SUSE Image Update Advisory: sles-15-sp2-chost-byos-v20210610
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2021:536-1
Image Tags        : sles-15-sp2-chost-byos-v20210610:20210610
Image Release     : 
Severity          : important
Type              : security
References        : 1021918 1029961 1043990 1055117 1065729 1080040 1087082 1089870
                        1106014 1115550 1133021 1152457 1152457 1152489 1152489 1153687
                        1155518 1156395 1156395 1162964 1164648 1167260 1168838 1168894
                        1169122 1169348 1170092 1170094 1170858 1174162 1174416 1174426
                        1176370 1177315 1177666 1178089 1178378 1178418 1178491 1178577
                        1178612 1178624 1178675 1179243 1179519 1179825 1179827 1179851
                        1179851 1180478 1180846 1180851 1180851 1181161 1181351 1181443
                        1181540 1181610 1181651 1181679 1181874 1181874 1181911 1182016
                        1182057 1182257 1182372 1182378 1182613 1182904 1182936 1182936
                        1182950 1182999 1183063 1183194 1183194 1183203 1183268 1183289
                        1183346 1183374 1183589 1183628 1183628 1183732 1183797 1183826
                        1183868 1183873 1183932 1183947 1183976 1184081 1184082 1184208
                        1184209 1184259 1184326 1184358 1184399 1184400 1184435 1184436
                        1184507 1184514 1184611 1184614 1184650 1184687 1184724 1184728
                        1184730 1184731 1184736 1184737 1184738 1184740 1184741 1184742
                        1184760 1184811 1184829 1184855 1184893 1184912 1184934 1184942
                        1184957 1184969 1184984 1184997 1184997 1184997 1185041 1185113
                        1185163 1185170 1185190 1185233 1185239 1185239 1185244 1185269
                        1185277 1185325 1185365 1185408 1185409 1185410 1185417 1185428
                        1185438 1185454 1185464 1185464 1185464 1185472 1185491 1185495
                        1185497 1185549 1185562 1185580 1185586 1185587 1185589 1185606
                        1185642 1185645 1185677 1185680 1185698 1185703 1185725 1185758
                        1185848 1185849 1185859 1185860 1185861 1185862 1185863 1185898
                        1185899 1185910 1185911 1185938 1185950 1185961 1185961 1185982
                        1185987 1185988 1186015 1186060 1186061 1186062 1186111 1186114
                        1186285 1186320 1186390 1186416 1186439 1186441 1186451 1186460
                        1186479 1186484 1186498 1186501 1186573 1186673 1186681 CVE-2020-24586
                        CVE-2020-24587 CVE-2020-24588 CVE-2020-26139 CVE-2020-26141 CVE-2020-26145
                        CVE-2020-26147 CVE-2021-22898 CVE-2021-23134 CVE-2021-29155 CVE-2021-29650
                        CVE-2021-32399 CVE-2021-33034 CVE-2021-33200 CVE-2021-3426 CVE-2021-3491
                        CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537
                        CVE-2021-3541 
-----------------------------------------------------------------

The container sles-15-sp2-chost-byos-v20210610 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1543-1
Released:    Fri May  7 15:16:32 2021
Summary:     Recommended update for patterns-microos
Type:        recommended
Severity:    moderate
References:  1184435
This update for patterns-microos provides the following fix:

- Require the libvirt-daemon-qemu package and include the needed dependencies in the
  product. (bsc#1184435)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1544-1
Released:    Fri May  7 16:34:41 2021
Summary:     Recommended update for libzypp
Type:        recommended
Severity:    moderate
References:  1180851,1181874,1182936,1183628,1184997,1185239
This update for libzypp fixes the following issues:

Upgrade from version 17.25.8 to version 17.25.10

- Properly handle permission denied when providing optional files. (bsc#1185239)
- Fix service detection with `cgroupv2`. (bsc#1184997)
- Add missing includes for GCC 11. (bsc#1181874)
- Fix unsafe usage of static in media verifier.
- `Solver`: Avoid segfault if no system is loaded. (bsc#1183628)
- `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851)
- Do no cleanup in custom cache dirs. (bsc#1182936)
- `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1549-1
Released:    Mon May 10 13:48:00 2021
Summary:     Recommended update for procps
Type:        recommended
Severity:    moderate
References:  1185417
This update for procps fixes the following issues:

- Support up to 2048 CPU as well. (bsc#1185417)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1557-1
Released:    Tue May 11 09:50:00 2021
Summary:     Security update for python3
Type:        security
Severity:    moderate
References:  1183374,CVE-2021-3426
This update for python3 fixes the following issues:

- CVE-2021-3426: Fixed an information disclosure via pydoc (bsc#1183374)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1564-1
Released:    Tue May 11 13:29:55 2021
Summary:     Security update for shim
Type:        security
Severity:    important
References:  1177315,1182057,1185464
This update for shim fixes the following issues:

- Update to the unified shim binary for SBAT support (bsc#1182057)
  + Merged EKU codesign check (bsc#1177315)
- shim-install: Always assume 'removable' for Azure to avoid the endless reset loop (bsc#1185464).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1565-1
Released:    Tue May 11 14:20:04 2021
Summary:     Recommended update for krb5
Type:        recommended
Severity:    moderate
References:  1185163
This update for krb5 fixes the following issues:

- Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163);

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1566-1
Released:    Wed May 12 09:39:16 2021
Summary:     Recommended update for chrony
Type:        recommended
Severity:    moderate
References:  1162964,1184400
This update for chrony fixes the following issues:

- Fix build with glibc-2.31 (bsc#1162964)
- Use /run instead of /var/run for PIDFile in chronyd.service (bsc#1184400)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1574-1
Released:    Wed May 12 12:04:51 2021
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1043990,1055117,1065729,1152457,1152489,1156395,1167260,1168838,1174416,1174426,1178089,1179243,1179851,1180846,1181161,1182613,1183063,1183203,1183289,1184208,1184209,1184436,1184514,1184650,1184724,1184728,1184730,1184731,1184736,1184737,1184738,1184740,1184741,1184742,1184760,1184811,1184893,1184934,1184942,1184957,1184969,1184984,1185041,1185113,1185233,1185244,1185269,1185365,1185454,1185472,1185491,1185549,1185586,1185587,CVE-2021-29155,CVE-2021-29650
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.


The following security bugs were fixed:

- CVE-2021-29650: Fixed an issue with the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208).
- CVE-2021-29155: Fixed an issue that was discovered in kernel/bpf/verifier.c that performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation was not correctly accounted for when restricting subsequent operations (bnc#1184942).

The following non-security bugs were fixed:

- ACPI: CPPC: Replace cppc_attr with kobj_attribute (git-fixes).
- ALSA: core: remove redundant spin_lock pair in snd_card_disconnect (git-fixes).
- ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer (git-fixes).
- ALSA: hda/cirrus: Add error handling into CS8409 I2C functions (git-fixes).
- ALSA: hda/cirrus: Add Headphone and Headset MIC Volume Control (git-fixes).
- ALSA: hda/cirrus: Add jack detect interrupt support from CS42L42 companion codec (git-fixes).
- ALSA: hda/cirrus: Add support for CS8409 HDA bridge and CS42L42 companion codec (git-fixes).
- ALSA: hda/cirrus: Cleanup patch_cirrus.c code (git-fixes).
- ALSA: hda/cirrus: Fix CS42L42 Headset Mic volume control name (git-fixes).
- ALSA: hda/cirrus: Make CS8409 driver more generic by using fixups (git-fixes).
- ALSA: hda/cirrus: Set Initial DMIC volume for Bullseye to -26 dB (git-fixes).
- ALSA: hda/cirrus: Use CS8409 filter to fix abnormal sounds on Bullseye (git-fixes).
- ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx (git-fixes).
- ALSA: hda/realtek: fix mic boost on Intel NUC 8 (git-fixes).
- ALSA: hda/realtek: fix static noise on ALC285 Lenovo laptops (git-fixes).
- ALSA: hda/realtek: GA503 use same quirks as GA401 (git-fixes).
- ALSA: hda/realtek - Headset Mic issue on HP platform (git-fixes).
- ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices (git-fixes).
- ALSA: hda/realtek: Re-order ALC269 Acer quirk table entries (git-fixes).
- ALSA: hda/realtek: Re-order ALC269 ASUS quirk table entries (git-fixes).
- ALSA: hda/realtek: Re-order ALC269 Dell quirk table entries (git-fixes).
- ALSA: hda/realtek: Re-order ALC269 HP quirk table entries (git-fixes).
- ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries (git-fixes).
- ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries (git-fixes).
- ALSA: hda/realtek: Re-order ALC662 quirk table entries (git-fixes).
- ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries (git-fixes).
- ALSA: hda/realtek: Re-order ALC882 Clevo quirk table entries (git-fixes).
- ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries (git-fixes).
- ALSA: hda/realtek: Re-order remaining ALC269 quirk table entries (git-fixes).
- ALSA: sb: Fix two use after free in snd_sb_qsound_build (git-fixes).
- ALSA: usb-audio: Add DJM450 to Pioneer format quirk (git-fixes).
- ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls (git-fixes).
- ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX (git-fixes).
- ALSA: usb-audio: Configure Pioneer DJM-850 samplerate (git-fixes).
- ALSA: usb-audio: DJM-750: ensure format is set (git-fixes).
- ALSA: usb-audio: Explicitly set up the clock selector (git-fixes).
- ALSA: usb-audio: Fix implicit sync clearance at stopping stream (git-fixes).
- ALSA: usb-audio: Fix Pioneer DJM devices URB_CONTROL request direction to set samplerate (git-fixes).
- ALSA: usb: midi: do not return -ENOMEM when usb_urb_ep_type_check fails (git-fixes).
- arm: dts: add imx7d pcf2127 fix to blacklist
- ASoC: ak5558: correct reset polarity (git-fixes).
- ASoC: ak5558: Fix s/show/slow/ typo (git-fixes).
- ASoC: Intel: kbl_da7219_max98927: Fix kabylake_ssp_fixup function (git-fixes).
- ASoC: samsung: tm2_wm5110: check of of_parse return value (git-fixes).
- ASoC: simple-card: fix possible uninitialized single_cpu local variable (git-fixes).
- ASoC: SOF: Intel: HDA: fix core status verification (git-fixes).
- ASoC: SOF: Intel: hda: remove unnecessary parentheses (git-fixes).
- ata: libahci_platform: fix IRQ check (git-fixes).
- ath10k: Fix ath10k_wmi_tlv_op_pull_peer_stats_info() unlock without lock (git-fixes).
- ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices (git-fixes).
- backlight: journada720: Fix Wmisleading-indentation warning (git-fixes).
- blkcg: fix memleak for iolatency (git-fixes).
- block, bfq: set next_rq to waker_bfqq->next_rq in waker injection (bsc#1168838).
- block: recalculate segment count for multi-segment discards correctly (bsc#1184724).
- block: rsxx: select CONFIG_CRC32 (git-fixes).
- bluetooth: eliminate the potential race condition when removing the HCI controller (git-fixes).
- bnxt_en: reverse order of TX disable and carrier off (git-fixes).
- bsg: free the request before return error code (git-fixes).
- btrfs: fix qgroup data rsv leak caused by falloc failure (bsc#1185549).
- btrfs: fix race between swap file activation and snapshot creation (bsc#1185587).
- btrfs: fix race between writes to swap files and scrub (bsc#1185586).
- btrfs: track qgroup released data in own variable in insert_prealloc_file_extent (bsc#1185549).
- bus: qcom: Put child node before return (git-fixes).
- cfg80211: remove WARN_ON() in cfg80211_sme_connect (git-fixes).
- clk: exynos7: Mark aclk_fsys1_200 as critical (git-fixes).
- clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 Mhz to 1 GHz (git-fixes).
- clk: mvebu: armada-37xx-periph: Fix workaround for switching from L1 to L0 (git-fixes).
- clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU PM clock (git-fixes).
- clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE (git-fixes).
- clk: uniphier: Fix potential infinite loop (git-fixes).
- clk: zynqmp: move zynqmp_pll_set_mode out of round_rate callback (git-fixes).
- coresight: etm4x: Fix issues on trcseqevr access (git-fixes).
- coresight: etm4x: Fix save and restore of TRCVMIDCCTLR1 register (git-fixes).
- coresight: tmc-etr: Fix barrier packet insertion for perf buffer (git-fixes).
- cpufreq: armada-37xx: Fix determining base CPU frequency (git-fixes).
- cpufreq: armada-37xx: Fix driver cleanup when registration failed (git-fixes).
- cpufreq: armada-37xx: Fix setting TBG parent for load levels (git-fixes).
- cpufreq: armada-37xx: Fix the AVS value for load L1 (git-fixes).
- cpufreq: Kconfig: fix documentation links (git-fixes).
- crypto: arm/curve25519 - Move '.fpu' after '.arch' (git-fixes).
- crypto: rng - fix crypto_rng_reset() refcounting when !CRYPTO_STATS (git-fixes).
- cxgb4: avoid collecting SGE_QBASE regs during traffic (git-fixes).
- cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4 and ulds (git-fixes).
- dmaengine: dw: Make it dependent to HAS_IOMEM (git-fixes).
- dm: eliminate potential source of excessive kernel log noise (git-fixes).
- dm era: Fix bitset memory leaks (git-fixes).
- dm era: only resize metadata in preresume (git-fixes).
- dm era: Recover committed writeset after crash (git-fixes).
- dm era: Reinitialize bitset cache before digesting a new writeset (git-fixes).
- dm era: Use correct value size in equality function of writeset tree (git-fixes).
- dm era: Verify the data block size hasn't changed (git-fixes).
- dm: fix bug with RCU locking in dm_blk_report_zones (git-fixes).
- dm integrity: fix error reporting in bitmap mode after creation (git-fixes).
- dm ioctl: fix error return code in target_message (git-fixes).
- dm mpath: fix racey management of PG initialization (git-fixes).
- dm raid: fix discard limits for raid1 (git-fixes).
- dm: remove invalid sparse __acquires and __releases annotations (git-fixes).
- dm writecache: fix the maximum number of arguments (git-fixes).
- dm writecache: handle DAX to partitions on persistent memory correctly (git-fixes).
- dm writecache: remove BUG() and fail gracefully instead (git-fixes).
- dm zoned: select CONFIG_CRC32 (git-fixes).
- dpaa_eth: copy timestamp fields to new skb in A-050385 workaround (git-fixes).
- dpaa_eth: fix the RX headroom size alignment (git-fixes).
- dpaa_eth: Remove unnecessary boolean expression in dpaa_get_headroom (git-fixes).
- dpaa_eth: Use random MAC address when none is given (bsc#1184811).
- drivers: net: xgene: Fix the order of the arguments of 'alloc_etherdev_mqs()' (git-fixes).
- drm/amdkfd: fix build error with AMD_IOMMU_V2=m (git-fixes).
- drm/ast: Add 25MHz refclk support (bsc#1174416).
- drm/ast: Add support for 1152x864 mode (bsc#1174416).
- drm/ast: Add support for AIP200 (bsc#1174416).
- drm/ast: AST2500 fixups (bsc#1174416).
- drm/ast: Correct mode table for AST2500 precatch (bsc#1174416).
- drm/ast: Disable screen on register init (bsc#1174416).
- drm/ast: Disable VGA decoding while driver is active (bsc#1174416).
- drm/ast: drm/ast: Fix boot address for AST2500 (bsc#1174416).
- drm/ast: Fix P2A config detection (bsc#1174416).
- drm/ast: Fix register access in non-P2A mode for DP501 (bsc#1174416).
- drm/ast: Keep MISC fields when enabling VGA (bsc#1174416).
- drm/i915/gvt: Fix error code in intel_gvt_init_device() (git-fixes).
- drm/imx: imx-ldb: fix out of bounds array access warning (git-fixes).
- drm/msm: Fix a5xx/a6xx timestamps (git-fixes).
- drm/omap: fix misleading indentation in pixinc() (git-fixes).
- drm/radeon: fix copy of uninitialized variable back to userspace (git-fixes).
- drm/tegra: dc: Do not set PLL clock to 0Hz (git-fixes).
- e1000e: add rtnl_lock() to e1000_reset_task (git-fixes).
- e1000e: Fix duplicate include guard (git-fixes).
- e1000e: Fix error handling in e1000_set_d0_lplu_state_82571 (git-fixes).
- enetc: Let the hardware auto-advance the taprio base-time of 0 (git-fixes).
- enetc: Workaround for MDIO register access issue (git-fixes).
- ethernet/netronome/nfp: Fix a use after free in nfp_bpf_ctrl_msg_rx (git-fixes).
- ext4: do not try to set xattr into ea_inode if value is empty (bsc#1184730).
- ext4: find old entry again if failed to rename whiteout (bsc#1184742).
- ext4: fix potential error in ext4_do_update_inode (bsc#1184731).
- ext4: fix potential htree index checksum corruption (bsc#1184728).
- firmware: qcom-scm: Fix QCOM_SCM configuration (git-fixes).
- fnic: use scsi_host_busy_iter() to traverse commands (bsc#1179851).
- fotg210-udc: Complete OUT requests on short packets (git-fixes).
- fotg210-udc: Do not DMA more than the buffer can take (git-fixes).
- fotg210-udc: Fix DMA on EP0 for length > max packet size (git-fixes).
- fotg210-udc: Fix EP0 IN requests bigger than two packets (git-fixes).
- fotg210-udc: Mask GRP2 interrupts we do not handle (git-fixes).
- fotg210-udc: Remove a dubious condition leading to fotg210_done (git-fixes).
- fs: direct-io: fix missing sdio->boundary (bsc#1184736).
- fs/jfs: fix potential integer overflow on shift of a int (bsc#1184741).
- fsl/fman: reuse set_mac_address() in dtsec init() (bsc#1184811).
- fsl/fman: tolerate missing MAC address in device tree (bsc#1184811).
- gpio: omap: Save and restore sysconfig (git-fixes).
- gpio: sysfs: Obey valid_mask (git-fixes).
- HID: alps: fix error return code in alps_input_configured() (git-fixes).
- HID: google: add don USB id (git-fixes).
- HID: plantronics: Workaround for double volume key presses (git-fixes).
- HID: wacom: Assign boolean values to a bool variable (git-fixes).
- HID: wacom: set EV_KEY and EV_ABS only for non-HID_GENERIC type of devices (git-fixes).
- i2c: cadence: add IRQ check (git-fixes).
- i2c: emev2: add IRQ check (git-fixes).
- i2c: img-scb: fix reference leak when pm_runtime_get_sync fails (git-fixes).
- i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails (git-fixes).
- i2c: jz4780: add IRQ check (git-fixes).
- i2c: omap: fix reference leak when pm_runtime_get_sync fails (git-fixes).
- i2c: sh7760: add IRQ check (git-fixes).
- i2c: sh7760: fix IRQ error path (git-fixes).
- i2c: sprd: fix reference leak when pm_runtime_get_sync fails (git-fixes).
- i40e: Added Asym_Pause to supported link modes (git-fixes).
- i40e: Add zero-initialization of AQ command structures (git-fixes).
- i40e: Fix addition of RX filters after enabling FW LLDP agent (git-fixes).
- i40e: Fix add TC filter for IPv6 (git-fixes).
- i40e: Fix display statistics for veb_tc (git-fixes).
- i40e: Fix endianness conversions (git-fixes).
- i40e: Fix flow for IPv6 next header (extension header) (git-fixes).
- i40e: Fix kernel oops when i40e driver removes VF's (git-fixes).
- i40e: Fix overwriting flow control settings during driver loading (git-fixes).
- i40e: Fix sparse errors in i40e_txrx.c (git-fixes).
- i40e: Fix sparse warning: missing error code 'err' (git-fixes).
- i40e: fix the panic when running bpf in xdpdrv mode (git-fixes).
- ibmvnic: avoid calling napi_disable() twice (bsc#1065729).
- ibmvnic: clean up the remaining debugfs data structures (bsc#1065729).
- ibmvnic: correctly use dev_consume/free_skb_irq (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290 git-fixes).
- ibmvnic: improve failover sysfs entry (bsc#1043990 ltc#155681 git-fixes).
- ibmvnic: print adapter state as a string (bsc#1152457 ltc#174432 git-fixes).
- ibmvnic: print reset reason as a string (bsc#1152457 ltc#174432 git-fixes).
- ibmvnic: queue reset work in system_long_wq (bsc#1152457 ltc#174432 git-fixes).
- ibmvnic: remove duplicate napi_schedule call in do_reset function (bsc#1065729).
- ibmvnic: remove duplicate napi_schedule call in open function (bsc#1065729).
- ice: Account for port VLAN in VF max packet size calculation (git-fixes).
- ice: Cleanup fltr list in case of allocation issues (git-fixes).
- ice: Fix for dereference of NULL pointer (git-fixes).
- ice: Increase control queue timeout (git-fixes).
- ice: prevent ice_open and ice_stop during reset (git-fixes).
- igb: check timestamp validity (git-fixes).
- igb: Fix duplicate include guard (git-fixes).
- igc: Fix Pause Frame Advertising (git-fixes).
- igc: Fix Supported Pause Frame Link Setting (git-fixes).
- igc: reinit_locked() should be called with rtnl_lock (git-fixes).
- iio:accel:adis16201: Fix wrong axis assignment that prevents loading (git-fixes).
- ima: Free IMA measurement buffer after kexec syscall (git-fixes).
- Input: i8042 - fix Pegatron C15B ID entry (git-fixes).
- Input: nspire-keypad - enable interrupts only when opened (git-fixes).
- Input: s6sy761 - fix coordinate read bit shift (git-fixes).
- interconnect: core: fix error return code of icc_link_destroy() (git-fixes).
- iopoll: introduce read_poll_timeout macro (git-fixes).
- ipw2x00: potential buffer overflow in libipw_wx_set_encodeext() (git-fixes).
- irqchip: Add support for Layerscape external interrupt lines (bsc#1185233).
- irqchip/ls-extirq: add IRQCHIP_SKIP_SET_WAKE to the irqchip flags (bsc#1185233).
- irqchip/ls-extirq: Add LS1043A, LS1088A external interrupt support (bsc#1185233).
- isofs: release buffer head before return (bsc#1182613).
- ixgbe: fail to create xfrm offload of IPsec tunnel mode SA (git-fixes).
- jffs2: fix use after free in jffs2_sum_write_data() (bsc#1184740).
- kABI: cover up change in struct kvm_arch (bsc#1184969).
- kABI: Fix kABI caused by fixes for bsc#1174426 (bsc#1174426).
- kABI: powerpc/pseries: Add shutdown() to vio_driver and vio_bus (bsc#1184209 ltc#190917).
- kernel/smp: make csdlock timeout depend on boot parameter (bsc#1180846). 
- KVM: kvmclock: Fix vCPUs > 64 can't be online/hotpluged (bsc#1152489).
- KVM: PPC: Book3S HV P9: Restore host CTRL SPR after guest exit (bsc#1156395).
- KVM: PPC: Make the VMX instruction emulation routines static (bsc#1156395).
- libnvdimm/label: Return -ENXIO for no slot in __blk_label_update (bsc#1185269).
- libnvdimm/namespace: Fix reaping of invalidated block-window-namespace labels (bsc#1185269).
- libnvdimm/region: Fix nvdimm_has_flush() to handle ND_REGION_ASYNC (bsc#1184969 git-fixes).
- libnvdimm/security: ensure sysfs poll thread woke up and fetch updated attr (git-fixes).
- liquidio: Fix unintented sign extension of a left shift of a u16 (git-fixes).
- locking/qrwlock: Fix ordering in queued_write_lock_slowpath() (bsc#1185041).
- mac80211: bail out if cipher schemes are invalid (git-fixes).
- mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN (git-fixes).
- macvlan: macvlan_count_rx() needs to be aware of preemption (git-fixes).
- media: dvbdev: Fix memory leak in dvb_media_device_free() (git-fixes).
- media: m88rs6000t: avoid potential out-of-bounds reads on arrays (git-fixes).
- media: mantis: remove orphan mantis_core.c (git-fixes).
- media: omap4iss: return error code when omap4iss_get() failed (git-fixes).
- media: platform: sunxi: sun6i-csi: fix error return code of sun6i_video_start_streaming() (git-fixes).
- media: staging/intel-ipu3: Fix memory leak in imu_fmt (git-fixes).
- media: staging/intel-ipu3: Fix race condition during set_fmt (git-fixes).
- media: staging/intel-ipu3: Fix set_fmt error handling (git-fixes).
- media: v4l2-ctrls.c: fix race condition in hdl->requests list (git-fixes).
- memory: gpmc: fix out of bounds read and dereference on gpmc_cs[] (git-fixes).
- memory: pl353: fix mask of ECC page_size config register (git-fixes).
- mfd: lpc_sch: Partially revert 'Add support for Intel Quark X1000' (git-fixes).
- mfd: stm32-timers: Avoid clearing auto reload register (git-fixes).
- misc: lis3lv02d: Fix false-positive WARN on various HP models (git-fixes).
- misc: vmw_vmci: explicitly initialize vmci_datagram payload (git-fixes).
- misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct (git-fixes).
- mmc: core: Correct descriptions in mmc_of_parse() (git-fixes).
- mmc: cqhci: Add cqhci_deactivate() (git-fixes).
- mmc: mmc_spi: Drop unused NO_IRQ definition (git-fixes).
- mmc: sdhci-of-arasan: Add missed checks for devm_clk_register() (git-fixes).
- mmc: sdhci-of-dwcmshc: fix rpmb access (git-fixes).
- mmc: sdhci-of-dwcmshc: implement specific set_uhs_signaling (git-fixes).
- mmc: sdhci-of-esdhc: make sure delay chain locked for HS400 (git-fixes).
- mmc: sdhci-of-esdhc: set timeout to max before tuning (git-fixes).
- mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based controllers (git-fixes).
- mmc: sdhci: Use Auto CMD Auto Select only when v4_mode is true (git-fixes).
- mmc: uniphier-sd: Fix an error handling path in uniphier_sd_probe() (git-fixes).
- mmc: uniphier-sd: Fix a resource leak in the remove function (git-fixes).
- mm/rmap: fix potential pte_unmap on an not mapped pte (git-fixes).
- Move upstreamed i915 fix into sorted section
- mt7601u: fix always true expression (git-fixes).
- mtd: Handle possible -EPROBE_DEFER from parse_mtd_partitions() (git-fixes).
- mtd: rawnand: brcmnand: fix OOB R/W with Hamming ECC (git-fixes).
- mtd: rawnand: fsmc: Fix error code in fsmc_nand_probe() (git-fixes).
- mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init (git-fixes).
- mtd: rawnand: qcom: Return actual error code instead of -ENODEV (git-fixes).
- mtd: require write permissions for locking and badblock ioctls (git-fixes).
- mtd: spinand: core: add missing MODULE_DEVICE_TABLE() (git-fixes).
- mtd: spi-nor: Rename 'n25q512a' to 'mt25qu512a (n25q512a)' (bsc#1167260).
- mtd: spi-nor: Split mt25qu512a (n25q512a) entry into two (bsc#1167260).
- nbd: fix a block_device refcount leak in nbd_release (git-fixes).
- net: atlantic: fix out of range usage of active_vlans array (git-fixes).
- net: atlantic: fix potential error handling (git-fixes).
- net: atlantic: fix use after free kasan warn (git-fixes).
- net: dsa: felix: implement port flushing on .phylink_mac_link_down (git-fixes).
- net: enetc: remove bogus write to SIRXIDR from enetc_setup_rxbdr (git-fixes).
- net: enetc: take the MDIO lock only once per NAPI poll cycle (git-fixes).
- net: geneve: check skb is large enough for IPv4/IPv6 header (git-fixes).
- net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb (git-fixes).
- net: hns3: clear VF down state bit before request link status (git-fixes).
- net: hns3: fix bug when calculating the TCAM table info (git-fixes).
- net: hns3: fix query vlan mask value error for flow director (git-fixes).
- net: hns3: Remove un-necessary 'else-if' in the hclge_reset_event() (git-fixes).
- net: ll_temac: Add more error handling of dma_map_single() calls (git-fixes).
- net: ll_temac: Fix race condition causing TX hang (git-fixes).
- net: ll_temac: Fix RX buffer descriptor handling on GFP_ATOMIC pressure (git-fixes).
- net: ll_temac: Handle DMA halt condition caused by buffer underrun (git-fixes).
- net/mlx4_core: Add missed mlx4_free_cmd_mailbox() (git-fixes).
- net/mlx5: Do not request more than supported EQs (git-fixes).
- net/mlx5e: Do not match on Geneve options in case option masks are all zero (git-fixes).
- net/mlx5e: Fix error path for ethtool set-priv-flag (git-fixes).
- net/mlx5e: Fix ethtool indication of connector type (git-fixes).
- net/mlx5e: fix ingress_ifindex check in mlx5e_flower_parse_meta (jsc#SLE-8464).
- net:nfc:digital: Fix a double free in digital_tg_recv_dep_req (git-fixes).
- net: phy: intel-xway: enable integrated led functions (git-fixes).
- net: phy: marvell: fix m88e1011_set_downshift (git-fixes).
- net: phy: marvell: fix m88e1111_set_downshift (git-fixes).
- net/qlcnic: Fix a use after free in qlcnic_83xx_get_minidump_template (git-fixes).
- net: smc911x: Adjust indentation in smc911x_phy_configure (git-fixes).
- net: stmmac: fix missing IFF_MULTICAST check in dwmac4_set_filter (git-fixes).
- net: stmmac: xgmac: fix missing IFF_MULTICAST checki in dwxgmac2_set_filter (git-fixes).
- net: tulip: Adjust indentation in {dmfe, uli526x}_init_module (git-fixes).
- nfc: pn533: prevent potential memory corruption (git-fixes).
- nfp: flower: ignore duplicate merge hints from FW (git-fixes).
- node: fix device cleanups in error handling code (git-fixes).
- null_blk: fix passing of REQ_FUA flag in null_handle_rq (git-fixes).
- nvme-fabrics: reject I/O to offline device (bsc#1181161).
- nvme-tcp: fix possible hang when failing to set io queues (bsc#1181161).
- ocfs2: fix a use after free on error (bsc#1184738).
- pata_arasan_cf: fix IRQ check (git-fixes).
- pata_ipx4xx_cf: fix IRQ check (git-fixes).
- PCI/AER: Add pcie_walk_rcec() to RCEC AER handling (bsc#1174426).
- PCI/AER: Add RCEC AER error injection support (bsc#1174426).
- PCI/AER: Clear AER status from Root Port when resetting Downstream Port (bsc#1174426).
- PCI/AER: Specify the type of Port that was reset (bsc#1174426).
- PCI/AER: Use 'aer' variable for capability offset (bsc#1174426).
- PCI/AER: Write AER Capability only when we control it (bsc#1174426).
- PCI: designware-ep: Fix the Header Type check (git-fixes).
- PCI/ERR: Add pcie_link_rcec() to associate RCiEPs (bsc#1174426).
- PCI/ERR: Add pci_walk_bridge() to pcie_do_recovery() (bsc#1174426).
- PCI/ERR: Avoid negated conditional for clarity (bsc#1174426).
- PCI/ERR: Bind RCEC devices to the Root Port driver (bsc#1174426).
- PCI/ERR: Cache RCEC EA Capability offset in pci_init_capabilities() (bsc#1174426).
- PCI/ERR: Clear AER status only when we control AER (bsc#1174426).
- PCI/ERR: Clear PCIe Device Status errors only if OS owns AER (bsc#1174426).
- PCI/ERR: Clear status of the reporting device (bsc#1174426).
- PCI/ERR: Recover from RCEC AER errors (bsc#1174426).
- PCI/ERR: Recover from RCiEP AER errors (bsc#1174426).
- PCI/ERR: Rename reset_link() to reset_subordinates() (bsc#1174426).
- PCI/ERR: Retain status from error notification (bsc#1174426).
- PCI/ERR: Simplify by computing pci_pcie_type() once (bsc#1174426).
- PCI/ERR: Simplify by using pci_upstream_bridge() (bsc#1174426).
- PCI/ERR: Use 'bridge' for clarity in pcie_do_recovery() (bsc#1174426).
- PCI/PME: Add pcie_walk_rcec() to RCEC PME handling (bsc#1174426).
- PCI/portdrv: Report reset for frozen channel (bsc#1174426).
- PCI: tegra: Fix ASPM-L1SS advertisement disable code (git-fixes).
- PCI: tegra: Move 'dbi' accesses to post common DWC initialization (git-fixes).
- phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y, unconditionally (git-fixes).
- pinctrl: core: Fix kernel doc string for pin_get_name() (git-fixes).
- pinctrl: Ingenic: Add missing pins to the JZ4770 MAC MII group (git-fixes).
- platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with critclk_systems DMI table (git-fixes).
- PM: runtime: Add documentation for pm_runtime_resume_and_get() (git-fixes).
- powerepc/book3s64/hash: Align start/end address correctly with bolt mapping (bsc#1184957).
- powerpc/64s: Fix pte update for kernel memory on radix (bsc#1055117 git-fixes).
- powerpc/asm-offsets: GPR14 is not needed either (bsc#1065729).
- powerpc/eeh: Fix EEH handling for hugepages in ioremap space (bsc#1156395).
- powerpc/fadump: Mark fadump_calculate_reserve_size as __init (bsc#1065729).
- powerpc/mm: Add cond_resched() while removing hpte mappings (bsc#1183289 ltc#191637).
- powerpc/papr_scm: Fix build error due to wrong printf specifier (bsc#1184969).
- powerpc/papr_scm: Implement support for H_SCM_FLUSH hcall (bsc#1184969).
- powerpc/perf: Fix PMU constraint check for EBB events (bsc#1065729).
- powerpc/prom: Mark identical_pvr_fixup as __init (bsc#1065729).
- powerpc/pseries: Add shutdown() to vio_driver and vio_bus (bsc#1184209 ltc#190917).
- powerpc/time: Enable sched clock for irqtime (bsc#1156395).
- regmap: set debugfs_name to NULL after it is freed (git-fixes).
- regulator: Avoid a double 'of_node_get' in 'regulator_of_get_init_node()' (git-fixes).
- reintroduce cqhci_suspend for kABI (git-fixes).
- reiserfs: update reiserfs_xattrs_initialized() condition (bsc#1184737).
- rpm/constraints.in: bump disk space to 45GB on riscv64
- rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063).
- rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244)
- rpm/mkspec: Use tilde instead of dot for version string with rc (bsc#1184650)
- rsi: Use resume_noirq for SDIO (git-fixes).
- rsxx: remove extraneous 'const' qualifier (git-fixes).
- rtc: ds1307: Fix wday settings for rx8130 (git-fixes).
- rtc: fsl-ftm-alarm: add MODULE_TABLE() (bsc#1185454).
- rtc: fsl-ftm-alarm: avoid struct rtc_time conversions (bsc#1185454).
- rtc: fsl-ftm-alarm: enable acpi support (bsc#1185454).
- rtc: fsl-ftm-alarm: fix freeze(s2idle) failed to wake (bsc#1185454).
- rtc: fsl-ftm-alarm: report alarm to core (bsc#1185454).
- rtc: fsl-ftm-alarm: switch to ktime_get_real_seconds (bsc#1185454).
- rtc: fsl-ftm-alarm: switch to rtc_time64_to_tm/rtc_tm_to_time64 (bsc#1185454).
- rtc: fsl-ftm-alarm: update acpi device id (bsc#1185454).
- rtc: pcf2127: add alarm support (bsc#1185233).
- rtc: pcf2127: add pca2129 device id (bsc#1185233).
- rtc: pcf2127: add tamper detection support (bsc#1185233).
- rtc: pcf2127: add watchdog feature support (bsc#1185233).
- rtc: pcf2127: bugfix: watchdog build dependency (bsc#1185233).
- rtc: pcf2127: cleanup register and bit defines (bsc#1185233).
- rtc: pcf2127: convert to devm_rtc_allocate_device (bsc#1185233).
- rtc: pcf2127: fix a bug when not specify interrupts property (bsc#1185233).
- rtc: pcf2127: fix alarm handling (bsc#1185233).
- rtc: pcf2127: fix pcf2127_nvmem_read/write() returns (bsc#1185233).
- rtc: pcf2127: handle boot-enabled watchdog feature (bsc#1185233).
- rtc: pcf2127: let the core handle rtc range (bsc#1185233).
- rtc: pcf2127: move watchdog initialisation to a separate function (bsc#1185233).
- rtc: pcf2127: only use watchdog when explicitly available (bsc#1185233).
- rtc: pcf2127: properly set flag WD_CD for rtc chips(pcf2129, pca2129) (bsc#1185233).
- rtc: pcf2127: remove unnecessary #ifdef (bsc#1185233).
- rtc: pcf2127: set regmap max_register (bsc#1185233).
- rtc: pcf2127: watchdog: handle nowayout feature (bsc#1185233).
- rtlwifi: 8821ae: upgrade PHY and RF parameters (git-fixes).
- rtw88: Fix array overrun in rtw_get_tx_power_params() (git-fixes).
- sata_mv: add IRQ checks (git-fixes).
- scsi: block: Fix a race in the runtime power management code (git-fixes).
- scsi: core: add scsi_host_busy_iter() (bsc#1179851).
- scsi: core: Only return started requests from scsi_host_find_tag() (bsc#1179851).
- scsi: lpfc: Copyright updates for 12.8.0.9 patches (bsc#1185472).
- scsi: lpfc: Eliminate use of LPFC_DRIVER_NAME in lpfc_attr.c (bsc#1185472).
- scsi: lpfc: Fix a bunch of kernel-doc issues (bsc#1185472).
- scsi: lpfc: Fix a bunch of kernel-doc misdemeanours (bsc#1185472).
- scsi: lpfc: Fix a bunch of misnamed functions (bsc#1185472).
- scsi: lpfc: Fix a few incorrectly named functions (bsc#1185472).
- scsi: lpfc: Fix a typo (bsc#1185472).
- scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response (bsc#1185472).
- scsi: lpfc: Fix DMA virtual address ptr assignment in bsg (bsc#1185365).
- scsi: lpfc: Fix error handling for mailboxes completed in MBX_POLL mode (bsc#1185472).
- scsi: lpfc: Fix formatting and misspelling issues (bsc#1185472).
- scsi: lpfc: Fix gcc -Wstringop-overread warning (bsc#1185472).
- scsi: lpfc: Fix illegal memory access on Abort IOCBs (bsc#1183203).
- scsi: lpfc: Fix incorrectly documented function lpfc_debugfs_commonxripools_data() (bsc#1185472).
- scsi: lpfc: Fix incorrect naming of __lpfc_update_fcf_record() (bsc#1185472).
- scsi: lpfc: Fix kernel-doc formatting issue (bsc#1185472).
- scsi: lpfc: Fix lack of device removal on port swaps with PRLIs (bsc#1185472).
- scsi: lpfc: Fix lpfc_hdw_queue attribute being ignored (bsc#1185472).
- scsi: lpfc: Fix missing FDMI registrations after Mgmt Svc login (bsc#1185472).
- scsi: lpfc: Fix NMI crash during rmmod due to circular hbalock dependency (bsc#1185472).
- scsi: lpfc: Fix reference counting errors in lpfc_cmpl_els_rsp() (bsc#1185472).
- scsi: lpfc: Fix rmmod crash due to bad ring pointers to abort_iotag (bsc#1185472).
- scsi: lpfc: Fix silent memory allocation failure in lpfc_sli4_bsg_link_diag_test() (bsc#1185472).
- scsi: lpfc: Fix some error codes in debugfs (bsc#1185472).
- scsi: lpfc: Fix use-after-free on unused nodes after port swap (bsc#1185472).
- scsi: lpfc: Fix various trivial errors in comments and log messages (bsc#1185472).
- scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic (bsc#1185472).
- scsi: lpfc: Standardize discovery object logging format (bsc#1185472).
- scsi: lpfc: Update lpfc version to 12.8.0.9 (bsc#1185472).
- scsi: qla2xxx: Add error counters to debugfs node (bsc#1185491).
- scsi: qla2xxx: Add H:C:T info in the log message for fc ports (bsc#1185491).
- scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats() (bsc#1185491).
- scsi: qla2xxx: Assign boolean values to a bool variable (bsc#1185491).
- scsi: qla2xxx: Check kzalloc() return value (bsc#1185491).
- scsi: qla2xxx: Consolidate zio threshold setting for both FCP NVMe (bsc#1185491).
- scsi: qla2xxx: Constify struct qla_tgt_func_tmpl (bsc#1185491).
- scsi: qla2xxx: Do logout even if fabric scan retries got exhausted (bsc#1185491).
- scsi: qla2xxx: Enable NVMe CONF (BIT_7) when enabling SLER (bsc#1185491).
- scsi: qla2xxx: fc_remote_port_chkready() returns a SCSI result value (bsc#1185491).
- scsi: qla2xxx: Fix a couple of misdocumented functions (bsc#1185491).
- scsi: qla2xxx: Fix a couple of misnamed functions (bsc#1185491).
- scsi: qla2xxx: Fix broken #endif placement (bsc#1185491).
- scsi: qla2xxx: Fix crash in PCIe error handling (bsc#1185491).
- scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() (bsc#1185491).
- scsi: qla2xxx: Fix endianness annotations (bsc#1185491).
- scsi: qla2xxx: Fix incorrectly named function qla8044_check_temp() (bsc#1185491).
- scsi: qla2xxx: Fix IOPS drop seen in some adapters (bsc#1185491).
- scsi: qla2xxx: Fix mailbox Ch erroneous error (bsc#1185491).
- scsi: qla2xxx: Fix mailbox recovery during PCIe error (bsc#1185491).
- scsi: qla2xxx: Fix RISC RESET completion polling (bsc#1185491).
- scsi: qla2xxx: Fix some incorrect formatting/spelling issues (bsc#1185491).
- scsi: qla2xxx: Fix some memory corruption (bsc#1185491).
- scsi: qla2xxx: Fix stuck session (bsc#1185491).
- scsi: qla2xxx: Fix use after free in bsg (bsc#1185491).
- scsi: qla2xxx: Implementation to get and manage host, target stats and initiator port (bsc#1185491).
- scsi: qla2xxx: Move some messages from debug to normal log level (bsc#1185491).
- scsi: qla2xxx: Remove redundant NULL check (bsc#1185491).
- scsi: qla2xxx: Remove unnecessary NULL check (bsc#1185491).
- scsi: qla2xxx: Remove unneeded if-null-free check (bsc#1185491).
- scsi: qla2xxx: Replace __qla2x00_marker()'s missing underscores (bsc#1185491).
- scsi: qla2xxx: Reserve extra IRQ vectors (bsc#1184436).
- scsi: qla2xxx: Reuse existing error handling path (bsc#1185491).
- scsi: qla2xxx: Simplify if statement (bsc#1185491).
- scsi: qla2xxx: Simplify qla8044_minidump_process_control() (bsc#1185491).
- scsi: qla2xxx: Simplify the calculation of variables (bsc#1185491).
- scsi: qla2xxx: Suppress Coverity complaints about dseg_r* (bsc#1185491).
- scsi: qla2xxx: Update default AER debug mask (bsc#1185491).
- scsi: qla2xxx: Update version to 10.02.00.105-k (bsc#1185491).
- scsi: qla2xxx: Update version to 10.02.00.106-k (bsc#1185491).
- scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1185491).
- scsi: qla2xxx: Wait for ABTS response on I/O timeouts for NVMe (bsc#1185491).
- scsi: smartpqi: Correct driver removal with HBA disks (bsc#1178089).
- scsi: smartpqi: Correct pqi_sas_smp_handler busy condition (bsc#1178089).
- scsi: smartpqi: Update version to 1.2.16-012 (bsc#1178089).
- selftests/powerpc: Add pkey helpers for rights (bsc#1184934 ltc#191460).
- selftests/powerpc: Add test for execute-disabled pkeys (bsc#1184934 ltc#191460).
- selftests/powerpc: Add test for pkey siginfo verification (bsc#1184934 ltc#191460).
- selftests/powerpc: Add wrapper for gettid (bsc#1184934 ltc#191460).
- selftests/powerpc: Fix exit status of pkey tests (bsc#1184934 ltc#191460).
- selftests/powerpc: Fix L1D flushing tests for Power10 (bsc#1184934 ltc#191460).
- selftests/powerpc: Fix pkey syscall redefinitions (bsc#1184934 ltc#191460).
- selftests/powerpc: Move pkey helpers to headers (bsc#1184934 ltc#191460).
- selftests/powerpc: refactor entry and rfi_flush tests (bsc#1184934 ltc#191460).
- soc: aspeed: fix a ternary sign expansion bug (git-fixes).
- soc: qcom: mdt_loader: Detect truncated read of segments (git-fixes).
- soc: qcom: mdt_loader: Validate that p_filesz p_memsz (git-fixes).
- soundwire: bus: Fix device found flag correctly (git-fixes).
- soundwire: stream: fix memory leak in stream config error path (git-fixes).
- spi: fsl-dspi: fix NULL pointer dereference (bsc#1167260).
- spi: fsl-dspi: fix use-after-free in remove path (bsc#1167260).
- spi: fsl-dspi: fix wrong pointer in suspend/resume (bsc#1167260).
- spi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware() (git-fixes).
- spi: Introduce dspi_slave_abort() function for NXP's dspi SPI driver (bsc#1167260).
- spi: spi-fsl-dspi: Accelerate transfers using larger word size if possible (bsc#1167260).
- spi: spi-fsl-dspi: Add comments around dspi_pop_tx and dspi_push_rx functions (bsc#1167260).
- spi: spi-fsl-dspi: Adding shutdown hook (bsc#1167260).
- spi: spi-fsl-dspi: Add support for LS1028A (bsc#1167260).
- spi: spi-fsl-dspi: Always use the TCFQ devices in poll mode (bsc#1167260).
- spi: spi-fsl-dspi: Avoid NULL pointer in dspi_slave_abort for non-DMA mode (bsc#1167260).
- spi: spi-fsl-dspi: Avoid reading more data than written in EOQ mode (bsc#1167260).
- spi: spi-fsl-dspi: Change usage pattern of SPI_MCR_* and SPI_CTAR_* macros (bsc#1167260).
- spi: spi-fsl-dspi: Convert TCFQ users to XSPI FIFO mode (bsc#1167260).
- spi: spi-fsl-dspi: Convert the instantiations that support it to DMA (bsc#1167260).
- spi: spi-fsl-dspi: delete EOQ transfer mode (bsc#1167260).
- spi: spi-fsl-dspi: Demistify magic value in SPI_SR_CLEAR (bsc#1167260).
- spi: spi-fsl-dspi: Do not access reserved fields in SPI_MCR (bsc#1167260).
- spi: spi-fsl-dspi: Do not mask off undefined bits (bsc#1167260).
- spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours (bsc#1167260).
- spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (bsc#1167260).
- spi: spi-fsl-dspi: Fix bits-per-word acceleration in DMA mode (bsc#1167260).
- spi: spi-fsl-dspi: Fix code alignment (bsc#1167260).
- spi: spi-fsl-dspi: fix DMA mapping (bsc#1167260).
- spi: spi-fsl-dspi: Fix external abort on interrupt in resume or exit paths (bsc#1167260).
- spi: spi-fsl-dspi: Fix interrupt-less DMA mode taking an XSPI code path (bsc#1167260).
- spi: spi-fsl-dspi: Fix little endian access to PUSHR CMD and TXDATA (bsc#1167260).
- spi: spi-fsl-dspi: Fix lockup if device is removed during SPI transfer (bsc#1167260).
- spi: spi-fsl-dspi: Fix lockup if device is shutdown during SPI transfer (bsc#1167260).
- spi: spi-fsl-dspi: fix native data copy (bsc#1167260).
- spi: spi-fsl-dspi: Fix race condition in TCFQ/EOQ interrupt (bsc#1167260).
- spi: spi-fsl-dspi: Fix typos (bsc#1167260).
- spi: spi-fsl-dspi: Free DMA memory with matching function (bsc#1167260).
- spi: spi-fsl-dspi: Implement .max_message_size method for EOQ mode (bsc#1167260).
- spi: spi-fsl-dspi: Initialize completion before possible interrupt (bsc#1167260).
- spi: spi-fsl-dspi: LS2080A and LX2160A support XSPI mode (bsc#1167260).
- spi: spi-fsl-dspi: Make bus-num property optional (bsc#1167260).
- spi: spi-fsl-dspi: Move dspi_interrupt above dspi_transfer_one_message (bsc#1167260).
- spi: spi-fsl-dspi: Move invariant configs out of dspi_transfer_one_message (bsc#1167260).
- spi: spi-fsl-dspi: Optimize dspi_setup_accel for lowest interrupt count (bsc#1167260).
- spi: spi-fsl-dspi: Parameterize the FIFO size and DMA buffer size (bsc#1167260).
- spi: spi-fsl-dspi: Protect against races on dspi->words_in_flight (bsc#1167260).
- spi: spi-fsl-dspi: Reduce indentation in dspi_release_dma() (bsc#1167260).
- spi: spi-fsl-dspi: Reduce indentation level in dspi_interrupt (bsc#1167260).
- spi: spi-fsl-dspi: remove git-fixes Remove git-fixes. Prepare to update the driver. References: bsc#1167260
- spi: spi-fsl-dspi: Remove impossible to reach error check (bsc#1167260).
- spi: spi-fsl-dspi: Remove pointless assignment of master->transfer to NULL (bsc#1167260).
- spi: spi-fsl-dspi: Remove unused chip->void_write_data (bsc#1167260).
- spi: spi-fsl-dspi: Remove unused defines and includes (bsc#1167260).
- spi: spi-fsl-dspi: Remove unused initialization of 'ret' in dspi_probe (bsc#1167260).
- spi: spi-fsl-dspi: Rename fifo_{read,write} and {tx,cmd}_fifo_write (bsc#1167260).
- spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (bsc#1167260).
- spi: spi-fsl-dspi: Replace legacy spi_master names with spi_controller (bsc#1167260).
- spi: spi-fsl-dspi: set ColdFire to DMA mode (bsc#1167260).
- spi: spi-fsl-dspi: Simplify bytes_per_word gymnastics (bsc#1167260).
- spi: spi-fsl-dspi: Take software timestamp in dspi_fifo_write (bsc#1167260).
- spi: spi-fsl-dspi: Use BIT() and GENMASK() macros (bsc#1167260).
- spi: spi-fsl-dspi: Use dma_request_chan() instead dma_request_slave_channel() (bsc#1167260).
- spi: spi-fsl-dspi: Use EOQ for last word in buffer even for XSPI mode (bsc#1167260).
- spi: spi-fsl-dspi: Use poll mode in case the platform IRQ is missing (bsc#1167260).
- spi: spi-fsl-dspi: Use reverse Christmas tree declaration order (bsc#1167260).
- spi: spi-fsl-dspi: Use specific compatible strings for all SoC instantiations (bsc#1167260).
- spi: spi-fsl-dspi: use XSPI mode instead of DMA for DPAA2 SoCs (bsc#1167260).
- spi: spi-ti-qspi: Free DMA resources (git-fixes).
- staging: fwserial: fix TIOCGSERIAL implementation (git-fixes).
- staging: fwserial: fix TIOCSSERIAL implementation (git-fixes).
- staging: fwserial: fix TIOCSSERIAL jiffies conversions (git-fixes).
- staging: fwserial: fix TIOCSSERIAL permission check (git-fixes).
- staging: rtl8192u: Fix potential infinite loop (git-fixes).
- usb: CDC-ACM: fix poison/unpoison imbalance (bsc#1184984).
- usb: CDC-ACM: fix poison/unpoison imbalance (git-fixes).
- usb: cdc-acm: fix TIOCGSERIAL implementation (git-fixes).
- usb: cdc-acm: fix unprivileged TIOCCSERIAL (git-fixes).
- usb: dwc2: Fix hibernation between host and device modes (git-fixes).
- usb: dwc2: Fix host mode hibernation exit with remote wakeup flow (git-fixes).
- usb: dwc2: Fix session request interrupt handler (git-fixes).
- usb: dwc3: gadget: Fix START_TRANSFER link state check (git-fixes).
- usb: dwc3: keystone: use devm_platform_ioremap_resource() to simplify code (git-fixes).
- usb: dwc3: meson-g12a: use devm_platform_ioremap_resource() to simplify code (git-fixes).
- usb: dwc3: Switch to use device_property_count_u32() (git-fixes).
- usb: gadget: aspeed: fix dma map failure (git-fixes).
- usb: gadget: Fix double free of device descriptor pointers (git-fixes).
- usb: gadget: pch_udc: Check for DMA mapping error (git-fixes).
- usb: gadget: pch_udc: Check if driver is present before calling ->setup() (git-fixes).
- usb: gadget: pch_udc: Move pch_udc_init() to satisfy kernel doc (git-fixes).
- usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits() (git-fixes).
- usb: gadget: pch_udc: Revert d3cb25a12138 completely (git-fixes).
- usb: gadget: r8a66597: Add missing null check on return from platform_get_resource (git-fixes).
- usb: gadget: udc: fix wrong pointer passed to IS_ERR() and PTR_ERR() (git-fixes).
- usb: Remove dev_err() usage after platform_get_irq() (git-fixes).
- usb: serial: ark3116: fix TIOCGSERIAL implementation (git-fixes).
- usb: serial: f81232: fix TIOCGSERIAL implementation (git-fixes).
- usb: serial: f81534: fix TIOCGSERIAL implementation (git-fixes).
- usb: serial: fix return value for unsupported ioctls (git-fixes).
- usb: serial: mos7720: fix TIOCGSERIAL implementation (git-fixes).
- usb: serial: opticon: fix TIOCGSERIAL implementation (git-fixes).
- usb: serial: quatech2: fix TIOCGSERIAL implementation (git-fixes).
- usb: serial: ssu100: fix TIOCGSERIAL implementation (git-fixes).
- usb: serial: usb_wwan: fix TIOCGSERIAL implementation (git-fixes).
- usb: serial: usb_wwan: fix TIOCSSERIAL jiffies conversions (git-fixes).
- usb: serial: usb_wwan: fix unprivileged TIOCCSERIAL (git-fixes).
- usb: typec: tcpci: Check ROLE_CONTROL while interpreting CC_STATUS (git-fixes).
- usb: typec: tcpm: Address incorrect values of tcpm psy for fixed supply (git-fixes).
- usb: typec: tcpm: Honour pSnkStdby requirement during negotiation (git-fixes).
- veth: Store queue_mapping independently of XDP prog presence (git-fixes).
- vfio/pci: Add missing range check in vfio_pci_mmap (git-fixes).
- virt_wifi: Return micros for BSS TSF values (git-fixes).
- vxlan: move debug check after netdev unregister (git-fixes).
- workqueue: Move the position of debug_work_activate() in __queue_work() (bsc#1184893).
- x86/crash: Fix crash_setup_memmap_entries() out-of-bounds access (bsc#1152489).
- x86/insn: Add some Intel instructions to the opcode map (bsc#1184760).
- x86/insn: Add some more Intel instructions to the opcode map (bsc#1184760).
- x86/microcode: Check for offline CPUs before requesting new microcode (bsc#1152489).
- x86/mm: Fix NX bit clearing issue in kernel_map_pages_in_pgd (bsc#1152489).
- x86/platform/uv: Set section block size for hubless architectures (bsc#1152489).
- x86/reboot: Force all cpus to exit VMX root if VMX is supported (bsc#1152489).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1582-1
Released:    Wed May 12 13:40:03 2021
Summary:     Recommended update for lvm2
Type:        recommended
Severity:    moderate
References:  1184687,1185190
This update for lvm2 fixes the following issues:

- Honor 'lvm.conf' parameter event_activation=0 on 'pvscan --cache -aay'. (bsc#1185190)
- Fixed and issue when LVM can't be disabled on boot. (bsc#1184687)
- Update patch for avoiding apply warning messages. (bsc#1012973)

-----------------------------------------------------------------
Advisory ID: SUSE-OU-2021:1592-1
Released:    Wed May 12 13:47:41 2021
Summary:     Optional update for sed
Type:        optional
Severity:    low
References:  1183797
This update for sed fixes the following issues:

- Fixed a building issue with glibc-2.31 (bsc#1183797).

This patch is optional to install.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1600-1
Released:    Thu May 13 16:34:08 2021
Summary:     Recommended update for dracut
Type:        recommended
Severity:    moderate
References:  1185277
This update for dracut fixes the following issue:

Update to version 049.1+suse.188.gbf445638:

- Do not resolve symbolic links before `instmod`. (bsc#1185277)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1612-1
Released:    Fri May 14 17:09:39 2021
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    moderate
References:  1184614
This update for openldap2 fixes the following issue:

- Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614)
  
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1636-1
Released:    Wed May 19 13:33:56 2021
Summary:     Recommended update for grub2
Type:        security
Severity:    moderate
References:  1185580
This update for grub2 fixes the following issues:

- Fixed error with the shim_lock protocol that is not found on aarch64 (bsc#1185580).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1643-1
Released:    Wed May 19 13:51:48 2021
Summary:     Recommended update for pam
Type:        recommended
Severity:    important
References:  1181443,1184358,1185562
This update for pam fixes the following issues:

- Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443)
- Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to
  an attempt to resolve it as a hostname (bsc#1184358)
- In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562)


-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1647-1
Released:    Wed May 19 13:59:12 2021
Summary:     Security update for lz4
Type:        security
Severity:    important
References:  1185438,CVE-2021-3520
This update for lz4 fixes the following issues:

- CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1654-1
Released:    Wed May 19 16:43:36 2021
Summary:     Security update for libxml2
Type:        security
Severity:    important
References:  1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537
This update for libxml2 fixes the following issues:

- CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698)
- CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408).
- CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410).
- CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1669-1
Released:    Thu May 20 11:10:44 2021
Summary:     Recommended update for nfs-utils
Type:        recommended
Severity:    moderate
References:  1181540,1181651,1183194,1185170
This update for nfs-utils fixes the following issues:

- The '/var/run' is long deprecated - switch all relevant paths to '/run'. (bsc#1185170)
- Improve logging of authentication (bsc#1181540)
- Add man page of the 'nconnect mount'. (bsc#1181651)
- Fixed an issue when HANA crashed due to inaccessible/hanging NFS mount. (bsc#1183194)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1672-1
Released:    Thu May 20 13:44:41 2021
Summary:     Recommended update for supportutils
Type:        recommended
Severity:    moderate
References:  1021918,1089870,1168894,1169122,1169348,1170092,1170094,1170858,1176370,1178491,1180478,1181351,1181610,1181679,1181911,1182904,1182950,1183732,1183826,1184829,1184912
This update for supportutils fixes the following issues:

- Collects rotated logs with different compression types (bsc#1180478)
- Captures now IBM Power bootlist (jsc#SLE-15557)
- Fixed some errors with supportutils in combination with the btrfs filesystem (bsc#1168894)
- Fixed an issue with ntp.txt, when it contains large binary data (bsc#1169122)
- Checks package signatures in rpm.txt (bsc#1021918)
- Optimize find (bsc#1184912)
- Using zypper --xmlout (bsc#1181351)
- Error fix for sysfs.txt (bsc#1089870)
- Added list-timers to systemd.txt (bsc#1169348)
- Including nfs4 in search (bsc#1184829)
- [powerpc] Collect dynamic_debug log files for ibmvNIC #98 (bsc#1183826)
- Fixed mismatched taint flags (bsc#1178491)
- Removed redundant fdisk code that can cause timeout issues (bsc#1181679)
- Supportconfig processes -f without hanging (bsc#1182904)
- Collect logs for power specific components (using iprconfig) pr#94 (bsc#1182950)
- [powerpc] Collect logs for power specific components (HNV) pr#88 (bsc#1181911)
- Includes NVMe information with OPTION_NVME=1 in nvme.txt (bsc#1176370, SLE-15932)
- No longer truncates boot log (bsc#1181610)
- Collects rotated logs with different compression types (bsc#1180478)
- Capture IBM Power bootlist (SLE-15557)
- [powerpc] Collect logs for power specific components #72 (bscn#1176895)
- Fixed btrfs errors (bsc#1168894)
- Large ntp.txt with binary data (bsc#1169122)
- Only include hostinfo details in /etc/motd (bsc#1170092)
- Fixed CPU load average calculation (bsc#1170094)
- Understands 3rd party packages on SLES or OpenSUSE (bsc#1170858)
- Implement persistens host information across reboots (bsc#1183732)    

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1675-1
Released:    Thu May 20 15:00:23 2021
Summary:     Recommended update for snappy
Type:        recommended
Severity:    moderate
References:  1080040,1184507
This update for snappy fixes the following issues:

Update from version 1.1.3 to 1.1.8

- Small performance improvements.
- Removed `snappy::string` alias for `std::string`.
- Improved `CMake` configuration.
- Improved packages descriptions.
- Fix RPM groups.
- Aarch64 fixes
- PPC speedups
- PIE improvements
- Fix license install. (bsc#1080040)
- Fix a 1% performance regression when snappy is used in PIE executable.
- Improve compression performance by 5%.
- Improve decompression performance by 20%.
- Use better download URL.
- Fix a build issue for tensorflow2. (bsc#1184507)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1700-1
Released:    Mon May 24 16:39:35 2021
Summary:     Recommended update for google-guest-agent, google-guest-oslogin, google-osconfig-agent
Type:        recommended
Severity:    moderate
References:  1185848,1185849
This update for google-guest-agent, google-guest-oslogin, google-osconfig-agent contains the following fixes:

- Update to version 20210414.00 (bsc#1185848, bsc#1185849)
  * start sshd (#106)
  * Add systemd-networkd.service restart dependency. (#104)
  * Update error message for handleHealthCheckRequest. (#105)

- Update to version 20210429.00 (bsc#1185848, bsc#1185849)
  * correct pagetoken in groupsforuser (#59)
  * resolve self groups last (#58)
  * support empty groups (#57)
  * no paginating to find groups (#56)
  * clear users vector (#55)
  * correct usage of pagetoken (#54)

- Update to version 20210506.00 (bsc#1185848, bsc#1185849)
  * Add more os policy assignment examples (#348)
  * e2e_tests: enable stable tests for OSPolicies (#347)
  * Align start and end task logs (#346)
  * ConfigTask: add additional info logs (#345)
  * e2e_tests: add validation tests (#344)
  * Config Task: make sure agent respects policy mode (#343)
  * update
  * e2e_tests: readd retries to OSPolicies
  * Set minWaitDuration as a string instead of object (#341)
  * e2e_tests: Fix a few SUSE tests (#339)
  * Remove pre-release flag from config (#340)
  * e2e_tests: fixup OSPolicy tests (#338)
  * e2e_tests: unlock mutex for CreatePolicies as soon as create finishes (#337)
  * e2e_tests: Don't retry failed OSPolicy tests, fix msi test (#336)
  * Examples for os policy assignments (#334)
  * e2e_tests: increase the deadline for OSPolicy tests and only start after a zone has been secured (#335)
  * Fix panic when installing MSI (#332)
  * e2e_tests: Add test cases of installing dbe, rpm and msi packages (#333)
  * e2e_tests: add more logging
  * e2e_tests: (#330)
  * e2e_test: Add timouts to OSPolicy tests so we don't wait forever (#329)
  * Create top level directories for gcloud and console for os policy assignment examples (#328)
  * e2e_tests: Move api from an internal directory (#327)
  * Make sure we use the same test name for reruns (#326)
  * Add CONFIG_V1 capability (#325)
  * e2e_tests: reduce size of instances, use pd-balanced, rerun failed tests once (#324)
  * Only report installed packages for dpkg (#322)
  * e2e_tests: fix windows package and repository tests (#323)
  * Add top level directories for os policy examples (#321)
  * e2e_tests: move to using inventory api for inventory reporting (#320)
  * e2e_tests: add ExecResource tests (#319)
  * ExecResource: make sure we set permissions correctly for downloaded files (#318)
  * Config task: only run post check on resources that have already been evaluated (#317)
  * e2e_test: reorganize OSPolicy tests to be per Resource type (#316)
  * Set custom user agent (#299)
  * e2e_tests: check InstanceOSPoliciesCompliance for each test case, add LocalPath FileResource test (#314)
  * PackageResource: make sure to run AptUpdate prior to package install (#315)
  * Fix bugs/add more logging for OSPolicies (#313)
  * Change metadata http client to ignore http proxies (#312)
  * e2e_test: add tests for FileResource (#311)
  * Add task_type context logging (#310)
  * Fix e2e_test typo (#309)
  * Fix e2e_tests (#308)
  * Disable OSPolicies by default since it is an unreleased feature (#307)
  * e2e_tests: Add more OSPolicies package and repo tests (#306)
  * Do not enforce repo_gpgcheck in guestpolicies (#305)
  * Gather inventory 3-5min after agent start (#303)
  * e2e_tests: add OSPolicies tests for package install (#302)
  * Add helpful error log if a service account is missing (#304)
  * OSPolicies: correct apt repo extension, remove yum/zypper gpgcheck override (#301)
  * Update cos library to parse new version of packages file (#300)
  * config_task: Rework config step logic (#296)
  * e2e_test: enable serial logs in cos to support ReportInventory test (#297)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1702-1
Released:    Tue May 25 09:53:56 2021
Summary:     Recommended update for shim
Type:        recommended
Severity:    moderate
References:  1185464,1185961
This update for shim fixes the following issues:

- shim-install: instead of assuming 'removable' for Azure, remove fallback.efi from \EFI\Boot and copy grub.efi/cfg to \EFI\Boot
  to make \EFI\Boot bootable and keep the boot option created by efibootmgr (bsc#1185464, bsc#1185961)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1762-1
Released:    Wed May 26 12:30:01 2021
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1186114,CVE-2021-22898
This update for curl fixes the following issues:

- CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114).
- Allow partial chain verification [jsc#SLE-17956]
  * Have intermediate certificates in the trust store be treated
    as trust-anchors, in the same way as self-signed root CA
    certificates are. This allows users to verify servers using
    the intermediate cert only, instead of needing the whole chain.
  * Set FLAG_TRUSTED_FIRST unconditionally.
  * Do not check partial chains with CRL check.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1773-1
Released:    Wed May 26 17:22:21 2021
Summary:     Recommended update for python3
Type:        recommended
Severity:    low
References:  
This update for python3 fixes the following issues:

- Make sure to close the import_failed.map file after the exception
  has been raised in order to avoid ResourceWarnings when the
  failing import is part of a try...except block.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1801-1
Released:    Mon May 31 07:36:01 2021
Summary:     Recommended update for openssh
Type:        recommended
Severity:    moderate
References:  1115550,1174162
This update for openssh fixes the following issues:

- Fixed a race condition leading to a sshd termination of multichannel sessions with non-root users (bsc#1115550, bsc#1174162).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1833-1
Released:    Wed Jun  2 15:32:28 2021
Summary:     Recommended update for zypper
Type:        recommended
Severity:    moderate
References:  1153687,1180851,1181874,1182372,1182936,1183268,1183589,1183628,1184997,1185239
This update for zypper fixes the following issues:

zypper was upgraded to 1.14.44:

- man page: Recommend the needs-rebooting command to test whether a system reboot is suggested.
- patch: Let a patch's reboot-needed flag overrule included packages. (bsc#1183268)
- Quickfix setting 'openSUSE_Tumbleweed' as default platform for 'MicroOS'. (bsc#1153687)
- Protect against strict/relaxed user umask via sudo. (bsc#1183589)
- xml summary: Add solvables repository alias. (bsc#1182372)

libzypp was upgraded from version 17.25.8 to version 17.25.10

- Properly handle permission denied when providing optional files. (bsc#1185239)
- Fix service detection with `cgroupv2`. (bsc#1184997)
- Add missing includes for GCC 11. (bsc#1181874)
- Fix unsafe usage of static in media verifier.
- `Solver`: Avoid segfault if no system is loaded. (bsc#1183628)
- `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851)
- Do no cleanup in custom cache dirs. (bsc#1182936)
- `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1846-1
Released:    Fri Jun  4 08:46:37 2021
Summary:     Recommended update for mozilla-nss
Type:        recommended
Severity:    moderate
References:  1185910
This update for mozilla-nss fixes the following issue:

- Provide some missing binaries from `mozilla-nss` not added in `SLE-Module-Basesystem_15-SP3`. (bsc#1185910)
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1861-1
Released:    Fri Jun  4 09:59:40 2021
Summary:     Recommended update for gcc10
Type:        recommended
Severity:    moderate
References:  1029961,1106014,1178577,1178624,1178675,1182016
This update for gcc10 fixes the following issues:

- Disable nvptx offloading for aarch64 again since it doesn't work
- Fixed a build failure issue. (bsc#1182016)
- Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577)
- Fix 32bit 'libgnat.so' link. (bsc#1178675)
- prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961)
- Build complete set of multilibs for arm-none target. (bsc#1106014)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1879-1
Released:    Tue Jun  8 09:16:09 2021
Summary:     Recommended update for libzypp, zypper
Type:        recommended
Severity:    important
References:  1184326,1184399,1184997,1185325
This update for libzypp, zypper fixes the following issues:

libzypp was updated to 17.26.0:

- Work around download.o.o broken https redirects.
- Allow trusted repos to add additional signing keys (bsc#1184326)
  Repositories signed with a trusted gpg key may import additional
  package signing keys. This is needed if different keys were used
  to sign the the packages shipped by the repository.
- MediaCurl: Fix logging of redirects.
- Use 15.3 resolver problem and solution texts on all distros.
- $ZYPP_LOCK_TIMEOUT: Let negative values wait forever for the
  zypp lock (bsc#1184399)
  Helps boot time services like 'zypper purge-kernels' to wait for
  the zypp lock until other services using zypper have completed.
- Fix purge-kernels is broken in Leap 15.3 (bsc#1185325)
  Leap 15.3 introduces a new kernel package called
  kernel-flavour-extra, which contain kmp's. Currently kmp's are
  detected by name '.*-kmp(-.*)?' but this does not work which
  those new packages. This patch fixes the problem by checking
  packages for kmod(*) and ksym(*) provides and only falls back to
  name checking if the package in question does not provide one of
  those.
- Introduce zypp-runpurge, a tool to run purge-kernels on
  testcases.

zypper was updated to 1.14.45:

- Fix service detection with cgroupv2 (bsc#1184997)
- Add hints to 'trust GPG key' prompt.
- Add report when receiving new package signing keys from a
  trusted repo (bsc#1184326)
- Added translation using Weblate (Kabyle)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1882-1
Released:    Tue Jun  8 13:25:36 2021
Summary:     Recommended update for shim
Type:        recommended
Severity:    moderate
References:  1185464,1185961
This update for shim fixes the following issues:

- shim-install: remove the unexpected residual 'removable' label
  for Azure (bsc#1185464, bsc#1185961)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1890-1
Released:    Tue Jun  8 15:08:16 2021
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1087082,1133021,1152457,1152489,1155518,1156395,1164648,1177666,1178378,1178418,1178612,1179519,1179825,1179827,1179851,1182257,1182378,1182999,1183346,1183868,1183873,1183932,1183947,1183976,1184081,1184082,1184259,1184611,1184855,1185428,1185495,1185497,1185589,1185606,1185642,1185645,1185677,1185680,1185703,1185725,1185758,1185859,1185860,1185861,1185862,1185863,1185898,1185899,1185911,1185938,1185950,1185982,1185987,1185988,1186060,1186061,1186062,1186111,1186285,1186320,1186390,1186416,1186439,1186441,1186451,1186460,1186479,1186484,1186498,1186501,1186573,1186681,CVE-2020-24586,CVE-2020-24587,CVE-2020-24588,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2021-23134,CVE-2021-32399,CVE-2021-33034,CVE-2021-33200,CVE-2021-3491
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.


The following security bugs were fixed:

- CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic operations by the BPF verifier could be abused to perform out-of-bounds reads and writes in kernel memory (bsc#1186484).
- CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values. (bsc#1186111)
- CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. (bnc#1186062)
- CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed local attackers to elevate their privileges. (bnc#1186060)
- CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This vulnerability is related to the PROVIDE_BUFFERS operation, which allowed the MAX_RW_COUNT limit to be bypassed (bsc#1185642).
- CVE-2021-32399: Fixed a race condition when removing the HCI controller (bnc#1184611).
- CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances this can be abused to inject arbitrary network packets and/or exfiltrate user data (bnc#1185859).
- CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed (bnc#1185859 bnc#1185862).
- CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments, even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used (bnc#1185859).
- CVE-2020-24588: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. (bnc#1185861)
- CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (bnc#1185860)
- CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036H, where the Message Integrity Check (authenticity) of fragmented TKIP frames was not verified. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. (bnc#1185987)

The following non-security bugs were fixed:

- ACPI / hotplug / PCI: Fix reference count leak in enable_slot() (git-fixes).
- ACPI: GTDT: Do not corrupt interrupt mappings on watchdow probe failure (git-fixes).
- ACPI: custom_method: fix a possible memory leak (git-fixes).
- ACPI: custom_method: fix potential use-after-free issue (git-fixes).
- ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro (git-fixes).
- ALSA: bebob: enable to deliver MIDI messages for multiple ports (git-fixes).
- ALSA: dice: fix stream format at middle sampling rate for Alesis iO 26 (git-fixes).
- ALSA: dice: fix stream format for TC Electronic Konnekt Live at high sampling transfer frequency (git-fixes).
- ALSA: firewire-lib: fix calculation for size of IR context payload (git-fixes).
- ALSA: firewire-lib: fix check for the size of isochronous packet payload (git-fixes).
- ALSA: hda/conexant: Re-order CX5066 quirk table entries (git-fixes).
- ALSA: hda/realtek: ALC285 Thinkpad jack pin quirk is unreachable (git-fixes).
- ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293 (git-fixes).
- ALSA: hda/realtek: Headphone volume is controlled by Front mixer (git-fixes).
- ALSA: hda/realtek: reset eapd coeff to default value for alc287 (git-fixes).
- ALSA: hda: fixup headset for ASUS GU502 laptop (git-fixes).
- ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP (git-fixes).
- ALSA: hdsp: do not disable if not enabled (git-fixes).
- ALSA: hdspm: do not disable if not enabled (git-fixes).
- ALSA: intel8x0: Do not update period unless prepared (git-fixes).
- ALSA: line6: Fix racy initialization of LINE6 MIDI (git-fixes).
- ALSA: rme9652: do not disable if not enabled (git-fixes).
- ALSA: usb-audio: Validate MS endpoint descriptors (git-fixes).
- ALSA: usb-audio: fix control-request direction (git-fixes).
- ALSA: usb-audio: scarlett2: Fix device hang with ehci-pci (git-fixes).
- ALSA: usb-audio: scarlett2: Improve driver startup messages (git-fixes).
- ALSA: usb-audio: scarlett2: snd_scarlett_gen2_controls_create() can be static (git-fixes).
- ARM64: vdso32: Install vdso32 from vdso_install (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet (git-fixes).
- ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus T100TAF (git-fixes).
- ASoC: cs35l33: fix an error code in probe() (git-fixes).
- ASoC: cs42l42: Regmap must use_single_read/write (git-fixes).
- ASoC: rsnd: call rsnd_ssi_master_clk_start() from rsnd_ssi_init() (git-fixes).
- ASoC: rsnd: core: Check convert rate in rsnd_hw_params (git-fixes).
- ASoC: rt286: Generalize support for ALC3263 codec (git-fixes).
- ASoC: rt286: Make RT286_SET_GPIO_* readable and writable (git-fixes).
- Bluetooth: L2CAP: Fix handling LE modes by L2CAP_OPTIONS (git-fixes).
- Bluetooth: SMP: Fail if remote and local public keys are identical (git-fixes).
- Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default (git-fixes).
- Bluetooth: check for zapped sk before connecting (git-fixes).
- Bluetooth: initialize skb_queue_head at l2cap_chan_create() (git-fixes).
- Drivers: hv: vmbus: Fix Suspend-to-Idle for Generation-2 VM (git-fixes).
- Drivers: hv: vmbus: Increase wait time for VMbus unload (bsc#1185725).
- Drivers: hv: vmbus: Initialize unload_event statically (bsc#1185725).
- Drivers: hv: vmbus: Use after free in __vmbus_open() (git-fixes).
- Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated devices (git-fixes).
- Input: silead - add workaround for x86 BIOS-es which bring the chip up in a stuck state (git-fixes).
- KVM: s390: fix guarded storage control register handling (bsc#1133021).
- Move upstreamed media fixes into sorted section
- NFC: nci: fix memory leak in nci_allocate_device (git-fixes).
- PCI/RCEC: Fix RCiEP device to RCEC association (git-fixes).
- PCI: Allow VPD access for QLogic ISP2722 (git-fixes).
- PCI: PM: Do not read power state in pci_enable_device_flags() (git-fixes).
- PCI: Release OF node in pci_scan_device()'s error path (git-fixes).
- PCI: endpoint: Fix missing destroy_workqueue() (git-fixes).
- PCI: iproc: Fix return value of iproc_msi_irq_domain_alloc() (git-fixes).
- PCI: thunder: Fix compile testing (git-fixes).
- PM / devfreq: Use more accurate returned new_freq as resume_freq (git-fixes).
- RDMA/addr: create addr_wq with WQ_MEM_RECLAIM flag (bsc#1183346).
- RDMA/core: create ib_cm with WQ_MEM_RECLAIM flag (bsc#1183346).
- RDMA/hns: Delete redundant abnormal interrupt status (git-fixes).
- RDMA/hns: Delete redundant condition judgment related to eq (git-fixes).
- RDMA/qedr: Fix error return code in qedr_iw_connect() (jsc#SLE-8215).
- RDMA/srpt: Fix error return code in srpt_cm_req_recv() (git-fixes).
- Revert 'arm64: vdso: Fix compilation with clang older than 8' (git-fixes).
- Revert 'gdrom: fix a memory leak bug' (git-fixes).
- Revert 'i3c master: fix missing destroy_workqueue() on error in i3c_master_register' (git-fixes).
- Revert 'leds: lp5523: fix a missing check of return value of lp55xx_read' (git-fixes).
- Revert 337f13046ff0 ('futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT op') (git-fixes).
- SUNRPC in case of backlog, hand free slots directly to waiting task (bsc#1185428).
- SUNRPC: More fixes for backlog congestion (bsc#1185428).
- USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet (git-fixes).
- USB: Add reset-resume quirk for WD19's Realtek Hub (git-fixes).
- USB: serial: pl2303: add support for PL2303HXN (bsc#1186320).
- USB: serial: pl2303: fix line-speed handling on newer chips (bsc#1186320).
- USB: serial: ti_usb_3410_5052: fix TIOCSSERIAL permission check (git-fixes).
- USB: trancevibrator: fix control-request direction (git-fixes).
- amdgpu: avoid incorrect %hu format string (git-fixes).
- arm64/mm: Fix pfn_valid() for ZONE_DEVICE based memory (git-fixes).
- arm64: Add missing ISB after invalidating TLB in __primary_switch (git-fixes).
- arm64: avoid -Woverride-init warning (git-fixes).
- arm64: kasan: fix page_alloc tagging with DEBUG_VIRTUAL (git-fixes).
- arm64: kdump: update ppos when reading elfcorehdr (git-fixes).
- arm64: kexec_file: fix memory leakage in create_dtb() when fdt_open_into() fails (git-fixes).
- arm64: link with -z norelro for LLD or aarch64-elf (git-fixes).
- arm64: link with -z norelro regardless of CONFIG_RELOCATABLE (git-fixes).
- arm64: ptrace: Fix seccomp of traced syscall -1 (NO_SYSCALL) (git-fixes).
- arm64: ptrace: Use NO_SYSCALL instead of -1 in syscall_trace_enter() (git-fixes).
- arm64: vdso32: make vdso32 install conditional (git-fixes).
- arm: mm: use __pfn_to_section() to get mem_section (git-fixes).
- ata: ahci: Disable SXS for Hisilicon Kunpeng920 (git-fixes).
- blk-iocost: ioc_pd_free() shouldn't assume irq disabled (git-fixes).
- blk-mq: Swap two calls in blk_mq_exit_queue() (git-fixes).
- block/genhd: use atomic_t for disk_event->block (bsc#1185497).
- block: Fix three kernel-doc warnings (git-fixes).
- block: fix get_max_io_size() (git-fixes).
- bnxt_en: Fix RX consumer index logic in the error path (git-fixes).
- bnxt_en: fix ternary sign extension bug in bnxt_show_temp() (git-fixes).
- bpf: Fix leakage of uninitialized bpf stack under speculation (bsc#1155518).
- bpf: Fix masking negation logic upon negative dst register (bsc#1155518).
- btrfs: fix race between transaction aborts and fsyncs leading to use-after-free (bsc#1186441).
- btrfs: fix race when picking most recent mod log operation for an old root (bsc#1186439).
- cdc-wdm: untangle a circular dependency between callback and softint (git-fixes).
- cdrom: gdrom: deallocate struct gdrom_unit fields in remove_gdrom (git-fixes).
- cdrom: gdrom: initialize global variable at init time (git-fixes).
- ceph: do not clobber i_snap_caps on non-I_NEW inode (bsc#1186501).
- ceph: fix inode leak on getattr error in __fh_to_dentry (bsc#1186501).
- ceph: fix up error handling with snapdirs (bsc#1186501).
- ceph: only check pool permissions for regular files (bsc#1186501).
- cfg80211: scan: drop entry from hidden_list on overflow (git-fixes).
- clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return (git-fixes).
- cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (bsc#1185758).
- crypto: api - check for ERR pointers in crypto_destroy_tfm() (git-fixes).
- crypto: mips/poly1305 - enable for all MIPS processors (git-fixes).
- crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init (git-fixes).
- crypto: qat - Fix a double free in adf_create_ring (git-fixes).
- crypto: qat - do not release uninitialized resources (git-fixes).
- crypto: qat - fix error path in adf_isr_resource_alloc() (git-fixes).
- crypto: qat - fix unmap invalid dma address (git-fixes).
- crypto: stm32/cryp - Fix PM reference leak on stm32-cryp.c (git-fixes).
- crypto: stm32/hash - Fix PM reference leak on stm32-hash.c (git-fixes).
- cxgb4: Fix unintentional sign extension issues (git-fixes).
- dm: avoid filesystem lookup in dm_get_dev_t() (git-fixes).
- dmaengine: dw-edma: Fix crash on loading/unloading driver (git-fixes).
- docs: kernel-parameters: Add gpio_mockup_named_lines (git-fixes).
- docs: kernel-parameters: Move gpio-mockup for alphabetic order (git-fixes).
- drivers: hv: Fix whitespace errors (bsc#1185725).
- drm/amd/display: Fix UBSAN warning for not a valid value for type '_Bool' (git-fixes).
- drm/amd/display: Fix two cursor duplication when using overlay (git-fixes).
- drm/amd/display: Force vsync flip when reconfiguring MPCC (git-fixes).
- drm/amd/display: Reject non-zero src_y and src_x for video planes (git-fixes).
- drm/amd/display: fix dml prefetch validation (git-fixes).
- drm/amd/display: fixed divide by zero kernel crash during dsc enablement (git-fixes).
- drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f (git-fixes).
- drm/amdgpu: disable 3DCGCG on picasso/raven1 to avoid compute hang (git-fixes).
- drm/amdgpu: fix NULL pointer dereference (git-fixes).
- drm/amdgpu: mask the xgmi number of hops reported from psp to kfd (git-fixes).
- drm/amdkfd: Fix cat debugfs hang_hws file causes system crash bug (git-fixes).
- drm/i915: Avoid div-by-zero on gen2 (git-fixes).
- drm/meson: fix shutdown crash when component not probed (git-fixes).
- drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal (git-fixes).
- drm/msm/mdp5: Do not multiply vclk line count by 100 (git-fixes).
- drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected (git-fixes).
- drm/radeon: Avoid power table parsing memory leaks (git-fixes).
- drm/radeon: Fix off-by-one power_state index heap overwrite (git-fixes).
- drm/vkms: fix misuse of WARN_ON (git-fixes).
- drm: Added orientation quirk for OneGX1 Pro (git-fixes).
- ethernet:enic: Fix a use after free bug in enic_hard_start_xmit (git-fixes).
- extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has been unplugged (git-fixes).
- extcon: arizona: Fix various races on driver unbind (git-fixes).
- fbdev: zero-fill colormap in fbcmap.c (git-fixes).
- firmware: arm_scpi: Prevent the ternary sign expansion bug (git-fixes).
- fs/epoll: restore waking from ep_done_scan() (bsc#1183868).
- ftrace: Handle commands when closing set_ftrace_filter file (git-fixes).
- futex: Change utime parameter to be 'const ... *' (git-fixes).
- futex: Do not apply time namespace adjustment on FUTEX_LOCK_PI (bsc#1164648).
- futex: Get rid of the val2 conditional dance (git-fixes).
- futex: Make syscall entry points less convoluted (git-fixes).
- genirq/irqdomain: Do not try to free an interrupt that has no (git-fixes)
- genirq: Disable interrupts for force threaded handlers (git-fixes)
- genirq: Reduce irqdebug cacheline bouncing (bsc#1185703 ltc#192641).
- gpio: xilinx: Correct kernel doc for xgpio_probe() (git-fixes).
- gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055 (git-fixes).
- hrtimer: Update softirq_expires_next correctly after (git-fixes)
- hwmon: (occ) Fix poll rate limiting (git-fixes).
- i2c: Add I2C_AQ_NO_REP_START adapter quirk (git-fixes).
- i2c: bail out early when RDWR parameters are wrong (git-fixes).
- i2c: i801: Do not generate an interrupt on bus reset (git-fixes).
- i2c: s3c2410: fix possible NULL pointer deref on read message after write (git-fixes).
- i2c: sh_mobile: Use new clock calculation formulas for RZ/G2E (git-fixes).
- i40e: Fix PHY type identifiers for 2.5G and 5G adapters (git-fixes).
- i40e: Fix use-after-free in i40e_client_subtask() (git-fixes).
- i40e: fix broken XDP support (git-fixes).
- i40e: fix the restart auto-negotiation after FEC modified (git-fixes).
- ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938 ltc#192043).
- ibmvfc: Handle move login failure (bsc#1185938 ltc#192043).
- ibmvfc: Reinit target retries (bsc#1185938 ltc#192043).
- ibmvnic: remove default label from to_string switch (bsc#1152457 ltc#174432 git-fixes).
- ics932s401: fix broken handling of errors when word reading fails (git-fixes).
- iio: adc: ad7124: Fix missbalanced regulator enable / disable on error (git-fixes).
- iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers (git-fixes).
- iio: adc: ad7768-1: Fix too small buffer passed to iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: adc: ad7793: Add missing error code in ad7793_setup() (git-fixes).
- iio: gyro: fxas21002c: balance runtime power in error path (git-fixes).
- iio: gyro: mpu3050: Fix reported temperature value (git-fixes).
- iio: proximity: pulsedlight: Fix rumtime PM imbalance on error (git-fixes).
- iio: tsl2583: Fix division by a zero lux_val (git-fixes).
- intel_th: Consistency and off-by-one fix (git-fixes).
- iommu/amd: Add support for map/unmap_resource (jsc#ECO-3482).
- ipc/mqueue, msg, sem: Avoid relying on a stack reference past its expiry (bsc#1185988).
- ipmi/watchdog: Stop watchdog timer when the current action is 'none' (bsc#1184855).
- kernel-docs.spec.in: Build using an utf-8 locale. Sphinx cannot handle UTF-8 input in non-UTF-8 locale.
- leds: lp5523: check return value of lp5xx_read and jump to cleanup code (git-fixes).
- lpfc: Decouple port_template and vport_template (bsc#185032).
- mac80211: clear the beacon's CRC after channel switch (git-fixes).
- md-cluster: fix use-after-free issue when removing rdev (bsc#1184082).
- md/raid1: properly indicate failure when ending a failed write request (bsc#1185680).
- md: do not flush workqueue unconditionally in md_open (bsc#1184081).
- md: factor out a mddev_find_locked helper from mddev_find (bsc#1184081).
- md: md_open returns -EBUSY when entering racing area (bsc#1184081).
- md: split mddev_find (bsc#1184081).
- media: adv7604: fix possible use-after-free in adv76xx_remove() (git-fixes).
- media: drivers: media: pci: sta2x11: fix Kconfig dependency on GPIOLIB (git-fixes).
- media: dvb-usb: fix memory leak in dvb_usb_adapter_init (git-fixes).
- media: em28xx: fix memory leak (git-fixes).
- media: gspca/sq905.c: fix uninitialized variable (git-fixes).
- media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove() (git-fixes).
- media: i2c: adv7842: fix possible use-after-free in adv7842_remove() (git-fixes).
- media: i2c: tda1997: Fix possible use-after-free in tda1997x_remove() (git-fixes).
- media: imx: capture: Return -EPIPE from __capture_legacy_try_fmt() (git-fixes).
- media: ite-cir: check for receive overflow (git-fixes).
- media: media/saa7164: fix saa7164_encoder_register() memory leak bugs (git-fixes).
- media: platform: sti: Fix runtime PM imbalance in regs_show (git-fixes).
- media: tc358743: fix possible use-after-free in tc358743_remove() (git-fixes).
- mfd: arizona: Fix rumtime PM imbalance on error (git-fixes).
- misc/uss720: fix memory leak in uss720_probe (git-fixes).
- mlxsw: spectrum_mr: Update egress RIF list before route's action (git-fixes).
- mm: memcontrol: fix cpuhotplug statistics flushing (bsc#1185606).
- mmc: block: Update ext_csd.cache_ctrl if it was written (git-fixes).
- mmc: core: Do a power cycle when the CMD11 fails (git-fixes).
- mmc: core: Set read only for SD cards with permanent write protect bit (git-fixes).
- mmc: sdhci-pci-gli: increase 1.8V regulator wait (git-fixes).
- mmc: sdhci-pci: Add PCI IDs for Intel LKF (git-fixes).
- mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-based controllers (git-fixes).
- mmc: sdhci: Check for reset prior to DMA address unmap (git-fixes).
- net, xdp: Update pkt_type if generic XDP changes unicast MAC (git-fixes).
- net: enetc: fix link error again (git-fixes).
- net: hns3: Fix for geneve tx checksum bug (git-fixes).
- net: hns3: add check for HNS3_NIC_STATE_INITED in hns3_reset_notify_up_enet() (git-fixes).
- net: hns3: clear unnecessary reset request in hclge_reset_rebuild (git-fixes).
- net: hns3: disable phy loopback setting in hclge_mac_start_phy (git-fixes).
- net: hns3: fix for vxlan gpe tx checksum bug (git-fixes).
- net: hns3: fix incorrect configuration for igu_egu_hw_err (git-fixes).
- net: hns3: initialize the message content in hclge_get_link_mode() (git-fixes).
- net: hns3: use netif_tx_disable to stop the transmit queue (git-fixes).
- net: thunderx: Fix unintentional sign extension issue (git-fixes).
- net: usb: fix memory leak in smsc75xx_bind (git-fixes).
- netdevice: Add missing IFF_PHONY_HEADROOM self-definition (git-fixes).
- netfilter: conntrack: add new sysctl to disable RST check (bsc#1183947 bsc#1185950).
- netfilter: conntrack: avoid misleading 'invalid' in log message (bsc#1183947 bsc#1185950).
- netfilter: conntrack: improve RST handling when tuple is re-used (bsc#1183947 bsc#1185950).
- nvme-core: add cancel tagset helpers (bsc#1183976).
- nvme-fabrics: decode host pathing error for connect (bsc#1179827).
- nvme-fc: check sgl supported by target (bsc#1179827).
- nvme-fc: clear q_live at beginning of association teardown (bsc#1186479).
- nvme-fc: return NVME_SC_HOST_ABORTED_CMD when a command has been aborted (bsc#1184259).
- nvme-fc: set NVME_REQ_CANCELLED in nvme_fc_terminate_exchange() (bsc#1184259).
- nvme-fc: short-circuit reconnect retries (bsc#1179827).
- nvme-multipath: fix double initialization of ANA state (bsc#1178612, bsc#1184259).
- nvme-multipath: reset bdev to ns head when failover (bsc#178378 bsc#1182999).
- nvme-pci: Remove tag from process cq (git-fixes).
- nvme-pci: Remove two-pass completions (git-fixes).
- nvme-pci: Simplify nvme_poll_irqdisable (git-fixes).
- nvme-pci: align io queue count with allocted nvme_queue in (git-fixes).
- nvme-pci: avoid race between nvme_reap_pending_cqes() and nvme_poll() (git-fixes).
- nvme-pci: dma read memory barrier for completions (git-fixes).
- nvme-pci: fix 'slimmer CQ head update' (git-fixes).
- nvme-pci: make sure write/poll_queues less or equal then cpu (git-fixes).
- nvme-pci: remove last_sq_tail (git-fixes).
- nvme-pci: remove volatile cqes (git-fixes).
- nvme-pci: slimmer CQ head update (git-fixes).
- nvme-pci: use simple suspend when a HMB is enabled (git-fixes).
- nvme-tcp: Fix possible race of io_work and direct send (git-fixes).
- nvme-tcp: Fix warning with CONFIG_DEBUG_PREEMPT (git-fixes).
- nvme-tcp: add clean action for failed reconnection (bsc#1183976).
- nvme-tcp: fix kconfig dependency warning when !CRYPTO (git-fixes).
- nvme-tcp: fix misuse of __smp_processor_id with preemption (git-fixes).
- nvme-tcp: fix possible hang waiting for icresp response (bsc#1179519).
- nvme-tcp: use cancel tagset helper for tear down (bsc#1183976).
- nvme: Fix NULL dereference for pci nvme controllers (bsc#1182378).
- nvme: add 'kato' sysfs attribute (bsc#1179825).
- nvme: add NVME_REQ_CANCELLED flag in nvme_cancel_request() (bsc#1184259).
- nvme: define constants for identification values (git-fixes).
- nvme: do not intialize hwmon for discovery controllers (bsc#1184259).
- nvme: do not intialize hwmon for discovery controllers (git-fixes).
- nvme: document nvme controller states (git-fixes).
- nvme: explicitly update mpath disk capacity on revalidation (git-fixes).
- nvme: expose reconnect_delay and ctrl_loss_tmo via sysfs (bsc#1182378).
- nvme: fix controller instance leak (git-fixes).
- nvme: fix deadlock in disconnect during scan_work and/or ana_work (git-fixes).
- nvme: fix possible deadlock when I/O is blocked (git-fixes).
- nvme: remove superfluous else in nvme_ctrl_loss_tmo_store (bsc#1182378).
- nvme: retrigger ANA log update if group descriptor isn't found (git-fixes)
- nvme: sanitize KATO setting (bsc#1179825).
- nvme: simplify error logic in nvme_validate_ns() (bsc#1184259).
- nvmet: fix a memory leak (git-fixes).
- nvmet: seset ns->file when open fails (bsc#1183873).
- nvmet: use new ana_log_size instead the old one (bsc#1184259).
- nxp-i2c: restore includes for kABI (bsc#1185589).
- nxp-nci: add NXP1002 id (bsc#1185589).
- phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove() (git-fixes).
- pinctrl: ingenic: Improve unreachable code generation (git-fixes).
- pinctrl: samsung: use 'int' for register masks in Exynos (git-fixes).
- platform/mellanox: mlxbf-tmfifo: Fix a memory barrier issue (git-fixes).
- platform/x86: intel_pmc_core: Do not use global pmcdev in quirks (git-fixes).
- platform/x86: thinkpad_acpi: Correct thermal sensor allocation (git-fixes).
- posix-timers: Preserve return value in clock_adjtime32() (git-fixes)
- power: supply: Use IRQF_ONESHOT (git-fixes).
- power: supply: generic-adc-battery: fix possible use-after-free in gab_remove() (git-fixes).
- power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_bat_remove() (git-fixes).
- powerpc/64s: Fix crashes when toggling entry flush barrier (bsc#1177666 git-fixes).
- powerpc/64s: Fix crashes when toggling stf barrier (bsc#1087082 git-fixes).
- qtnfmac: Fix possible buffer overflow in qtnf_event_handle_external_auth (git-fixes).
- rtc: pcf2127: handle timestamp interrupts (bsc#1185495).
- s390/dasd: fix hanging DASD driver unbind (bsc#1183932 LTC#192153).
- s390/entry: save the caller of psw_idle (bsc#1185677).
- s390/kdump: fix out-of-memory with PCI (bsc#1182257 LTC#191375).
- sched/eas: Do not update misfit status if the task is pinned (git-fixes)
- sched/fair: Avoid stale CPU util_est value for schedutil in (git-fixes)
- sched/fair: Fix unfairness caused by missing load decay (git-fixes)
- scripts/git_sort/git_sort.py: add bpf git repo
- scsi: core: Run queue in case of I/O resource contention failure (bsc#1186416).
- scsi: fnic: Kill 'exclude_id' argument to fnic_cleanup_io() (bsc#1179851).
- scsi: libfc: Avoid invoking response handler twice if ep is already completed (bsc#1186573).
- scsi: lpfc: Add a option to enable interlocked ABTS before job completion (bsc#1186451).
- scsi: lpfc: Add ndlp kref accounting for resume RPI path (bsc#1186451).
- scsi: lpfc: Fix 'Unexpected timeout' error in direct attach topology (bsc#1186451).
- scsi: lpfc: Fix Node recovery when driver is handling simultaneous PLOGIs (bsc#1186451).
- scsi: lpfc: Fix bad memory access during VPD DUMP mailbox command (bsc#1186451).
- scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the SGLs (bsc#1186451).
- scsi: lpfc: Fix node handling for Fabric Controller and Domain Controller (bsc#1186451).
- scsi: lpfc: Fix non-optimized ERSP handling (bsc#1186451).
- scsi: lpfc: Fix unreleased RPIs when NPIV ports are created (bsc#1186451).
- scsi: lpfc: Ignore GID-FT response that may be received after a link flip (bsc#1186451).
- scsi: lpfc: Reregister FPIN types if ELS_RDF is received from fabric controller (bsc#1186451).
- scsi: lpfc: Update lpfc version to 12.8.0.10 (bsc#1186451).
- sctp: delay auto_asconf init until binding the first addr (<[email protected]>).
- serial: core: fix suspicious security_locked_down() call (git-fixes).
- serial: core: return early on unsupported ioctls (git-fixes).
- serial: sh-sci: Fix off-by-one error in FIFO threshold register setting (git-fixes).
- serial: stm32: fix incorrect characters on console (git-fixes).
- serial: stm32: fix tx_empty condition (git-fixes).
- serial: tegra: Fix a mask operation that is always true (git-fixes).
- smc: disallow TCP_ULP in smc_setsockopt() (git-fixes).
- spi: ath79: always call chipselect function (git-fixes).
- spi: ath79: remove spi-master setup and cleanup assignment (git-fixes).
- spi: dln2: Fix reference leak to master (git-fixes).
- spi: omap-100k: Fix reference leak to master (git-fixes).
- spi: qup: fix PM reference leak in spi_qup_remove() (git-fixes).
- spi: spi-fsl-dspi: Fix a resource leak in an error handling path (git-fixes).
- staging: emxx_udc: fix loop in _nbu2ss_nuke() (git-fixes).
- staging: iio: cdc: ad7746: avoid overwrite of num_channels (git-fixes).
- tcp: fix to update snd_wl1 in bulk receiver fast path (<[email protected]>).
- thermal/drivers/ti-soc-thermal/bandgap Remove unused variable 'val' (git-fixes).
- thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue (git-fixes).
- tracing: Map all PIDs to command lines (git-fixes).
- tty: amiserial: fix TIOCSSERIAL permission check (git-fixes).
- tty: fix memory leak in vc_deallocate (git-fixes).
- tty: moxa: fix TIOCSSERIAL jiffies conversions (git-fixes).
- tty: moxa: fix TIOCSSERIAL permission check (git-fixes).
- uio: uio_hv_generic: use devm_kzalloc() for private data alloc (git-fixes).
- uio_hv_generic: Fix a memory leak in error handling paths (git-fixes).
- uio_hv_generic: Fix another memory leak in error handling paths (git-fixes).
- uio_hv_generic: add missed sysfs_remove_bin_file (git-fixes).
- usb: core: hub: Fix PM reference leak in usb_port_resume() (git-fixes).
- usb: core: hub: fix race condition about TRSMRCY of resume (git-fixes).
- usb: dwc2: Fix gadget DMA unmap direction (git-fixes).
- usb: dwc3: gadget: Enable suspend events (git-fixes).
- usb: dwc3: gadget: Return success always for kick transfer in ep queue (git-fixes).
- usb: dwc3: omap: improve extcon initialization (git-fixes).
- usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel Merrifield (git-fixes).
- usb: fotg210-hcd: Fix an error message (git-fixes).
- usb: gadget/function/f_fs string table fix for multiple languages (git-fixes).
- usb: gadget: dummy_hcd: fix gpf in gadget_setup (git-fixes).
- usb: gadget: f_uac1: validate input parameters (git-fixes).
- usb: gadget: f_uac2: validate input parameters (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen() (git-fixes).
- usb: gadget: uvc: add bInterval checking for HS mode (git-fixes).
- usb: musb: fix PM reference leak in musb_irq_work() (git-fixes).
- usb: sl811-hcd: improve misleading indentation (git-fixes).
- usb: webcam: Invalid size of Processing Unit Descriptor (git-fixes).
- usb: xhci: Fix port minor revision (git-fixes).
- usb: xhci: Increase timeout for HC halt (git-fixes).
- vgacon: Record video mode changes with VT_RESIZEX (git-fixes).
- video: hyperv_fb: Add ratelimit on error message (bsc#1185725).
- vrf: fix a comment about loopback device (git-fixes).
- watchdog/softlockup: Remove obsolete check of last reported task (bsc#1185982).
- watchdog/softlockup: report the overall time of softlockups (bsc#1185982).
- watchdog: explicitly update timestamp when reporting softlockup (bsc#1185982).
- watchdog: rename __touch_watchdog() to a better descriptive name (bsc#1185982).
- whitespace cleanup
- wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join (git-fixes).
- wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt (git-fixes).
- workqueue: Minor follow-ups to the rescuer destruction change (bsc#1185911).
- workqueue: more destroy_workqueue() fixes (bsc#1185911).
- x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported (bsc#1152489).
- xhci: Do not use GFP_KERNEL in (potentially) atomic context (git-fixes).
- xhci: check control context is valid before dereferencing it (git-fixes).
- xhci: fix potential array out of bounds with several interrupters (git-fixes).
- xsk: Respect device's headroom and tailroom on generic xmit path (git-fixes).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1910-1
Released:    Wed Jun  9 09:37:41 2021
Summary:     Recommended update for openssh
Type:        recommended
Severity:    moderate
References:  1186673
This update for openssh fixes the following issues:

- Further attempts to mitigate instances of secrets lingering in memory
  after a session exits to meet key zeroization requirements. (bsc#1186673)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1917-1
Released:    Wed Jun  9 14:48:05 2021
Summary:     Security update for libxml2
Type:        security
Severity:    moderate
References:  1186015,CVE-2021-3541
This update for libxml2 fixes the following issues:

- CVE-2021-3541: Fixed exponential entity expansion attack bypasses all existing protection mechanisms. (bsc#1186015)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1923-1
Released:    Thu Jun 10 08:37:00 2021
Summary:     Recommended update for nfs-utils
Type:        recommended
Severity:    important
References:  1183194
This update for nfs-utils fixes the following issues:

- Ensured thread safety when opening files over NFS to prevent a
  use-after-free issue (bsc#1183194)