Removed rpms ============ Added rpms ========== Package Source Changes ====================== apparmor +- add profiles-permit-php-fpm-pid-files-directly-under-run.patch + https://gitlab.com/apparmor/apparmor/-/merge_requests/914 (bsc#1202344) + kernel-firmware +- Update firmware for CS35L41 codecs (bsc#1203699): + copied from https://github.com/CirrusLogic/linux-firmware + +- Add firmware files for CS35L41 codecs (bsc#1203699) + Copied from the upstream linux-firmware tree + libapparmor +- add profiles-permit-php-fpm-pid-files-directly-under-run.patch + https://gitlab.com/apparmor/apparmor/-/merge_requests/914 (bsc#1202344) + mdadm +- mdadm.spec: add EXTRAVERSION string to make command line + (jsc#SLE-24761, bsc#1193566) + nfs-utils +- add 0025-nfsdcltrack-getopt_long-fails-on-a-non-x86_64-archs.patch + Fix nfsdcltrack bug that affected non-x86 archs. + (bsc#1202627) + +- 0024-systemd-Apply-all-sysctl-settings-when-NFS-related-m.patch + Ensure sysctl setting work (bsc#1199856) + openSUSE-repos:openSUSE-repos-LeapMicro +- Update to version 20221116.d3d7bc7: + * Use zypp style variable for DIST_ARCH boo#1205460 + * Remove service generated service file on uninstall + xen +- bsc#1193923 - VUL-1: xen: Frontends vulnerable to backends + (XSA-376) + 61dd5f64-limit-support-statement-for-Linux-and-Windows-frontends.patch + +- bsc#1203806 - VUL-0: CVE-2022-33746: xen: P2M pool freeing may + take excessively long (XSA-410) + 63455f82-Arm-P2M-prevent-adding-mapping-when-dying.patch + 63455fa8-Arm-P2M-preempt-when-freeing-intermediate.patch + 63455fc3-x86-p2m_teardown-allow-skip-root-pt-removal.patch + 63455fe4-x86-HAP-monitor-table-error-handling.patch + 63456000-x86-tolerate-sh_set_toplevel_shadow-failure.patch + 6345601d-x86-tolerate-shadow_prealloc-failure.patch + 6345603a-x86-P2M-refuse-new-alloc-for-dying.patch + 63456057-x86-P2M-truly-free-paging-pool-for-dying.patch + 63456075-x86-P2M-free-paging-pool-preemptively.patch + 63456090-x86-p2m_teardown-preemption.patch +- bcs#1203804 - VUL-0: CVE-2022-33747: xen: unbounded memory consumption + for 2nd-level page tables on ARM systems (XSA-409) + 63456175-libxl-per-arch-extra-default-paging-memory.patch + 63456177-Arm-construct-P2M-pool-for-guests.patch + 6345617a-Arm-XEN_DOMCTL_shadow_op.patch + 6345617c-Arm-take-P2M-pages-P2M-pool.patch +- bsc#1203807 - VUL-0: CVE-2022-33748: xen: lock order inversion in + transitive grant copy handling (XSA-411) + 634561aa-gnttab-locking-on-transitive-copy-error-path.patch +- Upstream bug fixes (bsc#1027519) + 6306185f-x86-XSTATE-CPUID-subleaf-1-EBX.patch + 631b5ba6-gnttab-acquire-resource-vaddrs.patch + 634561f1-x86emul-respect-NSCB.patch + 6346e404-VMX-correct-error-handling-in-vmx_create_vmcs.patch + 6351095c-Arm-rework-p2m_init.patch + 6351096a-Arm-P2M-populate-pages-for-GICv2-mapping.patch + 635274c0-EFI-dont-convert-runtime-mem-to-RAM.patch + 635665fb-sched-fix-restore_vcpu_affinity.patch + 63569723-x86-shadow-replace-bogus-assertions.patch +- Drop patches replaced by upstream versions: + xsa410-01.patch + xsa410-02.patch + xsa410-03.patch + xsa410-04.patch + xsa410-05.patch + xsa410-06.patch + xsa410-07.patch + xsa410-08.patch + xsa410-09.patch + xsa410-10.patch + xsa411.patch + +- bsc#1204482 - VUL-0: CVE-2022-42311, CVE-2022-42312, + CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, + CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let + xenstored run out of memory (XSA-326) + xsa326-01.patch + xsa326-02.patch + xsa326-03.patch + xsa326-04.patch + xsa326-05.patch + xsa326-06.patch + xsa326-07.patch + xsa326-08.patch + xsa326-09.patch + xsa326-10.patch + xsa326-11.patch + xsa326-12.patch + xsa326-13.patch + xsa326-14.patch + xsa326-15.patch + xsa326-16.patch +- bsc#1204485 - VUL-0: CVE-2022-42309: xen: Xenstore: Guests can + crash xenstored (XSA-414) + xsa414.patch +- bsc#1204487 - VUL-0: CVE-2022-42310: xen: Xenstore: Guests can + create orphaned Xenstore nodes (XSA-415) + xsa415.patch +- bsc#1204488 - VUL-0: CVE-2022-42319: xen: Xenstore: Guests can + cause Xenstore to not free temporary memory (XSA-416) + xsa416.patch +- bsc#1204489 - VUL-0: CVE-2022-42320: xen: Xenstore: Guests can + get access to Xenstore nodes of deleted domains (XSA-417) + xsa417.patch +- bsc#1204490 - VUL-0: CVE-2022-42321: xen: Xenstore: Guests can + crash xenstored via exhausting the stack (XSA-418) + xsa418-01.patch + xsa418-02.patch + xsa418-03.patch + xsa418-04.patch + xsa418-05.patch + xsa418-06.patch + xsa418-07.patch +- bsc#1204494 - VUL-0: CVE-2022-42322,CVE-2022-42323: xen: + Xenstore: cooperating guests can create arbitrary numbers of + nodes (XSA-419) + xsa419-01.patch + xsa419-02.patch + xsa419-03.patch +- bsc#1204496 - VUL-0: CVE-2022-42325,CVE-2022-42326: xen: + Xenstore: Guests can create arbitray number of nodes via + transactions (XSA-421) + xsa421-01.patch + xsa421-02.patch + +- bsc#1204483 - VUL-0: CVE-2022-42327: xen: x86: unintended memory + sharing between guests (XSA-412) + xsa412.patch +