 build1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-6604 CVE-2024-6601 CVE-2024-6603 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1.8-6] - Validate route information option length [1.8-5] - Convert the license tag to SPDX format Related: RHELMISC-1363 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-5564 cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [2.4.57-11.0.1] - Replace index.html with Oracle's index page oracle_index.html. [2.4.57-11] - Resolves: RHEL-45792 - httpd: Encoding problem in mod_proxy (CVE-2024-38473) [2.4.57-9] - Resolves: RHEL-45766 - httpd: null pointer dereference in mod_proxy (CVE-2024-38477) - Resolves: RHEL-45749 - httpd: Potential SSRF in mod_rewrite (CVE-2024-39573) - Resolves: RHEL-45818 - httpd: Substitution encoding issue in mod_rewrite (CVE-2024-38474) - Resolves: RHEL-45771 - httpd: Improper escaping of output in mod_rewrite (CVE-2024-38475) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-38474 CVE-2024-38473 CVE-2024-38477 CVE-2024-39573 CVE-2024-38475 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [20231122-6.0.1.el9_4.2] - Replace upstream references [Orabug:36569119] [20231122-6.el9_4.2] - edk2-NetworkPkg-SECURITY-PATCH-CVE-2023-45237.patch [RHEL-40270 RHEL-40272] - edk2-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch [RHEL-40270 RHEL-40272] - edk2-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch [RHEL-40270 RHEL-40272] - edk2-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-che.patch [RHEL-40270 RHEL-40272] - edk2-SecurityPkg-RngDxe-add-rng-test.patch [RHEL-40270 RHEL-40272] - edk2-OvmfPkg-wire-up-RngDxe.patch [RHEL-40270 RHEL-40272] - edk2-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch [RHEL-40270 RHEL-40272] - edk2-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch [RHEL-40270 RHEL-40272] - Resolves: RHEL-40270 (CVE-2023-45237 edk2: Use of a Weak PseudoRandom Number Generator [rhel-9.4.z]) - Resolves: RHEL-40272 (CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [rhel-9.4.z]) [20231122-6.el9_4.1] - edk2-EmbeddedPkg-Hob-Integer-Overflow-in-CreateHob.patch [RHEL-30156] - edk2-StandaloneMmPkg-Hob-Integer-Overflow-in-CreateHob.patch [RHEL-30156] - Resolves: RHEL-30156 (CVE-2022-36765 edk2: integer overflow in CreateHob() could lead to HOB OOB R/W [rhel-9.4.z]) MODERATE Copyright 2024 Oracle, Inc. CVE-2022-36765 CVE-2023-45236 CVE-2023-45237 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [7.1.8.1-13.0.1] - Replace colors with Oracle colors [Orabug: 32120093] - Added the --with-hamcrest option to configure. [1:7.1.8.1-13] - Fix CVE-2024-3044 add notify for script use MODERATE Copyright 2024 Oracle, Inc. CVE-2024-3044 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1:1.42.0-2] - Backport fix for CVE-2024-24806 Resolves: RHEL-24791 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-24806 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [10.0.0-6.6.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] [10.0.0-6.6.el9_4] - vmx: Do not require DVS Port ID (RHEL-45520) - vmx: Do not require all ID data for VMWare Distributed Switch (RHEL-46595) [10.0.0-6.5.el9_4] - qemu: Fix migration with disabled vmx-* CPU features (RHEL-44984) [10.0.0-6.4.el9_4] - rpc: ensure temporary GSource is removed from client event loop (CVE-2024-4418) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-4418 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1:1.4.0-4] - rebuild for CVE-2024-1394 - Resolves: RHEL-40809 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1394 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [4:1.1.12-3] - rebuild for CVE-2024-1394 - Resolves: RHEL-24320 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-1394 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [3.11.7-1.3] - Security fix for CVE-2024-4032 Resolves: RHEL-44097 [3.11.7-1.2] - Enable importing of hash-based .pyc files under FIPS mode Resolves: RHEL-40785 LOW Copyright 2024 Oracle, Inc. CVE-2024-4032 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1:2.3.3op2-27] - Revert the cups-libs license identifier to the 'legacy' format [1:2.3.3op2-26] - RHEL-40388 cups: Cupsd Listen arbitrary chmod 0140777 - Delete the domain socket file after stopping the cups.socket service - Fix cupsd Listener checks [1:2.3.3op2-25] - CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-35235 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [3.9.18-3.3] - Security fix for CVE-2024-4032 Resolves: RHEL-44106 [3.9.18-3.2] - Enable importing of hash-based .pyc files under FIPS mode Resolves: RHEL-40767 LOW Copyright 2024 Oracle, Inc. CVE-2024-4032 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_patch Oracle Linux 9 [7:5.5-13] - Resolves: RHEL-45056 - squid: Out-of-bounds write error may lead to Denial of Service (CVE-2024-37894) - Resolves: RHEL-45643 - squid: vulnerable to a Denial of Service attack against Cache Manager error responses (CVE-2024-23638) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-23638 CVE-2024-37894 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 - [5.14.0-427.28.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates [5.14.0-427.28.1_4] - mlxbf_gige: call request_irq() after NAPI initialized (Kamal Heib) [RHEL-43012 RHEL-37179] {CVE-2024-35907} - mlxbf_gige: stop PHY during open() error paths (Kamal Heib) [RHEL-43012 RHEL-37179] {CVE-2024-35907} - mlxbf_gige: stop interface during shutdown (Kamal Heib) [RHEL-41708 RHEL-37244] {CVE-2024-35885} - net: amd-xgbe: Fix skb data length underflow (Ken Cox) [RHEL-43796 RHEL-43794] {CVE-2022-48743} - nfp: flower: handle acti_netdevs allocation failure (Ken Cox) [RHEL-42852 RHEL-35158] {CVE-2024-27046} - block: add check that partition length needs to be aligned with block size (Ming Lei) [RHEL-45501 RHEL-26616] {CVE-2023-52458} - nfsd: hold a lighter-weight client reference over CB_RECALL_ANY (Benjamin Coddington) [RHEL-45517 RHEL-31513] - NFSD: CREATE_SESSION must never cache NFS4ERR_DELAY replies (Benjamin Coddington) [RHEL-45517 RHEL-31513] - NFSD: Document the phases of CREATE_SESSION (Benjamin Coddington) [RHEL-45517 RHEL-31513] - NFSD: Fix the NFSv4.1 CREATE_SESSION operation (Benjamin Coddington) [RHEL-45517 RHEL-31513] - icmp: prevent possible NULL dereferences from icmp_build_probe() (Antoine Tenart) [RHEL-42974 RHEL-37002] {CVE-2024-35857} - NFSv4.1: fix handling NFS4ERR_DELAY when testing for session trunking (Scott Mayhew) [RHEL-45360 RHEL-24133] - RAS/AMD/ATL: Use system settings for MI300 DRAM to normalized address translation (Aristeu Rozanski) [RHEL-46335 RHEL-38634] - RAS/AMD/ATL: Fix MI300 bank hash (Aristeu Rozanski) [RHEL-46335 RHEL-38634] - net/ipv6: avoid possible UAF in ip6_route_mpath_notify() (Hangbin Liu) [RHEL-42689 RHEL-33271] {CVE-2024-26852} - epoll: be better about file lifetimes (Pavel Reichl) [RHEL-44091 RHEL-44083] {CVE-2024-38580} - scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (Dick Kennedy) [RHEL-40659 RHEL-40665 RHEL-24508 RHEL-39793] {CVE-2024-36924} - scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (Dick Kennedy) [RHEL-40659 RHEL-40669 RHEL-24508 RHEL-39887] {CVE-2024-36952} - bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel (Viktor Malik) [RHEL-42640 RHEL-31726] {CVE-2024-26737} - can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv (Ken Cox) [RHEL-41489 RHEL-38415] {CVE-2021-47459} - wifi: ath11k: restore country code during resume (Jose Ignacio Tornos Martinez) [RHEL-46230 RHEL-12349] - wifi: ath11k: refactor setting country code logic (Jose Ignacio Tornos Martinez) [RHEL-46230 RHEL-12349] - bus: mhi: host: Add mhi_power_down_keep_dev() API to support system suspend/hibernation (Jose Ignacio Tornos Martinez) [RHEL-46230 RHEL-12349] - net: qrtr: support suspend/hibernation (Jose Ignacio Tornos Martinez) [RHEL-46230 RHEL-12349] - wifi: ath11k: support hibernation (Jose Ignacio Tornos Martinez) [RHEL-46230 RHEL-12349] - wifi: ath11k: thermal: don't try to register multiple times (Jose Ignacio Tornos Martinez) [RHEL-46230 RHEL-12349] - wifi: ath11k: fix warning on DMA ring capabilities event (Jose Ignacio Tornos Martinez) [RHEL-46230 RHEL-12349] - wifi: ath11k: do not dump SRNG statistics during resume (Jose Ignacio Tornos Martinez) [RHEL-46230 RHEL-12349] - wifi: ath11k: remove MHI LOOPBACK channels (Jose Ignacio Tornos Martinez) [RHEL-46230 RHEL-12349] - wifi: ath11k: rearrange IRQ enable/disable in reset path (Jose Ignacio Tornos Martinez) [RHEL-46230 RHEL-12349] [5.14.0-427.27.1_4] - drm/ast: Fix soft lockup (CKI Backport Bot) [RHEL-45716] - dm: call the resume method on internal suspend (Benjamin Marzinski) [RHEL-41838 RHEL-33217] {CVE-2024-26880} - KVM: arm64: Do not re-initialize the KVM lock (Sebastian Ott) [RHEL-37528 RHEL-36279] - KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() (Sebastian Ott) [RHEL-37528 RHEL-36279] - KVM: arm64: Fix host-programmed guest events in nVHE (Sebastian Ott) [RHEL-37528 RHEL-36279] - KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler (Sebastian Ott) [RHEL-37528 RHEL-36279] - KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() (Sebastian Ott) [RHEL-37528 RHEL-36279] - KVM: arm64: Fix double-free following kvm_pgtable_stage2_free_unlinked() (Sebastian Ott) [RHEL-37528 RHEL-36279] - octeontx2-af: Use separate handlers for interrupts (Kamal Heib) [RHEL-42846 RHEL-35170] {CVE-2024-27030} - Squashfs: check the inode number is not the invalid value of zero (Abhi Das) [RHEL-42811 RHEL-35098] {CVE-2024-26982} - net: fix sk_memory_allocated_{add|sub} vs softirqs (Paolo Abeni) [RHEL-36773 RHEL-34070] - tcp: sk_forced_mem_schedule() optimization (Paolo Abeni) [RHEL-36773 RHEL-34070] - net: make SK_MEMORY_PCPU_RESERV tunable (Paolo Abeni) [RHEL-36773 RHEL-34070] - ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() (Pavel Reichl) [RHEL-42655 RHEL-31690] {CVE-2024-26773} - scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (John Meneghini) [RHEL-42528 RHEL-38200] {CVE-2023-52809} - KVM: x86/mmu: Retry fault before acquiring mmu_lock if mapping is changing (Maxim Levitsky) [RHEL-43388] - s390/cpum_cf: make crypto counters upward compatible across machine types (Tobias Huschle) [RHEL-40398 RHEL-36047] - RAS: enable CONFIG_RAS_FMPM (Aristeu Rozanski) [RHEL-36212 RHEL-17008] - RAS: Avoid build errors when CONFIG_DEBUG_FS=n (Aristeu Rozanski) [RHEL-36212 RHEL-17008] - RAS/AMD/FMPM: Safely handle saved records of various sizes (Aristeu Rozanski) [RHEL-36212 RHEL-17008] - RAS/AMD/FMPM: Avoid NULL ptr deref in get_saved_records() (Aristeu Rozanski) [RHEL-36212 RHEL-17008] - Merge tag 'edac_updates_for_v6.9' of git://git.kernel.org/pub/scm/linux/kernel/git/ras/ras (Aristeu Rozanski) [RHEL-36212 RHEL-17008] - RAS/AMD/FMPM: Fix off by one when unwinding on error (Aristeu Rozanski) [RHEL-36212 RHEL-17008] - RAS/AMD/FMPM: Add debugfs interface to print record entries (Aristeu Rozanski) [RHEL-36212 RHEL-17008] - RAS/AMD/FMPM: Save SPA values (Aristeu Rozanski) [RHEL-36212 RHEL-17008] - RAS: Export helper to get ras_debugfs_dir (Aristeu Rozanski) [RHEL-36212 RHEL-17008] - RAS/AMD/ATL: Fix bit overflow in denorm_addr_df4_np2() (Aristeu Rozanski) [RHEL-36212 RHEL-17008] - RAS: Introduce a FRU memory poison manager (Aristeu Rozanski) [RHEL-36212 RHEL-17008] - x86/cpu/amd: Provide a separate accessor for Node ID (Aristeu Rozanski) [RHEL-36212 RHEL-17008] - RAS/AMD/ATL: Add MI300 row retirement support (Aristeu Rozanski) [RHEL-36212 RHEL-17008] - Documentation: Move RAS section to admin-guide (Aristeu Rozanski) [RHEL-36212 RHEL-17008] - RAS/AMD/ATL: Add MI300 DRAM to normalized address translation support (Aristeu Rozanski) [RHEL-36212 RHEL-17008] - RAS/AMD/ATL: Fix array overflow in get_logical_coh_st_fabric_id_mi300() (Aristeu Rozanski) [RHEL-36212 RHEL-17008] - RAS/AMD/ATL: Add MI300 support (Aristeu Rozanski) [RHEL-36212 RHEL-17008] - Documentation: RAS: Add index and address translation section (Aristeu Rozanski) [RHEL-36212 RHEL-17008] - cpu/SMT: Make SMT control more robust against enumeration failures (Aristeu Rozanski) [RHEL-36212 RHEL-17008] MODERATE Copyright 2024 Oracle, Inc. CVE-2021-47459 CVE-2024-26773 CVE-2024-26852 CVE-2024-35857 CVE-2024-26880 CVE-2024-36924 CVE-2024-36952 CVE-2023-52809 CVE-2024-38580 CVE-2023-52458 CVE-2024-26982 CVE-2024-35907 CVE-2024-27046 CVE-2024-35885 CVE-2022-48743 CVE-2024-26737 CVE-2024-27030 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_patch Oracle Linux 9 [3.0.21-40] - Backport fixes for BlastRADIUS CVE Resolves: RHEL-46566 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-3596 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [2.4.57-11.0.1.el9_4.1] - Replace index.html with Oracle's index page oracle_index.html. [2.4.57-11.1] - Resolves: RHEL-46047 - httpd: Security issues via backend applications whose response headers are malicious or exploitable (CVE-2024-38476) - Resolves: RHEL-53021 - Regression introduced by CVE-2024-38474 fix IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-38476 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [2.4.5-9] - Bump version to 2.4.5-9 - Resolves: RHEL-44323 - unauthenticated user can trigger a DoS by sending a specific extended search request - Resolves: RHEL-40945 - Malformed userPassword hash may cause Denial of Service - Resolves: RHEL-49457 - perf search result investigation for many large static groups and members - Resolves: RHEL-49459 - subsuffix are not returned in one level scoped search MODERATE Copyright 2024 Oracle, Inc. CVE-2024-6237 CVE-2024-5953 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 bind [9.16.23-18.0.1.6] - Fix warning when changing device file permissions [Orabug: 36518580] [32:9.16.23-18.6] - Minor fix of reclimit test backport (CVE-2024-1737) [32:9.16.23-18.5] - Backport addition of max-records-per-type and max-records-per-type options [32:9.16.23-18.2] - Resolve CVE-2024-1975 - Resolve CVE-2024-1737 - Resolve CVE-2024-4076 - Add ability to change runtime limits for max types and records per name [32:9.16.23-18.1] - Rebuild with correct z-stream tag again [32:9.16.23-18] - Prevent crashing at masterformat system test (CVE-2023-6516) [32:9.16.23-17] - Import tests for large DNS messages fix - Add downstream change complementing CVE-2023-50387 [32:9.16.23-16] - Prevent increased CPU load on large DNS messages (CVE-2023-4408) - Prevent assertion failure when nxdomain-redirect is used with RFC 1918 reverse zones (CVE-2023-5517) - Prevent assertion failure if DNS64 and serve-stale is used (CVE-2023-5679) - Specific recursive query patterns may lead to an out-of-memory condition (CVE-2023-6516) - Prevent increased CPU consumption in DNSSEC validator (CVE-2023-50387 CVE-2023-50868) [32:9.16.23-15] - Update addresses of b.root-servers.net (RHEL-18188) [32:9.16.23-14] - Limit the amount of recursion possible in control channel (CVE-2023-3341) [32:9.16.23-13] - Prevent possible endless loop when refreshing stale data (CVE-2023-2911) [32:9.16.23-12] - Strengten cache cleaning to prevent overflowing configured limit (CVE-2023-2828) [32:9.16.23-11] - Correct backport issue in statistics rendering fix (#2126912) [32:9.16.23-10] - Handle subtle difference between upstream and rhel (CVE-2022-3094) [32:9.16.23-9] - Prevent flooding with UPDATE requests (CVE-2022-3094) - Handle RRSIG queries when server-stale is active (CVE-2022-3736) - Fix crash when soft-quota is reached and serve-stale is active (CVE-2022-3924) [32:9.16.23-8] - Correct regression preventing bind-dyndb-ldap build (#2162795) [32:9.16.23-7] - Prevent freeing zone during statistics rendering (#2101712) [32:9.16.23-6] - Bound the amount of work performed for delegations (CVE-2022-2795) - Add /usr/lib64/named to bind-chroot (#2129466) [32:9.16.23-5] - Fix possible serve-stale related crash (CVE-2022-3080) - Fix memory leak in ECDSA verify processing (CVE-2022-38177) - Fix memory leak in EdDSA verify processing (CVE-2022-38178) bind-dyndb-ldap [11.9-10] - Rebuilt for BIND CVE-2024-1737 fixes (CVE-2024-1737) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-4076 CVE-2024-1737 CVE-2024-1975 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [65.5.1-2.1] - Security fix for CVE-2024-6345 Resolves: RHEL-50490 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-6345 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [115.14.0-2.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [115.14.0] - Add debranding patches (Mustafa Gezen) - Add OpenELA default preferences (Louis Abel) [115.14.0-2] - Update to 115.14.0 build2 [115.14.0-1] - Update to 115.14.0 build1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-7522 CVE-2024-7519 CVE-2024-7526 CVE-2024-7521 CVE-2024-7518 CVE-2024-7520 CVE-2024-7525 CVE-2024-7527 CVE-2024-7528 CVE-2024-7529 CVE-2024-7524 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [8.0.108-1.0.1] - Add support for Oracle Linux [8.0.108-1] - Update to .NET SDK 8.0.108 and Runtime 8.0.8 - Resolves: RHEL-52389 [8.0.107-2] - Fix ownership of some missed directories - Resolves: RHEL-47080 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-38167 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [5.14.0-427.31.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates [5.14.0-427.31.1_4] - net: fix __dst_negative_advice() race (CKI Backport Bot) [RHEL-46798] {CVE-2024-36971} - net: annotate data-races around sk->sk_dst_pending_confirm (CKI Backport Bot) [RHEL-46798] {CVE-2024-36971} [5.14.0-427.30.1_4] - dmaengine: idxd: add a write() method for applications to submit work (Jerry Snitselaar) [RHEL-35840] {CVE-2024-21823} - dmaengine: idxd: add a new security check to deal with a hardware erratum (Jerry Snitselaar) [RHEL-35840] {CVE-2024-21823} - VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist (Jerry Snitselaar) [RHEL-35840] {CVE-2024-21823} - tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer (Mark Salter) [RHEL-49538 RHEL-39308] - virtio: delete vq in vp_find_vqs_msix() when request_irq() fails (Jon Maloy) [RHEL-44467] {CVE-2024-37353} - phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (Izabela Bakollari) [RHEL-36271 RHEL-26682] {CVE-2024-26600} - eeprom: at24: fix memory corruption race condition (CKI Backport Bot) [RHEL-42970] {CVE-2024-35848} - eeprom: at24: Probe for DDR3 thermal sensor in the SPD case (CKI Backport Bot) [RHEL-42970] {CVE-2024-35848} - eeprom: at24: Use dev_err_probe for nvmem register failure (CKI Backport Bot) [RHEL-42970] {CVE-2024-35848} - eeprom: at24: Add support for 24c1025 EEPROM (CKI Backport Bot) [RHEL-42970] {CVE-2024-35848} - eeprom: at24: remove struct at24_client (CKI Backport Bot) [RHEL-42970] {CVE-2024-35848} - at24: Support probing while in non-zero ACPI D state (CKI Backport Bot) [RHEL-42970] {CVE-2024-35848} - tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). (CKI Backport Bot) [RHEL-44439] {CVE-2024-37356} - cxl/region: Fix cxlr_pmem leaks (cki-backport-bot) [RHEL-44486] {CVE-2024-38391} - tls: fix missing memory barrier in tls_init (cki-backport-bot) [RHEL-44480] {CVE-2024-36489} - igc: avoid returning frame twice in XDP_REDIRECT (Corinna Vinschen) [RHEL-42714 RHEL-33266] {CVE-2024-26853} - ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound (Hangbin Liu) [RHEL-44404 RHEL-44402] {CVE-2024-33621} - ipvlan: add ipvlan_route_v6_outbound() helper (Davide Caratti) [RHEL-44404 RHEL-32205] - ipvlan: properly track tx_errors (Davide Caratti) [RHEL-44404 RHEL-32205] - wifi: nl80211: don't free NULL coalescing rule (Jose Ignacio Tornos Martinez) [RHEL-41698 RHEL-39754] {CVE-2024-36941} - wifi: iwlwifi: dbg-tlv: ensure NUL termination (Jose Ignacio Tornos Martinez) [RHEL-41658 RHEL-37028] {CVE-2024-35845} - mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work (Ivan Vecera) [RHEL-41556 RHEL-37018] {CVE-2024-35852} - net: openvswitch: fix overwriting ct original tuple for ICMPv6 (cki-backport-bot) [RHEL-44215] {CVE-2024-38558} - wifi: iwlwifi: read txq->read_ptr under lock (Jose Ignacio Tornos Martinez) [RHEL-41520 RHEL-39799] {CVE-2024-36922} - wifi: cfg80211: check A-MSDU format more carefully (Jose Ignacio Tornos Martinez) [RHEL-38754 RHEL-37345] {CVE-2024-35937} - ice: fix memory corruption bug with suspend and rebuild (Petr Oros) [RHEL-49858 RHEL-17486] {CVE-2024-35911} - ipv6: prevent possible NULL deref in fib6_nh_init() (Hangbin Liu) [RHEL-48182 RHEL-45826] {CVE-2024-40961} - netns: Make get_net_ns() handle zero refcount net (Paolo Abeni) [RHEL-48117 RHEL-46610] {CVE-2024-40958} - net: do not leave a dangling sk pointer, when socket creation fails (Paolo Abeni) [RHEL-48072 RHEL-46610] {CVE-2024-40954} - net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool() (CKI Backport Bot) [RHEL-47902] {CVE-2024-40928} - net: netlink: af_netlink: Prevent empty skb by adding a check on len. (Ivan Vecera) [RHEL-43619 RHEL-30344] {CVE-2021-47606} - bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (CKI Backport Bot) [RHEL-46921] {CVE-2024-39487} - nfs: fix panic when nfs4_ff_layout_prepare_ds() fails (Benjamin Coddington) [RHEL-42732 RHEL-34875] {CVE-2024-26868} - efi: fix panic in kdump kernel (Steve Best) [RHEL-42920 RHEL-36998] {CVE-2024-35800} - ipv6: fix potential 'struct net' leak in inet6_rtm_getaddr() (Hangbin Liu) [RHEL-41735 RHEL-31050] {CVE-2024-27417} - netfilter: nf_tables: do not compare internal table flags on updates (Florian Westphal) [RHEL-41682 RHEL-33985] {CVE-2024-27065} - ipv6: Fix potential uninit-value access in __ip6_make_skb() (Antoine Tenart) [RHEL-41466 RHEL-39786] {CVE-2024-36903} - netfilter: nf_tables: honor table dormant flag from netdev release event path (Florian Westphal) [RHEL-40056 RHEL-33985] {CVE-2024-36005} - cifs: fix underflow in parse_server_interfaces() (Paulo Alcantara) [RHEL-34636 RHEL-31245] {CVE-2024-26828} - drm/i915/audio: Fix audio time stamp programming for DP (CKI Backport Bot) [RHEL-45843] - platform/x86: wmi: Fix opening of char device (David Arcari) [RHEL-42548 RHEL-38260] {CVE-2023-52864} - platform/x86: wmi: remove unnecessary initializations (David Arcari) [RHEL-42548 RHEL-38260] {CVE-2023-52864} - rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation (CKI Backport Bot) [RHEL-43170] {CVE-2024-36017} - netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain (Florian Westphal) [RHEL-40062 RHEL-33985] {CVE-2024-26808} - ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr (Jiri Benc) [RHEL-39017 RHEL-32372] {CVE-2024-35969} - netfilter: nf_tables: flush pending destroy work before exit_net release (Florian Westphal) [RHEL-38765 RHEL-33985] {CVE-2024-35899} - vt: fix unicode buffer corruption when deleting characters (Andrew Halaney) [RHEL-42947 RHEL-24205] {CVE-2024-35823} [5.14.0-427.29.1_4] - net: Avoid address overwrite in kernel_connect (Davide Caratti) [RHEL-45728 RHEL-30875] - net: replace calls to sock->ops->connect() with kernel_connect() (Davide Caratti) [RHEL-45728 RHEL-33410] - i40e: fix vf may be used uninitialized in this function warning (Kamal Heib) [RHEL-41638 RHEL-39704] {CVE-2024-36020} - cifs: translate network errors on send to -ECONNABORTED (Jay Shin) [RHEL-47047 RHEL-31245] - wifi: brcmfmac: pcie: handle randbuf allocation failure (Jose Ignacio Tornos Martinez) [RHEL-44132] {CVE-2024-38575} - wifi: iwlwifi: mvm: guard against invalid STA ID on removal (Jose Ignacio Tornos Martinez) [RHEL-43208 RHEL-39803] {CVE-2024-36921} - wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes (Jose Ignacio Tornos Martinez) [RHEL-42906 RHEL-36809] {CVE-2024-35789} - wifi: iwlwifi: mvm: don't set the MFP flag for the GTK (Jose Ignacio Tornos Martinez) [RHEL-42886 RHEL-36900] {CVE-2024-27434} - wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work (Jose Ignacio Tornos Martinez) [RHEL-42860 RHEL-35142] {CVE-2024-27052} - wifi: mt76: mt7925e: fix use-after-free in free_irq() (Jose Ignacio Tornos Martinez) [RHEL-42856 RHEL-35148] {CVE-2024-27049} - wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete (Jose Ignacio Tornos Martinez) [RHEL-42743 RHEL-34187] {CVE-2024-26897} - wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (Jose Ignacio Tornos Martinez) [RHEL-42383 RHEL-35199] {CVE-2023-52651} - net: core: reject skb_copy(_expand) for fraglist GSO skbs (Xin Long) [RHEL-41402 RHEL-39781] {CVE-2024-36929} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-26853 CVE-2024-27049 CVE-2024-38391 CVE-2024-26828 CVE-2024-35852 CVE-2024-26868 CVE-2024-36929 CVE-2024-37353 CVE-2024-27052 CVE-2024-36017 CVE-2024-36921 CVE-2024-35789 CVE-2024-40928 CVE-2023-52651 CVE-2024-21823 CVE-2024-36005 CVE-2024-38575 CVE-2024-35845 CVE-2024-27065 CVE-2024-36903 CVE-2024-37356 CVE-2021-47606 CVE-2024-26897 CVE-2024-36489 CVE-2024-36020 CVE-2024-27434 CVE-2024-36941 CVE-2024-26600 CVE-2023-52864 CVE-2024-39487 CVE-2024-26808 CVE-2024-27417 CVE-2024-40961 CVE-2024-35800 CVE-2024-35848 CVE-2024-40954 CVE-2024-35911 CVE-2024-40958 CVE-2024-35937 CVE-2024-35969 CVE-2024-36971 CVE-2024-35823 CVE-2024-35899 CVE-2024-38558 CVE-2024-36922 CVE-2024-33621 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_patch Oracle Linux 9 [115.14.0-1.0.1] - Add Oracle prefs [115.14.0] - Add OpenELA debranding [115.14.0-1] - Update to 115.14.0 build1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-7519 CVE-2024-7527 CVE-2024-7520 CVE-2024-7522 CVE-2024-7528 CVE-2024-7518 CVE-2024-7521 CVE-2024-7525 CVE-2024-7529 CVE-2024-7526 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [7.76.1-29.el9_4.1] - provide common cleanup method for push headers (CVE-2024-2398) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-2398 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [68.2.2-3.1] - Security fix for CVE-2024-6345 Resolves: RHEL-50481 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-6345 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [53.0.0-12.1] - Security fix for CVE-2024-6345 Resolves: RHEL-50466 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-6345 cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [7.1.8.1-14.0.1] - Replace colors with Oracle colors [Orabug: 32120093] - Added the --with-hamcrest option to configure. [7.1.8.1] - Remove Red Hat branding - Change vendor to RESF [1:7.1.8.1-14] - Fix CVE-2024-6472 remove ability to trust not validated macro signatures in high security MODERATE Copyright 2024 Oracle, Inc. CVE-2024-6472 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1:9.0.87-1.el9_4.2] - Resolves: RHEL-46162 tomcat: Improper Handling of Exceptional Conditions (CVE-2024-34750) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-34750 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 nodejs [1:20.16.0-1] - Update to 20.16.0 Fixes: CVE-2024-36137 CVE-2024-22018 CVE-2024-22020 nodejs-nodemon nodejs-packaging MODERATE Copyright 2024 Oracle, Inc. CVE-2024-36137 CVE-2024-22020 CVE-2024-22018 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:4:appstream_patch cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [5.14.0-427.33.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates [5.14.0-427.33.1_4] - bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (Kamal Heib) [RHEL-44287] {CVE-2024-38540} - netfilter: flowtable: validate pppoe header (Florian Westphal) [RHEL-44430 RHEL-33469] {CVE-2024-27016} - crypto: bcm - Fix pointer arithmetic (cki-backport-bot) [RHEL-44116] {CVE-2024-38579} - udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). (CKI Backport Bot) [RHEL-51035 RHEL-51033] {CVE-2024-41041} - netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (Florian Westphal) [RHEL-42832 RHEL-33985] {CVE-2024-27019} - netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV (Florian Westphal) [RHEL-42832 RHEL-33985] - netfilter: nf_tables: NULL pointer dereference in nf_tables_updobj() (Florian Westphal) [RHEL-42832 RHEL-33985] - netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path (Florian Westphal) [RHEL-41802 RHEL-33985] {CVE-2024-26925} - netfilter: nf_tables: discard table flag update with pending basechain deletion (Florian Westphal) [RHEL-40231 RHEL-33985] {CVE-2024-35897} - netfilter: nf_tables: reject table flag and netdev basechain updates (Florian Westphal) [RHEL-40231 RHEL-33985] - netfilter: bridge: replace physindev with physinif in nf_bridge_info (Florian Westphal) [RHEL-42966 RHEL-37040] {CVE-2024-35839} - netfilter: propagate net to nf_bridge_get_physindev (Florian Westphal) [RHEL-42966 RHEL-37040] {CVE-2024-35839} - netfilter: nfnetlink_log: use proper helper for fetching physinif (Florian Westphal) [RHEL-42966 RHEL-37040] {CVE-2024-35839} - netfilter: nf_queue: remove excess nf_bridge variable (Florian Westphal) [RHEL-42966 RHEL-37040] {CVE-2024-35839} - netfilter: nft_limit: reject configurations that cause integer overflow (Florian Westphal) [RHEL-40065 RHEL-33985] {CVE-2024-26668} - scsi: qedi: Fix crash while reading debugfs attribute (CKI Backport Bot) [RHEL-48339] {CVE-2024-40978} - mm/huge_memory: don't unpoison huge_zero_folio (Aristeu Rozanski) [RHEL-47804] {CVE-2024-40914} - tipc: force a dst refcount before doing decryption (Xin Long) [RHEL-48375 RHEL-6118] {CVE-2024-40983} - netfilter: nft_set_rbtree: skip end interval element from gc (Florian Westphal) [RHEL-41265] {CVE-2024-26581} - nvmet: fix a possible leak when destroy a ctrl during qp establishment (CKI Backport Bot) [RHEL-52021 RHEL-52019 RHEL-52020] {CVE-2024-42152} - net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (CKI Backport Bot) [RHEL-51756] {CVE-2024-42110} - netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (Florian Westphal) [RHEL-40265 RHEL-33985] {CVE-2024-35898} - netfilter: br_netfilter: remove WARN traps (CKI Backport Bot) [RHEL-42882] {CVE-2024-27415} - netfilter: br_netfilter: skip conntrack input hook for promisc packets (CKI Backport Bot) [RHEL-42882] {CVE-2024-27415} - netfilter: bridge: confirm multicast packets before passing them up the stack (CKI Backport Bot) [RHEL-42882] {CVE-2024-27415} - netfilter: nf_conntrack_bridge: initialize err to 0 (CKI Backport Bot) [RHEL-42882] {CVE-2024-27415} - netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (Florian Westphal) [RHEL-42842 RHEL-33985] {CVE-2024-27020} [5.14.0-427.32.1_4] - REDHAT: Makefile, dont reset dist-git-tmp if set (Lucas Zampieri) - net/mlx5e: Fix netif state handling (Benjamin Poirier) [RHEL-43872 RHEL-43870] {CVE-2024-38608} - net/mlx5e: Add wrapping for auxiliary_driver ops and remove unused args (Benjamin Poirier) [RHEL-43872 RHEL-43870] {CVE-2024-38608} - tun: add missing verification for short frame (Patrick Talbert) [RHEL-50202 RHEL-50203] {CVE-2024-41091} - tap: add missing verification for short frame (Patrick Talbert) [RHEL-50264 RHEL-50265] {CVE-2024-41090} - vfio/pci: Lock external INTx masking ops (Alex Williamson) [RHEL-43421 RHEL-30023] {CVE-2024-26810} - net: bridge: xmit: make sure we have at least eth header len bytes (cki-backport-bot) [RHEL-44299] {CVE-2024-38538} - KVM: arm64: Ensure target address is granule-aligned for range TLBI (Sebastian Ott) [RHEL-52248 RHEL-31215] - RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt (cki-backport-bot) [RHEL-44250] {CVE-2024-38544} - NFSv4: Fix memory leak in nfs4_set_security_label (CKI Backport Bot) [RHEL-52082] {CVE-2024-41076} - md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING (Nigel Croxon) [RHEL-46421 RHEL-35393] {CVE-2024-39476} - KVM: s390: fix LPSWEY handling (CKI Backport Bot) [RHEL-50074] - cxl/port: Fix delete_endpoint() vs parent unregistration race (John W. Linville) [RHEL-39290 RHEL-23582] {CVE-2023-52771} - net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() (Petr Oros) [RHEL-49862 RHEL-17486] {CVE-2024-26855} - ice: fix LAG and VF lock dependency in ice_reset_vf() (Petr Oros) [RHEL-49820 RHEL-17486] {CVE-2024-36003} - net: wwan: iosm: Fix tainted pointer delete is case of region creation fail (Jose Ignacio Tornos Martinez) [RHEL-47992 RHEL-9429] {CVE-2024-40939} - wifi: cfg80211: Lock wiphy in cfg80211_get_station (CKI Backport Bot) [RHEL-47770] {CVE-2024-40911} - wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() (CKI Backport Bot) [RHEL-47788] {CVE-2024-40912} - wifi: iwlwifi: mvm: check n_ssids before accessing the ssids (CKI Backport Bot) [RHEL-47920] {CVE-2024-40929} - wifi: iwlwifi: mvm: don't read past the mfuart notifcation (CKI Backport Bot) [RHEL-48028] {CVE-2024-40941} - seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors (Hangbin Liu) [RHEL-48098 RHEL-45826] {CVE-2024-40957} - ipv6: fix possible race in __fib6_drop_pcpu_from() (Hangbin Liu) [RHEL-47572 RHEL-45826] {CVE-2024-40905} - redhat/configs: Enable CONFIG_DRM_MGAG200_DISABLE_WRITECOMBINE (Jocelyn Falempe) [RHEL-39581 RHEL-28760] - drm/mgag200: Add an option to disable Write-Combine (Jocelyn Falempe) [RHEL-39581 RHEL-28760] - drm/mgag200: Fix caching setup for remapped video memory (Scott Weaver) [RHEL-39581 RHEL-24102] - Revert 'drm/mgag200: Flush the cache to improve latency' (Scott Weaver) [RHEL-39581 RHEL-28760] - net: psample: fix flag being set in wrong skb (Adrian Moreno) [RHEL-47275] - net: openvswitch: store sampling probability in cb. (Adrian Moreno) [RHEL-47275] - net: openvswitch: add psample action (Adrian Moreno) [RHEL-47275] - net: psample: allow using rate as probability (Adrian Moreno) [RHEL-47275] - net: psample: skip packet copy if no listeners (Adrian Moreno) [RHEL-47275] - net: psample: add user cookie (Adrian Moreno) [RHEL-47275] - i40e: fix: remove needless retries of NVM update (CKI Backport Bot) [RHEL-48169 RHEL-36692] - ice: Reject pin requests with unsupported flags (Petr Oros) [RHEL-50388 RHEL-17486] - ice: Don't process extts if PTP is disabled (Petr Oros) [RHEL-50388 RHEL-17486] - ice: Fix improper extts handling (Petr Oros) [RHEL-50388 RHEL-17486] - ice: stop destroying and reinitalizing Tx tracker during reset (Petr Oros) [RHEL-50388 RHEL-17486] - ice: factor out ice_ptp_rebuild_owner() (Petr Oros) [RHEL-50388 RHEL-17486] - ice: rename ice_ptp_tx_cfg_intr (Petr Oros) [RHEL-50388 RHEL-17486] - ice: don't check has_ready_bitmap in E810 functions (Petr Oros) [RHEL-50388 RHEL-17486] - ice: rename verify_cached to has_ready_bitmap (Petr Oros) [RHEL-50388 RHEL-17486] - ice: pass reset type to PTP reset functions (Petr Oros) [RHEL-50388 RHEL-17486] - ice: introduce PTP state machine (Petr Oros) [RHEL-50388 RHEL-17486] - ice: make RX HW timestamp reading code more reusable (Petr Oros) [RHEL-50388 RHEL-17486] - ice: Rename E822 to E82X (Petr Oros) [RHEL-50388 RHEL-17486] - ice: periodically kick Tx timestamp interrupt (Petr Oros) [RHEL-50388 RHEL-17486] - ice: Re-enable timestamping correctly after reset (Petr Oros) [RHEL-50388 RHEL-17486] - ptp: introduce helpers to adjust by scaled parts per million (Petr Oros) [RHEL-50388 RHEL-17486] - tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (Andrew Halaney) [RHEL-42566 RHEL-24205] {CVE-2023-52880} - netfilter: complete validation of user input (Phil Sutter) [RHEL-47384 RHEL-37212] {CVE-2024-35962} - netfilter: validate user input for expected length (Phil Sutter) [RHEL-41668 RHEL-37212] {CVE-2024-35896} - scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() (Ewan D. Milne) [RHEL-40051 RHEL-39719] {CVE-2024-36025} - x86/xen: Add some null pointer checking to smp.c (Vitaly Kuznetsov) [RHEL-37615 RHEL-33260] {CVE-2024-26908} - x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (Prarit Bhargava) [RHEL-37615 RHEL-25415] IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-27415 CVE-2024-40914 CVE-2024-40978 CVE-2024-26925 CVE-2024-39476 CVE-2024-42152 CVE-2024-40983 CVE-2024-36003 CVE-2024-40905 CVE-2024-41091 CVE-2023-52880 CVE-2024-35898 CVE-2024-35897 CVE-2024-40929 CVE-2024-27020 CVE-2024-38538 CVE-2024-26855 CVE-2024-27019 CVE-2024-36025 CVE-2024-40911 CVE-2024-41041 CVE-2024-40941 CVE-2024-38579 CVE-2024-40912 CVE-2024-40957 CVE-2024-26810 CVE-2024-35896 CVE-2024-27016 CVE-2024-41090 CVE-2024-26908 CVE-2024-35839 CVE-2023-52771 CVE-2024-26581 CVE-2024-35962 CVE-2024-26668 CVE-2024-38608 CVE-2024-38544 CVE-2024-41076 CVE-2024-38540 CVE-2024-42110 CVE-2024-40939 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_patch Oracle Linux 9 pgaudit pg_repack postgres-decoderbufs postgresql [16.4-1] - Update to 16.4 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-4317 CVE-2024-7348 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [13.16-1.0.1] - Remove non ASCII character from changelog date [13.16-1] - Update to 13.16 [13.14-2] - Remove /var/run/postgresql - Related: RHEL-25756 [13.14-1] - Update to 13.14 - Fix CVE-2024-0985 [13.13-1] - Update to 13.13 - Fixes CVE-2023-5868, CVE-2023-5869, CVE-2023-5870, and CVE-2023-39417 - Resolves: RHEL-5567 [13.11-1] - Update to 13.11 - Resolves: #2207935 * Tue Feb 28 2023 Filip Janus <fjanus@redhat.com> - 13.10-1 - Update to 13.10 - Resolves: #2114734 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-7348 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 pgaudit [1.7.0-1] - Initial import for postgresql 15 module - Update to 1.7.0 - Support postgresql 15 - Related: #2128410 pg_repack postgres-decoderbufs [1.9.7-1.Final] - Iitial import for postgresql 15 stream - Related: #2128410 postgresql [15.8-1] - Update to 15.8 [15.6-3] - Remove /var/run/postgresql - Related: RHEL-51271 [15.6-2] - Enable lz4 and zstd support [15.6-1] - Update to 15.6 and 13.14 - Fix CVE-2024-0985 [15.5-1] - update to 15.5 - Fixes CVE-2023-5868, CVE-2023-5869, CVE-2023-5870, CVE-2023-39417, and CVE-2023-39418 [15.3-1] - update to 15.3 - Fixes CVE-2023-2454 and CVE-2023-2455 Resolves: #2214875 [15.2-1] - update to 15.2 - Resolves: #2128410 [15.0-2] - update postgresql-setup to 8.8 [15.0-1] - Initial import for postgresql 15 - Resolves: #2128410 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-7348 CVE-2024-4317 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9:3:appstream_base Oracle Linux 9 [3.12.1-4.3] - Security fix for CVE-2024-8088 Resolves: RHEL-55964 [3.12.1-4.2] - Security fix for CVE-2024-6923 Resolves: RHEL-53087 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-6923 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 nodejs [1:18.20.4-1] - Update to 18.20.4 Fixes: CVE-2024-22020 CVE-2024-28863 nodejs-nodemon nodejs-packaging MODERATE Copyright 2024 Oracle, Inc. CVE-2024-22020 CVE-2024-28863 cpe:/a:oracle:linux:9::appstream_developer cpe:/a:oracle:linux:9:2:appstream_base cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:2:appstream_patch cpe:/a:oracle:linux:9:1:appstream_base cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:3:appstream_base cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [1.26.5-5.1] - Security fix for CVE-2024-37891 - Backport upstream patch to fix TypeError for http connection if the PoolManager - is instantiated with server_hostname Resolves: RHEL-49853 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-37891 cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [3.9.18-3.5] - Security fix for CVE-2024-8088 Resolves: RHEL-55968 [3.9.18-3.4] - Security fix for CVE-2024-6923 Resolves: RHEL-53044 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-6923 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_patch Oracle Linux 9 [1.21.1-2.0.1] - Fixed race condition in krb5_set_password() [Orabug: 33609767] [1.21.1-2] - CVE-2024-37370 CVE-2024-37371 Fix vulnerabilities in GSS message token handling Resolves: RHEL-45401 RHEL-45390 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-37370 CVE-2024-37371 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [3.11.7-1.5] - Security fix for CVE-2024-8088 Resolves: RHEL-55960 [3.11.7-1.4] - Security fix for CVE-2024-6923 Resolves: RHEL-53037 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-6923 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [0.4.31-7] - Add patch for CVE-2024-40897 - Resolves: RHEL-50701 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-40897 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1:1.4.0-5] - rebuild for CVE-2024-24783 - Resolves: RHEL-28431 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-24783 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [6:0.7.3-5] - rebuild for CVE-2024-24783 - Resolves: RHEL-28435 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-24783 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [4:1.1.12-4] - rebuild for CVE-2024-24783 - Resolves: RHEL-28439 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-24783 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1.33.7-4.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178] [2:1.33.7-4] - rebuild for CVE-2024-24783 - Resolves: RHEL-28428 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-24783 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1.21.1-8] - Resolves: RHEL-43226 - Misinterpretation of input may lead to improper behavior MODERATE Copyright 2024 Oracle, Inc. CVE-2024-38428 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [4.9.4-10.0.1] - Fixes issue of podman execvp error while using podmansh [Orabug: 36073625] - Improved saving remote build context to tarfile in Podman daemon [Orabug: 36495655] - Add devices on container startup, not on creation - Backport fast gzip for compression [Orabug: 36420418] - overlay: Put should ignore ENINVAL for Unmount [Orabug: 36234694] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404] [4:4.9.4-10] - update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/6b45bb1) - Resolves: RHEL-53250 [4:4.9.4-9] - update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/1a2d8e3) - Resolves: RHEL-50507 [4:4.9.4-8] - update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/affa589) - Resolves: RHEL-45916 [4:4.9.4-7] - update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/8fa0c76) - Resolves: RHEL-40804 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-6104 CVE-2024-37298 CVE-2024-24783 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [2:1.14.5-1] - update to the latest content of https://github.com/containers/skopeo/tree/release-1.14 (https://github.com/containers/skopeo/commit/072072b) - Resolves: RHEL-40805 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-24783 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [9.54.0-17] - RHEL-44759 CVE-2024-33870 ghostscript: path traversal to arbitrary files if the current directory is in the permitted paths - RHEL-44745 CVE-2024-33869 ghostscript: path traversal and command execution due to path reduction - RHEL-44731 CVE-2024-29510 ghostscript: format string injection leads to shell command execution (SAFER bypass) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-29510 CVE-2024-33870 CVE-2024-33869 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 bubblewrap [0.4.1-7] - Add support for --bind-fd and --ro-bind-fd (CVE-2024-42472) flatpak [1.12.9-3] - Fix previous changelog entry [1.12.9-2] - Backport upstream patches for CVE-2024-42472 - Require bubblewrap version that has new --bind-fd option backported for addressing CVE-2024-42472 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-42472 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_patch Oracle Linux 9 [2.68.4-14.1] - Fix CVE-2024-34397, signal subscription vulnerabilities - Resolves: RHEL-56979 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-34397 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_patch Oracle Linux 9 [1:27.2-10] - org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code (CVE-2024-39331) - Disable xwidgets (RHEL-33447) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-39331 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1:2.3.16-11.1] - fix CVE-2024-23184: using a large number of address headers may trigger a denial of service (RHEL-55211) - fix CVE-2024-23185: very large headers can cause resource exhaustion when parsing message (RHEL-55225) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-23185 CVE-2024-23184 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [5.14.0-427.35.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates [5.14.0-427.35.1_4] - usb-storage: alauda: Check whether the media is initialized (CKI Backport Bot) [RHEL-43716] {CVE-2024-38619} - ceph: force sending a cap update msg back to MDS for revoke op (Xiubo Li) [RHEL-55437] - ceph: periodically flush the cap releases (Xiubo Li) [RHEL-55437] - mm: avoid overflows in dirty throttling logic (Jay Shin) [RHEL-51848 RHEL-50004] {CVE-2024-42131} - Revert 'mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again' (Jay Shin) [RHEL-51701 RHEL-50004] {CVE-2024-42102} - mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again (Jay Shin) [RHEL-42628 RHEL-5619] {CVE-2024-26720} - net: fix out-of-bounds access in ops_init (Paolo Abeni) [RHEL-43188 RHEL-46610] {CVE-2024-36883} - nvme: avoid double free special payload (CKI Backport Bot) [RHEL-51311] {CVE-2024-41073} - kernfs: change kernfs_rename_lock into a read-write lock (Jay Shin) [RHEL-55253 RHEL-52956] - kernfs: Separate kernfs_pr_cont_buf and rename_lock (Jay Shin) [RHEL-55253 RHEL-52956] - kernfs: fix missing kernfs_iattr_rwsem locking (Jay Shin) [RHEL-55253 RHEL-52956] - kernfs: Use a per-fs rwsem to protect per-fs list of kernfs_super_info (Jay Shin) [RHEL-55253 RHEL-52956] - kernfs: Introduce separate rwsem to protect inode attributes (Jay Shin) [RHEL-55253 RHEL-52956] - xhci: Handle TD clearing for multiple streams case (CKI Backport Bot) [RHEL-47894 RHEL-47892] {CVE-2024-40927} - Bluetooth: af_bluetooth: Fix deadlock (Bastien Nocera) [RHEL-34161] {CVE-2024-26886} - xdp: Remove WARN() from __xdp_reg_mem_model() (CKI Backport Bot) [RHEL-51586] {CVE-2024-42082} - nfsd: don't take fi_lock in nfsd_break_deleg_cb() (Benjamin Coddington) [RHEL-42578 RHEL-34875] - nfsd: fix RELEASE_LOCKOWNER (Benjamin Coddington) [RHEL-42578 RHEL-34875] {CVE-2024-26629} - net: bridge: mst: fix suspicious rcu usage in br_mst_set_state (CKI Backport Bot) [RHEL-43729 RHEL-43727] - net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state (CKI Backport Bot) [RHEL-43729 RHEL-43727] - net: bridge: mst: fix vlan use-after-free (cki-backport-bot) [RHEL-43729] {CVE-2024-36979} - efivarfs: force RO when remounting if SetVariable is not supported (Pavel Reichl) [RHEL-42343 RHEL-26588] {CVE-2023-52463} - ACPI: arm64: export acpi_arch_thermal_cpufreq_pctg() (Charles Mirabile) [RHEL-34234 RHEL-1697] - ACPI: processor: reduce CPUFREQ thermal reduction pctg for Tegra241 (Charles Mirabile) [RHEL-34234 RHEL-1697] - ACPI: thermal: Add Thermal fast Sampling Period (_TFP) support (Scott Weaver) [RHEL-34234 RHEL-1697] [5.14.0-427.34.1_4] - mm: prevent derefencing NULL ptr in pfn_section_valid() (Jarod Wilson) [RHEL-51140 RHEL-51138] {CVE-2024-41055} - mm, kmsan: fix infinite recursion due to RCU critical section (Jarod Wilson) [RHEL-51140 RHEL-51138] {CVE-2024-41055} - ppp: reject claimed-as-LCP but actually malformed packets (CKI Backport Bot) [RHEL-51061 RHEL-51059] {CVE-2024-41044} - x86: stop playing stack games in profile_pc() (CKI Backport Bot) [RHEL-51651] {CVE-2024-42096} - PCI/MSI: Fix UAF in msi_capability_init (CKI Backport Bot) [RHEL-51438] {CVE-2024-41096} - iommufd: Fix missing update of domains_itree after splitting iopt_area (Jerry Snitselaar) [RHEL-42518 RHEL-28780] {CVE-2023-52801} - mm: cachestat: fix folio read-after-free in cache walk (Nico Pache) [RHEL-41739 RHEL-5619] {CVE-2024-26630} - regmap: maple: Fix cache corruption in regcache_maple_drop() (Jaroslav Kysela) [RHEL-43179 RHEL-39706] {CVE-2024-36019} - mm: cachestat: fix two shmem bugs (Nico Pache) [RHEL-36912] {CVE-2024-35797} - kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address (Steve Best) [RHEL-42778 RHEL-34985] {CVE-2024-26946} - mm/hugetlb: fix missing hugetlb_lock for resv uncharge (Rafael Aquini) [RHEL-43132 RHEL-37467] {CVE-2024-36000} - rbd: don't assume rbd_is_lock_owner() for exclusive mappings (Ilya Dryomov) [RHEL-52675 RHEL-50366] - rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings (Ilya Dryomov) [RHEL-52675 RHEL-50366] - rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (Ilya Dryomov) [RHEL-52675 RHEL-50366] - gpio: tegra186: Fix tegra186_gpio_is_accessible() check (Charles Mirabile) [RHEL-49347 RHEL-32452] - net/sched: Fix UAF when resolving a clash (CKI Backport Bot) [RHEL-51022 RHEL-51020] {CVE-2024-41040} - KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() (Maxim Levitsky) [RHEL-41462 RHEL-32430] {CVE-2024-35791} - cxl/region: Fix memregion leaks in devm_cxl_add_region() (John W. Linville) [RHEL-47965 RHEL-23582] {CVE-2024-40936} - x86/coco: Require seeding RNG with RDRAND on CoCo systems (Lenny Szubowicz) [RHEL-42986 RHEL-37269] {CVE-2024-35875} - scsi: qedf: Ensure the copied buf is NUL terminated (cki-backport-bot) [RHEL-44203] {CVE-2024-38559} MODERATE Copyright 2024 Oracle, Inc. CVE-2024-41096 CVE-2024-42082 CVE-2024-42131 CVE-2023-52801 CVE-2024-26720 CVE-2024-35791 CVE-2024-40927 CVE-2023-52463 CVE-2024-36883 CVE-2024-36979 CVE-2024-38619 CVE-2024-40936 CVE-2024-26629 CVE-2024-26946 CVE-2024-42096 CVE-2024-38559 CVE-2024-26630 CVE-2024-41055 CVE-2024-35797 CVE-2024-36000 CVE-2024-41044 CVE-2024-36019 CVE-2024-41073 CVE-2024-42102 CVE-2024-41040 CVE-2024-26886 CVE-2024-35875 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_patch Oracle Linux 9 [128.2.0-1.0.2] - Fix firefox-oracle-default-prefs.js for new nss [Orabug: 37079773] [128.2.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [128.2.0] - Add debranding patches (Mustafa Gezen) - Add OpenELA default preferences (Louis Abel) [128.2.0-1] - Update to 128.2.0 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-8382 CVE-2024-7652 CVE-2024-8381 CVE-2024-8384 CVE-2024-8383 CVE-2024-8385 CVE-2024-8387 CVE-2024-8386 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [128.2.0-1.0.2] - Fix prefs for new nss [Orabug: 37079813] [128.2.0-1.0.1] - Add Oracle prefs [128.2.0] - Add OpenELA debranding [128.2.0-1] - Update to 128.2.0 [128.1.1-2] - Update to 128.1.1 [128.0-1] - Update to 128.0 final [128.0b4-1] - Update to 128.0b4 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-8382 CVE-2024-8386 CVE-2024-8387 CVE-2024-8381 CVE-2024-8385 CVE-2024-8394 CVE-2024-7652 CVE-2024-8384 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [4.10.0-62.5] - bundled setuptools: fix CVE-2024-6345 Resolves: RHEL-49657 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-6345 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::addons Oracle Linux 9 [2.5.0-2.1] - Fix multiple CVEs - Fix CVE-2024-45492 integer overflow - Fix CVE-2024-45491 Integer Overflow or Wraparound - Fix CVE-2024-45490 Negative Length Parsing Vulnerability - Resolves: RHEL-57510 - Resolves: RHEL-57497 - Resolves: RHEL-56763 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-45492 CVE-2024-45490 CVE-2024-45491 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 [1.18.1-4.0.1] - Add new content to nbd_connect_uri.pod [1.18.1-4] - Fix CVE-2024-7383 NBD server improper certificate validation resolves: RHEL-52730 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-7383 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [3.0.7-28.0.1] - Drop OpenELA branding, apply Oracle branding patches - Enable openssl-fips-provider dependency [Orabug: 36504822] - Temporary disable openssl-fips-provider dependency [Orabug: 36504822] - Replace upstream references [Orabug: 34340177] [1:3.0.7-28] - Patch for CVE-2024-6119 Resolves: RHEL-55340 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-6119 cpe:/a:oracle:linux:9::appstream cpe:/o:oracle:linux:9:4:baseos_patch cpe:/o:oracle:linux:9::baseos_latest Oracle Linux 9 ruby [3.3.5-3] - Upgrade to Ruby 3.3.5 Resolves: RHEL-57576 - Fix DoS vulnerability in rexml. (CVE-2024-39908) (CVE-2024-41946) (CVE-2024-43398) Resolves: RHEL-57573 Resolves: RHEL-57570 Resolves: RHEL-57578 - Fix REXML DoS when parsing an XML having many specific characters such as whitespace character, >] and ]>. (CVE-2024-41123) Resolves: RHEL-57567 - Fix incorrect symlink for rubygem-irb's library. Resolves: RHEL-57597 [3.3.1-2] - Upgrade to Ruby 3.3.1. Resolves: RHEL-37697 - Fix buffer overread vulnerability in StringIO. (CVE-2024-27280) Resolves: RHEL-37699 - Fix RCE vulnerability with .rdoc_options in RDoc. (CVE-2024-27281) Resolves: RHEL-37696 - Fix Arbitrary memory address read vulnerability with Regex search. (CVE-2024-27282) Resolves: RHEL-37698 [3.3.0-1] - Upgrade to Ruby 3.3.0. Resolves: RHEL-17089 [3.1.2-142] - Bypass git submodule test failure on Git >= 2.38.1. - Fix tests with Europe/Amsterdam pre-1970 time on tzdata version 2022b. - Fix for tzdata-2022g. - Fix OpenSSL.fips_mode and OpenSSL::PKey.read in OpenSSL 3 FIPS. Resolves: RHEL-5590 - ssl: use ffdhe2048 from RFC 7919 as the default DH group parameters Related: RHEL-5590 - Disable fiddle tests that use FFI closures. Related: RHEL-5590 rubygem-mysql2 [0.5.5-1] - Upgrade to mysql2 0.5.5. Related: RHEL-17089 rubygem-pg [1.5.4-1] - Upgrade to pg 1.5.4. Related: RHEL-17089 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-41123 CVE-2024-41946 CVE-2024-43398 CVE-2024-39908 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9:4:appstream_base cpe:/a:oracle:linux:9:4:appstream_patch Oracle Linux 9 [6.2.0-5.0.1] - Fixed libpcp derived metric issue for ol9 [Orabug: 36538820] [6.2.0-5] - Fix buffer sizing checks in pmstore PDU handling (RHEL-57805) - Guard against symlink attacks in pmpost program (RHEL-57810) - Fix libpcp_web webgroup slow request refcounting (RHEL-58306) - Updated pmdahacluster for newer crm_mon versions (RHEL-50693) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-45769 CVE-2024-45770 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1.21.13-3] - Related: RHEL-58226 [1.21.13-2] - Rebuild Go with CVE Fixes - Remove fix-memleak-setupRSA.patch (exists upstream) - Resolves: RHEL-58226 - Resolves: RHEL-57962 - Resolves: RHEL-57848 - Resolves: RHEL-57865 [1.21.13-1] - Rebase to Go1.21.13 to pick the fix for CVE-2024-24791 - Technically Go1.21.12 contains the fix for the CVE but there was another latest release so rebasing to that - Resolves: RHEL-53547 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-34156 CVE-2024-24791 CVE-2024-34155 CVE-2024-34158 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [5.1.1-3] - Resolves RHEL-57930: CVE-2024-34156 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-34156 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [9.2.10-17] - Resolves RHEL-57925: CVE-2024-34156 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-34156 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [5.14.0-427.37.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates [5.14.0-427.37.1_4] - ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses (CKI Backport Bot) [RHEL-42783] {CVE-2024-26947} - powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV (Mamatha Inamdar) [RHEL-45537 RHEL-25055] - tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (Steve Best) [RHEL-40517 RHEL-39354] {CVE-2024-36016} - smb: client: set correct id, uid and cruid for multiuser automounts (Jay Shin) [RHEL-47260 RHEL-31245] - printk: printk.c: Disable per_console_kthreads on !CONFIG_PREEMPT_RT (Derek Barbosa) [RHEL-39064] - uio: Fix use-after-free in uio_open (Ricardo Robaina) [RHEL-41275 RHEL-26233] {CVE-2023-52439} - gpiolib: cdev: Fix use after free in lineinfo_changed_notify (Steve Best) [RHEL-43192 RHEL-39849] {CVE-2024-36899} - wifi: mac80211: Avoid address calculations via out of bounds array indexing (CKI Backport Bot) [RHEL-51287 RHEL-51285] {CVE-2024-41071} - Input: cyapa - add missing input core locking to suspend/resume functions (cki-backport-bot) [RHEL-44455] {CVE-2023-52884} - net: usb: lan78xx: reorder cleanup operations to avoid UAF bugs (Jamie Bainbridge) [RHEL-34928 RHEL-33332] - lan78xx: Limit number of driver warning messages (Jamie Bainbridge) [RHEL-34928 RHEL-33332] - lan78xx: Fix race condition in disconnect handling (Jamie Bainbridge) [RHEL-34928 RHEL-33332] - lan78xx: Fix race conditions in suspend/resume handling (Jamie Bainbridge) [RHEL-34928 RHEL-33332] - lan78xx: Fix partial packet errors on suspend/resume (Jamie Bainbridge) [RHEL-34928 RHEL-33332] - lan78xx: Fix exception on link speed change (Jamie Bainbridge) [RHEL-34928 RHEL-33332] - lan78xx: Add missing return code checks (Jamie Bainbridge) [RHEL-34928 RHEL-33332] - lan78xx: Remove unused pause frame queue (Jamie Bainbridge) [RHEL-34928 RHEL-33332] - lan78xx: Set flow control threshold to prevent packet loss (Jamie Bainbridge) [RHEL-34928 RHEL-33332] - lan78xx: Remove unused timer (Jamie Bainbridge) [RHEL-34928 RHEL-33332] - lan78xx: Fix white space and style issues (Jamie Bainbridge) [RHEL-34928 RHEL-33332] - sctp: fix association labeling in the duplicate COOKIE-ECHO case (CKI Backport Bot) [RHEL-56745 RHEL-48647] - ice: xsk: fix txq interrupt mapping (Petr Oros) [RHEL-52771 RHEL-15670] - ice: add missing WRITE_ONCE when clearing ice_rx_ring::xdp_prog (Petr Oros) [RHEL-52771 RHEL-15670] - ice: improve updating ice_{t,r}x_ring::xsk_pool (Petr Oros) [RHEL-52771 RHEL-15670] - ice: toggle netif_carrier when setting up XSK pool (Petr Oros) [RHEL-52771 RHEL-15670] - ice: modify error handling when setting XSK pool in ndo_bpf (Petr Oros) [RHEL-52771 RHEL-15670] - ice: replace synchronize_rcu with synchronize_net (Petr Oros) [RHEL-52771 RHEL-15670] - ice: don't busy wait for Rx queue disable in ice_qp_dis() (Petr Oros) [RHEL-52771 RHEL-15670] - ice: respect netif readiness in AF_XDP ZC related ndo's (Petr Oros) [RHEL-52771 RHEL-15670] - ice: remove af_xdp_zc_qps bitmap (Petr Oros) [RHEL-52771 RHEL-17486] - ice: reorder disabling IRQ and NAPI in ice_qp_dis (Petr Oros) [RHEL-52771 RHEL-17486] - ice: make ice_vsi_cfg_txq() static (Petr Oros) [RHEL-52771 RHEL-17486] - ice: make ice_vsi_cfg_rxq() static (Petr Oros) [RHEL-52771 RHEL-17486] - ice: make use of DEFINE_FLEX() for struct ice_aqc_add_tx_qgrp (Petr Oros) [RHEL-52771 RHEL-17486] - xdp: reflect tail increase for MEM_TYPE_XSK_BUFF_POOL (Petr Oros) [RHEL-52771 RHEL-38863] - ice: update xdp_rxq_info::frag_size for ZC enabled Rx queue (Petr Oros) [RHEL-52771 RHEL-38863] - intel: xsk: initialize skb_frag_t::bv_offset in ZC drivers (Petr Oros) [RHEL-52771 RHEL-38863] - ice: remove redundant xdp_rxq_info registration (Petr Oros) [RHEL-52771 RHEL-38863] - ice: work on pre-XDP prog frag count (Petr Oros) [RHEL-52771 RHEL-38863] - xsk: fix usage of multi-buffer BPF helpers for ZC XDP (Petr Oros) [RHEL-52771 RHEL-38863] - xsk: make xsk_buff_pool responsible for clearing xdp_buff::flags (Petr Oros) [RHEL-52771 RHEL-38863] - xsk: recycle buffer in case Rx queue was full (Petr Oros) [RHEL-52771 RHEL-38863] - overflow: add DEFINE_FLEX() for on-stack allocs (Petr Oros) [RHEL-52771 RHEL-30138] - overflow: Add struct_size_t() helper (Petr Oros) [RHEL-52771 RHEL-30138] - bpf, sockmap: Prevent lock inversion deadlock in map delete elem (Felix Maurer) [RHEL-41479 RHEL-30107] {CVE-2024-35895} - xfs: allow SECURE namespace xattrs to use reserved block pool (CKI Backport Bot) [RHEL-54443 RHEL-49806] - platform/x86/intel-uncore-freq: Don't present root domain on error (David Arcari) [RHEL-43291 RHEL-38558] - platform/x86/intel-uncore-freq: Increase minor number support (David Arcari) [RHEL-43291 RHEL-38558] - platform/x86/intel-uncore-freq: Process read/write blocked feature status (David Arcari) [RHEL-43291 RHEL-38558] - platform/x86/intel/tpmi: Move TPMI ID definition (Steve Best) [RHEL-43291 RHEL-35956] - ice: fix VSI lists confusion when adding VLANs (CKI Backport Bot) [RHEL-57778 RHEL-20571] - ice: fix accounting for filters shared by multiple VSIs (CKI Backport Bot) [RHEL-57778 RHEL-20571] - ice: fix accounting if a VLAN already exists (CKI Backport Bot) [RHEL-57778 RHEL-17486] [5.14.0-427.36.1_4] - scsi: qla2xxx: Fix double free of fcport (Nilesh Javali) [RHEL-39547 RHEL-40034 RHEL-25184 RHEL-35020] {CVE-2024-26929} - scsi: qla2xxx: Fix double free of the ha->vp_map pointer (Nilesh Javali) [RHEL-39547 RHEL-41325 RHEL-25184 RHEL-35016] {CVE-2024-26930} - scsi: qla2xxx: Fix command flush on cable pull (Nilesh Javali) [RHEL-39547 RHEL-40029 RHEL-25184 RHEL-35012] {CVE-2024-26931} - net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket (Benjamin Coddington) [RHEL-53708 RHEL-53004] {CVE-2024-42246} - ice: Add netif_device_attach/detach into PF reset flow (CKI Backport Bot) [RHEL-56275 RHEL-56084] - wifi: mt76: replace skb_put with skb_put_zero (CKI Backport Bot) [RHEL-52368] {CVE-2024-42225} - cppc_cpufreq: Fix possible null pointer dereference (cki-backport-bot) [RHEL-44145] {CVE-2024-38573} - ring-buffer: Fix a race between readers and resize checks (cki-backport-bot) [RHEL-43920] {CVE-2024-38601} - fork: defer linking file vma until vma is fully initialized (Rafael Aquini) [RHEL-35617 RHEL-35022] {CVE-2024-27022} - ACPICA: Revert 'ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.' (CKI Backport Bot) [RHEL-48393 RHEL-48391] {CVE-2024-40984} - KVM: x86/mmu: x86: Don't overflow lpage_info when checking attributes (Maxim Levitsky) [RHEL-41345 RHEL-32430] {CVE-2024-26991} - net/sched: act_mirred: don't override retval if we already lost the skb (Davide Caratti) [RHEL-42644 RHEL-31724] {CVE-2024-26739} - net/sched: act_mirred: Create function tcf_mirred_to_dev and improve readability (Davide Caratti) [RHEL-42644 RHEL-32137] - cpufreq: exit() callback is optional (cki-backport-bot) [RHEL-43848] {CVE-2024-38615} - gfs2: Fix potential glock use-after-free on unmount (Andreas Gruenbacher) [RHEL-44157 RHEL-44155] {CVE-2024-38570} - gfs2: simplify gdlm_put_lock with out_free label (Andreas Gruenbacher) [RHEL-44157 RHEL-44155] {CVE-2024-38570} - gfs2: Remove ill-placed consistency check (Andreas Gruenbacher) [RHEL-44157 RHEL-44155] {CVE-2024-38570} - wifi: nl80211: Avoid address calculations via out of bounds array indexing (Jose Ignacio Tornos Martinez) [RHEL-46505 RHEL-34696] {CVE-2024-38562} IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-38573 CVE-2024-26931 CVE-2024-40984 CVE-2024-26991 CVE-2024-26929 CVE-2024-26930 CVE-2024-38615 CVE-2024-26739 CVE-2024-26947 CVE-2024-36899 CVE-2024-38601 CVE-2024-42246 CVE-2024-27022 CVE-2024-36016 CVE-2024-38562 CVE-2024-38570 CVE-2024-42225 CVE-2023-52884 CVE-2023-52439 CVE-2024-35895 CVE-2024-41071 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_patch Oracle Linux 9 [3.4.1-4] - Rebuild with new Golang - Resolves: RHEL-57920 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-34156 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [101-2.0.1] - Rebuild on new golang to address CVE-2024-34156 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-34156 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [5.9.1-13.0.1] - fix error index value when snmpget is used a proxy pass [Orabug: 35010262] [1:5.9.1-13.3] - fix CVE-2022-24805, CVE-2022-24806, CVE-2022-24807, CVE-2022-24808, CVE-2022-24809 and CVE-2022-24810 (RHEL-32062) MODERATE Copyright 2024 Oracle, Inc. CVE-2022-24805 CVE-2022-24806 CVE-2022-24807 CVE-2022-24809 CVE-2022-24810 CVE-2022-24808 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1.28.7-17.0.1] - header/footer not being printed in banner page. [Orabug: 28265099] (isaac.chen@oracle.com) - Fixes [Orabug: 29163824] source indentation not following convention (isaac.chen@oracle.com) [1.28.7-17] - fix rpmverify error [1.28.7-16] - CVE-2024-47175 cups-filters: remote command injection via attacker controlled data in PPD file - CVE-2024-47076 cups-filters: cfGetPrinterAttributes API does not perform sanitization on returned IPP attributes - CVE-2024-47176 cups-filters: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-47076 CVE-2024-47175 CVE-2024-47176 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [128.3.0-1.0.1] - Fix firefox-oracle-default-prefs.js for new nss [Orabug: 37079773] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [128.3.0] - Add debranding patches (Mustafa Gezen) - Add OpenELA default preferences (Louis Abel) [128.3.0-1] - Update to 128.3.0 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-9402 CVE-2024-9401 CVE-2024-9392 CVE-2024-9393 CVE-2024-9394 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1.21.13-4] - Fix CVE-2024-9355 - Resolves: RHEL-61046 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-9355 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [128.3.0-1.0.1] - Fix prefs for new nss [Orabug: 37079813] - Add Oracle prefs [128.3.0] - Add OpenELA debranding [128.3.0-1] - Update to 127.3.0 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-9399 CVE-2024-9396 CVE-2024-9402 CVE-2024-9403 CVE-2024-9393 CVE-2024-9401 CVE-2024-9392 CVE-2024-9400 CVE-2024-9397 CVE-2024-9398 CVE-2024-9394 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [6.0.135-1.0.1] - Add support for Oracle Linux [6.0.135-1] - Update to .NET SDK 6.0.135 and Runtime 6.0.35 - Resolves: RHEL-60798 [6.0.134-1] - Update to .NET SDK 6.0.134 and Runtime 6.0.34 - Resolves: RHEL-56683 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-43485 CVE-2024-43484 CVE-2024-43483 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [8.0.110-1.0.1] - Add support for Oracle Linux [8.0.110-1] - Update to .NET SDK 8.0.110 and Runtime 8.0.10 - Resolves: RHEL-60800 [8.0.109-1] - Update to .NET SDK 8.0.109 and Runtime 8.0.9 - Resolves: RHEL-56679 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-43484 CVE-2024-43485 CVE-2024-38229 CVE-2024-43483 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [128.3.1-2.0.1] - Fix firefox-oracle-default-prefs.js for new nss [Orabug: 37079773] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [128.3.1] - Add debranding patches (Mustafa Gezen) - Add OpenELA default preferences (Louis Abel) [128.3.1-1] - Update to 128.3.1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-9680 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [128.3.1-1.0.1] - Fix prefs for new nss [Orabug: 37079813] - Add Oracle prefs [128.3.1] - Add OpenELA debranding [128.3.1-1] - Update to 128.3.1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-9680 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [2.0.32-5.0.1] - IPMI SMB kernel module name is ipmi_ssif in all modern kernels. openipmi-helper script fixed. [Orabug: 27093288] (alexey.petrenko@oracle.com) [2.0.32-5] - Update the patch for CVE-2024-42934 to add a missing upstream commit from 2.0.36: 663e3cd3 [2.0.32-4] - Backport two commits from 2.0.36 to add checks in ipmi_sim and ipmilan (CVE-2024-42934) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-42934 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [4.9.4-13.0.1] - Fixes issue of podman execvp error while using podmansh [Orabug: 36073625] - Improved saving remote build context to tarfile in Podman daemon [Orabug: 36495655] - Add devices on container startup, not on creation - Backport fast gzip for compression [Orabug: 36420418] - overlay: Put should ignore ENINVAL for Unmount [Orabug: 36234694] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404] [4:4.9.4-13] - update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/6cf9920) - Resolves: RHEL-60964 [4:4.9.4-12] - rebuild to address CVE-2024-34155 CVE-2024-34156 CVE-2024-34158 - Resolves: RHEL-57980 RHEL-57950 RHEL-58203 [4:4.9.4-11] - update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/e3221b5) - Resolves: RHEL-56327 RHEL-50231 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-34158 CVE-2024-34155 CVE-2024-34156 CVE-2024-9341 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1:1.4.0-6] - rebuild for CVE-2024-34156 - Resolves: RHEL-57915 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-34156 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [2:1.14.5-2] - rebuild for CVE-2024-34156 - Resolves: RHEL-57955 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-34156 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [1.33.9-1.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178] [2:1.33.9-1] - update to the latest content of https://github.com/containers/buildah/tree/release-1.33 (https://github.com/containers/buildah/commit/4dc26b9) - Resolves: RHEL-61116 [2:1.33.7-5] - rebuild to address CVE-2024-34155 CVE-2024-34156 CVE-2024-34158 - Resolves: RHEL-58191 RHEL-57972 RHEL-57910 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-34155 CVE-2024-34156 CVE-2024-9341 CVE-2024-34158 cpe:/a:oracle:linux:9::appstream Oracle Linux 8 Oracle Linux 9 [1.8.0.432.b06-2.0.1] - Add Oracle vendor bug URL [Orabug: 34340155] [1:1.8.0.432.b06-1] - Update to shenandoah-jdk8u432-b06 (GA) - Update release notes for shenandoah-8u432-b06. - Drop JDK-828109{6,7,8}/PR3836 patch following integration of upstream version - Regenerate JDK-8199936/PR3533 patch following JDK-828109{6,7,8} integration - Bump version of bundled zlib to 1.3.1 following JDK-8324632 - Include backport of JDK-8328999 to update giflib to 5.2.2 - Bump version of bundled giflib to 5.2.2 following JDK-8328999 - Add build scripts to repository to ease remembering all CentOS & RHEL targets and options - Sync the copy of the portable specfile with the latest update - Resolves: RHEL-58791 - Resolves: RHEL-62278 - Resolves: RHEL-61285 - ** This tarball is embargoed until 2024-10-15 @ 1pm PT. ** MODERATE Copyright 2024 Oracle, Inc. CVE-2024-21235 CVE-2024-21208 CVE-2024-21217 CVE-2023-48161 CVE-2024-21210 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 Oracle Linux 9 [1:11.0.25.0.9-2.0.1] - Add Oracle vendor bug URL [Orabug: 34340155] [1:11.0.25.0.9-2] - Update to jdk-11.0.25+9 (GA) - Update release notes to 11.0.25+9 - Switch to GA mode for release - Related: RHEL-58772 - ** This tarball is embargoed until 2024-10-15 @ 1pm PT. ** [1:11.0.25.0.8-0.2.ea] - Update to jdk-11.0.25+8 (EA) - Update release notes to 11.0.25+8 - Related: RHEL-58772 [1:11.0.25.0.7-0.3.ea] - RHJDKBP-875 - Added gating.yaml and/or rpminspect.yaml - RHJDKBP-874 - Remove - Related: RHEL-58772 [1:11.0.25.0.7-0.1.ea] - Update to jdk-11.0.25+7 (EA) - Update release notes to 11.0.25+7 - Related: RHEL-58772 [1:11.0.25.0.6-0.3.ea] - Limit Java only tests to one 'jdk_test_arch' - Resolves: RHEL-59727 - Related: RHEL-58772 [1:11.0.25.0.6-0.2.ea] - Update to jdk-11.0.25+6 (EA) - Switch to EA mode - Update release notes to 11.0.25+6 - Related: RHEL-58772 MODERATE Copyright 2024 Oracle, Inc. CVE-2023-48161 CVE-2024-21210 CVE-2024-21208 CVE-2024-21217 CVE-2024-21235 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 Oracle Linux 9 [17.0.13.0.11-3.0.1] - Add Oracle vendor bug URL [Orabug: 34340155] [1:17.0.13.0.11-3] - Correct version suffix in 'Update to jdk-17.0.13+11 (GA)' changelog entry - Related: RHEL-58781 [1:17.0.13.0.11-2] - Update to jdk-17.0.13+11 (GA) - Update .gitignore to ignore openjdk-17.0.13+11.tar.xz - Sync java-17-openjdk-portable.specfile from openjdk-portable-rhel-8 - Set buildver to 11 - Set is_ga to 1 - Update sources to openjdk-17.0.13+11.tar.xz - Resolves: RHEL-58781 - ** This tarball is embargoed until 2024-10-15 @ 1pm PT. ** [1:17.0.13.0.10-0.2.ea] - Vary portablesuffix depending on whether we are on RHEL ('el8') or CentOS ('el9') - Set rpmrelease to 2 - Related: RHEL-58781 [1:17.0.13.0.10-0.1.ea] - Update to jdk-17.0.13+10 (EA) - Update .gitignore to ignore openjdk-17.0.13+10-ea.tar.xz - Sync java-17-openjdk-portable.specfile from openjdk-portable-centos-9 - Set buildver to 10 - Update sources to openjdk-17.0.13+10-ea.tar.xz - Related: RHEL-58781 [1:17.0.13.0.9-0.1.ea] - Update to jdk-17.0.13+9 (EA) - Update .gitignore to ignore openjdk-17.0.13+9-ea.tar.xz - Sync java-17-openjdk-portable.specfile from openjdk-portable-centos-9 - Set buildver to 9 - Set rpmrelease to 1 - Set portablerelease to 1 - Update sources to openjdk-17.0.13+9-ea.tar.xz - Related: RHEL-58781 [1:17.0.13.0.1-0.4.ea] - Set rpmrelease to 4 - Set portablerelease to 2 - Related: RHEL-58781 [1:17.0.13.0.1-0.3.ea] - Synchronize java-17-openjdk-portable.specfile - Set rpmrelease to 3 - Related: RHEL-58781 [1:17.0.13.0.1-0.2.ea] - Update to jdk-17.0.13+1 (EA) - Update .gitignore to ignore openjdk-17.0.13+1-ea.tar.xz - Synchronize java-17-openjdk-portable.specfile - Set updatever to 13 - Set buildver to 1 - Set is_ga to 0 - Update sources to openjdk-17.0.13+1-ea.tar.xz - Related: RHEL-58781 - Remove 0001-8332174-Remove-2-unpaired-RLO-Unicode-characters-in-.patch - Remove unicode section from rpminspect.yml, fixed instead by https://gitlab.cee.redhat.com/osci/rpminspect-data-redhat/-/merge_requests/180 (OPENJDK-2904) - Related: RHEL-58781 [1:17.0.12.0.7-3] - Sync java-17-openjdk-portable.specfile from openjdk-portable-rhel-8 - Set rpmrelease to 3 - Set portablerelease to 4 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-21208 CVE-2024-21235 CVE-2024-21210 CVE-2024-21217 CVE-2023-48161 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 8 Oracle Linux 9 [1:21.0.5.0.10-3.0.1] - Add Oracle vendor bug URL [Orabug: 34340155] [1:21.0.5.0.10-3] - Sync the copy of the portable specfile with the latest update - ** This tarball is embargoed until 2024-10-15 @ 1pm PT. ** - Related: RHEL-61346 [1:21.0.5.0.10-2] - Update to jdk-21.0.5+10 (GA) - Update release notes to 21.0.5+10 - Bump giflib version to 5.2.2 following JDK-8328999 - Bump libpng version to 1.6.43 following JDK-8329004 - Vary portablesuffix depending on whether we are on RHEL ('el8') or CentOS ('el9') - Handle debugedit being a separate package installed in /usr on RHEL/CentOS 10 - Add build scripts to repository to ease remembering all CentOS & RHEL targets and options - Sync with RHEL 7 portable build: - Use ExclusiveArch over ExcludeArch - pkgos definition needs to be early enough to be used in portablesuffix - Make build scripts executable - Sync the copy of the portable specfile with the latest update - Revert JDK-8327501 & JDK-8328366 backport until more mature. - Resolves: RHEL-58798 - Resolves: RHEL-17186 - Resolves: RHEL-61346 - ** This tarball is embargoed until 2024-10-15 @ 1pm PT. ** MODERATE Copyright 2024 Oracle, Inc. CVE-2024-21210 CVE-2024-21208 CVE-2023-48161 CVE-2024-21235 CVE-2024-21217 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:8::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/a:oracle:linux:8::codeready_builder Oracle Linux 9 [5.14.0-427.40.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates [5.14.0-427.40.1_4] - gfs2: Fix NULL pointer dereference in gfs2_log_flush (CKI Backport Bot) [RHEL-51561 RHEL-51559] {CVE-2024-42079} - net: stmmac: Separate C22 and C45 transactions for xgmac (CKI Backport Bot) [RHEL-60274 RHEL-6297] - dmaengine: idxd: Check for driver name match before sva user feature (Jerry Snitselaar) [RHEL-47239 RHEL-44836 RHEL-46619] - ceph: switch to corrected encoding of max_xattr_size in mdsmap (Xiubo Li) [RHEL-57609 RHEL-26722] - KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked (CKI Backport Bot) [RHEL-46428] {CVE-2024-39483} - vfs: don't mod negative dentry count when on shrinker list (Brian Foster) [RHEL-60567 RHEL-46609] - fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading (Brian Foster) [RHEL-60567 RHEL-46609] - x86/bugs: Reverse instruction order of CLEAR_CPU_BUFFERS (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746} - Revert 'x86/bugs: Use fixed addressing for VERW operand' (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746} - KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746} - redhat/configs: Enable x86 CONFIG_MITIGATION_RFDS (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746} - x86/rfds: Mitigate Register File Data Sampling (RFDS) (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746} - Documentation/hw-vuln: Add documentation for RFDS (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746} - x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746} - x86/bugs: Use fixed addressing for VERW operand (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746} - KVM/VMX: Move VERW closer to VMentry for MDS mitigation (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746} - KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746} - x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746} - x86/entry_32: Add VERW just before userspace transition (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746} - x86/entry_64: Add VERW just before userspace transition (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746} - x86/entry: Harden return-to-user (Prarit Bhargava) [RHEL-48713 RHEL-25415] - x86/entry: Optimize common_interrupt_return() (Prarit Bhargava) [RHEL-48713 RHEL-25415] - x86/bugs: Add asm helpers for executing VERW (Waiman Long) [RHEL-48713 RHEL-31226] {CVE-2023-28746} - sched: act_ct: take care of padding in struct zones_ht_key (Xin Long) [RHEL-55112 RHEL-50682] {CVE-2024-42272} - sched: act_ct: add netns into the key of tcf_ct_flow_table (Xin Long) [RHEL-55112 RHEL-28816] - dmaengine: idxd: Fix oops during rmmod on single-CPU platforms (CKI Backport Bot) [RHEL-41361] {CVE-2024-35989} - hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field (Steve Best) [RHEL-42115 RHEL-37721] {CVE-2021-47385} [5.14.0-427.39.1_4] - mptcp: ensure snd_nxt is properly initialized on connect (cki-backport-bot) [RHEL-52474 RHEL-39867] {CVE-2024-36889} - ping: fix address binding wrt vrf (Antoine Tenart) [RHEL-57563 RHEL-50920] - net/mlx5: Add a timeout to acquire the command queue semaphore (Benjamin Poirier) [RHEL-44227 RHEL-44225] {CVE-2024-38556} - xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (CKI Backport Bot) [RHEL-48142 RHEL-48140] {CVE-2024-40959} - ionic: fix use after netif_napi_del() (Michal Schmidt) [RHEL-47636 RHEL-47634] {CVE-2024-39502} - ionic: clean interrupt before enabling queue to avoid credit race (Michal Schmidt) [RHEL-47636 RHEL-36065] - Revert 'net/mlx5: Block entering switchdev mode with ns inconsistency' (Benjamin Poirier) [RHEL-42391 RHEL-24466] {CVE-2023-52658} - tipc: Return non-zero value from tipc_udp_addr2str() on error (Xin Long) [RHEL-55075 RHEL-55074] {CVE-2024-42284} - x86: set FSRS automatically on AMD CPUs that have FSRM (Prarit Bhargava) [RHEL-56970 RHEL-25415] [5.14.0-427.38.1_4] - module: avoid allocation if module is already present and ready (Donald Dutile) [RHEL-52417] - module: move early sanity checks into a helper (Donald Dutile) [RHEL-52417] - module: extract patient module check into helper (Donald Dutile) [RHEL-52417] - null_blk: Fix return value of nullb_device_power_store() (Ming Lei) [RHEL-58636 RHEL-39662] - null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' (Ming Lei) [RHEL-58636 RHEL-39662] - net: sched: sch_multiq: fix possible OOB write in multiq_tune() (cki-backport-bot) [RHEL-43472] {CVE-2024-36978} - netfilter: nft_flow_offload: release dst in case direct xmit path is used (Florian Westphal) [RHEL-38520 RHEL-33469] - netfilter: nft_flow_offload: reset dst in route object after setting up flow (Florian Westphal) [RHEL-38520 RHEL-33469] {CVE-2024-27403} - netfilter: flowtable: simplify route logic (Florian Westphal) [RHEL-38520 RHEL-33469] - net: psample: fix uninitialized metadata. (Adrian Moreno) [RHEL-56909] MODERATE Copyright 2024 Oracle, Inc. CVE-2024-42079 CVE-2024-36978 CVE-2021-47385 CVE-2023-28746 CVE-2024-39502 CVE-2024-38556 CVE-2024-39483 CVE-2024-35989 CVE-2024-27403 CVE-2024-40959 CVE-2024-42284 CVE-2023-52658 CVE-2024-36889 CVE-2024-42272 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_patch Oracle Linux 9 [2.46.1-1] - Update to 2.46.1 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-27820 CVE-2024-23271 CVE-2024-27838 CVE-2024-40780 CVE-2024-40782 CVE-2024-44187 CVE-2024-40776 CVE-2024-27851 CVE-2024-40779 CVE-2024-40866 CVE-2024-40789 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [3.11.7-1.6] - Security fix for CVE-2024-6232 Resolves: RHEL-57411 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-6232 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [3.9.18-3.6] - Fix: CVE-2024-6232 - Resolves: RHEL-57421 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-6232 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_patch Oracle Linux 9 [3.12.1-4.4] - Security fix for CVE-2024-6232 Resolves: RHEL-57416 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-6232 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [1.33.10-1.0.1] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117178] [2:1.33.10-1] - update to the latest content of https://github.com/containers/buildah/tree/release-1.33 (https://github.com/containers/buildah/commit/bd85c17) - Resolves: RHEL-61842 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-9675 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [5.14.0-427.42.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates [5.14.0-427.42.1_4] - redhat/configs: Add CONFIG_MITIGATION_SPECTRE_BHI (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201} - x86/bugs: Fix BHI retpoline check (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201} - x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201} - x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201} - x86/bugs: Clarify that syscall hardening isn't a BHI mitigation (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201} - x86/bugs: Fix BHI handling of RRSBA (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201} - x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201} - x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201} - x86/bugs: Fix BHI documentation (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201} - x86/bugs: Fix return type of spectre_bhi_state() (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201} - x86/bugs: Make CONFIG_SPECTRE_BHI_ON the default (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201} - KVM: x86: Add BHI_NO (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201} - x86/bhi: Add BHI mitigation knob (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201} - x86/bhi: Enumerate Branch History Injection (BHI) bug (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201} - x86/bhi: Define SPEC_CTRL_BHI_DIS_S (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201} - x86/bhi: Add support for clearing branch history at syscall entry (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201} - x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201} - perf/x86/amd/lbr: Use freeze based on availability (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201} - Documentation/kernel-parameters: Add spec_rstack_overflow to mitigations=off (Waiman Long) [RHEL-45492 RHEL-28203] {CVE-2024-2201} - KVM: x86: Use a switch statement and macros in __feature_translate() (Maxim Levitsky) [RHEL-45492 RHEL-32430] - KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace (Maxim Levitsky) [RHEL-45492 RHEL-32430] - x86/entry/32: Convert do_fast_syscall_32() to bool return type (Prarit Bhargava) [RHEL-45492 RHEL-25415] - x86/entry: Add do_SYSENTER_32() prototype (Prarit Bhargava) [RHEL-45492 RHEL-25415] - x86/bugs: Reset speculation control settings on init (Prarit Bhargava) [RHEL-45492 RHEL-25415] - mpls: Reduce skb re-allocations due to skb_cow() (Guillaume Nault) [RHEL-61696 RHEL-55145] - scsi: core: Fix unremoved procfs host directory regression (Ewan D. Milne) [RHEL-39539 RHEL-39601 RHEL-33543 RHEL-35000] {CVE-2024-26935} - tty: Fix out-of-bound vmalloc access in imageblit (Andrew Halaney) [RHEL-42095 RHEL-24205] {CVE-2021-47383} - block: initialize integrity buffer to zero before writing it to media (Ming Lei) [RHEL-54769 RHEL-54768] {CVE-2024-43854} - block: cleanup bio_integrity_prep (Ming Lei) [RHEL-54769 RHEL-25988] - block: refactor to use helper (Ming Lei) [RHEL-54769 RHEL-25988] - ceph: fix cap ref leak via netfs init_request (Patrick Donnelly) [RHEL-62666 RHEL-61459] - redhat/configs: Enable CONFIG_OCTEON_EP_VF (CKI Backport Bot) [RHEL-61744 RHEL-25860] - octeon_ep_vf: add ethtool support (CKI Backport Bot) [RHEL-61744 RHEL-25860] - octeon_ep_vf: add Tx/Rx processing and interrupt support (CKI Backport Bot) [RHEL-61744 RHEL-25860] - octeon_ep_vf: add support for ndo ops (CKI Backport Bot) [RHEL-61744 RHEL-25860] - octeon_ep_vf: add Tx/Rx ring resource setup and cleanup (CKI Backport Bot) [RHEL-61744 RHEL-25860] - octeon_ep_vf: add VF-PF mailbox communication. (CKI Backport Bot) [RHEL-61744 RHEL-25860] - octeon_ep_vf: add hardware configuration APIs (CKI Backport Bot) [RHEL-61744 RHEL-25860] - octeon_ep_vf: Add driver framework and device initialization (CKI Backport Bot) [RHEL-61744 RHEL-25860] - octeon_ep: support firmware notifications for VFs (CKI Backport Bot) [RHEL-61744 RHEL-25860] - octeon_ep: control net framework to support VF offloads (CKI Backport Bot) [RHEL-61744 RHEL-25860] - octeon_ep: PF-VF mailbox version support (CKI Backport Bot) [RHEL-61744 RHEL-25860] - octeon_ep: add PF-VF mailbox communication (CKI Backport Bot) [RHEL-61744 RHEL-25860] - x86/mm/ident_map: Use gbpages only where full GB page should be mapped. (Chris von Recklinghausen) [RHEL-62209 RHEL-26268] - netfilter: nfnetlink_queue: un-break NF_REPEAT (Phil Sutter) [RHEL-62299] [5.14.0-427.41.1_4] - iommu/amd: Fix panic accessing amd_iommu_enable_faulting (Jerry Snitselaar) [RHEL-55507 RHEL-37320 RHEL-40344] - iommu/vt-d: Allocate DMAR fault interrupts locally (Jerry Snitselaar) [RHEL-55507 RHEL-28780] - netfilter: nft_inner: validate mandatory meta and payload (Phil Sutter) [RHEL-47488 RHEL-47486] {CVE-2024-39504} - netfilter: flowtable: initialise extack before use (CKI Backport Bot) [RHEL-58546 RHEL-58544] {CVE-2024-45018} - ext4: do not create EA inode under buffer lock (Carlos Maiolino) [RHEL-48285 RHEL-48282] {CVE-2024-40972} - ext4: fold quota accounting into ext4_xattr_inode_lookup_create() (Carlos Maiolino) [RHEL-48285 RHEL-48282] {CVE-2024-40972} - ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (Carlos Maiolino) [RHEL-48519 RHEL-48517] {CVE-2024-40998} - ext4: turn quotas off if mount failed after enabling quotas (Carlos Maiolino) [RHEL-48519 RHEL-48517] {CVE-2024-40998} - mptcp: fix data re-injection from stale subflow (Davide Caratti) [RHEL-59920 RHEL-32669] {CVE-2024-26826} - xfs: add bounds checking to xlog_recover_process_data (CKI Backport Bot) [RHEL-50864 RHEL-50862] {CVE-2024-41014} - af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc(). (Davide Caratti) [RHEL-42771 RHEL-33410] - af_unix: Fix garbage collector racing against connect() (Davide Caratti) [RHEL-42771 RHEL-33410] {CVE-2024-26923} - af_unix: fix lockdep positive in sk_diag_dump_icons() (Davide Caratti) [RHEL-42771 RHEL-33410] - xfs: don't walk off the end of a directory data block (CKI Backport Bot) [RHEL-50887 RHEL-50885] {CVE-2024-41013} - ipv6: prevent possible NULL dereference in rt6_probe() (Hangbin Liu) [RHEL-48161 RHEL-45826] {CVE-2024-40960} - mac802154: fix llsec key resources release in mac802154_llsec_key_del (Steve Best) [RHEL-42795 RHEL-34969] {CVE-2024-26961} - mptcp: ensure snd_una is properly initialized on connect (Florian Westphal) [RHEL-47945 RHEL-47943] {CVE-2024-40931} - USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (CKI Backport Bot) [RHEL-47560 RHEL-47558] {CVE-2024-40904} - nvme-multipath: fix io accounting on failover (John Meneghini) [RHEL-59646 RHEL-56635] - nvme: fix multipath batched completion accounting (John Meneghini) [RHEL-59646 RHEL-56635] - xfs: fix log recovery buffer allocation for the legacy h_size fixup (Bill O'Donnell) [RHEL-46481 RHEL-46479] {CVE-2024-39472} - tcp: add sanity checks to rx zerocopy (Paolo Abeni) [RHEL-58403 RHEL-29496] {CVE-2024-26640} - netpoll: Fix race condition in netpoll_owner_active (CKI Backport Bot) [RHEL-49373 RHEL-49371] {CVE-2024-41005} - wifi: mt76: mt7921s: fix potential hung tasks during chip recovery (CKI Backport Bot) [RHEL-48321 RHEL-48319] {CVE-2024-40977} - smb: client: fix hang in wait_for_response() for negproto (Jay Shin) [RHEL-61606 RHEL-57983] - NFSv4.1/pnfs: fix NFS with TLS in pnfs (Benjamin Coddington) [RHEL-61467 RHEL-34576] - ceph: remove the incorrect Fw reference check when dirtying pages (Xiubo Li) [RHEL-61415 RHEL-60255] - net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (Davide Caratti) [RHEL-48483 RHEL-44375] {CVE-2024-40995} - net/sched: taprio: extend minimum interval restriction to entire cycle too (Davide Caratti) [RHEL-44377 RHEL-44375] {CVE-2024-36244} - net/sched: taprio: make q->picos_per_byte available to fill_sched_entry() (Davide Caratti) [RHEL-44377 RHEL-44375] {CVE-2024-36244} MODERATE Copyright 2024 Oracle, Inc. CVE-2024-26640 CVE-2024-41013 CVE-2024-36244 CVE-2024-40995 CVE-2024-26935 CVE-2024-2201 CVE-2024-41014 CVE-2024-26923 CVE-2024-26826 CVE-2024-39504 CVE-2024-40904 CVE-2024-40931 CVE-2024-40977 CVE-2024-45018 CVE-2024-41005 CVE-2024-43854 CVE-2024-26961 CVE-2024-40960 CVE-2024-40998 CVE-2021-47383 CVE-2024-39472 CVE-2024-40972 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder cpe:/o:oracle:linux:9::baseos_latest cpe:/o:oracle:linux:9:4:baseos_patch Oracle Linux 9 [9.2.10-19] - Resolves RHEL-62309: CVE-2024-47875 [9.2.10-18] - Resolves RHEL-61049: CVE-2024-9355 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-9355 CVE-2024-47875 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [2.0.26-2.1] - Resolves: RHEL-45803 - mod_http2: DoS by null pointer in websocket over HTTP/2 (CVE-2024-36387) LOW Copyright 2024 Oracle, Inc. CVE-2024-36387 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [128.4.0-1.0.1] - Fix firefox-oracle-default-prefs.js for new nss [Orabug: 37079773] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [128.4.0] - Add debranding patches (Mustafa Gezen) - Add OpenELA default preferences (Louis Abel) [128.4.0-1] - Update to 128.4.0 build1 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-10461 CVE-2024-10466 CVE-2024-10462 CVE-2024-10464 CVE-2024-10458 CVE-2024-10463 CVE-2024-10459 CVE-2024-10465 CVE-2024-10467 CVE-2024-10460 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [128.4.0-1.0.1] - Fix prefs for new nss [Orabug: 37079813] - Add Oracle prefs [128.4.0] - Add OpenELA debranding [128.4.0-1] - Update to 128.4.0 build1 MODERATE Copyright 2024 Oracle, Inc. CVE-2024-10458 CVE-2024-10461 CVE-2024-10465 CVE-2024-10460 CVE-2024-10463 CVE-2024-10467 CVE-2024-10464 CVE-2024-10466 CVE-2024-10459 CVE-2024-10462 cpe:/a:oracle:linux:9::appstream Oracle Linux 9 [3.1.1-2.1] - fix CVE-2023-5481 (RHEL-64162) IMPORTANT Copyright 2024 Oracle, Inc. CVE-2023-5841 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [4.4.0-12.1] - fix CVE-2024-7006 a null pointer dereference in tif_dirinfo (RHEL-52931) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-7006 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [20231122-6.0.1.el9_4.4] - Replace upstream references [Orabug:36569119] [20231122-6.el9_4.4] - edk2-Bumped-openssl-submodule-version-to-0205b5898872.patch [RHEL-55337] - Resolves: RHEL-55337 (CVE-2024-6119 edk2/openssl: Possible denial of service in X.509 name checks [rhel-9.4.z]) MODERATE Copyright 2024 Oracle, Inc. CVE-2024-6119 cpe:/a:oracle:linux:9::appstream cpe:/a:oracle:linux:9::codeready_builder Oracle Linux 9 [4.9.4-16.0.1] - Fixes issue of podman execvp error while using podmansh [Orabug: 36073625] - Improved saving remote build context to tarfile in Podman daemon [Orabug: 36495655] - Add devices on container startup, not on creation - Backport fast gzip for compression [Orabug: 36420418] - overlay: Put should ignore ENINVAL for Unmount [Orabug: 36234694] - Drop nmap-ncat requirement and skip ignore-socket test case [Orabug: 34117404] [4:4.9.4-16] - update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/70e4d02) - Resolves: RHEL-65451 [4:4.9.4-15] - update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/1866072) - Resolves: RHEL-61868 [4:4.9.4-14] - update to the latest content of https://github.com/containers/podman/tree/v4.9-rhel (https://github.com/containers/podman/commit/235a22c) - Resolves: RHEL-61154 IMPORTANT Copyright 2024 Oracle, Inc. CVE-2024-9676 CVE-2024-9407 CVE-2024-9675 cpe:/a:oracle:linux:9::appstream